mirror of
https://dev.iopsys.eu/feed/iopsys.git
synced 2026-01-28 01:47:19 +01:00
swmodd: Support to define additional eu capabilities
This commit is contained in:
Vivek Kumar Dutta
parent
bbe507c740
commit
1d64b9e958
3 changed files with 69 additions and 14 deletions
|
|
@ -5,7 +5,7 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=swmodd
|
||||
PKG_VERSION:=2.5.5
|
||||
PKG_VERSION:=2.5.6
|
||||
|
||||
LOCAL_DEV:=0
|
||||
ifneq ($(LOCAL_DEV),1)
|
||||
|
|
|
|||
16
swmodd/files/etc/init.d/crun
Normal file → Executable file
16
swmodd/files/etc/init.d/crun
Normal file → Executable file
|
|
@ -56,8 +56,8 @@ configure_lxc_container() {
|
|||
}
|
||||
|
||||
configure_crun_container() {
|
||||
local name type autostart du_status requested_state url username password
|
||||
local BRIDGE BUNDLE BOOT
|
||||
local name type autostart du_status requested_state url username password capability
|
||||
local BRIDGE BUNDLE BOOT PERM
|
||||
local RUNNER="/etc/swmodd/run.sh"
|
||||
|
||||
BUNDLE="${2}"
|
||||
|
|
@ -73,6 +73,10 @@ configure_crun_container() {
|
|||
config_get url "${1}" url ""
|
||||
config_get username "${1}" username ""
|
||||
config_get password "${1}" password ""
|
||||
config_get capability "${1}" capability ""
|
||||
if [ -n "${capability}" ]; then
|
||||
PERM="-p ${capability// /,}"
|
||||
fi
|
||||
|
||||
if [ -z "${name}" ] || [ -z "${type}" ] || [ -z "${du_status}" ]; then
|
||||
return 0;
|
||||
|
|
@ -148,7 +152,7 @@ configure_crun_container() {
|
|||
|
||||
if [ "${BOOT}" -eq "1" ]; then
|
||||
if [ "${autostart}" -eq 1 ]; then
|
||||
${RUNNER} -U -b "${BUNDLE}" -n "${name}"
|
||||
${RUNNER} -U -b "${BUNDLE}" -n "${name}" ${PERM}
|
||||
result=$(cat ${BUNDLE}/${name}/config.json |jq ".annotations.org_opencontainers_image_description")
|
||||
if [ "${result}" != "null" ]; then
|
||||
uci_set ocicontainer "${1}" description "${result}"
|
||||
|
|
@ -178,10 +182,10 @@ configure_crun_container() {
|
|||
fi
|
||||
elif [ "${requested_state}" = "Active" ]; then
|
||||
if is_container_running "${name}"; then
|
||||
${RUNNER} -u -n "${name}" -i "${BRIDGE}"
|
||||
${RUNNER} -u -n "${name}" -i "${BRIDGE}" ${PERM}
|
||||
crun resume "${name}"
|
||||
else
|
||||
${RUNNER} -U -b "${BUNDLE}" -n "${name}"
|
||||
${RUNNER} -U -b "${BUNDLE}" -n "${name}" ${PERM}
|
||||
result=$(cat ${BUNDLE}/${name}/config.json |jq ".annotations.org_opencontainers_image_description")
|
||||
if [ "${result}" != "null" ]; then
|
||||
uci_set ocicontainer "${1}" description "${result}"
|
||||
|
|
@ -207,7 +211,7 @@ configure_crun_container() {
|
|||
procd_set_param stderr 1
|
||||
procd_set_param command "${RUNNER}"
|
||||
procd_append_param command -b "${BUNDLE}" -n "${name}" -i "${BRIDGE}"
|
||||
procd_set_param respawn
|
||||
#procd_set_param respawn
|
||||
procd_close_instance "${name}"
|
||||
}
|
||||
|
||||
|
|
|
|||
65
swmodd/files/etc/swmodd/run.sh
Normal file → Executable file
65
swmodd/files/etc/swmodd/run.sh
Normal file → Executable file
|
|
@ -123,12 +123,58 @@ update_config_json() {
|
|||
fi
|
||||
cd "${BUNDLE}/${NAME}"
|
||||
if cat config.json |jq '.linux.namespaces[] |select (.type == "network") |.path' |grep -q ${NAME}; then
|
||||
exit 0;
|
||||
# If netns already configured and no additional permission bit assigned, exit from here
|
||||
if [ -z "${PERM}" ]; then
|
||||
exit 0;
|
||||
fi
|
||||
fi
|
||||
|
||||
mv config.json config_orig.json
|
||||
json_init
|
||||
json_load_file "config_orig.json"
|
||||
|
||||
# update hostname to container name
|
||||
if [ -n "${NAME}" ]; then
|
||||
json_add_string hostname "${NAME}"
|
||||
fi
|
||||
|
||||
# Update cabalities
|
||||
log "## PERM [$PERM], Name [${NAME}] ##"
|
||||
if [ -n "${PERM}" ]; then
|
||||
log "Updating Permission in the json ..."
|
||||
PERM="${PERM//,/ }"
|
||||
json_select process
|
||||
json_select capabilities
|
||||
json_select bounding
|
||||
for p in ${PERM}; do
|
||||
json_add_string "" ${p}
|
||||
done
|
||||
json_select ..
|
||||
json_select effective
|
||||
for p in ${PERM}; do
|
||||
json_add_string "" ${p}
|
||||
done
|
||||
json_select ..
|
||||
json_select inheritable
|
||||
for p in ${PERM}; do
|
||||
json_add_string "" ${p}
|
||||
done
|
||||
json_select ..
|
||||
json_select permitted
|
||||
for p in ${PERM}; do
|
||||
json_add_string "" ${p}
|
||||
done
|
||||
json_select ..
|
||||
json_select ambient
|
||||
for p in ${PERM}; do
|
||||
json_add_string "" ${p}
|
||||
done
|
||||
json_select ..
|
||||
json_select ..
|
||||
json_select ..
|
||||
fi
|
||||
|
||||
# update additional capabilities
|
||||
json_select linux
|
||||
json_for_each_item update_network_ns namespaces
|
||||
json_dump >config.json
|
||||
|
|
@ -212,16 +258,21 @@ pull_image_from_registry() {
|
|||
clean=0
|
||||
net_update=0
|
||||
update_json=0
|
||||
while getopts b:n:i:r:l:t:cuU options
|
||||
PERM=""
|
||||
|
||||
log "## Runner [$@] ##"
|
||||
|
||||
while getopts b:n:i:r:l:t:p:cuU options
|
||||
do
|
||||
case "${options}" in
|
||||
b) BUNDLE=${OPTARG};;
|
||||
n) NAME=${OPTARG};;
|
||||
c) clean=1;;
|
||||
i) BRIDGE=${OPTARG};;
|
||||
n) NAME=${OPTARG};;
|
||||
p) PERM="${OPTARG}";;
|
||||
r) REGURL=${OPTARG};;
|
||||
l) LOGIN=${OPTARG};;
|
||||
t) TIMEOUT=${OPTARG};;
|
||||
c) clean=1;;
|
||||
u) net_update=1;;
|
||||
U) update_json=1;;
|
||||
*) log "Invalid options";;
|
||||
|
|
@ -233,7 +284,7 @@ if [ -z "${NAME}" ]; then
|
|||
return 0;
|
||||
fi
|
||||
|
||||
if [ "${update_json}" -eq 1 ]; then
|
||||
if [ "${update_json}" -eq "1" ]; then
|
||||
update_config_json
|
||||
return 0;
|
||||
fi
|
||||
|
|
@ -243,7 +294,7 @@ if [ -n "${REGURL}" ]; then
|
|||
return 0;
|
||||
fi
|
||||
|
||||
if [ "$clean" -eq 1 ]; then
|
||||
if [ "$clean" -eq "1" ]; then
|
||||
clean_container_network "${NAME}"
|
||||
return 0;
|
||||
fi
|
||||
|
|
@ -253,7 +304,7 @@ if [ -z "${BRIDGE}" ]; then
|
|||
return 0;
|
||||
fi
|
||||
|
||||
if [ "${net_update}" -eq 1 ]; then
|
||||
if [ "${net_update}" -eq "1" ]; then
|
||||
get_veth_name "${NAME}"
|
||||
brctl addif "${BRIDGE}" "${VETHNAME}"
|
||||
return 0;
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue