diff options
114 files changed, 5876 insertions, 2617 deletions
@@ -1,3 +1,2 @@ README.txt share/man/*.[0-9] -share/man/*.xml diff --git a/CHANGELOG.txt b/CHANGELOG.txt index c372d63..8dd6e3d 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,3 +1,376 @@ +2022-12-23 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20221023. + + [ Daniel Baumann ] + * Tightening version matches for OS detection in container info command. + * Adding release support for Debian 12 (bookworm). + * Updating distribution defaults for bookworm in container build scripts. + * Updating references in manpages for bookworm. + * Updating examples for bookworm. + * Adding support for non-free-firmware archive-area in debconf build script. + * Updating arm64 description in debconf build script. + +2022-10-23 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20221023. + + [ Daniel Baumann ] + * Removing curl pre-http2 option handling. + * Renaming internal bootstrap function to be more generic in debconf build-script. + * Adding initial image support in container debconf build-scripts. + +2022-10-15 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20221015. + + [ Daniel Baumann ] + * Removing machine-id from cache to fix re-using it amongst all generated containers, thanks to Sakirnth Nagarasa <sakirnth@debian.org>. + * Correcting a few formating errors in changelog. + +2022-10-02 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20221002. + + [ Daniel Baumann ] + * Adding force and interactive options to container restart command. + * Updating license with newer GPL-3 version containing https instead of http links. + * Replacing explicit container command with variable in container main wrapper. + * Correcting distclean target in makefile. + * Also passing explicit directory output-format to mmdebstrap in build scripts. + * Also passing root as sandbox user to mmdebstrap in build scripts. + +2022-07-21 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20220721. + + [ Daniel Baumann ] + * Returning all ip addresses in cnt info command. + * Correcting container info command to report IP addresses of stopped container. + * Handling multiple IP addresses in container info command the same way for stopped containers as for started ones. + * Adding lazy detection in container info command for Debian 12 (booworm). + +2022-07-04 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20220704. + + [ Daniel Baumann ] + * Adding release related targets in Makefile. + * Updating links about related articles in compute-tools manpage. + * Reverting adding LinkLocalAddressing=no to ipv6 interfaces as its only desirable on container bridges but breaks a few other things in normal containers. + +2022-06-05 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20220605. + + * Backward incompatible changes: + - The container stop command is now interactive by default, + use 'container stop --force' / 'cnt stop -f' instead. + + [ Daniel Baumann ] + * Correcting container status bash-completion to complete on all containers rather than only stopped ones. + * Using variables in directory paths in container key command. + * Adding default interactive mode for container stop command. + * Renaming force option in container stop command to kill in order to properly separate the three different stop modi (interactive, force, kill). + * Tracking container state in run files in /var/lib/compute-tools. + * Automatically restoring previous state after reboot by using last-on/last-off config options, thanks to Sakirnth Nagarasa <sakirnth@gmail.com> for the use-case and idea. + * Setting default for cnt.auto to last-on in debconf build scripts. + +2022-06-04 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20220604. + + [ Daniel Baumann ] + * Adding --name option in container-info manpage. + * Adding missing dhcp option in select question of the debconf build script. + * Adding new 'stub' network interface method in debconf build-script, thanks to Sakirnth Nagarasa <sakirnth@gmail.com> for the use-case and idea. + * Adding LinkLocalAddressing=no to ipv6 interfaces. + +2022-05-22 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20220522. + + [ Daniel Baumann ] + * Fixing copy&paste mistake in systemd-network run-files handling. + +2022-05-09 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20220509. + + [ Daniel Baumann ] + * Correcting wrong preseed-file handling for new links directory in container build script. + +2022-05-08 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20220508. + + [ Daniel Baumann ] + * Correcting off-by-one error when warning about too long veth interface names in container start commend. + * Adding comments about debconf hierarchy in debconf build script. + * Using versioned sort when sorting debconf templates. + * Excluding /etc/compute-tools/debconf/links from being shown in preseed file selection dialog to declutter automatization symlinks from real templates. + * Explicitly prefering links subdirectory over other locations withint debconf hierarchy in debconf build scripts. + +2022-05-05 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20220505. + + [ Daniel Baumann ] + * Adding container rebuild command. + * Correcting wrong shortlink for container restart command (rs instead of rt). + * Updating copyright notices for 2022. + * Showing all IP address for stopped containers in container list command. + * Supporting both ifupdown and systemd-networkd for the time being, depending on the existence of /etc/network/interfaces. + * Readding old ifupdown documentation for the time being. + +2022-04-30 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20220430. + + [ Simon Spöhel ] + * Updating documentation for systemd-networkd. + + [ Daniel Baumann ] + * Actually passing through SSH_CLIENT variable to enable powerline-prompt in container enter command. + * Listing all IP addresses in container list command. + +2022-04-28 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20220428. + + [ Simon Spöhel ] + * Using systemd-networkd to manage veth interfaces on host. + +2021-12-31 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20211231. + + [ Daniel Baumann ] + * Adding interactive option to container update command to ease skipping containers. + * Making name argument mandatory in container update command. + +2021-11-17 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20211117. + + [ Daniel Baumann ] + * Adding complete debconf envars in container update command. + * Passing fix-missing to apt upgrade in container update command. + +2021-11-16 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20211116. + + [ Daniel Baumann ] + * Adding comment about using grep to de-colorize apt messages in container update command. + * Making container update command work entirely non-interactive. + * Updating notifications in container update command. + * Refactoring notification in container update command. + * Adding notificiations for autoremovals in container update command. + +2021-11-15 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20211115. + + [ Daniel Baumann ] + * Speeding up full-upgrades in container update command by removing redundant upgrade step. + * Preparing update notifications handling in container update command. + * Adding notification handling in container update command. + +2021-11-13 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20211113. + + [ Daniel Baumann ] + * Replacing individual needrestart overrides by globally blacklisting container-tools service units. + +2021-11-03 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20211103. + + [ Daniel Baumann ] + * Adding needrestart restart scripts. + * Enabling automatic needrestart blacklisting for containers. + +2021-11-02 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20211102. + + [ Daniel Baumann ] + * Adding 'exit' in debconf build script, thanks to Katharina. + * Sorting preseed-file options in debconf build script. + * Renaming internal config variable to more suitable debconf in debconf build script. + * Also removing config file stub when exiting debconf build script. + +2021-08-04 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20210804. + + [ Daniel Baumann ] + * Updating container update options in bash-completion. + * Fixing full-upgrade option in container update command. + * Harmonizing usage messages over all container commands with manpage references. + * Harmonizing parameter and usage in container build command. + +2021-07-27 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20210727. + + [ Daniel Baumann ] + * Adding backward incompatible changes of the previous release to changelog. + * Correcting synopsis in container-run manpage. + * Adding container update command. + * Also adding notifications for container get command in container main program. + * Suffixing keys with keyid in container keyring samples for transparency and uniqueness of the keys. + * Adding manpage references in usage message in main container program. + * Hardening quoting in container main program. + * Supporting /etc/compute-tools/container.conf.d. + * Adding boliderplate variables in post-start.chown-nvidia.sh example hook for consistency. + +2021-07-26 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20210726. + + * Backward incompatible changes: + - The container create command has been renamed to 'build'. + - The container create script using curl is now a 'get' script + for the new container get command. + + [ Daniel Baumann ] + * Harmonizing formating of default values in manpages. + * Harmonizing formating of URL in homepage section in manpages. + * Correcting spelling typos in documentation files. + * Adding reference to manpage in 'no such container command' error message. + * Adding check for writable gpg directory in container key command. + * Updating container-image example build script for current debian releases. + * Renaming container create command to container build. + * Making previous container curl create script a container get script. + * Adding container get command. + * Creating empty keyring directory in Makefile. + * Adding example public keys. + * Updating default keyserver for container key command. + * Updating example key in container key manpage examples. + * Adding sensible default lookups for container key bash-completion. + * Speeding up container list command by not gathering IP addresses for output format that don't need it. + * Speeding up container list command by optimizing IP address gathering. + * Support fetching remote keys from keyserver in container key command. + * Support fetching local keys from keyring library in container key command. + * Using sig instead of sign as gpg signature extension for container images. + +2021-07-25 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20210725. + + [ Daniel Baumann ] + * Updating build relevant stuff to move from asciidoc to rst for manpage generation. + * Migrationg manpages from asciidoc to rst. + * Updating ssh public-key references in container-shell manpage examples. + * Updating references to the current Debian release in manpages for Debian 11 (bullseye). + * Updating build-depends listed in compute-tools manpage. + * Prefixing generated manpages with boiler-plate header. + * Injecting compute-tools version into manpage headers. + +2021-07-24 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20210724. + + [ Daniel Baumann ] + * Removing note about ipv4 forwarding, this is not actually required (anymore). + * Correcting wording in host setup documentation. + * Adding @FILE@ replacement variables in preseed files. + * Also removing lock file when force-stopping a container. + * Exporting IP variables to be used in host commands. + * Using lower-case filename for host-setup documentation. + * Improving section titles in host-setup documentation. + * Harmonizing first line in comments of non-shebang files. + * Using fixme rather than todo in source files. + * Improving comments in debootstrap script. + +2021-06-30 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20210630. + + [ Daniel Baumann ] + * Reverting openvswitch, not really ready yet. + +2021-06-29 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20210629. + + * Backward incompatible changes: + - The networking integration on the container host depended on + ifupdown. Now, to support KVM as an additional backend + alongside systemd-nspawn in compute-tools, we're switching + in this version exclusively to openvswitch. + - Moving from ifupdown to openvswitch to manage the bridges + requires manual re-configuration of the networking stack on + the host, otherwise no container will continue to have network + access. + - Configuration examples for systemd-networkd (recommended) on the + host to use openvswitch are documented in HOST-SETUP.txt. + + [ Simon Spöhel ] + * Using openvswitch instead of linux bridges. + * Updating documentation for openvswitch. + +2021-06-28 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20210628. + + [ Daniel Baumann ] + * Using dpkg selection to check package availability in debconf container create script, rather than to rely on dpkg internal files. + * Updating unit file for systemd 246 wrt/ StandardError and StandardOutput options. + + [ Katharina Drexel ] + * Prefering mmdebstrap to debootstrap in debconf script. + * Integrating mmdebstrap in debconf script. + + [ Daniel Baumann ] + * Setting TERM in systemd container service files to improve machinectl login. + * Removing undesirable --verbose option when calling mmdebstrap in debconf container create script. + * Allowing to specify cnt.start=force in container config to ease fencing with pacemaker/corosync. + * Using cnt run to determine IP addresses in container list. + * Adding initial container info command. + * Handling container run command aequivalent to container enter in bash-completion. + * Using container-specific user-variable when logging container commands before falling back to system environment. + +2021-04-11 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20210411. + + * Backward incompatible changes: + - all path have been shortened in preparation for additional + backends alongside systemd-nspawn: The only user visible is the + configuration directory: + + new: /etc/open-infrastructure/container + old: /etc/compute-tools + + [ Daniel Baumann ] + * Moving command files from /usr/lib to /usr/libexec. + * Moving config files from /etc/open-infrastructure to /etc/compute-tools. + * Using /usr/libexec/container instead of /usr/libexec/open-infrastructure/container. + * Using /usr/share/compute-tools instead of /usr/share/open-infrastructure/container. + * Using /var/log/compute-tools instead of /var/log/open-infrastructure. + * Using /var/cache/container instead of /var/cache/open-infrastructure/container. + * Making hook to git-pull debconf files work recursively. + * Harmonizing initial variables in curl and debconf container create scripts for consistency. + * Updating copyright in bash-completion, it got re-written from scratch years ago. + * Adding hook support to container log command for consistency. + * Cosmetically improving output of test target. + * Adding shellcheck in test target (but not failing yet on it). + * Removing superfluous whitespace in changelog. + * Removing dpkg hack for progress-linux in debconf container create script, not needed for buster and newer anymore. + * Removing base-files hack for progress-linux in debconf container create script, not needed for buster and newer anymore. + * Removing readline hack for progress-linux in debconf container create script, not needed for buster and newer anymore. + * Removing sysvinit hack for progress-linux in debconf container create script, not needed for buster and newer anymore. + * Removing stretch support from debconf container create script. + * Using https for security.debian.org in container create related items. + * Using https instead of http in all comments. + * Adding support for Debian bookworm in container debconf create script. + * Synchronising versioning number for progress-linux releases in debconf container create script. + * Updating preseed examples for debconf container scripts to bullseye. + 2021-01-01 Daniel Baumann <daniel.baumann@open-infrastructure.net> * Releasing version 20210101. @@ -500,6 +873,7 @@ 2016-12-10 Daniel Baumann <daniel.baumann@open-infrastructure.net> * Releasing version 20161210. + * Backward incompatible changes: - container list shows now only the first IPv4 address. - container rename command has been renamed to move. @@ -547,7 +921,7 @@ 2016-11-25 Daniel Baumann <daniel.baumann@open-infrastructure.net> - * Releasing version 20161122. + * Releasing version 20161125. [ Daniel Baumann ] * Renaming too generic internal getopt variables to avoid possible @@ -558,6 +932,7 @@ 2016-11-22 Daniel Baumann <daniel.baumann@open-infrastructure.net> * Releasing version 20161122. + * Backward incompatible changes: - renaming curl cache directory from /var/cache/container-tools/curl to /var/cache/container-tools/images. @@ -568,7 +943,7 @@ * Updating contact section in manpages. * Harmonizing manpage markup. * Adding --clean option to curl container create script to remove - downloaded tarball from cache after successfull container creation. + downloaded tarball from cache after successful container creation. * Changing cache directory in curl create script from /var/cache/container-tools/curl to /var/cache/container-tools/images. * Using https by default in container-images.sh example script. @@ -579,6 +954,7 @@ 2016-11-12 Daniel Baumann <daniel.baumann@open-infrastructure.net> * Releasing version 20161112. + * Backward incompatible changes: - removes support to create Debian 8 (jessie) container in debconf container create script. @@ -602,6 +978,7 @@ 2016-11-05 Daniel Baumann <daniel.baumann@open-infrastructure.net> * Releasing version 20161105. + * Backward incompatible changes: - container use systemd-networkd instead of ifupdown. @@ -765,7 +1142,7 @@ * Silencing error message in container list command if machine directory is not readable. * Excluding container-tools and .container-tools in /var/lib/machines as - special directories to allow all container-tools ressources to be + special directories to allow all container-tools resources to be places on shared storage. [ Andreas Kreuzer ] @@ -790,6 +1167,7 @@ 2016-06-01 Daniel Baumann <daniel.baumann@open-infrastructure.net> * Releasing version 20160601. + * Backward incompatible changes: - for consistency reasons, instead of any file only files with .cfg suffix are accepted as preseed files in @@ -814,6 +1192,7 @@ 2016-05-15 Daniel Baumann <daniel.baumann@open-infrastructure.net> * Releasing version 20160515. + * Backward incompatible changes: - container network configuration in the [start] section for multi-interface support: @@ -879,6 +1258,7 @@ 2016-04-15 Daniel Baumann <daniel.baumann@open-infrastructure.net> * Releasing version 20160415. + * Backward incompatible changes: - container stop command option -k|--kill renamed to -f|--force for consistency diff --git a/LICENSE.txt b/LICENSE.txt index 94a9ed0..f288702 100644 --- a/LICENSE.txt +++ b/LICENSE.txt @@ -1,7 +1,7 @@ GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 - Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/> + Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/> Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. @@ -645,7 +645,7 @@ the "copyright" line and a pointer to where the full notice is found. GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. + along with this program. If not, see <https://www.gnu.org/licenses/>. Also add information on how to contact you by electronic and paper mail. @@ -664,11 +664,11 @@ might be different; for a GUI interface, you would use an "about box". You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU GPL, see -<http://www.gnu.org/licenses/>. +<https://www.gnu.org/licenses/>. The GNU General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. But first, please read -<http://www.gnu.org/philosophy/why-not-lgpl.html>. +<https://www.gnu.org/licenses/why-not-lgpl.html>. @@ -1,4 +1,6 @@ -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Open Infrastructure: compute-tools + +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -23,12 +25,18 @@ PROGRAM = container SCRIPTS = bin/* libexec/*/* +VERSION := $(shell cat VERSION.txt) + all: build test: @echo -n "Checking for syntax errors with sh... " @for SCRIPT in $(SCRIPTS); \ do \ + if grep -qs /usr/bin/python3 $${SCRIPT}; \ + then \ + continue; \ + fi; \ sh -n $${SCRIPT}; \ echo -n "."; \ done @@ -39,6 +47,10 @@ test: then \ for SCRIPT in $(SCRIPTS); \ do \ + if grep -qs /usr/bin/python3 $${SCRIPT}; \ + then \ + continue; \ + fi; \ checkbashisms -f -x $${SCRIPT}; \ echo -n "."; \ done; \ @@ -49,10 +61,14 @@ test: # FIXME: fail hard on shellcheck once all issues are fixed @echo -n "Checking with shellcheck... " - @if [ -x /usr/bin/checkbashisms ]; \ + @if [ -x /usr/bin/shellcheck ]; \ then \ for SCRIPT in $(SCRIPTS); \ do \ + if grep -qs /usr/bin/python3 $${SCRIPT}; \ + then \ + continue; \ + fi; \ shellcheck $${SCRIPT} || true; \ echo -n "."; \ done; \ @@ -61,15 +77,17 @@ test: fi @echo " done." -build: share/man/*.txt +build: share/man/*.rst $(MAKE) -C share/man - sed -n '/^NAME/,$$p' share/man/$(SOFTWARE).7.txt > README.txt + sed -n '/^===/,$$p' share/man/$(SOFTWARE).7.rst > README.txt install: build mkdir -p $(DESTDIR)/etc/$(SOFTWARE)/config mkdir -p $(DESTDIR)/etc/$(SOFTWARE)/debconf mkdir -p $(DESTDIR)/etc/$(SOFTWARE)/hooks + mkdir -p $(DESTDIR)/etc/$(SOFTWARE)/keys + mkdir -p $(DESTDIR)/etc/${SOFTWARE}/container.conf.d mkdir -p $(DESTDIR)/usr/bin cp -r bin/* $(DESTDIR)/usr/bin @@ -77,9 +95,12 @@ install: build mkdir -p $(DESTDIR)/usr/libexec cp -r libexec/* $(DESTDIR)/usr/libexec + mkdir -p $(DESTDIR)/usr/lib/python3/dist-packages + cp -r python3/* $(DESTDIR)/usr/lib/python3/dist-packages + mkdir -p $(DESTDIR)/usr/share/$(SOFTWARE) cp -r VERSION.txt $(DESTDIR)/usr/share/$(SOFTWARE) - cp -r share/config share/hooks share/scripts $(DESTDIR)/usr/share/$(SOFTWARE) + cp -r share/config share/hooks share/keys share/build-scripts share/get-scripts $(DESTDIR)/usr/share/$(SOFTWARE) mkdir -p $(DESTDIR)/usr/share/bash-completion/completions cp -r share/bash-completion/* $(DESTDIR)/usr/share/bash-completion/completions @@ -87,6 +108,9 @@ install: build mkdir -p $(DESTDIR)/etc/logrotate.d cp -r share/logrotate/* $(DESTDIR)/etc/logrotate.d + mkdir -p $(DESTDIR)/etc/needrestart/conf.d + cp -r share/needrestart/* $(DESTDIR)/etc/needrestart/conf.d + mkdir -p $(DESTDIR)/etc/sysctl.d cp -r share/procps/* $(DESTDIR)/etc/sysctl.d @@ -112,23 +136,26 @@ install: build ln -sf container-shell.1 $(DESTDIR)/usr/share/man/man1/cntsh.1 ln -sf container $(DESTDIR)/usr/share/bash-completion/completions/cnt - ln -sf debconf $(DESTDIR)/usr/share/$(SOFTWARE)/scripts/debian - ln -sf debconf.d $(DESTDIR)/usr/share/$(SOFTWARE)/scripts/debian.d - ln -sf container-create-debconf.1 $(DESTDIR)/usr/share/man/man1/container-create-debian.1 - ln -sf debconf $(DESTDIR)/usr/share/$(SOFTWARE)/scripts/progress-linux - ln -sf debconf.d $(DESTDIR)/usr/share/$(SOFTWARE)/scripts/progress-linux.d - ln -sf container-create-debconf.1 $(DESTDIR)/usr/share/man/man1/container-create-progress-linux.1 - ln -sf debootstrap $(DESTDIR)/usr/share/$(SOFTWARE)/scripts/mmdebstrap - ln -sf container-create-debootstrap.1 $(DESTDIR)/usr/share/man/man1/container-create-mmdebstrap.1 - - ln -sf create $(DESTDIR)/usr/libexec/$(PROGRAM)/cr + ln -sf debconf $(DESTDIR)/usr/share/$(SOFTWARE)/build-scripts/debian + ln -sf debconf.d $(DESTDIR)/usr/share/$(SOFTWARE)/build-scripts/debian.d + ln -sf container-build-debconf.1 $(DESTDIR)/usr/share/man/man1/container-build-debian.1 + ln -sf debconf $(DESTDIR)/usr/share/$(SOFTWARE)/build-scripts/progress-linux + ln -sf debconf.d $(DESTDIR)/usr/share/$(SOFTWARE)/build-scripts/progress-linux.d + ln -sf container-build-debconf.1 $(DESTDIR)/usr/share/man/man1/container-build-progress-linux.1 + ln -sf debootstrap $(DESTDIR)/usr/share/$(SOFTWARE)/build-scripts/mmdebstrap + ln -sf container-build-debootstrap.1 $(DESTDIR)/usr/share/man/man1/container-build-mmdebstrap.1 + + ln -sf build $(DESTDIR)/usr/libexec/$(PROGRAM)/b + ln -sf get $(DESTDIR)/usr/libexec/$(PROGRAM)/g ln -sf list $(DESTDIR)/usr/libexec/$(PROGRAM)/ls ln -sf move $(DESTDIR)/usr/libexec/$(PROGRAM)/mv ln -sf remove $(DESTDIR)/usr/libexec/$(PROGRAM)/rm + ln -sf rebuild $(DESTDIR)/usr/libexec/$(PROGRAM)/rb ln -sf restart $(DESTDIR)/usr/libexec/$(PROGRAM)/rs ln -sf start $(DESTDIR)/usr/libexec/$(PROGRAM)/s ln -sf status $(DESTDIR)/usr/libexec/$(PROGRAM)/st ln -sf stop $(DESTDIR)/usr/libexec/$(PROGRAM)/t + ln -sf update $(DESTDIR)/usr/libexec/$(PROGRAM)/u mkdir -p $(DESTDIR)/lib/systemd/system cp -r share/systemd/* $(DESTDIR)/lib/systemd/system @@ -157,9 +184,9 @@ uninstall: rm -f $(DESTDIR)/usr/bin/cntsh rm -f $(DESTDIR)/usr/share/man/man1/cntsh.1 rm -f $(DESTDIR)/usr/share/bash-completion/completions/cnt - rm -f $(DESTDIR)/usr/share/man/man1/container-create-debian.1 - rm -f $(DESTDIR)/usr/share/man/man1/container-create-progress-linux.1 - rm -f $(DESTDIR)/usr/share/man/man1/container-create-mmdebstrap.1 + rm -f $(DESTDIR)/usr/share/man/man1/container-build-debian.1 + rm -f $(DESTDIR)/usr/share/man/man1/container-build-progress-linux.1 + rm -f $(DESTDIR)/usr/share/man/man1/container-build-mmdebstrap.1 for FILE in share/sudo/*; \ do \ @@ -171,6 +198,11 @@ uninstall: rm -f $(DESTDIR)/etc/sysctl.d/$$(basename $${FILE}); \ done + for FILE in share/needrestart/*; \ + do \ + rm -f $(DESTDIR)/etc/needrestart/conf.d/$$(basename $${FILE}); \ + done + for FILE in share/logrotate/*; \ do \ rm -f $(DESTDIR)/etc/logrotate.d/$$(basename $${FILE}); \ @@ -187,6 +219,9 @@ uninstall: rm -rf $(DESTDIR)/usr/share/$(SOFTWARE) rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/usr/share || true + rm -rf $(DESTDIR)/usr/lib/python3/dist-packages/compute_tools + rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/usr/lib/python3/dist-packages + rm -rf $(DESTDIR)/usr/libexec/$(PROGRAM) rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/usr/libexec || true @@ -199,6 +234,8 @@ uninstall: rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/etc/$(SOFTWARE)/config || true rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/etc/$(SOFTWARE)/debconf || true rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/etc/$(SOFTWARE)/hooks || true + rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/etc/$(SOFTWARE)/keys || true + rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/etc/$(SOFTWARE)/container.conf.d || true rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/etc/$(SOFTWARE) || true rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/etc || true @@ -209,6 +246,28 @@ clean: rm -f README.txt -distclean: +distclean: clean + rm -rf $(SOFTWARE)-$(VERSION) reinstall: uninstall install + +release: distclean + git commit -a -s -S -m 'Releasing version $(VERSION).' || true + git tag -s -m 'Tagging version $(VERSION).' v$(VERSION) || true + + mkdir -p $(SOFTWARE)-$(VERSION) + find . -mindepth 1 -maxdepth 1 -and -not -name ".git*" -and -not -name debian -and -not -name $(SOFTWARE)-$(VERSION) -exec cp \-a {} $(SOFTWARE)-$(VERSION) \; + + for FORMAT in xz lzip; \ + do \ + EXTENSION=$$(echo $${FORMAT} | cut -b-2); \ + tar --$${FORMAT} -cf ../$(SOFTWARE)-$(VERSION).tar.$${EXTENSION} $(SOFTWARE)-$(VERSION); \ + sha512sum ../$(SOFTWARE)-$(VERSION).tar.$${EXTENSION} > ../$(SOFTWARE)-$(VERSION).tar.$${EXTENSION}.sha512; \ + gpg --default-key 0xB62C61A10B93195F --armor -b ../$(SOFTWARE)-$(VERSION).tar.$${EXTENSION}; \ + mv ../$(SOFTWARE)-$(VERSION).tar.$${EXTENSION}.asc ../$(SOFTWARE)-$(VERSION).tar.$${EXTENSION}.sig; \ + done + + rm -rf $(SOFTWARE)-$(VERSION) + +upload: + scp ../$(SOFTWARE)-$(VERSION).* get.open-infrastructure.net:/srv/get.open-infrastructure.net/software/$(SOFTWARE)/upstream diff --git a/VERSION.txt b/VERSION.txt index 71bc3f4..7a58b9c 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1 +1 @@ -20210101 +20221223 diff --git a/bin/container b/bin/container index c3748d9..fb52687 100755 --- a/bin/container +++ b/bin/container @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -32,6 +32,9 @@ if [ -z "${PARAMETER}" ] then echo "Usage: ${PROGRAM} COMMAND [OPTIONS]" >&2 echo "Usage: ${PROGRAM} COMMAND1,COMMAND2,... [COMMON_OPTIONS]" >&2 + echo + echo "See ${PROGRAM}(1) and ${PROJECT}(7) for more information." + exit 1 fi @@ -40,13 +43,13 @@ COMMANDS="${1}" # Options shift 1 -OPTIONS="${@}" +OPTIONS="${*}" -for COMMAND in $(echo ${COMMANDS} | sed -e 's|,| |g') +for COMMAND in $(echo "${COMMANDS}" | sed -e 's|,| |g') do if [ ! -e "/usr/libexec/${PROGRAM}/${COMMAND}" ] then - echo "'${COMMAND}': no such ${PROGRAM} command" >&2 + echo "'${COMMAND}': no such ${PROGRAM} command, see ${PROGRAM}(1)." >&2 exit 1 fi @@ -65,24 +68,34 @@ do OPTIONS="$(echo "${OPTIONS}" | sed -e 's|--no-notification||')" else case "${COMMAND}" in - create|cr|move|mv|remove|rm|restart|rt|start|s|stop|t) - USER="${SUDO_USER:-${USER}}" + build|b|get|g|move|mv|remove|rm|rebuild|rb|restart|rs|start|s|stop|t|update|u) + if [ -z "${CONTAINER_USER}" ] + then + CONTAINER_USER="${SUDO_USER:-${USER}}" + fi + DATE="$(date +%Y-%m-%d\ %H:%M:%S)" HOST="$(hostname -f 2> /dev/null || hostname)" # logfile - echo "${DATE} ${HOST} ${USER} ${PROGRAM} ${COMMAND} ${OPTIONS}" >> "/var/log/${SOFTWARE}/${PROGRAM}.log" + echo "${DATE} ${HOST} ${CONTAINER_USER} ${PROGRAM} ${COMMAND} ${OPTIONS}" >> "/var/log/${SOFTWARE}/${PROGRAM}.log" # irc - if [ -e /usr/bin/irk ] && [ -e "/etc/${SOFTWARE}.conf" ] + if [ -e /usr/bin/irk ] then - . "/etc/${SOFTWARE}.conf" + for FILE in "/etc/${SOFTWARE}/${PROGRAM}.conf" "/etc/${SOFTWARE}/${PROGRAM}.conf.d"/*.conf + do + if [ -e "${FILE}" ] + then + . "${FILE}" + fi + done if [ -n "${IRK_TARGETS}" ] then for TARGET in ${IRK_TARGETS} do - irk ${TARGET} "\x0300${USER}\x03@\x0312${HOST}:\x03 \x0303${PROGRAM}\x03 \x0307${COMMAND}\x03 ${OPTIONS}" + irk "${TARGET}" "\x0300${CONTAINER_USER}\x03@\x0312${HOST}:\x03 \x0303${PROGRAM}\x03 \x0307${COMMAND}\x03 ${OPTIONS}" done fi fi diff --git a/bin/container-shell b/bin/container-shell index 98ece06..d63c3c0 100755 --- a/bin/container-shell +++ b/bin/container-shell @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # diff --git a/libexec/container/auto b/libexec/container/auto index 0c9d136..83c5c50 100755 --- a/libexec/container/auto +++ b/libexec/container/auto @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -76,6 +76,9 @@ Parameters () Usage () { echo "Usage: ${PROGRAM} ${COMMAND} -f|--force -s|--start -t|--stop" >&2 + echo + echo "See ${COMMAND}(1), ${PROGRAM}(1) and ${PROJECT}(7) for more information." + exit 1 } @@ -108,17 +111,50 @@ esac for FILE in "${CONFIG}"/*.conf do - if grep -Eqs "^ *cnt.auto=force-true" "${FILE}" + if ! grep -Eqs "^ *cnt.container-server=${HOST}" "${FILE}" then - OPTIONS="${OPTIONS} -f" + continue fi - if grep -Eqs "^ *cnt.auto=(force-true|true)" "${FILE}" && grep -Eqs "^ *cnt.container-server=${HOST}" "${FILE}" - then - CONTAINER="$(basename ${FILE} .conf)" - - cnt ${ACTION} -n ${CONTAINER} ${OPTIONS} || true - fi + CONTAINER="$(basename ${FILE} .conf)" + CNT_AUTO="$(grep -Es "^ *cnt.auto=" ${FILE} | awk -F= '{ print $2 }')" + + case "${ACTION}" in + start) + case "${CNT_AUTO}" in + force-true) + OPTIONS="${OPTIONS} -f" + + cnt ${ACTION} -n ${CONTAINER} ${OPTIONS} || true + ;; + + last-on) + if grep -qs start "/var/lib/${SOFTWARE}/state/${CONTAINER}.run" || \ + [ ! -e "/var/lib/${SOFTWARE}/state/${CONTAINER}.run" ] + then + cnt start -n ${CONTAINER} ${OPTIONS} -f || true + fi + ;; + + last-off) + if grep -qs start "/var/lib/${SOFTWARE}/state/${CONTAINER}.run" + then + cnt start -n ${CONTAINER} ${OPTIONS} -f || true + fi + ;; + + true) + cnt ${ACTION} -n ${CONTAINER} ${OPTIONS} || true + ;; + esac + ;; + + stop) + OPTIONS="${OPTIONS} -f --stateless" + + cnt ${ACTION} -n ${CONTAINER} ${OPTIONS} || true + ;; + esac done # Post hooks diff --git a/libexec/container/build b/libexec/container/build new file mode 100755 index 0000000..2c29730 --- /dev/null +++ b/libexec/container/build @@ -0,0 +1,287 @@ +#!/bin/sh + +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + +set -e + +PROJECT="open-infrastructure" +SOFTWARE="compute-tools" +PROGRAM="container" +COMMAND="$(basename ${0})" + +CONFIG="/etc/${SOFTWARE}/config" +HOOKS="/etc/${SOFTWARE}/hooks" +MACHINES="/var/lib/machines" +SCRIPTS="/usr/share/${SOFTWARE}/build-scripts" +CONFIG_TEMPLATE="/usr/share/${SOFTWARE}/config/container.conf.in" + +Parameters () +{ + GETOPT_LONGOPTIONS="name:,cnt.auto:,cnt.container-server:,cnt.overlay:,cnt.overlay-options:,cnt.start:,bind:,bind-ro:,capability:,drop-capability:,script:,verbose," + GETOPT_OPTIONS="n:,b:,c:,d:,s:,v," + + PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${COMMAND} --options ${GETOPT_OPTIONS} --shell sh -- ${@})" + + if [ "${?}" != "0" ] + then + echo "'${COMMAND}': getopt exit" >&2 + exit 1 + fi + + eval set -- "${PARAMETERS}" + + while true + do + case "${1}" in + -n|--name) + NAME="${2}" + shift 2 + ;; + + --cnt.auto) + CNT_AUTO="${2}" + shift 2 + ;; + + --cnt.container-server) + CNT_CONTAINER_SERVER="${2}" + shift 2 + ;; + + --cnt.overlay) + CNT_OVERLAY="${2}" + shift 2 + ;; + + --cnt.overlay-options) + CNT_OVERLAY_OPTIONS="${2}" + shift 2 + ;; + + --cnt.start) + CNT_START="${2}" + shift 2 + ;; + + -b|--bind) + BIND="${2}" + shift 2 + ;; + + --bind-ro) + BIND_RO="${2}" + shift 2 + ;; + + -c|--capability) + CAPABILITY="${2}" + shift 2 + ;; + + -d|--drop-capability) + DROP_CAPABILITY="${2}" + shift 2 + ;; + + -s|--script) + SCRIPT="${2}" + shift 2 + ;; + + -v|--verbose) + VERBOSE="true" + shift 1 + ;; + + --) + shift 1 + break + ;; + + *) + echo "'${COMMAND}': getopt error" >&2 + exit 1 + ;; + esac + done +} + +Usage () +{ + echo "Usage: ${PROGRAM} ${COMMAND} -n|--name NAME [--cnt.auto=true|false|force-true|last-on|last-off] [--cnt.container-server=true|false|FQDN] [--cnt.overlay=DIRECTORY_LOWER:DIRECTORY_UPPER:DIRECTORY_WORK:DIRECTORY_MERGED] [--cnt.overlay-options=OPTION[,OPTION]] [--cnt.start=OPTION[,OPTION]] [-b|--bind DIRECTORY:DIRECTORY[:OPTIONS]] [--bind-ro DIRECTORY:DIRECTORY[:OPTIONS]] [-c|--capability CAPABILITY[,CAPABILITY]] [-d|--drop-capability DROP_CAPABILITY[,DROP_CAPABILITY]] [-s|--script SCRIPT] [-v|--verbose] [-- SCRIPT_OPTIONS]" >&2 + echo + echo "See ${COMMAND}(1), ${PROGRAM}(1) and ${PROJECT}(7) for more information." + + exit 1 +} + +Parameters "${@}" + +if [ -z "${NAME}" ] +then + Usage +fi + +case "${NAME}" in + ALL) + echo "'${NAME}': name 'ALL' is reserved to expand to all available container" >&2 + exit 1 + ;; +esac + +if [ -e "${CONFIG}/${NAME}.conf" ] +then + echo "'${NAME}': container already exists or ${CONFIG}/${NAME}.conf has not been removed" >&2 + exit 1 +fi + +if [ -z "${SCRIPT}" ] +then + if [ -e "${SCRIPTS}/default" ] + then + TARGET="$(basename $(readlink ${SCRIPTS}/default))" + + case "${TARGET}" in + container_build-script) + TARGET="$(basename $(readlink /etc/alternatives/container_build-script))" + ;; + esac + + if [ -e "${SCRIPTS}/${TARGET}" ] + then + SCRIPT="${TARGET}" + else + echo "default -> '${TARGET}': no such script" >&2 + exit 1 + fi + else + SCRIPT="debian" + fi +else + if [ ! -e "${SCRIPTS}/${SCRIPT}" ] + then + echo "'${SCRIPT}': no such script" >&2 + exit 1 + fi +fi + +case "${VERBOSE}" in + true) + +cat << EOF +################################################################################ +Building container: ${NAME} +################################################################################ +EOF + + ;; +esac + +CNT_CONTAINER_SERVER="${CNT_CONTAINER_SERVER:-$(hostname -f 2> /dev/null || hostname)}" + +# Pre hooks +for FILE in "${HOOKS}/pre-${COMMAND}".* "${HOOKS}/${NAME}.pre-${COMMAND}" +do + if [ -x "${FILE}" ] + then + "${FILE}" + fi +done + +# Creating rw bind mounts +if [ -n "${BIND}" ] +then + BINDS="$(echo ${BIND} | sed -e 's|;| |g')" + + for ENTRY in ${BINDS} + do + DIRECTORY="$(echo ${ENTRY} | awk -F: '{ print $1 }')" + + mkdir -p "${DIRECTORY}" + done +fi + +# Creating ro bind mounts +if [ -n "${BIND_RO}" ] +then + BINDS_RO="$(echo ${BIND_RO} | sed -e 's|;| |g')" + + for ENTRY in ${BINDS_RO} + do + DIRECTORY="$(echo ${ENTRY} | awk -F: '{ print $1 }')" + + mkdir -p "${DIRECTORY}" + done +fi + +# Creating overlay mounts +if [ -n "${CNT_OVERLAY}" ] +then + CNT_OVERLAYS="$(echo ${CNT_OVERLAY} | sed -e 's|;| |g')" + + for ENTRY in ${CNT_OVERLAYS} + do + DIRECTORY_LOWER="$(echo ${ENTRY} | awk -F: '{ print $1 }')" + DIRECTORY_UPPER="$(echo ${ENTRY} | awk -F: '{ print $2 }')" + DIRECTORY_WORK="$(echo ${ENTRY} | awk -F: '{ print $3 }')" + DIRECTORY_MERGED="$(echo ${ENTRY} | awk -F: '{ print $4 }')" + + for DIRECTORY in "${DIRECTORY_LOWER}" "${DIRECTORY_UPPER}" "${DIRECTORY_WORK}" "${DIRECTORY_MERGED}" + do + mkdir -p "${DIRECTORY}" + done + done +fi + +# config +mkdir -p "${CONFIG}" + +sed -e "s|@CNT_AUTO@|${CNT_AUTO}|g" \ + -e "s|@CNT_CONTAINER_SERVER@|${CNT_CONTAINER_SERVER}|g" \ + -e "s|@CNT_NETWORK_BRIDGE@|${CNT_NETWORK_BRIDGE}|g" \ + -e "s|@CNT_OVERLAY@|${CNT_OVERLAY}|g" \ + -e "s|@CNT_OVERLAY_OPTIONS@|${CNT_OVERLAY_OPTIONS}|g" \ + -e "s|@CNT_START@|${CNT_START}|g" \ + -e "s|@NAME@|${NAME}|g" \ + -e "s|@BIND@|${BIND}|g" \ + -e "s|@BIND_RO@|${BIND_RO}|g" \ + -e "s|@BOOT@|yes|g" \ + -e "s|@CAPABILITY@|${CAPABILITY}|g" \ + -e "s|@DIRECTORY@|${MACHINES}/${NAME}|g" \ + -e "s|@DROP_CAPABILITY@|${DROP_CAPABILITY}|g" \ + -e "s|@LINK_JOURNAL@|no|g" \ + -e "s|@MACHINE@|${NAME}|g" \ + -e "s|@NETWORK_VETH_EXTRA@|${NETWORK_VETH_EXTRA}|g" \ + -e "s|@PRIVATE_USERS@|no|g" \ + -e "s|@REGISTER@|yes|g" \ +"${CONFIG_TEMPLATE}" > "${CONFIG}/${NAME}.conf" + +# Run +"${SCRIPTS}/${SCRIPT}" $(echo "${@}" | sed -e 's| -- | |') + +# Post hooks +for FILE in "${HOOKS}/post-${COMMAND}".* "${HOOKS}/${NAME}.post-${COMMAND}" +do + if [ -x "${FILE}" ] + then + "${FILE}" + fi +done + +# done +echo "'${NAME}': container built." diff --git a/libexec/container/console b/libexec/container/console index ce53712..be2b897 100755 --- a/libexec/container/console +++ b/libexec/container/console @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -66,6 +66,9 @@ Parameters () Usage () { echo "Usage: ${PROGRAM} ${COMMAND} -n|--name NAME" >&2 + echo + echo "See ${COMMAND}(1), ${PROGRAM}(1) and ${PROJECT}(7) for more information." + exit 1 } diff --git a/libexec/container/enter b/libexec/container/enter index 2664fdc..b366ba6 100755 --- a/libexec/container/enter +++ b/libexec/container/enter @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -66,6 +66,9 @@ Parameters () Usage () { echo "Usage: ${PROGRAM} ${COMMAND} -n|--name NAME" >&2 + echo + echo "See ${COMMAND}(1), ${PROGRAM}(1) and ${PROJECT}(7) for more information." + exit 1 } @@ -108,7 +111,7 @@ done SSH_CLIENT="${SSH_CLIENT:-127.0.0.1 0 0}" # Run -nsenter --all --target "${LEADER}" --wd="${MACHINES}/${NAME}/root" /usr/bin/script -c "LC_ALL=C.UTF-8 /bin/bash -l" -q /dev/null +nsenter --all --target "${LEADER}" --wd="${MACHINES}/${NAME}/root" /usr/bin/script -c "LC_ALL=C.UTF-8 SSH_CLIENT=\"${SSH_CLIENT}\" /bin/bash -l" -q /dev/null case "${SSH_CLIENT}" in 127.0.0.1*) diff --git a/libexec/container/create b/libexec/container/get index 418bc35..0d0f420 100755 --- a/libexec/container/create +++ b/libexec/container/get @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -27,12 +27,12 @@ COMMAND="$(basename ${0})" CONFIG="/etc/${SOFTWARE}/config" HOOKS="/etc/${SOFTWARE}/hooks" MACHINES="/var/lib/machines" -SCRIPTS="/usr/share/${SOFTWARE}/scripts" +SCRIPTS="/usr/share/${SOFTWARE}/get-scripts" CONFIG_TEMPLATE="/usr/share/${SOFTWARE}/config/container.conf.in" Parameters () { - GETOPT_LONGOPTIONS="name:,cnt.container-server:,cnt.overlay:,cnt.overlay-options:,bind:,bind-ro:,capability:,drop-capability:,script:,verbose," + GETOPT_LONGOPTIONS="name:,cnt.container-server:,cnt.overlay:,cnt.overlay-options:,start:,bind:,bind-ro:,capability:,drop-capability:,script:,verbose," GETOPT_OPTIONS="n:,b:,c:,d:,s:,v," PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${COMMAND} --options ${GETOPT_OPTIONS} --shell sh -- ${@})" @@ -73,6 +73,11 @@ Parameters () shift 2 ;; + --cnt.start) + CNT_START="${2}" + shift 2 + ;; + -b|--bind) BIND="${2}" shift 2 @@ -118,7 +123,10 @@ Parameters () Usage () { - echo "Usage: ${PROGRAM} ${COMMAND} -n|--name NAME [--cnt.container-server=true|false|FQDN] [--cnt.overlay=DIRECTORY_LOWER:DIRECTORY_UPPER:DIRECTORY_WORK:DIRECTORY_MERGED] [--cnt.overlay-options=OPTION[,OPTION]] [-b|--bind DIRECTORY:DIRECTORY[:OPTIONS]] [--bind-ro DIRECTORY:DIRECTORY[:OPTIONS]] [-c|--capability CAPABILITY[,CAPABILITY]] [-d|--drop-capability DROP_CAPABILITY[,DROP_CAPABILITY]] [-s|--script SCRIPT] [-v|--verbose] [-- SCRIPT_OPTIONS]" >&2 + echo "Usage: ${PROGRAM} ${COMMAND} -n|--name NAME [--cnt.container-server=true|false|FQDN] [--cnt.overlay=DIRECTORY_LOWER:DIRECTORY_UPPER:DIRECTORY_WORK:DIRECTORY_MERGED] [--cnt.overlay-options=OPTION[,OPTION]] [--cnt.start=OPTION[,OPTION]] [-b|--bind DIRECTORY:DIRECTORY[:OPTIONS]] [--bind-ro DIRECTORY:DIRECTORY[:OPTIONS]] [-c|--capability CAPABILITY[,CAPABILITY]] [-d|--drop-capability DROP_CAPABILITY[,DROP_CAPABILITY]] [-s|--script SCRIPT] [-v|--verbose] [-- SCRIPT_OPTIONS]" >&2 + echo + echo "See ${COMMAND}(1), ${PROGRAM}(1) and ${PROJECT}(7) for more information." + exit 1 } @@ -149,8 +157,8 @@ then TARGET="$(basename $(readlink ${SCRIPTS}/default))" case "${TARGET}" in - container_script) - TARGET="$(basename $(readlink /etc/alternatives/container_script))" + container_get-script) + TARGET="$(basename $(readlink /etc/alternatives/container_get-script))" ;; esac @@ -162,7 +170,7 @@ then exit 1 fi else - SCRIPT="debian" + SCRIPT="curl" fi else if [ ! -e "${SCRIPTS}/${SCRIPT}" ] @@ -177,7 +185,7 @@ case "${VERBOSE}" in cat << EOF ################################################################################ -Creating container: ${NAME} +Building container: ${NAME} ################################################################################ EOF @@ -248,6 +256,7 @@ sed -e "s|@CNT_AUTO@|${CNT_AUTO}|g" \ -e "s|@CNT_NETWORK_BRIDGE@|${CNT_NETWORK_BRIDGE}|g" \ -e "s|@CNT_OVERLAY@|${CNT_OVERLAY}|g" \ -e "s|@CNT_OVERLAY_OPTIONS@|${CNT_OVERLAY_OPTIONS}|g" \ + -e "s|@CNT_START@|${CNT_START}|g" \ -e "s|@NAME@|${NAME}|g" \ -e "s|@BIND@|${BIND}|g" \ -e "s|@BIND_RO@|${BIND_RO}|g" \ diff --git a/libexec/container/info b/libexec/container/info new file mode 100755 index 0000000..b713e7a --- /dev/null +++ b/libexec/container/info @@ -0,0 +1,221 @@ +#!/bin/sh + +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + +set -e + +PROJECT="open-infrastructure" +SOFTWARE="compute-tools" +PROGRAM="container" +COMMAND="$(basename ${0})" + +CONFIG="/etc/${SOFTWARE}/config" +HOOKS="/etc/${SOFTWARE}/hooks" +MACHINES="/var/lib/machines" + +VERSION="$(${PROGRAM} version)" + +Parameters () +{ + GETOPT_LONGOPTIONS="name:,status,os,ip," + GETOPT_OPTIONS="n:," + + PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${COMMAND} --options ${GETOPT_OPTIONS} --shell sh -- ${@})" + + if [ "${?}" != "0" ] + then + echo "'${COMMAND}': getopt exit" >&2 + exit 1 + fi + + eval set -- "${PARAMETERS}" + + while true + do + case "${1}" in + -n|--name) + NAME="${2}" + shift 2 + ;; + + --status) + ACTIONS="${ACTIONS} status" + shift 1 + ;; + + --os) + ACTIONS="${ACTIONS} os" + shift 1 + ;; + + --ip) + ACTIONS="${ACTIONS} ip" + shift 1 + ;; + + --) + shift 1 + break + ;; + + *) + echo "'${COMMAND}': getopt error" >&2 + exit 1 + ;; + esac + done +} + +Usage () +{ + echo "Usage: ${PROGRAM} ${COMMAND} -n|--name NAME [--status] [--os] [--ip]" >&2 + echo + echo "See ${COMMAND}(1), ${PROGRAM}(1) and ${PROJECT}(7) for more information." + + exit 1 +} + +Parameters "${@}" + +# Pre hooks +for FILE in "${HOOKS}/pre-${COMMAND}".* "${HOOKS}/${NAME}.pre-${COMMAND}" +do + if [ -x "${FILE}" ] + then + "${FILE}" + fi +done + +ACTIONS="${ACTIONS:-status os ip}" +HOST="$(cat /etc/hostname)" + +# Run + +# Status +STATUS="$(machinectl show ${NAME} 2>&1 | awk -FState= '/^State=/ { print $2 }')" + +if [ -e "${CONFIG}/${NAME}.conf" ] +then + CONTAINER_SERVER="$(awk -Fcnt.container-server= '/^cnt.container-server=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + CONTAINER_SERVER="${CONTAINER_SERVER:-false}" + + case "${CONTAINER_SERVER}" in + ${HOST}|true) + ;; + + *) + STATUS="other" + ;; + esac +else + STATUS="other" +fi + +case "${STATUS}" in + running) + STATUS="started" + ;; + + other) + ;; + + *) + STATUS="stopped" + ;; +esac + +# OS +VERSION_BASH="$(chroot ${MACHINES}/${NAME} apt-cache policy bash | awk '/Installed: / { print $2 }')" + +case "${VERSION_BASH}" in + 4.1-*|4.1.[0-9]*) + OS="Debian 6 (squeeze)" + ;; + + 4.2-*|4.2.[0-9]*) + OS="Debian 7 (wheezy)" + ;; + + 4.3-*|4.3.[0-9]*) + OS="Debian 8 (jessie)" + ;; + + 4.4-*|4.4.[0-9]*) + OS="Debian 9 (stretch)" + ;; + + 5.0-*|5.0.[0-9]*) + OS="Debian 10 (buster)" + ;; + + 5.1-*|5.1.[0-9]*) + OS="Debian 11 (bullseye)" + ;; + + 5.2-*|5.2.[0-9]*) + OS="Debian 12 (bookworm)" + ;; + + *) + OS="n/a" + ;; +esac + +case "${STATUS}" in + started) + IP="$(cnt run -n ${NAME} -- hostname -I)" + ;; + + *) + if ls "${MACHINES}/${NAME}/etc/systemd/network"/*.network > /dev/null 2>&1 + then + IP="$(awk -FAddress= '/^Address/ { printf "%s ", $2 }' ${MACHINES}/${NAME}/etc/systemd/network/*.network)" + elif [ -e "${MACHINES}/${NAME}/etc/network/interfaces" ] + then + IP="$(awk '/address/ { printf "%s ", $2 }' ${MACHINES}/${NAME}/etc/network/interfaces)" + fi + + IP="${IP:-n/a}" + ;; +esac + +for ACTION in ${ACTIONS} +do + case "${ACTION}" in + status) + echo "${STATUS}" + ;; + + os) + echo "${OS}" + ;; + + ip) + echo "${IP}" + ;; + esac +done + +# Post hooks +for FILE in "${HOOKS}/post-${COMMAND}".* "${HOOKS}/${NAME}.post-${COMMAND}" +do + if [ -x "${FILE}" ] + then + "${FILE}" + fi +done diff --git a/libexec/container/key b/libexec/container/key index 5f76fb2..efd214e 100755 --- a/libexec/container/key +++ b/libexec/container/key @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -76,7 +76,10 @@ Parameters () Usage () { - echo "Usage: ${PROGRAM} ${COMMAND} [-a|--add KEY] [-l|--list] [-r|--remove KEY]" >&2 + echo "Usage: ${PROGRAM} ${COMMAND} [-a|--add KEY_FILE|KEY_ID] [-l|--list] [-r|--remove KEY|KEY_ID]" >&2 + echo + echo "See ${COMMAND}(1), ${PROGRAM}(1) and ${PROJECT}(7) for more information." + exit 1 } @@ -87,6 +90,15 @@ then Usage fi +if [ ! -w "${KEYS}" ] +then + if [ "$(id -u)" -ne 0 ] + then + echo "'${COMMAND}': need root privileges (or write permissions to '${KEYS}')" >&2 + exit 1 + fi +fi + # Pre hooks for FILE in "${HOOKS}/pre-${COMMAND}".* "${HOOKS}/${NAME}.pre-${COMMAND}" do @@ -105,7 +117,7 @@ then chmod 0700 "${KEYS}" cat > "${KEYS}/gnupg.conf" << EOF -keyserver hkps://hkps.pool.sks-keyservers.net +keyserver hkps://keys.openpgp.org keyserver-options include-revoked keyserver-options no-honor-keyserver-url @@ -131,7 +143,18 @@ fi case "${ACTION}" in add) - gpg --homedir "${KEYS}" --import "${ADD}" + if [ -e "${ADD}" ] + then + gpg --homedir "${KEYS}" --import "${ADD}" + elif [ -e "/usr/share/${SOFTWARE}/keys/${ADD}" ] + then + gpg --homedir "${KEYS}" --import "/usr/share/${SOFTWARE}/keys/${ADD}" + elif [ -e "/usr/share/${SOFTWARE}/keys/${ADD}.pub" ] + then + gpg --homedir "${KEYS}" --import "/usr/share/${SOFTWARE}/keys/${ADD}.pub" + else + gpg --homedir "${KEYS}" --recv "${ADD}" + fi ;; list) diff --git a/libexec/container/limit b/libexec/container/limit index 6323a42..b7f6e9b 100755 --- a/libexec/container/limit +++ b/libexec/container/limit @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -106,6 +106,9 @@ Parameters () Usage () { echo "Usage: ${PROGRAM} ${COMMAND} -n|--name NAME [--blockio-device-weight \"DEVICE WEIGHT\"] [--blockio-read-bandwidth \"DEVICE BYTES\"] [-b|--blockio-weight WEIGHT] [--blockio-write-bandwidth \"DEVICE BYTES\"] [-c|--cpu-quota QUOTA] [--cpu-shares SHARES] [-m|--memory-limit BYTES] [-t|--tasks-max NUMBER]" >&2 + echo + echo "See ${COMMAND}(1), ${PROGRAM}(1) and ${PROJECT}(7) for more information." + exit 1 } diff --git a/libexec/container/list b/libexec/container/list index 30446c0..e211b7c 100755 --- a/libexec/container/list +++ b/libexec/container/list @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -109,6 +109,9 @@ Parameters () Usage () { echo "Usage: ${PROGRAM} ${COMMAND} [-a|--all] [--csv-separator SEPARATOR] [--format FORMAT] [-h|--host HOSTNAME] [--nwdiag-color COLOR] [--nwdiag-label LABEL] [-o|--other] [-s|--started] [-t|--stopped]" >&2 + echo + echo "See ${COMMAND}(1), ${PROGRAM}(1) and ${PROJECT}(7) for more information." + exit 1 } @@ -324,7 +327,7 @@ esac if ls "${MACHINES}"/* > /dev/null 2>&1 then - CONTAINERS="$(cd "${MACHINES}" 2>/dev/null && find -maxdepth 1 \( -type d -or -type l \) -and -not -name 'lost+found' -printf '%P\n' | sort)" + CONTAINERS="$(cd "${MACHINES}" 2>/dev/null && find -maxdepth 1 \( -type d -or -type l \) -and -not -name 'lost+found' -printf '%P\n' | sort -V)" fi for CONTAINER in ${CONTAINERS} @@ -366,15 +369,33 @@ do ADDRESS="" - if ls "${MACHINES}/${CONTAINER}/etc/systemd/network"/*.network > /dev/null 2>&1 - then - ADDRESS="$(awk -FAddress= '/^Address/ { print $2 }' ${MACHINES}/${CONTAINER}/etc/systemd/network/*.network | head -n1)" - elif [ -e "${MACHINES}/${CONTAINER}/etc/network/interfaces" ] - then - ADDRESS="$(awk '/address/ { print $2 }' ${MACHINES}/${CONTAINER}/etc/network/interfaces | head -n1)" - fi + case "${STATE}" in + started) + case "${FORMAT}" in + shell|sh) + ;; + + *) + LEADER="$(machinectl status ${CONTAINER} | awk '/Leader: / { print $2 }')" + ADDRESS="$(nsenter --all --target "${LEADER}" /bin/hostname -I)" + ;; + esac + + ADDRESS="${ADDRESS:-none}" + ;; - ADDRESS="${ADDRESS:-n/a}" + *) + if ls "${MACHINES}/${CONTAINER}/etc/systemd/network"/*.network > /dev/null 2>&1 + then + ADDRESS="$(for IP in $(awk -FAddress= '/^Address/ { print $2 }' ${MACHINES}/${CONTAINER}/etc/systemd/network/*.network); do echo -n "${IP} "; done)" + elif [ -e "${MACHINES}/${CONTAINER}/etc/network/interfaces" ] + then + ADDRESS="$(for IP in $(awk '/address/ { print $2 }' ${MACHINES}/${CONTAINER}/etc/network/interfaces); do echo -n "${IP} "; done)" + fi + + ADDRESS="${ADDRESS:-n/a}" + ;; + esac if echo ${LIST} | grep -qs all then diff --git a/libexec/container/log b/libexec/container/log index e514391..b7a000d 100755 --- a/libexec/container/log +++ b/libexec/container/log @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -76,6 +76,9 @@ Parameters () Usage () { echo "Usage: ${PROGRAM} ${COMMAND} [-n|--name NAME] [-d|--date DATE|today|today-N|yesterday] [-u|--user USER]" >&2 + echo + echo "See ${COMMAND}(1), ${PROGRAM}(1) and ${PROJECT}(7) for more information." + exit 1 } diff --git a/libexec/container/move b/libexec/container/move index a76cde1..fdc19e6 100755 --- a/libexec/container/move +++ b/libexec/container/move @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -77,6 +77,9 @@ Parameters () Usage () { echo "Usage: ${PROGRAM} ${COMMAND} [-f|--force] -n|--new NAME -o|--old NAME" >&2 + echo + echo "See ${COMMAND}(1), ${PROGRAM}(1) and ${PROJECT}(7) for more information." + exit 1 } diff --git a/libexec/container/rebuild b/libexec/container/rebuild new file mode 100755 index 0000000..e526520 --- /dev/null +++ b/libexec/container/rebuild @@ -0,0 +1,152 @@ +#!/bin/sh + +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + +set -e + +PROJECT="open-infrastructure" +SOFTWARE="compute-tools" +PROGRAM="container" +COMMAND="$(basename ${0})" + +HOOKS="/etc/${SOFTWARE}/hooks" +MACHINES="/var/lib/machines" + +Parameters () +{ + OPTIONS_ALL="" + + GETOPT_LONGOPTIONS="name:,force,verbose," + GETOPT_OPTIONS="n:,f,v," + + PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${COMMAND} --options ${GETOPT_OPTIONS} --shell sh -- ${@})" + + if [ "${?}" != "0" ] + then + echo "'${COMMAND}': getopt exit" >&2 + exit 1 + fi + + eval set -- "${PARAMETERS}" + + while true + do + case "${1}" in + -n|--name) + NAME="${2}" + shift 2 + ;; + + -f|--force) + FORCE="true" + shift 1 + + OPTIONS_ALL="${OPTIONS_ALL} --force" + ;; + + -v|--verbose) + VERBOSE="true" + shift 1 + + OPTIONS_ALL="${OPTIONS_ALL} --verbose" + ;; + + --) + shift 1 + break + ;; + + *) + echo "'${COMMAND}': getopt error" >&2 + exit 1 + ;; + esac + done +} + +Usage () +{ + echo "Usage: ${PROGRAM} ${COMMAND} -n|--name NAME [-f|--force] [-v|--verbose]" >&2 + echo + echo "See ${COMMAND}(1), ${PROGRAM}(1) and ${PROJECT}(7) for more information." + + exit 1 +} + +Parameters "${@}" + +if [ -z "${NAME}" ] +then + Usage +fi + +case "${NAME}" in + ALL) + NAMES="$(${PROGRAM} list --format shell --started)" + + for NAME in ${NAMES} + do + ${PROGRAM} rebuild,start --name ${NAME} ${OPTIONS_ALL} || true + done + + exit 0 + ;; +esac + +if [ ! -e "${MACHINES}/${NAME}" ] +then + echo "'${NAME}': no such container" >&2 + exit 1 +fi + +# Pre hooks +for FILE in "${HOOKS}/pre-${COMMAND}".* "${HOOKS}/${NAME}.pre-${COMMAND}" +do + if [ -x "${FILE}" ] + then + "${FILE}" + fi +done + +# Run +case "${VERBOSE}" in + true) + echo -n "Rebuilding container ${NAME}..." + ;; +esac + +${PROGRAM} stop ${OPTIONS_ALL} --name ${NAME} || true +sleep 0.5 +${PROGRAM} remove ${OPTIONS_ALL} --name ${NAME} || true +sleep 0.5 +${PROGRAM} build --name ${NAME} || true + +case "${VERBOSE}" in + true) + echo " done." + ;; +esac + +# Post hooks +for FILE in "${HOOKS}/post-${COMMAND}".* "${HOOKS}/${NAME}.post-${COMMAND}" +do + if [ -x "${FILE}" ] + then + "${FILE}" + fi +done diff --git a/libexec/container/remove b/libexec/container/remove index 3205c32..4cb5d48 100755 --- a/libexec/container/remove +++ b/libexec/container/remove @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -90,6 +90,9 @@ Parameters () Usage () { echo "Usage: ${PROGRAM} ${COMMAND} -n|--name NAME [--allow-stop] [-f|--force] [-v|--verbose]" >&2 + echo + echo "See ${COMMAND}(1), ${PROGRAM}(1) and ${PROJECT}(7) for more information." + exit 1 } @@ -147,7 +150,7 @@ case "${STATE}" in case "${ALLOW_STOP}" in true) echo "'${NAME}': container is started, stopping it now" >&2 - ${PROGRAM} stop -n ${NAME} + ${PROGRAM} stop -n ${NAME} -f ;; *) diff --git a/libexec/container/restart b/libexec/container/restart index 922629d..0eb753c 100755 --- a/libexec/container/restart +++ b/libexec/container/restart @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -31,8 +31,8 @@ Parameters () { OPTIONS_ALL="" - GETOPT_LONGOPTIONS="name:,verbose," - GETOPT_OPTIONS="n:,v," + GETOPT_LONGOPTIONS="name:,force,interactive,verbose," + GETOPT_OPTIONS="n:,f,i,v," PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${COMMAND} --options ${GETOPT_OPTIONS} --shell sh -- ${@})" @@ -52,6 +52,20 @@ Parameters () shift 2 ;; + -f|--force) + FORCE="true" + shift 1 + + OPTIONS_ALL="${OPTIONS_ALL} --force" + ;; + + -i|--interactive) + INTERACTIVE="true" + shift 1 + + OPTIONS_ALL="${OPTIONS_ALL} --interactive" + ;; + -v|--verbose) VERBOSE="true" shift 1 @@ -74,7 +88,10 @@ Parameters () Usage () { - echo "Usage: ${PROGRAM} ${COMMAND} -n|--name NAME [-v|--verbose]" >&2 + echo "Usage: ${PROGRAM} ${COMMAND} -n|--name NAME [-f|--force] [-i|--interactive] [-v|--verbose]" >&2 + echo + echo "See ${COMMAND}(1), ${PROGRAM}(1) and ${PROJECT}(7) for more information." + exit 1 } @@ -104,6 +121,23 @@ then exit 1 fi +if [ "${FORCE}" != "true" ] || [ "${INTERACTIVE}" = "true" ] +then + echo -n "'${NAME}': restart container '${NAME}' [y|N]? " + read STOP + + STOP="$(echo ${STOP} | tr '[A-Z]' '[a-z]')" + + case "${STOP}" in + y|yes) + ;; + + *) + exit 1 + ;; + esac +fi + # Pre hooks for FILE in "${HOOKS}/pre-${COMMAND}".* "${HOOKS}/${NAME}.pre-${COMMAND}" do diff --git a/libexec/container/run b/libexec/container/run index bf8d0a7..4daeaa2 100755 --- a/libexec/container/run +++ b/libexec/container/run @@ -66,6 +66,9 @@ Parameters () Usage () { echo "Usage: ${PROGRAM} ${COMMAND} -n|--name NAME -- COMMAND" >&2 + echo + echo "See ${COMMAND}(1), ${PROGRAM}(1) and ${PROJECT}(7) for more information." + exit 1 } diff --git a/libexec/container/start b/libexec/container/start index 089aa7d..1f22325 100755 --- a/libexec/container/start +++ b/libexec/container/start @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -99,6 +99,9 @@ Parameters () Usage () { echo "Usage: ${PROGRAM} ${COMMAND} -n|--name NAME [-f|--force]" >&2 + echo + echo "See ${COMMAND}(1), ${PROGRAM}(1) and ${PROJECT}(7) for more information." + exit 1 } @@ -131,6 +134,12 @@ then exit 1 fi +# options +if grep -Eqs "^ *cnt.start=" "${CONFIG}/${NAME}.conf" | grep -qs force +then + FORCE="true" +fi + case "${START}" in false) STATE="$(machinectl show ${NAME} 2>&1 | awk -FState= '/^State=/ { print $2 }')" @@ -182,6 +191,13 @@ case "${HOST_ARCHITECTURE}" in ;; esac +if systemctl status systemd-networkd > /dev/null 2>&1 +then + NETWORK_SUBSYSTEM="systemd-networkd" +else + NETWORK_SUBSYSTEM="ifupdown" +fi + case "${START}" in start) ;; @@ -353,7 +369,7 @@ then NETWORK_VETH_EXTRA="${NETWORK_VETH_EXTRA} --network-veth-extra=${VETH}" INTERFACE="$(echo ${VETH} | awk -F: '{ print $1 }')" - if [ "$(echo ${INTERFACE} | wc -c)" -gt 15 ] + if [ "$(echo ${INTERFACE} | wc -c)" -gt 16 ] then echo "'${INTERFACE}': name exceeds maximum of 15 characters, network might be not working." fi @@ -373,7 +389,7 @@ then INTERFACE="$(echo ${BRIDGE_DEFINITION} | awk -F: '{ print $1 }')" BRIDGE="$(echo ${BRIDGE_DEFINITION} | awk -F: '{ print $2 }')" - if [ "$(echo ${INTERFACE} | wc -c)" -gt 15 ] + if [ "$(echo ${INTERFACE} | wc -c)" -gt 16 ] then echo "'${INTERFACE}': name exceeds maximum of 15 characters, network might be not working." fi @@ -381,6 +397,9 @@ then if [ -n "${BRIDGE}" ] && [ -n "${INTERFACE}" ] then + case "${NETWORK_SUBSYSTEM}" in + ifupdown) + cat > "/etc/network/interfaces.d/${INTERFACE}" << EOF allow-hotplug ${INTERFACE} iface ${INTERFACE} inet manual @@ -390,6 +409,22 @@ iface ${INTERFACE} inet manual post-down ip link set ${INTERFACE} down EOF + ;; + + systemd-networkd) + mkdir -p /run/systemd/network + +cat > "/run/systemd/network/${INTERFACE}.network" << EOF +[Match] +Name=${INTERFACE} + +[Network] +Bridge=${BRIDGE} +EOF + + networkctl reload + ;; + esac else echo "Warning bridge definition '${BRIDGE_DEFINITION}' not recognized (expected <bridge>:<interface>): Ignoring" fi @@ -521,6 +556,9 @@ case "${START}" in ;; esac + mkdir -p "/var/lib/${SOFTWARE}/state" + echo "start" > "/var/lib/${SOFTWARE}/state/${NAME}.run" + ${SETARCH} systemd-nspawn --keep-unit ${BIND} ${BIND_RO} ${BOOT} ${CAPABILITY} ${DIRECTORY} ${DROP_CAPABILITY} ${MACHINE} ${NETWORK_VETH_EXTRA} ${LINK_JOURNAL} ${REGISTER} case "${VERBOSE}" in diff --git a/libexec/container/status b/libexec/container/status index 9c3a076..5b930a7 100755 --- a/libexec/container/status +++ b/libexec/container/status @@ -67,6 +67,9 @@ Parameters () Usage () { echo "Usage: ${PROGRAM} ${COMMAND} -n|--name NAME" >&2 + echo + echo "See ${COMMAND}(1), ${PROGRAM}(1) and ${PROJECT}(7) for more information." + exit 1 } diff --git a/libexec/container/stop b/libexec/container/stop index 58fc0e9..8ca98ce 100755 --- a/libexec/container/stop +++ b/libexec/container/stop @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -34,8 +34,8 @@ Parameters () { OPTIONS_ALL="" - GETOPT_LONGOPTIONS="name:,force,clean,verbose," - GETOPT_OPTIONS="n:,f,v," + GETOPT_LONGOPTIONS="name:,force,interactive,kill,clean,stateless,verbose," + GETOPT_OPTIONS="n:,f,i,k,v," PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${COMMAND} --options ${GETOPT_OPTIONS} --shell sh -- ${@})" @@ -62,6 +62,20 @@ Parameters () OPTIONS_ALL="${OPTIONS_ALL} --force" ;; + -i|--interactive) + INTERACTIVE="true" + shift 1 + + OPTIONS_ALL="${OPTIONS_ALL} --interactive" + ;; + + -k|--kill) + KILL="true" + shift 1 + + OPTIONS_ALL="${OPTIONS_ALL} --kill" + ;; + --clean) # internal option CLEAN="true" @@ -70,6 +84,14 @@ Parameters () OPTONS_ALL="${OPTIONS_ALL} --clean" ;; + --stateless) + # internal option + STATELESS="true" + shift 1 + + OPTIONS_ALL="${OPTIONS_ALL} --stateless" + ;; + -v|--verbose) VERBOSE="true" shift 1 @@ -92,7 +114,10 @@ Parameters () Usage () { - echo "Usage: ${PROGRAM} ${COMMAND} -n|--name NAME [-f|--force] [-v|--verbose]" >&2 + echo "Usage: ${PROGRAM} ${COMMAND} -n|--name NAME [-f|--force] [-i|--interactive] [-v|--verbose]" >&2 + echo + echo "See ${COMMAND}(1), ${PROGRAM}(1) and ${PROJECT}(7) for more information." + exit 1 } @@ -143,6 +168,13 @@ then exit 1 fi +if systemctl status systemd-networkd > /dev/null 2>&1 +then + NETWORK_SUBSYSTEM="systemd-networkd" +else + NETWORK_SUBSYSTEM="ifupdown" +fi + # Pre hooks for FILE in "${HOOKS}/pre-${COMMAND}".* "${HOOKS}/${NAME}.pre-${COMMAND}" do @@ -217,7 +249,16 @@ case "${CLEAN}" in for VETH in ${VETHS} do INTERFACE="$(echo ${VETH} | awk -F: '{ print $1 }')" - FILE="/etc/network/interfaces.d/${INTERFACE}" + + case "${NETWORK_SUBSYSTEM}" in + ifupdown) + FILE="/etc/network/interfaces.d/${INTERFACE}" + ;; + + systemd-networkd) + FILE="/run/systemd/network/${INTERFACE}.network" + ;; + esac if [ -f "${FILE}" ] then @@ -244,7 +285,7 @@ case "${STATE}" in ;; esac -case "${FORCE}" in +case "${KILL}" in true) MODE="terminate" ;; @@ -254,6 +295,23 @@ case "${FORCE}" in ;; esac +if [ "${FORCE}" != "true" ] || [ "${INTERACTIVE}" = "true" ] +then + echo -n "'${NAME}': stop container '${NAME}' [y|N]? " + read STOP + + STOP="$(echo ${STOP} | tr '[A-Z]' '[a-z]')" + + case "${STOP}" in + y|yes) + ;; + + *) + exit 1 + ;; + esac +fi + # Run case "${VERBOSE}" in true) @@ -263,7 +321,7 @@ esac machinectl ${MODE} ${NAME} -case "${FORCE}" in +case "${KILL}" in true) VETHS="$(awk -Fnetwork-veth-extra= '/^network-veth-extra=/ { print $2 }' ${CONFIG}/${NAME}.conf | awk -F: '{ print $1 }')" @@ -271,6 +329,18 @@ case "${FORCE}" in do ip link delete ${VETH} > /dev/null 2>&1 || true done + + rm -f "${MACHINES}/.#${NAME}.lck" + ;; +esac + +case "${STATELESS}" in + true) + ;; + + *) + mkdir -p "/var/lib/${SOFTWARE}/state" + echo "stop" > "/var/lib/${SOFTWARE}/state/${NAME}.run" ;; esac diff --git a/libexec/container/top b/libexec/container/top index c846000..268da9a 100755 --- a/libexec/container/top +++ b/libexec/container/top @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -63,6 +63,9 @@ Parameters () Usage () { echo "Usage: ${PROGRAM} ${COMMAND} [-d|--delay DELAY]" >&2 + echo + echo "See ${COMMAND}(1), ${PROGRAM}(1) and ${PROJECT}(7) for more information." + exit 1 } diff --git a/libexec/container/update b/libexec/container/update new file mode 100755 index 0000000..e2d9c80 --- /dev/null +++ b/libexec/container/update @@ -0,0 +1,270 @@ +#!/bin/sh + +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + +set -e + +PROJECT="open-infrastructure" +SOFTWARE="compute-tools" +PROGRAM="container" +COMMAND="$(basename ${0})" + +HOOKS="/etc/${SOFTWARE}/hooks" + +Parameters () +{ + GETOPT_LONGOPTIONS="name:,full-upgrade,interactive,autoremove,purge,yes," + GETOPT_OPTIONS="n:,f,i,r,p,y," + + PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${COMMAND} --options ${GETOPT_OPTIONS} --shell sh -- ${@})" + + if [ "${?}" != "0" ] + then + echo "'${COMMAND}': getopt exit" >&2 + exit 1 + fi + + eval set -- "${PARAMETERS}" + + while true + do + case "${1}" in + -n|--name) + NAME="${2}" + shift 2 + ;; + + -f|--full-upgrade) + FULL_UPGRADE="true" + shift 1 + ;; + + -i|--interactive) + INTERACTIVE="true" + shift 1 + ;; + + -r|--autoremove) + AUTOREMOVE="true" + shift 1 + ;; + + -p|--purge) + PURGE="--purge" + shift 1 + ;; + + -y|--yes) + YES="-y" + shift 1 + ;; + + --) + shift 1 + break + ;; + + *) + echo "'${COMMAND}': getopt error" >&2 + exit 1 + ;; + esac + done +} + +Usage () +{ + echo "Usage: ${PROGRAM} ${COMMAND} -n|--name NAME [-f|--full-upgrade] [-i|--interactive] [-r|--autoremove] [-p|--purge] [-y|--yes]" >&2 + echo + echo "See ${COMMAND}(1), ${PROGRAM}(1) and ${PROJECT}(7) for more information." + + exit 1 +} + +Parameters "${@}" + +if [ -z "${NAME}" ] +then + Usage +fi + +Notification () +{ + TYPE="${1}" + NUMBER="${2}" + PACKAGES="${3}" + + if [ -z "${PACKAGES}" ] + then + return + fi + + CONTAINER_USER="${SUDO_USER:-${USER}}" + + DATE="$(date +%Y-%m-%d\ %H:%M:%S)" + HOST="$(hostname -f 2> /dev/null || hostname)" + + # logfile + echo "${DATE} ${HOST} ${CONTAINER_USER} ${NAME} ${NUMBER} ${TYPE}: ${PACKAGES}" >> "/var/log/${SOFTWARE}/${PROGRAM}.log" + + # irc + if [ -e /usr/bin/irk ] + then + for FILE in "/etc/${SOFTWARE}/${PROGRAM}.conf" "/etc/${SOFTWARE}/${PROGRAM}.conf.d"/*.conf + do + if [ -e "${FILE}" ] + then + . "${FILE}" + fi + done + + if [ -n "${IRK_TARGETS}" ] + then + for TARGET in ${IRK_TARGETS} + do + irk "${TARGET}" "\x0300${CONTAINER_USER}\x03@\x0312${HOST}:\x03 \x0303${NAME}\x03 \x0307${NUMBER} ${TYPE}\x03: ${PACKAGES}" + done + fi + fi +} + +case "${NAME}" in + ALL) + NAMES="$(container list --started --format shell)" + ;; + + *) + NAMES="${NAME}" + ;; +esac + +# Pre hooks +for FILE in "${HOOKS}/pre-${COMMAND}".* "${HOOKS}/${NAME}.pre-${COMMAND}" +do + if [ -x "${FILE}" ] + then + "${FILE}" + fi +done + +if [ $(echo ${NAMES} | wc -w) -gt 1 ] +then + NAME_LOOP="true" +else + NAME_LOOP="false" +fi + +# Run +for NAME in ${NAMES} +do + case "${INTERACTIVE}" in + true) + case "${NAME_LOOP}" in + true) + echo + ;; + esac + + echo -n "'${NAME}': update container '${NAME}' [y|N|a]? " + read UPDATE + + UPDATE="$(echo ${UPDATE} | tr '[A-Z]' '[a-z]')" + + case "${UPDATE}" in + a|all) + INTERACTIVE="false" + ;; + + y|yes) + ;; + + *) + case "${NAME_LOOP}" in + true) + continue + ;; + + *) + exit 1 + ;; + esac + ;; + esac + ;; + esac + + echo "################################################################################" + echo "Updating ${NAME}" + echo "################################################################################" + + container run -n ${NAME} -- "apt update" + + UPDATE_NUMBER="$(container run -n ${NAME} -- "apt \-\-simulate full-upgrade" | awk '/^[0-9]* upgraded, / { print $1 }')" + + case "${UPDATE_NUMBER}" in + 0) + ;; + + *) + # usefull use of grep to de-colorize apt output + UPDATE_PACKAGES="$(for PACKAGE in $(container run -n ${NAME} -- "apt list \-\-upgradable 2>/dev/null | grep '\/'" | awk -F/ '{ print $1 }'); do echo -n "${PACKAGE} "; done | sed -e 's| $||'; echo)" + + case "${FULL_UPGRADE}" in + true) + container run -n ${NAME} -- "DEBCONF_FRONTEND='noninteractive' DEBCONF_PRIORITY='critical' DEBCONF_NONINTERACTIVE_SEEN='true' DEBCONF_NOWARNINGS='true' apt \-o Dpkg::Options::=\-\-force-confold -f ${YES} full-upgrade" + ;; + + *) + container run -n ${NAME} -- "DEBCONF_FRONTEND='noninteractive' DEBCONF_PRIORITY='critical' DEBCONF_NONINTERACTIVE_SEEN='true' DEBCONF_NOWARNINGS='true' apt \-o Dpkg::Options::=\-\-force-confold -f ${YES} upgrade" + ;; + esac + + Notification "update(s)" "${UPDATE_NUMBER}" "${UPDATE_PACKAGES}" + ;; + esac + + case "${AUTOREMOVE}" in + true) + REMOVE_NUMBER="$(container run -n ${NAME} -- "apt \-\-simulate autoremove" | awk '/^[0-9]* upgraded, / { print $6 }')" + + case "${REMOVE_NUMBER}" in + 0) + ;; + + *) + REMOVE_PACKAGES="$(for LINE in $(container run -n ${NAME} -- "apt \-\-simulate autoremove" | grep '^ '); do echo ${LINE}; done | sed -e 's|^ ||' -e 's|
$||'; echo)" + + container run -n ${NAME} -- "apt ${YES} autoremove ${PURGE}" + + Notification "removal(s)" "${REMOVE_NUMBER}" "$(echo ${REMOVE_PACKAGES})" + ;; + esac + ;; + esac + + echo "'${NAME}': container updated." +done + +# Post hooks +for FILE in "${HOOKS}/post-${COMMAND}".* "${HOOKS}/${NAME}.post-${COMMAND}" +do + if [ -x "${FILE}" ] + then + "${FILE}" + fi +done diff --git a/libexec/container/version b/libexec/container/version index 3b33a4d..e567f8f 100755 --- a/libexec/container/version +++ b/libexec/container/version @@ -1,6 +1,8 @@ -#!/bin/sh +#!/usr/bin/python3 -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Open Infrastructure: compute-tools + +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -17,33 +19,38 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <https://www.gnu.org/licenses/>. -set -e - -PROJECT="open-infrastructure" -SOFTWARE="compute-tools" -PROGRAM="container" -COMMAND="$(basename ${0})" - -HOOKS="/etc/${SOFTWARE}/hooks" -SHARE="/usr/share/${SOFTWARE}" - -# Pre hooks -for FILE in "${HOOKS}/pre-${COMMAND}".* "${HOOKS}/${NAME}.pre-${COMMAND}" -do - if [ -x "${FILE}" ] - then - "${FILE}" - fi -done - -# Run -cat "${SHARE}/VERSION.txt" - -# Post hooks -for FILE in "${HOOKS}/post-${COMMAND}".* "${HOOKS}/${NAME}.post-${COMMAND}" -do - if [ -x "${FILE}" ] - then - "${FILE}" - fi -done +from os import access, X_OK +from pathlib import Path +from subprocess import run +from sys import exit, stderr, stdout + +import compute_tools.container as container + +def main(): + # pre hooks + pre_hooks = Path('/etc/compute-tools/hooks').glob('pre-version.*') + + if pre_hooks: + # hooks exist + for hook in pre_hooks: + if access(hook, X_OK): + # hook is executable + run(str(hook), shell=True, stderr=stderr, stdout=stdout) + + # run + container.print_version() + + # post hooks + post_hooks = Path('/etc/compute-tools/hooks').glob('post-version.*') + + if post_hooks: + # hooks exist + for hook in post_hooks: + if access(hook, X_OK): + # hook is executable + run(str(hook), shell=True, stderr=stderr, stdout=stdout) + + exit(0) + +if __name__ == '__main__': + main() diff --git a/python3/compute_tools/__init__.py b/python3/compute_tools/__init__.py new file mode 100644 index 0000000..563db06 --- /dev/null +++ b/python3/compute_tools/__init__.py @@ -0,0 +1,20 @@ +# Open Infrastructure: compute-tools + +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + +from .container import * diff --git a/python3/compute_tools/container/__init__.py b/python3/compute_tools/container/__init__.py new file mode 100644 index 0000000..ca5248b --- /dev/null +++ b/python3/compute_tools/container/__init__.py @@ -0,0 +1,20 @@ +# Open Infrastructure: compute-tools + +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + +from .version import * diff --git a/python3/compute_tools/container/version/__init__.py b/python3/compute_tools/container/version/__init__.py new file mode 100644 index 0000000..2250170 --- /dev/null +++ b/python3/compute_tools/container/version/__init__.py @@ -0,0 +1,21 @@ +# Open Infrastructure: compute-tools + +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + +from .functions import * +from .variables import * diff --git a/python3/compute_tools/container/version/functions.py b/python3/compute_tools/container/version/functions.py new file mode 100644 index 0000000..b31f974 --- /dev/null +++ b/python3/compute_tools/container/version/functions.py @@ -0,0 +1,28 @@ +# Open Infrastructure: compute-tools + +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + +from .variables import * + +def print_version(): + print('Open Infrastructure: compute-tools' + ' ' + version) + print('Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net>') + print('') + print('License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>') + print('This is free software: you are free to change and redistribute it.') + print('There is NO WARRANTY, to the extent permitted by law.') diff --git a/python3/compute_tools/container/version/variables.py b/python3/compute_tools/container/version/variables.py new file mode 100644 index 0000000..ea86d6b --- /dev/null +++ b/python3/compute_tools/container/version/variables.py @@ -0,0 +1,21 @@ +# Open Infrastructure: compute-tools + +# Copyright (C) 2014-2023 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + +with open('/usr/share/compute-tools/VERSION.txt', 'r') as f: + version = f.readline().strip() diff --git a/share/bash-completion/container b/share/bash-completion/container index 540f162..5b57193 100644 --- a/share/bash-completion/container +++ b/share/bash-completion/container @@ -1,6 +1,6 @@ -# bash-completion -# -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Open Infrastructure: compute-tools + +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -43,6 +43,28 @@ _container() return 0 ;; + build|b) + case "${prev}" in + -n|--name) + opts="$(cd /etc/compute-tools/debconf 2>/dev/null && ls *.cfg */*.cfg 2>/dev/null | sed -e 's|.*/||g' -e 's|.cfg$||g')" + COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) + return 0 + ;; + + -s|--script) + opts="$(cd /usr/share/compute-tools/build-scripts && find -maxdepth 1 -not -type d -and -not -name 'default' -and -not -name 'debconf' -and -not -name '*.d' -printf '%P\n' | sort)" + COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) + return 0 + ;; + + *) + opts="-n --name -c --capability -d --drop-capability -s --script -v --verbose -b --bind --bind-ro" + COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) + return 0 + ;; + esac + ;; + console) case "${prev}" in -n|--name) @@ -59,7 +81,23 @@ _container() esac ;; - create|cr) + enter|run) + case "${prev}" in + -n|--name) + opts="$(container list -s -f shell)" + COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) + return 0 + ;; + + *) + opts="-n --name" + COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) + return 0 + ;; + esac + ;; + + get|g) case "${prev}" in -n|--name) opts="$(cd /etc/compute-tools/debconf 2>/dev/null && ls *.cfg */*.cfg 2>/dev/null | sed -e 's|.*/||g' -e 's|.cfg$||g')" @@ -68,7 +106,7 @@ _container() ;; -s|--script) - opts="$(cd /usr/share/compute-tools/scripts && find -maxdepth 1 -not -type d -and -not -name 'default' -and -not -name 'debconf' -and -not -name '*.d' -printf '%P\n' | sort)" + opts="$(cd /usr/share/compute-tools/get-scripts && find -maxdepth 1 -not -type d -and -not -name 'default' -and -not -name 'debconf' -and -not -name '*.d' -printf '%P\n' | sort)" COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) return 0 ;; @@ -81,16 +119,16 @@ _container() esac ;; - enter) + info) case "${prev}" in -n|--name) - opts="$(container list -s -f shell)" + opts="$(container list -t -f shell)" COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) return 0 ;; *) - opts="-n --name" + opts="--status --os --ip" COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) return 0 ;; @@ -98,9 +136,25 @@ _container() ;; key) - opts="-a --add -l --list -r --remove" - COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) - return 0 + case "${prev}" in + -a|--add) + opts="$(cd /usr/share/compute-tools/keys 2>/dev/null && ls *.pub 2>/dev/null | sed -e 's|.*/||g' -e 's|.pub$||g')" + COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) + return 0 + ;; + + -r|--remove) + opts="$(gpg --homedir /etc/compute-tools/keys --list-keys | grep ^uid | sed -e 's|.*<||' -e 's|>||')" + COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) + return 0 + ;; + + *) + opts="-a --add -r --remove -l --list" + COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) + return 0 + ;; + esac ;; limit) @@ -203,14 +257,30 @@ _container() ;; *) - opts="-n --name -f --force" + opts="-n --name -f --force -i --interactive -k --kill" + COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) + return 0 + ;; + esac + ;; + + rebuild|rb) + case "${prev}" in + -n|--name) + opts="$(container list -f shell)" + COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) + return 0 + ;; + + *) + opts="-n --name -f --force -v --verbose" COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) return 0 ;; esac ;; - restart|rt) + restart|rs) case "${prev}" in -n|--name) opts="$(container list -s -f shell)" @@ -245,7 +315,7 @@ _container() status|st) case "${prev}" in -n|--name) - opts="$(container list -t -f shell)" + opts="$(container list -f shell)" COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) return 0 ;; @@ -280,6 +350,22 @@ _container() return 0 ;; + update|u) + case "${prev}" in + -n|--name) + opts="$(container list -s -f shell)" + COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) + return 0 + ;; + + *) + opts="-n --name -f --full-upgrade -r --autoremove -p --purge --y --yes" + COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) + return 0 + ;; + esac + ;; + version|ver) return 0 ;; diff --git a/share/scripts/debconf b/share/build-scripts/debconf index 1994926..d6739ad 100755 --- a/share/scripts/debconf +++ b/share/build-scripts/debconf @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -22,14 +22,16 @@ set -e PROJECT="open-infrastructure" SOFTWARE="compute-tools" PROGRAM="container" +VERSION="$(container version)" +SCRIPT="${0}" +export SCRIPT + +CACHE="/var/cache/${PROGRAM}/build-$(basename ${SCRIPT})" CONFIG="/etc/${SOFTWARE}/config" HOOKS="/etc/${SOFTWARE}/hooks" MACHINES="/var/lib/machines" -SCRIPT="${0}" -export SCRIPT - Parameters () { GETOPT_LONGOPTIONS="bind:,bind-ro:,script:,name:,preseed-file:" @@ -98,7 +100,7 @@ Parameters () Usage () { - echo "Usage: container create -n|--name NAME -s|--script ${SCRIPT} -- [-p|--preseed-file FILE]" >&2 + echo "Usage: container build -n|--name NAME -s|--script ${SCRIPT} -- [-p|--preseed-file FILE]" >&2 exit 1 } @@ -115,18 +117,14 @@ then exit 1 fi -if [ ! -x /usr/sbin/debootstrap ] -then - echo "'${NAME}': /usr/sbin/debootstrap - no such file." >&2 - exit 1 -fi - if [ "$(id -u)" -ne 0 ] then echo "'${NAME}': need root privileges" >&2 exit 1 fi +HOST="$(echo ${NAME} | cut -d. -f1)" + Mount () { # Mounting rw bind mounts @@ -367,7 +365,7 @@ EOF export DEBCONF_SYSTEMRC } -Debootstrap () +Bootstrap () { DIRECTORY="${1}" @@ -390,8 +388,101 @@ Debootstrap () esac mkdir -p "$(dirname ${DIRECTORY})" - debootstrap --verbose --arch=${ARCHITECTURE} --components=${PARENT_ARCHIVE_AREAS} \ - --exclude=${EXCLUDE} --include=${INCLUDE} ${PARENT_DISTRIBUTION} "${DIRECTORY}" ${PARENT_MIRROR} + + case "${BOOTSTRAP}" in + debootstrap) + debootstrap --verbose --arch=${ARCHITECTURE} --components=${PARENT_ARCHIVE_AREAS} \ + --exclude=${EXCLUDE} --include=${INCLUDE} ${PARENT_DISTRIBUTION} "${DIRECTORY}" ${PARENT_MIRROR} + ;; + + mmdebstrap) + mmdebstrap --arch=${ARCHITECTURE} --components=${PARENT_ARCHIVE_AREAS} \ + --format=directory --mode=root --aptopt='APT::Sandbox::User "root"' \ + --include=${INCLUDE} ${PARENT_DISTRIBUTION} "${DIRECTORY}" ${PARENT_MIRROR} + ;; + + *) + echo "'${NAME}': ${BOOTSTRAP} - not supported" >&2 + exit 1 + ;; + esac +} + +Image () +{ + DIRECTORY="${1}" + + FILES="${IMAGE}" + + for NUMBER in $(seq 1 ${IMAGE_NUMBER}) + do + eval FILES="${FILES} $`echo IMAGE${NUMBER}`" + done + + for FILE in ${FILES} + do + case "${FILE}" in + *.gz) + TAR_OPTIONS="--gzip" + + if [ ! -e /bin/gzip ] + then + echo -en "\n" + echo "'${NAME}': /bin/lzip - no such file." >&2 + exit 1 + fi + ;; + + *.lz) + TAR_OPTIONS="--lzip" + + if [ ! -e /usr/bin/lzip ] + then + echo -en "\n" + echo "'${NAME}': /usr/bin/lzip - no such file." >&2 + exit 1 + fi + ;; + + *.xz) + TAR_OPTIONS="--xz" + + if [ ! -e /usr/bin/xz ] + then + echo -en "\n" + echo "'${NAME}': /usr/bin/xz - no such file." >&2 + exit 1 + fi + ;; + + *) + TAR_OPTIONS="" + ;; + esac + + mkdir -p "${DIRECTORY}" + + echo "Using ${FILE}" + + if [ -e /usr/bin/pv ] + then + curl --fail --location --progress-bar --user-agent ${SOFTWARE}/${VERSION} --http2 ${CURL_TIME_COND} \ + "${FILE}" -o - | \ + pv --format '%p' --width 77 | \ + tar -C "${DIRECTORY}" --strip 1 ${TAR_OPTIONS} -xf - + #pv --format '%p' --width 77 "${CACHE}/${FILE}" | tar xf - ${TAR_OPTIONS} -C "${DIRECTORY}" --strip 1 + else + curl --fail --location --progress-bar --user-agent ${SOFTWARE}/${VERSION} --http2 ${CURL_TIME_COND} \ + "${FILE}" -o - | \ + tar -C "${DIRECTORY}" --strip 1 ${TAR_OPTIONS} -xf - + fi + + echo " ok." + done + + # Writing resolv.conf + rm -f "${DIRECTORY}/etc/resolv.conf" + cp /etc/resolv.conf "${DIRECTORY}/etc" } Configure_apt () @@ -423,7 +514,11 @@ EOF rm -f "${DIRECTORY}/progress-linux.cfg" - Chroot "${DIRECTORY}" "apt update" + case "${INSTALLER}" in + bootstrap) + Chroot "${DIRECTORY}" "apt update" + ;; + esac ;; esac } @@ -449,6 +544,9 @@ EOF rm -f "${DIRECTORY}/etc/mtab" ln -s /proc/self/mounts "${DIRECTORY}/etc/mtab" + # Removing machine-id + rm -f "${DIRECTORY}/etc/machine-id" + # Removing resolv.conf rm -f "${DIRECTORY}/etc/resolv.conf" cp /etc/resolv.conf "${DIRECTORY}/etc" @@ -582,10 +680,15 @@ EOF IPV4_ADDRESS1_PART4="$(echo ${IPV4_ADDRESS1} | cut -d. -f4)" IPV6_ADDRESS1="$(${DIG} AAAA +short ${NAME} | tail -n1)" - # TODO: address parts + # FIXME: address parts + + export IPV4_ADDRESS1 IPV4_ADDRESS1_PART1 IPV4_ADDRESS1_PART2 IPV4_ADDRESS1_PART3 IPV4_ADDRESS1_PART4 + export IPV6_ADDRESS1 fi - sed -e "s|@NAME@|${NAME}|g" \ + sed -e "s|@FILE@|${FILE}|g" \ + -e "s|@NAME@|${NAME}|g" \ + -e "s|@HOST@|${HOST}|g" \ -e "s|@IPV4_ADDRESS1@|${IPV4_ADDRESS1}|g" \ -e "s|@IPV4_ADDRESS1_PART1@|${IPV4_ADDRESS1_PART1}|g" \ -e "s|@IPV4_ADDRESS1_PART2@|${IPV4_ADDRESS1_PART2}|g" \ @@ -607,7 +710,7 @@ EOF do if grep -qs locales "${FILE}" then - if [ -e "${DIRECTORY}/var/lib/dpkg/info/locales.list" ] + if Chroot "${DIRECTORY}" dpkg --get-selections | awk '{ print $1 }' | grep -qs '^locales$' then rm -f "${DIRECTORY}/etc/default/locale" "${DIRECTORY}/etc/locale.gen" Chroot "${DIRECTORY}" "DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=criticial dpkg-reconfigure locales" @@ -650,7 +753,7 @@ EOF fi # Manual hack to regenerate ssh keys - if [ -e "${DIRECTORY}/var/lib/dpkg/info/openssh-server.postinst" ] && \ + if Chroot "${DIRECTORY}" dpkg --get-selections | awk '{ print $1 }' | grep -qs '^openssh-server$' && \ ! ls "${DIRECTORY}"/etc/ssh/ssh_host_*_key > /dev/null 2>&1 then Chroot "${DIRECTORY}" "DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=criticial dpkg-reconfigure openssh-server" @@ -855,6 +958,14 @@ EOF fi ;; + + stub) + +cat >> "${DIRECTORY}/etc/systemd/network/eno${NUMBER}.network" << EOF +DHCP=no +EOF + + ;; esac if [ -n "${IPV4_POST_UP}" ] @@ -937,6 +1048,15 @@ EOF fi ;; + + stub) + +cat >> "${DIRECTORY}/etc/systemd/network/eno${NUMBER}.network" << EOF +DHCP=no +IPv6AcceptRA=no +EOF + + ;; esac if [ -n "${IPV6_POST_UP}" ] @@ -1068,6 +1188,7 @@ trap 'Umount' EXIT HUP INT QUIT TERM umask 0022 export NAME +export HOST Debconf @@ -1081,7 +1202,7 @@ do done # Run debconf parts -for DEBCONF_SCRIPT in "/usr/share/${SOFTWARE}/scripts/debconf.d"/* +for DEBCONF_SCRIPT in "/usr/share/${SOFTWARE}/build-scripts/debconf.d"/* do if [ -x "${DEBCONF_SCRIPT}" ] then @@ -1092,25 +1213,91 @@ done # Read-in configuration from debconf . "${DEBCONF_TMPDIR}/debconf.default" -CACHE="/var/cache/${PROGRAM}/${MODE}" SYSTEM="${MACHINES}/${NAME}" -## Generic parts -if [ ! -e "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}" ] +if [ -z "${IMAGE}" ] && [ -z "${IMAGE1}" ] then - Debootstrap "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}.tmp" - Configure_apt "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}.tmp" - Deconfigure_system "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}.tmp" - - mv "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}.tmp" "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}" + INSTALLER="bootstrap" +else + INSTALLER="image" fi -Upgrade_system "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}" || echo "W: If upgrading the system failed, try removing the cache for your distribution in /var/cache/${PROGRAM}" -Cleanup_system "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}" +case "${INSTALLER}" in + bootstrap) + ## Dependencies + if [ -x /usr/bin/mmdebstrap ] + then + BOOTSTRAP="mmdebstrap" + elif [ -x /usr/sbin/debootstrap ] + then + BOOTSTRAP="debootstrap" + else + echo "'${NAME}': /usr/bin/mmdebstrap or /usr/sbin/debootstrap - no such file." >&2 + exit 1 + fi + + ## Generic parts + if [ ! -e "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}" ] + then + Bootstrap "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}.tmp" + Configure_apt "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}.tmp" + Deconfigure_system "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}.tmp" + + mv "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}.tmp" "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}" + fi + + Upgrade_system "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}" || echo "W: If upgrading the system failed, try removing the cache for your distribution in /var/cache/${PROGRAM}" + Cleanup_system "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}" + + ## Specific parts + mkdir -p "${MACHINES}" + cp -a "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}" "${MACHINES}/${NAME}" + ;; + + image) + ## Dependencies + if [ -x /usr/bin/curl ] + then + GET="curl" + elif [ -x /usr/bin/wget ] + then + GET="wget" + else + echo "'${NAME}': /usr/bin/curl or /usr/bin/wget - no such file." >&2 + exit 1 + fi + + COMPRESSIONS="" + + if [ -x /usr/bin/lzip ] + then + COMPRESSIONS="${COMPRESSIONS} lz" + fi + + if [ -x /usr/bin/xz ] + then + COMPRESSIONS="${COMPRESSIONS} xz" + fi + + if [ -x /bin/gzip ] + then + COMPRESSIONS="${COMPRESSIONS} gz" + fi + + if [ -z "${COMPRESSIONS}" ] + then + echo "'${NAME}': no supported compressor available (lz, xz, gz)." + exit 1 + fi + + ## Parts + mkdir -p "${MACHINES}" + Image "${MACHINES}/${NAME}" -## Specific parts -mkdir -p "${MACHINES}" -cp -a "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}" "${MACHINES}/${NAME}" + Configure_apt "${MACHINES}/${NAME}" + Deconfigure_system "${MACHINES}/${NAME}" + ;; +esac Mount diff --git a/share/scripts/debconf.d/0001-preseed-file b/share/build-scripts/debconf.d/0001-preseed-file index d70e4e1..aa2c3c7 100755 --- a/share/scripts/debconf.d/0001-preseed-file +++ b/share/build-scripts/debconf.d/0001-preseed-file @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -23,49 +23,67 @@ PROJECT="open-infrastructure" SOFTWARE="compute-tools" PROGRAM="container" -CONFIG="/etc/${SOFTWARE}/debconf" +CONFIG="/etc/${SOFTWARE}/config" +DEBCONF="/etc/${SOFTWARE}/debconf" DEBCONF_NOWARNINGS="true" export DEBCONF_NOWARNINGS . /usr/share/debconf/confmodule +# debconf template hierarchy (first match wins): +# +# 1. user specified a preseed file through commandline options +# 2. /etc/compute-tools/debconf/${NAME}.cfg exists +# 3. /etc/compute-tools/debconf/links/${NAME}.cfg exists +# 4. /etc/compute-tools/debconf/*/${NAME}.cfg exists (only one file!) +# 5. /etc/compute-tools/debconf/default.cfg exists +# 6. user chooses from list of available (if any) *.cfg files +# (recursively) found in /etc/compute-tools/debconf, +# /etc/compute-tools/debconf/links is excluded. + if [ -n "${PRESEED_FILE}" ] then # user specified one or more preseed files through commandline option db_set container/preseed-file "${PRESEED_FILE}" db_fset container/preseed-file seen true -elif [ -e "${CONFIG}/${NAME}.cfg" ] +elif [ -e "${DEBCONF}/${NAME}.cfg" ] then # user did not specify a pressed file, but there is a matching one # available on the system matching the container name - db_set container/preseed-file "${CONFIG}/${NAME}.cfg" + db_set container/preseed-file "${DEBCONF}/${NAME}.cfg" db_fset container/preseed-file seen true -elif [ "$(ls ${CONFIG}/*/${NAME}.cfg 2>/dev/null | wc -l)" -eq 1 ] +elif [ -e "${DEBCONF}/links/${NAME}.cfg" ] +then + # user did not specify a pressed file, but there is a matching one + # in /etc/${SOFTWARE}/debconf/links directory + db_set container/preseed-file "${DEBCONF}/links/${NAME}.cfg" + db_fset container/preseed-file seen true +elif [ "$(ls ${DEBCONF}/*/${NAME}.cfg 2>/dev/null | wc -l)" -eq 1 ] then # user did not specify a pressed file, but there is 1 (and only 1) # matching in a sub-directory of /etc/${SOFTWARE}/debconf - FILE="$(ls ${CONFIG}/*/${NAME}.cfg)" + FILE="$(ls ${DEBCONF}/*/${NAME}.cfg)" db_set container/preseed-file "${FILE}" db_fset container/preseed-file seen true -elif [ -e "${CONFIG}/default.cfg" ] +elif [ -e "${DEBCONF}/default.cfg" ] then # user did not specify a pressed file, but there is a default one - db_set container/preseed-file "${CONFIG}/default.cfg" + db_set container/preseed-file "${DEBCONF}/default.cfg" db_fset container/preseed-file seen true -elif ls "${CONFIG}"/*.cfg > /dev/null 2>&1 || ls "${CONFIG}"/*/*.cfg > /dev/null 2>&1 +elif ls "${DEBCONF}"/*.cfg > /dev/null 2>&1 || ls "${DEBCONF}"/*/*.cfg > /dev/null 2>&1 then # user has not specified preseed files through commandline option, # showing debconf selection dialog for global preseed file. - FILES="$(cd ${CONFIG} && find . -type f -name '*.cfg' -printf '%P\n' | LC_ALL=C sort)" + FILES="$(cd ${DEBCONF} && find . -type f -name '*.cfg' -printf '%P\n' | grep -v '^links\/' | LC_ALL=C sort -V)" PRESEED_FILES="$(for FILE in ${FILES}; do echo -n "$(echo ${FILE} | sed -e 's|.cfg$||'), "; done | sed -e 's|, $||')" if [ -n "${PRESEED_FILES}" ] then - db_subst container/preseed-files CHOICES "none, custom, , ${PRESEED_FILES}" + db_subst container/preseed-files CHOICES "custom, exit, none, , ${PRESEED_FILES}" db_settitle container/title db_input high container/preseed-files || true @@ -75,12 +93,17 @@ then PRESEED_FILE="${RET}" # select case "${PRESEED_FILE}" in - none|custom) + custom|none) + ;; + + exit) + rm -f "${CONFIG}/${NAME}.conf" + exit 1 ;; *) # user specified preseed file through debconf select - db_set container/preseed-file "${CONFIG}/${PRESEED_FILE}.cfg" + db_set container/preseed-file "${DEBCONF}/${PRESEED_FILE}.cfg" db_fset container/preseed-file seen true ;; esac diff --git a/share/scripts/debconf.d/0001-preseed-file.templates b/share/build-scripts/debconf.d/0001-preseed-file.templates index 7e12e0d..9be825d 100644 --- a/share/scripts/debconf.d/0001-preseed-file.templates +++ b/share/build-scripts/debconf.d/0001-preseed-file.templates @@ -13,6 +13,6 @@ Type: string Default: Description: Enter (optional) preseed file to use: A preseed file can be used to automatically answer questions to this - container create script. + container build script. . If you do not want to use a preseed file, leave this question empty. diff --git a/share/scripts/debconf.d/0002-preseed-debconf b/share/build-scripts/debconf.d/0002-preseed-debconf index 4bc4da6..e4b5f44 100755 --- a/share/scripts/debconf.d/0002-preseed-debconf +++ b/share/build-scripts/debconf.d/0002-preseed-debconf @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -93,6 +93,7 @@ do fi sed -e "s|@NAME@|${NAME}|g" \ + -e "s|@HOST@|${HOST}|g" \ -e "s|@IPV4_ADDRESS1@|${IPV4_ADDRESS1}|g" \ -e "s|@IPV4_ADDRESS1_PART1@|${IPV4_ADDRESS1_PART1}|g" \ -e "s|@IPV4_ADDRESS1_PART2@|${IPV4_ADDRESS1_PART2}|g" \ diff --git a/share/scripts/debconf.d/0003-debconf b/share/build-scripts/debconf.d/0003-debconf index c1c4e79..e12e25e 100755 --- a/share/scripts/debconf.d/0003-debconf +++ b/share/build-scripts/debconf.d/0003-debconf @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -44,6 +44,39 @@ Mode () export MODE } +Images () +{ + if db_get container/image && [ "${RET}" ] + then + db_get container/image + IMAGE="${RET}" # string (w/o empty) + + echo "IMAGE=\"${IMAGE}\"" >> "${DEBCONF_TMPDIR}/debconf.default" + fi + + NUMBER="1" + + while db_get container/image${NUMBER} && [ "${RET}" ] + do + if db_get container/image${NUMBER} + then + eval IMAGE${NUMBER}="\"${RET}\"" # string (w/o empty) + fi + + NUMBER="$((${NUMBER} + 1))" + done + + IMAGE_NUMBER="$((${NUMBER} - 1))" + + echo "IMAGE_NUMBER=\"${IMAGE_NUMBER}\"" >> "${DEBCONF_TMPDIR}/debconf.default" + + for NUMBER in $(seq 1 ${IMAGE_NUMBER}) + do + eval IMAGE="$`echo IMAGE${NUMBER}`" + echo "IMAGE${NUMBER}=\"${IMAGE}\"" >> "${DEBCONF_TMPDIR}/debconf.default" + done +} + Distribution () { db_get container/distribution @@ -53,18 +86,18 @@ Distribution () then case "${MODE}" in debian) - db_subst container/distribution CHOICES "Debian GNU/Linux 10 \"buster\", Debian GNU/Linux 11 \"bullseye\", Debian GNU/Linux testing/bookworm, Debian GNU/Linux unstable/sid" - db_subst container/distribution CHOICES_C "buster, bullseye, bookworm, sid" + db_subst container/distribution CHOICES "Debian GNU/Linux 10 \"buster\", Debian GNU/Linux 11 \"bullseye\", Debian GNU/Linux 12 \"bookworm\", Debian GNU/Linux testing, Debian GNU/Linux unstable/sid" + db_subst container/distribution CHOICES_C "buster, bullseye, bookworm, testing, sid" - db_set container/distribution bullseye + db_set container/distribution bookworm db_fset container/distribution seen false ;; progress-linux) - db_subst container/distribution CHOICES "Progress Linux 5 (engywuck), Progress Linux 5.99 (engywuck-backports), Progress Linux 6 (fuchur), Progress Linux 6.99 (fuchur-backports)" - db_subst container/distribution CHOICES_C "engywuck, engywuck-backports, fuchur, fuchur-backports" + db_subst container/distribution CHOICES "Progress Linux 5 (engywuck), Progress Linux 5.99 (engywuck-backports), Progress Linux 6 (fuchur), Progress Linux 6.99 (fuchur-backports), Progress Linux 7 (graograman), Progress Linux 7.99 (graograman-backports)" + db_subst container/distribution CHOICES_C "engywuck, engywuck-backports, fuchur, fuchur-backports, graograman, graograman-backports" - db_set container/distribution fuchur-backports + db_set container/distribution graograman-backports db_fset container/distribution seen false ;; esac @@ -98,6 +131,10 @@ Parent_distribution () fuchur*) PARENT_DISTRIBUTION="bullseye" ;; + + graograman*) + PARENT_DISTRIBUTION="bookworm" + ;; esac ;; @@ -122,7 +159,7 @@ Architecture () arm64) DEFAULT="arm64" - CHOICES="Automatic, RaspberryPi 3 (arm64)" + CHOICES="Automatic, RaspberryPi 3 and newer (arm64)" CHOICES_C="auto, arm64" ;; @@ -485,18 +522,28 @@ Archive_areas () db_get container/archive-areas ARCHIVE_AREAS="${RET}" + case "${PARENT_DISTRIBUTION}" in + bookworm|testing|sid) + ARCHIVE_AREAS_ALL="main, contrib, non-free, non-free-firmware" + ;; + + *) + ARCHIVE_AREAS_ALL="main, contrib, non-free" + ;; + esac + if [ -z "${ARCHIVE_AREAS}" ] then case "${MODE}" in progress-linux) - db_subst container/archive-areas CHOICES "main, contrib, non-free" + db_subst container/archive-areas CHOICES "${ARCHIVE_AREAS_ALL}" - db_set container/archive-areas "main, contrib, non-free" + db_set container/archive-areas "${ARCHIVE_AREAS_ALL}" db_fset container/archive-areas seen false ;; *) - db_subst container/archive-areas CHOICES "main, contrib, non-free" + db_subst container/archive-areas CHOICES "${ARCHIVE_AREAS_ALL}" db_set container/archive-areas "main" db_fset container/archive-areas seen false @@ -518,7 +565,7 @@ Archive_areas () ;; progress-linux) - ARCHIVE_AREAS="main, contrib, non-free" + ARCHIVE_AREAS="${ARCHIVE_AREAS_ALL}" ;; esac fi @@ -535,13 +582,23 @@ Parent_archive_areas () db_get container/parent-archive-areas PARENT_ARCHIVE_AREAS="${RET}" # multiselect (w/o empty) + case "${PARENT_DISTRIBUTION}" in + bookworm|testing|sid) + PARENT_ARCHIVE_AREAS_ALL="main, contrib, non-free, non-free-firmware" + ;; + + *) + PARENT_ARCHIVE_AREAS_ALL="main, contrib, non-free" + ;; + esac + if [ -z "${PARENT_ARCHIVE_AREAS}" ] then case "${MODE}" in progress-linux) - db_subst container/parent-archive-areas CHOICES "main, contrib, non-free" + db_subst container/parent-archive-areas CHOICES "${PARENT_ARCHIVE_AREAS_ALL}" - db_set container/parent-archive-areas "main, contrib, non-free" + db_set container/parent-archive-areas "${PARENT_ARCHIVE_AREAS_ALL}" db_fset container/parent-archive-areas seen false db_settitle container/title @@ -564,7 +621,7 @@ Parent_archive_areas () then case "${MODE}" in progress-linux) - PARENT_ARCHIVE_AREAS="main, contrib, non-free" + PARENT_ARCHIVE_AREAS="${PARENT_ARCHIVE_AREAS_ALL}" ;; *) @@ -868,6 +925,20 @@ Network () db_input high container/network1/ipv4-post-down || true db_go ;; + + stub) + db_settitle container/title + db_input high container/network1/ipv4-comment || true + db_go + + db_settitle container/title + db_input high container/network1/ipv4-post-up || true + db_go + + db_settitle container/title + db_input high container/network1/ipv4-post-down || true + db_go + ;; esac db_settitle container/title @@ -906,6 +977,20 @@ Network () db_input high container/network1/ipv6-post-down || true db_go ;; + + stub) + db_settitle container/title + db_input high container/network1/ipv6-comment || true + db_go + + db_settitle container/title + db_input high container/network1/ipv6-post-up || true + db_go + + db_settitle container/title + db_input high container/network1/ipv6-post-down || true + db_go + ;; esac if [ "${NETWORK1_IPV4_METHOD}" = "static" ] || [ "${NETWORK1_IPV6_METHOD}" = "static" ] @@ -1205,10 +1290,10 @@ Internal_options () if db_get container/auto then - CNT_AUTO="${RET:-true}" # string (w/o empty) + CNT_AUTO="${RET:-last-on}" # string (w/o empty) fi - CNT_AUTO="${CNT_AUTO:-true}" + CNT_AUTO="${CNT_AUTO:-last-on}" echo "CNT_AUTO=\"${CNT_AUTO}\"" >> "${DEBCONF_TMPDIR}/debconf.default" if db_get container/container-server @@ -1256,6 +1341,7 @@ Internal_options () } Mode +Images Distribution Parent_distribution diff --git a/share/scripts/debconf.d/0003-debconf.templates b/share/build-scripts/debconf.d/0003-debconf.templates index 73952a8..551033a 100644 --- a/share/scripts/debconf.d/0003-debconf.templates +++ b/share/build-scripts/debconf.d/0003-debconf.templates @@ -10,6 +10,12 @@ Choices: ${CHOICES} Description: Mode Mode. +Template: container/image +Type: string +Default: +Description: Image + Image. + Template: container/distribution Type: select Default: @@ -112,7 +118,7 @@ Description: Veth name Template: container/network1/ipv4-method Type: select -Choices: dhcp, static, none +Choices: dhcp, static, stub, none Default: Description: Ethernet Interface Method (IPv4)? What method should be used to configure the ethernet interface? @@ -173,7 +179,7 @@ Description: Ethernet post-down Command (IPv4)? Template: container/network1/ipv6-method Type: select -Choices: static, none +Choices: dhcp, static, stub, none Default: Description: Ethernet Interface Method (IPv6)? What method should be used to configure the ethernet interface? diff --git a/share/scripts/debootstrap b/share/build-scripts/debootstrap index f0db7e8..5ab5db2 100755 --- a/share/scripts/debootstrap +++ b/share/build-scripts/debootstrap @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -111,7 +111,7 @@ Parameters () Usage () { - echo "Usage: container create -n|--name NAME -s|--script ${SCRIPT} -- [-a|--architecture ARCHITECTURE] [-d|--distribution DISTRIBUTION] [-m|--mirror MIRROR] [-p|--password PASSWORD}" >&2 + echo "Usage: container build -n|--name NAME -s|--script ${SCRIPT} -- [-a|--architecture ARCHITECTURE] [-d|--distribution DISTRIBUTION] [-m|--mirror MIRROR] [-p|--password PASSWORD}" >&2 exit 1 } @@ -136,7 +136,7 @@ case "${SCRIPT}" in mmdebstrap) BOOTSTRAP="/usr/bin/mmdebstrap" - BOOTSTRAP_OPTIONS="--mode=root" + BOOTSTRAP_OPTIONS="--format=directory --mode=root --aptopt='APT::Sandbox::User \"root\"'" ;; esac @@ -153,7 +153,7 @@ then fi ARCHITECTURE="${ARCHITECTURE:-$(dpkg --print-architecture)}" -DISTRIBUTION="${DISTRIBUTION:-bullseye}" +DISTRIBUTION="${DISTRIBUTION:-bookworm}" MIRROR="${MIRROR:-https://deb.debian.org/debian}" PASSWORD="${PASSWORD:-$(dd if=/dev/urandom bs=12 count=1 2> /dev/null | base64)}" @@ -174,9 +174,11 @@ do fi done +# Run mkdir -p "${MACHINES}" - ${BOOTSTRAP} ${BOOTSTRAP_OPTIONS} --arch=${ARCHITECTURE} --include=${INCLUDE} ${DISTRIBUTION} ${MACHINES}/${NAME} ${MIRROR} + +# Cleaning apt cache chroot "${MACHINES}/${NAME}" apt clean # Setting hostname diff --git a/share/config/container.conf.in b/share/config/container.conf.in index d930803..d3f9a48 100644 --- a/share/config/container.conf.in +++ b/share/config/container.conf.in @@ -1,4 +1,4 @@ -# compute-tools: @NAME@ +# Open Infrastructure: compute-tools [start] cnt.auto=@CNT_AUTO@ @@ -6,6 +6,7 @@ cnt.container-server=@CNT_CONTAINER_SERVER@ cnt.network-bridge=@CNT_NETWORK_BRIDGE@ cnt.overlay=@CNT_OVERLAY@ cnt.overlay-options=@CNT_OVERLAY_OPTIONS@ +cnt.start=@CNT_START@ bind=@BIND@ bind-ro=@BIND_RO@ boot=@BOOT@ diff --git a/share/doc/examples/bullseye.cfg b/share/doc/examples/bookworm.cfg index 044504e..1f878f4 100644 --- a/share/doc/examples/bullseye.cfg +++ b/share/doc/examples/bookworm.cfg @@ -1,5 +1,5 @@ -# example for automated Debian 11 (bullseye) based container creation -# using: sudo container create -s debian +# example for automated Debian 12 (bookworm) based container building +# using: sudo container build -s debian debconf debconf/priority select critical debconf debconf/frontend select Noninteractive @@ -9,12 +9,12 @@ compute-tools container/mode select debian #compute-tools container/preseed-files string #compute-tools container/include-preseed-files string -compute-tools container/distribution select bullseye +compute-tools container/distribution select bookworm #compute-tools container/parent-distribution select compute-tools container/architecture select auto -compute-tools container/archives multiselect bullseye-security, bullseye-updates +compute-tools container/archives multiselect bookworm-security, bookworm-updates #compute-tools container/parent-archives multiselect compute-tools container/mirror string https://deb.debian.org/debian diff --git a/share/doc/examples/container-images.sh b/share/doc/examples/container-images.sh index ede68b5..b711048 100755 --- a/share/doc/examples/container-images.sh +++ b/share/doc/examples/container-images.sh @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -17,14 +17,14 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <https://www.gnu.org/licenses/>. -# Description: example for automated Debian base system container image creation -# Requires: debootstrap plzip xz-utils -# Usage: sudo ./container-images.sh +# Description: example for automated Debian base system container image builds +# Requires: debootstrap plzip xz-utils sudo +# Usage: ./container-images.sh set -e ARCHITECTURES="amd64 i386" -DISTRIBUTIONS="jessie stretch buster sid" +DISTRIBUTIONS="buster bullseye bookworm sid" MIRROR="https://deb.debian.org/debian" INCLUDE="dbus" @@ -77,29 +77,29 @@ do ;; esac - echo "Creating ${SYSTEM}.system.tar.${COMPRESSION}" + echo "Building ${SYSTEM}.system.tar.${COMPRESSION}" sudo tar ${TAR_OPTIONS} -cf "${SYSTEM}.system.tar.${COMPRESSION}" "${SYSTEM}" - echo "Creating ${SYSTEM}.system.tar.${COMPRESSION}.sha512" + echo "Building ${SYSTEM}.system.tar.${COMPRESSION}.sha512" sha512sum "${SYSTEM}.system.tar.${COMPRESSION}" > "${SYSTEM}.system.tar.${COMPRESSION}.sha512" if [ -n "${KEY}" ] then - echo "Creating ${SYSTEM}.system.tar.${COMPRESSION}.sign" + echo "Building ${SYSTEM}.system.tar.${COMPRESSION}.sig" gpg -a -b --default-key ${KEY} ${SYSTEM}.system.tar.${COMPRESSION} - mv "${SYSTEM}.system.tar.${COMPRESSION}.asc" "${SYSTEM}.system.tar.${COMPRESSION}.sign" + mv "${SYSTEM}.system.tar.${COMPRESSION}.asc" "${SYSTEM}.system.tar.${COMPRESSION}.sig" fi - echo "Creating ${SYSTEM}.system.tar.${COMPRESSION} symlink" + echo "Building ${SYSTEM}.system.tar.${COMPRESSION} symlink" ln -sf "${SYSTEM}.system.tar.${COMPRESSION}" "$(echo ${SYSTEM}.system.tar.${COMPRESSION} | sed -e "s|${DATE}|current|")" - echo "Creating ${SYSTEM}.system.tar.${COMPRESSION}.sha512 copy" + echo "Building ${SYSTEM}.system.tar.${COMPRESSION}.sha512 copy" sed -e "s|${DATE}|current|" "${SYSTEM}.system.tar.${COMPRESSION}.sha512" > "$(echo ${SYSTEM}.system.tar.${COMPRESSION}.sha512 | sed -e "s|${DATE}|current|")" - if [ -e "${SYSTEM}.system.tar.${COMPRESSION}.sign" ] + if [ -e "${SYSTEM}.system.tar.${COMPRESSION}.sig" ] then - echo "Creating ${SYSTEM}.system.tar.${COMPRESSION}.sign copy" - cp "${SYSTEM}.system.tar.${COMPRESSION}.sign" "$(echo ${SYSTEM}.system.tar.${COMPRESSION}.sign | sed -e "s|${DATE}|current|")" + echo "Building ${SYSTEM}.system.tar.${COMPRESSION}.sig copy" + cp "${SYSTEM}.system.tar.${COMPRESSION}.sig" "$(echo ${SYSTEM}.system.tar.${COMPRESSION}.sig | sed -e "s|${DATE}|current|")" fi done diff --git a/share/doc/examples/fuchur-backports.cfg b/share/doc/examples/graograman-backports.cfg index 20cd127..d1d2640 100644 --- a/share/doc/examples/fuchur-backports.cfg +++ b/share/doc/examples/graograman-backports.cfg @@ -1,5 +1,5 @@ -# example for automated Progress Linux 6.99 (fuchur-backports) container creation -# using: sudo container create -s progress-linux +# example for automated Progress Linux 7.99 (graograman-backports) container building +# using: sudo container build -s progress-linux debconf debconf/priority select critical debconf debconf/frontend select Noninteractive @@ -9,12 +9,12 @@ compute-tools container/mode select progress-linux #compute-tools container/preseed-files string #compute-tools container/include-preseed-files string -compute-tools container/distribution select fuchur-backports +compute-tools container/distribution select graograman-backports #compute-tools container/parent-distribution select compute-tools container/architecture select auto -compute-tools container/archives multiselect fuchur-security, fuchur-updates, fuchur-extras, fuchur-backports, fuchur-backports-extras +compute-tools container/archives multiselect graograman-security, graograman-updates, graograman-extras, graograman-backports, graograman-backports-extras #compute-tools container/parent-archives multiselect compute-tools container/mirror string https://deb.progress-linux.org/packages @@ -23,8 +23,8 @@ compute-tools container/mirror-security string https://deb.progress-linux.org/pa compute-tools container/parent-mirror string https://deb.debian.org/debian compute-tools container/parent-mirror-security string https://security.debian.org -compute-tools container/archive-areas multiselect main, contrib, non-free -compute-tools container/parent-archive-areas multiselect main, contrib, non-free +compute-tools container/archive-areas multiselect main, contrib, non-free, non-free-firmware +compute-tools container/parent-archive-areas multiselect main, contrib, non-free, non-free-firmware compute-tools container/packages string knot-resolver openssh-server diff --git a/share/doc/HOST-SETUP.txt b/share/doc/host-setup.old.txt index 6b368f0..69368d1 100644 --- a/share/doc/HOST-SETUP.txt +++ b/share/doc/host-setup.old.txt @@ -1,5 +1,5 @@ -compute-tools: Host Setup -========================= +compute-tools: Host Setup (with ifupdown) +========================================= 1. Debian Packages @@ -11,27 +11,27 @@ apt install bridge-utils ifenslave vlan 2. Boot Parameters ------------------ -2.1 CGroup Memory Controller -~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +2.1 CGroup Memory Controller (optional) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In order to enable the memory controller the following boot parameter needs to be used: cgroup_enable=memory -2.2 CGroup Swap Controller -~~~~~~~~~~~~~~~~~~~~~~~~~~ +2.2 CGroup Swap Controller (optional) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In order to enable the swap controller the following boot parameter needs to be used: swapaccount=1 -2.3 vsyscall -~~~~~~~~~~~~ +2.3 vsyscall (legacy) +~~~~~~~~~~~~~~~~~~~~~ In order to be able to execute binaries linked to older libc versions -(<= wheezy) newer linux versions (>= buster), add the following boot parameter -(see #881813 for more information): +(<= wheezy) on newer linux versions (>= buster), add the following boot +parameter (see #881813 for more information): vsyscall=emulate @@ -39,18 +39,10 @@ In order to be able to execute binaries linked to older libc versions 3. Networking ~~~~~~~~~~~~~ -3.1 Enable IPv4 Forwarding -~~~~~~~~~~~~~~~~~~~~~~~~~~ - -apt install procps -echo "net.ipv4.ip_forward = 1" > /etc/sysctl.d/ip_foward.conf -sysctl -p - - -3.2 Configure Network Bridge +3.1 Configure Network Bridge ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -3.2.1 Bridge: 1 Interface, standalone, DHCP +3.1.1 Bridge: 1 Interface, standalone, DHCP ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ cat > /etc/network/interfaces << EOF @@ -72,7 +64,7 @@ iface bridge0 inet dhcp EOF -3.2.2 Bridge: 1 Interface, standalone, static +3.1.2 Bridge: 1 Interface, standalone, static ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ cat > /etc/network/interfaces << EOF @@ -101,7 +93,7 @@ iface bridge0 inet static EOF -3.2.3 Bridge: 2 logical Interfaces, subnet, static +3.1.3 Bridge: 2 logical Interfaces, subnet, static ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ cat > /etc/network/interfaces << EOF @@ -129,7 +121,7 @@ iface bridge0 inet static EOF -3.2.4 Bridge: 3 physical Interfaces, vlan, bonding, static +3.1.4 Bridge: 3 physical Interfaces, vlan, bonding, static ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ cat > /etc/network/interfaces << EOF diff --git a/share/doc/host-setup.txt b/share/doc/host-setup.txt new file mode 100644 index 0000000..083e1aa --- /dev/null +++ b/share/doc/host-setup.txt @@ -0,0 +1,217 @@ +compute-tools: Host Setup (with systemd-networkd) +================================================= + + +1. Debian Packages +------------------- + +apt install systemd-networkd bridge-utils + +Make sure to enable networkd (sudo systemctl enable systemd-networkd) +and convert /etc/network/interfaces (see systemd-networkd documentation). + + +2. Boot Parameters +------------------ + +2.1 CGroup Memory Controller (optional) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +In order to enable the memory controller the following boot parameter needs to be used: + + cgroup_enable=memory + + +2.2 CGroup Swap Controller (optional) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +In order to enable the swap controller the following boot parameter needs to be used: + + swapaccount=1 + +2.3 vsyscall (legacy) +~~~~~~~~~~~~~~~~~~~~~ + +In order to be able to execute binaries linked to older libc versions +(<= wheezy) on newer linux versions (>= buster), add the following boot +parameter (see #881813 for more information): + + vsyscall=emulate + + +3. Networking +~~~~~~~~~~~~~ + +3.1 Configure Network Bridge +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +3.1.1 Bridge: 1 Interface, standalone, DHCP +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +cat > /etc/systemd/network/bridge0.netdev << EOF +[NetDev] +Name=bridge0 +Kind=bridge +EOF + +cat > /etc/systemd/network/bridge0.network << EOF +[Match] +Name=bridge-0 + +[Network] +DHCP=yes +EOF + + +3.1.2 Bridge: 1 Interface, standalone, static +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +cat > /etc/systemd/network/bridge0.netdev << EOF +[NetDev] +Name=bridge0 +Kind=bridge +EOF + +cat > /etc/systemd/network/bridge0.network << EOF +[Match] +Name=bridge-0 + +[Network] +Address=10.0.0.2/24 +Gateway=10.0.0.1 +EOF + + +3.1.3 Bridge: 3 physical Interfaces, vlan, bonding, static +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +cat > /etc/systemd/network/eno2.network<< EOF +[Match] +Name=eno2 + +[Network] +Bond=bond0 +EOF + +cat > /etc/systemd/network/eno3.network<< EOF +[Match] +Name=eno3 + +[Network] +Bond=bond0 +EOF + +cat > /etc/systemd/network/bond0.netdev << EOF +[NetDev] +Name=bond0 +Kind=bond + +[Bond] +Mode=802.3ad +TransmitHashPolicy=layer3+4 +MIIMonitorSec=0.1 +UpDelaySec=0.2 +DownDelaySec=0.2 +EOF + +cat > /etc/systemd/network/bond0.network << EOF +[Match] +Name=bond0 + +[Network] +VLAN=100 +EOF + +cat > /etc/systemd/network/vlan-100.netdev << EOF +[NetDev] +Name=vlan-100 +Kind=vlan + +[VLAN] +Id=100 +EOF + +cat > /etc/systemd/network/vlan-100.netdev << EOF +[Match] +Name=vlan-100 + +[Network] +Bridge=bridge-100 +EOF + +cat > /etc/systemd/network/bridge-100.netdev << EOF +[NetDev] +Name=bridge-100 +Kind=bridge +EOF + +cat > /etc/systemd/network/bridge-100.network << EOF +[Match] +Name=bridge-100 + +[Network] +Address=10.100.0.2/24 +Gateway=10.100.0.1 +EOF + + +4. Enabling user namespace for unprivileged containers +------------------------------------------------------ + +Linux supports unprivileged containers with the user namespace. +By default the user namespace is disabled on Debian systems (see #898446). +To enable user namespace, edit the following file for a permant change: + + /etc/sysctl.d/zz-compute-tools.conf + sysctl -p + +or enable it manually with: + + echo 1 > /proc/sys/kernel/unprivileged_userns_clone + +Note that containers need to be started with the correct +configuration in /etc/compute-tools/container/config to run unpriviled +(private-users option). + + +5. Enabling container-shell +--------------------------- + +Managing privileged containers requires root privileges. In order to allow +unprivileged users to manage privileged containers without granting them +privileges or accounts, the container-shell can be used together with sudo +and a container user. + + sudo adduser --gecos "compute-tools,,," \ + --home /var/lib/open-infrastructure/container-shell \ + --shell /usr/bin/container-shell + + +6. IPv4 and IPv6 dual-stack +--------------------------- + +Examples for /etc/network/interfaces above work for IPv6 too when using correct +IPv6 addresses and netmasks. + +In order to use dual-stack, bridges must have a IPv4 address assigned +(can be a dummy one from a privacy range or 127.0.0.0/8). + +Let me repeat: dual-stack only works when you assign a primary IPv6 address +(private or public, doesn't matter) *and* add an additional IPv4 address. +Yes, the IPv4 address can be a private address, the containers can still +have a public IPv4 address. + +A complete example looks like this: + +auto bridge0 +iface bridge0 inet6 static + address 2a07:6b47:4::4:1 + netmask 48 + + up ip addr add 127.4.4.1 dev $IFACE + down ip addr del 127.4.4.1 dev $IFACE + + bridge_fd 0 + bridge_maxwait 0 + bridge_stp 0 + bridge-mcquerier 1 diff --git a/share/scripts/curl b/share/get-scripts/curl index 98c2b82..00a8d73 100755 --- a/share/scripts/curl +++ b/share/get-scripts/curl @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -23,13 +23,12 @@ PROJECT="open-infrastructure" SOFTWARE="compute-tools" PROGRAM="container" +SCRIPT="${0}" +export SCRIPT + HOOKS="/etc/${SOFTWARE}/hooks" KEYS="/etc/${SOFTWARE}/keys" MACHINES="/var/lib/machines" -CACHE="/var/cache/${PROGRAM}/system" - -SCRIPT="${0}" -export SCRIPT Parameters () { @@ -124,7 +123,7 @@ Parameters () Usage () { - echo "Usage: container create -n|--name NAME -s|--script ${SCRIPT} -- [--clean] [-p|--password PASSWORD] [--server SERVER] [--setup SETUP] [--system SYSTEM]" >&2 + echo "Usage: container get -n|--name NAME -s|--script ${SCRIPT} -- [--clean] [-p|--password PASSWORD] [--server SERVER] [--setup SETUP] [--system SYSTEM]" >&2 exit 1 } @@ -178,11 +177,10 @@ fi SERVER="${SERVER:-https://get.open-infrastructure.net/system/container/debian}" PASSWORD="${PASSWORD:-$(dd if=/dev/urandom bs=12 count=1 2> /dev/null | base64)}" +CACHE="/var/cache/${PROGRAM}/get-$(basename ${SCRIPT})/$(echo ${SERVER} | sed -e 's|.*//||' -e 's|/|_|g')" VERSION="$(container version)" -export SERVER - Debconf () { # Configure local debconf @@ -233,13 +231,6 @@ done # FIXME: default server via configuration file -CURL_OPTIONS="" - -if curl -V | grep -qs http2 -then - CURL_OPTIONS="${CURL_OPTIONS} --http2" -fi - if [ -z "${SYSTEM}" ] then # Downloading container list @@ -261,7 +252,7 @@ then GREP_PATTERN="${GREP_PATTERN:-${ARCHITECTURE}}" echo "Downloading $(echo ${SERVER} | awk -F/ '{ print $3 }') container list" - curl --fail --location --progress-bar --user-agent ${SOFTWARE}/${VERSION} ${CURL_OPTIONS} \ + curl --fail --location --progress-bar --user-agent ${SOFTWARE}/${VERSION} --http2 \ "${SERVER}/container-list.txt" | grep -E "${GREP_PATTERN}" > "${DEBCONF_TMPDIR}/container-list.txt" umask 0022 @@ -269,7 +260,7 @@ then Debconf # Run debconf parts - for DEBCONF_SCRIPT in /usr/share/${SOFTWARE}/scripts/curl.d/* + for DEBCONF_SCRIPT in /usr/share/${SOFTWARE}/get-scripts/curl.d/* do if [ -x "${DEBCONF_SCRIPT}" ] then @@ -300,14 +291,14 @@ mkdir -p "${CACHE}" SETUP="${SETUP:-$(echo ${SYSTEM} | sed -e 's|.system.tar.|.setup.tar.|')}" -for FILE in "${SYSTEM}" "${SYSTEM}.sign" "${SYSTEM}.sha512" \ - "${SETUP}" "${SETUP}.sign" "${SETUP}.sha512" +for FILE in "${SYSTEM}" "${SYSTEM}.sig" "${SYSTEM}.sha512" \ + "${SETUP}" "${SETUP}.sig" "${SETUP}.sha512" do if curl --fail --head --output /dev/null --silent "${SERVER}/${FILE}" then case "${FILE}" in *.sha512) - if [ -e "${CACHE}/$(basename ${FILE} .sha512).sign" ] + if [ -e "${CACHE}/$(basename ${FILE} .sha512).sig" ] then continue fi @@ -322,7 +313,7 @@ do fi echo "Downloading ${FILE}" - curl --fail --location --progress-bar --user-agent ${SOFTWARE}/${VERSION} ${CURL_OPTIONS} ${CURL_TIME_COND} \ + curl --fail --location --progress-bar --user-agent ${SOFTWARE}/${VERSION} --http2 ${CURL_TIME_COND} \ "${SERVER}/${FILE}" -o "${CACHE}/${FILE}" fi done @@ -336,12 +327,12 @@ do continue fi - if [ -e "${FILE}.sign" ] + if [ -e "${FILE}.sig" ] then echo -n "Verifying ${FILE}:" set +e - gpg --homedir "${KEYS}" --verify "${FILE}.sign" "${FILE}" > /dev/null 2>&1 + gpg --homedir "${KEYS}" --verify "${FILE}.sig" "${FILE}" > /dev/null 2>&1 GNUPG="${?}" set -e diff --git a/share/scripts/curl.d/0001-debconf b/share/get-scripts/curl.d/0001-debconf index 083d469..5c5936e 100755 --- a/share/scripts/curl.d/0001-debconf +++ b/share/get-scripts/curl.d/0001-debconf @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # diff --git a/share/scripts/curl.d/0001-debconf.templates b/share/get-scripts/curl.d/0001-debconf.templates index c87e47e..c63994d 100644 --- a/share/scripts/curl.d/0001-debconf.templates +++ b/share/get-scripts/curl.d/0001-debconf.templates @@ -8,4 +8,4 @@ Default: Choices-C: ${CHOICES_C} Choices: ${CHOICES} Description: Container list: - Select the system to use for creating the container. + Select the system to use for downloading the container. diff --git a/share/hooks/post-start.chown-nvidia.sh b/share/hooks/post-start.chown-nvidia.sh index 64c02cc..225f13b 100755 --- a/share/hooks/post-start.chown-nvidia.sh +++ b/share/hooks/post-start.chown-nvidia.sh @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -19,6 +19,10 @@ set -e +PROJECT="open-infrastructure" +SOFTWARE="compute-tools" +PROGRAM="container" + CONTAINER="/var/lib/machines" if grep -qs nvidia "${CONTAINER}/${NAME}/etc/group" diff --git a/share/hooks/pre-create.git-pull.sh b/share/hooks/pre-build.git-pull.sh index 744f955..f1ae24b 100755 --- a/share/hooks/pre-create.git-pull.sh +++ b/share/hooks/pre-build.git-pull.sh @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -31,10 +31,13 @@ do then echo "Updating ${DIRECTORY}..." - if [ -e "/etc/${SOFTWARE}.conf" ] - then - . "/etc/${SOFTWARE}.conf" - fi + for FILE in "/etc/${SOFTWARE}/${PROGRAM}.conf" "/etc/${SOFTWARE}/${PROGRAM}.conf.d"/*.conf + do + if [ -e "${FILE}" ] + then + . "${FILE}" + fi + done DEBCONF_ID="${DEBCONF_ID:-HEAD}" diff --git a/share/hooks/pre-get.git-pull.sh b/share/hooks/pre-get.git-pull.sh new file mode 100755 index 0000000..f1ae24b --- /dev/null +++ b/share/hooks/pre-get.git-pull.sh @@ -0,0 +1,53 @@ +#!/bin/sh + +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + +set -e + +PROJECT="open-infrastructure" +SOFTWARE="compute-tools" +PROGRAM="container" + +DIRECTORIES="$(for DIRECTORY in $(find /etc/${SOFTWARE}/debconf/ -type d -name ".git"); do echo $(dirname ${DIRECTORY}); done | sort -uV)" + +for DIRECTORY in ${DIRECTORIES} +do + if [ -e "${DIRECTORY}/.git" ] && [ -e /usr/bin/git ] + then + echo "Updating ${DIRECTORY}..." + + for FILE in "/etc/${SOFTWARE}/${PROGRAM}.conf" "/etc/${SOFTWARE}/${PROGRAM}.conf.d"/*.conf + do + if [ -e "${FILE}" ] + then + . "${FILE}" + fi + done + + DEBCONF_ID="${DEBCONF_ID:-HEAD}" + + cd "${DIRECTORY}" + + git clean -dfx + git checkout -f ${DEBCONF_ID} + git pull --rebase + echo + + cd "${OLDPWD}" + fi +done diff --git a/share/hooks/pre-start.unlink-console.sh b/share/hooks/pre-start.unlink-console.sh index b44491e..cebbe03 100755 --- a/share/hooks/pre-start.unlink-console.sh +++ b/share/hooks/pre-start.unlink-console.sh @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # diff --git a/share/keys/daniel.baumann@open-infrastructure.net_0xB62C61A10B93195F.pub b/share/keys/daniel.baumann@open-infrastructure.net_0xB62C61A10B93195F.pub new file mode 100644 index 0000000..1e1884d --- /dev/null +++ b/share/keys/daniel.baumann@open-infrastructure.net_0xB62C61A10B93195F.pub @@ -0,0 +1,14 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mDMEXAKTMBYJKwYBBAHaRw8BAQdAqmmCJDP5dgZLR8JflHZa4QF86ahh9gW7/5bd +HUkkrsS0N0RhbmllbCBCYXVtYW5uIDxkYW5pZWwuYmF1bWFubkBvcGVuLWluZnJh +c3RydWN0dXJlLm5ldD6IkAQTFggAOBYhBIrjR8Yn591RIGv9hLYsYaELkxlfBQJc +ApMwAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJELYsYaELkxlf2NUBAPyZ +GPLameJQ0qqdYhLW9fXqZgsnEEjndBJJWcCgpPolAQDfovZ1AsjVssTV9vcajOWw +dNa6PGI/gWqoCCqsbK4GC7g4BFwCkzASCisGAQQBl1UBBQEBB0C0e0KJyQVQE8de +THs48MotPKrefjhM0a22iziA8jWkXQMBCAeIeAQYFggAIBYhBIrjR8Yn591RIGv9 +hLYsYaELkxlfBQJcApMwAhsMAAoJELYsYaELkxlfMIwA/1JQ/fItM3rCfXb/yKIL +5CNQ4UhrEY0YPHjhAAJAQ8bFAQDlQbUiVlqDVatOh+BIK6cPGjE+FYvuRArIuZHv +rlmxCA== +=Tn5F +-----END PGP PUBLIC KEY BLOCK----- diff --git a/share/keys/daniel@debian.org_0x55CF1BF986ABB9C7.pub b/share/keys/daniel@debian.org_0x55CF1BF986ABB9C7.pub new file mode 100644 index 0000000..910f870 --- /dev/null +++ b/share/keys/daniel@debian.org_0x55CF1BF986ABB9C7.pub @@ -0,0 +1,52 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFPK4YgBEADflMdQSKGvLczvCmdYSeF3nWRE6zYG2DDoeHadp0sCs7jXgVS4 +ulWzuusV2ccAwb2hANmlPC2grEWSSQUs0PykQwgY9PzvYCVw4AGKKua3QPDMBc52 +MT43cOEhCXdcJcuMaovMVkke7YvVqwWVzM2QBXbGsqXtWMuFSFB6JhIqe4pdyyrX +zIFIwFsU/MuS0K5Wbf4HBkw4JYgM2RUare/9awn/yKsQCQ3jeF5g9IRPz+zhagvT +6dReJcAZCunCkktwS8Pi7mXk0O9k0C4BV+T6Dw81rsMXwVQF5SWkBCul4evnnUpT +NUHmZYlht6WAflrd+fyGBHRMsq04GqHze0GeyAQ8DcGhBaHHku2BixSATqrnhud5 +mPL4xQQxOS4/ojBBDxVNNS7sX+2ivYLtdD1pTCQT1Xd869b8eIVCczq/+9GJnL1f +XHIZuZrjxss1Hb+38LK5fCaKbTSpM0dkSlzHnZKx1BfOXCJp/KAfBTZwxMEh95SK +IzcbKYzzo1vFUZHOkspW1qo3r4mq8wboAljilJjdyBSVUQKpTYel/p6NCmEmAozH +CzSV/xiHaf2cfpQau1YEmShD73VTt2b4CVn4sGLrAQNp3S9dCAKpz6u3wXMa8vWI +3sDq1RtXAX/YV5+VMeTH4LiMuzd3KUUnCb5O+GspBZymoCnCwd266g8eSwARAQAB +tCdEYW5pZWwgQmF1bWFubiA8bWFpbEBkYW5pZWwtYmF1bWFubi5jaD6JAj0EEwEK +ACcFAlPK4YgCGwMFCROq0IAFCwkIBwMFFQoJCAsFFgMCAQACHgECF4AACgkQVc8b ++YaruceN+A/+N+2A1Tt11fJ/iyP3hS+3Eaj6oE6bIQLiD9nAJeg9uLMII6lOOEkh +7Irs+IE8MsiG7DY4wWKahtdci3Vhad71chNXnLOrMKWOk/1VFm+mjMil2oauU3fi +6mwzb/gNyB3JLCe3oNX7TsqNAJjdPwbrVpwhJXOKKEjFitNoJMAg6m8vtNtIk2yE +YRTU2VJG7sKaMzvHg7KxlIGsarsamFpLRx7ZnnrcA8ewsvNn6fYF8Zp8W2puScsK +O26aHfZxrTzzBfxZ/anrPlXkFEvyVI3+qLYbDuLfPEEHQX9zh91++yKu1pYcTb/U +KZrQIthoJ0RCdHs65uTidTtM+4/jtlUFr07LAZaQr0i8uc2HstNfqIijszvlkPOb +lobplBB0a+saFI5CeronCzfL6uXMDe57luT6rkd+lxKC0SZ2Ai1Pon4uRbLsiAWW +SX/DqlOaq0Zmg0vLYo64/rtw5/gbVFdBTidzEUkiX7xjxBahRLH95knPlUyaFXct +AWERYH9brMoNl9WoPUlo4j8UrItJWXlHTw+LPCPPGNdAwchv4naozGau6xuVyVN7 +UVBXO8YMiWXXHhGQz7pX46R1OpfdoSe2nKOOJkvTL8jUCnTMl8/dFCsm2KwZMDdQ +IvvQ19ok5QijWZyPJhEUMAb8y++p2KSwclRWHng10jQMBP+o3C8Lpt6IRgQTEQoA +BgUCU8r6OgAKCRD4LlzASysrnmVZAKCMqPcLD1k/hgkBpZQXcYgryna01QCfV7KM +hALFW3G/ySPEPv/THC7P2QO5Ag0EU8rhiAEQANVpq7tDaynnl+SJQYf3QX8NuV7T +tAV/ct+Ehw2IGdv43Sv3fBYUkh16UJyBK9Qx1NP7Dljj/sGlAa3kyOiZsAGagrXU +B55nrN3LWFJLfph0VGqsJYP9t4eu5RLRD+uathcLwHEWeINoqIb8TKTxJOvvvsvw +VP2+QaVYKsfvn12jmrjAj1/loBjlwuPMTrwB/U2049LqbTbz+CurLwKPAuRim66r +7wO4yeZMMlYMwnXljHO0/3WR7n6H5wO16v1QrKCYmg2rheGLeh+SUCrCzNzygP78 +gD1OqH395JQhsJQJxw2apG1dLQETWAaVBpQ+3+3aJrjhyZ4XxfyCRYntpxIhY5GA +CcGrHkY7/EMNw1dZEMisDFaKfRxgduFjqMNTfwlGHmgnfuEvyVpeZ1zL5nzV8Wgq +KR5xUcCB0a2UjN2UficpMIsD00R51NlxDgUGT9t+ehLWU56RX8k6O9HXnsyLF0Xo +ahncubKPg5txU+9MI0i4Mib5pm1gGqgPGHweuUOoL21hljJIfldtbfGwApoQ7jbd ++8mOX5UAXxJDX4IVTd9HX70suhJraIpIVf2qSafJwth1ZM21PET27tGn4xmuA3vW +sNLLRBKeeQ584n0sKPUMrS/+sRLPYlGwVO7tU1okRdP6SGndVI8xv8nOxheKXqaO +QxYz2vFMbuWP/1CfABEBAAGJAiUEGAEKAA8FAlPK4YgCGwwFCROq0IAACgkQVc8b ++YaruceOTQ/8C6ZZme6wT6ccw42XHsv8yKFh05TPSWXR3acV1FXzncDMjIMrU097 +Y6+I8xp5y1DULziH177666SOehk3AkHSo7GUIzxLYksOx3RFskBZpQatwThr1x2S +0YVlxMAi/juZny0rarxTrvk2YAkDC7QCaSXScrn3K03QPjnYSlv73cj2lPAurfgs +eXL0N4xOmgbwDFnTXnuxLajA8SyuaDclIeHOp5izPQg24AzlMr0iGBZDcRyov1AH +bkD7NqjX8vZmTEcloYZKM8m8GAx/S52rFTc0V9t+wyNq7ZHAmzu/jqgzGyAeGbnX +mnCVW4JkrV64wFMJODAOwuJ4crZjnyHqaBAUeukpfeJj0BijskuJfj570Zq+qNHQ +6JHiHir6kedL/Xg4onNDJyTDMWmg8cRd2vrxclUXk6AfFLb9Wp/8Lf1YmzFnLg4u +GH3BcO4CJNBS0Z92JQD+Xdvgr7E7P3VbOSVDzJzFsilYhJgCxNkRWU5YbqBRQyG2 +4uVpTF2gu5nkjNJ+HYUWsTjgOP3Avr7KlLWJr3NfQLKhjG4AyKPGvNPgzQpUBE9O +ADEfyz7xVsngvIcYLT3sN6/qDpFW3QWGfBBhzWGe2ekpIDNHP4lao3oRS/+LGK8j +gHpGR2pddZzWSsAZIGqHxQEgo9ZpnfBCqub9N5ATiimma5Ot44pBkEw= +=aSin +-----END PGP PUBLIC KEY BLOCK----- diff --git a/share/logrotate/container b/share/logrotate/container index 0722aa5..d1783de 100644 --- a/share/logrotate/container +++ b/share/logrotate/container @@ -1,3 +1,5 @@ +# Open Infrastructure: compute-tools + /var/log/compute-tools/container.log { compress create 0640 root adm diff --git a/share/man/Makefile b/share/man/Makefile index 2ef1507..a878dbd 100644 --- a/share/man/Makefile +++ b/share/man/Makefile @@ -1,6 +1,6 @@ -# Makefile +# Open Infrastructure: compute-tools -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -17,28 +17,43 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <https://www.gnu.org/licenses/>. -# Depends: asciidoc dblatex docbook-xsl libxml2-utils source-highlight +# Depends: python3-docutils -A2X = a2x \ - --asciidoc-opts="-a revdate=$(shell cat ../../VERSION.txt)" \ - --doctype=manpage +RST2MAN = rst2man \ + --no-datestamp \ + --no-generator \ + --strict \ + --strip-comments \ + --tab-width=4 \ + --verbose + +VERSION := $(shell cat ../../VERSION.txt) SHELL := sh -e all: build -clean: - rm -f *.[0-9] - rm -f *.xml - build: man rebuild: clean build -man: *.txt - for FILE in *.txt; \ +man: man.in *.rst + @echo -n "Creating manpages... " + + @for FILE in *.rst; \ do \ - $(A2X) --format=manpage $${FILE}; \ + cp man.in $$(basename $${FILE} .rst); \ + $(RST2MAN) $${FILE} | \ + sed -e '/^.\\" Man page generated/d' \ + -e '/^.\\" Generated by/d' \ + -e "s|^\(.TH .*\) \(\"\" \"\"\) |\1 $${VERSION} compute-tools |" \ + >> $$(basename $${FILE} .rst); \ + echo -n "."; \ done + @echo " done." + +clean: + rm -f *.[0-9] + .PHONY: all clean build rebuild man diff --git a/share/man/compute-tools.7.rst b/share/man/compute-tools.7.rst new file mode 100644 index 0000000..33e6aea --- /dev/null +++ b/share/man/compute-tools.7.rst @@ -0,0 +1,153 @@ +.. Open Infrastructure: compute-tools + +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. +.. SPDX-License-Identifier: GPL-3.0+ +.. +.. This program is free software: you can redistribute it and/or modify +.. it under the terms of the GNU General Public License as published by +.. the Free Software Foundation, either version 3 of the License, or +.. (at your option) any later version. +.. +.. This program is distributed in the hope that it will be useful, +.. but WITHOUT ANY WARRANTY; without even the implied warranty of +.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.. GNU General Public License for more details. +.. +.. You should have received a copy of the GNU General Public License +.. along with this program. If not, see <https://www.gnu.org/licenses/>. + +============= +compute-tools +============= + +-------------------------------- +Manage systemd-nspawn containers +-------------------------------- + +:manual section: 7 +:manual group: Open Infrastructure + +Description +=========== + +[A Linux container] is an operating-system-level virtualization environment for +running multiple isolated Linux systems (containers) on a single Linux control +host. + + -- Wikipedia (https://en.wikipedia.org/wiki/LXC) + +**compute-tools** provides the system integration for managing containers using +systemd-nspawn(1). + +Download +======== + +| Upstream Releases: +| https://get.open-infrastructure.net/software/compute-tools/upstream + +| Upstream Sources: +| https://git.open-infrastructure.net/software/compute-tools + +| Debian Releases: +| https://get.open-infrastructure.net/software/compute-tools/debian + +| Debian Sources: +| https://git.progress-linux.org/users/daniel/debian/packages/open-infrastructure-compute-tools + +Installation +============ + +Source +------ + +| $ sudo apt install git make python3-docutils dbus systemd-container +| $ git clone https://git.open-infrastructure.net/software/compute-tools +| $ cd compute-tools && sudo make install + +Debian 9 (stretch) and newer +---------------------------- + +| $ sudo apt install compute-tools + +Development +=========== + +Bug reports, feature requests, help, patches, support and everything else are +welcome on the Open Infrastructure Software Mailing List +(https://lists.open-infrastructure.net/listinfo/software). + +Please base patches against the 'next' Git branch using common sense +(https://www.kernel.org/doc/Documentation/SubmittingPatches). + +Debian specific bugs can also be reported in the Debian Bug Tracking System +(https://bugs.debian.org). + +Known limitations +================= + +This version of compute-tools currently do not work with systemd-networkd and +depend on ifupdown. + +Using overlay, the upper directory can not be an NFS mount due to limitations in +Linux' overlay filesystem +(https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/filesystems/overlayfs.txt). + +Usage +===== + +Build a new container: + sudo container build -n NAME + +Start a container: + sudo container start -n NAME + +Stop a container: + sudo container stop -n NAME + +Remove a container: + sudo container remove -n NAME + +List container on the system: + sudo container list + +Show container version: + container version + +See container(1) for a list of all container commands. + +Links +===== + +| * Linux Weekly News: Kernel / Containers +| (https://lwn.net/Kernel/Index/#Containers) + +| * Linux Weekly News: Security / Containers +| (https://lwn.net/Security/Index/#Containers) + +| * 2016-02-24: Systemd vs. Docker +| (https://lwn.net/Articles/676831/) + +| * 2015-06-10: Systemd and containers +| (https://lwn.net/Articles/647634/) + +| * 2014-07-07: Control groups +| (https://lwn.net/Articles/604609/) + +| * 2013-11-13: Systemd-Nspawn is Chroot on Steroids [LinuxCon Europe] +| (https://www.youtube.com/watch?v=s7LlUs5D9p4) + +| * 2013-11-03: Creating containers with systemd-nspawn +| (https://lwn.net/Articles/572957/) + +| * 2013-02-06: Systemd lightweight containers +| (https://lwn.net/Articles/536033/) + +| * 2013-01-04: Namespaces in operation +| (https://lwn.net/Articles/531114/) + +Authors +======= + +compute-tools were written by Daniel Baumann +<daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/compute-tools.7.txt b/share/man/compute-tools.7.txt deleted file mode 100644 index e5f2c54..0000000 --- a/share/man/compute-tools.7.txt +++ /dev/null @@ -1,133 +0,0 @@ -// Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> -// -// SPDX-License-Identifier: GPL-3.0+ -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation, either version 3 of the License, or -// (at your option) any later version. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <https://www.gnu.org/licenses/>. - -CONTAINER-TOOLS(7) -================== -:doctype: manpage -:man manual: Open Infrastructure -:man source: compute-tools -:man version: {revnumber} - - -NAME ----- -compute-tools - Manage systemd-nspawn containers - - -DESCRIPTION ------------ -"[A Linux container] is an operating-system-level virtualization environment for running multiple isolated Linux systems (containers) on a single Linux control host.":: - -- Wikipedia (https://en.wikipedia.org/wiki/LXC) - -compute-tools provides the system integration for managing containers using systemd-nspawn. - - -DOWNLOAD --------- - * Upstream Releases: https://get.open-infrastructure.net/software/compute-tools/upstream - * Upstream Sources: https://git.open-infrastructure.net/software/compute-tools - * Debian Releases: https://get.open-infrastructure.net/software/compute-tools/debian - * Debian Sources: https://git.progress-linux.org/users/daniel/debian/packages/open-infrastructure-compute-tools - - -INSTALLATION ------------- - -SOURCE -~~~~~~ - 1. sudo apt install asciidoc git docbook-xml docbook-xsl libxml2-utils make xsltproc dbus systemd-container - 2. git clone https://git.open-infrastructure.net/software/compute-tools - 3. cd compute-tools && sudo make install - -DEBIAN 9 (STRETCH) AND NEWER -~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - * sudo apt install container-tools - - -DEVELOPMENT ------------ -Bug reports, feature requests, help, patches, support and everything else -are welcome on the Open Infrastructure Software Mailing List: - - * https://lists.open-infrastructure.net/listinfo/software - -Please base patches against the 'next' Git branch using common sense: - - * https://www.kernel.org/doc/Documentation/SubmittingPatches - -Debian specific bugs can also be reported in the Debian Bug Tracking System: - - * https://bugs.debian.org - - -KNOWN LIMITATIONS ------------------ - * This version of compute-tools currently do not work with systemd-networkd and depend on ifupdown. - * Using overlay, the upper directory can not be an NFS mount due to limitations in Linux' overlay filesystem, - see https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/filesystems/overlayfs.txt - - -USAGE ------ -*Create a new container:*:: - sudo container create -n NAME - -*Start a container:*:: - sudo container start -n NAME - -*Stop a container:*:: - sudo container stop -n NAME - -*Remove a container:*:: - sudo container remove -n NAME - -*List container on the system:*:: - sudo container list - -*Show container version:*:: - container version - -See container(1) for a list of all container commands. - - -LINKS ------ -*2016-02-24: Systemd vs. Docker*:: - https://lwn.net/Articles/676831/ - -*2015-06-10: Systemd and containers*:: - https://lwn.net/Articles/647634/ - -*2014-07-07: Control groups*:: - https://lwn.net/Articles/604609/ - -*2013-11-13: Systemd-Nspawn is Chroot on Steroids [LinuxCon Europe]*:: - https://www.youtube.com/watch?v=s7LlUs5D9p4 - -*2013-11-03: Creating containers with systemd-nspawn*:: - https://lwn.net/Articles/572957/ - -*2013-02-06: Systemd lightweight containers*:: - https://lwn.net/Articles/536033/ - -*2013-01-04: Namespaces in operation*:: - https://lwn.net/Articles/531114/ - - -AUTHORS -------- -compute-tools were written by Daniel Baumann <daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-auto.1.rst b/share/man/container-auto.1.rst new file mode 100644 index 0000000..68836eb --- /dev/null +++ b/share/man/container-auto.1.rst @@ -0,0 +1,92 @@ +.. Open Infrastructure: compute-tools + +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. +.. SPDX-License-Identifier: GPL-3.0+ +.. +.. This program is free software: you can redistribute it and/or modify +.. it under the terms of the GNU General Public License as published by +.. the Free Software Foundation, either version 3 of the License, or +.. (at your option) any later version. +.. +.. This program is distributed in the hope that it will be useful, +.. but WITHOUT ANY WARRANTY; without even the implied warranty of +.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.. GNU General Public License for more details. +.. +.. You should have received a copy of the GNU General Public License +.. along with this program. If not, see <https://www.gnu.org/licenses/>. + +============== +container-auto +============== + +------------------------------------------------------- +Start/stop all container automatically at boot/shutdown +------------------------------------------------------- + +:manual section: 1 +:manual group: Open Infrastructure + +Synopsis +======== + +| **container auto** ['OPTIONS'] + +Description +=========== + +The **container auto** command starts or stops all container on the host system. + +Options +======= + +The following **container auto** options are available: + +-f, --force: + Removing stray lock file if existing. + +-s, --start: + Start all container on the host system. + +-t, --stop: + Stop all container on the host system. + +Examples +======== + +Start all container on the host system: + + sudo container auto --start + +Stop all container on the host system: + + sudo container auto --stop + +See also +======== + +| compute-tools(7), +| container(1). + +Homepage +======== + +More information about compute-tools and the Open Infrastructure project can be +found on the homepage (https://open-infrastructure.net). + +Contact +======= + +Bug reports, feature requests, help, patches, support and everything else are +welcome on the Open Infrastructure Software Mailing List +<software@lists.open-infrastructure.net>. + +Debian specific bugs can also be reported in the Debian Bug Tracking System +(https://bugs.debian.org). + +Authors +======= + +compute-tools were written by Daniel Baumann +<daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-auto.1.txt b/share/man/container-auto.1.txt deleted file mode 100644 index ecb84b0..0000000 --- a/share/man/container-auto.1.txt +++ /dev/null @@ -1,85 +0,0 @@ -// Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> -// -// SPDX-License-Identifier: GPL-3.0+ -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation, either version 3 of the License, or -// (at your option) any later version. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <https://www.gnu.org/licenses/>. - -CONTAINER-START(1) -================== -:doctype: manpage -:man manual: Open Infrastructure -:man source: compute-tools -:man version: {revnumber} - - -NAME ----- -container-auto - Start/stop all container automatically at boot/shutdown - - -SYNOPSIS --------- -*container auto* ['OPTIONS'] - - -DESCRIPTION ------------ -The container auto command starts or stops all container on the host system. - - -OPTIONS -------- -The following container options are available: - -*-f, --force*:: - Removing stray lock file if existing. - -*-s, --start*:: - Start all container on the host system. - -*-t, --stop*:: - Stop all container on the host system. - - -EXAMPLES --------- -*Start all container on the host system:*:: - sudo container auto --start - -*Stop all container on the host system:*:: - sudo container auto --stop - - -SEE ALSO --------- -compute-tools(7), -container(1). - - -HOMEPAGE --------- -More information about compute-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net. - - -CONTACT -------- -Bug reports, feature requests, help, patches, support and everything else -are welcome on the Open Infrastructure Software Mailing List <software@lists.open-infrastructure.net>. - -Debian specific bugs can also be reported in the Debian Bug Tracking System at https://bugs.debian.org. - - -AUTHORS -------- -compute-tools were written by Daniel Baumann <daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-build-debconf.1.rst b/share/man/container-build-debconf.1.rst new file mode 100644 index 0000000..6543140 --- /dev/null +++ b/share/man/container-build-debconf.1.rst @@ -0,0 +1,173 @@ +.. Open Infrastructure: compute-tools + +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. +.. SPDX-License-Identifier: GPL-3.0+ +.. +.. This program is free software: you can redistribute it and/or modify +.. it under the terms of the GNU General Public License as published by +.. the Free Software Foundation, either version 3 of the License, or +.. (at your option) any later version. +.. +.. This program is distributed in the hope that it will be useful, +.. but WITHOUT ANY WARRANTY; without even the implied warranty of +.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.. GNU General Public License for more details. +.. +.. You should have received a copy of the GNU General Public License +.. along with this program. If not, see <https://www.gnu.org/licenses/>. + +======================= +container-build-debconf +======================= + +----------------------------------------------------- +Build an advanced Debian based container with debconf +----------------------------------------------------- + +:manual section: 1 +:manual group: Open Infrastructure + +Synopsis +======== + +| **container build -s debconf** ['OPTIONS'] +| **cnt b -s debconf** ['OPTIONS'] + +| **container build -s debian** ['OPTIONS'] +| **cnt b -s debian** ['OPTIONS'] + +| **container build -s progress-linux** ['OPTIONS'] +| **cnt b -s progress-linux** ['OPTIONS'] + +Description +=========== + +The debconf container build script uses debconf(1) to automatically build a +Debian based container. + +Scope +----- + +Note that this container build script can do a few things more than just +automatically debootstrap based on a preseed file. It also allows you to set a +root password, configure the network, install certain packages and execute +hooks. + +But: this is *not* a replacement for a configuration management system (like +ansible, puppet, etc.). The intenion of this script is to build the initial +container to that extend that a configuration management system can take over. + +As an analogy, think of debian-installer: d-i sets up your system to make it +ready to boot and connect to the network. Everything after that is out of scope. +Same goes for this script. + +Functions +--------- + +This script performs the following configuration on top of a Debian based +system: + + * network + * root password + * apt repositories + * \.\.\. + +Modes +----- + +This container build script can be used under two different names: debian and +progress-linux. + +Alternative, calling it under the debconf name is equal to the debian mode. + +Preseeding +---------- + +Hierarchy of Preseed Files: + + * The debconf script can be fully preseeded. Such preseed files can include + one or more preseed files themselfs (currently, only one layer of includes + is supported, no nested or recursive includes). + + * The general rule of 'the later preseed file overwrites the earlier' applies. + The debconf script reads the main preseed file (specified either on command + line or by debconf selection/input dialog) after any included preseed files + in there. + + * That means that debconf values after the include statement in the main + preseed file can overwrite any values specified in the included preseed + files. + +Options +======= + +The following script options are available: + +-n, --name='NAME': + Specify container name. + +-p, --preseed-file='FILE': + Specify the preseed file. + +Examples +======== + +Build a Debian based container: + + sudo container build -s debian -n debian.example.net + +Build a Progress Linux container: + + sudo container build -s progress-linux -n progress.example.net + +Files +===== + +The following files are used: + +/etc/compute-tools/config: + Container configuration files. + +/usr/share/compute-tools/build-scripts: + Container build scripts. + +/usr/share/doc/compute-tools: + Container documentation. + +/var/lib/machines: + Container directory. + +/var/cache/container: + Container cache directory. + +/tmp/compute-tools: + Container temporary directory. + +See also +======== + +| compute-tools(7), +| container(1). + +Homepage +======== + +More information about compute-tools and the Open Infrastructure project can be +found on the homepage (https://open-infrastructure.net). + +Contact +======= + +Bug reports, feature requests, help, patches, support and everything else are +welcome on the Open Infrastructure Software Mailing List +<software@lists.open-infrastructure.net>. + +Debian specific bugs can also be reported in the Debian Bug Tracking System +(https://bugs.debian.org). + +Authors +======= + +compute-tools were written by Daniel Baumann +<daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-build-debootstrap.1.rst b/share/man/container-build-debootstrap.1.rst new file mode 100644 index 0000000..10538c5 --- /dev/null +++ b/share/man/container-build-debootstrap.1.rst @@ -0,0 +1,111 @@ +.. Open Infrastructure: compute-tools + +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. +.. SPDX-License-Identifier: GPL-3.0+ +.. +.. This program is free software: you can redistribute it and/or modify +.. it under the terms of the GNU General Public License as published by +.. the Free Software Foundation, either version 3 of the License, or +.. (at your option) any later version. +.. +.. This program is distributed in the hope that it will be useful, +.. but WITHOUT ANY WARRANTY; without even the implied warranty of +.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.. GNU General Public License for more details. +.. +.. You should have received a copy of the GNU General Public License +.. along with this program. If not, see <https://www.gnu.org/licenses/>. + +=========================== +container-build-debootstrap +=========================== + +------------------------------------------------------------------- +Build a basic Debian based container with debootstrap or mmdebstrap +------------------------------------------------------------------- + +:manual section: 1 +:manual group: Open Infrastructure + +Synopsis +======== + +| **container build -s debootstrap** ['OPTIONS'] +| **cnt b -s debootstrap** ['OPTIONS'] + +| **container build -s mmdebstrap** ['OPTIONS'] +| **cnt b -s mmdebstrap** ['OPTIONS'] + +Description +=========== + +The debootstrap container build script uses debootstrap(8) or mmdebstrap(1) +to build a Debian based container. + +This script builds a pure Debian system with three modificiations: + + * apt cache of packages downloaded during debootstrap is cleaned + * hostname is set (container name) in /etc/hostname + * root password is set (user specified or 16 random characters) + +Options +======= + +The following script options are available: + +-n, --name='NAME': + Specify container name. + +-a, --architecture='ARCHITECTURE': + Specify the Debian architecture, defaults to the host systems architecture. + +-d, --distribution='DISTRIBUTION': + Specify the Debian distribution, defaults to 'bookworm'. + +-m, --mirror='MIRROR': + Specify the Debian mirror, defaults to 'https://deb.debian.org/debian'. + +-p, --root-password='PASSWORD': + Specify the root password, defaults to a random 16 character password. + +Examples +======== + +Build a Debian 12 (bookworm) based container with same architecture as the host +system using debootstrap: + + sudo container build -s debootstrap -n bookworm.example.net + +Build a Debian 12 (bookworm) based container with different architecture as the +host system using mmdebstrap: + + sudo container build -s mmdebstrap -n bookworm-i386.example.net -- -a i386 + +See also +======== + +| compute-tools(7), +| container(1). + +Homepage +======== + +More information about compute-tools and the Open Infrastructure project can be +found on the homepage (https://open-infrastructure.net). + +Contact +======= + +Bug reports, feature requests, help, patches, support and everything else are +welcome on the Open Infrastructure Software Mailing List +<software@lists.open-infrastructure.net>. + +Debian specific bugs can also be reported in the Debian Bug Tracking System +(https://bugs.debian.org). + +Authors +======= + +compute-tools were written by Daniel Baumann +<daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-build.1.rst b/share/man/container-build.1.rst new file mode 100644 index 0000000..faa0e16 --- /dev/null +++ b/share/man/container-build.1.rst @@ -0,0 +1,139 @@ +.. Open Infrastructure: compute-tools + +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. +.. SPDX-License-Identifier: GPL-3.0+ +.. +.. This program is free software: you can redistribute it and/or modify +.. it under the terms of the GNU General Public License as published by +.. the Free Software Foundation, either version 3 of the License, or +.. (at your option) any later version. +.. +.. This program is distributed in the hope that it will be useful, +.. but WITHOUT ANY WARRANTY; without even the implied warranty of +.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.. GNU General Public License for more details. +.. +.. You should have received a copy of the GNU General Public License +.. along with this program. If not, see <https://www.gnu.org/licenses/>. + +=============== +container-build +=============== + +----------------- +Build a container +----------------- + +:manual section: 1 +:manual group: Open Infrastructure + +Synopsis +======== + +| **container build** ['OPTIONS'] +| **cnt b** ['OPTIONS'] + +Description +=========== + +The **container build** command builds a container based on a script. + +Scripts +------- + +The following build scripts are available: + +debootstrap: + Basic script to build Debian based container, see + container-build-debootstrap(1). + +debconf: + Advanced script to automatically build Debian based container, see + container-build-debconf(1). + +default: + Symlink (if existing) to a build script which is used if no script was + specified. On Debian based system this can be managed through + update-alternatives(1), i.e. 'sudo update-alternatives --config + container_build-script'. + +Options +======= + +The following **container build** options are available: + +-n, --name='NAME': + Specify container name. + +-c, --capability='CAPABILITY': + Specify capabilities to grant, see capabilities(7). + +-d, --drop-capability='DROP_CAPABILITY': + Specify capabilities to drop, see capabilities(7). + +-s, --script='SCRIPT': + Specify container build script, defaults to 'debootstrap'. + +-v, --verbose: + Explain what is being done. + +-b, --bind='DIRECTORY:DIRECTORY[:OPTIONS][;DIRECTORY:DIRECTORY[:OPTIONS]]': + Specify container read-write bind mounts, see systemd-nspawn(1) --bind option. + +--bind-ro='DIRECTORY:DIRECTORY[:OPTIONS][;DIRECTORY:DIRECTORY[:OPTIONS]]': + Specify container read-only bind mounts, see systemd-nspawn(1) --bind-ro + option. + +--cnt-overlay='DIRECTORY_LOWER:DIRECTORY_UPPER:DIRECTORY_WORK:DIRECTORY_MERGED[;DIRECTORY_UPPER:DIRECTORY_LOWER:DIRECTORY_WORK:DIRECTORY_MERGED]': + Specify container overlay mounts, see Documentation/filesystems/overlayfs.txt. + +--cnt.overlay-options='OPTION1,OPTION2[;OPTION3,OPTION4]': + Specify container overlay mount options, see + Documentation/filesystems/overlayfs.txt. + +--cnt.start='OPTION1[,OPTION2,...]': + Specify container start options, see container-start(1). + +Examples +======== + +Build example.net container using debootstrap script: + + sudo container build -n example.net -s debootstrap + +Build example.net container using debconf script: + + sudo container build -n example.net -s debconf + +Build example.net container with the default build script and start it: + + sudo container build,start -n example.net + +See also +======== + +| compute-tools(7), +| container(1). + +Homepage +======== + +More information about compute-tools and the Open Infrastructure project can be +found on the homepage (https://open-infrastructure.net). + +Contact +======= + +Bug reports, feature requests, help, patches, support and everything else are +welcome on the Open Infrastructure Software Mailing List +<software@lists.open-infrastructure.net>. + +Debian specific bugs can also be reported in the Debian Bug Tracking System +(https://bugs.debian.org). + +Authors +======= + +compute-tools were written by Daniel Baumann +<daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-console.1.rst b/share/man/container-console.1.rst new file mode 100644 index 0000000..a3afd51 --- /dev/null +++ b/share/man/container-console.1.rst @@ -0,0 +1,86 @@ +.. Open Infrastructure: compute-tools + +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. +.. SPDX-License-Identifier: GPL-3.0+ +.. +.. This program is free software: you can redistribute it and/or modify +.. it under the terms of the GNU General Public License as published by +.. the Free Software Foundation, either version 3 of the License, or +.. (at your option) any later version. +.. +.. This program is distributed in the hope that it will be useful, +.. but WITHOUT ANY WARRANTY; without even the implied warranty of +.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.. GNU General Public License for more details. +.. +.. You should have received a copy of the GNU General Public License +.. along with this program. If not, see <https://www.gnu.org/licenses/>. + +================= +container-console +================= + +------------------------------- +Attach a console to a container +------------------------------- + +:manual section: 1 +:manual group: Open Infrastructure + +Synopsis +======== + +| **container console** ['OPTIONS'] + +Description +=========== + +The **container console** command attaches a console to a container. + +While 'container enter' bypasses the login prompt and drops to a root shell, the +'container console' command shows a full login prompt where any valid user and +password combination can be used. + +Options +======= + +The following **container console** options are available: + +-n, --name='NAME': + Specify container name. + +Examples +======== + +Attach console to example.net container: + + sudo container console -n example.net + +See also +======== + +| compute-tools(7), +| container(1). + +Homepage +======== + +More information about compute-tools and the Open Infrastructure project can be +found on the homepage (https://open-infrastructure.net). + +Contact +======= + +Bug reports, feature requests, help, patches, support and everything else are +welcome on the Open Infrastructure Software Mailing List +<software@lists.open-infrastructure.net>. + +Debian specific bugs can also be reported in the Debian Bug Tracking System +(https://bugs.debian.org). + +Authors +======= + +compute-tools were written by Daniel Baumann +<daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-console.1.txt b/share/man/container-console.1.txt deleted file mode 100644 index 59bb421..0000000 --- a/share/man/container-console.1.txt +++ /dev/null @@ -1,79 +0,0 @@ -// Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> -// -// SPDX-License-Identifier: GPL-3.0+ -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation, either version 3 of the License, or -// (at your option) any later version. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <https://www.gnu.org/licenses/>. - -CONTAINER-CONSOLE(1) -==================== -:doctype: manpage -:man manual: Open Infrastructure -:man source: compute-tools -:man version: {revnumber} - - -NAME ----- -container-console - Attach a console to a container - - -SYNOPSIS --------- -*container console* ['OPTIONS'] - - -DESCRIPTION ------------ -The container console command attaches a console to a container. - -While 'container enter' bypasses the login prompt and drops to a root shell, -the 'container console' command shows a full login prompt where any valid user and password combination can be used. - - -OPTIONS -------- -The following container options are available: - -*-n, --name='NAME'*:: - Specify container name. - - -EXAMPLES --------- -*Attach console to example.net container:*:: - sudo container console -n example.net - - -SEE ALSO --------- -compute-tools(7), -container(1). - - -HOMEPAGE --------- -More information about compute-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net. - - -CONTACT -------- -Bug reports, feature requests, help, patches, support and everything else -are welcome on the Open Infrastructure Software Mailing List <software@lists.open-infrastructure.net>. - -Debian specific bugs can also be reported in the Debian Bug Tracking System at https://bugs.debian.org. - - -AUTHORS -------- -compute-tools were written by Daniel Baumann <daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-create-curl.1.txt b/share/man/container-create-curl.1.txt deleted file mode 100644 index e263092..0000000 --- a/share/man/container-create-curl.1.txt +++ /dev/null @@ -1,129 +0,0 @@ -// Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> -// -// SPDX-License-Identifier: GPL-3.0+ -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation, either version 3 of the License, or -// (at your option) any later version. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <https://www.gnu.org/licenses/>. - -CONTAINER-CREATE-CURL(1) -======================== -:doctype: manpage -:man manual: Open Infrastructure -:man source: compute-tools -:man version: {revnumber} - - -NAME ----- -container-create-curl - Create a Debian based container by downloading a tarball over the network - - -SYNOPSIS --------- -*container create -s curl* ['OPTIONS'] - - -DESCRIPTION ------------ -The curl container creation script uses curl(1) to download a tarball over the -network to create a Debian based container. - -Depending on the tarball this script otherwise creates a pure Debian system with three modificiations: - - * hostname is set (container name) in /etc/hostname - * systemd machine-id is generated in /etc/machine-id - * root password is set (user specified or 16 random characters) - - -OPTIONS -------- -The following script options are available: - -*-n, --name='NAME'*:: - Specify container name. - -*-a, --architecture='ARCHITECTURE'*:: - Specify container architecture. - -"--clean*:: - Remove downloaded tarball after successfull container creation. - -*-p, --root-password='PASSWORD'*:: - Specify the root password, defaults to a random 16 character password. - -*--server='SERVER'*:: - Specify the image server to download from, defaults to https://get.open-infrastructure.net/system/container/debian. - -*--setup='SETUP'*:: - Specify the setup image name to download, defaults to the value specified through --system using the setup.tar.${COMPRESSION} suffix. - -*--system='SYSTEM'*:: - Specify the system image name to download, defaults to debian-stretch-current_${ARCHITECTURE}.system.tar.${COMPRESSION} (where ${ARCHITECTURE} is the host systems architecture and ${COMPRESSION} either lz, xz, or gz depending on compressor availability on the host system). - - -EXAMPLES --------- -*Create a Debian 9 (stretch) based container with same architecture as the host system:*:: - sudo container create -s curl -n stretch.example.net - -*Create a Debian 9 (stretch) based container with different architecture as the host system:*:: - sudo container create -s curl -n stretch-i386.example.net -- --system debian-stretch-current_i386.system.tar.xz - -FILES ------ -The following files are used: - -*/etc/compute-tools/config*:: - Container configuration files. - -*/usr/share/compute-tools/scripts*:: - Container creation scripts. - -*/usr/share/doc/compute-tools*:: - Container documentation. - -*/var/lib/machines*:: - Container directory. - -*/var/cache/container*:: - Container cache directory. - - -CONTAINER IMAGES ----------------- - -compute-tools will download tarballs from a server expecting that the images are tarballs with either gzip, lzip, xz, or no compression. See container-images.sh as an example on how to create your own container images. - - -SEE ALSO --------- -compute-tools(7), -container(1). - - -HOMEPAGE --------- -More information about compute-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net. - - -CONTACT -------- -Bug reports, feature requests, help, patches, support and everything else -are welcome on the Open Infrastructure Software Mailing List <software@lists.open-infrastructure.net>. - -Debian specific bugs can also be reported in the Debian Bug Tracking System at https://bugs.debian.org. - - -AUTHORS -------- -compute-tools were written by Daniel Baumann <daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-create-debconf.1.txt b/share/man/container-create-debconf.1.txt deleted file mode 100644 index a04dfaf..0000000 --- a/share/man/container-create-debconf.1.txt +++ /dev/null @@ -1,157 +0,0 @@ -// Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> -// -// SPDX-License-Identifier: GPL-3.0+ -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation, either version 3 of the License, or -// (at your option) any later version. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <https://www.gnu.org/licenses/>. - -CONTAINER-CREATE-DEBOOTSTRAP(1) -=============================== -:doctype: manpage -:man manual: Open Infrastructure -:man source: compute-tools -:man version: {revnumber} - - -NAME ----- -container-create-debconf - Create an advanced Debian based container with debconf - - -SYNOPSIS --------- -*container create -s debconf* ['OPTIONS'] -*cnt cr -s debconf* ['OPTIONS'] - -*container create -s debian* ['OPTIONS'] -*cnt cr -s debian* ['OPTIONS'] - -*container create -s progress-linux* ['OPTIONS'] -*cnt cr -s progress-linux* ['OPTIONS'] - - -DESCRIPTION ------------ -The debconf container creation script uses debconf(1) to automatically create a Debian based container. - -SCOPE -~~~~~ -Note that this container creation script can do a few things more than just automatically debootstrap based on a preseed file. -It also allows you to set a root password, configure the network, install certain packages and execute hooks. - -But: this is *not* a replacement for a configuration management system (like ansible, puppet, etc.). -The intenion of this script is to create the initial container to that extend that a configuration managment system -can take over. - -As an analogy, think of debian-installer: d-i sets up your system to make it ready to boot and connect to the network. Everything -after that is out of scope. Same goes for this script. - -FUNCTIONS -~~~~~~~~~ - -This script performs the following configuration on top of a Debian based system: - - * network - * root password - * apt repositories - * ... - -MODES -~~~~~ -This container creation script can be used under two different names: debian and progress-linux. - -Alternative, calling it under the debconf name is equal to the debian mode. - - -PRESEEDING -~~~~~~~~~~ - -Hierarchy of Preseed Files - -The debconf script can be fully preseeded. Such preseed files -can include one or more preseed files themselfs (currently, only one layer of -includes is supported, no nested or recursive includes). - -The general rule of 'the later preseed file overwrites the earlier' applies. -The debconf script reads the main preseed file (specified either on command line or -by debconf selection/input dialog) after any included preseed files in there. - -That means that debconf values after the include statement in the main preseed -file can overwrite any values specified in the included preseed files. - - -OPTIONS -------- -The following script options are available: - -*-n, --name='NAME'*:: - Specify container name. - -*-p, --preseed-file='FILE'*:: - Specify the preseed file. - - -EXAMPLES --------- -*Create a Debian based container:*:: - sudo container create -s debian -n debian.example.net - -*Create a Progress Linux container:*:: - sudo container create -s progress-linux -n progress.example.net - - -FILES ------ -The following files are used: - -*/etc/compute-tools/config*:: - Container configuration files. - -*/usr/share/compute-tools/scripts*:: - Container creation scripts. - -*/usr/share/doc/compute-tools*:: - Container documentation. - -*/var/lib/machines*:: - Container directory. - -*/var/cache/container*:: - Container cache directory. - -*/tmp/compute-tools*:: - Container temporary directory. - - -SEE ALSO --------- -compute-tools(7), -container(1). - - -HOMEPAGE --------- -More information about compute-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net. - - -CONTACT -------- -Bug reports, feature requests, help, patches, support and everything else -are welcome on the Open Infrastructure Software Mailing List <software@lists.open-infrastructure.net>. - -Debian specific bugs can also be reported in the Debian Bug Tracking System at https://bugs.debian.org. - - -AUTHORS -------- -compute-tools were written by Daniel Baumann <daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-create-debootstrap.1.txt b/share/man/container-create-debootstrap.1.txt deleted file mode 100644 index 37d6414..0000000 --- a/share/man/container-create-debootstrap.1.txt +++ /dev/null @@ -1,100 +0,0 @@ -// Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> -// -// SPDX-License-Identifier: GPL-3.0+ -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation, either version 3 of the License, or -// (at your option) any later version. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <https://www.gnu.org/licenses/>. - -CONTAINER-CREATE-DEBOOTSTRAP(1) -=============================== -:doctype: manpage -:man manual: Open Infrastructure -:man source: compute-tools -:man version: {revnumber} - - -NAME ----- -container-create-debootstrap - Create a basic Debian based container with debootstrap or mmdebstrap - - -SYNOPSIS --------- -*container create -s debootstrap* ['OPTIONS'] -*cnt cr -s debootstrap* ['OPTIONS'] - -*container create -s mmdebstrap* ['OPTIONS'] -*cnt cr -s mmdebstrap* ['OPTIONS'] - -DESCRIPTION ------------ -The debootstrap container creation script uses debootstrap(8) or mmdebstrap(1) to create a Debian based container. - -This script creates a pure Debian system with three modificiations: - - * apt cache of packages downloaded during debootstrap is cleaned - * hostname is set (container name) in /etc/hostname - * root password is set (user specified or 16 random characters) - - -OPTIONS -------- -The following script options are available: - -*-n, --name='NAME'*:: - Specify container name. - -*-a, --architecture='ARCHITECTURE'*:: - Specify the Debian architecture, defaults to the host systems architecture. - -*-d, --distribution='DISTRIBUTION'*:: - Specify the Debian distribution, defaults to stretch. - -*-m, --mirror='MIRROR'*:: - Specify the Debian mirror, defaults to https://deb.debian.org/debian. - -*-p, --root-password='PASSWORD'*:: - Specify the root password, defaults to a random 16 character password. - - -EXAMPLES --------- -*Create a Debian 9 (stretch) based container with same architecture as the host system using debootstrap:*:: - sudo container create -s debootstrap -n stretch.example.net - -*Create a Debian 9 (stretch) based container with different architecture as the host system using mmdebstrap:*:: - sudo container create -s mmdebstrap -n stretch-i386.example.net -- -a i386 - - -SEE ALSO --------- -compute-tools(7), -container(1). - - -HOMEPAGE --------- -More information about compute-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net. - - -CONTACT -------- -Bug reports, feature requests, help, patches, support and everything else -are welcome on the Open Infrastructure Software Mailing List <software@lists.open-infrastructure.net>. - -Debian specific bugs can also be reported in the Debian Bug Tracking System at https://bugs.debian.org. - - -AUTHORS -------- -compute-tools were written by Daniel Baumann <daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-create.1.txt b/share/man/container-create.1.txt deleted file mode 100644 index c49ac9c..0000000 --- a/share/man/container-create.1.txt +++ /dev/null @@ -1,126 +0,0 @@ -// Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> -// -// SPDX-License-Identifier: GPL-3.0+ -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation, either version 3 of the License, or -// (at your option) any later version. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <https://www.gnu.org/licenses/>. - -CONTAINER-CREATE(1) -=================== -:doctype: manpage -:man manual: Open Infrastructure -:man source: compute-tools -:man version: {revnumber} - - -NAME ----- -container-create - Create a container - - -SYNOPSIS --------- -*container create* ['OPTIONS'] -*cnt cr* ['OPTIONS'] - - -DESCRIPTION ------------ -The container-create command creates a container based on a script. - - -OPTIONS -------- -The following container-create options are available: - -*-n, --name='NAME'*:: - Specify container name. - -*-c, --capability='CAPABILITY'*:: - Specify capabilities to grant, see capabilities(7). - -*-d, --drop-capability='DROP_CAPABILITY'*:: - Specify capabilities to drop, see capabilities(7). - -*-s, --script='SCRIPT'*:: - Specify container creation script, defaults to debootstrap. - -*-v, --verbose*:: - Explain what is being done. - -*-b, --bind='DIRECTORY:DIRECTORY[:OPTIONS][;DIRECTORY:DIRECTORY[:OPTIONS]]'*:: - Specify container read-write bind mounts, see systemd-nspawn(1) --bind option. - -*--bind-ro='DIRECTORY:DIRECTORY[:OPTIONS][;DIRECTORY:DIRECTORY[:OPTIONS]]'*:: - Specify container read-only bind mounts, see systemd-nspawn(1) --bind-ro option. - -*--cnt-overlay='DIRECTORY_LOWER:DIRECTORY_UPPER:DIRECTORY_WORK:DIRECTORY_MERGED[;DIRECTORY_UPPER:DIRECTORY_LOWER:DIRECTORY_WORK:DIRECTORY_MERGED]'*:: - Specify container overlay mounts, see Documentation/filesystems/overlayfs.txt. - -*--cnt.overlay-options='OPTION1,OPTION2[;OPTION3,OPTION4]'*:: - Specify container overlay mount options, see Documentation/filesystems/overlayfs.txt. - - -SCRIPTS -------- -The following container scripts are available: - -*curl*:: - Basic script to create Debian based container, see container-create-curl(1). - -*debootstrap*:: - Basic script to create Debian based container, see container-create-debootstrap(1). - -*debconf*:: - Advanced script to automatically create Debian based container, see container-create-debconf(1). - -*default*:: - Symlink (if existing) to a container script which is used if no script was specified. On Debian based system this can be managed through update-alternatives(1), i.e. 'sudo update-alternatives --config container_script'. - - -EXAMPLES --------- -*Create example.net container using curl script:*:: - sudo container create -n example.net -s curl - -*Create example.net container using debootstrap script:*:: - sudo container create -n example.net -s debootstrap - -*Create example.net container using debconf script:*:: - sudo container create -n example.net -s debconf - -*Create example.net container with the default create script and start it:*:: - sudo container create,start -n example.net - -SEE ALSO --------- -compute-tools(7), -container(1). - - -HOMEPAGE --------- -More information about compute-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net. - - -CONTACT -------- -Bug reports, feature requests, help, patches, support and everything else -are welcome on the Open Infrastructure Software Mailing List <software@lists.open-infrastructure.net>. - -Debian specific bugs can also be reported in the Debian Bug Tracking System at https://bugs.debian.org. - - -AUTHORS -------- -compute-tools were written by Daniel Baumann <daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-enter.1.rst b/share/man/container-enter.1.rst new file mode 100644 index 0000000..65961f5 --- /dev/null +++ b/share/man/container-enter.1.rst @@ -0,0 +1,86 @@ +.. Open Infrastructure: compute-tools + +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. +.. SPDX-License-Identifier: GPL-3.0+ +.. +.. This program is free software: you can redistribute it and/or modify +.. it under the terms of the GNU General Public License as published by +.. the Free Software Foundation, either version 3 of the License, or +.. (at your option) any later version. +.. +.. This program is distributed in the hope that it will be useful, +.. but WITHOUT ANY WARRANTY; without even the implied warranty of +.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.. GNU General Public License for more details. +.. +.. You should have received a copy of the GNU General Public License +.. along with this program. If not, see <https://www.gnu.org/licenses/>. + +=============== +container-enter +=============== + +--------------------------- +Enter a container namespace +--------------------------- + +:manual section: 1 +:manual group: Open Infrastructure + +Synopsis +======== + +| **container enter** ['OPTIONS'] + +Description +=========== + +The **container enter** command enters a container namespace. + +While 'container console' shows a full login prompt where any valid user and +password combination can be used, the 'container enter' command bypasses this +and drops to a root shell. + +Options +======= + +The following **container enter** options are available: + +-n, --name='NAME': + Specify container name. + +Examples +======== + +Enter to example.net container namespace: + + sudo container enter -n example.net + +See also +======== + +| compute-tools(7), +| container(1). + +Homepage +======== + +More information about compute-tools and the Open Infrastructure project can be +found on the homepage (https://open-infrastructure.net). + +Contact +======= + +Bug reports, feature requests, help, patches, support and everything else are +welcome on the Open Infrastructure Software Mailing List +<software@lists.open-infrastructure.net>. + +Debian specific bugs can also be reported in the Debian Bug Tracking System +(https://bugs.debian.org). + +Authors +======= + +compute-tools were written by Daniel Baumann +<daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-enter.1.txt b/share/man/container-enter.1.txt deleted file mode 100644 index c7adc1e..0000000 --- a/share/man/container-enter.1.txt +++ /dev/null @@ -1,79 +0,0 @@ -// Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> -// -// SPDX-License-Identifier: GPL-3.0+ -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation, either version 3 of the License, or -// (at your option) any later version. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <https://www.gnu.org/licenses/>. - -CONTAINER-CONSOLE(1) -==================== -:doctype: manpage -:man manual: Open Infrastructure -:man source: compute-tools -:man version: {revnumber} - - -NAME ----- -container-enter - Enter a container namespace - - -SYNOPSIS --------- -*container enter* ['OPTIONS'] - - -DESCRIPTION ------------ -The container enter enters a container namespace. - -While 'container console' shows a full login prompt where any valid user and password combination can be used, -the 'container enter' command bypasses this and drops to a root shell. - - -OPTIONS -------- -The following container options are available: - -*-n, --name='NAME'*:: - Specify container name. - - -EXAMPLES --------- -*Enter to example.net container namespace:*:: - sudo container enter -n example.net - - -SEE ALSO --------- -compute-tools(7), -container(1). - - -HOMEPAGE --------- -More information about compute-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net. - - -CONTACT -------- -Bug reports, feature requests, help, patches, support and everything else -are welcome on the Open Infrastructure Software Mailing List <software@lists.open-infrastructure.net>. - -Debian specific bugs can also be reported in the Debian Bug Tracking System at https://bugs.debian.org. - - -AUTHORS -------- -compute-tools were written by Daniel Baumann <daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-get-curl.1.rst b/share/man/container-get-curl.1.rst new file mode 100644 index 0000000..01ae592 --- /dev/null +++ b/share/man/container-get-curl.1.rst @@ -0,0 +1,148 @@ +.. Open Infrastructure: compute-tools + +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. +.. SPDX-License-Identifier: GPL-3.0+ +.. +.. This program is free software: you can redistribute it and/or modify +.. it under the terms of the GNU General Public License as published by +.. the Free Software Foundation, either version 3 of the License, or +.. (at your option) any later version. +.. +.. This program is distributed in the hope that it will be useful, +.. but WITHOUT ANY WARRANTY; without even the implied warranty of +.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.. GNU General Public License for more details. +.. +.. You should have received a copy of the GNU General Public License +.. along with this program. If not, see <https://www.gnu.org/licenses/>. + +================== +container-get-curl +================== + +--------------------------------------------------------------------------- +Download a Debian based container by downloading a tarball over the network +--------------------------------------------------------------------------- + +:manual section: 1 +:manual group: Open Infrastructure + +Synopsis +======== + +| **container get -s curl** ['OPTIONS'] + +Description +=========== + +The curl container download script uses curl(1) to download a tarball over the +network to create a Debian based container. + +Depending on the tarball this script otherwise creates a pure Debian system +with three modificiations: + + * hostname is set (container name) in /etc/hostname + * systemd machine-id is generated in /etc/machine-id + * root password is set (user specified or 16 random characters) + +Container images +---------------- + +compute-tools will download tarballs from a server expecting that the images are +tarballs with either gzip, lzip, xz, or no compression. See container-images.sh +as an example on how to create your own container images. + +Options +======= + +The following script options are available: + +-n, --name='NAME': + Specify container name. + +-a, --architecture='ARCHITECTURE': + Specify container architecture. + +--clean: + Remove container tarball after successful download. + +-p, --root-password='PASSWORD': + Specify the root password, defaults to a random 16 character password. + +--server='SERVER': + Specify the image server to download from, defaults to + 'https://get.open-infrastructure.net/system/container/debian'. + +--setup='SETUP': + Specify the setup image name to download, defaults to the value specified + through --system using the setup.tar.${COMPRESSION} suffix (where + ${COMPRESSION} is either lz, xz, or gz depending on compressor availability on + the host system). + +--system='SYSTEM': + Specify the system image name to download, defaults to + debian-bookworm-current_${ARCHITECTURE}.system.tar.${COMPRESSION} (where + ${ARCHITECTURE} is the host systems architecture and ${COMPRESSION} either + lz, xz, or gz depending on compressor availability on the host system). + +Examples +======== + +Download a Debian 12 (bookworm) based container with same architecture as the host +system: + + sudo container get -s curl -n bookworm.example.net + +Download a Debian 12 (bookworm) based container with different architecture as the +host system: + + sudo container get -s curl -n bookworm-i386.example.net -- --system debian-bookworm-current_i386.system.tar.xz + +Files +===== + +The following files are used: + +/etc/compute-tools/config: + Container configuration files. + +/usr/share/compute-tools/get-scripts: + Container download scripts. + +/usr/share/doc/compute-tools: + Container documentation. + +/var/lib/machines: + Container directory. + +/var/cache/container: + Container cache directory. + +See also +======== + +| compute-tools(7), +| container(1). + +Homepage +======== + +More information about compute-tools and the Open Infrastructure project can be +found on the homepage (https://open-infrastructure.net). + +Contact +======= + +Bug reports, feature requests, help, patches, support and everything else are +welcome on the Open Infrastructure Software Mailing List +<software@lists.open-infrastructure.net>. + +Debian specific bugs can also be reported in the Debian Bug Tracking System +(https://bugs.debian.org). + +Authors +======= + +compute-tools were written by Daniel Baumann +<daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-get.1.rst b/share/man/container-get.1.rst new file mode 100644 index 0000000..8ec61de --- /dev/null +++ b/share/man/container-get.1.rst @@ -0,0 +1,130 @@ +.. Open Infrastructure: compute-tools + +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. +.. SPDX-License-Identifier: GPL-3.0+ +.. +.. This program is free software: you can redistribute it and/or modify +.. it under the terms of the GNU General Public License as published by +.. the Free Software Foundation, either version 3 of the License, or +.. (at your option) any later version. +.. +.. This program is distributed in the hope that it will be useful, +.. but WITHOUT ANY WARRANTY; without even the implied warranty of +.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.. GNU General Public License for more details. +.. +.. You should have received a copy of the GNU General Public License +.. along with this program. If not, see <https://www.gnu.org/licenses/>. + +============= +container-get +============= + +-------------------- +Download a container +-------------------- + +:manual section: 1 +:manual group: Open Infrastructure + +Synopsis +======== + +| **container get** ['OPTIONS'] +| **cnt g** ['OPTIONS'] + +Description +=========== + +The **container get** command downloads a container based on a script. + +Scripts +------- + +The following download scripts are available: + +curl: + Basic script to build Debian based container, see container-create-curl(1). + +default: + Symlink (if existing) to a download script which is used if no script was + specified. On Debian based system this can be managed through + update-alternatives(1), i.e. 'sudo update-alternatives --config + container_get-script'. + +Options +======= + +The following **container get** options are available: + +-n, --name='NAME': + Specify container name. + +-c, --capability='CAPABILITY': + Specify capabilities to grant, see capabilities(7). + +-d, --drop-capability='DROP_CAPABILITY': + Specify capabilities to drop, see capabilities(7). + +-s, --script='SCRIPT': + Specify container build script, defaults to 'debootstrap'. + +-v, --verbose: + Explain what is being done. + +-b, --bind='DIRECTORY:DIRECTORY[:OPTIONS][;DIRECTORY:DIRECTORY[:OPTIONS]]': + Specify container read-write bind mounts, see systemd-nspawn(1) --bind option. + +--bind-ro='DIRECTORY:DIRECTORY[:OPTIONS][;DIRECTORY:DIRECTORY[:OPTIONS]]': + Specify container read-only bind mounts, see systemd-nspawn(1) --bind-ro + option. + +--cnt-overlay='DIRECTORY_LOWER:DIRECTORY_UPPER:DIRECTORY_WORK:DIRECTORY_MERGED[;DIRECTORY_UPPER:DIRECTORY_LOWER:DIRECTORY_WORK:DIRECTORY_MERGED]': + Specify container overlay mounts, see Documentation/filesystems/overlayfs.txt. + +--cnt.overlay-options='OPTION1,OPTION2[;OPTION3,OPTION4]': + Specify container overlay mount options, see + Documentation/filesystems/overlayfs.txt. + +--cnt.start='OPTION1[,OPTION2,...]': + Specify container start options, see container-start(1). + +Examples +======== + +Create example.net container using curl script: + + sudo container get -n example.net -s curl + +Create example.net container with the default download script and start it: + + sudo container get,start -n example.net + +See also +======== + +| compute-tools(7), +| container(1). + +Homepage +======== + +More information about compute-tools and the Open Infrastructure project can be +found on the homepage (https://open-infrastructure.net). + +Contact +======= + +Bug reports, feature requests, help, patches, support and everything else are +welcome on the Open Infrastructure Software Mailing List +<software@lists.open-infrastructure.net>. + +Debian specific bugs can also be reported in the Debian Bug Tracking System +(https://bugs.debian.org). + +Authors +======= + +compute-tools were written by Daniel Baumann +<daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-info.1.rst b/share/man/container-info.1.rst new file mode 100644 index 0000000..99ccb55 --- /dev/null +++ b/share/man/container-info.1.rst @@ -0,0 +1,100 @@ +.. Open Infrastructure: compute-tools + +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. +.. SPDX-License-Identifier: GPL-3.0+ +.. +.. This program is free software: you can redistribute it and/or modify +.. it under the terms of the GNU General Public License as published by +.. the Free Software Foundation, either version 3 of the License, or +.. (at your option) any later version. +.. +.. This program is distributed in the hope that it will be useful, +.. but WITHOUT ANY WARRANTY; without even the implied warranty of +.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.. GNU General Public License for more details. +.. +.. You should have received a copy of the GNU General Public License +.. along with this program. If not, see <https://www.gnu.org/licenses/>. + +============== +container-info +============== + +---------------------------------------- +Show specific information of a container +---------------------------------------- + +:manual section: 1 +:manual group: Open Infrastructure + +Synopsis +======== + +| **container info** ['OPTIONS'] + +Description +=========== + +The **container info** command shows specific information of a container. + +Options +======= + +The following **container info** options are available, defaults to '--status +--os --ip': + +-n, --name='NAME': + Specify container name. Specifying 'ALL' will start all stopped container. + +--status: + Show container status (started|stopped|other). + +--os: + Show container operating system (FIXME: Debian only). + +--ip: + Show container IP address. + +Examples +======== + +Show example.net container status: + + sudo container info -n example.net --status + +Show example.net container operating system: + + sudo container info -n example.net --os + +Show example.net container IP address: + + sudo container info -n example.net --ip + +See also +======== + +| compute-tools(7), +| container(1). + +Homepage +======== + +More information about compute-tools and the Open Infrastructure project can be +found on the homepage (https://open-infrastructure.net). + +Contact +======= + +Bug reports, feature requests, help, patches, support and everything else are +welcome on the Open Infrastructure Software Mailing List +<software@lists.open-infrastructure.net>. + +Debian specific bugs can also be reported in the Debian Bug Tracking System +(https://bugs.debian.org). + +Authors +======= + +compute-tools were written by Daniel Baumann +<daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-key.1.rst b/share/man/container-key.1.rst new file mode 100644 index 0000000..d02fc3b --- /dev/null +++ b/share/man/container-key.1.rst @@ -0,0 +1,114 @@ +.. Open Infrastructure: compute-tools + +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. +.. SPDX-License-Identifier: GPL-3.0+ +.. +.. This program is free software: you can redistribute it and/or modify +.. it under the terms of the GNU General Public License as published by +.. the Free Software Foundation, either version 3 of the License, or +.. (at your option) any later version. +.. +.. This program is distributed in the hope that it will be useful, +.. but WITHOUT ANY WARRANTY; without even the implied warranty of +.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.. GNU General Public License for more details. +.. +.. You should have received a copy of the GNU General Public License +.. along with this program. If not, see <https://www.gnu.org/licenses/>. + +============= +container-key +============= + +--------------------------------------------- +Manage GnuPG keyring for container operations +--------------------------------------------- + +:manual section: 1 +:manual group: Open Infrastructure + +Synopsis +======== + +| **container key** ['OPTIONS'] + +Description +=========== + +The **container key** command manages the GnuPG keyring for container +operations. + +Options +======= + +The following **container key** options are available: + +-a, --add='KEY_FILE|KEY_ID': + Add a key to the keyring. + +-l, --list': + List keys in the keyring. + +-r, --remove='KEY': + Remove a key from the keyring. + +Examples +======== + +Add a key to the keyring manually: + + gpg --keyserver hkps://keys.openpgp.org --recv 0x55CF1BF986ABB9C7 + + gpg --armor --export 0x55CF1BF986ABB9C7 | sudo container key --add - + +Assisted adding of the same key: + + sudo container key --add 0x55CF1BF986ABB9C7 + +Remove a key from the keyring: + + sudo container key --remove 0x55CF1BF986ABB9C7 + +List keys in the keyring: + + sudo container key --list + +Files +===== + +The following files are used: + +/etc/compute-tools/keys: + Active container keyring. + +/usr/share/compute-tools/keys: + Inactive container keyring library. + +See also +======== + +| compute-tools(7), +| container(1). + +Homepage +======== + +More information about compute-tools and the Open Infrastructure project can be +found on the homepage (https://open-infrastructure.net). + +Contact +======= + +Bug reports, feature requests, help, patches, support and everything else are +welcome on the Open Infrastructure Software Mailing List +<software@lists.open-infrastructure.net>. + +Debian specific bugs can also be reported in the Debian Bug Tracking System +(https://bugs.debian.org). + +Authors +======= + +compute-tools were written by Daniel Baumann +<daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-key.1.txt b/share/man/container-key.1.txt deleted file mode 100644 index e6c1553..0000000 --- a/share/man/container-key.1.txt +++ /dev/null @@ -1,86 +0,0 @@ -// Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> -// -// SPDX-License-Identifier: GPL-3.0+ -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation, either version 3 of the License, or -// (at your option) any later version. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <https://www.gnu.org/licenses/>. - -CONTAINER-KEY(1) -================ -:doctype: manpage -:man manual: Open Infrastructure -:man source: compute-tools -:man version: {revnumber} - - -NAME ----- -container-key - Manage GnuPG keyring for container operations - - -SYNOPSIS --------- -*container key* ['OPTIONS'] - - -DESCRIPTION ------------ -The container key manages the GnuPG keyring for container operations. - - -OPTIONS -------- -The following container options are available: - -*-a, --add='KEY'*:: - Add a key to the keyring. - -*-l, --list'*:: - List keys in the keyring. - -*-r, --remove='KEY'*:: - Remove a key from the keyring. - - -EXAMPLES --------- -*Add a key to the keyring:*:: - gpg --keyserver hkps://hkps.pool.sks-keyservers.net --recv 0x1E9B3AED2D9FA8F6 - gpg --armor --export 0x1E9B3AED2D9FA8F6 | sudo container key --add - - -*Remove a key from the keyring:*:: - sudo container key --remove 0x1E9B3AED2D9FA8F6 - - -SEE ALSO --------- -compute-tools(7), -container(1). - - -HOMEPAGE --------- -More information about compute-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net. - - -CONTACT -------- -Bug reports, feature requests, help, patches, support and everything else -are welcome on the Open Infrastructure Software Mailing List <software@lists.open-infrastructure.net>. - -Debian specific bugs can also be reported in the Debian Bug Tracking System at https://bugs.debian.org. - - -AUTHORS -------- -compute-tools were written by Daniel Baumann <daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-limit.1.rst b/share/man/container-limit.1.rst new file mode 100644 index 0000000..715314e --- /dev/null +++ b/share/man/container-limit.1.rst @@ -0,0 +1,121 @@ +.. Open Infrastructure: compute-tools + +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. +.. SPDX-License-Identifier: GPL-3.0+ +.. +.. This program is free software: you can redistribute it and/or modify +.. it under the terms of the GNU General Public License as published by +.. the Free Software Foundation, either version 3 of the License, or +.. (at your option) any later version. +.. +.. This program is distributed in the hope that it will be useful, +.. but WITHOUT ANY WARRANTY; without even the implied warranty of +.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.. GNU General Public License for more details. +.. +.. You should have received a copy of the GNU General Public License +.. along with this program. If not, see <https://www.gnu.org/licenses/>. + +=============== +container-limit +=============== + +------------------------------ +Limit resources of a container +------------------------------ + +:manual section: 1 +:manual group: Open Infrastructure + +Synopsis +======== + +| **container limit** ['OPTIONS'] + +Description +=========== + +The **container limit** command limits resources available to a container at +runtime. + +Options +======= + +The following **container limit** options are available: + +-n, --name='NAME': + Specify container name. + +--blockio-device-weight='DEVICE WEIGHT': + Specify device specific blockio weight, see systemd.resource-control(5). + +--blockio-read-bandwidth='DEVICE BYTES': + Specify device specific blockio read bandwidth, see + systemd.resource-control(5). + +-b, --blockio-weight='WEIGHT': + Specify general blockio weight, see systemd.resource-control(5). + +--blockio-write-bandwidth='DEVICE BYTES': + Specify device specific blockio write bandwidth, see + systemd.resource-control(5). + +-c, --cpu-quota='QUOTA': + Specify CPU quota, see systemd.resource-control(5). + +--cpu-shares='SHARES': + Specify CPU shares, see systemd.resource-control(5). + +-m, --memory-limit='BYTES': + Specify memory limit, see systemd.resource-control(5). + +-t, --tasks-max='NUMBER': + Specify tasks max, see systemd.resource-control(5). + +Examples +======== + +Set blockio weight for the example.net container: + + sudo container limit -n example.net --blockio-weight 100 + +Set CPU quota for the example.net container: + + sudo container limit -n example.net --cpu-quota 10% + +Set memory limit for the example.net container to 1GB: + + sudo container limit -n example.net --memory-limit 1G + +Set tasks max for the example.net container to 100: + + sudo container limit -n example.net --tasks-max 100 + +See also +======== + +| compute-tools(7), +| container(1). + +Homepage +======== + +More information about compute-tools and the Open Infrastructure project can be +found on the homepage (https://open-infrastructure.net). + +Contact +======= + +Bug reports, feature requests, help, patches, support and everything else are +welcome on the Open Infrastructure Software Mailing List +<software@lists.open-infrastructure.net>. + +Debian specific bugs can also be reported in the Debian Bug Tracking System +(https://bugs.debian.org). + +Authors +======= + +compute-tools were written by Daniel Baumann +<daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-limit.1.txt b/share/man/container-limit.1.txt deleted file mode 100644 index 12d76cd..0000000 --- a/share/man/container-limit.1.txt +++ /dev/null @@ -1,109 +0,0 @@ -// Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> -// -// SPDX-License-Identifier: GPL-3.0+ -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation, either version 3 of the License, or -// (at your option) any later version. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <https://www.gnu.org/licenses/>. - -CONTAINER-LIMIT(1) -================== -:doctype: manpage -:man manual: Open Infrastructure -:man source: compute-tools -:man version: {revnumber} - - -NAME ----- -container-limit - Limit ressources of a container - - -SYNOPSIS --------- -*container limit* ['OPTIONS'] - - -DESCRIPTION ------------ -The container limit command limits ressources available to a container at runtime. - - -OPTIONS -------- -The following container options are available: - -*-n, --name='NAME'*:: - Specify container name. - -*--blockio-device-weight='DEVICE WEIGHT'*:: - Specify device specific blockio weight, see systemd.resource-control(5). - -*--blockio-read-bandwidth='DEVICE BYTES'*:: - Specify device specific blockio read bandwidth, see systemd.resource-control(5). - -*-b, --blockio-weight='WEIGHT'*:: - Specify general blockio weight, see systemd.resource-control(5). - -*--blockio-write-bandwidth='DEVICE BYTES'*:: - Specify device specific blockio write bandwidth, see systemd.resource-control(5). - -*-c, --cpu-quota='QUOTA'*:: - Specify CPU quota, see systemd.resource-control(5). - -*--cpu-shares='SHARES'*:: - Specify CPU shares, see systemd.resource-control(5). - -*-m, --memory-limit='BYTES'*:: - Specify memory limit, see systemd.resource-control(5). - -*-t, --tasks-max='NUMBER'*:: - Specify tasks max, see systemd.resource-control(5). - - -EXAMPLES --------- -*Set blockio weight for the example.net container:*:: - sudo container limit -n example.net --blockio-weight 100 - -*Set CPU quota for the example.net container:*:: - sudo container limit -n example.net --cpu-quota 10% - -*Set memory limit for the example.net container to 1GB:*:: - sudo container limit -n example.net --memory-limit 1G - -*Set tasks max for the example.net container to 100:*:: - sudo container limit -n example.net --tasks-max 100 - - -SEE ALSO --------- -compute-tools(7), -container(1). - - -HOMEPAGE --------- -More information about compute-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net. - - -CONTACT -------- -Bug reports, feature requests, help, patches, support and everything else -are welcome on the Open Infrastructure Software Mailing List <software@lists.open-infrastructure.net>. - -Debian specific bugs can also be reported in the Debian Bug Tracking System at https://bugs.debian.org. - - -AUTHORS -------- -compute-tools were written by Daniel Baumann <daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-list.1.rst b/share/man/container-list.1.rst new file mode 100644 index 0000000..674bacf --- /dev/null +++ b/share/man/container-list.1.rst @@ -0,0 +1,146 @@ +.. Open Infrastructure: compute-tools + +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. +.. SPDX-License-Identifier: GPL-3.0+ +.. +.. This program is free software: you can redistribute it and/or modify +.. it under the terms of the GNU General Public License as published by +.. the Free Software Foundation, either version 3 of the License, or +.. (at your option) any later version. +.. +.. This program is distributed in the hope that it will be useful, +.. but WITHOUT ANY WARRANTY; without even the implied warranty of +.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.. GNU General Public License for more details. +.. +.. You should have received a copy of the GNU General Public License +.. along with this program. If not, see <https://www.gnu.org/licenses/>. + +============== +container-list +============== + +---------------------------- +List container on the system +---------------------------- + +:manual section: 1 +:manual group: Open Infrastructure + +Synopsis +======== + +| **container list** ['OPTIONS'] +| **cnt ls** ['OPTIONS'] + +Description +=========== + +The **container list** command lists container on the system. + +Options +======= + +The following **container list** options are available, defaults to '--started +--stopped': + +-a, --all: + List all available container (started, stopped, and other). + +--csv-separator='SEPARATOR': + Specify custom CSV separator, defaults to ','. + +-f, --format='FORMAT': + Use format to list container. Currently available formats are 'cli' (default), + 'csv', 'json', 'nwdiag', 'shell', 'sh', 'yaml', or 'xml'. + +-h, --host='HOSTNAME': + List only container that are enabled for automatic start on the specified + hostname. Defaults to list containers of the local system only. Using 'all' + shows all container regardless of any automatic start configuration. + +--nwdiag-color='COLOR': + Specify custom nwdiag color for the host box, defaults to '#3465a4'. + +--nwdiag-label='LABEL': + Specify custom nwdiag label for the diagram, defaults to empty. + +-o, --other: + List only container that are not enable for automatic start on the current + system. + +-s, --started: + List only started container. + +-t, --stopped: + List only stopped container. + +Examples +======== + +List all started and stopped containers of the local system: + + sudo container list + +List all started and other containers: + + sudo container list -s -o + +Create a CSV export of all started and stopped containers: + + sudo container list -f csv + +Create a JSON export of all started and stopped containers: + + sudo container list -f json + +Create a nwdiag export of all started and stopped containers: + + sudo container list -f nwdiag + +Create a SVG image via nwdiag of all started and stopped containers: + + sudo container list -f nwdiag | nwdiag -T svg -o cnt-list.svg - + +Create a shell export of all started and stopped containers: + + sudo container list -f shell + + sudo container list -f sh + +Create a YAML export of all started and stopped containers: + + sudo container list -f yaml + +Create a XML export of all started and stopped containers: + + sudo container list -f xml + +See also +======== + +| compute-tools(7), +| container(1). + +Homepage +======== + +More information about compute-tools and the Open Infrastructure project can be +found on the homepage (https://open-infrastructure.net). + +Contact +======= + +Bug reports, feature requests, help, patches, support and everything else are +welcome on the Open Infrastructure Software Mailing List +<software@lists.open-infrastructure.net>. + +Debian specific bugs can also be reported in the Debian Bug Tracking System +(https://bugs.debian.org). + +Authors +======= + +compute-tools were written by Daniel Baumann +<daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-list.1.txt b/share/man/container-list.1.txt deleted file mode 100644 index 4b3df3a..0000000 --- a/share/man/container-list.1.txt +++ /dev/null @@ -1,125 +0,0 @@ -// Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> -// -// SPDX-License-Identifier: GPL-3.0+ -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation, either version 3 of the License, or -// (at your option) any later version. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <https://www.gnu.org/licenses/>. - -CONTAINER-LIST(1) -================= -:doctype: manpage -:man manual: Open Infrastructure -:man source: compute-tools -:man version: {revnumber} - - -NAME ----- -container-list - List container on the system - - -SYNOPSIS --------- -*container list* ['OPTIONS'] -*container ls* ['OPTIONS'] - - -DESCRIPTION ------------ -The container list command lists container on the system. - - -OPTIONS -------- -The following container options are available, defaults to *--started --stopped*: - -*-a, --all*:: - List all available container (started, stopped, and other). - -*--csv-separator='SEPARATOR'*:: - Specify custom CSV separator, defaults to ','. - -*-f, --format='FORMAT'*:: - Use format to list container. Currently available formats are 'cli' (default), 'csv', 'json', 'nwdiag', 'shell', 'sh', 'yaml', or 'xml'. - -*-h, --host='HOSTNAME'*:: - List only container that are enabled for automatic start on the specified hostname. Defaults to list containers of the local system only. Using 'all' shows all container regardless of any automatic start configuration. - -*--nwdiag-color='COLOR'*:: - Specify custom nwdiag color for the host box, defaults to '#3465a4'. - -*--nwdiag-label='LABEL'*:: - Specify custom nwdiag label for the diagram, defaults to empty. - -*-o, --other*:: - List only container that are not enable for automatic start on the current system. - -*-s, --started*:: - List only started container. - -*-t, --stopped*:: - List only stopped container. - -EXAMPLES --------- -*List all started and stopped containers of the local system:*:: - sudo container list - -*List all started and other containers:*:: - sudo container list -s -o - -*Create a CSV export of all started and stopped containers:*:: - sudo container list -f csv - -*Create a JSON export of all started and stopped containers:*:: - sudo container list -f json - -*Create a nwdiag export of all started and stopped containers:*:: - sudo container list -f nwdiag - -*Create a SVG image via nwdiag of all started and stopped containers:*:: - sudo container list -f nwdiag | nwdiag -T svg -o cnt-list.svg - - -*Create a shell export of all started and stopped containers:*:: - sudo container list -f shell - sudo container list -f sh - -*Create a YAML export of all started and stopped containers:*:: - sudo container list -f yaml - -*Create a XML export of all started and stopped containers:*:: - sudo container list -f xml - - -SEE ALSO --------- -compute-tools(7), -container(1). - - -HOMEPAGE --------- -More information about compute-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net. - - -CONTACT -------- -Bug reports, feature requests, help, patches, support and everything else -are welcome on the Open Infrastructure Software Mailing List <software@lists.open-infrastructure.net>. - -Debian specific bugs can also be reported in the Debian Bug Tracking System at https://bugs.debian.org. - - -AUTHORS -------- -compute-tools were written by Daniel Baumann <daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-log.1.rst b/share/man/container-log.1.rst new file mode 100644 index 0000000..5e72184 --- /dev/null +++ b/share/man/container-log.1.rst @@ -0,0 +1,101 @@ +.. Open Infrastructure: compute-tools + +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. +.. SPDX-License-Identifier: GPL-3.0+ +.. +.. This program is free software: you can redistribute it and/or modify +.. it under the terms of the GNU General Public License as published by +.. the Free Software Foundation, either version 3 of the License, or +.. (at your option) any later version. +.. +.. This program is distributed in the hope that it will be useful, +.. but WITHOUT ANY WARRANTY; without even the implied warranty of +.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.. GNU General Public License for more details. +.. +.. You should have received a copy of the GNU General Public License +.. along with this program. If not, see <https://www.gnu.org/licenses/>. + +============= +container-log +============= + +------------------ +Show container log +------------------ + +:manual section: 1 +:manual group: Open Infrastructure + +Synopsis +======== + +| **container log** ['OPTIONS'] + +Description +=========== + +The **container log** command shows the container log. + +Options +======= + +The following **container log** options are available: + +-d, --date: + Show only log entries of the specified date as 'YYYY-MM-DD' or a date range like 'today-7'. + +-n, --name: + Show only log entries for the specified container. + +Examples +======== + +Show all log entries: + + sudo container log + +Show only log entries of today: + + sudo container log -d today + +Show only log entries of yesterday: + + sudo container log -d yesterday + +Show all log entries of the example.net container: + + sudo container log -n example.net + +Show only log entries of the example.net container of the last 30 days: + + sudo container log -d today-30 -n example.net + +See also +======== + +| compute-tools(7), +| container(1). + +Homepage +======== + +More information about compute-tools and the Open Infrastructure project can be +found on the homepage (https://open-infrastructure.net). + +Contact +======= + +Bug reports, feature requests, help, patches, support and everything else are +welcome on the Open Infrastructure Software Mailing List +<software@lists.open-infrastructure.net>. + +Debian specific bugs can also be reported in the Debian Bug Tracking System +(https://bugs.debian.org). + +Authors +======= + +compute-tools were written by Daniel Baumann +<daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-log.1.txt b/share/man/container-log.1.txt deleted file mode 100644 index b503d42..0000000 --- a/share/man/container-log.1.txt +++ /dev/null @@ -1,90 +0,0 @@ -// Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> -// -// SPDX-License-Identifier: GPL-3.0+ -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation, either version 3 of the License, or -// (at your option) any later version. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <https://www.gnu.org/licenses/>. - -CONTAINER-LOG(1) -================ -:doctype: manpage -:man manual: Open Infrastructure -:man source: compute-tools -:man version: {revnumber} - - -NAME ----- -container-log - Show container log - - -SYNOPSIS --------- -*container log* ['OPTIONS'] - - -DESCRIPTION ------------ -The container log command shows the container log. - - -OPTIONS -------- -The following container options are available: - -*-d, --date*:: - Show only log entries of the specified date as 'YYYY-MM-DD' or a date range like 'today-7'. - -*-n, --name*:: - Show only log entries for the specified container. - -EXAMPLES --------- -*Show all log entries:*:: - sudo container log - -*Show only log entries of today:*:: - sudo container log -d today - -*Show only log entries of yesterday:*:: - sudo container log -d yesterday - -*Show all log entries of the example.net container:*:: - sudo container log -n example.net - -*Show only log entries of the example.net container of the last 30 days:*:: - sudo container log -d today-30 -n example.net - - -SEE ALSO --------- -compute-tools(7), -container(1). - - -HOMEPAGE --------- -More information about compute-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net. - - -CONTACT -------- -Bug reports, feature requests, help, patches, support and everything else -are welcome on the Open Infrastructure Software Mailing List <software@lists.open-infrastructure.net>. - -Debian specific bugs can also be reported in the Debian Bug Tracking System at https://bugs.debian.org. - - -AUTHORS -------- -compute-tools were written by Daniel Baumann <daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-move.1.rst b/share/man/container-move.1.rst new file mode 100644 index 0000000..ecbea6b --- /dev/null +++ b/share/man/container-move.1.rst @@ -0,0 +1,93 @@ +.. Open Infrastructure: compute-tools + +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. +.. SPDX-License-Identifier: GPL-3.0+ +.. +.. This program is free software: you can redistribute it and/or modify +.. it under the terms of the GNU General Public License as published by +.. the Free Software Foundation, either version 3 of the License, or +.. (at your option) any later version. +.. +.. This program is distributed in the hope that it will be useful, +.. but WITHOUT ANY WARRANTY; without even the implied warranty of +.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.. GNU General Public License for more details. +.. +.. You should have received a copy of the GNU General Public License +.. along with this program. If not, see <https://www.gnu.org/licenses/>. + +============== +container-move +============== + +------------------ +Rename a container +------------------ + +:manual section: 1 +:manual group: Open Infrastructure + +Synopsis +======== + +| **container move** ['OPTIONS'] +| **cnt mv** ['OPTIONS'] + +Description +=========== + +The **container move** commands renames a container. + +Options +======= + +The following **container move** options are available: + +-n, --new='NAME': + Specify new container name. + +-f, --force: + Do not prompt before moving. + +-o, --old: + Specify old container name. + +Examples +======== + +Rename example.net container to example.org: + + sudo container move -n example.org -o example.net + +Rename example.net container to example.org without prompt: + + sudo container move -n example.org -o example.net -f + +See also +======== + +| compute-tools(7), +| container(1). + +Homepage +======== + +More information about compute-tools and the Open Infrastructure project can be +found on the homepage (https://open-infrastructure.net). + +Contact +======= + +Bug reports, feature requests, help, patches, support and everything else are +welcome on the Open Infrastructure Software Mailing List +<software@lists.open-infrastructure.net>. + +Debian specific bugs can also be reported in the Debian Bug Tracking System +(https://bugs.debian.org). + +Authors +======= + +compute-tools were written by Daniel Baumann +<daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-move.1.txt b/share/man/container-move.1.txt deleted file mode 100644 index 5c9475c..0000000 --- a/share/man/container-move.1.txt +++ /dev/null @@ -1,86 +0,0 @@ -// Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> -// -// SPDX-License-Identifier: GPL-3.0+ -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation, either version 3 of the License, or -// (at your option) any later version. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <https://www.gnu.org/licenses/>. - -CONTAINER-REMOVE(1) -=================== -:doctype: manpage -:man manual: Open Infrastructure -:man source: compute-tools -:man version: {revnumber} - - -NAME ----- -container-move - Rename a container - - -SYNOPSIS --------- -*container move* ['OPTIONS'] -*cnt mv* ['OPTIONS'] - - -DESCRIPTION ------------ -The container move commands renames a container. - - -OPTIONS -------- -The following container options are available: - -*-n, --new='NAME'*:: - Specify new container name. - -*-f, --force*:: - Do not prompt before moving. - -*-o, --old*:: - Specify old container name. - - -EXAMPLES --------- -*Rename example.net container to example.org:*:: - sudo container move -n example.org -o example.net - -*Rename example.net container to example.org without prompt:*:: - sudo container move -n example.org -o example.net -f - - -SEE ALSO --------- -compute-tools(7), -container(1). - - -HOMEPAGE --------- -More information about compute-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net. - - -CONTACT -------- -Bug reports, feature requests, help, patches, support and everything else -are welcome on the Open Infrastructure Software Mailing List <software@lists.open-infrastructure.net>. - -Debian specific bugs can also be reported in the Debian Bug Tracking System at https://bugs.debian.org. - - -AUTHORS -------- -compute-tools were written by Daniel Baumann <daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-rebuild.1.rst b/share/man/container-rebuild.1.rst new file mode 100644 index 0000000..4f7bbd8 --- /dev/null +++ b/share/man/container-rebuild.1.rst @@ -0,0 +1,93 @@ +.. Open Infrastructure: compute-tools + +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. +.. SPDX-License-Identifier: GPL-3.0+ +.. +.. This program is free software: you can redistribute it and/or modify +.. it under the terms of the GNU General Public License as published by +.. the Free Software Foundation, either version 3 of the License, or +.. (at your option) any later version. +.. +.. This program is distributed in the hope that it will be useful, +.. but WITHOUT ANY WARRANTY; without even the implied warranty of +.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.. GNU General Public License for more details. +.. +.. You should have received a copy of the GNU General Public License +.. along with this program. If not, see <https://www.gnu.org/licenses/>. + +================= +container-rebuild +================= + +------------------- +Restart a container +------------------- + +:manual section: 1 +:manual group: Open Infrastructure + +Synopsis +======== + +| **container rebuild** ['OPTIONS'] +| **cnt rb** ['OPTIONS'] + +Description +=========== + +The **container rebuild** command rebuilds a container by stopping, removing, building, and starting an existing container. + +Options +======= + +The following **container rebuild** options are available: + +-n, --name='NAME': + Specify container name. Specifying 'ALL' will rebuild all started container. + +-f, --force: + Do not fail if container is running. + +-v, --verbose: + Explain what is being done. + +Examples +======== + +Rebuild example.net container: + + sudo container rebuild -n example.net + +Restart all container: + + sudo container rebuild -n ALL + +See also +======== + +| compute-tools(7), +| container(1). + +Homepage +======== + +More information about compute-tools and the Open Infrastructure project can be +found on the homepage (https://open-infrastructure.net). + +Contact +======= + +Bug reports, feature requests, help, patches, support and everything else are +welcome on the Open Infrastructure Software Mailing List +<software@lists.open-infrastructure.net>. + +Debian specific bugs can also be reported in the Debian Bug Tracking System +(https://bugs.debian.org). + +Authors +======= + +compute-tools were written by Daniel Baumann +<daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-remove.1.rst b/share/man/container-remove.1.rst new file mode 100644 index 0000000..00f1ad1 --- /dev/null +++ b/share/man/container-remove.1.rst @@ -0,0 +1,104 @@ +.. Open Infrastructure: compute-tools + +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. +.. SPDX-License-Identifier: GPL-3.0+ +.. +.. This program is free software: you can redistribute it and/or modify +.. it under the terms of the GNU General Public License as published by +.. the Free Software Foundation, either version 3 of the License, or +.. (at your option) any later version. +.. +.. This program is distributed in the hope that it will be useful, +.. but WITHOUT ANY WARRANTY; without even the implied warranty of +.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.. GNU General Public License for more details. +.. +.. You should have received a copy of the GNU General Public License +.. along with this program. If not, see <https://www.gnu.org/licenses/>. + +================ +container-remove +================ + +------------------ +Remove a container +------------------ + +:manual section: 1 +:manual group: Open Infrastructure + +Synopsis +======== + +| **container remove** ['OPTIONS'] +| **cnt rm** ['OPTIONS'] + +Description +=========== + +The **container remove** command removes a container. + +Options +======= + +The following **container remove** options are available: + +-n, --name='NAME': + Specify container name. Specifying 'ALL' will remove all stopped container. + +--allow-stop: + Stop container prior removal. + +-f, --force: + Do not prompt before removal. + +-v, --verbose: + Explain what is being done. + +Examples +======== + +Remove example.net container from the system: + + sudo container remove -n example.net + +Remove example.net container from the system without prompt: + + sudo container remove -n example.net -f + +Remove a running container from the system, without prompt: + + sudo container remove -n example.net -f --allow-stop + +Remove all container: + + sudo container remove -n ALL + +See also +======== + +| compute-tools(7), +| container(1). + +Homepage +======== + +More information about compute-tools and the Open Infrastructure project can be +found on the homepage (https://open-infrastructure.net). + +Contact +======= + +Bug reports, feature requests, help, patches, support and everything else are +welcome on the Open Infrastructure Software Mailing List +<software@lists.open-infrastructure.net>. + +Debian specific bugs can also be reported in the Debian Bug Tracking System +(https://bugs.debian.org). + +Authors +======= + +compute-tools were written by Daniel Baumann +<daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-remove.1.txt b/share/man/container-remove.1.txt deleted file mode 100644 index 50ad861..0000000 --- a/share/man/container-remove.1.txt +++ /dev/null @@ -1,95 +0,0 @@ -// Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> -// -// SPDX-License-Identifier: GPL-3.0+ -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation, either version 3 of the License, or -// (at your option) any later version. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <https://www.gnu.org/licenses/>. - -CONTAINER-REMOVE(1) -=================== -:doctype: manpage -:man manual: Open Infrastructure -:man source: compute-tools -:man version: {revnumber} - - -NAME ----- -container-remove - Remove a container - - -SYNOPSIS --------- -*container remove* ['OPTIONS'] -*cnt rm* ['OPTIONS'] - - -DESCRIPTION ------------ -The container remove command removes a container. - - -OPTIONS -------- -The following container options are available: - -*-n, --name='NAME'*:: - Specify container name. Specifying 'ALL' will remove all stopped container. - -*--allow-stop*:: - Stop container prior removal. - -*-f, --force*:: - Do not prompt before removal. - -*-v, --verbose*:: - Explain what is being done. - - -EXAMPLES --------- -*Remove example.net container from the system:*:: - sudo container remove -n example.net - -*Remove example.net container from the system without prompt:*:: - sudo container remove -n example.net -f - -*Remove a running container from the system, without prompt:*:: - sudo container remove -n example.net -f --allow-stop - -*Remove all container:*:: - sudo container remove -n ALL - - -SEE ALSO --------- -compute-tools(7), -container(1). - - -HOMEPAGE --------- -More information about compute-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net. - - -CONTACT -------- -Bug reports, feature requests, help, patches, support and everything else -are welcome on the Open Infrastructure Software Mailing List <software@lists.open-infrastructure.net>. - -Debian specific bugs can also be reported in the Debian Bug Tracking System at https://bugs.debian.org. - - -AUTHORS -------- -compute-tools were written by Daniel Baumann <daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-restart.1.rst b/share/man/container-restart.1.rst new file mode 100644 index 0000000..c52353d --- /dev/null +++ b/share/man/container-restart.1.rst @@ -0,0 +1,96 @@ +.. Open Infrastructure: compute-tools + +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. +.. SPDX-License-Identifier: GPL-3.0+ +.. +.. This program is free software: you can redistribute it and/or modify +.. it under the terms of the GNU General Public License as published by +.. the Free Software Foundation, either version 3 of the License, or +.. (at your option) any later version. +.. +.. This program is distributed in the hope that it will be useful, +.. but WITHOUT ANY WARRANTY; without even the implied warranty of +.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.. GNU General Public License for more details. +.. +.. You should have received a copy of the GNU General Public License +.. along with this program. If not, see <https://www.gnu.org/licenses/>. + +================= +container-restart +================= + +------------------- +Restart a container +------------------- + +:manual section: 1 +:manual group: Open Infrastructure + +Synopsis +======== + +| **container restart** ['OPTIONS'] +| **cnt rs** ['OPTIONS'] + +Description +=========== + +The **container restart** command restarts a container. + +Options +======= + +The following **container restart** options are available: + +-n, --name='NAME': + Specify container name. Specifying 'ALL' will restart all started container. + +-f, --force: + Do not prompt before every restarting. + +-i, --interactive: + Prompt before every restarting (default). + +-v, --verbose: + Explain what is being done. + +Examples +======== + +Restart example.net container: + + sudo container restart -n example.net + +Restart all container: + + sudo container restart -n ALL + +See also +======== + +| compute-tools(7), +| container(1). + +Homepage +======== + +More information about compute-tools and the Open Infrastructure project can be +found on the homepage (https://open-infrastructure.net). + +Contact +======= + +Bug reports, feature requests, help, patches, support and everything else are +welcome on the Open Infrastructure Software Mailing List +<software@lists.open-infrastructure.net>. + +Debian specific bugs can also be reported in the Debian Bug Tracking System +(https://bugs.debian.org). + +Authors +======= + +compute-tools were written by Daniel Baumann +<daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-restart.1.txt b/share/man/container-restart.1.txt deleted file mode 100644 index afc4581..0000000 --- a/share/man/container-restart.1.txt +++ /dev/null @@ -1,83 +0,0 @@ -// Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> -// -// SPDX-License-Identifier: GPL-3.0+ -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation, either version 3 of the License, or -// (at your option) any later version. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <https://www.gnu.org/licenses/>. - -CONTAINER-RESTART(1) -==================== -:doctype: manpage -:man manual: Open Infrastructure -:man source: compute-tools -:man version: {revnumber} - - -NAME ----- -container-restart - Restart a container - - -SYNOPSIS --------- -*container restart* ['OPTIONS'] -*cnt rs* ['OPTIONS'] - - -DESCRIPTION ------------ -The container restart command restarts a container. - - -OPTIONS -------- -The following container options are available: - -*-n, --name='NAME'*:: - Specify container name. Specifying 'ALL' will restart all started container. - -*-v, --verbose*:: - Explain what is being done. - - -EXAMPLES --------- -*Restart example.net container:*:: - sudo container restart -n example.net - -*Restart all container:*:: - sudo container restart -n ALL - - -SEE ALSO --------- -compute-tools(7), -container(1). - - -HOMEPAGE --------- -More information about compute-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net. - - -CONTACT -------- -Bug reports, feature requests, help, patches, support and everything else -are welcome on the Open Infrastructure Software Mailing List <software@lists.open-infrastructure.net> - -Debian specific bugs can also be reported in the Debian Bug Tracking System at https://bugs.debian.org. - - -AUTHORS -------- -compute-tools were written by Daniel Baumann <daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-run.1.rst b/share/man/container-run.1.rst new file mode 100644 index 0000000..0fb923d --- /dev/null +++ b/share/man/container-run.1.rst @@ -0,0 +1,88 @@ +.. Open Infrastructure: compute-tools + +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. +.. SPDX-License-Identifier: GPL-3.0+ +.. +.. This program is free software: you can redistribute it and/or modify +.. it under the terms of the GNU General Public License as published by +.. the Free Software Foundation, either version 3 of the License, or +.. (at your option) any later version. +.. +.. This program is distributed in the hope that it will be useful, +.. but WITHOUT ANY WARRANTY; without even the implied warranty of +.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.. GNU General Public License for more details. +.. +.. You should have received a copy of the GNU General Public License +.. along with this program. If not, see <https://www.gnu.org/licenses/>. + +============= +container-run +============= + +----------------------------------------- +Execute commands in a container namespace +----------------------------------------- + +:manual section: 1 +:manual group: Open Infrastructure + +Synopsis +======== + +| **container run** ['OPTIONS'] -- 'COMMAND'\|"COMMANDS" +| **cnt r** ['OPTIONS'] -- 'COMMAND'\|"COMMANDS" + +Description +=========== + +The **container run** command executes arbitrary commands as root in a container +namespace. + +Options +======= + +The following **container run** options are available: + +-n, --name='NAME': + Specify container name. Specifying 'ALL' will start all stopped container. + +Examples +======== + +Run 'hostname' in example.net container: + + sudo container run -n example.net -- hostname + +Create and delete a file in example.net container: + + sudo container run -n example.net -- 'touch /tmp/foo && rm -f /tmp/foo' + +See also +======== + +| compute-tools(7), +| container(1). + +Homepage +======== + +More information about compute-tools and the Open Infrastructure project can be +found on the homepage (https://open-infrastructure.net). + +Contact +======= + +Bug reports, feature requests, help, patches, support and everything else are +welcome on the Open Infrastructure Software Mailing List +<software@lists.open-infrastructure.net>. + +Debian specific bugs can also be reported in the Debian Bug Tracking System +(https://bugs.debian.org). + +Authors +======= + +compute-tools were written by Daniel Baumann +<daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-run.1.txt b/share/man/container-run.1.txt deleted file mode 100644 index 593e1a7..0000000 --- a/share/man/container-run.1.txt +++ /dev/null @@ -1,80 +0,0 @@ -// Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> -// -// SPDX-License-Identifier: GPL-3.0+ -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation, either version 3 of the License, or -// (at your option) any later version. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <https://www.gnu.org/licenses/>. - -CONTAINER-RUN(1) -================ -:doctype: manpage -:man manual: Open Infrastructure -:man source: compute-tools -:man version: {revnumber} - - -NAME ----- -container-run - Execute commands in a container namespace - - -SYNOPSIS --------- -*container run* ['OPTIONS'] -- COMMAND -*cnt r* ['OPTIONS'] -- COMMAND - - -DESCRIPTION ------------ -The container run command executes arbitrary commands as root in a container namespace. - - -OPTIONS -------- -The following container options are available: - -*-n, --name='NAME'*:: - Specify container name. Specifying 'ALL' will start all stopped container. - - -EXAMPLES --------- -*Run 'hostname' in example.net container:*:: - sudo container run -n example.net -- hostname - -*Create and delete a file in example.net container:*:: - sudo container run -n example.net -- 'touch /tmp/foo && rm -f /tmp/foo' - - -SEE ALSO --------- -compute-tools(7), -container(1). - - -HOMEPAGE --------- -More information about compute-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net. - - -CONTACT -------- -Bug reports, feature requests, help, patches, support and everything else -are welcome on the Open Infrastructure Software Mailing List <software@lists.open-infrastructure.net>. - -Debian specific bugs can also be reported in the Debian Bug Tracking System at https://bugs.debian.org. - - -AUTHORS -------- -compute-tools were written by Daniel Baumann <daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-shell.1.rst b/share/man/container-shell.1.rst new file mode 100644 index 0000000..b12958f --- /dev/null +++ b/share/man/container-shell.1.rst @@ -0,0 +1,141 @@ +.. Open Infrastructure: compute-tools + +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. +.. SPDX-License-Identifier: GPL-3.0+ +.. +.. This program is free software: you can redistribute it and/or modify +.. it under the terms of the GNU General Public License as published by +.. the Free Software Foundation, either version 3 of the License, or +.. (at your option) any later version. +.. +.. This program is distributed in the hope that it will be useful, +.. but WITHOUT ANY WARRANTY; without even the implied warranty of +.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.. GNU General Public License for more details. +.. +.. You should have received a copy of the GNU General Public License +.. along with this program. If not, see <https://www.gnu.org/licenses/>. + +=============== +container-shell +=============== + +---------------------------------------- +Manage systemd-nspawn containers (shell) +---------------------------------------- + +:manual section: 1 +:manual group: Open Infrastructure + +Synopsis +======== + +| **container-shell** ['OPTIONS'] +| **cntsh** ['OPTIONS'] + +Description +=========== + +compute-tools provides the system integration for managing containers using +systemd-nspawn. + +Usage +----- + +Although the **container-shell** can be started from a running system like any +other program, the main intend is to use the **container-shell** via SSH. That +way otherwise unprivileged users have possibility to manage containers without +needing a regular shell login on the container server. + +For usage over SSH a unprivileged user should be created: + +| +| sudo adduser --gecos "compute-tools,,," \\ +| --home /var/lib/open-infrastructure/container-shell \\ +| --shell /usr/bin/container-shell + +The container-shell can then be allowed for specific SSH keys via +/var/lib/compute-tools/container-shell/.ssh/authorized_keys like so: + +| +| command="/usr/bin/container-shell",no-port-forwarding,no-X11-forwarding,\\ +| no-agent-forwarding,no-pty ssh-ed25519 [...] + +Restricted shell +---------------- + +The container-shell by default grants any user that has access to it to use all available container commands. + +Through two corresponding environment variables users can be allowed or disallowed to use specific container commands. +In connection with SSH this makes it possible to grant certain SSH keys (and by that, users) privileges to operate container +servers without having to give them root access, a login shell at all and prevents them from doing things they are not trusted to do. + +Example (blacklisting) +^^^^^^^^^^^^^^^^^^^^^^ + +In order to allow all commands except for removing and stopping containers, the +following variable can be used: + +| +| command="CONTAINER_COMMANDS_DISABLE='remove stop' \\ +| /usr/bin/container-shell",no-port-forwarding,no-X11-forwarding,\\ +| no-agent-forwarding,no-pty ssh-ed25519 [...] + +Example (whitelisting) +^^^^^^^^^^^^^^^^^^^^^^ + +The other way around works too. To disallow all commands except for listing +containers and showing the compute-tools version, the following variable can be +used: + +| +| command="CONTAINER_COMMANDS_ENABLE='list version' \\ +| /usr/bin/container-shell",no-port-forwarding,no-X11-forwarding,\\ +| no-agent-forwarding,no-pty ssh-ed25519 [...] + +Commands +======== + +All container commands are available, see container(1). Additionally, the +following commands are specific to container-shell: + +about: + Shows introduction (manpage). + +help: + Shows available commands within the container-shell. + +help COMMAND: + Shows help (manpage) for a specific container command. + +logout, exit: + Exits container-shell. + +See also +======== + +| compute-tools(7), +| container(1). + +Homepage +======== + +More information about compute-tools and the Open Infrastructure project can be +found on the homepage (https://open-infrastructure.net). + +Contact +======= + +Bug reports, feature requests, help, patches, support and everything else are +welcome on the Open Infrastructure Software Mailing List +<software@lists.open-infrastructure.net>. + +Debian specific bugs can also be reported in the Debian Bug Tracking System +(https://bugs.debian.org). + +Authors +======= + +compute-tools were written by Daniel Baumann +<daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-shell.1.txt b/share/man/container-shell.1.txt deleted file mode 100644 index ce5c13c..0000000 --- a/share/man/container-shell.1.txt +++ /dev/null @@ -1,112 +0,0 @@ -// Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> -// -// SPDX-License-Identifier: GPL-3.0+ -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation, either version 3 of the License, or -// (at your option) any later version. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <https://www.gnu.org/licenses/>. - -CONTAINER(1) -============ -:doctype: manpage -:man manual: Open Infrastructure -:man source: compute-tools -:man version: {revnumber} - - -NAME ----- -container-shell - Manage systemd-nspawn containers (shell) - - -SYNOPSIS --------- -*container-shell* - - -DESCRIPTION ------------ -compute-tools provides the system integration for managing containers using systemd-nspawn. - - -COMMANDS --------- -All container commands are available, see container(1). Additionally, the following commands are specific to container-shell: - -*about:*:: - shows introduction (manpage). - -*help:*:: - shows available commands within the container-shell. - -*help COMMAND:*:: - shows help (manpage) for a specific container command. - -*logout*, *exit:*:: - exits container-shell. - -USAGE ------ -Although the container-shell can be started from a running system like any other program, the main intend is to use the -container-shell via SSH. That way otherwise unprivileged users have possibility to manage containers without -needing a regular shell login on the container server. - -For usage over SSH a unprivileged user should be created: - - sudo adduser --gecos "compute-tools,,," \ - --home /var/lib/open-infrastructure/container-shell \ - --shell /usr/bin/container-shell - -The container-shell can then be allowed for specific SSH keys via /var/lib/open-infrastructure/container-shell/.ssh/authorized_keys like so: - - command="/usr/bin/container-shell",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-ed25519 [...] - - -RESTRICTED SHELL ----------------- -The container-shell by default grants any user that has access to it to use all available container commands. - -Through two corresponding environment variables users can be allowed or disallowed to use specific container commands. -In connection with SSH this makes it possible to grant certain SSH keys (and by that, users) privileges to operate container -servers without having to give them root access, a login shell at all and prevents them from doing things they are not trusted to do. - -Example (blacklisting): In order to allow all commands except for removing and stopping containers, the following variable can be used: - - command="CONTAINER_COMMANDS_DISABLE='remove stop' /usr/bin/container-shell",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa [...] - -Example (whitelisting): The other way around works too. To disallow all commands except for listing containers and showing the compute-tools version, the following variable can be used: - - command="CONTAINER_COMMANDS_ENABLE='list version' /usr/bin/container-shell",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa [...] - - -SEE ALSO --------- -machinectl(1), -systemd-nspawn(1). - - -HOMEPAGE --------- -More information about compute-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net. - - -CONTACT -------- -Bug reports, feature requests, help, patches, support and everything else -are welcome on the Open Infrastructure Software Mailing List <software@lists.open-infrastructure.net>. - -Debian specific bugs can also be reported in the Debian Bug Tracking System at https://bugs.debian.org. - - -AUTHORS -------- -compute-tools were written by Daniel Baumann <daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-start.1.rst b/share/man/container-start.1.rst new file mode 100644 index 0000000..65d4af7 --- /dev/null +++ b/share/man/container-start.1.rst @@ -0,0 +1,93 @@ +.. Open Infrastructure: compute-tools + +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. +.. SPDX-License-Identifier: GPL-3.0+ +.. +.. This program is free software: you can redistribute it and/or modify +.. it under the terms of the GNU General Public License as published by +.. the Free Software Foundation, either version 3 of the License, or +.. (at your option) any later version. +.. +.. This program is distributed in the hope that it will be useful, +.. but WITHOUT ANY WARRANTY; without even the implied warranty of +.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.. GNU General Public License for more details. +.. +.. You should have received a copy of the GNU General Public License +.. along with this program. If not, see <https://www.gnu.org/licenses/>. + +=============== +container-start +=============== + +----------------- +Start a container +----------------- + +:manual section: 1 +:manual group: Open Infrastructure + +Synopsis +======== + +| **container start** ['OPTIONS'] +| **cnt s** ['OPTIONS'] + +Description +=========== + +The **container start** command starts a container. + +Options +======= + +The following **container start** options are available: + +-n, --name='NAME': + Specify container name. Specifying 'ALL' will start all stopped container. + +-f, --force': + Removing stray lock file if existing. + +-v, --verbose: + Explain what is being done. + +Examples +======== + +Start example.net container: + + sudo container start -n example.net + +Start all container: + + sudo container start -n ALL + +See also +======== + +| compute-tools(7), +| container(1). + +Homepage +======== + +More information about compute-tools and the Open Infrastructure project can be +found on the homepage (https://open-infrastructure.net). + +Contact +======= + +Bug reports, feature requests, help, patches, support and everything else are +welcome on the Open Infrastructure Software Mailing List +<software@lists.open-infrastructure.net>. + +Debian specific bugs can also be reported in the Debian Bug Tracking System +(https://bugs.debian.org). + +Authors +======= + +compute-tools were written by Daniel Baumann +<daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-start.1.txt b/share/man/container-start.1.txt deleted file mode 100644 index bc0c946..0000000 --- a/share/man/container-start.1.txt +++ /dev/null @@ -1,86 +0,0 @@ -// Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> -// -// SPDX-License-Identifier: GPL-3.0+ -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation, either version 3 of the License, or -// (at your option) any later version. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <https://www.gnu.org/licenses/>. - -CONTAINER-START(1) -================== -:doctype: manpage -:man manual: Open Infrastructure -:man source: compute-tools -:man version: {revnumber} - - -NAME ----- -container-start - Start a container - - -SYNOPSIS --------- -*container start* ['OPTIONS'] -*cnt s* ['OPTIONS'] - - -DESCRIPTION ------------ -The container start command starts a container. - - -OPTIONS -------- -The following container options are available: - -*-n, --name='NAME'*:: - Specify container name. Specifying 'ALL' will start all stopped container. - -*-f, --force'*:: - Removing stray lock file if existing. - -*-v, --verbose*:: - Explain what is being done. - - -EXAMPLES --------- -*Start example.net container:*:: - sudo container start -n example.net - -*Start all container:*:: - sudo container start -n ALL - - -SEE ALSO --------- -compute-tools(7), -container(1). - - -HOMEPAGE --------- -More information about compute-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net. - - -CONTACT -------- -Bug reports, feature requests, help, patches, support and everything else -are welcome on the Open Infrastructure Software Mailing List <software@lists.open-infrastructure.net>. - -Debian specific bugs can also be reported in the Debian Bug Tracking System at https://bugs.debian.org. - - -AUTHORS -------- -compute-tools were written by Daniel Baumann <daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-status.1.rst b/share/man/container-status.1.rst new file mode 100644 index 0000000..ad51ba7 --- /dev/null +++ b/share/man/container-status.1.rst @@ -0,0 +1,83 @@ +.. Open Infrastructure: compute-tools + +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. +.. SPDX-License-Identifier: GPL-3.0+ +.. +.. This program is free software: you can redistribute it and/or modify +.. it under the terms of the GNU General Public License as published by +.. the Free Software Foundation, either version 3 of the License, or +.. (at your option) any later version. +.. +.. This program is distributed in the hope that it will be useful, +.. but WITHOUT ANY WARRANTY; without even the implied warranty of +.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.. GNU General Public License for more details. +.. +.. You should have received a copy of the GNU General Public License +.. along with this program. If not, see <https://www.gnu.org/licenses/>. + +================ +container-status +================ + +--------------------- +Show container status +--------------------- + +:manual section: 1 +:manual group: Open Infrastructure + +Synopsis +======== + +| **container status** ['OPTIONS'] +| **cnt st** ['OPTIONS'] + +Description +=========== + +The **container status** command displays the status of a container. + +Options +======= + +The following **container status** options are available: + +-n, --name='NAME': + Specify container name. + +Examples +======== + +show status of example.net container: + + sudo container status -n example.net + +See also +======== + +| compute-tools(7), +| container(1). + +Homepage +======== + +More information about compute-tools and the Open Infrastructure project can be +found on the homepage (https://open-infrastructure.net). + +Contact +======= + +Bug reports, feature requests, help, patches, support and everything else are +welcome on the Open Infrastructure Software Mailing List +<software@lists.open-infrastructure.net>. + +Debian specific bugs can also be reported in the Debian Bug Tracking System +(https://bugs.debian.org). + +Authors +======= + +compute-tools were written by Daniel Baumann +<daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-status.1.txt b/share/man/container-status.1.txt deleted file mode 100644 index e74b8e5..0000000 --- a/share/man/container-status.1.txt +++ /dev/null @@ -1,77 +0,0 @@ -// Copyright (C) 2016 Simon Spöehel <simon.spoehel@open-infrastructure.net> -// -// SPDX-License-Identifier: GPL-3.0+ -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation, either version 3 of the License, or -// (at your option) any later version. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <https://www.gnu.org/licenses/>. - -CONTAINER-STATUS(1) -=================== -:doctype: manpage -:man manual: Open Infrastructure -:man source: compute-tools -:man version: {revnumber} - - -NAME ----- -container-status - Show container status - - -SYNOPSIS --------- -*container status* ['OPTIONS'] -*cnt st* ['OPTIONS'] - - -DESCRIPTION ------------ -The container-status command displays the status of a container. - - -OPTIONS -------- -The following container-status options are available: - -*-n, --name='NAME'*:: - Specify container name. - - -EXAMPLES --------- -*show status of example.net container:*:: - sudo container status -n example.net - - -SEE ALSO --------- -compute-tools(7), -container(1). - - -HOMEPAGE --------- -More information about compute-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net. - - -CONTACT -------- -Bug reports, feature requests, help, patches, support and everything else -are welcome on the Open Infrastructure Software Mailing List <software@lists.open-infrastructure.net>. - -Debian specific bugs can also be reported in the Debian Bug Tracking System at https://bugs.debian.org. - - -AUTHORS -------- -compute-tools were written by Daniel Baumann <daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-stop.1.rst b/share/man/container-stop.1.rst new file mode 100644 index 0000000..bf668be --- /dev/null +++ b/share/man/container-stop.1.rst @@ -0,0 +1,108 @@ +.. Open Infrastructure: compute-tools + +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. +.. SPDX-License-Identifier: GPL-3.0+ +.. +.. This program is free software: you can redistribute it and/or modify +.. it under the terms of the GNU General Public License as published by +.. the Free Software Foundation, either version 3 of the License, or +.. (at your option) any later version. +.. +.. This program is distributed in the hope that it will be useful, +.. but WITHOUT ANY WARRANTY; without even the implied warranty of +.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.. GNU General Public License for more details. +.. +.. You should have received a copy of the GNU General Public License +.. along with this program. If not, see <https://www.gnu.org/licenses/>. + +============== +container-stop +============== + +---------------- +Stop a container +---------------- + +:manual section: 1 +:manual group: Open Infrastructure + +Synopsis +======== + +| **container stop** ['OPTIONS'] +| **cnt t** ['OPTIONS'] + +Description +=========== + +The **container stop** command stops a container by running the proper shutdown +sequence. + +Options +======= + +The following **container stop** options are available: + +-n, --name='NAME': + Specify container name. Specifying 'ALL' will stop all started container. + +-f, --force: + Do not prompt before every stopping. + +-i, --interactive: + Prompt before every stopping (default). + +-k, --kill: + Instead of running the proper shutdown sequence, terminate all processes of the container imediatly. + +-v, --verbose: + Explain what is being done. + +Examples +======== + +Shutdown example.net container: + + sudo container stop -n example.net + +Shutdown example.net container without prompting: + + sudo container stop -n example.net -f + +Immediately stop example.net container: + + sudo container stop -n example.net -k + +Stop all container: + + sudo container stop -n ALL + +See also +======== + +| compute-tools(7), +| container(1). + +Homepage +======== + +More information about compute-tools and the Open Infrastructure project can be +found on the homepage (https://open-infrastructure.net). + +Contact +======= + +Bug reports, feature requests, help, patches, support and everything else are +welcome on the Open Infrastructure Software Mailing List +<software@lists.open-infrastructure.net>. + +Debian specific bugs can also be reported in the Debian Bug Tracking System +(https://bugs.debian.org). + +Authors +======= + +compute-tools were written by Daniel Baumann +<daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-stop.1.txt b/share/man/container-stop.1.txt deleted file mode 100644 index dc36bb9..0000000 --- a/share/man/container-stop.1.txt +++ /dev/null @@ -1,89 +0,0 @@ -// Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> -// -// SPDX-License-Identifier: GPL-3.0+ -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation, either version 3 of the License, or -// (at your option) any later version. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <https://www.gnu.org/licenses/>. - -CONTAINER-STOP(1) -================= -:doctype: manpage -:man manual: Open Infrastructure -:man source: compute-tools -:man version: {revnumber} - - -NAME ----- -container-stop - Stop a container - - -SYNOPSIS --------- -*container stop* ['OPTIONS'] -*cnt t* ['OPTIONS'] - - -DESCRIPTION ------------ -The container stop command stops a container by running the proper shutdown sequence. - - -OPTIONS -------- -The following container options are available: - -*-n, --name='NAME'*:: - Specify container name. Specifying 'ALL' will stop all started container. - -*-f, --force*:: - Instead of running the proper shutdown sequence, terminate all processes of the container imediatly. - -*-v, --verbose*:: - Explain what is being done. - - -EXAMPLES --------- -*Shutdown example.net container:*:: - sudo container stop -n example.net - -*Immediately stop example.net container:*:: - sudo container stop -n example.net -f - -*Stop all container:*:: - sudo container stop -n ALL - - -SEE ALSO --------- -compute-tools(7), -container(1). - - -HOMEPAGE --------- -More information about compute-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net. - - -CONTACT -------- -Bug reports, feature requests, help, patches, support and everything else -are welcome on the Open Infrastructure Software Mailing List <software@lists.open-infrastructure.net>. - -Debian specific bugs can also be reported in the Debian Bug Tracking System at https://bugs.debian.org. - - -AUTHORS -------- -compute-tools were written by Daniel Baumann <daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-top.1.rst b/share/man/container-top.1.rst new file mode 100644 index 0000000..7349b60 --- /dev/null +++ b/share/man/container-top.1.rst @@ -0,0 +1,82 @@ +.. Open Infrastructure: compute-tools + +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. +.. SPDX-License-Identifier: GPL-3.0+ +.. +.. This program is free software: you can redistribute it and/or modify +.. it under the terms of the GNU General Public License as published by +.. the Free Software Foundation, either version 3 of the License, or +.. (at your option) any later version. +.. +.. This program is distributed in the hope that it will be useful, +.. but WITHOUT ANY WARRANTY; without even the implied warranty of +.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.. GNU General Public License for more details. +.. +.. You should have received a copy of the GNU General Public License +.. along with this program. If not, see <https://www.gnu.org/licenses/>. + +============= +container-top +============= + +------------------------------------ +Dynamic list container on the system +------------------------------------ + +:manual section: 1 +:manual group: Open Infrastructure + +Synopsis +======== + +| **container top** ['OPTIONS'] + +Description +=========== + +The **container top** command dynamically lists container on the system. + +Options +======= + +The following **container top** options are available, defaults to '--delay 1': + +-d, --delay='SECONDS[.TENTHS]': + Specifies the delay between screen updates, defaults to '1'. + +Examples +======== + +Dynamically list containers of the local system: + + sudo container top + +See also +======== + +| compute-tools(7), +| container(1). + +Homepage +======== + +More information about compute-tools and the Open Infrastructure project can be +found on the homepage (https://open-infrastructure.net). + +Contact +======= + +Bug reports, feature requests, help, patches, support and everything else are +welcome on the Open Infrastructure Software Mailing List +<software@lists.open-infrastructure.net>. + +Debian specific bugs can also be reported in the Debian Bug Tracking System +(https://bugs.debian.org). + +Authors +======= + +compute-tools were written by Daniel Baumann +<daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-top.1.txt b/share/man/container-top.1.txt deleted file mode 100644 index 295f51b..0000000 --- a/share/man/container-top.1.txt +++ /dev/null @@ -1,76 +0,0 @@ -// Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> -// -// SPDX-License-Identifier: GPL-3.0+ -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation, either version 3 of the License, or -// (at your option) any later version. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <https://www.gnu.org/licenses/>. - -CONTAINER-TOP(1) -================ -:doctype: manpage -:man manual: Open Infrastructure -:man source: compute-tools -:man version: {revnumber} - - -NAME ----- -container-top - Dynamic list container on the system - - -SYNOPSIS --------- -*container top* ['OPTIONS'] - - -DESCRIPTION ------------ -The container top command dynamically lists container on the system. - - -OPTIONS -------- -The following container options are available, defaults to *--delay 1*: - -*-d, --delay='SECONDS[.TENTHS]'*:: - Specifies the delay between screen updates, defaults to 1. - - -EXAMPLES --------- -*Dynamically list containers of the local system:*:: - sudo container top - - -SEE ALSO --------- -compute-tools(7), -container(1). - - -HOMEPAGE --------- -More information about compute-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net. - - -CONTACT -------- -Bug reports, feature requests, help, patches, support and everything else -are welcome on the Open Infrastructure Software Mailing List <software@lists.open-infrastructure.net>. - -Debian specific bugs can also be reported in the Debian Bug Tracking System at https://bugs.debian.org. - - -AUTHORS -------- -compute-tools were written by Daniel Baumann <daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-update.1.rst b/share/man/container-update.1.rst new file mode 100644 index 0000000..ec64f6b --- /dev/null +++ b/share/man/container-update.1.rst @@ -0,0 +1,114 @@ +.. Open Infrastructure: compute-tools + +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. +.. SPDX-License-Identifier: GPL-3.0+ +.. +.. This program is free software: you can redistribute it and/or modify +.. it under the terms of the GNU General Public License as published by +.. the Free Software Foundation, either version 3 of the License, or +.. (at your option) any later version. +.. +.. This program is distributed in the hope that it will be useful, +.. but WITHOUT ANY WARRANTY; without even the implied warranty of +.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.. GNU General Public License for more details. +.. +.. You should have received a copy of the GNU General Public License +.. along with this program. If not, see <https://www.gnu.org/licenses/>. + +================ +container-update +================ + +-------------------------------------------- +Update the packages installed in a container +-------------------------------------------- + +:manual section: 1 +:manual group: Open Infrastructure + +Synopsis +======== + +| **container update** ['OPTIONS'] +| **cnt u** ['OPTIONS'] + +Description +=========== + +The **container update** command updates packages installed in a container. + +Options +======= + +The following **container update** options are available: + +-n, --name='NAME': + Specify container name. Specifying 'ALL' will start all stopped container. + +-f, --full-upgrade: + Runs an additional 'apt full-upgrade' after 'apt upgrade'. + +-i, --interactive: + Prompt before every container update. + +-r, --autoremove: + Runs an additional 'apt autoremove' after 'apt upgrade'. + +-p, --purge: + Passing '--purge' to 'apt autoremove'. + +-y|--yes: + Passing 'yes' to all questions asked by the package manager. + +Examples +======== + +Update example.net container (apt update && apt upgrade): + + sudo container update -n example.net + +Update example.net container without asking questions (apt update && apt --yes +upgrade): + + sudo container update -n example.net -y + +Full update of example.net container without asking questions (apt update && +apt --yes upgrade && apt --yes full-upgrade): + + sudo container update -n example.net -f -y + +Full update of all container on the host, with asking questions and +purging unused packages (apt update && apt upgrade && apt full-upgrade && apt +autoremove): + + sudo container update -n ALL -f -r -p -y + +See also +======== + +| compute-tools(7), +| container(1). + +Homepage +======== + +More information about compute-tools and the Open Infrastructure project can be +found on the homepage (https://open-infrastructure.net). + +Contact +======= + +Bug reports, feature requests, help, patches, support and everything else are +welcome on the Open Infrastructure Software Mailing List +<software@lists.open-infrastructure.net>. + +Debian specific bugs can also be reported in the Debian Bug Tracking System +(https://bugs.debian.org). + +Authors +======= + +compute-tools were written by Daniel Baumann +<daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-version.1.rst b/share/man/container-version.1.rst new file mode 100644 index 0000000..3f0266d --- /dev/null +++ b/share/man/container-version.1.rst @@ -0,0 +1,79 @@ +.. Open Infrastructure: compute-tools + +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. +.. SPDX-License-Identifier: GPL-3.0+ +.. +.. This program is free software: you can redistribute it and/or modify +.. it under the terms of the GNU General Public License as published by +.. the Free Software Foundation, either version 3 of the License, or +.. (at your option) any later version. +.. +.. This program is distributed in the hope that it will be useful, +.. but WITHOUT ANY WARRANTY; without even the implied warranty of +.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.. GNU General Public License for more details. +.. +.. You should have received a copy of the GNU General Public License +.. along with this program. If not, see <https://www.gnu.org/licenses/>. + +================= +container-version +================= + +---------------------- +Show container version +---------------------- + +:manual section: 1 +:manual group: Open Infrastructure + +Synopsis +======== + +| **container version** ['OPTIONS'] + +Description +=========== + +The **container version** command shows the container version number. + +Options +======= + +The **container version** command has no options. + +Examples +======== + +Show container version: + + container version + +See also +======== + +| compute-tools(7), +| container(1). + +Homepage +======== + +More information about compute-tools and the Open Infrastructure project can be +found on the homepage (https://open-infrastructure.net). + +Contact +======= + +Bug reports, feature requests, help, patches, support and everything else are +welcome on the Open Infrastructure Software Mailing List +<software@lists.open-infrastructure.net>. + +Debian specific bugs can also be reported in the Debian Bug Tracking System +(https://bugs.debian.org). + +Authors +======= + +compute-tools were written by Daniel Baumann +<daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-version.1.txt b/share/man/container-version.1.txt deleted file mode 100644 index 4f625f8..0000000 --- a/share/man/container-version.1.txt +++ /dev/null @@ -1,73 +0,0 @@ -// Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> -// -// SPDX-License-Identifier: GPL-3.0+ -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation, either version 3 of the License, or -// (at your option) any later version. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <https://www.gnu.org/licenses/>. - -CONTAINER-VERSION(1) -==================== -:doctype: manpage -:man manual: Open Infrastructure -:man source: compute-tools -:man version: {revnumber} - - -NAME ----- -container-version - Show container version - - -SYNOPSIS --------- -*container version* ['OPTIONS'] - - -DESCRIPTION ------------ -The container version command shows the container version number. - - -OPTIONS -------- -This command has no options. - - -EXAMPLES --------- -*Show container version:*:: - container version - - -SEE ALSO --------- -compute-tools(7), -container(1). - - -HOMEPAGE --------- -More information about compute-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net. - - -CONTACT -------- -Bug reports, feature requests, help, patches, support and everything else -are welcome on the Open Infrastructure Software Mailing List <software@lists.open-infrastructure.net>. - -Debian specific bugs can also be reported in the Debian Bug Tracking System at https://bugs.debian.org. - - -AUTHORS -------- -compute-tools were written by Daniel Baumann <daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container.1.rst b/share/man/container.1.rst new file mode 100644 index 0000000..c08cbd9 --- /dev/null +++ b/share/man/container.1.rst @@ -0,0 +1,171 @@ +.. Open Infrastructure: compute-tools + +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. +.. SPDX-License-Identifier: GPL-3.0+ +.. +.. This program is free software: you can redistribute it and/or modify +.. it under the terms of the GNU General Public License as published by +.. the Free Software Foundation, either version 3 of the License, or +.. (at your option) any later version. +.. +.. This program is distributed in the hope that it will be useful, +.. but WITHOUT ANY WARRANTY; without even the implied warranty of +.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.. GNU General Public License for more details. +.. +.. You should have received a copy of the GNU General Public License +.. along with this program. If not, see <https://www.gnu.org/licenses/>. + +========= +container +========= + +-------------------------------- +Manage systemd-nspawn containers +-------------------------------- + +:manual section: 1 +:manual group: Open Infrastructure + +Synopsis +======== + +| **container** 'COMMAND' ['OPTIONS'] +| **container** 'COMMAND1','COMMAND2',... 'COMMANDn' + +Description +=========== + +compute-tools provides the system integration for managing containers using +systemd-nspawn. + +Options +======= + +The following **container** common options are available: + +-n, --name='NAME': + Specify container name. + +Commands +======== + +The following **container** commands are available: + +build: + Build a new container, see container-build(1). + +start: + Start a container, see container-start(1). + +rebuild: + Rebuild a container, see container-rebuild(1). + +restart: + Restart a container, see container-restart(1). + +stop: + Stop a container, see container-stop(1). + +remove: + Remove a container, see container-remove(1). + +move: + Rename a container, see container-move(1). + +console: + Attach console to a container, see container-console(1). + +enter: + Enter a container namespace, see container-enter(1). + +run: + Execute commands in a container namespace, see container-run(1). + +info: + Show specific information of a container, see container-info(1). + +key: + Manage GnuPG keyring for container operations, see container-key(1). + +limit: + Limit resources of a container, see container-limit(1). + +list: + List container on the system, see container-list(1). + +log: + Show container log, see container-log(1). + +status: + Show container status, see container-status(1). + +top: + Dynamic list of container on the system, see container-top(1). + +update: + Update the packages installed in a container. + +version: + Show container version, see container-version(1). + +Files +===== + +The following files are used: + +/etc/compute-tools/container.conf, /etc/compute-tools/container.conf.d/\*.conf: + Container configuration files. + +/usr/bin/container, /usr/bin/cnt: + Container program. + +/usr/bin/container-shell, /usr/bin/cntsh: + Container shell program. + +/usr/libexec/container: + Container commands. + +/usr/share/compute-tools/: + Container shared data. + +/usr/share/doc/compute-tools: + Container documentation files. + +/var/cache/container: + Container cache directory. + +/var/lib/machines: + Container root directory. + +/var/log/compute-tools: + Container log files. + +See also +======== + +| machinectl(1), +| systemd-nspawn(1). + +Homepage +======== + +More information about compute-tools and the Open Infrastructure project can be +found on the homepage (https://open-infrastructure.net). + +Contact +======= + +Bug reports, feature requests, help, patches, support and everything else are +welcome on the Open Infrastructure Software Mailing List +<software@lists.open-infrastructure.net>. + +Debian specific bugs can also be reported in the Debian Bug Tracking System +(https://bugs.debian.org). + +Authors +======= + +compute-tools were written by Daniel Baumann +<daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container.1.txt b/share/man/container.1.txt deleted file mode 100644 index 7edc1f4..0000000 --- a/share/man/container.1.txt +++ /dev/null @@ -1,156 +0,0 @@ -// Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> -// -// SPDX-License-Identifier: GPL-3.0+ -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation, either version 3 of the License, or -// (at your option) any later version. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <https://www.gnu.org/licenses/>. - -CONTAINER(1) -============ -:doctype: manpage -:man manual: Open Infrastructure -:man source: compute-tools -:man version: {revnumber} - - -NAME ----- -container - Manage systemd-nspawn containers - - -SYNOPSIS --------- -*container* 'COMMAND' ['OPTIONS'] -*container* 'COMMAND1','COMMAND2',... 'COMMANDn' - - -DESCRIPTION ------------ -compute-tools provides the system integration for managing containers using systemd-nspawn. - - -OPTIONS -------- -The following container common options are available: - -*-n, --name='NAME'*:: - Specify container name. - - -COMMANDS --------- -The following container commands are available: - -*create*:: - Create a new container, see container-create(1). - -*start*:: - Start a container, see container-start(1). - -*restart*:: - Restart a container, see container-restart(1). - -*stop*:: - Stop a container, see container-stop(1). - -*remove*:: - Remove a container, see container-remove(1). - -*move*:: - Rename a container, see container-move(1). - -*console*:: - Attach console to a container, see container-console(1). - -*enter*:: - Enter a container namespace, see container-enter(1). - -*run*:: - Execute commands in a container namespace, see container-run(1). - -*key*:: - Manage GnuPG keyring for container operations, see container-key(1). - -*limit*:: - Limit ressources of a container, see container-limit(1). - -*list*:: - List container on the system, see container-list(1). - -*log*:: - Show container log, see container-log(1). - -*status*:: - Show container status, see container-status(1). - -*top*:: - Dynamic list of container on the system, see container-top(1). - -*version*:: - Show container version, see container-version(1). - - -FILES ------ -The following files are used: - -*/etc/compute-tools/container*:: - Container configuration files. - -*/usr/bin/container*, */usr/bin/cnt*:: - Container program. - -*/usr/bin/container-shell*, */usr/bin/cntsh*:: - Container shell program. - -*/usr/libexec/container*:: - Container commands. - -*/usr/share/compute-tools/*:: - Container shared data. - -*/usr/share/doc/compute-tools*:: - Container documentation files. - -*/var/cache/container*:: - Container cache directory. - -*/var/lib/machines*:: - Container root directory. - -*/var/log/compute-tools*:: - Container log files. - - -SEE ALSO --------- -machinectl(1), -systemd-nspawn(1). - - -HOMEPAGE --------- -More information about compute-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net. - - -CONTACT -------- -Bug reports, feature requests, help, patches, support and everything else -are welcome on the Open Infrastructure Software Mailing List <software@lists.open-infrastructure.net>. - -Debian specific bugs can also be reported in the Debian Bug Tracking System at https://bugs.debian.org. - - -AUTHORS -------- -compute-tools were written by Daniel Baumann <daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/man.in b/share/man/man.in new file mode 100644 index 0000000..45a5f40 --- /dev/null +++ b/share/man/man.in @@ -0,0 +1,19 @@ +.\" Open Infrastructure: compute-tools +.\" +.\" Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.\" +.\" SPDX-License-Identifier: GPL-3.0+ +.\" +.\" This program is free software: you can redistribute it and/or modify +.\" it under the terms of the GNU General Public License as published by +.\" the Free Software Foundation, either version 3 of the License, or +.\" (at your option) any later version. +.\" +.\" This program is distributed in the hope that it will be useful, +.\" but WITHOUT ANY WARRANTY; without even the implied warranty of +.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.\" GNU General Public License for more details. +.\" +.\" You should have received a copy of the GNU General Public License +.\" along with this program. If not, see <https://www.gnu.org/licenses/>. +.\" diff --git a/share/needrestart/container-tools.conf b/share/needrestart/container-tools.conf new file mode 100644 index 0000000..cd1c76b --- /dev/null +++ b/share/needrestart/container-tools.conf @@ -0,0 +1,6 @@ +# Open Infrastructure: compute-tools + +$nrconf{blacklist_rc} = [ + # container-tools + qr(^container@(.*).service) => 0, +]; diff --git a/share/procps/zz-container.conf b/share/procps/zz-container.conf index c464c42..61c047d 100644 --- a/share/procps/zz-container.conf +++ b/share/procps/zz-container.conf @@ -1,3 +1,5 @@ +# Open Infrastructure: compute-tools + # The default limits are set to low for running many containers # and eventually lead to errors like the following on container start: # diff --git a/share/sudo/container-shell b/share/sudo/container-shell index cd3f74d..c4108a6 100644 --- a/share/sudo/container-shell +++ b/share/sudo/container-shell @@ -1 +1,3 @@ +# Open Infrastructure: compute-tools + container ALL=NOPASSWD: /usr/bin/container diff --git a/share/systemd/container-auto.service b/share/systemd/container-auto.service index 4d7e10e..50f8ac6 100644 --- a/share/systemd/container-auto.service +++ b/share/systemd/container-auto.service @@ -1,3 +1,5 @@ +# Open Infrastructure: compute-tools + [Unit] Description=compute-tools automatic start and stop Documentation=man:container-auto @@ -9,8 +11,8 @@ RemainAfterExit=yes ExecStart=/usr/bin/container auto --start ExecStop=/usr/bin/container auto --stop Delegate=yes -StandardOutput=syslog -StandardError=syslog +StandardOutput=journal +StandardError=journal [Install] WantedBy=multi-user.target diff --git a/share/systemd/container@.service b/share/systemd/container@.service index 9e9f720..4bd7be5 100644 --- a/share/systemd/container@.service +++ b/share/systemd/container@.service @@ -1,9 +1,12 @@ +# Open Infrastructure: compute-tools + [Unit] Description="Container: %i" Documentation=man:compute-tools [Service] Type=simple +Environment=TERM=xterm-256color ExecStart=/usr/bin/container start --name %i --nspawn --no-notification ExecStartPost=/usr/bin/container start --name %i --start --no-notification ExecStopPost=/usr/bin/container stop -n %i --clean --no-notification |