diff options
Diffstat (limited to 'utils/lxc.sh')
| -rwxr-xr-x | utils/lxc.sh | 152 |
1 files changed, 136 insertions, 16 deletions
diff --git a/utils/lxc.sh b/utils/lxc.sh index d79262534..1762abd7c 100755 --- a/utils/lxc.sh +++ b/utils/lxc.sh @@ -9,6 +9,9 @@ source_dot_config # ---------------------------------------------------------------------------- # config # ---------------------------------------------------------------------------- +# +# read also: +# - https://lxd.readthedocs.io/en/latest/ # name of https://images.linuxcontainers.org LINUXCONTAINERS_ORG_NAME="${LINUXCONTAINERS_ORG_NAME:-images}" @@ -17,10 +20,11 @@ HOST_PREFIX="${HOST_PREFIX:-searx}" TEST_IMAGES=( "$LINUXCONTAINERS_ORG_NAME:ubuntu/18.04" "ubu1804" "$LINUXCONTAINERS_ORG_NAME:ubuntu/19.04" "ubu1904" - "$LINUXCONTAINERS_ORG_NAME:archlinux" "archlinux" + + # TODO: installation of searx & filtron not yet implemented .. + # + #"$LINUXCONTAINERS_ORG_NAME:archlinux" "archlinux" #"$LINUXCONTAINERS_ORG_NAME:fedora/31" "fedora31" - #"ubuntu-minimal:18.04" "ubu1804" - #"ubuntu-minimal:19.10" "ubu1910" ) REMOTE_IMAGES=() @@ -31,6 +35,10 @@ for ((i=0; i<${#TEST_IMAGES[@]}; i+=2)); do LOCAL_IMAGES=("${LOCAL_IMAGES[@]}" "${TEST_IMAGES[i+1]}") done +HOST_USER="${SUDO_USER:-$USER}" +HOST_USER_ID=$(id -u "${HOST_USER}") +HOST_GROUP_ID=$(id -g "${HOST_USER}") + # ---------------------------------------------------------------------------- usage() { # ---------------------------------------------------------------------------- @@ -39,13 +47,25 @@ usage() { usage:: - $(basename "$0") build [hosts] - $(basename "$0") delete [hosts] + $(basename "$0") build [containers] + $(basename "$0") delete [containers|subordinate] + $(basename "$0") [start|stop] [containers] + $(basename "$0") inspect [info|config] + $(basename "$0") cmd ... build / delete - build and/or delete all LXC hosts + :containers: build and delete all LXC containers +add / delete + :subordinate: lxd permission to map ${HOST_USER}'s user/group id through +start/stop + :containers: start/stop of all containers +inspect + :info: show info of all containers + :config: show config of all containers +cmd ... + run commandline ... in all containers -all LXC hosts: +all LXC containers: ${LOCAL_IMAGES[@]} EOF @@ -53,7 +73,6 @@ EOF } main() { - rst_title "LXC tooling box" part required_commands lxc || exit @@ -66,15 +85,43 @@ main() { build) sudo_or_exit case $2 in - hosts) build_instances ;; + containers) build_instances ;; *) usage "$_usage"; exit 42;; esac ;; delete) sudo_or_exit case $2 in - hosts) delete_instances ;; + containers) delete_instances ;; + subordinate) echo; del_subordinate_ids ;; + *) usage "$_usage"; exit 42;; + esac ;; + add) + sudo_or_exit + case $2 in + subordinate) echo; add_subordinate_ids ;; + *) usage "$_usage"; exit 42;; + esac ;; + start|stop) + sudo_or_exit + case $2 in + containers) lxc_cmd "$1" ;; *) usage "$_usage"; exit 42;; esac ;; + inspect) + sudo_or_exit + case $2 in + config) lxc_cmd config show;; + info) lxc_cmd info;; + *) usage "$_usage"; exit 42;; + esac ;; + cmd) + sudo_or_exit + shift + for i in "${LOCAL_IMAGES[@]}"; do + info_msg "lxc exec ${_BBlue}${HOST_PREFIX}-${i}${_creset} -- ${_BGreen}${*}${_creset}" + lxc exec "${HOST_PREFIX}-${i}" -- "$@" + done + ;; *) usage "unknown or missing command $1"; exit 42;; esac @@ -83,19 +130,25 @@ main() { build_instances() { rst_title "Build LXC instances" lxc_copy_images_localy + #lxc image list local: && wait_key lxc_init_containers - - err_msg "WIP / sorry, not implemented yet :o" + lxc_config_containers + lxc list "$HOST_PREFIX" } delete_instances() { rst_title "Delete LXC instances" - echo -en "\\nLXC hosts(s)::\\n\\n ${LOCAL_IMAGES[*]}\\n" | $FMT + echo -en "\\nLXC containers(s)::\\n\\n ${LOCAL_IMAGES[*]}\\n" | $FMT if ask_yn "Do you really want to delete all images"; then lxc_delete_containers fi + # lxc list "$HOST_PREFIX" + # lxc image list local: && wait_key } +# images +# ------ + lxc_copy_images_localy() { echo for ((i=0; i<${#TEST_IMAGES[@]}; i+=2)); do @@ -107,7 +160,6 @@ lxc_copy_images_localy() { --alias "${TEST_IMAGES[i+1]}" prefix_stdout fi done - #lxc image list local: } lxc_delete_images_localy() { @@ -119,6 +171,17 @@ lxc_delete_images_localy() { #lxc image list local: } +# container +# --------- + +lxc_cmd() { + echo + for i in "${LOCAL_IMAGES[@]}"; do + info_msg "lxc $* $HOST_PREFIX-$i" + lxc "$@" "$HOST_PREFIX-$i" + done +} + lxc_init_containers() { echo for i in "${LOCAL_IMAGES[@]}"; do @@ -129,7 +192,25 @@ lxc_init_containers() { lxc init "local:$i" "$HOST_PREFIX-$i" fi done - #lxc list "$HOST_PREFIX" +} + +lxc_config_containers() { + echo + for i in "${LOCAL_IMAGES[@]}"; do + + info_msg "map uid/gid from host to conatiner: $HOST_PREFIX-$i" + # https://lxd.readthedocs.io/en/latest/userns-idmap/#custom-idmaps + echo -e -n "uid $HOST_USER_ID 1000\\ngid $HOST_GROUP_ID 1000"\ + | lxc config set "$HOST_PREFIX-$i" raw.idmap - + + info_msg "share ${REPO_ROOT} (repo_share) from HOST into container: $HOST_PREFIX-$i" + # https://lxd.readthedocs.io/en/latest/instances/#type-disk + lxc config device add "$HOST_PREFIX-$i" repo_share disk \ + source="${REPO_ROOT}" \ + path="/share/$(basename "${REPO_ROOT}")" + + # lxc config show "$HOST_PREFIX-$i" && wait_key + done } lxc_delete_containers() { @@ -143,7 +224,46 @@ lxc_delete_containers() { warn_msg "instance '$HOST_PREFIX-$i' does not exist / can't delete :o" fi done - #lxc list "$HOST_PREFIX" +} + +# subordinates +# ------------ +# +# see man: subgid(5), subuid(5), https://lxd.readthedocs.io/en/latest/userns-idmap +# +# E.g. in the HOST you have uid=1001(user) and/or gid=1001(user) :: +# +# root:1001:1 +# +# in the CONTAINER:: +# +# config: +# raw.idmap: | +# uid 1001 1000 +# gid 1001 1000 + +add_subordinate_ids() { + if grep "root:${HOST_USER_ID}:1" /etc/subuid -qs; then + info_msg "lxd already has permission to map ${HOST_USER_ID}'s user/group id through" + else + info_msg "add lxd permission to map ${HOST_USER_ID}'s user/group id through" + usermod --add-subuids "${HOST_USER_ID}-${HOST_USER_ID}" \ + --add-subgids "${HOST_GROUP_ID}-${HOST_GROUP_ID}" root + fi +} + +del_subordinate_ids() { + local out + if grep "root:${HOST_USER_ID}:1" /etc/subuid -qs; then + # TODO: root user is always in use by process 1, how can we remove subordinates? + info_msg "remove lxd permission to map ${HOST_USER_ID}'s user/group id through" + out=$(usermod --del-subuids "${HOST_USER_ID}-${HOST_USER_ID}" --del-subgids "${HOST_GROUP_ID}-${HOST_GROUP_ID}" root 2>&1) + if [ ! -z $? ]; then + err_msg "$out" + fi + else + info_msg "lxd does not have permission to map ${HOST_USER_ID}'s user/group id through" + fi } |