From 880b371d2ca0677ac06c1f72a4f304eea893e191 Mon Sep 17 00:00:00 2001
From: Cyteen May <cyteen@ring-zero.co.uk>
Date: Fri, 28 Feb 2020 11:31:14 +0000
Subject: [PATCH] Fix jq and sed.

---
 020_docker.sh           | 201 ++++++++--------------------------------
 docker_daemon-writer.sh |  83 +++++++++++++++++
 2 files changed, 120 insertions(+), 164 deletions(-)
 create mode 100644 docker_daemon-writer.sh

diff --git a/020_docker.sh b/020_docker.sh
index 312f83e..ac548cc 100755
--- a/020_docker.sh
+++ b/020_docker.sh
@@ -39,16 +39,20 @@ apt-get install -y docker-ce docker-ce-cli containerd.io
 #umount /dev/mapper/vg_prime-varLibDockerLV 
 #mount /dev/mapper/vg_prime-varLibDockerLV /var/lib/docker
 
+## /etc/default/docker 
+## NB. We use the /etc/docker/daemon.json instead of this file. Options cannot be set in both.
 #bash -c 'perl -p -i -e "s/#DOCKER_RUN_OPTS=\"\"/DOCKER_RUN_OPTS=\"--restart=true\"/g"  /etc/default/docker'
-bash -c 'sed -i "s|DOCKER_RUN_OPTS=\"\(.*\)\"|DOCKER_RUN_OPTS=\"\1 --storage-driver=zfs\"|" /etc/default/docker'
-bash -c 'sed -i "s|DOCKER_RUN_OPTS=\"\(.*\)\"|DOCKER_RUN_OPTS=\"\1 --dns 52.174.55.168 --dns 188.165.200.156\"|" /etc/default/docker'
-bash -c 'sed -i "s|DOCKER_RUN_OPTS=\"\(.*\)\"|DOCKER_RUN_OPTS=\"\1 zfs.fsname=rpool/docker\"|" /etc/default/docker'
+#bash -c 'sed -i "s|DOCKER_RUN_OPTS=\"\(.*\)\"|DOCKER_RUN_OPTS=\"\1 --storage-driver=zfs\"|" /etc/default/docker'
+#bash -c 'sed -i "s|DOCKER_RUN_OPTS=\"\(.*\)\"|DOCKER_RUN_OPTS=\"\1 --dns 52.174.55.168 --dns 188.165.200.156\"|" /etc/default/docker'
+#bash -c 'sed -i "s|DOCKER_RUN_OPTS=\"\(.*\)\"|DOCKER_RUN_OPTS=\"\1 zfs.fsname=rpool/docker\"|" /etc/default/docker'
+bash -c " sed -i '/^DOCKER_RUN.*/    s/^/#/' /etc/default/docker"
 
-# enable buildkit builds
-bash -c 'sed -i "/^# Docker Upstart.*/ s/.*/&\nDOCKER_BUILDKIT=1/" /etc/default/docker'
-
-# i2p container requires ipv6 
-bash -c 'sed -i "s|DOCKER_RUN_OPTS=\"\(.*\)\"|DOCKER_RUN_OPTS=\"\1 --ipv6\"|" /etc/default/docker'
+# enable buildkit builds - done in /etc/docker/daemon.json below.
+# bash -c 'sed -i "/^# Docker Upstart.*/ s/.*/&\nDOCKER_BUILDKIT=1/" /etc/default/docker'
+bash -c " sed -i '/^DOCKER_BUILDKIT.*/    s/^/#/' /etc/default/docker"
+emon
+# i2p container requires ipv6  - done in /etc/docker/daemon.json below.
+#bash -c 'sed -i "s|DOCKER_RUN_OPTS=\"\(.*\)\"|DOCKER_RUN_OPTS=\"\1 --ipv6\"|" /etc/default/docker'
 
 # The above can also be passed in /etc/docker/daemon.json
 # For other options:
@@ -69,162 +73,31 @@ TLS_HOME=/var/docker
 
 ## Default configuration file on linux:
 ## /etc/docker/daemon.json
+# FIXME: remove the options in /etc/default/docker and use /etc/docker/daemon.json instead.
+# 
+# DOCKER_RUN_OPTS="
+#	--storage-driver=zfs 
+#	--dns 52.174.55.168 
+#	--dns 188.165.200.156 
+#	zfs.fsname=rpool/docker 
+#	--ipv6"
+
 # Note: You cannot set options in daemon.json that have already been set on daemon startup as 
 # a flag in /etc/default/docker the docker daemon will refuse to start.
 #
-## https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file
 ## This is a full example of the allowed configuration options on Linux:
-#{
-#	"authorization-plugins": [],
-#	"data-root": "",
-#	"dns": [],
-#	"dns-opts": [],
-#	"dns-search": [],
-#	"exec-opts": [],
-#	"exec-root": "",
-#	"experimental": false,
-#	"features": {},
-#	"storage-driver": "",
-#	"storage-opts": [],
-#	"labels": [],
-#	"live-restore": true,
-#	"log-driver": "json-file",
-#	"log-opts": {
-#		"max-size": "10m",
-#		"max-file":"5",
-#		"labels": "somelabel",
-#		"env": "os,customer"
-#	},
-#	"mtu": 0,
-#	"pidfile": "",
-#	"cluster-store": "",
-#	"cluster-store-opts": {},
-#	"cluster-advertise": "",
-#	"max-concurrent-downloads": 3,
-#	"max-concurrent-uploads": 5,
-#	"default-shm-size": "64M",
-#	"shutdown-timeout": 15,
-#	"debug": true,
-#	"hosts": [],
-#	"log-level": "",
-#	"tls": true,
-#	"tlsverify": true,
-#	"tlscacert": "",
-#	"tlscert": "",
-#	"tlskey": "",
-#	"swarm-default-advertise-addr": "",
-#	"api-cors-header": "",
-#	"selinux-enabled": false,
-#	"userns-remap": "",
-#	"group": "",
-#	"cgroup-parent": "",
-#	"default-ulimits": {
-#		"nofile": {
-#			"Name": "nofile",
-#			"Hard": 64000,
-#			"Soft": 64000
-#		}
-#	},
-#	"init": false,
-#	"init-path": "/usr/libexec/docker-init",
-#	"ipv6": false,
-#	"iptables": false,
-#	"ip-forward": false,
-#	"ip-masq": false,
-#	"userland-proxy": false,
-#	"userland-proxy-path": "/usr/libexec/docker-proxy",
-#	"ip": "0.0.0.0",
-#	"bridge": "",
-#	"bip": "",
-#	"fixed-cidr": "",
-#	"fixed-cidr-v6": "",
-#	"default-gateway": "",
-#	"default-gateway-v6": "",
-#	"icc": false,
-#	"raw-logs": false,
-#	"allow-nondistributable-artifacts": [],
-#	"registry-mirrors": [],
-#	"seccomp-profile": "",
-#	"insecure-registries": [],
-#	"no-new-privileges": false,
-#	"default-runtime": "runc",
-#	"oom-score-adjust": -500,
-#	"node-generic-resources": ["NVIDIA-GPU=UUID1", "NVIDIA-GPU=UUID2"],
-#	"runtimes": {
-#		"cc-runtime": {
-#			"path": "/usr/bin/cc-runtime"
-#		},
-#		"custom": {
-#			"path": "/usr/local/bin/my-runc-replacement",
-#			"runtimeArgs": [
-#				"--debug"
-#			]
-#		}
-#	},
-#	"default-address-pools":[
-#		{"base":"172.80.0.0/16","size":24},
-#		{"base":"172.90.0.0/16","size":24}
-#	]
-#}
+## https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file
+## See /var/tmp/automate/docker_daemon-writer.sh for complete jq example.
 
-#DOCKER_OPT[0]='.["dns"] = ["52.174.55.168","188.165.200.156"]'
-#DOCKER_OPT[1]='.["live-restore"] = true'
-#DOCKER_OPT[2]='.["storage-driver"] = "zfs"'
-#DOCKER_OPT[3]='.["storage-opts"] = ["zfs.fsname=rpool/docker"]'
-#DOCKER_OPT[4]='.["insecure-registries"] = ["soleine.lan:5000"]'
-#DOCKER_OPT[5]='.["hosts"] = ["fd://","unix:///var/run/docker.sock","tcp://0.0.0.0:2376"]'
-
-#DOCKER_OPT[6]='.["dns-opts"] = []'
-#DOCKER_OPT[7]='.["dns-search"] = []'
-#DOCKER_OPT[8]='.["userland-proxy"] = false'
-#DOCKER_OPT[9]='.["userns-remap"] = ""'
-#DOCKER_OPT[10]='.["api-cors-header"] = ""'
-#DOCKER_OPT[11]='.["authorization-plugins" = []'
-#DOCKER_OPT[12]='.["bip"] = ""'
-#DOCKER_OPT[13]='.["bridge"] = ""'
-#DOCKER_OPT[14]='.["cgroup-parent"] = ""'
-#DOCKER_OPT[15]='.["cluster-store"] = ""'
-#DOCKER_OPT[16]='.["cluster-store-opts"] = {}'
-#DOCKER_OPT[17]='.["cluster-advertise"] = ""'
-#DOCKER_OPT[18]='.["debug"] = true'
-#DOCKER_OPT[19]='.["default-gateway"] = ""'
-#DOCKER_OPT[20]='.["default-gateway-v6"] = ""'
-#DOCKER_OPT[21]='.["default-runtime"] = "runc"'
-#DOCKER_OPT[22]='.["disable-legacy-registry"] = false'
-#DOCKER_OPT[23]='.["exec-opts"] = []'
-#DOCKER_OPT[24]='.["exec-root"] = ""'
-#DOCKER_OPT[25]='.["fixed-cidr"] = ""'
-#DOCKER_OPT[26]='.["fixed-cidr-v6"] = ""'
-#DOCKER_OPT[27]='.["graph"] = ""'
-#DOCKER_OPT[28]='.["group"] = ""'
-#DOCKER_OPT[29]='.["hosts"] = ["tcp://192.168.59.3:2376"]'
-#DOCKER_OPT[30]='.["icc"] = true'
-#DOCKER_OPT[31]='.["ip"] = "0.0.0.0"'
-#DOCKER_OPT[32]='.["iptables"] = true'
-#DOCKER_OPT[33]='.["ipv6"] = false'
-#DOCKER_OPT[34]='.["ip-forward"] = false'
-#DOCKER_OPT[35]='.["ip-masq"] = false'
-#DOCKER_OPT[36]='.["labels"] = []'
-#DOCKER_OPT[37]='.["log-driver"] = ""'
-#DOCKER_OPT[38]='.["log-level"] = ""'
-#DOCKER_OPT[39]='.["log-opts"] = {}'
-#DOCKER_OPT[40]='.["max-concurrent-downloads"] = 3'
-#DOCKER_OPT[41]='.["max-concurrent-uploads"] = 5'
-#DOCKER_OPT[42]='.["mtu"] = 0'
-#DOCKER_OPT[43]='.["oom-score-adjust"] = -500'
-#DOCKER_OPT[44]='.["pidfile"] = ""'
-#DOCKER_OPT[45]='.["raw-logs"] = false'
-#DOCKER_OPT[46]='.["registry-mirrors"] = []'
-#DOCKER_OPT[47]='.["runtimes"] = {}'
-#DOCKER_OPT[48]='.["selinux-enabled"] = false'
-#DOCKER_OPT[49]='.["swarm-default-advertise-addr"] = ""'
-#DOCKER_OPT[50]='.["debug"] = true'
-#DOCKER_OPT[51]='.["tls"] = true'
-#DOCKER_OPT[52]='.["tlscacert"] = "/etc/docker/tls/ca.pem"'
-#DOCKER_OPT[53]='.["tlscert"] = "/etc/docker/tls/server.pem"'
-#DOCKER_OPT[54]='.["tlskey"] = "/etc/docker/tls/serverkey.pem"'
-#DOCKER_OPT[55]='.["tlsverify"] = true'
-#DOCKER_OPT[56]='.["shutdown-timeout"] = 15'
+declare -A DOCKER_OPT
+DOCKER_OPT[0]='.["dns"] = ["52.174.55.168","188.165.200.156"]'
+DOCKER_OPT[1]='.["live-restore"] = true'
+DOCKER_OPT[2]='.["storage-driver"] = "zfs"'
+DOCKER_OPT[3]='.["storage-opts"] = ["zfs.fsname=rpool/docker"]'
+DOCKER_OPT[4]='.["ipv6"] = false'
+DOCKER_OPT[5]='.["insecure-registries"] = ["soleine.lan:5000"]'
+DOCKER_OPT[6]='.["features"] = {"buildkit": true}'
+#DOCKER_OPT[7]='.["hosts"] = ["fd://","unix:///var/run/docker.sock","tcp://0.0.0.0:2376"]'
 
 mkdir -p ${TLS_HOME}
 ## Change the subj line to reflect you details for key generation and uncomment above to turn tls on.
@@ -234,11 +107,11 @@ mkdir -p ${TLS_HOME}
 #	-out ${TLS_HOME}/server.pem
 
 
-#for ((i = 0; i < ${#DOCKER_OPT[@]}; ++i)); do
-#	OPTION="${DOCKER_OPT[$i]}"
-#	jq "${OPTION}" /etc/docker/daemon.json > /tmp/daemon.json.new && \
-#		mv -b /tmp/daemon.json.new /etc/docker/daemon.json
-#done
+for ((i = 0; i < ${#DOCKER_OPT[@]}; ++i)); do
+	OPTION="${DOCKER_OPT[$i]}"
+	jq "${OPTION}" /etc/docker/daemon.json > /tmp/daemon.json.new && \
+		mv -b /tmp/daemon.json.new /etc/docker/daemon.json
+done
 
 # General options
 ## Adding a personal registry.
diff --git a/docker_daemon-writer.sh b/docker_daemon-writer.sh
new file mode 100644
index 0000000..27d81ad
--- /dev/null
+++ b/docker_daemon-writer.sh
@@ -0,0 +1,83 @@
+
+declare -A DOCKER_OPT
+
+DOCKER_OPT[1]='.["authorization-plugins"] = [] | .["data-root"] = ""' 
+DOCKER_OPT[2]='.["dns"] = ["52.174.55.168","188.165.200.156"]' 
+DOCKER_OPT[3]='.["dns-opts"] = []' 
+DOCKER_OPT[4]='.["dns-search"] = []' 
+DOCKER_OPT[5]='.["exec-opts"] = []' 
+DOCKER_OPT[6]='.["exec-root"] = ""' 
+DOCKER_OPT[7]='.["experimental"] = false' 
+DOCKER_OPT[8]='.["features"] = {}' 
+DOCKER_OPT[9]='.["storage-driver"] = "zfs"' 
+DOCKER_OPT[10]='.["storage-opts"] = ["zfs.fsname=rpool/docker"]'
+DOCKER_OPT[11]='.["labels"] = []'
+DOCKER_OPT[12]='.["live-restore"] = ["true"]'
+DOCKER_OPT[13]='.["log-driver"] = ""'
+DOCKER_OPT[14]='.["log-opts"] = {"max-size": "10m", "max-file": "5", "labels": "somelabel", "env": "os,customer"}'
+DOCKER_OPT[15]='.["mtu"] = 0'
+DOCKER_OPT[16]='.["pidfile"] = ""'
+DOCKER_OPT[17]='.["cluster-store"] = ""'
+DOCKER_OPT[18]='.["cluster-store-opts"] = {}'
+DOCKER_OPT[19]='.["cluster-advertise"] = ""'
+DOCKER_OPT[20]='.["max-concurrent-downloads"] = 3'
+DOCKER_OPT[21]='.["max-concurrent-uploads"] = 5'
+DOCKER_OPT[22]='.["default-shm-size"] = "64M"'
+DOCKER_OPT[23]='.["shutdown-timeout"] = 15'
+DOCKER_OPT[24]='.["debug"] = true'
+DOCKER_OPT[25]='.["hosts"] = ["tcp://192.168.59.3:2376"]'
+DOCKER_OPT[26]='.["log-level"] = ""'
+DOCKER_OPT[27]='.["tls"] = true'
+DOCKER_OPT[28]='.["tlsverify"] = true'
+DOCKER_OPT[29]='.["tlscacert"] = "/etc/docker/tls/ca.pem"'
+DOCKER_OPT[30]='.["tlscert"] = "/etc/docker/tls/server.pem"'
+DOCKER_OPT[31]='.["tlskey"] = "/etc/docker/tls/serverkey.pem"'
+DOCKER_OPT[32]='.["swarm-default-advertise-addr"] = ""'
+DOCKER_OPT[33]='.["api-cors-header"] = ""'
+DOCKER_OPT[34]='.["selinux-enabled"] = false'
+DOCKER_OPT[35]='.["userns-remap"] = ""'
+DOCKER_OPT[36]='.["group"] = ""'
+DOCKER_OPT[37]='.["cgroup-parent"] = ""'
+DOCKER_OPT[38]='.["default-ulimits"] = {"nofile": {"Name": "nofile","Hard": 64000, "Soft": 64000}}'
+DOCKER_OPT[39]='.["init"] = false'
+DOCKER_OPT[40]='.["init-path"] = "/usr/libexec/docker-init"'
+DOCKER_OPT[41]='.["ipv6"] = false'
+DOCKER_OPT[42]='.["iptables"] = true'
+DOCKER_OPT[43]='.["ip-forward"] = false'
+DOCKER_OPT[44]='.["ip-masq"] = false'
+DOCKER_OPT[45]='.["userland-proxy"] = false'
+DOCKER_OPT[46]='.["userland-proxy-path"] = "/usr/libexec/docker-proxy"'
+DOCKER_OPT[47]='.["ip"] = "0.0.0.0"'
+DOCKER_OPT[48]='.["bridge"] = ""'
+DOCKER_OPT[49]='.["bip"] = ""'
+DOCKER_OPT[50]='.["fixed-cidr"] = ""'
+DOCKER_OPT[51]='.["fixed-cidr-v6"] = ""'
+DOCKER_OPT[52]='.["default-gateway"] = ""'
+DOCKER_OPT[53]='.["default-gateway-v6"] = ""'
+DOCKER_OPT[54]='.["icc"] = true'
+DOCKER_OPT[55]='.["raw-logs"] = false'
+DOCKER_OPT[56]='.["allow-nondistributable-artifacts"] = []'
+DOCKER_OPT[57]='.["registry-mirrors"] = []'
+DOCKER_OPT[58]='.["seccomp-profile"] = ""'
+DOCKER_OPT[59]='.["insecure-registries"] = ["mydocker-registry.net:5000"]'
+DOCKER_OPT[60]='.["no-new-privileges"] = false'
+DOCKER_OPT[61]='.["default-runtime"] = "runc"'
+DOCKER_OPT[62]='.["oom-score-adjust"] = -500'
+DOCKER_OPT[63]='.["node-generic-resources"] = ["NVIDIA-GPU=UUID1", "NVIDIA_GPU=UUID2"]'
+DOCKER_OPT[64]='.["runtimes"] = {"cc-runtime": {"path": "/usr/bin/cc-runtime"},"custom": {"path": "usr/local/bin/my-runc-replacement", "runtimeArgs": ["--debug"]}}'
+DOCKER_OPT[65]='.["default-addresses-pools"] = [{"base":"172.80.0.0/16","size":24},{"base":"172.90.0.0/16","size":24}]'
+
+if [ ! -f /tmp/daemon.json ]
+then
+	touch /tmp/daemon.json
+	echo "{}" > /tmp/daemon.json
+else
+	echo "/tmp/daemon.json exists."
+fi
+
+
+for ((i = 0; i < ${#DOCKER_OPT[@]}; ++i)); do
+	OPTION="${DOCKER_OPT[$i]}"
+	jq "${OPTION}" /tmp/daemon.json > /tmp/daemon.json.new && \
+		mv -b /tmp/daemon.json.new /tmp/daemon.json
+done