From dbc6c8b231575d041cafae954ddedc61f323f378 Mon Sep 17 00:00:00 2001 From: Fabio Rehm Date: Fri, 30 Aug 2013 17:03:36 -0300 Subject: [PATCH] Scaffold new base boxes rake tasks and remove old files --- boxes/debian/download | 156 -------- boxes/debian/finalize | 195 ---------- boxes/debian/lxc-template | 367 ------------------ boxes/debian/metadata.json.template | 9 - boxes/ubuntu/download | 113 ------ boxes/ubuntu/finalize | 374 ------------------- boxes/ubuntu/lxc-template | 559 ---------------------------- boxes/ubuntu/metadata.json.template | 9 - tasks/boxes.rake | 174 ++++++--- 9 files changed, 120 insertions(+), 1836 deletions(-) delete mode 100755 boxes/debian/download delete mode 100755 boxes/debian/finalize delete mode 100755 boxes/debian/lxc-template delete mode 100644 boxes/debian/metadata.json.template delete mode 100755 boxes/ubuntu/download delete mode 100755 boxes/ubuntu/finalize delete mode 100755 boxes/ubuntu/lxc-template delete mode 100644 boxes/ubuntu/metadata.json.template diff --git a/boxes/debian/download b/boxes/debian/download deleted file mode 100755 index f6a9407..0000000 --- a/boxes/debian/download +++ /dev/null @@ -1,156 +0,0 @@ -#!/bin/bash - -# This is the code extracted from /usr/share/lxc/templates/lxc-debian -# that comes with Ubuntu 13.04 which is responsible for downloading the -# rootfs files / packages - -set -e - -suggest_flush() -{ - echo < ${rootfs}/etc/apt/sources.list -# ${release} -#------------------------------------------------------------------------------ -deb ${MIRROR} ${release} main contrib non-free -EOF - else - cat < ${rootfs}/etc/apt/sources.list -# ${release} -#------------------------------------------------------------------------------ -deb ${MIRROR} ${release} main contrib non-free - -# ${release} security -#------------------------------------------------------------------------------ -deb ${SECURITY_MIRROR} ${release}/updates main contrib non-free - -# ${release} updates -#------------------------------------------------------------------------------ -deb ${MIRROR} ${release}-updates main contrib non-free - -# ${release} proposed updates -#------------------------------------------------------------------------------ -deb ${MIRROR} ${release}-proposed-updates main contrib non-free -EOF - fi -} - -download_debian() -{ - cache=$1 - arch=$2 - release=$3 - - packages=\ -sudo,\ -ifupdown,\ -locales,\ -libui-dialog-perl,\ -dialog,\ -isc-dhcp-client,\ -netbase,\ -net-tools,\ -iproute,\ -openssh-server,\ -vim,\ -jed,\ -jed-extra,\ -ssh,\ -curl,\ -wget,\ -bash-completion,\ -manpages,\ -man-db,\ -psmisc,\ -bind9-host,\ -telnet,\ -mtr-tiny,\ -iputils-ping,\ -ca-certificates - - if [ ! -z "${ADDITIONAL_PACKAGES}" ]; then - packages=${ADDITIONAL_PACKAGES},${packages} - fi - - echo "installing packages: ${packages}" - - trap cleanup EXIT SIGHUP SIGINT SIGTERM - # check the mini debian was not already downloaded - partial=${cache}/partial - mkdir -p ${partial} - if [ $? -ne 0 ]; then - echo "Failed to create '${partial}' directory" - return 1 - fi - - # download a mini debian into a cache - echo "Downloading debian ${release} minimal ..." - debootstrap \ - --variant=minbase \ - --verbose \ - --components=main,contrib,non-free \ - --arch=${arch} \ - --include=${packages} ${release} ${partial} ${MIRROR} - - if [ $? -ne 0 ]; then - echo 'Failed to download the rootfs, aborting.' - return 1 - fi - - echo 'Installing updates' - write_sourceslist ${partial} ${arch} ${release} - - chroot ${partial} apt-get update - if [ $? -ne 0 ]; then - echo 'Failed to update the apt cache' - return 1 - fi - - lxc-unshare -s MOUNT -- chroot ${partial} \ - apt-get dist-upgrade -y || { suggest_flush; false; } - - chroot ${partial} apt-get clean - - mv ${partial} ${cache}/rootfs - trap EXIT - trap SIGINT - trap SIGTERM - trap SIGHUP - echo 'Download complete' - return 0 -} - -declare cache=`readlink -f .` \ - arch=$1 \ - release=$2 - -if [ -d ${cache}/rootfs ]; then - echo < $rootfs/etc/inittab -id:3:initdefault: -si::sysinit:/etc/init.d/rcS -l0:0:wait:/etc/init.d/rc 0 -l1:1:wait:/etc/init.d/rc 1 -l2:2:wait:/etc/init.d/rc 2 -l3:3:wait:/etc/init.d/rc 3 -l4:4:wait:/etc/init.d/rc 4 -l5:5:wait:/etc/init.d/rc 5 -l6:6:wait:/etc/init.d/rc 6 -# Normally not reached, but fallthrough in case of emergency. -z6:6:respawn:/sbin/sulogin -1:2345:respawn:/sbin/getty 38400 console -#c1:12345:respawn:/sbin/getty 38400 tty1 linux -c2:12345:respawn:/sbin/getty 38400 tty2 linux -c3:12345:respawn:/sbin/getty 38400 tty3 linux -c4:12345:respawn:/sbin/getty 38400 tty4 linux -p6::ctrlaltdel:/sbin/init 6 -p0::powerfail:/sbin/init 0 -EOF - - # disable selinux in debian - mkdir -p $rootfs/selinux - echo 0 > $rootfs/selinux/enforce - - # configure the network using the dhcp - cat < $rootfs/etc/network/interfaces -auto lo -iface lo inet loopback - -auto eth0 -iface eth0 inet dhcp -EOF - - # set the hostname - cat < $rootfs/etc/hostname -$hostname -EOF - - # set minimal hosts - cat < $rootfs/etc/hosts -127.0.0.1 localhost -127.0.1.1 $hostname - -# The following lines are desirable for IPv6 capable hosts -::1 ip6-localhost ip6-loopback -fe00::0 ip6-localnet -ff00::0 ip6-mcastprefix -ff02::1 ip6-allnodes -ff02::2 ip6-allrouters -ff02::3 ip6-allhosts -EOF - - # set default locale - cat < $rootfs/etc/locale.gen -en_US.UTF-8 UTF-8 -EOF - echo "default locale set to en_US.UTF-8 UTF-8" - chroot $rootfs locale-gen 'en_US.UTF-8' > /dev/null 2>&1 - chroot $rootfs update-locale LANG='en_US.UTF-8' - echo 'update-locale done' - - # remove pointless services in a container - chroot $rootfs /usr/sbin/update-rc.d -f checkroot.sh remove - chroot $rootfs /usr/sbin/update-rc.d -f umountfs remove - chroot $rootfs /usr/sbin/update-rc.d -f hwclock.sh remove - chroot $rootfs /usr/sbin/update-rc.d -f hwclockfirst.sh remove - - echo "root:vagrant" | chroot $rootfs chpasswd - - if ! (grep -q vagrant $rootfs/etc/passwd); then - chroot $rootfs useradd --create-home -s /bin/bash vagrant - echo "vagrant:vagrant" | chroot $rootfs chpasswd - chroot $rootfs adduser vagrant sudo >/dev/null 2>&1 || true - chroot $rootfs cp /etc/sudoers /etc/sudoers.orig >/dev/null 2>&1 || true - chroot $rootfs sed -i -e \ - 's/%sudo\s\+ALL=(ALL\(:ALL\)\?)\s\+ALL/%sudo ALL=NOPASSWD:ALL/g' \ - /etc/sudoers >/dev/null 2>&1 || true - fi - - return 0 -} - -cleanup() -{ - rm -rf ${cache}/partial - rm -rf ${cache}/rootfs -} - -add_ssh_key() -{ - user=$1 - - if [ -n "$auth_key" -a -f "$auth_key" ]; then - u_path="/home/${user}/.ssh" - root_u_path="$rootfs/$u_path" - - mkdir -p $root_u_path - cp $auth_key "$root_u_path/authorized_keys" - chroot $rootfs chown -R ${user}: "$u_path" - - echo "Inserted SSH public key from $auth_key into /home/${user}/.ssh/authorized_keys" - fi -} - -disable_tmp_cleanup() { - rootfs=$1 - chroot $rootfs /usr/sbin/update-rc.d -f checkroot-bootclean.sh remove - chroot $rootfs /usr/sbin/update-rc.d -f mountall-bootclean.sh remove - chroot $rootfs /usr/sbin/update-rc.d -f mountnfs-bootclean.sh remove -} - -release=wheezy # Default to the last Debian stable release - -arch=$(uname -m) - -# Code taken from debootstrap -if [ -x /usr/bin/dpkg ] && /usr/bin/dpkg --print-architecture >/dev/null 2>&1; then - arch=`/usr/bin/dpkg --print-architecture` -elif type udpkg >/dev/null 2>&1 && udpkg --print-architecture >/dev/null 2>&1; then - arch=`/usr/bin/udpkg --print-architecture` -else - arch=$(uname -m) - if [ "$arch" = "i686" ]; then - arch="i386" - elif [ "$arch" = "x86_64" ]; then - arch="amd64" - elif [ "$arch" = "armv7l" ]; then - arch="armel" - fi -fi - -if [ "$(id -u)" != "0" ]; then - echo "This script should be run as 'root'" - exit 1 -fi - -declare cache=`readlink -f .` \ - arch=$1 \ - release=$2 \ - auth_key=$3 - -# detect rootfs -cache=`readlink -f .` -rootfs="${cache}/rootfs" - -configure_debian $rootfs $release -if [ $? -ne 0 ]; then - echo "failed to configure debian $release for a container" - exit 1 -fi - -add_ssh_key vagrant - -# vagrant and / or plugins might mount some shared folders under /tmp by default -# (like puppet manifests) and we need to make sure no shared folder gets its -# contents removed because of it. For more information, please check: -# https://github.com/fgrehm/vagrant-lxc/issues/68 -disable_tmp_cleanup $rootfs - -echo "" -echo "##" -echo "# The default user is 'vagrant' with password 'vagrant'!" -echo "# Use the 'sudo' command to run tasks as root in the container." -echo "##" -echo "" diff --git a/boxes/debian/lxc-template b/boxes/debian/lxc-template deleted file mode 100755 index 5af9502..0000000 --- a/boxes/debian/lxc-template +++ /dev/null @@ -1,367 +0,0 @@ -#!/bin/bash - -# This is a modified version of /usr/share/lxc/templates/lxc-debian -# that comes with Ubuntu 13.04 changed to suit vagrant-lxc needs - -set -e - -if [ -r /etc/default/lxc ]; then - . /etc/default/lxc -fi - -SUITE=${SUITE:-wheezy} -MIRROR=${MIRROR:-http://ftp.debian.org/debian} - -configure_debian() -{ - rootfs=$1 - hostname=$2 - release=$2 - - # squeeze only has /dev/tty and /dev/tty0 by default, - # therefore creating missing device nodes for tty1-4. - for tty in $(seq 1 4); do - if [ ! -e $rootfs/dev/tty$tty ]; then - mknod $rootfs/dev/tty$tty c 4 $tty - fi - done - - # configure the inittab - cat < $rootfs/etc/inittab -id:3:initdefault: -si::sysinit:/etc/init.d/rcS -l0:0:wait:/etc/init.d/rc 0 -l1:1:wait:/etc/init.d/rc 1 -l2:2:wait:/etc/init.d/rc 2 -l3:3:wait:/etc/init.d/rc 3 -l4:4:wait:/etc/init.d/rc 4 -l5:5:wait:/etc/init.d/rc 5 -l6:6:wait:/etc/init.d/rc 6 -# Normally not reached, but fallthrough in case of emergency. -z6:6:respawn:/sbin/sulogin -1:2345:respawn:/sbin/getty 38400 console -#c1:12345:respawn:/sbin/getty 38400 tty1 linux -c2:12345:respawn:/sbin/getty 38400 tty2 linux -c3:12345:respawn:/sbin/getty 38400 tty3 linux -c4:12345:respawn:/sbin/getty 38400 tty4 linux -p6::ctrlaltdel:/sbin/init 6 -p0::powerfail:/sbin/init 0 -EOF - - # disable selinux in debian - mkdir -p $rootfs/selinux - echo 0 > $rootfs/selinux/enforce - - # configure the network using the dhcp - cat < $rootfs/etc/network/interfaces -auto lo -iface lo inet loopback - -auto eth0 -iface eth0 inet dhcp -EOF - - # set the hostname - cat < $rootfs/etc/hostname -$hostname -EOF - # set minimal hosts - cat < $rootfs/etc/hosts -127.0.0.1 localhost -127.0.1.1 $hostname - -# The following lines are desirable for IPv6 capable hosts -::1 ip6-localhost ip6-loopback -fe00::0 ip6-localnet -ff00::0 ip6-mcastprefix -ff02::1 ip6-allnodes -ff02::2 ip6-allrouters -ff02::3 ip6-allhosts -EOF - - # set default locale - cat < $rootfs/etc/locale.gen -en_US.UTF-8 UTF-8 -EOF - echo "default locale set to en_US.UTF-8 UTF-8" - chroot $rootfs locale-gen 'en_US.UTF-8' > /dev/null 2>&1 - chroot $rootfs update-locale LANG='en_US.UTF-8' - echo 'update-locale done' - - # remove pointless services in a container - chroot $rootfs /usr/sbin/update-rc.d -f checkroot.sh remove - chroot $rootfs /usr/sbin/update-rc.d -f umountfs remove - chroot $rootfs /usr/sbin/update-rc.d -f hwclock.sh remove - chroot $rootfs /usr/sbin/update-rc.d -f hwclockfirst.sh remove - - echo "root:vagrant" | chroot $rootfs chpasswd - - if ! (grep -q vagrant $rootfs/etc/passwd); then - chroot $rootfs useradd --create-home -s /bin/bash vagrant - echo "vagrant:vagrant" | chroot $rootfs chpasswd - chroot $rootfs adduser vagrant sudo >/dev/null 2>&1 || true - chroot $rootfs cp /etc/sudoers /etc/sudoers.orig >/dev/null 2>&1 || true - chroot $rootfs sed -i -e \ - 's/%sudo\s\+ALL=(ALL\(:ALL\)\?)\s\+ALL/%sudo ALL=NOPASSWD:ALL/g' \ - /etc/sudoers >/dev/null 2>&1 || true - fi - - return 0 -} - -cleanup() -{ - rm -rf ${cache}/partial - rm -rf ${cache}/rootfs -} - -extract_rootfs() -{ - tarball=$1 - arch=$2 - rootfs=$3 - - echo "Extracting $tarball ..." - mkdir -p $(dirname $rootfs) - (cd `dirname $rootfs` && tar xfz $tarball) - return 0 -} - -install_debian() -{ - rootfs=$1 - release=$2 - tarball=$3 - mkdir -p /var/lock/subsys/ - - ( - flock -x 200 - if [ $? -ne 0 ]; then - echo "Cache repository is busy." - return 1 - fi - - extract_rootfs $tarball $arch $rootfs - if [ $? -ne 0 ]; then - echo "Failed to copy rootfs" - return 1 - fi - - return 0 - - ) 200>/var/lock/subsys/lxc - - return $? -} - -copy_configuration() -{ - path=$1 - rootfs=$2 - name=$3 - - # if there is exactly one veth network entry, make sure it has an - # associated hwaddr. - nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l` - if [ $nics -eq 1 ]; then - grep -q "^lxc.network.hwaddr" $path/config || cat <> $path/config -lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//') -EOF - fi - - grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config - cat <> $path/config -lxc.tty = 4 -lxc.pts = 1024 -lxc.utsname = ${name} - -# When using LXC with apparmor, uncomment the next line to run unconfined: -#lxc.aa_profile = unconfined - -lxc.cgroup.devices.deny = a -# Allow any mknod (but not using the node) -lxc.cgroup.devices.allow = c *:* m -lxc.cgroup.devices.allow = b *:* m -# /dev/null and zero -lxc.cgroup.devices.allow = c 1:3 rwm -lxc.cgroup.devices.allow = c 1:5 rwm -# consoles -lxc.cgroup.devices.allow = c 5:1 rwm -lxc.cgroup.devices.allow = c 5:0 rwm -lxc.cgroup.devices.allow = c 4:0 rwm -lxc.cgroup.devices.allow = c 4:1 rwm -# /dev/{,u}random -lxc.cgroup.devices.allow = c 1:9 rwm -lxc.cgroup.devices.allow = c 1:8 rwm -lxc.cgroup.devices.allow = c 136:* rwm -lxc.cgroup.devices.allow = c 5:2 rwm -# rtc -lxc.cgroup.devices.allow = c 254:0 rwm -#fuse -lxc.cgroup.devices.allow = c 10:229 rwm -#tun -lxc.cgroup.devices.allow = c 10:200 rwm -#full -lxc.cgroup.devices.allow = c 1:7 rwm -#hpet -lxc.cgroup.devices.allow = c 10:228 rwm -#kvm -lxc.cgroup.devices.allow = c 10:232 rwm - -# mounts point -lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0 -lxc.mount.entry = sysfs sys sysfs defaults 0 0 -EOF - - if [ $? -ne 0 ]; then - echo 'failed to add configuration' - return 1 - fi - -} - - -add_ssh_key() -{ - user=$1 - - if [ -n "$auth_key" -a -f "$auth_key" ]; then - u_path="/home/${user}/.ssh" - root_u_path="$rootfs/$u_path" - - mkdir -p $root_u_path - cp $auth_key "$root_u_path/authorized_keys" - chroot $rootfs chown -R ${user}: "$u_path" - - echo "Inserted SSH public key from $auth_key into /home/${user}/.ssh/authorized_keys" - fi -} - -disable_tmp_cleanup() { - rootfs=$1 - chroot $rootfs /usr/sbin/update-rc.d -f checkroot-bootclean.sh remove - chroot $rootfs /usr/sbin/update-rc.d -f mountall-bootclean.sh remove - chroot $rootfs /usr/sbin/update-rc.d -f mountnfs-bootclean.sh remove -} - -usage() -{ - cat <] [ -S | --auth-key ] -release: the debian release (e.g. wheezy): defaults to host release on debian, otherwise uses latest stable -arch: the container architecture (e.g. amd64): defaults to host arch -auth-key: SSH Public key file to inject into container -EOF - return 0 -} - -options=$(getopt -o a:b:hp:r:xn:Fd:C -l arch:,help,path:,release:,name:,flush-cache,auth-key:,debug:,tarball: -- "$@") -if [ $? -ne 0 ]; then - usage $(basename $0) - exit 1 -fi -eval set -- "$options" - -release=wheezy # Default to the last Debian stable release - -arch=$(uname -m) - -# Code taken from debootstrap -if [ -x /usr/bin/dpkg ] && /usr/bin/dpkg --print-architecture >/dev/null 2>&1; then - arch=`/usr/bin/dpkg --print-architecture` -elif type udpkg >/dev/null 2>&1 && udpkg --print-architecture >/dev/null 2>&1; then - arch=`/usr/bin/udpkg --print-architecture` -else - arch=$(uname -m) - if [ "$arch" = "i686" ]; then - arch="i386" - elif [ "$arch" = "x86_64" ]; then - arch="amd64" - elif [ "$arch" = "armv7l" ]; then - arch="armel" - fi -fi - -debug=0 -hostarch=$arch -while true -do - case "$1" in - -h|--help) usage $0 && exit 0;; - -p|--path) path=$2; shift 2;; - -n|--name) name=$2; shift 2;; - -T|--tarball) tarball=$2; shift 2;; - -r|--release) release=$2; shift 2;; - -S|--auth-key) auth_key=$2; shift 2;; - -a|--arch) arch=$2; shift 2;; - -d|--debug) debug=1; shift 1;; - --) shift 1; break ;; - *) break ;; - esac -done - -if [ $debug -eq 1 ]; then - set -x -fi - - -if [ "$arch" == "i686" ]; then - arch=i386 -fi - -if [ $hostarch = "i386" -a $arch = "amd64" ]; then - echo "can't create amd64 container on i386" - exit 1 -fi - -if [ -z "$path" ]; then - echo "'path' parameter is required" - exit 1 -fi - -if [ "$(id -u)" != "0" ]; then - echo "This script should be run as 'root'" - exit 1 -fi - -# detect rootfs -config="$path/config" -if grep -q '^lxc.rootfs' $config 2>/dev/null ; then - rootfs=`grep 'lxc.rootfs =' $config | awk -F= '{ print $2 }'` -else - rootfs=$path/rootfs -fi - -install_debian $rootfs $release $tarball -if [ $? -ne 0 ]; then - echo "failed to install debian $release" - exit 1 -fi - -configure_debian $rootfs $release -if [ $? -ne 0 ]; then - echo "failed to configure debian $release for a container" - exit 1 -fi - -copy_configuration $path $rootfs $name -if [ $? -ne 0 ]; then - echo "failed write configuration file" - exit 1 -fi - -add_ssh_key vagrant - -# vagrant and / or plugins might mount some shared folders under /tmp by default -# (like puppet manifests) and we need to make sure no shared folder gets its -# contents removed because of it. For more information, please check: -# https://github.com/fgrehm/vagrant-lxc/issues/68 -disable_tmp_cleanup $rootfs - -echo "" -echo "##" -echo "# The default user is 'vagrant' with password 'vagrant'!" -echo "# Use the 'sudo' command to run tasks as root in the container." -echo "##" -echo "" diff --git a/boxes/debian/metadata.json.template b/boxes/debian/metadata.json.template deleted file mode 100644 index 70f414b..0000000 --- a/boxes/debian/metadata.json.template +++ /dev/null @@ -1,9 +0,0 @@ -{ - "provider": "lxc", - "version": "2", - - "template-opts": { - "--arch": "ARCH", - "--release": "RELEASE" - } -} diff --git a/boxes/ubuntu/download b/boxes/ubuntu/download deleted file mode 100755 index 6a26207..0000000 --- a/boxes/ubuntu/download +++ /dev/null @@ -1,113 +0,0 @@ -#!/bin/bash - -# This is the code extracted from /usr/share/lxc/templates/lxc-ubuntu -# that comes with Ubuntu 12.10 which is responsible for downloading the -# rootfs files / packages - -set -e - -suggest_flush() -{ - echo "Container upgrade failed. The container cache may be out of date," - echo "in which case flushing the case (see -F in the hep output) may help." -} - -cleanup() -{ - rm -rf $cache/partial - rm -rf $cache/rootfs -} - -write_sourceslist() -{ - # $1 => path to the rootfs - - MIRROR=${MIRROR:-http://archive.ubuntu.com/ubuntu} - SECURITY_MIRROR=${SECURITY_MIRROR:-http://security.ubuntu.com/ubuntu} - - cat >> "$1/etc/apt/sources.list" << EOF -deb $MIRROR ${release} main restricted universe multiverse -deb $MIRROR ${release}-updates main restricted universe multiverse -deb $SECURITY_MIRROR ${release}-security main restricted universe multiverse -EOF -} - -download_ubuntu() -{ - packages=vim,ssh,curl,wget,bash-completion,manpages,man-db,psmisc - - # Try to guess a list of langpacks to install - langpacks="language-pack-en" - - if which dpkg >/dev/null 2>&1; then - langpacks=`(echo $langpacks && - dpkg -l | grep -E "^ii language-pack-[a-z]* " | - cut -d ' ' -f3) | sort -u` - fi - packages="$packages,$(echo $langpacks | sed 's/ /,/g')" - - echo "installing packages: $packages" - - trap cleanup EXIT SIGHUP SIGINT SIGTERM - # check the mini ubuntu was not already downloaded - mkdir -p "$cache/partial" - if [ $? -ne 0 ]; then - echo "Failed to create '$cache/partial' directory" - return 1 - fi - - # download a mini ubuntu into a cache - echo "Downloading ubuntu $release minimal ..." - if [ -n "$(which qemu-debootstrap)" ]; then - qemu-debootstrap --verbose --components=main,universe --arch=$arch --include=$packages $release $cache/partial $MIRROR - else - debootstrap --verbose --components=main,universe --arch=$arch --include=$packages $release $cache/partial $MIRROR - fi - - if [ $? -ne 0 ]; then - echo "Failed to download the rootfs, aborting." - return 1 - fi - - # Serge isn't sure whether we should avoid doing this when - # $release == `distro-info -d` - echo "Installing updates" - > $cache/partial/etc/apt/sources.list - write_sourceslist $cache/partial/ $arch - - chroot "$1/partial" apt-get update - if [ $? -ne 0 ]; then - echo "Failed to update the apt cache" - return 1 - fi - cat > "$1/partial"/usr/sbin/policy-rc.d << EOF -#!/bin/sh -exit 101 -EOF - chmod +x "$1/partial"/usr/sbin/policy-rc.d - - lxc-unshare -s MOUNT -- chroot "$1/partial" apt-get dist-upgrade -y || { suggest_flush; false; } - - rm -f "$1/partial"/usr/sbin/policy-rc.d - - chroot "$1/partial" apt-get clean - - mv "$1/partial" "$1/rootfs" - trap EXIT - trap SIGINT - trap SIGTERM - trap SIGHUP - echo "Download complete" - return 0 -} - -declare cache=`readlink -f .` \ - arch=$1 \ - release=$2 - -if [ -d "${cache}/rootfs" ]; then - echo 'The rootfs cache has been built already, please remove it if you want to update' - exit 1 -fi - -download_ubuntu $cache $arch $release diff --git a/boxes/ubuntu/finalize b/boxes/ubuntu/finalize deleted file mode 100755 index 8b6e273..0000000 --- a/boxes/ubuntu/finalize +++ /dev/null @@ -1,374 +0,0 @@ -#!/bin/bash - -# This is a modified version of /usr/share/lxc/templates/lxc-ubuntu -# that comes with Ubuntu 13.04 changed to suit vagrant-lxc needs - -# -# template script for generating ubuntu container for LXC -# -# This script consolidates and extends the existing lxc ubuntu scripts -# - -# Copyright © 2011 Serge Hallyn -# Copyright © 2010 Wilhelm Meier -# Author: Wilhelm Meier -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2, as -# published by the Free Software Foundation. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. - -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# - -set -e - -if [ -r /etc/default/lxc ]; then - . /etc/default/lxc -fi - -configure_ubuntu() -{ - rootfs=$1 - release=$2 - hostname=$2 - - # configure the network using the dhcp - cat < $rootfs/etc/network/interfaces -# This file describes the network interfaces available on your system -# and how to activate them. For more information, see interfaces(5). - -# The loopback network interface -auto lo -iface lo inet loopback - -auto eth0 -iface eth0 inet dhcp -EOF - - # set the hostname - cat < $rootfs/etc/hostname -$hostname -EOF - # set minimal hosts - cat < $rootfs/etc/hosts -127.0.0.1 localhost -127.0.1.1 $hostname - -# The following lines are desirable for IPv6 capable hosts -::1 ip6-localhost ip6-loopback -fe00::0 ip6-localnet -ff00::0 ip6-mcastprefix -ff02::1 ip6-allnodes -ff02::2 ip6-allrouters -ff02::3 ip6-allhosts -EOF - - if [ ! -f $rootfs/etc/init/container-detect.conf ]; then - # suppress log level output for udev - sed -i "s/=\"err\"/=0/" $rootfs/etc/udev/udev.conf - - # remove jobs for consoles 5 and 6 since we only create 4 consoles in - # this template - rm -f $rootfs/etc/init/tty{5,6}.conf - fi - - if ! (grep -q vagrant $rootfs/etc/passwd); then - chroot $rootfs useradd --create-home -s /bin/bash vagrant - echo "vagrant:vagrant" | chroot $rootfs chpasswd - fi - - # make sure we have the current locale defined in the container - chroot $rootfs locale-gen en_US.UTF-8 - chroot $rootfs update-locale LANG=en_US.UTF-8 - - return 0 -} - -# finish setting up the user in the container by injecting ssh key and -# adding sudo group membership. -# passed-in user is 'vagrant' -finalize_user() -{ - user=$1 - - sudo_version=$(chroot $rootfs dpkg-query -W -f='${Version}' sudo) - - if chroot $rootfs dpkg --compare-versions $sudo_version gt "1.8.3p1-1"; then - groups="sudo" - else - groups="sudo admin" - fi - - for group in $groups; do - chroot $rootfs groupadd --system $group >/dev/null 2>&1 || true - chroot $rootfs adduser ${user} $group >/dev/null 2>&1 || true - done - - chroot $rootfs cp /etc/sudoers /etc/sudoers.orig >/dev/null 2>&1 || true - chroot $rootfs sed -i -e 's/%sudo\s\+ALL=(ALL:ALL)\s\+ALL/%sudo ALL=NOPASSWD:ALL/g' /etc/sudoers >/dev/null 2>&1 || true - - if [ -n "$auth_key" -a -f "$auth_key" ]; then - u_path="/home/${user}/.ssh" - root_u_path="$rootfs/$u_path" - - mkdir -p $root_u_path - cp $auth_key "$root_u_path/authorized_keys" - chroot $rootfs chown -R ${user}: "$u_path" - - echo "Inserted SSH public key from $auth_key into /home/${user}/.ssh/authorized_keys" - fi - return 0 -} - -write_sourceslist() -{ - # $1 => path to the rootfs - # $2 => architecture we want to add - # $3 => whether to use the multi-arch syntax or not - - case $2 in - amd64|i386) - MIRROR=${MIRROR:-http://archive.ubuntu.com/ubuntu} - SECURITY_MIRROR=${SECURITY_MIRROR:-http://security.ubuntu.com/ubuntu} - ;; - *) - MIRROR=${MIRROR:-http://ports.ubuntu.com/ubuntu-ports} - SECURITY_MIRROR=${SECURITY_MIRROR:-http://ports.ubuntu.com/ubuntu-ports} - ;; - esac - if [ -n "$3" ]; then - cat >> "$1/etc/apt/sources.list" << EOF -deb [arch=$2] $MIRROR ${release} main restricted universe multiverse -deb [arch=$2] $MIRROR ${release}-updates main restricted universe multiverse -deb [arch=$2] $SECURITY_MIRROR ${release}-security main restricted universe multiverse -deb-src [arch=$2] $MIRROR ${release} main restricted universe multiverse -deb-src [arch=$2] $MIRROR ${release}-updates main restricted universe multiverse -deb-src [arch=$2] $SECURITY_MIRROR ${release}-security main restricted universe multiverse -EOF - else - cat >> "$1/etc/apt/sources.list" << EOF -deb $MIRROR ${release} main restricted universe multiverse -deb $MIRROR ${release}-updates main restricted universe multiverse -deb $SECURITY_MIRROR ${release}-security main restricted universe multiverse -deb-src $MIRROR ${release} main restricted universe multiverse -deb-src $MIRROR ${release}-updates main restricted universe multiverse -deb-src $SECURITY_MIRROR ${release}-security main restricted universe multiverse -EOF - fi -} - -trim() -{ - rootfs=$1 - release=$2 - - # provide the lxc service - cat < $rootfs/etc/init/lxc.conf -# fake some events needed for correct startup other services - -description "Container Upstart" - -start on startup - -script - rm -rf /var/run/*.pid - rm -rf /var/run/network/* - /sbin/initctl emit stopped JOB=udevtrigger --no-wait - /sbin/initctl emit started JOB=udev --no-wait -end script -EOF - - # fix buggus runlevel with sshd - cat < $rootfs/etc/init/ssh.conf -# ssh - OpenBSD Secure Shell server -# -# The OpenSSH server provides secure shell access to the system. - -description "OpenSSH server" - -start on filesystem -stop on runlevel [!2345] - -expect fork -respawn -respawn limit 10 5 -umask 022 -# replaces SSHD_OOM_ADJUST in /etc/default/ssh -oom never - -pre-start script - test -x /usr/sbin/sshd || { stop; exit 0; } - test -e /etc/ssh/sshd_not_to_be_run && { stop; exit 0; } - test -c /dev/null || { stop; exit 0; } - - mkdir -p -m0755 /var/run/sshd -end script - -# if you used to set SSHD_OPTS in /etc/default/ssh, you can change the -# 'exec' line here instead -exec /usr/sbin/sshd -EOF - - cat < $rootfs/etc/init/console.conf -# console - getty -# -# This service maintains a console on tty1 from the point the system is -# started until it is shut down again. - -start on stopped rc RUNLEVEL=[2345] -stop on runlevel [!2345] - -respawn -exec /sbin/getty -8 38400 /dev/console -EOF - - cat < $rootfs/lib/init/fstab -# /lib/init/fstab: cleared out for bare-bones lxc -EOF - - # remove pointless services in a container - chroot $rootfs /usr/sbin/update-rc.d -f ondemand remove - - chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls u*.conf); do mv $f $f.orig; done' - chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls tty[2-9].conf); do mv $f $f.orig; done' - chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls plymouth*.conf); do mv $f $f.orig; done' - chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls hwclock*.conf); do mv $f $f.orig; done' - chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls module*.conf); do mv $f $f.orig; done' - - # if this isn't lucid, then we need to twiddle the network upstart bits :( - if [ $release != "lucid" ]; then - sed -i 's/^.*emission handled.*$/echo Emitting lo/' $rootfs/etc/network/if-up.d/upstart - fi -} - -post_process() -{ - rootfs=$1 - release=$2 - trim_container=$3 - - if [[ $trim_container -eq 1 ]]; then - trim $rootfs $release - elif [ ! -f $rootfs/etc/init/container-detect.conf ]; then - # Make sure we have a working resolv.conf - cresolvonf="${rootfs}/etc/resolv.conf" - mv $cresolvonf ${cresolvonf}.lxcbak - cat /etc/resolv.conf > ${cresolvonf} - - # for lucid, if not trimming, then add the ubuntu-virt - # ppa and install lxcguest - if [ $release = "lucid" ]; then - chroot $rootfs apt-get update - chroot $rootfs apt-get install --force-yes -y python-software-properties - chroot $rootfs add-apt-repository ppa:ubuntu-virt/ppa - fi - - chroot $rootfs apt-get update - chroot $rootfs apt-get install --force-yes -y lxcguest - - # Restore old resolv.conf - rm -f ${cresolvonf} - mv ${cresolvonf}.lxcbak ${cresolvonf} - fi - - # If the container isn't running a native architecture, setup multiarch - if [ -x "$(ls -1 ${rootfs}/usr/bin/qemu-*-static 2>/dev/null)" ]; then - dpkg_version=$(chroot $rootfs dpkg-query -W -f='${Version}' dpkg) - if chroot $rootfs dpkg --compare-versions $dpkg_version ge "1.16.2"; then - chroot $rootfs dpkg --add-architecture ${hostarch} - else - mkdir -p ${rootfs}/etc/dpkg/dpkg.cfg.d - echo "foreign-architecture ${hostarch}" > ${rootfs}/etc/dpkg/dpkg.cfg.d/lxc-multiarch - fi - - # Save existing value of MIRROR and SECURITY_MIRROR - DEFAULT_MIRROR=$MIRROR - DEFAULT_SECURITY_MIRROR=$SECURITY_MIRROR - - # Write a new sources.list containing both native and multiarch entries - > ${rootfs}/etc/apt/sources.list - write_sourceslist $rootfs $arch "native" - - MIRROR=$DEFAULT_MIRROR - SECURITY_MIRROR=$DEFAULT_SECURITY_MIRROR - write_sourceslist $rootfs $hostarch "multiarch" - - # Finally update the lists and install upstart using the host architecture - chroot $rootfs apt-get update - chroot $rootfs apt-get install --force-yes -y --no-install-recommends upstart:${hostarch} mountall:${hostarch} iproute:${hostarch} isc-dhcp-client:${hostarch} - fi - - # rmdir /dev/shm for containers that have /run/shm - # I'm afraid of doing rm -rf $rootfs/dev/shm, in case it did - # get bind mounted to the host's /run/shm. So try to rmdir - # it, and in case that fails move it out of the way. - if [ ! -L $rootfs/dev/shm ] && [ -d $rootfs/run/shm ] && [ -e $rootfs/dev/shm ]; then - mv $rootfs/dev/shm $rootfs/dev/shm.bak - ln -s /run/shm $rootfs/dev/shm - fi -} - -release=precise # Default to the last Ubuntu LTS release for non-Ubuntu systems -if [ -f /etc/lsb-release ]; then - . /etc/lsb-release - if [ "$DISTRIB_ID" = "Ubuntu" ]; then - release=$DISTRIB_CODENAME - fi -fi - -arch=$(uname -m) - -# Code taken from debootstrap -if [ -x /usr/bin/dpkg ] && /usr/bin/dpkg --print-architecture >/dev/null 2>&1; then - arch=`/usr/bin/dpkg --print-architecture` -elif type udpkg >/dev/null 2>&1 && udpkg --print-architecture >/dev/null 2>&1; then - arch=`/usr/bin/udpkg --print-architecture` -else - arch=$(uname -m) - if [ "$arch" = "i686" ]; then - arch="i386" - elif [ "$arch" = "x86_64" ]; then - arch="amd64" - elif [ "$arch" = "armv7l" ]; then - arch="armel" - fi -fi - - -if [ "$(id -u)" != "0" ]; then - echo "This script should be run as 'root'" - exit 1 -fi - -declare cache=`readlink -f .` \ - arch=$1 \ - release=$2 \ - auth_key=$3 - -# detect rootfs -cache=`readlink -f .` -rootfs="${cache}/rootfs" - -configure_ubuntu $rootfs $release -if [ $? -ne 0 ]; then - echo "failed to configure ubuntu $release for a container" - exit 1 -fi - -post_process $rootfs $release $trim_container - -finalize_user vagrant - -echo "" -echo "##" -echo "# The default user is 'vagrant' with password 'vagrant'!" -echo "# Use the 'sudo' command to run tasks as root in the container." -echo "##" -echo "" diff --git a/boxes/ubuntu/lxc-template b/boxes/ubuntu/lxc-template deleted file mode 100755 index da81453..0000000 --- a/boxes/ubuntu/lxc-template +++ /dev/null @@ -1,559 +0,0 @@ -#!/bin/bash - -# This is a modified version of /usr/share/lxc/templates/lxc-ubuntu -# that comes with Ubuntu 13.04 changed to suit vagrant-lxc needs - -# -# template script for generating ubuntu container for LXC -# -# This script consolidates and extends the existing lxc ubuntu scripts -# - -# Copyright © 2011 Serge Hallyn -# Copyright © 2010 Wilhelm Meier -# Author: Wilhelm Meier -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2, as -# published by the Free Software Foundation. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. - -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# - -set -e - -if [ -r /etc/default/lxc ]; then - . /etc/default/lxc -fi - -configure_ubuntu() -{ - rootfs=$1 - release=$2 - hostname=$2 - - # configure the network using the dhcp - cat < $rootfs/etc/network/interfaces -# This file describes the network interfaces available on your system -# and how to activate them. For more information, see interfaces(5). - -# The loopback network interface -auto lo -iface lo inet loopback - -auto eth0 -iface eth0 inet dhcp -EOF - - # set the hostname - cat < $rootfs/etc/hostname -$hostname -EOF - # set minimal hosts - cat < $rootfs/etc/hosts -127.0.0.1 localhost -127.0.1.1 $hostname - -# The following lines are desirable for IPv6 capable hosts -::1 ip6-localhost ip6-loopback -fe00::0 ip6-localnet -ff00::0 ip6-mcastprefix -ff02::1 ip6-allnodes -ff02::2 ip6-allrouters -ff02::3 ip6-allhosts -EOF - - if [ ! -f $rootfs/etc/init/container-detect.conf ]; then - # suppress log level output for udev - sed -i "s/=\"err\"/=0/" $rootfs/etc/udev/udev.conf - - # remove jobs for consoles 5 and 6 since we only create 4 consoles in - # this template - rm -f $rootfs/etc/init/tty{5,6}.conf - fi - - if ! (grep -q vagrant $rootfs/etc/passwd); then - chroot $rootfs useradd --create-home -s /bin/bash vagrant - echo "vagrant:vagrant" | chroot $rootfs chpasswd - fi - - # make sure we have the current locale defined in the container - chroot $rootfs locale-gen en_US.UTF-8 - chroot $rootfs update-locale LANG=en_US.UTF-8 - - return 0 -} - -# finish setting up the user in the container by injecting ssh key and -# adding sudo group membership. -# passed-in user is 'vagrant' -finalize_user() -{ - user=$1 - - sudo_version=$(chroot $rootfs dpkg-query -W -f='${Version}' sudo) - - if chroot $rootfs dpkg --compare-versions $sudo_version gt "1.8.3p1-1"; then - groups="sudo" - else - groups="sudo admin" - fi - - for group in $groups; do - chroot $rootfs groupadd --system $group >/dev/null 2>&1 || true - chroot $rootfs adduser ${user} $group >/dev/null 2>&1 || true - done - - chroot $rootfs cp /etc/sudoers /etc/sudoers.orig >/dev/null 2>&1 || true - chroot $rootfs sed -i -e 's/%sudo\s\+ALL=(ALL:ALL)\s\+ALL/%sudo ALL=NOPASSWD:ALL/g' /etc/sudoers >/dev/null 2>&1 || true - - if [ -n "$auth_key" -a -f "$auth_key" ]; then - u_path="/home/${user}/.ssh" - root_u_path="$rootfs/$u_path" - - mkdir -p $root_u_path - cp $auth_key "$root_u_path/authorized_keys" - chroot $rootfs chown -R ${user}: "$u_path" - - echo "Inserted SSH public key from $auth_key into /home/${user}/.ssh/authorized_keys" - fi - return 0 -} - -write_sourceslist() -{ - # $1 => path to the rootfs - # $2 => architecture we want to add - # $3 => whether to use the multi-arch syntax or not - - case $2 in - amd64|i386) - MIRROR=${MIRROR:-http://archive.ubuntu.com/ubuntu} - SECURITY_MIRROR=${SECURITY_MIRROR:-http://security.ubuntu.com/ubuntu} - ;; - *) - MIRROR=${MIRROR:-http://ports.ubuntu.com/ubuntu-ports} - SECURITY_MIRROR=${SECURITY_MIRROR:-http://ports.ubuntu.com/ubuntu-ports} - ;; - esac - if [ -n "$3" ]; then - cat >> "$1/etc/apt/sources.list" << EOF -deb [arch=$2] $MIRROR ${release} main restricted universe multiverse -deb [arch=$2] $MIRROR ${release}-updates main restricted universe multiverse -deb [arch=$2] $SECURITY_MIRROR ${release}-security main restricted universe multiverse -EOF - else - cat >> "$1/etc/apt/sources.list" << EOF -deb $MIRROR ${release} main restricted universe multiverse -deb $MIRROR ${release}-updates main restricted universe multiverse -deb $SECURITY_MIRROR ${release}-security main restricted universe multiverse -EOF - fi -} - -extract_rootfs() -{ - tarball=$1 - arch=$2 - rootfs=$3 - - echo "Extracting $tarball ..." - mkdir -p $(dirname $rootfs) - (cd `dirname $rootfs` && tar xfz $tarball) - return 0 -} - -install_ubuntu() -{ - rootfs=$1 - release=$2 - tarball=$3 - mkdir -p /var/lock/subsys/ - - ( - flock -x 200 - if [ $? -ne 0 ]; then - echo "Cache repository is busy." - return 1 - fi - - extract_rootfs $tarball $arch $rootfs - if [ $? -ne 0 ]; then - echo "Failed to copy rootfs" - return 1 - fi - - return 0 - - ) 200>/var/lock/subsys/lxc - - return $? -} - -copy_configuration() -{ - path=$1 - rootfs=$2 - name=$3 - arch=$4 - - if [ $arch = "i386" ]; then - arch="i686" - fi - - ttydir="" - if [ -f $rootfs/etc/init/container-detect.conf ]; then - ttydir=" lxc" - fi - - # if there is exactly one veth network entry, make sure it has an - # associated hwaddr. - nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l` - if [ $nics -eq 1 ]; then - grep -q "^lxc.network.hwaddr" $path/config || sed -i -e "/^lxc\.network\.type[ \t]*=[ \t]*veth/a lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')" $path/config - fi - - grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config - cat <> $path/config -lxc.mount = $path/fstab -lxc.pivotdir = lxc_putold - -lxc.devttydir =$ttydir -lxc.tty = 4 -lxc.pts = 1024 - -lxc.utsname = $name -lxc.arch = $arch -lxc.cap.drop = sys_module mac_admin mac_override - -# When using LXC with apparmor, uncomment the next line to run unconfined: -#lxc.aa_profile = unconfined - -lxc.cgroup.devices.deny = a -# Allow any mknod (but not using the node) -lxc.cgroup.devices.allow = c *:* m -lxc.cgroup.devices.allow = b *:* m -# /dev/null and zero -lxc.cgroup.devices.allow = c 1:3 rwm -lxc.cgroup.devices.allow = c 1:5 rwm -# consoles -lxc.cgroup.devices.allow = c 5:1 rwm -lxc.cgroup.devices.allow = c 5:0 rwm -#lxc.cgroup.devices.allow = c 4:0 rwm -#lxc.cgroup.devices.allow = c 4:1 rwm -# /dev/{,u}random -lxc.cgroup.devices.allow = c 1:9 rwm -lxc.cgroup.devices.allow = c 1:8 rwm -lxc.cgroup.devices.allow = c 136:* rwm -lxc.cgroup.devices.allow = c 5:2 rwm -# rtc -lxc.cgroup.devices.allow = c 254:0 rwm -#fuse -lxc.cgroup.devices.allow = c 10:229 rwm -#tun -lxc.cgroup.devices.allow = c 10:200 rwm -#full -lxc.cgroup.devices.allow = c 1:7 rwm -#hpet -lxc.cgroup.devices.allow = c 10:228 rwm -#kvm -lxc.cgroup.devices.allow = c 10:232 rwm -EOF - - cat < $path/fstab -proc proc proc nodev,noexec,nosuid 0 0 -sysfs sys sysfs defaults 0 0 -EOF - - if [ $? -ne 0 ]; then - echo "Failed to add configuration" - return 1 - fi - - return 0 -} - -trim() -{ - rootfs=$1 - release=$2 - - # provide the lxc service - cat < $rootfs/etc/init/lxc.conf -# fake some events needed for correct startup other services - -description "Container Upstart" - -start on startup - -script - rm -rf /var/run/*.pid - rm -rf /var/run/network/* - /sbin/initctl emit stopped JOB=udevtrigger --no-wait - /sbin/initctl emit started JOB=udev --no-wait -end script -EOF - - # fix buggus runlevel with sshd - cat < $rootfs/etc/init/ssh.conf -# ssh - OpenBSD Secure Shell server -# -# The OpenSSH server provides secure shell access to the system. - -description "OpenSSH server" - -start on filesystem -stop on runlevel [!2345] - -expect fork -respawn -respawn limit 10 5 -umask 022 -# replaces SSHD_OOM_ADJUST in /etc/default/ssh -oom never - -pre-start script - test -x /usr/sbin/sshd || { stop; exit 0; } - test -e /etc/ssh/sshd_not_to_be_run && { stop; exit 0; } - test -c /dev/null || { stop; exit 0; } - - mkdir -p -m0755 /var/run/sshd -end script - -# if you used to set SSHD_OPTS in /etc/default/ssh, you can change the -# 'exec' line here instead -exec /usr/sbin/sshd -EOF - - cat < $rootfs/etc/init/console.conf -# console - getty -# -# This service maintains a console on tty1 from the point the system is -# started until it is shut down again. - -start on stopped rc RUNLEVEL=[2345] -stop on runlevel [!2345] - -respawn -exec /sbin/getty -8 38400 /dev/console -EOF - - cat < $rootfs/lib/init/fstab -# /lib/init/fstab: cleared out for bare-bones lxc -EOF - - # remove pointless services in a container - chroot $rootfs /usr/sbin/update-rc.d -f ondemand remove - - chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls u*.conf); do mv $f $f.orig; done' - chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls tty[2-9].conf); do mv $f $f.orig; done' - chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls plymouth*.conf); do mv $f $f.orig; done' - chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls hwclock*.conf); do mv $f $f.orig; done' - chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls module*.conf); do mv $f $f.orig; done' - - # if this isn't lucid, then we need to twiddle the network upstart bits :( - if [ $release != "lucid" ]; then - sed -i 's/^.*emission handled.*$/echo Emitting lo/' $rootfs/etc/network/if-up.d/upstart - fi -} - -post_process() -{ - rootfs=$1 - release=$2 - trim_container=$3 - - if [ $trim_container -eq 1 ]; then - trim $rootfs $release - elif [ ! -f $rootfs/etc/init/container-detect.conf ]; then - # Make sure we have a working resolv.conf - cresolvonf="${rootfs}/etc/resolv.conf" - mv $cresolvonf ${cresolvonf}.lxcbak - cat /etc/resolv.conf > ${cresolvonf} - - # for lucid, if not trimming, then add the ubuntu-virt - # ppa and install lxcguest - if [ $release = "lucid" ]; then - chroot $rootfs apt-get update - chroot $rootfs apt-get install --force-yes -y python-software-properties - chroot $rootfs add-apt-repository ppa:ubuntu-virt/ppa - fi - - chroot $rootfs apt-get update - chroot $rootfs apt-get install --force-yes -y lxcguest - - # Restore old resolv.conf - rm -f ${cresolvonf} - mv ${cresolvonf}.lxcbak ${cresolvonf} - fi - - # If the container isn't running a native architecture, setup multiarch - if [ -x "$(ls -1 ${rootfs}/usr/bin/qemu-*-static 2>/dev/null)" ]; then - dpkg_version=$(chroot $rootfs dpkg-query -W -f='${Version}' dpkg) - if chroot $rootfs dpkg --compare-versions $dpkg_version ge "1.16.2"; then - chroot $rootfs dpkg --add-architecture ${hostarch} - else - mkdir -p ${rootfs}/etc/dpkg/dpkg.cfg.d - echo "foreign-architecture ${hostarch}" > ${rootfs}/etc/dpkg/dpkg.cfg.d/lxc-multiarch - fi - - # Save existing value of MIRROR and SECURITY_MIRROR - DEFAULT_MIRROR=$MIRROR - DEFAULT_SECURITY_MIRROR=$SECURITY_MIRROR - - # Write a new sources.list containing both native and multiarch entries - > ${rootfs}/etc/apt/sources.list - write_sourceslist $rootfs $arch "native" - - MIRROR=$DEFAULT_MIRROR - SECURITY_MIRROR=$DEFAULT_SECURITY_MIRROR - write_sourceslist $rootfs $hostarch "multiarch" - - # Finally update the lists and install upstart using the host architecture - chroot $rootfs apt-get update - chroot $rootfs apt-get install --force-yes -y --no-install-recommends upstart:${hostarch} mountall:${hostarch} iproute:${hostarch} isc-dhcp-client:${hostarch} - fi - - # rmdir /dev/shm for containers that have /run/shm - # I'm afraid of doing rm -rf $rootfs/dev/shm, in case it did - # get bind mounted to the host's /run/shm. So try to rmdir - # it, and in case that fails move it out of the way. - if [ ! -L $rootfs/dev/shm ] && [ -d $rootfs/run/shm ] && [ -e $rootfs/dev/shm ]; then - mv $rootfs/dev/shm $rootfs/dev/shm.bak - ln -s /run/shm $rootfs/dev/shm - fi -} - -usage() -{ - cat <] [ -S | --auth-key ] -release: the ubuntu release (e.g. precise): defaults to host release on ubuntu, otherwise uses latest LTS -trim: make a minimal (faster, but not upgrade-safe) container -arch: the container architecture (e.g. amd64): defaults to host arch -auth-key: SSH Public key file to inject into container -EOF - return 0 -} - -options=$(getopt -o a:b:hp:r:xn:FS:d:C -l arch:,help,path:,release:,trim,name:,flush-cache,auth-key:,debug:,tarball: -- "$@") -if [ $? -ne 0 ]; then - usage $(basename $0) - exit 1 -fi -eval set -- "$options" - -release=precise # Default to the last Ubuntu LTS release for non-Ubuntu systems -if [ -f /etc/lsb-release ]; then - . /etc/lsb-release - if [ "$DISTRIB_ID" = "Ubuntu" ]; then - release=$DISTRIB_CODENAME - fi -fi - -arch=$(uname -m) - -# Code taken from debootstrap -if [ -x /usr/bin/dpkg ] && /usr/bin/dpkg --print-architecture >/dev/null 2>&1; then - arch=`/usr/bin/dpkg --print-architecture` -elif type udpkg >/dev/null 2>&1 && udpkg --print-architecture >/dev/null 2>&1; then - arch=`/usr/bin/udpkg --print-architecture` -else - arch=$(uname -m) - if [ "$arch" = "i686" ]; then - arch="i386" - elif [ "$arch" = "x86_64" ]; then - arch="amd64" - elif [ "$arch" = "armv7l" ]; then - arch="armel" - fi -fi - -debug=0 -trim_container=0 -hostarch=$arch -while true -do - case "$1" in - -h|--help) usage $0 && exit 0;; - -p|--path) path=$2; shift 2;; - -n|--name) name=$2; shift 2;; - -T|--tarball) tarball=$2; shift 2;; - -r|--release) release=$2; shift 2;; - -a|--arch) arch=$2; shift 2;; - -x|--trim) trim_container=1; shift 1;; - -S|--auth-key) auth_key=$2; shift 2;; - -d|--debug) debug=1; shift 1;; - --) shift 1; break ;; - *) break ;; - esac -done - -if [ $debug -eq 1 ]; then - set -x -fi - - -if [ "$arch" == "i686" ]; then - arch=i386 -fi - -if [ $hostarch = "i386" -a $arch = "amd64" ]; then - echo "can't create amd64 container on i386" - exit 1 -fi - -if [ -z "$path" ]; then - echo "'path' parameter is required" - exit 1 -fi - -if [ "$(id -u)" != "0" ]; then - echo "This script should be run as 'root'" - exit 1 -fi - -# detect rootfs -config="$path/config" -if grep -q '^lxc.rootfs' $config 2>/dev/null ; then - rootfs=`grep 'lxc.rootfs =' $config | awk -F= '{ print $2 }'` -else - rootfs=$path/rootfs -fi - -install_ubuntu $rootfs $release $tarball -if [ $? -ne 0 ]; then - echo "failed to install ubuntu $release" - exit 1 -fi - -configure_ubuntu $rootfs $release -if [ $? -ne 0 ]; then - echo "failed to configure ubuntu $release for a container" - exit 1 -fi - -copy_configuration $path $rootfs $name $arch -if [ $? -ne 0 ]; then - echo "failed write configuration file" - exit 1 -fi - -post_process $rootfs $release $trim_container - -finalize_user vagrant - -echo "" -echo "##" -echo "# The default user is 'vagrant' with password 'vagrant'!" -echo "# Use the 'sudo' command to run tasks as root in the container." -echo "##" -echo "" diff --git a/boxes/ubuntu/metadata.json.template b/boxes/ubuntu/metadata.json.template deleted file mode 100644 index 70f414b..0000000 --- a/boxes/ubuntu/metadata.json.template +++ /dev/null @@ -1,9 +0,0 @@ -{ - "provider": "lxc", - "version": "2", - - "template-opts": { - "--arch": "ARCH", - "--release": "RELEASE" - } -} diff --git a/tasks/boxes.rake b/tasks/boxes.rake index 94dc35b..82f7ce4 100644 --- a/tasks/boxes.rake +++ b/tasks/boxes.rake @@ -1,87 +1,158 @@ +require 'time' require 'pathname' require 'rake/tasklib' -load 'tasks/boxes.v2.rake' -class BuildGenericBoxTaskV3 < BuildGenericBoxTaskV2 +class BuildGenericBoxTask < ::Rake::TaskLib + include ::Rake::DSL + + attr_reader :name + + def initialize(name, distrib, release, arch, cfg_engines) + @name = name + @distrib = distrib + @release = release.to_s + @arch = arch.to_s + @cfg_engines = cfg_engines + @file = "lxc-#{@release}-#{@arch}-#{Date.today}.box" + @scripts_path = Pathname(Dir.pwd).join('boxes') + + task name do + RakeFileUtils.send(:verbose, true) do + build + end + end + end + + def run(script_name, *args) + script = @scripts_path.join('common', script_name) + if script.readable? + sh "sudo #{script} #{args.join(' ')}" + else + STDERR.puts "cannot execute #{script_name} (not found?)" + exit 1 + end + end + def build - require 'vagrant' - check_if_box_has_been_built! FileUtils.mkdir_p 'boxes/temp' unless File.exist? 'base/temp' check_for_partially_built_box! - pwd = Dir.pwd - sh 'mkdir -p boxes/temp/' - Dir.chdir 'boxes/temp' do - download - install_cfg_engines - finalize - prepare_package_contents pwd - sh 'sudo rm -rf rootfs' - sh "tar -czf tmp-package.box ./*" + import_template do |template| + create_base_container(template) do |rootfs| + configure_vagrant_user(rootfs) + install_cfg_engines(rootfs) + prepare_package_contents(rootfs) + compress_box(rootfs) + cleanup(rootfs) + end end - - sh 'mkdir -p boxes/output' - sh "cp boxes/temp/tmp-package.box boxes/output/#{@file}" - sh "rm -rf boxes/temp" end - def finalize - auth_key = Vagrant.source_root.join('keys', 'vagrant.pub').expand_path.to_s - run 'finalize', @arch, @release, auth_key + def check_if_box_has_been_built! + return unless File.exists?("./boxes/output/#{@file}") + + puts 'Box has been built already!' + exit 1 end - def prepare_package_contents(pwd) - run 'cleanup' - sh 'sudo rm -f rootfs.tar.gz' - sh 'sudo tar --numeric-owner -czf rootfs.tar.gz ./rootfs/*' - sh "sudo chown #{ENV['USER']}:#{`id -gn`.strip} rootfs.tar.gz" - sh "cp #{pwd}/boxes/common/lxc-template ." - sh "cp #{pwd}/boxes/common/lxc.conf ." - sh "cp #{pwd}/boxes/common/metadata.json ." + def check_for_partially_built_box! + return unless Dir.entries('boxes/temp').size > 2 + + puts 'There is a partially built box under ' + + File.expand_path('./boxes/temp') + + ', please remove it before building a new box' + exit 1 + end + + def create_base_container(template) + puts "TODO: Create base container with #{template}" + yield "/var/lib/lxc/vagrant-base-box-tmp/rootfs" + end + + def configure_vagrant_user(rootfs) + puts "TODO: Configure vagrant user under #{rootfs}" + end + + def install_cfg_engines(rootfs) + puts "TODO: Install cfg engines under #{rootfs}" + end + + def prepare_package_contents(rootfs) + puts "TODO: Prepare pkg contents under #{rootfs}" + end + + def compress_box(rootfs) + puts "TODO: Compress base box under #{rootfs}" + end + + def cleanup(rootfs) + puts "TODO: Cleanup under #{rootfs}" + end + + def import_template + template_name = "vagrant-base-box-tmp" + tmp_template_path = templates_path.join("lxc-#{template_name}") + src = "./boxes/templates/#{@distrib}" + + sh "sudo cp #{src} #{tmp_template_path}" + + yield template_name + ensure + sh "sudo rm #{tmp_template_path}" if tmp_template_path.file? + end + + TEMPLATES_PATH_LOOKUP = %w( + /usr/share/lxc/templates + /usr/lib/lxc/templates + /usr/lib64/lxc/templates + /usr/local/lib/lxc/templates + ) + def templates_path + return @templates_path if @templates_path + + path = TEMPLATES_PATH_LOOKUP.find { |candidate| File.directory?(candidate) } + raise 'Unable to identify lxc templates path!' unless path + + @templates_path = Pathname(path) end end -class BuildDebianBoxTaskV3 < BuildGenericBoxTaskV3 +class BuildDebianBoxTask < BuildGenericBoxTask def initialize(name, release, arch, opts = {}) super(name, 'debian', release, arch, opts) end end -class BuildUbuntuBoxTaskV3 < BuildGenericBoxTaskV3 +class BuildUbuntuBoxTask < BuildGenericBoxTask def initialize(name, release, arch, opts = {}) super(name, 'ubuntu', release, arch, opts) end end -puppet = ENV['PUPPET'] == '1' -babushka = ENV['BABUSHKA'] == '1' -salt = ENV['SALT'] == '1' +cfg_engines = { + puppet: ENV['PUPPET'] == '1', + babushka: ENV['BABUSHKA'] == '1', + salt: ENV['SALT'] == '1', + chef: ENV['CHEF'] == '1' +} namespace :boxes do namespace :ubuntu do namespace :build do desc 'Build an Ubuntu Precise 64 bits box' - BuildUbuntuBoxTaskV3. - new(:precise64, - :precise, 'amd64', puppet: puppet, babushka: babushka, salt: salt) + BuildUbuntuBoxTask.new(:precise64, :precise, 'amd64', cfg_engines) desc 'Build an Ubuntu Quantal 64 bits box' - BuildUbuntuBoxTaskV3. - new(:quantal64, - :quantal, 'amd64', puppet: puppet, babushka: babushka, salt: salt) + BuildUbuntuBoxTask.new(:quantal64, :quantal, 'amd64', cfg_engines) desc 'Build an Ubuntu Raring 64 bits box' - BuildUbuntuBoxTaskV3. - new(:raring64, - :raring, 'amd64', puppet: puppet, babushka: babushka, salt: salt) + BuildUbuntuBoxTask.new(:raring64, :raring, 'amd64', cfg_engines) desc 'Build an Ubuntu Saucy 64 bits box' - BuildUbuntuBoxTaskV3. - new(:saucy64, - :saucy, 'amd64', puppet: puppet, babushka: babushka, salt: salt) + BuildUbuntuBoxTask.new(:saucy64, :saucy, 'amd64', cfg_engines) desc 'Build all Ubuntu boxes' task :all => %w( precise64 quantal64 raring64 saucy64 ) @@ -89,21 +160,16 @@ namespace :boxes do end namespace :debian do + %w( chef salt).each { |cfg| cfg_engines.delete(cfg.to_sym) } namespace :build do desc 'Build an Debian Squeeze 64 bits box' - BuildDebianBoxTaskV3. - new(:squeeze64, - :squeeze, 'amd64', puppet: puppet, babushka: babushka, salt: false) + BuildDebianBoxTask.new(:squeeze64, :squeeze, 'amd64', cfg_engines) desc 'Build an Debian Wheezy 64 bits box' - BuildDebianBoxTaskV3. - new(:wheezy64, - :wheezy, 'amd64', puppet: puppet, babushka: babushka, salt: false) + BuildDebianBoxTask.new(:wheezy64, :wheezy, 'amd64', cfg_engines) desc 'Build an Debian Sid/unstable 64 bits box' - BuildDebianBoxTaskV3. - new(:sid64, - :sid, 'amd64', puppet: puppet, babushka: babushka, salt: false) + BuildDebianBoxTask.new(:sid64, :sid, 'amd64', cfg_engines) desc 'Build all Debian boxes' task :all => %w( squeeze64 wheezy64 sid64 )