odyssey4me/lxc-cache-create.sh

## lxc-cache-create.sh
# build locally (includes a fair amount of stuff and takes a bit of time)
#lxc-create --name=template3 --template=ubuntu -- --release trusty --arch amd64 --packages openssh-server,python2.7,apt-transport-https,python-lxml
#chroot /var/lib/lxc/template3/rootfs apt-get clean

# use a downloaded image (much faster)
lxc-create --name=template2 --template=download -- --dist ubuntu --release trusty --arch amd64
chroot /var/lib/lxc/template2/rootfs apt-get install -y \
	openssh-server \
	python2.7 \
	apt-transport-https \
	python-lxml \
	bridge-utils \
	bsdmainutils \
	build-essential \
	cgmanager \
	cgmanager-utils \
	cgroup-lite \
	comerr-dev \
	curl \
	debconf-utils \
	debhelper \
	dh-apparmor \
	gettext \
	gir1.2-glib-2.0 \
	git \
	git-core \
	groff-base \
	intltool-debian \
	iptables \
	iso-codes \
	krb5-multidev \
	libcgmanager-dev \
	libdbus-1-dev \
	libdbus-glib-1-2 \
	libdevmapper-event1.02.1 \
	libexpat1-dev \
	libffi-dev \
	libpq-dev \
	libpq5 \
	libpython-dev \
	libxml2-dev \
	libxslt1-dev \
	libxslt1.1 \
	lvm2 \
	python-apt \
	python-apt-common \
	python-dev \
	python-pycurl \
	python-software-properties \
	python3-apt \
	python3-dbus \
	python3-gi \
	python3-minimal \
	python3-pycurl \
	python3-software-properties \
	software-properties-common \
	sqlite3 \
	ssh \
	sshpass \
	time


chroot /var/lib/lxc/template2/rootfs apt-get purge -y \
	fakeroot \
	libalgorithm-diff-perl \
	libalgorithm-diff-xs-perl \
	libalgorithm-merge-perl \
	libasprintf-dev \
	libfakeroot \
	libfile-fcntllock-perl \
	libgettextpo-dev \
	libgettextpo0 \
	libglib2.0-data \
	libmail-sendmail-perl \
	libpam-systemd \
	libsys-hostname-long-perl \
	libsystemd-daemon0 \
	systemd-services \
	systemd-shim \
	libssl-doc \
	libx11-6 \
	libx11-data \
	libxau6 \
	libxcb1 \
	libxdmcp6 \
	libxext6 \
	libxmuu1 \
	manpages \
	manpages-dev \
	ncurses-term \
	nih-dbus-tool \
	python-chardet \
	python-requests \
	python-six \
	python-urllib3 \
	sgml-base \
	shared-mime-info \
	xml-core


chroot /var/lib/lxc/template2/rootfs apt-get clean
cat >> /var/lib/lxc/template2/rootfs/etc/ssh/sshd_config <<EOF
# Port/Protocol
Port 22
Protocol 2

# HostKeys
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 1024

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM yes
UseDNS no


X11Forwarding no
X11DisplayOffset 10

PrintMotd no
PrintLastLog yes

TCPKeepAlive yes

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server
EOF

## notes.txt
Replace https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/lxc_container_create/tasks/container_create.yml#L109-L147 with a template to put into the cache. Annotate the template nicely. :)

Replace https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/lxc_container_create/tasks/container_create.yml#L277-L307 with a templated addition to the cache too.

Replace https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/lxc_container_create/tasks/container_create.yml#L309-L330 with the apt-get installs directly into the cache as per the script above.

Switch as many of the things done in https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/lxc_container_create/tasks/container_create.yml as possible to part of the cache creation.

## references.txt
### References ###
https://help.ubuntu.com/lts/serverguide/lxc.html
http://manpages.ubuntu.com/manpages/trusty/en/man1/lxc-create.1.html

https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/
https://github.com/lxc/lxc-ci/blob/master/bin/build-image

http://mmoya.org/blog/2013/03/06/managing-prebuilt-os-images-with-ansible/
https://github.com/mmoya/ansible-playbooks

https://github.com/docker/docker/blob/master/contrib/mkimage.sh
https://github.com/docker/docker/blob/master/contrib/mkimage/debootstrap
https://openvz.org/Ubuntu_Trusty_template_creation

https://github.com/h2oai/h2o-2/wiki/LXC-Linux-Containers.-Lightweight-isolation.-Create-more-hadoop-clusters-on-a-set-of-machines

publishing images in openstack-infra:
https://github.com/stackforge/akanda-appliance/blob/master/tox.ini
https://github.com/stackforge/akanda-appliance/blob/master/scripts/create-akanda-raw-image.sh
https://github.com/openstack-infra/project-config/blob/master/jenkins/jobs/akanda.yaml#L82-L104
	# build locally (includes a fair amount of stuff and takes a bit of time)
	#lxc-create --name=template3 --template=ubuntu -- --release trusty --arch amd64 --packages openssh-server,python2.7,apt-transport-https,python-lxml
	#chroot /var/lib/lxc/template3/rootfs apt-get clean

	# use a downloaded image (much faster)
	lxc-create --name=template2 --template=download -- --dist ubuntu --release trusty --arch amd64
	chroot /var/lib/lxc/template2/rootfs apt-get install -y \
	openssh-server \
	python2.7 \
	apt-transport-https \
	python-lxml \
	bridge-utils \
	bsdmainutils \
	build-essential \
	cgmanager \
	cgmanager-utils \
	cgroup-lite \
	comerr-dev \
	curl \
	debconf-utils \
	debhelper \
	dh-apparmor \
	gettext \
	gir1.2-glib-2.0 \
	git \
	git-core \
	groff-base \
	intltool-debian \
	iptables \
	iso-codes \
	krb5-multidev \
	libcgmanager-dev \
	libdbus-1-dev \
	libdbus-glib-1-2 \
	libdevmapper-event1.02.1 \
	libexpat1-dev \
	libffi-dev \
	libpq-dev \
	libpq5 \
	libpython-dev \
	libxml2-dev \
	libxslt1-dev \
	libxslt1.1 \
	lvm2 \
	python-apt \
	python-apt-common \
	python-dev \
	python-pycurl \
	python-software-properties \
	python3-apt \
	python3-dbus \
	python3-gi \
	python3-minimal \
	python3-pycurl \
	python3-software-properties \
	software-properties-common \
	sqlite3 \
	ssh \
	sshpass \
	time


	chroot /var/lib/lxc/template2/rootfs apt-get purge -y \
	fakeroot \
	libalgorithm-diff-perl \
	libalgorithm-diff-xs-perl \
	libalgorithm-merge-perl \
	libasprintf-dev \
	libfakeroot \
	libfile-fcntllock-perl \
	libgettextpo-dev \
	libgettextpo0 \
	libglib2.0-data \
	libmail-sendmail-perl \
	libpam-systemd \
	libsys-hostname-long-perl \
	libsystemd-daemon0 \
	systemd-services \
	systemd-shim \
	libssl-doc \
	libx11-6 \
	libx11-data \
	libxau6 \
	libxcb1 \
	libxdmcp6 \
	libxext6 \
	libxmuu1 \
	manpages \
	manpages-dev \
	ncurses-term \
	nih-dbus-tool \
	python-chardet \
	python-requests \
	python-six \
	python-urllib3 \
	sgml-base \
	shared-mime-info \
	xml-core


	chroot /var/lib/lxc/template2/rootfs apt-get clean
	cat >> /var/lib/lxc/template2/rootfs/etc/ssh/sshd_config <<EOF
	# Port/Protocol
	Port 22
	Protocol 2

	# HostKeys
	HostKey /etc/ssh/ssh_host_rsa_key
	HostKey /etc/ssh/ssh_host_dsa_key
	HostKey /etc/ssh/ssh_host_ecdsa_key
	HostKey /etc/ssh/ssh_host_ed25519_key

	#Privilege Separation is turned on for security
	UsePrivilegeSeparation yes

	# Lifetime and size of ephemeral version 1 server key
	KeyRegenerationInterval 3600
	ServerKeyBits 1024

	# Logging
	SyslogFacility AUTH
	LogLevel INFO

	# Authentication
	LoginGraceTime 120
	PermitRootLogin yes
	StrictModes yes
	RSAAuthentication yes
	PubkeyAuthentication yes
	IgnoreRhosts yes
	RhostsRSAAuthentication no
	HostbasedAuthentication no
	PermitEmptyPasswords no
	ChallengeResponseAuthentication no
	PasswordAuthentication no
	UsePAM yes
	UseDNS no


	X11Forwarding no
	X11DisplayOffset 10

	PrintMotd no
	PrintLastLog yes

	TCPKeepAlive yes

	# Allow client to pass locale environment variables
	AcceptEnv LANG LC_*

	Subsystem sftp /usr/lib/openssh/sftp-server
	EOF
	Replace https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/lxc_container_create/tasks/container_create.yml#L109-L147 with a template to put into the cache. Annotate the template nicely. :)

	Replace https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/lxc_container_create/tasks/container_create.yml#L277-L307 with a templated addition to the cache too.

	Replace https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/lxc_container_create/tasks/container_create.yml#L309-L330 with the apt-get installs directly into the cache as per the script above.

	Switch as many of the things done in https://github.com/openstack/openstack-ansible/blob/master/playbooks/roles/lxc_container_create/tasks/container_create.yml as possible to part of the cache creation.
	### References ###
	https://help.ubuntu.com/lts/serverguide/lxc.html
	http://manpages.ubuntu.com/manpages/trusty/en/man1/lxc-create.1.html

	https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/
	https://github.com/lxc/lxc-ci/blob/master/bin/build-image

	http://mmoya.org/blog/2013/03/06/managing-prebuilt-os-images-with-ansible/
	https://github.com/mmoya/ansible-playbooks

	https://github.com/docker/docker/blob/master/contrib/mkimage.sh
	https://github.com/docker/docker/blob/master/contrib/mkimage/debootstrap
	https://openvz.org/Ubuntu_Trusty_template_creation

	https://github.com/h2oai/h2o-2/wiki/LXC-Linux-Containers.-Lightweight-isolation.-Create-more-hadoop-clusters-on-a-set-of-machines

	publishing images in openstack-infra:
	https://github.com/stackforge/akanda-appliance/blob/master/tox.ini
	https://github.com/stackforge/akanda-appliance/blob/master/scripts/create-akanda-raw-image.sh
	https://github.com/openstack-infra/project-config/blob/master/jenkins/jobs/akanda.yaml#L82-L104