From ae0fcf3a4208401f5dc0296c29227a55f63163da Mon Sep 17 00:00:00 2001 From: Markus Heiser Date: Wed, 16 Jul 2025 15:47:36 +0200 Subject: [PATCH] [chore] overdue maintenance of shell scripts Removes obsolete scripts and fix various leftovers. Signed-off-by: Markus Heiser --- Makefile | 7 +- docs/dev/index.rst | 1 - docs/dev/lxcdev.rst | 437 ------------------------------- docs/utils/index.rst | 9 +- docs/utils/lxc.sh.rst | 295 --------------------- utils/lib.sh | 140 ---------- utils/lib_sxng_test.sh | 4 +- utils/lxc-searxng.env | 69 ----- utils/lxc.sh | 573 ----------------------------------------- utils/makefile.include | 14 - utils/makefile.lxc | 32 --- utils/searxng.sh | 12 - 12 files changed, 7 insertions(+), 1586 deletions(-) delete mode 100644 docs/dev/lxcdev.rst delete mode 100644 docs/utils/lxc.sh.rst delete mode 100644 utils/lxc-searxng.env delete mode 100755 utils/lxc.sh delete mode 100644 utils/makefile.lxc diff --git a/Makefile b/Makefile index bd8c4442c..a4b19c25d 100644 --- a/Makefile +++ b/Makefile @@ -39,9 +39,6 @@ clean: py.clean docs.clean node.clean nvm.clean test.clean $(Q)find . -name '*~' -exec rm -f {} + $(Q)find . -name '*.bak' -exec rm -f {} + -lxc.clean: - $(Q)rm -rf lxc-env - PHONY += search.checker search.checker.% search.checker: install $(Q)./manage pyenv.cmd searxng-checker -v @@ -64,9 +61,7 @@ test.shell: utils/lib_nvm.sh \ utils/lib_redis.sh \ utils/lib_valkey.sh \ - utils/searxng.sh \ - utils/lxc.sh \ - utils/lxc-searxng.env + utils/searxng.sh $(Q)$(MTOOLS) build_msg TEST "$@ OK" diff --git a/docs/dev/index.rst b/docs/dev/index.rst index 6d601d166..82670284b 100644 --- a/docs/dev/index.rst +++ b/docs/dev/index.rst @@ -17,7 +17,6 @@ Developer documentation plugins/index answerers/index translation - lxcdev makefile reST searxng_extra/index diff --git a/docs/dev/lxcdev.rst b/docs/dev/lxcdev.rst deleted file mode 100644 index 22c16ff0d..000000000 --- a/docs/dev/lxcdev.rst +++ /dev/null @@ -1,437 +0,0 @@ -.. _lxcdev: - -============================== -Developing in Linux Containers -============================== - -.. _LXC: https://linuxcontainers.org/lxc/introduction/ - -In this article we will show, how you can make use of Linux Containers (LXC_) in -*distributed and heterogeneous development cycles* (TL;DR; jump to the -:ref:`lxcdev summary`). - -.. sidebar:: Audience - - This blog post is written for experienced admins and developers. Readers - should have a serious meaning about the terms: *distributed*, *merge* and - *linux container*. - - **hint** - - If you have issues with the internet connectivity of your containers read - section :ref:`internet connectivity docker`. - - -.. contents:: - :depth: 2 - :local: - :backlinks: entry - - -Motivation -========== - -Most often in our development cycle, we edit the sources and run some test -and/or builds by using ``make`` :ref:`[ref] ` before we commit. This -cycle is simple and perfect but might fail in some aspects we should not -overlook. - - **The environment in which we run all our development processes matters!** - -The :ref:`makefile` and the :ref:`make install` encapsulate a lot for us, but -these tools do not have access to all prerequisites. For example, there may -have dependencies on packages that are installed on developer's desktop, but -usually are not preinstalled on a server or client system. Another example is; -settings have been made to the software on developer's desktop that would never -be set on a *production* system. - - **Linux Containers are isolate environments**, we use them to not mix up all - the prerequisites from various projects on developer's desktop. - -The scripts from :ref:`searx_utils` can divide in those to install and maintain -software - -- :ref:`searxng.sh` - -and the script - -- :ref:`lxc.sh` - -with we can scale our installation, maintenance or even development tasks over a -stack of isolated containers / what we call the: - -- :ref:`searxng lxc suite` - -.. _lxcdev install searxng: - -Gentlemen, start your engines! -============================== - -.. _LXD: https://linuxcontainers.org/lxd/introduction/ -.. _archlinux: https://www.archlinux.org/ - -Before you can start with containers, you need to install and initiate LXD_ -once: - -.. tabs:: - - .. group-tab:: desktop (HOST) - - .. code:: bash - - $ snap install lxd - $ lxd init --auto - -And you need to clone from origin or if you have your own fork, clone from your -fork: - -.. tabs:: - - .. group-tab:: desktop (HOST) - - .. code:: bash - - $ cd ~/Downloads - $ git clone https://github.com/searxng/searxng.git searxng - $ cd searxng - -.. sidebar:: The ``searxng-archlinux`` container - - is the base of all our exercises here. - -The :ref:`lxc-searxng.env` consists of several images, see ``export -LXC_SUITE=(...`` near by :origin:`utils/lxc-searxng.env#L19`. -For this blog post we exercise on a archlinux_ image. The container of this -image is named ``searxng-archlinux``. - -Lets build the container, but be sure that this container does not already -exists, so first lets remove possible old one: - -.. tabs:: - - .. group-tab:: desktop (HOST) - - .. code:: bash - - $ sudo -H ./utils/lxc.sh remove searxng-archlinux - $ sudo -H ./utils/lxc.sh build searxng-archlinux - - -.. sidebar:: further read - - - :ref:`lxc.sh install suite` - - :ref:`installation nginx` - -To install the complete :ref:`SearXNG suite ` and the HTTP -proxy :ref:`installation nginx` into the archlinux container run: - -.. tabs:: - - .. group-tab:: desktop (HOST) - - .. code:: bash - - $ sudo -H ./utils/lxc.sh install suite searxng-archlinux - $ sudo -H ./utils/lxc.sh cmd -- FORCE_TIMEOUT=0 ./utils/searxng.sh install nginx - $ sudo ./utils/lxc.sh show suite | grep SEARXNG_URL - ... - [searxng-archlinux] SEARXNG_URL : http://n.n.n.140/searxng - -.. sidebar:: Fully functional SearXNG suite - - From here on you have a fully functional SearXNG suite (including a - :ref:`valkey db`). - -In such a SearXNG suite admins can maintain and access the debug log of the -services quite easy. - -In the example above the SearXNG instance in the container is wrapped to -``http://n.n.n.140/searxng`` to the HOST system. Note, on your HOST system, the -IP of your ``searxng-archlinux`` container is different to this example. To -test the instance in the container from outside of the container, in your WEB -browser on your desktop just open the URL reported in your installation - -.. _working in containers: - -In containers, work as usual -============================ - -Usually you open a root-bash using ``sudo -H bash``. In case of LXC containers -open the root-bash in the container is done by the ``./utils/lxc.sh cmd -searxng-archlinux`` command: - -.. tabs:: - - .. group-tab:: desktop (HOST) - - .. code:: bash - - $ sudo -H ./utils/lxc.sh cmd searxng-archlinux bash - INFO: [searxng-archlinux] bash - [root@searxng-archlinux SearXNG]$ - -The prompt ``[root@searxng-archlinux ...]`` signals, that you are the root user -in the container (GUEST). To debug the running SearXNG instance use: - -.. tabs:: - - .. group-tab:: ``[root@searxng-archlinux SearXNG]`` (GUEST) - - .. code:: bash - - $ ./utils/searxng.sh instance inspect - ... - use [CTRL-C] to stop monitoring the log - ... - - .. group-tab:: desktop (HOST) - - .. code:: bash - - $ sudo -H ./utils/lxc.sh cmd searxng-archlinux ./utils/searxng.sh instance inspect - ... - use [CTRL-C] to stop monitoring the log - ... - - -Back in the browser on your desktop open the service http://n.n.n.140/searxng -and run your application tests while the debug log is shown in the terminal from -above. You can stop monitoring using ``CTRL-C``, this also disables the *"debug -option"* in SearXNG's settings file and restarts the SearXNG uwsgi application. - -Another point we have to notice is that the service :ref:`SearXNG ` -runs under dedicated system user account with the same name (compare -:ref:`create searxng user`). To get a login shell from these accounts, simply -call: - -.. tabs:: - - .. group-tab:: ``[root@searxng-archlinux SearXNG]`` (GUEST) - - .. code:: bash - - $ ./utils/searxng.sh instance cmd bash -l - (searx-pyenv) [searxng@searxng-archlinux ~]$ pwd - /usr/local/searxng - - .. group-tab:: desktop (HOST) - - .. code:: bash - - $ sudo -H ./utils/lxc.sh cmd searxng-archlinux ./utils/searxng.sh instance cmd bash -l - INFO: [searxng-archlinux] ./utils/searxng.sh instance cmd bash -l - (searx-pyenv) [searxng@searxng-archlinux ~]$ pwd - /usr/local/searxng - -The prompt ``[searxng@searxng-archlinux]`` signals that you are logged in as system -user ``searxng`` in the ``searxng-archlinux`` container and the python *virtualenv* -``(searxng-pyenv)`` environment is activated. - - -Wrap production into developer suite -==================================== - -In this section we will see how to change the *"Fully functional SearXNG suite"* -from a LXC container (which is quite ready for production) into a developer -suite. For this, we have to keep an eye on the :ref:`installation basic`: - -- SearXNG setup in: ``/etc/searxng/settings.yml`` -- SearXNG user's home: ``/usr/local/searxng`` -- virtualenv in: ``/usr/local/searxng/searxng-pyenv`` -- SearXNG software in: ``/usr/local/searxng/searxng-src`` - -With the use of the :ref:`searxng.sh` the SearXNG service was installed as -:ref:`uWSGI application `. To maintain this service, we can use -``systemctl`` (compare :ref:`uWSGI maintenance`). - -.. tabs:: - - .. group-tab:: uwsgi@searxng - - .. code:: bash - - $ sudo -H ./utils/lxc.sh cmd searxng-archlinux systemctl stop uwsgi@searxng - -With the command above, we stopped the SearXNG uWSGI-App in the archlinux -container. - -The uWSGI-App for the archlinux distros is configured in -:origin:`utils/templates/etc/uwsgi/apps-archlinux/searxng.ini`, from where at -least you should attend the settings of ``uid``, ``chdir``, ``env`` and -``http``:: - - env = SEARXNG_SETTINGS_PATH=/etc/searxng/settings.yml - http = 127.0.0.1:8888 - - chdir = /usr/local/searxng/searxng-src/searx - virtualenv = /usr/local/searxng/searxng-pyenv - pythonpath = /usr/local/searxng/searxng-src - -If you have read the :ref:`Good to know` you remember, that each container -shares the root folder of the repository and the command ``utils/lxc.sh cmd`` -handles relative path names **transparent**. - -To wrap the SearXNG installation in the container into a developer one, we -simple have to create a symlink to the **transparent** repository from the -desktop. Now lets replace the repository at ``searxng-src`` in the container -with the working tree from outside of the container: - -.. tabs:: - - .. group-tab:: ``[root@searxng-archlinux SearXNG]`` (GUEST) - - .. code:: bash - - $ mv /usr/local/searxng/searxng-src /usr/local/searxng/searxng-src.old - $ ln -s /share/SearXNG/ /usr/local/searxng/searxng-src - - .. group-tab:: desktop (HOST) - - .. code:: bash - - $ sudo -H ./utils/lxc.sh cmd searxng-archlinux \ - mv /usr/local/searxng/searxng-src /usr/local/searxng/searxng-src.old - - $ sudo -H ./utils/lxc.sh cmd searxng-archlinux \ - ln -s /share/SearXNG/ /usr/local/searxng/searxng-src - -Now we can develop as usual in the working tree of our desktop system. Every -time the software was changed, you have to restart the SearXNG service (in the -container): - -.. tabs:: - - .. group-tab:: uwsgi@searxng - - .. code:: bash - - $ sudo -H ./utils/lxc.sh cmd searxng-archlinux systemctl restart uwsgi@searxng - - -Remember: :ref:`working in containers` .. here are just some examples from my -daily usage: - -To *inspect* the SearXNG instance (already described above): - -.. tabs:: - - .. group-tab:: ``[root@searxng-archlinux SearXNG]`` (GUEST) - - .. code:: bash - - $ ./utils/searxng.sh inspect service - - .. group-tab:: desktop (HOST) - - .. code:: bash - - $ sudo -H ./utils/lxc.sh cmd searxng-archlinux ./utils/searxng.sh inspect service - -Run :ref:`makefile`, e.g. to test inside the container: - -.. tabs:: - - .. group-tab:: ``[root@searxng-archlinux SearXNG]`` (GUEST) - - .. code:: bash - - $ make test - - .. group-tab:: desktop (HOST) - - .. code:: bash - - $ sudo -H ./utils/lxc.sh cmd searxng-archlinux make test - - - -To install all prerequisites needed for a :ref:`buildhosts`: - -.. tabs:: - - .. group-tab:: ``[root@searxng-archlinux SearXNG]`` (GUEST) - - .. code:: bash - - $ ./utils/searxng.sh install buildhost - - .. group-tab:: desktop (HOST) - - .. code:: bash - - $ sudo -H ./utils/lxc.sh cmd searxng-archlinux ./utils/searxng.sh install buildhost - - -To build the docs on a buildhost :ref:`buildhosts`: - -.. tabs:: - - .. group-tab:: ``[root@searxng-archlinux SearXNG]`` (GUEST) - - .. code:: bash - - $ make docs.html - - .. group-tab:: desktop (HOST) - - .. code:: bash - - $ sudo -H ./utils/lxc.sh cmd searxng-archlinux make docs.html - - -.. _lxcdev summary: - -Summary -======= - -We build up a fully functional SearXNG suite in a archlinux container: - -.. code:: bash - - $ sudo -H ./utils/lxc.sh build searxng-archlinux - $ sudo -H ./utils/lxc.sh install suite searxng-archlinux - ... - Developer install? (wraps source from HOST into the running instance) [YES/no] - -To wrap the suite into a developer one answer ``YES`` (or press Enter). - -.. code:: text - - link SearXNG's sources to: /share/SearXNG - ========================================= - - mv -f "/usr/local/searxng/searxng-src" "/usr/local/searxng/searxng-src.backup" - ln -s "/share/SearXNG" "/usr/local/searxng/searxng-src" - ls -ld /usr/local/searxng/searxng-src - |searxng| lrwxrwxrwx 1 searxng searxng ... /usr/local/searxng/searxng-src -> /share/SearXNG - -On code modification the instance has to be restarted (see :ref:`uWSGI -maintenance`): - -.. code:: bash - - $ sudo -H ./utils/lxc.sh cmd searxng-archlinux systemctl restart uwsgi@searxng - -To access HTTP from the desktop we installed nginx for the services inside the -container: - -.. code:: bash - - $ sudo -H ./utils/lxc.sh cmd -- FORCE_TIMEOUT=0 ./utils/searxng.sh install nginx - -To get information about the SearxNG suite in the archlinux container we can -use: - -.. code:: text - - $ sudo -H ./utils/lxc.sh show suite searxng-archlinux - [searxng-archlinux] INFO: (eth0) docs-live: http:///n.n.n.140:8080/ - [searxng-archlinux] INFO: (eth0) IPv6: http://[fd42:555b:2af9:e121:216:3eff:fe5b:1744] - [searxng-archlinux] uWSGI: - [searxng-archlinux] SEARXNG_UWSGI_SOCKET : /usr/local/searxng/run/socket - [searxng-archlinux] environment /usr/local/searxng/searxng-src/utils/brand.env: - [searxng-archlinux] GIT_URL : https://github.com/searxng/searxng - [searxng-archlinux] GIT_BRANCH : master - [searxng-archlinux] SEARXNG_URL : http:///n.n.n.140/searxng - [searxng-archlinux] SEARXNG_PORT : 8888 - [searxng-archlinux] SEARXNG_BIND_ADDRESS : 127.0.0.1 diff --git a/docs/utils/index.rst b/docs/utils/index.rst index b570b07e6..61bb78285 100644 --- a/docs/utils/index.rst +++ b/docs/utils/index.rst @@ -12,7 +12,7 @@ and developers. :maxdepth: 2 searxng.sh - lxc.sh + Common command environments =========================== @@ -24,8 +24,7 @@ The scripts in our tooling box often dispose of common environments: ``FORCE_TIMEOUT`` : environment Sets timeout for interactive prompts. If you want to run a script in batch job, with defaults choices, set ``FORCE_TIMEOUT=0``. By example; to install a - SearXNG server and nginx proxy on all containers of the :ref:`SearXNG suite - ` use:: + SearXNG server and nginx proxy use:: - sudo -H ./utils/lxc.sh cmd -- FORCE_TIMEOUT=0 ./utils/searxng.sh install all - sudo -H ./utils/lxc.sh cmd -- FORCE_TIMEOUT=0 ./utils/searxng.sh install nginx + $ FORCE_TIMEOUT=0 ./utils/searxng.sh install all + $ FORCE_TIMEOUT=0 ./utils/searxng.sh install nginx diff --git a/docs/utils/lxc.sh.rst b/docs/utils/lxc.sh.rst deleted file mode 100644 index fae302c90..000000000 --- a/docs/utils/lxc.sh.rst +++ /dev/null @@ -1,295 +0,0 @@ - -.. _snap: https://snapcraft.io -.. _snapcraft LXD: https://snapcraft.io/lxd -.. _LXC/LXD Image Server: https://uk.images.linuxcontainers.org/ -.. _LXC: https://linuxcontainers.org/lxc/introduction/ -.. _LXD: https://linuxcontainers.org/lxd/introduction/ -.. _`LXD@github`: https://github.com/lxc/lxd - -.. _archlinux: https://www.archlinux.org/ - -.. _lxc.sh: - -================ -``utils/lxc.sh`` -================ - -With the use of *Linux Containers* (LXC_) we can scale our tasks over a stack of -containers, what we call the: *lxc suite*. The :ref:`lxc-searxng.env` is -loaded by default, every time you start the ``lxc.sh`` script (*you do not need -to care about*). - -.. sidebar:: further reading - - - snap_, `snapcraft LXD`_ - - LXC_, LXD_ - - `LXC/LXD Image Server`_ - - `LXD@github`_ - -.. contents:: - :depth: 2 - :local: - :backlinks: entry - - -.. _lxd install: - -Install LXD -=========== - -Before you can start with containers, you need to install and initiate LXD_ -once:: - - $ snap install lxd - $ lxd init --auto - -To make use of the containers from the *SearXNG suite*, you have to build the -:ref:`LXC suite containers ` initial. But be warned, **this might -take some time**:: - - $ sudo -H ./utils/lxc.sh build - -.. sidebar:: hint - - If you have issues with the internet connectivity of your containers read - section :ref:`internet connectivity docker`. - -A cup of coffee later, your LXC suite is build up and you can run whatever task -you want / in a selected or even in all :ref:`LXC suite containers `. - -.. _internet connectivity docker: - -Internet Connectivity & Docker ------------------------------- - -.. sidebar:: further read - - - `Docker blocking network of existing LXC containers `__ - - `Docker and IPtables (fralef.me) `__ - - `Docker and iptables (docker.com) `__ - -There is a conflict in the ``iptables`` setup of Docker & LXC. If you have -docker installed, you may find that the internet connectivity of your LXD -containers no longer work. - -Whenever docker is started (reboot) it sets the iptables policy for the -``FORWARD`` chain to ``DROP`` `[ref] -`__:: - - $ sudo -H iptables-save | grep FORWARD - :FORWARD ACCEPT [7048:7851230] - :FORWARD DROP [7048:7851230] - -A handy solution of this problem might be to reset the policy for the -``FORWARD`` chain after the network has been initialized. For this create a -file in the ``if-up`` section of the network (``/etc/network/if-up.d/iptable``) -and insert the following lines:: - - #!/bin/sh - iptables -F FORWARD - iptables -P FORWARD ACCEPT - -Don't forget to set the execution bit:: - - sudo chmod ugo+x /etc/network/if-up.d/iptable - -Reboot your system and check the iptables rules:: - - $ sudo -H iptables-save | grep FORWARD - :FORWARD ACCEPT [7048:7851230] - :FORWARD ACCEPT [7048:7851230] - - -.. _searxng lxc suite: - -SearXNG LXC suite -================= - -The intention of the *SearXNG LXC suite* is to build up a suite of containers -for development tasks or :ref:`buildhosts ` with a very -small set of simple commands. At the end of the ``--help`` output the SearXNG -suite from the :ref:`lxc-searxng.env` is introduced:: - - $ sudo -H ./utils/lxc.sh --help - ... - LXC suite: searxng - Suite includes installation of SearXNG - images: ubu2004 ubu2204 fedora35 archlinux - containers: searxng-ubu2004 searxng-ubu2204 searxng-fedora35 searxng-archlinux - -As shown above there are images and containers build up on this images. To show -more info about the containers in the *SearXNG LXC suite* call ``show suite``. -If this is the first time you make use of the SearXNG LXC suite, no containers -are installed and the output is:: - - $ sudo -H ./utils/lxc.sh show suite - - LXC suite (searxng-*) - ===================== - - +------+-------+------+------+------+-----------+ - | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | - +------+-------+------+------+------+-----------+ - - WARN: container searxng-ubu2004 does not yet exists - WARN: container searxng-ubu2204 does not yet exists - WARN: container searxng-fedora35 does not yet exists - WARN: container searxng-archlinux does not yet exists - -If you do not want to run a command or a build in all containers, **you can -build just one**. Here by example in the container that is build upon the -*archlinux* image:: - - $ sudo -H ./utils/lxc.sh build searxng-archlinux - $ sudo -H ./utils/lxc.sh cmd searxng-archlinux pwd - -Otherwise, to apply a command to all containers you can use:: - - $ sudo -H ./utils/lxc.sh build - $ sudo -H ./utils/lxc.sh cmd -- ls -la . - -Running commands ----------------- - -**Inside containers, you can run scripts** from the :ref:`toolboxing` or run -what ever command you need. By example, to start a bash use:: - - $ sudo -H ./utils/lxc.sh cmd searxng-archlinux bash - INFO: [searxng-archlinux] bash - [root@searxng-archlinux SearXNG]# - -.. _Good to know: - -Good to know ------------- - -Each container shares the root folder of the repository and the command -``utils/lxc.sh cmd`` **handle relative path names transparent**:: - - $ pwd - /share/SearXNG - - $ sudo -H ./utils/lxc.sh cmd searxng-archlinux pwd - INFO: [searxng-archlinux] pwd - /share/SearXNG - -The path ``/share/SearXNG`` will be different on your HOST system. The commands -in the container are executed by the ``root`` inside of the container. Compare -output of:: - - $ ls -li Makefile - 47712402 -rw-rw-r-- 1 markus markus 2923 Apr 19 13:52 Makefile - - $ sudo -H ./utils/lxc.sh cmd searxng-archlinux ls -li Makefile - INFO: [searxng-archlinux] ls -li Makefile - 47712402 -rw-rw-r-- 1 root root 2923 Apr 19 11:52 Makefile - ... - -Since the path ``/share/SearXNG`` of the HOST system is wrapped into the -container under the same name, the shown ``Makefile`` (inode ``47712402``) in -the output is always the identical ``/share/SearXNG/Makefile`` from the HOST -system. In the example shown above the owner of the path in the container is -the ``root`` user of the container (and the timezone in the container is -different to HOST system). - - -.. _lxc.sh install suite: - -Install suite -------------- - -.. sidebar:: further read - - - :ref:`working in containers` - - :ref:`FORCE_TIMEOUT ` - -To install the complete :ref:`SearXNG suite ` into **all** LXC_ -containers leave the container argument empty and run:: - - $ sudo -H ./utils/lxc.sh build - $ sudo -H ./utils/lxc.sh install suite - -To *build & install* suite only in one container you can use by example:: - - $ sudo -H ./utils/lxc.sh build searxng-archlinux - $ sudo -H ./utils/lxc.sh install suite searxng-archlinux - -The command above installs a SearXNG suite (see :ref:`installation scripts`). -To :ref:`install a nginx ` reverse proxy (or alternatively -use :ref:`apache `):: - - $ sudo -H ./utils/lxc.sh cmd -- FORCE_TIMEOUT=0 ./utils/searxng.sh install nginx - -Same operation just in one container of the suite:: - - $ sudo -H ./utils/lxc.sh cmd searxng-archlinux FORCE_TIMEOUT=0 ./utils/searxng.sh install nginx - -The :ref:`FORCE_TIMEOUT ` environment is set to zero to run the -script without user interaction. - -To get the IP (URL) of the SearXNG service in the containers use ``show suite`` -command. To test instances from containers just open the URLs in your -WEB-Browser:: - - $ sudo ./utils/lxc.sh show suite | grep SEARXNG_URL - - [searxng-ubu2110] SEARXNG_URL : http://n.n.n.170/searxng - [searxng-ubu2004] SEARXNG_URL : http://n.n.n.160/searxng - [searxnggfedora35] SEARXNG_URL : http://n.n.n.150/searxng - [searxng-archlinux] SEARXNG_URL : http://n.n.n.140/searxng - -Clean up --------- - -If there comes the time you want to **get rid off all** the containers and -**clean up local images** just type:: - - $ sudo -H ./utils/lxc.sh remove - $ sudo -H ./utils/lxc.sh remove images - - -.. _Setup SearXNG buildhost: - -Setup SearXNG buildhost -======================= - -You can **install the SearXNG buildhost environment** into one or all containers. -The installation procedure to set up a :ref:`build host` takes its -time. Installation in all containers will take more time (time for another cup -of coffee). :: - - sudo -H ./utils/lxc.sh cmd -- ./utils/searxng.sh install buildhost - -To build (live) documentation inside a archlinux_ container:: - - sudo -H ./utils/lxc.sh cmd searxng-archlinux make docs.clean docs.live - ... - [I 200331 15:00:42 server:296] Serving on http://0.0.0.0:8080 - -To get IP of the container and the port number *live docs* is listening:: - - $ sudo ./utils/lxc.sh show suite | grep docs.live - ... - [searxng-archlinux] INFO: (eth0) docs.live: http://n.n.n.140:8080/ - - -.. _lxc.sh help: - -Command Help -============ - -The ``--help`` output of the script is largely self-explanatory: - -.. program-output:: ../utils/lxc.sh --help - - -.. _lxc-searxng.env: - -SearXNG suite config -==================== - -The SearXNG suite is defined in the file :origin:`utils/lxc-searxng.env`: - -.. literalinclude:: ../../utils/lxc-searxng.env - :language: bash diff --git a/utils/lib.sh b/utils/lib.sh index 7886520c6..ff67c6f67 100755 --- a/utils/lib.sh +++ b/utils/lib.sh @@ -1626,146 +1626,6 @@ EOF fi } -# containers -# ---------- - -in_container() { - # Test if shell runs in a container. - # - # usage: in_container && echo "process running inside a LXC container" - # in_container || echo "process is not running inside a LXC container" - # - # sudo_or_exit - # hint: Reads init process environment, therefore root access is required! - # to be safe, take a look at the environment of process 1 (/sbin/init) - # grep -qa 'container=lxc' /proc/1/environ - - # see lxc_init_container_env - [[ -f /.lxcenv ]] -} - -LXC_ENV_FOLDER= -if in_container; then - # shellcheck disable=SC2034 - LXC_ENV_FOLDER="lxc-env/$(hostname)/" - PY_ENV="${LXC_ENV_FOLDER}${PY_ENV}" - PY_ENV_BIN="${LXC_ENV_FOLDER}${PY_ENV_BIN}" - PYDIST="${LXC_ENV_FOLDER}${PYDIST}" - PYBUILD="${LXC_ENV_FOLDER}${PYBUILD}" - DOCS_DIST="${LXC_ENV_FOLDER}${DOCS_DIST}" - DOCS_BUILD="${LXC_ENV_FOLDER}${DOCS_BUILD}" -fi - -lxc_init_container_env() { - - # usage: lxc_init_container_env - - # Create a /.lxcenv file in the root folder. Call this once after the - # container is initial started and before installing any boilerplate stuff. - - info_msg "create /.lxcenv in container $1" - cat < - # - # lxc_image_copy "images:ubuntu/20.04" "ubu2004" - - if lxc_image_exists "local:${LXC_SUITE[i+1]}"; then - info_msg "image ${LXC_SUITE[i]} already copied --> ${LXC_SUITE[i+1]}" - else - info_msg "copy image locally ${LXC_SUITE[i]} --> ${LXC_SUITE[i+1]}" - lxc image copy "${LXC_SUITE[i]}" local: \ - --alias "${LXC_SUITE[i+1]}" | prefix_stdout - fi -} - -lxc_init_container() { - - # usage: lxc_init_container - - local image_name="$1" - local container_name="$2" - - if lxc info "${container_name}" &>/dev/null; then - info_msg "container '${container_name}' already exists" - else - info_msg "create container instance: ${container_name}" - lxc init "local:${image_name}" "${container_name}" - fi -} - -lxc_exists(){ - - # usage: lxc_exists || echo "container does not exists" - - lxc info "$1" &>/dev/null -} - -lxc_image_exists(){ - # usage: lxc_image_exists || echo "image does locally not exists" - - lxc image info "local:$1" &>/dev/null - -} - -lxc_delete_container() { - - # usage: lxc_delete_container - - if lxc info "$1" &>/dev/null; then - info_msg "stop & delete instance ${_BBlue}${1}${_creset}" - lxc stop "$1" &>/dev/null - lxc delete "$1" | prefix_stdout - else - warn_msg "instance '$1' does not exist / can't delete :o" - fi -} - -lxc_delete_local_image() { - - # usage: lxc_delete_local_image - - info_msg "delete image 'local:$i'" - lxc image delete "local:$i" -} - # IP # -- diff --git a/utils/lib_sxng_test.sh b/utils/lib_sxng_test.sh index b84852c1f..321584bf2 100755 --- a/utils/lib_sxng_test.sh +++ b/utils/lib_sxng_test.sh @@ -21,7 +21,7 @@ if [ "$VERBOSE" = "1" ]; then fi test.yamllint() { - build_msg TEST "[yamllint] \$YAMLLINT_FILES" + build_msg TEST "[yamllint] $YAMLLINT_FILES" pyenv.cmd yamllint --strict --format parsable "${YAMLLINT_FILES[@]}" dump_return $? } @@ -100,7 +100,7 @@ test.types.ci() { } test.black() { - build_msg TEST "[black] \$BLACK_TARGETS" + build_msg TEST "[black] $BLACK_TARGETS" pyenv.cmd black --check --diff "${BLACK_OPTIONS[@]}" "${BLACK_TARGETS[@]}" dump_return $? } diff --git a/utils/lxc-searxng.env b/utils/lxc-searxng.env deleted file mode 100644 index 8cc0ce886..000000000 --- a/utils/lxc-searxng.env +++ /dev/null @@ -1,69 +0,0 @@ -# -*- coding: utf-8; mode: sh indent-tabs-mode: nil -*- -# SPDX-License-Identifier: AGPL-3.0-or-later -# shellcheck shell=bash - -# This file is a setup of a LXC suite. It is sourced from different context, do -# not manipulate the environment directly, implement functions and manipulate -# environment only in subshells. - -lxc_set_suite_env() { - - export LXC_SUITE_NAME="searxng" - - # name of https://images.linuxcontainers.org - export LINUXCONTAINERS_ORG_NAME="${LINUXCONTAINERS_ORG_NAME:-images}" - export LXC_HOST_PREFIX="${LXC_SUITE_NAME:-searx}" - export LXC_SUITE=( - - # end of standard support see https://wiki.ubuntu.com/Releases - "$LINUXCONTAINERS_ORG_NAME:ubuntu/20.04" "ubu2004" # LTS EOSS April 2025 - "$LINUXCONTAINERS_ORG_NAME:ubuntu/22.04" "ubu2204" # LTS EOSS April 2027 - - # EOL see https://fedoraproject.org/wiki/Releases - "$LINUXCONTAINERS_ORG_NAME:fedora/35" "fedora35" - - # rolling releases see https://www.archlinux.org/releng/releases/ - "$LINUXCONTAINERS_ORG_NAME:archlinux" "archlinux" - ) -} - -lxc_suite_install_info() { - ( - lxc_set_suite_env - cat <] - $_cmd copy [images] - $_cmd remove [containers||images] - $_cmd [start|stop] [containers|] - $_cmd show [images|suite|info|config []] - $_cmd cmd [--|] '...' - $_cmd install [suite|base []] - -build - :containers: build, launch all containers and 'install base' packages - :: build, launch container and 'install base' packages -copy: - :images: copy remote images of the suite into local storage -remove - :containers: delete all 'containers' or only - :images: delete local images of the suite -start/stop - :containers: start/stop all 'containers' from the suite - :: start/stop container from suite -show - :info: show info of all (or ) containers from LXC suite - :config: show config of all (or ) containers from the LXC suite - :suite: show services of all (or ) containers from the LXC suite - :images: show information of local images -cmd - use single quotes to evaluate in container's bash, e.g.: 'echo \$(hostname)' - -- run command '...' in all containers of the LXC suite - :: run command '...' in container -install - :base: prepare LXC; install basic packages - :suite: install LXC ${LXC_SUITE_NAME} suite into all (or ) containers - -EOF - usage_containers - [ -n "${1+x}" ] && err_msg "$1" -} - -usage_containers() { - lxc_suite_install_info - [ -n "${1+x}" ] && err_msg "$1" -} - -lxd_info() { - - cat < $2"; exit 42;; - esac - ;; - start|stop) - sudo_or_exit - case $2 in - ''|--|containers) lxc_cmd "$1" ;; - ${LXC_HOST_PREFIX}-*) - ! lxc_exists "$2" && usage_containers "unknown container: $2" && exit 42 - info_msg "lxc $1 $2" - lxc "$1" "$2" | prefix_stdout "[${_BBlue}${i}${_creset}] " - ;; - *) usage "unknown or missing container $2"; exit 42;; - esac - ;; - show) - sudo_or_exit - case $2 in - suite) - case $3 in - ${LXC_HOST_PREFIX}-*) - lxc exec -t "$3" -- "${LXC_REPO_ROOT}/utils/lxc.sh" __show suite \ - | prefix_stdout "[${_BBlue}$3${_creset}] " - ;; - *) show_suite;; - esac - ;; - images) show_images ;; - config) - case $3 in - ${LXC_HOST_PREFIX}-*) - ! lxc_exists "$3" && usage_containers "unknown container: $3" && exit 42 - lxc config show "$3" | prefix_stdout "[${_BBlue}${3}${_creset}] " - ;; - *) - rst_title "container configurations" - echo - lxc list "$LXC_HOST_PREFIX-" - echo - lxc_cmd config show - ;; - esac - ;; - info) - case $3 in - ${LXC_HOST_PREFIX}-*) - ! lxc_exists "$3" && usage_containers "unknown container: $3" && exit 42 - lxc info "$3" | prefix_stdout "[${_BBlue}${3}${_creset}] " - ;; - *) - rst_title "container info" - echo - lxc_cmd info - ;; - esac - ;; - *) usage "$_usage"; exit 42;; - esac - ;; - __show) - # wrapped show commands, called once in each container - case $2 in - suite) lxc_suite_info ;; - esac - ;; - cmd) - sudo_or_exit - shift - case $1 in - --) shift; lxc_exec "$@" ;; - ${LXC_HOST_PREFIX}-*) - ! lxc_exists "$1" && usage_containers "unknown container: $1" && exit 42 - local name=$1 - shift - lxc_exec_cmd "${name}" "$@" - ;; - *) usage_containers "unknown container: $1" && exit 42 - esac - ;; - install) - sudo_or_exit - case $2 in - suite|base) - case $3 in - ${LXC_HOST_PREFIX}-*) - ! lxc_exists "$3" && usage_containers "unknown container: $3" && exit 42 - lxc_exec_cmd "$3" "${LXC_REPO_ROOT}/utils/lxc.sh" __install "$2" - ;; - ''|--) lxc_exec "${LXC_REPO_ROOT}/utils/lxc.sh" __install "$2" ;; - *) usage_containers "unknown container: $3" && exit 42 - esac - ;; - *) usage "$_usage"; exit 42 ;; - esac - ;; - __install) - # wrapped install commands, called once in each container - # shellcheck disable=SC2119 - case $2 in - suite) lxc_suite_install ;; - base) FORCE_TIMEOUT=0 lxc_install_base_packages ;; - esac - ;; - doc) - echo - echo ".. generic utils/lxc.sh documentation" - ;; - -*) usage "unknown option $1"; exit 42;; - *) usage "unknown or missing command $1"; exit 42;; - esac -} - - -build_all_containers() { - rst_title "Build all LXC containers of suite" - echo - usage_containers - lxc_copy_images_locally - lxc_init_all_containers - lxc_config_all_containers - lxc_boilerplate_all_containers - rst_title "install LXC base packages" section - echo - lxc_exec "${LXC_REPO_ROOT}/utils/lxc.sh" __install base - echo - lxc list "$LXC_HOST_PREFIX" -} - -build_container() { - rst_title "Build container $1" - - local remote_image - local container - local image - local boilerplate_script - - for ((i=0; i<${#LXC_SUITE[@]}; i+=2)); do - if [ "${LXC_HOST_PREFIX}-${LXC_SUITE[i+1]}" = "$1" ]; then - remote_image="${LXC_SUITE[i]}" - container="${LXC_HOST_PREFIX}-${LXC_SUITE[i+1]}" - image="${LXC_SUITE[i+1]}" - boilerplate_script="${image}_boilerplate" - boilerplate_script="${!boilerplate_script}" - break - fi - done - echo - if [ -z "$container" ]; then - err_msg "container $1 unknown" - usage_containers - return 42 - fi - lxc_image_copy "${remote_image}" "${image}" - rst_title "init container" section - lxc_init_container "${image}" "${container}" - rst_title "configure container" section - lxc_config_container "${container}" - rst_title "run LXC boilerplate scripts" section - lxc_install_boilerplate "${container}" "$boilerplate_script" - echo - rst_title "install LXC base packages" section - lxc_exec_cmd "${container}" "${LXC_REPO_ROOT}/utils/lxc.sh" __install base \ - | prefix_stdout "[${_BBlue}${container}${_creset}] " - echo - lxc list "$container" -} - -remove_containers() { - rst_title "Remove all LXC containers of suite" - rst_para "existing containers matching ${_BGreen}$LXC_HOST_PREFIX-*${_creset}" - echo - lxc list "$LXC_HOST_PREFIX-" - echo -en "\\n${_BRed}LXC containers to delete::${_creset}\\n\\n ${CONTAINERS[*]}\\n" | $FMT - local default=Ny - [[ $FORCE_TIMEOUT = 0 ]] && default=Yn - if ask_yn "Do you really want to delete these containers" $default; then - for i in "${CONTAINERS[@]}"; do - lxc_delete_container "$i" - done - fi - echo - lxc list "$LXC_HOST_PREFIX-" -} - -# images -# ------ - -lxc_copy_images_locally() { - rst_title "copy images" section - for ((i=0; i<${#LXC_SUITE[@]}; i+=2)); do - lxc_image_copy "${LXC_SUITE[i]}" "${LXC_SUITE[i+1]}" - done - # lxc image list local: && wait_key -} - -lxc_delete_images_locally() { - rst_title "Delete LXC images" - rst_para "local existing images" - echo - lxc image list local: - echo -en "\\n${_BRed}LXC images to delete::${_creset}\\n\\n ${LOCAL_IMAGES[*]}\\n" - if ask_yn "Do you really want to delete these images"; then - for i in "${LOCAL_IMAGES[@]}"; do - lxc_delete_local_image "$i" - done - fi - - for i in $(lxc image list --format csv | grep '^,' | sed 's/,\([^,]*\).*$/\1/'); do - if ask_yn "Image $i has no alias, do you want to delete the image?" Yn; then - lxc_delete_local_image "$i" - fi - done - - echo - lxc image list local: -} - -show_images(){ - rst_title "local images" - echo - lxc image list local: - echo -en "\\n${_Green}LXC suite images::${_creset}\\n\\n ${LOCAL_IMAGES[*]}\\n" - wait_key - for i in "${LOCAL_IMAGES[@]}"; do - if lxc_image_exists "$i"; then - info_msg "lxc image info ${_BBlue}${i}${_creset}" - lxc image info "$i" | prefix_stdout "[${_BBlue}${i}${_creset}] " - else - warn_msg "image ${_BBlue}$i${_creset} does not yet exists" - fi - done - -} - - -# container -# --------- - -show_suite(){ - rst_title "LXC suite ($LXC_HOST_PREFIX-*)" - echo - lxc list "$LXC_HOST_PREFIX-" - echo - for i in "${CONTAINERS[@]}"; do - if ! lxc_exists "$i"; then - warn_msg "container ${_BBlue}$i${_creset} does not yet exists" - else - lxc exec -t "${i}" -- "${LXC_REPO_ROOT}/utils/lxc.sh" __show suite \ - | prefix_stdout "[${_BBlue}${i}${_creset}] " - echo - fi - done -} - -lxc_cmd() { - for i in "${CONTAINERS[@]}"; do - if ! lxc_exists "$i"; then - warn_msg "container ${_BBlue}$i${_creset} does not yet exists" - else - info_msg "lxc $* $i" - lxc "$@" "$i" | prefix_stdout "[${_BBlue}${i}${_creset}] " - fi - done -} - -lxc_exec_cmd() { - local name="$1" - shift - exit_val= - info_msg "[${_BBlue}${name}${_creset}] ${_BGreen}${*}${_creset}" - lxc exec -t --cwd "${LXC_REPO_ROOT}" "${name}" -- bash -c "$*" - exit_val=$? - if [[ $exit_val -ne 0 ]]; then - warn_msg "[${_BBlue}${name}${_creset}] exit code (${_BRed}${exit_val}${_creset}) from ${_BGreen}${*}${_creset}" - else - info_msg "[${_BBlue}${name}${_creset}] exit code (${exit_val}) from ${_BGreen}${*}${_creset}" - fi -} - -lxc_exec() { - for i in "${CONTAINERS[@]}"; do - if ! lxc_exists "$i"; then - warn_msg "container ${_BBlue}$i${_creset} does not yet exists" - else - lxc_exec_cmd "${i}" "$@" | prefix_stdout "[${_BBlue}${i}${_creset}] " - fi - done -} - -lxc_init_all_containers() { - rst_title "init all containers" section - - local image_name - local container_name - - for ((i=0; i<${#LXC_SUITE[@]}; i+=2)); do - lxc_init_container "${LXC_SUITE[i+1]}" "${LXC_HOST_PREFIX}-${LXC_SUITE[i+1]}" - done -} - -lxc_config_all_containers() { - rst_title "configure all containers" section - - for i in "${CONTAINERS[@]}"; do - lxc_config_container "${i}" - done -} - -lxc_config_container() { - info_msg "[${_BBlue}$1${_creset}] configure container ..." - - info_msg "[${_BBlue}$1${_creset}] map uid/gid from host to container" - # https://lxd.readthedocs.io/en/latest/userns-idmap/#custom-idmaps - echo -e -n "uid $HOST_USER_ID 0\\ngid $HOST_GROUP_ID 0"\ - | lxc config set "$1" raw.idmap - - - info_msg "[${_BBlue}$1${_creset}] share ${REPO_ROOT} (repo_share) from HOST into container" - # https://lxd.readthedocs.io/en/latest/instances/#type-disk - lxc config device add "$1" repo_share disk \ - source="${REPO_ROOT}" \ - path="${LXC_REPO_ROOT}" &>/dev/null - # lxc config show "$1" && wait_key -} - -lxc_boilerplate_all_containers() { - rst_title "run LXC boilerplate scripts" section - - local boilerplate_script - local image_name - - for ((i=0; i<${#LXC_SUITE[@]}; i+=2)); do - - image_name="${LXC_SUITE[i+1]}" - boilerplate_script="${image_name}_boilerplate" - boilerplate_script="${!boilerplate_script}" - - lxc_install_boilerplate "${LXC_HOST_PREFIX}-${image_name}" "$boilerplate_script" - - if [[ -z "${boilerplate_script}" ]]; then - err_msg "[${_BBlue}${container_name}${_creset}] no boilerplate for image '${image_name}'" - fi - done -} - -lxc_install_boilerplate() { - - # usage: lxc_install_boilerplate - # - # usage: lxc_install_boilerplate searx-archlinux "${archlinux_boilerplate}" - - local container_name="$1" - local boilerplate_script="$2" - - info_msg "[${_BBlue}${container_name}${_creset}] init .." - if lxc start -q "${container_name}" &>/dev/null; then - sleep 5 # guest needs some time to come up and get an IP - fi - if ! check_connectivity "${container_name}"; then - die 42 "Container ${container_name} has no internet connectivity!" - fi - lxc_init_container_env "${container_name}" - info_msg "[${_BBlue}${container_name}${_creset}] install /.lxcenv.mk .." - cat </dev/null; then - sleep 5 # guest needs some time to come up and get an IP - fi - if [[ -n "${boilerplate_script}" ]]; then - echo "${boilerplate_script}" \ - | lxc exec "${container_name}" -- bash \ - | prefix_stdout "[${_BBlue}${container_name}${_creset}] " - fi -} - -check_connectivity() { - local ret_val=0 - info_msg "check internet connectivity ..." - if ! lxc exec "${1}" -- ping -c 1 9.9.9.9 &>/dev/null; then - ret_val=1 - err_msg "no internet connectivity!" - info_msg "Most often the connectivity is blocked by a docker installation:" - info_msg "Whenever docker is started (reboot) it sets the iptables policy " - info_msg "for the FORWARD chain to DROP, see:" - info_msg " https://docs.searxng.org/utils/lxc.sh.html#internet-connectivity-docker" - iptables-save | grep ":FORWARD" - fi - return $ret_val -} - -# ---------------------------------------------------------------------------- -main "$@" -# ---------------------------------------------------------------------------- diff --git a/utils/makefile.include b/utils/makefile.include index 40f9d3302..c30b4e88f 100644 --- a/utils/makefile.include +++ b/utils/makefile.include @@ -1,22 +1,8 @@ # -*- coding: utf-8; mode: makefile-gmake -*- # SPDX-License-Identifier: AGPL-3.0-or-later -ifeq (,$(wildcard /.lxcenv.mk)) -PHONY += lxc-activate lxc-purge -lxc-activate: - @$(MAKE) -s -f "$$(dirname $(abspath $(lastword $(MAKEFILE_LIST))))/makefile.lxc" lxc-activate -lxc-purge: - $(Q)rm -rf ./lxc-env -else - include /.lxcenv.mk -endif - PHONY += make-help -ifeq (,$(wildcard /.lxcenv.mk)) make-help: -else -make-help: lxc-help -endif @echo 'options:' @echo ' make V=0|1 [targets] 0 => quiet build (default), 1 => verbose build' @echo ' make V=2 [targets] 2 => give reason for rebuild of target' diff --git a/utils/makefile.lxc b/utils/makefile.lxc deleted file mode 100644 index 95a8d4317..000000000 --- a/utils/makefile.lxc +++ /dev/null @@ -1,32 +0,0 @@ -# -*- coding: utf-8; mode: makefile-gmake -*- -# -# LXC environment -# =============== -# -# To activate/deactivate LXC makefile environment in a container, set/unset link -# from root '/.lxcenv.mk' to *this* file:: -# -# sudo make ./utils/makefile.lxc lxc-activate -# sudo make ./utils/makefile.lxc lxc-deactivate - -LXC_ENV_FOLDER=lxc-env/$(shell hostname)/ - -lxc-help:: - @echo ' LXC: running in container LXC_ENV_FOLDER=$(LXC_ENV_FOLDER)' - -# If not activated, serve target 'lxc-activate' .. -ifeq (,$(wildcard /.lxcenv.mk)) -PHONY += lxc-activate -lxc-activate: - ln -s "$(abspath $(lastword $(MAKEFILE_LIST)))" "/.lxcenv.mk" -else -# .. and if activated, serve target 'lxc-deactivate'. -PHONY += lxc-deactivate -lxc-deactivate: - rm /.lxcenv.mk -$(LXC_ENV_FOLDER): - $(Q)mkdir -p $(LXC_ENV_FOLDER) - $(Q)echo placeholder > $(LXC_ENV_FOLDER).placeholder -endif - -.PHONY: $(PHONY) diff --git a/utils/searxng.sh b/utils/searxng.sh index 663ca6d3d..d4c3011c9 100755 --- a/utils/searxng.sh +++ b/utils/searxng.sh @@ -41,10 +41,6 @@ fi SEARXNG_URL="${SEARXNG_URL:-http://$(uname -n)/searxng}" SEARXNG_URL="${SEARXNG_URL%/}" # if exists, remove trailing slash -if in_container; then - # hint: Linux containers do not have DNS entries, lets use IPs - SEARXNG_URL="http://$(primary_ip)/searxng" -fi SEARXNG_URL_PATH="$(echo "${SEARXNG_URL}" | sed -e 's,^.*://[^/]*\(/.*\),\1,g')" [[ "${SEARXNG_URL_PATH}" == "${SEARXNG_URL}" ]] && SEARXNG_URL_PATH=/ @@ -114,9 +110,7 @@ esac _service_prefix=" ${_Yellow}|${SERVICE_USER}|${_creset} " -# ---------------------------------------------------------------------------- usage() { -# ---------------------------------------------------------------------------- # shellcheck disable=SC1117 cat <