odyssey4me · September 17, 2015 17:03
diff --git a/lxc-cache-create.sh b/lxc-cache-create.sh
 # build locally (includes a fair amount of stuff and takes a bit of time)
 #lxc-create --name=template3 --template=ubuntu -- --release trusty --arch amd64 --packages openssh-server,python2.7,apt-transport-https,python-lxml
 #chroot /var/lib/lxc/template3/rootfs apt-get clean

 # use a downloaded image (much faster)
 lxc-create --name=template2 --template=download -- --dist ubuntu --release trusty --arch amd64
 chroot /var/lib/lxc/template2/rootfs apt-get install -y \
 	openssh-server \
 	python2.7 \
 	apt-transport-https \
 	python-lxml \
 	bridge-utils \
 	bsdmainutils \
 	build-essential \
 	cgmanager \
 	cgmanager-utils \
 	cgroup-lite \
 	comerr-dev \
 	curl \
 	debconf-utils \
 	debhelper \
 	dh-apparmor \
 	gettext \
 	gir1.2-glib-2.0 \
 	git \
 	git-core \
 	groff-base \
 	intltool-debian \
 	iptables \
 	iso-codes \
 	krb5-multidev \
 	libcgmanager-dev \
 	libdbus-1-dev \
 	libdbus-glib-1-2 \
 	libdevmapper-event1.02.1 \
 	libexpat1-dev \
 	libffi-dev \
 	libpq-dev \
 	libpq5 \
 	libpython-dev \
 	libxml2-dev \
 	libxslt1-dev \
 	libxslt1.1 \
 	lvm2 \
 	python-apt \
 	python-apt-common \
 	python-dev \
 	python-pycurl \
 	python-software-properties \
 	python3-apt \
 	python3-dbus \
 	python3-gi \
 	python3-minimal \
 	python3-pycurl \
 	python3-software-properties \
 	software-properties-common \
 	sqlite3 \
 	ssh \
 	sshpass \
 	time
 	
 	
 chroot /var/lib/lxc/template2/rootfs apt-get purge -y \
 	fakeroot \
 	libalgorithm-diff-perl \
 	libalgorithm-diff-xs-perl \
 	libalgorithm-merge-perl \
 	libasprintf-dev \
 	libfakeroot \
 	libfile-fcntllock-perl \
 	libgettextpo-dev \
 	libgettextpo0 \
 	libglib2.0-data \
 	libmail-sendmail-perl \
 	libpam-systemd \
 	libsys-hostname-long-perl \
 	libsystemd-daemon0 \
 	systemd-services \
 	systemd-shim \
 	libssl-doc \
 	libx11-6 \
 	libx11-data \
 	libxau6 \
 	libxcb1 \
 	libxdmcp6 \
 	libxext6 \
 	libxmuu1 \
 	manpages \
 	manpages-dev \
 	ncurses-term \
 	nih-dbus-tool \
 	python-chardet \
 	python-requests \
 	python-six \
 	python-urllib3 \
 	sgml-base \
 	shared-mime-info \
 	xml-core
 	

 chroot /var/lib/lxc/template2/rootfs apt-get clean
 cat >> /var/lib/lxc/template2/rootfs/etc/ssh/sshd_config <<EOF
 # Port/Protocol
 Port 22
 Protocol 2

 # HostKeys
 HostKey /etc/ssh/ssh_host_rsa_key
 HostKey /etc/ssh/ssh_host_dsa_key
 HostKey /etc/ssh/ssh_host_ecdsa_key
 HostKey /etc/ssh/ssh_host_ed25519_key

 #Privilege Separation is turned on for security
 UsePrivilegeSeparation yes

 # Lifetime and size of ephemeral version 1 server key
 KeyRegenerationInterval 3600
 ServerKeyBits 1024

 # Logging
 SyslogFacility AUTH
 LogLevel INFO

 # Authentication
 LoginGraceTime 120
 PermitRootLogin yes
 StrictModes yes
 RSAAuthentication yes
 PubkeyAuthentication yes
 IgnoreRhosts yes
 RhostsRSAAuthentication no
 HostbasedAuthentication no
 PermitEmptyPasswords no
 ChallengeResponseAuthentication no
 PasswordAuthentication no
 UsePAM yes
 UseDNS no


 X11Forwarding no
 X11DisplayOffset 10

 PrintMotd no
 PrintLastLog yes

 TCPKeepAlive yes

 # Allow client to pass locale environment variables
 AcceptEnv LANG LC_*

 Subsystem sftp /usr/lib/openssh/sftp-server
 EOF
diff --git a/notes.txt b/notes.txt
 Replace https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/lxc_container_create/tasks/container_create.yml#L109-L147 with a template to put into the cache. Annotate the template nicely. :)

 Replace https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/lxc_container_create/tasks/container_create.yml#L277-L307 with a templated addition to the cache too.

 Replace https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/lxc_container_create/tasks/container_create.yml#L309-L330 with the apt-get installs directly into the cache as per the script above.

 Switch as many of the things done in https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/lxc_container_create/tasks/container_create.yml as possible to part of the cache creation.
diff --git a/references.txt b/references.txt
 ### References ###
 https://help.ubuntu.com/lts/serverguide/lxc.html
 http://manpages.ubuntu.com/manpages/trusty/en/man1/lxc-create.1.html

 https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/
 https://github.com/lxc/lxc-ci/blob/master/bin/build-image

 http://mmoya.org/blog/2013/03/06/managing-prebuilt-os-images-with-ansible/
 https://github.com/mmoya/ansible-playbooks

 https://github.com/docker/docker/blob/master/contrib/mkimage.sh
 https://github.com/docker/docker/blob/master/contrib/mkimage/debootstrap
 https://openvz.org/Ubuntu_Trusty_template_creation

 https://github.com/h2oai/h2o-2/wiki/LXC-Linux-Containers.-Lightweight-isolation.-Create-more-hadoop-clusters-on-a-set-of-machines

 publishing images in openstack-infra:
 https://github.com/stackforge/akanda-appliance/blob/master/tox.ini
 https://github.com/stackforge/akanda-appliance/blob/master/scripts/create-akanda-raw-image.sh
 https://github.com/openstack-infra/project-config/blob/master/jenkins/jobs/akanda.yaml#L82-L104
	# build locally (includes a fair amount of stuff and takes a bit of time)
	#lxc-create --name=template3 --template=ubuntu -- --release trusty --arch amd64 --packages openssh-server,python2.7,apt-transport-https,python-lxml
	#chroot /var/lib/lxc/template3/rootfs apt-get clean

	# use a downloaded image (much faster)
	lxc-create --name=template2 --template=download -- --dist ubuntu --release trusty --arch amd64
	chroot /var/lib/lxc/template2/rootfs apt-get install -y \
	openssh-server \
	python2.7 \
	apt-transport-https \
	python-lxml \
	bridge-utils \
	bsdmainutils \
	build-essential \
	cgmanager \
	cgmanager-utils \
	cgroup-lite \
	comerr-dev \
	curl \
	debconf-utils \
	debhelper \
	dh-apparmor \
	gettext \
	gir1.2-glib-2.0 \
	git \
	git-core \
	groff-base \
	intltool-debian \
	iptables \
	iso-codes \
	krb5-multidev \
	libcgmanager-dev \
	libdbus-1-dev \
	libdbus-glib-1-2 \
	libdevmapper-event1.02.1 \
	libexpat1-dev \
	libffi-dev \
	libpq-dev \
	libpq5 \
	libpython-dev \
	libxml2-dev \
	libxslt1-dev \
	libxslt1.1 \
	lvm2 \
	python-apt \
	python-apt-common \
	python-dev \
	python-pycurl \
	python-software-properties \
	python3-apt \
	python3-dbus \
	python3-gi \
	python3-minimal \
	python3-pycurl \
	python3-software-properties \
	software-properties-common \
	sqlite3 \
	ssh \
	sshpass \
	time


	chroot /var/lib/lxc/template2/rootfs apt-get purge -y \
	fakeroot \
	libalgorithm-diff-perl \
	libalgorithm-diff-xs-perl \
	libalgorithm-merge-perl \
	libasprintf-dev \
	libfakeroot \
	libfile-fcntllock-perl \
	libgettextpo-dev \
	libgettextpo0 \
	libglib2.0-data \
	libmail-sendmail-perl \
	libpam-systemd \
	libsys-hostname-long-perl \
	libsystemd-daemon0 \
	systemd-services \
	systemd-shim \
	libssl-doc \
	libx11-6 \
	libx11-data \
	libxau6 \
	libxcb1 \
	libxdmcp6 \
	libxext6 \
	libxmuu1 \
	manpages \
	manpages-dev \
	ncurses-term \
	nih-dbus-tool \
	python-chardet \
	python-requests \
	python-six \
	python-urllib3 \
	sgml-base \
	shared-mime-info \
	xml-core


	chroot /var/lib/lxc/template2/rootfs apt-get clean
	cat >> /var/lib/lxc/template2/rootfs/etc/ssh/sshd_config <<EOF
	# Port/Protocol
	Port 22
	Protocol 2

	# HostKeys
	HostKey /etc/ssh/ssh_host_rsa_key
	HostKey /etc/ssh/ssh_host_dsa_key
	HostKey /etc/ssh/ssh_host_ecdsa_key
	HostKey /etc/ssh/ssh_host_ed25519_key

	#Privilege Separation is turned on for security
	UsePrivilegeSeparation yes

	# Lifetime and size of ephemeral version 1 server key
	KeyRegenerationInterval 3600
	ServerKeyBits 1024

	# Logging
	SyslogFacility AUTH
	LogLevel INFO

	# Authentication
	LoginGraceTime 120
	PermitRootLogin yes
	StrictModes yes
	RSAAuthentication yes
	PubkeyAuthentication yes
	IgnoreRhosts yes
	RhostsRSAAuthentication no
	HostbasedAuthentication no
	PermitEmptyPasswords no
	ChallengeResponseAuthentication no
	PasswordAuthentication no
	UsePAM yes
	UseDNS no


	X11Forwarding no
	X11DisplayOffset 10

	PrintMotd no
	PrintLastLog yes

	TCPKeepAlive yes

	# Allow client to pass locale environment variables
	AcceptEnv LANG LC_*

	Subsystem sftp /usr/lib/openssh/sftp-server
	EOF
	Replace https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/lxc_container_create/tasks/container_create.yml#L109-L147 with a template to put into the cache. Annotate the template nicely. :)

	Replace https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/lxc_container_create/tasks/container_create.yml#L277-L307 with a templated addition to the cache too.

	Replace https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/lxc_container_create/tasks/container_create.yml#L309-L330 with the apt-get installs directly into the cache as per the script above.

	Switch as many of the things done in https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/lxc_container_create/tasks/container_create.yml as possible to part of the cache creation.
	### References ###
	https://help.ubuntu.com/lts/serverguide/lxc.html
	http://manpages.ubuntu.com/manpages/trusty/en/man1/lxc-create.1.html

	https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/
	https://github.com/lxc/lxc-ci/blob/master/bin/build-image

	http://mmoya.org/blog/2013/03/06/managing-prebuilt-os-images-with-ansible/
	https://github.com/mmoya/ansible-playbooks

	https://github.com/docker/docker/blob/master/contrib/mkimage.sh
	https://github.com/docker/docker/blob/master/contrib/mkimage/debootstrap
	https://openvz.org/Ubuntu_Trusty_template_creation

	https://github.com/h2oai/h2o-2/wiki/LXC-Linux-Containers.-Lightweight-isolation.-Create-more-hadoop-clusters-on-a-set-of-machines

	publishing images in openstack-infra:
	https://github.com/stackforge/akanda-appliance/blob/master/tox.ini
	https://github.com/stackforge/akanda-appliance/blob/master/scripts/create-akanda-raw-image.sh
	https://github.com/openstack-infra/project-config/blob/master/jenkins/jobs/akanda.yaml#L82-L104