rspamd: rename ENABLE_REDIS & add persistence for Redis (#3143)

This commit is contained in:
Georg Lauterbach 2023-03-04 10:45:43 +01:00 committed by GitHub
parent f0edcc28d9
commit 5e9849d94f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 32 additions and 17 deletions

View file

@ -80,7 +80,7 @@ Enable or disable Rspamd.
- **0** => disabled - **0** => disabled
- 1 => enabled - 1 => enabled
##### ENABLE_REDIS ##### ENABLE_RSPAMD_REDIS
Explicit control over running a Redis instance within the container. By default, this value will match what is set for [`ENABLE_RSPAMD`](#enable_rspamd). Explicit control over running a Redis instance within the container. By default, this value will match what is set for [`ENABLE_RSPAMD`](#enable_rspamd).

View file

@ -123,7 +123,7 @@ ENABLE_RSPAMD=0
# This setting provides an opt-out to allow using an external instance instead. # This setting provides an opt-out to allow using an external instance instead.
# 0 => Disabled # 0 => Disabled
# 1 => Enabled # 1 => Enabled
ENABLE_REDIS= ENABLE_RSPAMD_REDIS=
# Amavis content filter (used for ClamAV & SpamAssassin) # Amavis content filter (used for ClamAV & SpamAssassin)
# 0 => Disabled # 0 => Disabled

View file

@ -127,8 +127,8 @@ function _register_functions
[[ ${SMTP_ONLY} -ne 1 ]] && _register_start_daemon '_start_daemon_dovecot' [[ ${SMTP_ONLY} -ne 1 ]] && _register_start_daemon '_start_daemon_dovecot'
[[ ${ENABLE_UPDATE_CHECK} -eq 1 ]] && _register_start_daemon '_start_daemon_update_check' [[ ${ENABLE_UPDATE_CHECK} -eq 1 ]] && _register_start_daemon '_start_daemon_update_check'
[[ ${ENABLE_REDIS} -eq 1 ]] && _register_start_daemon '_start_daemon_rspamd' [[ ${ENABLE_RSPAMD} -eq 1 ]] && _register_start_daemon '_start_daemon_rspamd'
[[ ${ENABLE_RSPAMD} -eq 1 ]] && _register_start_daemon '_start_daemon_redis' [[ ${ENABLE_RSPAMD_REDIS} -eq 1 ]] && _register_start_daemon '_start_daemon_rspamd_redis'
[[ ${ENABLE_UPDATE_CHECK} -eq 1 ]] && _register_start_daemon '_start_daemon_update_check' [[ ${ENABLE_UPDATE_CHECK} -eq 1 ]] && _register_start_daemon '_start_daemon_update_check'
# needs to be started before SASLauthd # needs to be started before SASLauthd

View file

@ -43,8 +43,8 @@ function _start_daemon_opendkim { _default_start_daemon 'opendkim' ;
function _start_daemon_opendmarc { _default_start_daemon 'opendmarc' ; } function _start_daemon_opendmarc { _default_start_daemon 'opendmarc' ; }
function _start_daemon_postgrey { _default_start_daemon 'postgrey' ; } function _start_daemon_postgrey { _default_start_daemon 'postgrey' ; }
function _start_daemon_postsrsd { _default_start_daemon 'postsrsd' ; } function _start_daemon_postsrsd { _default_start_daemon 'postsrsd' ; }
function _start_daemon_redis { _default_start_daemon 'redis' ; }
function _start_daemon_rspamd { _default_start_daemon 'rspamd' ; } function _start_daemon_rspamd { _default_start_daemon 'rspamd' ; }
function _start_daemon_rspamd_redis { _default_start_daemon 'rspamd-redis' ; }
function _start_daemon_rsyslog { _default_start_daemon 'rsyslog' ; } function _start_daemon_rsyslog { _default_start_daemon 'rsyslog' ; }
function _start_daemon_update_check { _default_start_daemon 'update-check' ; } function _start_daemon_update_check { _default_start_daemon 'update-check' ; }

View file

@ -21,14 +21,15 @@ function _setup_save_states
# Only consolidate state for services that are enabled # Only consolidate state for services that are enabled
# Notably avoids copying over 200MB for the ClamAV database # Notably avoids copying over 200MB for the ClamAV database
[[ ${ENABLE_AMAVIS} -eq 1 ]] && FILES+=('lib/amavis') [[ ${ENABLE_AMAVIS} -eq 1 ]] && FILES+=('lib/amavis')
[[ ${ENABLE_CLAMAV} -eq 1 ]] && FILES+=('lib/clamav') [[ ${ENABLE_CLAMAV} -eq 1 ]] && FILES+=('lib/clamav')
[[ ${ENABLE_FAIL2BAN} -eq 1 ]] && FILES+=('lib/fail2ban') [[ ${ENABLE_FAIL2BAN} -eq 1 ]] && FILES+=('lib/fail2ban')
[[ ${ENABLE_FETCHMAIL} -eq 1 ]] && FILES+=('lib/fetchmail') [[ ${ENABLE_FETCHMAIL} -eq 1 ]] && FILES+=('lib/fetchmail')
[[ ${ENABLE_POSTGREY} -eq 1 ]] && FILES+=('lib/postgrey') [[ ${ENABLE_POSTGREY} -eq 1 ]] && FILES+=('lib/postgrey')
[[ ${ENABLE_RSPAMD} -eq 1 ]] && FILES+=('lib/rspamd') [[ ${ENABLE_RSPAMD} -eq 1 ]] && FILES+=('lib/rspamd')
[[ ${ENABLE_RSPAMD_REDIS} -eq 1 ]] && FILES+=('lib/redis')
[[ ${ENABLE_SPAMASSASSIN} -eq 1 ]] && FILES+=('lib/spamassassin') [[ ${ENABLE_SPAMASSASSIN} -eq 1 ]] && FILES+=('lib/spamassassin')
[[ ${SMTP_ONLY} -ne 1 ]] && FILES+=('lib/dovecot') [[ ${SMTP_ONLY} -ne 1 ]] && FILES+=('lib/dovecot')
for FILE in "${FILES[@]}" for FILE in "${FILES[@]}"
do do
@ -65,6 +66,7 @@ function _setup_save_states
[[ ${ENABLE_FETCHMAIL} -eq 1 ]] && chown -R fetchmail:nogroup /var/mail-state/lib-fetchmail [[ ${ENABLE_FETCHMAIL} -eq 1 ]] && chown -R fetchmail:nogroup /var/mail-state/lib-fetchmail
[[ ${ENABLE_POSTGREY} -eq 1 ]] && chown -R postgrey:postgrey /var/mail-state/lib-postgrey [[ ${ENABLE_POSTGREY} -eq 1 ]] && chown -R postgrey:postgrey /var/mail-state/lib-postgrey
[[ ${ENABLE_RSPAMD} -eq 1 ]] && chown -R _rspamd:_rspamd /var/mail-state/lib-rspamd [[ ${ENABLE_RSPAMD} -eq 1 ]] && chown -R _rspamd:_rspamd /var/mail-state/lib-rspamd
[[ ${ENABLE_RSPAMD_REDIS} -eq 1 ]] && chown -R redis:redis /var/mail-state/lib-redis
[[ ${ENABLE_SPAMASSASSIN} -eq 1 ]] && chown -R debian-spamd:debian-spamd /var/mail-state/lib-spamassassin [[ ${ENABLE_SPAMASSASSIN} -eq 1 ]] && chown -R debian-spamd:debian-spamd /var/mail-state/lib-spamassassin
chown -R root:root /var/mail-state/lib-logrotate chown -R root:root /var/mail-state/lib-logrotate

View file

@ -47,7 +47,7 @@ function __rspamd__preflight_checks
__rspamd__log 'debug' 'Rspamd will not use ClamAV (which has not been enabled)' __rspamd__log 'debug' 'Rspamd will not use ClamAV (which has not been enabled)'
fi fi
if [[ ${ENABLE_REDIS} -eq 1 ]] if [[ ${ENABLE_RSPAMD_REDIS} -eq 1 ]]
then then
__rspamd__log 'trace' 'Internal Redis is enabled, adding configuration' __rspamd__log 'trace' 'Internal Redis is enabled, adding configuration'
cat >/etc/rspamd/local.d/redis.conf << "EOF" cat >/etc/rspamd/local.d/redis.conf << "EOF"
@ -57,6 +57,19 @@ servers = "127.0.0.1:6379";
expand_keys = true; expand_keys = true;
EOF EOF
# Here we adjust the Redis default configuration that we supply to Redis
# when starting it. Note that `/var/lib/redis/` is linked to
# `/var/mail-state/redis/` (for persisting it) if `ONE_DIR=1`.
sedfile -i -E \
-e 's|^(bind).*|\1 127.0.0.1|g' \
-e 's|^(daemonize).*|\1 no|g' \
-e 's|^(port).*|\1 6379|g' \
-e 's|^(loglevel).*|\1 warning|g' \
-e 's|^(logfile).*|\1 ""|g' \
-e 's|^(dir).*|\1 /var/lib/redis|g' \
-e 's|^(dbfilename).*|\1 dms-dump.rdb|g' \
/etc/redis/redis.conf
else else
__rspamd__log 'debug' 'Rspamd will not use internal Redis (which has been disabled)' __rspamd__log 'debug' 'Rspamd will not use internal Redis (which has been disabled)'
fi fi

View file

@ -77,7 +77,7 @@ function __environment_variables_general_setup
VARS[ENABLE_POSTGREY]="${ENABLE_POSTGREY:=0}" VARS[ENABLE_POSTGREY]="${ENABLE_POSTGREY:=0}"
VARS[ENABLE_QUOTAS]="${ENABLE_QUOTAS:=1}" VARS[ENABLE_QUOTAS]="${ENABLE_QUOTAS:=1}"
VARS[ENABLE_RSPAMD]="${ENABLE_RSPAMD:=0}" VARS[ENABLE_RSPAMD]="${ENABLE_RSPAMD:=0}"
VARS[ENABLE_REDIS]="${ENABLE_REDIS:=${ENABLE_RSPAMD}}" VARS[ENABLE_RSPAMD_REDIS]="${ENABLE_RSPAMD_REDIS:=${ENABLE_RSPAMD}}"
VARS[ENABLE_SASLAUTHD]="${ENABLE_SASLAUTHD:=0}" VARS[ENABLE_SASLAUTHD]="${ENABLE_SASLAUTHD:=0}"
VARS[ENABLE_SPAMASSASSIN]="${ENABLE_SPAMASSASSIN:=0}" VARS[ENABLE_SPAMASSASSIN]="${ENABLE_SPAMASSASSIN:=0}"
VARS[ENABLE_SPAMASSASSIN_KAM]="${ENABLE_SPAMASSASSIN_KAM:=0}" VARS[ENABLE_SPAMASSASSIN_KAM]="${ENABLE_SPAMASSASSIN_KAM:=0}"

View file

@ -105,14 +105,14 @@ stdout_logfile=/var/log/supervisor/%(program_name)s.log
stderr_logfile=/var/log/supervisor/%(program_name)s.log stderr_logfile=/var/log/supervisor/%(program_name)s.log
command=/usr/bin/rspamd --no-fork --user=_rspamd --group=_rspamd command=/usr/bin/rspamd --no-fork --user=_rspamd --group=_rspamd
[program:redis] [program:rspamd-redis]
startsecs=0 startsecs=0
stopwaitsecs=55 stopwaitsecs=55
autostart=false autostart=false
autorestart=true autorestart=true
stdout_logfile=/var/log/supervisor/%(program_name)s.log stdout_logfile=/var/log/supervisor/%(program_name)s.log
stderr_logfile=/var/log/supervisor/%(program_name)s.log stderr_logfile=/var/log/supervisor/%(program_name)s.log
command=redis-server --daemonize no --bind 127.0.0.1 --port 6379 --loglevel warning command=redis-server /etc/redis/redis.conf
[program:fetchmail] [program:fetchmail]
startsecs=0 startsecs=0

View file

@ -23,7 +23,7 @@ function setup_file() {
# wait for ClamAV to be fully setup or we will get errors on the log # wait for ClamAV to be fully setup or we will get errors on the log
_repeat_in_container_until_success_or_timeout 60 "${CONTAINER_NAME}" test -e /var/run/clamav/clamd.ctl _repeat_in_container_until_success_or_timeout 60 "${CONTAINER_NAME}" test -e /var/run/clamav/clamd.ctl
_wait_for_service redis _wait_for_service rspamd-redis
_wait_for_service rspamd _wait_for_service rspamd
_wait_for_service clamav _wait_for_service clamav
_wait_for_service postfix _wait_for_service postfix