From 8f5177e501b681286f09c978a163515ca5382774 Mon Sep 17 00:00:00 2001 From: Mingzhe Zou Date: Thu, 26 Sep 2024 09:46:26 +0800 Subject: [PATCH] add systemd guard --- casm/cmds/podman/__init__.py | 3 ++- casm/cmds/podman/container.py | 18 ++++++++++++++++++ casm/cmds/podman/systemd.py | 26 +++++++++++++++++++++++--- casm/utils/podman.py | 17 +++++++++++++---- 4 files changed, 56 insertions(+), 8 deletions(-) create mode 100644 casm/cmds/podman/container.py diff --git a/casm/cmds/podman/__init__.py b/casm/cmds/podman/__init__.py index 71e21cb..9197d07 100644 --- a/casm/cmds/podman/__init__.py +++ b/casm/cmds/podman/__init__.py @@ -10,6 +10,7 @@ from ...utils import __url_home__ from ...utils import __version__ +from .container import add_cmd_container from .system import add_cmd_system from .systemd import add_cmd_systemd @@ -19,7 +20,7 @@ def add_cmd(_arg: argp): pass -@run_command(add_cmd, add_cmd_system) +@run_command(add_cmd, add_cmd_container, add_cmd_system) def run_cmd(cmds: commands) -> int: return 0 diff --git a/casm/cmds/podman/container.py b/casm/cmds/podman/container.py new file mode 100644 index 0000000..7fb18af --- /dev/null +++ b/casm/cmds/podman/container.py @@ -0,0 +1,18 @@ +# coding:utf-8 + +from xarg import add_command +from xarg import argp +from xarg import commands +from xarg import run_command + +from ...utils import podman_cmd + + +@add_command("container", help="Manage podman containers") +def add_cmd_container(_arg: argp): + pass + + +@run_command(add_cmd_container) +def run_cmd_container(cmds: commands) -> int: + return 0 diff --git a/casm/cmds/podman/systemd.py b/casm/cmds/podman/systemd.py index 7aaca65..a37fb6d 100644 --- a/casm/cmds/podman/systemd.py +++ b/casm/cmds/podman/systemd.py @@ -12,7 +12,7 @@ from ..service import add_pos_services -@add_command("enable", help="Enable systemd for containers") +@add_command("enable", help="Enable systemd unit for containers") def add_cmd_enable(_arg: argp): _arg.add_argument("--restart-policy", dest="restart_policy", type=str, nargs=1, metavar="STR", default=["on-failure"], @@ -37,7 +37,7 @@ def run_cmd_enable(cmds: commands) -> int: return 0 -@add_command("disable", help="Disable systemd for containers") +@add_command("disable", help="Disable systemd unit for containers") def add_cmd_disable(_arg: argp): add_pos_services(_arg) @@ -57,11 +57,31 @@ def run_cmd_disable(cmds: commands) -> int: return 0 +@add_command("guard", help="Guard systemd unit for containers") +def add_cmd_guard(_arg: argp): + add_pos_services(_arg) + + +@run_command(add_cmd_guard) +def run_cmd_guard(cmds: commands) -> int: + assemble: assemble_file = cmds.args.assemble_file + assert isinstance(assemble, assemble_file) + services: List[str] = cmds.args.services + for service in assemble.template.services: + cmds.logger.debug(f"{service.title}: {service.container_name}") + if len(services) > 0 and service.title not in services: + continue + container_name = assemble.safe_substitute(service.container_name) + cmds.logger.info(f"guard container {container_name}") + podman_container(container_name).generate_guard_task() + return 0 + + @add_command("systemd", help="Manage systemd units") def add_cmd_systemd(_arg: argp): pass -@run_command(add_cmd_systemd, add_cmd_enable, add_cmd_disable) +@run_command(add_cmd_systemd, add_cmd_enable, add_cmd_disable, add_cmd_guard) def run_cmd_systemd(cmds: commands) -> int: return 0 diff --git a/casm/utils/podman.py b/casm/utils/podman.py index 23a4382..2b190b3 100644 --- a/casm/utils/podman.py +++ b/casm/utils/podman.py @@ -1,5 +1,6 @@ # coding:utf-8 +import getpass import os import shutil from typing import Any @@ -95,7 +96,7 @@ def __init__(self, container: Container): self.__container: Container = container self.__info: Dict[str, Any] = container.inspect() self.__state: Optional[podman_container_inspect.state_struct] = None - self.__host_config: Optional[podman_container_inspect.host_config_struct] = None # noqa: E501 + self.__host_config: Optional[podman_container_inspect.host_config_struct] = None # noqa:E501 @property def container(self) -> Container: @@ -130,7 +131,7 @@ def State(self) -> state_struct: @property def HostConfig(self) -> host_config_struct: if self.__host_config is None: - self.__host_config = self.host_config_struct(self.info["HostConfig"]) # noqa: E501 + self.__host_config = self.host_config_struct(self.info["HostConfig"]) # noqa:E501 return self.__host_config @@ -187,8 +188,8 @@ def generate_service(self, restart_policy: str = "on-failure", raise FileNotFoundError("podman command not found") container_inspect: podman_container_inspect = self.inspect() - mounts: List[Optional[str]] = [mountpoint(bind.split(":")[0]) for bind in # noqa: E501 - container_inspect.HostConfig.Binds if bind.startswith("/")] # noqa: E501 + mounts: List[Optional[str]] = [mountpoint(bind.split(":")[0]) for bind in # noqa:E501 + container_inspect.HostConfig.Binds if bind.startswith("/")] # noqa:E501 mountpoints: List[str] = ["/run/containers/storage"] mountpoints.extend([m for m in mounts if isinstance(m, str)]) content: str = f""" @@ -237,6 +238,14 @@ def disable_service(self) -> int: systemd_service.delete_unit(unit=self.service_unit) return 0 + def generate_guard_task(self, interval: int = 3) -> int: + container_name: str = self.container_name + with open(f"/etc/cron.d/guard-{container_name}.sh", "w") as hdl: + username: str = getpass.getuser() + hdl.write(f"PATH={os.environ['PATH']}\n") + hdl.write(f"*/{interval} * * * * {username} cman guard ${container_name}\n") # noqa:E501 + return 0 + class podman_cmd: '''Execute podman command