diff options
Diffstat (limited to 'global/overlay/etc/puppet/modules/sunet/templates/dockerhost/20unbound.erb')
-rwxr-xr-x | global/overlay/etc/puppet/modules/sunet/templates/dockerhost/20unbound.erb | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/global/overlay/etc/puppet/modules/sunet/templates/dockerhost/20unbound.erb b/global/overlay/etc/puppet/modules/sunet/templates/dockerhost/20unbound.erb new file mode 100755 index 0000000..204e97c --- /dev/null +++ b/global/overlay/etc/puppet/modules/sunet/templates/dockerhost/20unbound.erb @@ -0,0 +1,78 @@ +#!/bin/bash +# +# This script registers/removes docker containers IP addresses +# from the local unbound resolver in the post-start / pre-stop actions. +# +# For action pre-start, it checks if there is a CID file that needs to be +# cleaned away to not prevent the new container from starting. +# + +# sunet_docker_pre-post: CID d05a0842ce1700ee3328d42ccf5c2f29cc3d71fa6dcc6a72f994f8d032453be7 +# sunet_docker_pre-post: ACTION pre-stop +# sunet_docker_pre-post: IMAGE docker.sunet.se/eduid/eduid-mm-service +# sunet_docker_pre-post: NAME eduid-mm-service +#for e in "CID" "ACTION" "IMAGE" "NAME"; do +# logger -t sunet_docker_pre-post "$e `printenv $e`" +#done + +logtag="sunet_docker_pre-post[$ACTION]" +logger -t "${logtag}" "$NAME ($IMAGE), CID: '$CID'" + +if [ "x$ACTION" = "xpre-start" ]; then + if [ -f "${CIDFILE}" ]; then + # Clean away the CID file in pre-start if the container is in fact not running + docker inspect "${CID}" 2>/dev/null || ( + logger -t "${logtag}" "Removing left-over CID file '${CIDFILE}' (CID ${CID})"; + rm -f "${CIDFILE}" + ) + fi + + # Remove any stopped container with this name to prevent the docker start script + # from just restarting that one (instead of starting the currently tagged image, + # which might be newer than the one used by the old container) + docker inspect "${NAME}" && docker rm "${NAME}" + exit 0 +fi + +if [ "x${CID}" = "x" ]; then + CID=$(docker inspect --format '{{ .Id }}' "${NAME}" 2>/dev/null) + + if [ "x${CID}" = "x" ]; then + # sometimes containers start slow... + for retry in 1 2 3 4 5; do + sleep 1 + logger -t "${logtag}" "Retrying CID lookup for ${NAME}" + CID=$(docker inspect --format '{{ .Id }}' "${NAME}" 2>/dev/null) + if [ "x${CID}" != "x" ]; then + break + fi + done + fi + + if [ "x${CID}" = "x" ]; then + logger -t "${logtag}" "No CID provided or found! Aborting." + exit 0 + fi + + logger -t "${logtag}" "Found CID ${CID} using docker inspect on '${NAME}'" +fi + +# Remove registered name. +# XXX this does NOT handle multiple instances of the same image running on +# a single Docker host! +logger -t "${logtag}" "Un-registering ${NAME}.docker" +unbound-control local_data_remove "${NAME}.docker." > /dev/null + +# If it is a container starting up, register it's IP address +if [ "x$ACTION" = "xpost-start" ]; then + ip=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' "${CID}" 2>/dev/null) + if [ "x${ip}" = "x" ]; then + logger -t "${logtag}" "Failed to get IP from CID ${CID}. Aborting." + exit 0 + fi + unbound-control local_data "${NAME}.docker. 60 IN A ${ip}" > /dev/null + # Register reverse pointer - there is no local_data_ptr command unfortunately + ptr=$(echo "${ip}" | awk -F . '{print $4"."$3"."$2"."$1".in-addr.arpa."}') + unbound-control local_data "${ptr} 60 IN PTR ${NAME}.docker." + logger -t "${logtag}" "Registered ${NAME}.docker at ${ip}" +fi |