view docker/libervia_cont.sh @ 163:a63f6d360326

ajout du compte rendu de l'AG 2019
author Goffi <goffi@goffi.org>
date Wed, 20 May 2020 18:55:03 +0200
parents 37e100fd30ef
children
line wrap: on
line source

#!/bin/sh

# Libervia container manager
# Copyright (C) 2014-2016 Jérôme Poisson (goffi@goffi.org)

# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.

# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.

# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

VERSION="0.3.0"
APP_NAME="Libervia"
ACCOUNT="salutatoi"

# environment variables that can be used for configuration:
# SAT_CONT_TLS_DIR for TLS certificates directory
# SAT_CONT_DOMAIN for the host name
# SAT_CONT_BACKUP_DIR is the directory where tar.gz backup will be written
# SAT_CONT_DK_EXTRA is used for extra options (used with all containers but sat_data)
# SAT_CONT_PORT_<port> is used to specify port when -p is used, <port> must be an exposed port

CONTAINERS="prosody sat_pubsub salut sat libervia"
TEST_CONT="libervia" # container used to test status
MAINT_CONT="debian:jessie" # container used for maintenance

DK_DETACH="-d"
DK_TERM="-ti"

VOLUME_NAME="data"
VOLUME_CONT="$ACCOUNT/$VOLUME_NAME"
VOLUME_ALIAS="sat_data"
DK_VOLUME="--volumes-from $VOLUME_ALIAS"

PUBLIC=0

PROSODY_PORTS="5222 5269 5280 5281"
PORT_5222_NAME="XMPP client to server"
PORT_5269_NAME="XMPP server to server"
PORT_5280_NAME="HTTP Upload"
PORT_5281_NAME="HTTP Upload (HTTPS)"
SAT_PORTS="10143 10125"
PORT_10143_NAME="IMAP server"
PORT_10125_NAME="SMTP server"
LIBERVIA_PORTS="8080 8443"
PORT_8080_NAME="HTTP"
PORT_8443_NAME="HTTPS"
NO_PORT="No public port"

DOCKER_EXE="docker"

USAGE="Usage: $0 [start|stop|restart|status|update|backup|restore|ports|config|stats] [ARGS...]"

HELP_SITE="https://wiki.goffi.org/wiki/Docker/en"
HELP_MUC="sat@chat.jabberfr.org"

CONT_CERT_DIR="/usr/share/sat/certificates"
DEFAULT_TMP_DIR="/tmp/tmp_sat_docker"

eprintf()
{
   >&2 printf "$@"
}

get_dyn_var() {
    # get dynamicly variable based on given name

    name=$1
    var_type=$2
    name_upp=$(echo "$name" | tr '[:lower:]' '[:upper:]')
    case $var_type in
        ports) eval echo "\$${name_upp}_PORTS";;
        port_name) eval echo "\$PORT_${name_upp}_NAME";;
    esac
}

list_ports() {
    # list used ports in currently running containers

    for cont in $CONTAINERS; do
        # we get variable name with uppercase container name
        # some magic to get the ports
        ports=$(get_dyn_var $cont ports)

        [ -n "$ports" ] && printf "== $cont ==\n\n"

        for port in $ports; do
            # some magic to get port human readable name
            port_name=$(get_dyn_var $port port_name)
            real_port=$(docker port $cont $port 2>&1)
            if [ $? -ne 0 ]; then
                real_port=$NO_PORT
            fi

            # we now show the ports with nice alignment
            desc="port $port ($port_name):"
            nb_tabs=$((5-${#desc}/8))
            printf "$desc"
            for i in $(seq $nb_tabs); do
                printf "\t"
            done
            printf "$real_port\n"
        done
        [ -n "$ports" ] && printf '\n'
    done
}

public_ports_arg() {
    # create Docker arg to have public ports corresponding to container ports

    if [ $PUBLIC -ne 1 ]; then
        return
    fi
    cont=$1
    ports=$(get_dyn_var $cont ports)
    ARG=""
    for port in $ports; do
        host_port=$(eval echo "\$SAT_CONT_PORT_${port}")
        if [ -z "$host_port" ]; then
            host_port=$port
        fi
        if [ "$host_port" != 0 ]; then
            ARG="$ARG -p $host_port:$port"
        fi
    done
    echo $ARG
}

download_missing() {
    # download images wich are not present locally
    for cont in $CONTAINERS $VOLUME_NAME; do
        image="$ACCOUNT/$cont"
        docker inspect $image:latest > /dev/null 2>&1
        if [ $? -ne 0 ]; then
            printf "$image is not present locally, downloading it\n"
            docker pull $image:latest
            if [ $? -eq 0 ]; then
                printf "\nDownload of latest $image finished\n\n"
            else
                eprintf "\nError while downloading $image, please check your connection and logs\n"
                return 1
            fi
        fi
    done
}

check_docker() {
    which $DOCKER_EXE > /dev/null 2>&1
    if [ $? -ne 0 ]; then
        printf "Docker is not installed or not accessible, please install it.\nYou can check $HELP_SITE for instructions\n"
        return 1
    fi
}

check_docker_version() {
    # check if current docker version is greater than or equal to the requested one
    wanted_major=$1
    wanted_minor=$2
    wanted_rev=$3
    raw=$(docker --version | grep -o '\([0-9]\+\)\.[0-9]\+\.[0-9]\+')
    docker_major=$(echo "$raw" |  cut -d . -f 1)
    docker_minor=$(echo "$raw" |  cut -d . -f 2)
    docker_rev=$(echo "$raw" |  cut -d . -f 3)
    for name in major minor rev; do
        docker_val=$(eval echo \$docker_$name)
        wanted_val=$(eval echo \$wanted_$name)
        if [ $docker_val -gt $wanted_val ]; then
            return 0
        fi
        if [ $docker_val -lt $wanted_val ]; then
            return 1
        fi
    done

    # wanted version and docker version are the same
    return 0
}

parse_run_args() {
    # manage arguments for run command

    while [ $# -gt 0 ]; do
        case "$1" in

            -h|--help)
                cat << OPT_END
options available for the run command:

-h, --help                      display this help message
-p, --public                    publish using true ports
-d DOMAIN, --domain DOMAIN      use DOMAIN as domain name
OPT_END
                exit 0
                ;;

            -d|--domain)
                shift
                if [ $# -eq 0 ]; then
                    printf "no domain given, --domain must be followed by a domain\n"
                    exit 1
                fi
                SAT_CONT_DOMAIN="$1"
                shift
                ;;

            -p|--public)
                shift
                PUBLIC=1
                ;;

            *)  printf "Invalid argument, please check \"$0 run --help\"\n"
                exit 1
                ;;
        esac
    done
}

check_docker || exit 1

if [ $# -ge 1 ];then
    case $1 in
        start) CMD=START;;
        stop) CMD=STOP;;
        restart) CMD=RESTART;;
        status) CMD=STATUS;;
        update) CMD=UPDATE;;
        backup) CMD=BACKUP;;
        restore) CMD=RESTORE;;
        ports) CMD=PORTS;;
        config) CMD=CONFIG;;
        stats) CMD=STATS;;
        -v|--version) printf "$VERSION\n"; exit 0;;
        -h|--help) printf "$USAGE\n\nYou can check $HELP_SITE for instructions, or go to $HELP_MUC XMPP MUC room for help\n"; exit 0;;
        *) echo $USAGE
           exit 1
    esac
    shift
else
    CMD=START
fi

case $CMD in
    START)
        parse_run_args "$@"
        download_missing || exit 1

        printf "Running data container... "
        # we use -d even if data container doesn't stay in background to get id of the container
        docker_id=$(docker run -d --name $VOLUME_ALIAS $VOLUME_CONT 2>&1)
        if [ $? -eq 0 ]; then
            printf "OK ($docker_id)\n"
        else
            echo $docker_id | grep Conflict > /dev/null 2>&1
            if [ $? -eq 0 ]; then
                printf "A data container already exists ($VOLUME_ALIAS), use \"docker ps -a\" to see it\n"
            else
                eprintf "Error, please check data volume\nerror message: $docker_id\n"
                exit 1
            fi
        fi
        printf "\nRunning Libervia\n\n"
        # we first check if we need to mount TLS directory
        if [ -n "$SAT_CONT_TLS_DIR" ]; then
            printf "$SAT_CONT_TLS_DIR will be used for TLS certificate\n"
            DK_TLS="--volume=$SAT_CONT_TLS_DIR:$CONT_CERT_DIR"
        fi
        for CONT in $CONTAINERS; do
            case $CONT in
                prosody) OPTS="$DK_DETACH $DK_TERM $DK_VOLUME $DK_TLS $(public_ports_arg $CONT) --name prosody"
                         if [ -n "$SAT_CONT_DOMAIN" ]; then
                             OPTS="-e DOMAIN=$SAT_CONT_DOMAIN $OPTS"
                         fi
                         ;;
                sat_pubsub) OPTS="$DK_DETACH $DK_TERM $DK_VOLUME --name sat_pubsub --link=prosody:prosody";;
                salut) OPTS="$DK_DETACH $DK_TERM $DK_VOLUME --name salut --link=prosody:prosody";;
                sat) OPTS="$DK_DETACH $DK_TERM $DK_VOLUME -P $(public_ports_arg $CONT) --name sat --link=prosody:prosody";;
                libervia) OPTS="$DK_DETACH $DK_TERM $DK_VOLUME --volumes-from sat $DK_TLS -P $(public_ports_arg $CONT) --name libervia --link=sat:sat";;
                *) eprintf "Unkown container $CONT\n"; exit 1
            esac
            printf "Launching $CONT... "
            docker_id=$(docker run $OPTS $SAT_CONT_DK_EXTRA $ACCOUNT/$CONT 2>&1)
            if [ $? -eq 0 ]; then
                printf "OK ($docker_id)\n"
            else
                eprintf "Error, please check container or ask help on XMPP MUC sat@chat.jabberfr.org\nerror message: $docker_id\n"
                eprintf "Abandon\n"
                exit 1
            fi
        done
        printf '\nLibervia is launched and should be reachable in a couple of seconds.\nYou can check logs with "docker logs -f libervia" (or any other container name).\n'
        printf "An \"admin\" account has been created, you can check its password on $VOLUME_ALIAS container, in file /home/sat/ADMIN_PWD. Config can be tuned on this container.\n"
        printf 'Below are the ports used to connect, you can go with your browser to Libervia HTTP(S) port.\n\n'
        list_ports
        ;;
    STOP)
        printf "stopping Libervia\n"
        REVERSED=""
        for CONT in $CONTAINERS; do
            REVERSED="$CONT $REVERSED"
        done;
        for CONT in $REVERSED; do
            printf "\nStopping container $CONT"
            docker stop $CONT > /dev/null 2>&1  || eprintf "... Error while stopping $CONT\n"
            printf "\rDeleting container $CONT"
            docker rm -v $CONT > /dev/null 2>&1 || eprintf "... Error while removing $CONT\n"
        done
        printf "\n"
        ;;
    RESTART)
        printf "restarting containers...\n"
        "$0" stop && "$0" start "$@"
        ;;
    STATUS)
        docker inspect $TEST_CONT > /dev/null 2>&1
        if [ $? -eq 0 ]; then
            printf "$APP_NAME is running"
            # we test the presence of "starting on xxxx" (where xxxx is one of the exposed ports)
            # this is not really reliable as ports can be changed in configuration
            # but in most case it should work OK
            PORTS_REGEX=$(get_dyn_var $TEST_CONT ports | sed 's/ /\\|/')
            docker logs $TEST_CONT | grep "starting on \($PORTS_REGEX\)" > /dev/null 2>&1
            if [ $? -ne 0 ]; then
                printf " but no server is started\n"
                exit 2
            fi
            printf "\n"
            exit 0
        else
            printf "$APP_NAME is not running\n"
            exit 1
        fi
        ;;
    UPDATE)
        printf "updating images...\n"
        errors=0
        for CONT in $CONTAINERS data; do
            printf "\n*** updating $CONT ***\n"
            docker pull $ACCOUNT/$CONT:latest
            if [ $? -ne 0 ]; then
                eprintf "\nError while updating $ACCOUNT/$CONT\n"
                errors=1
            fi
        done
        if [ $errors -eq 0 ]; then
            printf "\n\nImages are up-to-date\n"
        else
            eprintf "\n\nSome errors happened while updating images\n"
            exit 1
        fi
        ;;
    BACKUP)
        case $# in
            0) SAT_CONT_BACKUP_DIR="$(pwd)";;
            1) SAT_CONT_BACKUP_DIR="$1";;
            *) printf "syntaxe is $0 backup [backup_dir_absolute_path]\n[backup_dir_absolute_path] default to current working dir\n"
               exit 1
               ;;
        esac
        SAT_CONT_BACKUP_DIR=$(echo $SAT_CONT_BACKUP_DIR | sed 's%^\/*\|\/*$%\/%g') # we want to be sure that path starts and finishes with "/"
        filename="sat_data_backup_$(date '+%Y-%m-%d_%H:%M:%S').tar.gz"
        printf "backing up data container to ${SAT_CONT_BACKUP_DIR}${filename}\n\n"
        docker run --rm $DK_VOLUME -v "$SAT_CONT_BACKUP_DIR:/backup" $MAINT_CONT tar zcvf "/backup/$filename" -C / -h volumes
        if [ $? -eq 0 ]; then
            printf "\nBackup finished and available at ${SAT_CONT_BACKUP_DIR}${filename}\n"
        else
            eprintf "\nBackup Error !\n"
            exit 1
        fi
        ;;
    RESTORE)
        if [ $# -ne 1 ]; then
            printf "syntaxe is $0 restore <backup_file.tar.gz>\n"
            exit 1
        fi
        docker run --name $VOLUME_ALIAS $VOLUME_CONT > /dev/null 2>&1
        if [ $? -ne 0 ]; then
            eprintf "Can't create $VOLUME_ALIAS container.\n\
If you have an existing one, please remove it with \"docker rm -v $VOLUME_ALIAS\" (/!\\ it will remove *ALL* your data)\n\n\
Hint: you can also rename your current data container with \"docker rename $VOLUME_ALIAS new_container_name\"\n"
            exit 1
        fi

        printf "restoring $1 to $VOLUME_ALIAS container\n\n"
        HOST_BACKUP_DIR=$(dirname "$1")
        HOST_BACKUP_NAME=$(basename "$1")
        if [ $HOST_BACKUP_DIR = "." ]; then
            # workaround for a Docker bug (container crash if "." is used)
            HOST_BACKUP_DIR=$(pwd)
        fi
        docker run --rm $DK_VOLUME -v "$HOST_BACKUP_DIR:/backup" $MAINT_CONT tar zxvf "/backup/$HOST_BACKUP_NAME" -C / -h volumes
        if [ $? -eq 0 ]; then
            printf "\nRestore finished\n"
        else
            eprintf "\nRestore Error !\n"
            exit 1
        fi
        ;;
    PORTS)
        list_ports
        ;;
    CONFIG)
        case $# in
            0) CONF="libervia";;
            1) CONF="$1";;
            *) CONF="";;
        esac
        case $CONF in
            libervia)
               CONT_CONF_FILE="/home/sat/.config/sat/sat.conf"
               ;;
            prosody)
               CONT_CONF_FILE="/etc/prosody/prosody_sat_cfg/prosody.cfg.lua"
               ;;
            *) printf "\nPlease enter type of configuration to edit (libervia, prosody)\n"
               exit 1
               ;;
        esac

        HOST_CONF_FILE=$(basename $CONT_CONF_FILE)

        printf "\ngetting configuration for $CONF\n"
        # we copy config file to a temporary dit
        # then edit with $EDITOR and put it back

        TMP_DIR=$(mktemp -d 2>/dev/null)
        if [ $? -ne 0 ]; then
            TMP_DIR="$DEFAULT_TMP_DIR"
            mkdir -p "$TMP_DIR"
        fi

        docker cp "$VOLUME_ALIAS:$CONT_CONF_FILE" "$TMP_DIR/"
        "$EDITOR" "$TMP_DIR/$HOST_CONF_FILE"
        if [ $? -eq 0 -a -s "$TMP_DIR/$HOST_CONF_FILE" ]; then
            printf "updating configuration\n"
            check_docker_version 1 8 0
            if [ $? -eq 0 ]; then
                docker cp "$TMP_DIR/$HOST_CONF_FILE" "$VOLUME_ALIAS:$CONT_CONF_FILE"
            else
                eprintf "Old Docker version detected, using workaround, please update!\n"
                docker run --rm $DK_VOLUME -v "$TMP_DIR:/tmp_config" $MAINT_CONT /bin/cp -f "/tmp_config/$HOST_CONF_FILE" "$CONT_CONF_FILE"
            fi
            # "docker cp" copy file on container as root, if an option is available later to change this behaviour,
            # the following operation could be removed
            printf "ownership fix..."
            docker run --rm $DK_VOLUME $MAINT_CONT /bin/chown 1000:1000 "$CONT_CONF_FILE"
            printf "done\n"
        fi
        rm -rf "$TMP_DIR"
        ;;
    STATS)
        if [ -n "$1" -a "$1" != "--no-stream" ]; then
            printf "usage: $0 stats [--no-stream]\n"
            exit 1
        fi
        docker stats $1 $CONTAINERS
        ;;
    *) eprintf "Error: unknown command !"
       exit 2
esac