/
call-service-in-lxc.sh
executable file
·132 lines (109 loc) · 3.56 KB
/
call-service-in-lxc.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
#!/bin/bash
#set -x
FSDIR="/opt/obs/SourceServiceSystem"
MOUNTDIR="/opt/obs/SourceServiceSystem.mounts/"
TEMPDIR="/lxc.tmp.$$"
RETURN="0"
# set -x
INNEROUTDIR="$TEMPDIR/out"
INNERSRCDIR="$TEMPDIR/src"
INNERSCRIPT="$TEMPDIR/inner.sh"
RUNUSER="nobody"
#if ! grep -q "Linux version 2.6.32" /proc/version ; then
# echo "ERROR: lxc seems to work only on linux kernel 2.6.32 atm"
# exit 1
#fi
# prepare unique FS layer
MOUNTDIR="$MOUNTDIR/$$"
mkdir -p "$MOUNTDIR" || exit 1
mount --bind "$FSDIR" "$MOUNTDIR" || exit 1
mkdir -p "$MOUNTDIR/$INNERSRCDIR" || exit 1
chown -R $RUNUSER "$MOUNTDIR/$INNERSRCDIR" .
# copy sources inside lxc root
#cp -a * "$MOUNTDIR/$INNERSRCDIR/" || exit 1
mount --bind "$PWD" "$MOUNTDIR/$INNERSRCDIR/"
echo "#!/bin/bash" > "$MOUNTDIR/$INNERSCRIPT"
echo "cd $INNERSRCDIR" >> "$MOUNTDIR/$INNERSCRIPT"
WITH_NET="0"
COMMAND="$1"
shift
case "$COMMAND" in
*/download_url|*/tar_scm|*/obs_scm|*/download_src_package|*/update_source|*/download_files|*/generator_pom)
WITH_NET="1"
;;
esac
while [ $# -gt 0 ]; do
if [ "$1" == "--outdir" ] ; then
shift
OUTDIR="$1"
else
COMMAND="$COMMAND '${1//\'/_}'"
fi
shift
done
if [ -z "$OUTDIR" ] ; then
echo "ERROR: no outdir given"
exit 1
fi
mkdir -p "$MOUNTDIR$INNEROUTDIR" || exit 1
mount --bind "$OUTDIR" "$MOUNTDIR$INNEROUTDIR" || exit 1
chown -R $RUNUSER "$MOUNTDIR/$INNEROUTDIR"
#if [ "$WITH_NET" == "1" ] ; then
# echo "rcnscd start" >> "$MOUNTDIR/$INNERSCRIPT"
#fi
echo -n "su $RUNUSER -s ${INNERSCRIPT}.command" >> "$MOUNTDIR/$INNERSCRIPT"
echo "#!/bin/bash" > "$MOUNTDIR/${INNERSCRIPT}.command"
#echo "set -x" >> "$MOUNTDIR/${INNERSCRIPT}.command"
#echo "ls -ld /dev /dev/null" >> "$MOUNTDIR/${INNERSCRIPT}.command"
echo "echo Running ${COMMAND[@]} --outdir $INNEROUTDIR" >> "$MOUNTDIR/${INNERSCRIPT}.command"
echo "${COMMAND[@]} --outdir $INNEROUTDIR" >> "$MOUNTDIR/${INNERSCRIPT}.command"
chmod 0755 "$MOUNTDIR/$INNERSCRIPT" "$MOUNTDIR/${INNERSCRIPT}.command"
# construct jail
LXC_CONF="/obs.service.$$"
echo "lxc.utsname = obs.service.$$" > $LXC_CONF
mount -t proc proc $MOUNTDIR/proc
if [ "$WITH_NET" != "1" ] ; then
echo "lxc.network.type = empty" >> $LXC_CONF
echo "lxc.network.flags = up" >> $LXC_CONF
fi
#echo "lxc.pts = 1" >> $LXC_CONF
echo "lxc.tty = 1" >> $LXC_CONF
#echo "lxc.mount = /etc/fstab" >> $LXC_CONF
echo "lxc.rootfs = $MOUNTDIR" >> $LXC_CONF
echo "lxc.autodev = 1" >> $LXC_CONF
echo "lxc.cgroup.devices.allow = c 1:3 rw" >> $LXC_CONF
lxc-info -n obs.service.jail.$$ >& /dev/null && lxc-destroy -n obs.service.jail.$$ >& /dev/null
RETURN="0"
# add -t none for lxc 1.1
lxc-create -n obs.service.jail.$$ -f $LXC_CONF >& /dev/null || RETURN="2"
# run jailed process
if lxc-start -n obs.service.jail.$$ "$INNERSCRIPT"; then
# move out the result
if [ 0`find "$MOUNTDIR/$INNEROUTDIR" -type f | wc -l` -gt 0 ]; then
for i in _service:* ; do
if [ ! -f "$MOUNTDIR/$INNERSRCDIR/$i" ]; then
rm -f "$i"
fi
done
fi
else
RETURN="2"
fi
#ls $FSDIR
# cleanup
umount "$MOUNTDIR/proc"
umount "$MOUNTDIR$INNERSRCDIR"
umount "$MOUNTDIR$INNEROUTDIR"
rmdir --ignore-fail-on-non-empty "$MOUNTDIR/$INNERSRCDIR"
rmdir --ignore-fail-on-non-empty "$MOUNTDIR/$INNEROUTDIR"
rm -f "$MOUNTDIR/$INNERSCRIPT.command" 2> /dev/null
rm -f "$MOUNTDIR/$INNERSCRIPT" 2> /dev/null
rmdir --ignore-fail-on-non-empty "$MOUNTDIR/$TEMPDIR" 2> /dev/null
umount "$MOUNTDIR"
rmdir --ignore-fail-on-non-empty "$MOUNTDIR" 2> /dev/null
#ls $FSDIR
# destroy jail
# lxc-destroy -n obs.service.jail.$$
# lxc-destory removes the entire system now
rm -rf /var/lib/lxc/obs.service.jail.$$
exit $RETURN