[ACME, Watchdog, DockerAPI] Use only limited Docker API

master
andryyy 2017-10-06 13:32:49 +02:00
parent 3ae0b16845
commit ef9953898c
4 changed files with 16 additions and 12 deletions

View File

@ -10,9 +10,7 @@ mkdir -p ${ACME_BASE}/acme/private
restart_containers(){
for container in $*; do
echo "Restarting ${container}..."
curl -X POST \
--unix-socket /var/run/docker.sock \
"http/containers/${container}/restart"
curl -X POST http://dockerapi:8080/containers/${container}/restart
done
}
@ -107,7 +105,7 @@ while true; do
IFS=',' read -r -a ADDITIONAL_SAN_ARR <<< "${ADDITIONAL_SAN}"
IPV4=$(get_ipv4)
# Container ids may have changed
CONTAINERS_RESTART=($(curl --silent --unix-socket /var/run/docker.sock http/containers/json | jq -rc 'map(select(.Names[] | contains ("nginx-mailcow") or contains ("postfix-mailcow") or contains ("dovecot-mailcow"))) | .[] .Id' | tr "\n" " "))
CONTAINERS_RESTART=($(curl --silent http://dockerapi:8080/containers/json | jq -r '.[] | {name: .Config.Labels["com.docker.compose.service"], id: .Id}' | jq -rc 'select( .name | contains("nginx-mailcow") or contains("postfix-mailcow") or contains("dovecot-mailcow")) | .id' | tr "\n" " "))
while read domain; do
SQL_DOMAIN_ARR+=("${domain}")

View File

@ -41,6 +41,14 @@ class container_post(Resource):
return 'Error'
else:
return 'OK'
elif post_action == 'restart':
try:
for container in docker_client.containers.list(all=True, filters={"id": container_id}):
container.restart()
except:
return 'Error'
else:
return 'OK'
else:
return jsonify(message='Invalid action')
else:

View File

@ -65,8 +65,8 @@ get_container_ip() {
LOOP_C=1
until [[ ${CONTAINER_IP} =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]] || [[ ${LOOP_C} -gt 5 ]]; do
sleep 1
CONTAINER_ID=$(curl --silent --unix-socket /var/run/docker.sock http/containers/json?all=1 | jq -rc "map(select(.Names[] | contains (\"${1}\"))) | .[] .Id")
CONTAINER_IP=$(curl --silent --unix-socket /var/run/docker.sock http/containers/${CONTAINER_ID}/json | jq -r '.NetworkSettings.Networks[].IPAddress')
CONTAINER_ID=$(curl --silent http://dockerapi:8080/containers/json | jq -r ".[] | {name: .Config.Labels[\"com.docker.compose.service\"], id: .Id}" | jq -rc "select( .name | contains(\"${1}\")) | .id")
CONTAINER_IP=$(curl --silent http://dockerapi:8080/containers/${CONTAINER_ID}/json | jq -r '.NetworkSettings.Networks[].IPAddress')
LOOP_C=$((LOOP_C + 1))
done
[[ ${LOOP_C} -gt 5 ]] && echo 240.0.0.0 || echo ${CONTAINER_IP}
@ -366,11 +366,11 @@ while true; do
if [[ ${com_pipe_answer} =~ .+-mailcow ]]; then
kill -STOP ${BACKGROUND_TASKS[*]}
sleep 3
CONTAINER_ID=$(curl --silent --unix-socket /var/run/docker.sock http/containers/json?all=1 | jq -rc "map(select(.Names[] | contains (\"${com_pipe_answer}\"))) | .[] .Id")
CONTAINER_ID=$(curl --silent http://dockerapi:8080/containers/json | jq -r ".[] | {name: .Config.Labels[\"com.docker.compose.service\"], id: .Id}" | jq -rc "select( .name | contains(\"${com_pipe_answer}\")) | .id")
if [[ ! -z ${CONTAINER_ID} ]]; then
log_to_redis "Sending restart command to ${CONTAINER_ID}..."
echo "Sending restart command to ${CONTAINER_ID}..."
curl --silent --unix-socket /var/run/docker.sock -XPOST http/containers/${CONTAINER_ID}/restart
curl --silent -XPOST http://dockerapi:8080/containers/${CONTAINER_ID}/restart
fi
echo "Wait for restarted container to settle and continue watching..."
sleep 30s

View File

@ -250,7 +250,7 @@ services:
depends_on:
- nginx-mailcow
- mysql-mailcow
image: mailcow/acme:1.20
image: mailcow/acme:1.21
build: ./data/Dockerfiles/acme
init: true
dns:
@ -267,7 +267,6 @@ services:
- ./data/web/.well-known/acme-challenge:/var/www/acme:rw
- ./data/assets/ssl:/var/lib/acme/:rw
- ./data/assets/ssl-example:/var/lib/ssl-example/:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
restart: always
networks:
mailcow-network:
@ -296,11 +295,10 @@ services:
- /lib/modules:/lib/modules:ro
watchdog-mailcow:
image: mailcow/watchdog:1.4
image: mailcow/watchdog:1.5
build: ./data/Dockerfiles/watchdog
init: false
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- vmail-vol-1:/vmail:ro
restart: always
environment: