oss/forgejo-runner
oss/forgejo-runner
1
0
Fork 0
mirror of https://code.forgejo.org/forgejo/runner.git synced 2025-08-06 17:40:58 +00:00
Code Wiki Activity

chore(upgrade): sync lxc-helpers v1.0.3

Browse source
This commit is contained in:
Earl Warren 2025-01-29 00:20:32 +01:00
parent 0e99df94b7
commit 50aec4962b
2 changed files with 132 additions and 104 deletions
Download patch file Download diff file Expand all files Collapse all files

188
act/runner/lxc-helpers-lib.sh
View file

@ -3,13 +3,14 @@
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
LXC_SELF_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" LXC_SELF_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
LXC_BIN=/usr/local/bin LXC_BIN=/usr/local/bin
LXC_CONTAINER_CONFIG_ALL="unprivileged lxc libvirt docker k8s" LXC_CONTAINER_CONFIG_ALL="unprivileged lxc libvirt docker k8s"
LXC_CONTAINER_CONFIG_DEFAULT="lxc libvirt docker" LXC_CONTAINER_CONFIG_DEFAULT="lxc libvirt docker"
LXC_IPV6_PREFIX_DEFAULT="fc15" LXC_IPV6_PREFIX_DEFAULT="fd15"
LXC_DOCKER_PREFIX_DEFAULT="172.17" LXC_DOCKER_PREFIX_DEFAULT="172.17"
LXC_IPV6_DOCKER_PREFIX_DEFAULT="fd00:d0ca" LXC_IPV6_DOCKER_PREFIX_DEFAULT="fd00:d0ca"
LXC_APT_TOO_OLD='1 week ago'
: ${LXC_SUDO:=} : ${LXC_SUDO:=}
: ${LXC_CONTAINER_RELEASE:=bookworm} : ${LXC_CONTAINER_RELEASE:=bookworm}
@ -75,14 +76,14 @@ function lxc_container_user_install() {
local user_id="$2" local user_id="$2"
local user="$3" local user="$3"
if test "$user" = root ; then if test "$user" = root; then
return return
fi fi
local root=$(lxc_root $name) local root=$(lxc_root $name)
if ! $LXC_SUDO grep --quiet "^$user " $root/etc/sudoers ; then if ! $LXC_SUDO grep --quiet "^$user " $root/etc/sudoers; then
$LXC_SUDO tee $root/usr/local/bin/lxc-helpers-create-user.sh > /dev/null <<EOF $LXC_SUDO tee $root/usr/local/bin/lxc-helpers-create-user.sh >/dev/null <<EOF
#!/bin/bash #!/bin/bash
set -ex set -ex
@ -94,20 +95,20 @@ done
echo "$user ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers echo "$user ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
sudo --user $user ssh-keygen -b 2048 -N '' -f $LXC_HOME/$user/.ssh/id_rsa sudo --user $user ssh-keygen -b 2048 -N '' -f $LXC_HOME/$user/.ssh/id_rsa
EOF EOF
lxc_container_run_script $name /usr/local/bin/lxc-helpers-create-user.sh lxc_container_run_script $name /usr/local/bin/lxc-helpers-create-user.sh
fi fi
} }
function lxc_maybe_sudo() { function lxc_maybe_sudo() {
if test $(id -u) != 0 ; then if test $(id -u) != 0; then
LXC_SUDO=sudo LXC_SUDO=sudo
fi fi
} }
function lxc_prepare_environment() { function lxc_prepare_environment() {
lxc_maybe_sudo lxc_maybe_sudo
if ! $(which lxc-create > /dev/null) ; then if ! $(which lxc-create >/dev/null); then
$LXC_SUDO apt-get install -y -qq make git libvirt0 libpam-cgfs bridge-utils uidmap dnsmasq-base dnsmasq dnsmasq-utils qemu-user-static $LXC_SUDO apt-get install -y -qq make git libvirt0 libpam-cgfs bridge-utils uidmap dnsmasq-base dnsmasq dnsmasq-utils qemu-user-static
fi fi
} }
@ -194,42 +195,41 @@ EOF
} }
function lxc_container_config() { function lxc_container_config() {
for config in "$@" ; do for config in "$@"; do
case $config in case $config in
unprivileged) unprivileged) ;;
;; lxc)
lxc) echo nesting
echo nesting echo cap
echo cap ;;
;; docker)
docker) echo net
echo net ;;
;; libvirt)
libvirt) echo cap
echo cap echo kvm
echo kvm echo loop
echo loop echo mapper
echo mapper echo fuse
echo fuse ;;
;; k8s)
k8s) echo cap
echo cap echo loop
echo loop echo mapper
echo mapper echo fuse
echo fuse echo kmsg
echo kmsg echo proc
echo proc ;;
;; *)
*) echo "$config unknown ($LXC_CONTAINER_CONFIG_ALL)"
echo "$config unknown ($LXC_CONTAINER_CONFIG_ALL)" return 1
return 1 ;;
;; esac
esac done | sort -u | while read config; do
done | sort -u | while read config ; do echo "#"
echo "#" echo "# include $config config snippet"
echo "# include $config config snippet" echo "#"
echo "#" lxc_container_config_$config
lxc_container_config_$config
done done
} }
@ -247,7 +247,7 @@ function lxc_container_install_lxc_helpers() {
# Wait for the network to come up # Wait for the network to come up
# #
local wait_networking=$(lxc_root $name)/usr/local/bin/lxc-helpers-wait-networking.sh local wait_networking=$(lxc_root $name)/usr/local/bin/lxc-helpers-wait-networking.sh
$LXC_SUDO tee $wait_networking > /dev/null <<'EOF' $LXC_SUDO tee $wait_networking >/dev/null <<'EOF'
#!/bin/sh -e #!/bin/sh -e
for d in $(seq 60); do for d in $(seq 60); do
getent hosts wikipedia.org > /dev/null && break getent hosts wikipedia.org > /dev/null && break
@ -271,23 +271,22 @@ function lxc_container_mount() {
local config=$(lxc_config $name) local config=$(lxc_config $name)
if ! $LXC_SUDO grep --quiet "lxc.mount.entry = $dir" $config ; then if ! $LXC_SUDO grep --quiet "lxc.mount.entry = $dir" $config; then
local relative_dir=${dir##/} local relative_dir=${dir##/}
$LXC_SUDO tee -a $config > /dev/null <<< "lxc.mount.entry = $dir $relative_dir none bind,create=dir 0 0" $LXC_SUDO tee -a $config >/dev/null <<<"lxc.mount.entry = $dir $relative_dir none bind,create=dir 0 0"
fi fi
} }
function lxc_container_start() { function lxc_container_start() {
local name="$1" local name="$1"
if lxc_running $name ; then if lxc_running $name; then
return return
fi fi
local logs local logs
if $LXC_VERBOSE; then if $LXC_VERBOSE; then
logs="--logfile=/dev/tty" logs="--logfile=/dev/tty"
fi fi
$LXC_SUDO lxc-start $logs $name $LXC_SUDO lxc-start $logs $name
@ -298,8 +297,8 @@ function lxc_container_start() {
function lxc_container_stop() { function lxc_container_stop() {
local name="$1" local name="$1"
$LXC_SUDO lxc-ls -1 --running --filter="^$name" | while read container ; do $LXC_SUDO lxc-ls -1 --running --filter="^$name" | while read container; do
$LXC_SUDO lxc-stop --kill --name="$container" $LXC_SUDO lxc-stop --kill --name="$container"
done done
} }
@ -307,9 +306,9 @@ function lxc_container_destroy() {
local name="$1" local name="$1"
local root="$2" local root="$2"
if lxc_exists "$name" ; then if lxc_exists "$name"; then
lxc_container_stop $name $root lxc_container_stop $name $root
$LXC_SUDO lxc-destroy --force --name="$name" $LXC_SUDO lxc-destroy --force --name="$name"
fi fi
} }
@ -319,6 +318,21 @@ function lxc_exists() {
test "$($LXC_SUDO lxc-ls --filter=^$name\$)" test "$($LXC_SUDO lxc-ls --filter=^$name\$)"
} }
function lxc_exists_and_apt_not_old() {
local name="$1"
if lxc_exists $name; then
if lxc_apt_is_old $name; then
$LXC_SUDO lxc-destroy --force --name="$name"
return 1
else
return 0
fi
else
return 1
fi
}
function lxc_running() { function lxc_running() {
local name="$1" local name="$1"
@ -328,8 +342,8 @@ function lxc_running() {
function lxc_build_template_release() { function lxc_build_template_release() {
local name="$(lxc_template_release)" local name="$(lxc_template_release)"
if lxc_exists $name ; then if lxc_exists_and_apt_not_old $name; then
return return
fi fi
local root=$(lxc_root $name) local root=$(lxc_root $name)
@ -346,21 +360,35 @@ function lxc_build_template() {
local name="$1" local name="$1"
local newname="$2" local newname="$2"
if lxc_exists $newname ; then if lxc_exists_and_apt_not_old $newname; then
return return
fi fi
if test "$name" = "$(lxc_template_release)" ; then if test "$name" = "$(lxc_template_release)"; then
lxc_build_template_release lxc_build_template_release
fi fi
if ! $LXC_SUDO lxc-copy --name=$name --newname=$newname ; then if ! $LXC_SUDO lxc-copy --name=$name --newname=$newname; then
echo lxc-copy --name=$name --newname=$newname failed echo lxc-copy --name=$name --newname=$newname failed
return 1 return 1
fi fi
lxc_container_configure $newname lxc_container_configure $newname
} }
function lxc_apt_age() {
local name="$1"
$LXC_SUDO stat --format %Y $(lxc_root $name)/var/cache/apt/pkgcache.bin
}
function lxc_apt_is_old() {
local name="$1"
local age=$(lxc_apt_age $name)
local too_old=$(date --date "$LXC_APT_TOO_OLD" +%s)
test $age -lt $too_old
}
function lxc_apt_install() { function lxc_apt_install() {
local name="$1" local name="$1"
shift shift
@ -385,19 +413,19 @@ function lxc_install_lxc_inside() {
local prefixv6="${2:-$LXC_IPV6_PREFIX_DEFAULT}" local prefixv6="${2:-$LXC_IPV6_PREFIX_DEFAULT}"
local packages="make git libvirt0 libpam-cgfs bridge-utils uidmap dnsmasq-base dnsmasq dnsmasq-utils qemu-user-static lxc-templates debootstrap" local packages="make git libvirt0 libpam-cgfs bridge-utils uidmap dnsmasq-base dnsmasq dnsmasq-utils qemu-user-static lxc-templates debootstrap"
if test "$(lxc_release)" = bookworm ; then if test "$(lxc_release)" = bookworm; then
packages="$packages distro-info" packages="$packages distro-info"
fi fi
lxc_apt_install_inside $packages lxc_apt_install_inside $packages
if ! grep --quiet LXC_ADDR=.$prefix.1. /etc/default/lxc-net ; then if ! grep --quiet LXC_ADDR=.$prefix.1. /etc/default/lxc-net; then
systemctl disable --now dnsmasq systemctl disable --now dnsmasq
apt-get install -y -qq lxc apt-get install -y -qq lxc
systemctl stop lxc-net systemctl stop lxc-net
sed -i -e '/ConditionVirtualization/d' /usr/lib/systemd/system/lxc-net.service sed -i -e '/ConditionVirtualization/d' /usr/lib/systemd/system/lxc-net.service
systemctl daemon-reload systemctl daemon-reload
cat >> /etc/default/lxc-net <<EOF cat >>/etc/default/lxc-net <<EOF
LXC_ADDR="$prefix.1" LXC_ADDR="$prefix.1"
LXC_NETMASK="255.255.255.0" LXC_NETMASK="255.255.255.0"
LXC_NETWORK="$prefix.0/24" LXC_NETWORK="$prefix.0/24"
@ -408,7 +436,7 @@ LXC_IPV6_MASK="64"
LXC_IPV6_NETWORK="$prefixv6::/64" LXC_IPV6_NETWORK="$prefixv6::/64"
LXC_IPV6_NAT="true" LXC_IPV6_NAT="true"
EOF EOF
systemctl start lxc-net systemctl start lxc-net
fi fi
} }
@ -420,7 +448,7 @@ function lxc_install_docker() {
function lxc_install_docker_inside() { function lxc_install_docker_inside() {
mkdir /etc/docker mkdir /etc/docker
cat > /etc/docker/daemon.json <<EOF cat >/etc/docker/daemon.json <<EOF
{ {
"ipv6": true, "ipv6": true,
"fixed-cidr-v6": "$LXC_IPV6_DOCKER_PREFIX_DEFAULT:1::/64", "fixed-cidr-v6": "$LXC_IPV6_DOCKER_PREFIX_DEFAULT:1::/64",

48
act/runner/lxc-helpers.sh
View file

@ -101,7 +101,7 @@ ACTIONS IN THE CONTAINER
Install LXC in the `name` container to allow the creation of Install LXC in the `name` container to allow the creation of
named containers. `prefix` is a class C IP prefix from which named containers. `prefix` is a class C IP prefix from which
containers will obtain their IP (for instance 10.40.50). `prefixv6` containers will obtain their IP (for instance 10.40.50). `prefixv6`
is an optional IPv6 private address prefix that defaults to fc15. is an optional IPv6 private address prefix that defaults to fd15.
lxc_container_run `name` command [options...] lxc_container_run `name` command [options...]
@ -129,32 +129,32 @@ EOF
function main() { function main() {
local options=$(getopt -o hvoc --long help,verbose,os:,config: -- "$@") local options=$(getopt -o hvoc --long help,verbose,os:,config: -- "$@")
[ $? -eq 0 ] || { [ $? -eq 0 ] || {
echo "Incorrect options provided" echo "Incorrect options provided"
exit 1 exit 1
} }
eval set -- "$options" eval set -- "$options"
while true; do while true; do
case "$1" in case "$1" in
-v | --verbose) -v | --verbose)
verbose verbose
;; ;;
-h | --help) -h | --help)
help help
;; ;;
-o | --os) -o | --os)
LXC_CONTAINER_RELEASE=$2 LXC_CONTAINER_RELEASE=$2
shift shift
;; ;;
-c | --config) -c | --config)
LXC_CONTAINER_CONFIG="$2" LXC_CONTAINER_CONFIG="$2"
shift shift
;; ;;
--) --)
shift shift
break break
;; ;;
esac esac
shift shift
done done
lxc_maybe_sudo lxc_maybe_sudo