diff options
Diffstat (limited to 'lib/container')
-rwxr-xr-x | lib/container/create | 3 | ||||
-rwxr-xr-x | lib/container/key | 152 | ||||
-rwxr-xr-x | lib/container/limit | 208 | ||||
-rwxr-xr-x | lib/container/log | 2 | ||||
-rwxr-xr-x | lib/container/start | 98 |
5 files changed, 14 insertions, 449 deletions
diff --git a/lib/container/create b/lib/container/create index 43cad9b..8fa6189 100755 --- a/lib/container/create +++ b/lib/container/create @@ -266,3 +266,6 @@ do "${FILE}" fi done + +# done +echo "'${NAME}': container created." diff --git a/lib/container/key b/lib/container/key deleted file mode 100755 index 1b59555..0000000 --- a/lib/container/key +++ /dev/null @@ -1,152 +0,0 @@ -#!/bin/sh - -# Copyright (C) 2014-2019 Daniel Baumann <daniel.baumann@open-infrastructure.net> -# -# SPDX-License-Identifier: GPL-3.0+ -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. - -set -e - -PROJECT="open-infrastructure" -PROGRAM="container" -COMMAND="$(basename ${0})" - -KEYS="/etc/${PROJECT}/${PROGRAM}/keys" - -Parameters () -{ - GETOPT_LONGOPTIONS="add:,list,remove:," - GETOPT_OPTIONS="a:,l,r:," - - PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${COMMAND} --options ${GETOPT_OPTIONS} --shell sh -- ${@})" - - if [ "${?}" != "0" ] - then - echo "'${COMMAND}': getopt exit" >&2 - exit 1 - fi - - eval set -- "${PARAMETERS}" - - while true - do - case "${1}" in - -a|--add) - ADD="${2}" - ACTION="add" - shift 2 - ;; - - -l|--list) - ACTION="list" - shift 1 - ;; - - -r|--remove) - REMOVE="${2}" - ACTION="remove" - shift 2 - ;; - - --) - shift 1 - break - ;; - - *) - echo "'${COMMAND}': getopt error" >&2 - exit 1 - ;; - esac - done -} - -Usage () -{ - echo "Usage: ${PROGRAM} ${COMMAND} [-a|--add KEY] [-l|--list] [-r|--remove KEY]" >&2 - exit 1 -} - -Parameters "${@}" - -if [ -z "${ACTION}" ] -then - Usage -fi - -# Pre hooks -for FILE in "${HOOKS}/pre-${COMMAND}".* "${HOOKS}/${NAME}.pre-${COMMAND}" -do - if [ -x "${FILE}" ] - then - "${FILE}" - fi -done - -# Run -if [ ! -e "${KEYS}" ] -then - mkdir -p "${KEYS}" - - chown root:root "${KEYS}" - chmod 0700 "${KEYS}" - -cat > "${KEYS}/gnupg.conf" << EOF -keyserver hkps://hkps.pool.sks-keyservers.net -keyserver-options include-revoked -keyserver-options no-honor-keyserver-url - -cert-digest-algo SHA512 -default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES ZLIB ZIP Uncompressed -personal-cipher-preferences AES256 AES192 AES -personal-compress-preferences ZLIB ZIP Uncompressed -personal-digest-preferences SHA512 SHA384 SHA256 SHA224 - -no-comments -no-emit-version -no-greeting -keyid-format 0xlong -list-options show-keyring -list-options show-uid-validity -verify-options show-uid-validity -with-fingerprint - -charset utf-8 -EOF - -fi - -case "${ACTION}" in - add) - gpg --homedir "${KEYS}" --import "${ADD}" - ;; - - list) - gpg --homedir "${KEYS}" --list-keys - ;; - - remove) - gpg --homedir "${KEYS}" --delete-keys "${REMOVE}" - ;; -esac - -# Post hooks -for FILE in "${HOOKS}/post-${COMMAND}".* "${HOOKS}/${NAME}.post-${COMMAND}" -do - if [ -x "${FILE}" ] - then - "${FILE}" - fi -done diff --git a/lib/container/limit b/lib/container/limit deleted file mode 100755 index b1ec170..0000000 --- a/lib/container/limit +++ /dev/null @@ -1,208 +0,0 @@ -#!/bin/sh - -# Copyright (C) 2014-2019 Daniel Baumann <daniel.baumann@open-infrastructure.net> -# -# SPDX-License-Identifier: GPL-3.0+ -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. - -set -e - -PROJECT="open-infrastructure" -PROGRAM="container" -COMMAND="$(basename ${0})" - -HOOKS="/etc/${PROJECT}/${PROGRAM}/hooks" -MACHINES="/var/lib/machines" - -Parameters () -{ - GETOPT_LONGOPTIONS="name:,blockio-device-weight:,blockio-read-bandwidth:,blockio-weight:,blockio-write-bandwidth:,cpu-quota:,cpu-shares:,memory-limit:,tasks-max:," - GETOPT_OPTIONS="n:b:c:m:t:," - - PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${COMMAND} --options ${GETOPT_OPTIONS} --shell sh -- ${@})" - - if [ "${?}" != "0" ] - then - echo "'${COMMAND}': getopt exit" >&2 - exit 1 - fi - - eval set -- "${PARAMETERS}" - - while true - do - case "${1}" in - -n|--name) - NAME="${2}" - shift 2 - ;; - - -c|--cpu-quota) - CPU_QUOTA="${2}" - shift 2 - ;; - - --cpu-shares) - CPU_SHARES="${2}" - shift 2 - ;; - - -m|--memory-limit) - MEMORY_LIMIT="${2}" - shift 2 - ;; - - -t|--tasks-max) - TASKS_MAX="${2}" - shift 2 - ;; - - --blockio-device-weight) - BLOCK_IO_DEVICE_WEIGHT="${2}" - shift 2 - ;; - - --blockio-read-bandwidth) - BLOCK_IO_READ_BANDWIDTH="${2}" - shift 2 - ;; - - -b|--blockio-weight) - BLOCK_IO_WEIGHT="${2}" - shift 2 - ;; - - --blockio-write-bandwidth) - BLOCK_IO_WRITE_BANDWIDTH="${2}" - shift 2 - ;; - - --) - shift 1 - break - ;; - - *) - echo "'${COMMAND}': getopt error" >&2 - exit 1 - ;; - esac - done -} - -Usage () -{ - echo "Usage: ${PROGRAM} ${COMMAND} -n|--name NAME [--blockio-device-weight \"DEVICE WEIGHT\"] [--blockio-read-bandwidth \"DEVICE BYTES\"] [-b|--blockio-weight WEIGHT] [--blockio-write-bandwidth \"DEVICE BYTES\"] [-c|--cpu-quota QUOTA] [--cpu-shares SHARES] [-m|--memory-limit BYTES] [-t|--tasks-max NUMBER]" >&2 - exit 1 -} - -Parameters "${@}" - -if [ -z "${NAME}" ] -then - Usage -fi - -if [ ! -e "${MACHINES}/${NAME}" ] -then - echo "'${NAME}': no such container" >&2 - exit 1 -fi - -STATE="$(machinectl show ${NAME} 2>&1 | awk -F= '/^State=/ { print $2 }')" - -case "${STATE}" in - running) - ;; - - *) - echo "'${NAME}': container is not running" >&2 - exit 1 - ;; -esac - -if [ -n "${BLOCK_IO_DEVICE_WEIGHT}" ] -then - BLOCK_IO_DEVICE_WEIGHT="BlockIODeviceWeight=${BLOCK_IO_DEVICE_WEIGHT}" - SET_PROPERTY="true" -fi - -if [ -n "${BLOCK_IO_READ_BANDWIDTH}" ] -then - BLOCK_IO_READ_BANDWIDTH="BlockIOReadBandwidth=${BLOCK_IO_READ_BANDWIDTH}" - SET_PROPERTY="true" -fi - -if [ -n "${BLOCK_IO_WEIGHT}" ] -then - BLOCK_IO_WEIGHT="BlockIOWeight=${BLOCK_IO_WEIGHT}" - SET_PROPERTY="true" -fi - -if [ -n "${BLOCK_IO_WRITE_BANDWIDTH}" ] -then - BLOCK_IO_WRITE_BANDWIDTH="BlockIOReadBandwidth=${BLOCK_IO_WRITE_BANDWIDTH}" - SET_PROPERTY="true" -fi - -if [ -n "${CPU_QUOTA}" ] -then - CPU_QUOTA="CPUQuota=${CPU_QUOTA}" - SET_PROPERTY="true" -fi - -if [ -n "${CPU_SHARES}" ] -then - CPU_SHARES="CPUShares=${CPU_SHARES}" - SET_PROPERTY="true" -fi - -if [ -n "${MEMORY_LIMIT}" ] -then - MEMORY_LIMIT="MemoryLimit=${MEMORY_LIMIT}" - SET_PROPERTY="true" -fi - -if [ -n "${TASKS_MAX}" ] -then - TASKS_MAX="TasksMax=${TASKS_MAX}" - SET_PROPERTY="true" -fi - -if [ "${SET_PROPERTY}" != "true" ] -then - Usage -fi - -# Pre hooks -for FILE in "${HOOKS}/pre-${COMMAND}".* "${HOOKS}/${NAME}.pre-${COMMAND}" -do - if [ -x "${FILE}" ] - then - "${FILE}" - fi -done - -# Run -systemctl --runtime set-property ${NAME} ${BLOCK_IO_DEVICE_WEIGHT} ${BLOCK_IO_READ_BANDWIDTH} ${BLOCK_IO_WEIGHT} ${BLOCK_IO_WRITE_BANDWIDTH} ${CPU_QUOTA} ${CPU_SHARES} ${MEMORY_LIMIT} ${TASKS_MAX} - -# Post hooks -for FILE in "${HOOKS}/post-${COMMAND}".* "${HOOKS}/${NAME}.post-${COMMAND}" -do - if [ -x "${FILE}" ] - then - "${FILE}" - fi -done diff --git a/lib/container/log b/lib/container/log index 200177c..b220b5f 100755 --- a/lib/container/log +++ b/lib/container/log @@ -119,8 +119,6 @@ else LOGS="${LOG}" fi -# FIXME: user - for LOG in ${LOGS} do case "${LOG}" in diff --git a/lib/container/start b/lib/container/start index a63c861..82f9314 100755 --- a/lib/container/start +++ b/lib/container/start @@ -398,100 +398,24 @@ EOF REGISTER="--register=no" ;; esac - - BLOCK_IO_DEVICE_WEIGHT="$(awk -F= '/^BlockIODeviceWeight=/ { print $2 }' ${CONFIG}/${NAME}.conf)" - - if [ -n "${BLOCK_IO_DEVICE_WEIGHT}" ] - then - BLOCK_IO_DEVICE_WEIGHT="BlockIODeviceWeight=${BLOCK_IO_DEVICE_WEIGHT}" - SET_PROPERTY="true" - fi - - BLOCK_IO_READ_BANDWIDTH="$(awk -F= '/^BlockIOReadBandwidth=/ { print $2 }' ${CONFIG}/${NAME}.conf)" - - if [ -n "${BLOCK_IO_READ_BANDWIDTH}" ] - then - BLOCK_IO_READ_BANDWIDTH="BlockIOReadBandwidth=${BLOCK_IO_READ_BANDWIDTH}" - SET_PROPERTY="true" - fi - - BLOCK_IO_WEIGHT="$(awk -F= '/^BlockIOWeight=/ { print $2 }' ${CONFIG}/${NAME}.conf)" - - if [ -n "${BLOCK_IO_WEIGHT}" ] - then - BLOCK_IO_WEIGHT="BlockIOWeight=${BLOCK_IO_WEIGHT}" - SET_PROPERTY="true" - fi - - BLOCK_IO_WRITE_BANDWIDTH="$(awk -F= '/^BlockIOWriteBandwidth=/ { print $2 }' ${CONFIG}/${NAME}.conf)" - - if [ -n "${BLOCK_IO_WRITE_BANDWIDTH}" ] - then - BLOCK_IO_WRITE_BANDWIDTH="BlockIOWriteBandwidth=${BLOCK_IO_WRITE_BANDWIDTH}" - SET_PROPERTY="true" - fi - - CPU_QUOTA="$(awk -F= '/^CPUQuota=/ { print $2 }' ${CONFIG}/${NAME}.conf)" - - if [ -n "${CPU_QUOTA}" ] - then - CPU_QUOTA="CPUQuota=${CPU_QUOTA}" - SET_PROPERTY="true" - fi - - CPU_SHARES="$(awk -F= '/^CPUShares=/ { print $2 }' ${CONFIG}/${NAME}.conf)" - - if [ -n "${CPU_SHARES}" ] - then - CPU_SHARES="CPUShares=${CPU_SHARES}" - SET_PROPERTY="true" - fi - - MEMORY_LIMIT="$(awk -F= '/^MemoryLimit=/ { print $2 }' ${CONFIG}/${NAME}.conf)" - - if [ -n "${MEMORY_LIMIT}" ] - then - MEMORY_LIMIT="MemoryLimit=${MEMORY_LIMIT}" - SET_PROPERTY="true" - fi - - TASKS_MAX="$(awk -F= '/^TasksMax=/ { print $2 }' ${CONFIG}/${NAME}.conf)" - - if [ -n "${TASKS_MAX}" ] - then - TASKS_MAX="TasksMax=${TASKS_MAX}" - SET_PROPERTY="true" - fi fi case "${SYSTEMCTL}" in true) systemctl start ${PROGRAM}@${NAME}.service - # FIXME start console .. after sleep? + configuration option + exit 0 ;; esac -case "${START}" in - true) - case "${SET_PROPERTY}" in - true) - systemctl --runtime set-property ${NAME} ${BLOCK_IO_DEVICE_WEIGHT} ${BLOCK_IO_READ_BANDWIDTH} ${BLOCK_IO_WEIGHT} ${BLOCK_IO_WRITE_BANDWIDTH} ${CPU_QUOTA} ${CPU_SHARES} ${MEMORY_LIMIT} ${TASKS_MAX} - ;; - esac - ;; +# Run +${SETARCH} systemd-nspawn --keep-unit ${BIND} ${BIND_RO} ${BOOT} ${CAPABILITY} ${DIRECTORY} ${DROP_CAPABILITY} ${MACHINE} ${NETWORK_VETH_EXTRA} ${LINK_JOURNAL} ${REGISTER} - *) - # Run - ${SETARCH} systemd-nspawn --keep-unit ${BIND} ${BIND_RO} ${BOOT} ${CAPABILITY} ${DIRECTORY} ${DROP_CAPABILITY} ${MACHINE} ${NETWORK_VETH_EXTRA} ${LINK_JOURNAL} ${REGISTER} - - # Post hooks - for FILE in "${HOOKS}/post-${COMMAND}".* "${HOOKS}/${NAME}.post-${COMMAND}" - do - if [ -x "${FILE}" ] - then - "${FILE}" - fi - done - ;; -esac +# Post hooks +for FILE in "${HOOKS}/post-${COMMAND}".* "${HOOKS}/${NAME}.post-${COMMAND}" +do + if [ -x "${FILE}" ] + then + "${FILE}" + fi +done |