JakeHillion/storj
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
87ea2a4794
storj/cmd/storagenode/docker/entrypoint
Clement Sam 87ea2a4794 cmd/storagenode: make supervisor HTTP Server configurable 
The current supervisord condifguration sets up the HTTP server
to listen on a tcp socket which is private i.e. available only
on localhost. This poses a regression where multiple containers
cannot be run if the host network interface is used when docker
container is run with `--network host` option.

This change adds a new env variable `SUPERVISOR_SERVER`, with
potential values `unix | private_port | public_port`, where
`unix` is set as the default value.

By default, the HTTP server is now set to listen on a UNIX
domain socket.
The file path is set to `/etc/supervisor/supervisor.sock`
instead of the /tmp directory since some systems
periodically delete older files in /tmp. If the socket file is
deleted, supervisorctl will be unable to connect to supervisord.

When SUPERVISOR_SERVER is set to `public_port` or `private_port`,
the HTTP server is set to listen on a TCP socket.

Resolves https://github.com/storj/storj/issues/4661

Change-Id: I224836dcae0293bcfe49874f2748be7723944687
2022-05-16 20:06:24 +00:00

126 lines
4.2 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
set -euo pipefail
get_default_url() {
process=$1
version=$2
wget -O- "${VERSION_SERVER_URL}/processes/${process}/${version}/url?os=linux&arch=${GOARCH}"
}
get_binary() {
binary=$1
url=$2
wget -O "/tmp/${binary}.zip" "${url}"
unzip -p "/tmp/${binary}.zip" > "/app/${binary}"
rm "/tmp/${binary}.zip"
chmod u+x "/app/${binary}"
}
# install storagenode and storagenode-updater binaries
# during run of the container to not to release new docker image
# on each new version of the storagenode binary.
if [ ! -f "storagenode-updater" ]; then
echo "downloading storagenode-updater"
get_binary storagenode-updater "$(get_default_url storagenode-updater minimum)"
if ./storagenode-updater should-update storagenode-updater \
--binary-location /app/storagenode-updater \
--identity-dir identity \
--version.server-address="${VERSION_SERVER_URL}" 2>/dev/null
then
echo "updating storagenode-updater"
get_binary storagenode-updater "$(get_default_url storagenode-updater suggested)"
fi
fi
if [ ! -f "storagenode" ]; then
echo "downloading storagenode"
if ./storagenode-updater should-update storagenode \
--identity-dir identity \
--version.server-address="${VERSION_SERVER_URL}" 2>/dev/null
then
get_binary storagenode "$(get_default_url storagenode suggested)"
else
get_binary storagenode "$(get_default_url storagenode minimum)"
fi
fi
SUPERVISOR_SERVER="${SUPERVISOR_SERVER:-unix}"
RUN_PARAMS="${RUN_PARAMS:-} --config-dir config"
RUN_PARAMS="${RUN_PARAMS} --identity-dir identity"
RUN_PARAMS="${RUN_PARAMS} --metrics.app-suffix=-alpha"
RUN_PARAMS="${RUN_PARAMS} --metrics.interval=30m"
if [ -n "${VERSION_SERVER_URL:-}" ]; then
RUN_PARAMS="${RUN_PARAMS} --version.server-address=${VERSION_SERVER_URL}"
fi
if [ "${AUTO_UPDATE:-}" != "true" ]; then
AUTO_UPDATE="false"
fi
SNO_RUN_PARAMS="${RUN_PARAMS} --console.address=:14002"
if [ -n "${STORAGE:-}" ]; then
SNO_RUN_PARAMS="${SNO_RUN_PARAMS} --storage.allocated-disk-space=${STORAGE}"
fi
if [ -n "${ADDRESS:-}" ]; then
SNO_RUN_PARAMS="${SNO_RUN_PARAMS} --contact.external-address=${ADDRESS}"
fi
if [ -n "${EMAIL:-}" ]; then
SNO_RUN_PARAMS="${SNO_RUN_PARAMS} --operator.email=${EMAIL}"
fi
if [ -n "${WALLET:-}" ]; then
SNO_RUN_PARAMS="${SNO_RUN_PARAMS} --operator.wallet=${WALLET}"
fi
if [ "${SETUP:-}" = "true" ]; then
echo "Running ./storagenode setup $SNO_RUN_PARAMS ${*}"
exec ./storagenode setup ${SNO_RUN_PARAMS} ${*}
else
sed -i \
"s#^command=/app/storagenode-updater\$#command=/app/storagenode-updater run --binary-location /app/storagenode ${RUN_PARAMS} #" \
/etc/supervisor/supervisord.conf
sed -i \
"s#^command=/app/storagenode\$#command=/app/storagenode run ${SNO_RUN_PARAMS} ${*}#" \
/etc/supervisor/supervisord.conf
# remove explicit user flag when container is run as non-root
if [ $EUID != "0" ]; then
sed -i "s#^user=root##" /etc/supervisor/supervisord.conf
fi
#
case ${SUPERVISOR_SERVER} in
unix) # default
;;
public_port)
# replace unix_http_server section to inet_http_server
sed -i "s#^\[unix_http_server\]\$#\[inet_http_server\]#" /etc/supervisor/supervisord.conf
# replace unix socket file with tcp public port
sed -i "s#^file=/etc/supervisor/supervisor.sock\$#port=*:9001#" /etc/supervisor/supervisord.conf
# set server url to http server address
sed -i "s#^serverurl=unix:///etc/supervisor/supervisor.sock\$#serverurl=http://127.0.0.1:9001#" /etc/supervisor/supervisord.conf
;;
private_port)
# replace unix_http_server section to inet_http_server
sed -i "s#^\[unix_http_server\]\$#\[inet_http_server\]#" /etc/supervisor/supervisord.conf
# replace unix socket file with tcp private port .i.e. listens on only localhost
sed -i "s#^file=/etc/supervisor/supervisor.sock\$#port=127.0.0.1:9001#" /etc/supervisor/supervisord.conf
# set server url to http server address
sed -i "s#^serverurl=unix:///etc/supervisor/supervisor.sock\$#serverurl=http://127.0.0.1:9001#" /etc/supervisor/supervisord.conf
;;
*)
echo "Invalid value '${SUPERVISOR_SERVER}' for SUPERVISOR_SERVER. Expected 'unix', 'public_port' or 'private_port'"
exit 1
;;
esac
exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
fi
Reference in New Issue View Git Blame Copy Permalink