Implement system and user provisioning scripts

Signed-off-by: Jan Dubois <[email protected]>

Author: jandubois

pkg/cidata/cidata.go

@@ -29,9 +29,10 @@ func GenerateISO9660(isoPath, name string, y *limayaml.LimaYAML) error {
 		return err
 	}
 	args := TemplateArgs{
-		Name: name,
-		User: u.Username,
-		UID:  uid,
+		Name:      name,
+		User:      u.Username,
+		UID:       uid,
+		Provision: y.Provision,
 	}
 	for _, f := range sshutil.DefaultPubKeys() {
 		args.SSHPubKeys = append(args.SSHPubKeys, f.Content)

pkg/cidata/template.go

@@ -4,6 +4,8 @@ import (
 	_ "embed"
 	"path/filepath"
 
+	"github.com/AkihiroSuda/lima/pkg/limayaml"
+
 	"github.com/AkihiroSuda/lima/pkg/templateutil"
 	"github.com/containerd/containerd/identifiers"
 	"github.com/pkg/errors"
@@ -22,6 +24,7 @@ type TemplateArgs struct {
 	UID        int
 	SSHPubKeys []string
 	Mounts     []string // abs path, accessible by the User
+	Provision  []limayaml.Provision
 }
 
 func ValidateTemplateArgs(args TemplateArgs) error {

pkg/cidata/user-data.TEMPLATE

@@ -13,9 +13,9 @@ users:
     sudo: ALL=(ALL) NOPASSWD:ALL
     lock_passwd: true
     ssh-authorized-keys:
-{{range $val := .SSHPubKeys}}
+    {{- range $val := .SSHPubKeys}}
       - {{$val}}
-{{end}}
+    {{- end}}
 
 write_files:
  - content: |
@@ -49,10 +49,10 @@ write_files:
       loginctl enable-linger "{{.User}}"
 
       # Create mount points
-      {{range $val := .Mounts}}
+      {{- range $val := .Mounts}}
       mkdir -p "{{$val}}"
       chown "{{$.User}}" "{{$val}}" || true
-      {{end}}
+      {{- end}}
 
       # Install or update the guestagent binary
       mkdir -p -m 600 /mnt/lima-cidata
@@ -110,3 +110,26 @@ write_files:
    owner: root:root
    path: /var/lib/cloud/scripts/per-boot/20-install-containerd.boot.sh
    permissions: '0755'
+{{- if .Provision}}
+ - content: |
+      #!/bin/bash
+      set -eu -o pipefail
+      {{- range $i, $val := .Provision}}
+      {{- $script := printf "/var/lib/lima-guestagent/provision-%02d-%s" $i $val.Mode}}
+      {{- if eq $val.Mode "system"}}
+      {{$script}}
+      {{- else}}
+      until [ -e "/run/user/{{.UID}}/systemd/private" ]; do sleep 3; done
+      sudo -iu "{{.User}}" "XDG_RUNTIME_DIR=/run/user/{{.UID}}" {{$script}}
+      {{- end}}
+      {{- end}}
+   owner: root:root
+   path: /var/lib/cloud/scripts/per-boot/30-execute-provision-scripts.boot.sh
+   permissions: '0755'
+{{- end}}
+{{- range $i, $val := .Provision}}
+ - content: {{printf "%q" $val.Script}}
+   owner: root:root
+   path: {{printf "/var/lib/lima-guestagent/provision-%02d-%s" $i $val.Mode}}
+   permissions: '0755'
+{{- end}}

pkg/limayaml/default.TEMPLATE.yaml

@@ -58,17 +58,19 @@ video:
   # Default: "none"
   display: "none"
 
-#UNIMPLEMENTED| provision:
-#UNIMPLEMENTED|   # `system` is executed with the root privilege
-#UNIMPLEMENTED|   system: |
-#UNIMPLEMENTED|     #!/bin/bash
-#UNIMPLEMENTED|     set -eux -o pipefail
-#UNIMPLEMENTED|     export DEBIAN_FRONTEND=noninteractive
-#UNIMPLEMENTED|     apt-get install -y vim
-#UNIMPLEMENTED|   # `user` is executed without the root privilege
-#UNIMPLEMENTED|   user: |
-#UNIMPLEMENTED|     #!/bin/bash
-#UNIMPLEMENTED|     set -eux -o pipefail
-#UNIMPLEMENTED|     cat <<EOF > ~/.vimrc
-#UNIMPLEMENTED|     set number
-#UNIMPLEMENTED|     EOF
+# provision:
+#   # `system` is executed with the root privilege
+#   - mode: system
+#     script: |
+#       #!/bin/bash
+#       set -eux -o pipefail
+#       export DEBIAN_FRONTEND=noninteractive
+#       apt-get install -y vim
+#   # `user` is executed without the root privilege
+#   - mode: user
+#     script: |
+#       #!/bin/bash
+#       set -eux -o pipefail
+#       cat <<EOF > ~/.vimrc
+#       set number
+#       EOF

pkg/limayaml/defaults.go

@@ -19,10 +19,15 @@ func FillDefault(y *LimaYAML) {
 	if y.Disk == "" {
 		y.Disk = "100GiB"
 	}
-
 	if y.Video.Display == "" {
 		y.Video.Display = "none"
 	}
+	for i := range y.Provision {
+		provision := &y.Provision[i]
+		if provision.Mode == "" {
+			provision.Mode = ProvisionModeSystem
+		}
+	}
 }
 
 func resolveArch(s string) Arch {

pkg/limayaml/limayaml.go

@@ -1,15 +1,16 @@
 package limayaml
 
 type LimaYAML struct {
-	Arch     Arch     `yaml:"arch,omitempty"`
-	Images   []Image  `yaml:"images"` // REQUIRED
-	CPUs     int      `yaml:"cpus,omitempty"`
-	Memory   string   `yaml:"memory,omitempty"` // go-units.RAMInBytes
-	Disk     string   `yaml:"disk,omitempty"`   // go-units.RAMInBytes
-	Mounts   []Mount  `yaml:"mounts,omitempty"`
-	SSH      SSH      `yaml:"ssh,omitempty"` // REQUIRED (FIXME)
-	Firmware Firmware `yaml:"firmware,omitempty"`
-	Video    Video    `yaml:"video,omitempty"`
+	Arch      Arch        `yaml:"arch,omitempty"`
+	Images    []Image     `yaml:"images"` // REQUIRED
+	CPUs      int         `yaml:"cpus,omitempty"`
+	Memory    string      `yaml:"memory,omitempty"` // go-units.RAMInBytes
+	Disk      string      `yaml:"disk,omitempty"`   // go-units.RAMInBytes
+	Mounts    []Mount     `yaml:"mounts,omitempty"`
+	SSH       SSH         `yaml:"ssh,omitempty"` // REQUIRED (FIXME)
+	Firmware  Firmware    `yaml:"firmware,omitempty"`
+	Video     Video       `yaml:"video,omitempty"`
+	Provision []Provision `yaml:"provision,omitempty"`
 }
 
 type Arch = string
@@ -43,3 +44,15 @@ type Video struct {
 	// Display is a QEMU display string
 	Display string `yaml:"display,omitempty"`
 }
+
+type ProvisionMode = string
+
+const (
+	ProvisionModeSystem ProvisionMode = "system"
+	ProvisionModeUser   ProvisionMode = "user"
+)
+
+type Provision struct {
+	Mode   ProvisionMode `yaml:"mode"` // default: "system"
+	Script string        `yaml:"script"`
+}