Update setup.sh

причесали экранирование, доработали ожидание освобождения apt и добавили его ко всем установкам
This commit is contained in:
deadcxap
2025-08-25 03:06:14 +03:00
committed by GitHub
parent 775fd9a5c2
commit 29aa8f544f
+56 -10
View File
@@ -26,11 +26,39 @@ run() {
} }
wait_for_apt() { wait_for_apt() {
while fuser /var/lib/dpkg/lock-frontend >/dev/null 2>&1; do local lock_files=(
/var/lib/dpkg/lock-frontend
/var/lib/dpkg/lock
/var/lib/apt/lists/lock
/var/cache/apt/archives/lock
)
local timeout=900 # максимум 15 минут ждать
local waited=0
while true; do
local locked=false
for f in "${lock_files[@]}"; do
if fuser "$f" >/dev/null 2>&1; then
locked=true
break
fi
done
if ! $locked; then
return 0
fi
if (( waited >= timeout )); then
echo "Timeout waiting for apt/dpkg lock (maybe unattended-upgrades?)" >&2
return 1
fi
sleep 1 sleep 1
((waited++))
done done
} }
print_summary() { print_summary() {
echo "\n==== Итоговая сводка ====" echo "\n==== Итоговая сводка ===="
for item in "${SUMMARY[@]}"; do for item in "${SUMMARY[@]}"; do
@@ -103,8 +131,9 @@ if [[ $(id -u) -ne 0 ]]; then
fi fi
install_packages() { install_packages() {
run "Waiting for apt lock" wait_for_apt
run "Updating package index" apt-get update -y run "Updating package index" apt-get update -y
run "Installing base packages" apt-get install -y sudo curl wget git ufw logrotate unattended-upgrades ca-certificates gnupg lsb-release apt-transport-https run "Installing base packages" apt-get install -y sudo curl wget git ufw logrotate unattended-upgrades ca-certificates gnupg lsb-release apt-transport-https jq
} }
setup_timezone() { setup_timezone() {
@@ -122,7 +151,7 @@ EOF"
} }
create_user() { create_user() {
run "Creating user $USERNAME" bash -c "id '$USERNAME' >/dev/null 2>&1 || adduser --disabled-password --gecos '' '$USERNAME'" run "Creating user $" bash -c "id '$USERNAME' >/dev/null 2>&1 || adduser --disabled-password --gecos '' '$USERNAME'"
run "Granting sudo privileges to $USERNAME" bash -c "usermod -aG sudo '$USERNAME' && printf '%s ALL=(ALL) NOPASSWD:ALL\\n' '$USERNAME' >/etc/sudoers.d/90-$USERNAME" run "Granting sudo privileges to $USERNAME" bash -c "usermod -aG sudo '$USERNAME' && printf '%s ALL=(ALL) NOPASSWD:ALL\\n' '$USERNAME' >/etc/sudoers.d/90-$USERNAME"
} }
@@ -187,6 +216,7 @@ configure_ufw() {
install_docker() { install_docker() {
if ! command -v docker >/dev/null 2>&1; then if ! command -v docker >/dev/null 2>&1; then
run "Waiting for apt lock" wait_for_apt
run "Installing Docker" bash -c "install -m 0755 -d /etc/apt/keyrings && curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg && echo 'deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable' | tee /etc/apt/sources.list.d/docker.list >/dev/null && apt-get update -y && apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin" run "Installing Docker" bash -c "install -m 0755 -d /etc/apt/keyrings && curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg && echo 'deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable' | tee /etc/apt/sources.list.d/docker.list >/dev/null && apt-get update -y && apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin"
fi fi
run "Adding $USERNAME to docker group" usermod -aG docker "$USERNAME" run "Adding $USERNAME to docker group" usermod -aG docker "$USERNAME"
@@ -197,6 +227,7 @@ install_docker() {
} }
configure_fail2ban() { configure_fail2ban() {
run "Waiting for apt lock" wait_for_apt
run "Installing fail2ban" apt-get install -y fail2ban run "Installing fail2ban" apt-get install -y fail2ban
run "Configuring fail2ban" bash -c "cat >/etc/fail2ban/jail.local <<'EOF' run "Configuring fail2ban" bash -c "cat >/etc/fail2ban/jail.local <<'EOF'
[sshd] [sshd]
@@ -223,7 +254,7 @@ EOF"
install_netbird() { install_netbird() {
[[ -z "$NETBIRD_KEY" ]] && return [[ -z "$NETBIRD_KEY" ]] && return
wait_for_apt run "Waiting for apt lock" wait_for_apt
run "Installing Netbird" bash -c "curl -fsSL https://pkgs.netbird.io/install.sh | sh" run "Installing Netbird" bash -c "curl -fsSL https://pkgs.netbird.io/install.sh | sh"
run "Starting Netbird" netbird up --setup-key "$NETBIRD_KEY" run "Starting Netbird" netbird up --setup-key "$NETBIRD_KEY"
run "Checking Netbird service" systemctl is-active --quiet netbird run "Checking Netbird service" systemctl is-active --quiet netbird
@@ -233,6 +264,7 @@ install_netbird() {
setup_vector() { setup_vector() {
[[ -z "$VECTOR_ENDPOINT" ]] && return [[ -z "$VECTOR_ENDPOINT" ]] && return
if ! command -v vector >/dev/null 2>&1; then if ! command -v vector >/dev/null 2>&1; then
run "Waiting for apt lock" wait_for_apt
run "Installing Vector" bash -c "curl -1sLf 'https://repositories.timber.io/public/vector/cfg/setup/bash.deb.sh' | bash && apt-get install -y vector" run "Installing Vector" bash -c "curl -1sLf 'https://repositories.timber.io/public/vector/cfg/setup/bash.deb.sh' | bash && apt-get install -y vector"
fi fi
run "Configuring Vector" bash -c "cat >/etc/vector/vector.toml <<'EOF' run "Configuring Vector" bash -c "cat >/etc/vector/vector.toml <<'EOF'
@@ -261,20 +293,19 @@ setup_role() {
log "Checking role $ROLE exists in repository" log "Checking role $ROLE exists in repository"
if curl -fsSL -o /dev/null "$ROLE_URL"; then if curl -fsSL -o /dev/null "$ROLE_URL"; then
log "OK: role $ROLE exists in repository" log "OK: role $ROLE exists in repository"
SUMMARY+=("Role check: OK") SUMMARY+=("Role exists check: OK")
else else
log "WARN: role $ROLE not found in repository, skipping" log "WARN: role $ROLE not found in repository, skipping"
SUMMARY+=("Role check: WARN") SUMMARY+=("Role check: WARN")
return return
fi fi
TEMP_DIR=$(mktemp -d) TEMP_DIR=$(mktemp -d)
# run "Cloning role repository" git clone --depth=1 "$REPO_URL" "$TEMP_DIR"
run "Cloning role repository (sparse)" bash -c " run "Cloning role repository (sparse)" bash -c "
git --config-env=http.https://github.com/.extraheader=GH_AUTH_HEADER \ git --config-env=http.https://github.com/.extraheader=GH_AUTH_HEADER \
clone --depth=1 --filter=blob:none --sparse "$REPO_URL" "$TEMP_DIR" && clone --depth=1 --filter=blob:none --sparse \"$REPO_URL\" \"$TEMP_DIR\"
git --config-env=http.https://github.com/.extraheader=GH_AUTH_HEADER \ git --config-env=http.https://github.com/.extraheader=GH_AUTH_HEADER \
-C "$TEMP_DIR" sparse-checkout set "$ROLE" -C \"$TEMP_DIR\" sparse-checkout set \"$ROLE\"
" "
ROLE_SRC="$TEMP_DIR/$ROLE" ROLE_SRC="$TEMP_DIR/$ROLE"
if [[ ! -d "$ROLE_SRC" ]]; then if [[ ! -d "$ROLE_SRC" ]]; then
@@ -292,7 +323,22 @@ setup_role() {
init_script="$target_dir/init.sh" init_script="$target_dir/init.sh"
if [[ -f "$init_script" ]]; then if [[ -f "$init_script" ]]; then
run "Running init.sh for $service_name" bash "$init_script" run "Running init.sh for $service_name" bash "$init_script"
run "Checking $service_name stack" bash -c "cd \"$target_dir\" && docker compose ps | grep -q 'Up'" run "Waiting for $service_name stack to be Up" bash -c "
set -e
dir=\"$target_dir\"
timeout=\"${COMPOSE_WAIT_TIMEOUT:-180}\"
interval=\"${COMPOSE_WAIT_INTERVAL:-5}\"
end=\$((SECONDS + timeout))
while (( SECONDS < end )); do
if cd \"\$dir\" && docker compose ps | grep -q 'Up'; then
exit 0
fi
sleep \"\$interval\"
done
echo \"WARN: Timed out: containers not Up after \${timeout}s\" >&2
exit 0
"
# run "Checking $service_name stack" bash -c "cd \"$target_dir\" && docker compose ps | grep -q 'Up'"
run "Removing init.sh for $service_name" rm -f "$init_script" run "Removing init.sh for $service_name" rm -f "$init_script"
else else
log "WARN: init.sh not found in $target_dir, skipping" log "WARN: init.sh not found in $target_dir, skipping"