USE_PROCD=1
START=25
+EXTRA_COMMANDS="uciadd ucidel"
+EXTRA_HELP="\
+ uciadd Add default bridge configuration to network and firewall uci config
+ ucidel Delete default bridge configuration from network and firewall uci config"
+
DOCKERD_CONF="/tmp/dockerd/daemon.json"
+uci_quiet() {
+ uci -q ${@} >/dev/null
+}
+
json_add_array_string() {
json_add_string "" "$1"
}
+uciupdate() {
+ local net="$1"
+
+ uci -q get network.docker >/dev/null || {
+ logger -t "dockerd-init" -p warn "No network uci config section for docker default bridge (docker0) found"
+ return
+ }
+
+ [ -z "$net" ] && {
+ logger -t "dockerd-init" -p notice "Removing network uci config options for docker default bridge (docker0)"
+ uci_quiet delete network.docker.netmask
+ uci_quiet delete network.docker.ipaddr
+ uci_quiet commit network
+ return
+ }
+
+ eval "$(ipcalc.sh "$net")"
+ logger -t "dockerd-init" -p notice "Updating network uci config option \"$net\" for docker default bridge (docker0)"
+ uci_quiet set network.docker.netmask="$NETMASK"
+ uci_quiet set network.docker.ipaddr="$IP"
+ uci_quiet commit network
+}
+
+uciadd() {
+ /etc/init.d/dockerd running && {
+ echo "Please stop dockerd service first"
+ exit 0
+ }
+
+ # Add network interface
+ if ! uci -q get network.docker >/dev/null; then
+ logger -t "dockerd-init" -p notice "Adding docker default bridge to network uci config (docker0)"
+ uci_quiet add network interface
+ uci_quiet rename network.@interface[-1]="docker"
+ uci_quiet set network.docker.ifname="docker0"
+ uci_quiet set network.docker.proto="static"
+ uci_quiet set network.docker.auto="0"
+ uci_quiet commit network
+ fi
+
+ # Add firewall zone
+ if ! uci -q get firewall.docker >/dev/null; then
+ logger -t "dockerd-init" -p notice "Adding docker default bridge firewall zone (docker0)"
+ uci_quiet add firewall zone
+ uci_quiet rename firewall.@zone[-1]="docker"
+ uci_quiet set firewall.docker.network="docker"
+ uci_quiet set firewall.docker.input="REJECT"
+ uci_quiet set firewall.docker.output="ACCEPT"
+ uci_quiet set firewall.docker.forward="REJECT"
+ uci_quiet set firewall.docker.name="docker"
+ uci_quiet commit firewall
+ fi
+
+ reload_config
+}
+
+ucidel() {
+ /etc/init.d/dockerd running && {
+ echo "Please stop dockerd service first"
+ exit 0
+ }
+
+ logger -t "dockerd-init" -p notice "Deleting docker default bridge network from network uci config (docker0)"
+ uci_quiet delete network.docker
+ uci_quiet commit network
+
+ logger -t "dockerd-init" -p notice "Deleting docker default bridge firewall zone from firewall uci config (docker0)"
+ uci_quiet delete firewall.docker
+ uci_quiet commit firewall
+
+ reload_config
+}
+
process_config() {
- local alt_config_file data_root log_level
+ local alt_config_file data_root log_level bip
rm -f "$DOCKERD_CONF"
config_get data_root globals data_root "/opt/docker/"
config_get log_level globals log_level "warn"
+ config_get bip globals bip ""
. /usr/share/libubox/jshn.sh
json_init
json_add_string "data-root" "$data_root"
json_add_string "log-level" "$log_level"
+ [ -z "$bip" ] || json_add_string "bip" "$bip"
json_add_array "registry-mirrors"
config_list_foreach globals registry_mirror json_add_array_string
json_close_array
mkdir -p /tmp/dockerd
json_dump > "$DOCKERD_CONF"
+
+ uciupdate "$bip"
}
start_service() {
}
ip4tables_remove_filter() {
- iptables -t filter -D FORWARD -j DOCKER-USER
+ # Chain DOCKER-USER is only present,
+ # if bip option is NOT set, so >/dev/null 2>&1
+ iptables -t filter -D FORWARD -j DOCKER-USER >/dev/null 2>&1
iptables -t filter -D FORWARD -j DOCKER-ISOLATION-STAGE-1
iptables -t filter -D FORWARD -o docker0 -j DOCKER
iptables -t filter -F DOCKER
iptables -t filter -F DOCKER-ISOLATION-STAGE-1
iptables -t filter -F DOCKER-ISOLATION-STAGE-2
- iptables -t filter -F DOCKER-USER
+ # Chain DOCKER-USER is only present,
+ # if bip option is NOT set, so >/dev/null 2>&1
+ iptables -t filter -F DOCKER-USER >/dev/null 2>&1
iptables -t filter -X DOCKER
iptables -t filter -X DOCKER-ISOLATION-STAGE-1
iptables -t filter -X DOCKER-ISOLATION-STAGE-2
- iptables -t filter -X DOCKER-USER
+ # Chain DOCKER-USER is only present,
+ # if bip option is NOT set, so >/dev/null 2>&1
+ iptables -t filter -X DOCKER-USER >/dev/null 2>&1
}
ip4tables_remove() {
}
stop_service() {
- ip4tables_remove
+ if /etc/init.d/dockerd running; then
+ service_stop "/usr/bin/dockerd"
+ ip4tables_remove
+ fi
}