Closed lkollenberger closed 5 years ago
@lkollenberger Agreed.
Proposing doing it this way, since CMD is added to the ENTRYPOINT:
ARG OPTIONS
ENV OPTIONS ${OPTIONS}
...
COPY entrypoint.sh /
ENTRYPOINT ["/entrypoint.sh"]
CMD ${OPTIONS}
Please test it out to see if it covers your scenario and let me know. If it works, I'll push it out.
Hmm, I don't think passing the options as CMD is working, am I doing something wrong? This is my resulting Dockerfile
:
FROM alpine:latest
EXPOSE 53 53/udp
RUN apk --update upgrade && apk add bind
# /etc/bind needs to be owned by root, group owned by "bind", and chmod 750
# since we are mounting, do it manually
# NOTE: Per Dockerfile manual --> need to mkdir the mounted dir to chown
# &
# /var/bind needs to be owned by root, group owned by "bind", and chmod 770
# since we are mounting, do it manually
# NOTE: Per Dockerfile manual --> need to mkdir the mounted dir to chown
# &
# Get latest bind.keys
RUN mkdir -m 0770 -p /etc/bind && chown -R root:named /etc/bind ; \
mkdir -m 0770 -p /var/cache/bind && chown -R root:named /var/cache/bind ; \
wget -q -O /etc/bind/bind.keys https://ftp.isc.org/isc/bind9/keys/9.11/bind.keys.v9_11 ; \
rndc-confgen -a -r /dev/urandom
COPY configs/. /etc/bind/
# Mounts
# NOTE: Per Dockerfile manual -->
# "if any build steps change the data within the volume
# after it has been declared, those changes will be discarded."
VOLUME ["/etc/bind"]
VOLUME ["/var/cache/bind"]
ARG OPTIONS
ENV OPTIONS ${OPTIONS}
COPY entrypoint.sh /
ENTRYPOINT ["/entrypoint.sh"]
CMD ${OPTIONS}
As it is, it's doing nothing (the $OPTIONS
variable doesn't get passed to bind). I think that's because the CMD is not getting passed to bind on the entrypoint, so I tried adding "$@"
to the last line in that script. However, now bind doesn't even start, it's complaining about extra arguments:
root@crapserv:~# docker logs -f bind
usage: named [-4|-6] [-c conffile] [-d debuglevel] [-E engine] [-f|-g]
[-n number_of_cpus] [-p port] [-s] [-S sockets] [-t chrootdir]
[-u username] [-U listeners] [-m {usage|trace|record|size|mctx}]
usage: named [-v|-V]
Running a docker inspect bind
shows this:
"Env": [
"OPTIONS=-4",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/bin/sh",
"-c",
"${OPTIONS}"
],
"ArgsEscaped": true,
"WorkingDir": "",
"Entrypoint": [
"/entrypoint.sh"
],
So maybe the command line that runs named
ends up like exec /usr/sbin/named -c /etc/bind/named.conf -g -u named /bin/sh -c -4
which of course, is not valid.
Any ideas? For reference, this is my docker-compose:
version: "3"
services:
bind:
image: lkollenberger/bind:testing
container_name: bind
network_mode: host
volumes:
- "/data/configs/bind/etc_bind:/etc/bind"
- "/data/configs/bind/var_cache_bind:/var/cache/bind"
- "/data/configs/bind/var_log_named:/var/log/named"
environment:
- "OPTIONS=-4"
restart: unless-stopped
Thanks!
@lkollenberger Fixed by just passing the CMD arg list directly to the entrypoint.
Take a look at the latest release - just pushed it out.
So this allows you now to do (which will break, but just as a test):
docker run -it --rm ventz/bind -c /tmp/non-existent.conf
And you will see it passed + fail (since the config doesn't exist)
Ex:
% docker run -it --rm ventz/bind -c /tmp/blah.conf
19-Nov-2018 21:09:48.271 starting BIND 9.12.2-P1 <id:8914b83>
19-Nov-2018 21:09:48.271 running on Linux x86_64 4.9.93-linuxkit-aufs #1 SMP Wed Jun 6 16:55:56 UTC 2018
19-Nov-2018 21:09:48.271 built with '--build=x86_64-alpine-linux-musl' '--host=x86_64-alpine-linux-musl' '--prefix=/usr' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--with-openssl=/usr' '--enable-linux-caps' '--with-libxml2' '--with-libjson' '--enable-threads' '--enable-filter-aaaa' '--enable-ipv6' '--enable-shared' '--enable-static' '--with-libtool' '--with-randomdev=/dev/random' '--mandir=/usr/share/man' '--infodir=/usr/share/info' 'build_alias=x86_64-alpine-linux-musl' 'host_alias=x86_64-alpine-linux-musl' 'CC=gcc' 'CFLAGS=-Os -fomit-frame-pointer -D_GNU_SOURCE' 'LDFLAGS=-Wl,--as-needed' 'CPPFLAGS=-Os -fomit-frame-pointer'
19-Nov-2018 21:09:48.271 running as: named -c /etc/bind/named.conf -g -u named -c /tmp/blah.conf
19-Nov-2018 21:09:48.271 compiled by GCC 6.4.0
19-Nov-2018 21:09:48.271 compiled with OpenSSL version: LibreSSL 2.7.4
19-Nov-2018 21:09:48.271 linked to OpenSSL version: LibreSSL 2.7.4
19-Nov-2018 21:09:48.271 compiled with libxml2 version: 2.9.8
19-Nov-2018 21:09:48.271 linked to libxml2 version: 20908
19-Nov-2018 21:09:48.271 compiled with libjson-c version: 0.13.1
19-Nov-2018 21:09:48.271 linked to libjson-c version: 0.13.1
19-Nov-2018 21:09:48.271 compiled with zlib version: 1.2.11
19-Nov-2018 21:09:48.271 linked to zlib version: 1.2.11
19-Nov-2018 21:09:48.271 threads support is enabled
19-Nov-2018 21:09:48.271 ----------------------------------------------------
19-Nov-2018 21:09:48.271 BIND 9 is maintained by Internet Systems Consortium,
19-Nov-2018 21:09:48.271 Inc. (ISC), a non-profit 501(c)(3) public-benefit
19-Nov-2018 21:09:48.271 corporation. Support and training for BIND 9 are
19-Nov-2018 21:09:48.271 available at https://www.isc.org/support
19-Nov-2018 21:09:48.271 ----------------------------------------------------
19-Nov-2018 21:09:48.271 found 6 CPUs, using 6 worker threads
19-Nov-2018 21:09:48.271 using 5 UDP listeners per interface
19-Nov-2018 21:09:48.272 using up to 4096 sockets
19-Nov-2018 21:09:48.275 loading configuration from '/tmp/blah.conf'
19-Nov-2018 21:09:48.275 open: /tmp/blah.conf: file not found
19-Nov-2018 21:09:48.275 loading configuration: file not found
19-Nov-2018 21:09:48.275 exiting (due to fatal error)
^ Error as per design in this case
Probably I implemented it wrong but I'm still seeing this in my logs when the container starts:
using default UDP/IPv6 port range: [32768, 60999] listening on IPv6 interfaces, port 53
I'm running 9.12.2-P1 and have "-e OPTIONS=-4" set in the container startup command.
Thanks!
@pharz The commands after "ventz/bind" is what get passed to bind directly, so in your case, to disable ipv4, you would do:
docker run -it --rm ventz/bind -4
^ this is just to run it interactively -- you will want with "docker run -d ...", but you can see what I mean by this.
Let me know if this works for you.
Yes it does! Thank you so much.
Great!
It'd be awesome to have this feature, replicating the functionality of the
/etc/default/bind9
file in Debian/Ubuntu distros. It would be really useful for example for adding the-4
argument to bind in IPv4 only deployments.A way to do it would be adding
$OPTIONS
to the last line in/entrypoint.sh
.UPDATE from ventz (complete): Added arbitrary parameter passing to the
named
daemon. Everything passed "at the end" will be directly passed to named.For Ex: