diff --git a/bin/pdm-build b/bin/pdm-build index 41976b8..e2a34d6 100755 --- a/bin/pdm-build +++ b/bin/pdm-build @@ -1,5 +1,5 @@ #!/bin/bash - +################################################################################ # Functions/variables quit() { if [[ $1 == 0 || $FLAGS_debug == $FLAGS_FALSE ]]; then @@ -16,12 +16,13 @@ source shflags DEFINE_boolean 'squash' false 'squash newly built layers into a single new layer' 's' DEFINE_boolean 'debug' false "Don't delete temporary container on build fail" 'd' DEFINE_string 'tag' 'latest' 'Tag (other than date) to assign to the image' 't' -FLAGS_HELP="Usage: $0 [-s] [-d] [-t tag] [directory] [name] -Builds an image from the Containerfile and (optionally) Systemdfile in a -directory passed as the first argument, and names the image after the second -argument. If no first argument is given, the current working directory is -used. If no second argument is given, the image is named after the directory. +FLAGS_HELP="Usage: $0 [-sd] [-t tag] [directory] [name] + +Builds an image from the Containerfile and (optionally) Systemdfile in the +specified directory, and tags the image with the given name. If no directory +argument is given, the current working directory is used. If no name argument +is given, the image is named after the directory. " FLAGS "$@" || exit $? eval set -- "${FLAGS_ARGV}" diff --git a/bin/pdm-launch b/bin/pdm-launch index fad92fd..baf9cf2 100755 --- a/bin/pdm-launch +++ b/bin/pdm-launch @@ -1,26 +1,35 @@ #!/bin/bash - +################################################################################ # Handle flags source shflags DEFINE_boolean 'overwrite' false 'Overwrite container if one with same name already exists.' 'o' -DEFINE_boolean 'config' false "Automatically configure container with deploy options stored in image metadata." 'c' -DEFINE_string 'deployopts' 'deployopts' 'Image metadata label from which to get the deploy options.' 'd' -FLAGS_HELP="Usage: $0 [-o] [-d label] image [name] +DEFINE_boolean 'config' false 'Automatically configure container with deploy options stored in image metadata.' 'c' +DEFINE_string 'label' 'deployopts' 'Image metadata label from which to get the deploy options.' 'l' + +FLAGS_HELP="Usage: $0 [-oc] [-d label] [image] [name] -Creates and starts a container from the specified image. If a second -argument is given, the container name is set to that string. Otherwise, the -container is given the same name as the image. +Creates and starts a container from the specified image, and assigns it the +specified name. If no image argument is given, uses the current working +directory as the name of the image. If no name argument is given, the container +is given the same name as the image. " FLAGS "$@" || exit $? eval set -- "${FLAGS_ARGV}" +# Handle errors/arguments/cases +if [[ $# -gt 2 ]]; then + echo "Error: too many arguments" + echo "" + flags_help + exit 1 +fi + if [[ -n $1 ]]; then image=$1 else - echo "Error: need image name" + echo "Warning: No image name given. Assuming image name from current working directory." echo "" - flags_help - exit 1 + image=$(basename $(pwd)) fi if [[ -n $2 ]]; then @@ -44,6 +53,5 @@ if [[ $FLAGS_overwrite ]]; then podman rm -i -f $name fi -podman create --name $name $deployopts $image -podman start $name +podman run -itd --name $name --hostname $name --userns=keep-id $deployopts $image echo "Done!" diff --git a/install.sh b/install.sh index 12301e0..a84c548 100755 --- a/install.sh +++ b/install.sh @@ -1,8 +1,15 @@ -#1/bin/bash +#!/bin/bash +# Variables +myusr=containers +myuid=60000 + +# Main +set -e + +echo "Attempting to autodetect distro ..." distro=$(lsb_release -is) release=$(lsb_release -rs) - if [[ $distro == "Debian" ]]; then echo "Detected distro: Debian" if [[ $release == "10" ]]; then @@ -15,23 +22,53 @@ if [[ $distro == "Debian" ]]; then echo "Error: failed to detect release" exit 1 fi - sudo apt install -y gnupg - echo "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_$release/ /" | sudo tee /etc/apt/sources.list.d/podman.list - curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_$release/Release.key | sudo apt-key add - + echo "Installing podman ..." + sudo apt install -y gnupg curl + echo "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_${release:?}/ /" | sudo tee /etc/apt/sources.list.d/podman.list + curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_${release:?}/Release.key | sudo apt-key add - sudo apt update -y - sudo apt install -y podman + sudo apt install -y fuse-overlayfs slirp4netns podman else - echo "Error: failed to detect distro" + echo "Error: failed to detect distro." exit 1 fi -# copy bin files to /usr/local/bin -sudo rsync -vaSH bin/ /usr/local/bin/ +echo "Creating containers user ..." +user_id=$(id -u $myusr > /dev/null 2>&1) +user_exists=$(echo $?) +if [[ $user_exists != 0 ]]; then + sudo addgroup $myusr --gid $myuid --system + sudo adduser $myusr --ingroup $myusr --uid $myuid --disabled-password --gecos "Containers User" --shell /usr/sbin/nologin --no-create-home --home /srv/$myusr --system +elif [[ $user_id != $myuid ]]; then + echo "Error: User \"$myusr\" already exists, but does not have UID $myuid." + echo "Please delete user \"$myusr\" and then re-run the install script." + exit 2 +else + echo "User \"$myusr\" is already configured. Skipping ..." +fi +echo "Configuring subuids and subgids ..." +echo "$myusr:1000000:1000000000" | sudo tee -a /etc/subuid /etc/subgid + +echo "Configuring kernel parameters ..." +kernel.unprivileged_userns_clone=1 +#net.ipv4.ping_group_range=0 1001000000 + +echo "Copying scripts to /usr/local/bin ..." +# copy bin files to /usr/local/bin +sudo cp bin/* /usr/local/bin/ # copy shflags to /usr/local/bin as well -sudo rsync -vaSH lib/shflags /usr/local/bin/ +sudo cp lib/shflags /usr/local/bin/ +echo "Installing containers startup service ..." # install systemd startup service -#sudo rsync -vaSH lib/containers-startup.service /etc/systemd/system/ -#sudo systemctl enable containers-startup.service +sudo cp lib/containers-startup.service /etc/systemd/system/ +sudo systemctl enable containers-startup.service +# create startup.sh if it doesn't exist +if [[ ! -f /etc/containers/startup.sh ]]; then + printf "#!/bin/bash\n\n" | sudo tee /etc/containers/startup.sh +fi +sudo chmod +x /etc/containers/startup.sh +echo "Installed containers startup script in /etc/containers/startup.sh. Put any podman-related commands that should run on startup in that file." + diff --git a/src/debian/Containerfile b/src/debian/Containerfile index 2326dc3..2052a28 100644 --- a/src/debian/Containerfile +++ b/src/debian/Containerfile @@ -12,11 +12,11 @@ RUN rm /etc/localtime && \ echo $TZ > /etc/timezone # Install packages -RUN apt update -y -RUN apt upgrade -y -RUN apt install -y init sudo wget nano less man-db unzip -RUN apt autoremove -y --purge -RUN apt clean -y +RUN apt update -y && \ + apt upgrade -y && \ + apt install -y init sudo wget nano less man-db unzip && \ + apt autoremove -y --purge && \ + apt clean -y # Set configuration COPY assets/nanorc /etc/nanorc