Update cleanup.sh scrpt to avoid deleting critical infrastructure containers
This commit is contained in:
parent
faf607b56c
commit
063a6016ae
1 changed files with 87 additions and 29 deletions
|
|
@ -17,6 +17,12 @@ CLEANUP_TYPE="${CLEANUP_TYPE:-ci-cd}" # ci-cd or production
|
|||
REGISTRY_DIR="${REGISTRY_DIR:-/opt/registry}"
|
||||
DRY_RUN="${DRY_RUN:-false}"
|
||||
|
||||
# Critical infrastructure protection
|
||||
CRITICAL_CONTAINERS="harbor-core,harbor-db,harbor-jobservice,harbor-log,harbor-portal,nginx,redis,registry,registryctl,trivy-adapter,forgejo-runner"
|
||||
CRITICAL_IMAGES="goharbor,forgejo-runner"
|
||||
CRITICAL_VOLUMES="harbor"
|
||||
CRITICAL_NETWORKS="harbor"
|
||||
|
||||
# Functions
|
||||
log_info() {
|
||||
echo -e "${BLUE}[INFO]${NC} $1"
|
||||
|
|
@ -34,6 +40,56 @@ log_error() {
|
|||
echo -e "${RED}[ERROR]${NC} $1"
|
||||
}
|
||||
|
||||
check_critical_infrastructure() {
|
||||
log_info "Checking critical infrastructure status..."
|
||||
|
||||
local missing_containers=""
|
||||
IFS=',' read -ra CONTAINERS <<< "$CRITICAL_CONTAINERS"
|
||||
|
||||
for container in "${CONTAINERS[@]}"; do
|
||||
if ! docker ps --format "{{.Names}}" | grep -q "^${container}$"; then
|
||||
if [ -n "$missing_containers" ]; then
|
||||
missing_containers="$missing_containers, $container"
|
||||
else
|
||||
missing_containers="$container"
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
if [ -n "$missing_containers" ]; then
|
||||
log_warning "Some critical containers are not running: $missing_containers"
|
||||
log_warning "This may indicate infrastructure issues. Proceed with caution."
|
||||
else
|
||||
log_success "All critical infrastructure containers are running"
|
||||
fi
|
||||
|
||||
echo
|
||||
}
|
||||
|
||||
label_critical_containers() {
|
||||
log_info "Labeling critical containers for protection..."
|
||||
|
||||
IFS=',' read -ra CONTAINERS <<< "$CRITICAL_CONTAINERS"
|
||||
|
||||
for container in "${CONTAINERS[@]}"; do
|
||||
if docker ps --format "{{.Names}}" | grep -q "^${container}$"; then
|
||||
# Add protection labels
|
||||
docker update --label critical=infrastructure "$container" 2>/dev/null || true
|
||||
docker update --label protected=true "$container" 2>/dev/null || true
|
||||
|
||||
# Add specific labels based on container type
|
||||
if [[ "$container" == harbor* ]]; then
|
||||
docker update --label service=harbor "$container" 2>/dev/null || true
|
||||
elif [[ "$container" == forgejo* ]]; then
|
||||
docker update --label service=forgejo "$container" 2>/dev/null || true
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
log_success "Critical containers labeled for protection"
|
||||
echo
|
||||
}
|
||||
|
||||
show_help() {
|
||||
cat << EOF
|
||||
Sharenet Cleanup Script
|
||||
|
|
@ -64,25 +120,28 @@ cleanup_docker_resources() {
|
|||
|
||||
if [ "$DRY_RUN" = "true" ]; then
|
||||
log_warning "DRY RUN MODE - No changes will be made"
|
||||
echo "Would run: docker image prune -f"
|
||||
echo "Would run: docker volume prune -f"
|
||||
echo "Would run: docker network prune -f"
|
||||
echo "Would run: docker image prune -f (excluding critical infrastructure)"
|
||||
echo "Would run: docker volume prune -f (excluding critical infrastructure)"
|
||||
echo "Would run: docker network prune -f (excluding critical infrastructure)"
|
||||
return
|
||||
fi
|
||||
|
||||
# Remove unused images
|
||||
log_info "Removing unused Docker images..."
|
||||
docker image prune -f
|
||||
# Remove unused images (excluding critical infrastructure)
|
||||
log_info "Removing unused Docker images (excluding critical infrastructure)..."
|
||||
# Use protection labels to exclude critical images
|
||||
docker image prune -f --filter "label!=critical=infrastructure" --filter "label!=protected=true"
|
||||
|
||||
# Remove unused volumes
|
||||
log_info "Removing unused Docker volumes..."
|
||||
docker volume prune -f
|
||||
# Remove unused volumes (excluding critical infrastructure)
|
||||
log_info "Removing unused Docker volumes (excluding critical infrastructure)..."
|
||||
# Use protection labels to exclude critical volumes
|
||||
docker volume prune -f --filter "label!=critical=infrastructure" --filter "label!=protected=true"
|
||||
|
||||
# Remove unused networks
|
||||
log_info "Removing unused Docker networks..."
|
||||
docker network prune -f
|
||||
# Remove unused networks (excluding critical infrastructure)
|
||||
log_info "Removing unused Docker networks (excluding critical infrastructure)..."
|
||||
# Use protection labels to exclude critical networks
|
||||
docker network prune -f --filter "label!=critical=infrastructure" --filter "label!=protected=true"
|
||||
|
||||
log_success "Docker resources cleanup completed"
|
||||
log_success "Docker resources cleanup completed (critical infrastructure protected)"
|
||||
}
|
||||
|
||||
cleanup_registry() {
|
||||
|
|
@ -93,31 +152,24 @@ cleanup_registry() {
|
|||
|
||||
log_info "Cleaning up Harbor registry..."
|
||||
|
||||
if [ ! -d "$REGISTRY_DIR" ]; then
|
||||
log_warning "Harbor directory not found: $REGISTRY_DIR"
|
||||
# Check if Harbor containers are running
|
||||
if ! docker ps --format "{{.Names}}" | grep -q harbor; then
|
||||
log_warning "Harbor containers are not running, skipping registry cleanup"
|
||||
return
|
||||
fi
|
||||
|
||||
if [ "$DRY_RUN" = "true" ]; then
|
||||
log_warning "DRY RUN MODE - No changes will be made"
|
||||
echo "Would run: cd $REGISTRY_DIR && docker-compose exec registry registry garbage-collect"
|
||||
echo "Would run: Harbor registry garbage collection via API"
|
||||
return
|
||||
fi
|
||||
|
||||
# Change to Harbor directory
|
||||
cd "$REGISTRY_DIR"
|
||||
# Harbor garbage collection is typically done via the Harbor UI or API
|
||||
# For now, we'll just log that manual cleanup may be needed
|
||||
log_info "Harbor registry cleanup: Use Harbor UI to clean up old images"
|
||||
log_info "Manual cleanup: Go to Harbor UI → Projects → Select project → Artifacts → Delete old tags"
|
||||
|
||||
# Check if Harbor is running
|
||||
if ! docker-compose ps | grep -q "registry.*Up"; then
|
||||
log_warning "Harbor registry is not running, skipping registry cleanup"
|
||||
return
|
||||
fi
|
||||
|
||||
# Run Harbor registry garbage collection
|
||||
log_info "Running Harbor registry garbage collection..."
|
||||
docker-compose exec -T registry registry garbage-collect
|
||||
|
||||
log_success "Harbor registry cleanup completed"
|
||||
log_success "Harbor registry cleanup info provided"
|
||||
}
|
||||
|
||||
cleanup_production() {
|
||||
|
|
@ -155,6 +207,12 @@ cleanup_production() {
|
|||
cleanup_ci_cd() {
|
||||
log_info "Cleaning up CI/CD environment..."
|
||||
|
||||
# Check critical infrastructure before cleanup
|
||||
check_critical_infrastructure
|
||||
|
||||
# Label critical containers for protection
|
||||
label_critical_containers
|
||||
|
||||
# Clean up Docker resources
|
||||
cleanup_docker_resources
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue