source: lab/vendor/lxc/0.8.0~rc1-4ubuntu37/templates/lxc-altlinux @ 175

Last change on this file since 175 was 175, checked in by mitty, 12 years ago
  • /usr/lib/lxc/templates of lxc 0.8.0~rc1-4ubuntu37 on Ubuntu 12.10 (beta)
  • Property svn:executable set to *
File size: 12.0 KB
Line 
1#!/bin/bash
2
3#
4# template script for generating altlinux container for LXC
5#
6
7#
8# lxc: linux Container library
9
10# Authors:
11# Alexey Shabalin <shaba@altlinux.org>
12
13# This library is free software; you can redistribute it and/or
14# modify it under the terms of the GNU Lesser General Public
15# License as published by the Free Software Foundation; either
16# version 2.1 of the License, or (at your option) any later version.
17
18# This library is distributed in the hope that it will be useful,
19# but WITHOUT ANY WARRANTY; without even the implied warranty of
20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
21# Lesser General Public License for more details.
22
23# You should have received a copy of the GNU Lesser General Public
24# License along with this library; if not, write to the Free Software
25# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
26
27#Configurations
28arch=$(arch)
29cache_base=/var/cache/lxc/altlinux/$arch
30default_path=${localstatedir}/lib/lxc
31default_profile=default
32profile_dir=/etc/lxc/profiles
33root_password=rooter
34lxc_network_type=veth
35lxc_network_link=virbr0
36
37# is this altlinux?
38[ -f /etc/altlinux-release ] && is_altlinux=true
39
40configure_altlinux()
41{
42
43    # disable selinux in altlinux
44    mkdir -p $rootfs_path/selinux
45    echo 0 > $rootfs_path/selinux/enforce
46
47    mkdir -p ${rootfs_path}/etc/net/ifaces/veth0
48    cat <<EOF > ${rootfs_path}/etc/net/ifaces/veth0/options
49BOOTPROTO=${BOOTPROTO}
50ONBOOT=yes
51NM_CONTROLLED=no
52TYPE=eth
53EOF
54
55if [ ${BOOTPROTO} != "dhcp" ]; then
56    # ip address
57    cat <<EOF > ${rootfs_path}/etc/net/ifaces/veth0/ipv4address
58${ipv4}
59EOF
60
61    cat <<EOF > ${rootfs_path}/etc/net/ifaces/veth0/ipv4route
62${gw}
63EOF
64
65    cat <<EOF > ${rootfs_path}/etc/net/ifaces/veth0/resolv.conf
66nameserver ${dns}
67EOF
68
69    cat <<EOF > ${rootfs_path}/etc/net/ifaces/veth0/ipv6address
70${ipv6}
71EOF
72
73    cat <<EOF > ${rootfs_path}/etc/net/ifaces/veth0/ipv6route
74${gw6}
75EOF
76
77fi
78
79    # set the hostname
80    cat <<EOF > ${rootfs_path}/etc/sysconfig/network
81NETWORKING=yes
82CONFMETHOD=etcnet
83HOSTNAME=${UTSNAME}
84RESOLV_MODS=yes
85EOF
86
87    # set minimal hosts
88    cat <<EOF > $rootfs_path/etc/hosts
89127.0.0.1 localhost.localdomain localhost $name
90EOF
91    # Allow to login at virsh console. loginuid.so doen't work in the absence of auditd.
92#    sed -i 's/^.*loginuid.so.*$/\#&/' ${rootfs_path}/etc/pam.d/common-login
93
94    # Allow root to login at virsh console
95    echo "pts/0" >> ${rootfs_path}/etc/securetty
96    echo "console" >> ${rootfs_path}/etc/securetty
97
98    chroot ${rootfs_path} chkconfig network on
99    chroot ${rootfs_path} chkconfig syslogd on
100    chroot ${rootfs_path} chkconfig random on
101    chroot ${rootfs_path} chkconfig rawdevices off
102    chroot ${rootfs_path} chkconfig fbsetfont off
103#    chroot ${rootfs_path} chkconfig keytable off
104
105    subst 's/^\([3-9]\+:[0-9]\+:respawn:\/sbin\/mingetty.*\)/#\1/' ${rootfs_path}/etc/inittab
106    echo "c1:2345:respawn:/sbin/mingetty --noclear console" >>  ${rootfs_path}/etc/inittab
107    subst 's,\/dev\/tty12,/var/log/syslog/console,' ${rootfs_path}/etc/syslog.conf
108
109#   touch file for fastboot
110    touch ${rootfs_path}/fastboot
111    chattr +i ${rootfs_path}/fastboot
112
113    dev_path="${rootfs_path}/dev"
114    rm -rf ${dev_path}
115    mkdir -p ${dev_path}
116    mknod -m 666 ${dev_path}/null c 1 3
117    mknod -m 666 ${dev_path}/zero c 1 5
118    mknod -m 644 ${dev_path}/random c 1 8
119    mknod -m 644 ${dev_path}/urandom c 1 9
120    mkdir -m 755 ${dev_path}/pts
121    mkdir -m 1777 ${dev_path}/shm
122    mknod -m 666 ${dev_path}/tty c 5 0
123    chown root:tty ${dev_path}/tty
124    mknod -m 600 ${dev_path}/tty0 c 4 0
125    mknod -m 600 ${dev_path}/tty1 c 4 1
126    mknod -m 600 ${dev_path}/tty2 c 4 2
127    mknod -m 600 ${dev_path}/tty3 c 4 3
128    mknod -m 600 ${dev_path}/tty4 c 4 4
129    mknod -m 600 ${dev_path}/console c 5 1
130    mknod -m 666 ${dev_path}/full c 1 7
131    mknod -m 600 ${dev_path}/initctl p
132    mknod -m 666 ${dev_path}/ptmx c 5 2
133    chown root:tty ${dev_path}/ptmx
134    ln -s /proc/self/fd ${dev_path}/fd
135    ln -s /proc/kcore ${dev_path}/core
136    mkdir -m 755 ${dev_path}/mapper
137    mknod -m 600 ${dev_path}/mapper/control c 10 236
138    mkdir -m 755 ${dev_path}/net
139    mknod -m 666 ${dev_path}/net/tun c 10 200
140
141    echo "setting root passwd to $root_password"
142    echo "root:$root_password" | chroot $rootfs_path chpasswd
143
144    return 0
145}
146
147download_altlinux()
148{
149
150    # check the mini altlinux was not already downloaded
151    INSTALL_ROOT=$cache/partial
152    mkdir -p $INSTALL_ROOT
153    if [ $? -ne 0 ]; then
154    echo "Failed to create '$INSTALL_ROOT' directory"
155    return 1
156    fi
157
158    # download a mini altlinux into a cache
159    echo "Downloading altlinux minimal ..."
160    APT_GET="apt-get -o RPM::RootDir=$INSTALL_ROOT -y"
161    PKG_LIST="$(grep -hs '^[^#]' "$profile_dir/$profile")"
162#    PKG_LIST="basesystem apt apt-conf-sisyphus etcnet openssh-server passwd sysklogd net-tools e2fsprogs"
163
164    mkdir -p $INSTALL_ROOT/var/lib/rpm
165    rpm --root $INSTALL_ROOT  --initdb
166    $APT_GET install $PKG_LIST
167
168    if [ $? -ne 0 ]; then
169    echo "Failed to download the rootfs, aborting."
170    return 1
171    fi
172
173    mv "$INSTALL_ROOT" "$cache/rootfs"
174    echo "Download complete."
175
176    return 0
177}
178
179copy_altlinux()
180{
181
182    # make a local copy of the minialtlinux
183    echo -n "Copying rootfs to $rootfs_path ..."
184    #cp -a $cache/rootfs-$arch $rootfs_path || return 1
185    # i prefer rsync (no reason really)
186    mkdir -p $rootfs_path
187    rsync -a $cache/rootfs/ $rootfs_path/
188    return 0
189}
190
191update_altlinux()
192{
193    chroot $cache/rootfs apt-get update
194    chroot $cache/rootfs apt-get -y dist-upgrade
195}
196
197install_altlinux()
198{
199    mkdir -p /var/lock/subsys/
200    (
201    flock -x 200
202    if [ $? -ne 0 ]; then
203        echo "Cache repository is busy."
204        return 1
205    fi
206
207    echo "Checking cache download in $cache/rootfs ... "
208    if [ ! -e "$cache/rootfs" ]; then
209        download_altlinux
210        if [ $? -ne 0 ]; then
211        echo "Failed to download 'altlinux base'"
212        return 1
213        fi
214        else
215        echo "Cache found. Updating..."
216            update_altlinux
217        if [ $? -ne 0 ]; then
218        echo "Failed to update 'altlinux base', continuing with last known good cache"
219            else
220                echo "Update finished"
221        fi
222    fi
223
224    echo "Copy $cache/rootfs to $rootfs_path ... "
225    copy_altlinux
226    if [ $? -ne 0 ]; then
227        echo "Failed to copy rootfs"
228        return 1
229    fi
230
231    return 0
232
233    ) 200>/var/lock/subsys/lxc
234
235    return $?
236}
237
238copy_configuration()
239{
240
241    mkdir -p $config_path
242    grep -q "^lxc.rootfs" $config_path/config 2>/dev/null || echo "lxc.rootfs = $rootfs_path" >> $config_path/config
243    cat <<EOF >> $config_path/config
244lxc.utsname = $name
245lxc.tty = 4
246lxc.pts = 1024
247lxc.mount  = $config_path/fstab
248#networking
249lxc.network.type = $lxc_network_type
250lxc.network.flags = up
251lxc.network.link = $lxc_network_link
252lxc.network.name = veth0
253lxc.network.mtu = 1500
254EOF
255if [ ! -z ${ipv4} ]; then
256    cat <<EOF >> $config_path/config
257lxc.network.ipv4 = $ipv4
258EOF
259fi
260if [ ! -z ${gw} ]; then
261    cat <<EOF >> $config_path/config
262lxc.network.ipv4.gateway = $gw
263EOF
264fi
265if [ ! -z ${ipv6} ]; then
266    cat <<EOF >> $config_path/config
267lxc.network.ipv6 = $ipv6
268EOF
269fi
270if [ ! -z ${gw6} ]; then
271    cat <<EOF >> $config_path/config
272lxc.network.ipv6.gateway = $gw6
273EOF
274fi
275    cat <<EOF >> $config_path/config
276#cgroups
277lxc.cgroup.devices.deny = a
278# /dev/null and zero
279lxc.cgroup.devices.allow = c 1:3 rwm
280lxc.cgroup.devices.allow = c 1:5 rwm
281# consoles
282lxc.cgroup.devices.allow = c 5:1 rwm
283lxc.cgroup.devices.allow = c 5:0 rwm
284lxc.cgroup.devices.allow = c 4:0 rwm
285lxc.cgroup.devices.allow = c 4:1 rwm
286# /dev/{,u}random
287lxc.cgroup.devices.allow = c 1:9 rwm
288lxc.cgroup.devices.allow = c 1:8 rwm
289lxc.cgroup.devices.allow = c 136:* rwm
290lxc.cgroup.devices.allow = c 5:2 rwm
291# rtc
292lxc.cgroup.devices.allow = c 10:135 rwm
293EOF
294
295    cat <<EOF > $config_path/fstab
296proc            $rootfs_path/proc         proc    nodev,noexec,nosuid 0 0
297sysfs           $rootfs_path/sys          sysfs defaults  0 0
298EOF
299
300    if [ $? -ne 0 ]; then
301    echo "Failed to add configuration"
302    return 1
303    fi
304
305    return 0
306}
307
308clean()
309{
310
311    if [ ! -e $cache ]; then
312    exit 0
313    fi
314
315    # lock, so we won't purge while someone is creating a repository
316    (
317    flock -n -x 200
318    if [ $? != 0 ]; then
319        echo "Cache repository is busy."
320        exit 1
321    fi
322
323    echo -n "Purging the download cache for ALTLinux-$release..."
324    rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1
325    exit 0
326
327    ) 200>/var/lock/subsys/lxc
328}
329
330usage()
331{
332    cat <<EOF
333usage:
334    $1 -n|--name=<container_name>
335        [-p|--path=<path>] [-c|--clean] [-R|--release=<ALTLinux_release>]
336        [-4|--ipv4=<ipv4 address>] [-6|--ipv6=<ipv6 address>]
337        [-g|--gw=<gw address>] [-d|--dns=<dns address>]
338        [-P|--profile=<name of the profile>]
339        [-A|--arch=<arch of the container>]
340        [-h|--help]
341Mandatory args:
342  -n,--name         container name, used to as an identifier for that container from now on
343Optional args:
344  -p,--path         path to where the container rootfs will be created, defaults to /var/lib/lxc. The container config will go under /var/lib/lxc in and case
345  -c,--clean        clean the cache
346  -R,--release      ALTLinux release for the new container. if the host is ALTLinux, then it will defaultto the host's release.
347  -4,--ipv4         specify the ipv4 address to assign to the virtualized interface, eg. 192.168.1.123/24
348  -6,--ipv6         specify the ipv6 address to assign to the virtualized interface, eg. 2003:db8:1:0:214:1234:fe0b:3596/64
349  -g,--gw           specify the default gw, eg. 192.168.1.1
350  -G,--gw6          specify the default gw, eg. 2003:db8:1:0:214:1234:fe0b:3596
351  -d,--dns          specify the DNS server, eg. 192.168.1.2
352  -P,--profile      Profile name is the file name in /etc/lxc/profiles contained packages name for install to cache.
353  -A,--arch         NOT USED YET. Define what arch the container will be [i686,x86_64]
354  -h,--help         print this help
355EOF
356    return 0
357}
358
359options=$(getopt -o hp:n:P:cR:4:6:g:d: -l help,path:,name:,profile:,clean,release:ipv4:ipv6:gw:dns: -- "$@")
360if [ $? -ne 0 ]; then
361    usage $(basename $0)
362    exit 1
363fi
364eval set -- "$options"
365
366while true
367do
368    case "$1" in
369    -h|--help)      usage $0 && exit 0;;
370    -p|--path)      path=$2; shift 2;;
371    -n|--name)      name=$2; shift 2;;
372    -P|--profile)   profile=$2; shift 2;;
373    -c|--clean)     clean=$2; shift 2;;
374    -R|--release)   release=$2; shift 2;;
375    -4|--ipv4)      ipv4=$2; shift 2;;
376    -6|--ipv6)      ipv6=$2; shift 2;;
377    -g|--gw)        gw=$2; shift 2;;
378    -d|--dns)       dns=$2; shift 2;;
379    --)             shift 1; break ;;
380        *)              break ;;
381    esac
382done
383
384if [ ! -z "$clean" -a -z "$path" ]; then
385    clean || exit 1
386    exit 0
387fi
388
389type apt-get >/dev/null 2>&1
390if [ $? -ne 0 ]; then
391    echo "'apt-get' command is missing"
392    exit 1
393fi
394
395if [ -z "$path" ]; then
396    path=$default_path
397fi
398
399if [ -z "$profile" ]; then
400    profile=$default_profile
401fi
402
403if [ -z "$release" ]; then
404    if [ "$is_altlinux" ]; then
405        release=$(cat /etc/altlinux-release |awk '/^ALT/ {print $3}')
406    else
407        echo "This is not a ALTLinux host and release missing, use -R|--release to specify release"
408        exit 1
409    fi
410fi
411
412if [ -z "$ipv4" -a -z "$ipv6" ]; then
413    BOOTPROTO="dhcp"
414else
415    BOOTPROTO="static"
416fi
417
418if [ "$(id -u)" != "0" ]; then
419    echo "This script should be run as 'root'"
420    exit 1
421fi
422
423rootfs_path=$path/$name/rootfs
424config_path=$default_path/$name
425cache=$cache_base/$release/$profile
426
427if [ -f $config_path/config ]; then
428    echo "A container with that name exists, chose a different name"
429    exit 1
430fi
431
432# check for 'lxc.rootfs' passed in through default config by lxc-create
433if grep -q '^lxc.rootfs' $path/config 2>/dev/null ; then
434    rootfs_path=`grep 'lxc.rootfs =' $path/config | awk -F= '{ print $2 }'`
435fi
436
437install_altlinux
438if [ $? -ne 0 ]; then
439    echo "failed to install altlinux"
440    exit 1
441fi
442
443configure_altlinux
444if [ $? -ne 0 ]; then
445    echo "failed to configure altlinux for a container"
446    exit 1
447fi
448
449copy_configuration
450if [ $? -ne 0 ]; then
451    echo "failed write configuration file"
452    exit 1
453fi
454
455if [ ! -z $clean ]; then
456    clean || exit 1
457    exit 0
458fi
459echo "container rootfs and config created"
460echo "container is configured for lxc.network.type=veth and lxc.network.link=virbr0 (which is default if you have libvirt runnig)"
Note: See TracBrowser for help on using the repository browser.