diff options
-rw-r--r-- | CHANGELOG.txt | 23 | ||||
-rw-r--r-- | Makefile | 11 | ||||
-rw-r--r-- | README.txt | 115 | ||||
-rw-r--r-- | VERSION.txt | 2 | ||||
-rwxr-xr-x | bin/container-nsenter | 22 | ||||
-rwxr-xr-x | bin/container-shell | 2 | ||||
-rwxr-xr-x | lib/container/enter | 102 | ||||
-rwxr-xr-x | lib/container/limit | 186 | ||||
-rwxr-xr-x | lib/container/list | 4 | ||||
-rwxr-xr-x | lib/container/rename | 162 | ||||
-rwxr-xr-x | lib/container/stop | 20 | ||||
-rw-r--r-- | share/bash-completion/container | 40 | ||||
-rw-r--r-- | share/config/container.conf.in | 10 | ||||
-rw-r--r-- | share/doc/HOST-SETUP.txt | 8 | ||||
-rw-r--r-- | share/man/container-enter.1.txt | 72 | ||||
-rw-r--r-- | share/man/container-limit.1.txt | 105 | ||||
-rw-r--r-- | share/man/container-list.1.txt | 2 | ||||
-rw-r--r-- | share/man/container-remove.1.txt | 2 | ||||
-rw-r--r-- | share/man/container-stop.1.txt | 6 | ||||
-rw-r--r-- | share/man/container.1.txt | 6 | ||||
-rwxr-xr-x | share/scripts/debconf | 172 |
21 files changed, 862 insertions, 210 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 3896c66..8f94beb 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,3 +1,25 @@ +2016-11-05 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20161105. + * Backward incompatible changes: + - container use systemd-networkd instead of ifupdown. + + [ Daniel Baumann ] + * Readding container rename command. + * Readding -f|--force option in container stop command. + * Readding container limit command. + * Readding container enter command. + * Removing empty line at the end of the changelog file. + * Replacing README.txt with a copy of container-tools.7 manpage. + * Installing README.txt into documentation directory. + * Installing all generic text files as documentation. + * Adding mandatory inclusion of /etc/network/interfaces.d files in host-setup documentation, thanks to Richard Nelson <unixabg@gmail.com>. + * Using systemd-networkd in container instead of ifupdown. + * Updating container list command to use systemd-networkd config instead of ifupdown. + * Excluding symlinks in container-shell command list. + * Adding container list to ls symlink. + * Adding container remove to rm symlink. + 2016-11-01 Daniel Baumann <daniel.baumann@open-infrastructure.net> * Releasing version 20161101. @@ -271,4 +293,3 @@ 2016-03-01 Daniel Baumann <daniel.baumann@open-infrastructure.net> * Releasing version 20160301. - @@ -52,6 +52,8 @@ test: build: share/man/*.txt $(MAKE) -C share/man + sed -n '/^NAME/,$$p' share/man/$(SOFTWARE).7.txt > README.txt + install: build mkdir -p $(DESTDIR)/etc/${SOFTWARE}/config mkdir -p $(DESTDIR)/etc/${SOFTWARE}/debconf @@ -73,8 +75,8 @@ install: build cp -r share/sudo/* $(DESTDIR)/etc/sudoers.d chmod 0440 $(DESTDIR)/etc/sudoers.d/* - mkdir -p $(DESTDIR)/usr/share/doc - cp -r share/doc $(DESTDIR)/usr/share/doc/$(SOFTWARE) + mkdir -p $(DESTDIR)/usr/share/doc/$(SOFTWARE) + cp -r CHANGELOG.txt LICENSE.txt README.txt share/doc/* $(DESTDIR)/usr/share/doc/$(SOFTWARE) for SECTION in $$(seq 1 8); \ do \ @@ -98,6 +100,9 @@ install: build ln -sf debconf.d ${DESTDIR}/usr/share/$(SOFTWARE)/scripts/progress-linux.d ln -sf container-create-debconf.1 $(DESTDIR)/usr/share/man/man1/container-create-progress-linux.1 + ln -sf list $(DESTDIR)/usr/lib/$(SOFTWARE)/container/ls + ln -sf remove $(DESTDIR)/usr/lib/$(SOFTWARE)/container/rm + mkdir -p $(DESTDIR)/lib/systemd/system cp -r share/systemd/* $(DESTDIR)/lib/systemd/system @@ -164,6 +169,8 @@ uninstall: clean: $(MAKE) -C share/man clean + rm -f README.txt + distclean: reinstall: uninstall install diff --git a/README.txt b/README.txt deleted file mode 100644 index 2b927f2..0000000 --- a/README.txt +++ /dev/null @@ -1,115 +0,0 @@ -container-tools - Manage systemd-nspawn containers -================================================== - - -1. Description --------------- - - "[A Linux container] is an operating-system-level virtualization environment - for running multiple isolated Linux systems (containers) on a single Linux - control host." - - -- Wikipedia (https://en.wikipedia.org/wiki/LXC) - -container-tools provides the system integration for managing containers using -systemd-nspawn. - - -2. Download ------------ - - * Upstream Releases: https://files.open-infrastructure.net/software/container-tools/upstream - * Upstream Sources: https://sources.open-infrastructure.net/software/container-tools - * Debian Releases: https://files.open-infrastructure.net/software/container-tools/debian - * Debian Sources: https://sources.progress-linux.org/users/daniel/debian/packages/open-infrastructure-container-tools - - -3. Installation ---------------- - -3.1 Source ----------- - - 1. sudo apt install asciidoc git docbook-xml docbook-xsl libxml2-utils make xsltproc dbus systemd-container - 2. git clone https://sources.open-infrastructure.net/software/container-tools - 3. cd container-tools && sudo make install - -3.2 Debian 9 (stretch) and newer --------------------------------- - - * sudo apt install container-tools - - -4. Development --------------- - -Bug reports, feature requests, and patches are welcome via Debian Bug Tracking System: - - * https://bugs.debian.org - -Please base them against the 'next' Git branch using common sense: - - * https://www.kernel.org/doc/Documentation/SubmittingPatches - - -5. Known Limitations --------------------- - - * This version of container-tools currently do not work with systemd-networkd and depend on ifupdown. - * Using overlay, the upper directory can not be an NFS mount due to limitations in Linux' overlay filesystem, - see https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/filesystems/overlayfs.txt - - -6. Usage --------- - - * Create a new container: - sudo container create -n NAME - - * Start a container: - sudo container start -n NAME - - * Stop a container: - sudo container stop -n NAME - - * Remove a container: - sudo container remove -n NAME - - * List container on the system: - sudo container list - - * Show container-tools version: - container version - -See container(1) for a list of all container commands. - - -7. Links --------- - - * 2016-02-24: Systemd vs. Docker - https://lwn.net/Articles/676831/ - - * 2015-06-10: Systemd and containers - https://lwn.net/Articles/647634/ - - * 2014-07-07: Control groups - https://lwn.net/Articles/604609/ - - * 2013-11-13: Systemd-Nspawn is Chroot on Steroids [LinuxCon Europe] - https://www.youtube.com/watch?v=s7LlUs5D9p4 - - * 2013-11-03: Creating containers with systemd-nspawn - https://lwn.net/Articles/572957/ - - * 2013-02-06: Systemd lightweight containers - https://lwn.net/Articles/536033/ - - * 2013-01-04: Namespaces in operation - https://lwn.net/Articles/531114/ - - -8. Authors ----------- - - * Daniel Baumann <daniel.baumann@open-infrastructure.net> diff --git a/VERSION.txt b/VERSION.txt index c2ace56..72dace3 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1 +1 @@ -20161101 +20161105 diff --git a/bin/container-nsenter b/bin/container-nsenter new file mode 100755 index 0000000..7c83361 --- /dev/null +++ b/bin/container-nsenter @@ -0,0 +1,22 @@ +#!/bin/sh + +# container-tools - Manage systemd-nspawn containers +# Copyright (C) 2014-2016 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +set -e + +# Run +script -c "/bin/bash -l" -q /dev/null diff --git a/bin/container-shell b/bin/container-shell index da91c76..9b45f72 100755 --- a/bin/container-shell +++ b/bin/container-shell @@ -63,7 +63,7 @@ Shell () echo cd "/usr/lib/${SOFTWARE}/${PROGRAM}" - echo "$(for COMMAND in about logout *; do echo ${COMMAND}; done | sort)" + find . -type f -printf "%f\n" | sort cd "${OLDPWD}" echo diff --git a/lib/container/enter b/lib/container/enter new file mode 100755 index 0000000..4eff504 --- /dev/null +++ b/lib/container/enter @@ -0,0 +1,102 @@ +#!/bin/sh + +# container-tools - Manage systemd-nspawn containers +# Copyright (C) 2014-2016 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +set -e + +COMMAND="$(basename ${0})" + +MACHINES="/var/lib/machines" + +Parameters () +{ + LONG_OPTIONS="name:," + OPTIONS="n:," + + PARAMETERS="$(getopt --longoptions ${LONG_OPTIONS} --name=${COMMAND} --options ${OPTIONS} --shell sh -- ${@})" + + if [ "${?}" != "0" ] + then + echo "'${COMMAND}': getopt exit" >&2 + exit 1 + fi + + eval set -- "${PARAMETERS}" + + while true + do + case "${1}" in + -n|--name) + NAME="${2}" + shift 2 + ;; + + --) + shift 1 + break + ;; + + *) + echo "'${COMMAND}': getopt error" >&2 + exit 1 + ;; + esac + done +} + +Usage () +{ + echo "Usage: container ${COMMAND} -n|--name NAME" >&2 + exit 1 +} + +Parameters "${@}" + +if [ -z "${NAME}" ] +then + Usage +fi + +if [ ! -e "${MACHINES}/${NAME}" ] +then + echo "'${NAME}': no such container" >&2 + exit 1 +fi + +STATE="$(machinectl show ${NAME} 2>&1 | awk -F= '/^State=/ { print $2 }')" + +case "${STATE}" in + running) + ;; + + *) + echo "'${NAME}': container is not running" >&2 + exit 1 + ;; +esac + +LEADER="$(machinectl status ${NAME} | awk '/Leader: / { print $2 }')" + +# Run +if [ -e "${MACHINES}/${NAME}/usr/bin/container-nsenter" ] +then + OPTIONS="/usr/bin/container-nsenter" +else + OPTIONS="" +fi + +nsenter --target ${LEADER} --mount --uts --ipc --net --pid --root --wd=/root ${OPTIONS} diff --git a/lib/container/limit b/lib/container/limit new file mode 100755 index 0000000..8b5ffd5 --- /dev/null +++ b/lib/container/limit @@ -0,0 +1,186 @@ +#!/bin/sh + +# container-tools - Manage systemd-nspawn containers +# Copyright (C) 2014-2016 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +set -e + +COMMAND="$(basename ${0})" + +MACHINES="/var/lib/machines" + +Parameters () +{ + LONG_OPTIONS="name:,blockio-device-weight:,blockio-read-bandwith:,blockio-weight:,blockio-write-bandwith:,cpu-quota:,cpu-shares:,memory-limit:,tasks-max:," + OPTIONS="n:b:c:m:t:," + + PARAMETERS="$(getopt --longoptions ${LONG_OPTIONS} --name=${COMMAND} --options ${OPTIONS} --shell sh -- ${@})" + + if [ "${?}" != "0" ] + then + echo "'${COMMAND}': getopt exit" >&2 + exit 1 + fi + + eval set -- "${PARAMETERS}" + + while true + do + case "${1}" in + -n|--name) + NAME="${2}" + shift 2 + ;; + + -c|--cpu-quota) + CPU_QUOTA="${2}" + shift 2 + ;; + + --cpu-shares) + CPU_SHARES="${2}" + shift 2 + ;; + + -m|--memory-limit) + MEMORY_LIMIT="${2}" + shift 2 + ;; + + -t|--tasks-max) + TASKS_MAX="${2}" + shift 2 + ;; + + --blockio-device-weight) + BLOCK_IO_DEVICE_WEIGHT="${2}" + shift 2 + ;; + + --blockio-read-bandwith) + BLOCK_IO_READ_BANDWITH="${2}" + shift 2 + ;; + + -b|--blockio-weight) + BLOCK_IO_WEIGHT="${2}" + shift 2 + ;; + + --blockio-write-bandwith) + BLOCK_IO_WRITE_BANDWITH="${2}" + shift 2 + ;; + + --) + shift 1 + break + ;; + + *) + echo "'${COMMAND}': getopt error" >&2 + exit 1 + ;; + esac + done +} + +Usage () +{ + echo "Usage: container ${COMMAND} -n|--name NAME [--blockio-device-weight \"DEVICE WEIGHT\"] [--blockio-read-bandwith \"DEVICE BYTES\"] [-b|--blockio-weight WEIGHT] [--blockio-write-bandwith \"DEVICE BYTES\"] [-c|--cpu-quota QUOTA] [--cpu-shares SHARES] [-m|--memory-limit BYTES] [-t|--tasks-max NUMBER]" >&2 + exit 1 +} + +Parameters "${@}" + +if [ -z "${NAME}" ] +then + Usage +fi + +if [ ! -e "${MACHINES}/${NAME}" ] +then + echo "'${NAME}': no such container" >&2 + exit 1 +fi + +STATE="$(machinectl show ${NAME} 2>&1 | awk -F= '/^State=/ { print $2 }')" + +case "${STATE}" in + running) + ;; + + *) + echo "'${NAME}': container is not running" >&2 + exit 1 + ;; +esac + +if [ -n "${BLOCK_IO_DEVICE_WEIGHT}" ] +then + BLOCK_IO_DEVICE_WEIGHT="BlockIODeviceWeight=${BLOCK_IO_DEVICE_WEIGHT}" + SET_PROPERTY="true" +fi + +if [ -n "${BLOCK_IO_READ_BANDWITH}" ] +then + BLOCK_IO_READ_BANDWITH="BlockIOReadBandwidth=${BLOCK_IO_READ_BANDWITH}" + SET_PROPERTY="true" +fi + +if [ -n "${BLOCK_IO_WEIGHT}" ] +then + BLOCK_IO_WEIGHT="BlockIOWeight=${BLOCK_IO_WEIGHT}" + SET_PROPERTY="true" +fi + +if [ -n "${BLOCK_IO_WRITE_BANDWITH}" ] +then + BLOCK_IO_WRITE_BANDWITH="BlockIOReadBandwidth=${BLOCK_IO_WRITE_BANDWITH}" + SET_PROPERTY="true" +fi + +if [ -n "${CPU_QUOTA}" ] +then + CPU_QUOTA="CPUQuota=${CPU_QUOTA}" + SET_PROPERTY="true" +fi + +if [ -n "${CPU_SHARES}" ] +then + CPU_SHARES="CPUShares=${CPU_SHARES}" + SET_PROPERTY="true" +fi + +if [ -n "${MEMORY_LIMIT}" ] +then + MEMORY_LIMIT="MemoryLimit=${MEMORY_LIMIT}" + SET_PROPERTY="true" +fi + +if [ -n "${TASKS_MAX}" ] +then + TASKS_MAX="TasksMax=${TASKS_MAX}" + SET_PROPERTY="true" +fi + +if [ "${SET_PROPERTY}" != "true" ] +then + Usage +fi + +# Run +systemctl --runtime set-property ${NAME} ${BLOCK_IO_DEVICE_WEIGHT} ${BLOCK_IO_READ_BANDWITH} ${BLOCK_IO_WEIGHT} ${BLOCK_IO_WRITE_BANDWITH} ${CPU_QUOTA} ${CPU_SHARES} ${MEMORY_LIMIT} ${TASKS_MAX} diff --git a/lib/container/list b/lib/container/list index d522623..e5e76fe 100755 --- a/lib/container/list +++ b/lib/container/list @@ -183,9 +183,9 @@ do ;; esac - if [ -e "${MACHINES}/${CONTAINER}/etc/network/interfaces" ] + if ls "${MACHINES}/${CONTAINER}/etc/systemd/network"/*.network > /dev/null 2>&1 then - ADDRESSES="$(awk '/address/ { print $2 }' ${MACHINES}/${CONTAINER}/etc/network/interfaces)" + ADDRESSES="$(awk -F= '/Address/ { print $2 }' ${MACHINES}/${CONTAINER}/etc/systemd/network/*.network)" fi ADDRESSES="${ADDRESSES:-n/a}" diff --git a/lib/container/rename b/lib/container/rename new file mode 100755 index 0000000..2d27615 --- /dev/null +++ b/lib/container/rename @@ -0,0 +1,162 @@ +#!/bin/sh + +# container-tools - Manage systemd-nspawn containers +# Copyright (C) 2014-2016 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +set -e + +COMMAND="$(basename ${0})" + +CONFIG="/etc/container-tools/config" +MACHINES="/var/lib/machines" + +Parameters () +{ + LONG_OPTIONS="force,new:,old:," + OPTIONS="f,n:,o:," + + PARAMETERS="$(getopt --longoptions ${LONG_OPTIONS} --name=${COMMAND} --options ${OPTIONS} --shell sh -- ${@})" + + if [ "${?}" != "0" ] + then + echo "'${COMMAND}': getopt exit" >&2 + exit 1 + fi + + eval set -- "${PARAMETERS}" + + while true + do + case "${1}" in + -f|--force) + FORCE="true" + shift 1 + ;; + + -n|--new) + NEW="${2}" + shift 2 + ;; + + -o|--old) + OLD="${2}" + shift 2 + ;; + + --) + shift 1 + break + ;; + + *) + echo "'${COMMAND}': getopt error" >&2 + exit 1 + ;; + esac + done +} + +Usage () +{ + echo "Usage: container ${COMMAND} [-f|--force] -n|--new NAME -o|--old NAME" >&2 + exit 1 +} + +Parameters "${@}" + +if [ -z "${OLD}" ] || [ -z "${NEW}" ] +then + Usage +fi + +if [ ! -e "${MACHINES}/${OLD}" ] +then + echo "'${OLD}': no such container" >&2 + exit 1 +fi + +if [ ! -e "${MACHINES}/${NEW}" ] +then + echo "'${NEW}': container already exists" >&2 + exit 1 +fi + +STATE="$(machinectl show ${OLD} 2>&1 | awk -F= '/^State=/ { print $2 }')" + +case "${STATE}" in + running) + echo "'${OLD}': container is started" >&2 + exit 1 + ;; +esac + +case "${FORCE}" in + true) + ;; + + *) + if container list --other | grep -qs "^${OLD}$" + then + echo -n "'${OLD}': rename remote container to '${NEW}' [y|N]? " + read FORCE + + FORCE="$(echo ${FORCE} | tr [A-Z] [a-z])" + + case "${FORCE}" in + y|yes) + ;; + + *) + exit 1 + ;; + esac + fi + ;; +esac + +# Run +mv "${CONFIG}/${OLD}.conf" "${CONFIG}/${NEW}.conf" +mv "${MACHINES}/${OLD}" "${MACHINES}/${NEW}" + +# Renaming bind mounts +BIND="$(awk -F= '/^bind=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + +if [ -n "${BIND}" ] +then + BINDS="$(echo ${BIND} | sed -e 's|;| |g')" + + for BIND in ${BINDS} + do + SOURCE_OLD="$(echo ${BIND} | awk -F: '{ print $1 }')" + SOURCE_NEW="$(echo ${SOURCE_OLD} | sed -e "s|${OLD}|${NEW}|g")" + + if [ "${SOURCE_OLD}" != "${SOURCE_NEW}" ] + then + mv "${SOURCE_OLD}" "${SOURCE_NEW}" + fi + + TARGET_OLD="$(echo ${BIND} | awk -F: '{ print $2 }')" + TARGET_NEW="$(echo ${TARGET_OLD} | sed -e "s|${OLD}|${NEW}|g")" + + if [ "${TARGET_OLD}" != "${TARGET_NEW}" ] + then + mv "${MACHINES}/${NEW}/${TARGET_OLD}" "${MACHINES}/${NEW}/${TARGET_NEW}" + fi + done +fi + +# Updating configuration file +sed -i -e "s|${OLD}|${NEW}|g" "${CONFIG}/${NEW}.conf" diff --git a/lib/container/stop b/lib/container/stop index ba8960d..ec24d51 100755 --- a/lib/container/stop +++ b/lib/container/stop @@ -27,8 +27,8 @@ CLEAN="false" Parameters () { - LONG_OPTIONS="name:,clean," - OPTIONS="n:," + LONG_OPTIONS="name:,force,clean," + OPTIONS="n:,f," PARAMETERS="$(getopt --longoptions ${LONG_OPTIONS} --name=${COMMAND} --options ${OPTIONS} --shell sh -- ${@})" @@ -48,6 +48,10 @@ Parameters () shift 2 ;; + -f|--force) + FORCE="true" + ;; + --clean) # internal option CLEAN="true" @@ -166,5 +170,15 @@ case "${STATE}" in ;; esac +case "${FORCE}" in + true) + MODE="terminate" + ;; + + *) + MODE="poweroff" + ;; +esac + # Run -machinectl poweroff ${NAME} +machinectl ${MODE} ${NAME} diff --git a/share/bash-completion/container b/share/bash-completion/container index 3bac382..f6434f8 100644 --- a/share/bash-completion/container +++ b/share/bash-completion/container @@ -82,6 +82,46 @@ _container() esac ;; + enter) + case "${cur}" in + -*) + opts="-n --name" + COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) + return 0 + ;; + + *) + case "${prev}" in + -n|--name) + opts=$(container list -s -f short) + COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) + return 0 + ;; + esac + ;; + esac + ;; + + limit) + case "${cur}" in + -*) + opts="-n --name --blockio-device-weight --blockio-read-bandwith -b --blockio-weight --blockio-write-bandwith -c --cpu-quota --cpu-shares -m --memory-limit -t --tasks-max" + COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) + return 0 + ;; + + *) + case "${prev}" in + -n|--name) + opts=$(container list -a -f short) + COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) + return 0 + ;; + esac + ;; + esac + ;; + list) case "${cur}" in -*) diff --git a/share/config/container.conf.in b/share/config/container.conf.in index c3268d5..b5678c0 100644 --- a/share/config/container.conf.in +++ b/share/config/container.conf.in @@ -14,3 +14,13 @@ machine=@MACHINE@ network-veth-extra=@NETWORK_VETH_EXTRA@ private-users=@PRIVATE_USERS@ register=@REGISTER@ + +[limit] +BlockIODeviceWeight= +BlockIOReadBandwidth= +BlockIOWeight= +BlockIOWriteBandwidth= +CPUQuota= +CPUShares= +MemoryLimit= +TasksMax= diff --git a/share/doc/HOST-SETUP.txt b/share/doc/HOST-SETUP.txt index a5aca94..c77f829 100644 --- a/share/doc/HOST-SETUP.txt +++ b/share/doc/HOST-SETUP.txt @@ -47,6 +47,8 @@ sysctl -p cat > /etc/network/interfaces << EOF # /etc/network/interfaces +source /etc/network/interfaces.d/* + auto lo iface lo inet loopback @@ -67,6 +69,8 @@ EOF cat > /etc/network/interfaces << EOF # /etc/network/interfaces +source /etc/network/interfaces.d/* + auto lo iface lo inet loopback @@ -94,6 +98,8 @@ EOF cat > /etc/network/interfaces << EOF # /etc/network/interfaces +source /etc/network/interfaces.d/* + auto lo iface lo inet loopback @@ -120,6 +126,8 @@ EOF cat > /etc/network/interfaces << EOF # /etc/network/interfaces +source /etc/network/interfaces.d/* + auto lo iface lo inet loopback diff --git a/share/man/container-enter.1.txt b/share/man/container-enter.1.txt new file mode 100644 index 0000000..61c0f66 --- /dev/null +++ b/share/man/container-enter.1.txt @@ -0,0 +1,72 @@ +// container-tools - Manage systemd-nspawn containers +// Copyright (C) 2014-2016 Daniel Baumann <daniel.baumann@open-infrastructure.net> +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see <http://www.gnu.org/licenses/>. + +CONTAINER-CONSOLE(1) +==================== +:doctype: manpage +:man manual: Open Infrastructure +:man source: container-tools +:man version: {revnumber} + + +NAME +---- +container-enter - Enter a container namespace + + +SYNOPSIS +-------- +*container enter* ['OPTIONS'] + + +DESCRIPTION +----------- +The container enter enters a container namespace. + + +OPTIONS +------- +The following container options are available: + +*-n, --name='NAME'*:: + Specify container name. + + +EXAMPLES +-------- +*Enter to example.net container namespace:*:: + sudo container enter -n example.net + + +SEE ALSO +-------- +container-tools(7), +container(1). + + +HOMEPAGE +-------- +More information about container-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net. + + +BUGS +---- +Bugs can be reported by sending a bug report to the Debian Bug Tracking System at https://bugs.debian.org. + + +AUTHORS +------- +container-tools was written by Daniel Baumann <daniel.baumann@open-infrastructure.net>. diff --git a/share/man/container-limit.1.txt b/share/man/container-limit.1.txt new file mode 100644 index 0000000..0ba5b74 --- /dev/null +++ b/share/man/container-limit.1.txt @@ -0,0 +1,105 @@ +// container-tools - Manage systemd-nspawn containers +// Copyright (C) 2014-2016 Daniel Baumann <daniel.baumann@open-infrastructure.net> +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see <http://www.gnu.org/licenses/>. + +CONTAINER-LIMIT(1) +================== +:doctype: manpage +:man manual: Open Infrastructure +:man source: container-tools +:man version: {revnumber} + + +NAME +---- +container-limit - Limit ressources of a container + + +SYNOPSIS +-------- +*container limit* ['OPTIONS'] + + +DESCRIPTION +----------- +The container limit command limits ressources available to a container at runtime. + + +OPTIONS +------- +The following container options are available: + +*-n, --name='NAME'*:: + Specify container name. + +*--blockio-device-weight='DEVICE WEIGHT'*:: + Specify device specific blockio weight, see systemd.resource-control(5). + +*--blockio-read-bandwith='DEVICE BYTES'*:: + Specify device specific blockio read bandwith, see systemd.resource-control(5). + +*-b, --blockio-weight='WEIGHT'*:: + Specify general blockio weight, see systemd.resource-control(5). + +*--blockio-write-bandwith='DEVICE BYTES'*:: + Specify device specific blockio write bandwith, see systemd.resource-control(5). + +*-c, --cpu-quota='QUOTA'*:: + Specify CPU quota, see systemd.resource-control(5). + +*--cpu-shares='SHARES'*:: + Specify CPU shares, see systemd.resource-control(5). + +*-m, --memory-limit='BYTES'*:: + Specify memory limit, see systemd.resource-control(5). + +*-t, --tasks-max='NUMBER'*:: + Specify tasks max, see systemd.resource-control(5). + + +EXAMPLES +-------- +*Set blockio weight for the example.net container:*:: + sudo container limit -n example.net --blockio-weight 100 + +*Set CPU quota for the example.net container:*:: + sudo container limit -n example.net --cpu-quota 10% + +*Set memory limit for the example.net container to 1GB:*:: + sudo container limit -n example.net --memory-limit 1G + +*Set tasks max for the example.net container to 100:*:: + sudo container limit -n example.net --tasks-max 100 + + +SEE ALSO +-------- +container-tools(7), +container(1). + + +HOMEPAGE +-------- +More information about container-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net. + + +BUGS +---- +Bugs can be reported by sending a bug report to the Debian Bug Tracking System at https://bugs.debian.org. + + +AUTHORS +------- +container-tools was written by Daniel Baumann <daniel.baumann@open-infrastructure.net>. diff --git a/share/man/container-list.1.txt b/share/man/container-list.1.txt index 8ac59c2..e0c8fb7 100644 --- a/share/man/container-list.1.txt +++ b/share/man/container-list.1.txt @@ -31,6 +31,8 @@ SYNOPSIS -------- *container list* ['OPTIONS'] +*container ls* ['OPTIONS'] + DESCRIPTION ----------- diff --git a/share/man/container-remove.1.txt b/share/man/container-remove.1.txt index cad779f..03c29c2 100644 --- a/share/man/container-remove.1.txt +++ b/share/man/container-remove.1.txt @@ -31,6 +31,8 @@ SYNOPSIS -------- *container remove* ['OPTIONS'] +*container rm* ['OPTIONS'] + DESCRIPTION ----------- diff --git a/share/man/container-stop.1.txt b/share/man/container-stop.1.txt index 8b864d6..7531f1c 100644 --- a/share/man/container-stop.1.txt +++ b/share/man/container-stop.1.txt @@ -44,12 +44,18 @@ The following container options are available: *-n, --name='NAME'*:: Specify container name. +*-f, --force*:: + Instead of running the proper shutdown sequence, terminate all processes of the container imediatly. + EXAMPLES -------- *Shutdown example.net container:*:: sudo container stop -n example.net +*Immediately stop example.net container:*:: + sudo container stop -n example.net -f + SEE ALSO -------- diff --git a/share/man/container.1.txt b/share/man/container.1.txt index 78a7d68..32bd393 100644 --- a/share/man/container.1.txt +++ b/share/man/container.1.txt @@ -67,6 +67,12 @@ The following container commands are available: *console*:: Attach console to a container, see container-console(1). +*enter*:: + Enter a container namespace, see container-enter(1). + +*limit*:: + Limit ressources of a container, see container-limit(1). + *list*:: List container on the system, see container-list(1). diff --git a/share/scripts/debconf b/share/scripts/debconf index 4878d98..6fab784 100755 --- a/share/scripts/debconf +++ b/share/scripts/debconf @@ -123,6 +123,15 @@ Chroot () ${@} } +CIDR () +{ + x=${1##*255.} + set -- 0^^^128^192^224^240^248^252^254^ $(( (${#1} - ${#x})*2 )) ${x%%.*} + + x=${1%%$3*} + echo $(( $2 + (${#x}/4) )) +} + Upgrade_system () { DIRECTORY="${1}" @@ -238,11 +247,11 @@ Debootstrap () # FIXME: trim down, debootstrap variants? case "${MODE}" in debian) - INCLUDE="${INCLUDE},ifupdown,locales,libui-dialog-perl,dialog,isc-dhcp-client,netbase,net-tools,iproute,wget" + INCLUDE="${INCLUDE},locales,libui-dialog-perl,dialog,isc-dhcp-client,netbase,net-tools,iproute,wget" ;; progress-linux) - INCLUDE="${INCLUDE},apt-utils,ifupdown,locales-all,libui-dialog-perl,dialog,isc-dhcp-client,netbase,net-tools,iproute,openssh-server,wget" + INCLUDE="${INCLUDE},apt-utils,locales-all,libui-dialog-perl,dialog,isc-dhcp-client,netbase,net-tools,iproute,openssh-server,wget" ;; esac @@ -735,91 +744,9 @@ EOF Configure_network () { - # Create /etc/network/interfaces - DIRECTORY="${1}" -cat > "${DIRECTORY}/etc/network/interfaces.tmp" << EOF -# Used by ifup(8) and ifdown(8). See the interfaces(5) manpage or -# /usr/share/doc/ifupdown/examples for more information. -EOF - - for NUMBER in $(seq 0 ${NETWORK_NUMBER}) - do - eval IPV4_COMMENT="$`echo NETWORK${NUMBER}_IPV4_COMMENT`" - eval IPV4_METHOD="$`echo NETWORK${NUMBER}_IPV4_METHOD`" - eval IPV4_ADDRESS="$`echo NETWORK${NUMBER}_IPV4_ADDRESS`" - eval IPV4_GATEWAY="$`echo NETWORK${NUMBER}_IPV4_GATEWAY`" - eval IPV4_NETMASK="$`echo NETWORK${NUMBER}_IPV4_NETMASK`" - eval IPV4_POST_UP="$`echo NETWORK${NUMBER}_IPV4_POST_UP`" - eval IPV4_POST_DOWN="$`echo NETWORK${NUMBER}_IPV4_POST_DOWN`" - - if [ -z "${IPV4_METHOD}" ] - then - continue - fi - - echo >> "${DIRECTORY}/etc/network/interfaces.tmp" - - if [ -n "${IPV4_COMMENT}" ] - then - echo "# ${IPV4_COMMENT}" >> "${DIRECTORY}/etc/network/interfaces.tmp" - fi - - case "${IPV4_METHOD}" in - none) - -cat >> "${DIRECTORY}/etc/network/interfaces.tmp" << EOF -iface eth${NUMBER} inet manual -EOF - - ;; - - dhcp) - -cat >> "${DIRECTORY}/etc/network/interfaces.tmp" << EOF -auto eth${NUMBER} -iface eth${NUMBER} inet dhcp -EOF - - ;; - - static) - -cat >> "${DIRECTORY}/etc/network/interfaces.tmp" << EOF -auto eth${NUMBER} -iface eth${NUMBER} inet static - address ${IPV4_ADDRESS} -EOF - - if [ -n "${IPV4_GATEWAY}" ] - then - echo " gateway ${IPV4_GATEWAY}" >> "${DIRECTORY}/etc/network/interfaces.tmp" - fi - - if [ -n "${IPV4_NETMASK}" ] - then - echo " netmask ${IPV4_NETMASK}" >> "${DIRECTORY}/etc/network/interfaces.tmp" - fi - - if [ -n "${IPV4_POST_UP}" ] - then - echo " post-up ${IPV4_POST_UP}" >> "${DIRECTORY}/etc/network/interfaces.tmp" - fi - - if [ -n "${IPV4_POST_DOWN}" ] - then - echo " post-down ${IPV4_POST_DOWN}" >> "${DIRECTORY}/etc/network/interfaces.tmp" - fi - ;; - esac - - NUMBER="$((${NUMBER} + 1))" - done - - mv "${DIRECTORY}/etc/network/interfaces.tmp" "${DIRECTORY}/etc/network/interfaces" - - # create /etc/resolv.conf + # Create /etc/resolv.conf rm -f "${DIRECTORY}/etc/resolv.conf.tmp" if [ -n "${NAMESERVER_DOMAIN}" ] @@ -897,6 +824,80 @@ EOF mv "${DIRECTORY}/etc/hosts.tmp" "${DIRECTORY}/etc/hosts" } +Configure_systemd_networkd () +{ + # FIXME: postup/postdown: multi-interface route + + DIRECTORY="${1}" + + # Enable systemd-networkd + chroot "${DIRECTORY}" apt purge --yes ifupdown || true + + rm -f "${DIRECTORY}/etc/network/interfaces" + rmdir --ignore-fail-on-non-empty --parents "${DIRECTORY}"/etc/network/* > /dev/null 2>&1 || true + + chroot "${DIRECTORY}" systemctl enable systemd-networkd + + for NUMBER in $(seq 0 ${NETWORK_NUMBER}) + do + eval IPV4_COMMENT="$`echo NETWORK${NUMBER}_IPV4_COMMENT`" + eval IPV4_METHOD="$`echo NETWORK${NUMBER}_IPV4_METHOD`" + eval IPV4_ADDRESS="$`echo NETWORK${NUMBER}_IPV4_ADDRESS`" + eval IPV4_GATEWAY="$`echo NETWORK${NUMBER}_IPV4_GATEWAY`" + eval IPV4_NETMASK="$`echo NETWORK${NUMBER}_IPV4_NETMASK`" +# eval IPV4_POST_UP="$`echo NETWORK${NUMBER}_IPV4_POST_UP`" +# eval IPV4_POST_DOWN="$`echo NETWORK${NUMBER}_IPV4_POST_DOWN`" + + if [ -z "${IPV4_METHOD}" ] + then + continue + fi + + IPV4_SUFFIX="$(CIDR ${IPV4_NETMASK})" + IPV4_CIDR="${IPV4_ADDRESS}/${IPV4_SUFFIX}" + +cat > "${DIRECTORY}/etc/systemd/network/eth${NUMBER}.network" << EOF +[Match] +Name=eth${NUMBER} + +[Network] +EOF + + if [ -n "${IPV4_COMMENT}" ] + then + echo "Description=${IPV4_COMMENT}" >> "${DIRECTORY}/etc/systemd/network/eth${NUMBER}.network" + fi + + case "${IPV4_METHOD}" in + dhcp) + +cat >> "${DIRECTORY}/etc/systemd/network/eth${NUMBER}.network" << EOF +DHCP=ipv4 +EOF + + ;; + + static) + +cat >> "${DIRECTORY}/etc/systemd/network/eth${NUMBER}.network" << EOF +DHCP=no +Address=${IPV4_CIDR} +EOF + + if [ -n "${IPV4_GATEWAY}" ] + then + +cat >> "${DIRECTORY}/etc/systemd/network/eth${NUMBER}.network" << EOF +Gateway=${IPV4_GATEWAY} +EOF + + fi + esac + + NUMBER="$((${NUMBER} + 1))" + done +} + Commands () { DIRECTORY="${1}" @@ -1045,6 +1046,7 @@ fi Configure_system "${MACHINES}/${NAME}" Configure_network "${MACHINES}/${NAME}" +Configure_systemd_networkd "${MACHINES}/${NAME}" # FIXME Cleanup_system "${MACHINES}/${NAME}" Commands "${MACHINES}/${NAME}" |