docker rootfs defaults

2026-02-05 02:13:14 -03:00 · 2026-02-05 02:13:14 -03:00 · 93c3d1a67b
commit 93c3d1a67b
parent 5f3d60ef0f
6498 changed files with 64929 additions and 14 deletions
--- a/customize.sh
+++ b/customize.sh
@ -7,7 +7,7 @@ log() {

 usage() {
  cat <<'EOF'
-Usage: ./customize.sh <output-rootfs> [--size <size>]
+Usage: ./customize.sh <output-rootfs> [--size <size>] [--base-rootfs <path>] [--kernel <path>] [--initrd <path>] [--docker] [--modules <dir>]

 Creates a copy of rootfs.ext4, optionally resizes it, boots a VM using the
 copy as a writable rootfs, then applies base configuration and packages.
@ -37,7 +37,8 @@ mkdir -p "$VM_ROOT"
 BASE_ROOTFS="$DIR/rootfs.ext4"
 FC_BIN="$DIR/firecracker"

-KERNEL="$DIR/vmlinux"
+KERNEL="$DIR/wtf/root/boot/vmlinux-6.8.0-94-generic"
+INITRD="$DIR/wtf/root/boot/initrd.img-6.8.0-94-generic"
 SSH_KEY="$DIR/id_ed25519"

 BR_DEV="br-fc"
@ -47,12 +48,34 @@ DNS_SERVER="1.1.1.1"

 OUT_ROOTFS=""
 SIZE_SPEC=""
+INSTALL_DOCKER=0
+MODULES_DIR="$DIR/wtf/root/lib/modules/6.8.0-94-generic"
 while [[ $# -gt 0 ]]; do
  case "$1" in
    --size)
      SIZE_SPEC="${2:-}"
      shift 2
      ;;
+    --base-rootfs)
+      BASE_ROOTFS="${2:-}"
+      shift 2
+      ;;
+    --kernel)
+      KERNEL="${2:-}"
+      shift 2
+      ;;
+    --initrd)
+      INITRD="${2:-}"
+      shift 2
+      ;;
+    --docker)
+      INSTALL_DOCKER=1
+      shift
+      ;;
+    --modules)
+      MODULES_DIR="${2:-}"
+      shift 2
+      ;;
    -h|--help)
      usage
      exit 0
@ -79,6 +102,18 @@ if [[ ! -f "$BASE_ROOTFS" ]]; then
  log "base rootfs not found: $BASE_ROOTFS"
  exit 1
 fi
+if [[ ! -f "$KERNEL" ]]; then
+  log "kernel not found: $KERNEL"
+  exit 1
+fi
+if [[ -n "$INITRD" && ! -f "$INITRD" ]]; then
+  log "initrd not found: $INITRD"
+  exit 1
+fi
+if [[ -n "$MODULES_DIR" && ! -d "$MODULES_DIR" ]]; then
+  log "modules dir not found: $MODULES_DIR"
+  exit 1
+fi

 if [[ -e "$OUT_ROOTFS" ]]; then
  log "output rootfs already exists: $OUT_ROOTFS"
@ -197,11 +232,16 @@ sudo -E curl --unix-socket "$API_SOCK" -X PUT http://localhost/machine-config \

 KCMD="console=ttyS0 reboot=k panic=1 pci=off root=/dev/vda rw ip=${GUEST_IP}::${BR_IP}:255.255.255.0:${VM_NAME}:eth0:off:${DNS_SERVER} hostname=${VM_NAME}"

+INITRD_JSON=""
+if [[ -n "$INITRD" ]]; then
+  INITRD_JSON=", \"initrd_path\": \"$INITRD\""
+fi
+
 sudo -E curl --unix-socket "$API_SOCK" -X PUT http://localhost/boot-source \
  -H "Content-Type: application/json" \
  -d "{
    \"kernel_image_path\": \"$KERNEL\",
-    \"boot_args\": \"$KCMD\"
+    \"boot_args\": \"$KCMD\"${INITRD_JSON}
  }" >/dev/null

 sudo -E curl --unix-socket "$API_SOCK" -X PUT http://localhost/drives/rootfs \
@ -258,13 +298,50 @@ fi
 apt-get update
 DEBIAN_FRONTEND=noninteractive apt-get -y upgrade
 DEBIAN_FRONTEND=noninteractive apt-get -y install git less tree ca-certificates curl
+if [[ \"$INSTALL_DOCKER\" == \"1\" ]]; then
+  DEBIAN_FRONTEND=noninteractive apt-get -y remove containerd || true
+  if ! DEBIAN_FRONTEND=noninteractive apt-get -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin; then
+    DEBIAN_FRONTEND=noninteractive apt-get -y install docker.io
+  fi
+  if command -v systemctl >/dev/null 2>&1; then
+    systemctl enable --now docker || true
+  fi
+fi
 git config --system init.defaultBranch main
 "

-log "customization complete; shutting down"
+if [[ -n "$MODULES_DIR" ]]; then
+  MODULES_BASE="$(basename "$MODULES_DIR")"
+  log "copying kernel modules ($MODULES_BASE) into guest"
+  tar -C "$(dirname "$MODULES_DIR")" -cf - "$MODULES_BASE" | \
+    ssh -i "$SSH_KEY" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
+      "root@${GUEST_IP}" bash -lc "set -e
+mkdir -p /lib/modules
+tar -C /lib/modules -xf -
+depmod -a \"$MODULES_BASE\"
+ mkdir -p /etc/modules-load.d
+ printf 'nf_tables\nnft_chain_nat\nveth\nbr_netfilter\noverlay\n' > /etc/modules-load.d/docker-netfilter.conf
+ mkdir -p /etc/sysctl.d
+ cat > /etc/sysctl.d/99-docker.conf <<'SYSCTL'
+net.bridge.bridge-nf-call-iptables = 1
+net.bridge.bridge-nf-call-ip6tables = 1
+net.ipv4.ip_forward = 1
+SYSCTL
+ sysctl --system >/dev/null 2>&1 || true
+sync
+"
+fi
+
+log "shutting down guest"
+ssh -i "$SSH_KEY" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
+  "root@${GUEST_IP}" bash -lc "sync" || true
 sudo -E curl --unix-socket "$API_SOCK" -X PUT http://localhost/actions \
  -H "Content-Type: application/json" \
  -d '{ "action_type": "SendCtrlAltDel" }' >/dev/null || true
-
-sleep 2
+for _ in $(seq 1 200); do
+  if ! ps -p "$FC_PID" >/dev/null 2>&1; then
+    break
+  fi
+  sleep 0.05
+done
 log "done"