-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathboot
More file actions
executable file
·170 lines (137 loc) · 4.9 KB
/
boot
File metadata and controls
executable file
·170 lines (137 loc) · 4.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
#!/usr/bin/env bash
#
# This script is designed to be run inside the container
#
# fail hard and fast even on pipelines
set -eo pipefail
if [[ -f /etc/environment_proxy ]]; then
source /etc/environment_proxy
fi
# set debug based on envvar
[[ $DEBUG ]] && set -x
# configure etcd
export ETCD_PORT=${ETCD_PORT:-4001}
export ETCD="$HOST:$ETCD_PORT"
export ETCD_PATH=${ETCD_PATH:-/deis/builder}
export ETCD_TTL=${ETCD_TTL:-20}
# wait for etcd to be available
until etcdctl --no-sync -C $ETCD ls >/dev/null 2>&1; do
echo "waiting for etcd at $ETCD..."
sleep $(($ETCD_TTL/2)) # sleep for half the TTL
done
# wait until etcd has discarded potentially stale values
sleep $(($ETCD_TTL+1))
function etcd_safe_mkdir {
set +e
ERROR="$(etcdctl --no-sync -C $ETCD mkdir $1 2>&1 >/dev/null)"
if [[ $? -ne 0 && $(echo $ERROR | grep -ive "key already exists") ]]; then
echo "etcd_safe_mkdir: an etcd error occurred ($ERROR)"
echo "aborting..."
exit 1
fi
set -e
}
function etcd_set_default_stdin {
set +e
ERROR=$(etcdctl --no-sync -C $ETCD mk $ETCD_PATH/$1 2>&1 >/dev/null)
if [[ $? -ne 0 && $(echo $ERROR | grep -ive "key already exists") ]]; then
echo "etcd_set_default_stdin: an etcd error occurred ($ERROR)"
echo "aborting..."
exit 1
fi
set -e
}
function etcd_get {
etcdctl --no-sync -C $ETCD get $ETCD_PATH/$1
}
etcd_safe_mkdir $ETCD_PATH/users
# wait for confd to run once and install initial templates
until confd -onetime -node $ETCD --log-level error; do
echo "builder: waiting for confd to write initial templates..."
sleep $(($ETCD_TTL/2)) # sleep for half the TTL
done
# spawn confd in the background to update services based on etcd changes
confd -node $ETCD --log-level error --interval 5 &
CONFD_PID=$!
# remove any pre-existing docker.sock
test -e /var/run/docker.sock && rm -f /var/run/docker.sock
# force overlayfs if the Docker daemon on the host is using it
mkdir --parents --mode=0700 /
fstype=$(findmnt --noheadings --output FSTYPE --target /)
if [[ "$fstype" == "overlay" ]]; then
DRIVER_OVERRIDE="--storage-driver=overlay"
fi
# spawn a docker daemon to run builds
docker -d --bip=172.19.42.1/16 $DRIVER_OVERRIDE --insecure-registry 10.0.0.0/8 --insecure-registry 172.16.0.0/12 --insecure-registry 192.168.0.0/16 --insecure-registry 100.64.0.0/10 &
DOCKER_PID=$!
# wait for docker to start
while [[ ! -e /var/run/docker.sock ]]; do
sleep 1
done
# build required images if they don't already exist
if ! docker history deis/slugbuilder >/dev/null 2>&1; then
docker build -t deis/slugbuilder /usr/local/src/slugbuilder/
fi
if ! docker history deis/slugrunner >/dev/null 2>&1; then
docker build -t deis/slugrunner /usr/local/src/slugrunner/
fi
function gen_host_keys {
if ! etcd_get sshHostKey; then
# generate the keys, then set them up in etcd
/usr/bin/ssh-keygen -A
for type in dsa ecdsa ed25519 rsa; do
cat "/etc/ssh/ssh_host_${type}_key" | etcd_set_default_stdin "sshHost${type}Key"
cat "/etc/ssh/ssh_host_${type}_key.pub" | etcd_set_default_stdin "sshHost${type}PubKey"
done
cat "etc/ssh/ssh_host_key" | etcd_set_default_stdin sshHostKey
cat "/etc/ssh/ssh_host_key.pub" | etcd_set_default_stdin sshHostPubKey
else
# pull the keys from etcd
for type in dsa ecdsa ed25519 rsa; do
etcd_get "sshHost${type}Key" > "/etc/ssh/ssh_host_${type}_key"
etcd_get "sshHost${type}PubKey" > "/etc/ssh/ssh_host_${type}_key.pub"
done
etcd_get sshHostKey > /etc/ssh/ssh_host_key
etcd_get sshHostPubKey > /etc/ssh/ssh_host_key.pub
fi
# set private key permissions to 0600
chmod 0600 /etc/ssh/ssh_host_*key
}
gen_host_keys
# wait until confd generates the push-images script
while [[ ! -e /usr/local/bin/push-images ]]; do
echo "waiting for confd to generate '/usr/local/bin/push-images'..."
sleep 1
done
# start an SSH daemon to process `git push` requests
/usr/sbin/sshd -D -e &
SSHD_PID=$!
# start a cleanup script to remote old repositories and images
/bin/cleanup &
CLEANUP_PID=$!
# smart shutdown on SIGINT and SIGTERM
function on_exit() {
kill -TERM $DOCKER_PID $SSHD_PID $CLEANUP_PID
wait $DOCKER_PID $SSHD_PID $CLEANUP_PID 2>/dev/null
exit 0
}
trap on_exit INT TERM EXIT
echo deis-builder running...
# publish the service to etcd using the injected EXTERNAL_PORT
if [[ ! -z $EXTERNAL_PORT ]]; then
# configure service discovery
PORT=${PORT:-22}
PROTO=${PROTO:-tcp}
set +e
# wait for the service to become available on PORT
sleep 1 && while [[ -z $(netstat -lnt | awk "\$6 == \"LISTEN\" && \$4 ~ \".$PORT\" && \$1 ~ \"$PROTO.?\"") ]] ; do sleep 1; done
# while the port is listening, publish to etcd
while [[ ! -z $(netstat -lnt | awk "\$6 == \"LISTEN\" && \$4 ~ \".$PORT\" && \$1 ~ \"$PROTO.?\"") ]] ; do
etcdctl --no-sync -C $ETCD set $ETCD_PATH/host $HOST --ttl $ETCD_TTL >/dev/null
etcdctl --no-sync -C $ETCD set $ETCD_PATH/port $EXTERNAL_PORT --ttl $ETCD_TTL >/dev/null
sleep $(($ETCD_TTL/2)) # sleep for half the TTL
done
# if the loop quits, something went wrong
exit 1
fi
wait