Skip to content

Commit

Permalink
Update PoC for Docker dev env -2
Browse files Browse the repository at this point in the history
  • Loading branch information
Ben Bornholm authored and Ben Bornholm committed Feb 21, 2023
1 parent 40d54c5 commit dbad0e9
Show file tree
Hide file tree
Showing 8 changed files with 285 additions and 45 deletions.
2 changes: 1 addition & 1 deletion .dockerignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,4 @@ Vagrantfile
tmp/
bin/
docker-compose.yml
docker-compose-dev.yml
docker-compose-dev.yml
2 changes: 1 addition & 1 deletion deploy/cicd/docker/Dockerfile-osctrl-admin
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,13 @@ ARG GOARCH=amd64

# Install software
RUN apt-get update -y -q && \
apt-get install curl -y && \
rm -rf /var/lib/apt/lists/*

# Install/Setup osctrl
RUN useradd -ms /usr/sbin/nologin osctrl-${COMPONENT}
RUN mkdir -p /opt/osctrl/bin && \
mkdir -p /opt/osctrl/config && \
mkdir -p /opt/osctrl/script && \
mkdir -p /opt/osctrl/tmpl_admin/components && \
mkdir -p /opt/osctrl/static && \
mkdir -p /opt/osctrl/data && \
Expand Down
2 changes: 1 addition & 1 deletion deploy/cicd/docker/Dockerfile-osctrl-api
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,13 @@ ARG GOARCH=amd64

# Install software
RUN apt-get update -y -q && \
apt-get install curl -y && \
rm -rf /var/lib/apt/lists/*

# Install/Setup osctrl
RUN useradd -ms /usr/sbin/nologin osctrl-${COMPONENT}
RUN mkdir -p /opt/osctrl/bin && \
mkdir -p /opt/osctrl/config && \
mkdir -p /opt/osctrl/script && \
chown osctrl-${COMPONENT}:osctrl-${COMPONENT} -R /opt/osctrl
COPY osctrl-${COMPONENT}-${GOOS}-${GOARCH}.bin /opt/osctrl/bin/osctrl-${COMPONENT}
RUN chmod 755 /opt/osctrl/bin/osctrl-${COMPONENT}
Expand Down
5 changes: 2 additions & 3 deletions deploy/cicd/docker/Dockerfile-osctrl-cli
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,21 +6,20 @@ ARG GOARCH=amd64

# Install software
RUN apt-get update -y -q && \
apt-get install curl -y && \
rm -rf /var/lib/apt/lists/*

# Install/Setup osctrl
RUN useradd -ms /usr/sbin/nologin osctrl-${COMPONENT}
RUN mkdir -p /opt/osctrl/bin && \
mkdir -p /opt/osctrl/config && \
mkdir -p /opt/osctrl/script && \
chown osctrl-${COMPONENT}:osctrl-${COMPONENT} -R /opt/osctrl

COPY osctrl-${COMPONENT}-${GOOS}-${GOARCH}.bin /opt/osctrl/bin/osctrl-${COMPONENT}
RUN chmod 755 /opt/osctrl/bin/osctrl-${COMPONENT}

COPY deploy/docker/conf/osctrl/db.json /opt/osctrl/config/db.json

COPY deploy/docker/conf/osctrl/cli/entrypoint.sh /entrypoint.sh
COPY deploy/docker/conf/cli/entrypoint.sh /entrypoint.sh
RUN chmod 755 /entrypoint.sh

USER osctrl-${COMPONENT}
Expand Down
2 changes: 1 addition & 1 deletion deploy/cicd/docker/Dockerfile-osctrl-tls
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,13 @@ ARG GOARCH=amd64

# Install software
RUN apt-get update -y -q && \
apt-get install curl -y && \
rm -rf /var/lib/apt/lists/*

# Install/Setup osctrl
RUN useradd -ms /usr/sbin/nologin osctrl-${COMPONENT}
RUN mkdir -p /opt/osctrl/bin && \
mkdir -p /opt/osctrl/config && \
mkdir -p /opt/osctrl/script && \
chown osctrl-${COMPONENT}:osctrl-${COMPONENT} -R /opt/osctrl
COPY osctrl-${COMPONENT}-${GOOS}-${GOARCH}.bin /opt/osctrl/bin/osctrl-${COMPONENT}
RUN chmod 755 /opt/osctrl/bin/osctrl-${COMPONENT}
Expand Down
3 changes: 3 additions & 0 deletions docker-compose-dev.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -211,6 +211,9 @@ services:
networks:
- osctrl-dev-backend
volumes:
- type: bind
source: ./deploy/docker/conf/tls/osctrl.crt
target: /opt/osctrl/config/osctrl.crt
- .:/usr/src/app:rw,delegated
depends_on:
- postgres
Expand Down
266 changes: 266 additions & 0 deletions docker-compose-osquery.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,266 @@
version: "2.4"
services:
######################################### NGINX #########################################
nginx:
container_name: 'osctrl-nginx'
image: nginx:${NGINX_VERSION}
restart: unless-stopped
ports:
- 8000:80
- 8443:443
networks:
- default
- osctrl-backend
volumes:
- type: bind
source: ./deploy/docker/conf/nginx/nginx.conf
target: /etc/nginx/nginx.conf
- type: bind
source: ./deploy/docker/conf/nginx/osctrl.conf
target: /etc/nginx/conf.d/osctrl.conf
- type: bind
source: ./deploy/docker/conf/tls/osctrl.crt
target: /etc/ssl/certs/osctrl.crt
- type: bind
source: ./deploy/docker/conf/tls/osctrl.key
target: /etc/ssl/private/osctrl.key
depends_on:
- osctrl-tls
- osctrl-admin
- osctrl-api
healthcheck:
test: ["CMD", "curl", "-f", "-k", "https://localhost"]
interval: 1m30s
timeout: 10s
retries: 3
start_period: 40s
cpus: 2
mem_limit: 150M

######################################### osctrl-tls #########################################
osctrl-tls:
image: jmpsec/osctrl-tls:v${OSCTRL_VERSION}
container_name: 'osctrl-tls'
restart: unless-stopped
environment:
#### TLS settings ####
- SERVICE_LISTENER=0.0.0.0
- SERVICE_PORT=9000
- SERVICE_HOST=0.0.0.0
- SERVICE_AUTH=none
- SERVICE_LOGGER=stdout
#### Database settings ####
- DB_HOST=postgres
- DB_NAME=${POSTGRES_DB_NAME}
- DB_USER=${POSTGRES_DB_USERNAME}
- DB_PASS=${POSTGRES_DB_PASSWORD}
#### Redis settings ####
- REDIS_HOST=redis
networks:
- osctrl-backend
depends_on:
- postgres
- redis
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000"]
interval: 1m30s
timeout: 10s
retries: 3
start_period: 40s
cpus: 2
mem_limit: 150M

######################################### osctrl-admin #########################################
osctrl-admin:
container_name: 'osctrl-admin'
restart: unless-stopped
image: jmpsec/osctrl-admin:v${OSCTRL_VERSION}
environment:
#### TLS settings ####
- SERVICE_LISTENER=0.0.0.0
- SERVICE_PORT=9001
- SERVICE_HOST=0.0.0.0
- SERVICE_AUTH=db
- JWT_SECRET=${JWT_SECRET}
- SERVICE_LOGGER=stdout
#### Database settings ####
- DB_HOST=postgres
- DB_NAME=${POSTGRES_DB_NAME}
- DB_USER=${POSTGRES_DB_USERNAME}
- DB_PASS=${POSTGRES_DB_PASSWORD}
#### Redis settings ####
- REDIS_HOST=redis
networks:
- osctrl-backend
depends_on:
- postgres
- redis
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9001"]
interval: 1m30s
timeout: 10s
retries: 3
start_period: 40s
cpus: 2
mem_limit: 150M

######################################### osctrl-api #########################################
osctrl-api:
container_name: 'osctrl-api'
restart: unless-stopped
image: jmpsec/osctrl-api:v${OSCTRL_VERSION}
environment:
#### TLS settings ####
- SERVICE_LISTENER=0.0.0.0
- SERVICE_PORT=9002
- SERVICE_HOST=0.0.0.0
- SERVICE_AUTH=jwt
- JWT_SECRET=${JWT_SECRET}
- SERVICE_LOGGER=stdout
#### Database settings ####
- DB_HOST=postgres
- DB_NAME=${POSTGRES_DB_NAME}
- DB_USER=${POSTGRES_DB_USERNAME}
- DB_PASS=${POSTGRES_DB_PASSWORD}
#### Redis settings ####
- REDIS_HOST=redis
networks:
- osctrl-backend
depends_on:
- postgres
- redis
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9002"]
interval: 1m30s
timeout: 10s
retries: 3
start_period: 40s
cpus: 2
mem_limit: 150M

######################################### PostgreSQL #########################################
postgres:
container_name: 'osctrl-postgres'
restart: unless-stopped
image: postgres:${POSTGRES_VERSION}
environment:
- POSTGRES_DB=${POSTGRES_DB_NAME}
- POSTGRES_USER=${POSTGRES_DB_USERNAME}
- POSTGRES_PASSWORD=${POSTGRES_DB_PASSWORD}
networks:
- osctrl-backend
volumes:
- postgres-db:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "sh -c 'pg_isready -U ${POSTGRES_DB_USERNAME} -d ${POSTGRES_DB_NAME}'"]
interval: 10s
timeout: 5s
retries: 5
cpus: 2
mem_limit: 1G

######################################### Redis #########################################
redis:
container_name: 'osctrl-redis'
restart: unless-stopped
image: redis:${REDIS_VERSION}
networks:
- osctrl-backend
volumes:
- redis-data:/data
healthcheck:
test: ["CMD", "redis-cli","ping"]
interval: 10s
timeout: 5s
retries: 5
cpus: 1
mem_limit: 100M

######################################### osctrl-cli #########################################
# osctrl-cli is the component that creates the osctrl env and admin user
##############################################################################################
osctrl-cli:
container_name: 'osctrl-cli'
restart: unless-stopped
image: jmpsec/osctrl-cli:v${OSCTRL_VERSION}
tty: true # entrypoint executes `/bin/sh`
environment:
#### osctrl env ####
- ENV_NAME=dev
- CERT_FILE=/opt/osctrl/config/osctrl.crt
- HOST=osctrl-nginx
#### osctrl admin ####
- OSCTRL_USER=${OSCTRL_USER}
- OSCTRL_PASS=${OSCTRL_PASS}
#### Database settings ####
- DB_HOST=postgres
- DB_NAME=${POSTGRES_DB_NAME}
- DB_USER=${POSTGRES_DB_USERNAME}
- DB_PASS=${POSTGRES_DB_PASSWORD}
networks:
- osctrl-backend
volumes:
- type: bind
source: ./deploy/docker/conf/tls/osctrl.crt
target: /opt/osctrl/config/osctrl.crt
depends_on:
- postgres
healthcheck:
test: ["CMD", "/opt/osctrl/bin/osctrl-cli", "check"]
interval: 1m30s
timeout: 10s
retries: 3
start_period: 60s
cpus: 1
mem_limit: 100M

######################################### osquery #########################################
osquery:
container_name: 'osctrl-osquery'
image: 'osctrl-osquery:v${OSCTRL_VERSION}'
restart: unless-stopped
build:
context: .
target: osctrl-ubuntu-osquery
dockerfile: deploy/docker/dockerfiles/Dockerfile-dev-cli
args:
GOLANG_VERSION: ${GOLANG_VERSION}
OSQUERY_VERSION: ${OSQUERY_VERSION}
environment:
#### osquery enroll ####
- ENV_NAME=dev
- HOST=osctrl-nginx
#### Database settings ####
- DB_HOST=postgres
- DB_NAME=${POSTGRES_DB_NAME}
- DB_USER=${POSTGRES_DB_USERNAME}
- DB_PASS=${POSTGRES_DB_PASSWORD}
networks:
- osctrl-backend
volumes:
- type: bind
source: ./deploy/docker/conf/tls/osctrl.crt
target: /opt/osctrl/config/osctrl.crt
- osquery-data:/var/osquery
- osquery-conf:/etc/osquery
depends_on:
- osctrl-tls
- osctrl-api
- postgres
healthcheck:
test: ["CMD", "test", "-f", "/var/run/osqueryd.pidfile"]
interval: 1m30s
timeout: 10s
retries: 3
start_period: 60s
cpus: 1
mem_limit: 150M

networks:
osctrl-backend:

volumes:
postgres-db:
redis-data:
osquery-data:
osquery-conf:
Loading

0 comments on commit dbad0e9

Please sign in to comment.