sean – Page 15 – 一江春水向东流

未分类

jenkins更改admin密码

找了半天，从页面上没找着修改admin超级管理员密码的地方，只能从配置文件着手了： Jenkins 配置文件存放在用户目录下.jenkins中例如root用户在路径 /root/.jenkins/ 其他用户在 /home/user/.jenkins/ cd /root/.jenkins/ 在 .jenkins目录下有一个users目录，存放用户信息 cd users user目录下找到你的帐号目录，例如你的登录帐号是admin，那么目录就是admin cd admin 该目录下有个config.xml文件

<?xml version='1.0' encoding='UTF-8'?>
<user>
  <fullName>admin</fullName>
  <properties>
    <jenkins.security.ApiTokenProperty>
      <apiToken>{AQAAABAAAAAwJXQ1lUdLbUrkaBQDoYajaS1pPTsw6PnANuI+HWeG5ZqyWTY+yAB5+NzlaJYcIx9yuGurOnl8hVNUn7sRR5c99A==}</apiToken>
    </jenkins.security.ApiTokenProperty>
    <hudson.model.MyViewsProperty>
      <views>
        <hudson.model.AllView>
          <owner class="hudson.model.MyViewsProperty" reference="../../.."/>
          <name>All</name>
          <filterExecutors>false</filterExecutors>
          <filterQueue>false</filterQueue>
          <properties class="hudson.model.View$PropertyList"/>
        </hudson.model.AllView>
      </views>
    </hudson.model.MyViewsProperty>
    <hudson.model.PaneStatusProperties>
      <collapsed/>
    </hudson.model.PaneStatusProperties>
    <hudson.search.UserSearchProperty>
      <insensitiveSearch>false</insensitiveSearch>
    </hudson.search.UserSearchProperty>
    <hudson.security.HudsonPrivateSecurityRealm_-Details>
      <passwordHash>#jbcrypt:$2a$12$4OqwS9bCDIh3YHsYo5ApJeEqedGF5ehgK1Ei0T1F2E6p6J1c8EhTu</passwordHash>
    </hudson.security.HudsonPrivateSecurityRealm_-Details>
    <jenkins.security.LastGrantedAuthoritiesProperty>
      <roles>
        <string>authenticated</string>
      </roles>
      <timestamp>1508771221297</timestamp>
    </jenkins.security.LastGrantedAuthoritiesProperty>
  </properties>
</user>

<?xml version='1.0' encoding='UTF-8'?>

<user>

<fullName>admin</fullName>

<jenkins.security.ApiTokenProperty>

<apiToken>{AQAAABAAAAAwJXQ1lUdLbUrkaBQDoYajaS1pPTsw6PnANuI+HWeG5ZqyWTY+yAB5+NzlaJYcIx9yuGurOnl8hVNUn7sRR5c99A==}</apiToken>

</jenkins.security.ApiTokenProperty>

<hudson.model.MyViewsProperty>

<views>

<hudson.model.AllView>

<filterExecutors>false</filterExecutors>

<filterQueue>false</filterQueue>

</hudson.model.AllView>

</views>

</hudson.model.MyViewsProperty>

<hudson.model.PaneStatusProperties>

</hudson.model.PaneStatusProperties>

<hudson.search.UserSearchProperty>

<insensitiveSearch>false</insensitiveSearch>

</hudson.search.UserSearchProperty>

<hudson.security.HudsonPrivateSecurityRealm_-Details>

<passwordHash>#jbcrypt:$2a$12$4OqwS9bCDIh3YHsYo5ApJeEqedGF5ehgK1Ei0T1F2E6p6J1c8EhTu</passwordHash>

</hudson.security.HudsonPrivateSecurityRealm_-Details>

<jenkins.security.LastGrantedAuthoritiesProperty>

<roles>

<string>authenticated</string>

</roles>

</jenkins.security.LastGrantedAuthoritiesProperty>

</properties>

</user>

passwordHash 字段存放的是加密过后的密码 Jenkins的密码采用的是Java加解密工具 jBCrypt，我也是第一次接触到这种加密方式，实在被他惊叹到了！这种加密方式每次加密同一个明文竟然都是得到不一样的结果，那他又是通过怎样的方式来解密的呢？原来，他拿着用户的明文，和存储的密文去重新生成一串密文去判断。总结如下，它有以下特点：关于bcrypt： 1、bcrypt是不可逆的加密算法，无法通过解密密文得到明文。 2、bcrypt和其他对称或非对称加密方式不同的是，不是直接解密得到明文，也不是二次加密比较密文，而是把明文和存储的密文一块运算得到另一个密文，如果这两个密文相同则验证成功。下面，用python生成加密后的密码：

#安装bcrypt
pip install bcrypt
生成加密密码：
bcrypt.hashpw("mypassword".encode('utf-8'), bcrypt.gensalt(prefix=b'2a')).decode('utf-8')

#安装bcrypt

pip install bcrypt

生成加密密码：

bcrypt.hashpw("mypassword".encode('utf-8'), bcrypt.gensalt(prefix=b'2a')).decode('utf-8')

修改 #jbcrypt:$2a$12$4OqwS9bCDIh3YHsYo5ApJeEqedGF5ehgK1Ei0T1F2E6p6J1c8EhTu 为 #jbcrypt:$2a$12$ldO4lUKecFxyMTgSntrVNuyaeRBIhN1onQvpXf2fQ1asnV6mkESBi 最后重启jenkins 注：在python2里测试生成加密字符串的过程没有问题，但是在python3会报如下错误：

Unicode-objects must be encoded before hashing

1	Unicode-objects must be encoded before hashing

查找了下原因，是因为python3里，字符串有str和bytes两种形态，所以需要改成

bcrypt.hashpw(password2.encode(<span class="hljs-string">'utf-8'</span>), bcrypt.gensalt()).decode(<span class="hljs-string">'utf-8'</span>)

1	bcrypt.hashpw(password2.encode(<span class="hljs-string">'utf-8'</span>), bcrypt.gensalt()).decode(<span class="hljs-string">'utf-8'</span>)

另外，bcrypt有多种标准，我们需要的是2a，所以还要改成：

bcrypt.hashpw(password2.encode(<span class="hljs-string">'utf-8'</span>), bcrypt.gensalt(prefix=<span class="hljs-string">b'2a'</span>)).decode(<span class="hljs-string">'utf-8'</span>)

1	bcrypt.hashpw(password2.encode(<span class="hljs-string">'utf-8'</span>), bcrypt.gensalt(prefix=<span class="hljs-string">b'2a'</span>)).decode(<span class="hljs-string">'utf-8'</span>)

这样就得到正确结果了。

By sean, 6 years08/31/2018 ago

未分类

nginx反向代理和 ip重定向到域名配置

配置说明： 1 访问test.cn将会跳转到test.cn/cms。并重新匹配server里面的规则 2 将前端用户访问test.cn/cms 页面转发到 http://172.16.20.1:8080/cms/ 并且前端显示为test.cn/cms 3 将前端用户访问test.cn/u 页面转发到 http://172.16.20.2:8080/u/ 并且前端显示为test.cn/u 4 将前端用户访问‘test.cn/任意6个字符或者数字’ 页面转发到a.b.c/前端输入的任意6个字符或者数字。并且前端显示为‘test.cn/任意6个字符或者数字’ 5 将前端用户访问的163.177.111.111重定向到test.cn 并且前端显示为test.cn。如果用户输入163.177.111.111/test 页面会重定向到test.cn/test 6 将域名重定向到ip+端口的形式访问

server {
        listen       80;
        server_name  test.cn;
        rewrite ^/$  http://test.cn/cms;
        location ^~ /cms/ {
                proxy_redirect off;
                proxy_set_header   Host    $host; 
                proxy_set_header   X-Real-IP   $remote_addr; 
                proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for; 
                proxy_pass http://172.16.20.1:8080/cms/;
                   }
        location ^~ /u/ {
                proxy_redirect off;
                proxy_set_header   Host    $host;
                proxy_set_header   X-Real-IP   $remote_addr;
                proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass http://172.16.20.2:8080/u/;
                   }
         location ^~ /([A-Za-z0-9]\{6\}) {
                proxy_redirect off;
                proxy_set_header   Host    $host;
                proxy_set_header   X-Real-IP   $remote_addr;
                proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass http://a.b.c/$1;
                   }
         location  / {
                proxy_redirect off;
                proxy_set_header   Host    $host;
                proxy_set_header   X-Real-IP   $remote_addr;
                proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass http://172.16.20.3;
                   }
        }
        
server {
        listen       80;
        server_name  163.177.111.111;
        rewrite ^(.*)  test.cn #将ip重定向到域名 
           }

server {
        listen 80;
        server_name www.yuming.com;
        rewrite ^(.*) http://103.111.111.3:8111$1;
           }

server {

listen 80;

server_name test.cn;

rewrite ^/$ http://test.cn/cms;

location ^~ /cms/ {

proxy_redirect off;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_pass http://172.16.20.1:8080/cms/;

}

location ^~ /u/ {

proxy_redirect off;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_pass http://172.16.20.2:8080/u/;

}

location ^~ /([A-Za-z0-9]\{6\}) {

proxy_redirect off;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_pass http://a.b.c/$1;

}

location / {

proxy_redirect off;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_pass http://172.16.20.3;

}

server {

listen 80;

server_name 163.177.111.111;

rewrite ^(.*) test.cn #将ip重定向到域名

}

server {

listen 80;

server_name www.yuming.com;

rewrite ^(.*) http://103.111.111.3:8111$1;

}

By sean, 6 years08/31/2018 ago

未分类

nginx编译安装

Yum安装的nginx模块不全，有时需要编译安装，在centos7上编译安装前，需要安装一些依赖包，命令是：

yum  install  gcc  gcc-c++  pcre  pcre-devel openssl  openssl-devel gd-devel

1	yum install gcc gcc-c++ pcre pcre-devel openssl openssl-devel gd-devel

可能会提示pcre已经装过或存在多重版本，则可以去掉pcre 之后进入Nginx源码目录，进行安装：

./configure --prefix=/opt/nginx --with-http_ssl_module --with-http_image_filter_module --with-http_sub_module --with-http_secure_link_module --with-pcre --with-cc-opt='-O3 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' --with-ld-opt=-Wl,-E --with-http_realip_module --with-http_gzip_static_module --with-http_stub_status_module --with-ld-opt=-Wl,-rpath,/path/to/luajit-or-lua/lib --with-http_stub_status_module --with-stream
make && make install

./configure --prefix=/opt/nginx --with-http_ssl_module --with-http_image_filter_module --with-http_sub_module --with-http_secure_link_module --with-pcre --with-cc-opt='-O3 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' --with-ld-opt=-Wl,-E --with-http_realip_module --with-http_gzip_static_module --with-http_stub_status_module --with-ld-opt=-Wl,-rpath,/path/to/luajit-or-lua/lib --with-http_stub_status_module --with-stream

make && make install

By sean, 7 years08/08/2018 ago

未分类

openvpn一键安装脚本

openvpn一键安装脚本：

#!/bin/bash
#
# https://github.com/Nyr/openvpn-install
#
# Copyright (c) 2013 Nyr. Released under the MIT License.


# Detect Debian users running the script with "sh" instead of bash
if readlink /proc/$$/exe | grep -q "dash"; then
	echo "This script needs to be run with bash, not sh"
	exit
fi

if [[ "$EUID" -ne 0 ]]; then
	echo "Sorry, you need to run this as root"
	exit
fi

if [[ ! -e /dev/net/tun ]]; then
	echo "The TUN device is not available
You need to enable TUN before running this script"
	exit
fi

if [[ -e /etc/debian_version ]]; then
	OS=debian
	GROUPNAME=nogroup
	RCLOCAL='/etc/rc.local'
elif [[ -e /etc/centos-release || -e /etc/redhat-release ]]; then
	OS=centos
	GROUPNAME=nobody
	RCLOCAL='/etc/rc.d/rc.local'
else
	echo "Looks like you aren't running this installer on Debian, Ubuntu or CentOS"
	exit
fi

newclient () {
	# Generates the custom client.ovpn
	cp /etc/openvpn/client-common.txt ~/$1.ovpn
	echo "<ca>" >> ~/$1.ovpn
	cat /etc/openvpn/easy-rsa/pki/ca.crt >> ~/$1.ovpn
	echo "</ca>" >> ~/$1.ovpn
	echo "<cert>" >> ~/$1.ovpn
	cat /etc/openvpn/easy-rsa/pki/issued/$1.crt >> ~/$1.ovpn
	echo "</cert>" >> ~/$1.ovpn
	echo "<key>" >> ~/$1.ovpn
	cat /etc/openvpn/easy-rsa/pki/private/$1.key >> ~/$1.ovpn
	echo "</key>" >> ~/$1.ovpn
	echo "<tls-auth>" >> ~/$1.ovpn
	cat /etc/openvpn/ta.key >> ~/$1.ovpn
	echo "</tls-auth>" >> ~/$1.ovpn
}

if [[ -e /etc/openvpn/server.conf ]]; then
	while :
	do
	clear
		echo "Looks like OpenVPN is already installed."
		echo
		echo "What do you want to do?"
		echo "   1) Add a new user"
		echo "   2) Revoke an existing user"
		echo "   3) Remove OpenVPN"
		echo "   4) Exit"
		read -p "Select an option [1-4]: " option
		case $option in
			1) 
			echo
			echo "Tell me a name for the client certificate."
			echo "Please, use one word only, no special characters."
			read -p "Client name: " -e CLIENT
			cd /etc/openvpn/easy-rsa/
			./easyrsa build-client-full $CLIENT nopass
			# Generates the custom client.ovpn
			newclient "$CLIENT"
			echo
			echo "Client $CLIENT added, configuration is available at:" ~/"$CLIENT.ovpn"
			exit
			;;
			2)
			# This option could be documented a bit better and maybe even be simplified
			# ...but what can I say, I want some sleep too
			NUMBEROFCLIENTS=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep -c "^V")
			if [[ "$NUMBEROFCLIENTS" = '0' ]]; then
				echo
				echo "You have no existing clients!"
				exit
			fi
			echo
			echo "Select the existing client certificate you want to revoke:"
			tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | nl -s ') '
			if [[ "$NUMBEROFCLIENTS" = '1' ]]; then
				read -p "Select one client [1]: " CLIENTNUMBER
			else
				read -p "Select one client [1-$NUMBEROFCLIENTS]: " CLIENTNUMBER
			fi
			CLIENT=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | sed -n "$CLIENTNUMBER"p)
			echo
			read -p "Do you really want to revoke access for client $CLIENT? [y/N]: " -e REVOKE
			if [[ "$REVOKE" = 'y' || "$REVOKE" = 'Y' ]]; then
				cd /etc/openvpn/easy-rsa/
				./easyrsa --batch revoke $CLIENT
				EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
				rm -f pki/reqs/$CLIENT.req
				rm -f pki/private/$CLIENT.key
				rm -f pki/issued/$CLIENT.crt
				rm -f /etc/openvpn/crl.pem
				cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem
				# CRL is read with each client connection, when OpenVPN is dropped to nobody
				chown nobody:$GROUPNAME /etc/openvpn/crl.pem
				echo
				echo "Certificate for client $CLIENT revoked!"
			else
				echo
				echo "Certificate revocation for client $CLIENT aborted!"
			fi
			exit
			;;
			3) 
			echo
			read -p "Do you really want to remove OpenVPN? [y/N]: " -e REMOVE
			if [[ "$REMOVE" = 'y' || "$REMOVE" = 'Y' ]]; then
				PORT=$(grep '^port ' /etc/openvpn/server.conf | cut -d " " -f 2)
				PROTOCOL=$(grep '^proto ' /etc/openvpn/server.conf | cut -d " " -f 2)
				if pgrep firewalld; then
					IP=$(firewall-cmd --direct --get-rules ipv4 nat POSTROUTING | grep '\-s 10.8.0.0/24 '"'"'!'"'"' -d 10.8.0.0/24 -j SNAT --to ' | cut -d " " -f 10)
					# Using both permanent and not permanent rules to avoid a firewalld reload.
					firewall-cmd --zone=public --remove-port=$PORT/$PROTOCOL
					firewall-cmd --zone=trusted --remove-source=10.8.0.0/24
					firewall-cmd --permanent --zone=public --remove-port=$PORT/$PROTOCOL
					firewall-cmd --permanent --zone=trusted --remove-source=10.8.0.0/24
					firewall-cmd --direct --remove-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP
					firewall-cmd --permanent --direct --remove-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP
				else
					IP=$(grep 'iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to ' $RCLOCAL | cut -d " " -f 14)
					iptables -t nat -D POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP
					sed -i '/iptables -t nat -A POSTROUTING -s 10.8.0.0\/24 ! -d 10.8.0.0\/24 -j SNAT --to /d' $RCLOCAL
					if iptables -L -n | grep -qE '^ACCEPT'; then
						iptables -D INPUT -p $PROTOCOL --dport $PORT -j ACCEPT
						iptables -D FORWARD -s 10.8.0.0/24 -j ACCEPT
						iptables -D FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
						sed -i "/iptables -I INPUT -p $PROTOCOL --dport $PORT -j ACCEPT/d" $RCLOCAL
						sed -i "/iptables -I FORWARD -s 10.8.0.0\/24 -j ACCEPT/d" $RCLOCAL
						sed -i "/iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT/d" $RCLOCAL
					fi
				fi
				if sestatus 2>/dev/null | grep "Current mode" | grep -q "enforcing" && [[ "$PORT" != '1194' ]]; then
					semanage port -d -t openvpn_port_t -p $PROTOCOL $PORT
				fi
				if [[ "$OS" = 'debian' ]]; then
					apt-get remove --purge -y openvpn
				else
					yum remove openvpn -y
				fi
				rm -rf /etc/openvpn
				rm -f /etc/sysctl.d/30-openvpn-forward.conf
				echo
				echo "OpenVPN removed!"
			else
				echo
				echo "Removal aborted!"
			fi
			exit
			;;
			4) exit;;
		esac
	done
else
	clear
	echo 'Welcome to this OpenVPN "road warrior" installer!'
	echo
	# OpenVPN setup and first user creation
	echo "I need to ask you a few questions before starting the setup."
	echo "You can leave the default options and just press enter if you are ok with them."
	echo
	echo "First, provide the IPv4 address of the network interface you want OpenVPN"
	echo "listening to."
	# Autodetect IP address and pre-fill for the user
	IP=$(ip addr | grep 'inet' | grep -v inet6 | grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | head -1)
	read -p "IP address: " -e -i $IP IP
	# If $IP is a private IP address, the server must be behind NAT
	if echo "$IP" | grep -qE '^(10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.|192\.168)'; then
		echo
		echo "This server is behind NAT. What is the public IPv4 address or hostname?"
		read -p "Public IP address / hostname: " -e PUBLICIP
	fi
	echo
	echo "Which protocol do you want for OpenVPN connections?"
	echo "   1) UDP (recommended)"
	echo "   2) TCP"
	read -p "Protocol [1-2]: " -e -i 1 PROTOCOL
	case $PROTOCOL in
		1) 
		PROTOCOL=udp
		;;
		2) 
		PROTOCOL=tcp
		;;
	esac
	echo
	echo "What port do you want OpenVPN listening to?"
	read -p "Port: " -e -i 1194 PORT
	echo
	echo "Which DNS do you want to use with the VPN?"
	echo "   1) Current system resolvers"
	echo "   2) 1.1.1.1"
	echo "   3) Google"
	echo "   4) OpenDNS"
	echo "   5) Verisign"
	read -p "DNS [1-5]: " -e -i 1 DNS
	echo
	echo "Finally, tell me your name for the client certificate."
	echo "Please, use one word only, no special characters."
	read -p "Client name: " -e -i client CLIENT
	echo
	echo "Okay, that was all I needed. We are ready to set up your OpenVPN server now."
	read -n1 -r -p "Press any key to continue..."
	if [[ "$OS" = 'debian' ]]; then
		apt-get update
		apt-get install openvpn iptables openssl ca-certificates -y
	else
		# Else, the distro is CentOS
		yum install epel-release -y
		yum install openvpn iptables openssl ca-certificates -y
	fi
	# Get easy-rsa
	EASYRSAURL='https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.4/EasyRSA-3.0.4.tgz'
	wget -O ~/easyrsa.tgz "$EASYRSAURL" 2>/dev/null || curl -Lo ~/easyrsa.tgz "$EASYRSAURL"
	tar xzf ~/easyrsa.tgz -C ~/
	mv ~/EasyRSA-3.0.4/ /etc/openvpn/
	mv /etc/openvpn/EasyRSA-3.0.4/ /etc/openvpn/easy-rsa/
	chown -R root:root /etc/openvpn/easy-rsa/
	rm -f ~/easyrsa.tgz
	cd /etc/openvpn/easy-rsa/
	# Create the PKI, set up the CA, the DH params and the server + client certificates
	./easyrsa init-pki
	./easyrsa --batch build-ca nopass
	./easyrsa gen-dh
	./easyrsa build-server-full server nopass
	./easyrsa build-client-full $CLIENT nopass
	EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
	# Move the stuff we need
	cp pki/ca.crt pki/private/ca.key pki/dh.pem pki/issued/server.crt pki/private/server.key pki/crl.pem /etc/openvpn
	# CRL is read with each client connection, when OpenVPN is dropped to nobody
	chown nobody:$GROUPNAME /etc/openvpn/crl.pem
	# Generate key for tls-auth
	openvpn --genkey --secret /etc/openvpn/ta.key
	# Generate server.conf
	echo "port $PORT
proto $PROTOCOL
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt" > /etc/openvpn/server.conf
	echo 'push "redirect-gateway def1 bypass-dhcp"' >> /etc/openvpn/server.conf
	# DNS
	case $DNS in
		1)
		# Locate the proper resolv.conf
		# Needed for systems running systemd-resolved
		if grep -q "127.0.0.53" "/etc/resolv.conf"; then
			RESOLVCONF='/run/systemd/resolve/resolv.conf'
		else
			RESOLVCONF='/etc/resolv.conf'
		fi
		# Obtain the resolvers from resolv.conf and use them for OpenVPN
		grep -v '#' $RESOLVCONF | grep 'nameserver' | grep -E -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | while read line; do
			echo "push \"dhcp-option DNS $line\"" >> /etc/openvpn/server.conf
		done
		;;
		2)
		echo 'push "dhcp-option DNS 1.1.1.1"' >> /etc/openvpn/server.conf
		echo 'push "dhcp-option DNS 1.0.0.1"' >> /etc/openvpn/server.conf
		;;
		3)
		echo 'push "dhcp-option DNS 8.8.8.8"' >> /etc/openvpn/server.conf
		echo 'push "dhcp-option DNS 8.8.4.4"' >> /etc/openvpn/server.conf
		;;
		4)
		echo 'push "dhcp-option DNS 208.67.222.222"' >> /etc/openvpn/server.conf
		echo 'push "dhcp-option DNS 208.67.220.220"' >> /etc/openvpn/server.conf
		;;
		5)
		echo 'push "dhcp-option DNS 64.6.64.6"' >> /etc/openvpn/server.conf
		echo 'push "dhcp-option DNS 64.6.65.6"' >> /etc/openvpn/server.conf
		;;
	esac
	echo "keepalive 10 120
cipher AES-256-CBC
comp-lzo
user nobody
group $GROUPNAME
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem" >> /etc/openvpn/server.conf
	# Enable net.ipv4.ip_forward for the system
	echo 'net.ipv4.ip_forward=1' > /etc/sysctl.d/30-openvpn-forward.conf
	# Enable without waiting for a reboot or service restart
	echo 1 > /proc/sys/net/ipv4/ip_forward
	if pgrep firewalld; then
		# Using both permanent and not permanent rules to avoid a firewalld
		# reload.
		# We don't use --add-service=openvpn because that would only work with
		# the default port and protocol.
		firewall-cmd --zone=public --add-port=$PORT/$PROTOCOL
		firewall-cmd --zone=trusted --add-source=10.8.0.0/24
		firewall-cmd --permanent --zone=public --add-port=$PORT/$PROTOCOL
		firewall-cmd --permanent --zone=trusted --add-source=10.8.0.0/24
		# Set NAT for the VPN subnet
		firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP
		firewall-cmd --permanent --direct --add-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP
	else
		# Needed to use rc.local with some systemd distros
		if [[ "$OS" = 'debian' && ! -e $RCLOCAL ]]; then
			echo '#!/bin/sh -e
exit 0' > $RCLOCAL
		fi
		chmod +x $RCLOCAL
		# Set NAT for the VPN subnet
		iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP
		sed -i "1 a\iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP" $RCLOCAL
		if iptables -L -n | grep -qE '^(REJECT|DROP)'; then
			# If iptables has at least one REJECT rule, we asume this is needed.
			# Not the best approach but I can't think of other and this shouldn't
			# cause problems.
			iptables -I INPUT -p $PROTOCOL --dport $PORT -j ACCEPT
			iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT
			iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
			sed -i "1 a\iptables -I INPUT -p $PROTOCOL --dport $PORT -j ACCEPT" $RCLOCAL
			sed -i "1 a\iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT" $RCLOCAL
			sed -i "1 a\iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT" $RCLOCAL
		fi
	fi
	# If SELinux is enabled and a custom port was selected, we need this
	if sestatus 2>/dev/null | grep "Current mode" | grep -q "enforcing" && [[ "$PORT" != '1194' ]]; then
		# Install semanage if not already present
		if ! hash semanage 2>/dev/null; then
			yum install policycoreutils-python -y
		fi
		semanage port -a -t openvpn_port_t -p $PROTOCOL $PORT
	fi
	# And finally, restart OpenVPN
	if [[ "$OS" = 'debian' ]]; then
		# Little hack to check for systemd
		if pgrep systemd-journal; then
			systemctl restart openvpn@server.service
		else
			/etc/init.d/openvpn restart
		fi
	else
		if pgrep systemd-journal; then
			systemctl restart openvpn@server.service
			systemctl enable openvpn@server.service
		else
			service openvpn restart
			chkconfig openvpn on
		fi
	fi
	# If the server is behind a NAT, use the correct IP address
	if [[ "$PUBLICIP" != "" ]]; then
		IP=$PUBLICIP
	fi
	# client-common.txt is created so we have a template to add further users later
	echo "client
dev tun
proto $PROTOCOL
sndbuf 0
rcvbuf 0
remote $IP $PORT
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
comp-lzo
setenv opt block-outside-dns
key-direction 1
verb 3" > /etc/openvpn/client-common.txt
	# Generates the custom client.ovpn
	newclient "$CLIENT"
	echo
	echo "Finished!"
	echo
	echo "Your client configuration is available at:" ~/"$CLIENT.ovpn"
	echo "If you want to add more clients, you simply need to run this script again!"
fi

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

357

358

359

360

361

362

363

364

365

366

367

368

369

370

371

372

373

374

375

376

377

378

379

380

381

382

383

384

385

386

387

388

389

390

391

392

393

394

395

396

397

398

399

#!/bin/bash

# https://github.com/Nyr/openvpn-install

# Detect Debian users running the script with "sh" instead of bash

if readlink /proc/$$/exe | grep -q "dash"; then

echo "This script needs to be run with bash, not sh"

exit

if [[ "$EUID" -ne 0 ]]; then

echo "Sorry, you need to run this as root"

exit

if [[ ! -e /dev/net/tun ]]; then

echo "The TUN device is not available

You need to enable TUN before running this script"

exit

if [[ -e /etc/debian_version ]]; then

OS=debian

GROUPNAME=nogroup

RCLOCAL='/etc/rc.local'

elif [[ -e /etc/centos-release || -e /etc/redhat-release ]]; then

OS=centos

GROUPNAME=nobody

RCLOCAL='/etc/rc.d/rc.local'

else

echo "Looks like you aren't running this installer on Debian, Ubuntu or CentOS"

exit

newclient () {

# Generates the custom client.ovpn

cp /etc/openvpn/client-common.txt ~/$1.ovpn

echo "<ca>" >> ~/$1.ovpn

cat /etc/openvpn/easy-rsa/pki/ca.crt >> ~/$1.ovpn

echo "</ca>" >> ~/$1.ovpn

echo "<cert>" >> ~/$1.ovpn

cat /etc/openvpn/easy-rsa/pki/issued/$1.crt >> ~/$1.ovpn

echo "</cert>" >> ~/$1.ovpn

echo "<key>" >> ~/$1.ovpn

cat /etc/openvpn/easy-rsa/pki/private/$1.key >> ~/$1.ovpn

echo "</key>" >> ~/$1.ovpn

echo "<tls-auth>" >> ~/$1.ovpn

cat /etc/openvpn/ta.key >> ~/$1.ovpn

echo "</tls-auth>" >> ~/$1.ovpn

}

if [[ -e /etc/openvpn/server.conf ]]; then

while :

clear

echo "Looks like OpenVPN is already installed."

echo

echo "What do you want to do?"

echo " 1) Add a new user"

echo " 2) Revoke an existing user"

echo " 3) Remove OpenVPN"

echo " 4) Exit"

read -p "Select an option [1-4]: " option

case $option in

echo

echo "Tell me a name for the client certificate."

echo "Please, use one word only, no special characters."

read -p "Client name: " -e CLIENT

cd /etc/openvpn/easy-rsa/

./easyrsa build-client-full $CLIENT nopass

# Generates the custom client.ovpn

newclient "$CLIENT"

echo

echo "Client $CLIENT added, configuration is available at:" ~/"$CLIENT.ovpn"

exit

;;

# This option could be documented a bit better and maybe even be simplified

# ...but what can I say, I want some sleep too

NUMBEROFCLIENTS=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep -c "^V")

if [[ "$NUMBEROFCLIENTS" = '0' ]]; then

echo

echo "You have no existing clients!"

exit

echo

echo "Select the existing client certificate you want to revoke:"

tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | nl -s ') '

if [[ "$NUMBEROFCLIENTS" = '1' ]]; then

read -p "Select one client [1]: " CLIENTNUMBER

else

read -p "Select one client [1-$NUMBEROFCLIENTS]: " CLIENTNUMBER

CLIENT=$(tail -n +2 /etc/openvpn/easy-rsa/pki/index.txt | grep "^V" | cut -d '=' -f 2 | sed -n "$CLIENTNUMBER"p)

echo

read -p "Do you really want to revoke access for client $CLIENT? [y/N]: " -e REVOKE

if [[ "$REVOKE" = 'y' || "$REVOKE" = 'Y' ]]; then

cd /etc/openvpn/easy-rsa/

./easyrsa --batch revoke $CLIENT

EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl

rm -f pki/reqs/$CLIENT.req

rm -f pki/private/$CLIENT.key

rm -f pki/issued/$CLIENT.crt

rm -f /etc/openvpn/crl.pem

cp /etc/openvpn/easy-rsa/pki/crl.pem /etc/openvpn/crl.pem

# CRL is read with each client connection, when OpenVPN is dropped to nobody

chown nobody:$GROUPNAME /etc/openvpn/crl.pem

echo

echo "Certificate for client $CLIENT revoked!"

else

echo

echo "Certificate revocation for client $CLIENT aborted!"

exit

;;

echo

read -p "Do you really want to remove OpenVPN? [y/N]: " -e REMOVE

if [[ "$REMOVE" = 'y' || "$REMOVE" = 'Y' ]]; then

PORT=$(grep '^port ' /etc/openvpn/server.conf | cut -d " " -f 2)

PROTOCOL=$(grep '^proto ' /etc/openvpn/server.conf | cut -d " " -f 2)

if pgrep firewalld; then

IP=$(firewall-cmd --direct --get-rules ipv4 nat POSTROUTING | grep '\-s 10.8.0.0/24 '"'"'!'"'"' -d 10.8.0.0/24 -j SNAT --to ' | cut -d " " -f 10)

# Using both permanent and not permanent rules to avoid a firewalld reload.

firewall-cmd --zone=public --remove-port=$PORT/$PROTOCOL

firewall-cmd --zone=trusted --remove-source=10.8.0.0/24

firewall-cmd --permanent --zone=public --remove-port=$PORT/$PROTOCOL

firewall-cmd --permanent --zone=trusted --remove-source=10.8.0.0/24

firewall-cmd --direct --remove-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP

firewall-cmd --permanent --direct --remove-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP

else

IP=$(grep 'iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to ' $RCLOCAL | cut -d " " -f 14)

iptables -t nat -D POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP

sed -i '/iptables -t nat -A POSTROUTING -s 10.8.0.0\/24 ! -d 10.8.0.0\/24 -j SNAT --to /d' $RCLOCAL

if iptables -L -n | grep -qE '^ACCEPT'; then

iptables -D INPUT -p $PROTOCOL --dport $PORT -j ACCEPT

iptables -D FORWARD -s 10.8.0.0/24 -j ACCEPT

iptables -D FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

sed -i "/iptables -I INPUT -p $PROTOCOL --dport $PORT -j ACCEPT/d" $RCLOCAL

sed -i "/iptables -I FORWARD -s 10.8.0.0\/24 -j ACCEPT/d" $RCLOCAL

sed -i "/iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT/d" $RCLOCAL

if sestatus 2>/dev/null | grep "Current mode" | grep -q "enforcing" && [[ "$PORT" != '1194' ]]; then

semanage port -d -t openvpn_port_t -p $PROTOCOL $PORT

if [[ "$OS" = 'debian' ]]; then

apt-get remove --purge -y openvpn

else

yum remove openvpn -y

rm -rf /etc/openvpn

rm -f /etc/sysctl.d/30-openvpn-forward.conf

echo

echo "OpenVPN removed!"

else

echo

echo "Removal aborted!"

exit

;;

4) exit;;

esac

done

else

clear

echo 'Welcome to this OpenVPN "road warrior" installer!'

echo

# OpenVPN setup and first user creation

echo "I need to ask you a few questions before starting the setup."

echo "You can leave the default options and just press enter if you are ok with them."

echo

echo "First, provide the IPv4 address of the network interface you want OpenVPN"

echo "listening to."

# Autodetect IP address and pre-fill for the user

IP=$(ip addr | grep 'inet' | grep -v inet6 | grep -vE '127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | head -1)

read -p "IP address: " -e -i $IP IP

# If $IP is a private IP address, the server must be behind NAT

if echo "$IP" | grep -qE '^(10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.|192\.168)'; then

echo

echo "This server is behind NAT. What is the public IPv4 address or hostname?"

read -p "Public IP address / hostname: " -e PUBLICIP

echo

echo "Which protocol do you want for OpenVPN connections?"

echo " 1) UDP (recommended)"

echo " 2) TCP"

read -p "Protocol [1-2]: " -e -i 1 PROTOCOL

case $PROTOCOL in

PROTOCOL=udp

;;

PROTOCOL=tcp

;;

esac

echo

echo "What port do you want OpenVPN listening to?"

read -p "Port: " -e -i 1194 PORT

echo

echo "Which DNS do you want to use with the VPN?"

echo " 1) Current system resolvers"

echo " 2) 1.1.1.1"

echo " 3) Google"

echo " 4) OpenDNS"

echo " 5) Verisign"

read -p "DNS [1-5]: " -e -i 1 DNS

echo

echo "Finally, tell me your name for the client certificate."

echo "Please, use one word only, no special characters."

read -p "Client name: " -e -i client CLIENT

echo

echo "Okay, that was all I needed. We are ready to set up your OpenVPN server now."

read -n1 -r -p "Press any key to continue..."

if [[ "$OS" = 'debian' ]]; then

apt-get update

apt-get install openvpn iptables openssl ca-certificates -y

else

# Else, the distro is CentOS

yum install epel-release -y

yum install openvpn iptables openssl ca-certificates -y

# Get easy-rsa

EASYRSAURL='https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.4/EasyRSA-3.0.4.tgz'

wget -O ~/easyrsa.tgz "$EASYRSAURL" 2>/dev/null || curl -Lo ~/easyrsa.tgz "$EASYRSAURL"

tar xzf ~/easyrsa.tgz -C ~/

mv ~/EasyRSA-3.0.4/ /etc/openvpn/

mv /etc/openvpn/EasyRSA-3.0.4/ /etc/openvpn/easy-rsa/

chown -R root:root /etc/openvpn/easy-rsa/

rm -f ~/easyrsa.tgz

cd /etc/openvpn/easy-rsa/

# Create the PKI, set up the CA, the DH params and the server + client certificates

./easyrsa init-pki

./easyrsa --batch build-ca nopass

./easyrsa gen-dh

./easyrsa build-server-full server nopass

./easyrsa build-client-full $CLIENT nopass

EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl

# Move the stuff we need

cp pki/ca.crt pki/private/ca.key pki/dh.pem pki/issued/server.crt pki/private/server.key pki/crl.pem /etc/openvpn

# CRL is read with each client connection, when OpenVPN is dropped to nobody

chown nobody:$GROUPNAME /etc/openvpn/crl.pem

# Generate key for tls-auth

openvpn --genkey --secret /etc/openvpn/ta.key

# Generate server.conf

echo "port $PORT

proto $PROTOCOL

dev tun

sndbuf 0

rcvbuf 0

ca ca.crt

cert server.crt

key server.key

dh dh.pem

auth SHA512

tls-auth ta.key 0

topology subnet

server 10.8.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt" > /etc/openvpn/server.conf

echo 'push "redirect-gateway def1 bypass-dhcp"' >> /etc/openvpn/server.conf

# DNS

case $DNS in

# Locate the proper resolv.conf

# Needed for systems running systemd-resolved

if grep -q "127.0.0.53" "/etc/resolv.conf"; then

RESOLVCONF='/run/systemd/resolve/resolv.conf'

else

RESOLVCONF='/etc/resolv.conf'

# Obtain the resolvers from resolv.conf and use them for OpenVPN

grep -v '#' $RESOLVCONF | grep 'nameserver' | grep -E -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | while read line; do

echo "push \"dhcp-option DNS $line\"" >> /etc/openvpn/server.conf

done

;;

echo 'push "dhcp-option DNS 1.1.1.1"' >> /etc/openvpn/server.conf

echo 'push "dhcp-option DNS 1.0.0.1"' >> /etc/openvpn/server.conf

;;

echo 'push "dhcp-option DNS 8.8.8.8"' >> /etc/openvpn/server.conf

echo 'push "dhcp-option DNS 8.8.4.4"' >> /etc/openvpn/server.conf

;;

echo 'push "dhcp-option DNS 208.67.222.222"' >> /etc/openvpn/server.conf

echo 'push "dhcp-option DNS 208.67.220.220"' >> /etc/openvpn/server.conf

;;

echo 'push "dhcp-option DNS 64.6.64.6"' >> /etc/openvpn/server.conf

echo 'push "dhcp-option DNS 64.6.65.6"' >> /etc/openvpn/server.conf

;;

esac

echo "keepalive 10 120

cipher AES-256-CBC

comp-lzo

user nobody

group $GROUPNAME

persist-key

persist-tun

status openvpn-status.log

verb 3

crl-verify crl.pem" >> /etc/openvpn/server.conf

# Enable net.ipv4.ip_forward for the system

echo 'net.ipv4.ip_forward=1' > /etc/sysctl.d/30-openvpn-forward.conf

# Enable without waiting for a reboot or service restart

echo 1 > /proc/sys/net/ipv4/ip_forward

if pgrep firewalld; then

# Using both permanent and not permanent rules to avoid a firewalld

# reload.

# We don't use --add-service=openvpn because that would only work with

# the default port and protocol.

firewall-cmd --zone=public --add-port=$PORT/$PROTOCOL

firewall-cmd --zone=trusted --add-source=10.8.0.0/24

firewall-cmd --permanent --zone=public --add-port=$PORT/$PROTOCOL

firewall-cmd --permanent --zone=trusted --add-source=10.8.0.0/24

# Set NAT for the VPN subnet

firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP

firewall-cmd --permanent --direct --add-rule ipv4 nat POSTROUTING 0 -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP

else

# Needed to use rc.local with some systemd distros

if [[ "$OS" = 'debian' && ! -e $RCLOCAL ]]; then

echo '#!/bin/sh -e

exit 0' > $RCLOCAL

chmod +x $RCLOCAL

# Set NAT for the VPN subnet

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP

sed -i "1 a\iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to $IP" $RCLOCAL

if iptables -L -n | grep -qE '^(REJECT|DROP)'; then

# If iptables has at least one REJECT rule, we asume this is needed.

# Not the best approach but I can't think of other and this shouldn't

# cause problems.

iptables -I INPUT -p $PROTOCOL --dport $PORT -j ACCEPT

iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT

iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

sed -i "1 a\iptables -I INPUT -p $PROTOCOL --dport $PORT -j ACCEPT" $RCLOCAL

sed -i "1 a\iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT" $RCLOCAL

sed -i "1 a\iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT" $RCLOCAL

# If SELinux is enabled and a custom port was selected, we need this

if sestatus 2>/dev/null | grep "Current mode" | grep -q "enforcing" && [[ "$PORT" != '1194' ]]; then

# Install semanage if not already present

if ! hash semanage 2>/dev/null; then

yum install policycoreutils-python -y

semanage port -a -t openvpn_port_t -p $PROTOCOL $PORT

# And finally, restart OpenVPN

if [[ "$OS" = 'debian' ]]; then

# Little hack to check for systemd

if pgrep systemd-journal; then

systemctl restart openvpn@server.service

else

/etc/init.d/openvpn restart

else

if pgrep systemd-journal; then

systemctl restart openvpn@server.service

systemctl enable openvpn@server.service

else

service openvpn restart

chkconfig openvpn on

# If the server is behind a NAT, use the correct IP address

if [[ "$PUBLICIP" != "" ]]; then

IP=$PUBLICIP

# client-common.txt is created so we have a template to add further users later

echo "client

dev tun

proto $PROTOCOL

sndbuf 0

rcvbuf 0

remote $IP $PORT

resolv-retry infinite

nobind

persist-key

persist-tun

remote-cert-tls server

auth SHA512

cipher AES-256-CBC

comp-lzo

setenv opt block-outside-dns

key-direction 1

verb 3" > /etc/openvpn/client-common.txt

# Generates the custom client.ovpn

newclient "$CLIENT"

echo

echo "Finished!"

echo

echo "Your client configuration is available at:" ~/"$CLIENT.ovpn"

echo "If you want to add more clients, you simply need to run this script again!"

By sean, 7 years ago

未分类

Markdown : An error occurred with the Html rendering component

Markdown : An error occurred with the Html rendering component 一，最近因为使用 Markdown 写一点东西，不过下载安装后，并不能正常使用 Markdown下载地址：https://markdownpad.com/download.html 安装以后出现：查了些资料，应该是MarkdownPad 2 在win10下出现HTML 渲染错误(This view has crashed) 的问题. 二，解决方法：安装一个SDK的工具包： Installation：awesomium_v1.6.6_sdk_win 下载地址： http://markdownpad.com/download/awesomium_v1.6.6_sdk_win.exe 安装完成后， Markdown 就可以正常使用了。

By sean, 7 years07/11/2018 ago

未分类

OpenStack删除Cinder盘失败解决办法

OpenStack删除Cinder盘失败解决办法问题 Openstack Mitaka版本，终止了云主机之后，发现无法删除对应的云硬盘，删除提示报错为云硬盘的状态不是错误或者可用状态思路 1 切换至admin用户，进入数据库手动更新云硬盘的状态至错误状态 2 针对lvm，可以用命令lvdisplay列出所有卷的信息，如果现在应用命令lvremove来删除相应的卷，则会提示要删除的卷正在使用中，所以我们使用命令lsof查看相应卷所占用的进程，然后kill这个进程； 3 应用命令lvremove来删除相应的卷. 这里只针对第一种方法实践操作查看云硬盘状态:

cinder list | grep error

1	cinder list \| grep error

命令行删除，提示报错说还有依赖的快照 cinder delete XXX

Delete for volume XXX failed: Invalid volume: Volume still has 1 dependent snapshots. (HTTP 400) 
(Request-ID: req-5ba025fb-5a61-422b-b00a-556e19083bd5)
ERROR: Unable to delete any of the specified volumes.

Delete for volume XXX failed: Invalid volume: Volume still has 1 dependent snapshots. (HTTP 400)

(Request-ID: req-5ba025fb-5a61-422b-b00a-556e19083bd5)

ERROR: Unable to delete any of the specified volumes.

方法有很多，这里介绍一种简单的。采取暴力手段，进入元数据库。 show databases; use cinder; show tables; select找到出错的数据删除元数据库中的数据,不过不能简单得把这个cinder盘的数据删除，以为数据库有外键依赖，而是要把cinder盘的error—deleting改成deleted 再次查看云硬盘状态：发现已经成功得删除了出错的cinder盘总结： 1、删除的时候注意id和volume-id两个字段，不要弄混掉了； 2、测试环境，暴力解决问题还是不太好，注意检查日志来对症下药。 3、不要简单得去删除表中数据，而是需要更改状态

By sean, 7 years03/23/2018 ago

未分类

kolla之reconfigure

kolla的配置管理主要是管理openstack service config文件；主要实现是

kolla-ansible reconfigure

1	kolla-ansible reconfigure

reconfigure 使用下面以1个例子来演示下修改nova.conf,重启相关服务在部署节点新建／etc/kolla/config/nova/nova.conf

### 修改rpc_response超时时间
vim ／etc/kolla/config/nova/nova.conf
rpc_response_timeout = 350
## 执行reconfigure
kolla-ansible reconfigure

### 修改rpc_response超时时间

vim ／etc/kolla/config/nova/nova.conf

rpc_response_timeout = 350

## 执行reconfigure

kolla-ansible reconfigure

reconfigure 代码流程 kolla-ansible 的核心代码在ansible实现的先介绍下ansible role是什么？如何使用先看看下面nova role的代码目录

[root@control01 ansible]# tree -d
.
├── action_plugins
├── group_vars
├── inventory
├── library
└── roles
    ├── nova
    │   ├── defaults
    │   ├── handlers
    │   ├── meta
    │   ├── tasks
    │   └── templates
    .  
    .
    .

[root@control01 ansible]# tree -d

├── action_plugins

├── group_vars

├── inventory

├── library

└── roles

├── nova

│ ├── defaults

│ ├── handlers

│ ├── meta

│ ├── tasks

│ └── templates

ansible role是什么？ Ansible Role 是一种分类 & 重用的概念，透过将 vars, tasks, files, templates, handler … 等等根据不同的目的(例如：nova、glance、cinder)，规划后至于独立目录中，后续便可以利用 include 的概念來使用。若同样是 include 的概念，那 role 跟 include 之间不一样的地方又是在哪里呢? 答案是：role 的 include 机制是自动的! 我們只要事前將 role Read more…

By sean, 7 years01/30/2018 ago

未分类

基于官方镜像制作tomcat-alpine镜像

由于此镜像内要求安装glibc，用于在镜像内支持docker命令，下面是网上搜索到的一个Dockerfile配置:

FROM alpine:latest
MAINTAINER Moritz Heiber <hello@heiber.im>

ENV JAVA_VERSION_MAJOR=8 \
    JAVA_VERSION_MINOR=73 \
    JAVA_VERSION_BUILD=02 \
    JAVA_PACKAGE=server-jre \
    GLIBC_PKG_VERSION=2.23-r1 \
    LANG=en_US.UTF8

WORKDIR /tmp

RUN apk add --no-cache --update-cache curl ca-certificates bash && \
  curl -Lo /etc/apk/keys/andyshinn.rsa.pub "https://github.com/andyshinn/alpine-pkg-glibc/releases/download/${GLIBC_PKG_VERSION}/andyshinn.rsa.pub" && \
  curl -Lo glibc-${GLIBC_PKG_VERSION}.apk "https://github.com/andyshinn/alpine-pkg-glibc/releases/download/${GLIBC_PKG_VERSION}/glibc-${GLIBC_PKG_VERSION}.apk" && \
  curl -Lo glibc-bin-${GLIBC_PKG_VERSION}.apk "https://github.com/andyshinn/alpine-pkg-glibc/releases/download/${GLIBC_PKG_VERSION}/glibc-bin-${GLIBC_PKG_VERSION}.apk" && \
  curl -Lo glibc-i18n-${GLIBC_PKG_VERSION}.apk "https://github.com/andyshinn/alpine-pkg-glibc/releases/download/${GLIBC_PKG_VERSION}/glibc-i18n-${GLIBC_PKG_VERSION}.apk" && \
  apk add glibc-${GLIBC_PKG_VERSION}.apk glibc-bin-${GLIBC_PKG_VERSION}.apk glibc-i18n-${GLIBC_PKG_VERSION}.apk && \
  curl -jksSLH "Cookie: oraclelicense=accept-securebackup-cookie" \
  "http://download.oracle.com/otn-pub/java/jdk/${JAVA_VERSION_MAJOR}u${JAVA_VERSION_MINOR}-b${JAVA_VERSION_BUILD}/${JAVA_PACKAGE}-${JAVA_VERSION_MAJOR}u${JAVA_VERSION_MINOR}-linux-x64.tar.gz" | gunzip -c - | tar -xf - && \
  apk del curl ca-certificates && \
  mv jdk1.${JAVA_VERSION_MAJOR}.0_${JAVA_VERSION_MINOR}/jre /jre && \
  rm /jre/bin/jjs && \
  rm /jre/bin/keytool && \
  rm /jre/bin/orbd && \
  rm /jre/bin/pack200 && \
  rm /jre/bin/policytool && \
  rm /jre/bin/rmid && \
  rm /jre/bin/rmiregistry && \
  rm /jre/bin/servertool && \
  rm /jre/bin/tnameserv && \
  rm /jre/bin/unpack200 && \
  rm /jre/lib/ext/nashorn.jar && \
  rm /jre/lib/jfr.jar && \
  rm -rf /jre/lib/jfr && \
  rm -rf /jre/lib/oblique-fonts && \
  rm -rf /tmp/* /var/cache/apk/* && \
  echo 'hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4' >> /etc/nsswitch.conf

ENV JAVA_HOME=/jre
ENV PATH=${PATH}:${JAVA_HOME}/bin

FROM alpine:latest

MAINTAINER Moritz Heiber <hello@heiber.im>

ENV JAVA_VERSION_MAJOR=8 \

JAVA_VERSION_MINOR=73 \

JAVA_VERSION_BUILD=02 \

JAVA_PACKAGE=server-jre \

GLIBC_PKG_VERSION=2.23-r1 \

LANG=en_US.UTF8

WORKDIR /tmp

RUN apk add --no-cache --update-cache curl ca-certificates bash && \

curl -Lo /etc/apk/keys/andyshinn.rsa.pub "https://github.com/andyshinn/alpine-pkg-glibc/releases/download/${GLIBC_PKG_VERSION}/andyshinn.rsa.pub" && \

curl -Lo glibc-${GLIBC_PKG_VERSION}.apk "https://github.com/andyshinn/alpine-pkg-glibc/releases/download/${GLIBC_PKG_VERSION}/glibc-${GLIBC_PKG_VERSION}.apk" && \

curl -Lo glibc-bin-${GLIBC_PKG_VERSION}.apk "https://github.com/andyshinn/alpine-pkg-glibc/releases/download/${GLIBC_PKG_VERSION}/glibc-bin-${GLIBC_PKG_VERSION}.apk" && \

curl -Lo glibc-i18n-${GLIBC_PKG_VERSION}.apk "https://github.com/andyshinn/alpine-pkg-glibc/releases/download/${GLIBC_PKG_VERSION}/glibc-i18n-${GLIBC_PKG_VERSION}.apk" && \

apk add glibc-${GLIBC_PKG_VERSION}.apk glibc-bin-${GLIBC_PKG_VERSION}.apk glibc-i18n-${GLIBC_PKG_VERSION}.apk && \

curl -jksSLH "Cookie: oraclelicense=accept-securebackup-cookie" \

"http://download.oracle.com/otn-pub/java/jdk/${JAVA_VERSION_MAJOR}u${JAVA_VERSION_MINOR}-b${JAVA_VERSION_BUILD}/${JAVA_PACKAGE}-${JAVA_VERSION_MAJOR}u${JAVA_VERSION_MINOR}-linux-x64.tar.gz" | gunzip -c - | tar -xf - && \

apk del curl ca-certificates && \

mv jdk1.${JAVA_VERSION_MAJOR}.0_${JAVA_VERSION_MINOR}/jre /jre && \

rm /jre/bin/jjs && \

rm /jre/bin/keytool && \

rm /jre/bin/orbd && \

rm /jre/bin/pack200 && \

rm /jre/bin/policytool && \

rm /jre/bin/rmid && \

rm /jre/bin/rmiregistry && \

rm /jre/bin/servertool && \

rm /jre/bin/tnameserv && \

rm /jre/bin/unpack200 && \

rm /jre/lib/ext/nashorn.jar && \

rm /jre/lib/jfr.jar && \

rm -rf /jre/lib/jfr && \

rm -rf /jre/lib/oblique-fonts && \

rm -rf /tmp/* /var/cache/apk/* && \

echo 'hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4' >> /etc/nsswitch.conf

ENV JAVA_HOME=/jre

ENV PATH=${PATH}:${JAVA_HOME}/bin

由于镜像内下载github很慢，而且下载GLIBC_PKG_VERSION 2.3版本的会报错，在此下载最新版本2.26-r0：

wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.26-r0/sgerrand.rsa.pub

wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.26-r0/glibc-2.26-r0.apk

wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.26-r0/glibc-i18n-2.26-r0.apk

wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.26-r0/glibc-bin-2.26-r0.apk

wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.26-r0/sgerrand.rsa.pub

wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.26-r0/glibc-2.26-r0.apk

wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.26-r0/glibc-i18n-2.26-r0.apk

wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.26-r0/glibc-bin-2.26-r0.apk

下面是我自己的构建脚本。注：构建时需要传参数IMAGE_N=‘all(7.0.88-jre7-alpine 7.0.88-jre8-alpine 8.0.52-jre7-alpine 8.0.52-jre8-alpine 8.5.29-jre8-alpine 9.0.8-jre8-alpine)’ :

#!/bin/bash
set -e
##################
# 生成Dockerfile #
##################
##common:
#安装字体，解决java应用图形验证码不显示的问题：apk --no-cache add ttf-dejavu fontconfig
#安装字体，解决JSP应用图形验证码中文码的问题：
# apk add wqy-zenhei@edge wqy-zenhei --update-cache --repository http://nl.alpinelinux.org/alpine/edge/testing --allow-untrusted
# 修改源：sed -i 's/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/' /etc/apk/repositories 
#    && sed -i 's/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/' /etc/apk/repositories \
#    && echo "http://mirrors.aliyun.com/alpine/v3.4/main" > /etc/apk/repositories \
#    && echo "http://mirrors.aliyun.com/alpine/v3.4/community" >> /etc/apk/repositories \
#安装 telnet: apk add busybox-extras
#printf "options timeout:1 attempts:1 rotate\nnameserver 10.3.15.14\nnameserver 10.3.15.15\n" > /etc/resolv.conf > /dev/null

function build_image() {
    VERSION=$1
    JRE_VERSION=`echo $VERSION | awk -F'-' '{print $2}'`
    JRE_MAJOR=`echo ${JRE_VERSION: -1}`
    #CATALINA_HOME=/usr/local/tomcat
    IMAGE_NAME=$DOCKER_REGISTRY/base/$APP:$VERSION
    Dockerfile="Dockerfile.tomcat$VERSION"
    
    ######## Dockerfile Part 1 ########
    cat > ${BUILD_PATH}/$Dockerfile << EOF
FROM tomcat:$VERSION
MAINTAINER sean <lvsg@yonyou.com>

ENV RESERVED_MEGABYTES=128 \
    LC_ALL="zh_CN.UTF-8" \
    LANG="zh_CN.UTF-8" \
    LANGUAGE="zh_CN:zh" \
    TZ="Asia/Shanghai" \
    GLIBC_PKG_VERSION=2.26-r0 \
    JRE_MAJOR=$JRE_MAJOR
EOF
######## Dockerfile Part 2 ########
  cat >> ${BUILD_PATH}/$Dockerfile <<"EOF"
WORKDIR $CATALINA_HOME

COPY ./glibc $CATALINA_HOME/
RUN set -x \
    && sed -i 's/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/' /etc/apk/repositories \
    && echo 'http://mirrors.ustc.edu.cn/alpine/edge/testing' >> /etc/apk/repositories \
    && apk update \
    && apk add --no-cache --allow-untrusted --update-cache \
               vim \
               busybox-extras \
               curl \
               ca-certificates \
               bash \
               tzdata \
               libtool \
               gcc \
               ttf-dejavu \
               fontconfig \
               wqy-zenhei@edge wqy-zenhei \
    && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
    && echo "Asia/Shanghai" > /etc/timezone \
    \
    && /bin/ln -sf /bin/bash /bin/sh \
    \
    && mv sgerrand.rsa.pub /etc/apk/keys/sgerrand.rsa.pub \
    && apk add glibc-${GLIBC_PKG_VERSION}.apk glibc-bin-${GLIBC_PKG_VERSION}.apk glibc-i18n-${GLIBC_PKG_VERSION}.apk \
    && /bin/rm -rf glibc-* webapps/* \
    \
    && sed -i '/cygwin=false/i\JAVA_OPTS="$JAVA_OPTS -Duser.timezone=GMT+08 -Ddefault.client.encoding=UTF-8 -Dfile.encoding=UTF-8 -Dsun.jnu.encoding=UTF8 -Duser.language=Zh"' \
              $CATALINA_HOME/bin/catalina.sh \
    && sed -i '/tomcat.util.scan.StandardJarScanFilter.jarsToSkip=/a bootstrap.jar,commons-daemon.jar,tomcat-juli.jar,bcprov-*.jar,\\' \
              $CATALINA_HOME/conf/catalina.properties \
    && sed -i 's/<Connector port="8080"/& URIEncoding="UTF-8"/g' $CATALINA_HOME/conf/server.xml \
    && chmod +x /usr/local/tomcat/bin/*.sh \
    \
    && echo 'hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4' >> /etc/nsswitch.conf \
    \
    && rm -rf /tmp/* /var/cache/apk/* \
    && wget -O /usr/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v1.2.1/dumb-init_1.2.1_amd64 \
    && chmod +x /usr/bin/dumb-init

ADD UnlimitedJCEPolicyJDK${JRE_MAJOR}/local_policy.jar $JAVA_HOME/jre/lib/security/
ADD UnlimitedJCEPolicyJDK${JRE_MAJOR}/US_export_policy.jar $JAVA_HOME/jre/lib/security/
COPY ./pinpoint-agent $CATALINA_HOME/pinpoint-agent/
COPY ./entrypoint.sh $CATALINA_HOME/bin/
COPY ./confdownload $CATALINA_HOME/confdownload/
COPY ./confdownload /usr/local/src/confdownload/

VOLUME ["/usr/local/tomcat/logs"]

ENTRYPOINT ["/usr/bin/dumb-init", "--"]
CMD ["bash", "-c", "entrypoint.sh"]
EOF

      #### Build image
    echo "--> Building ${IMAGE_NAME}..."
    docker build --quiet --rm -t $IMAGE_NAME -f $Dockerfile . | grep -v 'Sending build context to Docker daemon'
    if [[ $? == 0 ]]; then
      echo "--> ${IMAGE_NAME} builded successfully."
      docker push $IMAGE_NAME 1>/dev/null
      echo "--> ${IMAGE_NAME} pushed successfully."
    fi
}

main() {
  cd $BUILD_PATH
  if [[ $VERSION =~ all(.*) ]]; then 
      VERSION=`echo $VERSION | awk -F'(' '{print $2}'|cut -d ")" -f1`
  fi
  for v in $VERSION; do
      build_image $v
  done
}

main

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

#!/bin/bash

set -e

##################

# 生成Dockerfile #

##################

##common:

#安装字体，解决java应用图形验证码不显示的问题：apk --no-cache add ttf-dejavu fontconfig

#安装字体，解决JSP应用图形验证码中文码的问题：

# apk add wqy-zenhei@edge wqy-zenhei --update-cache --repository http://nl.alpinelinux.org/alpine/edge/testing --allow-untrusted

# 修改源：sed -i 's/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/' /etc/apk/repositories

# && sed -i 's/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/' /etc/apk/repositories \

# && echo "http://mirrors.aliyun.com/alpine/v3.4/main" > /etc/apk/repositories \

# && echo "http://mirrors.aliyun.com/alpine/v3.4/community" >> /etc/apk/repositories \

#安装 telnet: apk add busybox-extras

#printf "options timeout:1 attempts:1 rotate\nnameserver 10.3.15.14\nnameserver 10.3.15.15\n" > /etc/resolv.conf > /dev/null

function build_image() {

VERSION=$1

JRE_VERSION=`echo $VERSION | awk -F'-' '{print $2}'`

JRE_MAJOR=`echo ${JRE_VERSION: -1}`

#CATALINA_HOME=/usr/local/tomcat

IMAGE_NAME=$DOCKER_REGISTRY/base/$APP:$VERSION

Dockerfile="Dockerfile.tomcat$VERSION"

######## Dockerfile Part 1 ########

cat > ${BUILD_PATH}/$Dockerfile << EOF

FROM tomcat:$VERSION

MAINTAINER sean <lvsg@yonyou.com>

ENV RESERVED_MEGABYTES=128 \

LC_ALL="zh_CN.UTF-8" \

LANG="zh_CN.UTF-8" \

LANGUAGE="zh_CN:zh" \

TZ="Asia/Shanghai" \

GLIBC_PKG_VERSION=2.26-r0 \

JRE_MAJOR=$JRE_MAJOR

EOF

######## Dockerfile Part 2 ########

cat >> ${BUILD_PATH}/$Dockerfile <<"EOF"

WORKDIR $CATALINA_HOME

COPY ./glibc $CATALINA_HOME/

RUN set -x \

&& sed -i 's/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/' /etc/apk/repositories \

&& echo 'http://mirrors.ustc.edu.cn/alpine/edge/testing' >> /etc/apk/repositories \

&& apk update \

&& apk add --no-cache --allow-untrusted --update-cache \

vim \

busybox-extras \

curl \

ca-certificates \

bash \

tzdata \

libtool \

gcc \

ttf-dejavu \

fontconfig \

wqy-zenhei@edge wqy-zenhei \

&& ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \

&& echo "Asia/Shanghai" > /etc/timezone \

&& /bin/ln -sf /bin/bash /bin/sh \

&& mv sgerrand.rsa.pub /etc/apk/keys/sgerrand.rsa.pub \

&& apk add glibc-${GLIBC_PKG_VERSION}.apk glibc-bin-${GLIBC_PKG_VERSION}.apk glibc-i18n-${GLIBC_PKG_VERSION}.apk \

&& /bin/rm -rf glibc-* webapps/* \

&& sed -i '/cygwin=false/i\JAVA_OPTS="$JAVA_OPTS -Duser.timezone=GMT+08 -Ddefault.client.encoding=UTF-8 -Dfile.encoding=UTF-8 -Dsun.jnu.encoding=UTF8 -Duser.language=Zh"' \

$CATALINA_HOME/bin/catalina.sh \

&& sed -i '/tomcat.util.scan.StandardJarScanFilter.jarsToSkip=/a bootstrap.jar,commons-daemon.jar,tomcat-juli.jar,bcprov-*.jar,\\' \

$CATALINA_HOME/conf/catalina.properties \

&& sed -i 's/<Connector port="8080"/& URIEncoding="UTF-8"/g' $CATALINA_HOME/conf/server.xml \

&& chmod +x /usr/local/tomcat/bin/*.sh \

&& echo 'hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4' >> /etc/nsswitch.conf \

&& rm -rf /tmp/* /var/cache/apk/* \

&& wget -O /usr/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v1.2.1/dumb-init_1.2.1_amd64 \

&& chmod +x /usr/bin/dumb-init

ADD UnlimitedJCEPolicyJDK${JRE_MAJOR}/local_policy.jar $JAVA_HOME/jre/lib/security/

ADD UnlimitedJCEPolicyJDK${JRE_MAJOR}/US_export_policy.jar $JAVA_HOME/jre/lib/security/

COPY ./pinpoint-agent $CATALINA_HOME/pinpoint-agent/

COPY ./entrypoint.sh $CATALINA_HOME/bin/

COPY ./confdownload $CATALINA_HOME/confdownload/

COPY ./confdownload /usr/local/src/confdownload/

VOLUME ["/usr/local/tomcat/logs"]

ENTRYPOINT ["/usr/bin/dumb-init", "--"]

CMD ["bash", "-c", "entrypoint.sh"]

EOF

#### Build image

echo "--> Building ${IMAGE_NAME}..."

docker build --quiet --rm -t $IMAGE_NAME -f $Dockerfile . | grep -v 'Sending build context to Docker daemon'

if [[ $? == 0 ]]; then

echo "--> ${IMAGE_NAME} builded successfully."

docker push $IMAGE_NAME 1>/dev/null

echo "--> ${IMAGE_NAME} pushed successfully."

}

main() {

cd $BUILD_PATH

if [[ $VERSION =~ all(.*) ]]; then

VERSION=`echo $VERSION | awk -F'(' '{print $2}'|cut -d ")" -f1`

for v in $VERSION; do

build_image $v

done

}

main

其中confdownload 是配置中心，pinpoint-agent是apm监控，entrypoint.sh内容如下：

##!/bin/bash
#[[ -f ${BUILD_PATH}/entrypoint.sh ]] || touch ${BUILD_PATH}/entrypoint.sh
#chmod +x ${BUILD_PATH}/entrypoint.sh
#cat > ${BUILD_PATH}/entrypoint.sh <<"EOF"
#!/bin/bash
#### APM ####
set_apm(){
	if [[ "${PINPOINT_ENABLED}" != "" && "$(echo $PINPOINT_ENABLED | tr [a-z] [A-Z])" == "TRUE" && "$CONTEXT_NAME" != "" ]]; then
        PINPOINT_COLLECTOR_IP=${PINPOINT_COLLECTOR_IP:-10.3.x.x}
		CATALINA_OPTS="$CATALINA_OPTS -javaagent:${CATALINA_HOME}/pinpoint-agent/pinpoint-bootstrap-1.5.1.jar"
		CATALINA_OPTS="$CATALINA_OPTS -Dpinpoint.agentId=${HOST}-${PORT0}"
		CATALINA_OPTS="$CATALINA_OPTS -Dpinpoint.applicationName=${CONTEXT_NAME}"
		CATALINA_STARTUP_FILE="${CATALINA_HOME}/bin/catalina.sh"
		grep '^CATALINA_OPTS=' ${CATALINA_STARTUP_FILE} || sed -i -e "/cygwin=false/i CATALINA_OPTS=\"\$CATALINA_OPTS ${CATALINA_OPTS}\"" ${CATALINA_STARTUP_FILE}
		grep '^CATALINA_OPTS=' ${CATALINA_STARTUP_FILE}

		PINPOINT_CONFIG_FILE="${CATALINA_HOME}/pinpoint-agent/pinpoint.config"

		sed -i -e "s/profiler.collector.ip=127.0.0.1/profiler.collector.ip=${PINPOINT_COLLECTOR_IP}/" ${PINPOINT_CONFIG_FILE}
		grep '^profiler.collector.ip=' ${PINPOINT_CONFIG_FILE}

		# Adjust pointpoint port.
		COLLECTOR_TCP_PORT=${PINPOINT_COLLECTOR_TCP_PORT:-9994}
		let COLLECTOR_STAT_PORT=${COLLECTOR_TCP_PORT}+1
		let COLLECTOR_SPAN_PORT=${COLLECTOR_TCP_PORT}+2

		sed -i -e "s/profiler.collector.tcp.port=.*/profiler.collector.tcp.port=${COLLECTOR_TCP_PORT}/" ${PINPOINT_CONFIG_FILE}
		grep 'profiler.collector.tcp.port=' ${PINPOINT_CONFIG_FILE}

		sed -i -e "s/profiler.collector.stat.port=.*/profiler.collector.stat.port=${COLLECTOR_STAT_PORT}/" ${PINPOINT_CONFIG_FILE}
		grep 'profiler.collector.stat.port=' ${PINPOINT_CONFIG_FILE}

		sed -i -e "s/profiler.collector.span.port=.*/profiler.collector.span.port=${COLLECTOR_SPAN_PORT}/" ${PINPOINT_CONFIG_FILE}
		grep 'profiler.collector.span.port=' ${PINPOINT_CONFIG_FILE}

		# Configure log level for log4j
		PINPOINT_LOG_CONFIG_FILE="${CATALINA_HOME}/pinpoint-agent/lib/log4j.xml"
		PINPOINT_LOG_LEVEL=${PINPOINT_LOG_LEVEL:-ERROR}
		sed -i -e "s/DEBUG/${PINPOINT_LOG_LEVEL}/g" ${PINPOINT_LOG_CONFIG_FILE}
	fi
}
#### confcenter ####
confcenter(){
	cffile="$CATALINA_HOME/confdownload/conf/disconf.properties"
	[[ -z $cf_disconf_conf_server_host ]] || sed -i 's#%cf_disconf_conf_server_host%#'$cf_disconf_conf_server_host'#g' $cffile
	[[ -z $cf_disconf_version ]] || sed -i 's#%cf_disconf_version%#'$cf_disconf_version'#g' $cffile
	[[ -z $cf_disconf_app ]] || sed -i 's#%cf_disconf_app%#'$cf_disconf_app'#g' $cffile
	[[ -z $cf_disconf_env ]] || sed -i 's#%cf_disconf_env%#'$cf_disconf_env'#g' $cffile
	[[ -z $cf_disconf_user_define_download_dir ]] || sed -i 's#%cf_disconf_user_define_download_dir%#'$cf_disconf_user_define_download_dir'#g' $cffile
	[[ -z $cf_disconf_user_define_confing_file ]] || sed -i 's#%cf_disconf_user_define_confing_file%#'$cf_disconf_user_define_confing_file'#g' $cffile
	[[ -z $cf_clientAccessKey ]] || sed -i 's#%cf_clientAccessKey%#'$cf_clientAccessKey'#g' $cffile
	[[ -z $cf_clientAccessSecret ]] || sed -i 's#%cf_clientAccessSecret%#'$cf_clientAccessSecret'#g' $cffile
	$CATALINA_HOME/confdownload/confcenterdownload > /dev/null 2>&1
}

#### JVM ####
limit_jvm(){
	limit_in_bytes=$(cat /sys/fs/cgroup/memory/memory.limit_in_bytes)
	# If not default limit_in_bytes in cgroup
	if [ "$limit_in_bytes" -ne "9223372036854771712" ]
	then
	    limit_in_megabytes=$(expr $limit_in_bytes \/ 1048576)
	    heap_size=$(expr $limit_in_megabytes - $RESERVED_MEGABYTES)
	    export JAVA_OPTS="-Xmx${heap_size}m $JAVA_OPTS"
	    echo JAVA_OPTS=$JAVA_OPTS
	fi
}
#### RUN ####
set_apm
confcenter
limit_jvm
exec catalina.sh run
#EOF

##!/bin/bash

#[[ -f ${BUILD_PATH}/entrypoint.sh ]] || touch ${BUILD_PATH}/entrypoint.sh

#chmod +x ${BUILD_PATH}/entrypoint.sh

#cat > ${BUILD_PATH}/entrypoint.sh <<"EOF"

#!/bin/bash

#### APM ####

set_apm(){

if [[ "${PINPOINT_ENABLED}" != "" && "$(echo $PINPOINT_ENABLED | tr [a-z] [A-Z])" == "TRUE" && "$CONTEXT_NAME" != "" ]]; then

PINPOINT_COLLECTOR_IP=${PINPOINT_COLLECTOR_IP:-10.3.x.x}

CATALINA_OPTS="$CATALINA_OPTS -javaagent:${CATALINA_HOME}/pinpoint-agent/pinpoint-bootstrap-1.5.1.jar"

CATALINA_OPTS="$CATALINA_OPTS -Dpinpoint.agentId=${HOST}-${PORT0}"

CATALINA_OPTS="$CATALINA_OPTS -Dpinpoint.applicationName=${CONTEXT_NAME}"

CATALINA_STARTUP_FILE="${CATALINA_HOME}/bin/catalina.sh"

grep '^CATALINA_OPTS=' ${CATALINA_STARTUP_FILE} || sed -i -e "/cygwin=false/i CATALINA_OPTS=\"\$CATALINA_OPTS ${CATALINA_OPTS}\"" ${CATALINA_STARTUP_FILE}

grep '^CATALINA_OPTS=' ${CATALINA_STARTUP_FILE}

PINPOINT_CONFIG_FILE="${CATALINA_HOME}/pinpoint-agent/pinpoint.config"

sed -i -e "s/profiler.collector.ip=127.0.0.1/profiler.collector.ip=${PINPOINT_COLLECTOR_IP}/" ${PINPOINT_CONFIG_FILE}

grep '^profiler.collector.ip=' ${PINPOINT_CONFIG_FILE}

# Adjust pointpoint port.

COLLECTOR_TCP_PORT=${PINPOINT_COLLECTOR_TCP_PORT:-9994}

let COLLECTOR_STAT_PORT=${COLLECTOR_TCP_PORT}+1

let COLLECTOR_SPAN_PORT=${COLLECTOR_TCP_PORT}+2

sed -i -e "s/profiler.collector.tcp.port=.*/profiler.collector.tcp.port=${COLLECTOR_TCP_PORT}/" ${PINPOINT_CONFIG_FILE}

grep 'profiler.collector.tcp.port=' ${PINPOINT_CONFIG_FILE}

sed -i -e "s/profiler.collector.stat.port=.*/profiler.collector.stat.port=${COLLECTOR_STAT_PORT}/" ${PINPOINT_CONFIG_FILE}

grep 'profiler.collector.stat.port=' ${PINPOINT_CONFIG_FILE}

sed -i -e "s/profiler.collector.span.port=.*/profiler.collector.span.port=${COLLECTOR_SPAN_PORT}/" ${PINPOINT_CONFIG_FILE}

grep 'profiler.collector.span.port=' ${PINPOINT_CONFIG_FILE}

# Configure log level for log4j

PINPOINT_LOG_CONFIG_FILE="${CATALINA_HOME}/pinpoint-agent/lib/log4j.xml"

PINPOINT_LOG_LEVEL=${PINPOINT_LOG_LEVEL:-ERROR}

sed -i -e "s/DEBUG/${PINPOINT_LOG_LEVEL}/g" ${PINPOINT_LOG_CONFIG_FILE}

}

#### confcenter ####

confcenter(){

cffile="$CATALINA_HOME/confdownload/conf/disconf.properties"

[[ -z $cf_disconf_conf_server_host ]] || sed -i 's#%cf_disconf_conf_server_host%#'$cf_disconf_conf_server_host'#g' $cffile

[[ -z $cf_disconf_version ]] || sed -i 's#%cf_disconf_version%#'$cf_disconf_version'#g' $cffile

[[ -z $cf_disconf_app ]] || sed -i 's#%cf_disconf_app%#'$cf_disconf_app'#g' $cffile

[[ -z $cf_disconf_env ]] || sed -i 's#%cf_disconf_env%#'$cf_disconf_env'#g' $cffile

[[ -z $cf_disconf_user_define_download_dir ]] || sed -i 's#%cf_disconf_user_define_download_dir%#'$cf_disconf_user_define_download_dir'#g' $cffile

[[ -z $cf_disconf_user_define_confing_file ]] || sed -i 's#%cf_disconf_user_define_confing_file%#'$cf_disconf_user_define_confing_file'#g' $cffile

[[ -z $cf_clientAccessKey ]] || sed -i 's#%cf_clientAccessKey%#'$cf_clientAccessKey'#g' $cffile

[[ -z $cf_clientAccessSecret ]] || sed -i 's#%cf_clientAccessSecret%#'$cf_clientAccessSecret'#g' $cffile

$CATALINA_HOME/confdownload/confcenterdownload > /dev/null 2>&1

}

#### JVM ####

limit_jvm(){

limit_in_bytes=$(cat /sys/fs/cgroup/memory/memory.limit_in_bytes)

# If not default limit_in_bytes in cgroup

if [ "$limit_in_bytes" -ne "9223372036854771712" ]

then

limit_in_megabytes=$(expr $limit_in_bytes \/ 1048576)

heap_size=$(expr $limit_in_megabytes - $RESERVED_MEGABYTES)

export JAVA_OPTS="-Xmx${heap_size}m $JAVA_OPTS"

echo JAVA_OPTS=$JAVA_OPTS

}

#### RUN ####

set_apm

confcenter

limit_jvm

exec catalina.sh run

#EOF

下面是自定义tomcat-jdk的脚本：

#!/bin/bash
set -e
#set -x
##################
# 生成Dockerfile #
##################
##common:
#安装字体，解决java应用图形验证码不显示的问题：apk --no-cache add ttf-dejavu fontconfig
#使用： busybox-extras telnet 10.3.x.x 53
#在线下载dumb-init安装
#&& wget -O /usr/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v1.2.1/dumb-init_1.2.1_amd64 \

#TOMCAT_VERSION="all(6.0.48 7.0.75 7.0.85 8.0.32 8.0.43 8.0.50 8.5.13 8.5.28 9.0.0.M9 9.0.5)"
#JDK_VERSION="all(jdk-7u80-linux-x64 jdk-8u121-linux-x64)"
# FROM docker.io/jeanblanchard/alpine-glibc

function build_image() {
    TOMCAT_VERSION="$1"
    JDK_VERSION="$2"
    TOMCAT_MAJOR=`echo $TOMCAT_VERSION | awk -F'.' '{print $1}'`
    JDK_MAJOR=`echo $JDK_VERSION | awk -F'-' '{print $2}'|cut -d "u" -f1`
    IMAGE_NAME=$DOCKER_REGISTRY/base/$APP:$TOMCAT_MAJOR-jdk$JDK_MAJOR-alpine
    Dockerfile="Dockerfile.tomcat$TOMCAT_VERSION-jdk$JDK_MAJOR"
    ######## Dockerfile Part 1 ########
    cat > ${BUILD_PATH}/$Dockerfile << EOF
FROM alpine:latest

MAINTAINER lvsg "lvsg@yonyou.com"

ENV LANG=en_US.UTF-8 \\
    LANGUAGE=en_US.UTF-8 \\
    LC_CTYPE=en_US.UTF-8 \\
    LC_ALL=en_US.UTF-8 \\
    TOMCAT_MAJOR=$TOMCAT_MAJOR \\
    TOMCAT_VERSION=$TOMCAT_VERSION \\
    JDK_MAJOR=$JDK_MAJOR \\
    JDK_VERSION=$JDK_VERSION \\
    RESERVED_MEGABYTES=128
EOF
    ######## Dockerfile Part 2 ########
    cat >> ${BUILD_PATH}/$Dockerfile <<"EOF"

ENV CATALINA_HOME="/usr/local/tomcat"
ENV JAVA_HOME="/usr/local/java"
ENV JRE_HOME="${JAVA_HOME}/jre" \
    CLASSPATH="$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar" \
    PATH="$PATH:$JAVA_HOME/bin:$CATALINA_HOME/lib:$CATALINA_HOME/bin" \
    TZ="Asia/Shanghai"

RUN mkdir -p "$CATALINA_HOME" \
    && mkdir -p "$JAVA_HOME"
WORKDIR $CATALINA_HOME

COPY ./apache-tomcat-$TOMCAT_VERSION.tar.gz tomcat.tar.gz
COPY ./$JDK_VERSION.tar.gz java.tar.gz
COPY ./dumb-init_1.2.1_amd64 /usr/bin/dumb-init
COPY ./glibc $CATALINA_HOME/
COPY ./glibc/sgerrand.rsa.pub /etc/apk/keys/sgerrand.rsa.pub
COPY ./confdownload $CATALINA_HOME/confdownload/

RUN set -x \
    && sed -i 's/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/' /etc/apk/repositories \
    && echo 'http://mirrors.ustc.edu.cn/alpine/edge/testing' >> /etc/apk/repositories \
	&& apk update \
    && apk add --no-cache --allow-untrusted --update-cache \
               wget \
               curl \
               bash \
               ca-certificates \
               tzdata \
               libtool \
               gcc \
               ttf-dejavu \
               fontconfig \
               busybox-extras \
               wqy-zenhei@edge wqy-zenhei \
               apk-tools \
               
    \
    \
    && ALPINE_GLIBC_BASE_URL="https://github.com/sgerrand/alpine-pkg-glibc/releases/download"  \
    && ALPINE_GLIBC_PACKAGE_VERSION="2.27-r0" \
    && ALPINE_GLIBC_BASE_PACKAGE_FILENAME="glibc-$ALPINE_GLIBC_PACKAGE_VERSION.apk" \
    && ALPINE_GLIBC_BIN_PACKAGE_FILENAME="glibc-bin-$ALPINE_GLIBC_PACKAGE_VERSION.apk" \
    && ALPINE_GLIBC_I18N_PACKAGE_FILENAME="glibc-i18n-$ALPINE_GLIBC_PACKAGE_VERSION.apk" \
    && apk add --no-cache \
        "$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \
        "$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \
        "$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" \
    \
    && rm "/etc/apk/keys/sgerrand.rsa.pub" \
    && /usr/glibc-compat/bin/localedef --force --inputfile POSIX --charmap UTF-8 "$LANG" || true \
    && echo "export LANG=$LANG" > /etc/profile.d/locale.sh \
    \
    && apk del glibc-i18n \
    \
    && rm \
        "$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \
        "$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \
        "$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" \
        sgerrand.rsa.pub \
    \
    \
    && rm -rf /var/cache/apk/* \
    \
    && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
    && echo "Asia/Shanghai" > /etc/timezone \
    \
    && /bin/ln -sf /bin/bash /bin/sh \
	\
    && tar -xvf tomcat.tar.gz --strip-components=1 \
    && tar -xvf java.tar.gz --strip-components=1 -C $JAVA_HOME/ \
    && rm bin/*.bat \
    \
    && rm -rf $JAVA_HOME/*src.zip \
       $JAVA_HOME/lib/missioncontrol \
       $JAVA_HOME/lib/visualvm \
       $JAVA_HOME/lib/*javafx* \
       $JAVA_HOME/jre/lib/ext/jfxrt.jar \
       $JAVA_HOME/jre/bin/javaws \
       $JAVA_HOME/jre/lib/javaws.jar \
       $JAVA_HOME/jre/lib/desktop \
       $JAVA_HOME/jre/plugin \
       $JAVA_HOME/jre/lib/deploy* \
       $JAVA_HOME/jre/lib/*javafx* \
       $JAVA_HOME/jre/lib/*jfx* \
    \
    && rm -rf tomcat.tar.gz* java.tar.gz* \
	\
    && sed -i '/cygwin=false/i\JAVA_OPTS="$JAVA_OPTS -Duser.timezone=GMT+08 -Ddefault.client.encoding=UTF-8 -Dfile.encoding=UTF-8 -Dsun.jnu.encoding=UTF8 -Duser.language=Zh"' \
              $CATALINA_HOME/bin/catalina.sh \
    && sed -i '/tomcat.util.scan.StandardJarScanFilter.jarsToSkip=/a bootstrap.jar,commons-daemon.jar,tomcat-juli.jar,bcprov-*.jar,\\' \
              $CATALINA_HOME/conf/catalina.properties \
    && sed -i 's/<Connector port="8080"/& URIEncoding="UTF-8"/g' $CATALINA_HOME/conf/server.xml \
    && chmod +x /usr/local/tomcat/bin/*.sh \
    && /bin/rm -rf $CATALINA_HOME/webapps/* \
    && chmod +x /usr/bin/dumb-init \
    && mkdir -p /usr/local/src \
    && ln -sf $CATALINA_HOME/confdownload /usr/local/src/confdownload

ADD UnlimitedJCEPolicyJDK${JDK_MAJOR}/local_policy.jar $JAVA_HOME/jre/lib/security/
ADD UnlimitedJCEPolicyJDK${JDK_MAJOR}/US_export_policy.jar $JAVA_HOME/jre/lib/security/
COPY ./pinpoint-agent $CATALINA_HOME/pinpoint-agent/
COPY ./entrypoint.sh $CATALINA_HOME/bin/

VOLUME ["/usr/local/tomcat/logs"]

EXPOSE 8080
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
CMD ["bash", "-c", "entrypoint.sh"]
EOF

      #### Build image
    echo "--> Building ${IMAGE_NAME}..."
    docker build --rm -t $IMAGE_NAME -f $Dockerfile . && docker push $IMAGE_NAME 1>/dev/null
    if [[ $? == 0 ]]; then
      echo "====> ${IMAGE_NAME} Builded and Pushed successfully.<===="
    else
      echo "=====> ${IMAGE_NAME} Builded Or Pushed failed! <===="
      exit 1
    fi
}

main() {
  cd $BUILD_PATH
  #JDK_VERSION="$JDK_VERSION"
  if [[ $TOMCAT_VERSION =~ all(.*) ]]; then 
      TOMCAT_VERSION=`echo $TOMCAT_VERSION | awk -F'(' '{print $2}'|cut -d ")" -f1`
  fi
  if [[ $JDK_VERSION =~ all(.*) ]]; then 
      JDK_VERSION=`echo $JDK_VERSION | awk -F'(' '{print $2}'|cut -d ")" -f1`
  fi
  
  for jdk in $JDK_VERSION; do
      #############不知为何，循环出问题，只能再附下值了##############
      TOMCAT_VERSION="all(6.0.48 7.0.85 8.5.28 9.0.5)"
      TOMCAT_VERSION=`echo $TOMCAT_VERSION | awk -F'(' '{print $2}'|cut -d ")" -f1`
      ###############################################################
      for tomcat in $TOMCAT_VERSION; do
    	 build_image $tomcat $jdk
      done
  done
}

main

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

#!/bin/bash

set -e

#set -x

##################

# 生成Dockerfile #

##################

##common:

#安装字体，解决java应用图形验证码不显示的问题：apk --no-cache add ttf-dejavu fontconfig

#使用： busybox-extras telnet 10.3.x.x 53

#在线下载dumb-init安装

#&& wget -O /usr/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v1.2.1/dumb-init_1.2.1_amd64 \

#TOMCAT_VERSION="all(6.0.48 7.0.75 7.0.85 8.0.32 8.0.43 8.0.50 8.5.13 8.5.28 9.0.0.M9 9.0.5)"

#JDK_VERSION="all(jdk-7u80-linux-x64 jdk-8u121-linux-x64)"

# FROM docker.io/jeanblanchard/alpine-glibc

function build_image() {

TOMCAT_VERSION="$1"

JDK_VERSION="$2"

TOMCAT_MAJOR=`echo $TOMCAT_VERSION | awk -F'.' '{print $1}'`

JDK_MAJOR=`echo $JDK_VERSION | awk -F'-' '{print $2}'|cut -d "u" -f1`

IMAGE_NAME=$DOCKER_REGISTRY/base/$APP:$TOMCAT_MAJOR-jdk$JDK_MAJOR-alpine

Dockerfile="Dockerfile.tomcat$TOMCAT_VERSION-jdk$JDK_MAJOR"

######## Dockerfile Part 1 ########

cat > ${BUILD_PATH}/$Dockerfile << EOF

FROM alpine:latest

MAINTAINER lvsg "lvsg@yonyou.com"

ENV LANG=en_US.UTF-8 \\

LANGUAGE=en_US.UTF-8 \\

LC_CTYPE=en_US.UTF-8 \\

LC_ALL=en_US.UTF-8 \\

TOMCAT_MAJOR=$TOMCAT_MAJOR \\

TOMCAT_VERSION=$TOMCAT_VERSION \\

JDK_MAJOR=$JDK_MAJOR \\

JDK_VERSION=$JDK_VERSION \\

RESERVED_MEGABYTES=128

EOF

######## Dockerfile Part 2 ########

cat >> ${BUILD_PATH}/$Dockerfile <<"EOF"

ENV CATALINA_HOME="/usr/local/tomcat"

ENV JAVA_HOME="/usr/local/java"

ENV JRE_HOME="${JAVA_HOME}/jre" \

CLASSPATH="$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar" \

PATH="$PATH:$JAVA_HOME/bin:$CATALINA_HOME/lib:$CATALINA_HOME/bin" \

TZ="Asia/Shanghai"

RUN mkdir -p "$CATALINA_HOME" \

&& mkdir -p "$JAVA_HOME"

WORKDIR $CATALINA_HOME

COPY ./apache-tomcat-$TOMCAT_VERSION.tar.gz tomcat.tar.gz

COPY ./$JDK_VERSION.tar.gz java.tar.gz

COPY ./dumb-init_1.2.1_amd64 /usr/bin/dumb-init

COPY ./glibc $CATALINA_HOME/

COPY ./glibc/sgerrand.rsa.pub /etc/apk/keys/sgerrand.rsa.pub

COPY ./confdownload $CATALINA_HOME/confdownload/

RUN set -x \

&& sed -i 's/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/' /etc/apk/repositories \

&& echo 'http://mirrors.ustc.edu.cn/alpine/edge/testing' >> /etc/apk/repositories \

&& apk update \

&& apk add --no-cache --allow-untrusted --update-cache \

wget \

curl \

bash \

ca-certificates \

tzdata \

libtool \

gcc \

ttf-dejavu \

fontconfig \

busybox-extras \

wqy-zenhei@edge wqy-zenhei \

apk-tools \

&& ALPINE_GLIBC_BASE_URL="https://github.com/sgerrand/alpine-pkg-glibc/releases/download" \

&& ALPINE_GLIBC_PACKAGE_VERSION="2.27-r0" \

&& ALPINE_GLIBC_BASE_PACKAGE_FILENAME="glibc-$ALPINE_GLIBC_PACKAGE_VERSION.apk" \

&& ALPINE_GLIBC_BIN_PACKAGE_FILENAME="glibc-bin-$ALPINE_GLIBC_PACKAGE_VERSION.apk" \

&& ALPINE_GLIBC_I18N_PACKAGE_FILENAME="glibc-i18n-$ALPINE_GLIBC_PACKAGE_VERSION.apk" \

&& apk add --no-cache \

"$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \

"$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \

"$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" \

&& rm "/etc/apk/keys/sgerrand.rsa.pub" \

&& /usr/glibc-compat/bin/localedef --force --inputfile POSIX --charmap UTF-8 "$LANG" || true \

&& echo "export LANG=$LANG" > /etc/profile.d/locale.sh \

&& apk del glibc-i18n \

&& rm \

"$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \

"$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \

"$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" \

sgerrand.rsa.pub \

&& rm -rf /var/cache/apk/* \

&& ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \

&& echo "Asia/Shanghai" > /etc/timezone \

&& /bin/ln -sf /bin/bash /bin/sh \

&& tar -xvf tomcat.tar.gz --strip-components=1 \

&& tar -xvf java.tar.gz --strip-components=1 -C $JAVA_HOME/ \

&& rm bin/*.bat \

&& rm -rf $JAVA_HOME/*src.zip \

$JAVA_HOME/lib/missioncontrol \

$JAVA_HOME/lib/visualvm \

$JAVA_HOME/lib/*javafx* \

$JAVA_HOME/jre/lib/ext/jfxrt.jar \

$JAVA_HOME/jre/bin/javaws \

$JAVA_HOME/jre/lib/javaws.jar \

$JAVA_HOME/jre/lib/desktop \

$JAVA_HOME/jre/plugin \

$JAVA_HOME/jre/lib/deploy* \

$JAVA_HOME/jre/lib/*javafx* \

$JAVA_HOME/jre/lib/*jfx* \

&& rm -rf tomcat.tar.gz* java.tar.gz* \

&& sed -i '/cygwin=false/i\JAVA_OPTS="$JAVA_OPTS -Duser.timezone=GMT+08 -Ddefault.client.encoding=UTF-8 -Dfile.encoding=UTF-8 -Dsun.jnu.encoding=UTF8 -Duser.language=Zh"' \

$CATALINA_HOME/bin/catalina.sh \

&& sed -i '/tomcat.util.scan.StandardJarScanFilter.jarsToSkip=/a bootstrap.jar,commons-daemon.jar,tomcat-juli.jar,bcprov-*.jar,\\' \

$CATALINA_HOME/conf/catalina.properties \

&& sed -i 's/<Connector port="8080"/& URIEncoding="UTF-8"/g' $CATALINA_HOME/conf/server.xml \

&& chmod +x /usr/local/tomcat/bin/*.sh \

&& /bin/rm -rf $CATALINA_HOME/webapps/* \

&& chmod +x /usr/bin/dumb-init \

&& mkdir -p /usr/local/src \

&& ln -sf $CATALINA_HOME/confdownload /usr/local/src/confdownload

ADD UnlimitedJCEPolicyJDK${JDK_MAJOR}/local_policy.jar $JAVA_HOME/jre/lib/security/

ADD UnlimitedJCEPolicyJDK${JDK_MAJOR}/US_export_policy.jar $JAVA_HOME/jre/lib/security/

COPY ./pinpoint-agent $CATALINA_HOME/pinpoint-agent/

COPY ./entrypoint.sh $CATALINA_HOME/bin/

VOLUME ["/usr/local/tomcat/logs"]

EXPOSE 8080

ENTRYPOINT ["/usr/bin/dumb-init", "--"]

CMD ["bash", "-c", "entrypoint.sh"]

EOF

#### Build image

echo "--> Building ${IMAGE_NAME}..."

docker build --rm -t $IMAGE_NAME -f $Dockerfile . && docker push $IMAGE_NAME 1>/dev/null

if [[ $? == 0 ]]; then

echo "====> ${IMAGE_NAME} Builded and Pushed successfully.<===="

else

echo "=====> ${IMAGE_NAME} Builded Or Pushed failed! <===="

exit 1

}

main() {

cd $BUILD_PATH

#JDK_VERSION="$JDK_VERSION"

if [[ $TOMCAT_VERSION =~ all(.*) ]]; then

TOMCAT_VERSION=`echo $TOMCAT_VERSION | awk -F'(' '{print $2}'|cut -d ")" -f1`

if [[ $JDK_VERSION =~ all(.*) ]]; then

JDK_VERSION=`echo $JDK_VERSION | awk -F'(' '{print $2}'|cut -d ")" -f1`

for jdk in $JDK_VERSION; do

#############不知为何，循环出问题，只能再附下值了##############

TOMCAT_VERSION="all(6.0.48 7.0.85 8.5.28 9.0.5)"

TOMCAT_VERSION=`echo $TOMCAT_VERSION | awk -F'(' '{print $2}'|cut -d ")" -f1`

###############################################################

for tomcat in $TOMCAT_VERSION; do

build_image $tomcat $jdk

done

}

main

tomcat-jre版本：

#!/bin/bash
set -e
##################
# 生成Dockerfile #
##################
##common:
#安装字体，解决java应用图形验证码不显示的问题：apk --no-cache add ttf-dejavu fontconfig
#安装字体，解决JSP应用图形验证码中文码的问题：
# apk add wqy-zenhei@edge wqy-zenhei --update-cache --repository http://nl.alpinelinux.org/alpine/edge/testing --allow-untrusted
# 修改源：sed -i 's/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/' /etc/apk/repositories 
#    && sed -i 's/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/' /etc/apk/repositories \
#    && echo "http://mirrors.aliyun.com/alpine/v3.4/main" > /etc/apk/repositories \
#    && echo "http://mirrors.aliyun.com/alpine/v3.4/community" >> /etc/apk/repositories \
#安装 telnet: apk add busybox-extras
#printf "options timeout:1 attempts:1 rotate\nnameserver 10.3.15.14\nnameserver 10.3.15.15\n" > /etc/resolv.conf > /dev/null
##在线下载dumb-init安装
#    && wget -O /usr/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v1.2.1/dumb-init_1.2.1_amd64 \
#官方的基础镜像也放私有镜像仓库了： FROM ycr.yonyoucloud.com/official/tomcat/tomcat:$VERSION
#语言环境变量
#    LC_ALL="zh_CN.UTF-8" \
#    LANG="zh_CN.UTF-8" \
#    LANGUAGE="zh_CN:zh" \
## Here we install GNU libc (aka glibc) and set en_US.UTF-8 locale as default.
#docker build --build-arg HTTP_PROXY=http://10.3.15.206:8888
function build_image() {
    VERSION=$1
    JRE_VERSION=`echo $VERSION | awk -F'-' '{print $2}'`
    JRE_MAJOR=`echo ${JRE_VERSION: -1}`
    
    TOMCAT_V=`echo $VERSION | awk -F'.' '{print $1}'`
    JRE_V=`echo $VERSION | awk -F'-' '{print $2"-"$3}'`
    TAG="$TOMCAT_V-$JRE_V"
    #CATALINA_HOME=/usr/local/tomcat
    IMAGE_NAME=$DOCKER_REGISTRY/base/$APP:$TAG
    Dockerfile="Dockerfile.tomcat$VERSION"
    
    ######## Dockerfile Part 1 ########
    cat > ${BUILD_PATH}/$Dockerfile << EOF
FROM tomcat:$VERSION
MAINTAINER sean <lvsg@yonyou.com>

ENV RESERVED_MEGABYTES=128 \
    LANG=en_US.UTF-8 \
    LANGUAGE=en_US.UTF-8 \
    LC_CTYPE=en_US.UTF-8 \
    LC_ALL=en_US.UTF-8 \
    TZ="Asia/Shanghai" \
    JRE_MAJOR=$JRE_MAJOR
EOF
######## Dockerfile Part 2 ########
	cat >> ${BUILD_PATH}/$Dockerfile <<"EOF"
WORKDIR $CATALINA_HOME

COPY ./dumb-init_1.2.1_amd64 /usr/bin/dumb-init
COPY ./confdownload $CATALINA_HOME/confdownload/
COPY ./glibc $CATALINA_HOME/
COPY ./glibc/sgerrand.rsa.pub /etc/apk/keys/sgerrand.rsa.pub
RUN set -x \
    && sed -i 's/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/' /etc/apk/repositories \
    && echo 'http://mirrors.ustc.edu.cn/alpine/edge/testing' >> /etc/apk/repositories \
    && apk update \
    && apk add --no-cache --allow-untrusted --update-cache \
               wget \
               vim \
               busybox-extras \
               curl \
               ca-certificates \
               bash \
               tzdata \
               libtool \
               gcc \
               ttf-dejavu \
               fontconfig \
               wqy-zenhei@edge wqy-zenhei \
               apk-tools \
    && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
    && echo "Asia/Shanghai" > /etc/timezone \
    \
    && /bin/ln -sf /bin/bash /bin/sh \
    \
    \
    && ALPINE_GLIBC_BASE_URL="https://github.com/sgerrand/alpine-pkg-glibc/releases/download"  \
    && ALPINE_GLIBC_PACKAGE_VERSION="2.27-r0" \
    && ALPINE_GLIBC_BASE_PACKAGE_FILENAME="glibc-$ALPINE_GLIBC_PACKAGE_VERSION.apk" \
    && ALPINE_GLIBC_BIN_PACKAGE_FILENAME="glibc-bin-$ALPINE_GLIBC_PACKAGE_VERSION.apk" \
    && ALPINE_GLIBC_I18N_PACKAGE_FILENAME="glibc-i18n-$ALPINE_GLIBC_PACKAGE_VERSION.apk" \
    && apk add --no-cache \
        "$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \
        "$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \
        "$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" \
    \
    && rm "/etc/apk/keys/sgerrand.rsa.pub" \
    && /usr/glibc-compat/bin/localedef --force --inputfile POSIX --charmap UTF-8 "$LANG" || true \
    && echo "export LANG=$LANG" > /etc/profile.d/locale.sh \
    \
    && apk del glibc-i18n \
    \
    && rm \
        "$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \
        "$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \
        "$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" \
        sgerrand.rsa.pub \
    \
    \
    && sed -i '/cygwin=false/i\JAVA_OPTS="$JAVA_OPTS -Duser.timezone=GMT+08 -Ddefault.client.encoding=UTF-8 -Dfile.encoding=UTF-8 -Dsun.jnu.encoding=UTF8 -Duser.language=Zh"' \
              $CATALINA_HOME/bin/catalina.sh \
    && sed -i '/tomcat.util.scan.StandardJarScanFilter.jarsToSkip=/a bootstrap.jar,commons-daemon.jar,tomcat-juli.jar,bcprov-*.jar,\\' \
              $CATALINA_HOME/conf/catalina.properties \
    && sed -i 's/<Connector port="8080"/& URIEncoding="UTF-8"/g' $CATALINA_HOME/conf/server.xml \
    && chmod +x /usr/local/tomcat/bin/*.sh \
    \
    && echo 'hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4' >> /etc/nsswitch.conf \
    \
    && /bin/rm -rf /tmp/* /var/cache/apk/* $CATALINA_HOME/webapps/* \
    && chmod +x /usr/bin/dumb-init \
    && mkdir -p /usr/local/src \
    && ln -sf $CATALINA_HOME/confdownload /usr/local/src/confdownload

ADD UnlimitedJCEPolicyJDK${JRE_MAJOR}/local_policy.jar $JAVA_HOME/jre/lib/security/
ADD UnlimitedJCEPolicyJDK${JRE_MAJOR}/US_export_policy.jar $JAVA_HOME/jre/lib/security/
COPY ./pinpoint-agent $CATALINA_HOME/pinpoint-agent/
COPY ./entrypoint.sh $CATALINA_HOME/bin/

VOLUME ["/usr/local/tomcat/logs"]

ENTRYPOINT ["/usr/bin/dumb-init", "--"]
CMD ["bash", "-c", "entrypoint.sh"]
EOF

      #### Build image
    #echo "--> Building ${IMAGE_NAME}..."
    docker build  --rm -t $IMAGE_NAME -f $Dockerfile . && docker push $IMAGE_NAME 1>/dev/null
    if [[ $? == 0 ]]; then
      echo "====> ${IMAGE_NAME} Builded and Pushed successfully.<===="
    else
      echo "====> ${IMAGE_NAME} Builded Or Pushed failed!<===="
      exit 1
    fi
}

main() {
  cd $BUILD_PATH
  if [[ $VERSION =~ all(.*) ]]; then 
      VERSION=`echo $VERSION | awk -F'(' '{print $2}'|cut -d ")" -f1`
  fi
  for v in $VERSION; do
      build_image $v
  done
}

main

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

#!/bin/bash

set -e

##################

# 生成Dockerfile #

##################

##common:

#安装字体，解决java应用图形验证码不显示的问题：apk --no-cache add ttf-dejavu fontconfig

#安装字体，解决JSP应用图形验证码中文码的问题：

# apk add wqy-zenhei@edge wqy-zenhei --update-cache --repository http://nl.alpinelinux.org/alpine/edge/testing --allow-untrusted

# 修改源：sed -i 's/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/' /etc/apk/repositories

# && sed -i 's/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/' /etc/apk/repositories \

# && echo "http://mirrors.aliyun.com/alpine/v3.4/main" > /etc/apk/repositories \

# && echo "http://mirrors.aliyun.com/alpine/v3.4/community" >> /etc/apk/repositories \

#安装 telnet: apk add busybox-extras

#printf "options timeout:1 attempts:1 rotate\nnameserver 10.3.15.14\nnameserver 10.3.15.15\n" > /etc/resolv.conf > /dev/null

##在线下载dumb-init安装

# && wget -O /usr/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v1.2.1/dumb-init_1.2.1_amd64 \

#官方的基础镜像也放私有镜像仓库了： FROM ycr.yonyoucloud.com/official/tomcat/tomcat:$VERSION

#语言环境变量

# LC_ALL="zh_CN.UTF-8" \

# LANG="zh_CN.UTF-8" \

# LANGUAGE="zh_CN:zh" \

## Here we install GNU libc (aka glibc) and set en_US.UTF-8 locale as default.

#docker build --build-arg HTTP_PROXY=http://10.3.15.206:8888

function build_image() {

VERSION=$1

JRE_VERSION=`echo $VERSION | awk -F'-' '{print $2}'`

JRE_MAJOR=`echo ${JRE_VERSION: -1}`

TOMCAT_V=`echo $VERSION | awk -F'.' '{print $1}'`

JRE_V=`echo $VERSION | awk -F'-' '{print $2"-"$3}'`

TAG="$TOMCAT_V-$JRE_V"

#CATALINA_HOME=/usr/local/tomcat

IMAGE_NAME=$DOCKER_REGISTRY/base/$APP:$TAG

Dockerfile="Dockerfile.tomcat$VERSION"

######## Dockerfile Part 1 ########

cat > ${BUILD_PATH}/$Dockerfile << EOF

FROM tomcat:$VERSION

MAINTAINER sean <lvsg@yonyou.com>

ENV RESERVED_MEGABYTES=128 \

LANG=en_US.UTF-8 \

LANGUAGE=en_US.UTF-8 \

LC_CTYPE=en_US.UTF-8 \

LC_ALL=en_US.UTF-8 \

TZ="Asia/Shanghai" \

JRE_MAJOR=$JRE_MAJOR

EOF

######## Dockerfile Part 2 ########

cat >> ${BUILD_PATH}/$Dockerfile <<"EOF"

WORKDIR $CATALINA_HOME

COPY ./dumb-init_1.2.1_amd64 /usr/bin/dumb-init

COPY ./confdownload $CATALINA_HOME/confdownload/

COPY ./glibc $CATALINA_HOME/

COPY ./glibc/sgerrand.rsa.pub /etc/apk/keys/sgerrand.rsa.pub

RUN set -x \

&& sed -i 's/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/' /etc/apk/repositories \

&& echo 'http://mirrors.ustc.edu.cn/alpine/edge/testing' >> /etc/apk/repositories \

&& apk update \

&& apk add --no-cache --allow-untrusted --update-cache \

wget \

vim \

busybox-extras \

curl \

ca-certificates \

bash \

tzdata \

libtool \

gcc \

ttf-dejavu \

fontconfig \

wqy-zenhei@edge wqy-zenhei \

apk-tools \

&& ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \

&& echo "Asia/Shanghai" > /etc/timezone \

&& /bin/ln -sf /bin/bash /bin/sh \

&& ALPINE_GLIBC_BASE_URL="https://github.com/sgerrand/alpine-pkg-glibc/releases/download" \

&& ALPINE_GLIBC_PACKAGE_VERSION="2.27-r0" \

&& ALPINE_GLIBC_BASE_PACKAGE_FILENAME="glibc-$ALPINE_GLIBC_PACKAGE_VERSION.apk" \

&& ALPINE_GLIBC_BIN_PACKAGE_FILENAME="glibc-bin-$ALPINE_GLIBC_PACKAGE_VERSION.apk" \

&& ALPINE_GLIBC_I18N_PACKAGE_FILENAME="glibc-i18n-$ALPINE_GLIBC_PACKAGE_VERSION.apk" \

&& apk add --no-cache \

"$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \

"$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \

"$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" \

&& rm "/etc/apk/keys/sgerrand.rsa.pub" \

&& /usr/glibc-compat/bin/localedef --force --inputfile POSIX --charmap UTF-8 "$LANG" || true \

&& echo "export LANG=$LANG" > /etc/profile.d/locale.sh \

&& apk del glibc-i18n \

&& rm \

"$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \

"$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \

"$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" \

sgerrand.rsa.pub \

&& sed -i '/cygwin=false/i\JAVA_OPTS="$JAVA_OPTS -Duser.timezone=GMT+08 -Ddefault.client.encoding=UTF-8 -Dfile.encoding=UTF-8 -Dsun.jnu.encoding=UTF8 -Duser.language=Zh"' \

$CATALINA_HOME/bin/catalina.sh \

&& sed -i '/tomcat.util.scan.StandardJarScanFilter.jarsToSkip=/a bootstrap.jar,commons-daemon.jar,tomcat-juli.jar,bcprov-*.jar,\\' \

$CATALINA_HOME/conf/catalina.properties \

&& sed -i 's/<Connector port="8080"/& URIEncoding="UTF-8"/g' $CATALINA_HOME/conf/server.xml \

&& chmod +x /usr/local/tomcat/bin/*.sh \

&& echo 'hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4' >> /etc/nsswitch.conf \

&& /bin/rm -rf /tmp/* /var/cache/apk/* $CATALINA_HOME/webapps/* \

&& chmod +x /usr/bin/dumb-init \

&& mkdir -p /usr/local/src \

&& ln -sf $CATALINA_HOME/confdownload /usr/local/src/confdownload

ADD UnlimitedJCEPolicyJDK${JRE_MAJOR}/local_policy.jar $JAVA_HOME/jre/lib/security/

ADD UnlimitedJCEPolicyJDK${JRE_MAJOR}/US_export_policy.jar $JAVA_HOME/jre/lib/security/

COPY ./pinpoint-agent $CATALINA_HOME/pinpoint-agent/

COPY ./entrypoint.sh $CATALINA_HOME/bin/

VOLUME ["/usr/local/tomcat/logs"]

ENTRYPOINT ["/usr/bin/dumb-init", "--"]

CMD ["bash", "-c", "entrypoint.sh"]

EOF

#### Build image

#echo "--> Building ${IMAGE_NAME}..."

docker build --rm -t $IMAGE_NAME -f $Dockerfile . && docker push $IMAGE_NAME 1>/dev/null

if [[ $? == 0 ]]; then

echo "====> ${IMAGE_NAME} Builded and Pushed successfully.<===="

else

echo "====> ${IMAGE_NAME} Builded Or Pushed failed!<===="

exit 1

}

main() {

cd $BUILD_PATH

if [[ $VERSION =~ all(.*) ]]; then

VERSION=`echo $VERSION | awk -F'(' '{print $2}'|cut -d ")" -f1`

for v in $VERSION; do

build_image $v

done

}

main

————————–分隔线 ————————– 最新更新：将此基础镜像脚本提交到了git，重新修改了内容：生成Dockerfile及构建脚本： build.sh

#!/usr/bin/env bash
###################################################
#VERSION format:
# just build one image: build.sh 7.0.85-jdk7-alpine
# following is the way of how to build mutiple versions of images:
# build.sh 7.0.88-jre7-alpine,7.0.88-jre8-alpine,8.0.52-jre7-alpine,8.0.52-jre8-alpine,9.0.8-jre8-alpine, \
# 6.0.48-jdk7-alpine,7.0.85-jdk7-alpine,7.0.85-jdk8-alpine,8.5.28-jdk7-alpine,8.5.28-jdk8-alpine, \
# 9.0.5-jdk7-alpine,9.0.5-jdk8-alpine
# aliyun source
# https://mirrors.aliyun.com/alpine/v3.6/main/
# https://mirrors.aliyun.com/alpine/v3.6/community/
# ustc source
# mirrors.ustc.edu.cn
####################################################
set -e

log_dir="/data/logs/base_images"
[[ -d "$log_dir" ]] || mkdir $log_dir
build_date=`date +%Y-%m-%d_%H-%M-%S`
logfile=${log_dir}/${build_date}.log

function create_dockerfile() {
    VERSION=$1
    TOMCAT_VERSION=`echo $VERSION | awk -F'-' '{print $1}'`
    TOMCAT_MAJOR=`echo $TOMCAT_VERSION | awk -F'.' '{print $1}'`
    JAVA_VERSION=`echo $VERSION | awk -F'-' '{print $2}'`
    JAVA_TYPE=${JAVA_VERSION%%[0-9]*} # 删除字条串中以数字开始的字符及右边所有
    JAVA_MAJOR=`echo ${JAVA_VERSION: -1}`
    CATALINA_HOME=/usr/local/tomcat
    DOCKER_REGISTRY="ycr.yonyoucloud.com"
    TAG_end=`echo $VERSION|cut -d "-" -f2,3`
    TAG="$TOMCAT_MAJOR-$TAG_end"
    IMAGE_NAME="$DOCKER_REGISTRY/base/tomcat:$TAG"
    #IMAGE_NAME="tomcat:$TAG"
    Dockerfile="Dockerfile.tomcat$VERSION"

    ######## Dockerfile Part 1 ########
    if [[ "$JAVA_TYPE" == "jdk" ]]; then
        echo "FROM alpine:latest" > ./$Dockerfile
    else
        echo "FROM $DOCKER_REGISTRY/official/tomcat/tomcat:$VERSION" > ./$Dockerfile
    fi
######## Dockerfile Part 2 ########
    cat >> ./$Dockerfile << EOF
ENV LANG=en_US.UTF-8 \\
    LANGUAGE=en_US.UTF-8 \\
    LC_CTYPE=en_US.UTF-8 \\
    LC_ALL=en_US.UTF-8 \\
    TZ="Asia/Shanghai" \\
    JAVA_MAJOR=$JAVA_MAJOR \\
    BASE_IMAGE=$IMAGE_NAME
EOF

    ########JDK#########
    if [[ "$JAVA_TYPE" == "jdk" ]]; then
        cat >> ./$Dockerfile << EOF
ENV CATALINA_HOME="/usr/local/tomcat" \\
    JAVA_HOME="/usr/local/java" \\
    TOMCAT_VERSION=$TOMCAT_VERSION
EOF
        cat >> ./$Dockerfile << "EOF"
ENV JRE_HOME="${JAVA_HOME}/jre" \
    CLASSPATH="$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar" \
    PATH="$PATH:$JAVA_HOME/bin:$CATALINA_HOME/lib:$CATALINA_HOME/bin"
EOF
    cat >> ./$Dockerfile <<"EOF"
COPY ./jdk/apache-tomcat-$TOMCAT_VERSION.tar.gz $CATALINA_HOME/tomcat.tar.gz
COPY ./jdk/jdk-$JAVA_MAJOR*-linux-x64.tar.gz $CATALINA_HOME/java.tar.gz
EOF
    fi
######## Dockerfile Part 3 ########
    cat >> ./$Dockerfile <<"EOF"
WORKDIR $CATALINA_HOME
COPY ./packages $CATALINA_HOME/packages/

RUN set -x \
    && sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/' /etc/apk/repositories \
    && echo 'http://mirrors.aliyun.com/alpine/edge/testing' >> /etc/apk/repositories \
    && apk update \
    && apk add --no-cache --allow-untrusted --update-cache \
               wget \
               vim \
               openssh-client git perl make less \
               bash bash-doc bash-completion \
               htop iftop \
               tmux fish mdocml-apropos \
               busybox-extras \
               coreutils \
               curl \
               ca-certificates \
               tzdata \
               libtool \
               gcc \
               ttf-dejavu \
               fontconfig \
               wqy-zenhei@edge wqy-zenhei \
               apk-tools \
               netcat-openbsd \
    && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
    && echo "Asia/Shanghai" > /etc/timezone \
    \
    && sed -i -e 's/\/bin\/ash/\/bin\/bash/' /etc/passwd \
    \
    \
    && echo '\
            . /etc/profile ; \
            PS1='\''\[\e[01;33m\][\h \u:\[\e[01;34m\]\w\[\e[01;33m\]]\[\e[00m\]\$ '\'' ; \
            eval `dircolors -b` ; \
            alias ls="ls --color=auto" ; \
            alias l="ls -lah" ; \
            alias ll="ls -lh" ; \
            alias l.="ls -d .* --color=auto" ; \
            alias mv="mv -i" ; \
            alias rm="rm -i" ; \
    ' >> /etc/bash.bashrc \
    && echo '. ~/.bashrc' > /root/.bash_profile \
    && echo '. /etc/bash.bashrc' > /root/.bashrc \
    && echo 'set-option -g default-shell /usr/bin/fish' > /root/.tmux.conf \
    && mkdir -p /root/.config/fish/functions \
    && echo '\
           function fish_prompt ;\
               if not set -q __fish_prompt_hostname ;\
                   set -g __fish_prompt_hostname (hostname) ;\
               end ;\
               set_color -o yellow ;\
               echo -n -s "$USER" @ "$__fish_prompt_hostname" " " ;\
               set_color -o blue ;\
               echo -n (prompt_pwd) ;\
               echo -n " # " ;\
               set_color normal ;\
           end ;\
           \
           alias l="ls -la" ;\
    ' > /root/.config/fish/functions/fish_prompt.fish \
    && ln -sf /usr/bin/fish /bin/sh \
    \
    && echo 'hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4' >> /etc/nsswitch.conf \
    \
    \
    && mkdir -p $JAVA_HOME $CATALINA_HOME /usr/local/src /etc/config/download/ \
    && cp -rf packages/dumb-init_1.2.1_amd64 /usr/bin/dumb-init \
    && cp -rf packages/confdownload $CATALINA_HOME/confdownload/ \
    && cp -rf packages/glibc/sgerrand.rsa.pub /etc/apk/keys/sgerrand.rsa.pub \
    && cp -rf packages/etc/inputrc /etc/inputrc \
    && cp -rf packages/pinpoint-agent $CATALINA_HOME/pinpoint-agent/ \
    && cp -rf packages/java_options.sh /usr/local/bin/ \
    && cp -rf packages/entrypoint.sh /usr/local/bin/ \
    && cp -rf packages/etc/authfile.properties  /etc/config/download/ \
    && cp -rf packages/etc/yhtauthfile.properties  /etc/config/download/ \
    && cp -rf packages/fish_greeting.fish /root/.config/fish/functions/fish_greeting.fish \
    \
    \
    && ALPINE_GLIBC_BASE_DIR="$CATALINA_HOME/packages/glibc"  \
    && ALPINE_GLIBC_PACKAGE_VERSION="2.28-r0" \
    && ALPINE_GLIBC_BASE_PACKAGE_FILENAME="$ALPINE_GLIBC_BASE_DIR/glibc-$ALPINE_GLIBC_PACKAGE_VERSION.apk" \
    && ALPINE_GLIBC_BIN_PACKAGE_FILENAME="$ALPINE_GLIBC_BASE_DIR/glibc-bin-$ALPINE_GLIBC_PACKAGE_VERSION.apk" \
    && ALPINE_GLIBC_I18N_PACKAGE_FILENAME="$ALPINE_GLIBC_BASE_DIR/glibc-i18n-$ALPINE_GLIBC_PACKAGE_VERSION.apk" \
    && apk add --no-cache \
        "$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \
        "$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \
        "$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" \
    \
    && rm "/etc/apk/keys/sgerrand.rsa.pub" \
    && /usr/glibc-compat/bin/localedef --force --inputfile POSIX --charmap UTF-8 "$LANG" || true \
    && echo "export LANG=$LANG" > /etc/profile.d/locale.sh \
    \
    && apk del glibc-i18n \
    \
    \
EOF
    ####for JDK####
    if [[ "$JAVA_TYPE" == "jdk" ]]; then
        cat >> ./$Dockerfile <<"EOF"
    && mkdir -p $JAVA_HOME \
    && tar -xvf tomcat.tar.gz --strip-components=1 \
    && tar -xvf java.tar.gz --strip-components=1 -C $JAVA_HOME/ \
    && rm bin/*.bat \
    \
    && rm -rf $JAVA_HOME/*src.zip \
       $JAVA_HOME/lib/missioncontrol \
       $JAVA_HOME/lib/visualvm \
       $JAVA_HOME/lib/*javafx* \
       $JAVA_HOME/jre/lib/ext/jfxrt.jar \
       $JAVA_HOME/jre/bin/javaws \
       $JAVA_HOME/jre/lib/javaws.jar \
       $JAVA_HOME/jre/lib/desktop \
       $JAVA_HOME/jre/plugin \
       $JAVA_HOME/jre/lib/deploy* \
       $JAVA_HOME/jre/lib/*javafx* \
       $JAVA_HOME/jre/lib/*jfx* \
    \
    && rm -rf tomcat.tar.gz* java.tar.gz* \
    && cp -rf packages/UnlimitedJCEPolicyJDK${JAVA_MAJOR}/local_policy.jar $JAVA_HOME/jre/lib/security/ \
    && cp -rf packages/UnlimitedJCEPolicyJDK${JAVA_MAJOR}/US_export_policy.jar $JAVA_HOME/jre/lib/security/ \
EOF
    else
        cat >> ./$Dockerfile <<"EOF"
    && cp -rf packages/UnlimitedJCEPolicyJDK${JAVA_MAJOR}/local_policy.jar $JAVA_HOME/lib/security/ \
    && cp -rf packages/UnlimitedJCEPolicyJDK${JAVA_MAJOR}/US_export_policy.jar $JAVA_HOME/lib/security/ \

EOF
    fi

    cat >> ./$Dockerfile <<"EOF"
    && echo 'export PATH="$PATH:$JAVA_HOME/bin:$CATALINA_HOME/lib:$CATALINA_HOME/bin"' >> /etc/profile \
    \
    && sed -i '/tomcat.util.scan.StandardJarScanFilter.jarsToSkip=/a bootstrap.jar,commons-daemon.jar,tomcat-juli.jar,bcprov-*.jar,\\' \
              $CATALINA_HOME/conf/catalina.properties \
    && sed -i -e 's/<Connector port="8080"/& URIEncoding="UTF-8"/g' \
              -e '/pattern="%/{s/.*/               pattern="%h %l %u %t \&quot;%r\&quot; %s %b %{X-traceId}i %D" \/>/}' \
                 $CATALINA_HOME/conf/server.xml \
    && sed -i 's@#!/bin/sh@#!/bin/bash@g' $CATALINA_HOME/bin/*.sh \
    \
    \
    && ln -sf $CATALINA_HOME/confdownload /usr/local/src/confdownload \
    && ln -sf /usr/local/bin/java_options.sh $CATALINA_HOME/bin/java_options.sh \
    && ln -sf /usr/local/bin/entrypoint.sh $CATALINA_HOME/bin/entrypoint.sh \
    && chmod +x /usr/bin/dumb-init $CATALINA_HOME/bin/* $CATALINA_HOME/confdownload/* /usr/local/bin/* \
    && /bin/rm -rf /tmp/* /var/cache/apk/* $CATALINA_HOME/webapps/* packages

VOLUME ["/usr/local/tomcat/logs"]
EXPOSE 8080

ENTRYPOINT ["/usr/bin/dumb-init", "--", "entrypoint.sh"]
CMD ["catalina.sh", "run"]
EOF

}

function build_image() {
    #### Build image
    ####for JDK####
    if [[ "$JAVA_TYPE" == "jre" ]]; then
        echo "jdk" > .dockerignore
    else
        echo `ls jdk/apache-tomcat-* | grep -v $TOMCAT_VERSION` | sed 's/ /\n/g'  > .dockerignore
        echo `ls jdk/jdk-* | grep -v ${JAVA_MAJOR}u` | sed 's/ /\n/g'  >> .dockerignore
    fi
    docker build  --rm -t $IMAGE_NAME -f $Dockerfile . && docker push $IMAGE_NAME 1>/dev/null
    if [[ $? == 0 ]]; then
      echo "====> ${IMAGE_NAME} Builded and Pushed successfully.<====" | tee -a ${logfile}
    else
      echo "====> ${IMAGE_NAME} Builded Or Pushed failed!<====" | tee -a ${logfile}
      exit 1
    fi
}

main() {
    echo "==========================Build Info====================================" | tee -a ${logfile}
    echo "--> $build_date Building ${IMAGE_NAME}..." | tee -a ${logfile}
    vs=`echo $VERSIONS|sed 's/,/ /g'`
    for v in `echo $vs`;do
        create_dockerfile $v
        build_image
    done
    echo "==========================##########====================================" | tee -a ${logfile}
}

main
cat ${logfile}

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

#!/usr/bin/env bash

###################################################

#VERSION format:

# just build one image: build.sh 7.0.85-jdk7-alpine

# following is the way of how to build mutiple versions of images:

# build.sh 7.0.88-jre7-alpine,7.0.88-jre8-alpine,8.0.52-jre7-alpine,8.0.52-jre8-alpine,9.0.8-jre8-alpine, \

# 6.0.48-jdk7-alpine,7.0.85-jdk7-alpine,7.0.85-jdk8-alpine,8.5.28-jdk7-alpine,8.5.28-jdk8-alpine, \

# 9.0.5-jdk7-alpine,9.0.5-jdk8-alpine

# aliyun source

# https://mirrors.aliyun.com/alpine/v3.6/main/

# https://mirrors.aliyun.com/alpine/v3.6/community/

# ustc source

# mirrors.ustc.edu.cn

####################################################

set -e

log_dir="/data/logs/base_images"

[[ -d "$log_dir" ]] || mkdir $log_dir

build_date=`date +%Y-%m-%d_%H-%M-%S`

logfile=${log_dir}/${build_date}.log

function create_dockerfile() {

VERSION=$1

TOMCAT_VERSION=`echo $VERSION | awk -F'-' '{print $1}'`

TOMCAT_MAJOR=`echo $TOMCAT_VERSION | awk -F'.' '{print $1}'`

JAVA_VERSION=`echo $VERSION | awk -F'-' '{print $2}'`

JAVA_TYPE=${JAVA_VERSION%%[0-9]*} # 删除字条串中以数字开始的字符及右边所有

JAVA_MAJOR=`echo ${JAVA_VERSION: -1}`

CATALINA_HOME=/usr/local/tomcat

DOCKER_REGISTRY="ycr.yonyoucloud.com"

TAG_end=`echo $VERSION|cut -d "-" -f2,3`

TAG="$TOMCAT_MAJOR-$TAG_end"

IMAGE_NAME="$DOCKER_REGISTRY/base/tomcat:$TAG"

#IMAGE_NAME="tomcat:$TAG"

Dockerfile="Dockerfile.tomcat$VERSION"

######## Dockerfile Part 1 ########

if [[ "$JAVA_TYPE" == "jdk" ]]; then

echo "FROM alpine:latest" > ./$Dockerfile

else

echo "FROM $DOCKER_REGISTRY/official/tomcat/tomcat:$VERSION" > ./$Dockerfile

######## Dockerfile Part 2 ########

cat >> ./$Dockerfile << EOF

ENV LANG=en_US.UTF-8 \\

LANGUAGE=en_US.UTF-8 \\

LC_CTYPE=en_US.UTF-8 \\

LC_ALL=en_US.UTF-8 \\

TZ="Asia/Shanghai" \\

JAVA_MAJOR=$JAVA_MAJOR \\

BASE_IMAGE=$IMAGE_NAME

EOF

########JDK#########

if [[ "$JAVA_TYPE" == "jdk" ]]; then

cat >> ./$Dockerfile << EOF

ENV CATALINA_HOME="/usr/local/tomcat" \\

JAVA_HOME="/usr/local/java" \\

TOMCAT_VERSION=$TOMCAT_VERSION

EOF

cat >> ./$Dockerfile << "EOF"

ENV JRE_HOME="${JAVA_HOME}/jre" \

CLASSPATH="$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar" \

PATH="$PATH:$JAVA_HOME/bin:$CATALINA_HOME/lib:$CATALINA_HOME/bin"

EOF

cat >> ./$Dockerfile <<"EOF"

COPY ./jdk/apache-tomcat-$TOMCAT_VERSION.tar.gz $CATALINA_HOME/tomcat.tar.gz

COPY ./jdk/jdk-$JAVA_MAJOR*-linux-x64.tar.gz $CATALINA_HOME/java.tar.gz

EOF

######## Dockerfile Part 3 ########

cat >> ./$Dockerfile <<"EOF"

WORKDIR $CATALINA_HOME

COPY ./packages $CATALINA_HOME/packages/

RUN set -x \

&& sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/' /etc/apk/repositories \

&& echo 'http://mirrors.aliyun.com/alpine/edge/testing' >> /etc/apk/repositories \

&& apk update \

&& apk add --no-cache --allow-untrusted --update-cache \

wget \

vim \

openssh-client git perl make less \

bash bash-doc bash-completion \

htop iftop \

tmux fish mdocml-apropos \

busybox-extras \

coreutils \

curl \

ca-certificates \

tzdata \

libtool \

gcc \

ttf-dejavu \

fontconfig \

wqy-zenhei@edge wqy-zenhei \

apk-tools \

netcat-openbsd \

&& ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \

&& echo "Asia/Shanghai" > /etc/timezone \

&& sed -i -e 's/\/bin\/ash/\/bin\/bash/' /etc/passwd \

&& echo '\

. /etc/profile ; \

PS1='\''\[\e[01;33m\][\h \u:\[\e[01;34m\]\w\[\e[01;33m\]]\[\e[00m\]\$ '\'' ; \

eval `dircolors -b` ; \

alias ls="ls --color=auto" ; \

alias l="ls -lah" ; \

alias ll="ls -lh" ; \

alias l.="ls -d .* --color=auto" ; \

alias mv="mv -i" ; \

alias rm="rm -i" ; \

' >> /etc/bash.bashrc \

&& echo '. ~/.bashrc' > /root/.bash_profile \

&& echo '. /etc/bash.bashrc' > /root/.bashrc \

&& echo 'set-option -g default-shell /usr/bin/fish' > /root/.tmux.conf \

&& mkdir -p /root/.config/fish/functions \

&& echo '\

function fish_prompt ;\

if not set -q __fish_prompt_hostname ;\

set -g __fish_prompt_hostname (hostname) ;\

end ;\

set_color -o yellow ;\

echo -n -s "$USER" @ "$__fish_prompt_hostname" " " ;\

set_color -o blue ;\

echo -n (prompt_pwd) ;\

echo -n " # " ;\

set_color normal ;\

end ;\

alias l="ls -la" ;\

' > /root/.config/fish/functions/fish_prompt.fish \

&& ln -sf /usr/bin/fish /bin/sh \

&& echo 'hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4' >> /etc/nsswitch.conf \

&& mkdir -p $JAVA_HOME $CATALINA_HOME /usr/local/src /etc/config/download/ \

&& cp -rf packages/dumb-init_1.2.1_amd64 /usr/bin/dumb-init \

&& cp -rf packages/confdownload $CATALINA_HOME/confdownload/ \

&& cp -rf packages/glibc/sgerrand.rsa.pub /etc/apk/keys/sgerrand.rsa.pub \

&& cp -rf packages/etc/inputrc /etc/inputrc \

&& cp -rf packages/pinpoint-agent $CATALINA_HOME/pinpoint-agent/ \

&& cp -rf packages/java_options.sh /usr/local/bin/ \

&& cp -rf packages/entrypoint.sh /usr/local/bin/ \

&& cp -rf packages/etc/authfile.properties /etc/config/download/ \

&& cp -rf packages/etc/yhtauthfile.properties /etc/config/download/ \

&& cp -rf packages/fish_greeting.fish /root/.config/fish/functions/fish_greeting.fish \

&& ALPINE_GLIBC_BASE_DIR="$CATALINA_HOME/packages/glibc" \

&& ALPINE_GLIBC_PACKAGE_VERSION="2.28-r0" \

&& ALPINE_GLIBC_BASE_PACKAGE_FILENAME="$ALPINE_GLIBC_BASE_DIR/glibc-$ALPINE_GLIBC_PACKAGE_VERSION.apk" \

&& ALPINE_GLIBC_BIN_PACKAGE_FILENAME="$ALPINE_GLIBC_BASE_DIR/glibc-bin-$ALPINE_GLIBC_PACKAGE_VERSION.apk" \

&& ALPINE_GLIBC_I18N_PACKAGE_FILENAME="$ALPINE_GLIBC_BASE_DIR/glibc-i18n-$ALPINE_GLIBC_PACKAGE_VERSION.apk" \

&& apk add --no-cache \

"$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \

"$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \

"$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" \

&& rm "/etc/apk/keys/sgerrand.rsa.pub" \

&& /usr/glibc-compat/bin/localedef --force --inputfile POSIX --charmap UTF-8 "$LANG" || true \

&& echo "export LANG=$LANG" > /etc/profile.d/locale.sh \

&& apk del glibc-i18n \

EOF

####for JDK####

if [[ "$JAVA_TYPE" == "jdk" ]]; then

cat >> ./$Dockerfile <<"EOF"

&& mkdir -p $JAVA_HOME \

&& tar -xvf tomcat.tar.gz --strip-components=1 \

&& tar -xvf java.tar.gz --strip-components=1 -C $JAVA_HOME/ \

&& rm bin/*.bat \

&& rm -rf $JAVA_HOME/*src.zip \

$JAVA_HOME/lib/missioncontrol \

$JAVA_HOME/lib/visualvm \

$JAVA_HOME/lib/*javafx* \

$JAVA_HOME/jre/lib/ext/jfxrt.jar \

$JAVA_HOME/jre/bin/javaws \

$JAVA_HOME/jre/lib/javaws.jar \

$JAVA_HOME/jre/lib/desktop \

$JAVA_HOME/jre/plugin \

$JAVA_HOME/jre/lib/deploy* \

$JAVA_HOME/jre/lib/*javafx* \

$JAVA_HOME/jre/lib/*jfx* \

&& rm -rf tomcat.tar.gz* java.tar.gz* \

&& cp -rf packages/UnlimitedJCEPolicyJDK${JAVA_MAJOR}/local_policy.jar $JAVA_HOME/jre/lib/security/ \

&& cp -rf packages/UnlimitedJCEPolicyJDK${JAVA_MAJOR}/US_export_policy.jar $JAVA_HOME/jre/lib/security/ \

EOF

else

cat >> ./$Dockerfile <<"EOF"

&& cp -rf packages/UnlimitedJCEPolicyJDK${JAVA_MAJOR}/local_policy.jar $JAVA_HOME/lib/security/ \

&& cp -rf packages/UnlimitedJCEPolicyJDK${JAVA_MAJOR}/US_export_policy.jar $JAVA_HOME/lib/security/ \

EOF

cat >> ./$Dockerfile <<"EOF"

&& echo 'export PATH="$PATH:$JAVA_HOME/bin:$CATALINA_HOME/lib:$CATALINA_HOME/bin"' >> /etc/profile \

&& sed -i '/tomcat.util.scan.StandardJarScanFilter.jarsToSkip=/a bootstrap.jar,commons-daemon.jar,tomcat-juli.jar,bcprov-*.jar,\\' \

$CATALINA_HOME/conf/catalina.properties \

&& sed -i -e 's/<Connector port="8080"/& URIEncoding="UTF-8"/g' \

-e '/pattern="%/{s/.*/ pattern="%h %l %u %t \"%r\" %s %b %{X-traceId}i %D" \/>/}' \

$CATALINA_HOME/conf/server.xml \

&& sed -i 's@#!/bin/sh@#!/bin/bash@g' $CATALINA_HOME/bin/*.sh \

&& ln -sf $CATALINA_HOME/confdownload /usr/local/src/confdownload \

&& ln -sf /usr/local/bin/java_options.sh $CATALINA_HOME/bin/java_options.sh \

&& ln -sf /usr/local/bin/entrypoint.sh $CATALINA_HOME/bin/entrypoint.sh \

&& chmod +x /usr/bin/dumb-init $CATALINA_HOME/bin/* $CATALINA_HOME/confdownload/* /usr/local/bin/* \

&& /bin/rm -rf /tmp/* /var/cache/apk/* $CATALINA_HOME/webapps/* packages

VOLUME ["/usr/local/tomcat/logs"]

EXPOSE 8080

ENTRYPOINT ["/usr/bin/dumb-init", "--", "entrypoint.sh"]

CMD ["catalina.sh", "run"]

EOF

}

function build_image() {

#### Build image

####for JDK####

if [[ "$JAVA_TYPE" == "jre" ]]; then

echo "jdk" > .dockerignore

else

echo `ls jdk/apache-tomcat-* | grep -v $TOMCAT_VERSION` | sed 's/ /\n/g' > .dockerignore

echo `ls jdk/jdk-* | grep -v ${JAVA_MAJOR}u` | sed 's/ /\n/g' >> .dockerignore

docker build --rm -t $IMAGE_NAME -f $Dockerfile . && docker push $IMAGE_NAME 1>/dev/null

if [[ $? == 0 ]]; then

echo "====> ${IMAGE_NAME} Builded and Pushed successfully.<====" | tee -a ${logfile}

else

echo "====> ${IMAGE_NAME} Builded Or Pushed failed!<====" | tee -a ${logfile}

exit 1

}

main() {

echo "==========================Build Info====================================" | tee -a ${logfile}

echo "--> $build_date Building ${IMAGE_NAME}..." | tee -a ${logfile}

vs=`echo $VERSIONS|sed 's/,/ /g'`

for v in `echo $vs`;do

create_dockerfile $v

build_image

done

echo "==========================##########====================================" | tee -a ${logfile}

}

main

cat ${logfile}

2. entrypoint.sh

#!/bin/bash
#### APM ####
set_apm(){
    JAVA_OPTS="$JAVA_OPTS -Djava.security.egd=file:/dev/./urandom -Dspan.trace.ratio=5 -Duser.timezone=GMT+08 -Ddefault.client.encoding=UTF-8 -Dfile.encoding=UTF-8 -Dsun.jnu.encoding=UTF8 -Duser.language=Zh"
    if [[ ! -z $MESOS_TASK_ID ]]; then
        AGENT_ID=$(echo "$MESOS_TASK_ID"|cut -d'.' -f 2|cut -d'-' -f 1,2,3) #mesos container
    else
        AGENT_ID=$(echo "$HOSTNAME") #k8s container
    fi
    #==enable pinpoint or not==
    if [[ "X${developer_apm_appId}" != "X" && "X${AGENT_ID}" != "X" ]]; then
        #strip spaces or tabs before or behind the string and cut to left 24 strings
        APPLICATION_NAME=$(echo "$developer_apm_appId" | awk 'gsub(/^ *| *$/,"")'  | cut -b -24)
        PINPOINT_COLLECTOR_IP=${PINPOINT_COLLECTOR_IP:-10.3.15.29}       
        AGENT_ID_SHORT=$(echo "$AGENT_ID" | cut -b -24)
        APM_JAR="${CATALINA_HOME}/pinpoint-agent/pinpoint-bootstrap-1.7.2.jar"
        JAVA_OPTS="$JAVA_OPTS -javaagent:${APM_JAR} -Dpinpoint.agentId=${AGENT_ID_SHORT} -Dpinpoint.applicationName=${APPLICATION_NAME}"
        
        #configure pinpoint.config
        PINPOINT_CONFIG_FILE="${CATALINA_HOME}/pinpoint-agent/pinpoint.config"
        sed -i -e "s/profiler.collector.ip=127.0.0.1/profiler.collector.ip=${PINPOINT_COLLECTOR_IP}/" ${PINPOINT_CONFIG_FILE}
        
        # Adjust pointpoint port.
        COLLECTOR_TCP_PORT=${PINPOINT_COLLECTOR_TCP_PORT:-9994}
        let COLLECTOR_STAT_PORT=${COLLECTOR_TCP_PORT}+1
        let COLLECTOR_SPAN_PORT=${COLLECTOR_TCP_PORT}+2        
        sed -i -e "s/profiler.collector.tcp.port=.*/profiler.collector.tcp.port=${COLLECTOR_TCP_PORT}/" ${PINPOINT_CONFIG_FILE}        
        sed -i -e "s/profiler.collector.stat.port=.*/profiler.collector.stat.port=${COLLECTOR_STAT_PORT}/" ${PINPOINT_CONFIG_FILE}       
        sed -i -e "s/profiler.collector.span.port=.*/profiler.collector.span.port=${COLLECTOR_SPAN_PORT}/" ${PINPOINT_CONFIG_FILE}
        
        # Configure log level for log4j
        PINPOINT_LOG_CONFIG_FILE="${CATALINA_HOME}/pinpoint-agent/lib/log4j.xml"
        PINPOINT_LOG_LEVEL=${PINPOINT_LOG_LEVEL:-ERROR}
        sed -i -e "s/ERROR/${PINPOINT_LOG_LEVEL}/g" ${PINPOINT_LOG_CONFIG_FILE}
        
        #profiler.sampling.rate：采样率（1/n，配置为2就是50%）
        SAMPLING_RATE=${SAMPLING_RATE:-20}
        if [[ $SAMPLING_RATE =~ ^-?[0-9]+$ ]]; then
            sed -i -e "s/profiler.sampling.rate=.*/profiler.sampling.rate=${SAMPLING_RATE}/" ${PINPOINT_CONFIG_FILE}
        else
            SAMPLING_RATE=20
            echo "WARNING: the value of SAMPLING_RATE is $SAMPLING_RATE, which need to be a int number, using defalut: 20 instead."
        fi
        SAMPLING_RATE_PERCENT=`awk 'BEGIN{printf "%.2f%%\n",(1/'${SAMPLING_RATE}')*100}'`
        
        echo "--------------------Pinpoint Enabled--------------------"
        echo "Pinpoint Application Name: $APPLICATION_NAME"
        echo "Pinpoint Agent Id:         $AGENT_ID"
        echo "Pinpoint Collector Ip:     $PINPOINT_COLLECTOR_IP  (can be overided by given ENV \$PINPOINT_COLLECTOR_IP)"
        echo "Pinpoint Log Level:        $PINPOINT_LOG_LEVEL     (can be overided by given ENV \$PINPOINT_LOG_LEVEL)"
        echo "Pinpoint Sampling.Rate:    $SAMPLING_RATE_PERCENT  (can be overided by given ENV \$SAMPLING_RATE, E.G.: set SAMPLING_RATE to 20，1/n, then rate will be 5%)"
        echo "---------------------------------------------------------"
    fi
    export JAVA_OPTS="$JAVA_OPTS"
}
#### confcenter ####
confcenter(){
    $CATALINA_HOME/confdownload/confcenterdownload > /dev/null 2>&1
}

set_applog(){
    if [[ "X${yonyoucloud_replace_path}" != "X" && "X${yonyoucloud_replace_value}" != "X" ]]; then
        paths=(${yonyoucloud_replace_path//;/ })
        values=(${yonyoucloud_replace_value//;/ })        
        for path in ${paths[@]}
        do
            if [[ -f "${path}" ]];then 
                for value in ${values[@]}
                do                  
                   env_value=`eval echo '$'"${value}"`
                   if [[ ! -z "${env_value}" ]];then
                       replace_value="%$value%"
                       sed -i "s@${replace_value}@${env_value}@" $path
                   fi
                done
            fi
        done
    fi
    #收集用户应用日志
    if [[ "X${developer_app_logs}" != "X" && "X${AGENT_ID}" != "X" ]]; then
       	arr=(${developer_app_logs//;/ }) 
	    busiPath=${arr[2]}
        logpath=/var/log/datalog/${arr[0]}/${arr[1]}/$AGENT_ID
        mkdir -p $busiPath
        rm -rf $busiPath
        mkdir -p $logpath
        ln -sf $logpath $busiPath
    fi
}

#### RUN ####
main(){
    printf "options timeout:1 attempts:1 rotate\nnameserver 10.3.15.14\nnameserver 10.3.15.15\n" > /etc/resolv.conf
    source /usr/local/bin/java_options.sh
    set_apm
    confcenter
    set_applog
    #echo 'export JAVA_OPTS="'$JAVA_OPTS'"' >> /etc/profile
}
main
eval $@

100

101

#!/bin/bash

#### APM ####

set_apm(){

JAVA_OPTS="$JAVA_OPTS -Djava.security.egd=file:/dev/./urandom -Dspan.trace.ratio=5 -Duser.timezone=GMT+08 -Ddefault.client.encoding=UTF-8 -Dfile.encoding=UTF-8 -Dsun.jnu.encoding=UTF8 -Duser.language=Zh"

if [[ ! -z $MESOS_TASK_ID ]]; then

AGENT_ID=$(echo "$MESOS_TASK_ID"|cut -d'.' -f 2|cut -d'-' -f 1,2,3) #mesos container

else

AGENT_ID=$(echo "$HOSTNAME") #k8s container

#==enable pinpoint or not==

if [[ "X${developer_apm_appId}" != "X" && "X${AGENT_ID}" != "X" ]]; then

#strip spaces or tabs before or behind the string and cut to left 24 strings

APPLICATION_NAME=$(echo "$developer_apm_appId" | awk 'gsub(/^ *| *$/,"")' | cut -b -24)

PINPOINT_COLLECTOR_IP=${PINPOINT_COLLECTOR_IP:-10.3.15.29}

AGENT_ID_SHORT=$(echo "$AGENT_ID" | cut -b -24)

APM_JAR="${CATALINA_HOME}/pinpoint-agent/pinpoint-bootstrap-1.7.2.jar"

JAVA_OPTS="$JAVA_OPTS -javaagent:${APM_JAR} -Dpinpoint.agentId=${AGENT_ID_SHORT} -Dpinpoint.applicationName=${APPLICATION_NAME}"

#configure pinpoint.config

PINPOINT_CONFIG_FILE="${CATALINA_HOME}/pinpoint-agent/pinpoint.config"

sed -i -e "s/profiler.collector.ip=127.0.0.1/profiler.collector.ip=${PINPOINT_COLLECTOR_IP}/" ${PINPOINT_CONFIG_FILE}

# Adjust pointpoint port.

COLLECTOR_TCP_PORT=${PINPOINT_COLLECTOR_TCP_PORT:-9994}

let COLLECTOR_STAT_PORT=${COLLECTOR_TCP_PORT}+1

let COLLECTOR_SPAN_PORT=${COLLECTOR_TCP_PORT}+2

sed -i -e "s/profiler.collector.tcp.port=.*/profiler.collector.tcp.port=${COLLECTOR_TCP_PORT}/" ${PINPOINT_CONFIG_FILE}

sed -i -e "s/profiler.collector.stat.port=.*/profiler.collector.stat.port=${COLLECTOR_STAT_PORT}/" ${PINPOINT_CONFIG_FILE}

sed -i -e "s/profiler.collector.span.port=.*/profiler.collector.span.port=${COLLECTOR_SPAN_PORT}/" ${PINPOINT_CONFIG_FILE}

# Configure log level for log4j

PINPOINT_LOG_CONFIG_FILE="${CATALINA_HOME}/pinpoint-agent/lib/log4j.xml"

PINPOINT_LOG_LEVEL=${PINPOINT_LOG_LEVEL:-ERROR}

sed -i -e "s/ERROR/${PINPOINT_LOG_LEVEL}/g" ${PINPOINT_LOG_CONFIG_FILE}

#profiler.sampling.rate：采样率（1/n，配置为2就是50%）

SAMPLING_RATE=${SAMPLING_RATE:-20}

if [[ $SAMPLING_RATE =~ ^-?[0-9]+$ ]]; then

sed -i -e "s/profiler.sampling.rate=.*/profiler.sampling.rate=${SAMPLING_RATE}/" ${PINPOINT_CONFIG_FILE}

else

SAMPLING_RATE=20

echo "WARNING: the value of SAMPLING_RATE is $SAMPLING_RATE, which need to be a int number, using defalut: 20 instead."

SAMPLING_RATE_PERCENT=`awk 'BEGIN{printf "%.2f%%\n",(1/'${SAMPLING_RATE}')*100}'`

echo "--------------------Pinpoint Enabled--------------------"

echo "Pinpoint Application Name: $APPLICATION_NAME"

echo "Pinpoint Agent Id: $AGENT_ID"

echo "Pinpoint Collector Ip: $PINPOINT_COLLECTOR_IP (can be overided by given ENV \$PINPOINT_COLLECTOR_IP)"

echo "Pinpoint Log Level: $PINPOINT_LOG_LEVEL (can be overided by given ENV \$PINPOINT_LOG_LEVEL)"

echo "Pinpoint Sampling.Rate: $SAMPLING_RATE_PERCENT (can be overided by given ENV \$SAMPLING_RATE, E.G.: set SAMPLING_RATE to 20，1/n, then rate will be 5%)"

echo "---------------------------------------------------------"

export JAVA_OPTS="$JAVA_OPTS"

}

#### confcenter ####

confcenter(){

$CATALINA_HOME/confdownload/confcenterdownload > /dev/null 2>&1

}

set_applog(){

if [[ "X${yonyoucloud_replace_path}" != "X" && "X${yonyoucloud_replace_value}" != "X" ]]; then

paths=(${yonyoucloud_replace_path//;/ })

values=(${yonyoucloud_replace_value//;/ })

for path in ${paths[@]}

if [[ -f "${path}" ]];then

for value in ${values[@]}

env_value=`eval echo '$'"${value}"`

if [[ ! -z "${env_value}" ]];then

replace_value="%$value%"

sed -i "s@${replace_value}@${env_value}@" $path

done

#收集用户应用日志

if [[ "X${developer_app_logs}" != "X" && "X${AGENT_ID}" != "X" ]]; then

arr=(${developer_app_logs//;/ })

busiPath=${arr[2]}

logpath=/var/log/datalog/${arr[0]}/${arr[1]}/$AGENT_ID

mkdir -p $busiPath

rm -rf $busiPath

mkdir -p $logpath

ln -sf $logpath $busiPath

}

#### RUN ####

main(){

printf "options timeout:1 attempts:1 rotate\nnameserver 10.3.15.14\nnameserver 10.3.15.15\n" > /etc/resolv.conf

source /usr/local/bin/java_options.sh

set_apm

confcenter

set_applog

#echo 'export JAVA_OPTS="'$JAVA_OPTS'"' >> /etc/profile

}

main

eval $@

3. 由于将fish做为默认shell, 修改fish_greeting内容：~/.config/fish/functions/fish_greeting.fish

function fish_greeting
if test -n "$MARATHON_APP_DOCKER_IMAGE"; echo ''(set_color red)'-------------------'(set_color green)''; echo $MARATHON_APP_DOCKER_IMAGE |rev| cut -d'/' -f 1|rev; end
if test -n "$HOST"; echo ''(set_color red)'-------------------'(set_color green)''; echo $HOST|head -1; echo '-------------------'; end

    echo '                 '(set_color F00)'___
  ___======____='(set_color FF7F00)'-'(set_color FF0)'-'(set_color FF7F00)'-='(set_color F00)')
/T            \_'(set_color FF0)'--='(set_color FF7F00)'=='(set_color F00)')    Welcome To Developer Center '(set_color white)(whoami)(set_color red)'
[ \ '(set_color FF7F00)'('(set_color FF0)'0'(set_color FF7F00)')   '(set_color F00)'\~    \_'(set_color FF0)'-='(set_color FF7F00)'='(set_color F00)')'(set_color yellow)'    Uptime: '(set_color white)(function displaymin; set T $argv; set D (math $T/60/24); set H (math $T/60%24); set M (math $T%60); [ {$D} > 0 ]; and printf '%d days ' $D; [ {$H} > 0 ]; and printf '%d hours ' $H; [ {$M} > 0 ]; and printf '%d minutes ' $M; end; displaymin (ps -o etime|grep -v 'ELAPSED'|head -1|cut -d':' -f1))(set_color red)'
 \      / )J'(set_color FF7F00)'~~    \\'(set_color FF0)'-='(set_color F00)')    '(set_color yellow)'Fish Version: '(set_color white)(echo $FISH_VERSION)(set_color red)'
  \\\\___/  )JJ'(set_color FF7F00)'~'(set_color FF0)'~~   '(set_color F00)'\)     '(set_color red)'Base Image: '(set_color white)(echo $BASE_IMAGE | cut -d '/' -f 3-)(set_color red)'
   \_____/JJJ'(set_color FF7F00)'~~'(set_color FF0)'~~    '(set_color F00)'\\
   '(set_color FF7F00)'/ '(set_color FF0)'\  '(set_color FF0)', \\'(set_color F00)'J'(set_color FF7F00)'~~~'(set_color FF0)'~~     '(set_color FF7F00)'\\
  (-'(set_color FF0)'\)'(set_color F00)'\='(set_color FF7F00)'|'(set_color FF0)'\\\\\\'(set_color FF7F00)'~~'(set_color FF0)'~~       '(set_color FF7F00)'L_'(set_color FF0)'_
  '(set_color FF7F00)'('(set_color F00)'\\'(set_color FF7F00)'\\)  ('(set_color FF0)'\\'(set_color FF7F00)'\\\)'(set_color F00)'_           '(set_color FF0)'\=='(set_color FF7F00)'__
   '(set_color F00)'\V    '(set_color FF7F00)'\\\\'(set_color F00)'\) =='(set_color FF7F00)'=_____   '(set_color FF0)'\\\\\\\\'(set_color FF7F00)'\\\\
          '(set_color F00)'\V)     \_) '(set_color FF7F00)'\\\\'(set_color FF0)'\\\\JJ\\'(set_color FF7F00)'J\)
                      '(set_color F00)'/'(set_color FF7F00)'J'(set_color FF0)'\\'(set_color FF7F00)'J'(set_color F00)'T\\'(set_color FF7F00)'JJJ'(set_color F00)'J)
                      (J'(set_color FF7F00)'JJ'(set_color F00)'| \UUU)
                       (UU)'(set_color normal)
end

function fish_greeting

if test -n "$MARATHON_APP_DOCKER_IMAGE"; echo ''(set_color red)'-------------------'(set_color green)''; echo $MARATHON_APP_DOCKER_IMAGE |rev| cut -d'/' -f 1|rev; end

if test -n "$HOST"; echo ''(set_color red)'-------------------'(set_color green)''; echo $HOST|head -1; echo '-------------------'; end

echo ' '(set_color F00)'___

___======____='(set_color FF7F00)'-'(set_color FF0)'-'(set_color FF7F00)'-='(set_color F00)')

/T \_'(set_color FF0)'--='(set_color FF7F00)'=='(set_color F00)') Welcome To Developer Center '(set_color white)(whoami)(set_color red)'

[ \ '(set_color FF7F00)'('(set_color FF0)'0'(set_color FF7F00)') '(set_color F00)'\~ \_'(set_color FF0)'-='(set_color FF7F00)'='(set_color F00)')'(set_color yellow)' Uptime: '(set_color white)(function displaymin; set T $argv; set D (math $T/60/24); set H (math $T/60%24); set M (math $T%60); [ {$D} > 0 ]; and printf '%d days ' $D; [ {$H} > 0 ]; and printf '%d hours ' $H; [ {$M} > 0 ]; and printf '%d minutes ' $M; end; displaymin (ps -o etime|grep -v 'ELAPSED'|head -1|cut -d':' -f1))(set_color red)'

\ / )J'(set_color FF7F00)'~~ \\'(set_color FF0)'-='(set_color F00)') '(set_color yellow)'Fish Version: '(set_color white)(echo $FISH_VERSION)(set_color red)'

\\\\___/ )JJ'(set_color FF7F00)'~'(set_color FF0)'~~ '(set_color F00)'\) '(set_color red)'Base Image: '(set_color white)(echo $BASE_IMAGE | cut -d '/' -f 3-)(set_color red)'

\_____/JJJ'(set_color FF7F00)'~~'(set_color FF0)'~~ '(set_color F00)'\\

'(set_color FF7F00)'/ '(set_color FF0)'\ '(set_color FF0)', \\'(set_color F00)'J'(set_color FF7F00)'~~~'(set_color FF0)'~~ '(set_color FF7F00)'\\

(-'(set_color FF0)'\)'(set_color F00)'\='(set_color FF7F00)'|'(set_color FF0)'\\\\\\'(set_color FF7F00)'~~'(set_color FF0)'~~ '(set_color FF7F00)'L_'(set_color FF0)'_

'(set_color FF7F00)'('(set_color F00)'\\'(set_color FF7F00)'\\) ('(set_color FF0)'\\'(set_color FF7F00)'\\\)'(set_color F00)'_ '(set_color FF0)'\=='(set_color FF7F00)'__

'(set_color F00)'\V '(set_color FF7F00)'\\\\'(set_color F00)'\) =='(set_color FF7F00)'=_____ '(set_color FF0)'\\\\\\\\'(set_color FF7F00)'\\\\

'(set_color F00)'\V) \_) '(set_color FF7F00)'\\\\'(set_color FF0)'\\\\JJ\\'(set_color FF7F00)'J\)

'(set_color F00)'/'(set_color FF7F00)'J'(set_color FF0)'\\'(set_color FF7F00)'J'(set_color F00)'T\\'(set_color FF7F00)'JJJ'(set_color F00)'J)

(J'(set_color FF7F00)'JJ'(set_color F00)'| \UUU)

(UU)'(set_color normal)

end

更新(2019-01-07), 将所需下载的文件全部放到了nginx上供远程下载, 将java基础镜像也揉合进脚本了:

#!/usr/bin/env bash
###################################################
# author: Sean Lyu
# modify: 2019/01/07
# function: build tomcat and java base images
# 说明:
# 此脚本会分别创建tomcat和java的Dockerfile并构建基础镜像
# tomcat基础镜像根据java的不同分为JDK和JRE版, JDK版是基于alpine基础镜像来构建, 而JRE版是基于官方tomcat来构建
# 所以Dockerfile有所不同: JDK版需要分别拷贝tomcat和java并设置相关环境变量, 而JRE版则此两步都不需要
# java基础镜像是基于alpine来构建, 只需要拷贝java,设置PATH等环境变量即可
# 此脚本使用方法:
# just build one image: build.sh tomcat:7.0.85-jdk7-alpine
# following is the way of how to build mutiple versions of images(including tomcat and java, separated by commas):
# build.sh tomcat:7.0.88-jre7-alpine,tomcat:7.0.88-jre8-alpine,tomcat:8.0.52-jre7-alpine, \
# tomcat:8.0.52-jre8-alpine,tomcat:9.0.8-jre8-alpine, tomcat:6.0.48-jdk7-alpine,tomcat:7.0.85-jdk7-alpine, \
# tomcat:7.0.85-jdk8-alpine,tomcat:8.5.28-jdk7-alpine,tomcat:8.5.28-jdk8-alpine,tomcat:9.0.5-jdk7-alpine, \
# tomcat:9.0.5-jdk8-alpine,java:7-jdk-alpine,java:8-jdk-alpine
# aliyun source
# https://mirrors.aliyun.com/alpine/v3.6/main/
# https://mirrors.aliyun.com/alpine/v3.6/community/
# ustc source
# mirrors.ustc.edu.cn
####################################################
set -e

log_dir="/data/logs/base_images"
[[ -d "$log_dir" ]] || mkdir $log_dir
build_date=`date +%Y-%m-%d_%H-%M-%S`
logfile=${log_dir}/${build_date}.log

function create_dockerfile() {
    IMAGE_NAME=$1
    DOCKER_REGISTRY="ycr.yonyoucloud.com"
    TYPE=`echo $IMAGE_NAME | awk -F':' '{print $1}'`
    VERSION=`echo $IMAGE_NAME | awk -F':' '{print $2}'`
    if [[ "X$TYPE" == "Xtomcat" ]]; then
        TOMCAT_VERSION=`echo $VERSION | awk -F'-' '{print $1}'`
        TOMCAT_MAJOR=`echo $TOMCAT_VERSION | awk -F'.' '{print $1}'`
        JAVA_VERSION=`echo $VERSION | awk -F'-' '{print $2}'`
        JAVA_TYPE=${JAVA_VERSION%%[0-9]*} # 删除字条串中以数字开始的字符及右边所有
        JAVA_MAJOR=`echo ${JAVA_VERSION: -1}`
        CATALINA_HOME=/usr/local/tomcat
        TAG_end=`echo $VERSION|cut -d "-" -f2,3`
        TAG="$TOMCAT_MAJOR-$TAG_end"
        Dockerfile="Dockerfile.tomcat$VERSION"
        WORKDIR="$CATALINA_HOME"
        # for prod
        FULL_IMAGE_NAME="$DOCKER_REGISTRY/base/tomcat:$TAG"
        # for test
        #FULL_IMAGE_NAME="tomcat:$TAG"
    elif [[ "X$TYPE" == "Xjava" ]]; then
        JAVA_VERSION=`echo $VERSION | awk -F'-' '{print $1}'`
        JAVA_TYPE=`echo $VERSION | awk -F'-' '{print $2}'`
        JAVA_MAJOR=$JAVA_VERSION
        Dockerfile="Dockerfile.java$VERSION"
        WORKDIR="/app"
        # for prod
        FULL_IMAGE_NAME="$DOCKER_REGISTRY/base/java:$VERSION"
        # for test
        #FULL_IMAGE_NAME="java:$VERSION"
    fi

    ######## Dockerfile Part 1 ########
    if [[ "$JAVA_TYPE" == "jdk" ]]; then
        echo "FROM alpine:latest" > ./$Dockerfile
    else
        echo "FROM $DOCKER_REGISTRY/official/tomcat/tomcat:$VERSION" > ./$Dockerfile
    fi
######## Dockerfile Part 2 ########
    cat >> ./$Dockerfile << EOF
ENV LANG=en_US.UTF-8 \\
    LANGUAGE=en_US.UTF-8 \\
    LC_CTYPE=en_US.UTF-8 \\
    LC_ALL=en_US.UTF-8 \\
    TZ="Asia/Shanghai" \\
    JAVA_MAJOR=${JAVA_MAJOR} \\
    WORKDIR=${WORKDIR} \\
    BASE_IMAGE=${IMAGE_NAME}
EOF

    ########JDK#########
    if [[ "$TYPE" == "tomcat" && "$JAVA_TYPE" == "jdk" ]]; then
        cat >> ./$Dockerfile << EOF
ENV JAVA_HOME="/usr/local/java" \\
    CATALINA_HOME="/usr/local/tomcat" \\
    TOMCAT_VERSION=${TOMCAT_VERSION}
EOF
        cat >> ./$Dockerfile << "EOF"
ENV JRE_HOME="${JAVA_HOME}/jre" \
    CLASSPATH="${JAVA_HOME}/lib/dt.jar:${JAVA_HOME}/lib/tools.jar" \
    PATH="${PATH}:${JAVA_HOME}/bin:${CATALINA_HOME}/lib:${CATALINA_HOME}/bin"
EOF

     elif [[ "$TYPE" == "java" && "$JAVA_TYPE" == "jdk" ]]; then
        cat >> ./$Dockerfile << "EOF"
ENV JAVA_HOME="/usr/local/java"
EOF
        cat >> ./$Dockerfile << "EOF"
ENV JRE_HOME="${JAVA_HOME}/jre" \
    CLASSPATH="${JAVA_HOME}/lib/dt.jar:${JAVA_HOME}/lib/tools.jar" \
    PATH="${PATH}:${JAVA_HOME}/bin"
EOF
    fi

######## Dockerfile Part 3 ########
    cat >> ./$Dockerfile <<"EOF"
WORKDIR $WORKDIR

RUN set -x \
    && sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/' /etc/apk/repositories \
    && echo 'http://mirrors.aliyun.com/alpine/edge/testing' >> /etc/apk/repositories \
    && apk update \
    && apk add --no-cache --allow-untrusted --update-cache \
               wget vim curl \
               openssh-client git perl make less \
               bash bash-doc bash-completion \
               htop iftop \
               tmux fish mdocml-apropos \
               busybox-extras \
               coreutils \
               ca-certificates \
               tzdata \
               libtool \
               gcc \
               ttf-dejavu \
               fontconfig \
               wqy-zenhei@edge wqy-zenhei \
               apk-tools \
               netcat-openbsd \
               bind-tools \
    && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
    && echo "Asia/Shanghai" > /etc/timezone \
    \
    && sed -i -e 's/\/bin\/ash/\/bin\/bash/' /etc/passwd \
    \
    \
    && echo '\
            PS1='\''\[\e[01;33m\][\h \u:\[\e[01;34m\]\w\[\e[01;33m\]]\[\e[00m\]\$ '\'' ; \
            eval `dircolors -b` ; \
            alias ls="ls --color=auto" ; \
            alias l="ls -lah" ; \
            alias ll="ls -lh" ; \
            alias l.="ls -d .* --color=auto" ; \
            alias mv="mv -i" ; \
            alias rm="rm -i" ; \
            export PATH='"${PATH}"' \
    ' >> /etc/profile \
    && echo '. ~/.bashrc' > /root/.bash_profile \
    && echo '. /etc/profile' > /root/.bashrc \
    && echo 'set-option -g default-shell /usr/bin/fish' > /root/.tmux.conf \
    && mkdir -p /root/.config/fish/functions \
    && echo '\
           function fish_prompt ;\
               if not set -q __fish_prompt_hostname ;\
                   set -g __fish_prompt_hostname (hostname) ;\
               end ;\
               set_color -o yellow ;\
               echo -n -s "$USER" @ "$__fish_prompt_hostname" " " ;\
               set_color -o blue ;\
               echo -n (prompt_pwd) ;\
               echo -n " # " ;\
               set_color normal ;\
           end ;\
           \
           alias l="ls -la" ;\
    ' > /root/.config/fish/functions/fish_prompt.fish \
    && ln -sf /bin/bash /bin/sh \
    \
    && echo 'hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4' >> /etc/nsswitch.conf \
    \
    \
    && mkdir -p $WORKDIR /usr/local/src/confdownload /etc/config/download/ /usr/local/pinpoint-agent \
    && BASE_URL="http://developer.yonyoucloud.com/download/base_images/tomcat" \
    && curl -SL $BASE_URL/packages/fish_greeting.fish -o /root/.config/fish/functions/fish_greeting.fish \
    && curl -SL $BASE_URL/packages/dumb-init_1.2.1_amd64 -o /usr/bin/dumb-init \
    && curl -SL $BASE_URL/packages/java_options.sh -o /usr/local/bin/java_options.sh \
    && curl -SL $BASE_URL/packages/entrypoint.sh -o /usr/local/bin/entrypoint.sh \
    && curl -SL $BASE_URL/packages/confdownload/confcenterdownload -o /usr/local/src/confdownload/confcenterdownload \
    && curl -SL $BASE_URL/packages/glibc/sgerrand.rsa.pub -o /etc/apk/keys/sgerrand.rsa.pub \
    # && curl -SL $BASE_URL/packages/etc/inputrc -o /etc/inputrc \
    && wget $BASE_URL/packages/pinpoint-agent.tar.gz \
    && tar -xvf pinpoint-agent.tar.gz --strip-components=1 -C /usr/local/pinpoint-agent \
    && rm -rf pinpoint-agent.tar.gz \
    && curl -SL $BASE_URL/packages/etc/authfile.properties -o /etc/config/download/authfile.properties \
    && curl -SL $BASE_URL/packages/etc/yhtauthfile.properties -o /etc/config/download/yhtauthfile.properties \
    \
    \
    && ALPINE_GLIBC_BASE_DIR="$BASE_URL/packages/glibc"  \
    && ALPINE_GLIBC_PACKAGE_VERSION="2.28-r0" \
    && ALPINE_GLIBC_BASE_PACKAGE_FILENAME="$ALPINE_GLIBC_BASE_DIR/glibc-$ALPINE_GLIBC_PACKAGE_VERSION.apk" \
    && ALPINE_GLIBC_BIN_PACKAGE_FILENAME="$ALPINE_GLIBC_BASE_DIR/glibc-bin-$ALPINE_GLIBC_PACKAGE_VERSION.apk" \
    && ALPINE_GLIBC_I18N_PACKAGE_FILENAME="$ALPINE_GLIBC_BASE_DIR/glibc-i18n-$ALPINE_GLIBC_PACKAGE_VERSION.apk" \
    && wget $ALPINE_GLIBC_BASE_PACKAGE_FILENAME \
    && wget $ALPINE_GLIBC_BIN_PACKAGE_FILENAME \
    && wget $ALPINE_GLIBC_I18N_PACKAGE_FILENAME \
    && apk add --no-cache \
        "glibc-$ALPINE_GLIBC_PACKAGE_VERSION.apk" \
        "glibc-bin-$ALPINE_GLIBC_PACKAGE_VERSION.apk" \
        "glibc-i18n-$ALPINE_GLIBC_PACKAGE_VERSION.apk" \
    \
    && rm -rf "/etc/apk/keys/sgerrand.rsa.pub" *.apk \
    && /usr/glibc-compat/bin/localedef --force --inputfile POSIX --charmap UTF-8 "$LANG" || true \
    && echo "export LANG=$LANG" > /etc/profile.d/locale.sh \
    \
    && apk del glibc-i18n \
    \
    \
EOF
    ####for JDK####
    if [[ "$JAVA_TYPE" == "jdk" ]]; then
        cat >> ./$Dockerfile <<"EOF"
    && mkdir -p $JAVA_HOME \
    && curl -SL $BASE_URL/jdk/jdk-$JAVA_MAJOR-linux-x64.tar.gz -o $WORKDIR/java.tar.gz \
    && tar -xvf java.tar.gz --strip-components=1 -C $JAVA_HOME/ \
    \
    && rm -rf $JAVA_HOME/*src.zip \
       $JAVA_HOME/lib/missioncontrol \
       $JAVA_HOME/lib/visualvm \
       $JAVA_HOME/lib/*javafx* \
       $JAVA_HOME/jre/lib/ext/jfxrt.jar \
       $JAVA_HOME/jre/bin/javaws \
       $JAVA_HOME/jre/lib/javaws.jar \
       $JAVA_HOME/jre/lib/desktop \
       $JAVA_HOME/jre/plugin \
       $JAVA_HOME/jre/lib/deploy* \
       $JAVA_HOME/jre/lib/*javafx* \
       $JAVA_HOME/jre/lib/*jfx* \
    \
    && rm -rf java.tar.gz* \
    && curl -SL $BASE_URL/packages/UnlimitedJCEPolicyJDK${JAVA_MAJOR}/local_policy.jar -o $JAVA_HOME/jre/lib/security/local_policy.jar \
    && curl -SL $BASE_URL/packages/UnlimitedJCEPolicyJDK${JAVA_MAJOR}/US_export_policy.jar -o $JAVA_HOME/jre/lib/security/US_export_policy.jar \
EOF
    elif [[ "$JAVA_TYPE" == "jre" ]]; then
        cat >> ./$Dockerfile <<"EOF"
    && curl -SL $BASE_URL/packages/UnlimitedJCEPolicyJDK${JAVA_MAJOR}/local_policy.jar -o $JAVA_HOME/lib/security/local_policy.jar \
    && curl -SL $BASE_URL/packages/UnlimitedJCEPolicyJDK${JAVA_MAJOR}/US_export_policy.jar -o $JAVA_HOME/lib/security/US_export_policy.jar \

EOF
    fi
    # for tomcat
    if [[ "$TYPE" == "tomcat" && "$JAVA_TYPE" == "jdk" ]]; then
        cat >> ./$Dockerfile <<"EOF"
    && curl -SL $BASE_URL/jdk/apache-tomcat-$TOMCAT_VERSION.tar.gz -o $WORKDIR/tomcat.tar.gz \
    && tar -xvf tomcat.tar.gz --strip-components=1 \
    && rm -rf tomcat.tar.gz* bin/*.bat $CATALINA_HOME/webapps/* \
    && echo 'export PATH="$PATH:$JAVA_HOME/bin:$CATALINA_HOME/lib:$CATALINA_HOME/bin"' >> /etc/profile \
EOF
    fi
    if [[ "$TYPE" == "tomcat" ]]; then
        cat >> ./$Dockerfile <<"EOF"
    && rm -rf $CATALINA_HOME/bin/*.bat $CATALINA_HOME/webapps/* \
    && sed -i '/tomcat.util.scan.StandardJarScanFilter.jarsToSkip=/a bootstrap.jar,commons-daemon.jar,tomcat-juli.jar,bcprov-*.jar,\\' \
              $CATALINA_HOME/conf/catalina.properties \
    && sed -i -e 's/<Connector port="8080"/& URIEncoding="UTF-8"/g' \
              -e '/protocol="AJP\/1.3"/s/^/<!--/' -e '/protocol="AJP\/1.3"/s/$/-->/' \
              -e '/pattern="%/s/.*/\t\tpattern="%{x-forwarded-for}i %h %l %u %t \&quot;%r\&quot; %s %b %{X-traceId}i %D" \/>/' \
              -e '/<\/Host>/i \\t<Valve className="org.apache.catalina.valves.RemoteIpValve"\n\t\tremoteIpHeader="x-forwarded-for"\n\t\tproxiesHeader="x-forwarded-by"\n\t\tprotocolHeader="x-forwarded-proto"/>' \
                 $CATALINA_HOME/conf/server.xml \
    && ln -sf /usr/local/bin/entrypoint.sh $CATALINA_HOME/bin/entrypoint.sh \
EOF
    fi

    # final
    cat >> ./$Dockerfile <<"EOF"
    && ln -sf /usr/local/src/confdownload/confcenterdownload /usr/local/bin/confcenterdownload \
    && chmod +x /usr/bin/dumb-init /usr/local/bin/* \
    && /bin/rm -rf /tmp/* /var/cache/apk/*
EOF


    if [[ "$TYPE" == "tomcat" ]]; then
        cat >> ./$Dockerfile <<"EOF"
EXPOSE 8080

ENTRYPOINT ["/usr/bin/dumb-init", "--", "entrypoint.sh"]
CMD ["catalina.sh", "run"]
EOF
    # for java
    elif [[ "$TYPE" == "java" ]]; then
        cat >> ./$Dockerfile << "EOF"
ENTRYPOINT ["/usr/bin/dumb-init", "--", "entrypoint.sh"]
CMD ["bash"]
EOF
    fi
}

function build_image() {
    #### Build image
#    ####for JDK####
#    if [[ "$JAVA_TYPE" == "jre" ]]; then
#        echo "jdk" > .dockerignore
#    elif [[ "$TYPE" == "tomcat" ]] && [[ "$JAVA_TYPE" == "jdk" ]]; then
#        echo `ls jdk/apache-tomcat-* | grep -v $TOMCAT_VERSION` | sed 's/ /\n/g'  > .dockerignore
#        echo `ls jdk/jdk-* | grep -v ${JAVA_MAJOR}u` | sed 's/ /\n/g'  >> .dockerignore
#    elif [[ "$TYPE" == "java" ]]; then
#        echo `ls jdk/apache-tomcat-*` | sed 's/ /\n/g'  > .dockerignore
#        echo `ls jdk/jdk-* | grep -v ${JAVA_MAJOR}u` | sed 's/ /\n/g'  >> .dockerignore
#    fi
    docker build  --rm -t $FULL_IMAGE_NAME -f $Dockerfile . && docker push $FULL_IMAGE_NAME 1>/dev/null
    if [[ $? == 0 ]]; then
      echo "====> ${FULL_IMAGE_NAME} Builded and Pushed successfully.<====" | tee -a ${logfile}
    else
      echo "====> ${FULL_IMAGE_NAME} Builded Or Pushed failed!<====" | tee -a ${logfile}
      exit 1
    fi
}

main() {
    echo "========================== Build Info ====================================" | tee -a ${logfile}
    echo "--> $build_date Building ${FULL_IMAGE_NAME}..." | tee -a ${logfile}
    vs=`echo $IMAGE_NAME|sed 's/,/ /g'`
    for v in `echo $vs`;do
        create_dockerfile $v
        build_image
    done
    echo "==============================END=========================================" | tee -a ${logfile}
}

main
cat ${logfile}

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

#!/usr/bin/env bash

###################################################

# author: Sean Lyu

# modify: 2019/01/07

# function: build tomcat and java base images

# 说明:

# 此脚本会分别创建tomcat和java的Dockerfile并构建基础镜像

# tomcat基础镜像根据java的不同分为JDK和JRE版, JDK版是基于alpine基础镜像来构建, 而JRE版是基于官方tomcat来构建

# 所以Dockerfile有所不同: JDK版需要分别拷贝tomcat和java并设置相关环境变量, 而JRE版则此两步都不需要

# java基础镜像是基于alpine来构建, 只需要拷贝java,设置PATH等环境变量即可

# 此脚本使用方法:

# just build one image: build.sh tomcat:7.0.85-jdk7-alpine

# following is the way of how to build mutiple versions of images(including tomcat and java, separated by commas):

# build.sh tomcat:7.0.88-jre7-alpine,tomcat:7.0.88-jre8-alpine,tomcat:8.0.52-jre7-alpine, \

# tomcat:8.0.52-jre8-alpine,tomcat:9.0.8-jre8-alpine, tomcat:6.0.48-jdk7-alpine,tomcat:7.0.85-jdk7-alpine, \

# tomcat:7.0.85-jdk8-alpine,tomcat:8.5.28-jdk7-alpine,tomcat:8.5.28-jdk8-alpine,tomcat:9.0.5-jdk7-alpine, \

# tomcat:9.0.5-jdk8-alpine,java:7-jdk-alpine,java:8-jdk-alpine

# aliyun source

# https://mirrors.aliyun.com/alpine/v3.6/main/

# https://mirrors.aliyun.com/alpine/v3.6/community/

# ustc source

# mirrors.ustc.edu.cn

####################################################

set -e

log_dir="/data/logs/base_images"

[[ -d "$log_dir" ]] || mkdir $log_dir

build_date=`date +%Y-%m-%d_%H-%M-%S`

logfile=${log_dir}/${build_date}.log

function create_dockerfile() {

IMAGE_NAME=$1

DOCKER_REGISTRY="ycr.yonyoucloud.com"

TYPE=`echo $IMAGE_NAME | awk -F':' '{print $1}'`

VERSION=`echo $IMAGE_NAME | awk -F':' '{print $2}'`

if [[ "X$TYPE" == "Xtomcat" ]]; then

TOMCAT_VERSION=`echo $VERSION | awk -F'-' '{print $1}'`

TOMCAT_MAJOR=`echo $TOMCAT_VERSION | awk -F'.' '{print $1}'`

JAVA_VERSION=`echo $VERSION | awk -F'-' '{print $2}'`

JAVA_TYPE=${JAVA_VERSION%%[0-9]*} # 删除字条串中以数字开始的字符及右边所有

JAVA_MAJOR=`echo ${JAVA_VERSION: -1}`

CATALINA_HOME=/usr/local/tomcat

TAG_end=`echo $VERSION|cut -d "-" -f2,3`

TAG="$TOMCAT_MAJOR-$TAG_end"

Dockerfile="Dockerfile.tomcat$VERSION"

WORKDIR="$CATALINA_HOME"

# for prod

FULL_IMAGE_NAME="$DOCKER_REGISTRY/base/tomcat:$TAG"

# for test

#FULL_IMAGE_NAME="tomcat:$TAG"

elif [[ "X$TYPE" == "Xjava" ]]; then

JAVA_VERSION=`echo $VERSION | awk -F'-' '{print $1}'`

JAVA_TYPE=`echo $VERSION | awk -F'-' '{print $2}'`

JAVA_MAJOR=$JAVA_VERSION

Dockerfile="Dockerfile.java$VERSION"

WORKDIR="/app"

# for prod

FULL_IMAGE_NAME="$DOCKER_REGISTRY/base/java:$VERSION"

# for test

#FULL_IMAGE_NAME="java:$VERSION"

######## Dockerfile Part 1 ########

if [[ "$JAVA_TYPE" == "jdk" ]]; then

echo "FROM alpine:latest" > ./$Dockerfile

else

echo "FROM $DOCKER_REGISTRY/official/tomcat/tomcat:$VERSION" > ./$Dockerfile

######## Dockerfile Part 2 ########

cat >> ./$Dockerfile << EOF

ENV LANG=en_US.UTF-8 \\

LANGUAGE=en_US.UTF-8 \\

LC_CTYPE=en_US.UTF-8 \\

LC_ALL=en_US.UTF-8 \\

TZ="Asia/Shanghai" \\

JAVA_MAJOR=${JAVA_MAJOR} \\

WORKDIR=${WORKDIR} \\

BASE_IMAGE=${IMAGE_NAME}

EOF

########JDK#########

if [[ "$TYPE" == "tomcat" && "$JAVA_TYPE" == "jdk" ]]; then

cat >> ./$Dockerfile << EOF

ENV JAVA_HOME="/usr/local/java" \\

CATALINA_HOME="/usr/local/tomcat" \\

TOMCAT_VERSION=${TOMCAT_VERSION}

EOF

cat >> ./$Dockerfile << "EOF"

ENV JRE_HOME="${JAVA_HOME}/jre" \

CLASSPATH="${JAVA_HOME}/lib/dt.jar:${JAVA_HOME}/lib/tools.jar" \

PATH="${PATH}:${JAVA_HOME}/bin:${CATALINA_HOME}/lib:${CATALINA_HOME}/bin"

EOF

elif [[ "$TYPE" == "java" && "$JAVA_TYPE" == "jdk" ]]; then

cat >> ./$Dockerfile << "EOF"

ENV JAVA_HOME="/usr/local/java"

EOF

cat >> ./$Dockerfile << "EOF"

ENV JRE_HOME="${JAVA_HOME}/jre" \

CLASSPATH="${JAVA_HOME}/lib/dt.jar:${JAVA_HOME}/lib/tools.jar" \

PATH="${PATH}:${JAVA_HOME}/bin"

EOF

######## Dockerfile Part 3 ########

cat >> ./$Dockerfile <<"EOF"

WORKDIR $WORKDIR

RUN set -x \

&& sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/' /etc/apk/repositories \

&& echo 'http://mirrors.aliyun.com/alpine/edge/testing' >> /etc/apk/repositories \

&& apk update \

&& apk add --no-cache --allow-untrusted --update-cache \

wget vim curl \

openssh-client git perl make less \

bash bash-doc bash-completion \

htop iftop \

tmux fish mdocml-apropos \

busybox-extras \

coreutils \

ca-certificates \

tzdata \

libtool \

gcc \

ttf-dejavu \

fontconfig \

wqy-zenhei@edge wqy-zenhei \

apk-tools \

netcat-openbsd \

bind-tools \

&& ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \

&& echo "Asia/Shanghai" > /etc/timezone \

&& sed -i -e 's/\/bin\/ash/\/bin\/bash/' /etc/passwd \

&& echo '\

PS1='\''\[\e[01;33m\][\h \u:\[\e[01;34m\]\w\[\e[01;33m\]]\[\e[00m\]\$ '\'' ; \

eval `dircolors -b` ; \

alias ls="ls --color=auto" ; \

alias l="ls -lah" ; \

alias ll="ls -lh" ; \

alias l.="ls -d .* --color=auto" ; \

alias mv="mv -i" ; \

alias rm="rm -i" ; \

export PATH='"${PATH}"' \

' >> /etc/profile \

&& echo '. ~/.bashrc' > /root/.bash_profile \

&& echo '. /etc/profile' > /root/.bashrc \

&& echo 'set-option -g default-shell /usr/bin/fish' > /root/.tmux.conf \

&& mkdir -p /root/.config/fish/functions \

&& echo '\

function fish_prompt ;\

if not set -q __fish_prompt_hostname ;\

set -g __fish_prompt_hostname (hostname) ;\

end ;\

set_color -o yellow ;\

echo -n -s "$USER" @ "$__fish_prompt_hostname" " " ;\

set_color -o blue ;\

echo -n (prompt_pwd) ;\

echo -n " # " ;\

set_color normal ;\

end ;\

alias l="ls -la" ;\

' > /root/.config/fish/functions/fish_prompt.fish \

&& ln -sf /bin/bash /bin/sh \

&& echo 'hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4' >> /etc/nsswitch.conf \

&& mkdir -p $WORKDIR /usr/local/src/confdownload /etc/config/download/ /usr/local/pinpoint-agent \

&& BASE_URL="http://developer.yonyoucloud.com/download/base_images/tomcat" \

&& curl -SL $BASE_URL/packages/fish_greeting.fish -o /root/.config/fish/functions/fish_greeting.fish \

&& curl -SL $BASE_URL/packages/dumb-init_1.2.1_amd64 -o /usr/bin/dumb-init \

&& curl -SL $BASE_URL/packages/java_options.sh -o /usr/local/bin/java_options.sh \

&& curl -SL $BASE_URL/packages/entrypoint.sh -o /usr/local/bin/entrypoint.sh \

&& curl -SL $BASE_URL/packages/confdownload/confcenterdownload -o /usr/local/src/confdownload/confcenterdownload \

&& curl -SL $BASE_URL/packages/glibc/sgerrand.rsa.pub -o /etc/apk/keys/sgerrand.rsa.pub \

# && curl -SL $BASE_URL/packages/etc/inputrc -o /etc/inputrc \

&& wget $BASE_URL/packages/pinpoint-agent.tar.gz \

&& tar -xvf pinpoint-agent.tar.gz --strip-components=1 -C /usr/local/pinpoint-agent \

&& rm -rf pinpoint-agent.tar.gz \

&& curl -SL $BASE_URL/packages/etc/authfile.properties -o /etc/config/download/authfile.properties \

&& curl -SL $BASE_URL/packages/etc/yhtauthfile.properties -o /etc/config/download/yhtauthfile.properties \

&& ALPINE_GLIBC_BASE_DIR="$BASE_URL/packages/glibc" \

&& ALPINE_GLIBC_PACKAGE_VERSION="2.28-r0" \

&& ALPINE_GLIBC_BASE_PACKAGE_FILENAME="$ALPINE_GLIBC_BASE_DIR/glibc-$ALPINE_GLIBC_PACKAGE_VERSION.apk" \

&& ALPINE_GLIBC_BIN_PACKAGE_FILENAME="$ALPINE_GLIBC_BASE_DIR/glibc-bin-$ALPINE_GLIBC_PACKAGE_VERSION.apk" \

&& ALPINE_GLIBC_I18N_PACKAGE_FILENAME="$ALPINE_GLIBC_BASE_DIR/glibc-i18n-$ALPINE_GLIBC_PACKAGE_VERSION.apk" \

&& wget $ALPINE_GLIBC_BASE_PACKAGE_FILENAME \

&& wget $ALPINE_GLIBC_BIN_PACKAGE_FILENAME \

&& wget $ALPINE_GLIBC_I18N_PACKAGE_FILENAME \

&& apk add --no-cache \

"glibc-$ALPINE_GLIBC_PACKAGE_VERSION.apk" \

"glibc-bin-$ALPINE_GLIBC_PACKAGE_VERSION.apk" \

"glibc-i18n-$ALPINE_GLIBC_PACKAGE_VERSION.apk" \

&& rm -rf "/etc/apk/keys/sgerrand.rsa.pub" *.apk \

&& /usr/glibc-compat/bin/localedef --force --inputfile POSIX --charmap UTF-8 "$LANG" || true \

&& echo "export LANG=$LANG" > /etc/profile.d/locale.sh \

&& apk del glibc-i18n \

EOF

####for JDK####

if [[ "$JAVA_TYPE" == "jdk" ]]; then

cat >> ./$Dockerfile <<"EOF"

&& mkdir -p $JAVA_HOME \

&& curl -SL $BASE_URL/jdk/jdk-$JAVA_MAJOR-linux-x64.tar.gz -o $WORKDIR/java.tar.gz \

&& tar -xvf java.tar.gz --strip-components=1 -C $JAVA_HOME/ \

&& rm -rf $JAVA_HOME/*src.zip \

$JAVA_HOME/lib/missioncontrol \

$JAVA_HOME/lib/visualvm \

$JAVA_HOME/lib/*javafx* \

$JAVA_HOME/jre/lib/ext/jfxrt.jar \

$JAVA_HOME/jre/bin/javaws \

$JAVA_HOME/jre/lib/javaws.jar \

$JAVA_HOME/jre/lib/desktop \

$JAVA_HOME/jre/plugin \

$JAVA_HOME/jre/lib/deploy* \

$JAVA_HOME/jre/lib/*javafx* \

$JAVA_HOME/jre/lib/*jfx* \

&& rm -rf java.tar.gz* \

&& curl -SL $BASE_URL/packages/UnlimitedJCEPolicyJDK${JAVA_MAJOR}/local_policy.jar -o $JAVA_HOME/jre/lib/security/local_policy.jar \

&& curl -SL $BASE_URL/packages/UnlimitedJCEPolicyJDK${JAVA_MAJOR}/US_export_policy.jar -o $JAVA_HOME/jre/lib/security/US_export_policy.jar \

EOF

elif [[ "$JAVA_TYPE" == "jre" ]]; then

cat >> ./$Dockerfile <<"EOF"

&& curl -SL $BASE_URL/packages/UnlimitedJCEPolicyJDK${JAVA_MAJOR}/local_policy.jar -o $JAVA_HOME/lib/security/local_policy.jar \

&& curl -SL $BASE_URL/packages/UnlimitedJCEPolicyJDK${JAVA_MAJOR}/US_export_policy.jar -o $JAVA_HOME/lib/security/US_export_policy.jar \

EOF

# for tomcat

if [[ "$TYPE" == "tomcat" && "$JAVA_TYPE" == "jdk" ]]; then

cat >> ./$Dockerfile <<"EOF"

&& curl -SL $BASE_URL/jdk/apache-tomcat-$TOMCAT_VERSION.tar.gz -o $WORKDIR/tomcat.tar.gz \

&& tar -xvf tomcat.tar.gz --strip-components=1 \

&& rm -rf tomcat.tar.gz* bin/*.bat $CATALINA_HOME/webapps/* \

&& echo 'export PATH="$PATH:$JAVA_HOME/bin:$CATALINA_HOME/lib:$CATALINA_HOME/bin"' >> /etc/profile \

EOF

if [[ "$TYPE" == "tomcat" ]]; then

cat >> ./$Dockerfile <<"EOF"

&& rm -rf $CATALINA_HOME/bin/*.bat $CATALINA_HOME/webapps/* \

&& sed -i '/tomcat.util.scan.StandardJarScanFilter.jarsToSkip=/a bootstrap.jar,commons-daemon.jar,tomcat-juli.jar,bcprov-*.jar,\\' \

$CATALINA_HOME/conf/catalina.properties \

&& sed -i -e 's/<Connector port="8080"/& URIEncoding="UTF-8"/g' \

-e '/protocol="AJP\/1.3"/s/^//' \

-e '/pattern="%/s/.*/\t\tpattern="%{x-forwarded-for}i %h %l %u %t \"%r\" %s %b %{X-traceId}i %D" \/>/' \

-e '/<\/Host>/i \\t<Valve className="org.apache.catalina.valves.RemoteIpValve"\n\t\tremoteIpHeader="x-forwarded-for"\n\t\tproxiesHeader="x-forwarded-by"\n\t\tprotocolHeader="x-forwarded-proto"/>' \

$CATALINA_HOME/conf/server.xml \

&& ln -sf /usr/local/bin/entrypoint.sh $CATALINA_HOME/bin/entrypoint.sh \

EOF

# final

cat >> ./$Dockerfile <<"EOF"

&& ln -sf /usr/local/src/confdownload/confcenterdownload /usr/local/bin/confcenterdownload \

&& chmod +x /usr/bin/dumb-init /usr/local/bin/* \

&& /bin/rm -rf /tmp/* /var/cache/apk/*

EOF

if [[ "$TYPE" == "tomcat" ]]; then

cat >> ./$Dockerfile <<"EOF"

EXPOSE 8080

ENTRYPOINT ["/usr/bin/dumb-init", "--", "entrypoint.sh"]

CMD ["catalina.sh", "run"]

EOF

# for java

elif [[ "$TYPE" == "java" ]]; then

cat >> ./$Dockerfile << "EOF"

ENTRYPOINT ["/usr/bin/dumb-init", "--", "entrypoint.sh"]

CMD ["bash"]

EOF

}

function build_image() {

#### Build image

# ####for JDK####

# if [[ "$JAVA_TYPE" == "jre" ]]; then

# echo "jdk" > .dockerignore

# elif [[ "$TYPE" == "tomcat" ]] && [[ "$JAVA_TYPE" == "jdk" ]]; then

# echo `ls jdk/apache-tomcat-* | grep -v $TOMCAT_VERSION` | sed 's/ /\n/g' > .dockerignore

# echo `ls jdk/jdk-* | grep -v ${JAVA_MAJOR}u` | sed 's/ /\n/g' >> .dockerignore

# elif [[ "$TYPE" == "java" ]]; then

# echo `ls jdk/apache-tomcat-*` | sed 's/ /\n/g' > .dockerignore

# echo `ls jdk/jdk-* | grep -v ${JAVA_MAJOR}u` | sed 's/ /\n/g' >> .dockerignore

# fi

docker build --rm -t $FULL_IMAGE_NAME -f $Dockerfile . && docker push $FULL_IMAGE_NAME 1>/dev/null

if [[ $? == 0 ]]; then

echo "====> ${FULL_IMAGE_NAME} Builded and Pushed successfully.<====" | tee -a ${logfile}

else

echo "====> ${FULL_IMAGE_NAME} Builded Or Pushed failed!<====" | tee -a ${logfile}

exit 1

}

main() {

echo "========================== Build Info ====================================" | tee -a ${logfile}

echo "--> $build_date Building ${FULL_IMAGE_NAME}..." | tee -a ${logfile}

vs=`echo $IMAGE_NAME|sed 's/,/ /g'`

for v in `echo $vs`;do

create_dockerfile $v

build_image

done

echo "==============================END=========================================" | tee -a ${logfile}

}

main

cat ${logfile}

参考： http://heiber.im/post/creating-a-solid-docker-base-image/

By sean, 7 years01/19/2018 ago

未分类

centos7上Virtualenv从python3.4升级到Python3.7.4

目前我的虚拟环境python版本是3.4, 想升级到最新的3.7.4, 总结步骤如下: 首先激活当前env_py3环境, 并导出当前依赖包:

workon env_py3
pip freeze > requirements.txt

1 2	workon env_py3 pip freeze > requirements.txt

首先安装依赖: 注意: libffi-devel必须安装, 不然编译安装会失败而导致安装不完整, 而创建虚拟环境时会报错(No module named ‘_ctypes’ )

yum -y install gcc gcc-c++ zlib zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel
yum -y install libffi-devel

1 2	yum -y install gcc gcc-c++ zlib zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel yum -y install libffi-devel

下载安装python3.7:

wget https://www.python.org/ftp/python/3.7.4/Python-3.7.4.tgz
tar -zxvf Python-3.7.4.tgz
cd Python-3.7.4/
mkdir /usr/local/python3.7
./configure --prefix=/usr/local/python3.7
make && make install

wget https://www.python.org/ftp/python/3.7.4/Python-3.7.4.tgz

tar -zxvf Python-3.7.4.tgz

cd Python-3.7.4/

mkdir /usr/local/python3.7

./configure --prefix=/usr/local/python3.7

make && make install

创建软链接:

ln -s /usr/local/python3.7/bin/python3.7 /usr/bin/python3.7
ln -s /usr/local/python3.7/bin/pip3 /usr/bin/pip3

1 2	ln -s /usr/local/python3.7/bin/python3.7 /usr/bin/python3.7 ln -s /usr/local/python3.7/bin/pip3 /usr/bin/pip3

配置虚拟环境:

#配置虚拟环境创建时默认用python3.7
virtualenv -p /usr/local/python3.7/bin/python3 /root/.virtualenvs
ln -s /root/.virtualenvs/bin/activate /usr/bin/activate
source activate
#创建虚拟环境
mkvirtualenv -p /usr/local/python3.7/bin/python3 env_py3
#切换到虚拟环境
workon env_py3
#导入依赖包
pip install -r requirements.txt

#配置虚拟环境创建时默认用python3.7

virtualenv -p /usr/local/python3.7/bin/python3 /root/.virtualenvs

ln -s /root/.virtualenvs/bin/activate /usr/bin/activate

source activate

#创建虚拟环境

mkvirtualenv -p /usr/local/python3.7/bin/python3 env_py3

#切换到虚拟环境

workon env_py3

#导入依赖包

pip install -r requirements.txt

附: 我的系统配置文件: .bashrc:

## virtualenv
export PIP_REQUIRE_VIRTUALENV=true #pip安装东西的时候不安装到本地环境
export PIP_RESPECT_VIRTUALENV=true #在执行pip的时候让系统自动开启虚拟环境
export WORKON_HOME=$HOME/.virtualenvs #所有虚拟环境存储的目录
export PIP_VIRTUALENV_BASE=$WORKON_HOME
export VIRTUALENV_USE_DISTRIBUTE=1        #  总是使用 pip/distribute
#source /usr/local/bin/virtualenvwrapper.sh
source /usr/bin/virtualenvwrapper.sh 
#if [ -e $HOME/.local/bin/virtualenvwrapper.sh ];then
#    source $HOME/.local/bin/virtualenvwrapper.sh
#else if [ -e /usr/local/bin/virtualenvwrapper.sh ];then
#        source /usr/local/bin/virtualenvwrapper.sh
#    fi
#fi

# colourful man page
export LESS_TERMCAP_mb=$'\E[01;34m'
export LESS_TERMCAP_md=$'\E[01;34m'
export LESS_TERMCAP_me=$'\E[0m'
export LESS_TERMCAP_us=$'\E[01;32m'
export LESS_TERMCAP_ue=$'\E[0m'
export LESS_TERMCAP_so=$'\E[01;33;44m'
export LESS_TERMCAP_se=$'\E[0m'

TERM=xterm
export TERM

PATH="$PATH:$HOME/bin:/usr/local/python3.7/bin"
export PATH

## virtualenv

export PIP_REQUIRE_VIRTUALENV=true #pip安装东西的时候不安装到本地环境

export PIP_RESPECT_VIRTUALENV=true #在执行pip的时候让系统自动开启虚拟环境

export WORKON_HOME=$HOME/.virtualenvs #所有虚拟环境存储的目录

export PIP_VIRTUALENV_BASE=$WORKON_HOME

export VIRTUALENV_USE_DISTRIBUTE=1 # 总是使用 pip/distribute

#source /usr/local/bin/virtualenvwrapper.sh

source /usr/bin/virtualenvwrapper.sh

#if [ -e $HOME/.local/bin/virtualenvwrapper.sh ];then

# source $HOME/.local/bin/virtualenvwrapper.sh

#else if [ -e /usr/local/bin/virtualenvwrapper.sh ];then

# source /usr/local/bin/virtualenvwrapper.sh

# fi

#fi

# colourful man page

export LESS_TERMCAP_mb=$'\E[01;34m'

export LESS_TERMCAP_md=$'\E[01;34m'

export LESS_TERMCAP_me=$'\E[0m'

export LESS_TERMCAP_us=$'\E[01;32m'

export LESS_TERMCAP_ue=$'\E[0m'

export LESS_TERMCAP_so=$'\E[01;33;44m'

export LESS_TERMCAP_se=$'\E[0m'

TERM=xterm

export TERM

PATH="$PATH:$HOME/bin:/usr/local/python3.7/bin"

export PATH

旧的:升级python2.7.14：在系统上升级python还是需要慎重, 严重的会导致系统命令不可用, 建议最好不要覆盖系统原本的/usr/bin/python文件下面是升级脚本：

#!/bin/bash

export https_proxy=10.x.x.x:8888
export http_proxy=10.x.x.x:8888

py_version=`python -c "import platform;print platform.python_version()"`

mkdir /opt/packages
cd /opt/packages
wget https://www.python.org/ftp/python/2.7.14/Python-2.7.14.tgz
tar -zxvf Python-2.7.14.tgz

#pip freeze > requirments.txt

cd Python-2.7.14

#解决Python升级找不到Tkinter模块
yum -y install tkinter
#-ltk8.5 -ltcl8.5 默认是 8.2 ，请你系统实际tcl/tk版本修改
#rpm -qa | grep ^tk
#rpm -qa | grep ^tcl

#vi Modules/Setup.dist
#_tkinter _tkinter.c tkappinit.c -DWITH_APPINIT \
#-L/usr/local/lib \
#-I/usr/local/include \
#-ltk8.5 -ltcl8.5 \
#-lX11

yum -y install tcl-devel tk-devel

./configure --enable-shared --prefix=/usr/local CFLAGS=-fPIC LDFLAGS="-Wl,-rpath /usr/local/lib" --enable-unicode=ucs4
make -j24
sudo make install

cd ../

mv /usr/bin/python /usr/bin/python$py_version
ln -sf /usr/local/bin/python /usr/bin/python

py_version_new=`python -c "import platform;print platform.python_version()"`

if [ $py_version_new == "2.7.14" ]; then
	sed -i "s@\#\!.*/usr/bin/python@\#\!/usr/bin/python$py_version@g" /usr/bin/yum
	sed -i "s@\#\!.*/usr/bin/python@\#\!/usr/bin/python$py_version@g" /usr/libexec/urlgrabber-ext-down
	sed -i "s@\#\!.*/usr/bin/python@\#\!/usr/bin/python$py_version@g" /usr/bin/firewall-cmd
	sed -i "s@\#\!.*/usr/bin/python@\#\!/usr/bin/python$py_version@g" /sbin/authconfig

	wget https://bootstrap.pypa.io/ez_setup.py
	python ez_setup.py
	wget https://bootstrap.pypa.io/get-pip.py
	python get-pip.py
	ln -sf /usr/local/bin/pip /usr/bin/pip
	ln -sf /usr/local/bin/pip /usr/bin/pip2

	echo "PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin" >> /etc/profile
	echo "export PATH" >> /etc/profile
	source /etc/profile
	#pip uninstall -r requirments.txt
	#pip install -r requirments.txt.128
	#pip install -U docker
	#pip install --upgrade --force-reinstall 'requests==2.18.4' urllib3

else
	echo "python 2.7.14 updated failed!!!"
fi

#!/bin/bash

export https_proxy=10.x.x.x:8888

export http_proxy=10.x.x.x:8888

py_version=`python -c "import platform;print platform.python_version()"`

mkdir /opt/packages

cd /opt/packages

wget https://www.python.org/ftp/python/2.7.14/Python-2.7.14.tgz

tar -zxvf Python-2.7.14.tgz

#pip freeze > requirments.txt

cd Python-2.7.14

#解决Python升级找不到Tkinter模块

yum -y install tkinter

#-ltk8.5 -ltcl8.5 默认是 8.2 ，请你系统实际tcl/tk版本修改

#rpm -qa | grep ^tk

#rpm -qa | grep ^tcl

#vi Modules/Setup.dist

#_tkinter _tkinter.c tkappinit.c -DWITH_APPINIT \

#-L/usr/local/lib \

#-I/usr/local/include \

#-ltk8.5 -ltcl8.5 \

#-lX11

yum -y install tcl-devel tk-devel

./configure --enable-shared --prefix=/usr/local CFLAGS=-fPIC LDFLAGS="-Wl,-rpath /usr/local/lib" --enable-unicode=ucs4

make -j24

sudo make install

cd ../

mv /usr/bin/python /usr/bin/python$py_version

ln -sf /usr/local/bin/python /usr/bin/python

py_version_new=`python -c "import platform;print platform.python_version()"`

if [ $py_version_new == "2.7.14" ]; then

sed -i "s@\#\!.*/usr/bin/python@\#\!/usr/bin/python$py_version@g" /usr/bin/yum

sed -i "s@\#\!.*/usr/bin/python@\#\!/usr/bin/python$py_version@g" /usr/libexec/urlgrabber-ext-down

sed -i "s@\#\!.*/usr/bin/python@\#\!/usr/bin/python$py_version@g" /usr/bin/firewall-cmd

sed -i "s@\#\!.*/usr/bin/python@\#\!/usr/bin/python$py_version@g" /sbin/authconfig

wget https://bootstrap.pypa.io/ez_setup.py

python ez_setup.py

wget https://bootstrap.pypa.io/get-pip.py

python get-pip.py

ln -sf /usr/local/bin/pip /usr/bin/pip

ln -sf /usr/local/bin/pip /usr/bin/pip2

echo "PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin" >> /etc/profile

echo "export PATH" >> /etc/profile

source /etc/profile

#pip uninstall -r requirments.txt

#pip install -r requirments.txt.128

#pip install -U docker

#pip install --upgrade --force-reinstall 'requests==2.18.4' urllib3

else

echo "python 2.7.14 updated failed!!!"

解决升级python导致的salt启动失败： centos7重新编辑安装了python2.7.14, 原来是2.7.5，导致salt-minion启动失败。解决：由于之前备份了python执行文件为python2.7.5，新的Python安装在/usr/local/目录。由于脚本误把之前版本的pip包删除了，所以重新安装salt需要的模块：首先更改salt执行文件： sed -i ‘s|^#!/usr/bin/python$|#!/usr/bin/python2.7.5|’ /usr/bin/salt* 如提示没有yaml块，则安装之： wget http://pyyaml.org/download/pyyaml/PyYAML-3.12.tar.gz; tar -xvzf PyYAML-3.12.tar.gz; python2.7.5 setup.py install Read more…

By sean, 7 years12/13/2017 ago

未分类

梅林固件安装SS【shadowsocks】插件教程

梅林固件安装SS【shadowsocks】插件教程注：本教程不适用于N66U和AC66U两款机型。由于不可抗拒的因素现在已经无法再软件中心安装SS了，那么接下来我们就解决这个问题：手动安装shadowsocks 首先刷好梅林之后进入系统设置界面，在Enable SSH里选择LAN ONLY，其它不用动，选择下面的应用设置。之后用putty或者SecureCRT软件链接路由器，推荐使用SecureCRT, 点我下载打开securecrt，创建新连接，协议选择SSH2，地址选择你的路由器地址，端口22不变，用户名填路由器管理员，默认是admin。点击链接之后输入密码。登陆成功后如下图，可能是配色原因，默认为白色。接下来开始下载并且安装ss 一行一行的复制，然后右键在SecureCRT粘贴回车执行。

<span style="color: #333333;">cd /tmp</span>

1	<span style="color: #333333;">cd /tmp</span>

<span style="color: #333333;">wget --no-check-certificate https://raw.githubusercontent.com/koolshare/koolshare.github.io/acelan_softcenter_ui/shadowsocks/shadowsocks.tar.gz</span>

1	<span style="color: #333333;">wget --no-check-certificate https://raw.githubusercontent.com/koolshare/koolshare.github.io/acelan_softcenter_ui/shadowsocks/shadowsocks.tar.gz</span>

<span style="color: #333333;">tar -zxvf /tmp/shadowsocks.tar.gz</span>

1	<span style="color: #333333;">tar -zxvf /tmp/shadowsocks.tar.gz</span>

<span style="color: #333333;">chmod +x /tmp/shadowsocks/install.sh</span>

1	<span style="color: #333333;">chmod +x /tmp/shadowsocks/install.sh</span>

<span style="color: #333333;">sh /tmp/shadowsocks/install.sh</span>

1	<span style="color: #333333;">sh /tmp/shadowsocks/install.sh</span>

之后重启路由器你就会在软件中心中看见了shadowsocks了。另附 shadowsocks3.6.0下载，可直接在软件中心后台离线安装点我下载离线安装说明：使用chrome浏览器，进入路由器梅林固件页面，然后进入软件中心-离线安装中心，根据提示，将安装包改名为shadowsocks.tar.gz上传安装。可能会提示上传安装中而没有下一步指示，此时只需等待3分钟后刷新页面重新进入软件中心即可看到插件。转自：http://blog.sina.com.cn/s/blog_4891cbc50102x5ly.html

By sean, 7 years ago