From 6200fe310bc923404bf943a87f0fc75db054f2aa Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Thu, 29 Jun 2017 11:14:50 +0200 Subject: Merging upstream version 20170629. Signed-off-by: Daniel Baumann --- CHANGELOG.txt | 41 +++++++++++++ Makefile | 2 +- README.txt | 108 --------------------------------- VERSION.txt | 2 +- bin/container-shell | 51 +++++++++++++++- lib/container/auto | 7 ++- lib/container/create | 12 +++- lib/container/list | 14 ++--- lib/container/top | 113 +++++++++++++++++++++++++++++++++++ share/bash-completion/container | 6 ++ share/config/container.conf.in | 1 + share/doc/HOST-SETUP.txt | 16 ++--- share/man/container-shell.1.txt | 33 ++++++++++ share/man/container-top.1.txt | 75 +++++++++++++++++++++++ share/man/container.1.txt | 3 + share/scripts/curl | 5 ++ share/scripts/debconf | 82 ++++++++++++++++--------- share/scripts/debconf.d/0003-debconf | 40 ++++++++----- share/scripts/debootstrap | 5 ++ 19 files changed, 441 insertions(+), 175 deletions(-) delete mode 100644 README.txt create mode 100755 lib/container/top create mode 100644 share/man/container-top.1.txt diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 21fda43..96c6c4e 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,3 +1,44 @@ +2017-06-29 Daniel Baumann + + * Releasing version 20170629. + + * Backward incompatible changes: + - container auto configuration in the [start] section to + entangle shared storage/automatically start at boot time + support: + + old: cnt.auto=true + + new: cnt.auto=true + cnt.container-server=${FQDN} + + whereas ${FQDN} needs to be replaced with the actual hostname + of the container server. + + [ Daniel Baumann ] + * Removing useless whitespace in debconf script. + * Correcting typo in systemd parts of the Makefile's uninstall target. + + [ Nik Lutz ] + * Implementing postup/postdown for systemd-networkd by creating systemd units in /etc/systemd/system. + + [ Daniel Baumann ] + * Dropping obsolete LTS archive definitions, thanks to Nik Lutz . + * Using allow-hotplug instead of allow in host-setup documentation. + * Removing net-tools from host-setup documentation, it is a direct depends of container-tools for the time being. + * Renaming cnt.auto to cnt.container-server in order to split functionality of 'binding container to a specific host system' from 'starting container at system boot'. + * Executing auto commands only when cnt.auto=true and cnt.container-server matches the current hostname. + * Adding CONTAINER_COMMANDS_ENABLE variable for container-shell to add support for allowing certain container commands for a specific container-shell invocation only. + * Adding CONTAINER_COMMANDS_DISABLE variable for container-shell to add support for disallowing certain container commands for a specific container-shell invocation only. + * Documenting usage of container-shell command restrictions in container-shell manpage. + * Using more systemd-ish status symbols in container list command. + * Adding new container top command. + * Adding new container top command manpage. + * Updating bash-completion for container top command. + * Adjusting container list outout for container top command. + * Harmonizing edition of container configuration file in debconf script. + * Allow cnt.auto=force-true to enforce startup of a locked container at system startup. + 2017-05-22 Daniel Baumann * Releasing version 20170522. diff --git a/Makefile b/Makefile index d243433..ab17e80 100644 --- a/Makefile +++ b/Makefile @@ -119,7 +119,7 @@ install: build uninstall: rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/var/log/$(SOFTWARE) || true - for FILE in share/systemd*; \ + for FILE in share/systemd/*; \ do \ rm -f $(DESTDIR)/lib/systemd/system/$$(basename $${FILE}); \ done diff --git a/README.txt b/README.txt deleted file mode 100644 index 5229136..0000000 --- a/README.txt +++ /dev/null @@ -1,108 +0,0 @@ -NAME ----- -container-tools - Manage systemd-nspawn containers - - -DESCRIPTION ------------ -"[A Linux container] is an operating-system-level virtualization environment for running multiple isolated Linux systems (containers) on a single Linux control host.":: - -- Wikipedia (https://en.wikipedia.org/wiki/LXC) - -container-tools provides the system integration for managing containers using systemd-nspawn. - - -DOWNLOAD --------- - * Upstream Releases: https://files.open-infrastructure.net/software/container-tools/upstream - * Upstream Sources: https://sources.open-infrastructure.net/software/container-tools - * Debian Releases: https://files.open-infrastructure.net/software/container-tools/debian - * Debian Sources: https://sources.progress-linux.org/users/daniel/debian/packages/open-infrastructure-container-tools - - -INSTALLATION ------------- - -SOURCE -~~~~~~ - 1. sudo apt install asciidoc git docbook-xml docbook-xsl libxml2-utils make xsltproc dbus systemd-container net-tools - 2. git clone https://sources.open-infrastructure.net/software/container-tools - 3. cd container-tools && sudo make install - -DEBIAN 9 (STRETCH) AND NEWER -~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - * sudo apt install container-tools - - -DEVELOPMENT ------------ -Bug reports, feature requests, help, patches, support and everything else -are welcome on the Open Infrastructure Software Mailing List: - - * https://lists.open-infrastructure.net/listinfo/software - -Please base patches against the 'next' Git branch using common sense: - - * https://www.kernel.org/doc/Documentation/SubmittingPatches - -Debian specific bugs can also be reported in the Debian Bug Tracking System: - - * https://bugs.debian.org - - -KNOWN LIMITATIONS ------------------ - * This version of container-tools currently do not work with systemd-networkd and depend on ifupdown. - * Using overlay, the upper directory can not be an NFS mount due to limitations in Linux' overlay filesystem, - see https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/filesystems/overlayfs.txt - - -USAGE ------ -*Create a new container:*:: - sudo container create -n NAME - -*Start a container:*:: - sudo container start -n NAME - -*Stop a container:*:: - sudo container stop -n NAME - -*Remove a container:*:: - sudo container remove -n NAME - -*List container on the system:*:: - sudo container list - -*Show container-tools version:*:: - container version - -See container(1) for a list of all container commands. - - -LINKS ------ -*2016-02-24: Systemd vs. Docker*:: - https://lwn.net/Articles/676831/ - -*2015-06-10: Systemd and containers*:: - https://lwn.net/Articles/647634/ - -*2014-07-07: Control groups*:: - https://lwn.net/Articles/604609/ - -*2013-11-13: Systemd-Nspawn is Chroot on Steroids [LinuxCon Europe]*:: - https://www.youtube.com/watch?v=s7LlUs5D9p4 - -*2013-11-03: Creating containers with systemd-nspawn*:: - https://lwn.net/Articles/572957/ - -*2013-02-06: Systemd lightweight containers*:: - https://lwn.net/Articles/536033/ - -*2013-01-04: Namespaces in operation*:: - https://lwn.net/Articles/531114/ - - -AUTHORS -------- - * Daniel Baumann diff --git a/VERSION.txt b/VERSION.txt index f0ba7e8..dd89bfb 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1 +1 @@ -20170522 +20170629 diff --git a/bin/container-shell b/bin/container-shell index 17c0849..38a9ab9 100755 --- a/bin/container-shell +++ b/bin/container-shell @@ -85,10 +85,55 @@ Shell () then echo "'${COMMAND}': no such ${PROGRAM} command" >&2 return - else - echo - sudo ${PROGRAM} ${COMMAND} ${OPTIONS} || true fi + + if [ -n "${CONTAINER_COMMANDS_ENABLE}" ] + then + COMMAND_ALLOWED="" + + for CONTAINER_COMMAND in ${CONTAINER_COMMANDS_ENABLE} + do + case "${CONTAINER_COMMAND}" in + ${COMMAND}|all|about|logout|exit|help) + COMMAND_ALLOWED="true" + ;; + esac + done + + case "${COMMAND_ALLOWED}" in + true) + ;; + + *) + echo "'${COMMAND}': command not allowed for current user" >&2 + return + ;; + esac + fi + + if [ -n "${CONTAINER_COMMANDS_DISABLE}" ] + then + COMMAND_DISALLOWED="" + + for CONTAINER_COMMAND in ${CONTAINER_COMMANDS_DISABLE} + do + case "${CONTAINER_COMMAND}" in + ${COMMAND}|all|about|logout|exit|help) + COMMAND_DISALLOWED="true" + ;; + esac + done + + case "${COMMAND_DISALLOWED}" in + true) + echo "'${COMMAND}': command not allowed for current user" >&2 + return + ;; + esac + fi + + echo + sudo ${PROGRAM} ${COMMAND} ${OPTIONS} || true } trap 'echo' EXIT HUP INT QUIT TERM diff --git a/lib/container/auto b/lib/container/auto index 45aa68f..cbacad2 100755 --- a/lib/container/auto +++ b/lib/container/auto @@ -104,7 +104,12 @@ esac for FILE in "${CONFIG}"/*.conf do - if grep -Eqs "^ *cnt.auto=true" "${FILE}" || grep -Eqs "^ *cnt.auto=${HOST}" "${FILE}" + if grep -Eqs "^ *cnt.auto=force-true" "${FILE}" + then + OPTIONS="${OPTIONS} -f" + fi + + if grep -Eqs "^ *cnt.auto=(force-true|true)" "${FILE}" && grep -Eqs "^ *cnt.container-server=${HOST}" "${FILE}" then CONTAINER="$(basename ${FILE} .conf)" diff --git a/lib/container/create b/lib/container/create index 1a6f4d5..570492f 100755 --- a/lib/container/create +++ b/lib/container/create @@ -27,7 +27,7 @@ SCRIPTS="/usr/share/container-tools/scripts" Parameters () { - GETOPT_LONGOPTIONS="name:,cnt.auto:,cnt.overlay:,bind:,bind-ro:,capability:,drop-capability:script:," + GETOPT_LONGOPTIONS="name:,cnt.container-server:,cnt.overlay:,bind:,bind-ro:,capability:,drop-capability:script:," GETOPT_OPTIONS="n:,b:,c:,d:,s:," PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${COMMAND} --options ${GETOPT_OPTIONS} --shell sh -- ${@})" @@ -53,6 +53,11 @@ Parameters () shift 2 ;; + --cnt.container-server) + CNT_CONTAINER_SERVER="${2}" + shift 2 + ;; + --cnt.overlay) CNT_OVERLAY="${2}" shift 2 @@ -98,7 +103,7 @@ Parameters () Usage () { - echo "Usage: container ${COMMAND} -n|--name NAME [--cnt.auto=true|false|FQDN] [--cnt.overlay=DIRECTORY_LOWER:DIRECTORY_UPPER:DIRECTORY_WORK:DIRECTORY_MERGED] [-b|--bind DIRECTORY:DIRECTORY[:OPTIONS]] [--bind-ro DIRECTORY:DIRECTORY[:OPTIONS]] [-c|--capability CAPABILITY[,CAPABILITY]] [-d|--drop-capability DROP_CAPABILITY[,DROP_CAPABILITY]] [-s|--script SCRIPT] [-- SCRIPT_OPTIONS]" >&2 + echo "Usage: container ${COMMAND} -n|--name NAME [--cnt.container-server=true|false|FQDN] [--cnt.overlay=DIRECTORY_LOWER:DIRECTORY_UPPER:DIRECTORY_WORK:DIRECTORY_MERGED] [-b|--bind DIRECTORY:DIRECTORY[:OPTIONS]] [--bind-ro DIRECTORY:DIRECTORY[:OPTIONS]] [-c|--capability CAPABILITY[,CAPABILITY]] [-d|--drop-capability DROP_CAPABILITY[,DROP_CAPABILITY]] [-s|--script SCRIPT] [-- SCRIPT_OPTIONS]" >&2 exit 1 } @@ -145,7 +150,7 @@ else fi fi -CNT_AUTO="${CNT_AUTO:-$(hostname -f)}" +CNT_CONTAINER_SERVER="${CNT_CONTAINER_SERVER:-$(hostname -f)}" # Pre hooks for FILE in "${HOOKS}/pre-${COMMAND}".* "${HOOKS}/${NAME}.pre-${COMMAND}" @@ -205,6 +210,7 @@ fi mkdir -p "${CONFIG}" sed -e "s|@CNT_AUTO@|${CNT_AUTO}|g" \ + -e "s|@CNT_CONTAINER_SERVER@|${CNT_CONTAINER_SERVER}|g" \ -e "s|@CNT_NETWORK_BRIDGE@|${CNT_NETWORK_BRIDGE}|g" \ -e "s|@CNT_OVERLAY@|${CNT_OVERLAY}|g" \ -e "s|@NAME@|${NAME}|g" \ diff --git a/lib/container/list b/lib/container/list index 9bf61c4..cd88475 100755 --- a/lib/container/list +++ b/lib/container/list @@ -130,7 +130,7 @@ List () { case "${FORMAT}" in cli) - printf "%-80s %-29s\n" "${STATUS} ${BLUE}${CONTAINER}${NORMAL}" "${YELLOW}${ADDRESS}${NORMAL}" + printf "%1s %-74s %-19s\n" "${STATUS}" "${BLUE}${CONTAINER}${NORMAL}" "${YELLOW}${ADDRESS}${NORMAL}" ;; csv) @@ -222,7 +222,7 @@ case "${FORMAT}" in NORMAL="$(tput sgr0)" cat << EOF -${WHITE} ${NORMAL} Container IPv4 Address(es) +${WHITE} ${NORMAL} Container IPv4 Address(es) -------------------------------------------------------------------------------- EOF @@ -329,10 +329,10 @@ do if [ -e "${CONFIG}/${CONTAINER}.conf" ] then - AUTO="$(awk -F= '/^cnt.auto=/ { print $2 }' ${CONFIG}/${CONTAINER}.conf)" - AUTO="${AUTO:-false}" + CONTAINER_SERVER="$(awk -F= '/^cnt.container-server=/ { print $2 }' ${CONFIG}/${CONTAINER}.conf)" + CONTAINER_SERVER="${CONTAINER_SERVER:-false}" - case "${AUTO}" in + case "${CONTAINER_SERVER}" in ${HOST}|true) ;; @@ -347,7 +347,7 @@ do case "${STATE}" in running) STATE="started" - STATUS="${GREEN}✔${NORMAL}" + STATUS="${GREEN}●${NORMAL}" ;; other) @@ -356,7 +356,7 @@ do *) STATE="stopped" - STATUS="${RED}✘${NORMAL}" + STATUS="${RED}●${NORMAL}" ;; esac diff --git a/lib/container/top b/lib/container/top new file mode 100755 index 0000000..0ff1834 --- /dev/null +++ b/lib/container/top @@ -0,0 +1,113 @@ +#!/bin/sh + +# container-tools - Manage systemd-nspawn containers +# Copyright (C) 2014-2017 Daniel Baumann +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +set -e + +Parameters () +{ + GETOPT_LONGOPTIONS="delay:," + GETOPT_OPTIONS="d:," + + PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${COMMAND} --options ${GETOPT_OPTIONS} --shell sh -- ${@})" + + if [ "${?}" != "0" ] + then + echo "'${COMMAND}': getopt exit" >&2 + exit 1 + fi + + eval set -- "${PARAMETERS}" + + while true + do + case "${1}" in + -d|--delay) + DELAY="${2}" + shift 2 + ;; + + --) + shift 1 + break + ;; + + *) + echo "'${COMMAND}': getopt error" >&2 + exit 1 + ;; + esac + done +} + +Usage () +{ + echo "Usage: container ${COMMAND} [-d|--delay DELAY]" >&2 + exit 1 +} + +Parameters "${@}" + +DELAY="${DELAY:-1}" +HOST="$(hostname -f)" + +# Pre hooks +for FILE in "${HOOKS}/pre-${COMMAND}".* "${HOOKS}/${NAME}.pre-${COMMAND}" +do + if [ -x "${FILE}" ] + then + "${FILE}" + fi +done + +# Run +Top () +{ + HOME="$(tput cup 0 0)" + ED="$(tput ed)" + EL="$(tput el)" + + printf '%s%s' "${HOME}" "${ED}" + + while true + do + ROWS="$(tput lines)" + COLS="$(tput cols)" + CMD="${@}" + + ${SHELL:=sh} -c "${CMD}" | head -n ${ROWS} | while IFS= read LINE + do + printf '%-*.*s%s\n' ${COLS} ${COLS} "${LINE}" "${EL}" + done + + printf '%s%s' "${ED}" "${HOME}" + sleep ${DELAY} + done +} + +trap 'clear' EXIT HUP INT QUIT TERM + +Top "container list && printf '%-59s %-19s\n' \" Host: ${HOST}\" \"\$(date +%Y-%m-%d\ %H:%M:%S)\"" + +# Post hooks +for FILE in "${HOOKS}/post-${COMMAND}".* "${HOOKS}/${NAME}.post-${COMMAND}" +do + if [ -x "${FILE}" ] + then + "${FILE}" + fi +done diff --git a/share/bash-completion/container b/share/bash-completion/container index 3995a16..8847419 100644 --- a/share/bash-completion/container +++ b/share/bash-completion/container @@ -230,6 +230,12 @@ _container() esac ;; + top) + opts="-d --delay" + COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) + return 0 + ;; + version) return 0 ;; diff --git a/share/config/container.conf.in b/share/config/container.conf.in index bf1ecc5..322e2c9 100644 --- a/share/config/container.conf.in +++ b/share/config/container.conf.in @@ -2,6 +2,7 @@ [start] cnt.auto=@CNT_AUTO@ +cnt.container-server=@CNT_CONTAINER_SERVER@ cnt.network-bridge=@CNT_NETWORK_BRIDGE@ cnt.overlay=@CNT_OVERLAY@ bind=@BIND@ diff --git a/share/doc/HOST-SETUP.txt b/share/doc/HOST-SETUP.txt index 73d1ce1..72d42d5 100644 --- a/share/doc/HOST-SETUP.txt +++ b/share/doc/HOST-SETUP.txt @@ -5,7 +5,7 @@ container-tools: Host Setup 1. Debian Packages ------------------- -apt install net-tools bridge-utils ifenslave vlan +apt install bridge-utils ifenslave vlan 2. Boot Parameters @@ -54,7 +54,7 @@ iface lo inet loopback iface eth0 inet manual -auto br0 +allow-hotplug br0 iface br0 inet dhcp bridge_ports eth0 bridge_fd 0 @@ -76,7 +76,7 @@ iface lo inet loopback iface eth0 inet manual -auto br0 +allow-hotplug br0 iface br0 inet static address 10.0.0.2 gateway 10.0.0.1 @@ -103,10 +103,10 @@ source /etc/network/interfaces.d/* auto lo iface lo inet loopback -auto eth0 +allow-hotplug eth0 iface eth0 inet dhcp -auto br0 +allow-hotplug br0 iface br0 inet static address 10.0.0.1 netmask 255.255.255.0 @@ -131,14 +131,14 @@ source /etc/network/interfaces.d/* auto lo iface lo inet loopback -auto eth0 +allow-hotplug eth0 iface eth0 inet dhcp iface eth1 inet manual iface eth2 inet manual -auto bond0 +allow-hotplug bond0 iface bond0 inet manual up ifconfig bond0 0.0.0.0 up down ifconfig bond0 down @@ -155,7 +155,7 @@ iface bond0 inet manual iface bond0.100 inet manual vlan-raw-device bond0 -auto br100 +allow-hotplug br100 iface br100 inet static address 10.100.0.2 #gateway 10.100.0.1 diff --git a/share/man/container-shell.1.txt b/share/man/container-shell.1.txt index 6d792b8..760e0c5 100644 --- a/share/man/container-shell.1.txt +++ b/share/man/container-shell.1.txt @@ -53,6 +53,39 @@ All container commands are available, see container(1). Additionally, the follow *logout*, *exit:*:: exits container-shell. +USAGE +----- +Although the container-shell can be started from a running system like any other program, the main intend is to use the +container-shell via SSH. That way otherwise unprivileged users have possibility to manage containers without +needing a regular shell login on the container server. + +For usage over SSH a unprivileged user should be created: + + sudo adduser --gecos "container-tools,,," \ + --home /var/lib/container-tools/container-shell \ + --shell /usr/bin/container-shell + +The container-shell can then be allowed for specific SSH keys via /var/ib/container-tools/container-shell/.ssh/authorized_keys like so: + + command="/usr/bin/container-shell",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa [...] + + +RESTRICTED SHELL +---------------- +The container-shell by default grants any user that has access to it to use all available container commands. + +Through two corresponding environment variables users can be allowed or disallowed to use specific container commands. +In connection with SSH this makes it possible to grant certain SSH keys (and by that, users) privileges to operate container +servers without having to give them root access, a login shell at all and prevents them from doing things they are not trusted to do. + +Example (blacklisting): In order to allow all commands except for removing and stopping containers, the following variable can be used: + + command="CONTAINER_COMMANDS_DISABLE='remove stop' /usr/bin/container-shell",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa [...] + +Example (whitelisting): The other way around works too. To disallow all commands except for listing containers and showing the container-tools version, the following variable can be used: + + command="CONTAINER_COMMANDS_ENABLE='list version' /usr/bin/container-shell",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa [...] + SEE ALSO -------- diff --git a/share/man/container-top.1.txt b/share/man/container-top.1.txt new file mode 100644 index 0000000..5cc2a0a --- /dev/null +++ b/share/man/container-top.1.txt @@ -0,0 +1,75 @@ +// container-tools - Manage systemd-nspawn containers +// Copyright (C) 2014-2017 Daniel Baumann +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see . + +CONTAINER-TOP(1) +================ +:doctype: manpage +:man manual: Open Infrastructure +:man source: container-tools +:man version: {revnumber} + + +NAME +---- +container-top - Dynamic list container on the system + + +SYNOPSIS +-------- +*container top* ['OPTIONS'] + + +DESCRIPTION +----------- +The container top command dynamically lists container on the system. + + +OPTIONS +------- +The following container options are available, defaults to *--delay 1*: + +*-d, --delay='SECONDS[.TENTHS]'*:: + Specifies the delay between screen updates, defaults to 1. + + +EXAMPLES +-------- +*Dynamically list containers of the local system:*:: + sudo container top + + +SEE ALSO +-------- +container-tools(7), +container(1). + + +HOMEPAGE +-------- +More information about container-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net. + + +CONTACT +------- +Bug reports, feature requests, help, patches, support and everything else +are welcome on the Open Infrastructure Software Mailing List . + +Debian specific bugs can also be reported in the Debian Bug Tracking System at https://bugs.debian.org. + + +AUTHORS +------- +container-tools was written by Daniel Baumann . diff --git a/share/man/container.1.txt b/share/man/container.1.txt index fa94d7f..6bd2a12 100644 --- a/share/man/container.1.txt +++ b/share/man/container.1.txt @@ -83,6 +83,9 @@ The following container commands are available: *status*:: Show container status, see container-status(1). +*top*:: + Dynamic list of container on the system, see container-top(1). + *version*:: Show container-tools version, see container-version(1). diff --git a/share/scripts/curl b/share/scripts/curl index 18d49c0..a338020 100755 --- a/share/scripts/curl +++ b/share/scripts/curl @@ -57,6 +57,11 @@ Parameters () shift 2 ;; + --cnt.container-server) + # ignore + shift 2 + ;; + -s|--script) # ignore shift 2 diff --git a/share/scripts/debconf b/share/scripts/debconf index c90e851..5441acc 100755 --- a/share/scripts/debconf +++ b/share/scripts/debconf @@ -57,6 +57,11 @@ Parameters () shift 2 ;; + --cnt.container-server) + # ignore + shift 2 + ;; + -s|--script) # ignore shift 2 @@ -293,10 +298,6 @@ Package: * Pin: release n=${DIST}-updates Pin-Priority: 999 -Package: * -Pin: release n=${DIST}-lts -Pin-Priority: 999 - Package: * Pin: release n=${DIST}-extras Pin-Priority: 999 @@ -486,10 +487,6 @@ Configure_system () echo "deb ${PARENT_MIRROR} ${PARENT_DIST}-updates ${PARENT_AREA}" >> "${DIRECTORY}/etc/apt/sources.list.d/debian.list" ;; - ${PARENT_DIST}-lts) - echo "deb ${PARENT_MIRROR} ${PARENT_DIST}-lts ${PARENT_AREA}" >> "${DIRECTORY}/etc/apt/sources.list.d/debian.list" - ;; - ${PARENT_DIST}-backports) echo "deb ${PARENT_MIRROR} ${PARENT_DIST}-backports ${PARENT_AREA}" >> "${DIRECTORY}/etc/apt/sources.list.d/debian.list" ;; @@ -534,14 +531,6 @@ Configure_system () echo "deb ${MIRROR} ${DIST}-updates-staging ${AREA}" >> "${DIRECTORY}/etc/apt/sources.list.d/progress-linux.list" ;; - ${DIST}-lts) - echo "deb ${MIRROR} ${DIST}-lts ${AREA}" >> "${DIRECTORY}/etc/apt/sources.list.d/progress-linux.list" - ;; - - ${DIST}-lts-staging) - echo "deb ${MIRROR} ${DIST}-lts-staging ${AREA}" >> "${DIRECTORY}/etc/apt/sources.list.d/progress-linux.list" - ;; - ${DIST}-extras) if echo "${AREA}" | grep -qs non-free then @@ -724,7 +713,6 @@ EOF rm -f "${DIRECTORY}/.container-command" fi - } Configure_network () @@ -811,8 +799,6 @@ EOF Configure_systemd_networkd () { - # FIXME: postup/postdown: multi-interface route - DIRECTORY="${1}" # Enable systemd-networkd @@ -830,8 +816,8 @@ Configure_systemd_networkd () eval IPV4_ADDRESS="$`echo NETWORK${NUMBER}_IPV4_ADDRESS`" eval IPV4_GATEWAY="$`echo NETWORK${NUMBER}_IPV4_GATEWAY`" eval IPV4_NETMASK="$`echo NETWORK${NUMBER}_IPV4_NETMASK`" -# eval IPV4_POST_UP="$`echo NETWORK${NUMBER}_IPV4_POST_UP`" -# eval IPV4_POST_DOWN="$`echo NETWORK${NUMBER}_IPV4_POST_DOWN`" + eval IPV4_POST_UP="$`echo NETWORK${NUMBER}_IPV4_POST_UP`" + eval IPV4_POST_DOWN="$`echo NETWORK${NUMBER}_IPV4_POST_DOWN`" if [ -z "${IPV4_METHOD}" ] then @@ -879,6 +865,46 @@ EOF fi esac + if [ -n "${IPV4_POST_UP}" ] + then + +cat > "${DIRECTORY}/etc/systemd/system/cnt-ipv4-post-up-eth${NUMBER}.service" << EOF +[Unit] +Description=container-tools IPV4_POST_UP +After=network-online.target +Wants=network-online.target + +[Service] +Type=oneshot +ExecStart=/bin/sh -c "${IPV4_POST_UP}" + +[Install] +WantedBy=multi-user.target +EOF + + chroot "${DIRECTORY}" systemctl enable cnt-ipv4-post-up-eth${NUMBER}.service + fi + + if [ -n "${IPV4_POST_DOWN}" ] + then + +cat > "${DIRECTORY}/etc/systemd/system/cnt-ipv4-post-down-eth${NUMBER}.service" << EOF +[Unit] +Description=container-tools IPV4_POST_DOWN +After=network.target +Wants=network.target + +[Service] +Type=oneshot +ExecStart=/bin/sh -c "${IPV4_POST_DOWN}" + +[Install] +WantedBy=multi-user.target +EOF + + chroot "${DIRECTORY}" systemctl enable cnt-ipv4-post-down-eth${NUMBER}.service + fi + NUMBER="$((${NUMBER} + 1))" done } @@ -904,12 +930,14 @@ Commands () HOSTNAME_SHORT="$(echo ${NAME} | cut -c-8)" HOST_INTERFACE_NAME="$(echo ${NETWORK0_VETH:-veth-${HOSTNAME_SHORT}-0})" - sed -i -e "s|^cnt.auto=.*|cnt.auto=${CNT_AUTO}|" "${CONFIG}/${NAME}.conf" - sed -i -e "s|^cnt.network-bridge=.*|cnt.network-bridge=${HOST_INTERFACE_NAME}:${NETWORK0_BRIDGE:-br0}|g" "${CONFIG}/${NAME}.conf" - sed -i -e "s|^cnt.overlay=.*|cnt.overlay=${CNT_OVERLAY}|g" "${CONFIG}/${NAME}.conf" - sed -i -e "s|^bind=.*|bind=${BIND}|" "${CONFIG}/${NAME}.conf" - sed -i -e "s|^bind-ro=.*|bind-ro=${BIND_RO}|" "${CONFIG}/${NAME}.conf" - sed -i -e "s|^network-veth-extra=.*|network-veth-extra=${HOST_INTERFACE_NAME}:eth0|g" "${CONFIG}/${NAME}.conf" + sed -i -e "s|^cnt.auto=.*|cnt.auto=${CNT_AUTO}|g" \ + -e "s|^cnt.container-server=.*|cnt.container-server=${CNT_CONTAINER_SERVER}|g" \ + -e "s|^cnt.network-bridge=.*|cnt.network-bridge=${HOST_INTERFACE_NAME}:${NETWORK0_BRIDGE:-br0}|g" \ + -e "s|^cnt.overlay=.*|cnt.overlay=${CNT_OVERLAY}|g" \ + -e "s|^bind=.*|bind=${BIND}|g" \ + -e "s|^bind-ro=.*|bind-ro=${BIND_RO}|g" \ + -e "s|^network-veth-extra=.*|network-veth-extra=${HOST_INTERFACE_NAME}:eth0|g" \ + "${CONFIG}/${NAME}.conf" for NUMBER in $(seq 1 ${NETWORK_NUMBER}) do diff --git a/share/scripts/debconf.d/0003-debconf b/share/scripts/debconf.d/0003-debconf index 1364bd0..8e78b3e 100755 --- a/share/scripts/debconf.d/0003-debconf +++ b/share/scripts/debconf.d/0003-debconf @@ -182,8 +182,8 @@ Archives () ;; *) - db_subst cnt-debconf/archives CHOICES "Security, Updates, LTS, Backports, Proposed Updates" - db_subst cnt-debconf/archives CHOICES_C "${DISTRIBUTION}-security, ${DISTRIBUTION}-updates, ${DISTRIBUTION}-lts, ${DISTRIBUTION}-backports, ${DISTRIBUTION}-proposed-updates" + db_subst cnt-debconf/archives CHOICES "Security, Updates, Backports, Proposed Updates" + db_subst cnt-debconf/archives CHOICES_C "${DISTRIBUTION}-security, ${DISTRIBUTION}-updates, ${DISTRIBUTION}-backports, ${DISTRIBUTION}-proposed-updates" case "${PARENT_DISTRIBUTION}" in sid) @@ -191,7 +191,7 @@ Archives () ;; *) - #db_set cnt-debconf/archives "${DISTRIBUTION}-security, ${DISTRIBUTION}-updates, ${DISTRIBUTION}-lts, ${DISTRIBUTION}-backports" + #db_set cnt-debconf/archives "${DISTRIBUTION}-security, ${DISTRIBUTION}-updates, ${DISTRIBUTION}-backports" db_set cnt-debconf/archives "${DISTRIBUTION}-security, ${DISTRIBUTION}-updates" ;; esac @@ -204,10 +204,10 @@ Archives () progress-linux) DIST="$(echo ${DISTRIBUTION} | sed -e 's|-backports||')" - db_subst cnt-debconf/archives CHOICES "staging, Security, Security (staging), Updates, Updates (staging), LTS, LTS (staging), Extras, Extras (staging), Backports, Backports (staging), Backports Extras, Backports Extras (staging)" - db_subst cnt-debconf/archives CHOICES_C "${DIST}-staging, ${DIST}-security, ${DIST}-security-staging, ${DIST}-updates, ${DIST}-updates-staging, ${DIST}-lts, ${DIST}-lts-staging, ${DIST}-extras, ${DIST}-extras-staging, ${DIST}-backports, ${DIST}-backports-staging, ${DIST}-backports-extras, ${DIST}-backports-extras-staging" + db_subst cnt-debconf/archives CHOICES "staging, Security, Security (staging), Updates, Updates (staging), Extras, Extras (staging), Backports, Backports (staging), Backports Extras, Backports Extras (staging)" + db_subst cnt-debconf/archives CHOICES_C "${DIST}-staging, ${DIST}-security, ${DIST}-security-staging, ${DIST}-updates, ${DIST}-updates-staging, ${DIST}-extras, ${DIST}-extras-staging, ${DIST}-backports, ${DIST}-backports-staging, ${DIST}-backports-extras, ${DIST}-backports-extras-staging" - db_set cnt-debconf/archives "${DIST}-security, ${DIST}-updates, ${DIST}-lts, ${DIST}-extras, ${DIST}-backports, ${DIST}-backports-extras" + db_set cnt-debconf/archives "${DIST}-security, ${DIST}-updates, ${DIST}-extras, ${DIST}-backports, ${DIST}-backports-extras" db_fset cnt-debconf/archives seen false ;; esac @@ -235,12 +235,12 @@ Parent_archives () then case "${MODE}" in progress-linux) - db_subst cnt-debconf/parent-archives CHOICES "Security, Updates, LTS, Backports, Proposed Updates" - db_subst cnt-debconf/parent-archives CHOICES_C "${PARENT_DISTRIBUTION}-security, ${PARENT_DISTRIBUTION}-updates, ${PARENT_DISTRIBUTION}-lts, ${PARENT_DISTRIBUTION}-backports, ${PARENT_DISTRIBUTION}-proposed-updates" + db_subst cnt-debconf/parent-archives CHOICES "Security, Updates, Backports, Proposed Updates" + db_subst cnt-debconf/parent-archives CHOICES_C "${PARENT_DISTRIBUTION}-security, ${PARENT_DISTRIBUTION}-updates, ${PARENT_DISTRIBUTION}-backports, ${PARENT_DISTRIBUTION}-proposed-updates" case "${PARENT_DISTRIBUTION}" in *) - #db_set cnt-debconf/parent-archives "${PARENT_DISTRIBUTION}-security, ${PARENT_DISTRIBUTION}-lts, ${PARENT_DISTRIBUTION}-updates, ${PARENT_DISTRIBUTION}-backports" + #db_set cnt-debconf/parent-archives "${PARENT_DISTRIBUTION}-security, ${PARENT_DISTRIBUTION}-updates, ${PARENT_DISTRIBUTION}-backports" db_set cnt-debconf/parent-archives "${PARENT_DISTRIBUTION}-security, ${PARENT_DISTRIBUTION}-updates" ;; esac @@ -253,7 +253,7 @@ Parent_archives () ;; *) - db_subst cnt-debconf/parent-archives CHOICES "Security, Updates, LTS, Backports, Proposed Updates" + db_subst cnt-debconf/parent-archives CHOICES "Security, Updates, Backports, Proposed Updates" db_subst cnt-debconf/parent-archives CHOICES_C "${ARCHIVES}" db_set cnt-debconf/parent-archives "${ARCHIVES}" @@ -270,7 +270,7 @@ Parent_archives () progress-linux) case "${PARENT_DISTRIBUTION}" in *) - #PARENT_ARCHIVES="${PARENT_DISTRIBUTION}-security, ${PARENT_DISTRIBUTION}-updates, ${PARENT_DISTRIBUTION}-lts, ${PARENT_DISTRIBUTION}-backports" + #PARENT_ARCHIVES="${PARENT_DISTRIBUTION}-security, ${PARENT_DISTRIBUTION}-updates, ${PARENT_DISTRIBUTION}-backports" PARENT_ARCHIVES="${PARENT_DISTRIBUTION}-security, ${PARENT_DISTRIBUTION}-updates" ;; esac @@ -1008,18 +1008,26 @@ Internal_options () if db_get cnt-debconf/auto then - CNT_AUTO="${RET:-FQDN}" # string (w/o empty) + CNT_AUTO="${RET:-true}" # string (w/o empty) fi - CNT_AUTO="${CNT_AUTO:-FQDN}" + CNT_AUTO="${CNT_AUTO:-true}" + echo "CNT_AUTO=\"${CNT_AUTO}\"" >> "${DEBCONF_TMPDIR}/debconf.default" + + if db_get cnt-debconf/container-server + then + CNT_CONTAINER_SERVER="${RET:-FQDN}" # string (w/o empty) + fi + + CNT_CONTAINER_SERVER="${CNT_CONTAINER_SERVER:-FQDN}" - case "${CNT_AUTO}" in + case "${CNT_CONTAINER_SERVER}" in FQDN) - CNT_AUTO="$(hostname -f)" + CNT_CONTAINER_SERVER="$(hostname -f)" ;; esac - echo "CNT_AUTO=\"${CNT_AUTO}\"" >> "${DEBCONF_TMPDIR}/debconf.default" + echo "CNT_CONTAINER_SERVER=\"${CNT_CONTAINER_SERVER}\"" >> "${DEBCONF_TMPDIR}/debconf.default" if db_get cnt-debconf/bind then diff --git a/share/scripts/debootstrap b/share/scripts/debootstrap index 79a3193..0c19d54 100755 --- a/share/scripts/debootstrap +++ b/share/scripts/debootstrap @@ -56,6 +56,11 @@ Parameters () shift 2 ;; + --cnt.container-server) + # ignore + shift 2 + ;; + -s|--script) # ignore shift 2 -- cgit v1.2.3