Prestage files and copy on init to fix bind mount issues (#1216)
This commit is contained in:
parent
35eea39db7
commit
d2bd01d009
16
Dockerfile
16
Dockerfile
|
@ -13,18 +13,20 @@ RUN SYSTEM="docker" make release
|
||||||
RUN cd crowdsec-v* && ./wizard.sh --docker-mode && cd -
|
RUN cd crowdsec-v* && ./wizard.sh --docker-mode && cd -
|
||||||
RUN cscli hub update && cscli collections install crowdsecurity/linux && cscli parsers install crowdsecurity/whitelists
|
RUN cscli hub update && cscli collections install crowdsecurity/linux && cscli parsers install crowdsecurity/whitelists
|
||||||
FROM alpine:latest
|
FROM alpine:latest
|
||||||
RUN apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community tzdata yq
|
RUN apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community tzdata yq && \
|
||||||
COPY --from=build /etc/crowdsec /etc/crowdsec
|
mkdir -p /staging/etc/crowdsec && \
|
||||||
COPY --from=build /var/lib/crowdsec /var/lib/crowdsec
|
mkdir -p /staging/var/lib/crowdsec
|
||||||
|
COPY --from=build /etc/crowdsec /staging/etc/crowdsec
|
||||||
|
COPY --from=build /var/lib/crowdsec /staging/var/lib/crowdsec
|
||||||
COPY --from=build /usr/local/bin/crowdsec /usr/local/bin/crowdsec
|
COPY --from=build /usr/local/bin/crowdsec /usr/local/bin/crowdsec
|
||||||
COPY --from=build /usr/local/bin/cscli /usr/local/bin/cscli
|
COPY --from=build /usr/local/bin/cscli /usr/local/bin/cscli
|
||||||
COPY --from=build /go/src/crowdsec/docker/docker_start.sh /
|
COPY --from=build /go/src/crowdsec/docker/docker_start.sh /
|
||||||
COPY --from=build /go/src/crowdsec/docker/config.yaml /etc/crowdsec/config.yaml
|
COPY --from=build /go/src/crowdsec/docker/config.yaml /staging/etc/crowdsec/config.yaml
|
||||||
#Due to the wizard using cp -n, we have to copy the config files directly from the source as -n does not exist in busybox cp
|
#Due to the wizard using cp -n, we have to copy the config files directly from the source as -n does not exist in busybox cp
|
||||||
#The files are here for reference, as users will need to mount a new version to be actually able to use notifications
|
#The files are here for reference, as users will need to mount a new version to be actually able to use notifications
|
||||||
COPY --from=build /go/src/crowdsec/plugins/notifications/http/http.yaml /etc/crowdsec/notifications/http.yaml
|
COPY --from=build /go/src/crowdsec/plugins/notifications/http/http.yaml /staging/etc/crowdsec/notifications/http.yaml
|
||||||
COPY --from=build /go/src/crowdsec/plugins/notifications/slack/slack.yaml /etc/crowdsec/notifications/slack.yaml
|
COPY --from=build /go/src/crowdsec/plugins/notifications/slack/slack.yaml /staging/etc/crowdsec/notifications/slack.yaml
|
||||||
COPY --from=build /go/src/crowdsec/plugins/notifications/splunk/splunk.yaml /etc/crowdsec/notifications/splunk.yaml
|
COPY --from=build /go/src/crowdsec/plugins/notifications/splunk/splunk.yaml /staging/etc/crowdsec/notifications/splunk.yaml
|
||||||
COPY --from=build /usr/local/lib/crowdsec/plugins /usr/local/lib/crowdsec/plugins
|
COPY --from=build /usr/local/lib/crowdsec/plugins /usr/local/lib/crowdsec/plugins
|
||||||
|
|
||||||
ENTRYPOINT /bin/sh docker_start.sh
|
ENTRYPOINT /bin/sh docker_start.sh
|
||||||
|
|
|
@ -6,6 +6,18 @@ if [ "$CONFIG_FILE" != "" ]; then
|
||||||
CS_CONFIG_FILE="$CONFIG_FILE"
|
CS_CONFIG_FILE="$CONFIG_FILE"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
#Check & prestage databases
|
||||||
|
if [ ! -e "/var/lib/data/GeoLite2-ASN.mmdb" ] && [ ! -e "/var/lib/data/GeoLite2-City.mmdb" ]; then
|
||||||
|
mkdir -p /var/lib/crowdsec/data
|
||||||
|
cp /staging/var/lib/crowdsec/data/*.mmdb /var/lib/crowdsec/data/
|
||||||
|
fi
|
||||||
|
|
||||||
|
#Check & prestage /etc/crowdsec
|
||||||
|
if [ ! -e "/etc/crowdsec/local_api_credentials.yaml" ] && [ ! -e "/etc/crowdsec/config.yaml" ]; then
|
||||||
|
mkdir -p /etc/crowdsec
|
||||||
|
cp -r /staging/etc/* /etc/
|
||||||
|
fi
|
||||||
|
|
||||||
# regenerate local agent credentials (ignore if agent is disabled)
|
# regenerate local agent credentials (ignore if agent is disabled)
|
||||||
if [ "$DISABLE_AGENT" == "" ] ; then
|
if [ "$DISABLE_AGENT" == "" ] ; then
|
||||||
echo "Regenerate local agent credentials"
|
echo "Regenerate local agent credentials"
|
||||||
|
|
Loading…
Reference in a new issue