diff options
author | Dirk Brenken <dev@brenken.org> | 2018-05-26 19:32:39 +0200 |
---|---|---|
committer | Dirk Brenken <dev@brenken.org> | 2018-05-27 20:46:13 +0200 |
commit | d9b6c5dd781fec6603e7941b72774b9af140e858 (patch) | |
tree | 4aa99a1d39c05c418e5c5609f7b0c13540d13f8d /applications/luci-app-lxc/luasrc/controller | |
parent | fa4dc6be91ad86dbaa0959b40bdb14f50ad21a67 (diff) |
luci-app-lxc: fix "plain-vanilla" integration, part 2
I've tried to get the lxc app in a more usable state. Tested with mips
and amd64 targets.
* check /etc/config/lxc in controller, not in cbi
* more controller cleanups
* remove unused 'fork_exec' function
* check path before container creation
* check space requirements before container creation
* support new uci options 'min_space' and 'min_temp',
default for both is 100000 KB
* both options are configurable via LuCI CBI template
* write messages to log in case of an error
* validate the container name during creation,
automatically remove invalid chars
* inform the user that only a stopped container can be destroyed
* add experimental ssl support (untested, disabled by default)
Signed-off-by: Dirk Brenken <dev@brenken.org>
Diffstat (limited to 'applications/luci-app-lxc/luasrc/controller')
-rw-r--r-- | applications/luci-app-lxc/luasrc/controller/lxc.lua | 112 |
1 files changed, 55 insertions, 57 deletions
diff --git a/applications/luci-app-lxc/luasrc/controller/lxc.lua b/applications/luci-app-lxc/luasrc/controller/lxc.lua index e15915df5d..f14606ee81 100644 --- a/applications/luci-app-lxc/luasrc/controller/lxc.lua +++ b/applications/luci-app-lxc/luasrc/controller/lxc.lua @@ -14,73 +14,43 @@ Author: Petar Koretic <petar.koretic@sartura.hr> ]]-- +module("luci.controller.lxc", package.seeall) + local uci = require "luci.model.uci".cursor() local util = require "luci.util" local fs = require "nixio" -module("luci.controller.lxc", package.seeall) - -function fork_exec(command) - local pid = fs.fork() - if pid > 0 then +function index() + if not nixio.fs.access("/etc/config/lxc") then return - elseif pid == 0 then - -- change to root dir - fs.chdir("/") - - -- patch stdin, out, err to /dev/null - local null = fs.open("/dev/null", "w+") - if null then - fs.dup(null, fs.stderr) - fs.dup(null, fs.stdout) - fs.dup(null, fs.stdin) - if null:fileno() > 2 then - null:close() - end - end - - -- replace with target command - fs.exec("/bin/sh", "-c", command) end -end -function index() page = node("admin", "services", "lxc") page.target = cbi("lxc") page.title = _("LXC Containers") page.order = 70 - page = entry({"admin", "services", "lxc_create"}, call("lxc_create"), nil) - page.leaf = true - - page = entry({"admin", "services", "lxc_action"}, call("lxc_action"), nil) - page.leaf = true - - page = entry({"admin", "services", "lxc_get_downloadable"}, call("lxc_get_downloadable"), nil) - page.leaf = true - - page = entry({"admin", "services", "lxc_configuration_get"}, call("lxc_configuration_get"), nil) - page.leaf = true - - page = entry({"admin", "services", "lxc_configuration_set"}, call("lxc_configuration_set"), nil) - page.leaf = true - + entry({"admin", "services", "lxc_create"}, call("lxc_create"), nil).leaf = true + entry({"admin", "services", "lxc_action"}, call("lxc_action"), nil).leaf = true + entry({"admin", "services", "lxc_get_downloadable"}, call("lxc_get_downloadable"), nil).leaf = true + entry({"admin", "services", "lxc_configuration_get"}, call("lxc_configuration_get"), nil).leaf = true + entry({"admin", "services", "lxc_configuration_set"}, call("lxc_configuration_set"), nil).leaf = true end function lxc_get_downloadable() local target = lxc_get_arch_target() local templates = {} + local ssl_status = lxc_get_ssl_status() - local f = io.popen('sh /usr/share/lxc/templates/lxc-download --list --no-validate --server %s 2>/dev/null' - % util.shellquote(uci:get("lxc", "lxc", "url")), 'r') + local f = io.popen('sh /usr/share/lxc/templates/lxc-download --list %s --server %s 2>/dev/null' + %{ ssl_status, util.shellquote(uci:get("lxc", "lxc", "url")) }, 'r') local line for line in f:lines() do local dist, version, dist_target = line:match("^(%S+)%s+(%S+)%s+(%S+)%s+default%s+%S+$") - if dist and version and dist_target == target then + if dist and version and dist_target and dist_target == target then templates[#templates+1] = "%s:%s" %{ dist, version } end end - f:close() luci.http.prepare_content("application/json") @@ -90,23 +60,26 @@ end function lxc_create(lxc_name, lxc_template) luci.http.prepare_content("text/plain") - if not pcall(dofile, "/etc/openwrt_release") then - return luci.http.write("1") + local check = lxc_get_config_path() + if not check then + return end - local lxc_dist, lxc_release = lxc_template:match("^(.+):(.+)$") + local ssl_status = lxc_get_ssl_status() + local src_err + local lxc_dist, lxc_release = lxc_template:match("^(.+):(.+)$") luci.http.write(util.ubus("lxc", "create", { name = lxc_name, template = "download", args = { "--server", uci:get("lxc", "lxc", "url"), - "--no-validate", "--dist", lxc_dist, "--release", lxc_release, - "--arch", lxc_get_arch_target() + "--arch", lxc_get_arch_target(), + ssl_status } - })) + }), src_err) end function lxc_action(lxc_action, lxc_name) @@ -123,9 +96,25 @@ function lxc_get_config_path() local ret = content:match('^%s*lxc.lxcpath%s*=%s*([^%s]*)') if ret then - return ret .. "/" + if nixio.fs.access(ret) then + local min_space = tonumber(uci:get("lxc", "lxc", "min_space")) or 100000 + local free_space = tonumber(util.exec("df " ..ret.. " | awk '{if(NR==2)print $4}'")) + if free_space and free_space >= min_space then + local min_temp = tonumber(uci:get("lxc", "lxc", "min_temp")) or 100000 + local free_temp = tonumber(util.exec("df /tmp | awk '{if(NR==2)print $4}'")) + if free_temp and free_temp >= min_temp then + return ret .. "/" + else + util.perror("lxc error: not enough temporary space (< " ..min_temp.. " KB)") + end + else + util.perror("lxc error: not enough space (< " ..min_space.. " KB)") + end + else + util.perror("lxc error: directory not found") + end else - return "/srv/lxc/" + util.perror("lxc error: config path is empty") end end @@ -143,14 +132,15 @@ function lxc_configuration_set(lxc_name) luci.http.prepare_content("text/plain") local lxc_configuration = luci.http.formvalue("lxc_configuration") - if lxc_configuration == nil then - return luci.http.write("1") + util.perror("lxc error: config formvalue is empty") + return end local f, err = io.open(lxc_get_config_path() .. lxc_name .. "/config","w+") if not f then - return luci.http.write("2") + util.perror("lxc error: config file not found") + return end f:write(lxc_configuration) @@ -168,13 +158,21 @@ function lxc_get_arch_target() armv8 = "arm64", x86_64 = "amd64" } - local k, v for k, v in pairs(target_map) do - if target:find(k) then + if target:find("^" ..k.. "$") then return v end end - return target end + +function lxc_get_ssl_status() + local ssl_enabled = uci:get("lxc", "lxc", "ssl_enabled") + local ssl_status = "--no-validate" + + if ssl_enabled and ssl_enabled == "1" then + ssl_status = "" + end + return ssl_status +end |