# 执行编译docker的主配置
[core01:/data]# more /usr/local/worksh/alisz-pixso-cs-gate-docker-build.sh
#!/bin/bash
#
# 因编译依赖较多,编译时间不可控,需要手动处理,否则可能影响业务正常运行
cd /data/www/vhosts/services/fic-server-cs-gate && pwd &&
sudo chmod 755 ./log.sh ./temp_clear.sh
sudo chmod 744 ./build.sh &&
#sudo make pro -e ENABLE_SSL=1 -e ENABLE_REDIS=0 &&
sudo make pro &&
sudo docker-compose down &&
sudo docker-compose up -d --build cs_gate_openresty
# 依赖的脚本
[core01:/data/www/vhosts/services/fic-server-cs-gate]# more log.sh
#! /bin/bash
#cron logrotate切割日志调用
pid="$(/usr/bin/docker exec cs_gate_openresty cat /usr/local/openresty/nginx/logs/nginx.pid)"
if [ -n "$pid" ]; then
/usr/bin/docker exec cs_gate_openresty kill -USR1 $pid
if [[ $? != 0 ]]; then
echo send USR1 signal failed
else
echo send USR1 signal success
fi
fi
[core01:/data/www/vhosts/services/fic-server-cs-gate]# more temp_clear.sh
#! /bin/bash
base_dir=$(dirname "$0")
cd "$base_dir" || echo "go to $base_dir failed"
if [ ! -f ".env" ]; then
echo "env file not exists"
exit 1
fi
today=$(date +"%m-%d")
last_hour=$(date -d "-1 hour" +"%H:%M")
temp_dir=$(grep "^OPENRESTY_TEMP" ./.env | cut -d= -f2)
if [ ! -d "$temp_dir" ]; then
echo "dir not exist: $temp_dir"
exit 1
fi
if [[ "$temp_dir" != *"nginx_temp"* ]]; then
echo "invalid temp dir: $temp_dir"
exit 1
fi
old_temp_files=""
if [[ -n "$today" && -n "$last_hour" ]]; then
old_temp_files="$(ls -trl --time-style=iso $temp_dir | awk -F' ' '{if (($6<"'$today'") || ($6=="'$today'" && $7<="'$last_hour'")) print $8}')"
fi
if [ -n "$old_temp_files" ]; then
cd "$temp_dir" &&
rm -rf $old_temp_files && echo "del files: $old_temp_files"
cd "$base_dir" || exit
else
echo "nothing to del"
fi
# 编译文件
[core01:/data/www/vhosts/services/fic-server-cs-gate]# more build.sh
#!/bin/bash
function Usage() {
cat <<_END_
Usage: ./build.sh [options]
options:
-h, --help 帮助
-c, --conf_file <path> lua-cs 配置文件路径
-e, --env_file <path> env 文件路径
--resolver lua-cs dns解析地址配置: resolver, 优先取env文件中的配置值
--redis 是否启用nchan-redis广播
--ssl 是否启用ssl
--mock 是否保留模拟接口
_END_
}
function getEnv() {
local file="$1"
local key="$2"
if [ -z $file ] || [ -z $key ]; then
echo "err: bad args: $file : $key" >&2
exit 1
fi
local env="$(grep "^[^#]" $file | sed -e 's/ #.*$//' | grep $key | head -n 1 | cut -d= -f2)"
if [ -z "$env" ]; then
exit 1
else
echo "$env"
fi
}
enable_redis=false
enable_ssl=false
enable_mock=false
env_file=""
docker_compose_file=""
conf_file=""
resolver_srv="$(cat /etc/resolv.conf | grep nameserver | uniq | head -n 1 | cut -d" " -f2)"
while [[ $# -gt 0 ]]; do
case "$1" in
--redis)
#启用redis广播
enable_redis=true
shift # shift once since flags have no values
;;
--mock)
#保留模拟接口
enable_mock=true
shift # shift once since flags have no values
;;
--ssl)
#启用ssl
enable_ssl=true
shift # shift once since flags have no values
;;
-c | --conf_file)
conf_file=$2
shift 2 # shift twice to bypass switch and its value
;;
-e | --env_file)
env_file=$2
shift 2 # shift twice to bypass switch and its value
;;
--docker_compose_file)
docker_compose_file=$2
shift 2 # shift twice to bypass switch and its value
;;
--resolver)
resolver_srv=$2
shift 2 # shift twice to bypass switch and its value
;;
-h | --help)
Usage
exit 0
;;
*) # unknown flag/switch
echo "invalid flag: $1" >&2
exit 1
;;
esac
done
if [ -z "$env_file" ]; then
echo "err: missing --env_file opt" >&2
exit 1
fi
if [ -z "$docker_compose_file" ]; then
echo "err: missing --docker_compose_file opt" >&2
exit 1
fi
if [ -z "$conf_file" ]; then
echo "err: missing --conf_file opt" >&2
exit 1
fi
resolv=""
router=""
redis=""
conf_dir=""
node_port=""
ssl_crt_file=""
ssl_key_file=""
function getResolv() {
resolv="$(getEnv $env_file "CS_GAET_RESOLVER")"
if [ -z "$resolv" ] && [ -n "$resolver_srv" ]; then
resolv="$resolver_srv"
fi
if [ -z "$resolv" ]; then
echo "err: CS_GAET_RESOLVER not set" >&2
exit 1
fi
}
function getRouterServer() {
router="$(getEnv $env_file "CS_ROUTER_UPSTREAM")"
if [ -z "$router" ]; then
echo "err: CS_ROUTER_UPSTREAM not set" >&2
exit 1
fi
}
function getRedis() {
redis="$(getEnv $env_file "CS_REDIS_UPSTREAM")"
if [ -z "$redis" ]; then
echo "err: CS_REDIS_UPSTREAM not set" >&2
exit 1
fi
}
function getConfDir() {
conf_dir="$(getEnv $env_file "OPENRESTY_CONFD_DIR")"
if [ -z "$conf_dir" ]; then
echo "err: OPENRESTY_CONFD_DIR not set" >&2
exit 1
fi
}
function getNodePort() {
node_port="$(getEnv $env_file "CS_NODE_PORT")"
if [ -z "$node_port" ]; then
echo "err: CS_NODE_PORT not set" >&2
exit 1
fi
}
function getSSL() {
ssl_crt_file="$(getEnv $env_file "CS_SSL_CRT")"
if [ -z "$ssl_crt_file" ]; then
echo "err: CS_SSL_CRT not set" >&2
exit 1
fi
ssl_key_file="$(getEnv $env_file "CS_SSL_KEY")"
if [ -z "$ssl_key_file" ]; then
echo "err: CS_SSL_KEY not set" >&2
exit 1
fi
}
getRedis
getResolv
getRouterServer
getConfDir
getNodePort
getSSL
CONF_SAMPLE_FILE=./services/openresty/conf.d/lua-cs.sample
function moveFiles() {
/bin/cp -f $docker_compose_file ./docker-compose.yml
if [[ $? != 0 ]]; then
echo "err: cp $docker_compose_file" >&2
exit 1
fi
cat <<_END_
\n
=== 覆盖文件 docker-compose.yml === \n
\t from: $docker_compose_file \n
\n
_END_
/bin/cp -f $env_file ./.env
if [[ $? != 0 ]]; then
echo "err: cp $env_file" >&2
exit 1
fi
if [[ $enable_ssl == true ]]; then
sed -i "/CS_INTERNAL_WS/{s/\<ws:/wss:/g}" ./.env
else
sed -i "/CS_INTERNAL_WS/{s/\<wss:/ws:/g}" ./.env
fi
if [[ $? != 0 ]]; then
echo "err: failed to set ssl"
exit 1
fi
cat <<_END_
\n
=== 覆盖文件 .env === \n
\t from: $env_file \n
\n
_END_
}
function clearConf() {
local del_files
local root_dir
if [[ $enable_mock == true ]]; then
del_files=$(ls "$conf_dir" | grep ".*.conf$" | grep -v localhost_test.conf)
else
del_files=$(ls "$conf_dir" | grep ".*.conf$")
fi
root_dir=$(pwd)
if [ -n "$del_files" ]; then
cd $conf_dir && tar --overwrite -czf ./conf_back.tar.gz $del_files
cd "$root_dir"
fi
cd $conf_dir && /bin/rm -f $del_files
cd "$root_dir"
if [[ $? != 0 ]]; then
echo "err: rm $del_files" >&2
exit 1
fi
cat <<_END_
\n
=== 删除conf文件 === \n
\t $del_files \n
\n
_END_
}
function buildConfFile() {
sed -e "s|resolver [0-9\.]*|resolver $resolv|" $CONF_SAMPLE_FILE >$conf_file
if [[ $? != 0 ]]; then
echo "err: failed to init resolver"
exit 1
fi
cat <<_END_
\n
=== 修改 resolver === \n
\t resolver: $resolv \n
\n
_END_
sed -i "/upstream cs_router/{:a;n;s|server [0-9\.:]*|server $router|g;/\}/!ba}" $conf_file
if [[ $? != 0 ]]; then
echo "err: failed to set router"
exit 1
fi
cat <<_END_
=== 修改 router === \n
\t router: $router \n
\n
_END_
if [[ $enable_redis == true ]]; then
local redis_server
local pattern
redis_server=$(echo $redis |
sed -e "s|,|;\\\n nchan_redis_server |g; s/^/nchan_redis_server &/" |
awk '{gsub(/\\\//, "/"); gsub(/\//, "\\/"); print $0}')
pattern="/upstream cs_redis/{:a;n;s|nchan_redis_server [0-9a-zA-Z\.:\/\@_]*|$redis_server|g;/\}/!ba}"
sed -i "$pattern" $conf_file
if [[ $? != 0 ]]; then
echo "err: failed to enable redis"
exit 1
fi
cat <<_END_
=== 修改 redis upstream === \n
\t redis-server: $redis \n
\n
_END_
else
sed -i "s/nchan_redis_pass/# nchan_redis_pass/g; \
s/^upstream cs_redis/# &/; \
/upstream cs_redis/{:a;n;s/^/# &/;/\}/!ba} " $conf_file
if [[ $? != 0 ]]; then
echo "err: failed to disable redis"
exit 1
fi
cat <<_END_
=== 取消 redis upstream === \n
\n
_END_
fi
if [[ $enable_ssl == true ]]; then
sed -i "/listen \+$node_port/{s/ \+ssl \?/ /g;s/;$/ ssl;/g}; \
s|\(ssl_certificate \+\).*;$|\1$ssl_crt_file;|g; \
s|\(ssl_certificate_key \+\).*;$|\1$ssl_key_file;|g; \
s|# \+ssl_|ssl_|g " $conf_file
if [[ $? != 0 ]]; then
echo "err: failed to enable ssl"
exit 1
fi
cat <<_END_
=== 配置 ssl === \n
\t ssl_crt: $ssl_crt_file \n
\t ssl_key: $ssl_key_file \n
\n
_END_
else
sed -i "/listen \+$node_port/{s/ \+ssl \?/ /g}; s|\(ssl_certificate \+\).*;$|\1$ssl_crt_file;|g; \
s|\(ssl_certificate_key \+\).*\;$|\1$ssl_key_file;|g; \
s/[^#] \+ssl_/# &/g; " $conf_file
if [[ $? != 0 ]]; then
echo "err: failed to disable ssl"
exit 1
fi
cat <<_END_
=== 取消 ssl === \n
\n
_END_
fi
}
clearConf
moveFiles
buildConfFile
cat <<_END_
\n
Successful! \n
\n
_END_
# docker-compose文件
[core01:/data/www/vhosts/services/fic-server-cs-gate]# more docker-compose-pro.yml
version: "3"
services:
cs_gate_openresty:
# image: openresty/openresty:${OPENRESTY_VERSION}
build:
context: ./services/openresty
dockerfile: /data/www/vhosts/services/fic-server-cs-gate/services/openresty/Dockerfile.build
target: pro
args:
RESTY_FLAVOR: centos
RESTY_SRC_VERSION: "1.19.3.1"
NCHAN_VERSION: "1.2.2"
container_name: cs_gate_openresty
volumes:
# - ${SOURCE_DIR}:/www/:rw
- ${OPENRESTY_CONFD_DIR}:/etc/nginx/conf.d/:ro
- ${OPENRESTY_SSL_CERTIFICATE_DIR}:/ssl:ro
- ${OPENRESTY_CONF_FILE}:/usr/local/openresty/nginx/conf/nginx.conf:ro
- ${OPENRESTY_TEMP}:/usr/local/openresty/nginx/client_body_temp:rw
- ${OPENRESTY_LOG_DIR}:/var/log/nginx/:rw
- ${OPENRESTY_LUA_DIR}:/etc/nginx/lua/:ro
environment:
TZ: "$TZ"
CS_NODE_HOST: "$CS_NODE_HOST"
CS_NODE_PORT: "$CS_NODE_PORT"
CS_INTERNAL_WS: "$CS_INTERNAL_WS"
CS_ETCD_HOST: "$CS_ETCD_HOST"
CS_ETCD_USER: "$CS_ETCD_USER"
CS_ETCD_PWD: "$CS_ETCD_PWD"
CS_ETCD_LEASE_TTL: "$CS_ETCD_LEASE_TTL"
CS_ETCD_LEASE_INTERVAL: "$CS_ETCD_LEASE_INTERVAL"
restart: always
network_mode: "host"
# docker编译主配置文件
[core01:/data]# cat /data/www/vhosts/services/fic-server-cs-gate/services/openresty/Dockerfile.build
ARG RESTY_FLAVOR
FROM openresty/openresty:${RESTY_FLAVOR} as base
FROM base as builder
ARG RESTY_SRC_VERSION
ARG NCHAN_VERSION
ARG RESTY_YUM_REPO="https://openresty.org/package/centos/openresty.repo"
RUN cd /tmp && curl -fSL https://openresty.org/download/openresty-${RESTY_SRC_VERSION}.tar.gz -o openresty-${RESTY_SRC_VERSION}.tar.gz
RUN cd /tmp && curl -fSL https://github.com/slact/nchan/archive/v${NCHAN_VERSION}.tar.gz -o nchan-${NCHAN_VERSION}.tar.gz
# RUN luarocks 安装依赖包
RUN /usr/local/openresty/luajit/bin/luarocks install lua-resty-jit-uuid
RUN yum install -y yum-utils \
&& yum-config-manager --add-repo ${RESTY_YUM_REPO} \
&& yum install -y \
gettext \
gzip \
make \
tar \
unzip \
pcre-devel \
openssl-devel \
gcc \
&& cd /tmp \
&& tar xzf openresty-${RESTY_SRC_VERSION}.tar.gz \
&& tar xzf nchan-${NCHAN_VERSION}.tar.gz \
&& cd openresty-${RESTY_SRC_VERSION} \
&& ./configure \
--with-http_v2_module \
--add-module=/tmp/nchan-${NCHAN_VERSION} \
&& make\
&& make install \
&& yum clean all \
&& cd /tmp \
&& rm -rf openresty-${RESTY_SRC_VERSION} openresty-${RESTY_SRC_VERSION}.tar.gz \
&& rm -rf nchan-${NCHAN_VERSION}.tar.gz nchan-${NCHAN_VERSION}
#安装第三方resty库
COPY ./lualib/neturl/url.lua /usr/local/openresty/lualib/
COPY ./lualib/typeof/typeof.lua /usr/local/openresty/lualib/
COPY ./lualib/lua-resty-http/*.lua /usr/local/openresty/lualib/resty/
COPY ./lualib/lua-resty-etcd/etcd.lua /usr/local/openresty/lualib/resty/
COPY ./lualib/lua-resty-etcd/etcd /usr/local/openresty/lualib/resty/etcd
CMD ["/usr/bin/openresty", "-g", "daemon off;"]
# Use SIGQUIT instead of default SIGTERM to cleanly drain requests
# See https://github.com/openresty/docker-openresty/blob/master/README.md#tips--pitfalls
STOPSIGNAL SIGQUIT
FROM builder as dev
FROM builder as test
FROM builder as pro
FROM builder as local
RUN yum install -y iproute net-work net-tools.x86_64 #ip ifconfig 工具,可选
RUN /usr/local/openresty/luajit/bin/luarocks install luacheck #开发调试,非必需
RUN yum install -y perl-Test-Nginx #开发调试,非必需
# # RUN yum install -y perl-CPAN.noarch #开发调试,非必需
# RUN yum install -y perl-App-cpanminus #开发调试,非必需
# RUN cpanm Protocol::WebSocket
RUN cd /tmp && curl -fSL https://github.com/openresty/openresty-devel-utils/archive/master.tar.gz -o openresty-devel-utils.tar.gz
RUN cd /tmp && tar xzf openresty-devel-utils.tar.gz -C /usr/share \
&& rm -rf openresty-devel-utils.tar.gz
ENV PATH="${PATH}:/usr/share/openresty-devel-utils-master"
执行主配置编译报错:
# 报错1
Step 8/20 : RUN cd /tmp && curl -fSL https://github.com/slact/nchan/archive/v${NCHAN_VERSION}.tar.gz -o nchan-${NCHAN_VERSION}.tar.gz
---> Running in 02c82cd862f7
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 119 0 119 0 0 23 0 --:--:-- 0:00:05 --:--:-- 26
100 205k 0 205k 0 0 671 0 --:--:-- 0:05:13 --:--:-- 0
curl: (56) OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104
ERROR: Service 'cs_gate_openresty' failed to build : The command '/bin/sh -c cd /tmp && curl -fSL https://github.com/slact/nchan/archive/v${NCHAN_VERSION}.tar.gz -o nchan-${NCHAN_VERSION}.tar.gz' returned a non-zero code: 56
# 报错2
Step 3/18 : FROM base as builder
---> 986d477107a9
Step 4/18 : ARG RESTY_SRC_VERSION
---> Using cache
---> 52adc77b4464
Step 5/18 : ARG NCHAN_VERSION
---> Using cache
---> 2919d20ae795
Step 6/18 : ARG RESTY_YUM_REPO="https://openresty.org/package/centos/openresty.repo"
---> Using cache
---> 3505e48abd9f
Step 7/18 : RUN /usr/local/openresty/luajit/bin/luarocks install lua-resty-jit-uuid
---> Running in 15db5a8636e7
Warning: Failed searching manifest: Failed downloading https://luarocks.org - Failed downloading https://luarocks.org/manifest-5.1 - /root/.cache/luarocks/https___luarocks.org/manifest-5.1
Warning: Failed searching manifest: Failed downloading https://raw.githubusercontent.com/rocks-moonscript-org/moonrocks-mirror/master - Failed downloading https://raw.githubusercontent.com/rocks-moonscript-org/moonrocks-mirror/master/manifest-5.1 - /root/.cache/luarocks/https___raw.githubusercontent.com_rocks-moonscript-org_moonrocks-mirror_master/manifest-5.1
Warning: Failed searching manifest: Failed downloading http://luafr.org/moonrocks - Failed downloading http://luafr.org/moonrocks/manifest-5.1 - /root/.cache/luarocks/http___luafr.org_moonrocks/manifest-5.1
Warning: Failed searching manifest: Failed downloading http://luarocks.logiceditor.com/rocks - Failed downloading http://luarocks.logiceditor.com/rocks/manifest-5.1 - /root/.cache/luarocks/http___luarocks.logiceditor.com_rocks/manifest-5.1
Error: No results matching query were found for Lua 5.1.
To check if it is available for other Lua versions, use --check-lua-versions.
ERROR: Service 'cs_gate_openresty' failed to build : The command '/bin/sh -c /usr/local/openresty/luajit/bin/luarocks install lua-resty-jit-uuid' returned a non-zero code: 1
分析:
仔细看报错:
Step 7/20 : RUN cd /tmp && curl -fSL https://openresty.org/download/openresty-${RESTY_SRC_VERSION}.tar.gz -o openresty-${RESTY_SRC_VERSION}.tar.gz
---> Running in 029c74012006
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:14 --:--:-- 0curl: (6) Could not resolve host: openresty.org
ERROR: Service 'cs_gate_openresty' failed to build : The command '/bin/sh -c cd /tmp && curl -fSL https://openresty.org/download/openresty-${RESTY_SRC_VERSION}.tar.gz -o openresty-${RESTY_SRC_VERSION}.tar.gz' returned a non-zero code: 6
以为是curl版本问题或者是resole.conf中dns设置问题,修改后问题依旧
通过在机器中执行命令,发现是可以成功下载的 curl -fSL https://openresty.org/download/openresty-1.19.3.1.tar.gz -o openresty-1.19.3.1.tar.gz
突然想到应该是docker容器内部访问的网络问题,于是重启 docker重新执行编译,问题解决
systemctl restart docker