YunoHost-Apps/yunorunner_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/yunorunner_ynh.git synced 2024-09-03 20:36:13 +02:00
Code Issues Activity Actions

Merge pull request #54 from YunoHost-Apps/incus

Browse source 
Use incus instead of lxd
This commit is contained in:
Salamandar 2024-03-15 22:24:24 +01:00 committed by GitHub
commit fd6715124b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
15 changed files with 104 additions and 48 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
README.md
View file

@ -18,9 +18,9 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
Yunorunner is a CI server for YunoHost apps. Yunorunner is a CI server for YunoHost apps.
It is based on LXD/LXC and uses [package_check](https://github.com/YunoHost/package_check). It is based on Incus / LXC and uses [package_check](https://github.com/YunoHost/package_check).
**Shipped version:** 2023.04.05~ynh2 **Shipped version:** 2023.04.05~ynh3
## Screenshots ## Screenshots

4
README_fr.md
View file

@ -18,9 +18,9 @@ Si vous navez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po
Yunorunner is a CI server for YunoHost apps. Yunorunner is a CI server for YunoHost apps.
It is based on LXD/LXC and uses [package_check](https://github.com/YunoHost/package_check). It is based on Incus / LXC and uses [package_check](https://github.com/YunoHost/package_check).
**Version incluse :** 2023.04.05~ynh2 **Version incluse :** 2023.04.05~ynh3
## Captures décran ## Captures décran

3
conf/firewall_rules.sh Normal file
View file

@ -0,0 +1,3 @@
#!/bin/bash
iptables -t filter -A INPUT -i incusbr0 -p udp -d 255.255.255.255 --dport 67 -j ACCEPT

14
conf/lxd-preseed.yml → conf/incus-preseed.yml
View file

@ -4,27 +4,27 @@ config:
core.trust_password: __YUNO_PWD__ core.trust_password: __YUNO_PWD__
networks: networks:
- config: - config:
ipv4.address: 192.168.__LXC_NETWORK__.1/24 ipv4.address: 192.168.__INCUS_NETWORK__.1/24
ipv4.nat: "true" ipv4.nat: "true"
ipv6.address: none ipv6.address: none
description: "" description: ""
name: lxdbr0 name: incusbr0
type: bridge type: bridge
project: default project: default
storage_pools: storage_pools:
- config: - config:
size: __BTRFS_SIZE__GB size: __BTRFS_SIZE__GB
source: /var/lib/lxd/disks/local.img source: /var/lib/incus/disks/local.img
description: "" description: ""
name: local name: local
driver: btrfs driver: btrfs
profiles: profiles:
- config: {} - config: {}
description: Default LXD profile description: Default Incus profile
devices: devices:
lxdbr0: incusbr0:
nictype: bridged nictype: bridged
parent: lxdbr0 parent: incusbr0
type: nic type: nic
root: root:
path: / path: /
@ -37,7 +37,7 @@ projects:
features.networks: "true" features.networks: "true"
features.profiles: "true" features.profiles: "true"
features.storage.volumes: "true" features.storage.volumes: "true"
description: Default LXD project description: Default Incus project
name: default name: default
cluster: cluster:
server_name: __DOMAIN__ server_name: __DOMAIN__

2
conf/systemd.service
View file

@ -9,7 +9,7 @@ User=__APP__
Group=__APP__ Group=__APP__
WorkingDirectory=__INSTALL_DIR__/ WorkingDirectory=__INSTALL_DIR__/
ExecStart=__INSTALL_DIR__/venv/bin/python ./run.py ExecStart=__INSTALL_DIR__/venv/bin/python ./run.py
Environment=YNHDEV_BACKEND=lxd Environment=YNHDEV_BACKEND=incus
# Sandboxing options to harden security # Sandboxing options to harden security
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html # Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html

2
doc/DESCRIPTION.md
View file

@ -1,3 +1,3 @@
Yunorunner is a CI server for YunoHost apps. Yunorunner is a CI server for YunoHost apps.
It is based on LXD/LXC and uses [package_check](https://github.com/YunoHost/package_check). It is based on Incus / LXC and uses [package_check](https://github.com/YunoHost/package_check).

2
doc/PRE_INSTALL.md
View file

@ -1,2 +1,2 @@
YunoRunner will install LXD, for containers management. YunoRunner will install Incus, for containers management.
Make sure your system has virtualization capability, and enough resources. Make sure your system has virtualization capability, and enough resources.

18
doc/PRE_UPGRADE.d/2023.04.05~ynh3.md Normal file
View file

@ -0,0 +1,18 @@
This upgrade migrates from LXD to Incus !
It does NOT handle migration as it's unstable, but rather creates a fresh `incus` configuration.
If you still want to migrate, you need to:
* Install the incus app: `yunohost app install incus`
* Run the migration tool: `lxd-to-incus`
* Remove LXD: `yunohost app remove lxd`
* Rename the `lxdbr0` or `lxdbr1` network to `incusbr0`:
```bash
incus network detach-profile lxdbr1 default
incus network rename lxdbr1 incusbr0
incus network attach-profile incusbr0 default
```
… Maybe some other steps ?

5
manifest.toml
View file

@ -7,7 +7,7 @@ name = "YunoRunner"
description.en = "CI runner of YunoHost" description.en = "CI runner of YunoHost"
description.fr = "Runner d'intégration continue de YunoHost" description.fr = "Runner d'intégration continue de YunoHost"
version = "2023.04.05~ynh2" version = "2023.04.05~ynh3"
maintainers = [] maintainers = []
@ -52,7 +52,7 @@ ram.runtime = "50M"
default = "manual" default = "manual"
[install.cluster] [install.cluster]
ask.en = "Should an LXD cluster be created with this server as first node? (cluster mode is experimental)" ask.en = "Should an Incus cluster be created with this server as first node? (cluster mode is experimental)"
type = "boolean" type = "boolean"
default = false default = false
@ -75,4 +75,5 @@ ram.runtime = "50M"
"sqlite3", "sqlite3",
"wkhtmltopdf", "wkhtmltopdf",
"optipng", "optipng",
"lynx",
] ]

39
scripts/_common.sh
View file

@ -6,7 +6,7 @@
yunorunner_repository="https://github.com/YunoHost/yunorunner" yunorunner_repository="https://github.com/YunoHost/yunorunner"
yunorunner_release="52ef23a2cb37cb4fe13debca58eb589bb2f4d927" yunorunner_release="a2ab9f576b2ab628190aa65d48dcdad727a81929"
#================================================= #=================================================
# PERSONAL HELPERS # PERSONAL HELPERS
@ -25,28 +25,28 @@ tweak_yunohost() {
yunohost app makedefault -d "$domain" $app yunohost app makedefault -d "$domain" $app
} }
setup_lxd() { setup_incus() {
ynh_print_info "Configuring lxd..." ynh_print_info "Configuring Incus..."
# ci_user will be the one launching job, gives it permission to run incus commands
usermod -a -G incus-admin "$app"
if [ "$cluster" -eq 1 ]; then if [ "$cluster" -eq 1 ]; then
yunohost firewall allow TCP 8443 yunohost firewall allow TCP 8443
free_space=$(df --output=avail / | sed 1d) free_space=$(df --output=avail / | sed 1d)
btrfs_size=$(( free_space * 90 / 100 / 1024 / 1024 )) btrfs_size=$(( free_space * 90 / 100 / 1024 / 1024 ))
lxc_network=$((1 + RANDOM % 254)) incus_network=$((1 + RANDOM % 254))
ynh_add_config --template="lxd-preseed.yml" --destination="$install_dir/lxd-preseed.yml" ynh_add_config --template="incus-preseed.yml" --destination="$install_dir/incus-preseed.yml"
lxd init --preseed < "$install_dir/lxd-preseed.yml" incus admin init --preseed < "$install_dir/incus-preseed.yml"
rm "$install_dir/lxd-preseed.yml" rm "$install_dir/incus-preseed.yml"
lxc config set core.https_address "[::]" incus config set core.https_address "[::]"
else else
lxd init --auto # --storage-backend=dir incus admin init --auto # --storage-backend=dir
fi fi
# ci_user will be the one launching job, gives it permission to run lxd commands ynh_exec_as "$app" incus remote add yunohost https://devbaseimgs.yunohost.org --public --accept-certificate
usermod -a -G lxd "$app"
ynh_exec_as "$app" lxc remote add yunohost https://devbaseimgs.yunohost.org --public --accept-certificate
} }
exposed_ports_if_cluster() { exposed_ports_if_cluster() {
@ -55,6 +55,19 @@ exposed_ports_if_cluster() {
fi fi
} }
_ynh_firewall_add_tweak() {
mkdir -p "/etc/yunohost/hooks.d/post_iptable_rules"
ynh_add_config --template="firewall_rules.sh" --destination="/etc/yunohost/hooks.d/post_iptable_rules/50-${app}"
yunohost firewall reload
}
_ynh_firewall_remove_tweak() {
ynh_secure_remove --file="/etc/yunohost/hooks.d/post_iptable_rules/50-${app}"
yunohost firewall git remote add origin git@github.com:user/repository.git
}
#================================================= #=================================================
# EXPERIMENTAL HELPERS # EXPERIMENTAL HELPERS
#================================================= #=================================================

2
scripts/backup
View file

@ -35,6 +35,8 @@ ynh_backup --src_path="/etc/systemd/system/$app.service"
ynh_backup --src_path="/etc/cron.d/$app" ynh_backup --src_path="/etc/cron.d/$app"
ynh_backup --src_path="/etc/yunohost/hooks.d/post_iptable_rules/50-${app}"
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT
#================================================= #=================================================

14
scripts/install
View file

@ -8,14 +8,16 @@ source _common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
#================================================= #=================================================
# INSTALL LXD # INSTALL INCUS
#================================================= #=================================================
ynh_script_progression --message="Installing LXD... (this make take a long time!)" ynh_script_progression --message="Installing Incus... (this make take a long time!)"
if ! yunohost app list --output-as json --quiet | jq -e '.apps[] | select(.id == "lxd")' >/dev/null; then if ! yunohost app list --output-as json --quiet | jq -e '.apps[] | select(.id == "incus")' >/dev/null; then
yunohost app install --force https://github.com/YunoHost-Apps/lxd_ynh yunohost app install --force https://github.com/YunoHost-Apps/incus_ynh
fi fi
setup_incus
#================================================= #=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE # DOWNLOAD, CHECK AND UNPACK SOURCE
#================================================= #=================================================
@ -30,8 +32,6 @@ ynh_exec_as "$app" git clone https://github.com/YunoHost/package_check "$install
chown "$app:$app" "$install_dir" chown "$app:$app" "$install_dir"
setup_lxd
chmod -R o-rwx "$install_dir" chmod -R o-rwx "$install_dir"
chown -R "$app:$app" "$install_dir" chown -R "$app:$app" "$install_dir"
chown "$app:www-data" "$install_dir" chown "$app:www-data" "$install_dir"
@ -87,6 +87,8 @@ yunohost service add "$app" --description="$app daemon for YunoRunner" $(exposed
ynh_add_config --template="cron" --destination="/etc/cron.d/$app" ynh_add_config --template="cron" --destination="/etc/cron.d/$app"
_ynh_firewall_add_tweak
#================================================= #=================================================
# START SYSTEMD SERVICE # START SYSTEMD SERVICE
#================================================= #=================================================

2
scripts/remove
View file

@ -23,6 +23,8 @@ ynh_remove_systemd_config
# Remove the dedicated NGINX config # Remove the dedicated NGINX config
ynh_remove_nginx_config ynh_remove_nginx_config
_ynh_firewall_remove_tweak
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT
#================================================= #=================================================

12
scripts/restore
View file

@ -15,12 +15,13 @@ source /usr/share/yunohost/helpers
ynh_maintenance_mode_ON ynh_maintenance_mode_ON
#================================================= #=================================================
# INSTALL LXD # INSTALL INCUS
#================================================= #=================================================
ynh_script_progression --message="Installing LXD... (this make take a long time!)" ynh_script_progression --message="Installing Incus... (this make take a long time!)"
if ! yunohost app list --output-as json --quiet | jq -e '.apps[] | select(.id == "lxd")' >/dev/null; then if ! yunohost app list --output-as json --quiet | jq -e '.apps[] | select(.id == "incus")' >/dev/null; then
yunohost app install --force https://github.com/YunoHost-Apps/lxd_ynh yunohost app install --force https://github.com/YunoHost-Apps/incus_ynh
setup_incus
fi fi
#================================================= #=================================================
@ -58,6 +59,9 @@ yunohost service add "$app" --description="$app daemon for YunoRunner" $(exposed
ynh_restore_file --origin_path="/etc/cron.d/$app" ynh_restore_file --origin_path="/etc/cron.d/$app"
ynh_restore_file --origin_path="/etc/yunohost/hooks.d/post_iptable_rules/50-${app}"
yunohost firewall reload
#================================================= #=================================================
# RELOAD NGINX AND PHP-FPM OR THE APP SERVICE # RELOAD NGINX AND PHP-FPM OR THE APP SERVICE
#================================================= #=================================================

29
scripts/upgrade
View file

@ -13,15 +13,6 @@ source /usr/share/yunohost/helpers
ynh_maintenance_mode_ON ynh_maintenance_mode_ON
#=================================================
# INSTALL LXD
#=================================================
ynh_script_progression --message="Installing LXD... (this make take a long time!)"
if ! yunohost app list --output-as json --quiet | jq -e '.apps[] | select(.id == "lxd")' >/dev/null; then
yunohost app install --force https://github.com/YunoHost-Apps/lxd_ynh
fi
#================================================= #=================================================
# STOP SYSTEMD SERVICE # STOP SYSTEMD SERVICE
#================================================= #=================================================
@ -85,6 +76,22 @@ fi
# Remove Pythonz # Remove Pythonz
ynh_secure_remove --file="$install_dir/.pythonz" ynh_secure_remove --file="$install_dir/.pythonz"
#=================================================
# INSTALL INCUS
#=================================================
if yunohost app list --output-as json --quiet | jq -e '.apps[] | select(.id == "lxd")' >/dev/null; then
# Remove lxd_ynh
ynh_script_progression --message="Removing LXD.."
yunohost app remove lxd
fi
ynh_script_progression --message="Installing Incus... (this make take a long time!)"
if ! yunohost app list --output-as json --quiet | jq -e '.apps[] | select(.id == "incus")' >/dev/null; then
yunohost app install --force https://github.com/YunoHost-Apps/incus_ynh
setup_incus
fi
#================================================= #=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE # DOWNLOAD, CHECK AND UNPACK SOURCE
#================================================= #=================================================
@ -98,6 +105,8 @@ popd
chmod -R o-rwx "$install_dir" chmod -R o-rwx "$install_dir"
chown -R "$app:$app" "$install_dir" chown -R "$app:$app" "$install_dir"
chown "$app:www-data" "$install_dir"
chown -R "$app:www-data" "$install_dir/results"
#================================================= #=================================================
# INSTALL PYTHON DEPENDENCIES # INSTALL PYTHON DEPENDENCIES
@ -134,6 +143,8 @@ yunohost service add "$app" --description="$app daemon for YunoRunner" $(exposed
ynh_add_config --template="cron" --destination="/etc/cron.d/$app" ynh_add_config --template="cron" --destination="/etc/cron.d/$app"
_ynh_firewall_add_tweak
#================================================= #=================================================
# START SYSTEMD SERVICE # START SYSTEMD SERVICE
#================================================= #=================================================