1 | #!/bin/bash |
---|
2 | |
---|
3 | # |
---|
4 | # template script for generating altlinux container for LXC |
---|
5 | # |
---|
6 | |
---|
7 | # |
---|
8 | # lxc: linux Container library |
---|
9 | |
---|
10 | # Authors: |
---|
11 | # Alexey Shabalin <shaba@altlinux.org> |
---|
12 | |
---|
13 | # This library is free software; you can redistribute it and/or |
---|
14 | # modify it under the terms of the GNU Lesser General Public |
---|
15 | # License as published by the Free Software Foundation; either |
---|
16 | # version 2.1 of the License, or (at your option) any later version. |
---|
17 | |
---|
18 | # This library is distributed in the hope that it will be useful, |
---|
19 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
20 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
---|
21 | # Lesser General Public License for more details. |
---|
22 | |
---|
23 | # You should have received a copy of the GNU Lesser General Public |
---|
24 | # License along with this library; if not, write to the Free Software |
---|
25 | # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
---|
26 | |
---|
27 | #Configurations |
---|
28 | arch=$(arch) |
---|
29 | cache_base=/var/cache/lxc/altlinux/$arch |
---|
30 | default_path=${localstatedir}/lib/lxc |
---|
31 | default_profile=default |
---|
32 | profile_dir=/etc/lxc/profiles |
---|
33 | root_password=rooter |
---|
34 | lxc_network_type=veth |
---|
35 | lxc_network_link=virbr0 |
---|
36 | |
---|
37 | # is this altlinux? |
---|
38 | [ -f /etc/altlinux-release ] && is_altlinux=true |
---|
39 | |
---|
40 | configure_altlinux() |
---|
41 | { |
---|
42 | |
---|
43 | # disable selinux in altlinux |
---|
44 | mkdir -p $rootfs_path/selinux |
---|
45 | echo 0 > $rootfs_path/selinux/enforce |
---|
46 | |
---|
47 | mkdir -p ${rootfs_path}/etc/net/ifaces/veth0 |
---|
48 | cat <<EOF > ${rootfs_path}/etc/net/ifaces/veth0/options |
---|
49 | BOOTPROTO=${BOOTPROTO} |
---|
50 | ONBOOT=yes |
---|
51 | NM_CONTROLLED=no |
---|
52 | TYPE=eth |
---|
53 | EOF |
---|
54 | |
---|
55 | if [ ${BOOTPROTO} != "dhcp" ]; then |
---|
56 | # ip address |
---|
57 | cat <<EOF > ${rootfs_path}/etc/net/ifaces/veth0/ipv4address |
---|
58 | ${ipv4} |
---|
59 | EOF |
---|
60 | |
---|
61 | cat <<EOF > ${rootfs_path}/etc/net/ifaces/veth0/ipv4route |
---|
62 | ${gw} |
---|
63 | EOF |
---|
64 | |
---|
65 | cat <<EOF > ${rootfs_path}/etc/net/ifaces/veth0/resolv.conf |
---|
66 | nameserver ${dns} |
---|
67 | EOF |
---|
68 | |
---|
69 | cat <<EOF > ${rootfs_path}/etc/net/ifaces/veth0/ipv6address |
---|
70 | ${ipv6} |
---|
71 | EOF |
---|
72 | |
---|
73 | cat <<EOF > ${rootfs_path}/etc/net/ifaces/veth0/ipv6route |
---|
74 | ${gw6} |
---|
75 | EOF |
---|
76 | |
---|
77 | fi |
---|
78 | |
---|
79 | # set the hostname |
---|
80 | cat <<EOF > ${rootfs_path}/etc/sysconfig/network |
---|
81 | NETWORKING=yes |
---|
82 | CONFMETHOD=etcnet |
---|
83 | HOSTNAME=${UTSNAME} |
---|
84 | RESOLV_MODS=yes |
---|
85 | EOF |
---|
86 | |
---|
87 | # set minimal hosts |
---|
88 | cat <<EOF > $rootfs_path/etc/hosts |
---|
89 | 127.0.0.1 localhost.localdomain localhost $name |
---|
90 | EOF |
---|
91 | # Allow to login at virsh console. loginuid.so doen't work in the absence of auditd. |
---|
92 | # sed -i 's/^.*loginuid.so.*$/\#&/' ${rootfs_path}/etc/pam.d/common-login |
---|
93 | |
---|
94 | # Allow root to login at virsh console |
---|
95 | echo "pts/0" >> ${rootfs_path}/etc/securetty |
---|
96 | echo "console" >> ${rootfs_path}/etc/securetty |
---|
97 | |
---|
98 | chroot ${rootfs_path} chkconfig network on |
---|
99 | chroot ${rootfs_path} chkconfig syslogd on |
---|
100 | chroot ${rootfs_path} chkconfig random on |
---|
101 | chroot ${rootfs_path} chkconfig rawdevices off |
---|
102 | chroot ${rootfs_path} chkconfig fbsetfont off |
---|
103 | # chroot ${rootfs_path} chkconfig keytable off |
---|
104 | |
---|
105 | subst 's/^\([3-9]\+:[0-9]\+:respawn:\/sbin\/mingetty.*\)/#\1/' ${rootfs_path}/etc/inittab |
---|
106 | echo "c1:2345:respawn:/sbin/mingetty --noclear console" >> ${rootfs_path}/etc/inittab |
---|
107 | subst 's,\/dev\/tty12,/var/log/syslog/console,' ${rootfs_path}/etc/syslog.conf |
---|
108 | |
---|
109 | # touch file for fastboot |
---|
110 | touch ${rootfs_path}/fastboot |
---|
111 | chattr +i ${rootfs_path}/fastboot |
---|
112 | |
---|
113 | dev_path="${rootfs_path}/dev" |
---|
114 | rm -rf ${dev_path} |
---|
115 | mkdir -p ${dev_path} |
---|
116 | mknod -m 666 ${dev_path}/null c 1 3 |
---|
117 | mknod -m 666 ${dev_path}/zero c 1 5 |
---|
118 | mknod -m 644 ${dev_path}/random c 1 8 |
---|
119 | mknod -m 644 ${dev_path}/urandom c 1 9 |
---|
120 | mkdir -m 755 ${dev_path}/pts |
---|
121 | mkdir -m 1777 ${dev_path}/shm |
---|
122 | mknod -m 666 ${dev_path}/tty c 5 0 |
---|
123 | chown root:tty ${dev_path}/tty |
---|
124 | mknod -m 600 ${dev_path}/tty0 c 4 0 |
---|
125 | mknod -m 600 ${dev_path}/tty1 c 4 1 |
---|
126 | mknod -m 600 ${dev_path}/tty2 c 4 2 |
---|
127 | mknod -m 600 ${dev_path}/tty3 c 4 3 |
---|
128 | mknod -m 600 ${dev_path}/tty4 c 4 4 |
---|
129 | mknod -m 600 ${dev_path}/console c 5 1 |
---|
130 | mknod -m 666 ${dev_path}/full c 1 7 |
---|
131 | mknod -m 600 ${dev_path}/initctl p |
---|
132 | mknod -m 666 ${dev_path}/ptmx c 5 2 |
---|
133 | chown root:tty ${dev_path}/ptmx |
---|
134 | ln -s /proc/self/fd ${dev_path}/fd |
---|
135 | ln -s /proc/kcore ${dev_path}/core |
---|
136 | mkdir -m 755 ${dev_path}/mapper |
---|
137 | mknod -m 600 ${dev_path}/mapper/control c 10 236 |
---|
138 | mkdir -m 755 ${dev_path}/net |
---|
139 | mknod -m 666 ${dev_path}/net/tun c 10 200 |
---|
140 | |
---|
141 | echo "setting root passwd to $root_password" |
---|
142 | echo "root:$root_password" | chroot $rootfs_path chpasswd |
---|
143 | |
---|
144 | return 0 |
---|
145 | } |
---|
146 | |
---|
147 | download_altlinux() |
---|
148 | { |
---|
149 | |
---|
150 | # check the mini altlinux was not already downloaded |
---|
151 | INSTALL_ROOT=$cache/partial |
---|
152 | mkdir -p $INSTALL_ROOT |
---|
153 | if [ $? -ne 0 ]; then |
---|
154 | echo "Failed to create '$INSTALL_ROOT' directory" |
---|
155 | return 1 |
---|
156 | fi |
---|
157 | |
---|
158 | # download a mini altlinux into a cache |
---|
159 | echo "Downloading altlinux minimal ..." |
---|
160 | APT_GET="apt-get -o RPM::RootDir=$INSTALL_ROOT -y" |
---|
161 | PKG_LIST="$(grep -hs '^[^#]' "$profile_dir/$profile")" |
---|
162 | # PKG_LIST="basesystem apt apt-conf-sisyphus etcnet openssh-server passwd sysklogd net-tools e2fsprogs" |
---|
163 | |
---|
164 | mkdir -p $INSTALL_ROOT/var/lib/rpm |
---|
165 | rpm --root $INSTALL_ROOT --initdb |
---|
166 | $APT_GET install $PKG_LIST |
---|
167 | |
---|
168 | if [ $? -ne 0 ]; then |
---|
169 | echo "Failed to download the rootfs, aborting." |
---|
170 | return 1 |
---|
171 | fi |
---|
172 | |
---|
173 | mv "$INSTALL_ROOT" "$cache/rootfs" |
---|
174 | echo "Download complete." |
---|
175 | |
---|
176 | return 0 |
---|
177 | } |
---|
178 | |
---|
179 | copy_altlinux() |
---|
180 | { |
---|
181 | |
---|
182 | # make a local copy of the minialtlinux |
---|
183 | echo -n "Copying rootfs to $rootfs_path ..." |
---|
184 | #cp -a $cache/rootfs-$arch $rootfs_path || return 1 |
---|
185 | # i prefer rsync (no reason really) |
---|
186 | mkdir -p $rootfs_path |
---|
187 | rsync -a $cache/rootfs/ $rootfs_path/ |
---|
188 | return 0 |
---|
189 | } |
---|
190 | |
---|
191 | update_altlinux() |
---|
192 | { |
---|
193 | chroot $cache/rootfs apt-get update |
---|
194 | chroot $cache/rootfs apt-get -y dist-upgrade |
---|
195 | } |
---|
196 | |
---|
197 | install_altlinux() |
---|
198 | { |
---|
199 | mkdir -p /var/lock/subsys/ |
---|
200 | ( |
---|
201 | flock -x 200 |
---|
202 | if [ $? -ne 0 ]; then |
---|
203 | echo "Cache repository is busy." |
---|
204 | return 1 |
---|
205 | fi |
---|
206 | |
---|
207 | echo "Checking cache download in $cache/rootfs ... " |
---|
208 | if [ ! -e "$cache/rootfs" ]; then |
---|
209 | download_altlinux |
---|
210 | if [ $? -ne 0 ]; then |
---|
211 | echo "Failed to download 'altlinux base'" |
---|
212 | return 1 |
---|
213 | fi |
---|
214 | else |
---|
215 | echo "Cache found. Updating..." |
---|
216 | update_altlinux |
---|
217 | if [ $? -ne 0 ]; then |
---|
218 | echo "Failed to update 'altlinux base', continuing with last known good cache" |
---|
219 | else |
---|
220 | echo "Update finished" |
---|
221 | fi |
---|
222 | fi |
---|
223 | |
---|
224 | echo "Copy $cache/rootfs to $rootfs_path ... " |
---|
225 | copy_altlinux |
---|
226 | if [ $? -ne 0 ]; then |
---|
227 | echo "Failed to copy rootfs" |
---|
228 | return 1 |
---|
229 | fi |
---|
230 | |
---|
231 | return 0 |
---|
232 | |
---|
233 | ) 200>/var/lock/subsys/lxc |
---|
234 | |
---|
235 | return $? |
---|
236 | } |
---|
237 | |
---|
238 | copy_configuration() |
---|
239 | { |
---|
240 | |
---|
241 | mkdir -p $config_path |
---|
242 | grep -q "^lxc.rootfs" $config_path/config 2>/dev/null || echo "lxc.rootfs = $rootfs_path" >> $config_path/config |
---|
243 | cat <<EOF >> $config_path/config |
---|
244 | lxc.utsname = $name |
---|
245 | lxc.tty = 4 |
---|
246 | lxc.pts = 1024 |
---|
247 | lxc.mount = $config_path/fstab |
---|
248 | #networking |
---|
249 | lxc.network.type = $lxc_network_type |
---|
250 | lxc.network.flags = up |
---|
251 | lxc.network.link = $lxc_network_link |
---|
252 | lxc.network.name = veth0 |
---|
253 | lxc.network.mtu = 1500 |
---|
254 | EOF |
---|
255 | if [ ! -z ${ipv4} ]; then |
---|
256 | cat <<EOF >> $config_path/config |
---|
257 | lxc.network.ipv4 = $ipv4 |
---|
258 | EOF |
---|
259 | fi |
---|
260 | if [ ! -z ${gw} ]; then |
---|
261 | cat <<EOF >> $config_path/config |
---|
262 | lxc.network.ipv4.gateway = $gw |
---|
263 | EOF |
---|
264 | fi |
---|
265 | if [ ! -z ${ipv6} ]; then |
---|
266 | cat <<EOF >> $config_path/config |
---|
267 | lxc.network.ipv6 = $ipv6 |
---|
268 | EOF |
---|
269 | fi |
---|
270 | if [ ! -z ${gw6} ]; then |
---|
271 | cat <<EOF >> $config_path/config |
---|
272 | lxc.network.ipv6.gateway = $gw6 |
---|
273 | EOF |
---|
274 | fi |
---|
275 | cat <<EOF >> $config_path/config |
---|
276 | #cgroups |
---|
277 | lxc.cgroup.devices.deny = a |
---|
278 | # /dev/null and zero |
---|
279 | lxc.cgroup.devices.allow = c 1:3 rwm |
---|
280 | lxc.cgroup.devices.allow = c 1:5 rwm |
---|
281 | # consoles |
---|
282 | lxc.cgroup.devices.allow = c 5:1 rwm |
---|
283 | lxc.cgroup.devices.allow = c 5:0 rwm |
---|
284 | lxc.cgroup.devices.allow = c 4:0 rwm |
---|
285 | lxc.cgroup.devices.allow = c 4:1 rwm |
---|
286 | # /dev/{,u}random |
---|
287 | lxc.cgroup.devices.allow = c 1:9 rwm |
---|
288 | lxc.cgroup.devices.allow = c 1:8 rwm |
---|
289 | lxc.cgroup.devices.allow = c 136:* rwm |
---|
290 | lxc.cgroup.devices.allow = c 5:2 rwm |
---|
291 | # rtc |
---|
292 | lxc.cgroup.devices.allow = c 10:135 rwm |
---|
293 | EOF |
---|
294 | |
---|
295 | cat <<EOF > $config_path/fstab |
---|
296 | proc $rootfs_path/proc proc nodev,noexec,nosuid 0 0 |
---|
297 | sysfs $rootfs_path/sys sysfs defaults 0 0 |
---|
298 | EOF |
---|
299 | |
---|
300 | if [ $? -ne 0 ]; then |
---|
301 | echo "Failed to add configuration" |
---|
302 | return 1 |
---|
303 | fi |
---|
304 | |
---|
305 | return 0 |
---|
306 | } |
---|
307 | |
---|
308 | clean() |
---|
309 | { |
---|
310 | |
---|
311 | if [ ! -e $cache ]; then |
---|
312 | exit 0 |
---|
313 | fi |
---|
314 | |
---|
315 | # lock, so we won't purge while someone is creating a repository |
---|
316 | ( |
---|
317 | flock -n -x 200 |
---|
318 | if [ $? != 0 ]; then |
---|
319 | echo "Cache repository is busy." |
---|
320 | exit 1 |
---|
321 | fi |
---|
322 | |
---|
323 | echo -n "Purging the download cache for ALTLinux-$release..." |
---|
324 | rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1 |
---|
325 | exit 0 |
---|
326 | |
---|
327 | ) 200>/var/lock/subsys/lxc |
---|
328 | } |
---|
329 | |
---|
330 | usage() |
---|
331 | { |
---|
332 | cat <<EOF |
---|
333 | usage: |
---|
334 | $1 -n|--name=<container_name> |
---|
335 | [-p|--path=<path>] [-c|--clean] [-R|--release=<ALTLinux_release>] |
---|
336 | [-4|--ipv4=<ipv4 address>] [-6|--ipv6=<ipv6 address>] |
---|
337 | [-g|--gw=<gw address>] [-d|--dns=<dns address>] |
---|
338 | [-P|--profile=<name of the profile>] |
---|
339 | [-A|--arch=<arch of the container>] |
---|
340 | [-h|--help] |
---|
341 | Mandatory args: |
---|
342 | -n,--name container name, used to as an identifier for that container from now on |
---|
343 | Optional args: |
---|
344 | -p,--path path to where the container rootfs will be created, defaults to /var/lib/lxc. The container config will go under /var/lib/lxc in and case |
---|
345 | -c,--clean clean the cache |
---|
346 | -R,--release ALTLinux release for the new container. if the host is ALTLinux, then it will defaultto the host's release. |
---|
347 | -4,--ipv4 specify the ipv4 address to assign to the virtualized interface, eg. 192.168.1.123/24 |
---|
348 | -6,--ipv6 specify the ipv6 address to assign to the virtualized interface, eg. 2003:db8:1:0:214:1234:fe0b:3596/64 |
---|
349 | -g,--gw specify the default gw, eg. 192.168.1.1 |
---|
350 | -G,--gw6 specify the default gw, eg. 2003:db8:1:0:214:1234:fe0b:3596 |
---|
351 | -d,--dns specify the DNS server, eg. 192.168.1.2 |
---|
352 | -P,--profile Profile name is the file name in /etc/lxc/profiles contained packages name for install to cache. |
---|
353 | -A,--arch NOT USED YET. Define what arch the container will be [i686,x86_64] |
---|
354 | -h,--help print this help |
---|
355 | EOF |
---|
356 | return 0 |
---|
357 | } |
---|
358 | |
---|
359 | options=$(getopt -o hp:n:P:cR:4:6:g:d: -l help,path:,name:,profile:,clean,release:ipv4:ipv6:gw:dns: -- "$@") |
---|
360 | if [ $? -ne 0 ]; then |
---|
361 | usage $(basename $0) |
---|
362 | exit 1 |
---|
363 | fi |
---|
364 | eval set -- "$options" |
---|
365 | |
---|
366 | while true |
---|
367 | do |
---|
368 | case "$1" in |
---|
369 | -h|--help) usage $0 && exit 0;; |
---|
370 | -p|--path) path=$2; shift 2;; |
---|
371 | -n|--name) name=$2; shift 2;; |
---|
372 | -P|--profile) profile=$2; shift 2;; |
---|
373 | -c|--clean) clean=$2; shift 2;; |
---|
374 | -R|--release) release=$2; shift 2;; |
---|
375 | -4|--ipv4) ipv4=$2; shift 2;; |
---|
376 | -6|--ipv6) ipv6=$2; shift 2;; |
---|
377 | -g|--gw) gw=$2; shift 2;; |
---|
378 | -d|--dns) dns=$2; shift 2;; |
---|
379 | --) shift 1; break ;; |
---|
380 | *) break ;; |
---|
381 | esac |
---|
382 | done |
---|
383 | |
---|
384 | if [ ! -z "$clean" -a -z "$path" ]; then |
---|
385 | clean || exit 1 |
---|
386 | exit 0 |
---|
387 | fi |
---|
388 | |
---|
389 | type apt-get >/dev/null 2>&1 |
---|
390 | if [ $? -ne 0 ]; then |
---|
391 | echo "'apt-get' command is missing" |
---|
392 | exit 1 |
---|
393 | fi |
---|
394 | |
---|
395 | if [ -z "$path" ]; then |
---|
396 | path=$default_path |
---|
397 | fi |
---|
398 | |
---|
399 | if [ -z "$profile" ]; then |
---|
400 | profile=$default_profile |
---|
401 | fi |
---|
402 | |
---|
403 | if [ -z "$release" ]; then |
---|
404 | if [ "$is_altlinux" ]; then |
---|
405 | release=$(cat /etc/altlinux-release |awk '/^ALT/ {print $3}') |
---|
406 | else |
---|
407 | echo "This is not a ALTLinux host and release missing, use -R|--release to specify release" |
---|
408 | exit 1 |
---|
409 | fi |
---|
410 | fi |
---|
411 | |
---|
412 | if [ -z "$ipv4" -a -z "$ipv6" ]; then |
---|
413 | BOOTPROTO="dhcp" |
---|
414 | else |
---|
415 | BOOTPROTO="static" |
---|
416 | fi |
---|
417 | |
---|
418 | if [ "$(id -u)" != "0" ]; then |
---|
419 | echo "This script should be run as 'root'" |
---|
420 | exit 1 |
---|
421 | fi |
---|
422 | |
---|
423 | rootfs_path=$path/$name/rootfs |
---|
424 | config_path=$default_path/$name |
---|
425 | cache=$cache_base/$release/$profile |
---|
426 | |
---|
427 | if [ -f $config_path/config ]; then |
---|
428 | echo "A container with that name exists, chose a different name" |
---|
429 | exit 1 |
---|
430 | fi |
---|
431 | |
---|
432 | # check for 'lxc.rootfs' passed in through default config by lxc-create |
---|
433 | if grep -q '^lxc.rootfs' $path/config 2>/dev/null ; then |
---|
434 | rootfs_path=`grep 'lxc.rootfs =' $path/config | awk -F= '{ print $2 }'` |
---|
435 | fi |
---|
436 | |
---|
437 | install_altlinux |
---|
438 | if [ $? -ne 0 ]; then |
---|
439 | echo "failed to install altlinux" |
---|
440 | exit 1 |
---|
441 | fi |
---|
442 | |
---|
443 | configure_altlinux |
---|
444 | if [ $? -ne 0 ]; then |
---|
445 | echo "failed to configure altlinux for a container" |
---|
446 | exit 1 |
---|
447 | fi |
---|
448 | |
---|
449 | copy_configuration |
---|
450 | if [ $? -ne 0 ]; then |
---|
451 | echo "failed write configuration file" |
---|
452 | exit 1 |
---|
453 | fi |
---|
454 | |
---|
455 | if [ ! -z $clean ]; then |
---|
456 | clean || exit 1 |
---|
457 | exit 0 |
---|
458 | fi |
---|
459 | echo "container rootfs and config created" |
---|
460 | echo "container is configured for lxc.network.type=veth and lxc.network.link=virbr0 (which is default if you have libvirt runnig)" |
---|