commit d669c3a0b5c38ed0c413ed33dc8adcd6dafe85c7
parent 37a00b51b8b306f1f6d43854b53ca1edf86e1162
Author: Andreas Gruhler <agruhl@gmx.ch>
Date: Sun, 14 Sep 2025 14:10:12 +0200
Revert "feat(lxc): add pkgs for lxc unprivileged containers"
This reverts commit 37a00b51b8b306f1f6d43854b53ca1edf86e1162.
Diffstat:
2 files changed, 2 insertions(+), 19 deletions(-)
diff --git a/bootstrap.sh b/bootstrap.sh
@@ -25,12 +25,10 @@ wget -O- https://apt.releases.hashicorp.com/gpg \
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" \
| tee /etc/apt/sources.list.d/hashicorp.list
-# Install packages for podman and lxc unprivileged containers
-# https://wiki.debian.org/LXC
+# Install packages
apt-get update
DEBIAN_FRONTEND=noninteractive apt-get install -y jq podman cloud-init curl \
- "nomad=${NOMAD_VERSION}-1" \
- lxc libvirt0 bridge-utils uidmap
+ "nomad=${NOMAD_VERSION}-1"
curl -L -o openbao.deb "https://github.com/openbao/openbao/releases/download/v${BAO_VERSION}/bao_${BAO_VERSION}_linux_${ARCHITECTURE}.deb"
apt install ./openbao.deb
diff --git a/nomad.sh b/nomad.sh
@@ -219,21 +219,6 @@ systemctl --user -M jenkins@ enable podman.socket
# create the mountpoint for the workspaces, podman does not create it for us
sudo -u jenkins mkdir /home/jenkins/workspace
-# Prepare LXC network:
-# * https://linuxcontainers.org/lxc/getting-started/#create-unprivileged-containers-as-a-user
-# This means that "jenkins" is allowed to create up to 10 veth devices
-# connected to the lxcbr0 bridge.
-echo jenkins veth lxcbr0 10 >> /etc/lxc/lxc-usernet
-
-# Prepare LXC uid mapping
-# https://wiki.debian.org/LXC
-mkdir -p /home/jenkins/.config/lxc
-cat << EOF > /home/jenkins/.config/lxc/default.conf
-lxc.include = /etc/lxc/default.conf
-lxc.idmap = u 0 165536 65536
-lxc.idmap = g 0 165536 65536
-EOF
-
# move Nomad server truststore
sudo mv $TLS_DIR/nomad-agent-ca.p12 /home/jenkins/
sudo chown jenkins: /home/jenkins/nomad-agent-ca.p12
