fix: swarm net privileges, make wondershaper toggleable

uam-swarm/docker-compose.yml

@@ -12,16 +12,19 @@ services:
       memlock: -1
     oom_score_adj: -700
     mem_swappiness: 10
+    cap_add:
+      - NET_ADMIN
     volumes:
       - "./entrypoint.sh:/opt/entrypoint.sh"
       - "/opt/uam_data/uam_1:/root/.uam"
-    command: /bin/sh -c "chmod +x /opt/entrypoint.sh && /opt/entrypoint.sh $${PBKEY} $${PPORT} $${NETLIMUP} $${NETLIMDOWN}"
+    command: /bin/sh -c "chmod +x /opt/entrypoint.sh && /opt/entrypoint.sh $${PBKEY} $${PPORT} $${NETLIMUP} $${NETLIMDOWN} $${ENABLE_WONDERSHAPER}"
     ports:
       - "127.0.0.1:17100:17099"
       - "4160:4160"
     environment:
       - PBKEY=${PBKEY?err}
       - PPORT=4160
+      - ENABLE_WONDERSHAPER=true
       - NETLIMUP=10000
       - NETLIMDOWN=18000
 
@@ -36,16 +39,19 @@ services:
       memlock: -1
     oom_score_adj: -700
     mem_swappiness: 10
+    cap_add:
+      - NET_ADMIN
     volumes:
       - "./entrypoint.sh:/opt/entrypoint.sh"
       - "/opt/uam_data/uam_2:/root/.uam"
-    command: /bin/sh -c "chmod +x /opt/entrypoint.sh && /opt/entrypoint.sh $${PBKEY} $${PPORT} $${NETLIMUP} $${NETLIMDOWN}"
+    command: /bin/sh -c "chmod +x /opt/entrypoint.sh && /opt/entrypoint.sh $${PBKEY} $${PPORT} $${NETLIMUP} $${NETLIMDOWN} $${ENABLE_WONDERSHAPER}"
     ports:
       - "127.0.0.1:17101:17099"
       - "4161:4161"
     environment:
       - PBKEY=${PBKEY?err}
       - PPORT=4161
+      - ENABLE_WONDERSHAPER=true
       - NETLIMUP=10000
       - NETLIMDOWN=18000
 
@@ -60,15 +66,18 @@ services:
       memlock: -1
     oom_score_adj: -700
     mem_swappiness: 10
+    cap_add:
+      - NET_ADMIN
     volumes:
       - "./entrypoint.sh:/opt/entrypoint.sh"
       - "/opt/uam_data/uam_3:/root/.uam"
-    command: /bin/sh -c "chmod +x /opt/entrypoint.sh && /opt/entrypoint.sh $${PBKEY} $${PPORT} $${NETLIMUP} $${NETLIMDOWN}"
+    command: /bin/sh -c "chmod +x /opt/entrypoint.sh && /opt/entrypoint.sh $${PBKEY} $${PPORT} $${NETLIMUP} $${NETLIMDOWN} $${ENABLE_WONDERSHAPER}"
     ports:
       - "127.0.0.1:17102:17099"
       - "4162:4162"
     environment:
       - PBKEY=${PBKEY?err}
       - PPORT=4162
+      - ENABLE_WONDERSHAPER=true
       - NETLIMUP=10000
       - NETLIMDOWN=18000

uam-swarm/entrypoint.sh

@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 cd /tmp
 apt update && apt -yq install wget libglib2.0-0 ca-certificates dnsmasq wondershaper
 update-ca-certificates
@@ -8,5 +8,7 @@ cd /opt/uam/
 echo "[net]" >> /root/.uam/uam.ini
 container_ip="$(hostname -i)"
 echo "listens=[${container_ip}]:$2" >> /root/.uam/uam.ini
+if [[ "$5" == "true" ]]; then
   wondershaper eth0 $3 $4 &
+fi
 ./uam --pk $1 --http [0.0.0.0]:17099 --no-ui

uam/docker-compose.yml

@@ -17,11 +17,12 @@ services:
     volumes:
       - "./entrypoint.sh:/opt/entrypoint.sh"
       - "/opt/uam_data:/root/.uam"
-    command: /bin/sh -c "chmod +x /opt/entrypoint.sh && /opt/entrypoint.sh $${PBKEY} $${NETLIMUP} $${NETLIMDOWN}"
+    command: /bin/sh -c "chmod +x /opt/entrypoint.sh && /opt/entrypoint.sh $${PBKEY} $${NETLIMUP} $${NETLIMDOWN} $${ENABLE_WONDERSHAPER}"
     ports:
       - "127.0.0.1:17099:17099"
       - "4156:4156"
     environment:
       - PBKEY=${PBKEY?err}
+      - ENABLE_WONDERSHAPER=true
       - NETLIMUP=10000
       - NETLIMDOWN=18000

uam/entrypoint.sh

@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 cd /tmp
 apt update && apt -yq install wget libglib2.0-0 ca-certificates dnsmasq wondershaper
 update-ca-certificates
@@ -8,5 +8,7 @@ cd /opt/uam/
 echo "[net]" >> /root/.uam/uam.ini
 container_ip="$(hostname -i)"
 echo "listens=[${container_ip}]:4156" >> /root/.uam/uam.ini
+if [[ "$4" == "true" ]]; then
   wondershaper eth0 $2 $3 &
+fi
 ./uam --pk $1 --http [0.0.0.0]:17099 --no-ui