Initial commit

Author: louisroyer

.gitignore

@@ -0,0 +1 @@
+docker-setup

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright © 2023 Louis Royer
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,65 @@
+# Docker-setup
+Docker-setup is a program that allow configure a container (for networking) via environment variables.
+
+## Usage
+This program only use environment variables for its configuration:
+- `ONESHOT`: when this environment variable is equal to `true`, the program will *not* sleep until a signal (SIGINT or SIGTERM) is received, and not perform cleaning scripts on exit 
+- `NAT4_IFACES` is a list of interfaces where MASQUERADE will be enabled
+- `ROUTES_INIT` is a list of routes modifications that will be performed on init
+- `ROUTES_EXIT` is a list of routes modifications that will be performed on exit 
+- `PRE_INIT_HOOK` is a command that is run before the init (nat & routes init). The command can takes some arguments from `PRE_INIT_HOOK_0`, `PRE_INIT_HOOK_1`, and so on.
+- `POST_INIT_HOOK` is a command that is run after the init (nat & routes init). The command can takes some arguments from `POST_INIT_HOOK_0`, `POST_INIT_HOOK_1`, and so on.
+- `PRE_EXIT_HOOK` is a command that is run before the exit (nat & routes cleaning). The command can takes some arguments from `PRE_EXIT_HOOK_0`, `PRE_EXIT_HOOK_1`, and so on.
+- `POST_EXIT_HOOK` is a command that is run after the exit (nat & routes cleaning). The command can takes some arguments from `POST_EXIT_HOOK_0`, `POST_EXIT_HOOK_1`, and so on.
+
+### Example
+In Docker Compose:
+```yaml
+volumes:
+    - "./config_init.sh:/usr/local/bin/config_init.sh:ro"
+    - "./config_exit.sh:/usr/local/bin/config_exit.sh:ro"
+environment:
+    ONESHOT: "false"
+    ROUTES_INIT: |-
+        - add 10.0.1.0/24 via 10.0.0.2
+        - add 10.0.2.0/24 via 10.0.0.3
+    ROUTES_EXIT: |-
+        - del 10.0.1.0/24
+        - del 10.0.2.0/24
+    NAT4_IFACES: |-
+        - eth0
+        - eth1
+    PRE_INIT_HOOK: config_init.sh
+    PRE_INIT_HOOK_0: "Hello"
+    PRE_INIT_HOOK_1: "World"
+    PRE_INIT_HOOK_2: "!"
+    PRE_EXIT_HOOK: config_exit.sh
+    PRE_EXIT_HOOK_0: "Goodbye"
+```
+
+## Getting started
+### Build dependencies
+- golang
+
+### Runtime dependencies
+- iproute2
+- iptables
+
+### Build
+Run `go build`
+
+### Docker
+- The container requires the `NET_ADMIN` capability;
+
+This can be done in `docker-compose.yaml` by defining the following for the service:
+
+```yaml
+cap_add:
+    - NET_ADMIN
+```
+
+## Author
+Louis Royer
+
+## License
+MIT

go.mod

@@ -0,0 +1,3 @@
+module github.com/louisroyer/docker-setup
+
+go 1.19

main.go

@@ -0,0 +1,31 @@
+package main
+
+import (
+	"log"
+	"os"
+	"os/signal"
+	"syscall"
+
+	setup "github.com/louisroyer/docker-setup/runtime"
+)
+
+// Initialize signals handling
+func initSignals(conf setup.Conf) {
+	cancelChan := make(chan os.Signal, 1)
+	signal.Notify(cancelChan, syscall.SIGTERM, syscall.SIGINT)
+	func(_ os.Signal) {}(<-cancelChan)
+	conf.RunExitHooks()
+	os.Exit(0)
+}
+
+// Print the configuration, then startup
+func main() {
+	log.SetPrefix("[docker-setup]")
+	conf := setup.NewConf()
+	conf.Log()
+	go initSignals(conf)
+	conf.RunInitHooks()
+	if !conf.Oneshot() {
+		select {}
+	}
+}

runtime/conf.go

@@ -0,0 +1,98 @@
+package setup
+
+import (
+	"fmt"
+	"log"
+	"os"
+)
+
+// Configuration
+type Conf struct {
+	hooksList map[string]Hook
+	oneshot   bool
+}
+
+// Create a new configuration from env variables
+func NewConf() Conf {
+	conf := Conf{
+		hooksList: make(map[string]Hook, 0),
+	}
+	conf.AddHooks()
+	conf.AddUserHooks("pre", "PRE")
+	conf.AddUserHooks("post", "POST")
+	conf.oneshot = false
+	if oneshot, isset := os.LookupEnv("ONESHOT"); isset && oneshot == "true" {
+		conf.oneshot = true
+	}
+	return conf
+}
+
+// Return true if Oneshot is set
+func (conf Conf) Oneshot() bool {
+	return conf.oneshot
+}
+
+// Run exit hooks
+func (conf Conf) RunExitHooks() {
+	conf.RunExitHook("pre")
+	conf.RunExitHook("nat4")
+	conf.RunExitHook("iproute")
+	conf.RunExitHook("post")
+}
+
+// Run init hooks
+func (conf Conf) RunInitHooks() {
+	conf.RunInitHook("pre")
+	conf.RunInitHook("iproute")
+	conf.RunInitHook("nat4")
+	conf.RunInitHook("post")
+}
+
+// Add a new hook to the configuration
+func (conf Conf) AddUserHooks(name string, env string) {
+	conf.hooksList[name] = NewUserHooks(
+		fmt.Sprintf("%s init", name), fmt.Sprintf("%s_INIT_HOOK", env),
+		fmt.Sprintf("%s exit", name), fmt.Sprintf("%s_EXIT_HOOK", env))
+}
+
+// Add default hooks
+func (conf Conf) AddHooks() {
+	conf.hooksList["iproute"] = NewIPRouteHooks(
+		"iproute init", "ROUTES_INIT",
+		"iproute exit", "ROUTES_EXIT")
+	conf.hooksList["nat4"] = NewNat4Hooks()
+}
+
+// Run an init hook
+func (conf Conf) RunInitHook(name string) {
+	if conf.hooksList[name] != nil {
+		if err := conf.hooksList[name].RunInit(); err != nil {
+			log.Printf("Error while running %s init hook: %s", name, err)
+		}
+	}
+}
+
+// Run an exit hook
+func (conf Conf) RunExitHook(name string) {
+	if conf.hooksList[name] != nil {
+		if err := conf.hooksList[name].RunExit(); err != nil {
+			log.Printf("Error while running %s exit hook: %s", name, err)
+		}
+	}
+}
+
+// Log the configuration
+func (conf Conf) Log() {
+	log.Println("Current configuration:")
+	if conf.oneshot {
+		log.Printf("\t- mode oneshot is enabled")
+	} else {
+		log.Printf("\t- mode oneshot is disabled")
+	}
+	for _, h := range conf.hooksList {
+		for _, s := range h.String() {
+			log.Printf("\t- %s\n", s)
+		}
+	}
+
+}

runtime/hook.go

@@ -0,0 +1,42 @@
+package setup
+
+// init & exit hooks iface
+type Hook interface {
+	String() []string
+	RunInit() error
+	RunExit() error
+}
+
+// init or exit hook iface
+type HookSingle interface {
+	String() []string
+	Run() error
+}
+
+// init & exit hooks
+type HookMulti struct {
+	init HookSingle
+	exit HookSingle
+}
+
+// Returns hooks info
+func (hooks HookMulti) String() []string {
+	r := []string{}
+	for _, i := range hooks.init.String() {
+		r = append(r, i)
+	}
+	for _, i := range hooks.exit.String() {
+		r = append(r, i)
+	}
+	return r
+}
+
+// Runs init hook
+func (hooks HookMulti) RunInit() error {
+	return hooks.init.Run()
+}
+
+// Runs exit hook
+func (hooks HookMulti) RunExit() error {
+	return hooks.exit.Run()
+}

runtime/iproutehook.go

@@ -0,0 +1,79 @@
+package setup
+
+import (
+	"fmt"
+	"os"
+	"os/exec"
+	"strings"
+)
+
+// Runs iptables
+func runIPRoute(args ...string) error {
+	r := []string{"route"}
+	r = append(r, args...)
+	cmd := exec.Command("ip", r...)
+	return cmd.Run()
+}
+
+// Create init & exit hooks
+func NewIPRouteHooks(nameInit string, envInit string, nameExit string, envExit string) HookMulti {
+	return HookMulti{
+		init: NewIPRouteHook(nameInit, envInit),
+		exit: NewIPRouteHook(nameExit, envExit),
+	}
+}
+
+// IP Route Hook
+type IPRouteHook struct {
+	name   string // name of the hook
+	env    string // environment variable
+	isset  bool   // false when no cmd is set
+	routes [][]string
+}
+
+// Create an IP Route Hook
+func NewIPRouteHook(name string, env string) IPRouteHook {
+	hook := IPRouteHook{
+		name: name,
+		env:  env,
+	}
+	if ifaces, ok := os.LookupEnv(hook.env); !ok {
+		hook.isset = false
+	} else {
+		rl := strings.Split(ifaces, "\n")
+
+		hook.routes = make([][]string, len(rl))
+		for i, route := range rl {
+			hook.routes[i] = strings.Split(strings.TrimSpace(strings.TrimLeft(strings.TrimSpace(route), "-")), " ")
+		}
+		hook.isset = true
+	}
+	return hook
+}
+
+// Run the hook if it is set
+func (hook IPRouteHook) Run() error {
+	for _, r := range hook.routes {
+		r = append(r, "proto", "static")
+		if err := runIPRoute(r...); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// Returns hook information in an human format
+func (hook IPRouteHook) String() []string {
+	r := []string{}
+	if !hook.isset {
+		return []string{fmt.Sprintf("%s hook ($%s) is not set.", hook.name, hook.env)}
+	}
+	for i, route := range hook.routes {
+		args := ""
+		for _, cmd := range route {
+			args += fmt.Sprintf(", %s", cmd)
+		}
+		r = append(r, fmt.Sprintf("%s #%d hook is set with : [ip, route%s, proto, static]", hook.name, i, args))
+	}
+	return r
+}