Core Snap

Merge lp:~morphis/core-snap/add-configure-hook-sshd-service into lp:core-snap

  1. add-configure-hook-sshd-service
  2. Merge into trunk
Proposed by Simon Fels on 2017-01-20
Status: Merged
Merged at revision: 47
Proposed branch: lp:~morphis/core-snap/add-configure-hook-sshd-service
Merge into: lp:core-snap
Diff against target: 75 lines (+58/-0)
2 files modified
hooks/configure (+47/-0)
snapcraft.yaml (+11/-0)
To merge this branch: bzr merge lp:~morphis/core-snap/add-configure-hook-sshd-service
Reviewer Review Type Date Requested Status
John Lenton Needs Fixing on 2017-01-26
Oliver Grawert Approve on 2017-01-26
Michael Vogt 2017-01-20 Approve on 2017-01-26
Review via email: mp+315203@code.launchpad.net

Commit Message

Add configure hook which only accepts a single option service.ssh.disable for now

The purpose of the service.ssh.disable option is to either enable or disable the ssh service on the system. A management snap can then use the snapd-control interface to change the configuration and enable/disable ssh depending on its needs.

To post a comment you must log in.
Michael Vogt (mvo) wrote :

Looks good!

review: Approve
Simon Fels (morphis) wrote :

The hook needs plugs added to allow access to /etc/ssh and restarting services via systemd. See https://github.com/snapcore/snapd/pull/2683 and https://github.com/snapcore/snapd/pull/2687

Simon Fels (morphis) wrote :

Using now the new 'core-support' interface which was explicitly introduced for things the core has to do like this configure hook. See https://github.com/snapcore/snapd/pull/2706 for more details.

Simon Fels (morphis) wrote :

Spread test added to snapd with https://github.com/snapcore/snapd/pull/2723

Michael Vogt (mvo) wrote :

:+1:

review: Approve
Oliver Grawert (ogra) wrote :

looks fine to me

review: Approve
Simon Fels (morphis) wrote :

Switched to stop/disable and enable/start as suggested by Gustavo on Telegram. Status is back to work-in-progress as I am using this MP as a base to generate a new core snap on launchpad.

Also needs https://github.com/snapcore/snapd/pull/2726/files

John Lenton (chipaca) wrote :

This is broken as is, unless i'm very mistaken.

'let' is a bashism

and

while $n -lt 10 $wait_attempts ! is_ssh_unit_enabled

is missing an &&

John Lenton (chipaca) :
review: Needs Fixing
lp:~morphis/core-snap/add-configure-hook-sshd-service updated on 2017-01-26
56. By Simon Fels on 2017-01-26

Fix leftover invalid shell syntax

Jamie Strandboge (jdstrand) :
lp:~morphis/core-snap/add-configure-hook-sshd-service updated on 2017-01-26
57. By Simon Fels on 2017-01-26

Switch stop+disable to disable+stop

Simon Fels (morphis) :
lp:~morphis/core-snap/add-configure-hook-sshd-service updated on 2017-01-26
58. By Simon Fels on 2017-01-26

Fix condition

Simon Fels (morphis) wrote :

Fixed all review comments.

Oliver Grawert (ogra) wrote :

added some inline comments

lp:~morphis/core-snap/add-configure-hook-sshd-service updated on 2017-01-26
59. By Simon Fels on 2017-01-26

Respect review comments

60. By Simon Fels on 2017-01-26

Add missing brackets

Michael Vogt (mvo) wrote :

Some nitpick.

lp:~morphis/core-snap/add-configure-hook-sshd-service updated on 2017-01-27
61. By Simon Fels on 2017-01-27

Rework hook again to use plain systemctl

Simon Fels (morphis) wrote :

After some more discussion this was now reworked to use systemctl again. See https://github.com/snapcore/snapd/pull/2726 for the required changes to the core-support interface.

Name of the configure option is now 'service.ssh.disable' following Gustavo's suggestion.

Also note that proper documentation for this was added with https://github.com/CanonicalLtd/ubuntu-core-docs/pull/7 which now needs a change to respect the changed name.

lp:~morphis/core-snap/add-configure-hook-sshd-service updated on 2017-01-27
62. By Simon Fels on 2017-01-27

Correct configure hook implementation

63. By Simon Fels on 2017-01-27

disable with --now doesn't work well for ssh.service

64. By Simon Fels on 2017-01-27

Only enable/disable when really needed

Michael Vogt (mvo) wrote :

Some nitpick

lp:~morphis/core-snap/add-configure-hook-sshd-service updated on 2017-01-27
65. By Simon Fels on 2017-01-27

Rework logic again

66. By Simon Fels on 2017-01-27

Don't do anything when no value is set

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== added directory 'hooks'
2=== added file 'hooks/configure'
3--- hooks/configure 1970-01-01 00:00:00 +0000
4+++ hooks/configure 2017-01-27 16:22:54 +0000
5@@ -0,0 +1,47 @@
6+#!/bin/sh -e
7+#
8+# Copyright (C) 2017 Canonical Ltd
9+#
10+# This program is free software: you can redistribute it and/or modify
11+# it under the terms of the GNU General Public License version 3 as
12+# published by the Free Software Foundation.
13+#
14+# This program is distributed in the hope that it will be useful,
15+# but WITHOUT ANY WARRANTY; without even the implied warranty of
16+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17+# GNU General Public License for more details.
18+#
19+# You should have received a copy of the GNU General Public License
20+# along with this program. If not, see <http://www.gnu.org/licenses/>.
21+
22+switch_service_ssh() {
23+ case "$1" in
24+ false)
25+ # When the unit is already enabled but not active a call with
26+ # --now does start the unit so we have to check for that case
27+ # and explicitly start the unit.
28+ if [ "$(systemctl is-enabled ssh.service)" = "disabled" ]; then
29+ systemctl enable ssh.service
30+ fi
31+ if [ "$(systemctl is-active ssh.service)" = "inactive" ]; then
32+ systemctl start ssh.service
33+ fi
34+ ;;
35+ true)
36+ # A simple `systemctl disable --now ssh.service` doesn't work
37+ # and fails with an error message. Because of that we're going
38+ # in two steps here and disable first and then stopping the
39+ # service unit.
40+ systemctl disable ssh.service
41+ systemctl stop ssh.service
42+ ;;
43+ *)
44+ echo "ERROR: Invalid value '$1' provided for option service.ssh.disable"
45+ exit 1
46+ esac
47+}
48+
49+value=$(snapctl get service.ssh.disable)
50+if [ -n "$value" ]; then
51+ switch_service_ssh $value
52+fi
53
54=== modified file 'snapcraft.yaml'
55--- snapcraft.yaml 2016-10-04 16:29:23 +0000
56+++ snapcraft.yaml 2017-01-27 16:22:54 +0000
57@@ -6,7 +6,18 @@
58 type: os
59 grade: stable
60
61+hooks:
62+ configure:
63+ plugs:
64+ - core-support
65+
66 parts:
67+ hooks:
68+ plugin: dump
69+ source: hooks
70+ organize:
71+ configure: meta/hooks/configure
72+
73 livebuild:
74 source: .
75 plugin: make

Subscribers

People subscribed via source and target branches

to all changes: