testing/util-vserver: mist fixes

* set default nproc limit in post install/upgrade script. This prevents guests to forkbomb the host to death. * support for creating multiple guests in one shot
2026-05-04 20:06:43 +02:00 · 2009-10-29 10:12:00 +00:00 · 2009-10-29 10:12:00 +00:00 · 199dba2f5b
commit 199dba2f5b
parent a3b8404715
4 changed files with 162 additions and 92 deletions
--- a/testing/util-vserver/APKBUILD
+++ b/testing/util-vserver/APKBUILD
@ -2,11 +2,11 @@
 pkgname=util-vserver
 pkgver=0.30.216_pre2849
 _realver=0.30.216-pre2849
-pkgrel=3
+pkgrel=4
 pkgdesc="Linux-VServer admin utilities"
 url="http://www.nongnu.org/util-vserver/"
 license="GPL"
-# needs coreutils for touch -t
+install="$pkgname.post-install $pkgname.post-upgrade"
 makedepends="iptables-dev e2fsprogs-dev beecrypt-dev autoconf automake
 	pkgconfig libtool"
 depends="bash make"
@ -22,9 +22,11 @@ source="http://people.linux-vserver.org/~dhozac/t/uv-testing/util-vserver-$_real
 	"
 subpackages="$pkgname-doc $pkgname-dev"

+_builddir="$srcdir"/$pkgname-$_realver
+
 build() {
 	local i
-	cd "$srcdir"/$pkgname-$_realver
+	cd "$_builddir"
 	for i in ../*.patch; do
 		[ -r "$i" ] || continue
 		msg "Applying $i"
@ -46,6 +48,10 @@ build() {
 	# use busybox ionice rather than util-linux-ng
 	sed -i -e 's:/usr/bin/ionice:/bin/ionice:' Makefile
 	make || return 1
+}
+
+package() {
+	cd "$_builddir"
 	make DESTDIR="$pkgdir/" install install-distribution
 	install -Dm755 ../setup-vs-template "$pkgdir"/usr/sbin/setup-vs-template
 	install -Dm755 ../setup-vs-guest "$pkgdir"/usr/sbin/setup-vs-guest
@ -58,4 +64,4 @@ ff8f561f672524eb46fe633f584ef60e  ensc_pathprog.patch
 da8b70c4fd40e68894b3903ffd121397  validate.patch
 04000261fd990a3963b0e98260b481bd  alpine.patch
 49bca7969cc284adf68e0ef284c0660e  setup-vs-template
-b7a30afd4ba87968cb58137d59d8e8f8  setup-vs-guest"
+838511f74983453ef9827ed875b70d59  setup-vs-guest"
--- a/testing/util-vserver/setup-vs-guest
+++ b/testing/util-vserver/setup-vs-guest
@ -161,98 +161,146 @@ valid_ip() {
        ipcalc -s $1
 }

+# ask for hostname
+# 
+# $1 = default
+#
+# retrusn hostname in global var $resp
+#
+ask_hostname() {
+	while true; do
+		ask "Hostname for new vserver:" $1
+		if [ -d /etc/vservers/$resp ]; then
+			echo "/etc/vservers/$resp already exist"
+			continue
+		fi
+		if [ -d /vservers/$resp ]; then
+			echo "/vservers/$resp already exist"
+			continue
+		fi
+		valid_hostname $resp && break
+	done
+}
+
+ask_ifaceopts() {
+	# get ip address(es)
+	resp=
+	local ifaceopts= _def= _iface=
+	local ifaces=$(ip addr | awk -F: '$1 ~ /^[0-9]/ {printf "%s" $2} END {printf "\n"}')
+	local last_iface=$(echo $ifaces | sed 's/.* //')
+	while [ "$resp" != "done" ]; do
+		if [ -z "$ifaces" ] || [ "$ifaces" = "lo " ] || [ -n "$ifaceopts" ]; then
+			_def="done"
+		else
+			_def=$(echo $ifaces | sed 's/.* //')
+		fi
+		ask_which "network interface" "to use for $_hostname" \
+			"$ifaces" $_def
+		[ "$resp" = "done" ] && break
+
+		_iface=$resp
+		ifaces=$(rmel $_iface $ifaces)
+		# suggested ip by last digit + 1
+		_last_ip_mask=$(last_ipv4_addr_mask $_iface)
+		_last_ip=${_last_ip_mask%/*}
+		_last_ip_digit=${_last_ip##*.}
+		_ip=${_last_ip%.*}.$((($_last_ip_digit + 1) % 256))
+		_mask=${_last_ip_mask#*/}
+		while true; do
+			ask "Enter IP address/mask for $_iface:" $_ip/$_mask
+			valid_ip $resp && break
+			echo "$resp is not a valid IPv4 address/mask"
+		done
+		_ip_mask=$resp
+		ifaceopts="$ifaceopts --interface $_iface:$_ip_mask"
+
+		# suggest context from last digit in first ip address
+		if [ -z "$_context" ]; then
+			_ip=${_ip_mask%/*}
+			_last_digit=${_ip##*.}
+			_context=$((10000 + $_last_digit))
+		fi
+	done
+	resp="$ifacesopts"
+}
+
+ask_context() {
+	# get context id
+	while true; do
+		ask "Enter context id for $_hostname:" $_context
+		if echo "$resp" | egrep -q "[0-9]+"; then
+			[ $resp -ge 0 ] && [ $resp -lt 65535 ] && break
+		fi
+		echo "Context id must be a 0-65534 number"
+	done
+}
+
+ask_template() {
+	local temp
+	# get template
+	while true; do
+		ask "Enter template file (or empty for generate a new):" \
+			$_template
+		if [ -z "$resp" ] || [ -r "$resp" ]; then
+			break
+		fi
+		echo "Can not read $resp"
+	done
+	temp=$resp
+	if [ -z "$temp" ]; then
+		temp=/vservers/template.tar.gz
+		echo -n "Generating template..."
+		if setup-vs-template -q -o $temp; then
+			echo "ok"
+		else
+			echo "Failed to create template"
+			exit 1
+		fi
+	fi
+	resp=$temp
+}
+
+usage() {
+	echo "Usage: ${0##*/} [-h] [HOSTNAME...]"
+	exit 1
+}
+
+while getopts "h" opt; do
+	case "$opt" in
+		h) usage;;
+		?) usage;;
+	esac
+done
+
+shift $(($OPTIND - 1))
+
 if [ "$(whoami)" != "root" ]; then
 	echo "Need to be root. Sorry."
 	exit 1
 fi

-ifaces=$(ip addr | awk -F: '$1 ~ /^[0-9]/ {printf "%s" $2} END {printf "\n"}')
-last_iface=$(echo $ifaces | sed 's/.* //')
-
 while true; do
-	ask "Hostname for new vserver:"
-	if [ -d /etc/vservers/$resp ]; then
-		echo "/etc/vservers/$resp already exist"
-		continue
-	fi
-	if [ -d /vservers/$resp ]; then
-		echo "/vservers/$resp already exist"
-		continue
-	fi
-	valid_hostname $resp && break
+	ask_hostname $1
+	_hostname=$resp
+
+	ask_ifaceopts
+	_ifaceopts=$resp
+
+	ask_context
+	_context=$resp
+
+	ask_template
+	_template=$resp
+
+	vserver $_hostname build \
+		--hostname $_hostname \
+		$_ifaceopts \
+		--context $_context \
+		-m template -- -t "$_template" -d alpine \
+		&& cp /etc/resolv.conf /vservers/$_hostname/etc/ \
+		&& cp /etc/apk/repositories /vservers/$_hostname/etc/apk/ \
+		|| exit 1
+	
+	shift
+	[ $# -le 0 ] && exit 0
 done
-_hostname=$resp
-
-# get ip address(es)
-resp=
-ifaceopts=
-while [ "$resp" != "done" ]; do
-	if [ -z "$ifaces" ] || [ "$ifaces" = "lo " ]; then
-		_def="done"
-	else
-		_def=$(echo $ifaces | sed 's/.* //')
-	fi
-	ask_which "network interface" "to use for $_hostname" "$ifaces" $_def
-	[ "$resp" = "done" ] && break
-
-	_iface=$resp
-	ifaces=$(rmel $_iface $ifaces)
-	# suggested ip by last digit + 1
-	_last_ip_mask=$(last_ipv4_addr_mask $_iface)
-	_last_ip=${_last_ip_mask%/*}
-	_last_ip_digit=${_last_ip##*.}
-	_ip=${_last_ip%.*}.$((($_last_ip_digit + 1) % 256))
-	_mask=${_last_ip_mask#*/}
-	while true; do
-		ask "Enter IP address/mask for $_iface:" $_ip/$_mask
-		valid_ip $resp && break
-		echo "$resp is not a valid IPv4 address/mask"
-	done
-	_ip_mask=$resp
-	ifaceopts="$ifaceopts --interface $_iface:$_ip_mask"
-
-	# suggest context from last digit in first ip address
-	if [ -z "$_context" ]; then
-		_ip=${_ip_mask%/*}
-		_last_digit=${_ip##*.}
-		_context=$((10000 + $_last_digit))
-	fi
-done
-
-# get context id
-while true; do
-	ask "Enter context id for $_hostname:" $_context
-	if echo "$resp" | egrep -q "[0-9]+"; then
-		[ $resp -ge 0 ] && [ $resp -lt 65535 ] && break
-	fi
-	echo "Context id must be a 0-65534 number"
-done
-_context=$resp
-
-# get template
-while true; do
-	ask "Enter template file (or empty for generate a new):"
-	if [ -z "$resp" ] || [ -r "$resp" ]; then
-		break
-	fi
-	echo "Can not read $resp"
-done
-_template=$resp
-
-if [ -z "$_template" ]; then
-	_template=/vservers/template.tar.gz
-	echo -n "Generating template..."
-	if setup-vs-template -q -o $_template; then
-		echo "ok"
-	else
-		echo "Failed to create template"
-		exit 1
-	fi
-fi
-
-vserver $_hostname build \
-	--hostname $_hostname \
-	$ifaceopts \
-	--context $_context \
-	-m template -- -t "$_template" -d alpine
-
--- a/testing/util-vserver/util-vserver.post-install
+++ b/testing/util-vserver/util-vserver.post-install
@ -0,0 +1,15 @@
+#!/bin/sh
+
+if [ -f /etc/vservers/.defaults/rlimits/nproc ]; then
+	exit 0
+fi
+
+# calculate the nproc limit from amount of ram
+memtotal=$(awk '$1 == "MemTotal:" {print $2}' /proc/meminfo 2>/dev/null
+nproc=$(( ${memtotal:-524288} / 256 ))
+
+# set a "sane" default nproc limit
+echo "Setting default nproc limit to $nproc"
+mkdir -p /etc/vservers/.defaults/rlimits
+echo $nproc > /etc/vservers/.defaults/rlimits/nproc
+
--- a/testing/util-vserver/util-vserver.post-upgrade
+++ b/testing/util-vserver/util-vserver.post-upgrade
@ -0,0 +1 @@
+util-vserver.post-install