summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2017-06-29 09:14:50 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2017-06-29 09:21:06 +0000
commit6200fe310bc923404bf943a87f0fc75db054f2aa (patch)
treebca0304926ed0fd00c634db26c5641308a5b0fff
parentReleasing debian version 20170522-1. (diff)
downloadopen-infrastructure-compute-tools-6200fe310bc923404bf943a87f0fc75db054f2aa.tar.xz
open-infrastructure-compute-tools-6200fe310bc923404bf943a87f0fc75db054f2aa.zip
Merging upstream version 20170629.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--CHANGELOG.txt41
-rw-r--r--Makefile2
-rw-r--r--README.txt108
-rw-r--r--VERSION.txt2
-rwxr-xr-xbin/container-shell51
-rwxr-xr-xlib/container/auto7
-rwxr-xr-xlib/container/create12
-rwxr-xr-xlib/container/list14
-rwxr-xr-xlib/container/top113
-rw-r--r--share/bash-completion/container6
-rw-r--r--share/config/container.conf.in1
-rw-r--r--share/doc/HOST-SETUP.txt16
-rw-r--r--share/man/container-shell.1.txt33
-rw-r--r--share/man/container-top.1.txt75
-rw-r--r--share/man/container.1.txt3
-rwxr-xr-xshare/scripts/curl5
-rwxr-xr-xshare/scripts/debconf82
-rwxr-xr-xshare/scripts/debconf.d/0003-debconf40
-rwxr-xr-xshare/scripts/debootstrap5
19 files changed, 441 insertions, 175 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 21fda43..96c6c4e 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,3 +1,44 @@
+2017-06-29 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+
+ * Releasing version 20170629.
+
+ * Backward incompatible changes:
+ - container auto configuration in the [start] section to
+ entangle shared storage/automatically start at boot time
+ support:
+
+ old: cnt.auto=true
+
+ new: cnt.auto=true
+ cnt.container-server=${FQDN}
+
+ whereas ${FQDN} needs to be replaced with the actual hostname
+ of the container server.
+
+ [ Daniel Baumann ]
+ * Removing useless whitespace in debconf script.
+ * Correcting typo in systemd parts of the Makefile's uninstall target.
+
+ [ Nik Lutz ]
+ * Implementing postup/postdown for systemd-networkd by creating systemd units in /etc/systemd/system.
+
+ [ Daniel Baumann ]
+ * Dropping obsolete LTS archive definitions, thanks to Nik Lutz <nik@netstyle.ch>.
+ * Using allow-hotplug instead of allow in host-setup documentation.
+ * Removing net-tools from host-setup documentation, it is a direct depends of container-tools for the time being.
+ * Renaming cnt.auto to cnt.container-server in order to split functionality of 'binding container to a specific host system' from 'starting container at system boot'.
+ * Executing auto commands only when cnt.auto=true and cnt.container-server matches the current hostname.
+ * Adding CONTAINER_COMMANDS_ENABLE variable for container-shell to add support for allowing certain container commands for a specific container-shell invocation only.
+ * Adding CONTAINER_COMMANDS_DISABLE variable for container-shell to add support for disallowing certain container commands for a specific container-shell invocation only.
+ * Documenting usage of container-shell command restrictions in container-shell manpage.
+ * Using more systemd-ish status symbols in container list command.
+ * Adding new container top command.
+ * Adding new container top command manpage.
+ * Updating bash-completion for container top command.
+ * Adjusting container list outout for container top command.
+ * Harmonizing edition of container configuration file in debconf script.
+ * Allow cnt.auto=force-true to enforce startup of a locked container at system startup.
+
2017-05-22 Daniel Baumann <daniel.baumann@open-infrastructure.net>
* Releasing version 20170522.
diff --git a/Makefile b/Makefile
index d243433..ab17e80 100644
--- a/Makefile
+++ b/Makefile
@@ -119,7 +119,7 @@ install: build
uninstall:
rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/var/log/$(SOFTWARE) || true
- for FILE in share/systemd*; \
+ for FILE in share/systemd/*; \
do \
rm -f $(DESTDIR)/lib/systemd/system/$$(basename $${FILE}); \
done
diff --git a/README.txt b/README.txt
deleted file mode 100644
index 5229136..0000000
--- a/README.txt
+++ /dev/null
@@ -1,108 +0,0 @@
-NAME
-----
-container-tools - Manage systemd-nspawn containers
-
-
-DESCRIPTION
------------
-"[A Linux container] is an operating-system-level virtualization environment for running multiple isolated Linux systems (containers) on a single Linux control host."::
- -- Wikipedia (https://en.wikipedia.org/wiki/LXC)
-
-container-tools provides the system integration for managing containers using systemd-nspawn.
-
-
-DOWNLOAD
---------
- * Upstream Releases: https://files.open-infrastructure.net/software/container-tools/upstream
- * Upstream Sources: https://sources.open-infrastructure.net/software/container-tools
- * Debian Releases: https://files.open-infrastructure.net/software/container-tools/debian
- * Debian Sources: https://sources.progress-linux.org/users/daniel/debian/packages/open-infrastructure-container-tools
-
-
-INSTALLATION
-------------
-
-SOURCE
-~~~~~~
- 1. sudo apt install asciidoc git docbook-xml docbook-xsl libxml2-utils make xsltproc dbus systemd-container net-tools
- 2. git clone https://sources.open-infrastructure.net/software/container-tools
- 3. cd container-tools && sudo make install
-
-DEBIAN 9 (STRETCH) AND NEWER
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- * sudo apt install container-tools
-
-
-DEVELOPMENT
------------
-Bug reports, feature requests, help, patches, support and everything else
-are welcome on the Open Infrastructure Software Mailing List:
-
- * https://lists.open-infrastructure.net/listinfo/software
-
-Please base patches against the 'next' Git branch using common sense:
-
- * https://www.kernel.org/doc/Documentation/SubmittingPatches
-
-Debian specific bugs can also be reported in the Debian Bug Tracking System:
-
- * https://bugs.debian.org
-
-
-KNOWN LIMITATIONS
------------------
- * This version of container-tools currently do not work with systemd-networkd and depend on ifupdown.
- * Using overlay, the upper directory can not be an NFS mount due to limitations in Linux' overlay filesystem,
- see https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/filesystems/overlayfs.txt
-
-
-USAGE
------
-*Create a new container:*::
- sudo container create -n NAME
-
-*Start a container:*::
- sudo container start -n NAME
-
-*Stop a container:*::
- sudo container stop -n NAME
-
-*Remove a container:*::
- sudo container remove -n NAME
-
-*List container on the system:*::
- sudo container list
-
-*Show container-tools version:*::
- container version
-
-See container(1) for a list of all container commands.
-
-
-LINKS
------
-*2016-02-24: Systemd vs. Docker*::
- https://lwn.net/Articles/676831/
-
-*2015-06-10: Systemd and containers*::
- https://lwn.net/Articles/647634/
-
-*2014-07-07: Control groups*::
- https://lwn.net/Articles/604609/
-
-*2013-11-13: Systemd-Nspawn is Chroot on Steroids [LinuxCon Europe]*::
- https://www.youtube.com/watch?v=s7LlUs5D9p4
-
-*2013-11-03: Creating containers with systemd-nspawn*::
- https://lwn.net/Articles/572957/
-
-*2013-02-06: Systemd lightweight containers*::
- https://lwn.net/Articles/536033/
-
-*2013-01-04: Namespaces in operation*::
- https://lwn.net/Articles/531114/
-
-
-AUTHORS
--------
- * Daniel Baumann <daniel.baumann@open-infrastructure.net>
diff --git a/VERSION.txt b/VERSION.txt
index f0ba7e8..dd89bfb 100644
--- a/VERSION.txt
+++ b/VERSION.txt
@@ -1 +1 @@
-20170522
+20170629
diff --git a/bin/container-shell b/bin/container-shell
index 17c0849..38a9ab9 100755
--- a/bin/container-shell
+++ b/bin/container-shell
@@ -85,10 +85,55 @@ Shell ()
then
echo "'${COMMAND}': no such ${PROGRAM} command" >&2
return
- else
- echo
- sudo ${PROGRAM} ${COMMAND} ${OPTIONS} || true
fi
+
+ if [ -n "${CONTAINER_COMMANDS_ENABLE}" ]
+ then
+ COMMAND_ALLOWED=""
+
+ for CONTAINER_COMMAND in ${CONTAINER_COMMANDS_ENABLE}
+ do
+ case "${CONTAINER_COMMAND}" in
+ ${COMMAND}|all|about|logout|exit|help)
+ COMMAND_ALLOWED="true"
+ ;;
+ esac
+ done
+
+ case "${COMMAND_ALLOWED}" in
+ true)
+ ;;
+
+ *)
+ echo "'${COMMAND}': command not allowed for current user" >&2
+ return
+ ;;
+ esac
+ fi
+
+ if [ -n "${CONTAINER_COMMANDS_DISABLE}" ]
+ then
+ COMMAND_DISALLOWED=""
+
+ for CONTAINER_COMMAND in ${CONTAINER_COMMANDS_DISABLE}
+ do
+ case "${CONTAINER_COMMAND}" in
+ ${COMMAND}|all|about|logout|exit|help)
+ COMMAND_DISALLOWED="true"
+ ;;
+ esac
+ done
+
+ case "${COMMAND_DISALLOWED}" in
+ true)
+ echo "'${COMMAND}': command not allowed for current user" >&2
+ return
+ ;;
+ esac
+ fi
+
+ echo
+ sudo ${PROGRAM} ${COMMAND} ${OPTIONS} || true
}
trap 'echo' EXIT HUP INT QUIT TERM
diff --git a/lib/container/auto b/lib/container/auto
index 45aa68f..cbacad2 100755
--- a/lib/container/auto
+++ b/lib/container/auto
@@ -104,7 +104,12 @@ esac
for FILE in "${CONFIG}"/*.conf
do
- if grep -Eqs "^ *cnt.auto=true" "${FILE}" || grep -Eqs "^ *cnt.auto=${HOST}" "${FILE}"
+ if grep -Eqs "^ *cnt.auto=force-true" "${FILE}"
+ then
+ OPTIONS="${OPTIONS} -f"
+ fi
+
+ if grep -Eqs "^ *cnt.auto=(force-true|true)" "${FILE}" && grep -Eqs "^ *cnt.container-server=${HOST}" "${FILE}"
then
CONTAINER="$(basename ${FILE} .conf)"
diff --git a/lib/container/create b/lib/container/create
index 1a6f4d5..570492f 100755
--- a/lib/container/create
+++ b/lib/container/create
@@ -27,7 +27,7 @@ SCRIPTS="/usr/share/container-tools/scripts"
Parameters ()
{
- GETOPT_LONGOPTIONS="name:,cnt.auto:,cnt.overlay:,bind:,bind-ro:,capability:,drop-capability:script:,"
+ GETOPT_LONGOPTIONS="name:,cnt.container-server:,cnt.overlay:,bind:,bind-ro:,capability:,drop-capability:script:,"
GETOPT_OPTIONS="n:,b:,c:,d:,s:,"
PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${COMMAND} --options ${GETOPT_OPTIONS} --shell sh -- ${@})"
@@ -53,6 +53,11 @@ Parameters ()
shift 2
;;
+ --cnt.container-server)
+ CNT_CONTAINER_SERVER="${2}"
+ shift 2
+ ;;
+
--cnt.overlay)
CNT_OVERLAY="${2}"
shift 2
@@ -98,7 +103,7 @@ Parameters ()
Usage ()
{
- echo "Usage: container ${COMMAND} -n|--name NAME [--cnt.auto=true|false|FQDN] [--cnt.overlay=DIRECTORY_LOWER:DIRECTORY_UPPER:DIRECTORY_WORK:DIRECTORY_MERGED] [-b|--bind DIRECTORY:DIRECTORY[:OPTIONS]] [--bind-ro DIRECTORY:DIRECTORY[:OPTIONS]] [-c|--capability CAPABILITY[,CAPABILITY]] [-d|--drop-capability DROP_CAPABILITY[,DROP_CAPABILITY]] [-s|--script SCRIPT] [-- SCRIPT_OPTIONS]" >&2
+ echo "Usage: container ${COMMAND} -n|--name NAME [--cnt.container-server=true|false|FQDN] [--cnt.overlay=DIRECTORY_LOWER:DIRECTORY_UPPER:DIRECTORY_WORK:DIRECTORY_MERGED] [-b|--bind DIRECTORY:DIRECTORY[:OPTIONS]] [--bind-ro DIRECTORY:DIRECTORY[:OPTIONS]] [-c|--capability CAPABILITY[,CAPABILITY]] [-d|--drop-capability DROP_CAPABILITY[,DROP_CAPABILITY]] [-s|--script SCRIPT] [-- SCRIPT_OPTIONS]" >&2
exit 1
}
@@ -145,7 +150,7 @@ else
fi
fi
-CNT_AUTO="${CNT_AUTO:-$(hostname -f)}"
+CNT_CONTAINER_SERVER="${CNT_CONTAINER_SERVER:-$(hostname -f)}"
# Pre hooks
for FILE in "${HOOKS}/pre-${COMMAND}".* "${HOOKS}/${NAME}.pre-${COMMAND}"
@@ -205,6 +210,7 @@ fi
mkdir -p "${CONFIG}"
sed -e "s|@CNT_AUTO@|${CNT_AUTO}|g" \
+ -e "s|@CNT_CONTAINER_SERVER@|${CNT_CONTAINER_SERVER}|g" \
-e "s|@CNT_NETWORK_BRIDGE@|${CNT_NETWORK_BRIDGE}|g" \
-e "s|@CNT_OVERLAY@|${CNT_OVERLAY}|g" \
-e "s|@NAME@|${NAME}|g" \
diff --git a/lib/container/list b/lib/container/list
index 9bf61c4..cd88475 100755
--- a/lib/container/list
+++ b/lib/container/list
@@ -130,7 +130,7 @@ List ()
{
case "${FORMAT}" in
cli)
- printf "%-80s %-29s\n" "${STATUS} ${BLUE}${CONTAINER}${NORMAL}" "${YELLOW}${ADDRESS}${NORMAL}"
+ printf "%1s %-74s %-19s\n" "${STATUS}" "${BLUE}${CONTAINER}${NORMAL}" "${YELLOW}${ADDRESS}${NORMAL}"
;;
csv)
@@ -222,7 +222,7 @@ case "${FORMAT}" in
NORMAL="$(tput sgr0)"
cat << EOF
-${WHITE} ${NORMAL} Container IPv4 Address(es)
+${WHITE} ${NORMAL} Container IPv4 Address(es)
--------------------------------------------------------------------------------
EOF
@@ -329,10 +329,10 @@ do
if [ -e "${CONFIG}/${CONTAINER}.conf" ]
then
- AUTO="$(awk -F= '/^cnt.auto=/ { print $2 }' ${CONFIG}/${CONTAINER}.conf)"
- AUTO="${AUTO:-false}"
+ CONTAINER_SERVER="$(awk -F= '/^cnt.container-server=/ { print $2 }' ${CONFIG}/${CONTAINER}.conf)"
+ CONTAINER_SERVER="${CONTAINER_SERVER:-false}"
- case "${AUTO}" in
+ case "${CONTAINER_SERVER}" in
${HOST}|true)
;;
@@ -347,7 +347,7 @@ do
case "${STATE}" in
running)
STATE="started"
- STATUS="${GREEN}✔${NORMAL}"
+ STATUS="${GREEN}●${NORMAL}"
;;
other)
@@ -356,7 +356,7 @@ do
*)
STATE="stopped"
- STATUS="${RED}✘${NORMAL}"
+ STATUS="${RED}●${NORMAL}"
;;
esac
diff --git a/lib/container/top b/lib/container/top
new file mode 100755
index 0000000..0ff1834
--- /dev/null
+++ b/lib/container/top
@@ -0,0 +1,113 @@
+#!/bin/sh
+
+# container-tools - Manage systemd-nspawn containers
+# Copyright (C) 2014-2017 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+set -e
+
+Parameters ()
+{
+ GETOPT_LONGOPTIONS="delay:,"
+ GETOPT_OPTIONS="d:,"
+
+ PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${COMMAND} --options ${GETOPT_OPTIONS} --shell sh -- ${@})"
+
+ if [ "${?}" != "0" ]
+ then
+ echo "'${COMMAND}': getopt exit" >&2
+ exit 1
+ fi
+
+ eval set -- "${PARAMETERS}"
+
+ while true
+ do
+ case "${1}" in
+ -d|--delay)
+ DELAY="${2}"
+ shift 2
+ ;;
+
+ --)
+ shift 1
+ break
+ ;;
+
+ *)
+ echo "'${COMMAND}': getopt error" >&2
+ exit 1
+ ;;
+ esac
+ done
+}
+
+Usage ()
+{
+ echo "Usage: container ${COMMAND} [-d|--delay DELAY]" >&2
+ exit 1
+}
+
+Parameters "${@}"
+
+DELAY="${DELAY:-1}"
+HOST="$(hostname -f)"
+
+# Pre hooks
+for FILE in "${HOOKS}/pre-${COMMAND}".* "${HOOKS}/${NAME}.pre-${COMMAND}"
+do
+ if [ -x "${FILE}" ]
+ then
+ "${FILE}"
+ fi
+done
+
+# Run
+Top ()
+{
+ HOME="$(tput cup 0 0)"
+ ED="$(tput ed)"
+ EL="$(tput el)"
+
+ printf '%s%s' "${HOME}" "${ED}"
+
+ while true
+ do
+ ROWS="$(tput lines)"
+ COLS="$(tput cols)"
+ CMD="${@}"
+
+ ${SHELL:=sh} -c "${CMD}" | head -n ${ROWS} | while IFS= read LINE
+ do
+ printf '%-*.*s%s\n' ${COLS} ${COLS} "${LINE}" "${EL}"
+ done
+
+ printf '%s%s' "${ED}" "${HOME}"
+ sleep ${DELAY}
+ done
+}
+
+trap 'clear' EXIT HUP INT QUIT TERM
+
+Top "container list && printf '%-59s %-19s\n' \" Host: ${HOST}\" \"\$(date +%Y-%m-%d\ %H:%M:%S)\""
+
+# Post hooks
+for FILE in "${HOOKS}/post-${COMMAND}".* "${HOOKS}/${NAME}.post-${COMMAND}"
+do
+ if [ -x "${FILE}" ]
+ then
+ "${FILE}"
+ fi
+done
diff --git a/share/bash-completion/container b/share/bash-completion/container
index 3995a16..8847419 100644
--- a/share/bash-completion/container
+++ b/share/bash-completion/container
@@ -230,6 +230,12 @@ _container()
esac
;;
+ top)
+ opts="-d --delay"
+ COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
+ return 0
+ ;;
+
version)
return 0
;;
diff --git a/share/config/container.conf.in b/share/config/container.conf.in
index bf1ecc5..322e2c9 100644
--- a/share/config/container.conf.in
+++ b/share/config/container.conf.in
@@ -2,6 +2,7 @@
[start]
cnt.auto=@CNT_AUTO@
+cnt.container-server=@CNT_CONTAINER_SERVER@
cnt.network-bridge=@CNT_NETWORK_BRIDGE@
cnt.overlay=@CNT_OVERLAY@
bind=@BIND@
diff --git a/share/doc/HOST-SETUP.txt b/share/doc/HOST-SETUP.txt
index 73d1ce1..72d42d5 100644
--- a/share/doc/HOST-SETUP.txt
+++ b/share/doc/HOST-SETUP.txt
@@ -5,7 +5,7 @@ container-tools: Host Setup
1. Debian Packages
-------------------
-apt install net-tools bridge-utils ifenslave vlan
+apt install bridge-utils ifenslave vlan
2. Boot Parameters
@@ -54,7 +54,7 @@ iface lo inet loopback
iface eth0 inet manual
-auto br0
+allow-hotplug br0
iface br0 inet dhcp
bridge_ports eth0
bridge_fd 0
@@ -76,7 +76,7 @@ iface lo inet loopback
iface eth0 inet manual
-auto br0
+allow-hotplug br0
iface br0 inet static
address 10.0.0.2
gateway 10.0.0.1
@@ -103,10 +103,10 @@ source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
-auto eth0
+allow-hotplug eth0
iface eth0 inet dhcp
-auto br0
+allow-hotplug br0
iface br0 inet static
address 10.0.0.1
netmask 255.255.255.0
@@ -131,14 +131,14 @@ source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
-auto eth0
+allow-hotplug eth0
iface eth0 inet dhcp
iface eth1 inet manual
iface eth2 inet manual
-auto bond0
+allow-hotplug bond0
iface bond0 inet manual
up ifconfig bond0 0.0.0.0 up
down ifconfig bond0 down
@@ -155,7 +155,7 @@ iface bond0 inet manual
iface bond0.100 inet manual
vlan-raw-device bond0
-auto br100
+allow-hotplug br100
iface br100 inet static
address 10.100.0.2
#gateway 10.100.0.1
diff --git a/share/man/container-shell.1.txt b/share/man/container-shell.1.txt
index 6d792b8..760e0c5 100644
--- a/share/man/container-shell.1.txt
+++ b/share/man/container-shell.1.txt
@@ -53,6 +53,39 @@ All container commands are available, see container(1). Additionally, the follow
*logout*, *exit:*::
exits container-shell.
+USAGE
+-----
+Although the container-shell can be started from a running system like any other program, the main intend is to use the
+container-shell via SSH. That way otherwise unprivileged users have possibility to manage containers without
+needing a regular shell login on the container server.
+
+For usage over SSH a unprivileged user should be created:
+
+ sudo adduser --gecos "container-tools,,," \
+ --home /var/lib/container-tools/container-shell \
+ --shell /usr/bin/container-shell
+
+The container-shell can then be allowed for specific SSH keys via /var/ib/container-tools/container-shell/.ssh/authorized_keys like so:
+
+ command="/usr/bin/container-shell",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa [...]
+
+
+RESTRICTED SHELL
+----------------
+The container-shell by default grants any user that has access to it to use all available container commands.
+
+Through two corresponding environment variables users can be allowed or disallowed to use specific container commands.
+In connection with SSH this makes it possible to grant certain SSH keys (and by that, users) privileges to operate container
+servers without having to give them root access, a login shell at all and prevents them from doing things they are not trusted to do.
+
+Example (blacklisting): In order to allow all commands except for removing and stopping containers, the following variable can be used:
+
+ command="CONTAINER_COMMANDS_DISABLE='remove stop' /usr/bin/container-shell",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa [...]
+
+Example (whitelisting): The other way around works too. To disallow all commands except for listing containers and showing the container-tools version, the following variable can be used:
+
+ command="CONTAINER_COMMANDS_ENABLE='list version' /usr/bin/container-shell",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa [...]
+
SEE ALSO
--------
diff --git a/share/man/container-top.1.txt b/share/man/container-top.1.txt
new file mode 100644
index 0000000..5cc2a0a
--- /dev/null
+++ b/share/man/container-top.1.txt
@@ -0,0 +1,75 @@
+// container-tools - Manage systemd-nspawn containers
+// Copyright (C) 2014-2017 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+CONTAINER-TOP(1)
+================
+:doctype: manpage
+:man manual: Open Infrastructure
+:man source: container-tools
+:man version: {revnumber}
+
+
+NAME
+----
+container-top - Dynamic list container on the system
+
+
+SYNOPSIS
+--------
+*container top* ['OPTIONS']
+
+
+DESCRIPTION
+-----------
+The container top command dynamically lists container on the system.
+
+
+OPTIONS
+-------
+The following container options are available, defaults to *--delay 1*:
+
+*-d, --delay='SECONDS[.TENTHS]'*::
+ Specifies the delay between screen updates, defaults to 1.
+
+
+EXAMPLES
+--------
+*Dynamically list containers of the local system:*::
+ sudo container top
+
+
+SEE ALSO
+--------
+container-tools(7),
+container(1).
+
+
+HOMEPAGE
+--------
+More information about container-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net.
+
+
+CONTACT
+-------
+Bug reports, feature requests, help, patches, support and everything else
+are welcome on the Open Infrastructure Software Mailing List <software@lists.open-infrastructure.net>.
+
+Debian specific bugs can also be reported in the Debian Bug Tracking System at https://bugs.debian.org.
+
+
+AUTHORS
+-------
+container-tools was written by Daniel Baumann <daniel.baumann@open-infrastructure.net>.
diff --git a/share/man/container.1.txt b/share/man/container.1.txt
index fa94d7f..6bd2a12 100644
--- a/share/man/container.1.txt
+++ b/share/man/container.1.txt
@@ -83,6 +83,9 @@ The following container commands are available:
*status*::
Show container status, see container-status(1).
+*top*::
+ Dynamic list of container on the system, see container-top(1).
+
*version*::
Show container-tools version, see container-version(1).
diff --git a/share/scripts/curl b/share/scripts/curl
index 18d49c0..a338020 100755
--- a/share/scripts/curl
+++ b/share/scripts/curl
@@ -57,6 +57,11 @@ Parameters ()
shift 2
;;
+ --cnt.container-server)
+ # ignore
+ shift 2
+ ;;
+
-s|--script)
# ignore
shift 2
diff --git a/share/scripts/debconf b/share/scripts/debconf
index c90e851..5441acc 100755
--- a/share/scripts/debconf
+++ b/share/scripts/debconf
@@ -57,6 +57,11 @@ Parameters ()
shift 2
;;
+ --cnt.container-server)
+ # ignore
+ shift 2
+ ;;
+
-s|--script)
# ignore
shift 2
@@ -294,10 +299,6 @@ Pin: release n=${DIST}-updates
Pin-Priority: 999
Package: *
-Pin: release n=${DIST}-lts
-Pin-Priority: 999
-
-Package: *
Pin: release n=${DIST}-extras
Pin-Priority: 999
EOF
@@ -486,10 +487,6 @@ Configure_system ()
echo "deb ${PARENT_MIRROR} ${PARENT_DIST}-updates ${PARENT_AREA}" >> "${DIRECTORY}/etc/apt/sources.list.d/debian.list"
;;
- ${PARENT_DIST}-lts)
- echo "deb ${PARENT_MIRROR} ${PARENT_DIST}-lts ${PARENT_AREA}" >> "${DIRECTORY}/etc/apt/sources.list.d/debian.list"
- ;;
-
${PARENT_DIST}-backports)
echo "deb ${PARENT_MIRROR} ${PARENT_DIST}-backports ${PARENT_AREA}" >> "${DIRECTORY}/etc/apt/sources.list.d/debian.list"
;;
@@ -534,14 +531,6 @@ Configure_system ()
echo "deb ${MIRROR} ${DIST}-updates-staging ${AREA}" >> "${DIRECTORY}/etc/apt/sources.list.d/progress-linux.list"
;;
- ${DIST}-lts)
- echo "deb ${MIRROR} ${DIST}-lts ${AREA}" >> "${DIRECTORY}/etc/apt/sources.list.d/progress-linux.list"
- ;;
-
- ${DIST}-lts-staging)
- echo "deb ${MIRROR} ${DIST}-lts-staging ${AREA}" >> "${DIRECTORY}/etc/apt/sources.list.d/progress-linux.list"
- ;;
-
${DIST}-extras)
if echo "${AREA}" | grep -qs non-free
then
@@ -724,7 +713,6 @@ EOF
rm -f "${DIRECTORY}/.container-command"
fi
-
}
Configure_network ()
@@ -811,8 +799,6 @@ EOF
Configure_systemd_networkd ()
{
- # FIXME: postup/postdown: multi-interface route
-
DIRECTORY="${1}"
# Enable systemd-networkd
@@ -830,8 +816,8 @@ Configure_systemd_networkd ()
eval IPV4_ADDRESS="$`echo NETWORK${NUMBER}_IPV4_ADDRESS`"
eval IPV4_GATEWAY="$`echo NETWORK${NUMBER}_IPV4_GATEWAY`"
eval IPV4_NETMASK="$`echo NETWORK${NUMBER}_IPV4_NETMASK`"
-# eval IPV4_POST_UP="$`echo NETWORK${NUMBER}_IPV4_POST_UP`"
-# eval IPV4_POST_DOWN="$`echo NETWORK${NUMBER}_IPV4_POST_DOWN`"
+ eval IPV4_POST_UP="$`echo NETWORK${NUMBER}_IPV4_POST_UP`"
+ eval IPV4_POST_DOWN="$`echo NETWORK${NUMBER}_IPV4_POST_DOWN`"
if [ -z "${IPV4_METHOD}" ]
then
@@ -879,6 +865,46 @@ EOF
fi
esac
+ if [ -n "${IPV4_POST_UP}" ]
+ then
+
+cat > "${DIRECTORY}/etc/systemd/system/cnt-ipv4-post-up-eth${NUMBER}.service" << EOF
+[Unit]
+Description=container-tools IPV4_POST_UP
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=oneshot
+ExecStart=/bin/sh -c "${IPV4_POST_UP}"
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+ chroot "${DIRECTORY}" systemctl enable cnt-ipv4-post-up-eth${NUMBER}.service
+ fi
+
+ if [ -n "${IPV4_POST_DOWN}" ]
+ then
+
+cat > "${DIRECTORY}/etc/systemd/system/cnt-ipv4-post-down-eth${NUMBER}.service" << EOF
+[Unit]
+Description=container-tools IPV4_POST_DOWN
+After=network.target
+Wants=network.target
+
+[Service]
+Type=oneshot
+ExecStart=/bin/sh -c "${IPV4_POST_DOWN}"
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+ chroot "${DIRECTORY}" systemctl enable cnt-ipv4-post-down-eth${NUMBER}.service
+ fi
+
NUMBER="$((${NUMBER} + 1))"
done
}
@@ -904,12 +930,14 @@ Commands ()
HOSTNAME_SHORT="$(echo ${NAME} | cut -c-8)"
HOST_INTERFACE_NAME="$(echo ${NETWORK0_VETH:-veth-${HOSTNAME_SHORT}-0})"
- sed -i -e "s|^cnt.auto=.*|cnt.auto=${CNT_AUTO}|" "${CONFIG}/${NAME}.conf"
- sed -i -e "s|^cnt.network-bridge=.*|cnt.network-bridge=${HOST_INTERFACE_NAME}:${NETWORK0_BRIDGE:-br0}|g" "${CONFIG}/${NAME}.conf"
- sed -i -e "s|^cnt.overlay=.*|cnt.overlay=${CNT_OVERLAY}|g" "${CONFIG}/${NAME}.conf"
- sed -i -e "s|^bind=.*|bind=${BIND}|" "${CONFIG}/${NAME}.conf"
- sed -i -e "s|^bind-ro=.*|bind-ro=${BIND_RO}|" "${CONFIG}/${NAME}.conf"
- sed -i -e "s|^network-veth-extra=.*|network-veth-extra=${HOST_INTERFACE_NAME}:eth0|g" "${CONFIG}/${NAME}.conf"
+ sed -i -e "s|^cnt.auto=.*|cnt.auto=${CNT_AUTO}|g" \
+ -e "s|^cnt.container-server=.*|cnt.container-server=${CNT_CONTAINER_SERVER}|g" \
+ -e "s|^cnt.network-bridge=.*|cnt.network-bridge=${HOST_INTERFACE_NAME}:${NETWORK0_BRIDGE:-br0}|g" \
+ -e "s|^cnt.overlay=.*|cnt.overlay=${CNT_OVERLAY}|g" \
+ -e "s|^bind=.*|bind=${BIND}|g" \
+ -e "s|^bind-ro=.*|bind-ro=${BIND_RO}|g" \
+ -e "s|^network-veth-extra=.*|network-veth-extra=${HOST_INTERFACE_NAME}:eth0|g" \
+ "${CONFIG}/${NAME}.conf"
for NUMBER in $(seq 1 ${NETWORK_NUMBER})
do
diff --git a/share/scripts/debconf.d/0003-debconf b/share/scripts/debconf.d/0003-debconf
index 1364bd0..8e78b3e 100755
--- a/share/scripts/debconf.d/0003-debconf
+++ b/share/scripts/debconf.d/0003-debconf
@@ -182,8 +182,8 @@ Archives ()
;;
*)
- db_subst cnt-debconf/archives CHOICES "Security, Updates, LTS, Backports, Proposed Updates"
- db_subst cnt-debconf/archives CHOICES_C "${DISTRIBUTION}-security, ${DISTRIBUTION}-updates, ${DISTRIBUTION}-lts, ${DISTRIBUTION}-backports, ${DISTRIBUTION}-proposed-updates"
+ db_subst cnt-debconf/archives CHOICES "Security, Updates, Backports, Proposed Updates"
+ db_subst cnt-debconf/archives CHOICES_C "${DISTRIBUTION}-security, ${DISTRIBUTION}-updates, ${DISTRIBUTION}-backports, ${DISTRIBUTION}-proposed-updates"
case "${PARENT_DISTRIBUTION}" in
sid)
@@ -191,7 +191,7 @@ Archives ()
;;
*)
- #db_set cnt-debconf/archives "${DISTRIBUTION}-security, ${DISTRIBUTION}-updates, ${DISTRIBUTION}-lts, ${DISTRIBUTION}-backports"
+ #db_set cnt-debconf/archives "${DISTRIBUTION}-security, ${DISTRIBUTION}-updates, ${DISTRIBUTION}-backports"
db_set cnt-debconf/archives "${DISTRIBUTION}-security, ${DISTRIBUTION}-updates"
;;
esac
@@ -204,10 +204,10 @@ Archives ()
progress-linux)
DIST="$(echo ${DISTRIBUTION} | sed -e 's|-backports||')"
- db_subst cnt-debconf/archives CHOICES "staging, Security, Security (staging), Updates, Updates (staging), LTS, LTS (staging), Extras, Extras (staging), Backports, Backports (staging), Backports Extras, Backports Extras (staging)"
- db_subst cnt-debconf/archives CHOICES_C "${DIST}-staging, ${DIST}-security, ${DIST}-security-staging, ${DIST}-updates, ${DIST}-updates-staging, ${DIST}-lts, ${DIST}-lts-staging, ${DIST}-extras, ${DIST}-extras-staging, ${DIST}-backports, ${DIST}-backports-staging, ${DIST}-backports-extras, ${DIST}-backports-extras-staging"
+ db_subst cnt-debconf/archives CHOICES "staging, Security, Security (staging), Updates, Updates (staging), Extras, Extras (staging), Backports, Backports (staging), Backports Extras, Backports Extras (staging)"
+ db_subst cnt-debconf/archives CHOICES_C "${DIST}-staging, ${DIST}-security, ${DIST}-security-staging, ${DIST}-updates, ${DIST}-updates-staging, ${DIST}-extras, ${DIST}-extras-staging, ${DIST}-backports, ${DIST}-backports-staging, ${DIST}-backports-extras, ${DIST}-backports-extras-staging"
- db_set cnt-debconf/archives "${DIST}-security, ${DIST}-updates, ${DIST}-lts, ${DIST}-extras, ${DIST}-backports, ${DIST}-backports-extras"
+ db_set cnt-debconf/archives "${DIST}-security, ${DIST}-updates, ${DIST}-extras, ${DIST}-backports, ${DIST}-backports-extras"
db_fset cnt-debconf/archives seen false
;;
esac
@@ -235,12 +235,12 @@ Parent_archives ()
then
case "${MODE}" in
progress-linux)
- db_subst cnt-debconf/parent-archives CHOICES "Security, Updates, LTS, Backports, Proposed Updates"
- db_subst cnt-debconf/parent-archives CHOICES_C "${PARENT_DISTRIBUTION}-security, ${PARENT_DISTRIBUTION}-updates, ${PARENT_DISTRIBUTION}-lts, ${PARENT_DISTRIBUTION}-backports, ${PARENT_DISTRIBUTION}-proposed-updates"
+ db_subst cnt-debconf/parent-archives CHOICES "Security, Updates, Backports, Proposed Updates"
+ db_subst cnt-debconf/parent-archives CHOICES_C "${PARENT_DISTRIBUTION}-security, ${PARENT_DISTRIBUTION}-updates, ${PARENT_DISTRIBUTION}-backports, ${PARENT_DISTRIBUTION}-proposed-updates"
case "${PARENT_DISTRIBUTION}" in
*)
- #db_set cnt-debconf/parent-archives "${PARENT_DISTRIBUTION}-security, ${PARENT_DISTRIBUTION}-lts, ${PARENT_DISTRIBUTION}-updates, ${PARENT_DISTRIBUTION}-backports"
+ #db_set cnt-debconf/parent-archives "${PARENT_DISTRIBUTION}-security, ${PARENT_DISTRIBUTION}-updates, ${PARENT_DISTRIBUTION}-backports"
db_set cnt-debconf/parent-archives "${PARENT_DISTRIBUTION}-security, ${PARENT_DISTRIBUTION}-updates"
;;
esac
@@ -253,7 +253,7 @@ Parent_archives ()
;;
*)
- db_subst cnt-debconf/parent-archives CHOICES "Security, Updates, LTS, Backports, Proposed Updates"
+ db_subst cnt-debconf/parent-archives CHOICES "Security, Updates, Backports, Proposed Updates"
db_subst cnt-debconf/parent-archives CHOICES_C "${ARCHIVES}"
db_set cnt-debconf/parent-archives "${ARCHIVES}"
@@ -270,7 +270,7 @@ Parent_archives ()
progress-linux)
case "${PARENT_DISTRIBUTION}" in
*)
- #PARENT_ARCHIVES="${PARENT_DISTRIBUTION}-security, ${PARENT_DISTRIBUTION}-updates, ${PARENT_DISTRIBUTION}-lts, ${PARENT_DISTRIBUTION}-backports"
+ #PARENT_ARCHIVES="${PARENT_DISTRIBUTION}-security, ${PARENT_DISTRIBUTION}-updates, ${PARENT_DISTRIBUTION}-backports"
PARENT_ARCHIVES="${PARENT_DISTRIBUTION}-security, ${PARENT_DISTRIBUTION}-updates"
;;
esac
@@ -1008,18 +1008,26 @@ Internal_options ()
if db_get cnt-debconf/auto
then
- CNT_AUTO="${RET:-FQDN}" # string (w/o empty)
+ CNT_AUTO="${RET:-true}" # string (w/o empty)
fi
- CNT_AUTO="${CNT_AUTO:-FQDN}"
+ CNT_AUTO="${CNT_AUTO:-true}"
+ echo "CNT_AUTO=\"${CNT_AUTO}\"" >> "${DEBCONF_TMPDIR}/debconf.default"
+
+ if db_get cnt-debconf/container-server
+ then
+ CNT_CONTAINER_SERVER="${RET:-FQDN}" # string (w/o empty)
+ fi
+
+ CNT_CONTAINER_SERVER="${CNT_CONTAINER_SERVER:-FQDN}"
- case "${CNT_AUTO}" in
+ case "${CNT_CONTAINER_SERVER}" in
FQDN)
- CNT_AUTO="$(hostname -f)"
+ CNT_CONTAINER_SERVER="$(hostname -f)"
;;
esac
- echo "CNT_AUTO=\"${CNT_AUTO}\"" >> "${DEBCONF_TMPDIR}/debconf.default"
+ echo "CNT_CONTAINER_SERVER=\"${CNT_CONTAINER_SERVER}\"" >> "${DEBCONF_TMPDIR}/debconf.default"
if db_get cnt-debconf/bind
then
diff --git a/share/scripts/debootstrap b/share/scripts/debootstrap
index 79a3193..0c19d54 100755
--- a/share/scripts/debootstrap
+++ b/share/scripts/debootstrap
@@ -56,6 +56,11 @@ Parameters ()
shift 2
;;
+ --cnt.container-server)
+ # ignore
+ shift 2
+ ;;
+
-s|--script)
# ignore
shift 2