public_git
/
bitnami-containers
mirror of https://github.com/bitnami/containers.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

[bitnami/kafka] Release 3.3.1-debian-11-r0 (#9738) 

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
This commit is contained in:
Bitnami Bot 2022-10-10 09:57:21 +02:00 committed by GitHub
parent 8005dd4a33
commit 4928cb79f3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
28 changed files with 3906 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
bitnami/kafka/3.3/debian-11/Dockerfile Normal file
View File

@ -0,0 +1,58 @@
FROM docker.io/bitnami/minideb:bullseye
ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security"
ARG TARGETARCH
LABEL org.opencontainers.image.authors="https://bitnami.com/contact" \
org.opencontainers.image.description="Application packaged by Bitnami" \
org.opencontainers.image.ref.name="3.3.1-debian-11-r0" \
org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/kafka" \
org.opencontainers.image.title="kafka" \
org.opencontainers.image.vendor="VMware, Inc." \
org.opencontainers.image.version="3.3.1"
ENV HOME="/" \
OS_ARCH="${TARGETARCH:-amd64}" \
OS_FLAVOUR="debian-11" \
OS_NAME="linux"
COPY prebuildfs /
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
# Install required system packages and dependencies
RUN install_packages ca-certificates curl procps zlib1g
RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \
COMPONENTS=( \
"java-11.0.16-1-linux-${OS_ARCH}-debian-11" \
"gosu-1.14.0-155-linux-${OS_ARCH}-debian-11" \
"wait-for-port-1.0.3-155-linux-${OS_ARCH}-debian-11" \
"render-template-1.0.3-154-linux-${OS_ARCH}-debian-11" \
"kafka-3.3.1-1-linux-${OS_ARCH}-debian-11" \
) && \
for COMPONENT in "${COMPONENTS[@]}"; do \
if [ ! -f "${COMPONENT}.tar.gz" ]; then \
curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \
curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \
fi && \
sha256sum -c "${COMPONENT}.tar.gz.sha256" && \
tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' && \
rm -rf "${COMPONENT}.tar.gz{,sha256}" ; \
done
RUN apt-get update && apt-get upgrade -y && \
apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives
RUN chmod g+rwX /opt/bitnami
RUN ln -s /opt/bitnami/scripts/kafka/entrypoint.sh /entrypoint.sh
RUN ln -s /opt/bitnami/scripts/kafka/run.sh /run.sh
COPY rootfs /
RUN /opt/bitnami/scripts/java/postunpack.sh
RUN /opt/bitnami/scripts/kafka/postunpack.sh
ENV APP_VERSION="3.3.1" \
BITNAMI_APP_NAME="kafka" \
JAVA_HOME="/opt/bitnami/java" \
PATH="/opt/bitnami/java/bin:/opt/bitnami/common/bin:/opt/bitnami/kafka/bin:$PATH"
EXPOSE 9092
USER 1001
ENTRYPOINT [ "/opt/bitnami/scripts/kafka/entrypoint.sh" ]
CMD [ "/opt/bitnami/scripts/kafka/run.sh" ]

28
bitnami/kafka/3.3/debian-11/docker-compose.yml Normal file
View File

@ -0,0 +1,28 @@
version: "2"
services:
zookeeper:
image: docker.io/bitnami/zookeeper:3.8
ports:
- "2181:2181"
volumes:
- "zookeeper_data:/bitnami"
environment:
- ALLOW_ANONYMOUS_LOGIN=yes
kafka:
image: docker.io/bitnami/kafka:3.3
ports:
- "9092:9092"
volumes:
- "kafka_data:/bitnami"
environment:
- KAFKA_CFG_ZOOKEEPER_CONNECT=zookeeper:2181
- ALLOW_PLAINTEXT_LISTENER=yes
depends_on:
- zookeeper
volumes:
zookeeper_data:
driver: local
kafka_data:
driver: local

37
bitnami/kafka/3.3/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json Normal file
View File

@ -0,0 +1,37 @@
{
"gosu": {
"arch": "amd64",
"digest": "f21869b27c26b9c3053bce8b419a0fdf1dc45fcf13a7c2058e0afb6996d3687f",
"distro": "debian-11",
"type": "NAMI",
"version": "1.14.0-155"
},
"java": {
"arch": "amd64",
"digest": "c375579c55ee13d9561dcfaeba0338a6c2f5233dc386ead63dbbb67cc974fcdb",
"distro": "debian-11",
"type": "NAMI",
"version": "11.0.16-1"
},
"kafka": {
"arch": "amd64",
"digest": "2ec7bfd8fc309d0db4157bde45322ec24c53f216bd0c37b634f50a86c4e02fe9",
"distro": "debian-11",
"type": "NAMI",
"version": "3.3.1-1"
},
"render-template": {
"arch": "amd64",
"digest": "cb0a32f121f58797a77247fe41ae2b9f9b705bdf170f55015963c667edca6360",
"distro": "debian-11",
"type": "NAMI",
"version": "1.0.3-154"
},
"wait-for-port": {
"arch": "amd64",
"digest": "8833550a6f165e2a0f1250cc327d92a3f85b151cb1f49cd0ee4bee0fdf20a21b",
"distro": "debian-11",
"type": "NAMI",
"version": "1.0.3-155"
}
}

3
bitnami/kafka/3.3/debian-11/prebuildfs/opt/bitnami/licenses/licenses.txt Normal file
View File

@ -0,0 +1,3 @@
Bitnami containers ship with software bundles. You can find the licenses under:
/opt/bitnami/nami/COPYING
/opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt

51
bitnami/kafka/3.3/debian-11/prebuildfs/opt/bitnami/scripts/libbitnami.sh Normal file
View File

@ -0,0 +1,51 @@
#!/bin/bash
#
# Bitnami custom library
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
# Constants
BOLD='\033[1m'
# Functions
########################
# Print the welcome page
# Globals:
# DISABLE_WELCOME_MESSAGE
# BITNAMI_APP_NAME
# Arguments:
# None
# Returns:
# None
#########################
print_welcome_page() {
if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then
if [[ -n "$BITNAMI_APP_NAME" ]]; then
print_image_welcome_page
fi
fi
}
########################
# Print the welcome page for a Bitnami Docker image
# Globals:
# BITNAMI_APP_NAME
# Arguments:
# None
# Returns:
# None
#########################
print_image_welcome_page() {
local github_url="https://github.com/bitnami/containers"
log ""
log "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}"
log "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}"
log "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}"
log ""
}

139
bitnami/kafka/3.3/debian-11/prebuildfs/opt/bitnami/scripts/libfile.sh Normal file
View File

@ -0,0 +1,139 @@
#!/bin/bash
#
# Library for managing files
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/libos.sh
# Functions
########################
# Replace a regex-matching string in a file
# Arguments:
# $1 - filename
# $2 - match regex
# $3 - substitute regex
# $4 - use POSIX regex. Default: true
# Returns:
# None
#########################
replace_in_file() {
local filename="${1:?filename is required}"
local match_regex="${2:?match regex is required}"
local substitute_regex="${3:?substitute regex is required}"
local posix_regex=${4:-true}
local result
# We should avoid using 'sed in-place' substitutions
# 1) They are not compatible with files mounted from ConfigMap(s)
# 2) We found incompatibility issues with Debian10 and "in-place" substitutions
local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues
if [[ $posix_regex = true ]]; then
result="$(sed -E "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")"
else
result="$(sed "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")"
fi
echo "$result" > "$filename"
}
########################
# Replace a regex-matching multiline string in a file
# Arguments:
# $1 - filename
# $2 - match regex
# $3 - substitute regex
# Returns:
# None
#########################
replace_in_file_multiline() {
local filename="${1:?filename is required}"
local match_regex="${2:?match regex is required}"
local substitute_regex="${3:?substitute regex is required}"
local result
local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues
result="$(perl -pe "BEGIN{undef $/;} s${del}${match_regex}${del}${substitute_regex}${del}sg" "$filename")"
echo "$result" > "$filename"
}
########################
# Remove a line in a file based on a regex
# Arguments:
# $1 - filename
# $2 - match regex
# $3 - use POSIX regex. Default: true
# Returns:
# None
#########################
remove_in_file() {
local filename="${1:?filename is required}"
local match_regex="${2:?match regex is required}"
local posix_regex=${3:-true}
local result
# We should avoid using 'sed in-place' substitutions
# 1) They are not compatible with files mounted from ConfigMap(s)
# 2) We found incompatibility issues with Debian10 and "in-place" substitutions
if [[ $posix_regex = true ]]; then
result="$(sed -E "/$match_regex/d" "$filename")"
else
result="$(sed "/$match_regex/d" "$filename")"
fi
echo "$result" > "$filename"
}
########################
# Appends text after the last line matching a pattern
# Arguments:
# $1 - file
# $2 - match regex
# $3 - contents to add
# Returns:
# None
#########################
append_file_after_last_match() {
local file="${1:?missing file}"
local match_regex="${2:?missing pattern}"
local value="${3:?missing value}"
# We read the file in reverse, replace the first match (0,/pattern/s) and then reverse the results again
result="$(tac "$file" | sed -E "0,/($match_regex)/s||${value}\n\1|" | tac)"
echo "$result" > "$file"
}
########################
# Wait until certain entry is present in a log file
# Arguments:
# $1 - entry to look for
# $2 - log file
# $3 - max retries. Default: 12
# $4 - sleep between retries (in seconds). Default: 5
# Returns:
# Boolean
#########################
wait_for_log_entry() {
local -r entry="${1:-missing entry}"
local -r log_file="${2:-missing log file}"
local -r retries="${3:-12}"
local -r interval_time="${4:-5}"
local attempt=0
check_log_file_for_entry() {
if ! grep -qE "$entry" "$log_file"; then
debug "Entry \"${entry}\" still not present in ${log_file} (attempt $((++attempt))/${retries})"
return 1
fi
}
debug "Checking that ${log_file} log file contains entry \"${entry}\""
if retry_while check_log_file_for_entry "$retries" "$interval_time"; then
debug "Found entry \"${entry}\" in ${log_file}"
true
else
error "Could not find entry \"${entry}\" in ${log_file} after ${retries} retries"
debug_execute cat "$log_file"
return 1
fi
}

191
bitnami/kafka/3.3/debian-11/prebuildfs/opt/bitnami/scripts/libfs.sh Normal file
View File

@ -0,0 +1,191 @@
#!/bin/bash
#
# Library for file system actions
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
# Functions
########################
# Ensure a file/directory is owned (user and group) but the given user
# Arguments:
# $1 - filepath
# $2 - owner
# Returns:
# None
#########################
owned_by() {
local path="${1:?path is missing}"
local owner="${2:?owner is missing}"
local group="${3:-}"
if [[ -n $group ]]; then
chown "$owner":"$group" "$path"
else
chown "$owner":"$owner" "$path"
fi
}
########################
# Ensure a directory exists and, optionally, is owned by the given user
# Arguments:
# $1 - directory
# $2 - owner
# Returns:
# None
#########################
ensure_dir_exists() {
local dir="${1:?directory is missing}"
local owner_user="${2:-}"
local owner_group="${3:-}"
mkdir -p "${dir}"
if [[ -n $owner_user ]]; then
owned_by "$dir" "$owner_user" "$owner_group"
fi
}
########################
# Checks whether a directory is empty or not
# arguments:
# $1 - directory
# returns:
# boolean
#########################
is_dir_empty() {
local -r path="${1:?missing directory}"
# Calculate real path in order to avoid issues with symlinks
local -r dir="$(realpath "$path")"
if [[ ! -e "$dir" ]] || [[ -z "$(ls -A "$dir")" ]]; then
true
else
false
fi
}
########################
# Checks whether a mounted directory is empty or not
# arguments:
# $1 - directory
# returns:
# boolean
#########################
is_mounted_dir_empty() {
local dir="${1:?missing directory}"
if is_dir_empty "$dir" || find "$dir" -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" -exec false {} +; then
true
else
false
fi
}
########################
# Checks whether a file can be written to or not
# arguments:
# $1 - file
# returns:
# boolean
#########################
is_file_writable() {
local file="${1:?missing file}"
local dir
dir="$(dirname "$file")"
if [[ (-f "$file" && -w "$file") || (! -f "$file" && -d "$dir" && -w "$dir") ]]; then
true
else
false
fi
}
########################
# Relativize a path
# arguments:
# $1 - path
# $2 - base
# returns:
# None
#########################
relativize() {
local -r path="${1:?missing path}"
local -r base="${2:?missing base}"
pushd "$base" >/dev/null || exit
realpath -q --no-symlinks --relative-base="$base" "$path" | sed -e 's|^/$|.|' -e 's|^/||'
popd >/dev/null || exit
}
########################
# Configure permisions and ownership recursively
# Globals:
# None
# Arguments:
# $1 - paths (as a string).
# Flags:
# -f|--file-mode - mode for directories.
# -d|--dir-mode - mode for files.
# -u|--user - user
# -g|--group - group
# Returns:
# None
#########################
configure_permissions_ownership() {
local -r paths="${1:?paths is missing}"
local dir_mode=""
local file_mode=""
local user=""
local group=""
# Validate arguments
shift 1
while [ "$#" -gt 0 ]; do
case "$1" in
-f | --file-mode)
shift
file_mode="${1:?missing mode for files}"
;;
-d | --dir-mode)
shift
dir_mode="${1:?missing mode for directories}"
;;
-u | --user)
shift
user="${1:?missing user}"
;;
-g | --group)
shift
group="${1:?missing group}"
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
read -r -a filepaths <<<"$paths"
for p in "${filepaths[@]}"; do
if [[ -e "$p" ]]; then
find -L "$p" -printf ""
if [[ -n $dir_mode ]]; then
find -L "$p" -type d ! -perm "$dir_mode" -print0 | xargs -r -0 chmod "$dir_mode"
fi
if [[ -n $file_mode ]]; then
find -L "$p" -type f ! -perm "$file_mode" -print0 | xargs -r -0 chmod "$file_mode"
fi
if [[ -n $user ]] && [[ -n $group ]]; then
find -L "$p" -print0 | xargs -r -0 chown "${user}:${group}"
elif [[ -n $user ]] && [[ -z $group ]]; then
find -L "$p" -print0 | xargs -r -0 chown "${user}"
elif [[ -z $user ]] && [[ -n $group ]]; then
find -L "$p" -print0 | xargs -r -0 chgrp "${group}"
fi
else
stderr_print "$p does not exist"
fi
done
}

16
bitnami/kafka/3.3/debian-11/prebuildfs/opt/bitnami/scripts/libhook.sh Normal file
View File

@ -0,0 +1,16 @@
#!/bin/bash
#
# Library to use for scripts expected to be used as Kubernetes lifecycle hooks
# shellcheck disable=SC1091
# Load generic libraries
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libos.sh
# Override functions that log to stdout/stderr of the current process, so they print to process 1
for function_to_override in stderr_print debug_execute; do
# Output is sent to output of process 1 and thus end up in the container log
# The hook output in general isn't saved
eval "$(declare -f "$function_to_override") >/proc/1/fd/1 2>/proc/1/fd/2"
done

112
bitnami/kafka/3.3/debian-11/prebuildfs/opt/bitnami/scripts/liblog.sh Normal file
View File

@ -0,0 +1,112 @@
#!/bin/bash
#
# Library for logging functions
# Constants
RESET='\033[0m'
RED='\033[38;5;1m'
GREEN='\033[38;5;2m'
YELLOW='\033[38;5;3m'
MAGENTA='\033[38;5;5m'
CYAN='\033[38;5;6m'
# Functions
########################
# Print to STDERR
# Arguments:
# Message to print
# Returns:
# None
#########################
stderr_print() {
# 'is_boolean_yes' is defined in libvalidations.sh, but depends on this file so we cannot source it
local bool="${BITNAMI_QUIET:-false}"
# comparison is performed without regard to the case of alphabetic characters
shopt -s nocasematch
if ! [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then
printf "%b\\n" "${*}" >&2
fi
}
########################
# Log message
# Arguments:
# Message to log
# Returns:
# None
#########################
log() {
stderr_print "${CYAN}${MODULE:-} ${MAGENTA}$(date "+%T.%2N ")${RESET}${*}"
}
########################
# Log an 'info' message
# Arguments:
# Message to log
# Returns:
# None
#########################
info() {
log "${GREEN}INFO ${RESET} ==> ${*}"
}
########################
# Log message
# Arguments:
# Message to log
# Returns:
# None
#########################
warn() {
log "${YELLOW}WARN ${RESET} ==> ${*}"
}
########################
# Log an 'error' message
# Arguments:
# Message to log
# Returns:
# None
#########################
error() {
log "${RED}ERROR${RESET} ==> ${*}"
}
########################
# Log a 'debug' message
# Globals:
# BITNAMI_DEBUG
# Arguments:
# None
# Returns:
# None
#########################
debug() {
# 'is_boolean_yes' is defined in libvalidations.sh, but depends on this file so we cannot source it
local bool="${BITNAMI_DEBUG:-false}"
# comparison is performed without regard to the case of alphabetic characters
shopt -s nocasematch
if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then
log "${MAGENTA}DEBUG${RESET} ==> ${*}"
fi
}
########################
# Indent a string
# Arguments:
# $1 - string
# $2 - number of indentation characters (default: 4)
# $3 - indentation character (default: " ")
# Returns:
# None
#########################
indent() {
local string="${1:-}"
local num="${2:?missing num}"
local char="${3:-" "}"
# Build the indentation unit string
local indent_unit=""
for ((i = 0; i < num; i++)); do
indent_unit="${indent_unit}${char}"
done
# shellcheck disable=SC2001
# Complex regex, see https://github.com/koalaman/shellcheck/wiki/SC2001#exceptions
echo "$string" | sed "s/^/${indent_unit}/"
}

163
bitnami/kafka/3.3/debian-11/prebuildfs/opt/bitnami/scripts/libnet.sh Normal file
View File

@ -0,0 +1,163 @@
#!/bin/bash
#
# Library for network functions
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
# Functions
########################
# Resolve IP address for a host/domain (i.e. DNS lookup)
# Arguments:
# $1 - Hostname to resolve
# $2 - IP address version (v4, v6), leave empty for resolving to any version
# Returns:
# IP
#########################
dns_lookup() {
local host="${1:?host is missing}"
local ip_version="${2:-}"
getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1
}
#########################
# Wait for a hostname and return the IP
# Arguments:
# $1 - hostname
# $2 - number of retries
# $3 - seconds to wait between retries
# Returns:
# - IP address that corresponds to the hostname
#########################
wait_for_dns_lookup() {
local hostname="${1:?hostname is missing}"
local retries="${2:-5}"
local seconds="${3:-1}"
check_host() {
if [[ $(dns_lookup "$hostname") == "" ]]; then
false
else
true
fi
}
# Wait for the host to be ready
retry_while "check_host ${hostname}" "$retries" "$seconds"
dns_lookup "$hostname"
}
########################
# Get machine's IP
# Arguments:
# None
# Returns:
# Machine IP
#########################
get_machine_ip() {
local -a ip_addresses
local hostname
hostname="$(hostname)"
read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)"
if [[ "${#ip_addresses[@]}" -gt 1 ]]; then
warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}"
elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then
error "Could not find any IP address associated to hostname ${hostname}"
exit 1
fi
echo "${ip_addresses[0]}"
}
########################
# Check if the provided argument is a resolved hostname
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_hostname_resolved() {
local -r host="${1:?missing value}"
if [[ -n "$(dns_lookup "$host")" ]]; then
true
else
false
fi
}
########################
# Parse URL
# Globals:
# None
# Arguments:
# $1 - uri - String
# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String
# Returns:
# String
parse_uri() {
local uri="${1:?uri is missing}"
local component="${2:?component is missing}"
# Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with
# additional sub-expressions to split authority into userinfo, host and port
# Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969)
local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?'
# || | ||| | | | | | | | | |
# |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment
# 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #...
# | 4 authority
# 3 //...
local index=0
case "$component" in
scheme)
index=2
;;
authority)
index=4
;;
userinfo)
index=6
;;
host)
index=7
;;
port)
index=9
;;
path)
index=10
;;
query)
index=13
;;
fragment)
index=14
;;
*)
stderr_print "unrecognized component $component"
return 1
;;
esac
[[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}"
}
########################
# Wait for a HTTP connection to succeed
# Globals:
# *
# Arguments:
# $1 - URL to wait for
# $2 - Maximum amount of retries (optional)
# $3 - Time between retries (optional)
# Returns:
# true if the HTTP connection succeeded, false otherwise
#########################
wait_for_http_connection() {
local url="${1:?missing url}"
local retries="${2:-}"
local sleep_time="${3:-}"
if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then
error "Could not connect to ${url}"
return 1
fi
}

555
bitnami/kafka/3.3/debian-11/prebuildfs/opt/bitnami/scripts/libos.sh Normal file
View File

@ -0,0 +1,555 @@
#!/bin/bash
#
# Library for operating system actions
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libfs.sh
. /opt/bitnami/scripts/libvalidations.sh
# Functions
########################
# Check if an user exists in the system
# Arguments:
# $1 - user
# Returns:
# Boolean
#########################
user_exists() {
local user="${1:?user is missing}"
id "$user" >/dev/null 2>&1
}
########################
# Check if a group exists in the system
# Arguments:
# $1 - group
# Returns:
# Boolean
#########################
group_exists() {
local group="${1:?group is missing}"
getent group "$group" >/dev/null 2>&1
}
########################
# Create a group in the system if it does not exist already
# Arguments:
# $1 - group
# Flags:
# -i|--gid - the ID for the new group
# -s|--system - Whether to create new user as system user (uid <= 999)
# Returns:
# None
#########################
ensure_group_exists() {
local group="${1:?group is missing}"
local gid=""
local is_system_user=false
# Validate arguments
shift 1
while [ "$#" -gt 0 ]; do
case "$1" in
-i | --gid)
shift
gid="${1:?missing gid}"
;;
-s | --system)
is_system_user=true
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
if ! group_exists "$group"; then
local -a args=("$group")
if [[ -n "$gid" ]]; then
if group_exists "$gid"; then
error "The GID $gid is already in use." >&2
return 1
fi
args+=("--gid" "$gid")
fi
$is_system_user && args+=("--system")
groupadd "${args[@]}" >/dev/null 2>&1
fi
}
########################
# Create an user in the system if it does not exist already
# Arguments:
# $1 - user
# Flags:
# -i|--uid - the ID for the new user
# -g|--group - the group the new user should belong to
# -a|--append-groups - comma-separated list of supplemental groups to append to the new user
# -h|--home - the home directory for the new user
# -s|--system - whether to create new user as system user (uid <= 999)
# Returns:
# None
#########################
ensure_user_exists() {
local user="${1:?user is missing}"
local uid=""
local group=""
local append_groups=""
local home=""
local is_system_user=false
# Validate arguments
shift 1
while [ "$#" -gt 0 ]; do
case "$1" in
-i | --uid)
shift
uid="${1:?missing uid}"
;;
-g | --group)
shift
group="${1:?missing group}"
;;
-a | --append-groups)
shift
append_groups="${1:?missing append_groups}"
;;
-h | --home)
shift
home="${1:?missing home directory}"
;;
-s | --system)
is_system_user=true
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
if ! user_exists "$user"; then
local -a user_args=("-N" "$user")
if [[ -n "$uid" ]]; then
if user_exists "$uid"; then
error "The UID $uid is already in use."
return 1
fi
user_args+=("--uid" "$uid")
else
$is_system_user && user_args+=("--system")
fi
useradd "${user_args[@]}" >/dev/null 2>&1
fi
if [[ -n "$group" ]]; then
local -a group_args=("$group")
$is_system_user && group_args+=("--system")
ensure_group_exists "${group_args[@]}"
usermod -g "$group" "$user" >/dev/null 2>&1
fi
if [[ -n "$append_groups" ]]; then
local -a groups
read -ra groups <<<"$(tr ',;' ' ' <<<"$append_groups")"
for group in "${groups[@]}"; do
ensure_group_exists "$group"
usermod -aG "$group" "$user" >/dev/null 2>&1
done
fi
if [[ -n "$home" ]]; then
mkdir -p "$home"
usermod -d "$home" "$user" >/dev/null 2>&1
configure_permissions_ownership "$home" -d "775" -f "664" -u "$user" -g "$group"
fi
}
########################
# Check if the script is currently running as root
# Arguments:
# $1 - user
# $2 - group
# Returns:
# Boolean
#########################
am_i_root() {
if [[ "$(id -u)" = "0" ]]; then
true
else
false
fi
}
########################
# Print OS metadata
# Arguments:
# $1 - Flag name
# Flags:
# --id - Distro ID
# --version - Distro version
# --branch - Distro branch
# --codename - Distro codename
# --name - Distro name
# --pretty-name - Distro pretty name
# Returns:
# String
#########################
get_os_metadata() {
local -r flag_name="${1:?missing flag}"
# Helper function
get_os_release_metadata() {
local -r env_name="${1:?missing environment variable name}"
(
. /etc/os-release
echo "${!env_name}"
)
}
case "$flag_name" in
--id)
get_os_release_metadata ID
;;
--version)
get_os_release_metadata VERSION_ID
;;
--branch)
get_os_release_metadata VERSION_ID | sed 's/\..*//'
;;
--codename)
get_os_release_metadata VERSION_CODENAME
;;
--name)
get_os_release_metadata NAME
;;
--pretty-name)
get_os_release_metadata PRETTY_NAME
;;
*)
error "Unknown flag ${flag_name}"
return 1
;;
esac
}
########################
# Get total memory available
# Arguments:
# None
# Returns:
# Memory in bytes
#########################
get_total_memory() {
echo $(($(grep MemTotal /proc/meminfo | awk '{print $2}') / 1024))
}
########################
# Get machine size depending on specified memory
# Globals:
# None
# Arguments:
# None
# Flags:
# --memory - memory size (optional)
# Returns:
# Detected instance size
#########################
get_machine_size() {
local memory=""
# Validate arguments
while [[ "$#" -gt 0 ]]; do
case "$1" in
--memory)
shift
memory="${1:?missing memory}"
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
if [[ -z "$memory" ]]; then
debug "Memory was not specified, detecting available memory automatically"
memory="$(get_total_memory)"
fi
sanitized_memory=$(convert_to_mb "$memory")
if [[ "$sanitized_memory" -gt 26000 ]]; then
echo 2xlarge
elif [[ "$sanitized_memory" -gt 13000 ]]; then
echo xlarge
elif [[ "$sanitized_memory" -gt 6000 ]]; then
echo large
elif [[ "$sanitized_memory" -gt 3000 ]]; then
echo medium
elif [[ "$sanitized_memory" -gt 1500 ]]; then
echo small
else
echo micro
fi
}
########################
# Get machine size depending on specified memory
# Globals:
# None
# Arguments:
# $1 - memory size (optional)
# Returns:
# Detected instance size
#########################
get_supported_machine_sizes() {
echo micro small medium large xlarge 2xlarge
}
########################
# Convert memory size from string to amount of megabytes (i.e. 2G -> 2048)
# Globals:
# None
# Arguments:
# $1 - memory size
# Returns:
# Result of the conversion
#########################
convert_to_mb() {
local amount="${1:-}"
if [[ $amount =~ ^([0-9]+)(m|M|g|G) ]]; then
size="${BASH_REMATCH[1]}"
unit="${BASH_REMATCH[2]}"
if [[ "$unit" = "g" || "$unit" = "G" ]]; then
amount="$((size * 1024))"
else
amount="$size"
fi
fi
echo "$amount"
}
#########################
# Redirects output to /dev/null if debug mode is disabled
# Globals:
# BITNAMI_DEBUG
# Arguments:
# $@ - Command to execute
# Returns:
# None
#########################
debug_execute() {
if is_boolean_yes "${BITNAMI_DEBUG:-false}"; then
"$@"
else
"$@" >/dev/null 2>&1
fi
}
########################
# Retries a command a given number of times
# Arguments:
# $1 - cmd (as a string)
# $2 - max retries. Default: 12
# $3 - sleep between retries (in seconds). Default: 5
# Returns:
# Boolean
#########################
retry_while() {
local cmd="${1:?cmd is missing}"
local retries="${2:-12}"
local sleep_time="${3:-5}"
local return_value=1
read -r -a command <<<"$cmd"
for ((i = 1; i <= retries; i += 1)); do
"${command[@]}" && return_value=0 && break
sleep "$sleep_time"
done
return $return_value
}
########################
# Generate a random string
# Arguments:
# -t|--type - String type (ascii, alphanumeric, numeric), defaults to ascii
# -c|--count - Number of characters, defaults to 32
# Arguments:
# None
# Returns:
# None
# Returns:
# String
#########################
generate_random_string() {
local type="ascii"
local count="32"
local filter
local result
# Validate arguments
while [[ "$#" -gt 0 ]]; do
case "$1" in
-t | --type)
shift
type="$1"
;;
-c | --count)
shift
count="$1"
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
# Validate type
case "$type" in
ascii)
filter="[:print:]"
;;
alphanumeric)
filter="a-zA-Z0-9"
;;
numeric)
filter="0-9"
;;
*)
echo "Invalid type ${type}" >&2
return 1
;;
esac
# Obtain count + 10 lines from /dev/urandom to ensure that the resulting string has the expected size
# Note there is a very small chance of strings starting with EOL character
# Therefore, the higher amount of lines read, this will happen less frequently
result="$(head -n "$((count + 10))" /dev/urandom | tr -dc "$filter" | head -c "$count")"
echo "$result"
}
########################
# Create md5 hash from a string
# Arguments:
# $1 - string
# Returns:
# md5 hash - string
#########################
generate_md5_hash() {
local -r str="${1:?missing input string}"
echo -n "$str" | md5sum | awk '{print $1}'
}
########################
# Create sha1 hash from a string
# Arguments:
# $1 - string
# $2 - algorithm - 1 (default), 224, 256, 384, 512
# Returns:
# sha1 hash - string
#########################
generate_sha_hash() {
local -r str="${1:?missing input string}"
local -r algorithm="${2:-1}"
echo -n "$str" | "sha${algorithm}sum" | awk '{print $1}'
}
########################
# Converts a string to its hexadecimal representation
# Arguments:
# $1 - string
# Returns:
# hexadecimal representation of the string
#########################
convert_to_hex() {
local -r str=${1:?missing input string}
local -i iterator
local char
for ((iterator = 0; iterator < ${#str}; iterator++)); do
char=${str:iterator:1}
printf '%x' "'${char}"
done
}
########################
# Get boot time
# Globals:
# None
# Arguments:
# None
# Returns:
# Boot time metadata
#########################
get_boot_time() {
stat /proc --format=%Y
}
########################
# Get machine ID
# Globals:
# None
# Arguments:
# None
# Returns:
# Machine ID
#########################
get_machine_id() {
local machine_id
if [[ -f /etc/machine-id ]]; then
machine_id="$(cat /etc/machine-id)"
fi
if [[ -z "$machine_id" ]]; then
# Fallback to the boot-time, which will at least ensure a unique ID in the current session
machine_id="$(get_boot_time)"
fi
echo "$machine_id"
}
########################
# Get the root partition's disk device ID (e.g. /dev/sda1)
# Globals:
# None
# Arguments:
# None
# Returns:
# Root partition disk ID
#########################
get_disk_device_id() {
local device_id=""
if grep -q ^/dev /proc/mounts; then
device_id="$(grep -q ^/dev /proc/mounts | awk '$2 == "/" { print $1 }' | tail -1)"
fi
# If it could not be autodetected, fallback to /dev/sda1 as a default
if [[ -z "$device_id" || ! -b "$device_id" ]]; then
device_id="/dev/sda1"
fi
echo "$device_id"
}
########################
# Get the root disk device ID (e.g. /dev/sda)
# Globals:
# None
# Arguments:
# None
# Returns:
# Root disk ID
#########################
get_root_disk_device_id() {
get_disk_device_id | sed 's/[0-9]\+$//'
}
########################
# Get the root disk size in bytes
# Globals:
# None
# Arguments:
# None
# Returns:
# Root disk size in bytes
#########################
get_root_disk_size() {
fdisk -l "$(get_root_disk_device_id)" | grep 'Disk.*bytes' | sed -E 's/.*, ([0-9]+) bytes,.*/\1/' || true
}

122
bitnami/kafka/3.3/debian-11/prebuildfs/opt/bitnami/scripts/libpersistence.sh Normal file
View File

@ -0,0 +1,122 @@
#!/bin/bash
#
# Bitnami persistence library
# Used for bringing persistence capabilities to applications that don't have clear separation of data and logic
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/libfs.sh
. /opt/bitnami/scripts/libos.sh
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libversion.sh
# Functions
########################
# Persist an application directory
# Globals:
# BITNAMI_ROOT_DIR
# BITNAMI_VOLUME_DIR
# Arguments:
# $1 - App folder name
# $2 - List of app files to persist
# Returns:
# true if all steps succeeded, false otherwise
#########################
persist_app() {
local -r app="${1:?missing app}"
local -a files_to_restore
read -r -a files_to_persist <<< "$(tr ',;:' ' ' <<< "$2")"
local -r install_dir="${BITNAMI_ROOT_DIR}/${app}"
local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}"
# Persist the individual files
if [[ "${#files_to_persist[@]}" -le 0 ]]; then
warn "No files are configured to be persisted"
return
fi
pushd "$install_dir" >/dev/null || exit
local file_to_persist_relative file_to_persist_destination file_to_persist_destination_folder
local -r tmp_file="/tmp/perms.acl"
for file_to_persist in "${files_to_persist[@]}"; do
if [[ ! -f "$file_to_persist" && ! -d "$file_to_persist" ]]; then
error "Cannot persist '${file_to_persist}' because it does not exist"
return 1
fi
file_to_persist_relative="$(relativize "$file_to_persist" "$install_dir")"
file_to_persist_destination="${persist_dir}/${file_to_persist_relative}"
file_to_persist_destination_folder="$(dirname "$file_to_persist_destination")"
# Get original permissions for existing files, which will be applied later
# Exclude the root directory with 'sed', to avoid issues when copying the entirety of it to a volume
getfacl -R "$file_to_persist_relative" | sed -E '/# file: (\..+|[^.])/,$!d' > "$tmp_file"
# Copy directories to the volume
ensure_dir_exists "$file_to_persist_destination_folder"
cp -Lr --preserve=links "$file_to_persist_relative" "$file_to_persist_destination_folder"
# Restore permissions
pushd "$persist_dir" >/dev/null || exit
if am_i_root; then
setfacl --restore="$tmp_file"
else
# When running as non-root, don't change ownership
setfacl --restore=<(grep -E -v '^# (owner|group):' "$tmp_file")
fi
popd >/dev/null || exit
done
popd >/dev/null || exit
rm -f "$tmp_file"
# Install the persisted files into the installation directory, via symlinks
restore_persisted_app "$@"
}
########################
# Restore a persisted application directory
# Globals:
# BITNAMI_ROOT_DIR
# BITNAMI_VOLUME_DIR
# FORCE_MAJOR_UPGRADE
# Arguments:
# $1 - App folder name
# $2 - List of app files to restore
# Returns:
# true if all steps succeeded, false otherwise
#########################
restore_persisted_app() {
local -r app="${1:?missing app}"
local -a files_to_restore
read -r -a files_to_restore <<< "$(tr ',;:' ' ' <<< "$2")"
local -r install_dir="${BITNAMI_ROOT_DIR}/${app}"
local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}"
# Restore the individual persisted files
if [[ "${#files_to_restore[@]}" -le 0 ]]; then
warn "No persisted files are configured to be restored"
return
fi
local file_to_restore_relative file_to_restore_origin file_to_restore_destination
for file_to_restore in "${files_to_restore[@]}"; do
file_to_restore_relative="$(relativize "$file_to_restore" "$install_dir")"
# We use 'realpath --no-symlinks' to ensure that the case of '.' is covered and the directory is removed
file_to_restore_origin="$(realpath --no-symlinks "${install_dir}/${file_to_restore_relative}")"
file_to_restore_destination="$(realpath --no-symlinks "${persist_dir}/${file_to_restore_relative}")"
rm -rf "$file_to_restore_origin"
ln -sfn "$file_to_restore_destination" "$file_to_restore_origin"
done
}
########################
# Check if an application directory was already persisted
# Globals:
# BITNAMI_VOLUME_DIR
# Arguments:
# $1 - App folder name
# Returns:
# true if all steps succeeded, false otherwise
#########################
is_app_initialized() {
local -r app="${1:?missing app}"
local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}"
if ! is_mounted_dir_empty "$persist_dir"; then
true
else
false
fi
}

410
bitnami/kafka/3.3/debian-11/prebuildfs/opt/bitnami/scripts/libservice.sh Normal file
View File

@ -0,0 +1,410 @@
#!/bin/bash
#
# Library for managing services
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/libvalidations.sh
. /opt/bitnami/scripts/liblog.sh
# Functions
########################
# Read the provided pid file and returns a PID
# Arguments:
# $1 - Pid file
# Returns:
# PID
#########################
get_pid_from_file() {
local pid_file="${1:?pid file is missing}"
if [[ -f "$pid_file" ]]; then
if [[ -n "$(< "$pid_file")" ]] && [[ "$(< "$pid_file")" -gt 0 ]]; then
echo "$(< "$pid_file")"
fi
fi
}
########################
# Check if a provided PID corresponds to a running service
# Arguments:
# $1 - PID
# Returns:
# Boolean
#########################
is_service_running() {
local pid="${1:?pid is missing}"
kill -0 "$pid" 2>/dev/null
}
########################
# Stop a service by sending a termination signal to its pid
# Arguments:
# $1 - Pid file
# $2 - Signal number (optional)
# Returns:
# None
#########################
stop_service_using_pid() {
local pid_file="${1:?pid file is missing}"
local signal="${2:-}"
local pid
pid="$(get_pid_from_file "$pid_file")"
[[ -z "$pid" ]] || ! is_service_running "$pid" && return
if [[ -n "$signal" ]]; then
kill "-${signal}" "$pid"
else
kill "$pid"
fi
local counter=10
while [[ "$counter" -ne 0 ]] && is_service_running "$pid"; do
sleep 1
counter=$((counter - 1))
done
}
########################
# Start cron daemon
# Arguments:
# None
# Returns:
# true if started correctly, false otherwise
#########################
cron_start() {
if [[ -x "/usr/sbin/cron" ]]; then
/usr/sbin/cron
elif [[ -x "/usr/sbin/crond" ]]; then
/usr/sbin/crond
else
false
fi
}
########################
# Generate a cron configuration file for a given service
# Arguments:
# $1 - Service name
# $2 - Command
# Flags:
# --run-as - User to run as (default: root)
# --schedule - Cron schedule configuration (default: * * * * *)
# Returns:
# None
#########################
generate_cron_conf() {
local service_name="${1:?service name is missing}"
local cmd="${2:?command is missing}"
local run_as="root"
local schedule="* * * * *"
local clean="true"
local clean="true"
# Parse optional CLI flags
shift 2
while [[ "$#" -gt 0 ]]; do
case "$1" in
--run-as)
shift
run_as="$1"
;;
--schedule)
shift
schedule="$1"
;;
--no-clean)
clean="false"
;;
*)
echo "Invalid command line flag ${1}" >&2
return 1
;;
esac
shift
done
mkdir -p /etc/cron.d
if "$clean"; then
echo "${schedule} ${run_as} ${cmd}" > /etc/cron.d/"$service_name"
else
echo "${schedule} ${run_as} ${cmd}" >> /etc/cron.d/"$service_name"
fi
}
########################
# Remove a cron configuration file for a given service
# Arguments:
# $1 - Service name
# Returns:
# None
#########################
remove_cron_conf() {
local service_name="${1:?service name is missing}"
local cron_conf_dir="/etc/monit/conf.d"
rm -f "${cron_conf_dir}/${service_name}"
}
########################
# Generate a monit configuration file for a given service
# Arguments:
# $1 - Service name
# $2 - Pid file
# $3 - Start command
# $4 - Stop command
# Flags:
# --disable - Whether to disable the monit configuration
# Returns:
# None
#########################
generate_monit_conf() {
local service_name="${1:?service name is missing}"
local pid_file="${2:?pid file is missing}"
local start_command="${3:?start command is missing}"
local stop_command="${4:?stop command is missing}"
local monit_conf_dir="/etc/monit/conf.d"
local disabled="no"
# Parse optional CLI flags
shift 4
while [[ "$#" -gt 0 ]]; do
case "$1" in
--disable)
disabled="yes"
;;
*)
echo "Invalid command line flag ${1}" >&2
return 1
;;
esac
shift
done
is_boolean_yes "$disabled" && conf_suffix=".disabled"
mkdir -p "$monit_conf_dir"
cat >"${monit_conf_dir}/${service_name}.conf${conf_suffix:-}" <<EOF
check process ${service_name}
with pidfile "${pid_file}"
start program = "${start_command}" with timeout 90 seconds
stop program = "${stop_command}" with timeout 90 seconds
EOF
}
########################
# Remove a monit configuration file for a given service
# Arguments:
# $1 - Service name
# Returns:
# None
#########################
remove_monit_conf() {
local service_name="${1:?service name is missing}"
local monit_conf_dir="/etc/monit/conf.d"
rm -f "${monit_conf_dir}/${service_name}.conf"
}
########################
# Generate a logrotate configuration file
# Arguments:
# $1 - Service name
# $2 - Log files pattern
# Flags:
# --period - Period
# --rotations - Number of rotations to store
# --extra - Extra options (Optional)
# Returns:
# None
#########################
generate_logrotate_conf() {
local service_name="${1:?service name is missing}"
local log_path="${2:?log path is missing}"
local period="weekly"
local rotations="150"
local extra=""
local logrotate_conf_dir="/etc/logrotate.d"
local var_name
# Parse optional CLI flags
shift 2
while [[ "$#" -gt 0 ]]; do
case "$1" in
--period|--rotations|--extra)
var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")"
shift
declare "$var_name"="${1:?"$var_name" is missing}"
;;
*)
echo "Invalid command line flag ${1}" >&2
return 1
;;
esac
shift
done
mkdir -p "$logrotate_conf_dir"
cat <<EOF | sed '/^\s*$/d' >"${logrotate_conf_dir}/${service_name}"
${log_path} {
${period}
rotate ${rotations}
dateext
compress
copytruncate
missingok
$(indent "$extra" 2)
}
EOF
}
########################
# Remove a logrotate configuration file
# Arguments:
# $1 - Service name
# Returns:
# None
#########################
remove_logrotate_conf() {
local service_name="${1:?service name is missing}"
local logrotate_conf_dir="/etc/logrotate.d"
rm -f "${logrotate_conf_dir}/${service_name}"
}
########################
# Generate a Systemd configuration file
# Arguments:
# $1 - Service name
# Flags:
# --exec-start - Start command (required)
# --exec-stop - Stop command (optional)
# --exec-reload - Reload command (optional)
# --name - Service full name (e.g. Apache HTTP Server, defaults to $1)
# --restart - When to restart the Systemd service after being stopped (defaults to always)
# --pid-file - Service PID file (required when --restart is set to always)
# --type - Systemd unit type (defaults to forking)
# --user - System user to start the service with
# --group - System group to start the service with
# --environment - Environment variable to define (multiple --environment options may be passed)
# Returns:
# None
#########################
generate_systemd_conf() {
local -r service_name="${1:?service name is missing}"
local -r systemd_units_dir="/etc/systemd/system"
local -r service_file="${systemd_units_dir}/bitnami.${service_name}.service"
# Default values
local name="$service_name"
local type="forking"
local user=""
local group=""
local environment=""
local exec_start=""
local exec_stop=""
local exec_reload=""
local restart="always"
local pid_file=""
# Parse CLI flags
shift
while [[ "$#" -gt 0 ]]; do
case "$1" in
--name \
| --type \
| --user \
| --group \
| --exec-start \
| --exec-stop \
| --exec-reload \
| --restart \
| --pid-file \
)
var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")"
shift
declare "$var_name"="${1:?"$var_name" is missing}"
;;
--environment)
shift
# It is possible to add multiple environment lines
[[ -n "$environment" ]] && environment+=$'\n'
environment+="Environment=${1:?"environment" is missing}"
;;
*)
echo "Invalid command line flag ${1}" >&2
return 1
;;
esac
shift
done
# Validate inputs
local error="no"
if [[ -z "$exec_start" ]]; then
error "The --exec-start option is required"
error="yes"
fi
if [[ "$restart" = "always" && -z "$pid_file" ]]; then
error "The --restart option cannot be set to 'always' if --pid-file is not set"
error="yes"
fi
if [[ "$error" != "no" ]]; then
return 1
fi
# Generate the Systemd unit
cat > "$service_file" <<EOF
[Unit]
Description=Bitnami service for ${name}
# Starting/stopping the main bitnami service should cause the same effect for this service
PartOf=bitnami.service
[Service]
Type=${type}
ExecStart=${exec_start}
EOF
# Optional stop and reload commands
if [[ -n "$exec_stop" ]]; then
cat >> "$service_file" <<EOF
ExecStop=${exec_stop}
EOF
fi
if [[ -n "$exec_reload" ]]; then
cat >> "$service_file" <<EOF
ExecReload=${exec_reload}
EOF
fi
# User and group
if [[ -n "$user" ]]; then
cat >> "$service_file" <<EOF
User=${user}
EOF
fi
if [[ -n "$group" ]]; then
cat >> "$service_file" <<EOF
Group=${group}
EOF
fi
# PID file allows to determine if the main process is running properly (for Restart=always)
if [[ -n "$pid_file" ]]; then
cat >> "$service_file" <<EOF
PIDFile=${pid_file}
EOF
fi
# Environment flags (may be specified multiple times in a unit)
if [[ -n "$environment" ]]; then
cat >> "$service_file" <<< "$environment"
fi
cat >> "$service_file" <<EOF
Restart=${restart}
# Optimizations
TimeoutSec=5min
IgnoreSIGPIPE=no
KillMode=mixed
# Limits
LimitNOFILE=infinity
# Configure output to appear in instance console output
StandardOutput=journal+console
[Install]
# Enabling/disabling the main bitnami service should cause the same effect for this service
WantedBy=bitnami.service
EOF
}

264
bitnami/kafka/3.3/debian-11/prebuildfs/opt/bitnami/scripts/libvalidations.sh Normal file
View File

@ -0,0 +1,264 @@
#!/bin/bash
#
# Validation functions library
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
# Functions
########################
# Check if the provided argument is an integer
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_int() {
local -r int="${1:?missing value}"
if [[ "$int" =~ ^-?[0-9]+ ]]; then
true
else
false
fi
}
########################
# Check if the provided argument is a positive integer
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_positive_int() {
local -r int="${1:?missing value}"
if is_int "$int" && (( "${int}" >= 0 )); then
true
else
false
fi
}
########################
# Check if the provided argument is a boolean or is the string 'yes/true'
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_boolean_yes() {
local -r bool="${1:-}"
# comparison is performed without regard to the case of alphabetic characters
shopt -s nocasematch
if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then
true
else
false
fi
}
########################
# Check if the provided argument is a boolean yes/no value
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_yes_no_value() {
local -r bool="${1:-}"
if [[ "$bool" =~ ^(yes|no)$ ]]; then
true
else
false
fi
}
########################
# Check if the provided argument is a boolean true/false value
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_true_false_value() {
local -r bool="${1:-}"
if [[ "$bool" =~ ^(true|false)$ ]]; then
true
else
false
fi
}
########################
# Check if the provided argument is a boolean 1/0 value
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_1_0_value() {
local -r bool="${1:-}"
if [[ "$bool" =~ ^[10]$ ]]; then
true
else
false
fi
}
########################
# Check if the provided argument is an empty string or not defined
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_empty_value() {
local -r val="${1:-}"
if [[ -z "$val" ]]; then
true
else
false
fi
}
########################
# Validate if the provided argument is a valid port
# Arguments:
# $1 - Port to validate
# Returns:
# Boolean and error message
#########################
validate_port() {
local value
local unprivileged=0
# Parse flags
while [[ "$#" -gt 0 ]]; do
case "$1" in
-unprivileged)
unprivileged=1
;;
--)
shift
break
;;
-*)
stderr_print "unrecognized flag $1"
return 1
;;
*)
break
;;
esac
shift
done
if [[ "$#" -gt 1 ]]; then
echo "too many arguments provided"
return 2
elif [[ "$#" -eq 0 ]]; then
stderr_print "missing port argument"
return 1
else
value=$1
fi
if [[ -z "$value" ]]; then
echo "the value is empty"
return 1
else
if ! is_int "$value"; then
echo "value is not an integer"
return 2
elif [[ "$value" -lt 0 ]]; then
echo "negative value provided"
return 2
elif [[ "$value" -gt 65535 ]]; then
echo "requested port is greater than 65535"
return 2
elif [[ "$unprivileged" = 1 && "$value" -lt 1024 ]]; then
echo "privileged port requested"
return 3
fi
fi
}
########################
# Validate if the provided argument is a valid IPv4 address
# Arguments:
# $1 - IP to validate
# Returns:
# Boolean
#########################
validate_ipv4() {
local ip="${1:?ip is missing}"
local stat=1
if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
read -r -a ip_array <<< "$(tr '.' ' ' <<< "$ip")"
[[ ${ip_array[0]} -le 255 && ${ip_array[1]} -le 255 \
&& ${ip_array[2]} -le 255 && ${ip_array[3]} -le 255 ]]
stat=$?
fi
return $stat
}
########################
# Validate a string format
# Arguments:
# $1 - String to validate
# Returns:
# Boolean
#########################
validate_string() {
local string
local min_length=-1
local max_length=-1
# Parse flags
while [ "$#" -gt 0 ]; do
case "$1" in
-min-length)
shift
min_length=${1:-}
;;
-max-length)
shift
max_length=${1:-}
;;
--)
shift
break
;;
-*)
stderr_print "unrecognized flag $1"
return 1
;;
*)
break
;;
esac
shift
done
if [ "$#" -gt 1 ]; then
stderr_print "too many arguments provided"
return 2
elif [ "$#" -eq 0 ]; then
stderr_print "missing string"
return 1
else
string=$1
fi
if [[ "$min_length" -ge 0 ]] && [[ "${#string}" -lt "$min_length" ]]; then
echo "string length is less than $min_length"
return 1
fi
if [[ "$max_length" -ge 0 ]] && [[ "${#string}" -gt "$max_length" ]]; then
echo "string length is great than $max_length"
return 1
fi
}

49
bitnami/kafka/3.3/debian-11/prebuildfs/opt/bitnami/scripts/libversion.sh Normal file
View File

@ -0,0 +1,49 @@
#!/bin/bash
#
# Library for managing versions strings
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
# Functions
########################
# Gets semantic version
# Arguments:
# $1 - version: string to extract major.minor.patch
# $2 - section: 1 to extract major, 2 to extract minor, 3 to extract patch
# Returns:
# array with the major, minor and release
#########################
get_sematic_version () {
local version="${1:?version is required}"
local section="${2:?section is required}"
local -a version_sections
#Regex to parse versions: x.y.z
local -r regex='([0-9]+)(\.([0-9]+)(\.([0-9]+))?)?'
if [[ "$version" =~ $regex ]]; then
local i=1
local j=1
local n=${#BASH_REMATCH[*]}
while [[ $i -lt $n ]]; do
if [[ -n "${BASH_REMATCH[$i]}" ]] && [[ "${BASH_REMATCH[$i]:0:1}" != '.' ]]; then
version_sections[$j]=${BASH_REMATCH[$i]}
((j++))
fi
((i++))
done
local number_regex='^[0-9]+$'
if [[ "$section" =~ $number_regex ]] && (( section > 0 )) && (( section <= 3 )); then
echo "${version_sections[$section]}"
return
else
stderr_print "Section allowed values are: 1, 2, and 3"
return 1
fi
fi
}

458
bitnami/kafka/3.3/debian-11/prebuildfs/opt/bitnami/scripts/libwebserver.sh Normal file
View File

@ -0,0 +1,458 @@
#!/bin/bash
#
# Bitnami web server handler library
# shellcheck disable=SC1090,SC1091
# Load generic libraries
. /opt/bitnami/scripts/liblog.sh
########################
# Execute a command (or list of commands) with the web server environment and library loaded
# Globals:
# *
# Arguments:
# None
# Returns:
# None
#########################
web_server_execute() {
local -r web_server="${1:?missing web server}"
shift
# Run program in sub-shell to avoid web server environment getting loaded when not necessary
(
. "/opt/bitnami/scripts/lib${web_server}.sh"
. "/opt/bitnami/scripts/${web_server}-env.sh"
"$@"
)
}
########################
# Prints the list of enabled web servers
# Globals:
# None
# Arguments:
# None
# Returns:
# None
#########################
web_server_list() {
local -r -a supported_web_servers=(apache nginx)
local -a existing_web_servers=()
for web_server in "${supported_web_servers[@]}"; do
[[ -f "/opt/bitnami/scripts/${web_server}-env.sh" ]] && existing_web_servers+=("$web_server")
done
echo "${existing_web_servers[@]:-}"
}
########################
# Prints the currently-enabled web server type (only one, in order of preference)
# Globals:
# None
# Arguments:
# None
# Returns:
# None
#########################
web_server_type() {
local -a web_servers
read -r -a web_servers <<< "$(web_server_list)"
echo "${web_servers[0]:-}"
}
########################
# Validate that a supported web server is configured
# Globals:
# None
# Arguments:
# None
# Returns:
# None
#########################
web_server_validate() {
local error_code=0
local supported_web_servers=("apache" "nginx")
# Auxiliary functions
print_validation_error() {
error "$1"
error_code=1
}
if [[ -z "$(web_server_type)" || ! " ${supported_web_servers[*]} " == *" $(web_server_type) "* ]]; then
print_validation_error "Could not detect any supported web servers. It must be one of: ${supported_web_servers[*]}"
elif ! web_server_execute "$(web_server_type)" type -t "is_$(web_server_type)_running" >/dev/null; then
print_validation_error "Could not load the $(web_server_type) web server library from /opt/bitnami/scripts. Check that it exists and is readable."
fi
return "$error_code"
}
########################
# Check whether the web server is running
# Globals:
# *
# Arguments:
# None
# Returns:
# true if the web server is running, false otherwise
#########################
is_web_server_running() {
"is_$(web_server_type)_running"
}
########################
# Start web server
# Globals:
# *
# Arguments:
# None
# Returns:
# None
#########################
web_server_start() {
info "Starting $(web_server_type) in background"
"${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/start.sh"
}
########################
# Stop web server
# Globals:
# *
# Arguments:
# None
# Returns:
# None
#########################
web_server_stop() {
info "Stopping $(web_server_type)"
"${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/stop.sh"
}
########################
# Restart web server
# Globals:
# *
# Arguments:
# None
# Returns:
# None
#########################
web_server_restart() {
info "Restarting $(web_server_type)"
"${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/restart.sh"
}
########################
# Reload web server
# Globals:
# *
# Arguments:
# None
# Returns:
# None
#########################
web_server_reload() {
"${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/reload.sh"
}
########################
# Ensure a web server application configuration exists (i.e. Apache virtual host format or NGINX server block)
# It serves as a wrapper for the specific web server function
# Globals:
# *
# Arguments:
# $1 - App name
# Flags:
# --type - Application type, which has an effect on which configuration template to use
# --hosts - Host listen addresses
# --server-name - Server name
# --server-aliases - Server aliases
# --allow-remote-connections - Whether to allow remote connections or to require local connections
# --disable - Whether to render server configurations with a .disabled prefix
# --disable-http - Whether to render the app's HTTP server configuration with a .disabled prefix
# --disable-https - Whether to render the app's HTTPS server configuration with a .disabled prefix
# --http-port - HTTP port number
# --https-port - HTTPS port number
# --document-root - Path to document root directory
# Apache-specific flags:
# --apache-additional-configuration - Additional vhost configuration (no default)
# --apache-additional-http-configuration - Additional HTTP vhost configuration (no default)
# --apache-additional-https-configuration - Additional HTTPS vhost configuration (no default)
# --apache-before-vhost-configuration - Configuration to add before the <VirtualHost> directive (no default)
# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no' and type is not defined)
# --apache-extra-directory-configuration - Extra configuration for the document root directory
# --apache-proxy-address - Address where to proxy requests
# --apache-proxy-configuration - Extra configuration for the proxy
# --apache-proxy-http-configuration - Extra configuration for the proxy HTTP vhost
# --apache-proxy-https-configuration - Extra configuration for the proxy HTTPS vhost
# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup (only allowed when type is not defined)
# NGINX-specific flags:
# --nginx-additional-configuration - Additional server block configuration (no default)
# --nginx-external-configuration - Configuration external to server block (no default)
# Returns:
# true if the configuration was enabled, false otherwise
########################
ensure_web_server_app_configuration_exists() {
local app="${1:?missing app}"
shift
local -a apache_args nginx_args web_servers args_var
apache_args=("$app")
nginx_args=("$app")
# Validate arguments
while [[ "$#" -gt 0 ]]; do
case "$1" in
# Common flags
--disable \
| --disable-http \
| --disable-https \
)
apache_args+=("$1")
nginx_args+=("$1")
;;
--hosts \
| --server-name \
| --server-aliases \
| --type \
| --allow-remote-connections \
| --http-port \
| --https-port \
| --document-root \
)
apache_args+=("$1" "${2:?missing value}")
nginx_args+=("$1" "${2:?missing value}")
shift
;;
# Specific Apache flags
--apache-additional-configuration \
| --apache-additional-http-configuration \
| --apache-additional-https-configuration \
| --apache-before-vhost-configuration \
| --apache-allow-override \
| --apache-extra-directory-configuration \
| --apache-proxy-address \
| --apache-proxy-configuration \
| --apache-proxy-http-configuration \
| --apache-proxy-https-configuration \
| --apache-move-htaccess \
)
apache_args+=("${1//apache-/}" "${2:?missing value}")
shift
;;
# Specific NGINX flags
--nginx-additional-configuration \
| --nginx-external-configuration)
nginx_args+=("${1//nginx-/}" "${2:?missing value}")
shift
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
read -r -a web_servers <<< "$(web_server_list)"
for web_server in "${web_servers[@]}"; do
args_var="${web_server}_args[@]"
web_server_execute "$web_server" "ensure_${web_server}_app_configuration_exists" "${!args_var}"
done
}
########################
# Ensure a web server application configuration does not exist anymore (i.e. Apache virtual host format or NGINX server block)
# It serves as a wrapper for the specific web server function
# Globals:
# *
# Arguments:
# $1 - App name
# Returns:
# true if the configuration was disabled, false otherwise
########################
ensure_web_server_app_configuration_not_exists() {
local app="${1:?missing app}"
local -a web_servers
read -r -a web_servers <<< "$(web_server_list)"
for web_server in "${web_servers[@]}"; do
web_server_execute "$web_server" "ensure_${web_server}_app_configuration_not_exists" "$app"
done
}
########################
# Ensure the web server loads the configuration for an application in a URL prefix
# It serves as a wrapper for the specific web server function
# Globals:
# *
# Arguments:
# $1 - App name
# Flags:
# --allow-remote-connections - Whether to allow remote connections or to require local connections
# --document-root - Path to document root directory
# --prefix - URL prefix from where it will be accessible (i.e. /myapp)
# --type - Application type, which has an effect on what configuration template will be used
# Apache-specific flags:
# --apache-additional-configuration - Additional vhost configuration (no default)
# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no')
# --apache-extra-directory-configuration - Extra configuration for the document root directory
# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup
# NGINX-specific flags:
# --nginx-additional-configuration - Additional server block configuration (no default)
# Returns:
# true if the configuration was enabled, false otherwise
########################
ensure_web_server_prefix_configuration_exists() {
local app="${1:?missing app}"
shift
local -a apache_args nginx_args web_servers args_var
apache_args=("$app")
nginx_args=("$app")
# Validate arguments
while [[ "$#" -gt 0 ]]; do
case "$1" in
# Common flags
--allow-remote-connections \
| --document-root \
| --prefix \
| --type \
)
apache_args+=("$1" "${2:?missing value}")
nginx_args+=("$1" "${2:?missing value}")
shift
;;
# Specific Apache flags
--apache-additional-configuration \
| --apache-allow-override \
| --apache-extra-directory-configuration \
| --apache-move-htaccess \
)
apache_args+=("${1//apache-/}" "$2")
shift
;;
# Specific NGINX flags
--nginx-additional-configuration)
nginx_args+=("${1//nginx-/}" "$2")
shift
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
read -r -a web_servers <<< "$(web_server_list)"
for web_server in "${web_servers[@]}"; do
args_var="${web_server}_args[@]"
web_server_execute "$web_server" "ensure_${web_server}_prefix_configuration_exists" "${!args_var}"
done
}
########################
# Ensure a web server application configuration is updated with the runtime configuration (i.e. ports)
# It serves as a wrapper for the specific web server function
# Globals:
# *
# Arguments:
# $1 - App name
# Flags:
# --hosts - Host listen addresses
# --server-name - Server name
# --server-aliases - Server aliases
# --enable-http - Enable HTTP app configuration (if not enabled already)
# --enable-https - Enable HTTPS app configuration (if not enabled already)
# --disable-http - Disable HTTP app configuration (if not disabled already)
# --disable-https - Disable HTTPS app configuration (if not disabled already)
# --http-port - HTTP port number
# --https-port - HTTPS port number
# Returns:
# true if the configuration was updated, false otherwise
########################
web_server_update_app_configuration() {
local app="${1:?missing app}"
shift
local -a args web_servers
args=("$app")
# Validate arguments
while [[ "$#" -gt 0 ]]; do
case "$1" in
# Common flags
--enable-http \
| --enable-https \
| --disable-http \
| --disable-https \
)
args+=("$1")
;;
--hosts \
| --server-name \
| --server-aliases \
| --http-port \
| --https-port \
)
args+=("$1" "${2:?missing value}")
shift
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
read -r -a web_servers <<< "$(web_server_list)"
for web_server in "${web_servers[@]}"; do
web_server_execute "$web_server" "${web_server}_update_app_configuration" "${args[@]}"
done
}
########################
# Enable loading page, which shows users that the initialization process is not yet completed
# Globals:
# *
# Arguments:
# None
# Returns:
# None
#########################
web_server_enable_loading_page() {
ensure_web_server_app_configuration_exists "__loading" --hosts "_default_" \
--apache-additional-configuration "
# Show a HTTP 503 Service Unavailable page by default
RedirectMatch 503 ^/$
# Show index.html if server is answering with 404 Not Found or 503 Service Unavailable status codes
ErrorDocument 404 /index.html
ErrorDocument 503 /index.html" \
--nginx-additional-configuration "
# Show a HTTP 503 Service Unavailable page by default
location / {
return 503;
}
# Show index.html if server is answering with 404 Not Found or 503 Service Unavailable status codes
error_page 404 @installing;
error_page 503 @installing;
location @installing {
rewrite ^(.*)$ /index.html break;
}"
web_server_reload
}
########################
# Enable loading page, which shows users that the initialization process is not yet completed
# Globals:
# *
# Arguments:
# None
# Returns:
# None
#########################
web_server_disable_install_page() {
ensure_web_server_app_configuration_not_exists "__loading"
web_server_reload
}

25
bitnami/kafka/3.3/debian-11/prebuildfs/usr/sbin/install_packages Executable file
View File

@ -0,0 +1,25 @@
#!/bin/sh
set -eu
n=0
max=2
export DEBIAN_FRONTEND=noninteractive
until [ $n -gt $max ]; do
set +e
(
apt-get update -qq &&
apt-get install -y --no-install-recommends "$@"
)
CODE=$?
set -e
if [ $CODE -eq 0 ]; then
break
fi
if [ $n -eq $max ]; then
exit $CODE
fi
echo "apt failed, retrying"
n=$(($n + 1))
done
apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives

17
bitnami/kafka/3.3/debian-11/rootfs/opt/bitnami/scripts/java/entrypoint.sh Executable file
View File

@ -0,0 +1,17 @@
#!/bin/bash
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libbitnami.sh
. /opt/bitnami/scripts/liblog.sh
print_welcome_page
echo ""
exec "$@"

24
bitnami/kafka/3.3/debian-11/rootfs/opt/bitnami/scripts/java/postunpack.sh Executable file
View File

@ -0,0 +1,24 @@
#!/bin/bash
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libfile.sh
. /opt/bitnami/scripts/liblog.sh
#
# Java post-unpack operations
#
# Override default files in the Java security directory. This is used for
# custom base images (with custom CA certificates or block lists is used)
if ! is_dir_empty "$JAVA_EXTRA_SECURITY_DIR"; then
info "Adding custom CAs to the Java security folder"
cp -Lr "$JAVA_EXTRA_SECURITY_DIR" /opt/bitnami/java/lib/security
fi

124
bitnami/kafka/3.3/debian-11/rootfs/opt/bitnami/scripts/kafka-env.sh Normal file
View File

@ -0,0 +1,124 @@
#!/bin/bash
#
# Environment configuration for kafka
# The values for all environment variables will be set in the below order of precedence
# 1. Custom environment variables defined below after Bitnami defaults
# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR
# 3. Environment variables overridden via external files using *_FILE variables (see below)
# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata)
# Load logging library
# shellcheck disable=SC1090,SC1091
. /opt/bitnami/scripts/liblog.sh
export BITNAMI_ROOT_DIR="/opt/bitnami"
export BITNAMI_VOLUME_DIR="/bitnami"
# Logging configuration
export MODULE="${MODULE:-kafka}"
export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}"
# By setting an environment variable matching *_FILE to a file path, the prefixed environment
# variable will be overridden with the value specified in that file
kafka_env_vars=(
ALLOW_PLAINTEXT_LISTENER
KAFKA_INTER_BROKER_USER
KAFKA_INTER_BROKER_PASSWORD
KAFKA_CERTIFICATE_PASSWORD
KAFKA_TLS_TRUSTSTORE_FILE
KAFKA_TLS_TYPE
KAFKA_TLS_CLIENT_AUTH
KAFKA_OPTS
KAFKA_CFG_ADVERTISED_LISTENERS
KAFKA_CFG_LISTENERS
KAFKA_CFG_ZOOKEEPER_CONNECT
KAFKA_CFG_AUTO_CREATE_TOPICS_ENABLE
KAFKA_CFG_SASL_ENABLED_MECHANISMS
KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL
KAFKA_CFG_MAX_REQUEST_SIZE
KAFKA_CFG_MAX_PARTITION_FETCH_BYTES
KAFKA_ENABLE_KRAFT
KAFKA_KRAFT_CLUSTER_ID
KAFKA_ZOOKEEPER_PROTOCOL
KAFKA_ZOOKEEPER_PASSWORD
KAFKA_ZOOKEEPER_USER
KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD
KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD
KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE
KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME
KAFKA_ZOOKEEPER_TLS_TYPE
KAFKA_CLIENT_USERS
KAFKA_CLIENT_PASSWORDS
KAFKA_HEAP_OPTS
)
for env_var in "${kafka_env_vars[@]}"; do
file_env_var="${env_var}_FILE"
if [[ -n "${!file_env_var:-}" ]]; then
if [[ -r "${!file_env_var:-}" ]]; then
export "${env_var}=$(< "${!file_env_var}")"
unset "${file_env_var}"
else
warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable."
fi
fi
done
unset kafka_env_vars
# Paths
export KAFKA_BASE_DIR="${BITNAMI_ROOT_DIR}/kafka"
export KAFKA_VOLUME_DIR="/bitnami/kafka"
export KAFKA_DATA_DIR="${KAFKA_VOLUME_DIR}/data"
export KAFKA_CONF_DIR="${KAFKA_BASE_DIR}/config"
export KAFKA_CONF_FILE="${KAFKA_CONF_DIR}/server.properties"
export KAFKA_MOUNTED_CONF_DIR="${KAFKA_VOLUME_DIR}/config"
export KAFKA_CERTS_DIR="${KAFKA_CONF_DIR}/certs"
export KAFKA_INITSCRIPTS_DIR="/docker-entrypoint-initdb.d"
export KAFKA_LOG_DIR="${KAFKA_BASE_DIR}/logs"
export KAFKA_HOME="$KAFKA_BASE_DIR"
export PATH="${KAFKA_BASE_DIR}/bin:${BITNAMI_ROOT_DIR}/java/bin:${PATH}"
# System users (when running with a privileged user)
export KAFKA_DAEMON_USER="kafka"
export KAFKA_DAEMON_GROUP="kafka"
# Kafka runtime settings
export ALLOW_PLAINTEXT_LISTENER="${ALLOW_PLAINTEXT_LISTENER:-no}"
export KAFKA_INTER_BROKER_USER="${KAFKA_INTER_BROKER_USER:-user}"
export KAFKA_INTER_BROKER_PASSWORD="${KAFKA_INTER_BROKER_PASSWORD:-bitnami}"
export KAFKA_CERTIFICATE_PASSWORD="${KAFKA_CERTIFICATE_PASSWORD:-}"
export KAFKA_TLS_TRUSTSTORE_FILE="${KAFKA_TLS_TRUSTSTORE_FILE:-}"
export KAFKA_TLS_TYPE="${KAFKA_TLS_TYPE:-JKS}"
export KAFKA_TLS_CLIENT_AUTH="${KAFKA_TLS_CLIENT_AUTH:-required}"
export KAFKA_OPTS="${KAFKA_OPTS:-}"
# Kafka configuration overrides
export KAFKA_CFG_ADVERTISED_LISTENERS="${KAFKA_CFG_ADVERTISED_LISTENERS:-PLAINTEXT://:9092}"
export KAFKA_CFG_LISTENERS="${KAFKA_CFG_LISTENERS:-PLAINTEXT://:9092}"
export KAFKA_CFG_ZOOKEEPER_CONNECT="${KAFKA_CFG_ZOOKEEPER_CONNECT:-localhost:2181}"
export KAFKA_CFG_AUTO_CREATE_TOPICS_ENABLE="${KAFKA_CFG_AUTO_CREATE_TOPICS_ENABLE:-true}"
export KAFKA_CFG_SASL_ENABLED_MECHANISMS="${KAFKA_CFG_SASL_ENABLED_MECHANISMS:-PLAIN,SCRAM-SHA-256,SCRAM-SHA-512}"
export KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL="${KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL:-}"
export KAFKA_CFG_MAX_REQUEST_SIZE="${KAFKA_CFG_MAX_REQUEST_SIZE:-1048576}"
export KAFKA_CFG_MAX_PARTITION_FETCH_BYTES="${KAFKA_CFG_MAX_PARTITION_FETCH_BYTES:-1048576}"
export KAFKA_ENABLE_KRAFT="${KAFKA_ENABLE_KRAFT:-no}"
export KAFKA_KRAFT_CLUSTER_ID="${KAFKA_KRAFT_CLUSTER_ID:-}"
# ZooKeeper connection settings
export KAFKA_ZOOKEEPER_PROTOCOL="${KAFKA_ZOOKEEPER_PROTOCOL:-PLAINTEXT}"
export KAFKA_ZOOKEEPER_PASSWORD="${KAFKA_ZOOKEEPER_PASSWORD:-}"
export KAFKA_ZOOKEEPER_USER="${KAFKA_ZOOKEEPER_USER:-}"
export KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD="${KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD:-}"
export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD="${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD:-}"
export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE="${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE:-}"
export KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME="${KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME:-true}"
export KAFKA_ZOOKEEPER_TLS_TYPE="${KAFKA_ZOOKEEPER_TLS_TYPE:-JKS}"
# Authentication
export KAFKA_CLIENT_USERS="${KAFKA_CLIENT_USERS:-user}"
export KAFKA_CLIENT_PASSWORDS="${KAFKA_CLIENT_PASSWORDS:-bitnami}"
# Java settings
export KAFKA_HEAP_OPTS="${KAFKA_HEAP_OPTS:--Xmx1024m -Xms1024m}"
# Custom environment variables may be defined below

27
bitnami/kafka/3.3/debian-11/rootfs/opt/bitnami/scripts/kafka/entrypoint.sh Executable file
View File

@ -0,0 +1,27 @@
#!/bin/bash
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libbitnami.sh
. /opt/bitnami/scripts/libkafka.sh
# Load Kafka environment variables
. /opt/bitnami/scripts/kafka-env.sh
print_welcome_page
if [[ "$*" = *"/opt/bitnami/scripts/kafka/run.sh"* || "$*" = *"/run.sh"* ]]; then
info "** Starting Kafka setup **"
/opt/bitnami/scripts/kafka/setup.sh
info "** Kafka setup finished! **"
fi
echo ""
exec "$@"

41
bitnami/kafka/3.3/debian-11/rootfs/opt/bitnami/scripts/kafka/postunpack.sh Executable file
View File

@ -0,0 +1,41 @@
#!/bin/bash
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libkafka.sh
. /opt/bitnami/scripts/libfs.sh
# Load Kafka environment variables
. /opt/bitnami/scripts/kafka-env.sh
# Move server.properties from configtmp to config
# Temporary solution until kafka tarball places server.properties into config
if [[ -d "${KAFKA_BASE_DIR}/configtmp" ]]; then
mv "${KAFKA_BASE_DIR}/configtmp"/* "$KAFKA_CONF_DIR"
rmdir "${KAFKA_BASE_DIR}/configtmp"
fi
[[ -d "${KAFKA_BASE_DIR}/conf" ]] && rmdir "${KAFKA_BASE_DIR}/conf"
# Ensure directories used by Kafka exist and have proper ownership and permissions
for dir in "$KAFKA_LOG_DIR" "$KAFKA_CONF_DIR" "$KAFKA_MOUNTED_CONF_DIR" "$KAFKA_VOLUME_DIR" "$KAFKA_DATA_DIR" "$KAFKA_INITSCRIPTS_DIR"; do
ensure_dir_exists "$dir"
done
chmod -R g+rwX "$KAFKA_BASE_DIR" "$KAFKA_VOLUME_DIR" "$KAFKA_DATA_DIR" "$KAFKA_INITSCRIPTS_DIR"
# Disable logging to stdout and garbage collection
# Source: https://logging.apache.org/log4j/log4j-2.4/manual/appenders.html
replace_in_file "${KAFKA_BASE_DIR}/bin/kafka-server-start.sh" " [-]loggc" " "
replace_in_file "${KAFKA_CONF_DIR}/log4j.properties" "DailyRollingFileAppender" "ConsoleAppender"
# Disable the default console logger in favour of KafkaAppender (which provides the exact output)
echo "log4j.appender.stdout.Threshold=OFF" >>/opt/bitnami/kafka/config/log4j.properties
# Remove invalid parameters for ConsoleAppender
remove_in_file "${KAFKA_CONF_DIR}/log4j.properties" "DatePattern"
remove_in_file "${KAFKA_CONF_DIR}/log4j.properties" "Appender.File"

35
bitnami/kafka/3.3/debian-11/rootfs/opt/bitnami/scripts/kafka/run.sh Executable file
View File

@ -0,0 +1,35 @@
#!/bin/bash
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libkafka.sh
. /opt/bitnami/scripts/libos.sh
# Load Kafka environment variables
. /opt/bitnami/scripts/kafka-env.sh
if [[ "${KAFKA_CFG_LISTENERS:-}" =~ SASL ]] || [[ "${KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP:-}" =~ SASL ]] || [[ "${KAFKA_ZOOKEEPER_PROTOCOL:-}" =~ SASL ]]; then
export KAFKA_OPTS="-Djava.security.auth.login.config=${KAFKA_CONF_DIR}/kafka_jaas.conf"
fi
if [[ "${KAFKA_ZOOKEEPER_PROTOCOL:-}" =~ SSL ]]; then
ZOOKEEPER_SSL_CONFIG=$(zookeeper_get_tls_config)
export KAFKA_OPTS="$KAFKA_OPTS $ZOOKEEPER_SSL_CONFIG"
fi
flags=("$KAFKA_CONF_FILE")
[[ -z "${KAFKA_EXTRA_FLAGS:-}" ]] || flags=("${flags[@]}" "${KAFKA_EXTRA_FLAGS[@]}")
START_COMMAND=("$KAFKA_HOME/bin/kafka-server-start.sh" "${flags[@]}" "$@")
info "** Starting Kafka **"
if am_i_root; then
exec gosu "$KAFKA_DAEMON_USER" "${START_COMMAND[@]}"
else
exec "${START_COMMAND[@]}"
fi

51
bitnami/kafka/3.3/debian-11/rootfs/opt/bitnami/scripts/kafka/setup.sh Executable file
View File

@ -0,0 +1,51 @@
#!/bin/bash
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libfs.sh
. /opt/bitnami/scripts/libos.sh
. /opt/bitnami/scripts/libkafka.sh
# Load Kafka environment variables
. /opt/bitnami/scripts/kafka-env.sh
# Map Kafka environment variables
kafka_create_alias_environment_variables
if [[ -z "${KAFKA_CFG_BROKER_ID:-}" ]]; then
if [[ -n "${BROKER_ID_COMMAND:-}" ]]; then
KAFKA_CFG_BROKER_ID="$(eval "${BROKER_ID_COMMAND:-}")"
export KAFKA_CFG_BROKER_ID
elif ! is_boolean_yes "$KAFKA_ENABLE_KRAFT"; then
# By default auto allocate broker ID unless KRaft is enabled
export KAFKA_CFG_BROKER_ID=-1
fi
fi
# Set the default tuststore locations
kafka_configure_default_truststore_locations
# Ensure Kafka environment variables are valid
kafka_validate
# Ensure Kafka user and group exist when running as 'root'
if am_i_root; then
ensure_user_exists "$KAFKA_DAEMON_USER" --group "$KAFKA_DAEMON_GROUP"
KAFKA_OWNERSHIP_USER="$KAFKA_DAEMON_USER"
else
KAFKA_OWNERSHIP_USER=""
fi
# Ensure directories used by Kafka exist and have proper ownership and permissions
for dir in "$KAFKA_LOG_DIR" "$KAFKA_CONF_DIR" "$KAFKA_MOUNTED_CONF_DIR" "$KAFKA_VOLUME_DIR" "$KAFKA_DATA_DIR"; do
ensure_dir_exists "$dir" "$KAFKA_OWNERSHIP_USER"
done
# Ensure Kafka is initialized
kafka_initialize
# If KRaft is enabled initialize
if is_boolean_yes "$KAFKA_ENABLE_KRAFT"; then
kraft_initialize
fi
# Ensure custom initialization scripts are executed
kafka_custom_init_scripts

897
bitnami/kafka/3.3/debian-11/rootfs/opt/bitnami/scripts/libkafka.sh Normal file
View File

@ -0,0 +1,897 @@
#!/bin/bash
#
# Bitnami Kafka library
# shellcheck disable=SC1090,SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/libfile.sh
. /opt/bitnami/scripts/libfs.sh
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libos.sh
. /opt/bitnami/scripts/libvalidations.sh
. /opt/bitnami/scripts/libservice.sh
# Functions
########################
# Set a configuration setting value to a file
# Globals:
# None
# Arguments:
# $1 - file
# $2 - key
# $3 - values (array)
# Returns:
# None
#########################
kafka_common_conf_set() {
local file="${1:?missing file}"
local key="${2:?missing key}"
shift
shift
local values=("$@")
if [[ "${#values[@]}" -eq 0 ]]; then
stderr_print "missing value"
return 1
elif [[ "${#values[@]}" -ne 1 ]]; then
for i in "${!values[@]}"; do
kafka_common_conf_set "$file" "${key[$i]}" "${values[$i]}"
done
else
value="${values[0]}"
# Check if the value was set before
if grep -q "^[#\\s]*$key\s*=.*" "$file"; then
# Update the existing key
replace_in_file "$file" "^[#\\s]*${key}\s*=.*" "${key}=${value}" false
else
# Add a new key
printf '\n%s=%s' "$key" "$value" >>"$file"
fi
fi
}
########################
# Backwards compatibility measure to configure the TLS truststore locations
# Globals:
# KAFKA_CONF_FILE
# Arguments:
# None
# Returns:
# None
#########################
kafka_configure_default_truststore_locations() {
# Backwards compatibility measure to allow custom truststore locations but at the same time not disrupt
# the UX that the previous version of the containers and the helm chart have.
# Context: The chart and containers by default assumed that the truststore location was KAFKA_CERTS_DIR/kafka.truststore.jks or KAFKA_MOUNTED_CONF_DIR/certs/kafka.truststore.jks.
# Because of this, we could not use custom certificates in different locations (use case: A custom base image that already has a truststore). Changing the logic to allow custom
# locations implied major changes in the current user experience (which only required to mount certificates at the assumed location). In order to maintain this compatibility we need
# use this logic that sets the KAFKA_TLS_*_FILE variables to the previously assumed locations in case it is not set
# Kafka truststore
if { [[ "${KAFKA_CFG_LISTENERS:-}" =~ SSL ]] || [[ "${KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP:-}" =~ SSL ]]; } && is_empty_value "$KAFKA_TLS_TRUSTSTORE_FILE"; then
local kafka_truststore_filename="kafka.truststore.jks"
[[ "$KAFKA_TLS_TYPE" = "PEM" ]] && kafka_truststore_filename="kafka.truststore.pem"
if [[ -f "${KAFKA_CERTS_DIR}/${kafka_truststore_filename}" ]]; then
# Mounted in /opt/bitnami/kafka/conf/certs
export KAFKA_TLS_TRUSTSTORE_FILE="${KAFKA_CERTS_DIR}/${kafka_truststore_filename}"
else
# Mounted in /bitnami/kafka/conf/certs
export KAFKA_TLS_TRUSTSTORE_FILE="${KAFKA_MOUNTED_CONF_DIR}/certs/${kafka_truststore_filename}"
fi
fi
# Zookeeper truststore
if [[ "${KAFKA_ZOOKEEPER_PROTOCOL:-}" =~ SSL ]] && is_empty_value "$KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE"; then
local zk_truststore_filename="zookeeper.truststore.jks"
[[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "PEM" ]] && zk_truststore_filename="zookeeper.truststore.pem"
if [[ -f "${KAFKA_CERTS_DIR}/${zk_truststore_filename}" ]]; then
# Mounted in /opt/bitnami/kafka/conf/certs
export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE="${KAFKA_CERTS_DIR}/${zk_truststore_filename}"
else
# Mounted in /bitnami/kafka/conf/certs
export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE="${KAFKA_MOUNTED_CONF_DIR}/certs/${zk_truststore_filename}"
fi
fi
}
########################
# Set a configuration setting value to server.properties
# Globals:
# KAFKA_CONF_FILE
# Arguments:
# $1 - key
# $2 - values (array)
# Returns:
# None
#########################
kafka_server_conf_set() {
kafka_common_conf_set "$KAFKA_CONF_FILE" "$@"
}
########################
# Set a configuration setting value to producer.properties and consumer.properties
# Globals:
# KAFKA_CONF_DIR
# Arguments:
# $1 - key
# $2 - values (array)
# Returns:
# None
#########################
kafka_producer_consumer_conf_set() {
kafka_common_conf_set "$KAFKA_CONF_DIR/producer.properties" "$@"
kafka_common_conf_set "$KAFKA_CONF_DIR/consumer.properties" "$@"
}
########################
# Create alias for environment variable, so both can be used
# Globals:
# None
# Arguments:
# $1 - Alias environment variable name
# $2 - Original environment variable name
# Returns:
# None
#########################
kafka_declare_alias_env() {
local -r alias="${1:?missing environment variable alias}"
local -r original="${2:?missing original environment variable}"
if printenv "${original}" >/dev/null; then
export "$alias"="${!original:-}"
fi
}
########################
# Map Kafka legacy environment variables to the new names
# Globals:
# KAFKA_*
# Arguments:
# None
# Returns:
# None
#########################
kafka_create_alias_environment_variables() {
suffixes=(
"ADVERTISED_LISTENERS"
"BROKER_ID"
"DEFAULT_REPLICATION_FACTOR"
"DELETE_TOPIC_ENABLE"
"INTER_BROKER_LISTENER_NAME"
"LISTENERS"
"LISTENER_SECURITY_PROTOCOL_MAP"
"LOG_DIRS"
"LOG_FLUSH_INTERVAL_MESSAGES"
"LOG_FLUSH_INTERVAL_MS"
"LOG_MESSAGE_FORMAT_VERSION"
"LOG_RETENTION_BYTES"
"LOG_RETENTION_CHECK_INTERVALS_MS"
"LOG_RETENTION_HOURS"
"LOG_SEGMENT_BYTES"
"MESSAGE_MAX_BYTES"
"NUM_IO_THREADS"
"NUM_NETWORK_THREADS"
"NUM_PARTITIONS"
"NUM_RECOVERY_THREADS_PER_DATA_DIR"
"OFFSETS_TOPIC_REPLICATION_FACTOR"
"SOCKET_RECEIVE_BUFFER_BYTES"
"SOCKET_REQUEST_MAX_BYTES"
"SOCKET_SEND_BUFFER_BYTES"
"SSL_ENDPOINT_IDENTIFICATION_ALGORITHM"
"TRANSACTION_STATE_LOG_MIN_ISR"
"TRANSACTION_STATE_LOG_REPLICATION_FACTOR"
"ZOOKEEPER_CONNECT"
"ZOOKEEPER_CONNECTION_TIMEOUT_MS"
)
kafka_declare_alias_env "KAFKA_CFG_LOG_DIRS" "KAFKA_LOGS_DIRS"
kafka_declare_alias_env "KAFKA_CFG_LOG_SEGMENT_BYTES" "KAFKA_SEGMENT_BYTES"
kafka_declare_alias_env "KAFKA_CFG_MESSAGE_MAX_BYTES" "KAFKA_MAX_MESSAGE_BYTES"
kafka_declare_alias_env "KAFKA_CFG_ZOOKEEPER_CONNECTION_TIMEOUT_MS" "KAFKA_ZOOKEEPER_CONNECT_TIMEOUT_MS"
kafka_declare_alias_env "KAFKA_CFG_AUTO_CREATE_TOPICS_ENABLE" "KAFKA_AUTO_CREATE_TOPICS_ENABLE"
kafka_declare_alias_env "KAFKA_CLIENT_USERS" "KAFKA_BROKER_USER"
kafka_declare_alias_env "KAFKA_CLIENT_PASSWORDS" "KAFKA_BROKER_PASSWORD"
for s in "${suffixes[@]}"; do
kafka_declare_alias_env "KAFKA_CFG_${s}" "KAFKA_${s}"
done
}
########################
# Validate settings in KAFKA_* env vars
# Globals:
# KAFKA_*
# Arguments:
# None
# Returns:
# None
#########################
kafka_validate() {
debug "Validating settings in KAFKA_* env vars..."
local error_code=0
local internal_port
local client_port
# Auxiliary functions
print_validation_error() {
error "$1"
error_code=1
}
check_allowed_listener_port() {
local -r total="$#"
for i in $(seq 1 "$((total - 1))"); do
for j in $(seq "$((i + 1))" "$total"); do
if (("${!i}" == "${!j}")); then
print_validation_error "There are listeners bound to the same port"
fi
done
done
}
check_conflicting_listener_ports() {
local validate_port_args=()
! am_i_root && validate_port_args+=("-unprivileged")
if ! err=$(validate_port "${validate_port_args[@]}" "$1"); then
print_validation_error "An invalid port was specified in the environment variable KAFKA_CFG_LISTENERS: $err"
fi
}
check_multi_value() {
if [[ " ${2} " != *" ${!1} "* ]]; then
print_validation_error "The allowed values for ${1} are: ${2}"
fi
}
if is_boolean_yes "$KAFKA_ENABLE_KRAFT"; then
if [[ -n "$KAFKA_CFG_BROKER_ID" ]]; then
warn "KAFKA_CFG_BROKER_ID Must match what is set in KAFKA_CFG_CONTROLLER_QUORUM_VOTERS"
else
print_validation_error "KRaft requires KAFKA_CFG_BROKER_ID to be set for the quorum controller"
fi
if [[ -n "$KAFKA_CFG_CONTROLLER_QUORUM_VOTERS" ]]; then
warn "KAFKA_CFG_CONTROLLER_QUORUM_VOTERS must match brokers set with KAFKA_CFG_BROKER_ID"
else
print_validation_error "KRaft requires KAFKA_CFG_CONTROLLER_QUORUM_VOTERS to be set"
fi
if [[ -z "$KAFKA_CFG_CONTROLLER_LISTENER_NAMES" ]]; then
print_validation_error "KRaft requires KAFKA_CFG_CONTROLLER_LISTENER_NAMES to be set"
fi
if [[ -n "$KAFKA_CFG_PROCESS_ROLES" ]]; then
warn "KAFKA_CFG_PROCESS_ROLES must include 'controller' for KRaft"
else
print_validation_error "KAFKA_CFG_PROCESS_ROLES must be set to enable KRaft m,model"
fi
if [[ -n "$KAFKA_CFG_LISTENERS" ]]; then
warn "KAFKA_CFG_LISTENERS must include a listener for CONTROLLER"
else
print_validation_error "KRaft requires KAFKA_CFG_LISTENERS to be set"
fi
fi
if [[ ${KAFKA_CFG_LISTENERS:-} =~ INTERNAL://:([0-9]*) ]]; then
internal_port="${BASH_REMATCH[1]}"
check_allowed_listener_port "$internal_port"
fi
if [[ ${KAFKA_CFG_LISTENERS:-} =~ CLIENT://:([0-9]*) ]]; then
client_port="${BASH_REMATCH[1]}"
check_allowed_listener_port "$client_port"
fi
[[ -n ${internal_port:-} && -n ${client_port:-} ]] && check_conflicting_listener_ports "$internal_port" "$client_port"
if [[ -n "${KAFKA_PORT_NUMBER:-}" ]] || [[ -n "${KAFKA_CFG_PORT:-}" ]]; then
warn "The environment variables KAFKA_PORT_NUMBER and KAFKA_CFG_PORT are deprecated, you can specify the port number to use for each listener using the KAFKA_CFG_LISTENERS environment variable instead."
fi
read -r -a users <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_USERS}")"
read -r -a passwords <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_PASSWORDS}")"
if [[ "${#users[@]}" -ne "${#passwords[@]}" ]]; then
print_validation_error "Specify the same number of passwords on KAFKA_CLIENT_PASSWORDS as the number of users on KAFKA_CLIENT_USERS!"
fi
if is_boolean_yes "$ALLOW_PLAINTEXT_LISTENER"; then
warn "You set the environment variable ALLOW_PLAINTEXT_LISTENER=$ALLOW_PLAINTEXT_LISTENER. For safety reasons, do not use this flag in a production environment."
fi
if [[ "${KAFKA_CFG_LISTENERS:-}" =~ SSL ]] || [[ "${KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP:-}" =~ SSL ]]; then
if [[ "$KAFKA_TLS_TYPE" = "JKS" ]] &&
{ [[ ! -f "${KAFKA_CERTS_DIR}/kafka.keystore.jks" ]] || [[ ! -f "$KAFKA_TLS_TRUSTSTORE_FILE" ]]; } &&
{ [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/kafka.keystore.jks" ]] || [[ ! -f "$KAFKA_TLS_TRUSTSTORE_FILE" ]]; }; then
print_validation_error "In order to configure the TLS encryption for Kafka with JKS certs you must mount your kafka.keystore.jks and kafka.truststore.jks certs to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory."
elif [[ "$KAFKA_TLS_TYPE" = "PEM" ]] &&
{ [[ ! -f "${KAFKA_CERTS_DIR}/kafka.keystore.pem" ]] || [[ ! -f "${KAFKA_CERTS_DIR}/kafka.keystore.key" ]] || [[ ! -f "$KAFKA_TLS_TRUSTSTORE_FILE" ]]; } &&
{ [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/kafka.keystore.pem" ]] || [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/kafka.keystore.key" ]] || [[ ! -f "$KAFKA_TLS_TRUSTSTORE_FILE" ]]; }; then
print_validation_error "In order to configure the TLS encryption for Kafka with PEM certs you must mount your kafka.keystore.pem, kafka.keystore.key and kafka.truststore.pem certs to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory."
fi
elif [[ "${KAFKA_CFG_LISTENERS:-}" =~ SASL ]] || [[ "${KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP:-}" =~ SASL ]]; then
if [[ -z "$KAFKA_CLIENT_PASSWORDS" && -z "$KAFKA_INTER_BROKER_PASSWORD" ]]; then
print_validation_error "In order to configure SASL authentication for Kafka, you must provide the SASL credentials. Set the environment variables KAFKA_CLIENT_USERS and KAFKA_CLIENT_PASSWORDS, to configure the credentials for SASL authentication with clients, or set the environment variables KAFKA_INTER_BROKER_USER and KAFKA_INTER_BROKER_PASSWORD, to configure the credentials for SASL authentication between brokers."
fi
elif ! is_boolean_yes "$ALLOW_PLAINTEXT_LISTENER"; then
print_validation_error "The KAFKA_CFG_LISTENERS environment variable does not configure a secure listener. Set the environment variable ALLOW_PLAINTEXT_LISTENER=yes to allow the container to be started with a plaintext listener. This is only recommended for development."
fi
if ! is_boolean_yes "$KAFKA_ENABLE_KRAFT"; then
if [[ "${KAFKA_ZOOKEEPER_PROTOCOL}" =~ SSL ]]; then
if [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "JKS" ]] &&
[[ ! -f "$KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE" ]]; then
print_validation_error "In order to configure the TLS encryption for Zookeeper with JKS certs you must mount your zookeeper.truststore.jks cert to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory."
elif [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "PEM" ]] &&
[[ ! -f "$KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE" ]]; then
print_validation_error "In order to configure the TLS encryption for Zookeeper with PEM certs you must mount your zookeeper.truststore.pem cert to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory."
fi
if [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "JKS" ]] &&
[[ ! -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.jks" ]] && [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/zookeeper.keystore.jks" ]]; then
warn "In order to configure the mTLS for Zookeeper with JKS certs you must mount your zookeeper.keystore.jks cert to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory."
elif [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "PEM" ]] &&
{ [[ ! -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.pem" ]] || [[ ! -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.key" ]]; } &&
{ [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/zookeeper.keystore.pem" ]] || [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/zookeeper.keystore.key" ]]; }; then
warn "In order to configure the mTLS for Zookeeper with PEM certs you must mount your zookeeper.keystore.pem cert and zookeeper.keystore.key key to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory."
fi
elif [[ "${KAFKA_ZOOKEEPER_PROTOCOL}" =~ SASL ]]; then
if [[ -z "$KAFKA_ZOOKEEPER_USER" ]] || [[ -z "$KAFKA_ZOOKEEPER_PASSWORD" ]]; then
print_validation_error "In order to configure SASL authentication for Kafka, you must provide the SASL credentials. Set the environment variables KAFKA_ZOOKEEPER_USER and KAFKA_ZOOKEEPER_PASSWORD, to configure the credentials for SASL authentication with Zookeeper."
fi
elif ! is_boolean_yes "$ALLOW_PLAINTEXT_LISTENER"; then
print_validation_error "The KAFKA_ZOOKEEPER_PROTOCOL environment variable does not configure a secure protocol. Set the environment variable ALLOW_PLAINTEXT_LISTENER=yes to allow the container to be started with a plaintext listener. This is only recommended for development."
fi
fi
check_multi_value "KAFKA_TLS_TYPE" "JKS PEM"
check_multi_value "KAFKA_ZOOKEEPER_TLS_TYPE" "JKS PEM"
check_multi_value "KAFKA_TLS_CLIENT_AUTH" "none requested required"
[[ "$error_code" -eq 0 ]] || return "$error_code"
}
########################
# Generate JAAS authentication file
# Globals:
# KAFKA_*
# Arguments:
# $1 - Authentication protocol to use for the internal listener
# $2 - Authentication protocol to use for the client listener
# Returns:
# None
#########################
kafka_generate_jaas_authentication_file() {
local -r internal_protocol="${1:-}"
local -r client_protocol="${2:-}"
if [[ ! -f "${KAFKA_CONF_DIR}/kafka_jaas.conf" ]]; then
info "Generating JAAS authentication file"
read -r -a users <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_USERS:-}")"
read -r -a passwords <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_PASSWORDS:-}")"
if [[ "${client_protocol:-}" =~ SASL ]]; then
if [[ "${KAFKA_CFG_SASL_ENABLED_MECHANISMS:-}" =~ PLAIN ]]; then
cat >>"${KAFKA_CONF_DIR}/kafka_jaas.conf" <<EOF
KafkaClient {
org.apache.kafka.common.security.plain.PlainLoginModule required
EOF
else
cat >>"${KAFKA_CONF_DIR}/kafka_jaas.conf" <<EOF
KafkaClient {
org.apache.kafka.common.security.plain.ScramLoginModule required
EOF
fi
cat >>"${KAFKA_CONF_DIR}/kafka_jaas.conf" <<EOF
username="${users[0]:-}"
password="${passwords[0]:-}";
};
EOF
fi
if [[ "${client_protocol:-}" =~ SASL ]] && [[ "${internal_protocol:-}" =~ SASL ]]; then
if [[ "${KAFKA_CFG_SASL_ENABLED_MECHANISMS:-}" =~ PLAIN ]] && [[ "${KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL:-}" =~ PLAIN ]]; then
cat >>"${KAFKA_CONF_DIR}/kafka_jaas.conf" <<EOF
KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="${KAFKA_INTER_BROKER_USER:-}"
password="${KAFKA_INTER_BROKER_PASSWORD:-}"
user_${KAFKA_INTER_BROKER_USER:-}="${KAFKA_INTER_BROKER_PASSWORD:-}"
EOF
for ((i = 0; i < ${#users[@]}; i++)); do
if [[ "$i" -eq "(( ${#users[@]} - 1 ))" ]]; then
cat >>"${KAFKA_CONF_DIR}/kafka_jaas.conf" <<EOF
user_${users[i]:-}="${passwords[i]:-}";
EOF
else
cat >>"${KAFKA_CONF_DIR}/kafka_jaas.conf" <<EOF
user_${users[i]:-}="${passwords[i]:-}"
EOF
fi
done
cat >>"${KAFKA_CONF_DIR}/kafka_jaas.conf" <<EOF
org.apache.kafka.common.security.scram.ScramLoginModule required;
};
EOF
else
cat >>"${KAFKA_CONF_DIR}/kafka_jaas.conf" <<EOF
KafkaServer {
org.apache.kafka.common.security.scram.ScramLoginModule required
username="${KAFKA_INTER_BROKER_USER:-}"
password="${KAFKA_INTER_BROKER_PASSWORD:-}";
};
EOF
fi
elif [[ "${client_protocol:-}" =~ SASL ]]; then
cat >>"${KAFKA_CONF_DIR}/kafka_jaas.conf" <<EOF
KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
EOF
if [[ "${KAFKA_CFG_SASL_ENABLED_MECHANISMS:-}" =~ PLAIN ]]; then
for ((i = 0; i < ${#users[@]}; i++)); do
if [[ "$i" -eq "(( ${#users[@]} - 1 ))" ]]; then
cat >>"${KAFKA_CONF_DIR}/kafka_jaas.conf" <<EOF
user_${users[i]:-}="${passwords[i]:-}";
EOF
else
cat >>"${KAFKA_CONF_DIR}/kafka_jaas.conf" <<EOF
user_${users[i]:-}="${passwords[i]:-}"
EOF
fi
done
fi
cat >>"${KAFKA_CONF_DIR}/kafka_jaas.conf" <<EOF
org.apache.kafka.common.security.scram.ScramLoginModule required;
};
EOF
elif [[ "${internal_protocol:-}" =~ SASL ]]; then
if [[ "${KAFKA_CFG_SASL_ENABLED_MECHANISMS:-}" =~ PLAIN ]] && [[ "${KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL:-}" =~ PLAIN ]]; then
cat >>"${KAFKA_CONF_DIR}/kafka_jaas.conf" <<EOF
KafkaServer {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="${KAFKA_INTER_BROKER_USER:-}"
password="${KAFKA_INTER_BROKER_PASSWORD:-}"
user_${KAFKA_INTER_BROKER_USER:-}="${KAFKA_INTER_BROKER_PASSWORD:-}";
org.apache.kafka.common.security.scram.ScramLoginModule required;
};
EOF
else
cat >>"${KAFKA_CONF_DIR}/kafka_jaas.conf" <<EOF
KafkaServer {
org.apache.kafka.common.security.scram.ScramLoginModule required
username="${KAFKA_INTER_BROKER_USER:-}"
password="${KAFKA_INTER_BROKER_PASSWORD:-}";
};
EOF
fi
fi
if [[ "${KAFKA_ZOOKEEPER_PROTOCOL}" =~ SASL ]] && [[ -n "$KAFKA_ZOOKEEPER_USER" ]] && [[ -n "$KAFKA_ZOOKEEPER_PASSWORD" ]]; then
cat >>"${KAFKA_CONF_DIR}/kafka_jaas.conf" <<EOF
Client {
org.apache.kafka.common.security.plain.PlainLoginModule required
username="${KAFKA_ZOOKEEPER_USER:-}"
password="${KAFKA_ZOOKEEPER_PASSWORD:-}";
};
EOF
fi
else
info "Custom JAAS authentication file detected. Skipping generation."
warn "The following environment variables will be ignored: KAFKA_CLIENT_USERS, KAFKA_CLIENT_PASSWORDS, KAFKA_INTER_BROKER_USER, KAFKA_INTER_BROKER_PASSWORD, KAFKA_ZOOKEEPER_USER and KAFKA_ZOOKEEPER_PASSWORD"
fi
}
########################
# Create users in zookeper when using SASL_SCRAM
# Globals:
# KAFKA_*
# Arguments:
# None
# Returns:
# None
#########################
kafka_create_sasl_scram_zookeeper_users() {
export KAFKA_OPTS="-Djava.security.auth.login.config=${KAFKA_CONF_DIR}/kafka_jaas.conf"
info "Creating users in Zookeeper"
read -r -a users <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_USERS}")"
read -r -a passwords <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_PASSWORDS}")"
if [[ "${KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL:-}" =~ SCRAM-SHA ]]; then
users+=("${KAFKA_INTER_BROKER_USER}")
passwords+=("${KAFKA_INTER_BROKER_PASSWORD}")
fi
for ((i = 0; i < ${#users[@]}; i++)); do
debug "Creating user ${users[i]} in zookeeper"
# Ref: https://docs.confluent.io/current/kafka/authentication_sasl/authentication_sasl_scram.html#sasl-scram-overview
if [[ "${KAFKA_ZOOKEEPER_PROTOCOL:-}" =~ SSL ]]; then
ZOOKEEPER_SSL_CONFIG=$(zookeeper_get_tls_config)
export KAFKA_OPTS="$KAFKA_OPTS $ZOOKEEPER_SSL_CONFIG"
fi
debug_execute kafka-configs.sh --zookeeper "$KAFKA_CFG_ZOOKEEPER_CONNECT" --alter --add-config "SCRAM-SHA-256=[iterations=8192,password=${passwords[i]}],SCRAM-SHA-512=[password=${passwords[i]}]" --entity-type users --entity-name "${users[i]}"
done
}
########################
# Configure Kafka SSL settings
# Globals:
# KAFKA_*
# Arguments:
# None
# Returns:
# None
#########################
SSL_CONFIGURED=false
kafka_configure_ssl() {
[[ "$SSL_CONFIGURED" = true ]] && return 0
# Configures both Kafka server and producers/consumers
configure_both() {
kafka_server_conf_set "${1:?missing key}" "${2:?missing value}"
kafka_producer_consumer_conf_set "${1:?missing key}" "${2:?missing value}"
}
configure_both ssl.keystore.type "${KAFKA_TLS_TYPE}"
configure_both ssl.truststore.type "${KAFKA_TLS_TYPE}"
local -r kafka_truststore_location="${KAFKA_CERTS_DIR}/$(basename "${KAFKA_TLS_TRUSTSTORE_FILE}")"
! is_empty_value "$KAFKA_CERTIFICATE_PASSWORD" && configure_both ssl.key.password "$KAFKA_CERTIFICATE_PASSWORD"
if [[ "$KAFKA_TLS_TYPE" = "PEM" ]]; then
file_to_multiline_property() {
awk 'NR > 1{print line" \\"}{line=$0;}END{print $0" "}' <"${1:?missing file}"
}
configure_both ssl.keystore.key "$(file_to_multiline_property "${KAFKA_CERTS_DIR}/kafka.keystore.key")"
configure_both ssl.keystore.certificate.chain "$(file_to_multiline_property "${KAFKA_CERTS_DIR}/kafka.keystore.pem")"
configure_both ssl.truststore.certificates "$(file_to_multiline_property "${kafka_truststore_location}")"
elif [[ "$KAFKA_TLS_TYPE" = "JKS" ]]; then
configure_both ssl.keystore.location "$KAFKA_CERTS_DIR"/kafka.keystore.jks
configure_both ssl.truststore.location "$kafka_truststore_location"
! is_empty_value "$KAFKA_CERTIFICATE_PASSWORD" && configure_both ssl.keystore.password "$KAFKA_CERTIFICATE_PASSWORD"
! is_empty_value "$KAFKA_CERTIFICATE_PASSWORD" && configure_both ssl.truststore.password "$KAFKA_CERTIFICATE_PASSWORD"
fi
SSL_CONFIGURED=true # prevents configuring SSL more than once
}
########################
# Configure Kafka for inter-broker communications
# Globals:
# None
# Arguments:
# $1 - Authentication protocol to use for the internal listener
# Returns:
# None
#########################
kafka_configure_internal_communications() {
local -r protocol="${1:?missing environment variable protocol}"
local -r allowed_protocols=("PLAINTEXT" "SASL_PLAINTEXT" "SASL_SSL" "SSL")
info "Configuring Kafka for inter-broker communications with ${protocol} authentication."
if [[ "${allowed_protocols[*]}" =~ $protocol ]]; then
kafka_server_conf_set security.inter.broker.protocol "$protocol"
if [[ "$protocol" = "PLAINTEXT" ]]; then
warn "Inter-broker communications are configured as PLAINTEXT. This is not safe for production environments."
fi
if [[ "$protocol" = "SASL_PLAINTEXT" ]] || [[ "$protocol" = "SASL_SSL" ]]; then
# IMPORTANT: Do not confuse SASL/PLAIN with PLAINTEXT
# For more information, see: https://docs.confluent.io/current/kafka/authentication_sasl/authentication_sasl_plain.html#sasl-plain-overview)
if [[ -n "$KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL" ]]; then
kafka_server_conf_set sasl.mechanism.inter.broker.protocol "$KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL"
else
error "When using SASL for inter broker comunication the mechanism should be provided at KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL"
exit 1
fi
fi
if [[ "$protocol" = "SASL_SSL" ]] || [[ "$protocol" = "SSL" ]]; then
kafka_configure_ssl
# We need to enable 2 way authentication on SASL_SSL so brokers authenticate each other.
# It won't affect client communications unless the SSL protocol is for them.
kafka_server_conf_set ssl.client.auth "$KAFKA_TLS_CLIENT_AUTH"
fi
else
error "Authentication protocol ${protocol} is not supported!"
exit 1
fi
}
########################
# Configure Kafka for client communications
# Globals:
# None
# Arguments:
# $1 - Authentication protocol to use for the client listener
# Returns:
# None
#########################
kafka_configure_client_communications() {
local -r protocol="${1:?missing environment variable protocol}"
local -r allowed_protocols=("PLAINTEXT" "SASL_PLAINTEXT" "SASL_SSL" "SSL")
info "Configuring Kafka for client communications with ${protocol} authentication."
if [[ "${allowed_protocols[*]}" =~ ${protocol} ]]; then
kafka_server_conf_set security.inter.broker.protocol "$protocol"
if [[ "$protocol" = "PLAINTEXT" ]]; then
warn "Client communications are configured using PLAINTEXT listeners. For safety reasons, do not use this in a production environment."
fi
if [[ "$protocol" = "SASL_PLAINTEXT" ]] || [[ "$protocol" = "SASL_SSL" ]]; then
# The below lines would need to be updated to support other SASL implementations (i.e. GSSAPI)
# IMPORTANT: Do not confuse SASL/PLAIN with PLAINTEXT
# For more information, see: https://docs.confluent.io/current/kafka/authentication_sasl/authentication_sasl_plain.html#sasl-plain-overview)
kafka_server_conf_set sasl.mechanism.inter.broker.protocol "$KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL"
fi
if [[ "$protocol" = "SASL_SSL" ]] || [[ "$protocol" = "SSL" ]]; then
kafka_configure_ssl
fi
if [[ "$protocol" = "SSL" ]]; then
kafka_server_conf_set ssl.client.auth "$KAFKA_TLS_CLIENT_AUTH"
fi
else
error "Authentication protocol ${protocol} is not supported!"
exit 1
fi
}
########################
# Configure Kafka for external-client communications
# Globals:
# None
# Arguments:
# $1 - Authentication protocol to use for the external-client listener
# Returns:
# None
#########################
kafka_configure_external_client_communications() {
local -r protocol="${1:?missing environment variable protocol}"
local -r allowed_protocols=("PLAINTEXT" "SASL_PLAINTEXT" "SASL_SSL" "SSL")
info "Configuring Kafka for external client communications with ${protocol} authentication."
if [[ "${allowed_protocols[*]}" =~ ${protocol} ]]; then
if [[ "$protocol" = "PLAINTEXT" ]]; then
warn "External client communications are configured using PLAINTEXT listeners. For safety reasons, do not use this in a production environment."
fi
if [[ "$protocol" = "SASL_SSL" ]] || [[ "$protocol" = "SSL" ]]; then
kafka_configure_ssl
fi
if [[ "$protocol" = "SSL" ]]; then
kafka_server_conf_set ssl.client.auth "$KAFKA_TLS_CLIENT_AUTH"
fi
else
error "Authentication protocol ${protocol} is not supported!"
exit 1
fi
}
########################
# Get Zookeeper TLS settings
# Globals:
# KAFKA_ZOOKEEPER_TLS_*
# Arguments:
# None
# Returns:
# String
#########################
zookeeper_get_tls_config() {
# Note that ZooKeeper does not support a key password different from the keystore password,
# so be sure to set the key password in the keystore to be identical to the keystore password;
# otherwise the connection attempt to Zookeeper will fail.
local keystore_location=""
local -r kafka_zk_truststore_location="${KAFKA_CERTS_DIR}/$(basename "${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE}")"
if [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "JKS" ]] && [[ -f "$KAFKA_CERTS_DIR"/zookeeper.keystore.jks ]]; then
keystore_location="${KAFKA_CERTS_DIR}/zookeeper.keystore.jks"
elif [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "PEM" ]] && [[ -f "$KAFKA_CERTS_DIR"/zookeeper.keystore.pem ]] && [[ -f "$KAFKA_CERTS_DIR"/zookeeper.keystore.key ]]; then
# Concatenating private key into public certificate file
# This is needed to load keystore from location using PEM
cat "$KAFKA_CERTS_DIR"/zookeeper.keystore.key >>"$KAFKA_CERTS_DIR"/zookeeper.keystore.pem
keystore_location="${KAFKA_CERTS_DIR}/zookeeper.keystore.pem"
fi
echo "-Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty \
-Dzookeeper.client.secure=true \
-Dzookeeper.ssl.keyStore.location=${keystore_location} \
-Dzookeeper.ssl.keyStore.password=${KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD} \
-Dzookeeper.ssl.trustStore.location=${kafka_zk_truststore_location} \
-Dzookeeper.ssl.trustStore.password=${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD} \
-Dzookeeper.ssl.hostnameVerification=${KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME}"
}
########################
# Configure Kafka configuration files from environment variables
# Globals:
# KAFKA_*
# Arguments:
# None
# Returns:
# None
#########################
kafka_configure_from_environment_variables() {
# List of special cases to apply to the variables
local -r exception_regexps=(
"s/sasl.ssl/sasl_ssl/g"
"s/sasl.plaintext/sasl_plaintext/g"
)
# Map environment variables to config properties
for var in "${!KAFKA_CFG_@}"; do
key="$(echo "$var" | sed -e 's/^KAFKA_CFG_//g' -e 's/_/\./g' | tr '[:upper:]' '[:lower:]')"
# Exception for the camel case in this environment variable
[[ "$var" == "KAFKA_CFG_ZOOKEEPER_CLIENTCNXNSOCKET" ]] && key="zookeeper.clientCnxnSocket"
# Apply exception regexps
for regex in "${exception_regexps[@]}"; do
key="$(echo "$key" | sed "$regex")"
done
value="${!var}"
kafka_server_conf_set "$key" "$value"
done
}
########################
# Configure Kafka configuration files to set up message sizes
# Globals:
# KAFKA_*
# Arguments:
# None
# Returns:
# None
#########################
kafka_configure_producer_consumer_message_sizes() {
if [[ -n "$KAFKA_CFG_MAX_REQUEST_SIZE" ]]; then
kafka_common_conf_set "$KAFKA_CONF_DIR/producer.properties" max.request.size "$KAFKA_CFG_MAX_REQUEST_SIZE"
fi
if [[ -n "$KAFKA_CFG_MAX_PARTITION_FETCH_BYTES" ]]; then
kafka_common_conf_set "$KAFKA_CONF_DIR/consumer.properties" max.partition.fetch.bytes "$KAFKA_CFG_MAX_PARTITION_FETCH_BYTES"
fi
}
########################
# Initialize KRaft
# Globals:
# KAFKA_*
# Arguments:
# None
# Returns:
# None
#########################
kraft_initialize() {
info "Initializing KRaft..."
if [[ -z "$KAFKA_KRAFT_CLUSTER_ID" ]]; then
warn "KAFKA_KRAFT_CLUSTER_ID not set - If using multiple nodes then you must use the same Cluster ID for each one"
KAFKA_KRAFT_CLUSTER_ID="$("${KAFKA_HOME}/bin/kafka-storage.sh" random-uuid)"
info "Generated Kafka cluster ID '${KAFKA_KRAFT_CLUSTER_ID}'"
fi
info "Formatting storage directories to add metadata..."
debug_execute "$KAFKA_HOME/bin/kafka-storage.sh" format --config "$KAFKA_CONF_FILE" --cluster-id "$KAFKA_KRAFT_CLUSTER_ID" --ignore-formatted
}
########################
# Initialize Kafka
# Globals:
# KAFKA_*
# Arguments:
# None
# Returns:
# None
#########################
kafka_initialize() {
info "Initializing Kafka..."
# DEPRECATED. Copy files in old conf directory to maintain compatibility with Helm chart.
if ! is_dir_empty "$KAFKA_BASE_DIR"/conf; then
warn "Detected files mounted to $KAFKA_BASE_DIR/conf. This is deprecated and files should be mounted to $KAFKA_MOUNTED_CONF_DIR."
cp -Lr "$KAFKA_BASE_DIR"/conf/* "$KAFKA_CONF_DIR"
fi
# Check for mounted configuration files
if ! is_dir_empty "$KAFKA_MOUNTED_CONF_DIR"; then
cp -Lr "$KAFKA_MOUNTED_CONF_DIR"/* "$KAFKA_CONF_DIR"
fi
# Copy truststore to cert directory
for cert_var in KAFKA_TLS_TRUSTSTORE_FILE KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE; do
# Only copy if the file exists and it is in a different location than KAFKA_CERTS_DIR (to avoid copying to the same location)
if [[ -f "${!cert_var}" ]] && ! [[ "${!cert_var}" =~ $KAFKA_CERTS_DIR ]]; then
info "Copying truststore ${!cert_var} to ${KAFKA_CERTS_DIR}"
cp -L "${!cert_var}" "$KAFKA_CERTS_DIR"
fi
done
# DEPRECATED. Check for server.properties file in old conf directory to maintain compatibility with Helm chart.
if [[ ! -f "$KAFKA_BASE_DIR"/conf/server.properties ]] && [[ ! -f "$KAFKA_MOUNTED_CONF_DIR"/server.properties ]]; then
info "No injected configuration files found, creating default config files"
kafka_server_conf_set log.dirs "$KAFKA_DATA_DIR"
kafka_configure_from_environment_variables
# When setting up a Kafka cluster with N brokers, we have several listeners:
# - INTERNAL: used for inter-broker communications
# - CLIENT: used for communications with consumers/producers within the same network
# - (optional) EXTERNAL: used for communications with consumers/producers on different networks
local internal_protocol
local client_protocol
local external_client_protocol
if [[ ${KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP:-} =~ INTERNAL:([a-zA-Z_]*) ]]; then
internal_protocol="${BASH_REMATCH[1]}"
kafka_configure_internal_communications "$internal_protocol"
fi
if [[ ${KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP:-} =~ CLIENT:([a-zA-Z_]*) ]]; then
client_protocol="${BASH_REMATCH[1]}"
kafka_configure_client_communications "$client_protocol"
fi
if [[ ${KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP:-} =~ EXTERNAL:([a-zA-Z_]*) ]]; then
external_client_protocol="${BASH_REMATCH[1]}"
kafka_configure_external_client_communications "$external_client_protocol"
fi
if [[ "${internal_protocol:-}" =~ "SASL" || "${client_protocol:-}" =~ "SASL" || "${external_client_protocol:-}" =~ "SASL" ]] || [[ "${KAFKA_ZOOKEEPER_PROTOCOL}" =~ SASL ]]; then
if [[ -n "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" ]]; then
kafka_server_conf_set sasl.enabled.mechanisms "$KAFKA_CFG_SASL_ENABLED_MECHANISMS"
kafka_generate_jaas_authentication_file "${internal_protocol:-}" "${client_protocol:-}"
[[ "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" =~ "SCRAM" ]] && kafka_create_sasl_scram_zookeeper_users
else
print_validation_error "Specified SASL protocol but no SASL mechanisms provided in KAFKA_CFG_SASL_ENABLED_MECHANISMS"
fi
fi
# Remove security.inter.broker.protocol if KAFKA_CFG_INTER_BROKER_LISTENER_NAME is configured
if [[ -n "${KAFKA_CFG_INTER_BROKER_LISTENER_NAME:-}" ]]; then
remove_in_file "$KAFKA_CONF_FILE" "security.inter.broker.protocol" false
fi
kafka_configure_producer_consumer_message_sizes
fi
true
}
########################
# Run custom initialization scripts
# Globals:
# KAFKA_*
# Arguments:
# None
# Returns:
# None
#########################
kafka_custom_init_scripts() {
if [[ -n $(find "${KAFKA_INITSCRIPTS_DIR}/" -type f -regex ".*\.\(sh\)") ]] && [[ ! -f "${KAFKA_VOLUME_DIR}/.user_scripts_initialized" ]]; then
info "Loading user's custom files from $KAFKA_INITSCRIPTS_DIR"
for f in /docker-entrypoint-initdb.d/*; do
debug "Executing $f"
case "$f" in
*.sh)
if [[ -x "$f" ]]; then
if ! "$f"; then
error "Failed executing $f"
return 1
fi
else
warn "Sourcing $f as it is not executable by the current user, any error may cause initialization to fail"
. "$f"
fi
;;
*)
warn "Skipping $f, supported formats are: .sh"
;;
esac
done
touch "$KAFKA_VOLUME_DIR"/.user_scripts_initialized
fi
}
########################
# Check if Kafka is running
# Globals:
# KAFKA_PID_FILE
# Arguments:
# None
# Returns:
# Whether Kafka is running
########################
is_kafka_running() {
local pid
pid="$(get_pid_from_file "$KAFKA_PID_FILE")"
if [[ -n "$pid" ]]; then
is_service_running "$pid"
else
false
fi
}
########################
# Check if Kafka is running
# Globals:
# KAFKA_PID_FILE
# Arguments:
# None
# Returns:
# Whether Kafka is not running
########################
is_kafka_not_running() {
! is_kafka_running
}
########################
# Stop Kafka
# Globals:
# KAFKA_PID_FILE
# Arguments:
# None
# Returns:
# None
#########################
kafka_stop() {
! is_kafka_running && return
stop_service_using_pid "$KAFKA_PID_FILE" TERM
}

5
bitnami/kafka/3.3/debian-11/tags-info.yaml Normal file
View File

@ -0,0 +1,5 @@
rolling-tags:
- "3.3"
- "3.3-debian-11"
- "3.3.1"
- "latest"

6
bitnami/kafka/docker-compose-cluster.yml
View File

@ -10,7 +10,7 @@ services:
volumes:
- zookeeper_data:/bitnami/zookeeper
kafka-0:
image: docker.io/bitnami/kafka:3.2
image: docker.io/bitnami/kafka:3.3
ports:
- "9092"
environment:
@ -22,7 +22,7 @@ services:
depends_on:
- zookeeper
kafka-1:
image: docker.io/bitnami/kafka:3.2
image: docker.io/bitnami/kafka:3.3
ports:
- "9092"
environment:
@ -34,7 +34,7 @@ services:
depends_on:
- zookeeper
kafka-2:
image: docker.io/bitnami/kafka:3.2
image: docker.io/bitnami/kafka:3.3
ports:
- "9092"
environment:

2
bitnami/kafka/docker-compose.yml
View File

@ -10,7 +10,7 @@ services:
environment:
- ALLOW_ANONYMOUS_LOGIN=yes
kafka:
image: docker.io/bitnami/kafka:3.2
image: docker.io/bitnami/kafka:3.3
ports:
- "9092:9092"
volumes: