vagrant-smartos-zones 0.0.1.pre.21

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: c7231d953d2c1a01f6e9a8255ca6d60684dd0f47
+  data.tar.gz: 5adb6ac03013fa4a5e9b3455be9ef500a85cf568
+SHA512:
+  metadata.gz: 20d000f49065dedd3c83f338fb59c3ddc07f0def75f35d19d31a9f74e83dcd5eb598481b498808aafd54a4c33a2dd8321cd74b2d4d54d0130ac0acadb8ba60c3
+  data.tar.gz: ea6343b9d7a8de20201bc5be827f0ab2a9c2132f18553fbf1cb44468b396327876c3800e3ae353ee8a884fb146f4eb41922706dbec26238be13c36531e8c21c8

data/.gitignore

@@ -0,0 +1,19 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+.vagrant
+examples/.vagrant
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.rubocop.yml

@@ -0,0 +1,12 @@
+Metrics/LineLength:
+  Max: 120
+Style/Documentation:
+  Enabled: false
+Style/DoubleNegation:
+  Enabled: false
+Style/SignalException:
+  Enabled: false
+Style/FormatString:
+  Enabled: false
+Style/MultilineBlockChain:
+  Enabled: false

data/Gemfile

@@ -0,0 +1,12 @@
+source 'https://rubygems.org'
+
+group :development do
+  gem 'rubocop'
+  gem 'vagrant', git: 'https://github.com/mitchellh/vagrant.git'
+  gem 'rake'
+  gem 'pry-nav'
+end
+
+group :plugins do
+  gem 'vagrant-smartos-zones', path: '.'
+end

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 Eric Saxby
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,268 @@
+vagrant-smartos-zones
+=====================
+
+Manage SmartOS zones using Vagrant.
+
+## Dependencies
+
+This plugin depends on using a SmartOS global zone built to be vagrant
+compatible.
+
+```ruby
+config.vm.box = "livinginthepast/smartos"
+```
+
+See [Vagrant Cloud](https://vagrantcloud.com/livinginthepast) for some boxes.
+
+This plugin also depends on Vagrant recognizing the SmartOS guest. This
+is available in Vagrant 1.5.3 or newer.
+
+Any outstanding issues with SmartOS integration in the current released
+version of Vagrant can be hacked into shape with the 
+[vagrant-smartos/vagrant-smartos-guest](https://github.com/vagrant-smartos/vagrant-smartos-guest)
+plugin. This tracks fixes that have been submitted as pull requests to
+Vagrant but may have not been yet released.
+
+## Quick Start Installation
+
+```bash
+vagrant plugin install vagrant-smartos-zones
+mkdir <directory_name>
+cd <directory_name>
+curl -sO https://raw.githubusercontent.com/vagrant-smartos/vagrant-smartos-zones/master/examples/Vagrantfile
+vagrant up
+vagrant ssh
+```
+
+
+## Slow Start Installation
+
+```bash
+vagrant plugin install vagrant-smartos-zones
+```
+
+If you are using a development version of vagrant, or would like to use
+an unreleased version of this plugin, add the following to your Gemfile.
+
+```ruby
+group :plugins do
+  gem 'vagrant-smartos-zones', github: 'vagrant-smartos/vagrant-smartos-zones'
+end
+```
+
+In a local checkout of this repository, the following will work:
+
+```bash
+gem install bundler
+bundle
+bundle exec vagrant up
+bundle exec vagrant ssh
+```
+
+Please note that this will install vagrant into your local ruby
+environment, which may overwrite or conflict with the normal vagrant
+version installed in your system.
+
+
+## Usage
+
+```ruby
+Vagrant.configure('2') do |config|
+  config.vm.provider "virtualbox" do |v|
+    v.memory = 3072
+  end
+
+  # See https://vagrantcloud.com/livinginthepast for SmartOS boxes
+  config.vm.box = "livinginthepast/smartos"
+  config.vm.synced_folder ".", "/vagrant", disabled: true
+
+  # This is required for the commands that talk to the global zone
+  config.vm.communicator = 'smartos'
+
+  # livinginthepast boxes include a default platform_image. Set
+  # here to download/use a different image.
+  # config.global_zone.platform_image = 'latest'
+  # config.global_zone.platform_image = '20140312T071408Z'
+
+  config.zone.name = 'base64'
+  config.zone.brand = 'joyent'
+  config.zone.image = 'c353c568-69ad-11e3-a248-db288786ea63'
+  config.zone.memory = 2048
+  config.zone.disk_size = 5
+
+  config.zone.synced_folder ".", "/vagrant", type: 'rsync'
+end
+```
+
+Download or interact with SmartOS platform images:
+
+```bash
+vagrant smartos latest
+vagrant smartos list
+vagrant smartos install [platform_image]
+```
+
+Interact with zones running in a box:
+
+```bash
+vagrant zones list
+vagrant zones show [name]
+vagrant zones start [name]
+vagrant zones stop [name]
+```
+
+## Single zone usage
+
+When a single zone is configured (currently the only configuration
+possible), a `zonegate` service is enabled in the global zone. This
+makes it so that inbound packets in the global zone are forwarded to the
+zone.
+
+#### vagrant ssh
+
+When `zonegate` is disabled or when a zone is not running, then `vagrant
+ssh` will access the global zone. When a zone is running while
+`zonegate` is enabled, then `vagrant ssh` will access the zone.
+
+```bash
+vagrant ssh
+```
+
+#### vagrant global-zone ssh
+
+A secondary port forward is installed in VirtualBox, which allows us to
+access the global zone even when `zonegate` forwards normal ssh to the
+zone.
+
+```bash
+vagrant global-zone ssh
+```
+
+#### vagrant zlogin [name]
+
+This command accesses the zone, but through the global zone. It uses the
+global zone ssh port to connect to the global zone, then runs `zlogin`
+to access the zone.
+
+This can by handy when, for instance, SSH becomes broken in the zone.
+
+```bash
+vagrant zlogin [name]
+```
+
+## Platform images
+
+This plugin expects the Vagrant box to boot SmartOS from a mounted ISO
+file, known as a platform image. To facilitate updates to the platform
+image without having to continually create new boxes, the plugin
+downloads platform image into a user's `.vagrant.d` directory, and then
+swaps out the ISO mounted in the Vagrant box with the one configured in
+the Vagrantfile.
+
+To help with this, `vagrant-smartos-zones` provides the `vagrant
+smartos` subcommand.
+
+Show the name of the most up-to-date platform version hosted by Joyent:
+
+```bash
+vagrant smartos latest
+```
+
+List all locally-installed platform images:
+
+```bash
+vagrant smartos list
+```
+
+Download a new platform image:
+
+```bash
+vagrant smartos install [platform-image]
+```
+
+#### Using an arbitrary platform image url
+
+An arbitrary URL can be used to download SmartOS platform images.
+When doing so, no checksum validation is performed (so if the image
+is interrupted when downloading, you may end up with a corrupt ISO
+file).
+
+When using an arbitrary URL for the platform image, make sure you set
+both `platform_image` and `platform_image_url` and include the full
+URL to the ISO file. In this case, `platform_image` will be used to name
+(and find) the file in the local file system.
+
+```ruby
+config.global_zone.platform_image = 'omglol-2131234'
+config.global_zone.platform_image_url = 'http://example.com/path/to/smartos-2131234.iso'
+```
+
+## Synced Folders
+
+Vagrant allows synced folders into any SmartOS guest. When the guest is
+a global zone, be aware that the root partition is a RAM disk of a
+little more than 256M.
+
+#### VirtualBox guest additions
+
+Shared folders using VirtualBox guest additions currently do not work.
+
+#### Rsync
+
+In single-zone environments, synced folders of type `rsync` work as
+normal. `zonegate` forwards all packets into the zone, and the built-in
+synced folders code in Vagrant runs after the zone is configured.
+
+```ruby
+# Vagrantfile
+config.vm.synced_folder ".", "/vagrant", type: "rsync"
+```
+
+#### NFS
+
+Pending.
+
+## User management
+
+The vagrant box with the global zone requires a `vagrant` user and
+group with which to connect. This user should have `Primary
+Administrator` privileges. When creating a local zone, a `vagrant`
+user and group are also created in the zone.
+
+## References / Alternatives
+
+Any success of this project depends heavily on the work of others,
+which I've either learned from or pulled in directly.
+
+* https://github.com/joshado/vagrant-smartos - Vagrant plugin for
+  managing zones on a global zone running on an arbitary IP.
+* https://github.com/groundwater/vagrant-smartos - Scripts for 
+  creating stand-alone boxes where GZ networking is twerked to pretend
+  that the local zone is the only thing in the box.
+* http://dlc-int.openindiana.org/aszeszo/vagrant - aszeszo's work,
+  which led to the above repo.
+* http://cuddletech.com/blog/?p=821 - [@benr](https://github.com/benr)'s
+  writeup of the above work.
+* http://vagrantup.com - Thank you so much to Michell Hashimoto for
+  making Vagrant in the first place.
+
+Please forgive any lapses of acknowledgment. I've read so many blog
+posts and so much source code in the course of working on this, many
+references have fallen by the wayside.
+
+## Caveats
+
+* Only one local zone per box. Working on it.
+* Usage may change with each prerelease version until I get it
+  right. Until a non .pre version is released, check commit logs.
+
+## Contributing
+
+1. Fork it ( https://github.com/vagrant-smartos/vagrant-smartos-zones/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request
+
+When creating a new Pull Request, `/cc @sax` in the notes to make sure
+I get an email about it.

data/Rakefile

@@ -0,0 +1,6 @@
+require 'bundler/gem_tasks'
+require 'rubocop/rake_task'
+
+RuboCop::RakeTask.new
+
+task default: [:rubocop]

data/Vagrantfile

@@ -0,0 +1,29 @@
+# This Vagrantfile exists for the purposes of development on
+# this plugin.
+Vagrant.configure('2') do |config|
+  config.vm.provider 'virtualbox' do |v|
+    v.memory = 2048
+  end
+
+  config.ssh.insert_key = false
+
+  # See https://vagrantcloud.com/livinginthepast for SmartOS boxes
+  config.vm.box = 'livinginthepast/smartos-base64'
+  config.vm.communicator = 'smartos'
+
+  # livinginthepast boxes include a default platform_image. Set
+  # here to download/use a different image.
+  config.global_zone.platform_image = 'latest'
+
+  config.zone.name = 'base64'
+  config.zone.brand = 'joyent'
+  config.zone.image = 'd34c301e-10c3-11e4-9b79-5f67ca448df0'
+  config.zone.memory = 1536
+  config.zone.disk_size = 5
+
+  # config.zone.name = 'lx'
+  # config.zone.brand = 'lx'
+  # config.zone.image = 'b7493690-f019-4612-958b-bab5f844283e'
+  # config.zone.memory = 1536
+  # config.zone.disk_size = 5
+end

data/examples/Vagrantfile

@@ -0,0 +1,18 @@
+Vagrant.configure('2') do |config|
+  config.vm.provider 'virtualbox' do |v|
+    v.memory = 2048
+  end
+
+  # See https://vagrantcloud.com/livinginthepast for SmartOS boxes
+  config.vm.box = 'livinginthepast/smartos-base64'
+  config.vm.synced_folder '.', '/vagrant', disabled: true
+  config.vm.communicator = 'smartos'
+
+  config.global_zone.platform_image = 'latest'
+
+  config.zone.name = 'base64'
+  config.zone.brand = 'joyent'
+  config.zone.image = 'd34c301e-10c3-11e4-9b79-5f67ca448df0'
+  config.zone.memory = 1536
+  config.zone.disk_size = 5
+end

data/examples/Vagrantfile.chef_server

@@ -0,0 +1,33 @@
+#!/usr/bin/ruby
+#^ syntax highlighting
+
+Vagrant.configure('2') do |config|
+  config.vm.provider 'virtualbox' do |v|
+    v.memory = 2048
+  end
+
+  # See https://vagrantcloud.com/livinginthepast for SmartOS boxes
+  config.vm.box = 'livinginthepast/smartos-base64'
+  config.vm.synced_folder '.', '/vagrant', disabled: true
+  config.vm.communicator = 'smartos'
+
+  config.global_zone.platform_image = 'latest'
+
+  config.zone.name = 'base64'
+  config.zone.brand = 'joyent'
+  config.zone.image = 'd34c301e-10c3-11e4-9b79-5f67ca448df0'
+  config.zone.memory = 1536
+  config.zone.disk_size = 5
+
+  config.vm.provision "shell",
+    inline: "sudo pkgin -y install ruby212 build-essential && gem install chef --no-ri --no-rdoc"
+
+  config.vm.provision :chef_client do |chef|
+    chef.chef_server_url = "#{ENV['CHEF_SERVER_URL']}"
+    chef.validation_key_path = "#{ENV['HOME']}/.ssh/#{ENV['VALIDATION_CLIENT_NAME']}.pem"
+    chef.validation_client_name = "#{ENV['VALIDATION_CLIENT_NAME']}"
+    chef.node_name = "#{config.zone.name}-vagrant"
+    chef.provisioning_path = "/etc/chef"
+    chef.add_role("base")
+  end
+end

data/examples/Vagrantfile.lx

@@ -0,0 +1,22 @@
+#!/usr/bin/ruby
+#^ syntax highlighting
+
+Vagrant.configure('2') do |config|
+  config.vm.provider 'virtualbox' do |v|
+    v.memory = 2048
+  end
+
+  # See https://vagrantcloud.com/livinginthepast for SmartOS boxes
+  config.vm.box = 'livinginthepast/smartos-base64'
+  config.vm.synced_folder '.', '/vagrant', disabled: true
+  config.vm.communicator = 'smartos'
+
+  config.global_zone.platform_image = 'hourly-20141121'
+  config.global_zone.platform_image_url = 'https://us-east.manta.joyent.com/nahamu/public/smartos/platform-hourly.iso'
+
+  config.zone.name = 'lx'
+  config.zone.brand = 'lx'
+  config.zone.image = 'b7493690-f019-4612-958b-bab5f844283e'
+  config.zone.memory = 1536
+  config.zone.disk_size = 5
+end

data/examples/Vagrantfile.rsync

@@ -0,0 +1,23 @@
+#!/usr/bin/ruby
+#^ syntax highlighting
+
+Vagrant.configure('2') do |config|
+  config.vm.provider "virtualbox" do |v|
+    v.memory = 2048
+  end
+
+  # See https://vagrantcloud.com/livinginthepast for SmartOS boxes
+  config.vm.box = "livinginthepast/smartos-base64"
+  config.vm.synced_folder ".", "/vagrant", disabled: true
+  config.vm.communicator = 'smartos'
+
+  config.vm.synced_folder ".", "/vagrant", type: "rsync"
+
+  config.global_zone.platform_image = 'latest'
+
+  config.zone.name = 'base64'
+  config.zone.brand = 'joyent'
+  config.zone.image = 'd34c301e-10c3-11e4-9b79-5f67ca448df0'
+  config.zone.memory = 1536
+  config.zone.disk_size = 5
+end

data/files/gz_vnic/create_gz_vnic

@@ -0,0 +1,15 @@
+#!/usr/bin/bash
+
+dladm create-etherstub stub0
+dladm create-vnic -l stub0 vnic0
+ipadm create-if vnic0
+ipadm create-addr -T static -a 10.0.0.1/24 vnic0/static
+
+echo 'map e1000g0 10.0.0.0/24 -> 0.0.0.0/32' | ipnat -f -
+
+# When we SSH into port 2222, ensure that that goes to 22 in the GZ
+# and is never forwarded to the zone.
+echo 'rdr e1000g0 0.0.0.0/0 port 2222 -> 10.0.0.1 port 22' | ipnat -f -
+
+routeadm -u -e ipv4-forwarding
+routeadm -u -e ipv4-routing

data/files/smf/create-gz-vnic.xml

@@ -0,0 +1,31 @@
+<?xml version='1.0'?>
+<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
+<service_bundle type='manifest' name='export'>
+  <service name='vagrant/create-gz-vnic' type='service' version='0'>
+    <create_default_instance enabled='true'/>
+    <single_instance/>
+    <dependency name='fs-local' grouping='require_all' restart_on='error' type='service'>
+      <service_fmri value='svc:/system/filesystem/local'/>
+    </dependency>
+    <dependency name='fs-root' grouping='require_all' restart_on='error' type='service'>
+      <service_fmri value='svc:/system/filesystem/root'/>
+    </dependency>
+    <dependent name='zones' restart_on='none' grouping='optional_all'>
+      <service_fmri value='svc:/system/zones'/>
+    </dependent>
+    <method_context/>
+    <exec_method name='start' type='method' exec='/opt/custom/method/create_gz_vnic' timeout_seconds='60'/>
+    <exec_method name='stop' type='method' exec=':true' timeout_seconds='60'/>
+    <property_group name='startd' type='framework'>
+    <propval name='duration' type='astring' value='transient'/>
+    <propval name='ignore_error' type='astring' value='signal'/>
+    </property_group>
+    <property_group name='application' type='application'/>
+    <stability value='Evolving'/>
+    <template>
+      <common_name>
+      <loctext xml:lang='C'>Ensure </loctext>
+      </common_name>
+    </template>
+  </service>
+</service_bundle>

data/files/smf/zonegate.xml

@@ -0,0 +1,34 @@
+<?xml version='1.0'?>
+<!DOCTYPE service_bundle SYSTEM '/usr/share/lib/xml/dtd/service_bundle.dtd.1'>
+<service_bundle type='manifest' name='export'>
+  <service name='site/zonegate' type='service' version='0'>
+    <create_default_instance enabled='false'/>
+    <single_instance/>
+    <dependency name='fs-local' grouping='require_all' restart_on='error' type='service'>
+      <service_fmri value='svc:/system/filesystem/local'/>
+    </dependency>
+    <dependency name='fs-root' grouping='require_all' restart_on='error' type='service'>
+      <service_fmri value='svc:/system/filesystem/root'/>
+    </dependency>
+    <dependency name='ipfilter' grouping='require_all' restart_on='error' type='service'>
+      <service_fmri value='svc:/network/ipfilter'/>
+    </dependency>
+    <method_context>
+      <method_environment>
+        <envvar name="PATH" value="/opt/custom/method/zonegate:/usr/bin:/usr/sbin"/>
+      </method_environment>
+    </method_context>
+    <exec_method name='start' type='method' exec='/opt/custom/method/zonegate/zonegate start' timeout_seconds='60'/>
+    <exec_method name='stop' type='method' exec='/opt/custom/method/zonegate/zonegate stop' timeout_seconds='60'/>
+    <property_group name='startd' type='framework'>
+    <propval name='ignore_error' type='astring' value='signal'/>
+    </property_group>
+    <property_group name='application' type='application'/>
+    <stability value='Evolving'/>
+    <template>
+      <common_name>
+      <loctext xml:lang='C'>Ensure </loctext>
+      </common_name>
+    </template>
+  </service>
+</service_bundle>

data/files/zonegate/zonegate

@@ -0,0 +1,60 @@
+#!/usr/bin/bash
+
+. /lib/svc/share/smf_include.sh
+
+contract() {
+  echo $(svcprop -p restarter/contract $SMF_FMRI)
+}
+
+disable_nat_rules() {
+  IFS=$'\n\t'
+  # disable any running nat rules
+  for zone in $(/usr/sbin/zoneadm list -ip | grep running | tail -n +2 | awk -F":" '{ print $2 }');
+  do
+    zonenat "${zone}:down"
+  done
+}
+
+start_zonenat() {
+  # then we run a dtrace monitor and pipe the output as we receive it
+  zonemon |
+    while IFS= read -r line
+    do
+      zonenat "$line"
+    done
+}
+
+stop_zonenat() {
+  local contract_id=$(contract)
+  smf_kill_contract ${contract_id} TERM
+}
+
+nat_existing_zone() {
+  IFS=$'\n\t'
+  # first, we need to nat the zone if it's already running
+  for zone in $(/usr/sbin/zoneadm list -ip | grep running | tail -n +2 | awk -F":" '{ print $2 }');
+  do
+    zonenat "${zone}:up"
+  done
+}
+
+start() {
+  echo 'enabling zonegate'
+  nat_existing_zone
+  start_zonenat &
+}
+
+stop() {
+  echo 'disabling zonegate'
+  disable_nat_rules
+  stop_zonenat
+}
+
+case $SMF_METHOD in
+start)
+  start
+  ;;
+stop)
+  stop
+  ;;
+esac

data/files/zonegate/zonemon

@@ -0,0 +1,15 @@
+#!/usr/sbin/dtrace -qs
+
+/* up */
+zone_status_set:entry
+/ (args[0]->zone_id) != 0 && args[1] == 4 /
+{
+  printf("%s:up\n", stringof(args[0]->zone_name));
+}
+
+/* down */
+zone_status_set:entry
+/ (args[0]->zone_id) != 0 && args[1] == 7 /
+{
+  printf("%s:down\n", stringof(args[0]->zone_name));
+}