simplify dockerization

Dockerfile

@@ -35,18 +35,20 @@ RUN DEBIAN_FRONTEND=noninteractive apt-get upgrade -y
 # Install packages needed by Mail-in-a-Box.
 ADD containers/docker/apt_package_list.txt /tmp/mailinabox_apt_package_list.txt
 RUN DEBIAN_FRONTEND=noninteractive apt-get install -y $(cat /tmp/mailinabox_apt_package_list.txt)
+RUN DEBIAN_FRONTEND=noninteractive apt-get install -y rsyslog
 RUN rm -f /tmp/mailinabox_apt_package_list.txt
+RUN apt-get clean
+
+# Create the user-data user, so the start script doesn't have to.
 RUN useradd -m user-data
-RUN rm -rf /etc/service/syslog-ng
 
 # Now add Mail-in-a-Box to the system.
 ADD . /usr/local/mailinabox
 
-#RUN /usr/local/mailinabox/containers/docker/setup.sh 
-
 # We can't know things like the IP address where the container will eventually
 # be deployed until the container is started. We also don't want to create any
 # private keys during the creation of the image --- that should wait until the
 # container is started too. So our whole setup process is deferred until the
 # container is started.
-ENTRYPOINT /usr/local/mailinabox/containers/docker/init.sh
+RUN mkdir -p /etc/my_init.d
+RUN ln -s /usr/local/mailinabox/containers/docker/init.sh /etc/my_init.d/20-mailinabox.sh

containers/docker/apt_package_list.txt

@@ -76,7 +76,6 @@ python3-pip
 pyzor
 razor
 resolvconf
-rsyslog
 spampd
 sqlite3
 sudo

containers/docker/init.sh

@@ -17,51 +17,63 @@ if [ ! -t 0 ]; then
 	export NONINTERACTIVE=1
 fi
 
-# Start configuration.
+# The phusion/baseimage base image we use for a working Ubuntu
+# replaces the normal Upstart system service management with
+# a ligher-weight service management system called runit that
+# requires a different configuration. We need to create service
+# run files that do not daemonize.
+
+# For most of the services, there is a common pattern we can use:
+# execute the init.d script that the Ubuntu package installs, and
+# then poll for the termination of the daemon.
+function make_runit_service {
+	INITD_NAME=$1
+	WAIT_ON_PROCESS_NAME=$2
+	mkdir -p /etc/service/$INITD_NAME
+	cat > /etc/service/$INITD_NAME/run <<EOF;
+#!/bin/bash
+source /usr/local/mailinabox/setup/functions.sh
+hide_output /etc/init.d/$INITD_NAME restart
+while [ \`ps a -C $WAIT_ON_PROCESS_NAME -o pid= | wc -l\` -gt 0 ]; do
+	sleep 30
+done
+echo $WAIT_ON_PROCESS_NAME died.
+sleep 20
+EOF
+	chmod +x /etc/service/$INITD_NAME/run
+}
+#make_runit_service bind9 named
+#make_runit_service fail2ban fail2ban
+#make_runit_service mailinabox mailinabox-daemon
+#make_runit_service memcached memcached
+#make_runit_service nginx nginx
+#make_runit_service nsd nsd
+#make_runit_service opendkim opendkim
+#make_runit_service php5-fpm php5-fpm
+#make_runit_service postfix postfix
+#make_runit_service postgrey postgrey
+#make_runit_service spampd spampd
+
+# Dovecot doesn't provide an init.d script, but it does provide
+# a way to launch without daemonization. We wrote a script for
+# that specifically.
+#
+# We also want to use Ubuntu's stock rsyslog rather than syslog-ng
+# that the base image provides. Our Dockerfile installs rsyslog.
+rm -rf /etc/service/syslog-ng
+for service in dovecot; do
+	mkdir -p /etc/service/$service
+	cp /usr/local/mailinabox/containers/docker/runit/$service.sh /etc/service/$service/run
+	chmod +x /etc/service/$service/run
+done
+
+# Rsyslog isn't starting automatically but we need it during setup.
+service rsyslog start
+
+# Start configuration. Using 'source' means an exit from inside
+# also exits this script and terminates the container.
 cd /usr/local/mailinabox
 export IS_DOCKER=1
-export STORAGE_ROOT=/data
-export STORAGE_USER=user-data
 export DISABLE_FIREWALL=1
-
-mkdir /etc/service/rsyslogd
-mkdir /etc/service/bind9
-mkdir /etc/service/dovecot
-mkdir /etc/service/fail2ban
-mkdir /etc/service/mailinabox
-mkdir /etc/service/memcached
-mkdir /etc/service/nginx
-mkdir /etc/service/nsd
-mkdir /etc/service/opendkim
-mkdir /etc/service/php5-fpm
-mkdir /etc/service/postfix
-mkdir /etc/service/postgrey
-mkdir /etc/service/spampd
-cp services/rsyslogd.sh /etc/service/rsyslogd/run
-cp services/bind9.sh /etc/service/bind9/run
-cp services/dovecot.sh /etc/service/dovecot/run
-cp services/fail2ban.sh /etc/service/fail2ban/run
-cp services/mailinabox.sh /etc/service/mailinabox/run
-cp services/memcached.sh /etc/service/memcached/run
-cp services/nginx.sh /etc/service/nginx/run
-cp services/nsd.sh /etc/service/nsd/run
-cp services/opendkim.sh /etc/service/opendkim/run
-cp services/php5-fpm.sh /etc/service/php5-fpm/run
-cp services/postfix.sh /etc/service/postfix/run
-cp services/postgrey.sh /etc/service/postgrey/run
-cp services/spampd.sh /etc/service/spampd/run
-
-rsyslogd
 source setup/start.sh
-/etc/init.d/mailinabox start
-/usr/sbin/dovecot -c /etc/dovecot/dovecot.conf
-sleep 5
-curl -s -d POSTDATA --user $(</var/lib/mailinabox/api.key): http://127.0.0.1:10222/dns/update
-curl -s -d POSTDATA --user $(</var/lib/mailinabox/api.key): http://127.0.0.1:10222/web/update
-source setup/firstuser.sh
-/etc/init.d/mailinabox stop
-kill $(pidof dovecot)
-/etc/init.d/resolvconf start
-killall rsyslogd
-my_init
 

containers/docker/run

@@ -2,6 +2,9 @@
 # Use this script to launch Mail-in-a-Box within a docker container.
 # ==================================================================
 #
+# Run this script from the base directory of the Mail-in-a-Box
+# repository (i.e. run as 'containers/docker/run').
+#
 # A base image is created first. The base image installs Ubuntu
 # packages and pulls in the Mail-in-a-Box source code. This is
 # defined in Dockerfile at the root of this repository.
@@ -16,33 +19,59 @@
 # initialize itself and will initialize the mailinabox-userdata
 # volume if the volume is new.
 
-
-DOCKER=docker
-
 # Build or rebuild the image.
 # Rebuilds are very fast.
-$DOCKER build -q -t mailinabox .
 
-if ! $DOCKER ps -a | grep mailinabox-userdata > /dev/null; then
-	echo Starting user-data volume container...
-	$DOCKER run -d \
+tput setaf 2
+echo "Building/updating base image (mailinabox)..."
+tput setaf 7
+
+docker build -q -t mailinabox .
+
+if ! docker ps -a | grep mailinabox-userdata > /dev/null; then
+	tput setaf 2
+	echo
+	echo "Creating a new container for your data (mailinabox-userdata)..."
+	tput setaf 7
+
+	docker run -d \
 		--name mailinabox-userdata \
 		-v /home/user-data \
-		scratch /bin/bash
+		scratch /bin/does-not-exist-but-thats-ok
+else
+	tput setaf 2
+	echo
+	echo "Using existing container mailinabox-userdata for your data."
+	tput setaf 7
 fi
 
 # End a running container.
-if $DOCKER ps -a | grep mailinabox-services > /dev/null; then
-	echo Deleting container...
-	$DOCKER rm mailinabox-services
+
+if docker ps -a | grep mailinabox-services > /dev/null; then
+	tput setaf 2
+	echo
+	echo "Destroying mailinabox-services container..."
+	tput setaf 7
+
+	docker rm -f mailinabox-services
 fi
 
 # Start container.
-echo Starting new container...
-$DOCKER run \
+
+tput setaf 2
+echo
+echo "Starting new container (mailinabox-services)..."
+tput setaf 7
+
+# Notes:
+# * Passing through SKIP_NETWORK_CHECKS makes it easier to do testing
+#   on a residential network.
+
+docker run \
 	--privileged \
 	-v /dev/urandom:/dev/random \
 	-p 25 -p 53/udp -p 53/tcp -p 80 -p 443 -p 587 -p 993 \
 	--name mailinabox-services \
 	--volumes-from mailinabox-userdata \
-	mailinabox
+	-e "SKIP_NETWORK_CHECKS=$SKIP_NETWORK_CHECKS" \
+	mailinabox

services/bind9.sh

@@ -1,11 +0,0 @@
-#!/bin/bash
-
-EXEC=bind9
-PROCESS=named
-
-/etc/init.d/$EXEC start
-
-while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do
-	sleep 30
-done
-

services/fail2ban.sh

@@ -1,9 +0,0 @@
-#!/bin/bash
-
-PROCESS=fail2ban
-
-/etc/init.d/$PROCESS start
-
-while [ `ps aux | grep fail2ban | grep -v grep  | wc -l` -gt 0 ]; do
-	sleep 30
-done

services/mailinabox.sh

@@ -1,12 +0,0 @@
-#!/bin/bash
-
-EXEC=mailinabox
-PROCESS=mailinabox-daemon
-
-if [ `ps aux | grep $PROCESS | grep -v grep | wc -l` -eq 0 ]; then
-	/etc/init.d/$EXEC start
-fi
-
-while [ `ps aux | grep $PROCESS | grep -v grep | wc -l` -gt 0 ]; do
-	sleep 30
-done

services/memcached.sh

@@ -1,10 +0,0 @@
-#!/bin/bash
-
-PROCESS=memcached
-
-/etc/init.d/$PROCESS start
-
-while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do
-	sleep 60
-done
-

services/nginx.sh

@@ -1,10 +0,0 @@
-#!/bin/bash
-
-PROCESS=nginx
-
-/etc/init.d/$PROCESS start
-
-while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do
-	sleep 30
-done
-

services/nsd.sh

@@ -1,10 +0,0 @@
-#!/bin/bash
-
-PROCESS=nsd
-
-/etc/init.d/$PROCESS start
-
-while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do
-	sleep 30
-done
-

services/opendkim.sh

@@ -1,10 +0,0 @@
-#!/bin/bash
-
-PROCESS=opendkim
-
-/etc/init.d/$PROCESS start
-
-while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do
-	sleep 30
-done
-

services/php5-fpm.sh

@@ -1,10 +0,0 @@
-#!/bin/bash
-
-PROCESS=php5-fpm
-
-/etc/init.d/$PROCESS start
-
-while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do
-	sleep 30
-done
-

services/postfix.sh

@@ -1,10 +0,0 @@
-#!/bin/bash
-
-PROCESS=postfix
-
-/etc/init.d/$PROCESS start
-
-while [ `ps aux | grep $PROCESS | grep -v grep | wc -l` -gt 0 ]; do
-	sleep 30
-done
-

services/postgrey.sh

@@ -1,10 +0,0 @@
-#!/bin/bash
-
-PROCESS=postgrey
-
-/etc/init.d/$PROCESS start
-
-while [ `ps aux | grep $PROCESS | grep -v grep | wc -l` -gt 0 ]; do
-	sleep 30
-done
-

services/spampd.sh

@@ -1,10 +0,0 @@
-#!/bin/bash
-
-PROCESS=spampd
-
-/etc/init.d/$PROCESS start
-
-while [ `ps -C $PROCESS -o pid= | wc -l` -gt 0 ]; do
-	sleep 30
-done
-

setup/functions.sh

@@ -39,9 +39,14 @@ function apt_get_quiet {
 }
 
 function apt_install {
-  if [ ! "$IS_DOCKER" ];then
-	# Report any packages already installed.
 	PACKAGES=$@
+
+	if [ ! -z "$IS_DOCKER" ]; then
+		# Speed things up because packages are already installed by the image.
+		PACKAGES=""
+	fi
+			
+	# Report any packages already installed.
 	TO_INSTALL=""
 	ALREADY_INSTALLED=""
 	for pkg in $PACKAGES; do
@@ -163,10 +168,18 @@ function ufw_allow {
 
 function restart_service {
 	# Restart a service quietly.
-	if [ ! "$IS_DOCKER" ]; then
-		# The normal way to restart a service.
-		hide_output service $1 restart
+
+	if [[ ! -z "$IS_DOCKER" && "$1" == "dovecot" ]]; then
+		# In Docker, sysvinit takes care of any services with an init.d
+		# script. The dovecot package provides an Upstart config only,
+		# and so it won't work this way. We make a new script for it
+		# elsewhere. We also cant do `sv restart dovecot` because runit
+		# is not running until after the setup scripts are run. So we
+		# will have to skip starting dovecot for now.
+		return 0
 	fi
+
+	hide_output service $1 restart
 }
 
 ## Dialog Functions ##

setup/start.sh

@@ -102,6 +102,14 @@ source setup/zpush.sh
 source setup/management.sh
 source setup/munin.sh
 
+# In Docker, sysvinit services are started automatically. Runit services
+# aren't started until after this setup script finishes. But we need
+# Dovecot (which is Upstart-only) running in order to create the first
+# mail user. So start dovecot now.
+if [ ! -z "$IS_DOCKER" ]; then
+	/usr/sbin/dovecot -c /etc/dovecot/dovecot.conf
+fi
+
 # Ping the management daemon to write the DNS and nginx configuration files.
 until nc -z -w 4 localhost 10222
 do
@@ -139,5 +147,4 @@ openssl x509 -in $STORAGE_ROOT/ssl/ssl_certificate.pem -noout -fingerprint \
         | sed "s/SHA1 Fingerprint=//"
 echo
 echo Then you can confirm the security exception and continue.
-echo
-
+echo