diff options
-rw-r--r-- | .gitignore | 2 | ||||
-rw-r--r-- | README.md | 26 | ||||
-rw-r--r-- | files/leap-archive.gpg | bin | 0 -> 20188 bytes | |||
-rw-r--r-- | files/leap-experimental-archive.gpg | bin | 0 -> 3423 bytes | |||
-rw-r--r-- | http/preseed.cfg | 2 | ||||
-rw-r--r-- | jessie.json | 65 | ||||
-rw-r--r-- | lxc/debian | 68 | ||||
-rw-r--r-- | scripts/base.sh | 41 | ||||
-rw-r--r-- | scripts/cleanup.sh | 4 | ||||
-rw-r--r-- | scripts/custom.sh | 9 | ||||
-rw-r--r-- | scripts/vagrant.sh | 8 | ||||
-rw-r--r-- | scripts/zerodisk.sh | 2 |
12 files changed, 196 insertions, 31 deletions
@@ -1,2 +1,4 @@ /packer_cache/ /output-qemu/ +/output-vagrant/ +/output-virtualbox/ @@ -2,12 +2,13 @@ ## Currently supported -- Debian Jessie (8.2) -- qemu (working) and virtualbox (WIP) +- Debian Jessie +- qemu, virtualbox and lxc ## Customization - puppet, facter are pre-installed +- Permit root ssh login with password `vagrant` ## Building locally @@ -15,6 +16,27 @@ This example builds only for the qemu provider. packer build -only=qemu jessie.json +## Connect to VNC + +While building you can connect to the box using + + vncviewer -Shared localhost:PORT + +just make sure to provide the PORT shown on the console shown like this: + + ==> qemu: Found available VNC port: 5922 + + +## LXC + +To build a lxc box, install https://github.com/fgrehm/vagrant-lxc first + +You need to run packer with sudo: + + sudo -E packer build -only=lxc jessie.json + +Cache dir is at `/var/lib/lxc/packer-lxc/rootfs`. + ### Issues diff --git a/files/leap-archive.gpg b/files/leap-archive.gpg Binary files differnew file mode 100644 index 0000000..dd7f3be --- /dev/null +++ b/files/leap-archive.gpg diff --git a/files/leap-experimental-archive.gpg b/files/leap-experimental-archive.gpg Binary files differnew file mode 100644 index 0000000..5cc9064 --- /dev/null +++ b/files/leap-experimental-archive.gpg diff --git a/http/preseed.cfg b/http/preseed.cfg index 9b76025..1d9322a 100644 --- a/http/preseed.cfg +++ b/http/preseed.cfg @@ -7,7 +7,7 @@ d-i mirror/country string manual # Apt mirror d-i mirror/http/directory string /debian -d-i mirror/http/hostname string httpredir.debian.org +d-i mirror/http/hostname string deb.debian.org # Block some prompts d-i mirror/http/proxy string diff --git a/jessie.json b/jessie.json index 3cc6090..142d503 100644 --- a/jessie.json +++ b/jessie.json @@ -11,10 +11,28 @@ "user": "vagrant", "hostname": "leap-jessie", "domain": "local", - "boxversion": "1.1.0" + "boxversion": "1.2.5" }, "provisioners": [ { + "type": "file", + "source": "files/leap-archive.gpg", + "destination": "/tmp/leap-archive.gpg" + }, + { + "type": "file", + "source": "files/leap-experimental-archive.gpg", + "destination": "/tmp/leap-experimental-archive.gpg" + }, + { + "type": "shell", + "inline": [ + "echo {{user `password`}} | sudo -S cp /tmp/leap-archive.gpg /etc/apt/trusted.gpg.d/leap-archive.gpg", + "sudo cp /tmp/leap-experimental-archive.gpg /etc/apt/trusted.gpg.d/leap-experimental-archive.gpg", + "sudo chown root:root /etc/apt/trusted.gpg.d/leap-archive.gpg /etc/apt/trusted.gpg.d/leap-experimental-archive.gpg" + ] + }, + { "type": "shell", "scripts": [ "scripts/base.sh", @@ -22,8 +40,7 @@ "scripts/virtualbox.sh", "scripts/vagrant.sh", "scripts/dep.sh", - "scripts/cleanup.sh", - "scripts/zerodisk.sh" + "scripts/cleanup.sh" ], "override": { "qemu": { @@ -33,10 +50,25 @@ "execute_command": "echo 'vagrant'|sudo -S bash '{{.Path}}'" } } + }, + { + "type": "shell", + "scripts": [ "scripts/zerodisk.sh" ], + "except": ["lxc"] } ], "builders": [ { + "type": "lxc", + "config_file": "lxc/debian", + "template_name": "debian", + "template_environment_vars": [ + "MIRROR=http://deb.debian.org/debian/", + "SUITE=jessie" + ], + "target_runlevel": 3 + }, + { "type": "qemu", "accelerator": "kvm", "boot_command": [ @@ -61,9 +93,9 @@ "format": "qcow2", "headless": "true", "http_directory": "http", - "iso_checksum": "dd25bcdde3c6ea5703cc0f313cde621b13d42ff7d252e2538a11663c93bf8654", + "iso_checksum": "9479c5c2df72ae3878116c43fb42eefae53d1fe363ce514a6afc8289064b9f5f", "iso_checksum_type": "sha256", - "iso_url": "http://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-8.3.0-amd64-netinst.iso", + "iso_url": "http://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-8.6.0-amd64-netinst.iso", "net_device": "virtio-net", "qemuargs": [ [ "-m", "1024M" ] @@ -95,9 +127,9 @@ "disk_size": "{{ user `disk_size`}}", "guest_os_type": "Debian_64", "http_directory": "http", - "iso_checksum": "dd25bcdde3c6ea5703cc0f313cde621b13d42ff7d252e2538a11663c93bf8654", + "iso_checksum": "9479c5c2df72ae3878116c43fb42eefae53d1fe363ce514a6afc8289064b9f5f", "iso_checksum_type": "sha256", - "iso_url": "http://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-8.3.0-amd64-netinst.iso", + "iso_url": "http://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-8.6.0-amd64-netinst.iso", "ssh_username": "vagrant", "ssh_password": "vagrant", "ssh_port": 22, @@ -110,7 +142,24 @@ "post-processors": [ [{ "type": "vagrant", - "keep_input_artifact": false + "keep_input_artifact": false, + "except": ["lxc"] + }, + { + "type": "compress", + "output": "output-vagrant/jessie64-lxc.box", + "only": ["lxc"] + }, + { + "type": "atlas", + "only": ["lxc"], + "artifact": "{{user `atlas_username`}}/{{user `atlas_name`}}", + "artifact_type": "vagrant.box", + "metadata": { + "provider": "lxc", + "created_at": "{{timestamp}}", + "version": "{{user `boxversion`}}" + } }, { "type": "atlas", diff --git a/lxc/debian b/lxc/debian new file mode 100644 index 0000000..130da18 --- /dev/null +++ b/lxc/debian @@ -0,0 +1,68 @@ +# From https://github.com/fgrehm/vagrant-lxc-base-boxes/blob/master/conf/debian + +# Default pivot location +lxc.pivotdir = lxc_putold + +# Default mount entries +lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0 +lxc.mount.entry = sysfs sys sysfs defaults 0 0 + +# Default console settings +lxc.tty = 4 +lxc.pts = 1024 + +# Default capabilities +lxc.cap.drop = sys_module mac_admin mac_override sys_time + +# Prevent systemd-journald from burning 100% of CPU +# See https://wiki.debian.org/LXC#Incompatibility_with_systemd +lxc.kmsg = 0 +lxc.autodev = 1 + +# When using LXC with apparmor, the container will be confined by default. +# If you wish for it to instead run unconfined, copy the following line +# (uncommented) to the container's configuration file. +#lxc.aa_profile = unconfined + +# To support container nesting on an Ubuntu host while retaining most of +# apparmor's added security, use the following two lines instead. +#lxc.aa_profile = lxc-container-default-with-nesting +#lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups + +# If you wish to allow mounting block filesystems, then use the following +# line instead, and make sure to grant access to the block device and/or loop +# devices below in lxc.cgroup.devices.allow. +#lxc.aa_profile = lxc-container-default-with-mounting + +# Default cgroup limits +lxc.cgroup.devices.deny = a +## Allow any mknod (but not using the node) +lxc.cgroup.devices.allow = c *:* m +lxc.cgroup.devices.allow = b *:* m +## /dev/null and zero +lxc.cgroup.devices.allow = c 1:3 rwm +lxc.cgroup.devices.allow = c 1:5 rwm +## consoles +lxc.cgroup.devices.allow = c 5:0 rwm +lxc.cgroup.devices.allow = c 5:1 rwm +## /dev/{,u}random +lxc.cgroup.devices.allow = c 1:8 rwm +lxc.cgroup.devices.allow = c 1:9 rwm +## /dev/pts/* +lxc.cgroup.devices.allow = c 5:2 rwm +lxc.cgroup.devices.allow = c 136:* rwm +## rtc +lxc.cgroup.devices.allow = c 254:0 rm +## fuse +lxc.cgroup.devices.allow = c 10:229 rwm +## tun +lxc.cgroup.devices.allow = c 10:200 rwm +## full +lxc.cgroup.devices.allow = c 1:7 rwm +## hpet +lxc.cgroup.devices.allow = c 10:228 rwm +## kvm +lxc.cgroup.devices.allow = c 10:232 rwm +## To use loop devices, copy the following line to the container's +## configuration file (uncommented). +#lxc.cgroup.devices.allow = b 7:* rwm diff --git a/scripts/base.sh b/scripts/base.sh index 26ce76d..bc34192 100644 --- a/scripts/base.sh +++ b/scripts/base.sh @@ -1,5 +1,18 @@ #!/bin/bash +# setup locales +echo 'en_US.UTF-8 UTF-8' > /etc/locale.gen +locale-gen en_US.UTF-8 +update-locale LANG=en_US.UTF-8 +export LC_ALL=en_US.UTF-8 + +# Set up apt repos +echo -e "deb http://deb.debian.org/debian/ jessie main\ndeb http://security.debian.org/ jessie/updates main" > /etc/apt/sources.list +echo "deb http://deb.debian.org/debian/ jessie-backports main" > /etc/apt/sources.list.d/backports.list + +# Add LEAP debian repo +echo 'deb http://deb.leap.se/0.9 jessie main' > /etc/apt/sources.list.d/leap.list + # Update the box apt-get -y update >/dev/null apt-get -q -y -o \'DPkg::Options::=--force-confold\' dist-upgrade @@ -7,16 +20,22 @@ apt-get -q -y -o \'DPkg::Options::=--force-confold\' dist-upgrade # Tweak sshd to prevent DNS resolution (speed up logins) echo 'UseDNS no' >> /etc/ssh/sshd_config -# Remove 5s grub timeout to speed up booting -cat <<EOF > /etc/default/grub -# If you change this file, run 'update-grub' afterwards to update -# /boot/grub/grub.cfg. +# Only update grub when it's installed (lxc won't have it +if [ -e /usr/sbin/update-grub ] +then + # Remove 5s grub timeout to speed up booting + # Heredoc NEEDS to be indented with tabs not spaces + # https://unix.stackexchange.com/questions/76481/cant-indent-heredoc-to-match-nestings-indent + cat <<-EOF > /etc/default/grub + # If you change this file, run 'update-grub' afterwards to update + # /boot/grub/grub.cfg. -GRUB_DEFAULT=0 -GRUB_TIMEOUT=0 -GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian` -GRUB_CMDLINE_LINUX_DEFAULT="quiet" -GRUB_CMDLINE_LINUX="debian-installer=en_US" -EOF + GRUB_DEFAULT=0 + GRUB_TIMEOUT=0 + GRUB_DISTRIBUTOR=$(lsb_release -i -s 2> /dev/null || echo Debian) + GRUB_CMDLINE_LINUX_DEFAULT="quiet" + GRUB_CMDLINE_LINUX="debian-installer=en_US" + EOF -update-grub + update-grub +fi diff --git a/scripts/cleanup.sh b/scripts/cleanup.sh index a4aa298..b66075f 100644 --- a/scripts/cleanup.sh +++ b/scripts/cleanup.sh @@ -10,10 +10,10 @@ rm /var/lib/dhcp/* # Make sure Udev doesn't block our network echo "cleaning up udev rules" -rm /etc/udev/rules.d/70-persistent-net.rules +[ -e /etc/udev/rules.d/70-persistent-net.rules ] && rm /etc/udev/rules.d/70-persistent-net.rules mkdir /etc/udev/rules.d/70-persistent-net.rules rm -rf /dev/.udev/ -rm /lib/udev/rules.d/75-persistent-net-generator.rules +[ -e /lib/udev/rules.d/75-persistent-net-generator.rules ] && rm /lib/udev/rules.d/75-persistent-net-generator.rules echo "Adding a 2 sec delay to the interface up, to make the dhclient happy" echo "pre-up sleep 2" >> /etc/network/interfaces diff --git a/scripts/custom.sh b/scripts/custom.sh index a34d1d6..9ed5ceb 100644 --- a/scripts/custom.sh +++ b/scripts/custom.sh @@ -4,10 +4,13 @@ sed -i 's/PermitRootLogin without-password/PermitRootLogin yes/' /etc/ssh/sshd_config # install additional packages -apt-get -y install puppet lsb-release facter rsync curl +# LEAP people like some of these: see also #6898 and https://github.com/leapcode/leap_cli/pull/17 -# LEAP people like this: see also #6898 -apt-get -y install unzip vim tmux ntpdate git rdoc +apt-get -y install leap-archive-keyring puppet lsb-release facter rsync curl bash-completion wget sudo unzip vim tmux ntp git rdoc + +# Don't use client locales +# https://stackoverflow.com/questions/29609371/how-do-not-pass-locale-through-ssh +sed 's/^AcceptEnv.*//' /etc/ssh/sshd_config # Set root pw echo 'root:vagrant' | chpasswd diff --git a/scripts/vagrant.sh b/scripts/vagrant.sh index 900fe9c..4e2a11b 100644 --- a/scripts/vagrant.sh +++ b/scripts/vagrant.sh @@ -6,12 +6,14 @@ date > /etc/vagrant_box_build_time # Installing vagrant key for root -mkdir -pm 700 /root/.ssh -wget --no-check-certificate 'https://raw.github.com/mitchellh/vagrant/master/keys/vagrant.pub' -O /root/.ssh/authorized_keys +mkdir -m 0700 /root/.ssh +chmod 0700 /root /root/.ssh +wget --no-check-certificate 'https://raw.githubusercontent.com/mitchellh/vagrant/master/keys/vagrant.pub' -O /root/.ssh/authorized_keys chmod 0600 /root/.ssh/authorized_keys # Installing vagrant key for vagrant user -cp -a /root/.ssh/ /home/vagrant/ +getent passwd vagrant || useradd -m vagrant -s /bin/bash +cp -a /root/.ssh /home/vagrant/ chown -R vagrant:vagrant /home/vagrant/.ssh # configure password-less sudo diff --git a/scripts/zerodisk.sh b/scripts/zerodisk.sh index 35370d6..530ca4d 100644 --- a/scripts/zerodisk.sh +++ b/scripts/zerodisk.sh @@ -1,7 +1,7 @@ #!/bin/bash # Zero out the free space to save space in the final image: -dd if=/dev/zero of=/EMPTY bs=1M +dd if=/dev/zero of=/tmp/EMPTY bs=1M rm -f /EMPTY # Sync to ensure that the delete completes before this moves on. |