source: lab.git/lxc/0.7.5-3ubuntu63/templates/lxc-debian @ 995c968

#!/bin/bash

#
# lxc: linux Container library

# Authors:
# Daniel Lezcano <daniel.lezcano@free.fr>

# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.

# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# Lesser General Public License for more details.

# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

SUITE=${SUITE:-squeeze}
MIRROR=${MIRROR:-http://cdn.debian.net/debian}

configure_debian()
{
    rootfs=$1
    hostname=$2

    # squeeze only has /dev/tty and /dev/tty0 by default,
    # therefore creating missing device nodes for tty1-4.
    for tty in $(seq 1 4); do
    if [ ! -e $rootfs/dev/tty$tty ]; then
        mknod $rootfs/dev/tty$tty c 4 $tty
    fi
    done

    # configure the inittab
    cat <<EOF > $rootfs/etc/inittab
id:2:initdefault:
si::sysinit:/etc/init.d/rcS
l0:0:wait:/etc/init.d/rc 0
l1:1:wait:/etc/init.d/rc 1
l2:2:wait:/etc/init.d/rc 2
l3:3:wait:/etc/init.d/rc 3
l4:4:wait:/etc/init.d/rc 4
l5:5:wait:/etc/init.d/rc 5
l6:6:wait:/etc/init.d/rc 6
# Normally not reached, but fallthrough in case of emergency.
z6:6:respawn:/sbin/sulogin
1:2345:respawn:/sbin/getty 38400 console
c1:12345:respawn:/sbin/getty 38400 tty1 linux
c2:12345:respawn:/sbin/getty 38400 tty2 linux
c3:12345:respawn:/sbin/getty 38400 tty3 linux
c4:12345:respawn:/sbin/getty 38400 tty4 linux
EOF

    # disable selinux in debian
    mkdir -p $rootfs/selinux
    echo 0 > $rootfs/selinux/enforce

    # configure the network using the dhcp
    cat <<EOF > $rootfs/etc/network/interfaces
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp
EOF

    # set the hostname
    cat <<EOF > $rootfs/etc/hostname
$hostname
EOF

    # reconfigure some services
    LANG="${LANG:-en_US.UTF-8}"

    locale="$LANG $(echo $LANG | cut -d. -f2)"
    chroot $rootfs echo "locales locales/default_environment_locale select $LANG" | chroot $rootfs sh -c "LANG=C debconf-set-selections"
    chroot $rootfs echo "locales locales/default_environment_locale seen true" | chroot $rootfs sh -c "LANG=C debconf-set-selections"
    chroot $rootfs echo "locales locales/locales_to_be_generated seen true" | chroot $rootfs sh -c "LANG=C debconf-set-selections"
    chroot $rootfs sed -i -e "0,/^[# ]*$locale *$/ s/^[# ]*$locale *$/$locale/" /etc/locale.gen
    chroot $rootfs sh -c "LANG=C dpkg-reconfigure locales -f noninteractive"

    # remove pointless services in a container
    chroot $rootfs /usr/sbin/update-rc.d -f checkroot.sh remove # S
    chroot $rootfs /usr/sbin/update-rc.d checkroot.sh stop 09 S .

    chroot $rootfs /usr/sbin/update-rc.d -f umountfs remove # 0 6
    chroot $rootfs /usr/sbin/update-rc.d umountfs start 09 0 6 .

    chroot $rootfs /usr/sbin/update-rc.d -f umountroot remove # 0 6
    chroot $rootfs /usr/sbin/update-rc.d umountroot start 10 0 6 .

    # The following initscripts don't provide an empty start or stop block.
    # To prevent them being enabled on upgrades, we leave a start link on
    # runlevel 3.
    chroot $rootfs /usr/sbin/update-rc.d -f hwclock.sh remove # S 0 6
    chroot $rootfs /usr/sbin/update-rc.d hwclock.sh start 10 3 .

    chroot $rootfs /usr/sbin/update-rc.d -f hwclockfirst.sh remove # S
    chroot $rootfs /usr/sbin/update-rc.d hwclockfirst start 08 3 .

    chroot $rootfs /usr/sbin/update-rc.d -f module-init-tools remove # S
    chroot $rootfs /usr/sbin/update-rc.d module-init-tools start 10 3 .

    echo "root:root" | chroot $rootfs chpasswd
    echo "Root password is 'root', please change !"

    return 0
}

download_debian()
{
    packages=\
ifupdown,\
locales,\
libui-dialog-perl,\
dialog,\
dhcp3-client,\
netbase,\
net-tools,\
iproute,\
openssh-server

    cache=$1
    arch=$2

    # check the mini debian was not already downloaded
    mkdir -p "$cache/partial-$SUITE-$arch"
    if [ $? -ne 0 ]; then
    echo "Failed to create '$cache/partial-$SUITE-$arch' directory"
    return 1
    fi

    # download a mini debian into a cache
    echo "Downloading debian minimal ..."
    debootstrap --verbose --variant=minbase --arch=$arch \
    --include=$packages \
    "$SUITE" "$cache/partial-$SUITE-$arch" $MIRROR
    if [ $? -ne 0 ]; then
    echo "Failed to download the rootfs, aborting."
    return 1
    fi

    mv "$1/partial-$SUITE-$arch" "$1/rootfs-$SUITE-$arch"
    echo "Download complete."

    return 0
}

copy_debian()
{
    cache=$1
    arch=$2
    rootfs=$3

    # make a local copy of the minidebian
    echo -n "Copying rootfs to $rootfs..."
    mkdir -p $rootfs
    rsync -a "$cache/rootfs-$SUITE-$arch"/ $rootfs/ || return 1
    return 0
}

install_debian()
{
    cache="/var/cache/lxc/debian"
    rootfs=$1
    mkdir -p /var/lock/subsys/
    (
    flock -x 200
    if [ $? -ne 0 ]; then
        echo "Cache repository is busy."
        return 1
    fi

    # Code taken from debootstrap
    if [ -x /usr/bin/dpkg ] && /usr/bin/dpkg --print-architecture >/dev/null 2>&1; then
        arch=`/usr/bin/dpkg --print-architecture`
    elif type udpkg >/dev/null 2>&1 && udpkg --print-architecture >/dev/null 2>&1; then
        arch=`/usr/bin/udpkg --print-architecture`
    else
        arch=$(arch)
        case $arch in
        686)           arch="i386";;
        x86_64)        arch="amd64";;
        ppc)           arch="powerpc";;
        esac
    fi

    echo "Checking cache download in $cache/rootfs-$SUITE-$arch ... "
    if [ ! -e "$cache/rootfs-$SUITE-$arch" ]; then
        download_debian $cache $arch
        if [ $? -ne 0 ]; then
        echo "Failed to download 'debian base'"
        return 1
        fi
    fi

    copy_debian $cache $arch $rootfs
    if [ $? -ne 0 ]; then
        echo "Failed to copy rootfs"
        return 1
    fi

    return 0

    ) 200>/var/lock/subsys/lxc

    return $?
}

copy_configuration()
{
    path=$1
    rootfs=$2
    name=$3

    cat >> $path/config << EOF
# $path/config

## Container
lxc.utsname                             = $name
lxc.rootfs                              = $rootfs
lxc.tty                                 = 4
lxc.pts                                 = 1024
#lxc.console                            = /var/log/lxc/$name.console

## Capabilities
lxc.cap.drop                            = sys_admin

# uncomment the next line to run the container unconfined:
#lxc.aa_profile = unconfined

## Devices
#lxc.cgroup.devices.allow               = a
lxc.cgroup.devices.deny                 = a
# /dev/null
lxc.cgroup.devices.allow                = c 1:3 rwm
# /dev/zero
lxc.cgroup.devices.allow                = c 1:5 rwm
# /dev/tty[1-4] consoles
lxc.cgroup.devices.allow                = c 5:1 rwm
lxc.cgroup.devices.allow                = c 5:0 rwm
lxc.cgroup.devices.allow                = c 4:0 rwm
lxc.cgroup.devices.allow                = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow                = c 1:9 rwm
lxc.cgroup.devices.allow                = c 1:8 rwm
lxc.cgroup.devices.allow                = c 136:* rwm
lxc.cgroup.devices.allow                = c 5:2 rwm
# /dev/rtc
lxc.cgroup.devices.allow                = c 254:0 rwm

## Limits
#lxc.cgroup.cpu.shares                  = 1024
#lxc.cgroup.cpuset.cpus                 = 0
#lxc.cgroup.memory.limit_in_bytes       = 256M
#lxc.cgroup.memory.memsw.limit_in_bytes = 1G

## Filesystem
lxc.mount.entry                         = proc proc proc nodev,noexec,nosuid 0 0
lxc.mount.entry                         = sysfs sys sysfs defaults,ro 0 0
#lxc.mount.entry                        = /srv/$name srv/$name none defaults,bind 0 0
EOF

    if [ $? -ne 0 ]; then
    echo "Failed to add configuration"
    return 1
    fi

    return 0
}

clean()
{
    cache="/var/cache/lxc/debian"

    if [ ! -e $cache ]; then
    exit 0
    fi

    # lock, so we won't purge while someone is creating a repository
    (
    flock -x 200
    if [ $? != 0 ]; then
        echo "Cache repository is busy."
        exit 1
    fi

    echo -n "Purging the download cache..."
    rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1
    exit 0

    ) 200>/var/lock/subsys/lxc
}

usage()
{
    cat <<EOF
$1 -h|--help -p|--path=<path> --clean
EOF
    return 0
}

options=$(getopt -o hp:n:c -l help,path:,name:,clean -- "$@")
if [ $? -ne 0 ]; then
        usage $(basename $0)
    exit 1
fi
eval set -- "$options"

while true
do
    case "$1" in
        -h|--help)      usage $0 && exit 0;;
        -p|--path)      path=$2; shift 2;;
    -n|--name)      name=$2; shift 2;;
    -c|--clean)     clean=$2; shift 2;;
        --)             shift 1; break ;;
        *)              break ;;
    esac
done

if [ ! -z "$clean" -a -z "$path" ]; then
    clean || exit 1
    exit 0
fi

type debootstrap
if [ $? -ne 0 ]; then
    echo "'debootstrap' command is missing"
    exit 1
fi

if [ -z "$path" ]; then
    echo "'path' parameter is required"
    exit 1
fi

if [ "$(id -u)" != "0" ]; then
    echo "This script should be run as 'root'"
    exit 1
fi

rootfs=$path/rootfs

install_debian $rootfs
if [ $? -ne 0 ]; then
    echo "failed to install debian"
    exit 1
fi

configure_debian $rootfs $name
if [ $? -ne 0 ]; then
    echo "failed to configure debian for a container"
    exit 1
fi

copy_configuration $path $rootfs
if [ $? -ne 0 ]; then
    echo "failed write configuration file"
    exit 1
fi

if [ ! -z $clean ]; then
    clean || exit 1
    exit 0
fi