1- #! /usr/bin/env bash
2- # This is FROM S3FS
3- set -e
4- [ " ${DEBUG:- false} " == ' true' && { set -x; S3FS_DEBUG=' -d -d' ; }
1+ #! /bin/sh
52
6- # Defaults
7- : ${AWS_S3_AUTHFILE:= ' /root/.s3fs'
8- : ${AWS_S3_MOUNTPOINT:= ' /mnt'
9- : ${AWS_S3_URL:= ' https://s3.amazonaws.com'
10- : ${S3FS_ARGS:= ' '
3+ # Failsafe: Stop on errors and unset variables.
4+ set -eu
115
12- # If no command specified, print error
13- [ " $1 " == " " ] && set -- " $@ " bash -c ' echo "Error: Please specify a command to run."; exit 128 '
6+ # Debug
7+ S3FS_DEBUG= ${S3FS_DEBUG :- " 0 " }
148
15- # Configuration checks
16- if [ -z " $AWS_STORAGE_BUCKET_NAME " ; then
17- echo " Error: AWS_STORAGE_BUCKET_NAME is not specified"
18- exit 128
9+ # Env file
10+ AWS_S3_ENVFILE=${AWS_S3_ENVFILE:- " "
11+
12+ _verbose () {
13+ if [ " $S3FS_DEBUG " = " 1" ; then
14+ printf %s\\ n " $1 " >&2
15+ fi
16+ }
17+
18+ _error () {
19+ printf %s\\ n " $1 " >&2
20+ exit 1
21+ }
22+
23+ # Read the content of the environment file, i.e. a file used to set the value of
24+ # all/some variables.
25+ if [ -n " $AWS_S3_ENVFILE " ; then
26+ # Read and export lines that set variables in all-caps and starting with
27+ # S3FS_ or AWS_ from the configuration file. This is a security measure to
28+ # crudly protect against evaluating some evil code (but it will still
29+ # evaluate code as part of the value, so use it with care!)
30+ _verbose " Reading configuration from $AWS_S3_ENVFILE "
31+ while IFS= read -r line; do
32+ eval export " $line "
33+ done << EOF
34+ $( grep -E ' ^(S3FS|AWS_S3)_[A-Z_]+=' " $AWS_S3_ENVFILE " )
35+ EOF
36+ fi
37+
38+ # S3 main URL
39+ AWS_S3_URL=${AWS_S3_URL:- " https://s3.amazonaws.com"
40+
41+ # Root directory for settings and bucket.
42+ AWS_S3_ROOTDIR=${AWS_S3_ROOTDIR:- " /opt/s3fs"
43+
44+ # Where are we going to mount the remote bucket resource in our container.
45+ AWS_S3_MOUNT=${AWS_S3_MOUNT:- " ${AWS_S3_ROOTDIR%/ } /bucket"
46+
47+ # Authorisation details
48+ AWS_S3_ACCESS_KEY_ID=${AWS_S3_ACCESS_KEY_ID:- " "
49+ AWS_S3_ACCESS_KEY_ID_FILE=${AWS_S3_ACCESS_KEY_ID_FILE:- " "
50+ AWS_S3_SECRET_ACCESS_KEY=${AWS_S3_SECRET_ACCESS_KEY:- " "
51+ AWS_S3_SECRET_ACCESS_KEY_FILE=${AWS_S3_SECRET_ACCESS_KEY_FILE:- " "
52+ AWS_S3_AUTHFILE=${AWS_S3_AUTHFILE:- " "
53+
54+ # Check variables and defaults
55+ if [ -z " $AWS_S3_ACCESS_KEY_ID " && \
56+ [ -z " $AWS_S3_ACCESS_KEY_ID_FILE " && \
57+ [ -z " $AWS_S3_SECRET_ACCESS_KEY " && \
58+ [ -z " $AWS_S3_SECRET_ACCESS_KEY_FILE " && \
59+ [ -z " $AWS_S3_AUTHFILE " ; then
60+ _error " You need to provide some credentials!!"
61+ fi
62+ if [ -z " ${AWS_S3_BUCKET} " ; then
63+ _error " No bucket name provided!"
64+ fi
65+
66+ # Read AWS S3 Access Key ID from file
67+ if [ -n " ${AWS_S3_ACCESS_KEY_ID_FILE} " ; then
68+ # shellcheck disable=SC2229 # We WANT to read the content of the file pointed by the variable!
69+ read -r AWS_S3_ACCESS_KEY_ID < " ${AWS_S3_ACCESS_KEY_ID_FILE} "
70+ fi
71+
72+ # Read AWS S3 Secret Access Key from file
73+ if [ -n " ${AWS_S3_SECRET_ACCESS_KEY_FILE} " ; then
74+ # shellcheck disable=SC2229 # We WANT to read the content of the file pointed by the variable!
75+ read -r AWS_S3_SECRET_ACCESS_KEY < " ${AWS_S3_SECRET_ACCESS_KEY_FILE} "
76+ fi
77+
78+ # Create or use authorisation file
79+ if [ -z " ${AWS_S3_AUTHFILE} " ; then
80+ AWS_S3_AUTHFILE=${AWS_S3_ROOTDIR%/ } /passwd-s3fs
81+ echo " ${AWS_S3_ACCESS_KEY_ID} :${AWS_S3_SECRET_ACCESS_KEY} " > " ${AWS_S3_AUTHFILE} "
82+ chmod 600 " ${AWS_S3_AUTHFILE} "
83+ fi
84+
85+ # Forget about the secret once done (this will have proper effects when the
86+ # PASSWORD_FILE-version of the setting is used)
87+ if [ -n " ${AWS_S3_ACCESS_KEY_ID} " ; then
88+ unset AWS_S3_ACCESS_KEY_ID
89+ fi
90+
91+ # Forget about the secret once done (this will have proper effects when the
92+ # PASSWORD_FILE-version of the setting is used)
93+ if [ -n " ${AWS_S3_SECRET_ACCESS_KEY} " ; then
94+ unset AWS_S3_SECRET_ACCESS_KEY
95+ fi
96+
97+ # Create destination directory if it does not exist.
98+ if [ ! -d " $AWS_S3_MOUNT " ; then
99+ mkdir -p " $AWS_S3_MOUNT "
100+ fi
101+
102+ # Add a group, default to naming it after the GID when not found
103+ GROUP_NAME=$( getent group " $GID " | cut -d" :" )
104+ if [ " $GID " -gt 0 ] && [ -z " $GROUP_NAME " ; then
105+ _verbose " Add group $GID "
106+ addgroup -g " $GID " " $GID "
107+ GROUP_NAME=$GID
19108fi
20109
21- if [ ! -f " ${AWS_S3_AUTHFILE} " && [ -z " $AWS_ACCESS_KEY_ID " ; then
22- echo " Error: AWS_ACCESS_KEY_ID not specified, or ${AWS_S3_AUTHFILE} not provided"
23- exit 128
110+ # Add a user, default to naming it after the UID.
111+ RUN_AS=${RUN_AS:- " "
112+ if [ " $UID " -gt 0 ]; then
113+ USER_NAME=$( getent passwd " $UID " | cut -d" :" )
114+ if [ -z " $USER_NAME " ; then
115+ _verbose " Add user $UID , turning on rootless-mode"
116+ adduser -u " $UID " " $GROUP_NAME " " $UID "
117+ else
118+ _verbose " Running as user $UID , turning on rootless-mode"
119+ fi
120+ RUN_AS=$UID
121+ chown " ${UID} :${GID} " " $AWS_S3_MOUNT " " ${AWS_S3_AUTHFILE} " " $AWS_S3_ROOTDIR "
24122fi
25123
26- if [ ! -f " ${AWS_S3_AUTHFILE} " && [ -z " $AWS_SECRET_ACCESS_KEY " ; then
27- echo " Error: AWS_SECRET_ACCESS_KEY not specified, or ${AWS_S3_AUTHFILE} not provided"
28- exit 128
124+ # Debug options
125+ DEBUG_OPTS=
126+ if [ " $S3FS_DEBUG " = " 1" ; then
127+ DEBUG_OPTS=" -d -d"
29128fi
30129
31- # Write auth file if it does not exist
32- if [ ! -f " ${AWS_S3_AUTHFILE} " ; then
33- echo " ${AWS_ACCESS_KEY_ID} :${AWS_SECRET_ACCESS_KEY} " > ${AWS_S3_AUTHFILE}
34- chmod 400 ${AWS_S3_AUTHFILE}
130+ # Additional S3FS options
131+ if [ -n " $S3FS_ARGS " ; then
132+ S3FS_ARGS=" -o $S3FS_ARGS "
35133fi
36134
37- echo " ==> Mounting S3 Filesystem"
38- mkdir -p ${AWS_S3_MOUNTPOINT}
135+ # Mount as the requested used.
136+ _verbose " Mounting bucket ${AWS_S3_BUCKET} onto ${AWS_S3_MOUNT} , owner: $UID :$GID "
137+ su - $RUN_AS -c " s3fs $DEBUG_OPTS ${S3FS_ARGS} \
138+ -o passwd_file=${AWS_S3_AUTHFILE} \
139+ -o " url=${AWS_S3_URL} " \
140+ -o uid=$UID \
141+ -o gid=$GID \
142+ ${AWS_S3_BUCKET} ${AWS_S3_MOUNT} "
39143
40- # s3fs mount command
41- s3fs $S3FS_DEBUG $S3FS_ARGS -o passwd_file=${AWS_S3_AUTHFILE} -o url=${AWS_S3_URL} ${AWS_STORAGE_BUCKET_NAME} ${AWS_S3_MOUNTPOINT}
144+ # s3fs can claim to have a mount even though it didn't succeed. Doing an
145+ # operation actually forces it to detect that and remove the mount.
146+ su - $RUN_AS -c " stat ${AWS_S3_MOUNT} "
42147
43- exec /spa-server
148+ if healthcheck.sh; then
149+ echo " Mounted bucket ${AWS_S3_BUCKET} onto ${AWS_S3_MOUNT} "
150+ exec /spa-server " $@ "
151+ else
152+ _error " Mount failure"
153+ fi
0 commit comments