colben/docker
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
colben 2024-10-28 19:59:39 +08:00
parent a05f3e15eb
commit 4dc7551228
10 changed files with 575 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
greatsql/ADD/ccmd Executable file
View File

@ -0,0 +1,100 @@
#!/bin/bash
##################################################
# Mount file #
# - /etc/my.cnf #
# Mount dir #
# - LOG_DIR #
# - DATA_DIR #
# - BINLOG_DIR #
##################################################
set -euo pipefail
export LANG=en_US.UTF-8
export LD_PRELOAD=/usr/lib64/libjemalloc.so
export THP_SETTING=
trap Quit EXIT
PIDS=
GOT_SIGTERM=
LOG_DIR='/var/log/mysql'
DATA_DIR='/var/lib/mysql'
BINLOG_DIR='/var/lib/mysql-bin'
SOCK_FILE='/run/mysqld/mysqld.sock'
PID_FILE='/run/mysqld/mysqld.pid'
INIT_FLAG=
function Print {
local file=/dev/null
[ '-f' = "$1" ] && file=$2 && shift && shift
date +"[%F %T] $*" | tee -a $file
}
function Quit {
Print killing greatsql ...
mysqladmin shutdown || true
while :; do
pkill -f mysqld && Print killing greatsql ... || break
sleep 1
done
Print Container stopped.
test -n "$GOT_SIGTERM"
}
function Init {
echo never > /sys/kernel/mm/transparent_hugepage/enabled \
&& echo never > /sys/kernel/mm/transparent_hugepage/defrag \
&& THP_SETTING=never \
|| Print Failed to disable THP, consider privileged container.
rm -f ${SOCK_FILE}* ${PID_FILE}
chown -R mysql:mysql $LOG_DIR $BINLOG_DIR $DATA_DIR
chmod 0750 $LOG_DIR
if [ ! -d "$DATA_DIR/mysql" ]; then
Print Initing greatsql db files ...
mysqld_pre_systemd
INIT_FLAG=1
fi
}
function ImportInitSql {
local sql_file= sql_files=
mysql -e "CREATE USER docker@localhost IDENTIFIED BY 'China_19\$(10)!'"
mysql -e "GRANT SHUTDOWN ON *.* TO docker@localhost"
if sql_files="$(ls $LOG_DIR/init_sql/*.sql 2>/dev/null)"; then
Print Importing the sql files ...
for sql_file in $sql_files; do
Print Importing $sql_file ...
mysql < $sql_file
done
Print Imported all sql files successfully.
fi
}
function StartProc {
mysqld &
PIDS="$PIDS $!"
while sleep 1; do
[ -e $SOCK_FILE ] && break || echo -n .
[ ! -e /proc/$! ] && echo && Print unexpected error! && exit
done
echo
[ -z "$INIT_FLAG" ] || ImportInitSql
Print GreatSQL is ready for connections.
}
function Main {
local pid=
Print Starting greatsql ...
Init
StartProc
trap "GOT_SIGTERM=1; Print Got SIGTERM ..." SIGTERM
while [ -z "$GOT_SIGTERM" ] && sleep 1; do
for pid in $PIDS; do
[ ! -e /proc/$pid ] && Print Unexpected error! && exit
done
done
}
# Start here
Main

107
greatsql/Dockerfile-greatsql8 Normal file
View File

@ -0,0 +1,107 @@
ARG ARCH
FROM harbor.colben.cn/general/rocky$ARCH:8
MAINTAINER Colben colbenlee@gmail.com
ARG BUNDLE_FILE
ADD --chown=root:root /ADD/ /opt/
RUN echo -e 'fs.file-max = 1000000\n\
net.core.somaxconn = 32768\n\
net.ipv4.tcp_syncookies = 0\n\
vm.overcommit_memory = 1\n\
' >> /etc/sysctl.conf \
&& echo -e '\n\
mysql soft nofile 65535\n\
mysql hard nofile 65535\n\
mysql soft stack 32768\n\
mysql hard stack 32768\n\
mysql soft nproc 65535\n\
mysql hard nproc 65535\n\
' >> /etc/security/limits.conf \
&& echo -e '[epel]\n\
name=Extra Packages for Enterprise Linux $releasever - $basearch\n\
baseurl=https://mirrors.tuna.tsinghua.edu.cn/epel/$releasever/Everything/$basearch\n\
enabled=1\n\
gpgcheck=0\n\
' > /etc/yum.repos.d/epel.repo \
&& dnf makecache \
&& dnf -y install xz pkg-config perl libaio-devel numactl-devel numactl-libs net-tools openssl openssl-devel jemalloc jemalloc-devel perl-Data-Dumper perl-Digest-MD5 python2 perl-JSON perl-Test-Simple \
&& curl -LO http://10.11.0.1:10080/$BUNDLE_FILE \
&& tar xf $BUNDLE_FILE -C /tmp/ \
&& rm -f /tmp/greatsql-devel* /tmp/greatsql-mysql-router-* \
&& rpm -ivh /tmp/greatsql-*.rpm \
&& ln -s /usr/bin/mysql /usr/bin/greatsql \
&& ln -s /usr/bin/mysqldump /usr/bin/greatsqldump \
&& rm -rf /usr/sbin/mysqld-debug \
/var/cache/yum \
/var/lib/yum \
/var/lib/rpm \
/var/log/* \
/etc/my.cnf.d \
$BUNDLE_FILE \
/tmp/greatsql-*.rpm \
&& mkdir -p /var/log/mysql \
/var/lib/mysql-bin \
/etc/mysql \
&& chown -R mysql:mysql \
/var/log/mysql \
/var/lib/mysql-bin \
&& chmod 0750 /var/log/mysql \
&& sed -i -e 's,--initialize,&-insecure,g' \
-e 's,/usr/sbin/mysqld ,&--defaults-file=/etc/mysql/my.cnf ,g' \
/usr/bin/mysqld_pre_systemd \
&& echo -e '[mysqld]\n\
mysqlx = OFF\n#\
default-time-zone = "+8:00"\n\
lock-wait-timeout = 3600\n\
open-files-limit = 65535\n\
back-log = 1024\n\
max-connections = 512\n\
lock-wait-timeout = 3600\n\
open-files-limit = 65535\n\
back-log = 1024\n\
max-connections = 512\n\
max-connect-errors = 1000000\n\
table-open-cache = 1024\n\
table-definition-cache = 1024\n\
thread-stack = 512K\n\
sort-buffer-size = 4M\n\
join-buffer-size = 4M\n\
read-buffer-size = 8M\n\
read-rnd-buffer-size = 4M\n\
bulk-insert-buffer-size = 64M\n\
thread-cache-size = 768\n\
interactive-timeout = 600\n\
wait-timeout = 600\n\
tmp-table-size = 32M\n\
max-heap-table-size = 32M\n\
max-allowed-packet = 64M\n\
net-buffer-shrink-interval = 180\n\
sql-generate-invisible-primary-key = ON\n\
' > /etc/my.cnf \
&& echo -e '[client]\n\
socket = /run/mysqld/mysqld.sock\n\
\n\
[mysql]\n\
prompt = "[GreatSQL:\u@\d]>\_"\n\
\n\
[mysqld]\n\
user = mysql\n\
datadir = /var/lib/mysql\n\
socket = /run/mysqld/mysqld.sock\n\
pid-file = /run/mysqld/mysqld.pid\n\
log-timestamps = SYSTEM\n\
secure-log-path = /var/log/mysql\n\
log-error = /var/log/mysql/error.log\n\
log-error-suppression-list = MY-013360\n\
character-set-server = utf8mb4\n\
default-storage-engine = innodb\n\
slow-query-log = TRUE\n\
slow-query-log-file = /var/log/mysql/slow.log\n\
authentication-policy = mysql_native_password\n\
lower-case-table-names = 1\n\
\n\
[mysqladmin]\n\
user = docker\n\
password = China_19$(10)!\n\
' > /etc/mysql/my.cnf
CMD ["/opt/ccmd"]

19
greatsql/README.md Normal file
View File

@ -0,0 +1,19 @@
# 构建 greatsql 8.0 镜像
## 定制
- 安装 greatsql 8.0
- 固定一些常用配置
- 第一次启动时,会执行如下操作
- 初始化数据目录
- 自动创建一个只有 shutdown 权限的普通用户,该用户用于优雅停止 greatsql__不要修改该用户任何信息__
- 自动执行 {mysql-log}/init_sql/ 下的 xxxx.sql 文件
## 外挂目录和文件
- /etc/my.cnf: mysql 配置文件
- /var/lib/mysql: mysql 数据目录
- /var/lib/mysql-bin: mysql binlog 目录
- /var/log/mysql: mysql 日志目录
## 案例
- 参考 mysql

79
greatsql/greatsql8.sh Executable file
View File

@ -0,0 +1,79 @@
#!/bin/bash
#=========================================
# Author : colben
#=========================================
set -euo pipefail
export LANG=en_US.UTF-8
[ 'x86_64' == "$(uname -m)" ] && ARCH='' || ARCH="-$(uname -m)"
ROOT_DIR="$(cd $(dirname $0) && pwd)"
IMAGE="harbor.colben.cn/general/greatsql$ARCH:8"
BUNDLE_FILE=
if [ -t 0 ]; then
function Print { echo -e "\033[36;1m$(date +'[%F %T]')\033[32;1m $*\033[0m"; }
function Warn { echo -e "\033[36;1m$(date +'[%F %T]')\033[33;1m $*\033[0m"; }
function Error { echo -e "\033[36;1m$(date +'[%F %T]')\033[31;1m $*\033[0m"; exit 1; }
else
function Print { echo -e "$(date +'[%F %T INFO]') $*"; }
function Warn { echo -e "$(date +'[%F %T WARN]') $*"; }
function Error { echo -e "$(date +'[%F %T ERROR]') $*"; exit 1; }
fi
function Quit {
local exitCode=$?
pkill -f '^python2 -m SimpleHTTPServer 10080$' || true
[ 0 -ne $exitCode ] && Error Failed to build or push image!
[ -z "${END:-}" ] && echo && Error Interrupted manually!
Print Succeeded to build and push image.
}
function YesOrNo {
Warn $*
local sw=
while :; do
read -p '(Yes/No/Quit) ' -n1 sw
[[ "$sw" =~ ^Y|y$ ]] && echo && return 0
[[ "$sw" =~ ^N|n$ ]] && echo && return 1
[[ "$sw" =~ ^Q|q$ ]] && echo && exit 0
[ -n "$sw" ] && echo
done
}
function Update {
Warn Check files ...
cd /release/RUNTIME
if [ -z "$ARCH" ]; then
BUNDLE_FILE=greatsql-8.0.32-26.1.el8.amd64.rpm-bundle.tar.xz
elif [ '-aarch64' == "$ARCH" ]; then
BUNDLE_FILE=greatsql-8.0.32-26.1.el8.arm64.rpm-bundle.tar.xz
else
Error Unknown arch: $ARCH!
fi
[ -e $BUNDLE_FILE ] || Error Not found $BUNDLE_FILE!
python2 -m SimpleHTTPServer 10080 &>/dev/null &
}
function Build {
local yn
cd $ROOT_DIR
docker images --format='{{.Repository}}:{{.Tag}}' | grep "^$IMAGE$" \
&& Warn Removing image $IMAGE ... \
&& docker rmi $IMAGE
Warn Building image: $IMAGE ...
docker build --force-rm --build-arg ARCH="$ARCH" --build-arg BUNDLE_FILE="$BUNDLE_FILE" -t $IMAGE -f Dockerfile-greatsql8 .
YesOrNo Push image: $IMAGE? && docker push $IMAGE
}
function Main {
trap Quit EXIT
Update
Build
END=1
}
# Start here
Main

77
vsftpd/ADD/ccmd Executable file
View File

@ -0,0 +1,77 @@
#!/bin/bash
##################################################
# Mount file #
# - /etc/vsftpd/vsftpd.conf #
# Mount dir #
# - /var/lib/ftp, /home or other data_dir #
# - LOG_DIR #
# ENV #
# - VSFTPD_OPTS #
##################################################
set -euo pipefail
export LANG=en_US.UTF-8
trap Quit EXIT
PIDS=
GOT_SIGTERM=
LOG_DIR='/var/log/vsftpd'
ARGS="${VSFTPD_OPTS:-}"
function Print {
local file=/dev/null
[ '-f' = "$1" ] && file=$2 && shift && shift
date +"[%F %T] $*" | tee -a $file
}
function Quit {
Print killing vsftpd ...
while :; do
pkill -f rsync && Print killing vsftpd ... || break
sleep 1
done
Print Container stopped.
test -n "$GOT_SIGTERM"
}
function CreateFtpUser {
local kv=
local uid=
local user=
local userList=/etc/vsftpd/user_list
Print Create ftp users ...
: > $userList
grep -q '^anonymous_enable *= *YES' /etc/vsftpd/vsftpd.conf && echo anonymous >> $userList
for kv in $(env | grep '^FTP_USER_[0-9]\+='); do
uid=$(echo $kv | cut -d= -f1 | cut -d_ -f3)
user=$(echo $kv | cut -d= -f2- | cut -d: -f1)
userPass=$(echo $kv | cut -d= -f2-)
id $uid || adduser -D -s /sbin/nologin -u $uid $user
echo "${userPass}" | chpasswd
echo $user >> $userList
done
}
function StartProc {
Print Starting vsftpd ...
vsftpd /etc/vsftpd/vsftpd.conf $ARGS /etc/vsftpd/vsftpd-sys.conf &
PIDS="$PIDS $!"
Print vsftpd started.
}
function Main {
local pid=
CreateFtpUser
StartProc
trap "GOT_SIGTERM=1; Print Got SIGTERM ..." SIGTERM
while [ -z "$GOT_SIGTERM" ] && sleep 1; do
for pid in $PIDS; do
[ ! -e /proc/$pid ] && Print Unexpected error! && exit
done
done
}
# Start here
Main

16
vsftpd/Demo/README.md Normal file
View File

@ -0,0 +1,16 @@
# 部署 vsftpd
- 服务器数据盘挂载到 /data/ 目录下
- 根据实际环境修改
- docker-compose.yml
- 创建目录
```
grep '\<source:' docker-compose.yml | cut -d: -f2 | xargs mkdir -p
```
- 启动
```
docker-compose up -d
```

73
vsftpd/Demo/docker-compose.yml Normal file
View File

@ -0,0 +1,73 @@
version: "3.7"
services:
# 默认开启 anonymous 用户,无密码,数据目录是 /var/lib/ftp/
# 把容器的数据目录挂载到宿主机数据盘 /data/ftp
# 默认主动模式,控制端口默认监听 21
vsftpd-anonymous:
image: harbor.colben.cn/general/vsftpd:latest
container_name: vsftpd-anonymous
restart: "on-failure"
network_mode: host
volumes:
- type: bind
source: ./vsftpd/vsftpd.conf
target: /etc/vsftpd/vsftpd.conf
- type: bind
source: ./vsftpd/log
target: /var/log/vsftpd
- type: bind
source: /data/ftp
target: /var/lib/ftp
# 默认开启 anonymous 用户,无密码,数据目录是 /var/lib/ftp/
# 创建普通用户 user1uid: 1001密码: 123456允许上传下载数据目录是 $HOME
# 把容器的数据目录挂载到宿主机数据盘 /data/ftp
# 默认主动模式,控制端口监听 3021
vsftpd-full:
image: harbor.colben.cn/general/vsftpd:latest
container_name: vsftpd-full
restart: "on-failure"
environment:
FTP_USER_1001: 'user1:123456'
VSFTPD_OPTS: '-owrite_enable=YES -olisten_port=8021'
network_mode: host
volumes:
- type: bind
source: ./vsftpd/vsftpd.conf
target: /etc/vsftpd/vsftpd.conf
- type: bind
source: ./vsftpd/log
target: /var/log/vsftpd
- type: bind
source: /data/ftp/anonymous
target: /var/lib/ftp
- type: bind
source: /data/ftp
target: /home
# 不允许 anonymous 登录
# 创建普通用户 user2uid 是 1002密码: 123456允许上传下载数据目录是 $HOME
# 创建普通用户 user3uid 是 1003密码: 123456允许上传下载数据目录是 $HOME
# 把容器的数据目录挂载到宿主机数据盘 /data/ftp
# 开启被动模式,控制端口监听 8021数据端口监听 8022
vsftpd:
image: harbor.colben.cn/general/vsftpd:latest
container_name: vsftpd
restart: "on-failure"
environment:
FTP_USER_1002: 'user2:123456'
FTP_USER_1003: 'user3:123456'
VSFTPD_OPTS: '-oanonymous_enable=NO -owrite_enable=YES -olisten_port=8021 -opasv_min_port=8022 -opasv_max_port=8022'
network_mode: host
volumes:
- type: bind
source: ./vsftpd/vsftpd.conf
target: /etc/vsftpd/vsftpd.conf
- type: bind
source: ./vsftpd/log
target: /var/log/vsftpd
- type: bind
source: /data/ftp
target: /home

22
vsftpd/Dockerfile Normal file
View File

@ -0,0 +1,22 @@
ARG ARCH
FROM harbor.colben.cn/general/alpine$ARCH:3.12
MAINTAINER Colben colbenlee@gmail.com
ADD --chown=root:root /ADD/ /opt/
RUN apk update \
&& apk add --no-cache vsftpd \
&& mkdir -p /var/log/vsftpd \
&& rm -rf /var/cache/apk/* \
&& echo -e 'seccomp_sandbox=NO\n\
local_enable=YES\n\
userlist_enable=YES\n\
userlist_deny=NO\n\
userlist_file=/etc/vsftpd/user_list\n\
chroot_local_user=YES\n\
allow_writeable_chroot=YES\n\
dual_log_enable=YES\n\
xferlog_file=/var/log/vsftpd/xfer.log\n\
vsftpd_log_file=/var/log/vsftpd/vsftpd.log\n\
' > /etc/vsftpd/vsftpd-sys.conf
CMD ["/opt/ccmd"]

15
vsftpd/README.md Normal file
View File

@ -0,0 +1,15 @@
# 构建 vsftpd 镜像
## 定制
- 安装 vsftpd
## 外挂目录和文件
- /etc/vsftpd/vsftpd.conf: vsftpd 配置文件
- /var/log/vsftpd: vsftpd 日志目录
- 数据目录
* anonymous 用户: /var/lib/ftp
* 其他用户: $HOME 或 local_root
## 案例
- [Demo/](Demo/): 部署 vsftpd

67
vsftpd/vsftpd.sh Executable file
View File

@ -0,0 +1,67 @@
#!/bin/bash
#=========================================
# Author : colben
#=========================================
set -euo pipefail
export LANG=en_US.UTF-8
[ 'x86_64' == "$(uname -m)" ] && ARCH='' || ARCH="-$(uname -m)"
ROOT_DIR="$(cd $(dirname $0) && pwd)"
IMAGE="harbor.colben.cn/general/$(basename ${0%.sh})$ARCH:latest"
if [ -t 0 ]; then
function Print { echo -e "\033[36;1m$(date +'[%F %T]')\033[32;1m $*\033[0m"; }
function Warn { echo -e "\033[36;1m$(date +'[%F %T]')\033[33;1m $*\033[0m"; }
function Error { echo -e "\033[36;1m$(date +'[%F %T]')\033[31;1m $*\033[0m"; exit 1; }
else
function Print { echo -e "$(date +'[%F %T INFO]') $*"; }
function Warn { echo -e "$(date +'[%F %T WARN]') $*"; }
function Error { echo -e "$(date +'[%F %T ERROR]') $*"; exit 1; }
fi
function Quit {
local exitCode=$?
[ 0 -ne $exitCode ] && Error Failed to build or push image!
[ -z "${END:-}" ] && echo && Error Interrupted manually!
Print Succeeded to build and push image.
}
function YesOrNo {
Warn $*
local sw=
while :; do
read -p '(Yes/No/Quit) ' -n1 sw
[[ "$sw" =~ ^Y|y$ ]] && echo && return 0
[[ "$sw" =~ ^N|n$ ]] && echo && return 1
[[ "$sw" =~ ^Q|q$ ]] && echo && exit 0
[ -n "$sw" ] && echo
done
}
function Update {
:
}
function Build {
local yn
cd $ROOT_DIR
docker images --format='{{.Repository}}:{{.Tag}}' | grep "^$IMAGE$" \
&& Warn Removing image $IMAGE ... \
&& docker rmi $IMAGE
Warn Building image: $IMAGE ...
docker build --force-rm --build-arg ARCH="$ARCH" -t $IMAGE .
YesOrNo Push image: $IMAGE? && docker push $IMAGE
}
function Main {
trap Quit EXIT
Update
Build
END=1
}
# Start here
Main