Docker image with Combodo iTop

https://hub.docker.com/r/vbkunin/itop
The image is based on phusion/baseimage and uses runit to manage services (apache, mysql, etc).

Usage

Run new iTop (see tags for specific iTop versions) container named my-itop:

sudo docker run -d -p 8000:80 --name=my-itop vbkunin/itop

Then go to http://localhost:8000/ to continue the installation.

Use this command to get the MySQL user credentials:

sudo docker logs my-itop | grep -A7 -B1 "Your MySQL user 'admin' has password:"

If you want to persist iTop configuration and/or MySQL data between the container recreations, mount it as a volume:

sudo docker run -d -p 8080:80 --name=my-itop -v my-itop-conf-volume:/var/www/html/conf -v my-itop-db-volume:/var/lib/mysql vbkunin/itop

But don't forget to fix the rights to the folder (in any case, iTop setup wizard will remind you):

sudo docker exec my-itop chown www-data:www-data /var/www/html/conf

Expose iTop extensions folder if you need it:

sudo docker run -d -p 8000:80 --name=my-itop -v /home/user/itop-extensions:/var/www/html/extensions vbkunin/itop

Image without MySQL

Уou can get base image without MySQL database server (only Apache and PHP) to use with your own one:

sudo docker run -d -p 8000:80 --name=my-itop vbkunin/itop:latest-base

Useful scripts and helpers

The image ships with several useful scripts you can run like this:

sudo docker exec my-itop /script-name.sh [script_params]

If you need the iTop Toolkit you can simply get this:

sudo docker exec my-itop /install-toolkit.sh

A cron setup helper is aboard:

sudo docker exec my-itop /setup-itop-cron.sh Cron Pa$5w0rD

Then you should create iTop user account with login Cron and password Pa$5w0rD and grant him Administrator profile. The third argument (optional) is the absolute path to the log file or --without-logs key. By default, the log file is /var/www/html/log/cron.log.

There are other scripts:

• make-itop-config-writable.sh (or you can use conf-w shortcut without the leading slash: docker exec my-itop conf-w)
• make-itop-config-read-only.sh (or conf-ro shortcut: docker exec my-itop conf-ro)

Developer's corner

If you're using this image for development (especially with PhpStorm), there are a few things for you.

• install-xdebug.sh – install Xdebug PHP extension and setup it for remote debugging. Two arguments are xdebug.client_port and xdebug.idekey (defaults are 9003 and PHPSTORM, respectively).

  sudo docker exec my-itop /install-xdebug.sh [client_port] [idekey]

• start-itop-cron-debug.sh – start remote debugging of iTop background tasks script (cron.php). The first two arguments are iTop user and his password (admin and password) and the third argument is debug server configuration name (default is localhost) in PhpStorm which specified through PHP_IDE_CONFIG environment variable (more details).

  sudo docker exec my-itop /start-itop-cron-debug.sh [auth_user] [auth_pwd] [php_ide_server_name]

• enable-mysql-remote-connections.sh – add the bind-address = 0.0.0.0 directive to the MySQL configuration to allow connections from outside the container.

  sudo docker exec my-itop /enable-mysql-remote-connections.sh

  Do not forget to expose the MySQL port with -p 3306:3306 when running the container.

Building images

The project uses multi-stage builds and a single Dockerfile to build both base (only Apache and PHP) and full images. Therefore, you have to specify the correct --target and the corresponding --tag when running the docker build command.

DOCKER_BUILDKIT=1 docker build \
  --target=base \
  --tag vbkunin/itop:3.0.2-base \
  --build-arg ITOP_DOWNLOAD_URL="https://sourceforge.net/projects/itop/files/itop/3.0.2-1/iTop-3.0.2-1-9957.zip/download" \
  -f Dockerfile .

DOCKER_BUILDKIT=1 docker build \
  --target=full \
  --tag vbkunin/itop:3.0.2 \
  --build-arg ITOP_DOWNLOAD_URL="https://sourceforge.net/projects/itop/files/itop/3.0.2-1/iTop-3.0.2-1-9957.zip/download" \
  -f Dockerfile .

The only mandatory build argument ITOP_DOWNLOAD_URL must contain a valid URL to the zip archive with the iTop release.

Multi-platform images for the Docker Hub are created and pushed using the docker buildx client:

docker buildx build \
  --tag vbkunin/itop:"${IMAGE_TAG:?}" \
  --platform="linux/arm64,linux/amd64" \
  --push \
  --target="${BUILD_TARGET:?}" \
  --build-arg ITOP_DOWNLOAD_URL="${ITOP_DOWNLOAD_URL:?}" \
  -f Dockerfile .

Links

• Combodo
• phusion/baseimage
• iTop Russian community forum & Telegram group
• Some extensions for iTop

实施

docker run -itd -p 8000:80 -p 3306:3306 --name=itop --restart=always  -e TZ="Asia/Shanghai" vbkunin/itop
#也可以自建数据库
docker run -p 3306:3306 --restart=always --name mysql \
-e TZ="Asia/Shanghai" -v /mnt/appdata/mysql/conf:/etc/mysql/conf.d \
-v /mnt/appdata/mysql/logs:/logs \
-v /mnt/appdata/mysql/data:/var/lib/mysql \
-e MYSQL_ROOT_PASSWORD=123456 -d mysql:5.7

数据库配置

grant all privileges on *.* to 'admin'@'%' identified by '123456' with grant option;
分解这个语句：
    GRANT ALL PRIVILEGES：授予所有权限。
    ON *.*：指定权限适用于所有数据库和表。
    TO 'root'@'%'：指定用户（'root'）和主机（'%'，表示任何主机）。
    IDENTIFIED BY 'password'：为用户设置密码为'password'。
    WITH GRANT OPTION：允许用户将相同的权限授予其他用户。
ALTER USER 'admin'@'%' IDENTIFIED WITH mysql_native_password BY '123456';
SHOW GRANTS FOR 'root'@'%';
DROP USER 'root'@'%';删除一个帐户及与之相关的全部权限
RENAME USER from_account TO to_account：改变给定账户的名称。
RENAME USER 'yangfan.lalala'@'127.0.0.1' TO 'yangfan.lalala'@'%';
FLUSH PRIVILEGES;

使用

iTop角色包括：

• 超级管理员（Administrator）；
• 变更主管（Change Supervisor）；
• 变更审批经理（Change Approver）；
• 变更执行人员（Change Implementor）；
• 文档作者（Document author）；
• 服务经理（Service Manager）；
• 桌面支持（Service Desk Agent）；
• 现场工程师（Support Agent）；
• 配置管理员（Configuration Manager）；
• 门户增强用户（Portal power user）；
• 门户用户（Portal user）；
• 问题经理（Problem Manager）；

itop容器备份迁移

1. 导出导入镜像包

   docker export my-itop > itop.tar
   备份itop数据库为itop.sql
   docker import itop.tar itop:latest

2. 运行容器

   docker run -itd -p 8000:80 -p 1306:3306 --name=itop --restart=always  -e TZ="Asia/Shanghai" itop:latest /sbin/my_init

3. 查看数据库密码

   docker logs itop | grep -A7 -B1 "Your MySQL user 'admin' has password:"

4. 修改config-itop.php文件中下面两项配置

   'app_root_url' => 'http://192.168.10.66:8000/',
   'db_pwd' => '123456',

5. 把config-itop.php上传服务器，并将其copy到容器中

   docker cp ~/config-itop.php itop:/var/www/html/conf/production/config-itop.php

6. 进入容器，修改文件所属

   docker exec -it itop bash
   cd /var/www/html/conf/production/
   chown www-data:www-data config-itop.php

7. 用mysql工具连接数据库，新建名称为itop的数据库，并把itop.sql导入