summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitignore2
-rw-r--r--README.md26
-rw-r--r--files/leap-archive.gpgbin0 -> 20188 bytes
-rw-r--r--files/leap-experimental-archive.gpgbin0 -> 3423 bytes
-rw-r--r--http/preseed.cfg2
-rw-r--r--jessie.json65
-rw-r--r--lxc/debian68
-rw-r--r--scripts/base.sh41
-rw-r--r--scripts/cleanup.sh4
-rw-r--r--scripts/custom.sh9
-rw-r--r--scripts/vagrant.sh8
-rw-r--r--scripts/zerodisk.sh2
12 files changed, 196 insertions, 31 deletions
diff --git a/.gitignore b/.gitignore
index f8145a1..0505cea 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,4 @@
/packer_cache/
/output-qemu/
+/output-vagrant/
+/output-virtualbox/
diff --git a/README.md b/README.md
index 19e54ce..8743830 100644
--- a/README.md
+++ b/README.md
@@ -2,12 +2,13 @@
## Currently supported
-- Debian Jessie (8.2)
-- qemu (working) and virtualbox (WIP)
+- Debian Jessie
+- qemu, virtualbox and lxc
## Customization
- puppet, facter are pre-installed
+- Permit root ssh login with password `vagrant`
## Building locally
@@ -15,6 +16,27 @@ This example builds only for the qemu provider.
packer build -only=qemu jessie.json
+## Connect to VNC
+
+While building you can connect to the box using
+
+ vncviewer -Shared localhost:PORT
+
+just make sure to provide the PORT shown on the console shown like this:
+
+ ==> qemu: Found available VNC port: 5922
+
+
+## LXC
+
+To build a lxc box, install https://github.com/fgrehm/vagrant-lxc first
+
+You need to run packer with sudo:
+
+ sudo -E packer build -only=lxc jessie.json
+
+Cache dir is at `/var/lib/lxc/packer-lxc/rootfs`.
+
### Issues
diff --git a/files/leap-archive.gpg b/files/leap-archive.gpg
new file mode 100644
index 0000000..dd7f3be
--- /dev/null
+++ b/files/leap-archive.gpg
Binary files differ
diff --git a/files/leap-experimental-archive.gpg b/files/leap-experimental-archive.gpg
new file mode 100644
index 0000000..5cc9064
--- /dev/null
+++ b/files/leap-experimental-archive.gpg
Binary files differ
diff --git a/http/preseed.cfg b/http/preseed.cfg
index 9b76025..1d9322a 100644
--- a/http/preseed.cfg
+++ b/http/preseed.cfg
@@ -7,7 +7,7 @@ d-i mirror/country string manual
# Apt mirror
d-i mirror/http/directory string /debian
-d-i mirror/http/hostname string httpredir.debian.org
+d-i mirror/http/hostname string deb.debian.org
# Block some prompts
d-i mirror/http/proxy string
diff --git a/jessie.json b/jessie.json
index 3cc6090..142d503 100644
--- a/jessie.json
+++ b/jessie.json
@@ -11,10 +11,28 @@
"user": "vagrant",
"hostname": "leap-jessie",
"domain": "local",
- "boxversion": "1.1.0"
+ "boxversion": "1.2.5"
},
"provisioners": [
{
+ "type": "file",
+ "source": "files/leap-archive.gpg",
+ "destination": "/tmp/leap-archive.gpg"
+ },
+ {
+ "type": "file",
+ "source": "files/leap-experimental-archive.gpg",
+ "destination": "/tmp/leap-experimental-archive.gpg"
+ },
+ {
+ "type": "shell",
+ "inline": [
+ "echo {{user `password`}} | sudo -S cp /tmp/leap-archive.gpg /etc/apt/trusted.gpg.d/leap-archive.gpg",
+ "sudo cp /tmp/leap-experimental-archive.gpg /etc/apt/trusted.gpg.d/leap-experimental-archive.gpg",
+ "sudo chown root:root /etc/apt/trusted.gpg.d/leap-archive.gpg /etc/apt/trusted.gpg.d/leap-experimental-archive.gpg"
+ ]
+ },
+ {
"type": "shell",
"scripts": [
"scripts/base.sh",
@@ -22,8 +40,7 @@
"scripts/virtualbox.sh",
"scripts/vagrant.sh",
"scripts/dep.sh",
- "scripts/cleanup.sh",
- "scripts/zerodisk.sh"
+ "scripts/cleanup.sh"
],
"override": {
"qemu": {
@@ -33,10 +50,25 @@
"execute_command": "echo 'vagrant'|sudo -S bash '{{.Path}}'"
}
}
+ },
+ {
+ "type": "shell",
+ "scripts": [ "scripts/zerodisk.sh" ],
+ "except": ["lxc"]
}
],
"builders": [
{
+ "type": "lxc",
+ "config_file": "lxc/debian",
+ "template_name": "debian",
+ "template_environment_vars": [
+ "MIRROR=http://deb.debian.org/debian/",
+ "SUITE=jessie"
+ ],
+ "target_runlevel": 3
+ },
+ {
"type": "qemu",
"accelerator": "kvm",
"boot_command": [
@@ -61,9 +93,9 @@
"format": "qcow2",
"headless": "true",
"http_directory": "http",
- "iso_checksum": "dd25bcdde3c6ea5703cc0f313cde621b13d42ff7d252e2538a11663c93bf8654",
+ "iso_checksum": "9479c5c2df72ae3878116c43fb42eefae53d1fe363ce514a6afc8289064b9f5f",
"iso_checksum_type": "sha256",
- "iso_url": "http://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-8.3.0-amd64-netinst.iso",
+ "iso_url": "http://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-8.6.0-amd64-netinst.iso",
"net_device": "virtio-net",
"qemuargs": [
[ "-m", "1024M" ]
@@ -95,9 +127,9 @@
"disk_size": "{{ user `disk_size`}}",
"guest_os_type": "Debian_64",
"http_directory": "http",
- "iso_checksum": "dd25bcdde3c6ea5703cc0f313cde621b13d42ff7d252e2538a11663c93bf8654",
+ "iso_checksum": "9479c5c2df72ae3878116c43fb42eefae53d1fe363ce514a6afc8289064b9f5f",
"iso_checksum_type": "sha256",
- "iso_url": "http://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-8.3.0-amd64-netinst.iso",
+ "iso_url": "http://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-8.6.0-amd64-netinst.iso",
"ssh_username": "vagrant",
"ssh_password": "vagrant",
"ssh_port": 22,
@@ -110,7 +142,24 @@
"post-processors": [
[{
"type": "vagrant",
- "keep_input_artifact": false
+ "keep_input_artifact": false,
+ "except": ["lxc"]
+ },
+ {
+ "type": "compress",
+ "output": "output-vagrant/jessie64-lxc.box",
+ "only": ["lxc"]
+ },
+ {
+ "type": "atlas",
+ "only": ["lxc"],
+ "artifact": "{{user `atlas_username`}}/{{user `atlas_name`}}",
+ "artifact_type": "vagrant.box",
+ "metadata": {
+ "provider": "lxc",
+ "created_at": "{{timestamp}}",
+ "version": "{{user `boxversion`}}"
+ }
},
{
"type": "atlas",
diff --git a/lxc/debian b/lxc/debian
new file mode 100644
index 0000000..130da18
--- /dev/null
+++ b/lxc/debian
@@ -0,0 +1,68 @@
+# From https://github.com/fgrehm/vagrant-lxc-base-boxes/blob/master/conf/debian
+
+# Default pivot location
+lxc.pivotdir = lxc_putold
+
+# Default mount entries
+lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
+lxc.mount.entry = sysfs sys sysfs defaults 0 0
+
+# Default console settings
+lxc.tty = 4
+lxc.pts = 1024
+
+# Default capabilities
+lxc.cap.drop = sys_module mac_admin mac_override sys_time
+
+# Prevent systemd-journald from burning 100% of CPU
+# See https://wiki.debian.org/LXC#Incompatibility_with_systemd
+lxc.kmsg = 0
+lxc.autodev = 1
+
+# When using LXC with apparmor, the container will be confined by default.
+# If you wish for it to instead run unconfined, copy the following line
+# (uncommented) to the container's configuration file.
+#lxc.aa_profile = unconfined
+
+# To support container nesting on an Ubuntu host while retaining most of
+# apparmor's added security, use the following two lines instead.
+#lxc.aa_profile = lxc-container-default-with-nesting
+#lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups
+
+# If you wish to allow mounting block filesystems, then use the following
+# line instead, and make sure to grant access to the block device and/or loop
+# devices below in lxc.cgroup.devices.allow.
+#lxc.aa_profile = lxc-container-default-with-mounting
+
+# Default cgroup limits
+lxc.cgroup.devices.deny = a
+## Allow any mknod (but not using the node)
+lxc.cgroup.devices.allow = c *:* m
+lxc.cgroup.devices.allow = b *:* m
+## /dev/null and zero
+lxc.cgroup.devices.allow = c 1:3 rwm
+lxc.cgroup.devices.allow = c 1:5 rwm
+## consoles
+lxc.cgroup.devices.allow = c 5:0 rwm
+lxc.cgroup.devices.allow = c 5:1 rwm
+## /dev/{,u}random
+lxc.cgroup.devices.allow = c 1:8 rwm
+lxc.cgroup.devices.allow = c 1:9 rwm
+## /dev/pts/*
+lxc.cgroup.devices.allow = c 5:2 rwm
+lxc.cgroup.devices.allow = c 136:* rwm
+## rtc
+lxc.cgroup.devices.allow = c 254:0 rm
+## fuse
+lxc.cgroup.devices.allow = c 10:229 rwm
+## tun
+lxc.cgroup.devices.allow = c 10:200 rwm
+## full
+lxc.cgroup.devices.allow = c 1:7 rwm
+## hpet
+lxc.cgroup.devices.allow = c 10:228 rwm
+## kvm
+lxc.cgroup.devices.allow = c 10:232 rwm
+## To use loop devices, copy the following line to the container's
+## configuration file (uncommented).
+#lxc.cgroup.devices.allow = b 7:* rwm
diff --git a/scripts/base.sh b/scripts/base.sh
index 26ce76d..bc34192 100644
--- a/scripts/base.sh
+++ b/scripts/base.sh
@@ -1,5 +1,18 @@
#!/bin/bash
+# setup locales
+echo 'en_US.UTF-8 UTF-8' > /etc/locale.gen
+locale-gen en_US.UTF-8
+update-locale LANG=en_US.UTF-8
+export LC_ALL=en_US.UTF-8
+
+# Set up apt repos
+echo -e "deb http://deb.debian.org/debian/ jessie main\ndeb http://security.debian.org/ jessie/updates main" > /etc/apt/sources.list
+echo "deb http://deb.debian.org/debian/ jessie-backports main" > /etc/apt/sources.list.d/backports.list
+
+# Add LEAP debian repo
+echo 'deb http://deb.leap.se/0.9 jessie main' > /etc/apt/sources.list.d/leap.list
+
# Update the box
apt-get -y update >/dev/null
apt-get -q -y -o \'DPkg::Options::=--force-confold\' dist-upgrade
@@ -7,16 +20,22 @@ apt-get -q -y -o \'DPkg::Options::=--force-confold\' dist-upgrade
# Tweak sshd to prevent DNS resolution (speed up logins)
echo 'UseDNS no' >> /etc/ssh/sshd_config
-# Remove 5s grub timeout to speed up booting
-cat <<EOF > /etc/default/grub
-# If you change this file, run 'update-grub' afterwards to update
-# /boot/grub/grub.cfg.
+# Only update grub when it's installed (lxc won't have it
+if [ -e /usr/sbin/update-grub ]
+then
+ # Remove 5s grub timeout to speed up booting
+ # Heredoc NEEDS to be indented with tabs not spaces
+ # https://unix.stackexchange.com/questions/76481/cant-indent-heredoc-to-match-nestings-indent
+ cat <<-EOF > /etc/default/grub
+ # If you change this file, run 'update-grub' afterwards to update
+ # /boot/grub/grub.cfg.
-GRUB_DEFAULT=0
-GRUB_TIMEOUT=0
-GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
-GRUB_CMDLINE_LINUX_DEFAULT="quiet"
-GRUB_CMDLINE_LINUX="debian-installer=en_US"
-EOF
+ GRUB_DEFAULT=0
+ GRUB_TIMEOUT=0
+ GRUB_DISTRIBUTOR=$(lsb_release -i -s 2> /dev/null || echo Debian)
+ GRUB_CMDLINE_LINUX_DEFAULT="quiet"
+ GRUB_CMDLINE_LINUX="debian-installer=en_US"
+ EOF
-update-grub
+ update-grub
+fi
diff --git a/scripts/cleanup.sh b/scripts/cleanup.sh
index a4aa298..b66075f 100644
--- a/scripts/cleanup.sh
+++ b/scripts/cleanup.sh
@@ -10,10 +10,10 @@ rm /var/lib/dhcp/*
# Make sure Udev doesn't block our network
echo "cleaning up udev rules"
-rm /etc/udev/rules.d/70-persistent-net.rules
+[ -e /etc/udev/rules.d/70-persistent-net.rules ] && rm /etc/udev/rules.d/70-persistent-net.rules
mkdir /etc/udev/rules.d/70-persistent-net.rules
rm -rf /dev/.udev/
-rm /lib/udev/rules.d/75-persistent-net-generator.rules
+[ -e /lib/udev/rules.d/75-persistent-net-generator.rules ] && rm /lib/udev/rules.d/75-persistent-net-generator.rules
echo "Adding a 2 sec delay to the interface up, to make the dhclient happy"
echo "pre-up sleep 2" >> /etc/network/interfaces
diff --git a/scripts/custom.sh b/scripts/custom.sh
index a34d1d6..9ed5ceb 100644
--- a/scripts/custom.sh
+++ b/scripts/custom.sh
@@ -4,10 +4,13 @@
sed -i 's/PermitRootLogin without-password/PermitRootLogin yes/' /etc/ssh/sshd_config
# install additional packages
-apt-get -y install puppet lsb-release facter rsync curl
+# LEAP people like some of these: see also #6898 and https://github.com/leapcode/leap_cli/pull/17
-# LEAP people like this: see also #6898
-apt-get -y install unzip vim tmux ntpdate git rdoc
+apt-get -y install leap-archive-keyring puppet lsb-release facter rsync curl bash-completion wget sudo unzip vim tmux ntp git rdoc
+
+# Don't use client locales
+# https://stackoverflow.com/questions/29609371/how-do-not-pass-locale-through-ssh
+sed 's/^AcceptEnv.*//' /etc/ssh/sshd_config
# Set root pw
echo 'root:vagrant' | chpasswd
diff --git a/scripts/vagrant.sh b/scripts/vagrant.sh
index 900fe9c..4e2a11b 100644
--- a/scripts/vagrant.sh
+++ b/scripts/vagrant.sh
@@ -6,12 +6,14 @@
date > /etc/vagrant_box_build_time
# Installing vagrant key for root
-mkdir -pm 700 /root/.ssh
-wget --no-check-certificate 'https://raw.github.com/mitchellh/vagrant/master/keys/vagrant.pub' -O /root/.ssh/authorized_keys
+mkdir -m 0700 /root/.ssh
+chmod 0700 /root /root/.ssh
+wget --no-check-certificate 'https://raw.githubusercontent.com/mitchellh/vagrant/master/keys/vagrant.pub' -O /root/.ssh/authorized_keys
chmod 0600 /root/.ssh/authorized_keys
# Installing vagrant key for vagrant user
-cp -a /root/.ssh/ /home/vagrant/
+getent passwd vagrant || useradd -m vagrant -s /bin/bash
+cp -a /root/.ssh /home/vagrant/
chown -R vagrant:vagrant /home/vagrant/.ssh
# configure password-less sudo
diff --git a/scripts/zerodisk.sh b/scripts/zerodisk.sh
index 35370d6..530ca4d 100644
--- a/scripts/zerodisk.sh
+++ b/scripts/zerodisk.sh
@@ -1,7 +1,7 @@
#!/bin/bash
# Zero out the free space to save space in the final image:
-dd if=/dev/zero of=/EMPTY bs=1M
+dd if=/dev/zero of=/tmp/EMPTY bs=1M
rm -f /EMPTY
# Sync to ensure that the delete completes before this moves on.