From 18068f0826aeafc5643f86d915e12a84695e35a4 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Thu, 21 Apr 2016 19:46:30 +0200 Subject: Merging upstream version 20160401. Signed-off-by: Daniel Baumann --- lib/container/console | 4 +- lib/container/create | 34 +++++++-- lib/container/limit | 187 ++++++++++++++++++++++++++++++++++++++++++++++++++ lib/container/list | 4 +- lib/container/remove | 10 +-- lib/container/restart | 4 +- lib/container/start | 134 +++++++++++++++++++++++++++++++++--- lib/container/stop | 4 +- lib/container/version | 4 +- 9 files changed, 355 insertions(+), 30 deletions(-) create mode 100755 lib/container/limit (limited to 'lib') diff --git a/lib/container/console b/lib/container/console index e8f73be..779f3a6 100755 --- a/lib/container/console +++ b/lib/container/console @@ -1,7 +1,7 @@ #!/bin/sh -# Open Infrastructure: container-tools -# Copyright (C) 2014-2015 Daniel Baumann +# container-tools - Manage systemd-nspawn containers +# Copyright (C) 2014-2016 Daniel Baumann # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/container/create b/lib/container/create index d267641..fab9f5b 100755 --- a/lib/container/create +++ b/lib/container/create @@ -1,7 +1,7 @@ #!/bin/sh -# Open Infrastructure: container-tools -# Copyright (C) 2014-2015 Daniel Baumann +# container-tools - Manage systemd-nspawn containers +# Copyright (C) 2014-2016 Daniel Baumann # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -25,8 +25,8 @@ MACHINES="/var/lib/machines" Parameters () { - LONG_OPTIONS="name:,bind:,script:" - OPTIONS="n:,b:,s:" + LONG_OPTIONS="name:,cnt.autostart:,bind:,capability:,drop-capability:script:" + OPTIONS="n:,b:,c:,d:,s:" PARAMETERS="$(getopt --longoptions ${LONG_OPTIONS} --name=${COMMAND} --options ${OPTIONS} --shell sh -- ${@})" @@ -46,11 +46,26 @@ Parameters () shift 2 ;; + --cnt.autostart) + CNT_AUTOSTART="${2}" + shift 2 + ;; + -b|--bind) BIND="${2}" shift 2 ;; + -c|--capability) + CAPABILITY="${2}" + shift 2 + ;; + + -d|--drop-capability) + DROP_CAPABILITY="${2}" + shift 2 + ;; + -s|--script) SCRIPT="${2}" shift 2 @@ -71,7 +86,7 @@ Parameters () Usage () { - echo "Usage: container ${COMMAND} -n|--name NAME [-b|--bind DIRECTORY:DIRECTORY[:OPTIONS]] [-s|--script SCRIPT] [-- SCRIPT_OPTIONS]" >&2 + echo "Usage: container ${COMMAND} -n|--name NAME [--cnt.autostart=true|false|FQDN] [-b|--bind DIRECTORY:DIRECTORY[:OPTIONS]] [-c|--capability CAPABILITY[,CAPABILITY]] [-d|--drop-capability DROP_CAPABILITY[,DROP_CAPABILITY]] [-s|--script SCRIPT] [-- SCRIPT_OPTIONS]" >&2 exit 1 } @@ -88,13 +103,15 @@ then exit 1 fi -SCRIPT="${SCRIPT:-debootstrap}" +SCRIPT="${SCRIPT:-debian}" if [ ! -e "/usr/share/container-tools/scripts/${SCRIPT}" ] then echo "'${SCRIPT}': no such script" >&2 fi +CNT_AUTOSTART="${CNT_AUTOSTART:-$(hostname -f)}" + BINDS="$(echo ${BIND} | sed -e 's|;| |g')" for ENTRY in ${BINDS} @@ -110,10 +127,13 @@ done # config mkdir -p "${CONFIG}" -sed -e "s|@NAME@|${NAME}|g" \ +sed -e "s|@CNT_AUTOSTART@|${CNT_AUTOSTART}|g" \ + -e "s|@NAME@|${NAME}|g" \ -e "s|@BIND@|${BIND}|g" \ -e "s|@BOOT@|yes|g" \ + -e "s|@CAPABILITY@|${CAPABILITY}|g" \ -e "s|@DIRECTORY@|${MACHINES}/${NAME}|g" \ + -e "s|@DROP_CAPABILITY@|${DROP_CAPABILITY}|g" \ -e "s|@MACHINE@|${NAME}|g" \ -e "s|@NETWORK_VETH@|yes|g" \ -e "s|@NETWORK_BRIDGE@|br0|g" \ diff --git a/lib/container/limit b/lib/container/limit new file mode 100755 index 0000000..c3b0ba8 --- /dev/null +++ b/lib/container/limit @@ -0,0 +1,187 @@ +#!/bin/sh + +# container-tools - Manage systemd-nspawn containers +# Copyright (C) 2014-2016 Daniel Baumann +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +set -e + +COMMAND="$(basename ${0})" + +MACHINES="/var/lib/machines" + +Parameters () +{ + LONG_OPTIONS="name:,blockio-device-weight:,blockio-read-bandwith:,blockio-weight:,blockio-write-bandwith:,cpu-quota:,cpu-shares:,memory-limit:,tasks-max:," + + OPTIONS="n:b:c:m:t:" + + PARAMETERS="$(getopt --longoptions ${LONG_OPTIONS} --name=${COMMAND} --options ${OPTIONS} --shell sh -- ${@})" + + if [ "${?}" != "0" ] + then + echo "'${COMMAND}': getopt exit" >&2 + exit 1 + fi + + eval set -- "${PARAMETERS}" + + while true + do + case "${1}" in + -n|--name) + NAME="${2}" + shift 2 + ;; + + -c|--cpu-quota) + CPU_QUOTA="${2}" + shift 2 + ;; + + --cpu-shares) + CPU_SHARES="${2}" + shift 2 + ;; + + -m|--memory-limit) + MEMORY_LIMIT="${2}" + shift 2 + ;; + + -t|--tasks-max) + TASKS_MAX="${2}" + shift 2 + ;; + + --blockio-device-weight) + BLOCK_IO_DEVICE_WEIGHT="${2}" + shift 2 + ;; + + --blockio-read-bandwith) + BLOCK_IO_READ_BANDWITH="${2}" + shift 2 + ;; + + -b|--blockio-weight) + BLOCK_IO_WEIGHT="${2}" + shift 2 + ;; + + --blockio-write-bandwith) + BLOCK_IO_WRITE_BANDWITH="${2}" + shift 2 + ;; + + --) + shift 1 + break + ;; + + *) + echo "'${COMMAND}': getopt error" >&2 + exit 1 + ;; + esac + done +} + +Usage () +{ + echo "Usage: container ${COMMAND} -n|--name NAME [--blockio-device-weight \"DEVICE WEIGHT\"] [--blockio-read-bandwith \"DEVICE BYTES\"] [-b|--blockio-weight WEIGHT] [--blockio-write-bandwith \"DEVICE BYTES\"] [-c|--cpu-quota QUOTA] [--cpu-shares SHARES] [-m|--memory-limit BYTES] [-t|--tasks-max NUMBER]" >&2 + exit 1 +} + +Parameters "${@}" + +if [ -z "${NAME}" ] +then + Usage +fi + +if [ ! -e "${MACHINES}/${NAME}" ] +then + echo "'${NAME}': no such container" >&2 + exit 1 +fi + +STATE="$(machinectl show ${NAME} 2>&1 | awk -F= '/^State=/ { print $2 }')" + +case "${STATE}" in + running) + ;; + + *) + echo "'${NAME}': container is not running" >&2 + exit 1 + ;; +esac + +if [ -n "${BLOCK_IO_DEVICE_WEIGHT}" ] +then + BLOCK_IO_DEVICE_WEIGHT="BlockIODeviceWeight=${BLOCK_IO_DEVICE_WEIGHT}" + SET_PROPERTY="true" +fi + +if [ -n "${BLOCK_IO_READ_BANDWITH}" ] +then + BLOCK_IO_READ_BANDWITH="BlockIOReadBandwidth=${BLOCK_IO_READ_BANDWITH}" + SET_PROPERTY="true" +fi + +if [ -n "${BLOCK_IO_WEIGHT}" ] +then + BLOCK_IO_WEIGHT="BlockIOWeight=${BLOCK_IO_WEIGHT}" + SET_PROPERTY="true" +fi + +if [ -n "${BLOCK_IO_WRITE_BANDWITH}" ] +then + BLOCK_IO_WRITE_BANDWITH="BlockIOReadBandwidth=${BLOCK_IO_WRITE_BANDWITH}" + SET_PROPERTY="true" +fi + +if [ -n "${CPU_QUOTA}" ] +then + CPU_QUOTA="CPUQuota=${CPU_QUOTA}" + SET_PROPERTY="true" +fi + +if [ -n "${CPU_SHARES}" ] +then + CPU_SHARES="CPUShares=${CPU_SHARES}" + SET_PROPERTY="true" +fi + +if [ -n "${MEMORY_LIMIT}" ] +then + MEMORY_LIMIT="MemoryLimit=${MEMORY_LIMIT}" + SET_PROPERTY="true" +fi + +if [ -n "${TASKS_MAX}" ] +then + TASKS_MAX="TasksMax=${TASKS_MAX}" + SET_PROPERTY="true" +fi + +if [ "${SET_PROPERTY}" != "true" ] +then + Usage +fi + +# Run +systemctl --runtime set-property ${NAME} ${BLOCK_IO_DEVICE_WEIGHT} ${BLOCK_IO_READ_BANDWITH} ${BLOCK_IO_WEIGHT} ${BLOCK_IO_WRITE_BANDWITH} ${CPU_QUOTA} ${CPU_SHARES} ${MEMORY_LIMIT} ${TASKS_MAX} diff --git a/lib/container/list b/lib/container/list index 08259b9..374942c 100755 --- a/lib/container/list +++ b/lib/container/list @@ -1,7 +1,7 @@ #!/bin/sh -# Open Infrastructure: container-tools -# Copyright (C) 2014-2015 Daniel Baumann +# container-tools - Manage systemd-nspawn containers +# Copyright (C) 2014-2016 Daniel Baumann # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/container/remove b/lib/container/remove index e2e3d87..d171d87 100755 --- a/lib/container/remove +++ b/lib/container/remove @@ -1,7 +1,7 @@ #!/bin/sh -# Open Infrastructure: container-tools -# Copyright (C) 2014-2015 Daniel Baumann +# container-tools - Manage systemd-nspawn containers +# Copyright (C) 2014-2016 Daniel Baumann # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -97,11 +97,13 @@ case "${FORCE}" in ;; *) - echo -n "'${NAME}': remove container '${NAME}'? " + echo -n "'${NAME}': remove container '${NAME}' [y|N]? " read FORCE + FORCE="$(echo ${FORCE} | tr [A-Z] [a-z])" + case "${FORCE}" in - y|Y) + y|yes) ;; *) diff --git a/lib/container/restart b/lib/container/restart index 46843d3..9b6f18d 100755 --- a/lib/container/restart +++ b/lib/container/restart @@ -1,7 +1,7 @@ #!/bin/sh -# Open Infrastructure: container-tools -# Copyright (C) 2014-2015 Daniel Baumann +# container-tools - Manage systemd-nspawn containers +# Copyright (C) 2014-2016 Daniel Baumann # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/container/start b/lib/container/start index d47ed6b..8d5429b 100755 --- a/lib/container/start +++ b/lib/container/start @@ -1,7 +1,7 @@ #!/bin/sh -# Open Infrastructure: container-tools -# Copyright (C) 2014-2015 Daniel Baumann +# container-tools - Manage systemd-nspawn containers +# Copyright (C) 2014-2016 Daniel Baumann # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -90,12 +90,31 @@ esac HOST_ARCHITECTURE="$(dpkg --print-architecture)" MACHINE_ARCHITECTURE="$(chroot ${MACHINES}/${NAME} dpkg --print-architecture)" -if [ "${HOST_ARCHITECTURE}" = "amd64" ] && [ "${MACHINE_ARCHITECTURE}" = "i386" ] -then - SETARCH="setarch i686" -else - SETARCH="" -fi +case "${HOST_ARCHITECTURE}" in + amd64) + case "${MACHINE_ARCHITECTURE}" in + i386) + SETARCH="setarch i686" + ;; + + *) + SETARCH="" + ;; + esac + ;; + + arm64) + case "${MACHINE_ARCHITECTURE}" in + armel|armhf) + SETARCH="setarch armv7l" + ;; + + *) + SETARCH="" + ;; + esac + ;; +esac # config if [ -e "${CONFIG}/${NAME}.conf" ] @@ -137,9 +156,33 @@ then ;; esac + CAPABILITY="$(awk -F= '/^capability=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + + case "${CAPABILITY}" in + "") + CAPABILITY="" + ;; + + *) + CAPABILITY="--capability=${CAPABILITY}" + ;; + esac + DIRECTORY="$(awk -F= '/^directory=/ { print $2 }' ${CONFIG}/${NAME}.conf || echo ${MACHINES}/${NAMES})" DIRECTORY="--directory ${DIRECTORY}" + DROP_CAPABILITY="$(awk -F= '/^drop-capability=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + + case "${DROP_CAPABILITY}" in + "") + DROP_CAPABILITY="" + ;; + + *) + DROP_CAPABILITY="--drop-capability=${DROP_CAPABILITY}" + ;; + esac + MACHINE="--machine=${NAME}" NETWORK_BRIDGE="$(awk -F= '/^network-bridge=/ { print $2 }' ${CONFIG}/${NAME}.conf)" @@ -189,7 +232,80 @@ then REGISTER="--register=no" ;; esac + + BLOCK_IO_DEVICE_WEIGHT="$(awk -F= '/^BlockIODeviceWeight=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + + if [ -n "${BLOCK_IO_DEVICE_WEIGHT}" ] + then + BLOCK_IO_DEVICE_WEIGHT="BlockIODeviceWeight=${BLOCK_IO_DEVICE_WEIGHT}" + SET_PROPERTY="true" + fi + + BLOCK_IO_READ_BANDWITH="$(awk -F= '/^BlockIOReadBandwith=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + + if [ -n "${BLOCK_IO_READ_BANDWITH}" ] + then + BLOCK_IO_READ_BANDWITH="BlockIOReadBandwith=${BLOCK_IO_READ_BANDWITH}" + SET_PROPERTY="true" + fi + + BLOCK_IO_WEIGHT="$(awk -F= '/^BlockIOWeight=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + + if [ -n "${BLOCK_IO_WEIGHT}" ] + then + BLOCK_IO_WEIGHT="BlockIOWeight=${BLOCK_IO_WEIGHT}" + SET_PROPERTY="true" + fi + + BLOCK_IO_WRITE_BANDWITH="$(awk -F= '/^BlockIOWriteBandwith=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + + if [ -n "${BLOCK_IO_WRITE_BANDWITH}" ] + then + BLOCK_IO_WRITE_BANDWITH="BlockIOWriteBandwith=${BLOCK_IO_WRITE_BANDWITH}" + SET_PROPERTY="true" + fi + + CPU_QUOTA="$(awk -F= '/^CPUQuota=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + + if [ -n "${CPU_QUOTA}" ] + then + CPU_QUOTA="CPUQuota=${CPU_QUOTA}" + SET_PROPERTY="true" + fi + + CPU_SHARES="$(awk -F= '/^CPUShares=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + + if [ -n "${CPU_SHARES}" ] + then + CPU_SHARES="CPUShares=${CPU_SHARES}" + SET_PROPERTY="true" + fi + + MEMORY_LIMIT="$(awk -F= '/^MemoryLimit=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + + if [ -n "${MEMORY_LIMIT}" ] + then + MEMORY_LIMIT="MemoryLimit=${MEMORY_LIMIT}" + SET_PROPERTY="true" + fi + + TASKS_MAX="$(awk -F= '/^TasksMax=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + + if [ -n "${TASKS_MAX}" ] + then + TASKS_MAX="TasksMax=${TASKS_MAX}" + SET_PROPERTY="true" + fi fi # Run -${SETARCH} systemd-nspawn ${BIND} ${BOOT} ${DIRECTORY} ${MACHINE} ${NETWORK_BRIDGE} ${NETWORK_VETH} ${LINK_JOURNAL} ${REGISTER} +case "${SET_PROPERTY}" in + true) + ${SETARCH} systemd-nspawn ${BIND} ${BOOT} ${CAPABILITY} ${DIRECTORY} ${DROP_CAPABILITY} ${MACHINE} ${NETWORK_BRIDGE} ${NETWORK_VETH} ${LINK_JOURNAL} ${REGISTER} & \ + systemctl --runtime set-property ${NAME} ${BLOCK_IO_DEVICE_WEIGHT} ${BLOCK_IO_READ_BANDWITH} ${BLOCK_IO_WEIGHT} ${BLOCK_IO_WRITE_BANDWITH} ${CPU_QUOTA} ${CPU_SHARES} ${MEMORY_LIMIT} ${TASKS_MAX} + ;; + + *) + ${SETARCH} systemd-nspawn ${BIND} ${BOOT} ${CAPABILITY} ${DIRECTORY} ${DROP_CAPABILITY} ${MACHINE} ${NETWORK_BRIDGE} ${NETWORK_VETH} ${LINK_JOURNAL} ${REGISTER} + ;; +esac diff --git a/lib/container/stop b/lib/container/stop index 36eb429..a11c155 100755 --- a/lib/container/stop +++ b/lib/container/stop @@ -1,7 +1,7 @@ #!/bin/sh -# Open Infrastructure: container-tools -# Copyright (C) 2014-2015 Daniel Baumann +# container-tools - Manage systemd-nspawn containers +# Copyright (C) 2014-2016 Daniel Baumann # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/lib/container/version b/lib/container/version index fc5b482..b7e259d 100755 --- a/lib/container/version +++ b/lib/container/version @@ -1,7 +1,7 @@ #!/bin/sh -# Open Infrastructure: container-tools -# Copyright (C) 2014-2015 Daniel Baumann +# container-tools - Manage systemd-nspawn containers +# Copyright (C) 2014-2016 Daniel Baumann # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by -- cgit v1.2.3