Merge pull request #6279 from ChrisLundquist/clundquist/lxc-perms
[WIP] Unpriviliged LXC containers
This commit is contained in:
Megan Marsh
GitHub
commit
5bbb6633cf
|
|
@ -1,7 +1,11 @@
|
||||||
package lxc
|
package lxc
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"bytes"
|
||||||
|
"fmt"
|
||||||
|
"log"
|
||||||
"os/exec"
|
"os/exec"
|
||||||
|
"strings"
|
||||||
)
|
)
|
||||||
|
|
||||||
// CommandWrapper is a type that given a command, will possibly modify that
|
// CommandWrapper is a type that given a command, will possibly modify that
|
||||||
|
|
@ -13,3 +17,25 @@ type CommandWrapper func(string) (string, error)
|
||||||
func ShellCommand(command string) *exec.Cmd {
|
func ShellCommand(command string) *exec.Cmd {
|
||||||
return exec.Command("/bin/sh", "-c", command)
|
return exec.Command("/bin/sh", "-c", command)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func RunCommand(args ...string) error {
|
||||||
|
var stdout, stderr bytes.Buffer
|
||||||
|
|
||||||
|
log.Printf("Executing args: %#v", args)
|
||||||
|
cmd := exec.Command(args[0], args[1:]...)
|
||||||
|
cmd.Stdout = &stdout
|
||||||
|
cmd.Stderr = &stderr
|
||||||
|
err := cmd.Run()
|
||||||
|
|
||||||
|
stdoutString := strings.TrimSpace(stdout.String())
|
||||||
|
stderrString := strings.TrimSpace(stderr.String())
|
||||||
|
|
||||||
|
if _, ok := err.(*exec.ExitError); ok {
|
||||||
|
err = fmt.Errorf("Command error: %s", stderrString)
|
||||||
|
}
|
||||||
|
|
||||||
|
log.Printf("stdout: %s", stdoutString)
|
||||||
|
log.Printf("stderr: %s", stderrString)
|
||||||
|
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,15 +1,11 @@
|
||||||
package lxc
|
package lxc
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
|
||||||
"context"
|
"context"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"log"
|
|
||||||
"os"
|
"os"
|
||||||
"os/exec"
|
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"strings"
|
|
||||||
|
|
||||||
"github.com/hashicorp/packer/helper/multistep"
|
"github.com/hashicorp/packer/helper/multistep"
|
||||||
"github.com/hashicorp/packer/packer"
|
"github.com/hashicorp/packer/packer"
|
||||||
|
|
@ -47,7 +43,7 @@ func (s *stepExport) Run(_ context.Context, state multistep.StateBag) multistep.
|
||||||
|
|
||||||
_, err = io.Copy(configFile, originalConfigFile)
|
_, err = io.Copy(configFile, originalConfigFile)
|
||||||
|
|
||||||
commands := make([][]string, 4)
|
commands := make([][]string, 3)
|
||||||
commands[0] = []string{
|
commands[0] = []string{
|
||||||
"lxc-stop", "--name", name,
|
"lxc-stop", "--name", name,
|
||||||
}
|
}
|
||||||
|
|
@ -57,13 +53,10 @@ func (s *stepExport) Run(_ context.Context, state multistep.StateBag) multistep.
|
||||||
commands[2] = []string{
|
commands[2] = []string{
|
||||||
"chmod", "+x", configFilePath,
|
"chmod", "+x", configFilePath,
|
||||||
}
|
}
|
||||||
commands[3] = []string{
|
|
||||||
"sh", "-c", "chown $USER:`id -gn` " + filepath.Join(config.OutputDir, "*"),
|
|
||||||
}
|
|
||||||
|
|
||||||
ui.Say("Exporting container...")
|
ui.Say("Exporting container...")
|
||||||
for _, command := range commands {
|
for _, command := range commands {
|
||||||
err := s.SudoCommand(command...)
|
err := RunCommand(command...)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
err := fmt.Errorf("Error exporting container: %s", err)
|
err := fmt.Errorf("Error exporting container: %s", err)
|
||||||
state.Put("error", err)
|
state.Put("error", err)
|
||||||
|
|
@ -76,25 +69,3 @@ func (s *stepExport) Run(_ context.Context, state multistep.StateBag) multistep.
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *stepExport) Cleanup(state multistep.StateBag) {}
|
func (s *stepExport) Cleanup(state multistep.StateBag) {}
|
||||||
|
|
||||||
func (s *stepExport) SudoCommand(args ...string) error {
|
|
||||||
var stdout, stderr bytes.Buffer
|
|
||||||
|
|
||||||
log.Printf("Executing sudo command: %#v", args)
|
|
||||||
cmd := exec.Command("sudo", args...)
|
|
||||||
cmd.Stdout = &stdout
|
|
||||||
cmd.Stderr = &stderr
|
|
||||||
err := cmd.Run()
|
|
||||||
|
|
||||||
stdoutString := strings.TrimSpace(stdout.String())
|
|
||||||
stderrString := strings.TrimSpace(stderr.String())
|
|
||||||
|
|
||||||
if _, ok := err.(*exec.ExitError); ok {
|
|
||||||
err = fmt.Errorf("Sudo command error: %s", stderrString)
|
|
||||||
}
|
|
||||||
|
|
||||||
log.Printf("stdout: %s", stdoutString)
|
|
||||||
log.Printf("stderr: %s", stderrString)
|
|
||||||
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
|
||||||
|
|
@ -1,13 +1,9 @@
|
||||||
package lxc
|
package lxc
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
|
||||||
"context"
|
"context"
|
||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
|
||||||
"os/exec"
|
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"strings"
|
|
||||||
|
|
||||||
"github.com/hashicorp/packer/helper/multistep"
|
"github.com/hashicorp/packer/helper/multistep"
|
||||||
"github.com/hashicorp/packer/packer"
|
"github.com/hashicorp/packer/packer"
|
||||||
|
|
@ -30,7 +26,9 @@ func (s *stepLxcCreate) Run(_ context.Context, state multistep.StateBag) multist
|
||||||
}
|
}
|
||||||
|
|
||||||
commands := make([][]string, 3)
|
commands := make([][]string, 3)
|
||||||
commands[0] = append(config.EnvVars, "lxc-create")
|
commands[0] = append(commands[0], "env")
|
||||||
|
commands[0] = append(commands[0], config.EnvVars...)
|
||||||
|
commands[0] = append(commands[0], "lxc-create")
|
||||||
commands[0] = append(commands[0], config.CreateOptions...)
|
commands[0] = append(commands[0], config.CreateOptions...)
|
||||||
commands[0] = append(commands[0], []string{"-n", name, "-t", config.Name, "--"}...)
|
commands[0] = append(commands[0], []string{"-n", name, "-t", config.Name, "--"}...)
|
||||||
commands[0] = append(commands[0], config.Parameters...)
|
commands[0] = append(commands[0], config.Parameters...)
|
||||||
|
|
@ -42,8 +40,7 @@ func (s *stepLxcCreate) Run(_ context.Context, state multistep.StateBag) multist
|
||||||
|
|
||||||
ui.Say("Creating container...")
|
ui.Say("Creating container...")
|
||||||
for _, command := range commands {
|
for _, command := range commands {
|
||||||
log.Printf("Executing sudo command: %#v", command)
|
err := RunCommand(command...)
|
||||||
err := s.SudoCommand(command...)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
err := fmt.Errorf("Error creating container: %s", err)
|
err := fmt.Errorf("Error creating container: %s", err)
|
||||||
state.Put("error", err)
|
state.Put("error", err)
|
||||||
|
|
@ -66,29 +63,7 @@ func (s *stepLxcCreate) Cleanup(state multistep.StateBag) {
|
||||||
}
|
}
|
||||||
|
|
||||||
ui.Say("Unregistering and deleting virtual machine...")
|
ui.Say("Unregistering and deleting virtual machine...")
|
||||||
if err := s.SudoCommand(command...); err != nil {
|
if err := RunCommand(command...); err != nil {
|
||||||
ui.Error(fmt.Sprintf("Error deleting virtual machine: %s", err))
|
ui.Error(fmt.Sprintf("Error deleting virtual machine: %s", err))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *stepLxcCreate) SudoCommand(args ...string) error {
|
|
||||||
var stdout, stderr bytes.Buffer
|
|
||||||
|
|
||||||
log.Printf("Executing sudo command: %#v", args)
|
|
||||||
cmd := exec.Command("sudo", args...)
|
|
||||||
cmd.Stdout = &stdout
|
|
||||||
cmd.Stderr = &stderr
|
|
||||||
err := cmd.Run()
|
|
||||||
|
|
||||||
stdoutString := strings.TrimSpace(stdout.String())
|
|
||||||
stderrString := strings.TrimSpace(stderr.String())
|
|
||||||
|
|
||||||
if _, ok := err.(*exec.ExitError); ok {
|
|
||||||
err = fmt.Errorf("Sudo command error: %s", stderrString)
|
|
||||||
}
|
|
||||||
|
|
||||||
log.Printf("stdout: %s", stdoutString)
|
|
||||||
log.Printf("stderr: %s", stderrString)
|
|
||||||
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue