add "dependency" provisioning mode

Signed-off-by: Justin Alvarez <alvajus@amazon.com>
lima-vm · Nov 8, 2022 · 575e0f1 · 575e0f1
1 parent 4a4cc62
commit 575e0f1
Show file tree

Hide file tree

Showing 9 changed files with 232 additions and 182 deletions.
diff --git a/examples/default.yaml b/examples/default.yaml
@@ -178,6 +178,19 @@ containerd:
 # - mode: boot
 #   script: |
 #     systemctl disable NetworkManager-wait-online.service
+# # `dependency` is executed before the regular dependency resolution workflow in
+# # pkg/cidata/cidata.TEMPLATE.d/boot/30-install-packages.sh
+# - mode: dependency
+#   script: |
+#     #!/bin/bash
+#     dnf config-manager --add-repo ...
+#     dnf install ...
+
+# `skipDefaultDependencyResolution` can be used with `dependency` mode provisioning scripts to skip
+# the regular dependency resolution workflow in pkg/cidata/cidata.TEMPLATE.d/boot/30-install-packages.sh
+# and provide a fully customizable replacement
+# 🟢 Builtin default: false
+# skipDefaultDependencyResolution: true
 
 # Probe scripts to check readiness.
 # 🟢 Builtin default: null

diff --git a/pkg/cidata/cidata.TEMPLATE.d/boot/30-install-packages.sh b/pkg/cidata/cidata.TEMPLATE.d/boot/30-install-packages.sh
@@ -23,149 +23,164 @@ if [ "${LIMA_CIDATA_UDP_DNS_LOCAL_PORT}" -ne 0 ] || [ "${LIMA_CIDATA_TCP_DNS_LOC
 fi
 
 # Install minimum dependencies
+# Run any user provided dependency scripts first
+if [ -d "${LIMA_CIDATA_MNT}"/provision.dependency ]; then
+	echo "Detected dependency provisioning scripts, running before default dependency installation"
+	for f in "${LIMA_CIDATA_MNT}"/provision.dependency/*; do
+		echo "Executing $f"
+		if ! "$f"; then
+			echo "Failed to execute $f"
+		fi
+	done
+fi
+
 # apt-get detected through the first bytes of apt-get binary to ensure we're
 # matching to an actual binary and not a wrapper script. This case is an issue
 # on OpenSuse which wraps its own package manager in to a script named apt-get
 # to mimic certain options but doesn't offer full parameters compatibility
 # See : https://github.com/lima-vm/lima/pull/1014
-if hexdump -C -n 4 "$(command -v apt-get)" | grep -qF 'ELF' >/dev/null 2>&1; then
-	pkgs=""
-	if [ "${LIMA_CIDATA_MOUNTTYPE}" = "reverse-sshfs" ]; then
-		if [ "${LIMA_CIDATA_MOUNTS}" -gt 0 ] && ! command -v sshfs >/dev/null 2>&1; then
-			pkgs="${pkgs} sshfs"
+if [ "${LIMA_CIDATA_SKIP_DEFAULT_DEPENDENCY_RESOLUTION}" = 1 ]; then
+	echo "LIMA_CIDATA_SKIP_DEFAULT_DEPENDENCY_RESOLUTION is set, skipping regular dependency installation"
+else
+	if hexdump -C -n 4 "$(command -v apt-get)" | grep -qF 'ELF' >/dev/null 2>&1; then
+		pkgs=""
+		if [ "${LIMA_CIDATA_MOUNTTYPE}" = "reverse-sshfs" ]; then
+			if [ "${LIMA_CIDATA_MOUNTS}" -gt 0 ] && ! command -v sshfs >/dev/null 2>&1; then
+				pkgs="${pkgs} sshfs"
+			fi
+		fi
+		if [ "${INSTALL_IPTABLES}" = 1 ] && [ ! -e /usr/sbin/iptables ]; then
+			pkgs="${pkgs} iptables"
+		fi
+		if [ "${LIMA_CIDATA_CONTAINERD_USER}" = 1 ] && ! command -v newuidmap >/dev/null 2>&1; then
+			pkgs="${pkgs} uidmap fuse3 dbus-user-session"
+		fi
+		if [ -n "${pkgs}" ]; then
+			DEBIAN_FRONTEND=noninteractive
+			export DEBIAN_FRONTEND
+			apt-get update
+			# shellcheck disable=SC2086
+			apt-get install -y --no-upgrade --no-install-recommends -q ${pkgs}
+		fi
+	elif command -v dnf >/dev/null 2>&1; then
+		pkgs=""
+		if ! command -v tar >/dev/null 2>&1; then
+			pkgs="${pkgs} tar"
+		fi
+		if [ "${LIMA_CIDATA_MOUNTTYPE}" = "reverse-sshfs" ]; then
+			if [ "${LIMA_CIDATA_MOUNTS}" -gt 0 ] && ! command -v sshfs >/dev/null 2>&1; then
+				pkgs="${pkgs} fuse-sshfs"
+			fi
+		fi
+		if [ "${INSTALL_IPTABLES}" = 1 ] && [ ! -e /usr/sbin/iptables ]; then
+			pkgs="${pkgs} iptables"
+		fi
+		if [ "${LIMA_CIDATA_CONTAINERD_USER}" = 1 ]; then
+			if ! command -v newuidmap >/dev/null 2>&1; then
+				pkgs="${pkgs} shadow-utils"
+			fi
+			if ! command -v mount.fuse3 >/dev/null 2>&1; then
+				pkgs="${pkgs} fuse3"
+			fi
+		fi
+		if [ -n "${pkgs}" ]; then
+			dnf_install_flags="-y --setopt=install_weak_deps=False"
+			if grep -q "Oracle Linux Server release 8" /etc/system-release; then
+				# repo flag instead of enable repo to reduce metadata syncing on slow Oracle repos
+				dnf_install_flags="${dnf_install_flags} --repo ol8_baseos_latest --repo ol8_codeready_builder"
+			elif grep -q "release 8" /etc/system-release; then
+				dnf_install_flags="${dnf_install_flags} --enablerepo powertools"
+			elif grep -q "Oracle Linux Server release 9" /etc/system-release; then
+				# shellcheck disable=SC2086
+				dnf install ${dnf_install_flags} oracle-epel-release-el9
+				dnf config-manager --disable ol9_developer_EPEL >/dev/null 2>&1
+				dnf_install_flags="${dnf_install_flags} --enablerepo ol9_developer_EPEL"
+			elif grep -q "release 9" /etc/system-release; then
+				# shellcheck disable=SC2086
+				dnf install ${dnf_install_flags} epel-release
+				dnf config-manager --disable epel >/dev/null 2>&1
+				dnf_install_flags="${dnf_install_flags} --enablerepo epel"
+			fi
+			# shellcheck disable=SC2086
+			dnf install ${dnf_install_flags} ${pkgs}
+		fi
+		if [ "${LIMA_CIDATA_CONTAINERD_USER}" = 1 ] && [ ! -e /usr/bin/fusermount ]; then
+			# Workaround for https://github.com/containerd/stargz-snapshotter/issues/340
+			ln -s fusermount3 /usr/bin/fusermount
+		fi
+	elif command -v yum >/dev/null 2>&1; then
+		echo "DEPRECATED: CentOS7 and others RHEL-like version 7 are unsupported and might be removed or stop to work in future lima releases"
+		pkgs=""
+		yum_install_flags="-y"
+		if ! rpm -ql epel-release >/dev/null 2>&1; then
+			yum install ${yum_install_flags} epel-release
+		fi
+		if ! command -v tar >/dev/null 2>&1; then
+			pkgs="${pkgs} tar"
 		fi
-	fi
-	if [ "${INSTALL_IPTABLES}" = 1 ] && [ ! -e /usr/sbin/iptables ]; then
-		pkgs="${pkgs} iptables"
-	fi
-	if [ "${LIMA_CIDATA_CONTAINERD_USER}" = 1 ] && ! command -v newuidmap >/dev/null 2>&1; then
-		pkgs="${pkgs} uidmap fuse3 dbus-user-session"
-	fi
-	if [ -n "${pkgs}" ]; then
-		DEBIAN_FRONTEND=noninteractive
-		export DEBIAN_FRONTEND
-		apt-get update
-		# shellcheck disable=SC2086
-		apt-get install -y --no-upgrade --no-install-recommends -q ${pkgs}
-	fi
-elif command -v dnf >/dev/null 2>&1; then
-	pkgs=""
-	if ! command -v tar >/dev/null 2>&1; then
-		pkgs="${pkgs} tar"
-	fi
-	if [ "${LIMA_CIDATA_MOUNTTYPE}" = "reverse-sshfs" ]; then
 		if [ "${LIMA_CIDATA_MOUNTS}" -gt 0 ] && ! command -v sshfs >/dev/null 2>&1; then
 			pkgs="${pkgs} fuse-sshfs"
 		fi
-	fi
-	if [ "${INSTALL_IPTABLES}" = 1 ] && [ ! -e /usr/sbin/iptables ]; then
-		pkgs="${pkgs} iptables"
-	fi
-	if [ "${LIMA_CIDATA_CONTAINERD_USER}" = 1 ]; then
-		if ! command -v newuidmap >/dev/null 2>&1; then
-			pkgs="${pkgs} shadow-utils"
+		if [ "${INSTALL_IPTABLES}" = 1 ] && [ ! -e /usr/sbin/iptables ]; then
+			pkgs="${pkgs} iptables"
 		fi
-		if ! command -v mount.fuse3 >/dev/null 2>&1; then
-			pkgs="${pkgs} fuse3"
+		if [ "${LIMA_CIDATA_CONTAINERD_USER}" = 1 ]; then
+			if ! command -v newuidmap >/dev/null 2>&1; then
+				pkgs="${pkgs} shadow-utils"
+			fi
+			if ! command -v mount.fuse3 >/dev/null 2>&1; then
+				pkgs="${pkgs} fuse3"
+			fi
 		fi
-	fi
-	if [ -n "${pkgs}" ]; then
-		dnf_install_flags="-y --setopt=install_weak_deps=False"
-		if grep -q "Oracle Linux Server release 8" /etc/system-release; then
-			# repo flag instead of enable repo to reduce metadata syncing on slow Oracle repos
-			dnf_install_flags="${dnf_install_flags} --repo ol8_baseos_latest --repo ol8_codeready_builder"
-		elif grep -q "release 8" /etc/system-release; then
-			dnf_install_flags="${dnf_install_flags} --enablerepo powertools"
-		elif grep -q "Oracle Linux Server release 9" /etc/system-release; then
+		if [ -n "${pkgs}" ]; then
 			# shellcheck disable=SC2086
-			dnf install ${dnf_install_flags} oracle-epel-release-el9
-			dnf config-manager --disable ol9_developer_EPEL >/dev/null 2>&1
-			dnf_install_flags="${dnf_install_flags} --enablerepo ol9_developer_EPEL"
-		elif grep -q "release 9" /etc/system-release; then
+			yum install ${yum_install_flags} ${pkgs}
+			yum-config-manager --disable epel >/dev/null 2>&1
+		fi
+	elif command -v pacman >/dev/null 2>&1; then
+		pkgs=""
+		if [ "${LIMA_CIDATA_MOUNTTYPE}" = "reverse-sshfs" ]; then
+			if [ "${LIMA_CIDATA_MOUNTS}" -gt 0 ] && ! command -v sshfs >/dev/null 2>&1; then
+				pkgs="${pkgs} sshfs"
+			fi
+		fi
+		# other dependencies are preinstalled on Arch Linux
+		if [ -n "${pkgs}" ]; then
 			# shellcheck disable=SC2086
-			dnf install ${dnf_install_flags} epel-release
-			dnf config-manager --disable epel >/dev/null 2>&1
-			dnf_install_flags="${dnf_install_flags} --enablerepo epel"
+			pacman -Sy --noconfirm ${pkgs}
 		fi
-		# shellcheck disable=SC2086
-		dnf install ${dnf_install_flags} ${pkgs}
-	fi
-	if [ "${LIMA_CIDATA_CONTAINERD_USER}" = 1 ] && [ ! -e /usr/bin/fusermount ]; then
-		# Workaround for https://github.com/containerd/stargz-snapshotter/issues/340
-		ln -s fusermount3 /usr/bin/fusermount
-	fi
-elif command -v yum >/dev/null 2>&1; then
-	echo "DEPRECATED: CentOS7 and others RHEL-like version 7 are unsupported and might be removed or stop to work in future lima releases"
-	pkgs=""
-	yum_install_flags="-y"
-	if ! rpm -ql epel-release >/dev/null 2>&1; then
-		yum install ${yum_install_flags} epel-release
-	fi
-	if ! command -v tar >/dev/null 2>&1; then
-		pkgs="${pkgs} tar"
-	fi
-	if [ "${LIMA_CIDATA_MOUNTS}" -gt 0 ] && ! command -v sshfs >/dev/null 2>&1; then
-		pkgs="${pkgs} fuse-sshfs"
-	fi
-	if [ "${INSTALL_IPTABLES}" = 1 ] && [ ! -e /usr/sbin/iptables ]; then
-		pkgs="${pkgs} iptables"
-	fi
-	if [ "${LIMA_CIDATA_CONTAINERD_USER}" = 1 ]; then
-		if ! command -v newuidmap >/dev/null 2>&1; then
-			pkgs="${pkgs} shadow-utils"
+	elif command -v zypper >/dev/null 2>&1; then
+		pkgs=""
+		if [ "${LIMA_CIDATA_MOUNTTYPE}" = "reverse-sshfs" ]; then
+			if [ "${LIMA_CIDATA_MOUNTS}" -gt 0 ] && ! command -v sshfs >/dev/null 2>&1; then
+				pkgs="${pkgs} sshfs"
+			fi
+		fi
+		if [ "${INSTALL_IPTABLES}" = 1 ] && [ ! -e /usr/sbin/iptables ]; then
+			pkgs="${pkgs} iptables"
 		fi
-		if ! command -v mount.fuse3 >/dev/null 2>&1; then
+		if [ "${LIMA_CIDATA_CONTAINERD_USER}" = 1 ] && ! command -v mount.fuse3 >/dev/null 2>&1; then
 			pkgs="${pkgs} fuse3"
 		fi
-	fi
-	if [ -n "${pkgs}" ]; then
-		# shellcheck disable=SC2086
-		yum install ${yum_install_flags} ${pkgs}
-		yum-config-manager --disable epel >/dev/null 2>&1
-	fi
-elif command -v pacman >/dev/null 2>&1; then
-	pkgs=""
-	if [ "${LIMA_CIDATA_MOUNTTYPE}" = "reverse-sshfs" ]; then
-		if [ "${LIMA_CIDATA_MOUNTS}" -gt 0 ] && ! command -v sshfs >/dev/null 2>&1; then
-			pkgs="${pkgs} sshfs"
+		if [ -n "${pkgs}" ]; then
+			# shellcheck disable=SC2086
+			zypper --non-interactive install -y --no-recommends ${pkgs}
 		fi
-	fi
-	# other dependencies are preinstalled on Arch Linux
-	if [ -n "${pkgs}" ]; then
-		# shellcheck disable=SC2086
-		pacman -Sy --noconfirm ${pkgs}
-	fi
-elif command -v zypper >/dev/null 2>&1; then
-	pkgs=""
-	if [ "${LIMA_CIDATA_MOUNTTYPE}" = "reverse-sshfs" ]; then
-		if [ "${LIMA_CIDATA_MOUNTS}" -gt 0 ] && ! command -v sshfs >/dev/null 2>&1; then
-			pkgs="${pkgs} sshfs"
+	elif command -v apk >/dev/null 2>&1; then
+		pkgs=""
+		if [ "${LIMA_CIDATA_MOUNTTYPE}" = "reverse-sshfs" ]; then
+			if [ "${LIMA_CIDATA_MOUNTS}" -gt 0 ] && ! command -v sshfs >/dev/null 2>&1; then
+				pkgs="${pkgs} sshfs"
+			fi
 		fi
-	fi
-	if [ "${INSTALL_IPTABLES}" = 1 ] && [ ! -e /usr/sbin/iptables ]; then
-		pkgs="${pkgs} iptables"
-	fi
-	if [ "${LIMA_CIDATA_CONTAINERD_USER}" = 1 ] && ! command -v mount.fuse3 >/dev/null 2>&1; then
-		pkgs="${pkgs} fuse3"
-	fi
-	if [ -n "${pkgs}" ]; then
-		# shellcheck disable=SC2086
-		zypper --non-interactive install -y --no-recommends ${pkgs}
-	fi
-elif command -v apk >/dev/null 2>&1; then
-	pkgs=""
-	if [ "${LIMA_CIDATA_MOUNTTYPE}" = "reverse-sshfs" ]; then
-		if [ "${LIMA_CIDATA_MOUNTS}" -gt 0 ] && ! command -v sshfs >/dev/null 2>&1; then
-			pkgs="${pkgs} sshfs"
+		if [ "${INSTALL_IPTABLES}" = 1 ] && ! command -v iptables >/dev/null 2>&1; then
+			pkgs="${pkgs} iptables"
+		fi
+		if [ -n "${pkgs}" ]; then
+			apk update
+			# shellcheck disable=SC2086
+			apk add ${pkgs}
 		fi
-	fi
-	if [ "${INSTALL_IPTABLES}" = 1 ] && ! command -v iptables >/dev/null 2>&1; then
-		pkgs="${pkgs} iptables"
-	fi
-	if [ -n "${pkgs}" ]; then
-		apk update
-		# shellcheck disable=SC2086
-		apk add ${pkgs}
 	fi
 fi
 

diff --git a/pkg/cidata/cidata.TEMPLATE.d/lima.env b/pkg/cidata/cidata.TEMPLATE.d/lima.env
@@ -22,3 +22,8 @@ LIMA_CIDATA_SLIRP_GATEWAY={{.SlirpGateway}}
 LIMA_CIDATA_SLIRP_IP_ADDRESS={{.SlirpIPAddress}}
 LIMA_CIDATA_UDP_DNS_LOCAL_PORT={{.UDPDNSLocalPort}}
 LIMA_CIDATA_TCP_DNS_LOCAL_PORT={{.TCPDNSLocalPort}}
+{{- if .SkipDefaultDependencyResolution}}
+LIMA_CIDATA_SKIP_DEFAULT_DEPENDENCY_RESOLUTION=1
+{{- else}}
+LIMA_CIDATA_SKIP_DEFAULT_DEPENDENCY_RESOLUTION=
+{{- end}}
diff --git a/pkg/cidata/cidata.go b/pkg/cidata/cidata.go
@@ -117,14 +117,15 @@ func GenerateISO9660(instDir, name string, y *limayaml.LimaYAML, udpDNSLocalPort
 		return err
 	}
 	args := TemplateArgs{
-		Name:           name,
-		User:           u.Username,
-		UID:            uid,
-		Containerd:     Containerd{System: *y.Containerd.System, User: *y.Containerd.User},
-		SlirpNICName:   qemu.SlirpNICName,
-		SlirpGateway:   qemu.SlirpGateway,
-		SlirpDNS:       qemu.SlirpDNS,
-		SlirpIPAddress: qemu.SlirpIPAddress,
+		Name:                            name,
+		User:                            u.Username,
+		UID:                             uid,
+		Containerd:                      Containerd{System: *y.Containerd.System, User: *y.Containerd.User},
+		SlirpNICName:                    qemu.SlirpNICName,
+		SlirpGateway:                    qemu.SlirpGateway,
+		SlirpDNS:                        qemu.SlirpDNS,
+		SlirpIPAddress:                  qemu.SlirpIPAddress,
+		SkipDefaultDependencyResolution: *y.SkipDefaultDependencyResolution,
 	}
 
 	// change instance id on every boot so network config will be processed again
@@ -252,7 +253,7 @@ func GenerateISO9660(instDir, name string, y *limayaml.LimaYAML, udpDNSLocalPort
 
 	for i, f := range y.Provision {
 		switch f.Mode {
-		case limayaml.ProvisionModeSystem, limayaml.ProvisionModeUser:
+		case limayaml.ProvisionModeSystem, limayaml.ProvisionModeUser, limayaml.ProvisionModeDependency:
 			layout = append(layout, iso9660util.Entry{
 				Path:   fmt.Sprintf("provision.%s/%08d", f.Mode, i),
 				Reader: strings.NewReader(f.Script),

diff --git a/pkg/cidata/template.go b/pkg/cidata/template.go
@@ -46,26 +46,27 @@ type BootCmds struct {
 	Lines []string
 }
 type TemplateArgs struct {
-	Name               string // instance name
-	IID                string // instance id
-	User               string // user name
-	UID                int
-	SSHPubKeys         []string
-	Mounts             []Mount
-	MountType          string
-	Containerd         Containerd
-	Networks           []Network
-	SlirpNICName       string
-	SlirpGateway       string
-	SlirpDNS           string
-	SlirpIPAddress     string
-	UDPDNSLocalPort    int
-	TCPDNSLocalPort    int
-	Env                map[string]string
-	DNSAddresses       []string
-	CACerts            CACerts
-	HostHomeMountPoint string
-	BootCmds           []BootCmds
+	Name                            string // instance name
+	IID                             string // instance id
+	User                            string // user name
+	UID                             int
+	SSHPubKeys                      []string
+	Mounts                          []Mount
+	MountType                       string
+	Containerd                      Containerd
+	Networks                        []Network
+	SlirpNICName                    string
+	SlirpGateway                    string
+	SlirpDNS                        string
+	SlirpIPAddress                  string
+	UDPDNSLocalPort                 int
+	TCPDNSLocalPort                 int
+	Env                             map[string]string
+	DNSAddresses                    []string
+	CACerts                         CACerts
+	HostHomeMountPoint              string
+	BootCmds                        []BootCmds
+	SkipDefaultDependencyResolution bool
 }
 
 func ValidateTemplateArgs(args TemplateArgs) error {