paxton
/
mailcow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[ACME, Watchdog, DockerAPI] Use only limited Docker API

master
andryyy 2017-10-06 13:32:49 +02:00
parent 3ae0b16845
commit ef9953898c
4 changed files with 16 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
data/Dockerfiles/acme/docker-entrypoint.sh
View File

@ -10,9 +10,7 @@ mkdir -p ${ACME_BASE}/acme/private
restart_containers(){ restart_containers(){
for container in $*; do for container in $*; do
echo "Restarting ${container}..." echo "Restarting ${container}..."
curl -X POST \ curl -X POST http://dockerapi:8080/containers/${container}/restart
--unix-socket /var/run/docker.sock \
"http/containers/${container}/restart"
done done
} }
@ -107,7 +105,7 @@ while true; do
IFS=',' read -r -a ADDITIONAL_SAN_ARR <<< "${ADDITIONAL_SAN}" IFS=',' read -r -a ADDITIONAL_SAN_ARR <<< "${ADDITIONAL_SAN}"
IPV4=$(get_ipv4) IPV4=$(get_ipv4)
# Container ids may have changed # Container ids may have changed
CONTAINERS_RESTART=($(curl --silent --unix-socket /var/run/docker.sock http/containers/json | jq -rc 'map(select(.Names[] | contains ("nginx-mailcow") or contains ("postfix-mailcow") or contains ("dovecot-mailcow"))) | .[] .Id' | tr "\n" " ")) CONTAINERS_RESTART=($(curl --silent http://dockerapi:8080/containers/json | jq -r '.[] | {name: .Config.Labels["com.docker.compose.service"], id: .Id}' | jq -rc 'select( .name | contains("nginx-mailcow") or contains("postfix-mailcow") or contains("dovecot-mailcow")) | .id' | tr "\n" " "))
while read domain; do while read domain; do
SQL_DOMAIN_ARR+=("${domain}") SQL_DOMAIN_ARR+=("${domain}")

8
data/Dockerfiles/dockerapi/server.py
View File

@ -41,6 +41,14 @@ class container_post(Resource):
return 'Error' return 'Error'
else: else:
return 'OK' return 'OK'
elif post_action == 'restart':
try:
for container in docker_client.containers.list(all=True, filters={"id": container_id}):
container.restart()
except:
return 'Error'
else:
return 'OK'
else: else:
return jsonify(message='Invalid action') return jsonify(message='Invalid action')
else: else:

8
data/Dockerfiles/watchdog/watchdog.sh
View File

@ -65,8 +65,8 @@ get_container_ip() {
LOOP_C=1 LOOP_C=1
until [[ ${CONTAINER_IP} =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]] || [[ ${LOOP_C} -gt 5 ]]; do until [[ ${CONTAINER_IP} =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]] || [[ ${LOOP_C} -gt 5 ]]; do
sleep 1 sleep 1
CONTAINER_ID=$(curl --silent --unix-socket /var/run/docker.sock http/containers/json?all=1 | jq -rc "map(select(.Names[] | contains (\"${1}\"))) | .[] .Id") CONTAINER_ID=$(curl --silent http://dockerapi:8080/containers/json | jq -r ".[] | {name: .Config.Labels[\"com.docker.compose.service\"], id: .Id}" | jq -rc "select( .name | contains(\"${1}\")) | .id")
CONTAINER_IP=$(curl --silent --unix-socket /var/run/docker.sock http/containers/${CONTAINER_ID}/json | jq -r '.NetworkSettings.Networks[].IPAddress') CONTAINER_IP=$(curl --silent http://dockerapi:8080/containers/${CONTAINER_ID}/json | jq -r '.NetworkSettings.Networks[].IPAddress')
LOOP_C=$((LOOP_C + 1)) LOOP_C=$((LOOP_C + 1))
done done
[[ ${LOOP_C} -gt 5 ]] && echo 240.0.0.0 || echo ${CONTAINER_IP} [[ ${LOOP_C} -gt 5 ]] && echo 240.0.0.0 || echo ${CONTAINER_IP}
@ -366,11 +366,11 @@ while true; do
if [[ ${com_pipe_answer} =~ .+-mailcow ]]; then if [[ ${com_pipe_answer} =~ .+-mailcow ]]; then
kill -STOP ${BACKGROUND_TASKS[*]} kill -STOP ${BACKGROUND_TASKS[*]}
sleep 3 sleep 3
CONTAINER_ID=$(curl --silent --unix-socket /var/run/docker.sock http/containers/json?all=1 | jq -rc "map(select(.Names[] | contains (\"${com_pipe_answer}\"))) | .[] .Id") CONTAINER_ID=$(curl --silent http://dockerapi:8080/containers/json | jq -r ".[] | {name: .Config.Labels[\"com.docker.compose.service\"], id: .Id}" | jq -rc "select( .name | contains(\"${com_pipe_answer}\")) | .id")
if [[ ! -z ${CONTAINER_ID} ]]; then if [[ ! -z ${CONTAINER_ID} ]]; then
log_to_redis "Sending restart command to ${CONTAINER_ID}..." log_to_redis "Sending restart command to ${CONTAINER_ID}..."
echo "Sending restart command to ${CONTAINER_ID}..." echo "Sending restart command to ${CONTAINER_ID}..."
curl --silent --unix-socket /var/run/docker.sock -XPOST http/containers/${CONTAINER_ID}/restart curl --silent -XPOST http://dockerapi:8080/containers/${CONTAINER_ID}/restart
fi fi
echo "Wait for restarted container to settle and continue watching..." echo "Wait for restarted container to settle and continue watching..."
sleep 30s sleep 30s

6
docker-compose.yml
View File

@ -250,7 +250,7 @@ services:
depends_on: depends_on:
- nginx-mailcow - nginx-mailcow
- mysql-mailcow - mysql-mailcow
image: mailcow/acme:1.20 image: mailcow/acme:1.21
build: ./data/Dockerfiles/acme build: ./data/Dockerfiles/acme
init: true init: true
dns: dns:
@ -267,7 +267,6 @@ services:
- ./data/web/.well-known/acme-challenge:/var/www/acme:rw - ./data/web/.well-known/acme-challenge:/var/www/acme:rw
- ./data/assets/ssl:/var/lib/acme/:rw - ./data/assets/ssl:/var/lib/acme/:rw
- ./data/assets/ssl-example:/var/lib/ssl-example/:ro - ./data/assets/ssl-example:/var/lib/ssl-example/:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
restart: always restart: always
networks: networks:
mailcow-network: mailcow-network:
@ -296,11 +295,10 @@ services:
- /lib/modules:/lib/modules:ro - /lib/modules:/lib/modules:ro
watchdog-mailcow: watchdog-mailcow:
image: mailcow/watchdog:1.4 image: mailcow/watchdog:1.5
build: ./data/Dockerfiles/watchdog build: ./data/Dockerfiles/watchdog
init: false init: false
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- vmail-vol-1:/vmail:ro - vmail-vol-1:/vmail:ro
restart: always restart: always
environment: environment: