summaryrefslogtreecommitdiffstats
path: root/lib/container
diff options
context:
space:
mode:
Diffstat (limited to 'lib/container')
-rwxr-xr-xlib/container/create3
-rwxr-xr-xlib/container/key152
-rwxr-xr-xlib/container/limit208
-rwxr-xr-xlib/container/log2
-rwxr-xr-xlib/container/start98
5 files changed, 14 insertions, 449 deletions
diff --git a/lib/container/create b/lib/container/create
index 43cad9b..8fa6189 100755
--- a/lib/container/create
+++ b/lib/container/create
@@ -266,3 +266,6 @@ do
"${FILE}"
fi
done
+
+# done
+echo "'${NAME}': container created."
diff --git a/lib/container/key b/lib/container/key
deleted file mode 100755
index 1b59555..0000000
--- a/lib/container/key
+++ /dev/null
@@ -1,152 +0,0 @@
-#!/bin/sh
-
-# Copyright (C) 2014-2019 Daniel Baumann <daniel.baumann@open-infrastructure.net>
-#
-# SPDX-License-Identifier: GPL-3.0+
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-set -e
-
-PROJECT="open-infrastructure"
-PROGRAM="container"
-COMMAND="$(basename ${0})"
-
-KEYS="/etc/${PROJECT}/${PROGRAM}/keys"
-
-Parameters ()
-{
- GETOPT_LONGOPTIONS="add:,list,remove:,"
- GETOPT_OPTIONS="a:,l,r:,"
-
- PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${COMMAND} --options ${GETOPT_OPTIONS} --shell sh -- ${@})"
-
- if [ "${?}" != "0" ]
- then
- echo "'${COMMAND}': getopt exit" >&2
- exit 1
- fi
-
- eval set -- "${PARAMETERS}"
-
- while true
- do
- case "${1}" in
- -a|--add)
- ADD="${2}"
- ACTION="add"
- shift 2
- ;;
-
- -l|--list)
- ACTION="list"
- shift 1
- ;;
-
- -r|--remove)
- REMOVE="${2}"
- ACTION="remove"
- shift 2
- ;;
-
- --)
- shift 1
- break
- ;;
-
- *)
- echo "'${COMMAND}': getopt error" >&2
- exit 1
- ;;
- esac
- done
-}
-
-Usage ()
-{
- echo "Usage: ${PROGRAM} ${COMMAND} [-a|--add KEY] [-l|--list] [-r|--remove KEY]" >&2
- exit 1
-}
-
-Parameters "${@}"
-
-if [ -z "${ACTION}" ]
-then
- Usage
-fi
-
-# Pre hooks
-for FILE in "${HOOKS}/pre-${COMMAND}".* "${HOOKS}/${NAME}.pre-${COMMAND}"
-do
- if [ -x "${FILE}" ]
- then
- "${FILE}"
- fi
-done
-
-# Run
-if [ ! -e "${KEYS}" ]
-then
- mkdir -p "${KEYS}"
-
- chown root:root "${KEYS}"
- chmod 0700 "${KEYS}"
-
-cat > "${KEYS}/gnupg.conf" << EOF
-keyserver hkps://hkps.pool.sks-keyservers.net
-keyserver-options include-revoked
-keyserver-options no-honor-keyserver-url
-
-cert-digest-algo SHA512
-default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES ZLIB ZIP Uncompressed
-personal-cipher-preferences AES256 AES192 AES
-personal-compress-preferences ZLIB ZIP Uncompressed
-personal-digest-preferences SHA512 SHA384 SHA256 SHA224
-
-no-comments
-no-emit-version
-no-greeting
-keyid-format 0xlong
-list-options show-keyring
-list-options show-uid-validity
-verify-options show-uid-validity
-with-fingerprint
-
-charset utf-8
-EOF
-
-fi
-
-case "${ACTION}" in
- add)
- gpg --homedir "${KEYS}" --import "${ADD}"
- ;;
-
- list)
- gpg --homedir "${KEYS}" --list-keys
- ;;
-
- remove)
- gpg --homedir "${KEYS}" --delete-keys "${REMOVE}"
- ;;
-esac
-
-# Post hooks
-for FILE in "${HOOKS}/post-${COMMAND}".* "${HOOKS}/${NAME}.post-${COMMAND}"
-do
- if [ -x "${FILE}" ]
- then
- "${FILE}"
- fi
-done
diff --git a/lib/container/limit b/lib/container/limit
deleted file mode 100755
index b1ec170..0000000
--- a/lib/container/limit
+++ /dev/null
@@ -1,208 +0,0 @@
-#!/bin/sh
-
-# Copyright (C) 2014-2019 Daniel Baumann <daniel.baumann@open-infrastructure.net>
-#
-# SPDX-License-Identifier: GPL-3.0+
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-set -e
-
-PROJECT="open-infrastructure"
-PROGRAM="container"
-COMMAND="$(basename ${0})"
-
-HOOKS="/etc/${PROJECT}/${PROGRAM}/hooks"
-MACHINES="/var/lib/machines"
-
-Parameters ()
-{
- GETOPT_LONGOPTIONS="name:,blockio-device-weight:,blockio-read-bandwidth:,blockio-weight:,blockio-write-bandwidth:,cpu-quota:,cpu-shares:,memory-limit:,tasks-max:,"
- GETOPT_OPTIONS="n:b:c:m:t:,"
-
- PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${COMMAND} --options ${GETOPT_OPTIONS} --shell sh -- ${@})"
-
- if [ "${?}" != "0" ]
- then
- echo "'${COMMAND}': getopt exit" >&2
- exit 1
- fi
-
- eval set -- "${PARAMETERS}"
-
- while true
- do
- case "${1}" in
- -n|--name)
- NAME="${2}"
- shift 2
- ;;
-
- -c|--cpu-quota)
- CPU_QUOTA="${2}"
- shift 2
- ;;
-
- --cpu-shares)
- CPU_SHARES="${2}"
- shift 2
- ;;
-
- -m|--memory-limit)
- MEMORY_LIMIT="${2}"
- shift 2
- ;;
-
- -t|--tasks-max)
- TASKS_MAX="${2}"
- shift 2
- ;;
-
- --blockio-device-weight)
- BLOCK_IO_DEVICE_WEIGHT="${2}"
- shift 2
- ;;
-
- --blockio-read-bandwidth)
- BLOCK_IO_READ_BANDWIDTH="${2}"
- shift 2
- ;;
-
- -b|--blockio-weight)
- BLOCK_IO_WEIGHT="${2}"
- shift 2
- ;;
-
- --blockio-write-bandwidth)
- BLOCK_IO_WRITE_BANDWIDTH="${2}"
- shift 2
- ;;
-
- --)
- shift 1
- break
- ;;
-
- *)
- echo "'${COMMAND}': getopt error" >&2
- exit 1
- ;;
- esac
- done
-}
-
-Usage ()
-{
- echo "Usage: ${PROGRAM} ${COMMAND} -n|--name NAME [--blockio-device-weight \"DEVICE WEIGHT\"] [--blockio-read-bandwidth \"DEVICE BYTES\"] [-b|--blockio-weight WEIGHT] [--blockio-write-bandwidth \"DEVICE BYTES\"] [-c|--cpu-quota QUOTA] [--cpu-shares SHARES] [-m|--memory-limit BYTES] [-t|--tasks-max NUMBER]" >&2
- exit 1
-}
-
-Parameters "${@}"
-
-if [ -z "${NAME}" ]
-then
- Usage
-fi
-
-if [ ! -e "${MACHINES}/${NAME}" ]
-then
- echo "'${NAME}': no such container" >&2
- exit 1
-fi
-
-STATE="$(machinectl show ${NAME} 2>&1 | awk -F= '/^State=/ { print $2 }')"
-
-case "${STATE}" in
- running)
- ;;
-
- *)
- echo "'${NAME}': container is not running" >&2
- exit 1
- ;;
-esac
-
-if [ -n "${BLOCK_IO_DEVICE_WEIGHT}" ]
-then
- BLOCK_IO_DEVICE_WEIGHT="BlockIODeviceWeight=${BLOCK_IO_DEVICE_WEIGHT}"
- SET_PROPERTY="true"
-fi
-
-if [ -n "${BLOCK_IO_READ_BANDWIDTH}" ]
-then
- BLOCK_IO_READ_BANDWIDTH="BlockIOReadBandwidth=${BLOCK_IO_READ_BANDWIDTH}"
- SET_PROPERTY="true"
-fi
-
-if [ -n "${BLOCK_IO_WEIGHT}" ]
-then
- BLOCK_IO_WEIGHT="BlockIOWeight=${BLOCK_IO_WEIGHT}"
- SET_PROPERTY="true"
-fi
-
-if [ -n "${BLOCK_IO_WRITE_BANDWIDTH}" ]
-then
- BLOCK_IO_WRITE_BANDWIDTH="BlockIOReadBandwidth=${BLOCK_IO_WRITE_BANDWIDTH}"
- SET_PROPERTY="true"
-fi
-
-if [ -n "${CPU_QUOTA}" ]
-then
- CPU_QUOTA="CPUQuota=${CPU_QUOTA}"
- SET_PROPERTY="true"
-fi
-
-if [ -n "${CPU_SHARES}" ]
-then
- CPU_SHARES="CPUShares=${CPU_SHARES}"
- SET_PROPERTY="true"
-fi
-
-if [ -n "${MEMORY_LIMIT}" ]
-then
- MEMORY_LIMIT="MemoryLimit=${MEMORY_LIMIT}"
- SET_PROPERTY="true"
-fi
-
-if [ -n "${TASKS_MAX}" ]
-then
- TASKS_MAX="TasksMax=${TASKS_MAX}"
- SET_PROPERTY="true"
-fi
-
-if [ "${SET_PROPERTY}" != "true" ]
-then
- Usage
-fi
-
-# Pre hooks
-for FILE in "${HOOKS}/pre-${COMMAND}".* "${HOOKS}/${NAME}.pre-${COMMAND}"
-do
- if [ -x "${FILE}" ]
- then
- "${FILE}"
- fi
-done
-
-# Run
-systemctl --runtime set-property ${NAME} ${BLOCK_IO_DEVICE_WEIGHT} ${BLOCK_IO_READ_BANDWIDTH} ${BLOCK_IO_WEIGHT} ${BLOCK_IO_WRITE_BANDWIDTH} ${CPU_QUOTA} ${CPU_SHARES} ${MEMORY_LIMIT} ${TASKS_MAX}
-
-# Post hooks
-for FILE in "${HOOKS}/post-${COMMAND}".* "${HOOKS}/${NAME}.post-${COMMAND}"
-do
- if [ -x "${FILE}" ]
- then
- "${FILE}"
- fi
-done
diff --git a/lib/container/log b/lib/container/log
index 200177c..b220b5f 100755
--- a/lib/container/log
+++ b/lib/container/log
@@ -119,8 +119,6 @@ else
LOGS="${LOG}"
fi
-# FIXME: user
-
for LOG in ${LOGS}
do
case "${LOG}" in
diff --git a/lib/container/start b/lib/container/start
index a63c861..82f9314 100755
--- a/lib/container/start
+++ b/lib/container/start
@@ -398,100 +398,24 @@ EOF
REGISTER="--register=no"
;;
esac
-
- BLOCK_IO_DEVICE_WEIGHT="$(awk -F= '/^BlockIODeviceWeight=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
-
- if [ -n "${BLOCK_IO_DEVICE_WEIGHT}" ]
- then
- BLOCK_IO_DEVICE_WEIGHT="BlockIODeviceWeight=${BLOCK_IO_DEVICE_WEIGHT}"
- SET_PROPERTY="true"
- fi
-
- BLOCK_IO_READ_BANDWIDTH="$(awk -F= '/^BlockIOReadBandwidth=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
-
- if [ -n "${BLOCK_IO_READ_BANDWIDTH}" ]
- then
- BLOCK_IO_READ_BANDWIDTH="BlockIOReadBandwidth=${BLOCK_IO_READ_BANDWIDTH}"
- SET_PROPERTY="true"
- fi
-
- BLOCK_IO_WEIGHT="$(awk -F= '/^BlockIOWeight=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
-
- if [ -n "${BLOCK_IO_WEIGHT}" ]
- then
- BLOCK_IO_WEIGHT="BlockIOWeight=${BLOCK_IO_WEIGHT}"
- SET_PROPERTY="true"
- fi
-
- BLOCK_IO_WRITE_BANDWIDTH="$(awk -F= '/^BlockIOWriteBandwidth=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
-
- if [ -n "${BLOCK_IO_WRITE_BANDWIDTH}" ]
- then
- BLOCK_IO_WRITE_BANDWIDTH="BlockIOWriteBandwidth=${BLOCK_IO_WRITE_BANDWIDTH}"
- SET_PROPERTY="true"
- fi
-
- CPU_QUOTA="$(awk -F= '/^CPUQuota=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
-
- if [ -n "${CPU_QUOTA}" ]
- then
- CPU_QUOTA="CPUQuota=${CPU_QUOTA}"
- SET_PROPERTY="true"
- fi
-
- CPU_SHARES="$(awk -F= '/^CPUShares=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
-
- if [ -n "${CPU_SHARES}" ]
- then
- CPU_SHARES="CPUShares=${CPU_SHARES}"
- SET_PROPERTY="true"
- fi
-
- MEMORY_LIMIT="$(awk -F= '/^MemoryLimit=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
-
- if [ -n "${MEMORY_LIMIT}" ]
- then
- MEMORY_LIMIT="MemoryLimit=${MEMORY_LIMIT}"
- SET_PROPERTY="true"
- fi
-
- TASKS_MAX="$(awk -F= '/^TasksMax=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
-
- if [ -n "${TASKS_MAX}" ]
- then
- TASKS_MAX="TasksMax=${TASKS_MAX}"
- SET_PROPERTY="true"
- fi
fi
case "${SYSTEMCTL}" in
true)
systemctl start ${PROGRAM}@${NAME}.service
- # FIXME start console .. after sleep? + configuration option
+
exit 0
;;
esac
-case "${START}" in
- true)
- case "${SET_PROPERTY}" in
- true)
- systemctl --runtime set-property ${NAME} ${BLOCK_IO_DEVICE_WEIGHT} ${BLOCK_IO_READ_BANDWIDTH} ${BLOCK_IO_WEIGHT} ${BLOCK_IO_WRITE_BANDWIDTH} ${CPU_QUOTA} ${CPU_SHARES} ${MEMORY_LIMIT} ${TASKS_MAX}
- ;;
- esac
- ;;
+# Run
+${SETARCH} systemd-nspawn --keep-unit ${BIND} ${BIND_RO} ${BOOT} ${CAPABILITY} ${DIRECTORY} ${DROP_CAPABILITY} ${MACHINE} ${NETWORK_VETH_EXTRA} ${LINK_JOURNAL} ${REGISTER}
- *)
- # Run
- ${SETARCH} systemd-nspawn --keep-unit ${BIND} ${BIND_RO} ${BOOT} ${CAPABILITY} ${DIRECTORY} ${DROP_CAPABILITY} ${MACHINE} ${NETWORK_VETH_EXTRA} ${LINK_JOURNAL} ${REGISTER}
-
- # Post hooks
- for FILE in "${HOOKS}/post-${COMMAND}".* "${HOOKS}/${NAME}.post-${COMMAND}"
- do
- if [ -x "${FILE}" ]
- then
- "${FILE}"
- fi
- done
- ;;
-esac
+# Post hooks
+for FILE in "${HOOKS}/post-${COMMAND}".* "${HOOKS}/${NAME}.post-${COMMAND}"
+do
+ if [ -x "${FILE}" ]
+ then
+ "${FILE}"
+ fi
+done