schiwagoa/ufw-docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Auto select the correct agent image for different version of iptables

Browse Source
This commit is contained in:
Chai Feng 2022-09-20 21:26:16 +08:00
parent d110fc00ff
commit 5033bf815c
No known key found for this signature in database
GPG Key ID: 2DCD9A24E523FFD2
4 changed files with 60 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@ -1,4 +1,4 @@
FROM ubuntu:22.04
FROM ubuntu:20.04
ARG docker_version="20.10.17"

10
Vagrantfile vendored
View File

@ -7,8 +7,8 @@ ENV['VAGRANT_NO_PARALLEL']="true"
Vagrant.configure('2') do |config|
config.vm.box = "chaifeng/ubuntu-22.04-docker-#{(`uname -m`.strip == "arm64")?"20.10.17-arm64":"19.03.13"}"
#config.vm.box = "chaifeng/ubuntu-16.04-docker-18.03"
#config.vm.box = "chaifeng/ubuntu-22.04-docker-#{(`uname -m`.strip == "arm64")?"20.10.17-arm64":"19.03.13"}"
config.vm.box = "chaifeng/ubuntu-20.04-docker-#{(`uname -m`.strip == "arm64")?"19.03.13-arm64":"19.03.13"}"
config.vm.provider 'virtualbox' do |vb|
vb.memory = '1024'
@ -85,10 +85,10 @@ Vagrant.configure('2') do |config|
master.vm.provision "docker-build-ufw-docker-agent", preserve_order: true, type: 'shell', inline: <<-SHELL
set -euo pipefail
docker build -t #{ufw_docker_agent_image} /vagrant
docker push #{ufw_docker_agent_image}
docker build -t #{ufw_docker_agent_image}-legacy /vagrant
docker push #{ufw_docker_agent_image}-legacy
echo "export UFW_DOCKER_AGENT_IMAGE=#{ufw_docker_agent_image}" > /etc/profile.d/ufw-docker.sh
echo "export UFW_DOCKER_AGENT_IMAGE=#{ufw_docker_agent_image}-nf_tables" > /etc/profile.d/ufw-docker.sh
echo "export DEBUG=true" >> /etc/profile.d/ufw-docker.sh
echo "Defaults env_keep += UFW_DOCKER_AGENT_IMAGE" > /etc/sudoers.d/98_ufw-docker

43
test/ufw-docker.test.sh
View File

@ -12,12 +12,17 @@ source "$working_dir"/bach/bach.sh
@mocktrue ufw status
@mocktrue grep -Fq "Status: active"
@mock iptables --version
@mocktrue grep -F '(legacy)'
@ignore remove_blank_lines
@ignore echo
@ignore err
DEFAULT_PROTO=tcp
GREP_REGEXP_INSTANCE_NAME="[-_.[:alnum:]]\\+"
UFW_DOCKER_AGENT_IMAGE=chaifeng/ufw-docker-agent:090502-legacy
}
function ufw-docker() {
@ -30,6 +35,41 @@ function load-ufw-docker-function() {
@load_function "$working_dir/../ufw-docker" "$1"
}
test-ufw-docker-init-legacy() {
@mocktrue grep -F '(legacy)'
@source <(@sed '/PATH=/d' "$working_dir/../ufw-docker") help
}
test-ufw-docker-init-legacy-assert() {
iptables --version
test -n chaifeng/ufw-docker-agent:090502-legacy
trap on-exit EXIT INT TERM QUIT ABRT ERR
@dryrun cat
}
test-ufw-docker-init-nf_tables() {
@mockfalse grep -F '(legacy)'
@source <(@sed '/PATH=/d' "$working_dir/../ufw-docker") help
}
test-ufw-docker-init-nf_tables-assert() {
iptables --version
test -n chaifeng/ufw-docker-agent:090502-nf_tables
trap on-exit EXIT INT TERM QUIT ABRT ERR
@dryrun cat
}
test-ufw-docker-init() {
UFW_DOCKER_AGENT_IMAGE=chaifeng/ufw-docker-agent:100917
@source <(@sed '/PATH=/d' "$working_dir/../ufw-docker") help
}
test-ufw-docker-init-assert() {
test -n chaifeng/ufw-docker-agent:100917
trap on-exit EXIT INT TERM QUIT ABRT ERR
@dryrun cat
}
test-ufw-docker-help() {
ufw-docker help
}
@ -48,11 +88,12 @@ test-ufw-docker-without-parameters-assert() {
test-ufw-is-disabled() {
@mockfalse grep -Fq "Status: active"
@mock iptables --version === @stdout 'iptables v1.8.4 (legacy)'
ufw-docker
}
test-ufw-is-disabled-assert() {
die "UFW is disabled or you are not root user."
die "UFW is disabled or you are not root user, or mismatched iptables legacy/nf_tables, current iptables v1.8.4 (legacy)"
ufw-docker--help
}

14
ufw-docker
View File

@ -11,7 +11,17 @@ GREP_REGEXP_INSTANCE_NAME="[-_.[:alnum:]]\\+"
DEFAULT_PROTO=tcp
ufw_docker_agent=ufw-docker-agent
ufw_docker_agent_image="${UFW_DOCKER_AGENT_IMAGE:-chaifeng/${ufw_docker_agent}:210925}"
ufw_docker_agent_image="${UFW_DOCKER_AGENT_IMAGE:-chaifeng/${ufw_docker_agent}:220920-legacy}"
if [[ "${ufw_docker_agent_image}" = *-@(legacy|nf_tables) ]]; then
if iptables --version | grep -F '(legacy)' &>/dev/null; then
ufw_docker_agent_image="${ufw_docker_agent_image%-*}-legacy"
else
ufw_docker_agent_image="${ufw_docker_agent_image%-*}-nf_tables"
fi
fi
test -n "$ufw_docker_agent_image"
function ufw-docker--status() {
ufw-docker--list "$GREP_REGEXP_INSTANCE_NAME"
@ -409,7 +419,7 @@ function die() {
# __main__
if ! ufw status 2>/dev/null | grep -Fq "Status: active" ; then
die "UFW is disabled or you are not root user."
die "UFW is disabled or you are not root user, or mismatched iptables legacy/nf_tables, current $(iptables --version)"
fi
ufw_action="${1:-help}"