Update context of docker files

  * Also adds the live_audit script to systemd.
    This will cause systemd to startup the audit on boot
    so all bolt files will be copied over to /tmp/backup
    for investigation.

Author: logicminds

spec/docker/.dockerignore

@@ -0,0 +1 @@
+*.tar.gz

spec/docker/Dockerfile

@@ -7,9 +7,14 @@ EXPOSE 22
 ENV LC_ALL="en_US.UTF-8" LANG="en_US.UTF-8" LANGUAGE="en_US.UTF-8"
 RUN echo "LANG=en_US.UTF-8" > /etc/locale.conf
 STOPSIGNAL SIGRTMIN+3
-ADD live_audit.sh /usr/bin/live_audit.sh
-RUN yum -y install epel-release systemd rsync tree vim openssh openssh-server openssh-clients anacron sudo curl openssl; yum clean all;
-RUN yum -y inotify-tools && mkdir /root/bolt_scripts
+ADD live_audit.sh /usr/bin/live_audit.sh 
+ADD live_audit.service /etc/systemd/system/live_audit.service
+RUN chmod 644 /etc/systemd/system/live_audit.service && chmod 755 /usr/bin/live_audit.sh && \
+    echo "root:test" | chpasswd; \
+    useradd -m -s /bin/bash centos && echo "centos:test" | chpasswd; 
+RUN yum -y install epel-release systemd rsync tree vim openssh openssh-server openssh-clients anacron sudo curl openssl
+RUN yum -y install inotify-tools && mkdir /root/bolt_scripts && yum clean all
+# remove any scripts that don't need to be run
 RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ 
   rm -f /lib/systemd/system/multi-user.target.wants/*; \
   rm -f /etc/systemd/system/*.wants/*; \
@@ -19,9 +24,8 @@ RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == system
   rm -f /lib/systemd/system/basic.target.wants/*; \
   rm -f /lib/systemd/system/anaconda.target.wants/*; \
   rm -rf /var/cache/yum; \
-  echo "root:test" | chpasswd; \
-  useradd -m -s /bin/bash centos && echo "centos:test" | chpasswd; \
-  ln -s '/usr/lib/systemd/system/sshd.service' '/etc/systemd/system/multi-user.target.wants/sshd.service'
+  ln -s '/usr/lib/systemd/system/sshd.service' '/etc/systemd/system/multi-user.target.wants/sshd.service' && \
+  ln -s '/etc/systemd/system/live_audit.service' '/etc/systemd/system/multi-user.target.wants/live_audit.service'
 VOLUME [ “/sys/fs/cgroup” ]
-CMD /sbin/init
-# ENTRYPOINT [ "/sbin/init" ]
+#CMD /bin/bash
+ENTRYPOINT [ "/sbin/init" ]

spec/docker/extra-large-ha/docker-compose.yaml

@@ -2,8 +2,8 @@ version: "3"
 services:
   bolt:
     build:
-      dockerfile: '../Dockerfile_bolt'
-      context: .
+      dockerfile: 'Dockerfile_bolt'
+      context: ../
     image: pe-bolt
     hostname: bolter.puppet.vm
     container_name: bolter.puppet.vm
@@ -16,8 +16,8 @@ services:
     depends_on:
       - pe_xl_core_0
     build:
-      dockerfile: '../Dockerfile'
-      context: .
+      dockerfile: 'Dockerfile'
+      context: ../
     entrypoint: /sbin/init
     image: pe-base
     privileged: true # required for systemd
@@ -36,8 +36,8 @@ services:
     depends_on:
       - pe_xl_core_0
     build:
-      dockerfile: '../Dockerfile'
-      context: .
+      dockerfile: 'Dockerfile'
+      context: ../
     entrypoint: /sbin/init
     image: pe-base
     privileged: true # required for systemd
@@ -55,8 +55,8 @@ services:
     depends_on:
       - pe_xl_core_0
     build:
-      dockerfile: '../Dockerfile'
-      context: .
+      dockerfile: 'Dockerfile'
+      context: ../
     entrypoint: /sbin/init
     image: pe-base
     privileged: true # required for systemd
@@ -74,8 +74,8 @@ services:
     depends_on:
       - pe_xl_core_0
     build:
-      dockerfile: '../Dockerfile'
-      context: .
+      dockerfile: 'Dockerfile'
+      context: ../
     entrypoint: /sbin/init
     image: pe-base
     privileged: true # required for systemd
@@ -97,8 +97,8 @@ services:
       - '/sys/fs/cgroup:/sys/fs/cgroup:ro'      
   pe_xl_core_0:
     build:
-      dockerfile: '../Dockerfile'
-      context: .
+      dockerfile: 'Dockerfile'
+      context: ../
     entrypoint: /sbin/init
     image: pe-base
     privileged: true # required for systemd

spec/docker/extra-large/docker-compose.yaml

@@ -2,8 +2,8 @@ version: "3"
 services:
   bolt:
     build:
-      dockerfile: '../Dockerfile_bolt'
-      context: .
+      dockerfile: 'Dockerfile_bolt'
+      context: ../
     image: pe-build
     hostname: bolter.puppet.vm
     container_name: bolter.puppet.vm
@@ -16,8 +16,8 @@ services:
     depends_on:
       - pe_xl_core
     build:
-      dockerfile: '../Dockerfile'
-      context: .
+      dockerfile: 'Dockerfile'
+      context: ../
     entrypoint: /sbin/init
     image: pe-base
     privileged: true # required for systemd
@@ -36,8 +36,8 @@ services:
     depends_on:
       - pe_xl_core
     build:
-      dockerfile: '../Dockerfile'
-      context: .
+      dockerfile: 'Dockerfile'
+      context: ../
     entrypoint: /sbin/init
     image: pe-base
     privileged: true # required for systemd
@@ -53,8 +53,8 @@ services:
       - '/sys/fs/cgroup:/sys/fs/cgroup:ro'  
   pe_xl_core:
     build:
-      dockerfile: '../Dockerfile'
-      context: .
+      dockerfile: 'Dockerfile'
+      context: ../
     entrypoint: /sbin/init
     image: pe-base
     privileged: true # required for systemd

spec/docker/large-ha/docker-compose.yaml

@@ -2,8 +2,8 @@ version: "3"
 services:
   bolt:
     build:
-      dockerfile: '../Dockerfile_bolt'
-      context: .
+      dockerfile: 'Dockerfile_bolt'
+      context: ../
     image: pe-build
     hostname: bolter.puppet.vm
     container_name: bolter.puppet.vm
@@ -16,8 +16,8 @@ services:
     depends_on:
       - large_aio
     build:
-      dockerfile: '../Dockerfile'
-      context: .
+      dockerfile: 'Dockerfile'
+      context: ../
     entrypoint: /sbin/init
     image: pe-base
     privileged: true # required for systemd
@@ -36,8 +36,8 @@ services:
     depends_on:
       - large_aio
     build:
-      dockerfile: '../Dockerfile'
-      context: .
+      dockerfile: 'Dockerfile'
+      context: ../
     entrypoint: /sbin/init
     image: pe-base
     privileged: true # required for systemd
@@ -59,8 +59,8 @@ services:
       - '/sys/fs/cgroup:/sys/fs/cgroup:ro'        
   large_aio:
     build:
-      dockerfile: '../Dockerfile'
-      context: .
+      dockerfile: 'Dockerfile'
+      context: ../
     entrypoint: /sbin/init
     image: pe-base
     privileged: true # required for systemd

spec/docker/large/docker-compose.yaml

@@ -2,8 +2,8 @@ version: "3"
 services:
   bolt:
     build:
-      dockerfile: '../Dockerfile_bolt'
-      context: .
+      dockerfile: 'Dockerfile_bolt'
+      context: ../
     image: pe-build
     hostname: bolter-lg.puppet.vm
     container_name: bolter.puppet.vm
@@ -16,8 +16,8 @@ services:
     depends_on:
       - large_aio
     build:
-      dockerfile: '../Dockerfile'
-      context: .
+      dockerfile: 'Dockerfile'
+      context: ../
     entrypoint: /sbin/init
     image: pe-base
     privileged: true # required for systemd
@@ -34,8 +34,8 @@ services:
       - '/sys/fs/cgroup:/sys/fs/cgroup:ro'    
   large_aio:
     build:
-      dockerfile: '../Dockerfile'
-      context: .
+      dockerfile: 'Dockerfile'
+      context: ../
     entrypoint: /sbin/init
     image: pe-base
     privileged: true # required for systemd

spec/docker/live_audit.service

@@ -0,0 +1,8 @@
+[Unit]
+After=network.service
+
+[Service]
+ExecStart=/bin/bash /usr/bin/live_audit.sh /root/bolt_scripts /tmp/backup
+
+[Install]
+WantedBy=default.target

spec/docker/live_audit.sh

@@ -1,9 +1,15 @@
 #!/usr/bin/env bash
+# must install inotify-tools from epel or self hosted repo
+# live_audit.sh /watch_dir /tmp/backup
 src=$1
 dst=$2
 logfile=${2}/watcher.log
 script_file=${0##*/}
-
+mkdir -p $dst
+if [[ ! -d $src || ! -d $dst ]]; then
+  echo "Source or destanation directory does not exist"
+  exit 1
+fi
 #ps -af -ww |grep [l]ive_backup
 while true
 do

spec/docker/provision.sh

@@ -16,7 +16,8 @@ fi
 select opt in */
 do
   cd $opt
-  docker-compose up -d --build
+  docker-compose up -d --build 
+  # nohup /usr/bin/live_audit.sh /root/bolt_scripts /tmp/backup &
   docker-compose run -v ${downloads}:/downloads -v ${fixtures_path}:/modules -v ${base_repo}:/mods/peadm bolt plan run peadm::provision \
   --concurrency 2 \
   --inventory inventory.yaml \

spec/docker/standard-ha/docker-compose.yaml

@@ -2,8 +2,8 @@ version: "3"
 services:
   bolt:
     build:
-      dockerfile: '../Dockerfile_bolt'
-      context: .
+      dockerfile: 'Dockerfile_bolt'
+      context: ../
     image: pe-build
     hostname: bolter-std.puppet.vm
     container_name: bolter-std.puppet.vm
@@ -16,8 +16,8 @@ services:
     depends_on:
       - standard_aio
     build:
-      dockerfile: '../Dockerfile'
-      context: .
+      dockerfile: 'Dockerfile'
+      context: ../
     entrypoint: /sbin/init
     image: pe-base
     privileged: true # required for systemd
@@ -39,8 +39,8 @@ services:
       - '/sys/fs/cgroup:/sys/fs/cgroup:ro'    
   standard_aio:
     build:
-      dockerfile: '../Dockerfile'
-      context: .
+      dockerfile: 'Dockerfile'
+      context: ../
     entrypoint: /sbin/init
     image: pe-base
     privileged: true # required for systemd

spec/docker/standard/docker-compose.yaml

@@ -2,8 +2,8 @@ version: "3"
 services:
   bolt:
     build:
-      dockerfile: '../Dockerfile_bolt'
-      context: .
+      dockerfile: 'Dockerfile_bolt'
+      context: ../
     image: pe-build
     hostname: bolter-std.puppet.vm
     container_name: bolter-std.puppet.vm
@@ -18,8 +18,8 @@ services:
       LANG: "en_US.utf8"
       LANGUAGE: "en_US.utf8"
     build:
-      dockerfile: '../Dockerfile'
-      context: .
+      dockerfile: 'Dockerfile'
+      context: ../
     entrypoint: /sbin/init
     image: pe-base
     privileged: true # required for systemd