Mirror andrews docker changes from https://github.com/mozilla/MozDef/compare/master...andrewkrug:docker_maintenance

Makefile

@@ -5,12 +5,6 @@
 #
 
 # usage:
-# make single-build - build new single image from Dockerfile
-# make single-build-no-cache - build new single image from Dockerfile from scratch
-# make single-debug - debug run already created image by tag
-# make single-run - run a single instance of MozDef
-# make single-stop - stop a single instance of MozDef
-# make single-rebuild - build, stop and run a new single instance of MozDef
 # make multiple-build - build new mozdef environment in multiple containers
 # make multiple-build-tests - build new mozdef environment for tests in multiple containers
 # make multiple-build-no-cache - build new mozdef environment in multiple containers from scratch
@@ -28,52 +22,6 @@
 NAME=mozdef
 VERSION=0.1
 
-
-single-build:
-	docker build -f docker/Dockerfile -t $(NAME):$(VERSION) .
-
-single-build-no-cache:
-	docker build -f docker/Dockerfile --no-cache -t $(NAME):$(VERSION) .
-
-single-run:
-	docker run \
-		-e TZ=UTC \
-		-p 80:80 \
-		-p 9090:9090 \
-		-p 8080:8080 \
-		-p 8081:8081 \
-		-p 9200:9200 \
-		-p 5672:5672 \
-		-v mozdef-elasticsearch:/var/lib/elasticsearch \
-		-v mozdef-mongodb:/var/lib/mongo \
-		-v mozdef-rabbitmq:/var/lib/rabbitmq \
-		-v mozdef-data:/opt/mozdef/envs/mozdef/data \
-		-h $(NAME) --name $(NAME) -d $(NAME):$(VERSION)
-
-single-debug:build
-	docker run \
-		-e TZ=UTC \
-		-p 80:80 \
-		-p 9090:9090 \
-		-p 8080:8080 \
-		-p 8081:8081 \
-		-p 3002:3002 \
-		-p 5672:5672 \
-		-p 15672:15672 \
-		-p 9200:9200 \
-		-v mozdef-elasticsearch:/var/lib/elasticsearch \
-		-v mozdef-mongodb:/var/lib/mongo \
-		-v mozdef-rabbitmq:/var/lib/rabbitmq \
-		-v mozdef-data:/opt/mozdef/envs/mozdef/data \
-		-h $(NAME) -t -i $(NAME):$(VERSION) /bin/bash
-
-single-stop:
-	-docker rm -f $(NAME)
-
-single-rebuild: single-build single-stop single-run
-
-.PHONY: single-build single-build-no-cache single-run single-debug single-stop single-rebuild
-
 multiple-run:
 	docker-compose -f docker/compose/docker-compose.yml -p $(NAME) up -d
 

docker/Dockerfile

@@ -1,164 +0,0 @@
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-# Copyright (c) 2014 Mozilla Corporation
-#
-
-FROM centos:7
-
-LABEL maintainer="mozdef@mozilla.com"
-
-ENV NODE_VERSION 4.7.0
-ENV METEOR_VERSION 1.4.2.3
-ENV PYTHON_VERSION 2.7.11
-ENV KIBANA_VERSION 5.6.7
-ENV ES_VERSION 5.6.7
-ENV ES_JAVA_VERSION 1.8.0
-ENV RABBITMQ_VERSION 3.3.5
-
-ENV MONGO_URL=mongodb://localhost:3002/meteor
-ENV ROOT_URL=http://localhost
-ENV PORT=3000
-
-COPY docker/conf/mongodb.repo /etc/yum.repos.d/mongodb.repo
-
-# Install ES, RabbitMQ, nginx, Kibana, python, Node, Meteor
-RUN \
-  yum clean all && \
-  yum install -y epel-release && \
-  yum install -y \
-                    wget \
-                    java-$ES_JAVA_VERSION \
-                    glibc-devel \
-                    gcc \
-                    gcc-c++ \
-                    libstdc++ \
-                    supervisor \
-                    libffi-devel \
-                    zlib-devel \
-                    cronie && \
-  useradd -ms /bin/bash -d /opt/mozdef -m mozdef && \
-  mkdir /opt/mozdef/envs && \
-  curl -s -L https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-$ES_VERSION.tar.gz  | tar -C /opt/mozdef -xz && \
-  mv /opt/mozdef/elasticsearch-$ES_VERSION /opt/mozdef/envs/elasticsearch && \
-  chown -R mozdef:mozdef /opt/mozdef/envs/elasticsearch && \
-  mkdir /var/log/elasticsearch && \
-  chown -R mozdef:mozdef /var/log/elasticsearch && \
-  mkdir /var/lib/elasticsearch && \
-  chown -R mozdef:mozdef /var/lib/elasticsearch && \
-  rpm --import https://www.rabbitmq.com/rabbitmq-release-signing-key.asc && \
-  yum install -y rabbitmq-server-$RABBITMQ_VERSION && \
-  yum install -y nginx && \
-  mkdir /var/log/mozdef/ && \
-  curl -s -L https://artifacts.elastic.co/downloads/kibana/kibana-$KIBANA_VERSION-linux-x86_64.tar.gz | tar -C /opt/mozdef/ -xz && \
-  mv /opt/mozdef/kibana-$KIBANA_VERSION-linux-x86_64 /opt/mozdef/envs/kibana && \
-  yum install -y mongodb-org && \
-  curl -s -L https://www.python.org/ftp/python/$PYTHON_VERSION/Python-$PYTHON_VERSION.tgz  | tar -C /opt/mozdef/ -xz && \
-  cd /opt/mozdef/Python-$PYTHON_VERSION && \
-  ./configure && \
-  make && \
-  make install && \
-  rm -r /opt/mozdef/Python-$PYTHON_VERSION && \
-  cd /opt/mozdef && \
-  yum install -y mysql-devel \
-                    python-devel \
-                    python-pip && \
-  chown -R mozdef:mozdef /opt/mozdef/ && \
-  pip install virtualenv && \
-  cd / && \
-  curl -sL -o /opt/mozdef/nodesource.rpm https://rpm.nodesource.com/pub_4.x/el/7/x86_64/nodesource-release-el7-1.noarch.rpm && \
-  rpm -i --nosignature --force /opt/mozdef/nodesource.rpm && \
-  yum install -y nodejs-$NODE_VERSION && \
-  mkdir /opt/mozdef/meteor && \
-  curl -sL -o /opt/mozdef/meteor.tar.gz https://static-meteor.netdna-ssl.com/packages-bootstrap/$METEOR_VERSION/meteor-bootstrap-os.linux.x86_64.tar.gz && \
-  tar -xzf /opt/mozdef/meteor.tar.gz -C /opt/mozdef/meteor && \
-  mv /opt/mozdef/meteor/.meteor /opt/mozdef && \
-  rm -r /opt/mozdef/meteor && \
-  cp /opt/mozdef/.meteor/packages/meteor-tool/*/mt-os.linux.x86_64/scripts/admin/launch-meteor /usr/bin/meteor
-
-USER mozdef
-COPY meteor /opt/mozdef/envs/mozdef/meteor
-USER root
-RUN chown -R mozdef:mozdef /opt/mozdef/envs/mozdef/meteor
-
-COPY docker/conf/settings.js /opt/mozdef/envs/mozdef/meteor/app/lib/settings.js
-RUN chown -R mozdef:mozdef /opt/mozdef/envs/mozdef/meteor/app/lib/settings.js
-
-USER mozdef
-RUN \
-  mkdir -p /opt/mozdef/envs/meteor/mozdef && \
-  cd /opt/mozdef/envs/mozdef/meteor && \
-  meteor npm install && \
-  meteor build --server localhost:3002 --directory /opt/mozdef/envs/meteor/mozdef/ && \
-  mv /opt/mozdef/envs/mozdef/meteor/node_modules /opt/mozdef/envs/meteor/mozdef/node_modules
-
-# Create python virtual environment and install dependencies
-COPY requirements.txt /opt/mozdef/envs/mozdef/requirements.txt
-RUN \
-  virtualenv /opt/mozdef/envs/python && \
-  source /opt/mozdef/envs/python/bin/activate && \
-  pip install -r /opt/mozdef/envs/mozdef/requirements.txt
-
-USER root
-COPY docker/conf/elasticsearch.yml /opt/mozdef/envs/elasticsearch/config/
-COPY docker/conf/jvm.options /opt/mozdef/envs/elasticsearch/config/
-COPY docker/conf/kibana.yml /opt/mozdef/envs/kibana/config/kibana.yml
-COPY docker/conf/supervisor.conf /etc/supervisor/conf.d/supervisor.conf
-COPY docker/conf/mongod.conf /etc/mongod.conf
-COPY docker/conf/rabbitmq.config /etc/rabbitmq/
-COPY docker/conf/enabled_plugins /etc/rabbitmq/
-COPY docker/conf/nginx.conf /etc/nginx/nginx.conf
-
-COPY static /opt/mozdef/envs/mozdef/static
-COPY rest /opt/mozdef/envs/mozdef/rest
-COPY loginput /opt/mozdef/envs/mozdef/loginput
-COPY bot /opt/mozdef/envs/mozdef/bot
-COPY lib /opt/mozdef/envs/mozdef/lib
-COPY cron /opt/mozdef/envs/mozdef/cron
-COPY alerts /opt/mozdef/envs/mozdef/alerts
-COPY mq /opt/mozdef/envs/mozdef/mq
-
-COPY docker/conf/loginput_index.conf /opt/mozdef/envs/mozdef/loginput/index.conf
-COPY docker/conf/rest_index.conf /opt/mozdef/envs/mozdef/rest/index.conf
-
-COPY docker/conf/config.py /opt/mozdef/envs/mozdef/alerts/lib/config.py
-COPY docker/conf/cron_entries.txt /cron_entries.txt
-
-USER mozdef
-RUN crontab /cron_entries.txt
-
-USER root
-RUN \
-  mkdir /opt/mozdef/envs/mozdef/data && \
-  mkdir /opt/mozdef/envs/mozdef/config && \
-  mkdir -p /opt/mozdef/envs/mozdef/docker/conf
-
-COPY docker/conf/initial_setup.py /opt/mozdef/envs/mozdef/docker/conf/initial_setup.py
-
-# We have to replace the python virtualenv path until
-# https://github.com/mozilla/MozDef/issues/421 is fixed
-RUN sed -i 's|/opt/mozdef/envs/mozdef/bin/activate|/opt/mozdef/envs/python/bin/activate|g' /opt/mozdef/envs/mozdef/cron/*.sh
-
-RUN chown -R mozdef:mozdef /opt/mozdef/envs/mozdef
-
-# VOLUMES
-#  Elasticsearch
-VOLUME /var/lib/elasticsearch
-#  Mongodb
-VOLUME /var/lib/mongo
-# RabbitMQ
-VOLUME /var/lib/rabbitmq
-# MozDef data (geolite db for example)
-VOLUME /opt/mozdef/envs/mozdef/data
-
-# 80 = MozDef Web UI (meteor)
-# 3002 = Mongodb
-# 5672 = RabbitMQ
-# 15672 = RabbitMQ Management
-# 8080 = Loginput
-# 8081 = RestAPI
-# 9090 = Kibana Web UI "localhost:9090/app/kibana"
-# 9200 = Elasticsearch
-EXPOSE 80 3002 5672 15672 8080 8081 9090 9200
-
-CMD supervisord -n -c /etc/supervisor/conf.d/supervisor.conf

docker/compose/docker-compose-cron.yml

@@ -0,0 +1,22 @@
+---
+version: '2.2'
+services:
+  cron:
+    build:
+      context: ../../
+      dockerfile: docker/compose/mozdef_cron/Dockerfile
+    restart: always
+    command: bash -c 'sleep 90 && crond -n'
+    volumes:
+      - /Users/jbryner/development/mozdef/deployments/mozillagit/cron:/opt/mozdef/envs/mozdef/cron
+      - geolite_db:/opt/mozdef/envs/mozdef/data/
+    depends_on:
+      - base
+      - rabbitmq
+      - elasticsearch
+      - mongodb
+      - bootstrap
+    networks:
+      - default
+    stdin_open: true
+    tty: true

docker/compose/docker-compose-meteor-ui.yml

@@ -0,0 +1,18 @@
+---
+version: '2.2'
+services:
+  meteor:
+    build:
+      context: ../../
+      dockerfile: docker/compose/mozdef_meteor/Dockerfile
+    restart: 'no'
+    command: bash -c 'node -i'    
+    depends_on:
+      - mongodb
+      - rest
+    networks:
+      - default
+    volumes:
+      - /Users/jbryner/development/mozdef/deployments/mozillagit/meteor:/opt/mozdef/envs/mozdef/meteor
+    stdin_open: true
+    tty: true

docker/compose/docker-compose-rest.yml

@@ -0,0 +1,20 @@
+---
+version: '2.2'
+services:
+  rest:
+    build:
+      context: ../../
+      dockerfile: docker/compose/mozdef_rest/Dockerfile
+    restart: always
+    command: bash -c 'source /opt/mozdef/envs/python/bin/activate && python index.py -c index.conf'
+    depends_on:
+      - base
+      - elasticsearch
+      - mongodb
+      - bootstrap
+    networks:
+      - default
+    volumes:
+      - /Users/jbryner/development/mozdef/deployments/mozillagit/rest:/opt/mozdef/envs/mozdef/rest
+    stdin_open: true
+    tty: true

docker/compose/docker-compose.yml

@@ -2,7 +2,9 @@
 version: '2.2'
 services:
   nginx:
-    build: nginx/
+    build:
+      context: ../../
+      dockerfile: docker/compose/nginx/Dockerfile
     restart: always
     command: /usr/sbin/nginx
     depends_on:
@@ -16,7 +18,9 @@ services:
     networks:
       - default
   mongodb:
-    build: mongodb/
+    build:
+      context: ../../
+      dockerfile: docker/compose/mongodb/Dockerfile
     restart: always
     command: /usr/bin/mongod --smallfiles --config /etc/mongod.conf
     volumes:

docker/compose/live-reload.override.yml

@@ -0,0 +1,33 @@
+---
+version: '2.2'
+services:
+  meteor:
+    build:
+      context: ../../
+      dockerfile: docker/compose/mozdef_meteor/Dockerfile
+    restart: always
+    command: bash -c 'cd /opt/mozdef/envs/mozdef/meteor && meteor npm install --save-dev && rm -rf .meteor/local && /usr/bin/meteor'
+    depends_on:
+      - mongodb
+      - rest
+    networks:
+      - default
+    volumes:
+        - ../../meteor/app:/opt/mozdef/envs/mozdef/meteor/app
+        - ../../meteor/private:/opt/mozdef/envs/mozdef/meteor/private
+        - ../../meteor/public:/opt/mozdef/envs/mozdef/meteor/public
+  sampledata:
+    build:
+      context: ../../
+      dockerfile: docker/compose/mozdef_sampledata/Dockerfile
+    restart: always
+    command: bash -c 'source /opt/mozdef/envs/python/bin/activate && /opt/mozdef/envs/mozdef/examples/demo/sampleevents.sh'
+    links:
+      - elasticsearch
+    depends_on:
+      - loginput
+      - elasticsearch
+      - mongodb
+      - bootstrap
+    networks:
+      - default

docker/compose/mongodb/Dockerfile

@@ -9,7 +9,7 @@ RUN \
   yum install -y mongodb-org && \
   yum clean all
 
-COPY files/mongod.conf /etc/mongod.conf
+COPY docker/compose/mongodb/files/mongod.conf /etc/mongod.conf
 
 VOLUME /var/lib/mongo
 

docker/compose/mozdef_base/Dockerfile

@@ -17,14 +17,9 @@ RUN \
                   make && \
   useradd -ms /bin/bash -d /opt/mozdef -m mozdef && \
   mkdir /opt/mozdef/envs && \
-  curl -s -L https://www.python.org/ftp/python/$PYTHON_VERSION/Python-$PYTHON_VERSION.tgz  | tar -C /opt/mozdef/ -xz && \
-  cd /opt/mozdef/Python-$PYTHON_VERSION && \
-  ./configure && \
-  make && \
-  make install && \
-  rm -r /opt/mozdef/Python-$PYTHON_VERSION && \
   cd /opt/mozdef && \
   yum install -y mysql-devel \
+                    python \
                     python-devel \
                     python-pip && \
   chown -R mozdef:mozdef /opt/mozdef/ && \

docker/compose/mozdef_sampledata/Dockerfile

@@ -0,0 +1,14 @@
+FROM mozdef_base:latest
+
+LABEL maintainer="mozdef@mozilla.com"
+
+RUN mkdir -p /opt/mozdef/envs/mozdef/examples
+COPY ./examples /opt/mozdef/envs/mozdef/examples
+
+COPY docker/compose/mozdef_sampledata/files/sampleData2MozDef.conf /opt/mozdef/envs/mozdef/examples/demo/sampleData2MozDef.conf
+RUN chown -R mozdef:mozdef /opt/mozdef/envs/mozdef/examples
+RUN chmod u+rwx /opt/mozdef/envs/mozdef/examples/demo/sampleevents.sh
+
+WORKDIR /opt/mozdef/envs/mozdef/examples/demo
+
+USER root

docker/compose/mozdef_sampledata/files/sampleData2MozDef.conf

@@ -0,0 +1,4 @@
+[options]
+alertsminutesinterval = 10
+attackersminutesinterval = 10
+url = http://nginx:8080/events/

docker/compose/mozdef_sampledata/files/supervisor.conf

@@ -0,0 +1,9 @@
+[supervisord]
+nodaemon=true
+autostart=true
+autorestart=true
+#real time constant stream of demo events/alerts/attackers
+[program:realTimeEvents]
+priority=10
+command=bash -c 'sleep 90 && source /opt/mozdef/envs/python/bin/activate && /opt/mozdef/envs/mozdef/examples/demo/sampleevents.sh'
+directory=/opt/mozdef/envs/mozdef/examples/demo/

docker/compose/nginx/Dockerfile

@@ -10,6 +10,6 @@ RUN \
   yum clean all
 
 
-COPY files/nginx.conf /etc/nginx/nginx.conf
+COPY docker/compose/nginx/files/nginx.conf /etc/nginx/nginx.conf
 
 EXPOSE 80 9090