Files

409 lines
14 KiB
Bash

#!/bin/bash
# Ver: 1.4 by Endial Fang (endial@126.com)
#
# 应用通用业务处理函数
. /colovu/lib/libcommon.sh # 通用函数库
. /colovu/lib/libfile.sh
. /colovu/lib/libfs.sh
. /colovu/lib/liblog.sh
. /colovu/lib/libos.sh
. /colovu/lib/libservice.sh
. /colovu/lib/libvalidations.sh
# 检测应用相应的配置文件是否存在,如果不存在,则从默认配置文件目录拷贝一份
# 默认配置文件路径:/etc/${APP_NAME}
# 目标配置文件路径:/srv/conf/${APP_NAME}
# 参数:
# $1 - 目标路径
# $2 - 源路径
# $* - 基础路径下的文件及目录列表,以" "分割
# 例子:
# ensure_config_file_exist /etc/${APP_NAME} conf.d server.conf
app_ensure_config_file_exist() {
local -r dist_path="${1:?dist paths is missing}"
local -r base_path="${2:?source paths is missing}"
local f=""
shift 2
LOG_D "List to check in ${base_path}: $@"
while [ "$#" -gt 0 ]; do
f="${1}"
LOG_D " Process \"${f}\""
if [ -d "${base_path}/${f}" ]; then
[[ ! -d "${dist_path}/${f}" ]] && LOG_D " Create directory: ${dist_path}/${f}" && mkdir -p "${dist_path}/${f}"
[[ ! -z $(ls -A "${base_path}/${f}") ]] && app_ensure_config_file_exist "${dist_path}/${f}" "${base_path}/${f}" $(ls -A "${base_path}/${f}")
else
[[ ! -e "${dist_path}/${f}" ]] && LOG_D " Copy: ${base_path}/${f} to ${dist_path}" && cp "${base_path}/${f}" "${dist_path}"
fi
shift
done
}
# 检测以 "<PREFIX>" 开头的环境变量,并更新指定配置文件中对应配置项的值
# 如果需要全部转换为小写,可使用命令: tr '[:upper:]' '[:lower:]'
# 环境变量与配置项替换规则 : 环境变量中下划线 ==> 配置参数中特殊字符
# - "_" ==> "-"(中划线)
# - "__" ==> "_"(下划线)
# - "___" ==> "."(半角点)
#
# 变量:
# $1 - 配置文件
# $2 - <PREFIX>前缀(不含结束的"_")
app_configure_from_environment() {
local confFile="${1:?missing file}"
local envPrefix="${2:-APP_CFG}"
LOG_D "Configuration File: ${confFile}"
# 更新普通key-value配置文件,转换为小写后写入文件
for var in $(eval echo \${!${envPrefix}_@}); do
key="$(echo "$var" | sed -e 's/^'${envPrefix}'_//g' -e 's/___/./g' -e 's/__/--/g' -e 's/_/-/g' -e 's/--/_/g' | tr '[:upper:]' '[:lower:]')"
value="${!var}"
LOG_D " ${key} ${value}"
app_common_conf_set "$confFile" "$key" "$value"
done
}
# 将变量配置更新至配置文件
# 参数:
# $1 - 文件
# $2 - 变量
# $3 - 值(列表)
app_common_conf_set() {
local file="${1:?missing file}"
local key="${2:?missing key}"
shift
shift
local values=("$@")
if [[ "${#values[@]}" -eq 0 ]]; then
LOG_E "missing value"
return 1
elif [[ "${#values[@]}" -ne 1 ]]; then
for i in "${!values[@]}"; do
app_common_conf_set "$file" "${key[$i]}" "${values[$i]}"
done
else
value="${values[0]}"
# Sanitize inputs
value="${value//\\/\\\\}"
value="${value//&/\\&}"
value="${value//\?/\\?}"
[[ "$value" = "" ]] && value="\"$value\""
# 检测配置文件中是否有相应的配置项(含以"#"起始的)
if grep -q "^[#]*${key} .*" "$file"; then
# 更新当前被注释掉的配置项(以“#”开始)
case ${key} in
include)
if grep -q "^${key} ${value}.*" "$file"; then
LOG_W "Duplicated include: ${value}"
else
LOG_D "Add new include: ${value}"
replace_in_file "$file" "^#${key} .*" "#include /path/to/local.conf\n${key} ${value}" false
fi
;;
loadmodule)
if grep -q "^${key} ${value}.*" "$file"; then
LOG_W "Duplicated loadmodule: ${value}"
else
LOG_D "Add new loadmodule: ${value}"
replace_in_file "$file" "^#${key} .*" "#loadmodule /path/to/my_module.so\n${key} ${value}" false
fi
;;
*)
replace_in_file "$file" "^[#]*${key} .*" "${key} ${value}" false
;;
esac
else
# 增加一个新的配置项;如果在其他位置有类似操作,需要注意换行
printf "\n%s %s" "$key" "$value" >>"$file"
fi
fi
}
# 使用环境变量中配置,更新配置文件
app_update_conf() {
LOG_I "Update configure files..."
app_configure_from_environment "${REDIS_CONF_FILE}" "REDIS_CFG"
if [[ -n "$DISABLE_COMMANDS" ]]; then
app_disable_unsafe_commands
fi
}
# 检测用户参数信息是否满足条件; 针对部分权限过于开放情况,打印提示信息
app_verify_minimum_env() {
local error_code=0
LOG_D "Validating settings in ENV vars..."
print_validation_error() {
LOG_E "$1"
error_code=1
}
# Redis authentication validations
if is_boolean_yes "$ALLOW_ANONYMOUS"; then
LOG_W "You set the environment variable ALLOW_ANONYMOUS=${ALLOW_ANONYMOUS}. For safety reasons, do not use this flag in a production environment."
elif [[ -z "$REDIS_CFG_REQUIREPASS" ]]; then
print_validation_error "The REDIS_CFG_REQUIREPASS environment variable is empty or not set. Set the environment variable ALLOW_ANONYMOUS=yes to allow the container to be started with blank passwords. This is recommended only for development."
fi
if [[ -n "${REDIS_CFG_TLS_PORT:-}" ]]; then
if [[ -z "${REDIS_CFG_TLS_CERT_FILE:-}" ]]; then
print_validation_error "You must provide a X.509 certificate in order to use TLS"
elif [[ ! -f "$REDIS_CFG_TLS_CERT_FILE" ]]; then
print_validation_error "The X.509 certificate file in the specified path ${REDIS_CFG_TLS_CERT_FILE} does not exist"
fi
if [[ -z "${REDIS_CFG_TLS_KEY_FILE:-}" ]]; then
print_validation_error "You must provide a private key in order to use TLS"
elif [[ ! -f "$REDIS_CFG_TLS_KEY_FILE" ]]; then
print_validation_error "The private key file in the specified path ${REDIS_CFG_TLS_KEY_FILE} does not exist"
fi
if [[ -z "${REDIS_CFG_TLS_CA_CERT_FILE:-}" ]]; then
print_validation_error "You must provide a CA X.509 certificate in order to use TLS"
elif [[ ! -f "$REDIS_CFG_TLS_CA_CERT_FILE" ]]; then
print_validation_error "The CA X.509 certificate file in the specified path ${REDIS_CFG_TLS_CA_CERT_FILE} does not exist"
fi
if [[ -n "${REDIS_CFG_TLS_DH_PARAMS_FILE:-}" ]] && [[ ! -f "$REDIS_CFG_TLS_DH_PARAMS_FILE" ]]; then
print_validation_error "The DH param file in the specified path ${REDIS_CFG_TLS_DH_PARAMS_FILE} does not exist"
fi
fi
[[ "$error_code" -eq 0 ]] || exit "$error_code"
}
# 更改默认监听地址为 "*" 或 "0.0.0.0",以对容器外提供服务
app_enable_remote_connections() {
LOG_I "Modify default config to ENABLE external IP access"
app_conf_set bind "* -::*"
}
# 更改默认监听地址为 "localhost" 或 "127.0.0.1",以禁止对容器外提供服务
app_disable_remote_connections() {
LOG_I "Modify default config to DISABLE external IP access"
app_conf_set bind "127.0.0.1 -::1"
}
# 检测依赖的服务端口是否就绪;该脚本依赖系统工具 'netcat'
# 参数:
# $1 - host:port
app_wait_service() {
local serviceInfo=${1:?Missing server info}
local service=${serviceInfo%%:*}
local port=${serviceInfo#*:}
local retry_seconds=5
local max_try=6
let i=1
if [[ -z "$(which nc)" ]]; then
install_pkg ncat
fi
LOG_I "[0/${max_try}] check for ${service}:${port}..."
set +e
nc -z ${service} ${port}
result=$?
until [ $result -eq 0 ]; do
if (( $i == ${max_try} )); then
LOG_E "${service}:${port} is still not available; giving up after ${max_try} tries."
exit 1
fi
LOG_D " [$i/${max_try}] not available yet, try in ${retry_seconds}'s latter ..."
let "i++"
sleep ${retry_seconds}
nc -z ${service} ${port}
result=$?
done
set -e
LOG_I "[$i/${max_try}] ${service}:${port} is available."
}
# 以后台方式启动应用服务,并等待启动就绪
app_start_server_bg() {
app_is_server_running && return
LOG_I "Starting ${APP_NAME} in background..."
local pass
pass="$(cat /dev/urandom | head -n 24 | md5sum | head -c 24)"
export REDISCLI_AUTH="${pass}"
if is_boolean_yes "${ENV_DEBUG}"; then
"redis-server" "${REDIS_CONF_FILE}" "--daemonize" "yes" "--requirepass" "${pass}"
else
"redis-server" "${REDIS_CONF_FILE}" "--daemonize" "yes" "--requirepass" "${pass}" >/dev/null 2>&1
fi
LOG_D "Checking ${APP_NAME} ready status..."
local counter=10
while ! app_is_server_running ; do
LOG_D "Waiting for ${APP_NAME} to ready ... $counter"
if [[ "$counter" -ne 0 ]]; then
break
fi
sleep 1;
counter=$((counter - 1))
done
}
# 停止应用服务
app_stop_server() {
if app_is_server_running ; then
LOG_I "Stopping ${APP_NAME}..."
# 已通过环境变量设置了 REDISCLI_AUTH
if is_boolean_yes "${ENV_DEBUG}"; then
"redis-cli" shutdown
else
"redis-cli" shutdown >/dev/null 2>&1
fi
# 检测停止是否完成
LOG_D "Checking ${APP_NAME} running status..."
local counter=10
while [[ "$counter" -ne 0 ]] && app_is_server_running; do
LOG_D "Waiting for ${APP_NAME} to stop ... $counter"
sleep 1
counter=$((counter - 1))
done
fi
}
# 检测应用服务是否在后台运行中
app_is_server_running() {
LOG_D "Check if ${APP_NAME} is running..."
local pid
pid="$(get_pid_from_file '${REDIS_PID_FILE}')"
LOG_D "${APP_NAME} PID: ${pid}"
if [[ -n "${pid}" ]]; then
is_service_running "${pid}"
else
false
fi
}
app_is_server_not_running() {
if [[ app_is_server_running == false ]]; then
true
else
flse
fi
}
# 清理初始化应用时生成的临时文件
app_clean_tmp_file() {
LOG_D "Clean ${APP_NAME} tmp files for init..."
local -r -a files=(
"${REDIS_PID_FILE}"
)
for file in ${files[@]}; do
if [[ -f "$file" ]]; then
LOG_D " Remove $file"
rm "$file"
fi
done
}
# 应用默认初始化操作
# 执行完毕后,生成文件 ${APP_CONF_DIR}/.app_init_flag 及 ${APP_DATA_DIR}/.data_init_flag 文件
app_default_init() {
LOG_I "Process default init for ${APP_NAME}..."
app_update_conf
app_enable_remote_connections
}
# 用户自定义的应用初始化操作,依次执行目录initdb.d中的初始化脚本
# 执行完毕后,生成文件 ${APP_DATA_DIR}/.custom_init_flag
app_custom_init() {
LOG_I "Process customer init ${APP_NAME}..."
# 检测用户配置文件目录是否存在 initdb.d 文件夹,如果存在,尝试执行目录中的初始化脚本
if [ -d "${APP_CONF_DIR}/initdb.d" ]; then
# 检测数据存储目录是否存在已初始化标志文件;如果不存在,检索可执行脚本文件并进行初始化操作
if [[ -n $(find "${APP_CONF_DIR}/initdb.d/" -type f -regex ".*\.\(sh\|sql\|sql.gz\)") ]] && \
[[ ! -f "${APP_DATA_DIR}/.custom_init_flag" ]]; then
LOG_I "Process custom init scripts from ${APP_CONF_DIR}/initdb.d..."
# 启动后台服务
app_disable_remote_connections
app_start_server_bg
# 检索所有可执行脚本,排序后执行
find "${APP_CONF_DIR}/initdb.d/" -type f -regex ".*\.\(sh\|sql\|sql.gz\)" | sort | while read -r f; do
case "$f" in
*.sh)
if [[ -x "$f" ]]; then
LOG_D "Executing $f"; "$f"
else
LOG_D "Sourcing $f"; . "$f"
fi
;;
*)
LOG_D "Ignoring $f" ;;
esac
done
touch "${APP_DATA_DIR}/.custom_init_flag"
echo "$(date '+%Y-%m-%d %H:%M:%S') : Init success." >> "${APP_DATA_DIR}/.custom_init_flag"
LOG_I "Custom init for ${APP_NAME} complete."
# 检测服务是否运行中;如果运行,则停止后台服务
app_is_server_running && app_stop_server
app_clean_tmp_file
app_enable_remote_connections
else
LOG_I "Custom init for ${APP_NAME} already done before, skipping initialization."
fi
fi
}
# 更新 redis.conf 配置文件中指定变量值,设置关键字及对应值
# 变量:
# $1 - 变量
# $2 - 值(列表)
app_conf_set() {
app_common_conf_set "${REDIS_CONF_FILE}" "$@"
}
# 获取配置文件中指定关键字对应的值
# 变量:
# $1 - 变量
app_conf_get() {
local key="${1:?missing key}"
grep -E "^$key " "${REDIS_CONF_FILE}" | awk '{print $2}'
}
# 禁用 Redis 不安全的命令
# 参数:
# $1 - 待禁用的命令列表
app_disable_unsafe_commands() {
# The current syntax gets a comma(",") separated list of commands, we split them
# before passing to redis_disable_unsafe_commands
read -r -a disabledCommands <<< "$(tr ',' ' ' <<< "$DISABLE_COMMANDS")"
LOG_D "Disabling commands: ${disabledCommands[*]}"
echo "" >> "${REDIS_CONF_FILE}"
for cmd in "${disabledCommands[@]}"; do
if grep -E -q "^\s*rename-command\s+$cmd\s+\"\"\s*$" "${REDIS_CONF_FILE}"; then
LOG_D "$cmd was already disabled"
continue
fi
echo "rename-command $cmd \"\"" >> "${REDIS_CONF_FILE}"
done
}