fixes

project-machine · Oct 27, 2023 · 23080f1 · 23080f1
1 parent 65a808d
commit 23080f1
Show file tree

Hide file tree

Showing 7 changed files with 52 additions and 7 deletions.
diff --git a/layers/install/load-mos-modules b/layers/install/load-mos-modules
@@ -9,4 +9,8 @@ mount /bootkit/bootkit/modules.squashfs /lib/modules/
 
 udevadm trigger
 modprobe virtio-net
+modprobe br_netfilter
+modprobe iptables_nat
+modprobe iptables_mangle
+dhclient
 systemctl start lxc-net
diff --git a/layers/install/stacker.yaml b/layers/install/stacker.yaml
@@ -44,11 +44,18 @@ demo-zot:
     tag: install-rootfs-pkg
   import:
     - zot-config.json
-  entrypoint: /usr/bin/zot serve /etc/zot-config.json
+    - start-zot
+    - https://github.com/project-zot/zot/releases/download/v${{ZOT_VERSION}}/zot-linux-amd64-minimal
+  entrypoint: /usr/bin/start-zot
   run: |
     #!/bin/sh -ex
     cp /stacker/imports/zot-config.json /etc/
 
+    cp /stacker/imports/start-zot /usr/bin/start-zot
+    chmod 755 /usr/bin/start-zot
+    cp /stacker/imports/zot-linux-amd64-minimal /usr/bin/zot
+    chmod 755 /usr/bin/zot
+
 
 # The rootfs which we want to run on the system
 # Note this is for demo purposes only.  No one should ever

diff --git a/layers/install/start-zot b/layers/install/start-zot
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+if [ -n "$IPV4" ]; then
+    sed -i "s/0.0.0.0/${IPV4%/*}/" /etc/zot-config.json
+elif [ -n "$IPV6" ]; then
+    sed -i "s/0.0.0.0/${IPV6%/*}/" /etc/zot-config.json
+fi
+
+# Should mos or lxc be doing this for us?
+ip route add default via 10.0.3.1
+
+exec /usr/bin/zot serve /etc/zot-config.json
diff --git a/layers/install/zot-config.json b/layers/install/zot-config.json
@@ -5,7 +5,7 @@
     "gc": false
   },
   "http": {
-    "address": "127.0.0.1",
+    "address": "0.0.0.0",
     "port": "5000"
   },
   "log": {

diff --git a/pkg/mosconfig/mos.go b/pkg/mosconfig/mos.go
@@ -169,9 +169,20 @@ func (mos *Mos) Current(name string) (*Target, error) {
 	return nil, errors.Errorf("Target %s not found", name)
 }
 
-// We'll probably want to do a lot more setup here, but for now just
-// activate services
+// Called at system boot to do basic setup and
+// activate all services
 func (mos *Mos) Boot() error {
+	// For containers to start, /var/lib/lxc needs to be world-x
+	// at each point so that subuids can get to their RFS.
+	p := ""
+	for _, next := range []string{"/", "var", "lib", "lxc"} {
+		p = filepath.Join(p, next)
+		if err := os.Chmod(p, 0755); err != nil {
+			return errors.Wrapf(err, "Failed making %q world-accessible")
+		}
+	}
+
+	// Now start the services
 	return mos.ActivateAll()
 }
 
@@ -182,6 +193,9 @@ func (mos *Mos) ActivateAll() error {
 		return errors.Wrapf(err, "Failed opening manifest")
 	}
 	for _, t := range m.SysTargets {
+		if t.Name == "hostfs" || t.Name == "bootkit" {
+			continue
+		}
 		if err := mos.Activate(t.Name); err != nil {
 			return errors.Wrapf(err, "Failed starting %s", t.Name)
 		}
@@ -405,6 +419,7 @@ func (mos *Mos) writeLxcConfig(t *Target) error {
 	lxcConf = append(lxcConf, "lxc.apparmor.profile = unchanged")
 	lxcConf = append(lxcConf, fmt.Sprintf("lxc.log.file = %s/%s.log", lxclogDir, t.ServiceName))
 
+	lxcConf = append(lxcConf, "lxc.environment = HOME=/root")
 	for _, env := range syst.OCIConfig.Config.Env {
 		lxcConf = append(lxcConf, fmt.Sprintf("lxc.environment = %s", env))
 	}

diff --git a/pkg/mosconfig/network.go b/pkg/mosconfig/network.go
@@ -91,11 +91,13 @@ func (mos *Mos) setupSimpleNet(t *Target) ([]string, error) {
 
 	if ipv4 != "" {
 		config = append(config, "lxc.net.0.ipv4.address = "+ipv4)
+		config = append(config, "lxc.environment = IPV4="+ipv4)
 		mos.Manifest.IpAddrs[ipv4] = t.ServiceName
 	}
 
 	if ipv6 != "" {
 		config = append(config, "lxc.net.0.ipv6.address = "+ipv6)
+		config = append(config, "lxc.environment = IPV6="+ipv6)
 		mos.Manifest.IpAddrs[ipv6] = t.ServiceName
 	}
 
@@ -128,7 +130,7 @@ func (mos *Mos) DefaultNic() (string, error) {
 			continue
 		}
 		s := strings.Split(l, " ")
-		if len(s) < 9 {
+		if len(s) < 5 {
 			continue
 		}
 		if s[3] != "dev" {
@@ -159,10 +161,11 @@ func (mos *Mos) setupPortFwd(t *Target) error {
 		return fmt.Errorf("No usable address for port forward destination")
 	}
 	for _, p := range t.Network.Ports {
-		destaddr := fmt.Sprintf("%s:%d", ipaddr, p.ContainerPort)
+		destaddr := strings.Split(ipaddr, "/")[0] // 192.168.2.0/24
+		destaddr = fmt.Sprintf("%s:%d", destaddr, p.ContainerPort)
 		cmd := []string{
 			"iptables", "-t", "nat", "-A", "PREROUTING", "-p", "tcp",
-			"-i", nic, "--dport", fmt.Sprintf("%d", p.HostPort),
+			"-m", "tcp", "-i", nic, "--dport", fmt.Sprintf("%d", p.HostPort),
 			"-j", "DNAT", "--to-destination", destaddr}
 		if err := utils.RunCommand(cmd...); err != nil {
 			return errors.Wrapf(err, "Failed setting up port forward for %#v", p)

diff --git a/pkg/mosconfig/uidmap.go b/pkg/mosconfig/uidmap.go
@@ -97,6 +97,10 @@ func (mos *Mos) GetUIDMapStr(t *Target) (idmap.IdmapSet, []string, error) {
 	}
 	rangedefs := chooseRangeDefaults()
 
+	if t.NSGroup == "none" {
+		return empty, []string{}, nil
+	}
+
 	for _, u := range manifest.UidMaps {
 		if u.Name == t.NSGroup {
 			uidmap := idmap.IdmapEntry{