Container service dir creation scripts - mrrl-containers

commit 3739dbadf0a68a44750f921273adc625e78e48bf
parent e5c93f1e471580f6fd0a93655d04ca92e1841180
Author: Jan Pobrislo <ccx@webprojekty.cz>
Date:   Fri, 15 Jan 2021 17:46:40 +0100

Container service dir creation scripts
Diffstat:
M zsh-functions/confz_containers_init  | 237 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-------------
A zsh-functions/confz_site_containers_init  | 22 ++++++++++++++++++++++

2 files changed, 222 insertions(+), 37 deletions(-)
diff --git a/zsh-functions/confz_containers_init b/zsh-functions/confz_containers_init
@@ -1,5 +1,205 @@
 # vim: ft=zsh noet ts=4 sts=4 sw=4
 
+
+# find: ‘./event’: Permission denied
+# /	d	o0:0	m755
+# /clone-newpid	cN		o0:0	m644
+# /data	d	o0:0	m755
+# /data/fstab
+# CN	/mnt/volumes/containers/alpine-xsession	/mnt/volumes/containers/user/ccx/xsession.6/root	none	bind,ro	0 0
+# 	/run/containers/xsession.6.ccx/run	/mnt/volumes/containers/user/ccx/xsession.6/root/run	none	bind	0 0
+# 	/run/containers/xsession.6.ccx/tmp	/mnt/volumes/containers/user/ccx/xsession.6/root/tmp	none	bind	0 0
+# 	/run/containers/xsession.6.ccx/home	/mnt/volumes/containers/user/ccx/xsession.6/root/home	none	bind	0 0
+# 	/run/containers/xsession.6.ccx/inbox	/mnt/volumes/containers/user/ccx/xsession.6/root/run/inbox	none	bind,ro	0 0
+# o0:0	m644
+# /data/root	l	/mnt/volumes/containers/user/ccx/xsession.6/root	o0:0	m777
+# /down	cN		o0:0	m644
+# /env	d	o0:0	m755
+# /env/CONTAINER_NAME	cN	xsession.6	o0:0	m644
+# /env/CONTAINER_USER	cN	ccx	o0:0	m644
+# /event	d	o0:100	m3730
+# /finish	l	/usr/local/bzr/containers/service_scripts/xsession/finish	o0:0	m777
+# /run	l	/usr/local/bzr/containers/service_scripts/xsession/run	o0:0	m777
+# /supervise	d	o0:0	m755
+# /supervise/control	p	o1000:0	m600
+# /supervise/death_tally	cN		o0:0	m644
+# /supervise/lock	cN		o1000:0	m644
+# /supervise/status	B	QAAAAF/8iBYvOSJcQAAAAF/8iBYvOSJcAAAAAAAAAAAAABQ=
+# o0:0	m644
+
+confz_container_service_check() {
+	checkvars svc_dir root_link run_link finish_link fstab
+	defvar down true
+	defvar control_user root
+	defvar control_group root
+
+	require fs_d flags=p filename=$vars[svc_dir]
+	require fs_m filename=$vars[svc_dir] mode=755
+
+	if $vars[down]; then
+		require fs_f filename=$vars[svc_dir]/down
+	else
+		require fs_r filename=$vars[svc_dir]/down
+	fi
+
+	require fs_f filename=$vars[svc_dir]/clone_newpid
+
+	require fs_d filename=$vars[svc_dir]/data
+	require fs_m filename=$vars[svc_dir]/data mode=755
+
+	require fs_l filename=$vars[svc_dir]/data/root \
+		destination=$vars[root_link]
+
+	require fs_c filename=$vars[svc_dir]/data/fstab \
+		content_call="printf '%s\n' ${(Q)vars[fstab]}"
+	require fs_m filename=$vars[svc_dir]/data/fstab mode=644
+
+	require fs_l filename=$vars[svc_dir]/data/run \
+		destination=$vars[run_link]
+	require fs_l filename=$vars[svc_dir]/data/finish \
+		destination=$vars[finish_link]
+
+	require fs_d filename=$vars[svc_dir]/event
+	require fs_o filename=$vars[svc_dir]/event \
+		owner=0 group=$vars[control_group]
+	require fs_m filename=$vars[svc_dir]/event mode=3730
+
+	require fs_d filename=$vars[svc_dir]/supervise
+	require fs_o filename=$vars[svc_dir]/supervise \
+		owner=0 group=0
+	require fs_m filename=$vars[svc_dir]/supervise mode=755
+
+	require fs_pipe filename=$vars[svc_dir]/supervise/control
+	require fs_o filename=$vars[svc_dir]/supervise/control \
+		owner=$vars[control_user] group=0
+	require fs_m filename=$vars[svc_dir]/supervise/control mode=600
+
+	require fs_f filename=$vars[svc_dir]/supervise/lock
+	require fs_o filename=$vars[svc_dir]/supervise/lock \
+		owner=$vars[control_user] group=0
+	require fs_m filename=$vars[svc_dir]/supervise/lock mode=644
+}
+
+confz_container_service_preset_check() {
+	local preset_dir=/usr/local/bzr/containers/service_scripts
+	checkvars svc_dir preset
+	[[ -x $preset_dir/$vars[preset]/run ]] || die "not an executable file: $preset_dir/$vars[preset]/run"
+	[[ -x $preset_dir/$vars[preset]/finish ]] || die "not an executable file: $preset_dir/$vars[preset]/finish"
+	require container_service \
+		run_link=$preset_dir/$vars[preset]/run \
+		finish_link=$preset_dir/$vars[preset]/finish \
+		:svc_dir :root_link :fstab :down :control_user :control_group
+}
+
+confz_container_service_generic_check() {
+	local uid gid container_user_dir svc_dir
+	local -a fstab
+	checkvars containers_dir svscan_dir image_name user
+	defvar fstab_extra ''
+
+	uid="${${(s.:.)"$(getent passwd ccx)"}[3]}" \
+	gid="${${(s.:.)"$(getent group ccx)"}[3]}" \
+
+	require fs_d filename=$vars[containers_dir]/user/$vars[user]
+	require fs_m filename=$vars[containers_dir]/user/$vars[user] mode=751
+	require fs_o filename=$vars[containers_dir]/user/$vars[user] owner=0:gid
+
+	container_user_dir=$vars[containers_dir]/user/$vars[user]/$vars[image_name]
+	require fs_d filename=$container_user_dir
+	require fs_m filename=$container_user_dir mode=751
+	require fs_o filename=$container_user_dir owner=0:gid
+
+	require fs_d filename=$container_user_dir/root
+	require fs_m filename=$container_user_dir/root mode=751
+	require fs_o filename=$container_user_dir/root owner=0:$gid
+
+	require fs_d filename=$container_user_dir/home
+	require fs_m filename=$container_user_dir/home mode=751
+	require fs_o filename=$container_user_dir/home owner=0:$gid
+
+	require fs_d filename=$container_user_dir/home/$vars[user]
+	require fs_o filename=$container_user_dir/home/$vars[user] owner=$uid:$gid
+
+	require fs_d filename=$vars[containers_dir]/home/$vars[user]
+	require fs_m filename=$vars[containers_dir]/home/$vars[user] mode=751
+	require fs_o filename=$vars[containers_dir]/home/$vars[user] owner=0:gid
+
+	require fs_l filename=$vars[containers_dir]/home/$vars[user]/$vars[image_name] \
+		destination=../../user/$vars[user]/$vars[image_name]/home/$vars[user]
+
+	fstab=(
+		$vars[containers_dir]/$vars[image_name]$'\t'$container_user_dir/root$'\tnone\tbind,ro,nosuid,nodev\t0 0'
+		$container_user_dir/home$'\t'$container_user_dir/root/home$'\tnone\tbind,nosuid,nodev\t0 0'
+		/run/containers/$vars[image_name].$vars[user]/run$'\t'$container_user_dir/root/run$'\tnone\tbind,nosuid,nodev\t0 0'
+		/run/containers/$vars[image_name].$vars[user]/tmp$'\t'$container_user_dir/root/tmp$'\tnone\tbind,nosuid,nodev\t0 0'
+		/run/containers/$vars[image_name].$vars[user]/inbox$'\t'$container_user_dir/root/run/inbox$'\tnone\tbind,nosuid,nodev\t0 0'
+		"${(f@)vars[fstab_extra]}"
+	)
+
+	svc_dir=$vars[svscan_dir]/container.$vars[image_name].$vars[user]
+	require container_service_preset preset=generic \
+		svc_dir=$svc_dir control_user=$uid control_group=$gid \
+		root_link=$container_user_dir/root \
+		fstab=${(F)fstab} :down
+	require fs_d filename=$svc_dir/env
+	require fs_c filename=$svc_dir/env/CONTAINER_USER \
+		content_call="printf '%s\n' "${(q)vars[user]}
+	require fs_c filename=$svc_dir/env/CONTAINER_NAME \
+		content_call="printf '%s\n' "${(q)vars[image_name]}
+}
+
+confz_container_service_xsession_check() {
+	local uid gid container_user_dir svc_dir
+	local -a fstab
+	checkvars containers_dir svscan_dir image_name user display_number
+	defvar fstab_extra ''
+
+	uid="${${(s.:.)"$(getent passwd ccx)"}[3]}" \
+	gid="${${(s.:.)"$(getent group ccx)"}[3]}" \
+
+	require fs_d filename=$vars[containers_dir]/user/$vars[user]
+	require fs_m filename=$vars[containers_dir]/user/$vars[user] mode=751
+	require fs_o filename=$vars[containers_dir]/user/$vars[user] owner=0:gid
+
+	container_user_dir=$vars[containers_dir]/user/$vars[user]/$vars[image_name]
+	require fs_d filename=$container_user_dir
+	require fs_m filename=$container_user_dir mode=751
+	require fs_o filename=$container_user_dir owner=0:gid
+
+	require fs_d filename=$container_user_dir/root
+	require fs_m filename=$container_user_dir/root mode=751
+	require fs_o filename=$container_user_dir/root owner=0:$gid
+
+	require fs_d filename=$vars[containers_dir]/home/$vars[user]
+	require fs_m filename=$vars[containers_dir]/home/$vars[user] mode=751
+	require fs_o filename=$vars[containers_dir]/home/$vars[user] owner=0:gid
+
+	require fs_l filename=$vars[containers_dir]/home/$vars[user]/$vars[image_name] \
+		destination=../../user/$vars[user]/$vars[image_name]/root/home/$vars[user]
+
+	fstab=(
+		$vars[containers_dir]/$vars[image_name]$'\t'$container_user_dir/root$'\tnone\tbind,ro,nosuid,nodev\t0 0'
+		/run/containers/$vars[image_name].$vars[user]/home$'\t'$container_user_dir/root/home$'\tnone\tbind,nosuid,nodev\t0 0'
+		/run/containers/$vars[image_name].$vars[user]/run$'\t'$container_user_dir/root/run$'\tnone\tbind,nosuid,nodev\t0 0'
+		/run/containers/$vars[image_name].$vars[user]/tmp$'\t'$container_user_dir/root/tmp$'\tnone\tbind,nosuid,nodev\t0 0'
+		/run/containers/$vars[image_name].$vars[user]/inbox$'\t'$container_user_dir/root/run/inbox$'\tnone\tbind,nosuid,nodev\t0 0'
+		"${(f@)vars[fstab_extra]}"
+	)
+
+	svc_dir=$vars[svscan_dir]/container.xsession.$vars[display_number].$vars[user]
+	require container_service_preset preset=xsession \
+		svc_dir=$svc_dir control_user=$uid control_group=$gid \
+		root_link=$container_user_dir/root \
+		fstab=${(F)fstab} :down
+	require fs_d filename=$svc_dir/env
+	require fs_c filename=$svc_dir/env/CONTAINER_USER \
+		content_call="printf '%s\n' "${(q)vars[user]}
+	require fs_c filename=$svc_dir/env/CONTAINER_NAME \
+		content_call="printf '%s\n' "${(q)HOST}
+}
+
+# --- old
+
 confz_container_installed_alpine_check() {
 	checkvars container_root arch
 	defvar keys_dir /etc/apk/keys
@@ -17,26 +217,6 @@ confz_container_installed_alpine_check() {
 	done
 }
 
-confz_container_dev_nodes_check() {
-	checkvars container_root
-	local R=$vars[container_root]
-	require fs_d flags= filename=$R/dev
-	require fs_d flags= filename=$R/dev/pts
-	require fs_d flags= filename=$R/dev/shm
-	require fs_l flags= filename=$R/dev/stdin destination=/proc/self/fd/0
-	require fs_l flags= filename=$R/dev/stdout destination=/proc/self/fd/1
-	require fs_l flags= filename=$R/dev/stderr destination=/proc/self/fd/2
-	require fs_l flags= filename=$R/dev/fd destination=/proc/self/fd
-	require fs_device flags= filename=$R/dev/full \
-		device_type=c major=1 minor=7
-	require fs_device flags= filename=$R/dev/null \
-		device_type=c major=1 minor=3
-	require fs_device flags= filename=$R/dev/ptmx \
-		device_type=c major=5 minor=2
-	require fs_device flags= filename=$R/dev/zero \
-		device_type=c major=1 minor=5
-}
-
 confz_container_alpine_configured_check() {
 	checkvars container_root arch keys_dir repositories
 	local R=$vars[container_root]
@@ -157,20 +337,3 @@ confz_container_user_setup_check() {
 
 
 }
-
-container_svc_run() {
-	local uid_gid=$1
-	local D=$2
-	printf '%s\n' \
-	"C	#!/command/execlineb" \
-	"	if { mount -a --fstab $vars[containers_dir]/user/$vars[user]/$vars[container_name]/fstab }" \
-	"	env HOST=$vars[container_name] RUN_CHOWN=$uid_gid /root/ns_run $vars[containers_dir]/user/$vars[user]/$vars[container_name]/union -u $uid_gid /home/$vars[user]/run/init"
-}
-
-container_svc_finish() {
-	local D=$1
-	printf '%s\n' \
-	"C	#!/command/execlineb" \
-	"	foreground { umount $vars[containers_dir]/user/$vars[user]/$vars[container_name]/union/run }" \
-	"	umount $vars[containers_dir]/user/$vars[user]/$vars[container_name]/union" 
-}
diff --git a/zsh-functions/confz_site_containers_init b/zsh-functions/confz_site_containers_init
@@ -0,0 +1,22 @@
+# vim: ft=zsh noet ts=4 sts=4 sw=4
+
+confz_site_containers_check() {
+	checkvars containers_dir svscan_dir user
+	local display container
+	for display in 5 6 7 8; do
+		require container_service_xsession \
+			display_number=$display image_name=alpine-xsession \
+			:containers_dir :svscan_dir :user
+	done
+	for container in alpine-{games,dev,browsers}; do
+		require container_service_generic \
+			image_name=$container \
+			:containers_dir :svscan_dir :user
+	done
+}
+
+confz_site_containers_check() {
+	require site_containers_user user=ccx \
+		containers_dir=/mnt/volumes/containers \
+		svscan_dir=/run/service
+}

	mrrl-containers MRRL version of container scripts
	git clone https://ccx.te2000.cz/git/mrrl-containers
	Log \| Files \| Refs

M	zsh-functions/confz_containers_init	\|	237	++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-------------
A	zsh-functions/confz_site_containers_init	\|	22	++++++++++++++++++++++