From 9784310dc0bdd747cd9665026e6eafeb712db303 Mon Sep 17 00:00:00 2001 From: Pierre-Olivier Mercier Date: Sat, 19 Jan 2019 14:34:07 +0100 Subject: [PATCH] fickit: add helper script to simplify nsenter --- configs/nsenter_iptables.sh | 19 +++++++++++++++++++ configs/nsenter_mysql.sh | 3 +++ configs/nsenter_process.sh | 7 +++++++ fickit-backend.yml | 13 +++++++++++++ fickit-frontend.yml | 7 +++++++ 5 files changed, 49 insertions(+) create mode 100755 configs/nsenter_iptables.sh create mode 100755 configs/nsenter_mysql.sh create mode 100755 configs/nsenter_process.sh diff --git a/configs/nsenter_iptables.sh b/configs/nsenter_iptables.sh new file mode 100755 index 00000000..1f20fe0d --- /dev/null +++ b/configs/nsenter_iptables.sh @@ -0,0 +1,19 @@ +#!/bin/sh + +if [ -d /containers/onboot/004-admin-ip-setup ]; then + LOWER=/containers/onboot/004-admin-ip-setup +elif [ -d /containers/onboot/004-nginx-ip-setup ]; then + LOWER=/containers/onboot/004-nginx-ip-setup +else + nsenter -t 1 -a "$0" $@ + exit $? +fi + +mount -t tmpfs none $LOWER/run + +chroot $LOWER iptables $@ +EXIT=$? + +umount $LOWER/run + +exit ${EXIT} diff --git a/configs/nsenter_mysql.sh b/configs/nsenter_mysql.sh new file mode 100755 index 00000000..e387b86a --- /dev/null +++ b/configs/nsenter_mysql.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +nsenter -t $(pgrep mysql | head -1) -a mysql $@ diff --git a/configs/nsenter_process.sh b/configs/nsenter_process.sh new file mode 100755 index 00000000..8e78f753 --- /dev/null +++ b/configs/nsenter_process.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +PROC="$1" +shift + +nsenter -t $(pgrep "$PROC" | head -1) $@ +exit $? diff --git a/fickit-backend.yml b/fickit-backend.yml index 73e6ddbc..75642f0b 100644 --- a/fickit-backend.yml +++ b/fickit-backend.yml @@ -237,6 +237,9 @@ services: binds: - /etc/hosts:/etc/hosts:ro - /root/.ssh/:/root/.ssh/:ro + - /usr/bin/iptables:/usr/bin/iptables:ro + - /usr/bin/mysql:/usr/bin/mysql:ro + - /usr/bin/pnsenter:/usr/bin/pnsenter:ro - /var/lib/fic/outofsync:/var/lib/fic/outofsync - /var/lib/fic/raw_files:/mnt/fic capabilities: @@ -280,6 +283,16 @@ files: source: configs/id_ed25519 mode: "0400" + - path: usr/bin/iptables + source: configs/nsenter_iptables.sh + mode: "0755" + - path: usr/bin/mysql + source: configs/nsenter_mysql.sh + mode: "0755" + - path: usr/bin/pnsenter + source: configs/nsenter_process.sh + mode: "0755" + - path: etc/mysql/conf.d/max-conn.cnf contents: | [mysqld] diff --git a/fickit-frontend.yml b/fickit-frontend.yml index 0ddd4199..975567e7 100644 --- a/fickit-frontend.yml +++ b/fickit-frontend.yml @@ -405,6 +405,13 @@ files: source: frontend/static/robots.txt mode: "0644" + - path: usr/bin/iptables + source: configs/nsenter_iptables.sh + mode: "0755" + - path: usr/bin/pnsenter + source: configs/nsenter_process.sh + mode: "0755" + - path: etc/dhcpcd.conf contents: | allowinterfaces internet