Archive abandoned project

esh_undocker/resources/download.rb

@@ -0,0 +1,57 @@
+#
+# Cookbook:: esh_undocker
+# Resource:: download
+#
+# Copyright:: 2022, https://easyself.host
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+unified_mode true
+property :image, String, name_property: true
+default_action :download
+
+action :download do
+  image = new_resource.image
+  parts = image.split(':')
+  tag = parts.pop
+  url, image = parts.join(':').split('/', 2)
+
+  apt_package %w(skopeo ca-certificates jq)
+
+  directory "#{Chef::Config['file_cache_path']}/#{image}-#{tag}" do
+    owner 'root'
+    group 'root'
+    mode '0755'
+    recursive true
+    action :create
+  end
+
+  current_created = `skopeo inspect oci:#{Chef::Config['file_cache_path']}/#{image}-#{tag}:#{tag} | jq -r .Created`.strip
+  latest_created = `skopeo inspect docker://#{url}/#{image}:#{tag} | jq -r .Created`.strip
+
+  directory "#{Chef::Config['file_cache_path']}/#{image}-#{tag}" do
+    recursive true
+    action :delete
+    only_if { current_created != latest_created }
+  end
+
+  execute "download docker image #{image} as oci layout format" do
+    command <<~EOT
+    skopeo copy \
+      docker://#{url}/#{image}:#{tag} \
+      oci:#{Chef::Config['file_cache_path']}/#{image}-#{tag}:#{tag}
+    EOT
+    not_if { ::File.exist?("#{Chef::Config['file_cache_path']}/#{image}-#{tag}/index.json") }
+    live_stream true
+  end
+end

esh_undocker/resources/extract.rb

@@ -0,0 +1,113 @@
+#
+# Cookbook:: esh_undocker
+# Resource:: extract
+#
+# Copyright:: 2022, https://easyself.host
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+unified_mode true
+property :image, String, name_property: true
+#property :tag, String, required: true
+#property :network, String, required: true
+#property :env, Array, required: true
+default_action :extract
+
+action :extract do
+  image = new_resource.image
+  parts = image.split(':')
+  tag = parts.pop
+  url, image = parts.join(':').split('/', 2)
+
+  #tag = new_resource.tag
+  #network = new_resource.network
+  #env = new_resource.env
+  path = '/opt/undocker'
+
+  directory path do
+    owner 'root'
+    group 'root'
+    mode '0755'
+    action :create
+  end
+
+  apt_package %w(umoci jq)
+
+  current_digest = `jq -r '.from_descriptor_path.descriptor_walk[].digest' < #{path}/#{image}/umoci.json`.strip
+  latest_digest = `skopeo inspect oci:#{Chef::Config['file_cache_path']}/#{image}-#{tag}:#{tag} | jq -r .Digest`.strip
+
+  directory "#{path}/#{image}" do
+    recursive true
+    action :delete
+    only_if { current_digest != latest_digest }
+  end
+
+  execute "undockerize #{image} (convert to OCI runtime bundle)" do
+    command <<~EOT
+    umoci unpack \
+      --image #{Chef::Config['file_cache_path']}/#{image}-#{tag}:#{tag} \
+      #{path}/#{image}
+    done
+    EOT
+    # Weird, umoci return 2 not 0...
+    returns 2
+    not_if { current_digest == latest_digest }
+  end
+
+  directory "#{path}/#{image}" do
+    owner 'root'
+    group 'root'
+    mode '0755'
+    action :create
+  end
+  
+#  bash "patch #{path}/#{image}/config.json rootfs path" do
+#    code <<~EOT
+#    cat <<< $(jq '.root.path = "#{path}/#{image}/rootfs"' #{path}/#{image}/config.json) > #{path}/#{image}/config.json
+#    EOT
+#    action :run
+#    not_if do
+#      `jq '.root.path == "#{path}/#{image}/rootfs"' #{path}/#{image}/config.json`.strip == 'true'
+#    end
+#  end
+#
+#  bash "patch #{path}/#{image}/config.json network namespace" do
+#    code <<~EOT
+#    cat <<< $(jq 'del(.linux.namespaces[] | select(.type == "network"))' #{path}/#{image}/config.json) > #{path}/#{image}/config.json
+#    EOT
+#    action :run
+#    only_if do
+#      `jq -r '.linux.namespaces[] | select(.type == "network") | .type' #{path}/#{image}/config.json`.strip == 'network'
+#    end
+#    only_if { network == 'host' }
+#  end
+#
+#  file "/usr/local/bin/patch_process_env_#{image}.sh" do
+#    content <<~EOT
+#    #!/usr/bin/bash
+#    set -euo pipefail
+#    cat <<< $(jq '.process.env += #{env}' #{path}/#{image}/config.json) > #{path}/#{image}/config.json
+#    EOT
+#    owner 'root'
+#    group 'root'
+#    mode '0755'
+#    action :create
+#    notifies :run, "execute[patch #{path}/#{image}/config.json process env]", :immediately
+#  end
+#
+#  execute "patch #{path}/#{image}/config.json process env" do
+#    command "/usr/local/bin/patch_process_env_#{image}.sh"
+#    action :nothing
+#    # TODO: Add a guard, complicated to find if env vars are missing
+#  end
+end

esh_undocker/resources/network.rb

@@ -0,0 +1,99 @@
+#
+# Cookbook:: esh_undocker
+# Resource:: network
+#
+# Copyright:: 2022, https://easyself.host
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+unified_mode true
+property :ip_addr, String, name_property: true
+property :image, String, required: true
+default_action :setup
+
+action :setup do
+  ip_addr = new_resource.ip_addr
+  image = new_resource.image
+  netns_name = image
+  eth_name = image[0..8]
+
+  apt_package 'bridge-utils'
+
+  file '/etc/systemd/network/undocker0.netdev' do
+    content <<~EOT
+    [NetDev]
+    Name=undocker0
+    Kind=bridge
+    EOT
+    owner 'root'
+    group 'root'
+    mode '0644'
+    action :create
+    notifies :restart, 'service[systemd-networkd]', :immediately
+  end
+
+  file '/etc/systemd/network/undocker0.network' do
+    content <<~EOT
+    [Match]
+    Name=undocker0
+    Driver=bridge
+    [Network]
+    Address=10.10.10.1/24
+    LinkLocalAddressing=yes
+    DHCPServer=no
+    IPMasquerade=yes
+    LLDP=yes
+    EmitLLDP=customer-bridge
+    EOT
+    owner 'root'
+    group 'root'
+    mode '0644'
+    action :create
+    notifies :restart, 'service[systemd-networkd]', :immediately
+  end
+
+  service 'systemd-networkd' do
+    action :nothing
+  end
+
+  systemd_unit "#{image}-network.service" do
+    content <<~EOU
+    [Unit]
+    Description=ESH Piped Network Service
+    After=network.target
+    Before=#{image}.service
+
+    [Service]
+    Type=oneshot
+    RemainAfterExit=yes
+    # Weird bug where you need to mount sys again...
+    ExecStart=-/usr/bin/mkdir -p /sys2
+    ExecStart=-/usr/bin/mount -t sysfs --make-private /sys2
+    ExecStart=-/usr/bin/ip netns add #{netns_name}
+    ExecStart=-/usr/bin/ip link add name vb-#{eth_name} type veth peer name host-#{eth_name}
+    ExecStart=-/usr/bin/ip link set host-#{eth_name} netns #{netns_name}
+    ExecStart=-/usr/bin/ip netns exec #{netns_name} ip addr add #{ip_addr}/24 dev host-#{eth_name}
+    ExecStart=-/usr/bin/ip netns exec #{netns_name} ip link set host-#{eth_name} up
+    ExecStart=-/usr/bin/ip netns exec #{netns_name} ip route add 10.10.10.0/24 dev host-#{eth_name}
+    ExecStart=-/usr/bin/ip netns exec #{netns_name} ip link set lo up
+    ExecStart=-/usr/bin/ip link set vb-#{eth_name} up
+    ExecStart=-/usr/bin/ip netns exec #{netns_name} ip route add default via 10.10.10.1 dev host-#{eth_name}
+    ExecStart=-/usr/sbin/brctl addif undocker0 vb-#{eth_name}
+    Restart=on-failure
+
+    [Install]
+    WantedBy=multi-user.target
+    EOU
+    action [:create, :enable, :start]
+  end
+end

esh_undocker/resources/service.rb

@@ -0,0 +1,40 @@
+#
+# Cookbook:: esh_undocker
+# Resource:: service
+#
+# Copyright:: 2022, https://easyself.host
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+unified_mode true
+property :image, String, name_property: true
+property :content, String, required: true
+default_action :service
+
+action :service do
+  image = new_resource.image
+  content = new_resource.content
+
+  apt_package 'systemd-container'
+
+  systemd_unit "#{image}.service" do
+    content content
+    verify false
+    action [:create, :enable, :start]
+  end
+
+  service "#{image}.service" do
+    action :nothing
+    subscribes :restart, "systemd_unit[#{image}.service]", :immediately
+  end
+end