Commit 199dba2f authored by Natanael Copa's avatar Natanael Copa

testing/util-vserver: mist fixes

* set default nproc limit in post install/upgrade script. This
  prevents guests to forkbomb the host to death.

* support for creating multiple guests in one shot
parent a3b84047
......@@ -2,11 +2,11 @@
pkgname=util-vserver
pkgver=0.30.216_pre2849
_realver=0.30.216-pre2849
pkgrel=3
pkgrel=4
pkgdesc="Linux-VServer admin utilities"
url="http://www.nongnu.org/util-vserver/"
license="GPL"
# needs coreutils for touch -t
install="$pkgname.post-install $pkgname.post-upgrade"
makedepends="iptables-dev e2fsprogs-dev beecrypt-dev autoconf automake
pkgconfig libtool"
depends="bash make"
......@@ -22,9 +22,11 @@ source="http://people.linux-vserver.org/~dhozac/t/uv-testing/util-vserver-$_real
"
subpackages="$pkgname-doc $pkgname-dev"
_builddir="$srcdir"/$pkgname-$_realver
build() {
local i
cd "$srcdir"/$pkgname-$_realver
cd "$_builddir"
for i in ../*.patch; do
[ -r "$i" ] || continue
msg "Applying $i"
......@@ -46,6 +48,10 @@ build() {
# use busybox ionice rather than util-linux-ng
sed -i -e 's:/usr/bin/ionice:/bin/ionice:' Makefile
make || return 1
}
package() {
cd "$_builddir"
make DESTDIR="$pkgdir/" install install-distribution
install -Dm755 ../setup-vs-template "$pkgdir"/usr/sbin/setup-vs-template
install -Dm755 ../setup-vs-guest "$pkgdir"/usr/sbin/setup-vs-guest
......@@ -58,4 +64,4 @@ ff8f561f672524eb46fe633f584ef60e ensc_pathprog.patch
da8b70c4fd40e68894b3903ffd121397 validate.patch
04000261fd990a3963b0e98260b481bd alpine.patch
49bca7969cc284adf68e0ef284c0660e setup-vs-template
b7a30afd4ba87968cb58137d59d8e8f8 setup-vs-guest"
838511f74983453ef9827ed875b70d59 setup-vs-guest"
......@@ -161,98 +161,146 @@ valid_ip() {
ipcalc -s $1
}
if [ "$(whoami)" != "root" ]; then
echo "Need to be root. Sorry."
exit 1
fi
# ask for hostname
#
# $1 = default
#
# retrusn hostname in global var $resp
#
ask_hostname() {
while true; do
ask "Hostname for new vserver:" $1
if [ -d /etc/vservers/$resp ]; then
echo "/etc/vservers/$resp already exist"
continue
fi
if [ -d /vservers/$resp ]; then
echo "/vservers/$resp already exist"
continue
fi
valid_hostname $resp && break
done
}
ifaces=$(ip addr | awk -F: '$1 ~ /^[0-9]/ {printf "%s" $2} END {printf "\n"}')
last_iface=$(echo $ifaces | sed 's/.* //')
ask_ifaceopts() {
# get ip address(es)
resp=
local ifaceopts= _def= _iface=
local ifaces=$(ip addr | awk -F: '$1 ~ /^[0-9]/ {printf "%s" $2} END {printf "\n"}')
local last_iface=$(echo $ifaces | sed 's/.* //')
while [ "$resp" != "done" ]; do
if [ -z "$ifaces" ] || [ "$ifaces" = "lo " ] || [ -n "$ifaceopts" ]; then
_def="done"
else
_def=$(echo $ifaces | sed 's/.* //')
fi
ask_which "network interface" "to use for $_hostname" \
"$ifaces" $_def
[ "$resp" = "done" ] && break
while true; do
ask "Hostname for new vserver:"
if [ -d /etc/vservers/$resp ]; then
echo "/etc/vservers/$resp already exist"
continue
fi
if [ -d /vservers/$resp ]; then
echo "/vservers/$resp already exist"
continue
fi
valid_hostname $resp && break
done
_hostname=$resp
# get ip address(es)
resp=
ifaceopts=
while [ "$resp" != "done" ]; do
if [ -z "$ifaces" ] || [ "$ifaces" = "lo " ]; then
_def="done"
else
_def=$(echo $ifaces | sed 's/.* //')
fi
ask_which "network interface" "to use for $_hostname" "$ifaces" $_def
[ "$resp" = "done" ] && break
_iface=$resp
ifaces=$(rmel $_iface $ifaces)
# suggested ip by last digit + 1
_last_ip_mask=$(last_ipv4_addr_mask $_iface)
_last_ip=${_last_ip_mask%/*}
_last_ip_digit=${_last_ip##*.}
_ip=${_last_ip%.*}.$((($_last_ip_digit + 1) % 256))
_mask=${_last_ip_mask#*/}
_iface=$resp
ifaces=$(rmel $_iface $ifaces)
# suggested ip by last digit + 1
_last_ip_mask=$(last_ipv4_addr_mask $_iface)
_last_ip=${_last_ip_mask%/*}
_last_ip_digit=${_last_ip##*.}
_ip=${_last_ip%.*}.$((($_last_ip_digit + 1) % 256))
_mask=${_last_ip_mask#*/}
while true; do
ask "Enter IP address/mask for $_iface:" $_ip/$_mask
valid_ip $resp && break
echo "$resp is not a valid IPv4 address/mask"
done
_ip_mask=$resp
ifaceopts="$ifaceopts --interface $_iface:$_ip_mask"
# suggest context from last digit in first ip address
if [ -z "$_context" ]; then
_ip=${_ip_mask%/*}
_last_digit=${_ip##*.}
_context=$((10000 + $_last_digit))
fi
done
resp="$ifacesopts"
}
ask_context() {
# get context id
while true; do
ask "Enter IP address/mask for $_iface:" $_ip/$_mask
valid_ip $resp && break
echo "$resp is not a valid IPv4 address/mask"
ask "Enter context id for $_hostname:" $_context
if echo "$resp" | egrep -q "[0-9]+"; then
[ $resp -ge 0 ] && [ $resp -lt 65535 ] && break
fi
echo "Context id must be a 0-65534 number"
done
_ip_mask=$resp
ifaceopts="$ifaceopts --interface $_iface:$_ip_mask"
# suggest context from last digit in first ip address
if [ -z "$_context" ]; then
_ip=${_ip_mask%/*}
_last_digit=${_ip##*.}
_context=$((10000 + $_last_digit))
fi
done
}
# get context id
while true; do
ask "Enter context id for $_hostname:" $_context
if echo "$resp" | egrep -q "[0-9]+"; then
[ $resp -ge 0 ] && [ $resp -lt 65535 ] && break
ask_template() {
local temp
# get template
while true; do
ask "Enter template file (or empty for generate a new):" \
$_template
if [ -z "$resp" ] || [ -r "$resp" ]; then
break
fi
echo "Can not read $resp"
done
temp=$resp
if [ -z "$temp" ]; then
temp=/vservers/template.tar.gz
echo -n "Generating template..."
if setup-vs-template -q -o $temp; then
echo "ok"
else
echo "Failed to create template"
exit 1
fi
fi
echo "Context id must be a 0-65534 number"
done
_context=$resp
resp=$temp
}
# get template
while true; do
ask "Enter template file (or empty for generate a new):"
if [ -z "$resp" ] || [ -r "$resp" ]; then
break
fi
echo "Can not read $resp"
usage() {
echo "Usage: ${0##*/} [-h] [HOSTNAME...]"
exit 1
}
while getopts "h" opt; do
case "$opt" in
h) usage;;
?) usage;;
esac
done
_template=$resp
if [ -z "$_template" ]; then
_template=/vservers/template.tar.gz
echo -n "Generating template..."
if setup-vs-template -q -o $_template; then
echo "ok"
else
echo "Failed to create template"
exit 1
fi
shift $(($OPTIND - 1))
if [ "$(whoami)" != "root" ]; then
echo "Need to be root. Sorry."
exit 1
fi
vserver $_hostname build \
--hostname $_hostname \
$ifaceopts \
--context $_context \
-m template -- -t "$_template" -d alpine
while true; do
ask_hostname $1
_hostname=$resp
ask_ifaceopts
_ifaceopts=$resp
ask_context
_context=$resp
ask_template
_template=$resp
vserver $_hostname build \
--hostname $_hostname \
$_ifaceopts \
--context $_context \
-m template -- -t "$_template" -d alpine \
&& cp /etc/resolv.conf /vservers/$_hostname/etc/ \
&& cp /etc/apk/repositories /vservers/$_hostname/etc/apk/ \
|| exit 1
shift
[ $# -le 0 ] && exit 0
done
#!/bin/sh
if [ -f /etc/vservers/.defaults/rlimits/nproc ]; then
exit 0
fi
# calculate the nproc limit from amount of ram
memtotal=$(awk '$1 == "MemTotal:" {print $2}' /proc/meminfo 2>/dev/null
nproc=$(( ${memtotal:-524288} / 256 ))
# set a "sane" default nproc limit
echo "Setting default nproc limit to $nproc"
mkdir -p /etc/vservers/.defaults/rlimits
echo $nproc > /etc/vservers/.defaults/rlimits/nproc
util-vserver.post-install
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment