k8s.io/kubernetes@v1.31.0-alpha.0.0.20240520171757-56147500dadc/build/build-image/rsyncd.sh (about)

     1  #!/usr/bin/env bash
     2  
     3  # Copyright 2016 The Kubernetes Authors.
     4  #
     5  # Licensed under the Apache License, Version 2.0 (the "License");
     6  # you may not use this file except in compliance with the License.
     7  # You may obtain a copy of the License at
     8  #
     9  #     http://www.apache.org/licenses/LICENSE-2.0
    10  #
    11  # Unless required by applicable law or agreed to in writing, software
    12  # distributed under the License is distributed on an "AS IS" BASIS,
    13  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14  # See the License for the specific language governing permissions and
    15  # limitations under the License.
    16  
    17  # This script will set up and run rsyncd to allow data to move into and out of
    18  # our dockerized build system.  This is used for syncing sources and changes of
    19  # sources into the docker-build-container.  It is also used to transfer built binaries
    20  # and generated files back out.
    21  #
    22  # When run as root (rare) it'll preserve the file ids as sent from the client.
    23  # Usually it'll be run as non-dockerized UID/GID and end up translating all file
    24  # ownership to that.
    25  
    26  
    27  set -o errexit
    28  set -o nounset
    29  set -o pipefail
    30  
    31  # The directory that gets sync'd
    32  VOLUME=${HOME}
    33  
    34  # Assume that this is running in Docker on a bridge.  Allow connections from
    35  # anything on the local subnet.
    36  ALLOW=$(ip route | awk  '/^default via/ { reg = "^[0-9./]+ dev "$5 } ; $0 ~ reg { print $1 }')
    37  
    38  CONFDIR="/tmp/rsync.k8s"
    39  PIDFILE="${CONFDIR}/rsyncd.pid"
    40  CONFFILE="${CONFDIR}/rsyncd.conf"
    41  SECRETS="${CONFDIR}/rsyncd.secrets"
    42  
    43  mkdir -p "${CONFDIR}"
    44  
    45  if [[ -f "${PIDFILE}" ]]; then
    46    PID=$(cat "${PIDFILE}")
    47    echo "Cleaning up old PID file: ${PIDFILE}"
    48    kill "${PID}" &> /dev/null || true
    49    rm "${PIDFILE}"
    50  fi
    51  
    52  PASSWORD=$(</rsyncd.password)
    53  
    54  cat <<EOF >"${SECRETS}"
    55  k8s:${PASSWORD}
    56  EOF
    57  chmod go= "${SECRETS}"
    58  
    59  USER_CONFIG=
    60  if [[ "$(id -u)" == "0" ]]; then
    61    USER_CONFIG="  uid = 0"$'\n'"  gid = 0"
    62  fi
    63  
    64  cat <<EOF >"${CONFFILE}"
    65  pid file = ${PIDFILE}
    66  use chroot = no
    67  log file = /dev/stdout
    68  reverse lookup = no
    69  munge symlinks = no
    70  port = 8730
    71  [k8s]
    72    numeric ids = true
    73    $USER_CONFIG
    74    hosts deny = *
    75    hosts allow = ${ALLOW} ${ALLOW_HOST-}
    76    auth users = k8s
    77    secrets file = ${SECRETS}
    78    read only = false
    79    path = ${VOLUME}
    80    filter = - /_tmp/
    81  EOF
    82  
    83  exec /usr/bin/rsync --no-detach --daemon --config="${CONFFILE}" "$@"