4 # lxc: linux Container library
7 # Daniel Lezcano <daniel.lezcano@free.fr>
9 # This library is free software; you can redistribute it and/or
10 # modify it under the terms of the GNU Lesser General Public
11 # License as published by the Free Software Foundation; either
12 # version 2.1 of the License, or (at your option) any later version.
14 # This library is distributed in the hope that it will be useful,
15 # but WITHOUT ANY WARRANTY; without even the implied warranty of
16 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 # Lesser General Public License for more details.
19 # You should have received a copy of the GNU Lesser General Public
20 # License along with this library; if not, write to the Free Software
21 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23 SUITE=${SUITE:-squeeze}
24 MIRROR=${MIRROR:-http://cdn.debian.net/debian}
31 # squeeze only has /dev/tty and /dev/tty0 by default,
32 # therefore creating missing device nodes for tty1-4.
33 for tty in $(seq 1 4); do
34 if [ ! -e $rootfs/dev/tty$tty ]; then
35 mknod $rootfs/dev/tty$tty c 4 $tty
39 # configure the inittab
40 cat <<EOF > $rootfs/etc/inittab
42 si::sysinit:/etc/init.d/rcS
43 l0:0:wait:/etc/init.d/rc 0
44 l1:1:wait:/etc/init.d/rc 1
45 l2:2:wait:/etc/init.d/rc 2
46 l3:3:wait:/etc/init.d/rc 3
47 l4:4:wait:/etc/init.d/rc 4
48 l5:5:wait:/etc/init.d/rc 5
49 l6:6:wait:/etc/init.d/rc 6
50 # Normally not reached, but fallthrough in case of emergency.
51 z6:6:respawn:/sbin/sulogin
52 1:2345:respawn:/sbin/getty 38400 console
53 c1:12345:respawn:/sbin/getty 38400 tty1 linux
54 c2:12345:respawn:/sbin/getty 38400 tty2 linux
55 c3:12345:respawn:/sbin/getty 38400 tty3 linux
56 c4:12345:respawn:/sbin/getty 38400 tty4 linux
59 # disable selinux in debian
60 mkdir -p $rootfs/selinux
61 echo 0 > $rootfs/selinux/enforce
63 # configure the network using the dhcp
64 cat <<EOF > $rootfs/etc/network/interfaces
66 iface lo inet loopback
73 cat <<EOF > $rootfs/etc/hostname
77 # reconfigure some services
78 LANG="${LANG:-en_US.UTF-8}"
80 locale="$LANG $(echo $LANG | cut -d. -f2)"
81 chroot $rootfs echo "locales locales/default_environment_locale select $LANG" | chroot $rootfs sh -c "LANG=C debconf-set-selections"
82 chroot $rootfs echo "locales locales/default_environment_locale seen true" | chroot $rootfs sh -c "LANG=C debconf-set-selections"
83 chroot $rootfs echo "locales locales/locales_to_be_generated seen true" | chroot $rootfs sh -c "LANG=C debconf-set-selections"
84 chroot $rootfs sed -i -e "0,/^[# ]*$locale *$/ s/^[# ]*$locale *$/$locale/" /etc/locale.gen
85 chroot $rootfs sh -c "LANG=C dpkg-reconfigure locales -f noninteractive"
87 # remove pointless services in a container
88 chroot $rootfs /usr/sbin/update-rc.d -f checkroot.sh remove # S
89 chroot $rootfs /usr/sbin/update-rc.d checkroot.sh stop 09 S .
91 chroot $rootfs /usr/sbin/update-rc.d -f umountfs remove # 0 6
92 chroot $rootfs /usr/sbin/update-rc.d umountfs start 09 0 6 .
94 chroot $rootfs /usr/sbin/update-rc.d -f umountroot remove # 0 6
95 chroot $rootfs /usr/sbin/update-rc.d umountroot start 10 0 6 .
97 # The following initscripts don't provide an empty start or stop block.
98 # To prevent them being enabled on upgrades, we leave a start link on
100 chroot $rootfs /usr/sbin/update-rc.d -f hwclock.sh remove # S 0 6
101 chroot $rootfs /usr/sbin/update-rc.d hwclock.sh start 10 3 .
103 chroot $rootfs /usr/sbin/update-rc.d -f hwclockfirst.sh remove # S
104 chroot $rootfs /usr/sbin/update-rc.d hwclockfirst start 08 3 .
106 chroot $rootfs /usr/sbin/update-rc.d -f module-init-tools remove # S
107 chroot $rootfs /usr/sbin/update-rc.d module-init-tools start 10 3 .
109 echo "root:root" | chroot $rootfs chpasswd
110 echo "Root password is 'root', please change !"
131 # check the mini debian was not already downloaded
132 mkdir -p "$cache/partial-$SUITE-$arch"
133 if [ $? -ne 0 ]; then
134 echo "Failed to create '$cache/partial-$SUITE-$arch' directory"
138 # download a mini debian into a cache
139 echo "Downloading debian minimal ..."
140 debootstrap --verbose --variant=minbase --arch=$arch \
141 --include=$packages \
142 "$SUITE" "$cache/partial-$SUITE-$arch" $MIRROR
143 if [ $? -ne 0 ]; then
144 echo "Failed to download the rootfs, aborting."
148 mv "$1/partial-$SUITE-$arch" "$1/rootfs-$SUITE-$arch"
149 echo "Download complete."
160 # make a local copy of the minidebian
161 echo -n "Copying rootfs to $rootfs..."
163 rsync -a "$cache/rootfs-$SUITE-$arch"/ $rootfs/ || return 1
169 cache="/var/cache/lxc/debian"
171 mkdir -p /var/lock/subsys/
174 if [ $? -ne 0 ]; then
175 echo "Cache repository is busy."
179 # Code taken from debootstrap
180 if [ -x /usr/bin/dpkg ] && /usr/bin/dpkg --print-architecture >/dev/null 2>&1; then
181 arch=`/usr/bin/dpkg --print-architecture`
182 elif type udpkg >/dev/null 2>&1 && udpkg --print-architecture >/dev/null 2>&1; then
183 arch=`/usr/bin/udpkg --print-architecture`
188 x86_64) arch="amd64";;
189 ppc) arch="powerpc";;
193 echo "Checking cache download in $cache/rootfs-$SUITE-$arch ... "
194 if [ ! -e "$cache/rootfs-$SUITE-$arch" ]; then
195 download_debian $cache $arch
196 if [ $? -ne 0 ]; then
197 echo "Failed to download 'debian base'"
202 copy_debian $cache $arch $rootfs
203 if [ $? -ne 0 ]; then
204 echo "Failed to copy rootfs"
210 ) 200>/var/lock/subsys/lxc
221 cat >> $path/config << EOF
229 #lxc.console = /var/log/lxc/$name.console
232 lxc.cap.drop = sys_admin
234 # uncomment the next line to run the container unconfined:
235 #lxc.aa_profile = unconfined
238 #lxc.cgroup.devices.allow = a
239 lxc.cgroup.devices.deny = a
241 lxc.cgroup.devices.allow = c 1:3 rwm
243 lxc.cgroup.devices.allow = c 1:5 rwm
244 # /dev/tty[1-4] consoles
245 lxc.cgroup.devices.allow = c 5:1 rwm
246 lxc.cgroup.devices.allow = c 5:0 rwm
247 lxc.cgroup.devices.allow = c 4:0 rwm
248 lxc.cgroup.devices.allow = c 4:1 rwm
250 lxc.cgroup.devices.allow = c 1:9 rwm
251 lxc.cgroup.devices.allow = c 1:8 rwm
252 lxc.cgroup.devices.allow = c 136:* rwm
253 lxc.cgroup.devices.allow = c 5:2 rwm
255 lxc.cgroup.devices.allow = c 254:0 rwm
258 #lxc.cgroup.cpu.shares = 1024
259 #lxc.cgroup.cpuset.cpus = 0
260 #lxc.cgroup.memory.limit_in_bytes = 256M
261 #lxc.cgroup.memory.memsw.limit_in_bytes = 1G
264 lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
265 lxc.mount.entry = sysfs sys sysfs defaults,ro 0 0
266 #lxc.mount.entry = /srv/$name srv/$name none defaults,bind 0 0
269 if [ $? -ne 0 ]; then
270 echo "Failed to add configuration"
279 cache="/var/cache/lxc/debian"
281 if [ ! -e $cache ]; then
285 # lock, so we won't purge while someone is creating a repository
289 echo "Cache repository is busy."
293 echo -n "Purging the download cache..."
294 rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1
297 ) 200>/var/lock/subsys/lxc
303 $1 -h|--help -p|--path=<path> --clean
308 options=$(getopt -o hp:n:c -l help,path:,name:,clean -- "$@")
309 if [ $? -ne 0 ]; then
313 eval set -- "$options"
318 -h|--help) usage $0 && exit 0;;
319 -p|--path) path=$2; shift 2;;
320 -n|--name) name=$2; shift 2;;
321 -c|--clean) clean=$2; shift 2;;
322 --) shift 1; break ;;
327 if [ ! -z "$clean" -a -z "$path" ]; then
333 if [ $? -ne 0 ]; then
334 echo "'debootstrap' command is missing"
338 if [ -z "$path" ]; then
339 echo "'path' parameter is required"
343 if [ "$(id -u)" != "0" ]; then
344 echo "This script should be run as 'root'"
350 install_debian $rootfs
351 if [ $? -ne 0 ]; then
352 echo "failed to install debian"
356 configure_debian $rootfs $name
357 if [ $? -ne 0 ]; then
358 echo "failed to configure debian for a container"
362 copy_configuration $path $rootfs
363 if [ $? -ne 0 ]; then
364 echo "failed write configuration file"
368 if [ ! -z $clean ]; then