From 251870158b34972626130b0f20c53b4ee321849a Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Tue, 29 Jun 2021 13:39:09 +0200 Subject: Merging upstream version 20210628. Signed-off-by: Daniel Baumann --- CHANGELOG.txt | 21 ++++ VERSION.txt | 2 +- bin/container | 10 +- libexec/container/create | 10 +- libexec/container/info | 214 +++++++++++++++++++++++++++++++++++ libexec/container/list | 25 ++-- libexec/container/start | 6 + share/bash-completion/container | 18 ++- share/config/container.conf.in | 1 + share/man/container-create.1.txt | 3 + share/man/container-info.1.txt | 87 ++++++++++++++ share/man/container.1.txt | 3 + share/scripts/debconf | 32 +++++- share/systemd/container-auto.service | 4 +- share/systemd/container@.service | 1 + 15 files changed, 414 insertions(+), 23 deletions(-) create mode 100755 libexec/container/info create mode 100644 share/man/container-info.1.txt diff --git a/CHANGELOG.txt b/CHANGELOG.txt index e76a584..963f218 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,3 +1,24 @@ +2021-06-28 Daniel Baumann + + * Releasing version 20210628. + + [ Daniel Baumann ] + * Using dpkg selection to check package availability in debconf container create script, rather than to rely on dpkg internal files. + * Updating unit file for systemd 246 wrt/ StandardError and StandardOutput options. + + [ Katharina Drexel ] + * Prefering mmdebstrap to debootstrap in debconf script. + * Integrating mmdebstrap in debconf script. + + [ Daniel Baumann ] + * Setting TERM in systemd container service files to improve machinectl login. + * Removing undesirable --verbose option when calling mmdebstrap in debconf container create script. + * Allowing to specify cnt.start=force in container config to ease fencing with pacemaker/corosync. + * Using cnt run to determine IP addresses in container list. + * Adding initial container info command. + * Handling container run command aequivalent to container enter in bash-completion. + * Using container-specific user-variable when logging container commands before falling back to system environment. + 2021-04-11 Daniel Baumann * Releasing version 20210411. diff --git a/VERSION.txt b/VERSION.txt index 4320a50..47b060d 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1 +1 @@ -20210411 +20210628 diff --git a/bin/container b/bin/container index c3748d9..3e329c9 100755 --- a/bin/container +++ b/bin/container @@ -66,12 +66,16 @@ do else case "${COMMAND}" in create|cr|move|mv|remove|rm|restart|rt|start|s|stop|t) - USER="${SUDO_USER:-${USER}}" + if [ -z "${CONTAINER_USER}" ] + then + CONTAINER_USER="${SUDO_USER:-${USER}}" + fi + DATE="$(date +%Y-%m-%d\ %H:%M:%S)" HOST="$(hostname -f 2> /dev/null || hostname)" # logfile - echo "${DATE} ${HOST} ${USER} ${PROGRAM} ${COMMAND} ${OPTIONS}" >> "/var/log/${SOFTWARE}/${PROGRAM}.log" + echo "${DATE} ${HOST} ${CONTAINER_USER} ${PROGRAM} ${COMMAND} ${OPTIONS}" >> "/var/log/${SOFTWARE}/${PROGRAM}.log" # irc if [ -e /usr/bin/irk ] && [ -e "/etc/${SOFTWARE}.conf" ] @@ -82,7 +86,7 @@ do then for TARGET in ${IRK_TARGETS} do - irk ${TARGET} "\x0300${USER}\x03@\x0312${HOST}:\x03 \x0303${PROGRAM}\x03 \x0307${COMMAND}\x03 ${OPTIONS}" + irk ${TARGET} "\x0300${CONTAINER_USER}\x03@\x0312${HOST}:\x03 \x0303${PROGRAM}\x03 \x0307${COMMAND}\x03 ${OPTIONS}" done fi fi diff --git a/libexec/container/create b/libexec/container/create index 418bc35..af85007 100755 --- a/libexec/container/create +++ b/libexec/container/create @@ -32,7 +32,7 @@ CONFIG_TEMPLATE="/usr/share/${SOFTWARE}/config/container.conf.in" Parameters () { - GETOPT_LONGOPTIONS="name:,cnt.container-server:,cnt.overlay:,cnt.overlay-options:,bind:,bind-ro:,capability:,drop-capability:,script:,verbose," + GETOPT_LONGOPTIONS="name:,cnt.container-server:,cnt.overlay:,cnt.overlay-options:,start:,bind:,bind-ro:,capability:,drop-capability:,script:,verbose," GETOPT_OPTIONS="n:,b:,c:,d:,s:,v," PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${COMMAND} --options ${GETOPT_OPTIONS} --shell sh -- ${@})" @@ -73,6 +73,11 @@ Parameters () shift 2 ;; + --cnt.start) + CNT_START="${2}" + shift 2 + ;; + -b|--bind) BIND="${2}" shift 2 @@ -118,7 +123,7 @@ Parameters () Usage () { - echo "Usage: ${PROGRAM} ${COMMAND} -n|--name NAME [--cnt.container-server=true|false|FQDN] [--cnt.overlay=DIRECTORY_LOWER:DIRECTORY_UPPER:DIRECTORY_WORK:DIRECTORY_MERGED] [--cnt.overlay-options=OPTION[,OPTION]] [-b|--bind DIRECTORY:DIRECTORY[:OPTIONS]] [--bind-ro DIRECTORY:DIRECTORY[:OPTIONS]] [-c|--capability CAPABILITY[,CAPABILITY]] [-d|--drop-capability DROP_CAPABILITY[,DROP_CAPABILITY]] [-s|--script SCRIPT] [-v|--verbose] [-- SCRIPT_OPTIONS]" >&2 + echo "Usage: ${PROGRAM} ${COMMAND} -n|--name NAME [--cnt.container-server=true|false|FQDN] [--cnt.overlay=DIRECTORY_LOWER:DIRECTORY_UPPER:DIRECTORY_WORK:DIRECTORY_MERGED] [--cnt.overlay-options=OPTION[,OPTION]] [--cnt.start=OPTION[,OPTION]] [-b|--bind DIRECTORY:DIRECTORY[:OPTIONS]] [--bind-ro DIRECTORY:DIRECTORY[:OPTIONS]] [-c|--capability CAPABILITY[,CAPABILITY]] [-d|--drop-capability DROP_CAPABILITY[,DROP_CAPABILITY]] [-s|--script SCRIPT] [-v|--verbose] [-- SCRIPT_OPTIONS]" >&2 exit 1 } @@ -248,6 +253,7 @@ sed -e "s|@CNT_AUTO@|${CNT_AUTO}|g" \ -e "s|@CNT_NETWORK_BRIDGE@|${CNT_NETWORK_BRIDGE}|g" \ -e "s|@CNT_OVERLAY@|${CNT_OVERLAY}|g" \ -e "s|@CNT_OVERLAY_OPTIONS@|${CNT_OVERLAY_OPTIONS}|g" \ + -e "s|@CNT_START@|${CNT_START}|g" \ -e "s|@NAME@|${NAME}|g" \ -e "s|@BIND@|${BIND}|g" \ -e "s|@BIND_RO@|${BIND_RO}|g" \ diff --git a/libexec/container/info b/libexec/container/info new file mode 100755 index 0000000..63c42ff --- /dev/null +++ b/libexec/container/info @@ -0,0 +1,214 @@ +#!/bin/sh + +# Copyright (C) 2014-2021 Daniel Baumann +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +set -e + +PROJECT="open-infrastructure" +SOFTWARE="compute-tools" +PROGRAM="container" +COMMAND="$(basename ${0})" + +CONFIG="/etc/${SOFTWARE}/config" +HOOKS="/etc/${SOFTWARE}/hooks" +MACHINES="/var/lib/machines" + +VERSION="$(${PROGRAM} version)" + +Parameters () +{ + GETOPT_LONGOPTIONS="name:,status,os,ip," + GETOPT_OPTIONS="n:," + + PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${COMMAND} --options ${GETOPT_OPTIONS} --shell sh -- ${@})" + + if [ "${?}" != "0" ] + then + echo "'${COMMAND}': getopt exit" >&2 + exit 1 + fi + + eval set -- "${PARAMETERS}" + + while true + do + case "${1}" in + -n|--name) + NAME="${2}" + shift 2 + ;; + + --status) + ACTIONS="${ACTIONS} status" + shift 1 + ;; + + --os) + ACTIONS="${ACTIONS} os" + shift 1 + ;; + + --ip) + ACTIONS="${ACTIONS} ip" + shift 1 + ;; + + --) + shift 1 + break + ;; + + *) + echo "'${COMMAND}': getopt error" >&2 + exit 1 + ;; + esac + done +} + +Usage () +{ + echo "Usage: ${PROGRAM} ${COMMAND} -n|--name NAME [--status] [--os] [--ip]" >&2 + exit 1 +} + +Parameters "${@}" + +# Pre hooks +for FILE in "${HOOKS}/pre-${COMMAND}".* "${HOOKS}/${NAME}.pre-${COMMAND}" +do + if [ -x "${FILE}" ] + then + "${FILE}" + fi +done + +ACTIONS="${ACTIONS:-status os ip}" +HOST="$(cat /etc/hostname)" + +# Run + +# Status +STATUS="$(machinectl show ${NAME} 2>&1 | awk -FState= '/^State=/ { print $2 }')" + +if [ -e "${CONFIG}/${NAME}.conf" ] +then + CONTAINER_SERVER="$(awk -Fcnt.container-server= '/^cnt.container-server=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + CONTAINER_SERVER="${CONTAINER_SERVER:-false}" + + case "${CONTAINER_SERVER}" in + ${HOST}|true) + ;; + + *) + STATUS="other" + ;; + esac +else + STATUS="other" +fi + +case "${STATUS}" in + running) + STATUS="started" + ;; + + other) + ;; + + *) + STATUS="stopped" + ;; +esac + +# OS +VERSION_BASH="$(chroot ${MACHINES}/${NAME} apt-cache policy bash | awk '/Installed: / { print $2 }')" + +case "${VERSION_BASH}" in + 4.1*) + OS="Debian 6 (squeeze)" + ;; + + 4.2*) + OS="Debian 7 (wheezy)" + ;; + + 4.3*) + OS="Debian 8 (jessie)" + ;; + + 4.4*) + OS="Debian 9 (stretch)" + ;; + + 5.0*) + OS="Debian 10 (buster)" + ;; + + 5.1*) + OS="Debian 11 (bullseye)" + ;; + + *) + OS="n/a" + ;; +esac + +case "${STATUS}" in + started) + IP="$(cnt run -n ${NAME} -- hostname -I | awk '{ print $1 }')" + ;; + + *) + if ls "${MACHINES}/${CONTAINER}/etc/systemd/network"/*.network > /dev/null 2>&1 + then + IP="$(awk -FAddress= '/^Address/ { print $2 }' ${MACHINES}/${CONTAINER}/etc/systemd/network/*.network | head -n1)" + elif [ -e "${MACHINES}/${CONTAINER}/etc/network/interfaces" ] + then + IP="$(awk '/address/ { print $2 }' ${MACHINES}/${CONTAINER}/etc/network/interfaces | head -n1)" + fi + + IP="${IP:-n/a}" + ;; +esac + +for ACTION in ${ACTIONS} +do + case "${ACTION}" in + status) + echo "${STATUS}" + ;; + + os) + echo "${OS}" + ;; + + ip) + echo "${IP}" + ;; + esac +done + +# Post hooks +for FILE in "${HOOKS}/post-${COMMAND}".* "${HOOKS}/${NAME}.post-${COMMAND}" +do + if [ -x "${FILE}" ] + then + "${FILE}" + fi +done diff --git a/libexec/container/list b/libexec/container/list index 30446c0..3ef6e49 100755 --- a/libexec/container/list +++ b/libexec/container/list @@ -366,15 +366,24 @@ do ADDRESS="" - if ls "${MACHINES}/${CONTAINER}/etc/systemd/network"/*.network > /dev/null 2>&1 - then - ADDRESS="$(awk -FAddress= '/^Address/ { print $2 }' ${MACHINES}/${CONTAINER}/etc/systemd/network/*.network | head -n1)" - elif [ -e "${MACHINES}/${CONTAINER}/etc/network/interfaces" ] - then - ADDRESS="$(awk '/address/ { print $2 }' ${MACHINES}/${CONTAINER}/etc/network/interfaces | head -n1)" - fi + case "${STATE}" in + started) + ADDRESS="$(cnt run -n ${CONTAINER} -- hostname -I | sed -e 's|\r$||' | awk '{ print $1 }')" + ADDRESS="${ADDRESS:-none}" + ;; - ADDRESS="${ADDRESS:-n/a}" + *) + if ls "${MACHINES}/${CONTAINER}/etc/systemd/network"/*.network > /dev/null 2>&1 + then + ADDRESS="$(awk -FAddress= '/^Address/ { print $2 }' ${MACHINES}/${CONTAINER}/etc/systemd/network/*.network | head -n1)" + elif [ -e "${MACHINES}/${CONTAINER}/etc/network/interfaces" ] + then + ADDRESS="$(awk '/address/ { print $2 }' ${MACHINES}/${CONTAINER}/etc/network/interfaces | head -n1)" + fi + + ADDRESS="${ADDRESS:-n/a}" + ;; + esac if echo ${LIST} | grep -qs all then diff --git a/libexec/container/start b/libexec/container/start index 089aa7d..08c3611 100755 --- a/libexec/container/start +++ b/libexec/container/start @@ -131,6 +131,12 @@ then exit 1 fi +# options +if grep -Eqs "^ *cnt.start=" "${CONFIG}/${NAME}.conf" | grep -qs force +then + FORCE="true" +fi + case "${START}" in false) STATE="$(machinectl show ${NAME} 2>&1 | awk -FState= '/^State=/ { print $2 }')" diff --git a/share/bash-completion/container b/share/bash-completion/container index 540f162..d966d7a 100644 --- a/share/bash-completion/container +++ b/share/bash-completion/container @@ -81,7 +81,7 @@ _container() esac ;; - enter) + enter|run) case "${prev}" in -n|--name) opts="$(container list -s -f shell)" @@ -97,6 +97,22 @@ _container() esac ;; + info) + case "${prev}" in + -n|--name) + opts="$(container list -t -f shell)" + COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) + return 0 + ;; + + *) + opts="--status --os --ip" + COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) + return 0 + ;; + esac + ;; + key) opts="-a --add -l --list -r --remove" COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) diff --git a/share/config/container.conf.in b/share/config/container.conf.in index d930803..3ab014d 100644 --- a/share/config/container.conf.in +++ b/share/config/container.conf.in @@ -6,6 +6,7 @@ cnt.container-server=@CNT_CONTAINER_SERVER@ cnt.network-bridge=@CNT_NETWORK_BRIDGE@ cnt.overlay=@CNT_OVERLAY@ cnt.overlay-options=@CNT_OVERLAY_OPTIONS@ +cnt.start=@CNT_START@ bind=@BIND@ bind-ro=@BIND_RO@ boot=@BOOT@ diff --git a/share/man/container-create.1.txt b/share/man/container-create.1.txt index c49ac9c..4de8171 100644 --- a/share/man/container-create.1.txt +++ b/share/man/container-create.1.txt @@ -70,6 +70,9 @@ The following container-create options are available: *--cnt.overlay-options='OPTION1,OPTION2[;OPTION3,OPTION4]'*:: Specify container overlay mount options, see Documentation/filesystems/overlayfs.txt. +*--cnt.start='OPTION1[,OPTION2,...]'*:: + Specify container start options, see container-start(1). + SCRIPTS ------- diff --git a/share/man/container-info.1.txt b/share/man/container-info.1.txt new file mode 100644 index 0000000..125bdef --- /dev/null +++ b/share/man/container-info.1.txt @@ -0,0 +1,87 @@ +// Copyright (C) 2014-2021 Daniel Baumann +// +// SPDX-License-Identifier: GPL-3.0+ +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +CONTAINER-LIST(1) +================= +:doctype: manpage +:man manual: Open Infrastructure +:man source: compute-tools +:man version: {revnumber} + + +NAME +---- +container-info - Show specific information of a container + + +SYNOPSIS +-------- +*container info* ['OPTIONS'] + + +DESCRIPTION +----------- +The container info command shows specific information of a container. + + +OPTIONS +------- +The following container options are available, defaults to *--status --os --ip*: + +*--status*:: + Show container status (started|stopped|other). + +*--os*:: + Show container operating system (FIXME: Debian only). + +*--ip*:: + Show container IP address. + +EXAMPLES +-------- +*Show example.net container status:*:: + sudo container info -n example.net --status + +*Show example.net container operating system:*:: + sudo container info -n example.net --os + +*Show example.net container IP address:*:: + sudo container info -n example.net --ip + + +SEE ALSO +-------- +compute-tools(7), +container(1). + + +HOMEPAGE +-------- +More information about compute-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net. + + +CONTACT +------- +Bug reports, feature requests, help, patches, support and everything else +are welcome on the Open Infrastructure Software Mailing List . + +Debian specific bugs can also be reported in the Debian Bug Tracking System at https://bugs.debian.org. + + +AUTHORS +------- +compute-tools were written by Daniel Baumann and others. diff --git a/share/man/container.1.txt b/share/man/container.1.txt index 7edc1f4..d2734d2 100644 --- a/share/man/container.1.txt +++ b/share/man/container.1.txt @@ -78,6 +78,9 @@ The following container commands are available: *run*:: Execute commands in a container namespace, see container-run(1). +*info*:: + Show specific information of a container, see container-info(1). + *key*:: Manage GnuPG keyring for container operations, see container-key(1). diff --git a/share/scripts/debconf b/share/scripts/debconf index 1994926..9a703e5 100755 --- a/share/scripts/debconf +++ b/share/scripts/debconf @@ -115,9 +115,14 @@ then exit 1 fi -if [ ! -x /usr/sbin/debootstrap ] +if [ -x /usr/bin/mmdebstrap ] then - echo "'${NAME}': /usr/sbin/debootstrap - no such file." >&2 + BOOTSTRAP="mmdebstrap" +elif [ -x /usr/sbin/debootstrap ] +then + BOOTSTRAP="debootstrap" +else + echo "'${NAME}': /usr/bin/mmdebstrap or /usr/sbin/debootstrap - no such file." >&2 exit 1 fi @@ -390,8 +395,23 @@ Debootstrap () esac mkdir -p "$(dirname ${DIRECTORY})" - debootstrap --verbose --arch=${ARCHITECTURE} --components=${PARENT_ARCHIVE_AREAS} \ - --exclude=${EXCLUDE} --include=${INCLUDE} ${PARENT_DISTRIBUTION} "${DIRECTORY}" ${PARENT_MIRROR} + + case "${BOOTSTRAP}" in + debootstrap) + debootstrap --verbose --arch=${ARCHITECTURE} --components=${PARENT_ARCHIVE_AREAS} \ + --exclude=${EXCLUDE} --include=${INCLUDE} ${PARENT_DISTRIBUTION} "${DIRECTORY}" ${PARENT_MIRROR} + ;; + + mmdebstrap) + mmdebstrap --arch=${ARCHITECTURE} --components=${PARENT_ARCHIVE_AREAS} \ + --mode=root --include=${INCLUDE} ${PARENT_DISTRIBUTION} "${DIRECTORY}" ${PARENT_MIRROR} + ;; + + *) + echo "'${NAME}': ${BOOTSTRAP} - not supported" >&2 + exit 1 + ;; + esac } Configure_apt () @@ -607,7 +627,7 @@ EOF do if grep -qs locales "${FILE}" then - if [ -e "${DIRECTORY}/var/lib/dpkg/info/locales.list" ] + if Chroot "${DIRECTORY}" dpkg --get-selections | awk '{ print $1 }' | grep -qs '^locales$' then rm -f "${DIRECTORY}/etc/default/locale" "${DIRECTORY}/etc/locale.gen" Chroot "${DIRECTORY}" "DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=criticial dpkg-reconfigure locales" @@ -650,7 +670,7 @@ EOF fi # Manual hack to regenerate ssh keys - if [ -e "${DIRECTORY}/var/lib/dpkg/info/openssh-server.postinst" ] && \ + if Chroot "${DIRECTORY}" dpkg --get-selections | awk '{ print $1 }' | grep -qs '^openssh-server$' && \ ! ls "${DIRECTORY}"/etc/ssh/ssh_host_*_key > /dev/null 2>&1 then Chroot "${DIRECTORY}" "DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=criticial dpkg-reconfigure openssh-server" diff --git a/share/systemd/container-auto.service b/share/systemd/container-auto.service index 4d7e10e..805bdc6 100644 --- a/share/systemd/container-auto.service +++ b/share/systemd/container-auto.service @@ -9,8 +9,8 @@ RemainAfterExit=yes ExecStart=/usr/bin/container auto --start ExecStop=/usr/bin/container auto --stop Delegate=yes -StandardOutput=syslog -StandardError=syslog +StandardOutput=journal +StandardError=journal [Install] WantedBy=multi-user.target diff --git a/share/systemd/container@.service b/share/systemd/container@.service index 9e9f720..5d4425e 100644 --- a/share/systemd/container@.service +++ b/share/systemd/container@.service @@ -4,6 +4,7 @@ Documentation=man:compute-tools [Service] Type=simple +Environment=TERM=xterm-256color ExecStart=/usr/bin/container start --name %i --nspawn --no-notification ExecStartPost=/usr/bin/container start --name %i --start --no-notification ExecStopPost=/usr/bin/container stop -n %i --clean --no-notification -- cgit v1.2.3