openwrt docker配置daemon不生效

引用

issues: https://github.com/lisaac/luci-app-dockerman/issues/172

这个luci-app-dockerman会生成daemon.json，在/tmp/dockerd/daemon.json，你改默认的/etc/docker/daemon.json没用，启动时会使用--config-file指定tmp目录下的那个daemon.json，看/etc/init.d/dockerd里面的启动脚本发现，process_configuration里面他会判断/etc/config/dockerd配置文件是否存在，不存在则使用默认的(/etc/docker/daemon.json)，所以为了让dockerd使用我们的daemon.json，把/etc/config/dockerd删掉或者备份到另一个位置，那么启动时会使用/etc/config/daemon.json，在/etc/cofnig/daemon.json里面指定才会生效

"proxies": {
       "http-proxy": "http://example.com:8848",
       "https-proxy": "http://example.com:8848",
       "no-proxy": "127.0.0.0/8"
   },





# 解决

vi /etc/init.d/dockerd

找到process_config 方法 json_dump > "${DOCKERD_CONF}" 代码前 增加代码

```bash
# 将 log-driver 和 log-opts 添加到 JSON 配置中
	json_add_string "log-driver" "json-file"
	json_add_object "log-opts"
	json_add_string "max-size" "10k"
	json_add_string "max-file" "3"
	json_close_object

重启docker

/etc/init.d/dockerd restart

整个文件如下

#!/bin/sh /etc/rc.common

USE_PROCD=1
START=99

extra_command "uciadd" "<interface> <device> <zone> Add docker bridge configuration to network and firewall uci config"
extra_command "ucidel" "<interface> <device> <zone> Delete docker bridge configuration from network and firewall uci config"

DOCKER_CONF_DIR="/tmp/dockerd"
DOCKERD_CONF="${DOCKER_CONF_DIR}/daemon.json"

uci_quiet() {
	uci -q "${@}" >/dev/null
}

json_add_array_string() {
	json_add_string "" "${1}"
}

find_network_device() {
	local device="${1}"
	local device_section=""

	check_device() {
		local cfg="${1}"
		local device="${2}"

		local type name
		config_get type "${cfg}" type
		config_get name "${cfg}" name

		[ "${type}" = "bridge" ] && [ "${name}" = "${device}" ] \
			&& device_section="${cfg}"
	}

	config_load network
	config_foreach check_device device "${device}"

	echo "${device_section}"
}

boot() {
	uciadd
	rc_procd start_service
}

uciadd() {
	local iface="${1}"
	local device="${2}"
	local zone="${3}"

	[ -z "${iface}" ] && {
		iface="docker"
		device="docker0"
		zone="docker"
	}

	/etc/init.d/dockerd running && {
		echo "Please stop dockerd service first"
		exit 0
	}

	# Add network interface
	if ! uci_quiet get network.${iface}; then
		logger -t "dockerd-init" -p notice "Adding interface '${iface}' to network config"
		uci_quiet add network interface
		uci_quiet rename network.@interface[-1]="${iface}"
		uci_quiet set network.@interface[-1].device="${device}"
		uci_quiet set network.@interface[-1].proto="none"
		uci_quiet set network.@interface[-1].auto="0"
		uci_quiet commit network
	fi

	# Add docker bridge device
	if [ "$(find_network_device "$device")" = "" ]; then
		logger -t "dockerd-init" -p notice "Adding bridge device '${device}' to network config"
		uci_quiet add network device
		uci_quiet set network.@device[-1].type="bridge"
		uci_quiet set network.@device[-1].name="${device}"
		uci_quiet commit network
	else
		logger -t "dockerd-init" -p notice "Bridge device '${device}' already defined in network config"
	fi

	# Add firewall zone
	if ! uci_quiet get firewall.${zone}; then
		logger -t "dockerd-init" -p notice "Adding firewall zone '${zone}' to firewall config"
		uci_quiet add firewall zone
		uci_quiet rename firewall.@zone[-1]="${zone}"
		uci_quiet set firewall.@zone[-1].input="ACCEPT"
		uci_quiet set firewall.@zone[-1].output="ACCEPT"
		uci_quiet set firewall.@zone[-1].forward="ACCEPT"
		uci_quiet set firewall.@zone[-1].name="${zone}"
		uci_quiet commit firewall
	fi

	# Add interface to firewall zone
	if uci_quiet get firewall.${zone}; then
		uci_quiet del_list firewall.${zone}.network="${iface}"
		uci_quiet add_list firewall.${zone}.network="${iface}"
		uci_quiet commit firewall
	fi

	reload_config
}

ucidel() {
	local iface="${1}"
	local device="${2}"
	local zone="${3}"

	[ -z "${iface}" ] && {
		iface="docker"
		device="docker0"
		zone="docker"
	}

	/etc/init.d/dockerd running && {
		echo "Please stop dockerd service first"
		exit 0
	}

	# Remove network device
	if uci_quiet delete network.$(find_network_device "${device}"); then
		logger -t "dockerd-init" -p notice "Deleting bridge device '${device}' from network config"
		uci_quiet commit network
	fi

	# Remove network interface
	if uci_quiet get network.${iface}; then
		logger -t "dockerd-init" -p notice "Deleting interface '${iface}' from network config"
		uci_quiet delete network.${iface}
		uci_quiet commit network
	fi

	# Remove interface from firewall zone
	if uci_quiet get firewall.${zone}; then
		logger -t "dockerd-init" -p notice "Deleting network interface '${iface}' in zone '${zone}' from firewall config"
		uci_quiet del_list firewall.${zone}.network="${iface}"
		uci_quiet commit firewall
		# Remove Firewall zone if network is empty
		if ! uci_quiet get firewall.${zone}.network; then
			logger -t "dockerd-init" -p notice "Deleting firewall zone '${zone}' from firewall config"
			uci_quiet delete firewall.${zone}
		fi
		uci_quiet commit firewall
	fi

	reload_config
}

process_config() {
	local alt_config_file data_root log_level iptables bip

	[ -f /etc/config/dockerd ] || {
		# Use the daemon default configuration
		DOCKERD_CONF=""
		return 0
	}

	# reset configuration
	rm -fr "${DOCKER_CONF_DIR}"
	mkdir -p "${DOCKER_CONF_DIR}"

	config_load 'dockerd'
	config_get alt_config_file globals alt_config_file
	[ -n "${alt_config_file}" ] && [ -f "${alt_config_file}" ] && {
		ln -s "${alt_config_file}" "${DOCKERD_CONF}"
		return 0
	}

	config_get data_root globals data_root "/opt/docker/"
	config_get log_level globals log_level "warn"
	config_get_bool iptables globals iptables "1"

	# Don't add these options by default
	# omission == docker defaults
	config_get log_driver globals log_driver ""
	config_get bip globals bip ""
	config_get registry_mirrors globals registry_mirrors ""
	config_get hosts globals hosts ""
	config_get dns globals dns ""
	config_get_bool ipv6 globals ipv6 ""
	config_get ip globals ip ""
	config_get fixed_cidr globals fixed_cidr ""
	config_get fixed_cidr_v6 globals fixed_cidr_v6 ""

	. /usr/share/libubox/jshn.sh
	json_init
	json_add_string "data-root" "${data_root}"
	json_add_string "log-level" "${log_level}"
	json_add_boolean "iptables" "${iptables}"
	[ -z "${log_driver}" ] || json_add_string "log-driver" "${log_driver}"
	[ -z "${bip}" ] || json_add_string "bip" "${bip}"
	[ -z "${registry_mirrors}" ] || json_add_array "registry-mirrors"
	[ -z "${registry_mirrors}" ] || config_list_foreach globals registry_mirrors json_add_array_string
	[ -z "${registry_mirrors}" ] || json_close_array
	[ -z "${hosts}" ] || json_add_array "hosts"
	[ -z "${hosts}" ] || config_list_foreach globals hosts json_add_array_string
	[ -z "${hosts}" ] || json_close_array
	[ -z "${dns}" ] || json_add_array "dns"
	[ -z "${dns}" ] || config_list_foreach globals dns json_add_array_string
	[ -z "${dns}" ] || json_close_array
	[ -z "${ipv6}" ] || json_add_boolean "ipv6" "${ipv6}"
	[ -z "${ip}" ] || json_add_string "ip" "${ip}"
	[ -z "${fixed_cidr}" ] || json_add_string "fixed-cidr" "${fixed_cidr}"
	[ -z "${fixed_cidr_v6}" ] || json_add_string "fixed-cidr-v6" "${fixed_cidr_v6}"
	# 以下是新增的代码
	# 将 log-driver 和 log-opts 添加到 JSON 配置中
	json_add_string "log-driver" "json-file"
	json_add_object "log-opts"
	json_add_string "max-size" "10k"
	json_add_string "max-file" "3"
	json_close_object
	 # 以上是新增的代码
	json_dump > "${DOCKERD_CONF}"

	[ "${iptables}" -eq "1" ] && config_foreach iptables_add_blocking_rule firewall
}

start_service() {
	local nofile=$(cat /proc/sys/fs/nr_open)

	process_config

	procd_open_instance
	procd_set_param stderr 1
	if [ -z "${DOCKERD_CONF}" ]; then
		procd_set_param command /usr/bin/dockerd
	else
		procd_set_param command /usr/bin/dockerd --config-file="${DOCKERD_CONF}"
	fi
	procd_set_param limits nofile="${nofile} ${nofile}"
	procd_close_instance
}

reload_service() {
	process_config
	procd_send_signal dockerd
}

service_triggers() {
	procd_add_reload_trigger 'dockerd'
}

iptables_add_blocking_rule() {
	local cfg="${1}"

	local device=""
	local extra_iptables_args=""

	handle_iptables_rule() {
		local interface="${1}"
		local outbound="${2}"
		local extra_iptables_args="${3}"

		local inbound=""

		. /lib/functions/network.sh
		network_get_physdev inbound "${interface}"

		[ -z "${inbound}" ] && {
			logger -t "dockerd-init" -p notice "Unable to get physical device for interface ${interface}"
			return
		}

		# Wait for a maximum of 10 second per command, retrying every millisecond
		local iptables_wait_args="--wait 10 --wait-interval 1000"

		# Ignore errors as it might already be present
		iptables ${iptables_wait_args} --table filter --new DOCKER-USER 2>/dev/null
		if ! iptables ${iptables_wait_args} --table filter --check DOCKER-USER --in-interface "${inbound}" --out-interface "${outbound}" ${extra_iptables_args} --jump REJECT 2>/dev/null; then
			logger -t "dockerd-init" -p notice "Drop traffic from ${inbound} to ${outbound}"
			iptables ${iptables_wait_args} --table filter --insert DOCKER-USER --in-interface "${inbound}" --out-interface "${outbound}" ${extra_iptables_args} --jump REJECT
		fi
	}

	config_get device "${cfg}" device

	[ -z "${device}" ] && {
		logger -t "dockerd-init" -p notice "No device configured for ${cfg}"
		return
	}

	config_get extra_iptables_args "${cfg}" extra_iptables_args
	config_list_foreach "${cfg}" blocked_interfaces handle_iptables_rule "${device}" "${extra_iptables_args}"
}

stop_service() {
	if /etc/init.d/dockerd running; then
		service_stop "/usr/bin/dockerd"
	fi
}