def create_dservice(self): """ Copies /usr/lib/systemd/system/docker.service and modifies for new dockerd """ # Copy docker service file to new docker service file docker_service = '/usr/lib/systemd/system/docker.service' new_docker_service = '/usr/lib/systemd/system/docker%s.service' % self.rand_int cmdlist = ['cp', docker_service, new_docker_service] utils.simple_popen(cmdlist) # Modify new docker service file dockerd_cmd = 'ExecStart=%s '\ '-D --bridge=%s '\ '--exec-root=%s '\ '-g %s '\ '-H unix://%s/docker.sock '\ '-p %s/docker.pid '\ '--storage-driver=devicemapper '\ '--iptables=false --ip-masq=false' % (self.dockerd, self.bridge, self.docker_run, self.docker_lib, self.docker_lib, self.docker_run) old = 'ExecStart=/usr/bin/dockerd' new = dockerd_cmd utils.change_file(new_docker_service, old, new) text = 'Created docker service file: %s' % new_docker_service logging.info(text) return new_docker_service
def create_dockerd(self): """ Creates a copy of the dockerd binary """ dockerd = '/usr/bin/dockerd-%s' % self.rand_int cmdlist = ['cp', '/usr/bin/dockerd', dockerd] utils.simple_popen(cmdlist) text = 'Created binary: %s' % dockerd logging.info(text) return dockerd
def create_mount(self): """ Creates the mount point for navencrypt prepare """ mount_point = '/docker-%s-mount' % self.rand_int cmdlist = ['mkdir', '-p', mount_point] utils.simple_popen(cmdlist) text = 'Created directory: %s' % mount_point logging.info(text) return mount_point
def create_run(self): """ Creates the docker run directory """ run = '/dmcrypt/run/docker-%s' % self.rand_int cmdlist = ['mkdir', '-p', run] utils.simple_popen(cmdlist) text = 'Created directory: %s' % run logging.info(text) return run
def create_lib(self): """ Creates the docker lib directory """ lib = '/dmcrypt/lib/docker-%s' % self.rand_int cmdlist = ['mkdir', '-p', lib] utils.simple_popen(cmdlist) text = 'Created directory: %s' % lib logging.info(text) return lib
def create_loop(self): """ Creates the 2G loop file for navencrypt prepare """ loop_file = '/dmcrypt/docker-%s-loop' % self.rand_int cmdlist = [ 'dd', 'if=/dev/zero', 'of=%s' % loop_file, 'bs=1M', 'count=2048' ] utils.simple_popen(cmdlist) text = 'Created loop file: %s' % loop_file logging.info(text) return loop_file
def run(self): """ Starts the container, returns the port it started on """ # Start the container docker_cmd = '%s run -d -p 5222 --name docker-jabber -e JHOST=%s -e USER1=%s '\ '-e PASS1=%s -e USER2=%s -e PASS2=%s '\ 'wallace123/docker-jabber' % (self.docker, self.jabber_ip, self.user1, self.pass1, self.user2, self.pass2) cmdlist = docker_cmd.split() utils.simple_popen(cmdlist) # Get the port docker_cmd = '%s port docker-jabber' % self.docker cmdlist = docker_cmd.split() # pylint: disable=W0612 output, errors = utils.simple_popen(cmdlist) port_output = output.split(':') port = port_output[1].rstrip() return port
def run(self): """ Starts the container, returns the port it started on """ # Start the container docker_cmd = '%s run -d -p 5900 --name docker-vnc '\ '-e VNCPASS=%s '\ '-v /etc/hosts:/etc/hosts:ro '\ '-v /etc/resolv.conf:/etc/resolv.conf:ro '\ 'wallace123/docker-vnc' % (self.docker, self.vncpass) cmdlist = docker_cmd.split() utils.simple_popen(cmdlist) # Get the port docker_cmd = '%s port docker-vnc' % self.docker cmdlist = docker_cmd.split() # pylint: disable=W0612 output, errors = utils.simple_popen(cmdlist) port_output = output.split(':') port = port_output[1].rstrip() return port
def run_nav(self): """ Sets up navencrypt items """ device = utils.simple_popen(['losetup', '-f'])[0].rstrip() if navlib.nav_prepare_loop(self.navpass, self.loop_file, device, self.mount, self.navlogfile): logging.info('Nav prepare completed') else: logging.error('Something went wrong on nav prepare command') sys.exit(1) category = '@%s' % self.mount.split('/')[1] if navlib.nav_encrypt(self.navpass, category, self.docker_lib, self.mount, self.navlogfile): text = 'Nav encrypt of %s complete' % self.docker_lib logging.info(text) else: logging.error('Something went wrong with the nav move command') sys.exit(1) if navlib.nav_encrypt(self.navpass, category, self.docker_run, self.mount, self.navlogfile): text = 'Nav encrypt of %s complete' % self.docker_run logging.info(text) else: logging.error('Something went wrong with the nav move command') sys.exit(1) acl_rule = 'ALLOW %s * %s' % (category, self.dockerd) if navlib.nav_acl_add(self.navpass, acl_rule, self.navlogfile): text = 'Nav acl rule added %s' % acl_rule logging.info(text) else: logging.error('Something went wrong with adding the acl rule') sys.exit(1) return device, category
def create_bridge(self): """ Creates a bridge for the docker daemon """ # First get an available IP cmdlist = ['cat', '/proc/net/dev'] # pylint: disable=W0612 output, errors = utils.simple_popen(cmdlist) tmp = output.split() docker_dev = [] for item in tmp: if 'docker' in item: docker_dev.append(item.rstrip(':')) used_ips = [] for dev in docker_dev: used_ips.append(netifaces.ifaddresses(dev)[2][0]['addr']) for avail_ip in BRIDGE_IPS: if avail_ip not in used_ips: bridge_ip = avail_ip break # Create the bridge with the available IP docker_bridge = 'docker%d' % self.rand_int cmdlist = ['brctl', 'addbr', docker_bridge] utils.simple_popen(cmdlist) cmdlist = [ 'ip', 'addr', 'add', '%s/24' % bridge_ip, 'dev', docker_bridge ] utils.simple_popen(cmdlist) cmdlist = ['ip', 'link', 'set', 'dev', docker_bridge, 'up'] utils.simple_popen(cmdlist) text = 'Created bridge %s with ip %s' % (docker_bridge, bridge_ip) logging.info(text) return docker_bridge
json_list = [] for fil in files: if '.json' in fil: json_list.append(fil) for jsn in json_list: json_file = open(os.path.join('./json', jsn), 'r') data = json.load(json_file) # Stop the container docker_cmd = data['docker'].split() cmdlist = [ docker_cmd[0], docker_cmd[1], docker_cmd[2], 'stop', data['container'] ] utils.simple_popen(cmdlist) logging.info('container stopped') # Stop and disable the service utils.stop_disable_service(data['dservice'].split('.')[0]) logging.info('service disabled') # Remove service cmdlist = ['rm', '-rf', data['dservice_path']] utils.simple_popen(cmdlist) logging.info('service removed') # Remove navencrypt items if navlib.nav_prepare_loop_del(passwd, data['device'], logfile=navlog): logging.info('navencrypt prepare -f succeeded') else:
def cleanup(passwd, navlog, data_dict): """ Receives a json dictionary and cleans up items """ docker_cmd = data_dict['docker'].split() cmdlist = [ docker_cmd[0], docker_cmd[1], docker_cmd[2], 'stop', data_dict['container'] ] utils.simple_popen(cmdlist) logging.info('container stopped') # Stop and disable the service utils.stop_disable_service(data_dict['dservice'].split('.')[0]) logging.info('service disabled') # Remove service cmdlist = ['rm', '-rf', data_dict['dservice_path']] utils.simple_popen(cmdlist) logging.info('service removed') # Remove navencrypt items if navlib.nav_prepare_loop_del(passwd, data_dict['device'], logfile=navlog): logging.info('navencrypt prepare -f succeeded') else: logging.error('navencrypt prepare -f failed. Need to inspect manually') if navlib.nav_acl_del(passwd, data_dict['category'], logfile=navlog): logging.info('acl removed') else: logging.error('acl remove failed. Need to remove manually') # Remove docker items cmdlist = ['rm', '-rf', data_dict['docker_lib']] utils.simple_popen(cmdlist) logging.info('docker_lib removed') cmdlist = ['rm', '-rf', data_dict['docker_run']] utils.simple_popen(cmdlist) logging.info('docker_run removed') cmdlist = ['rm', '-rf', data_dict['mount_point']] utils.simple_popen(cmdlist) logging.info('mount_point removed') cmdlist = ['rm', '-rf', data_dict['loop_file']] utils.simple_popen(cmdlist) logging.info('loop_file removed') cmdlist = ['rm', '-rf', data_dict['dockerd']] utils.simple_popen(cmdlist) logging.info('dockerd removed') cmdlist = ['ip', 'link', 'set', data_dict['docker_bridge'], 'down'] utils.simple_popen(cmdlist) logging.info('bridge down') cmdlist = ['brctl', 'delbr', data_dict['docker_bridge']] utils.simple_popen(cmdlist) logging.info('bridge deleted') utils.remove_firewall(data_dict['port']) logging.info('Port removed') return 'Cleanup complete'