Rewrite (was: WIP) #67
Conversation
|
Ok, to clearify this. I'll push many changes here. If you could review them, that'll be great. But please don't merge them by now. I will add more (and bigger) commits in the next days/weeks. If you would merge these all one by one, that would give a very confusing commit history. |
| @@ -219,5 +212,5 @@ echo "===================================================================" | |||
| touch ${initfile} | |||
| fi | |||
|
|
|||
| echo "Starting Supervisor. You can safely CTRL-C and the container will continue to run with or without the -d (daemon) option" | |||
| echo "Starting Supervisor." | |||
There was a problem hiding this comment.
I added this note to let users know it was OK to break out as there seemed to be a lot of confusion for new users. I think we should keep it in for now 😛
There was a problem hiding this comment.
I experienced differently. Every time i hit Ctrl+C it stops.
Probably this is, because docker run bridges the sequence to the supervisor.
using docker 1.12
There was a problem hiding this comment.
I've heard docker minor versions are often not compatible to each other. In fact I'm quite new to docker software and I have only used the 1.12 version yet. But I have to say, that this is sadly not true in 1.12.
[bebe:~/code/icinga2-docker] devtest ± docker run --rm -ti jordan/icinga2
[...]
Starting Supervisor. You can safely CTRL-C and the container will continue to run with or without the -d (daemon) option
^C
[bebe:~/code/icinga2-docker] devtest ± docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[bebe:~/code/icinga2-docker] devtest ±
There was a problem hiding this comment.
I think it's because you're running the container with the -i interactive flag so you're actually sending the break to supervisor and not the host.
There was a problem hiding this comment.
Just tested it out and it does appear to be the case. To detach from an interactive session, you would need to use sequence of CTRL + p and CTRL + q sequence.
Unless there's a reason to start a container in interactive mode, I think the general recommendation is to run with the -d daemon flag or since this container uses supervisor to run the services, you can run it without the -d daemon flag and just escape out
|
Hi @bebehei Thanks! I really appreciate all the work you've done. I've added you as a collaborator. Docker Hub is set up to build master -> latest, dev -> latest, and tagged as their tag numbers. For this PR, do you mind submitting it to the dev branch? Then once it's checked out from the Docker hub dev container, you can submit a PR from dev to master? Unfortunately, I don't have tests set up externally. My tests run through basic scenarios using the environment variables and volumes (empty + pre-existing configs, database, etc) |
bebehei
force-pushed
the
smaller-install
branch
from
5cc82f0 to
d538d8d
Compare
Thanks, I appreciate to be a "Member" of this repository. But actually, I prefer working on in this PR. This makes force pushing more convenient than doing it on an official branch. Or are there any improvements?
Do you have tests? If yes, where are these located? Currently, I just test it manuall with every change. |
|
Hi @bebehei Agreed on using PRs for work like you have been. Added you as a collaborator so you could merge PRs and perform other repo tasks as needed as I don't want to hold you back 😄 Right now the tests are not in a good shape to share as they are hardcoded to use my local infra and are not using a proper framework like Selenium. We should look into setting up CircleCI, Travis, etc to build the container and run tests against them in the future. |
bebehei
force-pushed
the
smaller-install
branch
from
5e11c03 to
7916a30
Compare
|
Hi @jjethwa, I would like to merge this now. Could you please review this? This might have a bug I have not hit (yet).
things not done yet: (PRs will follow)
|
bebehei
force-pushed
the
smaller-install
branch
from
7916a30 to
6337444
Compare
|
And as you may know: |
bebehei
force-pushed
the
smaller-install
branch
from
6337444 to
3c43f55
Compare
bebehei
force-pushed
the
smaller-install
branch
7 times, most recently
from
6c345d4 to
d33f491
Compare
| show_stacktraces = "1" | ||
| config_backend = "db" | ||
| config_resource = "icingaweb_db" | ||
| module_path = "/usr/share/icingaweb2/modules:/etc/icingaweb2/modules" |
There was a problem hiding this comment.
Ok, after reconciling the the module-path change, I believe it is still incorrect.
Currently, all modules get installed into /etc/icingaweb2/modules/. But AFAIK, there should be only configurations. Additionally bad, we install the modules onto a volume, what we won't update anymore, if there is already configuration.
It might be better to install generally the modules into a container-only-folder like /opt/icingaweb2-modules/.
There was a problem hiding this comment.
Agreed. The RC version of Icinga Web 2 had the modules installed under /etc/icingaweb2/modules instead of /use/share/icingaweb2/modules. I believe the RPM version still does that, but the DEB version was updated later to install the modules under /use/share/icingaweb2/modules. Since this container is already in the wild and being used by users in Production, we'd need to make sure that any changes don't break the current set up.
Perhaps install the module to their correct path under /usr/share/icingaweb2/modules then symlink from /etc/icingaweb2/modules to /usr/share/icingaweb2/modules ?
There was a problem hiding this comment.
There is the module_path for icingaweb2. It just works like a normal path-variable and tells icignacli/icingaweb2 where to search for plugins. I think we have to define 3 locations:
- for self-installed modules from the user ->
/etc/icingaweb2/modules-user(on mounted volume) - for the ones installed from docker-container ->
/opt/icingaweb2/modules(not on volume) - for the ones by debian-packages ->
/usr/share/icingaweb2/modules
There was a problem hiding this comment.
Sounds good! Right now, the only example of a docker from the docker-container would be https://github.com/findmypast/icingaweb2-module-graphite right?
There was a problem hiding this comment.
No, the dockerfile currently uses the official module. I thought about using findmypast's module, but it has got some technical disadvantages.
There was a problem hiding this comment.
I use the findmypast's module, but you also need to use the official module to send the data to carbon
| GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE ON icinga.* TO 'icinga'@'localhost' IDENTIFIED BY '${ICINGA_PASSWORD}'; | ||
| END | ||
|
|
||
| mysql icinga < /usr/share/icinga2-ido-mysql/schema/mysql.sql >> /var/log/icinga2/mysql-schema.log 2>&1 |
There was a problem hiding this comment.
TODO: Verify, that consecutive schema-executions are safe to do.
During testing, I have not experienced any issues, but: I have seen no proof, that this is safe.
There was a problem hiding this comment.
Is there a reason to run the schema again? Is this to handle icinga2-ido-mysql upgrades?
There was a problem hiding this comment.
The key thought on this change had been:
On a docker-container you're able to configure your stuff via ENV-variables. And you save the stuff via volumes. So during boot, the docker-container should process the variables and change the volume data to represent the ENV-settings. The current master uses a logfile approach and changes everything on first container boot and touches a lockfile.
While volumes are persistent over container creation, ENVs are not. This leads to a new problem: If you change your ENVs, the volume data does not change automatically. So, my intention is to run the complete setup on every boot, but only change neccessary values without overwriting other stuff (which may be created manually by the user). This is why, I removed the sed-calls with ini_set, etc.
I created this initial note, to remember, that I haven't tested this actively. It worked, but I didn't know if it worked correctly.
As you mentioned, schema upgrades are also another topic, which this image still requires manual interaction.
There was a problem hiding this comment.
Tested it: MySQL just stops after the first failing command, because there are duplicate columns in DB-Table. And first failing command is the first command, if the DB is already created and filled. So nothing bad will happen. I would "mark" this as done.
|
Except those small showstoppers, I'd like to finalise it and merge this heavy PR. I'd like to get Feedback, of course. ;-) |
| | /var/lib/mysql | rw | MySQL Database | | ||
| | /var/lib/icinga2 | rw | Icinga2 Data | | ||
| | /var/log/apache2 | rw | logfolder for apache2 (not neccessary) | | ||
| | /var/log/icinga2 | rw | logfolder for icinga2 (not neccessary) | |
There was a problem hiding this comment.
TODO: Have all the log-dirs been chowned by the setup-scripts?
There was a problem hiding this comment.
fixed this now, too.
…inga2 has weird output
bebehei
force-pushed
the
smaller-install
branch
from
97e0d35 to
c8d00e6
Compare
|
So, I added some fixes again. Additionally, I want to fix correct support on module_path. I will work on this in a few hours again. The code should then contain no known issues anymore. |
Fixed. I'll test it the next days, but I guess this is now safe to merge. |
bebehei
force-pushed
the
smaller-install
branch
from
6e07480 to
669f0d1
Compare
|
I looked on the issues in the issue tracker and I have to conclude: By merging this PR, you fix everything in this repo, except my feature request ;-) |
|
Thanks @bebehei Re-running the tests. Let's put a freeze on any new changes to the branch/PR unless it's a major bug so we can get it fully tested and merged. 😛 |
|
Yes! For the last days, I'm doing this, too. |
|
@bebehei Looks good on my end and all my test cases seem to work. I did have to update one old config file under /etc/icinga2 but that was my fault for not keeping it updated. Thanks again for all of your hard work! 😄 |
|
Thanks. :stunned: |
Issues to fix:
/etc/icingaweb2/etc/icingaweb2/modules