vagrant-lxd 0.1.0

data/lib/vagrant-lxd/capability.rb

@@ -0,0 +1,27 @@
+#
+# Copyright (c) 2017 Catalyst.net Ltd
+#
+# This file is part of vagrant-lxd.
+#
+# vagrant-lxd is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or (at
+# your option) any later version.
+#
+# vagrant-lxd is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with vagrant-lxd. If not, see <http://www.gnu.org/licenses/>.
+#
+
+module VagrantLXD
+  class Capability
+    def Capability.snapshot_list(machine)
+      env = machine.action(:snapshot_list)
+      env[:machine_snapshot_list] || []
+    end
+  end
+end

data/lib/vagrant-lxd/command.rb

@@ -0,0 +1,145 @@
+#
+# Copyright (c) 2017 Catalyst.net Ltd
+#
+# This file is part of vagrant-lxd.
+#
+# vagrant-lxd is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or (at
+# your option) any later version.
+#
+# vagrant-lxd is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with vagrant-lxd. If not, see <http://www.gnu.org/licenses/>.
+#
+
+require 'vagrant/machine_state'
+
+require 'vagrant-lxd/driver'
+require 'vagrant-lxd/version'
+
+module VagrantLXD
+  class Command < Vagrant.plugin('2', :command)
+    def Command.synopsis
+      'manages the LXD provider'
+    end
+
+    def execute
+      main, subcommand, args = split_main_and_subcommand(@argv)
+
+      opts = OptionParser.new do |o|
+        o.banner = 'Usage: vagrant lxd <command>'
+        o.separator ''
+        o.separator 'Commands:'
+        o.separator '     attach    associate machine with a running container'
+        o.separator '     detach    disassociate machine from a running container'
+        o.separator '     version   print current plugin version'
+        o.separator ''
+        o.separator 'For help on a specific command, run `vagrant lxd <command> -h`'
+      end
+
+      if main.include?('-h') or main.include?('--help')
+        @env.ui.info opts.help
+        exit 0
+      end
+
+      case subcommand
+      when 'attach'
+        attach(args)
+      when 'detach'
+        detach(args)
+      when 'version'
+        @env.ui.info 'Vagrant LXD Provider'
+        @env.ui.info 'Version ' << Version::VERSION
+      else
+        fail Vagrant::Errors::CLIInvalidUsage, help: opts.help
+      end
+    end
+
+    def attach(args)
+      opts = OptionParser.new do |o|
+        o.banner = 'Usage: vagrant lxd attach [machine ...] <container>'
+        o.separator ''
+        o.separator 'Associates a VM with a preexisting LXD container.'
+        o.separator ''
+        o.separator 'This command can be used to attach an inactive (not created) VM to a'
+        o.separator 'preexisting LXD container. Once it has been associated with a container,'
+        o.separator 'the machine can be used just like it had been created with `vagrant up`'
+        o.separator 'or detached from the container again with `vagrant lxd detach`.'
+      end
+
+      if args.include?('-h') or args.include?('--help')
+        @env.ui.info opts.help
+        exit 0
+      end
+
+      unless container = args.pop
+        fail Vagrant::Errors::CLIInvalidUsage, help: opts.help
+      end
+
+      with_target_machines(args) do |machine|
+        if machine.id == container
+          machine.ui.warn "Machine is already attached to container '#{container}', skipping..."
+        elsif machine.state.id == Vagrant::MachineState::NOT_CREATED_ID
+          machine.ui.info "Attaching to container '#{container}'..."
+          Driver.new(machine).attach(container)
+        else
+          machine.ui.error "Machine is already attached to container '#{machine.id}'"
+          fail Driver::DuplicateAttachmentFailure, machine_name: machine.name, container: container
+        end
+      end
+    end
+
+    def detach(args)
+      opts = OptionParser.new do |o|
+        o.banner = 'Usage: vagrant lxd detach [machine ...]'
+        o.separator ''
+        o.separator 'Disassociates a VM from its LXD container.'
+        o.separator ''
+        o.separator 'This command can be used to deactivate a VM without destroying the'
+        o.separator 'underlying container. Once detached, the machine can be recreated'
+        o.separator 'from scratch with `vagrant up` or associated to a different container'
+        o.separator 'by using `vagrant lxd attach`.'
+      end
+
+      if args.include?('-h') or args.include?('--help')
+        @env.ui.info opts.help
+        exit 0
+      end
+
+      with_target_machines(args) do |machine|
+        if machine.id.nil? or machine.state.id == Vagrant::MachineState::NOT_CREATED_ID
+          machine.ui.warn "Machine is not attached to a container, skipping..."
+        else
+          driver = Driver.new(machine)
+          machine.ui.info "Detaching from container '#{driver.machine_id}'..."
+          driver.detach
+        end
+      end
+    end
+
+    def with_target_machines(args)
+      machines = args.map(&:to_sym)
+
+      # NOTE We collect all vm names here in order to force Vagrant to
+      # load a full local environment, including provider configurations.
+      vms = with_target_vms { |_| }.map(&:name)
+
+      # When no machines are given, act on all of them.
+      machines = vms if machines.empty?
+
+      # Validate machine names.
+      unless vms | machines == vms
+        fail Vagrant::Errors::MachineNotFound, name: (machines - vms).first
+      end
+
+      machines.each do |name|
+        yield @env.machine(name, :lxd)
+      end
+    end
+  end
+end

data/lib/vagrant-lxd/config.rb

@@ -0,0 +1,92 @@
+#
+# Copyright (c) 2017 Catalyst.net Ltd
+#
+# This file is part of vagrant-lxd.
+#
+# vagrant-lxd is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or (at
+# your option) any later version.
+#
+# vagrant-lxd is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with vagrant-lxd. If not, see <http://www.gnu.org/licenses/>.
+#
+
+require 'uri'
+
+module VagrantLXD
+  class Config < Vagrant.plugin('2', :config)
+    attr_accessor :api_endpoint
+    attr_accessor :name
+    attr_accessor :ephemeral
+    attr_accessor :timeout
+
+    def initialize
+      @name = UNSET_VALUE
+      @timeout = UNSET_VALUE
+      @ephemeral = UNSET_VALUE
+      @api_endpoint = UNSET_VALUE
+    end
+
+    def validate(machine)
+      errors = _detected_errors
+
+      unless [UNSET_VALUE, nil].include? name
+        if not name.is_a? String
+          errors << "Invalid `name' (value must be a string): #{name.inspect}"
+        elsif name.size >= 64
+          errors << "Invalid `name' (value must be less than 64 characters): #{name.inspect}"
+        elsif name =~ /[^a-zA-Z0-9-]/
+          errors << "Invalid `name' (value must contain only letters, numbers, and hyphens): #{name.inspect}"
+        end
+      end
+
+      unless timeout == UNSET_VALUE
+        if not timeout.is_a? Fixnum
+          errors << "Invalid `timeout' (value must be an integer): #{timeout.inspect}"
+        elsif timeout < 1
+          errors << "Invalid `timeout' (value must be positive): #{timeout.inspect}"
+        end
+      end
+
+      unless api_endpoint == UNSET_VALUE
+        begin
+          URI(api_endpoint).scheme == 'https' or raise URI::InvalidURIError
+        rescue URI::InvalidURIError
+          errors << "Invalid `api_endpoint' (value must be a valid HTTPS address): #{api_endpoint.inspect}"
+        end
+      end
+
+      unless [UNSET_VALUE, true, false].include? ephemeral
+        errors << "Invalid `ephemeral' (value must be true or false): #{ephemeral.inspect}"
+      end
+
+      { Version::NAME => errors }
+    end
+
+    def finalize!
+      if name == UNSET_VALUE
+        @name = nil
+      end
+
+      if ephemeral == UNSET_VALUE
+        @ephemeral = false
+      end
+
+      if timeout == UNSET_VALUE
+        @timeout = 10
+      end
+
+      if api_endpoint == UNSET_VALUE
+        @api_endpoint = URI('https://127.0.0.1:8443')
+      else
+        @api_endpoint = URI(api_endpoint)
+      end
+    end
+  end
+end

data/lib/vagrant-lxd/driver.rb

@@ -0,0 +1,418 @@
+#
+# Copyright (c) 2017 Catalyst.net Ltd
+#
+# This file is part of vagrant-lxd.
+#
+# vagrant-lxd is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or (at
+# your option) any later version.
+#
+# vagrant-lxd is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with vagrant-lxd. If not, see <http://www.gnu.org/licenses/>.
+#
+
+require 'hyperkit'
+require 'securerandom'
+require 'tempfile'
+require 'timeout'
+require 'vagrant/machine_state'
+
+module VagrantLXD
+  class Driver
+    include Vagrant::Util
+
+    VAGRANT_UID = 1000 # TODO Make this configurable.
+
+    class OperationTimeout < Vagrant::Errors::VagrantError
+      error_key 'lxd_operation_timeout'
+    end
+
+    class NetworkAddressAcquisitionTimeout < OperationTimeout
+      error_key 'lxd_network_address_acquisition_timeout'
+    end
+
+    class ConnectionFailure < Vagrant::Errors::ProviderNotUsable
+      error_key 'lxd_connection_failure'
+    end
+
+    class AuthenticationFailure < Vagrant::Errors::ProviderNotUsable
+      error_key 'lxd_authentication_failure'
+    end
+
+    class ContainerCreationFailure < Vagrant::Errors::VagrantError
+      error_key 'lxd_container_creation_failure'
+    end
+
+    class ImageCreationFailure < ContainerCreationFailure
+      error_key 'lxd_image_creation_failure'
+    end
+
+    class ContainerNotFound < Vagrant::Errors::VagrantError
+      error_key 'lxd_container_not_found'
+    end
+
+    class ContainerAlreadyExists < Vagrant::Errors::VagrantError
+      error_key 'lxd_container_already_exists'
+    end
+
+    class DuplicateAttachmentFailure < Vagrant::Errors::VagrantError
+      error_key 'lxd_duplicate_attachment_failure'
+    end
+
+    class Hyperkit::BadRequest
+      def reason
+        return unless data.is_a? Hash
+
+        if error = data[:error]
+          return error unless error.empty?
+        end
+
+        if metadata = data[:metadata] and err = metadata[:err]
+          return err unless err.empty?
+        end
+
+        'No reason could be determined'
+      end
+    end
+
+    NOT_CREATED = Vagrant::MachineState::NOT_CREATED_ID
+
+    attr_reader :api_endpoint
+    attr_reader :ephemeral
+    attr_reader :name
+    attr_reader :timeout
+
+    def initialize(machine)
+      @machine = machine
+      @timeout = machine.provider_config.timeout
+      @api_endpoint = machine.provider_config.api_endpoint
+      @ephemeral = machine.provider_config.ephemeral
+      @name = machine.provider_config.name
+      @logger = Log4r::Logger.new('vagrant::lxd')
+      @lxd = Hyperkit::Client.new(api_endpoint: api_endpoint.to_s, verify_ssl: false)
+    end
+
+    def validate!
+      raise error(ConnectionFailure) unless connection_usable?
+      raise error(AuthenticationFailure) unless authentication_usable?
+    end
+
+    def synced_folders_usable?
+      # Check whether we've registered an idmap for the current user.
+      if map = container[:config][:'raw.idmap']
+        true if map =~ /^uid #{Process.uid} #{VAGRANT_UID}$/
+      end
+    rescue Vagrant::Errors::ProviderNotUsable
+      false
+    end
+
+    def mount(name, options)
+      container = @lxd.container(machine_id)
+      devices = container[:devices].to_hash
+      devices[name] = { type: 'disk', path: options[:guestpath], source: options[:hostpath] }
+      container[:devices] = devices
+      @lxd.update_container(machine_id, container)
+    end
+
+    def mounted?(name, options)
+      container = @lxd.container(machine_id)
+      devices = container[:devices].to_hash
+      name = name.to_sym
+      begin
+        devices[name] and
+        devices[name][:type] == 'disk' and
+        devices[name][:path] == options[:guestpath] and
+        devices[name][:source] == options[:hostpath]
+      end
+    end
+
+    def unmount(name, options)
+      container = @lxd.container(machine_id)
+      devices = container[:devices].to_hash
+      devices.delete(name.to_sym)
+      container[:devices] = devices
+      @lxd.update_container(machine_id, container)
+    end
+
+    def attach(container)
+      @lxd.container(container) # Query LXD to make sure the container exists.
+
+      if in_state? NOT_CREATED
+        @machine.id = container
+      else
+        fail DuplicateAttachmentFailure, machine_name: @machine.name, container: container
+      end
+    rescue Hyperkit::NotFound
+      @machine.ui.error "Container doesn't exist: #{container}"
+      fail ContainerNotFound, container: container
+    end
+
+    def detach
+      @machine.id = nil
+    end
+
+    #
+    # The following methods correspond directly to middleware actions.
+    #
+
+    def snapshot_list
+      @lxd.snapshots(machine_id)
+    end
+
+    def snapshot_save(name)
+      @lxd.create_snapshot(machine_id, name)
+    end
+
+    def snapshot_restore(name)
+      @lxd.restore_snapshot(machine_id, name)
+    end
+
+    def snapshot_delete(name)
+      @lxd.delete_snapshot(machine_id, name)
+    end
+
+    def state
+      return NOT_CREATED if machine_id.nil?
+      container_state = @lxd.container_state(machine_id)
+      container_state[:status].downcase.to_sym
+    rescue Hyperkit::NotFound
+      NOT_CREATED
+    end
+
+    def create
+      if in_state? NOT_CREATED
+        machine_id = generate_machine_id
+        file, fingerprint = prepare_image_file
+
+        begin
+          image = @lxd.image(fingerprint)
+          @logger.debug 'Using image: ' << image.inspect
+        rescue Hyperkit::NotFound
+          image = @lxd.create_image_from_file(file)
+          image_alias = @lxd.create_image_alias(fingerprint, machine_id)
+          @logger.debug 'Created image: ' << image.inspect
+          @logger.debug 'Created image alias: ' << image_alias.inspect
+        end
+
+        container = @lxd.create_container(machine_id, ephemeral: ephemeral, fingerprint: fingerprint, config: config)
+        @logger.debug 'Created container: ' << container.inspect
+
+        @machine.id = machine_id
+      end
+    rescue Hyperkit::Error => e
+      @lxd.delete_container(id) rescue nil unless container.nil?
+      @lxd.delete_image(image[:metadata][:fingerprint]) rescue nil unless image.nil?
+      if e.reason =~ /Container '([^']+)' already exists/
+        @machine.ui.error e.reason
+        fail ContainerAlreadyExists, machine_name: @machine.name, container: $1
+      else
+        @machine.ui.error "Failed to create container"
+        fail ContainerCreationFailure, machine_name: @machine.name, reason: e.reason
+      end
+    end
+
+    def resume
+      case state
+      when :stopped
+        @lxd.start_container(machine_id)
+      when :frozen
+        @lxd.unfreeze_container(machine_id, timeout: timeout)
+      end
+    rescue Hyperkit::BadRequest
+      @machine.ui.warn "Container failed to start within #{timeout} seconds"
+      fail OperationTimeout, time_limit: timeout, operation: 'start', machine_id: machine_id
+    end
+
+    def halt
+      if in_state? :running, :frozen
+        @lxd.stop_container(machine_id, timeout: timeout)
+      end
+    rescue Hyperkit::BadRequest
+      @machine.ui.warn "Container failed to stop within #{timeout} seconds, forcing shutdown..."
+      @lxd.stop_container(machine_id, timeout: timeout, force: true)
+    end
+
+    def suspend
+      if in_state? :running
+        @lxd.freeze_container(machine_id, timeout: timeout)
+      end
+    rescue Hyperkit::BadRequest
+      @machine.ui.warn "Container failed to suspend within #{timeout} seconds"
+      fail OperationTimeout, time_limit: timeout, operation: 'info', machine_id: machine_id
+    end
+
+    def destroy
+      if in_state? :stopped
+        delete_image
+        delete_container
+      else
+        @logger.debug "Skipped container destroy (#{machine_id} is not stopped)"
+      end
+    end
+
+    def info
+      if in_state? :running, :frozen
+        {
+          host: ipv4_address,
+          port: ipv4_port,
+        }
+      end
+    end
+
+  private
+
+    def delete_container
+      @lxd.delete_container(machine_id)
+    rescue Hyperkit::NotFound
+      @logger.warn "Container '#{machine_id}' not found, unable to destroy"
+    end
+
+    def delete_image
+      @lxd.delete_image(container[:config][:'volatile.base_image'])
+    rescue Hyperkit::NotFound
+      @logger.warn "Image for '#{machine_id}' not found, unable to destroy"
+    rescue Hyperkit::BadRequest
+      @logger.error "Unable to delete image for '#{machine_id}'"
+    end
+
+    def container
+      @lxd.container(machine_id)
+    end
+
+    def connection_usable?
+      @lxd.images
+    rescue Faraday::ConnectionFailed
+      false
+    else
+      true
+    end
+
+    def authentication_usable?
+      connection_usable? and @lxd.containers
+    rescue Hyperkit::Forbidden
+      false
+    else
+      true
+    end
+
+    def machine_id
+      @machine.id
+    end
+
+    def generate_machine_id
+      @name || begin
+        id = "vagrant-#{File.basename(Dir.pwd)}-#{@machine.name}-#{SecureRandom.hex(8)}"
+        id = id.slice(0...63).gsub(/[^a-zA-Z0-9]/, '-')
+        id
+      end
+    end
+
+    def in_state?(*any)
+      any.include?(state)
+    end
+
+    def ipv4_port
+      22
+    end
+
+    def ipv4_address
+      @logger.debug "Looking up ipv4 address for #{machine_id}..."
+      Timeout.timeout(timeout) do
+        loop do
+          container_state = @lxd.container_state(machine_id)
+          if address = container_state[:network][:eth0][:addresses].find { |a| a[:family] == 'inet' }
+            return address[:address]
+          else
+            @logger.debug 'No ipv4 address found, sleeping 1s before trying again...'
+            sleep(1)
+          end
+        end
+      end
+    rescue Timeout::Error
+      @logger.warn "Failed to find ipv4 address for #{machine_id} within #{timeout} seconds!"
+      fail NetworkAddressAcquisitionTimeout, time_limit: timeout, lxd_bridge: 'lxdbr0' # FIXME Hardcoded bridge name
+    end
+
+    def config
+      config = {}
+
+      # Set "raw.idmap" if the host's sub{u,g}id configuration allows it.
+      # This allows sharing folders via LXD (see synced_folder.rb).
+      begin
+        %w(uid gid).each do |type|
+          value = Process.send(type)
+          if File.readlines("/etc/sub#{type}").grep(/^root:#{value}:[1-9]/).any?
+            config[:'raw.idmap'] ||= ''
+            config[:'raw.idmap'] << "#{type} #{value} #{VAGRANT_UID}\n"
+          end
+        end
+      rescue StandardError => e
+        @logger.warn "Cannot read subordinate permissions file: #{e.message}"
+      end
+
+      @logger.debug 'Resulting configuration: ' << config.inspect
+
+      config
+    end
+
+    def prepare_image_file
+      tmpdir = Dir.mktmpdir
+
+      lxc_dir = @machine.box.directory
+      lxc_rootfs = lxc_dir / 'rootfs.tar.gz'
+      lxc_fingerprint = Digest::SHA256.file(lxc_rootfs).hexdigest
+
+      lxd_dir = @machine.box.directory / '..' / 'lxd'
+      lxd_rootfs = lxd_dir / 'rootfs.tar.gz'
+      lxd_metadata = YAML.load(File.read(lxd_dir / 'metadata.yaml')) rescue nil
+
+      if lxd_rootfs.exist? and lxd_metadata.is_a? Hash and lxd_metadata['source_fingerprint'] == lxc_fingerprint
+        @machine.ui.info 'Importing LXC image...'
+      else
+        @machine.ui.info 'Converting LXC image to LXD format...'
+
+        SafeChdir.safe_chdir(tmpdir) do
+          FileUtils.cp(lxc_rootfs, tmpdir)
+
+          File.open('metadata.yaml', 'w') do |metadata|
+            metadata.puts 'architecture: ' << `uname -m`.strip
+            metadata.puts 'creation_date: ' << Time.now.strftime('%s')
+            metadata.puts 'source_fingerprint: ' << lxc_fingerprint
+          end
+
+          Subprocess.execute('gunzip', 'rootfs.tar.gz')
+          Subprocess.execute('tar', '-rf', 'rootfs.tar', 'metadata.yaml')
+          Subprocess.execute('gzip', 'rootfs.tar')
+
+          FileUtils.mkdir_p(lxd_dir)
+          FileUtils.mv('rootfs.tar.gz', lxd_dir)
+          FileUtils.mv('metadata.yaml', lxd_dir)
+        end
+      end
+
+      return lxd_rootfs, Digest::SHA256.file(lxd_rootfs).hexdigest
+    rescue Exception => e
+      @machine.ui.error 'Failed to create LXD image for container'
+      @logger.error 'Error preparing LXD image: ' << e.message << "\n" << e.backtrace.join("\n")
+      fail ImageCreationFailure, machine_name: @machine.name, error_message: e.message
+    ensure
+      FileUtils.rm_rf(tmpdir)
+    end
+
+    def error(klass)
+      klass.new(
+        provider: Version::NAME,
+        machine: @machine.name,
+        api_endpoint: @api_endpoint.to_s,
+        https_address: @api_endpoint.host,
+        client_cert: File.expand_path('.config/lxc/client.crt', ENV['HOME']),
+      )
+    end
+  end
+end