Back out of simpler volume setup

commit: c18c0cd4ae4551ceeab2230a60c0e3c273722768 [log] [tgz]
author: Andy Bavier <acb@cs.princeton.edu> Thu Mar 10 09:25:49 2016 -0800
committer: Andy Bavier <acb@cs.princeton.edu> Thu Mar 10 09:25:49 2016 -0800
tree: 9d50270104f51414853144452954d1eebe8b8931
parent: 30d51daf0041a6e457fb5e70e917795fe1232119 [diff]
diff --git a/xos/synchronizers/vcpe/steps/sync_vcpetenant_vtn.yaml b/xos/synchronizers/vcpe/steps/sync_vcpetenant_vtn.yaml
index 180fe23..8143131 100644
--- a/xos/synchronizers/vcpe/steps/sync_vcpetenant_vtn.yaml
+++ b/xos/synchronizers/vcpe/steps/sync_vcpetenant_vtn.yaml

@@ -239,11 +239,13 @@
   - name: redirection rules for safe DNS
     template: src=/opt/xos/synchronizers/vcpe/templates/before.rules.j2 dest=/var/container_volumes/{{ container_name }}/etc/ufw/before.rules owner=root group=root mode=0644
     notify:
+    - copy in before.rules
     - reload ufw
 
   - name: base ufw setup uses /etc/rc.local
     template: src=/opt/xos/synchronizers/vcpe/templates/rc.local.j2 dest=/var/container_volumes/{{ container_name }}/etc/rc.local owner=root group=root mode=0755
     notify:
+    - copy in rc.local
     - rerun /etc/rc.local
 
   - name: create directory for local programs
@@ -276,6 +278,16 @@
     service: name={{ container_name }} state=started
 
   handlers:
+  # Use docker cp even though we have a single-file volume
+  # The reason is that changes to external file volume don't show up inside the container
+  # Probably Ansible deletes and then recreates the external file, and container has old version
+  # Do this handler first, e.g., before restarting the container
+  - name: copy in rc.local
+    shell: docker cp /var/container_volumes/{{ container_name }}/etc/rc.local {{ container_name }}:/etc/
+
+  - name: copy in before.rules
+    shell: docker cp /var/container_volumes/{{ container_name }}/etc/ufw/before.rules {{ container_name }}:/etc/ufw/
+
   # Dnsmasq is automatically restarted in the container
   - name: restart dnsmasq
     shell: docker exec {{ container_name }} killall dnsmasq

diff --git a/xos/synchronizers/vcpe/templates/start-vcpe-vtn.sh.j2 b/xos/synchronizers/vcpe/templates/start-vcpe-vtn.sh.j2
index a0c241e..1723174 100644
--- a/xos/synchronizers/vcpe/templates/start-vcpe-vtn.sh.j2
+++ b/xos/synchronizers/vcpe/templates/start-vcpe-vtn.sh.j2

@@ -17,7 +17,10 @@
 then
     docker pull andybavier/docker-vcpe
     docker run -d --name=$VCPE --privileged=true --net=none \
-    -v /var/container_volumes/$VCPE/etc/:/etc/ \
+    -v /var/container_volumes/$VCPE/etc/ufw/before.rules:/etc/ufw/before.rules:ro \
+    -v /var/container_volumes/$VCPE/etc/rc.local:/etc/rc.local:ro \
+    -v /var/container_volumes/$VCPE/etc/dnsmasq.d:/etc/dnsmasq.d:ro \
+    -v /var/container_volumes/$VCPE/etc/service:/etc/service \
     -v /var/container_volumes/$VCPE/usr/local/sbin:/usr/local/sbin:ro \
     andybavier/docker-vcpe
 else
commit	c18c0cd4ae4551ceeab2230a60c0e3c273722768	[log] [tgz]
author	Andy Bavier <acb@cs.princeton.edu>	Thu Mar 10 09:25:49 2016 -0800
committer	Andy Bavier <acb@cs.princeton.edu>	Thu Mar 10 09:25:49 2016 -0800
tree	9d50270104f51414853144452954d1eebe8b8931
parent	30d51daf0041a6e457fb5e70e917795fe1232119 [diff]