diff --git a/layers/install/load-mos-modules b/layers/install/load-mos-modules index aa21ac4..64491b0 100644 --- a/layers/install/load-mos-modules +++ b/layers/install/load-mos-modules @@ -9,4 +9,8 @@ mount /bootkit/bootkit/modules.squashfs /lib/modules/ udevadm trigger modprobe virtio-net +modprobe br_netfilter +modprobe iptables_nat +modprobe iptables_mangle +dhclient systemctl start lxc-net diff --git a/layers/install/stacker.yaml b/layers/install/stacker.yaml index ec9e533..0e49333 100644 --- a/layers/install/stacker.yaml +++ b/layers/install/stacker.yaml @@ -44,11 +44,18 @@ demo-zot: tag: install-rootfs-pkg import: - zot-config.json - entrypoint: /usr/bin/zot serve /etc/zot-config.json + - start-zot + - https://github.com/project-zot/zot/releases/download/v${{ZOT_VERSION}}/zot-linux-amd64-minimal + entrypoint: /usr/bin/start-zot run: | #!/bin/sh -ex cp /stacker/imports/zot-config.json /etc/ + cp /stacker/imports/start-zot /usr/bin/start-zot + chmod 755 /usr/bin/start-zot + cp /stacker/imports/zot-linux-amd64-minimal /usr/bin/zot + chmod 755 /usr/bin/zot + # The rootfs which we want to run on the system # Note this is for demo purposes only. No one should ever diff --git a/layers/install/start-zot b/layers/install/start-zot new file mode 100644 index 0000000..6cb8062 --- /dev/null +++ b/layers/install/start-zot @@ -0,0 +1,12 @@ +#!/bin/bash + +if [ -n "$IPV4" ]; then + sed -i "s/0.0.0.0/${IPV4%/*}/" /etc/zot-config.json +elif [ -n "$IPV6" ]; then + sed -i "s/0.0.0.0/${IPV6%/*}/" /etc/zot-config.json +fi + +# Should mos or lxc be doing this for us? +ip route add default via 10.0.3.1 + +exec /usr/bin/zot serve /etc/zot-config.json diff --git a/layers/install/zot-config.json b/layers/install/zot-config.json index 24b9f49..136e43a 100644 --- a/layers/install/zot-config.json +++ b/layers/install/zot-config.json @@ -5,7 +5,7 @@ "gc": false }, "http": { - "address": "127.0.0.1", + "address": "0.0.0.0", "port": "5000" }, "log": { diff --git a/pkg/mosconfig/mos.go b/pkg/mosconfig/mos.go index 5222f93..f5a30ba 100644 --- a/pkg/mosconfig/mos.go +++ b/pkg/mosconfig/mos.go @@ -169,9 +169,20 @@ func (mos *Mos) Current(name string) (*Target, error) { return nil, errors.Errorf("Target %s not found", name) } -// We'll probably want to do a lot more setup here, but for now just -// activate services +// Called at system boot to do basic setup and +// activate all services func (mos *Mos) Boot() error { + // For containers to start, /var/lib/lxc needs to be world-x + // at each point so that subuids can get to their RFS. + p := "" + for _, next := range []string{"/", "var", "lib", "lxc"} { + p = filepath.Join(p, next) + if err := os.Chmod(p, 0755); err != nil { + return errors.Wrapf(err, "Failed making %q world-accessible") + } + } + + // Now start the services return mos.ActivateAll() } @@ -182,6 +193,9 @@ func (mos *Mos) ActivateAll() error { return errors.Wrapf(err, "Failed opening manifest") } for _, t := range m.SysTargets { + if t.Name == "hostfs" || t.Name == "bootkit" { + continue + } if err := mos.Activate(t.Name); err != nil { return errors.Wrapf(err, "Failed starting %s", t.Name) } @@ -405,6 +419,7 @@ func (mos *Mos) writeLxcConfig(t *Target) error { lxcConf = append(lxcConf, "lxc.apparmor.profile = unchanged") lxcConf = append(lxcConf, fmt.Sprintf("lxc.log.file = %s/%s.log", lxclogDir, t.ServiceName)) + lxcConf = append(lxcConf, "lxc.environment = HOME=/root") for _, env := range syst.OCIConfig.Config.Env { lxcConf = append(lxcConf, fmt.Sprintf("lxc.environment = %s", env)) } diff --git a/pkg/mosconfig/network.go b/pkg/mosconfig/network.go index c3ea8e7..e4247e2 100644 --- a/pkg/mosconfig/network.go +++ b/pkg/mosconfig/network.go @@ -91,11 +91,13 @@ func (mos *Mos) setupSimpleNet(t *Target) ([]string, error) { if ipv4 != "" { config = append(config, "lxc.net.0.ipv4.address = "+ipv4) + config = append(config, "lxc.environment = IPV4="+ipv4) mos.Manifest.IpAddrs[ipv4] = t.ServiceName } if ipv6 != "" { config = append(config, "lxc.net.0.ipv6.address = "+ipv6) + config = append(config, "lxc.environment = IPV6="+ipv6) mos.Manifest.IpAddrs[ipv6] = t.ServiceName } @@ -128,7 +130,7 @@ func (mos *Mos) DefaultNic() (string, error) { continue } s := strings.Split(l, " ") - if len(s) < 9 { + if len(s) < 5 { continue } if s[3] != "dev" { @@ -159,10 +161,11 @@ func (mos *Mos) setupPortFwd(t *Target) error { return fmt.Errorf("No usable address for port forward destination") } for _, p := range t.Network.Ports { - destaddr := fmt.Sprintf("%s:%d", ipaddr, p.ContainerPort) + destaddr := strings.Split(ipaddr, "/")[0] // 192.168.2.0/24 + destaddr = fmt.Sprintf("%s:%d", destaddr, p.ContainerPort) cmd := []string{ "iptables", "-t", "nat", "-A", "PREROUTING", "-p", "tcp", - "-i", nic, "--dport", fmt.Sprintf("%d", p.HostPort), + "-m", "tcp", "-i", nic, "--dport", fmt.Sprintf("%d", p.HostPort), "-j", "DNAT", "--to-destination", destaddr} if err := utils.RunCommand(cmd...); err != nil { return errors.Wrapf(err, "Failed setting up port forward for %#v", p) diff --git a/pkg/mosconfig/uidmap.go b/pkg/mosconfig/uidmap.go index 45f631f..9a4d448 100644 --- a/pkg/mosconfig/uidmap.go +++ b/pkg/mosconfig/uidmap.go @@ -97,6 +97,10 @@ func (mos *Mos) GetUIDMapStr(t *Target) (idmap.IdmapSet, []string, error) { } rangedefs := chooseRangeDefaults() + if t.NSGroup == "none" { + return empty, []string{}, nil + } + for _, u := range manifest.UidMaps { if u.Name == t.NSGroup { uidmap := idmap.IdmapEntry{