diff --git a/10/Dockerfile b/10/Dockerfile index 3b1d867..51cf4f5 100644 --- a/10/Dockerfile +++ b/10/Dockerfile @@ -1,6 +1,11 @@ +# Ver: 1.0 by Endial Fang (endial@126.com) +# +# 指定原始系统镜像,常用镜像为 colovu/ubuntu:18.04、colovu/debian:10-buster、colovu/alpine:3.11、colovu/openjdk:8u252-jre FROM colovu/ubuntu:18.04 +# 外部指定应用版本信息 ARG app_ver=10 +# 编译镜像时指定本地服务器地址,如 "http://172.29.14.108/dist-files/" ARG LOCAL_SERVER= ENV APP_NAME=postgresql \ @@ -9,6 +14,7 @@ ENV APP_NAME=postgresql \ APP_GROUP=postgres \ APP_VERSION=${app_ver} +# 定义应用基础目录信息,该常量在容器内可使用 ENV APP_BASE_DIR=/usr/lib/${APP_NAME}/${APP_VERSION} \ APP_DEF_DIR=/etc/${APP_NAME} \ APP_CONF_DIR=/srv/conf/${APP_NAME} \ @@ -20,57 +26,50 @@ ENV APP_BASE_DIR=/usr/lib/${APP_NAME}/${APP_VERSION} \ APP_CERT_DIR=/srv/cert/${APP_NAME} \ APP_WWW_DIR=/srv/www -# PGDATA 用于指定默认配置文件路径 -ENV PG_MAJOR=${APP_VERSION} \ - PGDATA=${APP_DATA_DIR}/${APP_VERSION} \ +# 设置应用需要的特定环境变量 +ENV \ PATH="${APP_BASE_DIR}/bin:${PATH}" LABEL \ "Version"="v${APP_VERSION}" \ - "Description"="Docker image for PostgreSQL ${APP_VERSION}." \ + "Description"="Docker image for ${APP_NAME} ${APP_VERSION}." \ "Dockerfile"="https://github.com/colovu/docker-${APP_NAME}" \ "Vendor"="Endial Fang (endial@126.com)" +# 拷贝默认 Shell 脚本至容器相关目录中 COPY prebuilds / -# 安装 locales 并修改默认编码 +# 镜像内应用安装脚本 +# 以下脚本可按照不同需求拆分为多个段,但需要注意各个段在结束前需要清空缓存 +# set -eux: 设置 shell 执行参数,分别为 -e(命令执行错误则退出脚本) -u(变量未定义则报错) -x(打印实际待执行的命令行) RUN set -eux; \ + \ # 设置程序使用静默安装,而非交互模式;类似tzdata等程序需要使用静默安装 export DEBIAN_FRONTEND=noninteractive; \ \ - apt-get update; \ - apt-get install -y --no-install-recommends locales; \ - localedef -c -i en_US -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8; \ - echo 'en_GB.UTF-8 UTF-8\nen_US.UTF-8 UTF-8' >> /etc/locale.gen && locale-gen; \ - update-locale LANG=en_US.UTF-8 LANGUAGE=en_US.UTF-8 LC_ALL=en_US.UTF-8 LC_MESSAGES=POSIX && dpkg-reconfigure locales; - -ENV LANG=en_US.UTF-8 \ - LANGUAGE=en_US.UTF-8 \ - LC_ALL=en_US.UTF-8 - -RUN set -eux; \ -# 设置程序使用静默安装,而非交互模式;类似tzdata等程序需要使用静默安装 - export DEBIAN_FRONTEND=noninteractive; \ - \ -# 设置入口脚本的可执行权限 +# 设置容器入口脚本的可执行权限 chmod +x /usr/local/bin/entrypoint.sh; \ \ # 为应用创建对应的组、用户、相关目录 - APP_DIRS="${APP_DEF_DIR:-} ${APP_CONF_DIR:-} ${APP_DATA_DIR:-} ${APP_CACHE_DIR:-} ${APP_RUN_DIR:-} ${APP_LOG_DIR:-} ${APP_CERT_DIR:-} ${APP_WWW_DIR:-} ${APP_DATA_LOG_DIR:-}"; \ - groupadd -r ${APP_GROUP}; \ - useradd -r -g ${APP_GROUP} -s /usr/sbin/nologin ${APP_USER}; \ + APP_DIRS="${APP_DEF_DIR:-} ${APP_CONF_DIR:-} ${APP_DATA_DIR:-} ${APP_CACHE_DIR:-} ${APP_RUN_DIR:-} \ + ${APP_LOG_DIR:-} ${APP_CERT_DIR:-} ${APP_WWW_DIR:-} ${APP_DATA_LOG_DIR:-} ${APP_BASE_DIR:-${APP_DATA_DIR}}"; \ mkdir -p ${APP_DIRS}; \ + groupadd -r ${APP_GROUP}; \ + useradd -r -g ${APP_GROUP} -s /usr/sbin/nologin -d ${APP_BASE_DIR} ${APP_USER}; \ \ -# 应用软件包及依赖 +# 应用软件包及依赖项。相关软件包在镜像创建完成时,不会被清理 appDeps=" \ postgresql-${PG_MAJOR} \ postgresql-common \ libnss-wrapper \ xz-utils \ + locales \ tzdata \ "; \ \ -# 安装临时使用的软件包,在使用完后会进行删除 + \ + \ +# 安装临时使用的软件包及依赖项。相关软件包在镜像创建完后时,会被清理 fetchDeps=" \ dirmngr \ gnupg \ @@ -79,30 +78,42 @@ RUN set -eux; \ apt-get update; \ apt-get install -y --no-install-recommends ${fetchDeps}; \ \ + \ + \ GPG_KEY='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \ export GNUPGHOME="$(mktemp -d)"; \ gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "${GPG_KEY}"|| \ gpg --batch --keyserver pgp.mit.edu --recv-keys "$GPG_KEY" || \ gpg --batch --keyserver keys.gnupg.net --recv-keys "$GPG_KEY" || \ - gpg --batch --keyserver keyserver.pgp.com --recv-keys "$GPG_KEY"; \ + gpg --batch --keyserver keyserver.pgp.com --recv-keys "$GPG_KEY"; \ gpg --batch --export "${GPG_KEY}" > /etc/apt/trusted.gpg.d/postgres.gpg; \ command -v gpgconf > /dev/null && gpgconf --kill all; \ rm -rf "$GNUPGHOME"; \ apt-key list; \ \ + \ + \ +# 增加软件包特有源,并使用系统包管理方式安装软件 echo "deb http://apt.postgresql.org/pub/repos/apt/ bionic-pgdg main ${PG_MAJOR}" >> /etc/apt/sources.list; \ echo "deb-src http://apt.postgresql.org/pub/repos/apt/ bionic-pgdg main ${PG_MAJOR}" >> /etc/apt/sources.list; \ apt-get update; \ apt-get install -y --no-install-recommends ${appDeps}; \ \ -# 为中国区使用重新配置tzdata信息 + \ + \ +# 为中国区使用重新配置 TimeZone 信息。需要安装 tzdata 软件包 ln -fs /usr/share/zoneinfo/Asia/Shanghai /etc/localtime; \ dpkg-reconfigure -f noninteractive tzdata; \ \ -# 检测是否存在overrides脚本文件,如果存在,执行 +# 安装 UTF-8 编码。需要安装 locales 软件包 + localedef -c -i en_US -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8; \ + echo 'en_GB.UTF-8 UTF-8\nen_US.UTF-8 UTF-8' >> /etc/locale.gen && locale-gen; \ + update-locale LANG=en_US.UTF-8 LANGUAGE=en_US.UTF-8 LC_ALL=en_US.UTF-8 LC_MESSAGES=POSIX && dpkg-reconfigure locales; + \ +# 检测是否存在对应版本的 overrides 脚本文件;如果存在,执行 { [ ! -e "/usr/local/overrides/overrides-${APP_VERSION}.sh" ] || /bin/bash "/usr/local/overrides/overrides-${APP_VERSION}.sh"; }; \ \ -# 设置临时目录的权限信息,设置为777是为了保证后续使用`--user`或`gosu`时,可以更改目录对应的用户属性信息;运行时会被更改为700或755 +# 设置应用关联目录的权限信息,设置为'777'是为了保证后续使用`--user`或`gosu`时,可以更改目录对应的用户属性信息;运行时会被更改为'700'或'755' chown -Rf ${APP_USER}:${APP_GROUP} ${APP_DIRS}; \ chmod 777 ${APP_DIRS}; \ \ @@ -123,7 +134,11 @@ RUN set -eux; \ rm -rf /var/lib/apt/lists/*; \ \ # 验证安装的软件是否可以正常运行,常规情况下放置在命令行的最后 - gosu ${APP_USER} postgres --version; + gosu ${APP_USER} ${APP_EXEC} --version ; + +ENV LANG=en_US.UTF-8 \ + LANGUAGE=en_US.UTF-8 \ + LC_ALL=en_US.UTF-8 VOLUME ["/srv/conf", "/srv/data", "/var/log", "/var/run"] @@ -133,5 +148,5 @@ EXPOSE 5432 # 容器初始化命令,默认存放在:/usr/local/bin/entrypoint.sh ENTRYPOINT ["entrypoint.sh"] -# 应用程序的服务命令,必须使用非守护进程方式运行 +# 应用程序的服务命令,必须使用非守护进程方式运行。该配置不能使用变量定义 CMD ["postgres", "--config-file=/srv/conf/postgresql/10/main/postgresql.conf"] diff --git a/10/prebuilds/usr/local/bin/appcommon.sh b/10/prebuilds/usr/local/bin/appcommon.sh index b60e3ec..ed35771 100644 --- a/10/prebuilds/usr/local/bin/appcommon.sh +++ b/10/prebuilds/usr/local/bin/appcommon.sh @@ -1,13 +1,14 @@ #!/bin/bash -# +# Ver: 1.0 by Endial Fang (endial@126.com) +# # 应用通用业务处理函数 # 加载依赖脚本 -. /usr/local/scripts/liblog.sh +#. /usr/local/scripts/liblog.sh # 日志输出函数库 +. /usr/local/scripts/libcommon.sh # 通用函数库 . /usr/local/scripts/libfile.sh . /usr/local/scripts/libfs.sh . /usr/local/scripts/libos.sh -. /usr/local/scripts/libcommon.sh . /usr/local/scripts/libservice.sh . /usr/local/scripts/libvalidations.sh @@ -26,41 +27,37 @@ postgresql_enable_nss_wrapper() { fi } -# 加载应用使用的环境变量初始值,该函数在相关脚本中以eval方式调用 +# 加载应用使用的环境变量初始值,该函数在相关脚本中以 eval 方式调用 # 全局变量: # ENV_* : 容器使用的全局变量 -# PG_* : 应用配置文件使用的全局变量,变量名根据配置项定义 +# APP_* : 在镜像创建时定义的全局变量 +# *_* : 应用配置文件使用的全局变量,变量名根据配置项定义 # 返回值: # 可以被 'eval' 使用的序列化输出 docker_app_env() { - # 以下变量已经在创建镜像时定义,可直接使用 - # APP_NAME、APP_EXEC、APP_USER、APP_GROUP、APP_VERSION - # APP_BASE_DIR、APP_DEF_DIR、APP_CONF_DIR、APP_CERT_DIR、APP_DATA_DIR、APP_DATA_LOG_DIR、APP_CACHE_DIR、APP_RUN_DIR、APP_LOG_DIR cat <<"EOF" -# Debug log message +# Common Settings export ENV_DEBUG=${ENV_DEBUG:-false} +export ALLOW_EMPTY_PASSWORD="${ALLOW_EMPTY_PASSWORD:-no}" # Paths -export PG_BASE_DIR="${PG_BASE_DIR:-${APP_BASE_DIR}}" -export PG_DATA_DIR="${PG_DATA_DIR:-${APP_DATA_DIR}/${PG_MAJOR}}" -export PG_DATALOG_DIR="${PG_DATALOG_DIR:-${APP_DATA_LOG_DIR}}" -export PG_CONF_DIR="${PG_CONF_DIR:-${APP_CONF_DIR}}" -export PG_LOG_DIR="${PG_LOG_DIR:-${APP_LOG_DIR}}" -export PG_BIN_DIR="${PG_BIN_DIR:-${PG_BASE_DIR}/bin}" -export PG_CONF_FILE="${PG_CONF_DIR}/${PG_MAJOR}/main/postgresql.conf" -export PG_HBA_FILE="${PG_CONF_DIR}/${PG_MAJOR}/main/pg_hba.conf" -export PG_IDENT_FILE="${PG_CONF_DIR}/${PG_MAJOR}/main/pg_ident.conf" +export APP_DATA_LOG_DIR="${PG_INITDB_WAL_DIR:-${APP_DATA_LOG_DIR}}" +export PG_DATA_DIR="${PG_DATA_DIR:-${APP_DATA_DIR}/${APP_VERSION}}" +export PGDATA="${PG_DATA_DIR}" + +export PG_CONF_FILE="${APP_CONF_DIR}/${APP_VERSION}/main/postgresql.conf" +export PG_HBA_FILE="${APP_CONF_DIR}/${APP_VERSION}/main/pg_hba.conf" +export PG_IDENT_FILE="${APP_CONF_DIR}/${APP_VERSION}/main/pg_ident.conf" export PG_RECOVERY_FILE="${PG_DATA_DIR}/recovery.conf" export PG_PID_FILE="${APP_RUN_DIR}/postgresql.pid" -export PG_LOG_FILE="${PG_LOG_DIR}/postgresql.log" - +export PG_LOG_FILE="${APP_LOG_DIR}/postgresql.log" # Users -export PG_DAEMON_USER="${PG_DAEMON_USER:-${APP_USER}}" -export PG_DAEMON_GROUP="${PG_DAEMON_GROUP:-${APP_GROUP}}" +export APP_USER="${PG_DAEMON_USER:-${APP_USER}}" +export APP_GROUP="${PG_DAEMON_GROUP:-${APP_GROUP}}" # Cluster configuration -export PG_CLUSTER_APP_NAME=${PG_CLUSTER_APP_NAME:-walreceiver} +export PG_CLUSTER_APP_NAME=${PG_CLUSTER_APP_NAME:-cvreceiver} export PG_REPLICATION_MODE="${PG_REPLICATION_MODE:-master}" export PG_MASTER_HOST="${PG_MASTER_HOST:-}" @@ -75,7 +72,6 @@ export PG_FSYNC="${PG_FSYNC:-on}" # PostgreSQL settings export PG_INIT_MAX_TIMEOUT=${PG_INIT_MAX_TIMEOUT:-60} export PG_INITDB_ARGS="${PG_INITDB_ARGS:-}" -export PG_INITDB_WAL_DIR="${PG_INITDB_WAL_DIR:-${PG_DATALOG_DIR}}" export PG_PORT_NUMBER="${PG_PORT_NUMBER:-5432}" # PostgreSQL TLS Settings @@ -96,7 +92,6 @@ export PG_LDAP_SEARCH_ATTR="${PG_LDAP_SEARCH_ATTR:-}" export PG_LDAP_SEARCH_FILTER="${PG_LDAP_SEARCH_FILTER:-}" # Authentication -export PG_ALLOW_EMPTY_PASSWORD="${PG_ALLOW_EMPTY_PASSWORD:-no}" export PG_USERNAME="${PG_USERNAME:-postgres}" export PG_PASSWORD="${PG_PASSWORD:-}" export PG_DATABASE="${PG_DATABASE:-postgres}" @@ -105,6 +100,7 @@ export PG_INITSCRIPTS_USERNAME="${PG_INITSCRIPTS_USERNAME:-${PG_USERNAME}}" export PG_INITSCRIPTS_PASSWORD="${PG_INITSCRIPTS_PASSWORD:-${PG_PASSWORD}}" EOF + # 利用 *_FILE 设置密码,不在配置命令中设置密码,增强安全性 if [[ -f "${PG_POSTGRES_PASSWORD_FILE:-}" ]]; then cat <<"EOF" export PG_POSTGRES_PASSWORD="$(< "${PG_POSTGRES_PASSWORD_FILE}")" @@ -177,7 +173,7 @@ postgresql_conf_set() { # $1 - 变量 # $2 - 值(列表) postgresql_hba_set() { - replace_in_file "${PG_HBA_FILE}" "$1" "$2" false + replace_in_file "${PG_HBA_FILE}" "${1}" "${2}" false } # 更新 pg_ident.conf 配置文件中指定变量值 @@ -200,22 +196,6 @@ postgresql_recover_set() { postgresql_common_conf_set "${PG_RECOVERY_FILE}" "$@" } -# 修改 PostgreSQL 应用指定配置文件的配置项 -# 全局变量: -# PG_* -# 参数: -# $1 - 配置项 -# $2 - 值 -# $3 - 配置文件 (默认值: $PG_CONF_FILE) -postgresql_set_property() { - local -r property="${1:?missing property}" - local -r value="${2:?missing value}" - local -r conf_file="${3:?missing config-file}" - local psql_conf - - replace_in_file "$conf_file" "^#*\s*${property}\s*=.*" "${property} = '${value}'" false -} - # 检测用户参数信息是否满足条件; 针对部分权限过于开放情况,打印提示信息 # 全局变量: # PG_* @@ -230,12 +210,12 @@ app_verify_minimum_env() { } empty_password_enabled_warn() { - LOG_W "You set the environment variable PG_ALLOW_EMPTY_PASSWORD=${PG_ALLOW_EMPTY_PASSWORD}. For safety reasons, do not use this flag in a production environment." + LOG_W "You set the environment variable ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD}. For safety reasons, do not use this flag in a production environment." } empty_password_error() { - print_validation_error "The $1 environment variable is empty or not set. Set the environment variable PG_ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development." + print_validation_error "The $1 environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development." } - if is_boolean_yes "$PG_ALLOW_EMPTY_PASSWORD"; then + if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then empty_password_enabled_warn else if [[ -z "$PG_PASSWORD" ]]; then @@ -272,7 +252,7 @@ app_verify_minimum_env() { empty_password_error "PG_REPLICATION_PASSWORD" fi else - if is_boolean_yes "$PG_ALLOW_EMPTY_PASSWORD"; then + if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then empty_password_enabled_warn else if [[ -z "$PG_PASSWORD" ]]; then @@ -354,17 +334,18 @@ host all all ::/0 trust EOF } -# 更改默认监听地址为 "*",以对容器外提供服务;默认配置文件应当为仅监听 localhost(127.0.0.1) -postgresql_enable_remote_connections() { +# 更改默认监听地址为 "*" 或 "0.0.0.0",以对容器外提供服务;默认配置文件应当为仅监听 localhost(127.0.0.1) +app_enable_remote_connections() { + LOG_D "Modify default config to enable all IP access" postgresql_conf_set "listen_addresses" "*" } -# 以后台方式启动Zookeeper服务,并等待启动就绪 +# 以后台方式启动应用服务,并等待启动就绪 # 全局变量: # PG_* # ENV_DEBUG -postgresql_start_server_bg() { - is_postgresql_running && return +app_start_server_bg() { + is_app_server_running && return # -w wait until operation completes (default) # -W don't wait until operation completes @@ -372,10 +353,10 @@ postgresql_start_server_bg() { # -l write (or append) server log to FILENAME # -o command line options to pass to postgres or initdb local -r pg_ctl_flags=("-W" "-D" "$PG_DATA_DIR" "-l" "$PG_LOG_FILE" "-o" "--config-file=$PG_CONF_FILE --external_pid_file=$PG_PID_FILE --hba_file=$PG_HBA_FILE") - LOG_I "Starting PostgreSQL in background..." + LOG_I "Starting ${APP_NAME} in background..." local pg_ctl_cmd=() if _is_run_as_root; then - pg_ctl_cmd+=("gosu" "$PG_DAEMON_USER") + pg_ctl_cmd+=("gosu" "$APP_USER") fi pg_ctl_cmd+=(pg_ctl) if is_boolean_yes "${ENV_DEBUG}"; then @@ -384,40 +365,47 @@ postgresql_start_server_bg() { "${pg_ctl_cmd[@]}" "start" "${pg_ctl_flags[@]}" >/dev/null 2>&1 fi - local -r pg_isready_args=("-h" "localhost" "-p" "${PG_PORT_NUMBER}" "-U" "postgres") + local -r check_args=("-h" "localhost" "-p" "${PG_PORT_NUMBER}" "-U" "postgres") + local check_cmd=() + if _is_run_as_root; then + check_cmd=("gosu" "$APP_USER") + fi + check_cmd+=(pg_isready) local counter=$PG_INIT_MAX_TIMEOUT - LOG_I "Starting check PostgreSQL ready status..." - while ! pg_isready "${pg_isready_args[@]}" >/dev/null 2>&1; do + LOG_I "Checking ${APP_NAME} ready status..." + while ! PGPASSWORD=$PG_REPLICATION_PASSWORD "${check_cmd[@]}" "${check_args[@]}" >/dev/null 2>&1; do sleep 1 - counter=$((counter - 1 )) + counter=$(( counter - 1 )) if (( counter <= 0 )); then LOG_E "PostgreSQL is not ready after $PG_INIT_MAX_TIMEOUT seconds" exit 1 fi done - LOG_D "PostgreSQL is ready for service..." + LOG_D "${APP_NAME} is ready for service..." } # 停止 PostgreSQL 后台服务 # 全局变量: # PG_PID_FILE -postgresql_stop_server() { - LOG_I "Stopping PostgreSQL..." +app_stop_server() { + LOG_I "Stopping ${APP_NAME}..." stop_service_using_pid "$PG_PID_FILE" } -# 检测 PostgreSQL 后台服务是否在运行中 +# 检测应用服务是否在后台运行中 # 全局变量: # PG_PID_FILE # 返回值: # 布尔值 -is_postgresql_running() { +is_app_server_running() { local pid pid="$(get_pid_from_file "$PG_PID_FILE")" if [[ -z "$pid" ]]; then + LOG_D "${APP_NAME} is Stopped..." false else + LOG_D "${APP_NAME} is Running..." is_service_running "$pid" fi } @@ -453,10 +441,18 @@ postgresql_execute() { fi } -# 在重新启动容器时,删除标志文件及 postmaster PID 文件 (容器重新启动) +# 清理初始化应用时生成的临时文件 +app_clean_tmp_file() { + LOG_D "Clean ${APP_NAME} tmp files..." + + rm -rf "${PG_LOG_FILE}" +} + +# 在重新启动容器时,删除标志文件及必须删除的临时文件 (容器重新启动) # 全局变量: +# APP_* # PG_* -postgresql_clean_from_restart() { +app_clean_from_restart() { local -r -a files=( "$PG_DATA_DIR"/postmaster.pid "$PG_DATA_DIR"/standby.signal @@ -513,14 +509,14 @@ postgresql_default_hba_config() { # PG_* postgresql_configure_recovery() { LOG_I "Setting up streaming replication slave..." - if (( PG_MAJOR >= 12 )); then + if (( APP_VERSION >= 12 )); then # 版本为12以上时, Slave 节点配置保存在 postgresql.conf 文件中 postgresql_conf_set "primary_conninfo" "host=${PG_MASTER_HOST} port=${PG_MASTER_PORT_NUMBER} user=${PG_REPLICATION_USER} password=${PG_REPLICATION_PASSWORD} application_name=${PG_CLUSTER_APP_NAME}" postgresql_conf_set "promote_trigger_file" "/tmp/postgresql.trigger.${PG_MASTER_PORT_NUMBER}" touch "$PG_DATA_DIR"/standby.signal else # 版本低于12时, Slave 节点配置保存在 recover.conf 文件中 - cp -f "/usr/share/postgresql/${PG_MAJOR}/recovery.conf.sample" "$PG_RECOVERY_FILE" + cp -f "/usr/share/postgresql/${APP_VERSION}/recovery.conf.sample" "$PG_RECOVERY_FILE" chmod 600 "$PG_RECOVERY_FILE" postgresql_recover_set "standby_mode" "on" postgresql_recover_set "primary_conninfo" "host=${PG_MASTER_HOST} port=${PG_MASTER_PORT_NUMBER} user=${PG_REPLICATION_USER} password=${PG_REPLICATION_PASSWORD} application_name=${PG_CLUSTER_APP_NAME}" @@ -568,13 +564,13 @@ postgresql_create_custom_database() { } # 应用默认初始化操作 -# 执行完毕后,会在 ${APP_DATA_DIR} 目录中生成 .app_init_flag 及 .data_init_flag 文件 +# 执行完毕后,生成文件 ${APP_CONF_DIR}/.app_init_flag 及 ${APP_DATA_DIR}/.data_init_flag 文件 docker_app_init() { - postgresql_clean_from_restart + app_clean_from_restart LOG_D "Check init status of ${APP_NAME}..." # 检测配置文件是否存在 - if [[ ! -f "${APP_DATA_DIR}/.app_init_flag" ]]; then + if [[ ! -f "${APP_CONF_DIR}/.app_init_flag" ]]; then LOG_I "No injected configuration file found, creating default config files..." postgresql_default_postgresql_config postgresql_default_hba_config @@ -585,16 +581,17 @@ docker_app_init() { postgresql_configure_recovery fi - echo "$(date '+%Y-%m-%d %H:%M:%S') : Init success." >> ${APP_DATA_DIR}/.app_init_flag + touch ${APP_CONF_DIR}/.app_init_flag + echo "$(date '+%Y-%m-%d %H:%M:%S') : Init success." >> ${APP_CONF_DIR}/.app_init_flag else LOG_I "User injected custom configuration detected!" fi if [[ ! -f "${APP_DATA_DIR}/.data_init_flag" ]]; then - LOG_I "Deploying PostgreSQL from scratch..." + LOG_I "Deploying ${APP_NAME} from scratch..." if [[ "$PG_REPLICATION_MODE" = "master" ]]; then postgresql_master_init_db - postgresql_start_server_bg + app_start_server_bg [[ "$PG_DATABASE" != "postgres" ]] && postgresql_create_custom_database # 为数据库授权;默认用户不为 postgres 时,需要创建管理员账户 @@ -611,19 +608,22 @@ docker_app_init() { else postgresql_slave_init_db fi - - echo "$(date '+%Y-%m-%d %H:%M:%S') : Init success." > ${APP_DATA_DIR}/.data_init_flag + + touch ${APP_DATA_DIR}/.data_init_flag + echo "$(date '+%Y-%m-%d %H:%M:%S') : Init success." >> ${APP_DATA_DIR}/.data_init_flag else - LOG_I "Deploying PostgreSQL with persisted data..." + LOG_I "Deploying ${APP_NAME} with persisted data..." fi } -# 用户自定义的应用初始化操作,依次执行目录preinitdb.d中的初始化脚本 -# 执行完毕后,会在 ${APP_DATA_DIR} 目录中生成 .custom_preinit_flag 文件 +# 用户自定义的前置初始化操作,依次执行目录 preinitdb.d 中的初始化脚本 +# 执行完毕后,生成文件 ${APP_DATA_DIR}/.custom_preinit_flag docker_custom_preinit() { - # 检测用户配置文件目录是否存在initdb.d文件夹,如果存在,尝试执行目录中的初始化脚本 + LOG_D "Check custom pre-init status of ${APP_NAME}..." + + # 检测用户配置文件目录是否存在 preinitdb.d 文件夹,如果存在,尝试执行目录中的初始化脚本 if [ -d "/srv/conf/${APP_NAME}/preinitdb.d" ]; then - # 检测数据存储目录是否存在已初始化标志文件;如果不存在,进行初始化操作 + # 检测数据存储目录是否存在已初始化标志文件;如果不存在,检索可执行脚本文件并进行初始化操作 if [ ! -f "${APP_DATA_DIR}/.custom_preinit_flag" ]; then LOG_I "Process custom pre-init scripts from /srv/conf/${APP_NAME}/preinitdb.d..." @@ -632,7 +632,8 @@ docker_custom_preinit() { docker_process_init_files /srv/conf/${APP_NAME}/preinitdb.d/* - echo "$(date '+%Y-%m-%d %H:%M:%S') : Init success." > ${APP_DATA_DIR}/.custom_preinit_flag + touch ${APP_DATA_DIR}/.custom_preinit_flag + echo "$(date '+%Y-%m-%d %H:%M:%S') : Init success." >> ${APP_DATA_DIR}/.custom_preinit_flag LOG_I "Custom preinit for ${APP_NAME} complete." else LOG_I "Custom preinit for ${APP_NAME} already done before, skipping initialization." @@ -641,16 +642,21 @@ docker_custom_preinit() { } # 用户自定义的应用初始化操作,依次执行目录initdb.d中的初始化脚本 -# 执行完毕后,会在 ${APP_DATA_DIR} 目录中生成 .custom_init_flag 文件 +# 执行完毕后,生成文件 ${APP_DATA_DIR}/.custom_init_flag docker_custom_init() { - # 检测用户配置文件目录是否存在initdb.d文件夹,如果存在,尝试执行目录中的初始化脚本 + LOG_D "Check custom init status of ${APP_NAME}..." + + # 检测用户配置文件目录是否存在 initdb.d 文件夹,如果存在,尝试执行目录中的初始化脚本 if [ -d "/srv/conf/${APP_NAME}/initdb.d" ]; then - # 检测数据存储目录是否存在已初始化标志文件;如果不存在,进行初始化操作 - if [[ -n $(find "/srv/conf/${APP_NAME}/initdb.d/" -type f -regex ".*\.\(sh\|sql\|sql.gz\)") ]] && [[ ! -f "${APP_DATA_DIR}/.custom_init_flag" ]]; then + # 检测数据存储目录是否存在已初始化标志文件;如果不存在,检索可执行脚本文件并进行初始化操作 + if [[ -n $(find "/srv/conf/${APP_NAME}/initdb.d/" -type f -regex ".*\.\(sh\|sql\|sql.gz\)") ]] && \ + [[ ! -f "${APP_DATA_DIR}/.custom_init_flag" ]]; then LOG_I "Process custom init scripts from /srv/conf/${APP_NAME}/initdb.d..." - postgresql_start_server_bg - find "/srv/conf/${APP_NAME}/initdb.d/" -type f -regex ".*\.\(sh\|sql\|sql.gz\)" | sort | while read -r f; do + app_start_server_bg + + # 检索所有可执行脚本,排序后执行 + find "/srv/conf/${APP_NAME}/initdb.d/" -type f -regex ".*\.\(sh\|sql\|sql.gz\)" | sort | while read -r f; do case "$f" in *.sh) if [[ -x "$f" ]]; then @@ -665,21 +671,22 @@ docker_custom_init() { esac done - echo "$(date '+%Y-%m-%d %H:%M:%S') : Init success." > ${APP_DATA_DIR}/.custom_init_flag + touch ${APP_DATA_DIR}/.custom_init_flag + echo "$(date '+%Y-%m-%d %H:%M:%S') : Init success." >> ${APP_DATA_DIR}/.custom_init_flag LOG_I "Custom init for ${APP_NAME} complete." else LOG_I "Custom init for ${APP_NAME} already done before, skipping initialization." fi fi - # 停止初始化启动的 PostgreSQL 后台服务 - postgresql_stop_server + # 停止初始化时启动的后台服务 + is_app_server_running && app_stop_server - # 删除第一次运行生成的日志文件 - rm -rf "$PG_LOG_FILE" + # 删除第一次运行生成的临时文件 + app_clean_tmp_file - # 绑定所有 IP ,启用远程访问 - postgresql_enable_remote_connections + # 绑定所有 IP ,启用远程访问 + app_enable_remote_connections } # 初始化 Master 节点数据库 @@ -695,11 +702,11 @@ postgresql_master_init_db() { initdb_args+=("${envExtraFlags[@]}") fi #initdb+=("-o" "--config-file=$PG_CONF_FILE --external_pid_file=$PG_PID_FILE --hba_file=$PG_HBA_FILE") - initdb_args+=("--waldir=$PG_INITDB_WAL_DIR") + initdb_args+=("--waldir=$APP_DATA_LOG_DIR") local initdb_cmd=() if _is_run_as_root; then - initdb_cmd+=("gosu" "$PG_DAEMON_USER") + initdb_cmd+=("gosu" "$APP_USER") fi initdb_cmd+=(initdb) @@ -722,16 +729,16 @@ postgresql_master_init_db() { # 返回值: # 布尔值 postgresql_slave_init_db() { - LOG_I "Waiting for replication master to accept connections (${PG_INIT_MAX_TIMEOUT} timeout)..." + LOG_I "Waiting for replication master to accept connections (${PG_INIT_MAX_TIMEOUT} seconds)..." local -r check_args=("-U" "$PG_REPLICATION_USER" "-h" "$PG_MASTER_HOST" "-p" "$PG_MASTER_PORT_NUMBER" "-d" "postgres") local check_cmd=() if _is_run_as_root; then - check_cmd=("gosu" "$PG_DAEMON_USER") + check_cmd=("gosu" "$APP_USER") fi check_cmd+=(pg_isready) local ready_counter=$PG_INIT_MAX_TIMEOUT - while ! PGPASSWORD=$PG_REPLICATION_PASSWORD "${check_cmd[@]}" "${check_args[@]}";do + while ! PGPASSWORD=$PG_REPLICATION_PASSWORD "${check_cmd[@]}" "${check_args[@]}" >/dev/null 2>&1;do sleep 1 ready_counter=$(( ready_counter - 1 )) if (( ready_counter <= 0 )); then @@ -740,15 +747,16 @@ postgresql_slave_init_db() { fi done - LOG_I "Replicating the initial database" + LOG_I "Replicating the database from node master..." + #local -r backup_args=("-D" "$PG_DATA_DIR" -d "hostaddr=$PG_MASTER_HOST port=$PG_MASTER_PORT_NUMBER user=$PG_REPLICATION_USER password=$PG_REPLICATION_PASSWORD" -v -Fp -Xs local -r backup_args=("-D" "$PG_DATA_DIR" "-U" "$PG_REPLICATION_USER" "-h" "$PG_MASTER_HOST" "-p" "$PG_MASTER_PORT_NUMBER" "-X" "stream" "-w" "-v" "-P") local backup_cmd=() if _is_run_as_root; then - backup_cmd+=("gosu" "$PG_DAEMON_USER") + backup_cmd+=("gosu" "$APP_USER") fi backup_cmd+=(pg_basebackup) - local replication_counter=$PG_INIT_MAX_TIMEOUT + while ! PGPASSWORD=$PG_REPLICATION_PASSWORD "${backup_cmd[@]}" "${backup_args[@]}";do LOG_D "Backup command failed. Sleeping and trying again" sleep 1 diff --git a/10/prebuilds/usr/local/bin/entrypoint.sh b/10/prebuilds/usr/local/bin/entrypoint.sh index 9affa54..e2f548d 100644 --- a/10/prebuilds/usr/local/bin/entrypoint.sh +++ b/10/prebuilds/usr/local/bin/entrypoint.sh @@ -1,29 +1,39 @@ #!/bin/bash +# Ver: 1.0 by Endial Fang (endial@126.com) # # 容器入口脚本 +# 设置遇到执行错误则退出执行 set -o errexit +# 设置脚本遇到未初始化或声明的变量退出执行 set -o nounset +# 设置遇到管道命令失败则退出执行 set -o pipefail -# set -o xtrace # Uncomment this line for debugging purpose +# 设置调试信息输出,及命令在执行前先打印命令执行前的命令内容 +# set -o xtrace # 加载依赖脚本 -. /usr/local/scripts/liblog.sh -. /usr/local/scripts/libcommon.sh +#. /usr/local/scripts/liblog.sh # 日志输出函数库 +#. /usr/local/scripts/libcommon.sh # 通用函数库 +. /usr/local/bin/appcommon.sh # 应用专用函数库 -. /usr/local/bin/appcommon.sh +LOG_D "Run entrypoint.sh for container init..." -APP_DIRS="${APP_DEF_DIR:-} ${APP_HOME_DIR:-} ${APP_CONF_DIR:-} ${APP_DATA_DIR:-} ${APP_CACHE_DIR:-} ${APP_RUN_DIR:-} ${APP_LOG_DIR:-} ${APP_CERT_DIR:-} ${APP_WWW_DIR:-} ${APP_DATA_LOG_DIR:-}"; \ - -# 加载环境变量, docker_app_env()函数在文件 app-common.sh 中定义 +# 初始化环境变量。 docker_app_env()函数在文件 appcommon.sh 中定义 eval "$(docker_app_env)" +# 定义容器中使用的默认目录(未定义时设置默认值为空"") +APP_DIRS="${APP_DEF_DIR:-} ${APP_HOME_DIR:-} ${APP_CONF_DIR:-} ${APP_DATA_DIR:-} ${APP_CACHE_DIR:-} ${APP_RUN_DIR:-} \ + ${APP_LOG_DIR:-} ${APP_CERT_DIR:-} ${APP_WWW_DIR:-} ${APP_DATA_LOG_DIR:-}" + APP_DIRS="${APP_DIRS} ${PG_DATA_DIR}" # 打印镜像欢迎信息 docker_print_welcome # 检测数据卷,创建默认的关联目录,并拷贝所必须的默认配置文件及初始化文件 +# 全局变量: +# APP_* docker_ensure_dir_and_configs() { local user_id; user_id="$(id -u)" @@ -45,10 +55,10 @@ _main() { # 命令行参数以可执行应用命令起始,且不包含直接返回的命令(如:-V、--version、--help)时,执行初始化操作 if [ "$1" = "${APP_EXEC}" ] && ! docker_command_help "$@"; then - # 检测 ENV_* PG_* 环境变量是否有效 + # 检测启动容器时设置的环境变量是否有效 app_verify_minimum_env - # 检测应用需要使用的目录是否存在,并设置相应用户权限 + # 检测应用需要使用的目录及配置文件是否存在 docker_ensure_dir_and_configs # 以root用户运行时,会使用gosu重新以"APP_USER"用户运行当前脚本 @@ -56,11 +66,11 @@ _main() { if _is_run_as_root; then LOG_D "Change permissions when run as root" - # 以root用户启动时,修改相应目录的所属用户信息为APP_USER,确保切换用户时,权限正常 + # 以root用户启动时,修改相应目录的所属用户信息为 APP_USER ,确保切换用户时,权限正常 for dir in ${APP_DIRS}; do LOG_D "Change ownership and permissions of $dir" chmod 0755 "$dir" - configure_permissions_ownership "$dir" -u "${APP_USER}" -g "${APP_GROUP}" + configure_permissions_ownership "$dir" -u "${APP_USER}" -g "${APP_GROUP}" done # 解决 PostgreSQL 目录权限过于开放,无法初始化问题:FATAL: data directory "/srv/data/postgresql" has group or world access @@ -85,7 +95,7 @@ _main() { docker_custom_init fi - LOG_I "Start container with: $@" + LOG_I "Start container with command: $@" # 执行命令行 exec "$@" } diff --git a/10/prebuilds/usr/local/overrides/overrides-10.sh b/10/prebuilds/usr/local/overrides/overrides-10.sh index 9cb0957..8278e29 100644 --- a/10/prebuilds/usr/local/overrides/overrides-10.sh +++ b/10/prebuilds/usr/local/overrides/overrides-10.sh @@ -1,6 +1,6 @@ #!/bin/bash -e -POSTGRESQL_CONF="${APP_DEF_DIR}/${PG_MAJOR}/main/postgresql.conf" +POSTGRESQL_CONF="${APP_DEF_DIR}/${APP_VERSION}/main/postgresql.conf" # 在安装完应用后,使用该脚本修改默认配置文件中部分配置项 # 如果相应的配置项已经定义整体环境变量,则不需要在这里修改 @@ -10,9 +10,9 @@ echo "Process overrides for default configs..." # 设置默认监听地址为 localhost ,防止初始化操作期间外部链接,在容器初始化完成后修改为监听所有地址 sed -i -E "s/^#listen_addresses .*/listen_addresses = \'localhost\'/g" ${POSTGRESQL_CONF} -sed -i -E "s/^data_directory .*/data_directory = \'\/srv\/data\/postgresql\/${PG_MAJOR}\'/g" ${POSTGRESQL_CONF} -sed -i -E "s/^hba_file .*/hba_file = \'\/srv\/conf\/postgresql\/${PG_MAJOR}\/main\/pg_hba.conf\'/g" ${POSTGRESQL_CONF} -sed -i -E "s/^ident_file .*/ident_file = \'\/srv\/conf\/postgresql\/${PG_MAJOR}\/main\/pg_ident.conf\'/g" ${POSTGRESQL_CONF} +sed -i -E "s/^data_directory .*/data_directory = \'\/srv\/data\/postgresql\/${APP_VERSION}\'/g" ${POSTGRESQL_CONF} +sed -i -E "s/^hba_file .*/hba_file = \'\/srv\/conf\/postgresql\/${APP_VERSION}\/main\/pg_hba.conf\'/g" ${POSTGRESQL_CONF} +sed -i -E "s/^ident_file .*/ident_file = \'\/srv\/conf\/postgresql\/${APP_VERSION}\/main\/pg_ident.conf\'/g" ${POSTGRESQL_CONF} sed -i -E "s/^#external_pid_file .*/external_pid_file = \'\/var\/run\/postgresql\/postgresql.pid\'/g" ${POSTGRESQL_CONF} sed -i -E "s/^max_connections .*/max_connections = 2000/g" ${POSTGRESQL_CONF} sed -i -E "s/^#password_encryption .*/password_encryption = md5/g" ${POSTGRESQL_CONF} diff --git a/10/prebuilds/usr/local/scripts/libcommon.sh b/10/prebuilds/usr/local/scripts/libcommon.sh index b76479e..3fb54dd 100644 --- a/10/prebuilds/usr/local/scripts/libcommon.sh +++ b/10/prebuilds/usr/local/scripts/libcommon.sh @@ -1,4 +1,5 @@ #!/bin/bash +# Ver: 1.0 by Endial Fang (endial@126.com) # # shellcheck disable=SC1091 @@ -6,7 +7,7 @@ BOLD='\033[1m' # 加载依赖项 -. /usr/local/scripts/liblog.sh +. /usr/local/scripts/liblog.sh # 日志输出函数库 # 函数列表 diff --git a/10/prebuilds/usr/local/scripts/libdownload.sh b/10/prebuilds/usr/local/scripts/libdownload.sh index 7c79454..c83513d 100644 --- a/10/prebuilds/usr/local/scripts/libdownload.sh +++ b/10/prebuilds/usr/local/scripts/libdownload.sh @@ -1,4 +1,5 @@ #!/bin/bash +# Ver: 1.0 by Endial Fang (endial@126.com) # # 从服务器(列表)下载相应软件包 diff --git a/10/prebuilds/usr/local/scripts/libfile.sh b/10/prebuilds/usr/local/scripts/libfile.sh index 9da26fa..1e664c1 100644 --- a/10/prebuilds/usr/local/scripts/libfile.sh +++ b/10/prebuilds/usr/local/scripts/libfile.sh @@ -1,7 +1,11 @@ #!/bin/bash +# Ver: 1.0 by Endial Fang (endial@126.com) # # 文件操作函数库 +# 加载依赖项 +. /usr/local/scripts/liblog.sh # 日志输出函数库 + # 函数列表 # 检测"*_FILE"文件,并从文件中读取信息作为参数值;环境变量不允许 VAR 与 VAR_FILE 方式并存 diff --git a/10/prebuilds/usr/local/scripts/libfs.sh b/10/prebuilds/usr/local/scripts/libfs.sh index 2ab7c7d..dfcb7cc 100644 --- a/10/prebuilds/usr/local/scripts/libfs.sh +++ b/10/prebuilds/usr/local/scripts/libfs.sh @@ -1,9 +1,10 @@ #!/bin/bash +# Ver: 1.0 by Endial Fang (endial@126.com) # # 文件管理函数库 # 加载依赖项 -. /usr/local/scripts/liblog.sh +. /usr/local/scripts/liblog.sh # 日志输出函数库 # 函数列表 diff --git a/10/prebuilds/usr/local/scripts/liblog.sh b/10/prebuilds/usr/local/scripts/liblog.sh index 8901e8c..3d91af4 100644 --- a/10/prebuilds/usr/local/scripts/liblog.sh +++ b/10/prebuilds/usr/local/scripts/liblog.sh @@ -1,4 +1,5 @@ #!/bin/bash +# Ver: 1.0 by Endial Fang (endial@126.com) # # 日志处理函数库 diff --git a/10/prebuilds/usr/local/scripts/libnet.sh b/10/prebuilds/usr/local/scripts/libnet.sh index be3c1ff..b5136c7 100644 --- a/10/prebuilds/usr/local/scripts/libnet.sh +++ b/10/prebuilds/usr/local/scripts/libnet.sh @@ -1,11 +1,12 @@ #!/bin/bash +# Ver: 1.0 by Endial Fang (endial@126.com) # # 网络管理函数库 # shellcheck disable=SC1091 # 加载依赖项 -. /usr/local/scripts/liblog.sh +. /usr/local/scripts/liblog.sh # 日志输出函数库 # 函数列表 diff --git a/10/prebuilds/usr/local/scripts/libos.sh b/10/prebuilds/usr/local/scripts/libos.sh index 680c498..db4fcb2 100644 --- a/10/prebuilds/usr/local/scripts/libos.sh +++ b/10/prebuilds/usr/local/scripts/libos.sh @@ -1,11 +1,12 @@ #!/bin/bash +# Ver: 1.0 by Endial Fang (endial@126.com) # # 操作系统控制函数库 # shellcheck disable=SC1091 # 加载依赖项 -. /usr/local/scripts/liblog.sh +. /usr/local/scripts/liblog.sh # 日志输出函数库 # 函数列表 diff --git a/10/prebuilds/usr/local/scripts/libservice.sh b/10/prebuilds/usr/local/scripts/libservice.sh index a4ab489..5d0948c 100644 --- a/10/prebuilds/usr/local/scripts/libservice.sh +++ b/10/prebuilds/usr/local/scripts/libservice.sh @@ -1,11 +1,12 @@ #!/bin/bash +# Ver: 1.0 by Endial Fang (endial@126.com) # # 服务管理函数库 # shellcheck disable=SC1091 -# Load Generic Libraries -. /usr/local/scripts/libvalidations.sh +# 加载依赖项 +. /usr/local/scripts/liblog.sh # 日志输出函数库 # 函数列表 diff --git a/10/prebuilds/usr/local/scripts/libvalidations.sh b/10/prebuilds/usr/local/scripts/libvalidations.sh index c84fb74..7f435cc 100644 --- a/10/prebuilds/usr/local/scripts/libvalidations.sh +++ b/10/prebuilds/usr/local/scripts/libvalidations.sh @@ -1,9 +1,10 @@ #!/bin/bash +# Ver: 1.0 by Endial Fang (endial@126.com) # # 数据有效性校验函数库 # 加载依赖项 -. /usr/local/scripts/liblog.sh +. /usr/local/scripts/liblog.sh # 日志输出函数库 # 函数列表