diff options
Diffstat (limited to 'app-containers/incus')
-rw-r--r-- | app-containers/incus/Manifest | 9 | ||||
-rw-r--r-- | app-containers/incus/files/incus-0.1.confd | 23 | ||||
-rw-r--r-- | app-containers/incus/files/incus-0.1.initd | 59 | ||||
-rw-r--r-- | app-containers/incus/files/incus-0.1.service | 23 | ||||
-rw-r--r-- | app-containers/incus/files/incus-0.1.socket | 12 | ||||
-rw-r--r-- | app-containers/incus/files/incus-containers-0.1.service | 16 | ||||
-rw-r--r-- | app-containers/incus/incus-0.1.ebuild | 183 | ||||
-rw-r--r-- | app-containers/incus/metadata.xml | 31 |
8 files changed, 356 insertions, 0 deletions
diff --git a/app-containers/incus/Manifest b/app-containers/incus/Manifest new file mode 100644 index 000000000000..5c073eeae5f1 --- /dev/null +++ b/app-containers/incus/Manifest @@ -0,0 +1,9 @@ +AUX incus-0.1.confd 604 BLAKE2B 05239d520a5792971dd79a042d0d8ff06414b5822a774065e8ef37f3b4839c2504867a048f22e50ef550ab53be791ac0897318cd75f3d69df213fac3c132f44f SHA512 1fc6b0a9c717dc2d96eca81a21834f3c42b0dde2a19e389895e21e512a3246372e31017f0e3a58f3a28241f1ffba5506d1db47fb9cda0d8bae576dfcaa846d19 +AUX incus-0.1.initd 1746 BLAKE2B 57cc012f4319717cc43897660c76abdab6a8d2ed4c949848c83760f04937dc2274f15a61d7d794eafaaf16eb9db7a9c3ab3880277de934ff861ec4e8835cd165 SHA512 97ab528676071160cfccdd2c9e1e6a18f9c35fbb11db70f8fcd675e7b1f978a085c084f65801db9dbf8eaffe05fdb8ea006c9a6203d45be89fcbb56bcb145d38 +AUX incus-0.1.service 638 BLAKE2B 1478a9e84c63fc2f118f3c08c1473e5ac56ef4689bc6b4cefaf0cab39ada77876bde41ae1d4cc7610aec718bd7252f8349dc2fbecc0de26754c9fdbc485c7121 SHA512 141f0fca28db8f116f333c3bd9eecc10fc0ed3ebbd807d08a953b19ce957c626eb03f5716a2ca74e7d3a63537551acfb78b3decabbae7e135b0a7ac34f52762d +AUX incus-0.1.socket 207 BLAKE2B d1fb41c9a90e0f06eb34c466a460e2d202250769ef3db381b35502ffc19f3246af68069bc63ae62ddf6a34d6730b57c2b509f77b7fea8c4fcad24259658be0bb SHA512 55bf659ff4a1095ab922b87ccf4ef01cbcccd897f67406fa2021151f2c6c16fe59590908c6a6026a8db194598f20708cdf4d6d3d27d9438e746d5f6e39444de5 +AUX incus-containers-0.1.service 338 BLAKE2B af0849575d2d7578634228576fcf449f8ab54b6fa3a974baec4f91009dec4a6e76253f3724c532f38fc7484ccc6caffae4badf1591c1b04abb3414f4959d550c SHA512 9a9b072442a63683cb9ed71d706606da682e821f609f1f4daea0562ddcea1cc2d6157b29fd466e0aeab149f31b54ab0fff4cf41831e6b2378c47619b8dfd0b55 +DIST incus-0.1.tar.gz 21498887 BLAKE2B ea200f83922a2f23c8bbc8ce94ccf7df8b7e096adfe6697d94135a4c660a950411e2176f860a63dada12890cde474beb16fcd17a4c52419f1ab86d3625c426e5 SHA512 1cd5410b07ed44f05b19ca3c734a67bde6f85d0e4673e9b46100bb8f2d60889773bcde1a274e96b55651b95414c47abeb6c3f2b8ec8d500d22ef08e31d09d9e6 +DIST incus-0.1.tar.gz.asc 833 BLAKE2B 9e2ceedf246e7af20a6d8c0e597f59016a4040c10d547f724a0fa822387bb46c70d0467df583127bea874ded87115844e02191e93ddfd29fc64f3bc0262b7f10 SHA512 de14e530543d861ea3bdffe8d4b88a140f39646219c1494db81577f755d5d5ddc35f8e36f51cbfe38d8fcd4c3de95bb8d615db61530bbd507a55c6e07d3031b6 +EBUILD incus-0.1.ebuild 5126 BLAKE2B d569b86f33db043c3bb19a94793544d121df3f28c4f6709bce1c4b902625e8ac1e2384b5ab9fc63a6ec201cf9d9fa24a63299ea15a9f5eec013ab686ac84ef21 SHA512 02274e30d76f500cdcfb1d0e6e28d904890a848645e9921aa3b671194329e00bffac576f885470cee971ce7795163d906e6cbac9527fb38e00b3838dfda947b2 +MISC metadata.xml 1471 BLAKE2B d3447fd360c4d3de95ffafefd39f9e65dd257cd39cbdb14fc2e2c513239fafe48b0fef44653fe8fdaaf54151afe59cf48f3f0909097d0c0c4a82cbd87aac4d44 SHA512 393edc7c7f202fac4f08abd2544d1fb41cfc83cea66ccf239eb4441c1f13ea85dd519de84094b1ba022b1a17658612591ee4354a77484da4d8095af917a87c25 diff --git a/app-containers/incus/files/incus-0.1.confd b/app-containers/incus/files/incus-0.1.confd new file mode 100644 index 000000000000..ec857143c2da --- /dev/null +++ b/app-containers/incus/files/incus-0.1.confd @@ -0,0 +1,23 @@ +# Group which owns the shared socket +INCUS_OPTIONS+=" --group incus" + +# Enable cpu profiling into the specified file +#INCUS_OPTIONS+=" --cpuprofile /tmp/lxc_cpu_profile" + +# Enable memory profiling into the specified file +#INCUS_OPTIONS+=" --memprofile /tmp/lxc_mem_profile" + +# Enable debug mode +#INCUS_OPTIONS+=" --debug" + +# For debugging, print a complete stack trace every n seconds +#INCUS_OPTIONS+=" --print-goroutines-every 5" + +# Enable verbose mode +#INCUS_OPTIONS+=" -v" + +# Logfile to log to +#INCUS_OPTIONS+=" --logfile /var/log/incus/incus.log" + +# Enable syslog logging +#INCUS_OPTIONS+=" --syslog" diff --git a/app-containers/incus/files/incus-0.1.initd b/app-containers/incus/files/incus-0.1.initd new file mode 100644 index 000000000000..d09ffe224d04 --- /dev/null +++ b/app-containers/incus/files/incus-0.1.initd @@ -0,0 +1,59 @@ +#!/sbin/openrc-run +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +DAEMON=/usr/sbin/incusd +PIDFILE=/run/incusd.pid + +depend() { + need net + need lxcfs +} + +start() { + ebegin "Starting incus service" + + modprobe -f loop > /dev/null 2>&1 + + # Fix permissions on /var/lib/incus and make sure it exists. + # Create a log directory for incus with correct permissions. + install -d /var/lib/incus --group incus --owner root --mode 0775 + install -d /var/log/incus --group incus --owner root + + start-stop-daemon --start \ + --pidfile ${PIDFILE} \ + --exec ${DAEMON} \ + --background \ + --make-pidfile \ + -- \ + ${INCUS_OPTIONS} + eend ${?} + + # Create necessary systemd paths in order for systemd containers to work on openrc host. + # /etc/rc.conf should have following values: + # rc_cgroup_mode="hybrid" + if [ -d /sys/fs/cgroup/unified ] && + [ ! -d /sys/fs/cgroup/systemd ]; then + install -d /sys/fs/cgroup/systemd --group incus --owner root + mount -t cgroup -o none,name=systemd systemd /sys/fs/cgroup/systemd + fi +} + +stop() { + if [ "${RC_CMD}" = restart ]; then + ebegin "Stopping incusd service (but not containers)" + # start-stop-daemon sends SIGTERM with a timeout of 5s by default. + # SIGTERM indicates to INCUS that it will be stopped temporarily. + # Instances will keep running. + start-stop-daemon --stop --quiet -p "${PIDFILE}" + eend ${?} + else + ebegin "Stopping incusd service and containers, waiting 40s" + # SIGPWR indicates to INCUS that the host is going down. + # LXD will do a clean shutdown of all instances. + # After 30s all remaining instances will be killed. + # We wait up to 40s for INCUS. + start-stop-daemon --stop --quiet -R SIGPWR/40 -p "${PIDFILE}" + eend ${?} + fi +} diff --git a/app-containers/incus/files/incus-0.1.service b/app-containers/incus/files/incus-0.1.service new file mode 100644 index 000000000000..354a53122923 --- /dev/null +++ b/app-containers/incus/files/incus-0.1.service @@ -0,0 +1,23 @@ +[Unit] +Description=Incus - main daemon +After=network-online.target lxcfs.service incus.socket +Requires=network-online.target lxcfs.service incus.socket +Documentation=man:incus(1) + +[Service] +EnvironmentFile=-/etc/environment +ExecStart=/usr/sbin/incusd --group incus --syslog +ExecStartPost=/usr/sbin/incusd waitready --timeout=600 +ExecStartPre=/bin/mkdir -p /var/log/incus +ExecStartPre=/bin/chown -R root:incus /var/log/incus +KillMode=process +PermissionsStartOnly=true +TimeoutStartSec=600s +TimeoutStopSec=30s +Restart=on-failure +LimitNOFILE=1048576 +LimitNPROC=infinity +TasksMax=infinity + +[Install] +Also=incus-containers.service incus.socket diff --git a/app-containers/incus/files/incus-0.1.socket b/app-containers/incus/files/incus-0.1.socket new file mode 100644 index 000000000000..864ebf19954e --- /dev/null +++ b/app-containers/incus/files/incus-0.1.socket @@ -0,0 +1,12 @@ +[Unit] +Description=incus - unix socket +Documentation=man:incus(1) + +[Socket] +ListenStream=/var/lib/incus/unix.socket +SocketGroup=incus +SocketMode=0660 +Service=incus.service + +[Install] +WantedBy=sockets.target diff --git a/app-containers/incus/files/incus-containers-0.1.service b/app-containers/incus/files/incus-containers-0.1.service new file mode 100644 index 000000000000..038d633a53d7 --- /dev/null +++ b/app-containers/incus/files/incus-containers-0.1.service @@ -0,0 +1,16 @@ +[Unit] +Description=incus - container startup/shutdown +Documentation=man:incus(1) +After=incus.socket incus.service +Requires=incus.socket + +[Service] +Type=oneshot +ExecStart=/usr/sbin/incusd activateifneeded +ExecStop=/usr/sbin/incusd shutdown +TimeoutStartSec=600s +TimeoutStopSec=600s +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/app-containers/incus/incus-0.1.ebuild b/app-containers/incus/incus-0.1.ebuild new file mode 100644 index 000000000000..5a73572d6bc5 --- /dev/null +++ b/app-containers/incus/incus-0.1.ebuild @@ -0,0 +1,183 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit bash-completion-r1 go-module linux-info optfeature systemd verify-sig + +DESCRIPTION="Modern, secure and powerful system container and virtual machine manager" +HOMEPAGE="https://linuxcontainers.org/incus/introduction/ https://github.com/lxc/incus" +SRC_URI="https://linuxcontainers.org/downloads/incus/${P}.tar.gz + verify-sig? ( https://linuxcontainers.org/downloads/incus/${P}.tar.gz.asc )" + +LICENSE="Apache-2.0 BSD LGPL-3 MIT" +SLOT="0" +KEYWORDS="~amd64" +IUSE="apparmor nls" + +# incus conflicts with lxd due to fuidshift binary. Even if you replace the package, containers will remain. +DEPEND="acct-group/incus + app-arch/xz-utils + >=app-containers/lxc-5.0.0:=[apparmor?,seccomp(+)] + dev-db/sqlite:3 + dev-libs/cowsql + dev-libs/lzo + >=dev-libs/raft-0.17.1:=[lz4] + >=dev-util/xdelta-3.0[lzma(+)] + net-dns/dnsmasq[dhcp] + sys-libs/libcap + virtual/udev" +RDEPEND="${DEPEND} + !app-containers/lxd + net-firewall/ebtables + net-firewall/iptables + sys-apps/iproute2 + sys-fs/fuse:* + >=sys-fs/lxcfs-5.0.0 + sys-fs/squashfs-tools[lzma] + virtual/acl" +BDEPEND="dev-lang/go + nls? ( sys-devel/gettext ) + verify-sig? ( sec-keys/openpgp-keys-linuxcontainers )" + +CONFIG_CHECK=" + ~CGROUPS + ~IPC_NS + ~NET_NS + ~PID_NS + + ~SECCOMP + ~USER_NS + ~UTS_NS + + ~KVM + ~MACVTAP + ~VHOST_VSOCK +" + +ERROR_IPC_NS="CONFIG_IPC_NS is required." +ERROR_NET_NS="CONFIG_NET_NS is required." +ERROR_PID_NS="CONFIG_PID_NS is required." +ERROR_SECCOMP="CONFIG_SECCOMP is required." +ERROR_UTS_NS="CONFIG_UTS_NS is required." + +WARNING_KVM="CONFIG_KVM and CONFIG_KVM_AMD/-INTEL is required for virtual machines." +WARNING_MACVTAP="CONFIG_MACVTAP is required for virtual machines." +WARNING_VHOST_VSOCK="CONFIG_VHOST_VSOCK is required for virtual machines." + +# Go magic. +QA_PREBUILT="/usr/bin/incus + /usr/bin/lxc-to-incus + /usr/bin/lxd-to-incus + /usr/bin/incus-agent + /usr/bin/incus-benchmark + /usr/bin/incus-migrate + /usr/sbin/incusd" + +VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/linuxcontainers.asc + +# The testsuite must be run as root. +# make: *** [Makefile:156: check] Error 1 +RESTRICT="test" + +GOPATH="${S}/_dist" + +src_prepare() { + export GOPATH="${S}/_dist" + + default + + sed -i \ + -e "s:\./configure:./configure --prefix=/usr --libdir=${EPREFIX}/usr/lib/incus:g" \ + -e "s:make:make ${MAKEOPTS}:g" \ + Makefile || die + + # Fix hardcoded ovmf file path, see bug 763180 + sed -i \ + -e "s:/usr/share/OVMF:/usr/share/edk2-ovmf:g" \ + -e "s:OVMF_VARS.ms.fd:OVMF_VARS.fd:g" \ + doc/environment.md \ + internal/server/apparmor/instance.go \ + internal/server/apparmor/instance_qemu.go \ + internal/server/instance/drivers/driver_qemu.go || die "Failed to fix hardcoded ovmf paths." + + # Fix hardcoded virtfs-proxy-helper file path, see bug 798924 + sed -i \ + -e "s:/usr/lib/qemu/virtfs-proxy-helper:/usr/libexec/virtfs-proxy-helper:g" \ + internal/server/device/device_utils_disk.go || die "Failed to fix virtfs-proxy-helper path." + + cp "${FILESDIR}"/incus-0.1.service "${T}"/incus.service || die + if use apparmor; then + sed -i \ + '/^EnvironmentFile=.*/a ExecStartPre=\/usr\/libexec\/lxc\/lxc-apparmor-load' \ + "${T}"/incus.service || die + fi + + # Disable -Werror's from go modules. + find "${S}" -name "cgo.go" -exec sed -i "s/ -Werror / /g" {} + || die +} + +src_configure() { :; } + +src_compile() { + export GOPATH="${S}/_dist" + export CGO_LDFLAGS_ALLOW="-Wl,-z,now" + + # lxd-to-incus: this go module is packaged separately (0.1). + for k in fuidshift incus-benchmark incus-user incus lxc-to-incus ; do + go install -v -x "${S}/cmd/${k}" || die "failed compiling ${k}" + done + + go install -v -x -tags libsqlite3 "${S}"/cmd/incusd || die "Failed to build the daemon" + + # Needs to be built statically + CGO_ENABLED=0 go install -v -tags netgo "${S}"/cmd/incus-migrate + CGO_ENABLED=0 go install -v -tags agent,netgo "${S}"/cmd/incus-agent + + use nls && emake build-mo +} + +src_test() { + emake check +} + +src_install() { + export GOPATH="${S}/_dist" + local bindir="_dist/bin" + + dosbin ${bindir}/incusd + + for l in fuidshift incus-agent incus-benchmark incus-migrate incus-user incus lxc-to-incus ; do + dobin ${bindir}/${l} + done + + dobashcomp scripts/bash/incus + + newconfd "${FILESDIR}"/incus-0.1.confd incus + newinitd "${FILESDIR}"/incus-0.1.initd incus + + systemd_dounit "${T}"/incus.service + systemd_newunit "${FILESDIR}"/incus-containers-0.1.service incus-containers.service + systemd_newunit "${FILESDIR}"/incus-0.1.socket incus.socket + + dodoc AUTHORS + dodoc -r doc/* + use nls && domo po/*.mo +} + +pkg_postinst() { + elog + elog "Please see" + elog " https://linuxcontainers.org/incus/introduction/" + elog " https://linuxcontainers.org/incus/docs/main/tutorial/first_steps/" + elog "before a Gentoo Wiki page is made." + elog + optfeature "virtual machine support" app-emulation/qemu[spice,usbredir,virtfs] + optfeature "btrfs storage backend" sys-fs/btrfs-progs + optfeature "ipv6 support" net-dns/dnsmasq[ipv6] + optfeature "lvm2 storage backend" sys-fs/lvm2 + optfeature "zfs storage backend" sys-fs/zfs + elog + elog "Be sure to add your local user to the incus group." + elog +} diff --git a/app-containers/incus/metadata.xml b/app-containers/incus/metadata.xml new file mode 100644 index 000000000000..a7cc7908462b --- /dev/null +++ b/app-containers/incus/metadata.xml @@ -0,0 +1,31 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>juippis@gentoo.org</email> + <name>Joonas Niilola</name> + </maintainer> + <maintainer type="project"> + <email>virtualization@gentoo.org</email> + <name>Gentoo Virtualization Project</name> + </maintainer> + <longdescription> + Incus is a modern, secure and powerful system container and virtual machine manager. + Incus is a community fork from Canonical's LXD. + + It provides a unified experience for running and managing full Linux systems inside containers + or virtual machines. Incus supplies images for a wide number of Linux distributions and is built + around a very powerful, yet pretty simple, REST API. Incus scales from one instance on a single + machine to a cluster in a full data center rack, making it suitable for running workloads both + for development and in production. + + Incus allows you to easily set up a system that feels like a small private cloud. You can run any + type of workload in an efficient way while keeping your resources optimized. + + You should consider using Incus if you want to containerize different environments or run virtual + machines, or in general run and manage your infrastructure in a cost-effective way. + </longdescription> + <upstream> + <remote-id type="github">canonical/lxd</remote-id> + </upstream> +</pkgmetadata> |