LILiK
/
openwrt-packages-dist

#!/bin/sh /etc/rc.common
USE_PROCD=1START=25
EXTRA_COMMANDS="uciadd ucidel"EXTRA_HELP="\	uciadd  Add default bridge configuration to network and firewall uci config	ucidel  Delete default bridge configuration from network and firewall uci config"
DOCKERD_CONF="/tmp/dockerd/daemon.json"
uci_quiet() {	uci -q ${@} >/dev/null}
json_add_array_string() {	json_add_string "" "$1"}
boot() {	uciadd	rc_procd start_service}
uciupdate() {	local net="$1"
	uci -q get network.docker >/dev/null || {		logger -t "dockerd-init" -p warn "No network uci config section for docker default bridge (docker0) found"		return	}
	[ -z "$net" ] && {		logger -t "dockerd-init" -p notice "Removing network uci config options for docker default bridge (docker0)"		uci_quiet delete network.docker.netmask		uci_quiet delete network.docker.ipaddr		uci_quiet commit network		return	}
	eval "$(ipcalc.sh "$net")"	logger -t "dockerd-init" -p notice "Updating network uci config option \"$net\" for docker default bridge (docker0)"	uci_quiet set network.docker.netmask="$NETMASK"	uci_quiet set network.docker.ipaddr="$IP"	uci_quiet commit network}
uciadd() {	/etc/init.d/dockerd running && {		echo "Please stop dockerd service first"		exit 0	}
	# Add network interface	if ! uci -q get network.docker >/dev/null; then		logger -t "dockerd-init" -p notice "Adding docker default interface to network uci config (docker)"		uci_quiet add network interface		uci_quiet rename network.@interface[-1]="docker"		uci_quiet set network.docker.ifname="docker0"		uci_quiet set network.docker.proto="static"		uci_quiet set network.docker.auto="0"		uci_quiet commit network	fi
	# Add docker bridge device	if ! uci -q get network.docker0 >/dev/null; then		logger -t "dockerd-init" -p notice "Adding docker default bridge device to network uci config (docker0)"		uci_quiet add network device		uci_quiet rename network.@device[-1]="docker0"		uci_quiet set network.docker0.type="bridge"		uci_quiet set network.docker0.name="docker0"		uci_quiet add_list network.docker0.ifname="docker0"		uci_quiet commit network	fi
	# Add firewall zone	if ! uci -q get firewall.docker >/dev/null; then		logger -t "dockerd-init" -p notice "Adding docker default firewall zone to firewall uci config (docker)"		uci_quiet add firewall zone		uci_quiet rename firewall.@zone[-1]="docker"		uci_quiet set firewall.docker.network="docker"		uci_quiet set firewall.docker.input="REJECT"		uci_quiet set firewall.docker.output="ACCEPT"		uci_quiet set firewall.docker.forward="REJECT"		uci_quiet set firewall.docker.name="docker"		uci_quiet commit firewall	fi
	reload_config}
ucidel() {	/etc/init.d/dockerd running && {		echo "Please stop dockerd service first"		exit 0	}
	logger -t "dockerd-init" -p notice "Deleting docker default bridge device from network uci config (docker0)"	uci_quiet delete network.docker0	uci_quiet commit network
	logger -t "dockerd-init" -p notice "Deleting docker default interface from network uci config (docker)"	uci_quiet delete network.docker	uci_quiet commit network
	logger -t "dockerd-init" -p notice "Deleting docker firewall zone from firewall uci config (docker)"	uci_quiet delete firewall.docker	uci_quiet commit firewall
	reload_config}
process_config() {	local alt_config_file data_root log_level bip
	rm -f "$DOCKERD_CONF"
	[ -f /etc/config/dockerd ] || {		# Use the daemon default configuration		DOCKERD_CONF=""		return 0	}
	config_load 'dockerd'
	config_get alt_config_file globals alt_config_file	[ -n "$alt_config_file" ] && [ -f "$alt_config_file" ] && {		ln -s "$alt_config_file" "$DOCKERD_CONF"		return 0	}
	config_get data_root globals data_root "/opt/docker/"	config_get log_level globals log_level "warn"	config_get bip globals bip ""
	. /usr/share/libubox/jshn.sh	json_init	json_add_string "data-root" "$data_root"	json_add_string "log-level" "$log_level"	[ -z "$bip" ] || json_add_string "bip" "$bip"	json_add_array "registry-mirrors"	config_list_foreach globals registry_mirrors json_add_array_string	json_close_array	json_add_array "hosts"	config_list_foreach globals hosts json_add_array_string	json_close_array
	mkdir -p /tmp/dockerd	json_dump > "$DOCKERD_CONF"
	uciupdate "$bip"}
start_service() {	local nofile=$(cat /proc/sys/fs/nr_open)
	process_config
	procd_open_instance	procd_set_param stderr 1	if [ -z "$DOCKERD_CONF" ]; then		procd_set_param command /usr/bin/dockerd	else		procd_set_param command /usr/bin/dockerd --config-file="$DOCKERD_CONF"	fi	procd_set_param limits nofile="${nofile} ${nofile}"	procd_close_instance}
reload_service() {	process_config	procd_send_signal dockerd}
service_triggers() {	procd_add_reload_trigger 'dockerd'}
ip4tables_remove_nat() {	iptables -t nat -D OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER	iptables -t nat -D PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
	iptables -t nat -F DOCKER	iptables -t nat -X DOCKER}
ip4tables_remove_filter() {	# Chain DOCKER-USER is only present,	# if bip option is NOT set, so >/dev/null 2>&1	iptables -t filter -D FORWARD -j DOCKER-USER >/dev/null 2>&1	iptables -t filter -D FORWARD -j DOCKER-ISOLATION-STAGE-1	iptables -t filter -D FORWARD -o docker0 -j DOCKER
	iptables -t filter -F DOCKER	iptables -t filter -F DOCKER-ISOLATION-STAGE-1	iptables -t filter -F DOCKER-ISOLATION-STAGE-2	# Chain DOCKER-USER is only present,	# if bip option is NOT set, so >/dev/null 2>&1	iptables -t filter -F DOCKER-USER >/dev/null 2>&1
	iptables -t filter -X DOCKER	iptables -t filter -X DOCKER-ISOLATION-STAGE-1	iptables -t filter -X DOCKER-ISOLATION-STAGE-2	# Chain DOCKER-USER is only present,	# if bip option is NOT set, so >/dev/null 2>&1	iptables -t filter -X DOCKER-USER >/dev/null 2>&1}
ip4tables_remove() {	ip4tables_remove_nat	ip4tables_remove_filter}
stop_service() {	if /etc/init.d/dockerd running; then		service_stop "/usr/bin/dockerd"		ip4tables_remove	fi}