diff options
| author | Florian Eckert <fe@dev.tdt.de> | 2021-06-11 11:26:20 +0200 |
|---|---|---|
| committer | Florian Eckert <fe@dev.tdt.de> | 2021-06-15 08:05:22 +0200 |
| commit | 0fded274ecf7af94ac3fa00d5cc22c686789ba3b (patch) | |
| tree | 2920ecc43baa8594fb953a30985d3ccf286ac489 /utils/dockerd/files | |
| parent | ceaccc1c7a5aaca1c5fc4597bd724753b6bef358 (diff) | |
dockerd: refactoring uciadd and ucidel handling
This change makes the handling of adding and deleting interface, device
bridge and firewall more robust.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Diffstat (limited to 'utils/dockerd/files')
| -rwxr-xr-x | utils/dockerd/files/dockerd.init | 64 |
1 files changed, 50 insertions, 14 deletions
diff --git a/utils/dockerd/files/dockerd.init b/utils/dockerd/files/dockerd.init index d3709f335..68a40dea9 100755 --- a/utils/dockerd/files/dockerd.init +++ b/utils/dockerd/files/dockerd.init @@ -17,6 +17,28 @@ json_add_array_string() { json_add_string "" "${1}" } +find_network_device() { + local device="${1}" + local device_section="" + + check_device() { + local cfg="${1}" + local device="${2}" + + local type name + config_get type "${cfg}" type + config_get name "${cfg}" name + + [ "${type}" = "bridge" ] && [ "${name}" = "${device}" ] \ + && device_section="${cfg}" + } + + config_load network + config_foreach check_device device "${device}" + + echo "${device_section}" +} + boot() { uciadd rc_procd start_service @@ -40,32 +62,31 @@ uciadd() { # Add network interface if ! uci_quiet get network.${iface}; then - logger -t "dockerd-init" -p notice "Adding docker default interface to network uci config (${iface})" + logger -t "dockerd-init" -p notice "Adding interface '${iface}' to network config" uci_quiet add network interface uci_quiet rename network.@interface[-1]="${iface}" - uci_quiet set network.@interface[-1].ifname="${device}" + uci_quiet set network.@interface[-1].device="${device}" uci_quiet set network.@interface[-1].proto="none" uci_quiet set network.@interface[-1].auto="0" uci_quiet commit network fi # Add docker bridge device - if ! uci_quiet get network.${device}; then - logger -t "dockerd-init" -p notice "Adding docker default bridge device to network uci config (${device})" + if [ "$(find_network_device "$device")" = "" ]; then + logger -t "dockerd-init" -p notice "Adding bridge device '${device}' to network config" uci_quiet add network device - uci_quiet rename network.@device[-1]="${device}" uci_quiet set network.@device[-1].type="bridge" uci_quiet set network.@device[-1].name="${device}" - uci_quiet add_list network.@device[-1].ifname="${device}" uci_quiet commit network + else + logger -t "dockerd-init" -p notice "Bridge device '${device}' already defined in network config" fi # Add firewall zone if ! uci_quiet get firewall.${zone}; then - logger -t "dockerd-init" -p notice "Adding docker default firewall zone to firewall uci config (${zone})" + logger -t "dockerd-init" -p notice "Adding firewall zone '${zone}' to firewall config" uci_quiet add firewall zone uci_quiet rename firewall.@zone[-1]="${zone}" - uci_quiet set firewall.@zone[-1].network="${iface}" uci_quiet set firewall.@zone[-1].input="ACCEPT" uci_quiet set firewall.@zone[-1].output="ACCEPT" uci_quiet set firewall.@zone[-1].forward="ACCEPT" @@ -73,6 +94,13 @@ uciadd() { uci_quiet commit firewall fi + # Add interface to firewall zone + if uci_quiet get firewall.${zone}; then + uci_quiet del_list firewall.${zone}.network="${iface}" + uci_quiet add_list firewall.${zone}.network="${iface}" + uci_quiet commit firewall + fi + reload_config } @@ -92,21 +120,29 @@ ucidel() { exit 0 } - if uci_quiet get network.${device}; then - logger -t "dockerd-init" -p notice "Deleting docker default bridge device from network uci config (${device})" - uci_quiet delete network.${device} + # Remove network device + if uci_quiet delete network.$(find_network_device "${device}"); then + logger -t "dockerd-init" -p notice "Deleting bridge device '${device}' from network config" uci_quiet commit network fi + # Remove network interface if uci_quiet get network.${iface}; then - logger -t "dockerd-init" -p notice "Deleting docker default interface from network uci config (${iface})" + logger -t "dockerd-init" -p notice "Deleting interface '${iface}' from network config" uci_quiet delete network.${iface} uci_quiet commit network fi + # Remove interface from firewall zone if uci_quiet get firewall.${zone}; then - logger -t "dockerd-init" -p notice "Deleting docker firewall zone from firewall uci config (${zone})" - uci_quiet delete firewall.${zone} + logger -t "dockerd-init" -p notice "Deleting network interface '${iface}' in zone '${zone}' from firewall config" + uci_quiet del_list firewall.${zone}.network="${iface}" + uci_quiet commit firewall + # Remove Firewall zone if network is empty + if ! uci_quiet get firewall.${zone}.network; then + logger -t "dockerd-init" -p notice "Deleting firewall zone '${zone}' from firewall config" + uci_quiet delete firewall.${zone} + fi uci_quiet commit firewall fi |