nested lxd wip1

7 months ago · 2bf8289238
5 changed files with 66 additions and 22 deletions
--- a/lib/install.sh
+++ b/lib/install.sh
@ -47,14 +47,39 @@ function prepare_lxd {

        echo "bridge <lxdbr0> down, so initialization will use default preseed..."

-        empty_block_partition=''
-        if lsblk -o NAME,FSTYPE,GROUP --noheadings -p | grep -E ^.─ | grep disk; then
-            # FIXME: when nesting no DISK type partition found!
+        if [[ $(printenv container) == 'lxc' ]]; then
+            echo "nested configuration applying..."
+            cat <<EOF | lxd init --preseed
+config: {}
+networks:
+- name: lxdbr0
+  type: bridge
+  config:
+    ipv4.address: auto
+    ipv6.address: none
+profiles:
+- config:
+    security.privileged: "true"
+  description: ""
+  devices:
+    eth0:
+      name: eth0
+      nictype: bridged
+      parent: lxdbr0
+      type: nic
+    root:
+        path: /
+        pool: default
+        type: disk    
+  name: default
+projects: []
+cluster: null
+EOF
+        else
            empty_block_partition=$(lsblk -o NAME,FSTYPE,GROUP --noheadings -p | grep -E ^.─ | grep disk | awk '{if($3=="") print $1}' | cut -d'/' -f3)
-        fi
-        if [[ -n "$empty_block_partition" ]]; then
-            echo "use empty block partition /dev/$empty_block_partition"
-            cat <<EOF | sudo lxd init --preseed
+            if [[ -n "$empty_block_partition" ]]; then
+                echo "use empty block partition /dev/$empty_block_partition for speed and optimization"
+                cat <<EOF | sudo lxd init --preseed
 config: {}
 networks:
 - config:
@ -86,10 +111,10 @@ profiles:
 projects: []
 cluster: null
 EOF
-            echo OK
-        else
-            echo "use dir partition"
-            cat <<EOF | lxd init --preseed
+                echo OK
+            else
+                echo "use dir partition for development purpose"
+                cat <<EOF | lxd init --preseed
 config: {}
 networks:
 - name: lxdbr0
@ -98,13 +123,14 @@ networks:
    ipv4.address: auto
    ipv6.address: none
 EOF
+            fi
        fi
    else
        echo "bridge <lxdbr0> found implies it has been already initialized!"
    fi

-    set_alias 'sameuser' "exec @ARG1@ -- su --whitelist-environment container_hostname - $(whoami)"
-    set_alias 'login' 'exec @ARGS@ --mode interactive -- /bin/bash -c $@${user:-root} - exec su --whitelist-environment container_hostname - '
+    set_alias 'sameuser' "exec @ARG1@ -- su --whitelist-environment container,container_hostname - $(whoami)"
+    set_alias 'login' 'exec @ARGS@ --mode interactive -- /bin/bash -c $@${user:-root} - exec su --whitelist-environment container,container_hostname - '
    set_alias 'll' 'list -c ns4mDN'

    # test environment container hostname
@ -194,8 +220,7 @@ function check_credential {

    check_yaml_defined_value /etc/miaou/defaults.yaml 'credential.username' &&
        check_yaml_defined_value /etc/miaou/defaults.yaml 'credential.shadow' &&
-        check_yaml_defined_value /etc/miaou/defaults.yaml 'credential.email' &&
-        check_yaml_defined_value /etc/miaou/defaults.yaml 'credential.password'
+        check_yaml_defined_value /etc/miaou/defaults.yaml 'credential.email'

 }

--- a/recipes/odoo12/crud.sh
+++ b/recipes/odoo12/crud.sh
@ -44,8 +44,11 @@ function _create() {
        db-psql create "$longname"
        echo "create empty database <$longname> ... OK"

+        #FIXME: load credential from data argument wth yq parsing!!!
+
        credential_username=$(load_yaml_from_expanded credential.username)
        credential_password=$(load_yaml_from_expanded credential.password)
+
        cat <<EOF | lxc_exec "$container"
            set -Eeuo pipefail
            echo reloading systemd
--- a/scripts/lxc-miaou-create
+++ b/scripts/lxc-miaou-create
@ -97,7 +97,7 @@ runcmd:
 final_message: "Container from datasource \$datasource is finally up, after \$UPTIME seconds"
 EOF
    )"
-    lxc init images:debian/$CONTAINER_RELEASE/cloud "$CONTAINER" --config user.user-data="$user_data" -q
+    lxc init local:debian/$CONTAINER_RELEASE/cloud "$CONTAINER" --config user.user-data="$user_data" -q

    # allow directory `SHARED` to be read-write mounted
    lxc config set "$CONTAINER" raw.idmap "both $(id -u) 0" -q
@ -105,8 +105,11 @@ EOF

    lxc config device add "$CONTAINER" SHARED disk source="$HOME/LXD/SHARED/$CONTAINER" path=/mnt/SHARED -q
    lxc config device add "$CONTAINER" TOOLBOX disk source=/TOOLBOX path=/TOOLBOX -q
-    lxc config device add "$CONTAINER" DEBIAN_BASH disk source=$(realpath /opt/miaou-bash) path=/opt/miaou-bash -q
+    lxc config device add "$CONTAINER" MIAOU_BASH disk source=$(realpath /opt/miaou-bash) path=/opt/miaou-bash -q
+
+    # environment variables
    lxc config set "$CONTAINER" environment.PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/miaou-bash/tools:/TOOLBOX -q
+    lxc config set "$CONTAINER" environment.container lxc -q

    if [[ "$OPTION_NESTING" == true ]]; then
        lxc config set "$CONTAINER" security.nesting true -q
@ -123,8 +126,10 @@ EOF
    lxc file push "$MIAOU_BASEDIR/templates/bottom/bottom.toml" "$CONTAINER/root/.config/bottom/bottom.toml" -q

    # purge cloud-init after success
-    lxc exec "$CONTAINER" -- systemd-run -q -p After=cloud-final.service -p Type=oneshot --no-block bash -c '\
-        sleep 0.2 &&\
+    attempt=0
+    max_attempt=10
+    delay=0.2
+    while ! lxc exec "$CONTAINER" -- bash -c 'systemd-run -q -p After=cloud-final.service -p Type=oneshot --no-block bash -c "\
        cloud-init status --wait &&\
        cp /var/lib/cloud/data/status.json /root/cloud-status.json &&\
        systemctl stop cloud-{config,final,init-local,init}.service &&\
@ -133,7 +138,15 @@ EOF
        apt-get purge -y cloud-init &&\
        rm -rf /var/lib/cloud && \
        userdel -rf debian \
-        '
+        " 2>/dev/null '; do
+        attempt=$((attempt++))
+        if [[ $attempt -gt $max_attempt ]]; then
+            echoerr "systemd unavailable after $(bc <<<"$max_attempt * $delay") seconds"
+            exit 1
+        else
+            sleep $delay
+        fi
+    done

    if [[ "$OPTION_SAMEUSER" == true ]]; then
        if ! lxc exec "$CONTAINER" -- grep "$miaou_user" /etc/passwd; then
--- a/scripts/miaou
+++ b/scripts/miaou
@ -413,6 +413,11 @@ function build_services() {
        app=${item[5]}
        name=${item[6]:-}

+        domain=${item[0]}
+        subdomain=${item[1]}
+        data=$(yqm ".services.\"$domain\".\"$subdomain\".data")
+        echo "domain=$domain, subdomain=$subdomain, data=$data"
+
        recipe="$MIAOU_BASEDIR/recipes/$app/crud.sh"
        if [[ -f "$recipe" ]]; then
            echo "read [$app:$name] onto container <$container>"
--- a/templates/etc/defaults.yaml.j2
+++ b/templates/etc/defaults.yaml.j2
@ -6,5 +6,3 @@ credential:
  username: {{env.current_user}}
  shadow: {{env.shadow_passwd}}
  email: TO BE DEFINED # example user@domain.tld
-  password: TO BE DEFINED
-