4 # template script for generating suse container for LXC
8 # lxc: linux Container library
11 # Daniel Lezcano <daniel.lezcano@free.fr>
12 # Frederic Crozat <fcrozat@suse.com>
14 # This library is free software; you can redistribute it and/or
15 # modify it under the terms of the GNU Lesser General Public
16 # License as published by the Free Software Foundation; either
17 # version 2.1 of the License, or (at your option) any later version.
19 # This library is distributed in the hope that it will be useful,
20 # but WITHOUT ANY WARRANTY; without even the implied warranty of
21 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22 # Lesser General Public License for more details.
24 # You should have received a copy of the GNU Lesser General Public
25 # License along with this library; if not, write to the Free Software
26 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
35 # set network as static, but everything is done by LXC outside the container
36 cat <<EOF > $rootfs/etc/sysconfig/network/ifcfg-eth0
42 IP=$(/sbin/ip route | awk '/default/ { print $3 }')
43 echo "default $IP - -" > $rootfs/etc/sysconfig/network/routes
46 touch $rootfs/etc/fstab
49 mknod -m 666 $rootfs/dev/random c 1 8
50 mknod -m 666 $rootfs/dev/urandom c 1 9
51 mkdir -m 755 $rootfs/dev/pts
52 mkdir -m 1777 $rootfs/dev/shm
53 mknod -m 666 $rootfs/dev/tty c 5 0
54 mknod -m 600 $rootfs/dev/console c 5 1
55 mknod -m 666 $rootfs/dev/tty0 c 4 0
56 mknod -m 666 $rootfs/dev/tty1 c 4 1
57 mknod -m 666 $rootfs/dev/tty2 c 4 2
58 mknod -m 666 $rootfs/dev/tty3 c 4 3
59 mknod -m 666 $rootfs/dev/tty4 c 4 4
60 ln -s null $rootfs/dev/tty10
61 mknod -m 666 $rootfs/dev/full c 1 7
62 mknod -m 666 $rootfs/dev/ptmx c 5 2
63 ln -s /proc/self/fd $rootfs/dev/fd
64 ln -s /proc/kcore $rootfs/dev/core
65 mkdir -m 755 $rootfs/dev/mapper
66 mknod -m 600 $rootfs/dev/mapper/control c 10 60
67 mkdir -m 755 $rootfs/dev/net
68 mknod -m 666 $rootfs/dev/net/tun c 10 200
71 cat <<EOF > $rootfs/etc/HOSTNAME
75 # do not use hostname from HOSTNAME variable
76 cat <<EOF >> $rootfs/etc/sysconfig/cron
81 cat <<EOF > $rootfs/etc/hosts
82 127.0.0.1 localhost $hostname
85 # disable various services
86 # disable yast->bootloader in container
87 cat <<EOF > $rootfs/etc/sysconfig/bootloader
93 cat <<EOF > $rootfs/etc/inittab
95 si::bootwait:/etc/init.d/boot
96 l0:0:wait:/etc/init.d/rc 0
97 l1:1:wait:/etc/init.d/rc 1
98 l2:2:wait:/etc/init.d/rc 2
99 l3:3:wait:/etc/init.d/rc 3
100 l6:6:wait:/etc/init.d/rc 6
101 ls:S:wait:/etc/init.d/rc S
102 ~~:S:respawn:/sbin/sulogin
103 p6::ctrlaltdel:/sbin/init 6
104 p0::powerfail:/sbin/init 0
105 cons:2345:respawn:/sbin/mingetty --noclear console screen
106 c1:2345:respawn:/sbin/mingetty --noclear tty1 screen
109 # set /dev/console as securetty
110 cat << EOF >> $rootfs/etc/securetty
114 cat <<EOF >> $rootfs/etc/sysconfig/boot
117 ROOTFS_BLKDEV="/dev/null"
121 # remove pointless services in a container
122 chroot $rootfs /sbin/insserv -r -f boot.udev boot.loadmodules boot.device-mapper boot.clock boot.swap boot.klog kbd
124 echo "Please change root-password !"
125 echo "root:root" | chroot $rootfs chpasswd
135 if [ ! -x /usr/bin/build ]; then
136 echo "Could not create openSUSE template :"
137 echo "you need to install \"build\" package"
141 # check the mini opensuse was not already downloaded
142 mkdir -p "$cache/partial-$arch"
144 if [ $? -ne 0 ]; then
145 echo "Failed to create '$cache/partial-$arch' directory"
149 # download a mini opensuse into a cache
150 echo "Downloading opensuse minimal ..."
151 mkdir -p "$cache/partial-$arch-packages"
152 zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/distribution/$DISTRO/repo/oss/ repo-oss
153 zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update
154 zypper --quiet --root $cache/partial-$arch-packages --non-interactive --gpg-auto-import-keys update
155 zypper --root $cache/partial-$arch-packages --non-interactive in --auto-agree-with-licenses --download-only zypper lxc patterns-openSUSE-base sysvinit-init
156 cat > $cache/partial-$arch-packages/opensuse.conf << EOF
157 Preinstall: aaa_base bash coreutils diffutils
158 Preinstall: filesystem fillup glibc grep insserv libacl1 libattr1
159 Preinstall: libbz2-1 libgcc46 libxcrypt libncurses5 pam
160 Preinstall: permissions libreadline6 rpm sed tar zlib libselinux1
161 Preinstall: liblzma5 libcap2 libpcre0
162 Preinstall: libpopt0 libelf1 liblua5_1
167 Support: patterns-openSUSE-base
169 Prefer: sysvinit-init
171 Ignore: patterns-openSUSE-base:patterns-openSUSE-yast2_install_wf
174 CLEAN_BUILD=1 BUILD_ROOT="$cache/partial-$arch" BUILD_DIST="$cache/partial-$arch-packages/opensuse.conf" /usr/lib/build/init_buildsystem --clean --cachedir $cache/partial-$arch-cache --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/$arch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/noarch
175 chroot $cache/partial-$arch /usr/bin/zypper --quiet --non-interactive ar http://download.opensuse.org/distribution/$DISTRO/repo/oss repo-oss
176 chroot $cache/partial-$arch /usr/bin/zypper --quiet --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update
177 chroot $cache/partial-$arch rpm -e patterns-openSUSE-base
178 umount $cache/partial-$arch/proc
179 # really clean the image
180 rm -fr $cache/partial-$arch/{.build,.guessed_dist,.srcfiles*,installed-pkg}
181 rm -fr $cache/partial-$arch/dev
182 # make sure we have a minimal /dev
183 mkdir -p "$cache/partial-$arch/dev"
184 mknod -m 666 $cache/partial-$arch/dev/null c 1 3
185 mknod -m 666 $cache/partial-$arch/dev/zero c 1 5
186 # create mtab symlink
187 rm -f $cache/partial-$arch/etc/mtab
188 ln -sf /proc/self/mounts $cache/partial-$arch/etc/mtab
189 if [ $? -ne 0 ]; then
190 echo "Failed to download the rootfs, aborting."
194 rm -fr "$cache/partial-$arch-packages"
195 mv "$1/partial-$arch" "$1/rootfs-$arch"
196 echo "Download complete."
207 # make a local copy of the mini opensuse
208 echo -n "Copying rootfs to $rootfs ..."
210 rsync -a $cache/rootfs-$arch/ $rootfs/ || return 1
216 cache="/var/cache/lxc/opensuse"
218 mkdir -p /var/lock/subsys/
221 if [ $? -ne 0 ]; then
222 echo "Cache repository is busy."
228 echo "Checking cache download in $cache/rootfs-$arch ... "
229 if [ ! -e "$cache/rootfs-$arch" ]; then
230 download_opensuse $cache $arch
231 if [ $? -ne 0 ]; then
232 echo "Failed to download 'opensuse base'"
237 echo "Copy $cache/rootfs-$arch to $rootfs ... "
238 copy_opensuse $cache $arch $rootfs
239 if [ $? -ne 0 ]; then
240 echo "Failed to copy rootfs"
246 ) 200>/var/lock/subsys/lxc
257 grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config
258 cat <<EOF >> $path/config
263 lxc.mount = $path/fstab
264 # uncomment the next line to run the container unconfined:
265 #lxc.aa_profile = unconfined
267 lxc.cgroup.devices.deny = a
269 lxc.cgroup.devices.allow = c 1:3 rwm
270 lxc.cgroup.devices.allow = c 1:5 rwm
272 lxc.cgroup.devices.allow = c 5:1 rwm
273 lxc.cgroup.devices.allow = c 5:0 rwm
274 lxc.cgroup.devices.allow = c 4:0 rwm
275 lxc.cgroup.devices.allow = c 4:1 rwm
277 lxc.cgroup.devices.allow = c 1:9 rwm
278 lxc.cgroup.devices.allow = c 1:8 rwm
279 lxc.cgroup.devices.allow = c 136:* rwm
280 lxc.cgroup.devices.allow = c 5:2 rwm
282 lxc.cgroup.devices.allow = c 254:0 rwm
285 cat <<EOF > $path/fstab
286 proc proc proc nodev,noexec,nosuid 0 0
287 sysfs sys sysfs defaults 0 0
290 if [ $? -ne 0 ]; then
291 echo "Failed to add configuration"
300 cache="/var/cache/lxc/opensuse"
302 if [ ! -e $cache ]; then
306 # lock, so we won't purge while someone is creating a repository
310 echo "Cache repository is busy."
314 echo -n "Purging the download cache..."
315 rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1
318 ) 200>/var/lock/subsys/lxc
324 $1 -h|--help -p|--path=<path> --clean
329 options=$(getopt -o hp:n:c -l help,path:,name:,clean -- "$@")
330 if [ $? -ne 0 ]; then
334 eval set -- "$options"
339 -h|--help) usage $0 && exit 0;;
340 -p|--path) path=$2; shift 2;;
341 -n|--name) name=$2; shift 2;;
342 -c|--clean) clean=$2; shift 2;;
343 --) shift 1; break ;;
348 if [ ! -z "$clean" -a -z "$path" ]; then
353 type zypper > /dev/null
354 if [ $? -ne 0 ]; then
355 echo "'zypper' command is missing"
359 if [ -z "$path" ]; then
360 echo "'path' parameter is required"
364 if [ "$(id -u)" != "0" ]; then
365 echo "This script should be run as 'root'"
370 config="$path/config"
371 if grep -q '^lxc.rootfs' $config 2>/dev/null ; then
372 rootfs=`grep 'lxc.rootfs =' $config | awk -F= '{ print $2 }'`
377 install_opensuse $rootfs
378 if [ $? -ne 0 ]; then
379 echo "failed to install opensuse"
383 configure_opensuse $rootfs $name
384 if [ $? -ne 0 ]; then
385 echo "failed to configure opensuse for a container"
389 copy_configuration $path $rootfs $name
390 if [ $? -ne 0 ]; then
391 echo "failed write configuration file"
395 if [ ! -z $clean ]; then