From 82b49b7242483d0c234246c9ed34e9329b6bff89 Mon Sep 17 00:00:00 2001 From: Fabio Rehm Date: Sun, 9 Mar 2014 22:54:29 -0300 Subject: [PATCH] boxes: Finish Debian conversion to new scripts --- boxes/Makefile | 2 +- boxes/build-debian-box.sh | 170 --------------------------- boxes/common/download.sh | 12 +- boxes/common/install-salt-debian | 28 ----- boxes/common/package.sh | 2 +- boxes/common/prepare-vagrant-user.sh | 11 +- boxes/conf/debian | 62 ++++++++++ boxes/debian/install-extras.sh | 42 +++++-- boxes/debian/vagrant-lxc-fixes.sh | 32 +++++ boxes/mk-debian.sh | 3 +- 10 files changed, 142 insertions(+), 222 deletions(-) delete mode 100755 boxes/build-debian-box.sh delete mode 100755 boxes/common/install-salt-debian create mode 100644 boxes/conf/debian create mode 100755 boxes/debian/vagrant-lxc-fixes.sh diff --git a/boxes/Makefile b/boxes/Makefile index 9114f25..6af8a80 100644 --- a/boxes/Makefile +++ b/boxes/Makefile @@ -1,5 +1,5 @@ UBUNTU_BOXES= precise quantal raring saucy trusty -DEBIAN_BOXES= squeeze wheezy sid +DEBIAN_BOXES= squeeze wheezy sid jessie TODAY=$(shell date -u +"%Y-%m-%d") default: diff --git a/boxes/build-debian-box.sh b/boxes/build-debian-box.sh deleted file mode 100755 index 60a9007..0000000 --- a/boxes/build-debian-box.sh +++ /dev/null @@ -1,170 +0,0 @@ -#!/bin/bash - -# set -x -set -e - -# Script used to build Debian base vagrant-lxc containers, currently limited to -# host's arch -# -# USAGE: -# $ cd boxes && sudo ./build-debian-box.sh DEBIAN_RELEASE -# -# To enable Chef or any other configuration management tool pass '1' to the -# corresponding env var: -# $ CHEF=1 sudo -E ./build-debian-box.sh DEBIAN_RELEASE -# $ PUPPET=1 sudo -E ./build-debian-box.sh DEBIAN_RELEASE -# $ SALT=1 sudo -E ./build-debian-box.sh DEBIAN_RELEASE -# $ BABUSHKA=1 sudo -E ./build-debian-box.sh DEBIAN_RELEASE - -################################################################################## -# 0 - Initial setup and sanity checks - -TODAY=$(date -u +"%Y-%m-%d") -NOW=$(date -u) -RELEASE=${1:-"wheezy"} -ARCH=$(dpkg --print-architecture) # This is what the Debian template will use under the hood -PKG=vagrant-lxc-${RELEASE}-${ARCH}-${TODAY}.box -WORKING_DIR=/tmp/vagrant-lxc-${RELEASE} -VAGRANT_KEY="ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" -ROOTFS=/var/lib/lxc/${RELEASE}-base/rootfs - -# Providing '1' will enable these tools -CHEF=${CHEF:-0} -PUPPET=${PUPPET:-0} -SALT=${SALT:-0} -BABUSHKA=${BABUSHKA:-0} - -# Path to files bundled with the box -CWD=`readlink -f .` -LXC_TEMPLATE=${CWD}/common/lxc-template -LXC_CONF=${CWD}/common/lxc.conf -METATADA_JSON=${CWD}/common/metadata.json - -# Set up a working dir -mkdir -p $WORKING_DIR - -if [ -f "${WORKING_DIR}/${PKG}" ]; then - echo "Found a box on ${WORKING_DIR}/${PKG} already!" - exit 1 -fi - -################################################################################## -# 1 - Create the base container - -if $(lxc-ls | grep -q "${RELEASE}-base"); then - echo "Base container already exists, please remove it with \`lxc-destroy -n ${RELEASE}-base\`!" - exit 1 -else - export SUITE=$RELEASE - lxc-create -n ${RELEASE}-base -t debian -fi - - -###################################### -# 2 - Fix some known issues - -# Fixes some networking issues -# See https://github.com/fgrehm/vagrant-lxc/issues/91 for more info -sed -i -e "s/\(127.0.0.1\s\+localhost\)/\1\n127.0.1.1\t${RELEASE}-base\n/g" ${ROOTFS}/etc/hosts - -# Ensures that `/tmp` does not get cleared on halt -# See https://github.com/fgrehm/vagrant-lxc/issues/68 for more info -chroot $ROOTFS /usr/sbin/update-rc.d -f checkroot-bootclean.sh remove -chroot $ROOTFS /usr/sbin/update-rc.d -f mountall-bootclean.sh remove -chroot $ROOTFS /usr/sbin/update-rc.d -f mountnfs-bootclean.sh remove - -# Ensure locales are properly set, based on http://linux.livejournal.com/1880366.html -LANG=${LANG:-en_US.UTF-8} -sed -i "s/^# ${LANG}/${LANG}/" ${ROOTFS}/etc/locale.gen -chroot $ROOTFS /usr/sbin/locale-gen -chroot $ROOTFS update-locale LANG=${LANG} - - -################################################################################## -# 3 - Prepare vagrant user -sudo chroot ${ROOTFS} useradd --create-home -s /bin/bash vagrant - -echo -n 'vagrant:vagrant' | chroot ${ROOTFS} chpasswd - - -################################################################################## -# 4 - Setup SSH access and passwordless sudo - -# Configure SSH access -mkdir -p ${ROOTFS}/home/vagrant/.ssh -echo $VAGRANT_KEY > ${ROOTFS}/home/vagrant/.ssh/authorized_keys -chroot ${ROOTFS} chown -R vagrant: /home/vagrant/.ssh - -chroot ${ROOTFS} apt-get install sudo -y --force-yes -chroot ${ROOTFS} adduser vagrant sudo - -# Enable passwordless sudo for the vagrant user -echo "vagrant ALL=(ALL) NOPASSWD:ALL" > ${ROOTFS}/etc/sudoers.d/vagrant -chmod 0440 ${ROOTFS}/etc/sudoers.d/vagrant - - -################################################################################## -# 5 - Add some goodies and update packages - -PACKAGES=(vim curl wget man-db bash-completion ca-certificates) -chroot ${ROOTFS} apt-get install ${PACKAGES[*]} -y --force-yes -chroot ${ROOTFS} apt-get upgrade -y --force-yes - -# Enable bash-completion -sed -e '/^#if ! shopt -oq posix; then/,/^#fi/ s/^#\(.*\)/\1/g' \ - -i ${ROOTFS}/etc/bash.bashrc - - -################################################################################## -# 6 - Configuration management tools - -if [ $CHEF = 1 ]; then - ./common/install-chef $ROOTFS -fi - -if [ $PUPPET = 1 ]; then - ./common/install-puppet $ROOTFS -fi - -if [ $SALT = 1 ]; then - ./common/install-salt-debian $ROOTFS -fi - -if [ $BABUSHKA = 1 ]; then - ./common/install-babushka $ROOTFS -fi - - -################################################################################## -# 7 - Free up some disk space - -rm -rf ${ROOTFS}/tmp/* -chroot ${ROOTFS} apt-get clean - - -################################################################################## -# 8 - Build box package - -# Compress container's rootfs -cd $(dirname $ROOTFS) -tar --numeric-owner -czf /tmp/vagrant-lxc-${RELEASE}/rootfs.tar.gz ./rootfs/* - -# Prepare package contents -cd $WORKING_DIR -cp $LXC_TEMPLATE . -cp $LXC_CONF . -cp $METATADA_JSON . -chmod +x lxc-template -sed -i "s//${NOW}/" metadata.json - -# Vagrant box! -tar -czf $PKG ./* - -chmod +rw ${WORKING_DIR}/${PKG} -mkdir -p ${CWD}/output -mv ${WORKING_DIR}/${PKG} ${CWD}/output - -# Clean up after ourselves -rm -rf ${WORKING_DIR} - -echo "The base box was built successfully to ${CWD}/output/${PKG}" diff --git a/boxes/common/download.sh b/boxes/common/download.sh index bbb8c37..f20b4d1 100755 --- a/boxes/common/download.sh +++ b/boxes/common/download.sh @@ -30,6 +30,10 @@ if [ $RELEASE = 'raring' ]; then utils.lxc.create -t ubuntu -- \ --release ${RELEASE} \ --arch ${ARCH} +elif [ $RELEASE = 'squeeze' ]; then + utils.lxc.create -t debian -- \ + --release ${RELEASE} \ + --arch ${ARCH} else utils.lxc.create -t download -- \ --dist ${DISTRIBUTION} \ @@ -37,11 +41,3 @@ else --arch ${ARCH} fi log "Container created!" - - -# Fixes some networking issues -# See https://github.com/fgrehm/vagrant-lxc/issues/91 for more info -if ! $(grep -q 'ip6-allhosts' ${ROOTFS}/etc/hosts); then - log "Adding ipv6 allhosts entry to container's /etc/hosts" - echo 'ff02::3 ip6-allhosts' >> ${ROOTFS}/etc/hosts -fi diff --git a/boxes/common/install-salt-debian b/boxes/common/install-salt-debian deleted file mode 100755 index 20209da..0000000 --- a/boxes/common/install-salt-debian +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash - -set -e - -rootfs=$1 - -echo "installing salt" - -if [ $SUITE == "squeeze" ]; then - SALT_SOURCE="deb http://debian.saltstack.com/debian squeeze-saltstack main\ndeb http://backports.debian.org/debian-backports squeeze-backports main contrib non-free" -elif [ $SUITE == "sid" ]; then - SALT_SOURCE="deb http://debian.saltstack.com/debian unstable main" -else - SALT_SOURCE="deb http://debian.saltstack.com/debian wheezy-saltstack main" -fi - -cat > $rootfs/tmp/install-salt << EOF -#!/bin/sh -echo "$SALT_SOURCE" > /etc/apt/sources.list.d/saltstack.list -wget -q -O- "http://debian.saltstack.com/debian-salt-team-joehealy.gpg.key" | apt-key add - -apt-get update -apt-get install -y salt-minion -apt-get clean -EOF - -chroot $rootfs sh /tmp/install-salt - -rm -rf $rootfs/tmp/* diff --git a/boxes/common/package.sh b/boxes/common/package.sh index a897317..853f653 100755 --- a/boxes/common/package.sh +++ b/boxes/common/package.sh @@ -24,7 +24,7 @@ popd &>>${LOG} # Prepare package contents log 'Preparing box package contents' cp common/lxc-template ${WORKING_DIR} -cp conf/ubuntu ${WORKING_DIR}/lxc-config +cp conf/${DISTRIBUTION} ${WORKING_DIR}/lxc-config cp conf/metadata.json ${WORKING_DIR} sed -i "s//${NOW}/" ${WORKING_DIR}/metadata.json diff --git a/boxes/common/prepare-vagrant-user.sh b/boxes/common/prepare-vagrant-user.sh index 8ab5bb6..fdeebaf 100755 --- a/boxes/common/prepare-vagrant-user.sh +++ b/boxes/common/prepare-vagrant-user.sh @@ -10,13 +10,18 @@ info "Preparing vagrant user..." # Create vagrant user if $(grep -q 'vagrant' ${ROOTFS}/etc/shadow); then log 'Skipping vagrant user creation' -else +elif $(grep -q 'ubuntu' ${ROOTFS}/etc/shadow); then debug 'vagrant user does not exist, renaming ubuntu user...' mv ${ROOTFS}/home/{ubuntu,vagrant} - chroot ${ROOTFS} usermod -l vagrant -d /home/vagrant ubuntu - chroot ${ROOTFS} groupmod -n vagrant ubuntu + chroot ${ROOTFS} usermod -l vagrant -d /home/vagrant ubuntu &>> ${LOG} + chroot ${ROOTFS} groupmod -n vagrant ubuntu &>> ${LOG} echo -n 'vagrant:vagrant' | chroot ${ROOTFS} chpasswd log 'Renamed ubuntu user to vagrant and changed password.' +else + debug 'Creating vagrant user...' + chroot ${ROOTFS} useradd --create-home -s /bin/bash vagrant &>> ${LOG} + chroot ${ROOTFS} adduser vagrant sudo &>> ${LOG} + echo -n 'vagrant:vagrant' | chroot ${ROOTFS} chpasswd fi # Configure SSH access diff --git a/boxes/conf/debian b/boxes/conf/debian new file mode 100644 index 0000000..09e5c40 --- /dev/null +++ b/boxes/conf/debian @@ -0,0 +1,62 @@ +# Default pivot location +lxc.pivotdir = lxc_putold + +# Default mount entries +lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0 +lxc.mount.entry = sysfs sys sysfs defaults 0 0 +lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0 + +# Default console settings +lxc.tty = 4 +lxc.pts = 1024 + +# Default capabilities +lxc.cap.drop = sys_module mac_admin mac_override sys_time + +# When using LXC with apparmor, the container will be confined by default. +# If you wish for it to instead run unconfined, copy the following line +# (uncommented) to the container's configuration file. +#lxc.aa_profile = unconfined + +# To support container nesting on an Ubuntu host while retaining most of +# apparmor's added security, use the following two lines instead. +#lxc.aa_profile = lxc-container-default-with-nesting +#lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups + +# If you wish to allow mounting block filesystems, then use the following +# line instead, and make sure to grant access to the block device and/or loop +# devices below in lxc.cgroup.devices.allow. +#lxc.aa_profile = lxc-container-default-with-mounting + +# Default cgroup limits +lxc.cgroup.devices.deny = a +## Allow any mknod (but not using the node) +lxc.cgroup.devices.allow = c *:* m +lxc.cgroup.devices.allow = b *:* m +## /dev/null and zero +lxc.cgroup.devices.allow = c 1:3 rwm +lxc.cgroup.devices.allow = c 1:5 rwm +## consoles +lxc.cgroup.devices.allow = c 5:0 rwm +lxc.cgroup.devices.allow = c 5:1 rwm +## /dev/{,u}random +lxc.cgroup.devices.allow = c 1:8 rwm +lxc.cgroup.devices.allow = c 1:9 rwm +## /dev/pts/* +lxc.cgroup.devices.allow = c 5:2 rwm +lxc.cgroup.devices.allow = c 136:* rwm +## rtc +lxc.cgroup.devices.allow = c 254:0 rm +## fuse +lxc.cgroup.devices.allow = c 10:229 rwm +## tun +lxc.cgroup.devices.allow = c 10:200 rwm +## full +lxc.cgroup.devices.allow = c 1:7 rwm +## hpet +lxc.cgroup.devices.allow = c 10:228 rwm +## kvm +lxc.cgroup.devices.allow = c 10:232 rwm +## To use loop devices, copy the following line to the container's +## configuration file (uncommented). +#lxc.cgroup.devices.allow = b 7:* rwm diff --git a/boxes/debian/install-extras.sh b/boxes/debian/install-extras.sh index d69d3e5..8e4e6fc 100755 --- a/boxes/debian/install-extras.sh +++ b/boxes/debian/install-extras.sh @@ -13,22 +13,26 @@ utils.lxc.start log 'Sleeping for 5 seconds...' sleep 5 -# TODO: Support for setting this from outside -UBUNTU_PACKAGES=(vim curl wget man-db bash-completion python-software-properties software-properties-common) +# TODO: Support for appending to this list from outside +PACKAGES=(vim curl wget man-db bash-completion python-software-properties ca-certificates sudo) +if [ $DISTRIBUTION = 'ubuntu' ]; then + PACKAGES+=' software-properties-common' +fi utils.lxc.attach apt-get update -utils.lxc.attach apt-get install ${UBUNTU_PACKAGES[*]} -y --force-yes +utils.lxc.attach apt-get install ${PACKAGES[*]} -y --force-yes utils.lxc.attach apt-get upgrade -y --force-yes -# TODO: SEPARATE FILE! -# Ensure locales are properly set, based on http://askubuntu.com/a/238063 -utils.lxc.attach locale-gen en_US.UTF-8 -utils.lxc.attach dpkg-reconfigure locales - CHEF=${CHEF:-0} PUPPET=${PUPPET:-0} SALT=${SALT:-0} BABUSHKA=${BABUSHKA:-0} +if [ $DISTRIBUTION = 'debian' ]; then + # Enable bash-completion + sed -e '/^#if ! shopt -oq posix; then/,/^#fi/ s/^#\(.*\)/\1/g' \ + -i ${ROOTFS}/etc/bash.bashrc +fi + if [ $CHEF = 1 ]; then if $(lxc-attach -n ${CONTAINER} -- which chef-solo &>/dev/null); then log "Chef has been installed on container, skipping" @@ -50,6 +54,8 @@ if [ $PUPPET = 1 ]; then log "Puppet has been installed on container, skipping" elif [ ${RELEASE} = 'trusty' ]; then warn "Puppet can't be installed on Ubuntu Trusty 14.04, skipping" + elif [ ${RELEASE} = 'sid' ]; then + warn "Puppet can't be installed on Debian sid, skipping" else log "Installing Puppet" wget http://apt.puppetlabs.com/puppetlabs-release-stable.deb -O "${ROOTFS}/tmp/puppetlabs-release-stable.deb" &>>${LOG} @@ -65,9 +71,25 @@ if [ $SALT = 1 ]; then if $(lxc-attach -n ${CONTAINER} -- which salt-minion &>/dev/null); then log "Salt has been installed on container, skipping" elif [ ${RELEASE} = 'raring' ]; then - warn "Puppet can't be installed on Ubuntu Raring 13.04, skipping" + warn "Salt can't be installed on Ubuntu Raring 13.04, skipping" else - utils.lxc.attach apt-add-repository -y ppa:saltstack/salt + if [ $DISTRIBUTION = 'ubuntu' ]; then + utils.lxc.attach add-apt-repository -y ppa:saltstack/salt + else # DEBIAN + if [ $RELEASE == "squeeze" ]; then + SALT_SOURCE_1="deb http://debian.saltstack.com/debian squeeze-saltstack main" + SALT_SOURCE_2="deb http://backports.debian.org/debian-backports squeeze-backports main contrib non-free" + elif [ $RELEASE == "wheezy" ]; then + SALT_SOURCE_1="deb http://debian.saltstack.com/debian wheezy-saltstack main" + else + SALT_SOURCE_1="deb http://debian.saltstack.com/debian unstable main" + fi + echo $SALT_SOURCE_1 > ${ROOTFS}/etc/apt/sources.list.d/saltstack.list + echo $SALT_SOURCE_2 >> ${ROOTFS}/etc/apt/sources.list.d/saltstack.list + + utils.lxc.attach wget -q -O /tmp/salt.key "http://debian.saltstack.com/debian-salt-team-joehealy.gpg.key" + utils.lxc.attach apt-key add /tmp/salt.key + fi utils.lxc.attach apt-get update utils.lxc.attach apt-get install salt-minion -y --force-yes fi diff --git a/boxes/debian/vagrant-lxc-fixes.sh b/boxes/debian/vagrant-lxc-fixes.sh new file mode 100755 index 0000000..c5ea0e4 --- /dev/null +++ b/boxes/debian/vagrant-lxc-fixes.sh @@ -0,0 +1,32 @@ +#!/bin/bash +set -e + +source common/ui.sh +source common/utils.sh + +# Fixes some networking issues +# See https://github.com/fgrehm/vagrant-lxc/issues/91 for more info +if ! $(grep -q 'ip6-allhosts' ${ROOTFS}/etc/hosts); then + log "Adding ipv6 allhosts entry to container's /etc/hosts" + echo 'ff02::3 ip6-allhosts' >> ${ROOTFS}/etc/hosts +fi + +utils.lxc.start + +if [ ${DISTRIBUTION} = 'debian' ]; then + # Ensure locales are properly set, based on http://askubuntu.com/a/238063 + LANG=${LANG:-en_US.UTF-8} + sed -i "s/^# ${LANG}/${LANG}/" ${ROOTFS}/etc/locale.gen + utils.lxc.attach /usr/sbin/locale-gen + utils.lxc.attach update-locale LANG=${LANG} + + # Fixes some networking issues + # See https://github.com/fgrehm/vagrant-lxc/issues/91 for more info + sed -i -e "s/\(127.0.0.1\s\+localhost\)/\1\n127.0.1.1\t${RELEASE}-base\n/g" ${ROOTFS}/etc/hosts + + # Ensures that `/tmp` does not get cleared on halt + # See https://github.com/fgrehm/vagrant-lxc/issues/68 for more info + utils.lxc.attach /usr/sbin/update-rc.d -f checkroot-bootclean.sh remove + utils.lxc.attach /usr/sbin/update-rc.d -f mountall-bootclean.sh remove + utils.lxc.attach /usr/sbin/update-rc.d -f mountnfs-bootclean.sh remove +fi diff --git a/boxes/mk-debian.sh b/boxes/mk-debian.sh index a1b5d0c..c93aac5 100755 --- a/boxes/mk-debian.sh +++ b/boxes/mk-debian.sh @@ -36,8 +36,9 @@ mkdir -p ${WORKING_DIR} info "Building box to '${PACKAGE}'..." ./common/download.sh ${DISTRIBUTION} ${RELEASE} ${ARCH} ${CONTAINER} -./common/prepare-vagrant-user.sh ${CONTAINER} +./debian/vagrant-lxc-fixes.sh ${DISTRIBUTION} ${RELEASE} ${ARCH} ${CONTAINER} ./debian/install-extras.sh ${CONTAINER} +./common/prepare-vagrant-user.sh ${CONTAINER} ./debian/clean.sh ${CONTAINER} ./common/package.sh ${CONTAINER} ${PACKAGE}