glenux-archive/vagrant-lxc-base-boxes
glenux-archive/vagrant-lxc-base-boxes
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: glenux-archive:master
Branches Tags
glenux-archive:master
glenux-archive:unprivileged
glenux-archive:obnox-wip
glenux-archive:pr-readme
glenux-archive:v1.0.0-centos-6
glenux-archive:v1.2.0
glenux-archive:v1.1.0
..
compare: glenux-archive:unprivileged
Branches Tags
glenux-archive:master
glenux-archive:unprivileged
glenux-archive:obnox-wip
glenux-archive:pr-readme
glenux-archive:v1.0.0-centos-6
glenux-archive:v1.2.0
glenux-archive:v1.1.0

4 commits
master ... unprivileg

Author SHA1 Message Date
Virgil Dupras
466f627852 Fix gentoo 
It didn't work from within vagrant. Now it does.
 2018-04-15 20:24:19 -04:00
Virgil Dupras
04b8dfe1dc Add mk-gentoo.sh 2018-04-15 17:01:03 -04:00
Virgil Dupras
054e462e0b debian: re-enable provisioning tools installation 2018-04-15 09:55:37 -04:00
Virgil Dupras
bc8b070565 Unprivileged box creation: first step 
I've been hacking my way through building vagrant boxes in unprivileged
containers. It works. Barely but it works. I can end up with a
functional vagrant box with `make stretch`.

The only place where I need `sudo` is when we tar up the root fs because
it doesn't belong to the same UID.
 2018-04-14 23:30:48 -04:00
25 changed files with 221 additions and 982 deletions
Show stats Expand all files Collapse all files

40
Makefile
View file

@ -1,7 +1,7 @@
UBUNTU_BOXES= trusty xenial
UBUNTU_BOXES= xenial
DEBIAN_BOXES= jessie stretch sid
CENTOS_BOXES= 7
FEDORA_BOXES= 27
FEDORA_BOXES= rawhide 23
TODAY=$(shell date -u +"%Y-%m-%d")
# Replace i686 with i386 and x86_64 with amd64
@ -21,42 +21,38 @@ $(UBUNTU_BOXES): CONTAINER = "vagrant-base-${@}-$(ARCH)"
$(UBUNTU_BOXES): PACKAGE = "output/${TODAY}/vagrant-lxc-${@}-$(ARCH).box"
$(UBUNTU_BOXES):
@mkdir -p $$(dirname $(PACKAGE))
@sudo -E ./mk-debian.sh ubuntu $(@) $(ARCH) $(CONTAINER) $(PACKAGE)
@sudo chmod +rw $(PACKAGE)
@sudo chown ${USER}: $(PACKAGE)
@./mk-debian.sh ubuntu $(@) $(ARCH) $(CONTAINER) $(PACKAGE)
@chmod +rw $(PACKAGE)
@chown ${USER}: $(PACKAGE)
$(DEBIAN_BOXES): CONTAINER = "vagrant-base-${@}-$(ARCH)"
$(DEBIAN_BOXES): PACKAGE = "output/${TODAY}/vagrant-lxc-${@}-$(ARCH).box"
$(DEBIAN_BOXES):
@mkdir -p $$(dirname $(PACKAGE))
@sudo -E ./mk-debian.sh debian $(@) $(ARCH) $(CONTAINER) $(PACKAGE)
@sudo chmod +rw $(PACKAGE)
@sudo chown ${USER}: $(PACKAGE)
@./mk-debian.sh debian $(@) $(ARCH) $(CONTAINER) $(PACKAGE)
@chmod +rw $(PACKAGE)
@chown ${USER}: $(PACKAGE)
$(CENTOS_BOXES): CONTAINER = "vagrant-base-centos-${@}-$(ARCH)"
$(CENTOS_BOXES): PACKAGE = "output/${TODAY}/vagrant-lxc-centos-${@}-$(ARCH).box"
$(CENTOS_BOXES):
@mkdir -p $$(dirname $(PACKAGE))
@sudo -E ./mk-centos.sh $(@) $(ARCH) $(CONTAINER) $(PACKAGE)
@sudo chmod +rw $(PACKAGE)
@sudo chown ${USER}: $(PACKAGE)
@./mk-centos.sh $(@) $(ARCH) $(CONTAINER) $(PACKAGE)
@chmod +rw $(PACKAGE)
@chown ${USER}: $(PACKAGE)
$(FEDORA_BOXES): CONTAINER = "vagrant-base-fedora-${@}-$(ARCH)"
$(FEDORA_BOXES): PACKAGE = "output/${TODAY}/vagrant-lxc-fedora-${@}-$(ARCH).box"
$(FEDORA_BOXES):
@mkdir -p $$(dirname $(PACKAGE))
@sudo -E ./mk-fedora.sh $(@) $(ARCH) $(CONTAINER) $(PACKAGE)
@sudo chmod +rw $(PACKAGE)
@sudo chown ${USER}: $(PACKAGE)
.PHONY: gentoo
gentoo:
@sudo -E ./mk-gentoo.sh
@./mk-fedora.sh $(@) $(ARCH) $(CONTAINER) $(PACKAGE)
@chmod +rw $(PACKAGE)
@chown ${USER}: $(PACKAGE)
acceptance: CONTAINER = "vagrant-base-acceptance-$(ARCH)"
acceptance: PACKAGE = "output/${TODAY}/vagrant-lxc-acceptance-$(ARCH).box"
acceptance:
@mkdir -p $$(dirname $(PACKAGE))
@PUPPET=1 CHEF=1 sudo -E ./mk-debian.sh ubuntu xenial $(ARCH) $(CONTAINER) $(PACKAGE)
@sudo chmod +rw $(PACKAGE)
@sudo chown ${USER}: $(PACKAGE)
@PUPPET=1 CHEF=1 ./mk-debian.sh ubuntu precise $(ARCH) $(CONTAINER) $(PACKAGE)
@chmod +rw $(PACKAGE)
@chown ${USER}: $(PACKAGE)
release:
@test -z '$(version)' && echo 'version parameter not provided to `make`!' && exit 1 || return 0
@ -67,7 +63,7 @@ release:
clean: ALL_BOXES = ${DEBIAN_BOXES} ${UBUNTU_BOXES} ${CENTOS_BOXES} ${FEDORA_BOXES} acceptance
clean:
@for r in $(ALL_BOXES); do \
sudo -E ./clean.sh $${r}\
./clean.sh $${r}\
vagrant-base-$${r}-$(ARCH) \
output/${TODAY}/vagrant-lxc-$${r}-$(ARCH).box; \
done

65
README.md
View file

@ -1,29 +1,37 @@
# vagrant-lxc base boxes
This repository contains a set of scripts for creating base boxes for usage with
[vagrant-lxc](https://github.com/fgrehm/vagrant-lxc) 1.4+.
[vagrant-lxc](https://github.com/fgrehm/vagrant-lxc) 1.0+.
## What distros / versions can I build with this?
* Ubuntu
- Precise 12.04 x86_64
- Quantal 12.10 x86_64
- Raring 13.04 x86_64
- Saucy 13.10 x86_64
- Trusty 14.04 x86_64
- Utopic 14.10 x86_64
- Vivid 15.04 x86_64
- Wily 15.10 x86_64
- Xenial 16.04 x86_64
* Debian
- Squeeze x86_64
- Wheezy x86_64
- Jessie x86_64
- Stretch x86_64
- Sid x86_64
* Fedora
- 19 x86_64
- 20 x86_64
- 21 x86_64
- 22 x86_64
- 23 x86_64
- rawhide x86_64
* CentOS
- 6 x86_64
- 7 x86_64
## Status
This is a fork of `obnoxxx/vagrant-lxc-base-boxes` which itself was a fork for
`fgrehm/vagrant-lxc-base-boxes`. The goal is to make LXC box generation work for LXC 3.0+. The
repo is not in top shape, but it works `make stretch` (which is what I use myself).
It should be easy enough for you to add support for distros you use (PR welcome).
## Building the boxes
_In order to build the boxes you need to have the `lxc-download`
@ -32,43 +40,58 @@ create one based on [this](https://github.com/lxc/lxc/blob/master/templates/lxc-
and drop it on your lxc templates path (usually `/usr/share/lxc/templates`)._
```sh
git clone https://github.com/hsoft/vagrant-lxc-base-boxes.git
git clone https://github.com/obnoxxx/vagrant-lxc-base-boxes.git
cd vagrant-lxc-base-boxes
make stretch
make precise
```
By default no provisioning tools will be included but you can pick the ones
you want by providing some environmental variables. For example:
```sh
ANSIBLE=1 PUPPET=1 CHEF=1 \
make stretch
ANSIBLE=1 PUPPET=1 CHEF=1 SALT=1 BABUSHKA=1 \
make precise
```
Will build a Debian Stretch x86_64 box with latest Ansible, Puppet and Chef pre-installed.
Will build a Ubuntu Precise x86_64 box with latest Ansible, Puppet, Chef, Salt and
Babushka pre-installed.
When using ANSIBLE=1, an optional ANSIBLE_VERSION parameter may be passed that
will specify which version of ansible to install. By default it will install
the latest Ansible.
When using ANSIBLE=1, an optional ANSIBLE_VERSION parameter may be passed that will specify which version of ansible to install. By default it will install the latest Ansible.
Additional packages to be installed can be specified with the ADDPACKAGES variable:
```sh
ADDPACKAGES="aptitude htop" \
make xenial
make trusty
```
Will build a Ubuntu Xenial x86_64 box with aptitude and htop as additional
Will build a Ubuntu Trusty x86_64 box with aptitude and htop as additional
packages pre-installed. You can also specify the packages in a file
xenial_packages.
trusty_packages.
Note: ADDPACKAGES is currently only implemented for flavors of debian.
## Pre built base boxes
There are no pre-built base boxes for this repo. You have to build them yourself.
_**NOTE:** None of the base boxes below have a provisioner pre-installed_
| Distribution | VagrantCloud box |
| ------------ | ---------------- |
| Ubuntu Precise 12.04 x86_64 | [fgrehm/precise64-lxc](https://vagrantcloud.com/fgrehm/precise64-lxc) |
| Ubuntu Trusty 14.04 x86_64 | [fgrehm/trusty64-lxc](https://vagrantcloud.com/fgrehm/trusty64-lxc) |
| Debian Wheezy 7 x86_64 | [fgrehm/wheezy64-lxc](https://vagrantcloud.com/fgrehm/wheezy64-lxc) |
| Debian Jessie 8 x86_64 | [glenux/jessie64-lxc](https://atlas.hashicorp.com/glenux/boxes/jessie64-lxc) |
| CentOS 6 x86_64 | [fgrehm/centos-6-64-lxc](https://vagrantcloud.com/fgrehm/centos-6-64-lxc) |
## What makes up for a vagrant-lxc base box?
See [vagrant-lxc/BOXES.md](https://github.com/fgrehm/vagrant-lxc/blob/master/BOXES.md)
## Known issues
* We can't get the NFS client to be installed on the containers used for building
Ubuntu 13.04 / 13.10 / 14.04 base boxes.
* Puppet can't be installed on Debian Sid
* Salt can't be installed on Ubuntu 13.04

159
build-openmandriva-box.sh
View file

@ -1,159 +0,0 @@
#!/bin/bash
# set -x
set -e
# Script used to build OpenMandriva base vagrant-lxc containers, currently limited to
# host's arch
#
# USAGE:
# $ cd boxes && sudo ./build-openmandriva-box.sh OPENMANDRIVA_RELEASE BOX_ARCH
#
# TODO: scripts for install CHEF, PUPPET, SALT, BABUSHKA
# To enable Chef or any other configuration management tool pass '1' to the
# corresponding env var:
# $ CHEF=1 sudo -E ./build-openmandriva-box.sh OPENMANDRIVA_RELEASE BOX_ARCH
# $ PUPPET=1 sudo -E ./build-openmandriva-box.sh OPENMANDRIVA_RELEASE BOX_ARCH
# $ SALT=1 sudo -E ./build-openmandriva-box.sh OPENMANDRIVA_RELEASE BOX_ARCH
# $ BABUSHKA=1 sudo -E ./build-openmandriva-box.sh OPENMANDRIVA_RELEASE BOX_ARCH
##################################################################################
# 0 - Initial setup and sanity checks
TODAY=$(date -u +"%Y-%m-%d")
NOW=$(date -u)
RELEASE=${1:-"openmandriva2013.0"}
ARCH=${2:-"x86_64"}
PKG=vagrant-lxc-${RELEASE}-${ARCH}-${TODAY}.box
WORKING_DIR=/tmp/vagrant-lxc-${RELEASE}
VAGRANT_KEY="ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key"
ROOTFS=/var/lib/lxc/${RELEASE}-base/${RELEASE}-base/rootfs
# Providing '1' will enable these tools
CHEF=${CHEF:-0}
PUPPET=${PUPPET:-0}
SALT=${SALT:-0}
BABUSHKA=${BABUSHKA:-0}
# Path to files bundled with the box
CWD=`readlink -f .`
LXC_TEMPLATE=${CWD}/common/lxc-template-openmandriva
LXC_CONF=${CWD}/common/lxc.conf
METATADA_JSON=${CWD}/common/metadata.json
# Set up a working dir
mkdir -p $WORKING_DIR
if [ -f "${WORKING_DIR}/${PKG}" ]; then
echo "Found a box on ${WORKING_DIR}/${PKG} already!"
exit 1
fi
##################################################################################
# 1 - Create the base container
if $(lxc-ls | grep -q "${RELEASE}-base"); then
echo "Base container already exists, please remove it with \`lxc-destroy -n ${RELEASE}-base\`!"
exit 1
else
export SUITE=$RELEASE
lxc-create -n ${RELEASE}-base -t openmandriva -- -R ${RELEASE} --arch ${ARCH}
fi
######################################
# 2 - Fix some known issues
# Fixes some networking issues
cat /etc/resolv.conf > ${ROOTFS}/etc/resolv.conf
##################################################################################
# 3 - Prepare vagrant user
chroot ${ROOTFS} su -c 'useradd --create-home -s /bin/bash vagrant'
# echo -n 'vagrant:vagrant' | chroot ${ROOTFS} chpasswd
chroot ${ROOTFS} su -c "echo -n 'vagrant:vagrant' | chpasswd"
##################################################################################
# 4 - Setup SSH access and passwordless sudo
# Configure SSH access
mkdir -p ${ROOTFS}/home/vagrant/.ssh
echo $VAGRANT_KEY > ${ROOTFS}/home/vagrant/.ssh/authorized_keys
chroot ${ROOTFS} chown -R vagrant: /home/vagrant/.ssh
chroot ${ROOTFS} urpmi sudo --auto
chroot ${ROOTFS} usermod -a -G wheel vagrant
# Enable passwordless sudo for users under the "sudo" group
cp ${ROOTFS}/etc/sudoers{,.orig}
sed -i 's/Defaults requiretty/\# Defaults requiretty/' ${ROOTFS}/etc/sudoers
sed -i 's/\#%wheel/\%wheel/' ${ROOTFS}/etc/sudoers
sed -i 's/\# %wheel/\%wheel/' ${ROOTFS}/etc/sudoers
# sed -i -e \
# 's/%sudo\s\+ALL=(ALL\(:ALL\)\?)\s\+ALL/%sudo ALL=(ALL) NOPASSWD:ALL/g' \
# ${ROOTFS}/etc/sudoers
##################################################################################
# 5 - Add some goodies and update packages
PACKAGES=(vim curl wget man bash-completion openssh-server openssh-clients tar)
chroot ${ROOTFS} urpmi ${PACKAGES[*]} --auto
chroot ${ROOTFS} urpmi.update -a
##################################################################################
# 6 - Configuration management tools
if [ $CHEF = 1 ]; then
./common/install-chef $ROOTFS
fi
if [ $PUPPET = 1 ]; then
./common/install-puppet $ROOTFS
fi
if [ $SALT = 1 ]; then
./common/install-salt $ROOTFS
fi
if [ $BABUSHKA = 1 ]; then
./common/install-babushka $ROOTFS
fi
##################################################################################
# 7 - Free up some disk space
rm -rf ${ROOTFS}/tmp/*
# chroot ${ROOTFS} urpmi clean metadata
##################################################################################
# 8 - Build box package
# Compress container's rootfs
cd $(dirname $ROOTFS)
tar --numeric-owner -czf /tmp/vagrant-lxc-${RELEASE}/rootfs.tar.gz ./rootfs/*
# Prepare package contents
cd $WORKING_DIR
cp $LXC_TEMPLATE lxc-template
cp $LXC_CONF .
cp $METATADA_JSON .
chmod +x lxc-template
sed -i "s/<TODAY>/${NOW}/" metadata.json
# Vagrant box!
tar -czf $PKG ./*
chmod +rw ${WORKING_DIR}/${PKG}
mkdir -p ${CWD}/output
mv ${WORKING_DIR}/${PKG} ${CWD}/output
# Clean up after ourselves
rm -rf ${WORKING_DIR}
echo "The base box was built successfully to ${CWD}/output/${PKG}"

36
common/download.sh
View file

@ -26,28 +26,20 @@ fi
# If we got to this point, we need to create the container
log "Creating container..."
utils.lxc.create -t download -- \
--dist ${DISTRIBUTION} \
--release ${RELEASE} \
--arch ${ARCH}
utils.lxc.create -t download -- \
--dist ${DISTRIBUTION} \
--release ${RELEASE} \
--arch ${ARCH}
if [ ${DISTRIBUTION} = 'fedora' ] ||\
[ ${DISTRIBUTION} = 'ubuntu' ] ||\
[ ${DISTRIBUTION} = 'debian' ]
then
# Improve systemd support:
# - The fedora template does it but the fedora images from the download
# template apparently don't.
# - The debian template does it but the debian image from the download
# template apparently not.
utils.lxc.stop
echo >> /var/lib/lxc/${CONTAINER}/config
echo "# settings for systemd with PID 1:" >> /var/lib/lxc/${CONTAINER}/config
echo "lxc.autodev = 1" >> /var/lib/lxc/${CONTAINER}/config
utils.lxc.start
utils.lxc.attach rm -f /dev/kmsg
utils.lxc.stop
fi
# Improve systemd support:
# - The fedora template does it but the fedora images from the download
# template apparently don't.
# - The debian template does it but the debian image from the download
# template apparently not.
utils.lxc.stop
cfgpath="${HOME}/.local/share/lxc/${CONTAINER}/config"
echo >> ${cfgpath}
echo "# settings for systemd with PID 1:" >> ${cfgpath}
echo "lxc.autodev = 1" >> ${cfgpath}
log "Container created!"

225
common/lxc-template-openmandriva
View file

@ -1,225 +0,0 @@
#!/bin/bash
# This is a modified version of /usr/share/lxc/templates/lxc-openmandriva
# that comes with OpenMandriva changed to suit vagrant-lxc needs
#
# template script for generating openmandriva container for LXC
#
#
# lxc: linux Container library
# Authors:
# Alexander Khryukin <alexander@mezon.ru>
# Vokhmin Alexey V <avokhmin@gmail.com>
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
set -e
if [ -r /etc/default/lxc ]; then
. /etc/default/lxc
fi
extract_rootfs()
{
tarball=$1
arch=$2
rootfs=$3
echo "Extracting $tarball ..."
mkdir -p $(dirname $rootfs)
(cd `dirname $rootfs` && tar xfz $tarball)
return 0
}
install_openmandriva()
{
rootfs=$1
release=$2
tarball=$3
mkdir -p /var/lock/subsys/
(
flock -x 200
if [ $? -ne 0 ]; then
echo "Cache repository is busy."
return 1
fi
extract_rootfs $tarball $arch $rootfs
if [ $? -ne 0 ]; then
echo "Failed to copy rootfs"
return 1
fi
return 0
) 200>/var/lock/subsys/lxc
return $?
}
copy_configuration()
{
path=$1
rootfs=$2
name=$3
grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config
# if there is exactly one veth network entry, make sure it has an
# associated hwaddr.
nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l`
if [ $nics -eq 1 ]; then
grep -q "^lxc.network.hwaddr" $path/config || sed -i -e "/^lxc\.network\.type[ \t]*=[ \t]*veth/a lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')" $path/config
fi
if [ $? -ne 0 ]; then
echo "Failed to add configuration"
return 1
fi
return 0
}
post_process()
{
rootfs=$1
# rmdir /dev/shm for containers that have /run/shm
# I'm afraid of doing rm -rf $rootfs/dev/shm, in case it did
# get bind mounted to the host's /run/shm. So try to rmdir
# it, and in case that fails move it out of the way.
if [ ! -L $rootfs/dev/shm ] && [ -d $rootfs/run/shm ] && [ -e $rootfs/dev/shm ]; then
mv $rootfs/dev/shm $rootfs/dev/shm.bak
ln -s /run/shm $rootfs/dev/shm
fi
}
usage()
{
cat <<EOF
usage:
$1 -n|--name=<container_name>
[-p|--path=<path>] [-c|--clean] [-R|--release=<openmandriva2013.0/rosa2012.1/cooker/ release>]
[-4|--ipv4=<ipv4 address>] [-6|--ipv6=<ipv6 address>]
[-g|--gw=<gw address>] [-d|--dns=<dns address>]
[-P|--profile=<name of the profile>] [--rootfs=<path>]
[-A|--arch=<arch of the container>]
[-T|--tarball <tarball path>]
[-S|--auth-key <auth-key path>]
[-h|--help]
Mandatory args:
-n,--name container name, used to as an identifier for that container from now on
Optional args:
-p,--path path to where the container rootfs will be created, defaults to /var/lib/lxc. The container config will go under /var/lib/lxc in that case
-c,--clean clean the cache
-R,--release openmandriva2013.0/cooker/rosa2012.1 release for the new container. if the host is OpenMandriva, then it will default to the host's release.
-4,--ipv4 specify the ipv4 address to assign to the virtualized interface, eg. 192.168.1.123/24
-6,--ipv6 specify the ipv6 address to assign to the virtualized interface, eg. 2003:db8:1:0:214:1234:fe0b:3596/64
-g,--gw specify the default gw, eg. 192.168.1.1
-G,--gw6 specify the default gw, eg. 2003:db8:1:0:214:1234:fe0b:3596
-d,--dns specify the DNS server, eg. 192.168.1.2
-P,--profile Profile name is the file name in /etc/lxc/profiles contained packages name for install to cache.
-A,--arch Define what arch the container will be [i586,x86_64,armv7l,armv7hl]
---rootfs rootfs path
-h,--help print this help
EOF
return 0
}
options=$(getopt -o hp:n:P:cR:4:6:g:d:A:S:T: -l help,rootfs:,path:,name:,profile:,clean:,release:,ipv4:,ipv6:,gw:,dns:,arch:,auth-key:,tarball: -- "$@")
if [ $? -ne 0 ]; then
usage $(basename $0)
exit 1
fi
eval set -- "$options"
# doesn't use
release=${release:-"cooker"}
hostarch=$(uname -m)
while true
do
case "$1" in
-h|--help) usage $0 && exit 0;;
-p|--path) path=$2; shift 2;;
--rootfs) rootfs_path=$2; shift 2;;
-n|--name) name=$2; shift 2;;
-P|--profile) profile=$2; shift 2;;
-c|--clean) clean=$2; shift 2;;
-R|--release) release=$2; shift 2;;
-T|--tarball) tarball=$2; shift 2;;
-S|--auth-key) auth_key=$2; shift 2;;
-A|--arch) arch=$2; shift 2;;
-4|--ipv4) ipv4=$2; shift 2;;
-6|--ipv6) ipv6=$2; shift 2;;
-g|--gw) gw=$2; shift 2;;
-d|--dns) dns=$2; shift 2;;
--) shift 1; break ;;
*) break ;;
esac
done
arch=${arch:-$hostarch}
if [ $hostarch = "i586" -a $arch = "x86_64" ]; then
echo "can't create x86_64 container on i586"
exit 1
fi
if [ -z "$path" ]; then
echo "'path' parameter is required"
exit 1
fi
if [ "$(id -u)" != "0" ]; then
echo "This script should be run as 'root'"
exit 1
fi
# detect rootfs
config="$path/config"
# if $rootfs exists here, it was passed in with --rootfs
if [ -z "$rootfs" ]; then
if grep -q '^lxc.rootfs' $config 2>/dev/null ; then
rootfs=`grep 'lxc.rootfs =' $config | awk -F= '{ print $2 }'`
else
rootfs=$path/rootfs
fi
fi
install_openmandriva $rootfs $release $tarball
if [ $? -ne 0 ]; then
echo "failed to install openmandriva $release"
exit 1
fi
copy_configuration $path $rootfs $name $arch
if [ $? -ne 0 ]; then
echo "failed write configuration file"
exit 1
fi
post_process $rootfs $release
echo ""
echo "##"
echo "# The default user is 'vagrant' with password 'vagrant'!"
echo "# Use the 'sudo' command to run tasks as root in the container."
echo "##"
echo ""

226
common/lxc-template.bkp
View file

@ -1,226 +0,0 @@
#!/bin/bash
# This is a modified version of /usr/share/lxc/templates/lxc-ubuntu
# that comes with Ubuntu 13.04 changed to suit vagrant-lxc needs
#
# template script for generating ubuntu container for LXC
#
# This script consolidates and extends the existing lxc ubuntu scripts
#
# Copyright © 2011 Serge Hallyn <serge.hallyn@canonical.com>
# Copyright © 2010 Wilhelm Meier
# Author: Wilhelm Meier <wilhelm.meier@fh-kl.de>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2, as
# published by the Free Software Foundation.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
set -e
if [ -r /etc/default/lxc ]; then
. /etc/default/lxc
fi
extract_rootfs()
{
tarball=$1
arch=$2
rootfs=$3
echo "Extracting $tarball ..."
mkdir -p $rootfs
(cd $rootfs && tar xfz $tarball --strip-components=2)
return 0
}
install_ubuntu()
{
rootfs=$1
release=$2
tarball=$3
mkdir -p /var/lock/subsys/
(
flock -x 200
if [ $? -ne 0 ]; then
echo "Cache repository is busy."
return 1
fi
extract_rootfs $tarball $arch $rootfs
if [ $? -ne 0 ]; then
echo "Failed to copy rootfs"
return 1
fi
return 0
) 200>/var/lock/subsys/lxc
return $?
}
copy_configuration()
{
path=$1
rootfs=$2
name=$3
grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config
# if there is exactly one veth network entry, make sure it has an
# associated hwaddr.
nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l`
if [ $nics -eq 1 ]; then
grep -q "^lxc.network.hwaddr" $path/config || sed -i -e "/^lxc\.network\.type[ \t]*=[ \t]*veth/a lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')" $path/config
fi
if [ $? -ne 0 ]; then
echo "Failed to add configuration"
return 1
fi
return 0
}
post_process()
{
rootfs=$1
# rmdir /dev/shm for containers that have /run/shm
# I'm afraid of doing rm -rf $rootfs/dev/shm, in case it did
# get bind mounted to the host's /run/shm. So try to rmdir
# it, and in case that fails move it out of the way.
if [ ! -L $rootfs/dev/shm ] && [ -d $rootfs/run/shm ] && [ -e $rootfs/dev/shm ]; then
mv $rootfs/dev/shm $rootfs/dev/shm.bak
ln -s /run/shm $rootfs/dev/shm
fi
}
usage()
{
cat <<EOF
$1 -h|--help [-a|--arch] [--trim] [-d|--debug] [--rootfs <rootfs>] [-T|--tarball <rootfs-tarball>
arch: the container architecture (e.g. amd64): defaults to host arch
EOF
return 0
}
options=$(getopt -o a:b:hp:r:xn:FS:d:C -l arch:,help,path:,release:,trim,name:,flush-cache,auth-key:,debug:,tarball:,rootfs: -- "$@")
if [ $? -ne 0 ]; then
usage $(basename $0)
exit 1
fi
eval set -- "$options"
release=precise # Default to the last Ubuntu LTS release for non-Ubuntu systems
if [ -f /etc/lsb-release ]; then
. /etc/lsb-release
if [ "$DISTRIB_ID" = "Ubuntu" ]; then
release=$DISTRIB_CODENAME
fi
fi
arch=$(uname -m)
# Code taken from debootstrap
if [ -x /usr/bin/dpkg ] && /usr/bin/dpkg --print-architecture >/dev/null 2>&1; then
arch=`/usr/bin/dpkg --print-architecture`
elif type udpkg >/dev/null 2>&1 && udpkg --print-architecture >/dev/null 2>&1; then
arch=`/usr/bin/udpkg --print-architecture`
else
arch=$(uname -m)
if [ "$arch" = "i686" ]; then
arch="i386"
elif [ "$arch" = "x86_64" ]; then
arch="amd64"
elif [ "$arch" = "armv7l" ]; then
arch="armel"
fi
fi
debug=0
trim_container=0
hostarch=$arch
while true
do
case "$1" in
-h|--help) usage $0 && exit 0;;
--rootfs) rootfs=$2; shift 2;;
-p|--path) path=$2; shift 2;;
-n|--name) name=$2; shift 2;;
-T|--tarball) tarball=$2; shift 2;;
-a|--arch) arch=$2; shift 2;;
-S|--auth-key) auth_key=$2; shift 2;;
-d|--debug) debug=1; shift 1;;
--) shift 1; break ;;
*) break ;;
esac
done
if [ $debug -eq 1 ]; then
set -x
fi
if [ "$arch" == "i686" ]; then
arch=i386
fi
if [ $hostarch = "i386" -a $arch = "amd64" ]; then
echo "can't create amd64 container on i386"
exit 1
fi
if [ -z "$path" ]; then
echo "'path' parameter is required"
exit 1
fi
if [ "$(id -u)" != "0" ]; then
echo "This script should be run as 'root'"
exit 1
fi
# detect rootfs
config="$path/config"
# if $rootfs exists here, it was passed in with --rootfs
if [ -z "$rootfs" ]; then
if grep -q '^lxc.rootfs' $config 2>/dev/null ; then
rootfs=`grep 'lxc.rootfs =' $config | awk -F= '{ print $2 }'`
else
rootfs=$path/rootfs
fi
fi
install_ubuntu $rootfs $release $tarball
if [ $? -ne 0 ]; then
echo "failed to install ubuntu $release"
exit 1
fi
copy_configuration $path $rootfs $name $arch
if [ $? -ne 0 ]; then
echo "failed write configuration file"
exit 1
fi
post_process $rootfs $release $trim_container
echo ""
echo "##"
echo "# The default user is 'vagrant' with password 'vagrant'!"
echo "# Use the 'sudo' command to run tasks as root in the container."
echo "##"
echo ""

13
common/package.sh
View file

@ -3,7 +3,7 @@ set -e
source common/ui.sh
ROOTFS="/var/lib/lxc/${CONTAINER}/rootfs"
ROOTFS="${HOME}/.local/share/lxc/${CONTAINER}/rootfs"
WORKING_DIR="/tmp/${CONTAINER}"
debug "Creating ${WORKING_DIR}"
@ -14,19 +14,17 @@ mkdir -p $(dirname ${PACKAGE})
info "Packaging '${CONTAINER}' to '${PACKAGE}'..."
debug 'Stopping container'
lxc-stop -n ${CONTAINER} &>/dev/null || true
if [ -f ${WORKING_DIR}/rootfs.tar.gz ]; then
log "Removing previous rootfs tarball"
rm -f ${WORKING_DIR}/rootfs.tar.gz
fi
log "Compressing container's rootfs"
log "Compressing container's rootfs (sudo needed)"
pushd $(dirname ${ROOTFS})
tar --numeric-owner --anchored --exclude=./rootfs/dev/log -czf \
sudo tar --numeric-owner --anchored --exclude=./rootfs/dev/log -czf \
${WORKING_DIR}/rootfs.tar.gz ./rootfs/*
popd
sudo chown ${UID} ${WORKING_DIR}/rootfs.tar.gz
# Prepare package contents
log 'Preparing box package contents'
@ -42,6 +40,3 @@ sed -i "s/<TODAY>/${NOW}/" ${WORKING_DIR}/metadata.json
log 'Packaging box'
TARBALL=$(readlink -f ${PACKAGE})
(cd ${WORKING_DIR} && tar -czf $TARBALL ./*)
chmod +rw ${PACKAGE}
chown ${USER}: ${PACKAGE}

71
common/prepare-vagrant-user.sh
View file

@ -1,57 +1,38 @@
#!/bin/bash
set -e
source /etc/profile
source common/ui.sh
ROOTFS="/var/lib/lxc/${CONTAINER}/rootfs"
VAGRANT_KEY="ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key"
info "Preparing vagrant user..."
export VAGRANT_KEY="ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key"
# Create vagrant user
if $(grep -q 'vagrant' ${ROOTFS}/etc/shadow); then
log 'Skipping vagrant user creation'
elif $(grep -q 'ubuntu' ${ROOTFS}/etc/shadow); then
debug 'vagrant user does not exist, renaming ubuntu user...'
mv ${ROOTFS}/home/{ubuntu,vagrant}
chroot ${ROOTFS} usermod -l vagrant -d /home/vagrant ubuntu
chroot ${ROOTFS} groupmod -n vagrant ubuntu
echo -n 'vagrant:vagrant' | chroot ${ROOTFS} chpasswd
log 'Renamed ubuntu user to vagrant and changed password.'
if $(grep -q 'vagrant' /etc/shadow); then
echo 'Skipping vagrant user creation'
elif $(grep -q 'ubuntu' /etc/shadow); then
echo 'vagrant user does not exist, renaming ubuntu user...'
mv /home/{ubuntu,vagrant}
usermod -l vagrant -d /home/vagrant ubuntu
groupmod -n vagrant ubuntu
echo -n 'vagrant:vagrant' | chpasswd
echo 'Renamed ubuntu user to vagrant and changed password.'
elif [ ${DISTRIBUTION} = 'centos' -o ${DISTRIBUTION} = 'fedora' ]; then
debug 'Creating vagrant user...'
chroot ${ROOTFS} useradd --create-home -s /bin/bash -u 1000 vagrant
echo -n 'vagrant:vagrant' | chroot ${ROOTFS} chpasswd
sed -i 's/^Defaults\s\+requiretty/# Defaults requiretty/' $ROOTFS/etc/sudoers
if [ ${RELEASE} -eq 6 ]; then
info 'Disabling password aging for root...'
# disable password aging (required on Centos 6)
# pretend that password was changed today (won't fail during provisioning)
chroot ${ROOTFS} chage -I -1 -m 0 -M 99999 -E -1 -d `date +%Y-%m-%d` root
fi
echo 'Creating vagrant user...'
useradd --create-home -s /bin/bash -u 1000 vagrant
echo -n 'vagrant:vagrant' | chpasswd
sed -i 's/^Defaults\s\+requiretty/# Defaults requiretty/' /etc/sudoers
else
debug 'Creating vagrant user...'
chroot ${ROOTFS} useradd --create-home -s /bin/bash vagrant
echo -n 'vagrant:vagrant' | chroot ${ROOTFS} chpasswd
echo 'Creating vagrant user...'
useradd --create-home -s /bin/bash vagrant
echo -n 'vagrant:vagrant' | chpasswd
fi
# Configure SSH access
if [ -d ${ROOTFS}/home/vagrant/.ssh/authorized_keys ]; then
log 'Skipping vagrant SSH credentials configuration'
else
debug 'SSH key has not been set'
mkdir -p ${ROOTFS}/home/vagrant/.ssh
echo $VAGRANT_KEY > ${ROOTFS}/home/vagrant/.ssh/authorized_keys
chroot ${ROOTFS} chown -R vagrant: /home/vagrant/.ssh
log 'SSH credentials configured for the vagrant user.'
fi
mkdir -p /home/vagrant/.ssh
echo $VAGRANT_KEY > /home/vagrant/.ssh/authorized_keys
chown -R vagrant /home/vagrant/.ssh
chmod +x /home/vagrant/.ssh
echo 'SSH credentials configured for the vagrant user.'
# Enable passwordless sudo for the vagrant user
if [ -f ${ROOTFS}/etc/sudoers.d/vagrant ]; then
log 'Skipping sudoers file creation.'
else
debug 'Sudoers file was not found'
echo "vagrant ALL=(ALL) NOPASSWD:ALL" > ${ROOTFS}/etc/sudoers.d/vagrant
chmod 0440 ${ROOTFS}/etc/sudoers.d/vagrant
log 'Sudoers file created.'
fi
echo "vagrant ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/vagrant
chmod 0440 /etc/sudoers.d/vagrant
echo 'Sudoers file created.'

8
conf/centos
View file

@ -1,9 +1,9 @@
# Taken from the oracle.common.conf.in
# Console settings
lxc.tty.dir = lxc
lxc.tty.max = 4
lxc.pty.max = 1024
lxc.devttydir = lxc
lxc.tty = 4
lxc.pts = 1024
# Mount entries
lxc.mount.auto = proc:mixed sys:ro
@ -54,4 +54,4 @@ lxc.cgroup.devices.allow = c 10:200 rwm # /dev/net/tun
# Blacklist some syscalls which are not safe in privileged
# containers
lxc.seccomp.profile = /usr/share/lxc/config/common.seccomp
lxc.seccomp = /usr/share/lxc/config/common.seccomp

12
conf/debian
View file

@ -1,34 +1,36 @@
# Default pivot location
lxc.pivotdir = lxc_putold
# Default mount entries
lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
lxc.mount.entry = sysfs sys sysfs defaults 0 0
# Default console settings
lxc.tty.max = 4
lxc.pty.max = 1024
lxc.tty = 4
lxc.pts = 1024
# Default capabilities
lxc.cap.drop = sys_module mac_admin mac_override sys_time
# Prevent systemd-journald from burning 100% of CPU
# See https://wiki.debian.org/LXC#Incompatibility_with_systemd
lxc.kmsg = 0
lxc.autodev = 1
# When using LXC with apparmor, the container will be confined by default.
# If you wish for it to instead run unconfined, copy the following line
# (uncommented) to the container's configuration file.
#lxc.apparmor.profile = unconfined
#lxc.aa_profile = unconfined
# To support container nesting on an Ubuntu host while retaining most of
# apparmor's added security, use the following two lines instead.
#lxc.apparmor.profile = lxc-container-default-with-nesting
#lxc.aa_profile = lxc-container-default-with-nesting
#lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups
# If you wish to allow mounting block filesystems, then use the following
# line instead, and make sure to grant access to the block device and/or loop
# devices below in lxc.cgroup.devices.allow.
#lxc.apparmor.profile = lxc-container-default-with-mounting
#lxc.aa_profile = lxc-container-default-with-mounting
# Default cgroup limits
lxc.cgroup.devices.deny = a

12
conf/debian-jessie
View file

@ -1,15 +1,17 @@
# support systemd as PID 1
lxc.autodev = 1
lxc.kmsg = 0
# Default pivot location
lxc.pivotdir = lxc_putold
# Default mount entries
lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0
# Default console settings
lxc.tty.max = 4
lxc.pty.max = 1024
lxc.tty = 4
lxc.pts = 1024
# Default capabilities
lxc.cap.drop = sys_module mac_admin mac_override sys_time sys_rawio
@ -17,17 +19,17 @@ lxc.cap.drop = sys_module mac_admin mac_override sys_time sys_rawio
# When using LXC with apparmor, the container will be confined by default.
# If you wish for it to instead run unconfined, copy the following line
# (uncommented) to the container's configuration file.
#lxc.apparmor.profile = unconfined
#lxc.aa_profile = unconfined
# To support container nesting on an Ubuntu host while retaining most of
# apparmor's added security, use the following two lines instead.
#lxc.apparmor.profile = lxc-container-default-with-nesting
#lxc.aa_profile = lxc-container-default-with-nesting
#lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups
# If you wish to allow mounting block filesystems, then use the following
# line instead, and make sure to grant access to the block device and/or loop
# devices below in lxc.cgroup.devices.allow.
#lxc.apparmor.profile = lxc-container-default-with-mounting
#lxc.aa_profile = lxc-container-default-with-mounting
# Default cgroup limits
lxc.cgroup.devices.deny = a

63
conf/debian-stretch
View file

@ -1,63 +0,0 @@
# support systemd as PID 1
lxc.autodev = 1
# Default pivot location
# Default mount entries
lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0
# Default console settings
lxc.tty.max = 4
lxc.pty.max = 1024
# Default capabilities
lxc.cap.drop = sys_module mac_admin mac_override sys_time sys_rawio
# When using LXC with apparmor, the container will be confined by default.
# If you wish for it to instead run unconfined, copy the following line
# (uncommented) to the container's configuration file.
#lxc.apparmor.profile = unconfined
# To support container nesting on an Ubuntu host while retaining most of
# apparmor's added security, use the following two lines instead.
#lxc.apparmor.profile = lxc-container-default-with-nesting
#lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups
# If you wish to allow mounting block filesystems, then use the following
# line instead, and make sure to grant access to the block device and/or loop
# devices below in lxc.cgroup.devices.allow.
#lxc.apparmor.profile = lxc-container-default-with-mounting
# Default cgroup limits
lxc.cgroup.devices.deny = a
## Allow any mknod (but not using the node)
lxc.cgroup.devices.allow = c *:* m
lxc.cgroup.devices.allow = b *:* m
## /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
## consoles
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 5:1 rwm
## /dev/{,u}random
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 1:9 rwm
## /dev/pts/*
lxc.cgroup.devices.allow = c 5:2 rwm
lxc.cgroup.devices.allow = c 136:* rwm
## rtc
lxc.cgroup.devices.allow = c 254:0 rm
## fuse
lxc.cgroup.devices.allow = c 10:229 rwm
## tun
lxc.cgroup.devices.allow = c 10:200 rwm
## full
lxc.cgroup.devices.allow = c 1:7 rwm
## hpet
lxc.cgroup.devices.allow = c 10:228 rwm
## kvm
lxc.cgroup.devices.allow = c 10:232 rwm
## To use loop devices, copy the following line to the container's
## configuration file (uncommented).
#lxc.cgroup.devices.allow = b 7:* rwm

1
conf/debian-stretch Symbolic link
View file

@ -0,0 +1 @@
debian-jessie

9
conf/fedora
View file

@ -1,12 +1,13 @@
# work better with systemd:
lxc.autodev = 1
lxc.kmsg = 0
# Taken from the oracle.common.conf.in
# Console settings
lxc.tty.dir = lxc
lxc.tty.max = 4
lxc.pty.max = 1024
lxc.devttydir = lxc
lxc.tty = 4
lxc.pts = 1024
# Mount entries
lxc.mount.auto = proc:mixed sys:ro
@ -65,4 +66,4 @@ lxc.cgroup.devices.allow = c 5:2 rwm
# Blacklist some syscalls which are not safe in privileged
# containers
lxc.seccomp.profile = /usr/share/lxc/config/common.seccomp
lxc.seccomp = /usr/share/lxc/config/common.seccomp

4
conf/gentoo
View file

@ -1,5 +1,5 @@
lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
# Default console settings
lxc.tty.max = 4
lxc.pty.max = 1024
lxc.tty = 4
lxc.pts = 1024

13
conf/ubuntu
View file

@ -1,13 +1,14 @@
# Default pivot location
lxc.pivotdir = lxc_putold
# Default mount entries
lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
lxc.mount.entry = sysfs sys sysfs defaults 0 0
# Default console settings
lxc.tty.dir = lxc
lxc.tty.max = 4
lxc.pty.max = 1024
lxc.devttydir = lxc
lxc.tty = 4
lxc.pts = 1024
# Default capabilities
lxc.cap.drop = sys_module mac_admin mac_override sys_time
@ -15,11 +16,11 @@ lxc.cap.drop = sys_module mac_admin mac_override sys_time
# When using LXC with apparmor, the container will be confined by default.
# If you wish for it to instead run unconfined, copy the following line
# (uncommented) to the container's configuration file.
#lxc.apparmor.profile = unconfined
#lxc.aa_profile = unconfined
# To support container nesting on an Ubuntu host while retaining most of
# apparmor's added security, use the following two lines instead.
#lxc.apparmor.profile = lxc-container-default-with-nesting
#lxc.aa_profile = lxc-container-default-with-nesting
#lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups
# Uncomment the following line to autodetect squid-deb-proxy configuration on the
@ -29,7 +30,7 @@ lxc.cap.drop = sys_module mac_admin mac_override sys_time
# If you wish to allow mounting block filesystems, then use the following
# line instead, and make sure to grant access to the block device and/or loop
# devices below in lxc.cgroup.devices.allow.
#lxc.apparmor.profile = lxc-container-default-with-mounting
#lxc.aa_profile = lxc-container-default-with-mounting
# Default cgroup limits
lxc.cgroup.devices.deny = a

1
conf/ubuntu-wily
View file

@ -6,4 +6,5 @@
lxc.include = /usr/share/lxc/config/ubuntu.common.conf
# settings for systemd with PID 1:
lxc.kmsg = 0
lxc.autodev = 1

5
conf/ubuntu-xenial
View file

@ -6,7 +6,8 @@
lxc.include = /usr/share/lxc/config/ubuntu.common.conf
# settings for systemd with PID 1:
lxc.kmsg = 0
lxc.autodev = 1
# allow unconfined and incomplete
lxc.apparmor.profile = unconfined
lxc.apparmor.allow_incomplete = 1
lxc.aa_profile = unconfined
lxc.aa_allow_incomplete = 1

21
debian/clean.sh vendored
View file

@ -1,19 +1,16 @@
#!/bin/bash
set -e
source /etc/profile
source common/ui.sh
source common/utils.sh
echo "Cleaning up"
debug 'Bringing container up'
utils.lxc.start
rm /script.sh
info "Cleaning up '${CONTAINER}'..."
echo 'Removing temporary files...'
rm -rf /tmp/*
log 'Removing temporary files...'
rm -rf ${ROOTFS}/tmp/*
echo 'cleaning up dhcp leases'
rm -f /var/lib/dhcp/*
log 'cleaning up dhcp leases'
rm -f ${ROOTFS}/var/lib/dhcp/*
log 'Removing downloaded packages...'
utils.lxc.attach apt-get clean
echo 'Removing downloaded packages...'
apt-get clean

7
debian/install-ansible.sh vendored
View file

@ -1,7 +0,0 @@
#!/bin/bash
ANSIBLE_VERSION=${ANSIBLE_VERSION:-latest}
apt-get install -y build-essential python-setuptools python-jinja2 python-yaml python-paramiko python-httplib2 python-crypto sshpass
wget https://releases.ansible.com/ansible/ansible-$ANSIBLE_VERSION.tar.gz -O /tmp//ansible.tar.gz
tar -zxvf /tmp/ansible.tar.gz -C /tmp/ && rm -r /tmp/ansible.tar.gz
cd /tmp/ansible-* && make && make install

102
debian/install-extras.sh vendored
View file

@ -1,98 +1,48 @@
#!/bin/bash
set -e
source common/ui.sh
source common/utils.sh
source /etc/profile
info 'Installing extra packages and upgrading'
debug 'Bringing container up'
utils.lxc.start
# Sleep for a bit so that the container can get an IP
SECS=15
log "Sleeping for $SECS seconds..."
sleep $SECS
echo 'Installing extra packages and upgrading'
PACKAGES=(vim curl wget man-db openssh-server bash-completion ca-certificates sudo)
log "Installing additional packages: ${ADDPACKAGES}"
echo "Installing additional packages: ${ADDPACKAGES}"
PACKAGES+=" ${ADDPACKAGES}"
if [ $DISTRIBUTION = 'ubuntu' ]; then
PACKAGES+=' software-properties-common'
fi
if [ $RELEASE != 'raring' ] && [ $RELEASE != 'saucy' ] && [ $RELEASE != 'trusty' ] && [ $RELEASE != 'wily' ] ; then
PACKAGES+=' nfs-common'
fi
if [ $RELEASE != 'stretch' ] ; then
PACKAGES+=' python-software-properties'
fi
utils.lxc.attach apt-get update
utils.lxc.attach apt-get install ${PACKAGES[*]} -y --force-yes
utils.lxc.attach apt-get upgrade -y --force-yes
ANSIBLE=${ANSIBLE:-0}
if [[ $ANSIBLE = 1 ]]; then
PACKAGES+=' ansible'
fi
CHEF=${CHEF:-0}
if [[ $CHEF = 1 ]]; then
PACKAGES+=' chef'
fi
PUPPET=${PUPPET:-0}
if [[ $PUPPET = 1 ]]; then
PACKAGES+=' puppet'
fi
SALT=${SALT:-0}
BABUSHKA=${BABUSHKA:-0}
if [[ $SALT = 1 ]]; then
PACKAGES+=' salt-minion'
fi
export DEBIAN_FRONTEND=noninteractive
export DEBIAN_PRIORITY=critical
apt-get update
apt-get install ${PACKAGES[*]} -y --force-yes
apt-get upgrade -y --force-yes
if [ $DISTRIBUTION = 'debian' ]; then
# Enable bash-completion
sed -e '/^#if ! shopt -oq posix; then/,/^#fi/ s/^#\(.*\)/\1/g' \
-i ${ROOTFS}/etc/bash.bashrc
fi
if [ $ANSIBLE = 1 ]; then
if $(lxc-attach -n ${CONTAINER} -- which ansible &>/dev/null); then
log "Ansible has been installed on container, skipping"
else
info "Installing Ansible"
cp debian/install-ansible.sh ${ROOTFS}/tmp/ && chmod +x ${ROOTFS}/tmp/install-ansible.sh
utils.lxc.attach /tmp/install-ansible.sh
fi
else
log "Skipping Ansible installation"
fi
if [ $CHEF = 1 ]; then
if $(lxc-attach -n ${CONTAINER} -- which chef-solo &>/dev/null); then
log "Chef has been installed on container, skipping"
else
log "Installing Chef"
cat > ${ROOTFS}/tmp/install-chef.sh << EOF
#!/bin/sh
curl -L https://www.opscode.com/chef/install.sh -k | sudo bash
EOF
chmod +x ${ROOTFS}/tmp/install-chef.sh
utils.lxc.attach /tmp/install-chef.sh
fi
else
log "Skipping Chef installation"
fi
if [ $PUPPET = 1 ]; then
if $(lxc-attach -n ${CONTAINER} -- which puppet &>/dev/null); then
log "Puppet has been installed on container, skipping"
elif [ ${RELEASE} = 'sid' ]; then
warn "Puppet can't be installed on Debian sid, skipping"
else
log "Installing Puppet"
utils.lxc.attach apt-get update
utils.lxc.attach apt-get install puppet -y --force-yes
fi
else
log "Skipping Puppet installation"
fi
if [ $SALT = 1 ]; then
if $(lxc-attach -n ${CONTAINER} -- which salt-minion &>/dev/null); then
log "Salt has been installed on container, skipping"
else
utils.lxc.attach apt-get update
utils.lxc.attach apt-get install salt-minion -y --force-yes
fi
else
log "Skipping Salt installation"
-i /etc/bash.bashrc
fi

61
debian/vagrant-lxc-fixes.sh vendored
View file

@ -1,52 +1,33 @@
#!/bin/bash
set -e
source common/ui.sh
source common/utils.sh
source /etc/profile
# Fixes some networking issues
# See https://github.com/fgrehm/vagrant-lxc/issues/91 for more info
if ! $(grep -q 'ip6-allhosts' ${ROOTFS}/etc/hosts); then
log "Adding ipv6 allhosts entry to container's /etc/hosts"
echo 'ff02::3 ip6-allhosts' >> ${ROOTFS}/etc/hosts
if ! $(grep -q 'ip6-allhosts' /etc/hosts); then
echo 'ff02::3 ip6-allhosts' >> /etc/hosts
fi
utils.lxc.start
# Ensure locales are properly set, based on http://askubuntu.com/a/238063
LANG=${LANG:-en_US.UTF-8}
sed -i "s/^# ${LANG}/${LANG}/" /etc/locale.gen
if [ ${DISTRIBUTION} = 'debian' ]; then
# Ensure locales are properly set, based on http://askubuntu.com/a/238063
LANG=${LANG:-en_US.UTF-8}
sed -i "s/^# ${LANG}/${LANG}/" ${ROOTFS}/etc/locale.gen
# Fixes some networking issues
# See https://github.com/fgrehm/vagrant-lxc/issues/91 for more info
sed -i -e "s/\(127.0.0.1\s\+localhost\)/\1\n127.0.1.1\t${CONTAINER}\n/g" /etc/hosts
# Fixes some networking issues
# See https://github.com/fgrehm/vagrant-lxc/issues/91 for more info
sed -i -e "s/\(127.0.0.1\s\+localhost\)/\1\n127.0.1.1\t${CONTAINER}\n/g" ${ROOTFS}/etc/hosts
# Fixes for jessie, following the guide from
# https://wiki.debian.org/LXC#Incompatibility_with_systemd
if [ "$RELEASE" = 'jessie' ] || [ "$RELEASE" = 'stretch' ]; then
# Reconfigure the LXC
cp /lib/systemd/system/getty@.service /etc/systemd/system/getty@.service
# Comment out ConditionPathExists
sed -i -e 's/\(ConditionPathExists=\)/# \n# \1/' \
"/etc/systemd/system/getty@.service"
# Ensures that `/tmp` does not get cleared on halt
# See https://github.com/fgrehm/vagrant-lxc/issues/68 for more info
utils.lxc.attach /usr/sbin/update-rc.d -f checkroot-bootclean.sh remove
utils.lxc.attach /usr/sbin/update-rc.d -f mountall-bootclean.sh remove
utils.lxc.attach /usr/sbin/update-rc.d -f mountnfs-bootclean.sh remove
# Fixes for jessie, following the guide from
# https://wiki.debian.org/LXC#Incompatibility_with_systemd
if [ "$RELEASE" = 'jessie' ] || [ "$RELEASE" = 'stretch' ]; then
# Reconfigure the LXC
utils.lxc.attach /bin/cp \
/lib/systemd/system/getty@.service \
/etc/systemd/system/getty@.service
# Comment out ConditionPathExists
sed -i -e 's/\(ConditionPathExists=\)/# \n# \1/' \
"${ROOTFS}/etc/systemd/system/getty@.service"
# Mask udev.service and systemd-udevd.service:
utils.lxc.attach /bin/systemctl mask udev.service systemd-udevd.service
fi
# Mask udev.service and systemd-udevd.service:
systemctl mask udev.service systemd-udevd.service
fi
utils.lxc.attach /usr/sbin/locale-gen ${LANG}
utils.lxc.attach update-locale LANG=${LANG}
# Fix to allow bindfs
utils.lxc.attach ln -sf /bin/true /sbin/modprobe
utils.lxc.attach mknod -m 666 /dev/fuse c 10 229
locale-gen ${LANG}
update-locale LANG=${LANG}

4
fedora/install-extras.sh
View file

@ -17,8 +17,8 @@ sleep $SECS
# TODO: Support for appending to this list from outside
PACKAGES=(vim-enhanced curl wget man-db bash-completion ca-certificates sudo openssh-server strace python-dnf dnf-plugins-core e2fsprogs net-tools bind-utils)
utils.lxc.attach dnf update -y
utils.lxc.attach dnf install ${PACKAGES[*]} -y
utils.lxc.attach yum update -y
utils.lxc.attach yum install ${PACKAGES[*]} -y
MASK_TMP=${MASK_TMP:-0}

2
gentoo/install-packages.sh
View file

@ -23,7 +23,7 @@ fi
PUPPET=${PUPPET:-0}
if [[ $PUPPET = 1 ]]; then
PACKAGES+=' puppet eix'
PACKAGES+=' puppet'
fi
SALT=${SALT:-0}

36
mk-debian.sh
View file

@ -2,11 +2,7 @@
set -e
source common/ui.sh
if [ "$(id -u)" != "0" ]; then
echo "You should run this script as root (sudo)."
exit 1
fi
source common/utils.sh
export DISTRIBUTION=$1
export RELEASE=$2
@ -14,16 +10,12 @@ export ARCH=$3
export CONTAINER=$4
export PACKAGE=$5
export ADDPACKAGES=${ADDPACKAGES-$(cat ${RELEASE}_packages | tr "\n" " ")}
export ROOTFS="/var/lib/lxc/${CONTAINER}/rootfs"
export ROOTFS="${HOME}/.local/share/lxc/${CONTAINER}/rootfs"
export WORKING_DIR="/tmp/${CONTAINER}"
export NOW=$(date -u)
export LOG=$(readlink -f .)/log/${CONTAINER}.log
mkdir -p $(dirname $LOG)
echo '############################################' > ${LOG}
echo "# Beginning build at $(date)" >> ${LOG}
touch ${LOG}
chmod +rw ${LOG}
echo '############################################'
echo "# Beginning build at $(date)"
if [ -f ${PACKAGE} ]; then
warn "The box '${PACKAGE}' already exists, skipping..."
@ -37,12 +29,20 @@ mkdir -p ${WORKING_DIR}
info "Building box to '${PACKAGE}'..."
./common/download.sh ${DISTRIBUTION} ${RELEASE} ${ARCH} ${CONTAINER}
./debian/vagrant-lxc-fixes.sh ${DISTRIBUTION} ${RELEASE} ${ARCH} ${CONTAINER}
./debian/install-extras.sh ${CONTAINER}
./common/prepare-vagrant-user.sh ${DISTRIBUTION} ${CONTAINER}
./debian/clean.sh ${CONTAINER}
./common/package.sh ${CONTAINER} ${PACKAGE}
utils.lxc.start
SECS=15
log "Sleeping for $SECS seconds..."
sleep $SECS
utils.lxc.runscript debian/vagrant-lxc-fixes.sh
utils.lxc.runscript debian/install-extras.sh
utils.lxc.runscript common/prepare-vagrant-user.sh
utils.lxc.runscript debian/clean.sh
utils.lxc.stop
./common/package.sh
info "Finished building '${PACKAGE}'!"
log "Run \`sudo lxc-destroy -n ${CONTAINER}\` or \`make clean\` to remove the container that was created along the way"
log "Run \`lxc-destroy -n ${CONTAINER}\` or \`make clean\` to remove the container that was created along the way"
echo

7
mk-gentoo.sh
View file

@ -4,11 +4,6 @@ set -e
source common/ui.sh
source common/utils.sh
if [ "$(id -u)" != "0" ]; then
echo "You should run this script as root (sudo)."
exit 1
fi
TODAY=$(date -u +"%Y-%m-%d")
export DISTRIBUTION=gentoo
export RELEASE=current
@ -36,7 +31,7 @@ log "Sleeping for $SECS seconds..."
sleep $SECS
utils.lxc.runscript gentoo/install-packages.sh
./common/prepare-vagrant-user.sh
utils.lxc.runscript common/prepare-vagrant-user.sh
utils.lxc.runscript gentoo/clean.sh
utils.lxc.stop