From e7adc00728db535ff05bada15cfa5597b7542623 Mon Sep 17 00:00:00 2001
From: varac <varacanero@zeromail.org>
Date: Sat, 5 Nov 2016 13:16:18 +0100
Subject: First working lxc build

---
 .gitignore        |  2 ++
 README.md         | 13 ++++++++++-
 jessie.json       | 37 +++++++++++++++++++++++++++---
 lxc/debian        | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 scripts/base.sh   | 28 ++++++++++++++---------
 scripts/custom.sh |  2 +-
 6 files changed, 134 insertions(+), 16 deletions(-)
 create mode 100644 lxc/debian

diff --git a/.gitignore b/.gitignore
index f8145a1..0505cea 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,4 @@
 /packer_cache/
 /output-qemu/
+/output-vagrant/
+/output-virtualbox/
diff --git a/README.md b/README.md
index 7c0db34..87d0339 100644
--- a/README.md
+++ b/README.md
@@ -3,11 +3,12 @@
 ## Currently supported
 
 - Debian Jessie
-- qemu and virtualbox
+- qemu, virtualbox and lxc
 
 ## Customization
 
 - puppet, facter are pre-installed
+- Permit root ssh login with password `vagrant`
 
 ## Building locally
 
@@ -15,6 +16,16 @@ This example builds only for the qemu provider.
 
     packer build -only=qemu jessie.json
 
+## LXC
+
+to build a lxc box, install https://github.com/fgrehm/vagrant-lxc first
+
+You need to run packer with sudo:
+
+    sudo -E packer build -only=lxc jessie.json
+
+Cache dir is at `/var/lib/lxc/packer-lxc/rootfs`.
+
 
 ### Issues
 
diff --git a/jessie.json b/jessie.json
index b388f8c..38907f4 100644
--- a/jessie.json
+++ b/jessie.json
@@ -22,8 +22,7 @@
                 "scripts/virtualbox.sh",
                 "scripts/vagrant.sh",
                 "scripts/dep.sh",
-                "scripts/cleanup.sh",
-                "scripts/zerodisk.sh"
+                "scripts/cleanup.sh"
             ],
             "override": {
                 "qemu": {
@@ -33,9 +32,24 @@
                     "execute_command": "echo 'vagrant'|sudo -S bash '{{.Path}}'"
                 }
             }
+        },
+        {
+            "type": "shell",
+            "scripts": [ "scripts/zerodisk.sh" ],
+            "except": ["lxc"]
         }
     ],
     "builders": [
+    {
+      "type": "lxc",
+      "config_file": "lxc/debian",
+      "template_name": "debian",
+      "template_environment_vars": [
+        "MIRROR=http://deb.debian.org/debian/",
+        "SUITE=jessie"
+      ],
+      "target_runlevel": 3
+    },
     {
       "type": "qemu",
       "accelerator": "kvm",
@@ -110,7 +124,24 @@
     "post-processors": [
         [{
             "type": "vagrant",
-            "keep_input_artifact": false
+            "keep_input_artifact": false,
+            "except": ["lxc"]
+        },
+        {
+          "type": "compress",
+          "output": "output-vagrant/jessie64-lxc.box",
+          "only": ["lxc"]
+        },
+        {
+            "type": "atlas",
+            "only": ["lxc"],
+            "artifact": "{{user `atlas_username`}}/{{user `atlas_name`}}",
+            "artifact_type": "vagrant.box",
+            "metadata": {
+                "provider": "lxc",
+                "created_at": "{{timestamp}}",
+                "version": "{{user `boxversion`}}"
+            }
         },
         {
             "type": "atlas",
diff --git a/lxc/debian b/lxc/debian
new file mode 100644
index 0000000..130da18
--- /dev/null
+++ b/lxc/debian
@@ -0,0 +1,68 @@
+# From https://github.com/fgrehm/vagrant-lxc-base-boxes/blob/master/conf/debian
+
+# Default pivot location
+lxc.pivotdir = lxc_putold
+
+# Default mount entries
+lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
+lxc.mount.entry = sysfs sys sysfs defaults 0 0
+
+# Default console settings
+lxc.tty = 4
+lxc.pts = 1024
+
+# Default capabilities
+lxc.cap.drop = sys_module mac_admin mac_override sys_time
+
+# Prevent systemd-journald from burning 100% of CPU
+# See https://wiki.debian.org/LXC#Incompatibility_with_systemd
+lxc.kmsg = 0
+lxc.autodev = 1
+
+# When using LXC with apparmor, the container will be confined by default.
+# If you wish for it to instead run unconfined, copy the following line
+# (uncommented) to the container's configuration file.
+#lxc.aa_profile = unconfined
+
+# To support container nesting on an Ubuntu host while retaining most of
+# apparmor's added security, use the following two lines instead.
+#lxc.aa_profile = lxc-container-default-with-nesting
+#lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups
+
+# If you wish to allow mounting block filesystems, then use the following
+# line instead, and make sure to grant access to the block device and/or loop
+# devices below in lxc.cgroup.devices.allow.
+#lxc.aa_profile = lxc-container-default-with-mounting
+
+# Default cgroup limits
+lxc.cgroup.devices.deny = a
+## Allow any mknod (but not using the node)
+lxc.cgroup.devices.allow = c *:* m
+lxc.cgroup.devices.allow = b *:* m
+## /dev/null and zero
+lxc.cgroup.devices.allow = c 1:3 rwm
+lxc.cgroup.devices.allow = c 1:5 rwm
+## consoles
+lxc.cgroup.devices.allow = c 5:0 rwm
+lxc.cgroup.devices.allow = c 5:1 rwm
+## /dev/{,u}random
+lxc.cgroup.devices.allow = c 1:8 rwm
+lxc.cgroup.devices.allow = c 1:9 rwm
+## /dev/pts/*
+lxc.cgroup.devices.allow = c 5:2 rwm
+lxc.cgroup.devices.allow = c 136:* rwm
+## rtc
+lxc.cgroup.devices.allow = c 254:0 rm
+## fuse
+lxc.cgroup.devices.allow = c 10:229 rwm
+## tun
+lxc.cgroup.devices.allow = c 10:200 rwm
+## full
+lxc.cgroup.devices.allow = c 1:7 rwm
+## hpet
+lxc.cgroup.devices.allow = c 10:228 rwm
+## kvm
+lxc.cgroup.devices.allow = c 10:232 rwm
+## To use loop devices, copy the following line to the container's
+## configuration file (uncommented).
+#lxc.cgroup.devices.allow = b 7:* rwm
diff --git a/scripts/base.sh b/scripts/base.sh
index 08f88ee..946b130 100644
--- a/scripts/base.sh
+++ b/scripts/base.sh
@@ -9,16 +9,22 @@ apt-get -q -y -o \'DPkg::Options::=--force-confold\' dist-upgrade
 # Tweak sshd to prevent DNS resolution (speed up logins)
 echo 'UseDNS no' >> /etc/ssh/sshd_config
 
-# Remove 5s grub timeout to speed up booting
-cat <<EOF > /etc/default/grub
-# If you change this file, run 'update-grub' afterwards to update
-# /boot/grub/grub.cfg.
+# Only update grub when it's installed (lxc won't have it
+if [ -e /usr/sbin/update-grub ]
+then
+  # Remove 5s grub timeout to speed up booting
+  # Heredoc NEEDS to be indented with tabs not spaces
+  # https://unix.stackexchange.com/questions/76481/cant-indent-heredoc-to-match-nestings-indent
+  cat <<-EOF > /etc/default/grub
+		# If you change this file, run 'update-grub' afterwards to update
+		# /boot/grub/grub.cfg.
 
-GRUB_DEFAULT=0
-GRUB_TIMEOUT=0
-GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
-GRUB_CMDLINE_LINUX_DEFAULT="quiet"
-GRUB_CMDLINE_LINUX="debian-installer=en_US"
-EOF
+		GRUB_DEFAULT=0
+		GRUB_TIMEOUT=0
+		GRUB_DISTRIBUTOR=$(lsb_release -i -s 2> /dev/null || echo Debian)
+		GRUB_CMDLINE_LINUX_DEFAULT="quiet"
+		GRUB_CMDLINE_LINUX="debian-installer=en_US"
+		EOF
 
-update-grub
+  update-grub
+fi
diff --git a/scripts/custom.sh b/scripts/custom.sh
index b5ec11b..7a0a54f 100644
--- a/scripts/custom.sh
+++ b/scripts/custom.sh
@@ -5,7 +5,7 @@ sed -i 's/PermitRootLogin without-password/PermitRootLogin yes/' /etc/ssh/sshd_c
 
 # install additional packages
 # openssl is needed to set root pw later
-apt-get -y install puppet lsb-release facter rsync curl openssl bash-completion
+apt-get -y install puppet lsb-release facter rsync curl openssl bash-completion wget
 
 # Set root pw
 usermod -p "$(echo vagrant | openssl passwd -1 -stdin)" root
-- 
cgit v1.2.3