summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to '')
-rwxr-xr-xlib/container/console4
-rwxr-xr-xlib/container/create34
-rwxr-xr-xlib/container/limit187
-rwxr-xr-xlib/container/list4
-rwxr-xr-xlib/container/remove10
-rwxr-xr-xlib/container/restart4
-rwxr-xr-xlib/container/start134
-rwxr-xr-xlib/container/stop4
-rwxr-xr-xlib/container/version4
9 files changed, 355 insertions, 30 deletions
diff --git a/lib/container/console b/lib/container/console
index e8f73be..779f3a6 100755
--- a/lib/container/console
+++ b/lib/container/console
@@ -1,7 +1,7 @@
#!/bin/sh
-# Open Infrastructure: container-tools
-# Copyright (C) 2014-2015 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+# container-tools - Manage systemd-nspawn containers
+# Copyright (C) 2014-2016 Daniel Baumann <daniel.baumann@open-infrastructure.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
diff --git a/lib/container/create b/lib/container/create
index d267641..fab9f5b 100755
--- a/lib/container/create
+++ b/lib/container/create
@@ -1,7 +1,7 @@
#!/bin/sh
-# Open Infrastructure: container-tools
-# Copyright (C) 2014-2015 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+# container-tools - Manage systemd-nspawn containers
+# Copyright (C) 2014-2016 Daniel Baumann <daniel.baumann@open-infrastructure.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -25,8 +25,8 @@ MACHINES="/var/lib/machines"
Parameters ()
{
- LONG_OPTIONS="name:,bind:,script:"
- OPTIONS="n:,b:,s:"
+ LONG_OPTIONS="name:,cnt.autostart:,bind:,capability:,drop-capability:script:"
+ OPTIONS="n:,b:,c:,d:,s:"
PARAMETERS="$(getopt --longoptions ${LONG_OPTIONS} --name=${COMMAND} --options ${OPTIONS} --shell sh -- ${@})"
@@ -46,11 +46,26 @@ Parameters ()
shift 2
;;
+ --cnt.autostart)
+ CNT_AUTOSTART="${2}"
+ shift 2
+ ;;
+
-b|--bind)
BIND="${2}"
shift 2
;;
+ -c|--capability)
+ CAPABILITY="${2}"
+ shift 2
+ ;;
+
+ -d|--drop-capability)
+ DROP_CAPABILITY="${2}"
+ shift 2
+ ;;
+
-s|--script)
SCRIPT="${2}"
shift 2
@@ -71,7 +86,7 @@ Parameters ()
Usage ()
{
- echo "Usage: container ${COMMAND} -n|--name NAME [-b|--bind DIRECTORY:DIRECTORY[:OPTIONS]] [-s|--script SCRIPT] [-- SCRIPT_OPTIONS]" >&2
+ echo "Usage: container ${COMMAND} -n|--name NAME [--cnt.autostart=true|false|FQDN] [-b|--bind DIRECTORY:DIRECTORY[:OPTIONS]] [-c|--capability CAPABILITY[,CAPABILITY]] [-d|--drop-capability DROP_CAPABILITY[,DROP_CAPABILITY]] [-s|--script SCRIPT] [-- SCRIPT_OPTIONS]" >&2
exit 1
}
@@ -88,13 +103,15 @@ then
exit 1
fi
-SCRIPT="${SCRIPT:-debootstrap}"
+SCRIPT="${SCRIPT:-debian}"
if [ ! -e "/usr/share/container-tools/scripts/${SCRIPT}" ]
then
echo "'${SCRIPT}': no such script" >&2
fi
+CNT_AUTOSTART="${CNT_AUTOSTART:-$(hostname -f)}"
+
BINDS="$(echo ${BIND} | sed -e 's|;| |g')"
for ENTRY in ${BINDS}
@@ -110,10 +127,13 @@ done
# config
mkdir -p "${CONFIG}"
-sed -e "s|@NAME@|${NAME}|g" \
+sed -e "s|@CNT_AUTOSTART@|${CNT_AUTOSTART}|g" \
+ -e "s|@NAME@|${NAME}|g" \
-e "s|@BIND@|${BIND}|g" \
-e "s|@BOOT@|yes|g" \
+ -e "s|@CAPABILITY@|${CAPABILITY}|g" \
-e "s|@DIRECTORY@|${MACHINES}/${NAME}|g" \
+ -e "s|@DROP_CAPABILITY@|${DROP_CAPABILITY}|g" \
-e "s|@MACHINE@|${NAME}|g" \
-e "s|@NETWORK_VETH@|yes|g" \
-e "s|@NETWORK_BRIDGE@|br0|g" \
diff --git a/lib/container/limit b/lib/container/limit
new file mode 100755
index 0000000..c3b0ba8
--- /dev/null
+++ b/lib/container/limit
@@ -0,0 +1,187 @@
+#!/bin/sh
+
+# container-tools - Manage systemd-nspawn containers
+# Copyright (C) 2014-2016 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+set -e
+
+COMMAND="$(basename ${0})"
+
+MACHINES="/var/lib/machines"
+
+Parameters ()
+{
+ LONG_OPTIONS="name:,blockio-device-weight:,blockio-read-bandwith:,blockio-weight:,blockio-write-bandwith:,cpu-quota:,cpu-shares:,memory-limit:,tasks-max:,"
+
+ OPTIONS="n:b:c:m:t:"
+
+ PARAMETERS="$(getopt --longoptions ${LONG_OPTIONS} --name=${COMMAND} --options ${OPTIONS} --shell sh -- ${@})"
+
+ if [ "${?}" != "0" ]
+ then
+ echo "'${COMMAND}': getopt exit" >&2
+ exit 1
+ fi
+
+ eval set -- "${PARAMETERS}"
+
+ while true
+ do
+ case "${1}" in
+ -n|--name)
+ NAME="${2}"
+ shift 2
+ ;;
+
+ -c|--cpu-quota)
+ CPU_QUOTA="${2}"
+ shift 2
+ ;;
+
+ --cpu-shares)
+ CPU_SHARES="${2}"
+ shift 2
+ ;;
+
+ -m|--memory-limit)
+ MEMORY_LIMIT="${2}"
+ shift 2
+ ;;
+
+ -t|--tasks-max)
+ TASKS_MAX="${2}"
+ shift 2
+ ;;
+
+ --blockio-device-weight)
+ BLOCK_IO_DEVICE_WEIGHT="${2}"
+ shift 2
+ ;;
+
+ --blockio-read-bandwith)
+ BLOCK_IO_READ_BANDWITH="${2}"
+ shift 2
+ ;;
+
+ -b|--blockio-weight)
+ BLOCK_IO_WEIGHT="${2}"
+ shift 2
+ ;;
+
+ --blockio-write-bandwith)
+ BLOCK_IO_WRITE_BANDWITH="${2}"
+ shift 2
+ ;;
+
+ --)
+ shift 1
+ break
+ ;;
+
+ *)
+ echo "'${COMMAND}': getopt error" >&2
+ exit 1
+ ;;
+ esac
+ done
+}
+
+Usage ()
+{
+ echo "Usage: container ${COMMAND} -n|--name NAME [--blockio-device-weight \"DEVICE WEIGHT\"] [--blockio-read-bandwith \"DEVICE BYTES\"] [-b|--blockio-weight WEIGHT] [--blockio-write-bandwith \"DEVICE BYTES\"] [-c|--cpu-quota QUOTA] [--cpu-shares SHARES] [-m|--memory-limit BYTES] [-t|--tasks-max NUMBER]" >&2
+ exit 1
+}
+
+Parameters "${@}"
+
+if [ -z "${NAME}" ]
+then
+ Usage
+fi
+
+if [ ! -e "${MACHINES}/${NAME}" ]
+then
+ echo "'${NAME}': no such container" >&2
+ exit 1
+fi
+
+STATE="$(machinectl show ${NAME} 2>&1 | awk -F= '/^State=/ { print $2 }')"
+
+case "${STATE}" in
+ running)
+ ;;
+
+ *)
+ echo "'${NAME}': container is not running" >&2
+ exit 1
+ ;;
+esac
+
+if [ -n "${BLOCK_IO_DEVICE_WEIGHT}" ]
+then
+ BLOCK_IO_DEVICE_WEIGHT="BlockIODeviceWeight=${BLOCK_IO_DEVICE_WEIGHT}"
+ SET_PROPERTY="true"
+fi
+
+if [ -n "${BLOCK_IO_READ_BANDWITH}" ]
+then
+ BLOCK_IO_READ_BANDWITH="BlockIOReadBandwidth=${BLOCK_IO_READ_BANDWITH}"
+ SET_PROPERTY="true"
+fi
+
+if [ -n "${BLOCK_IO_WEIGHT}" ]
+then
+ BLOCK_IO_WEIGHT="BlockIOWeight=${BLOCK_IO_WEIGHT}"
+ SET_PROPERTY="true"
+fi
+
+if [ -n "${BLOCK_IO_WRITE_BANDWITH}" ]
+then
+ BLOCK_IO_WRITE_BANDWITH="BlockIOReadBandwidth=${BLOCK_IO_WRITE_BANDWITH}"
+ SET_PROPERTY="true"
+fi
+
+if [ -n "${CPU_QUOTA}" ]
+then
+ CPU_QUOTA="CPUQuota=${CPU_QUOTA}"
+ SET_PROPERTY="true"
+fi
+
+if [ -n "${CPU_SHARES}" ]
+then
+ CPU_SHARES="CPUShares=${CPU_SHARES}"
+ SET_PROPERTY="true"
+fi
+
+if [ -n "${MEMORY_LIMIT}" ]
+then
+ MEMORY_LIMIT="MemoryLimit=${MEMORY_LIMIT}"
+ SET_PROPERTY="true"
+fi
+
+if [ -n "${TASKS_MAX}" ]
+then
+ TASKS_MAX="TasksMax=${TASKS_MAX}"
+ SET_PROPERTY="true"
+fi
+
+if [ "${SET_PROPERTY}" != "true" ]
+then
+ Usage
+fi
+
+# Run
+systemctl --runtime set-property ${NAME} ${BLOCK_IO_DEVICE_WEIGHT} ${BLOCK_IO_READ_BANDWITH} ${BLOCK_IO_WEIGHT} ${BLOCK_IO_WRITE_BANDWITH} ${CPU_QUOTA} ${CPU_SHARES} ${MEMORY_LIMIT} ${TASKS_MAX}
diff --git a/lib/container/list b/lib/container/list
index 08259b9..374942c 100755
--- a/lib/container/list
+++ b/lib/container/list
@@ -1,7 +1,7 @@
#!/bin/sh
-# Open Infrastructure: container-tools
-# Copyright (C) 2014-2015 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+# container-tools - Manage systemd-nspawn containers
+# Copyright (C) 2014-2016 Daniel Baumann <daniel.baumann@open-infrastructure.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
diff --git a/lib/container/remove b/lib/container/remove
index e2e3d87..d171d87 100755
--- a/lib/container/remove
+++ b/lib/container/remove
@@ -1,7 +1,7 @@
#!/bin/sh
-# Open Infrastructure: container-tools
-# Copyright (C) 2014-2015 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+# container-tools - Manage systemd-nspawn containers
+# Copyright (C) 2014-2016 Daniel Baumann <daniel.baumann@open-infrastructure.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -97,11 +97,13 @@ case "${FORCE}" in
;;
*)
- echo -n "'${NAME}': remove container '${NAME}'? "
+ echo -n "'${NAME}': remove container '${NAME}' [y|N]? "
read FORCE
+ FORCE="$(echo ${FORCE} | tr [A-Z] [a-z])"
+
case "${FORCE}" in
- y|Y)
+ y|yes)
;;
*)
diff --git a/lib/container/restart b/lib/container/restart
index 46843d3..9b6f18d 100755
--- a/lib/container/restart
+++ b/lib/container/restart
@@ -1,7 +1,7 @@
#!/bin/sh
-# Open Infrastructure: container-tools
-# Copyright (C) 2014-2015 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+# container-tools - Manage systemd-nspawn containers
+# Copyright (C) 2014-2016 Daniel Baumann <daniel.baumann@open-infrastructure.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
diff --git a/lib/container/start b/lib/container/start
index d47ed6b..8d5429b 100755
--- a/lib/container/start
+++ b/lib/container/start
@@ -1,7 +1,7 @@
#!/bin/sh
-# Open Infrastructure: container-tools
-# Copyright (C) 2014-2015 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+# container-tools - Manage systemd-nspawn containers
+# Copyright (C) 2014-2016 Daniel Baumann <daniel.baumann@open-infrastructure.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -90,12 +90,31 @@ esac
HOST_ARCHITECTURE="$(dpkg --print-architecture)"
MACHINE_ARCHITECTURE="$(chroot ${MACHINES}/${NAME} dpkg --print-architecture)"
-if [ "${HOST_ARCHITECTURE}" = "amd64" ] && [ "${MACHINE_ARCHITECTURE}" = "i386" ]
-then
- SETARCH="setarch i686"
-else
- SETARCH=""
-fi
+case "${HOST_ARCHITECTURE}" in
+ amd64)
+ case "${MACHINE_ARCHITECTURE}" in
+ i386)
+ SETARCH="setarch i686"
+ ;;
+
+ *)
+ SETARCH=""
+ ;;
+ esac
+ ;;
+
+ arm64)
+ case "${MACHINE_ARCHITECTURE}" in
+ armel|armhf)
+ SETARCH="setarch armv7l"
+ ;;
+
+ *)
+ SETARCH=""
+ ;;
+ esac
+ ;;
+esac
# config
if [ -e "${CONFIG}/${NAME}.conf" ]
@@ -137,9 +156,33 @@ then
;;
esac
+ CAPABILITY="$(awk -F= '/^capability=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
+
+ case "${CAPABILITY}" in
+ "")
+ CAPABILITY=""
+ ;;
+
+ *)
+ CAPABILITY="--capability=${CAPABILITY}"
+ ;;
+ esac
+
DIRECTORY="$(awk -F= '/^directory=/ { print $2 }' ${CONFIG}/${NAME}.conf || echo ${MACHINES}/${NAMES})"
DIRECTORY="--directory ${DIRECTORY}"
+ DROP_CAPABILITY="$(awk -F= '/^drop-capability=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
+
+ case "${DROP_CAPABILITY}" in
+ "")
+ DROP_CAPABILITY=""
+ ;;
+
+ *)
+ DROP_CAPABILITY="--drop-capability=${DROP_CAPABILITY}"
+ ;;
+ esac
+
MACHINE="--machine=${NAME}"
NETWORK_BRIDGE="$(awk -F= '/^network-bridge=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
@@ -189,7 +232,80 @@ then
REGISTER="--register=no"
;;
esac
+
+ BLOCK_IO_DEVICE_WEIGHT="$(awk -F= '/^BlockIODeviceWeight=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
+
+ if [ -n "${BLOCK_IO_DEVICE_WEIGHT}" ]
+ then
+ BLOCK_IO_DEVICE_WEIGHT="BlockIODeviceWeight=${BLOCK_IO_DEVICE_WEIGHT}"
+ SET_PROPERTY="true"
+ fi
+
+ BLOCK_IO_READ_BANDWITH="$(awk -F= '/^BlockIOReadBandwith=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
+
+ if [ -n "${BLOCK_IO_READ_BANDWITH}" ]
+ then
+ BLOCK_IO_READ_BANDWITH="BlockIOReadBandwith=${BLOCK_IO_READ_BANDWITH}"
+ SET_PROPERTY="true"
+ fi
+
+ BLOCK_IO_WEIGHT="$(awk -F= '/^BlockIOWeight=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
+
+ if [ -n "${BLOCK_IO_WEIGHT}" ]
+ then
+ BLOCK_IO_WEIGHT="BlockIOWeight=${BLOCK_IO_WEIGHT}"
+ SET_PROPERTY="true"
+ fi
+
+ BLOCK_IO_WRITE_BANDWITH="$(awk -F= '/^BlockIOWriteBandwith=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
+
+ if [ -n "${BLOCK_IO_WRITE_BANDWITH}" ]
+ then
+ BLOCK_IO_WRITE_BANDWITH="BlockIOWriteBandwith=${BLOCK_IO_WRITE_BANDWITH}"
+ SET_PROPERTY="true"
+ fi
+
+ CPU_QUOTA="$(awk -F= '/^CPUQuota=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
+
+ if [ -n "${CPU_QUOTA}" ]
+ then
+ CPU_QUOTA="CPUQuota=${CPU_QUOTA}"
+ SET_PROPERTY="true"
+ fi
+
+ CPU_SHARES="$(awk -F= '/^CPUShares=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
+
+ if [ -n "${CPU_SHARES}" ]
+ then
+ CPU_SHARES="CPUShares=${CPU_SHARES}"
+ SET_PROPERTY="true"
+ fi
+
+ MEMORY_LIMIT="$(awk -F= '/^MemoryLimit=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
+
+ if [ -n "${MEMORY_LIMIT}" ]
+ then
+ MEMORY_LIMIT="MemoryLimit=${MEMORY_LIMIT}"
+ SET_PROPERTY="true"
+ fi
+
+ TASKS_MAX="$(awk -F= '/^TasksMax=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
+
+ if [ -n "${TASKS_MAX}" ]
+ then
+ TASKS_MAX="TasksMax=${TASKS_MAX}"
+ SET_PROPERTY="true"
+ fi
fi
# Run
-${SETARCH} systemd-nspawn ${BIND} ${BOOT} ${DIRECTORY} ${MACHINE} ${NETWORK_BRIDGE} ${NETWORK_VETH} ${LINK_JOURNAL} ${REGISTER}
+case "${SET_PROPERTY}" in
+ true)
+ ${SETARCH} systemd-nspawn ${BIND} ${BOOT} ${CAPABILITY} ${DIRECTORY} ${DROP_CAPABILITY} ${MACHINE} ${NETWORK_BRIDGE} ${NETWORK_VETH} ${LINK_JOURNAL} ${REGISTER} & \
+ systemctl --runtime set-property ${NAME} ${BLOCK_IO_DEVICE_WEIGHT} ${BLOCK_IO_READ_BANDWITH} ${BLOCK_IO_WEIGHT} ${BLOCK_IO_WRITE_BANDWITH} ${CPU_QUOTA} ${CPU_SHARES} ${MEMORY_LIMIT} ${TASKS_MAX}
+ ;;
+
+ *)
+ ${SETARCH} systemd-nspawn ${BIND} ${BOOT} ${CAPABILITY} ${DIRECTORY} ${DROP_CAPABILITY} ${MACHINE} ${NETWORK_BRIDGE} ${NETWORK_VETH} ${LINK_JOURNAL} ${REGISTER}
+ ;;
+esac
diff --git a/lib/container/stop b/lib/container/stop
index 36eb429..a11c155 100755
--- a/lib/container/stop
+++ b/lib/container/stop
@@ -1,7 +1,7 @@
#!/bin/sh
-# Open Infrastructure: container-tools
-# Copyright (C) 2014-2015 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+# container-tools - Manage systemd-nspawn containers
+# Copyright (C) 2014-2016 Daniel Baumann <daniel.baumann@open-infrastructure.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
diff --git a/lib/container/version b/lib/container/version
index fc5b482..b7e259d 100755
--- a/lib/container/version
+++ b/lib/container/version
@@ -1,7 +1,7 @@
#!/bin/sh
-# Open Infrastructure: container-tools
-# Copyright (C) 2014-2015 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+# container-tools - Manage systemd-nspawn containers
+# Copyright (C) 2014-2016 Daniel Baumann <daniel.baumann@open-infrastructure.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by