diff --git a/README.md b/README.md index a1af2d2..66cd564 100644 --- a/README.md +++ b/README.md @@ -18,9 +18,9 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Yunorunner is a CI server for YunoHost apps. -It is based on LXD/LXC and uses [package_check](https://github.com/YunoHost/package_check). +It is based on Incus / LXC and uses [package_check](https://github.com/YunoHost/package_check). -**Shipped version:** 2023.04.05~ynh2 +**Shipped version:** 2023.04.05~ynh3 ## Screenshots diff --git a/README_fr.md b/README_fr.md index efbb4e2..542de8c 100644 --- a/README_fr.md +++ b/README_fr.md @@ -18,9 +18,9 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po Yunorunner is a CI server for YunoHost apps. -It is based on LXD/LXC and uses [package_check](https://github.com/YunoHost/package_check). +It is based on Incus / LXC and uses [package_check](https://github.com/YunoHost/package_check). -**Version incluse :** 2023.04.05~ynh2 +**Version incluse :** 2023.04.05~ynh3 ## Captures d’écran diff --git a/conf/firewall_rules.sh b/conf/firewall_rules.sh new file mode 100644 index 0000000..5b886f0 --- /dev/null +++ b/conf/firewall_rules.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +iptables -t filter -A INPUT -i incusbr0 -p udp -d 255.255.255.255 --dport 67 -j ACCEPT diff --git a/conf/lxd-preseed.yml b/conf/incus-preseed.yml similarity index 76% rename from conf/lxd-preseed.yml rename to conf/incus-preseed.yml index b6ae646..705046c 100644 --- a/conf/lxd-preseed.yml +++ b/conf/incus-preseed.yml @@ -4,27 +4,27 @@ config: core.trust_password: __YUNO_PWD__ networks: - config: - ipv4.address: 192.168.__LXC_NETWORK__.1/24 + ipv4.address: 192.168.__INCUS_NETWORK__.1/24 ipv4.nat: "true" ipv6.address: none description: "" - name: lxdbr0 + name: incusbr0 type: bridge project: default storage_pools: - config: size: __BTRFS_SIZE__GB - source: /var/lib/lxd/disks/local.img + source: /var/lib/incus/disks/local.img description: "" name: local driver: btrfs profiles: - config: {} - description: Default LXD profile + description: Default Incus profile devices: - lxdbr0: + incusbr0: nictype: bridged - parent: lxdbr0 + parent: incusbr0 type: nic root: path: / @@ -37,7 +37,7 @@ projects: features.networks: "true" features.profiles: "true" features.storage.volumes: "true" - description: Default LXD project + description: Default Incus project name: default cluster: server_name: __DOMAIN__ diff --git a/conf/systemd.service b/conf/systemd.service index 1827064..992774e 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -9,7 +9,7 @@ User=__APP__ Group=__APP__ WorkingDirectory=__INSTALL_DIR__/ ExecStart=__INSTALL_DIR__/venv/bin/python ./run.py -Environment=YNHDEV_BACKEND=lxd +Environment=YNHDEV_BACKEND=incus # Sandboxing options to harden security # Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md index ec06d8e..524840e 100644 --- a/doc/DESCRIPTION.md +++ b/doc/DESCRIPTION.md @@ -1,3 +1,3 @@ Yunorunner is a CI server for YunoHost apps. -It is based on LXD/LXC and uses [package_check](https://github.com/YunoHost/package_check). +It is based on Incus / LXC and uses [package_check](https://github.com/YunoHost/package_check). diff --git a/doc/PRE_INSTALL.md b/doc/PRE_INSTALL.md index 65be331..cb9291c 100644 --- a/doc/PRE_INSTALL.md +++ b/doc/PRE_INSTALL.md @@ -1,2 +1,2 @@ -YunoRunner will install LXD, for containers management. +YunoRunner will install Incus, for containers management. Make sure your system has virtualization capability, and enough resources. diff --git a/doc/PRE_UPGRADE.d/2023.04.05~ynh3.md b/doc/PRE_UPGRADE.d/2023.04.05~ynh3.md new file mode 100644 index 0000000..7d3924e --- /dev/null +++ b/doc/PRE_UPGRADE.d/2023.04.05~ynh3.md @@ -0,0 +1,18 @@ +This upgrade migrates from LXD to Incus ! + +It does NOT handle migration as it's unstable, but rather creates a fresh `incus` configuration. + +If you still want to migrate, you need to: + +* Install the incus app: `yunohost app install incus` +* Run the migration tool: `lxd-to-incus` +* Remove LXD: `yunohost app remove lxd` +* Rename the `lxdbr0` or `lxdbr1` network to `incusbr0`: + +```bash +incus network detach-profile lxdbr1 default +incus network rename lxdbr1 incusbr0 +incus network attach-profile incusbr0 default +``` + +… Maybe some other steps ? diff --git a/manifest.toml b/manifest.toml index 51b1425..54bff17 100644 --- a/manifest.toml +++ b/manifest.toml @@ -7,7 +7,7 @@ name = "YunoRunner" description.en = "CI runner of YunoHost" description.fr = "Runner d'intégration continue de YunoHost" -version = "2023.04.05~ynh2" +version = "2023.04.05~ynh3" maintainers = [] @@ -52,7 +52,7 @@ ram.runtime = "50M" default = "manual" [install.cluster] - ask.en = "Should an LXD cluster be created with this server as first node? (cluster mode is experimental)" + ask.en = "Should an Incus cluster be created with this server as first node? (cluster mode is experimental)" type = "boolean" default = false @@ -75,4 +75,5 @@ ram.runtime = "50M" "sqlite3", "wkhtmltopdf", "optipng", + "lynx", ] diff --git a/scripts/_common.sh b/scripts/_common.sh index 7c83742..c4aad0c 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -6,7 +6,7 @@ yunorunner_repository="https://github.com/YunoHost/yunorunner" -yunorunner_release="52ef23a2cb37cb4fe13debca58eb589bb2f4d927" +yunorunner_release="a2ab9f576b2ab628190aa65d48dcdad727a81929" #================================================= # PERSONAL HELPERS @@ -25,28 +25,28 @@ tweak_yunohost() { yunohost app makedefault -d "$domain" $app } -setup_lxd() { - ynh_print_info "Configuring lxd..." +setup_incus() { + ynh_print_info "Configuring Incus..." + + # ci_user will be the one launching job, gives it permission to run incus commands + usermod -a -G incus-admin "$app" if [ "$cluster" -eq 1 ]; then yunohost firewall allow TCP 8443 free_space=$(df --output=avail / | sed 1d) btrfs_size=$(( free_space * 90 / 100 / 1024 / 1024 )) - lxc_network=$((1 + RANDOM % 254)) - ynh_add_config --template="lxd-preseed.yml" --destination="$install_dir/lxd-preseed.yml" - lxd init --preseed < "$install_dir/lxd-preseed.yml" - rm "$install_dir/lxd-preseed.yml" + incus_network=$((1 + RANDOM % 254)) + ynh_add_config --template="incus-preseed.yml" --destination="$install_dir/incus-preseed.yml" + incus admin init --preseed < "$install_dir/incus-preseed.yml" + rm "$install_dir/incus-preseed.yml" - lxc config set core.https_address "[::]" + incus config set core.https_address "[::]" else - lxd init --auto # --storage-backend=dir + incus admin init --auto # --storage-backend=dir fi - # ci_user will be the one launching job, gives it permission to run lxd commands - usermod -a -G lxd "$app" - - ynh_exec_as "$app" lxc remote add yunohost https://devbaseimgs.yunohost.org --public --accept-certificate + ynh_exec_as "$app" incus remote add yunohost https://devbaseimgs.yunohost.org --public --accept-certificate } exposed_ports_if_cluster() { @@ -55,6 +55,19 @@ exposed_ports_if_cluster() { fi } +_ynh_firewall_add_tweak() { + mkdir -p "/etc/yunohost/hooks.d/post_iptable_rules" + + ynh_add_config --template="firewall_rules.sh" --destination="/etc/yunohost/hooks.d/post_iptable_rules/50-${app}" + yunohost firewall reload +} + +_ynh_firewall_remove_tweak() { + ynh_secure_remove --file="/etc/yunohost/hooks.d/post_iptable_rules/50-${app}" + yunohost firewall git remote add origin git@github.com:user/repository.git + +} + #================================================= # EXPERIMENTAL HELPERS #================================================= diff --git a/scripts/backup b/scripts/backup index 1b0da06..d6f293b 100644 --- a/scripts/backup +++ b/scripts/backup @@ -35,6 +35,8 @@ ynh_backup --src_path="/etc/systemd/system/$app.service" ynh_backup --src_path="/etc/cron.d/$app" +ynh_backup --src_path="/etc/yunohost/hooks.d/post_iptable_rules/50-${app}" + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/install b/scripts/install index 521ed11..1be62fd 100644 --- a/scripts/install +++ b/scripts/install @@ -8,14 +8,16 @@ source _common.sh source /usr/share/yunohost/helpers #================================================= -# INSTALL LXD +# INSTALL INCUS #================================================= -ynh_script_progression --message="Installing LXD... (this make take a long time!)" +ynh_script_progression --message="Installing Incus... (this make take a long time!)" -if ! yunohost app list --output-as json --quiet | jq -e '.apps[] | select(.id == "lxd")' >/dev/null; then - yunohost app install --force https://github.com/YunoHost-Apps/lxd_ynh +if ! yunohost app list --output-as json --quiet | jq -e '.apps[] | select(.id == "incus")' >/dev/null; then + yunohost app install --force https://github.com/YunoHost-Apps/incus_ynh fi +setup_incus + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -30,8 +32,6 @@ ynh_exec_as "$app" git clone https://github.com/YunoHost/package_check "$install chown "$app:$app" "$install_dir" -setup_lxd - chmod -R o-rwx "$install_dir" chown -R "$app:$app" "$install_dir" chown "$app:www-data" "$install_dir" @@ -87,6 +87,8 @@ yunohost service add "$app" --description="$app daemon for YunoRunner" $(exposed ynh_add_config --template="cron" --destination="/etc/cron.d/$app" +_ynh_firewall_add_tweak + #================================================= # START SYSTEMD SERVICE #================================================= diff --git a/scripts/remove b/scripts/remove index 47a0324..5aee90f 100644 --- a/scripts/remove +++ b/scripts/remove @@ -23,6 +23,8 @@ ynh_remove_systemd_config # Remove the dedicated NGINX config ynh_remove_nginx_config +_ynh_firewall_remove_tweak + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index 41c6cae..1f59eb3 100644 --- a/scripts/restore +++ b/scripts/restore @@ -15,12 +15,13 @@ source /usr/share/yunohost/helpers ynh_maintenance_mode_ON #================================================= -# INSTALL LXD +# INSTALL INCUS #================================================= -ynh_script_progression --message="Installing LXD... (this make take a long time!)" +ynh_script_progression --message="Installing Incus... (this make take a long time!)" -if ! yunohost app list --output-as json --quiet | jq -e '.apps[] | select(.id == "lxd")' >/dev/null; then - yunohost app install --force https://github.com/YunoHost-Apps/lxd_ynh +if ! yunohost app list --output-as json --quiet | jq -e '.apps[] | select(.id == "incus")' >/dev/null; then + yunohost app install --force https://github.com/YunoHost-Apps/incus_ynh + setup_incus fi #================================================= @@ -58,6 +59,9 @@ yunohost service add "$app" --description="$app daemon for YunoRunner" $(exposed ynh_restore_file --origin_path="/etc/cron.d/$app" +ynh_restore_file --origin_path="/etc/yunohost/hooks.d/post_iptable_rules/50-${app}" +yunohost firewall reload + #================================================= # RELOAD NGINX AND PHP-FPM OR THE APP SERVICE #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index b172ab0..52ade96 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -13,15 +13,6 @@ source /usr/share/yunohost/helpers ynh_maintenance_mode_ON -#================================================= -# INSTALL LXD -#================================================= -ynh_script_progression --message="Installing LXD... (this make take a long time!)" - -if ! yunohost app list --output-as json --quiet | jq -e '.apps[] | select(.id == "lxd")' >/dev/null; then - yunohost app install --force https://github.com/YunoHost-Apps/lxd_ynh -fi - #================================================= # STOP SYSTEMD SERVICE #================================================= @@ -85,6 +76,22 @@ fi # Remove Pythonz ynh_secure_remove --file="$install_dir/.pythonz" +#================================================= +# INSTALL INCUS +#================================================= +if yunohost app list --output-as json --quiet | jq -e '.apps[] | select(.id == "lxd")' >/dev/null; then + # Remove lxd_ynh + ynh_script_progression --message="Removing LXD.." + yunohost app remove lxd +fi + +ynh_script_progression --message="Installing Incus... (this make take a long time!)" + +if ! yunohost app list --output-as json --quiet | jq -e '.apps[] | select(.id == "incus")' >/dev/null; then + yunohost app install --force https://github.com/YunoHost-Apps/incus_ynh + setup_incus +fi + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -98,6 +105,8 @@ popd chmod -R o-rwx "$install_dir" chown -R "$app:$app" "$install_dir" +chown "$app:www-data" "$install_dir" +chown -R "$app:www-data" "$install_dir/results" #================================================= # INSTALL PYTHON DEPENDENCIES @@ -134,6 +143,8 @@ yunohost service add "$app" --description="$app daemon for YunoRunner" $(exposed ynh_add_config --template="cron" --destination="/etc/cron.d/$app" +_ynh_firewall_add_tweak + #================================================= # START SYSTEMD SERVICE #=================================================