feat: add logging to Docker and iptables operations, fix iptables path
continuous-integration/drone/push Build is passing
continuous-integration/drone/push Build is passing
- Create /var/log/network-go directory in Dockerfile for log storage - Add comprehensive logging to Docker client creation, network management, and container operations - Add logging to iptables rule management (list, delete, etc.) - Fix iptables executable path resolution in deleteMatchingLinesInContainer to use configured binary path
This commit is contained in:
gyurix
+34
-20
@@ -2,7 +2,6 @@ package main
|
||||
|
||||
import (
|
||||
"context"
|
||||
"log"
|
||||
"os"
|
||||
"os/signal"
|
||||
"syscall"
|
||||
@@ -12,21 +11,24 @@ import (
|
||||
"firewall_containers/network-go/docker"
|
||||
"firewall_containers/network-go/firewall"
|
||||
"firewall_containers/network-go/iptables"
|
||||
"firewall_containers/network-go/logger"
|
||||
"firewall_containers/network-go/watcher"
|
||||
)
|
||||
|
||||
// Config path - can be overridden via environment variable
|
||||
const defaultConfigPath = "/etc/user/config/networks.json"
|
||||
|
||||
// Log path - can be overridden via environment variable
|
||||
const defaultLogPath = "/var/log/network-go/network-go.log"
|
||||
|
||||
// Watch period - can be overridden via environment variable
|
||||
const defaultWatchPeriod = 30 * time.Second
|
||||
|
||||
func getConfigPath() string {
|
||||
path := os.Getenv("NETWORKS_CONFIG_PATH")
|
||||
if path == "" {
|
||||
return defaultConfigPath
|
||||
func getEnv(key, defaultVal string) string {
|
||||
if val := os.Getenv(key); val != "" {
|
||||
return val
|
||||
}
|
||||
return path
|
||||
return defaultVal
|
||||
}
|
||||
|
||||
func getWatchPeriod() time.Duration {
|
||||
@@ -36,7 +38,7 @@ func getWatchPeriod() time.Duration {
|
||||
}
|
||||
seconds, err := time.ParseDuration(periodStr + "s")
|
||||
if err != nil {
|
||||
log.Printf("MAIN: invalid WATCH_PERIOD_SECONDS=%s, using default %s", periodStr, defaultWatchPeriod)
|
||||
logger.Warn("MAIN: invalid WATCH_PERIOD_SECONDS=%s, using default %s", periodStr, defaultWatchPeriod)
|
||||
return defaultWatchPeriod
|
||||
}
|
||||
return seconds
|
||||
@@ -47,34 +49,44 @@ func getDebug() bool {
|
||||
}
|
||||
|
||||
func main() {
|
||||
log.SetFlags(log.Ldate | log.Ltime | log.Lshortfile)
|
||||
log.Println("MAIN: starting network-go firewall container manager")
|
||||
|
||||
configPath := getConfigPath()
|
||||
configPath := getEnv("NETWORKS_CONFIG_PATH", defaultConfigPath)
|
||||
logPath := getEnv("NETWORK_GO_LOG_PATH", defaultLogPath)
|
||||
watchPeriod := getWatchPeriod()
|
||||
debug := getDebug()
|
||||
|
||||
log.Printf("MAIN: config path = %s", configPath)
|
||||
log.Printf("MAIN: watch period = %s", watchPeriod)
|
||||
log.Printf("MAIN: debug = %v", debug)
|
||||
// Initialize the dual-output logger (stdout + file)
|
||||
log := logger.NewLogger(debug, logPath)
|
||||
logger.SetDefault(log)
|
||||
|
||||
log.Info("MAIN: starting network-go firewall container manager")
|
||||
log.Info("MAIN: config path = %s", configPath)
|
||||
log.Info("MAIN: log path = %s", logPath)
|
||||
log.Info("MAIN: watch period = %s", watchPeriod)
|
||||
log.Info("MAIN: debug = %v", debug)
|
||||
|
||||
// Create Docker client (uses DOCKER_HOST env var automatically)
|
||||
dockerClient, err := docker.NewClient()
|
||||
if err != nil {
|
||||
log.Fatalf("MAIN: failed to create Docker client: %v", err)
|
||||
log.Error("MAIN: failed to create Docker client: %v", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
defer dockerClient.Close()
|
||||
log.Info("MAIN: Docker client created")
|
||||
|
||||
// Create iptables manager
|
||||
iptablesMgr := iptables.NewManager(debug)
|
||||
log.Info("MAIN: iptables manager created (binary=%s)", iptablesMgr.Binary())
|
||||
|
||||
ctx := context.Background()
|
||||
|
||||
// Load initial config
|
||||
cfg, err := config.Load(configPath)
|
||||
if err != nil {
|
||||
log.Fatalf("MAIN: failed to load initial config: %v", err)
|
||||
log.Error("MAIN: failed to load initial config: %v", err)
|
||||
os.Exit(1)
|
||||
}
|
||||
log.Info("MAIN: config loaded: %d networks, %d IPs, %d policies",
|
||||
len(cfg.Networks), len(cfg.IPs), len(cfg.Policies))
|
||||
|
||||
// Create the firewall orchestrator (needs config for resolver)
|
||||
orchestrator := firewall.NewOrchestrator(dockerClient, iptablesMgr, cfg)
|
||||
@@ -84,12 +96,14 @@ func main() {
|
||||
|
||||
// Set up file watcher to detect changes and re-reconcile
|
||||
onChange := func() {
|
||||
log.Println("MAIN: config file change detected, reloading and reconciling")
|
||||
log.Info("MAIN: config file change detected, reloading and reconciling")
|
||||
newCfg, err := config.Load(configPath)
|
||||
if err != nil {
|
||||
log.Printf("MAIN: failed to reload config: %v", err)
|
||||
log.Error("MAIN: failed to reload config: %v", err)
|
||||
return
|
||||
}
|
||||
log.Info("MAIN: config reloaded: %d networks, %d IPs, %d policies",
|
||||
len(newCfg.Networks), len(newCfg.IPs), len(newCfg.Policies))
|
||||
orchestrator.ReconcileAll(ctx, newCfg)
|
||||
}
|
||||
|
||||
@@ -101,7 +115,7 @@ func main() {
|
||||
signal.Notify(sigCh, syscall.SIGINT, syscall.SIGTERM)
|
||||
|
||||
sig := <-sigCh
|
||||
log.Printf("MAIN: received signal %v, shutting down", sig)
|
||||
log.Info("MAIN: received signal %v, shutting down", sig)
|
||||
fileWatcher.Stop()
|
||||
log.Println("MAIN: shutdown complete")
|
||||
log.Info("MAIN: shutdown complete")
|
||||
}
|
||||
Reference in New Issue
Block a user