actions/setup-forgejo
actions/setup-forgejo
1
0
Fork 0
mirror of https://code.forgejo.org/actions/setup-forgejo.git synced 2024-11-27 08:40:57 -05:00
Code Issues Projects Releases Packages Wiki Activity

upgrade lxc-helpers

Browse source
This commit is contained in:
Earl Warren 2023-12-02 23:14:08 +01:00
parent 75cc10f9ca
commit 00a4cd9916
No known key found for this signature in database
GPG key ID: 0579CB2928A78A00
2 changed files with 77 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
lxc-helpers-lib.sh
View file

@ -7,6 +7,9 @@ LXC_SELF_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
LXC_BIN=/usr/local/bin LXC_BIN=/usr/local/bin
LXC_CONTAINER_CONFIG_ALL="unprivileged lxc libvirt docker k8s" LXC_CONTAINER_CONFIG_ALL="unprivileged lxc libvirt docker k8s"
LXC_CONTAINER_CONFIG_DEFAULT="lxc libvirt docker" LXC_CONTAINER_CONFIG_DEFAULT="lxc libvirt docker"
LXC_IPV6_PREFIX_DEFAULT="fc15"
LXC_DOCKER_PREFIX_DEFAULT="172.17"
LXC_IPV6_DOCKER_PREFIX_DEFAULT="fd00:d0ca"
: ${LXC_SUDO:=} : ${LXC_SUDO:=}
: ${LXC_CONTAINER_RELEASE:=bookworm} : ${LXC_CONTAINER_RELEASE:=bookworm}
@ -372,12 +375,14 @@ function lxc_apt_install_inside() {
function lxc_install_lxc() { function lxc_install_lxc() {
local name="$1" local name="$1"
local prefix="$2" local prefix="$2"
local prefixv6="$3"
lxc_container_inside $name lxc_install_lxc_inside $prefix lxc_container_inside $name lxc_install_lxc_inside $prefix $prefixv6
} }
function lxc_install_lxc_inside() { function lxc_install_lxc_inside() {
local prefix="$1" local prefix="$1"
local prefixv6="${2:-$LXC_IPV6_PREFIX_DEFAULT}"
local packages="make git libvirt0 libpam-cgfs bridge-utils uidmap dnsmasq-base dnsmasq dnsmasq-utils qemu-user-static lxc-templates debootstrap" local packages="make git libvirt0 libpam-cgfs bridge-utils uidmap dnsmasq-base dnsmasq dnsmasq-utils qemu-user-static lxc-templates debootstrap"
if test "$(lxc_release)" = bookworm ; then if test "$(lxc_release)" = bookworm ; then
@ -398,6 +403,10 @@ LXC_NETMASK="255.255.255.0"
LXC_NETWORK="$prefix.0/24" LXC_NETWORK="$prefix.0/24"
LXC_DHCP_RANGE="$prefix.2,$prefix.254" LXC_DHCP_RANGE="$prefix.2,$prefix.254"
LXC_DHCP_MAX="253" LXC_DHCP_MAX="253"
LXC_IPV6_ADDR="$prefixv6::216:3eff:fe00:1"
LXC_IPV6_MASK="64"
LXC_IPV6_NETWORK="$prefixv6::/64"
LXC_IPV6_NAT="true"
EOF EOF
systemctl start lxc-net systemctl start lxc-net
fi fi
@ -410,5 +419,16 @@ function lxc_install_docker() {
} }
function lxc_install_docker_inside() { function lxc_install_docker_inside() {
mkdir /etc/docker
cat > /etc/docker/daemon.json <<EOF
{
"ipv6": true,
"fixed-cidr-v6": "$LXC_IPV6_DOCKER_PREFIX_DEFAULT:1::/64",
"default-address-pools": [
{"base": "$LXC_DOCKER_PREFIX_DEFAULT.0.0/16", "size": 24},
{"base": "$LXC_IPV6_DOCKER_PREFIX_DEFAULT:2::/104", "size": 112}
]
}
EOF
lxc_apt_install_inside docker.io docker-compose lxc_apt_install_inside docker.io docker-compose
} }

72
lxc-helpers.sh
View file

@ -13,36 +13,37 @@ function verbose() {
function help() { function help() {
cat <<'EOF' cat <<'EOF'
lxc-helpers - LXC container management helpers lxc-helpers.sh - LXC container management helpers
SYNOPSIS SYNOPSIS
lxc-helpers [-v|--verbose] [-h|--help] lxc-helpers.sh [-v|--verbose] [-h|--help]
[-o|--os {bookworm|bullseye} (default bookworm)] [-o|--os {bookworm|bullseye} (default bookworm)]
command [arguments] command [arguments]
lxc-helpers.sh [-v|--verbose] [-h|--help]
[-o|--os {bookworm|bullseye} (default bookworm)]
[-c|--config {unprivileged lxc libvirt docker k8s} (default "lxc libvirt docker")]
lxc_container_create [arguments]
DESCRIPTION DESCRIPTION
A thin shell based layer on top of LXC to create, populate, run and A thin shell based layer on top of LXC to create, populate, run and
destroy LXC containers. A container is created from a copy of an destroy LXC containers. A container is created from a copy of an
existing container. existing container.
The LXC network is configured to provide a NAT'ed IP address (IPv4
and IPv6) to each container, in a configurable private range.
CREATE AND DESTROY CREATE AND DESTROY
lxc_prepare_environment lxc_prepare_environment
Install LXC dependencies. Install LXC dependencies.
lxc_template_release lxc_container_create `name`
Echo the name of the container for the Operating System Create the `name` container.
specified with `--os`.
lxc_build_template `existing_container` `new_container`
Copy `existing_container` into `new_container`. If
`existing_container` is equal to $(lxc_template_release) it
will be created on demand.
lxc_container_mount `name` `path` lxc_container_mount `name` `path`
@ -55,25 +56,56 @@ CREATE AND DESTROY
lxc_container_stop `name` lxc_container_stop `name`
Unmount all bind mounted directories and stop the `name` Stop the `name` container.
container.
lxc_container_destroy `name` lxc_container_destroy `name`
Call lxc_container_stop `name` and destroy the container. Call lxc_container_stop `name` and destroy the container.
lxc_template_release
Echo the name of the container for the Operating System
specified with `--os`.
lxc_build_template `existing_container` `new_container`
Copy `existing_container` into `new_container`. If
`existing_container` is equal to $(lxc-helpers.sh lxc_template_release) it
will be created on demand.
CONFIGURATION
The `--config` option provides preset configurations appended to the `/var/lib/lxc/name/config`
file when the container is created with the `lxc_container_create` command. They are required
to run the corresponding subsystem:
* `docker` https://www.docker.com/
* `lxc` https://linuxcontainers.org/lxc/
* `libvirt` https://libvirt.org/
* `k8s` https://kubernetes.io/
* `unprivileged` none of the above
Example: lxc-helpers.sh --config "docker libvirt" lxc_container_create mycontainer
The `unprivileged` configuration does not add anything.
ACTIONS IN THE CONTAINER ACTIONS IN THE CONTAINER
For some command lxc_something `name` that can be called from outside the container For some command lxc_something `name` that can be called from outside the container
there is an equivalent function lxc_something_inside that can be called from inside there is an equivalent function lxc_something_inside that can be called from inside
the container. the container.
lxc_install_lxc `name` `prefix` lxc_install_lxc `name` `prefix` [`prefixv6`]
lxc_install_lxc_inside `prefix` lxc_install_lxc_inside `prefix` [`prefixv6`]
Install LXC in the `name` container to allow the creation of Install LXC in the `name` container to allow the creation of
named containers. `prefix` is a class C IP prefix from which named containers. `prefix` is a class C IP prefix from which
containers will obtain their IP (for instance 10.40.50). containers will obtain their IP (for instance 10.40.50). `prefixv6`
is an optional IPv6 private address prefix that defaults to fc15.
lxc_container_run `name` command [options...]
Run the `command` within the `name` container.
lxc_container_run_script `name` `path` lxc_container_run_script `name` `path`
lxc_container_run_script_as `name` `user` `path` lxc_container_run_script_as `name` `user` `path`
@ -89,13 +121,13 @@ ACTIONS IN THE CONTAINER
granted to `user`. It is made a member of the groups docker, kvm granted to `user`. It is made a member of the groups docker, kvm
and libvirt if they exist already. A SSH key is created. and libvirt if they exist already. A SSH key is created.
Example: lxc_container_user_install mycontainer $(id -u) $(USER) Example: lxc_container_user_install mycontainer $(id -u) $USER
EOF EOF
} }
function main() { function main() {
local options=$(getopt -o hvo --long help,verbose,os: -- "$@") local options=$(getopt -o hvoc --long help,verbose,os:,config: -- "$@")
[ $? -eq 0 ] || { [ $? -eq 0 ] || {
echo "Incorrect options provided" echo "Incorrect options provided"
exit 1 exit 1
@ -113,6 +145,10 @@ function main() {
LXC_CONTAINER_RELEASE=$2 LXC_CONTAINER_RELEASE=$2
shift shift
;; ;;
-c | --config)
LXC_CONTAINER_CONFIG="$2"
shift
;;
--) --)
shift shift
break break