public_git
/
bitnami-containers
mirror of https://github.com/bitnami/containers.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

[bitnami/geode] Remove bitnami/geode container (#15573) 

Signed-off-by: Miguel Ruiz <miruiz@vmware.com>

Signed-off-by: Miguel Ruiz <miruiz@vmware.com>
This commit is contained in:
Miguel Ruiz 2022-12-01 17:55:11 +01:00 committed by GitHub
parent 27ced7e5da
commit ff694ac964
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
29 changed files with 0 additions and 4126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
bitnami/geode/1/debian-11/Dockerfile
View File

@ -1,56 +0,0 @@
FROM docker.io/bitnami/minideb:bullseye
ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security"
ARG TARGETARCH
LABEL org.opencontainers.image.authors="https://bitnami.com/contact" \
org.opencontainers.image.description="Application packaged by Bitnami" \
org.opencontainers.image.ref.name="1.15.1-debian-11-r14" \
org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/geode" \
org.opencontainers.image.title="geode" \
org.opencontainers.image.vendor="VMware, Inc." \
org.opencontainers.image.version="1.15.1"
ENV HOME="/" \
OS_ARCH="${TARGETARCH:-amd64}" \
OS_FLAVOUR="debian-11" \
OS_NAME="linux"
COPY prebuildfs /
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
# Install required system packages and dependencies
RUN install_packages ca-certificates curl jq libgcc-s1 ncurses-bin procps
RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \
COMPONENTS=( \
"java-1.8.352-2-linux-${OS_ARCH}-debian-11" \
"gosu-1.14.0-156-linux-${OS_ARCH}-debian-11" \
"geode-1.15.1-0-linux-${OS_ARCH}-debian-11" \
) && \
for COMPONENT in "${COMPONENTS[@]}"; do \
if [ ! -f "${COMPONENT}.tar.gz" ]; then \
curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz" -O ; \
curl -SsLf "https://downloads.bitnami.com/files/stacksmith/${COMPONENT}.tar.gz.sha256" -O ; \
fi && \
sha256sum -c "${COMPONENT}.tar.gz.sha256" && \
tar -zxf "${COMPONENT}.tar.gz" -C /opt/bitnami --strip-components=2 --no-same-owner --wildcards '*/files' && \
rm -rf "${COMPONENT}".tar.gz{,.sha256} ; \
done
RUN apt-get autoremove --purge -y curl && \
apt-get update && apt-get upgrade -y && \
apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives
RUN chmod g+rwX /opt/bitnami
COPY rootfs /
RUN /opt/bitnami/scripts/geode/postunpack.sh
RUN /opt/bitnami/scripts/java/postunpack.sh
ENV APP_VERSION="1.15.1" \
BITNAMI_APP_NAME="geode" \
JAVA_HOME="/opt/bitnami/java" \
PATH="/opt/bitnami/java/bin:/opt/bitnami/common/bin:/opt/bitnami/geode/bin:$PATH"
EXPOSE 1099 7070 10334 40404
WORKDIR /opt/bitnami/geode
USER 1001
ENTRYPOINT [ "/opt/bitnami/scripts/geode/entrypoint.sh" ]
CMD [ "/opt/bitnami/scripts/geode/run.sh" ]

20
bitnami/geode/1/debian-11/docker-compose.yml
View File

@ -1,20 +0,0 @@
version: '2.1'
services:
geode:
image: docker.io/bitnami/geode:1
ports:
- 7070:7070
environment:
- GEODE_NODE_NAME=geode
- GEODE_ADVERTISED_HOSTNAME=localhost
# ALLOW_EMPTY_PASSWORD is recommended only for development.
- ALLOW_EMPTY_PASSWORD=yes
healthcheck:
test: gfsh status locator --dir /bitnami/geode/data >/dev/null 2>&1 || exit 1
volumes:
- 'geode_data:/bitnami/geode'
volumes:
geode_data:
driver: local

23
bitnami/geode/1/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json
View File

@ -1,23 +0,0 @@
{
"geode": {
"arch": "amd64",
"digest": "c07ec4452edb8ce935b38be4ea19219287ce3686c504a8b4f309aec400edf09f",
"distro": "debian-11",
"type": "NAMI",
"version": "1.15.1-0"
},
"gosu": {
"arch": "amd64",
"digest": "7969f4cc8ad0a260f891cccf5694686a513f4706b48771d605645be1f3f072e2",
"distro": "debian-11",
"type": "NAMI",
"version": "1.14.0-156"
},
"java": {
"arch": "amd64",
"digest": "1214b3b5e02e9ea11c64f67dda24648ded9f896552bafb7ceaabea026a61cba7",
"distro": "debian-11",
"type": "NAMI",
"version": "1.8.352-2"
}
}

3
bitnami/geode/1/debian-11/prebuildfs/opt/bitnami/licenses/licenses.txt
View File

@ -1,3 +0,0 @@
Bitnami containers ship with software bundles. You can find the licenses under:
/opt/bitnami/nami/COPYING
/opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt

51
bitnami/geode/1/debian-11/prebuildfs/opt/bitnami/scripts/libbitnami.sh
View File

@ -1,51 +0,0 @@
#!/bin/bash
#
# Bitnami custom library
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
# Constants
BOLD='\033[1m'
# Functions
########################
# Print the welcome page
# Globals:
# DISABLE_WELCOME_MESSAGE
# BITNAMI_APP_NAME
# Arguments:
# None
# Returns:
# None
#########################
print_welcome_page() {
if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then
if [[ -n "$BITNAMI_APP_NAME" ]]; then
print_image_welcome_page
fi
fi
}
########################
# Print the welcome page for a Bitnami Docker image
# Globals:
# BITNAMI_APP_NAME
# Arguments:
# None
# Returns:
# None
#########################
print_image_welcome_page() {
local github_url="https://github.com/bitnami/containers"
log ""
log "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}"
log "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}"
log "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}"
log ""
}

139
bitnami/geode/1/debian-11/prebuildfs/opt/bitnami/scripts/libfile.sh
View File

@ -1,139 +0,0 @@
#!/bin/bash
#
# Library for managing files
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/libos.sh
# Functions
########################
# Replace a regex-matching string in a file
# Arguments:
# $1 - filename
# $2 - match regex
# $3 - substitute regex
# $4 - use POSIX regex. Default: true
# Returns:
# None
#########################
replace_in_file() {
local filename="${1:?filename is required}"
local match_regex="${2:?match regex is required}"
local substitute_regex="${3:?substitute regex is required}"
local posix_regex=${4:-true}
local result
# We should avoid using 'sed in-place' substitutions
# 1) They are not compatible with files mounted from ConfigMap(s)
# 2) We found incompatibility issues with Debian10 and "in-place" substitutions
local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues
if [[ $posix_regex = true ]]; then
result="$(sed -E "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")"
else
result="$(sed "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")"
fi
echo "$result" > "$filename"
}
########################
# Replace a regex-matching multiline string in a file
# Arguments:
# $1 - filename
# $2 - match regex
# $3 - substitute regex
# Returns:
# None
#########################
replace_in_file_multiline() {
local filename="${1:?filename is required}"
local match_regex="${2:?match regex is required}"
local substitute_regex="${3:?substitute regex is required}"
local result
local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues
result="$(perl -pe "BEGIN{undef $/;} s${del}${match_regex}${del}${substitute_regex}${del}sg" "$filename")"
echo "$result" > "$filename"
}
########################
# Remove a line in a file based on a regex
# Arguments:
# $1 - filename
# $2 - match regex
# $3 - use POSIX regex. Default: true
# Returns:
# None
#########################
remove_in_file() {
local filename="${1:?filename is required}"
local match_regex="${2:?match regex is required}"
local posix_regex=${3:-true}
local result
# We should avoid using 'sed in-place' substitutions
# 1) They are not compatible with files mounted from ConfigMap(s)
# 2) We found incompatibility issues with Debian10 and "in-place" substitutions
if [[ $posix_regex = true ]]; then
result="$(sed -E "/$match_regex/d" "$filename")"
else
result="$(sed "/$match_regex/d" "$filename")"
fi
echo "$result" > "$filename"
}
########################
# Appends text after the last line matching a pattern
# Arguments:
# $1 - file
# $2 - match regex
# $3 - contents to add
# Returns:
# None
#########################
append_file_after_last_match() {
local file="${1:?missing file}"
local match_regex="${2:?missing pattern}"
local value="${3:?missing value}"
# We read the file in reverse, replace the first match (0,/pattern/s) and then reverse the results again
result="$(tac "$file" | sed -E "0,/($match_regex)/s||${value}\n\1|" | tac)"
echo "$result" > "$file"
}
########################
# Wait until certain entry is present in a log file
# Arguments:
# $1 - entry to look for
# $2 - log file
# $3 - max retries. Default: 12
# $4 - sleep between retries (in seconds). Default: 5
# Returns:
# Boolean
#########################
wait_for_log_entry() {
local -r entry="${1:-missing entry}"
local -r log_file="${2:-missing log file}"
local -r retries="${3:-12}"
local -r interval_time="${4:-5}"
local attempt=0
check_log_file_for_entry() {
if ! grep -qE "$entry" "$log_file"; then
debug "Entry \"${entry}\" still not present in ${log_file} (attempt $((++attempt))/${retries})"
return 1
fi
}
debug "Checking that ${log_file} log file contains entry \"${entry}\""
if retry_while check_log_file_for_entry "$retries" "$interval_time"; then
debug "Found entry \"${entry}\" in ${log_file}"
true
else
error "Could not find entry \"${entry}\" in ${log_file} after ${retries} retries"
debug_execute cat "$log_file"
return 1
fi
}

191
bitnami/geode/1/debian-11/prebuildfs/opt/bitnami/scripts/libfs.sh
View File

@ -1,191 +0,0 @@
#!/bin/bash
#
# Library for file system actions
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
# Functions
########################
# Ensure a file/directory is owned (user and group) but the given user
# Arguments:
# $1 - filepath
# $2 - owner
# Returns:
# None
#########################
owned_by() {
local path="${1:?path is missing}"
local owner="${2:?owner is missing}"
local group="${3:-}"
if [[ -n $group ]]; then
chown "$owner":"$group" "$path"
else
chown "$owner":"$owner" "$path"
fi
}
########################
# Ensure a directory exists and, optionally, is owned by the given user
# Arguments:
# $1 - directory
# $2 - owner
# Returns:
# None
#########################
ensure_dir_exists() {
local dir="${1:?directory is missing}"
local owner_user="${2:-}"
local owner_group="${3:-}"
mkdir -p "${dir}"
if [[ -n $owner_user ]]; then
owned_by "$dir" "$owner_user" "$owner_group"
fi
}
########################
# Checks whether a directory is empty or not
# arguments:
# $1 - directory
# returns:
# boolean
#########################
is_dir_empty() {
local -r path="${1:?missing directory}"
# Calculate real path in order to avoid issues with symlinks
local -r dir="$(realpath "$path")"
if [[ ! -e "$dir" ]] || [[ -z "$(ls -A "$dir")" ]]; then
true
else
false
fi
}
########################
# Checks whether a mounted directory is empty or not
# arguments:
# $1 - directory
# returns:
# boolean
#########################
is_mounted_dir_empty() {
local dir="${1:?missing directory}"
if is_dir_empty "$dir" || find "$dir" -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" -exec false {} +; then
true
else
false
fi
}
########################
# Checks whether a file can be written to or not
# arguments:
# $1 - file
# returns:
# boolean
#########################
is_file_writable() {
local file="${1:?missing file}"
local dir
dir="$(dirname "$file")"
if [[ (-f "$file" && -w "$file") || (! -f "$file" && -d "$dir" && -w "$dir") ]]; then
true
else
false
fi
}
########################
# Relativize a path
# arguments:
# $1 - path
# $2 - base
# returns:
# None
#########################
relativize() {
local -r path="${1:?missing path}"
local -r base="${2:?missing base}"
pushd "$base" >/dev/null || exit
realpath -q --no-symlinks --relative-base="$base" "$path" | sed -e 's|^/$|.|' -e 's|^/||'
popd >/dev/null || exit
}
########################
# Configure permisions and ownership recursively
# Globals:
# None
# Arguments:
# $1 - paths (as a string).
# Flags:
# -f|--file-mode - mode for directories.
# -d|--dir-mode - mode for files.
# -u|--user - user
# -g|--group - group
# Returns:
# None
#########################
configure_permissions_ownership() {
local -r paths="${1:?paths is missing}"
local dir_mode=""
local file_mode=""
local user=""
local group=""
# Validate arguments
shift 1
while [ "$#" -gt 0 ]; do
case "$1" in
-f | --file-mode)
shift
file_mode="${1:?missing mode for files}"
;;
-d | --dir-mode)
shift
dir_mode="${1:?missing mode for directories}"
;;
-u | --user)
shift
user="${1:?missing user}"
;;
-g | --group)
shift
group="${1:?missing group}"
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
read -r -a filepaths <<<"$paths"
for p in "${filepaths[@]}"; do
if [[ -e "$p" ]]; then
find -L "$p" -printf ""
if [[ -n $dir_mode ]]; then
find -L "$p" -type d ! -perm "$dir_mode" -print0 | xargs -r -0 chmod "$dir_mode"
fi
if [[ -n $file_mode ]]; then
find -L "$p" -type f ! -perm "$file_mode" -print0 | xargs -r -0 chmod "$file_mode"
fi
if [[ -n $user ]] && [[ -n $group ]]; then
find -L "$p" -print0 | xargs -r -0 chown "${user}:${group}"
elif [[ -n $user ]] && [[ -z $group ]]; then
find -L "$p" -print0 | xargs -r -0 chown "${user}"
elif [[ -z $user ]] && [[ -n $group ]]; then
find -L "$p" -print0 | xargs -r -0 chgrp "${group}"
fi
else
stderr_print "$p does not exist"
fi
done
}

16
bitnami/geode/1/debian-11/prebuildfs/opt/bitnami/scripts/libhook.sh
View File

@ -1,16 +0,0 @@
#!/bin/bash
#
# Library to use for scripts expected to be used as Kubernetes lifecycle hooks
# shellcheck disable=SC1091
# Load generic libraries
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libos.sh
# Override functions that log to stdout/stderr of the current process, so they print to process 1
for function_to_override in stderr_print debug_execute; do
# Output is sent to output of process 1 and thus end up in the container log
# The hook output in general isn't saved
eval "$(declare -f "$function_to_override") >/proc/1/fd/1 2>/proc/1/fd/2"
done

112
bitnami/geode/1/debian-11/prebuildfs/opt/bitnami/scripts/liblog.sh
View File

@ -1,112 +0,0 @@
#!/bin/bash
#
# Library for logging functions
# Constants
RESET='\033[0m'
RED='\033[38;5;1m'
GREEN='\033[38;5;2m'
YELLOW='\033[38;5;3m'
MAGENTA='\033[38;5;5m'
CYAN='\033[38;5;6m'
# Functions
########################
# Print to STDERR
# Arguments:
# Message to print
# Returns:
# None
#########################
stderr_print() {
# 'is_boolean_yes' is defined in libvalidations.sh, but depends on this file so we cannot source it
local bool="${BITNAMI_QUIET:-false}"
# comparison is performed without regard to the case of alphabetic characters
shopt -s nocasematch
if ! [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then
printf "%b\\n" "${*}" >&2
fi
}
########################
# Log message
# Arguments:
# Message to log
# Returns:
# None
#########################
log() {
stderr_print "${CYAN}${MODULE:-} ${MAGENTA}$(date "+%T.%2N ")${RESET}${*}"
}
########################
# Log an 'info' message
# Arguments:
# Message to log
# Returns:
# None
#########################
info() {
log "${GREEN}INFO ${RESET} ==> ${*}"
}
########################
# Log message
# Arguments:
# Message to log
# Returns:
# None
#########################
warn() {
log "${YELLOW}WARN ${RESET} ==> ${*}"
}
########################
# Log an 'error' message
# Arguments:
# Message to log
# Returns:
# None
#########################
error() {
log "${RED}ERROR${RESET} ==> ${*}"
}
########################
# Log a 'debug' message
# Globals:
# BITNAMI_DEBUG
# Arguments:
# None
# Returns:
# None
#########################
debug() {
# 'is_boolean_yes' is defined in libvalidations.sh, but depends on this file so we cannot source it
local bool="${BITNAMI_DEBUG:-false}"
# comparison is performed without regard to the case of alphabetic characters
shopt -s nocasematch
if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then
log "${MAGENTA}DEBUG${RESET} ==> ${*}"
fi
}
########################
# Indent a string
# Arguments:
# $1 - string
# $2 - number of indentation characters (default: 4)
# $3 - indentation character (default: " ")
# Returns:
# None
#########################
indent() {
local string="${1:-}"
local num="${2:?missing num}"
local char="${3:-" "}"
# Build the indentation unit string
local indent_unit=""
for ((i = 0; i < num; i++)); do
indent_unit="${indent_unit}${char}"
done
# shellcheck disable=SC2001
# Complex regex, see https://github.com/koalaman/shellcheck/wiki/SC2001#exceptions
echo "$string" | sed "s/^/${indent_unit}/"
}

163
bitnami/geode/1/debian-11/prebuildfs/opt/bitnami/scripts/libnet.sh
View File

@ -1,163 +0,0 @@
#!/bin/bash
#
# Library for network functions
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
# Functions
########################
# Resolve IP address for a host/domain (i.e. DNS lookup)
# Arguments:
# $1 - Hostname to resolve
# $2 - IP address version (v4, v6), leave empty for resolving to any version
# Returns:
# IP
#########################
dns_lookup() {
local host="${1:?host is missing}"
local ip_version="${2:-}"
getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1
}
#########################
# Wait for a hostname and return the IP
# Arguments:
# $1 - hostname
# $2 - number of retries
# $3 - seconds to wait between retries
# Returns:
# - IP address that corresponds to the hostname
#########################
wait_for_dns_lookup() {
local hostname="${1:?hostname is missing}"
local retries="${2:-5}"
local seconds="${3:-1}"
check_host() {
if [[ $(dns_lookup "$hostname") == "" ]]; then
false
else
true
fi
}
# Wait for the host to be ready
retry_while "check_host ${hostname}" "$retries" "$seconds"
dns_lookup "$hostname"
}
########################
# Get machine's IP
# Arguments:
# None
# Returns:
# Machine IP
#########################
get_machine_ip() {
local -a ip_addresses
local hostname
hostname="$(hostname)"
read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)"
if [[ "${#ip_addresses[@]}" -gt 1 ]]; then
warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}"
elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then
error "Could not find any IP address associated to hostname ${hostname}"
exit 1
fi
echo "${ip_addresses[0]}"
}
########################
# Check if the provided argument is a resolved hostname
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_hostname_resolved() {
local -r host="${1:?missing value}"
if [[ -n "$(dns_lookup "$host")" ]]; then
true
else
false
fi
}
########################
# Parse URL
# Globals:
# None
# Arguments:
# $1 - uri - String
# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String
# Returns:
# String
parse_uri() {
local uri="${1:?uri is missing}"
local component="${2:?component is missing}"
# Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with
# additional sub-expressions to split authority into userinfo, host and port
# Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969)
local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?'
# || | ||| | | | | | | | | |
# |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment
# 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #...
# | 4 authority
# 3 //...
local index=0
case "$component" in
scheme)
index=2
;;
authority)
index=4
;;
userinfo)
index=6
;;
host)
index=7
;;
port)
index=9
;;
path)
index=10
;;
query)
index=13
;;
fragment)
index=14
;;
*)
stderr_print "unrecognized component $component"
return 1
;;
esac
[[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}"
}
########################
# Wait for a HTTP connection to succeed
# Globals:
# *
# Arguments:
# $1 - URL to wait for
# $2 - Maximum amount of retries (optional)
# $3 - Time between retries (optional)
# Returns:
# true if the HTTP connection succeeded, false otherwise
#########################
wait_for_http_connection() {
local url="${1:?missing url}"
local retries="${2:-}"
local sleep_time="${3:-}"
if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then
error "Could not connect to ${url}"
return 1
fi
}

555
bitnami/geode/1/debian-11/prebuildfs/opt/bitnami/scripts/libos.sh
View File

@ -1,555 +0,0 @@
#!/bin/bash
#
# Library for operating system actions
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libfs.sh
. /opt/bitnami/scripts/libvalidations.sh
# Functions
########################
# Check if an user exists in the system
# Arguments:
# $1 - user
# Returns:
# Boolean
#########################
user_exists() {
local user="${1:?user is missing}"
id "$user" >/dev/null 2>&1
}
########################
# Check if a group exists in the system
# Arguments:
# $1 - group
# Returns:
# Boolean
#########################
group_exists() {
local group="${1:?group is missing}"
getent group "$group" >/dev/null 2>&1
}
########################
# Create a group in the system if it does not exist already
# Arguments:
# $1 - group
# Flags:
# -i|--gid - the ID for the new group
# -s|--system - Whether to create new user as system user (uid <= 999)
# Returns:
# None
#########################
ensure_group_exists() {
local group="${1:?group is missing}"
local gid=""
local is_system_user=false
# Validate arguments
shift 1
while [ "$#" -gt 0 ]; do
case "$1" in
-i | --gid)
shift
gid="${1:?missing gid}"
;;
-s | --system)
is_system_user=true
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
if ! group_exists "$group"; then
local -a args=("$group")
if [[ -n "$gid" ]]; then
if group_exists "$gid"; then
error "The GID $gid is already in use." >&2
return 1
fi
args+=("--gid" "$gid")
fi
$is_system_user && args+=("--system")
groupadd "${args[@]}" >/dev/null 2>&1
fi
}
########################
# Create an user in the system if it does not exist already
# Arguments:
# $1 - user
# Flags:
# -i|--uid - the ID for the new user
# -g|--group - the group the new user should belong to
# -a|--append-groups - comma-separated list of supplemental groups to append to the new user
# -h|--home - the home directory for the new user
# -s|--system - whether to create new user as system user (uid <= 999)
# Returns:
# None
#########################
ensure_user_exists() {
local user="${1:?user is missing}"
local uid=""
local group=""
local append_groups=""
local home=""
local is_system_user=false
# Validate arguments
shift 1
while [ "$#" -gt 0 ]; do
case "$1" in
-i | --uid)
shift
uid="${1:?missing uid}"
;;
-g | --group)
shift
group="${1:?missing group}"
;;
-a | --append-groups)
shift
append_groups="${1:?missing append_groups}"
;;
-h | --home)
shift
home="${1:?missing home directory}"
;;
-s | --system)
is_system_user=true
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
if ! user_exists "$user"; then
local -a user_args=("-N" "$user")
if [[ -n "$uid" ]]; then
if user_exists "$uid"; then
error "The UID $uid is already in use."
return 1
fi
user_args+=("--uid" "$uid")
else
$is_system_user && user_args+=("--system")
fi
useradd "${user_args[@]}" >/dev/null 2>&1
fi
if [[ -n "$group" ]]; then
local -a group_args=("$group")
$is_system_user && group_args+=("--system")
ensure_group_exists "${group_args[@]}"
usermod -g "$group" "$user" >/dev/null 2>&1
fi
if [[ -n "$append_groups" ]]; then
local -a groups
read -ra groups <<<"$(tr ',;' ' ' <<<"$append_groups")"
for group in "${groups[@]}"; do
ensure_group_exists "$group"
usermod -aG "$group" "$user" >/dev/null 2>&1
done
fi
if [[ -n "$home" ]]; then
mkdir -p "$home"
usermod -d "$home" "$user" >/dev/null 2>&1
configure_permissions_ownership "$home" -d "775" -f "664" -u "$user" -g "$group"
fi
}
########################
# Check if the script is currently running as root
# Arguments:
# $1 - user
# $2 - group
# Returns:
# Boolean
#########################
am_i_root() {
if [[ "$(id -u)" = "0" ]]; then
true
else
false
fi
}
########################
# Print OS metadata
# Arguments:
# $1 - Flag name
# Flags:
# --id - Distro ID
# --version - Distro version
# --branch - Distro branch
# --codename - Distro codename
# --name - Distro name
# --pretty-name - Distro pretty name
# Returns:
# String
#########################
get_os_metadata() {
local -r flag_name="${1:?missing flag}"
# Helper function
get_os_release_metadata() {
local -r env_name="${1:?missing environment variable name}"
(
. /etc/os-release
echo "${!env_name}"
)
}
case "$flag_name" in
--id)
get_os_release_metadata ID
;;
--version)
get_os_release_metadata VERSION_ID
;;
--branch)
get_os_release_metadata VERSION_ID | sed 's/\..*//'
;;
--codename)
get_os_release_metadata VERSION_CODENAME
;;
--name)
get_os_release_metadata NAME
;;
--pretty-name)
get_os_release_metadata PRETTY_NAME
;;
*)
error "Unknown flag ${flag_name}"
return 1
;;
esac
}
########################
# Get total memory available
# Arguments:
# None
# Returns:
# Memory in bytes
#########################
get_total_memory() {
echo $(($(grep MemTotal /proc/meminfo | awk '{print $2}') / 1024))
}
########################
# Get machine size depending on specified memory
# Globals:
# None
# Arguments:
# None
# Flags:
# --memory - memory size (optional)
# Returns:
# Detected instance size
#########################
get_machine_size() {
local memory=""
# Validate arguments
while [[ "$#" -gt 0 ]]; do
case "$1" in
--memory)
shift
memory="${1:?missing memory}"
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
if [[ -z "$memory" ]]; then
debug "Memory was not specified, detecting available memory automatically"
memory="$(get_total_memory)"
fi
sanitized_memory=$(convert_to_mb "$memory")
if [[ "$sanitized_memory" -gt 26000 ]]; then
echo 2xlarge
elif [[ "$sanitized_memory" -gt 13000 ]]; then
echo xlarge
elif [[ "$sanitized_memory" -gt 6000 ]]; then
echo large
elif [[ "$sanitized_memory" -gt 3000 ]]; then
echo medium
elif [[ "$sanitized_memory" -gt 1500 ]]; then
echo small
else
echo micro
fi
}
########################
# Get machine size depending on specified memory
# Globals:
# None
# Arguments:
# $1 - memory size (optional)
# Returns:
# Detected instance size
#########################
get_supported_machine_sizes() {
echo micro small medium large xlarge 2xlarge
}
########################
# Convert memory size from string to amount of megabytes (i.e. 2G -> 2048)
# Globals:
# None
# Arguments:
# $1 - memory size
# Returns:
# Result of the conversion
#########################
convert_to_mb() {
local amount="${1:-}"
if [[ $amount =~ ^([0-9]+)(m|M|g|G) ]]; then
size="${BASH_REMATCH[1]}"
unit="${BASH_REMATCH[2]}"
if [[ "$unit" = "g" || "$unit" = "G" ]]; then
amount="$((size * 1024))"
else
amount="$size"
fi
fi
echo "$amount"
}
#########################
# Redirects output to /dev/null if debug mode is disabled
# Globals:
# BITNAMI_DEBUG
# Arguments:
# $@ - Command to execute
# Returns:
# None
#########################
debug_execute() {
if is_boolean_yes "${BITNAMI_DEBUG:-false}"; then
"$@"
else
"$@" >/dev/null 2>&1
fi
}
########################
# Retries a command a given number of times
# Arguments:
# $1 - cmd (as a string)
# $2 - max retries. Default: 12
# $3 - sleep between retries (in seconds). Default: 5
# Returns:
# Boolean
#########################
retry_while() {
local cmd="${1:?cmd is missing}"
local retries="${2:-12}"
local sleep_time="${3:-5}"
local return_value=1
read -r -a command <<<"$cmd"
for ((i = 1; i <= retries; i += 1)); do
"${command[@]}" && return_value=0 && break
sleep "$sleep_time"
done
return $return_value
}
########################
# Generate a random string
# Arguments:
# -t|--type - String type (ascii, alphanumeric, numeric), defaults to ascii
# -c|--count - Number of characters, defaults to 32
# Arguments:
# None
# Returns:
# None
# Returns:
# String
#########################
generate_random_string() {
local type="ascii"
local count="32"
local filter
local result
# Validate arguments
while [[ "$#" -gt 0 ]]; do
case "$1" in
-t | --type)
shift
type="$1"
;;
-c | --count)
shift
count="$1"
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
# Validate type
case "$type" in
ascii)
filter="[:print:]"
;;
alphanumeric)
filter="a-zA-Z0-9"
;;
numeric)
filter="0-9"
;;
*)
echo "Invalid type ${type}" >&2
return 1
;;
esac
# Obtain count + 10 lines from /dev/urandom to ensure that the resulting string has the expected size
# Note there is a very small chance of strings starting with EOL character
# Therefore, the higher amount of lines read, this will happen less frequently
result="$(head -n "$((count + 10))" /dev/urandom | tr -dc "$filter" | head -c "$count")"
echo "$result"
}
########################
# Create md5 hash from a string
# Arguments:
# $1 - string
# Returns:
# md5 hash - string
#########################
generate_md5_hash() {
local -r str="${1:?missing input string}"
echo -n "$str" | md5sum | awk '{print $1}'
}
########################
# Create sha1 hash from a string
# Arguments:
# $1 - string
# $2 - algorithm - 1 (default), 224, 256, 384, 512
# Returns:
# sha1 hash - string
#########################
generate_sha_hash() {
local -r str="${1:?missing input string}"
local -r algorithm="${2:-1}"
echo -n "$str" | "sha${algorithm}sum" | awk '{print $1}'
}
########################
# Converts a string to its hexadecimal representation
# Arguments:
# $1 - string
# Returns:
# hexadecimal representation of the string
#########################
convert_to_hex() {
local -r str=${1:?missing input string}
local -i iterator
local char
for ((iterator = 0; iterator < ${#str}; iterator++)); do
char=${str:iterator:1}
printf '%x' "'${char}"
done
}
########################
# Get boot time
# Globals:
# None
# Arguments:
# None
# Returns:
# Boot time metadata
#########################
get_boot_time() {
stat /proc --format=%Y
}
########################
# Get machine ID
# Globals:
# None
# Arguments:
# None
# Returns:
# Machine ID
#########################
get_machine_id() {
local machine_id
if [[ -f /etc/machine-id ]]; then
machine_id="$(cat /etc/machine-id)"
fi
if [[ -z "$machine_id" ]]; then
# Fallback to the boot-time, which will at least ensure a unique ID in the current session
machine_id="$(get_boot_time)"
fi
echo "$machine_id"
}
########################
# Get the root partition's disk device ID (e.g. /dev/sda1)
# Globals:
# None
# Arguments:
# None
# Returns:
# Root partition disk ID
#########################
get_disk_device_id() {
local device_id=""
if grep -q ^/dev /proc/mounts; then
device_id="$(grep ^/dev /proc/mounts | awk '$2 == "/" { print $1 }' | tail -1)"
fi
# If it could not be autodetected, fallback to /dev/sda1 as a default
if [[ -z "$device_id" || ! -b "$device_id" ]]; then
device_id="/dev/sda1"
fi
echo "$device_id"
}
########################
# Get the root disk device ID (e.g. /dev/sda)
# Globals:
# None
# Arguments:
# None
# Returns:
# Root disk ID
#########################
get_root_disk_device_id() {
get_disk_device_id | sed -E 's/p?[0-9]+$//'
}
########################
# Get the root disk size in bytes
# Globals:
# None
# Arguments:
# None
# Returns:
# Root disk size in bytes
#########################
get_root_disk_size() {
fdisk -l "$(get_root_disk_device_id)" | grep 'Disk.*bytes' | sed -E 's/.*, ([0-9]+) bytes,.*/\1/' || true
}

122
bitnami/geode/1/debian-11/prebuildfs/opt/bitnami/scripts/libpersistence.sh
View File

@ -1,122 +0,0 @@
#!/bin/bash
#
# Bitnami persistence library
# Used for bringing persistence capabilities to applications that don't have clear separation of data and logic
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/libfs.sh
. /opt/bitnami/scripts/libos.sh
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libversion.sh
# Functions
########################
# Persist an application directory
# Globals:
# BITNAMI_ROOT_DIR
# BITNAMI_VOLUME_DIR
# Arguments:
# $1 - App folder name
# $2 - List of app files to persist
# Returns:
# true if all steps succeeded, false otherwise
#########################
persist_app() {
local -r app="${1:?missing app}"
local -a files_to_restore
read -r -a files_to_persist <<< "$(tr ',;:' ' ' <<< "$2")"
local -r install_dir="${BITNAMI_ROOT_DIR}/${app}"
local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}"
# Persist the individual files
if [[ "${#files_to_persist[@]}" -le 0 ]]; then
warn "No files are configured to be persisted"
return
fi
pushd "$install_dir" >/dev/null || exit
local file_to_persist_relative file_to_persist_destination file_to_persist_destination_folder
local -r tmp_file="/tmp/perms.acl"
for file_to_persist in "${files_to_persist[@]}"; do
if [[ ! -f "$file_to_persist" && ! -d "$file_to_persist" ]]; then
error "Cannot persist '${file_to_persist}' because it does not exist"
return 1
fi
file_to_persist_relative="$(relativize "$file_to_persist" "$install_dir")"
file_to_persist_destination="${persist_dir}/${file_to_persist_relative}"
file_to_persist_destination_folder="$(dirname "$file_to_persist_destination")"
# Get original permissions for existing files, which will be applied later
# Exclude the root directory with 'sed', to avoid issues when copying the entirety of it to a volume
getfacl -R "$file_to_persist_relative" | sed -E '/# file: (\..+|[^.])/,$!d' > "$tmp_file"
# Copy directories to the volume
ensure_dir_exists "$file_to_persist_destination_folder"
cp -Lr --preserve=links "$file_to_persist_relative" "$file_to_persist_destination_folder"
# Restore permissions
pushd "$persist_dir" >/dev/null || exit
if am_i_root; then
setfacl --restore="$tmp_file"
else
# When running as non-root, don't change ownership
setfacl --restore=<(grep -E -v '^# (owner|group):' "$tmp_file")
fi
popd >/dev/null || exit
done
popd >/dev/null || exit
rm -f "$tmp_file"
# Install the persisted files into the installation directory, via symlinks
restore_persisted_app "$@"
}
########################
# Restore a persisted application directory
# Globals:
# BITNAMI_ROOT_DIR
# BITNAMI_VOLUME_DIR
# FORCE_MAJOR_UPGRADE
# Arguments:
# $1 - App folder name
# $2 - List of app files to restore
# Returns:
# true if all steps succeeded, false otherwise
#########################
restore_persisted_app() {
local -r app="${1:?missing app}"
local -a files_to_restore
read -r -a files_to_restore <<< "$(tr ',;:' ' ' <<< "$2")"
local -r install_dir="${BITNAMI_ROOT_DIR}/${app}"
local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}"
# Restore the individual persisted files
if [[ "${#files_to_restore[@]}" -le 0 ]]; then
warn "No persisted files are configured to be restored"
return
fi
local file_to_restore_relative file_to_restore_origin file_to_restore_destination
for file_to_restore in "${files_to_restore[@]}"; do
file_to_restore_relative="$(relativize "$file_to_restore" "$install_dir")"
# We use 'realpath --no-symlinks' to ensure that the case of '.' is covered and the directory is removed
file_to_restore_origin="$(realpath --no-symlinks "${install_dir}/${file_to_restore_relative}")"
file_to_restore_destination="$(realpath --no-symlinks "${persist_dir}/${file_to_restore_relative}")"
rm -rf "$file_to_restore_origin"
ln -sfn "$file_to_restore_destination" "$file_to_restore_origin"
done
}
########################
# Check if an application directory was already persisted
# Globals:
# BITNAMI_VOLUME_DIR
# Arguments:
# $1 - App folder name
# Returns:
# true if all steps succeeded, false otherwise
#########################
is_app_initialized() {
local -r app="${1:?missing app}"
local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}"
if ! is_mounted_dir_empty "$persist_dir"; then
true
else
false
fi
}

410
bitnami/geode/1/debian-11/prebuildfs/opt/bitnami/scripts/libservice.sh
View File

@ -1,410 +0,0 @@
#!/bin/bash
#
# Library for managing services
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/libvalidations.sh
. /opt/bitnami/scripts/liblog.sh
# Functions
########################
# Read the provided pid file and returns a PID
# Arguments:
# $1 - Pid file
# Returns:
# PID
#########################
get_pid_from_file() {
local pid_file="${1:?pid file is missing}"
if [[ -f "$pid_file" ]]; then
if [[ -n "$(< "$pid_file")" ]] && [[ "$(< "$pid_file")" -gt 0 ]]; then
echo "$(< "$pid_file")"
fi
fi
}
########################
# Check if a provided PID corresponds to a running service
# Arguments:
# $1 - PID
# Returns:
# Boolean
#########################
is_service_running() {
local pid="${1:?pid is missing}"
kill -0 "$pid" 2>/dev/null
}
########################
# Stop a service by sending a termination signal to its pid
# Arguments:
# $1 - Pid file
# $2 - Signal number (optional)
# Returns:
# None
#########################
stop_service_using_pid() {
local pid_file="${1:?pid file is missing}"
local signal="${2:-}"
local pid
pid="$(get_pid_from_file "$pid_file")"
[[ -z "$pid" ]] || ! is_service_running "$pid" && return
if [[ -n "$signal" ]]; then
kill "-${signal}" "$pid"
else
kill "$pid"
fi
local counter=10
while [[ "$counter" -ne 0 ]] && is_service_running "$pid"; do
sleep 1
counter=$((counter - 1))
done
}
########################
# Start cron daemon
# Arguments:
# None
# Returns:
# true if started correctly, false otherwise
#########################
cron_start() {
if [[ -x "/usr/sbin/cron" ]]; then
/usr/sbin/cron
elif [[ -x "/usr/sbin/crond" ]]; then
/usr/sbin/crond
else
false
fi
}
########################
# Generate a cron configuration file for a given service
# Arguments:
# $1 - Service name
# $2 - Command
# Flags:
# --run-as - User to run as (default: root)
# --schedule - Cron schedule configuration (default: * * * * *)
# Returns:
# None
#########################
generate_cron_conf() {
local service_name="${1:?service name is missing}"
local cmd="${2:?command is missing}"
local run_as="root"
local schedule="* * * * *"
local clean="true"
local clean="true"
# Parse optional CLI flags
shift 2
while [[ "$#" -gt 0 ]]; do
case "$1" in
--run-as)
shift
run_as="$1"
;;
--schedule)
shift
schedule="$1"
;;
--no-clean)
clean="false"
;;
*)
echo "Invalid command line flag ${1}" >&2
return 1
;;
esac
shift
done
mkdir -p /etc/cron.d
if "$clean"; then
echo "${schedule} ${run_as} ${cmd}" > /etc/cron.d/"$service_name"
else
echo "${schedule} ${run_as} ${cmd}" >> /etc/cron.d/"$service_name"
fi
}
########################
# Remove a cron configuration file for a given service
# Arguments:
# $1 - Service name
# Returns:
# None
#########################
remove_cron_conf() {
local service_name="${1:?service name is missing}"
local cron_conf_dir="/etc/monit/conf.d"
rm -f "${cron_conf_dir}/${service_name}"
}
########################
# Generate a monit configuration file for a given service
# Arguments:
# $1 - Service name
# $2 - Pid file
# $3 - Start command
# $4 - Stop command
# Flags:
# --disable - Whether to disable the monit configuration
# Returns:
# None
#########################
generate_monit_conf() {
local service_name="${1:?service name is missing}"
local pid_file="${2:?pid file is missing}"
local start_command="${3:?start command is missing}"
local stop_command="${4:?stop command is missing}"
local monit_conf_dir="/etc/monit/conf.d"
local disabled="no"
# Parse optional CLI flags
shift 4
while [[ "$#" -gt 0 ]]; do
case "$1" in
--disable)
disabled="yes"
;;
*)
echo "Invalid command line flag ${1}" >&2
return 1
;;
esac
shift
done
is_boolean_yes "$disabled" && conf_suffix=".disabled"
mkdir -p "$monit_conf_dir"
cat >"${monit_conf_dir}/${service_name}.conf${conf_suffix:-}" <<EOF
check process ${service_name}
with pidfile "${pid_file}"
start program = "${start_command}" with timeout 90 seconds
stop program = "${stop_command}" with timeout 90 seconds
EOF
}
########################
# Remove a monit configuration file for a given service
# Arguments:
# $1 - Service name
# Returns:
# None
#########################
remove_monit_conf() {
local service_name="${1:?service name is missing}"
local monit_conf_dir="/etc/monit/conf.d"
rm -f "${monit_conf_dir}/${service_name}.conf"
}
########################
# Generate a logrotate configuration file
# Arguments:
# $1 - Service name
# $2 - Log files pattern
# Flags:
# --period - Period
# --rotations - Number of rotations to store
# --extra - Extra options (Optional)
# Returns:
# None
#########################
generate_logrotate_conf() {
local service_name="${1:?service name is missing}"
local log_path="${2:?log path is missing}"
local period="weekly"
local rotations="150"
local extra=""
local logrotate_conf_dir="/etc/logrotate.d"
local var_name
# Parse optional CLI flags
shift 2
while [[ "$#" -gt 0 ]]; do
case "$1" in
--period|--rotations|--extra)
var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")"
shift
declare "$var_name"="${1:?"$var_name" is missing}"
;;
*)
echo "Invalid command line flag ${1}" >&2
return 1
;;
esac
shift
done
mkdir -p "$logrotate_conf_dir"
cat <<EOF | sed '/^\s*$/d' >"${logrotate_conf_dir}/${service_name}"
${log_path} {
${period}
rotate ${rotations}
dateext
compress
copytruncate
missingok
$(indent "$extra" 2)
}
EOF
}
########################
# Remove a logrotate configuration file
# Arguments:
# $1 - Service name
# Returns:
# None
#########################
remove_logrotate_conf() {
local service_name="${1:?service name is missing}"
local logrotate_conf_dir="/etc/logrotate.d"
rm -f "${logrotate_conf_dir}/${service_name}"
}
########################
# Generate a Systemd configuration file
# Arguments:
# $1 - Service name
# Flags:
# --exec-start - Start command (required)
# --exec-stop - Stop command (optional)
# --exec-reload - Reload command (optional)
# --name - Service full name (e.g. Apache HTTP Server, defaults to $1)
# --restart - When to restart the Systemd service after being stopped (defaults to always)
# --pid-file - Service PID file (required when --restart is set to always)
# --type - Systemd unit type (defaults to forking)
# --user - System user to start the service with
# --group - System group to start the service with
# --environment - Environment variable to define (multiple --environment options may be passed)
# Returns:
# None
#########################
generate_systemd_conf() {
local -r service_name="${1:?service name is missing}"
local -r systemd_units_dir="/etc/systemd/system"
local -r service_file="${systemd_units_dir}/bitnami.${service_name}.service"
# Default values
local name="$service_name"
local type="forking"
local user=""
local group=""
local environment=""
local exec_start=""
local exec_stop=""
local exec_reload=""
local restart="always"
local pid_file=""
# Parse CLI flags
shift
while [[ "$#" -gt 0 ]]; do
case "$1" in
--name \
| --type \
| --user \
| --group \
| --exec-start \
| --exec-stop \
| --exec-reload \
| --restart \
| --pid-file \
)
var_name="$(echo "$1" | sed -e "s/^--//" -e "s/-/_/g")"
shift
declare "$var_name"="${1:?"$var_name" is missing}"
;;
--environment)
shift
# It is possible to add multiple environment lines
[[ -n "$environment" ]] && environment+=$'\n'
environment+="Environment=${1:?"environment" is missing}"
;;
*)
echo "Invalid command line flag ${1}" >&2
return 1
;;
esac
shift
done
# Validate inputs
local error="no"
if [[ -z "$exec_start" ]]; then
error "The --exec-start option is required"
error="yes"
fi
if [[ "$restart" = "always" && -z "$pid_file" ]]; then
error "The --restart option cannot be set to 'always' if --pid-file is not set"
error="yes"
fi
if [[ "$error" != "no" ]]; then
return 1
fi
# Generate the Systemd unit
cat > "$service_file" <<EOF
[Unit]
Description=Bitnami service for ${name}
# Starting/stopping the main bitnami service should cause the same effect for this service
PartOf=bitnami.service
[Service]
Type=${type}
ExecStart=${exec_start}
EOF
# Optional stop and reload commands
if [[ -n "$exec_stop" ]]; then
cat >> "$service_file" <<EOF
ExecStop=${exec_stop}
EOF
fi
if [[ -n "$exec_reload" ]]; then
cat >> "$service_file" <<EOF
ExecReload=${exec_reload}
EOF
fi
# User and group
if [[ -n "$user" ]]; then
cat >> "$service_file" <<EOF
User=${user}
EOF
fi
if [[ -n "$group" ]]; then
cat >> "$service_file" <<EOF
Group=${group}
EOF
fi
# PID file allows to determine if the main process is running properly (for Restart=always)
if [[ -n "$pid_file" ]]; then
cat >> "$service_file" <<EOF
PIDFile=${pid_file}
EOF
fi
# Environment flags (may be specified multiple times in a unit)
if [[ -n "$environment" ]]; then
cat >> "$service_file" <<< "$environment"
fi
cat >> "$service_file" <<EOF
Restart=${restart}
# Optimizations
TimeoutSec=5min
IgnoreSIGPIPE=no
KillMode=mixed
# Limits
LimitNOFILE=infinity
# Configure output to appear in instance console output
StandardOutput=journal+console
[Install]
# Enabling/disabling the main bitnami service should cause the same effect for this service
WantedBy=bitnami.service
EOF
}

264
bitnami/geode/1/debian-11/prebuildfs/opt/bitnami/scripts/libvalidations.sh
View File

@ -1,264 +0,0 @@
#!/bin/bash
#
# Validation functions library
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
# Functions
########################
# Check if the provided argument is an integer
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_int() {
local -r int="${1:?missing value}"
if [[ "$int" =~ ^-?[0-9]+ ]]; then
true
else
false
fi
}
########################
# Check if the provided argument is a positive integer
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_positive_int() {
local -r int="${1:?missing value}"
if is_int "$int" && (( "${int}" >= 0 )); then
true
else
false
fi
}
########################
# Check if the provided argument is a boolean or is the string 'yes/true'
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_boolean_yes() {
local -r bool="${1:-}"
# comparison is performed without regard to the case of alphabetic characters
shopt -s nocasematch
if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then
true
else
false
fi
}
########################
# Check if the provided argument is a boolean yes/no value
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_yes_no_value() {
local -r bool="${1:-}"
if [[ "$bool" =~ ^(yes|no)$ ]]; then
true
else
false
fi
}
########################
# Check if the provided argument is a boolean true/false value
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_true_false_value() {
local -r bool="${1:-}"
if [[ "$bool" =~ ^(true|false)$ ]]; then
true
else
false
fi
}
########################
# Check if the provided argument is a boolean 1/0 value
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_1_0_value() {
local -r bool="${1:-}"
if [[ "$bool" =~ ^[10]$ ]]; then
true
else
false
fi
}
########################
# Check if the provided argument is an empty string or not defined
# Arguments:
# $1 - Value to check
# Returns:
# Boolean
#########################
is_empty_value() {
local -r val="${1:-}"
if [[ -z "$val" ]]; then
true
else
false
fi
}
########################
# Validate if the provided argument is a valid port
# Arguments:
# $1 - Port to validate
# Returns:
# Boolean and error message
#########################
validate_port() {
local value
local unprivileged=0
# Parse flags
while [[ "$#" -gt 0 ]]; do
case "$1" in
-unprivileged)
unprivileged=1
;;
--)
shift
break
;;
-*)
stderr_print "unrecognized flag $1"
return 1
;;
*)
break
;;
esac
shift
done
if [[ "$#" -gt 1 ]]; then
echo "too many arguments provided"
return 2
elif [[ "$#" -eq 0 ]]; then
stderr_print "missing port argument"
return 1
else
value=$1
fi
if [[ -z "$value" ]]; then
echo "the value is empty"
return 1
else
if ! is_int "$value"; then
echo "value is not an integer"
return 2
elif [[ "$value" -lt 0 ]]; then
echo "negative value provided"
return 2
elif [[ "$value" -gt 65535 ]]; then
echo "requested port is greater than 65535"
return 2
elif [[ "$unprivileged" = 1 && "$value" -lt 1024 ]]; then
echo "privileged port requested"
return 3
fi
fi
}
########################
# Validate if the provided argument is a valid IPv4 address
# Arguments:
# $1 - IP to validate
# Returns:
# Boolean
#########################
validate_ipv4() {
local ip="${1:?ip is missing}"
local stat=1
if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
read -r -a ip_array <<< "$(tr '.' ' ' <<< "$ip")"
[[ ${ip_array[0]} -le 255 && ${ip_array[1]} -le 255 \
&& ${ip_array[2]} -le 255 && ${ip_array[3]} -le 255 ]]
stat=$?
fi
return $stat
}
########################
# Validate a string format
# Arguments:
# $1 - String to validate
# Returns:
# Boolean
#########################
validate_string() {
local string
local min_length=-1
local max_length=-1
# Parse flags
while [ "$#" -gt 0 ]; do
case "$1" in
-min-length)
shift
min_length=${1:-}
;;
-max-length)
shift
max_length=${1:-}
;;
--)
shift
break
;;
-*)
stderr_print "unrecognized flag $1"
return 1
;;
*)
break
;;
esac
shift
done
if [ "$#" -gt 1 ]; then
stderr_print "too many arguments provided"
return 2
elif [ "$#" -eq 0 ]; then
stderr_print "missing string"
return 1
else
string=$1
fi
if [[ "$min_length" -ge 0 ]] && [[ "${#string}" -lt "$min_length" ]]; then
echo "string length is less than $min_length"
return 1
fi
if [[ "$max_length" -ge 0 ]] && [[ "${#string}" -gt "$max_length" ]]; then
echo "string length is great than $max_length"
return 1
fi
}

49
bitnami/geode/1/debian-11/prebuildfs/opt/bitnami/scripts/libversion.sh
View File

@ -1,49 +0,0 @@
#!/bin/bash
#
# Library for managing versions strings
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/liblog.sh
# Functions
########################
# Gets semantic version
# Arguments:
# $1 - version: string to extract major.minor.patch
# $2 - section: 1 to extract major, 2 to extract minor, 3 to extract patch
# Returns:
# array with the major, minor and release
#########################
get_sematic_version () {
local version="${1:?version is required}"
local section="${2:?section is required}"
local -a version_sections
#Regex to parse versions: x.y.z
local -r regex='([0-9]+)(\.([0-9]+)(\.([0-9]+))?)?'
if [[ "$version" =~ $regex ]]; then
local i=1
local j=1
local n=${#BASH_REMATCH[*]}
while [[ $i -lt $n ]]; do
if [[ -n "${BASH_REMATCH[$i]}" ]] && [[ "${BASH_REMATCH[$i]:0:1}" != '.' ]]; then
version_sections[$j]=${BASH_REMATCH[$i]}
((j++))
fi
((i++))
done
local number_regex='^[0-9]+$'
if [[ "$section" =~ $number_regex ]] && (( section > 0 )) && (( section <= 3 )); then
echo "${version_sections[$section]}"
return
else
stderr_print "Section allowed values are: 1, 2, and 3"
return 1
fi
fi
}

458
bitnami/geode/1/debian-11/prebuildfs/opt/bitnami/scripts/libwebserver.sh
View File

@ -1,458 +0,0 @@
#!/bin/bash
#
# Bitnami web server handler library
# shellcheck disable=SC1090,SC1091
# Load generic libraries
. /opt/bitnami/scripts/liblog.sh
########################
# Execute a command (or list of commands) with the web server environment and library loaded
# Globals:
# *
# Arguments:
# None
# Returns:
# None
#########################
web_server_execute() {
local -r web_server="${1:?missing web server}"
shift
# Run program in sub-shell to avoid web server environment getting loaded when not necessary
(
. "/opt/bitnami/scripts/lib${web_server}.sh"
. "/opt/bitnami/scripts/${web_server}-env.sh"
"$@"
)
}
########################
# Prints the list of enabled web servers
# Globals:
# None
# Arguments:
# None
# Returns:
# None
#########################
web_server_list() {
local -r -a supported_web_servers=(apache nginx)
local -a existing_web_servers=()
for web_server in "${supported_web_servers[@]}"; do
[[ -f "/opt/bitnami/scripts/${web_server}-env.sh" ]] && existing_web_servers+=("$web_server")
done
echo "${existing_web_servers[@]:-}"
}
########################
# Prints the currently-enabled web server type (only one, in order of preference)
# Globals:
# None
# Arguments:
# None
# Returns:
# None
#########################
web_server_type() {
local -a web_servers
read -r -a web_servers <<< "$(web_server_list)"
echo "${web_servers[0]:-}"
}
########################
# Validate that a supported web server is configured
# Globals:
# None
# Arguments:
# None
# Returns:
# None
#########################
web_server_validate() {
local error_code=0
local supported_web_servers=("apache" "nginx")
# Auxiliary functions
print_validation_error() {
error "$1"
error_code=1
}
if [[ -z "$(web_server_type)" || ! " ${supported_web_servers[*]} " == *" $(web_server_type) "* ]]; then
print_validation_error "Could not detect any supported web servers. It must be one of: ${supported_web_servers[*]}"
elif ! web_server_execute "$(web_server_type)" type -t "is_$(web_server_type)_running" >/dev/null; then
print_validation_error "Could not load the $(web_server_type) web server library from /opt/bitnami/scripts. Check that it exists and is readable."
fi
return "$error_code"
}
########################
# Check whether the web server is running
# Globals:
# *
# Arguments:
# None
# Returns:
# true if the web server is running, false otherwise
#########################
is_web_server_running() {
"is_$(web_server_type)_running"
}
########################
# Start web server
# Globals:
# *
# Arguments:
# None
# Returns:
# None
#########################
web_server_start() {
info "Starting $(web_server_type) in background"
"${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/start.sh"
}
########################
# Stop web server
# Globals:
# *
# Arguments:
# None
# Returns:
# None
#########################
web_server_stop() {
info "Stopping $(web_server_type)"
"${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/stop.sh"
}
########################
# Restart web server
# Globals:
# *
# Arguments:
# None
# Returns:
# None
#########################
web_server_restart() {
info "Restarting $(web_server_type)"
"${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/restart.sh"
}
########################
# Reload web server
# Globals:
# *
# Arguments:
# None
# Returns:
# None
#########################
web_server_reload() {
"${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/reload.sh"
}
########################
# Ensure a web server application configuration exists (i.e. Apache virtual host format or NGINX server block)
# It serves as a wrapper for the specific web server function
# Globals:
# *
# Arguments:
# $1 - App name
# Flags:
# --type - Application type, which has an effect on which configuration template to use
# --hosts - Host listen addresses
# --server-name - Server name
# --server-aliases - Server aliases
# --allow-remote-connections - Whether to allow remote connections or to require local connections
# --disable - Whether to render server configurations with a .disabled prefix
# --disable-http - Whether to render the app's HTTP server configuration with a .disabled prefix
# --disable-https - Whether to render the app's HTTPS server configuration with a .disabled prefix
# --http-port - HTTP port number
# --https-port - HTTPS port number
# --document-root - Path to document root directory
# Apache-specific flags:
# --apache-additional-configuration - Additional vhost configuration (no default)
# --apache-additional-http-configuration - Additional HTTP vhost configuration (no default)
# --apache-additional-https-configuration - Additional HTTPS vhost configuration (no default)
# --apache-before-vhost-configuration - Configuration to add before the <VirtualHost> directive (no default)
# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no' and type is not defined)
# --apache-extra-directory-configuration - Extra configuration for the document root directory
# --apache-proxy-address - Address where to proxy requests
# --apache-proxy-configuration - Extra configuration for the proxy
# --apache-proxy-http-configuration - Extra configuration for the proxy HTTP vhost
# --apache-proxy-https-configuration - Extra configuration for the proxy HTTPS vhost
# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup (only allowed when type is not defined)
# NGINX-specific flags:
# --nginx-additional-configuration - Additional server block configuration (no default)
# --nginx-external-configuration - Configuration external to server block (no default)
# Returns:
# true if the configuration was enabled, false otherwise
########################
ensure_web_server_app_configuration_exists() {
local app="${1:?missing app}"
shift
local -a apache_args nginx_args web_servers args_var
apache_args=("$app")
nginx_args=("$app")
# Validate arguments
while [[ "$#" -gt 0 ]]; do
case "$1" in
# Common flags
--disable \
| --disable-http \
| --disable-https \
)
apache_args+=("$1")
nginx_args+=("$1")
;;
--hosts \
| --server-name \
| --server-aliases \
| --type \
| --allow-remote-connections \
| --http-port \
| --https-port \
| --document-root \
)
apache_args+=("$1" "${2:?missing value}")
nginx_args+=("$1" "${2:?missing value}")
shift
;;
# Specific Apache flags
--apache-additional-configuration \
| --apache-additional-http-configuration \
| --apache-additional-https-configuration \
| --apache-before-vhost-configuration \
| --apache-allow-override \
| --apache-extra-directory-configuration \
| --apache-proxy-address \
| --apache-proxy-configuration \
| --apache-proxy-http-configuration \
| --apache-proxy-https-configuration \
| --apache-move-htaccess \
)
apache_args+=("${1//apache-/}" "${2:?missing value}")
shift
;;
# Specific NGINX flags
--nginx-additional-configuration \
| --nginx-external-configuration)
nginx_args+=("${1//nginx-/}" "${2:?missing value}")
shift
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
read -r -a web_servers <<< "$(web_server_list)"
for web_server in "${web_servers[@]}"; do
args_var="${web_server}_args[@]"
web_server_execute "$web_server" "ensure_${web_server}_app_configuration_exists" "${!args_var}"
done
}
########################
# Ensure a web server application configuration does not exist anymore (i.e. Apache virtual host format or NGINX server block)
# It serves as a wrapper for the specific web server function
# Globals:
# *
# Arguments:
# $1 - App name
# Returns:
# true if the configuration was disabled, false otherwise
########################
ensure_web_server_app_configuration_not_exists() {
local app="${1:?missing app}"
local -a web_servers
read -r -a web_servers <<< "$(web_server_list)"
for web_server in "${web_servers[@]}"; do
web_server_execute "$web_server" "ensure_${web_server}_app_configuration_not_exists" "$app"
done
}
########################
# Ensure the web server loads the configuration for an application in a URL prefix
# It serves as a wrapper for the specific web server function
# Globals:
# *
# Arguments:
# $1 - App name
# Flags:
# --allow-remote-connections - Whether to allow remote connections or to require local connections
# --document-root - Path to document root directory
# --prefix - URL prefix from where it will be accessible (i.e. /myapp)
# --type - Application type, which has an effect on what configuration template will be used
# Apache-specific flags:
# --apache-additional-configuration - Additional vhost configuration (no default)
# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no')
# --apache-extra-directory-configuration - Extra configuration for the document root directory
# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup
# NGINX-specific flags:
# --nginx-additional-configuration - Additional server block configuration (no default)
# Returns:
# true if the configuration was enabled, false otherwise
########################
ensure_web_server_prefix_configuration_exists() {
local app="${1:?missing app}"
shift
local -a apache_args nginx_args web_servers args_var
apache_args=("$app")
nginx_args=("$app")
# Validate arguments
while [[ "$#" -gt 0 ]]; do
case "$1" in
# Common flags
--allow-remote-connections \
| --document-root \
| --prefix \
| --type \
)
apache_args+=("$1" "${2:?missing value}")
nginx_args+=("$1" "${2:?missing value}")
shift
;;
# Specific Apache flags
--apache-additional-configuration \
| --apache-allow-override \
| --apache-extra-directory-configuration \
| --apache-move-htaccess \
)
apache_args+=("${1//apache-/}" "$2")
shift
;;
# Specific NGINX flags
--nginx-additional-configuration)
nginx_args+=("${1//nginx-/}" "$2")
shift
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
read -r -a web_servers <<< "$(web_server_list)"
for web_server in "${web_servers[@]}"; do
args_var="${web_server}_args[@]"
web_server_execute "$web_server" "ensure_${web_server}_prefix_configuration_exists" "${!args_var}"
done
}
########################
# Ensure a web server application configuration is updated with the runtime configuration (i.e. ports)
# It serves as a wrapper for the specific web server function
# Globals:
# *
# Arguments:
# $1 - App name
# Flags:
# --hosts - Host listen addresses
# --server-name - Server name
# --server-aliases - Server aliases
# --enable-http - Enable HTTP app configuration (if not enabled already)
# --enable-https - Enable HTTPS app configuration (if not enabled already)
# --disable-http - Disable HTTP app configuration (if not disabled already)
# --disable-https - Disable HTTPS app configuration (if not disabled already)
# --http-port - HTTP port number
# --https-port - HTTPS port number
# Returns:
# true if the configuration was updated, false otherwise
########################
web_server_update_app_configuration() {
local app="${1:?missing app}"
shift
local -a args web_servers
args=("$app")
# Validate arguments
while [[ "$#" -gt 0 ]]; do
case "$1" in
# Common flags
--enable-http \
| --enable-https \
| --disable-http \
| --disable-https \
)
args+=("$1")
;;
--hosts \
| --server-name \
| --server-aliases \
| --http-port \
| --https-port \
)
args+=("$1" "${2:?missing value}")
shift
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
read -r -a web_servers <<< "$(web_server_list)"
for web_server in "${web_servers[@]}"; do
web_server_execute "$web_server" "${web_server}_update_app_configuration" "${args[@]}"
done
}
########################
# Enable loading page, which shows users that the initialization process is not yet completed
# Globals:
# *
# Arguments:
# None
# Returns:
# None
#########################
web_server_enable_loading_page() {
ensure_web_server_app_configuration_exists "__loading" --hosts "_default_" \
--apache-additional-configuration "
# Show a HTTP 503 Service Unavailable page by default
RedirectMatch 503 ^/$
# Show index.html if server is answering with 404 Not Found or 503 Service Unavailable status codes
ErrorDocument 404 /index.html
ErrorDocument 503 /index.html" \
--nginx-additional-configuration "
# Show a HTTP 503 Service Unavailable page by default
location / {
return 503;
}
# Show index.html if server is answering with 404 Not Found or 503 Service Unavailable status codes
error_page 404 @installing;
error_page 503 @installing;
location @installing {
rewrite ^(.*)$ /index.html break;
}"
web_server_reload
}
########################
# Enable loading page, which shows users that the initialization process is not yet completed
# Globals:
# *
# Arguments:
# None
# Returns:
# None
#########################
web_server_disable_install_page() {
ensure_web_server_app_configuration_not_exists "__loading"
web_server_reload
}

25
bitnami/geode/1/debian-11/prebuildfs/usr/sbin/install_packages
View File

@ -1,25 +0,0 @@
#!/bin/sh
set -eu
n=0
max=2
export DEBIAN_FRONTEND=noninteractive
until [ $n -gt $max ]; do
set +e
(
apt-get update -qq &&
apt-get install -y --no-install-recommends "$@"
)
CODE=$?
set -e
if [ $CODE -eq 0 ]; then
break
fi
if [ $n -eq $max ]; then
exit $CODE
fi
echo "apt failed, retrying"
n=$(($n + 1))
done
apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives

133
bitnami/geode/1/debian-11/rootfs/opt/bitnami/scripts/geode-env.sh
View File

@ -1,133 +0,0 @@
#!/bin/bash
#
# Environment configuration for geode
# The values for all environment variables will be set in the below order of precedence
# 1. Custom environment variables defined below after Bitnami defaults
# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR
# 3. Environment variables overridden via external files using *_FILE variables (see below)
# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata)
# Load logging library
# shellcheck disable=SC1090,SC1091
. /opt/bitnami/scripts/liblog.sh
export BITNAMI_ROOT_DIR="/opt/bitnami"
export BITNAMI_VOLUME_DIR="/bitnami"
# Logging configuration
export MODULE="${MODULE:-geode}"
export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}"
# By setting an environment variable matching *_FILE to a file path, the prefixed environment
# variable will be overridden with the value specified in that file
geode_env_vars=(
GEODE_HTTP_BIND_ADDRESS
GEODE_HTTP_PORT_NUMBER
GEODE_RMI_BIND_ADDRESS
GEODE_RMI_PORT_NUMBER
GEODE_ADVERTISED_HOSTNAME
GEODE_NODE_NAME
GEODE_NODE_TYPE
GEODE_LOCATORS
GEODE_GROUPS
GEODE_LOG_LEVEL
GEODE_INITIAL_HEAP_SIZE
GEODE_MAX_HEAP_SIZE
GEODE_ENABLE_METRICS
GEODE_METRICS_PORT_NUMBER
GEODE_ENABLE_SECURITY
GEODE_SECURITY_MANAGER
GEODE_SECURITY_USERNAME
GEODE_SECURITY_PASSWORD
GEODE_SECURITY_TLS_COMPONENTS
GEODE_SECURITY_TLS_PROTOCOLS
GEODE_SECURITY_TLS_REQUIRE_AUTHENTICATION
GEODE_SECURITY_TLS_ENDPOINT_IDENTIFICATION_ENABLED
GEODE_SECURITY_TLS_KEYSTORE_FILE
GEODE_SECURITY_TLS_KEYSTORE_PASSWORD
GEODE_SECURITY_TLS_TRUSTSTORE_FILE
GEODE_SECURITY_TLS_TRUSTSTORE_PASSWORD
GEODE_SERVER_BIND_ADDRESS
GEODE_SERVER_PORT_NUMBER
GEODE_LOCATOR_BIND_ADDRESS
GEODE_LOCATOR_PORT_NUMBER
GEODE_LOCATOR_START_COMMAND
JAVA_HOME
JAVA_OPTS
)
for env_var in "${geode_env_vars[@]}"; do
file_env_var="${env_var}_FILE"
if [[ -n "${!file_env_var:-}" ]]; then
if [[ -r "${!file_env_var:-}" ]]; then
export "${env_var}=$(< "${!file_env_var}")"
unset "${file_env_var}"
else
warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable."
fi
fi
done
unset geode_env_vars
# Paths
export GEODE_BASE_DIR="${BITNAMI_ROOT_DIR}/geode"
export GEODE_BIN_DIR="${GEODE_BASE_DIR}/bin"
export GEODE_CONF_DIR="${GEODE_BASE_DIR}/config"
export GEODE_CERTS_DIR="${GEODE_CONF_DIR}/certs"
export GEODE_CONF_FILE="${GEODE_CONF_DIR}/gemfire.properties"
export GEODE_SEC_CONF_FILE="${GEODE_CONF_DIR}/gfsecurity.properties"
export GEODE_LOGS_DIR="${GEODE_BASE_DIR}/logs"
export GEODE_EXTENSIONS_DIR="${GEODE_BASE_DIR}/extensions"
export GEODE_VOLUME_DIR="${BITNAMI_VOLUME_DIR}/geode"
export GEODE_DATA_DIR="${GEODE_VOLUME_DIR}/data"
export GEODE_MOUNTED_CONF_DIR="${GEODE_VOLUME_DIR}/config"
export GEODE_INITSCRIPTS_DIR="/docker-entrypoint-initdb.d"
# System users (when running with a privileged user)
export GEODE_DAEMON_USER="geode"
export GEODE_DAEMON_GROUP="geode"
# Apache Geode configuration
export GEODE_HTTP_BIND_ADDRESS="${GEODE_HTTP_BIND_ADDRESS:-}"
export GEODE_HTTP_PORT_NUMBER="${GEODE_HTTP_PORT_NUMBER:-7070}"
export GEODE_RMI_BIND_ADDRESS="${GEODE_RMI_BIND_ADDRESS:-}"
export GEODE_RMI_PORT_NUMBER="${GEODE_RMI_PORT_NUMBER:-1099}"
export GEODE_ADVERTISED_HOSTNAME="${GEODE_ADVERTISED_HOSTNAME:-}"
export GEODE_NODE_NAME="${GEODE_NODE_NAME:-}"
export GEODE_NODE_TYPE="${GEODE_NODE_TYPE:-server}"
export GEODE_LOCATORS="${GEODE_LOCATORS:-}"
export GEODE_GROUPS="${GEODE_GROUPS:-}"
export GEODE_LOG_LEVEL="${GEODE_LOG_LEVEL:-info}"
export GEODE_INITIAL_HEAP_SIZE="${GEODE_INITIAL_HEAP_SIZE:-}"
export GEODE_MAX_HEAP_SIZE="${GEODE_MAX_HEAP_SIZE:-}"
export GEODE_ENABLE_METRICS="${GEODE_ENABLE_METRICS:-no}"
export GEODE_METRICS_PORT_NUMBER="${GEODE_METRICS_PORT_NUMBER:-9914}"
# Apache Geode security
export GEODE_ENABLE_SECURITY="${GEODE_ENABLE_SECURITY:-no}"
export GEODE_SECURITY_MANAGER="${GEODE_SECURITY_MANAGER:-org.apache.geode.examples.security.ExampleSecurityManager}"
export GEODE_SECURITY_USERNAME="${GEODE_SECURITY_USERNAME:-admin}"
export GEODE_SECURITY_PASSWORD="${GEODE_SECURITY_PASSWORD:-}"
export GEODE_SECURITY_TLS_COMPONENTS="${GEODE_SECURITY_TLS_COMPONENTS:-}"
export GEODE_SECURITY_TLS_PROTOCOLS="${GEODE_SECURITY_TLS_PROTOCOLS:-any}"
export GEODE_SECURITY_TLS_REQUIRE_AUTHENTICATION="${GEODE_SECURITY_TLS_REQUIRE_AUTHENTICATION:-no}"
export GEODE_SECURITY_TLS_ENDPOINT_IDENTIFICATION_ENABLED="${GEODE_SECURITY_TLS_ENDPOINT_IDENTIFICATION_ENABLED:-no}"
export GEODE_SECURITY_TLS_KEYSTORE_FILE="${GEODE_SECURITY_TLS_KEYSTORE_FILE:-${GEODE_CONF_DIR}/certs/geode.keystore.jks}"
export GEODE_SECURITY_TLS_KEYSTORE_PASSWORD="${GEODE_SECURITY_TLS_KEYSTORE_PASSWORD:-}"
export GEODE_SECURITY_TLS_TRUSTSTORE_FILE="${GEODE_SECURITY_TLS_TRUSTSTORE_FILE:-${GEODE_CONF_DIR}/certs/geode.truststore.jks}"
export GEODE_SECURITY_TLS_TRUSTSTORE_PASSWORD="${GEODE_SECURITY_TLS_TRUSTSTORE_PASSWORD:-}"
# Apache Geode Cache servers configuration
export GEODE_SERVER_BIND_ADDRESS="${GEODE_SERVER_BIND_ADDRESS:-}"
export GEODE_SERVER_PORT_NUMBER="${GEODE_SERVER_PORT_NUMBER:-40404}"
# Apache Geode locators configuration
export GEODE_LOCATOR_BIND_ADDRESS="${GEODE_LOCATOR_BIND_ADDRESS:-}"
export GEODE_LOCATOR_PORT_NUMBER="${GEODE_LOCATOR_PORT_NUMBER:-10334}"
export GEODE_LOCATOR_START_COMMAND="${GEODE_LOCATOR_START_COMMAND:-configure pdx --read-serialized --disk-store}"
# Java configuration
export JAVA_HOME="${JAVA_HOME:-${BITNAMI_ROOT_DIR}/java}"
export JAVA_OPTS="${JAVA_OPTS:-}"
# Custom environment variables may be defined below

27
bitnami/geode/1/debian-11/rootfs/opt/bitnami/scripts/geode/entrypoint.sh
View File

@ -1,27 +0,0 @@
#!/bin/bash
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libbitnami.sh
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libos.sh
# Load Apache Geode environment
. /opt/bitnami/scripts/geode-env.sh
print_welcome_page
if [[ "$*" = *"/opt/bitnami/scripts/geode/run.sh"* ]]; then
info "** Starting Apache Geode setup **"
/opt/bitnami/scripts/geode/setup.sh
info "** Apache Geode setup finished! **"
fi
echo ""
exec "$@"

23
bitnami/geode/1/debian-11/rootfs/opt/bitnami/scripts/geode/postunpack.sh
View File

@ -1,23 +0,0 @@
#!/bin/bash
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libgeode.sh
. /opt/bitnami/scripts/libfs.sh
. /opt/bitnami/scripts/libos.sh
# Load Apache Geode environment
. /opt/bitnami/scripts/geode-env.sh
# Ensure required directories exist
chmod g+rwX "$GEODE_BASE_DIR"
for dir in "$GEODE_VOLUME_DIR" "$GEODE_DATA_DIR" "$GEODE_MOUNTED_CONF_DIR" "$GEODE_CONF_DIR" "$GEODE_CERTS_DIR" "$GEODE_EXTENSIONS_DIR" "$GEODE_LOGS_DIR" "$GEODE_INITSCRIPTS_DIR"; do
ensure_dir_exists "$dir"
configure_permissions_ownership "$dir" -d "775" -f "664"
done

43
bitnami/geode/1/debian-11/rootfs/opt/bitnami/scripts/geode/run.sh
View File

@ -1,43 +0,0 @@
#!/bin/bash
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libgeode.sh
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libservice.sh
# Load Apache Geode environment
. /opt/bitnami/scripts/geode-env.sh
declare -a start_flags
read -r -a start_flags <<< "$(geode_start_flags)"
start_flags+=("$@")
info "** Starting Apache Geode **"
if am_i_root; then
if [[ "$GEODE_NODE_TYPE" = "locator" ]] && is_mounted_dir_empty "$GEODE_DATA_DIR"; then
gosu "$GEODE_DAEMON_USER" gfsh -e "start $GEODE_NODE_TYPE ${start_flags[*]}" -e "$GEODE_LOCATOR_START_COMMAND"
else
gosu "$GEODE_DAEMON_USER" gfsh -e "start $GEODE_NODE_TYPE ${start_flags[*]}"
fi
else
if [[ "$GEODE_NODE_TYPE" = "locator" ]] && is_mounted_dir_empty "$GEODE_DATA_DIR"; then
gfsh -e "start $GEODE_NODE_TYPE ${start_flags[*]}" -e "$GEODE_LOCATOR_START_COMMAND"
else
gfsh -e "start $GEODE_NODE_TYPE ${start_flags[*]}"
fi
fi
info "** Apache Geode started! **"
# The 'gfsh start ...' command creates a new JAVA process in
# background. We need to tail the log file to avoid the container
# to exit while this process is up
info "** Tailing ${GEODE_NODE_TYPE}.log **"
declare pid_file="${GEODE_DATA_DIR}/vf.gf.${GEODE_NODE_TYPE}.pid"
exec tail -c+1 --pid="$(get_pid_from_file "$pid_file")" -f "${GEODE_LOGS_DIR}/${GEODE_NODE_TYPE}.log"

30
bitnami/geode/1/debian-11/rootfs/opt/bitnami/scripts/geode/setup.sh
View File

@ -1,30 +0,0 @@
#!/bin/bash
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libgeode.sh
. /opt/bitnami/scripts/libfs.sh
. /opt/bitnami/scripts/libos.sh
# Load Apache Geode environment
. /opt/bitnami/scripts/geode-env.sh
# Ensure Apache Geode environment variables are valid
geode_validate
if am_i_root; then
info "Creating Apache Geode daemon user"
ensure_user_exists "$GEODE_DAEMON_USER" --group "$GEODE_DAEMON_GROUP" --system
fi
# Ensure Apache Geode is initialized
geode_initialize
# Apache Geode init scripts
geode_custom_init_scripts

17
bitnami/geode/1/debian-11/rootfs/opt/bitnami/scripts/java/entrypoint.sh
View File

@ -1,17 +0,0 @@
#!/bin/bash
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libbitnami.sh
. /opt/bitnami/scripts/liblog.sh
print_welcome_page
echo ""
exec "$@"

24
bitnami/geode/1/debian-11/rootfs/opt/bitnami/scripts/java/postunpack.sh
View File

@ -1,24 +0,0 @@
#!/bin/bash
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# set -o xtrace # Uncomment this line for debugging purposes
# Load libraries
. /opt/bitnami/scripts/libfile.sh
. /opt/bitnami/scripts/liblog.sh
#
# Java post-unpack operations
#
# Override default files in the Java security directory. This is used for
# custom base images (with custom CA certificates or block lists is used)
if ! is_dir_empty "$JAVA_EXTRA_SECURITY_DIR"; then
info "Adding custom CAs to the Java security folder"
cp -Lr "$JAVA_EXTRA_SECURITY_DIR" /opt/bitnami/java/lib/security
fi

539
bitnami/geode/1/debian-11/rootfs/opt/bitnami/scripts/libgeode.sh
View File

@ -1,539 +0,0 @@
#!/bin/bash
#
# Bitnami Apache Geode library
# shellcheck disable=SC1090,SC1091
# Load generic libraries
. /opt/bitnami/scripts/libfile.sh
. /opt/bitnami/scripts/libfs.sh
. /opt/bitnami/scripts/libnet.sh
. /opt/bitnami/scripts/libos.sh
. /opt/bitnami/scripts/libpersistence.sh
. /opt/bitnami/scripts/libvalidations.sh
########################
# Validate settings in GEODE_* env vars
# Globals:
# GEODE_*
# Arguments:
# None
# Returns:
# 0 if the validation succeeded, 1 otherwise
#########################
geode_validate() {
debug "Validating settings in GEODE_* environment variables..."
local error_code=0
# Auxiliary functions
print_validation_error() {
error "$1"
error_code=1
}
check_conflicting_ports() {
local -r total="$#"
for i in $(seq 1 "$((total - 1))"); do
for j in $(seq "$((i + 1))" "$total"); do
var_i="${!i}"
var_j="${!j}"
if [[ -n "${!var_i:-}" ]] && [[ -n "${!var_j:-}" ]] && [[ "${!var_i:-}" -eq "${!var_j:-}" ]]; then
print_validation_error "${var_i} and ${var_j} are bound to the same port"
fi
done
done
}
check_resolved_hostname() {
if ! is_hostname_resolved "$1"; then
warn "Hostname ${1} could not be resolved, this could lead to connection issues"
fi
}
check_empty_value() {
if is_empty_value "${!1}"; then
print_validation_error "${1} must be set"
fi
}
check_yes_no_value() {
if ! is_yes_no_value "${!1}" && ! is_true_false_value "${!1}"; then
print_validation_error "The allowed values for ${1} are: yes no"
fi
}
check_multi_value() {
if [[ " ${2} " != *" ${!1} "* ]]; then
print_validation_error "The allowed values for ${1} are: ${2}"
fi
}
check_valid_port() {
local port_var="${1:?missing port variable}"
local err
if ! err="$(validate_port "${!port_var}")"; then
print_validation_error "An invalid port was specified in the environment variable ${port_var}: ${err}."
fi
}
# Validate node type and log level
check_empty_value "GEODE_NODE_TYPE"
check_empty_value "GEODE_LOG_LEVEL"
check_multi_value "GEODE_NODE_TYPE" "server locator"
check_multi_value "GEODE_LOG_LEVEL" "severe error warning info config fine"
# Validate hostname, bind addresses and ports
for address in "$GEODE_ADVERTISED_HOSTNAME" "$GEODE_SERVER_BIND_ADDRESS" "$GEODE_HTTP_BIND_ADDRESS" "$GEODE_LOCATOR_BIND_ADDRESS"; do
! is_empty_value "$address" && ! validate_ipv4 "$address" && check_resolved_hostname "$address"
done
for port in "GEODE_SERVER_PORT_NUMBER" "GEODE_LOCATOR_PORT_NUMBER" "GEODE_HTTP_PORT_NUMBER" "GEODE_RMI_PORT_NUMBER" "GEODE_METRICS_PORT_NUMBER"; do
! is_empty_value "${!port}" && check_valid_port "$port"
done
check_conflicting_ports "GEODE_SERVER_PORT_NUMBER" "GEODE_LOCATOR_PORT_NUMBER" "GEODE_HTTP_PORT_NUMBER" "GEODE_RMI_PORT_NUMBER" "GEODE_METRICS_PORT_NUMBER"
check_yes_no_value "GEODE_ENABLE_METRICS"
# Validate Apache Geode locators
if ! is_empty_value "$GEODE_LOCATORS"; then
local -r regexp="(([^\[/?#]+)(\[([0-9]+)\])?)?"
read -r -a locators <<< "$(tr ',;' ' ' <<< "${GEODE_LOCATORS/%,/}")"
for l in "${locators[@]}"; do
if [[ "$l" =~ $regexp ]]; then
check_resolved_hostname "${BASH_REMATCH[2]}"
else
print_validation_error "The locator \"$l\" doesn't follow the expected format"
fi
done
fi
# Validate Apache Geode security settings
check_yes_no_value "GEODE_ENABLE_SECURITY"
check_yes_no_value "GEODE_SECURITY_TLS_REQUIRE_AUTHENTICATION"
check_yes_no_value "GEODE_SECURITY_TLS_ENDPOINT_IDENTIFICATION_ENABLED"
if is_boolean_yes "$GEODE_ENABLE_SECURITY"; then
if ! is_empty_value "$GEODE_SECURITY_TLS_COMPONENTS"; then
check_empty_value "GEODE_SECURITY_TLS_PROTOCOLS"
if [[ ! -f "$GEODE_SECURITY_TLS_KEYSTORE_FILE" || ! -f "$GEODE_SECURITY_TLS_TRUSTSTORE_FILE" ]]; then
print_validation_error "In order to configure the TLS encryption for Apache Geode with JKS certs you must mount your geode.keystore.jks and geode.truststore.jks certs to the ${GEODE_CONF_DIR}/certs directory."
fi
else
# Security is enabled but TLS is not. Therefore, authentication using Security Manager is mandatory
for var in "GEODE_SECURITY_MANAGER" "GEODE_SECURITY_USERNAME" "GEODE_SECURITY_PASSWORD"; do
check_empty_value "$var"
done
fi
else
warn "You set the environment variable GEODE_ENABLE_SECURITY=${GEODE_ENABLE_SECURITY}. For safety reasons, enable Apache Geode security in a production environment."
fi
# Validation configuration files
for file in "cache.xml" "gemfire.properties" "log4j2.xml"; do
if [[ -f "${GEODE_CONF_DIR}/${file}" ]] || ! is_file_writable "${GEODE_CONF_DIR}/${file}"; then
warn "A custom configuration file \"$file\" was found or the file is not writable. Configurations based on environment variables will not be applied for this file."
fi
done
is_boolean_yes "$GEODE_ENABLE_SECURITY" && ! is_file_writable "$GEODE_SEC_CONF_FILE" && warn "${GEODE_SEC_CONF_FILE} is not writable. Configurations based on environment variables will not be applied for this file."
return "$error_code"
}
########################
# Set a configuration setting value to the configuration file(s)
# Globals:
# GEODE_*
# Arguments:
# $1 - property key
# $2 - property value
# $3 - configuration file (optional)
# Returns:
# None
#########################
geode_conf_set() {
local -r key="${1:?key missing}"
local -r value="${2:?value missing}"
local -r file="${3:-"${GEODE_CONF_FILE}"}"
# Sanitize key (sed does not support fixed string substitutions)
local sanitized_pattern
sanitized_pattern="^\s*(//\s*)?$(sed 's/[]\[^$.*/]/\\&/g' <<<"$key")\s*=.*"
# Check if the configuration exists in the file
if grep -sqE "$sanitized_pattern" "$file"; then
# It exists, so replace the line
replace_in_file "$file" "$sanitized_pattern" "${key} = ${value}"
else
# Add a new key
printf '\n%s=%s' "$key" "$value" >>"$file"
fi
}
########################
# Get a configuration setting value from the configuration file(s)
# ref: https://geode.apache.org/docs/guide/112/reference/topics/gemfire_properties.html
# Globals:
# GEODE_*
# Arguments:
# $1 - property key
# $2 - configuration file (optional)
# Returns:
# String (empty string if file or key doesn't exist)
#########################
geode_conf_get() {
local -r key="${1:?key missing}"
local -r file="${2:-"${GEODE_CONF_FILE}"}"
# Sanitize key (sed does not support fixed string substitutions)
local sanitized_pattern
sanitized_pattern="^\s*(//\s*)?$(sed 's/[]\[^$.*/]/\\&/g' <<<"$key")\s*=(.*)"
grep -E "$sanitized_pattern" "$file" | sed -E "s|${sanitized_pattern}|\2|" | tr -d "\"' "
}
########################
# Creates Apache Geode configuration file
# Globals:
# GEODE_*
# Arguments:
# None
# Returns:
# None
#########################
geode_create_config() {
info "Creating Apache Geode configuration file"
geode_conf_set "deploy-working-dir" "$GEODE_DATA_DIR"
# Logging settings
geode_conf_set "log-level" "$GEODE_LOG_LEVEL"
# Enable JMX Manager
geode_conf_set "jmx-manager" "true"
geode_conf_set "jmx-manager-start" "true"
# Hostnames and ports
[[ -n "$GEODE_ADVERTISED_HOSTNAME" ]] && geode_conf_set "jmx-manager-hostname-for-clients" "$GEODE_ADVERTISED_HOSTNAME"
[[ -n "$GEODE_RMI_BIND_ADDRESS" ]] && geode_conf_set "jmx-manager-bind-address" "$GEODE_RMI_BIND_ADDRESS"
geode_conf_set "jmx-manager-port" "$GEODE_RMI_PORT_NUMBER"
[[ -n "$GEODE_HTTP_BIND_ADDRESS" ]] && geode_conf_set "http-service-bind-address" "$GEODE_HTTP_BIND_ADDRESS"
geode_conf_set "jmx-manager-http-port" "$GEODE_HTTP_PORT_NUMBER"
geode_conf_set "http-service-port" "$GEODE_HTTP_PORT_NUMBER"
}
########################
# Configure a sammple SecurityManager based on the implementation below:
# https://github.com/apache/geode/blob/develop/geode-core/src/main/java/org/apache/geode/examples/security/ExampleSecurityManager.java
# This implementation provides authentication and authorization based on a "security.json" JSON file
# Globals:
# GEODE_*
# Arguments:
# None
# Returns:
# None
#########################
geode_configure_sample_security_manager() {
if [[ "$GEODE_SECURITY_MANAGER" = "org.apache.geode.examples.security.ExampleSecurityManager" ]]; then
if [[ ! -f "${GEODE_EXTENSIONS_DIR}/security.json" && -w "$GEODE_EXTENSIONS_DIR" ]]; then
warn "No \"security.json\" file provided. Creating a very basic one (not suitable for production)"
jq '.' > "${GEODE_EXTENSIONS_DIR}/security.json" <<EOF
{
"roles": [{
"name": "admin",
"operationsAllowed": [
"CLUSTER:READ",
"CLUSTER:WRITE",
"CLUSTER:MANAGE",
"DATA:READ",
"DATA:WRITE",
"DATA:MANAGE"
]
}],
"users": [{
"name": "$GEODE_SECURITY_USERNAME",
"password": "$GEODE_SECURITY_PASSWORD",
"roles": ["admin"]
}]
}
EOF
# Configure restrictive permissions
chmod 440 "${GEODE_EXTENSIONS_DIR}/security.json"
else
info "Using custom users & roles defined at \"security.json\" file"
fi
fi
}
########################
# Configure security manager
# Globals:
# GEODE_*
# Arguments:
# None
# Returns:
# None
#########################
geode_configure_security_manager() {
info "Configuring Apache Geode security manager"
geode_conf_set "security-manager" "$GEODE_SECURITY_MANAGER" "$GEODE_SEC_CONF_FILE"
geode_conf_set "security-username" "$GEODE_SECURITY_USERNAME" "$GEODE_SEC_CONF_FILE"
geode_conf_set "security-password" "$GEODE_SECURITY_PASSWORD" "$GEODE_SEC_CONF_FILE"
# Configure Sample SecurityManager
geode_configure_sample_security_manager
}
########################
# Configure TLS
# ref: https://geode.apache.org/docs/guide/114/managing/security/implementing_ssl.html
# Globals:
# GEODE_*
# Arguments:
# None
# Returns:
# None
#########################
geode_configure_security_tls() {
info "Configuring Apache Geode TLS"
geode_conf_set "ssl-enabled-components" "$GEODE_SECURITY_TLS_COMPONENTS" "$GEODE_SEC_CONF_FILE"
geode_conf_set "ssl-endpoint-identification-enabled" "$(is_boolean_yes "$GEODE_SECURITY_TLS_ENDPOINT_IDENTIFICATION_ENABLED" && echo "true" || echo "false")" "$GEODE_SEC_CONF_FILE"
geode_conf_set "ssl-require-authentication" "$(is_boolean_yes "$GEODE_SECURITY_TLS_REQUIRE_AUTHENTICATION" && echo "true" || echo "false")" "$GEODE_SEC_CONF_FILE"
! is_empty_value "$GEODE_SECURITY_TLS_KEYSTORE_PASSWORD" && geode_conf_set "ssl-keystore-password" "$GEODE_SECURITY_TLS_KEYSTORE_PASSWORD" "$GEODE_SEC_CONF_FILE"
! is_empty_value "$GEODE_SECURITY_TLS_TRUSTSTORE_PASSWORD" && geode_conf_set "ssl-truststore-password" "$GEODE_SECURITY_TLS_TRUSTSTORE_PASSWORD" "$GEODE_SEC_CONF_FILE"
geode_conf_set "ssl-keystore" "$GEODE_SECURITY_TLS_KEYSTORE_FILE" "$GEODE_SEC_CONF_FILE"
geode_conf_set "ssl-truststore" "$GEODE_SECURITY_TLS_TRUSTSTORE_FILE" "$GEODE_SEC_CONF_FILE"
}
########################
# Wait until the locator is accessible with the currently-known credentials
# Arguments:
# $1 - locator hostname
# $2 - user to securely connect to the locator (optional)
# $3 - password to securely connect to the locator (optional)
# Returns:
# true if the locator connection succeeded, false otherwise
#########################
geode_wait_for_locator_connection() {
local -r locator="${1:?missing locator host}"
local -r user="${2:-}"
local -r pass="${3:-}"
local -r sleep_min=2
check_locator_connection() {
local -a connet_flags=("--locator=${locator}")
! is_empty_value "$user" && connet_flags+=("--user=${user}")
! is_empty_value "$pass" && connet_flags+=("--password=${pass}")
if ! is_empty_value "$GEODE_SECURITY_TLS_COMPONENTS"; then
connet_flags+=(
"--use-ssl" "--skip-ssl-validation"
"--key-store=${GEODE_SECURITY_TLS_KEYSTORE_FILE}"
"--trust-store=${GEODE_SECURITY_TLS_TRUSTSTORE_FILE}"
)
! is_empty_value "$GEODE_SECURITY_TLS_KEYSTORE_PASSWORD" && connet_flags+=("--key-store-password=${GEODE_SECURITY_TLS_KEYSTORE_PASSWORD}")
! is_empty_value "$GEODE_SECURITY_TLS_TRUSTSTORE_PASSWORD" && connet_flags+=("--trust-store-password=${GEODE_SECURITY_TLS_TRUSTSTORE_PASSWORD}")
fi
debug_execute gfsh -e "connect ${connet_flags[*]}" -e "status cluster-config-service"
}
# We use a random sleep time between retries to avoid colissions
if ! retry_while "check_locator_connection" "12" "$((sleep_min + $(generate_random_string --type numeric --count 1)))"; then
error "Could not connect to the locator"
return 1
fi
}
########################
# Ensure Apache Geode is initialized as a cache server
# Globals:
# GEODE_*
# Arguments:
# None
# Returns:
# None
#########################
geode_initialize_cache_server() {
! is_mounted_dir_empty "$GEODE_DATA_DIR" && info "Detected data from previous deployments"
if is_empty_value "$GEODE_LOCATORS"; then
info "No locators indicated, starting cache server as a standalone server"
# We don't use the "Cluster Configuration Service" on standalone cache servers
# Therefore, we need to recreate the configuration even when we detect data from
# previous deployments
warn "The cluster configuration service will be disabled"
# Create configuration file
[[ ! -f "$GEODE_CONF_FILE" && -w "$GEODE_CONF_DIR" ]] && geode_create_config
# Configure security
if is_boolean_yes "$GEODE_ENABLE_SECURITY" && [[ ! -f "$GEODE_SEC_CONF_FILE" && -w "$GEODE_CONF_DIR" ]]; then
! is_empty_value "$GEODE_SECURITY_MANAGER" && geode_configure_security_manager
! is_empty_value "$GEODE_SECURITY_TLS_COMPONENTS" && geode_configure_security_tls
# Configure restrictive permissions
chmod 440 "$GEODE_SEC_CONF_FILE"
fi
else
# We use "Cluster Configuration Service" to manage the whole cluster configuration
# as recommended by Apache Geode guidelines. In this setup, locators distribute the
# configuration along the cluster and you only need to configure Cache servers for
# those items that cannot be specified or altered using 'gfsh'
# ref: https://geode.apache.org/docs/guide/114/configuring/cluster_config/gfsh_persist.html
local user pass
# Configure Security credentials used to connect the locators
if is_boolean_yes "$GEODE_ENABLE_SECURITY"; then
user="$GEODE_SECURITY_USERNAME"
pass="$GEODE_SECURITY_PASSWORD"
# Cache servers retrieve the configuration from the Cluster Configuration Service
# but they cannot retrieve the configuration for the Sample SecurityManager
# This configuration is not persisted. Therefore, we also need to generate it
# during container recreations
geode_configure_sample_security_manager
! is_empty_value "$GEODE_SECURITY_TLS_COMPONENTS" && geode_configure_security_tls
fi
info "Trying to connect to locators"
read -r -a locators <<< "$(tr ',;' ' ' <<< "${GEODE_LOCATORS/%,/}")"
for l in "${locators[@]}"; do
geode_wait_for_locator_connection "$l" "${user:-}" "${pass:-}"
done
fi
true
}
########################
# Ensure Apache Geode is initialized as a locator node
# Globals:
# GEODE_*
# Arguments:
# None
# Returns:
# None
#########################
geode_initialize_locator() {
! is_mounted_dir_empty "$GEODE_DATA_DIR" && info "Detected data from previous deployments"
# Create configuration file
[[ ! -f "$GEODE_CONF_FILE" && -w "$GEODE_CONF_DIR" ]] && geode_create_config
# Configure security
if is_boolean_yes "$GEODE_ENABLE_SECURITY" && [[ ! -f "$GEODE_SEC_CONF_FILE" && -w "$GEODE_CONF_DIR" ]]; then
! is_empty_value "$GEODE_SECURITY_MANAGER" && geode_configure_security_manager
! is_empty_value "$GEODE_SECURITY_TLS_COMPONENTS" && geode_configure_security_tls
# Configure restrictive permissions
chmod 440 "$GEODE_SEC_CONF_FILE"
fi
true
}
########################
# Ensure Apache Geode is initialized
# Globals:
# GEODE_*
# Arguments:
# None
# Returns:
# None
#########################
geode_initialize() {
info "Initializing Apache Geode"
# Ensure Apache Geode daemon user has proper permissions on data directory when runnint container as "root"
if am_i_root; then
info "Configuring file permissions for Apache Geode"
is_mounted_dir_empty "$GEODE_DATA_DIR" && configure_permissions_ownership "$GEODE_DATA_DIR" -d "755" -f "644" -u "$GEODE_DAEMON_USER" -g "$GEODE_DAEMON_GROUP"
fi
# Check for mounted configuration files and cert files
if ! is_dir_empty "$GEODE_MOUNTED_CONF_DIR"; then
cp -Lr "$GEODE_MOUNTED_CONF_DIR"/* "$GEODE_CONF_DIR"
fi
case "$GEODE_NODE_TYPE" in
server)
geode_initialize_cache_server
;;
locator)
geode_initialize_locator
;;
*)
error "Type unknown: ${GEODE_NODE_TYPE}"
return 1
;;
esac
# Enable metrics
! is_boolean_yes "$GEODE_ENABLE_METRICS" && rm -f "${GEODE_EXTENSIONS_DIR}/micrometerMetrics.jar"
true
}
########################
# Returns the list of flags to start a specific Geode node
# Globals:
# GEODE_*
# Arguments:
# None
# Returns:
# String
#########################
geode_start_flags() {
local -a start_flags+=(
"--dir=${GEODE_DATA_DIR}" # Set data directory
"--classpath=${GEODE_EXTENSIONS_DIR}" # Load custom JAR(s) and other extensions
"--force" # Allow overwiting the PID file if existing
"--J=-Dgemfire.log-file=${GEODE_LOGS_DIR}/${GEODE_NODE_TYPE}.log" # Custom log file location
)
# Configuration files flags
[[ -f "$GEODE_CONF_FILE" ]] && start_flags+=("--properties-file=${GEODE_CONF_FILE}")
[[ -f "$GEODE_SEC_CONF_FILE" ]] && start_flags+=("--security-properties-file=${GEODE_SEC_CONF_FILE}")
# Cluster flags
[[ -n "$GEODE_NODE_NAME" ]] && start_flags+=("--name=${GEODE_NODE_NAME}")
[[ -n "$GEODE_LOCATORS" ]] && start_flags+=("--locators=${GEODE_LOCATORS}")
[[ -n "$GEODE_GROUPS" ]] && start_flags+=("--groups=${GEODE_GROUPS}")
[[ -n "$GEODE_ADVERTISED_HOSTNAME" ]] && start_flags+=("--hostname-for-clients=${GEODE_ADVERTISED_HOSTNAME}")
# Memory flags
[[ -n "$GEODE_INITIAL_HEAP_SIZE" ]] && start_flags+=("--initial-heap=${GEODE_INITIAL_HEAP_SIZE}")
[[ -n "$GEODE_MAX_HEAP_SIZE" ]] && start_flags+=("--max-heap=${GEODE_MAX_HEAP_SIZE}")
# Metrics flags
is_boolean_yes "$GEODE_ENABLE_METRICS" && start_flags+=("--J=-Dprometheus.metrics.port=${GEODE_METRICS_PORT_NUMBER}")
# Specific flags per node type
case "$GEODE_NODE_TYPE" in
server)
start_flags+=("--server-port=${GEODE_SERVER_PORT_NUMBER}")
[[ -n "$GEODE_SERVER_BIND_ADDRESS" ]] && start_flags+=("--server-bind-address=${GEODE_SERVER_BIND_ADDRESS}")
if [[ -n "$GEODE_LOCATORS" ]]; then
# Required flags to join the locator when authentication is enabled
is_boolean_yes "$GEODE_ENABLE_SECURITY" && start_flags+=(
"--user=${GEODE_SECURITY_USERNAME}"
"--password=${GEODE_SECURITY_PASSWORD}"
)
else
# Do not use "Cluster Configuration Service" for standalone cache servers
start_flags+=("--use-cluster-configuration=false")
fi
;;
locator)
start_flags+=("--port=${GEODE_LOCATOR_PORT_NUMBER}")
[[ -n "$GEODE_LOCATOR_BIND_ADDRESS" ]] && start_flags+=("--bind-address=${GEODE_LOCATOR_BIND_ADDRESS}")
;;
*)
error "Type unknown: ${GEODE_NODE_TYPE}"
return 1
;;
esac
echo "${start_flags[@]}"
}
########################
# Run custom initialization scripts
# Globals:
# GEODE_*
# Arguments:
# None
# Returns:
# None
#########################
geode_custom_init_scripts() {
if [[ -n $(find "${GEODE_INITSCRIPTS_DIR}/" -type f -regex ".*\.sh") ]] && [[ ! -f "${GEODE_VOLUME_DIR}/.user_scripts_initialized" ]] ; then
info "Loading user's custom files from \"${GEODE_INITSCRIPTS_DIR}\"";
local -r tmp_file="/tmp/filelist"
find "${GEODE_INITSCRIPTS_DIR}/" -type f -regex ".*\.sh" | sort >"$tmp_file"
while read -r f; do
case "$f" in
*.sh)
if [[ -x "$f" ]]; then
debug "Executing $f"
"$f"
else
debug "Sourcing $f"
. "$f"
fi
;;
*) debug "Ignoring $f" ;;
esac
done <$tmp_file
rm -f "$tmp_file"
touch "${GEODE_VOLUME_DIR}/.user_scripts_initialized"
fi
}

5
bitnami/geode/1/debian-11/tags-info.yaml
View File

@ -1,5 +0,0 @@
rolling-tags:
- "1"
- "1-debian-11"
- "1.15.1"
- "latest"

553
bitnami/geode/README.md
View File

@ -1,553 +0,0 @@
# Apache Geode packaged by Bitnami
## Container Deprecation Notice
Apache Geode's container image is longer maintained and is now internally tagged to be deprecated. This container image will no longer be released in our catalog a month after this notice is published, but already released container images will still persist in the registries. Valid to be removed starting on: 12-08-2022
## What is Apache Geode?
> Apache Geode is a data management platform that provides advanced capabilities for data-intensive applications.
[Overview of Apache Geode](https://geode.apache.org/)
Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.
## TL;DR
```console
$ curl -sSL https://raw.githubusercontent.com/bitnami/containers/main/bitnami/geode/docker-compose.yml > docker-compose.yml
$ docker-compose up -d
```
**Warning**: This quick setup is only intended for development environments. You are encouraged to change the insecure default credentials and check out the available configuration options in the [Environment Variables](#environment-variables) section for a more secure deployment.
## Why use Bitnami Images?
* Bitnami closely tracks upstream source changes and promptly publishes new versions of this image using our automated systems.
* With Bitnami images the latest bug fixes and features are available as soon as possible.
* Bitnami containers, virtual machines and cloud images use the same components and configuration approach - making it easy to switch between formats based on your project needs.
* All our images are based on [minideb](https://github.com/bitnami/minideb) a minimalist Debian based container image which gives you a small base container image and the familiarity of a leading Linux distribution.
* All Bitnami images available in Docker Hub are signed with [Docker Content Trust (DCT)](https://docs.docker.com/engine/security/trust/content_trust/). You can use `DOCKER_CONTENT_TRUST=1` to verify the integrity of the images.
* Bitnami container images are released on a regular basis with the latest distribution packages available.
## How to deploy Apache Geode in Kubernetes?
Deploying Bitnami applications as Helm Charts is the easiest way to get started with our applications on Kubernetes. Read more about the installation in the [Bitnami Apache Geode Chart GitHub repository](https://github.com/bitnami/charts/tree/master/bitnami/geode).
Bitnami containers can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
## Why use a non-root container?
Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.bitnami.com/tutorials/work-with-non-root-containers/).
## Supported tags and respective `Dockerfile` links
Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers/).
You can see the equivalence between the different tags by taking a look at the `tags-info.yaml` file present in the branch folder, i.e `bitnami/ASSET/BRANCH/DISTRO/tags-info.yaml`.
Subscribe to project updates by watching the [bitnami/containers GitHub repo](https://github.com/bitnami/containers).
## Get this image
The recommended way to get the Bitnami Apache Geode Docker Image is to pull the prebuilt image from the [Docker Hub Registry](https://hub.docker.com/r/bitnami/geode).
```console
$ docker pull bitnami/geode:latest
```
To use a specific version, you can pull a versioned tag. You can view the [list of available versions](https://hub.docker.com/r/bitnami/geode/tags/) in the Docker Hub Registry.
```console
$ docker pull bitnami/geode:[TAG]
```
If you wish, you can also build the image yourself by cloning the repository, changing to the directory containing the Dockerfile and executing the `docker build` command. Remember to replace the `APP`, `VERSION` and `OPERATING-SYSTEM` path placeholders in the example command below with the correct values.
```console
$ git clone https://github.com/bitnami/containers.git
$ cd bitnami/APP/VERSION/OPERATING-SYSTEM
$ docker build -t bitnami/APP:latest .
```
## How to use this image
### Run the application using Docker Compose
The main folder of this repository contains a functional [`docker-compose.yml`](https://github.com/bitnami/containers/blob/main/bitnami/geode/docker-compose.yml) file. Run the application using it as shown below:
```console
$ curl -sSL https://raw.githubusercontent.com/bitnami/containers/main/bitnami/geode/docker-compose.yml > docker-compose.yml
$ docker-compose up -d
```
### Using the Docker Command Line
If you want to run the application manually instead of using `docker-compose`, these are the basic steps you need to run:
#### Step 0: Create a network
```console
$ docker network create geode-network
```
#### Step 1: Create volumes for Apache Geode persistence and launch the container
```console
$ docker volume create --name geode_data
$ docker run -d --name geode -p 7070:7070 \
--env ALLOW_EMPTY_PASSWORD=yes \
--network geode-network \
--volume geode_data:/bitnami/geode \
bitnami/geode:latest
```
Access your application at `http://your-ip/`
## Persisting your application
If you remove the container all your data and configurations will be lost, and the next time you run the image the database will be reinitialized. To avoid this loss of data, you should mount a volume that will persist even after the container is removed.
For persistence you should mount a directory at the `/bitnami/geode` path. If the mounted directory is empty, it will be initialized on the first run.
To avoid inadvertent removal of volumes, you can [mount host directories as data volumes](https://docs.docker.com/engine/tutorials/dockervolumes/). Alternatively you can make use of volume plugins to host the volume data.
### Mount host directories as data volumes with Docker Compose
This requires a minor change to the [`docker-compose.yml`](https://github.com/bitnami/containers/blob/main/bitnami/geode/docker-compose.yml) file present in this repository:
```diff
geode:
...
volumes:
- - 'geode_data:/bitnami/geode'
+ - /path/to/geode-persistence:/bitnami/geode
...
-volumes:
- geode_data:
- driver: local
```
> NOTE: As this is a non-root container, the mounted files and directories must have the proper permissions for the UID `1001`.
### Mount host directories as data volumes using the Docker command line
#### Step 0: Create a network
```console
$ docker network create geode-network
```
#### Step 1. Create the Apache Geode container with host volumes
```console
$ docker run -d --name geode -p 7070:7070 \
--env ALLOW_EMPTY_PASSWORD=yes \
--network geode-network \
--volume /path/to/geode-persistence:/bitnami/geode \
bitnami/geode:latest
```
## Configuration
### Environment variables
When you start the Apache Geode image, you can adjust the configuration of the instance by passing one or more environment variables either on the docker-compose file or on the `docker run` command line. If you want to add a new environment variable:
* For docker-compose add the variable name and value under the application section in the [`docker-compose.yml`](https://github.com/bitnami/containers/blob/main/bitnami/geode/docker-compose.yml) file present in this repository:
```yaml
geode:
...
environment:
- GEODE_ENABLE_SECURITY=yes
- GEODE_SECURITY_PASSWORD=my_password
...
```
* For manual execution add a `--env` option with each variable and value:
```console
$ docker run -d --name geode -p 7070:7070 \
--env GEODE_ENABLE_SECURITY=yes \
--env GEODE_SECURITY_PASSWORD=my_password \
bitnami/geode:latest
```
Available environment variables:
#### Apache Geode configuration
* `GEODE_HTTP_BIND_ADDRESS`: Apache Geode HTTP bind address (bound to all local addresses if not specified). No defaults.
* `GEODE_HTTP_PORT_NUMBER`: Apache Geode HTTP port number. Default: **7070**
* `GEODE_RMI_BIND_ADDRESS`: Apache Geode RMI bind address (bound to all local addresses if not specified). No defaults.
* `GEODE_RMI_PORT_NUMBER`: Apache Geode RMI port number. Default: **1099**
* `GEODE_ADVERTISED_HOSTNAME`: Apache Geode advertised hostname. No defaults.
* `GEODE_NODE_NAME`: Apache Geode node name. No defaults.
* `GEODE_NODE_TYPE`: Apache Geode node type. Allowed values: *server* and *locator* Default: **server**
* `GEODE_LOG_LEVEL`: Apache Geode loge level. Allowed values: *severe*, *error*, *warning*, *info*, *config* and *fine*. Default: **info**
* `GEODE_INITIAL_HEAP_SIZE`: Initial size of the heap in the same format as the JVM -Xmx parameter. No defaults.
* `GEODE_MAX_HEAP_SIZE`: Maximum size of the heap in the same format as the JVM -Xmx parameter. No defaults.
* `GEODE_ENABLE_METRICS`: Enable exposing Apache Geode metrics for Prometheus. Default: **no**
* `GEODE_METRICS_PORT_NUMBER`: Apache Geode metrics port number. Default: **9914**
#### Apache Geode security configuration
* `GEODE_ENABLE_SECURITY`: Enable Apache Geode security. Default: **no**
* `GEODE_SECURITY_MANAGER`: Fully qualified name of the class that implements the SecurityManager interface. Default: **org.apache.geode.examples.security.ExampleSecurityManager**
* `GEODE_SECURITY_USERNAME`: Username credential the node will use to connect with locators. Default: **admin**
* `GEODE_SECURITY_PASSWORD`: Password credential the node will use to connect with locators. No defaults.
* `GEODE_SECURITY_TLS_COMPONENTS`: Comma-separated list of components for which to enable TLS. Allowed values: *cluster*, *gateway*, *web*, *jmx*, *locator*, *server* and *all*. No defaults.
* `GEODE_SECURITY_TLS_PROTOCOLS`: Comma-separated list of valid protocols versions for TCP/IP connections with TLS encryption enabled. Default: **any**
* `GEODE_SECURITY_TLS_REQUIRE_AUTHENTICATION`: Enable two-way authentication via TLS. Default: **no**
* `GEODE_SECURITY_TLS_ENDPOINT_IDENTIFICATION_ENABLED`: Enable server hostname validation using server certificates. Default: **no**
* `GEODE_SECURITY_TLS_KEYSTORE_FILE`: Path to the key store file. Default: **/opt/bitnami/geode/config/certs/geode.keystore.jks**
* `GEODE_SECURITY_TLS_KEYSTORE_PASSWORD`: Key store file. No defaults.
* `GEODE_SECURITY_TLS_TRUSTSTORE_FILE`: Path to the trust store file. Default: **/opt/bitnami/geode/config/certs/geode.truststore.jks**
* `GEODE_SECURITY_TLS_TRUSTSTORE_PASSWORD`: Trust store password. No defaults.
#### Apache Geode cluster configuration
* `GEODE_LOCATORS`: Comma-separated list of Apache Geode locators use to join the Geode cluster. No defaults.
* `GEODE_GROUPS`: Comma-separated list of Apache Geode member groups this node belongs to. Default: **server**
#### Apache Geode Cache Servers configuration
* `GEODE_SERVER_BIND_ADDRESS`: Apache Geode Cache server bind address (bound to all local addresses if not specified). No defaults.
* `GEODE_SERVER_PORT_NUMBER`: Apache Geode Cache server port number. Default: **40404**
#### Apache Geode Locators configuration
* `GEODE_LOCATOR_BIND_ADDRESS`: Apache Geode Locator bind address (bound to all local addresses if not specified). No defaults.
* `GEODE_LOCATOR_PORT_NUMBER`: Apache Geode Locator port number. Default: **10334**
* `GEODE_LOCATOR_START_COMMAND`: Command to execute to configure a Locator node after starting it. Default: **configure pdx --read-serialized --disk-store**
### Security
The Bitnami Apache Geode Docker image does not enable security mechanisms by default, please remember this is not recommended for production environments.
#### Authentication & Authorization
In order to implement authentication and authorization mechanisms, you need to configure a Security Manager that implements the "SecurityManager" interface. To enable authentication and authorization on this container, set the `GEODE_ENABLE_SECURITY` environment variable to `yes` and set `GEODE_SECURITY_MANAGER` with the FQDN of the desired class that implements the "SecurityManager" interface.
> Learn more about the Security Manager in the [Apache Geode documentation](https://geode.apache.org/docs/guide/114/managing/security/enable_security.html).
By default this container uses [this ExampleSecurityManager](https://geode.apache.org/releases/latest/javadoc/org/apache/geode/examples/security/ExampleSecurityManager.html) as Security Manager, which is based on JSON resource called `security.json` where you can define your users and roles.When the `security.json` is not provided, this container generates a very simple one that:
* Configures authentication for user defined at `GEODE_SECURITY_USERNAME` using the password defined at `GEODE_SECURITY_PASSWORD`.
* Authorizes the user defined at `GEODE_SECURITY_USERNAME` with all the privileges.
To use a custom `security.json`, mount it into `/opt/bitnami/geode/extensions` on every Apache Geode container in the cluster.
> Note: The "ExampleSecurityManager" is not recommended for production environments
#### TLS authentication
You can also configure TLS for authentication between members and to protect your data during distribution. TLS authentication can be configured for every component or only on certain communications (e.g. only communication with and between locators). This container exposes the `GEODE_SECURITY_TLS_COMPONENTS` so you can choose the components for which to enable TLS (none by default).
> Note: TLS authentication can be alone or in conjunction with the authentication provided by the Security Manager
To configure TLS, you must use your own certificates. You can mount your Java Key Stores into `/opt/bitnami/geode/config/certs`. If the JKS certs are password protected (recommended), you will need to provide them also setting `GEODE_SECURITY_TLS_KEYSTORE_PASSWORD` and `GEODE_SECURITY_TLS_TRUSTSTORE_PASSWORD`.
> If your Java Key Stores are mounted in a different location than `/opt/bitnami/geode/config/certs/geode.keystore.jks` and `/opt/bitnami/geode/config/certs/geode.truststore.jks`, set the environment variables `GEODE_SECURITY_TLS_KEYSTORE_FILE` and `GEODE_SECURITY_TLS_TRUSTSTORE_FILE` with the name of the path where you mounted your key store and trust store files, respectively.
The following script (intended for Kafka but valid for Apache Geode) can help you with the creation of the JKS and certificates:
* [kafka-generate-ssl.sh](https://raw.githubusercontent.com/confluentinc/confluent-platform-security-tools/master/kafka-generate-ssl.sh)
Keep in mind the following notes:
* Set the Common Name or FQDN values to your Apache Geode container hostname, e.g. `geode.example.com`. After entering this value, when prompted "What is your first and last name?", enter this value as well.
* As an alternative, you can disable host name verification setting the environment variable `GEODE_SECURITY_TLS_ENDPOINT_IDENTIFICATION_ENABLED` to `no`.
* Each Apache Geode Cache server and Locator needs its own keystore. You will have to repeat the process for each of the member in the cluster.
> Learn more about the TLS configuration in the [Apache Geode documentation](https://geode.apache.org/docs/guide/114/managing/security/implementing_ssl.html).
The following Docker Compose is just an example showing how to enable TLS authentication communications for between clients and servers, and mount your JKS certificates protected by the password `pass123` in a Apache Geode standalone Cache server:
```yaml
version: '2.1'
services:
geode:
image: 'bitnami/geode:latest'
ports:
- 7070:7070
environment:
- GEODE_ENABLE_SECURITY=yes
- GEODE_SECURITY_TLS_COMPONENTS=server
- GEODE_SECURITY_TLS_ENDPOINT_IDENTIFICATION_ENABLED=no
- GEODE_SECURITY_TLS_KEYSTORE_PASSWORD=pass123
- GEODE_SECURITY_TLS_TRUSTSTORE_PASSWORD=pass123
volumes:
- './geode.keystore.jks:/opt/bitnami/geode/config/certs/geode.keystore.jks:ro'
- './geode.truststore.jks:/opt/bitnami/geode/config/certs/geode.truststore.jks:ro'
```
### Setting up an Apache Geode Cluster
An Apache Geode cluster with both Locators and Chache server nodes can easily be setup with the Bitnami Apache Geode Docker image. To do so, this image exposes a set of useful environment variables.
#### Using the Docker Command Line
##### Step 0: Create a network
Create a Docker network to enable visibility between Apache Geode nodes:
```console
$ docker network create geode-network --driver bridge
```
##### Step 1: Create an Apache Geode Locator
The first step is to create an Apache Geode Locator node.
```console
$ docker run --name geode-locator -p 7070:7070 \
--network geode-network \
--env ALLOW_EMPTY_PASSWORD=yes \
--env GEODE_NODE_NAME=locator \
--env GEODE_NODE_TYPE=locator \
--env GEODE_ADVERTISED_HOSTNAME=geode-locator \
bitnami/geode:development
```
##### Step 2: Create the first Apache Geode Cache server
Then, we can create our fist Apache Geode Cache server node.
```console
$ docker run --name geode-server-0 \
--network geode-network \
--env ALLOW_EMPTY_PASSWORD=yes \
--env GEODE_NODE_NAME=server-0 \
--env GEODE_NODE_TYPE=server \
--env GEODE_ADVERTISED_HOSTNAME=geode-server-0 \
--env GEODE_LOCATORS=geode-locator[10334] \
bitnami/geode:development
```
##### Step 3: Create the second Apache Geode Cache server
Next, we create a new Apache Geode Cache server node.
```console
$ docker run --name geode-server-1 \
--network geode-network \
--env ALLOW_EMPTY_PASSWORD=yes \
--env GEODE_NODE_NAME=server-1 \
--env GEODE_NODE_TYPE=server \
--env GEODE_ADVERTISED_HOSTNAME=geode-server-1 \
--env GEODE_LOCATORS=geode-locator[10334] \
bitnami/geode:development
```
You now have a Apache Geode cluster up and running. You can scale the cluster by adding/removing new nodes without incurring any downtime.
#### Using Docker Compose
The main folder of this repository contains a functional [`docker-compose-cluster.yml`](https://github.com/bitnami/containers/blob/main/bitnami/geode/blob/master/docker-compose-cluster.yml) file. Run an Apache Geode cluster using it as shown below:
```console
$ curl -sSL https://raw.githubusercontent.com/bitnami/containers/main/bitnami/geode/master/docker-compose-cluster.yml > docker-compose.yml
$ docker-compose up -d
```
### Full configuration
The image looks for configuration files (`gemfire.properties`, `cache.xml`, `log4j2.xml`, etc.) in the `/bitnami/geode/config/` directory. Find very simple examples below.
#### Using the Docker Command Line
```console
$ docker run -d --name geode -p 7070:7070 \
--env ALLOW_EMPTY_PASSWORD=yes \
--volume /path/to/gemfire.properties:/bitnami/geode/config/gemfire.properties:ro \
bitnami/geode:latest
```
After that, your custom configuration will be taken into account to start the Apache Geode node.
#### Using Docker Compose
Modify the [`docker-compose.yml`](https://github.com/bitnami/containers/blob/main/bitnami/geode/docker-compose.yml) file present in this repository as follows:
```diff
...
services:
geode:
...
volumes:
- 'geode_data:/bitnami/geode'
+ - /path/to/gemfire.properties:/bitnami/geode/config/gemfire.properties:ro
```
After that, your custom configuration will be taken into account to start the Apache Geode node.
## Logging
The Bitnami Apache Geode Docker image sends the container logs to `stdout`. To view the logs:
```console
$ docker logs geode
```
Or using Docker Compose:
```console
$ docker-compose logs geode
```
You can configure the containers [logging driver](https://docs.docker.com/engine/admin/logging/overview/) using the `--log-driver` option if you wish to consume the container logs differently. In the default configuration docker uses the `json-file` driver.
## Initializing a new instance
When the container is launched, it will execute the files with extension `.sh` located at `/docker-entrypoint-initdb.d`.
In order to have your custom files inside the docker image you can mount them as a volume.
```console
$ docker run --name geode \
-v /path/to/init-scripts:/docker-entrypoint-initdb.d \
bitnami/geode:latest
```
Or with Docker Compose:
```yaml
geode:
image: bitnami/geode:latest
volumes:
- /path/to/init-scripts:/docker-entrypoint-initdb.d
```
## Maintenance
### Backing up your container
To backup your data and configuration, follow these simple steps:
#### Step 1: Export the configuration (optional)
Unless you're using the Cluster Configuration Service (only available when running locator nodes), the configuration is not persisted. To avoid losing your configuration in standalone Cache servers, you can export it as it's explained in the [Apache Geode documentation](https://geode.apache.org/docs/guide/114/tools_modules/gfsh/command-pages/export.html).
#### Step 2: Stop the currently running container
```console
$ docker stop geode
```
Or using Docker Compose:
```console
$ docker-compose stop geode
```
#### Step 3: Run the backup command
We need to mount two volumes in a container we will use to create the backup: a directory on your host to store the backup in, and the volumes from the container we just stopped so we can access the data.
```console
$ docker run --rm -v /path/to/geode-backups:/backups --volumes-from geode busybox \
cp -a /bitnami/geode /backups/latest
```
Or using Docker Compose:
```console
$ docker run --rm -v /path/to/geode-backups:/backups --volumes-from `docker-compose ps -q geode` busybox \
cp -a /bitnami/geode /backups/latest
```
### Restoring a backup
Restoring a backup is as simple as mounting the backup as volumes in the container.
```console
$ docker run -v /path/to/geode-backups/latest:/bitnami/geode bitnami/geode:latest
```
You can also modify the [`docker-compose.yml`](https://github.com/bitnami/containers/blob/main/bitnami/geode/docker-compose.yml) file present in this repository:
```yaml
geode:
volumes:
- /path/to/geode-backups/latest:/bitnami/geode
```
> Note: if you exported your node configuration, you can restore in your Apache Geode node by mountin the configuration files as explained in the [Full Confiuration section)[#full-configuration].
### Upgrade this image
Bitnami provides up-to-date versions of Kafka, including security patches, soon after they are made upstream. We recommend that you follow these steps to upgrade your container.
#### Step 1: Get the updated image
```console
$ docker pull bitnami/geode:latest
```
or if you're using Docker Compose, update the value of the image property to `bitnami/geode:latest`.
#### Step 2: Stop and backup the currently running container
Before continuing, you should backup your container's data, configuration and logs.
Follow the steps on [creating a backup](#backing-up-your-container).
#### Step 3: Remove the currently running container
```console
$ docker rm -v geode
```
Or using Docker Compose:
```console
$ docker-compose rm -v geode
```
#### Step 4: Run the new image
Re-create your container from the new image, [restoring your backup](#restoring-a-backup) if necessary.
```console
$ docker run --name geode bitnami/geode:latest
```
Or using Docker Compose:
```console
$ docker-compose up geode
```
## Notable Changes
### 1.15.0-debian-11-r16
* Default value for `GEODE_SECURITY_TLS_KEYSTORE_FILE` and `GEODE_SECURITY_TLS_TRUSTSTORE_FILE` updated to **/opt/bitnami/geode/config/certs/geode.keystore.jks** and **/opt/bitnami/geode/config/certs/geode.truststore.jks** respectively
## Contributing
We'd love for you to contribute to this Docker image. You can request new features by creating an [issue](https://github.com/bitnami/containers/issues) or submitting a [pull request](https://github.com/bitnami/containers/pulls) with your contribution.
## Issues
If you encountered a problem running this container, you can file an [issue](https://github.com/bitnami/containers/issues/new/choose). For us to provide better support, be sure to fill the issue template.
## License
Copyright &copy; 2022 Bitnami
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

55
bitnami/geode/docker-compose-cluster.yml
View File

@ -1,55 +0,0 @@
version: '2.1'
services:
geode-locator:
image: docker.io/bitnami/geode:1
environment:
- GEODE_NODE_NAME=locator
- GEODE_NODE_TYPE=locator
- GEODE_ADVERTISED_HOSTNAME=geode-locator
- GEODE_ENABLE_SECURITY=yes
- GEODE_SECURITY_PASSWORD=some_password
healthcheck:
test: gfsh status locator --dir /bitnami/geode/data >/dev/null 2>&1 || exit 1
ports:
- 7070:7070
volumes:
- 'geode_locator_data:/bitnami/geode'
geode-server-0:
image: docker.io/bitnami/geode:1
environment:
- GEODE_NODE_NAME=server-0
- GEODE_NODE_TYPE=server
- GEODE_LOCATORS=geode-locator[10334]
- GEODE_ADVERTISED_HOSTNAME=geode-server-0
- GEODE_ENABLE_SECURITY=yes
- GEODE_SECURITY_PASSWORD=some_password
healthcheck:
test: gfsh status server --dir /bitnami/geode/data >/dev/null 2>&1 || exit 1
volumes:
- 'geode_server_0_data:/bitnami/geode'
depends_on:
- geode-locator
geode-server-1:
image: docker.io/bitnami/geode:1
environment:
- GEODE_NODE_NAME=server-1
- GEODE_NODE_TYPE=server
- GEODE_LOCATORS=geode-locator[10334]
- GEODE_ADVERTISED_HOSTNAME=geode-server-1
- GEODE_ENABLE_SECURITY=yes
- GEODE_SECURITY_PASSWORD=some_password
healthcheck:
test: gfsh status server --dir /bitnami/geode/data >/dev/null 2>&1 || exit 1
volumes:
- 'geode_server_1_data:/bitnami/geode'
depends_on:
- geode-locator
volumes:
geode_locator_data:
driver: local
geode_server_0_data:
driver: local
geode_server_1_data:
driver: local

20
bitnami/geode/docker-compose.yml
View File

@ -1,20 +0,0 @@
version: '2.1'
services:
geode:
image: docker.io/bitnami/geode:1
ports:
- 7070:7070
environment:
- GEODE_NODE_NAME=geode
- GEODE_ADVERTISED_HOSTNAME=localhost
# ALLOW_EMPTY_PASSWORD is recommended only for development.
- ALLOW_EMPTY_PASSWORD=yes
healthcheck:
test: gfsh status locator --dir /bitnami/geode/data >/dev/null 2>&1 || exit 1
volumes:
- 'geode_data:/bitnami/geode'
volumes:
geode_data:
driver: local