path: root/src/Propellor/Property
diff options
authorJoey Hess2014-11-21 20:09:33 -0400
committerJoey Hess2014-11-21 20:09:33 -0400
commit6be49197f6ddf391a21b61e0996ef4bb75cd8b1b (patch)
tree29d442e7b1093275ee1b44fab4138232bdad5dd4 /src/Propellor/Property
parent6c92f1034f980718cef54cab58a1bcfdbc485f5d (diff)
allow configuring systemd-nspawn parameters
Diffstat (limited to 'src/Propellor/Property')
1 files changed, 56 insertions, 8 deletions
diff --git a/src/Propellor/Property/Systemd.hs b/src/Propellor/Property/Systemd.hs
index b50194fa..0b34a3b4 100644
--- a/src/Propellor/Property/Systemd.hs
+++ b/src/Propellor/Property/Systemd.hs
@@ -5,12 +5,15 @@ module Propellor.Property.Systemd (
+ daemonReloaded,
+ containerCfg,
) where
import Propellor
+import Propellor.Types.Chroot
import qualified Propellor.Property.Chroot as Chroot
import qualified Propellor.Property.Apt as Apt
import qualified Propellor.Property.File as File
@@ -18,6 +21,7 @@ import Propellor.Property.Systemd.Core
import Utility.SafeCommand
import Utility.FileMode
+import Data.List
import Data.List.Utils
type ServiceName = String
@@ -63,6 +67,10 @@ persistentJournal = check (not <$> doesDirectoryExist dir) $
dir = "/var/log/journal"
+-- | Causes systemd to reload its configuration files.
+daemonReloaded :: Property
+daemonReloaded = trivial $ cmdProperty "systemctl" ["daemon-reload"]
-- | Defines a container with a given machine name.
-- Properties can be added to configure the Container.
@@ -102,7 +110,7 @@ nspawned c@(Container name (Chroot.Chroot loc system builderconf _) h) =
steps =
[ enterScript c
, chrootprovisioned
- , nspawnService c
+ , nspawnService c (_chrootCfg $ _chrootinfo $ hostInfo h)
-- Chroot provisioning is run in systemd-only mode,
@@ -118,19 +126,46 @@ nspawned c@(Container name (Chroot.Chroot loc system builderconf _) h) =
chroot = Chroot.Chroot loc system builderconf h
-nspawnService :: Container -> RevertableProperty
-nspawnService (Container name _ _) = RevertableProperty setup teardown
+-- | Sets up the service file for the container, and then starts
+-- it running.
+nspawnService :: Container -> ChrootCfg -> RevertableProperty
+nspawnService (Container name _ _) cfg = RevertableProperty setup teardown
service = nspawnServiceName name
servicefile = "/etc/systemd/system/" </> service
- setup = check (not <$> doesFileExist servicefile) $
- started service
- `requires` enabled service
+ servicefilecontent = do
+ ls <- lines <$> readFile "/lib/systemd/system/ssh.service"
+ return $ unlines $
+ "# deployed by propellor" : map addparams ls
+ addparams l
+ | "ExecStart=" `isPrefixOf` l =
+ l ++ " " ++ unwords (nspawnServiceParams cfg)
+ | otherwise = l
+ goodservicefile = (==)
+ <$> servicefilecontent
+ <*> catchDefaultIO "" (readFile servicefile)
+ writeservicefile = property servicefile $ liftIO $ do
+ viaTmp writeFile servicefile =<< servicefilecontent
+ return MadeChange
+ setupservicefile = check (not <$> goodservicefile) $
+ -- if it's running, it has the wrong configuration,
+ -- so stop it
+ stopped service
+ `requires` daemonReloaded
+ `requires` writeservicefile
+ setup = started service `requires` setupservicefile
teardown = check (doesFileExist servicefile) $
- disabled service
- `requires` stopped service
+ disabled service `requires` stopped service
+nspawnServiceParams :: ChrootCfg -> [String]
+nspawnServiceParams ChrootCfg = []
+nspawnServiceParams (SystemdNspawnCfg ps) = ps
-- | Installs a "enter-machinename" script that root can use to run a
-- command inside the container.
@@ -171,3 +206,16 @@ containerDir name = "/var/lib/container" </> mungename name
mungename :: MachineName -> String
mungename = replace "/" "_"
+-- | This configures how systemd-nspawn(1) starts the container,
+-- by specifying a parameter, such as "--private-network", or
+-- "--link-journal=guest"
+-- When there is no leading dash, "--" is prepended to the parameter.
+containerCfg :: String -> Property
+containerCfg p = pureInfoProperty ("container configured with " ++ p') $
+ mempty { _chrootinfo = mempty { _chrootCfg = SystemdNspawnCfg [p'] } }
+ where
+ p' = case p of
+ ('-':_) -> p
+ _ -> "--" ++ p