Class: OsCtld::Container
- Inherits:
-
Object
- Object
- OsCtld::Container
- Includes:
- OsCtl::Lib::Utils::Log, OsCtl::Lib::Utils::System, Assets::Definition, Lockable, Manipulable, Utils::SwitchUser
- Defined in:
- lib/osctld/container.rb
Defined Under Namespace
Modules: Adaptor, Hooks Classes: Builder, DatasetBuilder, Hints, Importer, LxcConfig, Lxcfs, RawConfigs, Recovery, RunConfiguration, StartMenu
Constant Summary collapse
- DEFAULT_START_TIMEOUT =
120
- DEFAULT_STOP_TIMEOUT =
300
Instance Attribute Summary collapse
-
#apparmor ⇒ Object
Returns the value of attribute apparmor.
-
#arch ⇒ Object
Returns the value of attribute arch.
-
#attrs ⇒ Object
Returns the value of attribute attrs.
-
#autostart ⇒ Object
Returns the value of attribute autostart.
-
#cgparams ⇒ Object
Returns the value of attribute cgparams.
-
#cpu_package ⇒ Object
Returns the value of attribute cpu_package.
-
#dataset ⇒ Object
Returns the value of attribute dataset.
-
#devices ⇒ Object
Returns the value of attribute devices.
-
#distribution ⇒ Object
Returns the value of attribute distribution.
-
#dns_resolvers ⇒ Object
Returns the value of attribute dns_resolvers.
-
#ephemeral ⇒ Object
(also: #ephemeral?)
Returns the value of attribute ephemeral.
-
#group ⇒ Object
Returns the value of attribute group.
-
#hints ⇒ Object
readonly
Returns the value of attribute hints.
-
#hostname ⇒ Object
Returns the value of attribute hostname.
-
#id ⇒ Object
Returns the value of attribute id.
-
#init_cmd ⇒ Object
Returns the value of attribute init_cmd.
-
#lxc_config ⇒ Object
Returns the value of attribute lxc_config.
-
#lxcfs ⇒ Object
readonly
Returns the value of attribute lxcfs.
-
#mounted ⇒ Object
protected
Returns the value of attribute mounted.
-
#mounts ⇒ Object
Returns the value of attribute mounts.
-
#nesting ⇒ Object
Returns the value of attribute nesting.
-
#netifs ⇒ Object
Returns the value of attribute netifs.
-
#pool ⇒ Object
Returns the value of attribute pool.
-
#prlimits ⇒ Object
Returns the value of attribute prlimits.
-
#raw_configs ⇒ Object
readonly
Returns the value of attribute raw_configs.
-
#run_conf ⇒ Object
readonly
Returns the value of attribute run_conf.
-
#seccomp_profile ⇒ Object
Returns the value of attribute seccomp_profile.
-
#send_log ⇒ Object
Returns the value of attribute send_log.
-
#start_menu ⇒ Object
Returns the value of attribute start_menu.
-
#state ⇒ Object
Returns the value of attribute state.
-
#user ⇒ Object
Returns the value of attribute user.
-
#version ⇒ Object
Returns the value of attribute version.
Class Method Summary collapse
Instance Method Summary collapse
- #abs_apply_cgroup_path(subsystem) ⇒ Object
- #abs_cgroup_path(subsystem) ⇒ Object
- #assets ⇒ Object
- #base_cgroup_path ⇒ Object
- #can_dist_configure_network? ⇒ Boolean
- #can_start? ⇒ Boolean
- #cgroup_path ⇒ Object
- #chgrp(grp, missing_devices: nil) ⇒ Object
- #chown(user) ⇒ Object
- #clear_start_menu ⇒ Object
-
#clone_from(ct, id, opts = {}) ⇒ Object
protected
Change the container so that it becomes a clone of `ct` with a different id.
- #close_send_log(save: true) ⇒ Object
- #config_path ⇒ Object
- #configure(distribution, version, arch) ⇒ Object
- #configure_bashrc ⇒ Object
-
#current_state ⇒ Symbol
Fetch current container state by forking into it.
-
#datasets ⇒ Array<OsCtl::Lib::Zfs::Dataset>
Return a list of all container datasets.
- #default_init_cmd ⇒ Object protected
- #default_seccomp_profile ⇒ Object protected
- #dir ⇒ Object
-
#dump_config ⇒ Object
Dump to config.
-
#dup(id, opts = {}) ⇒ Object
Duplicate the container with a different ID.
-
#each_dataset {|ds| ... } ⇒ Object
Iterate over all container datasets.
-
#ensure_run_conf ⇒ Container::RunConfiguration
Call #init_run_conf unless #run_conf is already set.
- #entry_cgroup_path ⇒ Object
-
#export ⇒ Object
Export to clients.
-
#find_cpu_limit(parents: true) ⇒ Integer?
CPU limit in percent (100 % for one CPU).
-
#find_memory_limit(parents: true) ⇒ Integer?
Memory limit in bytes.
-
#find_swap_limit(parents: true) ⇒ Integer?
Swap limit in bytes.
- #forget_past_run_conf ⇒ Object
- #format_exec_init_cmd ⇒ Object
- #format_user_init_cmd ⇒ Object
-
#fresh_state ⇒ Symbol
Fetch current state if the state is not known, otherwise return the known state.
- #get_past_run_conf ⇒ Container::RunConfiguration?
- #get_run_conf ⇒ Container::RunConfiguration
- #gid_map ⇒ Object
- #ident ⇒ Object
- #init_pid ⇒ Object
-
#init_run_conf ⇒ Object
This must be called on container start.
-
#initialize(pool, id, user = nil, group = nil, dataset = nil, opts = {}) ⇒ Container
constructor
A new instance of Container.
- #load_config_file(path = nil, **opts) ⇒ Object protected
- #load_config_hash(cfg, init_devices: true, dataset_cache: nil) ⇒ Object protected
- #load_config_string(str, **opts) ⇒ Object protected
- #log_path ⇒ Object
- #log_type ⇒ Object
- #lxc_dir(user: nil, group: nil) ⇒ Object
- #lxc_home(user: nil, group: nil) ⇒ Object
- #manipulation_resource ⇒ Object
-
#mount(force: false) ⇒ Object
Mount the container's dataset.
-
#mounted?(force: false) ⇒ Boolean
Check if the container's dataset is mounted.
- #new_run_conf ⇒ Container::RunConfiguration
- #open_send_log(role, token, opts = {}) ⇒ Object
- #parse_yaml ⇒ Object protected
-
#patch_config(new_config) ⇒ Object
Update keys/values from `new_config` in the container's config.
-
#read_hostname ⇒ String?
Read hostname from a running container.
-
#reconfigure ⇒ Object
Regenerate LXC config.
- #reload_config ⇒ Object
- #replace_config(config) ⇒ Object
- #root_host_gid ⇒ Object
- #root_host_uid ⇒ Object
- #rootfs ⇒ Object
- #running? ⇒ Boolean
- #save_config ⇒ Object
- #set(opts) ⇒ Object
- #set_next_run_conf(next_run_conf) ⇒ Object
- #setup_start_menu ⇒ Object
- #starting ⇒ Object
- #stopped ⇒ Object
- #uid_map ⇒ Object
-
#unregister ⇒ Object
Unregister the container from internal uses in osctld, e.g.
- #unset(opts) ⇒ Object
- #update_hints ⇒ Object
- #user_hook_script_dir ⇒ Object
- #wrapper_cgroup_path ⇒ Object
Methods included from Utils::SwitchUser
Methods included from Assets::Definition
Methods included from Manipulable
#acquire_manipulation_lock, #init_manipulable, #is_being_manipulated?, #manipulate, #manipulated_by, #release_manipulation_lock
Methods included from Lockable
#exclusively, included, #inclusively, #init_lock, #lock, #unlock
Constructor Details
#initialize(pool, id, user = nil, group = nil, dataset = nil, opts = {}) ⇒ Container
Returns a new instance of Container.
42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 |
# File 'lib/osctld/container.rb', line 42 def initialize(pool, id, user = nil, group = nil, dataset = nil, opts = {}) init_lock init_manipulable opts[:load] = true unless opts.has_key?(:load) if (user.nil? || group.nil?) && !opts[:load] raise ArgumentError, 'either set load: true or provide user and group' end @pool = pool @id = id @user = user @group = group @dataset = dataset @state = opts[:staged] ? :staged : :unknown @ephemeral = false @netifs = NetInterface::Manager.new(self) @cgparams = nil @devices = nil @prlimits = nil @mounts = nil @hostname = nil @dns_resolvers = nil @nesting = false @cpu_package = 'auto' @seccomp_profile = nil @apparmor = AppArmor.new(self) @lxcfs = user && group ? Container::Lxcfs.new : nil @lxc_config = Container::LxcConfig.new(self) @init_cmd = nil @raw_configs = Container::RawConfigs.new @attrs = Attributes.new @run_conf = nil @hints = Container::Hints.new(self) if opts[:load] load_opts = { init_devices: !opts.has_key?(:devices) || opts[:devices], dataset_cache: opts[:dataset_cache], } if opts[:load_from] load_config_string(opts[:load_from], **load_opts) else load_config_file(config_path, **load_opts) end end end |
Instance Attribute Details
#apparmor ⇒ Object
Returns the value of attribute apparmor
23 24 25 |
# File 'lib/osctld/container.rb', line 23 def apparmor @apparmor end |
#arch ⇒ Object
Returns the value of attribute arch
23 24 25 |
# File 'lib/osctld/container.rb', line 23 def arch @arch end |
#attrs ⇒ Object
Returns the value of attribute attrs
23 24 25 |
# File 'lib/osctld/container.rb', line 23 def attrs @attrs end |
#autostart ⇒ Object
Returns the value of attribute autostart
23 24 25 |
# File 'lib/osctld/container.rb', line 23 def autostart @autostart end |
#cgparams ⇒ Object
Returns the value of attribute cgparams
23 24 25 |
# File 'lib/osctld/container.rb', line 23 def cgparams @cgparams end |
#cpu_package ⇒ Object
Returns the value of attribute cpu_package
23 24 25 |
# File 'lib/osctld/container.rb', line 23 def cpu_package @cpu_package end |
#dataset ⇒ Object
Returns the value of attribute dataset
23 24 25 |
# File 'lib/osctld/container.rb', line 23 def dataset @dataset end |
#devices ⇒ Object
Returns the value of attribute devices
23 24 25 |
# File 'lib/osctld/container.rb', line 23 def devices @devices end |
#distribution ⇒ Object
Returns the value of attribute distribution
23 24 25 |
# File 'lib/osctld/container.rb', line 23 def distribution @distribution end |
#dns_resolvers ⇒ Object
Returns the value of attribute dns_resolvers
23 24 25 |
# File 'lib/osctld/container.rb', line 23 def dns_resolvers @dns_resolvers end |
#ephemeral ⇒ Object Also known as: ephemeral?
Returns the value of attribute ephemeral
23 24 25 |
# File 'lib/osctld/container.rb', line 23 def ephemeral @ephemeral end |
#group ⇒ Object
Returns the value of attribute group
23 24 25 |
# File 'lib/osctld/container.rb', line 23 def group @group end |
#hints ⇒ Object (readonly)
Returns the value of attribute hints
23 24 25 |
# File 'lib/osctld/container.rb', line 23 def hints @hints end |
#hostname ⇒ Object
Returns the value of attribute hostname
23 24 25 |
# File 'lib/osctld/container.rb', line 23 def hostname @hostname end |
#id ⇒ Object
Returns the value of attribute id
23 24 25 |
# File 'lib/osctld/container.rb', line 23 def id @id end |
#init_cmd ⇒ Object
Returns the value of attribute init_cmd
23 24 25 |
# File 'lib/osctld/container.rb', line 23 def init_cmd @init_cmd end |
#lxc_config ⇒ Object
Returns the value of attribute lxc_config
23 24 25 |
# File 'lib/osctld/container.rb', line 23 def lxc_config @lxc_config end |
#lxcfs ⇒ Object (readonly)
Returns the value of attribute lxcfs
23 24 25 |
# File 'lib/osctld/container.rb', line 23 def lxcfs @lxcfs end |
#mounted ⇒ Object (protected)
Returns the value of attribute mounted
830 831 832 |
# File 'lib/osctld/container.rb', line 830 def mounted @mounted end |
#mounts ⇒ Object
Returns the value of attribute mounts
23 24 25 |
# File 'lib/osctld/container.rb', line 23 def mounts @mounts end |
#nesting ⇒ Object
Returns the value of attribute nesting
23 24 25 |
# File 'lib/osctld/container.rb', line 23 def nesting @nesting end |
#netifs ⇒ Object
Returns the value of attribute netifs
23 24 25 |
# File 'lib/osctld/container.rb', line 23 def netifs @netifs end |
#pool ⇒ Object
Returns the value of attribute pool
23 24 25 |
# File 'lib/osctld/container.rb', line 23 def pool @pool end |
#prlimits ⇒ Object
Returns the value of attribute prlimits
23 24 25 |
# File 'lib/osctld/container.rb', line 23 def prlimits @prlimits end |
#raw_configs ⇒ Object (readonly)
Returns the value of attribute raw_configs
23 24 25 |
# File 'lib/osctld/container.rb', line 23 def raw_configs @raw_configs end |
#run_conf ⇒ Object (readonly)
Returns the value of attribute run_conf
23 24 25 |
# File 'lib/osctld/container.rb', line 23 def run_conf @run_conf end |
#seccomp_profile ⇒ Object
Returns the value of attribute seccomp_profile
23 24 25 |
# File 'lib/osctld/container.rb', line 23 def seccomp_profile @seccomp_profile end |
#send_log ⇒ Object
Returns the value of attribute send_log
23 24 25 |
# File 'lib/osctld/container.rb', line 23 def send_log @send_log end |
#start_menu ⇒ Object
Returns the value of attribute start_menu
23 24 25 |
# File 'lib/osctld/container.rb', line 23 def @start_menu end |
#state ⇒ Object
Returns the value of attribute state
23 24 25 |
# File 'lib/osctld/container.rb', line 23 def state @state end |
#user ⇒ Object
Returns the value of attribute user
23 24 25 |
# File 'lib/osctld/container.rb', line 23 def user @user end |
#version ⇒ Object
Returns the value of attribute version
23 24 25 |
# File 'lib/osctld/container.rb', line 23 def version @version end |
Class Method Details
.default_dataset(pool, id, dataset_cache: nil) ⇒ Object
18 19 20 21 |
# File 'lib/osctld/container.rb', line 18 def self.default_dataset(pool, id, dataset_cache: nil) name = File.join(pool.ct_ds, id) OsCtl::Lib::Zfs::Dataset.new(name, base: name, cache: dataset_cache) end |
Instance Method Details
#abs_apply_cgroup_path(subsystem) ⇒ Object
456 457 458 |
# File 'lib/osctld/container.rb', line 456 def abs_apply_cgroup_path(subsystem) CGroup.abs_cgroup_path(subsystem, base_cgroup_path) end |
#abs_cgroup_path(subsystem) ⇒ Object
452 453 454 |
# File 'lib/osctld/container.rb', line 452 def abs_cgroup_path(subsystem) CGroup.abs_cgroup_path(subsystem, cgroup_path) end |
#assets ⇒ Object
114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 |
# File 'lib/osctld/container.rb', line 114 def assets define_assets do |add| # Datasets add.dataset( dataset.to_s, desc: "Container's rootfs dataset", uidmap: uid_map.map(&:to_a), gidmap: gid_map.map(&:to_a), user: root_host_uid, group: root_host_gid, mode: 0770, validate_if: mounted?, ) # Directories and files add.directory( rootfs, desc: "Container's rootfs", user: root_host_uid, group: root_host_gid, mode_bit_and: 0111, # has all executable bits set validate_if: mounted?, ) add.directory( user_hook_script_dir, desc: 'User supplied script hooks', user: 0, group: 0, mode: 0700 ) add.directory( lxc_dir, desc: 'LXC configuration', user: 0, group: user.ugid, mode: 0750 ) lxc_config.assets(add) add.file( File.join(lxc_dir, '.bashrc'), desc: 'Shell configuration file for osctl ct su', user: 0, group: 0, mode: 0644 ) add.file( config_path, desc: 'Container config for osctld', user: 0, group: 0, mode: 0400 ) add.file( log_path, desc: 'LXC log file', user: 0, group: user.ugid, mode: 0660 ) run_conf.assets(add) if run_conf devices.assets(add) end end |
#base_cgroup_path ⇒ Object
436 437 438 |
# File 'lib/osctld/container.rb', line 436 def base_cgroup_path inclusively { File.join(group.full_cgroup_path(user), "ct.#{id}") } end |
#can_dist_configure_network? ⇒ Boolean
371 372 373 374 375 376 |
# File 'lib/osctld/container.rb', line 371 def can_dist_configure_network? inclusively do next false if netifs.detect { |netif| !netif.can_run_distconfig? } true end end |
#can_start? ⇒ Boolean
342 343 344 |
# File 'lib/osctld/container.rb', line 342 def can_start? inclusively { state != :staged && state != :error && pool.active? } end |
#cgroup_path ⇒ Object
440 441 442 |
# File 'lib/osctld/container.rb', line 440 def cgroup_path File.join(base_cgroup_path, 'user-owned') end |
#chgrp(grp, missing_devices: nil) ⇒ Object
276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 |
# File 'lib/osctld/container.rb', line 276 def chgrp(grp, missing_devices: nil) self.group = grp case missing_devices when 'provide' devices.ensure_all devices.init when 'remove' devices.remove_missing devices.init when 'check' devices.check_all_available!(group: grp) else fail "unsupported action for missing devices: '#{missing_devices}'" end save_config lxc_config.configure configure_bashrc end |
#chown(user) ⇒ Object
269 270 271 272 273 274 |
# File 'lib/osctld/container.rb', line 269 def chown(user) self.user = user save_config lxc_config.configure configure_bashrc end |
#clear_start_menu ⇒ Object
612 613 614 615 |
# File 'lib/osctld/container.rb', line 612 def = .unlink if end |
#clone_from(ct, id, opts = {}) ⇒ Object (protected)
Change the container so that it becomes a clone of `ct` with a different id
938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 |
# File 'lib/osctld/container.rb', line 938 def clone_from(ct, id, opts = {}) init_lock init_manipulable @id = id @pool = opts[:pool] if opts[:pool] @user = opts[:user] if opts[:user] @group = opts[:group] if opts[:group] @state = :staged @send_log = nil if opts[:dataset] @dataset = OsCtl::Lib::Zfs::Dataset.new( opts[:dataset], base: opts[:dataset], ) else @dataset = Container.default_dataset(@pool, @id) end @apparmor = @apparmor.dup(self) @autostart = @autostart && @autostart.dup(self) @cgparams = cgparams.dup(self) @prlimits = prlimits.dup(self) @mounts = mounts.dup(self) @start_menu = @start_menu && @start_menu.dup(self) @lxcfs = lxcfs.dup @lxc_config = lxc_config.dup(self) @raw_configs = raw_configs.dup @attrs = attrs.dup @run_conf = nil @next_run_conf = nil @past_run_conf = nil @devices = devices.dup(self) devices.init if opts[:network_interfaces] @netifs = netifs.dup(self) netifs.each(&:setup) else @netifs = NetInterface::Manager.new(self) end @hints = hints.dup(self) end |
#close_send_log(save: true) ⇒ Object
661 662 663 664 665 666 667 |
# File 'lib/osctld/container.rb', line 661 def close_send_log(save: true) exclusively do self.send_log.close self.send_log = nil save_config if save end end |
#config_path ⇒ Object
399 400 401 |
# File 'lib/osctld/container.rb', line 399 def config_path inclusively { File.join(pool.conf_path, 'ct', "#{id}.yml") } end |
#configure(distribution, version, arch) ⇒ Object
96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 |
# File 'lib/osctld/container.rb', line 96 def configure(distribution, version, arch) exclusively do @distribution = distribution @version = version @arch = arch @netifs = NetInterface::Manager.new(self) @nesting = false @seccomp_profile = default_seccomp_profile @cgparams = CGroup::ContainerParams.new(self) @devices = Devices::Manager.new_for(self) @prlimits = PrLimits::Manager.default(self) @mounts = Mount::Manager.new(self) @run_conf ||= new_run_conf devices.init save_config end end |
#configure_bashrc ⇒ Object
640 641 642 643 644 645 646 647 648 649 650 651 652 |
# File 'lib/osctld/container.rb', line 640 def configure_bashrc ErbTemplate.render_to('ct/bashrc', { ct: self, override: %w( attach cgroup console device execute freeze info ls monitor stop top unfreeze wait ), disable: %w( autostart checkpoint clone copy create destroy snapshot start-ephemeral unshare ), }, File.join(lxc_dir, '.bashrc')) end |
#current_state ⇒ Symbol
Fetch current container state by forking into it
320 321 322 323 324 325 326 |
# File 'lib/osctld/container.rb', line 320 def current_state begin self.state = ContainerControl::Commands::State.run!(self).state rescue ContainerControl::Error self.state = :error end end |
#datasets ⇒ Array<OsCtl::Lib::Zfs::Dataset>
Return a list of all container datasets
425 426 427 428 |
# File 'lib/osctld/container.rb', line 425 def datasets ds = inclusively { dataset } [ds] + ds.descendants end |
#default_init_cmd ⇒ Object (protected)
989 990 991 |
# File 'lib/osctld/container.rb', line 989 def default_init_cmd ['/sbin/init'] end |
#default_seccomp_profile ⇒ Object (protected)
985 986 987 |
# File 'lib/osctld/container.rb', line 985 def default_seccomp_profile '/etc/lxc/config/common.seccomp' end |
#dir ⇒ Object
378 379 380 |
# File 'lib/osctld/container.rb', line 378 def dir dataset.mountpoint end |
#dump_config ⇒ Object
Dump to config
729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 |
# File 'lib/osctld/container.rb', line 729 def dump_config inclusively do data = { 'user' => user.name, 'group' => group.name, 'dataset' => dataset.name, 'distribution' => distribution, 'version' => version, 'arch' => arch, 'net_interfaces' => netifs.dump, 'cgparams' => cgparams.dump, 'devices' => devices.dump, 'prlimits' => prlimits.dump, 'mounts' => mounts.dump, 'autostart' => autostart && autostart.dump, 'ephemeral' => ephemeral, 'hostname' => hostname && hostname.to_s, 'dns_resolvers' => dns_resolvers, 'nesting' => nesting, 'seccomp_profile' => seccomp_profile == default_seccomp_profile \ ? nil : seccomp_profile, 'cpu_package' => cpu_package, 'init_cmd' => init_cmd, 'start_menu' => && .dump, 'lxcfs' => lxcfs.dump, 'raw' => raw_configs.dump, 'attrs' => attrs.dump, 'hints' => hints.dump, } data['state'] = 'staged' if state == :staged data['send_log'] = send_log.dump if send_log data end end |
#dup(id, opts = {}) ⇒ Object
Duplicate the container with a different ID
The returned container has `state` set to `:staged` and its assets will not exist, so the caller has to build the container and call `ct.state = :complete` for the container to become usable.
196 197 198 199 200 |
# File 'lib/osctld/container.rb', line 196 def dup(id, opts = {}) ct = clone ct.send(:clone_from, self, id, opts) ct end |
#each_dataset {|ds| ... } ⇒ Object
Iterate over all container datasets
432 433 434 |
# File 'lib/osctld/container.rb', line 432 def each_dataset(&block) datasets.each(&block) end |
#ensure_run_conf ⇒ Container::RunConfiguration
Call #init_run_conf unless #run_conf is already set
242 243 244 245 246 247 |
# File 'lib/osctld/container.rb', line 242 def ensure_run_conf exclusively do init_run_conf if @run_conf.nil? run_conf end end |
#entry_cgroup_path ⇒ Object
448 449 450 |
# File 'lib/osctld/container.rb', line 448 def entry_cgroup_path File.join(cgroup_path, "lxc.monitor.#{id}") end |
#export ⇒ Object
Export to clients
677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 |
# File 'lib/osctld/container.rb', line 677 def export inclusively do if run_conf && run_conf.lxcfs_worker lxcfs_worker = run_conf.lxcfs_worker end { pool: pool.name, id: id, user: user.name, group: group.name, uid_map: user.uid_map.map(&:to_h), gid_map: user.gid_map.map(&:to_h), dataset: dataset.name, rootfs: rootfs, boot_dataset: run_conf ? run_conf.dataset.name : dataset.name, boot_rootfs: run_conf ? run_conf.rootfs : rootfs, lxc_path: lxc_home, lxc_dir: lxc_dir, group_path: cgroup_path, distribution: run_conf ? run_conf.distribution : distribution, version: run_conf ? run_conf.version : version, state: state, init_pid: init_pid, autostart: autostart ? true : false, autostart_priority: autostart && autostart.priority, autostart_delay: autostart && autostart.delay, ephemeral: ephemeral, hostname: hostname, dns_resolvers: dns_resolvers, nesting: nesting, seccomp_profile: seccomp_profile, init_cmd: format_user_init_cmd, cpu_package_inuse: run_conf ? run_conf.cpu_package : nil, cpu_package_set: cpu_package, cpu_limit: find_cpu_limit(parents: false), memory_limit: find_memory_limit(parents: false), swap_limit: find_swap_limit(parents: false), start_menu: ? true : false, start_menu_timeout: && .timeout, lxcfs_enable: lxcfs.enable, lxcfs_worker: lxcfs_worker && lxcfs_worker.name, lxcfs_mountpoint: lxcfs_worker && lxcfs_worker.mountpoint, lxcfs_loadavg: lxcfs.loadavg, lxcfs_cfs: lxcfs.cfs, raw_lxc: raw_configs.lxc, log_file: log_path, }.merge!(attrs.export) end end |
#find_cpu_limit(parents: true) ⇒ Integer?
Returns CPU limit in percent (100 % for one CPU).
487 488 489 490 491 492 493 494 495 496 497 |
# File 'lib/osctld/container.rb', line 487 def find_cpu_limit(parents: true) limit = cgparams.find_cpu_limit if limit return limit elsif !parents return end group.find_cpu_limit(parents: parents) end |
#find_memory_limit(parents: true) ⇒ Integer?
Returns memory limit in bytes.
461 462 463 464 465 466 467 468 469 470 471 |
# File 'lib/osctld/container.rb', line 461 def find_memory_limit(parents: true) limit = cgparams.find_memory_limit if limit return limit elsif !parents return end group.find_memory_limit(parents: parents) end |
#find_swap_limit(parents: true) ⇒ Integer?
Returns swap limit in bytes.
474 475 476 477 478 479 480 481 482 483 484 |
# File 'lib/osctld/container.rb', line 474 def find_swap_limit(parents: true) limit = cgparams.find_swap_limit if limit return limit elsif !parents return end group.find_swap_limit(parents: parents) end |
#forget_past_run_conf ⇒ Object
217 218 219 |
# File 'lib/osctld/container.rb', line 217 def forget_past_run_conf exclusively { @past_run_conf = nil } end |
#format_exec_init_cmd ⇒ Object
801 802 803 804 805 806 807 808 809 810 |
# File 'lib/osctld/container.rb', line 801 def format_exec_init_cmd cmd = (init_cmd || default_init_cmd) = if .init_cmd(cmd) else cmd end.join(' ') end |
#format_user_init_cmd ⇒ Object
797 798 799 |
# File 'lib/osctld/container.rb', line 797 def format_user_init_cmd (init_cmd || default_init_cmd).join(' ') end |
#fresh_state ⇒ Symbol
Fetch current state if the state is not known, otherwise return the known state
330 331 332 333 334 335 336 |
# File 'lib/osctld/container.rb', line 330 def fresh_state if state == :unknown current_state else state end end |
#get_past_run_conf ⇒ Container::RunConfiguration?
213 214 215 |
# File 'lib/osctld/container.rb', line 213 def get_past_run_conf inclusively { @past_run_conf } end |
#get_run_conf ⇒ Container::RunConfiguration
208 209 210 |
# File 'lib/osctld/container.rb', line 208 def get_run_conf run_conf || new_run_conf end |
#gid_map ⇒ Object
411 412 413 |
# File 'lib/osctld/container.rb', line 411 def gid_map user.gid_map end |
#ident ⇒ Object
92 93 94 |
# File 'lib/osctld/container.rb', line 92 def ident inclusively { "#{pool.name}:#{id}" } end |
#init_pid ⇒ Object
346 347 348 349 350 |
# File 'lib/osctld/container.rb', line 346 def init_pid inclusively do @run_conf ? run_conf.init_pid : nil end end |
#init_run_conf ⇒ Object
This must be called on container start
227 228 229 230 231 232 233 234 235 236 237 238 |
# File 'lib/osctld/container.rb', line 227 def init_run_conf exclusively do if @next_run_conf @run_conf = @next_run_conf @next_run_conf = nil else @run_conf = new_run_conf end @run_conf.save end end |
#load_config_file(path = nil, **opts) ⇒ Object (protected)
832 833 834 835 836 837 838 |
# File 'lib/osctld/container.rb', line 832 def load_config_file(path = nil, **opts) cfg = parse_yaml do OsCtl::Lib::ConfigFile.load_yaml_file(path || config_path) end load_config_hash(cfg, **opts) end |
#load_config_hash(cfg, init_devices: true, dataset_cache: nil) ⇒ Object (protected)
853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 |
# File 'lib/osctld/container.rb', line 853 def load_config_hash(cfg, init_devices: true, dataset_cache: nil) cfg = Container::Adaptor.adapt(self, cfg) exclusively do @state = cfg['state'].to_sym if cfg['state'] @user ||= DB::Users.find(cfg['user'], pool) || (raise ConfigError.new( "container #{id}: user '#{cfg['user']}' not found" )) @group ||= DB::Groups.find(cfg['group'], pool) || (raise ConfigError.new( "container #{id}: group '#{cfg['group']}' not found" )) unless @dataset if cfg['dataset'] @dataset = OsCtl::Lib::Zfs::Dataset.new( cfg['dataset'], base: cfg['dataset'], cache: dataset_cache, ) else @dataset = Container.default_dataset( pool, id, dataset_cache: dataset_cache, ) end end @distribution = cfg['distribution'] @version = cfg['version'] @arch = cfg['arch'] @autostart = cfg['autostart'] && AutoStart::Config.load(self, cfg['autostart']) @ephemeral = cfg['ephemeral'] @hostname = cfg['hostname'] && OsCtl::Lib::Hostname.new(cfg['hostname']) @dns_resolvers = cfg['dns_resolvers'] @nesting = cfg['nesting'] || false @cpu_package = cfg.fetch('cpu_package', 'auto') @seccomp_profile = cfg['seccomp_profile'] || default_seccomp_profile @init_cmd = cfg['init_cmd'] @start_menu = if !cfg.has_key?('start_menu') || cfg['start_menu'] Container::StartMenu.load(self, cfg['start_menu'] || {}) else nil end @lxcfs = Container::Lxcfs.load(cfg['lxcfs'] || {}) @run_conf = Container::RunConfiguration.load(self) if cfg['send_log'] @send_log = SendReceive::Log.load(cfg['send_log']) SendReceive::Tokens.register(@send_log.token) end @cgparams = CGroup::ContainerParams.load(self, cfg['cgparams']) @prlimits = PrLimits::Manager.load(self, cfg['prlimits'] || {}) @raw_configs = Container::RawConfigs.new(cfg['raw'] || {}) @attrs = Attributes.load(cfg['attrs'] || {}) # It's necessary to load devices _before_ netifs. The device manager needs # to create cgroups first, in order for echo a > devices.deny to work. # If the container has a veth interface, the setup code switches to the # container's user, which creates cgroups in all subsystems. Devices then # can't be initialized properly. @devices = Devices::Manager.load(self, cfg['devices'] || []) @devices.init if init_devices @netifs = NetInterface::Manager.load(self, cfg['net_interfaces'] || []) @mounts = Mount::Manager.load(self, cfg['mounts'] || []) @hints = Container::Hints.load(self, cfg['hints'] || {}) end end |
#load_config_string(str, **opts) ⇒ Object (protected)
840 841 842 843 |
# File 'lib/osctld/container.rb', line 840 def load_config_string(str, **opts) cfg = parse_yaml { OsCtl::Lib::ConfigFile.load_yaml(str) } load_config_hash(cfg, **opts) end |
#log_path ⇒ Object
812 813 814 |
# File 'lib/osctld/container.rb', line 812 def log_path inclusively { File.join(pool.log_path, 'ct', "#{id}.log") } end |
#log_type ⇒ Object
816 817 818 |
# File 'lib/osctld/container.rb', line 816 def log_type inclusively { "ct=#{pool.name}:#{id}" } end |
#lxc_dir(user: nil, group: nil) ⇒ Object
386 387 388 |
# File 'lib/osctld/container.rb', line 386 def lxc_dir(user: nil, group: nil) inclusively { File.join(lxc_home(user: user, group: group), id) } end |
#lxc_home(user: nil, group: nil) ⇒ Object
382 383 384 |
# File 'lib/osctld/container.rb', line 382 def lxc_home(user: nil, group: nil) inclusively { (group || self.group).userdir(user || self.user) } end |
#manipulation_resource ⇒ Object
820 821 822 |
# File 'lib/osctld/container.rb', line 820 def manipulation_resource ['container', ident] end |
#mount(force: false) ⇒ Object
Mount the container's dataset
252 253 254 255 256 |
# File 'lib/osctld/container.rb', line 252 def mount(force: false) return if !force && mounted dataset.mount(recursive: true) self.mounted = true end |
#mounted?(force: false) ⇒ Boolean
Check if the container's dataset is mounted
261 262 263 264 265 266 267 |
# File 'lib/osctld/container.rb', line 261 def mounted?(force: false) if force || mounted.nil? self.mounted = dataset.mounted?(recursive: true) else mounted end end |
#new_run_conf ⇒ Container::RunConfiguration
203 204 205 |
# File 'lib/osctld/container.rb', line 203 def new_run_conf Container::RunConfiguration.new(self, load_conf: false) end |
#open_send_log(role, token, opts = {}) ⇒ Object
654 655 656 657 658 659 |
# File 'lib/osctld/container.rb', line 654 def open_send_log(role, token, opts = {}) exclusively do self.send_log = SendReceive::Log.new(role: role, token: token, opts: opts) save_config end end |
#parse_yaml ⇒ Object (protected)
845 846 847 848 849 850 851 |
# File 'lib/osctld/container.rb', line 845 def parse_yaml begin yield rescue Psych::Exception => e raise ConfigError.new("Unable to load config of container #{id}", e) end end |
#patch_config(new_config) ⇒ Object
Update keys/values from `new_config` in the container's config
788 789 790 791 792 793 794 795 |
# File 'lib/osctld/container.rb', line 788 def patch_config(new_config) exclusively do tmp = dump_config tmp.update(new_config) load_config_hash(tmp) save_config end end |
#read_hostname ⇒ String?
Read hostname from a running container
619 620 621 622 623 624 625 626 627 628 |
# File 'lib/osctld/container.rb', line 619 def read_hostname return nil unless running? begin return ContainerControl::Commands::GetHostname.run!(self) rescue ContainerControl::Error => e log(:warn, "Unable to read container hostname: #{e.}") return nil end end |
#reconfigure ⇒ Object
Regenerate LXC config
636 637 638 |
# File 'lib/osctld/container.rb', line 636 def reconfigure lxc_config.configure end |
#reload_config ⇒ Object
776 777 778 |
# File 'lib/osctld/container.rb', line 776 def reload_config load_config_file end |
#replace_config(config) ⇒ Object
781 782 783 784 |
# File 'lib/osctld/container.rb', line 781 def replace_config(config) load_config_string(config) save_config end |
#root_host_gid ⇒ Object
419 420 421 |
# File 'lib/osctld/container.rb', line 419 def root_host_gid user.gid_map.ns_to_host(0) end |
#root_host_uid ⇒ Object
415 416 417 |
# File 'lib/osctld/container.rb', line 415 def root_host_uid user.uid_map.ns_to_host(0) end |
#rootfs ⇒ Object
390 391 392 393 394 395 396 397 |
# File 'lib/osctld/container.rb', line 390 def rootfs File.join(dir, 'private') rescue SystemCommandFailed # Dataset for staged containers does not have to exist yet, relevant # primarily for ct show/list nil end |
#running? ⇒ Boolean
338 339 340 |
# File 'lib/osctld/container.rb', line 338 def running? state == :running end |
#save_config ⇒ Object
766 767 768 769 770 771 772 773 774 |
# File 'lib/osctld/container.rb', line 766 def save_config data = dump_config File.open(config_path, 'w', 0400) do |f| f.write(OsCtl::Lib::ConfigFile.dump_yaml(data)) end File.chown(0, 0, config_path) end |
#set(opts) ⇒ Object
499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 |
# File 'lib/osctld/container.rb', line 499 def set(opts) opts.each do |k, v| case k when :autostart self.autostart = AutoStart::Config.new(self, v[:priority], v[:delay]) when :ephemeral self.ephemeral = true when :hostname original = nil exclusively do original = @hostname @hostname = OsCtl::Lib::Hostname.new(v) end DistConfig.run(get_run_conf, :set_hostname, original: original) when :dns_resolvers self.dns_resolvers = v DistConfig.run(get_run_conf, :dns_resolvers) when :nesting self.nesting = true when :distribution exclusively do @distribution = v[:name] @version = v[:version] @arch = v[:arch] if v[:arch] end when :cpu_package self.cpu_package = v when :seccomp_profile self.seccomp_profile = v when :init_cmd self.init_cmd = v when :start_menu self. = Container::StartMenu.new(self, v[:timeout]) when :lxcfs self.lxcfs.configure(loadavg: v[:loadavg], cfs: v[:cfs]) when :raw_lxc self.raw_configs.lxc = v when :attrs attrs.update(v) end end save_config lxc_config.configure_base end |
#set_next_run_conf(next_run_conf) ⇒ Object
222 223 224 |
# File 'lib/osctld/container.rb', line 222 def set_next_run_conf(next_run_conf) exclusively { @next_run_conf = next_run_conf } end |
#setup_start_menu ⇒ Object
607 608 609 610 |
# File 'lib/osctld/container.rb', line 607 def = .deploy if end |
#starting ⇒ Object
352 353 354 355 356 357 358 359 |
# File 'lib/osctld/container.rb', line 352 def starting exclusively do # Normally {#init_run_conf} is called from {Commands::Container::Start}, # but in case the lxc-start was invoked manually outside of osctld, # initiate the run conf if needed. ensure_run_conf end end |
#stopped ⇒ Object
361 362 363 364 365 366 367 368 369 |
# File 'lib/osctld/container.rb', line 361 def stopped exclusively do if run_conf run_conf.destroy @past_run_conf = @run_conf @run_conf = nil end end end |
#uid_map ⇒ Object
407 408 409 |
# File 'lib/osctld/container.rb', line 407 def uid_map user.uid_map end |
#unregister ⇒ Object
Unregister the container from internal uses in osctld, e.g. on pool export
670 671 672 673 674 |
# File 'lib/osctld/container.rb', line 670 def unregister exclusively do SendReceive::Tokens.free(send_log.token) if send_log end end |
#unset(opts) ⇒ Object
559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 |
# File 'lib/osctld/container.rb', line 559 def unset(opts) opts.each do |k, v| case k when :autostart self.autostart = false pool.autostart_plan.stop_ct(self) when :ephemeral self.ephemeral = false when :hostname self.hostname = nil DistConfig.run(get_run_conf, :unset_etc_hosts) when :dns_resolvers self.dns_resolvers = nil when :nesting self.nesting = false when :cpu_package self.cpu_package = 'auto' when :seccomp_profile self.seccomp_profile = default_seccomp_profile when :init_cmd self.init_cmd = nil when :start_menu self. = nil when :lxcfs self.lxcfs.disable when :raw_lxc self.raw_configs.lxc = nil when :attrs v.each { |attr| attrs.unset(attr) } end end save_config lxc_config.configure_base end |
#update_hints ⇒ Object
630 631 632 633 |
# File 'lib/osctld/container.rb', line 630 def update_hints hints.account_cpu_use save_config end |
#user_hook_script_dir ⇒ Object
403 404 405 |
# File 'lib/osctld/container.rb', line 403 def user_hook_script_dir inclusively { File.join(pool.root_user_hook_script_dir, 'ct', id) } end |
#wrapper_cgroup_path ⇒ Object
444 445 446 |
# File 'lib/osctld/container.rb', line 444 def wrapper_cgroup_path File.join(base_cgroup_path, 'wrapper') end |