Move to LXD (trailofbits#935)

eyecat · Oct 23, 2018 · 45ec377 · 45ec377
1 parent ab284f5
commit 45ec377
Show file tree

Hide file tree

Showing 4 changed files with 37 additions and 18 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -13,15 +13,20 @@ matrix:
 addons:
  apt:
  sources:
- - sourceline: 'ppa:ubuntu-lxc/stable'
+  - sourceline: 'ppa:ubuntu-lxc/stable'
  packages:
- - python-pip
- - lxc
- - lxc-templates
- - expect-dev
- - debootstrap
- - shellcheck
- - tree
+ - python-pip
+ - lxd
+ - expect-dev
+ - debootstrap
+ - shellcheck
+ - tree
+ - bridge-utils
+ - dnsutils
+ - build-essential
+ - libssl-dev
+ - libffi-dev
+ - python-dev
 
 cache:
  directories:
@@ -43,16 +48,14 @@ before_install:
 
 install:
  - sudo tar xf $HOME/lxc/cache.tar -C / || echo "Didn't extract cache."
- - export LXC_ROOTFS=/var/lib/lxc/$LXC_NAME/rootfs
- - 'sudo lxc-create -n $LXC_NAME -t ubuntu -- -r $LXC_RELEASE --mirror https://mirrors.us.kernel.org/ubuntu --packages python || true'
- - 'sudo lxc-start -n $LXC_NAME && until (sudo lxc-info -n $LXC_NAME | grep -q ^IP:); do printf . && sleep 1; done && sleep 2'
- - export LXC_IP="$(sudo lxc-info -Hin $LXC_NAME)"
- - sudo /bin/bash -c "printf '\n$LXC_IP test.lxc\n' >> /etc/hosts"
  - ssh-keygen -f ~/.ssh/id_rsa -t rsa -N ''
  - chmod 0644 ~/.ssh/config
- - sudo mkdir -vm 0700 $LXC_ROOTFS/root/.ssh/
- - sudo cp -v ~/.ssh/id_rsa.pub $LXC_ROOTFS/root/.ssh/authorized_keys
- - sudo apt-get install build-essential libssl-dev libffi-dev python-dev
+ - echo -e "#cloud-config\nssh_authorized_keys:\n - $(cat ~/.ssh/id_rsa.pub)" | sudo lxc profile set default user.user-data -
+ - sudo cp -f tests/lxd-bridge /etc/default/lxd-bridge
+ - sudo service lxd restart
+ - sudo lxc launch ${LXC_DISTRO}:${LXC_RELEASE} ${LXC_NAME}
+ - until host ${LXC_NAME}.lxd 10.0.8.1 -t A; do sleep 3; done
+ - export LXC_IP="$(dig ${LXC_NAME}.lxd @10.0.8.1 +short)"
  - pip install -r requirements.txt
  - pip install ansible-lint
  - gem install awesome_bot

diff --git a/tests/local-deploy.sh b/tests/local-deploy.sh
@@ -2,7 +2,7 @@
 
 set -ex
 
-DEPLOY_ARGS="server_ip=$LXC_IP server_user=root IP_subject_alt_name=$LXC_IP local_dns=true dns_over_https=true apparmor_enabled=false"
+DEPLOY_ARGS="server_ip=$LXC_IP server_user=ubuntu IP_subject_alt_name=$LXC_IP local_dns=true dns_over_https=true apparmor_enabled=false"
 
 if [ "${LXC_NAME}" == "docker" ]
 then

diff --git a/tests/lxd-bridge b/tests/lxd-bridge
@@ -0,0 +1,16 @@
+USE_LXD_BRIDGE="true"
+LXD_BRIDGE="lxdbr0"
+UPDATE_PROFILE="true"
+LXD_CONFILE=""
+LXD_DOMAIN="lxd"
+LXD_IPV4_ADDR="10.0.8.1"
+LXD_IPV4_NETMASK="255.255.255.0"
+LXD_IPV4_NETWORK="10.0.8.0/24"
+LXD_IPV4_DHCP_RANGE="10.0.8.2,10.0.8.254"
+LXD_IPV4_DHCP_MAX="250"
+LXD_IPV4_NAT="true"
+LXD_IPV6_ADDR=""
+LXD_IPV6_MASK=""
+LXD_IPV6_NETWORK=""
+LXD_IPV6_NAT="false"
+LXD_IPV6_PROXY="true"
diff --git a/tests/update-users.sh b/tests/update-users.sh
@@ -3,7 +3,7 @@
 set -ex
 
 CAPW=`cat /tmp/ca_password`
-USER_ARGS="server_ip=$LXC_IP server_user=root ssh_tunneling_enabled=y IP_subject=$LXC_IP easyrsa_CA_password=$CAPW"
+USER_ARGS="server_ip=$LXC_IP server_user=ubuntu ssh_tunneling_enabled=y IP_subject=$LXC_IP easyrsa_CA_password=$CAPW"
 
 sed -i 's/- jack$/- jack_test/' config.cfg