diff --git a/autoconf/Dockerfile b/autoconf/Dockerfile new file mode 100644 index 0000000..ecb595c --- /dev/null +++ b/autoconf/Dockerfile @@ -0,0 +1,11 @@ +FROM alpine + +RUN apk add py3-pip && \ + pip3 install docker + +COPY *.py /opt/ +RUN chmod +x /opt/entrypoint.py + +VOLUME /etc/nginx + +ENTRYPOINT ["/opt/entrypoint.py"] diff --git a/autoconf/config.py b/autoconf/config.py new file mode 100644 index 0000000..70e76e1 --- /dev/null +++ b/autoconf/config.py @@ -0,0 +1,25 @@ +#!/usr/bin/python3 + +import utils +import subprocess, shutil + +def generate(vars) : + vars_defaults = vars.copy() + vars_defaults.update(os.environ) + vars_defaults.update(vars) + subprocess.run(["/opt/entrypoint/site-config.sh", vars["SERVER_NAME"]], env=vars_defaults) + utils.log("Generated config for " + vars["SERVER_NAME"]) + +def activate(vars) : + replace_in_file("/etc/nginx/nginx.conf", "}", "include /etc/nginx/" + vars["SERVER_NAME"] + "/server.conf;\n}") + subprocess.run(["/usr/sbin/nginx", "-s", "reload"]) + utils.log("Activated config for " + vars["SERVER_NAME"]) + +def deactivate(vars) : + replace_in_file("/etc/nginx/nginx.conf", "include /etc/nginx/" + vars["SERVER_NAME"] + "/server.conf;\n", "") + subprocess.run(["/usr/sbin/nginx", "-s", "reload"]) + utils.log("Deactivated config for " + vars["SERVER_NAME"]) + +def remove(vars) : + shutil.rmtree("/etc/nginx/" + vars["SERVER_NAME"]) + utils.log("Removed config for " + vars["SERVER_NAME"]) diff --git a/autoconf/entrypoint.py b/autoconf/entrypoint.py new file mode 100644 index 0000000..3b5843a --- /dev/null +++ b/autoconf/entrypoint.py @@ -0,0 +1,57 @@ +#!/usr/bin/python3 + +import utils, config +import docker, os, stat, sys + +def process(id, event, vars) : + global containers + if event == "create" : + config.generate(vars) + containers.append(id) + elif event == "start" : + config.activate(vars) + elif event == "die" : + config.deactivate(vars) + elif event == "destroy" : + config.remove(vars) + containers.remove(id) + +# Connect to the endpoint +endpoint = "/var/run/docker.sock" +if not os.path.exists(endpoint) or not stat.S_ISSOCK(os.stat(endpoint).st_mode) : + print("[!] /var/run/docker.sock not found (is it mounted ?)") + sys.exit(1) +try : + client = docker.DockerClient(base_url='unix:///var/run/docker.sock') +except Exception as e : + print("[!] Can't instantiate DockerClient : " + str(e)) + sys.exit(2) + +# Get all bunkerized-nginx instances +instances = [] +try : + instances = client.containers.list(all=True, filters={"label" : "bunkerized-nginx.AUTOCONF"}) +except docker.errors.APIError as e : + print("[!] Docker API error " + str(e)) + sys.exit(3) + +# Get all containers created before and do the config +containers = [] +try : + containers_before = client.containers.list(all=True, filters={"label" : "bunkerized-nginx.SERVER_NAME"}) +except docker.errors.APIerror as e : + print("[!] Docker API error " + str(e)) + sys.exit(4) +for container in containers_before : + if container.status in ("restarting", "running", "created", "exited") : + process(container, "create") + if container.status in ("restarting", "running") : + process(container, "start") + +# Process events received from Docker +try : + for event in client.events(decode=True) : + print(event) +except docker.errors.APIerror as e : + print("[!] Docker API error " + str(e)) + sys.exit(5) diff --git a/autoconf/utils.py b/autoconf/utils.py new file mode 100644 index 0000000..328b004 --- /dev/null +++ b/autoconf/utils.py @@ -0,0 +1,13 @@ +#!/usr/bin/python3 + +import datetime + +def log(event) : + print("[" + str(datetime.datetime.now().replace(microsecond=0)) + "] AUTOCONF - " + event, flush=True) + +def replace_in_file(file, old_str, new_str) : + with open(file) as f : + data = f.read() + data = data[::-1].replace(old_str[::-1], new_str[::-1], 1)[::-1] + with open(file, "w") as f : + f.write(data) diff --git a/entrypoint/entrypoint.sh b/entrypoint/entrypoint.sh index 76fdcad..7e92fc0 100644 --- a/entrypoint/entrypoint.sh +++ b/entrypoint/entrypoint.sh @@ -27,6 +27,23 @@ function trap_exit() { } trap "trap_exit" TERM INT +# trap SIGHUP +function trap_reload() { + echo "[*] Catched reload operation" + if [ -f /tmp/nginx.pid ] ; then + echo "[*] Reloading nginx ..." + /usr/sbin/nginx -s reload + if [ $? -eq 0 ] ; then + echo "[*] Reload succesfull" + else + echo "[!] Reload failed" + fi + else + echo "[!] Ignored reload operation because nginx is not running" + fi +} +trap "trap_reload" HUP + # do the configuration magic if needed if [ ! -f "/opt/installed" ] ; then echo "[*] Configuring bunkerized-nginx ..."