propellor spin

This commit is contained in:
Joey Hess 2015-06-01 17:00:57 -04:00
parent 4a8ca90d65
commit 06ebb4593a
Failed to extract signature
2 changed files with 15 additions and 3 deletions

2
debian/changelog vendored
View File

@ -15,7 +15,7 @@ propellor (2.5.0) UNRELEASED; urgency=medium
* Mount /proc inside a chroot before provisioning it, to work around #787227
* --spin now works when given a short hostname that only resolves to an
ipv6 address.
* Added publish and publish' properties for systemd-spawn containers.
* Added publish property for systemd-spawn containers, for port publishing.
(Needs systemd version 220.)
* Added bind and bindRo properties for systemd-spawn containers.
* Firewall: Port was changed to a newtype, and the Port and PortRange

View File

@ -38,6 +38,7 @@ import qualified Propellor.Property.Chroot as Chroot
import qualified Propellor.Property.Apt as Apt
import qualified Propellor.Property.File as File
import Propellor.Property.Systemd.Core
import Propellor.Property.Mount
import Utility.FileMode
import Data.List
@ -165,8 +166,19 @@ nspawned c@(Container name (Chroot.Chroot loc system builderconf _) h) =
-- Chroot provisioning is run in systemd-only mode,
-- which sets up the chroot and ensures systemd and dbus are
-- installed, but does not handle the other provisions.
chrootprovisioned = Chroot.provisioned'
(Chroot.propigateChrootInfo chroot) chroot True
chrootprovisioned =
(toProp provisioner `onChange` umountProc)
<!>
(toProp (revert provisioner))
provisioner = Chroot.provisioned' (Chroot.propigateChrootInfo chroot) chroot True
-- The chroot's /proc is left mounted by the chroot provisioning,
-- but that will prevent systemd-nspawn from starting systemd in
-- it, so unmount.
umountProc = check (elem procloc <$> mountPointsBelow loc) $
property (procloc ++ " unmounted") $ do
makeChange $ umountLazy procloc
procloc = loc </> "proc"
-- Use nsenter to enter container and and run propellor to
-- finish provisioning.