You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

184 lines
4.3 KiB

#!/bin/bash
# Services Manager for 42l
ABS_FOLDER=$(dirname $(realpath $0))
SRV_FOLDER=$ABS_FOLDER/services
IMG_FOLDER=$ABS_FOLDER/images
## service-related functions
list_services()
{
ls $SRV_FOLDER
}
build_service()
{
env $(cat $SRV_FOLDER/$1/buildtime.env | xargs) docker-compose -f $SRV_FOLDER/$1/docker-compose.yml build
}
start_service()
{
env $(cat $SRV_FOLDER/$1/buildtime.env | xargs) docker-compose -f $SRV_FOLDER/$1/docker-compose.yml up -d
}
stop_service()
{
env $(cat $SRV_FOLDER/$1/buildtime.env | xargs) docker-compose -f $SRV_FOLDER/$1/docker-compose.yml down
}
restart_service()
{
stop_service $1
start_service $1
}
reload_service()
{
env $(cat $SRV_FOLDER/$1/buildtime.env | xargs) docker-compose -f $SRV_FOLDER/$1/docker-compose.yml restart
}
pull_service()
{
env $(cat $SRV_FOLDER/$1/buildtime.env | xargs) docker-compose -f $SRV_FOLDER/$1/docker-compose.yml pull
}
## image-related functions
list_images()
{
ls $IMG_FOLDER
}
build_image()
{
export $(cat $IMG_FOLDER/$1/buildtime.env | xargs)
docker build -t "local/${CONTAINER_NAME}" --build-arg=IMAGE_VERSION=${IMAGE_VERSION} $IMG_FOLDER/$1/
}
start_image()
{
if [ -f $IMG_FOLDER/$1/runtime.env -a -f $IMG_FOLDER/$1/start.sh ]; then
env $(cat $IMG_FOLDER/$1/runtime.env | xargs) $IMG_FOLDER/$1/start.sh
else
echo "$1 is not runnable (base image)."
fi
}
image_main()
{
if [ "$1" = "list" ]; then
list_images
elif [ -n "$2" ]; then
case $1 in
build) build_image $2;;
start) start_image $2;;
*) usage;;
esac
else
usage
fi
}
## audit-related functions
audit_all() {
audit_tabheader
for srv in $(ls $SRV_FOLDER); do
audit_single $srv
done
}
audit_single() {
if [ "$2" = "+header" ]; then
audit_tabheader
fi
printf "%-14s\t" "$1"
RUNNING=$(docker ps -q -f name=$1)
if [[ -z $RUNNING ]]; then
c_red "DOWN\t"
else
c_green "UP!\t"
fi
chkbool $(grep "pids_limit" $SRV_FOLDER/$1/docker-compose.yml | xargs | sed 's/pids_limit: //g')
echo -ne "\t\t"
chkbool $(grep "cpu_shares" $SRV_FOLDER/$1/docker-compose.yml | xargs | sed 's/cpu_shares: //g')
echo -ne "\t\t"
chkbool $(grep "mem_limit" $SRV_FOLDER/$1/docker-compose.yml | xargs | sed 's/mem_limit: //g')
echo -ne "\t\t"
if ! [[ -z $RUNNING ]]; then
chkbool $(docker inspect --format '{{ .Id }}:ReadonlyRootfs={{ .HostConfig.ReadonlyRootfs }}' $1 | grep -o "true" | sed 's/true/YES/g')
echo -ne "\t\t"
#chkbool $(ps -p $(docker inspect --format='{{ .State.Pid }}' $1) -o user | tail -n 1 | sed 's/root//g')
chkbool $(ps -p $(docker inspect --format='{{ .State.Pid }}' $1) -o user | tail -n 1 | sed 's/root//g' | sed -E 's/.+/YES/g')
echo -ne "\t\t"
chkbool $(docker inspect --format '{{ .Id }}:SecurityOpt={{ .HostConfig.SecurityOpt }}' $1 | grep "no-new-privileges" | sed -E 's/.+/YES/g')
echo -ne "\t\t"
chkbool $($(docker run --rm -it --net container:$1 nicolaka/netshoot netstat -tnul | tail -n +3 | awk '$1=$1' | cut -d ' ' -f4 | grep -q '0.0.0.0') || echo "YES")
echo -ne "\t\t"
fi
echo ""
}
audit_tabheader() {
echo -e "NAME\t\tSTATUS\tPID LIMIT\tCPU SHARES\tRAM LIMIT\tREAD-ONLY\tUNPRIVILEGED\tRESTR.PRIV.\tFIXED ADDR."
}
chkbool() {
if [[ -z $1 ]]; then
c_red "NO"
else
c_green "$1"
fi
}
c_red() {
echo -ne '\033[0;31m'$1'\033[0m'
}
c_green() {
echo -ne '\033[0;32m'$1'\033[0m'
}
## main
usage()
{
echo -e "Usage:\t$0 list\n"
echo -e "\t$0 <build|start|stop|restart|reload> <service_name>"
echo -e "\t$0 image list"
echo -e "\t$0 image <build|start> <service_name>"
echo -e "\t$0 audit [service_name]"
}
if [ "$1" = "list" ]; then
list_services
elif [ "$1" = "audit" ] && [ -z $2 ]; then
audit_all
elif [ -n "$2" ]; then
case $1 in
build) build_service $2;;
start) start_service $2;;
stop) stop_service $2;;
restart) restart_service $2;;
reload) reload_service $2;;
pull) pull_service $2;;
image) image_main $2 $3;;
audit) audit_single $2 "+header";;
*) usage;;
esac
else
usage
fi