<!DOCTYPE html> <html lang=”en”>

<head>

<meta charset=”utf-8”> <meta http-equiv=”X-UA-Compatible” content=”IE=edge”> <meta name=”viewport” content=”width=device-width, initial-scale=1”> <!– The above 3 meta tags must come first in the head; any other head content must come after these tags –> <meta name=”description” content=”Open Infrastructure”> <meta name=”author” content=”open-infrastructure.net”> <link rel=”icon” type=”image/png” href=”/favicon.png” />

<title>Open Infrastructure</title>

<!– Bootstrap core CSS –> <link href=”/meta/bootstrap/css/bootstrap.min.css” rel=”stylesheet”>

<!– IE10 viewport hack for Surface/desktop Windows 8 bug –> <link href=”/local/ie10-viewport-bug-workaround.css” rel=”stylesheet”>

<!– Custom styles for this template –> <link href=”/meta/dejavu-fonts/dejavu-fonts.css” rel=”stylesheet”> <link href=”/meta/font-awesome/css/font-awesome.min.css” rel=”stylesheet”> <link href=”/local/color-red.css” rel=”stylesheet”> <link href=”/local/font.css” rel=”stylesheet”> <link href=”/local/label.css” rel=”stylesheet”> <link href=”/local/margin.css” rel=”stylesheet”> <link href=”/local/navbar.css” rel=”stylesheet”> <link href=”/local/rotate.css” rel=”stylesheet”> <link href=”/local/table.css” rel=”stylesheet”>

<!– HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries –> <!–[if lt IE 9]>

<script src=”/meta/html5shiv/html5shiv.min.js”></script> <script src=”/meta/respond/respond.min.js”></script>

<![endif]–>

</head>

<body>

<div class=”container”>

<!– Static navbar –> <nav class=”navbar navbar-default”>

<div class=”container-fluid”>
<div class=”navbar-header”>
<button type=”button” class=”navbar-toggle collapsed” data-toggle=”collapse” data-target=”#navbar” aria-expanded=”false” aria-controls=”navbar”>

<span class=”sr-only”>Toggle navigation</span> <span class=”icon-bar”></span> <span class=”icon-bar”></span> <span class=”icon-bar”></span>

</button> <a class=”navbar-brand” href=”/” style=”color: black;”><b><i class=”fa fa-fw fa-circle-o” style=”color: #cc0000;”></i> Open Infrastructure</b></a>

</div> <div id=”navbar” class=”navbar-collapse collapse”> </div><!–/.nav-collapse –>

</div><!–/.container-fluid –>

</nav>

<!– Content –>

<h1>TODO: container-tools</h1>

unsorted todo list..

<pre> add @FILE@ in preseed.cfg files to reference the (base?)name of the file in the host-commands, like @NAME@

if container creation fails, do an unmount of all pseudo-fs etc. and cleanup cache/directories/configs (trap function) extend cnt enter to also mount things (if container is not started, do a simple chroot, but have bindmounts/overlays etc. present)

add a container ressource usage report tool finish switch to systemd-networkd make reboot from within the container possible write-out the preseed file when using debconf script in interactive mode use locking so users can concurrently create containers (with debconf script) cnt list doesn’t align multi addresses properly cnt list doesn’t show real-time addresses

add container show command

add cnt move -s {rsync,criu} with default symlink lookup add cnt copy add cnt snapshot add cnt hibernate/suspend/freeze

use random and unique string as veth name by default, not short-host

adding known bug section to container console manpage that root login doesn’t work (securetty) out-of-the-box

add mac-override for a container veth add DeviceAllow thingies as well as a hotplug add command for devices, use https://github.com/coreos/rkt/issues/873 as inspiration https://www.insecure.ws/linux/systemd_nspawn.html

add crudini

add lock in script to upgrade cache only when noone else is upgrading it.

add release/roadmap notes to readme.txt

add –save flag to container limits command to write ‘new’ limits into config automatically add –upgrade flag to container config command to automitcally upgrade config to new formats

add description about scope of container-tools (small setups where openstack is over the top) in connection with cockpit-project

cntsh: add –enable-commands COMMAND/–disable-commands COMMAND

sudo container run -n NAME [COMMANDS]

manpage: - add config manpage

commands: - add get/set program for config

cnt-start:
  • add a oem-config hook function.

integration:
  • criu: e.g. cnt save/restore or something

  • openstack

  • cockpit

  • libvirt

https://github.com/linuxfoundation/cii-best-practices-badge/blob/master/doc/criteria.md https://github.com/lfit/itpol/blob/master/linux-workstation-security.md

random:
  • re-add caching possibility with pre-shipped tarballs

  • integrate example debian packages that contain /usr/share/container-tools/cache/*

  • add debconf question to ask for level of mac conflict check

  • add cnt ‘control’ user with sudo magics so that unprivileged users can start/stop/restart/create/destroy their containers; maybe group so that anyone in group can do it

  • add bash-completion

  • don’t hardcode /var/lib/machines

  • do something about the automatic bridge+dhcpd+resolver-setup use-case

cnt-debconf:
  • include removal of backup files and such from system-build:share/hooks/*

  • make /usr/share/container-tools/includes/{$name,all} or somesuch for local includes (e.g. certs)

  • for some reason the Internal_options don’t make it to debconf.default; probably because the ‘if db_get …’ constructs don’t work with set -e.

  • allow mechanism to store local packages that overwrite repository ones

  • if invoked as cnt-debconf, ask for mode (debian, progress-linux, etc.)

  • allow to have templates (that do not get modified) in /etc/cnt/debconf

  • write preseed file into /etc/cnt/debconf after cnt-debconf is done

  • create /etc/cnt/{debian,progress} and respect it depending on mode

  • save last used IP, use this +1 as default for next container

  • check for already used IPs and give a warning if a container with same ip already exists on the system.

  • add manpage

  • handle mac (arp; local; etc.)

  • guess bridge device

  • get rid of /bin/bash

  • don’t embedd cnt config, use a template from etc

  • check if the ‘no network’ use case is handled properly in cnt-debconf should not add network entries in the container config file.

  • support /etc/cnt/debconf/$FQDN.d/*.cfg as valid preseeds

  • if exit with error, do unmount pseudo-fs (use a trap, rather than rely on flock/set +x)

  • use /etc/cnt/default.conf as an include from $container/config

  • add something like –no-delete to not delete cache/containers when creation failed (in order to be able to debug later on)

  • check that preseed hiearchy is correct: - main preseed voerwrites includes - first include is overwritting by second include

</pre>

<!– /Content –>

<hr />

<footer>

<p class=”text-muted”>2014-2016 <a class=”text-muted” href=”mailto:system-administration@open-infrastructure.net?subject=Open%20Infrastructure:%20Feedback”>System Administration</a> (<a class=”text-muted” href=”legal-information.html”>Legal Information</a>) <a class=”text-muted pull-right” href=”https://sources.open-infrastructure.net”><i class=”fa fa-fw fa-heart” style=”color: #cc0000;”></i> Source Code</a></p>

</footer>

</div> <!– /container –>

<!– Bootstrap core JavaScript ================================================== –> <!– Placed at the end of the document so the pages load faster –> <script src=”/meta/jquery/jquery.min.js”></script> <script src=”/meta/bootstrap/js/bootstrap.min.js”></script> <!– IE10 viewport hack for Surface/desktop Windows 8 bug –> <script src=”/local/ie10-viewport-bug-workaround.js”></script> <!– Custom scripts for this template –> <script src=”/local/headings.js”></script> <script src=”/local/table.js”></script>

</body>

</html>