LibrePortal/scripts/checks/requirements/check_docker_network.sh
librelad d23ad87246 fix(network): correct adoptDockerSubnet comment + guard ipAllocation double-INSERT
Two latent issues uncovered while designing network-drift detection:

- adoptDockerSubnet's comment claimed apps' IPs stay inside docker's
  subnet after adoption. False: IPs are pinned to the old subnet's first
  three octets, so adopting a different /24 base strands every app IP
  out-of-subnet. Document the real behaviour + the heal paths.

- ipAllocation fell through from the existing-row branch to the
  unconditional INSERT, which would violate UNIQUE(app,type,service).
  Unreachable on today's reset path (rows are deleted first) but a hazard
  for any direct caller; add an explicit return after reuse/reset.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-02 15:52:55 +01:00

55 lines
2.3 KiB
Bash
Executable File

#!/bin/bash
# CFG↔docker subnet adoption: if the docker network already exists with a
# different subnet than CFG, treat docker's value as the truth and update CFG.
# This realigns CFG ONLY — it does NOT touch already-allocated per-app IPs.
# Because IPs are pinned to the first three octets of the old subnet
# (ipFindAvailable), adopting a different /24 base strands every existing app
# IP outside docker's real subnet. Those apps need re-IPing from the corrected
# subnet: automatically via the network-drift detector + `libreportal system
# network heal`, or manually per app via `libreportal app install <name>
# --reset-network` (fresh compose + fresh IPs through the idempotent install).
adoptDockerSubnet()
{
local current_subnet="$1"
[[ -z "$current_subnet" ]] && return 0
updateConfigOption "CFG_NETWORK_SUBNET" "$current_subnet"
CFG_NETWORK_SUBNET="$current_subnet"
isSuccessful "Adopted docker's subnet into CFG: $current_subnet"
}
checkDockerNetworkRequirement()
{
if [[ $CFG_REQUIREMENT_DOCKER_NETWORK == "true" ]]; then
if [[ $CFG_DOCKER_INSTALL_TYPE == "rootless" ]]; then
if dockerCommandRun "docker network inspect $CFG_NETWORK_NAME > /dev/null 2>&1"; then
local current_subnet=$(dockerCommandRun "docker network inspect $CFG_NETWORK_NAME --format '{{range .IPAM.Config}}{{.Subnet}}{{end}}' 2>/dev/null")
if [[ "$current_subnet" == "$CFG_NETWORK_SUBNET" ]]; then
isSuccessful "Docker Network $CFG_NETWORK_NAME exists with matching subnet"
else
adoptDockerSubnet "$current_subnet"
fi
else
isNotice "Docker Network $CFG_NETWORK_NAME not found."
DOCKER_NETWORK_SETUP_NEEDED="true"
((preinstallneeded++))
fi
elif [[ $CFG_DOCKER_INSTALL_TYPE == "rooted" ]]; then
if runFileOp docker network inspect $CFG_NETWORK_NAME > /dev/null 2>&1; then
local current_subnet=$(runFileOp docker network inspect $CFG_NETWORK_NAME --format '{{range .IPAM.Config}}{{.Subnet}}{{end}}' 2>/dev/null)
if [[ "$current_subnet" == "$CFG_NETWORK_SUBNET" ]]; then
isSuccessful "Docker Network $CFG_NETWORK_NAME exists with matching subnet"
else
adoptDockerSubnet "$current_subnet"
fi
else
isNotice "Docker Network $CFG_NETWORK_NAME not found."
DOCKER_NETWORK_SETUP_NEEDED="true"
((preinstallneeded++))
fi
fi
fi
}