Merge pull request #1941 from flx42/lxc-oci-improve-import

Improve lxc-oci.in

Merge pull request #1941 from flx42/lxc-oci-improve-import
b151c7e5 · Christian Brauner · GitHub · 0ad23532 · 797f99c6 · b151c7e5
Unverified Commit b151c7e5 authored Nov 23, 2017 by Christian Brauner Committed by GitHub Nov 23, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 89 additions and 14 deletions

lxc-oci.in templates/lxc-oci.in +89 -14

No files found.
--- a/templates/lxc-oci.in
+++ b/templates/lxc-oci.in
@@ -34,6 +34,8 @@ for bin in skopeo umoci jq; do
    fi
 done

+LXC_TEMPLATE_CONFIG="@LXCTEMPLATECONFIG@"
+
 # Some useful functions
 cleanup() {
    if [ -d "$DOWNLOAD_TEMP" ]; then
@@ -54,17 +56,13 @@ in_userns() {
    echo yes
 }

-# get entrypoint from oci image.  Use sh if unspecified
-# TODO - we can get other things like resource limits here
-getep() {
+getconfigpath() {
 	basedir="$1"
 	q="$2"

-
 	digest=`cat "${basedir}/index.json" | jq --arg q "$q" '.manifests[] | if .annotations."org.opencontainers.image.ref.name" == $q then .digest else null end' | sed -e 's/"//g'`
 	if [ -z "${digest}" ]; then
 		echo "$q not found in index.json" >&2
-		echo "/bin/sh"
 		return
 	fi

@@ -73,13 +71,25 @@ getep() {
 	cdigest=`cat "${basedir}/blobs/sha256/${d}" | jq '.config.digest' | sed -e 's/"//g'`
 	if [ -z "${cdigest}" ]; then
 		echo "container config not found" >&2
-		echo "/bin/sh"
 		return
 	fi

 	d2=${cdigest:7}
-	ep=`cat "${basedir}/blobs/sha256/${d2}" | jq -c '.config.Entrypoint' | sed -e 's/^\[//; s/\]$//; s/","/" "/'`
-	cmd=`cat "${basedir}/blobs/sha256/${d2}" | jq -c '.config.Cmd' | sed -e 's/^\[//; s/\]$//; s/","/" "/'`
+	echo "${basedir}/blobs/sha256/${d2}"
+	return
+}
+
+# get entrypoint from oci image.  Use sh if unspecified
+getep() {
+	if [ "$#" -eq 0 ]; then
+		echo "/bin/sh"
+		return
+	fi
+
+	configpath="$1"
+
+	ep=`cat "${configpath}" | jq -c '.config.Entrypoint' | sed -e 's/^\[//; s/\]$//; s/","/" "/'`
+	cmd=`cat "${configpath}" | jq -c '.config.Cmd' | sed -e 's/^\[//; s/\]$//; s/","/" "/'`
 	if [ "${ep}" = "null" ]; then
 		ep="${cmd}"
 		if [ "${ep}" = "null" ]; then
@@ -97,6 +107,21 @@ getep() {
 	return
 }

+# get environment from oci image.
+getenv() {
+	if [ "$#" -eq 0 ]; then
+		return
+	fi
+
+	configpath="$1"
+
+	cat "${configpath}" > /tmp/config
+	env=`cat "${configpath}" | jq -c '.config.Env[]'`
+
+	echo "${env}"
+	return
+}
+
 usage() {
    cat <<EOF
 LXC container template for OCI images
@@ -107,6 +132,10 @@ Special arguments:
 Required arguments:
 [ -u | --url <url> ]: The OCI image URL

+Optional arguments:
+[ --username <username> ]: The username for the registry
+[ --password <password> ]: The password for the registry
+
 LXC internal arguments (do not pass manually!):
 [ --name <name> ]: The container name
 [ --path <path> ]: The path to the container
@@ -118,8 +147,8 @@ EOF
    return 0
 }

-options=$(getopt -o u:h -l help,url:,name:,path:,\
-rootfs:,mapped-uid:,mapped-gid: -- "$@")
+options=$(getopt -o u:h -l help,url:,username:,password:,\
+name:,path:,rootfs:,mapped-uid:,mapped-gid: -- "$@")

 if [ $? -ne 0 ]; then
    usage
@@ -128,6 +157,9 @@ fi
 eval set -- "$options"

 OCI_URL=""
+OCI_USERNAME=
+OCI_PASSWORD=
+
 LXC_MAPPED_GID=
 LXC_MAPPED_UID=
 LXC_NAME=
@@ -138,6 +170,8 @@ while :; do
    case "$1" in
        -h|--help)          usage && exit 1;;
        -u|--url)           OCI_URL=$2; shift 2;;
+        --username)         OCI_USERNAME=$2; shift 2;;
+        --password)         OCI_PASSWORD=$2; shift 2;;
        --name)             LXC_NAME=$2; shift 2;;
        --path)             LXC_PATH=$2; shift 2;;
        --rootfs)           LXC_ROOTFS=$2; shift 2;;
@@ -158,6 +192,11 @@ if [ -z "$OCI_URL" ]; then
    exit 1
 fi

+if [ -n "$OCI_PASSWORD" ] && [ -z "$OCI_USERNAME" ]; then
+    echo "ERROR: password given but no username specified"
+    exit 1
+fi
+
 USERNS=$(in_userns)

 if [ "$USERNS" != "no" ]; then
@@ -185,22 +224,58 @@ else
 fi

 # Download the image - TODO - cache
-skopeo copy "${OCI_URL}" "oci:${DOWNLOAD_TEMP}:latest"
+skopeo_args=("")
+if [ -n "$OCI_USERNAME" ]; then
+    CREDENTIALS="${OCI_USERNAME}"
+    if [ -n "$OCI_PASSWORD" ]; then
+        CREDENTIALS="${CREDENTIALS}:${OCI_PASSWORD}"
+    fi
+    skopeo_args+=(--src-creds "${CREDENTIALS}")
+fi
+skopeo copy ${skopeo_args[@]} "${OCI_URL}" "oci:${DOWNLOAD_TEMP}:latest"

 # Unpack the rootfs
 echo "Unpacking the rootfs"

-umoci unpack --image "${DOWNLOAD_TEMP}:latest" "${LXC_ROOTFS}.tmp"
+umoci_args=("")
+if [ -n "$LXC_MAPPED_UID" ] && [ "$LXC_MAPPED_UID" != "-1" ]; then
+    umoci_args+=(--rootless)
+fi
+umoci unpack ${umoci_args[@]} --image "${DOWNLOAD_TEMP}:latest" "${LXC_ROOTFS}.tmp"
 rmdir "${LXC_ROOTFS}"
 mv "${LXC_ROOTFS}.tmp/rootfs" "${LXC_ROOTFS}"
-entrypoint=$(getep ${DOWNLOAD_TEMP} latest)
 rm -rf "${LXC_ROOTFS}.tmp"

+OCI_CONF_FILE=$(getconfigpath ${DOWNLOAD_TEMP} latest)
 LXC_CONF_FILE="${LXC_PATH}/config"
+entrypoint=$(getep ${OCI_CONF_FILE})
 echo "lxc.execute.cmd = '${entrypoint}'" >> "${LXC_CONF_FILE}"
 echo "lxc.mount.auto = proc:mixed sys:mixed cgroup:mixed" >> "${LXC_CONF_FILE}"

-echo "lxc.uts.name = ${LXC_NAME}" >> ${LXC_PATH}/config
+environment=$(getenv ${OCI_CONF_FILE})
+while read -r line; do
+    echo "lxc.environment = ${line}" >> "${LXC_CONF_FILE}"
+done <<< "${environment}"
+
+if [ -e "${LXC_TEMPLATE_CONFIG}/common.conf" ]; then
+    echo "lxc.include = ${LXC_TEMPLATE_CONFIG}/common.conf" >> "${LXC_CONF_FILE}"
+fi
+
+if [ -n "$LXC_MAPPED_UID" ] && [ "$LXC_MAPPED_UID" != "-1" ] && [ -e "${LXC_TEMPLATE_CONFIG}/userns.conf" ]; then
+    echo "lxc.include = ${LXC_TEMPLATE_CONFIG}/userns.conf" >> "${LXC_CONF_FILE}"
+fi
+
+echo "lxc.uts.name = ${LXC_NAME}" >> "${LXC_CONF_FILE}"
+# set the hostname
+cat <<EOF > ${LXC_ROOTFS}/etc/hostname
+${LXC_NAME}
+EOF
+
+# set minimal hosts
+cat <<EOF > ${LXC_ROOTFS}/etc/hosts
+127.0.0.1   localhost
+127.0.1.1   ${LXC_NAME}
+EOF

 if [ -n "$LXC_MAPPED_UID" ] && [ "$LXC_MAPPED_UID" != "-1" ]; then
    chown $LXC_MAPPED_UID $LXC_PATH/config $LXC_PATH/fstab >/dev/null 2>&1 || true