infrastructure/cdn-in-a-box/traffic_router/run.sh - trafficcontrol - Git at Google

 #!/usr/bin/env bash
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 NAME="Traffic Router Application"

 function longer_dns_timeout() {
   local day_in_ms dns_properties;
   day_in_ms=$(( 1000 * 60 * 60 * 24 )); # Timing out debugging after 1 day seems fair
   dns_properties=/opt/traffic_router/conf/dns.properties;
   <<-DNS_CONFIG_LINES cat >> $dns_properties;
 		dns.tcp.timeout.task=$(( day_in_ms ))
 		dns.udp.timeout.task=$(( day_in_ms ))
 DNS_CONFIG_LINES
 }

 set-dns.sh
 insert-self-into-dns.sh

 # Global Vars for FQDNs, ports, etc
 source /to-access.sh

 CATALINA_HOME="/opt/tomcat"
 CATALINA_BASE="/opt/traffic_router"
 CATALINA_OUT="$CATALINA_HOME/logs/catalina.log"
 CATALINA_LOG="$CATALINA_HOME/logs/catalina.$(date +%Y-%m-%d).log"
 CATALINA_PID="$CATALINA_BASE/temp/tomcat.pid"

 CATALINA_OPTS="\
   -server -Xms2g -Xmx8g \
   -Djava.library.path=/usr/lib64:$CATALINA_BASE/lib:$CATALINA_HOME/lib \
   -Dlog4j.configurationFile=$CATALINA_BASE/conf/log4j2.xml \
   -Dorg.apache.catalina.connector.Response.ENFORCE_ENCODING_IN_GET_WRITER=false \
   -XX:+UseG1GC \
   -XX:+UnlockExperimentalVMOptions \
   -XX:InitiatingHeapOccupancyPercent=30"

 if [[ "$TR_DEBUG_ENABLE" == true ]]; then
     export JPDA_OPTS="-agentlib:jdwp=transport=dt_socket,address=*:5005,server=y,suspend=n";
     longer_dns_timeout;
 fi;

 JAVA_HOME=/opt/java
 JAVA_OPTS="\
   -Djava.library.path=/usr/lib64 \
   -Dcache.config.json.refresh.period=5000 \
   -Djava.awt.headless=true \
   -Djava.security.egd=file:/dev/./urandom"

 TO_PROPERTIES="$CATALINA_BASE/conf/traffic_ops.properties"
 TM_PROPERTIES="$CATALINA_BASE/conf/traffic_monitor.properties"
 LOGFILE="$CATALINA_BASE/var/log/traffic_router.log"
 ACCESSLOG="$CATALINA_BASE/var/log/access.log"

 export JAVA_HOME JAVA_OPTS
 export TO_PROPERTIES TM_PROPERTIES
 export CATALINA_HOME CATALINA_BASE CATALINA_OPTS CATALINA_OUT CATALINA_PID

 # Wait on SSL certificate generation
 until [[ -f "$X509_CA_ENV_FILE" ]]
 do
   echo "Waiting on Shared SSL certificate generation"
   sleep 3
 done

 # Source the CIAB-CA shared SSL environment
 until [[ -n "$X509_GENERATION_COMPLETE" ]]
 do
   echo "Waiting on X509 vars to be defined"
   sleep 1
   source "$X509_CA_ENV_FILE"
 done

 # Copy the CIAB-CA certificate to the traffic_router conf so it can be added to the trust store
 cp $X509_CA_ROOT_CERT_FILE $CATALINA_BASE/conf
 cp $X509_CA_INTR_CERT_FILE $CATALINA_BASE/conf
 cp $X509_CA_CERT_FULL_CHAIN_FILE /etc/pki/ca-trust/source/anchors
 update-ca-trust extract

 # Add traffic
 for crtfile in $(find $CATALINA_BASE/conf -name \*.crt -type f)
 do
   alias=$(echo $crtfile |sed -e 's/.crt//g' |tr [:upper:] [:lower:]);
   cacerts=$(find $JAVA_HOME -follow -name cacerts); echo $cacerts;
   keytool=$JAVA_HOME/bin/keytool;

   $keytool -list -alias $alias -keystore $cacerts -storepass changeit -noprompt > /dev/null;

   if [ $? -ne 0 ]; then
      echo "Installing certificate ${crtfile}..";
      $keytool -import -trustcacerts -file $crtfile -alias $alias -keystore $cacerts -storepass changeit -noprompt;
   fi;
 done

 /opt/traffic_router/conf/generatingCerts.sh

 # Configure TO properties
 # File: /opt/traffic_router/conf/traffic_ops.properties
 echo "" > $TO_PROPERTIES
 echo "traffic_ops.username=$TO_ADMIN_USER" >> $TO_PROPERTIES
 echo "traffic_ops.password=$TO_ADMIN_PASSWORD" >> $TO_PROPERTIES

 # Configure TM properties
 # File: /opt/traffic_router/conf/traffic_monitor.properties
 echo "traffic_monitor.bootstrap.hosts=$TM_FQDN:$TM_PORT;" >> $TM_PROPERTIES
 echo "traffic_monitor.properties.reload.period=60000" >> $TM_PROPERTIES

 # Enroll Traffic Router
 to-enroll tr || (while true; do echo "enroll failed."; sleep 3 ; done)

 # Wait for traffic monitor
 until nc $TM_FQDN $TM_PORT </dev/null >/dev/null 2>&1; do
   echo "Waiting for Traffic Monitor to start..."
   sleep 3
 done

 touch $LOGFILE $ACCESSLOG
 if [[ "$TR_DEBUG_ENABLE" == true ]]; then
     exec /opt/tomcat/bin/catalina.sh jpda start &
 else
     exec /opt/tomcat/bin/catalina.sh run &
 fi;

 tail -F $CATALINA_OUT $CATALINA_LOG $LOGFILE $ACCESSLOG
	#!/usr/bin/env bash
	# Licensed to the Apache Software Foundation (ASF) under one
	# or more contributor license agreements. See the NOTICE file
	# distributed with this work for additional information
	# regarding copyright ownership. The ASF licenses this file
	# to you under the Apache License, Version 2.0 (the
	# "License"); you may not use this file except in compliance
	# with the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing,
	# software distributed under the License is distributed on an
	# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	# KIND, either express or implied. See the License for the
	# specific language governing permissions and limitations
	# under the License.
	NAME="Traffic Router Application"

	function longer_dns_timeout() {
	local day_in_ms dns_properties;
	day_in_ms=$(( 1000 * 60 * 60 * 24 )); # Timing out debugging after 1 day seems fair
	dns_properties=/opt/traffic_router/conf/dns.properties;
	<<-DNS_CONFIG_LINES cat >> $dns_properties;
	dns.tcp.timeout.task=$(( day_in_ms ))
	dns.udp.timeout.task=$(( day_in_ms ))
	DNS_CONFIG_LINES
	}

	set-dns.sh
	insert-self-into-dns.sh

	# Global Vars for FQDNs, ports, etc
	source /to-access.sh

	CATALINA_HOME="/opt/tomcat"
	CATALINA_BASE="/opt/traffic_router"
	CATALINA_OUT="$CATALINA_HOME/logs/catalina.log"
	CATALINA_LOG="$CATALINA_HOME/logs/catalina.$(date +%Y-%m-%d).log"
	CATALINA_PID="$CATALINA_BASE/temp/tomcat.pid"

	CATALINA_OPTS="\
	-server -Xms2g -Xmx8g \
	-Djava.library.path=/usr/lib64:$CATALINA_BASE/lib:$CATALINA_HOME/lib \
	-Dlog4j.configurationFile=$CATALINA_BASE/conf/log4j2.xml \
	-Dorg.apache.catalina.connector.Response.ENFORCE_ENCODING_IN_GET_WRITER=false \
	-XX:+UseG1GC \
	-XX:+UnlockExperimentalVMOptions \
	-XX:InitiatingHeapOccupancyPercent=30"

	if [[ "$TR_DEBUG_ENABLE" == true ]]; then
	export JPDA_OPTS="-agentlib:jdwp=transport=dt_socket,address=*:5005,server=y,suspend=n";
	longer_dns_timeout;
	fi;

	JAVA_HOME=/opt/java
	JAVA_OPTS="\
	-Djava.library.path=/usr/lib64 \
	-Dcache.config.json.refresh.period=5000 \
	-Djava.awt.headless=true \
	-Djava.security.egd=file:/dev/./urandom"

	TO_PROPERTIES="$CATALINA_BASE/conf/traffic_ops.properties"
	TM_PROPERTIES="$CATALINA_BASE/conf/traffic_monitor.properties"
	LOGFILE="$CATALINA_BASE/var/log/traffic_router.log"
	ACCESSLOG="$CATALINA_BASE/var/log/access.log"

	export JAVA_HOME JAVA_OPTS
	export TO_PROPERTIES TM_PROPERTIES
	export CATALINA_HOME CATALINA_BASE CATALINA_OPTS CATALINA_OUT CATALINA_PID

	# Wait on SSL certificate generation
	until [[ -f "$X509_CA_ENV_FILE" ]]
	do
	echo "Waiting on Shared SSL certificate generation"
	sleep 3
	done

	# Source the CIAB-CA shared SSL environment
	until [[ -n "$X509_GENERATION_COMPLETE" ]]
	do
	echo "Waiting on X509 vars to be defined"
	sleep 1
	source "$X509_CA_ENV_FILE"
	done

	# Copy the CIAB-CA certificate to the traffic_router conf so it can be added to the trust store
	cp $X509_CA_ROOT_CERT_FILE $CATALINA_BASE/conf
	cp $X509_CA_INTR_CERT_FILE $CATALINA_BASE/conf
	cp $X509_CA_CERT_FULL_CHAIN_FILE /etc/pki/ca-trust/source/anchors
	update-ca-trust extract

	# Add traffic
	for crtfile in $(find $CATALINA_BASE/conf -name \*.crt -type f)
	do
	alias=$(echo $crtfile \|sed -e 's/.crt//g' \|tr [:upper:] [:lower:]);
	cacerts=$(find $JAVA_HOME -follow -name cacerts); echo $cacerts;
	keytool=$JAVA_HOME/bin/keytool;

	$keytool -list -alias $alias -keystore $cacerts -storepass changeit -noprompt > /dev/null;

	if [ $? -ne 0 ]; then
	echo "Installing certificate ${crtfile}..";
	$keytool -import -trustcacerts -file $crtfile -alias $alias -keystore $cacerts -storepass changeit -noprompt;
	fi;
	done

	/opt/traffic_router/conf/generatingCerts.sh

	# Configure TO properties
	# File: /opt/traffic_router/conf/traffic_ops.properties
	echo "" > $TO_PROPERTIES
	echo "traffic_ops.username=$TO_ADMIN_USER" >> $TO_PROPERTIES
	echo "traffic_ops.password=$TO_ADMIN_PASSWORD" >> $TO_PROPERTIES

	# Configure TM properties
	# File: /opt/traffic_router/conf/traffic_monitor.properties
	echo "traffic_monitor.bootstrap.hosts=$TM_FQDN:$TM_PORT;" >> $TM_PROPERTIES
	echo "traffic_monitor.properties.reload.period=60000" >> $TM_PROPERTIES

	# Enroll Traffic Router
	to-enroll tr \|\| (while true; do echo "enroll failed."; sleep 3 ; done)

	# Wait for traffic monitor
	until nc $TM_FQDN $TM_PORT </dev/null >/dev/null 2>&1; do
	echo "Waiting for Traffic Monitor to start..."
	sleep 3
	done

	touch $LOGFILE $ACCESSLOG
	if [[ "$TR_DEBUG_ENABLE" == true ]]; then
	exec /opt/tomcat/bin/catalina.sh jpda start &
	else
	exec /opt/tomcat/bin/catalina.sh run &
	fi;

	tail -F $CATALINA_OUT $CATALINA_LOG $LOGFILE $ACCESSLOG