-
Notifications
You must be signed in to change notification settings - Fork 28
/
Copy pathDockerfile.img
134 lines (117 loc) · 4.43 KB
/
Dockerfile.img
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
{{.SpecBuild}}
FROM {{.RootDiskImage}} AS rootdisk
# Temporarily set to root in order to do the "merge" step, so that it's possible to make changes in
# the final VM to files owned by root, even if the source image sets the user to something else.
USER root
{{.SpecMerge}}
FROM {{.NeonvmDaemonImage}} AS vm-daemon-loader
FROM alpine:3.19 AS vm-runtime
# add busybox
ENV BUSYBOX_VERSION 1.35.0
RUN set -e \
&& mkdir -p /neonvm/bin /neonvm/runtime /neonvm/config \
&& wget -q https://busybox.net/downloads/binaries/${BUSYBOX_VERSION}-x86_64-linux-musl/busybox -O /neonvm/bin/busybox \
&& chmod +x /neonvm/bin/busybox \
&& /neonvm/bin/busybox --install -s /neonvm/bin
COPY helper.move-bins.sh /helper.move-bins.sh
# add udevd and agetty (with shared libs)
#
# We need unshare and nsenter from util-linux-misc because buxybox's implementations don't have
# support for cgroup namespaces (at least, master as of 2024-08-11).
RUN set -e \
&& apk add --no-cache --no-progress --quiet \
acpid \
udev \
agetty \
su-exec \
util-linux-misc \
cgroup-tools \
e2fsprogs-extra \
blkid \
flock \
&& mkdir -p /neonvm/lib \
&& /helper.move-bins.sh \
acpid \
udevd \
udevadm \
agetty \
su-exec \
unshare nsenter \
cgexec \
resize2fs \
blkid \
flock \
&& mv /usr/share/udhcpc/default.script /neonvm/bin/udhcpc.script \
&& sed -i 's/#!\/bin\/sh/#!\/neonvm\/bin\/sh/' /neonvm/bin/udhcpc.script \
&& sed -i 's/export PATH=.*/export PATH=\/neonvm\/bin/' /neonvm/bin/udhcpc.script
# Install vector.dev binary
RUN set -e \
&& wget https://packages.timber.io/vector/0.26.0/vector-0.26.0-x86_64-unknown-linux-musl.tar.gz -O - \
| tar xzvf - --strip-components 3 -C /neonvm/bin/ ./vector-x86_64-unknown-linux-musl/bin/vector
# chrony
RUN set -e \
&& apk add --no-cache --no-progress --quiet \
chrony \
&& /helper.move-bins.sh chronyd chronyc
# ssh server
RUN set -e \
&& apk add --no-cache --no-progress --quiet \
openssh-server \
&& /helper.move-bins.sh sshd ssh-keygen
# quota tools
RUN set -e \
&& apk add --no-cache --no-progress --quiet \
quota-tools \
&& /helper.move-bins.sh quota edquota quotacheck quotaoff quotaon quotastats setquota repquota tune2fs
COPY --from=vm-daemon-loader /neonvmd /neonvm/bin/neonvmd
# init scripts & configs
COPY inittab /neonvm/bin/inittab
COPY vminit /neonvm/bin/vminit
COPY vmstart /neonvm/bin/vmstart
COPY vmshutdown /neonvm/bin/vmshutdown
COPY vmacpi /neonvm/acpi/vmacpi
COPY vector.yaml /neonvm/config/vector.yaml
COPY chrony.conf /neonvm/config/chrony.conf
COPY sshd_config /neonvm/config/sshd_config
RUN chmod +rx /neonvm/bin/vminit /neonvm/bin/vmstart /neonvm/bin/vmshutdown
COPY udev-init.sh /neonvm/bin/udev-init.sh
RUN chmod +rx /neonvm/bin/udev-init.sh
COPY cg-setup.sh /neonvm/bin/cg-setup.sh
COPY cg-run.sh /neonvm/bin/cg-run.sh
RUN chmod +rx /neonvm/bin/cg-setup.sh /neonvm/bin/cg-run.sh
COPY resize-swap.sh /neonvm/bin/resize-swap
RUN chmod +rx /neonvm/bin/resize-swap
COPY set-disk-quota.sh /neonvm/bin/set-disk-quota
RUN chmod +rx /neonvm/bin/set-disk-quota
# rootdisk modification
FROM rootdisk AS rootdisk-mod
COPY --from=vm-runtime /neonvm /neonvm
# setup chrony
RUN set -e \
&& /neonvm/bin/id -g chrony > /dev/null 2>&1 || /neonvm/bin/addgroup chrony \
&& /neonvm/bin/id -u chrony > /dev/null 2>&1 || /neonvm/bin/adduser -D -H -G chrony -g 'chrony' -s /neonvm/bin/nologin chrony \
&& /neonvm/bin/mkdir -p /var/lib/chrony \
&& /neonvm/bin/chown chrony:chrony /var/lib/chrony \
&& /neonvm/bin/mkdir -p /var/log/chrony
# setup sshd user and group to support sshd UsePrivilegeSeparation
RUN set -e \
&& /neonvm/bin/id -g sshd > /dev/null 2>&1 || /neonvm/bin/addgroup sshd \
&& /neonvm/bin/id -u sshd > /dev/null 2>&1 || /neonvm/bin/adduser -D -H -G sshd -g 'sshd privsep' -s /neonvm/bin/nologin sshd
FROM vm-runtime AS builder
ARG DISK_SIZE
COPY --from=rootdisk-mod / /rootdisk
# tools for qemu disk creation
RUN set -e \
&& apk add --no-cache --no-progress --quiet \
qemu-img \
e2fsprogs
RUN set -e \
&& mkdir -p /rootdisk/etc \
&& mkdir -p /rootdisk/etc/vector \
&& mkdir -p /rootdisk/etc/ssh \
&& mkdir -p /rootdisk/var/empty \
&& cp -f /rootdisk/neonvm/bin/inittab /rootdisk/etc/inittab \
&& mkfs.ext4 -L vmroot -d /rootdisk /disk.raw ${DISK_SIZE} \
&& qemu-img convert -f raw -O qcow2 -o cluster_size=2M,lazy_refcounts=on /disk.raw /disk.qcow2
FROM alpine:3.19
COPY --from=builder /disk.qcow2 /