diff --git a/Dockerfile b/Dockerfile index f7b18ba..c004785 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,8 @@ RUN chmod +x /tmp/docker.sh && \ rm -f /tmp/docker.sh # Fix CVE-2021-22901, CVE-2021-22898, CVE-2021-22897, CVE-2021-33560 and CVE-2021-36159 -RUN apk add "curl>=7.77.0-r0" "libgcrypt>=1.8.8-r0" "apk-tools>=2.12.6-r0" +RUN apk add "curl>=7.77.0-r0" "libgcrypt>=1.8.8-r0" +RUN apk add "apk-tools>=2.12.6-r0" VOLUME /www /http-confs /server-confs /modsec-confs /modsec-crs-confs /cache /pre-server-confs /acme-challenge /plugins diff --git a/autoconf/entrypoint.sh b/autoconf/entrypoint.sh index f793fdd..66fe64c 100644 --- a/autoconf/entrypoint.sh +++ b/autoconf/entrypoint.sh @@ -8,10 +8,10 @@ if [ "$?" -ne 0 ] ; then exit 1 fi -if [ "$SWARM_MODE" = "yes" ] ; then - chown -R root:nginx /etc/nginx - chmod -R 770 /etc/nginx -fi +#if [ "$SWARM_MODE" = "yes" ] ; then +# chown -R root:nginx /etc/nginx +# chmod -R 770 /etc/nginx +#fi # trap SIGTERM and SIGINT function trap_exit() { diff --git a/autoconf/requirements.txt b/autoconf/requirements.txt index 6dbe34d..f0b5015 100644 --- a/autoconf/requirements.txt +++ b/autoconf/requirements.txt @@ -2,3 +2,4 @@ docker requests jinja2 kubernetes +dnspython diff --git a/autoconf/src/Config.py b/autoconf/src/Config.py index 1defdb7..bf9025b 100644 --- a/autoconf/src/Config.py +++ b/autoconf/src/Config.py @@ -1,6 +1,6 @@ #!/usr/bin/python3 -import subprocess, shutil, os, traceback, requests, time +import subprocess, shutil, os, traceback, requests, time, dns.resolver import Controller @@ -76,9 +76,9 @@ class Config : def wait(self, instances) : ret = True if self.__type == Controller.Type.DOCKER : - ret = self.__wait_docker() + ret = self.__wait_docker(instances) elif self.__type == Controller.Type.SWARM or self.__type == Controller.Type.KUBERNETES : - ret = self.__wait_api() + ret = self.__wait_api(instances) return ret def __wait_docker(self, instances) : @@ -110,7 +110,7 @@ class Config : started = True break i = i + 1 - log("config", "INFO" "waiting " + str(i) + " seconds before retrying to contact bunkerized-nginx instances") + log("config", "INFO", "waiting " + str(i) + " seconds before retrying to contact bunkerized-nginx instances") if started : log("config", "INFO", "bunkerized-nginx instances started") return True @@ -126,17 +126,19 @@ class Config : if self.__type == Controller.Type.SWARM : for instance in instances : name = instance.name - for task in instance.tasks() : - nodeID = task["NodeID"] - taskID = task["ID"] - url = "http://" + name + "." + nodeID + "." + taskID + ":8080" + self.__api_uri + path - urls.append(url) + try : + dns_result = dns.resolver.query("tasks." + name) + for ip in dns_result : + urls.append("http://" + ip.to_text() + ":8080" + self.__api_uri + path) + except : + ret = False elif self.__type == Controller.Type.KUBERNETES : log("config", "ERROR", "TODO get urls for k8s") for url in urls : + req = None try : - req = requests.post("http://" + fqdn + ":8080" + self.__api + path) + req = requests.post(url) except : pass if req and req.status_code == 200 and req.text == "ok" : diff --git a/autoconf/src/app.py b/autoconf/src/app.py index a252cca..5bf9387 100644 --- a/autoconf/src/app.py +++ b/autoconf/src/app.py @@ -40,6 +40,12 @@ if current_env != {} : else : log("autoconf", "ERROR", "error while generating initial configuration") +# Wait for instances +if controller.wait() : + log("autoconf", "INFO", "bunkerized-nginx instances started") +else : + log("autoconf", "ERROR", "bunkerized-nginx instances not started") + # Process events log("autoconf", "INFO", "waiting for events ...") controller.process_events(current_env)