From b373ffb761a16b26ce38ea90049216fc94d43479 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 21 Nov 2014 20:32:32 -0400 Subject: allow disabling nspawn params, and default to bind mounting /etc/resolv.conf --- src/Propellor/Property/Systemd.hs | 20 ++++++++++++++++---- src/Propellor/Types/Chroot.hs | 2 +- 2 files changed, 17 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/Propellor/Property/Systemd.hs b/src/Propellor/Property/Systemd.hs index 6cb40e84..554e6b20 100644 --- a/src/Propellor/Property/Systemd.hs +++ b/src/Propellor/Property/Systemd.hs @@ -23,6 +23,7 @@ import Utility.FileMode import Data.List import Data.List.Utils +import qualified Data.Map as M type ServiceName = String @@ -81,6 +82,7 @@ daemonReloaded = trivial $ cmdProperty "systemctl" ["daemon-reload"] container :: MachineName -> (FilePath -> Chroot.Chroot) -> Container container name mkchroot = Container name c h & os system + & resolvConfed where c@(Chroot.Chroot _ system _ _) = mkchroot (containerDir name) h = Host name [] mempty @@ -165,7 +167,8 @@ nspawnService (Container name _ _) cfg = RevertableProperty setup teardown nspawnServiceParams :: ChrootCfg -> [String] nspawnServiceParams ChrootCfg = [] -nspawnServiceParams (SystemdNspawnCfg ps) = ps +nspawnServiceParams (SystemdNspawnCfg ps) = + M.keys $ M.filter id $ M.fromList ps -- | Installs a "enter-machinename" script that root can use to run a -- command inside the container. @@ -212,10 +215,19 @@ mungename = replace "/" "_" -- "--link-journal=guest" -- -- When there is no leading dash, "--" is prepended to the parameter. -containerCfg :: String -> Property -containerCfg p = pureInfoProperty ("container configured with " ++ p') $ - mempty { _chrootinfo = mempty { _chrootCfg = SystemdNspawnCfg [p'] } } +-- +-- Reverting the property will remove a parameter, if it's present. +containerCfg :: String -> RevertableProperty +containerCfg p = RevertableProperty (mk True) (mk False) where + mk b = pureInfoProperty ("container configured " ++ if b then "with " else "without " ++ p') $ + mempty { _chrootinfo = mempty { _chrootCfg = SystemdNspawnCfg [(p', b)] } } p' = case p of ('-':_) -> p _ -> "--" ++ p + +-- | Bind mounts /etc/resolv.conf from the host into the container. +-- +-- This property is enabled by default. Revert it to disable it. +resolvConfed :: RevertableProperty +resolvConfed = containerCfg "bind=/etc/resolv.conf" diff --git a/src/Propellor/Types/Chroot.hs b/src/Propellor/Types/Chroot.hs index b10e9817..7e7c3630 100644 --- a/src/Propellor/Types/Chroot.hs +++ b/src/Propellor/Types/Chroot.hs @@ -18,7 +18,7 @@ instance Monoid (ChrootInfo host) where data ChrootCfg = ChrootCfg - | SystemdNspawnCfg [String] + | SystemdNspawnCfg [(String, Bool)] deriving (Show) instance Monoid ChrootCfg where -- cgit v1.2.3