diff --git a/dx/usr/bin/bluefin-incus b/dx/usr/bin/bluefin-incus new file mode 100755 index 00000000000..6eefd779ac2 --- /dev/null +++ b/dx/usr/bin/bluefin-incus @@ -0,0 +1,119 @@ +#!/usr/bin/env bash + +# All the pieces needed to enable incus on Bluefin-dx +# This script is meant to be run on a bluefin-dx host + +# if current user is root, warn and exit + +if [ "$EUID" -eq 0 ] +then + echo "This script should not be run as root" + exit +fi + +# add user to incus-admin group + +sudo usermod -aG incus-admin $USER + +# check for, then add necessary entries to /etc/subuid and /etc/subgid +echo "" +echo "Checking for necessary entries in /etc/subuid and /etc/subgid" +if grep -q "root:1000000:1000000000" /etc/subuid +then + echo "" + echo " * subuid root range" +else + echo "root:1000000:1000000000" | sudo tee -a /etc/subuid +fi + +if grep -q "root:1000000:1000000000" /etc/subgid +then + echo "" + echo " * subgid root range" +else + echo "root:1000000:1000000000" | sudo tee -a /etc/subgid +fi + +if grep -q "root:1000:1" /etc/subgid +then + echo "" + echo " * subgid root->user" +else + echo "root:1000:1" | sudo tee -a /etc/subgid +fi + +if grep -q "root:1000:1" /etc/subuid +then + echo "" + echo " * subuid root->user" +else + echo "root:1000:1" | sudo tee -a /etc/subuid +fi + +# check to see if SELinux is set to permissive or disabled + +echo "" +echo "Checking SELinux status" +SELINUX_STATUS=$(getenforce) + +if [ "$SELINUX_STATUS" = "Enforcing" ] +then + echo "" + echo "SELinux must be set to Permissive or Disabled to enable Incus" + echo "Choose your new SELinux state:" + OPTION=$(gum choose Permissive Disabled Cancel) + if [ "$OPTION" = "Cancel" ] + then + echo "You have chosen to cancel the Incus installation process" + exit + else + sudo setenforce $OPTION + echo "You must reboot before continuing. You can run this script again." + exit + fi +fi + +# create necessary directories for lxcfs and incus + +echo "" +echo "Creating necessary directories for lxcfs and incus" +sudo mkdir -p /var/lib/lxcfs +sudo mkdir -p /var/lib/incus +sudo mkdir -p /var/log/incus + +# enable incus services + +echo "" +echo "Enabling incus services" +sudo systemctl enable --now lxcfs +sudo systemctl enable --now incus + + +# run incus admin init +echo "" +echo "Initializing Incus" +echo "" +echo "Choose your Incus installation type:" +IOPTION=$(gum choose Minimal Custom Cancel) +if [ "$IOPTION" = "Cancel" ] +then + echo "You have chosen to cancel the Incus installation process" + exit +else + if [ "$IOPTION" = "Minimal" ] + then + sudo incus admin init --minimal + echo "" + echo "Adding the incus bridge to the trusted firewall zone" + sudo firewall-cmd --zone=trusted --change-interface=incusbr0 --permanent + sudo firewall-cmd --reload + else + sudo incus admin init + echo "" + echo "Add the incus bridge to the trusted firewall zone" + echo " sudo firewall-cmd --zone=trusted --change-interface=your-bridge --permanent" + echo " sudo firewall-cmd --reload" + fi +fi +echo "" +echo "Incus has been installed. You can now run 'incus' to manage your containers." \ No newline at end of file diff --git a/just/custom.just b/just/custom.just index 6686a80b498..2147d033c77 100644 --- a/just/custom.just +++ b/just/custom.just @@ -183,6 +183,21 @@ garden: echo "" fi +# Install and configure Incus +incus: + #!/usr/bin/env bash + CURRENT_IMAGE=$(rpm-ostree status -b --json | jq -r '.deployments[0]."container-image-reference"') + + if grep -q "bluefin-dx" <<< $CURRENT_IMAGE + then + echo 'Installing and configuring Incus.' + /usr/bin/bluefin-incus + else + echo "Developer mode is currently ${CURRENT_STATE}." + echo "Run `just devmode` to turn on Developer mode." + exit + fi + # Install nix and Devbox nix-devbox: echo 'Setting phasers to kill. Installing nix.'