lxc.sh 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574
  1. #!/usr/bin/env bash
  2. # -*- coding: utf-8; mode: sh indent-tabs-mode: nil -*-
  3. # SPDX-License-Identifier: AGPL-3.0-or-later
  4. # shellcheck source=utils/lib.sh
  5. source "$(dirname "${BASH_SOURCE[0]}")/lib.sh"
  6. # load environment of the LXC suite
  7. LXC_ENV="${LXC_ENV:-${REPO_ROOT}/utils/lxc-searxng.env}"
  8. source "$LXC_ENV"
  9. lxc_set_suite_env
  10. # ----------------------------------------------------------------------------
  11. # config
  12. # ----------------------------------------------------------------------------
  13. #
  14. # read also:
  15. # - https://lxd.readthedocs.io/en/latest/
  16. LXC_HOST_PREFIX="${LXC_HOST_PREFIX:-test}"
  17. # Location in the container where all folders from HOST are mounted
  18. LXC_SHARE_FOLDER="/share"
  19. LXC_REPO_ROOT="${LXC_SHARE_FOLDER}/$(basename "${REPO_ROOT}")"
  20. # shellcheck disable=SC2034
  21. ubu2004_boilerplate="
  22. export DEBIAN_FRONTEND=noninteractive
  23. apt-get update -y
  24. apt-get upgrade -y
  25. apt-get install -y git curl wget
  26. echo 'Set disable_coredump false' >> /etc/sudo.conf
  27. "
  28. # shellcheck disable=SC2034
  29. ubu2204_boilerplate="$ubu2004_boilerplate"
  30. # shellcheck disable=SC2034
  31. archlinux_boilerplate="
  32. pacman --noprogressbar -Syu --noconfirm
  33. pacman --noprogressbar -S --noconfirm inetutils git curl wget sudo
  34. echo 'Set disable_coredump false' >> /etc/sudo.conf
  35. "
  36. # shellcheck disable=SC2034
  37. fedora35_boilerplate="
  38. dnf update -y
  39. dnf install -y git curl wget hostname
  40. echo 'Set disable_coredump false' >> /etc/sudo.conf
  41. "
  42. # shellcheck disable=SC2034
  43. centos7_boilerplate="
  44. yum update -y
  45. yum install -y git curl wget hostname sudo which
  46. echo 'Set disable_coredump false' >> /etc/sudo.conf
  47. "
  48. REMOTE_IMAGES=()
  49. CONTAINERS=()
  50. LOCAL_IMAGES=()
  51. for ((i=0; i<${#LXC_SUITE[@]}; i+=2)); do
  52. REMOTE_IMAGES=("${REMOTE_IMAGES[@]}" "${LXC_SUITE[i]}")
  53. CONTAINERS=("${CONTAINERS[@]}" "${LXC_HOST_PREFIX}-${LXC_SUITE[i+1]}")
  54. LOCAL_IMAGES=("${LOCAL_IMAGES[@]}" "${LXC_SUITE[i+1]}")
  55. done
  56. HOST_USER="${SUDO_USER:-$USER}"
  57. HOST_USER_ID=$(id -u "${HOST_USER}")
  58. HOST_GROUP_ID=$(id -g "${HOST_USER}")
  59. # ----------------------------------------------------------------------------
  60. usage() {
  61. # ----------------------------------------------------------------------------
  62. _cmd="$(basename "$0")"
  63. cat <<EOF
  64. usage::
  65. $_cmd build [containers|<name>]
  66. $_cmd copy [images]
  67. $_cmd remove [containers|<name>|images]
  68. $_cmd [start|stop] [containers|<name>]
  69. $_cmd show [images|suite|info|config [<name>]]
  70. $_cmd cmd [--|<name>] '...'
  71. $_cmd install [suite|base [<name>]]
  72. build
  73. :containers: build, launch all containers and 'install base' packages
  74. :<name>: build, launch container <name> and 'install base' packages
  75. copy:
  76. :images: copy remote images of the suite into local storage
  77. remove
  78. :containers: delete all 'containers' or only <container-name>
  79. :images: delete local images of the suite
  80. start/stop
  81. :containers: start/stop all 'containers' from the suite
  82. :<name>: start/stop container <name> from suite
  83. show
  84. :info: show info of all (or <name>) containers from LXC suite
  85. :config: show config of all (or <name>) containers from the LXC suite
  86. :suite: show services of all (or <name>) containers from the LXC suite
  87. :images: show information of local images
  88. cmd
  89. use single quotes to evaluate in container's bash, e.g.: 'echo \$(hostname)'
  90. -- run command '...' in all containers of the LXC suite
  91. :<name>: run command '...' in container <name>
  92. install
  93. :base: prepare LXC; install basic packages
  94. :suite: install LXC ${LXC_SUITE_NAME} suite into all (or <name>) containers
  95. EOF
  96. usage_containers
  97. [ -n "${1+x}" ] && err_msg "$1"
  98. }
  99. usage_containers() {
  100. lxc_suite_install_info
  101. [ -n "${1+x}" ] && err_msg "$1"
  102. }
  103. lxd_info() {
  104. cat <<EOF
  105. LXD is needed, to install run::
  106. snap install lxd
  107. lxd init --auto
  108. EOF
  109. }
  110. main() {
  111. local exit_val
  112. local _usage="unknown or missing $1 command $2"
  113. lxc_distro_setup
  114. # don't check prerequisite when in recursion
  115. if [[ ! $1 == __* ]] && [[ ! $1 == --help ]]; then
  116. if ! in_container; then
  117. ! required_commands lxc && lxd_info && exit 42
  118. fi
  119. [[ -z $LXC_SUITE ]] && err_msg "missing LXC_SUITE" && exit 42
  120. fi
  121. case $1 in
  122. --getenv) var="$2"; echo "${!var}"; exit 0;;
  123. -h|--help) usage; exit 0;;
  124. build)
  125. sudo_or_exit
  126. case $2 in
  127. ${LXC_HOST_PREFIX}-*) build_container "$2" ;;
  128. ''|--|containers) build_all_containers ;;
  129. *) usage "$_usage"; exit 42;;
  130. esac
  131. ;;
  132. copy)
  133. case $2 in
  134. ''|images) lxc_copy_images_locally;;
  135. *) usage "$_usage"; exit 42;;
  136. esac
  137. ;;
  138. remove)
  139. sudo_or_exit
  140. case $2 in
  141. ''|--|containers) remove_containers ;;
  142. images) lxc_delete_images_locally ;;
  143. ${LXC_HOST_PREFIX}-*)
  144. ! lxc_exists "$2" && warn_msg "container not yet exists: $2" && exit 0
  145. if ask_yn "Do you really want to delete container $2"; then
  146. lxc_delete_container "$2"
  147. fi
  148. ;;
  149. *) usage "unknown or missing container <name> $2"; exit 42;;
  150. esac
  151. ;;
  152. start|stop)
  153. sudo_or_exit
  154. case $2 in
  155. ''|--|containers) lxc_cmd "$1" ;;
  156. ${LXC_HOST_PREFIX}-*)
  157. ! lxc_exists "$2" && usage_containers "unknown container: $2" && exit 42
  158. info_msg "lxc $1 $2"
  159. lxc "$1" "$2" | prefix_stdout "[${_BBlue}${i}${_creset}] "
  160. ;;
  161. *) usage "unknown or missing container <name> $2"; exit 42;;
  162. esac
  163. ;;
  164. show)
  165. sudo_or_exit
  166. case $2 in
  167. suite)
  168. case $3 in
  169. ${LXC_HOST_PREFIX}-*)
  170. lxc exec -t "$3" -- "${LXC_REPO_ROOT}/utils/lxc.sh" __show suite \
  171. | prefix_stdout "[${_BBlue}$3${_creset}] "
  172. ;;
  173. *) show_suite;;
  174. esac
  175. ;;
  176. images) show_images ;;
  177. config)
  178. case $3 in
  179. ${LXC_HOST_PREFIX}-*)
  180. ! lxc_exists "$3" && usage_containers "unknown container: $3" && exit 42
  181. lxc config show "$3" | prefix_stdout "[${_BBlue}${3}${_creset}] "
  182. ;;
  183. *)
  184. rst_title "container configurations"
  185. echo
  186. lxc list "$LXC_HOST_PREFIX-"
  187. echo
  188. lxc_cmd config show
  189. ;;
  190. esac
  191. ;;
  192. info)
  193. case $3 in
  194. ${LXC_HOST_PREFIX}-*)
  195. ! lxc_exists "$3" && usage_containers "unknown container: $3" && exit 42
  196. lxc info "$3" | prefix_stdout "[${_BBlue}${3}${_creset}] "
  197. ;;
  198. *)
  199. rst_title "container info"
  200. echo
  201. lxc_cmd info
  202. ;;
  203. esac
  204. ;;
  205. *) usage "$_usage"; exit 42;;
  206. esac
  207. ;;
  208. __show)
  209. # wrapped show commands, called once in each container
  210. case $2 in
  211. suite) lxc_suite_info ;;
  212. esac
  213. ;;
  214. cmd)
  215. sudo_or_exit
  216. shift
  217. case $1 in
  218. --) shift; lxc_exec "$@" ;;
  219. ${LXC_HOST_PREFIX}-*)
  220. ! lxc_exists "$1" && usage_containers "unknown container: $1" && exit 42
  221. local name=$1
  222. shift
  223. lxc_exec_cmd "${name}" "$@"
  224. ;;
  225. *) usage_containers "unknown container: $1" && exit 42
  226. esac
  227. ;;
  228. install)
  229. sudo_or_exit
  230. case $2 in
  231. suite|base)
  232. case $3 in
  233. ${LXC_HOST_PREFIX}-*)
  234. ! lxc_exists "$3" && usage_containers "unknown container: $3" && exit 42
  235. lxc_exec_cmd "$3" "${LXC_REPO_ROOT}/utils/lxc.sh" __install "$2"
  236. ;;
  237. ''|--) lxc_exec "${LXC_REPO_ROOT}/utils/lxc.sh" __install "$2" ;;
  238. *) usage_containers "unknown container: $3" && exit 42
  239. esac
  240. ;;
  241. *) usage "$_usage"; exit 42 ;;
  242. esac
  243. ;;
  244. __install)
  245. # wrapped install commands, called once in each container
  246. # shellcheck disable=SC2119
  247. case $2 in
  248. suite) lxc_suite_install ;;
  249. base) FORCE_TIMEOUT=0 lxc_install_base_packages ;;
  250. esac
  251. ;;
  252. doc)
  253. echo
  254. echo ".. generic utils/lxc.sh documentation"
  255. ;;
  256. -*) usage "unknown option $1"; exit 42;;
  257. *) usage "unknown or missing command $1"; exit 42;;
  258. esac
  259. }
  260. build_all_containers() {
  261. rst_title "Build all LXC containers of suite"
  262. echo
  263. usage_containers
  264. lxc_copy_images_locally
  265. lxc_init_all_containers
  266. lxc_config_all_containers
  267. lxc_boilerplate_all_containers
  268. rst_title "install LXC base packages" section
  269. echo
  270. lxc_exec "${LXC_REPO_ROOT}/utils/lxc.sh" __install base
  271. echo
  272. lxc list "$LXC_HOST_PREFIX"
  273. }
  274. build_container() {
  275. rst_title "Build container $1"
  276. local remote_image
  277. local container
  278. local image
  279. local boilerplate_script
  280. for ((i=0; i<${#LXC_SUITE[@]}; i+=2)); do
  281. if [ "${LXC_HOST_PREFIX}-${LXC_SUITE[i+1]}" = "$1" ]; then
  282. remote_image="${LXC_SUITE[i]}"
  283. container="${LXC_HOST_PREFIX}-${LXC_SUITE[i+1]}"
  284. image="${LXC_SUITE[i+1]}"
  285. boilerplate_script="${image}_boilerplate"
  286. boilerplate_script="${!boilerplate_script}"
  287. break
  288. fi
  289. done
  290. echo
  291. if [ -z "$container" ]; then
  292. err_msg "container $1 unknown"
  293. usage_containers
  294. return 42
  295. fi
  296. lxc_image_copy "${remote_image}" "${image}"
  297. rst_title "init container" section
  298. lxc_init_container "${image}" "${container}"
  299. rst_title "configure container" section
  300. lxc_config_container "${container}"
  301. rst_title "run LXC boilerplate scripts" section
  302. lxc_install_boilerplate "${container}" "$boilerplate_script"
  303. echo
  304. rst_title "install LXC base packages" section
  305. lxc_exec_cmd "${container}" "${LXC_REPO_ROOT}/utils/lxc.sh" __install base \
  306. | prefix_stdout "[${_BBlue}${container}${_creset}] "
  307. echo
  308. lxc list "$container"
  309. }
  310. remove_containers() {
  311. rst_title "Remove all LXC containers of suite"
  312. rst_para "existing containers matching ${_BGreen}$LXC_HOST_PREFIX-*${_creset}"
  313. echo
  314. lxc list "$LXC_HOST_PREFIX-"
  315. echo -en "\\n${_BRed}LXC containers to delete::${_creset}\\n\\n ${CONTAINERS[*]}\\n" | $FMT
  316. local default=Ny
  317. [[ $FORCE_TIMEOUT = 0 ]] && default=Yn
  318. if ask_yn "Do you really want to delete these containers" $default; then
  319. for i in "${CONTAINERS[@]}"; do
  320. lxc_delete_container "$i"
  321. done
  322. fi
  323. echo
  324. lxc list "$LXC_HOST_PREFIX-"
  325. }
  326. # images
  327. # ------
  328. lxc_copy_images_locally() {
  329. rst_title "copy images" section
  330. for ((i=0; i<${#LXC_SUITE[@]}; i+=2)); do
  331. lxc_image_copy "${LXC_SUITE[i]}" "${LXC_SUITE[i+1]}"
  332. done
  333. # lxc image list local: && wait_key
  334. }
  335. lxc_delete_images_locally() {
  336. rst_title "Delete LXC images"
  337. rst_para "local existing images"
  338. echo
  339. lxc image list local:
  340. echo -en "\\n${_BRed}LXC images to delete::${_creset}\\n\\n ${LOCAL_IMAGES[*]}\\n"
  341. if ask_yn "Do you really want to delete these images"; then
  342. for i in "${LOCAL_IMAGES[@]}"; do
  343. lxc_delete_local_image "$i"
  344. done
  345. fi
  346. for i in $(lxc image list --format csv | grep '^,' | sed 's/,\([^,]*\).*$/\1/'); do
  347. if ask_yn "Image $i has no alias, do you want to delete the image?" Yn; then
  348. lxc_delete_local_image "$i"
  349. fi
  350. done
  351. echo
  352. lxc image list local:
  353. }
  354. show_images(){
  355. rst_title "local images"
  356. echo
  357. lxc image list local:
  358. echo -en "\\n${_Green}LXC suite images::${_creset}\\n\\n ${LOCAL_IMAGES[*]}\\n"
  359. wait_key
  360. for i in "${LOCAL_IMAGES[@]}"; do
  361. if lxc_image_exists "$i"; then
  362. info_msg "lxc image info ${_BBlue}${i}${_creset}"
  363. lxc image info "$i" | prefix_stdout "[${_BBlue}${i}${_creset}] "
  364. else
  365. warn_msg "image ${_BBlue}$i${_creset} does not yet exists"
  366. fi
  367. done
  368. }
  369. # container
  370. # ---------
  371. show_suite(){
  372. rst_title "LXC suite ($LXC_HOST_PREFIX-*)"
  373. echo
  374. lxc list "$LXC_HOST_PREFIX-"
  375. echo
  376. for i in "${CONTAINERS[@]}"; do
  377. if ! lxc_exists "$i"; then
  378. warn_msg "container ${_BBlue}$i${_creset} does not yet exists"
  379. else
  380. lxc exec -t "${i}" -- "${LXC_REPO_ROOT}/utils/lxc.sh" __show suite \
  381. | prefix_stdout "[${_BBlue}${i}${_creset}] "
  382. echo
  383. fi
  384. done
  385. }
  386. lxc_cmd() {
  387. for i in "${CONTAINERS[@]}"; do
  388. if ! lxc_exists "$i"; then
  389. warn_msg "container ${_BBlue}$i${_creset} does not yet exists"
  390. else
  391. info_msg "lxc $* $i"
  392. lxc "$@" "$i" | prefix_stdout "[${_BBlue}${i}${_creset}] "
  393. fi
  394. done
  395. }
  396. lxc_exec_cmd() {
  397. local name="$1"
  398. shift
  399. exit_val=
  400. info_msg "[${_BBlue}${name}${_creset}] ${_BGreen}${*}${_creset}"
  401. lxc exec -t --cwd "${LXC_REPO_ROOT}" "${name}" -- bash -c "$*"
  402. exit_val=$?
  403. if [[ $exit_val -ne 0 ]]; then
  404. warn_msg "[${_BBlue}${name}${_creset}] exit code (${_BRed}${exit_val}${_creset}) from ${_BGreen}${*}${_creset}"
  405. else
  406. info_msg "[${_BBlue}${name}${_creset}] exit code (${exit_val}) from ${_BGreen}${*}${_creset}"
  407. fi
  408. }
  409. lxc_exec() {
  410. for i in "${CONTAINERS[@]}"; do
  411. if ! lxc_exists "$i"; then
  412. warn_msg "container ${_BBlue}$i${_creset} does not yet exists"
  413. else
  414. lxc_exec_cmd "${i}" "$@" | prefix_stdout "[${_BBlue}${i}${_creset}] "
  415. fi
  416. done
  417. }
  418. lxc_init_all_containers() {
  419. rst_title "init all containers" section
  420. local image_name
  421. local container_name
  422. for ((i=0; i<${#LXC_SUITE[@]}; i+=2)); do
  423. lxc_init_container "${LXC_SUITE[i+1]}" "${LXC_HOST_PREFIX}-${LXC_SUITE[i+1]}"
  424. done
  425. }
  426. lxc_config_all_containers() {
  427. rst_title "configure all containers" section
  428. for i in "${CONTAINERS[@]}"; do
  429. lxc_config_container "${i}"
  430. done
  431. }
  432. lxc_config_container() {
  433. info_msg "[${_BBlue}$1${_creset}] configure container ..."
  434. info_msg "[${_BBlue}$1${_creset}] map uid/gid from host to container"
  435. # https://lxd.readthedocs.io/en/latest/userns-idmap/#custom-idmaps
  436. echo -e -n "uid $HOST_USER_ID 0\\ngid $HOST_GROUP_ID 0"\
  437. | lxc config set "$1" raw.idmap -
  438. info_msg "[${_BBlue}$1${_creset}] share ${REPO_ROOT} (repo_share) from HOST into container"
  439. # https://lxd.readthedocs.io/en/latest/instances/#type-disk
  440. lxc config device add "$1" repo_share disk \
  441. source="${REPO_ROOT}" \
  442. path="${LXC_REPO_ROOT}" &>/dev/null
  443. # lxc config show "$1" && wait_key
  444. }
  445. lxc_boilerplate_all_containers() {
  446. rst_title "run LXC boilerplate scripts" section
  447. local boilerplate_script
  448. local image_name
  449. for ((i=0; i<${#LXC_SUITE[@]}; i+=2)); do
  450. image_name="${LXC_SUITE[i+1]}"
  451. boilerplate_script="${image_name}_boilerplate"
  452. boilerplate_script="${!boilerplate_script}"
  453. lxc_install_boilerplate "${LXC_HOST_PREFIX}-${image_name}" "$boilerplate_script"
  454. if [[ -z "${boilerplate_script}" ]]; then
  455. err_msg "[${_BBlue}${container_name}${_creset}] no boilerplate for image '${image_name}'"
  456. fi
  457. done
  458. }
  459. lxc_install_boilerplate() {
  460. # usage: lxc_install_boilerplate <container-name> <string: shell commands ..>
  461. #
  462. # usage: lxc_install_boilerplate searx-archlinux "${archlinux_boilerplate}"
  463. local container_name="$1"
  464. local boilerplate_script="$2"
  465. info_msg "[${_BBlue}${container_name}${_creset}] init .."
  466. if lxc start -q "${container_name}" &>/dev/null; then
  467. sleep 5 # guest needs some time to come up and get an IP
  468. fi
  469. if ! check_connectivity "${container_name}"; then
  470. die 42 "Container ${container_name} has no internet connectivity!"
  471. fi
  472. lxc_init_container_env "${container_name}"
  473. info_msg "[${_BBlue}${container_name}${_creset}] install /.lxcenv.mk .."
  474. cat <<EOF | lxc exec "${container_name}" -- bash | prefix_stdout "[${_BBlue}${container_name}${_creset}] "
  475. rm -f "/.lxcenv.mk"
  476. ln -s "${LXC_REPO_ROOT}/utils/makefile.lxc" "/.lxcenv.mk"
  477. ls -l "/.lxcenv.mk"
  478. EOF
  479. info_msg "[${_BBlue}${container_name}${_creset}] run LXC boilerplate scripts .."
  480. if lxc start -q "${container_name}" &>/dev/null; then
  481. sleep 5 # guest needs some time to come up and get an IP
  482. fi
  483. if [[ -n "${boilerplate_script}" ]]; then
  484. echo "${boilerplate_script}" \
  485. | lxc exec "${container_name}" -- bash \
  486. | prefix_stdout "[${_BBlue}${container_name}${_creset}] "
  487. fi
  488. }
  489. check_connectivity() {
  490. local ret_val=0
  491. info_msg "check internet connectivity ..."
  492. if ! lxc exec "${1}" -- ping -c 1 9.9.9.9 &>/dev/null; then
  493. ret_val=1
  494. err_msg "no internet connectivity!"
  495. info_msg "Most often the connectivity is blocked by a docker installation:"
  496. info_msg "Whenever docker is started (reboot) it sets the iptables policy "
  497. info_msg "for the FORWARD chain to DROP, see:"
  498. info_msg " https://docs.searxng.org/utils/lxc.sh.html#internet-connectivity-docker"
  499. iptables-save | grep ":FORWARD"
  500. fi
  501. return $ret_val
  502. }
  503. # ----------------------------------------------------------------------------
  504. main "$@"
  505. # ----------------------------------------------------------------------------