sam/obmp-docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Security fixes, issues resolved, and more

Browse Source 
* Upgrades to all containers
* Resolves #7, resolves #6, resolves #2
* Compose changed to use versions instead of latest
* OBMP containers now use a version tag instead of build numbers
This commit is contained in:
Tim Evens 2022-01-28 15:12:01 -08:00
parent bb5df212df
commit c3839aa8fb
7 changed files with 36 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
collector/Dockerfile
View File

@ -1,6 +1,6 @@
# Collector: openbmp/collector # Collector: openbmp/collector
# #
# Copyright (c) 2021 Cisco Systems, Inc. and Tim Evens. All rights reserved. # Copyright (c) 2021-2022 Cisco Systems, Inc. and Tim Evens. All rights reserved.
# #
# Author: Tim Evens <tim@openbmp.org> # Author: Tim Evens <tim@openbmp.org>
# #
@ -15,8 +15,8 @@
# #
# Example docker build: # Example docker build:
# tar -cL -C ../../ ./obmp-collector ./obmp-docker/collector \ # tar -cL -C ../../ ./obmp-collector ./obmp-docker/collector \
# | docker build --build-arg BUILD_NUMBER=50 \ # | docker build --build-arg VERSION=2.0.1 \
# -f obmp-docker/collector/Dockerfile -t openbmp/collector:build-50 - # -f obmp-docker/collector/Dockerfile -t openbmp/collector:2.0.1 -
# #
# ----------------------------------------------- # -----------------------------------------------
@ -43,7 +43,7 @@ FROM debian:bullseye-slim
ADD obmp-docker/collector/scripts/install /tmp/ ADD obmp-docker/collector/scripts/install /tmp/
ADD obmp-docker/collector/scripts/run /usr/sbin/ ADD obmp-docker/collector/scripts/run /usr/sbin/
ARG BUILD_NUMBER=0 ARG VERSION=0
# Copy files from previous stages # Copy files from previous stages
COPY --from=build /usr/bin/openbmpd /usr/bin/ COPY --from=build /usr/bin/openbmpd /usr/bin/

2
collector/scripts/install
View File

@ -6,7 +6,7 @@
# Author: Tim Evens <tim@openbmp.org> # Author: Tim Evens <tim@openbmp.org>
# Add build details # Add build details
touch /usr/local/build-${BUILD_NUMBER} touch /usr/local/version-${VERSION}
# #
# Defaults # Defaults

4
dev-image/Dockerfile
View File

@ -1,7 +1,7 @@
# Development build container: openbmp/dev-image # Development build container: openbmp/dev-image
# #
# Copyright (c) 2021 Cisco Systems, Inc. and others. All rights reserved. # Copyright (c) 2021-2022 Cisco Systems, Inc. and others. All rights reserved.
# Copyright (c) 2021 Tim Evens. All rights reserved. # Copyright (c) 2021-2022 Tim Evens. All rights reserved.
# #
# Container used to build the OpenBMP components # Container used to build the OpenBMP components
# #

12
docker-compose.yml
View File

@ -5,7 +5,7 @@ services:
zookeeper: zookeeper:
restart: unless-stopped restart: unless-stopped
container_name: obmp-zookeeper container_name: obmp-zookeeper
image: confluentinc/cp-zookeeper:6.0.2 image: confluentinc/cp-zookeeper:7.0.1
volumes: volumes:
- ${OBMP_DATA_ROOT}/zk-data:/var/lib/zookeeper/data - ${OBMP_DATA_ROOT}/zk-data:/var/lib/zookeeper/data
- ${OBMP_DATA_ROOT}/zk-log:/var/lib/zookeeper/log - ${OBMP_DATA_ROOT}/zk-log:/var/lib/zookeeper/log
@ -16,7 +16,7 @@ services:
kafka: kafka:
restart: unless-stopped restart: unless-stopped
container_name: obmp-kafka container_name: obmp-kafka
image: confluentinc/cp-kafka:6.0.2 image: confluentinc/cp-kafka:7.0.1
# Change the mount point to where you want to store Kafka data. # Change the mount point to where you want to store Kafka data.
# Normally 80GB or more # Normally 80GB or more
@ -48,7 +48,7 @@ services:
grafana: grafana:
restart: unless-stopped restart: unless-stopped
container_name: obmp-grafana container_name: obmp-grafana
image: grafana/grafana:latest image: grafana/grafana:8.3.4
ports: ports:
- 3000:3000 - 3000:3000
volumes: volumes:
@ -63,7 +63,7 @@ services:
psql: psql:
restart: unless-stopped restart: unless-stopped
container_name: obmp-psql container_name: obmp-psql
image: openbmp/postgres:latest image: openbmp/postgres:2.0.1
ports: ports:
- 5432:5432 - 5432:5432
volumes: volumes:
@ -78,7 +78,7 @@ services:
collector: collector:
restart: unless-stopped restart: unless-stopped
container_name: obmp-collector container_name: obmp-collector
image: openbmp/collector:latest image: openbmp/collector:2.0.1
sysctls: sysctls:
- net.ipv4.tcp_keepalive_intvl=30 - net.ipv4.tcp_keepalive_intvl=30
- net.ipv4.tcp_keepalive_probes=5 - net.ipv4.tcp_keepalive_probes=5
@ -93,7 +93,7 @@ services:
psql-app: psql-app:
restart: unless-stopped restart: unless-stopped
container_name: obmp-psql-app container_name: obmp-psql-app
image: openbmp/psql-app:latest image: openbmp/psql-app:2.0.1
sysctls: sysctls:
- net.ipv4.tcp_keepalive_intvl=30 - net.ipv4.tcp_keepalive_intvl=30
- net.ipv4.tcp_keepalive_probes=5 - net.ipv4.tcp_keepalive_probes=5

8
postgres/Dockerfile
View File

@ -1,18 +1,18 @@
# Postgres Container # Postgres Container
# #
# Copyright (c) 2021 Cisco Systems, Inc. and Tim Evens. All rights reserved. # Copyright (c) 2021-2022 Cisco Systems, Inc. and Tim Evens. All rights reserved.
# #
# Build: # Build:
# docker build -t openbmp/postgres:build-NNN . # docker build -t openbmp/postgres:2.0.1 .
# #
# Run: # Run:
# docker run --rm -it -p 5432:5432 \ # docker run --rm -it -p 5432:5432 \
# -e POSTGRES_PASSWORD=openbmp \ # -e POSTGRES_PASSWORD=openbmp \
# -e POSTGRES_USER=openbmp \ # -e POSTGRES_USER=openbmp \
# -e POSTGRES_DB=openbmp \ # -e POSTGRES_DB=openbmp \
# openbmp/postgres:build-NNN # openbmp/postgres:2.0.1
FROM timescale/timescaledb:2.1.0-pg13 FROM timescale/timescaledb:2.5.1-pg14
# Current/working dir # Current/working dir
VOLUME ["/ws"] VOLUME ["/ws"]

10
psql-app/Dockerfile
View File

@ -1,6 +1,6 @@
# Postgres Backend: openbmp/psql-consumer # Postgres Backend: openbmp/psql-consumer
# #
# Copyright (c) 2021 Cisco Systems, Inc. and Tim Evens. All rights reserved. # Copyright (c) 2021-2022 Cisco Systems, Inc. and Tim Evens. All rights reserved.
# #
# Author: Tim Evens <tim@openbmp.org> # Author: Tim Evens <tim@openbmp.org>
# #
@ -13,15 +13,15 @@
# #
# Example docker build: # Example docker build:
# tar -cL -C ../../ ./obmp-psql ./obmp-docker/psql-app ./obmp-java-api-message \ # tar -cL -C ../../ ./obmp-psql ./obmp-docker/psql-app ./obmp-java-api-message \
# | docker build --build-arg BUILD_NUMBER=50 \ # | docker build --build-arg VERSION=2.0.1 \
# -f obmp-docker/psql-app/Dockerfile -t openbmp/psql-app:build-50 - # -f obmp-docker/psql-app/Dockerfile -t openbmp/psql-app:2.0.1 -
# ----------------------------------------------- # -----------------------------------------------
# stage: Build # stage: Build
# ----------------------------------------------- # -----------------------------------------------
FROM openbmp/dev-image:latest AS build FROM openbmp/dev-image:latest AS build
ARG BUILD_NUMBER=0 ARG VERSION=0.0.0
# Proxy servers # Proxy servers
#ENV http_proxy http://proxy:80 #ENV http_proxy http://proxy:80
@ -67,7 +67,7 @@ EXPOSE 9005
WORKDIR /tmp WORKDIR /tmp
# Base setup tasks # Base setup tasks
RUN touch /usr/local/build-${BUILD_NUMBER} \ RUN touch /usr/local/version-${VERSION} \
&& chmod 755 /usr/local/openbmp/*.py && chmod 755 /usr/local/openbmp/*.py
#---------------------------------- #----------------------------------

33
psql-app/scripts/run
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# Postgres Backend: Run script # Postgres Backend: Run script
# #
# Copyright (c) 2021 Cisco Systems, Inc. and Tim Evens. All rights reserved. # Copyright (c) 2021-2022 Cisco Systems, Inc. and Tim Evens. All rights reserved.
# #
# Author: Tim Evens <tim@evensweb.com> # Author: Tim Evens <tim@evensweb.com>
# #
@ -12,6 +12,8 @@ export POSTGRES_PASSWORD=${POSTGRES_PASSWORD:="openbmp"}
export POSTGRES_HOST=${POSTGRES_HOST:="127.0.0.1"} export POSTGRES_HOST=${POSTGRES_HOST:="127.0.0.1"}
export POSTGRES_PORT=${POSTGRES_PORT:="5432"} export POSTGRES_PORT=${POSTGRES_PORT:="5432"}
export POSTGRES_DB=${POSTGRES_DB:="openbmp"} export POSTGRES_DB=${POSTGRES_DB:="openbmp"}
export POSTGRES_SSL_ENABLE=${POSTGRES_SSL_ENABLE:="port"}
export POSTGRES_SSL_MODE=${POSTGRES_SSL_MODE:="required"}
export MEM=${MEM:="1"} # mem in gigabytes export MEM=${MEM:="1"} # mem in gigabytes
export PGCONNECT_TIMEOUT=15 export PGCONNECT_TIMEOUT=15
@ -152,23 +154,12 @@ MAILTO=""
# Update peer update counts # Update peer update counts
*/30 * * * * root . /usr/local/openbmp/pg_profile && psql -c "select update_peer_update_counts(1800)" */30 * * * * root . /usr/local/openbmp/pg_profile && psql -c "select update_peer_update_counts(1800)"
# Update origin stats # Update global rib
21 * * * * root . /usr/local/openbmp/pg_profile && psql -c "select update_global_ip_rib();" */5 * * * * root . /usr/local/openbmp/pg_profile && psql -c "select update_global_ip_rib('5 minute');"
# Update origin stats
21 * * * * root . /usr/local/openbmp/pg_profile && psql -c "select update_origin_stats('1 hour');"
# Purge time series data that is older than desired retention
0 * */3 * * root . /usr/local/openbmp/pg_profile && psql -c "SELECT drop_chunks('peer_event_log', interval $POSTGRES_DROP_peer_event_log);"
1 * */3 * * root . /usr/local/openbmp/pg_profile && psql -c "SELECT drop_chunks('stat_reports', interval $POSTGRES_DROP_stat_reports);"
2 * */3 * * root . /usr/local/openbmp/pg_profile && psql -c "SELECT drop_chunks('ip_rib_log', interval $POSTGRES_DROP_ip_rib_log);"
3 * */3 * * root . /usr/local/openbmp/pg_profile && psql -c "SELECT drop_chunks('alerts', interval $POSTGRES_DROP_alerts);"
4 * */3 * * root . /usr/local/openbmp/pg_profile && psql -c "SELECT drop_chunks('ls_nodes_log', interval $POSTGRES_DROP_ls_nodes_log);"
5 * */3 * * root . /usr/local/openbmp/pg_profile && psql -c "SELECT drop_chunks('ls_links_log', interval $POSTGRES_DROP_ls_links_log);"
6 * */3 * * root . /usr/local/openbmp/pg_profile && psql -c "SELECT drop_chunks('ls_prefixes_log', interval $POSTGRES_DROP_ls_prefixes_log);"
7 * */3 * * root . /usr/local/openbmp/pg_profile && psql -c "SELECT drop_chunks('stats_chg_byprefix', interval $POSTGRES_DROP_stats_chg_byprefix);"
8 * */3 * * root . /usr/local/openbmp/pg_profile && psql -c "SELECT drop_chunks('stats_chg_byasn', interval $POSTGRES_DROP_stats_chg_byasn);"
9 * */3 * * root . /usr/local/openbmp/pg_profile && psql -c "SELECT drop_chunks('stats_chg_bypeer', interval $POSTGRES_DROP_stats_chg_bypeer);"
10 * */3 * * root . /usr/local/openbmp/pg_profile && psql -c "SELECT drop_chunks('stats_ip_origins', interval $POSTGRES_DROP_stats_ip_origins);"
11 * */3 * * root . /usr/local/openbmp/pg_profile && psql -c "SELECT drop_chunks('stats_peer_rib', interval $POSTGRES_DROP_stats_peer_rib);"
12 * */3 * * root . /usr/local/openbmp/pg_profile && psql -c "SELECT drop_chunks('stats_peer_update_counts', interval $POSTGRES_DROP_stats_peer_update_counts);"
SETVAR SETVAR
@ -193,8 +184,12 @@ run_consumer() {
# Update configuration # Update configuration
sed -i -e "s/\([ ]*bootstrap.servers:\)\(.*\)/\1 \"${KAFKA_FQDN}\"/" /config/obmp-psql.yml sed -i -e "s/\([ ]*bootstrap.servers:\)\(.*\)/\1 \"${KAFKA_FQDN}\"/" /config/obmp-psql.yml
sed -i -e "s/\([ ]*host[ ]*:\)\(.*\)/\1 \"${POSTGRES_HOST}\"/" /config/obmp-psql.yml sed -i -e "s/\([ ]*host[ ]*:\)\(.*\)/\1 \"${POSTGRES_HOST}:${POSTGRES_PORT}\"/" /config/obmp-psql.yml
sed -i -e "s/\([ ]*username[ ]*:\)\(.*\)/\1 \"${POSTGRES_USER}\"/" /config/obmp-psql.yml
sed -i -e "s/\([ ]*password[ ]*:\)\(.*\)/\1 \"${POSTGRES_PASSWORD}\"/" /config/obmp-psql.yml
sed -i -e "s/\([ ]*db_name[ ]*:\)\(.*\)/\1 \"${POSTGRES_DB}\"/" /config/obmp-psql.yml
sed -i -e "s/\([ ]*ssl_enable[ ]*:\)\(.*\)/\1 \"${POSTGRES_SSL_ENABLE}\"/" /config/obmp-psql.yml
sed -i -e "s/\([ ]*ssl_mode[ ]*:\)\(.*\)/\1 \"${POSTGRES_SSL_MODE}\"/" /config/obmp-psql.yml
fi fi
if [[ $MEM -gt 20 ]]; then if [[ $MEM -gt 20 ]]; then