From 93d59c3176876b0990b27375458cf6518459bb07 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 23 Feb 2019 16:36:10 +0100 Subject: Merging upstream version 20190222. Signed-off-by: Daniel Baumann --- share/doc/HOST-SETUP.txt | 39 ++++++++++++----- share/doc/asciicast/introduction.sh | 13 +++--- share/doc/examples/buster.cfg | 35 +++++++++++++++ share/doc/examples/container-images.sh | 4 +- share/doc/examples/dschinn-backports.cfg | 72 ------------------------------- share/doc/examples/engywuck-backports.cfg | 70 ++++++++++++++++++++++++++++++ share/doc/examples/stretch.cfg | 37 ---------------- 7 files changed, 141 insertions(+), 129 deletions(-) create mode 100644 share/doc/examples/buster.cfg delete mode 100644 share/doc/examples/dschinn-backports.cfg create mode 100644 share/doc/examples/engywuck-backports.cfg delete mode 100644 share/doc/examples/stretch.cfg (limited to 'share/doc') diff --git a/share/doc/HOST-SETUP.txt b/share/doc/HOST-SETUP.txt index 74b7333..d2e4216 100644 --- a/share/doc/HOST-SETUP.txt +++ b/share/doc/HOST-SETUP.txt @@ -1,5 +1,5 @@ -container-tools: Host Setup -=========================== +compute-tools: Host Setup +========================= 1. Debian Packages @@ -180,14 +180,33 @@ iface br100 inet static EOF -4. Enabling container-shell +4. Enabling user namespace for unprivileged containers +------------------------------------------------------ + +Linux supports unprivileged containers with the user namespace. +By default the user namespace is disabled on Debian systems (see #898446). +To enable user namespace, edit the following file for a permant change: + + /etc/sysctl.d/zz-compute-tools.conf + sysctl -p + +or enable it manually with: + + echo 1 > /proc/sys/kernel/unprivileged_userns_clone + +Note that containers need to be started with the correct +configuration in /etc/compute-tools/container/config to run unpriviled +(private-users option). + + +5. Enabling container-shell --------------------------- -Managing containers requires root privileges. In order to allow unprivileged -users to manage containers without granting them privileges or accounts, -the container-shell can be used together with sudo and a container user. +Managing privileged containers requires root privileges. In order to allow +unprivileged users to manage privileged containers without granting them +privileges or accounts, the container-shell can be used together with sudo +and a container user. - sudo adduser --gecos "container-tools,,," \ - --home /var/lib/machines/container-tools \ - --shell /usr/bin/container-shell \ - --no-create-home container + sudo adduser --gecos "compute-tools,,," \ + --home /var/lib/open-infrastructure/container-shell \ + --shell /usr/bin/container-shell diff --git a/share/doc/asciicast/introduction.sh b/share/doc/asciicast/introduction.sh index c4efb0c..68b02d2 100755 --- a/share/doc/asciicast/introduction.sh +++ b/share/doc/asciicast/introduction.sh @@ -1,7 +1,6 @@ #!/bin/sh -# container-tools - Manage systemd-nspawn containers -# Copyright (C) 2014-2018 Daniel Baumann +# Copyright (C) 2014-2019 Daniel Baumann # # SPDX-License-Identifier: GPL-3.0+ # @@ -51,7 +50,7 @@ Text () sleep 2 -Text "# Welcome to this container-tools introduction cast." +Text "# Welcome to this compute-tools introduction cast." echo echo @@ -59,7 +58,7 @@ Text "# 1. We're using Debian ($(lsb_release -cs))..." Command "lsb_release -a" -Text "# ...and container-tools version $(cnt version)." +Text "# ...and compute-tools version $(cnt version)." Command "cnt version" @@ -125,13 +124,13 @@ Command "sudo cnt list" echo echo -Text "# This concludes this introduction to container-tools." +Text "# This concludes this introduction to compute-tools." Text "#" Text "# Thanks for watching and have fun setting up" Text "# your own Linux containers based on systemd-nspawn" -Text "# using container-tools from Open Infrastructure:" +Text "# using compute-tools from Open Infrastructure:" Text "#" -Text "# https://open-infrastructure.net/software/container-tools" +Text "# https://open-infrastructure.net/software/compute-tools" sleep 2 diff --git a/share/doc/examples/buster.cfg b/share/doc/examples/buster.cfg new file mode 100644 index 0000000..cfc8595 --- /dev/null +++ b/share/doc/examples/buster.cfg @@ -0,0 +1,35 @@ +# example for automated Debian 10 (buster) based container creation +# using: sudo container create -s debian + +debconf debconf/priority select critical +debconf debconf/frontend select Noninteractive + +compute-tools container/mode select debian + +#compute-tools container/preseed-files string +#compute-tools container/include-preseed-files string + +compute-tools container/distribution select buster +#compute-tools container/parent-distribution select + +compute-tools container/architecture select auto + +compute-tools container/archives multiselect buster-security, buster-updates +#compute-tools container/parent-archives multiselect + +compute-tools container/mirror string https://deb.debian.org/debian +compute-tools container/mirror-security string http://security.debian.org + +#compute-tools container/parent-mirror string +#compute-tools container/parent-mirror-security string + +compute-tools container/archive-areas multiselect main +#compute-tools container/parent-archive-areas multiselect + +compute-tools container/packages string openssh-server + +compute-tools container/root-password string debian +#compute-tools container/root-password-crypted string + +compute-tools container/network1/bridge string bridge0 +#compute-tools container/network-mac string diff --git a/share/doc/examples/container-images.sh b/share/doc/examples/container-images.sh index 07f3451..f677799 100755 --- a/share/doc/examples/container-images.sh +++ b/share/doc/examples/container-images.sh @@ -1,7 +1,5 @@ #!/bin/sh -# container-tools - Manage systemd-nspawn containers -# # Description: example for automated Debian base system container image creation # Requires: debootstrap plzip xz-utils # Usage: sudo ./container-images.sh @@ -9,7 +7,7 @@ set -e ARCHITECTURES="amd64 i386" -DISTRIBUTIONS="stretch sid" +DISTRIBUTIONS="buster sid" MIRROR="https://deb.debian.org/debian" INCLUDE="dbus" diff --git a/share/doc/examples/dschinn-backports.cfg b/share/doc/examples/dschinn-backports.cfg deleted file mode 100644 index 4f72268..0000000 --- a/share/doc/examples/dschinn-backports.cfg +++ /dev/null @@ -1,72 +0,0 @@ -# container-tools - Manage systemd-nspawn containers -# -# example for automated Progress Linux 4+ (dschinn-backports) container creation -# using: sudo container create -s progress-linux - -debconf debconf/priority select critical -debconf debconf/frontend select Noninteractive - -container-tools cnt-debconf/mode select progress-linux - -#container-tools cnt-debconf/preseed-files string -#container-tools cnt-debconf/include-preseed-files string - -container-tools cnt-debconf/distribution select dschinn-backports -#container-tools cnt-debconf/parent-distribution select - -container-tools cnt-debconf/architecture select auto - -container-tools cnt-debconf/archives multiselect dschinn-security, dschinn-updates, dschinn-extras, dschinn-backports, dschinn-backports-extras -#container-tools cnt-debconf/parent-archives multiselect - -container-tools cnt-debconf/mirror string https://cdn.archive.progress-linux.org/packages -container-tools cnt-debconf/mirror-security string https://cdn.archive.progress-linux.org/packages - -container-tools cnt-debconf/parent-mirror string https://deb.debian.org/debian -container-tools cnt-debconf/parent-mirror-security string http://security.debian.org - -container-tools cnt-debconf/archive-areas multiselect main, contrib, non-free -container-tools cnt-debconf/parent-archive-areas multiselect main, contrib, non-free - -container-tools cnt-debconf/packages string knot-resolver openssh-server - -container-tools cnt-debconf/root-password string progress -#container-tools cnt-debconf/root-password-crypted string - -# Network IP configuration -container-tools cnt-debconf/network1/bridge string bridge0 -container-tools cnt-debconf/network1/veth string veth0 -container-tools cnt-debconf/network1/ipv4-method select static -container-tools cnt-debconf/network1/ipv4-comment string Primary network interfaces -container-tools cnt-debconf/network1/ipv4-address string 192.168.0.2 -container-tools cnt-debconf/network1/ipv4-gateway string 192.168.0.1 -container-tools cnt-debconf/network1/ipv4-netmask string 255.255.255.0 -#container-tools cnt-debconf/network1/ipv4-post-up string -#container-tools cnt-debconf/network1/ipv4-post-down string - -# Network DNS configuration -container-tools cnt-debconf/nameserver/server string 127.0.0.1 8.8.8.8 8.8.4.4 -container-tools cnt-debconf/nameserver/domain string example.net -container-tools cnt-debconf/nameserver/search string example.net -container-tools cnt-debconf/nameserver/options string timeout:1 attempts:1 - -# Third-Party Repositories -#container-tools cnt-debconf/archive1/repository string -#container-tools cnt-debconf/archive1/list string -#container-tools cnt-debconf/archive1/comment string -#container-tools cnt-debconf/archive1/source string -#container-tools cnt-debconf/archive1/key string -#container-tools cnt-debconf/archive1/preferences-package string -#container-tools cnt-debconf/archive1/preferences-pin string -#container-tools cnt-debconf/archive1/preferences-pin-priority - -# Internal Options -#container-tools cnt-debconf/apt-recommends string -#container-tools cnt-debconf/debconf-frontend string -#container-tools cnt-debconf/debconf-priority string -#container-tools cnt-debconf/container-command string -#container-tools cnt-debconf/host-command string -container-tools cnt-debconf/auto string FQDN -#container-tools cnt-debconf/overlay string -#container-tools cnt-debconf/bind string -#container-tools cnt-debconf/bind-ro string diff --git a/share/doc/examples/engywuck-backports.cfg b/share/doc/examples/engywuck-backports.cfg new file mode 100644 index 0000000..392c40d --- /dev/null +++ b/share/doc/examples/engywuck-backports.cfg @@ -0,0 +1,70 @@ +# example for automated Progress Linux 5+ (engywuck-backports) container creation +# using: sudo container create -s progress-linux + +debconf debconf/priority select critical +debconf debconf/frontend select Noninteractive + +compute-tools container/mode select progress-linux + +#compute-tools container/preseed-files string +#compute-tools container/include-preseed-files string + +compute-tools container/distribution select engywuck-backports +#compute-tools container/parent-distribution select + +compute-tools container/architecture select auto + +compute-tools container/archives multiselect engywuck-security, engywuck-updates, engywuck-extras, engywuck-backports, engywuck-backports-extras +#compute-tools container/parent-archives multiselect + +compute-tools container/mirror string https://cdn.deb.progress-linux.org/packages +compute-tools container/mirror-security string https://cdn.deb.progress-linux.org/packages + +compute-tools container/parent-mirror string https://deb.debian.org/debian +compute-tools container/parent-mirror-security string http://security.debian.org + +compute-tools container/archive-areas multiselect main, contrib, non-free +compute-tools container/parent-archive-areas multiselect main, contrib, non-free + +compute-tools container/packages string knot-resolver openssh-server + +compute-tools container/root-password string progress +#compute-tools container/root-password-crypted string + +# Network IP configuration +compute-tools container/network1/bridge string bridge0 +compute-tools container/network1/veth string veth0 +compute-tools container/network1/ipv4-method select static +compute-tools container/network1/ipv4-comment string Primary network interfaces +compute-tools container/network1/ipv4-address string 192.168.0.2 +compute-tools container/network1/ipv4-gateway string 192.168.0.1 +compute-tools container/network1/ipv4-netmask string 255.255.255.0 +#compute-tools container/network1/ipv4-post-up string +#compute-tools container/network1/ipv4-post-down string + +# Network DNS configuration +compute-tools container/nameserver/server string 127.0.0.1 8.8.8.8 8.8.4.4 +compute-tools container/nameserver/domain string example.net +compute-tools container/nameserver/search string example.net +compute-tools container/nameserver/options string timeout:1 attempts:1 + +# Third-Party Repositories +#compute-tools container/archive1/repository string +#compute-tools container/archive1/list string +#compute-tools container/archive1/comment string +#compute-tools container/archive1/source string +#compute-tools container/archive1/key string +#compute-tools container/archive1/preferences-package string +#compute-tools container/archive1/preferences-pin string +#compute-tools container/archive1/preferences-pin-priority + +# Internal Options +#compute-tools container/apt-recommends string +#compute-tools container/debconf-frontend string +#compute-tools container/debconf-priority string +#compute-tools container/container-command string +#compute-tools container/host-command string +compute-tools container/auto string true +#compute-tools container/overlay string +#compute-tools container/bind string +#compute-tools container/bind-ro string diff --git a/share/doc/examples/stretch.cfg b/share/doc/examples/stretch.cfg deleted file mode 100644 index 4a137b7..0000000 --- a/share/doc/examples/stretch.cfg +++ /dev/null @@ -1,37 +0,0 @@ -# container-tools - Manage systemd-nspawn containers -# -# example for automated Debian 9 (stretch) based container creation -# using: sudo container create -s debian - -debconf debconf/priority select critical -debconf debconf/frontend select Noninteractive - -container-tools cnt-debconf/mode select debian - -#container-tools cnt-debconf/preseed-files string -#container-tools cnt-debconf/include-preseed-files string - -container-tools cnt-debconf/distribution select stretch -#container-tools cnt-debconf/parent-distribution select - -container-tools cnt-debconf/architecture select auto - -container-tools cnt-debconf/archives multiselect stretch-security, stretch-updates -#container-tools cnt-debconf/parent-archives multiselect - -container-tools cnt-debconf/mirror string https://deb.debian.org/debian -container-tools cnt-debconf/mirror-security string http://security.debian.org - -#container-tools cnt-debconf/parent-mirror string -#container-tools cnt-debconf/parent-mirror-security string - -container-tools cnt-debconf/archive-areas multiselect main -#container-tools cnt-debconf/parent-archive-areas multiselect - -container-tools cnt-debconf/packages string openssh-server - -container-tools cnt-debconf/root-password string debian -#container-tools cnt-debconf/root-password-crypted string - -container-tools cnt-debconf/network1/bridge string bridge0 -#container-tools cnt-debconf/network-mac string -- cgit v1.2.3