UBUNTU_BOXES= precise quantal raring saucy trusty utopic
DEBIAN_BOXES= squeeze wheezy sid jessie
CENTOS_BOXES= 6
+FEDORA_BOXES= 20 19
TODAY=$(shell date -u +"%Y-%m-%d")
# Replace i686 with i386 and x86_64 with amd64
default:
-all: ubuntu debian
+all: ubuntu debian fedora
ubuntu: $(UBUNTU_BOXES)
debian: $(DEBIAN_BOXES)
centos: $(CENTOS_BOXES)
+fedora: $(FEDORA_BOXES)
# REFACTOR: Figure out how can we reduce duplicated code
$(UBUNTU_BOXES): CONTAINER = "vagrant-base-${@}-$(ARCH)"
@sudo -E ./mk-centos.sh $(@) $(ARCH) $(CONTAINER) $(PACKAGE)
@sudo chmod +rw $(PACKAGE)
@sudo chown ${USER}: $(PACKAGE)
+$(FEDORA_BOXES): CONTAINER = "vagrant-base-fedora-${@}-$(ARCH)"
+$(FEDORA_BOXES): PACKAGE = "output/${TODAY}/vagrant-lxc-fedora-${@}-$(ARCH).box"
+$(FEDORA_BOXES):
+ @mkdir -p $$(dirname $(PACKAGE))
+ @sudo -E ./mk-fedora.sh $(@) $(ARCH) $(CONTAINER) $(PACKAGE)
+ @sudo chmod +rw $(PACKAGE)
+ @sudo chown ${USER}: $(PACKAGE)
acceptance: CONTAINER = "vagrant-base-acceptance-$(ARCH)"
acceptance: PACKAGE = "output/${TODAY}/vagrant-lxc-acceptance-$(ARCH).box"
git tag $(version)
git push && git push --tags
-clean: ALL_BOXES = ${DEBIAN_BOXES} ${UBUNTU_BOXES} ${CENTOS_BOXES} acceptance
+clean: ALL_BOXES = ${DEBIAN_BOXES} ${UBUNTU_BOXES} ${CENTOS_BOXES} ${FEDORA_BOXES} acceptance
clean:
@for r in $(ALL_BOXES); do \
sudo -E ./clean.sh $${r}\
--release ${RELEASE} \
--arch ${ARCH}
fi
+
+if [ ${DISTRIBUTION} = 'fedora' ]; then
+ # Improve systemd support:
+ # - The fedora template does it but the fedora images from the download
+ # template apparently don't.
+ utils.lxc.stop
+ echo >> /var/lib/lxc/${CONTAINER}/config
+ echo "# settings for systemd with PID 1:" >> /var/lib/lxc/${CONTAINER}/config
+ echo "lxc.kmsg = 0" >> /var/lib/lxc/${CONTAINER}/config
+ echo "lxc.autodev = 1" >> /var/lib/lxc/${CONTAINER}/config
+ utils.lxc.start
+fi
+
log "Container created!"
chroot ${ROOTFS} groupmod -n vagrant ubuntu &>> ${LOG}
echo -n 'vagrant:vagrant' | chroot ${ROOTFS} chpasswd
log 'Renamed ubuntu user to vagrant and changed password.'
-elif [ ${DISTRIBUTION} = 'centos' ]; then
+elif [ ${DISTRIBUTION} = 'centos' -o ${DISTRIBUTION} = 'fedora' ]; then
debug 'Creating vagrant user...'
chroot ${ROOTFS} useradd --create-home -s /bin/bash -u 1000 vagrant &>> ${LOG}
echo -n 'vagrant:vagrant' | chroot ${ROOTFS} chpasswd
--- /dev/null
+# work better with systemd:
+lxc.autodev = 1
+lxc.kmsg = 0
+
+# Taken from the oracle.common.conf.in
+# Console settings
+
+lxc.devttydir = lxc
+lxc.tty = 4
+lxc.pts = 1024
+
+# Mount entries
+lxc.mount.auto = proc:mixed sys:ro
+
+# Ensure hostname is changed on clone
+lxc.hook.clone = /usr/share/lxc/hooks/clonehostname
+
+# Capabilities
+# Uncomment these if you don't run anything that needs the capability, and
+# would like the container to run with less privilege.
+#
+# Dropping sys_admin disables container root from doing a lot of things
+# that could be bad like re-mounting lxc fstab entries rw for example,
+# but also disables some useful things like being able to nfs mount, and
+# things that are already namespaced with ns_capable() kernel checks, like
+# hostname(1).
+# lxc.cap.drop = sys_admin
+# lxc.cap.drop = net_raw # breaks dhcp/ping
+# lxc.cap.drop = setgid # breaks login (initgroups/setgroups)
+# lxc.cap.drop = dac_read_search # breaks login (pam unix_chkpwd)
+# lxc.cap.drop = setuid # breaks sshd,nfs statd
+# lxc.cap.drop = audit_control # breaks sshd (set_loginuid failed)
+# lxc.cap.drop = audit_write
+# big big login delays in Fedora 20 systemd:
+#lxc.cap.drop = setpcap
+#
+lxc.cap.drop = mac_admin mac_override
+lxc.cap.drop = setfcap
+lxc.cap.drop = sys_module sys_nice sys_pacct
+lxc.cap.drop = sys_rawio sys_time
+
+# Control Group devices: all denied except those whitelisted
+lxc.cgroup.devices.deny = a
+# Allow any mknod (but not reading/writing the node)
+lxc.cgroup.devices.allow = c *:* m
+lxc.cgroup.devices.allow = b *:* m
+## /dev/null
+lxc.cgroup.devices.allow = c 1:3 rwm
+## /dev/zero
+lxc.cgroup.devices.allow = c 1:5 rwm
+## /dev/full
+lxc.cgroup.devices.allow = c 1:7 rwm
+## /dev/tty
+lxc.cgroup.devices.allow = c 5:0 rwm
+## /dev/random
+lxc.cgroup.devices.allow = c 1:8 rwm
+## /dev/urandom
+lxc.cgroup.devices.allow = c 1:9 rwm
+## /dev/tty[1-4] ptys and lxc console
+lxc.cgroup.devices.allow = c 136:* rwm
+## /dev/ptmx pty master
+lxc.cgroup.devices.allow = c 5:2 rwm
+
+# Blacklist some syscalls which are not safe in privileged
+# containers
+lxc.seccomp = /usr/share/lxc/config/common.seccomp
--- /dev/null
+#!/bin/bash
+set -e
+
+source common/ui.sh
+source common/utils.sh
+
+debug 'Bringing container up'
+utils.lxc.start
+
+info "Cleaning up '${CONTAINER}'..."
+
+log 'Removing temporary files...'
+rm -rf ${ROOTFS}/tmp/*
+
+log 'cleaning up dhcp leases'
+rm -f ${ROOTFS}/var/lib/dhcp/*
--- /dev/null
+#!/bin/bash
+set -e
+
+source common/ui.sh
+source common/utils.sh
+
+info 'Installing extra packages and upgrading'
+
+debug 'Bringing container up'
+utils.lxc.start
+
+# Sleep for a bit so that the container can get an IP
+SECS=20
+log "Sleeping for $SECS seconds..."
+sleep $SECS
+
+# TODO: Support for appending to this list from outside
+PACKAGES=(vim curl wget man-db bash-completion ca-certificates sudo openssh-server)
+
+utils.lxc.attach yum update -y
+utils.lxc.attach yum install ${PACKAGES[*]} -y
--- /dev/null
+#!/bin/bash
+set -e
+
+source common/ui.sh
+
+if [ "$(id -u)" != "0" ]; then
+ echo "You should run this script as root (sudo)."
+ exit 1
+fi
+
+export DISTRIBUTION='fedora'
+export RELEASE=$1
+export ARCH=$2
+export CONTAINER=$3
+export PACKAGE=$4
+export ROOTFS="/var/lib/lxc/${CONTAINER}/rootfs"
+export WORKING_DIR="/tmp/${CONTAINER}"
+export NOW=$(date -u)
+export LOG=$(readlink -f .)/log/${CONTAINER}.log
+
+mkdir -p $(dirname $LOG)
+echo '############################################' > ${LOG}
+echo "# Beginning build at $(date)" >> ${LOG}
+touch ${LOG}
+chmod +rw ${LOG}
+
+if [ -f ${PACKAGE} ]; then
+ warn "The box '${PACKAGE}' already exists, skipping..."
+ echo
+ exit
+fi
+
+debug "Creating ${WORKING_DIR}"
+mkdir -p ${WORKING_DIR}
+
+info "Building box to '${PACKAGE}'..."
+
+./common/download.sh ${DISTRIBUTION} ${RELEASE} ${ARCH} ${CONTAINER}
+./fedora/install-extras.sh ${CONTAINER}
+./common/prepare-vagrant-user.sh ${DISTRIBUTION} ${CONTAINER}
+./fedora/clean.sh ${CONTAINER}
+./common/package.sh ${CONTAINER} ${PACKAGE}
+
+info "Finished building '${PACKAGE}'!"
+log "Run \`sudo lxc-destroy -n ${CONTAINER}\` or \`make clean\` to remove the container that was created along the way"
+echo
git.samba.org / obnox / vagrant / vagrant-lxc-base-boxes.git / commitdiff