Docker and syslog

- Added dockefile to build and run the binary - Added docker compose to run the service - Made syslog option configurable and disabled by default (no syslog on docker)

Docker and syslog
1e13ba3d · Jose Carlos Luna Duran · 4b0da779 · 1e13ba3d · 1e13ba3d · 1e13ba3d
Commit 1e13ba3d authored 11 months ago by Jose Carlos Luna Duran
--- a/.dockerignore
+++ b/.dockerignore
+Dockerfile
+docker-compose.yml
--- a/Dockerfile
+++ b/Dockerfile
+MAINTAINER Jose Carlos Luna <Jose.Carlos.Luna@cern.ch>
+FROM golang:1.22.3 as builder
+ARG MUSL_VERSION=1.2.5
+RUN wget https://www.musl-libc.org/releases/musl-${MUSL_VERSION}.tar.gz && \
+   tar zxf musl-${MUSL_VERSION}.tar.gz && \
+   cd musl-${MUSL_VERSION} && \
+   ./configure --enable-static --disable-shared && \
+   make && make install
+
+COPY . /build
+RUN cd /build; CGO_ENABLED=1 CC=/usr/local/musl/bin/musl-gcc go build --ldflags '-linkmode external -extldflags=-static'
+
+FROM scratch
+WORKDIR /canary
+COPY --from=builder /build/gocanary /canary
+EXPOSE 443
+EXPOSE 80
+EXPOSE 53/tcp
+EXPOSE 53/udp
+ENTRYPOINT ["./gocanary"]
--- a/alert/alert.go
+++ b/alert/alert.go
@@ -46,14 +46,18 @@ type DNSCanary struct {
 var lastNotifTime time.Time
 var config Config
 var syslogger *syslog.Writer
+var syslogEnabled bool

-func Initialize(slackhook string, silenceSeconds uint16) {
+func Initialize(slackhook string, silenceSeconds uint16, doSyslog bool) {
 	config = Config{SlackHook: slackhook, silenceSeconds: silenceSeconds}
-	sysl, err := syslog.New(syslog.LOG_INFO, "canary")
-	if err != nil {
-		log.Fatalln(err)
+	if doSyslog {
+		sysl, err := syslog.New(syslog.LOG_INFO, "canary")
+		if err != nil {
+			log.Fatalln(err)
+		}
+		syslogger = sysl
 	}
-	syslogger = sysl
+	syslogEnabled = doSyslog
 }

 // Send a slack message
@@ -114,7 +118,7 @@ func HTTPAlert(canaryinfo HTTPCanary, alertType string) {
 		)
 	}

-	if alertType == "syslog" || alertType == "all" {
+	if syslogEnabled && (alertType == "syslog" || alertType == "all") {
 		syslogger.Write([]byte(fmt.Sprintf("%+v", canaryinfo)))
 	}

@@ -138,7 +142,7 @@ func DNSAlert(canaryinfo DNSCanary, alertType string) {
 		)
 	}

-	if alertType == "syslog" || alertType == "all" {
+	if syslogEnabled && (alertType == "syslog" || alertType == "all") {
 		syslogger.Write([]byte(fmt.Sprintf("%+v", canaryinfo)))
 	}


--- a/configtools.go
+++ b/configtools.go
@@ -30,6 +30,7 @@ var httpsPort uint16
 var dnsEnabled bool
 var dnsAnswerWith string
 var dnsNotAnswer bool
+var syslogEnabled bool
 var domains []string
 var binPath string

@@ -74,6 +75,7 @@ func init() {
 	gocanaryCmd.PersistentFlags().BoolVar(&httpsEnabled, "enable-https", false, "Enable HTTPS listener")
 	gocanaryCmd.PersistentFlags().BoolVar(&httpEnabled, "enable-http", true, "Enable HTTP listener")
 	gocanaryCmd.PersistentFlags().BoolVar(&dnsEnabled, "enable-dns", true, "Enable DNS listeners (tcp and udp)")
+	gocanaryCmd.PersistentFlags().BoolVar(&syslogEnabled, "enable-syslog", false, "Enable logging to syslog")
 	gocanaryCmd.PersistentFlags().StringArrayVar(&domains, "domain", []string{}, "Only respond to this domain (can be specified multiple times)")

 	_, filename, _, _ := runtime.Caller(1)

--- a/docker-compose.yml
+++ b/docker-compose.yml
+services:
+   gocanary:
+      build: .
+      ports:
+        - "53:53/udp"
+        - "53:53/tcp"
+        - "443:443"
+        - "80:80"
+      volumes:
+        - ./canary.yaml:/canary/canary.yaml
+        - ./config.yaml:/canary/config.yaml
+        - ./cert.pem:/canary/cert.pem
+        - ./cert.key:/canary/cert.key
+      container_name: gocanary
+      restart: always
+      
--- a/main.go
+++ b/main.go
@@ -29,7 +29,7 @@ func runCanary(cmd *cobra.Command, args []string) {
 	harden.MinCapabilities()

 	//Initialize alerter/logger
-	alert.Initialize(slackHook, slackSilence)
+	alert.Initialize(slackHook, slackSilence, syslogEnabled)

 	//Start servers
 	normalizeDomains()