diff options
Diffstat (limited to '')
-rw-r--r-- | share/bash-completion/container | 40 | ||||
-rw-r--r-- | share/config/container.conf.in | 10 | ||||
-rw-r--r-- | share/doc/HOST-SETUP.txt | 8 | ||||
-rw-r--r-- | share/man/container-enter.1.txt | 72 | ||||
-rw-r--r-- | share/man/container-limit.1.txt | 105 | ||||
-rw-r--r-- | share/man/container-list.1.txt | 2 | ||||
-rw-r--r-- | share/man/container-remove.1.txt | 2 | ||||
-rw-r--r-- | share/man/container-stop.1.txt | 6 | ||||
-rw-r--r-- | share/man/container.1.txt | 6 | ||||
-rwxr-xr-x | share/scripts/debconf | 172 |
10 files changed, 338 insertions, 85 deletions
diff --git a/share/bash-completion/container b/share/bash-completion/container index 3bac382..f6434f8 100644 --- a/share/bash-completion/container +++ b/share/bash-completion/container @@ -82,6 +82,46 @@ _container() esac ;; + enter) + case "${cur}" in + -*) + opts="-n --name" + COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) + return 0 + ;; + + *) + case "${prev}" in + -n|--name) + opts=$(container list -s -f short) + COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) + return 0 + ;; + esac + ;; + esac + ;; + + limit) + case "${cur}" in + -*) + opts="-n --name --blockio-device-weight --blockio-read-bandwith -b --blockio-weight --blockio-write-bandwith -c --cpu-quota --cpu-shares -m --memory-limit -t --tasks-max" + COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) + return 0 + ;; + + *) + case "${prev}" in + -n|--name) + opts=$(container list -a -f short) + COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) + return 0 + ;; + esac + ;; + esac + ;; + list) case "${cur}" in -*) diff --git a/share/config/container.conf.in b/share/config/container.conf.in index c3268d5..b5678c0 100644 --- a/share/config/container.conf.in +++ b/share/config/container.conf.in @@ -14,3 +14,13 @@ machine=@MACHINE@ network-veth-extra=@NETWORK_VETH_EXTRA@ private-users=@PRIVATE_USERS@ register=@REGISTER@ + +[limit] +BlockIODeviceWeight= +BlockIOReadBandwidth= +BlockIOWeight= +BlockIOWriteBandwidth= +CPUQuota= +CPUShares= +MemoryLimit= +TasksMax= diff --git a/share/doc/HOST-SETUP.txt b/share/doc/HOST-SETUP.txt index a5aca94..c77f829 100644 --- a/share/doc/HOST-SETUP.txt +++ b/share/doc/HOST-SETUP.txt @@ -47,6 +47,8 @@ sysctl -p cat > /etc/network/interfaces << EOF # /etc/network/interfaces +source /etc/network/interfaces.d/* + auto lo iface lo inet loopback @@ -67,6 +69,8 @@ EOF cat > /etc/network/interfaces << EOF # /etc/network/interfaces +source /etc/network/interfaces.d/* + auto lo iface lo inet loopback @@ -94,6 +98,8 @@ EOF cat > /etc/network/interfaces << EOF # /etc/network/interfaces +source /etc/network/interfaces.d/* + auto lo iface lo inet loopback @@ -120,6 +126,8 @@ EOF cat > /etc/network/interfaces << EOF # /etc/network/interfaces +source /etc/network/interfaces.d/* + auto lo iface lo inet loopback diff --git a/share/man/container-enter.1.txt b/share/man/container-enter.1.txt new file mode 100644 index 0000000..61c0f66 --- /dev/null +++ b/share/man/container-enter.1.txt @@ -0,0 +1,72 @@ +// container-tools - Manage systemd-nspawn containers +// Copyright (C) 2014-2016 Daniel Baumann <daniel.baumann@open-infrastructure.net> +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see <http://www.gnu.org/licenses/>. + +CONTAINER-CONSOLE(1) +==================== +:doctype: manpage +:man manual: Open Infrastructure +:man source: container-tools +:man version: {revnumber} + + +NAME +---- +container-enter - Enter a container namespace + + +SYNOPSIS +-------- +*container enter* ['OPTIONS'] + + +DESCRIPTION +----------- +The container enter enters a container namespace. + + +OPTIONS +------- +The following container options are available: + +*-n, --name='NAME'*:: + Specify container name. + + +EXAMPLES +-------- +*Enter to example.net container namespace:*:: + sudo container enter -n example.net + + +SEE ALSO +-------- +container-tools(7), +container(1). + + +HOMEPAGE +-------- +More information about container-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net. + + +BUGS +---- +Bugs can be reported by sending a bug report to the Debian Bug Tracking System at https://bugs.debian.org. + + +AUTHORS +------- +container-tools was written by Daniel Baumann <daniel.baumann@open-infrastructure.net>. diff --git a/share/man/container-limit.1.txt b/share/man/container-limit.1.txt new file mode 100644 index 0000000..0ba5b74 --- /dev/null +++ b/share/man/container-limit.1.txt @@ -0,0 +1,105 @@ +// container-tools - Manage systemd-nspawn containers +// Copyright (C) 2014-2016 Daniel Baumann <daniel.baumann@open-infrastructure.net> +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see <http://www.gnu.org/licenses/>. + +CONTAINER-LIMIT(1) +================== +:doctype: manpage +:man manual: Open Infrastructure +:man source: container-tools +:man version: {revnumber} + + +NAME +---- +container-limit - Limit ressources of a container + + +SYNOPSIS +-------- +*container limit* ['OPTIONS'] + + +DESCRIPTION +----------- +The container limit command limits ressources available to a container at runtime. + + +OPTIONS +------- +The following container options are available: + +*-n, --name='NAME'*:: + Specify container name. + +*--blockio-device-weight='DEVICE WEIGHT'*:: + Specify device specific blockio weight, see systemd.resource-control(5). + +*--blockio-read-bandwith='DEVICE BYTES'*:: + Specify device specific blockio read bandwith, see systemd.resource-control(5). + +*-b, --blockio-weight='WEIGHT'*:: + Specify general blockio weight, see systemd.resource-control(5). + +*--blockio-write-bandwith='DEVICE BYTES'*:: + Specify device specific blockio write bandwith, see systemd.resource-control(5). + +*-c, --cpu-quota='QUOTA'*:: + Specify CPU quota, see systemd.resource-control(5). + +*--cpu-shares='SHARES'*:: + Specify CPU shares, see systemd.resource-control(5). + +*-m, --memory-limit='BYTES'*:: + Specify memory limit, see systemd.resource-control(5). + +*-t, --tasks-max='NUMBER'*:: + Specify tasks max, see systemd.resource-control(5). + + +EXAMPLES +-------- +*Set blockio weight for the example.net container:*:: + sudo container limit -n example.net --blockio-weight 100 + +*Set CPU quota for the example.net container:*:: + sudo container limit -n example.net --cpu-quota 10% + +*Set memory limit for the example.net container to 1GB:*:: + sudo container limit -n example.net --memory-limit 1G + +*Set tasks max for the example.net container to 100:*:: + sudo container limit -n example.net --tasks-max 100 + + +SEE ALSO +-------- +container-tools(7), +container(1). + + +HOMEPAGE +-------- +More information about container-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net. + + +BUGS +---- +Bugs can be reported by sending a bug report to the Debian Bug Tracking System at https://bugs.debian.org. + + +AUTHORS +------- +container-tools was written by Daniel Baumann <daniel.baumann@open-infrastructure.net>. diff --git a/share/man/container-list.1.txt b/share/man/container-list.1.txt index 8ac59c2..e0c8fb7 100644 --- a/share/man/container-list.1.txt +++ b/share/man/container-list.1.txt @@ -31,6 +31,8 @@ SYNOPSIS -------- *container list* ['OPTIONS'] +*container ls* ['OPTIONS'] + DESCRIPTION ----------- diff --git a/share/man/container-remove.1.txt b/share/man/container-remove.1.txt index cad779f..03c29c2 100644 --- a/share/man/container-remove.1.txt +++ b/share/man/container-remove.1.txt @@ -31,6 +31,8 @@ SYNOPSIS -------- *container remove* ['OPTIONS'] +*container rm* ['OPTIONS'] + DESCRIPTION ----------- diff --git a/share/man/container-stop.1.txt b/share/man/container-stop.1.txt index 8b864d6..7531f1c 100644 --- a/share/man/container-stop.1.txt +++ b/share/man/container-stop.1.txt @@ -44,12 +44,18 @@ The following container options are available: *-n, --name='NAME'*:: Specify container name. +*-f, --force*:: + Instead of running the proper shutdown sequence, terminate all processes of the container imediatly. + EXAMPLES -------- *Shutdown example.net container:*:: sudo container stop -n example.net +*Immediately stop example.net container:*:: + sudo container stop -n example.net -f + SEE ALSO -------- diff --git a/share/man/container.1.txt b/share/man/container.1.txt index 78a7d68..32bd393 100644 --- a/share/man/container.1.txt +++ b/share/man/container.1.txt @@ -67,6 +67,12 @@ The following container commands are available: *console*:: Attach console to a container, see container-console(1). +*enter*:: + Enter a container namespace, see container-enter(1). + +*limit*:: + Limit ressources of a container, see container-limit(1). + *list*:: List container on the system, see container-list(1). diff --git a/share/scripts/debconf b/share/scripts/debconf index 4878d98..6fab784 100755 --- a/share/scripts/debconf +++ b/share/scripts/debconf @@ -123,6 +123,15 @@ Chroot () ${@} } +CIDR () +{ + x=${1##*255.} + set -- 0^^^128^192^224^240^248^252^254^ $(( (${#1} - ${#x})*2 )) ${x%%.*} + + x=${1%%$3*} + echo $(( $2 + (${#x}/4) )) +} + Upgrade_system () { DIRECTORY="${1}" @@ -238,11 +247,11 @@ Debootstrap () # FIXME: trim down, debootstrap variants? case "${MODE}" in debian) - INCLUDE="${INCLUDE},ifupdown,locales,libui-dialog-perl,dialog,isc-dhcp-client,netbase,net-tools,iproute,wget" + INCLUDE="${INCLUDE},locales,libui-dialog-perl,dialog,isc-dhcp-client,netbase,net-tools,iproute,wget" ;; progress-linux) - INCLUDE="${INCLUDE},apt-utils,ifupdown,locales-all,libui-dialog-perl,dialog,isc-dhcp-client,netbase,net-tools,iproute,openssh-server,wget" + INCLUDE="${INCLUDE},apt-utils,locales-all,libui-dialog-perl,dialog,isc-dhcp-client,netbase,net-tools,iproute,openssh-server,wget" ;; esac @@ -735,91 +744,9 @@ EOF Configure_network () { - # Create /etc/network/interfaces - DIRECTORY="${1}" -cat > "${DIRECTORY}/etc/network/interfaces.tmp" << EOF -# Used by ifup(8) and ifdown(8). See the interfaces(5) manpage or -# /usr/share/doc/ifupdown/examples for more information. -EOF - - for NUMBER in $(seq 0 ${NETWORK_NUMBER}) - do - eval IPV4_COMMENT="$`echo NETWORK${NUMBER}_IPV4_COMMENT`" - eval IPV4_METHOD="$`echo NETWORK${NUMBER}_IPV4_METHOD`" - eval IPV4_ADDRESS="$`echo NETWORK${NUMBER}_IPV4_ADDRESS`" - eval IPV4_GATEWAY="$`echo NETWORK${NUMBER}_IPV4_GATEWAY`" - eval IPV4_NETMASK="$`echo NETWORK${NUMBER}_IPV4_NETMASK`" - eval IPV4_POST_UP="$`echo NETWORK${NUMBER}_IPV4_POST_UP`" - eval IPV4_POST_DOWN="$`echo NETWORK${NUMBER}_IPV4_POST_DOWN`" - - if [ -z "${IPV4_METHOD}" ] - then - continue - fi - - echo >> "${DIRECTORY}/etc/network/interfaces.tmp" - - if [ -n "${IPV4_COMMENT}" ] - then - echo "# ${IPV4_COMMENT}" >> "${DIRECTORY}/etc/network/interfaces.tmp" - fi - - case "${IPV4_METHOD}" in - none) - -cat >> "${DIRECTORY}/etc/network/interfaces.tmp" << EOF -iface eth${NUMBER} inet manual -EOF - - ;; - - dhcp) - -cat >> "${DIRECTORY}/etc/network/interfaces.tmp" << EOF -auto eth${NUMBER} -iface eth${NUMBER} inet dhcp -EOF - - ;; - - static) - -cat >> "${DIRECTORY}/etc/network/interfaces.tmp" << EOF -auto eth${NUMBER} -iface eth${NUMBER} inet static - address ${IPV4_ADDRESS} -EOF - - if [ -n "${IPV4_GATEWAY}" ] - then - echo " gateway ${IPV4_GATEWAY}" >> "${DIRECTORY}/etc/network/interfaces.tmp" - fi - - if [ -n "${IPV4_NETMASK}" ] - then - echo " netmask ${IPV4_NETMASK}" >> "${DIRECTORY}/etc/network/interfaces.tmp" - fi - - if [ -n "${IPV4_POST_UP}" ] - then - echo " post-up ${IPV4_POST_UP}" >> "${DIRECTORY}/etc/network/interfaces.tmp" - fi - - if [ -n "${IPV4_POST_DOWN}" ] - then - echo " post-down ${IPV4_POST_DOWN}" >> "${DIRECTORY}/etc/network/interfaces.tmp" - fi - ;; - esac - - NUMBER="$((${NUMBER} + 1))" - done - - mv "${DIRECTORY}/etc/network/interfaces.tmp" "${DIRECTORY}/etc/network/interfaces" - - # create /etc/resolv.conf + # Create /etc/resolv.conf rm -f "${DIRECTORY}/etc/resolv.conf.tmp" if [ -n "${NAMESERVER_DOMAIN}" ] @@ -897,6 +824,80 @@ EOF mv "${DIRECTORY}/etc/hosts.tmp" "${DIRECTORY}/etc/hosts" } +Configure_systemd_networkd () +{ + # FIXME: postup/postdown: multi-interface route + + DIRECTORY="${1}" + + # Enable systemd-networkd + chroot "${DIRECTORY}" apt purge --yes ifupdown || true + + rm -f "${DIRECTORY}/etc/network/interfaces" + rmdir --ignore-fail-on-non-empty --parents "${DIRECTORY}"/etc/network/* > /dev/null 2>&1 || true + + chroot "${DIRECTORY}" systemctl enable systemd-networkd + + for NUMBER in $(seq 0 ${NETWORK_NUMBER}) + do + eval IPV4_COMMENT="$`echo NETWORK${NUMBER}_IPV4_COMMENT`" + eval IPV4_METHOD="$`echo NETWORK${NUMBER}_IPV4_METHOD`" + eval IPV4_ADDRESS="$`echo NETWORK${NUMBER}_IPV4_ADDRESS`" + eval IPV4_GATEWAY="$`echo NETWORK${NUMBER}_IPV4_GATEWAY`" + eval IPV4_NETMASK="$`echo NETWORK${NUMBER}_IPV4_NETMASK`" +# eval IPV4_POST_UP="$`echo NETWORK${NUMBER}_IPV4_POST_UP`" +# eval IPV4_POST_DOWN="$`echo NETWORK${NUMBER}_IPV4_POST_DOWN`" + + if [ -z "${IPV4_METHOD}" ] + then + continue + fi + + IPV4_SUFFIX="$(CIDR ${IPV4_NETMASK})" + IPV4_CIDR="${IPV4_ADDRESS}/${IPV4_SUFFIX}" + +cat > "${DIRECTORY}/etc/systemd/network/eth${NUMBER}.network" << EOF +[Match] +Name=eth${NUMBER} + +[Network] +EOF + + if [ -n "${IPV4_COMMENT}" ] + then + echo "Description=${IPV4_COMMENT}" >> "${DIRECTORY}/etc/systemd/network/eth${NUMBER}.network" + fi + + case "${IPV4_METHOD}" in + dhcp) + +cat >> "${DIRECTORY}/etc/systemd/network/eth${NUMBER}.network" << EOF +DHCP=ipv4 +EOF + + ;; + + static) + +cat >> "${DIRECTORY}/etc/systemd/network/eth${NUMBER}.network" << EOF +DHCP=no +Address=${IPV4_CIDR} +EOF + + if [ -n "${IPV4_GATEWAY}" ] + then + +cat >> "${DIRECTORY}/etc/systemd/network/eth${NUMBER}.network" << EOF +Gateway=${IPV4_GATEWAY} +EOF + + fi + esac + + NUMBER="$((${NUMBER} + 1))" + done +} + Commands () { DIRECTORY="${1}" @@ -1045,6 +1046,7 @@ fi Configure_system "${MACHINES}/${NAME}" Configure_network "${MACHINES}/${NAME}" +Configure_systemd_networkd "${MACHINES}/${NAME}" # FIXME Cleanup_system "${MACHINES}/${NAME}" Commands "${MACHINES}/${NAME}" |