This repository has been archived by the owner on Aug 29, 2018. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 516
/
openshift-port-proxy-cfg
executable file
·278 lines (227 loc) · 5.71 KB
/
openshift-port-proxy-cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
#!/bin/bash
#
# Modify the openshift-port-proxy configuration.
#
source /etc/openshift/node.conf
cfgfile=/etc/openshift/port-proxy.cfg
lockfile="/var/run/openshift-port-proxy.lock"
reloadlock="/var/run/openshift-port-proxy-reload.lock"
reqdir="/var/run/openshift-port-proxy"
reqprefix="${reqdir}/reload.req"
###
# System service routines; systemctl may require modifications
# but please retain compatability with RHEL 6 init scripts.
###
is_running() {
service openshift-port-proxy status &>/dev/null
}
restart() {
service openshift-port-proxy restart &>/dev/null
}
reload() {
service openshift-port-proxy reload &>/dev/null
}
getpid() {
for pidf in /var/run/openshift-port-proxy.pid /run/openshift-port-proxy.pid
do
if [ -e "$pidf" ]
then
cat "$pidf"
return
fi
done
}
###
getaddr() {
# External due to using DNS for gear->gear
ip -4 addr show dev ${EXTERNAL_ETH_DEV:-eth0} scope global | sed -r -n '/inet/ { s/^.*inet ([0-9\.]+).*/\1/; p }' | head -1
}
fixaddr() {
baddr=$(openshift-port-proxy-cfg getaddr)
sed -i -r -e '/^[^\#]*bind/ { /127\.[0-9\.]+:/ b; s/([0-9\.]+):/'"$baddr"':/ }' $cfgfile
}
atomicfg() {
cfg_old="${cfgfile}"
cfgfile="${cfgfile}.editing"
rm -f "${cfgfile}"
cp -a -f "${cfg_old}" "${cfgfile}"
"$@"
retval=$?
if [ $retval -ne 0 ]
then
echo "ERROR: Failed to process: $@"
return $retval
fi
if ! /usr/sbin/haproxy -c -q -f "${cfgfile}"
then
echo "ERROR: New configuration is corrupt."
return 254
fi
rm -f "${cfg_old}.bak"
ln -f "${cfg_old}" "${cfg_old}.bak"
mv -f "${cfgfile}" "${cfg_old}"
cfgfile="${cfg_old}"
return $retval
}
rollcfg() {
if ! is_running
then
if ! restart
then
echo "Error: Proxy has failed"
return 1
fi
fi
if ! haproxy -c -q -f $cfgfile
then
echo "Error: Proxy configuration is corrupt."
return 1
fi
oldpid=$(getpid)
if ! reload
then
echo "openshift-port-proxy failed to reload"
return 1
fi
# Wait for the old PID to terminate
if [ "$oldpid" ]
then
iters=0
while ps $oldpid &>/dev/null
do
iters=$(( $iters + 1 ))
if [ $iters -gt 60 ]
then
kill $oldpid
usleep 500000
fi
usleep 500000
done
fi
return 0
}
lockwrap() {
exec 200>${lockfile} 201>${reloadlock}
flock 200
oldsum=$( md5sum $cfgfile | awk '{ print $1 }' )
"$@" 200>&- 201>&-
retcode=$?
newsum=$( md5sum $cfgfile | awk '{ print $1 }' )
flock -u 200
if [ $retcode != 0 ]; then
echo "Error: Failed to update proxy."
return $retcode
fi
if [ $oldsum != $newsum ]; then
[ -e $reqdir ] || mkdir -m 750 $reqdir
reqfile=$(mktemp ${reqprefix}.XXXXXX)
flock 201
reloadreq=()
reloadit=""
for f in ${reqprefix}.??????
do
s=$(stat --printf '%s' "$f" )
if [ $s -eq 0 ]
then
reloadreq=( "${reloadreq[@]}" "$f" )
reloadit="1"
fi
done
if [ "$reloadit" ]
then
rollcfg 200>&- 201>&-
retcode=$?
for f in "${reloadreq[@]}"
do
echo "$retcode" > "$f"
done
fi
retcode=$(cat "$reqfile")
rm -f $reqfile
flock -u 201
fi
return $retcode
}
setproxy() {
# Set a proxy entry (either add or delete)
proxport="$1"
target="$2"
if ! [ "$proxport" -ge 16384 -a "$proxport" -le 65535 ]; then
echo "Proxy port must be an integer between 16384 and 65535"
return 1
fi
if [ "$target" == "delete" -o "$target" == "del" ]; then
sed -i -e '/^listen '"$proxport"':/,/^# End '"$proxport"':/ d' $cfgfile
return $?
fi
ipbytes=( $(echo "$target" | cut -f 1 -d : | sed -e 's/\./ /g') )
if [ ${#ipbytes[@]} -ne 4 ]; then
echo "Dest addr must be a valid IPv4 address."
return 1
fi
for byt in "${ipbytes[@]}"; do
if ! [ "$byt" -ge 0 -a "$byt" -le 255 ]; then
echo "Dest addr must be a valid IP address."
return 1
fi
done
port=$(echo $target | cut -f 2 -d :)
if ! [ "$port" -ge 1 -a "$port" -le 65535 ]; then
echo "Dest port must be an integer between 16384 and 65535"
return 1
fi
if grep -q "^listen $proxport:$target" $cfgfile; then
return 0
fi
baddr=$(getaddr)
sed -i -e '/^listen '"$proxport"':/,/^# End '"$proxport"':/ d' $cfgfile
cat <<EOF >> $cfgfile
listen $proxport:$target
mode tcp
bind $baddr:$proxport
server $proxport $target
# End $proxport:$target
EOF
return $?
}
setproxies() {
while [ "$1" ]; do
setproxy "$1" "$2"
if [ $? -ne 0 ]; then
echo "Error: Failed at $1 $2"
return 1
fi
shift; shift
done
return 0
}
showproxies() {
sedexp=""
for proxport in "$@"; do
sedexp="${sedexp};"'s/^listen \('"$proxport"'\):\(.*\)$/\1 \2/'
done
sedexp="${sedexp}; T; p"
sed -n -e "${sedexp}" $cfgfile
return 0
}
case "$1" in
getaddr)
getaddr
;;
fixaddr)
# This can be called from within its own lock, do not deadlock.
fixaddr
;;
setproxy)
shift
lockwrap atomicfg setproxies "$@"
;;
showproxy)
shift
lockwrap showproxies "$@"
;;
*)
echo "Usage: $0 {getaddr|setproxy [proxport] [ip:port]|showproxy [proxport]}"
exit 2
;;
esac