Fix VM provisioning, update README

README.md

@@ -1,13 +1,15 @@
-This is the main repository containing all installation scripts, configuration and customization of operating system all application present in Spotter Cluster virtual machine.
+This is the main repository containing all build and installation scripts, configuration and customization of operating system and all applications present in SpotterVM virtual machine.
 
 ## Virtual machine specifications
 - **Memory:** 4 GB
 - **CPU:** 1 processor, 2 cores
-- **Hard Disk:** SCSI, 60 GB
+- **Hard Disk:** SCSI, 300 MB
+- **CD/DVD**: IDE
+- **Network Adapter**: Bridged
 
-In case you're setting up a VMWare virtual machine, select OS type *Other Linux 3.x kernel 64-bit* and after you create the VM, manually edit the `*.vmx` file using a text editor and set there `mem.hotadd = "FALSE"`. Failing to do so will result in system unable to boot. Other hypervizors don't need this adjustment.
+In case you're setting up a VMWare virtual machine, select OS type *Other Linux 3.x kernel 64-bit* and after the VM is created, manually edit the `*.vmx` file using a text editor and add `mem.hotadd = "FALSE"`. Failing to do so will result in system unable to boot. Other hypervisors don't need this adjustment.
 
-## Operating system installation
+## Virtual Machine creation
 
 Download **Alpine Virtual 3.8.0 x86_64** from <https://alpinelinux.org/downloads/> and boot from it. At the login prompt, use the root user without password to log in.
 
@@ -21,44 +23,56 @@ wget dl.dasm.cz/alpine.sh
 sh alpine.sh
 ```
 
-The script will perform the bare Alpine linux installation into VM using LUKS-on-LVM. The default disk encryption password is `password`. No root password is set.
+The script will perform installation and configuration of Alpine linux, LXC and the whole VMMgr platform. Virtual machine is protected by LUKS-on-LVM disk encryption. The encryption password, which is simultaneously also a password for VMMgr web administration interface, will be asked for at the beginning of the script execution. Root access is disabled.
 
-## Application installation
+After the script finishes and shuts down the virtual machine, remove CD/DVD drive from the virtual machine settings and extend the HDD to 80 GB. This is to minimize the overall size of the OVA (Open Virtual Appliance) file to which the VM will be exported.
+
+## Application Build environment creation
 
 ### First time setup
+
+Follow the VM creation steps as above, but comment the line disabling the root login in *alpine.sh* file before its execution. After the script finishes and HDD size is adjusted, add serial port in the virtual machine settings and set it to use Unix socket or named pipe (eg. `\\.\pipe\alpine`). Ten start the VM and connect to the serial port using *screen*, *PuTTY* or any other terminal client.
+
 ```
-# Install git
+# Install git and OpenSSH client
-apk --no-cache add git
+apk --no-cache add git openssh-client
+
+# Set SSH key
+mkdir ~/.ssh
+vi ~/.ssh/id_ecdsa
+vi ~/.ssh/id_ecdsa.pub
+chmod 600 ~/.ssh/id_ecdsa
 
 # Clone the repository
-git clone https://gitlab.dasm.cz/Spotter-Cluster/Spotter-Cluster.git
+git clone --recurse-submodules ssh://git@gitlab.dasm.cz:2222/Spotter-Cluster/Spotter-Cluster.git
 
-# Enter the repository directory
+# Install the build toolchain
-cd Spotter-Cluster
+Spotter-Cluster/zz-build/install-toolchain.sh
-
-# Optional: Edit the install sequence script
-vi 00-install.sh
-
-# Launch the script
-./00-install.sh
 ```
 
-### Resuming from a snapshot
+After the script finishes, it is possible to connect via SSH as the toolchain sets up also *openssh-server*.
-Assumes that the repository has already been cloned.
+
+### Building the packages
+There are 3 distinct packaging systems.
+
+1. Just a plain tar for basic OS setup used by *alpine.sh* installation script.
+2. Abuild for the native Alpine linux packages (APK) used for LXC, ACME client and VMMgr packaging.
+3. `lxc-build`/`lxc-pack` for LXC images building and packaging.
+
+Full build of all components is automated via *build-all.sh* script. Before the script can be run, signing keys need to be put in place
 ```
-# Enter the repository directory
+# Supply Abuild signing key
-cd Spotter-Cluster
+vi /srv/build/repokey.rsa
 
-# Update repository
+# Supply lxc-pack signing key
-git pull
+vi /srv/build/packages.key
 
-# Optional: Edit the install sequence script
+# Build all packages
-vi 00-install.sh
+Spotter-Cluster/zz-build/build-all.sh
-
-# Launch the script
-./00-install.sh
 ```
 
+The full build process takes considerable amount of time, so it is advised to have a persistent build VM.
+
 ## Host assignment
 
 | Application     |     Container     | UID/GID |   Internal Port  |   Host   |

alpine.sh

@@ -89,10 +89,10 @@ chroot /mnt apk --no-cache add ca-certificates curl bridge e2fsprogs-extra gette
 for SERVICE in cgroups consolefont crond iptables networking nginx ntpd postfix swap urandom vmmgr; do
     ln -s /etc/init.d/${SERVICE} /mnt/etc/runlevels/boot
 done
-ADMINPWD=$(htpasswd -bnBC 10 "" "${ENCPWD}" | tr -d ':\n' | sed 's/$2y/$2b/') envsubst </etc/vmmgr/config.default.json >/etc/vmmgr/config.json
+ADMINPWD=$(htpasswd -bnBC 10 "" "${ENCPWD}" | tr -d ':\n' | sed 's/$2y/$2b/') envsubst </mnt/etc/vmmgr/config.default.json >/mnt/etc/vmmgr/config.json
 
-# Change root password
+# Disable root login
-echo "root:$(head -c 18 /dev/urandom | base64)" | chroot /mnt chpasswd
+sed -i 's/root::/root:!:/' /mnt/etc/shadow
 
 # Cleanup
 rm -rf /mnt/root

app-vmmgr

@@ -1 +1 @@
-Subproject commit daea78244e8e41d94d3a8745c255007b988460d2
+Subproject commit bac3737069c10cc23dd9e73d56b121be8a5ae903