#!/bin/bash # IBM(c) 2014 EPL license http://www.eclipse.org/legal/epl-v10.html #------------------------------------------------------------------------------- #=head1 setupdockerhost #=head2 Used on Linux only. Configure SSL connection and docker network object on docker host # # You can run the following commands on MN: # updatenode noderange -P "setupdockerhost netname=net/mask@gateway:nicname" # #=cut #------------------------------------------------------------------------------- set -x if [ "$(uname -s|tr 'A-Z' 'a-z')" = "linux" ];then str_dir_name=`dirname $0` . $str_dir_name/xcatlib.sh fi if [[ "$OSVER" != ubuntu* ]]; then echo "OS = $OSVER: Setup of Docker host is currently supported only on Ubuntu." exit 1 fi if [[ "$ARCH" == "x86_64" ]]; then # Check if docker-engine is installed dpkg -l docker-engine if [ $? -ne 0 ]; then echo "Error: can not detect docker-engine installation." exit 1 fi fi if [[ "$ARCH" == "ppc64el" ]]; then # Check if docker.io is installed dpkg -l docker.io if [ $? -ne 0 ]; then echo "Error: can not detect docker.io installation." exit 1 fi fi # Docker is installed, check that it is running docker info if [ $? -ne 0 ]; then echo "Docker is not running, Trying to restart." service docker start fi DOCKER_VERSION=`docker info 2>/dev/null | grep "Server Version:" | awk -F: '{print $2}'` if [ -z "$DOCKER_VERSION" ];then echo "Error: failed to get docker server version" exit 1 fi MAJOR_VERSION=`echo $DOCKER_VERSION | awk -F. '{print $1}'` MINOR_VERSION=`echo $DOCKER_VERSION | awk -F. '{print $2}'` if [ -z "$MAJOR_VERSION" -o -z "$MINOR_VERSION" ]; then echo "The docker version $DOCKER_VERSION can not be recorgnized" exit 1 elif [ $MAJOR_VERSION -le 1 -a $MINOR_VERSION -lt 10 ]; then echo "Only docker version 1.10.x and above is supported" exit 1 fi netname="" net="" mask="" gateway="" nicname="" if [ $# -ne 1 ]; then echo "Error: must be in format '$0 netname=net/mask@gateway[:nicname]'" exit 1 else NETINFO="$1" netname=`echo $NETINFO | awk -F= '{print $1}'` netinfo=`echo $NETINFO | awk -F= '{print $2}'` net=${netinfo%%/*} mask=`echo $netinfo | awk -F'@' '{print $1}' | awk -F/ '{print $2}'` gateway=`echo $netinfo | awk -F'@' '{print $2}' | awk -F: '{print $1}'` nicname=`echo $netinfo | awk -F: '{print $2}'` if [ ! -z "$nicname" ]; then if [ ! -x /sbin/brctl ]; then echo "Error: /sbin/brctl command not found. Not able to configure $nicname" exit 1; fi fi if [ -z "$netname" -o -z "$net" -o -z "$mask" -o -z "$gateway" ]; then echo "Error: must be in format '$0 netname=net/mask@gateway[:nicname]'" exit 1 fi fi #Setup TLS master=$MASTER if ! ping $master -c 1 > /dev/null 2>&1 ; then echo "Error: Host $master is not reachable" exit 1 fi if [ ! -d /root/.docker ]; then mkdir -p /root/.docker fi HOST_CA_PEM="/root/.docker/ca-cert.pem" HOST_CERT_PEM="/root/.docker/dockerhost-cert.pem" allowcred.awk & CREDPID=$! sleep 1 getcredentials.awk xcat_dockerhost_cert | grep -E -v '|' | sed -e 's/<//' -e 's/&/&/' -e 's/"/"/' -e "s/'/'/" > /tmp/xcat_dockerhost_cert kill -9 $CREDPID grep -E '' /tmp/xcat_dockerhost_cert if [ $? -ne 0 ]; then cat /tmp/xcat_dockerhost_cert | cat /tmp/xcat_dockerhost_cert | grep -E -v '|/{0,1}data>||' >$HOST_CERT_PEM else echo "Error: can not get dockerhost certificate files" exit 1 fi cp /xcatpost/ca/ca-cert.pem $HOST_CA_PEM if [ ! -e $HOST_CA_PEM -o ! -e $HOST_CERT_PEM ];then echo "Error: can not get dockerhost certificate files" exit 1 fi docker_conf_file="/etc/default/docker" if [ ! -f "$docker_conf_file" ]; then echo "Error: file $docker_conf_file does not exist" exit 1 fi if ! grep "^DOCKER_OPTS" $docker_conf_file > /dev/null 2>&1 ; then echo "DOCKER_OPTS=\"-H unix:///var/run/docker.sock -H tcp://`hostname`:2375 --tls --tlscacert=$HOST_CA_PEM --tlscert=$HOST_CERT_PEM --tlskey=$HOST_CERT_PEM --tlsverify=true\"" >> $docker_conf_file else if grep "^DOCKER_OPTS.*tlsverify" $docker_conf_file > /dev/null 2>&1; then sed -i "s@-H [^ |^\"]*@@g" $docker_conf_file sed -i "s@--tlscacert=[^ |^\"]*@@g" $docker_conf_file sed -i "s@--tlscert=[^ |^\"]*@@g" $docker_conf_file sed -i "s@--tlskey=[^ |^\"]*@@g" $docker_conf_file sed -i "s@--tlsverify=[^ |^\"]*@@g" $docker_conf_file sed -i "s@--tls@@g" $docker_conf_file sed -i "s@\ \{2,\}@@g" $docker_conf_file fi sed -i "s@^\(DOCKER_OPTS\=\"[^\"]*\)@\1 -H unix:///var/run/docker.sock -H tcp://`hostname`:2375 --tls --tlscacert=$HOST_CA_PEM --tlscert=$HOST_CERT_PEM --tlskey=$HOST_CERT_PEM --tlsverify=true\"@" $docker_conf_file sed -i 's/\"\{2,\}/\"/' $docker_conf_file fi #Restart docker service service docker stop sleep 2 systemctl daemon-reload service docker start # It is found that sometimes the docker ps will failed if run immediately after restart docker daemon sleep 2 docker ps if [ $? -ne 0 ]; then echo "Error: Failed to start Docker service" exit 1 fi echo "Will create network based on: $net/$mask@$gateway===$nicname:$netname=====" ret=`docker network create --gateway=$gateway --subnet=$net/$mask -o "com.docker.network.bridge.host_binding_ipv4"="$gateway" -o "com.docker.network.bridge.name"="$netname" $netname 2>&1` if [ $? -ne 0 ]; then echo "Error: Creation of network object \"$netname\" failed: $ret" exit 1 fi if [ ! -z "$nicname" ]; then brctl addif $netname $nicname default_info=`ip route | grep default | grep "dev $nicname" | grep via` if [ ! -z "$default_info" ]; then default_gw=`echo $default_info | awk '{print $3}'` ip route replace default dev $netname via $default_gw fi nic_ip_info=`ip addr show dev $nicname scope global | grep inet | sed -e 's/inet.//'|awk '{print $1}'` if [ ! -z "$nic_ip_info" ]; then ip addr del $nic_ip_info dev $nicname fi bridge_ip_info=`ip addr show dev $netname scope global | grep inet | sed -e 's/inet.//'|awk '{print $1}'` if [ -z "$bridge_ip_info" ]; then ip addr add $gateway/$mask dev $netname fi fi exit 0