def create(self, hostname, env):
ports = []
for app_id, container_port, host_port, protocol in app_ports_with_protocol():
if app_id == self.app.id:
port_definition = '%d:%d/%s' % (host_port, container_port, protocol)
ports.append(port_definition)
volumes = set(self.app.docker_volumes[:])
for app_volume in [self.app.get_data_dir(), self.app.get_conf_dir()]:
app_volume = '%s:%s' % (app_volume, app_volume)
volumes.add(app_volume)
if self.app.host_certificate_access:
cert_dir = '/etc/univention/ssl/%s.%s' % (ucr_get('hostname'), ucr_get('domainname'))
cert_volume = '%s:%s:ro' % (cert_dir, cert_dir)
volumes.add(cert_volume)
volumes.add('/sys/fs/cgroup:/sys/fs/cgroup:ro') # systemd
if ucr_is_true('appcenter/docker/container/proxy/settings', default=True):
if os.path.isfile('/etc/apt/apt.conf.d/80proxy'):
volumes.add('/etc/apt/apt.conf.d/80proxy:/etc/apt/apt.conf.d/80proxy:ro') # apt proxy
env_file = self.ucr_filter_env_file(env)
command = None
if self.app.docker_script_init:
command = shlex.split(self.app.docker_script_init)
args = shlex.split(ucr_get(self.app.ucr_docker_params_key, ''))
for tmpfs in ("/run", "/run/lock"): # systemd
args.extend(["--tmpfs", tmpfs])
seccomp_profile = "/etc/docker/seccomp-systemd.json"
args.extend(["--security-opt", "seccomp:%s" % seccomp_profile]) # systemd
args.extend(["-e", "container=docker"]) # systemd
container = create(self.image, command, hostname, ports, volumes, env_file, args)
ucr_save({self.app.ucr_container_key: container})
self.container = container
return container
def _register_ports(self, app):
updates = {}
current_port_config = {}
for app_id, container_port, host_port in app_ports():
if app_id == app.id:
current_port_config[app.ucr_ports_key % container_port] = str(host_port)
updates[app.ucr_ports_key % container_port] = None
updates[app.ucr_ports_key % container_port + '/protocol'] = None
if app.docker and app.plugin_of:
# handling for plugins of Docker Apps: copy ports of base App
for app_id, container_port, host_port, proto in app_ports_with_protocol():
if app_id == app.plugin_of:
updates[app.ucr_ports_key % container_port] = str(host_port)
updates[app.ucr_ports_key % container_port + '/protocol'] = proto
ucr_save(updates)
return
for port in app.ports_exclusive:
updates[app.ucr_ports_key % port] = str(port)
redirection_ports = []
for port in app.ports_redirection:
redirection_ports.append((port, 'tcp'))
for port in app.ports_redirection_udp:
redirection_ports.append((port, 'udp'))
for port, protocol in redirection_ports:
host_port, container_port = port.split(':')
protocol_key = app.ucr_ports_key % container_port + '/protocol'
protocol_value = updates.get(protocol_key)
if protocol_value:
protocol_value = '%s, %s' % (protocol_value, protocol)
else:
protocol_value = protocol
updates[protocol_key] = protocol_value
updates[app.ucr_ports_key % container_port] = str(host_port)
if app.auto_mod_proxy and app.has_local_web_interface():
self.log('Setting ports for apache proxy')
try:
min_port = int(ucr_get('appcenter/ports/min'))
except (TypeError, ValueError):
min_port = 40000
try:
max_port = int(ucr_get('appcenter/ports/max'))
except (TypeError, ValueError):
max_port = 41000
ports_taken = set()
for app_id, container_port, host_port in app_ports():
if host_port < max_port:
ports_taken.add(host_port)
if app.web_interface_port_http:
key = app.ucr_ports_key % app.web_interface_port_http
if key in current_port_config:
value = current_port_config[key]
else:
next_port = currently_free_port_in_range(min_port, max_port, ports_taken)
ports_taken.add(next_port)
value = str(next_port)
updates[key] = value
if app.web_interface_port_https:
key = app.ucr_ports_key % app.web_interface_port_https
if key in current_port_config:
value = current_port_config[key]
else:
next_port = currently_free_port_in_range(min_port, max_port, ports_taken)
ports_taken.add(next_port)
value = str(next_port)
updates[key] = value
for container_port, host_port in current_port_config.iteritems():
if container_port in updates:
if updates[container_port] == host_port:
updates.pop(container_port)
if updates:
# save immediately, no delay: next call needs to know
# about the (to be) registered ports
ucr_save(updates)