diff options
Diffstat (limited to 'applications/luci-app-dockerman/root')
5 files changed, 143 insertions, 0 deletions
diff --git a/applications/luci-app-dockerman/root/etc/config/dockerman b/applications/luci-app-dockerman/root/etc/config/dockerman new file mode 100644 index 0000000000..63e30bf24c --- /dev/null +++ b/applications/luci-app-dockerman/root/etc/config/dockerman @@ -0,0 +1,10 @@ +config section 'local' + option socket_path '/var/run/docker.sock' + option status_path '/tmp/.docker_action_status' + option debug 'false' + option debug_path '/tmp/.docker_debug' + option remote_endpoint 'false' + option daemon_ea 'true' + option daemon_data_root '/opt/docker' + option daemon_log_level 'warn' + list ac_allowed_interface 'br-lan' diff --git a/applications/luci-app-dockerman/root/etc/init.d/dockerman b/applications/luci-app-dockerman/root/etc/init.d/dockerman new file mode 100755 index 0000000000..22629c1933 --- /dev/null +++ b/applications/luci-app-dockerman/root/etc/init.d/dockerman @@ -0,0 +1,46 @@ +#!/bin/sh /etc/rc.common + +START=99 +DOCKERD_CONF="/etc/docker/daemon.json" + +config_load dockerman +config_get daemon_ea "local" daemon_ea + +init_dockerman_chain(){ + iptables -N DOCKER-MAN >/dev/null 2>&1 + iptables -F DOCKER-MAN >/dev/null 2>&1 + iptables -D DOCKER-USER -j DOCKER-MAN >/dev/null 2>&1 + iptables -I DOCKER-USER -j DOCKER-MAN >/dev/null 2>&1 +} + +add_allowed_interface(){ + iptables -A DOCKER-MAN -i $1 -o docker0 -j RETURN +} + +add_allowed_ip(){ + iptables -A DOCKER-MAN -d $1 -o docker0 -j RETURN +} + +handle_allowed_interface(){ + #config_list_foreach "local" allowed_ip add_allowed_ip + config_list_foreach "local" ac_allowed_interface add_allowed_interface + iptables -A DOCKER-MAN -m conntrack --ctstate ESTABLISHED,RELATED -o docker0 -j RETURN >/dev/null 2>&1 + iptables -A DOCKER-MAN -m conntrack --ctstate NEW,INVALID -o docker0 -j DROP >/dev/null 2>&1 + iptables -A DOCKER-MAN -j RETURN >/dev/null 2>&1 +} + +start(){ + [ ! -x "/etc/init.d/dockerd" ] && return 0 + init_dockerman_chain + if [ -n "$daemon_ea" ]; then + handle_allowed_interface + lua /usr/share/dockerman/dockerd-config.lua "$DOCKERD_CONF" && /etc/init.d/dockerd restart && sleep 5 || { + # 1 running, 0 stopped + STATE=$([ -n "$(ps |grep /usr/bin/dockerd | grep -v grep)" ] && echo 1 || echo 0) + [ "$STATE" == "0" ] && /etc/init.d/dockerd start && sleep 5 + } + lua /usr/share/dockerman/dockerd-ac.lua + else + /etc/init.d/dockerd stop + fi +} diff --git a/applications/luci-app-dockerman/root/etc/uci-defaults/luci-app-dockerman b/applications/luci-app-dockerman/root/etc/uci-defaults/luci-app-dockerman new file mode 100755 index 0000000000..eab5d73547 --- /dev/null +++ b/applications/luci-app-dockerman/root/etc/uci-defaults/luci-app-dockerman @@ -0,0 +1,15 @@ +#!/bin/sh + +uci -q batch <<-EOF >/dev/null + set uhttpd.main.script_timeout="360" + commit uhttpd + delete ucitrack.@dockerman[-1] + add ucitrack dockerman + set ucitrack.@dockerman[-1].exec='/etc/init.d/dockerman start' + commit ucitrack +EOF +[ -x "$(which dockerd)" ] && chmod +x /etc/init.d/dockerman && /etc/init.d/dockerd disable && /etc/init.d/dockerman enable >/dev/null 2>&1 +sed -i 's/self:cfgvalue(section) or {}/self:cfgvalue(section) or self.default or {}/' /usr/lib/lua/luci/view/cbi/dynlist.htm +/etc/init.d/uhttpd restart >/dev/null 2>&1 +rm -fr /tmp/luci-indexcache /tmp/luci-modulecache >/dev/null 2>&1 +exit 0
\ No newline at end of file diff --git a/applications/luci-app-dockerman/root/usr/share/dockerman/dockerd-ac.lua b/applications/luci-app-dockerman/root/usr/share/dockerman/dockerd-ac.lua new file mode 100644 index 0000000000..e8a2c0b7eb --- /dev/null +++ b/applications/luci-app-dockerman/root/usr/share/dockerman/dockerd-ac.lua @@ -0,0 +1,20 @@ +require "luci.util" +docker = require "luci.docker" +uci = (require "luci.model.uci").cursor() +dk = docker.new({socket_path = "/var/run/docker.sock"}) + +if dk:_ping().code ~= 200 then return end +containers_list = dk.containers:list({query = {all=true}}).body +allowed_container = uci:get("dockerman", "local", "ac_allowed_container") + +if not allowed_container or next(allowed_container)==nil then return end +allowed_ip = {} +for i, v in ipairs(containers_list) do + for ii, vv in ipairs(allowed_container) do + if v.Id:sub(1,12) == vv and v.NetworkSettings and v.NetworkSettings.Networks and v.NetworkSettings.Networks.bridge and v.NetworkSettings.Networks.bridge.IPAddress then + print(v.NetworkSettings.Networks.bridge.IPAddress) + luci.util.exec("iptables -I DOCKER-MAN -d "..v.NetworkSettings.Networks.bridge.IPAddress.." -o docker0 -j RETURN") + table.remove(allowed_container, ii) + end + end +end diff --git a/applications/luci-app-dockerman/root/usr/share/dockerman/dockerd-config.lua b/applications/luci-app-dockerman/root/usr/share/dockerman/dockerd-config.lua new file mode 100644 index 0000000000..179868869b --- /dev/null +++ b/applications/luci-app-dockerman/root/usr/share/dockerman/dockerd-config.lua @@ -0,0 +1,52 @@ +require "luci.util" +fs = require "nixio.fs" +uci = (require "luci.model.uci").cursor() + +raw_file_dir = arg[1] + +raw_json_str = fs.readfile(raw_file_dir) or "[]" +raw_json = luci.jsonc.parse(raw_json_str) or {} + +new_json = {} +new_json["data-root"] = uci:get("dockerman", "local", "daemon_data_root") +new_json["hosts"] = uci:get("dockerman", "local", "daemon_hosts") or {} +new_json["registry-mirrors"] = uci:get("dockerman", "local", "daemon_registry_mirrors") or {} +new_json["log-level"] = uci:get("dockerman", "local", "daemon_log_level") + +function comp(raw, new) + for k, v in pairs(new) do + if type(v) == "table" and raw[k] then + if #v == #raw[k] then + comp(raw[k], v) + else + changed = true + raw[k] = v + end + elseif raw[k] ~= v then + changed = true + raw[k] = v + end + end + for k, v in ipairs(new) do + if type(v) == "table" and raw[k] then + if #v == #raw[k] then + comp(raw[k], v) + else + changed = true + raw[k] = v + end + elseif raw[k] ~= v then + changed = true + raw[k] = v + end + end +end +comp(raw_json, new_json) +if changed then + if next(raw_json["registry-mirrors"]) == nil then raw_json["registry-mirrors"] = nil end + if next(raw_json["hosts"]) == nil then raw_json["hosts"] = nil end + fs.writefile(raw_file_dir, luci.jsonc.stringify(raw_json, true):gsub("\\", "")) + os.exit(0) +else + os.exit(1) +end |