diff --git a/README.md b/README.md index 20be33e..9392677 100644 --- a/README.md +++ b/README.md @@ -116,14 +116,15 @@ The following environment variables are supported: ## Initialization Scripts -If you would like to do additional initialization, add a directory called `/docker-custom-entrypoint.d/` and fill it with `.sh` scripts. +If you would like to do additional initialization, add a directory called `/container-custom-entrypoint.d/` and fill it with `.sh` scripts. -You can also create sub-directories in `/docker-custom-entrypoint.d/` for scripts that have to run at different stages. +You can also create sub-directories in `/container-custom-entrypoint.d/` for scripts that have to run at different stages. -- `/docker-custom-entrypoint.d/` - scripts that run after the default entrypoint scripts, but before the openvoxserver service is started. -- `/docker-custom-entrypoint.d/post-startup/` - scripts that run after the openvoxserver service is started. -- `/docker-custom-entrypoint.d/sigterm-handler/` - scripts that run when the container receives a SIGTERM signal. -- `/docker-custom-entrypoint.d/post-execution/` - scripts that run after the openvoxserver service has stopped. +- `/container-custom-entrypoint.d/pre-default/` - scripts that run before the default entrypoints scripts. +- `/container-custom-entrypoint.d/` - scripts that run after the default entrypoint scripts, but before the openvoxserver service is started. +- `/container-custom-entrypoint.d/post-startup/` - scripts that run after the openvoxserver service is started. +- `/container-custom-entrypoint.d/sigterm-handler/` - scripts that run when the container receives a SIGTERM signal. +- `/container-custom-entrypoint.d/post-execution/` - scripts that run after the openvoxserver service has stopped. ## Persistence diff --git a/openvoxserver/Containerfile b/openvoxserver/Containerfile index c00a996..2ca8989 100644 --- a/openvoxserver/Containerfile +++ b/openvoxserver/Containerfile @@ -70,12 +70,13 @@ ENV AUTOSIGN=true \ SSLDIR=/etc/puppetlabs/puppet/ssl \ USE_OPENVOXDB=true -COPY docker-entrypoint.sh \ +COPY container-entrypoint.sh \ + docker-entrypoint.sh \ healthcheck.sh \ Containerfile \ / -COPY docker-entrypoint.d /docker-entrypoint.d +COPY container-entrypoint.d /container-entrypoint.d COPY --from=builder /var/lib/gems/ /var/lib/gems/ COPY --from=builder /usr/local/bin/r10k /usr/local/bin/ @@ -86,7 +87,7 @@ RUN apt-get update && \ RUN groupadd -g ${OPENVOX_USER_GID} puppet && \ useradd -m -u ${OPENVOX_USER_UID} -g puppet puppet && \ - chmod +x /docker-entrypoint.sh /healthcheck.sh /docker-entrypoint.d/*.sh && \ + chmod +x /container-entrypoint.sh /docker-entrypoint.sh /healthcheck.sh /container-entrypoint.d/*.sh && \ apt-get update && \ apt-get upgrade -y && \ apt-get install -y \ @@ -120,5 +121,5 @@ HEALTHCHECK --interval=20s --timeout=15s --retries=12 --start-period=3m CMD ["/h # NOTE: this is just documentation on defaults EXPOSE 8140 -ENTRYPOINT ["dumb-init", "/docker-entrypoint.sh"] +ENTRYPOINT ["dumb-init", "/container-entrypoint.sh"] CMD ["foreground"] diff --git a/openvoxserver/Containerfile.alpine b/openvoxserver/Containerfile.alpine index 51c4486..0cc6323 100644 --- a/openvoxserver/Containerfile.alpine +++ b/openvoxserver/Containerfile.alpine @@ -164,14 +164,15 @@ COPY --from=build /etc/puppetlabs /etc/puppetlabs COPY --from=build /var/log/puppetlabs /var/log/puppetlabs COPY --from=build /var/run/puppetlabs /var/run/puppetlabs -COPY docker-entrypoint.sh \ +COPY container-entrypoint.sh \ + docker-entrypoint.sh \ healthcheck.sh \ Containerfile.alpine \ / COPY conf.d/product.conf /etc/puppetlabs/puppetserver/conf.d/ COPY conf.d/puppetserver.conf /etc/puppetlabs/puppetserver/conf.d/ -COPY docker-entrypoint.d /docker-entrypoint.d +COPY container-entrypoint.d /container-entrypoint.d COPY logback.xml /etc/puppetlabs/puppetserver/ COPY puppetdb.conf /var/tmp/puppet/ COPY puppetserver /etc/default/puppetserver @@ -210,7 +211,7 @@ RUN apk update \ && chmod 700 ${data_dir}/puppetserver/yaml \ && find /etc/puppetlabs/puppet/ssl -type d -print0 | xargs -0 chmod 770 \ && echo 'alias ll="ls -la --color=auto"' >> ~/.bashrc \ -&& chmod +x /docker-entrypoint.sh /healthcheck.sh /docker-entrypoint.d/*.sh \ +&& chmod +x /container-entrypoint.sh /docker-entrypoint.sh /healthcheck.sh /container-entrypoint.d/*.sh \ && mkdir -p /opt/puppetlabs/puppet/bin \ && ln -s /usr/bin/puppet /opt/puppetlabs/puppet/bin/puppet \ && ln -s /usr/bin/facter /opt/puppetlabs/puppet/bin/facter \ @@ -228,5 +229,5 @@ HEALTHCHECK --interval=20s --timeout=15s --retries=12 --start-period=3m CMD ["/h EXPOSE 8140 -ENTRYPOINT ["dumb-init", "/docker-entrypoint.sh"] +ENTRYPOINT ["dumb-init", "/container-entrypoint.sh"] CMD ["foreground"] diff --git a/openvoxserver/docker-entrypoint.d/20-use-templates-initially.sh b/openvoxserver/container-entrypoint.d/20-use-templates-initially.sh similarity index 100% rename from openvoxserver/docker-entrypoint.d/20-use-templates-initially.sh rename to openvoxserver/container-entrypoint.d/20-use-templates-initially.sh diff --git a/openvoxserver/docker-entrypoint.d/30-set-permissions.sh b/openvoxserver/container-entrypoint.d/30-set-permissions.sh similarity index 100% rename from openvoxserver/docker-entrypoint.d/30-set-permissions.sh rename to openvoxserver/container-entrypoint.d/30-set-permissions.sh diff --git a/openvoxserver/docker-entrypoint.d/40-update-puppetdb-conf.sh b/openvoxserver/container-entrypoint.d/40-update-puppetdb-conf.sh similarity index 100% rename from openvoxserver/docker-entrypoint.d/40-update-puppetdb-conf.sh rename to openvoxserver/container-entrypoint.d/40-update-puppetdb-conf.sh diff --git a/openvoxserver/docker-entrypoint.d/50-set-certname.sh b/openvoxserver/container-entrypoint.d/50-set-certname.sh similarity index 100% rename from openvoxserver/docker-entrypoint.d/50-set-certname.sh rename to openvoxserver/container-entrypoint.d/50-set-certname.sh diff --git a/openvoxserver/docker-entrypoint.d/55-set-masterport.sh b/openvoxserver/container-entrypoint.d/55-set-masterport.sh similarity index 100% rename from openvoxserver/docker-entrypoint.d/55-set-masterport.sh rename to openvoxserver/container-entrypoint.d/55-set-masterport.sh diff --git a/openvoxserver/docker-entrypoint.d/56-set-environmentpath.sh b/openvoxserver/container-entrypoint.d/56-set-environmentpath.sh similarity index 100% rename from openvoxserver/docker-entrypoint.d/56-set-environmentpath.sh rename to openvoxserver/container-entrypoint.d/56-set-environmentpath.sh diff --git a/openvoxserver/docker-entrypoint.d/57-set-hiera_config.sh b/openvoxserver/container-entrypoint.d/57-set-hiera_config.sh similarity index 100% rename from openvoxserver/docker-entrypoint.d/57-set-hiera_config.sh rename to openvoxserver/container-entrypoint.d/57-set-hiera_config.sh diff --git a/openvoxserver/docker-entrypoint.d/60-setup-autosign.sh b/openvoxserver/container-entrypoint.d/60-setup-autosign.sh similarity index 100% rename from openvoxserver/docker-entrypoint.d/60-setup-autosign.sh rename to openvoxserver/container-entrypoint.d/60-setup-autosign.sh diff --git a/openvoxserver/docker-entrypoint.d/70-set-dns-alt-names.sh b/openvoxserver/container-entrypoint.d/70-set-dns-alt-names.sh similarity index 100% rename from openvoxserver/docker-entrypoint.d/70-set-dns-alt-names.sh rename to openvoxserver/container-entrypoint.d/70-set-dns-alt-names.sh diff --git a/openvoxserver/docker-entrypoint.d/83-environment-cache.sh b/openvoxserver/container-entrypoint.d/83-environment-cache.sh similarity index 100% rename from openvoxserver/docker-entrypoint.d/83-environment-cache.sh rename to openvoxserver/container-entrypoint.d/83-environment-cache.sh diff --git a/openvoxserver/docker-entrypoint.d/84-enable_graphite.sh b/openvoxserver/container-entrypoint.d/84-enable_graphite.sh similarity index 58% rename from openvoxserver/docker-entrypoint.d/84-enable_graphite.sh rename to openvoxserver/container-entrypoint.d/84-enable_graphite.sh index fd506b4..19c576b 100755 --- a/openvoxserver/docker-entrypoint.d/84-enable_graphite.sh +++ b/openvoxserver/container-entrypoint.d/84-enable_graphite.sh @@ -2,10 +2,14 @@ set -e +# determine script location +readonly SCRIPT_FILENAME=$(readlink -f "${BASH_SOURCE[0]}") +readonly SCRIPT_PATH=$(dirname "$SCRIPT_FILENAME") + if [[ "$OPENVOXSERVER_GRAPHITE_EXPORTER_ENABLED" == "true" ]]; then if [[ -n "$OPENVOXSERVER_GRAPHITE_HOST" && -n "$OPENVOXSERVER_GRAPHITE_PORT" ]]; then echo "Enabling graphite exporter" - sed -e "s/GRAPHITE_HOST/$OPENVOXSERVER_GRAPHITE_HOST/" -e "s/GRAPHITE_PORT/$OPENVOXSERVER_GRAPHITE_PORT/" /docker-entrypoint.d/84-metrics.conf.tmpl > /etc/puppetlabs/puppetserver/conf.d/metrics.conf + sed -e "s/GRAPHITE_HOST/$OPENVOXSERVER_GRAPHITE_HOST/" -e "s/GRAPHITE_PORT/$OPENVOXSERVER_GRAPHITE_PORT/" "$SCRIPT_PATH/84-metrics.conf.tmpl" > /etc/puppetlabs/puppetserver/conf.d/metrics.conf else echo "ERROR: no OPENVOXSERVER_GRAPHITE_HOST or OPENVOXSERVER_GRAPHITE_PORT set." exit 99 diff --git a/openvoxserver/docker-entrypoint.d/84-metrics.conf.tmpl b/openvoxserver/container-entrypoint.d/84-metrics.conf.tmpl similarity index 100% rename from openvoxserver/docker-entrypoint.d/84-metrics.conf.tmpl rename to openvoxserver/container-entrypoint.d/84-metrics.conf.tmpl diff --git a/openvoxserver/docker-entrypoint.d/85-setup-storeconfigs.sh b/openvoxserver/container-entrypoint.d/85-setup-storeconfigs.sh similarity index 100% rename from openvoxserver/docker-entrypoint.d/85-setup-storeconfigs.sh rename to openvoxserver/container-entrypoint.d/85-setup-storeconfigs.sh diff --git a/openvoxserver/docker-entrypoint.d/88-add_cache_del_api_auth_rules.rb b/openvoxserver/container-entrypoint.d/88-add_cache_del_api_auth_rules.rb similarity index 100% rename from openvoxserver/docker-entrypoint.d/88-add_cache_del_api_auth_rules.rb rename to openvoxserver/container-entrypoint.d/88-add_cache_del_api_auth_rules.rb diff --git a/openvoxserver/container-entrypoint.d/88-enable-cache-delete-api.sh b/openvoxserver/container-entrypoint.d/88-enable-cache-delete-api.sh new file mode 100755 index 0000000..0976a7c --- /dev/null +++ b/openvoxserver/container-entrypoint.d/88-enable-cache-delete-api.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +set -e + +# determine script location +readonly SCRIPT_FILENAME=$(readlink -f "${BASH_SOURCE[0]}") +readonly SCRIPT_PATH=$(dirname "$SCRIPT_FILENAME") + +if [[ "$OPENVOXSERVER_ENABLE_ENV_CACHE_DEL_API" == true ]]; then + if [[ $(grep 'puppet-admin-api' /etc/puppetlabs/puppetserver/conf.d/auth.conf) ]]; then + echo "Admin API already set" + else + /opt/puppetlabs/puppet/bin/ruby "$SCRIPT_PATH/88-add_cache_del_api_auth_rules.rb" + fi +fi diff --git a/openvoxserver/docker-entrypoint.d/89-csr_attributes.rb b/openvoxserver/container-entrypoint.d/89-csr_attributes.rb similarity index 100% rename from openvoxserver/docker-entrypoint.d/89-csr_attributes.rb rename to openvoxserver/container-entrypoint.d/89-csr_attributes.rb diff --git a/openvoxserver/container-entrypoint.d/89-csr_attributes.sh b/openvoxserver/container-entrypoint.d/89-csr_attributes.sh new file mode 100755 index 0000000..08cab7a --- /dev/null +++ b/openvoxserver/container-entrypoint.d/89-csr_attributes.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +set -e + +# determine script location +readonly SCRIPT_FILENAME=$(readlink -f "${BASH_SOURCE[0]}") +readonly SCRIPT_PATH=$(dirname "$SCRIPT_FILENAME") + +if [ -n "${CSR_ATTRIBUTES}" ]; then + echo "CSR Attributes: ${CSR_ATTRIBUTES}" + /opt/puppetlabs/puppet/bin/ruby "$SCRIPT_PATH/89-csr_attributes.rb" +fi diff --git a/openvoxserver/docker-entrypoint.d/90-ca.sh b/openvoxserver/container-entrypoint.d/90-ca.sh similarity index 100% rename from openvoxserver/docker-entrypoint.d/90-ca.sh rename to openvoxserver/container-entrypoint.d/90-ca.sh diff --git a/openvoxserver/docker-entrypoint.d/99-log-config.sh b/openvoxserver/container-entrypoint.d/99-log-config.sh similarity index 100% rename from openvoxserver/docker-entrypoint.d/99-log-config.sh rename to openvoxserver/container-entrypoint.d/99-log-config.sh diff --git a/openvoxserver/container-entrypoint.sh b/openvoxserver/container-entrypoint.sh new file mode 100755 index 0000000..59b15b1 --- /dev/null +++ b/openvoxserver/container-entrypoint.sh @@ -0,0 +1,127 @@ +#!/bin/bash +# bash is required to pass ENV vars with dots as sh cannot + +set -o errexit # exit on any command failure; use `whatever || true` to accept failures + # use `if something; then` instead of `something; if [ $? -eq 0 ]; then` + # use `rv=0; something || rv=$?` if you really need the exact exit code +set -o pipefail # pipes fail when any command fails, not just the last one. Use: ( whatever || true ) | somethingelse +set -o nounset # exit on use of undeclared var, use `${possibly_undefined-}` to substitute the empty string in that case + # You can assign default values like this: + # `: ${possibly_undefined=default}` + # `: ${possibly_undefined_or_empty:=default}` will also replace an empty (but declared) value +# set -o xtrace + +pid=0 + +echoerr() { echo "$@" 1>&2; } + +echoerr "Entrypoint PID $$" + +# Generic execution function for custom handlers +# Usage: run_custom_handler [handler_name] +run_custom_handler() { + local CUSTOM_HANDLER_ROOT_DIRECTORY="" + local CUSTOM_HANDLER_DIRECTORY="" + local -a DIR_LIST=("/docker-custom-entrypoint.d" "/container-custom-entrypoint.d") + + for CUSTOM_HANDLER_ROOT_DIRECTORY in "${DIR_LIST[@]}"; do + if [ -d "${CUSTOM_HANDLER_ROOT_DIRECTORY}" ]; then + if [[ "${CUSTOM_HANDLER_ROOT_DIRECTORY}" == "/docker-custom-entrypoint.d" ]]; then + if [[ $# -eq 1 && "$1" == "pre-default" ]]; then + echoerr "DEPRECATED: Use /container-custom-entrypoint.d/ instead of /docker-custom-entrypoint.d/" + fi + fi + + if [[ $# -eq 0 || "$1" == "" ]]; then + CUSTOM_HANDLER_DIRECTORY=${CUSTOM_HANDLER_ROOT_DIRECTORY} + else + CUSTOM_HANDLER_DIRECTORY=${CUSTOM_HANDLER_ROOT_DIRECTORY}/$1 + fi + + if [ -d ${CUSTOM_HANDLER_DIRECTORY}/ ]; then + find ${CUSTOM_HANDLER_DIRECTORY}/ -type f -name "*.sh" \ + -exec chmod +x {} \; + sync + for f in ${CUSTOM_HANDLER_DIRECTORY}/*.sh; do + if [[ -f "$f" && -x $(realpath "$f") ]]; then + echo "Running $f" + "$f" + fi + done + fi + fi + done +} + +## Pre execution handler +pre_execution_handler() { + run_custom_handler pre-default + + if [ -d /container-entrypoint.d ]; then + echoerr "DEPRECATED: Use /container-entrypoint.d/ instead of /docker-entrypoint.d/" + for f in /docker-entrypoint.d/*.sh; do + echo "Running $f" + "$f" + done + fi + + for f in /container-entrypoint.d/*.sh; do + echo "Running $f" + "$f" + done + + run_custom_handler +} + +## Post startup handler +post_startup_handler() { + run_custom_handler post-startup +} + +## Post execution handler +post_execution_handler() { + run_custom_handler post-execution +} + +## Sigterm Handler +# shellcheck disable=SC2317 # function is called when the container receives a SIGTERM signal +sigterm_handler() { + echoerr "Catching SIGTERM" + if [ $pid -ne 0 ]; then + echoerr "sigterm_handler for PID '${pid}' triggered" + # the above if statement is important because it ensures + # that the application has already started. without it you + # could attempt cleanup steps if the application failed to + # start, causing errors. + run_custom_handler sigterm-handler + kill -15 "$pid" + wait "$pid" + post_execution_handler + fi + exit 143; # 128 + 15 -- SIGTERM +} + +## Setup signal trap +# on callback execute the specified handler +trap sigterm_handler SIGTERM + +## Initialization +pre_execution_handler + +## Start Process +echoerr "Starting Puppetserver" +# run process in background and record PID +/opt/puppetlabs/bin/puppetserver "$@" & +pid="$!" + +## Post Startup +post_startup_handler + +## Wait forever until app dies +wait "$pid" +return_code="$?" + +## Cleanup +post_execution_handler +# echo the return code of the application +exit $return_code diff --git a/openvoxserver/docker-entrypoint.d/88-enable-cache-delete-api.sh b/openvoxserver/docker-entrypoint.d/88-enable-cache-delete-api.sh deleted file mode 100755 index dbb4959..0000000 --- a/openvoxserver/docker-entrypoint.d/88-enable-cache-delete-api.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -set -e - -if [[ "$OPENVOXSERVER_ENABLE_ENV_CACHE_DEL_API" == true ]]; then - if [[ $(grep 'puppet-admin-api' /etc/puppetlabs/puppetserver/conf.d/auth.conf) ]]; then - echo "Admin API already set" - else - /opt/puppetlabs/puppet/bin/ruby /docker-entrypoint.d/88-add_cache_del_api_auth_rules.rb - fi -fi diff --git a/openvoxserver/docker-entrypoint.d/89-csr_attributes.sh b/openvoxserver/docker-entrypoint.d/89-csr_attributes.sh deleted file mode 100755 index 162b734..0000000 --- a/openvoxserver/docker-entrypoint.d/89-csr_attributes.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -set -e - -if [ -n "${CSR_ATTRIBUTES}" ]; then - echo "CSR Attributes: ${CSR_ATTRIBUTES}" - /opt/puppetlabs/puppet/bin/ruby /docker-entrypoint.d/89-csr_attributes.rb -fi diff --git a/openvoxserver/docker-entrypoint.sh b/openvoxserver/docker-entrypoint.sh index bb574ff..4257155 100755 --- a/openvoxserver/docker-entrypoint.sh +++ b/openvoxserver/docker-entrypoint.sh @@ -11,130 +11,7 @@ set -o nounset # exit on use of undeclared var, use `${possibly_undefined-}` to # `: ${possibly_undefined_or_empty:=default}` will also replace an empty (but declared) value # set -o xtrace -pid=0 - echoerr() { echo "$@" 1>&2; } -echoerr "Entrypoint PID $$" - -## Pre execution handler -pre_execution_handler() { - if [ -d /docker-custom-entrypoint.d/ ]; then - if [ -d /docker-custom-entrypoint.d/pre-default/ ]; then - find /docker-custom-entrypoint.d/pre-default/ -type f -name "*.sh" \ - -exec chmod +x {} \; - sync - for f in /docker-custom-entrypoint.d/pre-default/*.sh; do - if [[ -f "$f" && -x $(realpath "$f") ]]; then - echo "Running $f" - "$f" - fi - done - fi - fi - - for f in /docker-entrypoint.d/*.sh; do - echo "Running $f" - "$f" - done - - if [ -d /docker-custom-entrypoint.d/ ]; then - find /docker-custom-entrypoint.d/ -type f -name "*.sh" \ - -exec chmod +x {} \; - sync - for f in /docker-custom-entrypoint.d/*.sh; do - if [[ -f "$f" && -x $(realpath "$f") ]]; then - echo "Running $f" - "$f" - fi - done - fi -} - -## Post startup handler -post_startup_handler() { - if [ -d /docker-custom-entrypoint.d/ ]; then - if [ -d /docker-custom-entrypoint.d/post-startup/ ]; then - find /docker-custom-entrypoint.d/post-startup/ -type f -name "*.sh" \ - -exec chmod +x {} \; - sync - for f in /docker-custom-entrypoint.d/post-startup/*.sh; do - if [[ -f "$f" && -x $(realpath "$f") ]]; then - echo "Running $f" - "$f" - fi - done - fi - fi -} - -## Post execution handler -post_execution_handler() { - if [ -d /docker-custom-entrypoint.d/ ]; then - if [ -d /docker-custom-entrypoint.d/post-execution/ ]; then - find /docker-custom-entrypoint.d/post-execution/ -type f -name "*.sh" \ - -exec chmod +x {} \; - sync - for f in /docker-custom-entrypoint.d/post-execution/*.sh; do - if [[ -f "$f" && -x $(realpath "$f") ]]; then - echo "Running $f" - "$f" - fi - done - fi - fi -} - -## Sigterm Handler -sigterm_handler() { - echoerr "Catching SIGTERM" - if [ $pid -ne 0 ]; then - echoerr "sigterm_handler for PID '${pid}' triggered" - # the above if statement is important because it ensures - # that the application has already started. without it you - # could attempt cleanup steps if the application failed to - # start, causing errors. - if [ -d /docker-custom-entrypoint.d/ ]; then - if [ -d /docker-custom-entrypoint.d/sigterm-handler/ ]; then - find /docker-custom-entrypoint.d/sigterm-handler/ -type f -name "*.sh" \ - -exec chmod +x {} \; - sync - for f in /docker-custom-entrypoint.d/sigterm-handler/*.sh; do - if [[ -f "$f" && -x $(realpath "$f") ]]; then - echo "Running $f" - "$f" - fi - done - fi - fi - kill -15 "$pid" - wait "$pid" - post_execution_handler - fi - exit 143; # 128 + 15 -- SIGTERM -} - -## Setup signal trap -# on callback execute the specified handler -trap sigterm_handler SIGTERM - -## Initialization -pre_execution_handler - -## Start Process -echoerr "Starting Puppetserver" -# run process in background and record PID -/opt/puppetlabs/bin/puppetserver "$@" & -pid="$!" - -## Post Startup -post_startup_handler - -## Wait forever until app dies -wait "$pid" -return_code="$?" - -## Cleanup -post_execution_handler -# echo the return code of the application -exit $return_code +echoerr "DEPRECATED: Use /container-entrypoint.sh instead of /docker-entrypoint.sh" +exec ./container-entrypoint.sh "$@"