Commit graph

1128 commits

Author SHA1 Message Date
Virgil Dupras
d35ee4aed0
Merge pull request #410 from ChaosCloud/abk
vagrant-lxc-wrapper need to allow sudoer first-found binary path
2017-12-11 17:07:21 -05:00
Virgil Dupras
03c23d7df8 README: mention incompatibility with LXC v2.1
see #445
2017-12-11 14:51:09 -05:00
Virgil Dupras
10c53c54d7 Support alternative lxcpath in sudo wrapper
The previously hardcoded lxc path prevented the sudo wrapper from
working in environment with alternative `lxcpath`.

I had to move `sudo_wrapper` from `provider` to `LXC` because the
concept of "provider" is tied to a machine when a command sush as
`sudoers` is not.

Fixes #413 and #399
2017-12-11 11:48:19 -05:00
Virgil Dupras
2ce460bc30
Merge pull request #438 from fkleon/fix-sudoers-vagrant-1.9.x
Update pipework regexp for sudo wrapper
2017-12-11 10:20:36 -05:00
Virgil Dupras
553f1b5ed0 lxc-template: make runnable by unprivileged users
lxc-template needlessly require root privileges in two places:

1. lock file location for `flock`
2. failing on `tar` failure during rootfs extraction

For `flock`, it's not necessary that the lock file be in `/var/lock`, it
can be anywhere. Why not put it in `LXC_PATH`?

For the failing `tar` thing, that's because some device are created with
`mknod` which unprivileged users can't do. These device, however, are
not necessary for the container to run well. We can ignore `tar`'s error
exit code.

I replaced the exist code check by a check for the existence of
`/bin/true` in rootfs. I think that it's a good indication of whether
the rootfs was extracted.

Why am I making this change? Because I'd like to add support for
unprivileged containers in `vagrant-lxc` but it's kind of a big change
to make at once, so I thought I'd go incrementally.
2017-12-09 19:36:54 -05:00
Frederik Leonhardt
1f805f6deb Update pipework regexp for sudo wrapper
On Vagrant 1.9+ plugin gems are installed into a different folder, their path
containing the ruby version. This updates the regular expression whitelisting
the pipework script to reflect this change.
2017-02-09 15:55:32 +13:00
Brandon Rhodes
43aa9bfb3e Avoid Timed out error when umask is 027 or 077
If LXC commands are run with a restrictive umask like 027 or 077, then
the root directory of new containers will lack read `r` and access `x`
permission for non-root users.  The first failure to result from this
during `vagrant up` is that the SSH daemon cannot read the crucial file
`/home/vagrant/.ssh/authorized_keys` after it drops privileges to the
level of the `vagrant` user.  The result is the familiar:

```
    default: Warning: Authentication failure. Retrying...
    default: Warning: Authentication failure. Retrying...
Timed out while waiting for the machine to boot. This means that
Vagrant was unable to communicate with the guest machine within
the configured ("config.vm.boot_timeout" value) time period.
```

So we should make sure that we run all LXC commands with a umask that at
least does not prevent group and world `r` and `x` bits from being set
in newly created files and directories.
2017-01-29 13:53:09 -05:00
Cam Cope
851f58d42a v1.2.3 2016-12-20 20:20:38 -08:00
Cam Cope
fdb7222965 Fix bad version in Gemfile.lock 2016-12-20 20:20:07 -08:00
Cam Cope
4fd0635204 v.1.2.2 2016-12-20 20:08:47 -08:00
Cam Cope
ae18c05b2b Merge pull request #426 from fonsecas72/patch-1
Make fetch_ip_tries configurable
2016-11-11 12:33:18 -05:00
Hugo Fonseca
6d8580a294 default values goes to finalize 2016-11-11 08:34:42 +00:00
Hugo Fonseca
cac4910296 tries amount of fetching ip is now configurable 2016-11-09 14:38:05 +00:00
Hugo Fonseca
2d63603d85 Increase the re-tries amount 2016-11-07 15:34:48 +00:00
Cam Cope
a68a1de21f Merge pull request #423 from sergle/master
Load locale file only once
2016-10-21 00:54:57 -07:00
Sergey Leschenko
671bd55cea Make code similar to other providers 2016-10-20 13:39:33 +03:00
Sergey Leschenko
1c2208a30e Load locale file only once 2016-10-18 14:40:37 +03:00
Tobias Schramm
0cdd4d352c Fixes #420 (blaze it) 2016-08-22 22:27:00 +02:00
Cam Cope
62535b6465 Merge pull request #411 from ccope/preserve-xattrs
Preserve xattrs in container rootfs
2016-06-02 00:16:40 -07:00
Cam Cope
932a7808be Merge pull request #408 from swettk/master
Forward port latest pipework script
2016-05-30 16:35:59 -07:00
Cam Cope
9dd12bfcdf update dependencies in the README 2016-05-11 16:54:12 -07:00
Cam Cope
6dcf584b25 preserve xattrs 2016-05-11 16:54:12 -07:00
Robert Heinzmann
544c061e65 Fix handling of non-fatal lxc-stop return code
Fixes #405
2016-05-11 16:50:29 -07:00
AbhishekKr
848383e081 vagrant-lxc-wrapper need to allow sudoer first-found binary path
sudoer PATH may have different order than current user
2016-05-11 23:51:29 +05:30
Keith Swett
d4e5122c6c Forward port latest pipework script 2016-04-26 19:52:57 +00:00
Robin Gloster
aa5fb7a932 1.2.1 2015-09-24 14:14:26 +00:00
Franz Pletz
81d70d26d3 Merge pull request #393 from mayflower/fix-sudo-wrapper
fix sudo wrapper
2015-09-24 15:27:40 +02:00
Robin Gloster
4c969a6ae7 fix sudo wrapper 2015-09-23 18:15:28 +00:00
Franz Pletz
1fb64dbbdf Merge pull request #392 from danielhodder/improve-lxc-missing-message
Added lxc-create to the error message
2015-09-21 01:16:21 +02:00
danielh
d11b6f2dc7 Added lxc-create to the error message
Added the command that vagrant-lxc is actually trying to run when it can't find the lxc-create command
2015-09-20 15:30:09 +12:00
Fabio Rehm
ad39aa9645 Update README.md 2015-09-17 12:43:57 -03:00
Fabio Rehm
050c160de2 v1.2.0 2015-09-15 09:57:48 -03:00
Robin Gloster
3d924985dd Prepare 1.2.0 2015-09-14 09:33:25 +00:00
Robin Gloster
95bfdfd54d explicitly add overlayfs as backingstore to readme
fixes #351
2015-09-08 21:00:26 +00:00
Robin Gloster
25d10cd3bc fix shebang in pipework 2015-09-08 20:54:29 +00:00
Franz Pletz
86381bfeee Merge branch 'stucki-create-bridge-if-missing' (PR #380) 2015-08-28 15:01:30 +02:00
Michael Stucki
7c778dfb4d Fix warning message 2015-08-28 15:00:37 +02:00
Michael Stucki
9e5637a9fe Do not remove system bridge virbr0 2015-08-28 15:00:37 +02:00
Michael Stucki
3257bd25bb Fix variable name 2015-08-28 15:00:37 +02:00
Andriy
06bbc7a5ef Update gc_private_network_bridges.rb 2015-08-28 15:00:37 +02:00
Andriy
6136ebb966 Update driver.rb
Fixing https://github.com/fgrehm/vagrant-lxc/issues/353 issue
2015-08-28 15:00:37 +02:00
Cam Cope
9b70f3daab make /tmp a tmpfs 2015-08-28 14:58:16 +02:00
Cam Cope
2accd886fa remove /tmp cleanup, fixes lvm rootfs 2015-08-28 14:58:16 +02:00
Robin Gloster
993e430ccc Use /usr/bin/env CMD instead of hardcoded paths
This fixes commands that currently rely on hardcoded paths and break
on systems like NixOS that don't have all binaries in /usr/bin etc.
2015-08-28 14:58:16 +02:00
Robin Gloster
ea99d13f76 Fix test on NixOS
Tempfile can be created in /run, too.
2015-08-28 14:58:16 +02:00
Robin Gloster
fddd8cc257 Update gems to resolve dependencies on NixOS 2015-08-28 14:58:16 +02:00
Robin Gloster
611a86ce84 do not copy the lxc template instead use the full path 2015-08-28 14:58:16 +02:00
Robin Gloster
e5a55d1020 fix shebang in template 2015-08-28 14:58:16 +02:00
Antonio Terceiro
64f561073c forward_ports: bind to localhost only by default
This has been raised as security concern on vagrant itself, and fixed
there some time ago.
2015-08-28 14:58:16 +02:00
Franz Pletz
0c353598f8 Merge pull request #362 from ccope/halt-lvm-fix
remove /tmp cleanup command, fixes lvm rootfs
2015-08-28 14:50:51 +02:00