[feat:12]修改Debian系统Dockerfiler,使用新的镜像编译方式
This commit is contained in:
+140
-116
@@ -1,26 +1,122 @@
|
||||
# Ver: 1.0 by Endial Fang (endial@126.com)
|
||||
# Ver: 1.2 by Endial Fang (endial@126.com)
|
||||
#
|
||||
# 指定原始系统镜像,常用镜像为 colovu/ubuntu:18.04、colovu/debian:10、colovu/alpine:3.12、colovu/openjdk:8u252-jre
|
||||
FROM colovu/debian:10
|
||||
|
||||
# ARG参数使用"--build-arg"指定,如 "--build-arg apt_source=tencent"
|
||||
# 预处理 =========================================================================
|
||||
FROM colovu/dbuilder as builder
|
||||
|
||||
# sources.list 可使用版本:default / tencent / ustc / aliyun / huawei
|
||||
ARG apt_source=default
|
||||
|
||||
# 外部指定应用版本信息,如 "--build-arg app_ver=6.0.0"
|
||||
ARG app_ver=11
|
||||
|
||||
# 编译镜像时指定本地服务器地址,如 "--build-arg local_url=http://172.29.14.108/dist-files/"
|
||||
# 编译镜像时指定用于加速的本地服务器地址
|
||||
ARG local_url=""
|
||||
|
||||
# 定义应用基础常量信息,该常量在容器内可使用
|
||||
ENV APP_NAME=postgresql \
|
||||
APP_EXEC=postgres \
|
||||
APP_USER=postgres \
|
||||
APP_VERSION=${app_ver}
|
||||
APP_VERSION=12.4
|
||||
|
||||
# 定义应用基础目录信息,该常量在容器内可使用
|
||||
ENV APP_HOME_DIR=/usr/lib/${APP_NAME}/${app_ver} \
|
||||
WORKDIR /usr/local
|
||||
|
||||
RUN select_source ${apt_source};
|
||||
#RUN install_pkg bison coreutils flex libedit-dev libxml2-dev libxslt-dev util-linux-dev zlib-dev icu-dev \
|
||||
RUN install_pkg bison flex libedit-dev libxml2-dev libxslt-dev zlib1g-dev libreadline-dev uuid-dev \
|
||||
libperl-dev
|
||||
|
||||
# 下载并解压软件包
|
||||
RUN set -eux; \
|
||||
appName="${APP_NAME}-${APP_VERSION}.tar.bz2"; \
|
||||
sha256="bee93fbe2c32f59419cb162bcc0145c58da9a8644ee154a30b9a5ce47de606cc"; \
|
||||
[ ! -z ${local_url} ] && localURL=${local_url}/${APP_NAME}; \
|
||||
appUrls="${localURL:-} \
|
||||
https://ftp.postgresql.org/pub/source/v${APP_VERSION} \
|
||||
"; \
|
||||
download_pkg unpack ${appName} "${appUrls}" -s "${sha256}";
|
||||
|
||||
# 源码编译软件包
|
||||
RUN set -eux; \
|
||||
# 源码编译方式安装: 编译后将原始配置文件拷贝至 ${APP_DEF_DIR} 中
|
||||
APP_SRC="/usr/local/${APP_NAME}-${APP_VERSION}"; \
|
||||
mkdir -p /usr/local/${APP_NAME}/bin /usr/local/${APP_NAME}/lib; \
|
||||
cd ${APP_SRC}; \
|
||||
\
|
||||
# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian)
|
||||
# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f
|
||||
awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new; \
|
||||
grep '/var/run/postgresql' src/include/pg_config_manual.h.new; \
|
||||
mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h; \
|
||||
gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
|
||||
# explicitly update autoconf config.guess and config.sub so they support more arches/libcs
|
||||
wget -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb'; \
|
||||
wget -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb'; \
|
||||
\
|
||||
# configure options taken from:
|
||||
# https://anonscm.debian.org/cgit/pkg-postgresql/postgresql.git/tree/debian/rules?h=9.5
|
||||
./configure \
|
||||
--prefix=/usr/local/${APP_NAME} \
|
||||
--build="$gnuArch" \
|
||||
--enable-integer-datetimes \
|
||||
--enable-thread-safety \
|
||||
# --enable-tap-tests \
|
||||
--disable-rpath \
|
||||
--with-uuid=e2fs \
|
||||
--with-gnu-ld \
|
||||
--with-pgport=5432 \
|
||||
--with-system-tzdata=/usr/share/zoneinfo \
|
||||
--prefix=/usr/local \
|
||||
--with-includes=/usr/local/include \
|
||||
--with-libraries=/usr/local/lib \
|
||||
--with-openssl \
|
||||
--with-libxml \
|
||||
--with-libxslt \
|
||||
--with-icu \
|
||||
--with-libuuid \
|
||||
# "/usr/src/postgresql/src/backend/access/common/tupconvert.c:105: undefined reference to `libintl_gettext'"
|
||||
# --enable-nls \
|
||||
# these make our image abnormally large (at least 100MB larger), which seems uncouth for an "Alpine" (ie, "small") variant :)
|
||||
# --enable-debug \
|
||||
# --with-krb5 \
|
||||
# --with-gssapi \
|
||||
# --with-ldap \
|
||||
# --with-tcl \
|
||||
# --with-perl \
|
||||
# --with-python \
|
||||
# --with-pam \
|
||||
; \
|
||||
make PG_SYSROOT=/usr/local/${APP_NAME} -j "$(nproc)" world; \
|
||||
make PREFIX=/usr/local/${APP_NAME} install-world; \
|
||||
make PREFIX=/usr/local/${APP_NAME} -C contrib install; \
|
||||
runDeps="$( \
|
||||
# scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \
|
||||
# | tr ',' '\n' \
|
||||
# | sort -u \
|
||||
# | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
|
||||
find /usr/local -type f -executable -exec ldd '{}' ';' \
|
||||
| awk '/=>/ { print $(NF-1) }' \
|
||||
| sort -u \
|
||||
| xargs -r dpkg-query --search \
|
||||
| cut -d: -f1 \
|
||||
| sort -u; \
|
||||
)"; \
|
||||
echo "${runDeps}" >/usr/local/${APP_NAME}/runDeps; \
|
||||
mv /usr/local/lib/* /usr/local/${APP_NAME}/lib/; \
|
||||
mv /usr/local/bin/* /usr/local/${APP_NAME}/bin/; \
|
||||
mkdir -p /usr/local/${APP_NAME}/share; \
|
||||
mv /usr/local/share/${APP_NAME} /usr/local/${APP_NAME}/share; \
|
||||
find /usr/local -name '*.a' -delete;
|
||||
|
||||
|
||||
#ENV LD_LIBRARY_PATH=/usr/local/${APP_NAME}/lib
|
||||
|
||||
# 镜像生成 ========================================================================
|
||||
FROM colovu/debian:10
|
||||
|
||||
ARG apt_source=default
|
||||
ARG local_url=""
|
||||
|
||||
ENV APP_NAME=postgresql \
|
||||
APP_USER=postgres \
|
||||
APP_EXEC=postgres \
|
||||
APP_VERSION=12.4
|
||||
|
||||
ENV APP_HOME_DIR=/usr/local/${APP_NAME} \
|
||||
APP_DEF_DIR=/etc/${APP_NAME} \
|
||||
APP_CONF_DIR=/srv/conf/${APP_NAME} \
|
||||
APP_DATA_DIR=/srv/data/${APP_NAME} \
|
||||
@@ -30,124 +126,52 @@ ENV APP_HOME_DIR=/usr/lib/${APP_NAME}/${app_ver} \
|
||||
APP_LOG_DIR=/var/log/${APP_NAME} \
|
||||
APP_CERT_DIR=/srv/cert/${APP_NAME}
|
||||
|
||||
# 设置应用需要的特定环境变量
|
||||
ENV \
|
||||
PATH="${APP_HOME_DIR}/bin:${PATH}"
|
||||
PATH="${APP_HOME_DIR}/bin:${PATH}" \
|
||||
LD_LIBRARY_PATH=${APP_HOME_DIR}/lib
|
||||
|
||||
LABEL \
|
||||
"Version"="v${app_ver}" \
|
||||
"Description"="Docker image for ${APP_NAME}(v${app_ver})." \
|
||||
"Version"="v${APP_VERSION}" \
|
||||
"Description"="Docker image for ${APP_NAME}(v${APP_VERSION})." \
|
||||
"Dockerfile"="https://github.com/colovu/docker-${APP_NAME}" \
|
||||
"Vendor"="Endial Fang (endial@126.com)"
|
||||
|
||||
# 拷贝默认 Shell 脚本至容器相关目录中
|
||||
COPY prebuilds /
|
||||
|
||||
# 镜像内相应应用及依赖软件包的安装脚本;以下脚本可按照不同需求拆分为多个段,但需要注意各个段在结束前需要清空缓存
|
||||
RUN \
|
||||
# 设置程序使用静默安装,而非交互模式;默认情况下,类似 tzdata/gnupg/ca-certificates 等程序配置需要交互
|
||||
export DEBIAN_FRONTEND=noninteractive; \
|
||||
\
|
||||
# 设置 shell 执行参数,分别为 -e(命令执行错误则退出脚本) -u(变量未定义则报错) -x(打印实际待执行的命令行)
|
||||
set -eux; \
|
||||
\
|
||||
# 更改源为当次编译指定的源
|
||||
cp /etc/apt/sources.list.${apt_source} /etc/apt/sources.list; \
|
||||
\
|
||||
# 为应用创建对应的组、用户、相关目录
|
||||
export APP_DIRS="${APP_DEF_DIR:-} ${APP_CONF_DIR:-} ${APP_DATA_DIR:-} ${APP_CACHE_DIR:-} ${APP_RUN_DIR:-} ${APP_LOG_DIR:-} ${APP_CERT_DIR:-} ${APP_DATA_LOG_DIR:-} ${APP_HOME_DIR:-${APP_DATA_DIR}}"; \
|
||||
mkdir -p ${APP_DIRS}; \
|
||||
groupadd -r -g 998 ${APP_USER}; \
|
||||
useradd -r -g ${APP_USER} -u 999 -s /bin/bash -d ${APP_DATA_DIR} ${APP_USER}; \
|
||||
\
|
||||
# 应用软件包及依赖项。相关软件包在镜像创建完成时,不会被清理
|
||||
appDeps=" \
|
||||
postgresql-${APP_VERSION} \
|
||||
postgresql-common \
|
||||
pgdg-keyring \
|
||||
libnss-wrapper \
|
||||
xz-utils \
|
||||
"; \
|
||||
savedAptMark="$(apt-mark showmanual) ${appDeps}"; \
|
||||
\
|
||||
\
|
||||
\
|
||||
# 安装临时使用的软件包及依赖项。相关软件包在镜像创建完后时,会被清理
|
||||
fetchDeps=" \
|
||||
dirmngr \
|
||||
gnupg \
|
||||
libicu-dev \
|
||||
"; \
|
||||
apt-get update; \
|
||||
apt-get install -y --no-install-recommends ${fetchDeps}; \
|
||||
\
|
||||
\
|
||||
\
|
||||
GPG_KEY='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8'; \
|
||||
export GNUPGHOME="$(mktemp -d)"; \
|
||||
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "${GPG_KEY}"|| \
|
||||
gpg --batch --keyserver pgp.mit.edu --recv-keys "$GPG_KEY" || \
|
||||
gpg --batch --keyserver keys.gnupg.net --recv-keys "$GPG_KEY" || \
|
||||
gpg --batch --keyserver keyserver.pgp.com --recv-keys "$GPG_KEY"; \
|
||||
gpg --batch --export "${GPG_KEY}" > /etc/apt/trusted.gpg.d/postgres.gpg; \
|
||||
command -v gpgconf > /dev/null && gpgconf --kill all; \
|
||||
rm -rf "$GNUPGHOME"; \
|
||||
apt-key list; \
|
||||
\
|
||||
\
|
||||
\
|
||||
# 包管理方式安装: 增加软件包特有源,并使用系统包管理方式安装软件; 安装后需要确认 ${APP_DEF_DIR} 目录中存在原始配置文件
|
||||
echo "deb http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main ${APP_VERSION}" >> /etc/apt/sources.list; \
|
||||
echo "deb-src http://apt.postgresql.org/pub/repos/apt/ buster-pgdg main ${APP_VERSION}" >> /etc/apt/sources.list; \
|
||||
apt-get update; \
|
||||
apt-get install -y --no-install-recommends ${appDeps}; \
|
||||
\
|
||||
\
|
||||
\
|
||||
# 设置应用关联目录的权限信息
|
||||
chown -Rf ${APP_USER}:${APP_USER} ${APP_DIRS}; \
|
||||
\
|
||||
# 查找新安装的应用及应用依赖软件包,并标识为'manual',防止后续自动清理时被删除
|
||||
apt-mark auto '.*' > /dev/null; \
|
||||
{ [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; }; \
|
||||
find /usr/local -type f -executable -exec ldd '{}' ';' \
|
||||
| awk '/=>/ { print $(NF-1) }' \
|
||||
| sort -u \
|
||||
| xargs -r dpkg-query --search \
|
||||
| cut -d: -f1 \
|
||||
| sort -u \
|
||||
| xargs -r apt-mark manual; \
|
||||
\
|
||||
# 删除安装的临时依赖软件包,清理缓存
|
||||
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false ${fetchDeps}; \
|
||||
apt-get autoclean -y; \
|
||||
rm -rf /var/lib/apt/lists/*; \
|
||||
:;
|
||||
|
||||
# 拷贝应用专用 Shell 脚本至容器相关目录中
|
||||
COPY customer /
|
||||
|
||||
# 以包管理方式安装软件包(Optional)
|
||||
RUN select_source ${apt_source}
|
||||
RUN install_pkg uuid
|
||||
#RUN install_pkg bash tini sudo libssl1.1
|
||||
|
||||
RUN create_user && prepare_env
|
||||
|
||||
# 从预处理过程中拷贝软件包(Optional)
|
||||
#COPY --from=0 /usr/local/bin/gosu-amd64 /usr/local/bin/gosu
|
||||
#COPY --from=builder /usr/local/bin /usr/local/postgresql/bin
|
||||
#COPY --from=builder /usr/local/lib /usr/local/lib
|
||||
COPY --from=builder ${APP_HOME_DIR} ${APP_HOME_DIR}
|
||||
|
||||
RUN install_pkg `cat ${APP_HOME_DIR}/runDeps`;
|
||||
|
||||
# 执行预处理脚本,并验证安装的软件包
|
||||
RUN set -eux; \
|
||||
# 设置容器入口脚本的可执行权限
|
||||
chmod +x /usr/local/bin/entrypoint.sh; \
|
||||
\
|
||||
# 检测是否存在对应版本的 overrides 脚本文件;如果存在,执行
|
||||
{ [ ! -e "/usr/local/overrides/overrides-${app_ver}.sh" ] || /bin/bash "/usr/local/overrides/overrides-${app_ver}.sh"; }; \
|
||||
\
|
||||
# 验证安装的软件是否可以正常运行,常规情况下放置在命令行的最后
|
||||
override_file="/usr/local/overrides/overrides-${APP_VERSION}.sh"; \
|
||||
[ -e "${override_file}" ] && /bin/bash "${override_file}"; \
|
||||
# cp -rf ${APP_HOME_DIR}/share/${APP_NAME} /etc/; \
|
||||
# mkdir -p ${APP_DEF_DIR}/conf.d; \
|
||||
export LD_LIBRARY_PATH=${APP_HOME_DIR}/lib; \
|
||||
gosu ${APP_USER} ${APP_EXEC} --version ; \
|
||||
:;
|
||||
|
||||
# 默认提供的数据卷
|
||||
VOLUME ["/srv/conf", "/srv/data", "/srv/cert", "/srv/datalog", "/var/log"]
|
||||
VOLUME ["/srv/conf", "/srv/data", "/srv/datalog", "/srv/cert", "/var/log"]
|
||||
|
||||
# 默认使用gosu切换为新建用户启动,必须保证端口在1024之上
|
||||
EXPOSE 5432
|
||||
|
||||
# 容器初始化命令,默认存放在:/usr/local/bin/entrypoint.sh
|
||||
ENTRYPOINT ["entrypoint.sh"]
|
||||
|
||||
WORKDIR ${APP_HOME_DIR}
|
||||
# 容器初始化命令,默认存放在:/usr/local/bin/entry.sh
|
||||
ENTRYPOINT ["entry.sh"]
|
||||
|
||||
# 应用程序的服务命令,必须使用非守护进程方式运行。如果使用变量,则该变量必须在运行环境中存在(ENV可以获取)
|
||||
CMD ["${APP_EXEC}", "--config-file=${PG_CONF_FILE}"]
|
||||
CMD ["${APP_EXEC}", "-D", "${PGDATA}"]
|
||||
|
||||
|
||||
+223
-253
@@ -5,12 +5,12 @@
|
||||
|
||||
# 加载依赖脚本
|
||||
. /usr/local/scripts/libcommon.sh # 通用函数库
|
||||
|
||||
. /usr/local/scripts/libfile.sh
|
||||
. /usr/local/scripts/libfs.sh
|
||||
. /usr/local/scripts/libos.sh
|
||||
. /usr/local/scripts/libservice.sh
|
||||
. /usr/local/scripts/libvalidations.sh
|
||||
. /usr/local/scripts/libnet.sh
|
||||
|
||||
# 函数列表
|
||||
|
||||
@@ -21,104 +21,101 @@
|
||||
# *_* : 应用配置文件使用的全局变量,变量名根据配置项定义
|
||||
# 返回值:
|
||||
# 可以被 'eval' 使用的序列化输出
|
||||
docker_app_env() {
|
||||
cat <<"EOF"
|
||||
# Common Settings
|
||||
export ENV_DEBUG=${ENV_DEBUG:-false}
|
||||
export ALLOW_EMPTY_PASSWORD="${ALLOW_EMPTY_PASSWORD:-no}"
|
||||
app_env() {
|
||||
cat <<-'EOF'
|
||||
# Common Settings
|
||||
export ENV_DEBUG=${ENV_DEBUG:-false}
|
||||
export ALLOW_ANONYMOUS_LOGIN="${ALLOW_ANONYMOUS_LOGIN:-no}"
|
||||
|
||||
# Paths
|
||||
export APP_DATA_LOG_DIR="${PG_INITDB_WAL_DIR:-${APP_DATA_LOG_DIR}}"
|
||||
export PG_DATA_DIR="${PG_DATA_DIR:-${APP_DATA_DIR}/${APP_VERSION}}"
|
||||
export PGDATA="${PG_DATA_DIR}"
|
||||
# Paths configuration
|
||||
export PGDATA="${APP_DATA_DIR}/data"
|
||||
export PG_INITDB_WAL_DIR="${PG_INITDB_WAL_DIR:-${APP_DATA_LOG_DIR}}"
|
||||
|
||||
export PG_CONF_FILE="${APP_CONF_DIR}/${APP_VERSION}/main/postgresql.conf"
|
||||
export PG_HBA_FILE="${APP_CONF_DIR}/${APP_VERSION}/main/pg_hba.conf"
|
||||
export PG_IDENT_FILE="${APP_CONF_DIR}/${APP_VERSION}/main/pg_ident.conf"
|
||||
export PG_RECOVERY_FILE="${PG_DATA_DIR}/recovery.conf"
|
||||
export PG_PID_FILE="${APP_RUN_DIR}/postgresql.pid"
|
||||
export PG_LOG_FILE="${APP_LOG_DIR}/postgresql.log"
|
||||
export PG_CONF_FILE="${PGDATA}/postgresql.conf"
|
||||
export PG_HBA_FILE="${PGDATA}/pg_hba.conf"
|
||||
export PG_IDENT_FILE="${PGDATA}/pg_ident.conf"
|
||||
export PG_RECOVERY_FILE="${PGDATA}/recovery.conf"
|
||||
|
||||
# Users
|
||||
export PG_PID_FILE="${APP_RUN_DIR}/postgresql.pid"
|
||||
export PG_LOG_FILE="${APP_LOG_DIR}/postgresql.log"
|
||||
|
||||
# Cluster configuration
|
||||
export PG_CLUSTER_APP_NAME=${PG_CLUSTER_APP_NAME:-cvreceiver}
|
||||
export PG_REPLICATION_MODE="${PG_REPLICATION_MODE:-master}"
|
||||
# Cluster configuration
|
||||
export PG_CLUSTER_APP_NAME=${PG_CLUSTER_APP_NAME:-cvcluster}
|
||||
export PG_REPLICATION_MODE="${PG_REPLICATION_MODE:-master}"
|
||||
|
||||
export PG_MASTER_HOST="${PG_MASTER_HOST:-}"
|
||||
export PG_MASTER_PORT_NUMBER="${PG_MASTER_PORT_NUMBER:-5432}"
|
||||
export PG_NUM_SYNCHRONOUS_REPLICAS="${PG_NUM_SYNCHRONOUS_REPLICAS:-0}"
|
||||
export PG_REPLICATION_USER="${PG_REPLICATION_USER:-}"
|
||||
export PG_REPLICATION_PASSWORD="${PG_REPLICATION_PASSWORD:-}"
|
||||
export PG_MASTER_HOST="${PG_MASTER_HOST:-}"
|
||||
export PG_MASTER_PORT_NUMBER="${PG_MASTER_PORT_NUMBER:-5432}"
|
||||
export PG_NUM_SYNCHRONOUS_REPLICAS="${PG_NUM_SYNCHRONOUS_REPLICAS:-0}"
|
||||
export PG_REPLICATION_USER="${PG_REPLICATION_USER:-}"
|
||||
export PG_REPLICATION_PASSWORD="${PG_REPLICATION_PASSWORD:-}"
|
||||
|
||||
export PG_SYNCHRONOUS_COMMIT_MODE="${PG_SYNCHRONOUS_COMMIT_MODE:-on}"
|
||||
export PG_FSYNC="${PG_FSYNC:-on}"
|
||||
export PG_SYNCHRONOUS_COMMIT_MODE="${PG_SYNCHRONOUS_COMMIT_MODE:-on}"
|
||||
export PG_FSYNC="${PG_FSYNC:-on}"
|
||||
|
||||
# PostgreSQL settings
|
||||
export PG_INIT_MAX_TIMEOUT=${PG_INIT_MAX_TIMEOUT:-60}
|
||||
export PG_INITDB_ARGS="${PG_INITDB_ARGS:-}"
|
||||
export PG_PORT_NUMBER="${PG_PORT_NUMBER:-5432}"
|
||||
# PostgreSQL settings
|
||||
export PG_INIT_MAX_TIMEOUT=${PG_INIT_MAX_TIMEOUT:-60}
|
||||
export PG_INITDB_ARGS="${PG_INITDB_ARGS:-}"
|
||||
export PG_PORT_NUMBER="${PG_PORT_NUMBER:-5432}"
|
||||
export PG_HOST_AUTH_METHOD="${PG_HOST_AUTH_METHOD:-md5}"
|
||||
|
||||
# PostgreSQL TLS Settings
|
||||
# PostgreSQL TLS Settings
|
||||
|
||||
# PostgreSQL LDAP Settings
|
||||
export PG_ENABLE_LDAP="${PG_ENABLE_LDAP:-no}"
|
||||
export PG_LDAP_URL="${PG_LDAP_URL:-}"
|
||||
export PG_LDAP_PREFIX="${PG_LDAP_PREFIX:-}"
|
||||
export PG_LDAP_SUFFIX="${PG_LDAP_SUFFIX:-}"
|
||||
export PG_LDAP_SERVER="${PG_LDAP_SERVER:-}"
|
||||
export PG_LDAP_PORT="${PG_LDAP_PORT:-}"
|
||||
export PG_LDAP_SCHEME="${PG_LDAP_SCHEME:-}"
|
||||
export PG_LDAP_TLS="${PG_LDAP_TLS:-}"
|
||||
export PG_LDAP_BASE_DN="${PG_LDAP_BASE_DN:-}"
|
||||
export PG_LDAP_BIND_DN="${PG_LDAP_BIND_DN:-}"
|
||||
export PG_LDAP_BIND_PASSWORD="${PG_LDAP_BIND_PASSWORD:-}"
|
||||
export PG_LDAP_SEARCH_ATTR="${PG_LDAP_SEARCH_ATTR:-}"
|
||||
export PG_LDAP_SEARCH_FILTER="${PG_LDAP_SEARCH_FILTER:-}"
|
||||
# PostgreSQL LDAP Settings
|
||||
export PG_ENABLE_LDAP="${PG_ENABLE_LDAP:-no}"
|
||||
export PG_LDAP_URL="${PG_LDAP_URL:-}"
|
||||
export PG_LDAP_PREFIX="${PG_LDAP_PREFIX:-}"
|
||||
export PG_LDAP_SUFFIX="${PG_LDAP_SUFFIX:-}"
|
||||
export PG_LDAP_SERVER="${PG_LDAP_SERVER:-}"
|
||||
export PG_LDAP_PORT="${PG_LDAP_PORT:-}"
|
||||
export PG_LDAP_SCHEME="${PG_LDAP_SCHEME:-}"
|
||||
export PG_LDAP_TLS="${PG_LDAP_TLS:-}"
|
||||
export PG_LDAP_BASE_DN="${PG_LDAP_BASE_DN:-}"
|
||||
export PG_LDAP_BIND_DN="${PG_LDAP_BIND_DN:-}"
|
||||
export PG_LDAP_BIND_PASSWORD="${PG_LDAP_BIND_PASSWORD:-}"
|
||||
export PG_LDAP_SEARCH_ATTR="${PG_LDAP_SEARCH_ATTR:-}"
|
||||
export PG_LDAP_SEARCH_FILTER="${PG_LDAP_SEARCH_FILTER:-}"
|
||||
|
||||
# Authentication
|
||||
export PG_USERNAME="${PG_USERNAME:-postgres}"
|
||||
export PG_PASSWORD="${PG_PASSWORD:-}"
|
||||
export PG_DATABASE="${PG_DATABASE:-postgres}"
|
||||
# Authentication
|
||||
export PG_USERNAME="${PG_USERNAME:-postgres}"
|
||||
export PG_PASSWORD="${PG_PASSWORD:-}"
|
||||
export PG_DATABASE="${PG_DATABASE:-postgres}"
|
||||
|
||||
export PG_INITSCRIPTS_USERNAME="${PG_INITSCRIPTS_USERNAME:-${PG_USERNAME}}"
|
||||
export PG_INITSCRIPTS_PASSWORD="${PG_INITSCRIPTS_PASSWORD:-${PG_PASSWORD}}"
|
||||
export PG_INITSCRIPTS_USERNAME="${PG_INITSCRIPTS_USERNAME:-${PG_USERNAME}}"
|
||||
export PG_INITSCRIPTS_PASSWORD="${PG_INITSCRIPTS_PASSWORD:-${PG_PASSWORD}}"
|
||||
EOF
|
||||
|
||||
# 利用 *_FILE 设置密码,不在配置命令中设置密码,增强安全性
|
||||
if [[ -f "${PG_POSTGRES_PASSWORD_FILE:-}" ]]; then
|
||||
cat <<"EOF"
|
||||
export PG_POSTGRES_PASSWORD="$(< "${PG_POSTGRES_PASSWORD_FILE}")"
|
||||
cat <<-'EOF'
|
||||
export PG_POSTGRES_PASSWORD="$(< "${PG_POSTGRES_PASSWORD_FILE}")"
|
||||
EOF
|
||||
else
|
||||
cat <<"EOF"
|
||||
export PG_POSTGRES_PASSWORD="${PG_POSTGRES_PASSWORD:-}"
|
||||
cat <<-'EOF'
|
||||
export PG_POSTGRES_PASSWORD="${PG_POSTGRES_PASSWORD:-}"
|
||||
EOF
|
||||
fi
|
||||
|
||||
if [[ -f "${PG_PASSWORD_FILE:-}" ]]; then
|
||||
cat <<"EOF"
|
||||
export PG_PASSWORD="$(< "${PG_PASSWORD_FILE}")"
|
||||
cat <<-'EOF'
|
||||
export PG_PASSWORD="$(< "${PG_PASSWORD_FILE}")"
|
||||
EOF
|
||||
fi
|
||||
|
||||
if [[ -f "${PG_REPLICATION_PASSWORD_FILE:-}" ]]; then
|
||||
cat <<"EOF"
|
||||
export PG_REPLICATION_PASSWORD="$(< "${PG_REPLICATION_PASSWORD_FILE}")"
|
||||
cat <<-'EOF'
|
||||
export PG_REPLICATION_PASSWORD="$(< "${PG_REPLICATION_PASSWORD_FILE}")"
|
||||
EOF
|
||||
fi
|
||||
}
|
||||
|
||||
# 配置 libnss_wrapper 以使得 PostgreSQL 命令可以以任意用户身份执行
|
||||
# 全局变量:
|
||||
# PG_*
|
||||
postgresql_enable_nss_wrapper() {
|
||||
if ! getent passwd "$(id -u)" &> /dev/null && [ -e /usr/lib/libnss_wrapper.so ]; then
|
||||
LOG_D "Configuring libnss_wrapper..."
|
||||
export LD_PRELOAD='/usr/lib/libnss_wrapper.so'
|
||||
export NSS_WRAPPER_PASSWD="$(mktemp)"
|
||||
export NSS_WRAPPER_GROUP="$(mktemp)"
|
||||
echo "postgres:x:$(id -u):$(id -g):PostgreSQL:${PG_DATA_DIR}:/bin/false" > "$NSS_WRAPPER_PASSWD"
|
||||
echo "postgres:x:$(id -u):$(id -g):PostgreSQL:${PGDATA}:/bin/false" > "$NSS_WRAPPER_PASSWD"
|
||||
echo "postgres:x:$(id -g):" > "$NSS_WRAPPER_GROUP"
|
||||
fi
|
||||
}
|
||||
@@ -164,8 +161,6 @@ postgresql_common_conf_set() {
|
||||
}
|
||||
|
||||
# 更新 postgresql.conf 配置文件中指定变量值
|
||||
# 全局变量:
|
||||
# PG_CONF_FILE
|
||||
# 变量:
|
||||
# $1 - 变量
|
||||
# $2 - 值(列表)
|
||||
@@ -174,8 +169,6 @@ postgresql_conf_set() {
|
||||
}
|
||||
|
||||
# 更新 pg_hba.conf 配置文件中指定变量值
|
||||
# 全局变量:
|
||||
# PG_HBA_FILE
|
||||
# 变量:
|
||||
# $1 - 变量
|
||||
# $2 - 值(列表)
|
||||
@@ -184,8 +177,6 @@ postgresql_hba_set() {
|
||||
}
|
||||
|
||||
# 更新 pg_ident.conf 配置文件中指定变量值
|
||||
# 全局变量:
|
||||
# PG_IDENT_FILE
|
||||
# 变量:
|
||||
# $1 - 变量
|
||||
# $2 - 值(列表)
|
||||
@@ -194,8 +185,6 @@ postgresql_ident_set() {
|
||||
}
|
||||
|
||||
# 更新 recover.conf 配置文件中指定变量值
|
||||
# 全局变量:
|
||||
# PG_CONF_FILE
|
||||
# 变量:
|
||||
# $1 - 变量
|
||||
# $2 - 值(列表)
|
||||
@@ -204,68 +193,59 @@ postgresql_recover_set() {
|
||||
}
|
||||
|
||||
# 初始化 pg_hba.conf 文件,增加 LDAP 配置;同时保留本地认证
|
||||
# 全局变量:
|
||||
# PG_*
|
||||
postgresql_ldap_auth_configuration() {
|
||||
LOG_I "Generating LDAP authentication configuration"
|
||||
local ldap_configuration=""
|
||||
|
||||
if [[ -n "$PG_LDAP_URL" ]]; then
|
||||
if [[ -n "${PG_LDAP_URL}" ]]; then
|
||||
ldap_configuration="ldapurl=\"${PG_LDAP_URL}\""
|
||||
else
|
||||
ldap_configuration="ldapserver=${PG_LDAP_SERVER}"
|
||||
|
||||
[[ -n "$PG_LDAP_PREFIX" ]] && ldap_configuration+=" ldapprefix=\"${PG_LDAP_PREFIX}\""
|
||||
[[ -n "$PG_LDAP_SUFFIX" ]] && ldap_configuration+=" ldapsuffix=\"${PG_LDAP_SUFFIX}\""
|
||||
[[ -n "$PG_LDAP_PORT" ]] && ldap_configuration+=" ldapport=${PG_LDAP_PORT}"
|
||||
[[ -n "$PG_LDAP_BASE_DN" ]] && ldap_configuration+=" ldapbasedn=\"${PG_LDAP_BASE_DN}\""
|
||||
[[ -n "$PG_LDAP_BIND_DN" ]] && ldap_configuration+=" ldapbinddn=\"${PG_LDAP_BIND_DN}\""
|
||||
[[ -n "$PG_LDAP_BIND_PASSWORD" ]] && ldap_configuration+=" ldapbindpasswd=${PG_LDAP_BIND_PASSWORD}"
|
||||
[[ -n "$PG_LDAP_SEARCH_ATTR" ]] && ldap_configuration+=" ldapsearchattribute=${PG_LDAP_SEARCH_ATTR}"
|
||||
[[ -n "$PG_LDAP_SEARCH_FILTER" ]] && ldap_configuration+=" ldapsearchfilter=\"${PG_LDAP_SEARCH_FILTER}\""
|
||||
[[ -n "$PG_LDAP_TLS" ]] && ldap_configuration+=" ldaptls=${PG_LDAP_TLS}"
|
||||
[[ -n "$PG_LDAP_SCHEME" ]] && ldap_configuration+=" ldapscheme=${PG_LDAP_SCHEME}"
|
||||
[[ -n "${PG_LDAP_PREFIX}" ]] && ldap_configuration+=" ldapprefix=\"${PG_LDAP_PREFIX}\""
|
||||
[[ -n "${PG_LDAP_SUFFIX}" ]] && ldap_configuration+=" ldapsuffix=\"${PG_LDAP_SUFFIX}\""
|
||||
[[ -n "${PG_LDAP_PORT}" ]] && ldap_configuration+=" ldapport=${PG_LDAP_PORT}"
|
||||
[[ -n "${PG_LDAP_BASE_DN}" ]] && ldap_configuration+=" ldapbasedn=\"${PG_LDAP_BASE_DN}\""
|
||||
[[ -n "${PG_LDAP_BIND_DN}" ]] && ldap_configuration+=" ldapbinddn=\"${PG_LDAP_BIND_DN}\""
|
||||
[[ -n "${PG_LDAP_BIND_PASSWORD}" ]] && ldap_configuration+=" ldapbindpasswd=${PG_LDAP_BIND_PASSWORD}"
|
||||
[[ -n "${PG_LDAP_SEARCH_ATTR}" ]] && ldap_configuration+=" ldapsearchattribute=${PG_LDAP_SEARCH_ATTR}"
|
||||
[[ -n "${PG_LDAP_SEARCH_FILTER}" ]] && ldap_configuration+=" ldapsearchfilter=\"${PG_LDAP_SEARCH_FILTER}\""
|
||||
[[ -n "${PG_LDAP_TLS}" ]] && ldap_configuration+=" ldaptls=${PG_LDAP_TLS}"
|
||||
[[ -n "${PG_LDAP_SCHEME}" ]] && ldap_configuration+=" ldapscheme=${PG_LDAP_SCHEME}"
|
||||
fi
|
||||
|
||||
cat << EOF > "$PG_HBA_FILE"
|
||||
local all all trust
|
||||
host all postgres 0.0.0.0/0 trust
|
||||
host all postgres ::/0 trust
|
||||
host all all 0.0.0.0/0 ldap $ldap_configuration
|
||||
host all all ::/0 ldap $ldap_configuration
|
||||
cat <<-'EOF' > "${PG_HBA_FILE}"
|
||||
local all all trust
|
||||
host all postgres 0.0.0.0/0 trust
|
||||
host all postgres ::/0 trust
|
||||
host all all 0.0.0.0/0 ldap ${ldap_configuration}
|
||||
host all all ::/0 ldap ${ldap_configuration}
|
||||
EOF
|
||||
}
|
||||
|
||||
# 修改 pg_hba.conf 文件,增加主从复制从服务器认证许可
|
||||
# 全局变量:
|
||||
# PG_*
|
||||
postgresql_add_replication_to_pghba() {
|
||||
local replication_auth="trust"
|
||||
if [[ -n "$PG_REPLICATION_PASSWORD" ]]; then
|
||||
replication_auth="md5"
|
||||
fi
|
||||
cat << EOF >> "$PG_HBA_FILE"
|
||||
host replication all 0.0.0.0/0 ${replication_auth}
|
||||
host replication all ::/0 ${replication_auth}
|
||||
cat <<-'EOF' >> "$PG_HBA_FILE"
|
||||
host replication all 0.0.0.0/0 ${replication_auth}
|
||||
host replication all ::/0 ${replication_auth}
|
||||
EOF
|
||||
}
|
||||
|
||||
# 初始化 pg_hba.conf 文件
|
||||
# 全局变量:
|
||||
# PG_*
|
||||
postgresql_password_auth_configuration() {
|
||||
LOG_I "Generating local authentication configuration"
|
||||
cat << EOF > "$PG_HBA_FILE"
|
||||
local all all trust
|
||||
host all all 0.0.0.0/0 trust
|
||||
host all all ::/0 trust
|
||||
cat <<-'EOF' > "$PG_HBA_FILE"
|
||||
local all all trust
|
||||
host all all 0.0.0.0/0 trust
|
||||
host all all ::/0 trust
|
||||
EOF
|
||||
}
|
||||
|
||||
# 使用运行中的 PostgreSQL 服务执行 SQL 操作
|
||||
# 全局变量:
|
||||
# ENV_DEBUG
|
||||
# PG_*
|
||||
# 参数:
|
||||
# $1 - 需要操作的数据库名
|
||||
# $2 - 操作使用的用户名
|
||||
@@ -294,10 +274,11 @@ postgresql_execute() {
|
||||
}
|
||||
|
||||
# 生成初始 postgres.conf 配置
|
||||
# 全局变量:
|
||||
# PG_*
|
||||
postgresql_default_postgresql_config() {
|
||||
LOG_I "Modify postgresql.conf with default values..."
|
||||
|
||||
[ ! -e "${PG_CONF_FILE}" ] && cp -rf "${APP_DEF_DIR}/postgresql.conf.sample" "${PG_CONF_FILE}"
|
||||
|
||||
postgresql_conf_set "wal_level" "hot_standby"
|
||||
postgresql_conf_set "max_wal_size" "400MB"
|
||||
postgresql_conf_set "max_wal_senders" "16"
|
||||
@@ -311,12 +292,10 @@ postgresql_default_postgresql_config() {
|
||||
}
|
||||
|
||||
# 生成初始 pg_hba.conf 配置
|
||||
# 全局变量:
|
||||
# PG_*
|
||||
postgresql_default_hba_config() {
|
||||
LOG_I "Modify pg_hba.conf with default values..."
|
||||
|
||||
if is_boolean_yes "$PG_ENABLE_LDAP"; then
|
||||
if is_boolean_yes "${PG_ENABLE_LDAP:-no}"; then
|
||||
postgresql_ldap_auth_configuration
|
||||
else
|
||||
postgresql_password_auth_configuration
|
||||
@@ -324,8 +303,6 @@ postgresql_default_hba_config() {
|
||||
}
|
||||
|
||||
# 生成初始 pg_hba.conf 配置
|
||||
# 全局变量:
|
||||
# PG_*
|
||||
postgresql_restrict_hba_config() {
|
||||
LOG_I "Modify pg_hba.conf for restrict configs..."
|
||||
|
||||
@@ -336,28 +313,23 @@ postgresql_restrict_hba_config() {
|
||||
}
|
||||
|
||||
# 为 Slava 模式工作的节点创建 recovery.conf 文件
|
||||
# 全局变量:
|
||||
# PG_*
|
||||
postgresql_configure_recovery() {
|
||||
LOG_I "Setting up streaming replication slave..."
|
||||
if (( APP_VERSION >= 12 )); then
|
||||
# 版本为12以上时, Slave 节点配置保存在 postgresql.conf 文件中
|
||||
postgresql_conf_set "primary_conninfo" "host=${PG_MASTER_HOST} port=${PG_MASTER_PORT_NUMBER} user=${PG_REPLICATION_USER} password=${PG_REPLICATION_PASSWORD} application_name=${PG_CLUSTER_APP_NAME}"
|
||||
postgresql_conf_set "promote_trigger_file" "/tmp/postgresql.trigger.${PG_MASTER_PORT_NUMBER}"
|
||||
touch "$PG_DATA_DIR"/standby.signal
|
||||
else
|
||||
# 版本低于12时, Slave 节点配置保存在 recover.conf 文件中
|
||||
cp -f "/usr/share/postgresql/${APP_VERSION}/recovery.conf.sample" "$PG_RECOVERY_FILE"
|
||||
chmod 600 "$PG_RECOVERY_FILE"
|
||||
postgresql_recover_set "standby_mode" "on"
|
||||
postgresql_recover_set "primary_conninfo" "host=${PG_MASTER_HOST} port=${PG_MASTER_PORT_NUMBER} user=${PG_REPLICATION_USER} password=${PG_REPLICATION_PASSWORD} application_name=${PG_CLUSTER_APP_NAME}"
|
||||
postgresql_recover_set "trigger_file" "/tmp/postgresql.trigger.${PG_MASTER_PORT_NUMBER}"
|
||||
fi
|
||||
[ ! -e "${PG_RECOVERY_FILE}" ] && cp -f "${APP_DEF_DIR}/recovery.conf.sample" "${PG_RECOVERY_FILE}"
|
||||
|
||||
# 版本为12以上时, Slave 节点配置保存在 postgresql.conf 文件中
|
||||
postgresql_conf_set "primary_conninfo" "host=${PG_MASTER_HOST} port=${PG_MASTER_PORT_NUMBER} user=${PG_REPLICATION_USER} password=${PG_REPLICATION_PASSWORD} application_name=${PG_CLUSTER_APP_NAME}"
|
||||
postgresql_conf_set "promote_trigger_file" "/tmp/postgresql.trigger.${PG_MASTER_PORT_NUMBER}"
|
||||
touch "$PGDATA"/standby.signal
|
||||
|
||||
# 版本低于12时, Slave 节点配置保存在 recover.conf 文件中
|
||||
#chmod 600 "${PG_RECOVERY_FILE}"
|
||||
#postgresql_recover_set "standby_mode" "on"
|
||||
#postgresql_recover_set "primary_conninfo" "host=${PG_MASTER_HOST} port=${PG_MASTER_PORT_NUMBER} user=${PG_REPLICATION_USER} password=${PG_REPLICATION_PASSWORD} application_name=${PG_CLUSTER_APP_NAME}"
|
||||
#postgresql_recover_set "trigger_file" "/tmp/postgresql.trigger.${PG_MASTER_PORT_NUMBER}"
|
||||
}
|
||||
|
||||
# 为默认的数据库用户 postgres 设置密码
|
||||
# 全局变量:
|
||||
# PG_*
|
||||
# 参数:
|
||||
# $1 - 用户密码
|
||||
postgresql_alter_postgres_user() {
|
||||
@@ -367,8 +339,6 @@ postgresql_alter_postgres_user() {
|
||||
}
|
||||
|
||||
# 为数据库 $PG_DATABASE 创建管理员账户
|
||||
# 全局变量:
|
||||
# PG_*
|
||||
postgresql_create_admin_user() {
|
||||
local -r escaped_password="${PG_PASSWORD//\'/\'\'}"
|
||||
LOG_I "Creating user ${PG_USERNAME}"
|
||||
@@ -379,94 +349,89 @@ postgresql_create_admin_user() {
|
||||
}
|
||||
|
||||
# 为 master-slave 复制模式创建用户
|
||||
# 全局变量:
|
||||
# PG_*
|
||||
postgresql_create_replication_user() {
|
||||
local -r escaped_password="${PG_REPLICATION_PASSWORD//\'/\'\'}"
|
||||
LOG_I "Creating replication user $PG_REPLICATION_USER"
|
||||
LOG_I "Creating replication user ${PG_REPLICATION_USER}"
|
||||
echo "CREATE ROLE \"$PG_REPLICATION_USER\" REPLICATION LOGIN ENCRYPTED PASSWORD '$escaped_password'" | postgresql_execute
|
||||
}
|
||||
|
||||
# 创建用户自定义数据库 $PG_DATABASE
|
||||
# 全局变量:
|
||||
# PG_*
|
||||
postgresql_create_custom_database() {
|
||||
echo "CREATE DATABASE \"$PG_DATABASE\"" | postgresql_execute "" "postgres" "" "localhost"
|
||||
LOG_I "Creating custom database ${PG_DATABASE}"
|
||||
echo "CREATE DATABASE \"${PG_DATABASE}\"" | postgresql_execute "" "postgres" "" "localhost"
|
||||
}
|
||||
|
||||
# 检测用户参数信息是否满足条件; 针对部分权限过于开放情况,打印提示信息
|
||||
# 全局变量:
|
||||
# PG_*
|
||||
app_verify_minimum_env() {
|
||||
local error_code=0
|
||||
LOG_D "Validating settings in PG_* env vars..."
|
||||
|
||||
# Auxiliary functions
|
||||
print_validation_error() {
|
||||
LOG_E "$1"
|
||||
error_code=1
|
||||
}
|
||||
|
||||
empty_password_enabled_warn() {
|
||||
LOG_W "You set the environment variable ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD}. For safety reasons, do not use this flag in a production environment."
|
||||
# 检测认证设置。如果不允许匿名登录,检测登录用户名及密码是否设置
|
||||
empty_password_warn() {
|
||||
LOG_W "You set the environment variable ALLOW_ANONYMOUS_LOGIN=${ALLOW_ANONYMOUS_LOGIN}. For safety reasons, do not use this flag in a production environment."
|
||||
}
|
||||
empty_password_error() {
|
||||
print_validation_error "The $1 environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development."
|
||||
print_validation_error "The $1 environment variable is empty or not set. Set the environment variable ALLOW_ANONYMOUS_LOGIN=yes to allow the container to be started with blank passwords. This is recommended only for development."
|
||||
}
|
||||
if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then
|
||||
empty_password_enabled_warn
|
||||
if is_boolean_yes "${ALLOW_ANONYMOUS_LOGIN}"; then
|
||||
empty_password_warn
|
||||
else
|
||||
if [[ -z "$PG_PASSWORD" ]]; then
|
||||
empty_password_error "PG_PASSWORD"
|
||||
if [[ -z "${PG_PASSWORD}" ]]; then
|
||||
empty_password_error "{PG_PASSWORD}"
|
||||
fi
|
||||
if (( ${#PG_PASSWORD} > 100 )); then
|
||||
print_validation_error "The password cannot be longer than 100 characters. Set the environment variable PG_PASSWORD with a shorter value"
|
||||
fi
|
||||
if [[ -n "$PG_USERNAME" ]] && [[ -z "$PG_PASSWORD" ]]; then
|
||||
empty_password_error "PG_PASSWORD"
|
||||
if [[ -n "${PG_USERNAME}" ]] && [[ -z "${PG_PASSWORD}" ]]; then
|
||||
empty_password_error "{PG_PASSWORD}"
|
||||
fi
|
||||
if [[ -n "$PG_USERNAME" ]] && [[ "$PG_USERNAME" != "postgres" ]] && [[ -n "$PG_PASSWORD" ]] && [[ -z "$PG_DATABASE" ]]; then
|
||||
if [[ -n "${PG_USERNAME}" ]] && [[ "${PG_USERNAME}" != "postgres" ]] && [[ -n "${PG_PASSWORD}" ]] && [[ -z "${PG_DATABASE}" ]]; then
|
||||
print_validation_error "In order to use a custom PostgreSQL user you need to set the environment variable PG_DATABASE as well"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ -n "$PG_REPLICATION_MODE" ]]; then
|
||||
if [[ "$PG_REPLICATION_MODE" = "master" ]]; then
|
||||
if [[ -n "${PG_REPLICATION_MODE}" ]]; then
|
||||
if [[ "${PG_REPLICATION_MODE}" = "master" ]]; then
|
||||
if (( PG_NUM_SYNCHRONOUS_REPLICAS < 0 )); then
|
||||
print_validation_error "The number of synchronous replicas cannot be less than 0. Set the environment variable PG_NUM_SYNCHRONOUS_REPLICAS"
|
||||
fi
|
||||
elif [[ "$PG_REPLICATION_MODE" = "slave" ]]; then
|
||||
if [[ -z "$PG_MASTER_HOST" ]]; then
|
||||
elif [[ "${PG_REPLICATION_MODE}" = "slave" ]]; then
|
||||
if [[ -z "${PG_MASTER_HOST}" ]]; then
|
||||
print_validation_error "Slave replication mode chosen without setting the environment variable PG_MASTER_HOST. Use it to indicate where the Master node is running"
|
||||
fi
|
||||
if [[ -z "$PG_REPLICATION_USER" ]]; then
|
||||
if [[ -z "${PG_REPLICATION_USER}" ]]; then
|
||||
print_validation_error "Slave replication mode chosen without setting the environment variable PG_REPLICATION_USER. Make sure that the master also has this parameter set"
|
||||
fi
|
||||
else
|
||||
print_validation_error "Invalid replication mode. Available options are 'master/slave'"
|
||||
fi
|
||||
# Common replication checks
|
||||
if [[ -n "$PG_REPLICATION_USER" ]] && [[ -z "$PG_REPLICATION_PASSWORD" ]]; then
|
||||
empty_password_error "PG_REPLICATION_PASSWORD"
|
||||
if [[ -n "${PG_REPLICATION_USER}" ]] && [[ -z "${PG_REPLICATION_PASSWORD}" ]]; then
|
||||
empty_password_error "{PG_REPLICATION_PASSWORD}"
|
||||
fi
|
||||
else
|
||||
if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then
|
||||
empty_password_enabled_warn
|
||||
if is_boolean_yes "${ALLOW_ANONYMOUS_LOGIN}"; then
|
||||
empty_password_warn
|
||||
else
|
||||
if [[ -z "$PG_PASSWORD" ]]; then
|
||||
empty_password_error "PG_PASSWORD"
|
||||
if [[ -z "${PG_PASSWORD}" ]]; then
|
||||
empty_password_error "{PG_PASSWORD}"
|
||||
fi
|
||||
if [[ -n "$PG_USERNAME" ]] && [[ -z "$PG_PASSWORD" ]]; then
|
||||
empty_password_error "PG_PASSWORD"
|
||||
if [[ -n "${PG_USERNAME}" ]] && [[ -z "${PG_PASSWORD}" ]]; then
|
||||
empty_password_error "{PG_PASSWORD}"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
if ! is_yes_no_value "$PG_ENABLE_LDAP"; then
|
||||
if ! is_yes_no_value "${PG_ENABLE_LDAP}"; then
|
||||
empty_password_error "The values allowed for PG_ENABLE_LDAP are: yes or no"
|
||||
fi
|
||||
|
||||
if is_boolean_yes "$PG_ENABLE_LDAP" && [[ -n "$PG_LDAP_URL" ]] && [[ -n "$PG_LDAP_SERVER" ]]; then
|
||||
if is_boolean_yes "${PG_ENABLE_LDAP}" && [[ -n "${PG_LDAP_URL}" ]] && [[ -n "${PG_LDAP_SERVER}" ]]; then
|
||||
empty_password_error "You can not set PG_LDAP_URL and PG_LDAP_SERVER at the same time. Check your LDAP configuration."
|
||||
fi
|
||||
|
||||
@@ -475,14 +440,11 @@ app_verify_minimum_env() {
|
||||
|
||||
# 更改默认监听地址为 "*" 或 "0.0.0.0",以对容器外提供服务;默认配置文件应当为仅监听 localhost(127.0.0.1)
|
||||
app_enable_remote_connections() {
|
||||
LOG_D "Modify default config to enable all IP access"
|
||||
LOG_I "Modify default config to enable all IP access"
|
||||
postgresql_conf_set "listen_addresses" "*"
|
||||
}
|
||||
|
||||
# 以后台方式启动应用服务,并等待启动就绪
|
||||
# 全局变量:
|
||||
# PG_*
|
||||
# ENV_DEBUG
|
||||
app_start_server_bg() {
|
||||
is_app_server_running && return
|
||||
|
||||
@@ -491,79 +453,82 @@ app_start_server_bg() {
|
||||
# -D location of the database storage area
|
||||
# -l write (or append) server log to FILENAME
|
||||
# -o command line options to pass to postgres or initdb
|
||||
local -r pg_ctl_flags=("-W" "-D" "$PG_DATA_DIR" "-l" "$PG_LOG_FILE" "-o" "--config-file=$PG_CONF_FILE --external_pid_file=$PG_PID_FILE --hba_file=$PG_HBA_FILE")
|
||||
# --config-file 指定配置文件
|
||||
# --external_pid_file 指定 PID 文件,在配置文件中已定义
|
||||
# --hba_file 指定 HBA 文件,在配置文件中已定义
|
||||
local -r pg_ctl_flags=("-W" "-D" "${PGDATA}" "-o" "--config-file=${PG_CONF_FILE} --external_pid_file=${PG_PID_FILE} --hba_file=${PG_HBA_FILE}")
|
||||
LOG_I "Starting ${APP_NAME} in background..."
|
||||
local pg_ctl_cmd=(pg_ctl)
|
||||
if is_boolean_yes "${ENV_DEBUG}"; then
|
||||
"${pg_ctl_cmd[@]}" "start" "${pg_ctl_flags[@]}"
|
||||
else
|
||||
"${pg_ctl_cmd[@]}" "start" "${pg_ctl_flags[@]}" >/dev/null 2>&1
|
||||
"${pg_ctl_cmd[@]}" "start" "${pg_ctl_flags[@]}" "-s" >/dev/null 2>&1
|
||||
fi
|
||||
|
||||
local -r check_args=("-h" "localhost" "-p" "${PG_PORT_NUMBER}" "-U" "postgres")
|
||||
local check_cmd=(pg_isready)
|
||||
local counter=$PG_INIT_MAX_TIMEOUT
|
||||
local counter=${PG_INIT_MAX_TIMEOUT}
|
||||
# 通过命令或特定端口检测应用是否就绪
|
||||
LOG_I "Checking ${APP_NAME} ready status..."
|
||||
while ! PGPASSWORD=$PG_REPLICATION_PASSWORD "${check_cmd[@]}" "${check_args[@]}" >/dev/null 2>&1; do
|
||||
while ! PGPASSWORD=${PG_PASSWORD} "${check_cmd[@]}" "${check_args[@]}" "-q" >/dev/null 2>&1; do
|
||||
sleep 1
|
||||
counter=$(( counter - 1 ))
|
||||
if (( counter <= 0 )); then
|
||||
LOG_E "PostgreSQL is not ready after $PG_INIT_MAX_TIMEOUT seconds"
|
||||
LOG_E "PostgreSQL is not ready after ${PG_INIT_MAX_TIMEOUT} seconds"
|
||||
exit 1
|
||||
fi
|
||||
LOG_D "PostgreSQL is not ready now: ${counter}"
|
||||
done
|
||||
LOG_D "${APP_NAME} is ready for service..."
|
||||
LOG_D "${APP_NAME} is ready for service"
|
||||
}
|
||||
|
||||
# 停止应用后台服务
|
||||
# 全局变量:
|
||||
# PG_PID_FILE
|
||||
app_stop_server() {
|
||||
is_app_server_running || return
|
||||
# 停止应用服务
|
||||
app_stop_server_bg() {
|
||||
if is_app_server_running ; then
|
||||
LOG_I "Stopping background ${APP_NAME}..."
|
||||
|
||||
if is_boolean_yes "${ENV_DEBUG}"; then
|
||||
PGUSER="${PG_USERNAME}" pg_ctl -D "${PGDATA}" -m fast -w stop "-s"
|
||||
else
|
||||
PGUSER="${PG_USERNAME}" pg_ctl -D "${PGDATA}" -m fast -w stop "-s" >/dev/null 2>&1
|
||||
fi
|
||||
fi
|
||||
|
||||
LOG_I "Stopping ${APP_NAME}..."
|
||||
stop_service_using_pid "$PG_PID_FILE"
|
||||
# 使用 PID 文件 kill 进程
|
||||
#stop_service_using_pid "${PG_PID_FILE}"
|
||||
}
|
||||
|
||||
# 检测应用服务是否在后台运行中
|
||||
# 全局变量:
|
||||
# PG_PID_FILE
|
||||
# 返回值:
|
||||
# 布尔值
|
||||
is_app_server_running() {
|
||||
local pid
|
||||
pid="$(get_pid_from_file "$PG_PID_FILE")"
|
||||
LOG_D "Check if ${APP_NAME} is running..."
|
||||
|
||||
if [[ -z "$pid" ]]; then
|
||||
LOG_D "${APP_NAME} is Stopped..."
|
||||
local pid
|
||||
pid="$(get_pid_from_file "${PG_PID_FILE}")"
|
||||
|
||||
if [[ -z "${pid}" ]]; then
|
||||
false
|
||||
else
|
||||
LOG_D "${APP_NAME} is Running..."
|
||||
is_service_running "$pid"
|
||||
is_service_running "${pid}"
|
||||
fi
|
||||
}
|
||||
|
||||
# 清理初始化应用时生成的临时文件
|
||||
app_clean_tmp_file() {
|
||||
LOG_D "Clean ${APP_NAME} tmp files..."
|
||||
LOG_D "Clean ${APP_NAME} tmp files for init..."
|
||||
|
||||
rm -rf "${PG_LOG_FILE}"
|
||||
rm -rf "${PG_LOG_FILE}" "${PG_PID_FILE}" "${PGDATA}/standby.signal" "${PGDATA}/recovery.signal"
|
||||
}
|
||||
|
||||
# 在重新启动容器时,删除标志文件及必须删除的临时文件 (容器重新启动)
|
||||
# 全局变量:
|
||||
# APP_*
|
||||
# PG_*
|
||||
app_clean_from_restart() {
|
||||
LOG_D "Delete temp files when restart container"
|
||||
LOG_D "Clean ${APP_NAME} tmp files for restart..."
|
||||
local -r -a files=(
|
||||
"$PG_DATA_DIR"/postmaster.pid
|
||||
"$PG_DATA_DIR"/standby.signal
|
||||
"$PG_DATA_DIR"/recovery.signal
|
||||
"$PG_PID_FILE"
|
||||
"${PGDATA}/postmaster.pid"
|
||||
"${PGDATA}/standby.signal"
|
||||
"${PGDATA}/recovery.signal"
|
||||
)
|
||||
|
||||
for file in "${files[@]}"; do
|
||||
for file in ${files[@]}; do
|
||||
if [[ -f "$file" ]]; then
|
||||
LOG_I "Cleaning stale $file file"
|
||||
rm "$file"
|
||||
@@ -573,48 +538,54 @@ app_clean_from_restart() {
|
||||
|
||||
# 应用默认初始化操作
|
||||
# 执行完毕后,生成文件 ${APP_CONF_DIR}/.app_init_flag 及 ${APP_DATA_DIR}/.data_init_flag 文件
|
||||
docker_app_init() {
|
||||
app_default_init() {
|
||||
app_clean_from_restart
|
||||
LOG_D "Check init status of ${APP_NAME}..."
|
||||
|
||||
if [[ ! -f "${APP_DATA_DIR}/.data_init_flag" ]]; then
|
||||
if [[ "${PG_REPLICATION_MODE}" = "master" ]]; then
|
||||
postgresql_master_init_db
|
||||
else
|
||||
postgresql_slave_init_db
|
||||
fi
|
||||
fi
|
||||
|
||||
# 检测配置文件是否存在
|
||||
if [[ ! -f "${APP_CONF_DIR}/.app_init_flag" ]]; then
|
||||
LOG_I "No injected configuration file found, creating default config files..."
|
||||
postgresql_default_postgresql_config
|
||||
postgresql_default_hba_config
|
||||
|
||||
if [[ "$PG_REPLICATION_MODE" = "master" ]]; then
|
||||
[[ -n "$PG_REPLICATION_USER" ]] && postgresql_add_replication_to_pghba
|
||||
if [[ "${PG_REPLICATION_MODE}" = "master" ]]; then
|
||||
[[ -n "${PG_REPLICATION_USER}" ]] && postgresql_add_replication_to_pghba
|
||||
else
|
||||
postgresql_configure_recovery
|
||||
fi
|
||||
|
||||
touch ${APP_CONF_DIR}/.app_init_flag
|
||||
echo "$(date '+%Y-%m-%d %H:%M:%S') : Init success." >> ${APP_CONF_DIR}/.app_init_flag
|
||||
touch "${APP_CONF_DIR}/.app_init_flag"
|
||||
echo "$(date '+%Y-%m-%d %H:%M:%S') : Init success." >> "${APP_CONF_DIR}/.app_init_flag"
|
||||
else
|
||||
LOG_I "User injected custom configuration detected!"
|
||||
fi
|
||||
|
||||
if [[ ! -f "${APP_DATA_DIR}/.data_init_flag" ]]; then
|
||||
LOG_I "Deploying ${APP_NAME} from scratch..."
|
||||
if [[ "$PG_REPLICATION_MODE" = "master" ]]; then
|
||||
postgresql_master_init_db
|
||||
app_start_server_bg
|
||||
[[ "$PG_DATABASE" != "postgres" ]] && postgresql_create_custom_database
|
||||
if [[ "${PG_REPLICATION_MODE}" = "master" ]]; then
|
||||
# 检测服务是否运行中如果未运行,则启动后台服务
|
||||
is_app_server_running || app_start_server_bg
|
||||
[[ "${PG_DATABASE}" != "postgres" ]] && postgresql_create_custom_database
|
||||
|
||||
# 为数据库授权;默认用户不为 postgres 时,需要创建管理员账户
|
||||
LOG_D "Set password for postgres user"
|
||||
if [[ "$PG_USERNAME" = "postgres" ]]; then
|
||||
[[ -n "$PG_PASSWORD" ]] && postgresql_alter_postgres_user "$PG_PASSWORD"
|
||||
if [[ "${PG_USERNAME}" = "postgres" ]]; then
|
||||
[[ -n "${PG_PASSWORD}" ]] && postgresql_alter_postgres_user "${PG_PASSWORD}"
|
||||
else
|
||||
if [[ -n "$PG_POSTGRES_PASSWORD" ]]; then
|
||||
postgresql_alter_postgres_user "$PG_POSTGRES_PASSWORD"
|
||||
if [[ -n "${PG_POSTGRES_PASSWORD}" ]]; then
|
||||
postgresql_alter_postgres_user "${PG_POSTGRES_PASSWORD}"
|
||||
fi
|
||||
postgresql_create_admin_user
|
||||
fi
|
||||
[[ -n "$PG_REPLICATION_USER" ]] && postgresql_create_replication_user
|
||||
else
|
||||
postgresql_slave_init_db
|
||||
[[ -n "${PG_REPLICATION_USER}" ]] && postgresql_create_replication_user
|
||||
fi
|
||||
|
||||
touch ${APP_DATA_DIR}/.data_init_flag
|
||||
@@ -626,7 +597,7 @@ docker_app_init() {
|
||||
|
||||
# 用户自定义的前置初始化操作,依次执行目录 preinitdb.d 中的初始化脚本
|
||||
# 执行完毕后,生成文件 ${APP_DATA_DIR}/.custom_preinit_flag
|
||||
docker_custom_preinit() {
|
||||
app_custom_preinit() {
|
||||
LOG_D "Check custom pre-init status of ${APP_NAME}..."
|
||||
|
||||
# 检测用户配置文件目录是否存在 preinitdb.d 文件夹,如果存在,尝试执行目录中的初始化脚本
|
||||
@@ -637,20 +608,25 @@ docker_custom_preinit() {
|
||||
LOG_I "Process custom pre-init scripts from /srv/conf/${APP_NAME}/preinitdb.d..."
|
||||
|
||||
# 检索所有可执行脚本,排序后执行
|
||||
find "/srv/conf/${APP_NAME}/preinitdb.d/" -type f -regex ".*\.\(sh\)" | sort | docker_process_init_files
|
||||
find "/srv/conf/${APP_NAME}/preinitdb.d/" -type f -regex ".*\.\(sh\)" | sort | process_init_files
|
||||
|
||||
touch ${APP_DATA_DIR}/.custom_preinit_flag
|
||||
echo "$(date '+%Y-%m-%d %H:%M:%S') : Init success." >> ${APP_DATA_DIR}/.custom_preinit_flag
|
||||
touch "${APP_DATA_DIR}/.custom_preinit_flag"
|
||||
echo "$(date '+%Y-%m-%d %H:%M:%S') : Init success." >> "${APP_DATA_DIR}/.custom_preinit_flag"
|
||||
LOG_I "Custom preinit for ${APP_NAME} complete."
|
||||
else
|
||||
LOG_I "Custom preinit for ${APP_NAME} already done before, skipping initialization."
|
||||
fi
|
||||
fi
|
||||
|
||||
# 检测依赖的服务是否就绪
|
||||
#for i in ${SERVICE_PRECONDITION[@]}; do
|
||||
# app_wait_service "${i}"
|
||||
#done
|
||||
}
|
||||
|
||||
# 用户自定义的应用初始化操作,依次执行目录initdb.d中的初始化脚本
|
||||
# 执行完毕后,生成文件 ${APP_DATA_DIR}/.custom_init_flag
|
||||
docker_custom_init() {
|
||||
app_custom_init() {
|
||||
LOG_D "Check custom init status of ${APP_NAME}..."
|
||||
|
||||
# 检测用户配置文件目录是否存在 initdb.d 文件夹,如果存在,尝试执行目录中的初始化脚本
|
||||
@@ -660,7 +636,8 @@ docker_custom_init() {
|
||||
[[ ! -f "${APP_DATA_DIR}/.custom_init_flag" ]]; then
|
||||
LOG_I "Process custom init scripts from /srv/conf/${APP_NAME}/initdb.d..."
|
||||
|
||||
app_start_server_bg
|
||||
# 检测服务是否运行中;如果未运行,则启动后台服务
|
||||
is_app_server_running || app_start_server_bg
|
||||
|
||||
# 检索所有可执行脚本,排序后执行
|
||||
find "/srv/conf/${APP_NAME}/initdb.d/" -type f -regex ".*\.\(sh\|sql\|sql.gz\)" | sort | while read -r f; do
|
||||
@@ -678,16 +655,16 @@ docker_custom_init() {
|
||||
esac
|
||||
done
|
||||
|
||||
touch ${APP_DATA_DIR}/.custom_init_flag
|
||||
echo "$(date '+%Y-%m-%d %H:%M:%S') : Init success." >> ${APP_DATA_DIR}/.custom_init_flag
|
||||
touch "${APP_DATA_DIR}/.custom_init_flag"
|
||||
echo "$(date '+%Y-%m-%d %H:%M:%S') : Init success." >> "${APP_DATA_DIR}/.custom_init_flag"
|
||||
LOG_I "Custom init for ${APP_NAME} complete."
|
||||
else
|
||||
LOG_I "Custom init for ${APP_NAME} already done before, skipping initialization."
|
||||
fi
|
||||
fi
|
||||
|
||||
# 停止初始化时启动的后台服务
|
||||
is_app_server_running && app_stop_server
|
||||
# 检测服务是否运行中;如果运行,则停止后台服务
|
||||
app_stop_server_bg
|
||||
|
||||
# 删除第一次运行生成的临时文件
|
||||
app_clean_tmp_file
|
||||
@@ -700,16 +677,12 @@ docker_custom_init() {
|
||||
}
|
||||
|
||||
# 初始化 Master 节点数据库
|
||||
# 全局变量:
|
||||
# PG_*
|
||||
# 返回值:
|
||||
# 布尔值
|
||||
postgresql_master_init_db() {
|
||||
if ! is_dir_empty "$PG_DATA_DIR"; then
|
||||
LOG_E "Directory ${PG_DATA_DIR} exists but is not empty,"
|
||||
if ! is_dir_empty "${PGDATA}"; then
|
||||
LOG_E "Directory ${PGDATA} exists but is not empty,"
|
||||
LOG_E "If you want to create a new database system, either remove or empty"
|
||||
LOG_E "the directory ${PG_DATA_DIR}, or run initdb"
|
||||
LOG_E "with an argument other than ${PG_DATA_DIR}."
|
||||
LOG_E "the directory ${PGDATA}, or run initdb"
|
||||
LOG_E "with an argument other than ${PGDATA}."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
@@ -718,11 +691,11 @@ postgresql_master_init_db() {
|
||||
local envExtraFlags=()
|
||||
local initdb_args=()
|
||||
if [[ -n "${PG_INITDB_ARGS}" ]]; then
|
||||
read -r -a envExtraFlags <<< "$PG_INITDB_ARGS"
|
||||
read -r -a envExtraFlags <<< "${PG_INITDB_ARGS}"
|
||||
initdb_args+=("${envExtraFlags[@]}")
|
||||
fi
|
||||
#initdb+=("-o" "--config-file=$PG_CONF_FILE --external_pid_file=$PG_PID_FILE --hba_file=$PG_HBA_FILE")
|
||||
initdb_args+=("--waldir=$APP_DATA_LOG_DIR")
|
||||
#initdb+=("-o" "--config-file=${PG_CONF_FILE} --external_pid_file=${PG_PID_FILE} --hba_file=${PG_HBA_FILE}")
|
||||
initdb_args+=("--waldir=${PG_INITDB_WAL_DIR}")
|
||||
|
||||
local initdb_cmd=(initdb)
|
||||
|
||||
@@ -733,47 +706,44 @@ postgresql_master_init_db() {
|
||||
fi
|
||||
|
||||
if is_boolean_yes "${ENV_DEBUG}"; then
|
||||
"${initdb_cmd[@]}" -E UTF8 -D "$PG_DATA_DIR" -U "postgres" "${initdb_args[@]}"
|
||||
"${initdb_cmd[@]}" -E UTF8 -D "${PGDATA}" -U "postgres" "${initdb_args[@]}"
|
||||
else
|
||||
"${initdb_cmd[@]}" -E UTF8 -D "$PG_DATA_DIR" -U "postgres" "${initdb_args[@]}" >/dev/null 2>&1
|
||||
"${initdb_cmd[@]}" -E UTF8 -D "${PGDATA}" -U "postgres" "${initdb_args[@]}" >/dev/null 2>&1
|
||||
fi
|
||||
|
||||
postgresql_disable_nss_wrapper
|
||||
}
|
||||
|
||||
# 初始化 Slave 节点数据库
|
||||
# 全局变量:
|
||||
# PG_*
|
||||
# 返回值:
|
||||
# 布尔值
|
||||
postgresql_slave_init_db() {
|
||||
LOG_I "Waiting for replication master to accept connections (${PG_INIT_MAX_TIMEOUT} seconds)..."
|
||||
local -r check_args=("-U" "$PG_REPLICATION_USER" "-h" "$PG_MASTER_HOST" "-p" "$PG_MASTER_PORT_NUMBER" "-d" "postgres")
|
||||
local -r check_args=("-U" "${PG_REPLICATION_USER}" "-h" "${PG_MASTER_HOST}" "-p" "${PG_MASTER_PORT_NUMBER}" "-d" "${PG_DATABASE}")
|
||||
local check_cmd=(pg_isready)
|
||||
local ready_counter=$PG_INIT_MAX_TIMEOUT
|
||||
local ready_counter=${PG_INIT_MAX_TIMEOUT}
|
||||
|
||||
while ! PGPASSWORD=$PG_REPLICATION_PASSWORD "${check_cmd[@]}" "${check_args[@]}" >/dev/null 2>&1;do
|
||||
while ! PGPASSWORD=${PG_REPLICATION_PASSWORD} "${check_cmd[@]}" "${check_args[@]}" >/dev/null 2>&1;do
|
||||
sleep 1
|
||||
ready_counter=$(( ready_counter - 1 ))
|
||||
if (( ready_counter <= 0 )); then
|
||||
LOG_E "PostgreSQL master is not ready after $PG_INIT_MAX_TIMEOUT seconds"
|
||||
LOG_E "PostgreSQL master is not ready after ${PG_INIT_MAX_TIMEOUT} seconds"
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
|
||||
LOG_I "Replicating the database from node master..."
|
||||
#local -r backup_args=("-D" "$PG_DATA_DIR" -d "hostaddr=$PG_MASTER_HOST port=$PG_MASTER_PORT_NUMBER user=$PG_REPLICATION_USER password=$PG_REPLICATION_PASSWORD" -v -Fp -Xs
|
||||
local -r backup_args=("-D" "$PG_DATA_DIR" "-U" "$PG_REPLICATION_USER" "-h" "$PG_MASTER_HOST" "-p" "$PG_MASTER_PORT_NUMBER" "-X" "stream" "-w" "-v" "-P")
|
||||
#local -r backup_args=("-D" "$PGDATA" -d "hostaddr=$PG_MASTER_HOST port=$PG_MASTER_PORT_NUMBER user=$PG_REPLICATION_USER password=$PG_REPLICATION_PASSWORD" -v -Fp -Xs
|
||||
local -r backup_args=("-D" "${PGDATA}" "-U" "${PG_REPLICATION_USER}" "-h" "${PG_MASTER_HOST}" "-p" "${PG_MASTER_PORT_NUMBER}" "-X" "stream" "-w" "-v" "-P")
|
||||
local backup_cmd=(pg_basebackup)
|
||||
local replication_counter=$PG_INIT_MAX_TIMEOUT
|
||||
|
||||
while ! PGPASSWORD=$PG_REPLICATION_PASSWORD "${backup_cmd[@]}" "${backup_args[@]}";do
|
||||
while ! PGPASSWORD=${PG_REPLICATION_PASSWORD} "${backup_cmd[@]}" "${backup_args[@]}";do
|
||||
LOG_D "Backup command failed. Sleeping and trying again"
|
||||
sleep 1
|
||||
replication_counter=$(( replication_counter - 1 ))
|
||||
if (( replication_counter <= 0 )); then
|
||||
LOG_E "Slave replication failed after trying for $PG_INIT_MAX_TIMEOUT seconds"
|
||||
LOG_E "Slave replication failed after trying for ${PG_INIT_MAX_TIMEOUT} seconds"
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
|
||||
Executable
+36
@@ -0,0 +1,36 @@
|
||||
#!/bin/bash
|
||||
# Ver: 1.0 by Endial Fang (endial@126.com)
|
||||
#
|
||||
# 容器入口脚本
|
||||
|
||||
# 设置 shell 执行参数,可使用'-'(打开)'+'(关闭)控制。常用:
|
||||
# -e: 命令执行错误则报错; -u: 变量未定义则报错; -x: 打印实际待执行的命令行; -o pipefail: 设置管道中命令遇到失败则报错
|
||||
set -eu
|
||||
set -o pipefail
|
||||
|
||||
. /usr/local/bin/appcommon.sh # 应用专用函数库
|
||||
|
||||
eval "$(app_env)"
|
||||
LOG_I "** Processing entry.sh **"
|
||||
|
||||
if ! is_sourced; then
|
||||
# 替换命令行中的变量
|
||||
set -- $(eval echo "$@")
|
||||
|
||||
[ "${1:0:1}" = '-' ] && set -- "${APP_EXEC:-}" "$@"
|
||||
|
||||
print_image_welcome
|
||||
print_command_help "$@"
|
||||
|
||||
if [ "$1" = "${APP_EXEC}" ] && is_root; then
|
||||
/usr/local/bin/setup.sh
|
||||
|
||||
LOG_I "Restart with non-root user: ${APP_USER}\n"
|
||||
exec gosu "${APP_USER}" "$0" "$@"
|
||||
fi
|
||||
|
||||
[ "$1" = "${APP_EXEC}" ] && /usr/local/bin/init.sh
|
||||
|
||||
LOG_I "Start container with command: $@"
|
||||
exec tini -- "$@"
|
||||
fi
|
||||
@@ -1,117 +0,0 @@
|
||||
#!/bin/bash
|
||||
# Ver: 1.0 by Endial Fang (endial@126.com)
|
||||
#
|
||||
# 容器入口脚本
|
||||
|
||||
# 设置遇到执行错误则退出执行
|
||||
set -o errexit
|
||||
# 设置脚本遇到未初始化或声明的变量退出执行
|
||||
set -o nounset
|
||||
# 设置遇到管道命令失败则退出执行
|
||||
set -o pipefail
|
||||
# 设置调试信息输出,及命令在执行前先打印命令执行前的命令内容
|
||||
# set -o xtrace
|
||||
|
||||
# 加载依赖脚本
|
||||
#. /usr/local/scripts/liblog.sh # 日志输出函数库
|
||||
#. /usr/local/scripts/libcommon.sh # 通用函数库
|
||||
. /usr/local/bin/appcommon.sh # 应用专用函数库
|
||||
|
||||
LOG_D "Process entrypoint.sh..."
|
||||
|
||||
# 初始化环境变量。 docker_app_env()函数在文件 appcommon.sh 中定义
|
||||
eval "$(docker_app_env)"
|
||||
|
||||
# 定义容器中使用的默认目录(未定义时设置默认值为空"")
|
||||
APP_DIRS="${APP_CONF_DIR:-} ${APP_DATA_DIR:-} ${APP_LOG_DIR:-} ${APP_CERT_DIR:-} ${APP_DATA_LOG_DIR:-}"
|
||||
|
||||
APP_DIRS="${APP_DIRS} ${PG_DATA_DIR}"
|
||||
|
||||
# 打印镜像欢迎信息
|
||||
docker_print_welcome
|
||||
|
||||
#postgresql_enable_nss_wrapper
|
||||
|
||||
# 检测数据卷中相关目录,创建默认的关联目录,并拷贝所必须的默认配置文件及初始化文件
|
||||
# 全局变量:
|
||||
# APP_*
|
||||
docker_ensure_dir_and_configs() {
|
||||
_is_restart && return
|
||||
|
||||
local user_id; user_id="$(id -u)"
|
||||
|
||||
LOG_D "Check directories..."
|
||||
for dir in ${APP_DIRS}; do
|
||||
LOG_D " Check $dir"
|
||||
ensure_dir_exists "$dir"
|
||||
done
|
||||
|
||||
# 检测指定文件是否在配置文件存储目录存在,如果不存在则拷贝(新挂载数据卷、手动删除都会导致不存在)
|
||||
LOG_D "Check config files..."
|
||||
if [[ ! -z "$(ls -A "${APP_DEF_DIR}")" ]]; then
|
||||
ensure_config_file_exist "${APP_DEF_DIR}" $(ls -A "${APP_DEF_DIR}")
|
||||
fi
|
||||
}
|
||||
|
||||
_main() {
|
||||
# 替换命令行中的变量
|
||||
set -- $(eval echo "$@")
|
||||
|
||||
# 如果命令行参数是以配置参数("-")开始,修改执行命令,确保使用可执行应用命令启动服务器
|
||||
if [ "${1:0:1}" = '-' ]; then
|
||||
set -- "${APP_EXEC}" "$@"
|
||||
fi
|
||||
|
||||
# 命令行参数以可执行应用命令起始,且不包含直接返回的命令(如:-V、--version、--help)时,执行初始化操作
|
||||
if [ "$1" = "${APP_EXEC}" ] && ! docker_command_help "$@"; then
|
||||
# 检测启动容器时设置的环境变量是否有效
|
||||
app_verify_minimum_env
|
||||
|
||||
# 检测应用需要使用的目录及配置文件是否存在
|
||||
docker_ensure_dir_and_configs
|
||||
|
||||
# 以root用户运行时,会使用gosu重新以"APP_USER"用户运行当前脚本
|
||||
if _is_run_as_root; then
|
||||
LOG_D "Change permissions when run as root"
|
||||
|
||||
# 以root用户启动时,修改相应目录的所属用户信息为 APP_USER ,确保切换用户时,权限正常
|
||||
for dir in ${APP_DIRS}; do
|
||||
chmod 755 ${dir}
|
||||
configure_permissions_ownership "$dir" -u "${APP_USER}" -g "${APP_USER}"
|
||||
:
|
||||
done
|
||||
|
||||
# 解决 PostgreSQL 目录权限过于开放,无法初始化问题:FATAL: data directory "/srv/data/postgresql" has group or world access
|
||||
LOG_D "Lack of permissions on data directory: ${PG_DATA_DIR}"
|
||||
chmod 0700 ${PG_DATA_DIR}
|
||||
|
||||
# 解决使用gosu后,nginx: [emerg] open() "/dev/stdout" failed (13: Permission denied)
|
||||
LOG_D "Change permissions of stdout/stderr to 0622"
|
||||
chmod 0622 /dev/stdout /dev/stderr
|
||||
|
||||
LOG_I ""
|
||||
LOG_I "Restart container with default user: ${APP_USER}"
|
||||
LOG_I " command: $@"
|
||||
export RESTART_FLAG=1
|
||||
exec gosu "${APP_USER}" "$0" "$@"
|
||||
fi
|
||||
|
||||
# 执行应用预初始化操作
|
||||
docker_custom_preinit
|
||||
|
||||
# 执行应用初始化操作
|
||||
docker_app_init
|
||||
|
||||
# 执行用户自定义初始化脚本
|
||||
docker_custom_init
|
||||
fi
|
||||
|
||||
LOG_I "Start container with command: $@"
|
||||
# 执行命令行。
|
||||
exec "$@"
|
||||
}
|
||||
|
||||
# 脚本入口命令
|
||||
if ! _is_sourced; then
|
||||
_main "$@"
|
||||
fi
|
||||
Executable
+25
@@ -0,0 +1,25 @@
|
||||
#!/bin/bash
|
||||
# Ver: 1.0 by Endial Fang (endial@126.com)
|
||||
#
|
||||
# 应用初始化脚本
|
||||
|
||||
# 设置 shell 执行参数,可使用'-'(打开)'+'(关闭)控制。常用:
|
||||
# -e: 命令执行错误则报错; -u: 变量未定义则报错; -x: 打印实际待执行的命令行; -o pipefail: 设置管道中命令遇到失败则报错
|
||||
set -eu
|
||||
set -o pipefail
|
||||
|
||||
. /usr/local/bin/appcommon.sh # 应用专用函数库
|
||||
|
||||
eval "$(app_env)"
|
||||
LOG_I "** Processing init.sh **"
|
||||
|
||||
# 执行应用预初始化操作
|
||||
app_custom_preinit
|
||||
|
||||
# 执行应用初始化操作
|
||||
app_default_init
|
||||
|
||||
# 执行用户自定义初始化脚本
|
||||
app_custom_init
|
||||
|
||||
LOG_I "** Processing init.sh finished! **"
|
||||
Executable
+25
@@ -0,0 +1,25 @@
|
||||
#!/bin/bash
|
||||
# Ver: 1.0 by Endial Fang (endial@126.com)
|
||||
#
|
||||
# 应用启动脚本
|
||||
|
||||
# 设置 shell 执行参数,可使用'-'(打开)'+'(关闭)控制。常用:
|
||||
# -e: 命令执行错误则报错; -u: 变量未定义则报错; -x: 打印实际待执行的命令行; -o pipefail: 设置管道中命令遇到失败则报错
|
||||
set -eu
|
||||
set -o pipefail
|
||||
|
||||
. /usr/local/bin/appcommon.sh # 应用专用函数库
|
||||
|
||||
eval "$(app_env)"
|
||||
LOG_I "** Processing run.sh **"
|
||||
|
||||
flags=("${APP_CONF_FILE:-}")
|
||||
[[ -z "${APP_EXTRA_FLAGS:-}" ]] || flags=("${flags[@]}" "${APP_EXTRA_FLAGS[@]}")
|
||||
START_COMMAND=("${APP_EXEC}" "${flags[@]}")
|
||||
|
||||
LOG_I "** Starting ${APP_NAME} **"
|
||||
if is_root; then
|
||||
exec gosu "${APP_USER}" tini -s -- "${START_COMMAND[@]}"
|
||||
else
|
||||
exec tini -s -- "${START_COMMAND[@]}"
|
||||
fi
|
||||
Executable
+44
@@ -0,0 +1,44 @@
|
||||
#!/bin/bash
|
||||
# Ver: 1.0 by Endial Fang (endial@126.com)
|
||||
#
|
||||
# 应用环境及依赖文件设置脚本
|
||||
|
||||
# 设置 shell 执行参数,可使用'-'(打开)'+'(关闭)控制。常用:
|
||||
# -e: 命令执行错误则报错; -u: 变量未定义则报错; -x: 打印实际待执行的命令行; -o pipefail: 设置管道中命令遇到失败则报错
|
||||
set -eu
|
||||
set -o pipefail
|
||||
|
||||
. /usr/local/bin/appcommon.sh # 应用专用函数库
|
||||
|
||||
eval "$(app_env)"
|
||||
LOG_I "** Processing setup.sh **"
|
||||
|
||||
APP_DIRS="${APP_CONF_DIR:-} ${APP_DATA_DIR:-} ${APP_LOG_DIR:-} ${APP_CERT_DIR:-} ${APP_DATA_LOG_DIR:-}"
|
||||
APP_DIRS="${APP_DIRS} ${PGDATA}"
|
||||
|
||||
for dir in ${APP_DIRS}; do
|
||||
ensure_dir_exists ${dir}
|
||||
done
|
||||
|
||||
app_verify_minimum_env
|
||||
|
||||
# 检测指定文件是否在配置文件存储目录存在,如果不存在则拷贝(新挂载数据卷、手动删除都会导致不存在)
|
||||
LOG_I "Check config files in: ${APP_CONF_DIR}"
|
||||
if [[ ! -z "$(ls -A "${APP_DEF_DIR}")" ]]; then
|
||||
# ensure_config_file_exist "${APP_DEF_DIR}" $(ls -A "${APP_DEF_DIR}")
|
||||
:
|
||||
fi
|
||||
|
||||
for dir in ${APP_DIRS}; do
|
||||
configure_permissions_ownership "$dir" -u "${APP_USER}" -g "${APP_USER}"
|
||||
done
|
||||
|
||||
# 解决 PostgreSQL 目录权限过于开放,无法初始化问题:FATAL: data directory "/srv/data/postgresql" has group or world access
|
||||
LOG_D "Lack of permissions on data directory: ${PGDATA}"
|
||||
chmod 0700 ${PGDATA}
|
||||
|
||||
# 解决使用gosu后,nginx: [emerg] open() "/dev/stdout" failed (13: Permission denied)
|
||||
LOG_D "Change permissions of stdout/stderr to 0622"
|
||||
chmod 0622 /dev/stdout /dev/stderr
|
||||
|
||||
LOG_I "** Processing setup.sh finished! **"
|
||||
+13
-14
@@ -1,6 +1,6 @@
|
||||
#!/bin/bash -e
|
||||
#!/bin/bash -ex
|
||||
|
||||
POSTGRESQL_CONF="${APP_DEF_DIR}/${APP_VERSION}/main/postgresql.conf"
|
||||
POSTGRESQL_CONF="${APP_HOME_DIR}/share/${APP_NAME}/postgresql.conf.sample"
|
||||
|
||||
# 在安装完应用后,使用该脚本修改默认配置文件中部分配置项
|
||||
# 如果相应的配置项已经定义整体环境变量,则不需要在这里修改
|
||||
@@ -8,29 +8,28 @@ echo "Process overrides for default configs..."
|
||||
#sed -i -E 's/^listeners=/d' "$KAFKA_HOME/config/server.properties"
|
||||
|
||||
# 设置默认监听地址为 localhost ,防止初始化操作期间外部链接,在容器初始化完成后修改为监听所有地址
|
||||
sed -i -E "s/^#listen_addresses .*/listen_addresses = \'localhost\'/g" ${POSTGRESQL_CONF}
|
||||
sed -i -E "s/^#?(listen_addresses) .*/\1 = 'localhost'/g" ${POSTGRESQL_CONF}
|
||||
|
||||
sed -i -E "s/^data_directory .*/data_directory = \'\/srv\/data\/postgresql\/${APP_VERSION}\'/g" ${POSTGRESQL_CONF}
|
||||
sed -i -E "s/^hba_file .*/hba_file = \'\/srv\/conf\/postgresql\/${APP_VERSION}\/main\/pg_hba.conf\'/g" ${POSTGRESQL_CONF}
|
||||
sed -i -E "s/^ident_file .*/ident_file = \'\/srv\/conf\/postgresql\/${APP_VERSION}\/main\/pg_ident.conf\'/g" ${POSTGRESQL_CONF}
|
||||
sed -i -E "s/^#external_pid_file .*/external_pid_file = \'\/var\/run\/postgresql\/postgresql.pid\'/g" ${POSTGRESQL_CONF}
|
||||
sed -i -E "s/^data_directory .*/data_directory = '\/srv\/data\/${APP_NAME}\/data'/g" ${POSTGRESQL_CONF}
|
||||
sed -i -E "s/^hba_file .*/hba_file = '\/srv\/data\/${APP_NAME}\/data\/pg_hba.conf'/g" ${POSTGRESQL_CONF}
|
||||
sed -i -E "s/^ident_file .*/ident_file = '\/srv\/data\/${APP_NAME}\/data\/pg_ident.conf'/g" ${POSTGRESQL_CONF}
|
||||
sed -i -E "s/^#external_pid_file .*/external_pid_file = '\/var\/run\/${APP_NAME}\/postgresql.pid'/g" ${POSTGRESQL_CONF}
|
||||
sed -i -E "s/^max_connections .*/max_connections = 2000/g" ${POSTGRESQL_CONF}
|
||||
sed -i -E "s/^#password_encryption .*/password_encryption = md5/g" ${POSTGRESQL_CONF}
|
||||
|
||||
sed -i -E "s/^#log_destination .*/log_destination = \'stderr\'/g" ${POSTGRESQL_CONF}
|
||||
sed -i -E "s/^#log_destination .*/log_destination = 'stderr'/g" ${POSTGRESQL_CONF}
|
||||
sed -i -E "s/^#logging_collector .*/logging_collector = on/g" ${POSTGRESQL_CONF}
|
||||
sed -i -E "s/^#log_directory .*/log_directory = \'\/var\/log\/postgresql\'/g" ${POSTGRESQL_CONF}
|
||||
sed -i -E "s/^#log_filename .*/log_filename = \'postgresql-\%Y-\%m-\%d_\%H\%M\%S.log\'/g" ${POSTGRESQL_CONF}
|
||||
sed -i -E "s/^#log_directory .*/log_directory = '\/var\/log\/${APP_NAME}'/g" ${POSTGRESQL_CONF}
|
||||
sed -i -E "s/^#log_filename .*/log_filename = 'postgresql-\%Y-\%m-\%d_\%H\%M\%S.log'/g" ${POSTGRESQL_CONF}
|
||||
sed -i -E "s/^#log_truncate_on_rotation .*/log_truncate_on_rotation = on/g" ${POSTGRESQL_CONF}
|
||||
sed -i -E "s/^#log_rotation_age .*/log_rotation_age = 1d/g" ${POSTGRESQL_CONF}
|
||||
sed -i -E "s/^#log_rotation_size .*/log_rotation_size = 0/g" ${POSTGRESQL_CONF}
|
||||
sed -i -E "s/^log_timezone .*/log_timezone = \'Asia\/Shanghai\'/g" ${POSTGRESQL_CONF}
|
||||
sed -i -E "s/^log_timezone .*/log_timezone = 'Asia\/Shanghai'/g" ${POSTGRESQL_CONF}
|
||||
|
||||
sed -i -E "s/^#include_dir .*/include_dir = \'conf\.d\'/g" ${POSTGRESQL_CONF}
|
||||
#sed -i -E "s/^#include_dir .*/include_dir = 'conf\.d'/g" ${POSTGRESQL_CONF}
|
||||
|
||||
# 修改 unix_socket_directories 与 PID 文件同目录,解决修改 PID 输出目录后 psql 不指定`-h`时 Unix Socket 无法找到问题:
|
||||
# psql: could not connect to server: No such file or directory
|
||||
# Is the server running locally and accepting
|
||||
# connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"?
|
||||
sed -i -E "s/^unix_socket_directories .*/unix_socket_directories = \'\/var\/run\/postgresql\'/g" ${POSTGRESQL_CONF}
|
||||
|
||||
sed -i -E "s/^unix_socket_directories .*/unix_socket_directories = '\/var\/run\/${APP_NAME}'/g" ${POSTGRESQL_CONF}
|
||||
Executable
+10
@@ -0,0 +1,10 @@
|
||||
#!/bin/bash
|
||||
# shell 执行参数,分别为 -e(命令执行错误则退出脚本) -u(变量未定义则报错) -x(打印实际待执行的命令行)
|
||||
set -eux
|
||||
groupadd --gid 998 --system ${APP_USER}
|
||||
useradd --gid 998 --uid 999 --shell /bin/bash --home ${APP_DATA_DIR} --system ${APP_USER}
|
||||
#useradd --gid 998 --uid 999 --shell /usr/sbin/nologin --home ${APP_DATA_DIR} --system ${APP_USER}
|
||||
|
||||
# 如果需要 sudo 权限,需要安装 su 软件包:apk add sudo
|
||||
#sed -i -e 's/^\sDefaults\s*secure_path\s*=/# Defaults secure_path=/' /etc/sudoers
|
||||
#echo "${APP_USER} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
|
||||
Executable
+8
@@ -0,0 +1,8 @@
|
||||
#!/bin/bash
|
||||
# shell 执行参数,分别为 -e(命令执行错误则退出脚本) -u(变量未定义则报错) -x(打印实际待执行的命令行)
|
||||
set -eux
|
||||
|
||||
APP_DIRS="${APP_DEF_DIR:-} ${APP_CONF_DIR:-} ${APP_DATA_DIR:-} ${APP_DATA_LOG_DIR:-} ${APP_CACHE_DIR:-} ${APP_RUN_DIR:-} ${APP_LOG_DIR:-} ${APP_CERT_DIR:-} ${APP_HOME_DIR:-}"
|
||||
|
||||
mkdir -p ${APP_DIRS}
|
||||
chown -Rf ${APP_USER}:${APP_USER} ${APP_DIRS};
|
||||
@@ -1,21 +0,0 @@
|
||||
MIT License
|
||||
|
||||
Copyright (c) 2020 Endial Fang (endial@126.com)
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
@@ -1,146 +0,0 @@
|
||||
#!/bin/bash
|
||||
# Ver: 1.1 by Endial Fang (endial@126.com)
|
||||
#
|
||||
|
||||
# shellcheck disable=SC1091
|
||||
|
||||
BOLD='\033[1m'
|
||||
|
||||
# 加载依赖项
|
||||
. /usr/local/scripts/liblog.sh # 日志输出函数库
|
||||
|
||||
# 函数列表
|
||||
|
||||
# 打印包含包含Logo的欢迎信息
|
||||
# 全局变量:
|
||||
# APP_NAME
|
||||
print_image_welcome_page() {
|
||||
_is_restart && return
|
||||
|
||||
local github_url="https://github.com/colovu/docker-${APP_NAME}"
|
||||
LOG_I ""
|
||||
LOG_I " ######## ######## ### ######## ### ## ### ##"
|
||||
LOG_I " ### ## ### ## ### ### ## ### ## ### ##"
|
||||
LOG_I " ### ### ## ### ### ## ### ## ### ##"
|
||||
LOG_I " ### ### ## ### ### ## ### ## ### ##"
|
||||
LOG_I " ### ### ## ### ### ## ### ## ### ##"
|
||||
LOG_I " ### ## ### ## ### ### ## #### ### ##"
|
||||
LOG_I "######## ######## ######## ######## ## ########"
|
||||
LOG_I ""
|
||||
LOG_I "Welcome to the ${BOLD}${APP_NAME}${RESET} container"
|
||||
LOG_I "Project on Github: ${BOLD}${github_url}${RESET}"
|
||||
LOG_I "Send us your feedback at ${BOLD}endial@126.com${RESET}"
|
||||
LOG_I ""
|
||||
}
|
||||
|
||||
# 根据需要打印欢迎信息
|
||||
# 全局变量:
|
||||
# ENV_DISABLE_WELCOME_MESSAGE
|
||||
# APP_NAME
|
||||
docker_print_welcome() {
|
||||
if [[ -z "${ENV_DISABLE_WELCOME_MESSAGE:-}" ]]; then
|
||||
if [[ -n "$APP_NAME" ]]; then
|
||||
print_image_welcome_page
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
# 检测可能导致容器执行后直接退出的命令,如"--help";如果存在,直接返回 0
|
||||
# 参数:
|
||||
# $1 - 待检测的参数表
|
||||
docker_command_help() {
|
||||
local arg
|
||||
for arg; do
|
||||
case "$arg" in
|
||||
-'?'|--help|-V|--version)
|
||||
return 0
|
||||
;;
|
||||
esac
|
||||
done
|
||||
return 1
|
||||
}
|
||||
|
||||
# 根据脚本扩展名及权限,执行相应的初始化脚本
|
||||
# 参数:
|
||||
# $1 - 文件列表,支持路径通配符
|
||||
# 使用:
|
||||
# docker_process_init_files [file [file [...]]]
|
||||
# 例子:
|
||||
# docker_process_init_files /src/conf/${APP_NAME}/initdb.d/*
|
||||
docker_process_init_files() {
|
||||
echo
|
||||
local f
|
||||
for f; do
|
||||
case "$f" in
|
||||
*.sh)
|
||||
if [ -x "$f" ]; then
|
||||
LOG_I "$0: running $f"
|
||||
"$f"
|
||||
else
|
||||
LOG_I "$0: sourcing $f"
|
||||
. "$f"
|
||||
fi
|
||||
;;
|
||||
*) LOG_W "$0: ignoring $f" ;;
|
||||
esac
|
||||
echo
|
||||
done
|
||||
}
|
||||
|
||||
# 检测应用相应的配置文件是否存在,如果不存在,则从默认配置文件目录拷贝一份
|
||||
# 默认配置文件路径:/etc/${APP_NAME}
|
||||
# 目标配置文件路径:/srv/conf/${APP_NAME}
|
||||
# 参数:
|
||||
# $1 - 基础路径
|
||||
# $* - 基础路径下的文件及目录列表,以" "分割
|
||||
# 例子:
|
||||
# ensure_config_file_exist /etc/${APP_NAME} conf.d server.conf
|
||||
ensure_config_file_exist() {
|
||||
local -r base_path="${1:?paths is missing}"
|
||||
local f=""
|
||||
local dist=""
|
||||
|
||||
shift 1
|
||||
LOG_D "List to check: $@"
|
||||
while [ "$#" -gt 0 ]; do
|
||||
f="${1}"
|
||||
LOG_D "Process \"${f}\""
|
||||
if [ -d "${base_path}/${f}" ]; then
|
||||
dist="$(echo ${base_path}/${f} | sed -e 's/\/etc/\/srv\/conf/g')"
|
||||
[[ ! -d "${dist}" ]] && LOG_I "Create directory: ${dist}" && mkdir -p "${dist}"
|
||||
[[ ! -z $(ls -A "${base_path}/${f}") ]] && ensure_config_file_exist "${base_path}/${f}" $(ls -A "${base_path}/${f}")
|
||||
else
|
||||
dist="$(echo ${base_path}/${f} | sed -e 's/\/etc/\/srv\/conf/g')"
|
||||
[[ ! -e "${dist}" ]] && LOG_I "Copy: ${base_path}/${f} ===> ${dist}" && cp "${base_path}/${f}" "${dist}" && rm -rf "/srv/conf/${APP_NAME}/.app_init_flag"
|
||||
fi
|
||||
shift
|
||||
done
|
||||
}
|
||||
|
||||
# 检测当前用户是否为 root
|
||||
# 返回值:
|
||||
# 布尔值
|
||||
_is_run_as_root() {
|
||||
if [[ "$(id -u)" = "0" ]]; then
|
||||
LOG_D "Check if run as root: Yes"
|
||||
true
|
||||
else
|
||||
LOG_D "Check if run as root: No (ID $(id -u))"
|
||||
false
|
||||
fi
|
||||
}
|
||||
|
||||
_is_restart() {
|
||||
if [ x"${RESTART_FLAG:-}" = "x" ]; then
|
||||
false
|
||||
else
|
||||
true
|
||||
fi
|
||||
}
|
||||
|
||||
# 检测当前脚本是被直接执行的,还是从其他脚本中使用 "source" 调用的
|
||||
_is_sourced() {
|
||||
[ "${#FUNCNAME[@]}" -ge 2 ] \
|
||||
&& [ "${FUNCNAME[0]}" = '_is_sourced' ] \
|
||||
&& [ "${FUNCNAME[1]}" = 'source' ]
|
||||
}
|
||||
@@ -1,97 +0,0 @@
|
||||
#!/bin/bash
|
||||
# Ver: 1.0 by Endial Fang (endial@126.com)
|
||||
#
|
||||
# 从服务器(列表)下载相应软件包
|
||||
|
||||
# Constants
|
||||
#CV_BASE="http://archive.colovu.com/dist-files/"
|
||||
#CV_BASE="http://10.37.129.2/dist-files/"
|
||||
CV_BASE=""
|
||||
|
||||
# 检测软件包签名是否正确
|
||||
# 参数:
|
||||
# $1 - 软件包签名文件
|
||||
# $2 - 软件包文件
|
||||
# $3 - PGPKEY
|
||||
check_pgp() {
|
||||
local name_asc=${1:?missing asc file name}
|
||||
local name=${2:?missing file name}
|
||||
local keys="${3:?missing key id}"
|
||||
|
||||
GNUPGHOME="$(mktemp -d)"
|
||||
for key in $keys; do
|
||||
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "${key}" ||
|
||||
gpg --batch --keyserver pgp.mit.edu --recv-keys "${key}" ||
|
||||
gpg --batch --keyserver keys.gnupg.net --recv-keys "${key}" ||
|
||||
gpg --batch --keyserver keyserver.pgp.com --recv-keys "${key}";
|
||||
done
|
||||
gpg --batch --verify "$name_asc" "$name"
|
||||
command -v gpgconf > /dev/null && gpgconf --kill all
|
||||
rm -rf "$GNUPGHOME" "$name_asc"
|
||||
}
|
||||
|
||||
# 从私有服务器下载软件包,如果不存在,则从官网服务器下载
|
||||
# 参数:
|
||||
# $1 - 软件包全名(字符串)
|
||||
# $2 - 官网路径(字符串)
|
||||
# $3 - "-c"/"--checksum"
|
||||
# $4 - 软件包SHA256值
|
||||
# $3 - "-g"/"--pgpkey"
|
||||
# $4 - 用于软件包签名的KEY ID
|
||||
# 例子:
|
||||
# . /usr/local/scripts/libdownload.sh && download_dist "java" "11.0.7-0" --checksum 02a1fc9b79b11617ad39221667f6a34209f5c45ca908268f8ba6c264a2577ee2
|
||||
download_dist() {
|
||||
local name="${1:?name is required}"
|
||||
local base_urls="${2:?url is required}"
|
||||
local package_sha256=""
|
||||
local pgp_key=""
|
||||
local success=""
|
||||
|
||||
# 获取SHA256或PGP KEY
|
||||
shift 2
|
||||
while [ "$#" -gt 0 ]; do
|
||||
case "$1" in
|
||||
-c|--checksum)
|
||||
shift
|
||||
package_sha256="${1:?missing package checksum}"
|
||||
;;
|
||||
-g|--pgpkey)
|
||||
shift
|
||||
pgp_key="${1:?missing package PGP key}"
|
||||
;;
|
||||
*)
|
||||
echo "Invalid command line flag $1" >&2
|
||||
return 1
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
echo "Downloading $name package"
|
||||
for url in $CV_BASE $base_urls; do
|
||||
if wget -O "$name" "$url$name" && [ -s "$name" ]; then
|
||||
if [ -n "$pgp_key" ]; then
|
||||
wget -O "$name.asc" "$url$name.asc"
|
||||
if [ ! -e "$name.asc" ]; then
|
||||
wget -O "$name.asc" "$url$name.sig"
|
||||
fi
|
||||
fi
|
||||
success=1
|
||||
break
|
||||
fi
|
||||
done
|
||||
|
||||
if [ -n "$success" ]; then
|
||||
if [ -n "$package_sha256" ]; then
|
||||
echo "Verifying package whith sha256"
|
||||
echo "$package_sha256 *${name}" | sha256sum --check -
|
||||
fi
|
||||
|
||||
if [ -n "$pgp_key" ]; then
|
||||
echo "Verifying package with PGP"
|
||||
check_pgp "$name.asc" "$name" "$pgp_key"
|
||||
fi
|
||||
else
|
||||
[ -n "$success" ]
|
||||
fi
|
||||
}
|
||||
@@ -1,78 +0,0 @@
|
||||
#!/bin/bash
|
||||
# Ver: 1.0 by Endial Fang (endial@126.com)
|
||||
#
|
||||
# 文件操作函数库
|
||||
|
||||
# 加载依赖项
|
||||
. /usr/local/scripts/liblog.sh # 日志输出函数库
|
||||
|
||||
# 函数列表
|
||||
|
||||
# 检测"*_FILE"文件,并从文件中读取信息作为参数值;环境变量不允许 VAR 与 VAR_FILE 方式并存
|
||||
# 变量:
|
||||
# $1 - 需要设置的环境变量名称
|
||||
# $2 - 该变量对应的默认值(Option)
|
||||
#
|
||||
# 使用: file_env ENV_VAR [DEFAULT]
|
||||
file_env() {
|
||||
local var="$1"
|
||||
local fileVar="${var}_FILE"
|
||||
local def="${2:-}"
|
||||
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
|
||||
LOG_E "Both $var and $fileVar are set (but are exclusive)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
local val="$def"
|
||||
if [ "${!var:-}" ]; then
|
||||
val="${!var}"
|
||||
elif [ "${!fileVar:-}" ]; then
|
||||
val="$(< "${!fileVar}")"
|
||||
fi
|
||||
|
||||
export "$var"="$val"
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
# 使用规则表达式在文件中替换数据
|
||||
# 参数:
|
||||
# $1 - 文件名
|
||||
# $2 - 正则表达式
|
||||
# $3 - 替代数据表达式
|
||||
# $4 - 是否使用POSIX表达式. Default: true
|
||||
replace_in_file() {
|
||||
local filename="${1:?filename is required}"
|
||||
local match_regex="${2:?match regex is required}"
|
||||
local substitute_regex="${3:?substitute regex is required}"
|
||||
local posix_regex=${4:-true}
|
||||
|
||||
local result
|
||||
|
||||
# 因部分系统兼容性问题,需要防止使用 'sed in-place' 方式操作
|
||||
if [[ $posix_regex = true ]]; then
|
||||
result="$(sed -E "s@$match_regex@$substitute_regex@g" "$filename")"
|
||||
else
|
||||
result="$(sed "s@$match_regex@$substitute_regex@g" "$filename")"
|
||||
fi
|
||||
echo "$result" > "$filename"
|
||||
}
|
||||
|
||||
# 使用规则表达式在文件中删除数据
|
||||
# 参数:
|
||||
# $1 - 文件名
|
||||
# $2 - 正则表达式
|
||||
# $3 - 是否使用POSIX表达式. Default: true
|
||||
remove_in_file() {
|
||||
local filename="${1:?filename is required}"
|
||||
local match_regex="${2:?match regex is required}"
|
||||
local posix_regex=${3:-true}
|
||||
local result
|
||||
|
||||
# 因部分系统兼容性问题,需要防止使用 'sed in-place' 方式操作
|
||||
if [[ $posix_regex = true ]]; then
|
||||
result="$(sed -E "/$match_regex/d" "$filename")"
|
||||
else
|
||||
result="$(sed "/$match_regex/d" "$filename")"
|
||||
fi
|
||||
echo "$result" > "$filename"
|
||||
}
|
||||
@@ -1,120 +0,0 @@
|
||||
#!/bin/bash
|
||||
# Ver: 1.1 by Endial Fang (endial@126.com)
|
||||
#
|
||||
# 文件管理函数库
|
||||
|
||||
# 加载依赖项
|
||||
. /usr/local/scripts/liblog.sh # 日志输出函数库
|
||||
|
||||
# 函数列表
|
||||
|
||||
# Ensure a file/directory is owned (user and group) but the given user
|
||||
# Arguments:
|
||||
# $1 - filepath
|
||||
# $2 - owner
|
||||
ensure_owned_by() {
|
||||
local path="${1:?path is missing}"
|
||||
local owner="${2:?owner is missing}"
|
||||
|
||||
chown "$owner":"$owner" "$path"
|
||||
}
|
||||
|
||||
# 检测目录是否存在,如果不存在则创建,同时修改为指定的用户
|
||||
# Arguments:
|
||||
# $1 - directory
|
||||
# $2 - owner
|
||||
ensure_dir_exists() {
|
||||
local dir="${1:?directory is missing}"
|
||||
local owner="${2:-}"
|
||||
|
||||
mkdir -p "${dir}"
|
||||
if [[ -n $owner ]]; then
|
||||
ensure_owned_by "$dir" "$owner"
|
||||
fi
|
||||
}
|
||||
|
||||
# 检测目录是否存在或为空
|
||||
# 参数:
|
||||
# $1 - 目录路径
|
||||
# 返回值:
|
||||
# 布尔值
|
||||
is_dir_empty() {
|
||||
local dir="${1:?missing directory}"
|
||||
|
||||
if [[ ! -e "$dir" ]] || [[ -z "$(ls -A "$dir")" ]]; then
|
||||
true
|
||||
else
|
||||
false
|
||||
fi
|
||||
}
|
||||
|
||||
# 循环设置目录中子目录及文件权限
|
||||
# 参数:
|
||||
# $1 - paths (as a string).
|
||||
# Flags:
|
||||
# -f|--file-mode - 文件权限模式
|
||||
# -d|--dir-mode - 目录权限模式
|
||||
# -u|--user - 用户
|
||||
# -g|--group - 用户组
|
||||
configure_permissions_ownership() {
|
||||
local -r paths="${1:?paths is missing}"
|
||||
local dir_mode=""
|
||||
local file_mode=""
|
||||
local user=""
|
||||
local group=""
|
||||
|
||||
# Validate arguments
|
||||
shift 1
|
||||
while [ "$#" -gt 0 ]; do
|
||||
case "$1" in
|
||||
-f|--file-mode)
|
||||
shift
|
||||
file_mode="${1:?missing mode for files}"
|
||||
;;
|
||||
-d|--dir-mode)
|
||||
shift
|
||||
dir_mode="${1:?missing mode for directories}"
|
||||
;;
|
||||
-u|--user)
|
||||
shift
|
||||
user="${1:?missing user}"
|
||||
;;
|
||||
-g|--group)
|
||||
shift
|
||||
group="${1:?missing group}"
|
||||
;;
|
||||
*)
|
||||
LOG_E "Invalid command line flag $1" >&2
|
||||
return 1
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
read -r -a filepaths <<< "$paths"
|
||||
for p in "${filepaths[@]}"; do
|
||||
if [[ -e "$p" ]]; then
|
||||
LOG_D "Check $p"
|
||||
if [[ -n ${dir_mode} ]]; then
|
||||
LOG_D "Change permissions to ${dir_mode} of directories in $p"
|
||||
find -L "$p" -type d -print | xargs -i chmod "${dir_mode}" '{}'
|
||||
fi
|
||||
if [[ -n ${file_mode} ]]; then
|
||||
LOG_D "Change permissions to ${file_mode} of files in $p"
|
||||
find -L "$p" -type f -print | xargs -i chmod "${file_mode}" '{}'
|
||||
fi
|
||||
if [[ -n $user ]] && [[ -n ${group} ]]; then
|
||||
LOG_D "Change ownership to ${user}:${group} of files and directories in $p"
|
||||
find -L "$p" \( \! -user ${user} -or \! -group ${group} \) -print | xargs -i chown -L "${user}":"${group}" '{}'
|
||||
elif [[ -n $user ]] && [[ -z $group ]]; then
|
||||
LOG_D "Change user to ${user} of files and directories in $p"
|
||||
find -L "$p" \! -user ${user} -print | xargs -i chown -L "${user}" '{}'
|
||||
elif [[ -z $user ]] && [[ -n $group ]]; then
|
||||
LOG_D "Change group to ${group} of files and directories in $p"
|
||||
find -L "$p" \! -group ${group} -print | xargs -i chgrp -L "${group}" '{}'
|
||||
fi
|
||||
else
|
||||
LOG_E "$p does not exist"
|
||||
fi
|
||||
done
|
||||
}
|
||||
@@ -1,66 +0,0 @@
|
||||
#!/bin/bash
|
||||
# Ver: 1.0 by Endial Fang (endial@126.com)
|
||||
#
|
||||
# 日志处理函数库
|
||||
|
||||
# 定义颜色信息
|
||||
RESET='\033[0m'
|
||||
RED='\033[31;1m'
|
||||
GREEN='\033[32;2m'
|
||||
YELLOW='\033[33;1m'
|
||||
MAGENTA='\033[36;2m'
|
||||
CYAN='\033[35;2m'
|
||||
BLUE='\033[34;2m'
|
||||
|
||||
# 函数列表
|
||||
|
||||
# 输出实际日志信息
|
||||
# 参数:
|
||||
# $1 - 日志类型
|
||||
# $2 - 日志信息
|
||||
LOG_RAW() {
|
||||
local type="$1"; shift
|
||||
case "${type}" in
|
||||
x) printf "${CYAN}${APP_NAME:-} ${MAGENTA}%s ${RESET}${BLUE}DEBUG${RESET} %b\n" "$(date "+%T.%2N")" "${*}" ;;
|
||||
I) printf "${CYAN}${APP_NAME:-} ${MAGENTA}%s ${RESET}${GREEN}INFO ${RESET} %b\n" "$(date "+%T.%2N")" "${*}";;
|
||||
W) printf "${CYAN}${APP_NAME:-} ${MAGENTA}%s ${RESET}${YELLOW}WARN ${RESET} %b\n" "$(date "+%T.%2N")" "${*}";;
|
||||
E) printf "${CYAN}${APP_NAME:-} ${MAGENTA}%s ${RESET}${RED}ERROR${RESET} %b\n" "$(date "+%T.%2N")" "${*}";;
|
||||
esac
|
||||
}
|
||||
|
||||
# 输出调试类日志信息,尽量少使用
|
||||
# 参数:
|
||||
# $1 - 日志类型
|
||||
# $2 - 日志信息
|
||||
LOG_D() {
|
||||
local -r bool="${ENV_DEBUG:-false}"
|
||||
shopt -s nocasematch
|
||||
if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then
|
||||
LOG_RAW x "$@"
|
||||
fi
|
||||
}
|
||||
|
||||
# 输出提示信息类日志信息
|
||||
# 参数:
|
||||
# $1 - 日志类型
|
||||
# $2 - 日志信息
|
||||
LOG_I() {
|
||||
shopt -s nocasematch
|
||||
LOG_RAW I "$@"
|
||||
}
|
||||
|
||||
# 输出警告类日志信息至sterr
|
||||
# 参数:
|
||||
# $1 - 日志类型
|
||||
# $2 - 日志信息
|
||||
LOG_W() {
|
||||
LOG_RAW W "$@" >&2
|
||||
}
|
||||
|
||||
# 输出错误类日志信息至sterr,并退出脚本
|
||||
# 参数:
|
||||
# $1 - 日志类型
|
||||
# $2 - 日志信息
|
||||
LOG_E() {
|
||||
LOG_RAW E "$@" >&2
|
||||
}
|
||||
@@ -1,120 +0,0 @@
|
||||
#!/bin/bash
|
||||
# Ver: 1.0 by Endial Fang (endial@126.com)
|
||||
#
|
||||
# 网络管理函数库
|
||||
|
||||
# shellcheck disable=SC1091
|
||||
|
||||
# 加载依赖项
|
||||
. /usr/local/scripts/liblog.sh # 日志输出函数库
|
||||
|
||||
# 函数列表
|
||||
|
||||
# 解析主机名为 IP
|
||||
# 参数:
|
||||
# $1 - 待解析的主机名
|
||||
# 返回值:
|
||||
# IP 地址
|
||||
#########################
|
||||
dns_lookup() {
|
||||
local host="${1:?host is missing}"
|
||||
getent ahosts "$host" | awk '/STREAM/ {print $1 }'
|
||||
}
|
||||
|
||||
# 等待主机名解析,并返回 IP
|
||||
# 参数:
|
||||
# $1 - 主机名
|
||||
# $2 - 重试次数
|
||||
# $3 - 重试间隔(秒)
|
||||
# 返回值:
|
||||
# - IP 地址
|
||||
wait_for_dns_lookup() {
|
||||
local hostname="${1:?hostname is missing}"
|
||||
local retries="${2:-5}"
|
||||
local seconds="${3:-1}"
|
||||
check_host() {
|
||||
if [[ $(dns_lookup "$hostname") == "" ]]; then
|
||||
false
|
||||
else
|
||||
true
|
||||
fi
|
||||
}
|
||||
# Wait for the host to be ready
|
||||
retry_while "check_host ${hostname}" "$retries" "$seconds"
|
||||
dns_lookup "$hostname"
|
||||
}
|
||||
|
||||
# 获取机器的 IP
|
||||
# 返回值:
|
||||
# - IP 地址
|
||||
get_machine_ip() {
|
||||
dns_lookup "$(hostname)"
|
||||
}
|
||||
|
||||
# 检测提供的参数是否为可解析地址的主机名
|
||||
# 参数:
|
||||
# $1 - 待检测值
|
||||
# 返回值:
|
||||
# 布尔值
|
||||
is_hostname_resolved() {
|
||||
local -r host="${1:?missing value}"
|
||||
if [[ -n "$(dns_lookup "$host")" ]]; then
|
||||
true
|
||||
else
|
||||
false
|
||||
fi
|
||||
}
|
||||
|
||||
# 解析 URL
|
||||
# 参数:
|
||||
# $1 - URI 字符串
|
||||
# $2 - 待解析参数字符串。有效值 (scheme, authority, userinfo, host, port, path, query or fragment)
|
||||
# 返回值:
|
||||
# 字符串
|
||||
parse_uri() {
|
||||
local uri="${1:?uri is missing}"
|
||||
local component="${2:?component is missing}"
|
||||
|
||||
# Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with
|
||||
# additional sub-expressions to split authority into userinfo, host and port
|
||||
# Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969)
|
||||
local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?'
|
||||
# || | ||| | | | | | | | | |
|
||||
# |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment
|
||||
# 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #...
|
||||
# | 4 authority
|
||||
# 3 //...
|
||||
local index=0
|
||||
case "$component" in
|
||||
scheme)
|
||||
index=2
|
||||
;;
|
||||
authority)
|
||||
index=4
|
||||
;;
|
||||
userinfo)
|
||||
index=6
|
||||
;;
|
||||
host)
|
||||
index=7
|
||||
;;
|
||||
port)
|
||||
index=9
|
||||
;;
|
||||
path)
|
||||
index=10
|
||||
;;
|
||||
query)
|
||||
index=13
|
||||
;;
|
||||
fragment)
|
||||
index=14
|
||||
;;
|
||||
*)
|
||||
stderr_print "unrecognized component $component"
|
||||
return 1
|
||||
;;
|
||||
esac
|
||||
[[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}"
|
||||
}
|
||||
|
||||
@@ -1,159 +0,0 @@
|
||||
#!/bin/bash
|
||||
# Ver: 1.0 by Endial Fang (endial@126.com)
|
||||
#
|
||||
# 操作系统控制函数库
|
||||
|
||||
# shellcheck disable=SC1091
|
||||
|
||||
# 加载依赖项
|
||||
. /usr/local/scripts/liblog.sh # 日志输出函数库
|
||||
|
||||
# 函数列表
|
||||
|
||||
# 检测指定用户账户是否存在
|
||||
# 参数:
|
||||
# $1 - 用户账户
|
||||
# 返回值:
|
||||
# 布尔值
|
||||
user_exists() {
|
||||
local user="${1:?user is missing}"
|
||||
id "$user" >/dev/null 2>&1
|
||||
}
|
||||
|
||||
# 检测指定用户分组是否存在
|
||||
# 参数:
|
||||
# $1 - 用户组
|
||||
# 返回值:
|
||||
# 布尔值
|
||||
group_exists() {
|
||||
local group="${1:?group is missing}"
|
||||
getent group "$group" >/dev/null 2>&1
|
||||
}
|
||||
|
||||
# 确保用户组存在,如果不存在则创建相应用户组
|
||||
# 参数:
|
||||
# $1 - 用户组
|
||||
ensure_group_exists() {
|
||||
local group="${1:?group is missing}"
|
||||
|
||||
if ! group_exists "$group"; then
|
||||
groupadd "$group" >/dev/null 2>&1
|
||||
fi
|
||||
}
|
||||
|
||||
# 确保用户组及用户账户存在,如果不存在则创建相应用户组及账户
|
||||
# 参数:
|
||||
# $1 - 用户
|
||||
# $2 - 用户组
|
||||
ensure_user_exists() {
|
||||
local user="${1:?user is missing}"
|
||||
local group="${2:-}"
|
||||
|
||||
if ! user_exists "$user"; then
|
||||
useradd "$user" >/dev/null 2>&1
|
||||
fi
|
||||
|
||||
if [[ -n "$group" ]]; then
|
||||
ensure_group_exists "$group"
|
||||
fi
|
||||
|
||||
usermod -a -G "$group" "$user" >/dev/null 2>&1
|
||||
}
|
||||
|
||||
# 获取系统可用内存
|
||||
# 返回值:
|
||||
# 内存大小(MB)
|
||||
get_total_memory() {
|
||||
echo $(($(grep MemTotal /proc/meminfo | awk '{print $2}') / 1024))
|
||||
}
|
||||
|
||||
# 获取以定量方式描述的内存大小
|
||||
# 参数:
|
||||
# $1 - 内存大小 (可选)
|
||||
# 返回值:
|
||||
# 基于定量内存大小的内存大小描述
|
||||
get_machine_size() {
|
||||
local memory="${1:-}"
|
||||
if [[ -z "$memory" ]]; then
|
||||
debug "Memory was not specified, detecting available memory automatically"
|
||||
memory="$(get_total_memory)"
|
||||
fi
|
||||
sanitized_memory=$(convert_to_mb "$memory")
|
||||
if [[ "$sanitized_memory" -gt 26000 ]]; then
|
||||
echo 2xlarge
|
||||
elif [[ "$sanitized_memory" -gt 13000 ]]; then
|
||||
echo xlarge
|
||||
elif [[ "$sanitized_memory" -gt 6000 ]]; then
|
||||
echo large
|
||||
elif [[ "$sanitized_memory" -gt 3000 ]]; then
|
||||
echo medium
|
||||
elif [[ "$sanitized_memory" -gt 1500 ]]; then
|
||||
echo small
|
||||
else
|
||||
echo micro
|
||||
fi
|
||||
}
|
||||
|
||||
# 获取已定义的所有内存大小描述
|
||||
# 返回值:
|
||||
# 内存大小描述
|
||||
get_supported_machine_sizes() {
|
||||
echo micro small medium large xlarge 2xlarge
|
||||
}
|
||||
|
||||
# 将以字符串表示的内存大小转换为以MB为单位的内存大小值 (i.e. 2G -> 2048)
|
||||
# 参数:
|
||||
# $1 - 内存大小
|
||||
# 返回值:
|
||||
# 内存大小值(以MB为单位)
|
||||
convert_to_mb() {
|
||||
local amount="${1:-}"
|
||||
if [[ $amount =~ ^([0-9]+)(M|G) ]]; then
|
||||
size="${BASH_REMATCH[1]}"
|
||||
unit="${BASH_REMATCH[2]}"
|
||||
if [[ "$unit" = "G" ]]; then
|
||||
amount="$((size * 1024))"
|
||||
else
|
||||
amount="$size"
|
||||
fi
|
||||
fi
|
||||
echo "$amount"
|
||||
}
|
||||
|
||||
# 如果禁用调试模式,将输出信息重定向至 /dev/null
|
||||
# 全局变量:
|
||||
# ENV_DEBUG
|
||||
# 参数:
|
||||
# $@ - 待执行的命令
|
||||
debug_execute() {
|
||||
local -r bool="${ENV_DEBUG:-false}"
|
||||
shopt -s nocasematch
|
||||
if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then
|
||||
"$@" >/dev/null 2>&1
|
||||
else
|
||||
"$@"
|
||||
fi
|
||||
}
|
||||
|
||||
# 重试执行命令
|
||||
# 参数:
|
||||
# $1 - cmd (as a string)
|
||||
# $2 - 最大尝试次数. Default: 12
|
||||
# $3 - 重试前等待时间(秒). Default: 5
|
||||
# 返回值:
|
||||
# 布尔值
|
||||
retry_while() {
|
||||
local -r cmd="${1:?cmd is missing}"
|
||||
local -r retries="${2:-12}"
|
||||
local -r sleep_time="${3:-5}"
|
||||
local return_value=1
|
||||
|
||||
read -r -a command <<< "$cmd"
|
||||
for ((i = 1 ; i <= retries ; i+=1 )); do
|
||||
"${command[@]}" && return_value=0 && break
|
||||
sleep "$sleep_time"
|
||||
done
|
||||
return $return_value
|
||||
}
|
||||
|
||||
|
||||
@@ -1,132 +0,0 @@
|
||||
#!/bin/bash
|
||||
# Ver: 1.0 by Endial Fang (endial@126.com)
|
||||
#
|
||||
# 服务管理函数库
|
||||
|
||||
# shellcheck disable=SC1091
|
||||
|
||||
# 加载依赖项
|
||||
. /usr/local/scripts/liblog.sh # 日志输出函数库
|
||||
|
||||
# 函数列表
|
||||
|
||||
# 获取并返回服务 PID
|
||||
# 参数:
|
||||
# $1 - PID 文件
|
||||
# 返回值:
|
||||
# PID
|
||||
get_pid_from_file() {
|
||||
local pid_file="${1:?pid file is missing}"
|
||||
|
||||
if [[ -f "$pid_file" ]]; then
|
||||
if [[ -n "$(< "$pid_file")" ]] && [[ "$(< "$pid_file")" -gt 0 ]]; then
|
||||
echo "$(< "$pid_file")"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
# 检测 PID 对应的服务是否在运行中
|
||||
# 参数:
|
||||
# $1 - PID
|
||||
# 返回值:
|
||||
# Boolean
|
||||
is_service_running() {
|
||||
local pid="${1:?pid is missing}"
|
||||
|
||||
kill -0 "$pid" 2>/dev/null
|
||||
}
|
||||
|
||||
# 通过发送信号停止一个指定的服务
|
||||
# 参数:
|
||||
# $1 - PID 文件
|
||||
# $2 - 信号 (可选)
|
||||
stop_service_using_pid() {
|
||||
local pid_file="${1:?pid file is missing}"
|
||||
local signal="${2:-}"
|
||||
local pid
|
||||
|
||||
pid="$(get_pid_from_file "$pid_file")"
|
||||
[[ -z "$pid" ]] || ! is_service_running "$pid" && return
|
||||
|
||||
if [[ -n "$signal" ]]; then
|
||||
kill "-${signal}" "$pid"
|
||||
else
|
||||
kill "$pid"
|
||||
fi
|
||||
|
||||
local counter=10
|
||||
while [[ "$counter" -ne 0 ]] && is_service_running "$pid"; do
|
||||
sleep 1
|
||||
counter=$((counter - 1))
|
||||
done
|
||||
}
|
||||
|
||||
# 为指定的服务生成一个监控配置文件
|
||||
# Arguments:
|
||||
# $1 - 服务名
|
||||
# $2 - PID 文件
|
||||
# $3 - 启动命令
|
||||
# $4 - 停止命令
|
||||
# Flags:
|
||||
# --disabled - Whether to disable the monit configuration
|
||||
generate_monit_conf() {
|
||||
local service_name="${1:?service name is missing}"
|
||||
local pid_file="${2:?pid file is missing}"
|
||||
local start_command="${3:?start command is missing}"
|
||||
local stop_command="${4:?stop command is missing}"
|
||||
local monit_conf_dir="/etc/monit/conf.d"
|
||||
local disabled="no"
|
||||
|
||||
# Parse optional CLI flags
|
||||
shift 4
|
||||
while [[ "$#" -gt 0 ]]; do
|
||||
case "$1" in
|
||||
--disabled)
|
||||
shift
|
||||
disabled="$1"
|
||||
;;
|
||||
*)
|
||||
echo "Invalid command line flag ${1}" >&2
|
||||
return 1
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
is_boolean_yes "$disabled" && conf_suffix=".disabled"
|
||||
mkdir -p "$monit_conf_dir"
|
||||
cat >"${monit_conf_dir}/${service_name}.conf${conf_suffix:-}" <<EOF
|
||||
check process ${service_name}
|
||||
with pidfile "${pid_file}"
|
||||
start program = "${start_command}" with timeout 90 seconds
|
||||
stop program = "${stop_command}" with timeout 90 seconds
|
||||
EOF
|
||||
}
|
||||
|
||||
# 生成一个 Logrotate 配置文件
|
||||
# Arguments:
|
||||
# $1 - 日志路径
|
||||
# $2 - Period
|
||||
# $3 - Rotations 存储的数量
|
||||
# $4 - 其他参数 (可选)
|
||||
generate_logrotate_conf() {
|
||||
local service_name="${1:?service name is missing}"
|
||||
local log_path="${2:?log path is missing}"
|
||||
local period="${3:-weekly}"
|
||||
local rotations="${4:-150}"
|
||||
local extra_options="${5:-}"
|
||||
local logrotate_conf_dir="/etc/logrotate.d"
|
||||
|
||||
mkdir -p "$logrotate_conf_dir"
|
||||
cat >"${logrotate_conf_dir}/${service_name}" <<EOF
|
||||
${log_path} {
|
||||
${period}
|
||||
rotate ${rotations}
|
||||
dateext
|
||||
compress
|
||||
copytruncate
|
||||
missingok
|
||||
${extra_options}
|
||||
}
|
||||
EOF
|
||||
}
|
||||
@@ -1,229 +0,0 @@
|
||||
#!/bin/bash
|
||||
# Ver: 1.0 by Endial Fang (endial@126.com)
|
||||
#
|
||||
# 数据有效性校验函数库
|
||||
|
||||
# 加载依赖项
|
||||
. /usr/local/scripts/liblog.sh # 日志输出函数库
|
||||
|
||||
# 函数列表
|
||||
|
||||
# 检测数据是否为整数
|
||||
# 参数:
|
||||
# $1 - 待检测的数据
|
||||
# 返回值:
|
||||
# 布尔值
|
||||
is_int() {
|
||||
local -r int="${1:?missing value}"
|
||||
if [[ "$int" =~ ^-?[0-9]+ ]]; then
|
||||
true
|
||||
else
|
||||
false
|
||||
fi
|
||||
}
|
||||
|
||||
# 检测数据是否为正整数
|
||||
# 参数:
|
||||
# $1 - 待检测的数据
|
||||
# 返回值:
|
||||
# 布尔值
|
||||
is_positive_int() {
|
||||
local -r int="${1:?missing value}"
|
||||
if is_int "$int" && (( "${int}" >= 0 )); then
|
||||
true
|
||||
else
|
||||
false
|
||||
fi
|
||||
}
|
||||
|
||||
# 检测数据是否为布尔值 '1' 或字符串 'yes/true'
|
||||
# 参数:
|
||||
# $1 - 待检测的数据
|
||||
# 返回值:
|
||||
# 布尔值
|
||||
is_boolean_yes() {
|
||||
local -r bool="${1:-}"
|
||||
# comparison is performed without regard to the case of alphabetic characters
|
||||
shopt -s nocasematch
|
||||
if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then
|
||||
true
|
||||
else
|
||||
false
|
||||
fi
|
||||
}
|
||||
|
||||
# 检测数据是否为字符串 'yes/no'
|
||||
# 参数:
|
||||
# $1 - 待检测的数据
|
||||
# 返回值:
|
||||
# 布尔值
|
||||
is_yes_no_value() {
|
||||
local -r bool="${1:-}"
|
||||
if [[ "$bool" =~ ^(yes|no)$ ]]; then
|
||||
true
|
||||
else
|
||||
false
|
||||
fi
|
||||
}
|
||||
|
||||
# 检测数据是否为字符串 'true/false'
|
||||
# 参数:
|
||||
# $1 - 待检测的数据
|
||||
# 返回值:
|
||||
# 布尔值
|
||||
is_true_false_value() {
|
||||
local -r bool="${1:-}"
|
||||
if [[ "$bool" =~ ^(true|false)$ ]]; then
|
||||
true
|
||||
else
|
||||
false
|
||||
fi
|
||||
}
|
||||
|
||||
# 检测提供的参数是否为空字符串或未定义
|
||||
# 参数:
|
||||
# $1 - 待检测的数据
|
||||
# 返回值:
|
||||
# 布尔值
|
||||
is_empty_value() {
|
||||
local -r val="${1:-}"
|
||||
if [[ -z "$val" ]]; then
|
||||
true
|
||||
else
|
||||
false
|
||||
fi
|
||||
}
|
||||
|
||||
# 检测数据是否为有效的端口号
|
||||
# 参数:
|
||||
# $1 - 待检测的数据
|
||||
# 返回值:
|
||||
# 布尔值 或 错误消息
|
||||
validate_port() {
|
||||
local value
|
||||
local unprivileged=0
|
||||
|
||||
# Parse flags
|
||||
while [[ "$#" -gt 0 ]]; do
|
||||
case "$1" in
|
||||
-unprivileged)
|
||||
unprivileged=1
|
||||
;;
|
||||
--)
|
||||
shift
|
||||
break
|
||||
;;
|
||||
-*)
|
||||
stderr_print "unrecognized flag $1"
|
||||
return 1
|
||||
;;
|
||||
*)
|
||||
break
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
if [[ "$#" -gt 1 ]]; then
|
||||
echo "too many arguments provided"
|
||||
return 2
|
||||
elif [[ "$#" -eq 0 ]]; then
|
||||
stderr_print "missing port argument"
|
||||
return 1
|
||||
else
|
||||
value=$1
|
||||
fi
|
||||
|
||||
if [[ -z "$value" ]]; then
|
||||
echo "the value is empty"
|
||||
return 1
|
||||
else
|
||||
if ! is_int "$value"; then
|
||||
echo "value is not an integer"
|
||||
return 2
|
||||
elif [[ "$value" -lt 0 ]]; then
|
||||
echo "negative value provided"
|
||||
return 2
|
||||
elif [[ "$value" -gt 65535 ]]; then
|
||||
echo "requested port is greater than 65535"
|
||||
return 2
|
||||
elif [[ "$unprivileged" = 1 && "$value" -lt 1024 ]]; then
|
||||
echo "privileged port requested"
|
||||
return 3
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
# 检测数据是否为有效的IPv4地址
|
||||
# 参数:
|
||||
# $1 - 待检测的数据
|
||||
# 返回值:
|
||||
# 布尔值
|
||||
validate_ipv4() {
|
||||
local ip="${1:?ip is missing}"
|
||||
local stat=1
|
||||
|
||||
if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
|
||||
read -r -a ip_array <<< "$(tr '.' ' ' <<< "$ip")"
|
||||
[[ ${ip_array[0]} -le 255 && ${ip_array[1]} -le 255 \
|
||||
&& ${ip_array[2]} -le 255 && ${ip_array[3]} -le 255 ]]
|
||||
stat=$?
|
||||
fi
|
||||
return $stat
|
||||
}
|
||||
|
||||
# 校验字符串格式
|
||||
# 参数:
|
||||
# $1 - 待检测的数据
|
||||
# 返回值:
|
||||
# 布尔值
|
||||
validate_string() {
|
||||
local string
|
||||
local min_length=-1
|
||||
local max_length=-1
|
||||
|
||||
# Parse flags
|
||||
while [ "$#" -gt 0 ]; do
|
||||
case "$1" in
|
||||
-min-length)
|
||||
shift
|
||||
min_length=${1:-}
|
||||
;;
|
||||
-max-length)
|
||||
shift
|
||||
max_length=${1:-}
|
||||
;;
|
||||
--)
|
||||
shift
|
||||
break
|
||||
;;
|
||||
-*)
|
||||
stderr_print "unrecognized flag $1"
|
||||
return 1
|
||||
;;
|
||||
*)
|
||||
break
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
if [ "$#" -gt 1 ]; then
|
||||
stderr_print "too many arguments provided"
|
||||
return 2
|
||||
elif [ "$#" -eq 0 ]; then
|
||||
stderr_print "missing string"
|
||||
return 1
|
||||
else
|
||||
string=$1
|
||||
fi
|
||||
|
||||
if [[ "$min_length" -ge 0 ]] && [[ "${#string}" -lt "$min_length" ]]; then
|
||||
echo "string length is less than $min_length"
|
||||
return 1
|
||||
fi
|
||||
if [[ "$max_length" -ge 0 ]] && [[ "${#string}" -gt "$max_length" ]]; then
|
||||
echo "string length is great than $max_length"
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
Reference in New Issue
Block a user