Docker: Run without a systemctl helper script

4 files changed, 42 insertions, 14 deletions

diff --git a/ci/docker/docker-compose.yml b/ci/docker/docker-compose.yml
index 7e102e4..066c41d 100644
--- a/ci/docker/docker-compose.yml
+++ b/ci/docker/docker-compose.yml
@@ -33,7 +33,7 @@ services:
       - NET_ADMIN
     environment: *common-env
     healthcheck:
-        test: ["CMD", "systemctl", "status", "wg-quick@wg0"] # Wait for wireguard to come online
+        test: ["CMD", "/eduvpn/server/healthcheck.sh"] # Wait for wireguard to come online
         interval: 5s
         timeout: 10s
         retries: 10
diff --git a/ci/docker/eduvpn-server.docker b/ci/docker/eduvpn-server.docker
index ab45a48..fd9891d 100644
--- a/ci/docker/eduvpn-server.docker
+++ b/ci/docker/eduvpn-server.docker
@@ -44,6 +44,9 @@ RUN cp resources/ssl.fedora.conf /etc/httpd/conf.d/ssl.conf
 RUN cp resources/localhost.fedora.conf /etc/httpd/conf.d/localhost.conf
 RUN cp resources/vpn.example.fedora.conf "/etc/httpd/conf.d/${WEB_FQDN}.conf"
 
+# Otherwise we get: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.20.0.6. Set the 'ServerName' directive globally to suppress this message
+RUN echo "ServerName 127.0.0.1" >> /etc/httpd/conf/httpd.conf
+
 RUN sed -i "s/vpn.example/${WEB_FQDN}/" "/etc/httpd/conf.d/${WEB_FQDN}.conf"
 RUN sed -i "s/vpn.example/${WEB_FQDN}/" "/etc/vpn-user-portal/config.php"
 
@@ -64,15 +67,10 @@ COPY ./ci/docker/selfsigned/${WEB_FQDN}.crt /etc/pki/tls/certs/${WEB_FQDN}.crt
 WORKDIR /eduvpn/server
 ADD ci/docker/starteduvpn.sh /eduvpn/server
 ADD ci/docker/replaceexpiry.sh /eduvpn/server
+ADD ci/docker/healthcheck.sh /eduvpn/server
 
 RUN chmod +x ./starteduvpn.sh
 RUN chmod +x ./replaceexpiry.sh
-
-# While we could mimic the systemd units ourselves, let's use a systemctl replacement script
-# This makes it easier to update
-RUN wget https://raw.githubusercontent.com/gdraheim/docker-systemctl-replacement/master/files/docker/systemctl3.py -O /bin/systemctl
-
-# make it executable
-RUN chmod +x /bin/systemctl
+RUN chmod +x ./healthcheck.sh
 
 CMD ["./starteduvpn.sh"]
diff --git a/ci/docker/healthcheck.sh b/ci/docker/healthcheck.sh
new file mode 100755
index 0000000..a6bbc0d
--- /dev/null
+++ b/ci/docker/healthcheck.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+# Check if wg show has any output
+output_wg="$(wg show)"
+[[ -n $output_wg ]]
diff --git a/ci/docker/starteduvpn.sh b/ci/docker/starteduvpn.sh
index 36c881d..fab2d2d 100755
--- a/ci/docker/starteduvpn.sh
+++ b/ci/docker/starteduvpn.sh
@@ -15,10 +15,11 @@ fi
 # Replace expiry
 ./replaceexpiry.sh /etc/vpn-user-portal/config.php
 
-# Start the preliminary systemd units
-systemctl start php-fpm
-systemctl start httpd
-systemctl start crond
+# Start the preliminary services
+mkdir /run/php-fpm
+php-fpm --nodaemonize &
+crond &
+httpd -DFOREGROUND &
 
 # Start the daemon in the background and get the PID
 vpn-daemon &
@@ -27,8 +28,32 @@ pid_daemon=$!
 # Wait a bit
 sleep 5
 
-# Apply the vpn configuration
-vpn-maint-apply-changes
+# Snippet from vpn-maint-apply-changes
+# Enable & Start WireGuard
+rm -rf /etc/wireguard/*
+if ! /usr/libexec/vpn-server-node/server-config; then
+    exit 1
+fi
+for F in /etc/wireguard/*.conf
+do
+    case ${F} in
+        *.conf)
+            CONFIG_NAME=$(basename "${F}" .conf)
+            wg-quick up "${CONFIG_NAME}"
+        ;;
+    esac
+done
+# sync with vpn-daemon, no need to wait for the cron, but *ONLY* do this when
+# this is a machine with vpn-user-portal installed
+if [ -d /etc/vpn-user-portal ]; then
+    if [ -f /etc/redhat-release ]; then
+        sudo -u apache /usr/libexec/vpn-user-portal/daemon-sync
+    fi
+    if [ -f /etc/debian_version ]; then
+        sudo -u www-data /usr/libexec/vpn-user-portal/daemon-sync
+    fi
+fi
+
 
 # Add the user with the env variables
 sudo -u apache vpn-user-portal-account --add "${PORTAL_USER}" --password "${PORTAL_PASS}"