409 lines
14 KiB
Bash
409 lines
14 KiB
Bash
#!/bin/bash
|
|
# Ver: 1.4 by Endial Fang (endial@126.com)
|
|
#
|
|
# 应用通用业务处理函数
|
|
|
|
. /colovu/lib/libcommon.sh # 通用函数库
|
|
|
|
. /colovu/lib/libfile.sh
|
|
. /colovu/lib/libfs.sh
|
|
. /colovu/lib/liblog.sh
|
|
. /colovu/lib/libos.sh
|
|
. /colovu/lib/libservice.sh
|
|
. /colovu/lib/libvalidations.sh
|
|
|
|
# 检测应用相应的配置文件是否存在,如果不存在,则从默认配置文件目录拷贝一份
|
|
# 默认配置文件路径:/etc/${APP_NAME}
|
|
# 目标配置文件路径:/srv/conf/${APP_NAME}
|
|
# 参数:
|
|
# $1 - 目标路径
|
|
# $2 - 源路径
|
|
# $* - 基础路径下的文件及目录列表,以" "分割
|
|
# 例子:
|
|
# ensure_config_file_exist /etc/${APP_NAME} conf.d server.conf
|
|
app_ensure_config_file_exist() {
|
|
local -r dist_path="${1:?dist paths is missing}"
|
|
local -r base_path="${2:?source paths is missing}"
|
|
local f=""
|
|
|
|
shift 2
|
|
LOG_D "List to check in ${base_path}: $@"
|
|
while [ "$#" -gt 0 ]; do
|
|
f="${1}"
|
|
LOG_D " Process \"${f}\""
|
|
if [ -d "${base_path}/${f}" ]; then
|
|
[[ ! -d "${dist_path}/${f}" ]] && LOG_D " Create directory: ${dist_path}/${f}" && mkdir -p "${dist_path}/${f}"
|
|
[[ ! -z $(ls -A "${base_path}/${f}") ]] && app_ensure_config_file_exist "${dist_path}/${f}" "${base_path}/${f}" $(ls -A "${base_path}/${f}")
|
|
else
|
|
[[ ! -e "${dist_path}/${f}" ]] && LOG_D " Copy: ${base_path}/${f} to ${dist_path}" && cp "${base_path}/${f}" "${dist_path}"
|
|
fi
|
|
shift
|
|
done
|
|
}
|
|
|
|
# 检测以 "<PREFIX>" 开头的环境变量,并更新指定配置文件中对应配置项的值
|
|
# 如果需要全部转换为小写,可使用命令: tr '[:upper:]' '[:lower:]'
|
|
# 环境变量与配置项替换规则 : 环境变量中下划线 ==> 配置参数中特殊字符
|
|
# - "_" ==> "-"(中划线)
|
|
# - "__" ==> "_"(下划线)
|
|
# - "___" ==> "."(半角点)
|
|
#
|
|
# 变量:
|
|
# $1 - 配置文件
|
|
# $2 - <PREFIX>前缀(不含结束的"_")
|
|
app_configure_from_environment() {
|
|
local confFile="${1:?missing file}"
|
|
local envPrefix="${2:-APP_CFG}"
|
|
|
|
LOG_D "Configuration File: ${confFile}"
|
|
|
|
# 更新普通key-value配置文件,转换为小写后写入文件
|
|
for var in $(eval echo \${!${envPrefix}_@}); do
|
|
key="$(echo "$var" | sed -e 's/^'${envPrefix}'_//g' -e 's/___/./g' -e 's/__/--/g' -e 's/_/-/g' -e 's/--/_/g' | tr '[:upper:]' '[:lower:]')"
|
|
value="${!var}"
|
|
LOG_D " ${key} ${value}"
|
|
app_common_conf_set "$confFile" "$key" "$value"
|
|
done
|
|
}
|
|
|
|
# 将变量配置更新至配置文件
|
|
# 参数:
|
|
# $1 - 文件
|
|
# $2 - 变量
|
|
# $3 - 值(列表)
|
|
app_common_conf_set() {
|
|
local file="${1:?missing file}"
|
|
local key="${2:?missing key}"
|
|
shift
|
|
shift
|
|
local values=("$@")
|
|
|
|
if [[ "${#values[@]}" -eq 0 ]]; then
|
|
LOG_E "missing value"
|
|
return 1
|
|
elif [[ "${#values[@]}" -ne 1 ]]; then
|
|
for i in "${!values[@]}"; do
|
|
app_common_conf_set "$file" "${key[$i]}" "${values[$i]}"
|
|
done
|
|
else
|
|
value="${values[0]}"
|
|
# Sanitize inputs
|
|
value="${value//\\/\\\\}"
|
|
value="${value//&/\\&}"
|
|
value="${value//\?/\\?}"
|
|
[[ "$value" = "" ]] && value="\"$value\""
|
|
# 检测配置文件中是否有相应的配置项(含以"#"起始的)
|
|
if grep -q "^[#]*${key} .*" "$file"; then
|
|
# 更新当前被注释掉的配置项(以“#”开始)
|
|
case ${key} in
|
|
include)
|
|
if grep -q "^${key} ${value}.*" "$file"; then
|
|
LOG_W "Duplicated include: ${value}"
|
|
else
|
|
LOG_D "Add new include: ${value}"
|
|
replace_in_file "$file" "^#${key} .*" "#include /path/to/local.conf\n${key} ${value}" false
|
|
fi
|
|
;;
|
|
loadmodule)
|
|
if grep -q "^${key} ${value}.*" "$file"; then
|
|
LOG_W "Duplicated loadmodule: ${value}"
|
|
else
|
|
LOG_D "Add new loadmodule: ${value}"
|
|
replace_in_file "$file" "^#${key} .*" "#loadmodule /path/to/my_module.so\n${key} ${value}" false
|
|
fi
|
|
;;
|
|
*)
|
|
replace_in_file "$file" "^[#]*${key} .*" "${key} ${value}" false
|
|
;;
|
|
esac
|
|
else
|
|
# 增加一个新的配置项;如果在其他位置有类似操作,需要注意换行
|
|
printf "\n%s %s" "$key" "$value" >>"$file"
|
|
fi
|
|
fi
|
|
}
|
|
|
|
# 使用环境变量中配置,更新配置文件
|
|
app_update_conf() {
|
|
LOG_I "Update configure files..."
|
|
app_configure_from_environment "${REDIS_CONF_FILE}" "REDIS_CFG"
|
|
|
|
if [[ -n "$DISABLE_COMMANDS" ]]; then
|
|
app_disable_unsafe_commands
|
|
fi
|
|
}
|
|
|
|
# 检测用户参数信息是否满足条件; 针对部分权限过于开放情况,打印提示信息
|
|
app_verify_minimum_env() {
|
|
local error_code=0
|
|
|
|
LOG_D "Validating settings in ENV vars..."
|
|
|
|
print_validation_error() {
|
|
LOG_E "$1"
|
|
error_code=1
|
|
}
|
|
|
|
# Redis authentication validations
|
|
if is_boolean_yes "$ALLOW_ANONYMOUS"; then
|
|
LOG_W "You set the environment variable ALLOW_ANONYMOUS=${ALLOW_ANONYMOUS}. For safety reasons, do not use this flag in a production environment."
|
|
elif [[ -z "$REDIS_CFG_REQUIREPASS" ]]; then
|
|
print_validation_error "The REDIS_CFG_REQUIREPASS environment variable is empty or not set. Set the environment variable ALLOW_ANONYMOUS=yes to allow the container to be started with blank passwords. This is recommended only for development."
|
|
fi
|
|
|
|
if [[ -n "${REDIS_CFG_TLS_PORT:-}" ]]; then
|
|
if [[ -z "${REDIS_CFG_TLS_CERT_FILE:-}" ]]; then
|
|
print_validation_error "You must provide a X.509 certificate in order to use TLS"
|
|
elif [[ ! -f "$REDIS_CFG_TLS_CERT_FILE" ]]; then
|
|
print_validation_error "The X.509 certificate file in the specified path ${REDIS_CFG_TLS_CERT_FILE} does not exist"
|
|
fi
|
|
if [[ -z "${REDIS_CFG_TLS_KEY_FILE:-}" ]]; then
|
|
print_validation_error "You must provide a private key in order to use TLS"
|
|
elif [[ ! -f "$REDIS_CFG_TLS_KEY_FILE" ]]; then
|
|
print_validation_error "The private key file in the specified path ${REDIS_CFG_TLS_KEY_FILE} does not exist"
|
|
fi
|
|
if [[ -z "${REDIS_CFG_TLS_CA_CERT_FILE:-}" ]]; then
|
|
print_validation_error "You must provide a CA X.509 certificate in order to use TLS"
|
|
elif [[ ! -f "$REDIS_CFG_TLS_CA_CERT_FILE" ]]; then
|
|
print_validation_error "The CA X.509 certificate file in the specified path ${REDIS_CFG_TLS_CA_CERT_FILE} does not exist"
|
|
fi
|
|
if [[ -n "${REDIS_CFG_TLS_DH_PARAMS_FILE:-}" ]] && [[ ! -f "$REDIS_CFG_TLS_DH_PARAMS_FILE" ]]; then
|
|
print_validation_error "The DH param file in the specified path ${REDIS_CFG_TLS_DH_PARAMS_FILE} does not exist"
|
|
fi
|
|
fi
|
|
|
|
[[ "$error_code" -eq 0 ]] || exit "$error_code"
|
|
}
|
|
|
|
# 更改默认监听地址为 "*" 或 "0.0.0.0",以对容器外提供服务
|
|
app_enable_remote_connections() {
|
|
LOG_I "Modify default config to ENABLE external IP access"
|
|
|
|
app_conf_set bind "* -::*"
|
|
}
|
|
|
|
# 更改默认监听地址为 "localhost" 或 "127.0.0.1",以禁止对容器外提供服务
|
|
app_disable_remote_connections() {
|
|
LOG_I "Modify default config to DISABLE external IP access"
|
|
|
|
app_conf_set bind "127.0.0.1 -::1"
|
|
}
|
|
|
|
# 检测依赖的服务端口是否就绪;该脚本依赖系统工具 'netcat'
|
|
# 参数:
|
|
# $1 - host:port
|
|
app_wait_service() {
|
|
local serviceInfo=${1:?Missing server info}
|
|
local service=${serviceInfo%%:*}
|
|
local port=${serviceInfo#*:}
|
|
local retry_seconds=5
|
|
local max_try=6
|
|
let i=1
|
|
|
|
if [[ -z "$(which nc)" ]]; then
|
|
install_pkg ncat
|
|
fi
|
|
|
|
LOG_I "[0/${max_try}] check for ${service}:${port}..."
|
|
|
|
set +e
|
|
nc -z ${service} ${port}
|
|
result=$?
|
|
|
|
until [ $result -eq 0 ]; do
|
|
if (( $i == ${max_try} )); then
|
|
LOG_E "${service}:${port} is still not available; giving up after ${max_try} tries."
|
|
exit 1
|
|
fi
|
|
LOG_D " [$i/${max_try}] not available yet, try in ${retry_seconds}'s latter ..."
|
|
|
|
let "i++"
|
|
sleep ${retry_seconds}
|
|
|
|
nc -z ${service} ${port}
|
|
result=$?
|
|
done
|
|
|
|
set -e
|
|
LOG_I "[$i/${max_try}] ${service}:${port} is available."
|
|
}
|
|
|
|
# 以后台方式启动应用服务,并等待启动就绪
|
|
app_start_server_bg() {
|
|
app_is_server_running && return
|
|
|
|
LOG_I "Starting ${APP_NAME} in background..."
|
|
|
|
local pass
|
|
pass="$(cat /dev/urandom | head -n 24 | md5sum | head -c 24)"
|
|
|
|
export REDISCLI_AUTH="${pass}"
|
|
|
|
if is_boolean_yes "${ENV_DEBUG}"; then
|
|
"redis-server" "${REDIS_CONF_FILE}" "--daemonize" "yes" "--requirepass" "${pass}"
|
|
else
|
|
"redis-server" "${REDIS_CONF_FILE}" "--daemonize" "yes" "--requirepass" "${pass}" >/dev/null 2>&1
|
|
fi
|
|
|
|
LOG_D "Checking ${APP_NAME} ready status..."
|
|
local counter=10
|
|
while ! app_is_server_running ; do
|
|
LOG_D "Waiting for ${APP_NAME} to ready ... $counter"
|
|
if [[ "$counter" -ne 0 ]]; then
|
|
break
|
|
fi
|
|
sleep 1;
|
|
counter=$((counter - 1))
|
|
done
|
|
}
|
|
|
|
# 停止应用服务
|
|
app_stop_server() {
|
|
if app_is_server_running ; then
|
|
LOG_I "Stopping ${APP_NAME}..."
|
|
|
|
# 已通过环境变量设置了 REDISCLI_AUTH
|
|
if is_boolean_yes "${ENV_DEBUG}"; then
|
|
"redis-cli" shutdown
|
|
else
|
|
"redis-cli" shutdown >/dev/null 2>&1
|
|
fi
|
|
|
|
# 检测停止是否完成
|
|
LOG_D "Checking ${APP_NAME} running status..."
|
|
local counter=10
|
|
while [[ "$counter" -ne 0 ]] && app_is_server_running; do
|
|
LOG_D "Waiting for ${APP_NAME} to stop ... $counter"
|
|
sleep 1
|
|
counter=$((counter - 1))
|
|
done
|
|
fi
|
|
}
|
|
|
|
# 检测应用服务是否在后台运行中
|
|
app_is_server_running() {
|
|
LOG_D "Check if ${APP_NAME} is running..."
|
|
local pid
|
|
pid="$(get_pid_from_file '${REDIS_PID_FILE}')"
|
|
LOG_D "${APP_NAME} PID: ${pid}"
|
|
|
|
if [[ -n "${pid}" ]]; then
|
|
is_service_running "${pid}"
|
|
else
|
|
false
|
|
fi
|
|
}
|
|
|
|
app_is_server_not_running() {
|
|
if [[ app_is_server_running == false ]]; then
|
|
true
|
|
else
|
|
flse
|
|
fi
|
|
}
|
|
|
|
# 清理初始化应用时生成的临时文件
|
|
app_clean_tmp_file() {
|
|
LOG_D "Clean ${APP_NAME} tmp files for init..."
|
|
local -r -a files=(
|
|
"${REDIS_PID_FILE}"
|
|
)
|
|
|
|
for file in ${files[@]}; do
|
|
if [[ -f "$file" ]]; then
|
|
LOG_D " Remove $file"
|
|
rm "$file"
|
|
fi
|
|
done
|
|
}
|
|
|
|
# 应用默认初始化操作
|
|
# 执行完毕后,生成文件 ${APP_CONF_DIR}/.app_init_flag 及 ${APP_DATA_DIR}/.data_init_flag 文件
|
|
app_default_init() {
|
|
LOG_I "Process default init for ${APP_NAME}..."
|
|
|
|
app_update_conf
|
|
app_enable_remote_connections
|
|
}
|
|
|
|
# 用户自定义的应用初始化操作,依次执行目录initdb.d中的初始化脚本
|
|
# 执行完毕后,生成文件 ${APP_DATA_DIR}/.custom_init_flag
|
|
app_custom_init() {
|
|
LOG_I "Process customer init ${APP_NAME}..."
|
|
|
|
# 检测用户配置文件目录是否存在 initdb.d 文件夹,如果存在,尝试执行目录中的初始化脚本
|
|
if [ -d "${APP_CONF_DIR}/initdb.d" ]; then
|
|
# 检测数据存储目录是否存在已初始化标志文件;如果不存在,检索可执行脚本文件并进行初始化操作
|
|
if [[ -n $(find "${APP_CONF_DIR}/initdb.d/" -type f -regex ".*\.\(sh\|sql\|sql.gz\)") ]] && \
|
|
[[ ! -f "${APP_DATA_DIR}/.custom_init_flag" ]]; then
|
|
LOG_I "Process custom init scripts from ${APP_CONF_DIR}/initdb.d..."
|
|
|
|
# 启动后台服务
|
|
app_disable_remote_connections
|
|
app_start_server_bg
|
|
|
|
# 检索所有可执行脚本,排序后执行
|
|
find "${APP_CONF_DIR}/initdb.d/" -type f -regex ".*\.\(sh\|sql\|sql.gz\)" | sort | while read -r f; do
|
|
case "$f" in
|
|
*.sh)
|
|
if [[ -x "$f" ]]; then
|
|
LOG_D "Executing $f"; "$f"
|
|
else
|
|
LOG_D "Sourcing $f"; . "$f"
|
|
fi
|
|
;;
|
|
*)
|
|
LOG_D "Ignoring $f" ;;
|
|
esac
|
|
done
|
|
|
|
touch "${APP_DATA_DIR}/.custom_init_flag"
|
|
echo "$(date '+%Y-%m-%d %H:%M:%S') : Init success." >> "${APP_DATA_DIR}/.custom_init_flag"
|
|
LOG_I "Custom init for ${APP_NAME} complete."
|
|
|
|
# 检测服务是否运行中;如果运行,则停止后台服务
|
|
app_is_server_running && app_stop_server
|
|
app_clean_tmp_file
|
|
app_enable_remote_connections
|
|
else
|
|
LOG_I "Custom init for ${APP_NAME} already done before, skipping initialization."
|
|
fi
|
|
fi
|
|
}
|
|
|
|
# 更新 redis.conf 配置文件中指定变量值,设置关键字及对应值
|
|
# 变量:
|
|
# $1 - 变量
|
|
# $2 - 值(列表)
|
|
app_conf_set() {
|
|
app_common_conf_set "${REDIS_CONF_FILE}" "$@"
|
|
}
|
|
|
|
# 获取配置文件中指定关键字对应的值
|
|
# 变量:
|
|
# $1 - 变量
|
|
app_conf_get() {
|
|
local key="${1:?missing key}"
|
|
|
|
grep -E "^$key " "${REDIS_CONF_FILE}" | awk '{print $2}'
|
|
}
|
|
|
|
# 禁用 Redis 不安全的命令
|
|
# 参数:
|
|
# $1 - 待禁用的命令列表
|
|
app_disable_unsafe_commands() {
|
|
# The current syntax gets a comma(",") separated list of commands, we split them
|
|
# before passing to redis_disable_unsafe_commands
|
|
read -r -a disabledCommands <<< "$(tr ',' ' ' <<< "$DISABLE_COMMANDS")"
|
|
LOG_D "Disabling commands: ${disabledCommands[*]}"
|
|
echo "" >> "${REDIS_CONF_FILE}"
|
|
for cmd in "${disabledCommands[@]}"; do
|
|
if grep -E -q "^\s*rename-command\s+$cmd\s+\"\"\s*$" "${REDIS_CONF_FILE}"; then
|
|
LOG_D "$cmd was already disabled"
|
|
continue
|
|
fi
|
|
echo "rename-command $cmd \"\"" >> "${REDIS_CONF_FILE}"
|
|
done
|
|
}
|
|
|