-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This fixes issues with cgroup2.
- Loading branch information
Showing
1 changed file
with
9 additions
and
51 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,63 +1,21 @@ | ||
| # Use the official Debian Bookworm base image | ||
| FROM debian:bookworm-slim | ||
| FROM debian:bookworm | ||
|
|
||
| # We make a fake systemctl so that incus doesn't error out without systemd | ||
| RUN echo "#!/bin/bash" > /sbin/systemctl && \ | ||
| echo "exit 0" >> /sbin/systemctl && \ | ||
| chmod +x /sbin/systemctl && \ | ||
| echo "deb http://deb.debian.org/debian bookworm contrib" >> /etc/apt/sources.list && \ | ||
| RUN echo "deb http://deb.debian.org/debian bookworm contrib" >> /etc/apt/sources.list && \ | ||
| # Install curl so we can install the keyring. | ||
| apt-get update && \ | ||
| apt-get install --no-install-recommends -y curl ca-certificates && \ | ||
| mkdir -p /etc/apt/keyrings/ && \ | ||
| curl -fsSL https://pkgs.zabbly.com/key.asc -o /etc/apt/keyrings/zabbly.asc && \ | ||
| echo "deb [signed-by=/etc/apt/keyrings/zabbly.asc] https://pkgs.zabbly.com/incus/stable $(. /etc/os-release && echo ${VERSION_CODENAME}) main" > /etc/apt/sources.list.d/zabbly-incus-stable.list && \ | ||
| # Install incus and so on | ||
| # Install systemd, incus, and dependencies | ||
| apt-get update && \ | ||
| apt-get install --no-install-recommends -y iproute2 thin-provisioning-tools openvswitch-switch btrfs-progs zfsutils-linux lvm2 udev iptables kmod incus incus-ui-canonical && \ | ||
| apt-get remove -y curl && \ | ||
| apt-get install --no-install-recommends -y iproute2 thin-provisioning-tools openvswitch-switch btrfs-progs zfsutils-linux lvm2 udev iptables kmod incus incus-ui-canonical bash apt-utils bash-completion bc bzip2 curl dialog diffutils findutils gnupg gnupg2 gpgsm hostname iproute2 iputils-ping keyutils less libcap2-bin libkrb5-3 libnss-mdns libnss-myhostname libvte-2.9*-common libvte-common locales lsof man-db manpages mtr ncurses-base openssh-client passwd pigz pinentry-curses procps rsync sudo tcpdump time traceroute tree tzdata unzip util-linux wget xauth xz-utils zip libgl1 libegl1-mesa libgl1-mesa-glx libegl1 libglx-mesa0 libvulkan1 mesa-vulkan-drivers systemd libpam-systemd && \ | ||
| # Enable incus | ||
| systemctl enable incus && \ | ||
| # Clean up | ||
| apt autoremove -y && \ | ||
| apt-get clean && \ | ||
| mkdir -p /var/lib/lxcfs && \ | ||
| echo '#!/bin/bash' > /start.sh && \ | ||
| echo 'export PATH="/opt/incus/bin/:${PATH}"' >> /start.sh && \ | ||
| echo 'export INCUS_OVMF_PATH="/opt/incus/share/qemu/"' >> /start.sh && \ | ||
| echo 'export LD_LIBRARY_PATH="/opt/incus/lib/"' >> /start.sh && \ | ||
| echo 'export INCUS_LXC_TEMPLATE_CONFIG="/opt/incus/share/lxc/config/"' >> /start.sh && \ | ||
| echo 'export INCUS_DOCUMENTATION="/opt/incus/doc/"' >> /start.sh && \ | ||
| echo 'export INCUS_LXC_HOOK="/opt/incus/share/lxc/hooks/"' >> /start.sh && \ | ||
| echo 'export INCUS_AGENT_PATH="/opt/incus/agent/"' >> /start.sh && \ | ||
| echo 'export INCUS_UI="/opt/incus/ui/"' >> /start.sh && \ | ||
| echo 'if [ "$SETIPTABLES" = "true" ]; then' >> /start.sh && \ | ||
| echo 'if ! iptables-legacy -C DOCKER-USER -j ACCEPT &>/dev/null; then' >> /start.sh && \ | ||
| echo 'iptables-legacy -I DOCKER-USER -j ACCEPT' >> /start.sh && \ | ||
| echo 'fi' >> /start.sh && \ | ||
| echo 'if ! ip6tables-legacy -C DOCKER-USER -j ACCEPT &>/dev/null; then' >> /start.sh && \ | ||
| echo 'ip6tables-legacy -I DOCKER-USER -j ACCEPT' >> /start.sh && \ | ||
| echo 'fi' >> /start.sh && \ | ||
| echo 'if ! iptables -C DOCKER-USER -j ACCEPT &>/dev/null; then' >> /start.sh && \ | ||
| echo 'iptables -I DOCKER-USER -j ACCEPT' >> /start.sh && \ | ||
| echo 'fi' >> /start.sh && \ | ||
| echo 'if ! ip6tables -C DOCKER-USER -j ACCEPT &>/dev/null; then' >> /start.sh && \ | ||
| echo 'ip6tables -I DOCKER-USER -j ACCEPT' >> /start.sh && \ | ||
| echo 'fi' >> /start.sh && \ | ||
| echo 'fi' >> /start.sh && \ | ||
| echo 'if [ "$USELXCFS" = "true" ]; then' >> /start.sh && \ | ||
| echo '/opt/incus/bin/lxcfs /var/lib/lxcfs --enable-loadavg --enable-cfs &' >> /start.sh && \ | ||
| echo 'fi' >> /start.sh && \ | ||
| echo '/usr/lib/systemd/systemd-udevd &' >> /start.sh && \ | ||
| echo '/opt/incus/bin/incusd' >> /start.sh && \ | ||
| chmod +x /start.sh | ||
|
|
||
| # Set environment variables | ||
| #ENV PATH="/opt/incus/bin/:${PATH}" | ||
| #ENV INCUS_OVMF_PATH="/opt/incus/share/qemu/" | ||
| #ENV LD_LIBRARY_PATH="/opt/incus/lib/" | ||
| #ENV INCUS_LXC_TEMPLATE_CONFIG="/opt/incus/share/lxc/config/" | ||
| #ENV INCUS_DOCUMENTATION="/opt/incus/doc/" | ||
| #ENV INCUS_LXC_HOOK="/opt/incus/share/lxc/hooks/" | ||
| #ENV INCUS_AGENT_PATH="/opt/incus/agent/" | ||
| #ENV INCUS_UI="/opt/incus/ui/" | ||
|
|
||
| # Run the incusd binary | ||
| CMD ["/start.sh"] | ||
| # Our entrypoint is systemd boot. | ||
| CMD ["/sbin/init", "--boot"] |