From 336e076dd9644e847e92d07bf80c95a0faad03c5 Mon Sep 17 00:00:00 2001 From: Endial Fang Date: Wed, 9 Sep 2020 22:13:34 +0800 Subject: [PATCH] =?UTF-8?q?[fix:alpine]=E6=A2=B3=E7=90=86=E8=84=9A?= =?UTF-8?q?=E6=9C=AC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- alpine/Dockerfile | 102 +++++ alpine/customer/usr/local/bin/appcommon.sh | 408 ++++++++++++++++++ alpine/customer/usr/local/bin/entry.sh | 34 ++ alpine/customer/usr/local/bin/init.sh | 25 ++ alpine/customer/usr/local/bin/run.sh | 25 ++ alpine/customer/usr/local/bin/setup.sh | 37 ++ .../usr/local/overrides/overrides-x.x.x.sh | 11 + alpine/customer/usr/sbin/create_user | 9 + alpine/customer/usr/sbin/prepare_env | 8 + alpine/prebuilds/etc/apk/repositories.aliyun | 2 + alpine/prebuilds/etc/apk/repositories.default | 2 + alpine/prebuilds/etc/apk/repositories.huawei | 2 + alpine/prebuilds/etc/apk/repositories.tencent | 2 + alpine/prebuilds/etc/apk/repositories.ustc | 2 + alpine/prebuilds/usr/local/license/LICENSE | 21 + .../prebuilds/usr/local/scripts/libcommon.sh | 119 +++++ alpine/prebuilds/usr/local/scripts/libfile.sh | 78 ++++ alpine/prebuilds/usr/local/scripts/libfs.sh | 107 +++++ alpine/prebuilds/usr/local/scripts/liblog.sh | 81 ++++ alpine/prebuilds/usr/local/scripts/libos.sh | 109 +++++ .../prebuilds/usr/local/scripts/libservice.sh | 87 ++++ .../usr/local/scripts/libvalidations.sh | 213 +++++++++ alpine/prebuilds/usr/sbin/download_pkg | 160 +++++++ alpine/prebuilds/usr/sbin/install_pkg | 53 +++ alpine/prebuilds/usr/sbin/select_source | 6 + 25 files changed, 1703 insertions(+) create mode 100644 alpine/Dockerfile create mode 100644 alpine/customer/usr/local/bin/appcommon.sh create mode 100755 alpine/customer/usr/local/bin/entry.sh create mode 100755 alpine/customer/usr/local/bin/init.sh create mode 100755 alpine/customer/usr/local/bin/run.sh create mode 100755 alpine/customer/usr/local/bin/setup.sh create mode 100644 alpine/customer/usr/local/overrides/overrides-x.x.x.sh create mode 100755 alpine/customer/usr/sbin/create_user create mode 100755 alpine/customer/usr/sbin/prepare_env create mode 100644 alpine/prebuilds/etc/apk/repositories.aliyun create mode 100644 alpine/prebuilds/etc/apk/repositories.default create mode 100644 alpine/prebuilds/etc/apk/repositories.huawei create mode 100644 alpine/prebuilds/etc/apk/repositories.tencent create mode 100644 alpine/prebuilds/etc/apk/repositories.ustc create mode 100644 alpine/prebuilds/usr/local/license/LICENSE create mode 100644 alpine/prebuilds/usr/local/scripts/libcommon.sh create mode 100644 alpine/prebuilds/usr/local/scripts/libfile.sh create mode 100644 alpine/prebuilds/usr/local/scripts/libfs.sh create mode 100644 alpine/prebuilds/usr/local/scripts/liblog.sh create mode 100644 alpine/prebuilds/usr/local/scripts/libos.sh create mode 100644 alpine/prebuilds/usr/local/scripts/libservice.sh create mode 100644 alpine/prebuilds/usr/local/scripts/libvalidations.sh create mode 100755 alpine/prebuilds/usr/sbin/download_pkg create mode 100755 alpine/prebuilds/usr/sbin/install_pkg create mode 100755 alpine/prebuilds/usr/sbin/select_source diff --git a/alpine/Dockerfile b/alpine/Dockerfile new file mode 100644 index 0000000..79e88d1 --- /dev/null +++ b/alpine/Dockerfile @@ -0,0 +1,102 @@ +# Ver: 1.2 by Endial Fang (endial@126.com) +# + +# 预处理 ========================================================================= +FROM colovu/abuilder as builder + +# sources.list 可使用版本:default / tencent / ustc / aliyun / huawei +ARG apt_source=default + +# 编译镜像时指定用于加速的本地服务器地址 +ARG local_url="" + +WORKDIR /usr/local + +RUN select_source ${apt_source}; + +# 下载并解压软件包 +#RUN set -eux; \ +# appVersion=1.12; \ +# appName=gosu-"$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ +# appKeys="0xB42F6819007F00F88E364FD4036A9C25BF357DD4"; \ +# [ ! -z ${local_url} ] && localURL=${local_url}/gosu; \ +# appUrls="${localURL:-} \ +# https://github.com/tianon/gosu/releases/download/${appVersion} \ +# "; \ +# download_pkg install ${appName} "${appUrls}" -g "${appKeys}"; \ +# chmod +x /usr/local/bin/${appName}; + +# 源码编译软件包 +#RUN set -eux; \ +# 源码编译方式安装: 编译后将原始配置文件拷贝至 ${APP_DEF_DIR} 中 +# APP_SRC="/usr/local/src/${APP_NAME}-${APP_VERSION}"; \ +# mkdir -p ${APP_SRC}; \ +# tar --extract --file "${DIST_NAME}" --directory "${APP_SRC}" --strip-components 1; \ +# cd ${APP_SRC}; \ +# ./configure ; \ +# make -j "$(nproc)"; \ +# make install; \ +# cp -rf ./conf/* ${APP_DEF_DIR}/; + + +# 镜像生成 ======================================================================== +FROM colovu/alpine:3.12 + +ARG apt_source=default +ARG local_url="" + +ENV APP_NAME=test \ + APP_USER=builder \ + APP_EXEC=/bin/bash \ + APP_VERSION=1.0.0 + +ENV APP_HOME_DIR=/usr/local/${APP_NAME} \ + APP_DEF_DIR=/etc/${APP_NAME} \ + APP_CONF_DIR=/srv/conf/${APP_NAME} \ + APP_DATA_DIR=/srv/data/${APP_NAME} \ + APP_DATA_LOG_DIR=/srv/datalog/${APP_NAME} \ + APP_CACHE_DIR=/var/cache/${APP_NAME} \ + APP_RUN_DIR=/var/run/${APP_NAME} \ + APP_LOG_DIR=/var/log/${APP_NAME} \ + APP_CERT_DIR=/srv/cert/${APP_NAME} + +ENV \ + PATH="${APP_HOME_DIR}/bin:${PATH}" + +LABEL \ + "Version"="v${APP_VERSION}" \ + "Description"="Docker image for ${APP_NAME}(v${APP_VERSION})." \ + "Dockerfile"="https://github.com/colovu/docker-${APP_NAME}" \ + "Vendor"="Endial Fang (endial@126.com)" + +COPY prebuilds / +COPY customer / + +# 以包管理方式安装软件包(Optional) +#RUN select_source ${apt_source} +#RUN install_pkg bash tini sudo + +RUN create_user && prepare_env + +# 从预处理过程中拷贝软件包(Optional) +#COPY --from=0 /usr/local/bin/gosu-amd64 /usr/local/bin/gosu +#COPY --from=builder /usr/local/bin/gosu-amd64 /usr/local/bin/gosu + +# 执行预处理脚本,并验证安装的软件包 +RUN set -eux; \ + override_file="/usr/local/overrides/overrides-${APP_VERSION}.sh"; \ + [[ -e "${override_file}" ]] && /bin/bash "${override_file}"; \ + gosu ${APP_USER} ${APP_EXEC} --version ; \ + :; + +# 默认提供的数据卷 +VOLUME ["/srv/conf", "/srv/data", "/srv/datalog", "/srv/cert", "/var/log"] + +# 默认使用gosu切换为新建用户启动,必须保证端口在1024之上 +EXPOSE 8080 + +# 容器初始化命令,默认存放在:/usr/local/bin/entry.sh +ENTRYPOINT ["entry.sh"] + +# 应用程序的服务命令,必须使用非守护进程方式运行。如果使用变量,则该变量必须在运行环境中存在(ENV可以获取) +CMD ["${APP_EXEC}"] diff --git a/alpine/customer/usr/local/bin/appcommon.sh b/alpine/customer/usr/local/bin/appcommon.sh new file mode 100644 index 0000000..eff64ca --- /dev/null +++ b/alpine/customer/usr/local/bin/appcommon.sh @@ -0,0 +1,408 @@ +#!/bin/bash +# Ver: 1.0 by Endial Fang (endial@126.com) +# +# 应用通用业务处理函数 + +# 加载依赖脚本 + +. /usr/local/scripts/libcommon.sh # 通用函数库 + +. /usr/local/scripts/libfile.sh +. /usr/local/scripts/libfs.sh +. /usr/local/scripts/libos.sh +. /usr/local/scripts/libservice.sh +. /usr/local/scripts/libvalidations.sh + +# 函数列表 + +# 加载应用使用的环境变量初始值,该函数在相关脚本中以 eval 方式调用 +# 全局变量: +# ENV_* : 容器使用的全局变量 +# APP_* : 在镜像创建时定义的全局变量 +# *_* : 应用配置文件使用的全局变量,变量名根据配置项定义 +# 返回值: +# 可以被 'eval' 使用的序列化输出 +app_env() { + cat <<-'EOF' + # Common Settings + export ENV_DEBUG=${ENV_DEBUG:-false} + # Paths configuration + # Application settings + # Cluster configuration + # TLS Settings + # JVM settings + # Authentication +EOF + + # 利用 *_FILE 设置密码,不在配置命令中设置密码,增强安全性 + if [[ -f "${APP_CLIENT_PASSWORD_FILE:-}" ]]; then + cat <<-'EOF' + export APP_CLIENT_PASSWORD="$(< "${APP_CLIENT_PASSWORD_FILE}")" +EOF + fi +} + +# 使用环境变量中以 "APP_CFG_" 开头的的全局变量更新配置文件中对应项(全小写,以"."分隔) +# 举例: +# APP_CFG_LOG_DIRS 对应配置文件中的配置项:log.dirs +app_configure_from_env_variables() { + # Map environment variables to config properties + for var in "${!APP_CFG_@}"; do + key="$(echo "$var" | sed -e 's/^APP_CFG_//g' -e 's/_/\./g' | tr '[:upper:]' '[:lower:]')" + value="${!var}" + app_conf_set "$key" "$value" + done +} + +# 将变量配置更新至配置文件 +# 参数: +# $1 - 文件 +# $2 - 变量 +# $3 - 值(列表) +app_common_conf_set() { + local file="${1:?missing file}" + local key="${2:?missing key}" + shift + shift + local values=("$@") + + if [[ "${#values[@]}" -eq 0 ]]; then + LOG_E "missing value" + return 1 + elif [[ "${#values[@]}" -ne 1 ]]; then + for i in "${!values[@]}"; do + app_common_conf_set "$file" "${key[$i]}" "${values[$i]}" + done + else + value="${values[0]}" + # Check if the value was set before + if grep -q "^[#\\s]*$key\s*=.*" "$file"; then + # Update the existing key + replace_in_file "$file" "^[#\\s]*${key}\s*=.*" "${key}=${value}" false + else + # 增加一个新的配置项;如果在其他位置有类似操作,需要注意换行 + printf "%s=%s" "$key" "$value" >>"$file" + fi + fi +} + +# 更新 server.properties 配置文件中指定变量值 +# 变量: +# $1 - 变量 +# $2 - 值(列表) +app_conf_set() { + app_common_conf_set "${APP_CONF_DIR}/zoo.cfg" "$@" +} + +# 更新 log4j.properties 配置文件中指定变量值 +# 变量: +# $1 - 变量 +# $2 - 值(列表) +app_log4j_set() { + app_common_conf_set "${APP_CONF_DIR}/log4j.properties" "$@" +} + +# 生成默认配置文件 +app_generate_conf() { + # 准备原始默认配置文件或生成空文件 + cp "${APP_CONF_DIR}/app_sample.cfg" "${APP_CONF_FILE}" + + echo "">> "${APP_CONF_FILE}" + + # 根据容器参数,设置配置文件 + app_log4j_set "zookeeper.console.threshold" "${ZOO_LOG_LEVEL}" + app_log4j_set "zookeeper.log.dir" "${APP_LOG_DIR}" +} + +# 设置环境变量 JVMFLAGS +# 参数: +# $1 - value +app_export_jvmflags() { + local -r value="${1:?value is required}" + + export JVMFLAGS="${JVMFLAGS} ${value}" + echo "export JVMFLAGS=\"${JVMFLAGS}\"" > "${APP_CONF_DIR}/java.env" +} + +# 配置 HEAP 大小 +# 参数: +# $1 - HEAP 大小 +app_configure_heap_size() { + local -r heap_size="${1:?heap_size is required}" + + if [[ "${JVMFLAGS}" =~ -Xm[xs].*-Xm[xs] ]]; then + LOG_D "Using specified values (JVMFLAGS=${JVMFLAGS})" + else + LOG_D "Setting '-Xmx${heap_size}m -Xms${heap_size}m' heap options..." + app_export_jvmflags "-Xmx${heap_size}m -Xms${heap_size}m" + fi +} + +# 检测用户参数信息是否满足条件; 针对部分权限过于开放情况,打印提示信息 +app_verify_minimum_env() { + local error_code=0 + + LOG_D "Validating settings in APP_* env vars..." + + print_validation_error() { + LOG_E "$1" + error_code=1 + } + + # 检测认证设置。如果不允许匿名登录,检测登录用户名及密码是否设置 +# if is_boolean_yes "$ALLOW_ANONYMOUS_LOGIN"; then +# LOG_W "You have set the environment variable ALLOW_ANONYMOUS_LOGIN=${ALLOW_ANONYMOUS_LOGIN}. For safety reasons, do not use this flag in a production environment." +# elif ! is_boolean_yes "$ZOO_ENABLE_AUTH"; then +# print_validation_error "The ZOO_ENABLE_AUTH environment variable does not configure authentication. Set the environment variable ALLOW_ANONYMOUS_LOGIN=yes to allow unauthenticated users to connect to ZooKeeper." +# fi + + # TODO: 其他参数检测 + + [[ "$error_code" -eq 0 ]] || exit "$error_code" +} + +# 更改默认监听地址为 "*" 或 "0.0.0.0",以对容器外提供服务;默认配置文件应当为仅监听 localhost(127.0.0.1) +app_enable_remote_connections() { + LOG_D "Modify default config to enable all IP access" + +} + +# 检测依赖的服务端口是否就绪;该脚本依赖系统工具 'netcat' +# 参数: +# $1 - host:port +app_wait_service() { + local serviceport=${1:?Missing server info} + local service=${serviceport%%:*} + local port=${serviceport#*:} + local retry_seconds=5 + local max_try=100 + let i=1 + + if [[ -z "$(which nc)" ]]; then + LOG_E "Nedd nc installed before, command: \"apk add netcat-openbsd\"." + exit 1 + fi + + LOG_I "[0/${max_try}] check for ${service}:${port}..." + + set +e + nc -z ${service} ${port} + result=$? + + until [ $result -eq 0 ]; do + LOG_D " [$i/${max_try}] not available yet" + if (( $i == ${max_try} )); then + LOG_E "${service}:${port} is still not available; giving up after ${max_try} tries." + exit 1 + fi + + LOG_I "[$i/${max_try}] try in ${retry_seconds}s once again ..." + let "i++" + sleep ${retry_seconds} + + nc -z ${service} ${port} + result=$? + done + + set -e + LOG_I "[$i/${max_try}] ${service}:${port} is available." +} + +# 以后台方式启动应用服务,并等待启动就绪 +app_start_server_bg() { + is_app_server_running && return + LOG_I "Starting ${APP_NAME} in background..." + + # 使用内置脚本启动服务 + #local start_command="zkServer.sh start" + #if is_boolean_yes "${ENV_DEBUG}"; then + # $start_command & + #else + # $start_command >/dev/null 2>&1 & + #fi + + # 使用内置命令启动服务 + # if [[ "${ENV_DEBUG:-false}" = true ]]; then + # debug_execute "rabbitmq-server" & + #else + # debug_execute "rabbitmq-server" >/dev/null 2>&1 & + #fi + + # 通过命令或特定端口检测应用是否就绪 + LOG_I "Checking ${APP_NAME} ready status..." + # wait-for-port --timeout 60 "$ZOO_PORT_NUMBER" + + LOG_D "${APP_NAME} is ready for service..." +} + +# 停止应用服务 +app_stop_server() { + is_app_server_running || return + LOG_I "Stopping ${APP_NAME}..." + + # 使用 PID 文件 kill 进程 + stop_service_using_pid "$APP_PID_FILE" + + # 使用内置命令停止服务 + #debug_execute "rabbitmqctl" stop + + # 使用内置脚本关闭服务 + #if [[ "$ENV_DEBUG" = true ]]; then + # "zkServer.sh" stop + #else + # "zkServer.sh" stop >/dev/null 2>&1 + #fi + + # 检测停止是否完成 + local counter=10 + while [[ "$counter" -ne 0 ]] && is_app_server_running; do + LOG_D "Waiting for ${APP_NAME} to stop..." + sleep 1 + counter=$((counter - 1)) + done +} + +# 检测应用服务是否在后台运行中 +is_app_server_running() { + LOG_D "Check if ${APP_NAME} is running..." + local pid + pid="$(get_pid_from_file '/var/run/${APP_NAME}/${APP_NAME}.pid')" + + if [[ -z "${pid}" ]]; then + false + else + is_service_running "${pid}" + fi +} + +# 清理初始化应用时生成的临时文件 +app_clean_tmp_file() { + LOG_D "Clean ${APP_NAME} tmp files for init..." + +} + +# 在重新启动容器时,删除标志文件及必须删除的临时文件 (容器重新启动) +app_clean_from_restart() { + LOG_D "Clean ${APP_NAME} tmp files for restart..." + local -r -a files=( + "/var/run/${APP_NAME}/${APP_NAME}.pid" + ) + + for file in ${files[@]}; do + if [[ -f "$file" ]]; then + LOG_I "Cleaning stale $file file" + rm "$file" + fi + done +} + +# 应用默认初始化操作 +# 执行完毕后,生成文件 ${APP_CONF_DIR}/.app_init_flag 及 ${APP_DATA_DIR}/.data_init_flag 文件 +app_default_init() { + app_clean_from_restart + LOG_D "Check init status of ${APP_NAME}..." + + # 检测配置文件是否存在 + if [[ ! -f "${APP_CONF_DIR}/.app_init_flag" ]]; then + LOG_I "No injected configuration file found, creating default config files..." + + # TODO: 生成配置文件,并按照容器运行参数进行相应修改 + + touch ${APP_CONF_DIR}/.app_init_flag + echo "$(date '+%Y-%m-%d %H:%M:%S') : Init success." >> ${APP_CONF_DIR}/.app_init_flag + else + LOG_I "User injected custom configuration detected!" + fi + + if [[ ! -f "${APP_DATA_DIR}/.data_init_flag" ]]; then + LOG_I "Deploying ${APP_NAME} from scratch..." + + # 检测服务是否运行中如果未运行,则启动后台服务 + is_app_server_running || app_start_server_bg + + # TODO: 根据需要生成相应初始化数据 + + touch ${APP_DATA_DIR}/.data_init_flag + echo "$(date '+%Y-%m-%d %H:%M:%S') : Init success." >> ${APP_DATA_DIR}/.data_init_flag + else + LOG_I "Deploying ${APP_NAME} with persisted data..." + fi +} + +# 用户自定义的前置初始化操作,依次执行目录 preinitdb.d 中的初始化脚本 +# 执行完毕后,生成文件 ${APP_DATA_DIR}/.custom_preinit_flag +app_custom_preinit() { + LOG_D "Check custom pre-init status of ${APP_NAME}..." + + # 检测用户配置文件目录是否存在 preinitdb.d 文件夹,如果存在,尝试执行目录中的初始化脚本 + if [ -d "/srv/conf/${APP_NAME}/preinitdb.d" ]; then + # 检测数据存储目录是否存在已初始化标志文件;如果不存在,检索可执行脚本文件并进行初始化操作 + if [[ -n $(find "/srv/conf/${APP_NAME}/preinitdb.d/" -type f -regex ".*\.\(sh\)") ]] && \ + [[ ! -f "${APP_DATA_DIR}/.custom_preinit_flag" ]]; then + LOG_I "Process custom pre-init scripts from /srv/conf/${APP_NAME}/preinitdb.d..." + + # 检索所有可执行脚本,排序后执行 + find "/srv/conf/${APP_NAME}/preinitdb.d/" -type f -regex ".*\.\(sh\)" | sort | process_init_files + + touch ${APP_DATA_DIR}/.custom_preinit_flag + echo "$(date '+%Y-%m-%d %H:%M:%S') : Init success." >> ${APP_DATA_DIR}/.custom_preinit_flag + LOG_I "Custom preinit for ${APP_NAME} complete." + else + LOG_I "Custom preinit for ${APP_NAME} already done before, skipping initialization." + fi + fi + + # 检测依赖的服务是否就绪 + #for i in ${SERVICE_PRECONDITION[@]}; do + # app_wait_service "${i}" + #done +} + +# 用户自定义的应用初始化操作,依次执行目录initdb.d中的初始化脚本 +# 执行完毕后,生成文件 ${APP_DATA_DIR}/.custom_init_flag +app_custom_init() { + LOG_D "Check custom init status of ${APP_NAME}..." + + # 检测用户配置文件目录是否存在 initdb.d 文件夹,如果存在,尝试执行目录中的初始化脚本 + if [ -d "/srv/conf/${APP_NAME}/initdb.d" ]; then + # 检测数据存储目录是否存在已初始化标志文件;如果不存在,检索可执行脚本文件并进行初始化操作 + if [[ -n $(find "/srv/conf/${APP_NAME}/initdb.d/" -type f -regex ".*\.\(sh\|sql\|sql.gz\)") ]] && \ + [[ ! -f "${APP_DATA_DIR}/.custom_init_flag" ]]; then + LOG_I "Process custom init scripts from /srv/conf/${APP_NAME}/initdb.d..." + + # 检测服务是否运行中;如果未运行,则启动后台服务 + is_app_server_running || app_start_server_bg + + # 检索所有可执行脚本,排序后执行 + find "/srv/conf/${APP_NAME}/initdb.d/" -type f -regex ".*\.\(sh\|sql\|sql.gz\)" | sort | while read -r f; do + case "$f" in + *.sh) + if [[ -x "$f" ]]; then + LOG_D "Executing $f"; "$f" + else + LOG_D "Sourcing $f"; . "$f" + fi + ;; + #*.sql) LOG_D "Executing $f"; postgresql_execute "$PG_DATABASE" "$PG_INITSCRIPTS_USERNAME" "$PG_INITSCRIPTS_PASSWORD" < "$f";; + #*.sql.gz) LOG_D "Executing $f"; gunzip -c "$f" | postgresql_execute "$PG_DATABASE" "$PG_INITSCRIPTS_USERNAME" "$PG_INITSCRIPTS_PASSWORD";; + *) LOG_D "Ignoring $f" ;; + esac + done + + touch ${APP_DATA_DIR}/.custom_init_flag + echo "$(date '+%Y-%m-%d %H:%M:%S') : Init success." >> ${APP_DATA_DIR}/.custom_init_flag + LOG_I "Custom init for ${APP_NAME} complete." + else + LOG_I "Custom init for ${APP_NAME} already done before, skipping initialization." + fi + fi + + # 检测服务是否运行中;如果运行,则停止后台服务 + is_app_server_running && app_stop_server + + # 删除第一次运行生成的临时文件 + app_clean_tmp_file + + # 绑定所有 IP ,启用远程访问 + app_enable_remote_connections +} diff --git a/alpine/customer/usr/local/bin/entry.sh b/alpine/customer/usr/local/bin/entry.sh new file mode 100755 index 0000000..31dd8ac --- /dev/null +++ b/alpine/customer/usr/local/bin/entry.sh @@ -0,0 +1,34 @@ +#!/bin/bash +# Ver: 1.0 by Endial Fang (endial@126.com) +# +# 容器入口脚本 + +# 设置 shell 执行参数,可使用'-'(打开)'+'(关闭)控制。常用: +# -e: 命令执行错误则报错; -u: 变量未定义则报错; -x: 打印实际待执行的命令行; -o pipefail: 设置管道中命令遇到失败则报错 +set -eu +set -o pipefail + +. /usr/local/bin/appcommon.sh # 应用专用函数库 + +eval "$(app_env)" +LOG_I "** Processing entry.sh **" + +if ! is_sourced; then + # 替换命令行中的变量 + set -- $(eval echo "$@") + + [ "${1:0:1}" = '-' ] && set -- "${APP_EXEC:-}" "$@" + + print_image_welcome + print_command_help "$@" + + if [ "$1" = "${APP_EXEC}" ] && is_root; then + /usr/local/bin/setup.sh + + LOG_I "Restart with non-root user: ${APP_USER:-APP_NAME}\n" + exec gosu "${APP_USER:-APP_NAME}" "$0" "$@" + fi + + LOG_I "Start container with command: $@" + exec tini -- "$@" +fi diff --git a/alpine/customer/usr/local/bin/init.sh b/alpine/customer/usr/local/bin/init.sh new file mode 100755 index 0000000..727d9fa --- /dev/null +++ b/alpine/customer/usr/local/bin/init.sh @@ -0,0 +1,25 @@ +#!/bin/bash +# Ver: 1.0 by Endial Fang (endial@126.com) +# +# 应用初始化脚本 + +# 设置 shell 执行参数,可使用'-'(打开)'+'(关闭)控制。常用: +# -e: 命令执行错误则报错; -u: 变量未定义则报错; -x: 打印实际待执行的命令行; -o pipefail: 设置管道中命令遇到失败则报错 +set -eu +set -o pipefail + +. /usr/local/bin/appcommon.sh # 应用专用函数库 + +eval "$(app_env)" +LOG_I "** Processing init.sh **" + +# 执行应用预初始化操作 +app_custom_preinit + +# 执行应用初始化操作 +app_default_init + +# 执行用户自定义初始化脚本 +app_custom_init + +LOG_I "** Processing init.sh finished! **" diff --git a/alpine/customer/usr/local/bin/run.sh b/alpine/customer/usr/local/bin/run.sh new file mode 100755 index 0000000..73dc478 --- /dev/null +++ b/alpine/customer/usr/local/bin/run.sh @@ -0,0 +1,25 @@ +#!/bin/bash +# Ver: 1.0 by Endial Fang (endial@126.com) +# +# 应用启动脚本 + +# 设置 shell 执行参数,可使用'-'(打开)'+'(关闭)控制。常用: +# -e: 命令执行错误则报错; -u: 变量未定义则报错; -x: 打印实际待执行的命令行; -o pipefail: 设置管道中命令遇到失败则报错 +set -eu +set -o pipefail + +. /usr/local/bin/appcommon.sh # 应用专用函数库 + +eval "$(app_env)" +LOG_I "** Processing run.sh **" + +flags=("${APP_CONF_FILE:-}") +[[ -z "${APP_EXTRA_FLAGS:-}" ]] || flags=("${flags[@]}" "${APP_EXTRA_FLAGS[@]}") +START_COMMAND=("${APP_EXEC:-/bin/bash}" "${flags[@]}") + +LOG_I "** Starting ${APP_NAME} **" +if is_root; then + exec gosu "${APP_USER:-APP_NAME}" tini -s -- "${START_COMMAND[@]}" +else + exec tini -s -- "${START_COMMAND[@]}" +fi diff --git a/alpine/customer/usr/local/bin/setup.sh b/alpine/customer/usr/local/bin/setup.sh new file mode 100755 index 0000000..ae59c47 --- /dev/null +++ b/alpine/customer/usr/local/bin/setup.sh @@ -0,0 +1,37 @@ +#!/bin/bash +# Ver: 1.0 by Endial Fang (endial@126.com) +# +# 应用环境及依赖文件设置脚本 + +# 设置 shell 执行参数,可使用'-'(打开)'+'(关闭)控制。常用: +# -e: 命令执行错误则报错; -u: 变量未定义则报错; -x: 打印实际待执行的命令行; -o pipefail: 设置管道中命令遇到失败则报错 +set -eu +set -o pipefail + +. /usr/local/bin/appcommon.sh # 应用专用函数库 + +eval "$(app_env)" +LOG_I "** Processing setup.sh **" + +APP_DIRS="${APP_CONF_DIR:-} ${APP_DATA_DIR:-} ${APP_LOG_DIR:-} ${APP_CERT_DIR:-} ${APP_DATA_LOG_DIR:-}" +for dir in ${APP_DIRS}; do + ensure_dir_exists ${dir} +done + +app_verify_minimum_env + +# 检测指定文件是否在配置文件存储目录存在,如果不存在则拷贝(新挂载数据卷、手动删除都会导致不存在) +LOG_I "Check config files in: ${APP_CONF_DIR}" +if [[ ! -z "$(ls -A "${APP_DEF_DIR}")" ]]; then + ensure_config_file_exist "${APP_DEF_DIR}" $(ls -A "${APP_DEF_DIR}") +fi + +for dir in ${APP_DIRS}; do + configure_permissions_ownership "$dir" -u "${APP_USER}" -g "${APP_USER}" +done + +# 解决使用gosu后,nginx: [emerg] open() "/dev/stdout" failed (13: Permission denied) +LOG_D "Change permissions of stdout/stderr to 0622" +chmod 0622 /dev/stdout /dev/stderr + +LOG_I "** Processing setup.sh finished! **" diff --git a/alpine/customer/usr/local/overrides/overrides-x.x.x.sh b/alpine/customer/usr/local/overrides/overrides-x.x.x.sh new file mode 100644 index 0000000..939603d --- /dev/null +++ b/alpine/customer/usr/local/overrides/overrides-x.x.x.sh @@ -0,0 +1,11 @@ +#!/bin/bash -e +# Ver: 1.0 by Endial Fang (endial@126.com) +# +# 在安装完应用后,使用该脚本修改默认配置文件中部分配置项; 如果相应的配置项已经定义为容器环境变量,则不需要在这里修改 + +# 定义要修改的文件 +CONF_FILE="${APP_DEF_DIR}/config/server.properties" + +echo "Process overrides for: ${CONF_FILE}" +#sed -i -E 's/^listeners=/d' "${CONF_FILE}" +#sed -i -E 's/^log.dirs=\/tmp\/kafka-logs*/log.dirs=\/var\/log\/kafka/g' "${CONF_FILE}" diff --git a/alpine/customer/usr/sbin/create_user b/alpine/customer/usr/sbin/create_user new file mode 100755 index 0000000..5770ee6 --- /dev/null +++ b/alpine/customer/usr/sbin/create_user @@ -0,0 +1,9 @@ +#!/bin/bash +# shell 执行参数,分别为 -e(命令执行错误则退出脚本) -u(变量未定义则报错) -x(打印实际待执行的命令行) +set -eux +addgroup -g 998 -S ${APP_USER} +adduser -g 998 -u 999 -s /bin/bash -h ${APP_DATA_DIR} -D -S ${APP_USER} + +# 如果需要 sudo 权限,需要安装 su 软件包:apk add sudo +#sed -i -e 's/^\sDefaults\s*secure_path\s*=/# Defaults secure_path=/' /etc/sudoers +#echo 'builder ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers diff --git a/alpine/customer/usr/sbin/prepare_env b/alpine/customer/usr/sbin/prepare_env new file mode 100755 index 0000000..05811a5 --- /dev/null +++ b/alpine/customer/usr/sbin/prepare_env @@ -0,0 +1,8 @@ +#!/bin/bash +# shell 执行参数,分别为 -e(命令执行错误则退出脚本) -u(变量未定义则报错) -x(打印实际待执行的命令行) +set -eux + +APP_DIRS="${APP_DEF_DIR:-} ${APP_CONF_DIR:-} ${APP_DATA_DIR:-} ${APP_CACHE_DIR:-} ${APP_RUN_DIR:-} ${APP_LOG_DIR:-} ${APP_CERT_DIR:-} ${APP_HOME_DIR:-}" + +mkdir -p ${APP_DIRS} +chown -Rf ${APP_USER}:${APP_USER} ${APP_DIRS}; diff --git a/alpine/prebuilds/etc/apk/repositories.aliyun b/alpine/prebuilds/etc/apk/repositories.aliyun new file mode 100644 index 0000000..817c5d5 --- /dev/null +++ b/alpine/prebuilds/etc/apk/repositories.aliyun @@ -0,0 +1,2 @@ +http://mirrors.aliyun.com/alpine/v3.12/main +http://mirrors.aliyun.com/alpine/v3.12/community diff --git a/alpine/prebuilds/etc/apk/repositories.default b/alpine/prebuilds/etc/apk/repositories.default new file mode 100644 index 0000000..1ad9e4f --- /dev/null +++ b/alpine/prebuilds/etc/apk/repositories.default @@ -0,0 +1,2 @@ +http://dl-cdn.alpinelinux.org/alpine/v3.12/main +http://dl-cdn.alpinelinux.org/alpine/v3.12/community diff --git a/alpine/prebuilds/etc/apk/repositories.huawei b/alpine/prebuilds/etc/apk/repositories.huawei new file mode 100644 index 0000000..9640c9b --- /dev/null +++ b/alpine/prebuilds/etc/apk/repositories.huawei @@ -0,0 +1,2 @@ +http://mirrors.huaweicloud.com/alpine/v3.12/main +http://mirrors.huaweicloud.com/alpine/v3.12/community diff --git a/alpine/prebuilds/etc/apk/repositories.tencent b/alpine/prebuilds/etc/apk/repositories.tencent new file mode 100644 index 0000000..cce0b79 --- /dev/null +++ b/alpine/prebuilds/etc/apk/repositories.tencent @@ -0,0 +1,2 @@ +http://mirrors.cloud.tencent.com/alpine/v3.12/main +http://mirrors.cloud.tencent.com/alpine/v3.12/community diff --git a/alpine/prebuilds/etc/apk/repositories.ustc b/alpine/prebuilds/etc/apk/repositories.ustc new file mode 100644 index 0000000..efbdede --- /dev/null +++ b/alpine/prebuilds/etc/apk/repositories.ustc @@ -0,0 +1,2 @@ +http://mirrors.ustc.edu.cn/alpine/v3.12/main +http://mirrors.ustc.edu.cn/alpine/v3.12/community diff --git a/alpine/prebuilds/usr/local/license/LICENSE b/alpine/prebuilds/usr/local/license/LICENSE new file mode 100644 index 0000000..80e3bb7 --- /dev/null +++ b/alpine/prebuilds/usr/local/license/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2020 Endial Fang (endial@126.com) + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/alpine/prebuilds/usr/local/scripts/libcommon.sh b/alpine/prebuilds/usr/local/scripts/libcommon.sh new file mode 100644 index 0000000..4b10d1f --- /dev/null +++ b/alpine/prebuilds/usr/local/scripts/libcommon.sh @@ -0,0 +1,119 @@ +#!/bin/bash +# Ver: 1.3 by Endial Fang (endial@126.com) +# +# 通用函数库 + +# 加载依赖项 +. /usr/local/scripts/liblog.sh # 日志输出函数库 + +# 函数列表 + +# 打印包含包含Logo的欢迎信息 +print_welcome_info() { + [[ -n "${APP_NAME}" ]] && github_url="/docker-${APP_NAME}" + + LOG_I ' ____ _ ' + LOG_I ' / ___|___ | | _____ ___ _ ' + LOG_I '| | / _ \| |/ _ \ \ / / | | | '"Docker : ${BOLD}${APP_NAME:-undefined}${RESET}" + LOG_I '| |__| (_) | | (_) \ V /| |_| | '"Version: ${BOLD}${APP_VERSION:-0.0}${RESET}" + LOG_I ' \____\___/|_|\___/ \_/ \__,_| '"PowerBy: ${BOLD}Endial@126.com${RESET}" + LOG_D " Project Repo: https://github.com/colovu/${github_url:-}" + LOG_I "" +} + +# 根据需要打印欢迎信息 +print_image_welcome() { + if [[ "$(id -u)" = "0" ]]; then + print_welcome_info + fi +} + +# 检测可能导致容器执行后直接退出的命令,如"--help";如果存在,直接返回 0 +# 参数: +# $1 - 待检测的参数表 +print_command_help() { + local arg + for arg; do + case "$arg" in + -'?'|--help|-V|--version) + exec "${APP_EXEC:-/bin/bash}" "${arg}" + exit + ;; + esac + done +} + +# 检测应用相应的配置文件是否存在,如果不存在,则从默认配置文件目录拷贝一份 +# 默认配置文件路径:/etc/${APP_NAME} +# 目标配置文件路径:/srv/conf/${APP_NAME} +# 参数: +# $1 - 基础路径 +# $* - 基础路径下的文件及目录列表,以" "分割 +# 例子: +# ensure_config_file_exist /etc/${APP_NAME} conf.d server.conf +ensure_config_file_exist() { + local -r base_path="${1:?paths is missing}" + local f="" + local dist="" + + shift 1 + LOG_D "List to check: $@" + while [ "$#" -gt 0 ]; do + f="${1}" + LOG_D " Process \"${f}\"" + if [ -d "${base_path}/${f}" ]; then + dist="$(echo ${base_path}/${f} | sed -e 's/\/etc/\/srv\/conf/g')" + [[ ! -d "${dist}" ]] && LOG_D " Create directory: ${dist}" && mkdir -p "${dist}" + [[ ! -z $(ls -A "${base_path}/${f}") ]] && ensure_config_file_exist "${base_path}/${f}" $(ls -A "${base_path}/${f}") + else + dist="$(echo ${base_path}/${f} | sed -e 's/\/etc/\/srv\/conf/g')" + [[ ! -e "${dist}" ]] && LOG_D " Copy: ${base_path}/${f} ===> ${dist}" && cp "${base_path}/${f}" "${dist}" && rm -rf "/srv/conf/${APP_NAME}/.app_init_flag" + fi + shift + done +} + +# 根据脚本扩展名及权限,执行相应的初始化脚本 +# 参数: +# $1 - 文件列表,支持路径通配符 +# 使用: +# process_init_files [file [file [...]]] +# 例子: +# process_init_files /src/conf/${APP_NAME}/initdb.d/* +process_init_files() { + echo + local f + for f; do + case "$f" in + *.sh) + if [ -x "$f" ]; then + LOG_I "$0: running $f" + "$f" + else + LOG_I "$0: sourcing $f" + . "$f" + fi + ;; + *) LOG_W "$0: ignoring $f" ;; + esac + echo + done +} + +# 检测当前是否为 root 用户 +is_root() { + if [[ "$(id -u)" = "0" ]]; then + LOG_D "Run as root." + true + else + LOG_D "Run as non-root: $(id -u)" + false + fi +} + +# 检测当前脚本是被直接执行的,还是从其他脚本中使用 "source" 调用的 +is_sourced() { + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = 'is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} diff --git a/alpine/prebuilds/usr/local/scripts/libfile.sh b/alpine/prebuilds/usr/local/scripts/libfile.sh new file mode 100644 index 0000000..1e664c1 --- /dev/null +++ b/alpine/prebuilds/usr/local/scripts/libfile.sh @@ -0,0 +1,78 @@ +#!/bin/bash +# Ver: 1.0 by Endial Fang (endial@126.com) +# +# 文件操作函数库 + +# 加载依赖项 +. /usr/local/scripts/liblog.sh # 日志输出函数库 + +# 函数列表 + +# 检测"*_FILE"文件,并从文件中读取信息作为参数值;环境变量不允许 VAR 与 VAR_FILE 方式并存 +# 变量: +# $1 - 需要设置的环境变量名称 +# $2 - 该变量对应的默认值(Option) +# +# 使用: file_env ENV_VAR [DEFAULT] +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + LOG_E "Both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + + export "$var"="$val" + unset "$fileVar" +} + +# 使用规则表达式在文件中替换数据 +# 参数: +# $1 - 文件名 +# $2 - 正则表达式 +# $3 - 替代数据表达式 +# $4 - 是否使用POSIX表达式. Default: true +replace_in_file() { + local filename="${1:?filename is required}" + local match_regex="${2:?match regex is required}" + local substitute_regex="${3:?substitute regex is required}" + local posix_regex=${4:-true} + + local result + + # 因部分系统兼容性问题,需要防止使用 'sed in-place' 方式操作 + if [[ $posix_regex = true ]]; then + result="$(sed -E "s@$match_regex@$substitute_regex@g" "$filename")" + else + result="$(sed "s@$match_regex@$substitute_regex@g" "$filename")" + fi + echo "$result" > "$filename" +} + +# 使用规则表达式在文件中删除数据 +# 参数: +# $1 - 文件名 +# $2 - 正则表达式 +# $3 - 是否使用POSIX表达式. Default: true +remove_in_file() { + local filename="${1:?filename is required}" + local match_regex="${2:?match regex is required}" + local posix_regex=${3:-true} + local result + + # 因部分系统兼容性问题,需要防止使用 'sed in-place' 方式操作 + if [[ $posix_regex = true ]]; then + result="$(sed -E "/$match_regex/d" "$filename")" + else + result="$(sed "/$match_regex/d" "$filename")" + fi + echo "$result" > "$filename" +} diff --git a/alpine/prebuilds/usr/local/scripts/libfs.sh b/alpine/prebuilds/usr/local/scripts/libfs.sh new file mode 100644 index 0000000..1f3c60d --- /dev/null +++ b/alpine/prebuilds/usr/local/scripts/libfs.sh @@ -0,0 +1,107 @@ +#!/bin/bash +# Ver: 1.1 by Endial Fang (endial@126.com) +# +# 文件管理函数库 + +# 加载依赖项 +. /usr/local/scripts/liblog.sh # 日志输出函数库 + +# 函数列表 + +# 检测目录是否存在,如果不存在则创建,同时修改为指定的用户 +# 参数: +# $1 - 目录路径 +# $2 - 用户 +ensure_dir_exists() { + local dir="${1:?directory is missing}" + local owner="${2:-}" + + mkdir -p "${dir}" + if [[ -n $owner ]]; then + chown "$owner":"$owner" "$dir" + fi +} + +# 检测目录是否存在或为空 +# 参数: +# $1 - 目录路径 +is_dir_empty() { + local dir="${1:?missing directory}" + + if [[ ! -e "$dir" ]] || [[ -z "$(ls -A "$dir")" ]]; then + true + else + false + fi +} + +# 循环设置目录中子目录及文件权限 +# 参数: +# $1 - paths (as a string). +# Flags: +# -f|--file-mode - 文件权限模式 +# -d|--dir-mode - 目录权限模式 +# -u|--user - 用户 +# -g|--group - 用户组 +configure_permissions_ownership() { + local -r paths="${1:?paths is missing}" + local dir_mode="" + local file_mode="" + local user="" + local group="" + + # Validate arguments + shift 1 + while [ "$#" -gt 0 ]; do + case "$1" in + -f|--file-mode) + shift + file_mode="${1:?missing mode for files}" + ;; + -d|--dir-mode) + shift + dir_mode="${1:?missing mode for directories}" + ;; + -u|--user) + shift + user="${1:?missing user}" + ;; + -g|--group) + shift + group="${1:?missing group}" + ;; + *) + LOG_E "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + + read -r -a filepaths <<< "$paths" + for p in "${filepaths[@]}"; do + if [[ -e "$p" ]]; then + LOG_D "Check $p" + if [[ -n ${dir_mode} ]]; then + LOG_D "Change permissions to ${dir_mode} of directories in $p" + find -L "$p" -type d -print | xargs -i chmod "${dir_mode}" '{}' + fi + if [[ -n ${file_mode} ]]; then + LOG_D "Change permissions to ${file_mode} of files in $p" + find -L "$p" -type f -print | xargs -i chmod "${file_mode}" '{}' + fi + if [[ -n $user ]] && [[ -n ${group} ]]; then + LOG_D "Change ownership to ${user}:${group} of files and directories in $p" + find -L "$p" \( \! -user ${user} -or \! -group ${group} \) -print | xargs -i chown -L "${user}":"${group}" '{}' + elif [[ -n $user ]] && [[ -z $group ]]; then + LOG_D "Change user to ${user} of files and directories in $p" + find -L "$p" \! -user ${user} -print | xargs -i chown -L "${user}" '{}' + elif [[ -z $user ]] && [[ -n $group ]]; then + LOG_D "Change group to ${group} of files and directories in $p" + find -L "$p" \! -group ${group} -print | xargs -i chgrp -L "${group}" '{}' + fi + else + LOG_E "$p does not exist" + fi + done +} diff --git a/alpine/prebuilds/usr/local/scripts/liblog.sh b/alpine/prebuilds/usr/local/scripts/liblog.sh new file mode 100644 index 0000000..09b4933 --- /dev/null +++ b/alpine/prebuilds/usr/local/scripts/liblog.sh @@ -0,0 +1,81 @@ +#!/bin/bash +# Ver: 1.1 by Endial Fang (endial@126.com) + +#[[ ${ENV_DEBUG:-false} = true ]] && set -x + +MODULE="$(basename "$0")" + +RESET='\033[0m' +BOLD='\033[1m' + +# 前景色 +BLACK='\033[38;5;0m' +RED='\033[38;5;1m' +GREEN='\033[38;5;2m' +YELLOW='\033[38;5;3m' +BLUE='\033[38;5;4m' +MAGENTA='\033[38;5;5m' +CYAN='\033[38;5;6m' +WHITE='\033[38;5;7m' + +# 背景色 +ON_BLACK='\033[48;5;0m' +ON_RED='\033[48;5;1m' +ON_GREEN='\033[48;5;2m' +ON_YELLOW='\033[48;5;3m' +ON_BLUE='\033[48;5;4m' +ON_MAGENTA='\033[48;5;5m' +ON_CYAN='\033[48;5;6m' +ON_WHITE='\033[48;5;7m' + +# 函数列表 + +# 打印输出到 STDERR 设备 +stderr_print() { + printf "%b\\n" "${*}" >&2 +} + +# 输出实际日志信息 +# 参数: +# $1 - 日志类型 +# $2 - 日志信息 +LOG() { + #stderr_print "${ENV_DEBUG:+${CYAN}${MODULE:-} ${MAGENTA}$(date "+%T.%2N ")}${RESET}${*}" + printf "${ENV_DEBUG:+${CYAN}${MODULE:-} ${MAGENTA}%s}${RESET} %b\n" "$(date "+%T")" "${*}" +} + +# 输出调试类日志信息,尽量少使用 +# 参数: +# $1 - 日志类型 +# $2 - 日志信息 +LOG_D() { + local -r bool="${ENV_DEBUG:-false}" + shopt -s nocasematch + if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then + LOG "${BLUE}DBG${RESET}: ${*}" + fi +} + +# 输出提示信息类日志信息 +# 参数: +# $1 - 日志类型 +# $2 - 日志信息 +LOG_I() { + LOG "${GREEN}INF${RESET}: ${*}" +} + +# 输出警告类日志信息至sterr +# 参数: +# $1 - 日志类型 +# $2 - 日志信息 +LOG_W() { + LOG "${YELLOW}WRN${RESET}: ${*}" +} + +# 输出错误类日志信息至sterr,并退出脚本 +# 参数: +# $1 - 日志类型 +# $2 - 日志信息 +LOG_E() { + LOG "${RED}ERR${RESET}: ${*}" +} diff --git a/alpine/prebuilds/usr/local/scripts/libos.sh b/alpine/prebuilds/usr/local/scripts/libos.sh new file mode 100644 index 0000000..047fa9d --- /dev/null +++ b/alpine/prebuilds/usr/local/scripts/libos.sh @@ -0,0 +1,109 @@ +#!/bin/bash +# Ver: 1.2 by Endial Fang (endial@126.com) +# +# 操作系统控制函数库 + +# 加载依赖项 +. /usr/local/scripts/liblog.sh # 日志输出函数库 + +# 函数列表 + +# 检测指定用户账户是否存在 +# 参数: +# $1 - 用户账户 +user_exists() { + local user="${1:?user is missing}" + id "$user" >/dev/null 2>&1 +} + +# 检测指定用户分组是否存在 +# 参数: +# $1 - 用户组 +group_exists() { + local group="${1:?group is missing}" + getent group "$group" >/dev/null 2>&1 +} + +# 获取系统可用内存大小(MB)信息 +get_total_memory() { + echo $(($(grep MemTotal /proc/meminfo | awk '{print $2}') / 1024)) +} + +# 获取以定量方式描述的内存大小 +# 参数: +# $1 - 内存大小 (MB,可选) +get_machine_size() { + local memory="${1:-}" + if [[ -z "$memory" ]]; then + debug "Memory was not specified, detecting available memory automatically" + memory="$(get_total_memory)" + fi + sanitized_memory=$(convert_to_mb "$memory") + if [[ "$sanitized_memory" -gt 26000 ]]; then + echo 2xlarge + elif [[ "$sanitized_memory" -gt 13000 ]]; then + echo xlarge + elif [[ "$sanitized_memory" -gt 6000 ]]; then + echo large + elif [[ "$sanitized_memory" -gt 3000 ]]; then + echo medium + elif [[ "$sanitized_memory" -gt 1500 ]]; then + echo small + else + echo micro + fi +} + +# 获取已定义的所有内存大小描述 +get_supported_machine_sizes() { + echo micro small medium large xlarge 2xlarge +} + +# 将以字符串表示的内存大小转换为以MB为单位的内存大小值 (i.e. 2G -> 2048) +# 参数: +# $1 - 内存大小 +convert_to_mb() { + local amount="${1:-}" + if [[ $amount =~ ^([0-9]+)(M|G) ]]; then + size="${BASH_REMATCH[1]}" + unit="${BASH_REMATCH[2]}" + if [[ "$unit" = "G" ]]; then + amount="$((size * 1024))" + else + amount="$size" + fi + fi + echo "$amount" +} + +# 如果禁用调试模式,将输出信息重定向至 /dev/null +# 参数: +# $@ - 待执行的命令 +debug_execute() { + local -r bool="${ENV_DEBUG:-false}" + shopt -s nocasematch + if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then + "$@" + else + "$@" >/dev/null 2>&1 + fi +} + +# 重试执行命令 +# 参数: +# $1 - cmd (as a string) +# $2 - 最大尝试次数. Default: 12 +# $3 - 重试前等待时间(秒). Default: 5 +retry_while() { + local -r cmd="${1:?cmd is missing}" + local -r retries="${2:-12}" + local -r sleep_time="${3:-5}" + local return_value=1 + + read -r -a command <<< "$cmd" + for ((i = 1 ; i <= retries ; i+=1 )); do + "${command[@]}" && return_value=0 && break + sleep "$sleep_time" + done + return $return_value +} diff --git a/alpine/prebuilds/usr/local/scripts/libservice.sh b/alpine/prebuilds/usr/local/scripts/libservice.sh new file mode 100644 index 0000000..bbf90b4 --- /dev/null +++ b/alpine/prebuilds/usr/local/scripts/libservice.sh @@ -0,0 +1,87 @@ +#!/bin/bash +# Ver: 1.0 by Endial Fang (endial@126.com) +# +# 服务管理函数库 + +# shellcheck disable=SC1091 + +# 加载依赖项 +. /usr/local/scripts/liblog.sh # 日志输出函数库 + +# 函数列表 + +# 获取并返回服务 PID +# 参数: +# $1 - PID 文件 +get_pid_from_file() { + local pid_file="${1:?pid file is missing}" + + if [[ -f "$pid_file" ]]; then + if [[ -n "$(< "$pid_file")" ]] && [[ "$(< "$pid_file")" -gt 0 ]]; then + echo "$(< "$pid_file")" + fi + fi +} + +# 检测 PID 对应的服务是否在运行中 +# 参数: +# $1 - PID +is_service_running() { + local pid="${1:?pid is missing}" + + kill -0 "$pid" 2>/dev/null +} + +# 通过发送信号停止一个指定的服务 +# 参数: +# $1 - PID 文件 +# $2 - 信号 (可选) +stop_service_using_pid() { + local pid_file="${1:?pid file is missing}" + local signal="${2:-}" + local pid + + pid="$(get_pid_from_file "$pid_file")" + [[ -z "$pid" ]] || ! is_service_running "$pid" && return + + if [[ -n "$signal" ]]; then + kill "-${signal}" "$pid" + else + kill "$pid" + fi + + local counter=10 + while [[ "$counter" -ne 0 ]] && is_service_running "$pid"; do + sleep 1 + counter=$((counter - 1)) + done +} + +# 生成一个 Logrotate 配置文件 +# 参数: +# $1 - 应用名称 +# $2 - 日志路径及日志文件名 +# $3 - 周期 +# $4 - Rotations 存储的数量 +# $5 - 其他参数 (可选) +generate_logrotate_conf() { + local service_name="${1:?service name is missing}" + local log_path="${2:?log path is missing}" + local period="${3:-weekly}" + local rotations="${4:-150}" + local extra_options="${5:-}" + local logrotate_conf_dir="/etc/logrotate.d" + + mkdir -p "$logrotate_conf_dir" + cat >"${logrotate_conf_dir}/${service_name}" <<-'EOF' + ${log_path} { + ${period} + rotate ${rotations} + dateext + compress + copytruncate + missingok + ${extra_options} + } +EOF +} diff --git a/alpine/prebuilds/usr/local/scripts/libvalidations.sh b/alpine/prebuilds/usr/local/scripts/libvalidations.sh new file mode 100644 index 0000000..be29b14 --- /dev/null +++ b/alpine/prebuilds/usr/local/scripts/libvalidations.sh @@ -0,0 +1,213 @@ +#!/bin/bash +# Ver: 1.0 by Endial Fang (endial@126.com) +# +# 数据有效性校验函数库 + +# 加载依赖项 +. /usr/local/scripts/liblog.sh # 日志输出函数库 + +# 函数列表 + +# 检测数据是否为整数 +# 参数: +# $1 - 待检测的数据 +is_int() { + local -r int="${1:?missing value}" + if [[ "$int" =~ ^-?[0-9]+ ]]; then + true + else + false + fi +} + +# 检测数据是否为正整数 +# 参数: +# $1 - 待检测的数据 +is_positive_int() { + local -r int="${1:?missing value}" + if is_int "$int" && (( "${int}" >= 0 )); then + true + else + false + fi +} + +# 检测数据是否为布尔值 '1' 或字符串 'yes/true' +# 参数: +# $1 - 待检测的数据 +is_boolean_yes() { + local -r bool="${1:-}" + # comparison is performed without regard to the case of alphabetic characters + shopt -s nocasematch + if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then + true + else + false + fi +} + +# 检测数据是否为字符串 'yes/no' +# 参数: +# $1 - 待检测的数据 +is_yes_no_value() { + local -r bool="${1:-}" + if [[ "$bool" =~ ^(yes|no)$ ]]; then + true + else + false + fi +} + +# 检测数据是否为字符串 'true/false' +# 参数: +# $1 - 待检测的数据 +is_true_false_value() { + local -r bool="${1:-}" + if [[ "$bool" =~ ^(true|false)$ ]]; then + true + else + false + fi +} + +# 检测提供的参数是否为空字符串或未定义 +# 参数: +# $1 - 待检测的数据 +is_empty_value() { + local -r val="${1:-}" + if [[ -z "$val" ]]; then + true + else + false + fi +} + +# 检测数据是否为有效的端口号 +# 参数: +# $1 - 待检测的数据 +# 返回值: +# 布尔值 或 错误消息 +validate_port() { + local value + local unprivileged=0 + + # Parse flags + while [[ "$#" -gt 0 ]]; do + case "$1" in + -unprivileged) + unprivileged=1 + ;; + --) + shift + break + ;; + -*) + LOG_E "unrecognized flag $1" + return 1 + ;; + *) + break + ;; + esac + shift + done + + if [[ "$#" -gt 1 ]]; then + LOG_E "too many arguments provided" + return 2 + elif [[ "$#" -eq 0 ]]; then + LOG_E "missing port argument" + return 1 + else + value=$1 + fi + + if [[ -z "$value" ]]; then + LOG_E "the value is empty" + return 1 + else + if ! is_int "$value"; then + LOG_W "value is not an integer" + return 2 + elif [[ "$value" -lt 0 ]]; then + LOG_W "negative value provided" + return 2 + elif [[ "$value" -gt 65535 ]]; then + LOG_W "requested port is greater than 65535" + return 2 + elif [[ "$unprivileged" = 1 && "$value" -lt 1024 ]]; then + LOG_W "privileged port requested" + return 3 + fi + fi +} + +# 检测数据是否为有效的IPv4地址 +# 参数: +# $1 - 待检测的数据 +validate_ipv4() { + local ip="${1:?ip is missing}" + local stat=1 + + if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then + read -r -a ip_array <<< "$(tr '.' ' ' <<< "$ip")" + [[ ${ip_array[0]} -le 255 && ${ip_array[1]} -le 255 \ + && ${ip_array[2]} -le 255 && ${ip_array[3]} -le 255 ]] + stat=$? + fi + return $stat +} + +# 校验字符串格式 +# 参数: +# $1 - 待检测的数据 +validate_string() { + local string + local min_length=-1 + local max_length=-1 + + # Parse flags + while [ "$#" -gt 0 ]; do + case "$1" in + -min-length) + shift + min_length=${1:-} + ;; + -max-length) + shift + max_length=${1:-} + ;; + --) + shift + break + ;; + -*) + LOG_E "unrecognized flag $1" + return 1 + ;; + *) + break + ;; + esac + shift + done + + if [ "$#" -gt 1 ]; then + LOG_E "too many arguments provided" + return 2 + elif [ "$#" -eq 0 ]; then + LOG_W "missing string" + return 1 + else + string=$1 + fi + + if [[ "$min_length" -ge 0 ]] && [[ "${#string}" -lt "$min_length" ]]; then + LOG_I "string length is less than $min_length" + return 1 + fi + if [[ "$max_length" -ge 0 ]] && [[ "${#string}" -gt "$max_length" ]]; then + LOG_I "string length is great than $max_length" + return 1 + fi +} \ No newline at end of file diff --git a/alpine/prebuilds/usr/sbin/download_pkg b/alpine/prebuilds/usr/sbin/download_pkg new file mode 100755 index 0000000..45bd36e --- /dev/null +++ b/alpine/prebuilds/usr/sbin/download_pkg @@ -0,0 +1,160 @@ +#!/bin/bash +# Ver: 1.0 by Endial Fang (endial@126.com) +# +# shell 执行参数,分别为 -e(命令执行错误则退出脚本) -u(变量未定义则报错) -x(打印实际待执行的命令行) +set -eux +. /usr/local/scripts/liblog.sh + +print_usage() { + LOG "Usage: download_pkg \"\" [OPTIONS]" + LOG "" + LOG "Download and install Third-Part packages" + LOG "" + LOG "Commands:" + LOG " install Download and install a package." + LOG " unpack Download and unpack a package." + LOG "" + LOG "Options:" + LOG " -g, --checkpgp Package release bucket." + LOG " -s, --checksum SHA256 verification checksum." + LOG " -h, --help Show this help message and exit." + LOG "" + LOG "PACKAGE-NAME: Name with extern name" + LOG "URLS: String with URL list" + LOG "" + LOG "Examples:" + LOG " - Unpack package" + LOG " \$ download_pkg unpack redis-5.0.8.tar.gz \"http://download.redis.io/releases/\"" + LOG "" + LOG " - Verify and Install package" + LOG " \$ download_pkg install redis-5.0.8.tar.gz \"http://download.redis.io/releases/\" --checksum 42cf86a114d2a451b898fcda96acd4d01062a7dbaaad2801d9164a36f898f596" + LOG "" +} + +check_pgp() { + local name_asc=${1:?missing asc file name} + local name=${2:?missing file name} + local keys="${3:?missing key id}" + + GNUPGHOME="$(mktemp -d)" + if which gpg >/dev/null 2>&1; then + for key in $keys; do + gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "${key}" || + gpg --batch --keyserver pgp.mit.edu --recv-keys "${key}" || + gpg --batch --keyserver keys.gnupg.net --recv-keys "${key}" || + gpg --batch --keyserver keyserver.pgp.com --recv-keys "${key}"; + done + gpg --batch --verify "$name_asc" "$name" + command -v gpgconf > /dev/null && gpgconf --kill all + fi +} + +# 获取并解析参数 +ARGS=$(getopt -o g:s:h -l "checkpgp:,checksum:,help" -n "download-pkg" -- "$@") +if [ $? -ne 0 ]; +then + exit 1 +fi + +eval set -- "$ARGS"; +while true; do + case "$1" in + -g|--checkpgp) + shift + if [ -n "$1" ]; then + PACKAGE_KEYS=$1 + shift + fi + ;; + -s|--checksum) + shift + if [ -n "$1" ]; then + PACKAGE_SHA256=$1 + shift + fi + ;; + -h|--help) + print_usage + exit 0 + ;; + --) + shift + break + ;; + esac +done + +# 检测输入的命令是否合法 +case "$1" in + install|unpack) ;; + *) + error "Unrecognized command: $1" + print_usage + exit 1 + ;; +esac + +# 检测输入参数是否足够,需要至少提供软件包名称 及 下载路径 +if [ $# -lt 3 ]; then + print_usage + exit 1 +fi + +INSTALL_ROOT=/usr/local +CACHE_ROOT=/tmp + +PACKAGE="$2" +PACKAGE_URLS=$3 + +cd $INSTALL_ROOT + +LOG_I "Downloading $PACKAGE package" +for url in $PACKAGE_URLS; do + LOG_D "Try $url/$PACKAGE" + if wget -O "$CACHE_ROOT/$PACKAGE" "$url/$PACKAGE" && [ -s "$CACHE_ROOT/$PACKAGE" ]; then + if [ -n "$PACKAGE_KEYS" ]; then + wget -O "$CACHE_ROOT/$PACKAGE.asc" "$url/$PACKAGE.asc" + if [ ! -e "$CACHE_ROOT/$PACKAGE.asc" ]; then + wget -O "$CACHE_ROOT/$PACKAGE.asc" "$url/$PACKAGE.sig" + fi + fi + success=1 + break + fi +done + +if [ "$PACKAGE_SHA256" ]; then + LOG_I "Verifying package integrity" + echo "$PACKAGE_SHA256 *$CACHE_ROOT/$PACKAGE" | sha256sum -c - +fi + +if [ -e "$CACHE_ROOT/$PACKAGE.asc" ]; then + LOG_I "Verifying package with PGP" + check_pgp "$CACHE_ROOT/$PACKAGE.asc" "$CACHE_ROOT/$PACKAGE" "$PACKAGE_KEYS" +fi + +# If the tarball has too many files, it can trigger a bug +# in overlayfs when using tar. Install bsdtar in the container image +# to workaround it. As the overhead is too big (~40 MB), it is not added by +# default. Source: https://github.com/coreos/bugs/issues/1095 + + +# 安装或解压软件 +case "$1" in + install) + LOG_I "Installing $PACKAGE" + cp $CACHE_ROOT/$PACKAGE /usr/local/bin/ + ;; + unpack) + if ! tar tzf $CACHE_ROOT/$PACKAGE >/dev/null 2>&1; then + LOG_E "Invalid or corrupt '$PACKAGE' package." + exit 1 + fi + LOG_I "Unpacking $PACKAGE" + if which bsdtar >/dev/null 2>&1; then + bsdtar -xf $CACHE_ROOT/$PACKAGE + else + tar xzf $CACHE_ROOT/$PACKAGE --no-same-owner + fi + ;; +esac diff --git a/alpine/prebuilds/usr/sbin/install_pkg b/alpine/prebuilds/usr/sbin/install_pkg new file mode 100755 index 0000000..d22e3c0 --- /dev/null +++ b/alpine/prebuilds/usr/sbin/install_pkg @@ -0,0 +1,53 @@ +#!/bin/sh +# Ver: 1.0 by Endial Fang (endial@126.com) +# +# shell 执行参数,分别为 -e(命令执行错误则退出脚本) -u(变量未定义则报错) -x(打印实际待执行的命令行) +set -eux + +print_usage() { + echo "Usage: install_pkg " + echo "" + echo "Download and install packages" + echo "" + echo "Options:" + echo " -h, --help Show this help message and exit." + echo "" + echo "Examples:" + echo " - Unpack package" + echo " \$ install_pkg bash curl" + echo "" +} + +if [ $# -lt 1 ]; then + print_usage + exit 1 +fi + +case "$1" in + -h|--help) + print_usage + exit 0 + ;; +esac + +retry=0 +max=2 +until [ $retry -gt $max ]; do + set +e + ( + apk update --no-cache && + apk upgrade --no-cache && + apk add --no-cache "$@" + ) + CODE=$? + set -e + if [ $CODE -eq 0 ]; then + break + fi + if [ $retry -eq $max ]; then + exit $CODE + fi + echo "APK failed, retrying" + retry=$(($retry + 1)) +done +rm -r /var/cache/apk/* /root/.cache /tmp/* || : diff --git a/alpine/prebuilds/usr/sbin/select_source b/alpine/prebuilds/usr/sbin/select_source new file mode 100755 index 0000000..37a87fb --- /dev/null +++ b/alpine/prebuilds/usr/sbin/select_source @@ -0,0 +1,6 @@ +#!/bin/sh +# Ver: 1.0 by Endial Fang (endial@126.com) +# +# shell 执行参数,分别为 -e(命令执行错误则退出脚本) -u(变量未定义则报错) -x(打印实际待执行的命令行) +set -eux +cp /etc/apk/repositories.${1:-default} /etc/apk/repositories