From ac50d9c37c0524386f9bfd2c1d0d097025026b35 Mon Sep 17 00:00:00 2001 From: Jose Diaz-Gonzalez Date: Mon, 31 Aug 2015 15:29:23 -0400 Subject: [PATCH] first - broken - pass at start/stop commands and working expose/expose commands note that at the moment the iptables calls complete successfully but the container isn't actually exposed. We'll probably need to use the ambassador pattern to do this properly. --- commands | 37 +++++++++-------------- functions | 89 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ install | 12 ++++++++ 3 files changed, 115 insertions(+), 23 deletions(-) diff --git a/commands b/commands index beeb65a..12f7c31 100755 --- a/commands +++ b/commands @@ -129,6 +129,18 @@ case "$1" in service_logs "$2" "$3" ;; + $PLUGIN_COMMAND_PREFIX:start) + [[ -z $2 ]] && dokku_log_fail "Please specify a name for the service" + verify_service_name "$2" + service_start "$2" + ;; + + $PLUGIN_COMMAND_PREFIX:stop) + [[ -z $2 ]] && dokku_log_fail "Please specify a name for the service" + verify_service_name "$2" + service_stop "$2" + ;; + $PLUGIN_COMMAND_PREFIX:restart) [[ -z $2 ]] && dokku_log_fail "Please specify a name for the service" verify_service_name "$2" @@ -171,34 +183,13 @@ case "$1" in $PLUGIN_COMMAND_PREFIX:expose) [[ -z $2 ]] && dokku_log_fail "Please specify a name for the service" verify_service_name "$2" - SERVICE="$2"; SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE"; PORT_FILE="$SERVICE_ROOT/PORT"; DESTINATION_FILE="$SERVICE_ROOT/IPTABLES_DESTINATION" - - [[ -f "$PORT_FILE" ]] && PORT=$(cat "$PORT_FILE") && dokku_log_fail "Service $SERVICE already exposed on port $PORT" - - ID=$(cat "$SERVICE_ROOT/ID") - IP=$(get_container_ip "$ID") - PORT=$(get_random_port) - echo "$PORT" > "$PORT_FILE" - echo "$IP:$PLUGIN_DATASTORE_PORT" > "$DESTINATION_FILE" - - iptables -t nat -A DOCKER -p tcp --dport "$PORT" -j DNAT --to-destination "$IP:$PLUGIN_DATASTORE_PORT" - dokku_log_info1 "Service $SERVICE exposed on port $PORT" + service_port_expose "$2" ;; $PLUGIN_COMMAND_PREFIX:unexpose) [[ -z $2 ]] && dokku_log_fail "Please specify a name for the service" verify_service_name "$2" - SERVICE="$2"; SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE"; PORT_FILE="$SERVICE_ROOT/PORT"; DESTINATION_FILE="$SERVICE_ROOT/IPTABLES_DESTINATION" - - [[ ! -f "$PORT_FILE" ]] && dokku_log_fail "Service not exposed" - - ID=$(cat "$SERVICE_ROOT/ID") - IP=$(get_container_ip "$ID") - PORT=$(cat "$PORT_FILE") - DESTINATION=$(cat "$DESTINATION_FILE") - - iptables -t nat -D DOCKER -p tcp --dport "$PORT" -j DNAT --to-destination "$DESTINATION" - rm -rf "$PORT_FILE" + service_port_unexpose "$2" ;; help) diff --git a/functions b/functions index abbc6d1..653a0ba 100755 --- a/functions +++ b/functions @@ -111,6 +111,95 @@ service_status() { echo "(stopped)" && return 0 } +service_port_expose() { + service_port_unpause "$1" "true" +} + +service_port_pause() { + local SERVICE="$1" + local SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE" + local PORT_FILE="$SERVICE_ROOT/PORT" + local DESTINATION_FILE="$SERVICE_ROOT/IPTABLES_DESTINATION" + local LOG_FAIL="$2" + + if [[ "$LOG_FAIL" == "true" ]]; then + [[ ! -f "$PORT_FILE" ]] && dokku_log_fail "Service not exposed" + else + [[ ! -f "$PORT_FILE" ]] && return 0 + fi + + local ID=$(cat "$SERVICE_ROOT/ID") + local IP=$(get_container_ip "$ID") + local PORT=$(cat "$PORT_FILE") + local DESTINATION=$(cat "$DESTINATION_FILE") + + sudo /sbin/iptables -t nat -D DOCKER -p tcp --dport "$PORT" -j DNAT --to-destination "$DESTINATION" +} + +service_port_unexpose() { + service_port_pause "$1" "true" + rm -rf "$PORT_FILE" +} + +service_port_unpause() { + local SERVICE="$1" + local SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE" + local PORT_FILE="$SERVICE_ROOT/PORT" + local DESTINATION_FILE="$SERVICE_ROOT/IPTABLES_DESTINATION" + local LOG_FAIL="$2" + local PORT=$(get_random_port) + local ID=$(cat "$SERVICE_ROOT/ID") + local IP=$(get_container_ip "$ID") + local DESTINATION="$IP:$PLUGIN_DATASTORE_PORT" + + if [[ "$LOG_FAIL" == "true" ]]; then + [[ -f "$PORT_FILE" ]] && PORT=$(cat "$PORT_FILE") && dokku_log_fail "Service $SERVICE already exposed on port $PORT" + else + [[ ! -f "$PORT_FILE" ]] && return 0 + PORT=$(cat "$PORT_FILE") && sudo /sbin/iptables -t nat -D DOCKER -p tcp --dport "$PORT" -j DNAT --to-destination "$DESTINATION" + fi + + echo "$PORT" > "$PORT_FILE" + echo "$DESTINATION" > "$DESTINATION_FILE" + + echo "$DESTINATION" + + sudo /sbin/iptables -t nat -A DOCKER -p tcp --dport "$PORT" -j DNAT --to-destination "$DESTINATION" + if [[ "$LOG_FAIL" == "true" ]]; then + dokku_log_info1 "Service $SERVICE exposed on port $PORT" + fi +} + +service_start() { + local SERVICE="$1" + local SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE" + + dokku_log_verbose_quiet "Starting container" + if [[ -f "$SERVICE_ROOT/ID" ]] && docker ps -aq --no-trunc | grep -q $(cat "$SERVICE_ROOT/ID"); then + ID=$(cat "$SERVICE_ROOT/ID") + docker start "$ID" > /dev/null + service_port_unpause "$SERVICE" + dokku_log_info2 "Container started" + else + dokku_log_verbose_quiet "No container exists for $SERVICE" + fi +} + +service_stop() { + local SERVICE="$1" + local SERVICE_ROOT="$PLUGIN_DATA_ROOT/$SERVICE"; + + if [[ -f "$SERVICE_ROOT/ID" ]] && docker ps -aq --no-trunc | grep -q $(cat "$SERVICE_ROOT/ID"); then + dokku_log_verbose_quiet "Stopping container" + ID=$(cat "$SERVICE_ROOT/ID") + docker stop "$ID" > /dev/null + service_port_pause "$SERVICE" + dokku_log_info2 "Container stopped" + else + dokku_log_verbose_quiet "No container exists for $SERVICE" + fi +} + service_unlink() { local APP="$2" local SERVICE="$1" diff --git a/install b/install index 91a71d1..5b52609 100755 --- a/install +++ b/install @@ -8,3 +8,15 @@ fi mkdir -p $PLUGIN_DATA_ROOT || echo "Failed to create $PLUGIN_SERVICE directory" chown dokku:dokku $PLUGIN_DATA_ROOT + +case "$DOKKU_DISTRO" in + ubuntu) + echo "%dokku ALL=(ALL) NOPASSWD:/sbin/iptables -t nat -A DOCKER -p tcp *, /sbin/iptables -t nat -D DOCKER -p tcp *" > /etc/sudoers.d/dokku-redis + ;; + + opensuse) + echo "%dokku ALL=(ALL) NOPASSWD:/sbin/iptables -t nat -A DOCKER -p tcp *, /sbin/iptables -t nat -D DOCKER -p tcp *" > /etc/sudoers.d/dokku-redis + ;; +esac + +chmod 0440 /etc/sudoers.d/dokku-redis