glenux-archive/vagrant-lxc-base-boxes
glenux-archive/vagrant-lxc-base-boxes
1
0
Fork 0
mirror of https://github.com/hsoft/vagrant-lxc-base-boxes synced 2024-04-29 10:18:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Unprivileged box creation: first step

Browse source 
I've been hacking my way through building vagrant boxes in unprivileged
containers. It works. Barely but it works. I can end up with a
functional vagrant box with `make stretch`.

The only place where I need `sudo` is when we tar up the root fs because
it doesn't belong to the same UID.
This commit is contained in:
Virgil Dupras 2018-04-14 23:30:48 -04:00
parent 52b850c187
commit bc8b070565
9 changed files with 241 additions and 300 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
Makefile
View file

@ -1,7 +1,7 @@
UBUNTU_BOXES= precise quantal raring saucy trusty utopic vivid wily xenial
DEBIAN_BOXES= squeeze wheezy jessie stretch sid
CENTOS_BOXES= 6 7
FEDORA_BOXES= rawhide 23 22 21 20 19
UBUNTU_BOXES= xenial
DEBIAN_BOXES= jessie stretch sid
CENTOS_BOXES= 7
FEDORA_BOXES= rawhide 23
TODAY=$(shell date -u +"%Y-%m-%d")
# Replace i686 with i386 and x86_64 with amd64
@ -21,38 +21,38 @@ $(UBUNTU_BOXES): CONTAINER = "vagrant-base-${@}-$(ARCH)"
$(UBUNTU_BOXES): PACKAGE = "output/${TODAY}/vagrant-lxc-${@}-$(ARCH).box"
$(UBUNTU_BOXES):
@mkdir -p $$(dirname $(PACKAGE))
@sudo -E ./mk-debian.sh ubuntu $(@) $(ARCH) $(CONTAINER) $(PACKAGE)
@sudo chmod +rw $(PACKAGE)
@sudo chown ${USER}: $(PACKAGE)
@./mk-debian.sh ubuntu $(@) $(ARCH) $(CONTAINER) $(PACKAGE)
@chmod +rw $(PACKAGE)
@chown ${USER}: $(PACKAGE)
$(DEBIAN_BOXES): CONTAINER = "vagrant-base-${@}-$(ARCH)"
$(DEBIAN_BOXES): PACKAGE = "output/${TODAY}/vagrant-lxc-${@}-$(ARCH).box"
$(DEBIAN_BOXES):
@mkdir -p $$(dirname $(PACKAGE))
@sudo -E ./mk-debian.sh debian $(@) $(ARCH) $(CONTAINER) $(PACKAGE)
@sudo chmod +rw $(PACKAGE)
@sudo chown ${USER}: $(PACKAGE)
@./mk-debian.sh debian $(@) $(ARCH) $(CONTAINER) $(PACKAGE)
@chmod +rw $(PACKAGE)
@chown ${USER}: $(PACKAGE)
$(CENTOS_BOXES): CONTAINER = "vagrant-base-centos-${@}-$(ARCH)"
$(CENTOS_BOXES): PACKAGE = "output/${TODAY}/vagrant-lxc-centos-${@}-$(ARCH).box"
$(CENTOS_BOXES):
@mkdir -p $$(dirname $(PACKAGE))
@sudo -E ./mk-centos.sh $(@) $(ARCH) $(CONTAINER) $(PACKAGE)
@sudo chmod +rw $(PACKAGE)
@sudo chown ${USER}: $(PACKAGE)
@./mk-centos.sh $(@) $(ARCH) $(CONTAINER) $(PACKAGE)
@chmod +rw $(PACKAGE)
@chown ${USER}: $(PACKAGE)
$(FEDORA_BOXES): CONTAINER = "vagrant-base-fedora-${@}-$(ARCH)"
$(FEDORA_BOXES): PACKAGE = "output/${TODAY}/vagrant-lxc-fedora-${@}-$(ARCH).box"
$(FEDORA_BOXES):
@mkdir -p $$(dirname $(PACKAGE))
@sudo -E ./mk-fedora.sh $(@) $(ARCH) $(CONTAINER) $(PACKAGE)
@sudo chmod +rw $(PACKAGE)
@sudo chown ${USER}: $(PACKAGE)
@./mk-fedora.sh $(@) $(ARCH) $(CONTAINER) $(PACKAGE)
@chmod +rw $(PACKAGE)
@chown ${USER}: $(PACKAGE)
acceptance: CONTAINER = "vagrant-base-acceptance-$(ARCH)"
acceptance: PACKAGE = "output/${TODAY}/vagrant-lxc-acceptance-$(ARCH).box"
acceptance:
@mkdir -p $$(dirname $(PACKAGE))
@PUPPET=1 CHEF=1 sudo -E ./mk-debian.sh ubuntu precise $(ARCH) $(CONTAINER) $(PACKAGE)
@sudo chmod +rw $(PACKAGE)
@sudo chown ${USER}: $(PACKAGE)
@PUPPET=1 CHEF=1 ./mk-debian.sh ubuntu precise $(ARCH) $(CONTAINER) $(PACKAGE)
@chmod +rw $(PACKAGE)
@chown ${USER}: $(PACKAGE)
release:
@test -z '$(version)' && echo 'version parameter not provided to `make`!' && exit 1 || return 0
@ -63,7 +63,7 @@ release:
clean: ALL_BOXES = ${DEBIAN_BOXES} ${UBUNTU_BOXES} ${CENTOS_BOXES} ${FEDORA_BOXES} acceptance
clean:
@for r in $(ALL_BOXES); do \
sudo -E ./clean.sh $${r}\
./clean.sh $${r}\
vagrant-base-$${r}-$(ARCH) \
output/${TODAY}/vagrant-lxc-$${r}-$(ARCH).box; \
done

58
common/download.sh
View file

@ -26,48 +26,20 @@ fi
# If we got to this point, we need to create the container
log "Creating container..."
if [ $RELEASE = 'raring' ] || [ $RELEASE = 'wily' ] || [ $RELEASE = 'xenial' ]; then
utils.lxc.create -t ubuntu -- \
--release ${RELEASE} \
--arch ${ARCH}
elif [ $RELEASE = 'squeeze' ] || [ $RELEASE = 'wheezy' ]; then
utils.lxc.create -t debian -- \
--release ${RELEASE} \
--arch ${ARCH}
elif [ ${DISTRIBUTION} = 'fedora' ] && [ "${RELEASE}" = 'rawhide' ]; then
ARCH=$(echo ${ARCH} | sed -e "s/38/68/" | sed -e "s/amd64/x86_64/")
utils.lxc.create -t fedora --\
--release ${RELEASE} \
--arch ${ARCH}
elif [ ${DISTRIBUTION} = 'fedora' ] && [ ${RELEASE} -ge 21 ]; then
ARCH=$(echo ${ARCH} | sed -e "s/38/68/" | sed -e "s/amd64/x86_64/")
utils.lxc.create -t fedora --\
--release ${RELEASE} \
--arch ${ARCH}
else
utils.lxc.create -t download -- \
--dist ${DISTRIBUTION} \
--release ${RELEASE} \
--arch ${ARCH}
fi
if [ ${DISTRIBUTION} = 'fedora' ] ||\
[ ${DISTRIBUTION} = 'ubuntu' -a ${RELEASE} = 'wily' ] ||\
[ ${DISTRIBUTION} = 'debian' -a ${RELEASE} = 'jessie' ] ||\
[ ${DISTRIBUTION} = 'debian' -a ${RELEASE} = 'stretch' ]
then
# Improve systemd support:
# - The fedora template does it but the fedora images from the download
# template apparently don't.
# - The debian template does it but the debian image from the download
# template apparently not.
utils.lxc.stop
echo >> /var/lib/lxc/${CONTAINER}/config
echo "# settings for systemd with PID 1:" >> /var/lib/lxc/${CONTAINER}/config
echo "lxc.kmsg = 0" >> /var/lib/lxc/${CONTAINER}/config
echo "lxc.autodev = 1" >> /var/lib/lxc/${CONTAINER}/config
utils.lxc.start
utils.lxc.attach rm -f /dev/kmsg
utils.lxc.stop
fi
utils.lxc.create -t download -- \
--dist ${DISTRIBUTION} \
--release ${RELEASE} \
--arch ${ARCH}
# Improve systemd support:
# - The fedora template does it but the fedora images from the download
# template apparently don't.
# - The debian template does it but the debian image from the download
# template apparently not.
utils.lxc.stop
cfgpath="${HOME}/.local/share/lxc/${CONTAINER}/config"
echo >> ${cfgpath}
echo "# settings for systemd with PID 1:" >> ${cfgpath}
echo "lxc.autodev = 1" >> ${cfgpath}
log "Container created!"

8
common/package.sh
View file

@ -7,19 +7,17 @@ source common/ui.sh
info "Packaging '${CONTAINER}' to '${PACKAGE}'..."
debug 'Stopping container'
lxc-stop -n ${CONTAINER} &>/dev/null || true
if [ -f ${WORKING_DIR}/rootfs.tar.gz ]; then
log "Removing previous rootfs tarball"
rm -f ${WORKING_DIR}/rootfs.tar.gz
fi
log "Compressing container's rootfs"
log "Compressing container's rootfs (sudo needed)"
pushd $(dirname ${ROOTFS}) &>>${LOG}
tar --numeric-owner --anchored --exclude=./rootfs/dev/log -czf \
sudo tar --numeric-owner --anchored --exclude=./rootfs/dev/log -czf \
${WORKING_DIR}/rootfs.tar.gz ./rootfs/*
popd &>>${LOG}
sudo chown ${UID} ${WORKING_DIR}/rootfs.tar.gz
# Prepare package contents
log 'Preparing box package contents'

72
common/prepare-vagrant-user.sh
View file

@ -1,57 +1,49 @@
#!/bin/bash
set -e
source common/ui.sh
source /etc/profile
source /envdump
export VAGRANT_KEY="ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key"
info "Preparing vagrant user..."
# Create vagrant user
if $(grep -q 'vagrant' ${ROOTFS}/etc/shadow); then
log 'Skipping vagrant user creation'
elif $(grep -q 'ubuntu' ${ROOTFS}/etc/shadow); then
debug 'vagrant user does not exist, renaming ubuntu user...'
mv ${ROOTFS}/home/{ubuntu,vagrant}
chroot ${ROOTFS} usermod -l vagrant -d /home/vagrant ubuntu &>> ${LOG}
chroot ${ROOTFS} groupmod -n vagrant ubuntu &>> ${LOG}
echo -n 'vagrant:vagrant' | chroot ${ROOTFS} chpasswd
log 'Renamed ubuntu user to vagrant and changed password.'
if $(grep -q 'vagrant' /etc/shadow); then
echo 'Skipping vagrant user creation'
elif $(grep -q 'ubuntu' /etc/shadow); then
echo 'vagrant user does not exist, renaming ubuntu user...'
mv /home/{ubuntu,vagrant}
usermod -l vagrant -d /home/vagrant ubuntu
groupmod -n vagrant ubuntu
echo -n 'vagrant:vagrant' | chpasswd
echo 'Renamed ubuntu user to vagrant and changed password.'
elif [ ${DISTRIBUTION} = 'centos' -o ${DISTRIBUTION} = 'fedora' ]; then
debug 'Creating vagrant user...'
chroot ${ROOTFS} useradd --create-home -s /bin/bash -u 1000 vagrant &>> ${LOG}
echo -n 'vagrant:vagrant' | chroot ${ROOTFS} chpasswd
sed -i 's/^Defaults\s\+requiretty/# Defaults requiretty/' $ROOTFS/etc/sudoers
if [ ${RELEASE} -eq 6 ]; then
info 'Disabling password aging for root...'
# disable password aging (required on Centos 6)
# pretend that password was changed today (won't fail during provisioning)
chroot ${ROOTFS} chage -I -1 -m 0 -M 99999 -E -1 -d `date +%Y-%m-%d` root
fi
echo 'Creating vagrant user...'
useradd --create-home -s /bin/bash -u 1000 vagrant
echo -n 'vagrant:vagrant' | chpasswd
sed -i 's/^Defaults\s\+requiretty/# Defaults requiretty/' /etc/sudoers
else
debug 'Creating vagrant user...'
chroot ${ROOTFS} useradd --create-home -s /bin/bash vagrant &>> ${LOG}
chroot ${ROOTFS} adduser vagrant sudo &>> ${LOG}
echo -n 'vagrant:vagrant' | chroot ${ROOTFS} chpasswd
echo 'Creating vagrant user...'
useradd --create-home -s /bin/bash vagrant
adduser vagrant sudo
echo -n 'vagrant:vagrant' | chpasswd
fi
# Configure SSH access
if [ -d ${ROOTFS}/home/vagrant/.ssh ]; then
log 'Skipping vagrant SSH credentials configuration'
if [ -d /home/vagrant/.ssh ]; then
echo 'Skipping vagrant SSH credentials configuration'
else
debug 'SSH key has not been set'
mkdir -p ${ROOTFS}/home/vagrant/.ssh
echo $VAGRANT_KEY > ${ROOTFS}/home/vagrant/.ssh/authorized_keys
chroot ${ROOTFS} chown -R vagrant: /home/vagrant/.ssh
log 'SSH credentials configured for the vagrant user.'
echo 'SSH key has not been set'
mkdir -p /home/vagrant/.ssh
echo $VAGRANT_KEY > /home/vagrant/.ssh/authorized_keys
chown -R vagrant: /home/vagrant/.ssh
echo 'SSH credentials configured for the vagrant user.'
fi
# Enable passwordless sudo for the vagrant user
if [ -f ${ROOTFS}/etc/sudoers.d/vagrant ]; then
log 'Skipping sudoers file creation.'
if [ -f /etc/sudoers.d/vagrant ]; then
echo 'Skipping sudoers file creation.'
else
debug 'Sudoers file was not found'
echo "vagrant ALL=(ALL) NOPASSWD:ALL" > ${ROOTFS}/etc/sudoers.d/vagrant
chmod 0440 ${ROOTFS}/etc/sudoers.d/vagrant
log 'Sudoers file created.'
echo 'Sudoers file was not found'
echo "vagrant ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/vagrant
chmod 0440 /etc/sudoers.d/vagrant
echo 'Sudoers file created.'
fi

10
common/utils.sh
View file

@ -6,6 +6,16 @@ utils.lxc.attach() {
(lxc-attach -n ${CONTAINER} -- $cmd) &>> ${LOG}
}
utils.lxc.pipetofile() {
log "Sending piped content inside '${CONTAINER}' at $1 ..."
lxc-attach -n ${CONTAINER} -- /bin/bash -c "tee $1 > /dev/null" &>> ${LOG}
}
utils.lxc.runscript() {
cat $1 | utils.lxc.pipetofile /script.sh
utils.lxc.attach /bin/bash /script.sh
}
utils.lxc.start() {
lxc-start -d -n ${CONTAINER} &>> ${LOG} || true
}

20
debian/clean.sh vendored
View file

@ -1,19 +1,15 @@
#!/bin/bash
set -e
source common/ui.sh
source common/utils.sh
echo "Cleaning up"
debug 'Bringing container up'
utils.lxc.start
rm /envdump /script.sh
info "Cleaning up '${CONTAINER}'..."
echo 'Removing temporary files...'
rm -rf /tmp/*
log 'Removing temporary files...'
rm -rf ${ROOTFS}/tmp/*
echo 'cleaning up dhcp leases'
rm -f /var/lib/dhcp/*
log 'cleaning up dhcp leases'
rm -f ${ROOTFS}/var/lib/dhcp/*
log 'Removing downloaded packages...'
utils.lxc.attach apt-get clean
echo 'Removing downloaded packages...'
apt-get clean

242
debian/install-extras.sh vendored
View file

@ -1,36 +1,22 @@
#!/bin/bash
set -e
source common/ui.sh
source common/utils.sh
source /etc/profile
source /envdump
info 'Installing extra packages and upgrading'
debug 'Bringing container up'
utils.lxc.start
# Sleep for a bit so that the container can get an IP
SECS=15
log "Sleeping for $SECS seconds..."
sleep $SECS
echo 'Installing extra packages and upgrading'
PACKAGES=(vim curl wget man-db openssh-server bash-completion ca-certificates sudo)
log "Installing additional packages: ${ADDPACKAGES}"
echo "Installing additional packages: ${ADDPACKAGES}"
PACKAGES+=" ${ADDPACKAGES}"
if [ $DISTRIBUTION = 'ubuntu' ]; then
PACKAGES+=' software-properties-common'
fi
if [ $RELEASE != 'raring' ] && [ $RELEASE != 'saucy' ] && [ $RELEASE != 'trusty' ] && [ $RELEASE != 'wily' ] ; then
PACKAGES+=' nfs-common'
fi
if [ $RELEASE != 'stretch' ] ; then
PACKAGES+=' python-software-properties'
fi
utils.lxc.attach apt-get update
utils.lxc.attach apt-get install ${PACKAGES[*]} -y --force-yes
utils.lxc.attach apt-get upgrade -y --force-yes
apt-get update
apt-get install ${PACKAGES[*]} -y --force-yes
apt-get upgrade -y --force-yes
ANSIBLE=${ANSIBLE:-0}
CHEF=${CHEF:-0}
@ -41,118 +27,118 @@ BABUSHKA=${BABUSHKA:-0}
if [ $DISTRIBUTION = 'debian' ]; then
# Enable bash-completion
sed -e '/^#if ! shopt -oq posix; then/,/^#fi/ s/^#\(.*\)/\1/g' \
-i ${ROOTFS}/etc/bash.bashrc
-i /etc/bash.bashrc
fi
if [ $ANSIBLE = 1 ]; then
if $(lxc-attach -n ${CONTAINER} -- which ansible &>/dev/null); then
log "Ansible has been installed on container, skipping"
else
info "Installing Ansible"
cp debian/install-ansible.sh ${ROOTFS}/tmp/ && chmod +x ${ROOTFS}/tmp/install-ansible.sh
utils.lxc.attach /tmp/install-ansible.sh &>>${LOG}
fi
else
log "Skipping Ansible installation"
fi
#if [ $ANSIBLE = 1 ]; then
# if $(lxc-attach -n ${CONTAINER} -- which ansible &>/dev/null); then
# log "Ansible has been installed on container, skipping"
# else
# info "Installing Ansible"
# cp debian/install-ansible.sh ${ROOTFS}/tmp/ && chmod +x ${ROOTFS}/tmp/install-ansible.sh
# utils.lxc.attach /tmp/install-ansible.sh &>>${LOG}
# fi
#else
# log "Skipping Ansible installation"
#fi
if [ $CHEF = 1 ]; then
if $(lxc-attach -n ${CONTAINER} -- which chef-solo &>/dev/null); then
log "Chef has been installed on container, skipping"
else
log "Installing Chef"
cat > ${ROOTFS}/tmp/install-chef.sh << EOF
#!/bin/sh
curl -L https://www.opscode.com/chef/install.sh -k | sudo bash
EOF
chmod +x ${ROOTFS}/tmp/install-chef.sh
utils.lxc.attach /tmp/install-chef.sh
fi
else
log "Skipping Chef installation"
fi
#if [ $CHEF = 1 ]; then
# if $(lxc-attach -n ${CONTAINER} -- which chef-solo &>/dev/null); then
# log "Chef has been installed on container, skipping"
# else
# log "Installing Chef"
# cat > ${ROOTFS}/tmp/install-chef.sh << EOF
##!/bin/sh
#curl -L https://www.opscode.com/chef/install.sh -k | sudo bash
#EOF
# chmod +x ${ROOTFS}/tmp/install-chef.sh
# utils.lxc.attach /tmp/install-chef.sh
# fi
#else
# log "Skipping Chef installation"
#fi
if [ $PUPPET = 1 ]; then
if $(lxc-attach -n ${CONTAINER} -- which puppet &>/dev/null); then
log "Puppet has been installed on container, skipping"
elif [ ${RELEASE} = 'sid' ]; then
warn "Puppet can't be installed on Debian sid, skipping"
else
log "Installing Puppet"
wget http://apt.puppetlabs.com/puppetlabs-release-${RELEASE}.deb -O "${ROOTFS}/tmp/puppetlabs-release-stable.deb" &>>${LOG}
utils.lxc.attach dpkg -i "/tmp/puppetlabs-release-stable.deb"
utils.lxc.attach apt-get update
utils.lxc.attach apt-get install puppet -y --force-yes
fi
else
log "Skipping Puppet installation"
fi
#if [ $PUPPET = 1 ]; then
# if $(lxc-attach -n ${CONTAINER} -- which puppet &>/dev/null); then
# log "Puppet has been installed on container, skipping"
# elif [ ${RELEASE} = 'sid' ]; then
# warn "Puppet can't be installed on Debian sid, skipping"
# else
# log "Installing Puppet"
# wget http://apt.puppetlabs.com/puppetlabs-release-${RELEASE}.deb -O "${ROOTFS}/tmp/puppetlabs-release-stable.deb" &>>${LOG}
# utils.lxc.attach dpkg -i "/tmp/puppetlabs-release-stable.deb"
# utils.lxc.attach apt-get update
# utils.lxc.attach apt-get install puppet -y --force-yes
# fi
#else
# log "Skipping Puppet installation"
#fi
if [ $SALT = 1 ]; then
if $(lxc-attach -n ${CONTAINER} -- which salt-minion &>/dev/null); then
log "Salt has been installed on container, skipping"
elif [ ${RELEASE} = 'raring' ]; then
warn "Salt can't be installed on Ubuntu Raring 13.04, skipping"
else
if [ $DISTRIBUTION = 'ubuntu' ]; then
if [ $RELEASE = 'precise' ] || [ $RELEASE = 'trusty' ] || [ $RELEASE = 'xenial' ] ; then
# For LTS releases we use packages from repo.saltstack.com
if [ $RELEASE = 'precise' ]; then
SALT_SOURCE_1="deb http://repo.saltstack.com/apt/ubuntu/12.04/amd64/latest precise main"
SALT_GPG_KEY="https://repo.saltstack.com/apt/ubuntu/12.04/amd64/latest/SALTSTACK-GPG-KEY.pub"
elif [ $RELEASE = 'trusty' ]; then
SALT_SOURCE_1="deb http://repo.saltstack.com/apt/ubuntu/14.04/amd64/latest trusty main"
SALT_GPG_KEY="https://repo.saltstack.com/apt/ubuntu/14.04/amd64/latest/SALTSTACK-GPG-KEY.pub"
elif [ $RELEASE = 'xenial' ]; then
SALT_SOURCE_1="deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest xenial main"
SALT_GPG_KEY="https://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest/SALTSTACK-GPG-KEY.pub"
fi
echo $SALT_SOURCE_1 > ${ROOTFS}/etc/apt/sources.list.d/saltstack.list
#if [ $SALT = 1 ]; then
# if $(lxc-attach -n ${CONTAINER} -- which salt-minion &>/dev/null); then
# log "Salt has been installed on container, skipping"
# elif [ ${RELEASE} = 'raring' ]; then
# warn "Salt can't be installed on Ubuntu Raring 13.04, skipping"
# else
# if [ $DISTRIBUTION = 'ubuntu' ]; then
# if [ $RELEASE = 'precise' ] || [ $RELEASE = 'trusty' ] || [ $RELEASE = 'xenial' ] ; then
# # For LTS releases we use packages from repo.saltstack.com
# if [ $RELEASE = 'precise' ]; then
# SALT_SOURCE_1="deb http://repo.saltstack.com/apt/ubuntu/12.04/amd64/latest precise main"
# SALT_GPG_KEY="https://repo.saltstack.com/apt/ubuntu/12.04/amd64/latest/SALTSTACK-GPG-KEY.pub"
# elif [ $RELEASE = 'trusty' ]; then
# SALT_SOURCE_1="deb http://repo.saltstack.com/apt/ubuntu/14.04/amd64/latest trusty main"
# SALT_GPG_KEY="https://repo.saltstack.com/apt/ubuntu/14.04/amd64/latest/SALTSTACK-GPG-KEY.pub"
# elif [ $RELEASE = 'xenial' ]; then
# SALT_SOURCE_1="deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest xenial main"
# SALT_GPG_KEY="https://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest/SALTSTACK-GPG-KEY.pub"
# fi
# echo $SALT_SOURCE_1 > ${ROOTFS}/etc/apt/sources.list.d/saltstack.list
utils.lxc.attach wget -q -O /tmp/salt.key $SALT_GPG_KEY
utils.lxc.attach apt-key add /tmp/salt.key
elif [ $RELEASE = 'quantal' ] || [ $RELEASE = 'saucy' ] ; then
utils.lxc.attach add-apt-repository -y ppa:saltstack/salt
fi
# For Utopic, Vivid and Wily releases use system packages
else # DEBIAN
if [ $RELEASE == "squeeze" ]; then
SALT_SOURCE_1="deb http://debian.saltstack.com/debian squeeze-saltstack main"
SALT_SOURCE_2="deb http://backports.debian.org/debian-backports squeeze-backports main contrib non-free"
elif [ $RELEASE == "wheezy" ]; then
SALT_SOURCE_1="deb http://repo.saltstack.com/apt/debian/7/amd64/latest wheezy main"
elif [ $RELEASE == "jessie" ]; then
SALT_SOURCE_1="deb http://repo.saltstack.com/apt/debian/8/amd64/latest jessie main"
else
SALT_SOURCE_1="deb http://debian.saltstack.com/debian unstable main"
fi
echo $SALT_SOURCE_1 > ${ROOTFS}/etc/apt/sources.list.d/saltstack.list
echo $SALT_SOURCE_2 >> ${ROOTFS}/etc/apt/sources.list.d/saltstack.list
# utils.lxc.attach wget -q -O /tmp/salt.key $SALT_GPG_KEY
# utils.lxc.attach apt-key add /tmp/salt.key
# elif [ $RELEASE = 'quantal' ] || [ $RELEASE = 'saucy' ] ; then
# utils.lxc.attach add-apt-repository -y ppa:saltstack/salt
# fi
# # For Utopic, Vivid and Wily releases use system packages
# else # DEBIAN
# if [ $RELEASE == "squeeze" ]; then
# SALT_SOURCE_1="deb http://debian.saltstack.com/debian squeeze-saltstack main"
# SALT_SOURCE_2="deb http://backports.debian.org/debian-backports squeeze-backports main contrib non-free"
# elif [ $RELEASE == "wheezy" ]; then
# SALT_SOURCE_1="deb http://repo.saltstack.com/apt/debian/7/amd64/latest wheezy main"
# elif [ $RELEASE == "jessie" ]; then
# SALT_SOURCE_1="deb http://repo.saltstack.com/apt/debian/8/amd64/latest jessie main"
# else
# SALT_SOURCE_1="deb http://debian.saltstack.com/debian unstable main"
# fi
# echo $SALT_SOURCE_1 > ${ROOTFS}/etc/apt/sources.list.d/saltstack.list
# echo $SALT_SOURCE_2 >> ${ROOTFS}/etc/apt/sources.list.d/saltstack.list
utils.lxc.attach wget -q -O /tmp/salt.key "https://repo.saltstack.com/apt/debian/8/amd64/latest/SALTSTACK-GPG-KEY.pub"
utils.lxc.attach apt-key add /tmp/salt.key
fi
utils.lxc.attach apt-get update
utils.lxc.attach apt-get install salt-minion -y --force-yes
fi
else
log "Skipping Salt installation"
fi
# utils.lxc.attach wget -q -O /tmp/salt.key "https://repo.saltstack.com/apt/debian/8/amd64/latest/SALTSTACK-GPG-KEY.pub"
# utils.lxc.attach apt-key add /tmp/salt.key
# fi
# utils.lxc.attach apt-get update
# utils.lxc.attach apt-get install salt-minion -y --force-yes
# fi
#else
# log "Skipping Salt installation"
#fi
if [ $BABUSHKA = 1 ]; then
if $(lxc-attach -n ${CONTAINER} -- which babushka &>/dev/null); then
log "Babushka has been installed on container, skipping"
elif [ ${RELEASE} = 'trusty' ]; then
warn "Babushka can't be installed on Ubuntu Trusty 14.04, skipping"
else
log "Installing Babushka"
cat > $ROOTFS/tmp/install-babushka.sh << EOF
#!/bin/sh
curl https://babushka.me/up | sudo bash
EOF
chmod +x $ROOTFS/tmp/install-babushka.sh
utils.lxc.attach /tmp/install-babushka.sh
fi
else
log "Skipping Babushka installation"
fi
#if [ $BABUSHKA = 1 ]; then
# if $(lxc-attach -n ${CONTAINER} -- which babushka &>/dev/null); then
# log "Babushka has been installed on container, skipping"
# elif [ ${RELEASE} = 'trusty' ]; then
# warn "Babushka can't be installed on Ubuntu Trusty 14.04, skipping"
# else
# log "Installing Babushka"
# cat > $ROOTFS/tmp/install-babushka.sh << EOF
##!/bin/sh
#curl https://babushka.me/up | sudo bash
#EOF
# chmod +x $ROOTFS/tmp/install-babushka.sh
# utils.lxc.attach /tmp/install-babushka.sh
# fi
#else
# log "Skipping Babushka installation"
#fi

62
debian/vagrant-lxc-fixes.sh vendored
View file

@ -1,52 +1,34 @@
#!/bin/bash
set -e
source common/ui.sh
source common/utils.sh
source /etc/profile
source /envdump
# Fixes some networking issues
# See https://github.com/fgrehm/vagrant-lxc/issues/91 for more info
if ! $(grep -q 'ip6-allhosts' ${ROOTFS}/etc/hosts); then
log "Adding ipv6 allhosts entry to container's /etc/hosts"
echo 'ff02::3 ip6-allhosts' >> ${ROOTFS}/etc/hosts
if ! $(grep -q 'ip6-allhosts' /etc/hosts); then
echo 'ff02::3 ip6-allhosts' >> /etc/hosts
fi
utils.lxc.start
# Ensure locales are properly set, based on http://askubuntu.com/a/238063
LANG=${LANG:-en_US.UTF-8}
sed -i "s/^# ${LANG}/${LANG}/" /etc/locale.gen
if [ ${DISTRIBUTION} = 'debian' ]; then
# Ensure locales are properly set, based on http://askubuntu.com/a/238063
LANG=${LANG:-en_US.UTF-8}
sed -i "s/^# ${LANG}/${LANG}/" ${ROOTFS}/etc/locale.gen
# Fixes some networking issues
# See https://github.com/fgrehm/vagrant-lxc/issues/91 for more info
sed -i -e "s/\(127.0.0.1\s\+localhost\)/\1\n127.0.1.1\t${CONTAINER}\n/g" /etc/hosts
# Fixes some networking issues
# See https://github.com/fgrehm/vagrant-lxc/issues/91 for more info
sed -i -e "s/\(127.0.0.1\s\+localhost\)/\1\n127.0.1.1\t${CONTAINER}\n/g" ${ROOTFS}/etc/hosts
# Fixes for jessie, following the guide from
# https://wiki.debian.org/LXC#Incompatibility_with_systemd
if [ "$RELEASE" = 'jessie' ] || [ "$RELEASE" = 'stretch' ]; then
# Reconfigure the LXC
cp /lib/systemd/system/getty@.service /etc/systemd/system/getty@.service
# Comment out ConditionPathExists
sed -i -e 's/\(ConditionPathExists=\)/# \n# \1/' \
"/etc/systemd/system/getty@.service"
# Ensures that `/tmp` does not get cleared on halt
# See https://github.com/fgrehm/vagrant-lxc/issues/68 for more info
utils.lxc.attach /usr/sbin/update-rc.d -f checkroot-bootclean.sh remove
utils.lxc.attach /usr/sbin/update-rc.d -f mountall-bootclean.sh remove
utils.lxc.attach /usr/sbin/update-rc.d -f mountnfs-bootclean.sh remove
# Fixes for jessie, following the guide from
# https://wiki.debian.org/LXC#Incompatibility_with_systemd
if [ "$RELEASE" = 'jessie' ] || [ "$RELEASE" = 'stretch' ]; then
# Reconfigure the LXC
utils.lxc.attach /bin/cp \
/lib/systemd/system/getty@.service \
/etc/systemd/system/getty@.service
# Comment out ConditionPathExists
sed -i -e 's/\(ConditionPathExists=\)/# \n# \1/' \
"${ROOTFS}/etc/systemd/system/getty@.service"
# Mask udev.service and systemd-udevd.service:
utils.lxc.attach /bin/systemctl mask udev.service systemd-udevd.service
fi
# Mask udev.service and systemd-udevd.service:
systemctl mask udev.service systemd-udevd.service
fi
utils.lxc.attach /usr/sbin/locale-gen ${LANG}
utils.lxc.attach update-locale LANG=${LANG}
# Fix to allow bindfs
utils.lxc.attach ln -sf /bin/true /sbin/modprobe
utils.lxc.attach mknod -m 666 /dev/fuse c 10 229
locale-gen ${LANG}
update-locale LANG=${LANG}

29
mk-debian.sh
View file

@ -2,11 +2,7 @@
set -e
source common/ui.sh
if [ "$(id -u)" != "0" ]; then
echo "You should run this script as root (sudo)."
exit 1
fi
source common/utils.sh
export DISTRIBUTION=$1
export RELEASE=$2
@ -14,7 +10,7 @@ export ARCH=$3
export CONTAINER=$4
export PACKAGE=$5
export ADDPACKAGES=${ADDPACKAGES-$(cat ${RELEASE}_packages | tr "\n" " ")}
export ROOTFS="/var/lib/lxc/${CONTAINER}/rootfs"
export ROOTFS="${HOME}/.local/share/lxc/${CONTAINER}/rootfs"
export WORKING_DIR="/tmp/${CONTAINER}"
export NOW=$(date -u)
export LOG=$(readlink -f .)/log/${CONTAINER}.log
@ -37,12 +33,21 @@ mkdir -p ${WORKING_DIR}
info "Building box to '${PACKAGE}'..."
./common/download.sh ${DISTRIBUTION} ${RELEASE} ${ARCH} ${CONTAINER}
./debian/vagrant-lxc-fixes.sh ${DISTRIBUTION} ${RELEASE} ${ARCH} ${CONTAINER}
./debian/install-extras.sh ${CONTAINER}
./common/prepare-vagrant-user.sh ${DISTRIBUTION} ${CONTAINER}
./debian/clean.sh ${CONTAINER}
./common/package.sh ${CONTAINER} ${PACKAGE}
utils.lxc.start
SECS=15
log "Sleeping for $SECS seconds..."
sleep $SECS
printenv | grep "^\(DISTRIBUTION\|RELEASE\|CONTAINER\|LANG\)=" | utils.lxc.pipetofile /envdump
utils.lxc.runscript debian/vagrant-lxc-fixes.sh
utils.lxc.runscript debian/install-extras.sh
utils.lxc.runscript common/prepare-vagrant-user.sh
utils.lxc.runscript debian/clean.sh
utils.lxc.stop
./common/package.sh
info "Finished building '${PACKAGE}'!"
log "Run \`sudo lxc-destroy -n ${CONTAINER}\` or \`make clean\` to remove the container that was created along the way"
log "Run \`lxc-destroy -n ${CONTAINER}\` or \`make clean\` to remove the container that was created along the way"
echo