schiwagoa/ufw-docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix code problems

Browse Source
This commit is contained in:
Chai Feng 2018-10-06 12:54:38 +08:00
parent f16f69a23f
commit 4ab8060b92
No known key found for this signature in database
GPG Key ID: 2DCD9A24E523FFD2
2 changed files with 14 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docker-entrypoint.sh
View File

@ -22,16 +22,16 @@ function update-ufw-rules() {
-e 's/^declare -x ufw_public_//' \ -e 's/^declare -x ufw_public_//' \
-e 's/="/ /' \ -e 's/="/ /' \
-e 's/"$//' | -e 's/"$//' |
while read id port; do while read -r id port; do
ufw-allow-or-deny-service "${id}" "${port#*/}" ufw-allow-or-deny-service "${id}" "${port#*/}"
done done
} }
function run-ufw-docker() { function run-ufw-docker() {
declare -a docker_opts=(run --rm -t --name ufw-docker-agent-"${RANDOM}"-$(date '+%Y%m%d%H%M%S') declare -a docker_opts=(run --rm -t --name "ufw-docker-agent-${RANDOM}-$(date '+%Y%m%d%H%M%S')"
--cap-add NET_ADMIN --network host --cap-add NET_ADMIN --network host
--env DEBUG="$DEBUG" --env "DEBUG=${DEBUG}"
--env UFW_DOCKER_FORCE_ADD=yes --env "UFW_DOCKER_FORCE_ADD=yes"
-v /var/run/docker.sock:/var/run/docker.sock -v /var/run/docker.sock:/var/run/docker.sock
-v /etc/ufw:/etc/ufw "${ufw_docker_agent_image}" "$@") -v /etc/ufw:/etc/ufw "${ufw_docker_agent_image}" "$@")
docker "${docker_opts[@]}" docker "${docker_opts[@]}"
@ -63,7 +63,7 @@ function main() {
if [[ -f "$1" ]]; then if [[ -f "$1" ]]; then
exec "$@" exec "$@"
else else
echo "Unknown parameters: $@" >&2 echo "Unknown parameters:" "$@" >&2
exit 1 exit 1
fi fi
esac esac

14
ufw-docker
View File

@ -83,7 +83,8 @@ function ufw-docker--add-service-rule() {
declare port="${2%/*}" declare port="${2%/*}"
declare proto="${2#*/}" declare proto="${2#*/}"
declare target_ip_port="$(iptables -t nat -L DOCKER-INGRESS | grep -E "^DNAT\\s+${proto}\\s+.+\\sto:[.0-9]+:${port}\$" | grep -Eo "[.0-9]+:${port}\$")" declare target_ip_port
target_ip_port="$(iptables -t nat -L DOCKER-INGRESS | grep -E "^DNAT\\s+${proto}\\s+.+\\sto:[.0-9]+:${port}\$" | grep -Eo "[.0-9]+:${port}\$")"
[[ -z "$target_ip_port" ]] && die "Could not find VIP of service ${service_id}." [[ -z "$target_ip_port" ]] && die "Could not find VIP of service ${service_id}."
@ -96,6 +97,8 @@ function ufw-docker--add-rule() {
local PORT="$3" local PORT="$3"
local PROTO="$4" local PROTO="$4"
declare comment
echo "allow ${INSTANCE_NAME} ${PORT}/${PROTO}" echo "allow ${INSTANCE_NAME} ${PORT}/${PROTO}"
typeset -a UFW_OPTS typeset -a UFW_OPTS
UFW_OPTS=(route allow proto "${PROTO}" UFW_OPTS=(route allow proto "${PROTO}"
@ -103,7 +106,7 @@ function ufw-docker--add-rule() {
comment="allow ${INSTANCE_NAME}" comment="allow ${INSTANCE_NAME}"
[[ -n "$PORT" ]] && { [[ -n "$PORT" ]] && {
UFW_OPTS+=(port "${PORT}") UFW_OPTS+=(port "${PORT}")
comment=("$comment ${PORT}/${PROTO}") comment="$comment ${PORT}/${PROTO}"
} }
UFW_OPTS+=(comment "$comment") UFW_OPTS+=(comment "$comment")
@ -178,14 +181,15 @@ function ufw-docker--service-allow() {
service_port="${service_port%/*}" service_port="${service_port%/*}"
fi fi
declare service_id="$(ufw-docker--get-service-id "${service_name}")" declare service_id
service_id="$(ufw-docker--get-service-id "${service_name}")"
[[ -z "${service_id:-}" ]] && die "Could not find service \"$service_name\"" [[ -z "${service_id:-}" ]] && die "Could not find service \"$service_name\""
service_name="$(ufw-docker--get-service-name "${service_name}")" service_name="$(ufw-docker--get-service-name "${service_name}")"
exec 9< <(docker service inspect "$service_name" \ exec 9< <(docker service inspect "$service_name" \
--format '{{range .Endpoint.Spec.Ports}}{{.PublishedPort}} {{.TargetPort}}/{{.Protocol}}{{"\n"}}{{end}}') --format '{{range .Endpoint.Spec.Ports}}{{.PublishedPort}} {{.TargetPort}}/{{.Protocol}}{{"\n"}}{{end}}')
while read -u 9 port target_port; do while read -u 9 -r port target_port; do
if [[ "$target_port" = "${service_port}/${service_proto}" ]]; then if [[ "$target_port" = "${service_port}/${service_proto}" ]]; then
declare service_env="ufw_public_${service_id}=${service_name}/${port}/${service_proto}" declare service_env="ufw_public_${service_id}=${service_name}/${port}/${service_proto}"
break; break;
@ -222,7 +226,7 @@ function ufw-docker--service-delete() {
sed -e '/^ufw_public_/!d' \ sed -e '/^ufw_public_/!d' \
-e 's/^ufw_public_//' \ -e 's/^ufw_public_//' \
-e 's/=/ /') -e 's/=/ /')
while read -u 8 id value; do while read -u 8 -r id value; do
if [[ "$id" = "$service_name" ]] || [[ "$value" = "${service_name}"/* ]]; then if [[ "$id" = "$service_name" ]] || [[ "$value" = "${service_name}"/* ]]; then
declare service_id="$id" declare service_id="$id"
service_name="${value%%/*}" service_name="${value%%/*}"