# 执行编译docker的主配置
[core01:/data]# more /usr/local/worksh/alisz-pixso-cs-gate-docker-build.sh
#!/bin/bash # # 因编译依赖较多,编译时间不可控,需要手动处理,否则可能影响业务正常运行 cd /data/www/vhosts/services/fic-server-cs-gate && pwd && sudo chmod 755 ./log.sh ./temp_clear.sh sudo chmod 744 ./build.sh && #sudo make pro -e ENABLE_SSL=1 -e ENABLE_REDIS=0 && sudo make pro && sudo docker-compose down && sudo docker-compose up -d --build cs_gate_openresty
# 依赖的脚本
[core01:/data/www/vhosts/services/fic-server-cs-gate]# more log.sh
#! /bin/bash #cron logrotate切割日志调用 pid="$(/usr/bin/docker exec cs_gate_openresty cat /usr/local/openresty/nginx/logs/nginx.pid)" if [ -n "$pid" ]; then /usr/bin/docker exec cs_gate_openresty kill -USR1 $pid if [[ $? != 0 ]]; then echo send USR1 signal failed else echo send USR1 signal success fi fi
[core01:/data/www/vhosts/services/fic-server-cs-gate]# more temp_clear.sh
#! /bin/bash base_dir=$(dirname "$0") cd "$base_dir" || echo "go to $base_dir failed" if [ ! -f ".env" ]; then echo "env file not exists" exit 1 fi today=$(date +"%m-%d") last_hour=$(date -d "-1 hour" +"%H:%M") temp_dir=$(grep "^OPENRESTY_TEMP" ./.env | cut -d= -f2) if [ ! -d "$temp_dir" ]; then echo "dir not exist: $temp_dir" exit 1 fi if [[ "$temp_dir" != *"nginx_temp"* ]]; then echo "invalid temp dir: $temp_dir" exit 1 fi old_temp_files="" if [[ -n "$today" && -n "$last_hour" ]]; then old_temp_files="$(ls -trl --time-style=iso $temp_dir | awk -F' ' '{if (($6<"'$today'") || ($6=="'$today'" && $7<="'$last_hour'")) print $8}')" fi if [ -n "$old_temp_files" ]; then cd "$temp_dir" && rm -rf $old_temp_files && echo "del files: $old_temp_files" cd "$base_dir" || exit else echo "nothing to del" fi
# 编译文件
[core01:/data/www/vhosts/services/fic-server-cs-gate]# more build.sh
#!/bin/bash function Usage() { cat <<_END_ Usage: ./build.sh [options] options: -h, --help 帮助 -c, --conf_file <path> lua-cs 配置文件路径 -e, --env_file <path> env 文件路径 --resolver lua-cs dns解析地址配置: resolver, 优先取env文件中的配置值 --redis 是否启用nchan-redis广播 --ssl 是否启用ssl --mock 是否保留模拟接口 _END_ } function getEnv() { local file="$1" local key="$2" if [ -z $file ] || [ -z $key ]; then echo "err: bad args: $file : $key" >&2 exit 1 fi local env="$(grep "^[^#]" $file | sed -e 's/ #.*$//' | grep $key | head -n 1 | cut -d= -f2)" if [ -z "$env" ]; then exit 1 else echo "$env" fi } enable_redis=false enable_ssl=false enable_mock=false env_file="" docker_compose_file="" conf_file="" resolver_srv="$(cat /etc/resolv.conf | grep nameserver | uniq | head -n 1 | cut -d" " -f2)" while [[ $# -gt 0 ]]; do case "$1" in --redis) #启用redis广播 enable_redis=true shift # shift once since flags have no values ;; --mock) #保留模拟接口 enable_mock=true shift # shift once since flags have no values ;; --ssl) #启用ssl enable_ssl=true shift # shift once since flags have no values ;; -c | --conf_file) conf_file=$2 shift 2 # shift twice to bypass switch and its value ;; -e | --env_file) env_file=$2 shift 2 # shift twice to bypass switch and its value ;; --docker_compose_file) docker_compose_file=$2 shift 2 # shift twice to bypass switch and its value ;; --resolver) resolver_srv=$2 shift 2 # shift twice to bypass switch and its value ;; -h | --help) Usage exit 0 ;; *) # unknown flag/switch echo "invalid flag: $1" >&2 exit 1 ;; esac done if [ -z "$env_file" ]; then echo "err: missing --env_file opt" >&2 exit 1 fi if [ -z "$docker_compose_file" ]; then echo "err: missing --docker_compose_file opt" >&2 exit 1 fi if [ -z "$conf_file" ]; then echo "err: missing --conf_file opt" >&2 exit 1 fi resolv="" router="" redis="" conf_dir="" node_port="" ssl_crt_file="" ssl_key_file="" function getResolv() { resolv="$(getEnv $env_file "CS_GAET_RESOLVER")" if [ -z "$resolv" ] && [ -n "$resolver_srv" ]; then resolv="$resolver_srv" fi if [ -z "$resolv" ]; then echo "err: CS_GAET_RESOLVER not set" >&2 exit 1 fi } function getRouterServer() { router="$(getEnv $env_file "CS_ROUTER_UPSTREAM")" if [ -z "$router" ]; then echo "err: CS_ROUTER_UPSTREAM not set" >&2 exit 1 fi } function getRedis() { redis="$(getEnv $env_file "CS_REDIS_UPSTREAM")" if [ -z "$redis" ]; then echo "err: CS_REDIS_UPSTREAM not set" >&2 exit 1 fi } function getConfDir() { conf_dir="$(getEnv $env_file "OPENRESTY_CONFD_DIR")" if [ -z "$conf_dir" ]; then echo "err: OPENRESTY_CONFD_DIR not set" >&2 exit 1 fi } function getNodePort() { node_port="$(getEnv $env_file "CS_NODE_PORT")" if [ -z "$node_port" ]; then echo "err: CS_NODE_PORT not set" >&2 exit 1 fi } function getSSL() { ssl_crt_file="$(getEnv $env_file "CS_SSL_CRT")" if [ -z "$ssl_crt_file" ]; then echo "err: CS_SSL_CRT not set" >&2 exit 1 fi ssl_key_file="$(getEnv $env_file "CS_SSL_KEY")" if [ -z "$ssl_key_file" ]; then echo "err: CS_SSL_KEY not set" >&2 exit 1 fi } getRedis getResolv getRouterServer getConfDir getNodePort getSSL CONF_SAMPLE_FILE=./services/openresty/conf.d/lua-cs.sample function moveFiles() { /bin/cp -f $docker_compose_file ./docker-compose.yml if [[ $? != 0 ]]; then echo "err: cp $docker_compose_file" >&2 exit 1 fi cat <<_END_ \n === 覆盖文件 docker-compose.yml === \n \t from: $docker_compose_file \n \n _END_ /bin/cp -f $env_file ./.env if [[ $? != 0 ]]; then echo "err: cp $env_file" >&2 exit 1 fi if [[ $enable_ssl == true ]]; then sed -i "/CS_INTERNAL_WS/{s/\<ws:/wss:/g}" ./.env else sed -i "/CS_INTERNAL_WS/{s/\<wss:/ws:/g}" ./.env fi if [[ $? != 0 ]]; then echo "err: failed to set ssl" exit 1 fi cat <<_END_ \n === 覆盖文件 .env === \n \t from: $env_file \n \n _END_ } function clearConf() { local del_files local root_dir if [[ $enable_mock == true ]]; then del_files=$(ls "$conf_dir" | grep ".*.conf$" | grep -v localhost_test.conf) else del_files=$(ls "$conf_dir" | grep ".*.conf$") fi root_dir=$(pwd) if [ -n "$del_files" ]; then cd $conf_dir && tar --overwrite -czf ./conf_back.tar.gz $del_files cd "$root_dir" fi cd $conf_dir && /bin/rm -f $del_files cd "$root_dir" if [[ $? != 0 ]]; then echo "err: rm $del_files" >&2 exit 1 fi cat <<_END_ \n === 删除conf文件 === \n \t $del_files \n \n _END_ } function buildConfFile() { sed -e "s|resolver [0-9\.]*|resolver $resolv|" $CONF_SAMPLE_FILE >$conf_file if [[ $? != 0 ]]; then echo "err: failed to init resolver" exit 1 fi cat <<_END_ \n === 修改 resolver === \n \t resolver: $resolv \n \n _END_ sed -i "/upstream cs_router/{:a;n;s|server [0-9\.:]*|server $router|g;/\}/!ba}" $conf_file if [[ $? != 0 ]]; then echo "err: failed to set router" exit 1 fi cat <<_END_ === 修改 router === \n \t router: $router \n \n _END_ if [[ $enable_redis == true ]]; then local redis_server local pattern redis_server=$(echo $redis | sed -e "s|,|;\\\n nchan_redis_server |g; s/^/nchan_redis_server &/" | awk '{gsub(/\\\//, "/"); gsub(/\//, "\\/"); print $0}') pattern="/upstream cs_redis/{:a;n;s|nchan_redis_server [0-9a-zA-Z\.:\/\@_]*|$redis_server|g;/\}/!ba}" sed -i "$pattern" $conf_file if [[ $? != 0 ]]; then echo "err: failed to enable redis" exit 1 fi cat <<_END_ === 修改 redis upstream === \n \t redis-server: $redis \n \n _END_ else sed -i "s/nchan_redis_pass/# nchan_redis_pass/g; \ s/^upstream cs_redis/# &/; \ /upstream cs_redis/{:a;n;s/^/# &/;/\}/!ba} " $conf_file if [[ $? != 0 ]]; then echo "err: failed to disable redis" exit 1 fi cat <<_END_ === 取消 redis upstream === \n \n _END_ fi if [[ $enable_ssl == true ]]; then sed -i "/listen \+$node_port/{s/ \+ssl \?/ /g;s/;$/ ssl;/g}; \ s|\(ssl_certificate \+\).*;$|\1$ssl_crt_file;|g; \ s|\(ssl_certificate_key \+\).*;$|\1$ssl_key_file;|g; \ s|# \+ssl_|ssl_|g " $conf_file if [[ $? != 0 ]]; then echo "err: failed to enable ssl" exit 1 fi cat <<_END_ === 配置 ssl === \n \t ssl_crt: $ssl_crt_file \n \t ssl_key: $ssl_key_file \n \n _END_ else sed -i "/listen \+$node_port/{s/ \+ssl \?/ /g}; s|\(ssl_certificate \+\).*;$|\1$ssl_crt_file;|g; \ s|\(ssl_certificate_key \+\).*\;$|\1$ssl_key_file;|g; \ s/[^#] \+ssl_/# &/g; " $conf_file if [[ $? != 0 ]]; then echo "err: failed to disable ssl" exit 1 fi cat <<_END_ === 取消 ssl === \n \n _END_ fi } clearConf moveFiles buildConfFile cat <<_END_ \n Successful! \n \n _END_
# docker-compose文件
[core01:/data/www/vhosts/services/fic-server-cs-gate]# more docker-compose-pro.yml
version: "3" services: cs_gate_openresty: # image: openresty/openresty:${OPENRESTY_VERSION} build: context: ./services/openresty dockerfile: /data/www/vhosts/services/fic-server-cs-gate/services/openresty/Dockerfile.build target: pro args: RESTY_FLAVOR: centos RESTY_SRC_VERSION: "1.19.3.1" NCHAN_VERSION: "1.2.2" container_name: cs_gate_openresty volumes: # - ${SOURCE_DIR}:/www/:rw - ${OPENRESTY_CONFD_DIR}:/etc/nginx/conf.d/:ro - ${OPENRESTY_SSL_CERTIFICATE_DIR}:/ssl:ro - ${OPENRESTY_CONF_FILE}:/usr/local/openresty/nginx/conf/nginx.conf:ro - ${OPENRESTY_TEMP}:/usr/local/openresty/nginx/client_body_temp:rw - ${OPENRESTY_LOG_DIR}:/var/log/nginx/:rw - ${OPENRESTY_LUA_DIR}:/etc/nginx/lua/:ro environment: TZ: "$TZ" CS_NODE_HOST: "$CS_NODE_HOST" CS_NODE_PORT: "$CS_NODE_PORT" CS_INTERNAL_WS: "$CS_INTERNAL_WS" CS_ETCD_HOST: "$CS_ETCD_HOST" CS_ETCD_USER: "$CS_ETCD_USER" CS_ETCD_PWD: "$CS_ETCD_PWD" CS_ETCD_LEASE_TTL: "$CS_ETCD_LEASE_TTL" CS_ETCD_LEASE_INTERVAL: "$CS_ETCD_LEASE_INTERVAL" restart: always network_mode: "host"
# docker编译主配置文件
[core01:/data]# cat /data/www/vhosts/services/fic-server-cs-gate/services/openresty/Dockerfile.build
ARG RESTY_FLAVOR FROM openresty/openresty:${RESTY_FLAVOR} as base FROM base as builder ARG RESTY_SRC_VERSION ARG NCHAN_VERSION ARG RESTY_YUM_REPO="https://openresty.org/package/centos/openresty.repo" RUN cd /tmp && curl -fSL https://openresty.org/download/openresty-${RESTY_SRC_VERSION}.tar.gz -o openresty-${RESTY_SRC_VERSION}.tar.gz RUN cd /tmp && curl -fSL https://github.com/slact/nchan/archive/v${NCHAN_VERSION}.tar.gz -o nchan-${NCHAN_VERSION}.tar.gz # RUN luarocks 安装依赖包 RUN /usr/local/openresty/luajit/bin/luarocks install lua-resty-jit-uuid RUN yum install -y yum-utils \ && yum-config-manager --add-repo ${RESTY_YUM_REPO} \ && yum install -y \ gettext \ gzip \ make \ tar \ unzip \ pcre-devel \ openssl-devel \ gcc \ && cd /tmp \ && tar xzf openresty-${RESTY_SRC_VERSION}.tar.gz \ && tar xzf nchan-${NCHAN_VERSION}.tar.gz \ && cd openresty-${RESTY_SRC_VERSION} \ && ./configure \ --with-http_v2_module \ --add-module=/tmp/nchan-${NCHAN_VERSION} \ && make\ && make install \ && yum clean all \ && cd /tmp \ && rm -rf openresty-${RESTY_SRC_VERSION} openresty-${RESTY_SRC_VERSION}.tar.gz \ && rm -rf nchan-${NCHAN_VERSION}.tar.gz nchan-${NCHAN_VERSION} #安装第三方resty库 COPY ./lualib/neturl/url.lua /usr/local/openresty/lualib/ COPY ./lualib/typeof/typeof.lua /usr/local/openresty/lualib/ COPY ./lualib/lua-resty-http/*.lua /usr/local/openresty/lualib/resty/ COPY ./lualib/lua-resty-etcd/etcd.lua /usr/local/openresty/lualib/resty/ COPY ./lualib/lua-resty-etcd/etcd /usr/local/openresty/lualib/resty/etcd CMD ["/usr/bin/openresty", "-g", "daemon off;"] # Use SIGQUIT instead of default SIGTERM to cleanly drain requests # See https://github.com/openresty/docker-openresty/blob/master/README.md#tips--pitfalls STOPSIGNAL SIGQUIT FROM builder as dev FROM builder as test FROM builder as pro FROM builder as local RUN yum install -y iproute net-work net-tools.x86_64 #ip ifconfig 工具,可选 RUN /usr/local/openresty/luajit/bin/luarocks install luacheck #开发调试,非必需 RUN yum install -y perl-Test-Nginx #开发调试,非必需 # # RUN yum install -y perl-CPAN.noarch #开发调试,非必需 # RUN yum install -y perl-App-cpanminus #开发调试,非必需 # RUN cpanm Protocol::WebSocket RUN cd /tmp && curl -fSL https://github.com/openresty/openresty-devel-utils/archive/master.tar.gz -o openresty-devel-utils.tar.gz RUN cd /tmp && tar xzf openresty-devel-utils.tar.gz -C /usr/share \ && rm -rf openresty-devel-utils.tar.gz ENV PATH="${PATH}:/usr/share/openresty-devel-utils-master"
执行主配置编译报错:
# 报错1
Step 8/20 : RUN cd /tmp && curl -fSL https://github.com/slact/nchan/archive/v${NCHAN_VERSION}.tar.gz -o nchan-${NCHAN_VERSION}.tar.gz
---> Running in 02c82cd862f7
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 119 0 119 0 0 23 0 --:--:-- 0:00:05 --:--:-- 26
100 205k 0 205k 0 0 671 0 --:--:-- 0:05:13 --:--:-- 0
curl: (56) OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104
ERROR: Service 'cs_gate_openresty' failed to build : The command '/bin/sh -c cd /tmp && curl -fSL https://github.com/slact/nchan/archive/v${NCHAN_VERSION}.tar.gz -o nchan-${NCHAN_VERSION}.tar.gz' returned a non-zero code: 56
# 报错2
Step 3/18 : FROM base as builder
---> 986d477107a9
Step 4/18 : ARG RESTY_SRC_VERSION
---> Using cache
---> 52adc77b4464
Step 5/18 : ARG NCHAN_VERSION
---> Using cache
---> 2919d20ae795
Step 6/18 : ARG RESTY_YUM_REPO="https://openresty.org/package/centos/openresty.repo"
---> Using cache
---> 3505e48abd9f
Step 7/18 : RUN /usr/local/openresty/luajit/bin/luarocks install lua-resty-jit-uuid
---> Running in 15db5a8636e7
Warning: Failed searching manifest: Failed downloading https://luarocks.org - Failed downloading https://luarocks.org/manifest-5.1 - /root/.cache/luarocks/https___luarocks.org/manifest-5.1
Warning: Failed searching manifest: Failed downloading https://raw.githubusercontent.com/rocks-moonscript-org/moonrocks-mirror/master - Failed downloading https://raw.githubusercontent.com/rocks-moonscript-org/moonrocks-mirror/master/manifest-5.1 - /root/.cache/luarocks/https___raw.githubusercontent.com_rocks-moonscript-org_moonrocks-mirror_master/manifest-5.1
Warning: Failed searching manifest: Failed downloading http://luafr.org/moonrocks - Failed downloading http://luafr.org/moonrocks/manifest-5.1 - /root/.cache/luarocks/http___luafr.org_moonrocks/manifest-5.1
Warning: Failed searching manifest: Failed downloading http://luarocks.logiceditor.com/rocks - Failed downloading http://luarocks.logiceditor.com/rocks/manifest-5.1 - /root/.cache/luarocks/http___luarocks.logiceditor.com_rocks/manifest-5.1
Error: No results matching query were found for Lua 5.1.
To check if it is available for other Lua versions, use --check-lua-versions.
ERROR: Service 'cs_gate_openresty' failed to build : The command '/bin/sh -c /usr/local/openresty/luajit/bin/luarocks install lua-resty-jit-uuid' returned a non-zero code: 1
分析:
仔细看报错:
Step 7/20 : RUN cd /tmp && curl -fSL https://openresty.org/download/openresty-${RESTY_SRC_VERSION}.tar.gz -o openresty-${RESTY_SRC_VERSION}.tar.gz
---> Running in 029c74012006
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:14 --:--:-- 0curl: (6) Could not resolve host: openresty.org
ERROR: Service 'cs_gate_openresty' failed to build : The command '/bin/sh -c cd /tmp && curl -fSL https://openresty.org/download/openresty-${RESTY_SRC_VERSION}.tar.gz -o openresty-${RESTY_SRC_VERSION}.tar.gz' returned a non-zero code: 6
以为是curl版本问题或者是resole.conf中dns设置问题,修改后问题依旧
通过在机器中执行命令,发现是可以成功下载的 curl -fSL https://openresty.org/download/openresty-1.19.3.1.tar.gz -o openresty-1.19.3.1.tar.gz
突然想到应该是docker容器内部访问的网络问题,于是重启 docker重新执行编译,问题解决
systemctl restart docker