diff --git a/.travis.yml b/.travis.yml index d2798e3..d683224 100644 --- a/.travis.yml +++ b/.travis.yml @@ -10,6 +10,7 @@ env: - HADOLINT_VERSION=1.17.1 - DOCKER_COMPOSE_VERSION=1.23.2 - TRIVY_VERSION=0.1.1 + - GOSS_VERSION=0.3.7 - secure: iSwQW1ytg9/ntqlF1nMzYcg0ouT3TifuAzauu//vWMiRfRthAi0bLuz3nBvlkQwtUk/iF3+smdOtwvjlmW7wWdwdf9tzpsyVKVYcS/+1MbxnGXE4OyNLkUJ7KASRk4otfsujMDNO95q/m04sOLJ721dsOWR6dv+5MNJ3LrushsbFfuStHmM1cNyUR6NuPy4g/x4oppv23rbSXU/qS7ULUsOTEUuTsmgvvKQRZiiOFaOgzeHCIEdrX6Dpsx6DPtYQ5az88q6CrkkTaw7GhP1qBXAGNX03NeHPd7YZvsgePoZJEJ/jTRsZVx9LxwkmnVTJDqthgqTGXTBJIvow3oICjKLf/DhURvkHaAJPu+Nxyvxo2xgYaa0Zbau5fmhEblyKU8Q9g+ZXsdjC5uy/vqJjg1rZD9BZjbKXRP9nb5VpxLdzcWE80XpEj7tHMfF4bN7LvIHZ81wINtZdZeFLVW53YzIO0NAoRCDk1SmR6N11T1uE8FrBzO80oETUMud2zYTx9U+J0m/qsNK+fOz2GtxwI3mlU0/bgVlcFE6865lOPuRwcTOhDwGqeWsLbBYsYXaJhqktn6XKiZ/BEeJLx6Z/CvyNXbzexn1i4wyVZAK7xxkhjxFPnWFU9WPan4ibkGLsS9sFsUTLVa4oBszkTO6q5NU7vIycdgJpfZlkdL2V0EA= - secure: kj/KcPck6RHSQdcN29+OoxSufHX8KgMXs/ekVUsgcXfWb8iwo0UbfGwyPf+oy1vvjO65e0xsdGHN6Vk++opJT1qaAMpIInfh3+otXmDrT4Uq0s+vBkyQ/EPNeTy6oWK28y5+IVrR3Nd4FMK8CQ4FKzqKAAOQDkusI1182tRL9wDPnCbUD92cNcTPh7aHccSflkBOzw0G6d0v3RFIseOdYMA4DN72YfUV6RHVgOz7PSPmZ9p9lza1Fdbd1fBYoqBapzm3tIWiaU20OkyYNorZzsT+afTTpfHIb5ku+emNCiKDORuX4XQHDiS+PtqDNJRL2WsOsudVf9ckd9wpTkDj5rFnVex7GtS4z47kLDahzNWMQs4gnpDVUi3jbGeU/62EXdiAmuWs0A2kUSPYZwAKVbfIDlp3tAy0dzGivnBfTdN/TYVRm0IDRJZZNp964Tu3rGLazbRCYpGTIYz4KlMRrIN4QJj8JMmvcaOidp/xQJL+MkZTNY653VFHYeu61XEUV3RkGkkhZL967w+VuhkULDppslKExsJzXXX6ITauLu6hqAj+fWrn0WDxn/Km+sx9aJaBNqg4egT8mX5+WeDdoV+3NyODjbYUaEPKSuUkW/Skm+VGlYeyc9apahTSDe1H/W2KUcramkMT17IdPqXTqvlo+HSR97IGoE37OWKdoVM= - secure: k5V2o5xIGGQ2vlWaCfWHAn68z7k/FSL8bXgow6/x0svxmsvDxJzRrpnM3xn681ogUEoQP1hQeHWeR0tg88RcDFmjzEObMjVd7Av289YIQ/W6hmFFb+SCa+TmAe49ybPLZA2UNygC/zqH5N6U5iMYsyPrChw4oUv9X9lfDJUz08crRVwffm/JwcEfV1tH722I2WUcEpxKYyqymK9CaO3e2UTXnPaASNOPuZ2v0T3D1lvla+XRNG+JJ6+BJjBRkzMMg584IaBIqGVf9tlImZkGfYmVWUVvBfpuHMSU9OC4CJXBRqy6K/nUlw5bDDsGFbLGA9Tg1qgLzAZsPCSMSCC2Gq0rLxuihudWEJ9e8dnRLIbt+Zxlqa2s7DQ2FTWyofQfR4GL6cD4uSoSh+k9ij6PeJMSEzplaO01Fyh87uRbcVBxwktIXeVuJsBG8uQ2wdWjQ41g4noDHzsV1duJ1nz9b6JRH7Vbp8bKXow3K+EtlFfa9GcD4I64oksbWH+hx+PBBf0qEdUzZnHmw2vEqJyjdlCoQ1k7pX6c9rxzNiKIb8Hsmhu1r7DCNYBYZIZ1pGhVBilxrr9QiU0hGpRsON0QOzTobz6TohW9w+LNgBMPMizLRFi3r14Nqel8GIWcQUP/RBTiXb8Lr+D9oq0oY1Up4QyfEq1SfkJ1yD4qzCOhb5I= @@ -21,8 +22,12 @@ before_install: - sudo curl -L https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose - wget https://github.com/knqyf263/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz - sudo tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz -C /usr/local/bin trivy + - sudo curl -L https://github.com/aelsabbahy/goss/releases/download/v$GOSS_VERSION/goss-linux-amd64 -o /usr/local/bin/goss + - sudo curl -L https://raw.githubusercontent.com/fbartels/goss/dcgoss-v2/extras/dcgoss/dcgoss -o /usr/local/bin/dcgoss - sudo chmod +rx /usr/local/bin/hadolint - sudo chmod +rx /usr/local/bin/docker-compose + - sudo chmod +rx /usr/local/bin/goss + - sudo chmod +rx /usr/local/bin/dcgoss - sudo apt update && sudo apt install -y expect - sudo pip install --upgrade pip && sudo pip install yamllint - npm install -g eclint diff --git a/Makefile b/Makefile index b7a8a6e..b4bbd83 100644 --- a/Makefile +++ b/Makefile @@ -368,7 +368,15 @@ test-startup: ## Test if all containers start up # TODO this needs goss added to travis and dcgoss pulled from my own git repo .PHONY: test-goss test-goss: ## Test configuration of containers with goss - GOSS_FILES_PATH=core GOSS_FILE="goss_server.yaml" dcgoss run kopano_server + GOSS_FILES_PATH=core/goss/server dcgoss run kopano_server + GOSS_FILES_PATH=core/goss/dagent dcgoss run kopano_dagent + GOSS_FILES_PATH=core/goss/gateway dcgoss run kopano_gateway + GOSS_FILES_PATH=core/goss/ical dcgoss run kopano_ical + GOSS_FILES_PATH=core/goss/grapi dcgoss run kopano_grapi + GOSS_FILES_PATH=core/goss/kapi dcgoss run kopano_kapi + GOSS_FILES_PATH=core/goss/montor dcgoss run kopano_monitor + GOSS_FILES_PATH=core/goss/search dcgoss run kopano_search + GOSS_FILES_PATH=core/goss/spooler dcgoss run kopano_spooler GOSS_FILES_PATH=webapp dcgoss run kopano_webapp test-security: ## Scan containers with Trivy for known security risks (not part of CI workflow for now). diff --git a/base/Dockerfile b/base/Dockerfile index 766b62a..2cf5151 100644 --- a/base/Dockerfile +++ b/base/Dockerfile @@ -48,7 +48,14 @@ RUN apt-get update && \ fi ENV DOCKERIZE_VERSION v0.11.0 -RUN curl -sfL https://github.com/powerman/dockerize/releases/download/"$DOCKERIZE_VERSION"/dockerize-"$(uname -s)"-"$(uname -m)" | install /dev/stdin /usr/local/bin/dockerize +RUN curl -sfL https://github.com/powerman/dockerize/releases/download/"$DOCKERIZE_VERSION"/dockerize-"$(uname -s)"-"$(uname -m)" \ + | install /dev/stdin /usr/local/bin/dockerize && \ + dockerize --version + +ENV GOSS_VERSION v0.3.7 +RUN curl -L https://github.com/aelsabbahy/goss/releases/download/$GOSS_VERSION/goss-linux-amd64 -o /usr/local/bin/goss && \ + chmod +rx /usr/local/bin/goss && \ + goss --version RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \ sed -i -e 's/# de_DE.UTF-8 UTF-8/de_DE.UTF-8 UTF-8/' /etc/locale.gen && \ diff --git a/core/Dockerfile b/core/Dockerfile index b6cbba0..cd925b8 100644 --- a/core/Dockerfile +++ b/core/Dockerfile @@ -59,7 +59,8 @@ ENV LANG=en_US.UTF-8 ENV SERVICE_TO_START=server -COPY defaultconfigs/ start-service.sh /kopano/ +COPY defaultconfigs/ start-service.sh healthcheck.sh /kopano/ +COPY goss/ /kopano/goss WORKDIR /kopano/path @@ -67,5 +68,5 @@ ENTRYPOINT ["/usr/bin/dumb-init", "--"] CMD [ "/kopano/start-service.sh" ] -HEALTHCHECK --interval=5m --timeout=60s \ +HEALTHCHECK --interval=1m --timeout=10s \ CMD /kopano/healthcheck.sh diff --git a/core/defaultconfigs/kapid.py b/core/defaultconfigs/kapi.py similarity index 100% rename from core/defaultconfigs/kapid.py rename to core/defaultconfigs/kapi.py diff --git a/core/goss/dagent/goss.yaml b/core/goss/dagent/goss.yaml new file mode 100644 index 0000000..856d771 --- /dev/null +++ b/core/goss/dagent/goss.yaml @@ -0,0 +1,6 @@ +port: + tcp6:2003: + listening: true +process: + kopano-dagent: + running: true diff --git a/core/goss/gateway/goss.yaml b/core/goss/gateway/goss.yaml new file mode 100644 index 0000000..ef7fc1e --- /dev/null +++ b/core/goss/gateway/goss.yaml @@ -0,0 +1,3 @@ +process: + kopano-gateway: + running: true diff --git a/core/goss/gateway/goss_wait.yaml b/core/goss/gateway/goss_wait.yaml new file mode 100644 index 0000000..ef7fc1e --- /dev/null +++ b/core/goss/gateway/goss_wait.yaml @@ -0,0 +1,3 @@ +process: + kopano-gateway: + running: true diff --git a/core/goss/grapi/goss.yaml b/core/goss/grapi/goss.yaml new file mode 100644 index 0000000..69859e8 --- /dev/null +++ b/core/goss/grapi/goss.yaml @@ -0,0 +1,7 @@ +file: + /var/run/kopano/grapi: + exists: true + mode: "0755" + owner: kapi + group: kopano + filetype: directory diff --git a/core/goss/grapi/goss_wait.yaml b/core/goss/grapi/goss_wait.yaml new file mode 100644 index 0000000..69859e8 --- /dev/null +++ b/core/goss/grapi/goss_wait.yaml @@ -0,0 +1,7 @@ +file: + /var/run/kopano/grapi: + exists: true + mode: "0755" + owner: kapi + group: kopano + filetype: directory diff --git a/core/goss/ical/goss.yaml b/core/goss/ical/goss.yaml new file mode 100644 index 0000000..b31f7de --- /dev/null +++ b/core/goss/ical/goss.yaml @@ -0,0 +1,3 @@ +process: + kopano-ical: + running: true diff --git a/core/goss/ical/goss_wait.yaml b/core/goss/ical/goss_wait.yaml new file mode 100644 index 0000000..b31f7de --- /dev/null +++ b/core/goss/ical/goss_wait.yaml @@ -0,0 +1,3 @@ +process: + kopano-ical: + running: true diff --git a/core/goss/kapi/goss.yaml b/core/goss/kapi/goss.yaml new file mode 100644 index 0000000..8ca0fef --- /dev/null +++ b/core/goss/kapi/goss.yaml @@ -0,0 +1,3 @@ +process: + kapid: + running: true diff --git a/core/goss/kapi/goss_wait.yaml b/core/goss/kapi/goss_wait.yaml new file mode 100644 index 0000000..8ca0fef --- /dev/null +++ b/core/goss/kapi/goss_wait.yaml @@ -0,0 +1,3 @@ +process: + kapid: + running: true diff --git a/core/goss/monitor/goss.yaml b/core/goss/monitor/goss.yaml new file mode 100644 index 0000000..734d5f5 --- /dev/null +++ b/core/goss/monitor/goss.yaml @@ -0,0 +1,3 @@ +process: + kopano-monitor: + running: true diff --git a/core/goss/monitor/goss_wait.yaml b/core/goss/monitor/goss_wait.yaml new file mode 100644 index 0000000..734d5f5 --- /dev/null +++ b/core/goss/monitor/goss_wait.yaml @@ -0,0 +1,3 @@ +process: + kopano-monitor: + running: true diff --git a/core/goss/search/goss.yaml b/core/goss/search/goss.yaml new file mode 100644 index 0000000..68a5734 --- /dev/null +++ b/core/goss/search/goss.yaml @@ -0,0 +1,9 @@ +file: + /var/run/kopano/search.sock: + exists: true + mode: "0700" + size: 0 + owner: kopano + group: kopano + filetype: socket + contains: [] diff --git a/core/goss/search/goss_wait.yaml b/core/goss/search/goss_wait.yaml new file mode 100644 index 0000000..68a5734 --- /dev/null +++ b/core/goss/search/goss_wait.yaml @@ -0,0 +1,9 @@ +file: + /var/run/kopano/search.sock: + exists: true + mode: "0700" + size: 0 + owner: kopano + group: kopano + filetype: socket + contains: [] diff --git a/core/goss/server/goss.yaml b/core/goss/server/goss.yaml new file mode 100644 index 0000000..da2d962 --- /dev/null +++ b/core/goss/server/goss.yaml @@ -0,0 +1,33 @@ +file: + /kopano/data/attachments/0: + exists: true + mode: "0750" + owner: kopano + group: kopano + filetype: directory + /run/kopano/prio.sock: + exists: true + mode: "0660" + owner: kopano + group: kopano + filetype: socket + /run/kopano/server.pid: + exists: true + mode: "0644" + owner: kopano + group: kopano + filetype: file + /run/kopano/server.sock: + exists: true + mode: "0666" + owner: kopano + group: kopano + filetype: socket +http: + http://localhost:236: + status: 405 + timeout: 5000 + https://localhost:237: + status: 405 + allow-insecure: true + timeout: 5000 diff --git a/core/goss/server/goss_wait.yaml b/core/goss/server/goss_wait.yaml new file mode 100644 index 0000000..eda2cc0 --- /dev/null +++ b/core/goss/server/goss_wait.yaml @@ -0,0 +1,11 @@ +port: + tcp6:236: + listening: true +file: + /run/kopano/server.pid: + exists: true + mode: "0644" + owner: kopano + group: kopano + filetype: file + diff --git a/core/goss/spooler/goss.yaml b/core/goss/spooler/goss.yaml new file mode 100644 index 0000000..1480d24 --- /dev/null +++ b/core/goss/spooler/goss.yaml @@ -0,0 +1,3 @@ +process: + kopano-spooler: + running: true diff --git a/core/goss_server.yaml b/core/goss_server.yaml deleted file mode 100644 index 57a45a5..0000000 --- a/core/goss_server.yaml +++ /dev/null @@ -1,3 +0,0 @@ -port: - tcp6:236: - listening: true diff --git a/core/goss_wait.yaml b/core/goss_wait.yaml deleted file mode 100644 index 57a45a5..0000000 --- a/core/goss_wait.yaml +++ /dev/null @@ -1,3 +0,0 @@ -port: - tcp6:236: - listening: true diff --git a/core/healthcheck.sh b/core/healthcheck.sh old mode 100644 new mode 100755 index 5c65d81..1f2c30f --- a/core/healthcheck.sh +++ b/core/healthcheck.sh @@ -1,5 +1,14 @@ #!/bin/bash -set -ex +set -e + +case "$SERVICE_TO_START" in +server|dagent|gateway|ical|grapi|kapi|monitor|search|spooler) + goss -g /kopano/goss/"$SERVICE_TO_START"/goss.yaml validate --format json_oneline + ;; +*) + echo "This service still needs a proper check" + ;; +esac exit 0 diff --git a/core/start-service.sh b/core/start-service.sh index 2d8d683..9677942 100755 --- a/core/start-service.sh +++ b/core/start-service.sh @@ -10,6 +10,7 @@ if [ ! -e /kopano/"$SERVICE_TO_START".py ]; then exit 1 fi +# TODO this needs fixing as now apt update is always salled (since the value is at least "") [ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && apt update [ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && for installpkg in $(echo "$ADDITIONAL_KOPANO_PACKAGES" | tr -d '"'); do # shellcheck disable=SC2016 disable=SC2086 @@ -86,7 +87,7 @@ grapi) unset "${!KCCONF_@}" exec kopano-grapi serve ;; -kapid) +kapi) if [ "$KCCONF_KAPID_INSECURE" = "yes" ]; then dockerize \ -skip-tls-verify \ diff --git a/docker-compose.yml b/docker-compose.yml index 11748c2..c1b6d0a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -142,7 +142,7 @@ services: networks: - kopano-net - ldap-net - #dns: 1.1.1.1 # using Google DNS can lead to lookup errors uncomment this option and + # dns: 1.1.1.1 # using Google DNS can lead to lookup errors uncomment this option and # set to the ip of a trusted dns service (Cloudflare is given as an example). # See https://github.com/zokradonh/kopano-docker/issues/52 for more information. cap_add: @@ -293,7 +293,7 @@ services: - kopanossl/:/kopano/ssl - kopanosocket/:/run/kopano environment: - - SERVICE_TO_START=kapid + - SERVICE_TO_START=kapi - TZ=${TZ} - KCCONF_KAPID_LOG_LEVEL=DEBUG - KCCONF_KAPID_OIDC_ISSUER_IDENTIFIER=https://${FQDN} diff --git a/webapp/Dockerfile b/webapp/Dockerfile index 870849e..171b937 100644 --- a/webapp/Dockerfile +++ b/webapp/Dockerfile @@ -65,6 +65,7 @@ RUN \ && rm -rf /var/cache/apt /var/lib/apt/lists COPY start.sh /kopano/start.sh +COPY goss* /goss/ ENV LANG en_US.UTF-8 @@ -72,3 +73,6 @@ WORKDIR /kopano/path ENTRYPOINT ["/usr/bin/dumb-init", "--"] CMD [ "/kopano/start.sh" ] + +HEALTHCHECK --interval=1m --timeout=10s \ + CMD goss -g /goss/goss.yaml validate --format json_oneline diff --git a/webapp/goss.yaml b/webapp/goss.yaml index 7c520e4..9b8f521 100644 --- a/webapp/goss.yaml +++ b/webapp/goss.yaml @@ -1,8 +1,9 @@ -port: - tcp6:9080: - listening: true process: kwebd: running: true php-fpm7.0: running: true +http: + http://localhost:9080/webapp: + status: 200 + timeout: 5000