searxng/utils/lxc.sh
Markus Heiser a1f5f2ced8 LXC: minor fixes and renaming
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2020-02-16 22:26:03 +01:00

329 lines
9.2 KiB
Bash
Executable File

#!/usr/bin/env bash
# -*- coding: utf-8; mode: sh indent-tabs-mode: nil -*-
# SPDX-License-Identifier: AGPL-3.0-or-later
# shellcheck source=utils/lib.sh
source "$(dirname "${BASH_SOURCE[0]}")/lib.sh"
source_dot_config
# ----------------------------------------------------------------------------
# config
# ----------------------------------------------------------------------------
#
# read also:
# - https://lxd.readthedocs.io/en/latest/
# name of https://images.linuxcontainers.org
LINUXCONTAINERS_ORG_NAME="${LINUXCONTAINERS_ORG_NAME:-images}"
HOST_PREFIX="${HOST_PREFIX:-searx}"
TEST_IMAGES=(
"$LINUXCONTAINERS_ORG_NAME:ubuntu/18.04" "ubu1804"
"$LINUXCONTAINERS_ORG_NAME:ubuntu/19.04" "ubu1904"
# TODO: installation of searx & filtron not yet implemented ..
#
#"$LINUXCONTAINERS_ORG_NAME:archlinux" "archlinux"
#"$LINUXCONTAINERS_ORG_NAME:fedora/31" "fedora31"
)
ubu1804_boilerplate="
export DEBIAN_FRONTEND=noninteractive
apt-get install -y git curl wget
"
# shellcheck disable=SC2034
ubu1904_boilerplate="$ubu1804_boilerplate"
REMOTE_IMAGES=()
LOCAL_IMAGES=()
for ((i=0; i<${#TEST_IMAGES[@]}; i+=2)); do
REMOTE_IMAGES=("${REMOTE_IMAGES[@]}" "${TEST_IMAGES[i]}")
LOCAL_IMAGES=("${LOCAL_IMAGES[@]}" "${HOST_PREFIX}-${TEST_IMAGES[i+1]}")
done
HOST_USER="${SUDO_USER:-$USER}"
HOST_USER_ID=$(id -u "${HOST_USER}")
HOST_GROUP_ID=$(id -g "${HOST_USER}")
# ----------------------------------------------------------------------------
usage() {
# ----------------------------------------------------------------------------
cat <<EOF
usage::
$(basename "$0") build [containers]
$(basename "$0") remove [containers|subordinate]
$(basename "$0") [start|stop] [containers]
$(basename "$0") inspect [info|config]
$(basename "$0") cmd ...
build / remove
:containers: build and remove all LXC containers
add / remove
:subordinate: lxd permission to map ${HOST_USER}'s user/group id through
start/stop
:containers: start/stop of all containers
inspect
:info: show info of all containers
:config: show config of all containers
cmd ...
run commandline ... in all containers
all LXC containers:
${LOCAL_IMAGES[@]}
EOF
[ -n "${1+x}" ] && err_msg "$1"
}
lxd_info() {
cat <<EOF
LXD is needed, to install run::
snap install lxd
lxd init --auto
EOF
}
main() {
local exit_val
if ! required_commands lxc; then
lxd_info
exit 42
fi
local _usage="unknown or missing $1 command $2"
case $1 in
--source-only) ;;
-h|--help) usage; exit 0;;
build)
sudo_or_exit
case $2 in
containers) build_instances ;;
*) usage "$_usage"; exit 42;;
esac ;;
remove)
sudo_or_exit
case $2 in
containers) remove_instances ;;
subordinate) echo; del_subordinate_ids ;;
*) usage "$_usage"; exit 42;;
esac ;;
add)
sudo_or_exit
case $2 in
subordinate) echo; add_subordinate_ids ;;
*) usage "$_usage"; exit 42;;
esac ;;
start|stop)
sudo_or_exit
case $2 in
containers) lxc_cmd "$1" ;;
*) usage "$_usage"; exit 42;;
esac ;;
inspect)
sudo_or_exit
case $2 in
config) lxc_cmd config show;;
info) lxc_cmd info;;
*) usage "$_usage"; exit 42;;
esac ;;
cmd)
sudo_or_exit
shift
for i in "${LOCAL_IMAGES[@]}"; do
info_msg "call ${_BBlue}${i}${_creset} -- ${_BGreen}${*}${_creset}"
wait_key 3
lxc exec "${i}" -- "$@"
exit_val=$?
if [ $exit_val -ne 0 ]; then
err_msg "$exit_val ${_BBlue}${i}${_creset} -- ${_BGreen}${*}${_creset}"
fi
done
;;
*)
usage "unknown or missing command $1"; exit 42;;
esac
}
build_instances() {
rst_title "Build LXC instances"
rst_title "copy images" section
echo
lxc_copy_images_localy
lxc image list local: && wait_key
echo
rst_title "build containers" section
echo
lxc_init_containers
lxc_config_containers
lxc_boilerplate_containers
echo
lxc list "$HOST_PREFIX"
}
remove_instances() {
rst_title "Remove LXC instances"
echo -en "\\nLXC containers(s)::\\n\\n ${LOCAL_IMAGES[*]}\\n" | $FMT
if ask_yn "Do you really want to delete all images"; then
lxc_delete_containers
fi
echo
lxc list "$HOST_PREFIX"
# lxc image list local: && wait_key
}
# images
# ------
lxc_copy_images_localy() {
for ((i=0; i<${#TEST_IMAGES[@]}; i+=2)); do
if lxc image info "local:${TEST_IMAGES[i+1]}" &>/dev/null; then
info_msg "image ${TEST_IMAGES[i]} already copied --> ${TEST_IMAGES[i+1]}"
else
info_msg "copy image locally ${TEST_IMAGES[i]} --> ${TEST_IMAGES[i+1]}"
lxc image copy "${TEST_IMAGES[i]}" local: \
--alias "${TEST_IMAGES[i+1]}" | prefix_stdout
fi
done
}
lxc_delete_images_localy() {
echo
for i in "${LOCAL_IMAGES[@]}"; do
info_msg "delete image 'local:$i'"
lxc image delete "local:$i"
done
#lxc image list local:
}
# container
# ---------
lxc_cmd() {
for i in "${LOCAL_IMAGES[@]}"; do
info_msg "lxc $* $i"
lxc "$@" "$i"
done
}
lxc_init_containers() {
local shortname
for ((i=0; i<${#TEST_IMAGES[@]}; i+=2)); do
shortname="${TEST_IMAGES[i+1]}"
if lxc info "${HOST_PREFIX}-${shortname}" &>/dev/null; then
info_msg "conatiner '$i' already exists"
else
info_msg "create conatiner instance: $i"
lxc init "local:${shortname}" "${HOST_PREFIX}-${shortname}"
fi
done
}
lxc_config_containers() {
for i in "${LOCAL_IMAGES[@]}"; do
info_msg "configure container: ${_BBlue}${i}${_creset}"
info_msg "map uid/gid from host to container"
# https://lxd.readthedocs.io/en/latest/userns-idmap/#custom-idmaps
echo -e -n "uid $HOST_USER_ID 1000\\ngid $HOST_GROUP_ID 1000"\
| lxc config set "$i" raw.idmap -
info_msg "share ${REPO_ROOT} (repo_share) from HOST into container"
# https://lxd.readthedocs.io/en/latest/instances/#type-disk
lxc config device add "$i" repo_share disk \
source="${REPO_ROOT}" \
path="/share/$(basename "${REPO_ROOT}")" &>/dev/null
# lxc config show "$i" && wait_key
done
}
lxc_boilerplate_containers() {
local shortname
local boilerplate_script
for ((i=0; i<${#TEST_IMAGES[@]}; i+=2)); do
shortname="${TEST_IMAGES[i+1]}"
info_msg "install boilerplate: ${_BBlue}${HOST_PREFIX}-${shortname}${_creset}"
lxc start -q "${HOST_PREFIX}-${shortname}" &>/dev/null
boilerplate_script="${shortname}_boilerplate"
boilerplate_script="${!boilerplate_script}"
if [[ -n "${boilerplate_script}" ]]; then
echo "$boilerplate_script" \
| lxc exec "${HOST_PREFIX}-${shortname}" -- bash \
| prefix_stdout " ${HOST_PREFIX}-${shortname} | "
else
warn_msg "no boilerplate for instance '$i'"
fi
done
}
lxc_delete_containers() {
for i in "${LOCAL_IMAGES[@]}"; do
if lxc info "$i" &>/dev/null; then
info_msg "stop & delete instance '$i'"
lxc stop "$i" &>/dev/null
lxc delete "$i" | prefix_stdout
else
warn_msg "instance '$i' does not exist / can't delete :o"
fi
done
}
# subordinates
# ------------
#
# see man: subgid(5), subuid(5), https://lxd.readthedocs.io/en/latest/userns-idmap
#
# E.g. in the HOST you have uid=1001(user) and/or gid=1001(user) ::
#
# root:1001:1
#
# in the CONTAINER::
#
# config:
# raw.idmap: |
# uid 1001 1000
# gid 1001 1000
add_subordinate_ids() {
if grep "root:${HOST_USER_ID}:1" /etc/subuid -qs; then
info_msg "lxd already has permission to map ${HOST_USER_ID}'s user/group id through"
else
info_msg "add lxd permission to map ${HOST_USER_ID}'s user/group id through"
usermod --add-subuids "${HOST_USER_ID}-${HOST_USER_ID}" \
--add-subgids "${HOST_GROUP_ID}-${HOST_GROUP_ID}" root
fi
}
del_subordinate_ids() {
local out
local exit_value
if grep "root:${HOST_USER_ID}:1" /etc/subuid -qs; then
# TODO: root user is always in use by process 1, how can we remove subordinates?
info_msg "remove lxd permission to map ${HOST_USER_ID}'s user/group id through"
out=$(usermod --del-subuids "${HOST_USER_ID}-${HOST_USER_ID}" --del-subgids "${HOST_GROUP_ID}-${HOST_GROUP_ID}" root 2>&1)
exit_val=$?
if [ $exit_val -ne 0 ]; then
err_msg "$out"
fi
else
info_msg "lxd does not have permission to map ${HOST_USER_ID}'s user/group id through"
fi
}
# ----------------------------------------------------------------------------
main "$@"
# ----------------------------------------------------------------------------