dockerd: Add firewall independent dependencies
Signed-off-by: Gerard Ryan <G.M0N3Y.2503@gmail.com>
This commit is contained in:
parent
34c77110f1
commit
1f96ec16ec
|
@ -1,3 +1,10 @@
|
||||||
|
config DOCKER_CHECK_CONFIG
|
||||||
|
bool "Installs check-config.sh with dependencies"
|
||||||
|
default n
|
||||||
|
depends on PACKAGE_dockerd
|
||||||
|
select PACKAGE_bash
|
||||||
|
select PACKAGE_kmod-ikconfig
|
||||||
|
|
||||||
# These options are mostly specified by https://github.com/moby/moby/blob/master/contrib/check-config.sh
|
# These options are mostly specified by https://github.com/moby/moby/blob/master/contrib/check-config.sh
|
||||||
|
|
||||||
config DOCKER_CGROUP_OPTIONS
|
config DOCKER_CGROUP_OPTIONS
|
||||||
|
@ -61,6 +68,11 @@ endmenu
|
||||||
menu "Storage"
|
menu "Storage"
|
||||||
depends on PACKAGE_dockerd
|
depends on PACKAGE_dockerd
|
||||||
|
|
||||||
|
config DOCKER_STO_DEVMAPPER
|
||||||
|
bool "Enables support for devmapper snapshotting"
|
||||||
|
default n
|
||||||
|
select PACKAGE_libdevmapper
|
||||||
|
|
||||||
config DOCKER_STO_EXT4
|
config DOCKER_STO_EXT4
|
||||||
bool "Enables support for ext3 or ext4 as the backing filesystem"
|
bool "Enables support for ext3 or ext4 as the backing filesystem"
|
||||||
default n
|
default n
|
||||||
|
@ -71,4 +83,5 @@ menu "Storage"
|
||||||
bool "Enables support for btrfs as the backing filesystem"
|
bool "Enables support for btrfs as the backing filesystem"
|
||||||
default n
|
default n
|
||||||
select KERNEL_BTRFS_FS_POSIX_ACL
|
select KERNEL_BTRFS_FS_POSIX_ACL
|
||||||
|
select PACKAGE_btrfs-progs
|
||||||
endmenu
|
endmenu
|
||||||
|
|
|
@ -34,22 +34,20 @@ define Package/dockerd
|
||||||
TITLE:=Docker Community Edition Daemon
|
TITLE:=Docker Community Edition Daemon
|
||||||
URL:=https://www.docker.com/
|
URL:=https://www.docker.com/
|
||||||
DEPENDS:=$(GO_ARCH_DEPENDS) \
|
DEPENDS:=$(GO_ARCH_DEPENDS) \
|
||||||
+btrfs-progs \
|
|
||||||
+ca-certificates \
|
+ca-certificates \
|
||||||
+containerd \
|
+containerd \
|
||||||
+iptables-legacy \
|
+iptables \
|
||||||
+iptables-mod-extra \
|
+iptables-mod-extra \
|
||||||
+iptables-mod-nat-extra \
|
+IPV6:ip6tables \
|
||||||
|
+IPV6:kmod-ipt-nat6 \
|
||||||
+KERNEL_SECCOMP:libseccomp \
|
+KERNEL_SECCOMP:libseccomp \
|
||||||
+kmod-br-netfilter \
|
+kmod-ipt-nat \
|
||||||
+kmod-ikconfig \
|
+kmod-ipt-physdev \
|
||||||
+kmod-nf-conntrack-netlink \
|
|
||||||
+kmod-nf-ipvs \
|
+kmod-nf-ipvs \
|
||||||
+kmod-nf-nat \
|
|
||||||
+kmod-veth \
|
+kmod-veth \
|
||||||
+libdevmapper \
|
|
||||||
+libnetwork \
|
+libnetwork \
|
||||||
+tini
|
+tini \
|
||||||
|
+uci-firewall
|
||||||
USERID:=docker:docker
|
USERID:=docker:docker
|
||||||
MENU:=1
|
MENU:=1
|
||||||
endef
|
endef
|
||||||
|
@ -146,8 +144,11 @@ define Package/dockerd/install
|
||||||
$(INSTALL_BIN) $(PKG_BUILD_DIR)/bundles/binary-daemon/dockerd $(1)/usr/bin/
|
$(INSTALL_BIN) $(PKG_BUILD_DIR)/bundles/binary-daemon/dockerd $(1)/usr/bin/
|
||||||
|
|
||||||
$(INSTALL_DIR) $(1)/opt/docker/
|
$(INSTALL_DIR) $(1)/opt/docker/
|
||||||
|
|
||||||
|
ifeq ($(CONFIG_DOCKER_CHECK_CONFIG),y)
|
||||||
$(INSTALL_DIR) $(1)/usr/share/docker/
|
$(INSTALL_DIR) $(1)/usr/share/docker/
|
||||||
$(INSTALL_BIN) $(PKG_BUILD_DIR)/contrib/check-config.sh $(1)/usr/share/docker/
|
$(INSTALL_BIN) $(PKG_BUILD_DIR)/contrib/check-config.sh $(1)/usr/share/docker/
|
||||||
|
endif
|
||||||
|
|
||||||
$(INSTALL_DIR) $(1)/etc/init.d
|
$(INSTALL_DIR) $(1)/etc/init.d
|
||||||
$(INSTALL_BIN) ./files/dockerd.init $(1)/etc/init.d/dockerd
|
$(INSTALL_BIN) ./files/dockerd.init $(1)/etc/init.d/dockerd
|
||||||
|
|
|
@ -21,8 +21,15 @@ config globals 'globals'
|
||||||
# list registry_mirrors 'https://<my-docker-mirror-host>'
|
# list registry_mirrors 'https://<my-docker-mirror-host>'
|
||||||
# list registry_mirrors 'https://hub.docker.com'
|
# list registry_mirrors 'https://hub.docker.com'
|
||||||
|
|
||||||
# Docker ignores fw3 rules and by default all external source IPs are allowed to connect to the Docker host.
|
# Docker doesn't work well out of the box with fw4. This is because Docker relies on a compatibility layer that
|
||||||
|
# naively translates iptables rules. For the best compatibility replace the following dependencies:
|
||||||
|
# `firewall4` -> `firewall`
|
||||||
|
# `iptables-nft` -> `iptables-legacy`
|
||||||
|
# `ip6tables-nft` -> `ip6tables-legacy`
|
||||||
|
|
||||||
|
# Docker undermines the fw3 rules. By default all external source IPs are allowed to connect to the Docker host.
|
||||||
# See https://docs.docker.com/network/iptables/ for more details.
|
# See https://docs.docker.com/network/iptables/ for more details.
|
||||||
|
|
||||||
# firewall config changes are only additive i.e firewall will need to be restarted first to clear old changes,
|
# firewall config changes are only additive i.e firewall will need to be restarted first to clear old changes,
|
||||||
# then docker restarted to load in new changes.
|
# then docker restarted to load in new changes.
|
||||||
config firewall 'firewall'
|
config firewall 'firewall'
|
||||||
|
|
Loading…
Reference in New Issue