Getting close to finish new structure for building ubuntu boxes
This commit is contained in:
parent
4a18c7a05a
commit
f927f65ec1
5 changed files with 109 additions and 7 deletions
|
@ -6,9 +6,10 @@ default:
|
|||
all: $(UBUNTU_BOXES)
|
||||
|
||||
$(UBUNTU_BOXES): CONTAINER = "vagrant-lxc-base-${@}-amd64-${TODAY}"
|
||||
$(UBUNTU_BOXES): PACKAGE = "output/$(CONTAINER).box"
|
||||
$(UBUNTU_BOXES): PACKAGE = "output/vagrant-lxc-${@}-amd64-${TODAY}.box"
|
||||
$(UBUNTU_BOXES):
|
||||
@sudo -E ./mk-ubuntu.sh $(@) amd64 $(CONTAINER) $(PACKAGE)
|
||||
@chmod +rw $(PACKAGE)
|
||||
|
||||
clean:
|
||||
@echo "Implement clean"
|
||||
|
|
|
@ -29,4 +29,7 @@ lxc-create -n ${CONTAINER} -t download -- \
|
|||
--dist ${DISTRIBUTION} \
|
||||
--release ${RELEASE} \
|
||||
--arch ${ARCH}
|
||||
|
||||
# TODO: Nicely handle boxes that don't have an image associated
|
||||
|
||||
log "Container created!"
|
||||
|
|
|
@ -3,19 +3,46 @@ set -e
|
|||
|
||||
source common/ui.sh
|
||||
|
||||
# TODO: Create file with build date / time on container
|
||||
|
||||
info "Packaging '${CONTAINER}' to '${PACKAGE}'..."
|
||||
|
||||
debug 'Stopping container'
|
||||
lxc-stop -n ${CONTAINER} &>/dev/null || true
|
||||
|
||||
debug "Removing previous rootfs tarbal"
|
||||
if [ -f ${WORKING_DIR}/rootfs.tar.gz ]; then
|
||||
log "Removing previous rootfs tarbal"
|
||||
rm -f ${WORKING_DIR}/rootfs.tar.gz
|
||||
fi
|
||||
|
||||
log "Compressing container's rootfs"
|
||||
cd $(dirname ${ROOTFS})
|
||||
tar --numeric-owner -czf ${WORKING_DIR}/rootfs.tar.gz ./rootfs/*
|
||||
pushd $(dirname ${ROOTFS}) &>/dev/null
|
||||
tar --numeric-owner --anchored --exclude=./rootfs/dev/log -czf \
|
||||
${WORKING_DIR}/rootfs.tar.gz ./rootfs/*
|
||||
popd &>/dev/null
|
||||
|
||||
# Prepare package contents
|
||||
cd ${WORKING_DIR}
|
||||
pushd ${WORKING_DIR} &>/dev/null
|
||||
warn "TODO: Package on `pwd`"
|
||||
warn "TODO: Add creation date"
|
||||
warn "TODO: Fix hostname (its too big!)"
|
||||
popd &>/dev/null
|
||||
|
||||
warn 'TODO: Package!'
|
||||
# cp $LXC_TEMPLATE .
|
||||
# cp $LXC_CONF .
|
||||
# cp $METATADA_JSON .
|
||||
# chmod +x lxc-template
|
||||
# sed -i "s/<TODAY>/${NOW}/" metadata.json
|
||||
#
|
||||
# # Vagrant box!
|
||||
# tar -czf $PKG ./*
|
||||
#
|
||||
# chmod +rw ${WORKING_DIR}/${PKG}
|
||||
# mkdir -p ${CWD}/output
|
||||
# mv ${WORKING_DIR}/${PKG} ${CWD}/output
|
||||
#
|
||||
# # Clean up after ourselves
|
||||
# rm -rf ${WORKING_DIR}
|
||||
# lxc-destroy -n ${RELEASE}-base
|
||||
#
|
||||
# echo "The base box was built successfully to ${CWD}/output/${PKG}"
|
||||
|
|
|
@ -12,6 +12,7 @@ info() {
|
|||
echo -e "${OK_COLOR}==> [${RELEASE}] ${1}${NO_COLOR}"
|
||||
}
|
||||
|
||||
# TODO: Add a file lock so we can build in parallel
|
||||
confirm() {
|
||||
question=${1}
|
||||
default=${2}
|
||||
|
|
70
boxes/conf/ubuntu
Normal file
70
boxes/conf/ubuntu
Normal file
|
@ -0,0 +1,70 @@
|
|||
# Default pivot location
|
||||
lxc.pivotdir = lxc_putold
|
||||
|
||||
# Default mount entries
|
||||
lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
|
||||
lxc.mount.entry = sysfs sys sysfs defaults 0 0
|
||||
lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0
|
||||
lxc.mount.entry = /sys/kernel/debug sys/kernel/debug none bind,optional 0 0
|
||||
lxc.mount.entry = /sys/kernel/security sys/kernel/security none bind,optional 0 0
|
||||
lxc.mount.entry = /sys/fs/pstore sys/fs/pstore none bind,optional 0 0
|
||||
|
||||
# Default console settings
|
||||
lxc.devttydir = lxc
|
||||
lxc.tty = 4
|
||||
lxc.pts = 1024
|
||||
|
||||
# Default capabilities
|
||||
lxc.cap.drop = sys_module mac_admin mac_override sys_time
|
||||
|
||||
# When using LXC with apparmor, the container will be confined by default.
|
||||
# If you wish for it to instead run unconfined, copy the following line
|
||||
# (uncommented) to the container's configuration file.
|
||||
#lxc.aa_profile = unconfined
|
||||
|
||||
# To support container nesting on an Ubuntu host while retaining most of
|
||||
# apparmor's added security, use the following two lines instead.
|
||||
#lxc.aa_profile = lxc-container-default-with-nesting
|
||||
#lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups
|
||||
|
||||
# Uncomment the following line to autodetect squid-deb-proxy configuration on the
|
||||
# host and forward it to the guest at start time.
|
||||
#lxc.hook.pre-start = /usr/share/lxc/hooks/squid-deb-proxy-client
|
||||
|
||||
# If you wish to allow mounting block filesystems, then use the following
|
||||
# line instead, and make sure to grant access to the block device and/or loop
|
||||
# devices below in lxc.cgroup.devices.allow.
|
||||
#lxc.aa_profile = lxc-container-default-with-mounting
|
||||
|
||||
# Default cgroup limits
|
||||
lxc.cgroup.devices.deny = a
|
||||
## Allow any mknod (but not using the node)
|
||||
lxc.cgroup.devices.allow = c *:* m
|
||||
lxc.cgroup.devices.allow = b *:* m
|
||||
## /dev/null and zero
|
||||
lxc.cgroup.devices.allow = c 1:3 rwm
|
||||
lxc.cgroup.devices.allow = c 1:5 rwm
|
||||
## consoles
|
||||
lxc.cgroup.devices.allow = c 5:0 rwm
|
||||
lxc.cgroup.devices.allow = c 5:1 rwm
|
||||
## /dev/{,u}random
|
||||
lxc.cgroup.devices.allow = c 1:8 rwm
|
||||
lxc.cgroup.devices.allow = c 1:9 rwm
|
||||
## /dev/pts/*
|
||||
lxc.cgroup.devices.allow = c 5:2 rwm
|
||||
lxc.cgroup.devices.allow = c 136:* rwm
|
||||
## rtc
|
||||
lxc.cgroup.devices.allow = c 254:0 rm
|
||||
## fuse
|
||||
lxc.cgroup.devices.allow = c 10:229 rwm
|
||||
## tun
|
||||
lxc.cgroup.devices.allow = c 10:200 rwm
|
||||
## full
|
||||
lxc.cgroup.devices.allow = c 1:7 rwm
|
||||
## hpet
|
||||
lxc.cgroup.devices.allow = c 10:228 rwm
|
||||
## kvm
|
||||
lxc.cgroup.devices.allow = c 10:232 rwm
|
||||
## To use loop devices, copy the following line to the container's
|
||||
## configuration file (uncommented).
|
||||
#lxc.cgroup.devices.allow = b 7:* rwm
|
Loading…
Reference in a new issue