[feat:6.0]删除alpine版本
This commit is contained in:
Regular → Executable
-1
@@ -1,7 +1,6 @@
|
||||
.git
|
||||
.gitignore
|
||||
|
||||
./alpine
|
||||
./Makefile
|
||||
|
||||
*.yml
|
||||
|
||||
@@ -1,41 +1,42 @@
|
||||
# Ver: 1.7 by Endial Fang (endial@126.com)
|
||||
# Ver: 1.11 by Endial Fang (endial@126.com)
|
||||
#
|
||||
# 当前 Docker 镜像的编译脚本
|
||||
|
||||
registry_url :=registry.cn-shenzhen.aliyuncs.com
|
||||
app_name :=colovu/redis
|
||||
# 定义镜像名称
|
||||
image_name :=colovu/redis
|
||||
|
||||
# 生成镜像TAG,类似:
|
||||
# <镜像名>:<分支名>-<Git ID> # Git 仓库且无文件修改直接编译
|
||||
# 定义默认镜像仓库地址
|
||||
registry_url :=docker.io
|
||||
|
||||
# 定义系统默认使用的源服务器,包含:default / tencent / ustc / aliyun / huawei
|
||||
apt_source :=tencent
|
||||
|
||||
# 定义镜像TAG,类似:
|
||||
# <镜像名>:<分支名>-<7位Git ID> # Git 仓库且无文件修改直接编译
|
||||
# <镜像名>:<分支名>-<年月日>-<时分秒> # Git 仓库有文件修改后的编译
|
||||
# <镜像名>:latest-<年月日>-<时分秒> # 非 Git 仓库编译
|
||||
current_subversion:=$(shell if [ ! `git status >/dev/null 2>&1` ]; then git rev-parse --short HEAD; else date +%y%m%d-%H%M%S; fi)
|
||||
current_tag:=local-$(shell if [ ! `git status >/dev/null 2>&1` ]; then git rev-parse --abbrev-ref HEAD | sed -e 's/master/latest/'; else echo "latest"; fi)-$(current_subversion)
|
||||
image_tag:=$(shell if [ ! `git status >/dev/null 2>&1` ]; then git rev-parse --abbrev-ref HEAD | sed -e 's/master/latest/'; else echo "latest"; fi)-$(current_subversion)
|
||||
|
||||
# Sources List: default / tencent / ustc / aliyun / huawei
|
||||
build-arg:=--build-arg apt_source=tencent
|
||||
build-arg:=--build-arg registry_url=$(registry_url)
|
||||
build-arg+=--build-arg apt_source=$(apt_source)
|
||||
|
||||
# 设置本地下载服务器路径,加速调试时的本地编译速度
|
||||
local_ip:=`echo "en0 eth0" |xargs -n1 ip addr show 2>/dev/null|grep inet|grep -v 127.0.0.1|grep -v inet6|tr "/" " "|awk '{print $$2}'`
|
||||
local_ip:=`echo "en0 eth0" | xargs -n1 ip addr show 2>/dev/null | grep inet | grep -v 127.0.0.1 | grep -v inet6 | tr "/" " " | awk '{print $$2}'`
|
||||
build-arg+=--build-arg local_url=http://$(local_ip)/dist-files
|
||||
|
||||
.PHONY: build build-debian build-alpine clean clearclean upgrade
|
||||
.PHONY: build clean clearclean upgrade
|
||||
|
||||
build: build-alpine build-debian
|
||||
# 屏蔽 "Use 'docker scan' to run Snyk tests against images to find vulnerabilities and learn how to fix them"
|
||||
export DOCKER_SCAN_SUGGEST=false
|
||||
|
||||
build:
|
||||
@echo "Build $(image_name):$(image_tag)"
|
||||
@docker build --progress plain --force-rm $(build-arg) -t $(image_name):$(image_tag) .
|
||||
@echo "Add tag: $(image_name):latest"
|
||||
@docker tag $(image_name):$(image_tag) $(image_name):latest
|
||||
@echo "Build complete"
|
||||
|
||||
build-debian:
|
||||
@echo "Build $(app_name):$(current_tag)"
|
||||
@docker build --force-rm $(build-arg) -t $(app_name):$(current_tag) .
|
||||
@echo "Add tag: $(app_name):local-latest"
|
||||
@docker tag $(app_name):$(current_tag) $(app_name):local-latest
|
||||
|
||||
build-alpine:
|
||||
@echo "Build $(app_name):$(current_tag)-alpine"
|
||||
@docker build --force-rm $(build-arg) -t $(app_name):$(current_tag)-alpine ./alpine
|
||||
@echo "Add tag: $(app_name):local-latest-alpine"
|
||||
@docker tag $(app_name):$(current_tag)-alpine $(app_name):local-latest-alpine
|
||||
|
||||
# 清理悬空的镜像(无TAG)及停止的容器
|
||||
clearclean: clean
|
||||
@echo "Clean untaged images and stoped containers..."
|
||||
@@ -45,9 +46,10 @@ clearclean: clean
|
||||
# 为了防止删除前缀名相同的镜像,在过滤条件中加入一个空格进行过滤
|
||||
clean:
|
||||
@echo "Clean all images for current application..."
|
||||
@docker images | grep "$(app_name) " | awk '{print $$3}' | sort -u | xargs -L 1 docker rmi -f
|
||||
@docker images | grep "$(image_name) " | awk '{print $$3}' | sort -u | xargs -L 1 docker rmi -f
|
||||
|
||||
# 更新所有 colovu 仓库的镜像
|
||||
upgrade:
|
||||
@echo "Upgrade all images..."
|
||||
@docker images | grep 'colovu' | grep -v '<none>' | grep -v "latest-" | awk '{print $$1":"$$2}' | sort -u | xargs -L 1 docker pull
|
||||
|
||||
|
||||
@@ -1,119 +0,0 @@
|
||||
# Ver: 1.3 by Endial Fang (endial@126.com)
|
||||
#
|
||||
|
||||
# 预处理 =========================================================================
|
||||
FROM colovu/abuilder as builder
|
||||
|
||||
# sources.list 可使用版本:default / tencent / ustc / aliyun / huawei
|
||||
ARG apt_source=default
|
||||
|
||||
# 编译镜像时指定用于加速的本地服务器地址
|
||||
ARG local_url=""
|
||||
|
||||
ENV APP_NAME=redis \
|
||||
APP_VERSION=6.0.8
|
||||
|
||||
RUN select_source ${apt_source};
|
||||
#RUN install_pkg xz-utils
|
||||
|
||||
# 下载并解压软件包
|
||||
RUN set -eux; \
|
||||
appName="${APP_NAME}-${APP_VERSION}.tar.gz"; \
|
||||
sha256="04fa1fddc39bd1aecb6739dd5dd73858a3515b427acd1e2947a66dadce868d68"; \
|
||||
[ ! -z ${local_url} ] && localURL=${local_url}/${APP_NAME}; \
|
||||
appUrls="${localURL:-} \
|
||||
http://download.redis.io/releases \
|
||||
"; \
|
||||
download_pkg unpack ${appName} "${appUrls}" -s "${sha256}";
|
||||
|
||||
# 源码编译: 编译后将配置文件模板拷贝至 /usr/local/${APP_NAME}/share/${APP_NAME} 中
|
||||
RUN set -eux; \
|
||||
APP_SRC="/usr/local/${APP_NAME}-${APP_VERSION}"; \
|
||||
cd ${APP_SRC}; \
|
||||
# 禁用安全保护模式,在 Docker 中运行时不需要
|
||||
grep -E '^ *createBoolConfig[(]"protected-mode",.*, *1 *,.*[)],$' ./src/config.c; \
|
||||
sed -ri 's!^( *createBoolConfig[(]"protected-mode",.*, *)1( *,.*[)],)$!\10\2!' ./src/config.c; \
|
||||
grep -E '^ *createBoolConfig[(]"protected-mode",.*, *0 *,.*[)],$' ./src/config.c; \
|
||||
make MALLOC=libc BUILD_TLS=yes \
|
||||
-j "$(nproc)" all; \
|
||||
make PREFIX=/usr/local/${APP_NAME} install; \
|
||||
# 删除重复的应用程序,并生成对应的连接
|
||||
serverMd5="$(md5sum /usr/local/redis/bin/redis-server | cut -d' ' -f1)"; export serverMd5; \
|
||||
find /usr/local/redis/bin/redis* -maxdepth 0 \
|
||||
-type f -not -name redis-server \
|
||||
-exec sh -eux -c ' \
|
||||
md5="$(md5sum "$1" | cut -d" " -f1)"; \
|
||||
test "$md5" = "$serverMd5"; \
|
||||
' -- '{}' ';' \
|
||||
-exec ln -svfT 'redis-server' '{}' ';' ;
|
||||
|
||||
# 删除编译生成的多余文件
|
||||
RUN set -eux; \
|
||||
find /usr/local -name '*.a' -delete; \
|
||||
rm -rf /usr/local/${APP_NAME}/include;
|
||||
|
||||
# 检测并生成依赖文件记录
|
||||
RUN set -eux; \
|
||||
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/${APP_NAME} | \
|
||||
tr ',' '\n' | \
|
||||
sort -u | \
|
||||
awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } \
|
||||
{ print "so:" $1 }' >/usr/local/${APP_NAME}/runDeps;
|
||||
|
||||
# 镜像生成 ========================================================================
|
||||
FROM colovu/alpine:3.12
|
||||
|
||||
ARG apt_source=default
|
||||
ARG local_url=""
|
||||
|
||||
ENV APP_NAME=redis \
|
||||
APP_USER=redis \
|
||||
APP_EXEC=run.sh \
|
||||
APP_VERSION=6.0.8
|
||||
|
||||
ENV APP_HOME_DIR=/usr/local/${APP_NAME} \
|
||||
APP_DEF_DIR=/etc/${APP_NAME}
|
||||
|
||||
ENV PATH="${APP_HOME_DIR}/bin:${PATH}" \
|
||||
LD_LIBRARY_PATH="${APP_HOME_DIR}/lib"
|
||||
|
||||
LABEL \
|
||||
"Version"="v${APP_VERSION}" \
|
||||
"Description"="Docker image for ${APP_NAME}(v${APP_VERSION})." \
|
||||
"Dockerfile"="https://github.com/colovu/docker-${APP_NAME}" \
|
||||
"Vendor"="Endial Fang (endial@126.com)"
|
||||
|
||||
# 选择软件包源
|
||||
RUN select_source ${apt_source}
|
||||
|
||||
COPY customer /
|
||||
RUN create_user && prepare_env
|
||||
|
||||
# 从预处理过程中拷贝软件包(Optional)
|
||||
COPY --from=builder /usr/local/${APP_NAME}/ /usr/local/${APP_NAME}
|
||||
COPY --from=builder /usr/local/${APP_NAME}-${APP_VERSION}/*.conf /etc/${APP_NAME}/
|
||||
|
||||
# 安装依赖的软件包及库(Optional)
|
||||
RUN install_pkg `cat /usr/local/${APP_NAME}/runDeps`;
|
||||
RUN install_pkg netcat-openbsd;
|
||||
|
||||
# 执行预处理脚本,并验证安装的软件包
|
||||
RUN set -eux; \
|
||||
override_file="/usr/local/overrides/overrides-${APP_VERSION}.sh"; \
|
||||
[ -e "${override_file}" ] && /bin/bash "${override_file}"; \
|
||||
gosu ${APP_USER} redis-cli --version; \
|
||||
gosu ${APP_USER} redis-server --version; \
|
||||
gosu --version;
|
||||
|
||||
# 默认提供的数据卷
|
||||
VOLUME ["/srv/conf", "/srv/data", "/srv/datalog", "/srv/cert", "/var/log"]
|
||||
|
||||
# 默认使用gosu切换为新建用户启动,必须保证端口在1024之上
|
||||
EXPOSE 6379
|
||||
|
||||
# 容器初始化命令,默认存放在:/usr/local/bin/entry.sh
|
||||
ENTRYPOINT ["entry.sh"]
|
||||
|
||||
# 应用程序的服务命令,必须使用非守护进程方式运行。如果使用变量,则该变量必须在运行环境中存在(ENV可以获取)
|
||||
CMD ["${APP_EXEC}"]
|
||||
|
||||
@@ -1,76 +0,0 @@
|
||||
#!/bin/bash
|
||||
# Ver: 1.0 by Endial Fang (endial@126.com)
|
||||
#
|
||||
# 应用环境变量定义及初始化
|
||||
|
||||
# 通用设置
|
||||
export ENV_DEBUG=${ENV_DEBUG:-false}
|
||||
export ALLOW_ANONYMOUS_LOGIN="${ALLOW_ANONYMOUS_LOGIN:-no}"
|
||||
|
||||
# 通过读取变量名对应的 *_FILE 文件,获取变量值;如果对应文件存在,则通过传入参数设置的变量值会被文件中对应的值覆盖
|
||||
# 变量优先级: *_FILE > 传入变量 > 默认值
|
||||
redis_env_file_lists=(
|
||||
REDIS_PASSWORD
|
||||
REDIS_MASTER_PASSWORD
|
||||
)
|
||||
for env_var in "${redis_env_file_lists[@]}"; do
|
||||
file_env_var="${env_var}_FILE"
|
||||
if [[ -n "${!file_env_var:-}" ]]; then
|
||||
export "${env_var}=$(< "${!file_env_var}")"
|
||||
unset "${file_env_var}"
|
||||
fi
|
||||
done
|
||||
unset redis_env_file_lists
|
||||
|
||||
# 应用路径参数
|
||||
export APP_HOME_DIR="/usr/local/${APP_NAME}"
|
||||
export APP_DEF_DIR="/etc/${APP_NAME}"
|
||||
export APP_CONF_DIR="/srv/conf/${APP_NAME}"
|
||||
export APP_DATA_DIR="/srv/data/${APP_NAME}"
|
||||
export APP_DATA_LOG_DIR="/srv/datalog/${APP_NAME}"
|
||||
export APP_CACHE_DIR="/var/cache/${APP_NAME}"
|
||||
export APP_RUN_DIR="/var/run/${APP_NAME}"
|
||||
export APP_LOG_DIR="/var/log/${APP_NAME}"
|
||||
export APP_CERT_DIR="/srv/cert/${APP_NAME}"
|
||||
|
||||
# Paths
|
||||
export REDIS_CONF_FILE="${APP_CONF_DIR}/redis.conf"
|
||||
export REDIS_SENTINEL_FILE="${APP_CONF_DIR}/sentinel.conf"
|
||||
export REDIS_PID_FILE="${APP_RUN_DIR}/redis.pid"
|
||||
|
||||
# Redis settings
|
||||
export REDIS_PORT="${REDIS_PORT:-6379}"
|
||||
export REDIS_DISABLE_COMMANDS="${REDIS_DISABLE_COMMANDS:-}"
|
||||
export REDIS_AOF_ENABLED="${REDIS_AOF_ENABLED:-yes}"
|
||||
|
||||
# Cluster configuration
|
||||
export REDIS_SENTINEL_HOST="${REDIS_SENTINEL_HOST:-}"
|
||||
export REDIS_SENTINEL_MASTER_NAME="${REDIS_SENTINEL_MASTER_NAME:-}"
|
||||
export REDIS_SENTINEL_PORT_NUMBER="${REDIS_SENTINEL_PORT_NUMBER:-26379}"
|
||||
|
||||
export REDIS_MASTER_HOST="${REDIS_MASTER_HOST:-}"
|
||||
export REDIS_MASTER_PORT_NUMBER="${REDIS_MASTER_PORT_NUMBER:-6379}"
|
||||
export REDIS_MASTER_PASSWORD="${REDIS_MASTER_PASSWORD:-}"
|
||||
export REDIS_REPLICATION_MODE="${REDIS_REPLICATION_MODE:-}"
|
||||
|
||||
# Redis TLS Settings
|
||||
export REDIS_TLS_ENABLED="${REDIS_TLS_ENABLED:-no}"
|
||||
export REDIS_TLS_PORT="${REDIS_TLS_PORT:-6379}"
|
||||
export REDIS_TLS_CERT_FILE="${REDIS_TLS_CERT_FILE:-}"
|
||||
export REDIS_TLS_KEY_FILE="${REDIS_TLS_KEY_FILE:-}"
|
||||
export REDIS_TLS_CA_FILE="${REDIS_TLS_CA_FILE:-}"
|
||||
export REDIS_TLS_DH_PARAMS_FILE="${REDIS_TLS_DH_PARAMS_FILE:-}"
|
||||
export REDIS_TLS_AUTH_CLIENTS="${REDIS_TLS_AUTH_CLIENTS:-yes}"
|
||||
|
||||
# Authentication
|
||||
export REDIS_PASSWORD="${REDIS_PASSWORD:-}"
|
||||
|
||||
# 应用配置参数
|
||||
|
||||
# 内部变量
|
||||
|
||||
# 个性化变量
|
||||
# 如果设置了用户密码,设置环境变量 REDISCLI_AUTH,用于 `redis-cli` 登录时使用;不显示输入,保证安全
|
||||
if [[ -n "${REDIS_PASSWORD}" ]]; then
|
||||
export REDISCLI_AUTH="${REDIS_PASSWORD:-}"
|
||||
fi
|
||||
@@ -1,530 +0,0 @@
|
||||
#!/bin/bash
|
||||
# Ver: 1.0 by Endial Fang (endial@126.com)
|
||||
#
|
||||
# 应用通用业务处理函数
|
||||
|
||||
# 加载依赖脚本
|
||||
. /usr/local/scripts/libcommon.sh # 通用函数库
|
||||
|
||||
. /usr/local/scripts/libfile.sh
|
||||
. /usr/local/scripts/libfs.sh
|
||||
. /usr/local/scripts/libos.sh
|
||||
. /usr/local/scripts/libnet.sh
|
||||
. /usr/local/scripts/libservice.sh
|
||||
. /usr/local/scripts/libvalidations.sh
|
||||
|
||||
# 函数列表
|
||||
|
||||
# 使用环境变量中以 "APP_CFG_" 开头的的全局变量更新配置文件中对应项(全小写,以"."分隔)
|
||||
# 举例:
|
||||
# APP_CFG_LOG_DIRS 对应配置文件中的配置项:log.dirs
|
||||
redis_configure_from_env_variables() {
|
||||
# Map environment variables to config properties
|
||||
for var in "${!APP_CFG_@}"; do
|
||||
key="$(echo "$var" | sed -e 's/^APP_CFG_//g' -e 's/_/\./g' | tr '[:upper:]' '[:lower:]')"
|
||||
value="${!var}"
|
||||
redis_conf_set "$key" "$value"
|
||||
done
|
||||
}
|
||||
|
||||
# 将变量配置更新至配置文件
|
||||
# 参数:
|
||||
# $1 - 文件
|
||||
# $2 - 变量
|
||||
# $3 - 值(列表)
|
||||
redis_common_conf_set() {
|
||||
local file="${1:?missing file}"
|
||||
local key="${2:?missing key}"
|
||||
shift
|
||||
shift
|
||||
local values=("$@")
|
||||
|
||||
if [[ "${#values[@]}" -eq 0 ]]; then
|
||||
LOG_E "missing value"
|
||||
return 1
|
||||
elif [[ "${#values[@]}" -ne 1 ]]; then
|
||||
for i in "${!values[@]}"; do
|
||||
redis_common_conf_set "$file" "${key[$i]}" "${values[$i]}"
|
||||
done
|
||||
else
|
||||
value="${values[0]}"
|
||||
# Sanitize inputs
|
||||
value="${value//\\/\\\\}"
|
||||
value="${value//&/\\&}"
|
||||
value="${value//\?/\\?}"
|
||||
[[ "$value" = "" ]] && value="\"$value\""
|
||||
# Check if the value was set before
|
||||
if grep -q "^[# ]*${key} .*" "$file"; then
|
||||
# Update the existing key
|
||||
replace_in_file "$file" "^[# ]*${key} .*" "${key} ${value}" false
|
||||
else
|
||||
# 增加一个新的配置项;如果在其他位置有类似操作,需要注意换行
|
||||
printf "\n%s %s" "$key" "$value" >>"$file"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
# 获取配置文件中指定关键字对应的值
|
||||
# 变量:
|
||||
# $1 - 变量
|
||||
redis_conf_get() {
|
||||
local key="${1:?missing key}"
|
||||
|
||||
grep -E "^\s*$key " "${REDIS_CONF_FILE}" | awk '{print $2}'
|
||||
}
|
||||
|
||||
# 更新 redis.conf 配置文件中指定变量值,设置关键字及对应值
|
||||
# 变量:
|
||||
# $1 - 变量
|
||||
# $2 - 值(列表)
|
||||
redis_conf_set() {
|
||||
redis_common_conf_set "${REDIS_CONF_FILE}" "$@"
|
||||
}
|
||||
|
||||
# 更新 sentinel.conf 配置文件中指定变量值,设置关键字及对应值
|
||||
# 变量:
|
||||
# $1 - 变量
|
||||
# $2 - 值(列表)
|
||||
redis_sentinel_conf_set() {
|
||||
redis_common_conf_set "${REDIS_SENTINEL_FILE}" "$@"
|
||||
}
|
||||
|
||||
# 更新 redis.conf 配置文件中指定变量值,取消关键字设置信息
|
||||
# 变量:
|
||||
# $1 - 变量
|
||||
redis_conf_unset() {
|
||||
local key="${1:?missing key}"
|
||||
remove_in_file "${REDIS_CONF_FILE}" "^\s*$key .*" false
|
||||
}
|
||||
|
||||
# 获取 Redis 版本信息
|
||||
redis_version() {
|
||||
redis-cli --version | grep -E -o "[0-9]+.[0-9]+.[0-9]+"
|
||||
}
|
||||
|
||||
# 获取 Redis 主版本号
|
||||
redis_major_version() {
|
||||
redis_version | grep -E -o "^[0-9]+"
|
||||
}
|
||||
|
||||
# 禁用 Redis 不安全的命令
|
||||
# 参数:
|
||||
# $1 - 待禁用的命令列表
|
||||
redis_disable_unsafe_commands() {
|
||||
# The current syntax gets a comma separated list of commands, we split them
|
||||
# before passing to redis_disable_unsafe_commands
|
||||
read -r -a disabledCommands <<< "$(tr ',' ' ' <<< "$REDIS_DISABLE_COMMANDS")"
|
||||
LOG_D "Disabling commands: ${disabledCommands[*]}"
|
||||
echo "" >> "${REDIS_CONF_FILE}"
|
||||
for cmd in "${disabledCommands[@]}"; do
|
||||
if grep -E -q "^\s*rename-command\s+$cmd\s+\"\"\s*$" "${REDIS_CONF_FILE}"; then
|
||||
LOG_D "$cmd was already disabled"
|
||||
continue
|
||||
fi
|
||||
echo "rename-command $cmd \"\"" >> "${REDIS_CONF_FILE}"
|
||||
done
|
||||
}
|
||||
|
||||
# 生成默认配置文件
|
||||
redis_generate_conf() {
|
||||
redis_conf_set port "$REDIS_PORT"
|
||||
redis_conf_set dir "${APP_DATA_DIR}"
|
||||
redis_conf_set logfile "${APP_LOG_DIR}/redis.log" # Log to stdout
|
||||
redis_conf_set pidfile "${REDIS_PID_FILE}"
|
||||
redis_conf_set daemonize no
|
||||
redis_conf_set bind 127.0.0.1 # disallow remote connections when init
|
||||
# Enable AOF https://redis.io/topics/persistence#append-only-file
|
||||
# Leave default fsync (every second)
|
||||
redis_conf_set appendonly "${REDIS_AOF_ENABLED}"
|
||||
# Disable RDB persistence, AOF persistence already enabled.
|
||||
# Ref: https://redis.io/topics/persistence#interactions-between-aof-and-rdb-persistence
|
||||
redis_conf_set save ""
|
||||
# TLS configuration
|
||||
if is_boolean_yes "$REDIS_TLS_ENABLED"; then
|
||||
if [[ "$REDIS_PORT" == "6379" ]] && [[ "$REDIS_TLS_PORT" == "6379" ]]; then
|
||||
# If both ports are set to default values, enable TLS traffic only
|
||||
redis_conf_set port 0
|
||||
redis_conf_set tls-port "$REDIS_TLS_PORT"
|
||||
else
|
||||
# Different ports were specified
|
||||
redis_conf_set port "$REDIS_PORT"
|
||||
redis_conf_set tls-port "$REDIS_TLS_PORT"
|
||||
fi
|
||||
redis_conf_set tls-cert-file "$REDIS_TLS_CERT_FILE"
|
||||
redis_conf_set tls-key-file "$REDIS_TLS_KEY_FILE"
|
||||
redis_conf_set tls-ca-cert-file "$REDIS_TLS_CA_FILE"
|
||||
[[ -n "$REDIS_TLS_DH_PARAMS_FILE" ]] && redis_conf_set tls-dh-params-file "$REDIS_TLS_DH_PARAMS_FILE"
|
||||
redis_conf_set tls-auth-clients "$REDIS_TLS_AUTH_CLIENTS"
|
||||
fi
|
||||
|
||||
if [[ -n "$REDIS_PASSWORD" ]]; then
|
||||
redis_conf_set requirepass "$REDIS_PASSWORD"
|
||||
else
|
||||
redis_conf_unset requirepass
|
||||
fi
|
||||
if [[ -n "$REDIS_DISABLE_COMMANDS" ]]; then
|
||||
redis_disable_unsafe_commands
|
||||
fi
|
||||
}
|
||||
|
||||
# 配置 Redis 复制模式参数
|
||||
# 参数:
|
||||
# $1 - 复制模式
|
||||
redis_configure_replication() {
|
||||
LOG_I "Configuring replication mode..."
|
||||
|
||||
redis_conf_set replica-announce-ip "$(get_machine_ip)"
|
||||
redis_conf_set replica-announce-port "$REDIS_MASTER_PORT_NUMBER"
|
||||
if [[ "$REDIS_REPLICATION_MODE" = "master" ]]; then
|
||||
if [[ -n "$REDIS_PASSWORD" ]]; then
|
||||
redis_conf_set masterauth "$REDIS_PASSWORD"
|
||||
fi
|
||||
elif [[ "$REDIS_REPLICATION_MODE" =~ ^(slave|replica)$ ]]; then
|
||||
if [[ -n "$REDIS_SENTINEL_HOST" ]]; then
|
||||
local sentinel_info_command
|
||||
if is_boolean_yes "$REDIS_TLS_ENABLED"; then
|
||||
sentinel_info_command="redis-cli -h ${REDIS_SENTINEL_HOST} -p ${REDIS_SENTINEL_PORT_NUMBER} --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} sentinel get-master-addr-by-name ${REDIS_SENTINEL_MASTER_NAME}"
|
||||
else
|
||||
sentinel_info_command="redis-cli -h ${REDIS_SENTINEL_HOST} -p ${REDIS_SENTINEL_PORT_NUMBER} sentinel get-master-addr-by-name ${REDIS_SENTINEL_MASTER_NAME}"
|
||||
fi
|
||||
REDIS_SENTINEL_INFO=($($sentinel_info_command))
|
||||
REDIS_MASTER_HOST=${REDIS_SENTINEL_INFO[0]}
|
||||
REDIS_MASTER_PORT_NUMBER=${REDIS_SENTINEL_INFO[1]}
|
||||
fi
|
||||
LOG_I "Waitting for Redis Master ready..."
|
||||
redis_wait_service "${REDIS_MASTER_HOST}:${REDIS_MASTER_PORT_NUMBER}"
|
||||
[[ -n "$REDIS_MASTER_PASSWORD" ]] && redis_conf_set masterauth "$REDIS_MASTER_PASSWORD"
|
||||
# Starting with Redis 5, use 'replicaof' instead of 'slaveof'. Maintaining both for backward compatibility
|
||||
local parameter="replicaof"
|
||||
[[ $(redis_major_version) -lt 5 ]] && parameter="slaveof"
|
||||
redis_conf_set "$parameter" "$REDIS_MASTER_HOST $REDIS_MASTER_PORT_NUMBER"
|
||||
# Configure replicas to use TLS for outgoing connections to the master
|
||||
if is_boolean_yes "$REDIS_TLS_ENABLED"; then
|
||||
redis_conf_set tls-replication yes
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
# 检测用户参数信息是否满足条件; 针对部分权限过于开放情况,打印提示信息
|
||||
redis_verify_minimum_env() {
|
||||
local error_code=0
|
||||
LOG_D "Validating settings in REDIS_* env vars..."
|
||||
|
||||
print_validation_error() {
|
||||
LOG_E "$1"
|
||||
error_code=1
|
||||
}
|
||||
|
||||
# Redis authentication validations
|
||||
if is_boolean_yes "$ALLOW_ANONYMOUS_LOGIN"; then
|
||||
LOG_W "You set the environment variable ALLOW_ANONYMOUS_LOGIN=${ALLOW_ANONYMOUS_LOGIN}. For safety reasons, do not use this flag in a production environment."
|
||||
elif [[ -z "$REDIS_PASSWORD" ]]; then
|
||||
print_validation_error "The REDIS_PASSWORD environment variable is empty or not set. Set the environment variable ALLOW_ANONYMOUS_LOGIN=yes to allow the container to be started with blank passwords. This is recommended only for development."
|
||||
fi
|
||||
|
||||
if [[ -n "$REDIS_REPLICATION_MODE" ]]; then
|
||||
if [[ "$REDIS_REPLICATION_MODE" =~ ^(slave|replica)$ ]]; then
|
||||
if [[ -n "$REDIS_MASTER_PORT_NUMBER" ]]; then
|
||||
if ! err=$(validate_port "$REDIS_MASTER_PORT_NUMBER"); then
|
||||
print_validation_error "An invalid port was specified in the environment variable REDIS_MASTER_PORT_NUMBER: $err"
|
||||
fi
|
||||
fi
|
||||
if ! is_boolean_yes "$ALLOW_ANONYMOUS_LOGIN" && [[ -z "$REDIS_MASTER_PASSWORD" ]]; then
|
||||
print_validation_error "The REDIS_MASTER_PASSWORD environment variable is empty or not set. Set the environment variable ALLOW_ANONYMOUS_LOGIN=yes to allow the container to be started with blank passwords. This is recommended only for development."
|
||||
fi
|
||||
elif [[ "$REDIS_REPLICATION_MODE" != "master" ]]; then
|
||||
print_validation_error "Invalid replication mode. Available options are 'master/replica'"
|
||||
fi
|
||||
fi
|
||||
|
||||
if is_boolean_yes "$REDIS_TLS_ENABLED"; then
|
||||
if [[ "$REDIS_PORT" == "$REDIS_TLS_PORT" ]] && [[ "$REDIS_PORT" != "6379" ]]; then
|
||||
# If both ports are assigned the same numbers and they are different to the default settings
|
||||
print_validation_error "Enviroment variables REDIS_PORT and REDIS_TLS_PORT point to the same port number (${REDIS_PORT}). Change one of them or disable non-TLS traffic by setting REDIS_PORT=0"
|
||||
fi
|
||||
if [[ -z "$REDIS_TLS_CERT_FILE" ]]; then
|
||||
print_validation_error "You must provide a X.509 certificate in order to use TLS"
|
||||
elif [[ ! -f "$REDIS_TLS_CERT_FILE" ]]; then
|
||||
print_validation_error "The X.509 certificate file in the specified path ${REDIS_TLS_CERT_FILE} does not exist"
|
||||
fi
|
||||
if [[ -z "$REDIS_TLS_KEY_FILE" ]]; then
|
||||
print_validation_error "You must provide a private key in order to use TLS"
|
||||
elif [[ ! -f "$REDIS_TLS_KEY_FILE" ]]; then
|
||||
print_validation_error "The private key file in the specified path ${REDIS_TLS_KEY_FILE} does not exist"
|
||||
fi
|
||||
if [[ -z "$REDIS_TLS_CA_FILE" ]]; then
|
||||
print_validation_error "You must provide a CA X.509 certificate in order to use TLS"
|
||||
elif [[ ! -f "$REDIS_TLS_CA_FILE" ]]; then
|
||||
print_validation_error "The CA X.509 certificate file in the specified path ${REDIS_TLS_CA_FILE} does not exist"
|
||||
fi
|
||||
if [[ -n "$REDIS_TLS_DH_PARAMS_FILE" ]] && [[ ! -f "$REDIS_TLS_DH_PARAMS_FILE" ]]; then
|
||||
print_validation_error "The DH param file in the specified path ${REDIS_TLS_DH_PARAMS_FILE} does not exist"
|
||||
fi
|
||||
fi
|
||||
|
||||
[[ "$error_code" -eq 0 ]] || exit "$error_code"
|
||||
}
|
||||
|
||||
# 更改默认监听地址为 "*" 或 "0.0.0.0",以对容器外提供服务;默认配置文件应当为仅监听 localhost(127.0.0.1)
|
||||
redis_enable_remote_connections() {
|
||||
LOG_D "Modify default config to enable all IP access"
|
||||
|
||||
redis_conf_set daemonize no
|
||||
redis_conf_set bind 0.0.0.0 # Allow remote connections
|
||||
}
|
||||
|
||||
# 检测依赖的服务端口是否就绪;该脚本依赖系统工具 'netcat'
|
||||
# 参数:
|
||||
# $1 - host:port
|
||||
redis_wait_service() {
|
||||
local serviceport=${1:?Missing server info}
|
||||
local service=${serviceport%%:*}
|
||||
local port=${serviceport#*:}
|
||||
local retry_seconds=5
|
||||
local max_try=100
|
||||
let i=1
|
||||
|
||||
if [[ -z "$(which nc)" ]]; then
|
||||
LOG_E "Nedd nc installed before, command: \"apk add netcat-openbsd\"."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
LOG_I "[0/${max_try}] check for ${service}:${port}..."
|
||||
|
||||
set +e
|
||||
nc -z ${service} ${port}
|
||||
result=$?
|
||||
|
||||
until [ $result -eq 0 ]; do
|
||||
LOG_D " [$i/${max_try}] not available yet"
|
||||
if (( $i == ${max_try} )); then
|
||||
LOG_E "${service}:${port} is still not available; giving up after ${max_try} tries."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
LOG_I "[$i/${max_try}] try in ${retry_seconds}s once again ..."
|
||||
let "i++"
|
||||
sleep ${retry_seconds}
|
||||
|
||||
nc -z ${service} ${port}
|
||||
result=$?
|
||||
done
|
||||
|
||||
set -e
|
||||
LOG_I "[$i/${max_try}] ${service}:${port} is available."
|
||||
}
|
||||
|
||||
# 以后台方式启动应用服务,并等待启动就绪
|
||||
redis_start_server_bg() {
|
||||
redis_is_server_running && return
|
||||
|
||||
LOG_I "Starting ${APP_NAME} in background..."
|
||||
|
||||
if is_boolean_yes "${ENV_DEBUG}"; then
|
||||
"redis-server" "${REDIS_CONF_FILE}" "--daemonize" "yes"
|
||||
else
|
||||
"redis-server" "${REDIS_CONF_FILE}" "--daemonize" "yes" >/dev/null 2>&1
|
||||
fi
|
||||
|
||||
local counter=3
|
||||
while ! redis_is_server_running ; do
|
||||
if [[ "$counter" -ne 0 ]]; then
|
||||
break
|
||||
fi
|
||||
sleep 1;
|
||||
counter=$((counter - 1))
|
||||
done
|
||||
|
||||
# 通过命令或特定端口检测应用是否就绪
|
||||
LOG_I "Checking ${APP_NAME} ready status..."
|
||||
#wait-for-port --timeout 60 "$REDIS_PORT"
|
||||
|
||||
LOG_D "${APP_NAME} is ready for service..."
|
||||
}
|
||||
|
||||
# 停止应用服务
|
||||
redis_stop_server() {
|
||||
redis_is_server_running || return
|
||||
|
||||
local pass
|
||||
local port
|
||||
local args
|
||||
LOG_I "Stopping ${APP_NAME}..."
|
||||
|
||||
pass="$(redis_conf_get "requirepass")"
|
||||
is_boolean_yes "$REDIS_TLS_ENABLED" && port="$(redis_conf_get "tls-port")" || port="$(redis_conf_get "port")"
|
||||
|
||||
[[ -n "$pass" ]] && args+=("-a" "\"$pass\"")
|
||||
[[ "$port" != "0" ]] && args+=("-p" "$port")
|
||||
#args+=("--daemonize" "yes")
|
||||
|
||||
if is_boolean_yes "${ENV_DEBUG}"; then
|
||||
"redis-cli" "${args[@]}" shutdown
|
||||
else
|
||||
"redis-cli" "${args[@]}" shutdown >/dev/null 2>&1
|
||||
fi
|
||||
|
||||
# 检测停止是否完成
|
||||
local counter=5
|
||||
while [[ "$counter" -ne 0 ]] && is_app_server_running; do
|
||||
LOG_D "Waiting for ${APP_NAME} to stop..."
|
||||
sleep 1
|
||||
counter=$((counter - 1))
|
||||
done
|
||||
}
|
||||
|
||||
# 检测应用服务是否在后台运行中
|
||||
redis_is_server_running() {
|
||||
LOG_D "Check if ${APP_NAME} is running..."
|
||||
local pid
|
||||
pid="$(get_pid_from_file "${REDIS_PID_FILE}")"
|
||||
|
||||
if [[ -z "${pid}" ]]; then
|
||||
false
|
||||
else
|
||||
is_service_running "${pid}"
|
||||
fi
|
||||
}
|
||||
|
||||
# 清理初始化应用时生成的临时文件
|
||||
redis_clean_tmp_file() {
|
||||
LOG_D "Clean ${APP_NAME} tmp files for init..."
|
||||
|
||||
}
|
||||
|
||||
# 在重新启动容器时,删除标志文件及必须删除的临时文件 (容器重新启动)
|
||||
redis_clean_from_restart() {
|
||||
LOG_D "Clean ${APP_NAME} tmp files for restart..."
|
||||
local -r -a files=(
|
||||
"${REDIS_PID_FILE}"
|
||||
)
|
||||
|
||||
for file in ${files[@]}; do
|
||||
if [[ -f "$file" ]]; then
|
||||
LOG_I "Cleaning stale $file file"
|
||||
rm "$file"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
# 应用默认初始化操作
|
||||
# 执行完毕后,生成文件 ${APP_CONF_DIR}/.app_init_flag 及 ${APP_DATA_DIR}/.data_init_flag 文件
|
||||
redis_default_init() {
|
||||
redis_clean_from_restart
|
||||
LOG_D "Check init status of ${APP_NAME}..."
|
||||
|
||||
# 检测配置文件是否存在
|
||||
if [[ ! -f "${APP_CONF_DIR}/.app_init_flag" ]]; then
|
||||
LOG_I "No injected configuration file found, creating default config files..."
|
||||
redis_generate_conf
|
||||
|
||||
# Configure Replication mode
|
||||
if [[ -n "$REDIS_REPLICATION_MODE" ]]; then
|
||||
redis_configure_replication
|
||||
fi
|
||||
|
||||
touch "${APP_CONF_DIR}/.app_init_flag"
|
||||
echo "$(date '+%Y-%m-%d %H:%M:%S') : Init success." >> "${APP_CONF_DIR}/.app_init_flag"
|
||||
else
|
||||
LOG_I "User injected custom configuration detected!"
|
||||
fi
|
||||
|
||||
if [[ ! -f "${APP_DATA_DIR}/.data_init_flag" ]]; then
|
||||
LOG_I "Deploying ${APP_NAME} from scratch..."
|
||||
|
||||
# 启动后台服务
|
||||
#redis_start_server_bg
|
||||
|
||||
|
||||
touch ${APP_DATA_DIR}/.data_init_flag
|
||||
echo "$(date '+%Y-%m-%d %H:%M:%S') : Init success." >> ${APP_DATA_DIR}/.data_init_flag
|
||||
else
|
||||
LOG_I "Deploying ${APP_NAME} with persisted data..."
|
||||
fi
|
||||
}
|
||||
|
||||
# 用户自定义的前置初始化操作,依次执行目录 preinitdb.d 中的初始化脚本
|
||||
# 执行完毕后,生成文件 ${APP_DATA_DIR}/.custom_preinit_flag
|
||||
redis_custom_preinit() {
|
||||
LOG_I "Check custom pre-init status of ${APP_NAME}..."
|
||||
|
||||
# 检测用户配置文件目录是否存在 preinitdb.d 文件夹,如果存在,尝试执行目录中的初始化脚本
|
||||
if [ -d "/srv/conf/${APP_NAME}/preinitdb.d" ]; then
|
||||
# 检测数据存储目录是否存在已初始化标志文件;如果不存在,检索可执行脚本文件并进行初始化操作
|
||||
if [[ -n $(find "/srv/conf/${APP_NAME}/preinitdb.d/" -type f -regex ".*\.\(sh\)") ]] && \
|
||||
[[ ! -f "${APP_DATA_DIR}/.custom_preinit_flag" ]]; then
|
||||
LOG_I "Process custom pre-init scripts from /srv/conf/${APP_NAME}/preinitdb.d..."
|
||||
|
||||
# 检索所有可执行脚本,排序后执行
|
||||
find "/srv/conf/${APP_NAME}/preinitdb.d/" -type f -regex ".*\.\(sh\)" | sort | process_init_files
|
||||
|
||||
touch "${APP_DATA_DIR}/.custom_preinit_flag"
|
||||
echo "$(date '+%Y-%m-%d %H:%M:%S') : Init success." >> "${APP_DATA_DIR}/.custom_preinit_flag"
|
||||
LOG_I "Custom preinit for ${APP_NAME} complete."
|
||||
else
|
||||
LOG_I "Custom preinit for ${APP_NAME} already done before, skipping initialization."
|
||||
fi
|
||||
fi
|
||||
|
||||
# 检测依赖的服务是否就绪
|
||||
#for i in ${SERVICE_PRECONDITION[@]}; do
|
||||
# redis_wait_service "${i}"
|
||||
#done
|
||||
}
|
||||
|
||||
# 用户自定义的应用初始化操作,依次执行目录initdb.d中的初始化脚本
|
||||
# 执行完毕后,生成文件 ${APP_DATA_DIR}/.custom_init_flag
|
||||
redis_custom_init() {
|
||||
LOG_I "Check custom initdb status of ${APP_NAME}..."
|
||||
|
||||
# 检测用户配置文件目录是否存在 initdb.d 文件夹,如果存在,尝试执行目录中的初始化脚本
|
||||
if [ -d "/srv/conf/${APP_NAME}/initdb.d" ]; then
|
||||
# 检测数据存储目录是否存在已初始化标志文件;如果不存在,检索可执行脚本文件并进行初始化操作
|
||||
if [[ -n $(find "/srv/conf/${APP_NAME}/initdb.d/" -type f -regex ".*\.\(sh\|sql\|sql.gz\)") ]] && \
|
||||
[[ ! -f "${APP_DATA_DIR}/.custom_init_flag" ]]; then
|
||||
LOG_I "Process custom init scripts from /srv/conf/${APP_NAME}/initdb.d..."
|
||||
|
||||
# 启动后台服务
|
||||
#redis_start_server_bg
|
||||
|
||||
# 检索所有可执行脚本,排序后执行
|
||||
find "/srv/conf/${APP_NAME}/initdb.d/" -type f -regex ".*\.\(sh\|sql\|sql.gz\)" | sort | while read -r f; do
|
||||
case "$f" in
|
||||
*.sh)
|
||||
if [[ -x "$f" ]]; then
|
||||
LOG_D "Executing $f"; "$f"
|
||||
else
|
||||
LOG_D "Sourcing $f"; . "$f"
|
||||
fi
|
||||
;;
|
||||
*.sql)
|
||||
LOG_D "Executing $f";
|
||||
postgresql_execute "${PG_DATABASE}" "${PG_INITSCRIPTS_USERNAME}" "${PG_INITSCRIPTS_PASSWORD}" < "$f"
|
||||
;;
|
||||
*.sql.gz)
|
||||
LOG_D "Executing $f";
|
||||
gunzip -c "$f" | postgresql_execute "${PG_DATABASE}" "${PG_INITSCRIPTS_USERNAME}" "${PG_INITSCRIPTS_PASSWORD}"
|
||||
;;
|
||||
*)
|
||||
LOG_D "Ignoring $f" ;;
|
||||
esac
|
||||
done
|
||||
|
||||
touch "${APP_DATA_DIR}/.custom_init_flag"
|
||||
echo "$(date '+%Y-%m-%d %H:%M:%S') : Init success." >> "${APP_DATA_DIR}/.custom_init_flag"
|
||||
LOG_I "Custom init for ${APP_NAME} complete."
|
||||
else
|
||||
LOG_I "Custom init for ${APP_NAME} already done before, skipping initialization."
|
||||
fi
|
||||
fi
|
||||
|
||||
# 检测服务是否运行中;如果运行,则停止后台服务
|
||||
redis_is_server_running && redis_stop_server
|
||||
|
||||
# 删除第一次运行生成的临时文件
|
||||
redis_clean_tmp_file
|
||||
|
||||
# 绑定所有 IP ,启用远程访问
|
||||
redis_enable_remote_connections
|
||||
}
|
||||
|
||||
@@ -1,37 +0,0 @@
|
||||
#!/bin/bash
|
||||
# Ver: 1.1 by Endial Fang (endial@126.com)
|
||||
#
|
||||
# 容器入口脚本
|
||||
|
||||
# 设置 shell 执行参数,可使用'-'(打开)'+'(关闭)控制。常用:
|
||||
# -e: 命令执行错误则报错; -u: 变量未定义则报错; -x: 打印实际待执行的命令行; -o pipefail: 设置管道中命令遇到失败则报错
|
||||
set -eu
|
||||
set -o pipefail
|
||||
|
||||
. /usr/local/bin/comm-${APP_NAME}.sh # 应用专用函数库
|
||||
|
||||
. /usr/local/bin/comm-env.sh # 设置环境变量
|
||||
|
||||
LOG_I "** Processing entry.sh **"
|
||||
|
||||
if ! is_sourced; then
|
||||
# 替换命令行中的变量
|
||||
set -- $(eval echo "$@")
|
||||
|
||||
[ "${1:0:1}" = '-' ] && set -- "${APP_EXEC:-}" "$@"
|
||||
|
||||
print_image_welcome
|
||||
print_command_help "$@"
|
||||
|
||||
if [ "$1" = "${APP_EXEC}" ] && is_root; then
|
||||
/usr/local/bin/setup.sh
|
||||
|
||||
LOG_I "Restart with non-root user: ${APP_USER}\n"
|
||||
exec gosu "${APP_USER}" "$0" "$@"
|
||||
fi
|
||||
|
||||
[ "$1" = "${APP_EXEC}" ] && /usr/local/bin/init.sh
|
||||
|
||||
LOG_I "Start container with command: $@"
|
||||
exec tini -- "$@"
|
||||
fi
|
||||
@@ -1,28 +0,0 @@
|
||||
#!/bin/bash
|
||||
# Ver: 1.1 by Endial Fang (endial@126.com)
|
||||
#
|
||||
# 应用初始化脚本
|
||||
|
||||
# 设置 shell 执行参数,可使用'-'(打开)'+'(关闭)控制。常用:
|
||||
# -e: 命令执行错误则报错; -u: 变量未定义则报错; -x: 打印实际待执行的命令行; -o pipefail: 设置管道中命令遇到失败则报错
|
||||
set -eu
|
||||
set -o pipefail
|
||||
|
||||
. /usr/local/bin/comm-${APP_NAME}.sh # 应用专用函数库
|
||||
|
||||
. /usr/local/bin/comm-env.sh # 设置环境变量
|
||||
|
||||
LOG_I "** Processing init.sh **"
|
||||
|
||||
trap "${APP_NAME}_stop_server" EXIT
|
||||
|
||||
# 执行应用预初始化操作
|
||||
${APP_NAME}_custom_preinit
|
||||
|
||||
# 执行应用初始化操作
|
||||
${APP_NAME}_default_init
|
||||
|
||||
# 执行用户自定义初始化脚本
|
||||
${APP_NAME}_custom_init
|
||||
|
||||
LOG_I "** Processing init.sh finished! **"
|
||||
@@ -1,33 +0,0 @@
|
||||
#!/bin/bash
|
||||
# Ver: 1.1 by Endial Fang (endial@126.com)
|
||||
#
|
||||
# 应用启动脚本
|
||||
|
||||
# 设置 shell 执行参数,可使用'-'(打开)'+'(关闭)控制。常用:
|
||||
# -e: 命令执行错误则报错; -u: 变量未定义则报错; -x: 打印实际待执行的命令行; -o pipefail: 设置管道中命令遇到失败则报错
|
||||
set -eu
|
||||
set -o pipefail
|
||||
|
||||
. /usr/local/bin/comm-${APP_NAME}.sh # 应用专用函数库
|
||||
|
||||
. /usr/local/bin/comm-env.sh # 设置环境变量
|
||||
|
||||
LOG_I "** Processing run.sh **"
|
||||
|
||||
# 配置默认启动参数(应用配置文件、前台方式启动)
|
||||
flags=("${REDIS_CONF_FILE:-}" "--daemonize" "no")
|
||||
# 将启动时使用 REDIS_EXTRA_FLAGS 指定的参数附加在启动参数中
|
||||
[[ -z "${REDIS_EXTRA_FLAGS:-}" ]] || flags+=("${REDIS_EXTRA_FLAGS[@]}")
|
||||
# 将启动时的传入参数附加在参数中
|
||||
flags+=("$@")
|
||||
|
||||
# 设置启动命令
|
||||
START_COMMAND=("redis-server")
|
||||
|
||||
LOG_I "** Starting ${APP_NAME} **"
|
||||
if is_root; then
|
||||
exec gosu "${APP_USER}" "${START_COMMAND[@]}" "${flags[@]}"
|
||||
else
|
||||
exec "${START_COMMAND[@]}" "${flags[@]}"
|
||||
fi
|
||||
|
||||
@@ -1,40 +0,0 @@
|
||||
#!/bin/bash
|
||||
# Ver: 1.1 by Endial Fang (endial@126.com)
|
||||
#
|
||||
# 应用环境及依赖文件设置脚本
|
||||
|
||||
# 设置 shell 执行参数,可使用'-'(打开)'+'(关闭)控制。常用:
|
||||
# -e: 命令执行错误则报错; -u: 变量未定义则报错; -x: 打印实际待执行的命令行; -o pipefail: 设置管道中命令遇到失败则报错
|
||||
set -eu
|
||||
set -o pipefail
|
||||
|
||||
. /usr/local/bin/comm-${APP_NAME}.sh # 应用专用函数库
|
||||
|
||||
. /usr/local/bin/comm-env.sh # 设置环境变量
|
||||
|
||||
LOG_I "** Processing setup.sh **"
|
||||
|
||||
APP_DIRS="${APP_CONF_DIR:-} ${APP_DATA_DIR:-} ${APP_LOG_DIR:-} ${APP_CERT_DIR:-} ${APP_DATA_LOG_DIR:-}"
|
||||
LOG_I "Ensure directory exists: ${APP_DIRS}"
|
||||
for dir in ${APP_DIRS}; do
|
||||
ensure_dir_exists ${dir}
|
||||
done
|
||||
|
||||
${APP_NAME}_verify_minimum_env
|
||||
|
||||
# 检测指定文件是否在配置文件存储目录存在,如果不存在则拷贝(新挂载数据卷、手动删除都会导致不存在)
|
||||
LOG_I "Check config files in: ${APP_CONF_DIR}"
|
||||
if [[ ! -z "$(ls -A "${APP_DEF_DIR}")" ]]; then
|
||||
ensure_config_file_exist "${APP_DEF_DIR}" $(ls -A "${APP_DEF_DIR}")
|
||||
fi
|
||||
|
||||
LOG_I "Ensure directory ownership: ${APP_USER}"
|
||||
for dir in ${APP_DIRS}; do
|
||||
configure_permissions_ownership "$dir" -u "${APP_USER}" -g "${APP_USER}"
|
||||
done
|
||||
|
||||
# 解决使用gosu后,nginx: [emerg] open() "/dev/stdout" failed (13: Permission denied)
|
||||
LOG_D "Change permissions of stdout/stderr to 0622"
|
||||
chmod 0622 /dev/stdout /dev/stderr
|
||||
|
||||
LOG_I "** Processing setup.sh finished! **"
|
||||
@@ -1,20 +0,0 @@
|
||||
#!/bin/bash -e
|
||||
# Ver: 1.0 by Endial Fang (endial@126.com)
|
||||
#
|
||||
# 在安装完应用后,使用该脚本修改默认配置文件中部分配置项; 如果相应的配置项已经定义为容器环境变量,则不需要在这里修改
|
||||
|
||||
# 定义要修改的文件
|
||||
CONF_FILE="${APP_DEF_DIR}/redis.conf"
|
||||
echo "Process overrides for: ${CONF_FILE}"
|
||||
# 修改默认配置信息
|
||||
sed -i -E 's/^#?bind .*/bind 127.0.0.1/g' "${CONF_FILE}"
|
||||
sed -i -E 's/^#?daemonize .*/daemonize yes/g' "${CONF_FILE}"
|
||||
sed -i -E 's/^#?pidfile .*/pidfile \/var\/run\/redis\/redis.pid/g' "${CONF_FILE}"
|
||||
sed -i -E 's/^#?logfile .*/logfile \"\/var\/log\/redis\/redis.log\"/g' "${CONF_FILE}"
|
||||
|
||||
SENTINEL_FILE="${APP_DEF_DIR}/sentinel.conf"
|
||||
echo "Process overrides for: ${SENTINEL_FILE}"
|
||||
# 修改 Sentinel 默认配置信息
|
||||
sed -i -E 's/^#?daemonize .*/daemonize yes/g' "${SENTINEL_FILE}"
|
||||
sed -i -E 's/^#?pidfile .*/pidfile \/var\/run\/redis\/redis-sentinel.pid/g' "${SENTINEL_FILE}"
|
||||
sed -i -E 's/^#?logfile .*/logfile \"\/var\/log\/redis\/redis-sentinel.log\"/g' "${SENTINEL_FILE}"
|
||||
@@ -1,10 +0,0 @@
|
||||
#!/bin/bash
|
||||
# shell 执行参数,分别为 -e(命令执行错误则退出脚本) -u(变量未定义则报错) -x(打印实际待执行的命令行)
|
||||
set -eux
|
||||
addgroup -g 998 -S ${APP_USER}
|
||||
#adduser -G ${APP_USER} -u 999 -s /bin/bash -h /srv/data/${APP_NAME} -D -S ${APP_USER}
|
||||
adduser -G ${APP_USER} -u 999 -s /usr/sbin/nologin -h /srv/data/${APP_NAME} -D -S ${APP_USER}
|
||||
|
||||
# 如果需要 sudo 权限,需要安装 su 软件包:apk add sudo
|
||||
#sed -i -e 's/^\sDefaults\s*secure_path\s*=/# Defaults secure_path=/' /etc/sudoers
|
||||
#echo "${APP_USER} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
|
||||
@@ -1,17 +0,0 @@
|
||||
#!/bin/bash
|
||||
# shell 执行参数,分别为 -e(命令执行错误则退出脚本) -u(变量未定义则报错) -x(打印实际待执行的命令行)
|
||||
set -eux
|
||||
|
||||
APP_DIRS=" \
|
||||
/usr/local/${APP_NAME} \
|
||||
/etc/${APP_NAME} \
|
||||
/srv/conf/${APP_NAME} \
|
||||
/srv/data/${APP_NAME} \
|
||||
/srv/datalog/${APP_NAME} \
|
||||
/var/cache/${APP_NAME} \
|
||||
/var/run/${APP_NAME} \
|
||||
/var/log/${APP_NAME} \
|
||||
/srv/cert/${APP_NAME}"
|
||||
|
||||
mkdir -p ${APP_DIRS}
|
||||
chown -Rf ${APP_USER}:${APP_USER} ${APP_DIRS};
|
||||
Reference in New Issue
Block a user