From 631492d3013a7bc7f0a3b72d3c578dd32f9433dd Mon Sep 17 00:00:00 2001 From: Michael Kelly Date: Sat, 26 Aug 2023 23:27:16 -0700 Subject: [PATCH] First attempt at LXC packer config I have no idea what I'm doing here. --- packer/lxc/build.pkr.hcl | 5 +++ packer/lxc/lxc.ubuntu.pkr.hcl | 11 ++++++ packer/lxc/packer.pkr.hcl | 9 +++++ packer/lxc/ubuntu.config | 66 +++++++++++++++++++++++++++++++++++ 4 files changed, 91 insertions(+) create mode 100644 packer/lxc/build.pkr.hcl create mode 100644 packer/lxc/lxc.ubuntu.pkr.hcl create mode 100644 packer/lxc/packer.pkr.hcl create mode 100644 packer/lxc/ubuntu.config diff --git a/packer/lxc/build.pkr.hcl b/packer/lxc/build.pkr.hcl new file mode 100644 index 0000000..82b213b --- /dev/null +++ b/packer/lxc/build.pkr.hcl @@ -0,0 +1,5 @@ +build { + sources = [ + "source.lxc.download" + ] +} diff --git a/packer/lxc/lxc.ubuntu.pkr.hcl b/packer/lxc/lxc.ubuntu.pkr.hcl new file mode 100644 index 0000000..283ecad --- /dev/null +++ b/packer/lxc/lxc.ubuntu.pkr.hcl @@ -0,0 +1,11 @@ +source "lxc" "download" { + config_file = "./ubuntu.config" + template_name = "download" + template_environment_vars = [] + template_parameters = [ + "--dist", "ubuntu", + "--release", "lunar", + "--arch", "amd64", + "--variant", "default" + ] +} diff --git a/packer/lxc/packer.pkr.hcl b/packer/lxc/packer.pkr.hcl new file mode 100644 index 0000000..c85fb7d --- /dev/null +++ b/packer/lxc/packer.pkr.hcl @@ -0,0 +1,9 @@ +packer { + required_plugins { + lxc = { + version = ">= 1.0.0" + source = "github.com/hashicorp/lxc" + } + } +} + diff --git a/packer/lxc/ubuntu.config b/packer/lxc/ubuntu.config new file mode 100644 index 0000000..4460cb6 --- /dev/null +++ b/packer/lxc/ubuntu.config @@ -0,0 +1,66 @@ +# Default pivot location +lxc.pivotdir = lxc_putold + +# Default mount entries +lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0 +lxc.mount.entry = sysfs sys sysfs defaults 0 0 + +# Default console settings +lxc.devttydir = lxc +lxc.tty = 4 +lxc.pts = 1024 + +# Default capabilities +lxc.cap.drop = sys_module mac_admin mac_override sys_time + +# When using LXC with apparmor, the container will be confined by default. +# If you wish for it to instead run unconfined, copy the following line +# (uncommented) to the container's configuration file. +#lxc.aa_profile = unconfined + +# To support container nesting on an Ubuntu host while retaining most of +# apparmor's added security, use the following two lines instead. +#lxc.aa_profile = lxc-container-default-with-nesting +#lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups + +# Uncomment the following line to autodetect squid-deb-proxy configuration on the +# host and forward it to the guest at start time. +#lxc.hook.pre-start = /usr/share/lxc/hooks/squid-deb-proxy-client + +# If you wish to allow mounting block filesystems, then use the following +# line instead, and make sure to grant access to the block device and/or loop +# devices below in lxc.cgroup.devices.allow. +#lxc.aa_profile = lxc-container-default-with-mounting + +# Default cgroup limits +lxc.cgroup.devices.deny = a +## Allow any mknod (but not using the node) +lxc.cgroup.devices.allow = c *:* m +lxc.cgroup.devices.allow = b *:* m +## /dev/null and zero +lxc.cgroup.devices.allow = c 1:3 rwm +lxc.cgroup.devices.allow = c 1:5 rwm +## consoles +lxc.cgroup.devices.allow = c 5:0 rwm +lxc.cgroup.devices.allow = c 5:1 rwm +## /dev/{,u}random +lxc.cgroup.devices.allow = c 1:8 rwm +lxc.cgroup.devices.allow = c 1:9 rwm +## /dev/pts/* +lxc.cgroup.devices.allow = c 5:2 rwm +lxc.cgroup.devices.allow = c 136:* rwm +## rtc +lxc.cgroup.devices.allow = c 254:0 rm +## fuse +lxc.cgroup.devices.allow = c 10:229 rwm +## tun +lxc.cgroup.devices.allow = c 10:200 rwm +## full +lxc.cgroup.devices.allow = c 1:7 rwm +## hpet +lxc.cgroup.devices.allow = c 10:228 rwm +## kvm +lxc.cgroup.devices.allow = c 10:232 rwm +## To use loop devices, copy the following line to the container's +## configuration file (uncommented). +#lxc.cgroup.devices.allow = b 7:* rwm -- 2.45.2