mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 10:18:54 +00:00
d656cd54f6
Didn't catch this in code review. These are run on customer's systems and can't possibly source our shared script.
50 lines
1.8 KiB
Bash
Executable File
50 lines
1.8 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
set -euo pipefail
|
|
|
|
TARGET_IMAGE="ghcr.io/firezone/gateway:1"
|
|
|
|
CURRENTLY_RUNNING=$(docker ps --format "{{.Names}} {{.Image}}" | grep -e "$TARGET_IMAGE" | awk '{print $1}')
|
|
if [ "$CURRENTLY_RUNNING" == "" ]; then
|
|
echo "No Firezone gateway found running on this system. Exiting."
|
|
exit 1
|
|
fi
|
|
|
|
echo "Pulling latest image..."
|
|
docker pull "$TARGET_IMAGE" >/dev/null
|
|
echo "Checking for containers to upgrade..."
|
|
for RUNNING_CONTAINER in $CURRENTLY_RUNNING; do
|
|
LATEST=$(docker inspect --format "{{.Id}}" "$TARGET_IMAGE")
|
|
RUNNING=$(docker inspect --format "{{.Image}}" "$RUNNING_CONTAINER")
|
|
RUNNING_NAME=$(docker inspect --format "{{.Name}}" "$RUNNING_CONTAINER" | sed 's~/~~g')
|
|
|
|
# Upgrade if necessary
|
|
if [ "$RUNNING" != "$LATEST" ]; then
|
|
echo -n "Upgrading gateway..."
|
|
docker container inspect "$RUNNING_CONTAINER" --format '{{join .Config.Env "\n"}}' | grep -v "PATH" >variables.env
|
|
docker stop "$RUNNING_CONTAINER" >/dev/null
|
|
docker rm -f "$RUNNING_CONTAINER" >/dev/null
|
|
docker run -d \
|
|
--restart=unless-stopped \
|
|
--pull=always \
|
|
--health-cmd="ip link | grep tun-firezone" \
|
|
--name="$RUNNING_NAME" \
|
|
--cap-add=NET_ADMIN \
|
|
--volume /var/lib/firezone \
|
|
--env-file variables.env \
|
|
--sysctl net.ipv4.ip_forward=1 \
|
|
--sysctl net.ipv4.conf.all.src_valid_mark=1 \
|
|
--sysctl net.ipv6.conf.all.disable_ipv6=0 \
|
|
--sysctl net.ipv6.conf.all.forwarding=1 \
|
|
--sysctl net.ipv6.conf.default.forwarding=1 \
|
|
--device="/dev/net/tun:/dev/net/tun" \
|
|
"$TARGET_IMAGE"
|
|
rm variables.env
|
|
echo "Container upgraded"
|
|
else
|
|
echo "Gateway is already up to date"
|
|
fi
|
|
done
|
|
|
|
echo "Done!"
|