public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos-container: NixOps helper functions

Browse Source
This commit is contained in:
Eelco Dolstra 2014-03-20 15:09:53 +01:00
parent 29c469b88d
commit 6010b0e886
1 changed files with 42 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
nixos/modules/virtualisation/nixos-container.sh
View File

@ -1,21 +1,25 @@
#! @bash@/bin/sh -e #! @bash@/bin/sh -e
usage() { usage() {
echo "Usage: $0 create <container-name> [--config <filename>]" >&2 echo "Usage: $0 list" >&2
echo " $0 create <container-name> [--config <filename>] [--ensure-unique-name]" >&2
echo " $0 update <container-name>" >&2 echo " $0 update <container-name>" >&2
echo " $0 destroy <container-name>" >&2 echo " $0 destroy <container-name>" >&2
echo " $0 login <container-name>" >&2 echo " $0 login <container-name>" >&2
echo " $0 root-shell <container-name>" >&2 echo " $0 root-shell <container-name>" >&2
echo " $0 set-root-password <container-name> <password>" >&2 echo " $0 set-root-password <container-name> <password>" >&2
echo " $0 show-ip <container-name>" >&2
} }
args="`getopt --options '' -l help -l config: -- "$@"`" args="`getopt --options '' -l help -l config: -l ensure-unique-name -- "$@"`"
eval "set -- $args" eval "set -- $args"
extraConfigFile= extraConfigFile=
ensureUniqueName=
while [ $# -gt 0 ]; do while [ $# -gt 0 ]; do
case "$1" in case "$1" in
(--help) usage; exit 0;; (--help) usage; exit 0;;
(--config) shift; extraConfigFile=$1;; (--config) shift; extraConfigFile=$1;;
(--ensure-unique-name) ensureUniqueName=1;;
(--) shift; break;; (--) shift; break;;
(*) break;; (*) break;;
esac esac
@ -34,12 +38,28 @@ getContainerRoot() {
fi fi
} }
if [ $action = list ]; then
for i in $(cd /etc/containers && echo *.conf); do
echo "$(basename "$i" .conf)"
done
exit 0
fi
container="$1" container="$1"
if [ -z "$container" ]; then usage; exit 1; fi if [ -z "$container" ]; then usage; exit 1; fi
shift shift
if [ $action = create ]; then if [ $action = create ]; then
if [ -n "$ensureUniqueName" ]; then
# FIXME: race
nr=0
while [ -e "/etc/containers/$container-$nr.conf" -o -e "/var/lib/containers/$container-$nr" ]; do
: $((nr++))
done
container="$container-$nr"
fi
confFile="/etc/containers/$container.conf" confFile="/etc/containers/$container.conf"
root="/var/lib/containers/$container" root="/var/lib/containers/$container"
@ -61,13 +81,19 @@ with pkgs.lib;
networking.hostName = mkDefault \"$container\"; networking.hostName = mkDefault \"$container\";
networking.useDHCP = false; networking.useDHCP = false;
imports = [ <nixpkgs/nixos/modules/virtualisation/container-login.nix> $extraConfigFile ]; imports = [ <nixpkgs/nixos/modules/virtualisation/container-login.nix> $extraConfigFile ];
services.openssh.enable = true;
services.openssh.extraConfig =
''
UseDNS no
'';
users.extraUsers.root.openssh.authorizedKeys.keys = [ \"ssh-dss AAAAB3NzaC1kc3MAAACBAOo3foMFsYvc+LEVVTAeXpaxdOFG6O2NE9coxZYN6UtwE477GwkvZ4uKymAekq3TB8I6dDg4QFfE27fIip/rQHJ/Rus+KsxwnTbwPzE0WcZVpkKQsepsoqLkfwMpiPfn5/oxcnJsimwRY/E95aJmmOHdGaYWrc0t4ARa+6teUgdFAAAAFQCSQq2Wil0/X4hDypGGUKlKvYyaWQAAAIAy/0fSDnz1tZOQBGq7q78y406HfWghErrVlrW9g+foJQG5pgXXcdJs9JCIrlaKivUKITDsYnQaCjrZaK8eHnc4ksbkSLfDOxFnR5814ulCftrgEDOv9K1UU3pYketjFMvQCA2U48lR6jG/99CPNXPH55QEFs8H97cIsdLQw9wM4gAAAIEAmzWZlXLzIf3eiHQggXqvw3+C19QvxQITcYHYVTx/XYqZi1VZ/fkY8bNmdcJsWFyOHgEhpEca+xM/SNvH/14rXDmt0wtclLEx/4GVLi59hQCnnKqv7HzJg8RF4v6XTiROBAEEdb4TaFuFn+JCvqPzilTzXTexvZKJECOvfYcY+10= eelco.dolstra@logicblox.com\" ];
}" }"
configFile="$root/etc/nixos/configuration.nix" configFile="$root/etc/nixos/configuration.nix"
echo "$config" > "$configFile" echo "$config" > "$configFile"
nix-env -p "$profileDir/system" -I "nixos-config=$configFile" -f '<nixpkgs/nixos>' --set -A system nix-env -p "$profileDir/system" -I "nixos-config=$configFile" -f '<nixpkgs/nixos>' --set -A system
# Allocate a new /8 network in the 10.233.* range. # Allocate a new /8 network in the 10.233.* range. FIXME: race
network="$(sed -e 's/.*_ADDRESS=10\.233\.\(.*\)\..*/\1/; t; d' /etc/containers/*.conf | sort -n | tail -n1)" network="$(sed -e 's/.*_ADDRESS=10\.233\.\(.*\)\..*/\1/; t; d' /etc/containers/*.conf | sort -n | tail -n1)"
if [ -z "$network" ]; then network=0; else : $((network++)); fi if [ -z "$network" ]; then network=0; else : $((network++)); fi
@ -84,6 +110,11 @@ EOF
echo "starting container@$container.service..." >&2 echo "starting container@$container.service..." >&2
systemctl start "container@$container.service" systemctl start "container@$container.service"
# Print generated container name on stdout.
if [ -n "$ensureUniqueName" ]; then
echo "$container"
fi
elif [ $action = update ]; then elif [ $action = update ]; then
getContainerRoot getContainerRoot
@ -101,7 +132,7 @@ elif [ $action = destroy ]; then
getContainerRoot getContainerRoot
confFile="/etc/containers/$container.conf" confFile="/etc/containers/$container.conf"
if [ ! -w "$confFile" ]; then if [ -e "$confFile" -a ! -w "$confFile" ]; then
echo "$0: cannot destroy declarative container (remove it from your configuration.nix instead)" echo "$0: cannot destroy declarative container (remove it from your configuration.nix instead)"
exit 1 exit 1
fi fi
@ -112,6 +143,7 @@ elif [ $action = destroy ]; then
fi fi
rm -f "$confFile" rm -f "$confFile"
rm -rf "$root"
elif [ $action = login ]; then elif [ $action = login ]; then
@ -132,6 +164,12 @@ elif [ $action = set-root-password ]; then
getContainerRoot getContainerRoot
(echo "passwd"; echo "$password"; echo "$password") | @socat@/bin/socat "unix:$root/var/lib/root-shell.socket" - (echo "passwd"; echo "$password"; echo "$password") | @socat@/bin/socat "unix:$root/var/lib/root-shell.socket" -
elif [ $action = show-ip ]; then
getContainerRoot
. "/etc/containers/$container.conf"
echo "$LOCAL_ADDRESS"
else else
echo "$0: unknown action $action" >&2 echo "$0: unknown action $action" >&2
exit 1 exit 1