blob: 0374ac7dcd2a0c3baa78c4027a5ba4730b4ce1a0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
#!/bin/bash
#
# This script registers/removes docker containers IP addresses
# from the local unbound resolver in the post-start / pre-stop actions.
#
# For action pre-start, it checks if there is a CID file that needs to be
# cleaned away to not prevent the new container from starting.
#
# sunet_docker_pre-post: CID d05a0842ce1700ee3328d42ccf5c2f29cc3d71fa6dcc6a72f994f8d032453be7
# sunet_docker_pre-post: ACTION pre-stop
# sunet_docker_pre-post: IMAGE docker.sunet.se/eduid/eduid-mm-service
# sunet_docker_pre-post: NAME eduid-mm-service
#for e in "CID" "ACTION" "IMAGE" "NAME"; do
# logger -t sunet_docker_pre-post "$e `printenv $e`"
#done
logtag="sunet_docker_pre-post[$ACTION]"
logger -t "${logtag}" "$NAME ($IMAGE), CID: '$CID'"
if [ "x$ACTION" = "xpre-start" ]; then
# Work-around: if unbound is not running when a container starts, it will get
# an incorrect /etc/resolv.conf (SUNET resolvers). It will then later on be
# unable to resolv .docker hostnames.
service unbound status > /dev/null
if [ $? -ne 0 ]; then
for retry in 1 2 3 4 5 6 7 8 9 10; do
sleep 3
logger -t "${logtag}" "Waiting for service unbound"
service unbound status > /dev/null
if [ $? -eq 0 ]; then
break
fi
done
fi
service unbound status > /dev/null
if [ $? -ne 0 ]; then
logger -t "${logtag}" "Service unbound not running! Aborting."
exit 0
fi
if [ -f "${CIDFILE}" ]; then
# Clean away the CID file in pre-start if the container is in fact not running
docker inspect "${CID}" 2>/dev/null || (
logger -t "${logtag}" "Removing left-over CID file '${CIDFILE}' (CID ${CID})";
rm -f "${CIDFILE}"
)
fi
# Remove any stopped container with this name to prevent the docker start script
# from just restarting that one (instead of starting the currently tagged image,
# which might be newer than the one used by the old container)
docker inspect "${NAME}" && docker rm "${NAME}"
exit 0
fi
if [ "x${CID}" = "x" ]; then
CID=$(docker inspect --format '{{ .Id }}' "${NAME}" 2>/dev/null)
if [ "x${CID}" = "x" ]; then
# sometimes containers start slow...
for retry in 1 2 3 4 5; do
sleep 1
logger -t "${logtag}" "Retrying CID lookup for ${NAME}"
CID=$(docker inspect --format '{{ .Id }}' "${NAME}" 2>/dev/null)
if [ "x${CID}" != "x" ]; then
break
fi
done
fi
if [ "x${CID}" = "x" ]; then
logger -t "${logtag}" "No CID provided or found! Aborting."
exit 0
fi
logger -t "${logtag}" "Found CID ${CID} using docker inspect on '${NAME}'"
fi
# Remove registered name.
# XXX this does NOT handle multiple instances of the same image running on
# a single Docker host!
logger -t "${logtag}" "Un-registering ${NAME}.docker"
unbound-control local_data_remove "${NAME}.docker." > /dev/null
# If it is a container starting up, register it's IP address
if [ "x$ACTION" = "xpost-start" ]; then
ip=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' "${CID}" 2>/dev/null)
if [ "x${ip}" = "x" ]; then
logger -t "${logtag}" "Failed to get IP from CID ${CID}. Aborting."
exit 0
fi
unbound-control local_data "${NAME}.docker. 60 IN A ${ip}" > /dev/null
# Register reverse pointer - there is no local_data_ptr command unfortunately
ptr=$(echo "${ip}" | awk -F . '{print $4"."$3"."$2"."$1".in-addr.arpa."}')
unbound-control local_data "${ptr} 60 IN PTR ${NAME}.docker."
logger -t "${logtag}" "Registered ${NAME}.docker at ${ip}"
fi
|
