Dockerize using phusion/baseimage and runit services

This commit is contained in:
Toilal 2015-04-04 17:50:16 +02:00
parent 2b9ce85ba8
commit 1eb77c332b
30 changed files with 915 additions and 160 deletions

View File

@ -19,8 +19,14 @@ FROM phusion/baseimage:0.9.16
# Dockerfile metadata. # Dockerfile metadata.
MAINTAINER Joshua Tauberer (http://razor.occams.info) MAINTAINER Joshua Tauberer (http://razor.occams.info)
EXPOSE 25 53/udp 53/tcp 80 443 587 993 EXPOSE 25 53/udp 53/tcp 80 443 587 993 4190
VOLUME /data VOLUME /home/user-data
# Use baseimage init system
CMD ["/sbin/my_init"]
# Create the user-data user, so the start script doesn't have to.
RUN useradd -m user-data
# Docker has a beautiful way to cache images after each step. The next few # Docker has a beautiful way to cache images after each step. The next few
# steps of installing system packages are very intensive, so we take care # steps of installing system packages are very intensive, so we take care
@ -35,20 +41,28 @@ RUN DEBIAN_FRONTEND=noninteractive apt-get upgrade -y
# Install packages needed by Mail-in-a-Box. # Install packages needed by Mail-in-a-Box.
ADD containers/docker/apt_package_list.txt /tmp/mailinabox_apt_package_list.txt ADD containers/docker/apt_package_list.txt /tmp/mailinabox_apt_package_list.txt
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y $(cat /tmp/mailinabox_apt_package_list.txt) RUN DEBIAN_FRONTEND=noninteractive apt-get install -y $(cat /tmp/mailinabox_apt_package_list.txt)
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y rsyslog
RUN rm -f /tmp/mailinabox_apt_package_list.txt
RUN apt-get clean
# Create the user-data user, so the start script doesn't have to.
RUN useradd -m user-data
# Now add Mail-in-a-Box to the system. # Now add Mail-in-a-Box to the system.
ADD . /usr/local/mailinabox ADD . /usr/local/mailinabox
# We can't know things like the IP address where the container will eventually # Patch setup/functions.sh
# be deployed until the container is started. We also don't want to create any RUN cp /usr/local/mailinabox/setup/functions.sh /usr/local/mailinabox/setup/functions.orig.sh
# private keys during the creation of the image --- that should wait until the RUN echo "# Docker patches" >> /usr/local/mailinabox/setup/functions.sh && \
# container is started too. So our whole setup process is deferred until the echo "source containers/docker/patch/setup/functions_docker.sh" >> /usr/local/mailinabox/setup/functions.sh
# container is started. # Skip apt-get install
RUN mkdir -p /etc/my_init.d RUN sed 's/PACKAGES=$@/PACKAGES=""/g' -i /usr/local/mailinabox/setup/functions.sh
RUN ln -s /usr/local/mailinabox/containers/docker/init.sh /etc/my_init.d/20-mailinabox.sh
# Install runit services
ADD containers/docker/runit/ /etc/service/
# LSB Compatibility
RUN /usr/local/mailinabox/containers/docker/tools/lsb_compat.sh
# Configure service logs
RUN /usr/local/mailinabox/containers/docker/tools/runit_logs.sh
# Disable services
RUN /usr/local/mailinabox/containers/docker/tools/disable_services.sh
# Add my_init scripts
ADD containers/docker/my_init.d/* /etc/my_init.d/

View File

@ -1,79 +0,0 @@
#!/bin/bash
# This script is used within containers to turn it into a Mail-in-a-Box.
# It is referenced by the Dockerfile. You should not run it directly.
########################################################################
# Local configuration details were not known at the time the Docker
# image was created, so all setup is defered until the container
# is started. That's when this script runs.
# If we're not in an interactive shell, set defaults.
if [ ! -t 0 ]; then
export PUBLIC_IP=auto
export PUBLIC_IPV6=auto
export PRIMARY_HOSTNAME=auto
export CSR_COUNTRY=US
export NONINTERACTIVE=1
fi
# The phusion/baseimage base image we use for a working Ubuntu
# replaces the normal Upstart system service management with
# a ligher-weight service management system called runit that
# requires a different configuration. We need to create service
# run files that do not daemonize.
# For most of the services, there is a common pattern we can use:
# execute the init.d script that the Ubuntu package installs, and
# then poll for the termination of the daemon.
function make_runit_service {
INITD_NAME=$1
WAIT_ON_PROCESS_NAME=$2
mkdir -p /etc/service/$INITD_NAME
cat > /etc/service/$INITD_NAME/run <<EOF;
#!/bin/bash
source /usr/local/mailinabox/setup/functions.sh
hide_output /etc/init.d/$INITD_NAME restart
while [ \`ps a -C $WAIT_ON_PROCESS_NAME -o pid= | wc -l\` -gt 0 ]; do
sleep 30
done
echo $WAIT_ON_PROCESS_NAME died.
sleep 20
EOF
chmod +x /etc/service/$INITD_NAME/run
}
#make_runit_service bind9 named
#make_runit_service fail2ban fail2ban
#make_runit_service mailinabox mailinabox-daemon
#make_runit_service memcached memcached
#make_runit_service nginx nginx
#make_runit_service nsd nsd
#make_runit_service opendkim opendkim
#make_runit_service php5-fpm php5-fpm
#make_runit_service postfix postfix
#make_runit_service postgrey postgrey
#make_runit_service spampd spampd
# Dovecot doesn't provide an init.d script, but it does provide
# a way to launch without daemonization. We wrote a script for
# that specifically.
#
# We also want to use Ubuntu's stock rsyslog rather than syslog-ng
# that the base image provides. Our Dockerfile installs rsyslog.
rm -rf /etc/service/syslog-ng
for service in dovecot; do
mkdir -p /etc/service/$service
cp /usr/local/mailinabox/containers/docker/runit/$service.sh /etc/service/$service/run
chmod +x /etc/service/$service/run
done
# Rsyslog isn't starting automatically but we need it during setup.
service rsyslog start
# Start configuration. Using 'source' means an exit from inside
# also exits this script and terminates the container.
cd /usr/local/mailinabox
export IS_DOCKER=1
export DISABLE_FIREWALL=1
source setup/start.sh

View File

@ -0,0 +1,51 @@
#!/bin/bash
# This script is used within containers to turn it into a Mail-in-a-Box.
# It is referenced by the Dockerfile. You should not run it directly.
########################################################################
# Local configuration details were not known at the time the Docker
# image was created, so all setup is defered until the container
# is started. That's when this script runs.
# If we're not in an interactive shell, set defaults.
if [ ! -t 0 ]; then
echo '*** Non interactive shell detected...'
export PUBLIC_IP=auto
export PUBLIC_IPV6=auto
export PRIMARY_HOSTNAME=auto
export CSR_COUNTRY=US
export NONINTERACTIVE=1
fi
if ([ -z "$FORCE_INSTALL" ] && [ -f /var/lib/mailinabox/api.key ]); then
# Mailinabox is already installed and we don't want to reinstall
export SKIP_INSTALL=1
fi
# If we are skipping install, reload from /etc/mailinabox.conf if exists
if ([ -f /var/lib/mailinabox/api.key ] && [ ! -z "$SKIP_INSTALL" ]); then
echo '*** Loading variables from "/etc/mailinabox.conf"...'
source /etc/mailinabox.conf
unset PRIVATE_IP
unset PRIVATE_IPV6
export SKIP_NETWORK_CHECKS=1
export NONINTERACTIVE=1
fi
export DISABLE_FIREWALL=1
cd /usr/local/mailinabox
if [ -z "$SKIP_INSTALL" ]; then
# Disable all services.
/usr/local/mailinabox/containers/docker/tools/disable_services.sh
echo "*** Starting mailinabox installation..."
# Run in background to avoid blocking runit initialization while installing.
source setup/start.sh &
else
echo "*** Configuring mailinabox..."
# Run in foreground for services to be started after configuration.
source setup/configure.sh
fi

View File

@ -0,0 +1,22 @@
#!/bin/bash
function save_function() {
local ORIG_FUNC=$(declare -f $1)
local NEWNAME_FUNC="$2${ORIG_FUNC#$1}"
eval "$NEWNAME_FUNC"
}
function enable_service {
if [ -f /etc/service/$1/down ]; then
# Runit service already exists, but is disabled with a down file. Remove it.
rm /etc/service/$1/down
fi
}
save_function restart_service restart_service_orig
function restart_service {
# Make sure service is enabled
enable_service $1
# Call original method
restart_service_orig $1
}

View File

@ -9,69 +9,94 @@
# packages and pulls in the Mail-in-a-Box source code. This is # packages and pulls in the Mail-in-a-Box source code. This is
# defined in Dockerfile at the root of this repository. # defined in Dockerfile at the root of this repository.
# #
# A mailinabox-userdata container is started next. This container # A mailinabox-data container is created next. This container
# contains nothing but a shared volume for storing user data. # contains nothing but a shared volume for storing user data.
# It is segregated from the rest of the live system to make backups # It is segregated from the rest of the live system to make backups
# easier. # easier.
# #
# The mailinabox-services container is started last. It is the # The mailinabox container is started last. It is the
# real thing: it runs the mailinabox image. This container will # real thing: it runs the mailinabox image. This container will
# initialize itself and will initialize the mailinabox-userdata # initialize itself and will initialize the mailinabox-data
# volume if the volume is new. # volume if the volume is new.
# Build or rebuild the image. # Build or rebuild the image.
# Rebuilds are very fast. # Rebuilds are very fast.
tput setaf 2 HOST_HTTP_PORT=${HOST_HTTP_PORT:-80}
echo "Building/updating base image (mailinabox)..." HOST_HTTPS_PORT=${HOST_HTTPS_PORT:-443}
tput setaf 7 CONTAINER_NAME=${CONTAINER_NAME:-mailinabox}
CONTAINER_DATA_NAME=${CONTAINER_DATA_NAME:-${CONTAINER_NAME}-data}
docker build -q -t mailinabox . if [ -z "$SKIP_BUILD" ]; then
if ! docker ps -a | grep mailinabox-userdata > /dev/null; then
tput setaf 2 tput setaf 2
echo echo "Building/updating base image (mailinabox)..."
echo "Creating a new container for your data (mailinabox-userdata)..."
tput setaf 7 tput setaf 7
docker run -d \ docker build -q -t mailinabox .
--name mailinabox-userdata \ fi;
-v /home/user-data \
scratch /bin/does-not-exist-but-thats-ok if ! docker inspect ${CONTAINER_DATA_NAME} > /dev/null; then
tput setaf 2
echo
echo "Creating a new container for your data (${CONTAINER_DATA_NAME})..."
tput setaf 7
docker create \
--name ${CONTAINER_DATA_NAME} \
$([ -z "$HOST_USERDATA_VOLUME" ] && echo "-v $HOST_USERDATA_VOLUME:/home/user-data" || echo "-v /home/user-data") \
phusion/baseimage:0.9.16
else else
tput setaf 2 tput setaf 2
echo echo
echo "Using existing container mailinabox-userdata for your data." echo "Using existing container ${CONTAINER_DATA_NAME} for your data."
tput setaf 7 tput setaf 7
fi fi
# End a running container. # End a running container.
if docker inspect ${CONTAINER_NAME} > /dev/null; then
if docker ps -a | grep mailinabox-services > /dev/null; then
tput setaf 2 tput setaf 2
echo echo
echo "Destroying mailinabox-services container..." echo "Destroying ${CONTAINER_NAME} container..."
tput setaf 7 tput setaf 7
docker rm -f mailinabox-services docker rm -f ${CONTAINER_NAME}
fi fi
# Start container. # Start container.
tput setaf 2 tput setaf 2
echo echo
echo "Starting new container (mailinabox-services)..." echo "Starting new container (${CONTAINER_NAME})..."
tput setaf 7 tput setaf 7
# Run the services container
# detached if NONINTERACTIVE is set,
# interactively if NONINTERACTIVE is not set,
# Notes: # Notes:
# * Passing through SKIP_NETWORK_CHECKS makes it easier to do testing # * Passing through SKIP_NETWORK_CHECKS makes it easier to do testing
# on a residential network. # on a residential network.
# * --privileged flag cause an issue with bind9/named failing to start in this case
# see docker/docker#7318
docker run \ docker run \
--privileged \
-v /dev/urandom:/dev/random \ -v /dev/urandom:/dev/random \
-p 25 -p 53/udp -p 53/tcp -p 80 -p 443 -p 587 -p 993 \ -p 25:25 \
--name mailinabox-services \ $([ -z "$NODNS" ] && echo "-p 53:53/udp -p 53:53/tcp") \
--volumes-from mailinabox-userdata \ -p $HOST_HTTP_PORT:80 \
-e "SKIP_NETWORK_CHECKS=$SKIP_NETWORK_CHECKS" \ -p $HOST_HTTPS_PORT:443 \
-p 587:587 \
-p 993:993 \
-p 4190:4190 \
--name ${CONTAINER_NAME} \
--volumes-from ${CONTAINER_DATA_NAME} \
--restart always \
$([ ! -z "$NONINTERACTIVE" ] && echo "-d") \
-it \
mailinabox mailinabox
if [ -z "$NONINTERACTIVE" ]; then
tput setaf 2
echo
echo "Restarting container ${CONTAINER_NAME}..."
tput setaf 7
docker restart ${CONTAINER_NAME}
fi

View File

@ -0,0 +1,52 @@
#!/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
# for a chrooted server: "-u bind -t /var/lib/named"
# Don't modify this line, change or create /etc/default/bind9.
OPTIONS=""
RESOLVCONF=no
test -f /etc/default/bind9 && . /etc/default/bind9
test -x /usr/sbin/rndc || exit 0
. /lib/lsb/init-functions
check_network() {
if [ -x /usr/bin/uname ] && [ "X$(/usr/bin/uname -o)" = XSolaris ]; then
IFCONFIG_OPTS="-au"
else
IFCONFIG_OPTS=""
fi
if [ -z "$(/sbin/ifconfig $IFCONFIG_OPTS)" ]; then
#log_action_msg "No networks configured."
return 1
fi
return 0
}
log_daemon_msg "Starting domain name service..." "bind9"
modprobe capability >/dev/null 2>&1 || true
# dirs under /var/run can go away on reboots.
mkdir -p /var/run/named
chmod 775 /var/run/named
chown root:bind /var/run/named >/dev/null 2>&1 || true
if [ ! -x /usr/sbin/named ]; then
log_action_msg "named binary missing - not starting"
log_end_msg 1
fi
if ! check_network; then
log_action_msg "no networks configured"
log_end_msg 1
fi
if [ "X$RESOLVCONF" != "Xno" ] && [ -x /sbin/resolvconf ] ; then
echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.named
fi
exec /usr/sbin/named -f $OPTIONS

View File

@ -1,3 +0,0 @@
#!/bin/bash
/usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf &> /var/log/dovecot.log

View File

@ -0,0 +1,3 @@
#!/bin/bash
exec /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf

View File

@ -0,0 +1,93 @@
#!/bin/bash
PATH=/usr/sbin:/usr/bin:/sbin:/bin
DESC="authentication failure monitor"
NAME=fail2ban
# fail2ban-client is not a daemon itself but starts a daemon and
# loads its with configuration
#DAEMON=/usr/bin/$NAME-client
DAEMON=/usr/bin/$NAME-server
SCRIPTNAME=/etc/init.d/$NAME
# Ad-hoc way to parse out socket file name
SOCKFILE=`grep -h '^[^#]*socket *=' /etc/$NAME/$NAME.conf /etc/$NAME/$NAME.local 2>/dev/null \
| tail -n 1 | sed -e 's/.*socket *= *//g' -e 's/ *$//g'`
[ -z "$SOCKFILE" ] && SOCKFILE='/tmp/fail2ban.sock'
# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0
# Run as root by default.
FAIL2BAN_USER=root
# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
DAEMON_ARGS="-f $FAIL2BAN_OPTS"
# Load the VERBOSE setting and other rcS variables
[ -f /etc/default/rcS ] && . /etc/default/rcS
# Predefine what can be missing from lsb source later on -- necessary to run
# on sarge. Just present it in a bit more compact way from what was shipped
log_daemon_msg () {
[ -z "$1" ] && return 1
echo -n "$1:"
[ -z "$2" ] || echo -n " $2"
}
# Define LSB log_* functions.
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
# Actually has to (>=2.0-7) present in sarge. log_daemon_msg is predefined
# so we must be ok
. /lib/lsb/init-functions
#
# Shortcut function for abnormal init script interruption
#
report_bug()
{
echo $*
echo "Please submit a bug report to Debian BTS (reportbug fail2ban)"
exit 1
}
#
# Helper function to check if socket is present, which is often left after
# abnormal exit of fail2ban and needs to be removed
#
check_socket()
{
# Return
# 0 if socket is present and readable
# 1 if socket file is not present
# 2 if socket file is present but not readable
# 3 if socket file is present but is not a socket
[ -e "$SOCKFILE" ] || return 1
[ -r "$SOCKFILE" ] || return 2
[ -S "$SOCKFILE" ] || return 3
return 0
}
if [ -e "$SOCKFILE" ]; then
log_failure_msg "Socket file $SOCKFILE is present"
[ "$1" = "force-start" ] \
&& log_success_msg "Starting anyway as requested" \
|| return 2
DAEMON_ARGS="$DAEMON_ARGS -x"
fi
# Assure that /var/run/fail2ban exists
[ -d /var/run/fail2ban ] || mkdir -p /var/run/fail2ban
if [ "$FAIL2BAN_USER" != "root" ]; then
# Make the socket directory, IP lists and fail2ban log
# files writable by fail2ban
chown "$FAIL2BAN_USER" /var/run/fail2ban
# Create the logfile if it doesn't exist
touch /var/log/fail2ban.log
chown "$FAIL2BAN_USER" /var/log/fail2ban.log
find /proc/net/xt_recent -name 'fail2ban-*' -exec chown "$FAIL2BAN_USER" {} \;
fi
exec /sbin/setuser $FAIL2BAN_USER $DAEMON $DAEMON_ARGS

View File

@ -0,0 +1,14 @@
#!/bin/bash
NAME=mailinabox
DAEMON=/usr/local/bin/mailinabox-daemon
export LANGUAGE=en_US.UTF-8
export LC_ALL=en_US.UTF-8
export LANG=en_US.UTF-8
export LC_TYPE=en_US.UTF-8
# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
exec $DAEMON 2>&1

View File

@ -0,0 +1,18 @@
#!/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/bin/memcached
test -x $DAEMON || exit 0
set -e
# Edit /etc/default/memcached to change this.
ENABLE_MEMCACHED=no
test -r /etc/default/memcached && . /etc/default/memcached
echo -n "Starting $DESC: "
if [ $ENABLE_MEMCACHED = yes ]; then
exec /sbin/setuser memcache $DAEMON
else
exit 1
fi

View File

@ -0,0 +1,24 @@
#!/bin/bash
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/nginx
NAME=nginx
DESC=nginx
# Include nginx defaults if available
if [ -r /etc/default/nginx ]; then
. /etc/default/nginx
fi
test -x $DAEMON || exit 0
. /lib/init/vars.sh
. /lib/lsb/init-functions
# Check if the ULIMIT is set in /etc/default/nginx
if [ -n "$ULIMIT" ]; then
# Set the ulimits
ulimit $ULIMIT
fi
exec $DAEMON $DAEMON_OPTS -g "daemon off;"

30
containers/docker/runit/nsd/run Executable file
View File

@ -0,0 +1,30 @@
#!/bin/bash
set -e
PATH=/sbin:/usr/sbin:/bin:/usr/bin
NAME=nsd # Introduce the short server's name here
DAEMON=/usr/sbin/$NAME # Introduce the server's location here
CONFFILE=/etc/nsd/nsd.conf
DAEMON_ARGS="-d -c $CONFFILE"
NSDC=/usr/sbin/nsd-control
# Exit if the package is not installed
[ -x $DAEMON ] || exit 0
PIDFILE=$(nsd-checkconf -o pidfile $CONFFILE)
prepare_environment() {
mkdir -p "$(dirname "$(/usr/sbin/nsd-checkconf -o pidfile $CONFFILE)")"
chown "$(/usr/sbin/nsd-checkconf -o username $CONFFILE)" "$(dirname "$(/usr/sbin/nsd-checkconf -o pidfile $CONFFILE)")"
mkdir -p "$(dirname "$(/usr/sbin/nsd-checkconf -o database $CONFFILE)")"
chown "$(/usr/sbin/nsd-checkconf -o username $CONFFILE)" "$(dirname "$(/usr/sbin/nsd-checkconf -o database $CONFFILE)")"
}
prepare_environment
# Check if daemon is running
nc -z -w 4 localhost 10222
/usr/local/mailinabox/tools/dns_update
exec $DAEMON $DAEMON_ARGS

View File

@ -0,0 +1,71 @@
#!/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/opendkim
NAME=opendkim
DESC="OpenDKIM"
RUNDIR=/var/run/$NAME
USER=opendkim
GROUP=opendkim
SOCKET=local:$RUNDIR/$NAME.sock
PIDFILE=$RUNDIR/$NAME.pid
CONFFILE=/etc/$NAME.conf
test -x $DAEMON || exit 0
test -f $CONFFILE || exit 0
# Check if mailinabox configuration files are there
test -f /etc/opendkim/SigningTable || exit 0
# Include LSB provided init functions
. /lib/lsb/init-functions
# Include opendkim defaults if available
if [ -f /etc/default/opendkim ] ; then
. /etc/default/opendkim
fi
if [ -f /etc/opendkim.conf ]; then
CONFIG_SOCKET=`awk '$1 == "Socket" { print $2 }' /etc/opendkim.conf`
fi
# This can be set via Socket option in config file, so it's not required
if [ -n "$SOCKET" -a -z "$CONFIG_SOCKET" ]; then
DAEMON_OPTS="-p $SOCKET $DAEMON_OPTS"
fi
DAEMON_OPTS="-f -x $CONFFILE -u $USER -P $PIDFILE $DAEMON_OPTS"
# Create the run directory if it doesn't exist
if [ ! -d "$RUNDIR" ]; then
install -o "$USER" -g "$GROUP" -m 755 -d "$RUNDIR" || return 2
[ -x /sbin/restorecon ] && /sbin/restorecon "$RUNDIR"
fi
# Clean up stale sockets
if [ -f "$PIDFILE" ]; then
pid=`cat $PIDFILE`
if ! ps -C "$DAEMON" -s "$pid" >/dev/null; then
rm "$PIDFILE"
TMPSOCKET=""
if [ -n "$SOCKET" ]; then
TMPSOCKET="$SOCKET"
elif [ -n "$CONFIG_SOCKET" ]; then
TMPSOCKET="$CONFIG_SOCKET"
fi
if [ -n "$TMPSOCKET" ]; then
# UNIX sockets may be specified with or without the
# local: prefix; handle both
t=`echo $SOCKET | cut -d: -f1`
s=`echo $SOCKET | cut -d: -f2`
if [ -e "$s" -a -S "$s" ]; then
if [ "$t" = "$s" -o "$t" = "local" ]; then
rm "$s"
fi
fi
fi
fi
fi
exec $DAEMON $DAEMON_OPTS

View File

@ -0,0 +1,70 @@
#!/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/opendmarc
NAME=opendmarc
DESC="OpenDMARC"
RUNDIR=/var/run/$NAME
USER=opendmarc
GROUP=opendmarc
SOCKET=local:$RUNDIR/$NAME.sock
PIDFILE=$RUNDIR/$NAME.pid
CONFFILE=/etc/$NAME.conf
test -x $DAEMON || exit 0
test -f $CONFFILE || exit 0
# Check if mailinabox configuration files are there
test -f /etc/opendkim/SigningTable || exit 0
# Include LSB provided init functions
. /lib/lsb/init-functions
# Include opendkim defaults if available
if [ -f /etc/default/opendmarc ] ; then
. /etc/default/opendmarc
fi
if [ -f /etc/opendmarc.conf ]; then
CONFIG_SOCKET=`awk '$1 == "Socket" { print $2 }' /etc/opendmarc.conf`
fi
# This can be set via Socket option in config file, so it's not required
if [ -n "$SOCKET" -a -z "$CONFIG_SOCKET" ]; then
DAEMON_OPTS="-p $SOCKET $DAEMON_OPTS"
fi
DAEMON_OPTS="-f -c $CONFFILE -u $USER -P $PIDFILE $DAEMON_OPTS"
# Create the run directory if it doesn't exist
if [ ! -d "$RUNDIR" ]; then
install -o "$USER" -g "$GROUP" -m 755 -d "$RUNDIR" || return 2
[ -x /sbin/restorecon ] && /sbin/restorecon "$RUNDIR"
fi
# Clean up stale sockets
if [ -f "$PIDFILE" ]; then
pid=`cat $PIDFILE`
if ! ps -C "$DAEMON" -s "$pid" >/dev/null; then
rm "$PIDFILE"
TMPSOCKET=""
if [ -n "$SOCKET" ]; then
TMPSOCKET="$SOCKET"
elif [ -n "$CONFIG_SOCKET" ]; then
TMPSOCKET="$CONFIG_SOCKET"
fi
if [ -n "$TMPSOCKET" ]; then
# UNIX sockets may be specified with or without the
# local: prefix; handle both
t=`echo $SOCKET | cut -d: -f1`
s=`echo $SOCKET | cut -d: -f2`
if [ -e "$s" -a -S "$s" ]; then
if [ "$t" = "$s" -o "$t" = "local" ]; then
rm "$s"
fi
fi
fi
fi
fi
exec $DAEMON $DAEMON_OPTS

View File

@ -0,0 +1,42 @@
#!/bin/bash
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="PHP5 FastCGI Process Manager"
NAME=php5-fpm
DAEMON=/usr/sbin/$NAME
DAEMON_ARGS="-F --fpm-config /etc/php5/fpm/php-fpm.conf"
PIDFILE=/var/run/php5-fpm.pid
SCRIPTNAME=/etc/init.d/$NAME
# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0
# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh
# Define LSB log_* functions.
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
. /lib/lsb/init-functions
# Don't run if we are running upstart
if init_is_upstart; then
exit 1
fi
#
# Function to check the correctness of the config file
#
do_check()
{
/usr/lib/php5/php5-fpm-checkconf || return 1
return 0
}
# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
do_check
exec $DAEMON $DAEMON_ARGS

View File

@ -0,0 +1,144 @@
#!/bin/bash
exec 1>&2
PATH=/bin:/usr/bin:/sbin:/usr/sbin
DAEMON=/usr/sbin/postfix
NAME=Postfix
TZ=
unset TZ
# Defaults - don't touch, edit /etc/default/postfix
SYNC_CHROOT="y"
test -f /etc/default/postfix && . /etc/default/postfix
test -x $DAEMON && test -f /etc/postfix/main.cf || exit 0
. /lib/lsb/init-functions
configure_instance() {
POSTCONF="postconf"
# if you set myorigin to 'ubuntu.com' or 'debian.org', it's wrong, and annoys the admins of
# those domains. See also sender_canonical_maps.
MYORIGIN=$($POSTCONF -h myorigin | tr 'A-Z' 'a-z')
if [ "X${MYORIGIN#/}" != "X${MYORIGIN}" ]; then
MYORIGIN=$(tr 'A-Z' 'a-z' < $MYORIGIN)
fi
if [ "X$MYORIGIN" = Xubuntu.com ] || [ "X$MYORIGIN" = Xdebian.org ]; then
log_failure_msg "Invalid \$myorigin ($MYORIGIN), refusing to start"
log_end_msg 1
exit 1
fi
config_dir=$($POSTCONF -h config_directory)
# see if anything is running chrooted.
NEED_CHROOT=$(awk '/^[0-9a-z]/ && ($5 ~ "[-yY]") { print "y"; exit}' ${config_dir}/master.cf)
if [ -n "$NEED_CHROOT" ] && [ -n "$SYNC_CHROOT" ]; then
# Make sure that the chroot environment is set up correctly.
oldumask=$(umask)
umask 022
queue_dir=$($POSTCONF -h queue_directory)
cd "$queue_dir"
# copy the CA path if specified
ca_path=$($POSTCONF -h smtp_tls_CApath)
case "$ca_path" in
'') :;; # no ca_path
$queue_dir/*) :;; # skip stuff already in chroot, (and to make vim syntax happy: */)
*)
if test -d "$ca_path"; then
dest_dir="$queue_dir/${ca_path#/}"
# strip any/all trailing /
while [ "${dest_dir%/}" != "${dest_dir}" ]; do
dest_dir="${dest_dir%/}"
done
new=0
if test -d "$dest_dir"; then
# write to a new directory ...
dest_dir="${dest_dir}.NEW"
new=1
fi
mkdir --parent ${dest_dir}
# handle files in subdirectories
(cd "$ca_path" && find . -name '*.pem' -print0 | cpio -0pdL --quiet "$dest_dir") 2>/dev/null ||
(log_failure_msg failure copying certificates; exit 1)
c_rehash "$dest_dir" >/dev/null 2>&1
if [ "$new" = 1 ]; then
# and replace the old directory
rm -rf "${dest_dir%.NEW}"
mv "$dest_dir" "${dest_dir%.NEW}"
fi
fi
;;
esac
# if there is a CA file, copy it
ca_file=$($POSTCONF -h smtp_tls_CAfile)
case "$ca_file" in
$queue_dir/*) :;; # skip stuff already in chroot
'') # no ca_file
# or copy the bundle to preserve functionality
ca_bundle=/etc/ssl/certs/ca-certificates.crt
if [ -f $ca_bundle ]; then
mkdir --parent "$queue_dir/${ca_bundle%/*}"
cp -L "$ca_bundle" "$queue_dir/${ca_bundle%/*}"
fi
;;
*)
if test -f "$ca_file"; then
dest_dir="$queue_dir/${ca_path#/}"
mkdir --parent "$dest_dir"
cp -L "$ca_file" "$dest_dir"
fi
;;
esac
# if we're using unix:passwd.byname, then we need to add etc/passwd.
local_maps=$($POSTCONF -h local_recipient_maps)
if [ "X$local_maps" != "X${local_maps#*unix:passwd.byname}" ]; then
if [ "X$local_maps" = "X${local_maps#*proxy:unix:passwd.byname}" ]; then
sed 's/^\([^:]*\):[^:]*/\1:x/' /etc/passwd > etc/passwd
chmod a+r etc/passwd
fi
fi
FILES="etc/localtime etc/services etc/resolv.conf etc/hosts \
etc/nsswitch.conf etc/nss_mdns.config"
for file in $FILES; do
[ -d ${file%/*} ] || mkdir -p ${file%/*}
if [ -f /${file} ]; then rm -f ${file} && cp /${file} ${file}; fi
if [ -f ${file} ]; then chmod a+rX ${file}; fi
done
# ldaps needs this. debian bug 572841
(echo /dev/random; echo /dev/urandom) | cpio -pdL --quiet . 2>/dev/null || true
rm -f usr/lib/zoneinfo/localtime
mkdir -p usr/lib/zoneinfo
ln -sf /etc/localtime usr/lib/zoneinfo/localtime
LIBLIST=$(for name in gcc_s nss resolv; do
for f in /lib/*/lib${name}*.so* /lib/lib${name}*.so*; do
if [ -f "$f" ]; then echo ${f#/}; fi;
done;
done)
if [ -n "$LIBLIST" ]; then
for f in "$LIBLIST"; do
rm -f "$f"
done
tar cf - -C / $LIBLIST 2>/dev/null |tar xf -
fi
umask $oldumask
fi
}
configure_instance
command_directory=`postconf -h command_directory`
daemon_directory=`$command_directory/postconf -h daemon_directory`
# make consistency check
$command_directory/postfix check
# run Postfix
exec $daemon_directory/master

View File

@ -0,0 +1,29 @@
#!/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/postgrey
NAME=postgrey
DESC="postfix greylisting daemon"
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
# Gracefully exit if the package has been removed.
test -x $DAEMON || exit 0
. /lib/lsb/init-functions
# Read config file if it is present.
if [ -r /etc/default/$NAME ]
then
. /etc/default/$NAME
fi
POSTGREY_OPTS="--pidfile=$PIDFILE $POSTGREY_OPTS"
if [ -z "$POSTGREY_TEXT" ]; then
POSTGREY_TEXT_OPT=""
else
POSTGREY_TEXT_OPT="--greylist-text=$POSTGREY_TEXT"
fi
exec $DAEMON $POSTGREY_OPTS "$POSTGREY_TEXT_OPT"

View File

@ -1,3 +0,0 @@
#!/bin/bash
rsyslogd -n

View File

@ -0,0 +1,98 @@
#!/bin/bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
DESC='spam checking proxy daemon'
NAME='spampd'
PROGRAM=/usr/sbin/spampd
#EXECUTABLE=`head -n 1 $PROGRAM | sed -e 's,^#![ ]*/,/,;s,[ ].*$,,'`
EXECUTABLE=/usr/bin/perl
PIDFILE=/var/run/spampd.pid
if [ -f $PIDFILE ]; then
# If can't delete pidfile, this means process is running ...
rm $PIDFILE || exit 0
fi
. /lib/lsb/init-functions
# set some important defaults (overridable via /etc/default/spampd)
USERID=spampd
GRPID=spampd
if [ -f /etc/default/$NAME ]; then
. /etc/default/$NAME
fi
istrue () {
ANS=$(echo $1 | tr A-Z a-z)
[ "$ANS" = 'yes' -o "$ANS" = 'true' -o "$ANS" = 'enable' -o "$ANS" = '1' ]
}
#
# find out wether to start spampd or not
#
istrue ${STARTSPAMPD} && STARTSPAMPD='true'
#
# Check wether the program is actually there
#
# return 5 as demanded by LSB 2.1 when program isn't installed.
[ -x $PROGRAM ] || exit 5
#
# Calculate final commandline
#
S_TAGALL=''
S_AWL=''
S_LOCALONLY=''
istrue "$TAGALL" \
&& S_TAGALL='--tagall'
istrue "$AUTOWHITELIST" \
&& S_AWL='--auto-whitelist'
istrue "$LOCALONLY" \
&& S_LOCALONLY='--L'
istrue "$LOGINET" \
&& LOGTARGET="inet" \
|| LOGTARGET="unix"
ARGS="${S_LOCALONLY} ${S_AWL} ${S_TAGALL} "
[ -n "${LISTENPORT}" ] && ARGS="${ARGS} --port=${LISTENPORT}"
[ -n "${LISTENHOST}" ] && ARGS="${ARGS} --host=${LISTENHOST}"
[ -n "${DESTPORT}" ] && ARGS="${ARGS} --relayport=${DESTPORT}"
[ -n "${DESTHOST}" ] && ARGS="${ARGS} --relayhost=${DESTHOST}"
[ -n "${PIDFILE}" ] && ARGS="${ARGS} --pid=${PIDFILE}"
[ -n "${CHILDREN}" ] && ARGS="${ARGS} --children=${CHILDREN}"
[ -n "${USERID}" ] && ARGS="${ARGS} --user=${USERID}"
[ -n "${GRPID}" ] && ARGS="${ARGS} --group=${GRPID}"
[ -n "${LOGTARGET}" ] && ARGS="${ARGS} --logsock=${LOGTARGET}"
[ -n "${ADDOPTS}" ] && ARGS="${ARGS} ${ADDOPTS}"
# Don't daemonize
ARGS="${ARGS} --nodetach"
if ! istrue "${STARTSPAMPD}"; then
log_warning_msg "Starting $DESC: $NAME (disabled in /etc/default/$NAME)."
# LSB 2.1: 6 mean unconfigured. This seems appropriate here.
exit 6
fi
log_daemon_msg "Starting $DESC" "$NAME"
# if spampd is not installed, return 5 as demanded by LSB 2.1
if [ ! -x $EXECUTABLE ]; then
log_error_msg "failed! - executable not found"
exit 5
fi
# start daemon
exec $PROGRAM $ARGS

View File

@ -0,0 +1,14 @@
SERVICES=/etc/service/*
for f in $SERVICES
do
service=$(basename "$f")
if [ "$service" = "syslog-ng" ]; then continue; fi;
if [ "$service" = "syslog-forwarder" ]; then continue; fi;
if [ "$service" = "ssh" ]; then continue; fi;
if [ "$service" = "cron" ]; then continue; fi;
if ([ -d /etc/service/$service ] && [ ! -f /etc/service/$service/down ]); then
echo "Creating down file for '$service'"
touch /etc/service/$service/down
fi
done

View File

@ -0,0 +1,20 @@
#!/bin/bash
# This removes /etc/init.d service if service exists in runit.
# It also creates a symlink from /usr/bin/sv to /etc/init.d/$service
# to support SysV syntax: service $service <command> or /etc/init.d/$service <command>
SERVICES=/etc/service/*
for f in $SERVICES
do
service=$(basename "$f")
if [ -d /etc/service/$service ]; then
echo "LSB Compatibility for '$service'"
if [ -f /etc/init.d/$service ]; then
mv /etc/init.d/$service /etc/init.d/$service.lsb
chmod -x /etc/init.d/$service.lsb
fi
ln -s /usr/bin/sv /etc/init.d/$service
fi
done

View File

@ -0,0 +1,26 @@
#!/bin/bash
# This adds a log/run file on each runit service directory.
# This file make services stdout/stderr output to svlogd log
# directory located in /var/log/runit/$service.
SERVICES=/etc/service/*
for f in $SERVICES
do
service=$(basename "$f")
if [ -d /etc/service/$service ]; then
echo "Creating log/run for '$service'"
mkdir -p /etc/service/$service/log
cat > /etc/service/$service/log/run <<EOF;
#!/bin/bash
mkdir -p /var/log/runit
chmod o-wrx /var/log/runit
mkdir -p /var/log/runit/$service
chmod o-wrx /var/log/runit/$service
exec svlogd -tt /var/log/runit/$service/
EOF
chmod +x /etc/service/$service/log/run
fi
done

View File

@ -113,3 +113,4 @@ chmod +x /etc/cron.daily/mailinabox-dnssec
ufw_allow domain ufw_allow domain
restart_service nsd

View File

@ -37,14 +37,8 @@ function apt_get_quiet {
} }
function apt_install { function apt_install {
PACKAGES=$@
if [ ! -z "$IS_DOCKER" ]; then
# Speed things up because packages are already installed by the image.
PACKAGES=""
fi
# Report any packages already installed. # Report any packages already installed.
PACKAGES=$@
TO_INSTALL="" TO_INSTALL=""
ALREADY_INSTALLED="" ALREADY_INSTALLED=""
for pkg in $PACKAGES; do for pkg in $PACKAGES; do
@ -165,18 +159,6 @@ function ufw_allow {
} }
function restart_service { function restart_service {
# Restart a service quietly.
if [[ ! -z "$IS_DOCKER" && "$1" == "dovecot" ]]; then
# In Docker, sysvinit takes care of any services with an init.d
# script. The dovecot package provides an Upstart config only,
# and so it won't work this way. We make a new script for it
# elsewhere. We also cant do `sv restart dovecot` because runit
# is not running until after the setup scripts are run. So we
# will have to skip starting dovecot for now.
return 0
fi
hide_output service $1 restart hide_output service $1 restart
} }

View File

@ -182,3 +182,4 @@ ufw_allow submission
# Restart services # Restart services
restart_service postfix restart_service postfix
restart_service postgrey

View File

@ -16,10 +16,12 @@ rm -f /usr/local/bin/mailinabox-daemon
ln -s `pwd`/management/daemon.py /usr/local/bin/mailinabox-daemon ln -s `pwd`/management/daemon.py /usr/local/bin/mailinabox-daemon
# Create an init script to start the management daemon and keep it # Create an init script to start the management daemon and keep it
# running after a reboot. # running after a reboot, if not runit service exists.
rm -f /etc/init.d/mailinabox if [ ! -d /etc/service/mailinabox ]; then
ln -s $(pwd)/conf/management-initscript /etc/init.d/mailinabox rm -f /etc/init.d/mailinabox
hide_output update-rc.d mailinabox defaults ln -s $(pwd)/conf/management-initscript /etc/init.d/mailinabox
hide_output update-rc.d mailinabox defaults
fi
# Perform a daily backup. # Perform a daily backup.
cat > /etc/cron.daily/mailinabox-backup << EOF; cat > /etc/cron.daily/mailinabox-backup << EOF;

View File

@ -172,4 +172,5 @@ chmod +x /etc/cron.hourly/mailinabox-owncloud
# Enable PHP modules and restart PHP. # Enable PHP modules and restart PHP.
php5enmod imap php5enmod imap
restart_service memcached
restart_service php5-fpm restart_service php5-fpm

View File

@ -4,6 +4,7 @@ if [ -z "$NONINTERACTIVE" ]; then
# e.g. if we piped a bootstrapping install script to bash to get started. In that # e.g. if we piped a bootstrapping install script to bash to get started. In that
# case, the nifty '[ -t 0 ]' test won't work. But with Vagrant we must suppress so we # case, the nifty '[ -t 0 ]' test won't work. But with Vagrant we must suppress so we
# use a shell flag instead. Really supress any output from installing dialog. # use a shell flag instead. Really supress any output from installing dialog.
apt_get_quiet update
apt_get_quiet install dialog apt_get_quiet install dialog
message_box "Mail-in-a-Box Installation" \ message_box "Mail-in-a-Box Installation" \
"Hello and thanks for deploying a Mail-in-a-Box! "Hello and thanks for deploying a Mail-in-a-Box!

View File

@ -63,14 +63,6 @@ source setup/owncloud.sh
source setup/zpush.sh source setup/zpush.sh
source setup/management.sh source setup/management.sh
# In Docker, sysvinit services are started automatically. Runit services
# aren't started until after this setup script finishes. But we need
# Dovecot (which is Upstart-only) running in order to create the first
# mail user. So start dovecot now.
if [ ! -z "$IS_DOCKER" ]; then
/usr/sbin/dovecot -c /etc/dovecot/dovecot.conf
fi
# Ping the management daemon to write the DNS and nginx configuration files. # Ping the management daemon to write the DNS and nginx configuration files.
until nc -z -w 4 localhost 10222 until nc -z -w 4 localhost 10222
do do