add systemd guard

podboy · Sep 26, 2024 · b27f41c · b27f41c
1 parent 5315344
commit b27f41c
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 7 deletions.
diff --git a/casm/cmds/podman/systemd.py b/casm/cmds/podman/systemd.py
@@ -12,7 +12,7 @@
 from ..service import add_pos_services
 
 
-@add_command("enable", help="Enable systemd for containers")
+@add_command("enable", help="Enable systemd unit for containers")
 def add_cmd_enable(_arg: argp):
     _arg.add_argument("--restart-policy", dest="restart_policy",
                       type=str, nargs=1, metavar="STR", default=["on-failure"],
@@ -37,7 +37,7 @@ def run_cmd_enable(cmds: commands) -> int:
     return 0
 
 
-@add_command("disable", help="Disable systemd for containers")
+@add_command("disable", help="Disable systemd unit for containers")
 def add_cmd_disable(_arg: argp):
     add_pos_services(_arg)
 
@@ -57,11 +57,31 @@ def run_cmd_disable(cmds: commands) -> int:
     return 0
 
 
+@add_command("guard", help="Guard systemd unit for containers")
+def add_cmd_guard(_arg: argp):
+    add_pos_services(_arg)
+
+
+@run_command(add_cmd_guard)
+def run_cmd_guard(cmds: commands) -> int:
+    assemble: assemble_file = cmds.args.assemble_file
+    assert isinstance(assemble, assemble_file)
+    services: List[str] = cmds.args.services
+    for service in assemble.template.services:
+        cmds.logger.debug(f"{service.title}: {service.container_name}")
+        if len(services) > 0 and service.title not in services:
+            continue
+        container_name = assemble.safe_substitute(service.container_name)
+        cmds.logger.info(f"guard container {container_name}")
+        podman_container(container_name).guard_service()
+    return 0
+
+
 @add_command("systemd", help="Manage systemd units")
 def add_cmd_systemd(_arg: argp):
     pass
 
 
-@run_command(add_cmd_systemd, add_cmd_enable, add_cmd_disable)
+@run_command(add_cmd_systemd, add_cmd_enable, add_cmd_disable, add_cmd_guard)
 def run_cmd_systemd(cmds: commands) -> int:
     return 0
diff --git a/casm/utils/podman.py b/casm/utils/podman.py
@@ -1,5 +1,6 @@
 # coding:utf-8
 
+import getpass
 import os
 import shutil
 from typing import Any
@@ -95,7 +96,7 @@ def __init__(self, container: Container):
         self.__container: Container = container
         self.__info: Dict[str, Any] = container.inspect()
         self.__state: Optional[podman_container_inspect.state_struct] = None
-        self.__host_config: Optional[podman_container_inspect.host_config_struct] = None  # noqa: E501
+        self.__host_config: Optional[podman_container_inspect.host_config_struct] = None  # noqa:E501
 
     @property
     def container(self) -> Container:
@@ -130,7 +131,7 @@ def State(self) -> state_struct:
     @property
     def HostConfig(self) -> host_config_struct:
         if self.__host_config is None:
-            self.__host_config = self.host_config_struct(self.info["HostConfig"])  # noqa: E501
+            self.__host_config = self.host_config_struct(self.info["HostConfig"])  # noqa:E501
         return self.__host_config
 
 
@@ -187,8 +188,8 @@ def generate_service(self, restart_policy: str = "on-failure",
             raise FileNotFoundError("podman command not found")
 
         container_inspect: podman_container_inspect = self.inspect()
-        mounts: List[Optional[str]] = [mountpoint(bind.split(":")[0]) for bind in  # noqa: E501
-                                       container_inspect.HostConfig.Binds if bind.startswith("/")]  # noqa: E501
+        mounts: List[Optional[str]] = [mountpoint(bind.split(":")[0]) for bind in  # noqa:E501
+                                       container_inspect.HostConfig.Binds if bind.startswith("/")]  # noqa:E501
         mountpoints: List[str] = ["/run/containers/storage"]
         mountpoints.extend([m for m in mounts if isinstance(m, str)])
         content: str = f"""
@@ -237,6 +238,14 @@ def disable_service(self) -> int:
         systemd_service.delete_unit(unit=self.service_unit)
         return 0
 
+    def guard_service(self, interval: int = 3) -> int:
+        container_name: str = self.container_name
+        with open(f"/etc/cron.d/guard-{container_name}.sh", "w") as hdl:
+            username: str = getpass.getuser()
+            hdl.write(f"PATH={os.environ['PATH']}\n")
+            hdl.write(f"*/{interval} * * * * {username} cman guard ${container_name}\n")  # noqa:E501
+        return 0
+
 
 class podman_cmd:
     '''Execute podman command