[feat:6.0]增加alpine系统镜像
This commit is contained in:
@@ -0,0 +1,124 @@
|
||||
# Ver: 1.2 by Endial Fang (endial@126.com)
|
||||
#
|
||||
|
||||
# 预处理 =========================================================================
|
||||
FROM colovu/abuilder as builder
|
||||
|
||||
# sources.list 可使用版本:default / tencent / ustc / aliyun / huawei
|
||||
ARG apt_source=default
|
||||
|
||||
# 编译镜像时指定用于加速的本地服务器地址
|
||||
ARG local_url=""
|
||||
|
||||
WORKDIR /usr/local
|
||||
|
||||
RUN select_source ${apt_source};
|
||||
#RUN install_pkg xz-utils
|
||||
|
||||
# 下载并解压软件包
|
||||
RUN set -eux; \
|
||||
appVersion=1.0.0; \
|
||||
appName="wait-for-port-${appVersion}-1-linux-amd64-debian-10.tar.gz"; \
|
||||
[ ! -z ${local_url} ] && localURL=${local_url}/bitnami; \
|
||||
appUrls="${localURL:-} \
|
||||
https://downloads.bitnami.com/files/stacksmith \
|
||||
"; \
|
||||
download_pkg unpack ${appName} "${appUrls}"; \
|
||||
chmod +x /usr/local/wait-for-port-1.0.0-1-linux-amd64-debian-10/files/common/bin/wait-for-port;
|
||||
|
||||
RUN set -eux; \
|
||||
appVersion=6.0.5; \
|
||||
appName="redis-${appVersion}.tar.gz"; \
|
||||
sha256="42cf86a114d2a451b898fcda96acd4d01062a7dbaaad2801d9164a36f898f596"; \
|
||||
[ ! -z ${local_url} ] && localURL=${local_url}/redis; \
|
||||
appUrls="${localURL:-} \
|
||||
http://download.redis.io/releases \
|
||||
"; \
|
||||
download_pkg unpack ${appName} "${appUrls}" -s "${sha256}"; \
|
||||
mkdir -p /usr/local/redis; \
|
||||
cd /usr/local/redis-${appVersion}; \
|
||||
# 禁用安全保护模式,在 Docker 中运行时不需要
|
||||
grep -E '^ *createBoolConfig[(]"protected-mode",.*, *1 *,.*[)],$' /usr/local/redis-${appVersion}/src/config.c; \
|
||||
sed -ri 's!^( *createBoolConfig[(]"protected-mode",.*, *)1( *,.*[)],)$!\10\2!' /usr/local/redis-${appVersion}/src/config.c; \
|
||||
grep -E '^ *createBoolConfig[(]"protected-mode",.*, *0 *,.*[)],$' /usr/local/redis-${appVersion}/src/config.c; \
|
||||
make MALLOC=libc BUILD_TLS=yes \
|
||||
-j "$(nproc)" all; \
|
||||
make PREFIX=/usr/local/redis install; \
|
||||
\
|
||||
# 删除重复的应用程序,并生成对应的连接
|
||||
serverMd5="$(md5sum /usr/local/redis/bin/redis-server | cut -d' ' -f1)"; export serverMd5; \
|
||||
find /usr/local/redis/bin/redis* -maxdepth 0 \
|
||||
-type f -not -name redis-server \
|
||||
-exec sh -eux -c ' \
|
||||
md5="$(md5sum "$1" | cut -d" " -f1)"; \
|
||||
test "$md5" = "$serverMd5"; \
|
||||
' -- '{}' ';' \
|
||||
-exec ln -svfT 'redis-server' '{}' ';' ;
|
||||
|
||||
|
||||
|
||||
#find /usr/local/redis/bin -type f -executable -exec ldd '{}' ';' | awk '/=>/ { print $(NF-1) }' | sort -u | xargs -r dpkg-query --search | cut -d: -f1 | sort -u
|
||||
|
||||
# 镜像生成 ========================================================================
|
||||
FROM colovu/alpine:3.12
|
||||
|
||||
ARG apt_source=default
|
||||
ARG local_url=""
|
||||
|
||||
ENV APP_NAME=redis \
|
||||
APP_USER=redis \
|
||||
APP_EXEC=redis-server \
|
||||
APP_VERSION=6.0.5
|
||||
|
||||
ENV APP_HOME_DIR=/usr/local/${APP_NAME} \
|
||||
APP_DEF_DIR=/etc/${APP_NAME} \
|
||||
APP_CONF_DIR=/srv/conf/${APP_NAME} \
|
||||
APP_DATA_DIR=/srv/data/${APP_NAME} \
|
||||
APP_DATA_LOG_DIR=/srv/datalog/${APP_NAME} \
|
||||
APP_CACHE_DIR=/var/cache/${APP_NAME} \
|
||||
APP_RUN_DIR=/var/run/${APP_NAME} \
|
||||
APP_LOG_DIR=/var/log/${APP_NAME} \
|
||||
APP_CERT_DIR=/srv/cert/${APP_NAME}
|
||||
|
||||
ENV \
|
||||
PATH="${APP_HOME_DIR}/bin:${PATH}"
|
||||
|
||||
LABEL \
|
||||
"Version"="v${APP_VERSION}" \
|
||||
"Description"="Docker image for ${APP_NAME}(v${APP_VERSION})." \
|
||||
"Dockerfile"="https://github.com/colovu/docker-${APP_NAME}" \
|
||||
"Vendor"="Endial Fang (endial@126.com)"
|
||||
|
||||
COPY customer /
|
||||
|
||||
# 以包管理方式安装软件包(Optional)
|
||||
#RUN select_source ${apt_source}
|
||||
RUN install_pkg openssl
|
||||
|
||||
RUN create_user && prepare_env
|
||||
|
||||
# 从预处理过程中拷贝软件包(Optional)
|
||||
COPY --from=builder /usr/local/wait-for-port-1.0.0-1-linux-amd64-debian-10/files/common/bin/ /usr/local/bin/
|
||||
COPY --from=builder /usr/local/redis /usr/local/redis
|
||||
COPY --from=builder /usr/local/redis-${APP_VERSION}/*.conf ${APP_DEF_DIR}/
|
||||
|
||||
# 执行预处理脚本,并验证安装的软件包
|
||||
RUN set -eux; \
|
||||
override_file="/usr/local/overrides/overrides-${APP_VERSION}.sh"; \
|
||||
[ -e "${override_file}" ] && /bin/bash "${override_file}"; \
|
||||
gosu ${APP_USER} redis-cli --version; \
|
||||
gosu ${APP_USER} redis-server --version; \
|
||||
:;
|
||||
|
||||
# 默认提供的数据卷
|
||||
VOLUME ["/srv/conf", "/srv/data", "/srv/datalog", "/srv/cert", "/var/log"]
|
||||
|
||||
# 默认使用gosu切换为新建用户启动,必须保证端口在1024之上
|
||||
EXPOSE 6379
|
||||
|
||||
# 容器初始化命令,默认存放在:/usr/local/bin/entry.sh
|
||||
ENTRYPOINT ["entry.sh"]
|
||||
|
||||
# 应用程序的服务命令,必须使用非守护进程方式运行。如果使用变量,则该变量必须在运行环境中存在(ENV可以获取)
|
||||
CMD ["${APP_EXEC}", "${REDIS_CONF_FILE}"]
|
||||
|
||||
@@ -0,0 +1,533 @@
|
||||
#!/bin/bash
|
||||
# Ver: 1.0 by Endial Fang (endial@126.com)
|
||||
#
|
||||
# 应用通用业务处理函数
|
||||
|
||||
# 加载依赖脚本
|
||||
. /usr/local/scripts/libcommon.sh # 通用函数库
|
||||
|
||||
. /usr/local/scripts/libfile.sh
|
||||
. /usr/local/scripts/libfs.sh
|
||||
. /usr/local/scripts/libos.sh
|
||||
. /usr/local/scripts/libservice.sh
|
||||
. /usr/local/scripts/libvalidations.sh
|
||||
|
||||
# 函数列表
|
||||
|
||||
# 加载应用使用的环境变量初始值,该函数在相关脚本中以 eval 方式调用
|
||||
# 全局变量:
|
||||
# ENV_* : 容器使用的全局变量
|
||||
# APP_* : 在镜像创建时定义的全局变量
|
||||
# *_* : 应用配置文件使用的全局变量,变量名根据配置项定义
|
||||
# 返回值:
|
||||
# 可以被 'eval' 使用的序列化输出
|
||||
app_env() {
|
||||
cat <<-'EOF'
|
||||
# Common Settings
|
||||
export ENV_DEBUG=${ENV_DEBUG:-false}
|
||||
export ALLOW_ANONYMOUS_LOGIN="${ALLOW_ANONYMOUS_LOGIN:-no}"
|
||||
|
||||
# Paths
|
||||
export REDIS_CONF_FILE="${APP_CONF_DIR}/redis.conf"
|
||||
export REDIS_SENTINEL_FILE="${APP_CONF_DIR}/sentinel.conf"
|
||||
export REDIS_PID_FILE="${APP_RUN_DIR}/redis.pid"
|
||||
|
||||
# Users
|
||||
|
||||
# Redis settings
|
||||
export REDIS_PORT="${REDIS_PORT:-6379}"
|
||||
export REDIS_DISABLE_COMMANDS="${REDIS_DISABLE_COMMANDS:-}"
|
||||
export REDIS_AOF_ENABLED="${REDIS_AOF_ENABLED:-yes}"
|
||||
|
||||
# Cluster configuration
|
||||
export REDIS_SENTINEL_HOST="${REDIS_SENTINEL_HOST:-}"
|
||||
export REDIS_SENTINEL_MASTER_NAME="${REDIS_SENTINEL_MASTER_NAME:-}"
|
||||
export REDIS_SENTINEL_PORT_NUMBER="${REDIS_SENTINEL_PORT_NUMBER:-26379}"
|
||||
|
||||
export REDIS_MASTER_HOST="${REDIS_MASTER_HOST:-}"
|
||||
export REDIS_MASTER_PORT_NUMBER="${REDIS_MASTER_PORT_NUMBER:-6379}"
|
||||
export REDIS_MASTER_PASSWORD="${REDIS_MASTER_PASSWORD:-}"
|
||||
export REDIS_REPLICATION_MODE="${REDIS_REPLICATION_MODE:-}"
|
||||
|
||||
# Redis TLS Settings
|
||||
export REDIS_TLS_ENABLED="${REDIS_TLS_ENABLED:-no}"
|
||||
export REDIS_TLS_PORT="${REDIS_TLS_PORT:-6379}"
|
||||
export REDIS_TLS_CERT_FILE="${REDIS_TLS_CERT_FILE:-}"
|
||||
export REDIS_TLS_KEY_FILE="${REDIS_TLS_KEY_FILE:-}"
|
||||
export REDIS_TLS_CA_FILE="${REDIS_TLS_CA_FILE:-}"
|
||||
export REDIS_TLS_DH_PARAMS_FILE="${REDIS_TLS_DH_PARAMS_FILE:-}"
|
||||
export REDIS_TLS_AUTH_CLIENTS="${REDIS_TLS_AUTH_CLIENTS:-yes}"
|
||||
|
||||
# Authentication
|
||||
export REDIS_PASSWORD="${REDIS_PASSWORD:-}"
|
||||
EOF
|
||||
|
||||
# 利用 *_FILE 设置密码,不在配置命令中设置密码,增强安全性
|
||||
if [[ -f "${REDIS_PASSWORD_FILE:-}" ]]; then
|
||||
cat <<"EOF"
|
||||
export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
|
||||
EOF
|
||||
fi
|
||||
|
||||
if [[ -f "${REDIS_MASTER_PASSWORD_FILE:-}" ]]; then
|
||||
cat <<"EOF"
|
||||
export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
|
||||
EOF
|
||||
fi
|
||||
|
||||
# 如果设置了用户密码,设置环境变量 REDISCLI_AUTH,用于 `redis-cli` 登录时使用;不显示输入,保证安全
|
||||
if [[ -n "${REDIS_PASSWORD}" ]]; then
|
||||
cat <<"EOF"
|
||||
export REDISCLI_AUTH=${REDIS_PASSWORD}
|
||||
EOF
|
||||
fi
|
||||
}
|
||||
|
||||
# 将变量配置更新至配置文件
|
||||
# 参数:
|
||||
# $1 - 文件
|
||||
# $2 - 变量
|
||||
# $3 - 值(列表)
|
||||
redis_common_conf_set() {
|
||||
local file="${1:?missing file}"
|
||||
local key="${2:?missing key}"
|
||||
shift
|
||||
shift
|
||||
local values=("$@")
|
||||
|
||||
if [[ "${#values[@]}" -eq 0 ]]; then
|
||||
LOG_E "missing value"
|
||||
return 1
|
||||
elif [[ "${#values[@]}" -ne 1 ]]; then
|
||||
for i in "${!values[@]}"; do
|
||||
redis_common_conf_set "$file" "${key[$i]}" "${values[$i]}"
|
||||
done
|
||||
else
|
||||
value="${values[0]}"
|
||||
# Sanitize inputs
|
||||
value="${value//\\/\\\\}"
|
||||
value="${value//&/\\&}"
|
||||
value="${value//\?/\\?}"
|
||||
[[ "$value" = "" ]] && value="\"$value\""
|
||||
# Check if the value was set before
|
||||
if grep -q "^[# ]*${key} .*" "$file"; then
|
||||
# Update the existing key
|
||||
replace_in_file "$file" "^[# ]*${key} .*" "${key} ${value}" false
|
||||
else
|
||||
# 增加一个新的配置项;如果在其他位置有类似操作,需要注意换行
|
||||
printf "\n%s %s" "$key" "$value" >>"$file"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
# 获取配置文件中指定关键字对应的值
|
||||
# 变量:
|
||||
# $1 - 变量
|
||||
redis_conf_get() {
|
||||
local key="${1:?missing key}"
|
||||
|
||||
grep -E "^\s*$key " "${REDIS_CONF_FILE}" | awk '{print $2}'
|
||||
}
|
||||
|
||||
# 更新 redis.conf 配置文件中指定变量值,设置关键字及对应值
|
||||
# 变量:
|
||||
# $1 - 变量
|
||||
# $2 - 值(列表)
|
||||
redis_conf_set() {
|
||||
redis_common_conf_set "${REDIS_CONF_FILE}" "$@"
|
||||
}
|
||||
|
||||
# 更新 sentinel.conf 配置文件中指定变量值,设置关键字及对应值
|
||||
# 变量:
|
||||
# $1 - 变量
|
||||
# $2 - 值(列表)
|
||||
redis_sentinel_conf_set() {
|
||||
redis_common_conf_set "${REDIS_SENTINEL_FILE}" "$@"
|
||||
}
|
||||
|
||||
# 更新 redis.conf 配置文件中指定变量值,取消关键字设置信息
|
||||
# 变量:
|
||||
# $1 - 变量
|
||||
redis_conf_unset() {
|
||||
local key="${1:?missing key}"
|
||||
remove_in_file "${REDIS_CONF_FILE}" "^\s*$key .*" false
|
||||
}
|
||||
|
||||
# 获取 Redis 版本信息
|
||||
redis_version() {
|
||||
redis-cli --version | grep -E -o "[0-9]+.[0-9]+.[0-9]+"
|
||||
}
|
||||
|
||||
# 获取 Redis 主版本号
|
||||
redis_major_version() {
|
||||
redis_version | grep -E -o "^[0-9]+"
|
||||
}
|
||||
|
||||
# 禁用 Redis 不安全的命令
|
||||
# 参数:
|
||||
# $1 - 待禁用的命令列表
|
||||
redis_disable_unsafe_commands() {
|
||||
# The current syntax gets a comma separated list of commands, we split them
|
||||
# before passing to redis_disable_unsafe_commands
|
||||
read -r -a disabledCommands <<< "$(tr ',' ' ' <<< "$REDIS_DISABLE_COMMANDS")"
|
||||
LOG_D "Disabling commands: ${disabledCommands[*]}"
|
||||
echo "" >> "${REDIS_CONF_FILE}"
|
||||
for cmd in "${disabledCommands[@]}"; do
|
||||
if grep -E -q "^\s*rename-command\s+$cmd\s+\"\"\s*$" "${REDIS_CONF_FILE}"; then
|
||||
LOG_D "$cmd was already disabled"
|
||||
continue
|
||||
fi
|
||||
echo "rename-command $cmd \"\"" >> "${REDIS_CONF_FILE}"
|
||||
done
|
||||
}
|
||||
|
||||
# 生成默认配置文件
|
||||
redis_generate_conf() {
|
||||
redis_conf_set port "$REDIS_PORT"
|
||||
redis_conf_set dir "${APP_DATA_DIR}"
|
||||
redis_conf_set logfile "${APP_LOG_DIR}/redis.log" # Log to stdout
|
||||
redis_conf_set pidfile "${REDIS_PID_FILE}"
|
||||
redis_conf_set daemonize no
|
||||
redis_conf_set bind 127.0.0.1 # disallow remote connections when init
|
||||
# Enable AOF https://redis.io/topics/persistence#append-only-file
|
||||
# Leave default fsync (every second)
|
||||
redis_conf_set appendonly "${REDIS_AOF_ENABLED}"
|
||||
# Disable RDB persistence, AOF persistence already enabled.
|
||||
# Ref: https://redis.io/topics/persistence#interactions-between-aof-and-rdb-persistence
|
||||
redis_conf_set save ""
|
||||
# TLS configuration
|
||||
if is_boolean_yes "$REDIS_TLS_ENABLED"; then
|
||||
if [[ "$REDIS_PORT" == "6379" ]] && [[ "$REDIS_TLS_PORT" == "6379" ]]; then
|
||||
# If both ports are set to default values, enable TLS traffic only
|
||||
redis_conf_set port 0
|
||||
redis_conf_set tls-port "$REDIS_TLS_PORT"
|
||||
else
|
||||
# Different ports were specified
|
||||
redis_conf_set port "$REDIS_PORT"
|
||||
redis_conf_set tls-port "$REDIS_TLS_PORT"
|
||||
fi
|
||||
redis_conf_set tls-cert-file "$REDIS_TLS_CERT_FILE"
|
||||
redis_conf_set tls-key-file "$REDIS_TLS_KEY_FILE"
|
||||
redis_conf_set tls-ca-cert-file "$REDIS_TLS_CA_FILE"
|
||||
[[ -n "$REDIS_TLS_DH_PARAMS_FILE" ]] && redis_conf_set tls-dh-params-file "$REDIS_TLS_DH_PARAMS_FILE"
|
||||
redis_conf_set tls-auth-clients "$REDIS_TLS_AUTH_CLIENTS"
|
||||
fi
|
||||
|
||||
if [[ -n "$REDIS_PASSWORD" ]]; then
|
||||
redis_conf_set requirepass "$REDIS_PASSWORD"
|
||||
else
|
||||
redis_conf_unset requirepass
|
||||
fi
|
||||
if [[ -n "$REDIS_DISABLE_COMMANDS" ]]; then
|
||||
redis_disable_unsafe_commands
|
||||
fi
|
||||
}
|
||||
|
||||
# 配置 Redis 复制模式参数
|
||||
# 参数:
|
||||
# $1 - 复制模式
|
||||
redis_configure_replication() {
|
||||
LOG_I "Configuring replication mode..."
|
||||
|
||||
redis_conf_set replica-announce-ip "$(get_machine_ip)"
|
||||
redis_conf_set replica-announce-port "$REDIS_MASTER_PORT_NUMBER"
|
||||
if [[ "$REDIS_REPLICATION_MODE" = "master" ]]; then
|
||||
if [[ -n "$REDIS_PASSWORD" ]]; then
|
||||
redis_conf_set masterauth "$REDIS_PASSWORD"
|
||||
fi
|
||||
elif [[ "$REDIS_REPLICATION_MODE" =~ ^(slave|replica)$ ]]; then
|
||||
if [[ -n "$REDIS_SENTINEL_HOST" ]]; then
|
||||
local sentinel_info_command
|
||||
if is_boolean_yes "$REDIS_TLS_ENABLED"; then
|
||||
sentinel_info_command="redis-cli -h ${REDIS_SENTINEL_HOST} -p ${REDIS_SENTINEL_PORT_NUMBER} --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} sentinel get-master-addr-by-name ${REDIS_SENTINEL_MASTER_NAME}"
|
||||
else
|
||||
sentinel_info_command="redis-cli -h ${REDIS_SENTINEL_HOST} -p ${REDIS_SENTINEL_PORT_NUMBER} sentinel get-master-addr-by-name ${REDIS_SENTINEL_MASTER_NAME}"
|
||||
fi
|
||||
REDIS_SENTINEL_INFO=($($sentinel_info_command))
|
||||
REDIS_MASTER_HOST=${REDIS_SENTINEL_INFO[0]}
|
||||
REDIS_MASTER_PORT_NUMBER=${REDIS_SENTINEL_INFO[1]}
|
||||
fi
|
||||
LOG_I "Waitting for Redis Master ready..."
|
||||
wait-for-port --host "$REDIS_MASTER_HOST" "$REDIS_MASTER_PORT_NUMBER"
|
||||
[[ -n "$REDIS_MASTER_PASSWORD" ]] && redis_conf_set masterauth "$REDIS_MASTER_PASSWORD"
|
||||
# Starting with Redis 5, use 'replicaof' instead of 'slaveof'. Maintaining both for backward compatibility
|
||||
local parameter="replicaof"
|
||||
[[ $(redis_major_version) -lt 5 ]] && parameter="slaveof"
|
||||
redis_conf_set "$parameter" "$REDIS_MASTER_HOST $REDIS_MASTER_PORT_NUMBER"
|
||||
# Configure replicas to use TLS for outgoing connections to the master
|
||||
if is_boolean_yes "$REDIS_TLS_ENABLED"; then
|
||||
redis_conf_set tls-replication yes
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
# 检测用户参数信息是否满足条件; 针对部分权限过于开放情况,打印提示信息
|
||||
app_verify_minimum_env() {
|
||||
local error_code=0
|
||||
LOG_D "Validating settings in REDIS_* env vars..."
|
||||
|
||||
# Auxiliary functions
|
||||
print_validation_error() {
|
||||
LOG_E "$1"
|
||||
error_code=1
|
||||
}
|
||||
|
||||
# Redis authentication validations
|
||||
if is_boolean_yes "$ALLOW_ANONYMOUS_LOGIN"; then
|
||||
LOG_W "You set the environment variable ALLOW_ANONYMOUS_LOGIN=${ALLOW_ANONYMOUS_LOGIN}. For safety reasons, do not use this flag in a production environment."
|
||||
elif [[ -z "$REDIS_PASSWORD" ]]; then
|
||||
print_validation_error "The REDIS_PASSWORD environment variable is empty or not set. Set the environment variable ALLOW_ANONYMOUS_LOGIN=yes to allow the container to be started with blank passwords. This is recommended only for development."
|
||||
fi
|
||||
|
||||
if [[ -n "$REDIS_REPLICATION_MODE" ]]; then
|
||||
if [[ "$REDIS_REPLICATION_MODE" =~ ^(slave|replica)$ ]]; then
|
||||
if [[ -n "$REDIS_MASTER_PORT_NUMBER" ]]; then
|
||||
if ! err=$(validate_port "$REDIS_MASTER_PORT_NUMBER"); then
|
||||
print_validation_error "An invalid port was specified in the environment variable REDIS_MASTER_PORT_NUMBER: $err"
|
||||
fi
|
||||
fi
|
||||
if ! is_boolean_yes "$ALLOW_ANONYMOUS_LOGIN" && [[ -z "$REDIS_MASTER_PASSWORD" ]]; then
|
||||
print_validation_error "The REDIS_MASTER_PASSWORD environment variable is empty or not set. Set the environment variable ALLOW_ANONYMOUS_LOGIN=yes to allow the container to be started with blank passwords. This is recommended only for development."
|
||||
fi
|
||||
elif [[ "$REDIS_REPLICATION_MODE" != "master" ]]; then
|
||||
print_validation_error "Invalid replication mode. Available options are 'master/replica'"
|
||||
fi
|
||||
fi
|
||||
|
||||
if is_boolean_yes "$REDIS_TLS_ENABLED"; then
|
||||
if [[ "$REDIS_PORT" == "$REDIS_TLS_PORT" ]] && [[ "$REDIS_PORT" != "6379" ]]; then
|
||||
# If both ports are assigned the same numbers and they are different to the default settings
|
||||
print_validation_error "Enviroment variables REDIS_PORT and REDIS_TLS_PORT point to the same port number (${REDIS_PORT}). Change one of them or disable non-TLS traffic by setting REDIS_PORT=0"
|
||||
fi
|
||||
if [[ -z "$REDIS_TLS_CERT_FILE" ]]; then
|
||||
print_validation_error "You must provide a X.509 certificate in order to use TLS"
|
||||
elif [[ ! -f "$REDIS_TLS_CERT_FILE" ]]; then
|
||||
print_validation_error "The X.509 certificate file in the specified path ${REDIS_TLS_CERT_FILE} does not exist"
|
||||
fi
|
||||
if [[ -z "$REDIS_TLS_KEY_FILE" ]]; then
|
||||
print_validation_error "You must provide a private key in order to use TLS"
|
||||
elif [[ ! -f "$REDIS_TLS_KEY_FILE" ]]; then
|
||||
print_validation_error "The private key file in the specified path ${REDIS_TLS_KEY_FILE} does not exist"
|
||||
fi
|
||||
if [[ -z "$REDIS_TLS_CA_FILE" ]]; then
|
||||
print_validation_error "You must provide a CA X.509 certificate in order to use TLS"
|
||||
elif [[ ! -f "$REDIS_TLS_CA_FILE" ]]; then
|
||||
print_validation_error "The CA X.509 certificate file in the specified path ${REDIS_TLS_CA_FILE} does not exist"
|
||||
fi
|
||||
if [[ -n "$REDIS_TLS_DH_PARAMS_FILE" ]] && [[ ! -f "$REDIS_TLS_DH_PARAMS_FILE" ]]; then
|
||||
print_validation_error "The DH param file in the specified path ${REDIS_TLS_DH_PARAMS_FILE} does not exist"
|
||||
fi
|
||||
fi
|
||||
|
||||
[[ "$error_code" -eq 0 ]] || exit "$error_code"
|
||||
}
|
||||
|
||||
# 更改默认监听地址为 "*" 或 "0.0.0.0",以对容器外提供服务;默认配置文件应当为仅监听 localhost(127.0.0.1)
|
||||
app_enable_remote_connections() {
|
||||
LOG_D "Modify default config to enable all IP access"
|
||||
|
||||
redis_conf_set daemonize no
|
||||
redis_conf_set bind 0.0.0.0 # Allow remote connections
|
||||
}
|
||||
|
||||
# 以后台方式启动应用服务,并等待启动就绪
|
||||
app_start_server_bg() {
|
||||
is_app_server_running && return
|
||||
|
||||
LOG_I "Starting ${APP_NAME} in background..."
|
||||
|
||||
if is_boolean_yes "${ENV_DEBUG}"; then
|
||||
"redis-server" "${REDIS_CONF_FILE}" "--daemonize" "yes"
|
||||
else
|
||||
"redis-server" "${REDIS_CONF_FILE}" "--daemonize" "yes" >/dev/null 2>&1
|
||||
fi
|
||||
|
||||
local counter=3
|
||||
while ! is_app_server_running ; do
|
||||
if [[ "$counter" -ne 0 ]]; then
|
||||
break
|
||||
fi
|
||||
sleep 1;
|
||||
counter=$((counter - 1))
|
||||
done
|
||||
|
||||
# 通过命令或特定端口检测应用是否就绪
|
||||
LOG_I "Checking ${APP_NAME} ready status..."
|
||||
#wait-for-port --timeout 60 "$REDIS_PORT_NUMBER"
|
||||
|
||||
LOG_D "${APP_NAME} is ready for service..."
|
||||
}
|
||||
|
||||
# 停止应用服务
|
||||
app_stop_server() {
|
||||
is_app_server_running || return
|
||||
|
||||
local pass
|
||||
local port
|
||||
local args
|
||||
LOG_I "Stopping ${APP_NAME}..."
|
||||
|
||||
pass="$(redis_conf_get "requirepass")"
|
||||
is_boolean_yes "$REDIS_TLS_ENABLED" && port="$(redis_conf_get "tls-port")" || port="$(redis_conf_get "port")"
|
||||
|
||||
[[ -n "$pass" ]] && args+=("-a" "\"$pass\"")
|
||||
[[ "$port" != "0" ]] && args+=("-p" "$port")
|
||||
#args+=("--daemonize" "yes")
|
||||
|
||||
if is_boolean_yes "${ENV_DEBUG}"; then
|
||||
"redis-cli" "${args[@]}" shutdown
|
||||
else
|
||||
"redis-cli" "${args[@]}" shutdown >/dev/null 2>&1
|
||||
fi
|
||||
|
||||
# 检测停止是否完成
|
||||
local counter=5
|
||||
while [[ "$counter" -ne 0 ]] && is_app_server_running; do
|
||||
LOG_D "Waiting for ${APP_NAME} to stop..."
|
||||
sleep 1
|
||||
counter=$((counter - 1))
|
||||
done
|
||||
}
|
||||
|
||||
# 检测应用服务是否在后台运行中
|
||||
is_app_server_running() {
|
||||
LOG_D "Check if ${APP_NAME} is running..."
|
||||
local pid
|
||||
pid="$(get_pid_from_file "${REDIS_PID_FILE}")"
|
||||
|
||||
if [[ -z "${pid}" ]]; then
|
||||
false
|
||||
else
|
||||
is_service_running "${pid}"
|
||||
fi
|
||||
}
|
||||
|
||||
# 清理初始化应用时生成的临时文件
|
||||
app_clean_tmp_file() {
|
||||
LOG_D "Clean ${APP_NAME} tmp files for init..."
|
||||
|
||||
}
|
||||
|
||||
# 在重新启动容器时,删除标志文件及必须删除的临时文件 (容器重新启动)
|
||||
app_clean_from_restart() {
|
||||
LOG_D "Clean ${APP_NAME} tmp files for restart..."
|
||||
local -r -a files=(
|
||||
"${REDIS_PID_FILE}"
|
||||
)
|
||||
|
||||
for file in ${files[@]}; do
|
||||
if [[ -f "$file" ]]; then
|
||||
LOG_I "Cleaning stale $file file"
|
||||
rm "$file"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
# 应用默认初始化操作
|
||||
# 执行完毕后,生成文件 ${APP_CONF_DIR}/.app_init_flag 及 ${APP_DATA_DIR}/.data_init_flag 文件
|
||||
app_default_init() {
|
||||
app_clean_from_restart
|
||||
LOG_D "Check init status of ${APP_NAME}..."
|
||||
|
||||
# 检测配置文件是否存在
|
||||
if [[ ! -f "${APP_CONF_DIR}/.app_init_flag" ]]; then
|
||||
LOG_I "No injected configuration file found, creating default config files..."
|
||||
redis_generate_conf
|
||||
|
||||
# Configure Replication mode
|
||||
if [[ -n "$REDIS_REPLICATION_MODE" ]]; then
|
||||
redis_configure_replication
|
||||
fi
|
||||
|
||||
touch ${APP_CONF_DIR}/.app_init_flag
|
||||
echo "$(date '+%Y-%m-%d %H:%M:%S') : Init success." >> ${APP_CONF_DIR}/.app_init_flag
|
||||
else
|
||||
LOG_I "User injected custom configuration detected!"
|
||||
fi
|
||||
|
||||
if [[ ! -f "${APP_DATA_DIR}/.data_init_flag" ]]; then
|
||||
LOG_I "Deploying ${APP_NAME} from scratch..."
|
||||
#app_start_server_bg
|
||||
|
||||
|
||||
touch ${APP_DATA_DIR}/.data_init_flag
|
||||
echo "$(date '+%Y-%m-%d %H:%M:%S') : Init success." >> ${APP_DATA_DIR}/.data_init_flag
|
||||
else
|
||||
LOG_I "Deploying ${APP_NAME} with persisted data..."
|
||||
fi
|
||||
}
|
||||
|
||||
# 用户自定义的前置初始化操作,依次执行目录 preinitdb.d 中的初始化脚本
|
||||
# 执行完毕后,生成文件 ${APP_DATA_DIR}/.custom_preinit_flag
|
||||
app_custom_preinit() {
|
||||
LOG_D "Check custom pre-init status of ${APP_NAME}..."
|
||||
|
||||
# 检测用户配置文件目录是否存在 preinitdb.d 文件夹,如果存在,尝试执行目录中的初始化脚本
|
||||
if [ -d "/srv/conf/${APP_NAME}/preinitdb.d" ]; then
|
||||
# 检测数据存储目录是否存在已初始化标志文件;如果不存在,检索可执行脚本文件并进行初始化操作
|
||||
if [[ -n $(find "/srv/conf/${APP_NAME}/preinitdb.d/" -type f -regex ".*\.\(sh\)") ]] && \
|
||||
[[ ! -f "${APP_DATA_DIR}/.custom_preinit_flag" ]]; then
|
||||
LOG_I "Process custom pre-init scripts from /srv/conf/${APP_NAME}/preinitdb.d..."
|
||||
|
||||
# 检索所有可执行脚本,排序后执行
|
||||
find "/srv/conf/${APP_NAME}/preinitdb.d/" -type f -regex ".*\.\(sh\)" | sort | process_init_files
|
||||
|
||||
touch ${APP_DATA_DIR}/.custom_preinit_flag
|
||||
echo "$(date '+%Y-%m-%d %H:%M:%S') : Init success." >> ${APP_DATA_DIR}/.custom_preinit_flag
|
||||
LOG_I "Custom preinit for ${APP_NAME} complete."
|
||||
else
|
||||
LOG_I "Custom preinit for ${APP_NAME} already done before, skipping initialization."
|
||||
fi
|
||||
fi
|
||||
|
||||
# 检测依赖的服务是否就绪
|
||||
#for i in ${SERVICE_PRECONDITION[@]}; do
|
||||
# app_wait_service "${i}"
|
||||
#done
|
||||
}
|
||||
|
||||
# 用户自定义的应用初始化操作,依次执行目录initdb.d中的初始化脚本
|
||||
# 执行完毕后,生成文件 ${APP_DATA_DIR}/.custom_init_flag
|
||||
app_custom_init() {
|
||||
LOG_D "Check custom init status of ${APP_NAME}..."
|
||||
|
||||
# 检测用户配置文件目录是否存在 initdb.d 文件夹,如果存在,尝试执行目录中的初始化脚本
|
||||
if [ -d "/srv/conf/${APP_NAME}/initdb.d" ]; then
|
||||
# 检测数据存储目录是否存在已初始化标志文件;如果不存在,检索可执行脚本文件并进行初始化操作
|
||||
if [[ -n $(find "/srv/conf/${APP_NAME}/initdb.d/" -type f -regex ".*\.\(sh\|sql\|sql.gz\)") ]] && \
|
||||
[[ ! -f "${APP_DATA_DIR}/.custom_init_flag" ]]; then
|
||||
LOG_I "Process custom init scripts from /srv/conf/${APP_NAME}/initdb.d..."
|
||||
|
||||
#app_start_server_bg
|
||||
|
||||
# 检索所有可执行脚本,排序后执行
|
||||
find "/srv/conf/${APP_NAME}/initdb.d/" -type f -regex ".*\.\(sh\|sql\|sql.gz\)" | sort | while read -r f; do
|
||||
case "$f" in
|
||||
*.sh)
|
||||
if [[ -x "$f" ]]; then
|
||||
LOG_D "Executing $f"; "$f"
|
||||
else
|
||||
LOG_D "Sourcing $f"; . "$f"
|
||||
fi
|
||||
;;
|
||||
*) LOG_D "Ignoring $f" ;;
|
||||
esac
|
||||
done
|
||||
|
||||
touch ${APP_DATA_DIR}/.custom_init_flag
|
||||
echo "$(date '+%Y-%m-%d %H:%M:%S') : Init success." >> ${APP_DATA_DIR}/.custom_init_flag
|
||||
LOG_I "Custom init for ${APP_NAME} complete."
|
||||
else
|
||||
LOG_I "Custom init for ${APP_NAME} already done before, skipping initialization."
|
||||
fi
|
||||
fi
|
||||
|
||||
# 检测服务是否运行中;如果运行,则停止后台服务
|
||||
is_app_server_running && app_stop_server
|
||||
|
||||
# 删除第一次运行生成的临时文件
|
||||
app_clean_tmp_file
|
||||
|
||||
# 绑定所有 IP ,启用远程访问
|
||||
app_enable_remote_connections
|
||||
}
|
||||
Executable
+36
@@ -0,0 +1,36 @@
|
||||
#!/bin/bash
|
||||
# Ver: 1.0 by Endial Fang (endial@126.com)
|
||||
#
|
||||
# 容器入口脚本
|
||||
|
||||
# 设置 shell 执行参数,可使用'-'(打开)'+'(关闭)控制。常用:
|
||||
# -e: 命令执行错误则报错; -u: 变量未定义则报错; -x: 打印实际待执行的命令行; -o pipefail: 设置管道中命令遇到失败则报错
|
||||
set -eu
|
||||
set -o pipefail
|
||||
|
||||
. /usr/local/bin/appcommon.sh # 应用专用函数库
|
||||
|
||||
eval "$(app_env)"
|
||||
LOG_I "** Processing entry.sh **"
|
||||
|
||||
if ! is_sourced; then
|
||||
# 替换命令行中的变量
|
||||
set -- $(eval echo "$@")
|
||||
|
||||
[ "${1:0:1}" = '-' ] && set -- "${APP_EXEC:-}" "$@"
|
||||
|
||||
print_image_welcome
|
||||
print_command_help "$@"
|
||||
|
||||
if [ "$1" = "${APP_EXEC}" ] && is_root; then
|
||||
/usr/local/bin/setup.sh
|
||||
|
||||
LOG_I "Restart with non-root user: ${APP_USER:-APP_NAME}\n"
|
||||
exec gosu "${APP_USER:-APP_NAME}" "$0" "$@"
|
||||
fi
|
||||
|
||||
[ "$1" = "${APP_EXEC}" ] && /usr/local/bin/init.sh
|
||||
|
||||
LOG_I "Start container with command: $@"
|
||||
exec tini -- "$@"
|
||||
fi
|
||||
Executable
+25
@@ -0,0 +1,25 @@
|
||||
#!/bin/bash
|
||||
# Ver: 1.0 by Endial Fang (endial@126.com)
|
||||
#
|
||||
# 应用初始化脚本
|
||||
|
||||
# 设置 shell 执行参数,可使用'-'(打开)'+'(关闭)控制。常用:
|
||||
# -e: 命令执行错误则报错; -u: 变量未定义则报错; -x: 打印实际待执行的命令行; -o pipefail: 设置管道中命令遇到失败则报错
|
||||
set -eu
|
||||
set -o pipefail
|
||||
|
||||
. /usr/local/bin/appcommon.sh # 应用专用函数库
|
||||
|
||||
eval "$(app_env)"
|
||||
LOG_I "** Processing init.sh **"
|
||||
|
||||
# 执行应用预初始化操作
|
||||
app_custom_preinit
|
||||
|
||||
# 执行应用初始化操作
|
||||
app_default_init
|
||||
|
||||
# 执行用户自定义初始化脚本
|
||||
app_custom_init
|
||||
|
||||
LOG_I "** Processing init.sh finished! **"
|
||||
Executable
+25
@@ -0,0 +1,25 @@
|
||||
#!/bin/bash
|
||||
# Ver: 1.0 by Endial Fang (endial@126.com)
|
||||
#
|
||||
# 应用启动脚本
|
||||
|
||||
# 设置 shell 执行参数,可使用'-'(打开)'+'(关闭)控制。常用:
|
||||
# -e: 命令执行错误则报错; -u: 变量未定义则报错; -x: 打印实际待执行的命令行; -o pipefail: 设置管道中命令遇到失败则报错
|
||||
set -eu
|
||||
set -o pipefail
|
||||
|
||||
. /usr/local/bin/appcommon.sh # 应用专用函数库
|
||||
|
||||
eval "$(app_env)"
|
||||
LOG_I "** Processing run.sh **"
|
||||
|
||||
flags=("${APP_CONF_FILE:-}")
|
||||
[[ -z "${APP_EXTRA_FLAGS:-}" ]] || flags=("${flags[@]}" "${APP_EXTRA_FLAGS[@]}")
|
||||
START_COMMAND=("${APP_EXEC:-/bin/bash}" "${flags[@]}")
|
||||
|
||||
LOG_I "** Starting ${APP_NAME} **"
|
||||
if is_root; then
|
||||
exec gosu "${APP_USER:-APP_NAME}" tini -s -- "${START_COMMAND[@]}"
|
||||
else
|
||||
exec tini -s -- "${START_COMMAND[@]}"
|
||||
fi
|
||||
Executable
+37
@@ -0,0 +1,37 @@
|
||||
#!/bin/bash
|
||||
# Ver: 1.0 by Endial Fang (endial@126.com)
|
||||
#
|
||||
# 应用环境及依赖文件设置脚本
|
||||
|
||||
# 设置 shell 执行参数,可使用'-'(打开)'+'(关闭)控制。常用:
|
||||
# -e: 命令执行错误则报错; -u: 变量未定义则报错; -x: 打印实际待执行的命令行; -o pipefail: 设置管道中命令遇到失败则报错
|
||||
set -eu
|
||||
set -o pipefail
|
||||
|
||||
. /usr/local/bin/appcommon.sh # 应用专用函数库
|
||||
|
||||
eval "$(app_env)"
|
||||
LOG_I "** Processing setup.sh **"
|
||||
|
||||
APP_DIRS="${APP_CONF_DIR:-} ${APP_DATA_DIR:-} ${APP_LOG_DIR:-} ${APP_CERT_DIR:-} ${APP_DATA_LOG_DIR:-}"
|
||||
for dir in ${APP_DIRS}; do
|
||||
ensure_dir_exists ${dir}
|
||||
done
|
||||
|
||||
app_verify_minimum_env
|
||||
|
||||
# 检测指定文件是否在配置文件存储目录存在,如果不存在则拷贝(新挂载数据卷、手动删除都会导致不存在)
|
||||
LOG_I "Check config files in: ${APP_CONF_DIR}"
|
||||
if [[ ! -z "$(ls -A "${APP_DEF_DIR}")" ]]; then
|
||||
ensure_config_file_exist "${APP_DEF_DIR}" $(ls -A "${APP_DEF_DIR}")
|
||||
fi
|
||||
|
||||
for dir in ${APP_DIRS}; do
|
||||
configure_permissions_ownership "$dir" -u "${APP_USER}" -g "${APP_USER}"
|
||||
done
|
||||
|
||||
# 解决使用gosu后,nginx: [emerg] open() "/dev/stdout" failed (13: Permission denied)
|
||||
LOG_D "Change permissions of stdout/stderr to 0622"
|
||||
chmod 0622 /dev/stdout /dev/stderr
|
||||
|
||||
LOG_I "** Processing setup.sh finished! **"
|
||||
@@ -0,0 +1,19 @@
|
||||
#!/bin/bash -e
|
||||
#
|
||||
# 在安装完应用后,使用该脚本修改默认配置文件中部分配置项; 如果相应的配置项已经定义为容器环境变量,则不需要在这里修改
|
||||
|
||||
# 定义要修改的文件
|
||||
CONF_FILE="${APP_DEF_DIR}/redis.conf"
|
||||
echo "Process overrides for: ${CONF_FILE}"
|
||||
# 修改默认配置信息
|
||||
sed -i -E 's/^bind .*/bind 127.0.0.1/g' "${CONF_FILE}"
|
||||
sed -i -E 's/^daemonize .*/daemonize yes/g' "${CONF_FILE}"
|
||||
sed -i -E 's/^pidfile .*/pidfile \/var\/run\/redis\/redis.pid/g' "${CONF_FILE}"
|
||||
sed -i -E 's/^logfile .*/logfile \"\/var\/log\/redis\/redis.log\"/g' "${CONF_FILE}"
|
||||
|
||||
SENTINEL_FILE="${APP_DEF_DIR}/sentinel.conf"
|
||||
echo "Process overrides for: ${SENTINEL_FILE}"
|
||||
# 修改 Sentinel 默认配置信息
|
||||
sed -i -E 's/^daemonize .*/daemonize yes/g' "${SENTINEL_FILE}"
|
||||
sed -i -E 's/^pidfile .*/pidfile \/var\/run\/redis\/redis-sentinel.pid/g' "${SENTINEL_FILE}"
|
||||
sed -i -E 's/^logfile .*/logfile \"\/var\/log\/redis\/redis-sentinel.log\"/g' "${SENTINEL_FILE}"
|
||||
Executable
+9
@@ -0,0 +1,9 @@
|
||||
#!/bin/bash
|
||||
# shell 执行参数,分别为 -e(命令执行错误则退出脚本) -u(变量未定义则报错) -x(打印实际待执行的命令行)
|
||||
set -eux
|
||||
addgroup -g 998 -S ${APP_USER}
|
||||
adduser -G ${APP_USER} -u 999 -s /usr/sbin/nologin -h ${APP_DATA_DIR} -D -S ${APP_USER}
|
||||
|
||||
# 如果需要 sudo 权限,需要安装 su 软件包:apk add sudo
|
||||
#sed -i -e 's/^\sDefaults\s*secure_path\s*=/# Defaults secure_path=/' /etc/sudoers
|
||||
#echo "${APP_USER} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
|
||||
Executable
+8
@@ -0,0 +1,8 @@
|
||||
#!/bin/bash
|
||||
# shell 执行参数,分别为 -e(命令执行错误则退出脚本) -u(变量未定义则报错) -x(打印实际待执行的命令行)
|
||||
set -eux
|
||||
|
||||
APP_DIRS="${APP_DEF_DIR:-} ${APP_CONF_DIR:-} ${APP_DATA_DIR:-} ${APP_DATA_LOG_DIR:-} ${APP_CACHE_DIR:-} ${APP_RUN_DIR:-} ${APP_LOG_DIR:-} ${APP_CERT_DIR:-} ${APP_HOME_DIR:-}"
|
||||
|
||||
mkdir -p ${APP_DIRS}
|
||||
chown -Rf ${APP_USER}:${APP_USER} ${APP_DIRS};
|
||||
Reference in New Issue
Block a user