#!/bin/sh# Description: Manage namespaces.# Depends on: sh, util-linux, ipro

1. #!/bin/sh
2. # Description: Manage namespaces.
3. # Depends on: sh, util-linux, iproute2, procps
4. # Optional: iptables -t nat -A POSTROUTING -j MASQUERADE && echo 1 > /proc/sys/net/ipv4/ip_forward
5.  
6. NS=$(dirname $0)
7. NSROOT=$NS/root/$2
8. RUN=$NS/run/$2
9.  
10. cgroups="cpu,memory,devices"
11.  
12. test -f "$NS/rc.conf" && . $NS/rc.conf
13.  
14. start() {
15.     check $@
16.  
17.     test -f $RUN && PID=$(cat $RUN)
18.     ps -p $PID >/dev/null 2>&1 && echo $2 is running with $PID && exit 1
19.  
20.     eval "addr=\"\$$2_addr\""
21.     eval "onstart=\"\$$2_onstart\""
22.  
23.     if test -n "$addr"; then
24.         ip link add br0 type bridge >/dev/null 2>&1
25.         ip link set br0 up >/dev/null 2>&1
26.         ip addr add 10.0.0.1/24 dev br0 >/dev/null 2>&1
27.  
28.         ip link add veth_$2 type veth peer name veth0 >/dev/null 2>&1
29.         ip link set veth_$2 up >/dev/null 2>&1
30.         ip link set veth_$2 master br0 >/dev/null 2>&1
31.     fi
32.  
33.     ip netns add $2 >/dev/null 2>&1
34.  
35.     test -n "$addr" && ip link set veth0 netns $2 >/dev/null 2>&1
36.  
37.     ip netns exec $2 ip link set lo up >/dev/null 2>&1
38.  
39.     if test -n "$addr"; then
40.         ip netns exec $2 ip addr add $addr/24 dev veth0 >/dev/null 2>&1
41.         ip netns exec $2 ip link set veth0 up >/dev/null 2>&1
42.         ip netns exec $2 ip route add default via 10.0.0.1 >/dev/null 2>&1
43.  
44.         cp /etc/resolv.conf $NSROOT/etc
45.     fi
46.  
47.     cp $NS/init $NSROOT
48.  
49.     cgroupfs-mount
50.  
51.     cgcreate -g "$cgroups:/$2"
52.  
53.     cgset -r cpu.shares="512" "$2"
54.     cgset -r memory.limit_in_bytes="$((512 * 1000000))" "$2"
55.  
56.     cgset -r devices.deny="a *:* rwm" "$2"
57.     cgset -r devices.allow="c 1:3 rwm" "$2"
58.     cgset -r devices.allow="c 1:5 rwm" "$2"
59.     cgset -r devices.allow="c 1:7 rwm" "$2"
60.     cgset -r devices.allow="c 1:8 rwm" "$2"
61.     cgset -r devices.allow="c 1:9 rwm" "$2"
62.     cgset -r devices.allow="c 5:0 rwm" "$2"
63.     cgset -r devices.allow="c 5:2 rwm" "$2"
64.     cgset -r devices.allow="c 136:* rwm" "$2"
65.  
66.     setsid cgexec -g "$cgroups:$2" \
67.         ip netns exec $2 \
68.         unshare -fmuipC \
69.         env -i container="$2" \
70.         chroot $NSROOT sh -c " exec /init" &
71.  
72.     PID=$!
73.  
74.     until pgrep -P $PID >/dev/null 2>&1; do :; done
75.  
76.     echo $(pgrep -P $PID) > $RUN
77.  
78. # mount -t devtmpfs -o nosuid,size=52k,nr_inodes=2048,mode=755 none /dev
79. # mount -t devpts -o nosuid,noexec,relatime,mode=600 none /dev/pts
80.  
81. #     printf '%s\n' "
82. # hostname $2
83. # mount -t proc none /proc
84. # " | $0 run $2 sh -
85.  
86.     test -n "$onstart" && printf '%s' "$onstart" | $0 run $2 sh -
87.  
88.     echo "$2: started"
89. }
90.  
91. stop() {
92.     check $@
93.     PID=$(test -f $RUN && cat $RUN)
94.     kill -9 $PID >/dev/null 2>&1
95.  
96.     eval "addr=\"\$$2_addr\""
97.  
98.     test -n "$addr" && ip link del veth_$2 >/dev/null 2>&1
99.     ip netns delete $2 >/dev/null 2>&1
100.  
101.     test -f $RUN && rm $RUN
102.  
103.     cgdelete -g "$cgroups:$2"
104.  
105.     echo "$2: stopped"
106. }
107.  
108. run() {
109.     check $@
110.     test -f $RUN && PID=$(cat $RUN)
111.  
112.     if ps -p $PID >/dev/null 2>&1; then
113.         true
114.     else
115.          echo "$2 is not running" && exit 1
116.     fi
117.  
118.     container="$2"
119.  
120.     shift
121.     shift
122.     cgexec -g "$cgroups:$container" ip netns exec $container nsenter -t $PID -m -u -i -p -C env -i container="$container" chroot $NSROOT "$@"
123. }
124.  
125. check() {
126.     test -z "$2" && echo Please, specify container name && exit 1
127.     test ! -d $NSROOT && echo $NSROOT directory does not exists && exit 1
128. }
129.  
130. status() {
131.     check $@
132.     ps -p $(cat $RUN 2>/dev/null) >/dev/null 2>&1
133.     retval=$?
134.     if test ! -d $NSROOT;
135.     then
136.         echo "$2 does not exists"
137.     elif test -f $RUN && test "$retval" -eq 0;
138.     then
139.         echo "$2 is running with pid $(cat $RUN 2>/dev/null)"
140.     elif test -f $RUN && test "$retval" -ne 0;
141.     then
142.         echo "$2 is not running but pid file $RUN exists"
143.     else
144.         echo "$2 is not running"
145.     fi
146. }
147.  
148. restart() {
149.     check $@
150.     stop $@
151.     sleep 1
152.     start $@
153. }
154.  
155. init() {
156.     mkdir -p $NS/root
157.     mkdir -p $NS/run
158.     touch $NS/rc.conf
159.     cat << EOF > $NS/rc.conf
160. #!/bin/sh
161.  
162. # blue_addr="10.0.0.2"
163. # blue_onstart="/etc/rc.d/nginx start"
164. EOF
165.  
166.     cat << EOF > $NS/init
167. #!/bin/sh
168.  
169. while :;
170. do
171.     sleep 86400
172. done
173. EOF
174.     chmod +x $NS/init
175. }
176.  
177. help() {
178.     cat << EOF
179. Usage: $0 [COMMAND] [NAMESPACE] [OPTION]...
180. Manage namespaces.
181.  
182. Commands:
183.   start   initialize namespace, chroot; copy and start /init in background
184.   stop    kill /init
185.   restart stop and start namespace
186.   run     exec command in running namespace
187.   check   check if namespace exists in $NSROOT directory, returns 1 on fail
188.   init    create folders, rc.conf and init file in directory of this script
189. EOF
190. }
191.  
192. case $1 in
193.     check|status|start|stop|restart|run|init) $1 $@ ;;
194.     *) help ;;
195. esac