Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tidy up lxc.generator a bit #815

Merged
merged 6 commits into from
Feb 12, 2024
Merged

Tidy up lxc.generator a bit #815

Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
1464b41
A comment to describe the 4294967295 constant
stefanor Feb 12, 2024
8e1571d
Use indented heredoc syntax
stefanor Feb 12, 2024
62ef720
Inject a comment into generated files
stefanor Feb 12, 2024
320a22e
Expand grep -a to --text for readability
stefanor Feb 12, 2024
d4937ff
Make lxc.generator shellcheck clean
stefanor Feb 12, 2024
c7e3d8f
Break between systemd unit sections
stefanor Feb 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
78 changes: 43 additions & 35 deletions distrobuilder/lxc.generator
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,11 @@ export LC_ALL=C
## Helper functions
# is_lxc_container succeeds if we're running inside a LXC container
is_lxc_container() {
grep -qa container=lxc /proc/1/environ
grep -q --text container=lxc /proc/1/environ
}

is_lxc_privileged_container() {
# The full positive 32-bit range is available
grep -qw 4294967295$ /proc/self/uid_map
}

Expand Down Expand Up @@ -40,9 +41,10 @@ is_in_path() {
fix_ro_paths() {
mkdir -p "/run/systemd/system/$1.d"
cat <<-EOF > "/run/systemd/system/$1.d/zzz-lxc-ropath.conf"
[Service]
BindReadOnlyPaths=/sys /proc
EOF
# This file was created by distrobuilder
[Service]
BindReadOnlyPaths=/sys /proc
EOF
}

# fix_nm_link_state forces the network interface to a DOWN state ahead of NetworkManager starting up
Expand All @@ -57,19 +59,22 @@ fix_nm_link_state() {
return 0
fi
cat <<-EOF > /run/systemd/system/network-device-down.service
[Unit]
Description=Turn off network device
Before=NetworkManager.service
Before=systemd-networkd.service
[Service]
# do not turn off if there is a default route to 169.254.0.1, i.e. the device is a routed nic
ExecCondition=/bin/sh -c '! /usr/bin/grep -qs 00000000.0100FEA9 /proc/net/route'
ExecStart=-${ip_path} link set $1 down
Type=oneshot
RemainAfterExit=true
[Install]
WantedBy=default.target
EOF
# This file was created by distrobuilder
[Unit]
Description=Turn off network device
Before=NetworkManager.service
Before=systemd-networkd.service

[Service]
stefanor marked this conversation as resolved.
Show resolved Hide resolved
# do not turn off if there is a default route to 169.254.0.1, i.e. the device is a routed nic
ExecCondition=/bin/sh -c '! /usr/bin/grep -qs 00000000.0100FEA9 /proc/net/route'
ExecStart=-${ip_path} link set $1 down
Type=oneshot
RemainAfterExit=true

[Install]
stefanor marked this conversation as resolved.
Show resolved Hide resolved
WantedBy=default.target
EOF
mkdir -p /run/systemd/system/default.target.wants
ln -sf /run/systemd/system/network-device-down.service /run/systemd/system/default.target.wants/network-device-down.service
}
Expand Down Expand Up @@ -125,11 +130,12 @@ fix_systemd_udev_trigger() {

mkdir -p /run/systemd/system/systemd-udev-trigger.service.d
cat <<-EOF > /run/systemd/system/systemd-udev-trigger.service.d/zzz-lxc-override.conf
[Service]
ExecStart=
ExecStart=-${cmd} trigger --type=subsystems --action=add
ExecStart=-${cmd} trigger --type=devices --action=add
EOF
# This file was created by distrobuilder
[Service]
ExecStart=
ExecStart=-${cmd} trigger --type=subsystems --action=add
ExecStart=-${cmd} trigger --type=devices --action=add
EOF
}

# fix_systemd_sysctl overrides the systemd-sysctl.service to use "ExecStart=-" instead of "ExecStart=".
Expand All @@ -138,10 +144,11 @@ fix_systemd_sysctl() {
! [ -e "${cmd}" ] && cmd=/lib/systemd/systemd-sysctl
mkdir -p /run/systemd/system/systemd-sysctl.service.d
cat <<-EOF > /run/systemd/system/systemd-sysctl.service.d/zzz-lxc-override.conf
[Service]
ExecStart=
ExecStart=-${cmd}
EOF
# This file was created by distrobuilder
[Service]
ExecStart=
ExecStart=-${cmd}
EOF
}

## Main logic
Expand All @@ -167,6 +174,7 @@ done
# Determine distro name and release
ID=""
if [ -e /etc/os-release ]; then
# shellcheck disable=SC1091
. /etc/os-release
fi

Expand Down Expand Up @@ -211,15 +219,15 @@ fi
if [ -d /etc/udev ]; then
mkdir -p /run/udev/rules.d
cat <<-EOF > /run/udev/rules.d/90-lxc-net.rules
# This file was created by distrobuilder.
#
# Its purpose is to convince NetworkManager to treat the eth0 veth
# interface like a regular Ethernet. NetworkManager ordinarily doesn't
# like to manage the veth interfaces, because they are typically configured
# by container management tooling for specialized purposes.

ACTION=="add|change|move", ENV{ID_NET_DRIVER}=="veth", ENV{INTERFACE}=="eth[0-9]*", ENV{NM_UNMANAGED}="0"
EOF
# This file was created by distrobuilder.
#
# Its purpose is to convince NetworkManager to treat the eth0 veth
# interface like a regular Ethernet. NetworkManager ordinarily doesn't
# like to manage the veth interfaces, because they are typically configured
# by container management tooling for specialized purposes.

ACTION=="add|change|move", ENV{ID_NET_DRIVER}=="veth", ENV{INTERFACE}=="eth[0-9]*", ENV{NM_UNMANAGED}="0"
EOF
fi

# Workarounds for NetworkManager in containers
Expand Down
Loading