summaryrefslogtreecommitdiff
path: root/global/overlay/etc/puppet/modules/sunet/templates/dockerhost/20unbound.erb
diff options
context:
space:
mode:
Diffstat (limited to 'global/overlay/etc/puppet/modules/sunet/templates/dockerhost/20unbound.erb')
-rwxr-xr-xglobal/overlay/etc/puppet/modules/sunet/templates/dockerhost/20unbound.erb78
1 files changed, 78 insertions, 0 deletions
diff --git a/global/overlay/etc/puppet/modules/sunet/templates/dockerhost/20unbound.erb b/global/overlay/etc/puppet/modules/sunet/templates/dockerhost/20unbound.erb
new file mode 100755
index 0000000..204e97c
--- /dev/null
+++ b/global/overlay/etc/puppet/modules/sunet/templates/dockerhost/20unbound.erb
@@ -0,0 +1,78 @@
+#!/bin/bash
+#
+# This script registers/removes docker containers IP addresses
+# from the local unbound resolver in the post-start / pre-stop actions.
+#
+# For action pre-start, it checks if there is a CID file that needs to be
+# cleaned away to not prevent the new container from starting.
+#
+
+# sunet_docker_pre-post: CID d05a0842ce1700ee3328d42ccf5c2f29cc3d71fa6dcc6a72f994f8d032453be7
+# sunet_docker_pre-post: ACTION pre-stop
+# sunet_docker_pre-post: IMAGE docker.sunet.se/eduid/eduid-mm-service
+# sunet_docker_pre-post: NAME eduid-mm-service
+#for e in "CID" "ACTION" "IMAGE" "NAME"; do
+# logger -t sunet_docker_pre-post "$e `printenv $e`"
+#done
+
+logtag="sunet_docker_pre-post[$ACTION]"
+logger -t "${logtag}" "$NAME ($IMAGE), CID: '$CID'"
+
+if [ "x$ACTION" = "xpre-start" ]; then
+ if [ -f "${CIDFILE}" ]; then
+ # Clean away the CID file in pre-start if the container is in fact not running
+ docker inspect "${CID}" 2>/dev/null || (
+ logger -t "${logtag}" "Removing left-over CID file '${CIDFILE}' (CID ${CID})";
+ rm -f "${CIDFILE}"
+ )
+ fi
+
+ # Remove any stopped container with this name to prevent the docker start script
+ # from just restarting that one (instead of starting the currently tagged image,
+ # which might be newer than the one used by the old container)
+ docker inspect "${NAME}" && docker rm "${NAME}"
+ exit 0
+fi
+
+if [ "x${CID}" = "x" ]; then
+ CID=$(docker inspect --format '{{ .Id }}' "${NAME}" 2>/dev/null)
+
+ if [ "x${CID}" = "x" ]; then
+ # sometimes containers start slow...
+ for retry in 1 2 3 4 5; do
+ sleep 1
+ logger -t "${logtag}" "Retrying CID lookup for ${NAME}"
+ CID=$(docker inspect --format '{{ .Id }}' "${NAME}" 2>/dev/null)
+ if [ "x${CID}" != "x" ]; then
+ break
+ fi
+ done
+ fi
+
+ if [ "x${CID}" = "x" ]; then
+ logger -t "${logtag}" "No CID provided or found! Aborting."
+ exit 0
+ fi
+
+ logger -t "${logtag}" "Found CID ${CID} using docker inspect on '${NAME}'"
+fi
+
+# Remove registered name.
+# XXX this does NOT handle multiple instances of the same image running on
+# a single Docker host!
+logger -t "${logtag}" "Un-registering ${NAME}.docker"
+unbound-control local_data_remove "${NAME}.docker." > /dev/null
+
+# If it is a container starting up, register it's IP address
+if [ "x$ACTION" = "xpost-start" ]; then
+ ip=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' "${CID}" 2>/dev/null)
+ if [ "x${ip}" = "x" ]; then
+ logger -t "${logtag}" "Failed to get IP from CID ${CID}. Aborting."
+ exit 0
+ fi
+ unbound-control local_data "${NAME}.docker. 60 IN A ${ip}" > /dev/null
+ # Register reverse pointer - there is no local_data_ptr command unfortunately
+ ptr=$(echo "${ip}" | awk -F . '{print $4"."$3"."$2"."$1".in-addr.arpa."}')
+ unbound-control local_data "${ptr} 60 IN PTR ${NAME}.docker."
+ logger -t "${logtag}" "Registered ${NAME}.docker at ${ip}"
+fi