From 0fded274ecf7af94ac3fa00d5cc22c686789ba3b Mon Sep 17 00:00:00 2001 From: Florian Eckert Date: Fri, 11 Jun 2021 11:26:20 +0200 Subject: [PATCH] dockerd: refactoring uciadd and ucidel handling This change makes the handling of adding and deleting interface, device bridge and firewall more robust. Signed-off-by: Florian Eckert --- utils/dockerd/Makefile | 2 +- utils/dockerd/files/dockerd.init | 64 +++++++++++++++++++++++++------- 2 files changed, 51 insertions(+), 15 deletions(-) diff --git a/utils/dockerd/Makefile b/utils/dockerd/Makefile index 5cec7d674..fd83df0b1 100644 --- a/utils/dockerd/Makefile +++ b/utils/dockerd/Makefile @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dockerd PKG_VERSION:=20.10.7 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_LICENSE:=Apache-2.0 PKG_LICENSE_FILES:=LICENSE diff --git a/utils/dockerd/files/dockerd.init b/utils/dockerd/files/dockerd.init index d3709f335..68a40dea9 100755 --- a/utils/dockerd/files/dockerd.init +++ b/utils/dockerd/files/dockerd.init @@ -17,6 +17,28 @@ json_add_array_string() { json_add_string "" "${1}" } +find_network_device() { + local device="${1}" + local device_section="" + + check_device() { + local cfg="${1}" + local device="${2}" + + local type name + config_get type "${cfg}" type + config_get name "${cfg}" name + + [ "${type}" = "bridge" ] && [ "${name}" = "${device}" ] \ + && device_section="${cfg}" + } + + config_load network + config_foreach check_device device "${device}" + + echo "${device_section}" +} + boot() { uciadd rc_procd start_service @@ -40,32 +62,31 @@ uciadd() { # Add network interface if ! uci_quiet get network.${iface}; then - logger -t "dockerd-init" -p notice "Adding docker default interface to network uci config (${iface})" + logger -t "dockerd-init" -p notice "Adding interface '${iface}' to network config" uci_quiet add network interface uci_quiet rename network.@interface[-1]="${iface}" - uci_quiet set network.@interface[-1].ifname="${device}" + uci_quiet set network.@interface[-1].device="${device}" uci_quiet set network.@interface[-1].proto="none" uci_quiet set network.@interface[-1].auto="0" uci_quiet commit network fi # Add docker bridge device - if ! uci_quiet get network.${device}; then - logger -t "dockerd-init" -p notice "Adding docker default bridge device to network uci config (${device})" + if [ "$(find_network_device "$device")" = "" ]; then + logger -t "dockerd-init" -p notice "Adding bridge device '${device}' to network config" uci_quiet add network device - uci_quiet rename network.@device[-1]="${device}" uci_quiet set network.@device[-1].type="bridge" uci_quiet set network.@device[-1].name="${device}" - uci_quiet add_list network.@device[-1].ifname="${device}" uci_quiet commit network + else + logger -t "dockerd-init" -p notice "Bridge device '${device}' already defined in network config" fi # Add firewall zone if ! uci_quiet get firewall.${zone}; then - logger -t "dockerd-init" -p notice "Adding docker default firewall zone to firewall uci config (${zone})" + logger -t "dockerd-init" -p notice "Adding firewall zone '${zone}' to firewall config" uci_quiet add firewall zone uci_quiet rename firewall.@zone[-1]="${zone}" - uci_quiet set firewall.@zone[-1].network="${iface}" uci_quiet set firewall.@zone[-1].input="ACCEPT" uci_quiet set firewall.@zone[-1].output="ACCEPT" uci_quiet set firewall.@zone[-1].forward="ACCEPT" @@ -73,6 +94,13 @@ uciadd() { uci_quiet commit firewall fi + # Add interface to firewall zone + if uci_quiet get firewall.${zone}; then + uci_quiet del_list firewall.${zone}.network="${iface}" + uci_quiet add_list firewall.${zone}.network="${iface}" + uci_quiet commit firewall + fi + reload_config } @@ -92,21 +120,29 @@ ucidel() { exit 0 } - if uci_quiet get network.${device}; then - logger -t "dockerd-init" -p notice "Deleting docker default bridge device from network uci config (${device})" - uci_quiet delete network.${device} + # Remove network device + if uci_quiet delete network.$(find_network_device "${device}"); then + logger -t "dockerd-init" -p notice "Deleting bridge device '${device}' from network config" uci_quiet commit network fi + # Remove network interface if uci_quiet get network.${iface}; then - logger -t "dockerd-init" -p notice "Deleting docker default interface from network uci config (${iface})" + logger -t "dockerd-init" -p notice "Deleting interface '${iface}' from network config" uci_quiet delete network.${iface} uci_quiet commit network fi + # Remove interface from firewall zone if uci_quiet get firewall.${zone}; then - logger -t "dockerd-init" -p notice "Deleting docker firewall zone from firewall uci config (${zone})" - uci_quiet delete firewall.${zone} + logger -t "dockerd-init" -p notice "Deleting network interface '${iface}' in zone '${zone}' from firewall config" + uci_quiet del_list firewall.${zone}.network="${iface}" + uci_quiet commit firewall + # Remove Firewall zone if network is empty + if ! uci_quiet get firewall.${zone}.network; then + logger -t "dockerd-init" -p notice "Deleting firewall zone '${zone}' from firewall config" + uci_quiet delete firewall.${zone} + fi uci_quiet commit firewall fi