PNArchives/Memoh
1
0
Fork 0
mirror of https://github.com/memohai/Memoh.git synced 2026-04-27 07:16:19 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
a5099e04d4f36319450258453605056013a1651a
Memoh/docker/server-entrypoint.sh
T
BBQ 7730096696 fix(containerd): restore CNI MASQUERADE after container restart (#167) 
cni.Remove() failure on stale iptables state blocked the retry
cni.Setup(), leaving bot containers without SNAT/MASQUERADE.

- Ignore cni.Remove() error so retry Setup always runs
- Add global MASQUERADE rule in entrypoints as belt-and-suspenders

Closes #161
2026-03-03 16:00:46 +08:00

75 lines
2.3 KiB
Bash
Raw Blame History

#!/bin/sh
set -e
MCP_IMAGE="${MCP_IMAGE:-docker.io/library/memoh-mcp:latest}"
# ---- Ensure IP forwarding and subnet MASQUERADE for CNI ----
sysctl -w net.ipv4.ip_forward=1 2>/dev/null || true
iptables -t nat -C POSTROUTING -s 10.88.0.0/16 ! -o cni0 -j MASQUERADE 2>/dev/null || \
iptables -t nat -A POSTROUTING -s 10.88.0.0/16 ! -o cni0 -j MASQUERADE 2>/dev/null || true
# ---- Setup cgroup v2 delegation for nested containerd ----
if [ -f /sys/fs/cgroup/cgroup.controllers ]; then
echo "Setting up cgroup v2 delegation..."
mkdir -p /sys/fs/cgroup/init
# Move existing processes out of root cgroup to allow subtree control
while read -r pid; do
echo "$pid" > /sys/fs/cgroup/init/cgroup.procs 2>/dev/null || true
done < /sys/fs/cgroup/cgroup.procs
# Enable all available controllers for subtree delegation
sed -e 's/ / +/g' -e 's/^/+/' < /sys/fs/cgroup/cgroup.controllers \
> /sys/fs/cgroup/cgroup.subtree_control 2>/dev/null || true
fi
# ---- Start containerd in background ----
mkdir -p /run/containerd
containerd &
CONTAINERD_PID=$!
echo "Waiting for containerd..."
for i in $(seq 1 30); do
if ctr version >/dev/null 2>&1; then
break
fi
sleep 1
done
if ! ctr version >/dev/null 2>&1; then
echo "ERROR: containerd not responsive after 30s"
exit 1
fi
echo "containerd is running (pid $CONTAINERD_PID)"
# ---- Import MCP image if not already present ----
if ! ctr -n default images check "name==${MCP_IMAGE}" 2>/dev/null | grep -q "${MCP_IMAGE}"; then
echo "Importing MCP image into containerd..."
for tar in /opt/images/*.tar; do
if [ -f "$tar" ]; then
ctr -n default images import --all-platforms "$tar" 2>&1 || true
fi
done
if ctr -n default images check "name==${MCP_IMAGE}" 2>/dev/null | grep -q "${MCP_IMAGE}"; then
echo "MCP image ready: ${MCP_IMAGE}"
else
echo "WARNING: MCP image not available after import, will try pull at runtime"
fi
else
echo "MCP image already present: ${MCP_IMAGE}"
fi
echo "containerd is ready, starting memoh-server..."
# ---- Start server (foreground, trap signals for graceful shutdown) ----
trap 'echo "Shutting down..."; kill $SERVER_PID 2>/dev/null; kill $CONTAINERD_PID 2>/dev/null; wait' TERM INT
/app/memoh-server serve &
SERVER_PID=$!
wait $SERVER_PID
EXIT_CODE=$?
kill $CONTAINERD_PID 2>/dev/null || true
wait $CONTAINERD_PID 2>/dev/null || true
exit $EXIT_CODE
Reference in New Issue View Git Blame Copy Permalink