WIP: update docker-entrypoint.sh
This commit is contained in:
Chai Feng
parent
a53fe1ba25
commit
b6c6516731
@ -6,15 +6,16 @@ ufw_docker_agent=ufw-docker-agent
|
|||||||
ufw_docker_agent_image="${ufw_docker_agent_image:-chaifeng/${ufw_docker_agent}:181003}"
|
ufw_docker_agent_image="${ufw_docker_agent_image:-chaifeng/${ufw_docker_agent}:181003}"
|
||||||
|
|
||||||
function ufw-update-service-instances() {
|
function ufw-update-service-instances() {
|
||||||
name="$1"
|
id="$1"
|
||||||
port="$2"
|
port="$2"
|
||||||
|
|
||||||
declare -a opts=("$name")
|
declare -a opts
|
||||||
[[ "$port" = all ]] || opts+=("$port")
|
[[ "$port" = all ]] || opts+=("$port")
|
||||||
|
|
||||||
docker ps -qf "label=com.docker.swarm.service.name=${name}" |
|
docker ps -qf "label=com.docker.swarm.service.id=${id}" |
|
||||||
while read name; do
|
while read name; do
|
||||||
ufw-docker allow "${opts[@]}"
|
echo "$id $name $port"
|
||||||
|
run-ufw-docker allow "${name}" "${opts[@]}"
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -23,14 +24,18 @@ function update-ufw-rules() {
|
|||||||
-e 's/^declare -x ufw_public_//' \
|
-e 's/^declare -x ufw_public_//' \
|
||||||
-e 's/="/ /' \
|
-e 's/="/ /' \
|
||||||
-e 's/"$//' |
|
-e 's/"$//' |
|
||||||
while read name port; do
|
while read id port; do
|
||||||
echo "${name}=$port"
|
echo "${id}=$port"
|
||||||
ufw-update-service-instances "${name}" "${port}"
|
ufw-update-service-instances "${id}" "${port}"
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
function run-ufw-docker() {
|
function run-ufw-docker() {
|
||||||
echo docker run --rm --cap-add NET_ADMIN --network host -v /etc/ufw:/etc/ufw "${ufw_docker_agent}" "$@"
|
declare -a docker_opts=(run --rm -t --name ufw-docker-agent-tmp-$(date '+%Y%m%d%H%M%S') \
|
||||||
|
--cap-add NET_ADMIN --network host \
|
||||||
|
-v /var/run/docker.sock:/var/run/docker.sock \
|
||||||
|
-v /etc/ufw:/etc/ufw "${ufw_docker_agent_image}" "$@")
|
||||||
|
echo docker "${docker_opts[@]}"
|
||||||
}
|
}
|
||||||
|
|
||||||
function get-service-name-of() {
|
function get-service-name-of() {
|
||||||
@ -43,7 +48,7 @@ function get-service-id-of() {
|
|||||||
|
|
||||||
case "$1" in
|
case "$1" in
|
||||||
start)
|
start)
|
||||||
run-ufw-docker update-ufw-rules
|
update-ufw-rules
|
||||||
docker events --format '{{.Time}} {{.Status}} {{.Actor.Attributes.name}}' --filter 'scope=local' --filter 'type=container' |
|
docker events --format '{{.Time}} {{.Status}} {{.Actor.Attributes.name}}' --filter 'scope=local' --filter 'type=container' |
|
||||||
while read time status name; do
|
while read time status name; do
|
||||||
echo "$time $status $name" >&2
|
echo "$time $status $name" >&2
|
||||||
@ -54,8 +59,11 @@ case "$1" in
|
|||||||
[[ -z "$env_name" ]] && continue
|
[[ -z "$env_name" ]] && continue
|
||||||
|
|
||||||
declare -a agent_opts=()
|
declare -a agent_opts=()
|
||||||
[[ "$status" = start ]] && agent_opts+=(allow "$name")
|
if [[ "$status" = kill ]]; then
|
||||||
[[ "$status" = kill ]] && agent_opts+=(delete allow "$name")
|
agent_opts+=(delete allow "$name")
|
||||||
|
elif [[ "$status" = start ]]; then
|
||||||
|
agent_opts+=(allow "$name")
|
||||||
|
fi
|
||||||
|
|
||||||
run-ufw-docker "${agent_opts[@]}" >&2
|
run-ufw-docker "${agent_opts[@]}" >&2
|
||||||
done
|
done
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user