Clean up building && provide Vagrant centos7 setup

Dockerfile.dapper

@@ -1,13 +1,13 @@
 FROM golang:1.13.8-alpine3.10
 
 RUN apk -U --no-cache add bash git gcc musl-dev docker vim less file curl wget ca-certificates jq linux-headers zlib-dev tar zip squashfs-tools npm coreutils \
-    python2 python3 py3-pip python3-dev openssl-dev libffi-dev libseccomp libseccomp-dev make libuv-static
-RUN pip3 install 'tox==3.6.0'
+    python2 openssl-dev libffi-dev libseccomp libseccomp-dev make libuv-static
+
 RUN apk -U --no-cache --repository http://dl-3.alpinelinux.org/alpine/edge/main/ add sqlite-dev sqlite-static libselinux libselinux-dev
 RUN mkdir -p /go/src/golang.org/x && \
-    cd /go/src/golang.org/x && git clone https://github.com/golang/tools && \
-    git -C /go/src/golang.org/x/tools checkout -b current aa82965741a9fecd12b026fbb3d3c6ed3231b8f8 && \
-    go install golang.org/x/tools/cmd/goimports
+    cd /go/src/golang.org/x && git clone https://github.com/golang/tools && cd tools && \
+    git checkout -b current aa82965741a9fecd12b026fbb3d3c6ed3231b8f8 && \
+    go install golang.org/x/tools/cmd/goimports && cd
 RUN rm -rf /go/src /go/pkg
 
 ARG DAPPER_HOST_ARCH

Vagrantfile

@@ -1,12 +1,14 @@
-BOX = "generic/alpine310"
+OS = (ENV['OS'] || "alpine310")
+BOX_REPO = (ENV['BOX_REPO'] || "generic")
+BOX = (ENV['BOX'] || "#{BOX_REPO}/#{OS}")
 HOME = File.dirname(__FILE__)
 PROJECT = File.basename(HOME)
-MOUNT_TYPE = ENV['MOUNT_TYPE'] || "nfs"
 NUM_NODES = (ENV['NUM_NODES'] || 0).to_i
 NODE_CPUS = (ENV['NODE_CPUS'] || 4).to_i
 NODE_MEMORY = (ENV['NODE_MEMORY'] || 8192).to_i
 NETWORK_PREFIX = ENV['NETWORK_PREFIX'] || "10.135.135"
-VAGRANT_PROVISION = ENV['VAGRANT_PROVISION'] || "./scripts/vagrant-provision"
+VAGRANT_PROVISION = ENV['VAGRANT_PROVISION'] || "./scripts/provision/vagrant"
+MOUNT_TYPE = ENV['MOUNT_TYPE'] || "nfs"
 
 # --- Rules for /etc/sudoers to avoid password entry configuring NFS:
 # %admin	ALL = (root) NOPASSWD: /usr/bin/sed -E -e * -ibak /etc/exports
@@ -14,43 +16,14 @@ VAGRANT_PROVISION = ENV['VAGRANT_PROVISION'] || "./scripts/vagrant-provision"
 # %admin	ALL = (root) NOPASSWD: /sbin/nfsd restart
 # --- May need to add terminal to System Preferences -> Security & Privacy -> Privacy -> Full Disk Access
 
-# --- Check for missing plugins
-required_plugins = %w( vagrant-alpine vagrant-timezone )
-plugin_installed = false
-required_plugins.each do |plugin|
-  unless Vagrant.has_plugin?(plugin)
-    system "vagrant plugin install #{plugin}"
-    plugin_installed = true
-  end
+def provision(vm)
+  vm.provision "shell",
+      path: VAGRANT_PROVISION,
+      env: { 'HOME' => HOME, 'GOPATH' => ENV['GOPATH'], 'BOX' => vm.box }
 end
-# --- If new plugins installed, restart Vagrant process
-if plugin_installed === true
-  exec "vagrant #{ARGV.join' '}"
-end
-
-provision = <<SCRIPT
-# --- Use system gopath if available
-export GOPATH=#{ENV['GOPATH']}
-# --- Default to root user for vagrant ssh
-cat <<\\EOF >/etc/profile.d/root.sh
-[ $EUID -ne 0 ] && exec sudo -i
-EOF
-# --- Set home to current directory
-cat <<\\EOF >/etc/profile.d/home.sh
-export HOME="#{HOME}" && cd
-EOF
-. /etc/profile.d/home.sh
-# --- Run vagrant provision script if available
-if [ ! -x #{VAGRANT_PROVISION} ]; then
-  echo 'WARNING: Unable to execute provision script "#{VAGRANT_PROVISION}"'
-  exit
-fi
-echo "running '#{VAGRANT_PROVISION}'..." && \
-  #{VAGRANT_PROVISION} && \
-  echo "finished '#{VAGRANT_PROVISION}'!"
-SCRIPT
 
 Vagrant.configure("2") do |config|
+
   config.vm.provider "virtualbox" do |v|
     v.cpus = NODE_CPUS
     v.memory = NODE_MEMORY
@@ -60,15 +33,24 @@ Vagrant.configure("2") do |config|
   config.vm.box = BOX
   config.vm.hostname = PROJECT
   config.vm.synced_folder ".", HOME, type: MOUNT_TYPE
-  config.vm.provision "shell", inline: provision
-  config.timezone.value = :host
 
-  config.vm.network "private_network", ip: "#{NETWORK_PREFIX}.100" if NUM_NODES==0
+  if Vagrant.has_plugin?("vagrant-timezone")
+    config.timezone.value = :host
+  end
 
-  (1..NUM_NODES).each do |i|
-    config.vm.define ".#{i}" do |node|
-      node.vm.network "private_network", ip: "#{NETWORK_PREFIX}.#{100+i}"
-      node.vm.hostname = "#{PROJECT}-#{i}"
+  if NUM_NODES==0
+    config.vm.network "private_network", ip: "#{NETWORK_PREFIX}.100"
+    provision(config.vm)
+  else
+    (1..NUM_NODES).each do |i|
+      config.vm.define ".#{i}" do |node|
+        node_os = (ENV["OS_#{i}"] || OS)
+        node.vm.box = (ENV["BOX_#{i}"] || "#{BOX_REPO}/#{node_os}")
+        node.vm.network "private_network", ip: "#{NETWORK_PREFIX}.#{100+i}"
+        node.vm.hostname = "#{PROJECT}-#{i}"
+        provision(node.vm)
+      end
     end
   end
+
 end

scripts/build

@@ -47,6 +47,7 @@ STATIC_SQLITE="
 "
 TAGS="ctrd apparmor seccomp no_btrfs netcgo osusergo providerless $DQLITE_TAGS"
 RUNC_TAGS="apparmor seccomp"
+RUNC_STATIC="static"
 
 if [ "$SELINUX" = "true" ]; then
     TAGS="$TAGS selinux"
@@ -58,6 +59,7 @@ if [ "$STATIC_BUILD" != "true" ]; then
 "
     STATIC_SQLITE="
 "
+    RUNC_STATIC=""
 else
     TAGS="static_build libsqlite3 $TAGS"
 fi
@@ -115,7 +117,7 @@ ln -s containerd ./bin/ctr
 # echo Building containerd
 # CGO_ENABLED=0 go build -tags "$TAGS" -ldflags "$VERSIONFLAGS $LDFLAGS $STATIC" -o bin/containerd ./cmd/containerd/
 echo Building runc
-make EXTRA_LDFLAGS="-w -s" BUILDTAGS="$RUNC_TAGS" -C ./vendor/github.com/opencontainers/runc static
+make EXTRA_LDFLAGS="-w -s" BUILDTAGS="$RUNC_TAGS" -C ./vendor/github.com/opencontainers/runc $RUNC_STATIC
 cp -f ./vendor/github.com/opencontainers/runc/runc ./bin/runc
 
 echo Building containerd-shim

scripts/provision/generic/alpine310/vagrant

@@ -1,64 +1,38 @@
 #!/bin/bash
 set -ve
 
-cd $(dirname $0)/..
-
-if [ ! -f /etc/vagrant_box_build_time ]; then
-    echo "This script should only be called during vagrant provisioning"
-    exit 1
-fi
-
-ARCH=amd64
-if [[ $HOME == /go/* ]]; then
-    echo "Must not launch vagrant from /go/"
-    exit 1
-fi 
-
-if [ -z "${GOPATH}" ]; then
-    GOPATH=$(realpath $HOME/../../../..)
-    echo "WARNING: Assuming GOPATH=$GOPATH"
-else
-    echo "Using parent GOPATH=$GOPATH"
-fi
-goversion=$(grep "^FROM " Dockerfile.dapper | sed -e 's/^FROM golang:\(.*\)-.*/\1/')
-
-if [ -z "$goversion" ]; then
-    echo "Cannot find version of go to fetch"
-    exit 1
-fi
-
-echo "Installing go $goversion"
 apk add -q -f curl libc6-compat tzdata
+echo "Installing go $goversion"
 curl -sL https://storage.googleapis.com/golang/go${goversion}.linux-${ARCH}.tar.gz | tar -xzf - -C /usr/local
 # ---
 cat <<EOF >/etc/profile.d/build.sh
+export SELINUX=true
+export DQLITE=true
 export STATIC_BUILD=true
 EOF
-# ---
-cat <<EOF >/etc/profile.d/go.sh
-export GOPATH=$GOPATH
-export PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
-EOF
-. /etc/profile.d/go.sh
+. /etc/profile.d/build.sh
 # ---
 sed -i 's|:/bin/ash$|:/bin/bash|g' /etc/passwd
-cat <<\EOF >/etc/profile.d/color.sh
+cat <<EOF >/etc/profile.d/color.sh
 alias ls='ls --color=auto'
-export PS1='\033[31m[ \033[90m\D{%F %T}\033[31m ]\n\[\033[36m\]\u\[\033[m\]🐮\[\033[32m\]\h:\[\033[33;1m\]\w\[\033[m\]$ '
+export PS1='\033[31m[ \033[90m\D{%F %T}\033[31m ] \033[35m{\033[90m$OS\033[35m}\n\[\033[36m\]\u\[\033[m\]🐮\[\033[32m\]\h:\[\033[33;1m\]\w\[\033[m\]\$ '
 EOF
 # ---
+DQLITE_URL="https://github.com/$(grep dqlite-build Dockerfile.dapper | sed -e 's/^.*--from=\([^ ]*\).*$/\1/' -e 's|:|/releases/download/|')/dqlite-$ARCH.tgz"
+echo "Downloading DQLITE from $DQLITE_URL"
+mkdir -p /usr/src/
+curl -sfL $DQLITE_URL -o /usr/src/dqlite.tgz
+# ---
 mkdir -p ${GOPATH}/bin
 mkdir -p /go
 ln -s $GOPATH/bin /go/bin
 sed ':a;N;$!ba;s/\\\n/ /g' <Dockerfile.dapper | grep '^RUN ' | sed -e 's/^RUN //' >/tmp/docker-run
 export BINDIR=/go/bin
 export GOPATH=/go
-export HOME=/tmp && cd
+export HOME=/tmp
 . /tmp/docker-run
-cd /go
-go get github.com/rancher/trash
-rm -rf /go
-cd
+# ---
+go get -u github.com/go-delve/delve/cmd/dlv
 # ---
 cat <<EOF >/etc/profile.d/docker.sh
 export DOCKER_HOST=tcp://10.0.2.2:2375

scripts/provision/generic/centos7/vagrant

@@ -0,0 +1,79 @@
+#!/bin/bash
+set -ve
+
+
+echo "Installing go $goversion"
+curl -sL https://storage.googleapis.com/golang/go${goversion}.linux-${ARCH}.tar.gz | tar -xzf - -C /usr/local
+# ---
+cat <<EOF >/etc/profile.d/build.sh
+export SELINUX=true
+# export DQLITE=true
+# export STATIC_BUILD=true
+EOF
+. /etc/profile.d/build.sh
+# ---
+sed -i 's|:/bin/ash$|:/bin/bash|g' /etc/passwd
+cat <<EOF >/etc/profile.d/color.sh
+alias ls='ls --color=auto'
+export PS1='\033[31m[ \033[90m\D{%F %T}\033[31m ] \033[35m{\033[90m$OS\033[35m}\n\[\033[36m\]\u\[\033[m\]🐮\[\033[32m\]\h:\[\033[33;1m\]\w\[\033[m\]\$ '
+EOF
+# ---
+DQLITE_URL="https://github.com/$(grep dqlite-build Dockerfile.dapper | sed -e 's/^.*--from=\([^ ]*\).*$/\1/' -e 's|:|/releases/download/|')/dqlite-$ARCH.tgz"
+echo "Downloading DQLITE from $DQLITE_URL"
+mkdir -p /usr/src/
+curl -sfL $DQLITE_URL -o /usr/src/dqlite.tgz
+# ---
+mkdir -p ${GOPATH}/bin
+mkdir -p /go
+ln -s $GOPATH/bin /go/bin
+sed ':a;N;$!ba;s/\\\n/ /g' <Dockerfile.dapper | grep '^RUN ' | sed -e 's/^RUN //' >/tmp/docker-run
+sed -E 's|apk( -U)?( --no-cache)?( --repository [^ ]*)? add( --allow-untrusted)?|yum install -y|g' -i /tmp/docker-run
+sed -E 's/-dev/-devel/g' -i /tmp/docker-run
+export BINDIR=/go/bin
+export GOPATH=/go
+export HOME=/tmp
+( set +e && . /tmp/docker-run ) || true
+# ---
+go get -u github.com/go-delve/delve/cmd/dlv
+# ---
+# docker install instructions slightly changed from https://kubernetes.io/docs/setup/production-environment/container-runtimes/
+# default "exec-opts": ["native.cgroupdriver=cgroupfs"], and set "selinux-enabled": true
+yum remove -y docker docker-common
+yum install -y yum-utils device-mapper-persistent-data lvm2
+yum-config-manager --add-repo   https://download.docker.com/linux/centos/docker-ce.repo
+yum update -y && yum install -y   containerd.io-1.2.10   docker-ce-19.03.4   docker-ce-cli-19.03.4
+mkdir -p /etc/docker
+cat > /etc/docker/daemon.json <<EOF
+{
+  "log-driver": "json-file",
+  "log-opts": {
+    "max-size": "100m"
+  },
+  "selinux-enabled": true,
+  "storage-driver": "overlay2",
+  "storage-opts": [
+    "overlay2.override_kernel_check=true"
+  ]
+}
+EOF
+# ---
+systemctl daemon-reload
+systemctl disable --now firewalld
+systemctl disable --now docker
+# ---
+# set selinux to permissive for dev & testing purposes only
+setenforce 0
+sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
+# ---
+cat <<\EOF >>/etc/motd
+               ,        ,
+   ,-----------|'------'| |\    ____
+  /.           '-'@  o|-' | |  /___ \
+ |/|             | .. |   | | __ __) | ____
+   |   .________.'----'   | |/ /|__ < / __/
+   |  ||        |  ||     |   < ___) |\__ \
+   \__|'        \__|'     |_|\_\_____/____/
+
+EOF
+# ---
+set +v

scripts/provision/vagrant

@@ -0,0 +1,55 @@
+#!/bin/bash
+set -ve
+
+ARCH=amd64
+PROVISION="scripts/provision/$BOX/vagrant"
+OS=$(basename $BOX)
+
+if [ ! -f /etc/vagrant_box_build_time ]; then
+    echo "This script should only be called during vagrant provisioning"
+    exit 1
+fi
+
+if [[ $HOME == /go/* ]]; then
+    echo "Must not launch vagrant from /go/"
+    exit 1
+fi 
+
+# --- Default to root user for vagrant ssh
+cat <<\EOF >/etc/profile.d/root.sh
+[ $EUID -ne 0 ] && exec sudo -i
+EOF
+
+# --- Setup basic env
+cat <<EOF >/etc/profile.d/env.sh
+export GO111MODULE=off
+export GOPATH="$GOPATH"
+export PATH=/usr/local/bin:$PATH:/usr/local/go/bin:$GOPATH/bin
+export HOME="$HOME" && cd
+EOF
+. /etc/profile.d/env.sh
+
+if [ -z "${GOPATH}" ]; then
+    GOPATH=$(realpath $HOME/../../../..)
+    echo "WARNING: Assuming GOPATH=$GOPATH"
+else
+    echo "Using parent GOPATH=$GOPATH"
+fi
+goversion=$(grep "^FROM " Dockerfile.dapper | sed -e 's/^FROM golang:\(.*\)-.*/\1/')
+
+if [ -z "$goversion" ]; then
+    echo "Cannot find version of go to fetch"
+    exit 1
+fi
+
+# clean go cache
+rm -rf .cache/go-build || true
+
+# --- Run vagrant provision script if available
+if [ ! -f "${PROVISION}" ]; then
+  echo 'WARNING: Unable to execute provision script "${PROVISION}"'
+  exit
+fi
+echo "running '${PROVISION}'..." && \
+  . ${PROVISION} && \
+  echo "finished '${PROVISION}'!"