Commit 9b909937 authored by Heinz N. Gies's avatar Heinz N. Gies

Merge branch 'cneira1/vmadm-lx-support' into test

parents 0cd3c90c 6bab3529
Pipeline #12317708 passed with stage
in 2 minutes and 28 seconds
{
"cpu_cap": 100,
"image_uuid": "bb4bada0-a556-11e7-aac0-f1a39030aaa2",
"hostname": "lx-jail00",
"max_physical_memory": 1024,
"quota": 100,
"brand": "lx-jail",
"alias": "test",
"nics": [
{
"interface": "net0",
"nic_tag": "admin",
"gateway": "192.168.1.1",
"netmask": "255.255.255.0",
"ip": "192.168.1.235",
"primary": true
}
]
}
#!/usr/local/bin/bash
#set -x
declare -a DIRS=("bin" "dev" "mnt" "proc" "tmp" "etc/defaults")
declare -a EXECS=("COPYRIGHT" "/libexec/ld-elf.so.1" "bin/sh" "/sbin/ifconfig" "/sbin/route" "usr/sbin/jail")
ARCH=$(uname -m)
URL_ARCH=${ARCH};
case "${ARCH}" in
amd64)
ARCH=x86_64;
;;
arm64)
URL_ARCH=arm64/aarch64
;;
esac
if [ -x /usr/local/bin/pbzip2 ]
then
BZIP=/usr/local/bin/pbzip2
else
BZIP=bzip2
fi
#### End user editable vars
if [ -z "$1" ]
then
ROOT=zroot/jails
else
ROOT=$1
fi
if [ -z "$2" ]
then
VSN=`uname -r`
else
VSN=$2
fi
ID=$(uuidgen)
zfs create -p ${ROOT}/$ID
>&2 echo "Prepping outside jail..."
declare -a FILES
for d in "${DIRS[@]}"
do
mkdir -p /${ROOT}/$ID/root/$d
chown root:wheel /${ROOT}/$ID/root/$d
chmod 775 /${ROOT}/$ID/root/$d
done
cp /etc/defaults/devfs.rules /${ROOT}/$ID/root/etc/defaults
for e in "${EXECS[@]}"
do
FILES=("${FILES[@]}" $(ldd -a /$e 2> /dev/null | awk '/=>/{print $(NF-1)}'))
FILES=("${FILES[@]}" "$e")
done
for f in "${FILES[@]}"
do
mkdir -p /${ROOT}/$ID/root/$(dirname $f)
cp /$f /${ROOT}/$ID/root/$f
done
# Write some basic CentOS configuration files:
cp /etc/resolv.conf /${ROOT}/$ID/root/etc/resolv.conf
echo "linproc /jails/centos/proc linprocfs rw 0 0" >> /${ROOT}/$ID/fstab_centos6
>&2 echo "Prepping solitary confinement"
mkdir -p /${ROOT}/${ID}/root/jail
TARGET=/tmp/centos-${ARCH}-${VSN}.tgz
if [ ! -f ${TARGET} ]
then
fetch https://download.openvz.org/template/precreated/centos-6-x86.tar.gz -o ${TARGET}
else
echo "Image seems to already exist, not re-downloading, delete ${TARGET} to force re-download"
fi
tar -xf ${TARGET} -C /${ROOT}/${ID}/root/jail/
zfs snapshot ${ROOT}/${ID}@final
zfs send ${ROOT}/${ID}@final | ${BZIP} > ${ID}.dataset
SIZE=`ls -l ${ID}.dataset | cut -f 5 -w`
SHA=`sha1 -q ${ID}.dataset`
DATE=`date -u "+%Y-%m-%dT%H:%M:%SZ"`
cat <<EOF > $ID.json
{
"v": 2,
"uuid": "${ID}",
"name": "FreeBSD",
"version": "${VSN}",
"type": "lx-jail-dataset",
"os": "Linux",
"files": [
{
"size": ${SIZE},
"compression": "bzip2",
"sha1": "${SHA}"
}
],
"requirements": {
"architecture": "${ARCH}",
"networks": [{"name": "net0", "description": "public"}]
},
"published_at": "${DATE}",
"public": true,
"state": "active",
"disabled": false
}
EOF
>&2 echo "Jail is ready. Snapshot if needed"
echo $ID
......@@ -64,6 +64,11 @@ impl<'a> Jail<'a> {
pub fn start(&self, config: &Config) -> Result<i32, Box<Error>> {
self.set_rctl()?;
self.mount_devfs()?;
if self.config.brand == "lx-jail" {
self.mount_lxfs()?;
}
let CreateArgs { args, ifs } = create_args(config, self)?;
debug!("Start jail"; "vm" => self.idx.uuid.hyphenated().to_string(), "args" => args.clone().join(" "));
let id = start_jail(&self.idx.uuid, args)?;
......@@ -199,6 +204,38 @@ impl<'a> Jail<'a> {
Ok(0)
}
fn mount_lxfs(&self) -> Result<i32, Box<Error>> {
let mut linprocfs = String::from("/");
linprocfs.push_str(self.idx.root.as_str());
linprocfs.push_str("/root/jail/proc");
let linprocfs_args = vec!["-t", "linprocfs", "linprocfs", linprocfs.as_str()];
debug!("mounting linprocfs in inner jail"; "vm" => self.idx.uuid.hyphenated().to_string(), "args" =>linprocfs_args.clone().join(" "));
let output = Command::new(MOUNT).args(linprocfs_args).output().expect(
"failed to mount linprocfs in inner jail",
);
if !output.status.success() {
crit!("failed to mount inner linprocfs"; "vm" => self.idx.uuid.hyphenated().to_string());
return Err(GenericError::bx("Could not remove resource limits"));
}
let mut linsysfs = String::from("/");
linsysfs.push_str(self.idx.root.as_str());
linsysfs.push_str("/root/jail/sys");
let linsysfs_args = vec!["-t", "linsysfs", "linsysfs", linsysfs.as_str()];
debug!("mounting linsysfs in inner jail"; "vm" => self.idx.uuid.hyphenated().to_string(), "args" =>linsysfs_args.clone().join(" "));
let output = Command::new(MOUNT).args(linsysfs_args).output().expect(
"failed to mount linsysfs in inner jail",
);
if !output.status.success() {
crit!("failed to mount inner linsysfs"; "vm" => self.idx.uuid.hyphenated().to_string());
return Err(GenericError::bx("Could not remove resource limits"));
}
Ok(0)
}
fn remove_rctl(&self) -> Result<i32, Box<Error>> {
let mut prefix = String::from("jail:");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment