Skip to content

Commit 401f9a2

Browse files
theCalcaholictheCalcaholic
committed
build-LXD.sh: Use sudo for invoking incus/lxc commands if necessary
Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com>
1 parent 53af5f5 commit 401f9a2

File tree

2 files changed

+38
-22
lines changed

2 files changed

+38
-22
lines changed

.github/workflows/build-lxd.yml

Lines changed: 17 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,7 @@ jobs:
4545
RUNNER_LABEL="ubuntu-20.04-arm64"
4646
else
4747
LXC_CMD="incus"
48-
RUNNER_LABEL="ubuntu-20.04"
48+
RUNNER_LABEL="ubuntu-latest"
4949
fi
5050
5151
echo "runner_label=$RUNNER_LABEL" | tee -a $GITHUB_OUTPUT
@@ -73,16 +73,26 @@ jobs:
7373
continue-on-error: true
7474
with:
7575
lxd_version: latest/stable
76-
- name: Fix LXD
77-
run: |
78-
sudo iptables -I DOCKER-USER -i lxdbr0 -j ACCEPT
79-
sudo iptables -I DOCKER-USER -o lxdbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
80-
sudo iptables -I DOCKER-USER -i incusbr0 -j ACCEPT
81-
sudo iptables -I DOCKER-USER -o incusbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
76+
# - name: Setup incus
77+
# run: |
78+
# curl https://pkgs.zabbly.com/get/incus-stable | sudo sh -x
79+
# sudo nft flush ruleset
80+
# sudo incus admin init --auto
81+
# - name: Fix LXD
82+
# run: |
83+
# sudo iptables -I DOCKER-USER -i lxdbr0 -j ACCEPT
84+
# sudo iptables -I DOCKER-USER -o lxdbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
85+
# sudo iptables -I DOCKER-USER -i incusbr0 -j ACCEPT
86+
# sudo iptables -I DOCKER-USER -o incusbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
8287
- name: Build LXD image
8388
env:
8489
USE_INCUS: "${{ needs.determine-runner.outputs.lxc_cmd == 'incus' && 'yes' || 'no' }}"
8590
run: |
91+
echo 'subuid:'
92+
sudo cat /etc/subuid
93+
echo 'subgid:'
94+
sudo cat /etc/subgid
95+
echo '-'
8696
BRANCH="$VERSION" ./build/build-LXD.sh
8797
- name: Pack LXD image
8898
id: pack-lxd

build/build-LXD.sh

Lines changed: 21 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -33,11 +33,13 @@ prepare_dirs # tmp cache output
3333

3434
debian_version="$(. etc/library.sh > /dev/null 2>&1; echo "${RELEASE%%-security}")"
3535

36-
LXC_CMD=lxc
37-
[[ "$USE_INCUS" == "yes" ]] && LXC_CMD=incus
36+
LXC_CMD=(lxc)
37+
[[ "$USE_INCUS" == "yes" ]] && LXC_CMD=(incus)
3838

39-
$LXC_CMD delete -f ncp 2>/dev/null || true
40-
LXC_CREATE=($LXC_CMD init -p default)
39+
"${LXC_CMD[@]}" info || LXC_CMD=(sudo "${LXC_CMD[0]}")
40+
41+
"${LXC_CMD[@]}" delete -f ncp 2>/dev/null || true
42+
LXC_CREATE=("${LXC_CMD[@]}" init -p default)
4143
[[ -n "$LXD_EXTRA_PROFILE" ]] && LXC_CREATE+=(-p "$LXD_EXTRA_PROFILE")
4244
if [[ -n "$LXD_ARCH" ]] && [[ "$LXD_ARCH" != "x86" ]]
4345
then
@@ -64,19 +66,23 @@ LXC_CREATE+=(ncp)
6466
set -x
6567
EXEC_ARGS=()
6668
[[ -z "$BRANCH" ]] || EXEC_ARGS+=(--env "BRANCH=${BRANCH}")
67-
systemd-run --user --scope -p "Delegate=yes" $LXC_CMD start ncp -q || \
68-
sudo systemd-run --scope -p "Delegate=yes" $LXC_CMD start ncp -q
69-
$LXC_CMD config device add ncp buildcode disk source="$(pwd)" path=/build
70-
$LXC_CMD exec ncp "${EXEC_ARGS[@]}" -- bash -c 'while [ "$(systemctl is-system-running 2>/dev/null)" != "running" ] && [ "$(systemctl is-system-running 2>/dev/null)" != "degraded" ]; do :; done'
71-
$LXC_CMD exec ncp "${EXEC_ARGS[@]}" -- bash -c 'CODE_DIR=/build DBG=x bash /build/install.sh'
72-
$LXC_CMD exec ncp "${EXEC_ARGS[@]}" -- bash -c 'source /build/etc/library.sh; run_app_unsafe /build/post-inst.sh'
73-
$LXC_CMD exec ncp "${EXEC_ARGS[@]}" -- bash -c "echo '$(basename "$IMG")' > /usr/local/etc/ncp-baseimage"
74-
$LXC_CMD stop ncp
75-
$LXC_CMD config device remove ncp buildcode
76-
$LXC_CMD publish -q ncp -f --alias ncp/"${version}"
69+
systemd-run --user --scope -p "Delegate=yes" "${LXC_CMD[@]}" start ncp -q || \
70+
sudo systemd-run --scope -p "Delegate=yes" "${LXC_CMD[@]}" start ncp -q || {
71+
rc=$?
72+
"${LXC_CMD[@]}" info --show-log ncp
73+
exit $rc
74+
}
75+
"${LXC_CMD[@]}" config device add ncp buildcode disk source="$(pwd)" path=/build
76+
"${LXC_CMD[@]}" exec ncp "${EXEC_ARGS[@]}" -- bash -c 'while [ "$(systemctl is-system-running 2>/dev/null)" != "running" ] && [ "$(systemctl is-system-running 2>/dev/null)" != "degraded" ]; do :; done'
77+
"${LXC_CMD[@]}" exec ncp "${EXEC_ARGS[@]}" -- bash -c 'CODE_DIR=/build DBG=x bash /build/install.sh'
78+
"${LXC_CMD[@]}" exec ncp "${EXEC_ARGS[@]}" -- bash -c 'source /build/etc/library.sh; run_app_unsafe /build/post-inst.sh'
79+
"${LXC_CMD[@]}" exec ncp "${EXEC_ARGS[@]}" -- bash -c "echo '$(basename "$IMG")' > /usr/local/etc/ncp-baseimage"
80+
"${LXC_CMD[@]}" stop ncp
81+
"${LXC_CMD[@]}" config device remove ncp buildcode
82+
"${LXC_CMD[@]}" publish -q ncp -f --alias ncp/"${version}"
7783

7884
## pack
79-
[[ " $* " =~ .*" --pack ".* ]] && $LXC_CMD image export -q ncp/"${version}" "$TAR"
85+
[[ " $* " =~ .*" --pack ".* ]] && "${LXC_CMD[@]}" image export -q ncp/"${version}" "$TAR"
8086

8187
exit 0
8288

0 commit comments

Comments
 (0)