summaryrefslogtreecommitdiffhomepage
path: root/applications/luci-app-dockerman/root
diff options
context:
space:
mode:
Diffstat (limited to 'applications/luci-app-dockerman/root')
-rw-r--r--applications/luci-app-dockerman/root/etc/config/dockerman10
-rwxr-xr-xapplications/luci-app-dockerman/root/etc/init.d/dockerman46
-rwxr-xr-xapplications/luci-app-dockerman/root/etc/uci-defaults/luci-app-dockerman15
-rw-r--r--applications/luci-app-dockerman/root/usr/share/dockerman/dockerd-ac.lua20
-rw-r--r--applications/luci-app-dockerman/root/usr/share/dockerman/dockerd-config.lua52
5 files changed, 143 insertions, 0 deletions
diff --git a/applications/luci-app-dockerman/root/etc/config/dockerman b/applications/luci-app-dockerman/root/etc/config/dockerman
new file mode 100644
index 0000000000..63e30bf24c
--- /dev/null
+++ b/applications/luci-app-dockerman/root/etc/config/dockerman
@@ -0,0 +1,10 @@
+config section 'local'
+ option socket_path '/var/run/docker.sock'
+ option status_path '/tmp/.docker_action_status'
+ option debug 'false'
+ option debug_path '/tmp/.docker_debug'
+ option remote_endpoint 'false'
+ option daemon_ea 'true'
+ option daemon_data_root '/opt/docker'
+ option daemon_log_level 'warn'
+ list ac_allowed_interface 'br-lan'
diff --git a/applications/luci-app-dockerman/root/etc/init.d/dockerman b/applications/luci-app-dockerman/root/etc/init.d/dockerman
new file mode 100755
index 0000000000..22629c1933
--- /dev/null
+++ b/applications/luci-app-dockerman/root/etc/init.d/dockerman
@@ -0,0 +1,46 @@
+#!/bin/sh /etc/rc.common
+
+START=99
+DOCKERD_CONF="/etc/docker/daemon.json"
+
+config_load dockerman
+config_get daemon_ea "local" daemon_ea
+
+init_dockerman_chain(){
+ iptables -N DOCKER-MAN >/dev/null 2>&1
+ iptables -F DOCKER-MAN >/dev/null 2>&1
+ iptables -D DOCKER-USER -j DOCKER-MAN >/dev/null 2>&1
+ iptables -I DOCKER-USER -j DOCKER-MAN >/dev/null 2>&1
+}
+
+add_allowed_interface(){
+ iptables -A DOCKER-MAN -i $1 -o docker0 -j RETURN
+}
+
+add_allowed_ip(){
+ iptables -A DOCKER-MAN -d $1 -o docker0 -j RETURN
+}
+
+handle_allowed_interface(){
+ #config_list_foreach "local" allowed_ip add_allowed_ip
+ config_list_foreach "local" ac_allowed_interface add_allowed_interface
+ iptables -A DOCKER-MAN -m conntrack --ctstate ESTABLISHED,RELATED -o docker0 -j RETURN >/dev/null 2>&1
+ iptables -A DOCKER-MAN -m conntrack --ctstate NEW,INVALID -o docker0 -j DROP >/dev/null 2>&1
+ iptables -A DOCKER-MAN -j RETURN >/dev/null 2>&1
+}
+
+start(){
+ [ ! -x "/etc/init.d/dockerd" ] && return 0
+ init_dockerman_chain
+ if [ -n "$daemon_ea" ]; then
+ handle_allowed_interface
+ lua /usr/share/dockerman/dockerd-config.lua "$DOCKERD_CONF" && /etc/init.d/dockerd restart && sleep 5 || {
+ # 1 running, 0 stopped
+ STATE=$([ -n "$(ps |grep /usr/bin/dockerd | grep -v grep)" ] && echo 1 || echo 0)
+ [ "$STATE" == "0" ] && /etc/init.d/dockerd start && sleep 5
+ }
+ lua /usr/share/dockerman/dockerd-ac.lua
+ else
+ /etc/init.d/dockerd stop
+ fi
+}
diff --git a/applications/luci-app-dockerman/root/etc/uci-defaults/luci-app-dockerman b/applications/luci-app-dockerman/root/etc/uci-defaults/luci-app-dockerman
new file mode 100755
index 0000000000..eab5d73547
--- /dev/null
+++ b/applications/luci-app-dockerman/root/etc/uci-defaults/luci-app-dockerman
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+uci -q batch <<-EOF >/dev/null
+ set uhttpd.main.script_timeout="360"
+ commit uhttpd
+ delete ucitrack.@dockerman[-1]
+ add ucitrack dockerman
+ set ucitrack.@dockerman[-1].exec='/etc/init.d/dockerman start'
+ commit ucitrack
+EOF
+[ -x "$(which dockerd)" ] && chmod +x /etc/init.d/dockerman && /etc/init.d/dockerd disable && /etc/init.d/dockerman enable >/dev/null 2>&1
+sed -i 's/self:cfgvalue(section) or {}/self:cfgvalue(section) or self.default or {}/' /usr/lib/lua/luci/view/cbi/dynlist.htm
+/etc/init.d/uhttpd restart >/dev/null 2>&1
+rm -fr /tmp/luci-indexcache /tmp/luci-modulecache >/dev/null 2>&1
+exit 0 \ No newline at end of file
diff --git a/applications/luci-app-dockerman/root/usr/share/dockerman/dockerd-ac.lua b/applications/luci-app-dockerman/root/usr/share/dockerman/dockerd-ac.lua
new file mode 100644
index 0000000000..e8a2c0b7eb
--- /dev/null
+++ b/applications/luci-app-dockerman/root/usr/share/dockerman/dockerd-ac.lua
@@ -0,0 +1,20 @@
+require "luci.util"
+docker = require "luci.docker"
+uci = (require "luci.model.uci").cursor()
+dk = docker.new({socket_path = "/var/run/docker.sock"})
+
+if dk:_ping().code ~= 200 then return end
+containers_list = dk.containers:list({query = {all=true}}).body
+allowed_container = uci:get("dockerman", "local", "ac_allowed_container")
+
+if not allowed_container or next(allowed_container)==nil then return end
+allowed_ip = {}
+for i, v in ipairs(containers_list) do
+ for ii, vv in ipairs(allowed_container) do
+ if v.Id:sub(1,12) == vv and v.NetworkSettings and v.NetworkSettings.Networks and v.NetworkSettings.Networks.bridge and v.NetworkSettings.Networks.bridge.IPAddress then
+ print(v.NetworkSettings.Networks.bridge.IPAddress)
+ luci.util.exec("iptables -I DOCKER-MAN -d "..v.NetworkSettings.Networks.bridge.IPAddress.." -o docker0 -j RETURN")
+ table.remove(allowed_container, ii)
+ end
+ end
+end
diff --git a/applications/luci-app-dockerman/root/usr/share/dockerman/dockerd-config.lua b/applications/luci-app-dockerman/root/usr/share/dockerman/dockerd-config.lua
new file mode 100644
index 0000000000..179868869b
--- /dev/null
+++ b/applications/luci-app-dockerman/root/usr/share/dockerman/dockerd-config.lua
@@ -0,0 +1,52 @@
+require "luci.util"
+fs = require "nixio.fs"
+uci = (require "luci.model.uci").cursor()
+
+raw_file_dir = arg[1]
+
+raw_json_str = fs.readfile(raw_file_dir) or "[]"
+raw_json = luci.jsonc.parse(raw_json_str) or {}
+
+new_json = {}
+new_json["data-root"] = uci:get("dockerman", "local", "daemon_data_root")
+new_json["hosts"] = uci:get("dockerman", "local", "daemon_hosts") or {}
+new_json["registry-mirrors"] = uci:get("dockerman", "local", "daemon_registry_mirrors") or {}
+new_json["log-level"] = uci:get("dockerman", "local", "daemon_log_level")
+
+function comp(raw, new)
+ for k, v in pairs(new) do
+ if type(v) == "table" and raw[k] then
+ if #v == #raw[k] then
+ comp(raw[k], v)
+ else
+ changed = true
+ raw[k] = v
+ end
+ elseif raw[k] ~= v then
+ changed = true
+ raw[k] = v
+ end
+ end
+ for k, v in ipairs(new) do
+ if type(v) == "table" and raw[k] then
+ if #v == #raw[k] then
+ comp(raw[k], v)
+ else
+ changed = true
+ raw[k] = v
+ end
+ elseif raw[k] ~= v then
+ changed = true
+ raw[k] = v
+ end
+ end
+end
+comp(raw_json, new_json)
+if changed then
+ if next(raw_json["registry-mirrors"]) == nil then raw_json["registry-mirrors"] = nil end
+ if next(raw_json["hosts"]) == nil then raw_json["hosts"] = nil end
+ fs.writefile(raw_file_dir, luci.jsonc.stringify(raw_json, true):gsub("\\", ""))
+ os.exit(0)
+else
+ os.exit(1)
+end