cidata: move provision scripts to ISO

Signed-off-by: Akihiro Suda <[email protected]>

Author: AkihiroSuda

docs/internal.md

@@ -17,7 +17,7 @@ Metadata:
 - `lima.yaml`: the YAML
 
 cloud-init:
-- `cidata.iso`: cloud-init ISO9660 image. (`user-data`, `meta-data`, `lima-guestagent.Linux-<ARCH>`)
+- `cidata.iso`: cloud-init ISO9660 image. See [`cidata.iso`](#cidata-iso).
 
 disk:
 - `basedisk`: the base image
@@ -58,3 +58,22 @@ The directory contains the following files:
 
 - `$LIMA_INSTANCE`: `lima ...` is expanded to `limactl shell ${LIMA_INSTANCE} ...`.
   - Default : `default`
+
+## `cidata.iso`
+`cidata.iso` contains the following files:
+
+- `user-data`: [Cloud-init user-data](https://cloudinit.readthedocs.io/en/latest/topics/format.html)
+- `meta-data`: [Cloud-init meta-data](https://cloudinit.readthedocs.io/en/latest/topics/instancedata.html)
+- `lima-guestagent`: Lima guest agent binary
+- `nerdctl-full.tgz`: [`nerdctl-full-<VERSION>-linux-<ARCH>.tar.gz`](https://github.com/containerd/nerdctl/releases)
+- `boot/*`: Boot scripts
+- `provision.system/*`: Custom provision scripts (system)
+- `provision.user/*`: Custom provision scripts (user)
+
+Max file name length = 30
+
+### Volume label
+The volume label is "cidata", as defined by [cloud-init NoCloud](https://cloudinit.readthedocs.io/en/latest/topics/datasources/nocloud.html).
+
+### Environment variables
+- `LIMA_CIDATA_MNT`: the mount point of the disk. `/mnt/lima-cidata`.

pkg/cidata/cidata.TEMPLATE.d/user-data

@@ -34,31 +34,26 @@ write_files:
           CODE=1
         fi
       done
+      if [ -d "${LIMA_CIDATA_MNT}"/provision.system ]; then
+        for f in "${LIMA_CIDATA_MNT}"/provision.system/*; do
+          echo "Executing $f"
+          if ! "$f"; then
+            echo "Failed to execute $f"
+            CODE=1
+          fi
+        done
+      fi
+      if [ -d "${LIMA_CIDATA_MNT}"/provision.user ]; then
+        until [ -e "/run/user/{{.UID}}/systemd/private" ]; do sleep 3; done
+        for f in "${LIMA_CIDATA_MNT}"/provision.user/*; do
+          echo "Executing $f (as user {{.User}})"
+          if ! sudo -iu "{{.User}}" "XDG_RUNTIME_DIR=/run/user/{{.UID}}" "$f"; then
+            echo "Failed to execute $f (as user {{.User}})"
+            CODE=1
+          fi
+        done
+      fi
       exit "$CODE"
    owner: root:root
    path: /var/lib/cloud/scripts/per-boot/00-lima.boot.sh
    permissions: '0755'
-{{- if .Provision}}
-# TODO: move Provision scripts to ISO
- - content: |
-      #!/bin/bash
-      set -eu -o pipefail
-      {{- range $i, $val := .Provision}}
-      {{- $script := printf "/var/lib/lima-guestagent/provision-%02d-%s" $i $val.Mode}}
-      {{- if eq $val.Mode "system"}}
-      {{$script}}
-      {{- else}}
-      until [ -e "/run/user/{{.UID}}/systemd/private" ]; do sleep 3; done
-      sudo -iu "{{.User}}" "XDG_RUNTIME_DIR=/run/user/{{.UID}}" {{$script}}
-      {{- end}}
-      {{- end}}
-   owner: root:root
-   path: /var/lib/cloud/scripts/per-boot/50-execute-provision-scripts.boot.sh
-   permissions: '0755'
-{{- end}}
-{{- range $i, $val := .Provision}}
- - content: {{printf "%q" $val.Script}}
-   owner: root:root
-   path: {{printf "/var/lib/lima-guestagent/provision-%02d-%s" $i $val.Mode}}
-   permissions: '0755'
-{{- end}}

pkg/cidata/cidata.go

@@ -9,6 +9,7 @@ import (
 	"os/user"
 	"path/filepath"
 	"strconv"
+	"strings"
 
 	"github.com/AkihiroSuda/lima/pkg/downloader"
 	"github.com/AkihiroSuda/lima/pkg/iso9660util"
@@ -37,7 +38,6 @@ func GenerateISO9660(isoPath, name string, y *limayaml.LimaYAML) error {
 		Name:       name,
 		User:       u.Username,
 		UID:        uid,
-		Provision:  y.Provision,
 		Containerd: Containerd{System: *y.Containerd.System, User: *y.Containerd.User},
 	}
 
@@ -66,6 +66,18 @@ func GenerateISO9660(isoPath, name string, y *limayaml.LimaYAML) error {
 		return err
 	}
 
+	for i, f := range y.Provision {
+		switch f.Mode {
+		case limayaml.ProvisionModeSystem, limayaml.ProvisionModeUser:
+			layout = append(layout, iso9660util.Entry{
+				Path:   fmt.Sprintf("provision.%s/%08d", f.Mode, i),
+				Reader: strings.NewReader(f.Script),
+			})
+		default:
+			return errors.Errorf("unknown provision mode %q", f.Mode)
+		}
+	}
+
 	if guestAgentBinary, err := GuestAgentBinary(y.Arch); err != nil {
 		return err
 	} else {

pkg/cidata/template.go

@@ -8,7 +8,6 @@ import (
 	"path/filepath"
 
 	"github.com/AkihiroSuda/lima/pkg/iso9660util"
-	"github.com/AkihiroSuda/lima/pkg/limayaml"
 
 	"github.com/AkihiroSuda/lima/pkg/templateutil"
 	"github.com/containerd/containerd/identifiers"
@@ -30,7 +29,6 @@ type TemplateArgs struct {
 	UID        int
 	SSHPubKeys []string
 	Mounts     []string // abs path, accessible by the User
-	Provision  []limayaml.Provision
 	Containerd Containerd
 }