summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--CHANGELOG.txt23
-rw-r--r--Makefile11
-rw-r--r--README.txt115
-rw-r--r--VERSION.txt2
-rwxr-xr-xbin/container-nsenter22
-rwxr-xr-xbin/container-shell2
-rwxr-xr-xlib/container/enter102
-rwxr-xr-xlib/container/limit186
-rwxr-xr-xlib/container/list4
-rwxr-xr-xlib/container/rename162
-rwxr-xr-xlib/container/stop20
-rw-r--r--share/bash-completion/container40
-rw-r--r--share/config/container.conf.in10
-rw-r--r--share/doc/HOST-SETUP.txt8
-rw-r--r--share/man/container-enter.1.txt72
-rw-r--r--share/man/container-limit.1.txt105
-rw-r--r--share/man/container-list.1.txt2
-rw-r--r--share/man/container-remove.1.txt2
-rw-r--r--share/man/container-stop.1.txt6
-rw-r--r--share/man/container.1.txt6
-rwxr-xr-xshare/scripts/debconf172
21 files changed, 862 insertions, 210 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 3896c66..8f94beb 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,3 +1,25 @@
+2016-11-05 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+
+ * Releasing version 20161105.
+ * Backward incompatible changes:
+ - container use systemd-networkd instead of ifupdown.
+
+ [ Daniel Baumann ]
+ * Readding container rename command.
+ * Readding -f|--force option in container stop command.
+ * Readding container limit command.
+ * Readding container enter command.
+ * Removing empty line at the end of the changelog file.
+ * Replacing README.txt with a copy of container-tools.7 manpage.
+ * Installing README.txt into documentation directory.
+ * Installing all generic text files as documentation.
+ * Adding mandatory inclusion of /etc/network/interfaces.d files in host-setup documentation, thanks to Richard Nelson <unixabg@gmail.com>.
+ * Using systemd-networkd in container instead of ifupdown.
+ * Updating container list command to use systemd-networkd config instead of ifupdown.
+ * Excluding symlinks in container-shell command list.
+ * Adding container list to ls symlink.
+ * Adding container remove to rm symlink.
+
2016-11-01 Daniel Baumann <daniel.baumann@open-infrastructure.net>
* Releasing version 20161101.
@@ -271,4 +293,3 @@
2016-03-01 Daniel Baumann <daniel.baumann@open-infrastructure.net>
* Releasing version 20160301.
-
diff --git a/Makefile b/Makefile
index 94289f2..910e934 100644
--- a/Makefile
+++ b/Makefile
@@ -52,6 +52,8 @@ test:
build: share/man/*.txt
$(MAKE) -C share/man
+ sed -n '/^NAME/,$$p' share/man/$(SOFTWARE).7.txt > README.txt
+
install: build
mkdir -p $(DESTDIR)/etc/${SOFTWARE}/config
mkdir -p $(DESTDIR)/etc/${SOFTWARE}/debconf
@@ -73,8 +75,8 @@ install: build
cp -r share/sudo/* $(DESTDIR)/etc/sudoers.d
chmod 0440 $(DESTDIR)/etc/sudoers.d/*
- mkdir -p $(DESTDIR)/usr/share/doc
- cp -r share/doc $(DESTDIR)/usr/share/doc/$(SOFTWARE)
+ mkdir -p $(DESTDIR)/usr/share/doc/$(SOFTWARE)
+ cp -r CHANGELOG.txt LICENSE.txt README.txt share/doc/* $(DESTDIR)/usr/share/doc/$(SOFTWARE)
for SECTION in $$(seq 1 8); \
do \
@@ -98,6 +100,9 @@ install: build
ln -sf debconf.d ${DESTDIR}/usr/share/$(SOFTWARE)/scripts/progress-linux.d
ln -sf container-create-debconf.1 $(DESTDIR)/usr/share/man/man1/container-create-progress-linux.1
+ ln -sf list $(DESTDIR)/usr/lib/$(SOFTWARE)/container/ls
+ ln -sf remove $(DESTDIR)/usr/lib/$(SOFTWARE)/container/rm
+
mkdir -p $(DESTDIR)/lib/systemd/system
cp -r share/systemd/* $(DESTDIR)/lib/systemd/system
@@ -164,6 +169,8 @@ uninstall:
clean:
$(MAKE) -C share/man clean
+ rm -f README.txt
+
distclean:
reinstall: uninstall install
diff --git a/README.txt b/README.txt
deleted file mode 100644
index 2b927f2..0000000
--- a/README.txt
+++ /dev/null
@@ -1,115 +0,0 @@
-container-tools - Manage systemd-nspawn containers
-==================================================
-
-
-1. Description
---------------
-
- "[A Linux container] is an operating-system-level virtualization environment
- for running multiple isolated Linux systems (containers) on a single Linux
- control host."
-
- -- Wikipedia (https://en.wikipedia.org/wiki/LXC)
-
-container-tools provides the system integration for managing containers using
-systemd-nspawn.
-
-
-2. Download
------------
-
- * Upstream Releases: https://files.open-infrastructure.net/software/container-tools/upstream
- * Upstream Sources: https://sources.open-infrastructure.net/software/container-tools
- * Debian Releases: https://files.open-infrastructure.net/software/container-tools/debian
- * Debian Sources: https://sources.progress-linux.org/users/daniel/debian/packages/open-infrastructure-container-tools
-
-
-3. Installation
----------------
-
-3.1 Source
-----------
-
- 1. sudo apt install asciidoc git docbook-xml docbook-xsl libxml2-utils make xsltproc dbus systemd-container
- 2. git clone https://sources.open-infrastructure.net/software/container-tools
- 3. cd container-tools && sudo make install
-
-3.2 Debian 9 (stretch) and newer
---------------------------------
-
- * sudo apt install container-tools
-
-
-4. Development
---------------
-
-Bug reports, feature requests, and patches are welcome via Debian Bug Tracking System:
-
- * https://bugs.debian.org
-
-Please base them against the 'next' Git branch using common sense:
-
- * https://www.kernel.org/doc/Documentation/SubmittingPatches
-
-
-5. Known Limitations
---------------------
-
- * This version of container-tools currently do not work with systemd-networkd and depend on ifupdown.
- * Using overlay, the upper directory can not be an NFS mount due to limitations in Linux' overlay filesystem,
- see https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/filesystems/overlayfs.txt
-
-
-6. Usage
---------
-
- * Create a new container:
- sudo container create -n NAME
-
- * Start a container:
- sudo container start -n NAME
-
- * Stop a container:
- sudo container stop -n NAME
-
- * Remove a container:
- sudo container remove -n NAME
-
- * List container on the system:
- sudo container list
-
- * Show container-tools version:
- container version
-
-See container(1) for a list of all container commands.
-
-
-7. Links
---------
-
- * 2016-02-24: Systemd vs. Docker
- https://lwn.net/Articles/676831/
-
- * 2015-06-10: Systemd and containers
- https://lwn.net/Articles/647634/
-
- * 2014-07-07: Control groups
- https://lwn.net/Articles/604609/
-
- * 2013-11-13: Systemd-Nspawn is Chroot on Steroids [LinuxCon Europe]
- https://www.youtube.com/watch?v=s7LlUs5D9p4
-
- * 2013-11-03: Creating containers with systemd-nspawn
- https://lwn.net/Articles/572957/
-
- * 2013-02-06: Systemd lightweight containers
- https://lwn.net/Articles/536033/
-
- * 2013-01-04: Namespaces in operation
- https://lwn.net/Articles/531114/
-
-
-8. Authors
-----------
-
- * Daniel Baumann <daniel.baumann@open-infrastructure.net>
diff --git a/VERSION.txt b/VERSION.txt
index c2ace56..72dace3 100644
--- a/VERSION.txt
+++ b/VERSION.txt
@@ -1 +1 @@
-20161101
+20161105
diff --git a/bin/container-nsenter b/bin/container-nsenter
new file mode 100755
index 0000000..7c83361
--- /dev/null
+++ b/bin/container-nsenter
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+# container-tools - Manage systemd-nspawn containers
+# Copyright (C) 2014-2016 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+set -e
+
+# Run
+script -c "/bin/bash -l" -q /dev/null
diff --git a/bin/container-shell b/bin/container-shell
index da91c76..9b45f72 100755
--- a/bin/container-shell
+++ b/bin/container-shell
@@ -63,7 +63,7 @@ Shell ()
echo
cd "/usr/lib/${SOFTWARE}/${PROGRAM}"
- echo "$(for COMMAND in about logout *; do echo ${COMMAND}; done | sort)"
+ find . -type f -printf "%f\n" | sort
cd "${OLDPWD}"
echo
diff --git a/lib/container/enter b/lib/container/enter
new file mode 100755
index 0000000..4eff504
--- /dev/null
+++ b/lib/container/enter
@@ -0,0 +1,102 @@
+#!/bin/sh
+
+# container-tools - Manage systemd-nspawn containers
+# Copyright (C) 2014-2016 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+set -e
+
+COMMAND="$(basename ${0})"
+
+MACHINES="/var/lib/machines"
+
+Parameters ()
+{
+ LONG_OPTIONS="name:,"
+ OPTIONS="n:,"
+
+ PARAMETERS="$(getopt --longoptions ${LONG_OPTIONS} --name=${COMMAND} --options ${OPTIONS} --shell sh -- ${@})"
+
+ if [ "${?}" != "0" ]
+ then
+ echo "'${COMMAND}': getopt exit" >&2
+ exit 1
+ fi
+
+ eval set -- "${PARAMETERS}"
+
+ while true
+ do
+ case "${1}" in
+ -n|--name)
+ NAME="${2}"
+ shift 2
+ ;;
+
+ --)
+ shift 1
+ break
+ ;;
+
+ *)
+ echo "'${COMMAND}': getopt error" >&2
+ exit 1
+ ;;
+ esac
+ done
+}
+
+Usage ()
+{
+ echo "Usage: container ${COMMAND} -n|--name NAME" >&2
+ exit 1
+}
+
+Parameters "${@}"
+
+if [ -z "${NAME}" ]
+then
+ Usage
+fi
+
+if [ ! -e "${MACHINES}/${NAME}" ]
+then
+ echo "'${NAME}': no such container" >&2
+ exit 1
+fi
+
+STATE="$(machinectl show ${NAME} 2>&1 | awk -F= '/^State=/ { print $2 }')"
+
+case "${STATE}" in
+ running)
+ ;;
+
+ *)
+ echo "'${NAME}': container is not running" >&2
+ exit 1
+ ;;
+esac
+
+LEADER="$(machinectl status ${NAME} | awk '/Leader: / { print $2 }')"
+
+# Run
+if [ -e "${MACHINES}/${NAME}/usr/bin/container-nsenter" ]
+then
+ OPTIONS="/usr/bin/container-nsenter"
+else
+ OPTIONS=""
+fi
+
+nsenter --target ${LEADER} --mount --uts --ipc --net --pid --root --wd=/root ${OPTIONS}
diff --git a/lib/container/limit b/lib/container/limit
new file mode 100755
index 0000000..8b5ffd5
--- /dev/null
+++ b/lib/container/limit
@@ -0,0 +1,186 @@
+#!/bin/sh
+
+# container-tools - Manage systemd-nspawn containers
+# Copyright (C) 2014-2016 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+set -e
+
+COMMAND="$(basename ${0})"
+
+MACHINES="/var/lib/machines"
+
+Parameters ()
+{
+ LONG_OPTIONS="name:,blockio-device-weight:,blockio-read-bandwith:,blockio-weight:,blockio-write-bandwith:,cpu-quota:,cpu-shares:,memory-limit:,tasks-max:,"
+ OPTIONS="n:b:c:m:t:,"
+
+ PARAMETERS="$(getopt --longoptions ${LONG_OPTIONS} --name=${COMMAND} --options ${OPTIONS} --shell sh -- ${@})"
+
+ if [ "${?}" != "0" ]
+ then
+ echo "'${COMMAND}': getopt exit" >&2
+ exit 1
+ fi
+
+ eval set -- "${PARAMETERS}"
+
+ while true
+ do
+ case "${1}" in
+ -n|--name)
+ NAME="${2}"
+ shift 2
+ ;;
+
+ -c|--cpu-quota)
+ CPU_QUOTA="${2}"
+ shift 2
+ ;;
+
+ --cpu-shares)
+ CPU_SHARES="${2}"
+ shift 2
+ ;;
+
+ -m|--memory-limit)
+ MEMORY_LIMIT="${2}"
+ shift 2
+ ;;
+
+ -t|--tasks-max)
+ TASKS_MAX="${2}"
+ shift 2
+ ;;
+
+ --blockio-device-weight)
+ BLOCK_IO_DEVICE_WEIGHT="${2}"
+ shift 2
+ ;;
+
+ --blockio-read-bandwith)
+ BLOCK_IO_READ_BANDWITH="${2}"
+ shift 2
+ ;;
+
+ -b|--blockio-weight)
+ BLOCK_IO_WEIGHT="${2}"
+ shift 2
+ ;;
+
+ --blockio-write-bandwith)
+ BLOCK_IO_WRITE_BANDWITH="${2}"
+ shift 2
+ ;;
+
+ --)
+ shift 1
+ break
+ ;;
+
+ *)
+ echo "'${COMMAND}': getopt error" >&2
+ exit 1
+ ;;
+ esac
+ done
+}
+
+Usage ()
+{
+ echo "Usage: container ${COMMAND} -n|--name NAME [--blockio-device-weight \"DEVICE WEIGHT\"] [--blockio-read-bandwith \"DEVICE BYTES\"] [-b|--blockio-weight WEIGHT] [--blockio-write-bandwith \"DEVICE BYTES\"] [-c|--cpu-quota QUOTA] [--cpu-shares SHARES] [-m|--memory-limit BYTES] [-t|--tasks-max NUMBER]" >&2
+ exit 1
+}
+
+Parameters "${@}"
+
+if [ -z "${NAME}" ]
+then
+ Usage
+fi
+
+if [ ! -e "${MACHINES}/${NAME}" ]
+then
+ echo "'${NAME}': no such container" >&2
+ exit 1
+fi
+
+STATE="$(machinectl show ${NAME} 2>&1 | awk -F= '/^State=/ { print $2 }')"
+
+case "${STATE}" in
+ running)
+ ;;
+
+ *)
+ echo "'${NAME}': container is not running" >&2
+ exit 1
+ ;;
+esac
+
+if [ -n "${BLOCK_IO_DEVICE_WEIGHT}" ]
+then
+ BLOCK_IO_DEVICE_WEIGHT="BlockIODeviceWeight=${BLOCK_IO_DEVICE_WEIGHT}"
+ SET_PROPERTY="true"
+fi
+
+if [ -n "${BLOCK_IO_READ_BANDWITH}" ]
+then
+ BLOCK_IO_READ_BANDWITH="BlockIOReadBandwidth=${BLOCK_IO_READ_BANDWITH}"
+ SET_PROPERTY="true"
+fi
+
+if [ -n "${BLOCK_IO_WEIGHT}" ]
+then
+ BLOCK_IO_WEIGHT="BlockIOWeight=${BLOCK_IO_WEIGHT}"
+ SET_PROPERTY="true"
+fi
+
+if [ -n "${BLOCK_IO_WRITE_BANDWITH}" ]
+then
+ BLOCK_IO_WRITE_BANDWITH="BlockIOReadBandwidth=${BLOCK_IO_WRITE_BANDWITH}"
+ SET_PROPERTY="true"
+fi
+
+if [ -n "${CPU_QUOTA}" ]
+then
+ CPU_QUOTA="CPUQuota=${CPU_QUOTA}"
+ SET_PROPERTY="true"
+fi
+
+if [ -n "${CPU_SHARES}" ]
+then
+ CPU_SHARES="CPUShares=${CPU_SHARES}"
+ SET_PROPERTY="true"
+fi
+
+if [ -n "${MEMORY_LIMIT}" ]
+then
+ MEMORY_LIMIT="MemoryLimit=${MEMORY_LIMIT}"
+ SET_PROPERTY="true"
+fi
+
+if [ -n "${TASKS_MAX}" ]
+then
+ TASKS_MAX="TasksMax=${TASKS_MAX}"
+ SET_PROPERTY="true"
+fi
+
+if [ "${SET_PROPERTY}" != "true" ]
+then
+ Usage
+fi
+
+# Run
+systemctl --runtime set-property ${NAME} ${BLOCK_IO_DEVICE_WEIGHT} ${BLOCK_IO_READ_BANDWITH} ${BLOCK_IO_WEIGHT} ${BLOCK_IO_WRITE_BANDWITH} ${CPU_QUOTA} ${CPU_SHARES} ${MEMORY_LIMIT} ${TASKS_MAX}
diff --git a/lib/container/list b/lib/container/list
index d522623..e5e76fe 100755
--- a/lib/container/list
+++ b/lib/container/list
@@ -183,9 +183,9 @@ do
;;
esac
- if [ -e "${MACHINES}/${CONTAINER}/etc/network/interfaces" ]
+ if ls "${MACHINES}/${CONTAINER}/etc/systemd/network"/*.network > /dev/null 2>&1
then
- ADDRESSES="$(awk '/address/ { print $2 }' ${MACHINES}/${CONTAINER}/etc/network/interfaces)"
+ ADDRESSES="$(awk -F= '/Address/ { print $2 }' ${MACHINES}/${CONTAINER}/etc/systemd/network/*.network)"
fi
ADDRESSES="${ADDRESSES:-n/a}"
diff --git a/lib/container/rename b/lib/container/rename
new file mode 100755
index 0000000..2d27615
--- /dev/null
+++ b/lib/container/rename
@@ -0,0 +1,162 @@
+#!/bin/sh
+
+# container-tools - Manage systemd-nspawn containers
+# Copyright (C) 2014-2016 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+set -e
+
+COMMAND="$(basename ${0})"
+
+CONFIG="/etc/container-tools/config"
+MACHINES="/var/lib/machines"
+
+Parameters ()
+{
+ LONG_OPTIONS="force,new:,old:,"
+ OPTIONS="f,n:,o:,"
+
+ PARAMETERS="$(getopt --longoptions ${LONG_OPTIONS} --name=${COMMAND} --options ${OPTIONS} --shell sh -- ${@})"
+
+ if [ "${?}" != "0" ]
+ then
+ echo "'${COMMAND}': getopt exit" >&2
+ exit 1
+ fi
+
+ eval set -- "${PARAMETERS}"
+
+ while true
+ do
+ case "${1}" in
+ -f|--force)
+ FORCE="true"
+ shift 1
+ ;;
+
+ -n|--new)
+ NEW="${2}"
+ shift 2
+ ;;
+
+ -o|--old)
+ OLD="${2}"
+ shift 2
+ ;;
+
+ --)
+ shift 1
+ break
+ ;;
+
+ *)
+ echo "'${COMMAND}': getopt error" >&2
+ exit 1
+ ;;
+ esac
+ done
+}
+
+Usage ()
+{
+ echo "Usage: container ${COMMAND} [-f|--force] -n|--new NAME -o|--old NAME" >&2
+ exit 1
+}
+
+Parameters "${@}"
+
+if [ -z "${OLD}" ] || [ -z "${NEW}" ]
+then
+ Usage
+fi
+
+if [ ! -e "${MACHINES}/${OLD}" ]
+then
+ echo "'${OLD}': no such container" >&2
+ exit 1
+fi
+
+if [ ! -e "${MACHINES}/${NEW}" ]
+then
+ echo "'${NEW}': container already exists" >&2
+ exit 1
+fi
+
+STATE="$(machinectl show ${OLD} 2>&1 | awk -F= '/^State=/ { print $2 }')"
+
+case "${STATE}" in
+ running)
+ echo "'${OLD}': container is started" >&2
+ exit 1
+ ;;
+esac
+
+case "${FORCE}" in
+ true)
+ ;;
+
+ *)
+ if container list --other | grep -qs "^${OLD}$"
+ then
+ echo -n "'${OLD}': rename remote container to '${NEW}' [y|N]? "
+ read FORCE
+
+ FORCE="$(echo ${FORCE} | tr [A-Z] [a-z])"
+
+ case "${FORCE}" in
+ y|yes)
+ ;;
+
+ *)
+ exit 1
+ ;;
+ esac
+ fi
+ ;;
+esac
+
+# Run
+mv "${CONFIG}/${OLD}.conf" "${CONFIG}/${NEW}.conf"
+mv "${MACHINES}/${OLD}" "${MACHINES}/${NEW}"
+
+# Renaming bind mounts
+BIND="$(awk -F= '/^bind=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
+
+if [ -n "${BIND}" ]
+then
+ BINDS="$(echo ${BIND} | sed -e 's|;| |g')"
+
+ for BIND in ${BINDS}
+ do
+ SOURCE_OLD="$(echo ${BIND} | awk -F: '{ print $1 }')"
+ SOURCE_NEW="$(echo ${SOURCE_OLD} | sed -e "s|${OLD}|${NEW}|g")"
+
+ if [ "${SOURCE_OLD}" != "${SOURCE_NEW}" ]
+ then
+ mv "${SOURCE_OLD}" "${SOURCE_NEW}"
+ fi
+
+ TARGET_OLD="$(echo ${BIND} | awk -F: '{ print $2 }')"
+ TARGET_NEW="$(echo ${TARGET_OLD} | sed -e "s|${OLD}|${NEW}|g")"
+
+ if [ "${TARGET_OLD}" != "${TARGET_NEW}" ]
+ then
+ mv "${MACHINES}/${NEW}/${TARGET_OLD}" "${MACHINES}/${NEW}/${TARGET_NEW}"
+ fi
+ done
+fi
+
+# Updating configuration file
+sed -i -e "s|${OLD}|${NEW}|g" "${CONFIG}/${NEW}.conf"
diff --git a/lib/container/stop b/lib/container/stop
index ba8960d..ec24d51 100755
--- a/lib/container/stop
+++ b/lib/container/stop
@@ -27,8 +27,8 @@ CLEAN="false"
Parameters ()
{
- LONG_OPTIONS="name:,clean,"
- OPTIONS="n:,"
+ LONG_OPTIONS="name:,force,clean,"
+ OPTIONS="n:,f,"
PARAMETERS="$(getopt --longoptions ${LONG_OPTIONS} --name=${COMMAND} --options ${OPTIONS} --shell sh -- ${@})"
@@ -48,6 +48,10 @@ Parameters ()
shift 2
;;
+ -f|--force)
+ FORCE="true"
+ ;;
+
--clean)
# internal option
CLEAN="true"
@@ -166,5 +170,15 @@ case "${STATE}" in
;;
esac
+case "${FORCE}" in
+ true)
+ MODE="terminate"
+ ;;
+
+ *)
+ MODE="poweroff"
+ ;;
+esac
+
# Run
-machinectl poweroff ${NAME}
+machinectl ${MODE} ${NAME}
diff --git a/share/bash-completion/container b/share/bash-completion/container
index 3bac382..f6434f8 100644
--- a/share/bash-completion/container
+++ b/share/bash-completion/container
@@ -82,6 +82,46 @@ _container()
esac
;;
+ enter)
+ case "${cur}" in
+ -*)
+ opts="-n --name"
+ COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
+ return 0
+ ;;
+
+ *)
+ case "${prev}" in
+ -n|--name)
+ opts=$(container list -s -f short)
+ COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
+ return 0
+ ;;
+ esac
+ ;;
+ esac
+ ;;
+
+ limit)
+ case "${cur}" in
+ -*)
+ opts="-n --name --blockio-device-weight --blockio-read-bandwith -b --blockio-weight --blockio-write-bandwith -c --cpu-quota --cpu-shares -m --memory-limit -t --tasks-max"
+ COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
+ return 0
+ ;;
+
+ *)
+ case "${prev}" in
+ -n|--name)
+ opts=$(container list -a -f short)
+ COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
+ return 0
+ ;;
+ esac
+ ;;
+ esac
+ ;;
+
list)
case "${cur}" in
-*)
diff --git a/share/config/container.conf.in b/share/config/container.conf.in
index c3268d5..b5678c0 100644
--- a/share/config/container.conf.in
+++ b/share/config/container.conf.in
@@ -14,3 +14,13 @@ machine=@MACHINE@
network-veth-extra=@NETWORK_VETH_EXTRA@
private-users=@PRIVATE_USERS@
register=@REGISTER@
+
+[limit]
+BlockIODeviceWeight=
+BlockIOReadBandwidth=
+BlockIOWeight=
+BlockIOWriteBandwidth=
+CPUQuota=
+CPUShares=
+MemoryLimit=
+TasksMax=
diff --git a/share/doc/HOST-SETUP.txt b/share/doc/HOST-SETUP.txt
index a5aca94..c77f829 100644
--- a/share/doc/HOST-SETUP.txt
+++ b/share/doc/HOST-SETUP.txt
@@ -47,6 +47,8 @@ sysctl -p
cat > /etc/network/interfaces << EOF
# /etc/network/interfaces
+source /etc/network/interfaces.d/*
+
auto lo
iface lo inet loopback
@@ -67,6 +69,8 @@ EOF
cat > /etc/network/interfaces << EOF
# /etc/network/interfaces
+source /etc/network/interfaces.d/*
+
auto lo
iface lo inet loopback
@@ -94,6 +98,8 @@ EOF
cat > /etc/network/interfaces << EOF
# /etc/network/interfaces
+source /etc/network/interfaces.d/*
+
auto lo
iface lo inet loopback
@@ -120,6 +126,8 @@ EOF
cat > /etc/network/interfaces << EOF
# /etc/network/interfaces
+source /etc/network/interfaces.d/*
+
auto lo
iface lo inet loopback
diff --git a/share/man/container-enter.1.txt b/share/man/container-enter.1.txt
new file mode 100644
index 0000000..61c0f66
--- /dev/null
+++ b/share/man/container-enter.1.txt
@@ -0,0 +1,72 @@
+// container-tools - Manage systemd-nspawn containers
+// Copyright (C) 2014-2016 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+CONTAINER-CONSOLE(1)
+====================
+:doctype: manpage
+:man manual: Open Infrastructure
+:man source: container-tools
+:man version: {revnumber}
+
+
+NAME
+----
+container-enter - Enter a container namespace
+
+
+SYNOPSIS
+--------
+*container enter* ['OPTIONS']
+
+
+DESCRIPTION
+-----------
+The container enter enters a container namespace.
+
+
+OPTIONS
+-------
+The following container options are available:
+
+*-n, --name='NAME'*::
+ Specify container name.
+
+
+EXAMPLES
+--------
+*Enter to example.net container namespace:*::
+ sudo container enter -n example.net
+
+
+SEE ALSO
+--------
+container-tools(7),
+container(1).
+
+
+HOMEPAGE
+--------
+More information about container-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net.
+
+
+BUGS
+----
+Bugs can be reported by sending a bug report to the Debian Bug Tracking System at https://bugs.debian.org.
+
+
+AUTHORS
+-------
+container-tools was written by Daniel Baumann <daniel.baumann@open-infrastructure.net>.
diff --git a/share/man/container-limit.1.txt b/share/man/container-limit.1.txt
new file mode 100644
index 0000000..0ba5b74
--- /dev/null
+++ b/share/man/container-limit.1.txt
@@ -0,0 +1,105 @@
+// container-tools - Manage systemd-nspawn containers
+// Copyright (C) 2014-2016 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+CONTAINER-LIMIT(1)
+==================
+:doctype: manpage
+:man manual: Open Infrastructure
+:man source: container-tools
+:man version: {revnumber}
+
+
+NAME
+----
+container-limit - Limit ressources of a container
+
+
+SYNOPSIS
+--------
+*container limit* ['OPTIONS']
+
+
+DESCRIPTION
+-----------
+The container limit command limits ressources available to a container at runtime.
+
+
+OPTIONS
+-------
+The following container options are available:
+
+*-n, --name='NAME'*::
+ Specify container name.
+
+*--blockio-device-weight='DEVICE WEIGHT'*::
+ Specify device specific blockio weight, see systemd.resource-control(5).
+
+*--blockio-read-bandwith='DEVICE BYTES'*::
+ Specify device specific blockio read bandwith, see systemd.resource-control(5).
+
+*-b, --blockio-weight='WEIGHT'*::
+ Specify general blockio weight, see systemd.resource-control(5).
+
+*--blockio-write-bandwith='DEVICE BYTES'*::
+ Specify device specific blockio write bandwith, see systemd.resource-control(5).
+
+*-c, --cpu-quota='QUOTA'*::
+ Specify CPU quota, see systemd.resource-control(5).
+
+*--cpu-shares='SHARES'*::
+ Specify CPU shares, see systemd.resource-control(5).
+
+*-m, --memory-limit='BYTES'*::
+ Specify memory limit, see systemd.resource-control(5).
+
+*-t, --tasks-max='NUMBER'*::
+ Specify tasks max, see systemd.resource-control(5).
+
+
+EXAMPLES
+--------
+*Set blockio weight for the example.net container:*::
+ sudo container limit -n example.net --blockio-weight 100
+
+*Set CPU quota for the example.net container:*::
+ sudo container limit -n example.net --cpu-quota 10%
+
+*Set memory limit for the example.net container to 1GB:*::
+ sudo container limit -n example.net --memory-limit 1G
+
+*Set tasks max for the example.net container to 100:*::
+ sudo container limit -n example.net --tasks-max 100
+
+
+SEE ALSO
+--------
+container-tools(7),
+container(1).
+
+
+HOMEPAGE
+--------
+More information about container-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net.
+
+
+BUGS
+----
+Bugs can be reported by sending a bug report to the Debian Bug Tracking System at https://bugs.debian.org.
+
+
+AUTHORS
+-------
+container-tools was written by Daniel Baumann <daniel.baumann@open-infrastructure.net>.
diff --git a/share/man/container-list.1.txt b/share/man/container-list.1.txt
index 8ac59c2..e0c8fb7 100644
--- a/share/man/container-list.1.txt
+++ b/share/man/container-list.1.txt
@@ -31,6 +31,8 @@ SYNOPSIS
--------
*container list* ['OPTIONS']
+*container ls* ['OPTIONS']
+
DESCRIPTION
-----------
diff --git a/share/man/container-remove.1.txt b/share/man/container-remove.1.txt
index cad779f..03c29c2 100644
--- a/share/man/container-remove.1.txt
+++ b/share/man/container-remove.1.txt
@@ -31,6 +31,8 @@ SYNOPSIS
--------
*container remove* ['OPTIONS']
+*container rm* ['OPTIONS']
+
DESCRIPTION
-----------
diff --git a/share/man/container-stop.1.txt b/share/man/container-stop.1.txt
index 8b864d6..7531f1c 100644
--- a/share/man/container-stop.1.txt
+++ b/share/man/container-stop.1.txt
@@ -44,12 +44,18 @@ The following container options are available:
*-n, --name='NAME'*::
Specify container name.
+*-f, --force*::
+ Instead of running the proper shutdown sequence, terminate all processes of the container imediatly.
+
EXAMPLES
--------
*Shutdown example.net container:*::
sudo container stop -n example.net
+*Immediately stop example.net container:*::
+ sudo container stop -n example.net -f
+
SEE ALSO
--------
diff --git a/share/man/container.1.txt b/share/man/container.1.txt
index 78a7d68..32bd393 100644
--- a/share/man/container.1.txt
+++ b/share/man/container.1.txt
@@ -67,6 +67,12 @@ The following container commands are available:
*console*::
Attach console to a container, see container-console(1).
+*enter*::
+ Enter a container namespace, see container-enter(1).
+
+*limit*::
+ Limit ressources of a container, see container-limit(1).
+
*list*::
List container on the system, see container-list(1).
diff --git a/share/scripts/debconf b/share/scripts/debconf
index 4878d98..6fab784 100755
--- a/share/scripts/debconf
+++ b/share/scripts/debconf
@@ -123,6 +123,15 @@ Chroot ()
${@}
}
+CIDR ()
+{
+ x=${1##*255.}
+ set -- 0^^^128^192^224^240^248^252^254^ $(( (${#1} - ${#x})*2 )) ${x%%.*}
+
+ x=${1%%$3*}
+ echo $(( $2 + (${#x}/4) ))
+}
+
Upgrade_system ()
{
DIRECTORY="${1}"
@@ -238,11 +247,11 @@ Debootstrap ()
# FIXME: trim down, debootstrap variants?
case "${MODE}" in
debian)
- INCLUDE="${INCLUDE},ifupdown,locales,libui-dialog-perl,dialog,isc-dhcp-client,netbase,net-tools,iproute,wget"
+ INCLUDE="${INCLUDE},locales,libui-dialog-perl,dialog,isc-dhcp-client,netbase,net-tools,iproute,wget"
;;
progress-linux)
- INCLUDE="${INCLUDE},apt-utils,ifupdown,locales-all,libui-dialog-perl,dialog,isc-dhcp-client,netbase,net-tools,iproute,openssh-server,wget"
+ INCLUDE="${INCLUDE},apt-utils,locales-all,libui-dialog-perl,dialog,isc-dhcp-client,netbase,net-tools,iproute,openssh-server,wget"
;;
esac
@@ -735,91 +744,9 @@ EOF
Configure_network ()
{
- # Create /etc/network/interfaces
-
DIRECTORY="${1}"
-cat > "${DIRECTORY}/etc/network/interfaces.tmp" << EOF
-# Used by ifup(8) and ifdown(8). See the interfaces(5) manpage or
-# /usr/share/doc/ifupdown/examples for more information.
-EOF
-
- for NUMBER in $(seq 0 ${NETWORK_NUMBER})
- do
- eval IPV4_COMMENT="$`echo NETWORK${NUMBER}_IPV4_COMMENT`"
- eval IPV4_METHOD="$`echo NETWORK${NUMBER}_IPV4_METHOD`"
- eval IPV4_ADDRESS="$`echo NETWORK${NUMBER}_IPV4_ADDRESS`"
- eval IPV4_GATEWAY="$`echo NETWORK${NUMBER}_IPV4_GATEWAY`"
- eval IPV4_NETMASK="$`echo NETWORK${NUMBER}_IPV4_NETMASK`"
- eval IPV4_POST_UP="$`echo NETWORK${NUMBER}_IPV4_POST_UP`"
- eval IPV4_POST_DOWN="$`echo NETWORK${NUMBER}_IPV4_POST_DOWN`"
-
- if [ -z "${IPV4_METHOD}" ]
- then
- continue
- fi
-
- echo >> "${DIRECTORY}/etc/network/interfaces.tmp"
-
- if [ -n "${IPV4_COMMENT}" ]
- then
- echo "# ${IPV4_COMMENT}" >> "${DIRECTORY}/etc/network/interfaces.tmp"
- fi
-
- case "${IPV4_METHOD}" in
- none)
-
-cat >> "${DIRECTORY}/etc/network/interfaces.tmp" << EOF
-iface eth${NUMBER} inet manual
-EOF
-
- ;;
-
- dhcp)
-
-cat >> "${DIRECTORY}/etc/network/interfaces.tmp" << EOF
-auto eth${NUMBER}
-iface eth${NUMBER} inet dhcp
-EOF
-
- ;;
-
- static)
-
-cat >> "${DIRECTORY}/etc/network/interfaces.tmp" << EOF
-auto eth${NUMBER}
-iface eth${NUMBER} inet static
- address ${IPV4_ADDRESS}
-EOF
-
- if [ -n "${IPV4_GATEWAY}" ]
- then
- echo " gateway ${IPV4_GATEWAY}" >> "${DIRECTORY}/etc/network/interfaces.tmp"
- fi
-
- if [ -n "${IPV4_NETMASK}" ]
- then
- echo " netmask ${IPV4_NETMASK}" >> "${DIRECTORY}/etc/network/interfaces.tmp"
- fi
-
- if [ -n "${IPV4_POST_UP}" ]
- then
- echo " post-up ${IPV4_POST_UP}" >> "${DIRECTORY}/etc/network/interfaces.tmp"
- fi
-
- if [ -n "${IPV4_POST_DOWN}" ]
- then
- echo " post-down ${IPV4_POST_DOWN}" >> "${DIRECTORY}/etc/network/interfaces.tmp"
- fi
- ;;
- esac
-
- NUMBER="$((${NUMBER} + 1))"
- done
-
- mv "${DIRECTORY}/etc/network/interfaces.tmp" "${DIRECTORY}/etc/network/interfaces"
-
- # create /etc/resolv.conf
+ # Create /etc/resolv.conf
rm -f "${DIRECTORY}/etc/resolv.conf.tmp"
if [ -n "${NAMESERVER_DOMAIN}" ]
@@ -897,6 +824,80 @@ EOF
mv "${DIRECTORY}/etc/hosts.tmp" "${DIRECTORY}/etc/hosts"
}
+Configure_systemd_networkd ()
+{
+ # FIXME: postup/postdown: multi-interface route
+
+ DIRECTORY="${1}"
+
+ # Enable systemd-networkd
+ chroot "${DIRECTORY}" apt purge --yes ifupdown || true
+
+ rm -f "${DIRECTORY}/etc/network/interfaces"
+ rmdir --ignore-fail-on-non-empty --parents "${DIRECTORY}"/etc/network/* > /dev/null 2>&1 || true
+
+ chroot "${DIRECTORY}" systemctl enable systemd-networkd
+
+ for NUMBER in $(seq 0 ${NETWORK_NUMBER})
+ do
+ eval IPV4_COMMENT="$`echo NETWORK${NUMBER}_IPV4_COMMENT`"
+ eval IPV4_METHOD="$`echo NETWORK${NUMBER}_IPV4_METHOD`"
+ eval IPV4_ADDRESS="$`echo NETWORK${NUMBER}_IPV4_ADDRESS`"
+ eval IPV4_GATEWAY="$`echo NETWORK${NUMBER}_IPV4_GATEWAY`"
+ eval IPV4_NETMASK="$`echo NETWORK${NUMBER}_IPV4_NETMASK`"
+# eval IPV4_POST_UP="$`echo NETWORK${NUMBER}_IPV4_POST_UP`"
+# eval IPV4_POST_DOWN="$`echo NETWORK${NUMBER}_IPV4_POST_DOWN`"
+
+ if [ -z "${IPV4_METHOD}" ]
+ then
+ continue
+ fi
+
+ IPV4_SUFFIX="$(CIDR ${IPV4_NETMASK})"
+ IPV4_CIDR="${IPV4_ADDRESS}/${IPV4_SUFFIX}"
+
+cat > "${DIRECTORY}/etc/systemd/network/eth${NUMBER}.network" << EOF
+[Match]
+Name=eth${NUMBER}
+
+[Network]
+EOF
+
+ if [ -n "${IPV4_COMMENT}" ]
+ then
+ echo "Description=${IPV4_COMMENT}" >> "${DIRECTORY}/etc/systemd/network/eth${NUMBER}.network"
+ fi
+
+ case "${IPV4_METHOD}" in
+ dhcp)
+
+cat >> "${DIRECTORY}/etc/systemd/network/eth${NUMBER}.network" << EOF
+DHCP=ipv4
+EOF
+
+ ;;
+
+ static)
+
+cat >> "${DIRECTORY}/etc/systemd/network/eth${NUMBER}.network" << EOF
+DHCP=no
+Address=${IPV4_CIDR}
+EOF
+
+ if [ -n "${IPV4_GATEWAY}" ]
+ then
+
+cat >> "${DIRECTORY}/etc/systemd/network/eth${NUMBER}.network" << EOF
+Gateway=${IPV4_GATEWAY}
+EOF
+
+ fi
+ esac
+
+ NUMBER="$((${NUMBER} + 1))"
+ done
+}
+
Commands ()
{
DIRECTORY="${1}"
@@ -1045,6 +1046,7 @@ fi
Configure_system "${MACHINES}/${NAME}"
Configure_network "${MACHINES}/${NAME}"
+Configure_systemd_networkd "${MACHINES}/${NAME}" # FIXME
Cleanup_system "${MACHINES}/${NAME}"
Commands "${MACHINES}/${NAME}"