diff options
Diffstat (limited to 'share')
50 files changed, 1001 insertions, 215 deletions
diff --git a/share/bash-completion/container b/share/bash-completion/container index 24205d7..5b57193 100644 --- a/share/bash-completion/container +++ b/share/bash-completion/container @@ -1,6 +1,6 @@ # Open Infrastructure: compute-tools -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -257,14 +257,30 @@ _container() ;; *) - opts="-n --name -f --force" + opts="-n --name -f --force -i --interactive -k --kill" COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) return 0 ;; esac ;; - restart|rt) + rebuild|rb) + case "${prev}" in + -n|--name) + opts="$(container list -f shell)" + COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) + return 0 + ;; + + *) + opts="-n --name -f --force -v --verbose" + COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) + return 0 + ;; + esac + ;; + + restart|rs) case "${prev}" in -n|--name) opts="$(container list -s -f shell)" @@ -299,7 +315,7 @@ _container() status|st) case "${prev}" in -n|--name) - opts="$(container list -t -f shell)" + opts="$(container list -f shell)" COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) return 0 ;; diff --git a/share/build-scripts/debconf b/share/build-scripts/debconf index 39856ae..900242d 100755 --- a/share/build-scripts/debconf +++ b/share/build-scripts/debconf @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -22,6 +22,7 @@ set -e PROJECT="open-infrastructure" SOFTWARE="compute-tools" PROGRAM="container" +VERSION="$(container version)" SCRIPT="${0}" export SCRIPT @@ -116,17 +117,6 @@ then exit 1 fi -if [ -x /usr/bin/mmdebstrap ] -then - BOOTSTRAP="mmdebstrap" -elif [ -x /usr/sbin/debootstrap ] -then - BOOTSTRAP="debootstrap" -else - echo "'${NAME}': /usr/bin/mmdebstrap or /usr/sbin/debootstrap - no such file." >&2 - exit 1 -fi - if [ "$(id -u)" -ne 0 ] then echo "'${NAME}': need root privileges" >&2 @@ -373,7 +363,7 @@ EOF export DEBCONF_SYSTEMRC } -Debootstrap () +Bootstrap () { DIRECTORY="${1}" @@ -405,7 +395,8 @@ Debootstrap () mmdebstrap) mmdebstrap --arch=${ARCHITECTURE} --components=${PARENT_ARCHIVE_AREAS} \ - --mode=root --include=${INCLUDE} ${PARENT_DISTRIBUTION} "${DIRECTORY}" ${PARENT_MIRROR} + --format=directory --mode=root --aptopt='APT::Sandbox::User "root"' \ + --include=${INCLUDE} ${PARENT_DISTRIBUTION} "${DIRECTORY}" ${PARENT_MIRROR} ;; *) @@ -415,6 +406,83 @@ Debootstrap () esac } +Image () +{ + DIRECTORY="${1}" + + FILES="${IMAGE}" + + for NUMBER in $(seq 1 ${IMAGE_NUMBER}) + do + eval FILES="${FILES} $`echo IMAGE${NUMBER}`" + done + + for FILE in ${FILES} + do + case "${FILE}" in + *.gz) + TAR_OPTIONS="--gzip" + + if [ ! -e /bin/gzip ] + then + echo -en "\n" + echo "'${NAME}': /bin/lzip - no such file." >&2 + exit 1 + fi + ;; + + *.lz) + TAR_OPTIONS="--lzip" + + if [ ! -e /usr/bin/lzip ] + then + echo -en "\n" + echo "'${NAME}': /usr/bin/lzip - no such file." >&2 + exit 1 + fi + ;; + + *.xz) + TAR_OPTIONS="--xz" + + if [ ! -e /usr/bin/xz ] + then + echo -en "\n" + echo "'${NAME}': /usr/bin/xz - no such file." >&2 + exit 1 + fi + ;; + + *) + TAR_OPTIONS="" + ;; + esac + + mkdir -p "${DIRECTORY}" + + echo "Using ${FILE}" + + if [ -e /usr/bin/pv ] + then + curl --fail --location --progress-bar --user-agent ${SOFTWARE}/${VERSION} --http2 ${CURL_TIME_COND} \ + "${FILE}" -o - | \ + pv --format '%p' --width 77 | \ + tar -C "${DIRECTORY}" --strip 1 ${TAR_OPTIONS} -xf - + #pv --format '%p' --width 77 "${CACHE}/${FILE}" | tar xf - ${TAR_OPTIONS} -C "${DIRECTORY}" --strip 1 + else + curl --fail --location --progress-bar --user-agent ${SOFTWARE}/${VERSION} --http2 ${CURL_TIME_COND} \ + "${FILE}" -o - | \ + tar -C "${DIRECTORY}" --strip 1 ${TAR_OPTIONS} -xf - + fi + + echo " ok." + done + + # Writing resolv.conf + rm -f "${DIRECTORY}/etc/resolv.conf" + cp /etc/resolv.conf "${DIRECTORY}/etc" +} + Configure_apt () { DIRECTORY="${1}" @@ -444,7 +512,11 @@ EOF rm -f "${DIRECTORY}/progress-linux.cfg" - Chroot "${DIRECTORY}" "apt update" + case "${INSTALLER}" in + bootstrap) + Chroot "${DIRECTORY}" "apt update" + ;; + esac ;; esac } @@ -470,6 +542,9 @@ EOF rm -f "${DIRECTORY}/etc/mtab" ln -s /proc/self/mounts "${DIRECTORY}/etc/mtab" + # Removing machine-id + rm -f "${DIRECTORY}/etc/machine-id" + # Removing resolv.conf rm -f "${DIRECTORY}/etc/resolv.conf" cp /etc/resolv.conf "${DIRECTORY}/etc" @@ -880,6 +955,14 @@ EOF fi ;; + + stub) + +cat >> "${DIRECTORY}/etc/systemd/network/eno${NUMBER}.network" << EOF +DHCP=no +EOF + + ;; esac if [ -n "${IPV4_POST_UP}" ] @@ -962,6 +1045,15 @@ EOF fi ;; + + stub) + +cat >> "${DIRECTORY}/etc/systemd/network/eno${NUMBER}.network" << EOF +DHCP=no +IPv6AcceptRA=no +EOF + + ;; esac if [ -n "${IPV6_POST_UP}" ] @@ -1119,22 +1211,89 @@ done SYSTEM="${MACHINES}/${NAME}" -## Generic parts -if [ ! -e "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}" ] +if [ -z "${IMAGE}" ] && [ -z "${IMAGE1}" ] then - Debootstrap "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}.tmp" - Configure_apt "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}.tmp" - Deconfigure_system "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}.tmp" - - mv "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}.tmp" "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}" + INSTALLER="bootstrap" +else + INSTALLER="image" fi -Upgrade_system "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}" || echo "W: If upgrading the system failed, try removing the cache for your distribution in /var/cache/${PROGRAM}" -Cleanup_system "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}" +case "${INSTALLER}" in + bootstrap) + ## Dependencies + if [ -x /usr/bin/mmdebstrap ] + then + BOOTSTRAP="mmdebstrap" + elif [ -x /usr/sbin/debootstrap ] + then + BOOTSTRAP="debootstrap" + else + echo "'${NAME}': /usr/bin/mmdebstrap or /usr/sbin/debootstrap - no such file." >&2 + exit 1 + fi + + ## Generic parts + if [ ! -e "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}" ] + then + Bootstrap "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}.tmp" + Configure_apt "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}.tmp" + Deconfigure_system "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}.tmp" + + mv "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}.tmp" "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}" + fi + + Upgrade_system "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}" || echo "W: If upgrading the system failed, try removing the cache for your distribution in /var/cache/${PROGRAM}" + Cleanup_system "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}" + + ## Specific parts + mkdir -p "${MACHINES}" + cp -a "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}" "${MACHINES}/${NAME}" + ;; + + image) + ## Dependencies + if [ -x /usr/bin/curl ] + then + GET="curl" + elif [ -x /usr/bin/wget ] + then + GET="wget" + else + echo "'${NAME}': /usr/bin/curl or /usr/bin/wget - no such file." >&2 + exit 1 + fi + + COMPRESSIONS="" + + if [ -x /usr/bin/lzip ] + then + COMPRESSIONS="${COMPRESSIONS} lz" + fi + + if [ -x /usr/bin/xz ] + then + COMPRESSIONS="${COMPRESSIONS} xz" + fi + + if [ -x /bin/gzip ] + then + COMPRESSIONS="${COMPRESSIONS} gz" + fi + + if [ -z "${COMPRESSIONS}" ] + then + echo "'${NAME}': no supported compressor available (lz, xz, gz)." + exit 1 + fi + + ## Parts + mkdir -p "${MACHINES}" + Image "${MACHINES}/${NAME}" -## Specific parts -mkdir -p "${MACHINES}" -cp -a "${CACHE}/${DISTRIBUTION}_${ARCHITECTURE}" "${MACHINES}/${NAME}" + Configure_apt "${MACHINES}/${NAME}" + Deconfigure_system "${MACHINES}/${NAME}" + ;; +esac Mount diff --git a/share/build-scripts/debconf.d/0001-preseed-file b/share/build-scripts/debconf.d/0001-preseed-file index c1a311d..aa2c3c7 100755 --- a/share/build-scripts/debconf.d/0001-preseed-file +++ b/share/build-scripts/debconf.d/0001-preseed-file @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -31,6 +31,17 @@ export DEBCONF_NOWARNINGS . /usr/share/debconf/confmodule +# debconf template hierarchy (first match wins): +# +# 1. user specified a preseed file through commandline options +# 2. /etc/compute-tools/debconf/${NAME}.cfg exists +# 3. /etc/compute-tools/debconf/links/${NAME}.cfg exists +# 4. /etc/compute-tools/debconf/*/${NAME}.cfg exists (only one file!) +# 5. /etc/compute-tools/debconf/default.cfg exists +# 6. user chooses from list of available (if any) *.cfg files +# (recursively) found in /etc/compute-tools/debconf, +# /etc/compute-tools/debconf/links is excluded. + if [ -n "${PRESEED_FILE}" ] then # user specified one or more preseed files through commandline option @@ -42,6 +53,12 @@ then # available on the system matching the container name db_set container/preseed-file "${DEBCONF}/${NAME}.cfg" db_fset container/preseed-file seen true +elif [ -e "${DEBCONF}/links/${NAME}.cfg" ] +then + # user did not specify a pressed file, but there is a matching one + # in /etc/${SOFTWARE}/debconf/links directory + db_set container/preseed-file "${DEBCONF}/links/${NAME}.cfg" + db_fset container/preseed-file seen true elif [ "$(ls ${DEBCONF}/*/${NAME}.cfg 2>/dev/null | wc -l)" -eq 1 ] then # user did not specify a pressed file, but there is 1 (and only 1) @@ -61,7 +78,7 @@ then # user has not specified preseed files through commandline option, # showing debconf selection dialog for global preseed file. - FILES="$(cd ${DEBCONF} && find . -type f -name '*.cfg' -printf '%P\n' | LC_ALL=C sort)" + FILES="$(cd ${DEBCONF} && find . -type f -name '*.cfg' -printf '%P\n' | grep -v '^links\/' | LC_ALL=C sort -V)" PRESEED_FILES="$(for FILE in ${FILES}; do echo -n "$(echo ${FILE} | sed -e 's|.cfg$||'), "; done | sed -e 's|, $||')" if [ -n "${PRESEED_FILES}" ] diff --git a/share/build-scripts/debconf.d/0002-preseed-debconf b/share/build-scripts/debconf.d/0002-preseed-debconf index 4bc4da6..fcb9006 100755 --- a/share/build-scripts/debconf.d/0002-preseed-debconf +++ b/share/build-scripts/debconf.d/0002-preseed-debconf @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # diff --git a/share/build-scripts/debconf.d/0003-debconf b/share/build-scripts/debconf.d/0003-debconf index c1c4e79..e12e25e 100755 --- a/share/build-scripts/debconf.d/0003-debconf +++ b/share/build-scripts/debconf.d/0003-debconf @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -44,6 +44,39 @@ Mode () export MODE } +Images () +{ + if db_get container/image && [ "${RET}" ] + then + db_get container/image + IMAGE="${RET}" # string (w/o empty) + + echo "IMAGE=\"${IMAGE}\"" >> "${DEBCONF_TMPDIR}/debconf.default" + fi + + NUMBER="1" + + while db_get container/image${NUMBER} && [ "${RET}" ] + do + if db_get container/image${NUMBER} + then + eval IMAGE${NUMBER}="\"${RET}\"" # string (w/o empty) + fi + + NUMBER="$((${NUMBER} + 1))" + done + + IMAGE_NUMBER="$((${NUMBER} - 1))" + + echo "IMAGE_NUMBER=\"${IMAGE_NUMBER}\"" >> "${DEBCONF_TMPDIR}/debconf.default" + + for NUMBER in $(seq 1 ${IMAGE_NUMBER}) + do + eval IMAGE="$`echo IMAGE${NUMBER}`" + echo "IMAGE${NUMBER}=\"${IMAGE}\"" >> "${DEBCONF_TMPDIR}/debconf.default" + done +} + Distribution () { db_get container/distribution @@ -53,18 +86,18 @@ Distribution () then case "${MODE}" in debian) - db_subst container/distribution CHOICES "Debian GNU/Linux 10 \"buster\", Debian GNU/Linux 11 \"bullseye\", Debian GNU/Linux testing/bookworm, Debian GNU/Linux unstable/sid" - db_subst container/distribution CHOICES_C "buster, bullseye, bookworm, sid" + db_subst container/distribution CHOICES "Debian GNU/Linux 10 \"buster\", Debian GNU/Linux 11 \"bullseye\", Debian GNU/Linux 12 \"bookworm\", Debian GNU/Linux testing, Debian GNU/Linux unstable/sid" + db_subst container/distribution CHOICES_C "buster, bullseye, bookworm, testing, sid" - db_set container/distribution bullseye + db_set container/distribution bookworm db_fset container/distribution seen false ;; progress-linux) - db_subst container/distribution CHOICES "Progress Linux 5 (engywuck), Progress Linux 5.99 (engywuck-backports), Progress Linux 6 (fuchur), Progress Linux 6.99 (fuchur-backports)" - db_subst container/distribution CHOICES_C "engywuck, engywuck-backports, fuchur, fuchur-backports" + db_subst container/distribution CHOICES "Progress Linux 5 (engywuck), Progress Linux 5.99 (engywuck-backports), Progress Linux 6 (fuchur), Progress Linux 6.99 (fuchur-backports), Progress Linux 7 (graograman), Progress Linux 7.99 (graograman-backports)" + db_subst container/distribution CHOICES_C "engywuck, engywuck-backports, fuchur, fuchur-backports, graograman, graograman-backports" - db_set container/distribution fuchur-backports + db_set container/distribution graograman-backports db_fset container/distribution seen false ;; esac @@ -98,6 +131,10 @@ Parent_distribution () fuchur*) PARENT_DISTRIBUTION="bullseye" ;; + + graograman*) + PARENT_DISTRIBUTION="bookworm" + ;; esac ;; @@ -122,7 +159,7 @@ Architecture () arm64) DEFAULT="arm64" - CHOICES="Automatic, RaspberryPi 3 (arm64)" + CHOICES="Automatic, RaspberryPi 3 and newer (arm64)" CHOICES_C="auto, arm64" ;; @@ -485,18 +522,28 @@ Archive_areas () db_get container/archive-areas ARCHIVE_AREAS="${RET}" + case "${PARENT_DISTRIBUTION}" in + bookworm|testing|sid) + ARCHIVE_AREAS_ALL="main, contrib, non-free, non-free-firmware" + ;; + + *) + ARCHIVE_AREAS_ALL="main, contrib, non-free" + ;; + esac + if [ -z "${ARCHIVE_AREAS}" ] then case "${MODE}" in progress-linux) - db_subst container/archive-areas CHOICES "main, contrib, non-free" + db_subst container/archive-areas CHOICES "${ARCHIVE_AREAS_ALL}" - db_set container/archive-areas "main, contrib, non-free" + db_set container/archive-areas "${ARCHIVE_AREAS_ALL}" db_fset container/archive-areas seen false ;; *) - db_subst container/archive-areas CHOICES "main, contrib, non-free" + db_subst container/archive-areas CHOICES "${ARCHIVE_AREAS_ALL}" db_set container/archive-areas "main" db_fset container/archive-areas seen false @@ -518,7 +565,7 @@ Archive_areas () ;; progress-linux) - ARCHIVE_AREAS="main, contrib, non-free" + ARCHIVE_AREAS="${ARCHIVE_AREAS_ALL}" ;; esac fi @@ -535,13 +582,23 @@ Parent_archive_areas () db_get container/parent-archive-areas PARENT_ARCHIVE_AREAS="${RET}" # multiselect (w/o empty) + case "${PARENT_DISTRIBUTION}" in + bookworm|testing|sid) + PARENT_ARCHIVE_AREAS_ALL="main, contrib, non-free, non-free-firmware" + ;; + + *) + PARENT_ARCHIVE_AREAS_ALL="main, contrib, non-free" + ;; + esac + if [ -z "${PARENT_ARCHIVE_AREAS}" ] then case "${MODE}" in progress-linux) - db_subst container/parent-archive-areas CHOICES "main, contrib, non-free" + db_subst container/parent-archive-areas CHOICES "${PARENT_ARCHIVE_AREAS_ALL}" - db_set container/parent-archive-areas "main, contrib, non-free" + db_set container/parent-archive-areas "${PARENT_ARCHIVE_AREAS_ALL}" db_fset container/parent-archive-areas seen false db_settitle container/title @@ -564,7 +621,7 @@ Parent_archive_areas () then case "${MODE}" in progress-linux) - PARENT_ARCHIVE_AREAS="main, contrib, non-free" + PARENT_ARCHIVE_AREAS="${PARENT_ARCHIVE_AREAS_ALL}" ;; *) @@ -868,6 +925,20 @@ Network () db_input high container/network1/ipv4-post-down || true db_go ;; + + stub) + db_settitle container/title + db_input high container/network1/ipv4-comment || true + db_go + + db_settitle container/title + db_input high container/network1/ipv4-post-up || true + db_go + + db_settitle container/title + db_input high container/network1/ipv4-post-down || true + db_go + ;; esac db_settitle container/title @@ -906,6 +977,20 @@ Network () db_input high container/network1/ipv6-post-down || true db_go ;; + + stub) + db_settitle container/title + db_input high container/network1/ipv6-comment || true + db_go + + db_settitle container/title + db_input high container/network1/ipv6-post-up || true + db_go + + db_settitle container/title + db_input high container/network1/ipv6-post-down || true + db_go + ;; esac if [ "${NETWORK1_IPV4_METHOD}" = "static" ] || [ "${NETWORK1_IPV6_METHOD}" = "static" ] @@ -1205,10 +1290,10 @@ Internal_options () if db_get container/auto then - CNT_AUTO="${RET:-true}" # string (w/o empty) + CNT_AUTO="${RET:-last-on}" # string (w/o empty) fi - CNT_AUTO="${CNT_AUTO:-true}" + CNT_AUTO="${CNT_AUTO:-last-on}" echo "CNT_AUTO=\"${CNT_AUTO}\"" >> "${DEBCONF_TMPDIR}/debconf.default" if db_get container/container-server @@ -1256,6 +1341,7 @@ Internal_options () } Mode +Images Distribution Parent_distribution diff --git a/share/build-scripts/debconf.d/0003-debconf.templates b/share/build-scripts/debconf.d/0003-debconf.templates index 73952a8..551033a 100644 --- a/share/build-scripts/debconf.d/0003-debconf.templates +++ b/share/build-scripts/debconf.d/0003-debconf.templates @@ -10,6 +10,12 @@ Choices: ${CHOICES} Description: Mode Mode. +Template: container/image +Type: string +Default: +Description: Image + Image. + Template: container/distribution Type: select Default: @@ -112,7 +118,7 @@ Description: Veth name Template: container/network1/ipv4-method Type: select -Choices: dhcp, static, none +Choices: dhcp, static, stub, none Default: Description: Ethernet Interface Method (IPv4)? What method should be used to configure the ethernet interface? @@ -173,7 +179,7 @@ Description: Ethernet post-down Command (IPv4)? Template: container/network1/ipv6-method Type: select -Choices: static, none +Choices: dhcp, static, stub, none Default: Description: Ethernet Interface Method (IPv6)? What method should be used to configure the ethernet interface? diff --git a/share/build-scripts/debootstrap b/share/build-scripts/debootstrap index 4c047ee..5ab5db2 100755 --- a/share/build-scripts/debootstrap +++ b/share/build-scripts/debootstrap @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -136,7 +136,7 @@ case "${SCRIPT}" in mmdebstrap) BOOTSTRAP="/usr/bin/mmdebstrap" - BOOTSTRAP_OPTIONS="--mode=root" + BOOTSTRAP_OPTIONS="--format=directory --mode=root --aptopt='APT::Sandbox::User \"root\"'" ;; esac @@ -153,7 +153,7 @@ then fi ARCHITECTURE="${ARCHITECTURE:-$(dpkg --print-architecture)}" -DISTRIBUTION="${DISTRIBUTION:-bullseye}" +DISTRIBUTION="${DISTRIBUTION:-bookworm}" MIRROR="${MIRROR:-https://deb.debian.org/debian}" PASSWORD="${PASSWORD:-$(dd if=/dev/urandom bs=12 count=1 2> /dev/null | base64)}" diff --git a/share/doc/bugs.txt b/share/doc/bugs.txt new file mode 100644 index 0000000..a49f9d8 --- /dev/null +++ b/share/doc/bugs.txt @@ -0,0 +1,51 @@ +container-tools: Bugs +===================== + + +1. veth not removed on container stop +------------------------------------- + +When stopping a container, it irregularly but reproducibly happen that the +corresponding veth device of the container is not shutdown, making it +impossible to start the container again. + +This is caused by a kernel bug not cleaning up veth devices on container +collapsing. The veth device is supposed to be go away automatically after +some time, definitely after a reboot though. + +A manual workaround is to shutdown the veth device manually with: + +# ip link delete ${VETH_DEVICE} + +There is a patch for it, see for more information: +http://lists.linuxfoundation.org/pipermail/containers/2012-October/030533.html + +FIXME: add nspan message about it here + +2. bug with machine.slices etc +------------------------------ + +FIXME + +3. veth length +-------------- + +systemd creates veth devices on the fly and names them vb-$NAME, where NAME is the +container name truncated to the first 10 characters. + +Problem: if you have several containers named with the first 10 characters to be +identical, systemd will not be able to create a new veth device. + +4. root console +--------------- + +# Let's attach a console to the example container. +# +# Note: we did not create a user in the container, +# logging in as root over a pseudo-terminal is +# considered insecure by pam and will fail. +cnt console -n example.net +# Let's disable pam_securetty.so for demonstration purpose only. +vi /var/lib/machines/example.net/etc/pam.d/login +# Now login as root will work. +cnt console -n example.net diff --git a/share/doc/examples/bullseye.cfg b/share/doc/examples/bookworm.cfg index 4582c9f..1f878f4 100644 --- a/share/doc/examples/bullseye.cfg +++ b/share/doc/examples/bookworm.cfg @@ -1,4 +1,4 @@ -# example for automated Debian 11 (bullseye) based container building +# example for automated Debian 12 (bookworm) based container building # using: sudo container build -s debian debconf debconf/priority select critical @@ -9,12 +9,12 @@ compute-tools container/mode select debian #compute-tools container/preseed-files string #compute-tools container/include-preseed-files string -compute-tools container/distribution select bullseye +compute-tools container/distribution select bookworm #compute-tools container/parent-distribution select compute-tools container/architecture select auto -compute-tools container/archives multiselect bullseye-security, bullseye-updates +compute-tools container/archives multiselect bookworm-security, bookworm-updates #compute-tools container/parent-archives multiselect compute-tools container/mirror string https://deb.debian.org/debian diff --git a/share/doc/examples/container-images.sh b/share/doc/examples/container-images.sh index e6947e3..b711048 100755 --- a/share/doc/examples/container-images.sh +++ b/share/doc/examples/container-images.sh @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -24,7 +24,7 @@ set -e ARCHITECTURES="amd64 i386" -DISTRIBUTIONS="stretch buster bullseye sid" +DISTRIBUTIONS="buster bullseye bookworm sid" MIRROR="https://deb.debian.org/debian" INCLUDE="dbus" diff --git a/share/doc/examples/fuchur-backports.cfg b/share/doc/examples/graograman-backports.cfg index c02e776..d1d2640 100644 --- a/share/doc/examples/fuchur-backports.cfg +++ b/share/doc/examples/graograman-backports.cfg @@ -1,4 +1,4 @@ -# example for automated Progress Linux 6.99 (fuchur-backports) container building +# example for automated Progress Linux 7.99 (graograman-backports) container building # using: sudo container build -s progress-linux debconf debconf/priority select critical @@ -9,12 +9,12 @@ compute-tools container/mode select progress-linux #compute-tools container/preseed-files string #compute-tools container/include-preseed-files string -compute-tools container/distribution select fuchur-backports +compute-tools container/distribution select graograman-backports #compute-tools container/parent-distribution select compute-tools container/architecture select auto -compute-tools container/archives multiselect fuchur-security, fuchur-updates, fuchur-extras, fuchur-backports, fuchur-backports-extras +compute-tools container/archives multiselect graograman-security, graograman-updates, graograman-extras, graograman-backports, graograman-backports-extras #compute-tools container/parent-archives multiselect compute-tools container/mirror string https://deb.progress-linux.org/packages @@ -23,8 +23,8 @@ compute-tools container/mirror-security string https://deb.progress-linux.org/pa compute-tools container/parent-mirror string https://deb.debian.org/debian compute-tools container/parent-mirror-security string https://security.debian.org -compute-tools container/archive-areas multiselect main, contrib, non-free -compute-tools container/parent-archive-areas multiselect main, contrib, non-free +compute-tools container/archive-areas multiselect main, contrib, non-free, non-free-firmware +compute-tools container/parent-archive-areas multiselect main, contrib, non-free, non-free-firmware compute-tools container/packages string knot-resolver openssh-server diff --git a/share/doc/host-setup.old.txt b/share/doc/host-setup.old.txt new file mode 100644 index 0000000..69368d1 --- /dev/null +++ b/share/doc/host-setup.old.txt @@ -0,0 +1,230 @@ +compute-tools: Host Setup (with ifupdown) +========================================= + + +1. Debian Packages +------------------- + +apt install bridge-utils ifenslave vlan + + +2. Boot Parameters +------------------ + +2.1 CGroup Memory Controller (optional) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +In order to enable the memory controller the following boot parameter needs to be used: + + cgroup_enable=memory + + +2.2 CGroup Swap Controller (optional) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +In order to enable the swap controller the following boot parameter needs to be used: + + swapaccount=1 + +2.3 vsyscall (legacy) +~~~~~~~~~~~~~~~~~~~~~ + +In order to be able to execute binaries linked to older libc versions +(<= wheezy) on newer linux versions (>= buster), add the following boot +parameter (see #881813 for more information): + + vsyscall=emulate + + +3. Networking +~~~~~~~~~~~~~ + +3.1 Configure Network Bridge +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +3.1.1 Bridge: 1 Interface, standalone, DHCP +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +cat > /etc/network/interfaces << EOF +# /etc/network/interfaces + +source /etc/network/interfaces.d/* + +auto lo +iface lo inet loopback + +iface eno1 inet manual + +auto bridge0 +iface bridge0 inet dhcp + bridge_ports eno1 + bridge_fd 0 + bridge_maxwait 0 + bridge_stp 0 +EOF + + +3.1.2 Bridge: 1 Interface, standalone, static +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +cat > /etc/network/interfaces << EOF +# /etc/network/interfaces + +source /etc/network/interfaces.d/* + +auto lo +iface lo inet loopback + +iface eno1 inet manual + +auto bridge0 +iface bridge0 inet static + address 10.0.0.2 + gateway 10.0.0.1 + netmask 24 + + pre-up ip link set eno1 down + pre-up ip link set eno1 up + + bridge_ports eno1 + bridge_fd 0 + bridge_maxwait 0 + bridge_stp 0 +EOF + + +3.1.3 Bridge: 2 logical Interfaces, subnet, static +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +cat > /etc/network/interfaces << EOF +# /etc/network/interfaces + +source /etc/network/interfaces.d/* + +auto lo +iface lo inet loopback + +allow-hotplug eno1 +iface eno1 inet dhcp + +auto bridge0 +iface bridge0 inet static + address 10.0.0.1 + netmask 24 + + pre-up ip link add name bridge0 type bridge + post-down ip link delete bridge0 type bridge + + bridge_fd 0 + bridge_maxwait 0 + bridge_stp 0 +EOF + + +3.1.4 Bridge: 3 physical Interfaces, vlan, bonding, static +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +cat > /etc/network/interfaces << EOF +# /etc/network/interfaces + +source /etc/network/interfaces.d/* + +auto lo +iface lo inet loopback + +allow-hotplug eno1 +iface eno1 inet dhcp + +iface eno2 inet manual + +iface eno3 inet manual + +auto bond0 +iface bond0 inet manual + up ip link set bond0 up + down ip link set bond0 down + + slaves eno2 eno3 + + bond-mode 4 + bond-miimon 100 + bond-downdelay 200 + bond-updelay 200 + bond-lacp-rate 1 + bond-xmit-hash-policy layer2+3 + +iface bond0.100 inet manual + vlan-raw-device bond0 + +auto bridge-100 +iface bridge-100 inet static + address 10.100.0.2 + netmask 24 + + bridge_ports bond0.100 + bridge_fd 0 + bridge_maxwait 0 + bridge_stp 0 +EOF + + +4. Enabling user namespace for unprivileged containers +------------------------------------------------------ + +Linux supports unprivileged containers with the user namespace. +By default the user namespace is disabled on Debian systems (see #898446). +To enable user namespace, edit the following file for a permant change: + + /etc/sysctl.d/zz-compute-tools.conf + sysctl -p + +or enable it manually with: + + echo 1 > /proc/sys/kernel/unprivileged_userns_clone + +Note that containers need to be started with the correct +configuration in /etc/compute-tools/container/config to run unpriviled +(private-users option). + + +5. Enabling container-shell +--------------------------- + +Managing privileged containers requires root privileges. In order to allow +unprivileged users to manage privileged containers without granting them +privileges or accounts, the container-shell can be used together with sudo +and a container user. + + sudo adduser --gecos "compute-tools,,," \ + --home /var/lib/open-infrastructure/container-shell \ + --shell /usr/bin/container-shell + + +6. IPv4 and IPv6 dual-stack +--------------------------- + +Examples for /etc/network/interfaces above work for IPv6 too when using correct +IPv6 addresses and netmasks. + +In order to use dual-stack, bridges must have a IPv4 address assigned +(can be a dummy one from a privacy range or 127.0.0.0/8). + +Let me repeat: dual-stack only works when you assign a primary IPv6 address +(private or public, doesn't matter) *and* add an additional IPv4 address. +Yes, the IPv4 address can be a private address, the containers can still +have a public IPv4 address. + +A complete example looks like this: + +auto bridge0 +iface bridge0 inet6 static + address 2a07:6b47:4::4:1 + netmask 48 + + up ip addr add 127.4.4.1 dev $IFACE + down ip addr del 127.4.4.1 dev $IFACE + + bridge_fd 0 + bridge_maxwait 0 + bridge_stp 0 + bridge-mcquerier 1 diff --git a/share/doc/host-setup.txt b/share/doc/host-setup.txt index 9a9ec94..083e1aa 100644 --- a/share/doc/host-setup.txt +++ b/share/doc/host-setup.txt @@ -1,11 +1,14 @@ -compute-tools: Host Setup -========================= +compute-tools: Host Setup (with systemd-networkd) +================================================= 1. Debian Packages ------------------- -apt install bridge-utils ifenslave vlan +apt install systemd-networkd bridge-utils + +Make sure to enable networkd (sudo systemctl enable systemd-networkd) +and convert /etc/network/interfaces (see systemd-networkd documentation). 2. Boot Parameters @@ -45,126 +48,110 @@ parameter (see #881813 for more information): 3.1.1 Bridge: 1 Interface, standalone, DHCP ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -cat > /etc/network/interfaces << EOF -# /etc/network/interfaces - -source /etc/network/interfaces.d/* - -auto lo -iface lo inet loopback +cat > /etc/systemd/network/bridge0.netdev << EOF +[NetDev] +Name=bridge0 +Kind=bridge +EOF -iface eno1 inet manual +cat > /etc/systemd/network/bridge0.network << EOF +[Match] +Name=bridge-0 -auto bridge0 -iface bridge0 inet dhcp - bridge_ports eno1 - bridge_fd 0 - bridge_maxwait 0 - bridge_stp 0 +[Network] +DHCP=yes EOF 3.1.2 Bridge: 1 Interface, standalone, static ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -cat > /etc/network/interfaces << EOF -# /etc/network/interfaces - -source /etc/network/interfaces.d/* - -auto lo -iface lo inet loopback - -iface eno1 inet manual - -auto bridge0 -iface bridge0 inet static - address 10.0.0.2 - gateway 10.0.0.1 - netmask 24 - - pre-up ip link set eno1 down - pre-up ip link set eno1 up - - bridge_ports eno1 - bridge_fd 0 - bridge_maxwait 0 - bridge_stp 0 +cat > /etc/systemd/network/bridge0.netdev << EOF +[NetDev] +Name=bridge0 +Kind=bridge EOF +cat > /etc/systemd/network/bridge0.network << EOF +[Match] +Name=bridge-0 -3.1.3 Bridge: 2 logical Interfaces, subnet, static -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -cat > /etc/network/interfaces << EOF -# /etc/network/interfaces - -source /etc/network/interfaces.d/* - -auto lo -iface lo inet loopback +[Network] +Address=10.0.0.2/24 +Gateway=10.0.0.1 +EOF -allow-hotplug eno1 -iface eno1 inet dhcp -auto bridge0 -iface bridge0 inet static - address 10.0.0.1 - netmask 24 +3.1.3 Bridge: 3 physical Interfaces, vlan, bonding, static +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - pre-up ip link add name bridge0 type bridge - post-down ip link delete bridge0 type bridge +cat > /etc/systemd/network/eno2.network<< EOF +[Match] +Name=eno2 - bridge_fd 0 - bridge_maxwait 0 - bridge_stp 0 +[Network] +Bond=bond0 EOF +cat > /etc/systemd/network/eno3.network<< EOF +[Match] +Name=eno3 -3.1.4 Bridge: 3 physical Interfaces, vlan, bonding, static -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -cat > /etc/network/interfaces << EOF -# /etc/network/interfaces - -source /etc/network/interfaces.d/* +[Network] +Bond=bond0 +EOF -auto lo -iface lo inet loopback +cat > /etc/systemd/network/bond0.netdev << EOF +[NetDev] +Name=bond0 +Kind=bond + +[Bond] +Mode=802.3ad +TransmitHashPolicy=layer3+4 +MIIMonitorSec=0.1 +UpDelaySec=0.2 +DownDelaySec=0.2 +EOF -allow-hotplug eno1 -iface eno1 inet dhcp +cat > /etc/systemd/network/bond0.network << EOF +[Match] +Name=bond0 -iface eno2 inet manual +[Network] +VLAN=100 +EOF -iface eno3 inet manual +cat > /etc/systemd/network/vlan-100.netdev << EOF +[NetDev] +Name=vlan-100 +Kind=vlan -auto bond0 -iface bond0 inet manual - up ip link set bond0 up - down ip link set bond0 down +[VLAN] +Id=100 +EOF - slaves eno2 eno3 +cat > /etc/systemd/network/vlan-100.netdev << EOF +[Match] +Name=vlan-100 - bond-mode 4 - bond-miimon 100 - bond-downdelay 200 - bond-updelay 200 - bond-lacp-rate 1 - bond-xmit-hash-policy layer2+3 +[Network] +Bridge=bridge-100 +EOF -iface bond0.100 inet manual - vlan-raw-device bond0 +cat > /etc/systemd/network/bridge-100.netdev << EOF +[NetDev] +Name=bridge-100 +Kind=bridge +EOF -auto bridge-100 -iface bridge-100 inet static - address 10.100.0.2 - netmask 24 +cat > /etc/systemd/network/bridge-100.network << EOF +[Match] +Name=bridge-100 - bridge_ports bond0.100 - bridge_fd 0 - bridge_maxwait 0 - bridge_stp 0 +[Network] +Address=10.100.0.2/24 +Gateway=10.100.0.1 EOF diff --git a/share/doc/todo.txt b/share/doc/todo.txt new file mode 100644 index 0000000..61f6309 --- /dev/null +++ b/share/doc/todo.txt @@ -0,0 +1,4 @@ +TODO +==== + + * i18n and l10n for manpages. diff --git a/share/get-scripts/curl b/share/get-scripts/curl index 4accea2..00a8d73 100755 --- a/share/get-scripts/curl +++ b/share/get-scripts/curl @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # @@ -231,13 +231,6 @@ done # FIXME: default server via configuration file -CURL_OPTIONS="" - -if curl -V | grep -qs http2 -then - CURL_OPTIONS="${CURL_OPTIONS} --http2" -fi - if [ -z "${SYSTEM}" ] then # Downloading container list @@ -259,7 +252,7 @@ then GREP_PATTERN="${GREP_PATTERN:-${ARCHITECTURE}}" echo "Downloading $(echo ${SERVER} | awk -F/ '{ print $3 }') container list" - curl --fail --location --progress-bar --user-agent ${SOFTWARE}/${VERSION} ${CURL_OPTIONS} \ + curl --fail --location --progress-bar --user-agent ${SOFTWARE}/${VERSION} --http2 \ "${SERVER}/container-list.txt" | grep -E "${GREP_PATTERN}" > "${DEBCONF_TMPDIR}/container-list.txt" umask 0022 @@ -320,7 +313,7 @@ do fi echo "Downloading ${FILE}" - curl --fail --location --progress-bar --user-agent ${SOFTWARE}/${VERSION} ${CURL_OPTIONS} ${CURL_TIME_COND} \ + curl --fail --location --progress-bar --user-agent ${SOFTWARE}/${VERSION} --http2 ${CURL_TIME_COND} \ "${SERVER}/${FILE}" -o "${CACHE}/${FILE}" fi done diff --git a/share/get-scripts/curl.d/0001-debconf b/share/get-scripts/curl.d/0001-debconf index 083d469..5c5936e 100755 --- a/share/get-scripts/curl.d/0001-debconf +++ b/share/get-scripts/curl.d/0001-debconf @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # diff --git a/share/hooks/post-start.chown-nvidia.sh b/share/hooks/post-start.chown-nvidia.sh index 2a99bd3..225f13b 100755 --- a/share/hooks/post-start.chown-nvidia.sh +++ b/share/hooks/post-start.chown-nvidia.sh @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # diff --git a/share/hooks/pre-build.git-pull.sh b/share/hooks/pre-build.git-pull.sh index d2cc152..f1ae24b 100755 --- a/share/hooks/pre-build.git-pull.sh +++ b/share/hooks/pre-build.git-pull.sh @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # diff --git a/share/hooks/pre-get.git-pull.sh b/share/hooks/pre-get.git-pull.sh index d2cc152..f1ae24b 100755 --- a/share/hooks/pre-get.git-pull.sh +++ b/share/hooks/pre-get.git-pull.sh @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # diff --git a/share/hooks/pre-start.unlink-console.sh b/share/hooks/pre-start.unlink-console.sh index b44491e..cebbe03 100755 --- a/share/hooks/pre-start.unlink-console.sh +++ b/share/hooks/pre-start.unlink-console.sh @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # diff --git a/share/man/Makefile b/share/man/Makefile index a8af58d..a878dbd 100644 --- a/share/man/Makefile +++ b/share/man/Makefile @@ -1,6 +1,6 @@ # Open Infrastructure: compute-tools -# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> # # SPDX-License-Identifier: GPL-3.0+ # diff --git a/share/man/compute-tools.7.rst b/share/man/compute-tools.7.rst index 3252f05..33e6aea 100644 --- a/share/man/compute-tools.7.rst +++ b/share/man/compute-tools.7.rst @@ -1,6 +1,6 @@ .. Open Infrastructure: compute-tools -.. Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> .. .. SPDX-License-Identifier: GPL-3.0+ .. @@ -119,6 +119,12 @@ See container(1) for a list of all container commands. Links ===== +| * Linux Weekly News: Kernel / Containers +| (https://lwn.net/Kernel/Index/#Containers) + +| * Linux Weekly News: Security / Containers +| (https://lwn.net/Security/Index/#Containers) + | * 2016-02-24: Systemd vs. Docker | (https://lwn.net/Articles/676831/) diff --git a/share/man/container-auto.1.rst b/share/man/container-auto.1.rst index 530d64c..68836eb 100644 --- a/share/man/container-auto.1.rst +++ b/share/man/container-auto.1.rst @@ -1,6 +1,6 @@ .. Open Infrastructure: compute-tools -.. Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> .. .. SPDX-License-Identifier: GPL-3.0+ .. diff --git a/share/man/container-build-debconf.1.rst b/share/man/container-build-debconf.1.rst index 1649071..6543140 100644 --- a/share/man/container-build-debconf.1.rst +++ b/share/man/container-build-debconf.1.rst @@ -1,6 +1,6 @@ .. Open Infrastructure: compute-tools -.. Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> .. .. SPDX-License-Identifier: GPL-3.0+ .. diff --git a/share/man/container-build-debootstrap.1.rst b/share/man/container-build-debootstrap.1.rst index 853b4dc..10538c5 100644 --- a/share/man/container-build-debootstrap.1.rst +++ b/share/man/container-build-debootstrap.1.rst @@ -1,6 +1,6 @@ .. Open Infrastructure: compute-tools -.. Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> .. .. SPDX-License-Identifier: GPL-3.0+ .. @@ -61,7 +61,7 @@ The following script options are available: Specify the Debian architecture, defaults to the host systems architecture. -d, --distribution='DISTRIBUTION': - Specify the Debian distribution, defaults to 'bullseye'. + Specify the Debian distribution, defaults to 'bookworm'. -m, --mirror='MIRROR': Specify the Debian mirror, defaults to 'https://deb.debian.org/debian'. @@ -72,15 +72,15 @@ The following script options are available: Examples ======== -Build a Debian 11 (bullseye) based container with same architecture as the host +Build a Debian 12 (bookworm) based container with same architecture as the host system using debootstrap: - sudo container build -s debootstrap -n bullseye.example.net + sudo container build -s debootstrap -n bookworm.example.net -Build a Debian 11 (bullseye) based container with different architecture as the +Build a Debian 12 (bookworm) based container with different architecture as the host system using mmdebstrap: - sudo container build -s mmdebstrap -n bullseye-i386.example.net -- -a i386 + sudo container build -s mmdebstrap -n bookworm-i386.example.net -- -a i386 See also ======== diff --git a/share/man/container-build.1.rst b/share/man/container-build.1.rst index 38a4aed..faa0e16 100644 --- a/share/man/container-build.1.rst +++ b/share/man/container-build.1.rst @@ -1,6 +1,6 @@ .. Open Infrastructure: compute-tools -.. Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> .. .. SPDX-License-Identifier: GPL-3.0+ .. diff --git a/share/man/container-config.5.rst b/share/man/container-config.5.rst new file mode 100644 index 0000000..504d848 --- /dev/null +++ b/share/man/container-config.5.rst @@ -0,0 +1,116 @@ +.. Open Infrastructure: compute-tools + +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. +.. SPDX-License-Identifier: GPL-3.0+ +.. +.. This program is free software: you can redistribute it and/or modify +.. it under the terms of the GNU General Public License as published by +.. the Free Software Foundation, either version 3 of the License, or +.. (at your option) any later version. +.. +.. This program is distributed in the hope that it will be useful, +.. but WITHOUT ANY WARRANTY; without even the implied warranty of +.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.. GNU General Public License for more details. +.. +.. You should have received a copy of the GNU General Public License +.. along with this program. If not, see <https://www.gnu.org/licenses/>. + +================ +container-config +================ + +---------------------------- +Container configuration file +---------------------------- + +:manual section: 5 +:manual group: Open Infrastructure + +Name +==== + +| **$container**.conf + +Description +=========== + +Containers managed by compute-tools have a container configuration file in +/etc/compute-tools/config/\*.conf. + +This manpage descripts all available configuration file options. + +Options +======= + +The following **container** options are available: + +Section 'start' +--------------- + +cnt.auto: + This setting controls wheter the container will be started automatically on boot. + Allowed values are: true (always started), false (never started), + force-true (always started, even after e.g. powerloss), + last-on (previous state, fallback to on), last-off (previous state, fallback to off) + +cnt.container-server: + When using central storage to keep all container shared on e.g. a NFS volume, + this allows binding containers to individual container servers, so that it is + started (and show) only once. See container-list(1) command for further details. + +cnt.network-bridge: + This setting pairs the container network interface to a bridge on the host, + e.g. "veth-123:bridge-456" + +cnt.overlay: +cnt.overlay-options: + This settings configure automatic overlay filesystem usage. + +cnt.start: + Same as cnt.auto, except that it applies to every start, rather than at + startup of the host system. + +bind: +bind-ro: + This settings configure automatic bind mounts from the host into the container. + +boot: +capability: +directory: +drop-capability: +link-journal: +machine: +network-veth-extra: +private-users: +register: + FIXME. + +See also +======== + +| compute-tools(7), +| container(1). + +Homepage +======== + +More information about compute-tools and the Open Infrastructure project can be +found on the homepage (https://open-infrastructure.net). + +Contact +======= + +Bug reports, feature requests, help, patches, support and everything else are +welcome on the Open Infrastructure Software Mailing List +<software@lists.open-infrastructure.net>. + +Debian specific bugs can also be reported in the Debian Bug Tracking System +(https://bugs.debian.org). + +Authors +======= + +compute-tools were written by Daniel Baumann +<daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-console.1.rst b/share/man/container-console.1.rst index b07ba95..a3afd51 100644 --- a/share/man/container-console.1.rst +++ b/share/man/container-console.1.rst @@ -1,6 +1,6 @@ .. Open Infrastructure: compute-tools -.. Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> .. .. SPDX-License-Identifier: GPL-3.0+ .. diff --git a/share/man/container-enter.1.rst b/share/man/container-enter.1.rst index 4948e3a..65961f5 100644 --- a/share/man/container-enter.1.rst +++ b/share/man/container-enter.1.rst @@ -1,6 +1,6 @@ .. Open Infrastructure: compute-tools -.. Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> .. .. SPDX-License-Identifier: GPL-3.0+ .. diff --git a/share/man/container-get-curl.1.rst b/share/man/container-get-curl.1.rst index ba44ba0..01ae592 100644 --- a/share/man/container-get-curl.1.rst +++ b/share/man/container-get-curl.1.rst @@ -1,6 +1,6 @@ .. Open Infrastructure: compute-tools -.. Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> .. .. SPDX-License-Identifier: GPL-3.0+ .. @@ -82,22 +82,22 @@ The following script options are available: --system='SYSTEM': Specify the system image name to download, defaults to - debian-bullseye-current_${ARCHITECTURE}.system.tar.${COMPRESSION} (where + debian-bookworm-current_${ARCHITECTURE}.system.tar.${COMPRESSION} (where ${ARCHITECTURE} is the host systems architecture and ${COMPRESSION} either lz, xz, or gz depending on compressor availability on the host system). Examples ======== -Download a Debian 11 (bullseye) based container with same architecture as the host +Download a Debian 12 (bookworm) based container with same architecture as the host system: - sudo container get -s curl -n bullseye.example.net + sudo container get -s curl -n bookworm.example.net -Download a Debian 11 (bullseye) based container with different architecture as the +Download a Debian 12 (bookworm) based container with different architecture as the host system: - sudo container get -s curl -n bullseye-i386.example.net -- --system debian-bullseye-current_i386.system.tar.xz + sudo container get -s curl -n bookworm-i386.example.net -- --system debian-bookworm-current_i386.system.tar.xz Files ===== diff --git a/share/man/container-get.1.rst b/share/man/container-get.1.rst index edcb1de..8ec61de 100644 --- a/share/man/container-get.1.rst +++ b/share/man/container-get.1.rst @@ -1,6 +1,6 @@ .. Open Infrastructure: compute-tools -.. Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> .. .. SPDX-License-Identifier: GPL-3.0+ .. diff --git a/share/man/container-info.1.rst b/share/man/container-info.1.rst index c3c8e7d..99ccb55 100644 --- a/share/man/container-info.1.rst +++ b/share/man/container-info.1.rst @@ -1,6 +1,6 @@ .. Open Infrastructure: compute-tools -.. Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> .. .. SPDX-License-Identifier: GPL-3.0+ .. @@ -44,6 +44,9 @@ Options The following **container info** options are available, defaults to '--status --os --ip': +-n, --name='NAME': + Specify container name. Specifying 'ALL' will start all stopped container. + --status: Show container status (started|stopped|other). diff --git a/share/man/container-key.1.rst b/share/man/container-key.1.rst index d21956a..ff2b93f 100644 --- a/share/man/container-key.1.rst +++ b/share/man/container-key.1.rst @@ -1,6 +1,6 @@ .. Open Infrastructure: compute-tools -.. Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> .. .. SPDX-License-Identifier: GPL-3.0+ .. diff --git a/share/man/container-limit.1.rst b/share/man/container-limit.1.rst index 67fad3d..715314e 100644 --- a/share/man/container-limit.1.rst +++ b/share/man/container-limit.1.rst @@ -1,6 +1,6 @@ .. Open Infrastructure: compute-tools -.. Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> .. .. SPDX-License-Identifier: GPL-3.0+ .. diff --git a/share/man/container-list.1.rst b/share/man/container-list.1.rst index 6cd516f..81a394b 100644 --- a/share/man/container-list.1.rst +++ b/share/man/container-list.1.rst @@ -1,6 +1,6 @@ .. Open Infrastructure: compute-tools -.. Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> .. .. SPDX-License-Identifier: GPL-3.0+ .. diff --git a/share/man/container-log.1.rst b/share/man/container-log.1.rst index 7984aa0..5e72184 100644 --- a/share/man/container-log.1.rst +++ b/share/man/container-log.1.rst @@ -1,6 +1,6 @@ .. Open Infrastructure: compute-tools -.. Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> .. .. SPDX-License-Identifier: GPL-3.0+ .. diff --git a/share/man/container-move.1.rst b/share/man/container-move.1.rst index 550f1db..ecbea6b 100644 --- a/share/man/container-move.1.rst +++ b/share/man/container-move.1.rst @@ -1,6 +1,6 @@ .. Open Infrastructure: compute-tools -.. Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> .. .. SPDX-License-Identifier: GPL-3.0+ .. diff --git a/share/man/container-rebuild.1.rst b/share/man/container-rebuild.1.rst new file mode 100644 index 0000000..345ec01 --- /dev/null +++ b/share/man/container-rebuild.1.rst @@ -0,0 +1,93 @@ +.. Open Infrastructure: compute-tools + +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. +.. SPDX-License-Identifier: GPL-3.0+ +.. +.. This program is free software: you can redistribute it and/or modify +.. it under the terms of the GNU General Public License as published by +.. the Free Software Foundation, either version 3 of the License, or +.. (at your option) any later version. +.. +.. This program is distributed in the hope that it will be useful, +.. but WITHOUT ANY WARRANTY; without even the implied warranty of +.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.. GNU General Public License for more details. +.. +.. You should have received a copy of the GNU General Public License +.. along with this program. If not, see <https://www.gnu.org/licenses/>. + +================= +container-rebuild +================= + +------------------- +Restart a container +------------------- + +:manual section: 1 +:manual group: Open Infrastructure + +Synopsis +======== + +| **container rebuild** ['OPTIONS'] +| **cnt rb** ['OPTIONS'] + +Description +=========== + +The **container rebuild** command rebuilds a container by stopping, building, starting an existing container. + +Options +======= + +The following **container rebuild** options are available: + +-n, --name='NAME': + Specify container name. Specifying 'ALL' will rebuild all started container. + +-f, --force: + Do not fail if container is running. + +-v, --verbose: + Explain what is being done. + +Examples +======== + +Rebuild example.net container: + + sudo container rebuild -n example.net + +Restart all container: + + sudo container rebuild -n ALL + +See also +======== + +| compute-tools(7), +| container(1). + +Homepage +======== + +More information about compute-tools and the Open Infrastructure project can be +found on the homepage (https://open-infrastructure.net). + +Contact +======= + +Bug reports, feature requests, help, patches, support and everything else are +welcome on the Open Infrastructure Software Mailing List +<software@lists.open-infrastructure.net>. + +Debian specific bugs can also be reported in the Debian Bug Tracking System +(https://bugs.debian.org). + +Authors +======= + +compute-tools were written by Daniel Baumann +<daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container-remove.1.rst b/share/man/container-remove.1.rst index d62f527..00f1ad1 100644 --- a/share/man/container-remove.1.rst +++ b/share/man/container-remove.1.rst @@ -1,6 +1,6 @@ .. Open Infrastructure: compute-tools -.. Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> .. .. SPDX-License-Identifier: GPL-3.0+ .. diff --git a/share/man/container-restart.1.rst b/share/man/container-restart.1.rst index fb98a78..c52353d 100644 --- a/share/man/container-restart.1.rst +++ b/share/man/container-restart.1.rst @@ -1,6 +1,6 @@ .. Open Infrastructure: compute-tools -.. Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> .. .. SPDX-License-Identifier: GPL-3.0+ .. @@ -47,6 +47,12 @@ The following **container restart** options are available: -n, --name='NAME': Specify container name. Specifying 'ALL' will restart all started container. +-f, --force: + Do not prompt before every restarting. + +-i, --interactive: + Prompt before every restarting (default). + -v, --verbose: Explain what is being done. diff --git a/share/man/container-run.1.rst b/share/man/container-run.1.rst index 9759811..0fb923d 100644 --- a/share/man/container-run.1.rst +++ b/share/man/container-run.1.rst @@ -1,6 +1,6 @@ .. Open Infrastructure: compute-tools -.. Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> .. .. SPDX-License-Identifier: GPL-3.0+ .. diff --git a/share/man/container-shell.1.rst b/share/man/container-shell.1.rst index a41bd2a..b12958f 100644 --- a/share/man/container-shell.1.rst +++ b/share/man/container-shell.1.rst @@ -1,6 +1,6 @@ .. Open Infrastructure: compute-tools -.. Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> .. .. SPDX-License-Identifier: GPL-3.0+ .. diff --git a/share/man/container-start.1.rst b/share/man/container-start.1.rst index b444c6e..65d4af7 100644 --- a/share/man/container-start.1.rst +++ b/share/man/container-start.1.rst @@ -1,6 +1,6 @@ .. Open Infrastructure: compute-tools -.. Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> .. .. SPDX-License-Identifier: GPL-3.0+ .. diff --git a/share/man/container-status.1.rst b/share/man/container-status.1.rst index 79675be..ad51ba7 100644 --- a/share/man/container-status.1.rst +++ b/share/man/container-status.1.rst @@ -1,6 +1,6 @@ .. Open Infrastructure: compute-tools -.. Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> .. .. SPDX-License-Identifier: GPL-3.0+ .. diff --git a/share/man/container-stop.1.rst b/share/man/container-stop.1.rst index 29bfa3d..bf668be 100644 --- a/share/man/container-stop.1.rst +++ b/share/man/container-stop.1.rst @@ -1,6 +1,6 @@ .. Open Infrastructure: compute-tools -.. Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> .. .. SPDX-License-Identifier: GPL-3.0+ .. @@ -49,6 +49,12 @@ The following **container stop** options are available: Specify container name. Specifying 'ALL' will stop all started container. -f, --force: + Do not prompt before every stopping. + +-i, --interactive: + Prompt before every stopping (default). + +-k, --kill: Instead of running the proper shutdown sequence, terminate all processes of the container imediatly. -v, --verbose: @@ -61,9 +67,13 @@ Shutdown example.net container: sudo container stop -n example.net +Shutdown example.net container without prompting: + + sudo container stop -n example.net -f + Immediately stop example.net container: - sudo container stop -n example.net -f + sudo container stop -n example.net -k Stop all container: diff --git a/share/man/container-top.1.rst b/share/man/container-top.1.rst index 8d1493c..85b3627 100644 --- a/share/man/container-top.1.rst +++ b/share/man/container-top.1.rst @@ -1,6 +1,6 @@ .. Open Infrastructure: compute-tools -.. Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> .. .. SPDX-License-Identifier: GPL-3.0+ .. diff --git a/share/man/container-update.1.rst b/share/man/container-update.1.rst index 58dcb73..ec64f6b 100644 --- a/share/man/container-update.1.rst +++ b/share/man/container-update.1.rst @@ -1,6 +1,6 @@ .. Open Infrastructure: compute-tools -.. Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> .. .. SPDX-License-Identifier: GPL-3.0+ .. diff --git a/share/man/container-version.1.rst b/share/man/container-version.1.rst index 3a57999..3f0266d 100644 --- a/share/man/container-version.1.rst +++ b/share/man/container-version.1.rst @@ -1,6 +1,6 @@ .. Open Infrastructure: compute-tools -.. Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> .. .. SPDX-License-Identifier: GPL-3.0+ .. diff --git a/share/man/container.1.rst b/share/man/container.1.rst index 3fff87b..c08cbd9 100644 --- a/share/man/container.1.rst +++ b/share/man/container.1.rst @@ -1,6 +1,6 @@ .. Open Infrastructure: compute-tools -.. Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> .. .. SPDX-License-Identifier: GPL-3.0+ .. @@ -59,6 +59,9 @@ build: start: Start a container, see container-start(1). +rebuild: + Rebuild a container, see container-rebuild(1). + restart: Restart a container, see container-restart(1). diff --git a/share/man/man.in b/share/man/man.in index 9e8de0e..45a5f40 100644 --- a/share/man/man.in +++ b/share/man/man.in @@ -1,6 +1,6 @@ .\" Open Infrastructure: compute-tools .\" -.\" Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.\" Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> .\" .\" SPDX-License-Identifier: GPL-3.0+ .\" |