YunoHost-Apps/yunorunner_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/yunorunner_ynh.git synced 2024-09-03 20:36:13 +02:00
Code Issues Activity Actions

Merge pull request #54 from YunoHost-Apps/incus

Browse source 
Use incus instead of lxd
This commit is contained in:
Salamandar 2024-03-15 22:24:24 +01:00 committed by GitHub
commit fd6715124b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
15 changed files with 104 additions and 48 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
README.md
View file

@ -18,9 +18,9 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
Yunorunner is a CI server for YunoHost apps.
It is based on LXD/LXC and uses [package_check](https://github.com/YunoHost/package_check).
It is based on Incus / LXC and uses [package_check](https://github.com/YunoHost/package_check).
**Shipped version:** 2023.04.05~ynh2
**Shipped version:** 2023.04.05~ynh3
## Screenshots

4
README_fr.md
View file

@ -18,9 +18,9 @@ Si vous navez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po
Yunorunner is a CI server for YunoHost apps.
It is based on LXD/LXC and uses [package_check](https://github.com/YunoHost/package_check).
It is based on Incus / LXC and uses [package_check](https://github.com/YunoHost/package_check).
**Version incluse :** 2023.04.05~ynh2
**Version incluse :** 2023.04.05~ynh3
## Captures décran

3
conf/firewall_rules.sh Normal file
View file

@ -0,0 +1,3 @@
#!/bin/bash
iptables -t filter -A INPUT -i incusbr0 -p udp -d 255.255.255.255 --dport 67 -j ACCEPT

14
conf/lxd-preseed.yml → conf/incus-preseed.yml
View file

@ -4,27 +4,27 @@ config:
core.trust_password: __YUNO_PWD__
networks:
- config:
ipv4.address: 192.168.__LXC_NETWORK__.1/24
ipv4.address: 192.168.__INCUS_NETWORK__.1/24
ipv4.nat: "true"
ipv6.address: none
description: ""
name: lxdbr0
name: incusbr0
type: bridge
project: default
storage_pools:
- config:
size: __BTRFS_SIZE__GB
source: /var/lib/lxd/disks/local.img
source: /var/lib/incus/disks/local.img
description: ""
name: local
driver: btrfs
profiles:
- config: {}
description: Default LXD profile
description: Default Incus profile
devices:
lxdbr0:
incusbr0:
nictype: bridged
parent: lxdbr0
parent: incusbr0
type: nic
root:
path: /
@ -37,7 +37,7 @@ projects:
features.networks: "true"
features.profiles: "true"
features.storage.volumes: "true"
description: Default LXD project
description: Default Incus project
name: default
cluster:
server_name: __DOMAIN__

2
conf/systemd.service
View file

@ -9,7 +9,7 @@ User=__APP__
Group=__APP__
WorkingDirectory=__INSTALL_DIR__/
ExecStart=__INSTALL_DIR__/venv/bin/python ./run.py
Environment=YNHDEV_BACKEND=lxd
Environment=YNHDEV_BACKEND=incus
# Sandboxing options to harden security
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html

2
doc/DESCRIPTION.md
View file

@ -1,3 +1,3 @@
Yunorunner is a CI server for YunoHost apps.
It is based on LXD/LXC and uses [package_check](https://github.com/YunoHost/package_check).
It is based on Incus / LXC and uses [package_check](https://github.com/YunoHost/package_check).

2
doc/PRE_INSTALL.md
View file

@ -1,2 +1,2 @@
YunoRunner will install LXD, for containers management.
YunoRunner will install Incus, for containers management.
Make sure your system has virtualization capability, and enough resources.

18
doc/PRE_UPGRADE.d/2023.04.05~ynh3.md Normal file
View file

@ -0,0 +1,18 @@
This upgrade migrates from LXD to Incus !
It does NOT handle migration as it's unstable, but rather creates a fresh `incus` configuration.
If you still want to migrate, you need to:
* Install the incus app: `yunohost app install incus`
* Run the migration tool: `lxd-to-incus`
* Remove LXD: `yunohost app remove lxd`
* Rename the `lxdbr0` or `lxdbr1` network to `incusbr0`:
```bash
incus network detach-profile lxdbr1 default
incus network rename lxdbr1 incusbr0
incus network attach-profile incusbr0 default
```
… Maybe some other steps ?

5
manifest.toml
View file

@ -7,7 +7,7 @@ name = "YunoRunner"
description.en = "CI runner of YunoHost"
description.fr = "Runner d'intégration continue de YunoHost"
version = "2023.04.05~ynh2"
version = "2023.04.05~ynh3"
maintainers = []
@ -52,7 +52,7 @@ ram.runtime = "50M"
default = "manual"
[install.cluster]
ask.en = "Should an LXD cluster be created with this server as first node? (cluster mode is experimental)"
ask.en = "Should an Incus cluster be created with this server as first node? (cluster mode is experimental)"
type = "boolean"
default = false
@ -75,4 +75,5 @@ ram.runtime = "50M"
"sqlite3",
"wkhtmltopdf",
"optipng",
"lynx",
]

39
scripts/_common.sh
View file

@ -6,7 +6,7 @@
yunorunner_repository="https://github.com/YunoHost/yunorunner"
yunorunner_release="52ef23a2cb37cb4fe13debca58eb589bb2f4d927"
yunorunner_release="a2ab9f576b2ab628190aa65d48dcdad727a81929"
#=================================================
# PERSONAL HELPERS
@ -25,28 +25,28 @@ tweak_yunohost() {
yunohost app makedefault -d "$domain" $app
}
setup_lxd() {
ynh_print_info "Configuring lxd..."
setup_incus() {
ynh_print_info "Configuring Incus..."
# ci_user will be the one launching job, gives it permission to run incus commands
usermod -a -G incus-admin "$app"
if [ "$cluster" -eq 1 ]; then
yunohost firewall allow TCP 8443
free_space=$(df --output=avail / | sed 1d)
btrfs_size=$(( free_space * 90 / 100 / 1024 / 1024 ))
lxc_network=$((1 + RANDOM % 254))
ynh_add_config --template="lxd-preseed.yml" --destination="$install_dir/lxd-preseed.yml"
lxd init --preseed < "$install_dir/lxd-preseed.yml"
rm "$install_dir/lxd-preseed.yml"
incus_network=$((1 + RANDOM % 254))
ynh_add_config --template="incus-preseed.yml" --destination="$install_dir/incus-preseed.yml"
incus admin init --preseed < "$install_dir/incus-preseed.yml"
rm "$install_dir/incus-preseed.yml"
lxc config set core.https_address "[::]"
incus config set core.https_address "[::]"
else
lxd init --auto # --storage-backend=dir
incus admin init --auto # --storage-backend=dir
fi
# ci_user will be the one launching job, gives it permission to run lxd commands
usermod -a -G lxd "$app"
ynh_exec_as "$app" lxc remote add yunohost https://devbaseimgs.yunohost.org --public --accept-certificate
ynh_exec_as "$app" incus remote add yunohost https://devbaseimgs.yunohost.org --public --accept-certificate
}
exposed_ports_if_cluster() {
@ -55,6 +55,19 @@ exposed_ports_if_cluster() {
fi
}
_ynh_firewall_add_tweak() {
mkdir -p "/etc/yunohost/hooks.d/post_iptable_rules"
ynh_add_config --template="firewall_rules.sh" --destination="/etc/yunohost/hooks.d/post_iptable_rules/50-${app}"
yunohost firewall reload
}
_ynh_firewall_remove_tweak() {
ynh_secure_remove --file="/etc/yunohost/hooks.d/post_iptable_rules/50-${app}"
yunohost firewall git remote add origin git@github.com:user/repository.git
}
#=================================================
# EXPERIMENTAL HELPERS
#=================================================

2
scripts/backup
View file

@ -35,6 +35,8 @@ ynh_backup --src_path="/etc/systemd/system/$app.service"
ynh_backup --src_path="/etc/cron.d/$app"
ynh_backup --src_path="/etc/yunohost/hooks.d/post_iptable_rules/50-${app}"
#=================================================
# END OF SCRIPT
#=================================================

14
scripts/install
View file

@ -8,14 +8,16 @@ source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# INSTALL LXD
# INSTALL INCUS
#=================================================
ynh_script_progression --message="Installing LXD... (this make take a long time!)"
ynh_script_progression --message="Installing Incus... (this make take a long time!)"
if ! yunohost app list --output-as json --quiet | jq -e '.apps[] | select(.id == "lxd")' >/dev/null; then
yunohost app install --force https://github.com/YunoHost-Apps/lxd_ynh
if ! yunohost app list --output-as json --quiet | jq -e '.apps[] | select(.id == "incus")' >/dev/null; then
yunohost app install --force https://github.com/YunoHost-Apps/incus_ynh
fi
setup_incus
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
@ -30,8 +32,6 @@ ynh_exec_as "$app" git clone https://github.com/YunoHost/package_check "$install
chown "$app:$app" "$install_dir"
setup_lxd
chmod -R o-rwx "$install_dir"
chown -R "$app:$app" "$install_dir"
chown "$app:www-data" "$install_dir"
@ -87,6 +87,8 @@ yunohost service add "$app" --description="$app daemon for YunoRunner" $(exposed
ynh_add_config --template="cron" --destination="/etc/cron.d/$app"
_ynh_firewall_add_tweak
#=================================================
# START SYSTEMD SERVICE
#=================================================

2
scripts/remove
View file

@ -23,6 +23,8 @@ ynh_remove_systemd_config
# Remove the dedicated NGINX config
ynh_remove_nginx_config
_ynh_firewall_remove_tweak
#=================================================
# END OF SCRIPT
#=================================================

12
scripts/restore
View file

@ -15,12 +15,13 @@ source /usr/share/yunohost/helpers
ynh_maintenance_mode_ON
#=================================================
# INSTALL LXD
# INSTALL INCUS
#=================================================
ynh_script_progression --message="Installing LXD... (this make take a long time!)"
ynh_script_progression --message="Installing Incus... (this make take a long time!)"
if ! yunohost app list --output-as json --quiet | jq -e '.apps[] | select(.id == "lxd")' >/dev/null; then
yunohost app install --force https://github.com/YunoHost-Apps/lxd_ynh
if ! yunohost app list --output-as json --quiet | jq -e '.apps[] | select(.id == "incus")' >/dev/null; then
yunohost app install --force https://github.com/YunoHost-Apps/incus_ynh
setup_incus
fi
#=================================================
@ -58,6 +59,9 @@ yunohost service add "$app" --description="$app daemon for YunoRunner" $(exposed
ynh_restore_file --origin_path="/etc/cron.d/$app"
ynh_restore_file --origin_path="/etc/yunohost/hooks.d/post_iptable_rules/50-${app}"
yunohost firewall reload
#=================================================
# RELOAD NGINX AND PHP-FPM OR THE APP SERVICE
#=================================================

29
scripts/upgrade
View file

@ -13,15 +13,6 @@ source /usr/share/yunohost/helpers
ynh_maintenance_mode_ON
#=================================================
# INSTALL LXD
#=================================================
ynh_script_progression --message="Installing LXD... (this make take a long time!)"
if ! yunohost app list --output-as json --quiet | jq -e '.apps[] | select(.id == "lxd")' >/dev/null; then
yunohost app install --force https://github.com/YunoHost-Apps/lxd_ynh
fi
#=================================================
# STOP SYSTEMD SERVICE
#=================================================
@ -85,6 +76,22 @@ fi
# Remove Pythonz
ynh_secure_remove --file="$install_dir/.pythonz"
#=================================================
# INSTALL INCUS
#=================================================
if yunohost app list --output-as json --quiet | jq -e '.apps[] | select(.id == "lxd")' >/dev/null; then
# Remove lxd_ynh
ynh_script_progression --message="Removing LXD.."
yunohost app remove lxd
fi
ynh_script_progression --message="Installing Incus... (this make take a long time!)"
if ! yunohost app list --output-as json --quiet | jq -e '.apps[] | select(.id == "incus")' >/dev/null; then
yunohost app install --force https://github.com/YunoHost-Apps/incus_ynh
setup_incus
fi
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
@ -98,6 +105,8 @@ popd
chmod -R o-rwx "$install_dir"
chown -R "$app:$app" "$install_dir"
chown "$app:www-data" "$install_dir"
chown -R "$app:www-data" "$install_dir/results"
#=================================================
# INSTALL PYTHON DEPENDENCIES
@ -134,6 +143,8 @@ yunohost service add "$app" --description="$app daemon for YunoRunner" $(exposed
ynh_add_config --template="cron" --destination="/etc/cron.d/$app"
_ynh_firewall_add_tweak
#=================================================
# START SYSTEMD SERVICE
#=================================================