[libvirt] [sandbox PATCH] allow to use a templated unit in virt-sandbox

Daniel P. Berrange berrange at redhat.com
Fri May 3 15:10:41 UTC 2013 

On Fri, May 03, 2013 at 04:32:45PM +0200, Michael Scherer wrote:
> This permit to create a templated unit inside the sandbox,
> using the sandbox name as a variable and so running the same
> unit with a different configuration without too much hassle.
> 
> For example, someone could have several different configuration of
> website in /etc/nginx/websites.d/ and have each of them started in
> a different sandbox, with a sample templated unit using the sandbox
> name as a option to read the proper configuration file directly.
> ---
>  bin/virt-sandbox-service | 20 +++++++++++++++++---
>  1 file changed, 17 insertions(+), 3 deletions(-)
> 
> diff --git a/bin/virt-sandbox-service b/bin/virt-sandbox-service
> index 2096be1..0d89b54 100755
> --- a/bin/virt-sandbox-service
> +++ b/bin/virt-sandbox-service
> @@ -345,6 +345,10 @@ class GenericContainer(Container):
>      def set_command(self, command):
>          self.config.set_command(command)
>  
> +
> +def is_template_unit(unit):
> +    return '@' in unit
> +
>  class SystemdContainer(Container):
>      IGNORE_DIRS        = [ "/var/run/", "/etc/logrotate.d/", "/etc/pam.d" ]
>      DEFAULT_DIRS       = [ "/etc", "/var" ]
> @@ -624,14 +628,22 @@ WantedBy=%(TARGET)s
>                  source = "%s%s" % ( self.dest, d)
>                  self.add_bind_mount(source, d)
>  
> +    def get_expanded_unit_template(self, unit):
> +        return unit.replace('@', '@' + self.name)
> +
>      def create_container_unit(self, src, dest, unit):
> -            fd = open(dest + "/" + unit, "w")
> -            fd.write(""".include %s
> +            if is_template_unit(unit):
> +                expanded_unit_name = self.get_expanded_unit_template(unit)
> +                os.symlink(src, dest + "/" + expanded_unit_name)
> +                shutil.copy(src, dest + "/" + unit)
> +            else:
> +                fd = open(dest + "/" + unit, "w")
> +                fd.write(""".include %s
>  [Service]
>  PrivateTmp=false
>  PrivateNetwork=false
>  """ % src )
> -            fd.close()
> +                fd.close()

So originally we would create /etc/systemd/system/$NAME.service inside
the container containing:

  .include /lib/systemd/system/$NAME.service
  [Service]
  PrivateTmp=false
  PrivateNetwork=false

with your change, we're symlinking

 /etc/systemd/system/$NAME.service

to

 /lib/systemd/system/$UNITNAME at .service


which means we loose the disablement of PrivateTmp and PrivateNetwork.
Required because we're already in private namespaces & don't want to
be creating more.

I think you need to create /etc/systemd/system/$UNITNAME at .service
containing

  .include /lib/systemd/system/$UNITNAME at .service
  [Service]
  PrivateTmp=false
  PrivateNetwork=false

and then also

 /etc/systemd/system/$NAME.service

symlinking to the overrideden $UNITNAME at .service instead of
the original

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

More information about the libvir-list mailing list