allow configuring systemd-nspawn parameters
This commit is contained in:
Joey Hess
parent
6c92f1034f
commit
6be49197f6
|
|
@ -89,6 +89,7 @@ meow :: Systemd.Container
|
||||||
meow = Systemd.container "meow" (Chroot.debootstrapped (System (Debian Unstable) "amd64") mempty)
|
meow = Systemd.container "meow" (Chroot.debootstrapped (System (Debian Unstable) "amd64") mempty)
|
||||||
& Apt.serviceInstalledRunning "uptimed"
|
& Apt.serviceInstalledRunning "uptimed"
|
||||||
& alias "meow.kitenet.net"
|
& alias "meow.kitenet.net"
|
||||||
|
& Systemd.containerCfg "private-network"
|
||||||
|
|
||||||
testChroot :: Chroot.Chroot
|
testChroot :: Chroot.Chroot
|
||||||
testChroot = Chroot.debootstrapped (System (Debian Unstable) "amd64") mempty "/tmp/chroot"
|
testChroot = Chroot.debootstrapped (System (Debian Unstable) "amd64") mempty "/tmp/chroot"
|
||||||
|
|
|
||||||
|
|
@ -5,12 +5,15 @@ module Propellor.Property.Systemd (
|
||||||
enabled,
|
enabled,
|
||||||
disabled,
|
disabled,
|
||||||
persistentJournal,
|
persistentJournal,
|
||||||
|
daemonReloaded,
|
||||||
Container,
|
Container,
|
||||||
container,
|
container,
|
||||||
nspawned,
|
nspawned,
|
||||||
|
containerCfg,
|
||||||
) where
|
) where
|
||||||
|
|
||||||
import Propellor
|
import Propellor
|
||||||
|
import Propellor.Types.Chroot
|
||||||
import qualified Propellor.Property.Chroot as Chroot
|
import qualified Propellor.Property.Chroot as Chroot
|
||||||
import qualified Propellor.Property.Apt as Apt
|
import qualified Propellor.Property.Apt as Apt
|
||||||
import qualified Propellor.Property.File as File
|
import qualified Propellor.Property.File as File
|
||||||
|
|
@ -18,6 +21,7 @@ import Propellor.Property.Systemd.Core
|
||||||
import Utility.SafeCommand
|
import Utility.SafeCommand
|
||||||
import Utility.FileMode
|
import Utility.FileMode
|
||||||
|
|
||||||
|
import Data.List
|
||||||
import Data.List.Utils
|
import Data.List.Utils
|
||||||
|
|
||||||
type ServiceName = String
|
type ServiceName = String
|
||||||
|
|
@ -63,6 +67,10 @@ persistentJournal = check (not <$> doesDirectoryExist dir) $
|
||||||
where
|
where
|
||||||
dir = "/var/log/journal"
|
dir = "/var/log/journal"
|
||||||
|
|
||||||
|
-- | Causes systemd to reload its configuration files.
|
||||||
|
daemonReloaded :: Property
|
||||||
|
daemonReloaded = trivial $ cmdProperty "systemctl" ["daemon-reload"]
|
||||||
|
|
||||||
-- | Defines a container with a given machine name.
|
-- | Defines a container with a given machine name.
|
||||||
--
|
--
|
||||||
-- Properties can be added to configure the Container.
|
-- Properties can be added to configure the Container.
|
||||||
|
|
@ -102,7 +110,7 @@ nspawned c@(Container name (Chroot.Chroot loc system builderconf _) h) =
|
||||||
steps =
|
steps =
|
||||||
[ enterScript c
|
[ enterScript c
|
||||||
, chrootprovisioned
|
, chrootprovisioned
|
||||||
, nspawnService c
|
, nspawnService c (_chrootCfg $ _chrootinfo $ hostInfo h)
|
||||||
]
|
]
|
||||||
|
|
||||||
-- Chroot provisioning is run in systemd-only mode,
|
-- Chroot provisioning is run in systemd-only mode,
|
||||||
|
|
@ -118,19 +126,46 @@ nspawned c@(Container name (Chroot.Chroot loc system builderconf _) h) =
|
||||||
|
|
||||||
chroot = Chroot.Chroot loc system builderconf h
|
chroot = Chroot.Chroot loc system builderconf h
|
||||||
|
|
||||||
nspawnService :: Container -> RevertableProperty
|
-- | Sets up the service file for the container, and then starts
|
||||||
nspawnService (Container name _ _) = RevertableProperty setup teardown
|
-- it running.
|
||||||
|
nspawnService :: Container -> ChrootCfg -> RevertableProperty
|
||||||
|
nspawnService (Container name _ _) cfg = RevertableProperty setup teardown
|
||||||
where
|
where
|
||||||
service = nspawnServiceName name
|
service = nspawnServiceName name
|
||||||
servicefile = "/etc/systemd/system/multi-user.target.wants" </> service
|
servicefile = "/etc/systemd/system/multi-user.target.wants" </> service
|
||||||
|
|
||||||
setup = check (not <$> doesFileExist servicefile) $
|
servicefilecontent = do
|
||||||
started service
|
ls <- lines <$> readFile "/lib/systemd/system/ssh.service"
|
||||||
`requires` enabled service
|
return $ unlines $
|
||||||
|
"# deployed by propellor" : map addparams ls
|
||||||
|
addparams l
|
||||||
|
| "ExecStart=" `isPrefixOf` l =
|
||||||
|
l ++ " " ++ unwords (nspawnServiceParams cfg)
|
||||||
|
| otherwise = l
|
||||||
|
|
||||||
|
goodservicefile = (==)
|
||||||
|
<$> servicefilecontent
|
||||||
|
<*> catchDefaultIO "" (readFile servicefile)
|
||||||
|
|
||||||
|
writeservicefile = property servicefile $ liftIO $ do
|
||||||
|
viaTmp writeFile servicefile =<< servicefilecontent
|
||||||
|
return MadeChange
|
||||||
|
|
||||||
|
setupservicefile = check (not <$> goodservicefile) $
|
||||||
|
-- if it's running, it has the wrong configuration,
|
||||||
|
-- so stop it
|
||||||
|
stopped service
|
||||||
|
`requires` daemonReloaded
|
||||||
|
`requires` writeservicefile
|
||||||
|
|
||||||
|
setup = started service `requires` setupservicefile
|
||||||
|
|
||||||
teardown = check (doesFileExist servicefile) $
|
teardown = check (doesFileExist servicefile) $
|
||||||
disabled service
|
disabled service `requires` stopped service
|
||||||
`requires` stopped service
|
|
||||||
|
nspawnServiceParams :: ChrootCfg -> [String]
|
||||||
|
nspawnServiceParams ChrootCfg = []
|
||||||
|
nspawnServiceParams (SystemdNspawnCfg ps) = ps
|
||||||
|
|
||||||
-- | Installs a "enter-machinename" script that root can use to run a
|
-- | Installs a "enter-machinename" script that root can use to run a
|
||||||
-- command inside the container.
|
-- command inside the container.
|
||||||
|
|
@ -171,3 +206,16 @@ containerDir name = "/var/lib/container" </> mungename name
|
||||||
|
|
||||||
mungename :: MachineName -> String
|
mungename :: MachineName -> String
|
||||||
mungename = replace "/" "_"
|
mungename = replace "/" "_"
|
||||||
|
|
||||||
|
-- | This configures how systemd-nspawn(1) starts the container,
|
||||||
|
-- by specifying a parameter, such as "--private-network", or
|
||||||
|
-- "--link-journal=guest"
|
||||||
|
--
|
||||||
|
-- When there is no leading dash, "--" is prepended to the parameter.
|
||||||
|
containerCfg :: String -> Property
|
||||||
|
containerCfg p = pureInfoProperty ("container configured with " ++ p') $
|
||||||
|
mempty { _chrootinfo = mempty { _chrootCfg = SystemdNspawnCfg [p'] } }
|
||||||
|
where
|
||||||
|
p' = case p of
|
||||||
|
('-':_) -> p
|
||||||
|
_ -> "--" ++ p
|
||||||
|
|
|
||||||
|
|
@ -3,13 +3,27 @@ module Propellor.Types.Chroot where
|
||||||
import Data.Monoid
|
import Data.Monoid
|
||||||
import qualified Data.Map as M
|
import qualified Data.Map as M
|
||||||
|
|
||||||
data ChrootInfo h = ChrootInfo
|
data ChrootInfo host = ChrootInfo
|
||||||
{ _chroots :: M.Map FilePath h
|
{ _chroots :: M.Map FilePath host
|
||||||
|
, _chrootCfg :: ChrootCfg
|
||||||
}
|
}
|
||||||
deriving (Show)
|
deriving (Show)
|
||||||
|
|
||||||
instance Monoid (ChrootInfo h) where
|
instance Monoid (ChrootInfo host) where
|
||||||
mempty = ChrootInfo mempty
|
mempty = ChrootInfo mempty mempty
|
||||||
mappend old new = ChrootInfo
|
mappend old new = ChrootInfo
|
||||||
{ _chroots = M.union (_chroots old) (_chroots new)
|
{ _chroots = M.union (_chroots old) (_chroots new)
|
||||||
|
, _chrootCfg = _chrootCfg old <> _chrootCfg new
|
||||||
}
|
}
|
||||||
|
|
||||||
|
data ChrootCfg
|
||||||
|
= ChrootCfg
|
||||||
|
| SystemdNspawnCfg [String]
|
||||||
|
deriving (Show)
|
||||||
|
|
||||||
|
instance Monoid ChrootCfg where
|
||||||
|
mempty = ChrootCfg
|
||||||
|
mappend _ ChrootCfg = ChrootCfg
|
||||||
|
mappend ChrootCfg r = r
|
||||||
|
mappend (SystemdNspawnCfg l1) (SystemdNspawnCfg l2) =
|
||||||
|
SystemdNspawnCfg (l1 <> l2)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue