diff --git a/.dockerignore b/.dockerignore index c0b11c0..4df4001 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,7 +1,6 @@ .git .gitignore -./alpine ./Makefile *.yml diff --git a/Makefile b/Makefile index a9cd8a3..f85a844 100644 --- a/Makefile +++ b/Makefile @@ -1,41 +1,42 @@ -# Ver: 1.7 by Endial Fang (endial@126.com) +# Ver: 1.11 by Endial Fang (endial@126.com) # # 当前 Docker 镜像的编译脚本 -registry_url :=registry.cn-shenzhen.aliyuncs.com -app_name :=colovu/redis-cluster +# 定义镜像名称 +image_name :=colovu/redis-cluster -# 生成镜像TAG,类似: -# <镜像名>:<分支名>- # Git 仓库且无文件修改直接编译 +# 定义默认镜像仓库地址 +registry_url :=docker.io + +# 定义系统默认使用的源服务器,包含:default / tencent / ustc / aliyun / huawei +apt_source :=tencent + +# 定义镜像TAG,类似: +# <镜像名>:<分支名>-<7位Git ID> # Git 仓库且无文件修改直接编译 # <镜像名>:<分支名>-<年月日>-<时分秒> # Git 仓库有文件修改后的编译 # <镜像名>:latest-<年月日>-<时分秒> # 非 Git 仓库编译 current_subversion:=$(shell if [ ! `git status >/dev/null 2>&1` ]; then git rev-parse --short HEAD; else date +%y%m%d-%H%M%S; fi) -current_tag:=local-$(shell if [ ! `git status >/dev/null 2>&1` ]; then git rev-parse --abbrev-ref HEAD | sed -e 's/master/latest/'; else echo "latest"; fi)-$(current_subversion) +image_tag:=$(shell if [ ! `git status >/dev/null 2>&1` ]; then git rev-parse --abbrev-ref HEAD | sed -e 's/master/latest/'; else echo "latest"; fi)-$(current_subversion) -# Sources List: default / tencent / ustc / aliyun / huawei -build-arg:=--build-arg apt_source=tencent +build-arg:=--build-arg registry_url=$(registry_url) +build-arg+=--build-arg apt_source=$(apt_source) # 设置本地下载服务器路径,加速调试时的本地编译速度 -local_ip:=`echo "en0 eth0" |xargs -n1 ip addr show 2>/dev/null|grep inet|grep -v 127.0.0.1|grep -v inet6|tr "/" " "|awk '{print $$2}'` +local_ip:=`echo "en0 eth0" | xargs -n1 ip addr show 2>/dev/null | grep inet | grep -v 127.0.0.1 | grep -v inet6 | tr "/" " " | awk '{print $$2}'` build-arg+=--build-arg local_url=http://$(local_ip)/dist-files -.PHONY: build build-debian build-alpine clean clearclean upgrade +.PHONY: build clean clearclean upgrade -build: build-alpine build-debian +# 屏蔽 "Use 'docker scan' to run Snyk tests against images to find vulnerabilities and learn how to fix them" +export DOCKER_SCAN_SUGGEST=false + +build: + @echo "Build $(image_name):$(image_tag)" + @docker build --progress plain --force-rm $(build-arg) -t $(image_name):$(image_tag) . + @echo "Add tag: $(image_name):latest" + @docker tag $(image_name):$(image_tag) $(image_name):latest @echo "Build complete" -build-debian: - @echo "Build $(app_name):$(current_tag)" - @docker build --force-rm $(build-arg) -t $(app_name):$(current_tag) . - @echo "Add tag: $(app_name):local-latest" - @docker tag $(app_name):$(current_tag) $(app_name):local-latest - -build-alpine: - @echo "Build $(app_name):$(current_tag)-alpine" - @docker build --force-rm $(build-arg) -t $(app_name):$(current_tag)-alpine ./alpine - @echo "Add tag: $(app_name):local-latest-alpine" - @docker tag $(app_name):$(current_tag)-alpine $(app_name):local-latest-alpine - # 清理悬空的镜像(无TAG)及停止的容器 clearclean: clean @echo "Clean untaged images and stoped containers..." @@ -45,9 +46,10 @@ clearclean: clean # 为了防止删除前缀名相同的镜像,在过滤条件中加入一个空格进行过滤 clean: @echo "Clean all images for current application..." - @docker images | grep "$(app_name) " | awk '{print $$3}' | sort -u | xargs -L 1 docker rmi -f + @docker images | grep "$(image_name) " | awk '{print $$3}' | sort -u | xargs -L 1 docker rmi -f # 更新所有 colovu 仓库的镜像 upgrade: @echo "Upgrade all images..." @docker images | grep 'colovu' | grep -v '' | grep -v "latest-" | awk '{print $$1":"$$2}' | sort -u | xargs -L 1 docker pull + diff --git a/alpine/Dockerfile b/alpine/Dockerfile deleted file mode 100644 index bc28829..0000000 --- a/alpine/Dockerfile +++ /dev/null @@ -1,119 +0,0 @@ -# Ver: 1.3 by Endial Fang (endial@126.com) -# - -# 预处理 ========================================================================= -FROM colovu/abuilder as builder - -# sources.list 可使用版本:default / tencent / ustc / aliyun / huawei -ARG apt_source=default - -# 编译镜像时指定用于加速的本地服务器地址 -ARG local_url="" - -ENV APP_NAME=redis \ - APP_VERSION=6.0.8 - -RUN select_source ${apt_source}; -#RUN install_pkg xz-utils - -# 下载并解压软件包 -RUN set -eux; \ - appName="${APP_NAME}-${APP_VERSION}.tar.gz"; \ - sha256="04fa1fddc39bd1aecb6739dd5dd73858a3515b427acd1e2947a66dadce868d68"; \ - [ ! -z ${local_url} ] && localURL=${local_url}/${APP_NAME}; \ - appUrls="${localURL:-} \ - http://download.redis.io/releases \ - "; \ - download_pkg unpack ${appName} "${appUrls}" -s "${sha256}"; - -# 源码编译: 编译后将配置文件模板拷贝至 /usr/local/${APP_NAME}/share/${APP_NAME} 中 -RUN set -eux; \ - APP_SRC="/usr/local/${APP_NAME}-${APP_VERSION}"; \ - cd ${APP_SRC}; \ -# 禁用安全保护模式,在 Docker 中运行时不需要 - grep -E '^ *createBoolConfig[(]"protected-mode",.*, *1 *,.*[)],$' ./src/config.c; \ - sed -ri 's!^( *createBoolConfig[(]"protected-mode",.*, *)1( *,.*[)],)$!\10\2!' ./src/config.c; \ - grep -E '^ *createBoolConfig[(]"protected-mode",.*, *0 *,.*[)],$' ./src/config.c; \ - make MALLOC=libc BUILD_TLS=yes \ - -j "$(nproc)" all; \ - make PREFIX=/usr/local/${APP_NAME} install; \ -# 删除重复的应用程序,并生成对应的连接 - serverMd5="$(md5sum /usr/local/redis/bin/redis-server | cut -d' ' -f1)"; export serverMd5; \ - find /usr/local/redis/bin/redis* -maxdepth 0 \ - -type f -not -name redis-server \ - -exec sh -eux -c ' \ - md5="$(md5sum "$1" | cut -d" " -f1)"; \ - test "$md5" = "$serverMd5"; \ - ' -- '{}' ';' \ - -exec ln -svfT 'redis-server' '{}' ';' ; - -# 删除编译生成的多余文件 -RUN set -eux; \ - find /usr/local -name '*.a' -delete; \ - rm -rf /usr/local/${APP_NAME}/include; - -# 检测并生成依赖文件记录 -RUN set -eux; \ - scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/${APP_NAME} | \ - tr ',' '\n' | \ - sort -u | \ - awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } \ - { print "so:" $1 }' >/usr/local/${APP_NAME}/runDeps; - -# 镜像生成 ======================================================================== -FROM colovu/alpine:3.12 - -ARG apt_source=default -ARG local_url="" - -ENV APP_NAME=redis \ - APP_USER=redis \ - APP_EXEC=run.sh \ - APP_VERSION=6.0.8 - -ENV APP_HOME_DIR=/usr/local/${APP_NAME} \ - APP_DEF_DIR=/etc/${APP_NAME} - -ENV PATH="${APP_HOME_DIR}/bin:${PATH}" \ - LD_LIBRARY_PATH="${APP_HOME_DIR}/lib" - -LABEL \ - "Version"="v${APP_VERSION}" \ - "Description"="Docker image for ${APP_NAME}(v${APP_VERSION})." \ - "Dockerfile"="https://github.com/colovu/docker-${APP_NAME}" \ - "Vendor"="Endial Fang (endial@126.com)" - -# 选择软件包源 -RUN select_source ${apt_source} - -COPY customer / -RUN create_user && prepare_env - -# 从预处理过程中拷贝软件包(Optional) -COPY --from=builder /usr/local/${APP_NAME}/ /usr/local/${APP_NAME} -COPY --from=builder /usr/local/${APP_NAME}-${APP_VERSION}/*.conf /etc/${APP_NAME}/ - -# 安装依赖的软件包及库(Optional) -RUN install_pkg `cat /usr/local/${APP_NAME}/runDeps`; -RUN install_pkg netcat-openbsd; - -# 执行预处理脚本,并验证安装的软件包 -RUN set -eux; \ - override_file="/usr/local/overrides/overrides-${APP_VERSION}.sh"; \ - [ -e "${override_file}" ] && /bin/bash "${override_file}"; \ - gosu ${APP_USER} redis-cli --version; \ - gosu ${APP_USER} redis-server --version; \ - gosu --version; - -# 默认提供的数据卷 -VOLUME ["/srv/conf", "/srv/data", "/srv/datalog", "/srv/cert", "/var/log"] - -# 默认使用gosu切换为新建用户启动,必须保证端口在1024之上 -EXPOSE 6379 - -# 容器初始化命令,默认存放在:/usr/local/bin/entry.sh -ENTRYPOINT ["entry.sh"] - -# 应用程序的服务命令,必须使用非守护进程方式运行。如果使用变量,则该变量必须在运行环境中存在(ENV可以获取) -CMD ["${APP_EXEC}"] - diff --git a/alpine/customer/usr/local/bin/comm-env.sh b/alpine/customer/usr/local/bin/comm-env.sh deleted file mode 100644 index 3b0216c..0000000 --- a/alpine/customer/usr/local/bin/comm-env.sh +++ /dev/null @@ -1,84 +0,0 @@ -#!/bin/bash -# Ver: 1.0 by Endial Fang (endial@126.com) -# -# 应用环境变量定义及初始化 - -# 通用设置 -export ENV_DEBUG=${ENV_DEBUG:-false} -export ALLOW_ANONYMOUS_LOGIN="${ALLOW_ANONYMOUS_LOGIN:-no}" - -# 通过读取变量名对应的 *_FILE 文件,获取变量值;如果对应文件存在,则通过传入参数设置的变量值会被文件中对应的值覆盖 -# 变量优先级: *_FILE > 传入变量 > 默认值 -redis_env_file_lists=( - REDIS_PASSWORD - REDIS_MASTER_PASSWORD -) -for env_var in "${redis_env_file_lists[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - fi -done -unset redis_env_file_lists - -# 应用路径参数 -export APP_HOME_DIR="/usr/local/${APP_NAME}" -export APP_DEF_DIR="/etc/${APP_NAME}" -export APP_CONF_DIR="/srv/conf/${APP_NAME}" -export APP_DATA_DIR="/srv/data/${APP_NAME}" -export APP_DATA_LOG_DIR="/srv/datalog/${APP_NAME}" -export APP_CACHE_DIR="/var/cache/${APP_NAME}" -export APP_RUN_DIR="/var/run/${APP_NAME}" -export APP_LOG_DIR="/var/log/${APP_NAME}" -export APP_CERT_DIR="/srv/cert/${APP_NAME}" - -# Paths -export REDIS_CONF_FILE="${APP_CONF_DIR}/redis.conf" -export REDIS_SENTINEL_FILE="${APP_CONF_DIR}/sentinel.conf" -export REDIS_PID_FILE="${APP_RUN_DIR}/redis.pid" - -# Redis settings -export REDIS_PORT="${REDIS_PORT:-6379}" -export REDIS_DISABLE_COMMANDS="${REDIS_DISABLE_COMMANDS:-}" -export REDIS_AOF_ENABLED="${REDIS_AOF_ENABLED:-yes}" - -# Cluster configuration -export REDIS_SENTINEL_HOST="${REDIS_SENTINEL_HOST:-}" -export REDIS_SENTINEL_MASTER_NAME="${REDIS_SENTINEL_MASTER_NAME:-}" -export REDIS_SENTINEL_PORT_NUMBER="${REDIS_SENTINEL_PORT_NUMBER:-26379}" - -export REDIS_MASTER_HOST="${REDIS_MASTER_HOST:-}" -export REDIS_MASTER_PORT_NUMBER="${REDIS_MASTER_PORT_NUMBER:-6379}" -export REDIS_MASTER_PASSWORD="${REDIS_MASTER_PASSWORD:-}" -export REDIS_REPLICATION_MODE="${REDIS_REPLICATION_MODE:-}" - -# Redis TLS Settings -export REDIS_TLS_ENABLED="${REDIS_TLS_ENABLED:-no}" -export REDIS_TLS_PORT="${REDIS_TLS_PORT:-6379}" -export REDIS_TLS_CERT_FILE="${REDIS_TLS_CERT_FILE:-}" -export REDIS_TLS_KEY_FILE="${REDIS_TLS_KEY_FILE:-}" -export REDIS_TLS_CA_FILE="${REDIS_TLS_CA_FILE:-}" -export REDIS_TLS_DH_PARAMS_FILE="${REDIS_TLS_DH_PARAMS_FILE:-}" -export REDIS_TLS_AUTH_CLIENTS="${REDIS_TLS_AUTH_CLIENTS:-yes}" - -# Authentication -export REDIS_PASSWORD="${REDIS_PASSWORD:-}" - -# 应用配置参数 - -# Redis Cluster settings -export REDIS_CLUSTER_CREATOR="${REDIS_CLUSTER_CREATOR:-no}" -export REDIS_CLUSTER_REPLICAS="${REDIS_CLUSTER_REPLICAS:-1}" -export REDIS_CLUSTER_NODES="${REDIS_CLUSTER_NODES:-}" -export REDIS_CLUSTER_DYNAMIC_IPS="${REDIS_CLUSTER_DYNAMIC_IPS:-yes}" -export REDIS_CLUSTER_ANNOUNCE_IP="${REDIS_CLUSTER_ANNOUNCE_IP:-}" -export REDIS_DNS_RETRIES="${REDIS_DNS_RETRIES:-120}" - -# 内部变量 - -# 个性化变量 -# 如果设置了用户密码,设置环境变量 REDISCLI_AUTH,用于 `redis-cli` 登录时使用;不显示输入,保证安全 -if [[ -n "${REDIS_PASSWORD}" ]]; then - export REDISCLI_AUTH="${REDIS_PASSWORD:-}" -fi diff --git a/alpine/customer/usr/local/bin/comm-redis-cluster.sh b/alpine/customer/usr/local/bin/comm-redis-cluster.sh deleted file mode 100644 index 3f30780..0000000 --- a/alpine/customer/usr/local/bin/comm-redis-cluster.sh +++ /dev/null @@ -1,175 +0,0 @@ -#!/bin/bash -# Ver: 1.0 by Endial Fang (endial@126.com) -# -# 集群应用通用业务处理函数 - -# 加载依赖脚本 -. /usr/local/scripts/libcommon.sh # 通用函数库 - -. /usr/local/scripts/libfile.sh -. /usr/local/scripts/libfs.sh -. /usr/local/scripts/libos.sh -. /usr/local/scripts/libnet.sh -. /usr/local/scripts/libservice.sh -. /usr/local/scripts/libvalidations.sh - -. /usr/local/bin/comm-redis.sh - -# 函数库 - -# 检测用户参数信息是否满足条件; 针对部分权限过于开放情况,打印提示信息 -redis_cluster_verify_minimum_env() { - LOG_D "Validating settings in REDIS_* env vars.." - local error_code=0 - - # Auxiliary functions - print_validation_error() { - LOG_E "$1" - error_code=1 - } - - empty_password_enabled_warn() { - LOG_W "You set the environment variable ALLOW_ANONYMOUS_LOGIN=${ALLOW_ANONYMOUS_LOGIN}. For safety reasons, do not use this flag in a production environment." - } - empty_password_error() { - print_validation_error "The $1 environment variable is empty or not set. Set the environment variable ALLOW_ANONYMOUS_LOGIN=yes to allow the container to be started with blank passwords. This is recommended only for development." - } - - if is_boolean_yes "$ALLOW_ANONYMOUS_LOGIN"; then - empty_password_enabled_warn - else - if ! is_boolean_yes "$REDIS_CLUSTER_CREATOR"; then - [[ -z "$REDIS_PASSWORD" ]] && empty_password_error REDIS_PASSWORD - fi - fi - - if ! is_boolean_yes "$REDIS_CLUSTER_DYNAMIC_IPS"; then - if ! is_boolean_yes "$REDIS_CLUSTER_CREATOR"; then - [[ -z "$REDIS_CLUSTER_ANNOUNCE_IP" ]] && print_validation_error "To provide external access you need to provide the REDIS_CLUSTER_ANNOUNCE_IP env var" - fi - fi - - [[ -z "$REDIS_CLUSTER_NODES" ]] && print_validation_error "REDIS_CLUSTER_NODES is required" - - if [[ -z "$REDIS_PORT" ]]; then - print_validation_error "REDIS_PORT cannot be empty" - fi - - if is_boolean_yes "$REDIS_CLUSTER_CREATOR"; then - [[ -z "$REDIS_CLUSTER_REPLICAS" ]] && print_validation_error "To create the cluster you need to provide the number of replicas" - fi - - [[ "$error_code" -eq 0 ]] || exit "$error_code" -} - -# 更新默认配置文件中配置项 -redis_cluster_override_conf() { - if ! (is_boolean_yes "$REDIS_CLUSTER_DYNAMIC_IPS" || is_boolean_yes "$REDIS_CLUSTER_CREATOR"); then - redis_conf_set cluster-announce-ip "$REDIS_CLUSTER_ANNOUNCE_IP" - fi - if is_boolean_yes "$REDIS_TLS_ENABLED"; then - redis_conf_set tls-cluster yes - redis_conf_set tls-replication yes - fi - - redis_conf_set cluster-enabled yes - redis_conf_set cluster-config-file "${APP_DATA_DIR}/nodes.conf" -} - -# 初始化 Redis 配置文件 -redis_cluster_default_init() { - # 执行应用预初始化操作 - redis_custom_preinit - - # 执行应用初始化操作 - redis_default_init - - # 执行用户自定义初始化脚本 - redis_custom_init - - redis_cluster_override_conf -} - -# 创建 Redis 集群 -# 参数: -# - $@ 主机名数组 -redis_cluster_create() { - local nodes=("$@") - local ips=() - local wait_command - local create_command - - for node in "${nodes[@]}"; do - if is_boolean_yes "$REDIS_TLS_ENABLED"; then - wait_command="redis-cli -h ${node} -p ${REDIS_TLS_PORT} --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} ping" - else - wait_command="redis-cli -h ${node} -p ${REDIS_PORT} ping" - fi - while [[ $($wait_command) != 'PONG' ]]; do - LOG_D "Node $node not ready, waiting for all the nodes to be ready..." - sleep 1 - done - ips+=($(dns_lookup "$node")) - done - - if is_boolean_yes "$REDIS_TLS_ENABLED"; then - create_command="redis-cli --cluster create ${ips[*]/%/:${REDIS_TLS_PORT}} --cluster-replicas ${REDIS_CLUSTER_REPLICAS} --cluster-yes --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE}" - else - create_command="redis-cli --cluster create ${ips[*]/%/:${REDIS_PORT}} --cluster-replicas ${REDIS_CLUSTER_REPLICAS} --cluster-yes" - fi - yes yes | $create_command || true - if redis_cluster_check "${ips[0]}"; then - LOG_I "Cluster correctly created" - else - LOG_I "The cluster was already created, the nodes should have recovered it" - fi -} - -# 检查集群状态是否正常 -# 参数: -# - $1: 集群中任一主机名 -redis_cluster_check() { - if is_boolean_yes "$REDIS_TLS_ENABLED"; then - local -r check=$(redis-cli --tls --cert "${REDIS_TLS_CERT_FILE}" --key "${REDIS_TLS_KEY_FILE}" --cacert "${REDIS_TLS_CA_FILE}" --cluster check "$1":"$REDIS_TLS_PORT") - else - local -r check=$(redis-cli --cluster check "$1":"$REDIS_PORT") - fi - if [[ $check =~ "All 16384 slots covered" ]]; then - true - else - false - fi -} - -# 当使用动态 IP 时,使用实际 IP 地址更新节点配置文件 node.conf -redis_cluster_update_ips() { - IFS=' ' read -ra nodes <<< "$REDIS_CLUSTER_NODES" - - # 定义 主机:IP 对应数组 - declare -A host_2_ip_array - - if [[ ! -f "${APP_DATA_DIR}/nodes.sh" ]]; then - # 新初始化的集群 - for node in "${nodes[@]}"; do - ip=$(wait_for_dns_lookup "$node" "$REDIS_DNS_RETRIES" 5) - host_2_ip_array["$node"]="$ip" - done - LOG_I "Storing map with hostnames and IPs" - declare -p host_2_ip_array > "${APP_DATA_DIR}/nodes.sh" - else - # 已启动的集群 - . "${APP_DATA_DIR}/nodes.sh" - # 更新配置文件 nodes.conf 中的 IP 地址信息 - for node in "${nodes[@]}"; do - newIP=$(wait_for_dns_lookup "$node" "$REDIS_DNS_RETRIES" 5) - # The node can be new if we are updating the cluster, so catch the unbound variable error - if [[ ${host_2_ip_array[$node]+true} ]]; then - LOG_I "Changing old IP ${host_2_ip_array[$node]} by the new one ${newIP}" - nodesFile=$(sed "s/${host_2_ip_array[$node]}/$newIP/g" "${APP_DATA_DIR}/nodes.conf") - echo "$nodesFile" > "${APP_DATA_DIR}/nodes.conf" - fi - host_2_ip_array["$node"]="$newIP" - done - declare -p host_2_ip_array > "${APP_DATA_DIR}/nodes.sh" - fi -} diff --git a/alpine/customer/usr/local/bin/comm-redis.sh b/alpine/customer/usr/local/bin/comm-redis.sh deleted file mode 100644 index 34c4845..0000000 --- a/alpine/customer/usr/local/bin/comm-redis.sh +++ /dev/null @@ -1,530 +0,0 @@ -#!/bin/bash -# Ver: 1.0 by Endial Fang (endial@126.com) -# -# 应用通用业务处理函数 - -# 加载依赖脚本 -. /usr/local/scripts/libcommon.sh # 通用函数库 - -. /usr/local/scripts/libfile.sh -. /usr/local/scripts/libfs.sh -. /usr/local/scripts/libos.sh -. /usr/local/scripts/libnet.sh -. /usr/local/scripts/libservice.sh -. /usr/local/scripts/libvalidations.sh - -# 函数列表 - -# 使用环境变量中以 "APP_CFG_" 开头的的全局变量更新配置文件中对应项(全小写,以"."分隔) -# 举例: -# APP_CFG_LOG_DIRS 对应配置文件中的配置项:log.dirs -redis_configure_from_env_variables() { - # Map environment variables to config properties - for var in "${!APP_CFG_@}"; do - key="$(echo "$var" | sed -e 's/^APP_CFG_//g' -e 's/_/\./g' | tr '[:upper:]' '[:lower:]')" - value="${!var}" - redis_conf_set "$key" "$value" - done -} - -# 将变量配置更新至配置文件 -# 参数: -# $1 - 文件 -# $2 - 变量 -# $3 - 值(列表) -redis_common_conf_set() { - local file="${1:?missing file}" - local key="${2:?missing key}" - shift - shift - local values=("$@") - - if [[ "${#values[@]}" -eq 0 ]]; then - LOG_E "missing value" - return 1 - elif [[ "${#values[@]}" -ne 1 ]]; then - for i in "${!values[@]}"; do - redis_common_conf_set "$file" "${key[$i]}" "${values[$i]}" - done - else - value="${values[0]}" - # Sanitize inputs - value="${value//\\/\\\\}" - value="${value//&/\\&}" - value="${value//\?/\\?}" - [[ "$value" = "" ]] && value="\"$value\"" - # Check if the value was set before - if grep -q "^[# ]*${key} .*" "$file"; then - # Update the existing key - replace_in_file "$file" "^[# ]*${key} .*" "${key} ${value}" false - else - # 增加一个新的配置项;如果在其他位置有类似操作,需要注意换行 - printf "\n%s %s" "$key" "$value" >>"$file" - fi - fi -} - -# 获取配置文件中指定关键字对应的值 -# 变量: -# $1 - 变量 -redis_conf_get() { - local key="${1:?missing key}" - - grep -E "^\s*$key " "${REDIS_CONF_FILE}" | awk '{print $2}' -} - -# 更新 redis.conf 配置文件中指定变量值,设置关键字及对应值 -# 变量: -# $1 - 变量 -# $2 - 值(列表) -redis_conf_set() { - redis_common_conf_set "${REDIS_CONF_FILE}" "$@" -} - -# 更新 sentinel.conf 配置文件中指定变量值,设置关键字及对应值 -# 变量: -# $1 - 变量 -# $2 - 值(列表) -redis_sentinel_conf_set() { - redis_common_conf_set "${REDIS_SENTINEL_FILE}" "$@" -} - -# 更新 redis.conf 配置文件中指定变量值,取消关键字设置信息 -# 变量: -# $1 - 变量 -redis_conf_unset() { - local key="${1:?missing key}" - remove_in_file "${REDIS_CONF_FILE}" "^\s*$key .*" false -} - -# 获取 Redis 版本信息 -redis_version() { - redis-cli --version | grep -E -o "[0-9]+.[0-9]+.[0-9]+" -} - -# 获取 Redis 主版本号 -redis_major_version() { - redis_version | grep -E -o "^[0-9]+" -} - -# 禁用 Redis 不安全的命令 -# 参数: -# $1 - 待禁用的命令列表 -redis_disable_unsafe_commands() { - # The current syntax gets a comma separated list of commands, we split them - # before passing to redis_disable_unsafe_commands - read -r -a disabledCommands <<< "$(tr ',' ' ' <<< "$REDIS_DISABLE_COMMANDS")" - LOG_D "Disabling commands: ${disabledCommands[*]}" - echo "" >> "${REDIS_CONF_FILE}" - for cmd in "${disabledCommands[@]}"; do - if grep -E -q "^\s*rename-command\s+$cmd\s+\"\"\s*$" "${REDIS_CONF_FILE}"; then - LOG_D "$cmd was already disabled" - continue - fi - echo "rename-command $cmd \"\"" >> "${REDIS_CONF_FILE}" - done -} - -# 生成默认配置文件 -redis_generate_conf() { - redis_conf_set port "$REDIS_PORT" - redis_conf_set dir "${APP_DATA_DIR}" - redis_conf_set logfile "${APP_LOG_DIR}/redis.log" # Log to stdout - redis_conf_set pidfile "${REDIS_PID_FILE}" - redis_conf_set daemonize no - redis_conf_set bind 127.0.0.1 # disallow remote connections when init - # Enable AOF https://redis.io/topics/persistence#append-only-file - # Leave default fsync (every second) - redis_conf_set appendonly "${REDIS_AOF_ENABLED}" - # Disable RDB persistence, AOF persistence already enabled. - # Ref: https://redis.io/topics/persistence#interactions-between-aof-and-rdb-persistence - redis_conf_set save "" - # TLS configuration - if is_boolean_yes "$REDIS_TLS_ENABLED"; then - if [[ "$REDIS_PORT" == "6379" ]] && [[ "$REDIS_TLS_PORT" == "6379" ]]; then - # If both ports are set to default values, enable TLS traffic only - redis_conf_set port 0 - redis_conf_set tls-port "$REDIS_TLS_PORT" - else - # Different ports were specified - redis_conf_set port "$REDIS_PORT" - redis_conf_set tls-port "$REDIS_TLS_PORT" - fi - redis_conf_set tls-cert-file "$REDIS_TLS_CERT_FILE" - redis_conf_set tls-key-file "$REDIS_TLS_KEY_FILE" - redis_conf_set tls-ca-cert-file "$REDIS_TLS_CA_FILE" - [[ -n "$REDIS_TLS_DH_PARAMS_FILE" ]] && redis_conf_set tls-dh-params-file "$REDIS_TLS_DH_PARAMS_FILE" - redis_conf_set tls-auth-clients "$REDIS_TLS_AUTH_CLIENTS" - fi - - if [[ -n "$REDIS_PASSWORD" ]]; then - redis_conf_set requirepass "$REDIS_PASSWORD" - else - redis_conf_unset requirepass - fi - if [[ -n "$REDIS_DISABLE_COMMANDS" ]]; then - redis_disable_unsafe_commands - fi -} - -# 配置 Redis 复制模式参数 -# 参数: -# $1 - 复制模式 -redis_configure_replication() { - LOG_I "Configuring replication mode..." - - redis_conf_set replica-announce-ip "$(get_machine_ip)" - redis_conf_set replica-announce-port "$REDIS_MASTER_PORT_NUMBER" - if [[ "$REDIS_REPLICATION_MODE" = "master" ]]; then - if [[ -n "$REDIS_PASSWORD" ]]; then - redis_conf_set masterauth "$REDIS_PASSWORD" - fi - elif [[ "$REDIS_REPLICATION_MODE" =~ ^(slave|replica)$ ]]; then - if [[ -n "$REDIS_SENTINEL_HOST" ]]; then - local sentinel_info_command - if is_boolean_yes "$REDIS_TLS_ENABLED"; then - sentinel_info_command="redis-cli -h ${REDIS_SENTINEL_HOST} -p ${REDIS_SENTINEL_PORT_NUMBER} --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} sentinel get-master-addr-by-name ${REDIS_SENTINEL_MASTER_NAME}" - else - sentinel_info_command="redis-cli -h ${REDIS_SENTINEL_HOST} -p ${REDIS_SENTINEL_PORT_NUMBER} sentinel get-master-addr-by-name ${REDIS_SENTINEL_MASTER_NAME}" - fi - REDIS_SENTINEL_INFO=($($sentinel_info_command)) - REDIS_MASTER_HOST=${REDIS_SENTINEL_INFO[0]} - REDIS_MASTER_PORT_NUMBER=${REDIS_SENTINEL_INFO[1]} - fi - LOG_I "Waitting for Redis Master ready..." - redis_wait_service "${REDIS_MASTER_HOST}:${REDIS_MASTER_PORT_NUMBER}" - [[ -n "$REDIS_MASTER_PASSWORD" ]] && redis_conf_set masterauth "$REDIS_MASTER_PASSWORD" - # Starting with Redis 5, use 'replicaof' instead of 'slaveof'. Maintaining both for backward compatibility - local parameter="replicaof" - [[ $(redis_major_version) -lt 5 ]] && parameter="slaveof" - redis_conf_set "$parameter" "$REDIS_MASTER_HOST $REDIS_MASTER_PORT_NUMBER" - # Configure replicas to use TLS for outgoing connections to the master - if is_boolean_yes "$REDIS_TLS_ENABLED"; then - redis_conf_set tls-replication yes - fi - fi -} - -# 检测用户参数信息是否满足条件; 针对部分权限过于开放情况,打印提示信息 -redis_verify_minimum_env() { - local error_code=0 - LOG_D "Validating settings in REDIS_* env vars..." - - print_validation_error() { - LOG_E "$1" - error_code=1 - } - - # Redis authentication validations - if is_boolean_yes "$ALLOW_ANONYMOUS_LOGIN"; then - LOG_W "You set the environment variable ALLOW_ANONYMOUS_LOGIN=${ALLOW_ANONYMOUS_LOGIN}. For safety reasons, do not use this flag in a production environment." - elif [[ -z "$REDIS_PASSWORD" ]]; then - print_validation_error "The REDIS_PASSWORD environment variable is empty or not set. Set the environment variable ALLOW_ANONYMOUS_LOGIN=yes to allow the container to be started with blank passwords. This is recommended only for development." - fi - - if [[ -n "$REDIS_REPLICATION_MODE" ]]; then - if [[ "$REDIS_REPLICATION_MODE" =~ ^(slave|replica)$ ]]; then - if [[ -n "$REDIS_MASTER_PORT_NUMBER" ]]; then - if ! err=$(validate_port "$REDIS_MASTER_PORT_NUMBER"); then - print_validation_error "An invalid port was specified in the environment variable REDIS_MASTER_PORT_NUMBER: $err" - fi - fi - if ! is_boolean_yes "$ALLOW_ANONYMOUS_LOGIN" && [[ -z "$REDIS_MASTER_PASSWORD" ]]; then - print_validation_error "The REDIS_MASTER_PASSWORD environment variable is empty or not set. Set the environment variable ALLOW_ANONYMOUS_LOGIN=yes to allow the container to be started with blank passwords. This is recommended only for development." - fi - elif [[ "$REDIS_REPLICATION_MODE" != "master" ]]; then - print_validation_error "Invalid replication mode. Available options are 'master/replica'" - fi - fi - - if is_boolean_yes "$REDIS_TLS_ENABLED"; then - if [[ "$REDIS_PORT" == "$REDIS_TLS_PORT" ]] && [[ "$REDIS_PORT" != "6379" ]]; then - # If both ports are assigned the same numbers and they are different to the default settings - print_validation_error "Enviroment variables REDIS_PORT and REDIS_TLS_PORT point to the same port number (${REDIS_PORT}). Change one of them or disable non-TLS traffic by setting REDIS_PORT=0" - fi - if [[ -z "$REDIS_TLS_CERT_FILE" ]]; then - print_validation_error "You must provide a X.509 certificate in order to use TLS" - elif [[ ! -f "$REDIS_TLS_CERT_FILE" ]]; then - print_validation_error "The X.509 certificate file in the specified path ${REDIS_TLS_CERT_FILE} does not exist" - fi - if [[ -z "$REDIS_TLS_KEY_FILE" ]]; then - print_validation_error "You must provide a private key in order to use TLS" - elif [[ ! -f "$REDIS_TLS_KEY_FILE" ]]; then - print_validation_error "The private key file in the specified path ${REDIS_TLS_KEY_FILE} does not exist" - fi - if [[ -z "$REDIS_TLS_CA_FILE" ]]; then - print_validation_error "You must provide a CA X.509 certificate in order to use TLS" - elif [[ ! -f "$REDIS_TLS_CA_FILE" ]]; then - print_validation_error "The CA X.509 certificate file in the specified path ${REDIS_TLS_CA_FILE} does not exist" - fi - if [[ -n "$REDIS_TLS_DH_PARAMS_FILE" ]] && [[ ! -f "$REDIS_TLS_DH_PARAMS_FILE" ]]; then - print_validation_error "The DH param file in the specified path ${REDIS_TLS_DH_PARAMS_FILE} does not exist" - fi - fi - - [[ "$error_code" -eq 0 ]] || exit "$error_code" -} - -# 更改默认监听地址为 "*" 或 "0.0.0.0",以对容器外提供服务;默认配置文件应当为仅监听 localhost(127.0.0.1) -redis_enable_remote_connections() { - LOG_D "Modify default config to enable all IP access" - - redis_conf_set daemonize no - redis_conf_set bind 0.0.0.0 # Allow remote connections -} - -# 检测依赖的服务端口是否就绪;该脚本依赖系统工具 'netcat' -# 参数: -# $1 - host:port -redis_wait_service() { - local serviceport=${1:?Missing server info} - local service=${serviceport%%:*} - local port=${serviceport#*:} - local retry_seconds=5 - local max_try=100 - let i=1 - - if [[ -z "$(which nc)" ]]; then - LOG_E "Nedd nc installed before, command: \"apk add netcat-openbsd\"." - exit 1 - fi - - LOG_I "[0/${max_try}] check for ${service}:${port}..." - - set +e - nc -z ${service} ${port} - result=$? - - until [ $result -eq 0 ]; do - LOG_D " [$i/${max_try}] not available yet" - if (( $i == ${max_try} )); then - LOG_E "${service}:${port} is still not available; giving up after ${max_try} tries." - exit 1 - fi - - LOG_I "[$i/${max_try}] try in ${retry_seconds}s once again ..." - let "i++" - sleep ${retry_seconds} - - nc -z ${service} ${port} - result=$? - done - - set -e - LOG_I "[$i/${max_try}] ${service}:${port} is available." -} - -# 以后台方式启动应用服务,并等待启动就绪 -redis_start_server_bg() { - redis_is_server_running && return - - LOG_I "Starting ${APP_NAME} in background..." - - if is_boolean_yes "${ENV_DEBUG}"; then - "redis-server" "${REDIS_CONF_FILE}" "--daemonize" "yes" - else - "redis-server" "${REDIS_CONF_FILE}" "--daemonize" "yes" >/dev/null 2>&1 - fi - - local counter=3 - while ! redis_is_server_running ; do - if [[ "$counter" -ne 0 ]]; then - break - fi - sleep 1; - counter=$((counter - 1)) - done - - # 通过命令或特定端口检测应用是否就绪 - LOG_I "Checking ${APP_NAME} ready status..." - #wait-for-port --timeout 60 "$REDIS_PORT" - - LOG_D "${APP_NAME} is ready for service..." -} - -# 停止应用服务 -redis_stop_server() { - redis_is_server_running || return - - local pass - local port - local args - LOG_I "Stopping ${APP_NAME}..." - - pass="$(redis_conf_get "requirepass")" - is_boolean_yes "$REDIS_TLS_ENABLED" && port="$(redis_conf_get "tls-port")" || port="$(redis_conf_get "port")" - - [[ -n "$pass" ]] && args+=("-a" "\"$pass\"") - [[ "$port" != "0" ]] && args+=("-p" "$port") - #args+=("--daemonize" "yes") - - if is_boolean_yes "${ENV_DEBUG}"; then - "redis-cli" "${args[@]}" shutdown - else - "redis-cli" "${args[@]}" shutdown >/dev/null 2>&1 - fi - - # 检测停止是否完成 - local counter=5 - while [[ "$counter" -ne 0 ]] && is_app_server_running; do - LOG_D "Waiting for ${APP_NAME} to stop..." - sleep 1 - counter=$((counter - 1)) - done -} - -# 检测应用服务是否在后台运行中 -redis_is_server_running() { - LOG_D "Check if ${APP_NAME} is running..." - local pid - pid="$(get_pid_from_file "${REDIS_PID_FILE}")" - - if [[ -z "${pid}" ]]; then - false - else - is_service_running "${pid}" - fi -} - -# 清理初始化应用时生成的临时文件 -redis_clean_tmp_file() { - LOG_D "Clean ${APP_NAME} tmp files for init..." - -} - -# 在重新启动容器时,删除标志文件及必须删除的临时文件 (容器重新启动) -redis_clean_from_restart() { - LOG_D "Clean ${APP_NAME} tmp files for restart..." - local -r -a files=( - "${REDIS_PID_FILE}" - ) - - for file in ${files[@]}; do - if [[ -f "$file" ]]; then - LOG_I "Cleaning stale $file file" - rm "$file" - fi - done -} - -# 应用默认初始化操作 -# 执行完毕后,生成文件 ${APP_CONF_DIR}/.app_init_flag 及 ${APP_DATA_DIR}/.data_init_flag 文件 -redis_default_init() { - redis_clean_from_restart - LOG_D "Check init status of ${APP_NAME}..." - - # 检测配置文件是否存在 - if [[ ! -f "${APP_CONF_DIR}/.app_init_flag" ]]; then - LOG_I "No injected configuration file found, creating default config files..." - redis_generate_conf - - # Configure Replication mode - if [[ -n "$REDIS_REPLICATION_MODE" ]]; then - redis_configure_replication - fi - - touch "${APP_CONF_DIR}/.app_init_flag" - echo "$(date '+%Y-%m-%d %H:%M:%S') : Init success." >> "${APP_CONF_DIR}/.app_init_flag" - else - LOG_I "User injected custom configuration detected!" - fi - - if [[ ! -f "${APP_DATA_DIR}/.data_init_flag" ]]; then - LOG_I "Deploying ${APP_NAME} from scratch..." - - # 启动后台服务 - #redis_start_server_bg - - - touch ${APP_DATA_DIR}/.data_init_flag - echo "$(date '+%Y-%m-%d %H:%M:%S') : Init success." >> ${APP_DATA_DIR}/.data_init_flag - else - LOG_I "Deploying ${APP_NAME} with persisted data..." - fi -} - -# 用户自定义的前置初始化操作,依次执行目录 preinitdb.d 中的初始化脚本 -# 执行完毕后,生成文件 ${APP_DATA_DIR}/.custom_preinit_flag -redis_custom_preinit() { - LOG_I "Check custom pre-init status of ${APP_NAME}..." - - # 检测用户配置文件目录是否存在 preinitdb.d 文件夹,如果存在,尝试执行目录中的初始化脚本 - if [ -d "/srv/conf/${APP_NAME}/preinitdb.d" ]; then - # 检测数据存储目录是否存在已初始化标志文件;如果不存在,检索可执行脚本文件并进行初始化操作 - if [[ -n $(find "/srv/conf/${APP_NAME}/preinitdb.d/" -type f -regex ".*\.\(sh\)") ]] && \ - [[ ! -f "${APP_DATA_DIR}/.custom_preinit_flag" ]]; then - LOG_I "Process custom pre-init scripts from /srv/conf/${APP_NAME}/preinitdb.d..." - - # 检索所有可执行脚本,排序后执行 - find "/srv/conf/${APP_NAME}/preinitdb.d/" -type f -regex ".*\.\(sh\)" | sort | process_init_files - - touch "${APP_DATA_DIR}/.custom_preinit_flag" - echo "$(date '+%Y-%m-%d %H:%M:%S') : Init success." >> "${APP_DATA_DIR}/.custom_preinit_flag" - LOG_I "Custom preinit for ${APP_NAME} complete." - else - LOG_I "Custom preinit for ${APP_NAME} already done before, skipping initialization." - fi - fi - - # 检测依赖的服务是否就绪 - #for i in ${SERVICE_PRECONDITION[@]}; do - # redis_wait_service "${i}" - #done -} - -# 用户自定义的应用初始化操作,依次执行目录initdb.d中的初始化脚本 -# 执行完毕后,生成文件 ${APP_DATA_DIR}/.custom_init_flag -redis_custom_init() { - LOG_I "Check custom initdb status of ${APP_NAME}..." - - # 检测用户配置文件目录是否存在 initdb.d 文件夹,如果存在,尝试执行目录中的初始化脚本 - if [ -d "/srv/conf/${APP_NAME}/initdb.d" ]; then - # 检测数据存储目录是否存在已初始化标志文件;如果不存在,检索可执行脚本文件并进行初始化操作 - if [[ -n $(find "/srv/conf/${APP_NAME}/initdb.d/" -type f -regex ".*\.\(sh\|sql\|sql.gz\)") ]] && \ - [[ ! -f "${APP_DATA_DIR}/.custom_init_flag" ]]; then - LOG_I "Process custom init scripts from /srv/conf/${APP_NAME}/initdb.d..." - - # 启动后台服务 - #redis_start_server_bg - - # 检索所有可执行脚本,排序后执行 - find "/srv/conf/${APP_NAME}/initdb.d/" -type f -regex ".*\.\(sh\|sql\|sql.gz\)" | sort | while read -r f; do - case "$f" in - *.sh) - if [[ -x "$f" ]]; then - LOG_D "Executing $f"; "$f" - else - LOG_D "Sourcing $f"; . "$f" - fi - ;; - *.sql) - LOG_D "Executing $f"; - postgresql_execute "${PG_DATABASE}" "${PG_INITSCRIPTS_USERNAME}" "${PG_INITSCRIPTS_PASSWORD}" < "$f" - ;; - *.sql.gz) - LOG_D "Executing $f"; - gunzip -c "$f" | postgresql_execute "${PG_DATABASE}" "${PG_INITSCRIPTS_USERNAME}" "${PG_INITSCRIPTS_PASSWORD}" - ;; - *) - LOG_D "Ignoring $f" ;; - esac - done - - touch "${APP_DATA_DIR}/.custom_init_flag" - echo "$(date '+%Y-%m-%d %H:%M:%S') : Init success." >> "${APP_DATA_DIR}/.custom_init_flag" - LOG_I "Custom init for ${APP_NAME} complete." - else - LOG_I "Custom init for ${APP_NAME} already done before, skipping initialization." - fi - fi - - # 检测服务是否运行中;如果运行,则停止后台服务 - redis_is_server_running && redis_stop_server - - # 删除第一次运行生成的临时文件 - redis_clean_tmp_file - - # 绑定所有 IP ,启用远程访问 - redis_enable_remote_connections -} - diff --git a/alpine/customer/usr/local/bin/entry.sh b/alpine/customer/usr/local/bin/entry.sh deleted file mode 100755 index 279d88f..0000000 --- a/alpine/customer/usr/local/bin/entry.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash -# Ver: 1.1 by Endial Fang (endial@126.com) -# -# 容器入口脚本 - -# 设置 shell 执行参数,可使用'-'(打开)'+'(关闭)控制。常用: -# -e: 命令执行错误则报错; -u: 变量未定义则报错; -x: 打印实际待执行的命令行; -o pipefail: 设置管道中命令遇到失败则报错 -set -eu -set -o pipefail - -. /usr/local/bin/comm-redis-cluster.sh # 应用专用函数库 - -. /usr/local/bin/comm-env.sh # 设置环境变量 - -LOG_I "** Processing entry.sh **" - -if ! is_sourced; then - # 替换命令行中的变量 - set -- $(eval echo "$@") - - [ "${1:0:1}" = '-' ] && set -- "${APP_EXEC:-}" "$@" - - print_image_welcome - print_command_help "$@" - - if [ "$1" = "${APP_EXEC}" ] && is_root; then - /usr/local/bin/setup.sh - - LOG_I "Restart with non-root user: ${APP_USER}\n" - exec gosu "${APP_USER}" "$0" "$@" - fi - - [ "$1" = "${APP_EXEC}" ] && /usr/local/bin/init.sh - - LOG_I "Start container with command: $@" - exec tini -- "$@" -fi diff --git a/alpine/customer/usr/local/bin/init.sh b/alpine/customer/usr/local/bin/init.sh deleted file mode 100755 index 5b9fe8b..0000000 --- a/alpine/customer/usr/local/bin/init.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash -# Ver: 1.1 by Endial Fang (endial@126.com) -# -# 应用初始化脚本 - -# 设置 shell 执行参数,可使用'-'(打开)'+'(关闭)控制。常用: -# -e: 命令执行错误则报错; -u: 变量未定义则报错; -x: 打印实际待执行的命令行; -o pipefail: 设置管道中命令遇到失败则报错 -set -eu -set -o pipefail - -. /usr/local/bin/comm-redis-cluster.sh # 应用专用函数库 - -. /usr/local/bin/comm-env.sh # 设置环境变量 - -LOG_I "** Processing init.sh **" - -trap "${APP_NAME}_stop_server" EXIT - -# 执行应用初始化操作 -redis_cluster_default_init - -if ! is_boolean_yes "$REDIS_CLUSTER_CREATOR" && is_boolean_yes "$REDIS_CLUSTER_DYNAMIC_IPS"; then - redis_cluster_update_ips -fi diff --git a/alpine/customer/usr/local/bin/run.sh b/alpine/customer/usr/local/bin/run.sh deleted file mode 100755 index 71ef5fc..0000000 --- a/alpine/customer/usr/local/bin/run.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash -# Ver: 1.1 by Endial Fang (endial@126.com) -# -# 应用启动脚本 - -# 设置 shell 执行参数,可使用'-'(打开)'+'(关闭)控制。常用: -# -e: 命令执行错误则报错; -u: 变量未定义则报错; -x: 打印实际待执行的命令行; -o pipefail: 设置管道中命令遇到失败则报错 -set -eu -set -o pipefail - -. /usr/local/bin/comm-redis-cluster.sh # 应用专用函数库 - -. /usr/local/bin/comm-env.sh # 设置环境变量 - -LOG_I "** Processing run.sh **" - -IFS=' ' read -ra nodes <<< "$REDIS_CLUSTER_NODES" - -if ! is_boolean_yes "$REDIS_CLUSTER_CREATOR"; then - # 配置默认启动参数(应用配置文件、前台方式启动) - flags=("${REDIS_CONF_FILE:-}" "--daemonize" "no") - # 将启动时使用 REDIS_EXTRA_FLAGS 指定的参数附加在启动参数中 - [[ -z "${REDIS_EXTRA_FLAGS:-}" ]] || flags+=("${REDIS_EXTRA_FLAGS[@]}") - # 将启动时的传入参数附加在参数中 - flags+=("$@") - - # 设置启动命令 - START_COMMAND=("redis-server") - - LOG_I "** Starting ${APP_NAME} **" - if is_root; then - exec gosu "${APP_USER}" "${START_COMMAND[@]}" "${flags[@]}" - else - exec "${START_COMMAND[@]}" "${flags[@]}" - fi -else - redis_cluster_create "${nodes[@]}" -fi diff --git a/alpine/customer/usr/local/bin/setup.sh b/alpine/customer/usr/local/bin/setup.sh deleted file mode 100755 index 00725c0..0000000 --- a/alpine/customer/usr/local/bin/setup.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash -# Ver: 1.1 by Endial Fang (endial@126.com) -# -# 应用环境及依赖文件设置脚本 - -# 设置 shell 执行参数,可使用'-'(打开)'+'(关闭)控制。常用: -# -e: 命令执行错误则报错; -u: 变量未定义则报错; -x: 打印实际待执行的命令行; -o pipefail: 设置管道中命令遇到失败则报错 -set -eu -set -o pipefail - -. /usr/local/bin/comm-redis-cluster.sh # 应用专用函数库 - -. /usr/local/bin/comm-env.sh # 设置环境变量 - -LOG_I "** Processing setup.sh **" - -APP_DIRS="${APP_CONF_DIR:-} ${APP_DATA_DIR:-} ${APP_LOG_DIR:-} ${APP_CERT_DIR:-} ${APP_DATA_LOG_DIR:-}" -LOG_I "Ensure directory exists: ${APP_DIRS}" -for dir in ${APP_DIRS}; do - ensure_dir_exists ${dir} -done - -redis_cluster_verify_minimum_env - -# 检测指定文件是否在配置文件存储目录存在,如果不存在则拷贝(新挂载数据卷、手动删除都会导致不存在) -LOG_I "Check config files in: ${APP_CONF_DIR}" -if [[ ! -z "$(ls -A "${APP_DEF_DIR}")" ]]; then - ensure_config_file_exist "${APP_DEF_DIR}" $(ls -A "${APP_DEF_DIR}") -fi - -LOG_I "Ensure directory ownership: ${APP_USER}" -for dir in ${APP_DIRS}; do - configure_permissions_ownership "$dir" -u "${APP_USER}" -g "${APP_USER}" -done - -# 解决使用gosu后,nginx: [emerg] open() "/dev/stdout" failed (13: Permission denied) -LOG_D "Change permissions of stdout/stderr to 0622" -chmod 0622 /dev/stdout /dev/stderr - -LOG_I "** Processing setup.sh finished! **" diff --git a/alpine/customer/usr/local/overrides/overrides-6.0.8.sh b/alpine/customer/usr/local/overrides/overrides-6.0.8.sh deleted file mode 100644 index e89e34b..0000000 --- a/alpine/customer/usr/local/overrides/overrides-6.0.8.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -e -# Ver: 1.0 by Endial Fang (endial@126.com) -# -# 在安装完应用后,使用该脚本修改默认配置文件中部分配置项; 如果相应的配置项已经定义为容器环境变量,则不需要在这里修改 - -# 定义要修改的文件 -CONF_FILE="${APP_DEF_DIR}/redis.conf" -echo "Process overrides for: ${CONF_FILE}" -# 修改默认配置信息 -sed -i -E 's/^#?bind .*/bind 127.0.0.1/g' "${CONF_FILE}" -sed -i -E 's/^#?daemonize .*/daemonize yes/g' "${CONF_FILE}" -sed -i -E 's/^#?pidfile .*/pidfile \/var\/run\/redis\/redis.pid/g' "${CONF_FILE}" -sed -i -E 's/^#?logfile .*/logfile \"\/var\/log\/redis\/redis.log\"/g' "${CONF_FILE}" - -SENTINEL_FILE="${APP_DEF_DIR}/sentinel.conf" -echo "Process overrides for: ${SENTINEL_FILE}" -# 修改 Sentinel 默认配置信息 -sed -i -E 's/^#?daemonize .*/daemonize yes/g' "${SENTINEL_FILE}" -sed -i -E 's/^#?pidfile .*/pidfile \/var\/run\/redis\/redis-sentinel.pid/g' "${SENTINEL_FILE}" -sed -i -E 's/^#?logfile .*/logfile \"\/var\/log\/redis\/redis-sentinel.log\"/g' "${SENTINEL_FILE}" diff --git a/alpine/customer/usr/sbin/create_user b/alpine/customer/usr/sbin/create_user deleted file mode 100755 index ff2dba0..0000000 --- a/alpine/customer/usr/sbin/create_user +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash -# shell 执行参数,分别为 -e(命令执行错误则退出脚本) -u(变量未定义则报错) -x(打印实际待执行的命令行) -set -eux -addgroup -g 998 -S ${APP_USER} -#adduser -G ${APP_USER} -u 999 -s /bin/bash -h /srv/data/${APP_NAME} -D -S ${APP_USER} -adduser -G ${APP_USER} -u 999 -s /usr/sbin/nologin -h /srv/data/${APP_NAME} -D -S ${APP_USER} - -# 如果需要 sudo 权限,需要安装 su 软件包:apk add sudo -#sed -i -e 's/^\sDefaults\s*secure_path\s*=/# Defaults secure_path=/' /etc/sudoers -#echo "${APP_USER} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers diff --git a/alpine/customer/usr/sbin/prepare_env b/alpine/customer/usr/sbin/prepare_env deleted file mode 100755 index 05ce3b1..0000000 --- a/alpine/customer/usr/sbin/prepare_env +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash -# shell 执行参数,分别为 -e(命令执行错误则退出脚本) -u(变量未定义则报错) -x(打印实际待执行的命令行) -set -eux - -APP_DIRS=" \ - /usr/local/${APP_NAME} \ - /etc/${APP_NAME} \ - /srv/conf/${APP_NAME} \ - /srv/data/${APP_NAME} \ - /srv/datalog/${APP_NAME} \ - /var/cache/${APP_NAME} \ - /var/run/${APP_NAME} \ - /var/log/${APP_NAME} \ - /srv/cert/${APP_NAME}" - -mkdir -p ${APP_DIRS} -chown -Rf ${APP_USER}:${APP_USER} ${APP_DIRS};