From 79c76eaef5039276bb3a8725ac8c9f05f89ef0de Mon Sep 17 00:00:00 2001 From: "Suren A. Chilingaryan" Date: Tue, 1 Oct 2019 19:30:54 +0200 Subject: Optimize Dockerfile --- adei/files/docker-entrypoint.sh | 14 ++++++ adei/files/etc/supervisord.conf | 14 ++++++ adei/files/openshift-entrypoint.sh | 17 +++++++ adei/files/opt/configs/apache.conf | 41 +++++++++++++++ adei/files/opt/configs/config.actual.php | 2 + adei/files/opt/configs/config.override.php | 0 adei/files/opt/configs/passwd.admin | 1 + adei/files/opt/configs/passwd.user | 1 + adei/files/opt/scripts/adei-branch.sh | 80 ++++++++++++++++++++++++++++++ adei/files/opt/scripts/configure.sh | 14 ++++++ adei/files/opt/scripts/log.sh | 54 ++++++++++++++++++++ adei/files/opt/scripts/override.sed | 19 +++++++ adei/files/opt/scripts/run-apache.sh | 66 ++++++++++++++++++++++++ adei/files/opt/scripts/run-cron.sh | 7 +++ 14 files changed, 330 insertions(+) create mode 100755 adei/files/docker-entrypoint.sh create mode 100644 adei/files/etc/supervisord.conf create mode 100755 adei/files/openshift-entrypoint.sh create mode 100644 adei/files/opt/configs/apache.conf create mode 100644 adei/files/opt/configs/config.actual.php create mode 100644 adei/files/opt/configs/config.override.php create mode 100644 adei/files/opt/configs/passwd.admin create mode 100644 adei/files/opt/configs/passwd.user create mode 100755 adei/files/opt/scripts/adei-branch.sh create mode 100755 adei/files/opt/scripts/configure.sh create mode 100755 adei/files/opt/scripts/log.sh create mode 100644 adei/files/opt/scripts/override.sed create mode 100755 adei/files/opt/scripts/run-apache.sh create mode 100755 adei/files/opt/scripts/run-cron.sh (limited to 'adei/files') diff --git a/adei/files/docker-entrypoint.sh b/adei/files/docker-entrypoint.sh new file mode 100755 index 0000000..1e99d15 --- /dev/null +++ b/adei/files/docker-entrypoint.sh @@ -0,0 +1,14 @@ +#! /bin/bash + +set -e + +mkdir -p /adei/{src,cfg,tmp,sys,log,mail} + +if ! whoami &> /dev/null; then + if [ -w /etc/passwd ]; then + echo "${USER_NAME:-default}:x:$(id -u):0:${USER_NAME:-default} user:${HOME}:/sbin/nologin" >> /etc/passwd + fi +fi + +echo "Running: $@" +exec "$@" diff --git a/adei/files/etc/supervisord.conf b/adei/files/etc/supervisord.conf new file mode 100644 index 0000000..53a6dcd --- /dev/null +++ b/adei/files/etc/supervisord.conf @@ -0,0 +1,14 @@ +[supervisord] +nodaemon=true + +[program:apache2] +command=/opt/scripts/run-apache.sh +autorestart=true +startsecs=5 +exitcodes=0 + +[program:cron] +command=/opt/scripts/run-cron.sh +autorestart=true +startsecs=5 +exitcodes=0 diff --git a/adei/files/openshift-entrypoint.sh b/adei/files/openshift-entrypoint.sh new file mode 100755 index 0000000..6dde9a8 --- /dev/null +++ b/adei/files/openshift-entrypoint.sh @@ -0,0 +1,17 @@ +#! /bin/bash + +mkdir -p /adei/{src,cfg,tmp,sys,log,mail} + + +while [ ! -f /adei/cfg/.ready ]; do + echo "Waiting for ADEI intialization..." + sleep 5 +done + +while [ ! -f "$1" ]; do + echo "The script $1 is not populated yet. Waiting...." + sleep 1 +done + +echo "Running: $@" +exec /bin/bash "$@" diff --git a/adei/files/opt/configs/apache.conf b/adei/files/opt/configs/apache.conf new file mode 100644 index 0000000..87e3c87 --- /dev/null +++ b/adei/files/opt/configs/apache.conf @@ -0,0 +1,41 @@ + + AuthType Basic + AuthName "ADEI/Admin Authentication" + AuthBasicProvider file + AuthUserFile /adei/cfg/passwd.admin + + Require valid-user + Require ip 127.0.0.1 + Require ip ::1 + + + + + AuthType Basic + AuthName "ADEI/Control Authentication" + AuthBasicProvider file + AuthUserFile /adei/cfg/passwd.admin + + Require valid-user + Require ip 127.0.0.1 + Require ip ::1 + + + + + SetEnvIf Request_URI "adei/probe\.php$" health_check + SetEnvIf Request_URI "adei/services/sched\.php" service + + AuthType Basic + AuthName "ADEI Authentication" + AuthBasicProvider file + AuthUserFile /adei/cfg/passwd.user + + Require all granted + Require valid-user + Require env health_check + Require env service + Require ip 127.0.0.1 + Require ip ::1 + + diff --git a/adei/files/opt/configs/config.actual.php b/adei/files/opt/configs/config.actual.php new file mode 100644 index 0000000..acb6c35 --- /dev/null +++ b/adei/files/opt/configs/config.actual.php @@ -0,0 +1,2 @@ + diff --git a/adei/files/opt/configs/config.override.php b/adei/files/opt/configs/config.override.php new file mode 100644 index 0000000..e69de29 diff --git a/adei/files/opt/configs/passwd.admin b/adei/files/opt/configs/passwd.admin new file mode 100644 index 0000000..1a7a4bb --- /dev/null +++ b/adei/files/opt/configs/passwd.admin @@ -0,0 +1 @@ +adei:$apr1$CmdT4hVc$GIf7BaO/POJn8b5GgkR6K/ diff --git a/adei/files/opt/configs/passwd.user b/adei/files/opt/configs/passwd.user new file mode 100644 index 0000000..1a7a4bb --- /dev/null +++ b/adei/files/opt/configs/passwd.user @@ -0,0 +1 @@ +adei:$apr1$CmdT4hVc$GIf7BaO/POJn8b5GgkR6K/ diff --git a/adei/files/opt/scripts/adei-branch.sh b/adei/files/opt/scripts/adei-branch.sh new file mode 100755 index 0000000..e56f792 --- /dev/null +++ b/adei/files/opt/scripts/adei-branch.sh @@ -0,0 +1,80 @@ +#! /bin/bash + +function branch { + url="$1" + bzr branch "$url" +} + +if [ ! -d /adei/src -o ! -d /adei/tmp -o ! -d /adei/sys -o ! -d /adei/cfg ]; then + echo "Incorrect volume configration, we expect /adei folder with populated docker volumes" + exit 1 +fi + +LOCK_FILE=.lock + +#( +# flock -x 10 +# if [ ! -f /adei/sys/adei.cron.sh ]; then +# cp -a /opt/configs/*.cron.sh /adei/sys +# fi +#) 10> /adei/sys/$LOCK_FILE + + +( + flock -x 10 + flock -x 11 + + + if [ ! -f /adei/cfg/config.actual.php ]; then + cp -a /opt/configs/config.*.php /adei/cfg/ + fi + + if [ ! -f /adei/src/VERSION ]; then + bzr branch -r $ADEI_REVISION --use-existing-dir http://darksoft.org/bzr/adei/trunk/ /adei/src + ( + cd /adei/src + make + + [ -n "$ADEI_REPOSITORY" ] && bzr config push_location=${ADEI_REPOSITORY}/adei + + [ -d tmp ] && rm tmp + ln -s ../tmp tmp + chmod 0777 /adei/tmp + + # Additional setups are clonned based on the environment for adei container creation + # but can be easily added in future. We cache all non-excluded setups. The .exclude + # file is removed afterwards from all + + ln -s ../cfg/config.actual.php config.actual.php + ln -s ../cfg/config.override.php config.override.php + ) + fi + + ( + cd /adei/src + for setup in $ADEI_ENABLED_SETUPS $ADEI_SETUP; do + if [[ ! -a setups/$setup ]]; then + if [[ ! -a /adei/cfg/$setup ]]; then + ( + cd /adei/cfg/ + if [[ "$setup" == *-logs ]]; then + branch "http://darksoft.org/bzr/adei/setups/$setup" &> /dev/null + [ $? -eq 0 ] || cp -ar /adei/src/setups/logs $setup + else + branch "http://darksoft.org/bzr/adei/setups/$setup" + fi + ( + cd $setup + [ -n "$ADEI_REPOSITORY" -a -d .bzr ] && bzr config push_location=${ADEI_REPOSITORY}/adei-setups/$setup + ) + ) + fi + if [ -d ../cfg/$setup ]; then + ln -s ../../cfg/$setup setups/$setup + fi + fi + done + ) + + touch /adei/cfg/.ready +) 10> /adei/cfg/$LOCK_FILE 11> /adei/src/$LOCK_FILE diff --git a/adei/files/opt/scripts/configure.sh b/adei/files/opt/scripts/configure.sh new file mode 100755 index 0000000..458c3dc --- /dev/null +++ b/adei/files/opt/scripts/configure.sh @@ -0,0 +1,14 @@ +#! /bin/bash + +chmod 0777 /adei/tmp + +sed -i'' -re 's/^.*pam_loginuid\.so.*$//' /etc/pam.d/crond + +sed -i'' -re 's/APACHE_MODULES="(.*)"/APACHE_MODULES="\1 php5 rewrite proxy mod_proxy_http access_compat"/' /etc/sysconfig/apache2 +sed -i'' -rf /opt/scripts/override.sed /etc/apache2/default-server.conf +sed -i'' -re 's/short_open_tag\s*=.*/short_open_tag = On/' /etc/php5/apache2/php.ini +sed -i'' -re 's@session.save_path\s*=.*@session.save_path=/tmp@' /etc/php5/apache2/php.ini + +# Docker allows to view stdout/stderr streams individually, but OpenShift not. So we skip CustomLog for now +# Redirection fails here. So lets keep logging to stdout for now. +sed -i'' -re 's@^ErrorLog .*@ErrorLog "|/usr/bin/tee -a /var/log/apache2/error_log"@' /etc/apache2/httpd.conf diff --git a/adei/files/opt/scripts/log.sh b/adei/files/opt/scripts/log.sh new file mode 100755 index 0000000..4237682 --- /dev/null +++ b/adei/files/opt/scripts/log.sh @@ -0,0 +1,54 @@ +#! /bin/bash + +max_age=10 +max_mails=10 +log_lines=50 + +cur=`date +%s` +since=$(($cur - $max_age * 60)) + +echo "Apache error log" +echo "================" +tail -n $log_lines /var/log/apache2/error_log | perl -MDateTime::Format::Strptime -F';' -ane ' + my $parser = DateTime::Format::Strptime->new( + pattern => "%a %b %d %H:%M:%S.%N %Y" + ); + my $formater = DateTime::Format::Strptime->new( + pattern => "%s" + ); + if (/^\[([^]]+)\]/) { + $last = $formater->format_datetime($parser->parse_datetime($1)); + } elsif ($last !~ /\d+/) { + $last = 0; + } + print "$last $_\n"; +' | awk "{ if (\$1 > $since) print \$0 }" | cut -d ' ' -f 2- +echo +echo + + +mails=`mailutil check | cut -d ' ' -f 6` +if [ "$mails" == "in" ]; then + mails=`mailutil check | cut -d ' ' -f 4` +fi + +if [ $mails -gt 0 ]; then + [ $mails -gt $max_mails ] && mails=$max_mails + + cur=`date -u +%s` + for id in `seq $mails -1 1`; do + mail=$(($mails - $id + 1)) + + lastmail=`echo "type $mail" | mailx -R "" -N` + dt=`echo "$lastmail" | grep "From" | head -n 1 | cut -d ' ' -f 3-` + last=`date -u --date "$dt" +%s` + since=$((($cur - $last) / 60)) + if [ $since -le $max_age ]; then + echo "Cron reports on$dt" + echo "========================================" + echo "$lastmail" | sed -e '1,/^$/d' | head -n 10 + echo + echo + fi + done +fi diff --git a/adei/files/opt/scripts/override.sed b/adei/files/opt/scripts/override.sed new file mode 100644 index 0000000..7b96a5b --- /dev/null +++ b/adei/files/opt/scripts/override.sed @@ -0,0 +1,19 @@ +\,, { + :loop + + \,, { + b exit + } + + s/^(\s*Options|\s*AllowOverride).*/\1 All/ + n + + b loop +} +\,/adei/cfg/apache.conf, { + $ ! d +} +\,/adei/cfg/apache.conf, ! { + $aInclude /adei/cfg/apache.conf +} +:exit diff --git a/adei/files/opt/scripts/run-apache.sh b/adei/files/opt/scripts/run-apache.sh new file mode 100755 index 0000000..202df62 --- /dev/null +++ b/adei/files/opt/scripts/run-apache.sh @@ -0,0 +1,66 @@ +#! /bin/bash + +LOCK_FILE=.lock +( + flock -x 10 + if [ ! -f /adei/cfg/apache.conf ]; then + cp -a /opt/configs/apache* /adei/cfg + fi +) 10> /adei/cfg/$LOCK_FILE + + +function ised { +#Creates temporary file in the file folder +# sed -i'' "$@" + + tmp=$(mktemp) + fn="${@: -1}" + echo $fn + sed "$@" > "$tmp" + cat "$tmp" > "$fn" + + rm -f "$tmp" +} + +#Keep 80 & 443 +#ised -re '/Listen/ { /(80|443)/!d }' /etc/apache2/listen.conf +#if [ -n "$ADEI_PORTS" ]; then +# for port in $ADEI_PORTS; do +# [ $port -eq 80 ] && continue +# [ $port -eq 443 ] && continue +# echo "Listen $port" >> /etc/apache2/listen.conf +# done +#fi + +if [ -n "$ADEI_PORTS" ]; then + echo -n "" > /etc/apache2/listen.conf + for port in $ADEI_PORTS; do + echo "Listen $port" >> /etc/apache2/listen.conf + done +fi + +if [ -n "$APACHE_SERVERS" -a "$APACHE_SERVERS" -ne 0 ]; then + if [ $APACHE_SERVERS -eq 1 ]; then + start=1 + limit=1 + min_spare=1 + max_spare=1 + elif [ $APACHE_SERVERS -lt 10 ]; then + start=$(($APACHE_SERVERS / 2)) + limit=$APACHE_SERVERS + min_spare=$start + max_spare=$limit + else + start=0 + limit=$APACHE_SERVERS + min_spare=0 + max_spare=0 + fi + [ $start -eq 0 ] || ised -re "s/StartServers(.*)/StartServers $start/" /etc/apache2/server-tuning.conf + [ $limit -eq 0 ] || ised -re "s/MaxClients(.*)/MaxClients $limit/" /etc/apache2/server-tuning.conf + [ $min_spare -eq 0 ] || ised -re "s/MinSpareServers(.*)/MinSpareServers $min_spare/" /etc/apache2/server-tuning.conf + [ $max_spare -eq 0 ] || ised -re "s/MaxSpareServers(.*)/MaxSpareServers $max_spare/" /etc/apache2/server-tuning.conf +fi + +rm -f /tmp/httpd.pid +/usr/sbin/apache2ctl start -D FOREGROUND diff --git a/adei/files/opt/scripts/run-cron.sh b/adei/files/opt/scripts/run-cron.sh new file mode 100755 index 0000000..11958b7 --- /dev/null +++ b/adei/files/opt/scripts/run-cron.sh @@ -0,0 +1,7 @@ +#! /bin/bash + +printenv | grep -v affinity:container | sed -r 's/^(.*)=("?)(.*)\2$/export \1="\3"/g' > /tmp/adei.env + +/opt/scripts/adei-branch.sh + +cron -n -m '/usr/bin/procmail -d root' -- cgit v1.2.1