From d31bc91b4ddb16504330df00bf99edf7e128143c Mon Sep 17 00:00:00 2001
From: Marc Mettke <marc@itmettke.de>
Date: Sat, 6 Apr 2019 11:35:56 +0200
Subject: [PATCH] Adding docker container

---
 docker/Dockerfile                      | 39 ++++++++++++++++++++++++++
 docker/cron                            |  2 ++
 docker/entrypoint.sh                   | 35 +++++++++++++++++++++++
 docker/healthcheck.sh                  |  7 +++++
 examples/.gitignore                    |  3 +-
 examples/httpd-ldap/docker-compose.yml |  9 +++---
 examples/shared/cron/root              |  1 -
 7 files changed, 89 insertions(+), 7 deletions(-)
 create mode 100644 docker/Dockerfile
 create mode 100644 docker/cron
 create mode 100644 docker/entrypoint.sh
 create mode 100644 docker/healthcheck.sh
 delete mode 100644 examples/shared/cron/root

diff --git a/docker/Dockerfile b/docker/Dockerfile
new file mode 100644
index 0000000..24b9194
--- /dev/null
+++ b/docker/Dockerfile
@@ -0,0 +1,39 @@
+FROM alpine:3.8
+LABEL maintainer="Marc Mettke <marc@itmettke.de>"
+
+ENV SYSTEM https://github.com/operasoftware/ssh-key-authority.git
+ADD entrypoint.sh /entrypoint.sh
+ADD healthcheck.sh /healthcheck.sh
+ADD cron /var/spool/cron/crontabs/root
+
+RUN mkdir -p /var/log/keys/ /run/php/ /ska/ && \
+    adduser --system --disabled-password keys-sync && \
+    apk add openssh \ 
+            php \
+            php-fpm \
+            php7-json \
+            php7-ldap \
+            php7-mbstring \
+            php7-mysqli \
+            php7-pcntl \
+            php7-posix \
+            php7-ssh2 \
+            rsync \
+            ssmtp \
+            sudo && \
+    sed -i -e '/listen =/ s/= .*/= 0.0.0.0:9000/' /etc/php7/php-fpm.d/www.conf && \
+    sed -i -e '/;pid =/ s/.*/pid = \/var\/run\/php-fpm.pid/' /etc/php7/php-fpm.conf && \
+    echo "" >> /etc/php7/php-fpm.conf && \
+    chmod +x /entrypoint.sh /healthcheck.sh && \
+    ln -sf /dev/stderr /var/log/php7/error.log
+RUN apk add git && \
+    git clone ${SYSTEM} /ska && \
+    apk del git && \
+    chown -R keys-sync:nogroup /ska/config
+
+EXPOSE 9000
+VOLUME /ska/config
+VOLUME /public_html
+
+ENTRYPOINT "/entrypoint.sh"
+HEALTHCHECK CMD /healcheck.sh
diff --git a/docker/cron b/docker/cron
new file mode 100644
index 0000000..6d10c59
--- /dev/null
+++ b/docker/cron
@@ -0,0 +1,2 @@
+0 1 * * * /ska/scripts/ldap_update.php
+*/1 * * * * /bin/ash -c "PID=$(cat /var/run/keys-sync.pid) && [ -n ${PID} -a -d /proc/${PID} ] || /ska/scripts/syncd.php --user keys-sync"
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
new file mode 100644
index 0000000..728eb7c
--- /dev/null
+++ b/docker/entrypoint.sh
@@ -0,0 +1,35 @@
+#!/usr/bin/env ash
+if [ `whoami` == 'keys-sync' ]; then
+  if [ ! -r /ska/config/config.ini ]; then
+      echo "config.ini not found or incorrect permissions."
+      echo "Permissions must be $(id -u keys-sync):$(id -g keys-sync) with at least 400"
+      exit 1
+  fi
+  if [ ! -r /ska/config/keys-sync ]; then
+      echo "private key not found or incorrect permissions."
+      echo "Permissions must be $(id -u keys-sync):$(id -g keys-sync) with 400"
+      exit 1
+  fi
+  if [ ! -r /ska/config/keys-sync.pub ]; then
+      echo "public key not found or incorrect permissions."
+      echo "Permissions must be $(id -u keys-sync):$(id -g keys-sync) with at least 400"
+      exit 1
+  fi
+  if ! grep "^timeout_util = BusyBox$" /ska/config/config.ini > /dev/null; then
+      echo "timeout_util must be set to BusyBox."
+      echo "Change it to: timeout_util = BusyBox"
+      exit 1
+  fi
+elif [ $(id -u) = 0 ]; then
+  if ! sudo -u keys-sync /entrypoint.sh; then
+    exit 1
+  fi
+  rsync -a --delete /ska/public_html/ /public_html/
+  /usr/sbin/crond
+  echo "Waiting for database..."
+  sleep 5
+  /ska/scripts/syncd.php --user keys-sync
+  /usr/sbin/php-fpm7 -F
+else
+  echo "Must be executed with root"
+fi
diff --git a/docker/healthcheck.sh b/docker/healthcheck.sh
new file mode 100644
index 0000000..8b38832
--- /dev/null
+++ b/docker/healthcheck.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env ash
+for PID_FILE in /var/run/crond.pid /var/run/keys-sync.pid /var/run/php-fpm.pid; do
+	PID=$(cat ${PID_FILE})
+    if ! [ -n "${PID}" -a -d "/proc/${PID}" ]; then
+        exit 1
+    fi
+done
diff --git a/examples/.gitignore b/examples/.gitignore
index 9f4c740..21a7194 100644
--- a/examples/.gitignore
+++ b/examples/.gitignore
@@ -1 +1,2 @@
-db/
\ No newline at end of file
+db/
+public_html/
\ No newline at end of file
diff --git a/examples/httpd-ldap/docker-compose.yml b/examples/httpd-ldap/docker-compose.yml
index 4e708a4..8ee9f42 100644
--- a/examples/httpd-ldap/docker-compose.yml
+++ b/examples/httpd-ldap/docker-compose.yml
@@ -40,17 +40,16 @@ services:
       - net
 
   ska-php:
-    image: alpine:3.8
-    command: /bin/ash -c "mkdir -p /var/log/keys /run/php/ && (id -u keys-sync 2> /dev/null || adduser --system --disabled-password keys-sync) && chown keys-sync:nogroup /ska/config/keys-sync && apk add php php-fpm ssmtp openssh php7-json php7-ldap php7-mbstring php7-mysqli php7-ssh2 php7-posix php7-pcntl && sed -i -e '/listen =/ s/= .*/= 0.0.0.0:9000/' /etc/php7/php-fpm.d/www.conf && crond && /ska/scripts/syncd.php --user keys-sync && php-fpm7 -F"
+    build:
+      context: ../../docker
     restart: always
     depends_on:
       - ska-db
       - mail
     volumes:
-      - ../../:/ska/:ro
       - ../shared/config-ldap/:/ska/config/:rw
       - ../shared/ssmtp.conf:/etc/ssmtp/ssmtp.conf:ro
-      - ../shared/cron/:/var/spool/cron/crontabs/:rw
+      - ./public_html:/public_html:rw
     networks:
       - net
 
@@ -62,7 +61,7 @@ services:
     depends_on:
       - ska-php
     volumes:
-      - ../../:/ska/:ro
+      - ./public_html:/ska/public_html:ro
       - ./httpd.conf:/usr/local/apache2/conf/httpd.conf:ro
     networks:
       - net
diff --git a/examples/shared/cron/root b/examples/shared/cron/root
deleted file mode 100644
index 7ca495f..0000000
--- a/examples/shared/cron/root
+++ /dev/null
@@ -1 +0,0 @@
-0 1 * * * /ska/scripts/ldap_update.php