diff --git a/docker-compose.base.yml b/docker-compose.base.yml index fa6da51a91546..dba92a0046034 100644 --- a/docker-compose.base.yml +++ b/docker-compose.base.yml @@ -35,7 +35,7 @@ services: restart: on-failure kafka: - build: ./docker/kafka + image: ghcr.io/posthog/kafka-container:v2.8.2 restart: on-failure depends_on: - zookeeper diff --git a/docker/kafka/Dockerfile b/docker/kafka/Dockerfile deleted file mode 100644 index d9259e684d646..0000000000000 --- a/docker/kafka/Dockerfile +++ /dev/null @@ -1,51 +0,0 @@ -FROM docker.io/bitnami/minideb:bullseye - -ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security" -ARG TARGETARCH - -ENV HOME="/" \ - OS_ARCH="${TARGETARCH:-amd64}" \ - OS_FLAVOUR="debian-11" \ - OS_NAME="linux" - -COPY prebuildfs / -# Install required system packages and dependencies -RUN install_packages acl ca-certificates curl gzip libc6 procps tar zlib1g -RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "wait-for-port" "1.0.6-13" -RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "render-template" "1.0.5-13" -RUN if [ "$TARGETARCH" = "amd64" ]; then \ - curl --remote-name --silent --show-error --fail https://download.oracle.com/java/17/archive/jdk-17.0.2_linux-x64_bin.tar.gz; \ - tar xf jdk-17.0.2_linux-x64_bin.tar.gz; \ - mv jdk-17.0.2 /opt/bitnami/java; \ - rm jdk-17.0.2_linux-x64_bin.tar.gz; \ - elif [ "$TARGETARCH" = "arm64" ]; then \ - curl --remote-name --silent --show-error --fail https://download.oracle.com/java/17/archive/jdk-17.0.2_linux-aarch64_bin.tar.gz; \ - tar xf jdk-17.0.2_linux-aarch64_bin.tar.gz; \ - mv jdk-17.0.2 /opt/bitnami/java; \ - rm jdk-17.0.2_linux-aarch64_bin.tar.gz; \ - else \ - echo "Only arm64 and amd64 are supported." && exit 1; \ - fi -RUN curl --remote-name --silent --show-error --fail https://archive.apache.org/dist/kafka/2.8.2/kafka_2.12-2.8.2.tgz; \ - tar xf kafka_2.12-2.8.2.tgz; \ - mv kafka_2.12-2.8.2 /opt/bitnami/kafka; \ - rm kafka_2.12-2.8.2.tgz -RUN apt-get update && apt-get upgrade -y && \ - rm -r /var/lib/apt/lists /var/cache/apt/archives -RUN chmod g+rwX /opt/bitnami -RUN ln -s /opt/bitnami/scripts/kafka/entrypoint.sh /entrypoint.sh -RUN ln -s /opt/bitnami/scripts/kafka/run.sh /run.sh - -COPY rootfs / -RUN /opt/bitnami/scripts/java/postunpack.sh -RUN /opt/bitnami/scripts/kafka/postunpack.sh -ENV APP_VERSION="2" \ - BITNAMI_APP_NAME="kafka" \ - JAVA_HOME="/opt/bitnami/java" \ - PATH="/opt/bitnami/java/bin:/opt/bitnami/common/bin:/opt/bitnami/kafka/bin:$PATH" - -EXPOSE 9092 - -USER 1001 -ENTRYPOINT [ "/opt/bitnami/scripts/kafka/entrypoint.sh" ] -CMD [ "/opt/bitnami/scripts/kafka/run.sh" ] diff --git a/docker/kafka/docker-compose.yml b/docker/kafka/docker-compose.yml deleted file mode 100644 index 90d464893d2bc..0000000000000 --- a/docker/kafka/docker-compose.yml +++ /dev/null @@ -1,28 +0,0 @@ -version: '2' - -services: - zookeeper: - image: docker.io/bitnami/zookeeper:3.8 - ports: - - '2181:2181' - volumes: - - 'zookeeper_data:/bitnami' - environment: - - ALLOW_ANONYMOUS_LOGIN=yes - kafka: - image: docker.io/bitnami/kafka:2.8 - ports: - - '9092:9092' - volumes: - - 'kafka_data:/bitnami' - environment: - - KAFKA_CFG_ZOOKEEPER_CONNECT=zookeeper:2181 - - ALLOW_PLAINTEXT_LISTENER=yes - depends_on: - - zookeeper - -volumes: - zookeeper_data: - driver: local - kafka_data: - driver: local diff --git a/docker/kafka/prebuildfs/opt/bitnami/licenses/licenses.txt b/docker/kafka/prebuildfs/opt/bitnami/licenses/licenses.txt deleted file mode 100644 index c76ba31f3b8af..0000000000000 --- a/docker/kafka/prebuildfs/opt/bitnami/licenses/licenses.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bitnami containers ship with software bundles. You can find the licenses under: -/opt/bitnami/nami/COPYING -/opt/bitnami/[name-of-bundle]/licenses/[bundle-version].txt diff --git a/docker/kafka/prebuildfs/opt/bitnami/scripts/libbitnami.sh b/docker/kafka/prebuildfs/opt/bitnami/scripts/libbitnami.sh deleted file mode 100644 index ef29e361dad1b..0000000000000 --- a/docker/kafka/prebuildfs/opt/bitnami/scripts/libbitnami.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash -# -# Bitnami custom library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Constants -BOLD='\033[1m' - -# Functions - -######################## -# Print the welcome page -# Globals: -# DISABLE_WELCOME_MESSAGE -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_welcome_page() { - if [[ -z "${DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$BITNAMI_APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -######################## -# Print the welcome page for a Bitnami Docker image -# Globals: -# BITNAMI_APP_NAME -# Arguments: -# None -# Returns: -# None -######################### -print_image_welcome_page() { - local github_url="https://github.com/bitnami/bitnami-docker-${BITNAMI_APP_NAME}" - - log "" - log "${BOLD}Welcome to the Bitnami ${BITNAMI_APP_NAME} container${RESET}" - log "Subscribe to project updates by watching ${BOLD}${github_url}${RESET}" - log "Submit issues and feature requests at ${BOLD}${github_url}/issues${RESET}" - log "" -} - diff --git a/docker/kafka/prebuildfs/opt/bitnami/scripts/libcomponent.sh b/docker/kafka/prebuildfs/opt/bitnami/scripts/libcomponent.sh deleted file mode 100644 index 219d09dcf83c2..0000000000000 --- a/docker/kafka/prebuildfs/opt/bitnami/scripts/libcomponent.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/bash -# -# Library for managing Bitnami components - -# Constants -DOWNLOAD_URL="https://downloads.bitnami.com/files/stacksmith" - -# Functions - -######################## -# Download and unpack a Bitnami package -# Globals: -# OS_NAME -# OS_ARCH -# OS_FLAVOUR -# Arguments: -# $1 - component's name -# $2 - component's version -# Returns: -# None -######################### -component_unpack() { - local name="${1:?name is required}" - local version="${2:?version is required}" - local base_name="${name}-${version}-${OS_NAME}-${OS_ARCH}-${OS_FLAVOUR}" - local directory="/opt/bitnami" - - # Validate arguments - shift 2 - while [ "$#" -gt 0 ]; do - case "$1" in - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - set -x - echo "Downloading $base_name package" - curl --remote-name --silent --show-error --fail "${DOWNLOAD_URL}/${base_name}.tar.gz" - - echo "Verifying package integrity" - curl --remote-name --silent --show-error --fail "${DOWNLOAD_URL}/${base_name}.tar.gz.sha256" - cat ${base_name}.tar.gz.sha256 | sha256sum --check - || return "$?" - rm "${base_name}.tar.gz.sha256" - - tar --directory "${directory}" --extract --gunzip --file "${base_name}.tar.gz" --no-same-owner --strip-components=2 || return "$?" - rm "${base_name}.tar.gz" -} diff --git a/docker/kafka/prebuildfs/opt/bitnami/scripts/libfile.sh b/docker/kafka/prebuildfs/opt/bitnami/scripts/libfile.sh deleted file mode 100644 index 41ebaf7464f6e..0000000000000 --- a/docker/kafka/prebuildfs/opt/bitnami/scripts/libfile.sh +++ /dev/null @@ -1,139 +0,0 @@ -#!/bin/bash -# -# Library for managing files - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libos.sh - -# Functions - -######################## -# Replace a regex-matching string in a file -# Arguments: -# $1 - filename -# $2 - match regex -# $3 - substitute regex -# $4 - use POSIX regex. Default: true -# Returns: -# None -######################### -replace_in_file() { - local filename="${1:?filename is required}" - local match_regex="${2:?match regex is required}" - local substitute_regex="${3:?substitute regex is required}" - local posix_regex=${4:-true} - - local result - - # We should avoid using 'sed in-place' substitutions - # 1) They are not compatible with files mounted from ConfigMap(s) - # 2) We found incompatibility issues with Debian10 and "in-place" substitutions - local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues - if [[ $posix_regex = true ]]; then - result="$(sed -E "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")" - else - result="$(sed "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")" - fi - echo "$result" > "$filename" -} - -######################## -# Replace a regex-matching multiline string in a file -# Arguments: -# $1 - filename -# $2 - match regex -# $3 - substitute regex -# Returns: -# None -######################### -replace_in_file_multiline() { - local filename="${1:?filename is required}" - local match_regex="${2:?match regex is required}" - local substitute_regex="${3:?substitute regex is required}" - - local result - local -r del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues - result="$(perl -pe "BEGIN{undef $/;} s${del}${match_regex}${del}${substitute_regex}${del}sg" "$filename")" - echo "$result" > "$filename" -} - -######################## -# Remove a line in a file based on a regex -# Arguments: -# $1 - filename -# $2 - match regex -# $3 - use POSIX regex. Default: true -# Returns: -# None -######################### -remove_in_file() { - local filename="${1:?filename is required}" - local match_regex="${2:?match regex is required}" - local posix_regex=${3:-true} - local result - - # We should avoid using 'sed in-place' substitutions - # 1) They are not compatible with files mounted from ConfigMap(s) - # 2) We found incompatibility issues with Debian10 and "in-place" substitutions - if [[ $posix_regex = true ]]; then - result="$(sed -E "/$match_regex/d" "$filename")" - else - result="$(sed "/$match_regex/d" "$filename")" - fi - echo "$result" > "$filename" -} - -######################## -# Appends text after the last line matching a pattern -# Arguments: -# $1 - file -# $2 - match regex -# $3 - contents to add -# Returns: -# None -######################### -append_file_after_last_match() { - local file="${1:?missing file}" - local match_regex="${2:?missing pattern}" - local value="${3:?missing value}" - - # We read the file in reverse, replace the first match (0,/pattern/s) and then reverse the results again - result="$(tac "$file" | sed -E "0,/($match_regex)/s||${value}\n\1|" | tac)" - echo "$result" > "$file" -} - -######################## -# Wait until certain entry is present in a log file -# Arguments: -# $1 - entry to look for -# $2 - log file -# $3 - max retries. Default: 12 -# $4 - sleep between retries (in seconds). Default: 5 -# Returns: -# Boolean -######################### -wait_for_log_entry() { - local -r entry="${1:-missing entry}" - local -r log_file="${2:-missing log file}" - local -r retries="${3:-12}" - local -r interval_time="${4:-5}" - local attempt=0 - - check_log_file_for_entry() { - if ! grep -qE "$entry" "$log_file"; then - debug "Entry \"${entry}\" still not present in ${log_file} (attempt $((++attempt))/${retries})" - return 1 - fi - } - debug "Checking that ${log_file} log file contains entry \"${entry}\"" - if retry_while check_log_file_for_entry "$retries" "$interval_time"; then - debug "Found entry \"${entry}\" in ${log_file}" - true - else - error "Could not find entry \"${entry}\" in ${log_file} after ${retries} retries" - debug_execute cat "$log_file" - return 1 - fi -} diff --git a/docker/kafka/prebuildfs/opt/bitnami/scripts/libfs.sh b/docker/kafka/prebuildfs/opt/bitnami/scripts/libfs.sh deleted file mode 100644 index 1b504b1df4582..0000000000000 --- a/docker/kafka/prebuildfs/opt/bitnami/scripts/libfs.sh +++ /dev/null @@ -1,190 +0,0 @@ -#!/bin/bash -# -# Library for file system actions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Ensure a file/directory is owned (user and group) but the given user -# Arguments: -# $1 - filepath -# $2 - owner -# Returns: -# None -######################### -owned_by() { - local path="${1:?path is missing}" - local owner="${2:?owner is missing}" - local group="${3:-}" - - if [[ -n $group ]]; then - chown "$owner":"$group" "$path" - else - chown "$owner":"$owner" "$path" - fi -} - -######################## -# Ensure a directory exists and, optionally, is owned by the given user -# Arguments: -# $1 - directory -# $2 - owner -# Returns: -# None -######################### -ensure_dir_exists() { - local dir="${1:?directory is missing}" - local owner_user="${2:-}" - local owner_group="${3:-}" - - mkdir -p "${dir}" - if [[ -n $owner_user ]]; then - owned_by "$dir" "$owner_user" "$owner_group" - fi -} - -######################## -# Checks whether a directory is empty or not -# arguments: -# $1 - directory -# returns: -# boolean -######################### -is_dir_empty() { - local -r path="${1:?missing directory}" - # Calculate real path in order to avoid issues with symlinks - local -r dir="$(realpath "$path")" - if [[ ! -e "$dir" ]] || [[ -z "$(ls -A "$dir")" ]]; then - true - else - false - fi -} - -######################## -# Checks whether a mounted directory is empty or not -# arguments: -# $1 - directory -# returns: -# boolean -######################### -is_mounted_dir_empty() { - local dir="${1:?missing directory}" - - if is_dir_empty "$dir" || find "$dir" -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" -exec false {} +; then - true - else - false - fi -} - -######################## -# Checks whether a file can be written to or not -# arguments: -# $1 - file -# returns: -# boolean -######################### -is_file_writable() { - local file="${1:?missing file}" - local dir - dir="$(dirname "$file")" - - if [[ (-f "$file" && -w "$file") || (! -f "$file" && -d "$dir" && -w "$dir") ]]; then - true - else - false - fi -} - -######################## -# Relativize a path -# arguments: -# $1 - path -# $2 - base -# returns: -# None -######################### -relativize() { - local -r path="${1:?missing path}" - local -r base="${2:?missing base}" - pushd "$base" >/dev/null || exit - realpath -q --no-symlinks --relative-base="$base" "$path" | sed -e 's|^/$|.|' -e 's|^/||' - popd >/dev/null || exit -} - -######################## -# Configure permisions and ownership recursively -# Globals: -# None -# Arguments: -# $1 - paths (as a string). -# Flags: -# -f|--file-mode - mode for directories. -# -d|--dir-mode - mode for files. -# -u|--user - user -# -g|--group - group -# Returns: -# None -######################### -configure_permissions_ownership() { - local -r paths="${1:?paths is missing}" - local dir_mode="" - local file_mode="" - local user="" - local group="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -f | --file-mode) - shift - file_mode="${1:?missing mode for files}" - ;; - -d | --dir-mode) - shift - dir_mode="${1:?missing mode for directories}" - ;; - -u | --user) - shift - user="${1:?missing user}" - ;; - -g | --group) - shift - group="${1:?missing group}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - read -r -a filepaths <<<"$paths" - for p in "${filepaths[@]}"; do - if [[ -e "$p" ]]; then - if [[ -n $dir_mode ]]; then - find -L "$p" -type d -exec chmod "$dir_mode" {} \; - fi - if [[ -n $file_mode ]]; then - find -L "$p" -type f -exec chmod "$file_mode" {} \; - fi - if [[ -n $user ]] && [[ -n $group ]]; then - chown -LR "$user":"$group" "$p" - elif [[ -n $user ]] && [[ -z $group ]]; then - chown -LR "$user" "$p" - elif [[ -z $user ]] && [[ -n $group ]]; then - chgrp -LR "$group" "$p" - fi - else - stderr_print "$p does not exist" - fi - done -} diff --git a/docker/kafka/prebuildfs/opt/bitnami/scripts/libhook.sh b/docker/kafka/prebuildfs/opt/bitnami/scripts/libhook.sh deleted file mode 100644 index 9694852a7d250..0000000000000 --- a/docker/kafka/prebuildfs/opt/bitnami/scripts/libhook.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash -# -# Library to use for scripts expected to be used as Kubernetes lifecycle hooks - -# shellcheck disable=SC1091 - -# Load generic libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh - -# Override functions that log to stdout/stderr of the current process, so they print to process 1 -for function_to_override in stderr_print debug_execute; do - # Output is sent to output of process 1 and thus end up in the container log - # The hook output in general isn't saved - eval "$(declare -f "$function_to_override") >/proc/1/fd/1 2>/proc/1/fd/2" -done diff --git a/docker/kafka/prebuildfs/opt/bitnami/scripts/liblog.sh b/docker/kafka/prebuildfs/opt/bitnami/scripts/liblog.sh deleted file mode 100644 index c7c0f6d4422a4..0000000000000 --- a/docker/kafka/prebuildfs/opt/bitnami/scripts/liblog.sh +++ /dev/null @@ -1,112 +0,0 @@ -#!/bin/bash -# -# Library for logging functions - -# Constants -RESET='\033[0m' -RED='\033[38;5;1m' -GREEN='\033[38;5;2m' -YELLOW='\033[38;5;3m' -MAGENTA='\033[38;5;5m' -CYAN='\033[38;5;6m' - -# Functions - -######################## -# Print to STDERR -# Arguments: -# Message to print -# Returns: -# None -######################### -stderr_print() { - # 'is_boolean_yes' is defined in libvalidations.sh, but depends on this file so we cannot source it - local bool="${BITNAMI_QUIET:-false}" - # comparison is performed without regard to the case of alphabetic characters - shopt -s nocasematch - if ! [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then - printf "%b\\n" "${*}" >&2 - fi -} - -######################## -# Log message -# Arguments: -# Message to log -# Returns: -# None -######################### -log() { - stderr_print "${CYAN}${MODULE:-} ${MAGENTA}$(date "+%T.%2N ")${RESET}${*}" -} -######################## -# Log an 'info' message -# Arguments: -# Message to log -# Returns: -# None -######################### -info() { - log "${GREEN}INFO ${RESET} ==> ${*}" -} -######################## -# Log message -# Arguments: -# Message to log -# Returns: -# None -######################### -warn() { - log "${YELLOW}WARN ${RESET} ==> ${*}" -} -######################## -# Log an 'error' message -# Arguments: -# Message to log -# Returns: -# None -######################### -error() { - log "${RED}ERROR${RESET} ==> ${*}" -} -######################## -# Log a 'debug' message -# Globals: -# BITNAMI_DEBUG -# Arguments: -# None -# Returns: -# None -######################### -debug() { - # 'is_boolean_yes' is defined in libvalidations.sh, but depends on this file so we cannot source it - local bool="${BITNAMI_DEBUG:-false}" - # comparison is performed without regard to the case of alphabetic characters - shopt -s nocasematch - if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then - log "${MAGENTA}DEBUG${RESET} ==> ${*}" - fi -} - -######################## -# Indent a string -# Arguments: -# $1 - string -# $2 - number of indentation characters (default: 4) -# $3 - indentation character (default: " ") -# Returns: -# None -######################### -indent() { - local string="${1:-}" - local num="${2:?missing num}" - local char="${3:-" "}" - # Build the indentation unit string - local indent_unit="" - for ((i = 0; i < num; i++)); do - indent_unit="${indent_unit}${char}" - done - # shellcheck disable=SC2001 - # Complex regex, see https://github.com/koalaman/shellcheck/wiki/SC2001#exceptions - echo "$string" | sed "s/^/${indent_unit}/" -} diff --git a/docker/kafka/prebuildfs/opt/bitnami/scripts/libnet.sh b/docker/kafka/prebuildfs/opt/bitnami/scripts/libnet.sh deleted file mode 100644 index 8bbf165e3e2a8..0000000000000 --- a/docker/kafka/prebuildfs/opt/bitnami/scripts/libnet.sh +++ /dev/null @@ -1,163 +0,0 @@ -#!/bin/bash -# -# Library for network functions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Resolve IP address for a host/domain (i.e. DNS lookup) -# Arguments: -# $1 - Hostname to resolve -# $2 - IP address version (v4, v6), leave empty for resolving to any version -# Returns: -# IP -######################### -dns_lookup() { - local host="${1:?host is missing}" - local ip_version="${2:-}" - getent "ahosts${ip_version}" "$host" | awk '/STREAM/ {print $1 }' | head -n 1 -} - -######################### -# Wait for a hostname and return the IP -# Arguments: -# $1 - hostname -# $2 - number of retries -# $3 - seconds to wait between retries -# Returns: -# - IP address that corresponds to the hostname -######################### -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -######################## -# Get machine's IP -# Arguments: -# None -# Returns: -# Machine IP -######################### -get_machine_ip() { - local -a ip_addresses - local hostname - hostname="$(hostname)" - read -r -a ip_addresses <<< "$(dns_lookup "$hostname" | xargs echo)" - if [[ "${#ip_addresses[@]}" -gt 1 ]]; then - warn "Found more than one IP address associated to hostname ${hostname}: ${ip_addresses[*]}, will use ${ip_addresses[0]}" - elif [[ "${#ip_addresses[@]}" -lt 1 ]]; then - error "Could not find any IP address associated to hostname ${hostname}" - exit 1 - fi - echo "${ip_addresses[0]}" -} - -######################## -# Check if the provided argument is a resolved hostname -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -######################## -# Parse URL -# Globals: -# None -# Arguments: -# $1 - uri - String -# $2 - component to obtain. Valid options (scheme, authority, userinfo, host, port, path, query or fragment) - String -# Returns: -# String -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - -######################## -# Wait for a HTTP connection to succeed -# Globals: -# * -# Arguments: -# $1 - URL to wait for -# $2 - Maximum amount of retries (optional) -# $3 - Time between retries (optional) -# Returns: -# true if the HTTP connection succeeded, false otherwise -######################### -wait_for_http_connection() { - local url="${1:?missing url}" - local retries="${2:-}" - local sleep_time="${3:-}" - if ! retry_while "debug_execute curl --silent ${url}" "$retries" "$sleep_time"; then - error "Could not connect to ${url}" - return 1 - fi -} diff --git a/docker/kafka/prebuildfs/opt/bitnami/scripts/libos.sh b/docker/kafka/prebuildfs/opt/bitnami/scripts/libos.sh deleted file mode 100644 index e39012f32b231..0000000000000 --- a/docker/kafka/prebuildfs/opt/bitnami/scripts/libos.sh +++ /dev/null @@ -1,561 +0,0 @@ -#!/bin/bash -# -# Library for operating system actions - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libvalidations.sh - -# Functions - -######################## -# Check if an user exists in the system -# Arguments: -# $1 - user -# Returns: -# Boolean -######################### -user_exists() { - local user="${1:?user is missing}" - id "$user" >/dev/null 2>&1 -} - -######################## -# Check if a group exists in the system -# Arguments: -# $1 - group -# Returns: -# Boolean -######################### -group_exists() { - local group="${1:?group is missing}" - getent group "$group" >/dev/null 2>&1 -} - -######################## -# Create a group in the system if it does not exist already -# Arguments: -# $1 - group -# Flags: -# -i|--gid - the ID for the new group -# -s|--system - Whether to create new user as system user (uid <= 999) -# Returns: -# None -######################### -ensure_group_exists() { - local group="${1:?group is missing}" - local gid="" - local is_system_user=false - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -i | --gid) - shift - gid="${1:?missing gid}" - ;; - -s | --system) - is_system_user=true - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - if ! group_exists "$group"; then - local -a args=("$group") - if [[ -n "$gid" ]]; then - if group_exists "$gid"; then - error "The GID $gid is already in use." >&2 - return 1 - fi - args+=("--gid" "$gid") - fi - $is_system_user && args+=("--system") - groupadd "${args[@]}" >/dev/null 2>&1 - fi -} - -######################## -# Create an user in the system if it does not exist already -# Arguments: -# $1 - user -# Flags: -# -i|--uid - the ID for the new user -# -g|--group - the group the new user should belong to -# -a|--append-groups - comma-separated list of supplemental groups to append to the new user -# -h|--home - the home directory for the new user -# -s|--system - whether to create new user as system user (uid <= 999) -# Returns: -# None -######################### -ensure_user_exists() { - local user="${1:?user is missing}" - local uid="" - local group="" - local append_groups="" - local home="" - local is_system_user=false - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -i | --uid) - shift - uid="${1:?missing uid}" - ;; - -g | --group) - shift - group="${1:?missing group}" - ;; - -a | --append-groups) - shift - append_groups="${1:?missing append_groups}" - ;; - -h | --home) - shift - home="${1:?missing home directory}" - ;; - -s | --system) - is_system_user=true - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - if ! user_exists "$user"; then - local -a user_args=("-N" "$user") - if [[ -n "$uid" ]]; then - if user_exists "$uid"; then - error "The UID $uid is already in use." - return 1 - fi - user_args+=("--uid" "$uid") - else - $is_system_user && user_args+=("--system") - fi - useradd "${user_args[@]}" >/dev/null 2>&1 - fi - - if [[ -n "$group" ]]; then - local -a group_args=("$group") - $is_system_user && group_args+=("--system") - ensure_group_exists "${group_args[@]}" - usermod -g "$group" "$user" >/dev/null 2>&1 - fi - - if [[ -n "$append_groups" ]]; then - local -a groups - read -ra groups <<<"$(tr ',;' ' ' <<<"$append_groups")" - for group in "${groups[@]}"; do - ensure_group_exists "$group" - usermod -aG "$group" "$user" >/dev/null 2>&1 - done - fi - - if [[ -n "$home" ]]; then - mkdir -p "$home" - usermod -d "$home" "$user" >/dev/null 2>&1 - configure_permissions_ownership "$home" -d "775" -f "664" -u "$user" -g "$group" - fi -} - -######################## -# Check if the script is currently running as root -# Arguments: -# $1 - user -# $2 - group -# Returns: -# Boolean -######################### -am_i_root() { - if [[ "$(id -u)" = "0" ]]; then - true - else - false - fi -} - -######################## -# Print OS metadata -# Arguments: -# $1 - Flag name -# Flags: -# --id - Distro ID -# --version - Distro version -# --branch - Distro branch -# --codename - Distro codename -# Returns: -# String -######################### -get_os_metadata() { - local -r flag_name="${1:?missing flag}" - # Helper function - get_os_release_metadata() { - local -r env_name="${1:?missing environment variable name}" - ( - . /etc/os-release - echo "${!env_name}" - ) - } - case "$flag_name" in - --id) - get_os_release_metadata ID - ;; - --version) - get_os_release_metadata VERSION_ID - ;; - --branch) - get_os_release_metadata VERSION_ID | sed 's/\..*//' - ;; - --codename) - get_os_release_metadata VERSION_CODENAME - ;; - *) - error "Unknown flag ${flag_name}" - return 1 - ;; - esac -} - -######################## -# Get total memory available -# Arguments: -# None -# Returns: -# Memory in bytes -######################### -get_total_memory() { - echo $(($(grep MemTotal /proc/meminfo | awk '{print $2}') / 1024)) -} - -######################## -# Get machine size depending on specified memory -# Globals: -# None -# Arguments: -# None -# Flags: -# --memory - memory size (optional) -# Returns: -# Detected instance size -######################### -get_machine_size() { - local memory="" - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - --memory) - shift - memory="${1:?missing memory}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - if [[ -z "$memory" ]]; then - debug "Memory was not specified, detecting available memory automatically" - memory="$(get_total_memory)" - fi - sanitized_memory=$(convert_to_mb "$memory") - if [[ "$sanitized_memory" -gt 26000 ]]; then - echo 2xlarge - elif [[ "$sanitized_memory" -gt 13000 ]]; then - echo xlarge - elif [[ "$sanitized_memory" -gt 6000 ]]; then - echo large - elif [[ "$sanitized_memory" -gt 3000 ]]; then - echo medium - elif [[ "$sanitized_memory" -gt 1500 ]]; then - echo small - else - echo micro - fi -} - -######################## -# Get machine size depending on specified memory -# Globals: -# None -# Arguments: -# $1 - memory size (optional) -# Returns: -# Detected instance size -######################### -get_supported_machine_sizes() { - echo micro small medium large xlarge 2xlarge -} - -######################## -# Convert memory size from string to amount of megabytes (i.e. 2G -> 2048) -# Globals: -# None -# Arguments: -# $1 - memory size -# Returns: -# Result of the conversion -######################### -convert_to_mb() { - local amount="${1:-}" - if [[ $amount =~ ^([0-9]+)(m|M|g|G) ]]; then - size="${BASH_REMATCH[1]}" - unit="${BASH_REMATCH[2]}" - if [[ "$unit" = "g" || "$unit" = "G" ]]; then - amount="$((size * 1024))" - else - amount="$size" - fi - fi - echo "$amount" -} - -######################### -# Redirects output to /dev/null if debug mode is disabled -# Globals: -# BITNAMI_DEBUG -# Arguments: -# $@ - Command to execute -# Returns: -# None -######################### -debug_execute() { - if is_boolean_yes "${BITNAMI_DEBUG:-false}"; then - "$@" - else - "$@" >/dev/null 2>&1 - fi -} - -######################## -# Retries a command a given number of times -# Arguments: -# $1 - cmd (as a string) -# $2 - max retries. Default: 12 -# $3 - sleep between retries (in seconds). Default: 5 -# Returns: -# Boolean -######################### -retry_while() { - local cmd="${1:?cmd is missing}" - local retries="${2:-12}" - local sleep_time="${3:-5}" - local return_value=1 - - read -r -a command <<<"$cmd" - for ((i = 1; i <= retries; i += 1)); do - "${command[@]}" && return_value=0 && break - sleep "$sleep_time" - done - return $return_value -} - -######################## -# Generate a random string -# Arguments: -# -t|--type - String type (ascii, alphanumeric, numeric), defaults to ascii -# -c|--count - Number of characters, defaults to 32 -# Arguments: -# None -# Returns: -# None -# Returns: -# String -######################### -generate_random_string() { - local type="ascii" - local count="32" - local filter - local result - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - -t | --type) - shift - type="$1" - ;; - -c | --count) - shift - count="$1" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - # Validate type - case "$type" in - ascii) - filter="[:print:]" - ;; - alphanumeric) - filter="a-zA-Z0-9" - ;; - numeric) - filter="0-9" - ;; - *) - echo "Invalid type ${type}" >&2 - return 1 - ;; - esac - # Obtain count + 10 lines from /dev/urandom to ensure that the resulting string has the expected size - # Note there is a very small chance of strings starting with EOL character - # Therefore, the higher amount of lines read, this will happen less frequently - result="$(head -n "$((count + 10))" /dev/urandom | tr -dc "$filter" | head -c "$count")" - echo "$result" -} - -######################## -# Create md5 hash from a string -# Arguments: -# $1 - string -# Returns: -# md5 hash - string -######################### -generate_md5_hash() { - local -r str="${1:?missing input string}" - echo -n "$str" | md5sum | awk '{print $1}' -} - -######################## -# Create sha1 hash from a string -# Arguments: -# $1 - string -# $2 - algorithm - 1 (default), 224, 256, 384, 512 -# Returns: -# sha1 hash - string -######################### -generate_sha_hash() { - local -r str="${1:?missing input string}" - local -r algorithm="${2:-1}" - echo -n "$str" | "sha${algorithm}sum" | awk '{print $1}' -} - -######################## -# Converts a string to its hexadecimal representation -# Arguments: -# $1 - string -# Returns: -# hexadecimal representation of the string -######################### -convert_to_hex() { - local -r str=${1:?missing input string} - local -i iterator - local char - for ((iterator = 0; iterator < ${#str}; iterator++)); do - char=${str:iterator:1} - printf '%x' "'${char}" - done -} - -######################## -# Run command as a specific user and group (optional) -# Arguments: -# $1 - USER(:GROUP) to switch to -# $2..$n - command to execute -# Returns: -# Exit code of the specified command -######################### -run_as_user() { - run_chroot "$@" -} - -######################## -# Execute command as a specific user and group (optional), -# replacing the current process image -# Arguments: -# $1 - USER(:GROUP) to switch to -# $2..$n - command to execute -# Returns: -# Exit code of the specified command -######################### -exec_as_user() { - run_chroot --replace-process "$@" -} - -######################## -# Run a command using chroot -# Arguments: -# $1 - USER(:GROUP) to switch to -# $2..$n - command to execute -# Flags: -# -r | --replace-process - Replace the current process image (optional) -# Returns: -# Exit code of the specified command -######################### -run_chroot() { - local userspec - local user - local homedir - local replace=false - local -r cwd="$(pwd)" - - # Parse and validate flags - while [[ "$#" -gt 0 ]]; do - case "$1" in - -r | --replace-process) - replace=true - ;; - --) - shift - break - ;; - -*) - stderr_print "unrecognized flag $1" - return 1 - ;; - *) - break - ;; - esac - shift - done - - # Parse and validate arguments - if [[ "$#" -lt 2 ]]; then - echo "expected at least 2 arguments" - return 1 - else - userspec=$1 - shift - - # userspec can optionally include the group, so we parse the user - user=$(echo "$userspec" | cut -d':' -f1) - fi - - if ! am_i_root; then - error "Could not switch to '${userspec}': Operation not permitted" - return 1 - fi - - # Get the HOME directory for the user to switch, as chroot does - # not properly update this env and some scripts rely on it - homedir=$(eval echo "~${user}") - if [[ ! -d $homedir ]]; then - homedir="${HOME:-/}" - fi - - # Obtaining value for "$@" indirectly in order to properly support shell parameter expansion - if [[ "$replace" = true ]]; then - exec chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@" - else - chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@" - fi -} \ No newline at end of file diff --git a/docker/kafka/prebuildfs/opt/bitnami/scripts/libpersistence.sh b/docker/kafka/prebuildfs/opt/bitnami/scripts/libpersistence.sh deleted file mode 100644 index 99df69681c27f..0000000000000 --- a/docker/kafka/prebuildfs/opt/bitnami/scripts/libpersistence.sh +++ /dev/null @@ -1,122 +0,0 @@ -#!/bin/bash -# -# Bitnami persistence library -# Used for bringing persistence capabilities to applications that don't have clear separation of data and logic - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libversion.sh - -# Functions - -######################## -# Persist an application directory -# Globals: -# BITNAMI_ROOT_DIR -# BITNAMI_VOLUME_DIR -# Arguments: -# $1 - App folder name -# $2 - List of app files to persist -# Returns: -# true if all steps succeeded, false otherwise -######################### -persist_app() { - local -r app="${1:?missing app}" - local -a files_to_restore - read -r -a files_to_persist <<< "$(tr ',;:' ' ' <<< "$2")" - local -r install_dir="${BITNAMI_ROOT_DIR}/${app}" - local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" - # Persist the individual files - if [[ "${#files_to_persist[@]}" -le 0 ]]; then - warn "No files are configured to be persisted" - return - fi - pushd "$install_dir" >/dev/null || exit - local file_to_persist_relative file_to_persist_destination file_to_persist_destination_folder - local -r tmp_file="/tmp/perms.acl" - for file_to_persist in "${files_to_persist[@]}"; do - if [[ ! -f "$file_to_persist" && ! -d "$file_to_persist" ]]; then - error "Cannot persist '${file_to_persist}' because it does not exist" - return 1 - fi - file_to_persist_relative="$(relativize "$file_to_persist" "$install_dir")" - file_to_persist_destination="${persist_dir}/${file_to_persist_relative}" - file_to_persist_destination_folder="$(dirname "$file_to_persist_destination")" - # Get original permissions for existing files, which will be applied later - # Exclude the root directory with 'sed', to avoid issues when copying the entirety of it to a volume - getfacl -R "$file_to_persist_relative" | sed -E '/# file: (\..+|[^.])/,$!d' > "$tmp_file" - # Copy directories to the volume - ensure_dir_exists "$file_to_persist_destination_folder" - cp -Lr --preserve=links "$file_to_persist_relative" "$file_to_persist_destination_folder" - # Restore permissions - pushd "$persist_dir" >/dev/null || exit - if am_i_root; then - setfacl --restore="$tmp_file" - else - # When running as non-root, don't change ownership - setfacl --restore=<(grep -E -v '^# (owner|group):' "$tmp_file") - fi - popd >/dev/null || exit - done - popd >/dev/null || exit - rm -f "$tmp_file" - # Install the persisted files into the installation directory, via symlinks - restore_persisted_app "$@" -} - -######################## -# Restore a persisted application directory -# Globals: -# BITNAMI_ROOT_DIR -# BITNAMI_VOLUME_DIR -# FORCE_MAJOR_UPGRADE -# Arguments: -# $1 - App folder name -# $2 - List of app files to restore -# Returns: -# true if all steps succeeded, false otherwise -######################### -restore_persisted_app() { - local -r app="${1:?missing app}" - local -a files_to_restore - read -r -a files_to_restore <<< "$(tr ',;:' ' ' <<< "$2")" - local -r install_dir="${BITNAMI_ROOT_DIR}/${app}" - local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" - # Restore the individual persisted files - if [[ "${#files_to_restore[@]}" -le 0 ]]; then - warn "No persisted files are configured to be restored" - return - fi - local file_to_restore_relative file_to_restore_origin file_to_restore_destination - for file_to_restore in "${files_to_restore[@]}"; do - file_to_restore_relative="$(relativize "$file_to_restore" "$install_dir")" - # We use 'realpath --no-symlinks' to ensure that the case of '.' is covered and the directory is removed - file_to_restore_origin="$(realpath --no-symlinks "${install_dir}/${file_to_restore_relative}")" - file_to_restore_destination="$(realpath --no-symlinks "${persist_dir}/${file_to_restore_relative}")" - rm -rf "$file_to_restore_origin" - ln -sfn "$file_to_restore_destination" "$file_to_restore_origin" - done -} - -######################## -# Check if an application directory was already persisted -# Globals: -# BITNAMI_VOLUME_DIR -# Arguments: -# $1 - App folder name -# Returns: -# true if all steps succeeded, false otherwise -######################### -is_app_initialized() { - local -r app="${1:?missing app}" - local -r persist_dir="${BITNAMI_VOLUME_DIR}/${app}" - if ! is_mounted_dir_empty "$persist_dir"; then - true - else - false - fi -} diff --git a/docker/kafka/prebuildfs/opt/bitnami/scripts/libservice.sh b/docker/kafka/prebuildfs/opt/bitnami/scripts/libservice.sh deleted file mode 100644 index a713bd108e15c..0000000000000 --- a/docker/kafka/prebuildfs/opt/bitnami/scripts/libservice.sh +++ /dev/null @@ -1,273 +0,0 @@ -#!/bin/bash -# -# Library for managing services - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Read the provided pid file and returns a PID -# Arguments: -# $1 - Pid file -# Returns: -# PID -######################### -get_pid_from_file() { - local pid_file="${1:?pid file is missing}" - - if [[ -f "$pid_file" ]]; then - if [[ -n "$(< "$pid_file")" ]] && [[ "$(< "$pid_file")" -gt 0 ]]; then - echo "$(< "$pid_file")" - fi - fi -} - -######################## -# Check if a provided PID corresponds to a running service -# Arguments: -# $1 - PID -# Returns: -# Boolean -######################### -is_service_running() { - local pid="${1:?pid is missing}" - - kill -0 "$pid" 2>/dev/null -} - -######################## -# Stop a service by sending a termination signal to its pid -# Arguments: -# $1 - Pid file -# $2 - Signal number (optional) -# Returns: -# None -######################### -stop_service_using_pid() { - local pid_file="${1:?pid file is missing}" - local signal="${2:-}" - local pid - - pid="$(get_pid_from_file "$pid_file")" - [[ -z "$pid" ]] || ! is_service_running "$pid" && return - - if [[ -n "$signal" ]]; then - kill "-${signal}" "$pid" - else - kill "$pid" - fi - - local counter=10 - while [[ "$counter" -ne 0 ]] && is_service_running "$pid"; do - sleep 1 - counter=$((counter - 1)) - done -} - -######################## -# Start cron daemon -# Arguments: -# None -# Returns: -# true if started correctly, false otherwise -######################### -cron_start() { - if [[ -x "/usr/sbin/cron" ]]; then - /usr/sbin/cron - elif [[ -x "/usr/sbin/crond" ]]; then - /usr/sbin/crond - else - false - fi -} - -######################## -# Generate a cron configuration file for a given service -# Arguments: -# $1 - Service name -# $2 - Command -# Flags: -# --run-as - User to run as (default: root) -# --schedule - Cron schedule configuration (default: * * * * *) -# Returns: -# None -######################### -generate_cron_conf() { - local service_name="${1:?service name is missing}" - local cmd="${2:?command is missing}" - local run_as="root" - local schedule="* * * * *" - local clean="true" - - local clean="true" - - # Parse optional CLI flags - shift 2 - while [[ "$#" -gt 0 ]]; do - case "$1" in - --run-as) - shift - run_as="$1" - ;; - --schedule) - shift - schedule="$1" - ;; - --no-clean) - clean="false" - ;; - *) - echo "Invalid command line flag ${1}" >&2 - return 1 - ;; - esac - shift - done - - mkdir -p /etc/cron.d - if "$clean"; then - echo "${schedule} ${run_as} ${cmd}" > /etc/cron.d/"$service_name" - else - echo "${schedule} ${run_as} ${cmd}" >> /etc/cron.d/"$service_name" - fi -} - -######################## -# Remove a cron configuration file for a given service -# Arguments: -# $1 - Service name -# Returns: -# None -######################### -remove_cron_conf() { - local service_name="${1:?service name is missing}" - local cron_conf_dir="/etc/monit/conf.d" - rm -f "${cron_conf_dir}/${service_name}" -} - -######################## -# Generate a monit configuration file for a given service -# Arguments: -# $1 - Service name -# $2 - Pid file -# $3 - Start command -# $4 - Stop command -# Flags: -# --disable - Whether to disable the monit configuration -# Returns: -# None -######################### -generate_monit_conf() { - local service_name="${1:?service name is missing}" - local pid_file="${2:?pid file is missing}" - local start_command="${3:?start command is missing}" - local stop_command="${4:?stop command is missing}" - local monit_conf_dir="/etc/monit/conf.d" - local disabled="no" - - # Parse optional CLI flags - shift 4 - while [[ "$#" -gt 0 ]]; do - case "$1" in - --disable) - disabled="yes" - ;; - *) - echo "Invalid command line flag ${1}" >&2 - return 1 - ;; - esac - shift - done - - is_boolean_yes "$disabled" && conf_suffix=".disabled" - mkdir -p "$monit_conf_dir" - cat >"${monit_conf_dir}/${service_name}.conf${conf_suffix:-}" <&2 - return 1 - ;; - esac - shift - done - - mkdir -p "$logrotate_conf_dir" - cat <"${logrotate_conf_dir}/${service_name}" -${log_path} { - ${period} - rotate ${rotations} - dateext - compress - copytruncate - missingok -$(indent "$extra" 2) -} -EOF -} - -######################## -# Remove a logrotate configuration file -# Arguments: -# $1 - Service name -# Returns: -# None -######################### -remove_logrotate_conf() { - local service_name="${1:?service name is missing}" - local logrotate_conf_dir="/etc/logrotate.d" - rm -f "${logrotate_conf_dir}/${service_name}" -} diff --git a/docker/kafka/prebuildfs/opt/bitnami/scripts/libvalidations.sh b/docker/kafka/prebuildfs/opt/bitnami/scripts/libvalidations.sh deleted file mode 100644 index 2d7aaa9435136..0000000000000 --- a/docker/kafka/prebuildfs/opt/bitnami/scripts/libvalidations.sh +++ /dev/null @@ -1,264 +0,0 @@ -#!/bin/bash -# -# Validation functions library - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions - -######################## -# Check if the provided argument is an integer -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_int() { - local -r int="${1:?missing value}" - if [[ "$int" =~ ^-?[0-9]+ ]]; then - true - else - false - fi -} - -######################## -# Check if the provided argument is a positive integer -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_positive_int() { - local -r int="${1:?missing value}" - if is_int "$int" && (( "${int}" >= 0 )); then - true - else - false - fi -} - -######################## -# Check if the provided argument is a boolean or is the string 'yes/true' -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_boolean_yes() { - local -r bool="${1:-}" - # comparison is performed without regard to the case of alphabetic characters - shopt -s nocasematch - if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then - true - else - false - fi -} - -######################## -# Check if the provided argument is a boolean yes/no value -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_yes_no_value() { - local -r bool="${1:-}" - if [[ "$bool" =~ ^(yes|no)$ ]]; then - true - else - false - fi -} - -######################## -# Check if the provided argument is a boolean true/false value -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_true_false_value() { - local -r bool="${1:-}" - if [[ "$bool" =~ ^(true|false)$ ]]; then - true - else - false - fi -} - -######################## -# Check if the provided argument is a boolean 1/0 value -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_1_0_value() { - local -r bool="${1:-}" - if [[ "$bool" =~ ^[10]$ ]]; then - true - else - false - fi -} - -######################## -# Check if the provided argument is an empty string or not defined -# Arguments: -# $1 - Value to check -# Returns: -# Boolean -######################### -is_empty_value() { - local -r val="${1:-}" - if [[ -z "$val" ]]; then - true - else - false - fi -} - -######################## -# Validate if the provided argument is a valid port -# Arguments: -# $1 - Port to validate -# Returns: -# Boolean and error message -######################### -validate_port() { - local value - local unprivileged=0 - - # Parse flags - while [[ "$#" -gt 0 ]]; do - case "$1" in - -unprivileged) - unprivileged=1 - ;; - --) - shift - break - ;; - -*) - stderr_print "unrecognized flag $1" - return 1 - ;; - *) - break - ;; - esac - shift - done - - if [[ "$#" -gt 1 ]]; then - echo "too many arguments provided" - return 2 - elif [[ "$#" -eq 0 ]]; then - stderr_print "missing port argument" - return 1 - else - value=$1 - fi - - if [[ -z "$value" ]]; then - echo "the value is empty" - return 1 - else - if ! is_int "$value"; then - echo "value is not an integer" - return 2 - elif [[ "$value" -lt 0 ]]; then - echo "negative value provided" - return 2 - elif [[ "$value" -gt 65535 ]]; then - echo "requested port is greater than 65535" - return 2 - elif [[ "$unprivileged" = 1 && "$value" -lt 1024 ]]; then - echo "privileged port requested" - return 3 - fi - fi -} - -######################## -# Validate if the provided argument is a valid IPv4 address -# Arguments: -# $1 - IP to validate -# Returns: -# Boolean -######################### -validate_ipv4() { - local ip="${1:?ip is missing}" - local stat=1 - - if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then - read -r -a ip_array <<< "$(tr '.' ' ' <<< "$ip")" - [[ ${ip_array[0]} -le 255 && ${ip_array[1]} -le 255 \ - && ${ip_array[2]} -le 255 && ${ip_array[3]} -le 255 ]] - stat=$? - fi - return $stat -} - -######################## -# Validate a string format -# Arguments: -# $1 - String to validate -# Returns: -# Boolean -######################### -validate_string() { - local string - local min_length=-1 - local max_length=-1 - - # Parse flags - while [ "$#" -gt 0 ]; do - case "$1" in - -min-length) - shift - min_length=${1:-} - ;; - -max-length) - shift - max_length=${1:-} - ;; - --) - shift - break - ;; - -*) - stderr_print "unrecognized flag $1" - return 1 - ;; - *) - break - ;; - esac - shift - done - - if [ "$#" -gt 1 ]; then - stderr_print "too many arguments provided" - return 2 - elif [ "$#" -eq 0 ]; then - stderr_print "missing string" - return 1 - else - string=$1 - fi - - if [[ "$min_length" -ge 0 ]] && [[ "${#string}" -lt "$min_length" ]]; then - echo "string length is less than $min_length" - return 1 - fi - if [[ "$max_length" -ge 0 ]] && [[ "${#string}" -gt "$max_length" ]]; then - echo "string length is great than $max_length" - return 1 - fi -} diff --git a/docker/kafka/prebuildfs/opt/bitnami/scripts/libversion.sh b/docker/kafka/prebuildfs/opt/bitnami/scripts/libversion.sh deleted file mode 100644 index f3bc7568bfa5b..0000000000000 --- a/docker/kafka/prebuildfs/opt/bitnami/scripts/libversion.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/bash -# -# Library for managing versions strings - -# shellcheck disable=SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/liblog.sh - -# Functions -######################## -# Gets semantic version -# Arguments: -# $1 - version: string to extract major.minor.patch -# $2 - section: 1 to extract major, 2 to extract minor, 3 to extract patch -# Returns: -# array with the major, minor and release -######################### -get_sematic_version () { - local version="${1:?version is required}" - local section="${2:?section is required}" - local -a version_sections - - #Regex to parse versions: x.y.z - local -r regex='([0-9]+)(\.([0-9]+)(\.([0-9]+))?)?' - - if [[ "$version" =~ $regex ]]; then - local i=1 - local j=1 - local n=${#BASH_REMATCH[*]} - - while [[ $i -lt $n ]]; do - if [[ -n "${BASH_REMATCH[$i]}" ]] && [[ "${BASH_REMATCH[$i]:0:1}" != '.' ]]; then - version_sections[$j]=${BASH_REMATCH[$i]} - ((j++)) - fi - ((i++)) - done - - local number_regex='^[0-9]+$' - if [[ "$section" =~ $number_regex ]] && (( section > 0 )) && (( section <= 3 )); then - echo "${version_sections[$section]}" - return - else - stderr_print "Section allowed values are: 1, 2, and 3" - return 1 - fi - fi -} diff --git a/docker/kafka/prebuildfs/opt/bitnami/scripts/libwebserver.sh b/docker/kafka/prebuildfs/opt/bitnami/scripts/libwebserver.sh deleted file mode 100644 index 818c2158032b8..0000000000000 --- a/docker/kafka/prebuildfs/opt/bitnami/scripts/libwebserver.sh +++ /dev/null @@ -1,458 +0,0 @@ -#!/bin/bash -# -# Bitnami web server handler library - -# shellcheck disable=SC1090,SC1091 - -# Load generic libraries -. /opt/bitnami/scripts/liblog.sh - -######################## -# Execute a command (or list of commands) with the web server environment and library loaded -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_execute() { - local -r web_server="${1:?missing web server}" - shift - # Run program in sub-shell to avoid web server environment getting loaded when not necessary - ( - . "/opt/bitnami/scripts/lib${web_server}.sh" - . "/opt/bitnami/scripts/${web_server}-env.sh" - "$@" - ) -} - -######################## -# Prints the list of enabled web servers -# Globals: -# None -# Arguments: -# None -# Returns: -# None -######################### -web_server_list() { - local -r -a supported_web_servers=(apache nginx) - local -a existing_web_servers=() - for web_server in "${supported_web_servers[@]}"; do - [[ -f "/opt/bitnami/scripts/${web_server}-env.sh" ]] && existing_web_servers+=("$web_server") - done - echo "${existing_web_servers[@]:-}" -} - -######################## -# Prints the currently-enabled web server type (only one, in order of preference) -# Globals: -# None -# Arguments: -# None -# Returns: -# None -######################### -web_server_type() { - local -a web_servers - read -r -a web_servers <<< "$(web_server_list)" - echo "${web_servers[0]:-}" -} - -######################## -# Validate that a supported web server is configured -# Globals: -# None -# Arguments: -# None -# Returns: -# None -######################### -web_server_validate() { - local error_code=0 - local supported_web_servers=("apache" "nginx") - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - - if [[ -z "$(web_server_type)" || ! " ${supported_web_servers[*]} " == *" $(web_server_type) "* ]]; then - print_validation_error "Could not detect any supported web servers. It must be one of: ${supported_web_servers[*]}" - elif ! web_server_execute "$(web_server_type)" type -t "is_$(web_server_type)_running" >/dev/null; then - print_validation_error "Could not load the $(web_server_type) web server library from /opt/bitnami/scripts. Check that it exists and is readable." - fi - - return "$error_code" -} - -######################## -# Check whether the web server is running -# Globals: -# * -# Arguments: -# None -# Returns: -# true if the web server is running, false otherwise -######################### -is_web_server_running() { - "is_$(web_server_type)_running" -} - -######################## -# Start web server -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_start() { - info "Starting $(web_server_type) in background" - "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/start.sh" -} - -######################## -# Stop web server -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_stop() { - info "Stopping $(web_server_type)" - "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/stop.sh" -} - -######################## -# Restart web server -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_restart() { - info "Restarting $(web_server_type)" - "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/restart.sh" -} - -######################## -# Reload web server -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_reload() { - "${BITNAMI_ROOT_DIR}/scripts/$(web_server_type)/reload.sh" -} - -######################## -# Ensure a web server application configuration exists (i.e. Apache virtual host format or NGINX server block) -# It serves as a wrapper for the specific web server function -# Globals: -# * -# Arguments: -# $1 - App name -# Flags: -# --type - Application type, which has an effect on which configuration template to use -# --hosts - Host listen addresses -# --server-name - Server name -# --server-aliases - Server aliases -# --allow-remote-connections - Whether to allow remote connections or to require local connections -# --disable - Whether to render server configurations with a .disabled prefix -# --disable-http - Whether to render the app's HTTP server configuration with a .disabled prefix -# --disable-https - Whether to render the app's HTTPS server configuration with a .disabled prefix -# --http-port - HTTP port number -# --https-port - HTTPS port number -# --document-root - Path to document root directory -# Apache-specific flags: -# --apache-additional-configuration - Additional vhost configuration (no default) -# --apache-additional-http-configuration - Additional HTTP vhost configuration (no default) -# --apache-additional-https-configuration - Additional HTTPS vhost configuration (no default) -# --apache-before-vhost-configuration - Configuration to add before the directive (no default) -# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no' and type is not defined) -# --apache-extra-directory-configuration - Extra configuration for the document root directory -# --apache-proxy-address - Address where to proxy requests -# --apache-proxy-configuration - Extra configuration for the proxy -# --apache-proxy-http-configuration - Extra configuration for the proxy HTTP vhost -# --apache-proxy-https-configuration - Extra configuration for the proxy HTTPS vhost -# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup (only allowed when type is not defined) -# NGINX-specific flags: -# --nginx-additional-configuration - Additional server block configuration (no default) -# --nginx-external-configuration - Configuration external to server block (no default) -# Returns: -# true if the configuration was enabled, false otherwise -######################## -ensure_web_server_app_configuration_exists() { - local app="${1:?missing app}" - shift - local -a apache_args nginx_args web_servers args_var - apache_args=("$app") - nginx_args=("$app") - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - # Common flags - --disable \ - | --disable-http \ - | --disable-https \ - ) - apache_args+=("$1") - nginx_args+=("$1") - ;; - --hosts \ - | --server-name \ - | --server-aliases \ - | --type \ - | --allow-remote-connections \ - | --http-port \ - | --https-port \ - | --document-root \ - ) - apache_args+=("$1" "${2:?missing value}") - nginx_args+=("$1" "${2:?missing value}") - shift - ;; - - # Specific Apache flags - --apache-additional-configuration \ - | --apache-additional-http-configuration \ - | --apache-additional-https-configuration \ - | --apache-before-vhost-configuration \ - | --apache-allow-override \ - | --apache-extra-directory-configuration \ - | --apache-proxy-address \ - | --apache-proxy-configuration \ - | --apache-proxy-http-configuration \ - | --apache-proxy-https-configuration \ - | --apache-move-htaccess \ - ) - apache_args+=("${1//apache-/}" "${2:?missing value}") - shift - ;; - - # Specific NGINX flags - --nginx-additional-configuration \ - | --nginx-external-configuration) - nginx_args+=("${1//nginx-/}" "${2:?missing value}") - shift - ;; - - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - read -r -a web_servers <<< "$(web_server_list)" - for web_server in "${web_servers[@]}"; do - args_var="${web_server}_args[@]" - web_server_execute "$web_server" "ensure_${web_server}_app_configuration_exists" "${!args_var}" - done -} - -######################## -# Ensure a web server application configuration does not exist anymore (i.e. Apache virtual host format or NGINX server block) -# It serves as a wrapper for the specific web server function -# Globals: -# * -# Arguments: -# $1 - App name -# Returns: -# true if the configuration was disabled, false otherwise -######################## -ensure_web_server_app_configuration_not_exists() { - local app="${1:?missing app}" - local -a web_servers - read -r -a web_servers <<< "$(web_server_list)" - for web_server in "${web_servers[@]}"; do - web_server_execute "$web_server" "ensure_${web_server}_app_configuration_not_exists" "$app" - done -} - -######################## -# Ensure the web server loads the configuration for an application in a URL prefix -# It serves as a wrapper for the specific web server function -# Globals: -# * -# Arguments: -# $1 - App name -# Flags: -# --allow-remote-connections - Whether to allow remote connections or to require local connections -# --document-root - Path to document root directory -# --prefix - URL prefix from where it will be accessible (i.e. /myapp) -# --type - Application type, which has an effect on what configuration template will be used -# Apache-specific flags: -# --apache-additional-configuration - Additional vhost configuration (no default) -# --apache-allow-override - Whether to allow .htaccess files (only allowed when --move-htaccess is set to 'no') -# --apache-extra-directory-configuration - Extra configuration for the document root directory -# --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup -# NGINX-specific flags: -# --nginx-additional-configuration - Additional server block configuration (no default) -# Returns: -# true if the configuration was enabled, false otherwise -######################## -ensure_web_server_prefix_configuration_exists() { - local app="${1:?missing app}" - shift - local -a apache_args nginx_args web_servers args_var - apache_args=("$app") - nginx_args=("$app") - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - # Common flags - --allow-remote-connections \ - | --document-root \ - | --prefix \ - | --type \ - ) - apache_args+=("$1" "${2:?missing value}") - nginx_args+=("$1" "${2:?missing value}") - shift - ;; - - # Specific Apache flags - --apache-additional-configuration \ - | --apache-allow-override \ - | --apache-extra-directory-configuration \ - | --apache-move-htaccess \ - ) - apache_args+=("${1//apache-/}" "$2") - shift - ;; - - # Specific NGINX flags - --nginx-additional-configuration) - nginx_args+=("${1//nginx-/}" "$2") - shift - ;; - - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - read -r -a web_servers <<< "$(web_server_list)" - for web_server in "${web_servers[@]}"; do - args_var="${web_server}_args[@]" - web_server_execute "$web_server" "ensure_${web_server}_prefix_configuration_exists" "${!args_var}" - done -} - -######################## -# Ensure a web server application configuration is updated with the runtime configuration (i.e. ports) -# It serves as a wrapper for the specific web server function -# Globals: -# * -# Arguments: -# $1 - App name -# Flags: -# --hosts - Host listen addresses -# --server-name - Server name -# --server-aliases - Server aliases -# --enable-http - Enable HTTP app configuration (if not enabled already) -# --enable-https - Enable HTTPS app configuration (if not enabled already) -# --disable-http - Disable HTTP app configuration (if not disabled already) -# --disable-https - Disable HTTPS app configuration (if not disabled already) -# --http-port - HTTP port number -# --https-port - HTTPS port number -# Returns: -# true if the configuration was updated, false otherwise -######################## -web_server_update_app_configuration() { - local app="${1:?missing app}" - shift - local -a args web_servers - args=("$app") - # Validate arguments - while [[ "$#" -gt 0 ]]; do - case "$1" in - # Common flags - --enable-http \ - | --enable-https \ - | --disable-http \ - | --disable-https \ - ) - args+=("$1") - ;; - --hosts \ - | --server-name \ - | --server-aliases \ - | --http-port \ - | --https-port \ - ) - args+=("$1" "${2:?missing value}") - shift - ;; - - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - read -r -a web_servers <<< "$(web_server_list)" - for web_server in "${web_servers[@]}"; do - web_server_execute "$web_server" "${web_server}_update_app_configuration" "${args[@]}" - done -} - -######################## -# Enable loading page, which shows users that the initialization process is not yet completed -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_enable_loading_page() { - ensure_web_server_app_configuration_exists "__loading" --hosts "_default_" \ - --apache-additional-configuration " -# Show a HTTP 503 Service Unavailable page by default -RedirectMatch 503 ^/$ -# Show index.html if server is answering with 404 Not Found or 503 Service Unavailable status codes -ErrorDocument 404 /index.html -ErrorDocument 503 /index.html" \ - --nginx-additional-configuration " -# Show a HTTP 503 Service Unavailable page by default -location / { - return 503; -} -# Show index.html if server is answering with 404 Not Found or 503 Service Unavailable status codes -error_page 404 @installing; -error_page 503 @installing; -location @installing { - rewrite ^(.*)$ /index.html break; -}" - web_server_reload -} - -######################## -# Enable loading page, which shows users that the initialization process is not yet completed -# Globals: -# * -# Arguments: -# None -# Returns: -# None -######################### -web_server_disable_install_page() { - ensure_web_server_app_configuration_not_exists "__loading" - web_server_reload -} diff --git a/docker/kafka/prebuildfs/usr/sbin/install_packages b/docker/kafka/prebuildfs/usr/sbin/install_packages deleted file mode 100755 index c9577647443b5..0000000000000 --- a/docker/kafka/prebuildfs/usr/sbin/install_packages +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh -set -e -set -u -export DEBIAN_FRONTEND=noninteractive -n=0 -max=2 -until [ $n -gt $max ]; do - set +e - ( - apt-get update -qq && - apt-get install -y --no-install-recommends "$@" - ) - CODE=$? - set -e - if [ $CODE -eq 0 ]; then - break - fi - if [ $n -eq $max ]; then - exit $CODE - fi - echo "apt failed, retrying" - n=$(($n + 1)) -done -rm -r /var/lib/apt/lists /var/cache/apt/archives diff --git a/docker/kafka/rootfs/opt/bitnami/scripts/java/entrypoint.sh b/docker/kafka/rootfs/opt/bitnami/scripts/java/entrypoint.sh deleted file mode 100755 index 15cf7d1833e51..0000000000000 --- a/docker/kafka/rootfs/opt/bitnami/scripts/java/entrypoint.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purposes - -# Load libraries -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/liblog.sh - -print_welcome_page - -echo "" -exec "$@" diff --git a/docker/kafka/rootfs/opt/bitnami/scripts/java/postunpack.sh b/docker/kafka/rootfs/opt/bitnami/scripts/java/postunpack.sh deleted file mode 100755 index 24a5c9bc15fae..0000000000000 --- a/docker/kafka/rootfs/opt/bitnami/scripts/java/postunpack.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purpose - -# Load libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/liblog.sh - -# -# Java post-unpack operations -# - -# Override default files in the Java security directory. This is used for -# custom base images (with custom CA certificates or block lists is used) - -if ! is_dir_empty "$JAVA_EXTRA_SECURITY_DIR"; then - info "Adding custom CAs to the Java security folder" - cp -Lr "$JAVA_EXTRA_SECURITY_DIR" /opt/bitnami/java/lib/security -fi diff --git a/docker/kafka/rootfs/opt/bitnami/scripts/kafka-env.sh b/docker/kafka/rootfs/opt/bitnami/scripts/kafka-env.sh deleted file mode 100644 index 614f175331f5d..0000000000000 --- a/docker/kafka/rootfs/opt/bitnami/scripts/kafka-env.sh +++ /dev/null @@ -1,124 +0,0 @@ -#!/bin/bash -# -# Environment configuration for kafka - -# The values for all environment variables will be set in the below order of precedence -# 1. Custom environment variables defined below after Bitnami defaults -# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR -# 3. Environment variables overridden via external files using *_FILE variables (see below) -# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata) - -# Load logging library -# shellcheck disable=SC1090,SC1091 -. /opt/bitnami/scripts/liblog.sh - -export BITNAMI_ROOT_DIR="/opt/bitnami" -export BITNAMI_VOLUME_DIR="/bitnami" - -# Logging configuration -export MODULE="${MODULE:-kafka}" -export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}" - -# By setting an environment variable matching *_FILE to a file path, the prefixed environment -# variable will be overridden with the value specified in that file -kafka_env_vars=( - ALLOW_PLAINTEXT_LISTENER - KAFKA_INTER_BROKER_USER - KAFKA_INTER_BROKER_PASSWORD - KAFKA_CERTIFICATE_PASSWORD - KAFKA_TLS_TRUSTSTORE_FILE - KAFKA_TLS_TYPE - KAFKA_TLS_CLIENT_AUTH - KAFKA_OPTS - KAFKA_CFG_ADVERTISED_LISTENERS - KAFKA_CFG_LISTENERS - KAFKA_CFG_ZOOKEEPER_CONNECT - KAFKA_CFG_AUTO_CREATE_TOPICS_ENABLE - KAFKA_CFG_SASL_ENABLED_MECHANISMS - KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL - KAFKA_CFG_MAX_REQUEST_SIZE - KAFKA_CFG_MAX_PARTITION_FETCH_BYTES - KAFKA_ENABLE_KRAFT - KAFKA_KRAFT_CLUSTER_ID - KAFKA_ZOOKEEPER_PROTOCOL - KAFKA_ZOOKEEPER_PASSWORD - KAFKA_ZOOKEEPER_USER - KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD - KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD - KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE - KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME - KAFKA_ZOOKEEPER_TLS_TYPE - KAFKA_CLIENT_USERS - KAFKA_CLIENT_PASSWORDS - KAFKA_HEAP_OPTS -) -for env_var in "${kafka_env_vars[@]}"; do - file_env_var="${env_var}_FILE" - if [[ -n "${!file_env_var:-}" ]]; then - if [[ -r "${!file_env_var:-}" ]]; then - export "${env_var}=$(< "${!file_env_var}")" - unset "${file_env_var}" - else - warn "Skipping export of '${env_var}'. '${!file_env_var:-}' is not readable." - fi - fi -done -unset kafka_env_vars - -# Paths -export KAFKA_BASE_DIR="${BITNAMI_ROOT_DIR}/kafka" -export KAFKA_VOLUME_DIR="/bitnami/kafka" -export KAFKA_DATA_DIR="${KAFKA_VOLUME_DIR}/data" -export KAFKA_CONF_DIR="${KAFKA_BASE_DIR}/config" -export KAFKA_CONF_FILE="${KAFKA_CONF_DIR}/server.properties" -export KAFKA_MOUNTED_CONF_DIR="${KAFKA_VOLUME_DIR}/config" -export KAFKA_CERTS_DIR="${KAFKA_CONF_DIR}/certs" -export KAFKA_INITSCRIPTS_DIR="/docker-entrypoint-initdb.d" -export KAFKA_LOG_DIR="${KAFKA_BASE_DIR}/logs" -export KAFKA_HOME="$KAFKA_BASE_DIR" -export PATH="${KAFKA_BASE_DIR}/bin:${BITNAMI_ROOT_DIR}/java/bin:${PATH}" - -# System users (when running with a privileged user) -export KAFKA_DAEMON_USER="kafka" -export KAFKA_DAEMON_GROUP="kafka" - -# Kafka runtime settings -export ALLOW_PLAINTEXT_LISTENER="${ALLOW_PLAINTEXT_LISTENER:-no}" -export KAFKA_INTER_BROKER_USER="${KAFKA_INTER_BROKER_USER:-user}" -export KAFKA_INTER_BROKER_PASSWORD="${KAFKA_INTER_BROKER_PASSWORD:-bitnami}" -export KAFKA_CERTIFICATE_PASSWORD="${KAFKA_CERTIFICATE_PASSWORD:-}" -export KAFKA_TLS_TRUSTSTORE_FILE="${KAFKA_TLS_TRUSTSTORE_FILE:-}" -export KAFKA_TLS_TYPE="${KAFKA_TLS_TYPE:-JKS}" -export KAFKA_TLS_CLIENT_AUTH="${KAFKA_TLS_CLIENT_AUTH:-required}" -export KAFKA_OPTS="${KAFKA_OPTS:-}" - -# Kafka configuration overrides -export KAFKA_CFG_ADVERTISED_LISTENERS="${KAFKA_CFG_ADVERTISED_LISTENERS:-PLAINTEXT://:9092}" -export KAFKA_CFG_LISTENERS="${KAFKA_CFG_LISTENERS:-PLAINTEXT://:9092}" -export KAFKA_CFG_ZOOKEEPER_CONNECT="${KAFKA_CFG_ZOOKEEPER_CONNECT:-localhost:2181}" -export KAFKA_CFG_AUTO_CREATE_TOPICS_ENABLE="${KAFKA_CFG_AUTO_CREATE_TOPICS_ENABLE:-true}" -export KAFKA_CFG_SASL_ENABLED_MECHANISMS="${KAFKA_CFG_SASL_ENABLED_MECHANISMS:-PLAIN,SCRAM-SHA-256,SCRAM-SHA-512}" -export KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL="${KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL:-}" -export KAFKA_CFG_MAX_REQUEST_SIZE="${KAFKA_CFG_MAX_REQUEST_SIZE:-1048576}" -export KAFKA_CFG_MAX_PARTITION_FETCH_BYTES="${KAFKA_CFG_MAX_PARTITION_FETCH_BYTES:-1048576}" -export KAFKA_ENABLE_KRAFT="${KAFKA_ENABLE_KRAFT:-no}" -export KAFKA_KRAFT_CLUSTER_ID="${KAFKA_KRAFT_CLUSTER_ID:-}" - -# ZooKeeper connection settings -export KAFKA_ZOOKEEPER_PROTOCOL="${KAFKA_ZOOKEEPER_PROTOCOL:-PLAINTEXT}" -export KAFKA_ZOOKEEPER_PASSWORD="${KAFKA_ZOOKEEPER_PASSWORD:-}" -export KAFKA_ZOOKEEPER_USER="${KAFKA_ZOOKEEPER_USER:-}" -export KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD="${KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD:-}" -export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD="${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD:-}" -export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE="${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE:-}" -export KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME="${KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME:-true}" -export KAFKA_ZOOKEEPER_TLS_TYPE="${KAFKA_ZOOKEEPER_TLS_TYPE:-JKS}" - -# Authentication -export KAFKA_CLIENT_USERS="${KAFKA_CLIENT_USERS:-user}" -export KAFKA_CLIENT_PASSWORDS="${KAFKA_CLIENT_PASSWORDS:-bitnami}" - -# Java settings -export KAFKA_HEAP_OPTS="${KAFKA_HEAP_OPTS:--Xmx1024m -Xms1024m}" - -# Custom environment variables may be defined below diff --git a/docker/kafka/rootfs/opt/bitnami/scripts/kafka/entrypoint.sh b/docker/kafka/rootfs/opt/bitnami/scripts/kafka/entrypoint.sh deleted file mode 100755 index 1305e6c13c350..0000000000000 --- a/docker/kafka/rootfs/opt/bitnami/scripts/kafka/entrypoint.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purpose - -# Load libraries -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libbitnami.sh -. /opt/bitnami/scripts/libkafka.sh - -# Load Kafka environment variables -. /opt/bitnami/scripts/kafka-env.sh - -print_welcome_page - -if [[ "$*" = *"/opt/bitnami/scripts/kafka/run.sh"* || "$*" = *"/run.sh"* ]]; then - info "** Starting Kafka setup **" - /opt/bitnami/scripts/kafka/setup.sh - info "** Kafka setup finished! **" -fi - -echo "" -exec "$@" diff --git a/docker/kafka/rootfs/opt/bitnami/scripts/kafka/postunpack.sh b/docker/kafka/rootfs/opt/bitnami/scripts/kafka/postunpack.sh deleted file mode 100755 index f0e2e2c55e975..0000000000000 --- a/docker/kafka/rootfs/opt/bitnami/scripts/kafka/postunpack.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purpose - -# Load libraries -. /opt/bitnami/scripts/libkafka.sh -. /opt/bitnami/scripts/libfs.sh - -# Load Kafka environment variables -. /opt/bitnami/scripts/kafka-env.sh - -# Move server.properties from configtmp to config -# Temporary solution until kafka tarball places server.properties into config -if [[ -d "${KAFKA_BASE_DIR}/configtmp" ]]; then - mv "${KAFKA_BASE_DIR}/configtmp"/* "$KAFKA_CONF_DIR" - rmdir "${KAFKA_BASE_DIR}/configtmp" -fi -[[ -d "${KAFKA_BASE_DIR}/conf" ]] && rmdir "${KAFKA_BASE_DIR}/conf" - -# Ensure directories used by Kafka exist and have proper ownership and permissions -for dir in "$KAFKA_LOG_DIR" "$KAFKA_CONF_DIR" "$KAFKA_MOUNTED_CONF_DIR" "$KAFKA_VOLUME_DIR" "$KAFKA_DATA_DIR" "$KAFKA_INITSCRIPTS_DIR"; do - ensure_dir_exists "$dir" -done -chmod -R g+rwX "$KAFKA_BASE_DIR" "$KAFKA_VOLUME_DIR" "$KAFKA_DATA_DIR" "$KAFKA_INITSCRIPTS_DIR" - -# Disable logging to stdout and garbage collection -# Source: https://logging.apache.org/log4j/log4j-2.4/manual/appenders.html -replace_in_file "${KAFKA_BASE_DIR}/bin/kafka-server-start.sh" " [-]loggc" " " -replace_in_file "${KAFKA_CONF_DIR}/log4j.properties" "DailyRollingFileAppender" "ConsoleAppender" - -# Disable the default console logger in favour of KafkaAppender (which provides the exact output) -echo "log4j.appender.stdout.Threshold=OFF" >>/opt/bitnami/kafka/config/log4j.properties - -# Remove invalid parameters for ConsoleAppender -remove_in_file "${KAFKA_CONF_DIR}/log4j.properties" "DatePattern" -remove_in_file "${KAFKA_CONF_DIR}/log4j.properties" "Appender.File" diff --git a/docker/kafka/rootfs/opt/bitnami/scripts/kafka/run.sh b/docker/kafka/rootfs/opt/bitnami/scripts/kafka/run.sh deleted file mode 100755 index 87c7354819477..0000000000000 --- a/docker/kafka/rootfs/opt/bitnami/scripts/kafka/run.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purpose - -# Load libraries -. /opt/bitnami/scripts/libkafka.sh -. /opt/bitnami/scripts/libos.sh - -# Load Kafka environment variables -. /opt/bitnami/scripts/kafka-env.sh - -if [[ "${KAFKA_CFG_LISTENERS:-}" =~ SASL ]] || [[ "${KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP:-}" =~ SASL ]] || [[ "${KAFKA_ZOOKEEPER_PROTOCOL:-}" =~ SASL ]]; then - export KAFKA_OPTS="-Djava.security.auth.login.config=${KAFKA_CONF_DIR}/kafka_jaas.conf" -fi - -if [[ "${KAFKA_ZOOKEEPER_PROTOCOL:-}" =~ SSL ]]; then - ZOOKEEPER_SSL_CONFIG=$(zookeeper_get_tls_config) - export KAFKA_OPTS="$KAFKA_OPTS $ZOOKEEPER_SSL_CONFIG" -fi - -flags=("$KAFKA_CONF_FILE") -[[ -z "${KAFKA_EXTRA_FLAGS:-}" ]] || flags=("${flags[@]}" "${KAFKA_EXTRA_FLAGS[@]}") -START_COMMAND=("$KAFKA_HOME/bin/kafka-server-start.sh" "${flags[@]}" "$@") - -info "** Starting Kafka **" -if am_i_root; then - exec exec_as_user "$KAFKA_DAEMON_USER" "${START_COMMAND[@]}" -else - exec "${START_COMMAND[@]}" -fi diff --git a/docker/kafka/rootfs/opt/bitnami/scripts/kafka/setup.sh b/docker/kafka/rootfs/opt/bitnami/scripts/kafka/setup.sh deleted file mode 100755 index 5b93530ade9a5..0000000000000 --- a/docker/kafka/rootfs/opt/bitnami/scripts/kafka/setup.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - -# shellcheck disable=SC1091 - -set -o errexit -set -o nounset -set -o pipefail -# set -o xtrace # Uncomment this line for debugging purpose - -# Load libraries -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libkafka.sh - -# Load Kafka environment variables -. /opt/bitnami/scripts/kafka-env.sh - -# Map Kafka environment variables -kafka_create_alias_environment_variables -if [[ -z "${KAFKA_CFG_BROKER_ID:-}" ]]; then - if [[ -n "${BROKER_ID_COMMAND:-}" ]]; then - KAFKA_CFG_BROKER_ID="$(eval "${BROKER_ID_COMMAND:-}")" - export KAFKA_CFG_BROKER_ID - elif ! is_boolean_yes "$KAFKA_ENABLE_KRAFT"; then - # By default auto allocate broker ID unless KRaft is enabled - export KAFKA_CFG_BROKER_ID=-1 - fi -fi -# Set the default tuststore locations -kafka_configure_default_truststore_locations -# Ensure Kafka environment variables are valid -kafka_validate -# Ensure Kafka user and group exist when running as 'root' -if am_i_root; then - ensure_user_exists "$KAFKA_DAEMON_USER" --group "$KAFKA_DAEMON_GROUP" - KAFKA_OWNERSHIP_USER="$KAFKA_DAEMON_USER" -else - KAFKA_OWNERSHIP_USER="" -fi -# Ensure directories used by Kafka exist and have proper ownership and permissions -for dir in "$KAFKA_LOG_DIR" "$KAFKA_CONF_DIR" "$KAFKA_MOUNTED_CONF_DIR" "$KAFKA_VOLUME_DIR" "$KAFKA_DATA_DIR"; do - ensure_dir_exists "$dir" "$KAFKA_OWNERSHIP_USER" -done -# Ensure Kafka is initialized -kafka_initialize -# If KRaft is enabled initialize -if is_boolean_yes "$KAFKA_ENABLE_KRAFT"; then - kraft_initialize -fi -# Ensure custom initialization scripts are executed -kafka_custom_init_scripts diff --git a/docker/kafka/rootfs/opt/bitnami/scripts/libkafka.sh b/docker/kafka/rootfs/opt/bitnami/scripts/libkafka.sh deleted file mode 100644 index d45ed880b0b5b..0000000000000 --- a/docker/kafka/rootfs/opt/bitnami/scripts/libkafka.sh +++ /dev/null @@ -1,897 +0,0 @@ -#!/bin/bash -# -# Bitnami Kafka library - -# shellcheck disable=SC1090,SC1091 - -# Load Generic Libraries -. /opt/bitnami/scripts/libfile.sh -. /opt/bitnami/scripts/libfs.sh -. /opt/bitnami/scripts/liblog.sh -. /opt/bitnami/scripts/libos.sh -. /opt/bitnami/scripts/libvalidations.sh -. /opt/bitnami/scripts/libservice.sh - -# Functions - -######################## -# Set a configuration setting value to a file -# Globals: -# None -# Arguments: -# $1 - file -# $2 - key -# $3 - values (array) -# Returns: -# None -######################### -kafka_common_conf_set() { - local file="${1:?missing file}" - local key="${2:?missing key}" - shift - shift - local values=("$@") - - if [[ "${#values[@]}" -eq 0 ]]; then - stderr_print "missing value" - return 1 - elif [[ "${#values[@]}" -ne 1 ]]; then - for i in "${!values[@]}"; do - kafka_common_conf_set "$file" "${key[$i]}" "${values[$i]}" - done - else - value="${values[0]}" - # Check if the value was set before - if grep -q "^[#\\s]*$key\s*=.*" "$file"; then - # Update the existing key - replace_in_file "$file" "^[#\\s]*${key}\s*=.*" "${key}=${value}" false - else - # Add a new key - printf '\n%s=%s' "$key" "$value" >>"$file" - fi - fi -} - -######################## -# Backwards compatibility measure to configure the TLS truststore locations -# Globals: -# KAFKA_CONF_FILE -# Arguments: -# None -# Returns: -# None -######################### -kafka_configure_default_truststore_locations() { - # Backwards compatibility measure to allow custom truststore locations but at the same time not disrupt - # the UX that the previous version of the containers and the helm chart have. - # Context: The chart and containers by default assumed that the truststore location was KAFKA_CERTS_DIR/kafka.truststore.jks or KAFKA_MOUNTED_CONF_DIR/certs/kafka.truststore.jks. - # Because of this, we could not use custom certificates in different locations (use case: A custom base image that already has a truststore). Changing the logic to allow custom - # locations implied major changes in the current user experience (which only required to mount certificates at the assumed location). In order to maintain this compatibility we need - # use this logic that sets the KAFKA_TLS_*_FILE variables to the previously assumed locations in case it is not set - - # Kafka truststore - if { [[ "${KAFKA_CFG_LISTENERS:-}" =~ SSL ]] || [[ "${KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP:-}" =~ SSL ]]; } && is_empty_value "$KAFKA_TLS_TRUSTSTORE_FILE"; then - local kafka_truststore_filename="kafka.truststore.jks" - [[ "$KAFKA_TLS_TYPE" = "PEM" ]] && kafka_truststore_filename="kafka.truststore.pem" - if [[ -f "${KAFKA_CERTS_DIR}/${kafka_truststore_filename}" ]]; then - # Mounted in /opt/bitnami/kafka/conf/certs - export KAFKA_TLS_TRUSTSTORE_FILE="${KAFKA_CERTS_DIR}/${kafka_truststore_filename}" - else - # Mounted in /bitnami/kafka/conf/certs - export KAFKA_TLS_TRUSTSTORE_FILE="${KAFKA_MOUNTED_CONF_DIR}/certs/${kafka_truststore_filename}" - fi - fi - # Zookeeper truststore - if [[ "${KAFKA_ZOOKEEPER_PROTOCOL:-}" =~ SSL ]] && is_empty_value "$KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE"; then - local zk_truststore_filename="zookeeper.truststore.jks" - [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "PEM" ]] && zk_truststore_filename="zookeeper.truststore.pem" - if [[ -f "${KAFKA_CERTS_DIR}/${zk_truststore_filename}" ]]; then - # Mounted in /opt/bitnami/kafka/conf/certs - export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE="${KAFKA_CERTS_DIR}/${zk_truststore_filename}" - else - # Mounted in /bitnami/kafka/conf/certs - export KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE="${KAFKA_MOUNTED_CONF_DIR}/certs/${zk_truststore_filename}" - fi - fi -} - -######################## -# Set a configuration setting value to server.properties -# Globals: -# KAFKA_CONF_FILE -# Arguments: -# $1 - key -# $2 - values (array) -# Returns: -# None -######################### -kafka_server_conf_set() { - kafka_common_conf_set "$KAFKA_CONF_FILE" "$@" -} - -######################## -# Set a configuration setting value to producer.properties and consumer.properties -# Globals: -# KAFKA_CONF_DIR -# Arguments: -# $1 - key -# $2 - values (array) -# Returns: -# None -######################### -kafka_producer_consumer_conf_set() { - kafka_common_conf_set "$KAFKA_CONF_DIR/producer.properties" "$@" - kafka_common_conf_set "$KAFKA_CONF_DIR/consumer.properties" "$@" -} - -######################## -# Create alias for environment variable, so both can be used -# Globals: -# None -# Arguments: -# $1 - Alias environment variable name -# $2 - Original environment variable name -# Returns: -# None -######################### -kafka_declare_alias_env() { - local -r alias="${1:?missing environment variable alias}" - local -r original="${2:?missing original environment variable}" - if printenv "${original}" >/dev/null; then - export "$alias"="${!original:-}" - fi -} - -######################## -# Map Kafka legacy environment variables to the new names -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_create_alias_environment_variables() { - suffixes=( - "ADVERTISED_LISTENERS" - "BROKER_ID" - "DEFAULT_REPLICATION_FACTOR" - "DELETE_TOPIC_ENABLE" - "INTER_BROKER_LISTENER_NAME" - "LISTENERS" - "LISTENER_SECURITY_PROTOCOL_MAP" - "LOG_DIRS" - "LOG_FLUSH_INTERVAL_MESSAGES" - "LOG_FLUSH_INTERVAL_MS" - "LOG_MESSAGE_FORMAT_VERSION" - "LOG_RETENTION_BYTES" - "LOG_RETENTION_CHECK_INTERVALS_MS" - "LOG_RETENTION_HOURS" - "LOG_SEGMENT_BYTES" - "MESSAGE_MAX_BYTES" - "NUM_IO_THREADS" - "NUM_NETWORK_THREADS" - "NUM_PARTITIONS" - "NUM_RECOVERY_THREADS_PER_DATA_DIR" - "OFFSETS_TOPIC_REPLICATION_FACTOR" - "SOCKET_RECEIVE_BUFFER_BYTES" - "SOCKET_REQUEST_MAX_BYTES" - "SOCKET_SEND_BUFFER_BYTES" - "SSL_ENDPOINT_IDENTIFICATION_ALGORITHM" - "TRANSACTION_STATE_LOG_MIN_ISR" - "TRANSACTION_STATE_LOG_REPLICATION_FACTOR" - "ZOOKEEPER_CONNECT" - "ZOOKEEPER_CONNECTION_TIMEOUT_MS" - ) - kafka_declare_alias_env "KAFKA_CFG_LOG_DIRS" "KAFKA_LOGS_DIRS" - kafka_declare_alias_env "KAFKA_CFG_LOG_SEGMENT_BYTES" "KAFKA_SEGMENT_BYTES" - kafka_declare_alias_env "KAFKA_CFG_MESSAGE_MAX_BYTES" "KAFKA_MAX_MESSAGE_BYTES" - kafka_declare_alias_env "KAFKA_CFG_ZOOKEEPER_CONNECTION_TIMEOUT_MS" "KAFKA_ZOOKEEPER_CONNECT_TIMEOUT_MS" - kafka_declare_alias_env "KAFKA_CFG_AUTO_CREATE_TOPICS_ENABLE" "KAFKA_AUTO_CREATE_TOPICS_ENABLE" - kafka_declare_alias_env "KAFKA_CLIENT_USERS" "KAFKA_BROKER_USER" - kafka_declare_alias_env "KAFKA_CLIENT_PASSWORDS" "KAFKA_BROKER_PASSWORD" - for s in "${suffixes[@]}"; do - kafka_declare_alias_env "KAFKA_CFG_${s}" "KAFKA_${s}" - done -} - -######################## -# Validate settings in KAFKA_* env vars -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_validate() { - debug "Validating settings in KAFKA_* env vars..." - local error_code=0 - local internal_port - local client_port - - # Auxiliary functions - print_validation_error() { - error "$1" - error_code=1 - } - check_allowed_listener_port() { - local -r total="$#" - for i in $(seq 1 "$((total - 1))"); do - for j in $(seq "$((i + 1))" "$total"); do - if (("${!i}" == "${!j}")); then - print_validation_error "There are listeners bound to the same port" - fi - done - done - } - check_conflicting_listener_ports() { - local validate_port_args=() - ! am_i_root && validate_port_args+=("-unprivileged") - if ! err=$(validate_port "${validate_port_args[@]}" "$1"); then - print_validation_error "An invalid port was specified in the environment variable KAFKA_CFG_LISTENERS: $err" - fi - } - check_multi_value() { - if [[ " ${2} " != *" ${!1} "* ]]; then - print_validation_error "The allowed values for ${1} are: ${2}" - fi - } - - if is_boolean_yes "$KAFKA_ENABLE_KRAFT"; then - if [[ -n "$KAFKA_CFG_BROKER_ID" ]]; then - warn "KAFKA_CFG_BROKER_ID Must match what is set in KAFKA_CFG_CONTROLLER_QUORUM_VOTERS" - else - print_validation_error "KRaft requires KAFKA_CFG_BROKER_ID to be set for the quorum controller" - fi - if [[ -n "$KAFKA_CFG_CONTROLLER_QUORUM_VOTERS" ]]; then - warn "KAFKA_CFG_CONTROLLER_QUORUM_VOTERS must match brokers set with KAFKA_CFG_BROKER_ID" - else - print_validation_error "KRaft requires KAFKA_CFG_CONTROLLER_QUORUM_VOTERS to be set" - fi - if [[ -z "$KAFKA_CFG_CONTROLLER_LISTENER_NAMES" ]]; then - print_validation_error "KRaft requires KAFKA_CFG_CONTROLLER_LISTENER_NAMES to be set" - fi - if [[ -n "$KAFKA_CFG_PROCESS_ROLES" ]]; then - warn "KAFKA_CFG_PROCESS_ROLES must include 'controller' for KRaft" - else - print_validation_error "KAFKA_CFG_PROCESS_ROLES must be set to enable KRaft m,model" - fi - if [[ -n "$KAFKA_CFG_LISTENERS" ]]; then - warn "KAFKA_CFG_LISTENERS must include a listener for CONTROLLER" - else - print_validation_error "KRaft requires KAFKA_CFG_LISTENERS to be set" - fi - fi - - if [[ ${KAFKA_CFG_LISTENERS:-} =~ INTERNAL://:([0-9]*) ]]; then - internal_port="${BASH_REMATCH[1]}" - check_allowed_listener_port "$internal_port" - fi - if [[ ${KAFKA_CFG_LISTENERS:-} =~ CLIENT://:([0-9]*) ]]; then - client_port="${BASH_REMATCH[1]}" - check_allowed_listener_port "$client_port" - fi - [[ -n ${internal_port:-} && -n ${client_port:-} ]] && check_conflicting_listener_ports "$internal_port" "$client_port" - if [[ -n "${KAFKA_PORT_NUMBER:-}" ]] || [[ -n "${KAFKA_CFG_PORT:-}" ]]; then - warn "The environment variables KAFKA_PORT_NUMBER and KAFKA_CFG_PORT are deprecated, you can specify the port number to use for each listener using the KAFKA_CFG_LISTENERS environment variable instead." - fi - - read -r -a users <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_USERS}")" - read -r -a passwords <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_PASSWORDS}")" - if [[ "${#users[@]}" -ne "${#passwords[@]}" ]]; then - print_validation_error "Specify the same number of passwords on KAFKA_CLIENT_PASSWORDS as the number of users on KAFKA_CLIENT_USERS!" - fi - - if is_boolean_yes "$ALLOW_PLAINTEXT_LISTENER"; then - warn "You set the environment variable ALLOW_PLAINTEXT_LISTENER=$ALLOW_PLAINTEXT_LISTENER. For safety reasons, do not use this flag in a production environment." - fi - if [[ "${KAFKA_CFG_LISTENERS:-}" =~ SSL ]] || [[ "${KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP:-}" =~ SSL ]]; then - if [[ "$KAFKA_TLS_TYPE" = "JKS" ]] && - { [[ ! -f "${KAFKA_CERTS_DIR}/kafka.keystore.jks" ]] || [[ ! -f "$KAFKA_TLS_TRUSTSTORE_FILE" ]]; } && - { [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/kafka.keystore.jks" ]] || [[ ! -f "$KAFKA_TLS_TRUSTSTORE_FILE" ]]; }; then - print_validation_error "In order to configure the TLS encryption for Kafka with JKS certs you must mount your kafka.keystore.jks and kafka.truststore.jks certs to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - elif [[ "$KAFKA_TLS_TYPE" = "PEM" ]] && - { [[ ! -f "${KAFKA_CERTS_DIR}/kafka.keystore.pem" ]] || [[ ! -f "${KAFKA_CERTS_DIR}/kafka.keystore.key" ]] || [[ ! -f "$KAFKA_TLS_TRUSTSTORE_FILE" ]]; } && - { [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/kafka.keystore.pem" ]] || [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/kafka.keystore.key" ]] || [[ ! -f "$KAFKA_TLS_TRUSTSTORE_FILE" ]]; }; then - print_validation_error "In order to configure the TLS encryption for Kafka with PEM certs you must mount your kafka.keystore.pem, kafka.keystore.key and kafka.truststore.pem certs to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - fi - elif [[ "${KAFKA_CFG_LISTENERS:-}" =~ SASL ]] || [[ "${KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP:-}" =~ SASL ]]; then - if [[ -z "$KAFKA_CLIENT_PASSWORDS" && -z "$KAFKA_INTER_BROKER_PASSWORD" ]]; then - print_validation_error "In order to configure SASL authentication for Kafka, you must provide the SASL credentials. Set the environment variables KAFKA_CLIENT_USERS and KAFKA_CLIENT_PASSWORDS, to configure the credentials for SASL authentication with clients, or set the environment variables KAFKA_INTER_BROKER_USER and KAFKA_INTER_BROKER_PASSWORD, to configure the credentials for SASL authentication between brokers." - fi - elif ! is_boolean_yes "$ALLOW_PLAINTEXT_LISTENER"; then - print_validation_error "The KAFKA_CFG_LISTENERS environment variable does not configure a secure listener. Set the environment variable ALLOW_PLAINTEXT_LISTENER=yes to allow the container to be started with a plaintext listener. This is only recommended for development." - fi - if ! is_boolean_yes "$KAFKA_ENABLE_KRAFT"; then - if [[ "${KAFKA_ZOOKEEPER_PROTOCOL}" =~ SSL ]]; then - if [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "JKS" ]] && - [[ ! -f "$KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE" ]]; then - print_validation_error "In order to configure the TLS encryption for Zookeeper with JKS certs you must mount your zookeeper.truststore.jks cert to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - elif [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "PEM" ]] && - [[ ! -f "$KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE" ]]; then - print_validation_error "In order to configure the TLS encryption for Zookeeper with PEM certs you must mount your zookeeper.truststore.pem cert to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - fi - if [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "JKS" ]] && - [[ ! -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.jks" ]] && [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/zookeeper.keystore.jks" ]]; then - warn "In order to configure the mTLS for Zookeeper with JKS certs you must mount your zookeeper.keystore.jks cert to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - elif [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "PEM" ]] && - { [[ ! -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.pem" ]] || [[ ! -f "${KAFKA_CERTS_DIR}/zookeeper.keystore.key" ]]; } && - { [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/zookeeper.keystore.pem" ]] || [[ ! -f "${KAFKA_MOUNTED_CONF_DIR}/certs/zookeeper.keystore.key" ]]; }; then - warn "In order to configure the mTLS for Zookeeper with PEM certs you must mount your zookeeper.keystore.pem cert and zookeeper.keystore.key key to the ${KAFKA_MOUNTED_CONF_DIR}/certs directory." - fi - elif [[ "${KAFKA_ZOOKEEPER_PROTOCOL}" =~ SASL ]]; then - if [[ -z "$KAFKA_ZOOKEEPER_USER" ]] || [[ -z "$KAFKA_ZOOKEEPER_PASSWORD" ]]; then - print_validation_error "In order to configure SASL authentication for Kafka, you must provide the SASL credentials. Set the environment variables KAFKA_ZOOKEEPER_USER and KAFKA_ZOOKEEPER_PASSWORD, to configure the credentials for SASL authentication with Zookeeper." - fi - elif ! is_boolean_yes "$ALLOW_PLAINTEXT_LISTENER"; then - print_validation_error "The KAFKA_ZOOKEEPER_PROTOCOL environment variable does not configure a secure protocol. Set the environment variable ALLOW_PLAINTEXT_LISTENER=yes to allow the container to be started with a plaintext listener. This is only recommended for development." - fi - fi - check_multi_value "KAFKA_TLS_TYPE" "JKS PEM" - check_multi_value "KAFKA_ZOOKEEPER_TLS_TYPE" "JKS PEM" - check_multi_value "KAFKA_TLS_CLIENT_AUTH" "none requested required" - [[ "$error_code" -eq 0 ]] || return "$error_code" -} - -######################## -# Generate JAAS authentication file -# Globals: -# KAFKA_* -# Arguments: -# $1 - Authentication protocol to use for the internal listener -# $2 - Authentication protocol to use for the client listener -# Returns: -# None -######################### -kafka_generate_jaas_authentication_file() { - local -r internal_protocol="${1:-}" - local -r client_protocol="${2:-}" - - if [[ ! -f "${KAFKA_CONF_DIR}/kafka_jaas.conf" ]]; then - info "Generating JAAS authentication file" - - read -r -a users <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_USERS:-}")" - read -r -a passwords <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_PASSWORDS:-}")" - - if [[ "${client_protocol:-}" =~ SASL ]]; then - if [[ "${KAFKA_CFG_SASL_ENABLED_MECHANISMS:-}" =~ PLAIN ]]; then - cat >>"${KAFKA_CONF_DIR}/kafka_jaas.conf" <>"${KAFKA_CONF_DIR}/kafka_jaas.conf" <>"${KAFKA_CONF_DIR}/kafka_jaas.conf" <>"${KAFKA_CONF_DIR}/kafka_jaas.conf" <>"${KAFKA_CONF_DIR}/kafka_jaas.conf" <>"${KAFKA_CONF_DIR}/kafka_jaas.conf" <>"${KAFKA_CONF_DIR}/kafka_jaas.conf" <>"${KAFKA_CONF_DIR}/kafka_jaas.conf" <>"${KAFKA_CONF_DIR}/kafka_jaas.conf" <>"${KAFKA_CONF_DIR}/kafka_jaas.conf" <>"${KAFKA_CONF_DIR}/kafka_jaas.conf" <>"${KAFKA_CONF_DIR}/kafka_jaas.conf" <>"${KAFKA_CONF_DIR}/kafka_jaas.conf" <>"${KAFKA_CONF_DIR}/kafka_jaas.conf" <>"${KAFKA_CONF_DIR}/kafka_jaas.conf" < 1{print line" \\"}{line=$0;}END{print $0" "}' <"${1:?missing file}" - } - configure_both ssl.keystore.key "$(file_to_multiline_property "${KAFKA_CERTS_DIR}/kafka.keystore.key")" - configure_both ssl.keystore.certificate.chain "$(file_to_multiline_property "${KAFKA_CERTS_DIR}/kafka.keystore.pem")" - configure_both ssl.truststore.certificates "$(file_to_multiline_property "${kafka_truststore_location}")" - elif [[ "$KAFKA_TLS_TYPE" = "JKS" ]]; then - configure_both ssl.keystore.location "$KAFKA_CERTS_DIR"/kafka.keystore.jks - configure_both ssl.truststore.location "$kafka_truststore_location" - ! is_empty_value "$KAFKA_CERTIFICATE_PASSWORD" && configure_both ssl.keystore.password "$KAFKA_CERTIFICATE_PASSWORD" - ! is_empty_value "$KAFKA_CERTIFICATE_PASSWORD" && configure_both ssl.truststore.password "$KAFKA_CERTIFICATE_PASSWORD" - fi - SSL_CONFIGURED=true # prevents configuring SSL more than once -} - -######################## -# Configure Kafka for inter-broker communications -# Globals: -# None -# Arguments: -# $1 - Authentication protocol to use for the internal listener -# Returns: -# None -######################### -kafka_configure_internal_communications() { - local -r protocol="${1:?missing environment variable protocol}" - local -r allowed_protocols=("PLAINTEXT" "SASL_PLAINTEXT" "SASL_SSL" "SSL") - info "Configuring Kafka for inter-broker communications with ${protocol} authentication." - - if [[ "${allowed_protocols[*]}" =~ $protocol ]]; then - kafka_server_conf_set security.inter.broker.protocol "$protocol" - if [[ "$protocol" = "PLAINTEXT" ]]; then - warn "Inter-broker communications are configured as PLAINTEXT. This is not safe for production environments." - fi - if [[ "$protocol" = "SASL_PLAINTEXT" ]] || [[ "$protocol" = "SASL_SSL" ]]; then - # IMPORTANT: Do not confuse SASL/PLAIN with PLAINTEXT - # For more information, see: https://docs.confluent.io/current/kafka/authentication_sasl/authentication_sasl_plain.html#sasl-plain-overview) - if [[ -n "$KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL" ]]; then - kafka_server_conf_set sasl.mechanism.inter.broker.protocol "$KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL" - else - error "When using SASL for inter broker comunication the mechanism should be provided at KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL" - exit 1 - fi - fi - if [[ "$protocol" = "SASL_SSL" ]] || [[ "$protocol" = "SSL" ]]; then - kafka_configure_ssl - # We need to enable 2 way authentication on SASL_SSL so brokers authenticate each other. - # It won't affect client communications unless the SSL protocol is for them. - kafka_server_conf_set ssl.client.auth "$KAFKA_TLS_CLIENT_AUTH" - fi - else - error "Authentication protocol ${protocol} is not supported!" - exit 1 - fi -} - -######################## -# Configure Kafka for client communications -# Globals: -# None -# Arguments: -# $1 - Authentication protocol to use for the client listener -# Returns: -# None -######################### -kafka_configure_client_communications() { - local -r protocol="${1:?missing environment variable protocol}" - local -r allowed_protocols=("PLAINTEXT" "SASL_PLAINTEXT" "SASL_SSL" "SSL") - info "Configuring Kafka for client communications with ${protocol} authentication." - - if [[ "${allowed_protocols[*]}" =~ ${protocol} ]]; then - kafka_server_conf_set security.inter.broker.protocol "$protocol" - if [[ "$protocol" = "PLAINTEXT" ]]; then - warn "Client communications are configured using PLAINTEXT listeners. For safety reasons, do not use this in a production environment." - fi - if [[ "$protocol" = "SASL_PLAINTEXT" ]] || [[ "$protocol" = "SASL_SSL" ]]; then - # The below lines would need to be updated to support other SASL implementations (i.e. GSSAPI) - # IMPORTANT: Do not confuse SASL/PLAIN with PLAINTEXT - # For more information, see: https://docs.confluent.io/current/kafka/authentication_sasl/authentication_sasl_plain.html#sasl-plain-overview) - kafka_server_conf_set sasl.mechanism.inter.broker.protocol "$KAFKA_CFG_SASL_MECHANISM_INTER_BROKER_PROTOCOL" - fi - if [[ "$protocol" = "SASL_SSL" ]] || [[ "$protocol" = "SSL" ]]; then - kafka_configure_ssl - fi - if [[ "$protocol" = "SSL" ]]; then - kafka_server_conf_set ssl.client.auth "$KAFKA_TLS_CLIENT_AUTH" - fi - else - error "Authentication protocol ${protocol} is not supported!" - exit 1 - fi -} - -######################## -# Configure Kafka for external-client communications -# Globals: -# None -# Arguments: -# $1 - Authentication protocol to use for the external-client listener -# Returns: -# None -######################### -kafka_configure_external_client_communications() { - local -r protocol="${1:?missing environment variable protocol}" - local -r allowed_protocols=("PLAINTEXT" "SASL_PLAINTEXT" "SASL_SSL" "SSL") - info "Configuring Kafka for external client communications with ${protocol} authentication." - - if [[ "${allowed_protocols[*]}" =~ ${protocol} ]]; then - if [[ "$protocol" = "PLAINTEXT" ]]; then - warn "External client communications are configured using PLAINTEXT listeners. For safety reasons, do not use this in a production environment." - fi - if [[ "$protocol" = "SASL_SSL" ]] || [[ "$protocol" = "SSL" ]]; then - kafka_configure_ssl - fi - if [[ "$protocol" = "SSL" ]]; then - kafka_server_conf_set ssl.client.auth "$KAFKA_TLS_CLIENT_AUTH" - fi - else - error "Authentication protocol ${protocol} is not supported!" - exit 1 - fi -} - -######################## -# Get Zookeeper TLS settings -# Globals: -# KAFKA_ZOOKEEPER_TLS_* -# Arguments: -# None -# Returns: -# String -######################### -zookeeper_get_tls_config() { - # Note that ZooKeeper does not support a key password different from the keystore password, - # so be sure to set the key password in the keystore to be identical to the keystore password; - # otherwise the connection attempt to Zookeeper will fail. - local keystore_location="" - local -r kafka_zk_truststore_location="${KAFKA_CERTS_DIR}/$(basename "${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE}")" - - if [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "JKS" ]] && [[ -f "$KAFKA_CERTS_DIR"/zookeeper.keystore.jks ]]; then - keystore_location="${KAFKA_CERTS_DIR}/zookeeper.keystore.jks" - elif [[ "$KAFKA_ZOOKEEPER_TLS_TYPE" = "PEM" ]] && [[ -f "$KAFKA_CERTS_DIR"/zookeeper.keystore.pem ]] && [[ -f "$KAFKA_CERTS_DIR"/zookeeper.keystore.key ]]; then - # Concatenating private key into public certificate file - # This is needed to load keystore from location using PEM - cat "$KAFKA_CERTS_DIR"/zookeeper.keystore.key >>"$KAFKA_CERTS_DIR"/zookeeper.keystore.pem - keystore_location="${KAFKA_CERTS_DIR}/zookeeper.keystore.pem" - fi - - echo "-Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty \ - -Dzookeeper.client.secure=true \ - -Dzookeeper.ssl.keyStore.location=${keystore_location} \ - -Dzookeeper.ssl.keyStore.password=${KAFKA_ZOOKEEPER_TLS_KEYSTORE_PASSWORD} \ - -Dzookeeper.ssl.trustStore.location=${kafka_zk_truststore_location} \ - -Dzookeeper.ssl.trustStore.password=${KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_PASSWORD} \ - -Dzookeeper.ssl.hostnameVerification=${KAFKA_ZOOKEEPER_TLS_VERIFY_HOSTNAME}" -} - -######################## -# Configure Kafka configuration files from environment variables -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_configure_from_environment_variables() { - # List of special cases to apply to the variables - local -r exception_regexps=( - "s/sasl.ssl/sasl_ssl/g" - "s/sasl.plaintext/sasl_plaintext/g" - ) - # Map environment variables to config properties - for var in "${!KAFKA_CFG_@}"; do - key="$(echo "$var" | sed -e 's/^KAFKA_CFG_//g' -e 's/_/\./g' | tr '[:upper:]' '[:lower:]')" - - # Exception for the camel case in this environment variable - [[ "$var" == "KAFKA_CFG_ZOOKEEPER_CLIENTCNXNSOCKET" ]] && key="zookeeper.clientCnxnSocket" - - # Apply exception regexps - for regex in "${exception_regexps[@]}"; do - key="$(echo "$key" | sed "$regex")" - done - - value="${!var}" - kafka_server_conf_set "$key" "$value" - done -} - -######################## -# Configure Kafka configuration files to set up message sizes -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_configure_producer_consumer_message_sizes() { - if [[ -n "$KAFKA_CFG_MAX_REQUEST_SIZE" ]]; then - kafka_common_conf_set "$KAFKA_CONF_DIR/producer.properties" max.request.size "$KAFKA_CFG_MAX_REQUEST_SIZE" - fi - if [[ -n "$KAFKA_CFG_MAX_PARTITION_FETCH_BYTES" ]]; then - kafka_common_conf_set "$KAFKA_CONF_DIR/consumer.properties" max.partition.fetch.bytes "$KAFKA_CFG_MAX_PARTITION_FETCH_BYTES" - fi -} - -######################## -# Initialize KRaft -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kraft_initialize() { - info "Initializing KRaft..." - - if [[ -z "$KAFKA_KRAFT_CLUSTER_ID" ]]; then - warn "KAFKA_KRAFT_CLUSTER_ID not set - If using multiple nodes then you must use the same Cluster ID for each one" - KAFKA_KRAFT_CLUSTER_ID="$("${KAFKA_HOME}/bin/kafka-storage.sh" random-uuid)" - info "Generated Kafka cluster ID '${KAFKA_KRAFT_CLUSTER_ID}'" - fi - - info "Formatting storage directories to add metadata..." - debug_execute "$KAFKA_HOME/bin/kafka-storage.sh" format --config "$KAFKA_CONF_FILE" --cluster-id "$KAFKA_KRAFT_CLUSTER_ID" --ignore-formatted -} - -######################## -# Initialize Kafka -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_initialize() { - info "Initializing Kafka..." - # DEPRECATED. Copy files in old conf directory to maintain compatibility with Helm chart. - if ! is_dir_empty "$KAFKA_BASE_DIR"/conf; then - warn "Detected files mounted to $KAFKA_BASE_DIR/conf. This is deprecated and files should be mounted to $KAFKA_MOUNTED_CONF_DIR." - cp -Lr "$KAFKA_BASE_DIR"/conf/* "$KAFKA_CONF_DIR" - fi - # Check for mounted configuration files - if ! is_dir_empty "$KAFKA_MOUNTED_CONF_DIR"; then - cp -Lr "$KAFKA_MOUNTED_CONF_DIR"/* "$KAFKA_CONF_DIR" - fi - # Copy truststore to cert directory - for cert_var in KAFKA_TLS_TRUSTSTORE_FILE KAFKA_ZOOKEEPER_TLS_TRUSTSTORE_FILE; do - # Only copy if the file exists and it is in a different location than KAFKA_CERTS_DIR (to avoid copying to the same location) - if [[ -f "${!cert_var}" ]] && ! [[ "${!cert_var}" =~ $KAFKA_CERTS_DIR ]]; then - info "Copying truststore ${!cert_var} to ${KAFKA_CERTS_DIR}" - cp -L "${!cert_var}" "$KAFKA_CERTS_DIR" - fi - done - - # DEPRECATED. Check for server.properties file in old conf directory to maintain compatibility with Helm chart. - if [[ ! -f "$KAFKA_BASE_DIR"/conf/server.properties ]] && [[ ! -f "$KAFKA_MOUNTED_CONF_DIR"/server.properties ]]; then - info "No injected configuration files found, creating default config files" - kafka_server_conf_set log.dirs "$KAFKA_DATA_DIR" - kafka_configure_from_environment_variables - # When setting up a Kafka cluster with N brokers, we have several listeners: - # - INTERNAL: used for inter-broker communications - # - CLIENT: used for communications with consumers/producers within the same network - # - (optional) EXTERNAL: used for communications with consumers/producers on different networks - local internal_protocol - local client_protocol - local external_client_protocol - if [[ ${KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP:-} =~ INTERNAL:([a-zA-Z_]*) ]]; then - internal_protocol="${BASH_REMATCH[1]}" - kafka_configure_internal_communications "$internal_protocol" - fi - if [[ ${KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP:-} =~ CLIENT:([a-zA-Z_]*) ]]; then - client_protocol="${BASH_REMATCH[1]}" - kafka_configure_client_communications "$client_protocol" - fi - if [[ ${KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP:-} =~ EXTERNAL:([a-zA-Z_]*) ]]; then - external_client_protocol="${BASH_REMATCH[1]}" - kafka_configure_external_client_communications "$external_client_protocol" - fi - - if [[ "${internal_protocol:-}" =~ "SASL" || "${client_protocol:-}" =~ "SASL" || "${external_client_protocol:-}" =~ "SASL" ]] || [[ "${KAFKA_ZOOKEEPER_PROTOCOL}" =~ SASL ]]; then - if [[ -n "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" ]]; then - kafka_server_conf_set sasl.enabled.mechanisms "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" - kafka_generate_jaas_authentication_file "${internal_protocol:-}" "${client_protocol:-}" - [[ "$KAFKA_CFG_SASL_ENABLED_MECHANISMS" =~ "SCRAM" ]] && kafka_create_sasl_scram_zookeeper_users - else - print_validation_error "Specified SASL protocol but no SASL mechanisms provided in KAFKA_CFG_SASL_ENABLED_MECHANISMS" - fi - fi - # Remove security.inter.broker.protocol if KAFKA_CFG_INTER_BROKER_LISTENER_NAME is configured - if [[ -n "${KAFKA_CFG_INTER_BROKER_LISTENER_NAME:-}" ]]; then - remove_in_file "$KAFKA_CONF_FILE" "security.inter.broker.protocol" false - fi - kafka_configure_producer_consumer_message_sizes - fi - true -} - -######################## -# Run custom initialization scripts -# Globals: -# KAFKA_* -# Arguments: -# None -# Returns: -# None -######################### -kafka_custom_init_scripts() { - if [[ -n $(find "${KAFKA_INITSCRIPTS_DIR}/" -type f -regex ".*\.\(sh\)") ]] && [[ ! -f "${KAFKA_VOLUME_DIR}/.user_scripts_initialized" ]]; then - info "Loading user's custom files from $KAFKA_INITSCRIPTS_DIR" - for f in /docker-entrypoint-initdb.d/*; do - debug "Executing $f" - case "$f" in - *.sh) - if [[ -x "$f" ]]; then - if ! "$f"; then - error "Failed executing $f" - return 1 - fi - else - warn "Sourcing $f as it is not executable by the current user, any error may cause initialization to fail" - . "$f" - fi - ;; - *) - warn "Skipping $f, supported formats are: .sh" - ;; - esac - done - touch "$KAFKA_VOLUME_DIR"/.user_scripts_initialized - fi -} - -######################## -# Check if Kafka is running -# Globals: -# KAFKA_PID_FILE -# Arguments: -# None -# Returns: -# Whether Kafka is running -######################## -is_kafka_running() { - local pid - pid="$(get_pid_from_file "$KAFKA_PID_FILE")" - if [[ -n "$pid" ]]; then - is_service_running "$pid" - else - false - fi -} - -######################## -# Check if Kafka is running -# Globals: -# KAFKA_PID_FILE -# Arguments: -# None -# Returns: -# Whether Kafka is not running -######################## -is_kafka_not_running() { - ! is_kafka_running -} - -######################## -# Stop Kafka -# Globals: -# KAFKA_PID_FILE -# Arguments: -# None -# Returns: -# None -######################### -kafka_stop() { - ! is_kafka_running && return - stop_service_using_pid "$KAFKA_PID_FILE" TERM -}