fix: swarm net privileges, make wondershaper toggleable

This commit is contained in:
Tha14 2023-01-15 22:17:15 +02:00
parent b8bc122fc1
commit ca50c6ce65
No known key found for this signature in database
GPG Key ID: C2B875C3A9D53CFC
4 changed files with 22 additions and 8 deletions

View File

@ -12,16 +12,19 @@ services:
memlock: -1 memlock: -1
oom_score_adj: -700 oom_score_adj: -700
mem_swappiness: 10 mem_swappiness: 10
cap_add:
- NET_ADMIN
volumes: volumes:
- "./entrypoint.sh:/opt/entrypoint.sh" - "./entrypoint.sh:/opt/entrypoint.sh"
- "/opt/uam_data/uam_1:/root/.uam" - "/opt/uam_data/uam_1:/root/.uam"
command: /bin/sh -c "chmod +x /opt/entrypoint.sh && /opt/entrypoint.sh $${PBKEY} $${PPORT} $${NETLIMUP} $${NETLIMDOWN}" command: /bin/sh -c "chmod +x /opt/entrypoint.sh && /opt/entrypoint.sh $${PBKEY} $${PPORT} $${NETLIMUP} $${NETLIMDOWN} $${ENABLE_WONDERSHAPER}"
ports: ports:
- "127.0.0.1:17100:17099" - "127.0.0.1:17100:17099"
- "4160:4160" - "4160:4160"
environment: environment:
- PBKEY=${PBKEY?err} - PBKEY=${PBKEY?err}
- PPORT=4160 - PPORT=4160
- ENABLE_WONDERSHAPER=true
- NETLIMUP=10000 - NETLIMUP=10000
- NETLIMDOWN=18000 - NETLIMDOWN=18000
@ -36,16 +39,19 @@ services:
memlock: -1 memlock: -1
oom_score_adj: -700 oom_score_adj: -700
mem_swappiness: 10 mem_swappiness: 10
cap_add:
- NET_ADMIN
volumes: volumes:
- "./entrypoint.sh:/opt/entrypoint.sh" - "./entrypoint.sh:/opt/entrypoint.sh"
- "/opt/uam_data/uam_2:/root/.uam" - "/opt/uam_data/uam_2:/root/.uam"
command: /bin/sh -c "chmod +x /opt/entrypoint.sh && /opt/entrypoint.sh $${PBKEY} $${PPORT} $${NETLIMUP} $${NETLIMDOWN}" command: /bin/sh -c "chmod +x /opt/entrypoint.sh && /opt/entrypoint.sh $${PBKEY} $${PPORT} $${NETLIMUP} $${NETLIMDOWN} $${ENABLE_WONDERSHAPER}"
ports: ports:
- "127.0.0.1:17101:17099" - "127.0.0.1:17101:17099"
- "4161:4161" - "4161:4161"
environment: environment:
- PBKEY=${PBKEY?err} - PBKEY=${PBKEY?err}
- PPORT=4161 - PPORT=4161
- ENABLE_WONDERSHAPER=true
- NETLIMUP=10000 - NETLIMUP=10000
- NETLIMDOWN=18000 - NETLIMDOWN=18000
@ -60,15 +66,18 @@ services:
memlock: -1 memlock: -1
oom_score_adj: -700 oom_score_adj: -700
mem_swappiness: 10 mem_swappiness: 10
cap_add:
- NET_ADMIN
volumes: volumes:
- "./entrypoint.sh:/opt/entrypoint.sh" - "./entrypoint.sh:/opt/entrypoint.sh"
- "/opt/uam_data/uam_3:/root/.uam" - "/opt/uam_data/uam_3:/root/.uam"
command: /bin/sh -c "chmod +x /opt/entrypoint.sh && /opt/entrypoint.sh $${PBKEY} $${PPORT} $${NETLIMUP} $${NETLIMDOWN}" command: /bin/sh -c "chmod +x /opt/entrypoint.sh && /opt/entrypoint.sh $${PBKEY} $${PPORT} $${NETLIMUP} $${NETLIMDOWN} $${ENABLE_WONDERSHAPER}"
ports: ports:
- "127.0.0.1:17102:17099" - "127.0.0.1:17102:17099"
- "4162:4162" - "4162:4162"
environment: environment:
- PBKEY=${PBKEY?err} - PBKEY=${PBKEY?err}
- PPORT=4162 - PPORT=4162
- ENABLE_WONDERSHAPER=true
- NETLIMUP=10000 - NETLIMUP=10000
- NETLIMDOWN=18000 - NETLIMDOWN=18000

View File

@ -1,4 +1,4 @@
#!/bin/sh #!/bin/bash
cd /tmp cd /tmp
apt update && apt -yq install wget libglib2.0-0 ca-certificates dnsmasq wondershaper apt update && apt -yq install wget libglib2.0-0 ca-certificates dnsmasq wondershaper
update-ca-certificates update-ca-certificates
@ -8,5 +8,7 @@ cd /opt/uam/
echo "[net]" >> /root/.uam/uam.ini echo "[net]" >> /root/.uam/uam.ini
container_ip="$(hostname -i)" container_ip="$(hostname -i)"
echo "listens=[${container_ip}]:$2" >> /root/.uam/uam.ini echo "listens=[${container_ip}]:$2" >> /root/.uam/uam.ini
if [[ "$5" == "true" ]]; then
wondershaper eth0 $3 $4 & wondershaper eth0 $3 $4 &
fi
./uam --pk $1 --http [0.0.0.0]:17099 --no-ui ./uam --pk $1 --http [0.0.0.0]:17099 --no-ui

View File

@ -17,11 +17,12 @@ services:
volumes: volumes:
- "./entrypoint.sh:/opt/entrypoint.sh" - "./entrypoint.sh:/opt/entrypoint.sh"
- "/opt/uam_data:/root/.uam" - "/opt/uam_data:/root/.uam"
command: /bin/sh -c "chmod +x /opt/entrypoint.sh && /opt/entrypoint.sh $${PBKEY} $${NETLIMUP} $${NETLIMDOWN}" command: /bin/sh -c "chmod +x /opt/entrypoint.sh && /opt/entrypoint.sh $${PBKEY} $${NETLIMUP} $${NETLIMDOWN} $${ENABLE_WONDERSHAPER}"
ports: ports:
- "127.0.0.1:17099:17099" - "127.0.0.1:17099:17099"
- "4156:4156" - "4156:4156"
environment: environment:
- PBKEY=${PBKEY?err} - PBKEY=${PBKEY?err}
- ENABLE_WONDERSHAPER=true
- NETLIMUP=10000 - NETLIMUP=10000
- NETLIMDOWN=18000 - NETLIMDOWN=18000

View File

@ -1,4 +1,4 @@
#!/bin/sh #!/bin/bash
cd /tmp cd /tmp
apt update && apt -yq install wget libglib2.0-0 ca-certificates dnsmasq wondershaper apt update && apt -yq install wget libglib2.0-0 ca-certificates dnsmasq wondershaper
update-ca-certificates update-ca-certificates
@ -8,5 +8,7 @@ cd /opt/uam/
echo "[net]" >> /root/.uam/uam.ini echo "[net]" >> /root/.uam/uam.ini
container_ip="$(hostname -i)" container_ip="$(hostname -i)"
echo "listens=[${container_ip}]:4156" >> /root/.uam/uam.ini echo "listens=[${container_ip}]:4156" >> /root/.uam/uam.ini
if [[ "$4" == "true" ]]; then
wondershaper eth0 $2 $3 & wondershaper eth0 $2 $3 &
fi
./uam --pk $1 --http [0.0.0.0]:17099 --no-ui ./uam --pk $1 --http [0.0.0.0]:17099 --no-ui