Commit 4eb9af2e authored by Joshua Tauberer's avatar Joshua Tauberer

simplify dockerization

parent 51d89a78
......@@ -35,18 +35,20 @@ RUN DEBIAN_FRONTEND=noninteractive apt-get upgrade -y
# Install packages needed by Mail-in-a-Box.
ADD containers/docker/apt_package_list.txt /tmp/mailinabox_apt_package_list.txt
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y $(cat /tmp/mailinabox_apt_package_list.txt)
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y rsyslog
RUN rm -f /tmp/mailinabox_apt_package_list.txt
RUN apt-get clean
# Create the user-data user, so the start script doesn't have to.
RUN useradd -m user-data
RUN rm -rf /etc/service/syslog-ng
# Now add Mail-in-a-Box to the system.
ADD . /usr/local/mailinabox
#RUN /usr/local/mailinabox/containers/docker/setup.sh
# We can't know things like the IP address where the container will eventually
# be deployed until the container is started. We also don't want to create any
# private keys during the creation of the image --- that should wait until the
# container is started too. So our whole setup process is deferred until the
# container is started.
ENTRYPOINT /usr/local/mailinabox/containers/docker/init.sh
RUN mkdir -p /etc/my_init.d
RUN ln -s /usr/local/mailinabox/containers/docker/init.sh /etc/my_init.d/20-mailinabox.sh
......@@ -76,7 +76,6 @@ python3-pip
pyzor
razor
resolvconf
rsyslog
spampd
sqlite3
sudo
......
......@@ -17,51 +17,63 @@ if [ ! -t 0 ]; then
export NONINTERACTIVE=1
fi
# Start configuration.
# The phusion/baseimage base image we use for a working Ubuntu
# replaces the normal Upstart system service management with
# a ligher-weight service management system called runit that
# requires a different configuration. We need to create service
# run files that do not daemonize.
# For most of the services, there is a common pattern we can use:
# execute the init.d script that the Ubuntu package installs, and
# then poll for the termination of the daemon.
function make_runit_service {
INITD_NAME=$1
WAIT_ON_PROCESS_NAME=$2
mkdir -p /etc/service/$INITD_NAME
cat > /etc/service/$INITD_NAME/run <<EOF;
#!/bin/bash
source /usr/local/mailinabox/setup/functions.sh
hide_output /etc/init.d/$INITD_NAME restart
while [ \`ps a -C $WAIT_ON_PROCESS_NAME -o pid= | wc -l\` -gt 0 ]; do
sleep 30
done
echo $WAIT_ON_PROCESS_NAME died.
sleep 20
EOF
chmod +x /etc/service/$INITD_NAME/run
}
#make_runit_service bind9 named
#make_runit_service fail2ban fail2ban
#make_runit_service mailinabox mailinabox-daemon
#make_runit_service memcached memcached
#make_runit_service nginx nginx
#make_runit_service nsd nsd
#make_runit_service opendkim opendkim
#make_runit_service php5-fpm php5-fpm
#make_runit_service postfix postfix
#make_runit_service postgrey postgrey
#make_runit_service spampd spampd
# Dovecot doesn't provide an init.d script, but it does provide
# a way to launch without daemonization. We wrote a script for
# that specifically.
#
# We also want to use Ubuntu's stock rsyslog rather than syslog-ng
# that the base image provides. Our Dockerfile installs rsyslog.
rm -rf /etc/service/syslog-ng
for service in dovecot; do
mkdir -p /etc/service/$service
cp /usr/local/mailinabox/containers/docker/runit/$service.sh /etc/service/$service/run
chmod +x /etc/service/$service/run
done
# Rsyslog isn't starting automatically but we need it during setup.
service rsyslog start
# Start configuration. Using 'source' means an exit from inside
# also exits this script and terminates the container.
cd /usr/local/mailinabox
export IS_DOCKER=1
export STORAGE_ROOT=/data
export STORAGE_USER=user-data
export DISABLE_FIREWALL=1
mkdir /etc/service/rsyslogd
mkdir /etc/service/bind9
mkdir /etc/service/dovecot
mkdir /etc/service/fail2ban
mkdir /etc/service/mailinabox
mkdir /etc/service/memcached
mkdir /etc/service/nginx
mkdir /etc/service/nsd
mkdir /etc/service/opendkim
mkdir /etc/service/php5-fpm
mkdir /etc/service/postfix
mkdir /etc/service/postgrey
mkdir /etc/service/spampd
cp services/rsyslogd.sh /etc/service/rsyslogd/run
cp services/bind9.sh /etc/service/bind9/run
cp services/dovecot.sh /etc/service/dovecot/run
cp services/fail2ban.sh /etc/service/fail2ban/run
cp services/mailinabox.sh /etc/service/mailinabox/run
cp services/memcached.sh /etc/service/memcached/run
cp services/nginx.sh /etc/service/nginx/run
cp services/nsd.sh /etc/service/nsd/run
cp services/opendkim.sh /etc/service/opendkim/run
cp services/php5-fpm.sh /etc/service/php5-fpm/run
cp services/postfix.sh /etc/service/postfix/run
cp services/postgrey.sh /etc/service/postgrey/run
cp services/spampd.sh /etc/service/spampd/run
rsyslogd
source setup/start.sh
/etc/init.d/mailinabox start
/usr/sbin/dovecot -c /etc/dovecot/dovecot.conf
sleep 5
curl -s -d POSTDATA --user $(</var/lib/mailinabox/api.key): http://127.0.0.1:10222/dns/update
curl -s -d POSTDATA --user $(</var/lib/mailinabox/api.key): http://127.0.0.1:10222/web/update
source setup/firstuser.sh
/etc/init.d/mailinabox stop
kill $(pidof dovecot)
/etc/init.d/resolvconf start
killall rsyslogd
my_init
......@@ -2,6 +2,9 @@
# Use this script to launch Mail-in-a-Box within a docker container.
# ==================================================================
#
# Run this script from the base directory of the Mail-in-a-Box
# repository (i.e. run as 'containers/docker/run').
#
# A base image is created first. The base image installs Ubuntu
# packages and pulls in the Mail-in-a-Box source code. This is
# defined in Dockerfile at the root of this repository.
......@@ -16,33 +19,59 @@
# initialize itself and will initialize the mailinabox-userdata
# volume if the volume is new.
DOCKER=docker
# Build or rebuild the image.
# Rebuilds are very fast.
$DOCKER build -q -t mailinabox .
if ! $DOCKER ps -a | grep mailinabox-userdata > /dev/null; then
echo Starting user-data volume container...
$DOCKER run -d \
tput setaf 2
echo "Building/updating base image (mailinabox)..."
tput setaf 7
docker build -q -t mailinabox .
if ! docker ps -a | grep mailinabox-userdata > /dev/null; then
tput setaf 2
echo
echo "Creating a new container for your data (mailinabox-userdata)..."
tput setaf 7
docker run -d \
--name mailinabox-userdata \
-v /home/user-data \
scratch /bin/bash
scratch /bin/does-not-exist-but-thats-ok
else
tput setaf 2
echo
echo "Using existing container mailinabox-userdata for your data."
tput setaf 7
fi
# End a running container.
if $DOCKER ps -a | grep mailinabox-services > /dev/null; then
echo Deleting container...
$DOCKER rm mailinabox-services
if docker ps -a | grep mailinabox-services > /dev/null; then
tput setaf 2
echo
echo "Destroying mailinabox-services container..."
tput setaf 7
docker rm -f mailinabox-services
fi
# Start container.
echo Starting new container...
$DOCKER run \
tput setaf 2
echo
echo "Starting new container (mailinabox-services)..."
tput setaf 7
# Notes:
# * Passing through SKIP_NETWORK_CHECKS makes it easier to do testing
# on a residential network.
docker run \
--privileged \
-v /dev/urandom:/dev/random \
-p 25 -p 53/udp -p 53/tcp -p 80 -p 443 -p 587 -p 993 \
--name mailinabox-services \
--volumes-from mailinabox-userdata \
mailinabox
\ No newline at end of file
-e "SKIP_NETWORK_CHECKS=$SKIP_NETWORK_CHECKS" \
mailinabox
#!/bin/bash
EXEC=bind9
PROCESS=named
/etc/init.d/$EXEC start
while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do
sleep 30
done
#!/bin/bash
PROCESS=fail2ban
/etc/init.d/$PROCESS start
while [ `ps aux | grep fail2ban | grep -v grep | wc -l` -gt 0 ]; do
sleep 30
done
#!/bin/bash
EXEC=mailinabox
PROCESS=mailinabox-daemon
if [ `ps aux | grep $PROCESS | grep -v grep | wc -l` -eq 0 ]; then
/etc/init.d/$EXEC start
fi
while [ `ps aux | grep $PROCESS | grep -v grep | wc -l` -gt 0 ]; do
sleep 30
done
#!/bin/bash
PROCESS=memcached
/etc/init.d/$PROCESS start
while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do
sleep 60
done
#!/bin/bash
PROCESS=nginx
/etc/init.d/$PROCESS start
while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do
sleep 30
done
#!/bin/bash
PROCESS=nsd
/etc/init.d/$PROCESS start
while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do
sleep 30
done
#!/bin/bash
PROCESS=opendkim
/etc/init.d/$PROCESS start
while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do
sleep 30
done
#!/bin/bash
PROCESS=php5-fpm
/etc/init.d/$PROCESS start
while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do
sleep 30
done
#!/bin/bash
PROCESS=postfix
/etc/init.d/$PROCESS start
while [ `ps aux | grep $PROCESS | grep -v grep | wc -l` -gt 0 ]; do
sleep 30
done
#!/bin/bash
PROCESS=postgrey
/etc/init.d/$PROCESS start
while [ `ps aux | grep $PROCESS | grep -v grep | wc -l` -gt 0 ]; do
sleep 30
done
#!/bin/bash
PROCESS=spampd
/etc/init.d/$PROCESS start
while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do
sleep 30
done
......@@ -39,9 +39,14 @@ function apt_get_quiet {
}
function apt_install {
if [ ! "$IS_DOCKER" ];then
# Report any packages already installed.
PACKAGES=$@
if [ ! -z "$IS_DOCKER" ]; then
# Speed things up because packages are already installed by the image.
PACKAGES=""
fi
# Report any packages already installed.
TO_INSTALL=""
ALREADY_INSTALLED=""
for pkg in $PACKAGES; do
......@@ -163,10 +168,18 @@ function ufw_allow {
function restart_service {
# Restart a service quietly.
if [ ! "$IS_DOCKER" ]; then
# The normal way to restart a service.
hide_output service $1 restart
if [[ ! -z "$IS_DOCKER" && "$1" == "dovecot" ]]; then
# In Docker, sysvinit takes care of any services with an init.d
# script. The dovecot package provides an Upstart config only,
# and so it won't work this way. We make a new script for it
# elsewhere. We also cant do `sv restart dovecot` because runit
# is not running until after the setup scripts are run. So we
# will have to skip starting dovecot for now.
return 0
fi
hide_output service $1 restart
}
## Dialog Functions ##
......
......@@ -102,6 +102,14 @@ source setup/zpush.sh
source setup/management.sh
source setup/munin.sh
# In Docker, sysvinit services are started automatically. Runit services
# aren't started until after this setup script finishes. But we need
# Dovecot (which is Upstart-only) running in order to create the first
# mail user. So start dovecot now.
if [ ! -z "$IS_DOCKER" ]; then
/usr/sbin/dovecot -c /etc/dovecot/dovecot.conf
fi
# Ping the management daemon to write the DNS and nginx configuration files.
until nc -z -w 4 localhost 10222
do
......@@ -139,5 +147,4 @@ openssl x509 -in $STORAGE_ROOT/ssl/ssl_certificate.pem -noout -fingerprint \
| sed "s/SHA1 Fingerprint=//"
echo
echo Then you can confirm the security exception and continue.
echo
echo
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment