dokku/dokku-mongo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cd5b3a14b81cbd488156ef93c0a9fbbc994a8fa5
dokku-mongo/functions
Jose Diaz-Gonzalez cd5b3a14b8 fix: Strictly validate service names 
We previously allowed a wide range of service names. As the service name is sometimes used to name databases, the name was actually more restricted than any character, resulting in services that wouldn't start. Going forward, only alphanumeric and underscore characters are allowed.

This only impacts service creation. Any services with invalid names should be migrated to a new service, with the data exported and imported as normal.

Closes dokku/dokku-redis#99
Closes dokku/dokku-mysql#47
Closes dokku/dokku-mongo#86
Closes dokku/dokku-redis#81
2019-03-09 15:54:21 -05:00

162 lines
6.9 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/config"
set -eo pipefail; [[ $DOKKU_TRACE ]] && set -x
source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/common-functions"
source "$PLUGIN_BASE_PATH/common/functions"
source "$PLUGIN_AVAILABLE_PATH/config/functions"
if [[ -f "$PLUGIN_AVAILABLE_PATH/docker-options/functions" ]]; then
source "$PLUGIN_AVAILABLE_PATH/docker-options/functions"
fi
service_connect() {
local SERVICE="$1"
local SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE"
local SERVICE_NAME="$(get_service_name "$SERVICE")"
local PASSWORD="$(cat "$SERVICE_ROOT/PASSWORD")"
local SERVICE_TTY_OPTS
has_tty && SERVICE_TTY_OPTS="-t"
docker exec -i $SERVICE_TTY_OPTS "$SERVICE_NAME" mongo -u "$SERVICE" -p "$PASSWORD" --authenticationDatabase "$SERVICE" "$SERVICE"
}
service_create() {
local SERVICE="$1"
is_valid_service_name "$SERVICE" || dokku_log_fail "Please specify a valid name for the service. Valid characters are: [A-Za-z0-9_]+"
[[ -z "$SERVICE" ]] && dokku_log_fail "Please specify a name for the service"
[[ ! -d "$PLUGIN_DATA_ROOT/$SERVICE" ]] || dokku_log_fail "$PLUGIN_SERVICE service $SERVICE already exists"
SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE"; LINKS_FILE="$SERVICE_ROOT/LINKS"
service_parse_args "${@:2}"
if ! service_image_exists "$SERVICE"; then
if [[ "$PLUGIN_DISABLE_PULL" == "true" ]]; then
dokku_log_warn "${PLUGIN_DISABLE_PULL_VARIABLE} environment variable detected. Not running pull command." 1>&2
dokku_log_warn " docker pull ${IMAGE}" 1>&2
dokku_log_warn "$PLUGIN_SERVICE service creation failed"
exit 1
fi
docker pull "$PLUGIN_IMAGE:$PLUGIN_IMAGE_VERSION" || dokku_log_fail "$PLUGIN_SERVICE image $PLUGIN_IMAGE:$PLUGIN_IMAGE_VERSION pull failed"
fi
mkdir -p "$SERVICE_ROOT" || dokku_log_fail "Unable to create service directory"
mkdir -p "$SERVICE_ROOT/data" || dokku_log_fail "Unable to create service data directory"
mkdir -p "$SERVICE_ROOT/config" || dokku_log_fail "Unable to create service config directory"
touch "$LINKS_FILE"
ROOTPASSWORD=$(openssl rand -hex 16)
PASSWORD=$(openssl rand -hex 16)
if [[ -n "$SERVICE_PASSWORD" ]]; then
PASSWORD="$SERVICE_PASSWORD"
dokku_log_warn "Specified password may not be as secure as the auto-generated password"
fi
if [[ -n "$SERVICE_ROOT_PASSWORD" ]]; then
ROOTPASSWORD="$SERVICE_ROOT_PASSWORD"
dokku_log_warn "Specified root password may not be as secure as the auto-generated root password"
fi
echo "$ROOTPASSWORD" > "$SERVICE_ROOT/ROOTPASSWORD"
echo "$PASSWORD" > "$SERVICE_ROOT/PASSWORD"
chmod 640 "$SERVICE_ROOT/ROOTPASSWORD" "$SERVICE_ROOT/PASSWORD"
[[ -n "$SERVICE_CUSTOM_ENV" ]] && MONGO_CUSTOM_ENV="$SERVICE_CUSTOM_ENV"
if [[ -n $MONGO_CUSTOM_ENV ]]; then
echo "$MONGO_CUSTOM_ENV" | tr ';' "\n" > "$SERVICE_ROOT/ENV"
else
echo "" > "$SERVICE_ROOT/ENV"
fi
[[ -n "$PLUGIN_CONFIG_OPTIONS" ]] && MONGO_CONFIG_OPTIONS="$PLUGIN_CONFIG_OPTIONS"
if [[ -n "$MONGO_CONFIG_OPTIONS" ]]; then
echo "$MONGO_CONFIG_OPTIONS" > "$SERVICE_ROOT/MONGO_CONFIG_OPTIONS"
else
echo "" > "$SERVICE_ROOT/MONGO_CONFIG_OPTIONS"
fi
service_create_container "$SERVICE"
}
service_create_container() {
local SERVICE="$1"
local SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE"
local SERVICE_HOST_ROOT="$PLUGIN_DATA_HOST_ROOT/$SERVICE"
local SERVICE_NAME="$(get_service_name "$SERVICE")"
local ROOTPASSWORD="$(cat "$SERVICE_ROOT/ROOTPASSWORD")"
local PASSWORD="$(cat "$SERVICE_ROOT/PASSWORD")"
if [[ -f "$SERVICE_ROOT/MONGO_CONFIG_OPTIONS" ]]; then
export MONGO_CONFIG_OPTIONS="$(cat "$SERVICE_ROOT/MONGO_CONFIG_OPTIONS")"
fi
# shellcheck disable=SC2086
ID=$(docker run --name "$SERVICE_NAME" -v "$SERVICE_HOST_ROOT/data:/data/db" --env-file="$SERVICE_ROOT/ENV" -d --restart always --label dokku=service --label dokku.service=mongo "$PLUGIN_IMAGE:$PLUGIN_IMAGE_VERSION" mongod $MONGO_CONFIG_OPTIONS)
echo "$ID" > "$SERVICE_ROOT/ID"
dokku_log_verbose_quiet "Waiting for container to be ready"
docker run --rm --link "$SERVICE_NAME:$PLUGIN_COMMAND_PREFIX" dokkupaas/wait:0.2 -p "$PLUGIN_DATASTORE_WAIT_PORT" > /dev/null
echo "db.createUser({user:'admin',pwd:'$ROOTPASSWORD',roles:[{role:'userAdminAnyDatabase',db:'admin'},{role:'__system',db:'admin'},{role:'root',db:'admin'}]})" | docker exec -i "$SERVICE_NAME" mongo admin > /dev/null
echo "db.createUser({user:'$SERVICE',pwd:'$PASSWORD',roles:[{role:'readWrite',db:'$SERVICE'}]})" | docker exec -i "$SERVICE_NAME" mongo -u admin -p "$ROOTPASSWORD" --authenticationDatabase admin "$SERVICE" > /dev/null
dokku_log_info2 "$PLUGIN_SERVICE container created: $SERVICE"
service_info "$SERVICE"
}
service_export() {
local SERVICE="$1"
local SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE"
local SERVICE_NAME="$(get_service_name "$SERVICE")"
local PASSWORD="$(cat "$SERVICE_ROOT/PASSWORD")"
[[ -n $SSH_TTY ]] && stty -opost
docker exec "$SERVICE_NAME" bash -c "mongodump -d $SERVICE -u \"$SERVICE\" -p \"$PASSWORD\" --authenticationDatabase \"$SERVICE\" --quiet --gzip --archive 2>/dev/null"
status=$?
[[ -n $SSH_TTY ]] && stty opost
exit $status
}
service_import() {
local SERVICE="$1"
local SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE"
local SERVICE_HOST_ROOT="$PLUGIN_DATA_HOST_ROOT/$SERVICE"
local SERVICE_NAME="$(get_service_name "$SERVICE")"
local PASSWORD="$(cat "$SERVICE_ROOT/PASSWORD")"
if [[ -t 0 ]]; then
dokku_log_fail "No data provided on stdin."
fi
docker exec -i "$SERVICE_NAME" bash -c "mongorestore -u \"$SERVICE\" -p \"$PASSWORD\" --authenticationDatabase \"$SERVICE\" --gzip --archive --nsFrom '\$db\$.\$coll\$' --nsTo '$SERVICE.\$coll\$'"
}
service_start() {
local SERVICE="$1"
local QUIET="$2"
local SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE"
local SERVICE_NAME="$(get_service_name "$SERVICE")"
local ID=$(docker ps -f status=running --no-trunc | grep -e "$SERVICE_NAME$" | awk '{print $1}') || true
if [[ -n $ID ]]; then
[[ -z $QUIET ]] && dokku_log_warn "Service is already started"
return 0
fi
dokku_log_info2_quiet "Starting container"
local PREVIOUS_ID=$(docker ps -f status=exited --no-trunc | grep -e "$SERVICE_NAME$" | awk '{print $1}') || true
local ROOTPASSWORD="$(cat "$SERVICE_ROOT/ROOTPASSWORD")"
local PASSWORD="$(cat "$SERVICE_ROOT/PASSWORD")"
if [[ -n $PREVIOUS_ID ]]; then
docker start "$PREVIOUS_ID" > /dev/null
service_port_unpause "$SERVICE"
dokku_log_info2 "Container started"
elif service_image_exists "$SERVICE" && [[ -n "$ROOTPASSWORD" ]] && [[ -n "$PASSWORD" ]]; then
service_create_container "$SERVICE"
else
dokku_log_verbose_quiet "Neither container nor valid configuration exists for $SERVICE"
fi
}
service_url() {
local SERVICE="$1"
local SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE"
local PASSWORD="$(cat "$SERVICE_ROOT/PASSWORD")"
local SERVICE_DNS_HOSTNAME="$(service_dns_hostname "$SERVICE")"
echo "$PLUGIN_SCHEME://$SERVICE:$PASSWORD@$SERVICE_DNS_HOSTNAME:${PLUGIN_DATASTORE_PORTS[0]}/$SERVICE"
}
Reference in New Issue View Git Blame Copy Permalink