safebox/proxy-scheduler
7
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Major changes in mainline functions, new file cretated.

Browse Source
This commit is contained in:
Gyorgy Berenyi
2021-07-02 20:30:56 +00:00
parent 58ec63c882
commit 0bb748f2d9
4 changed files with 207 additions and 185 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
scripts/check_certificates.sh
View File

@@ -5,9 +5,13 @@
LETSENCRYPT_URL=$LETSENCRYPT_URL LETSENCRYPT_URL=$LETSENCRYPT_URL
DOMAIN_DIR=$DOMAIN_DIR DOMAIN_DIR=$DOMAIN_DIR
DOMAIN=$1 DOMAIN=$1
CERT_DIR=$CERT_DIR/$DOMAIN DOMAIN_CERT_DIR=$CERT_DIR/$DOMAIN
service_exec="docker run --rm -v /etc/user/config/services/:/services/:ro -v /var/run/docker.sock:/var/run/docker.sock -v /usr/bin/docker:/usr/bin/docker:ro registry.format.hu/setup /scripts/service-exec" service_exec="docker run --rm \
-v /etc/user/config/user.json:/etc/user/config/user.json:ro \
-v /etc/user/config/services/:/services/:ro \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /usr/bin/docker:/usr/bin/docker:ro registry.format.hu/setup /scripts/service-exec"
letsencrypt_certificates() { letsencrypt_certificates() {
$service_exec /services/letsencrypt.json start $service_exec /services/letsencrypt.json start
@@ -16,24 +20,24 @@ $service_exec /services/letsencrypt.json start
create_self_signed_certificate() { create_self_signed_certificate() {
# generate dhparam file # generate dhparam file
openssl dhparam -dsaparam -out $CERT_DIR/dhparam.pem 4096 openssl dhparam -dsaparam -out $DOMAIN_CERT_DIR/dhparam.pem 4096;
# generate key # generate key
openssl req -x509 -newkey rsa:4096 -keyout $CERT_DIR/key.pem -out $CERT_DIR/fullchain.pem -days 365 -sha256 -nodes -subj "/CN=$DOMAIN" openssl req -x509 -newkey rsa:4096 -keyout $DOMAIN_CERT_DIR/key.pem -out $DOMAIN_CERT_DIR/cert.pem -days 365 -sha256 -nodes -subj "/CN=$DOMAIN";
cp -a $DOMAIN_CERT_DIR/cert.pem $DOMAIN_CERT_DIR/fullchain.pem;
} }
if [ ! -d "$DOMAIN_CERT_DIR" ]; then
if [[ "$(ls $CERT_DIR)" == "" ]]; then
echo "$DOMAIN not contains certificates, creates new." echo "$DOMAIN not contains certificates, creates new."
mkdir -p $CERT_DIR; mkdir -p $DOMAIN_CERT_DIR;
CURL_CHECK="curl -s -o /dev/null -w "%{http_code}" https://$LETSENCRYPT_URL"; CURL_CHECK="curl -s -o /dev/null -w "%{http_code}" https://$LETSENCRYPT_URL";
if [[ "$(eval $CURL_CHECK)" != "200" ]] ; then if [[ "$(eval $CURL_CHECK)" != "200" ]] ; then
create_self_signed_certificate; create_self_signed_certificate;
fi fi
else else
file="$CERT_DIR/letsencrypt" file="$DOMAIN_CERT_DIR/letsencrypt"
{ {
echo "{ \"DOMAIN\": \"$DOMAIN\" }" echo "{ \"DOMAIN\": \"$DOMAIN\" }"
} >> "$file" } >> "$file"

164
scripts/check_proxy_state.sh Executable file
View File

@@ -0,0 +1,164 @@
# Initial parameters
DATE=`date +%F-%H-%M-%S`
TIMEOUT=$TIMEOUT
RESTART=$RESTART
RESTART_COUNTER=0
# Set env variables
PROXY_SERVICE_FILE=$PROXY_SERVICE_FILE
ROLE=$ROLE
SERVICE_NAME=$SERVICE_NAME
service_exec="docker run --rm -v /etc/user/config/services/:/services/:ro -v /var/run/docker.sock:/var/run/docker.sock -v /usr/bin/docker:/usr/bin/docker:ro registry.format.hu/setup /scripts/service-exec"
do_proxy_restart() {
local NAMES="$1"
for proxies in $NAMES ; do
docker stop $proxies;
sleep $TIMEOUT;
$service_exec $SERVICE_NAME.containers.$proxies start
if docker ps | grep $proxies ; then
if [ -z "$DOMAIN" ] ; then
echo "$proxies restarted successful";
else
check_domain;
fi
else
PROXY_NAME=$proxies
for retries in $(seq 0 $((RESTART + 1))); do
if [[ $retries -le $RESTART ]] ; then
echo "Proxy "$PROXY_NAME" restarting in progress";
docker stop $proxies;
sleep $TIMEOUT;
$service_exec $SERVICE_NAME.containers.$PROXY_NAME start
if docker ps | grep $PROXY_NAME ; then
echo "$PROXY_NAME restarted successful";
else
echo "Restarting number is only: "$retries" so try again"
sleep $TIMEOUT;
fi
else
echo "Reached retrying limit: "$RESTART" ,giving up, starting recocer previous state"
recover_process;
fi
done
fi
done
}
check_domain() {
echo "Checking $DOMAIN name";
CURL_CHECK="curl -s -o /dev/null -w "%{http_code}" https://$DOMAIN";
if [[ "$(eval $CURL_CHECK)" == "200" ]] ; then
echo "$proxies restarted successful";
else
send_error_msg;
fi
}
recover_process() { echo "Recovering previous state"
}
send_error_msg () { echo "Sending error messages"
}
check_proxy_state() {
# Set restart counter to zero
CONTAINER_NAMES="";
CONTAINERS_BY_ROLE=0
RUNNING_CONTAINERS=0
# Check services with running containers by roles
for CONTAINER in $(jq -r --arg ROLE $ROLE '.containers[] | select(.ROLES==$ROLE)' $PROXY_SERVICE_FILE | jq -r .NAME) ; do
CONTAINERS_BY_ROLE=$((CONTAINERS_BY_ROLE +1))
UP=$(docker ps | grep $CONTAINER | grep Up | wc -l)
RUNNING_CONTAINERS=$((RUNNING_CONTAINERS + UP))
CONTAINERS=$CONTAINERS" "$CONTAINER;
if [[ "$UP" != 0 ]]; then
CONTAINER_NAMES=$CONTAINER_NAMES" "$CONTAINER;
fi;
done;
# The roles numbers and the running containers numbers are equal or greater than 2
if [[ "$RUNNING_CONTAINERS" == "$CONTAINERS_BY_ROLE" || "$RUNNING_CONTAINERS" -ge 2 ]] ; then
echo "Starting proxy restart process";
do_proxy_restart "$CONTAINER_NAMES";
# In case of no running proxies found, try to start the service
elif [[ "$RUNNING_CONTAINERS" -eq 0 ]] ; then
echo "No running proxies found, starting all";
$service_exec /services/$SERVICE_NAME.json start;
for proxies in $CONTAINERS ; do
if docker ps | grep $proxies ; then
echo "$proxies started successful";
else
echo "$proxies starting was unsuccesful"
fi
done
# In case of only one running proxy found, try to start the others of the service
elif [[ "$RUNNING_CONTAINERS" -eq 1 ]] ; then
echo "Only one running proxy found, starting all of the others";
for proxies in $CONTAINERS ; do
if [[ $proxies != $CONTAINER_NAMES ]] ; then
echo "No running containers: "$proxies" found.";
$service_exec $SERVICE_NAME.containers.$proxies start;
if docker ps | grep $proxies ; then
echo "$proxies started successful";
else
echo "$proxies starting was unsuccesful";
fi
else
ONLY_RUNNING_PROXY_NAME=$proxies;
fi
done
# At last need to restart the only one running proxy when the others started successful.
for CHECK_PROXIES in $CONTAINERS ; do
if [[ $CHECK_PROXIES != $ONLY_RUNNING_PROXY_NAME ]] ; then
if docker ps | grep $CHECK_PROXIES ; then
echo "Not running proxies successfuly started, let's start the only running one.";
do_proxy_restart $ONLY_RUNNING_PROXY_NAME;
else
echo "Not enough running proxies found, can't start the only running one.";
fi
fi
done
# sleep $TIMEOUT;
# RESTART_COUNTER=$((RESTART_COUNTER +1))
#
# echo "RUNNING CONTAINERS: "$RUNNING_CONTAINERS;
#
# if [[ "$RESTART_COUNTER" -le "$RESTART" ]] ; then
# echo "ELSE: check proxy state";
# check_proxy_state;
# else
# recover_process;
# fi
# for CONTAINER in `echo $CONTAINER_NAMES`; do
# done;
fi
} # end of check_proxy_state
# call method
check_proxy_state

12
scripts/nginx_config_create.sh
View File

@@ -3,11 +3,10 @@
cd /proxy_config cd /proxy_config
DOMAIN=$1 DOMAIN=$1
DEL=$2 if [ -n "$2" ]; then
if [[ $DEL != "" ]]; then
echo "$DOMAIN DELETED"; echo "$DOMAIN DELETED";
rm $DOMAIN.conf; rm $DOMAIN.conf;
exit 0; exit;
fi fi
DOMAIN_SOURCE=/domains/$DOMAIN DOMAIN_SOURCE=/domains/$DOMAIN
@@ -24,11 +23,12 @@ ERROR_PAGE=$(jq -r .ERROR_PAGE $DOMAIN_SOURCE)
# check whether certificates exist or not # check whether certificates exist or not
if [ $HTTPS_PORT != "" ]; then if [[ $HTTPS_PORT != "" ]]; then
/scripts/check_certificates.sh "$DOMAIN"; /scripts/check_certificates.sh "$DOMAIN";
fi fi
echo $DOMAIN; echo "3";
echo "created domain name: "$DOMAIN;
file="/tmp/$DOMAIN.conf" file="/tmp/$DOMAIN.conf"
@@ -36,7 +36,7 @@ file="/tmp/$DOMAIN.conf"
{ {
if [ $HTTP_PORT != "" ]; then if [[ $HTTP_PORT != "" ]]; then
echo "server { echo "server {
listen $HTTP_PORT; listen $HTTP_PORT;
server_name $DOMAIN_NAME; server_name $DOMAIN_NAME;

192
scripts/scheduler.sh
View File

@@ -1,176 +1,19 @@
#!/bin/sh #!/bin/sh
service_exec="docker run --rm -v /etc/user/config/services/:/services/:ro -v /var/run/docker.sock:/var/run/docker.sock -v /usr/bin/docker:/usr/bin/docker:ro registry.format.hu/setup /scripts/service-exec"
# Initial parameters # Initial parameters
DATE=`date +%F-%H-%M-%S` DATE=`date +%F-%H-%M-%S`
TIMEOUT=$TIMEOUT
RESTART=$RESTART
RESTART_COUNTER=0
# Set env variables # Set env variables
DOMAIN_DIR=$DOMAIN_DIR
DOMAIN_DIR=$DOMAIN_DIR CERT_DIR=$CERT_DIR
CERT_DIR=$CERT_DIR PROXY_CONFIG_DIR=$PROXY_CONFIG_DIR
PROXY_SERVICE_FILE=$PROXY_SERVICE_FILE
PROXY_CONFIG_DIR=$PROXY_CONFIG_DIR
ROLE=$ROLE
SERVICE_NAME=$SERVICE_NAME
do_proxy_restart() {
local NAMES="$1"
for proxies in $NAMES ; do
docker stop $proxies;
sleep $TIMEOUT;
$service_exec $SERVICE_NAME.containers.$proxies start
if docker ps | grep $proxies ; then
if [ -z "$DOMAIN" ] ; then
echo "$proxies restarted successful";
else
check_domain;
fi
else
PROXY_NAME=$proxies
for retries in $(seq 0 $((RESTART + 1))); do
if [[ $retries -le $RESTART ]] ; then
echo "Proxy "$PROXY_NAME" restarting in progress";
docker stop $proxies;
sleep $TIMEOUT;
$service_exec $SERVICE_NAME.containers.$PROXY_NAME start
if docker ps | grep $PROXY_NAME ; then
echo "$PROXY_NAME restarted successful";
else
echo "Restarting number is only: "$retries" so try again"
sleep $TIMEOUT;
fi
else
echo "Reached retrying limit: "$RESTART" ,giving up, starting recocer previous state"
recover_process;
fi
done
fi
done
}
check_domain() { echo "Checking $DOMAIN name";
CURL_CHECK="curl -s -o /dev/null -w "%{http_code}" https://$DOMAIN";
if [[ "$(eval $CURL_CHECK)" == "200" ]] ; then
echo "$proxies restarted successful";
else
send_error_msg;
fi
}
recover_process() { echo "Recovering previous state"
}
send_error_msg () { echo "Sending error messages"
}
check_proxy_state() {
# Set restart counter to zero
CONTAINER_NAMES="";
CONTAINERS_BY_ROLE=0
RUNNING_CONTAINERS=0
# Check services with running containers by roles
for CONTAINER in $(jq -r --arg ROLE $ROLE '.containers[] | select(.ROLES==$ROLE)' $PROXY_SERVICE_FILE | jq -r .NAME) ; do
CONTAINERS_BY_ROLE=$((CONTAINERS_BY_ROLE +1))
UP=$(docker ps | grep $CONTAINER | grep Up | wc -l)
RUNNING_CONTAINERS=$((RUNNING_CONTAINERS + UP))
CONTAINERS=$CONTAINERS" "$CONTAINER;
if [[ "$UP" != 0 ]]; then
CONTAINER_NAMES=$CONTAINER_NAMES" "$CONTAINER;
fi;
done;
# The roles numbers and the running containers numbers are equal or greater than 2
if [[ "$RUNNING_CONTAINERS" == "$CONTAINERS_BY_ROLE" || "$RUNNING_CONTAINERS" -ge 2 ]] ; then
echo "Starting proxy restart process";
do_proxy_restart "$CONTAINER_NAMES";
# In case of no running proxies found, try to start the service
elif [[ "$RUNNING_CONTAINERS" -eq 0 ]] ; then
echo "No running proxies found, starting all";
$service_exec /services/$SERVICE_NAME.json start;
for proxies in $CONTAINERS ; do
if docker ps | grep $proxies ; then
echo "$proxies started successful";
else
echo "$proxies starting was unsuccesful"
fi
done
# In case of only one running proxy found, try to start the others of the service
elif [[ "$RUNNING_CONTAINERS" -eq 1 ]] ; then
echo "Only one running proxy found, starting all of the others";
for proxies in $CONTAINERS ; do
if [[ $proxies != $CONTAINER_NAMES ]] ; then
echo "No running containers: "$proxies" found.";
$service_exec $SERVICE_NAME.containers.$proxies start;
if docker ps | grep $proxies ; then
echo "$proxies started successful";
else
echo "$proxies starting was unsuccesful";
fi
else
ONLY_RUNNING_PROXY_NAME=$proxies;
fi
done
# At last need to restart the only one running proxy when the others started successful.
for CHECK_PROXIES in $CONTAINERS ; do
if [[ $CHECK_PROXIES != $ONLY_RUNNING_PROXY_NAME ]] ; then
if docker ps | grep $CHECK_PROXIES ; then
echo "Not running proxies successfuly started, let's start the only running one.";
do_proxy_restart $ONLY_RUNNING_PROXY_NAME;
else
echo "Not enough running proxies found, can't start the only running one.";
fi
fi
done
# sleep $TIMEOUT;
# RESTART_COUNTER=$((RESTART_COUNTER +1))
#
# echo "RUNNING CONTAINERS: "$RUNNING_CONTAINERS;
#
# if [[ "$RESTART_COUNTER" -le "$RESTART" ]] ; then
# echo "ELSE: check proxy state";
# check_proxy_state;
# else
# recover_process;
# fi
# for CONTAINER in `echo $CONTAINER_NAMES`; do
# done;
fi
}
# Triggers by certificate or proxy config changes # Triggers by certificate or proxy config changes
unset IFS unset IFS
inotifywait --exclude .sw -m -e CREATE,CLOSE_WRITE,CLOSE,DELETE -r $DOMAIN_DIR $CERT_DIR $PROXY_CONFIG_DIR | \ inotifywait --exclude .sw -m -e CREATE,CLOSE_WRITE,DELETE -r $DOMAIN_DIR $CERT_DIR $PROXY_CONFIG_DIR | \
while read dir op file while read dir op file
do do
@@ -178,16 +21,24 @@ do
parent="/"$(echo $dir|cut -d / -f2) parent="/"$(echo $dir|cut -d / -f2)
if [[ "${parent}" == "${CERT_DIR}" && "${op}" == "CREATE,CLOSE_WRITE,CLOSE" ]]; then if [[ "${parent}" == "${CERT_DIR}" && "${op}" == "CLOSE_WRITE,CLOSE" ]] ; then
DOMAIN=$(echo $dir|cut -d / -f3); DOMAIN=$(echo $dir|cut -d / -f3);
echo "file: "$file; if [ -f "$CERT_DIR/new_certificate" ]; then
echo "New cert created: '$DOMAIN'"; echo "New cert created: '$DOMAIN'";
#check_proxy_state; echo "newcert check proxy";
/scripts/check_proxy_state.sh;
fi
elif [[ "${parent}" == "${PROXY_CONFIG_DIR}" && "${op}" == "CLOSE_WRITE,CLOSE" ]] || \ elif [[ "${parent}" == "${PROXY_CONFIG_DIR}" && "${op}" == "CLOSE_WRITE,CLOSE" ]]; then
[[ "${parent}" == "${PROXY_CONFIG_DIR}" && "${op}" == "DELETE" ]] ; then echo "proxy config created, changed ";
echo "proxy config created, changed or deleted"; /scripts/check_proxy_state.sh;
check_proxy_state;
elif [[ "${parent}" == "${PROXY_CONFIG_DIR}" && "${op}" == "DELETE" ]] ; then
echo "proxy config deleted";
FILE=$(echo $file)
if [ ! -f "$PROXY_CONFIG_DIR/$FILE" ]; then
/scripts/check_proxy_state.sh;
fi
elif [[ "${parent}" == "${DOMAIN_DIR}" && "${op}" == "CLOSE_WRITE,CLOSE" ]]; then elif [[ "${parent}" == "${DOMAIN_DIR}" && "${op}" == "CLOSE_WRITE,CLOSE" ]]; then
DOMAIN=$(echo $file); DOMAIN=$(echo $file);
@@ -197,7 +48,10 @@ do
elif [[ "${parent}" == "${DOMAIN_DIR}" && "${op}" == "DELETE" ]] ; then elif [[ "${parent}" == "${DOMAIN_DIR}" && "${op}" == "DELETE" ]] ; then
DOMAIN=$(echo $file); DOMAIN=$(echo $file);
echo "domain deleted"; echo "domain deleted";
if [ ! -f "$DOMAIN_DIR/$DOMAIN" ]; then
/scripts/nginx_config_create.sh "$DOMAIN" "DEL"; /scripts/nginx_config_create.sh "$DOMAIN" "DEL";
fi fi
fi
done done