summaryrefslogtreecommitdiffstats
path: root/lib/container
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2017-07-23 08:28:38 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2017-07-23 08:28:38 +0000
commit67dd59d5d9d8efb620ba8b65c7a661a8ae6a1365 (patch)
tree43300ba57e2427696d7d9b0b6ff14275d991f912 /lib/container
parentAdding upstream version 20170701. (diff)
downloadopen-infrastructure-compute-tools-67dd59d5d9d8efb620ba8b65c7a661a8ae6a1365.tar.xz
open-infrastructure-compute-tools-67dd59d5d9d8efb620ba8b65c7a661a8ae6a1365.zip
Adding upstream version 20170722.upstream/20170722
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'lib/container')
-rwxr-xr-xlib/container/key149
-rwxr-xr-xlib/container/limit22
-rwxr-xr-xlib/container/start24
3 files changed, 177 insertions, 18 deletions
diff --git a/lib/container/key b/lib/container/key
new file mode 100755
index 0000000..e97d8e1
--- /dev/null
+++ b/lib/container/key
@@ -0,0 +1,149 @@
+#!/bin/sh
+
+# container-tools - Manage systemd-nspawn containers
+# Copyright (C) 2014-2017 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+set -e
+
+COMMAND="$(basename ${0})"
+
+KEYS="/etc/container-tools/keys"
+
+Parameters ()
+{
+ GETOPT_LONGOPTIONS="add:,list,remove:,"
+ GETOPT_OPTIONS="a:,l,r:,"
+
+ PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${COMMAND} --options ${GETOPT_OPTIONS} --shell sh -- ${@})"
+
+ if [ "${?}" != "0" ]
+ then
+ echo "'${COMMAND}': getopt exit" >&2
+ exit 1
+ fi
+
+ eval set -- "${PARAMETERS}"
+
+ while true
+ do
+ case "${1}" in
+ -a|--add)
+ ADD="${2}"
+ ACTION="add"
+ shift 2
+ ;;
+
+ -l|--list)
+ ACTION="list"
+ shift 1
+ ;;
+
+ -r|--remove)
+ REMOVE="${2}"
+ ACTION="remove"
+ shift 2
+ ;;
+
+ --)
+ shift 1
+ break
+ ;;
+
+ *)
+ echo "'${COMMAND}': getopt error" >&2
+ exit 1
+ ;;
+ esac
+ done
+}
+
+Usage ()
+{
+ echo "Usage: container ${COMMAND} [-a|--add KEY] [-l|--list] [-r|--remove KEY]" >&2
+ exit 1
+}
+
+Parameters "${@}"
+
+if [ -z "${ACTION}" ]
+then
+ Usage
+fi
+
+# Pre hooks
+for FILE in "${HOOKS}/pre-${COMMAND}".* "${HOOKS}/${NAME}.pre-${COMMAND}"
+do
+ if [ -x "${FILE}" ]
+ then
+ "${FILE}"
+ fi
+done
+
+# Run
+if [ ! -e "${KEYS}" ]
+then
+ mkdir -p "${KEYS}"
+
+ chown root:root "${KEYS}"
+ chmod 0700 "${KEYS}"
+
+cat > "${KEYS}/gnupg.conf" << EOF
+keyserver hkps://hkps.pool.sks-keyservers.net
+keyserver-options include-revoked
+keyserver-options no-honor-keyserver-url
+
+cert-digest-algo SHA512
+default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES ZLIB ZIP Uncompressed
+personal-cipher-preferences AES256 AES192 AES
+personal-compress-preferences ZLIB ZIP Uncompressed
+personal-digest-preferences SHA512 SHA384 SHA256 SHA224
+
+no-comments
+no-emit-version
+no-greeting
+keyid-format 0xlong
+list-options show-keyring
+list-options show-uid-validity
+verify-options show-uid-validity
+with-fingerprint
+
+charset utf-8
+EOF
+
+fi
+
+case "${ACTION}" in
+ add)
+ gpg --homedir "${KEYS}" --import "${ADD}"
+ ;;
+
+ list)
+ gpg --homedir "${KEYS}" --list-keys
+ ;;
+
+ remove)
+ gpg --homedir "${KEYS}" --delete-keys "${REMOVE}"
+ ;;
+esac
+
+# Post hooks
+for FILE in "${HOOKS}/post-${COMMAND}".* "${HOOKS}/${NAME}.post-${COMMAND}"
+do
+ if [ -x "${FILE}" ]
+ then
+ "${FILE}"
+ fi
+done
diff --git a/lib/container/limit b/lib/container/limit
index b888656..05bffdc 100755
--- a/lib/container/limit
+++ b/lib/container/limit
@@ -25,7 +25,7 @@ MACHINES="/var/lib/machines"
Parameters ()
{
- GETOPT_LONGOPTIONS="name:,blockio-device-weight:,blockio-read-bandwith:,blockio-weight:,blockio-write-bandwith:,cpu-quota:,cpu-shares:,memory-limit:,tasks-max:,"
+ GETOPT_LONGOPTIONS="name:,blockio-device-weight:,blockio-read-bandwidth:,blockio-weight:,blockio-write-bandwidth:,cpu-quota:,cpu-shares:,memory-limit:,tasks-max:,"
GETOPT_OPTIONS="n:b:c:m:t:,"
PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${COMMAND} --options ${GETOPT_OPTIONS} --shell sh -- ${@})"
@@ -71,8 +71,8 @@ Parameters ()
shift 2
;;
- --blockio-read-bandwith)
- BLOCK_IO_READ_BANDWITH="${2}"
+ --blockio-read-bandwidth)
+ BLOCK_IO_READ_BANDWIDTH="${2}"
shift 2
;;
@@ -81,8 +81,8 @@ Parameters ()
shift 2
;;
- --blockio-write-bandwith)
- BLOCK_IO_WRITE_BANDWITH="${2}"
+ --blockio-write-bandwidth)
+ BLOCK_IO_WRITE_BANDWIDTH="${2}"
shift 2
;;
@@ -101,7 +101,7 @@ Parameters ()
Usage ()
{
- echo "Usage: container ${COMMAND} -n|--name NAME [--blockio-device-weight \"DEVICE WEIGHT\"] [--blockio-read-bandwith \"DEVICE BYTES\"] [-b|--blockio-weight WEIGHT] [--blockio-write-bandwith \"DEVICE BYTES\"] [-c|--cpu-quota QUOTA] [--cpu-shares SHARES] [-m|--memory-limit BYTES] [-t|--tasks-max NUMBER]" >&2
+ echo "Usage: container ${COMMAND} -n|--name NAME [--blockio-device-weight \"DEVICE WEIGHT\"] [--blockio-read-bandwidth \"DEVICE BYTES\"] [-b|--blockio-weight WEIGHT] [--blockio-write-bandwidth \"DEVICE BYTES\"] [-c|--cpu-quota QUOTA] [--cpu-shares SHARES] [-m|--memory-limit BYTES] [-t|--tasks-max NUMBER]" >&2
exit 1
}
@@ -136,9 +136,9 @@ then
SET_PROPERTY="true"
fi
-if [ -n "${BLOCK_IO_READ_BANDWITH}" ]
+if [ -n "${BLOCK_IO_READ_BANDWIDTH}" ]
then
- BLOCK_IO_READ_BANDWITH="BlockIOReadBandwidth=${BLOCK_IO_READ_BANDWITH}"
+ BLOCK_IO_READ_BANDWIDTH="BlockIOReadBandwidth=${BLOCK_IO_READ_BANDWIDTH}"
SET_PROPERTY="true"
fi
@@ -148,9 +148,9 @@ then
SET_PROPERTY="true"
fi
-if [ -n "${BLOCK_IO_WRITE_BANDWITH}" ]
+if [ -n "${BLOCK_IO_WRITE_BANDWIDTH}" ]
then
- BLOCK_IO_WRITE_BANDWITH="BlockIOReadBandwidth=${BLOCK_IO_WRITE_BANDWITH}"
+ BLOCK_IO_WRITE_BANDWIDTH="BlockIOReadBandwidth=${BLOCK_IO_WRITE_BANDWIDTH}"
SET_PROPERTY="true"
fi
@@ -193,7 +193,7 @@ do
done
# Run
-systemctl --runtime set-property ${NAME} ${BLOCK_IO_DEVICE_WEIGHT} ${BLOCK_IO_READ_BANDWITH} ${BLOCK_IO_WEIGHT} ${BLOCK_IO_WRITE_BANDWITH} ${CPU_QUOTA} ${CPU_SHARES} ${MEMORY_LIMIT} ${TASKS_MAX}
+systemctl --runtime set-property ${NAME} ${BLOCK_IO_DEVICE_WEIGHT} ${BLOCK_IO_READ_BANDWIDTH} ${BLOCK_IO_WEIGHT} ${BLOCK_IO_WRITE_BANDWIDTH} ${CPU_QUOTA} ${CPU_SHARES} ${MEMORY_LIMIT} ${TASKS_MAX}
# Post hooks
for FILE in "${HOOKS}/post-${COMMAND}".* "${HOOKS}/${NAME}.post-${COMMAND}"
diff --git a/lib/container/start b/lib/container/start
index 88f2ea6..6d2c7a9 100755
--- a/lib/container/start
+++ b/lib/container/start
@@ -308,6 +308,11 @@ then
NETWORK_VETH_EXTRA="${NETWORK_VETH_EXTRA} --network-veth-extra=${VETH}"
INTERFACE="$(echo ${VETH} | awk -F: '{ print $1 }')"
+ if [ "$(echo ${INTERFACE} | wc -c)" -gt 15 ]
+ then
+ echo "'${INTERFACE}': name exceeds maximum of 15 characters, network might be not working."
+ fi
+
cat > "/etc/network/interfaces.d/${INTERFACE}" << EOF
allow-hotplug ${INTERFACE}
iface ${INTERFACE} inet manual
@@ -331,6 +336,11 @@ EOF
INTERFACE="$(echo ${BRIDGE_DEFINITION} | awk -F: '{ print $1 }')"
BRIDGE="$(echo ${BRIDGE_DEFINITION} | awk -F: '{ print $2 }')"
+ if [ "$(echo ${INTERFACE} | wc -c)" -gt 15 ]
+ then
+ echo "'${INTERFACE}': name exceeds maximum of 15 characters, network might be not working."
+ fi
+
if [ -n "${BRIDGE}" ] && [ -n "${INTERFACE}" ]
then
@@ -382,11 +392,11 @@ EOF
SET_PROPERTY="true"
fi
- BLOCK_IO_READ_BANDWITH="$(awk -F= '/^BlockIOReadBandwith=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
+ BLOCK_IO_READ_BANDWIDTH="$(awk -F= '/^BlockIOReadBandwidth=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
- if [ -n "${BLOCK_IO_READ_BANDWITH}" ]
+ if [ -n "${BLOCK_IO_READ_BANDWIDTH}" ]
then
- BLOCK_IO_READ_BANDWITH="BlockIOReadBandwith=${BLOCK_IO_READ_BANDWITH}"
+ BLOCK_IO_READ_BANDWIDTH="BlockIOReadBandwidth=${BLOCK_IO_READ_BANDWIDTH}"
SET_PROPERTY="true"
fi
@@ -398,11 +408,11 @@ EOF
SET_PROPERTY="true"
fi
- BLOCK_IO_WRITE_BANDWITH="$(awk -F= '/^BlockIOWriteBandwith=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
+ BLOCK_IO_WRITE_BANDWIDTH="$(awk -F= '/^BlockIOWriteBandwidth=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
- if [ -n "${BLOCK_IO_WRITE_BANDWITH}" ]
+ if [ -n "${BLOCK_IO_WRITE_BANDWIDTH}" ]
then
- BLOCK_IO_WRITE_BANDWITH="BlockIOWriteBandwith=${BLOCK_IO_WRITE_BANDWITH}"
+ BLOCK_IO_WRITE_BANDWIDTH="BlockIOWriteBandwidth=${BLOCK_IO_WRITE_BANDWIDTH}"
SET_PROPERTY="true"
fi
@@ -451,7 +461,7 @@ case "${START}" in
true)
case "${SET_PROPERTY}" in
true)
- systemctl --runtime set-property ${NAME} ${BLOCK_IO_DEVICE_WEIGHT} ${BLOCK_IO_READ_BANDWITH} ${BLOCK_IO_WEIGHT} ${BLOCK_IO_WRITE_BANDWITH} ${CPU_QUOTA} ${CPU_SHARES} ${MEMORY_LIMIT} ${TASKS_MAX}
+ systemctl --runtime set-property ${NAME} ${BLOCK_IO_DEVICE_WEIGHT} ${BLOCK_IO_READ_BANDWIDTH} ${BLOCK_IO_WEIGHT} ${BLOCK_IO_WRITE_BANDWIDTH} ${CPU_QUOTA} ${CPU_SHARES} ${MEMORY_LIMIT} ${TASKS_MAX}
;;
esac
;;