summaryrefslogtreecommitdiffstats
path: root/share
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--share/doc/HOST-SETUP.txt26
-rwxr-xr-xshare/doc/examples/container-images.sh113
-rwxr-xr-xshare/hooks/post-start.chown-nvidia.sh27
-rwxr-xr-x[-rw-r--r--]share/hooks/pre-start.unlink-console.sh25
-rwxr-xr-xshare/scripts/curl10
5 files changed, 185 insertions, 16 deletions
diff --git a/share/doc/HOST-SETUP.txt b/share/doc/HOST-SETUP.txt
index e413872..d0a2395 100644
--- a/share/doc/HOST-SETUP.txt
+++ b/share/doc/HOST-SETUP.txt
@@ -63,7 +63,7 @@ iface lo inet loopback
iface eno1 inet manual
-allow-hotplug bridge0
+auto bridge0
iface bridge0 inet dhcp
bridge_ports eno1
bridge_fd 0
@@ -85,7 +85,7 @@ iface lo inet loopback
iface eno1 inet manual
-allow-hotplug bridge0
+auto bridge0
iface bridge0 inet static
address 10.0.0.2
gateway 10.0.0.1
@@ -115,7 +115,7 @@ iface lo inet loopback
allow-hotplug eno1
iface eno1 inet dhcp
-allow-hotplug bridge0
+auto bridge0
iface bridge0 inet static
address 10.0.0.1
netmask 24
@@ -147,7 +147,7 @@ iface eno2 inet manual
iface eno3 inet manual
-allow-hotplug bond0
+auto bond0
iface bond0 inet manual
up ip link set bond0 up
down ip link set bond0 down
@@ -164,15 +164,11 @@ iface bond0 inet manual
iface bond0.100 inet manual
vlan-raw-device bond0
-allow-hotplug br100
-iface br100 inet static
+auto bridge-100
+iface bridge-100 inet static
address 10.100.0.2
- #gateway 10.100.0.1
netmask 24
- post-up ip route add 10.100.0.0/24 via 10.100.0.1 dev br100
- post-down ip route del 10.100.0.0/24 dev br100
-
bridge_ports bond0.100
bridge_fd 0
bridge_maxwait 0
@@ -210,3 +206,13 @@ and a container user.
sudo adduser --gecos "compute-tools,,," \
--home /var/lib/open-infrastructure/container-shell \
--shell /usr/bin/container-shell
+
+
+6. IPv4 and IPv6 dual-stack
+---------------------------
+
+Examples for /etc/network/interfaces above work for IPv6 too when using correct
+IPv6 addresses and netmasks.
+
+In order to use dual-stack, bridges must have a IPv4 address assigned
+(can be a dummy one from a privacy range or 127.0.0.0/8).
diff --git a/share/doc/examples/container-images.sh b/share/doc/examples/container-images.sh
new file mode 100755
index 0000000..8f1a2a3
--- /dev/null
+++ b/share/doc/examples/container-images.sh
@@ -0,0 +1,113 @@
+#!/bin/sh
+
+# Copyright (C) 2014-2020 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+#
+# SPDX-License-Identifier: GPL-3.0+
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# Description: example for automated Debian base system container image creation
+# Requires: debootstrap plzip xz-utils
+# Usage: sudo ./container-images.sh
+
+set -e
+
+ARCHITECTURES="amd64 i386"
+DISTRIBUTIONS="jessie stretch buster sid"
+MIRROR="https://deb.debian.org/debian"
+INCLUDE="dbus"
+
+KEY="0x55CF1BF986ABB9C7"
+
+COMPRESSIONS="gz lz xz"
+
+DATE="$(date +%Y%m%d)"
+
+for DISTRIBUTION in ${DISTRIBUTIONS}
+do
+ for ARCHITECTURE in ${ARCHITECTURES}
+ do
+ TITLE="Debian ${DISTRIBUTION} ${DATE}/${ARCHITECTURE}"
+ SYSTEM="debian-${DISTRIBUTION}-${DATE}_${ARCHITECTURE}"
+
+ sudo debootstrap --arch=${ARCHITECTURE} --include=${INCLUDE} ${DISTRIBUTION} ${SYSTEM} ${MIRROR}
+ sudo chroot "${SYSTEM}" apt-get clean
+
+ VERSION="$(cat ${SYSTEM}/etc/debian_version)"
+
+ case "${VERSION}" in
+ [0-9]*)
+ TITLE="Debian ${VERSION} (${DISTRIBUTION}) ${DATE}/${ARCHITECTURE}"
+ SYSTEM="debian-${VERSION}-${DATE}_${ARCHITECTURE}"
+
+ sudo mv "debian-${DISTRIBUTION}-${DATE}_${ARCHITECTURE}" "${SYSTEM}"
+ ;;
+ esac
+
+ sudo rm -f "${SYSTEM}/etc/apt/apt.conf.d/01autoremove-kernels"
+ sudo rm -f "${SYSTEM}/etc/hostname"
+ sudo rm -f "${SYSTEM}/etc/machine-id"
+ sudo rm -f "${SYSTEM}/etc/resolv.conf"
+ sudo rm -f "${SYSTEM}/var/lib/systemd/catalog/database"
+
+ for COMPRESSION in ${COMPRESSIONS}
+ do
+ case "${COMPRESSION}" in
+ gz)
+ TAR_OPTIONS="--gzip"
+ ;;
+
+ lz)
+ TAR_OPTIONS="--lzip"
+ ;;
+
+ xz)
+ TAR_OPTIONS="--xz"
+ ;;
+ esac
+
+ echo "Creating ${SYSTEM}.system.tar.${COMPRESSION}"
+ sudo tar ${TAR_OPTIONS} -cf "${SYSTEM}.system.tar.${COMPRESSION}" "${SYSTEM}"
+
+ echo "Creating ${SYSTEM}.system.tar.${COMPRESSION}.sha512"
+ sha512sum "${SYSTEM}.system.tar.${COMPRESSION}" > "${SYSTEM}.system.tar.${COMPRESSION}.sha512"
+
+ if [ -n "${KEY}" ]
+ then
+ echo "Creating ${SYSTEM}.system.tar.${COMPRESSION}.sign"
+ gpg -a -b --default-key ${KEY} ${SYSTEM}.system.tar.${COMPRESSION}
+ mv "${SYSTEM}.system.tar.${COMPRESSION}.asc" "${SYSTEM}.system.tar.${COMPRESSION}.sign"
+ fi
+
+ echo "Creating ${SYSTEM}.system.tar.${COMPRESSION} symlink"
+ ln -sf "${SYSTEM}.system.tar.${COMPRESSION}" "$(echo ${SYSTEM}.system.tar.${COMPRESSION} | sed -e "s|${DATE}|current|")"
+
+ echo "Creating ${SYSTEM}.system.tar.${COMPRESSION}.sha512 copy"
+ sed -e "s|${DATE}|current|" "${SYSTEM}.system.tar.${COMPRESSION}.sha512" > "$(echo ${SYSTEM}.system.tar.${COMPRESSION}.sha512 | sed -e "s|${DATE}|current|")"
+
+ if [ -e "${SYSTEM}.system.tar.${COMPRESSION}.sign" ]
+ then
+ echo "Creating ${SYSTEM}.system.tar.${COMPRESSION}.sign copy"
+ cp "${SYSTEM}.system.tar.${COMPRESSION}.sign" "$(echo ${SYSTEM}.system.tar.${COMPRESSION}.sign | sed -e "s|${DATE}|current|")"
+ fi
+ done
+
+ sudo rm -rf "${SYSTEM}"
+
+cat >> container-list.txt << EOF
+${SYSTEM}.system.tar | ${TITLE}
+EOF
+
+ done
+done
diff --git a/share/hooks/post-start.chown-nvidia.sh b/share/hooks/post-start.chown-nvidia.sh
new file mode 100755
index 0000000..4dbc247
--- /dev/null
+++ b/share/hooks/post-start.chown-nvidia.sh
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+# Copyright (C) 2014-2020 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+#
+# SPDX-License-Identifier: GPL-3.0+
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+set -e
+
+CONTAINER="/var/lib/machines"
+
+if grep -qs nvidia "${CONTAINER}/${NAME}/etc/group"
+then
+ chroot "${CONTAINER}/${NAME}" chown root:nvidia "/dev/nvidia*"
+fi
diff --git a/share/hooks/pre-start.unlink-console.sh b/share/hooks/pre-start.unlink-console.sh
index 762ab0e..566a4de 100644..100755
--- a/share/hooks/pre-start.unlink-console.sh
+++ b/share/hooks/pre-start.unlink-console.sh
@@ -1,8 +1,31 @@
#!/bin/sh
+# Copyright (C) 2014-2020 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+#
+# SPDX-License-Identifier: GPL-3.0+
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
set -e
-if grep -qs 'bind=.*/dev:/dev;' "/etc/open-infrastructure/container/config/${NAME}.conf"
+PROJECT="open-infrastructure"
+PROGRAM="container"
+
+CONFIG="/etc/${PROJECT}/${PROGRAM}/config"
+
+# Run
+if grep -qs 'bind=.*/dev:/dev;' "${CONFIG}/${NAME}.conf"
then
unlink /dev/console > /dev/null 2>&1 || true
fi
diff --git a/share/scripts/curl b/share/scripts/curl
index ddc624d..b756c48 100755
--- a/share/scripts/curl
+++ b/share/scripts/curl
@@ -298,14 +298,14 @@ mkdir -p "${CACHE}"
SETUP="${SETUP:-$(echo ${SYSTEM} | sed -e 's|.system.tar.|.setup.tar.|')}"
-for FILE in "${SYSTEM}" "${SYSTEM}.gpg" "${SYSTEM}.sha512" \
- "${SETUP}" "${SETUP}.gpg" "${SETUP}.sha512"
+for FILE in "${SYSTEM}" "${SYSTEM}.sign" "${SYSTEM}.sha512" \
+ "${SETUP}" "${SETUP}.sign" "${SETUP}.sha512"
do
if curl --fail --head --output /dev/null --silent "${SERVER}/${FILE}"
then
case "${FILE}" in
*.sha512)
- if [ -e "${CACHE}/$(basename ${FILE} .sha512).gpg" ]
+ if [ -e "${CACHE}/$(basename ${FILE} .sha512).sign" ]
then
continue
fi
@@ -334,12 +334,12 @@ do
continue
fi
- if [ -e "${FILE}.gpg" ]
+ if [ -e "${FILE}.sign" ]
then
echo -n "Verifying ${FILE}:"
set +e
- gpg --homedir "${KEYS}" --verify "${FILE}.gpg" "${FILE}" > /dev/null 2>&1
+ gpg --homedir "${KEYS}" --verify "${FILE}.sign" "${FILE}" > /dev/null 2>&1
GNUPG="${?}"
set -e