From bb6de0c22a5a73d190a64969f583a658af325007 Mon Sep 17 00:00:00 2001 From: lunardunno <126363523+lunardunno@users.noreply.github.com> Date: Tue, 18 Mar 2025 19:06:33 +0400 Subject: [PATCH] Implementing podman support (#867) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Đ•nable podman.socket Disabling message: Emulate Docker CLI using podman. Check which containerization application will be installed. The default value for the verification service is set to docker Add creation of aliases for podman for users with sudo Removing AmneziaVPN aliases for podman-docker when cleaning the server. Docker version with sudo for podman Creating systemd service to autostart container when the server is rebooted, when using podman-docker Clearing server for podman and removing container for podman --- client/server_scripts/awg/run_container.sh | 7 ++++++- client/server_scripts/build_container.sh | 17 +++++++++++++++ client/server_scripts/install_docker.sh | 21 +++++++++++++++---- .../server_scripts/remove_all_containers.sh | 4 ++++ client/server_scripts/remove_container.sh | 4 ++++ 5 files changed, 48 insertions(+), 5 deletions(-) diff --git a/client/server_scripts/awg/run_container.sh b/client/server_scripts/awg/run_container.sh index af2a1e17..47f41a40 100644 --- a/client/server_scripts/awg/run_container.sh +++ b/client/server_scripts/awg/run_container.sh @@ -11,8 +11,13 @@ sudo docker run -d \ --name $CONTAINER_NAME \ $CONTAINER_NAME +# Create service for podman +if [ -n "$(sudo docker --version 2>/dev/null | grep podman)" ]; then \ + sudo sh -c "podman generate systemd --restart-policy=always -t 1 --name $CONTAINER_NAME 2>/dev/null > $DOCKERFILE_FOLDER/container-$CONTAINER_NAME.service";\ + sudo sh -c "systemctl enable --now $DOCKERFILE_FOLDER/container-$CONTAINER_NAME.service && docker update --restart no $CONTAINER_NAME > /dev/null";\ +fi + sudo docker network connect amnezia-dns-net $CONTAINER_NAME # Prevent to route packets outside of the container in case if server behind of the NAT #sudo docker exec -i $CONTAINER_NAME sh -c "ifconfig eth0:0 $SERVER_IP_ADDRESS netmask 255.255.255.255 up" - diff --git a/client/server_scripts/build_container.sh b/client/server_scripts/build_container.sh index b996237f..c8e6b527 100644 --- a/client/server_scripts/build_container.sh +++ b/client/server_scripts/build_container.sh @@ -1 +1,18 @@ +if [ -n "$(sudo docker --version 2>/dev/null | grep podman)" ]; then sudo sh -c "\ + test -d /var/cache/containers || mkdir -m 700 -p /var/cache/containers;\ + test -f /var/cache/containers/short-name-aliases.conf || chmod 600 /var/cache/containers/short-name-aliases.conf>>/var/cache/containers/short-name-aliases.conf;\ + grep -q '\[aliases\]' /var/cache/containers/short-name-aliases.conf || echo '[aliases]' >> /var/cache/containers/short-name-aliases.conf;\ + grep -q ' # Amnezia start' /var/cache/containers/short-name-aliases.conf || printf '%s\n' \ + ' # Amnezia start' \ + ' \"3proxy/3proxy\" = \"docker.io/3proxy/3proxy\"' \ + ' \"amneziavpn/amnezia-wg\" = \"docker.io/amneziavpn/amnezia-wg\"' \ + ' \"amneziavpn/amneziawg-go\" = \"docker.io/amneziavpn/amneziawg-go\"' \ + ' \"amneziavpn/ipsec-server\" = \"docker.io/amneziavpn/ipsec-server\"' \ + ' \"amneziavpn/torpress\" = \"docker.io/amneziavpn/torpress\"' \ + ' \"atmoz/sftp\" = \"docker.io/atmoz/sftp\"' \ + ' \"mvance/unbound\" = \"docker.io/mvance/unbound\"' \ + ' \"alpine\" = \"docker.io/library/alpine\"' \ + ' # Amnezia finish' \ + >> /var/cache/containers/short-name-aliases.conf";\ +fi;\ sudo docker build --no-cache --pull -t $CONTAINER_NAME $DOCKERFILE_FOLDER diff --git a/client/server_scripts/install_docker.sh b/client/server_scripts/install_docker.sh index 2a9cba93..50125125 100644 --- a/client/server_scripts/install_docker.sh +++ b/client/server_scripts/install_docker.sh @@ -10,15 +10,28 @@ if ! command -v sudo > /dev/null 2>&1; then $pm $check_pkgs; $pm $silent_inst su if ! command -v fuser > /dev/null 2>&1; then sudo $pm $check_pkgs; sudo $pm $silent_inst psmisc; fi;\ if ! command -v lsof > /dev/null 2>&1; then sudo $pm $check_pkgs; sudo $pm $silent_inst lsof; fi;\ if ! command -v docker > /dev/null 2>&1; then \ - sudo $pm $check_pkgs; sudo $pm $silent_inst $docker_pkg;\ - sleep 5; sudo systemctl enable --now $check_srv; sleep 5;\ + sudo $pm $check_pkgs;\ + if [ -n "$(sudo $pm $wh_pkg $docker_pkg 2>/dev/null | grep moby-engine)" ]; \ + then echo "Docker is not supported"; exit 1;\ + else sudo $pm $silent_inst $docker_pkg;\ + fi;\ + if [ -n "$(sudo docker --version 2>/dev/null | grep podman)" ]; then docker_pkg="podman-docker"; check_srv="podman.socket podman";\ + if [ -n "$(sudo docker --version 2>&1 | grep /etc/containers/nodocker)" ]; then sudo touch /etc/containers/nodocker; fi;\ + fi;\ + sleep 5; sudo systemctl enable --now $check_srv 2>/dev/null; sleep 5;\ +fi;\ +if [ -n "$(sudo docker --version 2>&1 | grep moby-engine)" ]; then echo "Docker is not supported"; exit 1;\ +elif [ -n "$(sudo docker --version 2>&1 | grep podman)" ]; then check_srv="podman.socket podman"; docker_pkg="podman-docker";\ + if [ -n "$(sudo docker --version 2>&1 | grep /etc/containers/nodocker)" ]; then sudo touch /etc/containers/nodocker; fi;\ fi;\ if [ "$(cat /sys/module/apparmor/parameters/enabled 2>/dev/null)" = "Y" ]; then \ if ! command -v apparmor_parser > /dev/null 2>&1; then sudo $pm $check_pkgs; sudo $pm $silent_inst apparmor; fi;\ fi;\ -if [ "$(systemctl is-active $check_srv)" != "active" ]; then \ +if [ "$(systemctl is-active $check_srv | head -n1)" != "active" ]; then \ sudo $pm $check_pkgs; sudo $pm $silent_inst $docker_pkg;\ sleep 5; sudo systemctl start $check_srv; sleep 5;\ - if [ "$(systemctl is-active $check_srv)" != "active" ]; then echo "Failed docker status"; fi;\ + if [ "$(systemctl is-active $check_srv | head -n1)" != "active" ]; then echo "Failed docker status"; fi;\ fi;\ sudo docker --version + +# To allow autoinstallation of podman-docker, remove ' || [ -n "$(sudo $pm $wh_pkg $docker_pkg 2>/dev/null | grep podman-docker)" ]' and ' || [ -n "$(sudo docker --version 2>&1 | grep podman)" ]' diff --git a/client/server_scripts/remove_all_containers.sh b/client/server_scripts/remove_all_containers.sh index ce706f80..aed7cf9d 100644 --- a/client/server_scripts/remove_all_containers.sh +++ b/client/server_scripts/remove_all_containers.sh @@ -1,4 +1,8 @@ sudo docker ps -a | grep amnezia | awk '{print $1}' | xargs sudo docker stop;\ +sudo docker --version 2>/dev/null | grep -q podman && \ + sudo systemctl list-units | grep amnezia | awk '{print $1}' | xargs sudo systemctl disable --now && \ + sudo systemctl daemon-reload && sudo systemctl reset-failed && \ + sudo sed -i '/^ # Amnezia start/,/^ # Amnezia finish$/d' /var/cache/containers/short-name-aliases.conf;\ sudo docker ps -a | grep amnezia | awk '{print $1}' | xargs sudo docker rm -fv;\ sudo docker images -a | grep amnezia | awk '{print $3}' | xargs sudo docker rmi;\ sudo docker network ls | grep amnezia-dns-net | awk '{print $1}' | xargs sudo docker network rm;\ diff --git a/client/server_scripts/remove_container.sh b/client/server_scripts/remove_container.sh index 3e894e8f..3048b218 100644 --- a/client/server_scripts/remove_container.sh +++ b/client/server_scripts/remove_container.sh @@ -1,3 +1,7 @@ sudo docker stop $CONTAINER_NAME;\ +sudo docker --version 2>/dev/null | grep -q podman && \ + sudo systemctl disable --now container-$CONTAINER_NAME.service && \ + sudo systemctl daemon-reload && sudo systemctl reset-failed && \ + sudo rm -f $DOCKERFILE_FOLDER/container-$CONTAINER_NAME.service;\ sudo docker rm -fv $CONTAINER_NAME;\ sudo docker rmi $CONTAINER_NAME