diff --git a/CHANGELOG.md b/CHANGELOG.md index e36fbd843..6940b7214 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,12 +10,15 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/). ### Changed - docker image: updated github CI to explicitly build tag versions (@robertcheramy) +- docker image: update rake build_container to match the tags of GitHub CI (@robertcheramy) ### Fixed - powerconnect: Remove undesirable inserted blank lines during pagination. Fixes #3413 (@clifcox) -- docker image: remove ubuntu user introduced in noble (@robertcheramy) -- docker image: correct rights under /home/oxidized (@robertcheramy) - +- docker image: remove ubuntu user introduced in noble. Fixes #3336 (@robertcheramy) +- docker image: correct rights under /home/oxidized. Fixes #3336 (@robertcheramy) +- docker image: revert the use of GEM_HOME. Fixes #3331 (@robertcheramy) +- docker image: improve the documentation. Fixes #3336 (@robertcheramy) +- docker image: remove examples/podman-compose as this is better documented in docs/Docker.md (@robertcheramy) ## [0.32.1 – 2025-02-20] This minor release fixes a javascript issue in oxidized-web, which is included diff --git a/Dockerfile b/Dockerfile index ab491eb79..a2dc8b76c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,44 +1,3 @@ -################### -# Stage 1: Prebuild to save space in the final image. - -FROM docker.io/phusion/baseimage:noble-1.0.0 AS prebuilder - -ENV DEBIAN_FRONTEND=noninteractive - -# install necessary packages for building gems -RUN apt-get -yq update && apt-get install -yq --no-install-recommends \ - build-essential \ - git \ - ruby-dev \ - && rm -rf /var/lib/apt/lists/* - -# create bundle directory -RUN mkdir -p /usr/local/bundle -ENV GEM_HOME=/usr/local/bundle - -################### -# Install the x25519 gem -RUN gem install x25519 --no-document - - -################### -# build oxidized -COPY . /tmp/oxidized/ -WORKDIR /tmp/oxidized - -# docker automated build gets shallow copy, but non-shallow copy cannot be unshallowed -RUN git fetch --unshallow || true - -# Remove any older gems of oxidized if they exist -RUN rm pkg/* || true - -# Build oxidized -RUN rake build - - -################### -# Stage2: build an oxidized container from phusion/baseimage-docker and install -# gems from stage1 FROM docker.io/phusion/baseimage:noble-1.0.0 ENV DEBIAN_FRONTEND=noninteractive @@ -70,9 +29,9 @@ COPY extra/auto-reload-config.runit /etc/service/auto-reload-config/run COPY extra/update-ca-certificates.runit /etc/service/update-ca-certificates/run # set up dependencies for the build process -RUN apt-get -yq update \ - && apt-get -yq upgrade \ - && apt-get -yq --no-install-recommends install ruby \ +RUN apt-get -qy update \ + && apt-get -qy upgrade \ + && apt-get -qy --no-install-recommends install ruby \ # Build process of oxidized from git (beloww) git \ # Allow git send-email from docker image @@ -97,13 +56,6 @@ RUN apt-get -yq update \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* -# copy the compiled gem from the builder stage -COPY --from=prebuilder /usr/local/bundle /usr/local/bundle - -# Set environment variables for bundler -ENV GEM_HOME="/usr/local/bundle" -ENV PATH="$GEM_HOME/bin:$PATH" - # gems not available in ubuntu noble RUN gem install --no-document \ # dependencies for hooks @@ -113,11 +65,25 @@ RUN gem install --no-document \ # Net scp is needed in Version >= 4.1.0, which is not available in ubuntu net-scp -# install oxidized from prebuilder -# The Dockerfile ist version-independent, so use oxidized-*.gem to cach the gem -RUN mkdir -p /tmp/oxidized -COPY --from=prebuilder /tmp/oxidized/pkg/oxidized-*.gem /tmp/oxidized/ -RUN gem install /tmp/oxidized/oxidized-*.gem +# Prepare the build of oxidized, copy our workig directory in the container +COPY . /tmp/oxidized/ +WORKDIR /tmp/oxidized + +# Install gems which needs a build environment +RUN apt-get -qy update && \ + apt-get -qy install --no-install-recommends \ + build-essential git ruby-dev && \ + ##### X25519 (a.k.a. Curve25519) Elliptic Curve Diffie-Hellman + gem install x25519 && \ + ##### build & install oxidized from the working repository + # docker automated build gets shallow copy, but non-shallow copy cannot be unshallowed + git fetch --unshallow || true && \ + rake install && \ + # remove the packages we do not need. + apt-get -qy remove build-essential git ruby-dev && \ + apt-get -qy autoremove && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* # install oxidized-web RUN gem install oxidized-web --no-document diff --git a/README.md b/README.md index a754e9b00..ebcfe8e97 100644 --- a/README.md +++ b/README.md @@ -37,8 +37,7 @@ Check out the [Oxidized TREX 2014 presentation](http://youtu.be/kBQ_CTUuqeU?t=3h * [CentOS, Oracle Linux, Red Hat Linux](#centos-oracle-linux-red-hat-linux) * [FreeBSD](#freebsd) * [Build from Git](#build-from-git) - * [Docker](#running-with-docker) - * [Podman-Compose](#running-with-podman-compose) + * [Docker & Podman](docs/Docker.md) * [Installing Ruby 2.3 using RVM](#installing-ruby-23-using-rvm) 3. [Initial Configuration](#configuration) 4. [Configuration](docs/Configuration.md) @@ -155,99 +154,8 @@ gem install bundler rake install ``` -### Running with Docker - -Currently, Docker Hub automatically builds the master branch for linux/amd64 -and linux/arm64 platforms as -[oxidized/oxidized](https://hub.docker.com/r/oxidized/oxidized/). Each official -release also gets its own tag. -You can make use of this container or build your own. - -To build your own, clone git repo: - -```shell -git clone https://github.com/ytti/oxidized -``` - -Then, build the container locally (requires docker 17.05.0-ce or higher): - -```shell -docker build -q -t oxidized/oxidized:latest oxidized/ -``` - -Once you've built the container (or chosen to make use of the automatically built container in Docker Hub, which will be downloaded for you by docker on the first `run` command had you not built it), proceed as follows: - -Create a configuration directory in the host system: - -```shell -mkdir /etc/oxidized -``` - -Run the container for the first time to initialize the config: - -_Note: this step in only required for creating the Oxidized configuration file and can be skipped if you already have one._ - -```shell -docker run --rm -v /etc/oxidized:/home/oxidized/.config/oxidized -p 8888:8888/tcp --user oxidized -t oxidized/oxidized:latest oxidized -``` - -If the RESTful API and Web Interface are enabled, on the docker host running the container -edit `/etc/oxidized/config` and modify `rest: 127.0.0.1:8888` to `rest: 0.0.0.0:8888`. This will bind port 8888 to all interfaces, and expose the port so that it could be accessed externally. [(Issue #445)](https://github.com/ytti/oxidized/issues/445) - -Alternatively, you can use docker-compose to launch the oxidized container: - -```yaml -# docker-compose.yml -# docker-compose file example for oxidized that will start along with docker daemon ---- -version: "3" -services: - oxidized: - restart: always - image: oxidized/oxidized:latest - ports: - - 8888:8888/tcp - environment: - CONFIG_RELOAD_INTERVAL: 600 - volumes: - - config:/home/oxidized/.config/oxidized/ -volumes: - config: -``` - -Create the `/etc/oxidized/router.db` (see [CSV Source](docs/Sources.md#source-csv) for further info): - -```shell -vim /etc/oxidized/router.db -``` - -Run container again to start oxidized with your configuration: - -```shell -docker run -v /etc/oxidized:/home/oxidized/.config/oxidized -p 8888:8888/tcp -t oxidized/oxidized:latest -oxidized[1]: Oxidized starting, running as pid 1 -oxidized[1]: Loaded 1 nodes -Puma 2.13.4 starting... -* Min threads: 0, max threads: 16 -* Environment: development -* Listening on tcp://0.0.0.0:8888 -``` - -If you want to have the config automatically reloaded (e.g. when using a http source that changes): - -```shell -docker run -v /etc/oxidized:/home/oxidized/.config/oxidized -p 8888:8888/tcp -e CONFIG_RELOAD_INTERVAL=3600 -t oxidized/oxidized:latest -``` - -If you need to use an internal CA (e.g. to connect to an private github instance): - -```shell -docker run -v /etc/oxidized:/home/oxidized/.config/oxidized -v /path/to/MY-CA.crt:/usr/local/share/ca-certificates/MY-CA.crt -p 8888:8888/tcp -e UPDATE_CA_CERTIFICATES=true -t oxidized/oxidized:latest -``` - -### Running with podman-compose -Under [examples/podman-compose](examples/podman-compose), you will find a complete -example of how to integrate the container into a docker-compose.yml file. +### Running with Docker od Podman +See [docs/Docker.md](docs/Docker.md) ### Installing Ruby 2.3 using RVM diff --git a/Rakefile b/Rakefile index 777485dad..c433be15d 100644 --- a/Rakefile +++ b/Rakefile @@ -95,15 +95,19 @@ end desc 'Build the container image with docker or podman' task :build_container do + branch_name = %x(git rev-parse --abbrev-ref HEAD).chop + sha_hash = %x(git rev-parse --short HEAD).chop + image_tag = "#{branch_name}-#{sha_hash}" + # Prefer podman if available as it runs rootless if command_available?('podman') - sh 'podman build -t oxidized:`git describe --tags` -t oxidized:latest .' + sh "podman build -t oxidized:#{image_tag} -t oxidized:latest ." elsif command_available?('docker') if docker_needs_root? puts 'docker needs root to build the image. Using sudo...' - sh 'sudo docker build -t oxidized:`git describe --tags` -t oxidized:latest .' + sh "sudo docker build -t oxidized:#{image_tag} -t oxidized:latest ." else - sh 'docker build -t oxidized:`git describe --tags` -t oxidized:latest .' + sh "docker build -t oxidized:#{image_tag} -t oxidized:latest ." end else puts 'You need Podman or Docker to build the container image.' diff --git a/docs/Docker.md b/docs/Docker.md new file mode 100644 index 000000000..621d0b050 --- /dev/null +++ b/docs/Docker.md @@ -0,0 +1,240 @@ +# Running oxidized within an OCI container (docker, podman...) + +## Docker image +The official Docker image is automatically built and pushed to hub.docker.com +as [oxidized/oxidized](https://hub.docker.com/r/oxidized/oxidized/) with a +[GitHub CI](/.github/workflows/publishdocker.yml). + +There are three different types of tags: +- Each commit to the master branch will be published with the tag + `master-(git sha oid)` +- Each release will be published with the version as a tag +- Latest is the latest release, either from a commit or a release tag + +Currently, Docker Hub automatically builds the master branch for linux/amd64 and +linux/arm64 platforms as +[oxidized/oxidized](https://hub.docker.com/r/oxidized/oxidized/). You can make +use of this container or build your own. + +## Choose a container running environment +There are many options to run containers. Two main options are +[docker](https://www.docker.com/) and [podman](https://podman.io/). A main +difference is that docker requires root rights to run, and podman can be run +by a local user. Both work with oxidized, so the choice is up to you. + +Oxidized has also been reported to work with +[Portainer](https://www.portainer.io/). + +## File rights in the container userspace and host userspace +As oxidized runs under the user "oxidized" (UID: 30000) in the container +userspace, docker and podman will map this UID in the shared volumes, producing +weird UIDs in the host userspace. + +### docker +When docker runs the container as root, the mapping to the UIDs in the host +userspace will be the same as in the container, so the files produced by the +oxidized user in the container will have UID 30000 in the host. + +If you map a volume between the host and the container and need it to be +accessed by the oxidized user, you need to fix the UIDs: +``` +sudo chown 30000:30000 ~/oxidized-config +``` + +### podman +When podman is run as a user, the mapping of UIDs between the container and the +linux host will depend on your UID on the host. + +If you map a volume between the host and the container and need it to be +accessed by the oxidized user, you need to fix the UIDs: + +``` +podman unshare chown 30000:30000 ~/oxidized-config +``` + +If you need to access the files from the linux host, you can do this by +prefixing `podman unshare` to your shell commands. + +## Build you own container image +To build your own container image, clone the git repository: + +```shell +git clone https://github.com/ytti/oxidized +``` + +Then, build the container locally: + +```shell +sudo docker build -q -t oxidized/oxidized:latest oxidized/ +``` + +- `-q` stands for quiet; remove it if you want to see the build process. +- `-t oxidized/oxidized:latest` tags the image as `oxidized/oxidized:latest` + +You can also build with podman: +``` +podman build -t oxidized:latest oxidized/ +``` + +Within the oxidized repository, using `rake build_container` will automatically +build the container (with podman or docker), name it `localhost/oxidized` and +give it the tags `latest` and `-`, for example +`localhost/oxidized:master-65baab9`. + +## Set up an environment for the container +Once you've built the container (or chosen to make use of the automatically +built container in Docker Hub, which will be downloaded for you by docker on the +first `run` command had you not built it), you need to set up an environment +for the container. + +First, you need a configuration directory in the host system that you can map +in the container. You can choose any directory you want, we'll take +`~/oxidized-config` in our example. Don't forget to adjust the permissions as +explained above. + +If you already have a configuration for oxidized (`config`), you can skip this +step. Just save it under `~/oxidized-config` and run the container (see below). + +If you don't have a configuration, you can make oxidized produce one for you, so +that you just have to adapt it to your needs. + +```shell +sudo docker run --rm -v ~/oxidized-config:/home/oxidized/.config/oxidized docker.io/oxidized/oxidized:latest su - oxidized -c oxidized +``` +```shell +podman run --rm -v ~/oxidized-config:/home/oxidized/.config/oxidized docker.io/oxidized/oxidized:latest su - oxidized -c oxidized +``` + +- `--rm` tells docker to automatically remove the container when he exits +- `-v ~/oxidized-config:/home/oxidized/.config/oxidized` maps your local + `~/oxidized-config` into `/home/oxidized/.config/oxidized`in the container + environment. +- `su - oxidized -c oxidized` runs oxidized under the user oxidized, so that it + can produce a configuration under `/home/oxidized/.config/oxidized` + + +This will return `edit /home/oxidized/.config/oxidized/config`, which is the +path in the container context. Now you can edit `~/oxidized-config/config` to +fit your needs. + +You can reiterate this process a few times, until oxidized is happy with the +config, an then you're finished with setting up the environment. + + +You also need to create the `router.db` file under +`~/oxidized-config/config/router.db` (see +[CSV Source](/docs/Sources.md#source-csv) for further info) or configure another +source to suit your needs. Don't forget to set the file permissions (owner) +properly! + + + +## Run the container +Now you can run the container without specifying an entry point. It will +automatically start oxidized and every other process needed. +```shell +sudo docker run --rm -v ~/oxidized-config:/home/oxidized/.config/oxidized -p 8888:8888/tcp docker.io/oxidized/oxidized:latest +``` +```shell +podman run --rm -v ~/oxidized-config:/home/oxidized/.config/oxidized -p 8888:8888/tcp docker.io/oxidized/oxidized:latest +``` + +`-p 8888:8888/tcp` maps the TCP port 8888 in the container with the port +8888 on the host, so that you can access the RESTful API and Web Interface +from the host. +If the RESTful API and Web Interface should be enabled, edit the +configuration (in our example `~/oxidized-config/config`) and modify +`rest: 127.0.0.1:8888` to `rest: 0.0.0.0:8888`. This will bind port 8888 to all +interfaces, and expose the port so that it can be accessed externally. +[(Issue #445)](https://github.com/ytti/oxidized/issues/445) + + +## Run with with docker-compose / podman-compose +Alternatively, you can use docker-compose or podman-compose to run the +container: + +```yaml +# docker-compose.yml +# docker-compose file example for oxidized that will start along with docker daemon +--- +version: "3" +services: + oxidized: + restart: always + image: docker.io/oxidized/oxidized:latest + ports: + - 8888:8888/tcp + environment: + # Reload hosts list once per day + CONFIG_RELOAD_INTERVAL: 86400 + volumes: + - ~/oxidized-config/config:/home/oxidized/.config/oxidized/ +``` + +To start the pod, use `docker-compose up` or `podman-compose down`. + +## Special configurations of the official container +### Reload the configuration +If you want to have the config automatically reloaded (e.g. when using a http +source that changes), you need to set the environment variable +CONFIG_RELOAD_INTERVAL. This can be done in `docker-compose.yml` (see above) or +on the command line: + +```shell +sudo docker run -v ~/oxidized-config:/home/oxidized/.config/oxidized -p 8888:8888/tcp -e CONFIG_RELOAD_INTERVAL=3600 docker.io/oxidized/oxidized:latest +``` +### Use an internal CA +If you need to use an internal CA (e.g. to connect to an private github instance): + +```shell +docker run -v /etc/oxidized:/home/oxidized/.config/oxidized -v /path/to/MY-CA.crt:/usr/local/share/ca-certificates/MY-CA.crt -p 8888:8888/tcp -e UPDATE_CA_CERTIFICATES=true -t oxidized/oxidized:latest +``` + +### Pass the ssh passphrase for a remote git +If you don't want to authenticate with user & password but with a ssh-key, you +can set the ssh passphrase with the environment variable +`OXIDIZED_SSH_PASSPHRASE` + +## Tipps & tricks +### podman & Debian Bookworm +To install podman in Debian Bookwork, you need following packages: +```shell +sudo apt install podman containers-storage podman-compose +``` + +Ensure Podman is using the overlay driver for image storage. +Without this driver, Podman may save every container layer separately rather +than only the changes, which can quickly consume disk space. + +This issue can occur if podman was run before installing the +`container-storage` package. + +```shell +podman info | grep graphDriverName +``` + +You should get this reply +```shell + graphDriverName: overlay +``` + +If not, a quick way to solve it is to delete `~/.local/share/containers/`. +Beware - this will delete **all** your containers! + +### Store the ssh keys a remote git repository +When you user the githubrepo hook to upload your configs to a remote git repository, you have to store your ssh-key and the public keys of the remote server. Create a folder `~/oxidized-ssh` and map it to `/home/oxidized/.ssh`. + + +To generate an ssh-key, run: +```shell +ssh-keygen -q -t ed25519 -C "Oxidized Push Key@`hostname`" -N "YOURPASSPHRASE" -m PEM -f ~/oxidized-ssh/oxidized-key +``` + +You also need to store the public keys of the remote git server in known_hosts. If you do not, +oxidized will refuse to push to the remote Git with the error `#`, see Issue #2753. + +```shell +ssh-keyscan git-server.example.com > ~/oxidized-ssh/known_hosts +``` + +Don't forget to set the permission (owner) of the files for the user oxidized inside the container! diff --git a/examples/podman-compose/Makefile b/examples/podman-compose/Makefile deleted file mode 100644 index c39bc9c9c..000000000 --- a/examples/podman-compose/Makefile +++ /dev/null @@ -1,103 +0,0 @@ -# Make sure these targets always run -.PHONY: help rights clean-rights - -help: - @: $(info $(HELP)) - -rights: - podman unshare chown -R 30000:30000 oxidized-config oxidized-ssh - podman unshare chown -R 30001 gitserver/repo.git - -clean-rights: - podman unshare chown -R 0:0 * - -start: gitserver-createrepo rights images - if [ -f oxidized-config/config ]; then \ - podman-compose -p oxidized up ; \ - else { \ - echo "\n########\noxidized-config/config does not exist"; \ - echo "create one or copy an example in the folder"; \ - } fi - -run: start - -stop: - podman-compose -p oxidized down - $(MAKE) clean-rights - -start-local: - if [ -f oxidized-config/config.local ]; then \ - cp oxidized-config/config.local oxidized-config/config; \ - else \ - echo "\n########\noxidized-config/config.local does not exist"; \ - fi - $(MAKE) start - -stop-local: stop - if [ -f oxidized-config/config.local ]; then \ - git checkout -- oxidized-config/config; \ - else \ - echo "\n########\noxidized-config/config.local does not exist"; \ - fi - -# creates a container image for the model simulation -model-image: - podman image exists local/model || \ - podman build -t local/model -f model-simulation/Dockerfile-model . - -model-clean: - podman rmi local/model - -# creates a container image for gitserver -gitserver-image: - podman image exists local/gitserver || \ - podman build -t local/gitserver gitserver/ - -# create the repo repo.git inside the gitserver mapped volume -gitserver-createrepo: clean-rights - if [ ! -d gitserver/repo.git ]; then \ - git init --bare gitserver/repo.git; \ - fi - -gitserver-clean: - podman rmi local/gitserver - rm -rf gitserver/repo.git - -gitserver-getkey: - podman exec --user oxidized -t oxidized_oxidized_1 sh -c "ssh-keyscan gitserver > /home/oxidized/.ssh/known_hosts" - -# build all helper containter images -images: model-image gitserver-image oxidized-image - -# build the oxidized image from the curent repository -oxidized-image: - podman build -t oxidized:`git describe --tags` -t oxidized:latest ../../ - -# removes the oxidized image -oxidized-image-clean: - podman rmi local/oxidized - -# run evey clean line, even if the previous fails -clean: - -$(MAKE) stop-local - -$(MAKE) model-clean - -$(MAKE) gitserver-clean - -$(MAKE) oxidized-image-clean - -define HELP -make help - This help -make rights - Change the rights of mapped folders for the users inside - the container -make clean-rights - Revert the rights of mapped folders to the local user -make start - Start the pod with all containers (alias - make run) - You can interrupt with Ctrl-C, but make sure you run - 'make stop' to realy stop the container -make stop - Stop the pod -make start-local - Starts the pod with the local configuration - oxidized-config/config.local -make stop-local - Stops the pod and restores - oxidized-config/config from git -make gitserver-getkey - stores the public key of the gitserver into - oxidized-ssh/known_hosts (the pod must be running) -make clean - reverts everything to its original state -endef diff --git a/examples/podman-compose/README.md b/examples/podman-compose/README.md deleted file mode 100644 index 4004a1aa4..000000000 --- a/examples/podman-compose/README.md +++ /dev/null @@ -1,94 +0,0 @@ -# Running Oxidized with podman-compose -This example demonstrates running Oxidized within an OCI container using -podman-compose. It’s actively used in Oxidized development to validate the -container’s functionality and to simulate potential issues. - -While this example uses podman and podman-compose, it should also be compatible -with docker, as podman supports docker’s CLI. - -To make this example work seamlessly, a simulated network device is included. -The asternos model is used here for simplicity, as it requires minimal commands -to implement. The simulated output doesn’t replicate real device responses but -provides changing lines over time to test Oxidized’s functionality. - - -The example also provides a Git server to test the interaction with it. - -# Run the example -> :warning: the example builds local containers and will require at least 2 GB -> of disk space along with some CPU and time during the first run. - -To start the example, simply run `make start`. Ensure you have installed the -necessary [dependencies](#dependencies) before. - -To stop, press `CTRL-C` or run `make stop` in a separate shell. If you exit -with `CTRL-C`, make sure to run `make stop` afterward to properly clean up the -environment. - -## Running Environment -This example of oxidized with podman-compose is running on Debian -Bookworm (Version 12). It should work with few adaptations on any Linux -box running podman, and maybe also with docker. - -## Dependencies -To get started, install the required packages on your Debian system: -```shell -sudo apt install podman containers-storage podman-compose make -``` - -Ensure Podman is using the overlay driver for image storage. -Without this driver, Podman may save every container layer separately rather -than only the changes, which can quickly consume disk space. - -This issue can occur if podman was run before installing the -`container-storage` package. - -```shell -podman info | grep graphDriverName -``` - -You should get this reply -```shell - graphDriverName: overlay -``` - -If not, the quick way I found to solve it is to delete `~/.local/share/containers/`. -Beware - this will delete **all** your containers! - -## Adapting to your needs -Feel free to customize this setup as you wish! You may want to edit -`docker-compose.yml` to remove any containers simulating specific components. - -## Use your own oxidized configuration in the git repository -When developing oxidized or testing the container, you may want to use a custom -configuration. This can be done by saving it under `oxidized-config/config.local` - -`make start-local` will recognize the local configuration and copy it to -`oxidized-config/config` before starting the container. - -You should stop the container with `make stop-local` in order to restore the -original configuration from the git repository. - -In the folder `oxidized-config/, you will also find some example configs, -for example `config_csv-gitserver`. To use them, just copy the file to `config`. - -## Git server public keys -To enable Oxidized to access the Git server, you'll need to retrieve the -servers' public SSH keys and store them under `oxidized-ssh/known_hosts`. -Without this, you will encounter the following error: - -``` -ERROR -- : Hook push_to_remote (#) failed (#) for event :post_store -``` - -While the container environment is running (`make start`), open a separate shell -and run: -``` -make gitserver-getkey -``` - -You do not need to restart the container environment; Oxidized will -automatically use the key the next time it pushes to the remote Git repository. - - - diff --git a/examples/podman-compose/docker-compose.yml b/examples/podman-compose/docker-compose.yml deleted file mode 100644 index bdeb6f696..000000000 --- a/examples/podman-compose/docker-compose.yml +++ /dev/null @@ -1,30 +0,0 @@ -services: - oxidized: - # Choose the image that you want to test - # image: docker.io/oxidized/oxidized:0.30.1 - # image: docker.io/oxidized/oxidized:latest - # local/oxidized is build by "make oxidized-image" and "make run" - image: local/oxidized - ports: - - 127.0.0.1:8042:8888/tcp - environment: - # Reload hosts list once per day - CONFIG_RELOAD_INTERVAL: 86400 - # Needed when you push to a remote git repository - OXIDIZED_SSH_PASSPHRASE: xxxxPassphasexxxx - volumes: - - ./oxidized-config:/home/oxidized/.config/oxidized - - ./oxidized-ssh:/home/oxidized/.ssh - - # This is a simulated network device for the example to work out of the box - asternos-device: - image: localhost/local/model - volumes: - - ./model-simulation/asternos.sh:/home/oxidized/.profile - - ./model-simulation/asternos.sh:/home/admin/.profile - - # This is a gitserver to push our configs - gitserver: - image: localhost/local/gitserver - volumes: - - ./gitserver/repo.git:/home/git/repo.git diff --git a/examples/podman-compose/gitserver/.gitignore b/examples/podman-compose/gitserver/.gitignore deleted file mode 100644 index 280352efd..000000000 --- a/examples/podman-compose/gitserver/.gitignore +++ /dev/null @@ -1 +0,0 @@ -repo.git diff --git a/examples/podman-compose/gitserver/Dockerfile b/examples/podman-compose/gitserver/Dockerfile deleted file mode 100644 index ef724b03f..000000000 --- a/examples/podman-compose/gitserver/Dockerfile +++ /dev/null @@ -1,14 +0,0 @@ -FROM docker.io/phusion/baseimage:noble-1.0.0 - -# Use baseimage-docker's init system. -CMD ["/sbin/my_init"] - -# enable ssh -RUN rm -f /etc/service/sshd/down -RUN /etc/my_init.d/00_regen_ssh_host_keys.sh - -# Add user for the gitserver. The password is "git" -RUN useradd -m git -p '$6$32WDb0LTFyQkLffy$u15COVx7CQ4tgp4JT4DO4LJ96q/jwFSpuZC3WrllNQDNa6nW1LhJKW9rLV57ak3rj9Ln./aRA85jzeof1B0Gi1' -s /bin/bash -u 30001 - -# And install git -RUN install_clean git diff --git a/examples/podman-compose/model-simulation/Dockerfile-model b/examples/podman-compose/model-simulation/Dockerfile-model deleted file mode 100644 index dd69b3f14..000000000 --- a/examples/podman-compose/model-simulation/Dockerfile-model +++ /dev/null @@ -1,13 +0,0 @@ -FROM docker.io/phusion/baseimage:noble-1.0.0 - -# Use baseimage-docker's init system. -CMD ["/sbin/my_init"] - -# enable ssh -RUN rm -f /etc/service/sshd/down -RUN /etc/my_init.d/00_regen_ssh_host_keys.sh - -# Add users to login. The password is "oxidized" -RUN useradd -m oxidized -p '$y$j9T$UoDYxDiE.8iBGmoaD/acn1$kVvYvoEIJdKUmIKFVBRYKLIVzmEBP1RKrCM6Vfx.V55' -s /bin/bash -RUN useradd -m admin -p '$y$j9T$UoDYxDiE.8iBGmoaD/acn1$kVvYvoEIJdKUmIKFVBRYKLIVzmEBP1RKrCM6Vfx.V55' -s /bin/bash - diff --git a/examples/podman-compose/model-simulation/asternos.sh b/examples/podman-compose/model-simulation/asternos.sh deleted file mode 100644 index 76961a239..000000000 --- a/examples/podman-compose/model-simulation/asternos.sh +++ /dev/null @@ -1,36 +0,0 @@ -# if running bash -if [ -n "$BASH_VERSION" ]; then - # include .bashrc if it exists - if [ -f "$HOME/.bashrc" ]; then - . "$HOME/.bashrc" - fi -fi - -# Display a MOTD -cat << EOF -This is the welcome message of this device -it is muliline -End of the MOTD -EOF - -function show() { - if [ "$*" == "version" ]; then - echo "Version 1.2.3" - # Make the output change over time - date - elif [ "$*" == "runningconfiguration all" ]; then - cat << EOF -! begin of the configuration -! this is the running config -! -I have no idea how a configuration in asternos looks like ;-) -! -! End of the Configuration -EOF - else - echo "command 'show $*' not implemented" - fi -} - -PS1="asternos$" - diff --git a/examples/podman-compose/oxidized-config/.gitignore b/examples/podman-compose/oxidized-config/.gitignore deleted file mode 100644 index 4bdf89dd2..000000000 --- a/examples/podman-compose/oxidized-config/.gitignore +++ /dev/null @@ -1,10 +0,0 @@ -# Ignore local configurations, which will override the git config -config.local -router.db.local - -# Ignore logs, retrieved configs... -pid -configs/ -crash -logs/ -oxidized.git/ diff --git a/examples/podman-compose/oxidized-config/config b/examples/podman-compose/oxidized-config/config deleted file mode 100644 index 3ab54412b..000000000 --- a/examples/podman-compose/oxidized-config/config +++ /dev/null @@ -1,46 +0,0 @@ ---- -username: oxidized -password: oxidized -resolve_dns: true -interval: 3600 -use_syslog: false -debug: false -threads: 30 -use_max_threads: true -timeout: 20 -retries: 3 -prompt: !ruby/regexp /^([\w.@-]+[#>]\s?)$/ -rest: 0.0.0.0:8888 -next_adds_job: false -vars: {} -groups: {} -group_map: {} -models: {} -pid: "~/.config/oxidized/pid" -crash: - directory: "~/.config/oxidized/crashes" - hostnames: false -stats: - history_size: 10 -input: - default: ssh - debug: false - ssh: - secure: false - ftp: - passive: true - utf8_encoded: true -output: - default: file - file: - directory: "~/.config/oxidized/configs/" -source: - default: csv - csv: - file: "~/.config/oxidized/router.db" - delimiter: !ruby/regexp /:/ - map: - name: 0 - model: 1 - ip: 2 - gpg: false diff --git a/examples/podman-compose/oxidized-config/config_csv-file b/examples/podman-compose/oxidized-config/config_csv-file deleted file mode 100644 index 3ab54412b..000000000 --- a/examples/podman-compose/oxidized-config/config_csv-file +++ /dev/null @@ -1,46 +0,0 @@ ---- -username: oxidized -password: oxidized -resolve_dns: true -interval: 3600 -use_syslog: false -debug: false -threads: 30 -use_max_threads: true -timeout: 20 -retries: 3 -prompt: !ruby/regexp /^([\w.@-]+[#>]\s?)$/ -rest: 0.0.0.0:8888 -next_adds_job: false -vars: {} -groups: {} -group_map: {} -models: {} -pid: "~/.config/oxidized/pid" -crash: - directory: "~/.config/oxidized/crashes" - hostnames: false -stats: - history_size: 10 -input: - default: ssh - debug: false - ssh: - secure: false - ftp: - passive: true - utf8_encoded: true -output: - default: file - file: - directory: "~/.config/oxidized/configs/" -source: - default: csv - csv: - file: "~/.config/oxidized/router.db" - delimiter: !ruby/regexp /:/ - map: - name: 0 - model: 1 - ip: 2 - gpg: false diff --git a/examples/podman-compose/oxidized-config/config_csv-gitserver b/examples/podman-compose/oxidized-config/config_csv-gitserver deleted file mode 100644 index a432f9059..000000000 --- a/examples/podman-compose/oxidized-config/config_csv-gitserver +++ /dev/null @@ -1,56 +0,0 @@ ---- -username: oxidized -password: oxidized -resolve_dns: true -interval: 3600 -use_syslog: false -debug: false -threads: 30 -use_max_threads: true -timeout: 20 -retries: 3 -prompt: !ruby/regexp /^([\w.@-]+[#>]\s?)$/ -rest: 0.0.0.0:8888 -next_adds_job: false -vars: {} -groups: {} -group_map: {} -models: {} -pid: "~/.config/oxidized/pid" -crash: - directory: "~/.config/oxidized/crashes" - hostnames: false -stats: - history_size: 10 -input: - default: ssh - debug: false - ssh: - secure: false - ftp: - passive: true - utf8_encoded: true -output: - default: git - git: - user: Oxidized - email: o@example.com - repo: "~/.config/oxidized/oxidized.git" -source: - default: csv - csv: - file: "~/.config/oxidized/router.db" - delimiter: !ruby/regexp /:/ - map: - name: 0 - model: 1 - ip: 2 - gpg: false -hooks: - push_to_remote: - type: githubrepo - events: - - post_store - remote_repo: git@gitserver:repo.git - username: git - password: git diff --git a/examples/podman-compose/oxidized-config/router.db b/examples/podman-compose/oxidized-config/router.db deleted file mode 100644 index 49b707969..000000000 --- a/examples/podman-compose/oxidized-config/router.db +++ /dev/null @@ -1 +0,0 @@ -asternos-device:asternos diff --git a/examples/podman-compose/oxidized-ssh/.gitignore b/examples/podman-compose/oxidized-ssh/.gitignore deleted file mode 100644 index 9ef67b0b4..000000000 --- a/examples/podman-compose/oxidized-ssh/.gitignore +++ /dev/null @@ -1 +0,0 @@ -known_hosts diff --git a/examples/podman-compose/oxidized-ssh/README.md b/examples/podman-compose/oxidized-ssh/README.md deleted file mode 100644 index dfedd0cd8..000000000 --- a/examples/podman-compose/oxidized-ssh/README.md +++ /dev/null @@ -1,14 +0,0 @@ -This is `~/.ssh/` of the user oxidized inside the oxidized container. - -## What you need here for the hook githubrepo -You can store the SSH key needed to access a remote Git repository here. Here is -an example how to generate this key. -```shell -ssh-keygen -q -t ed25519 -C "Oxidized Push Key@`hostname`" -N "YOURPASSPHRASE" -m PEM -f oxidized-key -``` - -You also need to store the public keys of the remote git server in known_hosts. If you do not, -oxidized will refuse to push to the remote Git with the error `#`, see Issue #2753. -```shell -ssh-keyscan git-server.example.com > known_hosts -```