LibrePortal/scripts/network/ip/ip_allocation.sh
librelad d23ad87246 fix(network): correct adoptDockerSubnet comment + guard ipAllocation double-INSERT
Two latent issues uncovered while designing network-drift detection:

- adoptDockerSubnet's comment claimed apps' IPs stay inside docker's
  subnet after adoption. False: IPs are pinned to the old subnet's first
  three octets, so adopting a different /24 base strands every app IP
  out-of-subnet. Document the real behaviour + the heal paths.

- ipAllocation fell through from the existing-row branch to the
  unconditional INSERT, which would violate UNIQUE(app,type,service).
  Unreachable on today's reset path (rows are deleted first) but a hazard
  for any direct caller; add an explicit return after reuse/reset.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-02 15:52:55 +01:00

59 lines
2.2 KiB
Bash
Executable File

#!/bin/bash
ipAllocation()
{
local app_name="$1"
local service_name="$2"
if [[ -z "$app_name" ]]; then
isError "App name is required for IP allocation"
allocated_ip=""
fi
# Already-allocated IP for this app+service.
local existing_ip
existing_ip=$(sqlite3 "$docker_dir/$db_file" \
"SELECT resource_value FROM network_resources \
WHERE app_name='$app_name' AND resource_type='ip' \
AND service_name='$service_name' AND status='active' LIMIT 1;" 2>/dev/null)
if [[ -n "$existing_ip" ]]; then
if [[ "$LIBREPORTAL_RESET_NETWORK" == "1" ]]; then
ipFindAvailable
if [[ -z "$available_ip" ]]; then
isError "No available IP addresses in pool"
allocated_ip="$existing_ip"
return 1
fi
sqlite3 "$docker_dir/$db_file" \
"UPDATE network_resources \
SET resource_value='$available_ip', created_time=CURRENT_TIME \
WHERE app_name='$app_name' AND resource_type='ip' AND service_name='$service_name';" 2>/dev/null
isNotice "Reset IP for $app_name/$service_name: $existing_ip$available_ip"
allocated_ip="$available_ip"
else
allocated_ip="$existing_ip"
fi
# An active row already exists for this app+service — reused or reset in
# place above. Don't fall through to the INSERT below: that second write
# would violate UNIQUE(app_name,resource_type,service_name).
return 0
fi
ipFindAvailable
if [[ -z "$available_ip" ]]; then
isError "No available IP addresses in pool"
allocated_ip=""
fi
local sql="INSERT INTO network_resources (app_name, resource_type, resource_value, service_name, status, created_date, created_time) VALUES ('$app_name', 'ip', '$available_ip', '$service_name', 'active', CURRENT_DATE, CURRENT_TIME);"
sqlite3 "$docker_dir/$db_file" "$sql" 2>/dev/null
if [[ $? -eq 0 ]]; then
isSuccessful "Allocated IP: $app_name/$service_name$available_ip"
allocated_ip="$available_ip"
else
isError "Failed to allocate IP for $app_name/$service_name"
allocated_ip=""
fi
}