cadey
/
propellor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Added publish property for systemd-spawn containers. (Needs systemd version 220.)

This commit is contained in:
Joey Hess 2015-06-01 14:18:36 -04:00
parent a5bb972d94
commit 65357750d2
2 changed files with 45 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
debian/changelog vendored
View File

@ -15,6 +15,8 @@ propellor (2.5.0) UNRELEASED; urgency=medium
* Mount /proc inside a chroot before provisioning it, to work around #787227 * Mount /proc inside a chroot before provisioning it, to work around #787227
* --spin now works when given a short hostname that only resolves to an * --spin now works when given a short hostname that only resolves to an
ipv6 address. ipv6 address.
* Added publish property for systemd-spawn containers.
(Needs systemd version 220.)
-- Joey Hess <id@joeyh.name> Thu, 07 May 2015 12:08:34 -0400 -- Joey Hess <id@joeyh.name> Thu, 07 May 2015 12:08:34 -0400

46
src/Propellor/Property/Systemd.hs
View File

@ -1,22 +1,30 @@
module Propellor.Property.Systemd ( module Propellor.Property.Systemd (
-- * Services
module Propellor.Property.Systemd.Core, module Propellor.Property.Systemd.Core,
ServiceName, ServiceName,
MachineName,
started, started,
stopped, stopped,
enabled, enabled,
disabled, disabled,
restarted, restarted,
persistentJournal, -- * Configuration
Option, Option,
configured, configured,
journaldConfigured,
daemonReloaded, daemonReloaded,
-- * Journal
persistentJournal,
journaldConfigured,
-- * Containers
MachineName,
Container, Container,
container, container,
nspawned, nspawned,
-- * Container configuration
containerCfg, containerCfg,
resolvConfed, resolvConfed,
publish,
Proto(..),
publish'
) where ) where
import Propellor import Propellor
@ -24,6 +32,7 @@ import Propellor.Types.Chroot
import qualified Propellor.Property.Chroot as Chroot import qualified Propellor.Property.Chroot as Chroot
import qualified Propellor.Property.Apt as Apt import qualified Propellor.Property.Apt as Apt
import qualified Propellor.Property.File as File import qualified Propellor.Property.File as File
import Propellor.Property.Firewall (Port)
import Propellor.Property.Systemd.Core import Propellor.Property.Systemd.Core
import Utility.FileMode import Utility.FileMode
@ -270,3 +279,34 @@ containerCfg p = RevertableProperty (mk True) (mk False)
-- This property is enabled by default. Revert it to disable it. -- This property is enabled by default. Revert it to disable it.
resolvConfed :: RevertableProperty resolvConfed :: RevertableProperty
resolvConfed = containerCfg "bind=/etc/resolv.conf" resolvConfed = containerCfg "bind=/etc/resolv.conf"
-- | Disconnect networking of the container from the host.
privateNetwork :: RevertableProperty
privateNetwork = containerCfg "private-network"
-- | Publish a container's (tcp) port to same port on the host.
--
-- This automatically enables privateNetwork, so all non-published ports
-- will not be accessible outside the container.
--
-- Note that this feature was first added in systemd version 220.
publish :: Port -> RevertableProperty
publish p = publish' TCP p p
`requires` privateNetwork
data Proto = TCP | UDP
publish'
:: Proto
-> Port -- ^ Host port
-> Port -- ^ Container port
-> RevertableProperty
publish' proto hostport containerport = containerCfg $ "--port=" ++
intercalate ":"
[ sproto proto
, show hostport
, show containerport
]
where
sproto TCP = "tcp"
sproto UDP = "udp"