Age | Commit message (Collapse) | Author |
|
renameat2() exists since Linux 3.15 but btrfs support for the flag
RENAME_NOREPLACE was added later.
This patch implements a fallback when renameat2() returns EINVAL.
EINVAL is the error returned when the filesystem does not support one of
the flags.
|
|
|
|
Also, expose it in machinectl.
|
|
This also adds "machinectl import-raw" and "machinectl import-tar" to
wrap these new bus calls.
THe commands basically do for local files that "machinectl pull-raw" and
friends do for remote files.
|
|
|
|
import and pull calls
|
|
That way we can call the code for local container/VM imports "import"
without confusion.
|
|
downloads
If /var/lib/machines is mounted as btrfs loopback file system in
/var/lib/machines.raw with this change we automatically grow the file
system as it fills up. After each 10M we write to it during imports, we
check the free disk space, and if the fill level grows beyond 66% we
increase the size of the file system to 3x the fill level (thus lowering
it to 33%).
|
|
gpg2 insists on created a trust db even if we tun off all trust db
support. Hence create a temporary home where the trust db is placed, and
remove it after use.
|
|
is called
|
|
|
|
|
|
When manipulating container and VM images we need efficient and atomic
directory snapshots and file copies, as well as disk quota. btrfs
provides this, legacy file systems do not. Hence, implicitly create a
loopback file system in /var/lib/machines.raw and mount it to
/var/lib/machines, if that directory is not on btrfs anyway.
This is done implicitly and transparently the first time the user
invokes "machinectl import-xyz".
This allows us to take benefit of btrfs features for container
management without actually having the rest of the system use btrfs.
The loopback is sized 500M initially. Patches to grow it dynamically are
to follow.
|
|
|
|
The call iterates through cmsg list and closes all fds passed via
SCM_RIGHTS.
This patch also ensures the call is used wherever appropriate, where we
might get spurious fds sent and we should better close them, then leave
them lying around.
|
|
Also, allow clients to alter their own objects without any further
priviliges. i.e. this allows clients to kill and lock their own sessions
without involving PK.
|
|
|
|
We will be woken up on rtnl or dbus activity, so let's just quit if some time has passed and that is the only thing that can happen.
Note that we will always stay around if we expect network activity (e.g. DHCP is enabled), as we are not restarted on that.
|
|
After all it is now much more like strjoin() than strappend(). At the
same time, add support for NULL sentinels, even if they are normally not
necessary.
|
|
|
|
|
|
With this change the pull protocol implementation processes will pass
progress data to importd which then passes this information on via the
bus. We use sd_notify() as generic transport for this communication,
making importd listen to them, while matching the incoming messages to
the right transfer.
|
|
|
|
|
|
That way it cannot get access to the network
|
|
|
|
shut up
|
|
the verbs
Atfer all "systemd-pull pull-tar" is unnecessarily redundant, over
"systemd-pull tar"...
|
|
"systemd-pull"
This way "systemd-importd" is the daemon that uses "systemd-pull" as
backend worker.
|
|
|
|
instead of extending it
This way the user has the ability to remove keys from the
vendor-supplied keyring if he intends so.
|
|
This is how we call it internally, and also a bit more descriptive.
|
|
client to it
The old "systemd-import" binary is now an internal tool. We still use it
as asynchronous backend for systemd-importd. Since the import tool might
require some IO and CPU resources (due to qcow2 explosion, and
decompression), and because we might want to run it with more minimal
priviliges we still keep it around as the worker binary to execute as
child process of importd.
machinectl now has verbs for pulling down images, cancelling them and
listing them.
|
|
|
|
used by the raw and tar importers
This gets us progress output as well xz/bzip2 support.
|
|
|
|
This way, we can import CoreOS images unmodified.
|
|
|
|
|
|
|
|
|
|
This also adds an initial keyring for the verification, that contains
Ubuntu's and Fedora's key. We should probably add more entries sooner or
later.
|
|
|
|
|
|
files
|
|
|
|
|
|
This allows us to reuse a lot more code, and simplify pull-raw
drastically.
|
|
Ubuntu provides their cloud images optionally as tarball, hence also
support downloading those.
|
|
|