ShRx (Shell Receive)
Shell Receive (ShRx) is a set of scripts I wrote to provision new virtual machines for a reproducible build workflow. Its original use was to provision both hardware and virtual machines for an infrastructure-as-a-service company. It is designed to be called by a Makefile of another "payload" project to build boot media. These scripts allow physical hosting, virtual hosting, and development hosting to use the exact same boot disks.
ShRx is what I call a “first-stage image builder,” meaning that it provides scaffolding for payload projects to work from. It configures OSes in a one-time mode that, when first started, will mount a “payload drive” and execute the scripts contained therein to configure a server. It helps create a head-down reproducible build process, and does its job well.
Insecure containers like Docker are bad for development because they are complicated, often-changing, and opaque (who is going to read all that code?). Sofware like Ansible is usually no good either, because third party plugins make it hard to tell what your computers are actually doing, and worse, it leaves agents running on the finished box! In my view, "perfect" security would mean to keep the finished disk as-close-to-stock as possible.
Usage
It is easy to translate Dockerfiles into simple shell scripts appropriate for use with ShRx. This technique was successfully used at Stack41. The general process to create a disk image are as follows.
- ShRx is used to make a clean boot disk and config disk, e.g. a fresh install of Alpine Linux. A small hook is placed as a cron @reboot which self-destructs. This hook will later search a payload disk image for something to run.
- A payload project is used to make a payload FAT32 disk. It contains a script "main.sh" which will be executed as root to configure itself. This is the part which is like a Dockerfile, containing configuration instructions.
- The payload disk image is discarded.
- Optionally, an old config disk may be swapped with the new one to in-effect update the software.
Here is a sample makefile of a payload project (which happens to be configuring a CARP pair of routers) showing how ShRx can be used.
Download
Download the code here, released under the GPLv3. Development was started at Stack41 and copyright interest withdrawn, so consider the version on this page a fork.