├── Makefile
├── config
├── nginx
│ ├── illa-cloud-frontend.conf
│ ├── illa-builder-frontend.conf
│ └── nginx.conf
├── system
│ └── group
└── envoy
│ └── illa-unit-ingress.yaml
├── scripts
├── redis-entrypoint.sh
├── envoy-entrypoint.sh
├── minio-entrypoint.sh
├── nginx-entrypoint.sh
├── pre-init.sh
├── post-init.sh
├── main.sh
├── postgres-entrypoint.sh
└── postgres-init.sh
├── utils
└── reinstall-docker-with-ubuntu.sh
├── illa-builder-backend-database-schema.md
├── illa-supervisor-backend-database-schema.md
├── DOCUMENTS
├── arch.md
└── assets
│ └── images
│ └── illa-builder-self-host-arch.svg
├── README.md
├── dockerfile
└── LICENSE
/Makefile:
--------------------------------------------------------------------------------
1 | .PHONY: build all run-test run-non-root-test rm-test
2 |
3 | all: build
4 |
5 | build:
6 | docker build ./ -f ./Dockerfile -t illa-builder:local
7 |
8 | run-test:
9 | docker run -d -p 80:2022 --name illa_builder_local -v ~/illa-database:/opt/illa/database -v ~/illa-drive:/opt/illa/drive illa-builder:local
10 |
11 | run-non-root-test:
12 | docker run -d -p 80:2022 --name illa_builder_local --user 1002:1002 -v ~/illa-database:/opt/illa/database -v ~/illa-drive:/opt/illa/drive illa-builder:local
13 |
14 | rm-test:
15 | docker stop illa_builder_local; docker rm illa_builder_local;
16 |
17 |
18 |
--------------------------------------------------------------------------------
/config/nginx/illa-cloud-frontend.conf:
--------------------------------------------------------------------------------
1 | server {
2 | listen 7999 default_server;
3 | server_name localhost;
4 | root /opt/illa/illa-cloud-frontend;
5 | index index.html;
6 | gzip on;
7 |
8 | proxy_ssl_server_name on;
9 | proxy_set_header Upgrade $http_upgrade;
10 | proxy_set_header Connection "upgrade";
11 | proxy_set_header X-Forwarded-Proto $scheme;
12 | proxy_set_header X-Forwarded-Host $host;
13 | proxy_set_header Accept-Encoding "";
14 | proxy_temp_path /opt/illa/nginx/temp 1 2;
15 |
16 |
17 | sub_filter_once off;
18 | location / {
19 | try_files $uri $uri/ /index.html;
20 | expires -1;
21 | }
22 |
23 | location /assets {
24 | expires 1y;
25 | }
26 | }
27 |
28 |
--------------------------------------------------------------------------------
/config/nginx/illa-builder-frontend.conf:
--------------------------------------------------------------------------------
1 | server {
2 | listen 8000 default_server;
3 | server_name localhost;
4 | root /opt/illa/illa-builder-frontend/;
5 | index index.html;
6 | gzip on;
7 |
8 | proxy_ssl_server_name on;
9 | proxy_set_header Upgrade $http_upgrade;
10 | proxy_set_header Connection "upgrade";
11 | proxy_set_header X-Forwarded-Proto $scheme;
12 | proxy_set_header X-Forwarded-Host $host;
13 | proxy_set_header Accept-Encoding "";
14 | proxy_temp_path /opt/illa/nginx/temp 1 2;
15 |
16 |
17 | sub_filter_once off;
18 | location / {
19 | try_files $uri $uri/ /index.html;
20 | expires -1;
21 | }
22 |
23 | location /assets {
24 | expires 1y;
25 | }
26 | }
27 |
28 |
--------------------------------------------------------------------------------
/scripts/redis-entrypoint.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | set -e
3 |
4 | # first arg is `-f` or `--some-option`
5 | # or first arg is `something.conf`
6 | if [ "${1#-}" != "$1" ] || [ "${1%.conf}" != "$1" ]; then
7 | set -- redis-server "$@"
8 | fi
9 |
10 | # allow the container to be started with `--user`
11 | if [ "$1" = 'redis-server' -a "$(id -u)" = '0' ]; then
12 | find . \! -user redis -exec chown redis '{}' +
13 | exec gosu redis "$0" "$@"
14 | fi
15 |
16 | # set an appropriate umask (if one isn't set already)
17 | # - https://github.com/docker-library/redis/issues/305
18 | # - https://github.com/redis/redis/blob/bb875603fb7ff3f9d19aad906bd45d7db98d9a39/utils/systemd-redis_server.service#L37
19 | um="$(umask)"
20 | if [ "$um" = '0022' ]; then
21 | umask 0077
22 | fi
23 |
24 | exec "$@"
25 |
--------------------------------------------------------------------------------
/scripts/envoy-entrypoint.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env sh
2 | set -e
3 |
4 | loglevel="${loglevel:-}"
5 | USERID=$(id -u)
6 |
7 |
8 | # if the first argument look like a parameter (i.e. start with '-'), run Envoy
9 | if [ "${1#-}" != "$1" ]; then
10 | set -- envoy "$@"
11 | fi
12 |
13 | if [ "$1" = 'envoy' ]; then
14 | # set the log level if the $loglevel variable is set
15 | if [ -n "$loglevel" ]; then
16 | set -- "$@" --log-level "$loglevel"
17 | fi
18 | fi
19 |
20 | if [ "$ENVOY_UID" != "0" ] && [ "$USERID" = 0 ]; then
21 | if [ -n "$ENVOY_UID" ]; then
22 | usermod -u "$ENVOY_UID" envoy
23 | fi
24 | if [ -n "$ENVOY_GID" ]; then
25 | groupmod -g "$ENVOY_GID" envoy
26 | fi
27 | # Ensure the envoy user is able to write to container logs
28 | chown envoy:envoy /dev/stdout /dev/stderr
29 | exec su-exec envoy "${@}"
30 | else
31 | exec "${@}"
32 | fi
33 |
--------------------------------------------------------------------------------
/scripts/minio-entrypoint.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | #
3 |
4 | # If command starts with an option, prepend minio.
5 | if [ "${1}" != "minio" ]; then
6 | if [ -n "${1}" ]; then
7 | set -- minio "$@"
8 | fi
9 | fi
10 |
11 | # su-exec to requested user, if service cannot run exec will fail.
12 | docker_switch_user() {
13 | if [ -n "${MINIO_USERNAME}" ] && [ -n "${MINIO_GROUPNAME}" ]; then
14 | if [ -n "${MINIO_UID}" ] && [ -n "${MINIO_GID}" ]; then
15 | groupadd -f -g "$MINIO_GID" "$MINIO_GROUPNAME" && \
16 | useradd -u "$MINIO_UID" -g "$MINIO_GROUPNAME" "$MINIO_USERNAME"
17 | else
18 | groupadd -f "$MINIO_GROUPNAME" && \
19 | useradd -g "$MINIO_GROUPNAME" "$MINIO_USERNAME"
20 | fi
21 | exec setpriv --reuid="${MINIO_USERNAME}" \
22 | --regid="${MINIO_GROUPNAME}" --keep-groups "$@"
23 | else
24 | exec "$@"
25 | fi
26 | }
27 |
28 | ## Switch to user if applicable.
29 | docker_switch_user "$@"
30 |
--------------------------------------------------------------------------------
/utils/reinstall-docker-with-ubuntu.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | echo ''
4 | echo 'Removing old docker installation.'
5 | echo ''
6 |
7 | sudo apt-get remove docker docker-engine docker.io containerd runc -y
8 |
9 | echo ''
10 | echo 'Do update and add ubuntu official install source.'
11 | echo ''
12 |
13 | sudo apt-get update
14 | sudo apt-get install -y \
15 | ca-certificates \
16 | curl \
17 | gnupg \
18 | lsb-release
19 |
20 | sudo mkdir -p /etc/apt/keyrings
21 |
22 | curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
23 |
24 | echo \
25 | "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
26 | $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
27 |
28 | sudo apt-get update
29 |
30 | echo ''
31 | echo 'installing docker-ce.'
32 | echo ''
33 |
34 | sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
35 |
--------------------------------------------------------------------------------
/illa-builder-backend-database-schema.md:
--------------------------------------------------------------------------------
1 |
6 |
7 |
8 |
9 | The database DDL & DML for illa-builder-backend repo
10 |
11 |
12 |
13 | 
14 | 
15 | 
16 | 
17 |
18 |
19 |
20 | # Database DML & DDLs
21 |
22 | https://github.com/illacloud/build-all-in-one-image/blob/c5061f5d8e208ab5d76ac0f06e68615058712062/scripts/postgres-init.sh#L59-L229
23 |
24 |
25 |
26 |
--------------------------------------------------------------------------------
/illa-supervisor-backend-database-schema.md:
--------------------------------------------------------------------------------
1 |
6 |
7 |
8 |
9 | The database DDL & DML for illa-supervisor-backend repo
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 | # Database DML & DDLs
21 |
22 | https://github.com/illacloud/build-all-in-one-image/blob/c5061f5d8e208ab5d76ac0f06e68615058712062/scripts/postgres-init.sh#L230-L419
23 |
24 |
25 |
26 |
--------------------------------------------------------------------------------
/config/nginx/nginx.conf:
--------------------------------------------------------------------------------
1 | worker_processes 1;
2 |
3 | error_log /var/log/nginx/error.log warn;
4 | pid /tmp/nginx.pid;
5 |
6 | events {
7 | worker_connections 1024;
8 | }
9 |
10 |
11 | http {
12 | include /etc/nginx/mime.types;
13 | default_type application/octet-stream;
14 | proxy_temp_path /tmp/proxy_temp;
15 | client_body_temp_path /tmp/client_temp;
16 | fastcgi_temp_path /tmp/fastcgi_temp;
17 | uwsgi_temp_path /tmp/uwsgi_temp;
18 | scgi_temp_path /tmp/scgi_temp;
19 |
20 | log_format main '"$time_local" client=$remote_addr '
21 | 'method=$request_method request="$request" '
22 | 'request_length=$request_length '
23 | 'status=$status bytes_sent=$bytes_sent '
24 | 'body_bytes_sent=$body_bytes_sent '
25 | 'referer=$http_referer '
26 | 'http_x_forwarded_for=$http_x_forwarded_for '
27 | 'user_agent="$http_user_agent" '
28 | 'upstream_addr=$upstream_addr '
29 | 'upstream_status=$upstream_status '
30 | 'request_time=$request_time '
31 | 'upstream_response_time=$upstream_response_time '
32 | 'upstream_connect_time=$upstream_connect_time '
33 | 'upstream_header_time=$upstream_header_time';
34 |
35 | access_log /var/log/nginx/access.log main;
36 |
37 | sendfile on;
38 |
39 | keepalive_timeout 65;
40 |
41 | include /etc/nginx/conf.d/*.conf;
42 | }
43 |
--------------------------------------------------------------------------------
/DOCUMENTS/arch.md:
--------------------------------------------------------------------------------
1 | illa-builder Architecture Diagram
2 | ---------------------------------
3 |
4 | # Description
5 |
6 | This document describes the components and architecture of the illa-builder docker image.
7 |
8 |
9 |
10 | # Architecture Diagram
11 |
12 | 
13 |
14 |
15 |
16 | # Parts
17 |
18 | ## Envoy
19 |
20 | The entry of all requests, the configuration file is in [Envoy Config](../config/envoy/illa-unit-ingress.yaml)
21 |
22 | ## Nginx
23 |
24 | Static file web server for illa-builder, the configuration file is in [Nginx Config](../config/nginx/illa-builder-frontend.conf)
25 |
26 | ## illa-builder
27 |
28 | Static files for illa-builder front-end.
29 |
30 | ## builder-backend
31 |
32 | Holds all APP, Resource and Action APIs.
33 |
34 | ## builder-backend-ws
35 |
36 | WebScoket server for editor, all components modify method are served by this unit.
37 |
38 | For WebSocket message detail, please see [illa-builder-backend WebSocket Message Documents](https://github.com/illacloud/illa-builder-backend-websocket-docs).
39 |
40 | ## illa-supervisor-backend
41 |
42 | the supervisor unit holds all logon and user info APIs.
43 |
44 | ## illa-supervisor-backend-internal
45 |
46 | The supervisor internal unit holds ABAC and raw info APIs.
47 |
48 | ## Postgres
49 |
50 | Storage all data in it.
51 |
52 | The postgres init scripts is in [Postgres Init](../scripts/postgres-init.sh)
53 |
54 | ## Redis
55 |
56 | For cache user session.
57 |
58 | ## Minio
59 |
60 | For object storage, like user avatar etc.
61 |
--------------------------------------------------------------------------------
/scripts/nginx-entrypoint.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # vim:sw=4:ts=4:et
3 |
4 | set -e
5 |
6 | entrypoint_log() {
7 | if [ -z "${NGINX_ENTRYPOINT_QUIET_LOGS:-}" ]; then
8 | echo "$@"
9 | fi
10 | }
11 |
12 | if [ "$1" = "nginx" -o "$1" = "nginx-debug" ]; then
13 | if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then
14 | entrypoint_log "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration"
15 |
16 | entrypoint_log "$0: Looking for shell scripts in /docker-entrypoint.d/"
17 | find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do
18 | case "$f" in
19 | *.envsh)
20 | if [ -x "$f" ]; then
21 | entrypoint_log "$0: Sourcing $f";
22 | . "$f"
23 | else
24 | # warn on shell scripts without exec bit
25 | entrypoint_log "$0: Ignoring $f, not executable";
26 | fi
27 | ;;
28 | *.sh)
29 | if [ -x "$f" ]; then
30 | entrypoint_log "$0: Launching $f";
31 | "$f"
32 | else
33 | # warn on shell scripts without exec bit
34 | entrypoint_log "$0: Ignoring $f, not executable";
35 | fi
36 | ;;
37 | *) entrypoint_log "$0: Ignoring $f";;
38 | esac
39 | done
40 |
41 | entrypoint_log "$0: Configuration complete; ready for start up"
42 | else
43 | entrypoint_log "$0: No files found in /docker-entrypoint.d/, skipping configuration"
44 | fi
45 | fi
46 |
47 | exec "$@"
48 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 |
6 |
7 |
8 |
9 | Build illa-builder all-in-one image by type ```make build```
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 | # How to Build Image
21 |
22 | It's very simple, just clone this repo:
23 |
24 | (this tutorial base on ubuntu 20.04 or later release version)
25 |
26 | ```
27 | git clone https://github.com/illacloud/build-all-in-one-image.git
28 | ```
29 |
30 | and into repo folder:
31 |
32 |
33 | ```
34 | cd build-all-in-one-image
35 | ```
36 |
37 | and install gnu make:
38 |
39 | ```
40 | apt install make
41 | ```
42 |
43 | and if you have no docker installed, please run:
44 |
45 | ```
46 | bash ./utils/reinstall-docker-with-ubuntu.sh
47 | ```
48 |
49 | and build it:
50 |
51 | ```
52 | make build
53 | ```
54 |
55 | that's all.
56 |
57 | # Docker Image Config
58 |
59 | ## Port Listening in Container
60 |
61 | The port listening in container is ```2022```
62 |
63 | ## mount points
64 |
65 | The mount points are:
66 |
67 | - /opt/illa/database
68 | - /opt/illa/drive
69 |
--------------------------------------------------------------------------------
/scripts/pre-init.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | set -Eeo pipefail
3 |
4 | # define color output
5 | BLACK='\033[0;30m'
6 | DARKGRAY='\033[1;30m'
7 | RED='\033[0;31m'
8 | LIGHTRED='\033[1;31m'
9 | GREEN='\033[0;32m'
10 | LIGHTGREEN='\033[1;32m'
11 | ORANGE='\033[0;33m'
12 | YELLOW='\033[1;33m'
13 | BLUE='\033[0;34m'
14 | LIGHTBLUE='\033[1;34m'
15 | PURPLE='\033[0;35m'
16 | LIGHTPURPLE='\033[1;35m'
17 | CYAN='\033[0;36m'
18 | LIGHTCYAN='\033[1;36m'
19 | LIGHTGRAY='\033[0;37m'
20 | WHITE='\033[1;37m'
21 | NC='\033[0m' # No Color
22 |
23 | # check to see if this file is being run or sourced from another script
24 | _is_sourced() {
25 | # https://unix.stackexchange.com/a/215279
26 | [ "${#FUNCNAME[@]}" -ge 2 ] \
27 | && [ "${FUNCNAME[0]}" = '_is_sourced' ] \
28 | && [ "${FUNCNAME[1]}" = 'source' ]
29 | }
30 |
31 |
32 | _checkout_runtime_env() {
33 | local uname_info; uname_info=`uname -a`
34 | local glibc_version; glibc_version=`ldd --version| grep 'ldd'`
35 | # output
36 | echo 'kernel version: '${uname_info}
37 | echo 'glibc version: '${glibc_version}
38 | }
39 |
40 | _is_user_exists() {
41 | if id "$1" &>/dev/null; then
42 | echo \"$1\"' found'
43 | else
44 | echo \"$1\"' NOT found'
45 | fi
46 | }
47 |
48 | _checkout_now_user() {
49 | local idinfo; idinfo=`id`
50 | echo \"$idinfo\"
51 | }
52 |
53 |
54 | _grant_permission_to_now_user() {
55 | local current_user; current_user="$(id -u)"
56 | local current_user_name; current_user_name="$(id -un)"
57 | local current_group; current_group="$(id -g)"
58 |
59 |
60 | }
61 |
62 | _checkout_gosu() {
63 | local gosu_versoin; gosu_versoin=`/usr/local/bin/gosu --version`
64 | echo "gosu info: \"$gosu_version\""
65 | }
66 |
67 | _main() {
68 |
69 | echo
70 | echo -e "${LIGHTBLUE}[checkout runtime environment]${NC}"
71 | echo
72 |
73 | # check kernel and lib version
74 | _checkout_runtime_env
75 |
76 | # check out gosu info
77 | _checkout_gosu
78 |
79 | # check user id
80 | echo "detect user:" $(_is_user_exists 'root')
81 | echo "detect user:" $(_is_user_exists 'postgres')
82 | echo "current user is:" $(_checkout_now_user)
83 |
84 |
85 | # grant permission
86 | _grant_permission_to_now_user
87 |
88 |
89 |
90 | echo
91 | echo -e "${LIGHTBLUE}[checkout runtime environment] done.${NC}"
92 | echo
93 |
94 | }
95 |
96 |
97 |
98 |
99 |
100 |
101 | if ! _is_sourced; then
102 | _main "$@"
103 | fi
104 |
--------------------------------------------------------------------------------
/scripts/post-init.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | set -Eeo pipefail
3 |
4 | # define color output
5 | BLACK='\033[0;30m'
6 | DARKGRAY='\033[1;30m'
7 | RED='\033[0;31m'
8 | LIGHTRED='\033[1;31m'
9 | GREEN='\033[0;32m'
10 | LIGHTGREEN='\033[1;32m'
11 | ORANGE='\033[0;33m'
12 | YELLOW='\033[1;33m'
13 | BLUE='\033[0;34m'
14 | LIGHTBLUE='\033[1;34m'
15 | PURPLE='\033[0;35m'
16 | LIGHTPURPLE='\033[1;35m'
17 | CYAN='\033[0;36m'
18 | LIGHTCYAN='\033[1;36m'
19 | LIGHTGRAY='\033[0;37m'
20 | WHITE='\033[1;37m'
21 | NC='\033[0m' # No Color
22 |
23 | # check to see if this file is being run or sourced from another script
24 | _is_sourced() {
25 | # https://unix.stackexchange.com/a/215279
26 | [ "${#FUNCNAME[@]}" -ge 2 ] \
27 | && [ "${FUNCNAME[0]}" = '_is_sourced' ] \
28 | && [ "${FUNCNAME[1]}" = 'source' ]
29 | }
30 |
31 |
32 |
33 | _check_process() {
34 | ret=$(ps -aux | grep "$1" | grep -v grep)
35 | if [ ${#ret} -gt 0 ]; then
36 | readarray -t result <<<"$ret"
37 | for i in "${result[@]}"
38 | do
39 | echo -e "${GREEN}├─ $i${NC}"
40 | done
41 | else
42 | echo -e "${RED}├─ [x] can not found process \"$1\".${NC}"
43 | fi
44 | }
45 |
46 |
47 | _main() {
48 | # watting process start
49 | sleep 10
50 |
51 | echo
52 | echo -e "${LIGHTBLUE}[checkout post init status]${NC}"
53 | echo
54 |
55 | echo -e "${LIGHTBLUE}┌[checking porcess postgres]${NC}"
56 | echo "$(_check_process 'postgres')"
57 | echo
58 |
59 | echo -e "${LIGHTBLUE}┌[checking porcess redis]${NC}"
60 | echo "$(_check_process 'redis-server')"
61 | echo
62 |
63 | echo -e "${LIGHTBLUE}┌[checking porcess minio]${NC}"
64 | echo "$(_check_process 'minio')"
65 | echo
66 |
67 | echo -e "${LIGHTBLUE}┌[checking porcess envoy]${NC}"
68 | echo "$(_check_process 'envoy')"
69 | echo
70 |
71 | echo -e "${LIGHTBLUE}┌[checking porcess nginx]${NC}"
72 | echo "$(_check_process 'nginx')"
73 | echo
74 |
75 | echo -e "${LIGHTBLUE}┌[checking porcess illa-builder-backend]${NC}"
76 | echo "$(_check_process 'illa-builder-backend')"
77 | echo
78 |
79 | echo -e "${LIGHTBLUE}┌[checking porcess illa-builder-backend-websocket]${NC}"
80 | echo "$(_check_process 'illa-builder-backend-websocket')"
81 | echo
82 |
83 | echo -e "${LIGHTBLUE}┌[checking porcess illa-supervisor-backend]${NC}"
84 | echo "$(_check_process 'illa-supervisor-backend')"
85 | echo
86 |
87 | echo -e "${LIGHTBLUE}┌[checking porcess illa-supervisor-backend-internal]${NC}"
88 | echo "$(_check_process 'illa-supervisor-backend-internal')"
89 | echo
90 |
91 |
92 | echo
93 | echo -e "${LIGHTBLUE}[checkout post init status] done.${NC}"
94 | echo
95 |
96 | }
97 |
98 |
99 |
100 |
101 | if ! _is_sourced; then
102 | _main "$@"
103 | fi
104 |
--------------------------------------------------------------------------------
/scripts/main.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 |
3 | # define color output
4 | BLACK='\033[0;30m'
5 | DARKGRAY='\033[1;30m'
6 | RED='\033[0;31m'
7 | LIGHTRED='\033[1;31m'
8 | GREEN='\033[0;32m'
9 | LIGHTGREEN='\033[1;32m'
10 | ORANGE='\033[0;33m'
11 | YELLOW='\033[1;33m'
12 | BLUE='\033[0;34m'
13 | LIGHTBLUE='\033[1;34m'
14 | PURPLE='\033[0;35m'
15 | LIGHTPURPLE='\033[1;35m'
16 | CYAN='\033[0;36m'
17 | LIGHTCYAN='\033[1;36m'
18 | LIGHTGRAY='\033[0;37m'
19 | WHITE='\033[1;37m'
20 | NC='\033[0m' # No Color
21 |
22 | _label() {
23 | while read -r l; do
24 | echo "$1 $l"
25 | done
26 | }
27 |
28 | #
29 | # Let's Rock !!!
30 | #
31 |
32 | echo
33 | echo -e "${LIGHTBLUE}██╗██╗ ██╗ █████╗ ██████╗ ██╗ ██╗██╗██╗ ██████╗ ███████╗██████╗ ${NC}"
34 | echo -e "${LIGHTBLUE}██║██║ ██║ ██╔══██╗ ██╔══██╗██║ ██║██║██║ ██╔══██╗██╔════╝██╔══██╗ ${NC}"
35 | echo -e "${LIGHTBLUE}██║██║ ██║ ███████║ ██████╔╝██║ ██║██║██║ ██║ ██║█████╗ ██████╔╝ ${NC}"
36 | echo -e "${LIGHTBLUE}██║██║ ██║ ██╔══██║ ██╔══██╗██║ ██║██║██║ ██║ ██║██╔══╝ ██╔══██╗ ${NC}"
37 | echo -e "${LIGHTBLUE}██║███████╗███████╗██║ ██║ ██████╔╝╚██████╔╝██║███████╗██████╔╝███████╗██║ ██║ ${NC}"
38 | echo -e "${LIGHTBLUE}╚═╝╚══════╝╚══════╝╚═╝ ╚═╝ ╚═════╝ ╚═════╝ ╚═╝╚══════╝╚═════╝ ╚══════╝╚═╝ ╚═╝ ${NC}"
39 | echo
40 | echo
41 |
42 | # default config
43 | export PGDATA=/opt/illa/database/pgdata
44 | export MINIODATA=/opt/illa/drive/
45 |
46 |
47 | # init function
48 | current_user="$(id -u)"
49 |
50 |
51 | #
52 | # run pre init scripts
53 | #
54 | echo
55 | echo -e "${LIGHTBLUE}[run pre init scripts]${NC}"
56 | echo
57 | /opt/illa/pre-init.sh
58 |
59 | #
60 | # run entrypoint scripts
61 | #
62 | echo
63 | echo -e "${LIGHTBLUE}[run entrypoint scripts]${NC}"
64 | echo
65 | /opt/illa/postgres/postgres-entrypoint.sh 2>&1 | _label "[postgres entrypoint] "
66 | /opt/illa/redis/redis-entrypoint.sh 2>&1 | _label "[redis entrypoint] "
67 | /opt/illa/minio/minio-entrypoint.sh 2>&1 | _label "[minio entrypoint] "
68 | /opt/illa/nginx/nginx-entrypoint.sh 2>&1 | _label "[nginx entrypoint] "
69 | /opt/illa/envoy/envoy-entrypoint.sh 2>&1 | _label "[envoy entrypoint] "
70 |
71 | # run postgres
72 | echo
73 | echo -e "${LIGHTBLUE}[run postgres]${NC}"
74 | echo
75 | if [ $current_user = '0' ]; then
76 | gosu postgres postgres 2>&1 | _label "[postgres] " &
77 | else
78 | postgres 2>&1 | _label "[postgres] " &
79 | fi
80 |
81 | # init data
82 | echo
83 | echo -e "${LIGHTBLUE}[init data]${NC}"
84 | echo
85 | /opt/illa/postgres/postgres-init.sh 2>&1 | _label "[data init scripts] "
86 |
87 |
88 | #
89 | # run redis-server
90 | #
91 | echo
92 | echo -e "${LIGHTBLUE}[run redis-server]${NC}"
93 | echo
94 | redis-server 2>&1 | _label "[redis] " &
95 |
96 |
97 | #
98 | # run minio
99 | #
100 | echo
101 | echo -e "${LIGHTBLUE}[run minio]${NC}"
102 | echo
103 | /usr/local/bin/minio server $MINIODATA 2>&1 | _label "[minio] " &
104 |
105 |
106 | # run illa units
107 | echo
108 | echo -e "${LIGHTBLUE}[run illa units]${NC}"
109 | echo
110 | /opt/illa/illa-builder-backend/bin/illa-builder-backend 2>&1 | _label "[illa-builder-backend] " &
111 | /opt/illa/illa-builder-backend/bin/illa-builder-backend-websocket 2>&1 | _label "[illa-builder-backend-websocket] " &
112 | /opt/illa/illa-supervisor-backend/bin/illa-supervisor-backend 2>&1 | _label "[illa-supervisor-backend] " &
113 | /opt/illa/illa-supervisor-backend/bin/illa-supervisor-backend-internal 2>&1 | _label "[illa-supervisor-backend-internal] " &
114 |
115 | #
116 | # run nginx
117 | #
118 | echo
119 | echo -e "${LIGHTBLUE}[run nginx]${NC}"
120 | echo
121 | nginx -e /dev/stderr 2>&1 | _label "[nginx] " &
122 |
123 |
124 | #
125 | # run envoy
126 | #
127 | echo
128 | echo -e "${LIGHTBLUE}[run envoy]${NC}"
129 | echo
130 | if [ $current_user = '0' ]; then
131 | gosu envoy /usr/local/bin/envoy -c /opt/illa/envoy/illa-unit-ingress.yaml 2>&1 | _label "[envoy] " &
132 | else
133 | /usr/local/bin/envoy -c /opt/illa/envoy/illa-unit-ingress.yaml 2>&1 | _label "[envoy] " &
134 | fi
135 |
136 |
137 | #
138 | # run post init scripts
139 | #
140 | echo
141 | echo -e "${LIGHTBLUE}[run post init scripts]${NC}"
142 | echo
143 | /opt/illa/post-init.sh
144 |
145 | # loop
146 | while true; do
147 | sleep 1;
148 | done
149 |
150 |
151 |
--------------------------------------------------------------------------------
/config/system/group:
--------------------------------------------------------------------------------
1 | root:x:0:illa,envoy,minio,redis,nginx,illarg_1000,illarg_1001,illarg_1002,illarg_1003,illarg_1004,illarg_1005,illarg_1006,illarg_1007,illarg_1008,illarg_1009,illarg_1010,illarg_1011,illarg_1012,illarg_1013,illarg_1014,illarg_1015,illarg_1016,illarg_1017,illarg_1018,illarg_1019,illarg_1020,illarg_1021,illarg_1022,illarg_1023,illarg_1024,illarg_1025,illarg_1026,illarg_1027,illarg_1028,illarg_1029,illarg_1030,illarg_1031,illarg_1032,illarg_1033,illarg_1034,illarg_1035,illarg_1036,illarg_1037,illarg_1038,illarg_1039,illarg_1040,illarg_1041,illarg_1042,illarg_1043,illarg_1044,illarg_1045,illarg_1046,illarg_1047,illarg_1048,illarg_1049,illarg_1050,illarg_1051,illarg_1052,illarg_1053,illarg_1054,illarg_1055,illarg_1056,illarg_1057,illarg_1058,illarg_1059,illarg_1060,illarg_1061,illarg_1062,illarg_1063,illarg_1064,illarg_1065,illarg_1066,illarg_1067,illarg_1068,illarg_1069,illarg_1070,illarg_1071,illarg_1072,illarg_1073,illarg_1074,illarg_1075,illarg_1076,illarg_1077,illarg_1078,illarg_1079,illarg_1080,illarg_1081,illarg_1082,illarg_1083,illarg_1084,illarg_1085,illarg_1086,illarg_1087,illarg_1088,illarg_1089,illarg_1090,illarg_1091,illarg_1092,illarg_1093,illarg_1094,illarg_1095,illarg_1096,illarg_1097,illarg_1098,illarg_1099,illarg_1100,illarg_1101,illarg_1102,illarg_1103,illarg_1104,illarg_1105,illarg_1106,illarg_1107,illarg_1108,illarg_1109,illarg_2000,illarg_2001,illarg_2002,illarg_2003,illarg_2004,illarg_2005,illarg_2006,illarg_2007,illarg_2008,illarg_2009
2 | daemon:x:1:
3 | bin:x:2:
4 | sys:x:3:
5 | adm:x:4:
6 | tty:x:5:
7 | disk:x:6:
8 | lp:x:7:
9 | mail:x:8:
10 | news:x:9:
11 | uucp:x:10:
12 | man:x:12:
13 | proxy:x:13:
14 | kmem:x:15:
15 | dialout:x:20:
16 | fax:x:21:
17 | voice:x:22:
18 | cdrom:x:24:
19 | floppy:x:25:
20 | tape:x:26:
21 | sudo:x:27:
22 | audio:x:29:
23 | dip:x:30:
24 | www-data:x:33:
25 | backup:x:34:
26 | operator:x:37:
27 | list:x:38:
28 | irc:x:39:
29 | src:x:40:
30 | gnats:x:41:
31 | shadow:x:42:
32 | utmp:x:43:
33 | video:x:44:
34 | sasl:x:45:
35 | plugdev:x:46:
36 | staff:x:50:
37 | games:x:60:
38 | users:x:100:
39 | nogroup:x:65534:
40 | postgres:x:999:
41 | ssl-cert:x:101:postgres,nginx
42 | envoy:x:102:
43 | minio:x:103:
44 | redis:x:104:
45 | nginx:x:105:
46 | illa:x:106:
47 | illarg_1000:x:1000:
48 | illarg_1001:x:1001:
49 | illarg_1002:x:1002:
50 | illarg_1003:x:1003:
51 | illarg_1004:x:1004:
52 | illarg_1005:x:1005:
53 | illarg_1006:x:1006:
54 | illarg_1007:x:1007:
55 | illarg_1008:x:1008:
56 | illarg_1009:x:1009:
57 | illarg_1010:x:1010:
58 | illarg_1011:x:1011:
59 | illarg_1012:x:1012:
60 | illarg_1013:x:1013:
61 | illarg_1014:x:1014:
62 | illarg_1015:x:1015:
63 | illarg_1016:x:1016:
64 | illarg_1017:x:1017:
65 | illarg_1018:x:1018:
66 | illarg_1019:x:1019:
67 | illarg_1020:x:1020:
68 | illarg_1021:x:1021:
69 | illarg_1022:x:1022:
70 | illarg_1023:x:1023:
71 | illarg_1024:x:1024:
72 | illarg_1025:x:1025:
73 | illarg_1026:x:1026:
74 | illarg_1027:x:1027:
75 | illarg_1028:x:1028:
76 | illarg_1029:x:1029:
77 | illarg_1030:x:1030:
78 | illarg_1031:x:1031:
79 | illarg_1032:x:1032:
80 | illarg_1033:x:1033:
81 | illarg_1034:x:1034:
82 | illarg_1035:x:1035:
83 | illarg_1036:x:1036:
84 | illarg_1037:x:1037:
85 | illarg_1038:x:1038:
86 | illarg_1039:x:1039:
87 | illarg_1040:x:1040:
88 | illarg_1041:x:1041:
89 | illarg_1042:x:1042:
90 | illarg_1043:x:1043:
91 | illarg_1044:x:1044:
92 | illarg_1045:x:1045:
93 | illarg_1046:x:1046:
94 | illarg_1047:x:1047:
95 | illarg_1048:x:1048:
96 | illarg_1049:x:1049:
97 | illarg_1050:x:1050:
98 | illarg_1051:x:1051:
99 | illarg_1052:x:1052:
100 | illarg_1053:x:1053:
101 | illarg_1054:x:1054:
102 | illarg_1055:x:1055:
103 | illarg_1056:x:1056:
104 | illarg_1057:x:1057:
105 | illarg_1058:x:1058:
106 | illarg_1059:x:1059:
107 | illarg_1060:x:1060:
108 | illarg_1061:x:1061:
109 | illarg_1062:x:1062:
110 | illarg_1063:x:1063:
111 | illarg_1064:x:1064:
112 | illarg_1065:x:1065:
113 | illarg_1066:x:1066:
114 | illarg_1067:x:1067:
115 | illarg_1068:x:1068:
116 | illarg_1069:x:1069:
117 | illarg_1070:x:1070:
118 | illarg_1071:x:1071:
119 | illarg_1072:x:1072:
120 | illarg_1073:x:1073:
121 | illarg_1074:x:1074:
122 | illarg_1075:x:1075:
123 | illarg_1076:x:1076:
124 | illarg_1077:x:1077:
125 | illarg_1078:x:1078:
126 | illarg_1079:x:1079:
127 | illarg_1080:x:1080:
128 | illarg_1081:x:1081:
129 | illarg_1082:x:1082:
130 | illarg_1083:x:1083:
131 | illarg_1084:x:1084:
132 | illarg_1085:x:1085:
133 | illarg_1086:x:1086:
134 | illarg_1087:x:1087:
135 | illarg_1088:x:1088:
136 | illarg_1089:x:1089:
137 | illarg_1090:x:1090:
138 | illarg_1091:x:1091:
139 | illarg_1092:x:1092:
140 | illarg_1093:x:1093:
141 | illarg_1094:x:1094:
142 | illarg_1095:x:1095:
143 | illarg_1096:x:1096:
144 | illarg_1097:x:1097:
145 | illarg_1098:x:1098:
146 | illarg_1099:x:1099:
147 | illarg_1100:x:1100:
148 | illarg_1101:x:1101:
149 | illarg_1102:x:1102:
150 | illarg_1103:x:1103:
151 | illarg_1104:x:1104:
152 | illarg_1105:x:1105:
153 | illarg_1106:x:1106:
154 | illarg_1107:x:1107:
155 | illarg_1108:x:1108:
156 | illarg_1109:x:1109:
157 | illarg_2000:x:2000:
158 | illarg_2001:x:2001:
159 | illarg_2002:x:2002:
160 | illarg_2003:x:2003:
161 | illarg_2004:x:2004:
162 | illarg_2005:x:2005:
163 | illarg_2006:x:2006:
164 | illarg_2007:x:2007:
165 | illarg_2008:x:2008:
166 | illarg_2009:x:2009:
167 |
--------------------------------------------------------------------------------
/config/envoy/illa-unit-ingress.yaml:
--------------------------------------------------------------------------------
1 | overload_manager:
2 | refresh_interval: 0.25s
3 | resource_monitors:
4 | - name: "envoy.resource_monitors.fixed_heap"
5 | typed_config:
6 | "@type": type.googleapis.com/envoy.config.resource_monitor.fixed_heap.v2alpha.FixedHeapConfig
7 | # TODO: Tune for your system.
8 | max_heap_size_bytes: 1073741824 # 1 GiB
9 | actions:
10 | - name: "envoy.overload_actions.shrink_heap"
11 | triggers:
12 | - name: "envoy.resource_monitors.fixed_heap"
13 | threshold:
14 | value: 0.95
15 | - name: "envoy.overload_actions.stop_accepting_requests"
16 | triggers:
17 | - name: "envoy.resource_monitors.fixed_heap"
18 | threshold:
19 | value: 0.98
20 |
21 | static_resources:
22 | listeners:
23 | - name: illa_unit_listener
24 | address:
25 | socket_address:
26 | address: 0.0.0.0
27 | port_value: 2022
28 | filter_chains:
29 | - filters:
30 | - name: envoy.filters.network.http_connection_manager
31 | typed_config:
32 | "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
33 | codec_type: AUTO
34 | stat_prefix: illa_unit_self_host
35 | upgrade_configs:
36 | - upgrade_type: websocket
37 | route_config:
38 | name: local_route
39 | virtual_hosts:
40 | - name: illa_builder
41 | domains: ["*"]
42 | routes:
43 | - match:
44 | prefix: "/builder/"
45 | route:
46 | prefix_rewrite: "/"
47 | cluster: illa_builder_backend_unit
48 | - match:
49 | prefix: "/action/"
50 | route:
51 | prefix_rewrite: "/"
52 | cluster: illa_builder_backend_unit
53 | - match:
54 | prefix: "/resource/"
55 | route:
56 | prefix_rewrite: "/"
57 | cluster: illa_resource_backend_unit
58 | - match:
59 | prefix: "/builder-ws/"
60 | route:
61 | prefix_rewrite: "/"
62 | cluster: illa_builder_backend_ws_unit
63 | timeout: 0s
64 | - match:
65 | prefix: "/supervisor/"
66 | route:
67 | prefix_rewrite: "/"
68 | cluster: illa_supervisor_backend_unit
69 | - match:
70 | prefix: "/object-storage/"
71 | route:
72 | prefix_rewrite: "/"
73 | host_rewrite_literal: "127.0.0.1:9000"
74 | cluster: illa_object_storage_unit
75 | - match:
76 | prefix: "/build"
77 | route:
78 | prefix_rewrite: "/"
79 | cluster: illa_builder_frontend_unit
80 | - match:
81 | prefix: "/cloud"
82 | route:
83 | prefix_rewrite: "/"
84 | cluster: illa_cloud_frontend_unit
85 | - match:
86 | path: "/"
87 | redirect:
88 | path_redirect: "/cloud"
89 |
90 | http_filters:
91 | - name: envoy.filters.http.router
92 | typed_config:
93 | "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
94 |
95 | clusters:
96 | - name: illa_cloud_frontend_unit
97 | type: STRICT_DNS
98 | lb_policy: ROUND_ROBIN
99 | connect_timeout: 10s
100 | load_assignment:
101 | cluster_name: illa_cloud_frontend_unit
102 | endpoints:
103 | - lb_endpoints:
104 | - endpoint:
105 | address:
106 | socket_address:
107 | address: 127.0.0.1
108 | port_value: 7999
109 | - name: illa_builder_frontend_unit
110 | type: STRICT_DNS
111 | lb_policy: ROUND_ROBIN
112 | connect_timeout: 10s
113 | load_assignment:
114 | cluster_name: illa_builder_frontend_unit
115 | endpoints:
116 | - lb_endpoints:
117 | - endpoint:
118 | address:
119 | socket_address:
120 | address: 127.0.0.1
121 | port_value: 8000
122 | - name: illa_builder_backend_unit
123 | type: STRICT_DNS
124 | lb_policy: ROUND_ROBIN
125 | connect_timeout: 10s
126 | load_assignment:
127 | cluster_name: illa_builder_backend_unit
128 | endpoints:
129 | - lb_endpoints:
130 | - endpoint:
131 | address:
132 | socket_address:
133 | address: 127.0.0.1
134 | port_value: 8001
135 | - name: illa_resource_backend_unit
136 | type: STRICT_DNS
137 | lb_policy: ROUND_ROBIN
138 | connect_timeout: 10s
139 | load_assignment:
140 | cluster_name: illa_resource_backend_unit
141 | endpoints:
142 | - lb_endpoints:
143 | - endpoint:
144 | address:
145 | socket_address:
146 | address: 127.0.0.1
147 | port_value: 8001
148 | - name: illa_builder_backend_ws_unit
149 | type: STRICT_DNS
150 | lb_policy: ROUND_ROBIN
151 | connect_timeout: 10s
152 | load_assignment:
153 | cluster_name: illa_builder_backend_ws_unit
154 | endpoints:
155 | - lb_endpoints:
156 | - endpoint:
157 | address:
158 | socket_address:
159 | address: 127.0.0.1
160 | port_value: 8002
161 | - name: illa_supervisor_backend_unit
162 | type: STRICT_DNS
163 | lb_policy: ROUND_ROBIN
164 | connect_timeout: 10s
165 | load_assignment:
166 | cluster_name: illa_supervisor_backend_unit
167 | endpoints:
168 | - lb_endpoints:
169 | - endpoint:
170 | address:
171 | socket_address:
172 | address: 127.0.0.1
173 | port_value: 8003
174 | - name: illa_object_storage_unit
175 | type: STRICT_DNS
176 | lb_policy: ROUND_ROBIN
177 | connect_timeout: 10s
178 | load_assignment:
179 | cluster_name: illa_object_storage_unit
180 | endpoints:
181 | - lb_endpoints:
182 | - endpoint:
183 | address:
184 | socket_address:
185 | address: 127.0.0.1
186 | port_value: 9000
187 | - name: illa_supervisor_backend_internal_unit
188 | type: STRICT_DNS
189 | lb_policy: ROUND_ROBIN
190 | connect_timeout: 10s
191 | load_assignment:
192 | cluster_name: illa_supervisor_backend_internal_unit
193 | endpoints:
194 | - lb_endpoints:
195 | - endpoint:
196 | address:
197 | socket_address:
198 | address: 127.0.0.1
199 | port_value: 9001
200 |
--------------------------------------------------------------------------------
/dockerfile:
--------------------------------------------------------------------------------
1 | #
2 | # build illa-builder-backend & illa-builder-backend-ws
3 | #
4 |
5 | FROM --platform=$BUILDPLATFORM golang:1.20-bullseye as illa-builder-backend
6 |
7 | ## set env
8 | ENV LANG C.UTF-8
9 | ENV LC_ALL C.UTF-8
10 | ARG TARGETPLATFORM
11 | ARG BUILDPLATFORM
12 | ARG TARGETARCH
13 | ENV GO111MODULE=on \
14 | CGO_ENABLED=0 \
15 | GOOS=linux \
16 | GOARCH=${TARGETARCH}
17 |
18 | ## build
19 | WORKDIR /opt/illa/illa-builder-backend
20 | RUN cd /opt/illa/illa-builder-backend
21 | RUN ls -alh
22 |
23 | ARG BE=main
24 | RUN git clone -b ${BE} https://github.com/illacloud/builder-backend.git ./
25 |
26 | RUN cat ./Makefile
27 |
28 | RUN make all
29 |
30 | RUN ls -alh ./bin/*
31 |
32 |
33 |
34 | #
35 | # build illa-supervisor-backend & illa-supervisor-backend-internal
36 | #
37 |
38 | FROM --platform=$BUILDPLATFORM golang:1.20-bullseye as illa-supervisor-backend
39 |
40 | ## set env
41 | ENV LANG C.UTF-8
42 | ENV LC_ALL C.UTF-8
43 | ARG TARGETPLATFORM
44 | ARG BUILDPLATFORM
45 | ARG TARGETARCH
46 |
47 | ENV GO111MODULE=on \
48 | CGO_ENABLED=0 \
49 | GOOS=linux \
50 | GOARCH=${TARGETARCH}
51 |
52 | ## build
53 | WORKDIR /opt/illa/illa-supervisor-backend
54 | RUN cd /opt/illa/illa-supervisor-backend
55 | RUN ls -alh
56 |
57 | ARG SBE=main
58 | RUN git clone -b ${SBE} https://github.com/illacloud/illa-supervisor-backend.git ./
59 |
60 | RUN cat ./Makefile
61 |
62 | RUN make all
63 |
64 | RUN ls -alh ./bin/*
65 |
66 |
67 | #
68 | # build redis
69 | #
70 | FROM redis:6.2.7 as cache-redis
71 |
72 | RUN ls -alh /usr/local/bin/redis*
73 |
74 |
75 | #
76 | # build minio
77 | #
78 | FROM minio/minio:RELEASE.2024-07-15T19-02-30Z as drive-minio
79 |
80 | RUN ls -alh /usr/bin/minio
81 |
82 | #
83 | # build nginx
84 | #
85 | FROM nginx:1.24-bullseye as webserver-nginx
86 |
87 | RUN ls -alh /usr/sbin/nginx; ls -alh /usr/lib/nginx; ls -alh /etc/nginx; ls -alh /usr/share/nginx;
88 |
89 | #
90 | # build envoy
91 | #
92 | FROM envoyproxy/envoy:v1.18.2 as ingress-envoy
93 |
94 | RUN ls -alh /etc/envoy
95 |
96 | RUN ls -alh /usr/local/bin/envoy*
97 | RUN ls -alh /usr/local/bin/su-exec
98 | RUN ls -alh /etc/envoy/envoy.yaml
99 | RUN ls -alh /docker-entrypoint.sh
100 |
101 |
102 | #
103 | # Assembly all-in-one image
104 | #
105 | FROM postgres:14.5-bullseye as runner
106 |
107 |
108 | #
109 | # init environment & install required debug & runtime tools
110 | #
111 | RUN set -eux; \
112 | apt-get update; \
113 | apt-get install -y --no-install-recommends \
114 | ca-certificates \
115 | curl \
116 | netbase \
117 | wget \
118 | telnet \
119 | gnupg \
120 | dirmngr \
121 | dumb-init \
122 | procps \
123 | gettext-base \
124 | ; \
125 | rm -rf /var/lib/apt/lists/*
126 |
127 |
128 |
129 |
130 | #
131 | # init working folder and users
132 | #
133 | RUN mkdir /opt/illa
134 | RUN addgroup --system --gid 102 nginx \
135 | && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 102 nginx \
136 | && adduser --group --system envoy \
137 | && adduser --group --system minio \
138 | && adduser --group --system redis \
139 | && adduser --group --system illa \
140 | && cat /etc/group
141 |
142 | #
143 | # copy illa-builder-backend bin
144 | #
145 | COPY --from=illa-builder-backend /opt/illa/illa-builder-backend /opt/illa/illa-builder-backend
146 |
147 | #
148 | # copy illa-supervisor-backend bin
149 | #
150 | COPY --from=illa-supervisor-backend /opt/illa/illa-supervisor-backend /opt/illa/illa-supervisor-backend
151 |
152 | #
153 | # copy illa-builder-frontend
154 | #
155 | COPY ./builder /opt/illa/illa-builder-frontend
156 | COPY ./cloud /opt/illa/illa-cloud-frontend
157 |
158 |
159 |
160 | #
161 | # copy gosu
162 | #
163 |
164 | RUN gosu --version; \
165 | gosu nobody true
166 |
167 | #
168 | # copy redis
169 | #
170 | RUN mkdir -p /opt/illa/cache-data/; \
171 | mkdir -p /opt/illa/redis/; \
172 | chown -fR redis:redis /opt/illa/cache-data/; \
173 | chown -fR redis:redis /opt/illa/redis/;
174 |
175 |
176 | COPY --from=cache-redis /usr/local/bin/redis-benchmark /usr/local/bin/redis-benchmark
177 | COPY --from=cache-redis /usr/local/bin/redis-check-aof /usr/local/bin/redis-check-aof
178 | COPY --from=cache-redis /usr/local/bin/redis-check-rdb /usr/local/bin/redis-check-rdb
179 | COPY --from=cache-redis /usr/local/bin/redis-cli /usr/local/bin/redis-cli
180 | COPY --from=cache-redis /usr/local/bin/redis-sentinel /usr/local/bin/redis-sentinel
181 | COPY --from=cache-redis /usr/local/bin/redis-server /usr/local/bin/redis-server
182 |
183 | COPY scripts/redis-entrypoint.sh /opt/illa/redis
184 | RUN chmod +x /opt/illa/redis/redis-entrypoint.sh
185 |
186 |
187 | #
188 | # copy minio
189 | #
190 | RUN mkdir -p /opt/illa/drive/; \
191 | mkdir -p /opt/illa/minio/; \
192 | chown -fR minio:minio /opt/illa/drive/; \
193 | chown -fR minio:minio /opt/illa/minio/;
194 |
195 |
196 | COPY --from=drive-minio /usr/bin/minio /usr/local/bin/minio
197 |
198 | COPY scripts/minio-entrypoint.sh /opt/illa/minio
199 | RUN chmod +x /opt/illa/minio/minio-entrypoint.sh
200 |
201 |
202 | #
203 | # copy nginx
204 | #
205 | RUN mkdir /opt/illa/nginx
206 |
207 | COPY --from=webserver-nginx /usr/sbin/nginx /usr/sbin/nginx
208 | COPY --from=webserver-nginx /usr/lib/nginx /usr/lib/nginx
209 | COPY --from=webserver-nginx /etc/nginx /etc/nginx
210 | COPY --from=webserver-nginx /usr/share/nginx /usr/share/nginx
211 |
212 | COPY config/nginx/nginx.conf /etc/nginx/nginx.conf
213 | COPY config/nginx/illa-builder-frontend.conf /etc/nginx/conf.d/
214 | COPY config/nginx/illa-cloud-frontend.conf /etc/nginx/conf.d/
215 | COPY scripts/nginx-entrypoint.sh /opt/illa/nginx
216 |
217 | RUN set -x \
218 | && mkdir /var/log/nginx/ \
219 | && chmod 0777 /var/log/nginx/ \
220 | && mkdir /var/cache/nginx/ \
221 | && ln -sf /dev/stdout /var/log/nginx/access.log \
222 | && ln -sf /dev/stderr /var/log/nginx/error.log \
223 | && touch /tmp/nginx.pid \
224 | && chmod 0777 /tmp/nginx.pid \
225 | && rm /etc/nginx/conf.d/default.conf \
226 | && chmod +x /opt/illa/nginx/nginx-entrypoint.sh \
227 | && chown -R $UID:0 /var/cache/nginx \
228 | && chmod -R g+w /var/cache/nginx \
229 | && chown -R $UID:0 /etc/nginx \
230 | && chmod -R g+w /etc/nginx
231 |
232 | RUN nginx -t
233 |
234 |
235 | #
236 | # copy envoy
237 | #
238 | ENV ENVOY_UID 0 # set to root for envoy listing on 80 prot
239 | ENV ENVOY_GID 0
240 |
241 | RUN mkdir -p /opt/illa/envoy \
242 | && mkdir -p /etc/envoy
243 |
244 | COPY --from=ingress-envoy /usr/local/bin/envoy* /usr/local/bin/
245 | COPY --from=ingress-envoy /usr/local/bin/su-exec /usr/local/bin/
246 | COPY --from=ingress-envoy /etc/envoy/envoy.yaml /etc/envoy/
247 |
248 | COPY config/envoy/illa-unit-ingress.yaml /opt/illa/envoy
249 | COPY scripts/envoy-entrypoint.sh /opt/illa/envoy
250 |
251 | RUN chmod +x /opt/illa/envoy/envoy-entrypoint.sh \
252 | && ls -alh /usr/local/bin/envoy* \
253 | && ls -alh /usr/local/bin/su-exec \
254 | && ls -alh /etc/envoy/envoy.yaml
255 |
256 |
257 | #
258 | # init database
259 | #
260 | RUN mkdir -p /opt/illa/database/ \
261 | && mkdir -p /opt/illa/postgres/
262 |
263 | COPY scripts/postgres-entrypoint.sh /opt/illa/postgres
264 | COPY scripts/postgres-init.sh /opt/illa/postgres
265 | RUN chmod +x /opt/illa/postgres/postgres-entrypoint.sh \
266 | && chmod +x /opt/illa/postgres/postgres-init.sh
267 |
268 |
269 | #
270 | # add main scripts
271 | #
272 | COPY scripts/main.sh /opt/illa/
273 | COPY scripts/pre-init.sh /opt/illa/
274 | COPY scripts/post-init.sh /opt/illa/
275 | RUN chmod +x /opt/illa/main.sh
276 | RUN chmod +x /opt/illa/pre-init.sh
277 | RUN chmod +x /opt/illa/post-init.sh
278 |
279 | #
280 | # modify global permission
281 | #
282 | COPY config/system/group /opt/illa/
283 | RUN cat /opt/illa/group > /etc/group; rm /opt/illa/group
284 | RUN chown -fR illa:root /opt/illa
285 | RUN chmod 775 -fR /opt/illa
286 |
287 | #
288 | # run
289 | #
290 | ENTRYPOINT ["/usr/bin/dumb-init", "--"]
291 | EXPOSE 2022
292 | CMD ["/opt/illa/main.sh"]
293 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Apache License
2 | Version 2.0, January 2004
3 | http://www.apache.org/licenses/
4 |
5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
6 |
7 | 1. Definitions.
8 |
9 | "License" shall mean the terms and conditions for use, reproduction,
10 | and distribution as defined by Sections 1 through 9 of this document.
11 |
12 | "Licensor" shall mean the copyright owner or entity authorized by
13 | the copyright owner that is granting the License.
14 |
15 | "Legal Entity" shall mean the union of the acting entity and all
16 | other entities that control, are controlled by, or are under common
17 | control with that entity. For the purposes of this definition,
18 | "control" means (i) the power, direct or indirect, to cause the
19 | direction or management of such entity, whether by contract or
20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the
21 | outstanding shares, or (iii) beneficial ownership of such entity.
22 |
23 | "You" (or "Your") shall mean an individual or Legal Entity
24 | exercising permissions granted by this License.
25 |
26 | "Source" form shall mean the preferred form for making modifications,
27 | including but not limited to software source code, documentation
28 | source, and configuration files.
29 |
30 | "Object" form shall mean any form resulting from mechanical
31 | transformation or translation of a Source form, including but
32 | not limited to compiled object code, generated documentation,
33 | and conversions to other media types.
34 |
35 | "Work" shall mean the work of authorship, whether in Source or
36 | Object form, made available under the License, as indicated by a
37 | copyright notice that is included in or attached to the work
38 | (an example is provided in the Appendix below).
39 |
40 | "Derivative Works" shall mean any work, whether in Source or Object
41 | form, that is based on (or derived from) the Work and for which the
42 | editorial revisions, annotations, elaborations, or other modifications
43 | represent, as a whole, an original work of authorship. For the purposes
44 | of this License, Derivative Works shall not include works that remain
45 | separable from, or merely link (or bind by name) to the interfaces of,
46 | the Work and Derivative Works thereof.
47 |
48 | "Contribution" shall mean any work of authorship, including
49 | the original version of the Work and any modifications or additions
50 | to that Work or Derivative Works thereof, that is intentionally
51 | submitted to Licensor for inclusion in the Work by the copyright owner
52 | or by an individual or Legal Entity authorized to submit on behalf of
53 | the copyright owner. For the purposes of this definition, "submitted"
54 | means any form of electronic, verbal, or written communication sent
55 | to the Licensor or its representatives, including but not limited to
56 | communication on electronic mailing lists, source code control systems,
57 | and issue tracking systems that are managed by, or on behalf of, the
58 | Licensor for the purpose of discussing and improving the Work, but
59 | excluding communication that is conspicuously marked or otherwise
60 | designated in writing by the copyright owner as "Not a Contribution."
61 |
62 | "Contributor" shall mean Licensor and any individual or Legal Entity
63 | on behalf of whom a Contribution has been received by Licensor and
64 | subsequently incorporated within the Work.
65 |
66 | 2. Grant of Copyright License. Subject to the terms and conditions of
67 | this License, each Contributor hereby grants to You a perpetual,
68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
69 | copyright license to reproduce, prepare Derivative Works of,
70 | publicly display, publicly perform, sublicense, and distribute the
71 | Work and such Derivative Works in Source or Object form.
72 |
73 | 3. Grant of Patent License. Subject to the terms and conditions of
74 | this License, each Contributor hereby grants to You a perpetual,
75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
76 | (except as stated in this section) patent license to make, have made,
77 | use, offer to sell, sell, import, and otherwise transfer the Work,
78 | where such license applies only to those patent claims licensable
79 | by such Contributor that are necessarily infringed by their
80 | Contribution(s) alone or by combination of their Contribution(s)
81 | with the Work to which such Contribution(s) was submitted. If You
82 | institute patent litigation against any entity (including a
83 | cross-claim or counterclaim in a lawsuit) alleging that the Work
84 | or a Contribution incorporated within the Work constitutes direct
85 | or contributory patent infringement, then any patent licenses
86 | granted to You under this License for that Work shall terminate
87 | as of the date such litigation is filed.
88 |
89 | 4. Redistribution. You may reproduce and distribute copies of the
90 | Work or Derivative Works thereof in any medium, with or without
91 | modifications, and in Source or Object form, provided that You
92 | meet the following conditions:
93 |
94 | (a) You must give any other recipients of the Work or
95 | Derivative Works a copy of this License; and
96 |
97 | (b) You must cause any modified files to carry prominent notices
98 | stating that You changed the files; and
99 |
100 | (c) You must retain, in the Source form of any Derivative Works
101 | that You distribute, all copyright, patent, trademark, and
102 | attribution notices from the Source form of the Work,
103 | excluding those notices that do not pertain to any part of
104 | the Derivative Works; and
105 |
106 | (d) If the Work includes a "NOTICE" text file as part of its
107 | distribution, then any Derivative Works that You distribute must
108 | include a readable copy of the attribution notices contained
109 | within such NOTICE file, excluding those notices that do not
110 | pertain to any part of the Derivative Works, in at least one
111 | of the following places: within a NOTICE text file distributed
112 | as part of the Derivative Works; within the Source form or
113 | documentation, if provided along with the Derivative Works; or,
114 | within a display generated by the Derivative Works, if and
115 | wherever such third-party notices normally appear. The contents
116 | of the NOTICE file are for informational purposes only and
117 | do not modify the License. You may add Your own attribution
118 | notices within Derivative Works that You distribute, alongside
119 | or as an addendum to the NOTICE text from the Work, provided
120 | that such additional attribution notices cannot be construed
121 | as modifying the License.
122 |
123 | You may add Your own copyright statement to Your modifications and
124 | may provide additional or different license terms and conditions
125 | for use, reproduction, or distribution of Your modifications, or
126 | for any such Derivative Works as a whole, provided Your use,
127 | reproduction, and distribution of the Work otherwise complies with
128 | the conditions stated in this License.
129 |
130 | 5. Submission of Contributions. Unless You explicitly state otherwise,
131 | any Contribution intentionally submitted for inclusion in the Work
132 | by You to the Licensor shall be under the terms and conditions of
133 | this License, without any additional terms or conditions.
134 | Notwithstanding the above, nothing herein shall supersede or modify
135 | the terms of any separate license agreement you may have executed
136 | with Licensor regarding such Contributions.
137 |
138 | 6. Trademarks. This License does not grant permission to use the trade
139 | names, trademarks, service marks, or product names of the Licensor,
140 | except as required for reasonable and customary use in describing the
141 | origin of the Work and reproducing the content of the NOTICE file.
142 |
143 | 7. Disclaimer of Warranty. Unless required by applicable law or
144 | agreed to in writing, Licensor provides the Work (and each
145 | Contributor provides its Contributions) on an "AS IS" BASIS,
146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 | implied, including, without limitation, any warranties or conditions
148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 | PARTICULAR PURPOSE. You are solely responsible for determining the
150 | appropriateness of using or redistributing the Work and assume any
151 | risks associated with Your exercise of permissions under this License.
152 |
153 | 8. Limitation of Liability. In no event and under no legal theory,
154 | whether in tort (including negligence), contract, or otherwise,
155 | unless required by applicable law (such as deliberate and grossly
156 | negligent acts) or agreed to in writing, shall any Contributor be
157 | liable to You for damages, including any direct, indirect, special,
158 | incidental, or consequential damages of any character arising as a
159 | result of this License or out of the use or inability to use the
160 | Work (including but not limited to damages for loss of goodwill,
161 | work stoppage, computer failure or malfunction, or any and all
162 | other commercial damages or losses), even if such Contributor
163 | has been advised of the possibility of such damages.
164 |
165 | 9. Accepting Warranty or Additional Liability. While redistributing
166 | the Work or Derivative Works thereof, You may choose to offer,
167 | and charge a fee for, acceptance of support, warranty, indemnity,
168 | or other liability obligations and/or rights consistent with this
169 | License. However, in accepting such obligations, You may act only
170 | on Your own behalf and on Your sole responsibility, not on behalf
171 | of any other Contributor, and only if You agree to indemnify,
172 | defend, and hold each Contributor harmless for any liability
173 | incurred by, or claims asserted against, such Contributor by reason
174 | of your accepting any such warranty or additional liability.
175 |
176 | END OF TERMS AND CONDITIONS
177 |
178 | APPENDIX: How to apply the Apache License to your work.
179 |
180 | To apply the Apache License to your work, attach the following
181 | boilerplate notice, with the fields enclosed by brackets "[]"
182 | replaced with your own identifying information. (Don't include
183 | the brackets!) The text should be enclosed in the appropriate
184 | comment syntax for the file format. We also recommend that a
185 | file or class name and description of purpose be included on the
186 | same "printed page" as the copyright notice for easier
187 | identification within third-party archives.
188 |
189 | Copyright [yyyy] [name of copyright owner]
190 |
191 | Licensed under the Apache License, Version 2.0 (the "License");
192 | you may not use this file except in compliance with the License.
193 | You may obtain a copy of the License at
194 |
195 | http://www.apache.org/licenses/LICENSE-2.0
196 |
197 | Unless required by applicable law or agreed to in writing, software
198 | distributed under the License is distributed on an "AS IS" BASIS,
199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 | See the License for the specific language governing permissions and
201 | limitations under the License.
202 |
--------------------------------------------------------------------------------
/scripts/postgres-entrypoint.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | set -Eeo pipefail
3 | # TODO swap to -Eeuo pipefail above (after handling all potentially-unset variables)
4 |
5 | # usage: file_env VAR [DEFAULT]
6 | # ie: file_env 'XYZ_DB_PASSWORD' 'example'
7 | # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
8 | # "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
9 | file_env() {
10 | local var="$1"
11 | local fileVar="${var}_FILE"
12 | local def="${2:-}"
13 | if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
14 | echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
15 | exit 1
16 | fi
17 | local val="$def"
18 | if [ "${!var:-}" ]; then
19 | val="${!var}"
20 | elif [ "${!fileVar:-}" ]; then
21 | val="$(< "${!fileVar}")"
22 | fi
23 | export "$var"="$val"
24 | unset "$fileVar"
25 | }
26 |
27 | # check to see if this file is being run or sourced from another script
28 | _is_sourced() {
29 | # https://unix.stackexchange.com/a/215279
30 | [ "${#FUNCNAME[@]}" -ge 2 ] \
31 | && [ "${FUNCNAME[0]}" = '_is_sourced' ] \
32 | && [ "${FUNCNAME[1]}" = 'source' ]
33 | }
34 |
35 | # used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user
36 | docker_create_db_directories() {
37 | local user; user="$(id -u)"
38 |
39 | mkdir -p "$PGDATA"
40 | # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory)
41 | chmod 700 "$PGDATA" || :
42 |
43 | # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289
44 | mkdir -p /var/run/postgresql || :
45 | chmod 775 /var/run/postgresql || :
46 |
47 | # Create the transaction log directory before initdb is run so the directory is owned by the correct user
48 | if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then
49 | mkdir -p "$POSTGRES_INITDB_WALDIR"
50 | if [ "$user" = '0' ]; then
51 | find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' +
52 | fi
53 | chmod 700 "$POSTGRES_INITDB_WALDIR"
54 | fi
55 |
56 | # allow the container to be started with `--user`
57 | if [ "$user" = '0' ]; then
58 | find "$PGDATA" \! -user postgres -exec chown postgres '{}' +
59 | find /var/run/postgresql \! -user postgres -exec chown postgres '{}' +
60 | fi
61 | }
62 |
63 | # initialize empty PGDATA directory with new database via 'initdb'
64 | # arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function
65 | # `initdb` automatically creates the "postgres", "template0", and "template1" dbnames
66 | # this is also where the database user is created, specified by `POSTGRES_USER` env
67 | docker_init_database_dir() {
68 | # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary
69 | # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html
70 | local uid; uid="$(id -u)"
71 | if ! getent passwd "$uid" &> /dev/null; then
72 | # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15)
73 | local wrapper
74 | for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do
75 | if [ -s "$wrapper" ]; then
76 | NSS_WRAPPER_PASSWD="$(mktemp)"
77 | NSS_WRAPPER_GROUP="$(mktemp)"
78 | export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
79 | local gid; gid="$(id -g)"
80 | echo "postgres:x:$uid:$gid:PostgreSQL:$PGDATA:/bin/false" > "$NSS_WRAPPER_PASSWD"
81 | echo "postgres:x:$gid:" > "$NSS_WRAPPER_GROUP"
82 | break
83 | fi
84 | done
85 | fi
86 |
87 | if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then
88 | set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@"
89 | fi
90 |
91 | eval 'initdb --username="$POSTGRES_USER" --pwfile=<(echo "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"'
92 |
93 | # unset/cleanup "nss_wrapper" bits
94 | if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then
95 | rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP"
96 | unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP
97 | fi
98 | }
99 |
100 | # print large warning if POSTGRES_PASSWORD is long
101 | # error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust'
102 | # print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust'
103 | # assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ]
104 | docker_verify_minimum_env() {
105 | # check password first so we can output the warning before postgres
106 | # messes it up
107 | if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then
108 | cat >&2 <<-'EOWARN'
109 |
110 | WARNING: The supplied POSTGRES_PASSWORD is 100+ characters.
111 |
112 | This will not work if used via PGPASSWORD with "psql".
113 |
114 | https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412)
115 | https://github.com/docker-library/postgres/issues/507
116 |
117 | EOWARN
118 | fi
119 | if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then
120 | # The - option suppresses leading tabs but *not* spaces. :)
121 | cat >&2 <<-'EOE'
122 | Error: Database is uninitialized and superuser password is not specified.
123 | You must specify POSTGRES_PASSWORD to a non-empty value for the
124 | superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run".
125 |
126 | You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all
127 | connections without a password. This is *not* recommended.
128 |
129 | See PostgreSQL documentation about "trust":
130 | https://www.postgresql.org/docs/current/auth-trust.html
131 | EOE
132 | exit 1
133 | fi
134 | if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then
135 | cat >&2 <<-'EOWARN'
136 | ********************************************************************************
137 | WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow
138 | anyone with access to the Postgres port to access your database without
139 | a password, even if POSTGRES_PASSWORD is set. See PostgreSQL
140 | documentation about "trust":
141 | https://www.postgresql.org/docs/current/auth-trust.html
142 | In Docker's default configuration, this is effectively any other
143 | container on the same system.
144 |
145 | It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace
146 | it with "-e POSTGRES_PASSWORD=password" instead to set a password in
147 | "docker run".
148 | ********************************************************************************
149 | EOWARN
150 | fi
151 | }
152 |
153 | # usage: docker_process_init_files [file [file [...]]]
154 | # ie: docker_process_init_files /always-initdb.d/*
155 | # process initializer files, based on file extensions and permissions
156 | docker_process_init_files() {
157 | # psql here for backwards compatibility "${psql[@]}"
158 | psql=( docker_process_sql )
159 |
160 | echo
161 | local f
162 | for f; do
163 | case "$f" in
164 | *.sh)
165 | # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
166 | # https://github.com/docker-library/postgres/pull/452
167 | if [ -x "$f" ]; then
168 | echo "$0: running $f"
169 | "$f"
170 | else
171 | echo "$0: sourcing $f"
172 | . "$f"
173 | fi
174 | ;;
175 | *.sql) echo "$0: running $f"; docker_process_sql -f "$f"; echo ;;
176 | *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;;
177 | *.sql.xz) echo "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;;
178 | *.sql.zst) echo "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;;
179 | *) echo "$0: ignoring $f" ;;
180 | esac
181 | echo
182 | done
183 | }
184 |
185 | # Execute sql script, passed via stdin (or -f flag of pqsl)
186 | # usage: docker_process_sql [psql-cli-args]
187 | # ie: docker_process_sql --dbname=mydb <<<'INSERT ...'
188 | # ie: docker_process_sql -f my-file.sql
189 | # ie: docker_process_sql > "$PGDATA/pg_hba.conf"
253 | }
254 |
255 | # start socket-only postgresql server for setting up or running scripts
256 | # all arguments will be passed along as arguments to `postgres` (via pg_ctl)
257 | docker_temp_server_start() {
258 | if [ "$1" = 'postgres' ]; then
259 | shift
260 | fi
261 |
262 | # internal start of server in order to allow setup using psql client
263 | # does not listen on external TCP/IP and waits until start finishes
264 | set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}"
265 |
266 | PGUSER="${PGUSER:-$POSTGRES_USER}" \
267 | pg_ctl -D "$PGDATA" \
268 | -o "$(printf '%q ' "$@")" \
269 | -w start
270 | }
271 |
272 | # stop postgresql server after done setting up user and running scripts
273 | docker_temp_server_stop() {
274 | PGUSER="${PGUSER:-postgres}" \
275 | pg_ctl -D "$PGDATA" -m fast -w stop
276 | }
277 |
278 | # check arguments for an option that would cause postgres to stop
279 | # return true if there is one
280 | _pg_want_help() {
281 | local arg
282 | for arg; do
283 | case "$arg" in
284 | # postgres --help | grep 'then exit'
285 | # leaving out -C on purpose since it always fails and is unhelpful:
286 | # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory
287 | -'?'|--help|--describe-config|-V|--version)
288 | return 0
289 | ;;
290 | esac
291 | done
292 | return 1
293 | }
294 |
295 | _pg_remove_postmaster_pid_file() {
296 | if [ -f "$PGDATA/postmaster.pid" ]; then
297 | echo "postmaster.pid exists. remove it."
298 | rm -f $PGDATA/postmaster.pid
299 | fi
300 | }
301 |
302 | _main() {
303 | echo 'Running postgres-entrypoint.sh'
304 | local user; user="$(id -u)"
305 |
306 | # check postmasterfile if docker image exit was unexpected
307 | _pg_remove_postmaster_pid_file
308 |
309 | # if first arg looks like a flag, assume we want to run postgres server
310 | if [ "${1:0:1}" = '-' ]; then
311 | set -- postgres "$@"
312 | fi
313 |
314 | if ! _pg_want_help "$@"; then
315 | docker_setup_env
316 | # setup data directories and permissions (when run as root)
317 | docker_create_db_directories
318 | if [ "$(id -u)" = '0' ]; then
319 | # then restart script as postgres user
320 | exec gosu postgres "$BASH_SOURCE" "$@"
321 | fi
322 |
323 | # only run initialization on an empty data directory
324 | if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
325 | docker_verify_minimum_env
326 |
327 | # check dir permissions to reduce likelihood of half-initialized database
328 | ls /docker-entrypoint-initdb.d/ > /dev/null
329 |
330 | docker_init_database_dir
331 | pg_setup_hba_conf "$@"
332 |
333 | # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless
334 | # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS
335 | export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}"
336 | docker_temp_server_start "$@"
337 |
338 | docker_setup_db
339 | docker_process_init_files /docker-entrypoint-initdb.d/*
340 |
341 | docker_temp_server_stop
342 | unset PGPASSWORD
343 |
344 | echo
345 | echo 'PostgreSQL init process complete; ready for start up.'
346 | echo
347 | else
348 | echo
349 | echo 'PostgreSQL Database directory appears to contain a database; Skipping initialization'
350 | echo
351 | fi
352 | fi
353 |
354 | exec "$@"
355 | }
356 |
357 | if ! _is_sourced; then
358 | _main "$@"
359 | fi
360 |
--------------------------------------------------------------------------------
/scripts/postgres-init.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | set -Eeo pipefail
3 |
4 | # define color output
5 | BLACK='\033[0;30m'
6 | DARKGRAY='\033[1;30m'
7 | RED='\033[0;31m'
8 | LIGHTRED='\033[1;31m'
9 | GREEN='\033[0;32m'
10 | LIGHTGREEN='\033[1;32m'
11 | ORANGE='\033[0;33m'
12 | YELLOW='\033[1;33m'
13 | BLUE='\033[0;34m'
14 | LIGHTBLUE='\033[1;34m'
15 | PURPLE='\033[0;35m'
16 | LIGHTPURPLE='\033[1;35m'
17 | CYAN='\033[0;36m'
18 | LIGHTCYAN='\033[1;36m'
19 | LIGHTGRAY='\033[0;37m'
20 | WHITE='\033[1;37m'
21 | NC='\033[0m' # No Color
22 |
23 | # check to see if this file is being run or sourced from another script
24 | _is_sourced() {
25 | # https://unix.stackexchange.com/a/215279
26 | [ "${#FUNCNAME[@]}" -ge 2 ] \
27 | && [ "${FUNCNAME[0]}" = '_is_sourced' ] \
28 | && [ "${FUNCNAME[1]}" = 'source' ]
29 | }
30 |
31 |
32 |
33 | _main() {
34 |
35 |
36 | echo
37 | echo -e "${LIGHTBLUE}[postgres-init.sh] init illa_builder & illa_supervisor database.${NC}"
38 | echo
39 |
40 |
41 | # check if postgres really starting
42 | RETRIES=5
43 | until psql -U postgres postgres -c "select 1" > /dev/null 2>&1 || [ $RETRIES -eq 0 ]; do
44 | echo "Waiting for postgres server, $((RETRIES--)) remaining attempts..."
45 | sleep 5
46 | done
47 |
48 | if [ $RETRIES -eq 0 ]; then
49 | echo -e "${RED}[FATAL] CAN NOT CONNECT TO POSTGERS DATABASE, PLEASE CHECK YOUR DATABASE INIT STATUS AND FOLDER PERMISSIONS.${NC}"
50 | return 1
51 | fi
52 |
53 | # ok, init database and table.
54 | echo
55 | echo -e "${LIGHTBLUE}init database.${NC}"
56 | echo
57 | psql -U postgres postgres <
2 |
3 |
4 |
--------------------------------------------------------------------------------
4 |
5 |