From 0648d481bc6ecd59729bb44172ce67f75d0aee24 Mon Sep 17 00:00:00 2001 From: selfhoster1312 Date: Mon, 10 Apr 2023 20:33:27 +0200 Subject: [PATCH] v1 --- README.md | 72 ++++++++++++++++++++++++++++++++++++ bin/mkvm.sh | 49 ++++++++++++++++++++++++ bin/ramdisk.sh | 44 ++++++++++++++++++++++ ramdisk.service | 11 ++++++ setup.sh | 41 ++++++++++++++++++++ templates/archlinux.template | 24 ++++++++++++ templates/bullseye.template | 24 ++++++++++++ 7 files changed, 265 insertions(+) create mode 100644 README.md create mode 100755 bin/mkvm.sh create mode 100755 bin/ramdisk.sh create mode 100644 ramdisk.service create mode 100755 setup.sh create mode 100644 templates/archlinux.template create mode 100644 templates/bullseye.template diff --git a/README.md b/README.md new file mode 100644 index 0000000..d353b8d --- /dev/null +++ b/README.md @@ -0,0 +1,72 @@ +# lxc-ramdisk + +Create ramdisks for use in LXC containers for instant startup and destroy. Running `mkvm.sh bullseye lsblk` (for testing purposes) takes 1.3s on RAM running at 800MHz. + +The scripts create two different ramdisks when running `ramdisk.sh start` (or when the systemd service is started): + +- `/ramdisk/sys/` for the base images of supported operating systems +- `/ramdisk/tmp/` for rootfs of the actual containers + +When a container is started, it's rootfs is an overlay of `/ramdisk/tmp/VM_NAME` (read-write) over `/ramdisk/sys/VM_TYPE` (read-only). This setup allows to start many containers with the same base system without copying it over and over again. + +The contents of `/ramdisk/sys` are copied from `/ramdisk/persist` when the service is started. + +The following systems are supported: + +- `bullseye`: Debian 11 Bullseye +- `archlinux`: Archlinux + +## Setup + +The provided files are provided for Debian bullseye. They can be adpated to another system easily... mostly the LXC templates should be different in the `lxc.include` line. The size of the ramdisk is also hardcoded to 32GB for the base systems, and 32GB for the temporary systems. This can be adapted by editing [bin/ramdisk.sh](bin/ramdisk.sh). + +### Network setup + +Your containers may need to access the network. To give them access to your entire network, we recommend to create a bridged interface to your physical interface, then use a 'veth' interface in the LXC containers. Your `/etc/network/interfaces` would look like this : + +``` +auto lxcbr0 +iface lxcbr0 inet dhcp + bridge_ports eno1 + bridge_fd 1 + bridge_maxwait 0 +``` + +This operation is not performed automatically by setup.sh because it has implications in regards to your current network configuration and to the devices exposed on your LAN. You should think it through. + +### Main setup + +Run `setup.sh` to setup everything else: + +- ensuring LXC is setup via APT +- symlinking `bin/*.sh` to `/usr/sbin/` +- symlinking `ramdisk.service` to `/etc/systemd/system` +- symlinking `templates/*.template` to `/var/lib/lxc/` + +### Setup other systems + +By default, the setup.sh script will generate an image for your own system. If you'd like to generate an image for another system, you'll likely need to have that system running. + +To create an Archlinux rootfs to later run on Debian, you'll have to supply your own Archlinux rootfs in the `/ramdisk/persist/archlinux` folder. Such rootfs can be created from an Archlinux system using: + +``` +mkdir /ramdisk/persist/archlinux +pacstrap /ramdisk/persist/archlinux base base-devel +``` + +To create a Debian rootfs to later run on Archlinux, you'll have to supply your own rootfs in the `/ramdisk/persist/bullseye` folder. Such rootfs can be created from a Debian system using: + +``` +mkdir /ramdisk/persist/bullseye +deboostrap bullseye /ramdisk/persist/bullseye http://deb.debian.org/debian +``` + +## Usage + +The `mkvm.sh` script takes the type of container to run as first argument. That type must be supported by a template (currently, archlinux and bullseye). If another argument is provided, it's the command run in the container, after which the container is stopped. Otherwise, the container is stopped when the container shell is exited. + +Unless the `--keep` argument is passed, the container is also destroyed after running. + +## License + +GNU aGPL v3 diff --git a/bin/mkvm.sh b/bin/mkvm.sh new file mode 100755 index 0000000..a988547 --- /dev/null +++ b/bin/mkvm.sh @@ -0,0 +1,49 @@ +#! /usr/bin/env bash + +KEEP=0 + +SYSDIR="/ramdisk/sys" +TMPDIR="/ramdisk/tmp" + +case "$1" in + "-h"|"--help") + echo "testvm.sh DISTRO [CMD]" + echo " -k|--keep: Don't destroy the VM after running" + exit 0 + ;; + "-k"|"--keep") + KEEP=1 + shift + ;; +esac + +TYPE="$1" +TEMPLATE=/var/lib/lxc/"$TYPE".template + +if [ ! -f "$TEMPLATE" ]; then + echo "ERROR: No such VM type "$TYPE"" + exit 1 +fi + +export VMNAME="$TYPE-$RANDOM" +echo "$VMNAME" + +LXCDIR=/var/lib/lxc/"$VMNAME" +mkdir "$LXCDIR" +envsubst < "$TEMPLATE" > "$LXCDIR"/config + +ROOTFS="$TMPDIR"/"$VMNAME" +mkdir -p "$ROOTFS"/etc/ +echo "$VMNAME" > "$ROOTFS"/etc/hostname + +CMD="$2" + +if [[ "$CMD" != "" ]]; then + lxc-execute -n "$VMNAME" -- "$CMD" + [ $KEEP -eq 0 ] && lxc-destroy -n "$VMNAME" +else + lxc-start -n "$VMNAME" + lxc-attach -n "$VMNAME" bash + [ $KEEP -eq 0 ] && lxc-stop --kill "$VMNAME" && lxc-destroy -n "$VMNAME" +fi + diff --git a/bin/ramdisk.sh b/bin/ramdisk.sh new file mode 100755 index 0000000..ebd3de2 --- /dev/null +++ b/bin/ramdisk.sh @@ -0,0 +1,44 @@ +#! /usr/bin/env bash + +start() { + [ -d /ramdisk/sys ] && rm -rf /ramdisk/sys + [ -d /ramdisk/tmp ] && rm -rf /ramdisk/tmp + mkdir -p /ramdisk/sys + mkdir -p /ramdisk/tmp + + echo "Bienvenue dans le ramdisk" + mount -t tmpfs -o size=32G tmpfs /ramdisk/sys + mount -t tmpfs -o size=32G tmpfs /ramdisk/tmp + echo "ramdisk monté!" + + if [ -d /ramdisk/persist ]; then + cp -a /ramdisk/persist/* /ramdisk/sys/ + echo "Données persistentes copiées!" + fi + mount -o remount,ro /ramdisk/sys +} + +stop() { + umount /ramdisk/sys + rm -rf /ramdisk/sys + umount /ramdisk/tmp + rm -rf /ramdisk/tmp + echo "ramdisk démonté!" +} + +help() { + echo "ramdisk.sh start|stop" + echo " Mount a readonly ramdisk to /ramdisk/sys and a read-write one to /ramdisk/tmp" +} + +case "$1" in + "start") + start + ;; + "stop") + stop + ;; + *) + help + ;; +esac diff --git a/ramdisk.service b/ramdisk.service new file mode 100644 index 0000000..c10ec63 --- /dev/null +++ b/ramdisk.service @@ -0,0 +1,11 @@ +[Unit] +Description=RAMDISK + +[Service] +ExecStart=/usr/sbin/ramdisk.sh start +ExecStop=/usr/sbin/ramdisk.sh stop +Restart=on-failure +RestartPreventExitStatus=255 + +[Install] +WantedBy=multi-user.target diff --git a/setup.sh b/setup.sh new file mode 100755 index 0000000..6d80cb0 --- /dev/null +++ b/setup.sh @@ -0,0 +1,41 @@ +#! /usr/bin/env bash + +# check root +[ ! $UID -eq 0 ] && echo "PLEASE RUN AS ROOT." && exit 1 + +mkdir -p /ramdisk/sys +mkdir -p /ramdisk/tmp +mkdir -p /ramdisk/persist + +ln -sf "$(pwd)"/bin/ramdisk.sh /usr/sbin/ +ln -sf "$(pwd)"/bin/mkvm.sh /usr/sbin/ + +ln -sf "$(pwd)"/ramdisk.service /etc/systemd/system/ +systemctl daemon-reload + +ln -sf "$(pwd)"/templates/archlinux.template /var/lib/lxc/ +ln -sf "$(pwd)"/templates/bullseye.template /var/lib/lxc/ + +setup_debian() { + apt install lxc debootstrap + if [ ! -d /ramdisk/persist/bullseye ]; then + mkdir /ramdisk/persist/bullseye + debootstrap bullseye /ramdisk/persist/bullseye http://deb.debian.org/debian + fi +} + +setup_arch() { + pacman -S lxc arch-install-scripts + if [ ! -d /ramdisk/persist/archlinux ]; then + mkdir /ramdisk/persist/archlinux + pacstrap /ramdisk/persist/archlinux base vim htop tmux + fi +} + +if grep 'NAME="Debian GNU/Linux"' /etc/os-release; then + setup_debian +elif grep 'NAME="Arch Linux"' /etc/os-release; then + setup_arch +fi + +systemctl enable --now ramdisk diff --git a/templates/archlinux.template b/templates/archlinux.template new file mode 100644 index 0000000..8b9b85d --- /dev/null +++ b/templates/archlinux.template @@ -0,0 +1,24 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r bullseye +# For additional config options, please look at lxc.container.conf(5) + +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) + +lxc.net.0.type = veth +#lxc.net.0.hwaddr = 00:16:3e:5e:7b:d0 +lxc.net.0.link = lxcbr0 +lxc.net.0.flags = up +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +lxc.rootfs.path = overlayfs:/ramdisk/sys/archlinux:/ramdisk/tmp/$VMNAME + +# Common configuration +lxc.include = /usr/share/lxc/config/archlinux.common.conf + +# Container specific configuration +lxc.tty.max = 4 +lxc.uts.name = $VMNAME +lxc.arch = amd64 +lxc.pty.max = 1024 diff --git a/templates/bullseye.template b/templates/bullseye.template new file mode 100644 index 0000000..e657dc4 --- /dev/null +++ b/templates/bullseye.template @@ -0,0 +1,24 @@ +# Template used to create this container: /usr/share/lxc/templates/lxc-debian +# Parameters passed to the template: -r bullseye +# For additional config options, please look at lxc.container.conf(5) + +# Uncomment the following line to support nesting containers: +#lxc.include = /usr/share/lxc/config/nesting.conf +# (Be aware this has security implications) + +lxc.net.0.type = veth +#lxc.net.0.hwaddr = 00:16:3e:5e:7b:d0 +lxc.net.0.link = lxcbr0 +lxc.net.0.flags = up +lxc.apparmor.profile = generated +lxc.apparmor.allow_nesting = 1 +lxc.rootfs.path = overlayfs:/ramdisk/sys/bullseye:/ramdisk/tmp/$VMNAME + +# Common configuration +lxc.include = /usr/share/lxc/config/debian.common.conf + +# Container specific configuration +lxc.tty.max = 4 +lxc.uts.name = $VMNAME +lxc.arch = amd64 +lxc.pty.max = 1024