Feature/detect docker range

packages/ytl-linux-digabi2-examnet/Makefile

@@ -1,5 +1,5 @@
 NAME := ytl-linux-digabi2-examnet
-VERSION := 0.0.19
+VERSION := 0.0.20
 
 DEPENDENCIES := \
 	--depends apt \

packages/ytl-linux-digabi2-examnet/README.md

@@ -4,31 +4,38 @@
 
 This is a proof-of-concept of a procedure which creates proper network settings
 for Abitti 2 exam server. The setup requires that the server has two network devices
- * A WAN device connected to the internet. At the moment this is used to get a
-   SSL certificate and DNS address for the server. According to the initial plans
-   it might be later used e.g. to download exam items and upload candidate data.
-   At the moment a wireless device is good enough for a WAN connection.
- * A LAN device connected to the closed local area network. This is an Abitti 1
-   style network without any external DHCP/DNS servers. After executing the script
-   the server starts working as a DHCP/DNS server for the LAN.
+
+- A WAN device connected to the internet. At the moment this is used to get a
+  SSL certificate and DNS address for the server. According to the initial plans
+  it might be later used e.g. to download exam items and upload candidate data.
+  At the moment a wireless device is good enough for a WAN connection.
+- A LAN device connected to the closed local area network. This is an Abitti 1
+  style network without any external DHCP/DNS servers. After executing the script
+  the server starts working as a DHCP/DNS server for the LAN.
 
 ## Usage
 
 The script is executed from command line:
 
-`$ sudo ytl-linux-digabi2-examnet`
+```bash
+sudo ytl-linux-digabi2-examnet
+```
 
 If executed without parameters, it asks the WAN and LAN devices as well as the
 server number. It is possible to run multiple servers in one LAN but they must have
 different server numbers.
 
 It is possible to supply the three parameters in command line:
 
-`ytl-linux-digabi2-examnet wan-device lan-device server-number`
+```bash
+ytl-linux-digabi2-examnet wan-device lan-device server-number`
+```
 
 Example:
 
-`$ sudo ytl-linux-digabi2-examnet wlo1 eth0 1`
+```bash
+sudo ytl-linux-digabi2-examnet wlo1 eth0 1
+```
 
 It is also possible to run the script in GUI mode (parameter `--gui`). In this case the
 parameters are asked with Zenity.
@@ -37,7 +44,9 @@ parameters are asked with Zenity.
 
 Following command should restore the system to pristine state:
 
-`$ sudo ytl-linux-digabi2-examnet --remove`
+```bash
+sudo ytl-linux-digabi2-examnet --remove
+```
 
 It removes the settings files created by this script. It also removes all NetworkManager
 connections which have a name starting with `yo-`. This is the prefix used by the
@@ -47,6 +56,27 @@ script to create the static connection for the local network.
 
 The debugging messages can be printed to a given file:
 
-`$ DEBUG=/tmp/whatta.log sudo ytl-linux-digabi2-examnet`
+```bash
+DEBUG=/tmp/whatta.log sudo ytl-linux-digabi2-examnet
+```
 
 The list of exit codes can be found in the script.
+
+## Building locally
+
+For macOS, install fpm e.g. with Ruby gem:
+
+```bash
+# Install Ruby and gem, set path
+brew install ruby
+echo 'export PATH="/opt/homebrew/opt/ruby/bin:$PATH"' >> ~/.zshrc
+echo 'export PATH="$(gem environment gemdir)/bin:$PATH"' >> ~/.zshrc
+# Install fpm
+gem install fpm
+```
+
+Then build the Debian package:
+
+```bash
+make deb
+```

packages/ytl-linux-digabi2-examnet/templates/docker-daemon.json.template

@@ -1,3 +1,7 @@
 {
-  "dns": ["${DOCKER_BRIDGE_NETWORK_DNS_RESOLVER_IP}"]
+  "dns": ["${DOCKER_NETWORK_DNS_RESOLVER_IP}"],
+  "default-address-pools":
+  [
+    {"base": "${DOCKER_NETWORK_POOL_BASE_IP}/16", "size":24}
+  ]
 }

packages/ytl-linux-digabi2-examnet/ytl-linux-digabi2-docker-configure.sh

@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+readonly PATH_DOCKER=/etc/docker
+readonly PATH_DOCKER_DAEMON_CONF=$PATH_DOCKER/daemon.json
+readonly PATH_TEMPLATES=/etc/ytl-linux-digabi2-examnet/templates
+readonly PATH_DOCKER_DAEMON_CONF_TEMPLATE=$PATH_TEMPLATES/docker-daemon.json.template
+
+function restart_docker() {
+    /usr/bin/systemctl restart docker
+}
+
+function get_available_ip_range() {
+    _ALLOWED_IP_RANGES=("10.0." "192.168." "172.17.")
+
+    for range in "${_ALLOWED_IP_RANGES[@]}"; do
+        _USED=false
+        for reserved in "$@"; do
+            if [[ $reserved == $range* ]]; then
+                _USED=true
+                break
+            fi
+        done
+        if [[ "$_USED" == false ]]; then
+            # return the first available
+            echo "$range"
+            return
+        fi
+    done
+    exit -1
+}
+
+DOCKER_NETWORK_PREFIX=$(get_available_ip_range "$@")
+DOCKER_NETWORK_DNS_RESOLVER_IP="$DOCKER_NETWORK_PREFIX"0.1
+DOCKER_NETWORK_POOL_BASE_IP="$DOCKER_NETWORK_PREFIX"0.0
+
+export DOCKER_NETWORK_DNS_RESOLVER_IP
+export DOCKER_NETWORK_POOL_BASE_IP
+
+echo "Created Docker configuration, writing to $PATH_DOCKER_DAEMON_CONF"
+echo "$(envsubst < $PATH_DOCKER_DAEMON_CONF_TEMPLATE)"
+write_file $PATH_DOCKER_DAEMON_CONF "$(envsubst < $PATH_DOCKER_DAEMON_CONF_TEMPLATE)"
+restart_docker

packages/ytl-linux-digabi2-examnet/ytl-linux-digabi2-examnet

@@ -27,6 +27,7 @@ readonly EXIT_CODE_CANNOT_CHANGE_SERVICE_STATE=23     # Cannot change service st
 readonly EXIT_CODE_MISSING_CERTIFICATE=24             # Cannot find certificate (e.g. download failure, missing file, invalid API key)
 readonly EXIT_CODE_INVALID_FRIENDLY_NAME=25           # Friendly name contains illegal characters
 readonly EXIT_CODE_NETWORK_NOT_ONLINE=27              # Network did not come up within timeout
+readonly EXIT_CODE_FAILED_TO_CONFIGURE_DOCKER=28      # Failed to configure or restart Docker
 
 readonly SCRIPT_PATH=$0
 readonly PARAM_NET_DEVICE_WAN=$1
@@ -35,7 +36,6 @@ readonly PARAM_SERVER_NUMBER=$3
 readonly PARAM_SERVER_FRIENDLY_NAME=$4
 
 readonly NETWORK_DEVICE_FILTER_RE="^docker|^br|^veth|^lo$"
-readonly DOCKER_BRIDGE_NETWORK_DNS_RESOLVER_IP="172.17.0.1"
 
 readonly PATH_TEMPLATES=/etc/ytl-linux-digabi2-examnet/templates
 readonly PATH_RESOLVED=/etc/systemd/resolved.conf.d
@@ -45,9 +45,6 @@ readonly PATH_DNSMASQ=/etc/dnsmasq.d
 readonly PATH_DNSMASQ_CONF=$PATH_DNSMASQ/ytl-linux.conf
 readonly PATH_DNSMASQ_CONF_TEMPLATE=$PATH_TEMPLATES/dnsmasq.conf.template
 readonly PATH_DNSMASQ_STATIC_DNS_CONF=$PATH_DNSMASQ/ytl-linux-static-dns-records.conf
-readonly PATH_DOCKER=/etc/docker
-readonly PATH_DOCKER_DAEMON_CONF=$PATH_DOCKER/daemon.json
-readonly PATH_DOCKER_DAEMON_CONF_TEMPLATE=$PATH_TEMPLATES/docker-daemon.json.template
 readonly PATH_NAKSU2_WORKDIR="${NAKSU2_WORKDIR:-/home/school/.local/share/digabi/naksu2}"
 readonly PATH_NAKSU2_CERTS_DIR="$PATH_NAKSU2_WORKDIR/certs"
 readonly PATH_NAKSU2_CERT="$PATH_NAKSU2_CERTS_DIR/cert.pem"
@@ -283,14 +280,8 @@ function check_server_number() {
     fi
 }
 
-function get_lan_ip_prefix() {
-    _IP_WAN=$1
-
-    if [[ "$_IP_WAN" =~ ^192\.168\. ]]; then
-        $BIN_ECHO "10.0."
-    else
-        $BIN_ECHO "192.168."
-    fi
+function get_ip_prefix() {
+    echo "${1%.*.*}."
 }
 
 function write_file() {
@@ -674,11 +665,9 @@ export IP_WAN
 export IP_LAN
 export SERVER_NUMBER
 
-IP_LAN_PREFIX=$(get_lan_ip_prefix "$IP_WAN")
+IP_LAN_PREFIX=$(get_ip_prefix "$IP_LAN")
 export IP_LAN_PREFIX
 
-export DOCKER_BRIDGE_NETWORK_DNS_RESOLVER_IP
-
 debug "SUBNETS_PER_SERVER: $CONST_SUBNETS_PER_SERVER"
 
 SERVER_HOST_NUMBER=$((SERVER_NUMBER * CONST_SUBNETS_PER_SERVER))
@@ -733,7 +722,6 @@ restart_networkmanager
 wait_for_network_online
 
 write_file $PATH_RESOLVED_CONF "$(envsubst < $PATH_RESOLVED_CONF_TEMPLATE)"
-write_file $PATH_DOCKER_DAEMON_CONF "$(envsubst < $PATH_DOCKER_DAEMON_CONF_TEMPLATE)"
 
 remove_dnsmasq_settings
 write_file $PATH_DNSMASQ_CONF "$(envsubst < $PATH_DNSMASQ_CONF_TEMPLATE)"
@@ -756,6 +744,9 @@ enable_systemd_services
 restart_systemd_resolved
 restart_dnsmasq
 restart_examnet_daemon
-restart_docker
+
+debug "Configuring Docker daemon"
+ytl-linux-digabi2-docker-configure.sh "${IP_WAN}" "${IP_LAN}"
+exit_if_error $? $EXIT_CODE_FAILED_TO_CONFIGURE_DOCKER "Failed to configure and restart Docker"
 
 print_info "Changes made successfully"