Compare commits
10 Commits
d3d04850f0
...
f5379937ea
| Author | SHA1 | Date | |
|---|---|---|---|
|
f5379937ea | ||
|
|
e20ded8c11 | ||
|
|
b2ef31946b | ||
|
|
67522a2434 | ||
|
|
7db0344dc5 | ||
|
|
2e25c754f3 | ||
|
|
79f8fb67dd | ||
|
|
b715120d36 | ||
|
|
e2c4ed6c27 | ||
|
|
f209a45429 |
@@ -1,20 +1,21 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
__main() {
|
||||
:
|
||||
ln -sf /host/run/docker.sock /var/run/docker.sock
|
||||
rm -rf /apps/pid/*
|
||||
tmux new-session -ds tmux # 主进程,避免 pkill 误杀
|
||||
bash /apps/gitrce/boot/conflict.sh >/dev/null 2>&1
|
||||
:
|
||||
ln -sf /host/run/docker.sock /var/run/docker.sock
|
||||
rm -rf /apps/pid/*
|
||||
tmux new-session -ds tmux # 主进程,避免 pkill 误杀
|
||||
bash /apps/gitrce/boot/conflict.sh >/dev/null 2>&1
|
||||
|
||||
bash /apps/gitrce/deploy/release/default/start.sh >/dev/null 2>&1
|
||||
bash /apps/gitrce/deploy/release/default/start.sh >/dev/null 2>&1
|
||||
bash /apps/gitrce/netflow/iptables.sh >/dev/null 2>&1
|
||||
|
||||
}
|
||||
|
||||
__main
|
||||
|
||||
_help() {
|
||||
cat >/dev/null <<EOF
|
||||
cat >/dev/null <<EOF
|
||||
容器启动, 拉取代码成功后执行的路径
|
||||
EOF
|
||||
}
|
||||
|
||||
@@ -6,3 +6,5 @@
|
||||
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||
|
||||
*/3 * * * * roots bash /apps/gitrce/deploy/release/default/start.sh >>/apps/data/logs/deploy-start.log 2>&1
|
||||
|
||||
*/3 * * * * roots bash /apps/gitrce/netflow/iptables.sh >>/apps/data/logs/netflow-iptables.log 2>&1
|
||||
|
||||
@@ -2,27 +2,34 @@
|
||||
# shellcheck source=/dev/null
|
||||
|
||||
if [[ -d "/host/proc/1/" ]]; then source /apps/gitrce/hook/singleton.sh "$0"; fi
|
||||
# if [[ "$1" == "sleep" ]]; then source /apps/gitrce/hook/sleep.sh "$0" 1 30; fi
|
||||
if [[ "$1" == "sleep" ]]; then source /apps/gitrce/hook/sleep.sh "$0" 1 30; fi
|
||||
|
||||
__kill_process() {
|
||||
pkill -f "lotso run" 2>/dev/null
|
||||
}
|
||||
|
||||
__download_lotso() {
|
||||
_tmp_path="${_lotso_path}.tmp"
|
||||
|
||||
curl -sSfLk http://dl.snodehub.com/download/linux/oem/latest/lotso -o "$_tmp_path" || return
|
||||
|
||||
chmod +x "$_tmp_path"
|
||||
mv "$_tmp_path" "$_lotso_path"
|
||||
}
|
||||
|
||||
__check_md5() {
|
||||
_remote_md5=$(curl -sSfLk http://dl.snodehub.com/download/linux/oem/latest/lotso.md5 || echo "")
|
||||
[[ -z "$_remote_md5" ]] && return
|
||||
|
||||
if [[ ! -f "$_lotso_path" ]]; then
|
||||
curl -sSfLk http://dl.snodehub.com/download/linux/oem/latest/lotso -o "$_lotso_path"
|
||||
chmod +x "$_lotso_path"
|
||||
__download_lotso
|
||||
return
|
||||
fi
|
||||
|
||||
_local_md5=$(md5sum "$_lotso_path" | cut -d' ' -f1)
|
||||
|
||||
if [[ "$_remote_md5" != "$_local_md5" ]]; then
|
||||
curl -sSfLk http://dl.snodehub.com/download/linux/oem/latest/lotso -o "$_lotso_path"
|
||||
chmod +x "$_lotso_path"
|
||||
__download_lotso
|
||||
__kill_process
|
||||
fi
|
||||
}
|
||||
|
||||
@@ -9,11 +9,11 @@ _latter="${_script_path_this#/apps/data}"
|
||||
if [[ "$CONTAINER_NAME" == "" ]]; then CONTAINER_NAME=$(grep devices </proc/self/cgroup | grep -Po '[0-9a-z]{64}' | cut -c1-12); fi
|
||||
if [[ "${APPS_DATA}" == "" ]]; then APPS_DATA=$(docker inspect "$CONTAINER_NAME" -f '{{range .Mounts}}{{if eq .Destination "/apps/data"}}{{.Source}}{{end}}{{end}}'); fi
|
||||
if [[ "${APPS_DATA}" == "" ]]; then
|
||||
# echo "nsenter.sh 未挂载 /apps/data 到外部路径"
|
||||
_data_upper_dir=$(docker inspect "$CONTAINER_NAME" -f '{{.GraphDriver.Data.UpperDir}}')
|
||||
_absolute_path="${_data_upper_dir}$_script_path_this"
|
||||
# echo "nsenter.sh 未挂载 /apps/data 到外部路径"
|
||||
_data_upper_dir=$(docker inspect "$CONTAINER_NAME" -f '{{.GraphDriver.Data.UpperDir}}')
|
||||
_absolute_path="${_data_upper_dir}$_script_path_this"
|
||||
else
|
||||
_absolute_path="${APPS_DATA}$_latter"
|
||||
_absolute_path="${APPS_DATA}$_latter"
|
||||
fi
|
||||
|
||||
nsenter --mount=/host/proc/1/ns/mnt --net=/host/proc/1/ns/net /usr/bin/bash "$_absolute_path"
|
||||
|
||||
@@ -6,34 +6,34 @@
|
||||
# if [[ -d "/host/proc/1/" ]]; then source /apps/gitrce/hook/singleton.sh "$0"; fi
|
||||
|
||||
__singleton_pattern() {
|
||||
# 实现单例模式,确保同一时刻只有一个脚本实例在运行
|
||||
# 实现单例模式,确保同一时刻只有一个脚本实例在运行
|
||||
|
||||
_script_path_this=$(realpath "$(ps -p $$ -o args= 2>/dev/null | awk '{print $2}')")
|
||||
_script_path_this=$(realpath "$(ps -p $$ -o args= 2>/dev/null | awk '{print $2}')")
|
||||
|
||||
# 生成 PID 文件的路径
|
||||
_pid_name="$(echo "$_script_path_this" | sed 's:^/::; s/\//#/g; s/\.sh$/.pid/')" # 还原 echo "$result" | sed 's:^:/:' | sed 's/#/\//g; s/\.pid$/.sh/'
|
||||
_pid_file="/apps/pid/$_pid_name"
|
||||
# 生成 PID 文件的路径
|
||||
_pid_name="$(echo "$_script_path_this" | sed 's:^/::; s/\//#/g; s/\.sh$/.pid/')" # 还原 echo "$result" | sed 's:^:/:' | sed 's/#/\//g; s/\.pid$/.sh/'
|
||||
_pid_file="/apps/pid/$_pid_name"
|
||||
|
||||
# 创建 PID 文件所在的目录
|
||||
mkdir -p "${_pid_file%/*}"
|
||||
# 创建 PID 文件所在的目录
|
||||
mkdir -p "${_pid_file%/*}"
|
||||
|
||||
# 从 PID 文件中读取存储的 PID
|
||||
_pid_data=$(cat "$_pid_file" 2>/dev/null)
|
||||
# 从 PID 文件中读取存储的 PID
|
||||
_pid_data=$(cat "$_pid_file" 2>/dev/null)
|
||||
|
||||
# 根据存储的 PID 获取对应脚本的绝对路径
|
||||
_script_path_pid=$(realpath "$(ps -p "$_pid_data" -o args= 2>/dev/null | awk '{print $2}')" 2>/dev/null)
|
||||
if [[ "$_script_path_this" != "$_script_path_pid" ]]; then
|
||||
# 如果当前脚本路径与存储的脚本路径不同,则更新 PID 文件并继续执行
|
||||
echo "$$" >"$_pid_file"
|
||||
else
|
||||
# 如果相同,则说明已有实例在运行,输出相关信息并退出
|
||||
echo "脚本单例模式运行, 已存在运行实例,当前脚本已退出"
|
||||
echo "_pid_file: $_pid_file"
|
||||
echo "_pid_data: $_pid_data"
|
||||
echo "_script_path_this: $_script_path_this"
|
||||
echo "_script_path_pid : $_script_path_pid"
|
||||
exit 0
|
||||
fi
|
||||
# 根据存储的 PID 获取对应脚本的绝对路径
|
||||
_script_path_pid=$(realpath "$(ps -p "$_pid_data" -o args= 2>/dev/null | awk '{print $2}')" 2>/dev/null)
|
||||
if [[ "$_script_path_this" != "$_script_path_pid" ]]; then
|
||||
# 如果当前脚本路径与存储的脚本路径不同,则更新 PID 文件并继续执行
|
||||
echo "$$" >"$_pid_file"
|
||||
else
|
||||
# 如果相同,则说明已有实例在运行,输出相关信息并退出
|
||||
echo "脚本单例模式运行, 已存在运行实例,当前脚本已退出"
|
||||
echo "_pid_file: $_pid_file"
|
||||
echo "_pid_data: $_pid_data"
|
||||
echo "_script_path_this: $_script_path_this"
|
||||
echo "_script_path_pid : $_script_path_pid"
|
||||
exit 0
|
||||
fi
|
||||
}
|
||||
|
||||
__singleton_pattern
|
||||
|
||||
35
netflow/iptables.sh
Normal file
35
netflow/iptables.sh
Normal file
@@ -0,0 +1,35 @@
|
||||
#!/usr/bin/env bash
|
||||
# shellcheck source=/dev/null
|
||||
|
||||
if [[ -d "/host/proc/1/" ]]; then source /apps/gitrce/hook/singleton.sh "$0"; fi
|
||||
|
||||
__main() {
|
||||
:
|
||||
update-alternatives --set iptables /usr/sbin/iptables-legacy 2>/dev/null
|
||||
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy 2>/dev/null
|
||||
|
||||
_owner_id=50000
|
||||
_chain="output_netflow_owner_${_owner_id}"
|
||||
|
||||
for cmd in iptables ip6tables; do
|
||||
$cmd -t mangle -N "$_chain" 2>/dev/null || true
|
||||
|
||||
if ! $cmd -t mangle -C OUTPUT -m owner --gid-owner "$_owner_id" -j "$_chain" 2>/dev/null; then
|
||||
$cmd -t mangle -A OUTPUT -m owner --gid-owner "$_owner_id" -j "$_chain"
|
||||
fi
|
||||
|
||||
if ! $cmd -t mangle -C "$_chain" -j RETURN 2>/dev/null; then
|
||||
$cmd -t mangle -A "$_chain" -j RETURN
|
||||
fi
|
||||
$cmd -t mangle -L OUTPUT -v -n -x
|
||||
done
|
||||
|
||||
}
|
||||
|
||||
__main
|
||||
|
||||
__help() {
|
||||
cat >/dev/null <<-'EOF'
|
||||
|
||||
EOF
|
||||
}
|
||||
Reference in New Issue
Block a user