def cmd_export_overlay(pod_id, output_path, filter_patterns, *, debug=False):
oses.assert_root_privilege()
ASSERT.not_predicate(output_path, g1.files.lexists)
# Exclude pod-generated files.
# TODO: Right now we hard-code the list, but this is fragile.
filter_args = [
'--exclude=/etc/machine-id',
'--exclude=/var/lib/dbus/machine-id',
'--exclude=/etc/hostname',
'--exclude=/etc/hosts',
'--exclude=/etc/systemd',
'--exclude=/etc/.pwd.lock',
'--exclude=/etc/mtab',
# Remove distro unit files.
'--exclude=/etc/systemd/system',
'--exclude=/lib/systemd/system',
'--exclude=/usr/lib/systemd/system',
]
filter_args.extend('--%s=%s' % pair for pair in filter_patterns)
if debug:
# Log which files are included/excluded due to filter rules.
filter_args.append('--debug=FILTER2')
with locks.acquiring_exclusive(_get_active_path()):
pod_dir_path = ASSERT.predicate(_get_pod_dir_path(pod_id), Path.is_dir)
pod_dir_lock = ASSERT.true(locks.try_acquire_exclusive(pod_dir_path))
try:
upper_path = _get_upper_path(pod_dir_path)
bases.rsync_copy(upper_path, output_path, filter_args)
finally:
pod_dir_lock.release()
pod_dir_lock.close()
def cmd_cleanup():
oses.assert_root_privilege()
ops_dirs = pod_ops_dirs.make_ops_dirs()
ops_dirs.cleanup()
xar_ops_dirs.make_ops_dirs().cleanup()
tokens.make_tokens_database().cleanup(ops_dirs)
return 0
def cmd_init():
"""Initialize the repository."""
oses.assert_group_exist(PARAMS.application_group.get())
# For rsync_copy.
scripts.check_command_exist('rsync')
oses.assert_root_privilege()
make_dir(get_repo_path(), 0o750, chown_app, parents=True)
def cmd_remove_tag(tag):
oses.assert_root_privilege()
with locks.acquiring_exclusive(_get_tags_path()):
try:
_get_tag_path(tag).unlink()
except FileNotFoundError:
pass
def cmd_run_prepared(pod_id, *, debug=False):
oses.assert_root_privilege()
pod_dir_path = ASSERT.predicate(_get_pod_dir_path(pod_id), Path.is_dir)
_lock_pod_dir_for_exec(pod_dir_path)
if g1.files.is_empty_dir(_get_rootfs_path(pod_dir_path)):
LOG.warning('overlay is not mounted; system probably rebooted')
_mount_overlay(pod_dir_path, _read_config(pod_dir_path))
_run_pod(pod_id, debug=debug)
def cmd_build_base_image(name, version, base_image_path, prune_stash_path):
oses.assert_root_privilege()
LOG.info('create base image: %s', base_image_path)
images.build_image(
images.ImageMetadata(name=name, version=version),
lambda dst_path: _create_image_rootfs(dst_path, prune_stash_path),
base_image_path,
)
def cmd_cleanup(expiration):
oses.assert_root_privilege()
with locks.acquiring_exclusive(_get_tmp_path()):
_cleanup_tmp()
with locks.acquiring_exclusive(_get_tags_path()), \
locks.acquiring_exclusive(get_trees_path()):
_cleanup_trees(expiration)
_cleanup_tags()
def cmd_install(args):
oses.assert_root_privilege()
bundle_dir = pod_ops_dirs.PodBundleDir(args.bundle)
ops_dirs = pod_ops_dirs.make_ops_dirs()
ops_dirs.install(bundle_dir.path)
if args.also_start:
return _start(ops_dirs, bundle_dir.label, bundle_dir.version, args)
return 0
def cmd_add_ref(pod_id, target_path):
oses.assert_root_privilege()
with locks.acquiring_shared(_get_active_path()):
_add_ref(
ASSERT.predicate(_get_pod_dir_path(pod_id), Path.is_dir),
ASSERT.not_predicate(target_path, g1.files.lexists),
)
return 0
def cmd_tag(*, image_id=None, name=None, version=None, tag=None, new_tag):
oses.assert_root_privilege()
with locks.acquiring_exclusive(_get_tags_path()):
with locks.acquiring_shared(get_trees_path()):
image_dir_path = ASSERT.not_none(
_find_image_dir_path(image_id, name, version, tag)
)
_tag_image(new_tag, image_dir_path)
def cmd_cleanup(expiration):
oses.assert_root_privilege()
_cleanup_active(expiration)
for top_dir_path in (
_get_tmp_path(),
_get_graveyard_path(),
):
with locks.acquiring_exclusive(top_dir_path):
_cleanup_top_dir(top_dir_path)
def cmd_cleanup():
oses.assert_root_privilege()
with locks.acquiring_exclusive(_get_xars_repo_path()):
for xar_dir_path in _get_xars_repo_path().iterdir():
if not xar_dir_path.is_dir():
LOG.info('remove unknown file: %s', xar_dir_path)
xar_dir_path.unlink()
else:
_cleanup_xar_dir(xar_dir_path)
def cmd_uninstall(xar_name):
oses.assert_root_privilege()
with _locking_top_dirs():
xar_dir_path = _get_xar_dir_path(xar_name)
if not xar_dir_path.exists():
LOG.debug('xar does not exist: %s', xar_dir_path)
else:
_uninstall_xar_dir(xar_dir_path)
_cleanup_xar_dir(xar_dir_path)
def cmd_init():
"""Initialize the pod repository."""
scripts.assert_command_exist('mount')
scripts.assert_command_exist('umount')
# Use systemd-nspawn of the host system for now.
scripts.assert_command_exist('systemd-nspawn')
oses.assert_root_privilege()
bases.make_dir(_get_pod_repo_path(), 0o750, bases.chown_app)
bases.make_dir(_get_active_path(), 0o750, bases.chown_app)
bases.make_dir(_get_graveyard_path(), 0o750, bases.chown_app)
bases.make_dir(_get_tmp_path(), 0o750, bases.chown_app)
def cmd_init():
"""Initialize the image repository."""
# For _extract_image.
scripts.assert_command_exist('tar')
# For build_image.
scripts.check_command_exist('tar')
oses.assert_root_privilege()
bases.make_dir(_get_image_repo_path(), 0o750, bases.chown_app)
bases.make_dir(_get_tags_path(), 0o750, bases.chown_app)
bases.make_dir(_get_tmp_path(), 0o750, bases.chown_app)
bases.make_dir(get_trees_path(), 0o750, bases.chown_app)
def cmd_assign(args):
oses.assert_root_privilege()
ASSERT.in_(
args.pod_id,
tokens.load_active_pod_ids(pod_ops_dirs.make_ops_dirs()),
)
with tokens.make_tokens_database().writing() as active_tokens:
ASSERT.predicate(args.token_name, active_tokens.has_definition)
active_tokens.assign(args.token_name, args.pod_id, args.name,
args.value)
return 0
def cmd_unassign(args):
oses.assert_root_privilege()
# You can only unassign a token from a removed pod (in this case, we
# treat the host as removed).
active_pod_ids = tokens.load_active_pod_ids(pod_ops_dirs.make_ops_dirs())
active_pod_ids.remove(ctr_models.read_host_pod_id())
ASSERT.not_in(args.pod_id, active_pod_ids)
with tokens.make_tokens_database().writing() as active_tokens:
ASSERT.predicate(args.token_name, active_tokens.has_definition)
active_tokens.unassign(args.token_name, args.pod_id, args.name)
return 0
def cmd_stop(args):
oses.assert_root_privilege()
return _ops_dir_apply(
'stop',
pod_ops_dirs.make_ops_dirs(),
args.label,
args.version,
lambda ops_dir: ops_dir.stop(
unit_names=args.unit,
all_units=args.unit_all,
),
)
def cmd_undefine(args):
oses.assert_root_privilege()
active_pod_ids = tokens.load_active_pod_ids(pod_ops_dirs.make_ops_dirs())
with tokens.make_tokens_database().writing() as active_tokens:
if not active_tokens.has_definition(args.token_name):
LOG.info('skip: tokens undefine: %s', args.token_name)
return 0
LOG.info('tokens undefine: %s', args.token_name)
ASSERT.isdisjoint(active_pod_ids,
active_tokens.iter_pod_ids(args.token_name))
active_tokens.remove_definition(args.token_name)
return 0
def cmd_remove(
*, image_id=None, name=None, version=None, tag=None, skip_active=False
):
"""Remove an image, or no-op if image does not exist."""
oses.assert_root_privilege()
with locks.acquiring_exclusive(_get_tags_path()), \
locks.acquiring_exclusive(get_trees_path()):
image_dir_path = _find_image_dir_path(image_id, name, version, tag)
if image_dir_path:
ASSERT.true(_maybe_remove_image_dir(image_dir_path) or skip_active)
else:
LOG.debug(
'image does not exist: image_id=%s, nv=%s:%s, tag=%s',
image_id, name, version, tag
)
def cmd_prepare_base_rootfs(image_rootfs_path):
ASSERT.not_predicate(image_rootfs_path, Path.exists)
oses.assert_root_privilege()
scripts.run([
'debootstrap',
'--variant=minbase',
'--components=main',
# Install dbus for convenience.
# Install sudo for changing service user/group.
# Install tzdata for /etc/localtime.
'--include=dbus,sudo,systemd,tzdata',
models.BASE_IMAGE_RELEASE_CODE_NAME,
image_rootfs_path,
'http://us.archive.ubuntu.com/ubuntu/',
])
def cmd_remove(pod_id):
"""Remove a pod, or no-op if pod does not exist."""
oses.assert_root_privilege()
pod_dir_path = _get_pod_dir_path(pod_id)
with locks.acquiring_exclusive(_get_active_path()):
if not pod_dir_path.is_dir():
LOG.debug('pod does not exist: %s', pod_id)
return
ASSERT.less_or_equal(_get_ref_count(pod_dir_path), 1)
pod_dir_lock = locks.acquire_exclusive(pod_dir_path)
try:
with locks.acquiring_exclusive(_get_graveyard_path()):
grave_path = _move_pod_dir_to_graveyard(pod_dir_path)
journals.remove_journal_dir(pod_id)
_remove_pod_dir(grave_path)
finally:
pod_dir_lock.release()
pod_dir_lock.close()
def cmd_define(args):
oses.assert_root_privilege()
if args.range:
definition = tokens.Tokens.Definition(
kind='range',
args=[int(args.range[0]), int(args.range[1])],
)
else:
definition = tokens.Tokens.Definition(
kind='values',
args=ASSERT.not_none(args.value),
)
with tokens.make_tokens_database().writing() as active_tokens:
if active_tokens.has_definition(args.token_name):
active_tokens.update_definition(args.token_name, definition)
else:
active_tokens.add_definition(args.token_name, definition)
return 0
def cmd_install(
*,
image_id=None,
name=None,
version=None,
tag=None,
xar_name,
exec_relpath,
):
oses.assert_root_privilege()
with _locking_top_dirs():
if image_id is None:
image_id = ASSERT.not_none(
images.find_id(name=name, version=version, tag=tag))
_install_xar_dir(
_get_xar_dir_path(xar_name),
image_id,
ASSERT.not_predicate(exec_relpath, Path.is_absolute),
)
def cmd_init(args):
oses.assert_root_privilege()
# Check pod and XAR dependencies.
if not args.bootstrap:
scripts.assert_command_exist('ctr')
scripts.assert_command_exist('systemctl')
scripts.assert_command_exist('tar')
# Check alert dependencies.
scripts.assert_command_exist('journalctl')
scripts.assert_command_exist('tail')
bases.make_dir(bases.get_repo_path(), parents=True)
alerts.init()
envs.init()
pod_ops_dirs.init()
xar_ops_dirs.init()
tokens.init()
return 0
def cmd_prepare(pod_id, config_path):
"""Prepare a pod directory, or no-op if pod exists."""
oses.assert_root_privilege()
# Make sure that it is safe to create a pod with this ID.
ASSERT.not_equal(
models.pod_id_to_machine_id(pod_id),
models.read_host_machine_id(),
)
# Check before really preparing the pod.
if g1.files.lexists(_get_pod_dir_path(pod_id)):
LOG.info('skip duplicated pod: %s', pod_id)
return
config = jsons.load_dataobject(models.PodConfig, config_path)
tmp_path = _create_tmp_pod_dir()
try:
_prepare_pod_dir(tmp_path, pod_id, config)
with locks.acquiring_exclusive(_get_active_path()):
if _maybe_move_pod_dir_to_active(tmp_path, pod_id):
tmp_path = None
else:
LOG.info('skip duplicated pod: %s', pod_id)
finally:
if tmp_path:
_remove_pod_dir(tmp_path)
def cmd_import(image_archive_path, *, tag=None):
"""Import an image archive into the repo.
This is a no-op if the image has been imported (i.e., an image in
the repo has the same ID).
For images having the same name and version, it is an error to have
different IDs.
"""
oses.assert_root_privilege()
ASSERT.predicate(image_archive_path, Path.is_file)
with _using_tmp() as tmp_path:
image_id = _extract_image(image_archive_path, tmp_path)
LOG.info('import image id: %s', image_id)
_setup_image_dir(tmp_path)
# Make sure that for every newly-imported image, its last
# updated time is set to now; or else it could be cleaned up
# right after import.
_touch_image_dir(tmp_path)
with contextlib.ExitStack() as stack:
if tag:
stack.enter_context(
locks.acquiring_exclusive(_get_tags_path())
)
stack.enter_context(locks.acquiring_exclusive(get_trees_path()))
if not _maybe_import_image_dir(tmp_path, image_id):
return
if tag:
image_dir_path = get_image_dir_path(image_id)
try:
_tag_image(tag, image_dir_path)
except:
LOG.error('cannot tag image; revert import')
if not _maybe_remove_image_dir(image_dir_path):
LOG.error('cannot revert import')
raise
def cmd_uninstall(args):
oses.assert_root_privilege()
xar_ops_dirs.make_ops_dirs().uninstall(args.label, args.version)
return 0
def cmd_install(args):
oses.assert_root_privilege()
xar_ops_dirs.make_ops_dirs().install(args.bundle)
return 0
def cmd_start(args):
oses.assert_root_privilege()
return _start(pod_ops_dirs.make_ops_dirs(), args.label, args.version, args)
