kento-core 1.6.0.dev1__py3-none-any.whl

kento/defaults.py

@@ -0,0 +1,207 @@
+"""Kento default configuration values."""
+
+from pathlib import Path
+
+# --- LXC defaults ---
+LXC_TTY = 2
+LXC_MOUNT_AUTO = "proc:mixed sys:mixed cgroup:mixed"
+LXC_MOUNT_AUTO_NESTING = "proc:rw sys:rw cgroup:rw"
+LXC_NESTING = False
+
+# --- VM defaults ---
+VM_MEMORY = 512          # MB
+VM_CORES = 1
+VM_KVM = True
+VM_MACHINE = "q35"
+VM_SERIAL = "ttyS0"
+VM_DISPLAY = False       # -nographic
+
+# --- Pass-through denylists (v1.2.0 Phase B) ---
+# Substrings that, if present anywhere in a --qemu-arg value, get rejected.
+# Kept short on purpose: pass-through is an escape hatch, so err on the side
+# of permitting. These specifically name flags kento already emits in vm.py
+# / pve.py generate_qm_args — re-emitting them would either duplicate or
+# conflict with the kento-managed version.
+#   -kernel / -initrd : kento owns these (boot from image-provided kernel;
+#     future --kernel/--initrd will be dedicated flags).
+#   virtiofs / rootfs (inside an arg): kento's virtiofs share — a second
+#     -device or -drive naming either would collide with the mount tag.
+#   memory-backend-memfd / memfd-size : kento generates this and scrub
+#     resyncs its size= to PVE's memory: field.
+#   -chardev / -serial : reserved for v1.4.0 VM interactive (serial socket).
+QEMU_ARG_DENYLIST = (
+    "-kernel",
+    "-initrd",
+    "virtiofs",
+    "rootfs",
+    "memory-backend-memfd",
+    "memfd-size",
+    "-chardev",
+    "-serial",
+)
+
+# Substrings that, if present in a --pve-arg value, get rejected.
+# Target only kento-managed keys that would silently clobber generated
+# config: rootfs path, mp0 mount (reserved for virtiofs-equivalent future
+# work), arch, hostname. Everything else (tags, onboot, unprivileged,
+# features, lxc.* raw keys, etc.) is fair game.
+PVE_ARG_DENYLIST = (
+    "rootfs:",
+    "mp0:",
+    "lxc.rootfs.path",
+    "arch:",
+    "hostname:",
+)
+
+# Substrings that, if present in a --lxc-arg value, get rejected. These are
+# the keys generate_config() (create.py) emits structurally for plain-LXC's
+# native config, plus the two cgroup lines `kento set` manages. Re-emitting
+# any of them via pass-through would either duplicate or clobber the
+# kento-managed line — the very wiring (rootfs, hooks, network, apparmor,
+# mount/tty, resource limits) that makes the instance boot.
+#   lxc.uts.name           : container name (kento owns it).
+#   lxc.rootfs.path        : overlay rootfs dir (kento owns it).
+#   lxc.hook.              : pre-start/post-stop/start-host/version hooks.
+#   lxc.net.               : the veth/none NIC wiring (--network owns it).
+#   lxc.mount.auto         : the proc/sys/cgroup auto-mounts.
+#   lxc.tty.max            : kento default.
+#   lxc.apparmor.          : profile/allow_nesting/allow_incomplete.
+#   lxc.cgroup2.memory.max : kento manages via --memory / `kento set`.
+#   lxc.cgroup2.cpu.max    : kento manages via --cores / `kento set`.
+# Everything else (lxc.mount.entry, lxc.environment, lxc.cgroup2.* other
+# than the two above, lxc.idmap, lxc.cap.*, etc.) is fair game.
+LXC_ARG_DENYLIST = (
+    "lxc.uts.name",
+    "lxc.rootfs.path",
+    "lxc.hook.",
+    "lxc.net.",
+    "lxc.mount.auto",
+    "lxc.tty.max",
+    "lxc.apparmor.",
+    "lxc.cgroup2.memory.max",
+    "lxc.cgroup2.cpu.max",
+)
+
+
+# --- Config file paths ---
+CONFIG_DIR = Path("/etc/kento")
+LXC_CONFIG_FILE = CONFIG_DIR / "lxc.conf"
+VM_CONFIG_FILE = CONFIG_DIR / "vm.conf"
+
+# --- Type parsers ---
+_BOOL_TRUE = {"true", "yes", "1", "on"}
+_BOOL_FALSE = {"false", "no", "0", "off"}
+
+
+def _parse_bool(value: str) -> bool:
+    low = value.strip().lower()
+    if low in _BOOL_TRUE:
+        return True
+    if low in _BOOL_FALSE:
+        return False
+    raise ValueError(f"invalid boolean: {value!r}")
+
+
+def load_config(path: Path) -> dict[str, str]:
+    """Read a key=value config file.
+
+    Skips comments (lines starting with #) and blank lines.
+    Returns empty dict if the file doesn't exist.
+    """
+    if not path.is_file():
+        return {}
+    result: dict[str, str] = {}
+    text = path.read_text()
+    for line in text.splitlines():
+        stripped = line.strip()
+        if not stripped or stripped.startswith("#"):
+            continue
+        if "=" not in stripped:
+            continue
+        key, _, value = stripped.partition("=")
+        result[key.strip()] = value.strip()
+    return result
+
+
+def get_vm_defaults() -> dict[str, object]:
+    """Return VM defaults, overridden by values from VM_CONFIG_FILE."""
+    defaults: dict[str, object] = {
+        "memory": VM_MEMORY,
+        "cores": VM_CORES,
+        "kvm": VM_KVM,
+        "machine": VM_MACHINE,
+        "serial": VM_SERIAL,
+        "display": VM_DISPLAY,
+    }
+    overrides = load_config(VM_CONFIG_FILE)
+    if "memory" in overrides:
+        defaults["memory"] = int(overrides["memory"])
+    if "cores" in overrides:
+        defaults["cores"] = int(overrides["cores"])
+    if "kvm" in overrides:
+        defaults["kvm"] = _parse_bool(overrides["kvm"])
+    if "machine" in overrides:
+        defaults["machine"] = overrides["machine"]
+    if "serial" in overrides:
+        defaults["serial"] = overrides["serial"]
+    if "display" in overrides:
+        defaults["display"] = _parse_bool(overrides["display"])
+    return defaults
+
+
+def get_lxc_defaults() -> dict[str, object]:
+    """Return LXC defaults, overridden by values from LXC_CONFIG_FILE."""
+    defaults: dict[str, object] = {
+        "tty": LXC_TTY,
+        "mount_auto": LXC_MOUNT_AUTO,
+        "mount_auto_nesting": LXC_MOUNT_AUTO_NESTING,
+        "nesting": LXC_NESTING,
+    }
+    overrides = load_config(LXC_CONFIG_FILE)
+    if "tty" in overrides:
+        defaults["tty"] = int(overrides["tty"])
+    if "mount_auto" in overrides:
+        defaults["mount_auto"] = overrides["mount_auto"]
+    if "mount_auto_nesting" in overrides:
+        defaults["mount_auto_nesting"] = overrides["mount_auto_nesting"]
+    if "nesting" in overrides:
+        defaults["nesting"] = _parse_bool(overrides["nesting"])
+    return defaults
+
+
+_LXC_CONF_HEADER = """\
+# Kento LXC defaults
+# Uncomment and edit to override hardcoded defaults.
+# Changes take effect on next container create.
+"""
+
+_VM_CONF_HEADER = """\
+# Kento VM defaults
+# Uncomment and edit to override hardcoded defaults.
+# Changes take effect on next VM create.
+"""
+
+
+def ensure_config_files() -> None:
+    """Create default config files if they don't already exist."""
+    CONFIG_DIR.mkdir(parents=True, exist_ok=True)
+
+    if not LXC_CONFIG_FILE.exists():
+        lines = [_LXC_CONF_HEADER]
+        lines.append(f"# tty = {LXC_TTY}")
+        lines.append(f"# mount_auto = {LXC_MOUNT_AUTO}")
+        lines.append(f"# mount_auto_nesting = {LXC_MOUNT_AUTO_NESTING}")
+        lines.append(f"# nesting = {LXC_NESTING}")
+        lines.append("")
+        LXC_CONFIG_FILE.write_text("\n".join(lines))
+
+    if not VM_CONFIG_FILE.exists():
+        lines = [_VM_CONF_HEADER]
+        lines.append(f"# memory = {VM_MEMORY}")
+        lines.append(f"# cores = {VM_CORES}")
+        lines.append(f"# kvm = {VM_KVM}")
+        lines.append(f"# machine = {VM_MACHINE}")
+        lines.append(f"# serial = {VM_SERIAL}")
+        lines.append(f"# display = {VM_DISPLAY}")
+        lines.append("")
+        VM_CONFIG_FILE.write_text("\n".join(lines))

kento/destroy.py

@@ -0,0 +1,131 @@
+"""Remove a kento-managed instance."""
+
+import logging
+import shutil
+import subprocess
+from pathlib import Path
+
+from kento import is_running, read_mode, require_root, resolve_container
+from kento.errors import StateError
+
+logger = logging.getLogger("kento")
+
+
+def destroy(name: str, force: bool = False, *, container_dir: Path | None = None, mode: str | None = None) -> None:
+    require_root()
+
+    if container_dir is None:
+        container_dir = resolve_container(name)
+    container_id = container_dir.name
+
+    if mode is None:
+        # Detect mode (default lxc for containers created before mode tracking)
+        mode = read_mode(container_dir)
+
+    # Read state dir before we delete anything
+    state_file = container_dir / "kento-state"
+    state_dir = Path(state_file.read_text().strip()) if state_file.is_file() else container_dir
+
+    # Check if running
+    running = is_running(container_dir, mode)
+
+    if running and not force:
+        raise StateError(
+            f"instance {name} is running. "
+            f"Use 'kento lxc destroy -f {name}' or 'kento vm destroy -f {name}' to force removal."
+        )
+
+    if running:
+        logger.info("Stopping...")
+        try:
+            if mode == "vm":
+                from kento.vm import stop_vm
+                stop_vm(container_dir, force=True)
+            elif mode == "pve-vm":
+                vmid = (container_dir / "kento-vmid").read_text().strip()
+                subprocess.run(["qm", "stop", vmid], check=True, capture_output=True)
+            elif mode == "pve":
+                subprocess.run(["pct", "stop", container_id], check=True, capture_output=True)
+            else:
+                subprocess.run(["lxc-stop", "-n", container_id], check=True, capture_output=True)
+        except (subprocess.CalledProcessError, FileNotFoundError) as e:
+            # destroy() only runs the stop-before-remove path when called with -f
+            # (the non-force path errors above). Log and continue to cleanup so
+            # a partially-wedged instance can still be removed.
+            if isinstance(e, subprocess.CalledProcessError):
+                stderr = (e.stderr or b"").decode("utf-8", "replace").strip()
+                logger.warning("stop failed (exit %s); proceeding with cleanup: %s",
+                               e.returncode, stderr)
+            else:
+                logger.warning("stop tool not found (%s); proceeding with cleanup.", e.filename)
+
+    # Unmount rootfs if still mounted. Use the busy-mount-hardened helper:
+    # under -f we want a wedged instance (qm timeout, leaked virtiofsd, etc.)
+    # to still succeed via fuser-kill + lazy umount fallback rather than hang
+    # the destroy. Without -f we keep strict semantics — fail loudly.
+    rootfs = container_dir / "rootfs"
+    if subprocess.run(["mountpoint", "-q", str(rootfs)],
+                      capture_output=True).returncode == 0:
+        from kento.vm import _umount_with_retry
+        if not _umount_with_retry(rootfs, force=force):
+            raise StateError(f"failed to unmount {rootfs}. Is the container still running?")
+
+    # Release OCI image mount
+    from kento.layers import _podman_cmd
+    image = (container_dir / "kento-image").read_text().strip()
+    subprocess.run(
+        [*_podman_cmd(), "image", "unmount", image],
+        capture_output=True,
+    )
+
+    # Read vmid before deletion (needed for pve-vm cleanup)
+    vmid_str = None
+    if mode == "pve-vm":
+        vmid_file = container_dir / "kento-vmid"
+        vmid_str = vmid_file.read_text().strip() if vmid_file.is_file() else None
+
+    # Clean up platform-specific config BEFORE removing container_dir. Mirror
+    # the best-effort stop handler above: under -f a pmxcfs I/O error, a corrupt
+    # kento-vmid (int() ValueError), or any deletion failure must NOT skip the
+    # final rmtree and leave an orphan dir. Warn and continue so cleanup still
+    # reaches the rmtree below.
+    try:
+        if mode == "pve":
+            from kento.pve import delete_pve_config
+            from kento.lxc_hook import delete_lxc_snippets_wrapper
+            delete_pve_config(int(container_id))
+            delete_lxc_snippets_wrapper(int(container_id))
+        elif mode == "pve-vm" and vmid_str:
+            from kento.pve import delete_qm_config
+            from kento.vm_hook import delete_snippets_wrapper
+            try:
+                vmid = int(vmid_str)
+            except ValueError:
+                vmid = None
+                logger.warning("corrupt kento-vmid (%r); skipping qm config "
+                               "cleanup, proceeding with removal.", vmid_str)
+            if vmid is not None:
+                delete_qm_config(vmid)
+                delete_snippets_wrapper(vmid)
+    except Exception as e:
+        if not force:
+            raise
+        logger.warning("platform config cleanup failed (%s); proceeding with removal.", e)
+
+    try:
+        from kento.layers import remove_image_hold
+        name_file = container_dir / "kento-name"
+        hold_name = name_file.read_text().strip() if name_file.is_file() else name
+        remove_image_hold(hold_name)
+    except Exception as e:
+        if not force:
+            raise
+        logger.warning("image-hold removal failed (%s); proceeding with removal.", e)
+
+    # Remove state dir if separate from container_dir
+    if state_dir != container_dir and state_dir.is_dir():
+        shutil.rmtree(state_dir)
+
+    shutil.rmtree(container_dir)
+
+    logger.info("Removed: %s", name)