fgrehm · fgrehm · Aug 1, 2013 · Jul 27, 2013 · Jul 27, 2013 · Jul 28, 2013
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,14 +1,27 @@
-## [0.4.1](https://github.com/fgrehm/vagrant-lxc/compare/v0.4.0...master) (unreleased)
+## [0.5.0](https://github.com/fgrehm/vagrant-lxc/compare/v0.4.0...v0.5.0) (Aug 1, 2013)
+
+BACKWARDS INCOMPATIBILITIES:
+
+  - To align with Vagrant's core behaviour, forwarded ports are no longer attached
+    to 127.0.0.1 and `redir`'s `--laddr` parameter is skipped in case the `:host_ip`
+    config is not provided, that means `redir` will listen on connections coming
+    from any of the host's IPs.
 
 FEATURES:
 
   - Add support for salt-minion and add latest dev release for ubuntu codenamed saucy [#116](https://github.com/fgrehm/vagrant-lxc/pull/116)
+  - Add support for using a sudo wrapper script [#90](https://github.com/fgrehm/vagrant-lxc/issues/90)
+  - `redir` will log to `/var/log/syslog` if `REDIR_LOG` env var is provided
 
 IMPROVEMENTS:
 
-  - Error out if `redir` is not installed but port forwarding was configured [#112](https://github.com/fgrehm/vagrant-lxc/issues/112)
+  - Error out if dependencies are not installed [#11](https://github.com/fgrehm/vagrant-lxc/issues/11) / [#112](https://github.com/fgrehm/vagrant-lxc/issues/112)
   - Support for specifying host interface/ip for binding `redir` [#76](https://github.com/fgrehm/vagrant-lxc/issues/76)
   - Add Vagrantfile VM name to the container name [#115](https://github.com/fgrehm/vagrant-lxc/issues/115)
+  - Properly handle forwarded port collisions [#5](https://github.com/fgrehm/vagrant-lxc/issues/5)
+  - Container's customizations are now written to the config file (usually
+    kept under `/var/lib/lxc/CONTAINER/config`) instead of passed in as a `-s`
+    parameter to `lxc-start`
 
 ## [0.4.0](https://github.com/fgrehm/vagrant-lxc/compare/v0.3.4...v0.4.0) (Jul 18, 2013)
 

diff --git a/Gemfile b/Gemfile
@@ -15,6 +15,8 @@ end
 
 group :development, :test do
   gem 'rake'
+  # Update https://github.com/fgrehm/vagrant-lxc/issues/111 once we are able to
+  # upgrade to a newer release
   gem 'rspec',       '~> 2.13.0'
   gem 'rspec-fire',  require: 'rspec/fire'
   gem 'rspec-spies', require: false

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,20 +1,20 @@
 GIT
   remote: git://github.com/fgrehm/vagrant-cachier.git
-  revision: ae6cb5bcfbdbb2157867d77ded8f2b6f430c0f6c
+  revision: f5d9ce507239535326a0a0395c890cc7a27d73f1
   specs:
-    vagrant-cachier (0.2.0)
+    vagrant-cachier (0.3.0.dev)
 
 GIT
   remote: git://github.com/fgrehm/vagrant-pristine.git
-  revision: 45a8d75f048bd611e337583496eb2b48b6998bbd
+  revision: 5c400d7850fc5f98d9601b59f4c3bd74818650de
   specs:
-    vagrant-pristine (0.1.0)
+    vagrant-pristine (0.2.0)
 
 GIT
   remote: git://github.com/mitchellh/vagrant.git
-  revision: 6d26c86c4c3f65e2e59f4dda6bca9cd9235de704
+  revision: 2282a88f3dfde65b881758b4643480cba4468c4a
   specs:
-    vagrant (1.2.4.dev)
+    vagrant (1.2.7.dev)
       childprocess (~> 0.3.7)
       erubis (~> 2.7.0)
       i18n (~> 0.6.0)
@@ -25,7 +25,7 @@ GIT
 PATH
   remote: .
   specs:
-    vagrant-lxc (0.4.1.dev)
+    vagrant-lxc (0.5.0)
 
 GEM
   remote: https://rubygems.org/
@@ -60,7 +60,7 @@ GEM
       rb-kqueue (>= 0.2)
     log4r (1.1.10)
     lumberjack (1.0.4)
-    method_source (0.8.1)
+    method_source (0.8.2)
     mime-types (1.23)
     multi_json (1.7.7)
     net-scp (1.1.2)
@@ -94,7 +94,7 @@ GEM
       multi_json (~> 1.0)
       simplecov-html (~> 0.7.1)
     simplecov-html (0.7.1)
-    slop (3.4.5)
+    slop (3.4.6)
     thor (0.18.1)
     vagrant-omnibus (1.1.0)
 

diff --git a/README.md b/README.md
@@ -5,18 +5,16 @@
 [LXC](http://lxc.sourceforge.net/) provider for [Vagrant](http://www.vagrantup.com/) 1.1+
 
 This is a Vagrant plugin that allows it to control and provision Linux Containers
-as an alternative to the built in Vagrant VirtualBox provider for Linux hosts.
+as an alternative to the built in VirtualBox provider for Linux hosts.
 
 Check out this [blog post](http://fabiorehm.com/blog/2013/04/28/lxc-provider-for-vagrant)
 to see the plugin in action and find out more about it.
 
-## Features
+## Features / Limitations
 
-* Vagrant's `up`, `halt`, `reload`, `destroy`, `ssh`, `provision` and `package`
-* Shared folders
-* Provisioning with any built-in Vagrant provisioner
-* Port forwarding
-* Setting container's host name
+* Provides the same workflow as the Vagrant VirtualBox provider
+* Port forwarding via [`redir`](http://linux.die.net/man/1/redir)
+* Does not support private networks
 
 *Please refer to the [closed issues](https://github.com/fgrehm/vagrant-lxc/issues?labels=&milestone=&page=1&state=closed)
 and the [changelog](CHANGELOG.md) for most up to date information.*
@@ -27,16 +25,16 @@ and the [changelog](CHANGELOG.md) for most up to date information.*
 * [Vagrant 1.1+](http://downloads.vagrantup.com/)
 * lxc 0.7.5+
 * redir (if you are planning to use port forwarding)
-* A [bug-free](#help-im-unable-to-restart-containers) kernel
+* A [bug-free](https://github.com/fgrehm/vagrant-lxc/wiki/Troubleshooting#im-unable-to-restart-containers) kernel
 
 The plugin is known to work better and pretty much out of the box on Ubuntu 12.04+
 hosts and installing the dependencies on it basically means a `apt-get install lxc redir`
 and a `apt-get update && apt-get dist-upgrade` to upgrade the kernel.
 
 Some manual steps are required to set up a Linode machine prior to using this
 plugin, please check https://github.com/fgrehm/vagrant-lxc/wiki/Usage-on-Linode
-for more information. The same applies to Debian hosts and documentation will be
-provided soon.
+for more information. Documentation on how to set things up for other distros
+[are welcome](https://github.com/fgrehm/vagrant-lxc/wiki) :)
 
 If you are on a Mac or Windows machine, you might want to have a look at this
 blog post for some ideas on how to set things up: http://the.taoofmac.com/space/HOWTO/Vagrant
@@ -89,12 +87,50 @@ Vagrant.configure("2") do |config|
 end
 ```
 
-This will make vagrant-lxc pass in `-s lxc.cgroup.memory.limit_in_bytes=1024M`
-to `lxc-start` when booting containers. This will override any previously value
-set from container's configuration file that is usually kept under
-`/var/lib/lxc/<container-name>/config`.
+vagrant-lxc will then write out `lxc.cgroup.memory.limit_in_bytes='1024M'` to the
+container config file (usually kept under `/var/lib/lxc/<container-name>/config`)
+prior to starting it.
 
-For other configuration options, please check [lxc.conf manpages](http://manpages.ubuntu.com/manpages/quantal/man5/lxc.conf.5.html).
+For other configuration options, please check the [lxc.conf manpages](http://manpages.ubuntu.com/manpages/quantal/man5/lxc.conf.5.html).
+
+
+### Avoiding `sudo` passwords
+
+This plugin requires **a lot** of `sudo`ing since [user namespaces](https://wiki.ubuntu.com/UserNamespace)
+are not supported on mainstream kernels. In order to work around that we can use
+a really dumb **AND INSECURE** Ruby wrapper script like the one below and add
+a `NOPASSWD` entry to our `/etc/sudoers` file:
+
+```ruby
+#!/usr/bin/env ruby
+exec ARGV.join(' ')
+```
+
+For example, you can save the code above under your `/usr/bin/lxc-vagrant-wrapper`,
+turn it into an executable script by running `chmod +x /usr/bin/lxc-vagrant-wrapper`
+and add the line below to your `/etc/sudoers` file:
+
+```
+USERNAME ALL=NOPASSWD:/usr/bin/lxc-vagrant-wrapper
+```
+
+*__WARNING__: the `/usr/bin/lxc-vagrant-wrapper` + `/etc/sudoers` combination
+above allows `USERNAME` to run any privileged command without a password. You
+might want to think twice before using that on a machine with sensitive data.*
+
+In order to tell vagrant-lxc to use that script when `sudo` is needed, you can
+pass in the path to the script as a configuration for the provider:
+
+```ruby
+Vagrant.configure("2") do |config|
+  config.vm.provider :lxc do |lxc|
+    lxc.sudo_wrapper = '/usr/bin/lxc-vagrant-wrapper'
+  end
+end
+```
+
+If you want to set the `sudo_wrapper` globally, just add the code above to your
+`~/.vagrant.d/Vagrantfile`.
 
 
 ### Base boxes
@@ -104,18 +140,6 @@ for a list of [pre built](https://github.com/fgrehm/vagrant-lxc/wiki/Base-boxes#
 base boxes and information on [how to build your own](https://github.com/fgrehm/vagrant-lxc/wiki/Base-boxes#building-your-own).
 
 
-## Current limitations
-
-* The plugin does not detect forwarded ports collision, right now you are
-  responsible for taking care of that.
-* There is a hell lot of `sudo`s involved and this will probably be around until
-  [user namespaces](https://wiki.ubuntu.com/LxcSecurity) are supported or I'm able to handle [#90](https://github.com/fgrehm/vagrant-lxc/issues/90)
-* [Does not tell you if dependencies are not met](https://github.com/fgrehm/vagrant-lxc/issues/11)
-  (will probably just throw up some random error)
-* + bunch of other [core features](https://github.com/fgrehm/vagrant-lxc/issues?labels=core&milestone=&page=1&state=open)
-  and some known [bugs](https://github.com/fgrehm/vagrant-lxc/issues?labels=bug&page=1&state=open)
-
-
 ## More information
 
 Please refer the [wiki](https://github.com/fgrehm/vagrant-lxc/wiki) for more

diff --git a/example/Vagrantfile b/example/Vagrantfile
@@ -10,7 +10,6 @@ Vagrant.configure("2") do |config|
 
   config.vm.provider :lxc do |lxc|
     lxc.customize 'cgroup.memory.limit_in_bytes', '400M'
-    lxc.customize 'cgroup.memory.memsw.limit_in_bytes', '500M'
   end
 
   config.vm.provision :shell, :inline => <<-SCRIPT

diff --git a/lib/vagrant-lxc/action.rb b/lib/vagrant-lxc/action.rb
@@ -8,6 +8,8 @@
 require 'vagrant-lxc/action/destroy_confirm'
 require 'vagrant-lxc/action/disconnect'
 require 'vagrant-lxc/action/compress_rootfs'
+require 'vagrant-lxc/action/fetch_ip_with_lxc_attach'
+require 'vagrant-lxc/action/fetch_ip_from_dnsmasq_leases'
 require 'vagrant-lxc/action/forced_halt'
 require 'vagrant-lxc/action/forward_ports'
 require 'vagrant-lxc/action/handle_box_metadata'
@@ -25,7 +27,6 @@ module Action
       # machine back up with the new configuration.
       def self.action_reload
         Vagrant::Action::Builder.new.tap do |b|
-          # b.use CheckDependencies
           b.use Vagrant::Action::Builtin::Call, Created do |env1, b2|
             if !env1[:result]
               b2.use Message, :not_created
@@ -44,10 +45,9 @@ def self.action_reload
       # a bootup (i.e. not saved).
       def self.action_boot
         Vagrant::Action::Builder.new.tap do |b|
-          # b.use ClearForwardedPorts
           b.use Vagrant::Action::Builtin::Provision
           b.use Vagrant::Action::Builtin::EnvSet, :port_collision_repair => true
-          # b.use PrepareForwardedPortCollisionParams
+          b.use Vagrant::Action::Builtin::HandleForwardedPortCollisions
           b.use ShareFolders
           b.use Vagrant::Action::Builtin::SetHostname
           b.use ForwardPorts
@@ -58,7 +58,6 @@ def self.action_boot
       # This action just runs the provisioners on the machine.
       def self.action_provision
         Vagrant::Action::Builder.new.tap do |b|
-          # b.use CheckDependencies
           b.use Vagrant::Action::Builtin::ConfigValidate
           b.use Vagrant::Action::Builtin::Call, Created do |env1, b2|
             if !env1[:result]
@@ -82,7 +81,6 @@ def self.action_provision
       # A precondition of this action is that the container exists.
       def self.action_start
         Vagrant::Action::Builder.new.tap do |b|
-          # b.use CheckDependencies
           b.use Vagrant::Action::Builtin::ConfigValidate
           b.use Vagrant::Action::Builtin::Call, IsRunning do |env, b2|
             # If the VM is running, then our work here is done, exit
@@ -97,7 +95,6 @@ def self.action_start
       # container, configuring metadata, and booting.
       def self.action_up
         Vagrant::Action::Builder.new.tap do |b|
-          # b.use CheckDependencies
           b.use Vagrant::Action::Builtin::ConfigValidate
           b.use Vagrant::Action::Builtin::Call, Created do |env, b2|
             # If the VM is NOT created yet, then do the setup steps
@@ -115,7 +112,6 @@ def self.action_up
       # the virtual machine, gracefully or by force.
       def self.action_halt
         Vagrant::Action::Builder.new.tap do |b|
-          # b.use CheckDependencies
           b.use Vagrant::Action::Builtin::Call, Created do |env, b2|
             if env[:result]
               # TODO: Remove this on / after 0.4
@@ -138,7 +134,6 @@ def self.action_halt
       # freeing the resources of the underlying virtual machine.
       def self.action_destroy
         Vagrant::Action::Builder.new.tap do |b|
-          # b.use CheckDependencies
           b.use Vagrant::Action::Builtin::Call, Created do |env1, b2|
             if !env1[:result]
               b2.use Message, :not_created
@@ -162,7 +157,6 @@ def self.action_destroy
       # This action packages the virtual machine into a single box file.
       def self.action_package
         Vagrant::Action::Builder.new.tap do |b|
-          # b.use CheckDependencies
           b.use Vagrant::Action::Builtin::Call, Created do |env1, b2|
             if !env1[:result]
               b2.use Message, :not_created
@@ -177,10 +171,19 @@ def self.action_package
         end
       end
 
+      # This action is called to read the IP of the container. The IP found
+      # is expected to be put into the `:machine_ip` key.
+      def self.action_fetch_ip
+        Vagrant::Action::Builder.new.tap do |b|
+          b.use Vagrant::Action::Builtin::ConfigValidate
+          b.use FetchIpWithLxcAttach
+          b.use FetchIpFromDnsmasqLeases
+        end
+      end
+
       # This is the action that will exec into an SSH shell.
       def self.action_ssh
         Vagrant::Action::Builder.new.tap do |b|
-          # b.use CheckDependencies
           b.use CheckCreated
           b.use CheckRunning
           b.use Vagrant::Action::Builtin::SSHExec
@@ -190,7 +193,6 @@ def self.action_ssh
       # This is the action that will run a single SSH command.
       def self.action_ssh_run
         Vagrant::Action::Builder.new.tap do |b|
-          # b.use CheckDependencies
           b.use CheckCreated
           b.use CheckRunning
           b.use Vagrant::Action::Builtin::SSHRun

diff --git a/lib/vagrant-lxc/action/clear_forwarded_ports.rb b/lib/vagrant-lxc/action/clear_forwarded_ports.rb
@@ -15,7 +15,7 @@ def call(env)
             redir_pids.each do |pid|
               next unless is_redir_pid?(pid)
               @logger.debug "Killing pid #{pid}"
-              system "sudo pkill -TERM -P #{pid}"
+              system "pkill -TERM -P #{pid}"
             end
 
             remove_redir_pids

diff --git a/lib/vagrant-lxc/action/fetch_ip_from_dnsmasq_leases.rb b/lib/vagrant-lxc/action/fetch_ip_from_dnsmasq_leases.rb
@@ -0,0 +1,48 @@
+module Vagrant
+  module LXC
+    module Action
+      class FetchIpFromDnsmasqLeases
+        def initialize(app, env)
+          @app    = app
+          @logger = Log4r::Logger.new("vagrant::lxc::action::fetch_ip_from_dnsmasq_leases")
+        end
+
+        def call(env)
+          env[:machine_ip] ||= assigned_ip(env)
+          @app.call(env)
+        end
+
+        def assigned_ip(env)
+          mac_address = env[:machine].provider.driver.mac_address
+          ip = nil
+          10.times do
+            dnsmasq_leases = read_dnsmasq_leases
+            @logger.debug 'Attempting to load ip from dnsmasq leases'
+            @logger.debug dnsmasq_leases
+            if dnsmasq_leases =~ /#{Regexp.escape mac_address}\s+([0-9.]+)\s+/
+              ip = $1.to_s
+              break
+            else
+              @logger.debug 'Ip could not be parsed from dnsmasq leases file'
+              sleep 2
+            end
+          end
+          ip
+        end
+
+        LEASES_PATHS = %w(
+          /var/lib/misc/dnsmasq.*.leases
+          /var/lib/misc/dnsmasq.leases
+          /var/lib/dnsmasq/dnsmasq.leases
+          /var/db/dnsmasq.leases
+        )
+
+        def read_dnsmasq_leases
+          Dir["{#{LEASES_PATHS.join(',')}}"].map do |file|
+            File.read(file)
+          end.join("\n")
+        end
+      end
+    end
+  end
+end