haconiwa 0.0.1.pre → 0.0.1.pre2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 0e0bf510cbf025ea63a38a250e57fa7b857c936a
-  data.tar.gz: 037ea036c4c88bb4e68e54bc7c7f1c4da34cc8ac
+  metadata.gz: 5118b20649292936469ac7f8c20186aba2b43609
+  data.tar.gz: ce1583a83126f75f922bc83d40098df36afb6340
 SHA512:
-  metadata.gz: 9bcbf2fdeeebc9263365f3f0321e5fa285832cfe37ff8f4d81404c5e75d06e3115fac31059d89f1564f715accddb43ecd66bbb5976ebad25f5ffb91b42f6a56f
-  data.tar.gz: ebb6c08bbc85a91edda488a60c994ee62c61307d5c5de3060f65f7450c05f0a75b993474b9f38033b810a919416128fdaa61129138d8da5e5460812b48a641e0
+  metadata.gz: 423cff4515ed3116b3ca8f317cc8d7cfaf392c77a6725948041edb35b92b4e24fd32da208d1b73b885178e971eeeb24f01da871ddeabc541ffc5377fb83ea8c6
+  data.tar.gz: 3ce74b9dde1970f2a8b87fe27f4f0d988f83620c968010e98e1b6dffced9d2436e91b3397fadf8f602c6cf9b8ec4fe591d98ad32c91cb799bf300a352ad2f788

data/Gemfile

@@ -1,4 +1,3 @@
 source 'https://rubygems.org'
 
-# Specify your gem's dependencies in hakoniwa.gemspec
 gemspec

data/Vagrantfile

@@ -44,11 +44,11 @@ Vagrant.configure(2) do |config|
 
         yum -y install lxc lxc-templates lxc-doc lxc-libs rsync debootstrap
 
-        mkdir /var/hakoniwa
-        mkdir /var/hakoniwa/root
-        mkdir /var/hakoniwa/rootfs
-        mkdir /var/hakoniwa/bundle
-        mkdir /var/hakoniwa/user_homes
+        mkdir /var/haconiwa
+        mkdir /var/haconiwa/root
+        mkdir /var/haconiwa/rootfs
+        mkdir /var/haconiwa/bundle
+        mkdir /var/haconiwa/user_homes
     EOS
     fi
   SHELL

data/bin/console

@@ -1,7 +1,7 @@
 #!/usr/bin/env ruby
 
 require "bundler/setup"
-require "hakoniwa"
+require "haconiwa"
 
 # You can add fixtures and/or initialization code here to make experimenting
 # with your gem easier. You can also use a different console, if you like.

data/examples/chroot.rb

@@ -7,11 +7,15 @@ haconiwa = Haconiwa::Base.define do |config|
   config.add_mount_point "/var/haconiwa/rootfs", to: root, readonly: true
   config.add_mount_point "/lib64", to: root.join("lib64"), readonly: true
   config.add_mount_point "/usr/bin", to: root.join("usr/bin"), readonly: true
-  config.add_mount_point "/var/haconiwa/user_homes/haconiwa-test001/home/haconiwa", to: root.join("home/haconiwa")
-  config.add_mount_point "proc", to: root.join("proc"), fs: "proc"
+  config.add_mount_point "tmpfs", to: root.join("tmp"), fs: "tmpfs"
+  config.add_mount_point "/var/haconiwa/user_homes/hakoniwa-test001/home/hakoniwa", to: root.join("home/hakoniwa")
+  config.mount_independent_procfs
   config.chroot_to root
 
-  # config.namespace.unshare "mount"
+  config.namespace.unshare "mount"
+  config.namespace.unshare "ipc"
+  config.namespace.unshare "uts"
+  config.namespace.unshare "pid"
 end
 
 haconiwa.start("/bin/bash")

data/examples/cpu.rb

@@ -0,0 +1,24 @@
+require 'haconiwa'
+require 'pathname'
+haconiwa = Haconiwa::Base.define do |config|
+  config.name = "cpu-quota001" # to be hostname
+
+  root = Pathname.new("/var/haconiwa/root")
+  config.add_mount_point "/var/haconiwa/rootfs", to: root, readonly: true
+  config.add_mount_point "/lib64", to: root.join("lib64"), readonly: true
+  config.add_mount_point "/usr/bin", to: root.join("usr/bin"), readonly: true
+  config.add_mount_point "/usr/local/rbenv", to: root.join("usr/local/rbenv")
+  config.add_mount_point "tmpfs", to: root.join("tmp"), fs: "tmpfs"
+  config.mount_independent_procfs
+  config.chroot_to root
+
+  config.namespace.unshare "mount"
+  config.namespace.unshare "ipc"
+  config.namespace.unshare "uts"
+  config.namespace.unshare "pid"
+
+  config.cgroup["cpu.cfs_period_us"] = 100000
+  config.cgroup["cpu.cfs_quota_us"]  =  30000
+end
+
+haconiwa.start("/bin/bash")

data/lib/haconiwa/base.rb

@@ -22,6 +22,7 @@ module Haconiwa
       @cgroup = CGroup.new
       @namespace = Namespace.new
       @capabilities = Capabilities.new
+      @name = "haconiwa-#{Time.now.to_i}"
     end
 
     # aliases
@@ -30,9 +31,15 @@ module Haconiwa
     end
 
     def add_mount_point(point, options)
+      self.namespace.unshare "mount"
       self.filesystem.mount_points << MountPoint.new(point, options)
     end
 
+    def mount_independent_procfs
+      self.namespace.unshare "mount"
+      self.filesystem.mount_independent_procfs = true
+    end
+
     def start(init_command='/sbin/init')
       Runners::Linux.run(self, init_command)
     end

data/lib/haconiwa/cgroup.rb

@@ -1,3 +1,5 @@
+require 'haconiwa/small_cgroup'
+
 module Haconiwa
   class CGroup
     def initialize
@@ -12,5 +14,16 @@ module Haconiwa
     def []=(key, value)
       @groups[key] = value
     end
+
+    def to_dirs
+      groups.keys.map{|k| k.split('.').first }.uniq
+    end
+
+    def register_all!(to: nil)
+      cg = SmallCgroup.new(name: to)
+      groups.each do |k, v|
+        cg.register k, v
+      end
+    end
   end
 end

data/lib/haconiwa/filesystem.rb

@@ -2,15 +2,19 @@ module Haconiwa
   class Filesystem
     def initialize
       @mount_points = []
+      @mount_independent_procfs = false
     end
-    attr_accessor :chroot, :mount_points
+    attr_accessor :chroot, :mount_points,
+                  :mount_independent_procfs
 
     def mount_all!
       Dir.chdir "/"
-      system "mount --make-private /"
+      unless mount_points.empty?
+        system "mount --make-private /"
 
-      mount_points.each do |mount|
-        mount.apply!
+        mount_points.each do |mount|
+          mount.apply!
+        end
       end
     end
   end

data/lib/haconiwa/namespace.rb

@@ -1,16 +1,66 @@
 module Haconiwa
   class Namespace
+    UNSHARE = 272
+
+    # from linux/sched.h
+
+    CLONE_FS        = 0x00000200
+    CLONE_FILES     = 0x00000400
+    CLONE_NEWNS     = 0x00020000
+    CLONE_SYSVSEM   = 0x00040000
+    CLONE_NEWCGROUP = 0x02000000
+    CLONE_NEWUTS    = 0x04000000
+    CLONE_NEWIPC    = 0x08000000
+    CLONE_NEWUSER   = 0x10000000
+    CLONE_NEWPID    = 0x20000000
+    CLONE_NEWNET    = 0x40000000
+
+    NS_MAPPINGS = {
+      "cgroup" => CLONE_NEWCGROUP,
+      "ipc"    => CLONE_NEWIPC,
+      "net"    => CLONE_NEWNET,
+      "mount"  => CLONE_NEWNS,
+      "pid"    => CLONE_NEWPID,
+      "user"   => CLONE_NEWUSER,
+      "uts"    => CLONE_NEWUTS,
+    }
+
     def initialize
       @use_ns = []
       @netns_name = nil
     end
 
-    def unshare(ns_type)
-      @use_ns << ns_type
+    def unshare(ns)
+      flag = case ns
+             when String, Symbol
+               NS_MAPPINGS[ns.to_s]
+             when Integer
+               ns
+             end
+      if flag == CLONE_NEWPID
+        @use_pid_ns = true
+      else
+        @use_ns << flag
+      end
     end
+    attr_reader :use_pid_ns
 
     def use_netns(name)
       @netns_name = name
     end
+
+    def apply!
+      flag = to_ns_flag
+      STDERR.puts "unshare(2) flag: 0x%s" % flag.to_s(16)
+      Kernel.syscall(UNSHARE, flag)
+    end
+
+    private
+
+    def to_ns_flag
+      @use_ns.inject(0x00000000) { |dst, flag|
+        dst |= flag
+      }
+    end
   end
 end

data/lib/haconiwa/runners/linux.rb

@@ -1,29 +1,47 @@
+require 'tempfile'
+require 'fileutils'
+require 'bundler'
+
 module Haconiwa::Runners
   # see http://d.hatena.ne.jp/hiboma/20120518/1337337393
 
   class Linux
-    UNSHARE = 272
-    CLONE_NEWNS = 0x00020000
-
     def self.run(base, init_command)
-      fork {
-        unshare(CLONE_NEWNS)
-        system "readlink /proc/$$/ns/mnt"
+      container = fork {
+        base.namespace.apply!
+        base.cgroup.register_all!(to: base.name)
 
         base.filesystem.mount_all!
 
         Dir.chroot base.filesystem.chroot
         Dir.chdir "/"
-        exec init_command
+
+        wrapper = Tempfile.open("haconiwa-wrapper-#{$$}-#{Time.now.to_i}.sh")
+
+        wrapper.puts "#!/bin/bash"
+        wrapper.puts "/bin/bash -c \""
+        if base.filesystem.mount_independent_procfs
+          wrapper.puts "mount -t proc proc /proc;"
+        end
+        wrapper.puts "exec $1;"
+        wrapper.puts "\""
+        wrapper.close
+        FileUtils.chmod 0700, wrapper.path
+
+        if base.namespace.use_pid_ns
+          Bundler.with_clean_env {
+            exec "unshare", "--pid", "--", wrapper.path, init_command
+          }
+        else
+          Bundler.with_clean_env { exec wrapper.path, init_command }
+        end
       }
 
-      puts "New container: is OK?"
-      system "readlink /proc/$$/ns/mnt"
-      loop {} # to be in front
-    end
+      Haconiwa::SmallCgroup.register_at_exit(pid: container, name: base.name, dirs: base.cgroup.to_dirs)
+      puts "New container: PID = #{container}"
 
-    def self.unshare(flag)
-      Kernel.syscall(UNSHARE, flag)
+      Process.waitpid container
+      puts "Successfully exit container."
     end
   end
 end

data/lib/haconiwa/small_cgroup.rb

@@ -0,0 +1,65 @@
+require 'pathname'
+require 'fileutils'
+
+module Haconiwa
+  class SmallCgroup
+    class << self
+      attr_accessor :fs_root
+
+      def register_at_exit(pid: nil, name: nil, dirs: nil)
+        at_exit do
+          dirs.each do |dir|
+            begin
+              cleanup = fs_root.join(dir, name)
+              FileUtils.rmdir(cleanup)
+            rescue
+              STDERR.puts "Failed to remove: #{cleanup}"
+            end
+          end
+        end
+      end
+    end
+    self.fs_root = Pathname.new("/sys/fs/cgroup")
+
+    def initialize(name: "haconiwa-#{$$}", pid: $$)
+      @name = name
+      @pid  = pid
+      @active_dirs = []
+    end
+    attr_reader :name, :pid
+
+    def activate(dir)
+      dirroot = root_of(dir)
+      FileUtils.mkdir_p dirroot
+      append_write dirroot.join("tasks"), self.pid
+      @active_dirs << dir
+    end
+
+    def activated?(dir)
+      @active_dirs.include? dir
+    end
+
+    def register(key, value)
+      dir = key.split('.').first
+      unless activated?(dir)
+        activate(dir)
+      end
+
+      overwrite root_of(dir).join(key), value
+    end
+
+    private
+
+    def root_of(dir)
+      SmallCgroup.fs_root.join(dir, self.name)
+    end
+
+    def append_write(file, value)
+      File.open(file, 'a') {|f| f.puts value }
+    end
+
+    def overwrite(file, value)
+      File.open(file, 'w') {|f| f.puts value }
+    end
+  end
+end

data/lib/haconiwa/version.rb

@@ -1,3 +1,3 @@
 module Haconiwa
-  VERSION = "0.0.1.pre"
+  VERSION = "0.0.1.pre2"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: haconiwa
 version: !ruby/object:Gem::Version
-  version: 0.0.1.pre
+  version: 0.0.1.pre2
 platform: ruby
 authors:
 - Uchio KONDO
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2016-05-24 00:00:00.000000000 Z
+date: 2016-05-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
@@ -127,6 +127,7 @@ files:
 - bin/console
 - bin/setup
 - examples/chroot.rb
+- examples/cpu.rb
 - haconiwa.gemspec
 - lib/haconiwa.rb
 - lib/haconiwa/base.rb
@@ -137,6 +138,7 @@ files:
 - lib/haconiwa/namespace.rb
 - lib/haconiwa/runners.rb
 - lib/haconiwa/runners/linux.rb
+- lib/haconiwa/small_cgroup.rb
 - lib/haconiwa/version.rb
 homepage: https://github.com/udzura/haconiwa
 licenses: