~mkelly/experiments

631492d3013a7bc7f0a3b72d3c578dd32f9433dd — Michael Kelly 3 months ago 9a8183e 
First attempt at LXC packer config

I have no idea what I'm doing here.
patch browse .tar.gz 
4 files changed, 91 insertions(+), 0 deletions(-)

A packer/lxc/build.pkr.hcl
A packer/lxc/lxc.ubuntu.pkr.hcl
A packer/lxc/packer.pkr.hcl
A packer/lxc/ubuntu.config

A packer/lxc/build.pkr.hcl => packer/lxc/build.pkr.hcl +5 -0
@@ 0,0 1,5 @@
build {
  sources = [
    "source.lxc.download"
  ]
}


A packer/lxc/lxc.ubuntu.pkr.hcl => packer/lxc/lxc.ubuntu.pkr.hcl +11 -0
@@ 0,0 1,11 @@
source "lxc" "download" {
  config_file               = "./ubuntu.config"
  template_name             = "download"
  template_environment_vars = []
  template_parameters = [
    "--dist", "ubuntu",
    "--release", "lunar",
    "--arch", "amd64",
    "--variant", "default"
  ]
}


A packer/lxc/packer.pkr.hcl => packer/lxc/packer.pkr.hcl +9 -0
@@ 0,0 1,9 @@
packer {
  required_plugins {
    lxc = {
      version = ">= 1.0.0"
      source  = "github.com/hashicorp/lxc"
    }
  }
}



A packer/lxc/ubuntu.config => packer/lxc/ubuntu.config +66 -0
@@ 0,0 1,66 @@
# Default pivot location
lxc.pivotdir = lxc_putold

# Default mount entries
lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
lxc.mount.entry = sysfs sys sysfs defaults 0 0

# Default console settings
lxc.devttydir = lxc
lxc.tty = 4
lxc.pts = 1024

# Default capabilities
lxc.cap.drop = sys_module mac_admin mac_override sys_time

# When using LXC with apparmor, the container will be confined by default.
# If you wish for it to instead run unconfined, copy the following line
# (uncommented) to the container's configuration file.
#lxc.aa_profile = unconfined

# To support container nesting on an Ubuntu host while retaining most of
# apparmor's added security, use the following two lines instead.
#lxc.aa_profile = lxc-container-default-with-nesting
#lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups

# Uncomment the following line to autodetect squid-deb-proxy configuration on the
# host and forward it to the guest at start time.
#lxc.hook.pre-start = /usr/share/lxc/hooks/squid-deb-proxy-client

# If you wish to allow mounting block filesystems, then use the following
# line instead, and make sure to grant access to the block device and/or loop
# devices below in lxc.cgroup.devices.allow.
#lxc.aa_profile = lxc-container-default-with-mounting

# Default cgroup limits
lxc.cgroup.devices.deny = a
## Allow any mknod (but not using the node)
lxc.cgroup.devices.allow = c *:* m
lxc.cgroup.devices.allow = b *:* m
## /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
## consoles
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 5:1 rwm
## /dev/{,u}random
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 1:9 rwm
## /dev/pts/*
lxc.cgroup.devices.allow = c 5:2 rwm
lxc.cgroup.devices.allow = c 136:* rwm
## rtc
lxc.cgroup.devices.allow = c 254:0 rm
## fuse
lxc.cgroup.devices.allow = c 10:229 rwm
## tun
lxc.cgroup.devices.allow = c 10:200 rwm
## full
lxc.cgroup.devices.allow = c 1:7 rwm
## hpet
lxc.cgroup.devices.allow = c 10:228 rwm
## kvm
lxc.cgroup.devices.allow = c 10:232 rwm
## To use loop devices, copy the following line to the container's
## configuration file (uncommented).
#lxc.cgroup.devices.allow = b 7:* rwm