From 6e32e18f82c9e0fd6270302e9cee94a1028a3cc0 Mon Sep 17 00:00:00 2001 From: Michael Li Date: Sat, 23 Dec 2023 17:02:31 +0800 Subject: [PATCH] optimize configure for docker all in one environment --- docker/build/finalize.sh | 3 +- docker/nsswitch.conf | 16 --- docker/runtime/backup-init.sh | 144 ---------------------- docker/runtime/backup-job.sh | 40 ------ docker/runtime/backup-rotator.sh | 28 ----- docker/s6/.s6-svscan/finish | 4 +- docker/s6/meilisearch/run | 2 +- docker/s6/paopao-ce/run | 2 +- docker/sshd_config | 15 --- docker/start.sh | 58 +-------- scripts/docker/Dockerfile.allinone-runner | 11 +- 11 files changed, 14 insertions(+), 309 deletions(-) delete mode 100644 docker/nsswitch.conf delete mode 100644 docker/runtime/backup-init.sh delete mode 100644 docker/runtime/backup-job.sh delete mode 100644 docker/runtime/backup-rotator.sh delete mode 100644 docker/sshd_config diff --git a/docker/build/finalize.sh b/docker/build/finalize.sh index 0d87a7a1..004874a3 100755 --- a/docker/build/finalize.sh +++ b/docker/build/finalize.sh @@ -8,7 +8,6 @@ adduser -G paopao -H -D -g 'paopao User' paopao -h /data/paopao -s /bin/bash && echo "export PAOPAO_CUSTOM=${PAOPAO_CUSTOM}" >> /etc/profile # Final cleaning -mv /app/docker/paopao-ce_config.yaml /app/config.yaml +mv /app/docker/config.yaml /app/config.yaml rm -rf /app/docker/build -rm /app/docker/nsswitch.conf rm /app/docker/README.md diff --git a/docker/nsswitch.conf b/docker/nsswitch.conf deleted file mode 100644 index 70eb1733..00000000 --- a/docker/nsswitch.conf +++ /dev/null @@ -1,16 +0,0 @@ -# /etc/nsswitch.conf - -passwd: compat -group: compat -shadow: compat - -hosts: files dns -networks: files - -protocols: db files -services: db files -ethers: db files -rpc: db files - -netgroup: nis - diff --git a/docker/runtime/backup-init.sh b/docker/runtime/backup-init.sh deleted file mode 100644 index f4e21a1b..00000000 --- a/docker/runtime/backup-init.sh +++ /dev/null @@ -1,144 +0,0 @@ -#!/usr/bin/env bash -set -e - -BACKUP_PATH="/backup" - -# Make sure that required directories exist -mkdir -p "${BACKUP_PATH}" -mkdir -p "/etc/crontabs" -chown git:git /backup -chmod 2770 /backup - -# [string] BACKUP_INTERVAL Period expression -# [string] BACKUP_RETENTION Period expression -if [ -z "${BACKUP_INTERVAL}" ]; then - echo "Backup disabled: BACKUP_INTERVAL has not been found" 1>&2 - exit 1 -fi - -if [ -z "${BACKUP_RETENTION}" ]; then - echo "Backup retention period is not defined, default to 7 days" 1>&2 - BACKUP_RETENTION='7d' -fi - -# Parse BACKUP_INTERVAL environment variable and generate appropriate cron expression. Backup cron task will be run as scheduled. -# Expected format: nu (n - number, u - unit) (eg. 3d means 3 days) -# Supported units: h - hours, d - days, M - months -parse_generate_cron_expression() { - CRON_EXPR_MINUTES="*" - CRON_EXPR_HOURS="*" - CRON_EXPR_DAYS="*" - CRON_EXPR_MONTHS="*" - - # shellcheck disable=SC2001 - TIME_INTERVAL=$(echo "${BACKUP_INTERVAL}" | sed -e 's/[hdM]$//') - # shellcheck disable=SC2001 - TIME_UNIT=$(echo "${BACKUP_INTERVAL}" | sed -e 's/^[0-9]\+//') - - if [ "${TIME_UNIT}" = "h" ]; then - if [ ! "${TIME_INTERVAL}" -le 23 ]; then - echo "Parse error: Time unit 'h' (hour) cannot be greater than 23" 1>&2 - exit 1 - fi - - CRON_EXPR_MINUTES=0 - CRON_EXPR_HOURS="*/${TIME_INTERVAL}" - elif [ "${TIME_UNIT}" = "d" ]; then - if [ ! "${TIME_INTERVAL}" -le 30 ]; then - echo "Parse error: Time unit 'd' (day) cannot be greater than 30" 1>&2 - exit 1 - fi - - CRON_EXPR_MINUTES=0 - CRON_EXPR_HOURS=0 - CRON_EXPR_DAYS="*/${TIME_INTERVAL}" - elif [ "${TIME_UNIT}" = "M" ]; then - if [ ! "${TIME_INTERVAL}" -le 12 ]; then - echo "Parse error: Time unit 'M' (month) cannot be greater than 12" 1>&2 - exit 1 - fi - - CRON_EXPR_MINUTES=0 - CRON_EXPR_HOURS=0 - CRON_EXPR_DAYS="1" - CRON_EXPR_MONTHS="*/${TIME_INTERVAL}" - else - echo "Parse error: BACKUP_INTERVAL expression is invalid" 1>&2 - exit 1 - fi - - echo "${CRON_EXPR_MINUTES} ${CRON_EXPR_HOURS} ${CRON_EXPR_DAYS} ${CRON_EXPR_MONTHS} *" -} - -# Parse BACKUP_RETENTION environment variable and generate appropriate find command expression. -# Expected format: nu (n - number, u - unit) (eg. 3d means 3 days) -# Supported units: m - minutes, d - days -parse_generate_retention_expression() { - FIND_TIME_EXPR='mtime' - - # shellcheck disable=SC2001 - TIME_INTERVAL=$(echo "${BACKUP_RETENTION}" | sed -e 's/[mhdM]$//') - # shellcheck disable=SC2001 - TIME_UNIT=$(echo "${BACKUP_RETENTION}" | sed -e 's/^[0-9]\+//') - - if [ "${TIME_UNIT}" = "m" ]; then - if [ "${TIME_INTERVAL}" -le 59 ]; then - echo "Warning: Minimal retention is 60m. Value set to 60m" 1>&2 - TIME_INTERVAL=60 - fi - - FIND_TIME_EXPR="mmin" - elif [ "${TIME_UNIT}" = "h" ]; then - echo "Error: Unsupported expression - Try: eg. 120m for 2 hours." 1>&2 - exit 1 - elif [ "${TIME_UNIT}" = "d" ]; then - FIND_TIME_EXPR="mtime" - elif [ "${TIME_UNIT}" = "M" ]; then - echo "Error: Unsupported expression - Try: eg. 60d for 2 months." 1>&2 - exit 1 - else - echo "Parse error: BACKUP_RETENTION expression is invalid" 1>&2 - exit 1 - fi - - echo "${FIND_TIME_EXPR} +${TIME_INTERVAL:-7}" -} - -add_backup_cronjob() { - CRONTAB_USER="${1:-git}" - CRONTAB_FILE="/etc/crontabs/${CRONTAB_USER}" - CRONJOB_EXPRESSION="${2:-}" - CRONJOB_EXECUTOR="${3:-}" - CRONJOB_EXECUTOR_ARGUMENTS="${4:-}" - CRONJOB_TASK="${CRONJOB_EXPRESSION} /bin/sh ${CRONJOB_EXECUTOR} ${CRONJOB_EXECUTOR_ARGUMENTS}" - - if [ -f "${CRONTAB_FILE}" ]; then - CRONJOB_EXECUTOR_COUNT=$(grep -c "${CRONJOB_EXECUTOR}" "${CRONTAB_FILE}" || exit 0) - if [ "${CRONJOB_EXECUTOR_COUNT}" != "0" ]; then - echo "Cron job already exists for ${CRONJOB_EXECUTOR}. Updating existing." 1>&2 - CRONJOB_TASK=$(echo "{CRONJOB_TASK}" | sed 's/\//\\\//g' ) - CRONJOB_EXECUTOR=$(echo "{CRONJOB_EXECUTOR}" | sed 's/\//\\\//g' ) - sed -i "/${CRONJOB_EXECUTOR}/c\\${CRONJOB_TASK}" "${CRONTAB_FILE}" - return 0 - fi - fi - - # Finally append new line with cron task expression - echo "${CRONJOB_TASK}" >>"${CRONTAB_FILE}" -} - -CRONTAB_USER=$(awk -v val="${PUID}" -F ":" '$3==val{print $1}' /etc/passwd) - -# Up to this point, it was desirable that interpreter handles the command errors and halts execution upon any error. -# From now, we handle the errors our self. -set +e -RETENTION_EXPRESSION="$(parse_generate_retention_expression)" - -if [ -z "${RETENTION_EXPRESSION}" ]; then - echo "Couldn't generate backup retention expression. Aborting backup setup" 1>&2 - exit 1 -fi - -# Backup rotator cron will run every 5 minutes -add_backup_cronjob "${CRONTAB_USER}" "*/5 * * * *" "/app/gogs/docker/runtime/backup-rotator.sh" "'${BACKUP_PATH}' '${RETENTION_EXPRESSION}'" -add_backup_cronjob "${CRONTAB_USER}" "$(parse_generate_cron_expression)" "/app/gogs/docker/runtime/backup-job.sh" "'${BACKUP_PATH}'" diff --git a/docker/runtime/backup-job.sh b/docker/runtime/backup-job.sh deleted file mode 100644 index 684cc3d7..00000000 --- a/docker/runtime/backup-job.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/usr/bin/env sh - -execute_backup_job() { - BACKUP_ARG_PATH="${1:-}" - BACKUP_ARG_CONFIG="${BACKUP_ARG_CONFIG:-}" - BACKUP_ARG_EXCLUDE_REPOS="${BACKUP_ARG_EXCLUDE_REPOS:-}" - BACKUP_EXTRA_ARGS="${BACKUP_EXTRA_ARGS:-}" - cd "/app/gogs" || exit 1 - - BACKUP_ARGS="--target=${BACKUP_ARG_PATH}" - - if [ -n "${BACKUP_ARG_CONFIG}" ]; then - BACKUP_ARGS="${BACKUP_ARGS} --config=${BACKUP_ARG_CONFIG}" - fi - - if [ -n "${BACKUP_ARG_EXCLUDE_REPOS}" ]; then - BACKUP_ARGS="${BACKUP_ARGS} --exclude-repos=${BACKUP_ARG_EXCLUDE_REPOS}" - fi - - if [ -n "${BACKUP_EXTRA_ARGS}" ]; then - BACKUP_ARGS="${BACKUP_ARGS} ${BACKUP_EXTRA_ARGS}" - fi - - # NOTE: We actually need word splitting to be able to pass multiple arguments. - # shellcheck disable=SC2086 - ./gogs backup ${BACKUP_ARGS} || echo "Error: Backup job returned non-successful code." && exit 1 -} - -main() { - BACKUP_PATH="${1:-}" - - if [ -z "${BACKUP_PATH}" ]; then - echo "Required argument missing BACKUP_PATH" 1>&2 - exit 1 - fi - - execute_backup_job "${BACKUP_PATH}" -} - -main "$@" diff --git a/docker/runtime/backup-rotator.sh b/docker/runtime/backup-rotator.sh deleted file mode 100644 index 3b6d10ab..00000000 --- a/docker/runtime/backup-rotator.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/usr/bin/env sh - -# This is very simple, yet effective backup rotation script. -# Using find command, all files that are older than BACKUP_RETENTION_DAYS are accumulated and deleted using rm. -main() { - BACKUP_PATH="${1:-}" - FIND_EXPRESSION="${2:-mtime +7}" - - if [ -z "${BACKUP_PATH}" ]; then - echo "Error: Required argument missing BACKUP_PATH" 1>&2 - exit 1 - fi - - if [ "$(realpath "${BACKUP_PATH}")" = "/" ]; then - echo "Error: Dangerous BACKUP_PATH: /" 1>&2 - exit 1 - fi - - if [ ! -d "${BACKUP_PATH}" ]; then - echo "Error: BACKUP_PATH doesn't exist or is not a directory" 1>&2 - exit 1 - fi - - # shellcheck disable=SC2086 - find "${BACKUP_PATH}/" -type f -name "gogs-backup-*.zip" -${FIND_EXPRESSION} -print -exec rm "{}" + -} - -main "$@" diff --git a/docker/s6/.s6-svscan/finish b/docker/s6/.s6-svscan/finish index b3b4b369..73c191ab 100755 --- a/docker/s6/.s6-svscan/finish +++ b/docker/s6/.s6-svscan/finish @@ -1,5 +1,3 @@ #!/bin/sh -# Cleanup SOCAT services and s6 event folder -rm -rf "$(find /app/docker/s6/ -name 'event')" -rm -rf /app/docker/s6/SOCAT_* +# do nothing now diff --git a/docker/s6/meilisearch/run b/docker/s6/meilisearch/run index d961992f..573fd242 100755 --- a/docker/s6/meilisearch/run +++ b/docker/s6/meilisearch/run @@ -5,4 +5,4 @@ if test -f ./setup; then source ./setup fi -exec gosu paopao /bin/meilisearch +exec gosu ${USER} /bin/meilisearch diff --git a/docker/s6/paopao-ce/run b/docker/s6/paopao-ce/run index 98bb4ecd..367e6cc4 100755 --- a/docker/s6/paopao-ce/run +++ b/docker/s6/paopao-ce/run @@ -5,4 +5,4 @@ if test -f ./setup; then source ./setup fi -exec gosu paopao /app/paopao serve +exec gosu ${USER} /app/paopao serve diff --git a/docker/sshd_config b/docker/sshd_config deleted file mode 100644 index d9c98a5d..00000000 --- a/docker/sshd_config +++ /dev/null @@ -1,15 +0,0 @@ -Port 22 -AddressFamily any -ListenAddress 0.0.0.0 -ListenAddress :: -Protocol 2 -LogLevel INFO -HostKey /data/ssh/ssh_host_rsa_key -HostKey /data/ssh/ssh_host_dsa_key -HostKey /data/ssh/ssh_host_ecdsa_key -HostKey /data/ssh/ssh_host_ed25519_key -PermitRootLogin no -AuthorizedKeysFile .ssh/authorized_keys -PasswordAuthentication no -PermitUserEnvironment yes -AllowUsers paopao diff --git a/docker/start.sh b/docker/start.sh index be075f06..e767b9ea 100755 --- a/docker/start.sh +++ b/docker/start.sh @@ -1,45 +1,15 @@ #!/bin/sh -create_socat_links() { - # Bind linked docker container to localhost socket using socat - USED_PORT="3000:22" - while read -r NAME ADDR PORT; do - if test -z "$NAME$ADDR$PORT"; then - continue - elif echo "$USED_PORT" | grep -E "(^|:)$PORT($|:)" > /dev/null; then - echo "init:socat | Can't bind linked container ${NAME} to localhost, port ${PORT} already in use" 1>&2 - else - SERV_FOLDER=/app/gogs/docker/s6/SOCAT_${NAME}_${PORT} - mkdir -p "${SERV_FOLDER}" - CMD="socat -ls TCP4-LISTEN:${PORT},fork,reuseaddr TCP4:${ADDR}:${PORT}" - # shellcheck disable=SC2039,SC3037 - echo -e "#!/bin/sh\nexec $CMD" > "${SERV_FOLDER}"/run - chmod +x "${SERV_FOLDER}"/run - USED_PORT="${USED_PORT}:${PORT}" - echo "init:socat | Linked container ${NAME} will be binded to localhost on port ${PORT}" 1>&2 - fi - done << EOT - $(env | sed -En 's|(.*)_PORT_([0-9]+)_TCP=tcp://(.*):([0-9]+)|\1 \3 \4|p') -EOT -} - -cleanup() { - # Cleanup SOCAT services and s6 event folder - # On start and on shutdown in case container has been killed - rm -rf "$(find /app/gogs/docker/s6/ -name 'event')" - rm -rf /app/gogs/docker/s6/SOCAT_* -} - create_volume_subfolder() { # only change ownership if needed, if using an nfs mount this could be expensive - if [ "$USER:$USER" != "$(stat /data -c '%U:%G')" ] + if [ "$USER:$USER" != "$(stat /app -c '%U:%G')" ] then - # Modify the owner of /data dir, make $USER(git) user have permission to create sub-dir in /data. - chown -R "$USER:$USER" /data + # Modify the owner of /app dir, make $USER(paopao) user have permission to create sub-dir in /app. + chown -R "$USER:$USER" /app fi # Create VOLUME subfolder - for f in /data/gogs/data /data/gogs/conf /data/gogs/log /data/git /data/ssh; do + for f in /app/custom /app/meili_data; do if ! test -d $f; then gosu "$USER" mkdir -p $f fi @@ -47,7 +17,7 @@ create_volume_subfolder() { } setids() { - export USER=git + export USER=paopao PUID=${PUID:-1000} PGID=${PGID:-1000} groupmod -o -g "$PGID" $USER @@ -55,26 +25,8 @@ setids() { } setids -cleanup create_volume_subfolder -LINK=$(echo "$SOCAT_LINK" | tr '[:upper:]' '[:lower:]') -if [ "$LINK" = "false" ] || [ "$LINK" = "0" ]; then - echo "init:socat | Will not try to create socat links as requested" 1>&2 -else - create_socat_links -fi - -CROND=$(echo "$RUN_CROND" | tr '[:upper:]' '[:lower:]') -if [ "$CROND" = "true" ] || [ "$CROND" = "1" ]; then - echo "init:crond | Cron Daemon (crond) will be run as requested by s6" 1>&2 - rm -f /app/gogs/docker/s6/crond/down - /bin/sh /app/gogs/docker/runtime/backup-init.sh "${PUID}" -else - # Tell s6 not to run the crond service - touch /app/gogs/docker/s6/crond/down -fi - # Exec CMD or S6 by default if nothing present if [ $# -gt 0 ];then exec "$@" diff --git a/scripts/docker/Dockerfile.allinone-runner b/scripts/docker/Dockerfile.allinone-runner index e5e9491d..2cf3dc19 100644 --- a/scripts/docker/Dockerfile.allinone-runner +++ b/scripts/docker/Dockerfile.allinone-runner @@ -8,8 +8,7 @@ RUN apk update --quiet \ ca-certificates \ libgcc \ curl \ - s6 \ - socat + s6 && update-ca-certificates WORKDIR /app @@ -23,14 +22,14 @@ COPY --from-meilisearch /bin/meilitool /bin/meilitool # going to symlink the meilisearch binary in the path to `/meilisearch` RUN ln -s /bin/meilisearch /meilisearch -ENV MEILI_DB_PATH=/meili_data -VOLUME ["/meili_data"] +ENV MEILI_DB_PATH=/app/meili_data +VOLUME ["/app/meili_data"] RUN ./docker/build/finalize.sh # Configure Docker Container -VOLUME ["/meili_data", "/app/custom"] -EXPOSE 8008 7700/tcp +VOLUME ["/app/meili_data", "/app/custom"] +EXPOSE 7700/tcp 6379 8008 HEALTHCHECK --interval=5s --timeout=3s --retries=3 CMD ps -ef | grep paopao || exit 1 ENTRYPOINT ["/app/docker/start.sh"] CMD ["/bin/s6-svscan", "/app/docker/s6/"]