diff options
Diffstat (limited to '')
-rw-r--r-- | share/doc/HOST-SETUP.txt | 26 | ||||
-rwxr-xr-x | share/doc/examples/container-images.sh | 113 | ||||
-rwxr-xr-x | share/hooks/post-start.chown-nvidia.sh | 27 | ||||
-rwxr-xr-x[-rw-r--r--] | share/hooks/pre-start.unlink-console.sh | 25 | ||||
-rwxr-xr-x | share/scripts/curl | 10 |
5 files changed, 185 insertions, 16 deletions
diff --git a/share/doc/HOST-SETUP.txt b/share/doc/HOST-SETUP.txt index e413872..d0a2395 100644 --- a/share/doc/HOST-SETUP.txt +++ b/share/doc/HOST-SETUP.txt @@ -63,7 +63,7 @@ iface lo inet loopback iface eno1 inet manual -allow-hotplug bridge0 +auto bridge0 iface bridge0 inet dhcp bridge_ports eno1 bridge_fd 0 @@ -85,7 +85,7 @@ iface lo inet loopback iface eno1 inet manual -allow-hotplug bridge0 +auto bridge0 iface bridge0 inet static address 10.0.0.2 gateway 10.0.0.1 @@ -115,7 +115,7 @@ iface lo inet loopback allow-hotplug eno1 iface eno1 inet dhcp -allow-hotplug bridge0 +auto bridge0 iface bridge0 inet static address 10.0.0.1 netmask 24 @@ -147,7 +147,7 @@ iface eno2 inet manual iface eno3 inet manual -allow-hotplug bond0 +auto bond0 iface bond0 inet manual up ip link set bond0 up down ip link set bond0 down @@ -164,15 +164,11 @@ iface bond0 inet manual iface bond0.100 inet manual vlan-raw-device bond0 -allow-hotplug br100 -iface br100 inet static +auto bridge-100 +iface bridge-100 inet static address 10.100.0.2 - #gateway 10.100.0.1 netmask 24 - post-up ip route add 10.100.0.0/24 via 10.100.0.1 dev br100 - post-down ip route del 10.100.0.0/24 dev br100 - bridge_ports bond0.100 bridge_fd 0 bridge_maxwait 0 @@ -210,3 +206,13 @@ and a container user. sudo adduser --gecos "compute-tools,,," \ --home /var/lib/open-infrastructure/container-shell \ --shell /usr/bin/container-shell + + +6. IPv4 and IPv6 dual-stack +--------------------------- + +Examples for /etc/network/interfaces above work for IPv6 too when using correct +IPv6 addresses and netmasks. + +In order to use dual-stack, bridges must have a IPv4 address assigned +(can be a dummy one from a privacy range or 127.0.0.0/8). diff --git a/share/doc/examples/container-images.sh b/share/doc/examples/container-images.sh new file mode 100755 index 0000000..8f1a2a3 --- /dev/null +++ b/share/doc/examples/container-images.sh @@ -0,0 +1,113 @@ +#!/bin/sh + +# Copyright (C) 2014-2020 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +# Description: example for automated Debian base system container image creation +# Requires: debootstrap plzip xz-utils +# Usage: sudo ./container-images.sh + +set -e + +ARCHITECTURES="amd64 i386" +DISTRIBUTIONS="jessie stretch buster sid" +MIRROR="https://deb.debian.org/debian" +INCLUDE="dbus" + +KEY="0x55CF1BF986ABB9C7" + +COMPRESSIONS="gz lz xz" + +DATE="$(date +%Y%m%d)" + +for DISTRIBUTION in ${DISTRIBUTIONS} +do + for ARCHITECTURE in ${ARCHITECTURES} + do + TITLE="Debian ${DISTRIBUTION} ${DATE}/${ARCHITECTURE}" + SYSTEM="debian-${DISTRIBUTION}-${DATE}_${ARCHITECTURE}" + + sudo debootstrap --arch=${ARCHITECTURE} --include=${INCLUDE} ${DISTRIBUTION} ${SYSTEM} ${MIRROR} + sudo chroot "${SYSTEM}" apt-get clean + + VERSION="$(cat ${SYSTEM}/etc/debian_version)" + + case "${VERSION}" in + [0-9]*) + TITLE="Debian ${VERSION} (${DISTRIBUTION}) ${DATE}/${ARCHITECTURE}" + SYSTEM="debian-${VERSION}-${DATE}_${ARCHITECTURE}" + + sudo mv "debian-${DISTRIBUTION}-${DATE}_${ARCHITECTURE}" "${SYSTEM}" + ;; + esac + + sudo rm -f "${SYSTEM}/etc/apt/apt.conf.d/01autoremove-kernels" + sudo rm -f "${SYSTEM}/etc/hostname" + sudo rm -f "${SYSTEM}/etc/machine-id" + sudo rm -f "${SYSTEM}/etc/resolv.conf" + sudo rm -f "${SYSTEM}/var/lib/systemd/catalog/database" + + for COMPRESSION in ${COMPRESSIONS} + do + case "${COMPRESSION}" in + gz) + TAR_OPTIONS="--gzip" + ;; + + lz) + TAR_OPTIONS="--lzip" + ;; + + xz) + TAR_OPTIONS="--xz" + ;; + esac + + echo "Creating ${SYSTEM}.system.tar.${COMPRESSION}" + sudo tar ${TAR_OPTIONS} -cf "${SYSTEM}.system.tar.${COMPRESSION}" "${SYSTEM}" + + echo "Creating ${SYSTEM}.system.tar.${COMPRESSION}.sha512" + sha512sum "${SYSTEM}.system.tar.${COMPRESSION}" > "${SYSTEM}.system.tar.${COMPRESSION}.sha512" + + if [ -n "${KEY}" ] + then + echo "Creating ${SYSTEM}.system.tar.${COMPRESSION}.sign" + gpg -a -b --default-key ${KEY} ${SYSTEM}.system.tar.${COMPRESSION} + mv "${SYSTEM}.system.tar.${COMPRESSION}.asc" "${SYSTEM}.system.tar.${COMPRESSION}.sign" + fi + + echo "Creating ${SYSTEM}.system.tar.${COMPRESSION} symlink" + ln -sf "${SYSTEM}.system.tar.${COMPRESSION}" "$(echo ${SYSTEM}.system.tar.${COMPRESSION} | sed -e "s|${DATE}|current|")" + + echo "Creating ${SYSTEM}.system.tar.${COMPRESSION}.sha512 copy" + sed -e "s|${DATE}|current|" "${SYSTEM}.system.tar.${COMPRESSION}.sha512" > "$(echo ${SYSTEM}.system.tar.${COMPRESSION}.sha512 | sed -e "s|${DATE}|current|")" + + if [ -e "${SYSTEM}.system.tar.${COMPRESSION}.sign" ] + then + echo "Creating ${SYSTEM}.system.tar.${COMPRESSION}.sign copy" + cp "${SYSTEM}.system.tar.${COMPRESSION}.sign" "$(echo ${SYSTEM}.system.tar.${COMPRESSION}.sign | sed -e "s|${DATE}|current|")" + fi + done + + sudo rm -rf "${SYSTEM}" + +cat >> container-list.txt << EOF +${SYSTEM}.system.tar | ${TITLE} +EOF + + done +done diff --git a/share/hooks/post-start.chown-nvidia.sh b/share/hooks/post-start.chown-nvidia.sh new file mode 100755 index 0000000..4dbc247 --- /dev/null +++ b/share/hooks/post-start.chown-nvidia.sh @@ -0,0 +1,27 @@ +#!/bin/sh + +# Copyright (C) 2014-2020 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +set -e + +CONTAINER="/var/lib/machines" + +if grep -qs nvidia "${CONTAINER}/${NAME}/etc/group" +then + chroot "${CONTAINER}/${NAME}" chown root:nvidia "/dev/nvidia*" +fi diff --git a/share/hooks/pre-start.unlink-console.sh b/share/hooks/pre-start.unlink-console.sh index 762ab0e..566a4de 100644..100755 --- a/share/hooks/pre-start.unlink-console.sh +++ b/share/hooks/pre-start.unlink-console.sh @@ -1,8 +1,31 @@ #!/bin/sh +# Copyright (C) 2014-2020 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + set -e -if grep -qs 'bind=.*/dev:/dev;' "/etc/open-infrastructure/container/config/${NAME}.conf" +PROJECT="open-infrastructure" +PROGRAM="container" + +CONFIG="/etc/${PROJECT}/${PROGRAM}/config" + +# Run +if grep -qs 'bind=.*/dev:/dev;' "${CONFIG}/${NAME}.conf" then unlink /dev/console > /dev/null 2>&1 || true fi diff --git a/share/scripts/curl b/share/scripts/curl index ddc624d..b756c48 100755 --- a/share/scripts/curl +++ b/share/scripts/curl @@ -298,14 +298,14 @@ mkdir -p "${CACHE}" SETUP="${SETUP:-$(echo ${SYSTEM} | sed -e 's|.system.tar.|.setup.tar.|')}" -for FILE in "${SYSTEM}" "${SYSTEM}.gpg" "${SYSTEM}.sha512" \ - "${SETUP}" "${SETUP}.gpg" "${SETUP}.sha512" +for FILE in "${SYSTEM}" "${SYSTEM}.sign" "${SYSTEM}.sha512" \ + "${SETUP}" "${SETUP}.sign" "${SETUP}.sha512" do if curl --fail --head --output /dev/null --silent "${SERVER}/${FILE}" then case "${FILE}" in *.sha512) - if [ -e "${CACHE}/$(basename ${FILE} .sha512).gpg" ] + if [ -e "${CACHE}/$(basename ${FILE} .sha512).sign" ] then continue fi @@ -334,12 +334,12 @@ do continue fi - if [ -e "${FILE}.gpg" ] + if [ -e "${FILE}.sign" ] then echo -n "Verifying ${FILE}:" set +e - gpg --homedir "${KEYS}" --verify "${FILE}.gpg" "${FILE}" > /dev/null 2>&1 + gpg --homedir "${KEYS}" --verify "${FILE}.sign" "${FILE}" > /dev/null 2>&1 GNUPG="${?}" set -e |