Allow user-defined host containers

This adds a host-containers service that asks the API for the defined
host-containers and tells systemd to start/stop them to match their 'enabled'
setting.  The settings are written to an EnvironmentFile that's read by the new
host-container@ service, a systemd templated service used for all host
containers by way of a suffix like "host-container@admin".

The existing container-specific thar-be-settings templated systemd unit files
were removed in favor of this more general approach.  Existing metadata for
these was also removed, replaced with a single metadata entry that invokes the
new tool.

The existing host-containers package, which just contains the Go host-ctr
source, was renamed to host-ctr.

Author: tjkirch

Makefile.toml

@@ -34,7 +34,7 @@ for ws in workspaces packages images ; do
 done
 chmod o+r -R ${CARGO_HOME}
 
-cd ${BUILDSYS_SOURCES_DIR}/host-containers/cmd/host-ctr
+cd ${BUILDSYS_SOURCES_DIR}/host-ctr/cmd/host-ctr
 docker run --rm \
   -e GOPRIVATE='*' \
   -e GOCACHE='/tmp/.cache' \

packages/Cargo.lock

@@ -22,7 +22,7 @@ members = [
     "golang",
     "growpart",
     "grub",
-    "host-containers",
+    "host-ctr",
     "iproute",
     "iptables",
     "iputils",

packages/Cargo.toml

@@ -22,6 +22,8 @@ Source7: settings-applier.service
 Source8: data-store-version
 Source9: migrator.service
 Source10: api-sysusers.conf
+Source11: [email protected]
+Source12: host-containers-tmpfiles.conf
 BuildRequires: gcc-%{_cross_target}
 BuildRequires: %{_cross_os}glibc-devel
 BuildRequires: %{_cross_os}systemd-devel
@@ -83,6 +85,12 @@ Requires: %{_cross_os}apiserver = %{version}-%{release}
 %description -n %{_cross_os}servicedog
 %{summary}.
 
+%package -n %{_cross_os}host-containers
+Summary: Manages system- and user-defined host containers
+Requires: %{_cross_os}apiserver = %{version}-%{release}
+%description -n %{_cross_os}host-containers
+%{summary}.
+
 %package -n %{_cross_os}storewolf
 Summary: Data store creator
 Requires: %{_cross_os}apiserver = %{version}-%{release}
@@ -109,7 +117,8 @@ Summary: Commits settings from user data, defaults, and generators at boot
 for p in \
   apiclient \
   moondog netdog sundog pluto bork \
-  thar-be-settings servicedog storewolf settings-committer \
+  thar-be-settings servicedog host-containers \
+  storewolf settings-committer \
   migration/migrator ;
 do
   %cargo_build --path %{workspace_dir}/${p}
@@ -128,15 +137,16 @@ install -d %{buildroot}%{_cross_bindir}
 for p in \
   apiclient apiserver \
   moondog netdog sundog pluto bork \
-  thar-be-settings servicedog storewolf settings-committer \
+  thar-be-settings servicedog host-containers \
+  storewolf settings-committer \
   migrator ;
 do
   install -p -m 0755 bin/${p} %{buildroot}%{_cross_bindir}
 done
 
 install -d %{buildroot}%{_cross_unitdir}
 install -p -m 0644 \
-  %{S:1} %{S:2} %{S:3} %{S:4} %{S:5} %{S:7} %{S:9} \
+  %{S:1} %{S:2} %{S:3} %{S:4} %{S:5} %{S:7} %{S:9} %{S:11} \
   %{buildroot}%{_cross_unitdir}
 
 install -d %{buildroot}%{_cross_datadir}/thar
@@ -150,6 +160,7 @@ done
 
 install -d %{buildroot}%{_cross_tmpfilesdir}
 install -p -m 0644 %{S:6} %{buildroot}%{_cross_tmpfilesdir}/migration.conf
+install -p -m 0644 %{S:12} %{buildroot}%{_cross_tmpfilesdir}/host-containers.conf
 
 install -d %{buildroot}%{_cross_sysusersdir}
 install -p -m 0644 %{S:10} %{buildroot}%{_cross_sysusersdir}/api.conf
@@ -188,6 +199,11 @@ install -p -m 0644 %{S:10} %{buildroot}%{_cross_sysusersdir}/api.conf
 %files -n %{_cross_os}servicedog
 %{_cross_bindir}/servicedog
 
+%files -n %{_cross_os}host-containers
+%{_cross_bindir}/host-containers
+%{_cross_unitdir}/[email protected]
+%{_cross_tmpfilesdir}/host-containers.conf
+
 %files -n %{_cross_os}storewolf
 %{_cross_bindir}/storewolf
 %{_cross_unitdir}/storewolf.service

packages/api/api.spec

@@ -0,0 +1 @@
+d /etc/host-containers 0755 root root -

packages/api/host-containers-tmpfiles.conf

@@ -0,0 +1,16 @@
+[Unit]
+Description=Host container: %i
+After=host-containerd.service
+Requires=host-containerd.service
+
+[Service]
+Type=simple
+EnvironmentFile=/etc/host-containers/%i.env
+ExecStart=/usr/bin/host-ctr -ctr-id='%i' -source='${CTR_SOURCE}' -superpowered='${CTR_SUPERPOWERED}'
+Restart=always
+RestartSec=10
+TimeoutStopSec=60
+KillMode=mixed
+
+[Install]
+WantedBy=multi-user.target

packages/api/[email protected]

@@ -1,12 +1,12 @@
 [package]
-name = "host-containers"
+name = "host-ctr"
 version = "0.1.0"
 edition = "2018"
 publish = false
 build = "build.rs"
 
 [package.metadata.build-package]
-source-groups = [ "host-containers" ]
+source-groups = [ "host-ctr" ]
 
 [lib]
 path = "pkg.rs"

packages/host-containers/Cargo.toml renamed to packages/host-ctr/Cargo.toml

@@ -1,10 +1,10 @@
-%global workspace_name host-containers
+%global workspace_name host-ctr
 %global systemd_systemdir %{_cross_libdir}/systemd/system
 
 Name: %{_cross_os}%{workspace_name}
 Version: 0.0
 Release: 0%{?dist}
-Summary: Thar host container management
+Summary: Thar host container runner
 License: FIXME
 BuildRequires: gcc-%{_cross_target}
 BuildRequires: %{_cross_os}glibc-devel

packages/host-containers/build.rs renamed to packages/host-ctr/build.rs

@@ -16,8 +16,6 @@ Source99: release-tmpfiles.conf
 
 # FIXME What should own system-level file templates?
 Source200: hostname.template
-Source201: host-containers-systemd-unit-admin.template
-Source202: host-containers-systemd-unit-control.template
 
 Source1000: eth0.xml
 Source1002: configured.target
@@ -55,7 +53,7 @@ Requires: %{_cross_os}signpost
 Requires: %{_cross_os}sundog
 Requires: %{_cross_os}pluto
 Requires: %{_cross_os}storewolf
-Requires: %{_cross_os}servicedog
+Requires: %{_cross_os}host-containers
 Requires: %{_cross_os}settings-committer
 Requires: %{_cross_os}systemd
 Requires: %{_cross_os}thar-be-settings
@@ -64,7 +62,7 @@ Requires: %{_cross_os}updog
 Requires: %{_cross_os}util-linux
 Requires: %{_cross_os}preinit
 Requires: %{_cross_os}wicked
-Requires: %{_cross_os}host-containers
+Requires: %{_cross_os}host-ctr
 
 %description
 %{summary}.
@@ -107,8 +105,6 @@ install -p -m 0644 %{S:1002} %{S:1003} %{S:1006} %{S:1007} %{S:1008} %{S:1009} %
 
 install -d %{buildroot}%{_cross_templatedir}
 install -p -m 0644 %{S:200} %{buildroot}%{_cross_templatedir}/hostname
-install -p -m 0644 %{S:201} %{buildroot}%{_cross_templatedir}/host-containers-systemd-unit-admin
-install -p -m 0644 %{S:202} %{buildroot}%{_cross_templatedir}/host-containers-systemd-unit-control
 
 %files
 %if %{with shell}
@@ -130,7 +126,5 @@ install -p -m 0644 %{S:202} %{buildroot}%{_cross_templatedir}/host-containers-sy
 %{_cross_unitdir}/var-lib-thar.mount
 %dir %{_cross_templatedir}
 %{_cross_templatedir}/hostname
-%{_cross_templatedir}/host-containers-systemd-unit-admin
-%{_cross_templatedir}/host-containers-systemd-unit-control
 
 %changelog

packages/host-containers/host-containers.spec renamed to packages/host-ctr/host-ctr.spec

@@ -9,6 +9,7 @@ members = [
     "api/sundog",
     "api/pluto",
     "api/servicedog",
+    "api/host-containers",
     "api/storewolf",
     "api/thar-be-settings",
     "api/settings-committer",

packages/host-containers/pkg.rs renamed to packages/host-ctr/pkg.rs

@@ -7,7 +7,7 @@ use serde::{Deserialize, Serialize};
 use std::collections::HashMap;
 use std::net::Ipv4Addr;
 
-use crate::modeled_types::ValidBase64;
+use crate::modeled_types::{SingleLineString, ValidBase64};
 
 ///// Primary user-visible settings
 
@@ -32,7 +32,7 @@ pub struct Settings {
     pub updates: Option<UpdatesSettings>,
 
     #[serde(skip_serializing_if = "Option::is_none")]
-    pub host_containers: Option<HashMap<String, ContainerImage>>,
+    pub host_containers: Option<HashMap<SingleLineString, ContainerImage>>,
 
     #[serde(skip_serializing_if = "Option::is_none")]
     pub ntp: Option<NtpSettings>,
@@ -86,7 +86,7 @@ pub struct UpdatesSettings {
 #[serde(deny_unknown_fields, rename_all = "kebab-case")]
 pub struct ContainerImage {
     #[serde(skip_serializing_if = "Option::is_none")]
-    pub source: Option<String>,
+    pub source: Option<SingleLineString>,
 
     #[serde(skip_serializing_if = "Option::is_none")]
     pub enabled: Option<bool>,