From 4206ffb5b75250c261a06b7a6239a7be7bf4a7f2 Mon Sep 17 00:00:00 2001 From: Yann Autissier Date: Wed, 16 Nov 2022 16:34:30 +0000 Subject: [PATCH] setup ufw --- make/apps/common.mk | 2 +- make/apps/def.docker.mk | 2 +- make/apps/myos/def.setup.mk | 2 ++ make/apps/myos/def.ufw.mk | 14 ++++++++++++++ make/apps/myos/setup.mk | 22 +++++++++++++++++----- make/apps/myos/ufw.mk | 5 +++++ make/def.app.mk | 11 ++++++++--- 7 files changed, 48 insertions(+), 10 deletions(-) create mode 100644 make/apps/myos/def.ufw.mk create mode 100644 make/apps/myos/ufw.mk diff --git a/make/apps/common.mk b/make/apps/common.mk index b1e8289..a1bc050 100644 --- a/make/apps/common.mk +++ b/make/apps/common.mk @@ -12,7 +12,7 @@ bootstrap-app: install-bin-git # target bootstrap-docker: Install and configure docker .PHONY: bootstrap-docker -bootstrap-docker: install-bin-docker setup-docker-group setup-binfmt setup-nfsd setup-sysctl +bootstrap-docker: install-bin-docker setup-docker-group setup-binfmt setup-nfsd setup-sysctl setup-ufw # target bootstrap-stack: Call bootstrap target of each stack .PHONY: bootstrap-stack diff --git a/make/apps/def.docker.mk b/make/apps/def.docker.mk index 26bc4a5..fed62b1 100644 --- a/make/apps/def.docker.mk +++ b/make/apps/def.docker.mk @@ -32,7 +32,7 @@ DOCKER_COMPOSE ?= $(if $(DOCKER_RUN),docker/compose:$(COMPOSE_V DOCKER_COMPOSE_DOWN_OPTIONS ?= DOCKER_COMPOSE_RUN_OPTIONS ?= --rm DOCKER_COMPOSE_UP_OPTIONS ?= -d -DOCKER_IMAGE_TAG ?= $(if $(filter $(ENV),$(ENV_DEPLOY)),$(VERSION),$(if $(DRONE_BUILD_NUMBER),$(DRONE_BUILD_NUMBER),latest)) +DOCKER_IMAGE_TAG ?= $(if $(filter true,$(DEPLOY)),$(if $(filter $(ENV),$(ENV_DEPLOY)),$(VERSION)),$(if $(DRONE_BUILD_NUMBER),$(DRONE_BUILD_NUMBER),latest)) DOCKER_IMAGES ?= $(patsubst %/,%,$(patsubst docker/%,%,$(dir $(wildcard docker/*/Dockerfile)))) DOCKER_PLUGIN ?= rexray/s3fs:latest DOCKER_PLUGIN_ARGS ?= $(foreach var,$(DOCKER_PLUGIN_VARS),$(if $(DOCKER_PLUGIN_$(var)),$(var)='$(DOCKER_PLUGIN_$(var))')) diff --git a/make/apps/myos/def.setup.mk b/make/apps/myos/def.setup.mk index 81c39bc..cb4e966 100644 --- a/make/apps/myos/def.setup.mk +++ b/make/apps/myos/def.setup.mk @@ -5,6 +5,8 @@ SETUP_NFSD ?= false SETUP_NFSD_OSX_CONFIG ?= nfs.server.bonjour=0 nfs.server.mount.regular_files=1 nfs.server.mount.require_resv_port=0 nfs.server.nfsd_threads=16 nfs.server.async=1 SETUP_SYSCTL ?= false SETUP_SYSCTL_CONFIG ?= vm.max_map_count=262144 vm.overcommit_memory=1 fs.file-max=8388608 net.core.rmem_max=2500000 +SETUP_UFW ?= false +SETUP_UFW_REPOSITORY ?= https://github.com/chaifeng/ufw-docker define setup-nfsd-osx $(call INFO,setup-nfsd-osx,$(1)$(comma) $(2)$(comma) $(3)) diff --git a/make/apps/myos/def.ufw.mk b/make/apps/myos/def.ufw.mk new file mode 100644 index 0000000..731881f --- /dev/null +++ b/make/apps/myos/def.ufw.mk @@ -0,0 +1,14 @@ +CMDARGS += ufw ufw-docker + +ifeq ($(SETUP_UFW),true) +define ufw + $(call INFO,ufw,$(1)$(comma)) + $(call app-bootstrap,ufw-docker) + $(call app-exec,,ufw $(1)) +endef +define ufw-docker + $(call INFO,ufw-docker,$(1)$(comma)) + $(call app-bootstrap,ufw-docker) + $(call app-exec,,ufw-docker $(1)) +endef +endif diff --git a/make/apps/myos/setup.mk b/make/apps/myos/setup.mk index 6e51732..e041c3d 100644 --- a/make/apps/myos/setup.mk +++ b/make/apps/myos/setup.mk @@ -1,6 +1,13 @@ ## # SETUP +# target setup-binfmt: Install binfmt abstraction layer +.PHONY: setup-binfmt +setup-binfmt: +ifeq ($(SETUP_BINFMT),true) + $(call docker-run,--install $(SETUP_BINFMT_ARCH),--privileged tonistiigi/binfmt) +endif + # target setup-docker-group: Call ansible to add user in docker group if needed .PHONY: setup-docker-group setup-docker-group: @@ -30,9 +37,14 @@ ifeq ($(SETUP_SYSCTL),true) $(RUN) $(SUDO) sysctl -q -w $(SETUP_SYSCTL_CONFIG) endif -# target setup-binfmt: Install binfmt abstraction layer -.PHONY: setup-binfmt -setup-binfmt: -ifeq ($(SETUP_BINFMT),true) - $(call docker-run,--install $(SETUP_BINFMT_ARCH),--privileged tonistiigi/binfmt) +# target setup-ufw: Install ufw-docker +.PHONY: setup-ufw +setup-ufw: +ifeq ($(SETUP_UFW),true) + $(call app-install,$(SETUP_UFW_REPOSITORY)) + $(call app-bootstrap,$(lastword $(subst /, ,$(SETUP_UFW_REPOSITORY)))) + $(call app-build) + $(eval DOCKER_RUN_OPTIONS := --rm --cap-add NET_ADMIN -v /etc/ufw:/etc/ufw --network host) + $(call app-up) + $(call ufw-docker,install) endif diff --git a/make/apps/myos/ufw.mk b/make/apps/myos/ufw.mk new file mode 100644 index 0000000..22051b6 --- /dev/null +++ b/make/apps/myos/ufw.mk @@ -0,0 +1,5 @@ +ufw: + $(call ufw,$(ARGS)) + +ufw-docker: + $(call ufw-docker,$(ARGS)) diff --git a/make/def.app.mk b/make/def.app.mk index 83dbac9..d0295cf 100644 --- a/make/def.app.mk +++ b/make/def.app.mk @@ -94,11 +94,12 @@ define app-exec $(if $(filter-out $(APP_DIR),$(1)), $(eval DOCKER_FILE := $(wildcard $(1)/docker/*/Dockerfile $(1)/*/Dockerfile $(1)/Dockerfile)) ) + $(eval args := $(or $(2), $(ARGS))) $(if $(DOCKER_FILE), $(foreach dockerfile,$(DOCKER_FILE), $(call app-docker,$(dockerfile)) $(if $(shell docker ps -q -f name=$(DOCKER_NAME) 2>/dev/null), - $(RUN) docker exec -it $(DOCKER_NAME) $(ARGS) + $(RUN) docker exec -it $(DOCKER_NAME) $(args) , $(call WARNING,Unable to find docker,$(DOCKER_NAME)) ) @@ -113,7 +114,7 @@ define app-install $(eval url := $(or $(1), $(APP_REPOSITORY_URL))) $(eval dir := $(or $(2), $(RELATIVE)$(lastword $(subst /, ,$(url))))) $(if $(wildcard $(dir)/.git), - $(call INFO,app: $(url) already installed in dir: $(dir)), + $(call INFO,app $(url) already installed in dir $(dir)), $(RUN) git clone $(QUIET) $(url) $(dir) ) endef @@ -186,7 +187,11 @@ endef define app-up $(call INFO,app-up,$(1)$(comma)) $(eval DOCKER_RUN_OPTIONS += -d) - $(call app-run,$(1)) + $(if $(shell docker ps -q -f name=$(DOCKER_NAME) 2>/dev/null), + $(call INFO,docker $(DOCKER_NAME) already running) + , + $(call app-run,$(1)) + ) endef # function app-update: Run 'cd dir 1 && git pull' or Call app-install