def create_dservice(self):
""" Copies /usr/lib/systemd/system/docker.service
and modifies for new dockerd """
# Copy docker service file to new docker service file
docker_service = '/usr/lib/systemd/system/docker.service'
new_docker_service = '/usr/lib/systemd/system/docker%s.service' % self.rand_int
cmdlist = ['cp', docker_service, new_docker_service]
utils.simple_popen(cmdlist)
# Modify new docker service file
dockerd_cmd = 'ExecStart=%s '\
'-D --bridge=%s '\
'--exec-root=%s '\
'-g %s '\
'-H unix://%s/docker.sock '\
'-p %s/docker.pid '\
'--storage-driver=devicemapper '\
'--iptables=false --ip-masq=false' % (self.dockerd, self.bridge,
self.docker_run, self.docker_lib,
self.docker_lib, self.docker_run)
old = 'ExecStart=/usr/bin/dockerd'
new = dockerd_cmd
utils.change_file(new_docker_service, old, new)
text = 'Created docker service file: %s' % new_docker_service
logging.info(text)
return new_docker_service
def create_dockerd(self):
""" Creates a copy of the dockerd binary """
dockerd = '/usr/bin/dockerd-%s' % self.rand_int
cmdlist = ['cp', '/usr/bin/dockerd', dockerd]
utils.simple_popen(cmdlist)
text = 'Created binary: %s' % dockerd
logging.info(text)
return dockerd
def create_mount(self):
""" Creates the mount point for navencrypt prepare """
mount_point = '/docker-%s-mount' % self.rand_int
cmdlist = ['mkdir', '-p', mount_point]
utils.simple_popen(cmdlist)
text = 'Created directory: %s' % mount_point
logging.info(text)
return mount_point
def create_run(self):
""" Creates the docker run directory """
run = '/dmcrypt/run/docker-%s' % self.rand_int
cmdlist = ['mkdir', '-p', run]
utils.simple_popen(cmdlist)
text = 'Created directory: %s' % run
logging.info(text)
return run
def create_lib(self):
""" Creates the docker lib directory """
lib = '/dmcrypt/lib/docker-%s' % self.rand_int
cmdlist = ['mkdir', '-p', lib]
utils.simple_popen(cmdlist)
text = 'Created directory: %s' % lib
logging.info(text)
return lib
def create_loop(self):
""" Creates the 2G loop file for navencrypt prepare """
loop_file = '/dmcrypt/docker-%s-loop' % self.rand_int
cmdlist = [
'dd', 'if=/dev/zero',
'of=%s' % loop_file, 'bs=1M', 'count=2048'
]
utils.simple_popen(cmdlist)
text = 'Created loop file: %s' % loop_file
logging.info(text)
return loop_file
def run(self):
""" Starts the container, returns the port it started on """
# Start the container
docker_cmd = '%s run -d -p 5222 --name docker-jabber -e JHOST=%s -e USER1=%s '\
'-e PASS1=%s -e USER2=%s -e PASS2=%s '\
'wallace123/docker-jabber' % (self.docker, self.jabber_ip,
self.user1, self.pass1,
self.user2, self.pass2)
cmdlist = docker_cmd.split()
utils.simple_popen(cmdlist)
# Get the port
docker_cmd = '%s port docker-jabber' % self.docker
cmdlist = docker_cmd.split()
# pylint: disable=W0612
output, errors = utils.simple_popen(cmdlist)
port_output = output.split(':')
port = port_output[1].rstrip()
return port
def run(self):
""" Starts the container, returns the port it started on """
# Start the container
docker_cmd = '%s run -d -p 5900 --name docker-vnc '\
'-e VNCPASS=%s '\
'-v /etc/hosts:/etc/hosts:ro '\
'-v /etc/resolv.conf:/etc/resolv.conf:ro '\
'wallace123/docker-vnc' % (self.docker, self.vncpass)
cmdlist = docker_cmd.split()
utils.simple_popen(cmdlist)
# Get the port
docker_cmd = '%s port docker-vnc' % self.docker
cmdlist = docker_cmd.split()
# pylint: disable=W0612
output, errors = utils.simple_popen(cmdlist)
port_output = output.split(':')
port = port_output[1].rstrip()
return port
def run_nav(self):
""" Sets up navencrypt items """
device = utils.simple_popen(['losetup', '-f'])[0].rstrip()
if navlib.nav_prepare_loop(self.navpass, self.loop_file, device,
self.mount, self.navlogfile):
logging.info('Nav prepare completed')
else:
logging.error('Something went wrong on nav prepare command')
sys.exit(1)
category = '@%s' % self.mount.split('/')[1]
if navlib.nav_encrypt(self.navpass, category, self.docker_lib,
self.mount, self.navlogfile):
text = 'Nav encrypt of %s complete' % self.docker_lib
logging.info(text)
else:
logging.error('Something went wrong with the nav move command')
sys.exit(1)
if navlib.nav_encrypt(self.navpass, category, self.docker_run,
self.mount, self.navlogfile):
text = 'Nav encrypt of %s complete' % self.docker_run
logging.info(text)
else:
logging.error('Something went wrong with the nav move command')
sys.exit(1)
acl_rule = 'ALLOW %s * %s' % (category, self.dockerd)
if navlib.nav_acl_add(self.navpass, acl_rule, self.navlogfile):
text = 'Nav acl rule added %s' % acl_rule
logging.info(text)
else:
logging.error('Something went wrong with adding the acl rule')
sys.exit(1)
return device, category
def create_bridge(self):
""" Creates a bridge for the docker daemon """
# First get an available IP
cmdlist = ['cat', '/proc/net/dev']
# pylint: disable=W0612
output, errors = utils.simple_popen(cmdlist)
tmp = output.split()
docker_dev = []
for item in tmp:
if 'docker' in item:
docker_dev.append(item.rstrip(':'))
used_ips = []
for dev in docker_dev:
used_ips.append(netifaces.ifaddresses(dev)[2][0]['addr'])
for avail_ip in BRIDGE_IPS:
if avail_ip not in used_ips:
bridge_ip = avail_ip
break
# Create the bridge with the available IP
docker_bridge = 'docker%d' % self.rand_int
cmdlist = ['brctl', 'addbr', docker_bridge]
utils.simple_popen(cmdlist)
cmdlist = [
'ip', 'addr', 'add',
'%s/24' % bridge_ip, 'dev', docker_bridge
]
utils.simple_popen(cmdlist)
cmdlist = ['ip', 'link', 'set', 'dev', docker_bridge, 'up']
utils.simple_popen(cmdlist)
text = 'Created bridge %s with ip %s' % (docker_bridge, bridge_ip)
logging.info(text)
return docker_bridge
json_list = []
for fil in files:
if '.json' in fil:
json_list.append(fil)
for jsn in json_list:
json_file = open(os.path.join('./json', jsn), 'r')
data = json.load(json_file)
# Stop the container
docker_cmd = data['docker'].split()
cmdlist = [
docker_cmd[0], docker_cmd[1], docker_cmd[2], 'stop', data['container']
]
utils.simple_popen(cmdlist)
logging.info('container stopped')
# Stop and disable the service
utils.stop_disable_service(data['dservice'].split('.')[0])
logging.info('service disabled')
# Remove service
cmdlist = ['rm', '-rf', data['dservice_path']]
utils.simple_popen(cmdlist)
logging.info('service removed')
# Remove navencrypt items
if navlib.nav_prepare_loop_del(passwd, data['device'], logfile=navlog):
logging.info('navencrypt prepare -f succeeded')
else:
def cleanup(passwd, navlog, data_dict):
""" Receives a json dictionary and cleans up items """
docker_cmd = data_dict['docker'].split()
cmdlist = [
docker_cmd[0], docker_cmd[1], docker_cmd[2], 'stop',
data_dict['container']
]
utils.simple_popen(cmdlist)
logging.info('container stopped')
# Stop and disable the service
utils.stop_disable_service(data_dict['dservice'].split('.')[0])
logging.info('service disabled')
# Remove service
cmdlist = ['rm', '-rf', data_dict['dservice_path']]
utils.simple_popen(cmdlist)
logging.info('service removed')
# Remove navencrypt items
if navlib.nav_prepare_loop_del(passwd, data_dict['device'],
logfile=navlog):
logging.info('navencrypt prepare -f succeeded')
else:
logging.error('navencrypt prepare -f failed. Need to inspect manually')
if navlib.nav_acl_del(passwd, data_dict['category'], logfile=navlog):
logging.info('acl removed')
else:
logging.error('acl remove failed. Need to remove manually')
# Remove docker items
cmdlist = ['rm', '-rf', data_dict['docker_lib']]
utils.simple_popen(cmdlist)
logging.info('docker_lib removed')
cmdlist = ['rm', '-rf', data_dict['docker_run']]
utils.simple_popen(cmdlist)
logging.info('docker_run removed')
cmdlist = ['rm', '-rf', data_dict['mount_point']]
utils.simple_popen(cmdlist)
logging.info('mount_point removed')
cmdlist = ['rm', '-rf', data_dict['loop_file']]
utils.simple_popen(cmdlist)
logging.info('loop_file removed')
cmdlist = ['rm', '-rf', data_dict['dockerd']]
utils.simple_popen(cmdlist)
logging.info('dockerd removed')
cmdlist = ['ip', 'link', 'set', data_dict['docker_bridge'], 'down']
utils.simple_popen(cmdlist)
logging.info('bridge down')
cmdlist = ['brctl', 'delbr', data_dict['docker_bridge']]
utils.simple_popen(cmdlist)
logging.info('bridge deleted')
utils.remove_firewall(data_dict['port'])
logging.info('Port removed')
return 'Cleanup complete'
