Class: OsCtld::Devices::V1::ContainerConfigurator

Inherits:
GroupConfigurator show all
Defined in:
lib/osctld/devices/v1/container_configurator.rb

Instance Attribute Summary

Attributes inherited from Configurator

#owner

Instance Method Summary collapse

Methods inherited from GroupConfigurator

#clear, #do_allow_device, #do_apply_changes, #do_configure, #do_deny_all, #do_deny_device

Methods inherited from Configurator

#dup, #initialize

Constructor Details

This class inherits a constructor from OsCtld::Devices::Configurator

Instance Method Details

#abs_all_cgroup_pathsArray (protected)

Returns:

  • (Array)


137
138
139
# File 'lib/osctld/devices/v1/container_configurator.rb', line 137

def abs_all_cgroup_paths
  abs_group_cgroup_paths + abs_ct_cgroup_paths
end

#abs_ct_cgroup_pathsArray (protected)

Returns a list of all absolute cgroup paths that need to be configured for this container, from the top down.

Returns:

  • (Array)


118
119
120
# File 'lib/osctld/devices/v1/container_configurator.rb', line 118

def abs_ct_cgroup_paths
  to_abs_paths(rel_ct_cgroup_paths)
end

#abs_ct_chowned_cgroup_pathsArray (protected)

Returns a list of the container's absolute cgroup paths that are to be chowned to the user.

Returns:

  • (Array)


125
126
127
128
129
130
131
132
133
134
# File 'lib/osctld/devices/v1/container_configurator.rb', line 125

def abs_ct_chowned_cgroup_paths
  to_abs_paths([
    # <group>/<user>/<ct>/user-owned
    [ct.cgroup_path, true],

    # <group>/<user>/<ct>/user-owned/lxc.payload.<ct>
    [File.join(ct.cgroup_path, "lxc.payload.#{ct.id}"), false,
     ct.user.ugid, ct.gid_map.ns_to_host(0)],
  ])
end

#abs_group_cgroup_pathsArray (protected)

Returns a list of absolute paths of the container's group cgroups

Returns:

  • (Array)


111
112
113
# File 'lib/osctld/devices/v1/container_configurator.rb', line 111

def abs_group_cgroup_paths
  to_abs_paths(rel_group_cgroup_paths)
end

#add_device(device) ⇒ Object



19
20
21
22
23
24
# File 'lib/osctld/devices/v1/container_configurator.rb', line 19

def add_device(device)
  abs_all_cgroup_paths.each do |cgpath, req|
    next unless prepare_cgroup(cgpath, req)
    do_allow_device(device, cgpath)
  end
end

#apply_changes(changes) ⇒ Object



33
34
35
36
37
38
# File 'lib/osctld/devices/v1/container_configurator.rb', line 33

def apply_changes(changes)
  abs_all_cgroup_paths.each do |cgpath, req|
    next unless prepare_cgroup(cgpath, req)
    do_apply_changes(changes, cgpath)
  end
end

#create(devices) ⇒ Object (protected)



43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
# File 'lib/osctld/devices/v1/container_configurator.rb', line 43

def create(devices)
  rel_group_cgroup_paths.zip(abs_group_cgroup_paths).each do |rel, abs|
    next if !rel[1] || !abs[1]

    rel_path = rel[0]
    abs_path = abs[0]

    if CGroup.mkpath('devices', rel_path.split('/'))
      do_deny_all(abs_path)
      do_configure(ct.group.devices, abs_path)
    end
  end

  rel_ct_cgroup_paths.zip(abs_ct_cgroup_paths).each do |rel, abs|
    next if !rel[1] || !abs[1]

    rel_path = rel[0]
    abs_path = abs[0]

    if CGroup.mkpath('devices', rel_path.split('/'))
      do_deny_all(abs_path)
      do_configure(devices, abs_path)
    end
  end

  abs_ct_chowned_cgroup_paths.each do |abs, req, uid, gid|
    next unless prepare_cgroup(abs, req)
    File.chown(uid || ct.user.ugid, gid || ct.user.ugid, abs)
  end
end

#init(devices) ⇒ Object



5
6
7
8
# File 'lib/osctld/devices/v1/container_configurator.rb', line 5

def init(devices)
  log(:info, owner, "Configuring cgroup #{owner.cgroup_path} for devices")
  create(devices)
end

#prepare_cgroup(cgpath, create) ⇒ Boolean (protected)

Returns `true` if the cgroup exists or was created.

Parameters:

  • cgpath (String)

    absolute cgroup path

  • create (Boolean)

    create the cgroup or not

Returns:

  • (Boolean)

    `true` if the cgroup exists or was created



150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
# File 'lib/osctld/devices/v1/container_configurator.rb', line 150

def prepare_cgroup(cgpath, create)
  exists = Dir.exist?(cgpath)

  if exists
    true

  elsif create
    begin
      Dir.mkdir(cgpath)

    rescue Errno::EEXIST
      true
    end

    # uid/gid is inherited from the parent cgroup
    st = File.stat(File.dirname(cgpath))
    File.chown(st.uid, st.gid, cgpath)

  else
    false
  end
end

#reconfigure(devices) ⇒ Object



10
11
12
13
14
15
16
17
# File 'lib/osctld/devices/v1/container_configurator.rb', line 10

def reconfigure(devices)
  clear

  abs_all_cgroup_paths.each do |cgpath, req|
    next unless prepare_cgroup(cgpath, req)
    devices.each { |dev| do_allow_device(dev, cgpath) }
  end
end

#rel_ct_cgroup_pathsArray (protected)

Returns a list of all relative cgroup paths that need to be configured for this container, from the top down.

The returned array contains pairs: `[String, Boolean]`. The `String` is the path itself, while the `Boolean` determines whether this path should be created. Paths that do not need to be created are configured only if they already exist. This is used only for the `./lxc.payload.<ct>` cgroup, which LXC wants to create by itself.

Returns:

  • (Array)


96
97
98
99
100
101
102
103
104
105
106
107
# File 'lib/osctld/devices/v1/container_configurator.rb', line 96

def rel_ct_cgroup_paths
  [
    # <group>/<user>/<ct>
    [ct.base_cgroup_path, true],

    # <group>/<user>/<ct>/user-owned
    [ct.cgroup_path, true],

    # <group>/<user>/<ct>/user-owned/lxc.payload.<ct>
    [File.join(ct.cgroup_path, "lxc.payload.#{ct.id}"), false],
  ]
end

#rel_group_cgroup_pathsArray (protected)

Returns a list of relative paths of the container's group cgroups.

These cgroups share the settings of the container's group.

Returns:

  • (Array)


79
80
81
82
83
84
# File 'lib/osctld/devices/v1/container_configurator.rb', line 79

def rel_group_cgroup_paths
  [
    # <group>/<user>
    [ct.group.full_cgroup_path(ct.user), true],
  ]
end

#remove_device(device) ⇒ Object



26
27
28
29
30
31
# File 'lib/osctld/devices/v1/container_configurator.rb', line 26

def remove_device(device)
  abs_all_cgroup_paths.reverse_each do |cgpath, req|
    next unless prepare_cgroup(cgpath, req)
    do_deny_device(device, cgpath)
  end
end

#to_abs_paths(rel_paths) ⇒ Object (protected)



141
142
143
144
145
# File 'lib/osctld/devices/v1/container_configurator.rb', line 141

def to_abs_paths(rel_paths)
  rel_paths.map do |path, req, *args|
    [File.join(CGroup::FS, CGroup.real_subsystem('devices'), path), req, *args]
  end
end