From 276324acf0698f77d64d8e1535ffcb3a62f34f03 Mon Sep 17 00:00:00 2001 From: Chai Feng Date: Sat, 28 Jun 2025 09:19:14 +0800 Subject: [PATCH] Update Dockerfile, add support for iptables legacy mode via a build arg --- Dockerfile | 10 ++++++++++ Vagrantfile | 13 +++++++------ 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index f8e5fd9..b63c63e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,7 @@ FROM ubuntu:24.04 ARG docker_version="27.3.1" +ARG use_iptables_legacy=false ENV DEBIAN_FRONTEND=noninteractive RUN apt-get update \ @@ -14,6 +15,15 @@ RUN apt-get update \ && apt-get install -y --no-install-recommends locales ufw \ && apt-get install -y --no-install-recommends "docker-ce=$(apt-cache madison docker-ce | grep -m1 -F "${docker_version}" | cut -d'|' -f2 | tr -d '[[:blank:]]')" \ && locale-gen en_US.UTF-8 \ + && if "$use_iptables_legacy"; then \ + apt-get -y install arptables ebtables \ + && update-alternatives --install /usr/sbin/arptables arptables /usr/sbin/arptables-legacy 100 \ + && update-alternatives --install /usr/sbin/ebtables ebtables /usr/sbin/ebtables-legacy 100 \ + && update-alternatives --set iptables /usr/sbin/iptables-legacy \ + && update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy \ + && update-alternatives --set arptables /usr/sbin/arptables-legacy \ + && update-alternatives --set ebtables /usr/sbin/ebtables-legacy; \ + fi \ && apt-get clean autoclean \ && apt-get autoremove --yes \ && rm -rf /var/lib/{apt,dpkg,cache,log}/ diff --git a/Vagrantfile b/Vagrantfile index ee11fa8..7e69446 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -87,12 +87,13 @@ Vagrant.configure('2') do |config| daemonize: true end - ufw_docker_agent_image = "#{private_registry}/chaifeng/ufw-docker-agent:test-legacy" + ufw_docker_agent_image = "#{private_registry}/chaifeng/ufw-docker-agent:test" master.vm.provision "docker-build-ufw-docker-agent", preserve_order: true, type: 'shell', inline: <<-SHELL - set -euo pipefail + set -xeuo pipefail suffix="$(iptables --version | grep -o '\\(nf_tables\\|legacy\\)')" - docker build -t "#{ufw_docker_agent_image}-${suffix}" /vagrant + if [[ "$suffix" = legacy ]]; then use_iptables_legacy=true; else use_iptables_legacy=false; fi + docker build --build-arg use_iptables_legacy="${use_iptables_legacy:-false}" -t "#{ufw_docker_agent_image}-${suffix}" /vagrant docker push "#{ufw_docker_agent_image}-${suffix}" echo "export UFW_DOCKER_AGENT_IMAGE=#{ufw_docker_agent_image}-${suffix}" > /etc/profile.d/ufw-docker.sh @@ -115,10 +116,10 @@ Vagrant.configure('2') do |config| docker build -t #{private_registry}/chaifeng/hostname-webapp - <<\\DOCKERFILE FROM httpd:alpine +RUN printf "Listen %s\\n" 7000 8080 >> /usr/local/apache2/conf/httpd.conf + RUN { echo '#!/bin/sh'; \\ echo 'set -e; (echo -n "${name:-Hi} "; hostname;) > /usr/local/apache2/htdocs/index.html'; \\ - echo 'grep "^Listen 7000" || echo Listen 7000 >> /usr/local/apache2/conf/httpd.conf'; \\ - echo 'grep "^Listen 8080" || echo Listen 8080 >> /usr/local/apache2/conf/httpd.conf'; \\ echo 'exec "$@"'; \\ } > /entrypoint.sh; chmod +x /entrypoint.sh @@ -187,7 +188,7 @@ DOCKERFILE SHELL end - 1.upto 2 do |ip| + 1.upto 1 do |ip| config.vm.define "node#{ip}" do | node | node.vm.hostname = "node#{ip}" node.vm.network "private_network", ip: "#{ip_prefix}.#{ 130 + ip }"