FROM registry.yandex.net/ubuntu:bionic

RUN apt-get update && apt-get install -y \
        python2.7 \
        python-pip \
        python3.6 \
        python3-pip \
        python-virtualenv \
        python-setuptools \
        curl \
        openssh-client \
        net-tools \
        tcpdump \
        lsof \
        telnet \
        htop \
        iotop \
        mc \
        ncdu \
        dnsutils \
        iptables \
        atop \
        screen \
        strace \
        libcap2-bin \
        netcat-openbsd \
        iproute2 \
        vim \
        sudo \
        zip


RUN pip -q install --upgrade pip~=9.0 setuptools==41.0.1

# Vipnet config dumper
RUN pip3 install boto3 botocore
RUN mkdir -p /dumper/
COPY dumper/* /dumper/
RUN chmod +x /dumper/dump.sh

# Cron
COPY cron/* /etc/cron.d/
RUN chmod 644 /etc/cron.d/*

# Supervisor
RUN pip install supervisor==3.3.3 && mkdir /var/log/supervisor
COPY supervisor/supervisord.conf /etc/supervisor/supervisord.conf
COPY supervisor/conf.d/* /etc/supervisor/conf.d/
RUN mkdir -p /var/log/supervisor/apps/

# Haproxy
RUN apt install -y software-properties-common
RUN add-apt-repository -y ppa:vbernat/haproxy-1.9
RUN apt-get install -y haproxy=1.9.16-1ppa1~bionic
COPY haproxy/* /etc/haproxy/

# Vipnet Client
ARG sandbox_oauth_token
RUN curl "https://proxy.sandbox.yandex-team.ru/1819536554?stream=tgz" -H "Authorization: OAuth $sandbox_oauth_token" -o /tmp/vipnet.tar.gz
RUN tar -zxf /tmp/vipnet.tar.gz -C /tmp/
RUN dpkg -i /tmp/vipnet/vipnetclient_4.6.0-2691_amd64.deb

# После установки бинарник vipnet имеет такие capabilites:
# getcap /usr/bin/vipnetclient
# /usr/bin/vipnetclient = cap_chown,cap_dac_read_search,cap _kill,cap_setgid,cap_setuid+ep
#
# cap_dac_read_search в наших облаках не дают, и бинарник не запускается.
# Но реально этот cap и не требуется для работы vipnet. Поэтому убираем:
RUN setcap "cap_chown,cap_kill,cap_setgid,cap_setuid+ep" /usr/bin/vipnetclient

COPY get_env.py /opt/
RUN chmod +x /opt/get_env.py

# cron fix: https://stackoverflow.com/questions/43323754/cannot-make-remove-an-entry-for-the-specified-session-cron
RUN sed -i '/session    required     pam_loginuid.so/c\#session    required   pam_loginuid.so' /etc/pam.d/cron

COPY bin/* /bin/
RUN chmod +x /bin/docker-entrypoint.sh
RUN chmod +x /bin/vipnetclient_init.sh
RUN chmod +x /bin/start.sh
ENTRYPOINT ["/bin/docker-entrypoint.sh"]

CMD \
vipnetclient start && \
exec supervisord -c /etc/supervisor/supervisord.conf
