From bf15615c8678109ab9d2db440dbf800ff44d10e7 Mon Sep 17 00:00:00 2001 From: Javier Marcos <1271349+javuto@users.noreply.github.com> Date: Tue, 4 Jan 2022 10:15:41 +0100 Subject: [PATCH] Adding docker development environment --- .github/workflows/tagged-releases.yml | 14 +- Makefile | 8 +- .../cicd}/Dockerfile-osctrl-admin | 0 {docker => deploy/cicd}/Dockerfile-osctrl-api | 0 {docker => deploy/cicd}/Dockerfile-osctrl-cli | 0 {docker => deploy/cicd}/Dockerfile-osctrl-tls | 0 deploy/docker/.air-osctrl-admin.toml | 40 +++++ deploy/docker/.air-osctrl-api.toml | 40 +++++ deploy/docker/.air-osctrl-tls.toml | 40 +++++ deploy/docker/Dockerfile-osctrl-dev | 158 ++++++++++++++++++ ...ckerfile-osctrl => Dockerfile-osctrl-prod} | 43 +++-- deploy/docker/conf/osquery/wait.sh | 0 deploy/docker/docker-compose-dev.yml | 92 ++++++++++ ...er-compose.yml => docker-compose-prod.yml} | 6 +- deploy/docker/dockerize.sh | 23 ++- 15 files changed, 424 insertions(+), 40 deletions(-) rename {docker => deploy/cicd}/Dockerfile-osctrl-admin (100%) rename {docker => deploy/cicd}/Dockerfile-osctrl-api (100%) rename {docker => deploy/cicd}/Dockerfile-osctrl-cli (100%) rename {docker => deploy/cicd}/Dockerfile-osctrl-tls (100%) create mode 100644 deploy/docker/.air-osctrl-admin.toml create mode 100644 deploy/docker/.air-osctrl-api.toml create mode 100644 deploy/docker/.air-osctrl-tls.toml create mode 100644 deploy/docker/Dockerfile-osctrl-dev rename deploy/docker/{Dockerfile-osctrl => Dockerfile-osctrl-prod} (99%) mode change 100644 => 100755 deploy/docker/conf/osquery/wait.sh create mode 100644 deploy/docker/docker-compose-dev.yml rename deploy/docker/{docker-compose.yml => docker-compose-prod.yml} (96%) diff --git a/.github/workflows/tagged-releases.yml b/.github/workflows/tagged-releases.yml index 9e46f8e6..5aa08fbb 100644 --- a/.github/workflows/tagged-releases.yml +++ b/.github/workflows/tagged-releases.yml @@ -45,15 +45,15 @@ jobs: goarch: ['amd64'] steps: ######################################## checkout ######################################## - - name: Checkout + - name: Checkout uses: actions/checkout@v2 - + ######################################## Download artifacts ######################################## - name: Download osctrl bianries uses: actions/download-artifact@v2 with: name: osctrl-${{ matrix.components }}-${{ matrix.goos }}-${{ matrix.goarch }}.bin - + - name: Release uses: softprops/action-gh-release@v1 if: startsWith(github.ref, 'refs/tags/') @@ -79,9 +79,9 @@ jobs: echo ::set-output name=RELEASE_VERSION::${GITHUB_REF#refs/*/} echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" echo "::set-output name=sha_short::$(git rev-parse --short HEAD)" - + ######################################## checkout ######################################## - - name: Checkout + - name: Checkout uses: actions/checkout@v2 ######################################## Download artifacts ######################################## @@ -89,7 +89,7 @@ jobs: uses: actions/download-artifact@v2 with: name: osctrl-${{ matrix.components }}-${{ matrix.goos }}-${{ matrix.goarch }}.bin - + ######################################## Log into Dockerhub ######################################## - name: Login to Docker Hub uses: docker/login-action@v1 @@ -107,7 +107,7 @@ jobs: id: docker_build with: context: . - file: ./docker/Dockerfile-osctrl-${{ matrix.components }} + file: ./deploy/cicd/Dockerfile-osctrl-${{ matrix.components }} push: true tags: ${{ secrets.DOCKER_HUB_ORG }}/osctrl-${{ matrix.components }}:${{ steps.vars.outputs.RELEASE_VERSION }} build-args: | diff --git a/Makefile b/Makefile index a3937969..a65a4fb0 100644 --- a/Makefile +++ b/Makefile @@ -161,10 +161,14 @@ vagrant_up: mkcert -key-file "certs/osctrl-admin.key" -cert-file "certs/osctrl-admin.crt" "osctrl.dev" vagrant up -# Build docker containers and run them (also generates new certificates) -docker_all: +# Build prod docker containers and run them (also generates new certificates) +docker_prod: ./deploy/docker/dockerize.sh -u -b -f -J +# Build dev docker containers and run them (also generates new certificates) +docker_dev: + ./deploy/docker/dockerize.sh -u -b -f -J -D + # Run docker containers docker_up: ./deploy/docker/dockerize.sh -u diff --git a/docker/Dockerfile-osctrl-admin b/deploy/cicd/Dockerfile-osctrl-admin similarity index 100% rename from docker/Dockerfile-osctrl-admin rename to deploy/cicd/Dockerfile-osctrl-admin diff --git a/docker/Dockerfile-osctrl-api b/deploy/cicd/Dockerfile-osctrl-api similarity index 100% rename from docker/Dockerfile-osctrl-api rename to deploy/cicd/Dockerfile-osctrl-api diff --git a/docker/Dockerfile-osctrl-cli b/deploy/cicd/Dockerfile-osctrl-cli similarity index 100% rename from docker/Dockerfile-osctrl-cli rename to deploy/cicd/Dockerfile-osctrl-cli diff --git a/docker/Dockerfile-osctrl-tls b/deploy/cicd/Dockerfile-osctrl-tls similarity index 100% rename from docker/Dockerfile-osctrl-tls rename to deploy/cicd/Dockerfile-osctrl-tls diff --git a/deploy/docker/.air-osctrl-admin.toml b/deploy/docker/.air-osctrl-admin.toml new file mode 100644 index 00000000..4e14aa11 --- /dev/null +++ b/deploy/docker/.air-osctrl-admin.toml @@ -0,0 +1,40 @@ +# Config file for [Air](https://github.com/cosmtrek/air) in TOML format for osctrl-admin + +# Working directory +# . or absolute path, please note that the directories following must be under root +root = "." +tmp_dir = "bin" + +[build] + bin = "./bin/osctrl-admin" + cmd = "go build -o ./bin/osctrl-admin admin/*.go" + # It's not necessary to trigger build each time file changes if it's too frequent. + delay = 1000 + exclude_dir = ["assets", "tmp", "vendor", "testdata"] + exclude_file = [] + exclude_regex = ["_test.go"] + exclude_unchanged = false + follow_symlink = false + full_bin = "./bin/osctrl-admin" + include_dir = [] + include_ext = ["go", "html", "js", "css"] + kill_delay = "0s" + log = "build-errors.log" + send_interrupt = false + stop_on_error = true + +[color] + app = "" + build = "yellow" + main = "magenta" + runner = "green" + watcher = "cyan" + +[log] + time = true + +[misc] + clean_on_exit = false + +[screen] + clear_on_rebuild = false diff --git a/deploy/docker/.air-osctrl-api.toml b/deploy/docker/.air-osctrl-api.toml new file mode 100644 index 00000000..cf5919b4 --- /dev/null +++ b/deploy/docker/.air-osctrl-api.toml @@ -0,0 +1,40 @@ +# Config file for [Air](https://github.com/cosmtrek/air) in TOML format for osctrl-api + +# Working directory +# . or absolute path, please note that the directories following must be under root +root = "." +tmp_dir = "bin" + +[build] + bin = "./bin/osctrl-api" + cmd = "go build -o ./bin/osctrl-api api/*.go" + # It's not necessary to trigger build each time file changes if it's too frequent. + delay = 1000 + exclude_dir = ["assets", "tmp", "vendor", "testdata", "bin"] + exclude_file = [] + exclude_regex = ["_test.go"] + exclude_unchanged = false + follow_symlink = false + full_bin = "./bin/osctrl-api" + include_dir = [] + include_ext = ["go"] + kill_delay = "0s" + log = "build-errors.log" + send_interrupt = false + stop_on_error = true + +[color] + app = "" + build = "yellow" + main = "magenta" + runner = "green" + watcher = "cyan" + +[log] + time = true + +[misc] + clean_on_exit = false + +[screen] + clear_on_rebuild = false diff --git a/deploy/docker/.air-osctrl-tls.toml b/deploy/docker/.air-osctrl-tls.toml new file mode 100644 index 00000000..619bd970 --- /dev/null +++ b/deploy/docker/.air-osctrl-tls.toml @@ -0,0 +1,40 @@ +# Config file for [Air](https://github.com/cosmtrek/air) in TOML format for osctrl-tls + +# Working directory +# . or absolute path, please note that the directories following must be under root +root = "." +tmp_dir = "bin" + +[build] + bin = "./bin/osctrl-tls" + cmd = "go build -o ./bin/osctrl-tls tls/*.go" + # It's not necessary to trigger build each time file changes if it's too frequent. + delay = 1000 + exclude_dir = ["assets", "tmp", "vendor", "testdata"] + exclude_file = [] + exclude_regex = ["_test.go"] + exclude_unchanged = false + follow_symlink = false + full_bin = "./bin/osctrl-tls" + include_dir = [] + include_ext = ["go", "ps1", "sh"] + kill_delay = "0s" + log = "build-errors.log" + send_interrupt = false + stop_on_error = true + +[color] + app = "" + build = "yellow" + main = "magenta" + runner = "green" + watcher = "cyan" + +[log] + time = true + +[misc] + clean_on_exit = false + +[screen] + clear_on_rebuild = false diff --git a/deploy/docker/Dockerfile-osctrl-dev b/deploy/docker/Dockerfile-osctrl-dev new file mode 100644 index 00000000..da799b63 --- /dev/null +++ b/deploy/docker/Dockerfile-osctrl-dev @@ -0,0 +1,158 @@ +######################################## osctrl-tls ######################################## +FROM golang:latest AS osctrl-tls + +ENV GO111MODULE=on + +# Install software +RUN apt-get update -y && apt-get install zip curl -y + +ARG POSTGRES_DB_NAME +ARG POSTGRES_DB_USERNAME +ARG POSTGRES_DB_PASSWORD +ARG JWT_SECRET + +### Create user ### +RUN useradd -ms /bin/bash osctrl-tls + +### Copy osctrl-tls bin and configs ### +RUN mkdir -p /opt/osctrl/ +RUN mkdir -p /opt/osctrl/bin +RUN mkdir -p /opt/osctrl/scripts +RUN mkdir -p /opt/osctrl/config + +### Compile osctrl-tls bin ### +RUN go build -o /opt/osctrl/bin/osctrl-tls tls/*.go +RUN go build -o /opt/osctrl/bin/osctrl-cli cli/*.go + +COPY tls/scripts/ /opt/osctrl/scripts +COPY deploy/docker/conf/osctrl/tls/tls.json /opt/osctrl/config/tls.json +COPY deploy/docker/conf/osctrl/db.json /opt/osctrl/config/db.json +RUN sed -i "s#{{ POSTGRES_DB_NAME }}#${POSTGRES_DB_NAME}#g" /opt/osctrl/config/db.json +RUN sed -i "s#{{ POSTGRES_DB_USERNAME }}#${POSTGRES_DB_USERNAME}#g" /opt/osctrl/config/db.json +RUN sed -i "s#{{ POSTGRES_DB_PASSWORD }}#${POSTGRES_DB_PASSWORD}#g" /opt/osctrl/config/db.json + +USER osctrl-tls +EXPOSE 9000 +WORKDIR /opt/osctrl + +ENTRYPOINT [ "/opt/osctrl/bin/osctrl-tls" ] + +######################################## osctrl-api ######################################## +FROM golang:latest AS osctrl-api + +ENV GO111MODULE=on + +# Install software +RUN apt-get update -y && apt-get install zip curl -y + +ARG POSTGRES_DB_NAME +ARG POSTGRES_DB_USERNAME +ARG POSTGRES_DB_PASSWORD +ARG JWT_SECRET + +### Create user ### +RUN useradd -ms /bin/bash osctrl-api + +### Copy osctrl-api bin and configs ### +RUN mkdir -p /opt/osctrl/bin +RUN mkdir -p /opt/osctrl/config + +### Copy code and compile +RUN go build -o /opt/osctrl/bin/osctrl-api api/*.go +RUN go build -o /opt/osctrl/bin/osctrl-cli cli/*.go + +COPY deploy/docker/conf/osctrl/api/api.json /opt/osctrl/config/api.json +COPY deploy/docker/conf/osctrl/jwt.json /opt/osctrl/config/jwt.json +RUN sed -i "s#{{ JWT_SECRET }}#${JWT_SECRET}#g" /opt/osctrl/config/jwt.json + +COPY deploy/docker/conf/osctrl/db.json /opt/osctrl/config/db.json +RUN sed -i "s#{{ POSTGRES_DB_NAME }}#${POSTGRES_DB_NAME}#g" /opt/osctrl/config/db.json +RUN sed -i "s#{{ POSTGRES_DB_USERNAME }}#${POSTGRES_DB_USERNAME}#g" /opt/osctrl/config/db.json +RUN sed -i "s#{{ POSTGRES_DB_PASSWORD }}#${POSTGRES_DB_PASSWORD}#g" /opt/osctrl/config/db.json + +USER osctrl-api +EXPOSE 9002 +WORKDIR /opt/osctrl + +ENTRYPOINT [ "/opt/osctrl/bin/osctrl-api" ] + +######################################## osctrl-admin ######################################## +FROM golang:latest AS osctrl-admin + +ENV GO111MODULE=on + +# Install software +RUN apt-get update -y && apt-get install zip curl -y + +ARG OSQUERY_VERSION +ARG POSTGRES_DB_NAME +ARG POSTGRES_DB_USERNAME +ARG POSTGRES_DB_PASSWORD +ARG JWT_SECRET +ARG ENV + +### Create user ### +RUN useradd -ms /bin/bash osctrl-admin + +### Copy osctrl-admin bin and configs ### +RUN mkdir -p /opt/osctrl/ +RUN mkdir -p /opt/osctrl/bin +RUN mkdir -p /opt/osctrl/config +RUN mkdir -p /opt/osctrl/carved_files + +### Copy code and compile +RUN go build -o /opt/osctrl/bin/osctrl-admin admin/*.go +RUN go build -o /opt/osctrl/bin/osctrl-cli cli/*.go + +COPY /go/src/osctrl/deploy/docker/conf/osctrl/admin/admin.json /opt/osctrl/config/admin.json +COPY /go/src/osctrl/deploy/docker/conf/osctrl/jwt.json /opt/osctrl/config/jwt.json +RUN sed -i "s#{{ JWT_SECRET }}#${JWT_SECRET}#g" /opt/osctrl/config/jwt.json + +COPY /go/src/osctrl/deploy/docker/conf/osctrl/db.json /opt/osctrl/config/db.json +RUN sed -i "s#{{ POSTGRES_DB_NAME }}#${POSTGRES_DB_NAME}#g" /opt/osctrl/config/db.json +RUN sed -i "s#{{ POSTGRES_DB_USERNAME }}#${POSTGRES_DB_USERNAME}#g" /opt/osctrl/config/db.json +RUN sed -i "s#{{ POSTGRES_DB_PASSWORD }}#${POSTGRES_DB_PASSWORD}#g" /opt/osctrl/config/db.json +RUN chown osctrl-admin:osctrl-admin -R /opt/osctrl/config + +### Copy osctrl-admin web templates ### +COPY /go/src/osctrl/admin/templates/ /opt/osctrl/tmpl_admin +COPY /go/src/osctrl/admin/templates/components/page-head-online.html /opt/osctrl/tmpl_admin/components/page-head.html +COPY /go/src/osctrl/admin/templates/components/page-js-online.html /opt/osctrl/tmpl_admin/components/page-js.html +COPY /go/src/osctrl/admin/static/ /opt/osctrl/static +COPY /go/src/osctrl/deploy/osquery/data/${OSQUERY_VERSION}.json /opt/osctrl/data/${OSQUERY_VERSION}.json + +RUN chown osctrl-admin:osctrl-admin -R /opt/osctrl/carved_files + +USER osctrl-admin +EXPOSE 9001 +WORKDIR /opt/osctrl +ENTRYPOINT [ "/opt/osctrl/bin/osctrl-admin" ] + +######################################## Ubuntu 20.04 node ######################################## +FROM ubuntu:20.04 as osctrl-ubuntu-osquery +ARG OSCTRL_VERSION +ARG OSQUERY_VERSION +ARG POSTGRES_DB_NAME +ARG POSTGRES_DB_USERNAME +ARG POSTGRES_DB_PASSWORD + +### Copy osctrl-cli bin and config ### +RUN mkdir -p /opt/osctrl/ +RUN mkdir -p /opt/osctrl/bin + +COPY --from=osctrl-tls /opt/osctrl/bin/osctrl-cli /opt/osctrl/bin/osctrl-cli +COPY --from=osctrl-tls /go/src/osctrl/deploy/docker/conf/osquery/wait.sh /opt/osctrl/bin/wait.sh +RUN chmod +x /opt/osctrl/bin/wait.sh + +COPY --from=osctrl-tls /go/src/osctrl/deploy/docker/conf/osctrl/db.json /opt/osctrl/config/db.json +RUN sed -i "s#{{ POSTGRES_DB_NAME }}#${POSTGRES_DB_NAME}#g" /opt/osctrl/config/db.json +RUN sed -i "s#{{ POSTGRES_DB_USERNAME }}#${POSTGRES_DB_USERNAME}#g" /opt/osctrl/config/db.json +RUN sed -i "s#{{ POSTGRES_DB_PASSWORD }}#${POSTGRES_DB_PASSWORD}#g" /opt/osctrl/config/db.json + +### Install osquery ### +RUN apt update && apt install -y curl +RUN curl "https://osquery-packages.s3.amazonaws.com/deb/osquery_${OSQUERY_VERSION}-1.linux_$(dpkg --print-architecture).deb" -o "/tmp/osquery.deb" +RUN dpkg -i "/tmp/osquery.deb" +COPY --from=osctrl-admin /go/src/osctrl/deploy/docker/conf/tls/osctrl.crt /etc/osquery/osctrl.crt + +ENTRYPOINT [ "/opt/osctrl/bin/wait.sh" ] diff --git a/deploy/docker/Dockerfile-osctrl b/deploy/docker/Dockerfile-osctrl-prod similarity index 99% rename from deploy/docker/Dockerfile-osctrl rename to deploy/docker/Dockerfile-osctrl-prod index 8c8f594a..54031b12 100644 --- a/deploy/docker/Dockerfile-osctrl +++ b/deploy/docker/Dockerfile-osctrl-prod @@ -15,7 +15,6 @@ RUN apt-get update -y && apt-get install zip curl -y # mv /go/src/osctrl-${OSCTRL_VERSION} /go/src/osctrl ADD . /go/src/osctrl -RUN ls -la /go/src/osctrl WORKDIR /go/src/osctrl ########## Compile osctrl bins ########## @@ -24,27 +23,6 @@ RUN go build -o bin/osctrl-api api/*.go RUN go build -o bin/osctrl-admin admin/*.go RUN go build -o bin/osctrl-cli cli/*.go -######################################## osctrl-cli ######################################## -FROM ubuntu:20.04 AS osctrl-cli -ARG POSTGRES_DB_NAME -ARG POSTGRES_DB_USERNAME -ARG POSTGRES_DB_PASSWORD - -### Copy osctrl-admin bin and configs ### -RUN mkdir -p /opt/osctrl/ -COPY --from=osctrl-base /go/src/osctrl/bin/osctrl-cli /opt/osctrl/bin/osctrl-cli -COPY deploy/docker/conf/osquery/wait-cli.sh /opt/osctrl/bin/wait-cli.sh - -COPY deploy/docker/conf/osctrl/db.json /opt/osctrl/config/db.json -RUN sed -i "s#{{ POSTGRES_DB_NAME }}#${POSTGRES_DB_NAME}#g" /opt/osctrl/config/db.json -RUN sed -i "s#{{ POSTGRES_DB_USERNAME }}#${POSTGRES_DB_USERNAME}#g" /opt/osctrl/config/db.json -RUN sed -i "s#{{ POSTGRES_DB_PASSWORD }}#${POSTGRES_DB_PASSWORD}#g" /opt/osctrl/config/db.json -RUN ln -s /opt/osctrl/bin/osctrl-cli /usr/local/bin/osctrl-cli - -COPY deploy/docker/conf/tls/osctrl.crt /opt/osctrl/config/osctrl.crt - -ENTRYPOINT [ "/opt/osctrl/bin/wait-cli.sh" ] - ######################################## osctrl-tls ######################################## FROM ubuntu:20.04 AS osctrl-tls @@ -149,6 +127,27 @@ EXPOSE 9001 WORKDIR /opt/osctrl ENTRYPOINT [ "/opt/osctrl/bin/osctrl-admin" ] +######################################## osctrl-cli ######################################## +FROM ubuntu:20.04 AS osctrl-cli +ARG POSTGRES_DB_NAME +ARG POSTGRES_DB_USERNAME +ARG POSTGRES_DB_PASSWORD + +### Copy osctrl-admin bin and configs ### +RUN mkdir -p /opt/osctrl/ +COPY --from=osctrl-base /go/src/osctrl/bin/osctrl-cli /opt/osctrl/bin/osctrl-cli +COPY deploy/docker/conf/osquery/wait-cli.sh /opt/osctrl/bin/wait-cli.sh + +COPY deploy/docker/conf/osctrl/db.json /opt/osctrl/config/db.json +RUN sed -i "s#{{ POSTGRES_DB_NAME }}#${POSTGRES_DB_NAME}#g" /opt/osctrl/config/db.json +RUN sed -i "s#{{ POSTGRES_DB_USERNAME }}#${POSTGRES_DB_USERNAME}#g" /opt/osctrl/config/db.json +RUN sed -i "s#{{ POSTGRES_DB_PASSWORD }}#${POSTGRES_DB_PASSWORD}#g" /opt/osctrl/config/db.json +RUN ln -s /opt/osctrl/bin/osctrl-cli /usr/local/bin/osctrl-cli + +COPY deploy/docker/conf/tls/osctrl.crt /opt/osctrl/config/osctrl.crt + +ENTRYPOINT [ "/opt/osctrl/bin/wait-cli.sh" ] + ######################################## Ubuntu 20.04 node ######################################## FROM ubuntu:20.04 as osctrl-ubuntu-osquery ARG OSCTRL_VERSION diff --git a/deploy/docker/conf/osquery/wait.sh b/deploy/docker/conf/osquery/wait.sh old mode 100644 new mode 100755 diff --git a/deploy/docker/docker-compose-dev.yml b/deploy/docker/docker-compose-dev.yml new file mode 100644 index 00000000..9183a8af --- /dev/null +++ b/deploy/docker/docker-compose-dev.yml @@ -0,0 +1,92 @@ +version: "2.2" + +x-docker-data: &build_osctrl + context: . + dockerfile: deploy/docker/Dockerfile-osctrl-dev + args: + OSCTRL_VERSION: ${OSCTRL_VERSION} + OSQUERY_VERSION: ${OSQUERY_VERSION} + POSTGRES_DB_NAME: ${POSTGRES_DB_NAME} + POSTGRES_DB_USERNAME: ${POSTGRES_DB_USERNAME} + POSTGRES_DB_PASSWORD: ${POSTGRES_DB_PASSWORD} + JWT_SECRET: ${JWT_SECRET} + +services: + ######################################### osctrl-tls ######################################### + osctrl-tls: + container_name: 'osctrl-tls' + restart: unless-stopped + image: osctrl-tls:${OSCTRL_VERSION} + build: + <<: *build_osctrl + target: osctrl-tls + networks: + - osctrl-backend + ports: + - 443:443 + depends_on: + - postgres + + ######################################### osctrl-admin ######################################### + osctrl-admin: + container_name: 'osctrl-admin' + restart: unless-stopped + image: osctrl-admin:${OSCTRL_VERSION} + build: + <<: *build_osctrl + target: osctrl-admin + networks: + - default + - osctrl-backend + ports: + - 9001:9001 + depends_on: + - postgres + + ######################################### osctrl-api ######################################### + osctrl-api: + container_name: 'osctrl-api' + restart: unless-stopped + image: osctrl-api:${OSCTRL_VERSION} + build: + <<: *build_osctrl + target: osctrl-api + networks: + - osctrl-backend + depends_on: + - postgres + + ######################################### PostgreSQL ######################################### + postgres: + container_name: 'osctrl-postgres' + restart: unless-stopped + image: postgres:${POSTGRES_VERSION} + environment: + POSTGRES_DB: ${POSTGRES_DB_NAME} + POSTGRES_USER: ${POSTGRES_DB_USERNAME} + POSTGRES_PASSWORD: ${POSTGRES_DB_PASSWORD} + networks: + - osctrl-backend + volumes: + - postgres-db:/var/lib/postgresql/data + + ######################################### osquery ######################################### + ubuntu-osquery: + container_name: 'osctrl-ubuntu-osquery' + restart: unless-stopped + image: osctrl-ubuntu-osquery:${OSQUERY_VERSION} + build: + <<: *build_osctrl + target: osctrl-ubuntu-osquery + networks: + - osctrl-backend + depends_on: + - osctrl-tls + +networks: + osctrl-backend: + osquery-backend: + +volumes: + postgres-db: + diff --git a/deploy/docker/docker-compose.yml b/deploy/docker/docker-compose-prod.yml similarity index 96% rename from deploy/docker/docker-compose.yml rename to deploy/docker/docker-compose-prod.yml index 4c92412b..46210074 100644 --- a/deploy/docker/docker-compose.yml +++ b/deploy/docker/docker-compose-prod.yml @@ -2,7 +2,7 @@ version: "2.2" x-docker-data: &build_osctrl context: . - dockerfile: deploy/docker/Dockerfile-osctrl + dockerfile: deploy/docker/Dockerfile-osctrl-prod args: OSCTRL_VERSION: ${OSCTRL_VERSION} OSQUERY_VERSION: ${OSQUERY_VERSION} @@ -86,7 +86,7 @@ services: networks: - osctrl-backend volumes: - - osctrl-postgres-db:/var/lib/postgresql/data + - postgres-db:/var/lib/postgresql/data ######################################### osctrl-cli ######################################### osctrl-cli: @@ -121,4 +121,4 @@ networks: osquery-backend: volumes: - osctrl-postgres-db: + postgres-db: diff --git a/deploy/docker/dockerize.sh b/deploy/docker/dockerize.sh index 00995cf2..9587257f 100755 --- a/deploy/docker/dockerize.sh +++ b/deploy/docker/dockerize.sh @@ -15,6 +15,7 @@ # -x Removes container images. # -C Existing certificate to be used with osctrl. # -K Existing private key to be used with osctrl. +# -D Build development environment. # Show an informational log message # string message_to_display @@ -45,6 +46,7 @@ function usage() { printf " -x\tRemoves container images.\n" printf " -C\tExisting certificate to be used with osctrl.\n" printf " -K\tExisting private key to be used with osctrl.\n" + printf " -D\tBuild development environment.\n" printf "\nExamples:\n" printf " Run dockerized osctrl building new containers and forcing to generate new certificates:\n" printf "\t%s -u -b -f\n" "${0}" @@ -57,13 +59,13 @@ function usage() { set -e # Detection of current directory -if [[ -f "deploy/docker/docker-compose.yml" ]]; then +if [[ -f "deploy/docker/docker-compose-prod.yml" ]] || [[ -f "deploy/docker/docker-compose-dev.yml" ]]; then ROOTDIR="." log "ROOTDIR=$ROOTDIR" DOCKERDIR="deploy/docker" - log "DOCKERDIR=$DOCKERDIR" + log "DOCKERDIR=$ROOTDIR/$DOCKERDIR" fi -if [[ -f "docker-compose.yml" ]]; then +if [[ -f "docker-compose-prod.yml" ]] || [[ -f "docker-compose-dev.yml" ]]; then ROOTDIR=".." log "ROOTDIR=$ROOTDIR" DOCKERDIR="." @@ -75,7 +77,7 @@ NAME="osctrl" _HOSTNAME="localhost" DEPLOYDIR="$ROOTDIR/deploy" CERTSDIR="$DOCKERDIR/conf/tls" -COMPOSERFILE="$DOCKERDIR/docker-compose.yml" +COMPOSERFILE="$DOCKERDIR/docker-compose-prod.yml" ENVFILE="$ROOTDIR/.env" ENVTEMPLATE="$DOCKERDIR/env.example" @@ -96,9 +98,10 @@ _JWT=false _MKCERT=false _DOWN=false _REMOVE=false +_DEV=false # Extract arguments -while getopts 'hbufJmdxCK' c; do +while getopts 'hbufJmdxCKD' c; do case $c in h) usage @@ -140,6 +143,10 @@ while getopts 'hbufJmdxCK' c; do SHOW_USAGE=false KEY_FILE=$2 ;; + D) + SHOW_USAGE=false + _DEV=true + ;; esac done @@ -195,6 +202,10 @@ if [[ "$_JWT" == true ]]; then cat "$ENVTEMPLATE" | sed "s/JWT_SECRET.*/JWT_SECRET=$_JWT_SECRET/" | tee "$ENVFILE" fi +if [[ "$_DEV" == true ]]; then + COMPOSERFILE="$DOCKERDIR/docker-compose-dev.yml" +fi + if [[ "$_BUILD" == true ]]; then log "Building containers from $COMPOSERFILE and using $ENVFILE" docker-compose -f "$COMPOSERFILE" --project-directory "$ROOTDIR" build @@ -203,7 +214,7 @@ fi log "Access $NAME-admin using https://$_HOSTNAME:8443" if [[ "$_UP" == true ]]; then - log "Running containers" + log "Running containers from $COMPOSERFILE and using $ENVFILE" docker-compose -f "$COMPOSERFILE" --project-directory "$ROOTDIR" up fi