Pi-Hole/docker-pi-hole
1
0
Fork 0
mirror of https://github.com/pi-hole/docker-pi-hole.git synced 2025-12-27 13:39:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1629 from pi-hole/v6/migrate-v5-checks

Browse Source 
Be more graceful when detecting a v5->v6 migration
This commit is contained in:
Adam Warner
2024-09-02 17:32:44 +01:00
committed by GitHub
parent bcc63933ae 5a9e67025b
commit 442480448f
2 changed files with 165 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

141
src/bash_functions.sh
View File

@@ -28,31 +28,108 @@ setFTLConfigValue() {
pihole-FTL --config "${1}" "${2}" >/dev/null
}
# shellcheck disable=SC2034
ensure_basic_configuration() {
# Force a check of pihole-FTL --config, this will read any environment variables and set them in the config file
# suppress the output as we don't need to see the default values.
getFTLConfigValue >/dev/null
set_uid_gid() {
echo " [i] Setting up user & group for the pihole user"
currentUid=$(id -u pihole)
# If PIHOLE_UID is set, modify the pihole group's id to match
if [ -n "${PIHOLE_UID}" ]; then
if [[ ${currentUid} -ne ${PIHOLE_UID} ]]; then
echo " [i] Changing ID for user: pihole (${currentUid} => ${PIHOLE_UID})"
usermod -o -u ${PIHOLE_UID} pihole
else
echo " [i] ID for user pihole is already ${PIHOLE_UID}, no need to change"
fi
else
echo " [i] PIHOLE_UID not set in environment, using default (${currentUid})"
fi
currentGid=$(id -g pihole)
# If PIHOLE_GID is set, modify the pihole group's id to match
if [ -n "${PIHOLE_GID}" ]; then
if [[ ${currentGid} -ne ${PIHOLE_GID} ]]; then
echo " [i] Changing ID for group: pihole (${currentGid} => ${PIHOLE_GID})"
groupmod -o -g ${PIHOLE_GID} pihole
else
echo " [i] ID for group pihole is already ${PIHOLE_GID}, no need to change"
fi
else
echo " [i] PIHOLE_GID not set in environment, using default (${currentGid})"
fi
echo ""
echo " [i] Ensuring basic configuration by re-running select functions from basic-install.sh"
}
mkdir -p /var/run/pihole /var/log/pihole
touch /var/log/pihole/FTL.log /var/log/pihole/pihole.log
chown -R pihole:pihole /var/run/pihole /var/log/pihole
install_additional_packages() {
if [ -n "${ADDITIONAL_PACKAGES}" ]; then
echo " [i] Additional packages requested: ${ADDITIONAL_PACKAGES}"
echo " [i] Fetching APK repository metadata."
if ! apk update; then
echo " [i] Failed to fetch APK repository metadata."
else
echo " [i] Installing additional packages: ${ADDITIONAL_PACKAGES}."
# shellcheck disable=SC2086
if ! apk add --no-cache ${ADDITIONAL_PACKAGES}; then
echo " [i] Failed to install additional packages."
fi
fi
echo ""
fi
}
start_cron() {
echo " [i] Starting crond for scheduled scripts. Randomizing times for gravity and update checker"
# Randomize gravity update time
sed -i "s/59 1 /$((1 + RANDOM % 58)) $((3 + RANDOM % 2))/" /crontab.txt
# Randomize update checker time
sed -i "s/59 17/$((1 + RANDOM % 58)) $((12 + RANDOM % 8))/" /crontab.txt
/usr/bin/crontab /crontab.txt
/usr/sbin/crond
echo ""
}
install_logrotate() {
# Install the logrotate config file - this is done already in Dockerfile
# but if a user has mounted a volume over /etc/pihole, it will have been lost
# pihole-FTL-prestart.sh will set the ownership of the file to root:root
echo " [i] Ensuring logrotate script exists in /etc/pihole"
install -Dm644 -t /etc/pihole /etc/.pihole/advanced/Templates/logrotate
echo ""
}
migrate_gravity() {
echo " [i] Gravity migration checks"
gravityDBfile=$(getFTLConfigValue files.gravity)
if [[ -z "${PYTEST}" ]]; then
if [[ ! -f /etc/pihole/adlists.list ]]; then
echo " [i] No adlist file found, creating one with a default blocklist"
echo "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" >/etc/pihole/adlists.list
fi
fi
chown -R pihole:pihole /etc/pihole
if [ ! -f "${gravityDBfile}" ]; then
echo " [i] ${gravityDBfile} does not exist (Likely due to a fresh volume). This is a required file for Pi-hole to operate."
echo " [i] Gravity will now be run to create the database"
pihole -g
else
echo " [i] Existing gravity database found"
# source the migration script and run the upgrade function
source /etc/.pihole/advanced/Scripts/database_migration/gravity-db.sh
upgrade_gravityDB "${gravityDBfile}" "/etc/pihole"
fi
echo ""
}
# Install the logrotate config file - this is done already in Dockerfile
# but if a user has mounted a volume over /etc/pihole, it will have been lost
# pihole-FTL-prestart.sh will set the ownership of the file to root:root
install -Dm644 -t /etc/pihole /etc/.pihole/advanced/Templates/logrotate
# shellcheck disable=SC2034
ftl_config() {
# Force a check of pihole-FTL --config, this will read any environment variables and set them in the config file
# suppress the output as we don't need to see the default values.
getFTLConfigValue >/dev/null
# If FTLCONF_files_macvendor is not set
if [[ -z "${FTLCONF_files_macvendor:-}" ]]; then
@@ -62,9 +139,9 @@ ensure_basic_configuration() {
fi
# If getFTLConfigValue "dns.upstreams" returns [], default to Google's DNS server
if [[ $(getFTLConfigValue "dns.upstreams") == "[]" ]]; then
echo " [i] No DNS upstream set in environment or config file, defaulting to Google DNS"
setFTLConfigValue "dns.upstreams" "[\"8.8.8.8\", \"8.8.4.4\"]"
if [[ $(getFTLConfigValue "dns.upstreams") == "[]" ]]; then
echo " [i] No DNS upstream set in environment or config file, defaulting to Google DNS"
setFTLConfigValue "dns.upstreams" "[\"8.8.8.8\", \"8.8.4.4\"]"
fi
setup_web_password
@@ -74,7 +151,7 @@ setup_web_password() {
# If FTLCONF_webserver_api_password is not set
if [ -z "${FTLCONF_webserver_api_password+x}" ]; then
# Is this already set to something other than blank (default) in FTL's config file? (maybe in a volume mount)
if [[ $(pihole-FTL --config webserver.api.pwhash) = \$BALLOON-SHA256* ]]; then
if [[ $(pihole-FTL --config webserver.api.pwhash) ]]; then
echo " [i] Password already set in config file"
return
else
@@ -99,6 +176,34 @@ setup_web_password() {
fi
}
start_ftl() {
echo " [i] pihole-FTL pre-start checks"
echo ""
# Remove possible leftovers from previous pihole-FTL processes
rm -f /dev/shm/FTL-* 2>/dev/null
rm -f /run/pihole/FTL.sock
# Is /var/run/pihole used anymore? Or is this just a hangover from old container version
# /var/log sorted by running pihole-FTL-prestart.sh
# mkdir -p /var/run/pihole /var/log/pihole
# touch /var/log/pihole/FTL.log /var/log/pihole/pihole.log
# chown -R pihole:pihole /var/run/pihole /var/log/pihole /etc/pihole
fix_capabilities
sh /opt/pihole/pihole-FTL-prestart.sh
echo " [i] Starting pihole-FTL ($FTL_CMD) as ${DNSMASQ_USER}"
capsh --user=$DNSMASQ_USER --keep=1 -- -c "/usr/bin/pihole-FTL $FTL_CMD >/dev/null" &
echo ""
# Notes on above:
# - DNSMASQ_USER default of pihole is in Dockerfile & can be overwritten by runtime container env
# - /var/log/pihole/pihole*.log has FTL's output that no-daemon would normally print in FG too
# prevent duplicating it in docker logs by sending to dev null
}
fix_capabilities() {
# Testing on Docker 20.10.14 with no caps set shows the following caps available to the container:
# Current: cap_chown,cap_dac_override,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_net_bind_service,cap_net_raw,cap_sys_chroot,cap_mknod,cap_audit_write,cap_setfcap=ep

113
src/start.sh
View File

@@ -8,107 +8,78 @@ trap stop TERM INT QUIT HUP ERR
start() {
local v5_volume=0
# If the file /etc/pihole/setupVars.conf exists, but /etc/pihole/pihole.toml does not, then we are migrating v5->v6
# FTL Will handle the migration of the config files
if [[ -f /etc/pihole/setupVars.conf && ! -f /etc/pihole/pihole.toml ]]; then
echo " [i] v5 files detected that have not yet been migrated to v6"
echo " [i] Deferring additional configuration until after FTL has started"
echo " [i] Note: It is normal to see \"Config file /etc/pihole/pihole.toml not available (r): No such file or directory\" in the logs at this point"
echo ""
v5_volume=1
fi
# The below functions are all contained in bash_functions.sh
# shellcheck source=/dev/null
. /usr/bin/bash_functions.sh
echo " [i] Starting docker specific checks & setup for docker pihole/pihole"
# ===========================
# Initial checks
# ===========================
# If PIHOLE_UID is set, modify the pihole user's id to match
if [ -n "${PIHOLE_UID}" ]; then
currentId=$(id -u pihole)
if [[ ${currentId} -ne ${PIHOLE_UID} ]]; then
echo " [i] Changing ID for user: pihole (${currentId} => ${PIHOLE_UID})"
usermod -o -u ${PIHOLE_UID} pihole
else
echo " [i] ID for user pihole is already ${PIHOLE_UID}, no need to change"
fi
fi
set_uid_gid
# If PIHOLE_GID is set, modify the pihole group's id to match
if [ -n "${PIHOLE_GID}" ]; then
currentId=$(id -g pihole)
if [[ ${currentId} -ne ${PIHOLE_GID} ]]; then
echo " [i] Changing ID for group: pihole (${currentId} => ${PIHOLE_GID})"
groupmod -o -g ${PIHOLE_GID} pihole
else
echo " [i] ID for group pihole is already ${PIHOLE_GID}, no need to change"
fi
# Only run the next step if we are not migrating from v5 to v6
if [[ ${v5_volume} -eq 0 ]]; then
# Configure FTL with any environment variables if needed
echo " [i] Starting FTL configuration"
ftl_config
fi
ensure_basic_configuration
# Install additional packages inside the container if requested
if [ -n "${ADDITIONAL_PACKAGES}" ]; then
echo " [i] Fetching APK repository metadata."
if ! apk update; then
echo " [i] Failed to fetch APK repository metadata."
else
echo " [i] Installing additional packages: ${ADDITIONAL_PACKAGES}."
# shellcheck disable=SC2086
if ! apk add --no-cache ${ADDITIONAL_PACKAGES}; then
echo " [i] Failed to install additional packages."
fi
fi
echo ""
fi
# Remove possible leftovers from previous pihole-FTL processes
rm -f /dev/shm/FTL-* 2>/dev/null
rm -f /run/pihole/FTL.sock
install_additional_packages
# Start crond for scheduled scripts (logrotate, pihole flush, gravity update etc)
# Randomize gravity update time
sed -i "s/59 1 /$((1 + RANDOM % 58)) $((3 + RANDOM % 2))/" /crontab.txt
# Randomize update checker time
sed -i "s/59 17/$((1 + RANDOM % 58)) $((12 + RANDOM % 8))/" /crontab.txt
/usr/bin/crontab /crontab.txt
start_cron
/usr/sbin/crond
# Install the logrotate config file
install_logrotate
#migrate Database if needed:
gravityDBfile=$(getFTLConfigValue files.gravity)
#migrate Gravity Database if needed:
migrate_gravity
if [ ! -f "${gravityDBfile}" ]; then
echo " [i] ${gravityDBfile} does not exist (Likely due to a fresh volume). This is a required file for Pi-hole to operate."
pihole -g
else
# TODO: Revisit this path if we move to a multistage build
source /etc/.pihole/advanced/Scripts/database_migration/gravity-db.sh
upgrade_gravityDB "${gravityDBfile}" "/etc/pihole"
# Start pihole-FTL
start_ftl
# Give FTL a couple of seconds to start up
sleep 2
# If we are migrating from v5 to v6, we now need to run the basic configuration step that we deferred earlier
# This is because pihole-FTL needs to migrate the config files before we can perform the basic configuration checks
if [[ ${v5_volume} -eq 1 ]]; then
echo " [i] Starting deferred FTL Configuration"
ftl_config
echo ""
fi
pihole updatechecker
echo " [i] Docker start setup complete"
pihole -v
echo ""
echo " [i] pihole-FTL ($FTL_CMD) will be started as ${DNSMASQ_USER}"
echo ""
# Start pihole-FTL
fix_capabilities
sh /opt/pihole/pihole-FTL-prestart.sh
capsh --user=$DNSMASQ_USER --keep=1 -- -c "/usr/bin/pihole-FTL $FTL_CMD >/dev/null" &
if [ "${TAIL_FTL_LOG:-1}" -eq 1 ]; then
tail -f /var/log/pihole/FTL.log &
# Start tailing the FTL log from the most recent "FTL Started" message
# Get the line number
startFrom=$(grep -n '########## FTL started' /var/log/pihole/FTL.log | tail -1 | cut -d: -f1)
# Start the tail from the line number
tail -f -n +${startFrom} /var/log/pihole/FTL.log &
else
echo " [i] FTL log output is disabled. Remove the Environment variable TAIL_FTL_LOG, or set it to 1 to enable FTL log output."
fi
# https://stackoverflow.com/a/49511035
wait $!
# Notes on above:
# - DNSMASQ_USER default of pihole is in Dockerfile & can be overwritten by runtime container env
# - /var/log/pihole/pihole*.log has FTL's output that no-daemon would normally print in FG too
# prevent duplicating it in docker logs by sending to dev null
}
stop() {