diff --git a/setup-guacamole-lxc.sh b/setup-guacamole-lxc.sh index 69e8d7c..047867a 100644 --- a/setup-guacamole-lxc.sh +++ b/setup-guacamole-lxc.sh @@ -42,14 +42,14 @@ echo "============================================" # --- Check if template exists --- if ! pveam list local | grep -q "debian-12-standard"; then - echo "[1/8] Downloading Debian 12 template..." + echo "[1/9] Downloading Debian 12 template..." pveam download local debian-12-standard_12.12-1_amd64.tar.zst else - echo "[1/8] Debian 12 template already available" + echo "[1/9] Debian 12 template already available" fi -# --- Create the container --- -echo "[2/8] Creating LXC container ${CT_ID}..." +# --- Create the container (don't start yet - need AppArmor fix first) --- +echo "[2/9] Creating LXC container ${CT_ID}..." pct create "${CT_ID}" "${CT_TEMPLATE}" \ --hostname "${CT_NAME}" \ --memory "${CT_MEMORY}" \ @@ -59,16 +59,23 @@ pct create "${CT_ID}" "${CT_TEMPLATE}" \ --net0 "name=eth0,bridge=${BRIDGE},ip=${CT_IP},gw=${CT_GW},firewall=0" \ --nameserver "10.0.0.224" \ --onboot 1 \ - --start 1 \ --unprivileged 1 \ --features "nesting=1,keyctl=1" \ --startup "order=3,up=15" -echo "[3/8] Waiting for container to start..." +# --- Apply AppArmor fix for Docker-in-LXC --- +echo "[3/9] Applying AppArmor fix for Docker compatibility..." +CT_CONF="/etc/pve/lxc/${CT_ID}.conf" +if ! grep -q "lxc.apparmor.profile" "${CT_CONF}" 2>/dev/null; then + echo "lxc.apparmor.profile: unconfined" >> "${CT_CONF}" +fi +pct start "${CT_ID}" + +echo "[4/9] Waiting for container to start..." sleep 5 # --- Install Docker inside the container --- -echo "[4/8] Installing Docker..." +echo "[5/9] Installing Docker..." pct exec "${CT_ID}" -- bash -c ' apt-get update -qq apt-get install -y -qq ca-certificates curl gnupg @@ -83,7 +90,7 @@ pct exec "${CT_ID}" -- bash -c ' ' # --- Create Docker Compose config --- -echo "[5/8] Creating Guacamole Docker Compose configuration..." +echo "[6/9] Creating Guacamole Docker Compose configuration..." pct exec "${CT_ID}" -- bash -c " mkdir -p /opt/guacamole cat > /opt/guacamole/docker-compose.yml << DCEOF @@ -137,26 +144,35 @@ DCEOF " # --- Generate the database init script --- -echo "[6/8] Generating database initialisation schema..." +echo "[7/9] Generating database initialisation schema..." pct exec "${CT_ID}" -- bash -c ' mkdir -p /opt/guacamole/initdb docker pull guacamole/guacamole:latest -q - docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --postgresql > /opt/guacamole/initdb/001-init.sql - echo "Database schema extracted successfully" + docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --postgresql \ + > /opt/guacamole/initdb/001-init.sql 2>/dev/null + + # Validate the schema was generated properly + SCHEMA_SIZE=$(wc -c < /opt/guacamole/initdb/001-init.sql) + if [ "${SCHEMA_SIZE}" -lt 1000 ]; then + echo "ERROR: Schema generation failed (${SCHEMA_SIZE} bytes)" + echo "Check that AppArmor fix was applied correctly" + exit 1 + fi + echo "Schema generated successfully (${SCHEMA_SIZE} bytes)" ' # --- Start the stack --- -echo "[7/8] Starting Guacamole stack..." +echo "[8/9] Starting Guacamole stack..." pct exec "${CT_ID}" -- bash -c ' cd /opt/guacamole docker compose up -d echo "Waiting for services to initialise..." - sleep 15 + sleep 20 docker compose ps ' # --- Create systemd service for auto-start --- -echo "[8/8] Creating systemd service for auto-start..." +echo "[9/9] Creating systemd service for auto-start..." pct exec "${CT_ID}" -- bash -c ' cat > /etc/systemd/system/guacamole.service << "SVCEOF" [Unit]