-
Notifications
You must be signed in to change notification settings - Fork 18
/
LXC-DOCKER-OPEN-CONFIG.sh
257 lines (235 loc) · 4.77 KB
/
LXC-DOCKER-OPEN-CONFIG.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
#!/bin/bash
FILE=$1
[ -f "$FILE" ] || {
echo "Provide a config file as argument"
exit
}
write=false
if [ "$2" = "-w" ]; then
write=true
fi
CONFIGS_ON="
CONFIG_NAMESPACES
CONFIG_MULTIUSER
CONFIG_NET
CONFIG_NET_NS
CONFIG_PID_NS
CONFIG_POSIX_MQUEUE
CONFIG_IPC_NS
CONFIG_UTS_NS
CONFIG_CGROUPS
CONFIG_SCHED_AUTOGROUP
CONFIG_CGROUP_CPUACCT
CONFIG_CGROUP_DEVICE
CONFIG_CGROUP_FREEZER
CONFIG_CGROUP_SCHED
CONFIG_DEBUG_BLK_CGROUP
CONFIG_NETFILTER_XT_MATCH_BPF
CONFIG_CPUSETS
CONFIG_MEMCG
CONFIG_KEYS
CONFIG_NETDEVICES
CONFIG_NET_CORE
CONFIG_VETH
CONFIG_IPV6
CONFIG_IP6_NF_NAT
CONFIG_IP6_NF_TARGET_MASQUERADE
CONFIG_BRIDGE
CONFIG_NETFILTER
CONFIG_INET
CONFIG_NETFILTER_ADVANCED
CONFIG_BRIDGE_NETFILTER
CONFIG_IP_NF_FILTER
CONFIG_IP_NF_IPTABLES
CONFIG_IP_NF_NAT
CONFIG_IP_NF_TARGET_MASQUERADE
CONFIG_NETFILTER_XTABLES
CONFIG_NETFILTER_XT_MATCH_ADDRTYPE
CONFIG_NETFILTER_XT_MATCH_CONNTRACK
CONFIG_NF_CONNTRACK
CONFIG_NETFILTER_XT_MATCH_IPVS
CONFIG_IP_VS
CONFIG_NETFILTER_XT_MARK
CONFIG_NF_NAT
CONFIG_POSIX_MQUEUE
CONFIG_NF_NAT_IPV6
CONFIG_NF_NAT_IPV4
CONFIG_NF_CONNTRACK_IPV4
CONFIG_NF_CONNTRACK_IPV6
CONFIG_NF_NAT_NEEDED
CONFIG_BPF
CONFIG_CGROUP_BPF
CONFIG_BPF_SYSCALL
CONFIG_USER_NS
CONFIG_SECCOMP
CONFIG_SECCOMP_FILTER
CONFIG_CGROUP_PIDS
CONFIG_CGROUP_DEBUG
CONFIG_SWAP
CONFIG_MEMCG_SWAP
CONFIG_MEMCG_SWAP_ENABLED
CONFIG_BLOCK
CONFIG_IOSCHED_CFQ
CONFIG_BLK_CGROUP
CONFIG_CFQ_GROUP_IOSCHED
CONFIG_BLK_DEV_THROTTLING
CONFIG_PERF_EVENTS
CONFIG_CGROUP_PERF
CONFIG_HUGETLBFS
CONFIG_HUGETLB_PAGE
CONFIG_CGROUP_HUGETLB
CONFIG_NET_SCHED
CONFIG_NET_CLS_CGROUP
CONFIG_CGROUP_NET_PRIO
CONFIG_FAIR_GROUP_SCHED
CONFIG_!SCHED_WALT
CONFIG_RT_GROUP_SCHED
CONFIG_IP_NF_TARGET_REDIRECT
CONFIG_IP_VS_NFCT
CONFIG_IP_VS_PROTO_TCP
CONFIG_IP_VS_PROTO_UDP
CONFIG_IP_VS_RR
CONFIG_SECURITY
CONFIG_SECURITY_SELINUX
CONFIG_SECURITY_APPARMOR
CONFIG_EXT3_FS
CONFIG_EXT3_FS_POSIX_ACL
CONFIG_EXT3_FS_SECURITY
CONFIG_EXT4_FS
CONFIG_EXT4_FS_POSIX_ACL
CONFIG_EXT4_FS_SECURITY
CONFIG_VXLAN
CONFIG_BRIDGE
CONFIG_BRIDGE_VLAN_FILTERING
CONFIG_VLAN_8021Q
CONFIG_CRYPTO
CONFIG_CRYPTO_AEAD
CONFIG_CRYPTO_GCM
CONFIG_CRYPTO_SEQIV
CONFIG_CRYPTO_GHASH
CONFIG_CHECKPOINT_RESTORE
CONFIG_XFRM
CONFIG_XFRM_USER
CONFIG_XFRM_ALGO
CONFIG_INET_ESP
CONFIG_INET_XFRM_MODE_TRANSPORT
CONFIG_IPVLAN
CONFIG_MACVLAN
CONFIG_NET_L3_MASTER_DEV
CONFIG_DUMMY
CONFIG_NF_NAT_FTP
CONFIG_NF_CONNTRACK_FTP
CONFIG_NF_NAT_TFTP
CONFIG_NF_CONNTRACK_TFTP
CONFIG_AUFS_FS
CONFIG_BTRFS_FS
CONFIG_BTRFS_FS_POSIX_ACL
CONFIG_MD
CONFIG_BLK_DEV_DM
CONFIG_DM_THIN_PROVISIONING
CONFIG_OVERLAY_FS
CONFIG_PACKET
CONFIG_PACKET_DIAG
CONFIG_NETLINK_DIAG
CONFIG_FHANDLE
CONFIG_UNIX
CONFIG_UNIX_DIAG
CONFIG_NETFILTER_XT_TARGET_CHECKSUM
CONFIG_CFS_BANDWIDTH
"
CONFIGS_OFF="
CONFIG_ANDROID_PARANOID_NETWORK
"
CONFIGS_EQ="
"
ered() {
echo -e "\033[31m" $@
}
egreen() {
echo -e "\033[32m" $@
}
ewhite() {
echo -e "\033[37m" $@
}
echo -e "\n\nChecking config file for https://github.com/wu17481748/lxc-docker specific config options.\n\n"
errors=0
fixes=0
for c in $CONFIGS_ON $CONFIGS_OFF;do
cnt=`grep -w -c $c $FILE`
if [ $cnt -gt 1 ];then
ered "$c appears more than once in the config file, fix this"
errors=$((errors+1))
fi
if [ $cnt -eq 0 ];then
if $write ; then
ewhite "Creating $c"
echo "# $c is not set" >> "$FILE"
fixes=$((fixes+1))
else
ered "$c is neither enabled nor disabled in the config file"
errors=$((errors+1))
fi
fi
done
for c in $CONFIGS_ON;do
if grep "$c=y\|$c=m" "$FILE" >/dev/null;then
egreen "$c is already set"
else
if $write ; then
ewhite "Setting $c"
sed -i "s,# $c is not set,$c=y," "$FILE"
fixes=$((fixes+1))
else
ered "$c is not set, set it"
errors=$((errors+1))
fi
fi
done
for c in $CONFIGS_EQ;do
lhs=$(awk -F= '{ print $1 }' <(echo $c))
rhs=$(awk -F= '{ print $2 }' <(echo $c))
if grep "^$c" "$FILE" >/dev/null;then
egreen "$c is already set correctly."
continue
elif grep "^$lhs" "$FILE" >/dev/null;then
cur=$(awk -F= '{ print $2 }' <(grep "$lhs" "$FILE"))
ered "$lhs is set, but to $cur not $rhs."
if $write ; then
egreen "Setting $c correctly"
sed -i 's,^'"$lhs"'.*,# '"$lhs"' was '"$cur"'\n'"$c"',' "$FILE"
fixes=$((fixes+1))
fi
else
if $write ; then
ewhite "Setting $c"
echo "$c" >> "$FILE"
fixes=$((fixes+1))
else
ered "$c is not set"
errors=$((errors+1))
fi
fi
done
for c in $CONFIGS_OFF;do
if grep "$c=y\|$c=m" "$FILE" >/dev/null;then
if $write ; then
ewhite "Unsetting $c"
sed -i "s,$c=.*,# $c is not set," $FILE
fixes=$((fixes+1))
else
ered "$c is set, unset it"
errors=$((errors+1))
fi
else
egreen "$c is already unset"
fi
done
if [ $errors -eq 0 ];then
egreen "\n\nConfig file checked, found no errors.\n\n"
else
ered "\n\nConfig file checked, found $errors errors that I did not fix.\n\n"
fi
if [ $fixes -gt 0 ];then
egreen "开启docker-lxc配置 $fixes 项.\n\n"
fi
ewhite " "