Initial commit

.gitignore

@@ -0,0 +1,2 @@
+variables.conf
+.disabled

README.md

@@ -0,0 +1,18 @@
+# Containers management
+
+These scripts and Systemd units manage the daily snapshoting of our Nspawn containers, and update of Docker containers.
+
+### Introduction
+All running Nspawn containers are stopped, snapshoted (using Btrfs subvolumes) and restarted
+
+### Files
+* `conts-snap.sh` runs the main process, which snapshots the Nspawn containers.
+* `docker-upgrade.sh` pulls the newest version of running Docker containers.
+* `variables.conf.template` contains examples variables definitions, and should be copied locally to `variables.conf`
+  (with any required modifications).
+* `systemd-templates/` contains Systemd units templates for running the scripts unattended.
+#### Installation
+* `install.sh` script copies Systemd templates to their destination, and enables conts-snap and docker-upgrade timer.
+
+### TODO
+* RAS

conts-snap.sh

@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+
+source "$(dirname "$0")/variables.conf"
+
+mount $containers_dir
+
+cd /var/lib/machines
+for filename in *; do
+  systemctl start cont-snap@$filename.service
+  btrfs subvolume delete $containers_dir/$filename/$(date -d "-15 days" +"%Y%m%d")*
+done
+
+umount $containers_dir
+
+exit 0

docker-upgrade.sh

@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+# Upgrade CODE Docker
+code() {
+  docker pull collabora/code:latest | grep 'Image is up to date' && pulled='no' || pulled='yes'
+
+  if [[ "$pulled" = "yes" ]]; then
+    echo "$(date +%+4Y-%m-%d): Update" >> $logfile_path
+    docker stop CODE
+    docker rm CODE
+    docker run --name 'CODE' -t -d -p 9980:9980 -e 'domain=cloud\\.kto\\.black' --network host --restart always collabora/code
+  else
+    echo "$(date +%+4Y-%m-%d): No update" >> $logfile_path
+  fi
+}
+
+# Variables
+logfile_path='/home/alex/docker-upgrade.log'
+
+set -ex
+
+code
+
+exit 0

install.sh

@@ -0,0 +1,47 @@
+#!/usr/bin/env bash
+
+run_directory=$(dirname "$0")
+user=$(whoami)
+
+source "$run_directory/variables.conf"
+
+if [ -f $run_directory/.disabled ]; then
+  echo "Installation is disabled. Exiting..."
+  exit 0
+fi
+
+echo "Copying Systemd units to system directory..."
+if [[ $user != 'root' ]]; then
+  sudo cp systemd-templates/cont-snap@.service /etc/systemd/system/
+  sudo cp systemd-templates/conts-snap.service /etc/systemd/system/
+  sudo sed -i -e "s:PH_DIRECTORY:$(pwd):g" /etc/systemd/system/conts-snap.service
+  sudo cp systemd-templates/conts-snap.timer /etc/systemd/system/
+  sudo cp systemd-templates/docker-upgrade.service /etc/systemd/system/
+  sudo sed -i -e "s:PH_DIRECTORY:$(pwd):g" /etc/systemd/system/docker-upgrade.service
+  sudo cp systemd-templates/docker-upgrade.timer /etc/systemd/system/
+  sudo cp systemd-templates/machines-start.service /etc/systemd/system/
+else
+  cp systemd-templates/cont-snap@.service /etc/systemd/system/
+  cp systemd-templates/conts-snap.service /etc/systemd/system/
+  sed -i -e "s:PH_DIRECTORY:$(pwd):g" /etc/systemd/system/conts-snap.service
+  cp systemd-templates/conts-snap.timer /etc/systemd/system/
+  cp systemd-templates/docker-upgrade.service /etc/systemd/system/
+  sed -i -e "s:PH_DIRECTORY:$(pwd):g" /etc/systemd/system/docker-upgrade.service
+  cp systemd-templates/docker-upgrade.timer /etc/systemd/system/
+  cp systemd-templates/machines-start.service /etc/systemd/system/
+fi
+echo "Reloading Systemd..."
+if [[ $user != 'root' ]]; then
+  sudo systemctl daemon-reload
+else
+  systemctl daemon-reload
+fi
+echo "Enabling timer (not starting it, either do it manually or reboot)..."
+if [[ $user != 'root' ]]; then
+  sudo systemctl enable conf-sync.timer
+else
+  systemctl enable conf-sync.timer
+fi
+
+echo "Finished install. Exiting..."
+exit 0

systemd-templates/cont-snap@.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=Snapshot %i container
+Requisite=systemd-nspawn@%i.service
+Wants=mnt-containers.mount
+After=systemd-nspawn@%i.service mnt-containers.mount
+
+[Service]
+Type=oneshot
+ExecStartPre=/usr/bin/machinectl stop %i
+# Hereunder is a bit gross, but we need to make sure container is entirely stopped / 5 sec should be sufficient, but we have a problem with mail container; perhaps this sleep is too late anyway...
+ExecStart=/usr/bin/bash -c 'sleep 10 && /usr/bin/btrfs subvolume snapshot -r /mnt/containers/%i/current /mnt/containers/%i/$$(date +%%Y%%m%%d)'
+# As we now get random issues post snap (containers do not always restart...), we add another sleep... Real gros...
+#ExecStartPost=/usr/bin/machinectl start %i
+ExecStartPost=/usr/bin/bash -c 'sleep 10 && /usr/bin/machinectl start %i'

systemd-templates/conts-snap.service

@@ -0,0 +1,6 @@
+[Unit]
+Description=Snapshot Nspawn containers
+
+[Service]
+Type=oneshot
+ExecStart=PH_DIRECTORY/conts-snap.sh

systemd-templates/conts-snap.timer

@@ -0,0 +1,9 @@
+[Unit]
+Description=Snapshot Nspawn containers regularly
+
+[Timer]
+OnCalendar=*-*-* 04:00:00
+Persistent=true
+
+[Install]
+WantedBy=timers.target

systemd-templates/docker-upgrade.service

@@ -0,0 +1,7 @@
+[Unit]
+Description=Upgrade Docker containers
+Requisite=docker.service
+
+[Service]
+Type=oneshot
+ExecStart=PH_DIRECTORY/docker-upgrade.sh

systemd-templates/docker-upgrade.timer

@@ -0,0 +1,9 @@
+[Unit]
+Description=Upgrade Docker containers regularly
+
+[Timer]
+OnCalendar=*-*-* 04:30:00
+Persistent=true
+
+[Install]
+WantedBy=timers.target

systemd-templates/machines-start.timer

@@ -0,0 +1,9 @@
+[Unit]
+Description=Make sure containers are started after snapshoting
+
+[Timer]
+Unit=machines.target
+OnCalendar=*-*-* 04:15:00
+
+[Install]
+WantedBy=timers.target

variables.conf.template

@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+# Copy this file as variables.conf, with the correct values
+
+containers_dir="" # Path to containers subvolumes main directory