mirror of
https://github.com/balena-os/balena-supervisor.git
synced 2025-01-02 03:56:41 +00:00
123 lines
4.8 KiB
Bash
Executable File
123 lines
4.8 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
# Adapted from: https://github.com/balena-os/meta-balena/blob/v2.45.0/meta-balena-common/recipes-containers/balena-supervisor/balena-supervisor/start-balena-supervisor
|
|
|
|
# We still need to include resin-vars on legacy systems
|
|
if [ -f /usr/sbin/resin-vars ]; then
|
|
# shellcheck disable=SC1091
|
|
. /usr/sbin/resin-vars
|
|
else
|
|
# shellcheck disable=SC1091
|
|
. /usr/sbin/balena-config-vars
|
|
fi
|
|
|
|
if ! balena inspect $SUPERVISOR_IMAGE:$SUPERVISOR_TAG > /dev/null; then
|
|
balena load --input /usr/src/supervisor-image.tar
|
|
fi
|
|
|
|
if [ -f /mnt/data/backup.tgz.mounted ]; then
|
|
cp /mnt/data/backup.tgz.mounted /mnt/data/backup.tgz
|
|
fi
|
|
|
|
# Handle apps.json existence
|
|
# Keep this before computing SUPERVISOR_CONTAINER_IMAGE_ID
|
|
APPSJSON=/mnt/data/apps.json
|
|
if [ ! -f "$APPSJSON" ]; then
|
|
if [ -d "$APPSJSON" ]; then
|
|
rm -rf "$APPSJSON"
|
|
balena rm -f balena_supervisor || true
|
|
echo '{}' > "$APPSJSON"
|
|
elif [ ! -e "$APPSJSON" ]; then
|
|
echo '{}' > "$APPSJSON"
|
|
fi
|
|
fi
|
|
|
|
SUPERVISOR_IMAGE_ID=$(balena inspect --format='{{.Id}}' "$SUPERVISOR_IMAGE:$SUPERVISOR_TAG")
|
|
SUPERVISOR_CONTAINER_IMAGE_ID=$(balena inspect --format='{{.Image}}' balena_supervisor || echo "")
|
|
|
|
# If self-signed root CA exists, add the CA for the specified registry
|
|
if [ -n "$BALENA_ROOT_CA" ]; then
|
|
BALENA_DECODED_ROOT_CA="$(echo "${BALENA_ROOT_CA}" | base64 -d -w0)"
|
|
NODE_EXTRA_CA_CERTS="/etc/ssl/certs/balenaRootCA.pem"
|
|
CERT_DIR="/mnt/state/root-overlay/etc/docker/certs.d/${REGISTRY_ENDPOINT}"
|
|
CERT_FILE="${CERT_DIR}/ca.crt"
|
|
CERT_CONTENTS=$(if [ -e "$CERT_FILE" ]; then echo $(cat "$CERT_FILE"); fi)
|
|
|
|
# Ensure that the contents is correct, install otherwise
|
|
if [ "$BALENA_DECODED_ROOT_CA" != "$CERT_CONTENTS" ]; then
|
|
mkdir -p "$CERT_DIR"
|
|
echo "$BALENA_DECODED_ROOT_CA" > "$CERT_FILE"
|
|
fi
|
|
fi
|
|
|
|
hasValueChanged() {
|
|
KEY="$1"
|
|
NEW_VALUE="$2"
|
|
COLLECTION="$3"
|
|
CURRENT_VALUE=$(echo "$COLLECTION" | jq -r ".$KEY")
|
|
|
|
if [ "$CURRENT_VALUE" != "$NEW_VALUE" ];then
|
|
echo "$KEY has changed!"
|
|
else
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
configIsUnchanged() {
|
|
|
|
SUPERVISOR_CONTAINER_ENV_JSON="$(balena inspect balena_supervisor | jq '.[0].Config.Env | map(.| { (.[0:index("=")]): .[index("=")+1:] }) | add')"
|
|
|
|
if hasValueChanged "BOOT_MOUNTPOINT" "$BOOT_MOUNTPOINT" "$SUPERVISOR_CONTAINER_ENV_JSON" || \
|
|
hasValueChanged "REGISTRY_ENDPOINT" "$REGISTRY_ENDPOINT" "$SUPERVISOR_CONTAINER_ENV_JSON" || \
|
|
hasValueChanged "MIXPANEL_TOKEN" "$MIXPANEL_TOKEN" "$SUPERVISOR_CONTAINER_ENV_JSON" || \
|
|
hasValueChanged "LED_FILE" "${LED_FILE}" "$SUPERVISOR_CONTAINER_ENV_JSON" || \
|
|
hasValueChanged "LISTEN_PORT" "$LISTEN_PORT" "$SUPERVISOR_CONTAINER_ENV_JSON" || \
|
|
hasValueChanged "SUPERVISOR_IMAGE" "${SUPERVISOR_IMAGE}:${SUPERVISOR_TAG}" "$SUPERVISOR_CONTAINER_ENV_JSON" || \
|
|
hasValueChanged "BALENA_ROOT_CA" "$BALENA_DECODED_ROOT_CA" "$SUPERVISOR_CONTAINER_ENV_JSON" || \
|
|
hasValueChanged "NODE_EXTRA_CA_CERTS" "$NODE_EXTRA_CA_CERTS" "$SUPERVISOR_CONTAINER_ENV_JSON"; then
|
|
echo "Container config has changed!"
|
|
return 1
|
|
else
|
|
echo "Container config has not changed"
|
|
return 0
|
|
fi
|
|
}
|
|
|
|
runSupervisor() {
|
|
balena rm --force balena_supervisor || true
|
|
balena run --privileged --name balena_supervisor \
|
|
--restart=always \
|
|
--net=host \
|
|
--cidenv=SUPERVISOR_CONTAINER_ID \
|
|
-v /var/run/balena-engine.sock:/var/run/balena-engine.sock \
|
|
-v "$CONFIG_PATH:/boot/config.json" \
|
|
-v /mnt/data/apps.json:/boot/apps.json \
|
|
-v /resin-data/balena-supervisor:/data \
|
|
-v /proc/net/fib_trie:/mnt/fib_trie \
|
|
-v /var/log/supervisor-log:/var/log \
|
|
-v /:/mnt/root \
|
|
-e DOCKER_ROOT=/mnt/root/var/lib/docker \
|
|
-e DOCKER_SOCKET=/var/run/balena-engine.sock \
|
|
-e "BOOT_MOUNTPOINT=$BOOT_MOUNTPOINT" \
|
|
-e "REGISTRY_ENDPOINT=$REGISTRY_ENDPOINT" \
|
|
-e "MIXPANEL_TOKEN=$MIXPANEL_TOKEN" \
|
|
-e "LED_FILE=${LED_FILE}" \
|
|
-e "LISTEN_PORT=$LISTEN_PORT" \
|
|
-e "SUPERVISOR_IMAGE=${SUPERVISOR_IMAGE}:${SUPERVISOR_TAG}" \
|
|
-e "BALENA_ROOT_CA=$BALENA_DECODED_ROOT_CA" \
|
|
-e "NODE_EXTRA_CA_CERTS=$NODE_EXTRA_CA_CERTS" \
|
|
"${SUPERVISOR_IMAGE}:${SUPERVISOR_TAG}" \
|
|
node /usr/src/app/dist/app.js --inspect-brk
|
|
}
|
|
|
|
if [ -z "$SUPERVISOR_IMAGE_ID" ]; then
|
|
# No supervisor image exists on the device, try to pull it
|
|
systemctl start update-balena-supervisor
|
|
elif [ "$SUPERVISOR_IMAGE_ID" = "$SUPERVISOR_CONTAINER_IMAGE_ID" ] && configIsUnchanged; then
|
|
# Supervisor image exists, and the current supervisor container is created from
|
|
balena start --attach balena_supervisor
|
|
else
|
|
# No supervisor container exists or there's a different supervisor image to run
|
|
runSupervisor
|
|
fi
|