dockerd: refactoring uciadd and ucidel handling
This change makes the handling of adding and deleting interface, device bridge and firewall more robust. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This commit is contained in:
Florian Eckert
parent
ceaccc1c7a
commit
0fded274ec
2 changed files with 51 additions and 15 deletions
|
|
@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
|
|||
|
||||
PKG_NAME:=dockerd
|
||||
PKG_VERSION:=20.10.7
|
||||
PKG_RELEASE:=1
|
||||
PKG_RELEASE:=2
|
||||
PKG_LICENSE:=Apache-2.0
|
||||
PKG_LICENSE_FILES:=LICENSE
|
||||
|
||||
|
|
|
|||
|
|
@ -17,6 +17,28 @@ json_add_array_string() {
|
|||
json_add_string "" "${1}"
|
||||
}
|
||||
|
||||
find_network_device() {
|
||||
local device="${1}"
|
||||
local device_section=""
|
||||
|
||||
check_device() {
|
||||
local cfg="${1}"
|
||||
local device="${2}"
|
||||
|
||||
local type name
|
||||
config_get type "${cfg}" type
|
||||
config_get name "${cfg}" name
|
||||
|
||||
[ "${type}" = "bridge" ] && [ "${name}" = "${device}" ] \
|
||||
&& device_section="${cfg}"
|
||||
}
|
||||
|
||||
config_load network
|
||||
config_foreach check_device device "${device}"
|
||||
|
||||
echo "${device_section}"
|
||||
}
|
||||
|
||||
boot() {
|
||||
uciadd
|
||||
rc_procd start_service
|
||||
|
|
@ -40,32 +62,31 @@ uciadd() {
|
|||
|
||||
# Add network interface
|
||||
if ! uci_quiet get network.${iface}; then
|
||||
logger -t "dockerd-init" -p notice "Adding docker default interface to network uci config (${iface})"
|
||||
logger -t "dockerd-init" -p notice "Adding interface '${iface}' to network config"
|
||||
uci_quiet add network interface
|
||||
uci_quiet rename network.@interface[-1]="${iface}"
|
||||
uci_quiet set network.@interface[-1].ifname="${device}"
|
||||
uci_quiet set network.@interface[-1].device="${device}"
|
||||
uci_quiet set network.@interface[-1].proto="none"
|
||||
uci_quiet set network.@interface[-1].auto="0"
|
||||
uci_quiet commit network
|
||||
fi
|
||||
|
||||
# Add docker bridge device
|
||||
if ! uci_quiet get network.${device}; then
|
||||
logger -t "dockerd-init" -p notice "Adding docker default bridge device to network uci config (${device})"
|
||||
if [ "$(find_network_device "$device")" = "" ]; then
|
||||
logger -t "dockerd-init" -p notice "Adding bridge device '${device}' to network config"
|
||||
uci_quiet add network device
|
||||
uci_quiet rename network.@device[-1]="${device}"
|
||||
uci_quiet set network.@device[-1].type="bridge"
|
||||
uci_quiet set network.@device[-1].name="${device}"
|
||||
uci_quiet add_list network.@device[-1].ifname="${device}"
|
||||
uci_quiet commit network
|
||||
else
|
||||
logger -t "dockerd-init" -p notice "Bridge device '${device}' already defined in network config"
|
||||
fi
|
||||
|
||||
# Add firewall zone
|
||||
if ! uci_quiet get firewall.${zone}; then
|
||||
logger -t "dockerd-init" -p notice "Adding docker default firewall zone to firewall uci config (${zone})"
|
||||
logger -t "dockerd-init" -p notice "Adding firewall zone '${zone}' to firewall config"
|
||||
uci_quiet add firewall zone
|
||||
uci_quiet rename firewall.@zone[-1]="${zone}"
|
||||
uci_quiet set firewall.@zone[-1].network="${iface}"
|
||||
uci_quiet set firewall.@zone[-1].input="ACCEPT"
|
||||
uci_quiet set firewall.@zone[-1].output="ACCEPT"
|
||||
uci_quiet set firewall.@zone[-1].forward="ACCEPT"
|
||||
|
|
@ -73,6 +94,13 @@ uciadd() {
|
|||
uci_quiet commit firewall
|
||||
fi
|
||||
|
||||
# Add interface to firewall zone
|
||||
if uci_quiet get firewall.${zone}; then
|
||||
uci_quiet del_list firewall.${zone}.network="${iface}"
|
||||
uci_quiet add_list firewall.${zone}.network="${iface}"
|
||||
uci_quiet commit firewall
|
||||
fi
|
||||
|
||||
reload_config
|
||||
}
|
||||
|
||||
|
|
@ -92,21 +120,29 @@ ucidel() {
|
|||
exit 0
|
||||
}
|
||||
|
||||
if uci_quiet get network.${device}; then
|
||||
logger -t "dockerd-init" -p notice "Deleting docker default bridge device from network uci config (${device})"
|
||||
uci_quiet delete network.${device}
|
||||
# Remove network device
|
||||
if uci_quiet delete network.$(find_network_device "${device}"); then
|
||||
logger -t "dockerd-init" -p notice "Deleting bridge device '${device}' from network config"
|
||||
uci_quiet commit network
|
||||
fi
|
||||
|
||||
# Remove network interface
|
||||
if uci_quiet get network.${iface}; then
|
||||
logger -t "dockerd-init" -p notice "Deleting docker default interface from network uci config (${iface})"
|
||||
logger -t "dockerd-init" -p notice "Deleting interface '${iface}' from network config"
|
||||
uci_quiet delete network.${iface}
|
||||
uci_quiet commit network
|
||||
fi
|
||||
|
||||
# Remove interface from firewall zone
|
||||
if uci_quiet get firewall.${zone}; then
|
||||
logger -t "dockerd-init" -p notice "Deleting docker firewall zone from firewall uci config (${zone})"
|
||||
uci_quiet delete firewall.${zone}
|
||||
logger -t "dockerd-init" -p notice "Deleting network interface '${iface}' in zone '${zone}' from firewall config"
|
||||
uci_quiet del_list firewall.${zone}.network="${iface}"
|
||||
uci_quiet commit firewall
|
||||
# Remove Firewall zone if network is empty
|
||||
if ! uci_quiet get firewall.${zone}.network; then
|
||||
logger -t "dockerd-init" -p notice "Deleting firewall zone '${zone}' from firewall config"
|
||||
uci_quiet delete firewall.${zone}
|
||||
fi
|
||||
uci_quiet commit firewall
|
||||
fi
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue