Update README

Fix all builds for LXC v3.0
gentoo: update config to post LXC v2.1 format
2018-07-24 10:04:50 -04:00 · 2018-04-30 22:04:29 -04:00 · 2018-04-29 21:35:22 -04:00 · 2018-04-22 21:59:45 -04:00 · 2018-04-22 20:17:39 -04:00
25 changed files with 982 additions and 221 deletions
--- a/40
+++ b/40
@ -1,7 +1,7 @@
-UBUNTU_BOXES= xenial
+UBUNTU_BOXES= trusty xenial
 DEBIAN_BOXES= jessie stretch sid
 CENTOS_BOXES= 7
-FEDORA_BOXES= rawhide 23
+FEDORA_BOXES= 27 
 TODAY=$(shell date -u +"%Y-%m-%d")
 # Replace i686 with i386 and x86_64 with amd64
@ -21,38 +21,42 @@ $(UBUNTU_BOXES): CONTAINER = "vagrant-base-${@}-$(ARCH)"
 $(UBUNTU_BOXES): PACKAGE = "output/${TODAY}/vagrant-lxc-${@}-$(ARCH).box"
 $(UBUNTU_BOXES):
 	@mkdir -p $$(dirname $(PACKAGE))
-	@./mk-debian.sh ubuntu $(@) $(ARCH) $(CONTAINER) $(PACKAGE)
+	@sudo -E ./mk-debian.sh ubuntu $(@) $(ARCH) $(CONTAINER) $(PACKAGE)
-	@chmod +rw $(PACKAGE)
+	@sudo chmod +rw $(PACKAGE)
-	@chown ${USER}: $(PACKAGE)
+	@sudo chown ${USER}: $(PACKAGE)
 $(DEBIAN_BOXES): CONTAINER = "vagrant-base-${@}-$(ARCH)"
 $(DEBIAN_BOXES): PACKAGE = "output/${TODAY}/vagrant-lxc-${@}-$(ARCH).box"
 $(DEBIAN_BOXES):
 	@mkdir -p $$(dirname $(PACKAGE))
-	@./mk-debian.sh debian $(@) $(ARCH) $(CONTAINER) $(PACKAGE)
+	@sudo -E ./mk-debian.sh debian $(@) $(ARCH) $(CONTAINER) $(PACKAGE)
-	@chmod +rw $(PACKAGE)
+	@sudo chmod +rw $(PACKAGE)
-	@chown ${USER}: $(PACKAGE)
+	@sudo chown ${USER}: $(PACKAGE)
 $(CENTOS_BOXES): CONTAINER = "vagrant-base-centos-${@}-$(ARCH)"
 $(CENTOS_BOXES): PACKAGE = "output/${TODAY}/vagrant-lxc-centos-${@}-$(ARCH).box"
 $(CENTOS_BOXES):
 	@mkdir -p $$(dirname $(PACKAGE))
-	@./mk-centos.sh $(@) $(ARCH) $(CONTAINER) $(PACKAGE)
+	@sudo -E ./mk-centos.sh $(@) $(ARCH) $(CONTAINER) $(PACKAGE)
-	@chmod +rw $(PACKAGE)
+	@sudo chmod +rw $(PACKAGE)
-	@chown ${USER}: $(PACKAGE)
+	@sudo chown ${USER}: $(PACKAGE)
 $(FEDORA_BOXES): CONTAINER = "vagrant-base-fedora-${@}-$(ARCH)"
 $(FEDORA_BOXES): PACKAGE = "output/${TODAY}/vagrant-lxc-fedora-${@}-$(ARCH).box"
 $(FEDORA_BOXES):
 	@mkdir -p $$(dirname $(PACKAGE))
-	@./mk-fedora.sh $(@) $(ARCH) $(CONTAINER) $(PACKAGE)
+	@sudo -E ./mk-fedora.sh $(@) $(ARCH) $(CONTAINER) $(PACKAGE)
-	@chmod +rw $(PACKAGE)
+	@sudo chmod +rw $(PACKAGE)
-	@chown ${USER}: $(PACKAGE)
+	@sudo chown ${USER}: $(PACKAGE)
 .PHONY: gentoo
 gentoo:
 	@sudo -E ./mk-gentoo.sh
 acceptance: CONTAINER = "vagrant-base-acceptance-$(ARCH)"
 acceptance: PACKAGE = "output/${TODAY}/vagrant-lxc-acceptance-$(ARCH).box"
 acceptance:
 	@mkdir -p $$(dirname $(PACKAGE))
-	@PUPPET=1 CHEF=1 ./mk-debian.sh ubuntu precise $(ARCH) $(CONTAINER) $(PACKAGE)
+	@PUPPET=1 CHEF=1 sudo -E ./mk-debian.sh ubuntu xenial $(ARCH) $(CONTAINER) $(PACKAGE)
-	@chmod +rw $(PACKAGE)
+	@sudo chmod +rw $(PACKAGE)
-	@chown ${USER}: $(PACKAGE)
+	@sudo chown ${USER}: $(PACKAGE)
 release:
 	@test -z '$(version)' && echo 'version parameter not provided to `make`!' && exit 1 || return 0
@ -63,7 +67,7 @@ release:
 clean: ALL_BOXES = ${DEBIAN_BOXES} ${UBUNTU_BOXES} ${CENTOS_BOXES} ${FEDORA_BOXES} acceptance
 clean:
 	@for r in $(ALL_BOXES); do \
-		./clean.sh $${r}\
+		sudo -E ./clean.sh $${r}\
 			vagrant-base-$${r}-$(ARCH) \
 			output/${TODAY}/vagrant-lxc-$${r}-$(ARCH).box; \
 	done
--- a/README.md
+++ b/README.md
@ -1,37 +1,29 @@
 # vagrant-lxc base boxes
 This repository contains a set of scripts for creating base boxes for usage with
-[vagrant-lxc](https://github.com/fgrehm/vagrant-lxc) 1.0+.
+[vagrant-lxc](https://github.com/fgrehm/vagrant-lxc) 1.4+.
 ## What distros / versions can I build with this?
 * Ubuntu
  - Precise 12.04 x86_64
  - Quantal 12.10 x86_64
  - Raring 13.04 x86_64
  - Saucy 13.10 x86_64
  - Trusty 14.04 x86_64
  - Utopic 14.10 x86_64
  - Vivid 15.04 x86_64
  - Wily 15.10 x86_64
  - Xenial 16.04 x86_64
 * Debian
  - Squeeze x86_64
  - Wheezy x86_64
  - Jessie x86_64
  - Stretch x86_64
  - Sid x86_64
 * Fedora
  - 19 x86_64
  - 20 x86_64
  - 21 x86_64
  - 22 x86_64
  - 23 x86_64
  - rawhide x86_64
 * CentOS
  - 6 x86_64
  - 7 x86_64
 ## Status
 This is a fork of `obnoxxx/vagrant-lxc-base-boxes` which itself was a fork for
 `fgrehm/vagrant-lxc-base-boxes`. The goal is to make LXC box generation work for LXC 3.0+. The
 repo is not in top shape, but it works `make stretch` (which is what I use myself).
 It should be easy enough for you to add support for distros you use (PR welcome).
 ## Building the boxes
 _In order to build the boxes you need to have the `lxc-download`
@ -40,58 +32,43 @@ create one based on [this](https://github.com/lxc/lxc/blob/master/templates/lxc-
 and drop it on your lxc templates path (usually `/usr/share/lxc/templates`)._
 ```sh
-git clone https://github.com/obnoxxx/vagrant-lxc-base-boxes.git
+git clone https://github.com/hsoft/vagrant-lxc-base-boxes.git
 cd vagrant-lxc-base-boxes
-make precise
+make stretch
 ```
 By default no provisioning tools will be included but you can pick the ones
 you want by providing some environmental variables. For example:
 ```sh
-ANSIBLE=1 PUPPET=1 CHEF=1 SALT=1 BABUSHKA=1 \
+ANSIBLE=1 PUPPET=1 CHEF=1 \
-make precise
+make stretch
 ```
-Will build a Ubuntu Precise x86_64 box with latest Ansible, Puppet, Chef, Salt and
+Will build a Debian Stretch x86_64 box with latest Ansible, Puppet and Chef pre-installed.
 Babushka pre-installed.
-When using ANSIBLE=1, an optional ANSIBLE_VERSION parameter may be passed that will specify which version of ansible to install. By default it will install the latest Ansible.
+When using ANSIBLE=1, an optional ANSIBLE_VERSION parameter may be passed that
 will specify which version of ansible to install. By default it will install
 the latest Ansible.
 Additional packages to be installed can be specified with the ADDPACKAGES variable:
 ```sh
 ADDPACKAGES="aptitude htop" \
-make trusty
+make xenial
 ```
-Will build a Ubuntu Trusty x86_64 box with aptitude and htop as additional
+Will build a Ubuntu Xenial x86_64 box with aptitude and htop as additional
 packages pre-installed. You can also specify the packages in a file
-trusty_packages.
+xenial_packages.
 Note: ADDPACKAGES is currently only implemented for flavors of debian.
 ## Pre built base boxes
-_**NOTE:** None of the base boxes below have a provisioner pre-installed_
+There are no pre-built base boxes for this repo. You have to build them yourself.
 | Distribution | VagrantCloud box |
 | ------------ | ---------------- |
 | Ubuntu Precise 12.04 x86_64 | [fgrehm/precise64-lxc](https://vagrantcloud.com/fgrehm/precise64-lxc) |
 | Ubuntu Trusty 14.04 x86_64 | [fgrehm/trusty64-lxc](https://vagrantcloud.com/fgrehm/trusty64-lxc) |
 | Debian Wheezy 7 x86_64 | [fgrehm/wheezy64-lxc](https://vagrantcloud.com/fgrehm/wheezy64-lxc) |
 | Debian Jessie 8 x86_64 | [glenux/jessie64-lxc](https://atlas.hashicorp.com/glenux/boxes/jessie64-lxc) |
 | CentOS 6 x86_64 | [fgrehm/centos-6-64-lxc](https://vagrantcloud.com/fgrehm/centos-6-64-lxc) |
 ## What makes up for a vagrant-lxc base box?
 See [vagrant-lxc/BOXES.md](https://github.com/fgrehm/vagrant-lxc/blob/master/BOXES.md)
 ## Known issues
 * We can't get the NFS client to be installed on the containers used for building
  Ubuntu 13.04 / 13.10 / 14.04 base boxes.
 * Puppet can't be installed on Debian Sid
 * Salt can't be installed on Ubuntu 13.04
--- a/build-openmandriva-box.sh
+++ b/build-openmandriva-box.sh
@ -0,0 +1,159 @@
 #!/bin/bash
 # set -x
 set -e
 # Script used to build OpenMandriva base vagrant-lxc containers, currently limited to
 # host's arch
 #
 # USAGE:
 #   $ cd boxes && sudo ./build-openmandriva-box.sh OPENMANDRIVA_RELEASE BOX_ARCH
 #
 # TODO: scripts for install CHEF, PUPPET, SALT, BABUSHKA
 # To enable Chef or any other configuration management tool pass '1' to the
 # corresponding env var:
 #   $ CHEF=1 sudo -E ./build-openmandriva-box.sh OPENMANDRIVA_RELEASE BOX_ARCH
 #   $ PUPPET=1 sudo -E ./build-openmandriva-box.sh OPENMANDRIVA_RELEASE BOX_ARCH
 #   $ SALT=1 sudo -E ./build-openmandriva-box.sh OPENMANDRIVA_RELEASE BOX_ARCH
 #   $ BABUSHKA=1 sudo -E ./build-openmandriva-box.sh OPENMANDRIVA_RELEASE BOX_ARCH
 ##################################################################################
 # 0 - Initial setup and sanity checks
 TODAY=$(date -u +"%Y-%m-%d")
 NOW=$(date -u)
 RELEASE=${1:-"openmandriva2013.0"}
 ARCH=${2:-"x86_64"}
 PKG=vagrant-lxc-${RELEASE}-${ARCH}-${TODAY}.box
 WORKING_DIR=/tmp/vagrant-lxc-${RELEASE}
 VAGRANT_KEY="ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key"
 ROOTFS=/var/lib/lxc/${RELEASE}-base/${RELEASE}-base/rootfs
 # Providing '1' will enable these tools
 CHEF=${CHEF:-0}
 PUPPET=${PUPPET:-0}
 SALT=${SALT:-0}
 BABUSHKA=${BABUSHKA:-0}
 # Path to files bundled with the box
 CWD=`readlink -f .`
 LXC_TEMPLATE=${CWD}/common/lxc-template-openmandriva
 LXC_CONF=${CWD}/common/lxc.conf
 METATADA_JSON=${CWD}/common/metadata.json
 # Set up a working dir
 mkdir -p $WORKING_DIR
 if [ -f "${WORKING_DIR}/${PKG}" ]; then
  echo "Found a box on ${WORKING_DIR}/${PKG} already!"
  exit 1
 fi
 ##################################################################################
 # 1 - Create the base container
 if $(lxc-ls | grep -q "${RELEASE}-base"); then
  echo "Base container already exists, please remove it with \`lxc-destroy -n ${RELEASE}-base\`!"
  exit 1
 else
  export SUITE=$RELEASE
  lxc-create -n ${RELEASE}-base -t openmandriva -- -R ${RELEASE} --arch ${ARCH}
 fi
 ######################################
 # 2 - Fix some known issues
 # Fixes some networking issues
 cat /etc/resolv.conf > ${ROOTFS}/etc/resolv.conf
 ##################################################################################
 # 3 - Prepare vagrant user
 chroot ${ROOTFS} su -c 'useradd --create-home -s /bin/bash vagrant'
 # echo -n 'vagrant:vagrant' | chroot ${ROOTFS} chpasswd
 chroot ${ROOTFS} su -c "echo -n 'vagrant:vagrant' | chpasswd"
 ##################################################################################
 # 4 - Setup SSH access and passwordless sudo
 # Configure SSH access
 mkdir -p ${ROOTFS}/home/vagrant/.ssh
 echo $VAGRANT_KEY > ${ROOTFS}/home/vagrant/.ssh/authorized_keys
 chroot ${ROOTFS} chown -R vagrant: /home/vagrant/.ssh
 chroot ${ROOTFS} urpmi sudo --auto
 chroot ${ROOTFS} usermod -a -G wheel vagrant
 # Enable passwordless sudo for users under the "sudo" group
 cp ${ROOTFS}/etc/sudoers{,.orig}
 sed -i 's/Defaults    requiretty/\# Defaults requiretty/' ${ROOTFS}/etc/sudoers
 sed -i 's/\#%wheel/\%wheel/'  ${ROOTFS}/etc/sudoers
 sed -i 's/\# %wheel/\%wheel/' ${ROOTFS}/etc/sudoers
 # sed -i -e \
 #       's/%sudo\s\+ALL=(ALL\(:ALL\)\?)\s\+ALL/%sudo ALL=(ALL) NOPASSWD:ALL/g' \
 #       ${ROOTFS}/etc/sudoers
 ##################################################################################
 # 5 - Add some goodies and update packages
 PACKAGES=(vim curl wget man bash-completion openssh-server openssh-clients tar)
 chroot ${ROOTFS} urpmi ${PACKAGES[*]} --auto
 chroot ${ROOTFS} urpmi.update -a
 ##################################################################################
 # 6 - Configuration management tools
 if [ $CHEF = 1 ]; then
  ./common/install-chef $ROOTFS
 fi
 if [ $PUPPET = 1 ]; then
  ./common/install-puppet $ROOTFS
 fi
 if [ $SALT = 1 ]; then
  ./common/install-salt $ROOTFS
 fi
 if [ $BABUSHKA = 1 ]; then
  ./common/install-babushka $ROOTFS
 fi
 ##################################################################################
 # 7 - Free up some disk space
 rm -rf ${ROOTFS}/tmp/*
 # chroot ${ROOTFS} urpmi clean metadata
 ##################################################################################
 # 8 - Build box package
 # Compress container's rootfs
 cd $(dirname $ROOTFS)
 tar --numeric-owner -czf /tmp/vagrant-lxc-${RELEASE}/rootfs.tar.gz ./rootfs/*
 # Prepare package contents
 cd $WORKING_DIR
 cp $LXC_TEMPLATE lxc-template
 cp $LXC_CONF .
 cp $METATADA_JSON .
 chmod +x lxc-template
 sed -i "s/<TODAY>/${NOW}/" metadata.json
 # Vagrant box!
 tar -czf $PKG ./*
 chmod +rw ${WORKING_DIR}/${PKG}
 mkdir -p ${CWD}/output
 mv ${WORKING_DIR}/${PKG} ${CWD}/output
 # Clean up after ourselves
 rm -rf ${WORKING_DIR}
 echo "The base box was built successfully to ${CWD}/output/${PKG}"
--- a/common/download.sh
+++ b/common/download.sh
@ -26,20 +26,28 @@ fi
 # If we got to this point, we need to create the container
 log "Creating container..."
  utils.lxc.create -t download -- \
                   --dist ${DISTRIBUTION} \
                   --release ${RELEASE} \
                   --arch ${ARCH}
 if [ ${DISTRIBUTION} = 'fedora' ] ||\
   [ ${DISTRIBUTION} = 'ubuntu' ] ||\
   [ ${DISTRIBUTION} = 'debian' ]
 then
  # Improve systemd support:
  # - The fedora template does it but the fedora images from the download
  #   template apparently don't.
  # - The debian template does it but the debian image from the download
  #   template apparently not.
  utils.lxc.stop
-cfgpath="${HOME}/.local/share/lxc/${CONTAINER}/config"
+  echo  >> /var/lib/lxc/${CONTAINER}/config
-echo  >> ${cfgpath}
+  echo "# settings for systemd with PID 1:" >> /var/lib/lxc/${CONTAINER}/config
-echo "# settings for systemd with PID 1:" >> ${cfgpath}
+  echo "lxc.autodev = 1" >> /var/lib/lxc/${CONTAINER}/config
-echo "lxc.autodev = 1" >> ${cfgpath}
+  utils.lxc.start
  utils.lxc.attach rm -f /dev/kmsg
  utils.lxc.stop
 fi
 log "Container created!"
--- a/common/lxc-template-openmandriva
+++ b/common/lxc-template-openmandriva
@ -0,0 +1,225 @@
 #!/bin/bash
 # This is a modified version of /usr/share/lxc/templates/lxc-openmandriva
 # that comes with OpenMandriva changed to suit vagrant-lxc needs
 #
 # template script for generating openmandriva container for LXC
 #
 #
 # lxc: linux Container library
 # Authors:
 # Alexander Khryukin <alexander@mezon.ru>
 # Vokhmin Alexey V   <avokhmin@gmail.com>
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
 # License as published by the Free Software Foundation; either
 # version 2.1 of the License, or (at your option) any later version.
 # This library is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 # Lesser General Public License for more details.
 # You should have received a copy of the GNU Lesser General Public
 # License along with this library; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 set -e
 if [ -r /etc/default/lxc ]; then
    . /etc/default/lxc
 fi
 extract_rootfs()
 {
    tarball=$1
    arch=$2
    rootfs=$3
    echo "Extracting $tarball ..."
    mkdir -p $(dirname $rootfs)
    (cd `dirname $rootfs` && tar xfz $tarball)
    return 0
 }
 install_openmandriva()
 {
    rootfs=$1
    release=$2
    tarball=$3
    mkdir -p /var/lock/subsys/
    (
        flock -x 200
        if [ $? -ne 0 ]; then
            echo "Cache repository is busy."
            return 1
        fi
        extract_rootfs $tarball $arch $rootfs
        if [ $? -ne 0 ]; then
            echo "Failed to copy rootfs"
            return 1
        fi
        return 0
    ) 200>/var/lock/subsys/lxc
    return $?
 }
 copy_configuration()
 {
    path=$1
    rootfs=$2
    name=$3
    grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config
    # if there is exactly one veth network entry, make sure it has an
    # associated hwaddr.
    nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l`
    if [ $nics -eq 1 ]; then
        grep -q "^lxc.network.hwaddr" $path/config || sed -i -e "/^lxc\.network\.type[ \t]*=[ \t]*veth/a lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')" $path/config
    fi
    if [ $? -ne 0 ]; then
        echo "Failed to add configuration"
        return 1
    fi
    return 0
 }
 post_process()
 {
    rootfs=$1
    # rmdir /dev/shm for containers that have /run/shm
    # I'm afraid of doing rm -rf $rootfs/dev/shm, in case it did
    # get bind mounted to the host's /run/shm.  So try to rmdir
    # it, and in case that fails move it out of the way.
    if [ ! -L $rootfs/dev/shm ] && [ -d $rootfs/run/shm ] && [ -e $rootfs/dev/shm ]; then
        mv $rootfs/dev/shm $rootfs/dev/shm.bak
        ln -s /run/shm $rootfs/dev/shm
    fi
 }
 usage()
 {
    cat <<EOF
 usage:
    $1 -n|--name=<container_name>
        [-p|--path=<path>] [-c|--clean] [-R|--release=<openmandriva2013.0/rosa2012.1/cooker/ release>]
        [-4|--ipv4=<ipv4 address>] [-6|--ipv6=<ipv6 address>]
        [-g|--gw=<gw address>] [-d|--dns=<dns address>]
        [-P|--profile=<name of the profile>] [--rootfs=<path>]
        [-A|--arch=<arch of the container>]
        [-T|--tarball <tarball path>]
        [-S|--auth-key <auth-key path>]
        [-h|--help]
 Mandatory args:
  -n,--name         container name, used to as an identifier for that container from now on
 Optional args:
  -p,--path         path to where the container rootfs will be created, defaults to /var/lib/lxc. The container config will go under /var/lib/lxc in that case
  -c,--clean        clean the cache
  -R,--release      openmandriva2013.0/cooker/rosa2012.1 release for the new container. if the host is OpenMandriva, then it will default to the host's release.
  -4,--ipv4         specify the ipv4 address to assign to the virtualized interface, eg. 192.168.1.123/24
  -6,--ipv6         specify the ipv6 address to assign to the virtualized interface, eg. 2003:db8:1:0:214:1234:fe0b:3596/64
  -g,--gw           specify the default gw, eg. 192.168.1.1
  -G,--gw6          specify the default gw, eg. 2003:db8:1:0:214:1234:fe0b:3596
  -d,--dns          specify the DNS server, eg. 192.168.1.2
  -P,--profile      Profile name is the file name in /etc/lxc/profiles contained packages name for install to cache.
  -A,--arch         Define what arch the container will be [i586,x86_64,armv7l,armv7hl]
  ---rootfs         rootfs path
  -h,--help         print this help
 EOF
    return 0
 }
 options=$(getopt -o hp:n:P:cR:4:6:g:d:A:S:T: -l help,rootfs:,path:,name:,profile:,clean:,release:,ipv4:,ipv6:,gw:,dns:,arch:,auth-key:,tarball: -- "$@")
 if [ $? -ne 0 ]; then
    usage $(basename $0)
    exit 1
 fi
 eval set -- "$options"
 # doesn't use
 release=${release:-"cooker"} 
 hostarch=$(uname -m)
 while true
 do
    case "$1" in
        -h|--help)      usage $0 && exit 0;;
        -p|--path)      path=$2; shift 2;;
        --rootfs)       rootfs_path=$2; shift 2;;
        -n|--name)      name=$2; shift 2;;
        -P|--profile)   profile=$2; shift 2;;
        -c|--clean)     clean=$2; shift 2;;
        -R|--release)   release=$2; shift 2;;
        -T|--tarball)   tarball=$2; shift 2;;
        -S|--auth-key)  auth_key=$2; shift 2;;
        -A|--arch)      arch=$2; shift 2;;
        -4|--ipv4)      ipv4=$2; shift 2;;
        -6|--ipv6)      ipv6=$2; shift 2;;
        -g|--gw)        gw=$2; shift 2;;
        -d|--dns)       dns=$2; shift 2;;
        --)             shift 1; break ;;
        *)              break ;;
    esac
 done
 arch=${arch:-$hostarch}
 if [ $hostarch = "i586" -a $arch = "x86_64" ]; then
    echo "can't create x86_64 container on i586"
    exit 1
 fi
 if [ -z "$path" ]; then
    echo "'path' parameter is required"
    exit 1
 fi
 if [ "$(id -u)" != "0" ]; then
    echo "This script should be run as 'root'"
    exit 1
 fi
 # detect rootfs
 config="$path/config"
 # if $rootfs exists here, it was passed in with --rootfs
 if [ -z "$rootfs" ]; then
    if grep -q '^lxc.rootfs' $config 2>/dev/null ; then
        rootfs=`grep 'lxc.rootfs =' $config | awk -F= '{ print $2 }'`
    else
        rootfs=$path/rootfs
    fi
 fi
 install_openmandriva $rootfs $release $tarball
 if [ $? -ne 0 ]; then
    echo "failed to install openmandriva $release"
    exit 1
 fi
 copy_configuration $path $rootfs $name $arch
 if [ $? -ne 0 ]; then
    echo "failed write configuration file"
    exit 1
 fi
 post_process $rootfs $release
 echo ""
 echo "##"
 echo "# The default user is 'vagrant' with password 'vagrant'!"
 echo "# Use the 'sudo' command to run tasks as root in the container."
 echo "##"
 echo ""
--- a/common/lxc-template.bkp
+++ b/common/lxc-template.bkp
@ -0,0 +1,226 @@
 #!/bin/bash
 # This is a modified version of /usr/share/lxc/templates/lxc-ubuntu
 # that comes with Ubuntu 13.04 changed to suit vagrant-lxc needs
 #
 # template script for generating ubuntu container for LXC
 #
 # This script consolidates and extends the existing lxc ubuntu scripts
 #
 # Copyright © 2011 Serge Hallyn <serge.hallyn@canonical.com>
 # Copyright © 2010 Wilhelm Meier
 # Author: Wilhelm Meier <wilhelm.meier@fh-kl.de>
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2, as
 # published by the Free Software Foundation.
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 # You should have received a copy of the GNU General Public License along
 # with this program; if not, write to the Free Software Foundation, Inc.,
 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 set -e
 if [ -r /etc/default/lxc ]; then
    . /etc/default/lxc
 fi
 extract_rootfs()
 {
    tarball=$1
    arch=$2
    rootfs=$3
    echo "Extracting $tarball ..."
    mkdir -p $rootfs
    (cd $rootfs && tar xfz $tarball --strip-components=2)
    return 0
 }
 install_ubuntu()
 {
    rootfs=$1
    release=$2
    tarball=$3
    mkdir -p /var/lock/subsys/
    (
        flock -x 200
        if [ $? -ne 0 ]; then
            echo "Cache repository is busy."
            return 1
        fi
        extract_rootfs $tarball $arch $rootfs
        if [ $? -ne 0 ]; then
            echo "Failed to copy rootfs"
            return 1
        fi
        return 0
    ) 200>/var/lock/subsys/lxc
    return $?
 }
 copy_configuration()
 {
    path=$1
    rootfs=$2
    name=$3
    grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config
    # if there is exactly one veth network entry, make sure it has an
    # associated hwaddr.
    nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l`
    if [ $nics -eq 1 ]; then
        grep -q "^lxc.network.hwaddr" $path/config || sed -i -e "/^lxc\.network\.type[ \t]*=[ \t]*veth/a lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')" $path/config
    fi
    if [ $? -ne 0 ]; then
        echo "Failed to add configuration"
        return 1
    fi
    return 0
 }
 post_process()
 {
    rootfs=$1
    # rmdir /dev/shm for containers that have /run/shm
    # I'm afraid of doing rm -rf $rootfs/dev/shm, in case it did
    # get bind mounted to the host's /run/shm.  So try to rmdir
    # it, and in case that fails move it out of the way.
    if [ ! -L $rootfs/dev/shm ] && [ -d $rootfs/run/shm ] && [ -e $rootfs/dev/shm ]; then
        mv $rootfs/dev/shm $rootfs/dev/shm.bak
        ln -s /run/shm $rootfs/dev/shm
    fi
 }
 usage()
 {
    cat <<EOF
 $1 -h|--help [-a|--arch] [--trim] [-d|--debug] [--rootfs <rootfs>] [-T|--tarball <rootfs-tarball>
 arch: the container architecture (e.g. amd64): defaults to host arch
 EOF
    return 0
 }
 options=$(getopt -o a:b:hp:r:xn:FS:d:C -l arch:,help,path:,release:,trim,name:,flush-cache,auth-key:,debug:,tarball:,rootfs: -- "$@")
 if [ $? -ne 0 ]; then
    usage $(basename $0)
    exit 1
 fi
 eval set -- "$options"
 release=precise # Default to the last Ubuntu LTS release for non-Ubuntu systems
 if [ -f /etc/lsb-release ]; then
    . /etc/lsb-release
    if [ "$DISTRIB_ID" = "Ubuntu" ]; then
        release=$DISTRIB_CODENAME
    fi
 fi
 arch=$(uname -m)
 # Code taken from debootstrap
 if [ -x /usr/bin/dpkg ] && /usr/bin/dpkg --print-architecture >/dev/null 2>&1; then
    arch=`/usr/bin/dpkg --print-architecture`
 elif type udpkg >/dev/null 2>&1 && udpkg --print-architecture >/dev/null 2>&1; then
    arch=`/usr/bin/udpkg --print-architecture`
 else
    arch=$(uname -m)
    if [ "$arch" = "i686" ]; then
        arch="i386"
    elif [ "$arch" = "x86_64" ]; then
        arch="amd64"
    elif [ "$arch" = "armv7l" ]; then
        arch="armel"
    fi
 fi
 debug=0
 trim_container=0
 hostarch=$arch
 while true
 do
    case "$1" in
    -h|--help)      usage $0 && exit 0;;
    --rootfs)       rootfs=$2; shift 2;;
    -p|--path)      path=$2; shift 2;;
    -n|--name)      name=$2; shift 2;;
    -T|--tarball)   tarball=$2; shift 2;;
    -a|--arch)      arch=$2; shift 2;;
    -S|--auth-key)  auth_key=$2; shift 2;;
    -d|--debug)     debug=1; shift 1;;
    --)             shift 1; break ;;
        *)              break ;;
    esac
 done
 if [ $debug -eq 1 ]; then
    set -x
 fi
 if [ "$arch" == "i686" ]; then
    arch=i386
 fi
 if [ $hostarch = "i386" -a $arch = "amd64" ]; then
    echo "can't create amd64 container on i386"
    exit 1
 fi
 if [ -z "$path" ]; then
    echo "'path' parameter is required"
    exit 1
 fi
 if [ "$(id -u)" != "0" ]; then
    echo "This script should be run as 'root'"
    exit 1
 fi
 # detect rootfs
 config="$path/config"
 # if $rootfs exists here, it was passed in with --rootfs
 if [ -z "$rootfs" ]; then
    if grep -q '^lxc.rootfs' $config 2>/dev/null ; then
        rootfs=`grep 'lxc.rootfs =' $config | awk -F= '{ print $2 }'`
    else
        rootfs=$path/rootfs
    fi
 fi
 install_ubuntu $rootfs $release $tarball
 if [ $? -ne 0 ]; then
    echo "failed to install ubuntu $release"
    exit 1
 fi
 copy_configuration $path $rootfs $name $arch
 if [ $? -ne 0 ]; then
    echo "failed write configuration file"
    exit 1
 fi
 post_process $rootfs $release $trim_container
 echo ""
 echo "##"
 echo "# The default user is 'vagrant' with password 'vagrant'!"
 echo "# Use the 'sudo' command to run tasks as root in the container."
 echo "##"
 echo ""
--- a/common/package.sh
+++ b/common/package.sh
@ -3,7 +3,7 @@ set -e
 source common/ui.sh
-ROOTFS="${HOME}/.local/share/lxc/${CONTAINER}/rootfs"
+ROOTFS="/var/lib/lxc/${CONTAINER}/rootfs"
 WORKING_DIR="/tmp/${CONTAINER}"
 debug "Creating ${WORKING_DIR}"
@ -14,17 +14,19 @@ mkdir -p $(dirname ${PACKAGE})
 info "Packaging '${CONTAINER}' to '${PACKAGE}'..."
 debug 'Stopping container'
 lxc-stop -n ${CONTAINER} &>/dev/null || true
 if [ -f ${WORKING_DIR}/rootfs.tar.gz ]; then
  log "Removing previous rootfs tarball"
  rm -f ${WORKING_DIR}/rootfs.tar.gz
 fi
-log "Compressing container's rootfs (sudo needed)"
+log "Compressing container's rootfs"
 pushd  $(dirname ${ROOTFS})
-  sudo tar --numeric-owner --anchored --exclude=./rootfs/dev/log -czf \
+  tar --numeric-owner --anchored --exclude=./rootfs/dev/log -czf \
      ${WORKING_DIR}/rootfs.tar.gz ./rootfs/*
 popd
 sudo chown ${UID} ${WORKING_DIR}/rootfs.tar.gz
 # Prepare package contents
 log 'Preparing box package contents'
@ -40,3 +42,6 @@ sed -i "s/<TODAY>/${NOW}/" ${WORKING_DIR}/metadata.json
 log 'Packaging box'
 TARBALL=$(readlink -f ${PACKAGE})
 (cd ${WORKING_DIR} && tar -czf $TARBALL ./*)
 chmod +rw ${PACKAGE}
 chown ${USER}: ${PACKAGE}
--- a/common/prepare-vagrant-user.sh
+++ b/common/prepare-vagrant-user.sh
@ -1,38 +1,57 @@
 #!/bin/bash
 set -e
 source /etc/profile
-export VAGRANT_KEY="ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key"
+source common/ui.sh
 ROOTFS="/var/lib/lxc/${CONTAINER}/rootfs"
 VAGRANT_KEY="ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key"
 info "Preparing vagrant user..."
 # Create vagrant user
-if $(grep -q 'vagrant' /etc/shadow); then
+if $(grep -q 'vagrant' ${ROOTFS}/etc/shadow); then
-  echo 'Skipping vagrant user creation'
+  log 'Skipping vagrant user creation'
-elif $(grep -q 'ubuntu' /etc/shadow); then
+elif $(grep -q 'ubuntu' ${ROOTFS}/etc/shadow); then
-  echo 'vagrant user does not exist, renaming ubuntu user...'
+  debug 'vagrant user does not exist, renaming ubuntu user...'
-  mv /home/{ubuntu,vagrant}
+  mv ${ROOTFS}/home/{ubuntu,vagrant}
-  usermod -l vagrant -d /home/vagrant ubuntu
+  chroot ${ROOTFS} usermod -l vagrant -d /home/vagrant ubuntu
-  groupmod -n vagrant ubuntu
+  chroot ${ROOTFS} groupmod -n vagrant ubuntu
-  echo -n 'vagrant:vagrant' | chpasswd
+  echo -n 'vagrant:vagrant' | chroot ${ROOTFS} chpasswd
-  echo 'Renamed ubuntu user to vagrant and changed password.'
+  log 'Renamed ubuntu user to vagrant and changed password.'
 elif [ ${DISTRIBUTION} = 'centos' -o ${DISTRIBUTION} = 'fedora' ]; then
-  echo 'Creating vagrant user...'
+  debug 'Creating vagrant user...'
-  useradd --create-home -s /bin/bash -u 1000 vagrant
+  chroot ${ROOTFS} useradd --create-home -s /bin/bash -u 1000 vagrant
-  echo -n 'vagrant:vagrant' | chpasswd
+  echo -n 'vagrant:vagrant' | chroot ${ROOTFS} chpasswd
-  sed -i 's/^Defaults\s\+requiretty/# Defaults requiretty/' /etc/sudoers
+  sed -i 's/^Defaults\s\+requiretty/# Defaults requiretty/' $ROOTFS/etc/sudoers
  if [ ${RELEASE} -eq 6 ]; then
    info 'Disabling password aging for root...'
    # disable password aging (required on Centos 6)
    # pretend that password was changed today (won't fail during provisioning)
    chroot ${ROOTFS} chage -I -1 -m 0 -M 99999 -E -1 -d `date +%Y-%m-%d` root
  fi
 else
-  echo 'Creating vagrant user...'
+  debug 'Creating vagrant user...'
-  useradd --create-home -s /bin/bash vagrant
+  chroot ${ROOTFS} useradd --create-home -s /bin/bash vagrant
-  echo -n 'vagrant:vagrant' | chpasswd
+  echo -n 'vagrant:vagrant' | chroot ${ROOTFS} chpasswd
 fi
 # Configure SSH access
-mkdir -p /home/vagrant/.ssh
+if [ -d ${ROOTFS}/home/vagrant/.ssh/authorized_keys ]; then
-echo $VAGRANT_KEY > /home/vagrant/.ssh/authorized_keys
+  log 'Skipping vagrant SSH credentials configuration'
-chown -R vagrant /home/vagrant/.ssh
+else
-chmod +x /home/vagrant/.ssh
+  debug 'SSH key has not been set'
-echo 'SSH credentials configured for the vagrant user.'
+  mkdir -p ${ROOTFS}/home/vagrant/.ssh
  echo $VAGRANT_KEY > ${ROOTFS}/home/vagrant/.ssh/authorized_keys
  chroot ${ROOTFS} chown -R vagrant: /home/vagrant/.ssh
  log 'SSH credentials configured for the vagrant user.'
 fi
 # Enable passwordless sudo for the vagrant user
-echo "vagrant ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/vagrant
+if [ -f ${ROOTFS}/etc/sudoers.d/vagrant ]; then
-chmod 0440 /etc/sudoers.d/vagrant
+  log 'Skipping sudoers file creation.'
-echo 'Sudoers file created.'
+else
  debug 'Sudoers file was not found'
  echo "vagrant ALL=(ALL) NOPASSWD:ALL" > ${ROOTFS}/etc/sudoers.d/vagrant
  chmod 0440 ${ROOTFS}/etc/sudoers.d/vagrant
  log 'Sudoers file created.'
 fi
--- a/conf/centos
+++ b/conf/centos
@ -1,9 +1,9 @@
 # Taken from the oracle.common.conf.in
 # Console settings
-lxc.devttydir = lxc
+lxc.tty.dir = lxc
-lxc.tty = 4
+lxc.tty.max = 4
-lxc.pts = 1024
+lxc.pty.max = 1024
 # Mount entries
 lxc.mount.auto = proc:mixed sys:ro
@ -54,4 +54,4 @@ lxc.cgroup.devices.allow = c 10:200 rwm # /dev/net/tun
 # Blacklist some syscalls which are not safe in privileged
 # containers
-lxc.seccomp = /usr/share/lxc/config/common.seccomp
+lxc.seccomp.profile = /usr/share/lxc/config/common.seccomp
--- a/conf/debian
+++ b/conf/debian
@ -1,36 +1,34 @@
 # Default pivot location
 lxc.pivotdir = lxc_putold
 # Default mount entries
 lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
 lxc.mount.entry = sysfs sys sysfs defaults 0 0
 # Default console settings
-lxc.tty = 4
+lxc.tty.max = 4
-lxc.pts = 1024
+lxc.pty.max = 1024
 # Default capabilities
 lxc.cap.drop = sys_module mac_admin mac_override sys_time
 # Prevent systemd-journald from burning 100% of CPU
 # See https://wiki.debian.org/LXC#Incompatibility_with_systemd
 lxc.kmsg = 0
 lxc.autodev = 1
 # When using LXC with apparmor, the container will be confined by default.
 # If you wish for it to instead run unconfined, copy the following line
 # (uncommented) to the container's configuration file.
-#lxc.aa_profile = unconfined
+#lxc.apparmor.profile = unconfined
 # To support container nesting on an Ubuntu host while retaining most of
 # apparmor's added security, use the following two lines instead.
-#lxc.aa_profile = lxc-container-default-with-nesting
+#lxc.apparmor.profile = lxc-container-default-with-nesting
 #lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups
 # If you wish to allow mounting block filesystems, then use the following
 # line instead, and make sure to grant access to the block device and/or loop
 # devices below in lxc.cgroup.devices.allow.
-#lxc.aa_profile = lxc-container-default-with-mounting
+#lxc.apparmor.profile = lxc-container-default-with-mounting
 # Default cgroup limits
 lxc.cgroup.devices.deny = a
--- a/conf/debian-jessie
+++ b/conf/debian-jessie
@ -1,17 +1,15 @@
 # support systemd as PID 1
 lxc.autodev = 1
 lxc.kmsg = 0
 # Default pivot location
 lxc.pivotdir = lxc_putold
 # Default mount entries
 lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
 lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0
 # Default console settings
-lxc.tty = 4
+lxc.tty.max = 4
-lxc.pts = 1024
+lxc.pty.max = 1024
 # Default capabilities
 lxc.cap.drop = sys_module mac_admin mac_override sys_time sys_rawio
@ -19,17 +17,17 @@ lxc.cap.drop = sys_module mac_admin mac_override sys_time sys_rawio
 # When using LXC with apparmor, the container will be confined by default.
 # If you wish for it to instead run unconfined, copy the following line
 # (uncommented) to the container's configuration file.
-#lxc.aa_profile = unconfined
+#lxc.apparmor.profile = unconfined
 # To support container nesting on an Ubuntu host while retaining most of
 # apparmor's added security, use the following two lines instead.
-#lxc.aa_profile = lxc-container-default-with-nesting
+#lxc.apparmor.profile = lxc-container-default-with-nesting
 #lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups
 # If you wish to allow mounting block filesystems, then use the following
 # line instead, and make sure to grant access to the block device and/or loop
 # devices below in lxc.cgroup.devices.allow.
-#lxc.aa_profile = lxc-container-default-with-mounting
+#lxc.apparmor.profile = lxc-container-default-with-mounting
 # Default cgroup limits
 lxc.cgroup.devices.deny = a
--- a/conf/debian-stretch
+++ b/conf/debian-stretch
@ -1 +0,0 @@
 debian-jessie
--- a/conf/debian-stretch
+++ b/conf/debian-stretch
@ -0,0 +1,63 @@
 # support systemd as PID 1
 lxc.autodev = 1
 # Default pivot location
 # Default mount entries
 lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
 lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0
 # Default console settings
 lxc.tty.max = 4
 lxc.pty.max = 1024
 # Default capabilities
 lxc.cap.drop = sys_module mac_admin mac_override sys_time sys_rawio
 # When using LXC with apparmor, the container will be confined by default.
 # If you wish for it to instead run unconfined, copy the following line
 # (uncommented) to the container's configuration file.
 #lxc.apparmor.profile = unconfined
 # To support container nesting on an Ubuntu host while retaining most of
 # apparmor's added security, use the following two lines instead.
 #lxc.apparmor.profile = lxc-container-default-with-nesting
 #lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups
 # If you wish to allow mounting block filesystems, then use the following
 # line instead, and make sure to grant access to the block device and/or loop
 # devices below in lxc.cgroup.devices.allow.
 #lxc.apparmor.profile = lxc-container-default-with-mounting
 # Default cgroup limits
 lxc.cgroup.devices.deny = a
 ## Allow any mknod (but not using the node)
 lxc.cgroup.devices.allow = c *:* m
 lxc.cgroup.devices.allow = b *:* m
 ## /dev/null and zero
 lxc.cgroup.devices.allow = c 1:3 rwm
 lxc.cgroup.devices.allow = c 1:5 rwm
 ## consoles
 lxc.cgroup.devices.allow = c 5:0 rwm
 lxc.cgroup.devices.allow = c 5:1 rwm
 ## /dev/{,u}random
 lxc.cgroup.devices.allow = c 1:8 rwm
 lxc.cgroup.devices.allow = c 1:9 rwm
 ## /dev/pts/*
 lxc.cgroup.devices.allow = c 5:2 rwm
 lxc.cgroup.devices.allow = c 136:* rwm
 ## rtc
 lxc.cgroup.devices.allow = c 254:0 rm
 ## fuse
 lxc.cgroup.devices.allow = c 10:229 rwm
 ## tun
 lxc.cgroup.devices.allow = c 10:200 rwm
 ## full
 lxc.cgroup.devices.allow = c 1:7 rwm
 ## hpet
 lxc.cgroup.devices.allow = c 10:228 rwm
 ## kvm
 lxc.cgroup.devices.allow = c 10:232 rwm
 ## To use loop devices, copy the following line to the container's
 ## configuration file (uncommented).
 #lxc.cgroup.devices.allow = b 7:* rwm
--- a/conf/fedora
+++ b/conf/fedora
@ -1,13 +1,12 @@
 # work better with systemd:
 lxc.autodev = 1
 lxc.kmsg = 0
 # Taken from the oracle.common.conf.in
 # Console settings
-lxc.devttydir = lxc
+lxc.tty.dir = lxc
-lxc.tty = 4
+lxc.tty.max = 4
-lxc.pts = 1024
+lxc.pty.max = 1024
 # Mount entries
 lxc.mount.auto = proc:mixed sys:ro
@ -66,4 +65,4 @@ lxc.cgroup.devices.allow = c 5:2 rwm
 # Blacklist some syscalls which are not safe in privileged
 # containers
-lxc.seccomp = /usr/share/lxc/config/common.seccomp
+lxc.seccomp.profile = /usr/share/lxc/config/common.seccomp
--- a/conf/gentoo
+++ b/conf/gentoo
@ -1,5 +1,5 @@
 lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
 # Default console settings
-lxc.tty = 4
+lxc.tty.max = 4
-lxc.pts = 1024
+lxc.pty.max = 1024
--- a/conf/ubuntu
+++ b/conf/ubuntu
@ -1,14 +1,13 @@
 # Default pivot location
 lxc.pivotdir = lxc_putold
 # Default mount entries
 lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
 lxc.mount.entry = sysfs sys sysfs defaults 0 0
 # Default console settings
-lxc.devttydir = lxc
+lxc.tty.dir = lxc
-lxc.tty = 4
+lxc.tty.max = 4
-lxc.pts = 1024
+lxc.pty.max = 1024
 # Default capabilities
 lxc.cap.drop = sys_module mac_admin mac_override sys_time
@ -16,11 +15,11 @@ lxc.cap.drop = sys_module mac_admin mac_override sys_time
 # When using LXC with apparmor, the container will be confined by default.
 # If you wish for it to instead run unconfined, copy the following line
 # (uncommented) to the container's configuration file.
-#lxc.aa_profile = unconfined
+#lxc.apparmor.profile = unconfined
 # To support container nesting on an Ubuntu host while retaining most of
 # apparmor's added security, use the following two lines instead.
-#lxc.aa_profile = lxc-container-default-with-nesting
+#lxc.apparmor.profile = lxc-container-default-with-nesting
 #lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups
 # Uncomment the following line to autodetect squid-deb-proxy configuration on the
@ -30,7 +29,7 @@ lxc.cap.drop = sys_module mac_admin mac_override sys_time
 # If you wish to allow mounting block filesystems, then use the following
 # line instead, and make sure to grant access to the block device and/or loop
 # devices below in lxc.cgroup.devices.allow.
-#lxc.aa_profile = lxc-container-default-with-mounting
+#lxc.apparmor.profile = lxc-container-default-with-mounting
 # Default cgroup limits
 lxc.cgroup.devices.deny = a
--- a/conf/ubuntu-wily
+++ b/conf/ubuntu-wily
@ -6,5 +6,4 @@
 lxc.include = /usr/share/lxc/config/ubuntu.common.conf
 # settings for systemd with PID 1:
 lxc.kmsg = 0
 lxc.autodev = 1
--- a/conf/ubuntu-xenial
+++ b/conf/ubuntu-xenial
@ -6,8 +6,7 @@
 lxc.include = /usr/share/lxc/config/ubuntu.common.conf
 # settings for systemd with PID 1:
 lxc.kmsg = 0
 lxc.autodev = 1
 # allow unconfined and incomplete
-lxc.aa_profile = unconfined
+lxc.apparmor.profile = unconfined
-lxc.aa_allow_incomplete = 1
+lxc.apparmor.allow_incomplete = 1
--- a/debian/clean.sh
+++ b/debian/clean.sh
@ -1,16 +1,19 @@
 #!/bin/bash
 set -e
 source /etc/profile
-echo "Cleaning up"
+source common/ui.sh
 source common/utils.sh
-rm /script.sh
+debug 'Bringing container up'
 utils.lxc.start
-echo 'Removing temporary files...'
+info "Cleaning up '${CONTAINER}'..."
 rm -rf /tmp/*
-echo 'cleaning up dhcp leases'
+log 'Removing temporary files...'
-rm -f /var/lib/dhcp/*
+rm -rf ${ROOTFS}/tmp/*
-echo 'Removing downloaded packages...'
+log 'cleaning up dhcp leases'
-apt-get clean
+rm -f ${ROOTFS}/var/lib/dhcp/*
 log 'Removing downloaded packages...'
 utils.lxc.attach apt-get clean
--- a/debian/install-ansible.sh
+++ b/debian/install-ansible.sh
@ -0,0 +1,7 @@
 #!/bin/bash
 ANSIBLE_VERSION=${ANSIBLE_VERSION:-latest}
 apt-get install -y build-essential python-setuptools python-jinja2 python-yaml python-paramiko python-httplib2 python-crypto sshpass
 wget https://releases.ansible.com/ansible/ansible-$ANSIBLE_VERSION.tar.gz -O /tmp//ansible.tar.gz
 tar -zxvf /tmp/ansible.tar.gz -C /tmp/ && rm -r /tmp/ansible.tar.gz
 cd /tmp/ansible-* && make && make install
--- a/debian/install-extras.sh
+++ b/debian/install-extras.sh
@ -1,48 +1,98 @@
 #!/bin/bash
 set -e
-source /etc/profile
+source common/ui.sh
 source common/utils.sh
-echo 'Installing extra packages and upgrading'
+info 'Installing extra packages and upgrading'
 debug 'Bringing container up'
 utils.lxc.start
 # Sleep for a bit so that the container can get an IP
 SECS=15
 log "Sleeping for $SECS seconds..."
 sleep $SECS
 PACKAGES=(vim curl wget man-db openssh-server bash-completion ca-certificates sudo)
-echo "Installing additional packages: ${ADDPACKAGES}"
+log "Installing additional packages: ${ADDPACKAGES}"
 PACKAGES+=" ${ADDPACKAGES}"
 if [ $DISTRIBUTION = 'ubuntu' ]; then
  PACKAGES+=' software-properties-common'
 fi
 if [ $RELEASE != 'raring' ] && [ $RELEASE != 'saucy' ] && [ $RELEASE != 'trusty' ] && [ $RELEASE != 'wily' ] ; then
  PACKAGES+=' nfs-common'
 fi
 if [ $RELEASE != 'stretch' ] ; then
  PACKAGES+=' python-software-properties'
 fi
 utils.lxc.attach apt-get update
 utils.lxc.attach apt-get install ${PACKAGES[*]} -y --force-yes
 utils.lxc.attach apt-get upgrade -y --force-yes
 ANSIBLE=${ANSIBLE:-0}
 if [[ $ANSIBLE = 1 ]]; then
    PACKAGES+=' ansible'
 fi
 CHEF=${CHEF:-0}
 if [[ $CHEF = 1 ]]; then
    PACKAGES+=' chef'
 fi
 PUPPET=${PUPPET:-0}
 if [[ $PUPPET = 1 ]]; then
    PACKAGES+=' puppet'
 fi
 SALT=${SALT:-0}
-if [[ $SALT = 1 ]]; then
+BABUSHKA=${BABUSHKA:-0}
    PACKAGES+=' salt-minion'
 fi
 export DEBIAN_FRONTEND=noninteractive
 export DEBIAN_PRIORITY=critical
 apt-get update
 apt-get install ${PACKAGES[*]} -y --force-yes
 apt-get upgrade -y --force-yes
 if [ $DISTRIBUTION = 'debian' ]; then
  # Enable bash-completion
  sed -e '/^#if ! shopt -oq posix; then/,/^#fi/ s/^#\(.*\)/\1/g' \
-    -i /etc/bash.bashrc
+    -i ${ROOTFS}/etc/bash.bashrc
 fi
 if [ $ANSIBLE = 1 ]; then
  if $(lxc-attach -n ${CONTAINER} -- which ansible &>/dev/null); then
    log "Ansible has been installed on container, skipping"
  else
    info "Installing Ansible"
    cp debian/install-ansible.sh ${ROOTFS}/tmp/ && chmod +x ${ROOTFS}/tmp/install-ansible.sh
    utils.lxc.attach /tmp/install-ansible.sh
  fi
 else
  log "Skipping Ansible installation"
 fi
 if [ $CHEF = 1 ]; then
  if $(lxc-attach -n ${CONTAINER} -- which chef-solo &>/dev/null); then
    log "Chef has been installed on container, skipping"
  else
    log "Installing Chef"
    cat > ${ROOTFS}/tmp/install-chef.sh << EOF
 #!/bin/sh
 curl -L https://www.opscode.com/chef/install.sh -k | sudo bash
 EOF
    chmod +x ${ROOTFS}/tmp/install-chef.sh
    utils.lxc.attach /tmp/install-chef.sh
  fi
 else
  log "Skipping Chef installation"
 fi
 if [ $PUPPET = 1 ]; then
  if $(lxc-attach -n ${CONTAINER} -- which puppet &>/dev/null); then
    log "Puppet has been installed on container, skipping"
  elif [ ${RELEASE} = 'sid' ]; then
    warn "Puppet can't be installed on Debian sid, skipping"
  else
    log "Installing Puppet"
    utils.lxc.attach apt-get update
    utils.lxc.attach apt-get install puppet -y --force-yes
  fi
 else
  log "Skipping Puppet installation"
 fi
 if [ $SALT = 1 ]; then
  if $(lxc-attach -n ${CONTAINER} -- which salt-minion &>/dev/null); then
    log "Salt has been installed on container, skipping"
  else
    utils.lxc.attach apt-get update
    utils.lxc.attach apt-get install salt-minion -y --force-yes
  fi
 else
  log "Skipping Salt installation"
 fi
--- a/debian/vagrant-lxc-fixes.sh
+++ b/debian/vagrant-lxc-fixes.sh
@ -1,33 +1,52 @@
 #!/bin/bash
 set -e
-source /etc/profile
+
 source common/ui.sh
 source common/utils.sh
 # Fixes some networking issues
 # See https://github.com/fgrehm/vagrant-lxc/issues/91 for more info
-if ! $(grep -q 'ip6-allhosts' /etc/hosts); then
+if ! $(grep -q 'ip6-allhosts' ${ROOTFS}/etc/hosts); then
-  echo 'ff02::3 ip6-allhosts' >> /etc/hosts
+  log "Adding ipv6 allhosts entry to container's /etc/hosts"
  echo 'ff02::3 ip6-allhosts' >> ${ROOTFS}/etc/hosts
 fi
 utils.lxc.start
 if [ ${DISTRIBUTION} = 'debian' ]; then
  # Ensure locales are properly set, based on http://askubuntu.com/a/238063
  LANG=${LANG:-en_US.UTF-8}
-sed -i "s/^# ${LANG}/${LANG}/" /etc/locale.gen
+  sed -i "s/^# ${LANG}/${LANG}/" ${ROOTFS}/etc/locale.gen
  # Fixes some networking issues
  # See https://github.com/fgrehm/vagrant-lxc/issues/91 for more info
-sed -i -e "s/\(127.0.0.1\s\+localhost\)/\1\n127.0.1.1\t${CONTAINER}\n/g" /etc/hosts
+  sed -i -e "s/\(127.0.0.1\s\+localhost\)/\1\n127.0.1.1\t${CONTAINER}\n/g" ${ROOTFS}/etc/hosts
  # Ensures that `/tmp` does not get cleared on halt
  # See https://github.com/fgrehm/vagrant-lxc/issues/68 for more info
  utils.lxc.attach /usr/sbin/update-rc.d -f checkroot-bootclean.sh remove
  utils.lxc.attach /usr/sbin/update-rc.d -f mountall-bootclean.sh remove
  utils.lxc.attach /usr/sbin/update-rc.d -f mountnfs-bootclean.sh remove
  # Fixes for jessie, following the guide from
  # https://wiki.debian.org/LXC#Incompatibility_with_systemd
  if [ "$RELEASE" = 'jessie' ] || [ "$RELEASE" = 'stretch' ]; then
 	  # Reconfigure the LXC
-    cp /lib/systemd/system/getty@.service /etc/systemd/system/getty@.service
+	  utils.lxc.attach /bin/cp \
 		  /lib/systemd/system/getty@.service \
 		  /etc/systemd/system/getty@.service
 	  # Comment out ConditionPathExists
 	  sed -i -e 's/\(ConditionPathExists=\)/# \n# \1/' \
-	    "/etc/systemd/system/getty@.service"
+		  "${ROOTFS}/etc/systemd/system/getty@.service"
 	  # Mask udev.service and systemd-udevd.service:
-	systemctl mask udev.service systemd-udevd.service
+	  utils.lxc.attach /bin/systemctl mask udev.service systemd-udevd.service
  fi
 fi
-locale-gen ${LANG}
+utils.lxc.attach /usr/sbin/locale-gen ${LANG}
-update-locale LANG=${LANG}
+utils.lxc.attach update-locale LANG=${LANG}
 # Fix to allow bindfs
 utils.lxc.attach ln -sf /bin/true /sbin/modprobe
 utils.lxc.attach mknod -m 666 /dev/fuse c 10 229
--- a/fedora/install-extras.sh
+++ b/fedora/install-extras.sh
@ -17,8 +17,8 @@ sleep $SECS
 # TODO: Support for appending to this list from outside
 PACKAGES=(vim-enhanced curl wget man-db bash-completion ca-certificates sudo openssh-server strace python-dnf dnf-plugins-core e2fsprogs net-tools bind-utils)
-utils.lxc.attach yum update -y
+utils.lxc.attach dnf update -y
-utils.lxc.attach yum install ${PACKAGES[*]} -y
+utils.lxc.attach dnf install ${PACKAGES[*]} -y
 MASK_TMP=${MASK_TMP:-0}
--- a/gentoo/install-packages.sh
+++ b/gentoo/install-packages.sh
@ -23,7 +23,7 @@ fi
 PUPPET=${PUPPET:-0}
 if [[ $PUPPET = 1 ]]; then
-    PACKAGES+=' puppet'
+    PACKAGES+=' puppet eix'
 fi
 SALT=${SALT:-0}
--- a/mk-debian.sh
+++ b/mk-debian.sh
@ -2,7 +2,11 @@
 set -e
 source common/ui.sh
-source common/utils.sh
+
 if [ "$(id -u)" != "0" ]; then
  echo "You should run this script as root (sudo)."
  exit 1
 fi
 export DISTRIBUTION=$1
 export RELEASE=$2
@ -10,12 +14,16 @@ export ARCH=$3
 export CONTAINER=$4
 export PACKAGE=$5
 export ADDPACKAGES=${ADDPACKAGES-$(cat ${RELEASE}_packages | tr "\n" " ")}
-export ROOTFS="${HOME}/.local/share/lxc/${CONTAINER}/rootfs"
+export ROOTFS="/var/lib/lxc/${CONTAINER}/rootfs"
 export WORKING_DIR="/tmp/${CONTAINER}"
 export NOW=$(date -u)
 export LOG=$(readlink -f .)/log/${CONTAINER}.log
-echo '############################################'
+mkdir -p $(dirname $LOG)
-echo "# Beginning build at $(date)"
+echo '############################################' > ${LOG}
 echo "# Beginning build at $(date)" >> ${LOG}
 touch ${LOG}
 chmod +rw ${LOG}
 if [ -f ${PACKAGE} ]; then
  warn "The box '${PACKAGE}' already exists, skipping..."
@ -29,20 +37,12 @@ mkdir -p ${WORKING_DIR}
 info "Building box to '${PACKAGE}'..."
 ./common/download.sh ${DISTRIBUTION} ${RELEASE} ${ARCH} ${CONTAINER}
-utils.lxc.start
+./debian/vagrant-lxc-fixes.sh ${DISTRIBUTION} ${RELEASE} ${ARCH} ${CONTAINER}
-
+./debian/install-extras.sh ${CONTAINER}
-SECS=15
+./common/prepare-vagrant-user.sh ${DISTRIBUTION} ${CONTAINER}
-log "Sleeping for $SECS seconds..."
+./debian/clean.sh ${CONTAINER}
-sleep $SECS
+./common/package.sh ${CONTAINER} ${PACKAGE}
 utils.lxc.runscript debian/vagrant-lxc-fixes.sh
 utils.lxc.runscript debian/install-extras.sh
 utils.lxc.runscript common/prepare-vagrant-user.sh
 utils.lxc.runscript debian/clean.sh
 utils.lxc.stop
 ./common/package.sh
 info "Finished building '${PACKAGE}'!"
-log "Run \`lxc-destroy -n ${CONTAINER}\` or \`make clean\` to remove the container that was created along the way"
+log "Run \`sudo lxc-destroy -n ${CONTAINER}\` or \`make clean\` to remove the container that was created along the way"
 echo
--- a/mk-gentoo.sh
+++ b/mk-gentoo.sh
@ -4,6 +4,11 @@ set -e
 source common/ui.sh
 source common/utils.sh
 if [ "$(id -u)" != "0" ]; then
  echo "You should run this script as root (sudo)."
  exit 1
 fi
 TODAY=$(date -u +"%Y-%m-%d")
 export DISTRIBUTION=gentoo
 export RELEASE=current
@ -31,7 +36,7 @@ log "Sleeping for $SECS seconds..."
 sleep $SECS
 utils.lxc.runscript gentoo/install-packages.sh
-utils.lxc.runscript common/prepare-vagrant-user.sh
+./common/prepare-vagrant-user.sh
 utils.lxc.runscript gentoo/clean.sh
 utils.lxc.stop
Author	SHA1	Message	Date
Virgil Dupras	40c7fda267	Update README	2018-07-24 10:04:50 -04:00
Virgil Dupras	2802008032	Fix all builds for LXC v3.0	2018-04-30 22:04:29 -04:00
Virgil Dupras	552f378613	gentoo: update config to post LXC v2.1 format	2018-04-29 21:35:22 -04:00
Virgil Dupras	00a4664d73	Add gentoo dist and remove ${LOG}. It's a bit of a useless mechanism and, in fact a hindrance. Why not just let the user redirect stdout?	2018-04-22 21:59:45 -04:00
Virgil Dupras	cb8b3e3df2	Remove obsolete config injection (kmsg)	2018-04-22 20:17:39 -04:00