#!/bin/bash # # This script registers/removes docker containers IP addresses # from the local unbound resolver in the post-start / pre-stop actions. # # For action pre-start, it checks if there is a CID file that needs to be # cleaned away to not prevent the new container from starting. # # sunet_docker_pre-post: CID d05a0842ce1700ee3328d42ccf5c2f29cc3d71fa6dcc6a72f994f8d032453be7 # sunet_docker_pre-post: ACTION pre-stop # sunet_docker_pre-post: IMAGE docker.sunet.se/eduid/eduid-mm-service # sunet_docker_pre-post: NAME eduid-mm-service #for e in "CID" "ACTION" "IMAGE" "NAME"; do # logger -t sunet_docker_pre-post "$e `printenv $e`" #done logtag="sunet_docker_pre-post[$ACTION]" logger -t "${logtag}" "$NAME ($IMAGE), CID: '$CID'" if [ "x$ACTION" = "xpre-start" ]; then # Work-around: if unbound is not running when a container starts, it will get # an incorrect /etc/resolv.conf (SUNET resolvers). It will then later on be # unable to resolv .docker hostnames. service unbound status > /dev/null if [ $? -ne 0 ]; then for retry in 1 2 3 4 5 6 7 8 9 10; do sleep 3 logger -t "${logtag}" "Waiting for service unbound" service unbound status > /dev/null if [ $? -eq 0 ]; then break fi done fi service unbound status > /dev/null if [ $? -ne 0 ]; then logger -t "${logtag}" "Service unbound not running! Aborting." exit 0 fi if [ -f "${CIDFILE}" ]; then # Clean away the CID file in pre-start if the container is in fact not running docker inspect "${CID}" 2>/dev/null || ( logger -t "${logtag}" "Removing left-over CID file '${CIDFILE}' (CID ${CID})"; rm -f "${CIDFILE}" ) fi # Remove any stopped container with this name to prevent the docker start script # from just restarting that one (instead of starting the currently tagged image, # which might be newer than the one used by the old container) docker inspect "${NAME}" && docker rm "${NAME}" exit 0 fi if [ "x${CID}" = "x" ]; then CID=$(docker inspect --format '{{ .Id }}' "${NAME}" 2>/dev/null) if [ "x${CID}" = "x" ]; then # sometimes containers start slow... for retry in 1 2 3 4 5; do sleep 1 logger -t "${logtag}" "Retrying CID lookup for ${NAME}" CID=$(docker inspect --format '{{ .Id }}' "${NAME}" 2>/dev/null) if [ "x${CID}" != "x" ]; then break fi done fi if [ "x${CID}" = "x" ]; then logger -t "${logtag}" "No CID provided or found! Aborting." exit 0 fi logger -t "${logtag}" "Found CID ${CID} using docker inspect on '${NAME}'" fi # Remove registered name. # XXX this does NOT handle multiple instances of the same image running on # a single Docker host! logger -t "${logtag}" "Un-registering ${NAME}.docker" unbound-control local_data_remove "${NAME}.docker." > /dev/null # If it is a container starting up, register it's IP address if [ "x$ACTION" = "xpost-start" ]; then ip=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' "${CID}" 2>/dev/null) if [ "x${ip}" = "x" ]; then logger -t "${logtag}" "Failed to get IP from CID ${CID}. Aborting." exit 0 fi unbound-control local_data "${NAME}.docker. 60 IN A ${ip}" > /dev/null # Register reverse pointer - there is no local_data_ptr command unfortunately ptr=$(echo "${ip}" | awk -F . '{print $4"."$3"."$2"."$1".in-addr.arpa."}') unbound-control local_data "${ptr} 60 IN PTR ${NAME}.docker." logger -t "${logtag}" "Registered ${NAME}.docker at ${ip}" fi