首頁 探索 說明
註冊 登入
Apq
/
ZeroTierOne
镜像来自 https://github.com/zerotier/ZeroTierOne.git
1
0
複刻 0
檔案 問題管理 0 Wiki
分支: gl/ctl-pubsub
分支列表 標籤列表
ZeroTierOne
/
ext
/
central-controller-docker
/
main-new.sh

main-new.sh 6.3 KB
永久連結 文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180 
  1. #!/bin/bash
    2. 

  2. 

  3. # conda init
    4. 

  4. # conda activate central_controller
    5. 

  5. 

  6. if [ -z "$ZT_DB_HOST" ]; then
    7. 

  7.     echo '*** FAILED: ZT_DB_HOST environment variable not defined'
    8. 

  8.     exit 1
    9. 

  9. fi
    10. 

  10. if [ -z "$ZT_DB_PORT" ]; then
    11. 

  11.     echo '*** FAILED: ZT_DB_PORT environment variable not defined'
    12. 

  12.     exit 1
    13. 

  13. fi
    14. 

  14. if [ -z "$ZT_DB_NAME" ]; then
    15. 

  15.     echo '*** FAILED: ZT_DB_NAME environment variable not defined'
    16. 

  16.     exit 1
    17. 

  17. fi
    18. 

  18. if [ -z "$ZT_DB_USER" ]; then
    19. 

  19.     echo '*** FAILED: ZT_DB_USER environment variable not defined'
    20. 

  20.     exit 1
    21. 

  21. fi
    22. 

  22. if [ -z "$ZT_DB_PASSWORD" ]; then
    23. 

  23.     echo '*** FAILED: ZT_DB_PASSWORD environment variable not defined'
    24. 

  24.     exit 1
    25. 

  25. fi
    26. 

  26. 

  27. REDIS=""
    28. 

  28. if [ "$ZT_USE_REDIS" == "true" ]; then
    29. 

  29.     if [ -z "$ZT_REDIS_HOST" ]; then
    30. 

  30.         echo '*** FAILED: ZT_REDIS_HOST environment variable not defined'
    31. 

  31.         exit 1
    32. 

  32.     fi
    33. 

  33. 

  34.     if [ -z "$ZT_REDIS_PORT" ]; then
    35. 

  35.         echo '*** FAILED: ZT_REDIS_PORT enivronment variable not defined'
    36. 

  36.         exit 1
    37. 

  37.     fi
    38. 

  38. 

  39.     if [ -z "$ZT_REDIS_CLUSTER_MODE" ]; then
    40. 

  40.         echo '*** FAILED: ZT_REDIS_CLUSTER_MODE environment variable not defined'
    41. 

  41.         exit 1
    42. 

  42.     fi
    43. 

  43. 

  44.     REDIS=", \"redis\": {
    45. 

  45.             \"hostname\": \"${ZT_REDIS_HOST}\",
    46. 

  46.             \"port\": ${ZT_REDIS_PORT},
    47. 

  47.             \"clusterMode\": ${ZT_REDIS_CLUSTER_MODE},
    48. 

  48.             \"password\": \"${ZT_REDIS_PASSWORD}\"
    49. 

  49.         }
    50. 

  50.     "
    51. 

  51. else
    52. 

  52.     REDIS=", \"redis\": null"
    53. 

  53. fi
    54. 

  54. 

  55. mkdir -p /var/lib/zerotier-one
    56. 

  56. 

  57. pushd /var/lib/zerotier-one
    58. 

  58. if [ -d "$ZT_IDENTITY_PATH" ]; then
    59. 

  59.     echo '*** Using existing ZT identity from path $ZT_IDENTITY_PATH'
    60. 

  60. 

  61.     ln -s $ZT_IDENTITY_PATH/identity.public identity.public
    62. 

  62.     ln -s $ZT_IDENTITY_PATH/identity.secret identity.secret
    63. 

  63.     if [ -L  "$ZT_IDENTITY_PATH/authtoken.secret" ] && [ -e "$ZT_IDENTITY_PATH/authtoken.secret" ]; then
    64. 

  64.         ln -s $ZT_IDENTITY_PATH/authtoken.secret authtoken.secret
    65. 

  65.         ln -s $ZT_IDENTITY_PATH/authtoken.secret metricstoken.secret
    66. 

  66.     fi
    67. 

  67. fi
    68. 

  68. popd
    69. 

  69. 

  70. DEFAULT_PORT=9993
    71. 

  71. DEFAULT_LB_MODE=false
    72. 

  72. 

  73. APP_NAME="controller-$(cat /var/lib/zerotier-one/identity.public | cut -d ':' -f 1)"
    74. 

  74. 

  75. BIGTABLE_CONF=""
    76. 

  76. if [ "$ZT_USE_BIGTABLE" == "true" ]; then
    77. 

  77.     if [ -z "$ZT_BIGTABLE_PROJECT" ] || [ -z "$ZT_BIGTABLE_INSTANCE" ] || [ -z "$ZT_BIGTABLE_TABLE" ]; then
    78. 

  78.         echo '*** FAILED: ZT_BIGTABLE_PROJECT, ZT_BIGTABLE_INSTANCE, and ZT_BIGTABLE_TABLE environment variables must all be defined to use Bigtable as a controller backend'
    79. 

  79.         exit 1
    80. 

  80.     fi
    81. 

  81. 

  82.     BIGTABLE_CONF=", \"bigtable\": {
    83. 

  83.         \"project_id\": \"${ZT_BIGTABLE_PROJECT}\",
    84. 

  84.         \"instance_id\": \"${ZT_BIGTABLE_INSTANCE}\",
    85. 

  85.         \"table_id\": \"${ZT_BIGTABLE_TABLE}\"
    86. 

  86.     }
    87. 

  87.     "
    88. 

  88. fi
    89. 

  89. 

  90. 

  91. PUBSUB_CONF=""
    92. 

  92. if [ "$ZT_USE_PUBSUB" == "true" ]; then
    93. 

  93.     if [ -z "$ZT_PUBSUB_PROJECT" ]; then
    94. 

  94.         echo '*** FAILED: ZT_PUBSUB_PROJECT environment variable must be defined to use PubSub as a controller backend'
    95. 

  95.         exit 1
    96. 

  96.     fi
    97. 

  97. 

  98.     if [ -z "$ZT_PUBSUB_MEMBER_CHANGE_RECV_TOPIC" ] || [ -z "$ZT_PUBSUB_MEMBER_CHANGE_SEND_TOPIC" ] || [ -z "$ZT_PUBSUB_NETWORK_CHANGE_RECV_TOPIC" ] || [ -z "$ZT_PUBSUB_NETWORK_CHANGE_SEND_TOPIC" ]; then
    99. 

  99.         echo '*** FAILED: ZT_PUBSUB_MEMBER_CHANGE_RECV_TOPIC, ZT_PUBSUB_MEMBER_CHANGE_SEND_TOPIC, ZT_PUBSUB_NETWORK_CHANGE_RECV_TOPIC, and ZT_PUBSUB_NETWORK_CHANGE_SEND_TOPIC environment variables must all be defined to use PubSub as a controller backend'
    100. 

  100.         exit 1
    101. 

  101.     fi
    102. 

  102. 

  103.     PUBSUB_CONF=", \"pubsub\": {
    104. 

  104.         \"project_id\": \"${ZT_PUBSUB_PROJECT}\",
    105. 

  105.         \"member_change_recv_topic\": \"${ZT_PUBSUB_MEMBER_CHANGE_RECV_TOPIC}\",
    106. 

  106.         \"member_change_send_topic\": \"${ZT_PUBSUB_MEMBER_CHANGE_SEND_TOPIC}\",
    107. 

  107.         \"network_change_recv_topic\": \"${ZT_PUBSUB_NETWORK_CHANGE_RECV_TOPIC}\",
    108. 

  108.         \"network_change_send_topic\": \"${ZT_PUBSUB_NETWORK_CHANGE_SEND_TOPIC}\"
    109. 

  109.     }
    110. 

  110. "
    111. 

  111. fi
    112. 

  112. 

  113. echo "{
    114. 

  114.     \"settings\": {
    115. 

  115.         \"controllerDbPath\": \"postgres:host=${ZT_DB_HOST} port=${ZT_DB_PORT} dbname=${ZT_DB_NAME} user=${ZT_DB_USER} password=${ZT_DB_PASSWORD} application_name=${APP_NAME} sslmode=prefer sslcert=${DB_CLIENT_CERT} sslkey=${DB_CLIENT_KEY} sslrootcert=${DB_SERVER_CA}\",
    116. 

  116.         \"portMappingEnabled\": true,
    117. 

  117.         \"softwareUpdate\": \"disable\",
    118. 

  118.         \"interfacePrefixBlacklist\": [
    119. 

  119.             \"inot\",
    120. 

  120.             \"nat64\"
    121. 

  121.         ],
    122. 

  122.         \"lowBandwidthMode\": ${ZT_LB_MODE:-$DEFAULT_LB_MODE},
    123. 

  123.         \"ssoRedirectURL\": \"${ZT_SSO_REDIRECT_URL}\",
    124. 

  124.         \"allowManagementFrom\": [\"127.0.0.1\", \"::1\", \"10.0.0.0/8\"],
    125. 

  125.         \"otel\": {
    126. 

  126.             \"exporterEndpoint\": \"${ZT_EXPORTER_ENDPOINT}\",
    127. 

  127.             \"exporterSampleRate\": ${ZT_EXPORTER_SAMPLE_RATE:-0}
    128. 

  128.         }
    129. 

  129.         ${REDIS}
    130. 

  130.     },
    131. 

  131.     \"controller\": {
    132. 

  132.         \"listenMode\": \"${ZT_LISTEN_MODE:-pgsql}\",
    133. 

  133.         \"statusMode\": \"${ZT_STATUS_MODE:-pgsql}\"
    134. 

  134.         ${REDIS}
    135. 

  135.         ${BIGTABLE_CONF}
    136. 

  136.         ${PUBSUB_CONF}
    137. 

  137.     }
    138. 

  138. }    
    139. 

  139. " > /var/lib/zerotier-one/local.conf
    140. 

  140. 

  141. if [ -n "$DB_SERVER_CA" ]; then
    142. 

  142.     echo "secret list"
    143. 

  143.     chmod 600 /secrets/db/*.pem
    144. 

  144.     ls -l /secrets/db/
    145. 

  145.     until pg_isready -h ${ZT_DB_HOST} -p ${ZT_DB_PORT} -d "sslmode=prefer sslcert=${DB_CLIENT_CERT} sslkey=${DB_CLIENT_KEY} sslrootcert=${DB_SERVER_CA}"; do
    146. 

  146. 	    echo "Waiting for PostgreSQL...";
    147. 

  147. 	    sleep 2;
    148. 

  148.     done
    149. 

  149. else
    150. 

  150.     until pg_isready -h ${ZT_DB_HOST} -p ${ZT_DB_PORT}; do
    151. 

  151. 	    echo "Waiting for PostgreSQL...";
    152. 

  152. 	    sleep 2;
    153. 

  153.     done
    154. 

  154. fi
    155. 

  155. 

  156. 

  157. echo "Migrating database (if needed)..."
    158. 

  158. if [ -n "$DB_SERVER_CA" ]; then
    159. 

  159.     /usr/local/bin/migrate -source file:///migrations -database "postgres://$ZT_DB_USER:$ZT_DB_PASSWORD@$ZT_DB_HOST:$ZT_DB_PORT/$ZT_DB_NAME?x-migrations-table=controller_migrations&sslmode=verify-full&sslrootcert=$DB_SERVER_CA&sslcert=$DB_CLIENT_CERT&sslkey=$DB_CLIENT_KEY" up  
    160. 

  160. else 
    161. 

  161.     /usr/local/bin/migrate -source file:///migrations -database "postgres://$ZT_DB_USER:$ZT_DB_PASSWORD@$ZT_DB_HOST:$ZT_DB_PORT/$ZT_DB_NAME?x-migrations-table=controller_migrations&sslmode=disable" up
    162. 

  162. fi
    163. 

  163. 

  164. if [ -n "$ZT_TEMPORAL_HOST" ] && [ -n "$ZT_TEMPORAL_PORT" ]; then
    165. 

  165.     echo "waiting for temporal..."
    166. 

  166.     while ! nc -z ${ZT_TEMPORAL_HOST} ${ZT_TEMPORAL_PORT}; do
    167. 

  167.         echo "waiting...";
    168. 

  168.         sleep 1;
    169. 

  169.     done
    170. 

  170.     echo "Temporal is up"
    171. 

  171. fi
    172. 

  172. 

  173. cat /var/lib/zerotier-one/local.conf
    174. 

  174. 

  175. export GOOGLE_CLOUD_CPP_ENABLE_CLOG=yes
    176. 

  176. export LIBC_FATAL_STDERR_=1
    177. 

  177. export GLIBCXX_FORCE_NEW=1
    178. 

  178. export GLIBCPP_FORCE_NEW=1
    179. 

  179. export LD_PRELOAD="/opt/conda/envs/central_controller/lib/libjemalloc.so.2"
    180. 

  180. exec /usr/local/bin/zerotier-one -p${ZT_CONTROLLER_PORT:-$DEFAULT_PORT} /var/lib/zerotier-one
    181.