Update Dockerfile, add support for iptables legacy mode via a build arg

2025-07-03 17:26:12 +02:00 · 2025-06-28 09:19:14 +08:00 · 2025-06-28 09:19:14 +08:00 · 276324acf0
commit 276324acf0
parent 1a51b59cf8
2 changed files with 17 additions and 6 deletions
--- a/10
+++ b/10
@ -1,6 +1,7 @@
 FROM ubuntu:24.04

 ARG docker_version="27.3.1"
+ARG use_iptables_legacy=false

 ENV DEBIAN_FRONTEND=noninteractive
 RUN apt-get update \
@ -14,6 +15,15 @@ RUN apt-get update \
    && apt-get install -y --no-install-recommends locales ufw \
    && apt-get install -y --no-install-recommends "docker-ce=$(apt-cache madison docker-ce | grep -m1 -F "${docker_version}" | cut -d'|' -f2 | tr -d '[[:blank:]]')" \
    && locale-gen en_US.UTF-8 \
+    && if "$use_iptables_legacy"; then \
+          apt-get -y install arptables ebtables \
+          && update-alternatives --install /usr/sbin/arptables arptables /usr/sbin/arptables-legacy 100 \
+          && update-alternatives --install /usr/sbin/ebtables ebtables /usr/sbin/ebtables-legacy 100 \
+          && update-alternatives --set iptables /usr/sbin/iptables-legacy \
+          && update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy \
+          && update-alternatives --set arptables /usr/sbin/arptables-legacy \
+          && update-alternatives --set ebtables /usr/sbin/ebtables-legacy; \
+       fi \
    && apt-get clean autoclean \
    && apt-get autoremove --yes \
    && rm -rf /var/lib/{apt,dpkg,cache,log}/
--- a/13
+++ b/13
@ -87,12 +87,13 @@ Vagrant.configure('2') do |config|
            daemonize: true
    end

-    ufw_docker_agent_image = "#{private_registry}/chaifeng/ufw-docker-agent:test-legacy"
+    ufw_docker_agent_image = "#{private_registry}/chaifeng/ufw-docker-agent:test"

    master.vm.provision "docker-build-ufw-docker-agent", preserve_order: true, type: 'shell', inline: <<-SHELL
-      set -euo pipefail
+      set -xeuo pipefail
      suffix="$(iptables --version | grep -o '\\(nf_tables\\|legacy\\)')"
-      docker build -t "#{ufw_docker_agent_image}-${suffix}" /vagrant
+      if [[ "$suffix" = legacy ]]; then use_iptables_legacy=true; else use_iptables_legacy=false; fi
+      docker build --build-arg use_iptables_legacy="${use_iptables_legacy:-false}" -t "#{ufw_docker_agent_image}-${suffix}" /vagrant
      docker push "#{ufw_docker_agent_image}-${suffix}"

      echo "export UFW_DOCKER_AGENT_IMAGE=#{ufw_docker_agent_image}-${suffix}" > /etc/profile.d/ufw-docker.sh
@ -115,10 +116,10 @@ Vagrant.configure('2') do |config|
        docker build -t #{private_registry}/chaifeng/hostname-webapp - <<\\DOCKERFILE
 FROM httpd:alpine

+RUN printf "Listen %s\\n" 7000 8080 >> /usr/local/apache2/conf/httpd.conf
+
 RUN { echo '#!/bin/sh'; \\
    echo 'set -e; (echo -n "${name:-Hi} "; hostname;) > /usr/local/apache2/htdocs/index.html'; \\
-    echo 'grep "^Listen 7000" || echo Listen 7000 >> /usr/local/apache2/conf/httpd.conf'; \\
-    echo 'grep "^Listen 8080" || echo Listen 8080 >> /usr/local/apache2/conf/httpd.conf'; \\
    echo 'exec "$@"'; \\
    } > /entrypoint.sh; chmod +x /entrypoint.sh

@ -187,7 +188,7 @@ DOCKERFILE
    SHELL
  end

-  1.upto 2 do |ip|
+  1.upto 1 do |ip|
    config.vm.define "node#{ip}" do | node |
      node.vm.hostname = "node#{ip}"
      node.vm.network "private_network", ip: "#{ip_prefix}.#{ 130 + ip }"