From 83ce3fbe97094349f1e6b785f36aa1f4fdd71822 Mon Sep 17 00:00:00 2001 From: "Alexander A. Klimov" Date: Tue, 16 Jul 2024 16:44:23 +0200 Subject: [PATCH] Allow mounting /conf.d, /constants.conf, /features-enabled and /zones.* --- Dockerfile | 8 ++++++++ README.md | 7 +++++++ entrypoint/main.go | 9 ++++++--- 3 files changed, 21 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7c82439..b6cc5d1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -112,6 +112,14 @@ COPY --from=build-icinga2 /icinga2-bin/ / RUN ["install", "-o", "icinga", "-g", "icinga", "-d", "/data"] RUN ["bash", "-exo", "pipefail", "-c", "for d in /etc/icinga2 /var/*/icinga2; do mkdir -p $(dirname /data-init$d); mv $d /data-init$d; ln -vs /data$d $d; done"] +# One shall mount /data. One can also mount /data/X. +# But mounting /data/Y/Z will create /data/Y as root and forbid the icinga user to write there. +# https://stackoverflow.com/questions/66362660/#comment122948160_66362660 +# Hence, we have to move /data/etc/icinga2/* two levels up, so one can mount e.g. /data/conf.d in addition to /data. +# This also keeps everything under /data not to break any existing usage. +# But, for a nice interface, we also create symlinks under /, so one can mount e.g. /data/conf.d as /conf.d. +RUN ["bash", "-exo", "pipefail", "-c", "cd /data-init/etc/icinga2; for d in conf.d constants.conf features-enabled zones.*; do mv $d ../..; ln -vs ../../$d .; ln -vs /data/$d /; done"] + EXPOSE 5665 USER icinga CMD ["icinga2", "daemon"] diff --git a/README.md b/README.md index 6a18bde..e617cab 100644 --- a/README.md +++ b/README.md @@ -72,6 +72,13 @@ of `~icinga/.msmtprc` via the environment variable `MSMTPRC`. **Don't mount volumes under `/data/etc/icinga2` or `/data/var/*/icinga2`** unless `/data` already contains all of these directories! Otherwise `/data` will stay incomplete, i.e. broken. +Instead mount any of the following directories: + +* `/conf.d` +* `/constants.conf` +* `/features-enabled` +* `/zones.conf` +* `/zones.d` ### Environment variables diff --git a/entrypoint/main.go b/entrypoint/main.go index 77b50bd..ef204b3 100644 --- a/entrypoint/main.go +++ b/entrypoint/main.go @@ -38,13 +38,16 @@ func entrypoint() error { if os.Getpid() == 1 { logf(info, "Initializing /data as we're the init process (PID 1)") - for _, dir := range []string{"etc", "var/cache", "var/lib", "var/log", "var/run", "var/spool"} { - dest := path.Join("/data", dir, "icinga2") + for _, dir := range []string{ + "etc/icinga2", "conf.d", "constants.conf", "features-enabled", "zones.conf", "zones.d", + "var/cache/icinga2", "var/lib/icinga2", "var/log/icinga2", "var/run/icinga2", "var/spool/icinga2", + } { + dest := path.Join("/data", dir) logf(info, "Checking %#v", dest) if _, errSt := os.Stat(dest); errSt != nil { if os.IsNotExist(errSt) { - src := path.Join("/data-init", dir, "icinga2") + src := path.Join("/data-init", dir) logf(info, "Copying %#v to %#v", src, dest) if errMA := os.MkdirAll(path.Dir(dest), 0755); errMA != nil {