github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 18:18:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
4e61ba95821aea37b915cce2cae832fba92bbf9b
firezone/scripts/gateway-docker-upgrade.sh
Jamil cf13e41e01 fix(gateway/docker): Handle missing gateway_id (#8534) 
If the volume was not mapped correctly, or the install command was
modified, it's possible this file could be missing, which would fail the
upgrade script.

This gracefully handles that edge case.

See https://firezonehq.slack.com/archives/C069H865MHP/p1743128008276809
2025-03-28 04:28:24 +00:00

70 lines
2.8 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set -eu
TARGET_IMAGE="ghcr.io/firezone/gateway:1"
CURRENTLY_RUNNING=$(docker ps --format "{{.Names}} {{.Image}}" | grep -e "$TARGET_IMAGE" | awk '{print $1}')
if [ "$CURRENTLY_RUNNING" == "" ]; then
echo "No Firezone gateway found running on this system. Exiting."
exit 1
fi
echo "Pulling latest image..."
docker pull "$TARGET_IMAGE" >/dev/null
echo "Checking for containers to upgrade..."
for RUNNING_CONTAINER in $CURRENTLY_RUNNING; do
LATEST=$(docker inspect --format "{{.Id}}" "$TARGET_IMAGE")
RUNNING=$(docker inspect --format "{{.Image}}" "$RUNNING_CONTAINER")
RUNNING_NAME=$(docker inspect --format "{{.Name}}" "$RUNNING_CONTAINER" | sed 's~/~~g')
# Upgrade if necessary
if [ "$RUNNING" != "$LATEST" ]; then
echo -n "Upgrading gateway..."
# Extract the environment variables from the running container
docker container inspect "$RUNNING_CONTAINER" --format '{{join .Config.Env "\n"}}' | grep -v "PATH" >variables.env
# Due to issues like https://github.com/firezone/firezone/issues/8471 we prefer to use the FIREZONE_ID
# env var instead of volume-mapped id files on all deployment methods. This attempts to migrate the
# FIREZONE_ID from the running container and set it as an env var in the new container.
FILE_FIREZONE_ID=$(docker exec "$RUNNING_CONTAINER" /bin/sh -c "cat /var/lib/firezone/gateway_id 2>/dev/null | tr -d '\n' || true")
if [ -n "$FILE_FIREZONE_ID" ]; then
# Replace FIREZONE_ID in variables.env if variables.env contains FIREZONE_ID
if grep -q "^FIREZONE_ID=" variables.env; then
sed -i "s/FIREZONE_ID=.*/FIREZONE_ID=$FILE_FIREZONE_ID/" variables.env
else
echo "FIREZONE_ID=$FILE_FIREZONE_ID" >>variables.env
fi
else
# Generate a new FIREZONE_ID if not found
if ! grep -q "^FIREZONE_ID=" variables.env; then
echo "FIREZONE_ID=$(uuidgen)" >>variables.env
fi
fi
docker stop "$RUNNING_CONTAINER" >/dev/null
docker rm -f "$RUNNING_CONTAINER" >/dev/null
docker run -d \
--restart=unless-stopped \
--pull=always \
--health-cmd="ip link | grep tun-firezone" \
--name="$RUNNING_NAME" \
--cap-add=NET_ADMIN \
--env-file variables.env \
--sysctl net.ipv4.ip_forward=1 \
--sysctl net.ipv4.conf.all.src_valid_mark=1 \
--sysctl net.ipv6.conf.all.disable_ipv6=0 \
--sysctl net.ipv6.conf.all.forwarding=1 \
--sysctl net.ipv6.conf.default.forwarding=1 \
--device="/dev/net/tun:/dev/net/tun" \
"$TARGET_IMAGE"
rm variables.env
echo "Container upgraded"
else
echo "Gateway is already up to date"
fi
done
echo "Done!"
Reference in New Issue View Git Blame Copy Permalink