From 7c700481a6acef0e68d5f0b792152d71d8b875ea Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Thu, 4 Aug 2016 15:45:42 +0200 Subject: Adding upstream version 20160801. Signed-off-by: Daniel Baumann --- CHANGELOG.txt | 239 +++++++++++++++++++++++++------- Makefile | 2 + README.txt | 11 +- VERSION.txt | 2 +- bin/container-nsenter | 22 +++ lib/container/create | 32 ++++- lib/container/enter | 12 +- lib/container/list | 6 - lib/container/remove | 25 +++- lib/container/start | 70 +++++++++- lib/container/status | 2 +- lib/container/stop | 23 +++ share/config/container.conf.in | 4 +- share/doc/examples/cairon-backports.cfg | 1 + share/man/container-create.1.txt | 3 + share/man/container-enter.1.txt | 5 +- share/man/container-remove.1.txt | 3 + share/man/container-start.1.txt | 3 + share/man/container-status.1.txt | 2 +- share/man/container-tools.7.txt | 14 +- share/man/container.1.txt | 3 + share/scripts/debconf | 43 ++++++ share/scripts/debconf.d/0003-debconf | 7 + 23 files changed, 431 insertions(+), 103 deletions(-) create mode 100755 bin/container-nsenter diff --git a/CHANGELOG.txt b/CHANGELOG.txt index da7bd1c..6c19f67 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,50 +1,132 @@ +2016-08-01 Daniel Baumann + + * Releasing version 20160801. + + [ Daniel Baumann ] + * Adding commit messages to previous changelog. + * Trimming usage example to basic commands only in readme file. + * Trimming usage example to basic commands only in container-tools manpage. + * Adding reference to container-status command in container manpage. + * Updating name in container-status manpage. + * Dropping lxc ignore in container list command. + * Adding hooks directory for pre and post execution of container commands. + + [ Simon Spöhel ] + * Changing container-status command to always show full output. + + [ Daniel Baumann ] + * Adding host system based overlay mounts. + * Adding error message in container start command if container is locked. + * Adding -f, --force option to container start command to remove stray lock files. + * Adding container-nsenter program for container enter command. + * Calling container-nsenter program from container enter command. + * Sorting container configuration file. + * Adding support for user namespace. + * Adding -v, --verbose option to container remove command. + 2016-07-01 Daniel Baumann * Releasing version 20160701. - * Correcting and extending bash-completion, thanks to Andreas Kreuzer. - * Improved container list command for shared storage setups. - * Correcting and updating existing documentation. - * Correcting bind mount options to work with multiple directories. - * Fixing minor issues: - - creating necessary directories for containers on demand. - - debconf container create script now configures automatic start for - new containers automatically again. - * Adding new container commands: - - container enter - - container rename - - container status, thanks to Simon Spoehel. + + [ Daniel Baumann ] + * Showing only local containers by default in container list command. + * Adding container enter command. + * Creating non-existing source directory for bind mounts automatically in container start command. + * Harmonizing defintions of long and short options in getopt code of container commands. + * Adding container rename command. + * Updating references to bug tracking system. + * Updating Git URL in installation instructions. + + [ Andreas Kreuzer ] + * Fixing bash-completion. + * Correcting container list manpage. + * Adding bash-completion for container enter command. + * Updating bash-completion for container list command. + * Updating bash-completion for format parameter in container list command. + * Updating bash-completion for container remove command. + + [ Daniel Baumann ] + * Using tabs instead of spaces for indentation in container bash-completion. + * Harmonizing head comments in container bash-completion. + * Looking up container create scripts dynamically in container bash-completion. + * Correcting local commands extraction in container bash-completion. + * Correcting bind mount directory creation in container create command to work with multiple directories at once. + * Correcting bind mount directory removal in container remove command to work with multiple directories at once. + * Using global path definition in container create command for consistency. + * Using global path definition in container version command for consistency. + * Always writing cnt.auto= default values to configuration files in debconf container create script. + * Adding asciicast introduction. + * Updating depends to install in readme file. + * Updating depends to install in container-tools manpage. + * Adding section about known limitations to readme file. + * Adding section about known limitations to container-tools manpage. + * Creating machines directory in container create scripts if it's not already existing. + + [ Philipp Plüss ] + * Correcting spelling typo in HOST-SETUP.txt. + + [ Simon Spöhel ] + * Adding container-status command. + + [ Daniel Baumann ] + * Adding bash-completion for container status command. 2016-06-15 Daniel Baumann * Releasing version 20160615. - * Adding support for shared storage setups. - * Adding bash-completion, thanks to Andreas Kreuzer. - * Improved looks of container list command. - * Correcting and updating existing documentation. + + [ Daniel Baumann ] + * Adding documentation key in systemd unit files. + * Correcting typo in readme. + * Updating download links in readme. + * Updating download links in container-tools manpage. + * Correcting typo in container-tools manpage. + * Updating vcs links in readme. + * Updating vcs links in container-tools manpage. + * Making makefile more generic. + * Completing cleanup of directories in makefile uninstall target. + * Silencing error message in container list command if machine directory is not readable. + * Excluding container-tools and .container-tools in /var/lib/machines as special directories to allow all container-tools ressources to be places on shared storage. + + [ Andreas Kreuzer ] + * Correcting limit manpage namespace. + + [ Daniel Baumann ] + * Correcting container list command to list container without IP adresses. + * Correcting aligning in container list command. + * Showing local containers in container list command only. + * Including apt-transport-https in default package selection of progress-linux container create script. + * Including systemd-sysv in default package selection of progress-linux container create script to prevent pulling in systemd-shim and cgmanager. + * Switching default entries for cdn.archive.progress-linux.org to HTTPS. + * Using UTF-8 symbols for container status. + + [ Andreas Kreuzer ] + * Adding bash-completion. 2016-06-01 Daniel Baumann * Releasing version 20160601. - * Adding support for auto and bind options to be preseedable in - debconf script. - * Activating bind mounts during container creation time already. - * Adding support for default container create script through - /usr/share/container-tools/scripts/default symlink. - * Correcting cleanup of temporary debconf files in debconf - script. - * Backward incompatible changes: - for consistency reasons, instead of any file only files with .cfg suffix are accepted as preseed files in /etc/container-tools/debconf. + [ Daniel Baumann ] + * Replacing http links in manpages with https. + * Adding bind option to bind mount directories in debconf script. + * Adding bind field in debconf cairon-backports example preseed file. + * Mounting bind mounts for the duration of the debconf script. + * Removing empty source directory of bind mounts in container stop command. + * Using safety measures of rm when removing containers because of (potentially) active bind mounts. + * Correcting cleanup of temporary debconf files in debconf script. + * Guessing default container script from /usr/share/container-tools/scripts/default symlink (if existing). + * Using .cfg suffix for preseed files of debconf script for consistency. + * Adding auto option to set automatic start in debconf script. + * Adding auto field in debconf cairon-backports example preseed file. + 2016-05-15 Daniel Baumann * Releasing version 20160515. - * Adding support for multiple interfaces per container. - * Adding automatic stop of all container on host shutdown. - * Correcting errors in documentation. - * Backward incompatible changes: - container network configuration in the [start] section for multi-interface support: @@ -65,41 +147,98 @@ old: cnt.autostart=true|FQDN new: cnt.auto=true|FQDN + [ Nik Lutz ] + * Fixing path argument of chmod for .container-command script in the debconf script. + * Using systemd to cleanup network interfaces after the container has been stopped. + * Using systemctl to start containers. + * Swaping parsing order of NETWORK_VETH_EXTRA and NETWORK_BRIDGES. + * Replacing systemd-nspawn '--network-bridge=' with one config file per interface in /etc/network/interfaces.d. + * Using eth[0-9] instead of host[0-9] in containers /etc/network/interface. + * Removing network interface configuration in /etc/network/interfaces.d after container stop. + * Using systemd-nspawn '--network-veth-extra=' instead of '--network-veth' (prerequisite for multiple network interface support per container). + * Adding veth name (cnt-debconf/network[0-9]/veth) configuration option to debconf script. + + [ Daniel Baumann ] + * Adjusting output of additional IP addresses in container list command. + * Correcting typo in debconf jessie example preseed file. + * Adding veth field in debconf cairon-backports example preseed file. + * Removing screen session handling in container-autostart program, containers start in background by default now. + * Reworking container-autostart program into container auto command. + 2016-05-01 Daniel Baumann * Releasing version 20160501. - * Adding multiple output formats in container list command. - * Adding status based listing of containers in container list command. - * Correcting errors in documentation. + + [ Daniel Baumann ] + * Correcting spelling error in changelog file. + * Excluding snapshot directories for cephfs and netapp in container list command. + * Adding short and full list format to container list command. + * Adding exit alias for logout in container-shell program. + * Correcting Debian stretch version number in container-tools manpage. + * Correcting Debian stretch version number in readme file. + * Adding links in development section of the container-tools manpage. + * Adding links in development section of the readme file. 2016-04-15 Daniel Baumann * Releasing version 20160415. - * Fixing minor issues: - - build system - - container-shell program - - documentation - - systemd unit for container-autostart - * Updated debian default mirror from httpredir.debian.org to ftp.debian.org. - * Backward incompatible changes: - container stop command option -k|--kill renamed to -f|--force for consistency + [ Daniel Baumann ] + * Removing hardcoded container reference when opening manpages in container-shell help. + * Using logout only to exit container-shell. + * Adding start note about logout to container-shell. + * Completing output of container-shell help command. + * Avoid aborting container-shell help command if no manpage is available. + * Adding container-shell about command. + * Adding notes about container-shell specific commands in container-shell manpage. + * Updating container-shell start message. + * Overwriting existing symlinks in makefiles install target. + * Adding extra empty line before each command output in container-shell. + * Updating apt comandline in installation instructions. + * Dropping unused syslog.target from container-autostart.service file. + * Excluding lost+found directory in container list command. + * Creating container program shortcut symlinks in makefile instead of keeping them in the sources. + * Creating container script shortcut symlinks in makefile instead of keeping them in the sources. + * Adding manpage symlinks for container script shortcut symlinks. + * Renaming container stop command option -k, --kill to -f, --force for consistency. + * Switching from httpredir.debian.org as default debian mirror to ftp.debian.org in debconf script. + 2016-04-01 Daniel Baumann * Releasing version 20160401. - * Adding native ARM architecture support. - * Adding new container programs: - - container-autostart - - container-shell - * Adding new container commands: - - limit - * Adding new container scripts: - - debconf - * Adding new container config options: - - capability and drop-capability - - blockio, cpu, memory and tasks limits - * Adding new and updating existing documentation. + + [ Daniel Baumann ] + * Creating configuration directory. + * Adding native ARM architecture support in container start command. + * Adding container-shell program. + * Adding container-autostart program. + * Adding container limit command. + * Adding capability and drop-capability config option. + * Adding blockio, cpu, memory and tasks limit config options. + * Adding debconf script. + * Updating year in copyright notices in container commands. + * Making removal message and answer handling of container remove command more userfriendly. + * Adding documentation about host setup. + * Correcting spelling in readme. + * Adding notes about installation to readme file. + * Adding notes about development to readme file. + * Correcting spelling in container-tools manpage. + * Updating comments in programs. + * Updating comments in commands. + * Updating comments in examples. + * Updating comments in manpages. + * Updating comments in scripts. + * Updating comments in makefile. + * Updating debconf title in debconf script. + * Correcting spelling in container program manpages. + * Adding notes about installation to container-tools manpage. + * Adding notes about development to container-tools manpage. + * Updating wording about Debian and Debian based containers in container-create-* manpages. + * Updating wording about Debian and Debian based containers in jessie example file. + * Updating container-tools description in readme file. + * Updating container-tools description in manpages. 2016-03-01 Daniel Baumann diff --git a/Makefile b/Makefile index 1a411c2..e61c559 100644 --- a/Makefile +++ b/Makefile @@ -55,6 +55,7 @@ build: share/man/*.txt install: build mkdir -p $(DESTDIR)/etc/${SOFTWARE}/config mkdir -p $(DESTDIR)/etc/${SOFTWARE}/debconf + mkdir -p $(DESTDIR)/etc/${SOFTWARE}/hooks mkdir -p $(DESTDIR)/usr/bin cp -r bin/* $(DESTDIR)/usr/bin @@ -145,6 +146,7 @@ uninstall: rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/etc/${SOFTWARE}/config || true rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/etc/${SOFTWARE}/debconf || true + rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/etc/${SOFTWARE}/hooks || true rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/etc/${SOFTWARE} || true rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/etc || true diff --git a/README.txt b/README.txt index 9ca0598..5a9d680 100644 --- a/README.txt +++ b/README.txt @@ -67,27 +67,20 @@ container-tools currently do not work with systemd-networkd and depend on ifupdo * Start a container: sudo container start -n NAME - * Restart a container: - sudo container restart -n NAME - * Stop a container: sudo container stop -n NAME * Remove a container: sudo container remove -n NAME - * Attach console to a container: - sudo container console -n NAME - - * Limit ressources of a container: - sudo container limit -n NAME --cpu-quota 10% - * List container on the system: sudo container list * Show container-tools version: container version +See container(1) for a list of all container commands. + 7. Links -------- diff --git a/VERSION.txt b/VERSION.txt index f48d32f..d8079d5 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1 +1 @@ -20160701 +20160801 diff --git a/bin/container-nsenter b/bin/container-nsenter new file mode 100755 index 0000000..7c83361 --- /dev/null +++ b/bin/container-nsenter @@ -0,0 +1,22 @@ +#!/bin/sh + +# container-tools - Manage systemd-nspawn containers +# Copyright (C) 2014-2016 Daniel Baumann +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +set -e + +# Run +script -c "/bin/bash -l" -q /dev/null diff --git a/lib/container/create b/lib/container/create index 8080ffa..cb51871 100755 --- a/lib/container/create +++ b/lib/container/create @@ -26,7 +26,7 @@ SCRIPTS="/usr/share/container-tools/scripts" Parameters () { - LONG_OPTIONS="name:,cnt.auto:,bind:,capability:,drop-capability:script:," + LONG_OPTIONS="name:,cnt.auto:,cnt.overlay:,bind:,capability:,drop-capability:script:," OPTIONS="n:,b:,c:,d:,s:," PARAMETERS="$(getopt --longoptions ${LONG_OPTIONS} --name=${COMMAND} --options ${OPTIONS} --shell sh -- ${@})" @@ -52,6 +52,11 @@ Parameters () shift 2 ;; + --cnt.overlay) + CNT_OVERLAY="${2}" + shift 2 + ;; + -b|--bind) BIND="${2}" shift 2 @@ -87,7 +92,7 @@ Parameters () Usage () { - echo "Usage: container ${COMMAND} -n|--name NAME [--cnt.auto=true|false|FQDN] [-b|--bind DIRECTORY:DIRECTORY[:OPTIONS]] [-c|--capability CAPABILITY[,CAPABILITY]] [-d|--drop-capability DROP_CAPABILITY[,DROP_CAPABILITY]] [-s|--script SCRIPT] [-- SCRIPT_OPTIONS]" >&2 + echo "Usage: container ${COMMAND} -n|--name NAME [--cnt.auto=true|false|FQDN] [--cnt.overlay=DIRECTORY_LOWER:DIRECTORY_UPPER:DIRECTORY_WORK:DIRECTORY_MERGED] [-b|--bind DIRECTORY:DIRECTORY[:OPTIONS]] [-c|--capability CAPABILITY[,CAPABILITY]] [-d|--drop-capability DROP_CAPABILITY[,DROP_CAPABILITY]] [-s|--script SCRIPT] [-- SCRIPT_OPTIONS]" >&2 exit 1 } @@ -149,20 +154,41 @@ then done fi +# Creating overlay mounts +if [ -n "${CNT_OVERLAY}" ] +then + CNT_OVERLAYS="$(echo ${CNT_OVERLAY} | sed -e 's|;| |g')" + + for CNT_OVERLAY in ${CNT_OVERLAYS} + do + DIRECTORY_LOWER="$(echo ${CNT_OVERLAY} | awk -F: '{ print $1 }')" + DIRECTORY_UPPER="$(echo ${CNT_OVERLAY} | awk -F: '{ print $2 }')" + DIRECTORY_WORK="$(echo ${CNT_OVERLAY} | awk -F: '{ print $3 }')" + DIRECTORY_MERGED="$(echo ${CNT_OVERLAY} | awk -F: '{ print $4 }')" + + for DIRECTORY in "${DIRECTORY_LOWER}" "${DIRECTORY_UPPER}" "${DIRECTORY_WORK}" "${DIRECTORY_MERGED}" + do + mkdir -p "${DIRECTORY}" + done + done +fi + # config mkdir -p "${CONFIG}" sed -e "s|@CNT_AUTO@|${CNT_AUTO}|g" \ -e "s|@CNT_NETWORK_BRIDGE@|${CNT_NETWORK_BRIDGE}|g" \ + -e "s|@CNT_OVERLAY@|${CNT_OVERLAY}|g" \ -e "s|@NAME@|${NAME}|g" \ -e "s|@BIND@|${BIND}|g" \ -e "s|@BOOT@|yes|g" \ -e "s|@CAPABILITY@|${CAPABILITY}|g" \ -e "s|@DIRECTORY@|${MACHINES}/${NAME}|g" \ -e "s|@DROP_CAPABILITY@|${DROP_CAPABILITY}|g" \ + -e "s|@LINK_JOURNAL@|no|g" \ -e "s|@MACHINE@|${NAME}|g" \ -e "s|@NETWORK_VETH_EXTRA@|${NETWORK_VETH_EXTRA}|g" \ - -e "s|@LINK_JOURNAL@|no|g" \ + -e "s|@PRIVATE_USERS@|no|g" \ -e "s|@REGISTER@|yes|g" \ /usr/share/container-tools/config/container.conf.in > "${CONFIG}/${NAME}.conf" diff --git a/lib/container/enter b/lib/container/enter index 101b43e..4eff504 100755 --- a/lib/container/enter +++ b/lib/container/enter @@ -60,7 +60,7 @@ Parameters () Usage () { - echo "Usage: container ${COMMAND} -n|--name NAME [-- COMMAND|\"COMMANDS\"]" >&2 + echo "Usage: container ${COMMAND} -n|--name NAME" >&2 exit 1 } @@ -90,7 +90,13 @@ case "${STATE}" in esac LEADER="$(machinectl status ${NAME} | awk '/Leader: / { print $2 }')" -COMMANDS="$(echo ${@} | sed -e 's|.*-- ||')" # Run -nsenter --target ${LEADER} --mount --uts --ipc --net --pid --root --wd=/root ${COMMANDS} +if [ -e "${MACHINES}/${NAME}/usr/bin/container-nsenter" ] +then + OPTIONS="/usr/bin/container-nsenter" +else + OPTIONS="" +fi + +nsenter --target ${LEADER} --mount --uts --ipc --net --pid --root --wd=/root ${OPTIONS} diff --git a/lib/container/list b/lib/container/list index 60ae782..d522623 100755 --- a/lib/container/list +++ b/lib/container/list @@ -148,12 +148,6 @@ CONTAINERS="$(cd "${MACHINES}" 2>/dev/null && find -maxdepth 1 -type d -and -not for CONTAINER in ${CONTAINERS} do - # FIXME: ignore lxc container for now - if [ -e "${MACHINES}/${CONTAINER}/rootfs" ] - then - continue - fi - STATE="$(machinectl show ${CONTAINER} 2>&1 | awk -F= '/^State=/ { print $2 }')" if [ -e "${CONFIG}/${CONTAINER}.conf" ] diff --git a/lib/container/remove b/lib/container/remove index e4bb20c..843e9c3 100755 --- a/lib/container/remove +++ b/lib/container/remove @@ -25,8 +25,8 @@ MACHINES="/var/lib/machines" Parameters () { - LONG_OPTIONS="name:,force," - OPTIONS="n:,f," + LONG_OPTIONS="name:,force,verbose," + OPTIONS="n:,f,v," PARAMETERS="$(getopt --longoptions ${LONG_OPTIONS} --name=${COMMAND} --options ${OPTIONS} --shell sh -- ${@})" @@ -51,6 +51,11 @@ Parameters () shift 1 ;; + -f|--verbose) + VERBOSE="true" + shift 1 + ;; + --) shift 1 break @@ -66,7 +71,7 @@ Parameters () Usage () { - echo "Usage: container ${COMMAND} -n|--name NAME [-f|--force]" >&2 + echo "Usage: container ${COMMAND} -n|--name NAME [-f|--force] [-v|--verbose]" >&2 exit 1 } @@ -113,6 +118,16 @@ case "${FORCE}" in ;; esac +case "${VERBOSE}" in + true) + RM_OPTIONS="--verbose" + ;; + + *) + RM_OPTIONS="" + ;; +esac + # data if [ -e "${CONFIG}/${NAME}.conf" ] then @@ -133,5 +148,5 @@ then fi # Run -rm --preserve-root --one-file-system -rf "${MACHINES}/${NAME}" -rm -f "${CONFIG}/${NAME}.conf" +rm --preserve-root --one-file-system -rf ${RM_OPTIONS} "${MACHINES}/${NAME}" +rm -f ${RM_OPTIONS} "${CONFIG}/${NAME}.conf" diff --git a/lib/container/start b/lib/container/start index a4dc033..5191ae2 100755 --- a/lib/container/start +++ b/lib/container/start @@ -28,8 +28,8 @@ SYSTEMCTL="true" Parameters () { - LONG_OPTIONS="name:,nspawn,start," - OPTIONS="n:," + LONG_OPTIONS="name:,force,nspawn,start," + OPTIONS="n:f," PARAMETERS="$(getopt --longoptions ${LONG_OPTIONS} --name=${COMMAND} --options ${OPTIONS} --shell sh -- ${@})" @@ -49,6 +49,11 @@ Parameters () shift 2 ;; + -f|--force) + FORCE="true" + shift 1 + ;; + --nspawn) # internal option SYSTEMCTL="false" @@ -77,7 +82,7 @@ Parameters () Usage () { - echo "Usage: container ${COMMAND} -n|--name NAME" >&2 + echo "Usage: container ${COMMAND} -n|--name NAME [-f|--force]" >&2 exit 1 } @@ -107,6 +112,20 @@ case "${START}" in ;; esac +if [ -e "${MACHINES}/.#${NAME}.lck" ] +then + case "${FORCE}" in + true) + rm -f "${MACHINES}/.#${NAME}.lck" + ;; + + *) + echo "'${NAME}': container is locked" >&2 + exit 1 + ;; + esac +fi + HOST_ARCHITECTURE="$(dpkg --print-architecture)" MACHINE_ARCHITECTURE="$(chroot ${MACHINES}/${NAME} dpkg --print-architecture)" @@ -139,6 +158,31 @@ esac # config if [ -e "${CONFIG}/${NAME}.conf" ] then + CNT_OVERLAY="$(awk -F= '/^cnt.overlay=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + + if [ -n "${CNT_OVERLAY}" ] + then + CNT_OVERLAYS="$(echo ${CNT_OVERLAY} | sed -e 's|;| |g')" + + for CNT_OVERLAY in ${CNT_OVERLAYS} + do + DIRECTORY_LOWER="$(echo ${CNT_OVERLAY} | awk -F: '{ print $1 }')" + DIRECTORY_UPPER="$(echo ${CNT_OVERLAY} | awk -F: '{ print $2 }')" + DIRECTORY_WORK="$(echo ${CNT_OVERLAY} | awk -F: '{ print $3 }')" + DIRECTORY_MERGED="$(echo ${CNT_OVERLAY} | awk -F: '{ print $4 }')" + + for DIRECTORY in "${DIRECTORY_LOWER}" "${DIRECTORY_UPPER}" "${DIRECTORY_WORK}" "${DIRECTORY_MERGED}" + do + mkdir -p "${DIRECTORY}" + done + + if ! findmnt -n -o SOURCE "${DIRECTORY_MERGED}" | grep -qs '^cnt.overlay-' + then + mount cnt.overlay-${NAME} -t overlay -olowerdir="${DIRECTORY_LOWER}",upperdir="${DIRECTORY_UPPER}",workdir="${DIRECTORY_WORK}",default_permissions "${DIRECTORY_MERGED}" + fi + done + fi + BIND="$(awk -F= '/^bind=/ { print $2 }' ${CONFIG}/${NAME}.conf)" if [ -n "${BIND}" ] @@ -199,6 +243,18 @@ then ;; esac + LINK_JOURNAL="$(awk -F= '/^link-journal=/ { print $2 }' ${CONFIG}/${NAME}.conf || echo no)" + + case "${LINK_JOURNAL}" in + yes) + LINK_JOURNAL="--link-journal=yes" + ;; + + *) + LINK_JOURNAL="--link-journal=no" + ;; + esac + MACHINE="--machine=${NAME}" NETWORK_VETH_EXTRA_CONF="$(awk -F= '/^network-veth-extra=/ { print $2 }' ${CONFIG}/${NAME}.conf)" @@ -256,15 +312,15 @@ EOF ;; esac - LINK_JOURNAL="$(awk -F= '/^link-journal=/ { print $2 }' ${CONFIG}/${NAME}.conf || echo no)" + PRIVATE_USERS="$(awk -F= '/^private-users=/ { print $2 }' ${CONFIG}/${NAME}.conf || echo no)" - case "${LINK_JOURNAL}" in + case "${PRIVATE_USERS}" in yes) - LINK_JOURNAL="--link-journal=yes" + PRIVATE_USERS="--private-users=yes" ;; *) - LINK_JOURNAL="--link-journal=no" + PRIVATE_USERS="--private-users=no" ;; esac diff --git a/lib/container/status b/lib/container/status index a41d005..b797c98 100755 --- a/lib/container/status +++ b/lib/container/status @@ -79,4 +79,4 @@ then fi # Run -systemctl status container@${NAME}.service +systemctl status container@${NAME}.service --full diff --git a/lib/container/stop b/lib/container/stop index dc78f05..ec24d51 100755 --- a/lib/container/stop +++ b/lib/container/stop @@ -94,6 +94,29 @@ STATE="$(machinectl show ${NAME} 2>&1 | awk -F= '/^State=/ { print $2 }')" case "${CLEAN}" in true) + # Removing overlay mounts + CNT_OVERLAY="$(awk -F= '/^cnt.overlay=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + + if [ -n "${CNT_OVERLAY}" ] + then + CNT_OVERLAYS="$(echo ${CNT_OVERLAY} | sed -e 's|;| |g')" + + for CNT_OVERLAY in ${CNT_OVERLAYS} + do + DIRECTORY_LOWER="$(echo ${CNT_OVERLAY} | awk -F: '{ print $1 }')" + DIRECTORY_UPPER="$(echo ${CNT_OVERLAY} | awk -F: '{ print $2 }')" + DIRECTORY_WORK="$(echo ${CNT_OVERLAY} | awk -F: '{ print $3 }')" + DIRECTORY_MERGED="$(echo ${CNT_OVERLAY} | awk -F: '{ print $4 }')" + + umount -f "${DIRECTORY_MERGED}" + + for DIRECTORY in "${DIRECTORY_LOWER}" "${DIRECTORY_UPPER}" "${DIRECTORY_WORK}" "${DIRECTORY_MERGED}" + do + rmdir --ignore-fail-on-non-empty --parents ${DIRECTORY} > /dev/null 2>&1 || true + done + done + fi + # Removing bind mounts BIND="$(awk -F= '/^bind=/ { print $2 }' ${CONFIG}/${NAME}.conf)" diff --git a/share/config/container.conf.in b/share/config/container.conf.in index dd52adb..b5678c0 100644 --- a/share/config/container.conf.in +++ b/share/config/container.conf.in @@ -3,14 +3,16 @@ [start] cnt.auto=@CNT_AUTO@ cnt.network-bridge=@CNT_NETWORK_BRIDGE@ +cnt.overlay=@CNT_OVERLAY@ bind=@BIND@ boot=@BOOT@ capability=@CAPABILITY@ directory=@DIRECTORY@ drop-capability=@DROP_CAPABILITY@ +link-journal=@LINK_JOURNAL@ machine=@MACHINE@ network-veth-extra=@NETWORK_VETH_EXTRA@ -link-journal=@LINK_JOURNAL@ +private-users=@PRIVATE_USERS@ register=@REGISTER@ [limit] diff --git a/share/doc/examples/cairon-backports.cfg b/share/doc/examples/cairon-backports.cfg index eed9fd6..8243bbc 100644 --- a/share/doc/examples/cairon-backports.cfg +++ b/share/doc/examples/cairon-backports.cfg @@ -64,4 +64,5 @@ container-tools cnt-debconf/nameserver/options string timeout:1 attempts:1 #container-tools cnt-debconf/container-command string #container-tools cnt-debconf/host-command string container-tools cnt-debconf/auto string FQDN +#container-tools cnt-debconf/overlay string #container-tools cnt-debconf/bind string diff --git a/share/man/container-create.1.txt b/share/man/container-create.1.txt index b7a4f01..4fe592f 100644 --- a/share/man/container-create.1.txt +++ b/share/man/container-create.1.txt @@ -56,6 +56,9 @@ The following container-create options are available: *-b, --bind='DIRECTORY:DIRECTORY[:OPTIONS][;DIRECTORY:DIRECTORY[:OPTIONS]]'*:: Specify container bind mounts, see systemd-nspawn(1) --bind option. +*--cnt-overlay='DIRECTORY_LOWER:DIRECTORY_UPPER:DIRECTORY_WORK:DIRECTORY_MERGED[;DIRECTORY_UPPER:DIRECTORY_LOWER:DIRECTORY_WORK:DIRECTORY_MERGED]'*:: + Specify container overlay mounts, see Documentation/filesystems/overlayfs.txt. + SCRIPTS ------- diff --git a/share/man/container-enter.1.txt b/share/man/container-enter.1.txt index 792cac7..61c0f66 100644 --- a/share/man/container-enter.1.txt +++ b/share/man/container-enter.1.txt @@ -29,7 +29,7 @@ container-enter - Enter a container namespace SYNOPSIS -------- -*container enter* ['OPTIONS'] [-- COMMAND|"COMMANDS"] +*container enter* ['OPTIONS'] DESCRIPTION @@ -50,9 +50,6 @@ EXAMPLES *Enter to example.net container namespace:*:: sudo container enter -n example.net -*Execute 'ip a' in example.net container namespace:*:: - sudo container enter -n example.net -- 'ip a' - SEE ALSO -------- diff --git a/share/man/container-remove.1.txt b/share/man/container-remove.1.txt index cb9b77f..cad779f 100644 --- a/share/man/container-remove.1.txt +++ b/share/man/container-remove.1.txt @@ -47,6 +47,9 @@ The following container options are available: *-f, --force*:: Do not prompt before removal. +*-v, --verbose*:: + Explain what is being done. + EXAMPLES -------- diff --git a/share/man/container-start.1.txt b/share/man/container-start.1.txt index 313587d..bf1d8de 100644 --- a/share/man/container-start.1.txt +++ b/share/man/container-start.1.txt @@ -44,6 +44,9 @@ The following container options are available: *-n, --name='NAME'*:: Specify container name. +*-f, --force'*:: + Removing stray lock file if existing. + EXAMPLES -------- diff --git a/share/man/container-status.1.txt b/share/man/container-status.1.txt index e5c700b..f1688dc 100644 --- a/share/man/container-status.1.txt +++ b/share/man/container-status.1.txt @@ -24,7 +24,7 @@ CONTAINER-STATUS(1) NAME ---- -container-status - Get the status of a container +container-status - Show container status SYNOPSIS diff --git a/share/man/container-tools.7.txt b/share/man/container-tools.7.txt index 7fd1a0f..604683f 100644 --- a/share/man/container-tools.7.txt +++ b/share/man/container-tools.7.txt @@ -87,30 +87,20 @@ USAGE *Start a container:*:: sudo container start -n NAME -*Restart a container:*:: - sudo container restart -n NAME - *Stop a container:*:: sudo container stop -n NAME *Remove a container:*:: sudo container remove -n NAME -*Attach console to a container:*:: - sudo container console -n NAME - -*Enter a container namespace:*:: - sudo container enter -n NAME - -*limit*:: - sudo container limit -n NAME --cpu-quota 10% - *List container on the system:*:: sudo container list *Show container-tools version:*:: container version +See container(1) for a list of all container commands. + LINKS ----- diff --git a/share/man/container.1.txt b/share/man/container.1.txt index d660379..32bd393 100644 --- a/share/man/container.1.txt +++ b/share/man/container.1.txt @@ -76,6 +76,9 @@ The following container commands are available: *list*:: List container on the system, see container-list(1). +*status*:: + Show container status, see container-status(1). + *version*:: Show container-tools version, see container-version(1). diff --git a/share/scripts/debconf b/share/scripts/debconf index aa1c798..4c89e6f 100755 --- a/share/scripts/debconf +++ b/share/scripts/debconf @@ -909,6 +909,7 @@ Commands () sed -i -e "s|^cnt.auto=.*|cnt.auto=${CNT_AUTO}|" "${CONFIG}/${NAME}.conf" sed -i -e "s|^cnt.network-bridge=.*|cnt.network-bridge=${HOST_INTERFACE_NAME}:${NETWORK0_BRIDGE:-br0}|g" "${CONFIG}/${NAME}.conf" + sed -i -e "s|^cnt.overlay=.*|cnt.overlay=${CNT_OVERLAY}|g" "${CONFIG}/${NAME}.conf" sed -i -e "s|^bind=.*|bind=${BIND}|" "${CONFIG}/${NAME}.conf" sed -i -e "s|^network-veth-extra=.*|network-veth-extra=${HOST_INTERFACE_NAME}:eth0|g" "${CONFIG}/${NAME}.conf" @@ -1010,12 +1011,54 @@ then done fi +# Mounting overlay mounts +if [ -n "${CNT_OVERLAY}" ] +then + CNT_OVERLAYS="$(echo ${CNT_OVERLAY} | sed -e 's|;| |g')" + + for CNT_OVERLAY in ${CNT_OVERLAYS} + do + DIRECTORY_LOWER="$(echo ${CNT_OVERLAY} | awk -F: '{ print $1 }')" + DIRECTORY_UPPER="$(echo ${CNT_OVERLAY} | awk -F: '{ print $2 }')" + DIRECTORY_WORK="$(echo ${CNT_OVERLAY} | awk -F: '{ print $3 }')" + DIRECTORY_MERGED="$(echo ${CNT_OVERLAY} | awk -F: '{ print $4 }')" + + for DIRECTORY in "${DIRECTORY_LOWER}" "${DIRECTORY_UPPER}" "${DIRECTORY_WORK}" "${DIRECTORY_MERGED}" + do + mkdir -p "${DIRECTORY}" + done + + mount -t overlay overlay-${NAME} -olowerdir="${DIRECTORY_LOWER}",upperdir="${DIRECTORY_UPPER}",workdir="${DIRECTORY_WORK}" "${DIRECTORY_MERGED}" + done +fi + Configure_system "${MACHINES}/${NAME}" Configure_network "${MACHINES}/${NAME}" Cleanup_system "${MACHINES}/${NAME}" Commands "${MACHINES}/${NAME}" +# Unmounting overlay mounts +if [ -n "${CNT_OVERLAY}" ] +then + CNT_OVERLAYS="$(echo ${CNT_OVERLAY} | sed -e 's|;| |g')" + + for CNT_OVERLAY in ${CNT_OVERLAYS} + do + DIRECTORY_LOWER="$(echo ${CNT_OVERLAY} | awk -F: '{ print $1 }')" + DIRECTORY_UPPER="$(echo ${CNT_OVERLAY} | awk -F: '{ print $2 }')" + DIRECTORY_WORK="$(echo ${CNT_OVERLAY} | awk -F: '{ print $3 }')" + DIRECTORY_MERGED="$(echo ${CNT_OVERLAY} | awk -F: '{ print $4 }')" + + umount -f "${DIRECTORY_MERGED}" + + for DIRECTORY in "${DIRECTORY_LOWER}" "${DIRECTORY_UPPER}" "${DIRECTORY_WORK}" "${DIRECTORY_MERGED}" + do + rmdir --ignore-fail-on-non-empty --parents ${DIRECTORY} > /dev/null 2>&1 || true + done + done +fi + # Unmounting bind mounts if [ -n "${BIND}" ] then diff --git a/share/scripts/debconf.d/0003-debconf b/share/scripts/debconf.d/0003-debconf index 15a6a15..548fb07 100755 --- a/share/scripts/debconf.d/0003-debconf +++ b/share/scripts/debconf.d/0003-debconf @@ -1063,6 +1063,13 @@ Internal_options () fi echo "BIND=\"${BIND}\"" >> "${DEBCONF_TMPDIR}/debconf.default" + + if db_get cnt-debconf/overlay + then + CNT_OVERLAY="${RET}" # string (w/ empty) + fi + + echo "CNT_OVERLAY=\"${CNT_OVERLAY}\"" >> "${DEBCONF_TMPDIR}/debconf.default" } Distribution -- cgit v1.2.3