919832ba2a
This change makes password authentication required for redis usage, and removes anonymous access. Users will need to change their underlying clients to enable writing the auth token for authenticating, otherwise requests will fail. This is a non-optional change, and improves security for users who wish to expose their redis installations outside of their network.
120 lines
4.9 KiB
Bash
Executable File
120 lines
4.9 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/config"
|
|
set -eo pipefail; [[ $DOKKU_TRACE ]] && set -x
|
|
source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/common-functions"
|
|
source "$PLUGIN_AVAILABLE_PATH/config/functions"
|
|
if [[ -f "$PLUGIN_AVAILABLE_PATH/docker-options/functions" ]]; then
|
|
source "$PLUGIN_AVAILABLE_PATH/docker-options/functions"
|
|
fi
|
|
|
|
# non-generic functions
|
|
|
|
service_create() {
|
|
local SERVICE="$1"
|
|
[[ -z "$SERVICE" ]] && dokku_log_fail "Please specify a name for the service"
|
|
[[ ! -d "$PLUGIN_DATA_ROOT/$SERVICE" ]] || dokku_log_fail "$PLUGIN_SERVICE service $SERVICE already exists"
|
|
SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE"; LINKS_FILE="$SERVICE_ROOT/LINKS"
|
|
|
|
if ! docker images | grep -e "^$PLUGIN_IMAGE " | grep -q " $PLUGIN_IMAGE_VERSION " ; then
|
|
docker pull "$PLUGIN_IMAGE:$PLUGIN_IMAGE_VERSION" || dokku_log_fail "$PLUGIN_SERVICE image $PLUGIN_IMAGE:$PLUGIN_IMAGE_VERSION pull failed"
|
|
fi
|
|
|
|
mkdir -p "$SERVICE_ROOT" || dokku_log_fail "Unable to create service directory"
|
|
mkdir -p "$SERVICE_ROOT/data" || dokku_log_fail "Unable to create service data directory"
|
|
mkdir -p "$SERVICE_ROOT/config" || dokku_log_fail "Unable to create service config directory"
|
|
curl -sSL "https://raw.githubusercontent.com/antirez/redis/${REDIS_IMAGE_VERSION:0:3}/redis.conf" > "$SERVICE_ROOT/config/redis.conf" || dokku_log_fail "Unable to download the default redis.conf to the config directory"
|
|
PASSWORD=$(openssl rand -hex 32)
|
|
echo "$PASSWORD" > "$SERVICE_ROOT/PASSWORD"
|
|
chmod 640 "$SERVICE_ROOT/PASSWORD"
|
|
sed -i.bak "s/# requirepass.*/requirepass ${PASSWORD}/" "$SERVICE_ROOT/config/redis.conf" && rm "$SERVICE_ROOT/config/redis.conf.bak"
|
|
touch "$LINKS_FILE"
|
|
|
|
if [[ -n $REDIS_CUSTOM_ENV ]]; then
|
|
echo "$REDIS_CUSTOM_ENV" | tr ';' "\n" > "$SERVICE_ROOT/ENV"
|
|
else
|
|
echo "" > "$SERVICE_ROOT/ENV"
|
|
fi
|
|
service_create_container "$SERVICE"
|
|
}
|
|
|
|
service_create_container() {
|
|
local SERVICE="$1"
|
|
local SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE"
|
|
local SERVICE_NAME="$(get_service_name "$SERVICE")"
|
|
|
|
ID=$(docker run --name "$SERVICE_NAME" -v "$SERVICE_ROOT/data:/data" -v "$SERVICE_ROOT/config:/usr/local/etc/redis" --env-file="$SERVICE_ROOT/ENV" -d --restart always --label dokku=service --label dokku.service=redis "$PLUGIN_IMAGE:$PLUGIN_IMAGE_VERSION" redis-server /usr/local/etc/redis/redis.conf --bind 0.0.0.0)
|
|
echo "$ID" > "$SERVICE_ROOT/ID"
|
|
|
|
dokku_log_verbose_quiet "Waiting for container to be ready"
|
|
docker run --rm --link "$SERVICE_NAME:$PLUGIN_COMMAND_PREFIX" dokkupaas/wait:0.2 -p "$PLUGIN_DATASTORE_WAIT_PORT" > /dev/null
|
|
|
|
dokku_log_info2 "$PLUGIN_SERVICE container created: $SERVICE"
|
|
service_info "$SERVICE"
|
|
}
|
|
|
|
service_export() {
|
|
local SERVICE="$1"
|
|
local SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE"
|
|
local SERVICE_NAME="$(get_service_name "$SERVICE")"
|
|
|
|
[[ -n $SSH_TTY ]] && stty -opost
|
|
docker exec "$SERVICE_NAME" bash -c "echo SAVE | redis-cli" > /dev/null 2>&1
|
|
docker exec "$SERVICE_NAME" cat /data/dump.rdb
|
|
status=$?
|
|
[[ -n $SSH_TTY ]] && stty opost
|
|
exit $status
|
|
}
|
|
|
|
service_import() {
|
|
local SERVICE="$1"
|
|
SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE"
|
|
SERVICE_NAME="$(get_service_name "$SERVICE")"
|
|
|
|
if [[ -t 0 ]]; then
|
|
dokku_log_fail "No data provided on stdin."
|
|
fi
|
|
dokku "$PLUGIN_COMMAND_PREFIX:stop" "$SERVICE" > /dev/null 2>&1
|
|
docker run --rm -i -v "$SERVICE_ROOT/data:/data" "$PLUGIN_IMAGE:$PLUGIN_IMAGE_VERSION" bash -c "cat > /data/dump.rdb && chown redis: /data/dump.rdb"
|
|
dokku "$PLUGIN_COMMAND_PREFIX:start" "$SERVICE" > /dev/null 2>&1
|
|
}
|
|
|
|
service_start() {
|
|
local SERVICE="$1"
|
|
local QUIET="$2"
|
|
local SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE"
|
|
local SERVICE_NAME="$(get_service_name "$SERVICE")"
|
|
local ID=$(docker ps -f status=running | grep -e "$SERVICE_NAME$" | awk '{print $1}') || true
|
|
if [[ -n $ID ]]; then
|
|
[[ -z $QUIET ]] && dokku_log_warn "Service is already started"
|
|
return 0
|
|
fi
|
|
|
|
dokku_log_info1_quiet "Starting container"
|
|
local PREVIOUS_ID=$(docker ps -f status=exited | grep -e "$SERVICE_NAME$" | awk '{print $1}') || true
|
|
local IMAGE_EXISTS=$(docker images | grep -e "^$PLUGIN_IMAGE " | grep -q " $PLUGIN_IMAGE_VERSION " && true)
|
|
|
|
if [[ -n $PREVIOUS_ID ]]; then
|
|
docker start "$PREVIOUS_ID" > /dev/null
|
|
service_port_unpause "$SERVICE"
|
|
dokku_log_info2 "Container started"
|
|
elif $IMAGE_EXISTS; then
|
|
service_create_container "$SERVICE"
|
|
else
|
|
dokku_log_verbose_quiet "Neither container nor valid configuration exists for $SERVICE"
|
|
fi
|
|
}
|
|
|
|
service_url() {
|
|
local SERVICE="$1"
|
|
local SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE"
|
|
local PASSWORD="$(cat "$SERVICE_ROOT/PASSWORD")"
|
|
local SERVICE_ALIAS="$(service_alias "$SERVICE")"
|
|
echo "$PLUGIN_SCHEME://$SERVICE:$PASSWORD@$SERVICE_ALIAS:${PLUGIN_DATASTORE_PORTS[0]}"
|
|
}
|
|
|
|
update_plugin_scheme_for_app() {
|
|
local APP="$1"
|
|
local REDIS_DATABASE_SCHEME=$(config_get "$APP" REDIS_DATABASE_SCHEME)
|
|
PLUGIN_SCHEME=${REDIS_DATABASE_SCHEME:-$PLUGIN_SCHEME}
|
|
}
|