Browse Source

Remove use of confd. Add checks around exportfs validation. Introduce ability to share two directories

pull/24/head
Steven Iveson 2 years ago
parent
commit
8bff071df1
7 changed files with 33 additions and 39 deletions
  1. +2
    -20
      Dockerfile
  2. BIN
      confd-binary
  3. +0
    -3
      confd/confd.toml
  4. +0
    -1
      confd/tmpl/exports.tmpl
  5. +0
    -8
      confd/toml/exports.toml
  6. +1
    -0
      exports
  7. +30
    -7
      nfsd.sh

+ 2
- 20
Dockerfile View File

@@ -1,17 +1,3 @@
FROM golang:1.9-alpine as confd

ARG CONFD_VERSION=0.14.0

ADD https://github.com/kelseyhightower/confd/archive/v${CONFD_VERSION}.tar.gz /tmp/

RUN apk add --no-cache bzip2 make && \
mkdir -p /go/src/github.com/kelseyhightower/confd && \
cd /go/src/github.com/kelseyhightower/confd && \
tar --strip-components=1 -zxf /tmp/v${CONFD_VERSION}.tar.gz && \
go install github.com/kelseyhightower/confd && \
rm -rf /tmp/v${CONFD_VERSION}.tar.gz /go/src/github.com/kelseyhightower/confd


FROM alpine:latest
LABEL maintainer "Steven Iveson <[email protected]>"
LABEL source "https://github.com/sjiveson/nfs-server-alpine"
@@ -24,14 +10,10 @@ RUN apk add --no-cache --update --verbose nfs-utils bash iproute2 && \
echo "rpc_pipefs /var/lib/nfs/rpc_pipefs rpc_pipefs defaults 0 0" >> /etc/fstab && \
echo "nfsd /proc/fs/nfsd nfsd defaults 0 0" >> /etc/fstab

COPY --from=confd /go/bin/confd /usr/bin/confd
COPY confd/confd.toml /etc/confd/confd.toml
COPY confd/toml/* /etc/confd/conf.d/
COPY confd/tmpl/* /etc/confd/templates/

COPY exports /etc/
COPY nfsd.sh /usr/bin/nfsd.sh
COPY .bashrc /root/.bashrc

RUN chmod +x /usr/bin/nfsd.sh /usr/bin/confd
RUN chmod +x /usr/bin/nfsd.sh

ENTRYPOINT ["/usr/bin/nfsd.sh"]

BIN
confd-binary View File


+ 0
- 3
confd/confd.toml View File

@@ -1,3 +0,0 @@
backend = "env"
confdir = "/etc/confd"
log-level = "info"

+ 0
- 1
confd/tmpl/exports.tmpl View File

@@ -1 +0,0 @@
{{getenv "SHARED_DIRECTORY"}} {{if getenv "PERMITTED"}}{{getenv "PERMITTED"}}{{else}}*{{end}}({{if getenv "READ_ONLY"}}ro{{else}}rw{{end}},fsid=0,{{if getenv "SYNC"}}sync{{else}}async{{end}},no_subtree_check,no_auth_nlm,insecure,no_root_squash)

+ 0
- 8
confd/toml/exports.toml View File

@@ -1,8 +0,0 @@
[template]
src = "exports.tmpl"
dest = "/etc/exports"
mode = "0644"
keys = [
"SHARED_DIRECTORY",
"READ_ONLY"
]

+ 1
- 0
exports View File

@@ -0,0 +1 @@
{{SHARED_DIRECTORY}} {{PERMITTED}}({{READ_ONLY}},fsid=0,{{SYNC}},no_subtree_check,no_auth_nlm,insecure,no_root_squash)

+ 30
- 7
nfsd.sh View File

@@ -12,7 +12,9 @@ stop()
/usr/sbin/exportfs -uav
pid1=$(pidof rpc.nfsd)
pid2=$(pidof rpc.mountd)
kill -TERM $pid1 $pid2 > /dev/null 2>&1
# For IPv6 bug:
pid3=$(pidof rpcbind)
kill -TERM $pid1 $pid2 $pid3 > /dev/null 2>&1
echo "Terminated."
exit
}
@@ -20,20 +22,41 @@ stop()
if [ -z "${SHARED_DIRECTORY}" ]; then
echo "The SHARED_DIRECTORY environment variable is missing or null, exiting..."
exit 1
else
echo "Writing SHARED_DIRECTORY to /etc/exports file"
/bin/sed -i "[email protected]{{SHARED_DIRECTORY}}@${SHARED_DIRECTORY}@g" /etc/exports
fi

if [ ! -z "${SHARED_DIRECTORY_2}" ]; then
echo "{{SHARED_DIRECTORY_2}} {{PERMITTED}}({{READ_ONLY}},fsid=0,{{SYNC}},no_subtree_check,no_auth_nlm,insecure,no_root_squash)" >> /etc/exports
/bin/sed -i "s/{{SHARED_DIRECTORY_2}}/${SHARED_DIRECTORY_2}/g" /etc/exports
fi

if [ -z "${PERMITTED}" ]; then
echo "The PERMITTED environment variable is missing or null, defaulting to '*'."
echo "Any client can mount."
/bin/sed -i "s/{{PERMITTED}}/*/g" /etc/exports
else
/bin/sed -i "s/{{PERMITTED}}/"${PERMITTED}"/g" /etc/exports
fi

if [ -z "${READ_ONLY}" ]; then
echo "The READ_ONLY environment variable is missing or null, defaulting to 'rw'"
echo "Clients have read/write access."
/bin/sed -i "s/{{READ_ONLY}}/rw/g" /etc/exports
else
/bin/sed -i "s/{{READ_ONLY}}/ro/g" /etc/exports
fi

if [ -z "${SYNC}" ]; then
echo "The SYNC environment variable is missing or null, defaulting to 'async'".
echo "Writes will not be immediately written to disk."
/bin/sed -i "s/{{SYNC}}/async/g" /etc/exports
else
/bin/sed -i "s/{{SYNC}}/sync/g" /etc/exports
fi


# This loop runs till until we've started up successfully
while true; do

@@ -42,10 +65,6 @@ while true; do

# If $pid is null, do this to start or restart NFS:
while [ -z "$pid" ]; do
echo "Starting Confd population of files..."
/usr/bin/confd -version
/usr/bin/confd -onetime
echo ""
echo "Displaying /etc/exports contents..."
cat /etc/exports
echo ""
@@ -65,8 +84,12 @@ while true; do
echo "Starting NFS in the background..."
/usr/sbin/rpc.nfsd --debug 8 --no-udp --no-nfs-version 2 --no-nfs-version 3
echo "Exporting File System..."
/usr/sbin/exportfs -rv
/usr/sbin/exportfs
if /usr/sbin/exportfs -rv; then
/usr/sbin/exportfs
else
echo "Export validation failed, exiting..."
exit 1
fi
echo "Starting Mountd in the background..."
/usr/sbin/rpc.mountd --debug all --no-udp --no-nfs-version 2 --no-nfs-version 3
# --exports-file /etc/exports


Loading…
Cancel
Save