From 430fc8eb6235f6d73468187453a7376e5879a8bb Mon Sep 17 00:00:00 2001 From: Christophe Romain Date: Tue, 21 Mar 2017 18:59:12 +0100 Subject: [PATCH] Update docker files from latest Rafael's changes --- Dockerfile | 109 ++++++++++++++-- docker/bootstrap.sh | 75 ----------- docker/conf/ejabberd.yml.tpl | 17 +-- docker/conf/ejabberdctl.cfg.tpl | 54 ++++---- docker/conf/inetrc | 3 + docker/lib/base_config.sh | 22 ---- docker/post/20_ejabberd_register_users.sh | 72 ----------- docker/post/99_first_start_done.sh | 17 --- docker/pre/03_make_dhparam.sh | 22 ---- docker/pre/20_ejabberd_config.sh | 36 ------ docker/run.sh | 99 +++++++++++++++ docker/scripts/lib/base_config.sh | 53 ++++++++ docker/{ => scripts}/lib/base_functions.sh | 16 +-- docker/{ => scripts}/lib/config.sh | 0 docker/{ => scripts}/lib/functions.sh | 0 .../post/10_ejabberd_modules_update_specs.sh | 10 +- .../post/11_ejabberd_install_modules.sh | 53 ++++---- .../post/20_ejabberd_register_users.sh | 118 ++++++++++++++++++ docker/scripts/post/99_first_start_done.sh | 14 +++ docker/scripts/pre/00_change_user.sh | 23 ++++ .../pre/01_write_certifiates_from_env.sh | 13 +- .../pre/02_make_snakeoil_certificates.sh | 34 +++-- docker/scripts/pre/03_make_dhparam.sh | 28 +++++ docker/{ => scripts}/pre/10_erlang_cookie.sh | 13 +- docker/scripts/pre/20_ejabberd_config.sh | 38 ++++++ docker/scripts/stop/10_leave_cluster.sh | 21 ++++ docker/start.sh | 69 ---------- docker/stop/10_leave_cluster.sh | 21 ---- 28 files changed, 599 insertions(+), 451 deletions(-) delete mode 100755 docker/bootstrap.sh create mode 100644 docker/conf/inetrc delete mode 100644 docker/lib/base_config.sh delete mode 100755 docker/post/20_ejabberd_register_users.sh delete mode 100755 docker/post/99_first_start_done.sh delete mode 100755 docker/pre/03_make_dhparam.sh delete mode 100755 docker/pre/20_ejabberd_config.sh create mode 100755 docker/run.sh create mode 100644 docker/scripts/lib/base_config.sh rename docker/{ => scripts}/lib/base_functions.sh (80%) rename docker/{ => scripts}/lib/config.sh (100%) rename docker/{ => scripts}/lib/functions.sh (100%) rename docker/{ => scripts}/post/10_ejabberd_modules_update_specs.sh (53%) rename docker/{ => scripts}/post/11_ejabberd_install_modules.sh (68%) create mode 100755 docker/scripts/post/20_ejabberd_register_users.sh create mode 100755 docker/scripts/post/99_first_start_done.sh create mode 100755 docker/scripts/pre/00_change_user.sh rename docker/{ => scripts}/pre/01_write_certifiates_from_env.sh (75%) rename docker/{ => scripts}/pre/02_make_snakeoil_certificates.sh (59%) create mode 100755 docker/scripts/pre/03_make_dhparam.sh rename docker/{ => scripts}/pre/10_erlang_cookie.sh (50%) create mode 100755 docker/scripts/pre/20_ejabberd_config.sh create mode 100755 docker/scripts/stop/10_leave_cluster.sh delete mode 100755 docker/start.sh delete mode 100755 docker/stop/10_leave_cluster.sh diff --git a/Dockerfile b/Dockerfile index 37763a734..73bd93d42 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,25 +1,112 @@ -FROM debian:jessie +FROM debian:jessie-slim MAINTAINER Rafael Römhild -ENV XMPP_DOMAIN=localhost \ +ENV EJABBERD_BRANCH=17.03 \ + EJABBERD_USER=ejabberd \ + EJABBERD_HTTPS=true \ + EJABBERD_STARTTLS=true \ + EJABBERD_S2S_SSL=true \ EJABBERD_HOME=/opt/ejabberd \ - PATH=/opt/ejabberd/bin:/usr/sbin:/usr/bin:/sbin:/bin \ + EJABBERD_DEBUG_MODE=false \ + HOME=$EJABBERD_HOME \ + PATH=$EJABBERD_HOME/bin:/usr/sbin:/usr/bin:/sbin:/bin \ + DEBIAN_FRONTEND=noninteractive \ + XMPP_DOMAIN=localhost \ + # Set default locale for the environment LC_ALL=C.UTF-8 \ LANG=en_US.UTF-8 \ LANGUAGE=en_US.UTF-8 -# bootstrap -COPY . /tmp/ejabberd -RUN /tmp/ejabberd/docker/bootstrap.sh +# Add ejabberd user and group +RUN groupadd -r $EJABBERD_USER \ + && useradd -r -m \ + -g $EJABBERD_USER \ + -d $EJABBERD_HOME \ + $EJABBERD_USER + +# Install packages and perform cleanup +RUN set -x \ + && buildDeps=' \ + git-core \ + build-essential \ + automake \ + libssl-dev \ + zlib1g-dev \ + libexpat-dev \ + libyaml-dev \ + libsqlite3-dev \ + erlang-src erlang-dev \ + ' \ + && requiredAptPackages=' \ + locales \ + ldnsutils \ + python2.7 \ + python-jinja2 \ + ca-certificates \ + libyaml-0-2 \ + erlang-base erlang-snmp erlang-ssl erlang-ssh erlang-webtool \ + erlang-tools erlang-xmerl erlang-corba erlang-diameter erlang-eldap \ + erlang-eunit erlang-ic erlang-odbc erlang-os-mon \ + erlang-parsetools erlang-percept erlang-typer erlang-inets \ + python-mysqldb \ + imagemagick \ + ' \ + && apt-key adv \ + --keyserver keys.gnupg.net \ + --recv-keys 434975BD900CCBE4F7EE1B1ED208507CA14F4FCA \ + && apt-get update \ + && apt-get install -y $buildDeps $requiredAptPackages --no-install-recommends \ + && dpkg-reconfigure locales && \ + locale-gen C.UTF-8 \ + && /usr/sbin/update-locale LANG=C.UTF-8 \ + && echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen \ + && locale-gen \ + && cd /tmp \ + && git clone https://github.com/processone/ejabberd.git \ + --branch $EJABBERD_BRANCH --single-branch --depth=1 \ + && cd ejabberd \ + && chmod +x ./autogen.sh \ + && ./autogen.sh \ + && ./configure --enable-user=$EJABBERD_USER \ + --enable-all \ + --disable-tools \ + --disable-pam \ + && make debug=$EJABBERD_DEBUG_MODE \ + && make install \ + && mkdir $EJABBERD_HOME/ssl \ + && mkdir $EJABBERD_HOME/conf \ + && mkdir $EJABBERD_HOME/backup \ + && mkdir $EJABBERD_HOME/upload \ + && mkdir $EJABBERD_HOME/database \ + && mkdir $EJABBERD_HOME/module_source \ + && cd $EJABBERD_HOME \ + && rm -rf /tmp/ejabberd \ + && rm -rf /etc/ejabberd \ + && ln -sf $EJABBERD_HOME/conf /etc/ejabberd \ + && chown -R $EJABBERD_USER: $EJABBERD_HOME \ + && rm -rf /var/lib/apt/lists/* \ + && apt-get purge -y --auto-remove $buildDeps + +# Wrapper for setting config on disk from environment +# allows setting things like XMPP domain at runtime +ADD ./docker/run.sh /sbin/run + +# Add run scripts +ADD ./docker/scripts $EJABBERD_HOME/scripts +ADD https://raw.githubusercontent.com/rankenstein/ejabberd-auth-mysql/master/auth_mysql.py $EJABBERD_HOME/scripts/lib/auth_mysql.py +RUN chmod a+rx $EJABBERD_HOME/scripts/lib/auth_mysql.py + +# Add config templates +ADD ./docker/conf /opt/ejabberd/conf # Continue as user -USER ejabberd +USER $EJABBERD_USER # Set workdir to ejabberd root -WORKDIR /opt/ejabberd - -VOLUME ["/opt/ejabberd/conf", "/opt/ejabberd/database", "/opt/ejabberd/ssl", "/opt/ejabberd/backup", "/opt/ejabberd/upload", "/opt/ejabberd/modules"] +WORKDIR $EJABBERD_HOME +VOLUME ["$EJABBERD_HOME/database", "$EJABBERD_HOME/ssl", "$EJABBERD_HOME/backup", "$EJABBERD_HOME/upload"] EXPOSE 4560 5222 5269 5280 5443 -ENTRYPOINT ["/opt/ejabberd/docker/start.sh"] +CMD ["start"] +ENTRYPOINT ["run"] diff --git a/docker/bootstrap.sh b/docker/bootstrap.sh deleted file mode 100755 index cedab5f4f..000000000 --- a/docker/bootstrap.sh +++ /dev/null @@ -1,75 +0,0 @@ -#!/bin/sh -set -ex - -export DEBIAN_FRONTEND="noninteractive" - -readonly buildDeps=' - git-core - build-essential - automake - libssl-dev - zlib1g-dev - libexpat-dev - libyaml-dev - libsqlite3-dev - erlang-src erlang-dev' - -readonly requiredAptPackages=' - locales - ldnsutils - python2.7 - python-jinja2 - ca-certificates - libyaml-0-2 - erlang-base erlang-snmp erlang-ssl erlang-ssh erlang-webtool - erlang-tools erlang-xmerl erlang-corba erlang-diameter erlang-eldap - erlang-eunit erlang-ic erlang-odbc erlang-os-mon - erlang-parsetools erlang-percept erlang-typer - python-mysqldb - imagemagick' - -apt-key adv \ - --keyserver keys.gnupg.net \ - --recv-keys 434975BD900CCBE4F7EE1B1ED208507CA14F4FCA - -apt-get update -apt-get install -y $buildDeps $requiredAptPackages --no-install-recommends -dpkg-reconfigure locales && locale-gen C.UTF-8 -/usr/sbin/update-locale LANG=C.UTF-8 -echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen -locale-gen - -# add ejabberd user -useradd --home $EJABBERD_HOME -M --system ejabberd -mkdir $EJABBERD_HOME - -cd /tmp/ejabberd -chmod +x ./autogen.sh -./autogen.sh -./configure --enable-user=ejabberd \ - --enable-all \ - --disable-tools \ - --disable-pam - -make debug=$EJABBERD_DEBUG_MODE -make install - -cd $EJABBERD_HOME -mkdir -p logs ssl backup upload module_source modules/conf -mv /tmp/ejabberd/docker $EJABBERD_HOME - -# Move config to homedir -mv /etc/ejabberd conf -ln -s $EJABBERD_HOME/conf /etc/ejabberd - -# rename original configs -mv conf/ejabberd.yml conf/ejabberd.yml.orig -mv conf/ejabberdctl.cfg conf/ejabberdctl.cfg.orig - -# clean up -rm -rf /tmp/ejabberd -rm -rf /var/lib/apt/lists/* -apt-get purge -y --auto-remove $buildDeps - -# change owner for ejabberd home -chown -R ejabberd $EJABBERD_HOME diff --git a/docker/conf/ejabberd.yml.tpl b/docker/conf/ejabberd.yml.tpl index dd8b58821..ebb722254 100644 --- a/docker/conf/ejabberd.yml.tpl +++ b/docker/conf/ejabberd.yml.tpl @@ -300,7 +300,7 @@ modules: mod_caps: {} mod_carboncopy: {} mod_client_state: - drop_chat_states: true + queue_chat_states: true queue_presence: false mod_configure: {} # requires mod_adhoc mod_disco: {} @@ -311,6 +311,8 @@ modules: ## docroot: "/var/www" ## accesslog: "/var/log/ejabberd/access.log" mod_last: {} + mod_mam: + default: always mod_muc: host: "conference.@HOST@" access: muc @@ -404,12 +406,13 @@ host_config: {%- if env['EJABBERD_CONFIGURE_ODBC'] == "true" %} ### ==================== ### ODBC DATABASE CONFIG -odbc_type: {{ env['EJABBERD_ODBC_TYPE'] }} -odbc_server: {{ env['EJABBERD_ODBC_SERVER'] }} -odbc_database: {{ env['EJABBERD_ODBC_DATABASE'] }} -odbc_username: {{ env['EJABBERD_ODBC_USERNAME'] }} -odbc_password: {{ env['EJABBERD_ODBC_PASSWORD'] }} -odbc_pool_size: {{ env['EJABBERD_ODBC_POOL_SIZE'] }} +sql_type: {{ env['EJABBERD_ODBC_TYPE'] }} +sql_server: "{{ env['EJABBERD_ODBC_SERVER'] }}" +sql_database: "{{ env['EJABBERD_ODBC_DATABASE'] }}" +sql_username: "{{ env['EJABBERD_ODBC_USERNAME'] }}" +sql_password: "{{ env['EJABBERD_ODBC_PASSWORD'] }}" + +default_db: sql {% endif %} {%- if env['EJABBERD_DEFAULT_DB'] is defined %} diff --git a/docker/conf/ejabberdctl.cfg.tpl b/docker/conf/ejabberdctl.cfg.tpl index 98b4608c2..03a45137f 100644 --- a/docker/conf/ejabberdctl.cfg.tpl +++ b/docker/conf/ejabberdctl.cfg.tpl @@ -10,7 +10,7 @@ # # Default: true # -POLL={{ env['POLL'] or 'true' }} +#POLL=true #. #' SMP: SMP support ([enable|auto|disable]) @@ -24,7 +24,7 @@ POLL={{ env['POLL'] or 'true' }} # # Default: auto # -SMP={{ env['SMP'] or 'auto' }} +#SMP=auto #. #' ERL_MAX_PORTS: Maximum number of simultaneously open Erlang ports @@ -36,7 +36,7 @@ SMP={{ env['SMP'] or 'auto' }} # Default: 32000 # Maximum: 268435456 # -ERL_MAX_PORTS={{ env['ERL_MAX_PORTS'] or '32000' }} +#ERL_MAX_PORTS=32000 #. #' FIREWALL_WINDOW: Range of allowed ports to pass through a firewall @@ -48,9 +48,7 @@ ERL_MAX_PORTS={{ env['ERL_MAX_PORTS'] or '32000' }} # Default: not defined # Example: 4200-4210 # -{%- if env['FIREWALL_WINDOW'] %} -FIREWALL_WINDOW={{ env['FIREWALL_WINDOW'] }} -{%- endif %} +#FIREWALL_WINDOW= #. #' INET_DIST_INTERFACE: IP address where this Erlang node listens other nodes @@ -58,11 +56,9 @@ FIREWALL_WINDOW={{ env['FIREWALL_WINDOW'] }} # This communication is used by ejabberdctl command line tool, # and in a cluster of several ejabberd nodes. # -# Default: 0.0.0.0 +# Default: 127.0.0.1 # -{%- if env['INET_DIST_INTERFACE'] %} -INET_DIST_INTERFACE={{ env['INET_DIST_INTERFACE'] }} -{%- endif %} +#INET_DIST_INTERFACE=127.0.0.1 #. #' ERL_EPMD_ADDRESS: IP addresses where epmd listens for connections @@ -78,9 +74,7 @@ INET_DIST_INTERFACE={{ env['INET_DIST_INTERFACE'] }} # # Default: 0.0.0.0 # -{%- if env['ERL_EPMD_ADDRESS'] %} -ERL_EPMD_ADDRESS={{ env['ERL_EPMD_ADDRESS'] }} -{%- endif %} +#ERL_EPMD_ADDRESS=127.0.0.1 #. #' ERL_PROCESSES: Maximum number of Erlang processes @@ -94,7 +88,7 @@ ERL_EPMD_ADDRESS={{ env['ERL_EPMD_ADDRESS'] }} # Default: 250000 # Maximum: 268435456 # -ERL_PROCESSES={{ env['ERL_PROCESSES'] or '250000' }} +#ERL_PROCESSES=250000 #. #' ERL_MAX_ETS_TABLES: Maximum number of ETS and Mnesia tables @@ -107,7 +101,7 @@ ERL_PROCESSES={{ env['ERL_PROCESSES'] or '250000' }} # # Default: 1400 # -ERL_MAX_ETS_TABLES={{ env['ERL_MAX_ETS_TABLES'] or '1400' }} +#ERL_MAX_ETS_TABLES=1400 #. #' ERL_OPTIONS: Additional Erlang options @@ -122,7 +116,7 @@ ERL_MAX_ETS_TABLES={{ env['ERL_MAX_ETS_TABLES'] or '1400' }} # # Default: "" # -ERL_OPTIONS="{{ env['ERL_OPTIONS'] or '-noshell' }}" +ERL_OPTIONS="{{ env['ERL_OPTIONS'] or "-noshell" }}" #. #' ERLANG_NODE: Erlang node name @@ -140,7 +134,7 @@ ERL_OPTIONS="{{ env['ERL_OPTIONS'] or '-noshell' }}" # # Default: ejabberd@localhost # -ERLANG_NODE={{ env['ERLANG_NODE'] or 'ejabberd@localhost' }} +ERLANG_NODE={{ env['ERLANG_NODE'] or "ejabberd@localhost" }} #. #' EJABBERD_PID_PATH: ejabberd PID file @@ -163,7 +157,7 @@ ERLANG_NODE={{ env['ERLANG_NODE'] or 'ejabberd@localhost' }} # # Default: $ETC_DIR/ejabberd.yml # -EJABBERD_CONFIG_PATH={{ env['EJABBERD_CONFIG_PATH'] or '/opt/ejabberd/conf/ejabberd.yml' }} +#EJABBERD_CONFIG_PATH=/etc/ejabberd/ejabberd.yml #. #' CONTRIB_MODULES_PATH: contributed ejabberd modules path @@ -173,19 +167,7 @@ EJABBERD_CONFIG_PATH={{ env['EJABBERD_CONFIG_PATH'] or '/opt/ejabberd/conf/ejabb # # Default: $HOME/.ejabberd-modules # -CONTRIB_MODULES_PATH={{ env['CONTRIB_MODULES_PATH'] or '/opt/ejabberd/modules' }} - -#. -#' CONTRIB_MODULES_CONF_DIR: configuration directory for contributed modules -# -# Specify the full path to the configuration directory for contributed ejabberd -# modules. In order to configure a module named mod_foo, a mod_foo.yml file can -# be created in this directory. This file will then be used instead of the -# default configuration file provided with the module. -# -# Default: $CONTRIB_MODULES_PATH/conf -# -CONTRIB_MODULES_CONF_DIR={{ env['CONTRIB_MODULES_CONF_DIR'] or '/opt/ejabberd/modules/conf' }} +#CONTRIB_MODULES_PATH=/opt/ejabberd-modules #. #' EJABBERD_BYPASS_WARNINGS: Bypass LIVE warning @@ -195,5 +177,11 @@ CONTRIB_MODULES_CONF_DIR={{ env['CONTRIB_MODULES_CONF_DIR'] or '/opt/ejabberd/mo EJABBERD_BYPASS_WARNINGS=true #. -#' -# vim: foldmarker=#',#. foldmethod=marker: +#' SPOOL_DIR: Database spool dir +# +# Specify the full path to the database spool dir used in binary installer for +# backwards compatibility. +# +# Docker: rroemhild/ejabberd +# +SPOOL_DIR=$EJABBERD_HOME/database/$ERLANG_NODE diff --git a/docker/conf/inetrc b/docker/conf/inetrc new file mode 100644 index 000000000..73fc40a01 --- /dev/null +++ b/docker/conf/inetrc @@ -0,0 +1,3 @@ +{lookup,["file","native"]}. +{host,{127,0,0,1}, ["localhost","hostalias"]}. +{file, resolv, "/etc/resolv.conf"}. diff --git a/docker/lib/base_config.sh b/docker/lib/base_config.sh deleted file mode 100644 index 803c1db47..000000000 --- a/docker/lib/base_config.sh +++ /dev/null @@ -1,22 +0,0 @@ -readonly HOSTIP=$(hostname -i) -readonly HOSTNAME=$(hostname -f) -readonly DOMAINNAME=$(hostname -d) - -readonly DOCKER_LIB="${EJABBERD_HOME}/docker/lib" -readonly ERLANGCOOKIEFILE="${EJABBERD_HOME}/.erlang.cookie" -readonly EJABBERDCTL="/sbin/ejabberdctl" -readonly CONFIGDIR="${EJABBERD_HOME}/conf" -readonly CONFIGTMPDIR="${EJABBERD_HOME}/docker/conf" -readonly SSLCERTDIR="${EJABBERD_HOME}/ssl" -readonly SSLCERTHOST="${SSLCERTDIR}/host.pem" -readonly LOGDIR="/var/log/ejabberd" -readonly FIRST_START_DONE_FILE="${EJABBERD_HOME}/first-start-done" -readonly CLUSTER_NODE_FILE="${EJABBERD_HOME}/cluster-done" - -readonly PYTHON_JINJA2="import os; -import sys; -import jinja2; -sys.stdout.write( - jinja2.Template - (sys.stdin.read() - ).render(env=os.environ))" diff --git a/docker/post/20_ejabberd_register_users.sh b/docker/post/20_ejabberd_register_users.sh deleted file mode 100755 index 9dc910eeb..000000000 --- a/docker/post/20_ejabberd_register_users.sh +++ /dev/null @@ -1,72 +0,0 @@ -#!/bin/bash -set -e - -source "${EJABBERD_HOME}/docker/lib/base_config.sh" -source "${EJABBERD_HOME}/docker/lib/config.sh" -source "${EJABBERD_HOME}/docker/lib/base_functions.sh" -source "${EJABBERD_HOME}/docker/lib/functions.sh" - -# Do not exit if users already registered -set +e - -randpw() { - < /dev/urandom tr -dc A-Z-a-z-0-9 | head -c ${1:-16}; - echo; -} - - -register_user() { - local user=$1 - local domain=$2 - local password=$3 - - ${EJABBERDCTL} register ${user} ${domain} ${password} - return $? -} - - -register_all_users() { - # register users from environment $EJABBERD_USERS with given - # password or random password written to stout. Use whitespace - # to seperate users. - # - # sample: - # - add a user with an given password: - # -e "EJABBERD_USERS=admin@example.com:adminSecret" - # - add a user with a random password: - # -e "EJABBERD_USERS=user@example.com" - # - set password for admin and use random for user1: - # -e "EJABBERD_USERS=admin@example.com:adminSecret user@example.com" - - for user in ${EJABBERD_USERS} ; do - local jid=${user%%:*} - local password=${user#*:} - - local username=${jid%%@*} - local domain=${jid#*@} - - [[ "${password}" == "${jid}" ]] \ - && password=$(randpw) - - register_user ${username} ${domain} ${password} - local retval=$? - - [[ ${retval} -eq 0 ]] \ - && log "Password for user ${username}@${domain} is ${password}" - done -} - - -file_exist ${FIRST_START_DONE_FILE} \ - && exit 0 - - -file_exist ${CLUSTER_NODE_FILE} \ - && exit 0 - - -is_set ${EJABBERD_USERS} \ - && register_all_users - - -exit 0 diff --git a/docker/post/99_first_start_done.sh b/docker/post/99_first_start_done.sh deleted file mode 100755 index 394531cf6..000000000 --- a/docker/post/99_first_start_done.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash -set -e - -# Write a first-start-done file - -source "${EJABBERD_HOME}/docker/lib/base_config.sh" -source "${EJABBERD_HOME}/docker/lib/config.sh" -source "${EJABBERD_HOME}/docker/lib/base_functions.sh" -source "${EJABBERD_HOME}/docker/lib/functions.sh" - - -if [ ! -e "${FIRST_START_DONE_FILE}" ]; then - touch ${FIRST_START_DONE_FILE} -fi - - -exit 0 diff --git a/docker/pre/03_make_dhparam.sh b/docker/pre/03_make_dhparam.sh deleted file mode 100755 index d897b2789..000000000 --- a/docker/pre/03_make_dhparam.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash -set -e - -source "${EJABBERD_HOME}/docker/lib/base_config.sh" -source "${EJABBERD_HOME}/docker/lib/config.sh" -source "${EJABBERD_HOME}/docker/lib/base_functions.sh" -source "${EJABBERD_HOME}/docker/lib/functions.sh" - -make_dhparam() { - local dhfile=$1 - local bits=$2 - - log "Writing dh file to '${dhfile}'..." - openssl dhparam -out ${dhfile} ${bits} -} - -if is_true ${EJABBERD_DHPARAM} ; then - file_exist ${SSLDHPARAM} \ - || make_dhparam ${SSLDHPARAM} 4096 -fi - -exit 0 diff --git a/docker/pre/20_ejabberd_config.sh b/docker/pre/20_ejabberd_config.sh deleted file mode 100755 index 230a1981b..000000000 --- a/docker/pre/20_ejabberd_config.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/bash -set -e - -source "${EJABBERD_HOME}/docker/lib/base_config.sh" -source "${EJABBERD_HOME}/docker/lib/config.sh" -source "${EJABBERD_HOME}/docker/lib/base_functions.sh" -source "${EJABBERD_HOME}/docker/lib/functions.sh" - - -make_config() { - local filename=$1 - local template="${CONFIGTMPDIR}/${filename}.tpl" - local configfile="${CONFIGDIR}/${filename}" - - file_exist $configfile \ - && return 1 - - if [ ! -e ${configfile} ]; then - log "Generating ${configfile} config file..." - cat $template \ - | python -c "${PYTHON_JINJA2}" \ - > $configfile - else - echo "File ${configfile} exists." - fi -} - - -# /opt/ejabberd/conf/ejabberd.yml -make_config "ejabberd.yml" - -# /opt/ejabberd/conf/ejabberdctl.cfg -make_config "ejabberdctl.cfg" - - -exit 0 diff --git a/docker/run.sh b/docker/run.sh new file mode 100755 index 000000000..1162f17ad --- /dev/null +++ b/docker/run.sh @@ -0,0 +1,99 @@ +#!/bin/bash +set -e + +source "${EJABBERD_HOME}/scripts/lib/base_config.sh" +source "${EJABBERD_HOME}/scripts/lib/config.sh" +source "${EJABBERD_HOME}/scripts/lib/base_functions.sh" +source "${EJABBERD_HOME}/scripts/lib/functions.sh" + +# discover hostname +readonly nodename=$(get_nodename) + +is_zero ${ERLANG_NODE} \ + && export ERLANG_NODE="ejabberd@localhost" + +## backward compatibility +# if ERLANG_NODE is true reset it to "ejabberd" and add +# hostname to the nodename. +# else: export ${ERLANG_NODE} with nodename +if (is_true ${ERLANG_NODE}); then + export ERLANG_NODE="ejabberd@${nodename}" +fi + + +run_scripts() { + local run_script_dir="${EJABBERD_HOME}/scripts/${1}" + for script in ${run_script_dir}/*.sh ; do + if [ -f ${script} -a -x ${script} ] ; then + ${script} + fi + done +} + + +pre_scripts() { + run_scripts "pre" +} + + +post_scripts() { + run_scripts "post" +} + +stop_scripts() { + run_scripts "stop" +} + + +ctl() { + local action="$1" + ${EJABBERDCTL} ${action} >/dev/null +} + + +_trap() { + echo "Stopping ejabberd..." + stop_scripts + if ctl stop ; then + local cnt=0 + sleep 1 + while ctl status || test $? = 1 ; do + cnt=`expr $cnt + 1` + if [ $cnt -ge 60 ] ; then + break + fi + sleep 1 + done + fi +} + + +# Catch signals and shutdown ejabberd +trap _trap SIGTERM SIGINT + +## run ejabberd +case "$@" in + start) + pre_scripts + tail -n 0 -F ${LOGDIR}/crash.log \ + ${LOGDIR}/error.log \ + ${LOGDIR}/erlang.log & + echo "Starting ejabberd..." + exec ${EJABBERDCTL} "foreground" & + child=$! + ${EJABBERDCTL} "started" + post_scripts + wait $child + ;; + live) + pre_scripts + echo "Starting ejabberd in 'live' mode..." + exec ${EJABBERDCTL} "live" + ;; + shell) + exec "/bin/bash" + ;; + *) + exec $@ + ;; +esac diff --git a/docker/scripts/lib/base_config.sh b/docker/scripts/lib/base_config.sh new file mode 100644 index 000000000..a856fe785 --- /dev/null +++ b/docker/scripts/lib/base_config.sh @@ -0,0 +1,53 @@ +readonly HOSTIP=$(hostname -i) +readonly HOSTNAME=$(hostname -f) +readonly DOMAINNAME=$(hostname -d) + +readonly ERLANGCOOKIEFILE="${EJABBERD_HOME}/.erlang.cookie" +readonly EJABBERDCTL="/sbin/ejabberdctl" +readonly CONFIGFILE="${EJABBERD_HOME}/conf/ejabberd.yml" +readonly CONFIGTEMPLATE="${EJABBERD_HOME}/conf/ejabberd.yml.tpl" +readonly CTLCONFIGFILE="${EJABBERD_HOME}/conf/ejabberdctl.cfg" +readonly CTLCONFIGTEMPLATE="${EJABBERD_HOME}/conf/ejabberdctl.cfg.tpl" +readonly SSLCERTDIR="${EJABBERD_HOME}/ssl" +readonly SSLCERTHOST="${SSLCERTDIR}/host.pem" +readonly SSLDHPARAM="${SSLCERTDIR}/dh.pem" +readonly LOGDIR="/var/log/ejabberd" +readonly FIRST_START_DONE_FILE="/${EJABBERD_HOME}/first-start-done" +readonly CLUSTER_NODE_FILE="/${EJABBERD_HOME}/cluster-done" + +readonly PYTHON_JINJA2="import os; +import sys; +import jinja2; +sys.stdout.write( + jinja2.Template + (sys.stdin.read() + ).render(env=os.environ))" + +# backward compatibility environment variables +set +e + +[[ -n $EJABBERD_ADMIN ]] \ + && export EJABBERD_ADMINS=${EJABBERD_ADMIN} + +[[ -n $AUTH_METHOD ]] \ + && export EJABBERD_AUTH_METHOD=${AUTH_METHOD} + +[[ -n $SKIP_MODULES_UPDATE ]] \ + && export EJABBERD_SKIP_MODULES_UPDATE=${SKIP_MODULES_UPDATE} + +[[ -n $ERL_OPTIONS ]] \ + && export ERLANG_OPTIONS=${ERL_OPTIONS} + +[[ -n $SSLCERT_HOST ]] \ + && export EJABBERD_SSLCERT_HOST=${SSLCERT_HOST} + +[[ -n $SSLCERT_EXAMPLE_COM ]] \ + && export EJABBERD_SSLCERT_EXAMPLE_COM=${SSLCERT_EXAMPLE_COM} + +[[ -n $LOGLEVEL ]] \ + && export EJABBERD_LOGLEVEL=${LOGLEVEL} + +[[ -n $EJABBERD_WEB_ADMIN_SSL ]] \ + && export EJABBERD_HTTPS=${EJABBERD_WEB_ADMIN_SSL} + +set -e diff --git a/docker/lib/base_functions.sh b/docker/scripts/lib/base_functions.sh similarity index 80% rename from docker/lib/base_functions.sh rename to docker/scripts/lib/base_functions.sh index d7bf97266..daadd1f68 100644 --- a/docker/lib/base_functions.sh +++ b/docker/scripts/lib/base_functions.sh @@ -29,16 +29,10 @@ is_true() { } -log() { - local message=$1 - echo $message -} - - # overwrite this function to get hostname from other sources # like dns or etcd get_nodename() { - log ${HOSTNAME} + echo ${HOSTNAME} } @@ -48,25 +42,25 @@ join_cluster() { is_zero ${cluster_node} \ && exit 0 - log "Join cluster..." + echo "Join cluster..." local erlang_node_name=${ERLANG_NODE%@*} local erlang_cluster_node="${erlang_node_name}@${cluster_node}" response=$(${EJABBERDCTL} ping ${erlang_cluster_node}) while [ "$response" != "pong" ]; do - log "Waiting for ${erlang_cluster_node}..." + echo "Waiting for ${erlang_cluster_node}..." sleep 2 response=$(${EJABBERDCTL} ping ${erlang_cluster_node}) done - log "Join cluster at ${erlang_cluster_node}... " + echo "Join cluster at ${erlang_cluster_node}... " NO_WARNINGS=true ${EJABBERDCTL} join_cluster $erlang_cluster_node if [ $? -eq 0 ]; then touch ${CLUSTER_NODE_FILE} else - log "cloud not join cluster" + echo "cloud not join cluster" exit 1 fi } diff --git a/docker/lib/config.sh b/docker/scripts/lib/config.sh similarity index 100% rename from docker/lib/config.sh rename to docker/scripts/lib/config.sh diff --git a/docker/lib/functions.sh b/docker/scripts/lib/functions.sh similarity index 100% rename from docker/lib/functions.sh rename to docker/scripts/lib/functions.sh diff --git a/docker/post/10_ejabberd_modules_update_specs.sh b/docker/scripts/post/10_ejabberd_modules_update_specs.sh similarity index 53% rename from docker/post/10_ejabberd_modules_update_specs.sh rename to docker/scripts/post/10_ejabberd_modules_update_specs.sh index 9e916016a..01f20001e 100755 --- a/docker/post/10_ejabberd_modules_update_specs.sh +++ b/docker/scripts/post/10_ejabberd_modules_update_specs.sh @@ -3,14 +3,14 @@ set -e # Updates the known modules as to be found in https://github.com/processone/ejabberd-contrib -source "${EJABBERD_HOME}/docker/lib/base_config.sh" -source "${EJABBERD_HOME}/docker/lib/config.sh" -source "${EJABBERD_HOME}/docker/lib/base_functions.sh" -source "${EJABBERD_HOME}/docker/lib/functions.sh" +source "${EJABBERD_HOME}/scripts/lib/base_config.sh" +source "${EJABBERD_HOME}/scripts/lib/config.sh" +source "${EJABBERD_HOME}/scripts/lib/base_functions.sh" +source "${EJABBERD_HOME}/scripts/lib/functions.sh" run_modules_update_specs() { - log "Updating module specs... " + echo -n 'Updating module specs... ' ${EJABBERDCTL} modules_update_specs } diff --git a/docker/post/11_ejabberd_install_modules.sh b/docker/scripts/post/11_ejabberd_install_modules.sh similarity index 68% rename from docker/post/11_ejabberd_install_modules.sh rename to docker/scripts/post/11_ejabberd_install_modules.sh index 2dd4f3922..8089fe9f2 100755 --- a/docker/post/11_ejabberd_install_modules.sh +++ b/docker/scripts/post/11_ejabberd_install_modules.sh @@ -3,55 +3,54 @@ set -e # Installs modules as defined in environment variables -source "${EJABBERD_HOME}/docker/lib/base_config.sh" -source "${EJABBERD_HOME}/docker/lib/config.sh" -source "${EJABBERD_HOME}/docker/lib/base_functions.sh" -source "${EJABBERD_HOME}/docker/lib/functions.sh" - +source "${EJABBERD_HOME}/scripts/lib/base_config.sh" +source "${EJABBERD_HOME}/scripts/lib/config.sh" +source "${EJABBERD_HOME}/scripts/lib/base_functions.sh" +source "${EJABBERD_HOME}/scripts/lib/functions.sh" install_module_from_source() { local module_name=$1 local module_source_path=${EJABBERD_HOME}/module_source/${module_name} - local module_install_folder=${EJABBERD_HOME}/.ejabberd-modules/sources/${module_name} - - log "Analyzing module ${module_name} for installation" + local module_install_folder=${EJABBERD_HOME}/.ejabberd-modules/sources + + echo "Analyzing module ${module_name} for installation" # Make sure that the module exists in the source folder before attempting a copy if [ ! -d ${module_source_path} ]; then - log "Error: Module ${module_name} not found in ${EJABBERD_HOME}/module_source" - log "Please use a shared volume to populate your module in ${EJABBERD_HOME}/module_source" + echo "Error: Module ${module_name} not found in ${EJABBERD_HOME}/module_source" + echo "Please use a shared volume to populate your module in ${EJABBERD_HOME}/module_source" return 1; fi # Check to see if the module is already installed local install_count=$(${EJABBERDCTL} modules_installed | grep -ce "^${module_name}[[:space:]]") if [ $install_count -gt 0 ]; then - log "Error: Module already installed: ${module_name}" + echo "Error: Module already installed: ${module_name}" return 1; fi # Copy the module into the shared folder - log "Copying module to ejabberd folder ${module_install_folder}" + echo "Copying module to ejabberd folder ${module_install_folder}" mkdir -p ${module_install_folder} cp -R ${module_source_path} ${module_install_folder} # Run the ejabberdctl module_check on the module - log "Running module_check on ${module_name}" + echo "Running module_check on ${module_name}" ${EJABBERDCTL} module_check ${module_name} if [ $? -ne 0 ]; then - log "Module check failed for ${module_name}" + echo "Module check failed for ${module_name}" return 1; fi - log "Module check succeeded for ${module_name}" + echo "Module check succeeded for ${module_name}" # Install the module - log "Running module_install on ${module_name}" + echo "Running module_install on ${module_name}" ${EJABBERDCTL} module_install ${module_name} if [ $? -ne 0 ]; then - log "Module installation failed for ${module_name}" + echo "Module installation failed for ${module_name}" return 1; fi - log "Module installation succeeded for ${module_name}" + echo "Module installation succeeded for ${module_name}" return 0; } @@ -62,18 +61,18 @@ install_module_from_ejabberd_contrib() { # Check to see if the module is already installed local install_count=$(${EJABBERDCTL} modules_installed | grep -ce "^${module_name}[[:space:]]") if [ $install_count -gt 0 ]; then - log "Error: Module already installed: ejabberd_contrib ${module_name}" + echo "Error: Module already installed: ejabberd_contrib ${module_name}" return 1; fi # Install the module - log "Running module_install on ejabberd_contrib ${module_name}" + echo "Running module_install on ejabberd_contrib ${module_name}" ${EJABBERDCTL} module_install ${module_name} if [ $? -ne 0 ]; then - log "Module installation failed for ejabberd_contrib ${module_name}" + echo "Module installation failed for ejabberd_contrib ${module_name}" return 1; fi - log "Module installation succeeded for ejabberd_contrib ${module_name}" + echo "Module installation succeeded for ejabberd_contrib ${module_name}" return 0; } @@ -86,21 +85,21 @@ enable_custom_auth_module_override() { required_prefix="ejabberd_auth_" if [[ "${module_name}" != "${required_prefix}"* ]]; then - log "Error: module_name must begin with ${required_prefix}" + echo "Error: module_name must begin with ${required_prefix}" exit 1; fi - log "Checking custom auth module: ${module_name}" + echo "Checking custom auth module: ${module_name}" # Make sure the auth module is installed local install_count=$(${EJABBERDCTL} modules_installed | grep -ce "^${module_name}[[:space:]]") if [ $install_count -eq 0 ]; then - log "Error: custom auth_module not installed: ${module_name}" + echo "Error: custom auth_module not installed: ${module_name}" return 1; fi custom_auth_method=${module_name#$required_prefix} echo -e "\nauth_method: [${custom_auth_method}]" >> ${CONFIGFILE} - log "Custom auth module ${module_name} configuration complete." + echo "Custom auth module ${module_name} configuration complete." } file_exist ${FIRST_START_DONE_FILE} \ @@ -133,7 +132,7 @@ fi # If any modules were installed, restart the server, if the option is enabled if [ ${is_restart_needed} -eq 1 ]; then if is_true ${EJABBERD_RESTART_AFTER_MODULE_INSTALL} ; then - log "Restarting ejabberd after successful module installation(s)" + echo "Restarting ejabberd after successful module installation(s)" ${EJABBERDCTL} restart child=$! ${EJABBERDCTL} "started" diff --git a/docker/scripts/post/20_ejabberd_register_users.sh b/docker/scripts/post/20_ejabberd_register_users.sh new file mode 100755 index 000000000..0a9569559 --- /dev/null +++ b/docker/scripts/post/20_ejabberd_register_users.sh @@ -0,0 +1,118 @@ +#!/bin/bash + +source "${EJABBERD_HOME}/scripts/lib/base_config.sh" +source "${EJABBERD_HOME}/scripts/lib/config.sh" +source "${EJABBERD_HOME}/scripts/lib/base_functions.sh" +source "${EJABBERD_HOME}/scripts/lib/functions.sh" + +# Do not exit if users already registered +set +e + +randpw() { + < /dev/urandom tr -dc A-Z-a-z-0-9 | head -c ${1:-16}; + echo; +} + + +register_user() { + local user=$1 + local domain=$2 + local password=$3 + + ${EJABBERDCTL} register ${user} ${domain} ${password} + return $? +} + + +register_all_users() { + # register users from environment $EJABBERD_USERS with given + # password or random password written to stout. Use whitespace + # to seperate users. + # + # sample: + # - add a user with an given password: + # -e "EJABBERD_USERS=admin@example.com:adminSecret" + # - add a user with a random password: + # -e "EJABBERD_USERS=user@example.com" + # - set password for admin and use random for user1: + # -e "EJABBERD_USERS=admin@example.com:adminSecret user@example.com" + + for user in ${EJABBERD_USERS} ; do + local jid=${user%%:*} + local password=${user#*:} + + local username=${jid%%@*} + local domain=${jid#*@} + + [[ "${password}" == "${jid}" ]] \ + && password=$(randpw) + + register_user ${username} ${domain} ${password} + local retval=$? + + [[ ${retval} -eq 0 ]] \ + && echo "Password for user ${username}@${domain} is ${password}" + done +} + + +file_exist ${FIRST_START_DONE_FILE} \ + && exit 0 + + +file_exist ${CLUSTER_NODE_FILE} \ + && exit 0 + + +is_set ${EJABBERD_USERS} \ + && register_all_users + + +################################## +## Keep for backward compatibility + +register_all_ejabberd_admins() { + # add all admins from environment $EJABBERD_ADMINS with the passwords from + # environment $EJABBERD_ADMIN_PASS. + + local passwords + local IFS=' ' + read -a passwords <<< "${EJABBERD_ADMIN_PWD}" + + for admin in ${EJABBERD_ADMINS} ; do + local user=${admin%%@*} + local domain=${admin#*@} + local password=${passwords[0]} + passwords=("${passwords[@]:1}") + register_user ${user} ${domain} ${password} + done +} + + +register_all_ejabberd_admins_randpw() { + # add all admins from environment $EJABBERD_ADMINS with a random + # password and write the password to stdout. + + for admin in ${EJABBERD_ADMINS} ; do + local user=${admin%%@*} + local domain=${admin#*@} + local password=$(randpw) + + register_user ${user} ${domain} ${password} + local retval=$? + + [[ ${retval} -eq 0 ]] \ + && echo "Password for user ${user}@${domain} is ${password}" + done +} + + +is_set ${EJABBERD_ADMIN_PWD} \ + && register_all_ejabberd_admins + + +is_true ${EJABBERD_ADMIN_RANDPWD} \ + && register_all_ejabberd_admins_randpw + + +exit 0 diff --git a/docker/scripts/post/99_first_start_done.sh b/docker/scripts/post/99_first_start_done.sh new file mode 100755 index 000000000..b64d94b07 --- /dev/null +++ b/docker/scripts/post/99_first_start_done.sh @@ -0,0 +1,14 @@ +#!/bin/bash +set -e + +# Write a first-start-done file + +source "${EJABBERD_HOME}/scripts/lib/base_config.sh" +source "${EJABBERD_HOME}/scripts/lib/config.sh" +source "${EJABBERD_HOME}/scripts/lib/base_functions.sh" +source "${EJABBERD_HOME}/scripts/lib/functions.sh" + + +if [ ! -e "${FIRST_START_DONE_FILE}" ]; then + touch ${FIRST_START_DONE_FILE} +fi diff --git a/docker/scripts/pre/00_change_user.sh b/docker/scripts/pre/00_change_user.sh new file mode 100755 index 000000000..3edeafb34 --- /dev/null +++ b/docker/scripts/pre/00_change_user.sh @@ -0,0 +1,23 @@ +#!/bin/bash +set -e + +source "${EJABBERD_HOME}/scripts/lib/base_config.sh" +source "${EJABBERD_HOME}/scripts/lib/config.sh" +source "${EJABBERD_HOME}/scripts/lib/base_functions.sh" +source "${EJABBERD_HOME}/scripts/lib/functions.sh" + + +readonly whoami=$(whoami) + + +change_ejabberd_run_user() { + echo "Change ejabberd install user to root..." + sed -i "s/INSTALLUSER=${EJABBERD_USER}/INSTALLUSER=${whoami}/" ${EJABBERDCTL} +} + + +[[ "${whoami}" == "root" ]] \ + && change_ejabberd_run_user + + +exit 0 diff --git a/docker/pre/01_write_certifiates_from_env.sh b/docker/scripts/pre/01_write_certifiates_from_env.sh similarity index 75% rename from docker/pre/01_write_certifiates_from_env.sh rename to docker/scripts/pre/01_write_certifiates_from_env.sh index a42c2e306..509b27e20 100755 --- a/docker/pre/01_write_certifiates_from_env.sh +++ b/docker/scripts/pre/01_write_certifiates_from_env.sh @@ -1,10 +1,10 @@ #!/bin/bash set -e -source "${EJABBERD_HOME}/docker/lib/base_config.sh" -source "${EJABBERD_HOME}/docker/lib/config.sh" -source "${EJABBERD_HOME}/docker/lib/base_functions.sh" -source "${EJABBERD_HOME}/docker/lib/functions.sh" +source "${EJABBERD_HOME}/scripts/lib/base_config.sh" +source "${EJABBERD_HOME}/scripts/lib/config.sh" +source "${EJABBERD_HOME}/scripts/lib/base_functions.sh" +source "${EJABBERD_HOME}/scripts/lib/functions.sh" # Instead of having to mount a direction, specify the ssl certs # via environment variables: @@ -12,9 +12,9 @@ source "${EJABBERD_HOME}/docker/lib/functions.sh" # For example: `EJABBERD_SSLCERT_EXAMPLE_COM`. write_file_from_env() { - log "Writing $1 to $2" + echo "Writing $1 to $2" mkdir -p "$(dirname $2)" - log "${!1}" > $2 + echo "${!1}" > $2 } # Write the host certificate @@ -30,5 +30,4 @@ for xmpp_domain in ${XMPP_DOMAIN} ; do fi done - exit 0 diff --git a/docker/pre/02_make_snakeoil_certificates.sh b/docker/scripts/pre/02_make_snakeoil_certificates.sh similarity index 59% rename from docker/pre/02_make_snakeoil_certificates.sh rename to docker/scripts/pre/02_make_snakeoil_certificates.sh index d8eeec937..0e7f21822 100755 --- a/docker/pre/02_make_snakeoil_certificates.sh +++ b/docker/scripts/pre/02_make_snakeoil_certificates.sh @@ -1,10 +1,10 @@ #!/bin/bash set -e -source "${EJABBERD_HOME}/docker/lib/base_config.sh" -source "${EJABBERD_HOME}/docker/lib/config.sh" -source "${EJABBERD_HOME}/docker/lib/base_functions.sh" -source "${EJABBERD_HOME}/docker/lib/functions.sh" +source "${EJABBERD_HOME}/scripts/lib/base_config.sh" +source "${EJABBERD_HOME}/scripts/lib/config.sh" +source "${EJABBERD_HOME}/scripts/lib/base_functions.sh" +source "${EJABBERD_HOME}/scripts/lib/functions.sh" make_snakeoil_certificate() { @@ -20,7 +20,7 @@ make_snakeoil_certificate() { -keyout /tmp/selfsigned.key \ -out /tmp/selfsigned.crt - log "Writing ssl cert and private key to '${certfile}'..." + echo "Writing ssl cert and private key to '${certfile}'..." cat /tmp/selfsigned.crt /tmp/selfsigned.key > ${certfile} rm /tmp/selfsigned.crt /tmp/selfsigned.key } @@ -43,7 +43,8 @@ make_host_snakeoil_certificate() { fi fi - log "Generating snakeoil ssl cert for ${domain}..." + echo -n "Missing ssl cert for your host. " + echo "Generating snakeoil ssl cert for ${domain}..." make_snakeoil_certificate ${domain} ${SSLCERTHOST} } @@ -53,17 +54,33 @@ make_domain_snakeoil_certificate() { local domain=$1 local certfile=$2 - log "Generating snakeoil ssl cert for ${domain}..." + echo -n "Missing ssl cert for your xmpp domain. " + echo "Generating snakeoil ssl cert for ${domain}..." make_snakeoil_certificate ${domain} ${certfile} } +## backward compatibility +# link old xmpp_domain.pem file to the first .pem in XMPP_DOMAIN +readonly SSLCERTDOMAIN="${SSLCERTDIR}/xmpp_domain.pem" +if file_exist ${SSLCERTDOMAIN} ; then + for xmpp_domain in ${XMPP_DOMAIN} ; do + file_exist "${SSLCERTDIR}/${xmpp_domain}.pem" \ + || ln -s ${SSLCERTDOMAIN} "${SSLCERTDIR}/${xmpp_domain}.pem" + break + done +fi + + +is_true ${EJABBERD_SKIP_MAKE_SSLCERT} \ + && echo "Skip certificate generation" \ + && exit 0 + # generate host ssl cert if missing file_exist ${SSLCERTHOST} \ || make_host_snakeoil_certificate - # generate xmmp domain ssl certificates if missing for xmpp_domain in ${XMPP_DOMAIN} ; do domain_certfile="${SSLCERTDIR}/${xmpp_domain}.pem" @@ -71,5 +88,4 @@ for xmpp_domain in ${XMPP_DOMAIN} ; do || make_domain_snakeoil_certificate ${xmpp_domain} ${domain_certfile} done - exit 0 diff --git a/docker/scripts/pre/03_make_dhparam.sh b/docker/scripts/pre/03_make_dhparam.sh new file mode 100755 index 000000000..e240210fc --- /dev/null +++ b/docker/scripts/pre/03_make_dhparam.sh @@ -0,0 +1,28 @@ +#!/bin/bash +set -e + +source "${EJABBERD_HOME}/scripts/lib/base_config.sh" +source "${EJABBERD_HOME}/scripts/lib/config.sh" +source "${EJABBERD_HOME}/scripts/lib/base_functions.sh" +source "${EJABBERD_HOME}/scripts/lib/functions.sh" + + +make_dhparam() { + local dhfile=$1 + local bits=$2 + + echo "Writing dh file to '${dhfile}'..." + openssl dhparam -out ${dhfile} ${bits} +} + + +is_true ${EJABBERD_SKIP_MAKE_DHPARAM} \ + && echo "Skip DH param generation" \ + && exit 0 + +if is_true ${EJABBERD_DHPARAM} ; then + file_exist ${SSLDHPARAM} \ + || make_dhparam ${SSLDHPARAM} 4096 +fi + +exit 0 diff --git a/docker/pre/10_erlang_cookie.sh b/docker/scripts/pre/10_erlang_cookie.sh similarity index 50% rename from docker/pre/10_erlang_cookie.sh rename to docker/scripts/pre/10_erlang_cookie.sh index 2c08a64fb..bf276fc12 100755 --- a/docker/pre/10_erlang_cookie.sh +++ b/docker/scripts/pre/10_erlang_cookie.sh @@ -1,14 +1,14 @@ #!/bin/bash +set -e -source "${EJABBERD_HOME}/docker/lib/base_config.sh" -source "${EJABBERD_HOME}/docker/lib/config.sh" -source "${EJABBERD_HOME}/docker/lib/base_functions.sh" -source "${EJABBERD_HOME}/docker/lib/functions.sh" +source "${EJABBERD_HOME}/scripts/lib/base_config.sh" +source "${EJABBERD_HOME}/scripts/lib/config.sh" +source "${EJABBERD_HOME}/scripts/lib/base_functions.sh" +source "${EJABBERD_HOME}/scripts/lib/functions.sh" set_erlang_cookie() { - chmod 600 ${ERLANGCOOKIEFILE} - log "Set erlang cookie to ${ERLANG_COOKIE}..." + echo "Set erlang cookie to ${ERLANG_COOKIE}..." echo ${ERLANG_COOKIE} > ${ERLANGCOOKIEFILE} chmod 400 ${ERLANGCOOKIEFILE} } @@ -22,5 +22,4 @@ file_exist ${FIRST_START_DONE_FILE} \ is_set ${ERLANG_COOKIE} \ && set_erlang_cookie - exit 0 diff --git a/docker/scripts/pre/20_ejabberd_config.sh b/docker/scripts/pre/20_ejabberd_config.sh new file mode 100755 index 000000000..498648c5a --- /dev/null +++ b/docker/scripts/pre/20_ejabberd_config.sh @@ -0,0 +1,38 @@ +#!/bin/bash +set -e + +source "${EJABBERD_HOME}/scripts/lib/base_config.sh" +source "${EJABBERD_HOME}/scripts/lib/config.sh" +source "${EJABBERD_HOME}/scripts/lib/base_functions.sh" +source "${EJABBERD_HOME}/scripts/lib/functions.sh" + + +make_config() { + if [ ! -e ${CONFIGFILE} ]; then + echo "Generating ejabberd config file..." + cat ${CONFIGTEMPLATE} \ + | python -c "${PYTHON_JINJA2}" \ + > ${CONFIGFILE} + else + echo "ejabberd config file exists." + fi + + if [ ! -e ${CTLCONFIGFILE} ]; then + echo "Generating ejabberdctl config file..." + cat ${CTLCONFIGTEMPLATE} \ + | python -c "${PYTHON_JINJA2}" \ + > ${CTLCONFIGFILE} + else + echo "ejabberdctl config file exists." + fi +} + + +file_exist ${FIRST_START_DONE_FILE} \ + && exit 0 + + +# generate config file +make_config + +exit 0 diff --git a/docker/scripts/stop/10_leave_cluster.sh b/docker/scripts/stop/10_leave_cluster.sh new file mode 100755 index 000000000..b75efc52d --- /dev/null +++ b/docker/scripts/stop/10_leave_cluster.sh @@ -0,0 +1,21 @@ +#!/bin/bash +set -e + +source "${EJABBERD_HOME}/scripts/lib/base_config.sh" +source "${EJABBERD_HOME}/scripts/lib/config.sh" +source "${EJABBERD_HOME}/scripts/lib/base_functions.sh" +source "${EJABBERD_HOME}/scripts/lib/functions.sh" + + +leave_cluster() { + echo "Leave cluster... " + rm ${CLUSTER_NODE_FILE} + NO_WARNINGS=true ${EJABBERDCTL} leave_cluster +} + + +file_exist ${CLUSTER_NODE_FILE} \ + && leave_cluster + + +exit 0 diff --git a/docker/start.sh b/docker/start.sh deleted file mode 100755 index 64a971f66..000000000 --- a/docker/start.sh +++ /dev/null @@ -1,69 +0,0 @@ -#!/bin/bash -set -e - -# Environment -export EJABBERD_HTTPS=${EJABBERD_HTTPS:-'true'} -export EJABBERD_STARTTLS=${EJABBERD_STARTTLS:-'true'} -export EJABBERD_S2S_SSL=${EJABBERD_S2S_SSL:-'true'} - -source "${EJABBERD_HOME}/docker/lib/base_config.sh" -source "${EJABBERD_HOME}/docker/lib/config.sh" -source "${EJABBERD_HOME}/docker/lib/base_functions.sh" -source "${EJABBERD_HOME}/docker/lib/functions.sh" - - -# discover hostname -readonly nodename=$(get_nodename) - -# set erlang node to node name from get_nodename -if [[ "$ERLANG_NODE" == "nodename" ]]; then - export ERLANG_NODE="ejabberd@${nodename}" -fi - - -run_scripts() { - local run_script=$1 - local run_script_dir="${EJABBERD_HOME}/docker/${run_script}" - - log "Run ${run_script} scripts..." - for script in ${run_script_dir}/*.sh ; do - if [ -f ${script} -a -x ${script} ] ; then - ${script} - fi - done -} - - -_trap() { - run_scripts "stop" - log "Stopping ejabberd..." - $EJABBERDCTL stop - $EJABBERDCTL stopped - exit 0 -} - - -# Catch signals and shutdown ejabberd -trap _trap SIGTERM SIGINT - -# print logfiles to stdout -tail -F ${LOGDIR}/crash.log \ - ${LOGDIR}/error.log \ - ${LOGDIR}/erlang.log \ - ${LOGDIR}/ejabberd.log & - -# start ejabberd -run_scripts "pre" -log "Starting ejabberd..." -$EJABBERDCTL start -$EJABBERDCTL started -log "Ejabberd started." -run_scripts "post" - -# run forever -while true; do sleep 1; done - -log "Ejabberd stopped." - - -exit 0 diff --git a/docker/stop/10_leave_cluster.sh b/docker/stop/10_leave_cluster.sh deleted file mode 100755 index f6fc97fa7..000000000 --- a/docker/stop/10_leave_cluster.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -set -e - -source "${EJABBERD_HOME}/docker/lib/base_config.sh" -source "${EJABBERD_HOME}/docker/lib/config.sh" -source "${EJABBERD_HOME}/docker/lib/base_functions.sh" -source "${EJABBERD_HOME}/docker/lib/functions.sh" - - -leave_cluster() { - log "Leave cluster..." - rm ${CLUSTER_NODE_FILE} - NO_WARNINGS=true ${EJABBERDCTL} leave_cluster -} - - -file_exist ${CLUSTER_NODE_FILE} \ - && leave_cluster - - -exit 0