summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoey Hess2014-11-21 20:32:32 -0400
committerJoey Hess2014-11-21 20:32:32 -0400
commitb373ffb761a16b26ce38ea90049216fc94d43479 (patch)
tree76226e761d3a5e45b21bb8f1d3d0c5e58e233b4f
parent9170a14711bed088b4dfc09fe72bfaff53f50b88 (diff)
allow disabling nspawn params, and default to bind mounting /etc/resolv.conf
-rw-r--r--src/Propellor/Property/Systemd.hs20
-rw-r--r--src/Propellor/Types/Chroot.hs2
2 files changed, 17 insertions, 5 deletions
diff --git a/src/Propellor/Property/Systemd.hs b/src/Propellor/Property/Systemd.hs
index 6cb40e84..554e6b20 100644
--- a/src/Propellor/Property/Systemd.hs
+++ b/src/Propellor/Property/Systemd.hs
@@ -23,6 +23,7 @@ import Utility.FileMode
import Data.List
import Data.List.Utils
+import qualified Data.Map as M
type ServiceName = String
@@ -81,6 +82,7 @@ daemonReloaded = trivial $ cmdProperty "systemctl" ["daemon-reload"]
container :: MachineName -> (FilePath -> Chroot.Chroot) -> Container
container name mkchroot = Container name c h
& os system
+ & resolvConfed
where
c@(Chroot.Chroot _ system _ _) = mkchroot (containerDir name)
h = Host name [] mempty
@@ -165,7 +167,8 @@ nspawnService (Container name _ _) cfg = RevertableProperty setup teardown
nspawnServiceParams :: ChrootCfg -> [String]
nspawnServiceParams ChrootCfg = []
-nspawnServiceParams (SystemdNspawnCfg ps) = ps
+nspawnServiceParams (SystemdNspawnCfg ps) =
+ M.keys $ M.filter id $ M.fromList ps
-- | Installs a "enter-machinename" script that root can use to run a
-- command inside the container.
@@ -212,10 +215,19 @@ mungename = replace "/" "_"
-- "--link-journal=guest"
--
-- When there is no leading dash, "--" is prepended to the parameter.
-containerCfg :: String -> Property
-containerCfg p = pureInfoProperty ("container configured with " ++ p') $
- mempty { _chrootinfo = mempty { _chrootCfg = SystemdNspawnCfg [p'] } }
+--
+-- Reverting the property will remove a parameter, if it's present.
+containerCfg :: String -> RevertableProperty
+containerCfg p = RevertableProperty (mk True) (mk False)
where
+ mk b = pureInfoProperty ("container configured " ++ if b then "with " else "without " ++ p') $
+ mempty { _chrootinfo = mempty { _chrootCfg = SystemdNspawnCfg [(p', b)] } }
p' = case p of
('-':_) -> p
_ -> "--" ++ p
+
+-- | Bind mounts /etc/resolv.conf from the host into the container.
+--
+-- This property is enabled by default. Revert it to disable it.
+resolvConfed :: RevertableProperty
+resolvConfed = containerCfg "bind=/etc/resolv.conf"
diff --git a/src/Propellor/Types/Chroot.hs b/src/Propellor/Types/Chroot.hs
index b10e9817..7e7c3630 100644
--- a/src/Propellor/Types/Chroot.hs
+++ b/src/Propellor/Types/Chroot.hs
@@ -18,7 +18,7 @@ instance Monoid (ChrootInfo host) where
data ChrootCfg
= ChrootCfg
- | SystemdNspawnCfg [String]
+ | SystemdNspawnCfg [(String, Bool)]
deriving (Show)
instance Monoid ChrootCfg where