setup ufw
This commit is contained in:
parent
b2c389141d
commit
4206ffb5b7
|
@ -12,7 +12,7 @@ bootstrap-app: install-bin-git
|
|||
|
||||
# target bootstrap-docker: Install and configure docker
|
||||
.PHONY: bootstrap-docker
|
||||
bootstrap-docker: install-bin-docker setup-docker-group setup-binfmt setup-nfsd setup-sysctl
|
||||
bootstrap-docker: install-bin-docker setup-docker-group setup-binfmt setup-nfsd setup-sysctl setup-ufw
|
||||
|
||||
# target bootstrap-stack: Call bootstrap target of each stack
|
||||
.PHONY: bootstrap-stack
|
||||
|
|
|
@ -32,7 +32,7 @@ DOCKER_COMPOSE ?= $(if $(DOCKER_RUN),docker/compose:$(COMPOSE_V
|
|||
DOCKER_COMPOSE_DOWN_OPTIONS ?=
|
||||
DOCKER_COMPOSE_RUN_OPTIONS ?= --rm
|
||||
DOCKER_COMPOSE_UP_OPTIONS ?= -d
|
||||
DOCKER_IMAGE_TAG ?= $(if $(filter $(ENV),$(ENV_DEPLOY)),$(VERSION),$(if $(DRONE_BUILD_NUMBER),$(DRONE_BUILD_NUMBER),latest))
|
||||
DOCKER_IMAGE_TAG ?= $(if $(filter true,$(DEPLOY)),$(if $(filter $(ENV),$(ENV_DEPLOY)),$(VERSION)),$(if $(DRONE_BUILD_NUMBER),$(DRONE_BUILD_NUMBER),latest))
|
||||
DOCKER_IMAGES ?= $(patsubst %/,%,$(patsubst docker/%,%,$(dir $(wildcard docker/*/Dockerfile))))
|
||||
DOCKER_PLUGIN ?= rexray/s3fs:latest
|
||||
DOCKER_PLUGIN_ARGS ?= $(foreach var,$(DOCKER_PLUGIN_VARS),$(if $(DOCKER_PLUGIN_$(var)),$(var)='$(DOCKER_PLUGIN_$(var))'))
|
||||
|
|
|
@ -5,6 +5,8 @@ SETUP_NFSD ?= false
|
|||
SETUP_NFSD_OSX_CONFIG ?= nfs.server.bonjour=0 nfs.server.mount.regular_files=1 nfs.server.mount.require_resv_port=0 nfs.server.nfsd_threads=16 nfs.server.async=1
|
||||
SETUP_SYSCTL ?= false
|
||||
SETUP_SYSCTL_CONFIG ?= vm.max_map_count=262144 vm.overcommit_memory=1 fs.file-max=8388608 net.core.rmem_max=2500000
|
||||
SETUP_UFW ?= false
|
||||
SETUP_UFW_REPOSITORY ?= https://github.com/chaifeng/ufw-docker
|
||||
|
||||
define setup-nfsd-osx
|
||||
$(call INFO,setup-nfsd-osx,$(1)$(comma) $(2)$(comma) $(3))
|
||||
|
|
|
@ -0,0 +1,14 @@
|
|||
CMDARGS += ufw ufw-docker
|
||||
|
||||
ifeq ($(SETUP_UFW),true)
|
||||
define ufw
|
||||
$(call INFO,ufw,$(1)$(comma))
|
||||
$(call app-bootstrap,ufw-docker)
|
||||
$(call app-exec,,ufw $(1))
|
||||
endef
|
||||
define ufw-docker
|
||||
$(call INFO,ufw-docker,$(1)$(comma))
|
||||
$(call app-bootstrap,ufw-docker)
|
||||
$(call app-exec,,ufw-docker $(1))
|
||||
endef
|
||||
endif
|
|
@ -1,6 +1,13 @@
|
|||
##
|
||||
# SETUP
|
||||
|
||||
# target setup-binfmt: Install binfmt abstraction layer
|
||||
.PHONY: setup-binfmt
|
||||
setup-binfmt:
|
||||
ifeq ($(SETUP_BINFMT),true)
|
||||
$(call docker-run,--install $(SETUP_BINFMT_ARCH),--privileged tonistiigi/binfmt)
|
||||
endif
|
||||
|
||||
# target setup-docker-group: Call ansible to add user in docker group if needed
|
||||
.PHONY: setup-docker-group
|
||||
setup-docker-group:
|
||||
|
@ -30,9 +37,14 @@ ifeq ($(SETUP_SYSCTL),true)
|
|||
$(RUN) $(SUDO) sysctl -q -w $(SETUP_SYSCTL_CONFIG)
|
||||
endif
|
||||
|
||||
# target setup-binfmt: Install binfmt abstraction layer
|
||||
.PHONY: setup-binfmt
|
||||
setup-binfmt:
|
||||
ifeq ($(SETUP_BINFMT),true)
|
||||
$(call docker-run,--install $(SETUP_BINFMT_ARCH),--privileged tonistiigi/binfmt)
|
||||
# target setup-ufw: Install ufw-docker
|
||||
.PHONY: setup-ufw
|
||||
setup-ufw:
|
||||
ifeq ($(SETUP_UFW),true)
|
||||
$(call app-install,$(SETUP_UFW_REPOSITORY))
|
||||
$(call app-bootstrap,$(lastword $(subst /, ,$(SETUP_UFW_REPOSITORY))))
|
||||
$(call app-build)
|
||||
$(eval DOCKER_RUN_OPTIONS := --rm --cap-add NET_ADMIN -v /etc/ufw:/etc/ufw --network host)
|
||||
$(call app-up)
|
||||
$(call ufw-docker,install)
|
||||
endif
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
ufw:
|
||||
$(call ufw,$(ARGS))
|
||||
|
||||
ufw-docker:
|
||||
$(call ufw-docker,$(ARGS))
|
|
@ -94,11 +94,12 @@ define app-exec
|
|||
$(if $(filter-out $(APP_DIR),$(1)),
|
||||
$(eval DOCKER_FILE := $(wildcard $(1)/docker/*/Dockerfile $(1)/*/Dockerfile $(1)/Dockerfile))
|
||||
)
|
||||
$(eval args := $(or $(2), $(ARGS)))
|
||||
$(if $(DOCKER_FILE),
|
||||
$(foreach dockerfile,$(DOCKER_FILE),
|
||||
$(call app-docker,$(dockerfile))
|
||||
$(if $(shell docker ps -q -f name=$(DOCKER_NAME) 2>/dev/null),
|
||||
$(RUN) docker exec -it $(DOCKER_NAME) $(ARGS)
|
||||
$(RUN) docker exec -it $(DOCKER_NAME) $(args)
|
||||
,
|
||||
$(call WARNING,Unable to find docker,$(DOCKER_NAME))
|
||||
)
|
||||
|
@ -113,7 +114,7 @@ define app-install
|
|||
$(eval url := $(or $(1), $(APP_REPOSITORY_URL)))
|
||||
$(eval dir := $(or $(2), $(RELATIVE)$(lastword $(subst /, ,$(url)))))
|
||||
$(if $(wildcard $(dir)/.git),
|
||||
$(call INFO,app: $(url) already installed in dir: $(dir)),
|
||||
$(call INFO,app $(url) already installed in dir $(dir)),
|
||||
$(RUN) git clone $(QUIET) $(url) $(dir)
|
||||
)
|
||||
endef
|
||||
|
@ -186,7 +187,11 @@ endef
|
|||
define app-up
|
||||
$(call INFO,app-up,$(1)$(comma))
|
||||
$(eval DOCKER_RUN_OPTIONS += -d)
|
||||
$(call app-run,$(1))
|
||||
$(if $(shell docker ps -q -f name=$(DOCKER_NAME) 2>/dev/null),
|
||||
$(call INFO,docker $(DOCKER_NAME) already running)
|
||||
,
|
||||
$(call app-run,$(1))
|
||||
)
|
||||
endef
|
||||
|
||||
# function app-update: Run 'cd dir 1 && git pull' or Call app-install
|
||||
|
|
Loading…
Reference in New Issue