haconiwa 0.0.1.pre

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 Uchio KONDO
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,70 @@
+# Haconiwa
+
+[![Build Status](https://travis-ci.org/udzura/haconiwa.svg?branch=master)](https://travis-ci.org/udzura/haconiwa)
+
+Ruby on Container / helper tools with DSL for your handmade linux containers
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'haconiwa'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install haconiwa
+
+## Usage
+
+```ruby
+require "haconiwa"
+
+haconiwa = Haconiwa::Base.define do |config|
+  config.name = "new-haconiwa001" # to be hostname
+
+  config.cgroup["cpu.shares"] = 2048
+  config.cgroup["memory.limit_in_bytes"] = "256M"
+  config.cgroup["pid.max"] = 1024
+
+  config.chroot_to "/var/your_rootfs"
+  config.add_mount_point "/var/another/root/etc", to: "/etc", readonly: true
+  config.add_mount_point "/var/another/root/home", to: "/home"
+  config.add_mount_point "proc", to: "/proc", fs: "proc"
+
+  config.namespace.unshare "ipc"
+  config.namespace.unshare "mount"
+  config.namespace.unshare "pid"
+  config.namespace.use_netns "foobar"
+
+  config.capabilities.allow :all
+  config.capabilities.drop "CAP_SYS_TIME"
+end
+
+haconiwa.start
+
+## or to attach running container
+
+Haconiwa.attach haconiwa.name
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/udzura/haconiwa. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
+
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
+

data/Rakefile

@@ -0,0 +1,13 @@
+require "bundler/gem_tasks"
+require "rake/testtask"
+
+desc "Run #{File.basename(File.dirname(__FILE__))}'s test suite"
+Rake::TestTask.new do |t|
+  # To run test for only one file (or file path pattern)
+  #  $ bundle exec rake test TEST=test/test_specified_path.rb
+  t.libs.concat ["test"]
+  t.test_files = Dir["test/**/test_*.rb"]
+  t.verbose = true
+  t.ruby_opts = ["-r config"]
+end
+task :default => :test

data/Vagrantfile

@@ -0,0 +1,55 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+Vagrant.configure(2) do |config|
+  config.vm.box = "puppetlabs/centos-7.0-64-puppet"
+
+  config.vm.network "forwarded_port", guest: 80, host: 38080
+  config.vm.network "private_network", ip: "192.168.98.10"
+  # config.vm.synced_folder "../data", "/vagrant_data"
+
+  config.vm.provider "virtualbox" do |vbox|
+    # Display the VirtualBox GUI when booting the machine
+    vbox.gui = true
+
+    # Customize the amount of memory on the VM:
+    vbox.memory = "2048"
+    vbox.cpus   = 4
+
+    vbox.customize ["modifyvm", :id, "--natdnsproxy1", "off"]
+    vbox.customize ["modifyvm", :id, "--natdnshostresolver1", "off"]
+    vbox.customize ["modifyvm", :id, "--nic2", "intnet"]
+    vbox.customize ["modifyvm", :id, "--intnet2", "internal_network"]
+  end
+
+  config.vm.provision "shell", inline: (<<-SHELL).gsub(/^ +/m, "")
+    set -x
+    if ! test -f /usr/local/rbenv/version; then
+      sudo bash -l << EOS
+        yum -y install epel-release
+        yum -y update
+        yum -y install libcgroup libcgroup-devel libcap-ng libcap-ng-devel
+        yum -y install gcc-c++ git glibc-headers libffi-devel libxml2 libxml2-devel \
+          libxslt libxslt-devel libyaml-devel make openssl-devel \
+          readline readline-devel sqlite-devel zlib zlib-devel
+        git clone https://github.com/rbenv/rbenv.git /usr/local/rbenv
+        ( cd /usr/local/rbenv && sudo src/configure && sudo make -C src )
+        echo 'export PATH="/usr/local/rbenv/bin:$PATH"' | tee -a /etc/profile.d/rbenv.sh
+        echo 'eval "$(rbenv init -)"' | tee -a /etc/profile.d/rbenv.sh
+        git clone https://github.com/rbenv/ruby-build.git /usr/local/rbenv/plugins/ruby-build
+        . /etc/profile.d/rbenv.sh
+        rbenv install 2.2.5
+        rbenv global 2.2.5
+        rbenv rehash
+
+        yum -y install lxc lxc-templates lxc-doc lxc-libs rsync debootstrap
+
+        mkdir /var/hakoniwa
+        mkdir /var/hakoniwa/root
+        mkdir /var/hakoniwa/rootfs
+        mkdir /var/hakoniwa/bundle
+        mkdir /var/hakoniwa/user_homes
+    EOS
+    fi
+  SHELL
+end

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "hakoniwa"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/examples/chroot.rb

@@ -0,0 +1,17 @@
+require 'haconiwa'
+require 'pathname'
+haconiwa = Haconiwa::Base.define do |config|
+  config.name = "chroot001" # to be hostname
+
+  root = Pathname.new("/var/haconiwa/root")
+  config.add_mount_point "/var/haconiwa/rootfs", to: root, readonly: true
+  config.add_mount_point "/lib64", to: root.join("lib64"), readonly: true
+  config.add_mount_point "/usr/bin", to: root.join("usr/bin"), readonly: true
+  config.add_mount_point "/var/haconiwa/user_homes/haconiwa-test001/home/haconiwa", to: root.join("home/haconiwa")
+  config.add_mount_point "proc", to: root.join("proc"), fs: "proc"
+  config.chroot_to root
+
+  # config.namespace.unshare "mount"
+end
+
+haconiwa.start("/bin/bash")

data/haconiwa.gemspec

@@ -0,0 +1,30 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'haconiwa/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "haconiwa"
+  spec.version       = Haconiwa::VERSION
+  spec.authors       = ["Uchio KONDO"]
+  spec.email         = ["udzura@udzura.jp"]
+
+  spec.summary       = %q{Ruby on Container / helper tools with DSL for your handmade linux containers}
+  spec.description   = %q{Ruby on Container / helper tools with DSL for your handmade linux containers.}
+  spec.homepage      = "https://github.com/udzura/haconiwa"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "ffi"
+
+  spec.add_development_dependency "bundler", "~> 1.11"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "test-unit", ">= 3"
+  spec.add_development_dependency "test-unit-rr"
+  spec.add_development_dependency "power_assert"
+  spec.add_development_dependency "pry"
+end

data/lib/haconiwa.rb

@@ -0,0 +1,6 @@
+require "haconiwa/version"
+
+module Haconiwa
+end
+
+require "haconiwa/base"

data/lib/haconiwa/base.rb

@@ -0,0 +1,41 @@
+require "haconiwa/filesystem"
+require "haconiwa/mount_point"
+require "haconiwa/cgroup"
+require "haconiwa/namespace"
+require "haconiwa/capabilities"
+require "haconiwa/runners"
+
+module Haconiwa
+  class Base
+    attr_accessor :name,
+                  :filesystem,
+                  :cgroup,
+                  :namespace,
+                  :capabilities
+
+    def self.define(&b)
+      new.tap(&b)
+    end
+
+    def initialize
+      @filesystem = Filesystem.new
+      @cgroup = CGroup.new
+      @namespace = Namespace.new
+      @capabilities = Capabilities.new
+    end
+
+    # aliases
+    def chroot_to(dest)
+      self.filesystem.chroot = dest
+    end
+
+    def add_mount_point(point, options)
+      self.filesystem.mount_points << MountPoint.new(point, options)
+    end
+
+    def start(init_command='/sbin/init')
+      Runners::Linux.run(self, init_command)
+    end
+    alias run start
+  end
+end

data/lib/haconiwa/capabilities.rb

@@ -0,0 +1,18 @@
+module Haconiwa
+  class Capabilities
+    def initialize
+      @blacklist = []
+      @whitelist = []
+    end
+
+    def allow(*keys)
+      if keys.first == :all
+        @whitelist.clear
+      end
+    end
+
+    def drop(*keys)
+      @blacklist.concat(keys)
+    end
+  end
+end

data/lib/haconiwa/cgroup.rb

@@ -0,0 +1,16 @@
+module Haconiwa
+  class CGroup
+    def initialize
+      @groups = {}
+    end
+    attr_reader :groups
+
+    def [](key)
+      @groups[key]
+    end
+
+    def []=(key, value)
+      @groups[key] = value
+    end
+  end
+end

data/lib/haconiwa/filesystem.rb

@@ -0,0 +1,17 @@
+module Haconiwa
+  class Filesystem
+    def initialize
+      @mount_points = []
+    end
+    attr_accessor :chroot, :mount_points
+
+    def mount_all!
+      Dir.chdir "/"
+      system "mount --make-private /"
+
+      mount_points.each do |mount|
+        mount.apply!
+      end
+    end
+  end
+end

data/lib/haconiwa/mount_point.rb

@@ -0,0 +1,28 @@
+module Haconiwa
+  class MountPoint
+    def initialize(point, options)
+      @src = point
+      @dest = options.delete(:to)
+      @readonly = options.delete(:readonly)
+      @fs = options.delete(:fs)
+      @options = options
+    end
+
+    def to_command
+      if @fs
+        "mount -t #{@fs} #{@src} #{@dest}"
+      else
+        "mount --bind #{@src} #{@dest}"
+      end
+    end
+
+    def apply!
+      STDERR.puts to_command
+      system to_command
+      if @readonly
+        STDERR.puts "mount --bind -o remount,ro #{@dest}"
+        system "mount --bind -o remount,ro #{@dest}"
+      end
+    end
+  end
+end

data/lib/haconiwa/namespace.rb

@@ -0,0 +1,16 @@
+module Haconiwa
+  class Namespace
+    def initialize
+      @use_ns = []
+      @netns_name = nil
+    end
+
+    def unshare(ns_type)
+      @use_ns << ns_type
+    end
+
+    def use_netns(name)
+      @netns_name = name
+    end
+  end
+end

data/lib/haconiwa/runners.rb

@@ -0,0 +1,6 @@
+module Haconiwa
+  module Runners
+  end
+end
+
+require 'haconiwa/runners/linux'

data/lib/haconiwa/runners/linux.rb

@@ -0,0 +1,29 @@
+module Haconiwa::Runners
+  # see http://d.hatena.ne.jp/hiboma/20120518/1337337393
+
+  class Linux
+    UNSHARE = 272
+    CLONE_NEWNS = 0x00020000
+
+    def self.run(base, init_command)
+      fork {
+        unshare(CLONE_NEWNS)
+        system "readlink /proc/$$/ns/mnt"
+
+        base.filesystem.mount_all!
+
+        Dir.chroot base.filesystem.chroot
+        Dir.chdir "/"
+        exec init_command
+      }
+
+      puts "New container: is OK?"
+      system "readlink /proc/$$/ns/mnt"
+      loop {} # to be in front
+    end
+
+    def self.unshare(flag)
+      Kernel.syscall(UNSHARE, flag)
+    end
+  end
+end

data/lib/haconiwa/version.rb

@@ -0,0 +1,3 @@
+module Haconiwa
+  VERSION = "0.0.1.pre"
+end

metadata

@@ -0,0 +1,165 @@
+--- !ruby/object:Gem::Specification
+name: haconiwa
+version: !ruby/object:Gem::Version
+  version: 0.0.1.pre
+platform: ruby
+authors:
+- Uchio KONDO
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2016-05-24 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: ffi
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.11'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.11'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: test-unit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3'
+- !ruby/object:Gem::Dependency
+  name: test-unit-rr
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: power_assert
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Ruby on Container / helper tools with DSL for your handmade linux containers.
+email:
+- udzura@udzura.jp
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".travis.yml"
+- CODE_OF_CONDUCT.md
+- Gemfile
+- LICENSE
+- LICENSE.txt
+- README.md
+- Rakefile
+- Vagrantfile
+- bin/console
+- bin/setup
+- examples/chroot.rb
+- haconiwa.gemspec
+- lib/haconiwa.rb
+- lib/haconiwa/base.rb
+- lib/haconiwa/capabilities.rb
+- lib/haconiwa/cgroup.rb
+- lib/haconiwa/filesystem.rb
+- lib/haconiwa/mount_point.rb
+- lib/haconiwa/namespace.rb
+- lib/haconiwa/runners.rb
+- lib/haconiwa/runners/linux.rb
+- lib/haconiwa/version.rb
+homepage: https://github.com/udzura/haconiwa
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">"
+    - !ruby/object:Gem::Version
+      version: 1.3.1
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5.1
+signing_key: 
+specification_version: 4
+summary: Ruby on Container / helper tools with DSL for your handmade linux containers
+test_files: []