Class: OsCtld::Container

Inherits:
Object
  • Object
show all
Includes:
OsCtl::Lib::Utils::Log, OsCtl::Lib::Utils::System, Assets::Definition, Lockable, Manipulable, Utils::SwitchUser
Defined in:
lib/osctld/container.rb,
lib/osctld/container/hooks.rb

Defined Under Namespace

Modules: Hook, Hooks Classes: Builder, DatasetBuilder, Importer, LxcConfig, RawConfigs, Recovery, RunConfiguration

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Utils::SwitchUser

#ct_attach, #ct_syscmd

Methods included from Assets::Definition

#define_assets

Methods included from Manipulable

#acquire_manipulation_lock, #init_manipulable, #is_being_manipulated?, #manipulate, #manipulated_by, #release_manipulation_lock

Methods included from Lockable

#exclusively, included, #inclusively, #init_lock, #lock, #unlock

Constructor Details

#initialize(pool, id, user = nil, group = nil, dataset = nil, opts = {}) ⇒ Container

Returns a new instance of Container.

Parameters:

  • pool (Pool)
  • id (String)
  • user (User, nil) (defaults to: nil)
  • group (Group, nil) (defaults to: nil)
  • dataset (String, nil) (defaults to: nil)
  • opts (Hash) (defaults to: {})

    options

Options Hash (opts):

  • load (Boolean)

    load config

  • load_from (String)

    load from this string instead of config file

  • staged (Boolean)

    create a staged container

  • devices (Boolean)

    determines whether devices are initialized

  • dataset_cache (OsCtl::Lib::Zfs::DatasetCache)


40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
# File 'lib/osctld/container.rb', line 40

def initialize(pool, id, user = nil, group = nil, dataset = nil, opts = {})
  init_lock
  init_manipulable

  opts[:load] = true unless opts.has_key?(:load)

  @pool = pool
  @id = id
  @user = user
  @group = group
  @dataset = dataset
  @state = opts[:staged] ? :staged : :unknown
  @ephemeral = false
  @netifs = NetInterface::Manager.new(self)
  @cgparams = nil
  @devices = nil
  @prlimits = nil
  @mounts = nil
  @hostname = nil
  @dns_resolvers = nil
  @nesting = false
  @seccomp_profile = nil
  @apparmor = AppArmor.new(self)
  @lxc_config = Container::LxcConfig.new(self)
  @init_cmd = nil
  @raw_configs = Container::RawConfigs.new
  @attrs = Attributes.new
  @run_conf = nil

  if opts[:load]
    load_opts = {
      init_devices: !opts.has_key?(:devices) || opts[:devices],
      dataset_cache: opts[:dataset_cache],
    }

    if opts[:load_from]
      load_config_string(opts[:load_from], **load_opts)
    else
      load_config_file(config_path, **load_opts)
    end
  end
end

Instance Attribute Details

#apparmorObject

Returns the value of attribute apparmor



21
22
23
# File 'lib/osctld/container.rb', line 21

def apparmor
  @apparmor
end

#archObject

Returns the value of attribute arch



21
22
23
# File 'lib/osctld/container.rb', line 21

def arch
  @arch
end

#attrsObject

Returns the value of attribute attrs



21
22
23
# File 'lib/osctld/container.rb', line 21

def attrs
  @attrs
end

#autostartObject

Returns the value of attribute autostart



21
22
23
# File 'lib/osctld/container.rb', line 21

def autostart
  @autostart
end

#cgparamsObject

Returns the value of attribute cgparams



21
22
23
# File 'lib/osctld/container.rb', line 21

def cgparams
  @cgparams
end

#datasetObject

Returns the value of attribute dataset



21
22
23
# File 'lib/osctld/container.rb', line 21

def dataset
  @dataset
end

#devicesObject

Returns the value of attribute devices



21
22
23
# File 'lib/osctld/container.rb', line 21

def devices
  @devices
end

#distributionObject

Returns the value of attribute distribution



21
22
23
# File 'lib/osctld/container.rb', line 21

def distribution
  @distribution
end

#dns_resolversObject

Returns the value of attribute dns_resolvers



21
22
23
# File 'lib/osctld/container.rb', line 21

def dns_resolvers
  @dns_resolvers
end

#ephemeralObject Also known as: ephemeral?

Returns the value of attribute ephemeral



21
22
23
# File 'lib/osctld/container.rb', line 21

def ephemeral
  @ephemeral
end

#groupObject

Returns the value of attribute group



21
22
23
# File 'lib/osctld/container.rb', line 21

def group
  @group
end

#hostnameObject

Returns the value of attribute hostname



21
22
23
# File 'lib/osctld/container.rb', line 21

def hostname
  @hostname
end

#idObject

Returns the value of attribute id



21
22
23
# File 'lib/osctld/container.rb', line 21

def id
  @id
end

#init_cmdObject

Returns the value of attribute init_cmd



21
22
23
# File 'lib/osctld/container.rb', line 21

def init_cmd
  @init_cmd
end

#lxc_configObject

Returns the value of attribute lxc_config



21
22
23
# File 'lib/osctld/container.rb', line 21

def lxc_config
  @lxc_config
end

#mountedObject (protected)

Returns the value of attribute mounted



691
692
693
# File 'lib/osctld/container.rb', line 691

def mounted
  @mounted
end

#mountsObject

Returns the value of attribute mounts



21
22
23
# File 'lib/osctld/container.rb', line 21

def mounts
  @mounts
end

#nestingObject

Returns the value of attribute nesting



21
22
23
# File 'lib/osctld/container.rb', line 21

def nesting
  @nesting
end

#netifsObject

Returns the value of attribute netifs



21
22
23
# File 'lib/osctld/container.rb', line 21

def netifs
  @netifs
end

#poolObject

Returns the value of attribute pool



21
22
23
# File 'lib/osctld/container.rb', line 21

def pool
  @pool
end

#prlimitsObject

Returns the value of attribute prlimits



21
22
23
# File 'lib/osctld/container.rb', line 21

def prlimits
  @prlimits
end

#raw_configsObject (readonly)

Returns the value of attribute raw_configs



21
22
23
# File 'lib/osctld/container.rb', line 21

def raw_configs
  @raw_configs
end

#run_confObject (readonly)

Returns the value of attribute run_conf



21
22
23
# File 'lib/osctld/container.rb', line 21

def run_conf
  @run_conf
end

#seccomp_profileObject

Returns the value of attribute seccomp_profile



21
22
23
# File 'lib/osctld/container.rb', line 21

def seccomp_profile
  @seccomp_profile
end

#send_logObject

Returns the value of attribute send_log



21
22
23
# File 'lib/osctld/container.rb', line 21

def send_log
  @send_log
end

#stateObject

Returns the value of attribute state



21
22
23
# File 'lib/osctld/container.rb', line 21

def state
  @state
end

#userObject

Returns the value of attribute user



21
22
23
# File 'lib/osctld/container.rb', line 21

def user
  @user
end

#versionObject

Returns the value of attribute version



21
22
23
# File 'lib/osctld/container.rb', line 21

def version
  @version
end

Class Method Details

.default_dataset(pool, id, dataset_cache: nil) ⇒ Object



16
17
18
19
# File 'lib/osctld/container.rb', line 16

def self.default_dataset(pool, id, dataset_cache: nil)
  name = File.join(pool.ct_ds, id)
  OsCtl::Lib::Zfs::Dataset.new(name, base: name, cache: dataset_cache)
end

Instance Method Details

#abs_apply_cgroup_path(subsystem) ⇒ Object



425
426
427
# File 'lib/osctld/container.rb', line 425

def abs_apply_cgroup_path(subsystem)
  File.join(CGroup::FS, CGroup.real_subsystem(subsystem), base_cgroup_path)
end

#abs_cgroup_path(subsystem) ⇒ Object



421
422
423
# File 'lib/osctld/container.rb', line 421

def abs_cgroup_path(subsystem)
  File.join(CGroup::FS, CGroup.real_subsystem(subsystem), cgroup_path)
end

#assetsObject



105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
# File 'lib/osctld/container.rb', line 105

def assets
  define_assets do |add|
    # Datasets
    add.dataset(
      dataset,
      desc: "Container's rootfs dataset",
      uidmap: uid_map.map(&:to_a),
      gidmap: gid_map.map(&:to_a),
      user: root_host_uid,
      group: root_host_gid,
      mode: 0770,
      validate_if: mounted?,
    )

    # Directories and files
    add.directory(
      rootfs,
      desc: "Container's rootfs",
      user: root_host_uid,
      group: root_host_gid,
      mode: 0755,
      validate_if: mounted?,
    )

    add.directory(
      user_hook_script_dir,
      desc: 'User supplied script hooks',
      user: 0,
      group: 0,
      mode: 0700
    )
    add.directory(
      lxc_dir,
      desc: 'LXC configuration',
      user: 0,
      group: user.ugid,
      mode: 0750
    )

    lxc_config.assets(add)

    add.file(
      File.join(lxc_dir, '.bashrc'),
      desc: 'Shell configuration file for osctl ct su',
      user: 0,
      group: 0,
      mode: 0644
    )

    add.file(
      config_path,
      desc: 'Container config for osctld',
      user: 0,
      group: 0,
      mode: 0400
    )
    add.file(
      log_path,
      desc: 'LXC log file',
      user: 0,
      group: user.ugid,
      mode: 0660
    )

    run_conf.assets(add) if run_conf
  end
end

#base_cgroup_pathObject



413
414
415
# File 'lib/osctld/container.rb', line 413

def base_cgroup_path
  inclusively { File.join(group.full_cgroup_path(user), "ct.#{id}") }
end

#can_dist_configure_network?Boolean

Returns:

  • (Boolean)


348
349
350
351
352
353
# File 'lib/osctld/container.rb', line 348

def can_dist_configure_network?
  inclusively do
    next false if netifs.detect { |netif| !netif.can_run_distconfig? }
    true
  end
end

#can_start?Boolean

Returns:

  • (Boolean)


319
320
321
# File 'lib/osctld/container.rb', line 319

def can_start?
  inclusively { state != :staged && state != :error && pool.active? }
end

#cgroup_pathObject



417
418
419
# File 'lib/osctld/container.rb', line 417

def cgroup_path
  File.join(base_cgroup_path, 'user-owned')
end

#chgrp(grp, missing_devices: nil) ⇒ Object



265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
# File 'lib/osctld/container.rb', line 265

def chgrp(grp, missing_devices: nil)
  self.group = grp

  case missing_devices
  when 'provide'
    devices.ensure_all
    devices.create

  when 'remove'
    devices.remove_missing
    devices.create

  when 'check'
    devices.check_all_available!(grp)

  else
    fail "unsupported action for missing devices: '#{missing_devices}'"
  end

  save_config
  lxc_config.configure
  configure_bashrc
end

#chown(user) ⇒ Object



258
259
260
261
262
263
# File 'lib/osctld/container.rb', line 258

def chown(user)
  self.user = user
  save_config
  lxc_config.configure
  configure_bashrc
end

#clone_from(ct, id, opts = {}) ⇒ Object (protected)

Change the container so that it becomes a clone of `ct` with a different id

Parameters:

  • ct (Container)

    the source container

  • id (String)

    new container id

  • opts (Hash) (defaults to: {})

    options

Options Hash (opts):

  • :pool (Pool)

    target pool, optional

  • :user (User)

    target user, optional

  • :group (Group)

    target group, optional

  • :dataset (String)

    target dataset, optional

  • :network_interfaces (Boolean)


767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
# File 'lib/osctld/container.rb', line 767

def clone_from(ct, id, opts = {})
  init_lock
  init_manipulable

  @id = id
  @pool = opts[:pool] if opts[:pool]
  @user = opts[:user] if opts[:user]
  @group = opts[:group] if opts[:group]
  @state = :staged
  @send_log = nil

  if opts[:dataset]
    @dataset = OsCtl::Lib::Zfs::Dataset.new(
      opts[:dataset],
      base: opts[:dataset],
    )
  else
    @dataset = Container.default_dataset(@pool, @id)
  end

  @apparmor = @apparmor.dup(self)
  @autostart = @autostart && @autostart.dup(self)
  @cgparams = cgparams.dup(self)
  @prlimits = prlimits.dup(self)
  @mounts = mounts.dup(self)
  @lxc_config = lxc_config.dup(self)
  @raw_configs = raw_configs.dup
  @attrs = attrs.dup
  @run_conf = nil
  @next_run_conf = nil
  @past_run_conf = nil

  @devices = devices.dup(self)
  devices.init

  if opts[:network_interfaces]
    @netifs = netifs.dup(self)
    netifs.each(&:setup)
  else
    @netifs = NetInterface::Manager.new(self)
  end
end

#close_send_log(save: true) ⇒ Object



563
564
565
566
567
568
569
# File 'lib/osctld/container.rb', line 563

def close_send_log(save: true)
  exclusively do
    self.send_log.close
    self.send_log = nil
    save_config if save
  end
end

#config_pathObject



376
377
378
# File 'lib/osctld/container.rb', line 376

def config_path
  inclusively { File.join(pool.conf_path, 'ct', "#{id}.yml") }
end

#configure(distribution, version, arch) ⇒ Object



87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
# File 'lib/osctld/container.rb', line 87

def configure(distribution, version, arch)
  exclusively do
    @distribution = distribution
    @version = version
    @arch = arch
    @netifs = NetInterface::Manager.new(self)
    @nesting = false
    @seccomp_profile = default_seccomp_profile
    @cgparams = CGroup::ContainerParams.new(self)
    @devices = Devices::ContainerManager.new(self)
    @prlimits = PrLimits::Manager.default(self)
    @mounts = Mount::Manager.new(self)
    @run_conf ||= new_run_conf
    devices.init
    save_config
  end
end

#configure_bashrcObject



543
544
545
546
547
548
549
550
551
552
553
554
# File 'lib/osctld/container.rb', line 543

def configure_bashrc
  ErbTemplate.render_to('ct/bashrc', {
    ct: self,
    override: %w(
      attach cgroup console device execute info ls monitor stop top wait
    ),
    disable: %w(
      autostart checkpoint clone copy create destroy freeze snapshot
      start-ephemeral unfreeze unshare
    ),
  }, File.join(lxc_dir, '.bashrc'))
end

#current_stateObject



307
308
309
310
311
312
313
# File 'lib/osctld/container.rb', line 307

def current_state
  begin
    self.state = ContainerControl::Commands::State.run!(self).state
  rescue ContainerControl::Error
    self.state = :error
  end
end

#datasetsArray<OsCtl::Lib::Zfs::Dataset>

Return a list of all container datasets

Returns:

  • (Array<OsCtl::Lib::Zfs::Dataset>)


402
403
404
405
# File 'lib/osctld/container.rb', line 402

def datasets
  ds = inclusively { dataset }
  [ds] + ds.descendants
end

#default_init_cmdObject (protected)



814
815
816
# File 'lib/osctld/container.rb', line 814

def default_init_cmd
  ['/sbin/init']
end

#default_seccomp_profileObject (protected)



810
811
812
# File 'lib/osctld/container.rb', line 810

def default_seccomp_profile
  '/etc/lxc/config/common.seccomp'
end

#dirObject



355
356
357
# File 'lib/osctld/container.rb', line 355

def dir
  dataset.mountpoint
end

#dump_configObject

Dump to config



606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
# File 'lib/osctld/container.rb', line 606

def dump_config
  inclusively do
    data = {
      'user' => user.name,
      'group' => group.name,
      'dataset' => dataset.name,
      'distribution' => distribution,
      'version' => version,
      'arch' => arch,
      'net_interfaces' => netifs.dump,
      'cgparams' => cgparams.dump,
      'devices' => devices.dump,
      'prlimits' => prlimits.dump,
      'mounts' => mounts.dump,
      'autostart' => autostart && autostart.dump,
      'ephemeral' => ephemeral,
      'hostname' => hostname && hostname.to_s,
      'dns_resolvers' => dns_resolvers,
      'nesting' => nesting,
      'seccomp_profile' => seccomp_profile == default_seccomp_profile \
                           ? nil : seccomp_profile,
      'init_cmd' => init_cmd,
      'raw' => raw_configs.dump,
      'attrs' => attrs.dump,
    }

    data['state'] = 'staged' if state == :staged
    data['send_log'] = send_log.dump if send_log

    data
  end
end

#dup(id, opts = {}) ⇒ Object

Duplicate the container with a different ID

The returned container has `state` set to `:staged` and its assets will not exist, so the caller has to build the container and call `ct.state = :complete` for the container to become usable.

Parameters:

  • id (String)

    new container id

  • opts (Hash) (defaults to: {})

    options

Options Hash (opts):

  • :pool (Pool)

    target pool, optional

  • :user (User)

    target user, optional

  • :group (Group)

    target group, optional

  • :dataset (String)

    target dataset, optional



185
186
187
188
189
# File 'lib/osctld/container.rb', line 185

def dup(id, opts = {})
  ct = clone
  ct.send(:clone_from, self, id, opts)
  ct
end

#each_dataset {|ds| ... } ⇒ Object

Iterate over all container datasets

Yield Parameters:

  • ds (OsCtl::Lib::Zfs::Dataset)


409
410
411
# File 'lib/osctld/container.rb', line 409

def each_dataset(&block)
  datasets.each(&block)
end

#ensure_run_confContainer::RunConfiguration

Call #init_run_conf unless #run_conf is already set



231
232
233
234
235
236
# File 'lib/osctld/container.rb', line 231

def ensure_run_conf
  exclusively do
    init_run_conf if @run_conf.nil?
    run_conf
  end
end

#exportObject

Export to clients



572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
# File 'lib/osctld/container.rb', line 572

def export
  inclusively do
    {
      pool: pool.name,
      id: id,
      user: user.name,
      group: group.name,
      dataset: dataset.name,
      rootfs: rootfs,
      boot_dataset: run_conf ? run_conf.dataset.name : dataset.name,
      boot_rootfs: run_conf ? run_conf.rootfs : rootfs,
      lxc_path: lxc_home,
      lxc_dir: lxc_dir,
      group_path: cgroup_path,
      distribution: run_conf ? run_conf.distribution : distribution,
      version: run_conf ? run_conf.version : version,
      state: state,
      init_pid: init_pid,
      autostart: autostart ? true : false,
      autostart_priority: autostart && autostart.priority,
      autostart_delay: autostart && autostart.delay,
      ephemeral: ephemeral,
      hostname: hostname,
      dns_resolvers: dns_resolvers,
      nesting: nesting,
      seccomp_profile: seccomp_profile,
      init_cmd: format_init_cmd,
      raw_lxc: raw_configs.lxc,
      log_file: log_path,
    }.merge!(attrs.export)
  end
end

#forget_past_run_confObject



206
207
208
# File 'lib/osctld/container.rb', line 206

def forget_past_run_conf
  exclusively { @past_run_conf = nil }
end

#format_init_cmdObject



670
671
672
# File 'lib/osctld/container.rb', line 670

def format_init_cmd
  (init_cmd || default_init_cmd).join(' ')
end

#get_past_run_confContainer::RunConfiguration?

Returns:



202
203
204
# File 'lib/osctld/container.rb', line 202

def get_past_run_conf
  inclusively { @past_run_conf }
end

#get_run_confContainer::RunConfiguration



197
198
199
# File 'lib/osctld/container.rb', line 197

def get_run_conf
  run_conf || new_run_conf
end

#gid_mapObject



388
389
390
# File 'lib/osctld/container.rb', line 388

def gid_map
  user.gid_map
end

#identObject



83
84
85
# File 'lib/osctld/container.rb', line 83

def ident
  inclusively { "#{pool.name}:#{id}" }
end

#init_pidObject



323
324
325
326
327
# File 'lib/osctld/container.rb', line 323

def init_pid
  inclusively do
    @run_conf ? run_conf.init_pid : nil
  end
end

#init_run_confObject

This must be called on container start



216
217
218
219
220
221
222
223
224
225
226
227
# File 'lib/osctld/container.rb', line 216

def init_run_conf
  exclusively do
    if @next_run_conf
      @run_conf = @next_run_conf
      @next_run_conf = nil
    else
      @run_conf = new_run_conf
    end

    @run_conf.save
  end
end

#load_config_file(path = nil, **opts) ⇒ Object (protected)



693
694
695
# File 'lib/osctld/container.rb', line 693

def load_config_file(path = nil, **opts)
  load_config_hash(YAML.load_file(path || config_path), **opts)
end

#load_config_hash(cfg, init_devices: true, dataset_cache: nil) ⇒ Object (protected)



701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
# File 'lib/osctld/container.rb', line 701

def load_config_hash(cfg, init_devices: true, dataset_cache: nil)
  exclusively do
    @state = cfg['state'].to_sym if cfg['state']
    @user ||= DB::Users.find(cfg['user'], pool) || (raise "user not found")
    @group ||= DB::Groups.find(cfg['group'], pool) || (raise "group not found")

    unless @dataset
      if cfg['dataset']
        @dataset = OsCtl::Lib::Zfs::Dataset.new(
          cfg['dataset'],
          base: cfg['dataset'],
          cache: dataset_cache,
        )
      else
        @dataset = Container.default_dataset(
          pool,
          id,
          dataset_cache: dataset_cache,
        )
      end
    end

    @distribution = cfg['distribution']
    @version = cfg['version']
    @arch = cfg['arch']
    @autostart = cfg['autostart'] && AutoStart::Config.load(self, cfg['autostart'])
    @ephemeral = cfg['ephemeral']
    @hostname = cfg['hostname'] && OsCtl::Lib::Hostname.new(cfg['hostname'])
    @dns_resolvers = cfg['dns_resolvers']
    @nesting = cfg['nesting'] || false
    @seccomp_profile = cfg['seccomp_profile'] || default_seccomp_profile
    @init_cmd = cfg['init_cmd']
    @run_conf = Container::RunConfiguration.load(self)

    if cfg['send_log']
      @send_log = SendReceive::Log.load(cfg['send_log'])
      SendReceive::Tokens.register(@send_log.token)
    end

    @cgparams = CGroup::ContainerParams.load(self, cfg['cgparams'])
    @prlimits = PrLimits::Manager.load(self, cfg['prlimits'] || {})
    @raw_configs = Container::RawConfigs.new(cfg['raw'] || {})
    @attrs = Attributes.load(cfg['attrs'] || {})

    # It's necessary to load devices _before_ netifs. The device manager needs
    # to create cgroups first, in order for echo a > devices.deny to work.
    # If the container has a veth interface, the setup code switches to the
    # container's user, which creates cgroups in all subsystems. Devices then
    # can't be initialized properly.
    @devices = Devices::ContainerManager.load(self, cfg['devices'] || [])
    @devices.init if init_devices

    @netifs = NetInterface::Manager.load(self, cfg['net_interfaces'] || [])
    @mounts = Mount::Manager.load(self, cfg['mounts'] || [])
  end
end

#load_config_string(str, **opts) ⇒ Object (protected)



697
698
699
# File 'lib/osctld/container.rb', line 697

def load_config_string(str, **opts)
  load_config_hash(YAML.load(str), **opts)
end

#log_pathObject



674
675
676
# File 'lib/osctld/container.rb', line 674

def log_path
  inclusively { File.join(pool.log_path, 'ct', "#{id}.log") }
end

#log_typeObject



678
679
680
# File 'lib/osctld/container.rb', line 678

def log_type
  inclusively { "ct=#{pool.name}:#{id}" }
end

#lxc_dir(user: nil, group: nil) ⇒ Object



363
364
365
# File 'lib/osctld/container.rb', line 363

def lxc_dir(user: nil, group: nil)
  inclusively { File.join(lxc_home(user: user, group: group), id) }
end

#lxc_home(user: nil, group: nil) ⇒ Object



359
360
361
# File 'lib/osctld/container.rb', line 359

def lxc_home(user: nil, group: nil)
  inclusively { (group || self.group).userdir(user || self.user) }
end

#manipulation_resourceObject



682
683
684
# File 'lib/osctld/container.rb', line 682

def manipulation_resource
  ['container', ident]
end

#mount(force: false) ⇒ Object

Mount the container's dataset

Parameters:

  • force (Boolean) (defaults to: false)

    ensure the datasets are mounted even if osctld already mounted them



241
242
243
244
245
# File 'lib/osctld/container.rb', line 241

def mount(force: false)
  return if !force && mounted
  dataset.mount(recursive: true)
  self.mounted = true
end

#mounted?(force: false) ⇒ Boolean

Check if the container's dataset is mounted

Parameters:

  • force (Boolean) (defaults to: false)

    check if the dataset is mounted even if osctld already mounted it

Returns:

  • (Boolean)


250
251
252
253
254
255
256
# File 'lib/osctld/container.rb', line 250

def mounted?(force: false)
  if force || mounted.nil?
    self.mounted = dataset.mounted?(recursive: true)
  else
    mounted
  end
end

#new_run_confContainer::RunConfiguration



192
193
194
# File 'lib/osctld/container.rb', line 192

def new_run_conf
  Container::RunConfiguration.new(self, load_conf: false)
end

#open_send_log(role, token, opts = {}) ⇒ Object



556
557
558
559
560
561
# File 'lib/osctld/container.rb', line 556

def open_send_log(role, token, opts = {})
  exclusively do
    self.send_log = SendReceive::Log.new(role: role, token: token, opts: opts)
    save_config
  end
end

#patch_config(new_config) ⇒ Object

Update keys/values from `new_config` in the container's config

Parameters:

  • config (Hash)


661
662
663
664
665
666
667
668
# File 'lib/osctld/container.rb', line 661

def patch_config(new_config)
  exclusively do
    tmp = dump_config
    tmp.update(new_config)
    load_config_hash(tmp)
    save_config
  end
end

#prlimit_set(name, soft, hard) ⇒ Object



516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
# File 'lib/osctld/container.rb', line 516

def prlimit_set(name, soft, hard)
  exclusively do
    limit = @prlimits.detect { |v| v.name == name }

    if limit
      limit.set(soft, hard)

    else
      @prlimits << PrLimit.new(name, soft, hard)
    end
  end

  save_config
  lxc_config.configure
end

#prlimit_unset(name) ⇒ Object



532
533
534
535
536
537
538
539
540
541
# File 'lib/osctld/container.rb', line 532

def prlimit_unset(name)
  exclusively do
    limit = @prlimits.detect { |v| v.name == name }
    next unless limit
    @prlimits.delete(limit)
  end

  save_config
  lxc_config.configure_prlimits
end

#reload_configObject



649
650
651
# File 'lib/osctld/container.rb', line 649

def reload_config
  load_config_file
end

#replace_config(config) ⇒ Object

Parameters:

  • config (String)


654
655
656
657
# File 'lib/osctld/container.rb', line 654

def replace_config(config)
  load_config_string(config)
  save_config
end

#root_host_gidObject



396
397
398
# File 'lib/osctld/container.rb', line 396

def root_host_gid
  user.gid_map.ns_to_host(0)
end

#root_host_uidObject



392
393
394
# File 'lib/osctld/container.rb', line 392

def root_host_uid
  user.uid_map.ns_to_host(0)
end

#rootfsObject



367
368
369
370
371
372
373
374
# File 'lib/osctld/container.rb', line 367

def rootfs
  File.join(dir, 'private')

rescue SystemCommandFailed
  # Dataset for staged containers does not have to exist yet, relevant
  # primarily for ct show/list
  nil
end

#running?Boolean

Returns:

  • (Boolean)


315
316
317
# File 'lib/osctld/container.rb', line 315

def running?
  state == :running
end

#save_configObject



639
640
641
642
643
644
645
646
647
# File 'lib/osctld/container.rb', line 639

def save_config
  data = dump_config

  File.open(config_path, 'w', 0400) do |f|
    f.write(YAML.dump(data))
  end

  File.chown(0, 0, config_path)
end

#set(opts) ⇒ Object



429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
# File 'lib/osctld/container.rb', line 429

def set(opts)
  opts.each do |k, v|
    case k
    when :autostart
      self.autostart = AutoStart::Config.new(self, v[:priority], v[:delay])

    when :ephemeral
      self.ephemeral = true

    when :hostname
      original = nil

      exclusively do
        original = @hostname
        @hostname = OsCtl::Lib::Hostname.new(v)
      end

      DistConfig.run(get_run_conf, :set_hostname, original: original)

    when :dns_resolvers
      self.dns_resolvers = v
      DistConfig.run(get_run_conf, :dns_resolvers)

    when :nesting
      self.nesting = true

    when :distribution
      exclusively do
        @distribution = v[:name]
        @version = v[:version]
        @arch = v[:arch] if v[:arch]
      end

    when :seccomp_profile
      self.seccomp_profile = v

    when :init_cmd
      self.init_cmd = v

    when :raw_lxc
      self.raw_configs.lxc = v

    when :attrs
      attrs.update(v)
    end
  end

  save_config
  lxc_config.configure_base
end

#set_next_run_conf(next_run_conf) ⇒ Object

Parameters:



211
212
213
# File 'lib/osctld/container.rb', line 211

def set_next_run_conf(next_run_conf)
  exclusively { @next_run_conf = next_run_conf }
end

#startingObject



329
330
331
332
333
334
335
336
# File 'lib/osctld/container.rb', line 329

def starting
  exclusively do
    # Normally {#init_run_conf} is called from {Commands::Container::Start},
    # but in case the lxc-start was invoked manually outside of osctld,
    # initiate the run conf if needed.
    ensure_run_conf
  end
end

#stoppedObject



338
339
340
341
342
343
344
345
346
# File 'lib/osctld/container.rb', line 338

def stopped
  exclusively do
    if run_conf
      run_conf.destroy
      @past_run_conf = @run_conf
      @run_conf = nil
    end
  end
end

#uid_mapObject



384
385
386
# File 'lib/osctld/container.rb', line 384

def uid_map
  user.uid_map
end

#unset(opts) ⇒ Object



480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
# File 'lib/osctld/container.rb', line 480

def unset(opts)
  opts.each do |k, v|
    case k
    when :autostart
      self.autostart = false

    when :ephemeral
      self.ephemeral = false

    when :hostname
      self.hostname = nil

    when :dns_resolvers
      self.dns_resolvers = nil

    when :nesting
      self.nesting = false

    when :seccomp_profile
      self.seccomp_profile = default_seccomp_profile

    when :init_cmd
      self.init_cmd = nil

    when :raw_lxc
      self.raw_configs.lxc = nil

    when :attrs
      v.each { |attr| attrs.unset(attr) }
    end
  end

  save_config
  lxc_config.configure_base
end

#user_hook_script_dirObject



380
381
382
# File 'lib/osctld/container.rb', line 380

def user_hook_script_dir
  inclusively { File.join(pool.user_hook_script_dir, 'ct', id) }
end