setup ufw
This commit is contained in:
parent
b2c389141d
commit
4206ffb5b7
|
@ -12,7 +12,7 @@ bootstrap-app: install-bin-git
|
||||||
|
|
||||||
# target bootstrap-docker: Install and configure docker
|
# target bootstrap-docker: Install and configure docker
|
||||||
.PHONY: bootstrap-docker
|
.PHONY: bootstrap-docker
|
||||||
bootstrap-docker: install-bin-docker setup-docker-group setup-binfmt setup-nfsd setup-sysctl
|
bootstrap-docker: install-bin-docker setup-docker-group setup-binfmt setup-nfsd setup-sysctl setup-ufw
|
||||||
|
|
||||||
# target bootstrap-stack: Call bootstrap target of each stack
|
# target bootstrap-stack: Call bootstrap target of each stack
|
||||||
.PHONY: bootstrap-stack
|
.PHONY: bootstrap-stack
|
||||||
|
|
|
@ -32,7 +32,7 @@ DOCKER_COMPOSE ?= $(if $(DOCKER_RUN),docker/compose:$(COMPOSE_V
|
||||||
DOCKER_COMPOSE_DOWN_OPTIONS ?=
|
DOCKER_COMPOSE_DOWN_OPTIONS ?=
|
||||||
DOCKER_COMPOSE_RUN_OPTIONS ?= --rm
|
DOCKER_COMPOSE_RUN_OPTIONS ?= --rm
|
||||||
DOCKER_COMPOSE_UP_OPTIONS ?= -d
|
DOCKER_COMPOSE_UP_OPTIONS ?= -d
|
||||||
DOCKER_IMAGE_TAG ?= $(if $(filter $(ENV),$(ENV_DEPLOY)),$(VERSION),$(if $(DRONE_BUILD_NUMBER),$(DRONE_BUILD_NUMBER),latest))
|
DOCKER_IMAGE_TAG ?= $(if $(filter true,$(DEPLOY)),$(if $(filter $(ENV),$(ENV_DEPLOY)),$(VERSION)),$(if $(DRONE_BUILD_NUMBER),$(DRONE_BUILD_NUMBER),latest))
|
||||||
DOCKER_IMAGES ?= $(patsubst %/,%,$(patsubst docker/%,%,$(dir $(wildcard docker/*/Dockerfile))))
|
DOCKER_IMAGES ?= $(patsubst %/,%,$(patsubst docker/%,%,$(dir $(wildcard docker/*/Dockerfile))))
|
||||||
DOCKER_PLUGIN ?= rexray/s3fs:latest
|
DOCKER_PLUGIN ?= rexray/s3fs:latest
|
||||||
DOCKER_PLUGIN_ARGS ?= $(foreach var,$(DOCKER_PLUGIN_VARS),$(if $(DOCKER_PLUGIN_$(var)),$(var)='$(DOCKER_PLUGIN_$(var))'))
|
DOCKER_PLUGIN_ARGS ?= $(foreach var,$(DOCKER_PLUGIN_VARS),$(if $(DOCKER_PLUGIN_$(var)),$(var)='$(DOCKER_PLUGIN_$(var))'))
|
||||||
|
|
|
@ -5,6 +5,8 @@ SETUP_NFSD ?= false
|
||||||
SETUP_NFSD_OSX_CONFIG ?= nfs.server.bonjour=0 nfs.server.mount.regular_files=1 nfs.server.mount.require_resv_port=0 nfs.server.nfsd_threads=16 nfs.server.async=1
|
SETUP_NFSD_OSX_CONFIG ?= nfs.server.bonjour=0 nfs.server.mount.regular_files=1 nfs.server.mount.require_resv_port=0 nfs.server.nfsd_threads=16 nfs.server.async=1
|
||||||
SETUP_SYSCTL ?= false
|
SETUP_SYSCTL ?= false
|
||||||
SETUP_SYSCTL_CONFIG ?= vm.max_map_count=262144 vm.overcommit_memory=1 fs.file-max=8388608 net.core.rmem_max=2500000
|
SETUP_SYSCTL_CONFIG ?= vm.max_map_count=262144 vm.overcommit_memory=1 fs.file-max=8388608 net.core.rmem_max=2500000
|
||||||
|
SETUP_UFW ?= false
|
||||||
|
SETUP_UFW_REPOSITORY ?= https://github.com/chaifeng/ufw-docker
|
||||||
|
|
||||||
define setup-nfsd-osx
|
define setup-nfsd-osx
|
||||||
$(call INFO,setup-nfsd-osx,$(1)$(comma) $(2)$(comma) $(3))
|
$(call INFO,setup-nfsd-osx,$(1)$(comma) $(2)$(comma) $(3))
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
CMDARGS += ufw ufw-docker
|
||||||
|
|
||||||
|
ifeq ($(SETUP_UFW),true)
|
||||||
|
define ufw
|
||||||
|
$(call INFO,ufw,$(1)$(comma))
|
||||||
|
$(call app-bootstrap,ufw-docker)
|
||||||
|
$(call app-exec,,ufw $(1))
|
||||||
|
endef
|
||||||
|
define ufw-docker
|
||||||
|
$(call INFO,ufw-docker,$(1)$(comma))
|
||||||
|
$(call app-bootstrap,ufw-docker)
|
||||||
|
$(call app-exec,,ufw-docker $(1))
|
||||||
|
endef
|
||||||
|
endif
|
|
@ -1,6 +1,13 @@
|
||||||
##
|
##
|
||||||
# SETUP
|
# SETUP
|
||||||
|
|
||||||
|
# target setup-binfmt: Install binfmt abstraction layer
|
||||||
|
.PHONY: setup-binfmt
|
||||||
|
setup-binfmt:
|
||||||
|
ifeq ($(SETUP_BINFMT),true)
|
||||||
|
$(call docker-run,--install $(SETUP_BINFMT_ARCH),--privileged tonistiigi/binfmt)
|
||||||
|
endif
|
||||||
|
|
||||||
# target setup-docker-group: Call ansible to add user in docker group if needed
|
# target setup-docker-group: Call ansible to add user in docker group if needed
|
||||||
.PHONY: setup-docker-group
|
.PHONY: setup-docker-group
|
||||||
setup-docker-group:
|
setup-docker-group:
|
||||||
|
@ -30,9 +37,14 @@ ifeq ($(SETUP_SYSCTL),true)
|
||||||
$(RUN) $(SUDO) sysctl -q -w $(SETUP_SYSCTL_CONFIG)
|
$(RUN) $(SUDO) sysctl -q -w $(SETUP_SYSCTL_CONFIG)
|
||||||
endif
|
endif
|
||||||
|
|
||||||
# target setup-binfmt: Install binfmt abstraction layer
|
# target setup-ufw: Install ufw-docker
|
||||||
.PHONY: setup-binfmt
|
.PHONY: setup-ufw
|
||||||
setup-binfmt:
|
setup-ufw:
|
||||||
ifeq ($(SETUP_BINFMT),true)
|
ifeq ($(SETUP_UFW),true)
|
||||||
$(call docker-run,--install $(SETUP_BINFMT_ARCH),--privileged tonistiigi/binfmt)
|
$(call app-install,$(SETUP_UFW_REPOSITORY))
|
||||||
|
$(call app-bootstrap,$(lastword $(subst /, ,$(SETUP_UFW_REPOSITORY))))
|
||||||
|
$(call app-build)
|
||||||
|
$(eval DOCKER_RUN_OPTIONS := --rm --cap-add NET_ADMIN -v /etc/ufw:/etc/ufw --network host)
|
||||||
|
$(call app-up)
|
||||||
|
$(call ufw-docker,install)
|
||||||
endif
|
endif
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
ufw:
|
||||||
|
$(call ufw,$(ARGS))
|
||||||
|
|
||||||
|
ufw-docker:
|
||||||
|
$(call ufw-docker,$(ARGS))
|
|
@ -94,11 +94,12 @@ define app-exec
|
||||||
$(if $(filter-out $(APP_DIR),$(1)),
|
$(if $(filter-out $(APP_DIR),$(1)),
|
||||||
$(eval DOCKER_FILE := $(wildcard $(1)/docker/*/Dockerfile $(1)/*/Dockerfile $(1)/Dockerfile))
|
$(eval DOCKER_FILE := $(wildcard $(1)/docker/*/Dockerfile $(1)/*/Dockerfile $(1)/Dockerfile))
|
||||||
)
|
)
|
||||||
|
$(eval args := $(or $(2), $(ARGS)))
|
||||||
$(if $(DOCKER_FILE),
|
$(if $(DOCKER_FILE),
|
||||||
$(foreach dockerfile,$(DOCKER_FILE),
|
$(foreach dockerfile,$(DOCKER_FILE),
|
||||||
$(call app-docker,$(dockerfile))
|
$(call app-docker,$(dockerfile))
|
||||||
$(if $(shell docker ps -q -f name=$(DOCKER_NAME) 2>/dev/null),
|
$(if $(shell docker ps -q -f name=$(DOCKER_NAME) 2>/dev/null),
|
||||||
$(RUN) docker exec -it $(DOCKER_NAME) $(ARGS)
|
$(RUN) docker exec -it $(DOCKER_NAME) $(args)
|
||||||
,
|
,
|
||||||
$(call WARNING,Unable to find docker,$(DOCKER_NAME))
|
$(call WARNING,Unable to find docker,$(DOCKER_NAME))
|
||||||
)
|
)
|
||||||
|
@ -113,7 +114,7 @@ define app-install
|
||||||
$(eval url := $(or $(1), $(APP_REPOSITORY_URL)))
|
$(eval url := $(or $(1), $(APP_REPOSITORY_URL)))
|
||||||
$(eval dir := $(or $(2), $(RELATIVE)$(lastword $(subst /, ,$(url)))))
|
$(eval dir := $(or $(2), $(RELATIVE)$(lastword $(subst /, ,$(url)))))
|
||||||
$(if $(wildcard $(dir)/.git),
|
$(if $(wildcard $(dir)/.git),
|
||||||
$(call INFO,app: $(url) already installed in dir: $(dir)),
|
$(call INFO,app $(url) already installed in dir $(dir)),
|
||||||
$(RUN) git clone $(QUIET) $(url) $(dir)
|
$(RUN) git clone $(QUIET) $(url) $(dir)
|
||||||
)
|
)
|
||||||
endef
|
endef
|
||||||
|
@ -186,7 +187,11 @@ endef
|
||||||
define app-up
|
define app-up
|
||||||
$(call INFO,app-up,$(1)$(comma))
|
$(call INFO,app-up,$(1)$(comma))
|
||||||
$(eval DOCKER_RUN_OPTIONS += -d)
|
$(eval DOCKER_RUN_OPTIONS += -d)
|
||||||
|
$(if $(shell docker ps -q -f name=$(DOCKER_NAME) 2>/dev/null),
|
||||||
|
$(call INFO,docker $(DOCKER_NAME) already running)
|
||||||
|
,
|
||||||
$(call app-run,$(1))
|
$(call app-run,$(1))
|
||||||
|
)
|
||||||
endef
|
endef
|
||||||
|
|
||||||
# function app-update: Run 'cd dir 1 && git pull' or Call app-install
|
# function app-update: Run 'cd dir 1 && git pull' or Call app-install
|
||||||
|
|
Loading…
Reference in New Issue