Untitled

#!/bin/sh
# Description: Manage namespaces.
# Depends on: sh, util-linux, iproute2, procps
# Optional: iptables -t -A POSTROUTING -j MASQUERADE && echo 1 > /proc/sys/net/ipv4/ip_forward

NS=$(dirname $0)
NSROOT=$NS/root/$2
RUN=$NS/run/$2

test -f "$NS/rc.conf" && . $NS/rc.conf

start() {
    check $2

    eval "addr=\"\$$2_addr\""
    eval "onstart=\"\$$2_onstart\""

    if test -n "$addr"; then
        ip link add br0 type bridge 2> /dev/null
        ip link set br0 up 2> /dev/null
        ip addr add 10.0.0.1/24 dev br0 2> /dev/null

        ip link add veth_$2 type veth peer name eth0
        ip link set veth_$2 up
        ip link set veth_$2 master br0
    fi

    ip netns add $2

    if test -n "$addr"; then
        ip link set eth0 netns $2
    fi

    ip netns exec $2 ip link set lo up

    if test -n "$addr"; then
        ip netns exec $2 ip addr add $addr/24 dev eth0
        ip netns exec $2 ip link set eth0 up
        ip netns exec $2 ip route add default via 10.0.0.1

        cp /etc/resolv.conf $NSROOT/etc
    fi

    cp $NS/init $NSROOT

    setsid ip netns exec $2 unshare -fmuip env -i container=$2 chroot $NSROOT /init &

    PID=$!
    sleep 3
    echo $(pgrep -P $PID) > $RUN

    $0 run $2 "hostname $2"
    $0 run $2 "mount -t proc none /proc"
    $0 run $2 "mount -t devtmpfs -o nosuid,size=52k,nr_inodes=2048,mode=755 none /dev"
    $0 run $2 "mount -t devpts -o nosuid,noexec,relatime,mode=600 none /dev/pts"

    test -n "$onstart" && echo "$onstart" | $0 run $2 sh -

    echo "$2: started"
}

stop() {
    kill -9 $(cat $RUN) || true

    eval "addr=\"\$$2_addr\""

    test -n "$addr" && ip link del veth_$2
    ip netns delete $2

    echo "$2: stopped"
}

restart() {
    stop "null" $2
    sleep 1
    start "null" $2
}

run() {
    test -f $RUN && PID=$(cat $RUN)

    if ps -p $PID >/dev/null; then
        true
    else
         echo "$2 is not running" && exit 1
    fi

    shift
    shift
    nsenter -t $PID -m -u -i -n -p env -i container=$2 TERM=$TERM chroot $NSROOT "$@"
}

check() {
    test ! -d $NSROOT && echo $NSROOT directory does not exists. && exit 1
    test -f $RUN && PID=$(cat $RUN) &&
        ps -p $PID > /dev/null &&
        echo $2 running with PID $PID &&
        exit 1
}

init() {
    mkdir -p $NS/root
    mkdir -p $NS/run
    touch $NS/rc.conf
    cat << EOF > $NS/rc.conf
#!/bin/sh

# blue_addr="10.0.0.2"
# blue_onstart="/etc/rc.d/nginx start"
EOF

    cat << EOF > $NS/init
#!/bin/sh

while :;
do
    sleep 86400
done
EOF
    chmod +x $NS/init
}

help() {
    cat << EOF
Usage: $0 [COMMAND] [NAMESPACE] [OPTION]...
Manage namespaces.

Commands:
  start   initialize namespace, chroot; copy and start /init in background
  stop    kill /init
  restart stop and start namespace
  run     exec command in running namespace
  check   check if namespace exists in $NSROOT directory, returns 1 on fail
  init    create folders, rc.conf and init file in directory of this script
EOF
}

case $1 in
    check|start|stop|restart|run|init) $1 $@ ;;
    *) help ;;
esac