Systemd container pre-setup properties

When creating a systemd container, what would be the best way to execute properties before propellor is run inside the container proper?

I'm trying to setup packages for networking in a systemd container, but I first need the network to get the packages. Ideally, we should be able to run a few properties on the chroot that are used when creating a systemd container (and therefore use the host network). So far, I've solved this by adding the properties in the Systemd.Core.installed property. Not nice, but works if all your systemd containers are the same. I've tried creating a chroot myself, tar it and pass that to Systemd.container, but things got a little complicated. It also requires additional properties on the host that have to be moved if the container moved to another host.

RSS

comment 1

Currently, Chroot.provisioned' is passed a systemdonly :: Bool, which limits the chroot provisioning to the Systemd.installed property.

What you want to do needs a more flexible interface there. Add a Maybe ChildProperty parameter to specify what should be done to finish provisioning the chroot.

Then, change the Systemd.Container data type:

-data Container = Container MachineName Chroot.Chroot Host
+data Container metatypes = Container
+   { containerMachinName :: MachineName
+   , containerChroot :: Chroot.Chroot
+   , containerHost :: Host
+   , containerChrootProvision :: Property metatypes
+   }

And Systemd.nspawned will pass (Just (toChildProperty (containerChrootProvision c))) to Chroot.provisioned'

Systemd.Container constructor functions will default to setting containerChrootProvision = Systemd.Core.installed, but the user can then change the Container to add more properties to run in the chroot when provisioning it.

(There's also a tricky bit where Systemd.nspawned needs to extract any info from containerChrootProvision and add it onto its own info to propigate it. If you do the rest of it, I will handle this tricky bit..)

Comment by joey — Fri Jun 17 01:49:24 2016

Remove comment

comment 2

I’ve made the changes you’ve suggested, but I think I’ve run into that tricky bit that you were mentioning. I think I’ve figured out how chroots work in propellor, but I’m not seeing how you were thinking of referencing these extra properties. I know that chroots fork off a new propellor instance inside the chroot which get properties via a folder/hostname lookup in the configuration, but these include the systemd container properties as well. Were you thinking of isolating the container properties and move chroot properties to hostProperties or just the opposite?

Here is what I’ve done so far minus much of the mess I made in Chroot.hs.

I should mention that one unintended consequence of my code is that systemd containers now only accept DebianLike properties. This is fine for me and an implicit condition in the code, but isn’t strictly correct. I don’t know haskell or the codebase well enough to fix this. I suppose anyone who tried to use container images which weren't debian like already encountered this issue and made changes to the code base manually.

Comment by andrew — Mon Sep 19 04:29:14 2016

Remove comment

Add a comment