lxc-altlinux.in revision eba7df9ee0a1963984ef212e7ddfc0e0835af288
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin# template script for generating altlinux container for LXC
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin# lxc: linux Container library
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin# Alexey Shabalin <shaba@altlinux.org>
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin# This library is free software; you can redistribute it and/or
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin# modify it under the terms of the GNU Lesser General Public
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin# License as published by the Free Software Foundation; either
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin# version 2.1 of the License, or (at your option) any later version.
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin# This library is distributed in the hope that it will be useful,
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin# but WITHOUT ANY WARRANTY; without even the implied warranty of
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin# Lesser General Public License for more details.
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin# You should have received a copy of the GNU Lesser General Public
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin# License along with this library; if not, write to the Free Software
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin#Configurations
e29bf450cafa2ce2564aeb0b64d2014c17228407Dwight Engencache_base=@LOCALSTATEDIR@/cache/lxc/altlinux/$arch
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin# is this altlinux?
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin[ -f /etc/altlinux-release ] && is_altlinux=true
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalin mkdir -p ${rootfs_path}/etc/net/ifaces/veth0
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalin cat <<EOF > ${rootfs_path}/etc/net/ifaces/veth0/options
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey ShabalinBOOTPROTO=${BOOTPROTO}
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey ShabalinNM_CONTROLLED=no
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalin cat <<EOF > ${rootfs_path}/etc/net/ifaces/veth0/ipv4address
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalin cat <<EOF > ${rootfs_path}/etc/net/ifaces/veth0/ipv4route
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalin cat <<EOF > ${rootfs_path}/etc/net/ifaces/veth0/resolv.conf
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalinnameserver ${dns}
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalin cat <<EOF > ${rootfs_path}/etc/net/ifaces/veth0/ipv6address
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalin cat <<EOF > ${rootfs_path}/etc/net/ifaces/veth0/ipv6route
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin cat <<EOF > ${rootfs_path}/etc/sysconfig/network
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey ShabalinNETWORKING=yes
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey ShabalinCONFMETHOD=etcnet
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey ShabalinHOSTNAME=${UTSNAME}
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey ShabalinRESOLV_MODS=yes
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin127.0.0.1 localhost.localdomain localhost $name
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin # Allow to login at virsh console. loginuid.so doen't work in the absence of auditd.
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalin# sed -i 's/^.*loginuid.so.*$/\#&/' ${rootfs_path}/etc/pam.d/common-login
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin echo "pts/0" >> ${rootfs_path}/etc/securetty
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalin echo "console" >> ${rootfs_path}/etc/securetty
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin chroot ${rootfs_path} chkconfig rawdevices off
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin chroot ${rootfs_path} chkconfig fbsetfont off
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin# chroot ${rootfs_path} chkconfig keytable off
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalin subst 's/^\([3-9]\+:[0-9]\+:respawn:\/sbin\/mingetty.*\)/#\1/' ${rootfs_path}/etc/inittab
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalin echo "c1:2345:respawn:/sbin/mingetty --noclear console" >> ${rootfs_path}/etc/inittab
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin subst 's,\/dev\/tty12,/var/log/syslog/console,' ${rootfs_path}/etc/syslog.conf
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalin# touch file for fastboot
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin mknod -m 666 ${dev_path}/null c 1 3
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin mknod -m 666 ${dev_path}/zero c 1 5
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin mknod -m 644 ${dev_path}/random c 1 8
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin mknod -m 644 ${dev_path}/urandom c 1 9
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin mknod -m 666 ${dev_path}/tty c 5 0
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalin mknod -m 600 ${dev_path}/tty0 c 4 0
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalin mknod -m 600 ${dev_path}/tty1 c 4 1
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalin mknod -m 600 ${dev_path}/tty2 c 4 2
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalin mknod -m 600 ${dev_path}/tty3 c 4 3
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalin mknod -m 600 ${dev_path}/tty4 c 4 4
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin mknod -m 600 ${dev_path}/console c 5 1
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin mknod -m 666 ${dev_path}/full c 1 7
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin mknod -m 666 ${dev_path}/ptmx c 5 2
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalin mknod -m 600 ${dev_path}/mapper/control c 10 236
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalin mknod -m 666 ${dev_path}/net/tun c 10 200
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin echo "setting root passwd to $root_password"
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin echo "root:$root_password" | chroot $rootfs_path chpasswd
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin # check the mini altlinux was not already downloaded
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin if [ $? -ne 0 ]; then
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin echo "Failed to create '$INSTALL_ROOT' directory"
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin APT_GET="apt-get -o RPM::RootDir=$INSTALL_ROOT -y"
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin PKG_LIST="$(grep -hs '^[^#]' "$profile_dir/$profile")"
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin# PKG_LIST="basesystem apt apt-conf-sisyphus etcnet openssh-server passwd sysklogd net-tools e2fsprogs"
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin if [ $? -ne 0 ]; then
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin echo "Failed to download the rootfs, aborting."
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin echo -n "Copying rootfs to $rootfs_path ..."
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin #cp -a $cache/rootfs-$arch $rootfs_path || return 1
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin chroot $cache/rootfs apt-get -y dist-upgrade
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin if [ $? -ne 0 ]; then
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin echo "Checking cache download in $cache/rootfs ... "
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin if [ $? -ne 0 ]; then
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin if [ $? -ne 0 ]; then
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin echo "Failed to update 'altlinux base', continuing with last known good cache"
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin echo "Copy $cache/rootfs to $rootfs_path ... "
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin if [ $? -ne 0 ]; then
1881820ae4ff9004beef1bf7f04553580840441dSerge Hallyn grep -q "^lxc.rootfs" $config_path/config 2>/dev/null || echo "lxc.rootfs = $rootfs_path" >> $config_path/config
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalinlxc.utsname = $name
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalinlxc.pts = 1024
eba7df9ee0a1963984ef212e7ddfc0e0835af288Stéphane Graberlxc.mount = $config_path/fstab
f02ce27d4b1a9d01b88d0ffaf626e5bafa671bf0Stéphane Graber# When using LXC with apparmor, uncomment the next line to run unconfined:
f02ce27d4b1a9d01b88d0ffaf626e5bafa671bf0Stéphane Graber#lxc.aa_profile = unconfined
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalinlxc.network.type = $lxc_network_type
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalinlxc.network.flags = up
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalinlxc.network.link = $lxc_network_link
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalinlxc.network.name = veth0
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalinlxc.network.mtu = 1500
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalinif [ ! -z ${ipv4} ]; then
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalinlxc.network.ipv4 = $ipv4
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalinif [ ! -z ${gw} ]; then
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalinlxc.network.ipv4.gateway = $gw
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalinif [ ! -z ${ipv6} ]; then
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalinlxc.network.ipv6 = $ipv6
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalinif [ ! -z ${gw6} ]; then
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalinlxc.network.ipv6.gateway = $gw6
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalinlxc.cgroup.devices.deny = a
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin# /dev/null and zero
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalinlxc.cgroup.devices.allow = c 1:3 rwm
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalinlxc.cgroup.devices.allow = c 1:5 rwm
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalinlxc.cgroup.devices.allow = c 5:1 rwm
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalinlxc.cgroup.devices.allow = c 5:0 rwm
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalinlxc.cgroup.devices.allow = c 4:0 rwm
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalinlxc.cgroup.devices.allow = c 4:1 rwm
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin# /dev/{,u}random
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalinlxc.cgroup.devices.allow = c 1:9 rwm
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalinlxc.cgroup.devices.allow = c 1:8 rwm
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalinlxc.cgroup.devices.allow = c 136:* rwm
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalinlxc.cgroup.devices.allow = c 5:2 rwm
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalinlxc.cgroup.devices.allow = c 10:135 rwm
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalinproc $rootfs_path/proc proc nodev,noexec,nosuid 0 0
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalinsysfs $rootfs_path/sys sysfs defaults 0 0
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin if [ $? -ne 0 ]; then
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin if [ ! -e $cache ]; then
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin # lock, so we won't purge while someone is creating a repository
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin if [ $? != 0 ]; then
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin echo -n "Purging the download cache for ALTLinux-$release..."
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin $1 -n|--name=<container_name>
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin [-p|--path=<path>] [-c|--clean] [-R|--release=<ALTLinux_release>]
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalin [-4|--ipv4=<ipv4 address>] [-6|--ipv6=<ipv6 address>]
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalin [-g|--gw=<gw address>] [-d|--dns=<dns address>]
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin [-P|--profile=<name of the profile>]
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin [-A|--arch=<arch of the container>]
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey ShabalinMandatory args:
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin -n,--name container name, used to as an identifier for that container from now on
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey ShabalinOptional args:
e29bf450cafa2ce2564aeb0b64d2014c17228407Dwight Engen -p,--path path to where the container rootfs will be created, defaults to @LXCPATH@. The container config will go under @LXCPATH@ in that case
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin -c,--clean clean the cache
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin -R,--release ALTLinux release for the new container. if the host is ALTLinux, then it will defaultto the host's release.
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalin -4,--ipv4 specify the ipv4 address to assign to the virtualized interface, eg. 192.168.1.123/24
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalin -6,--ipv6 specify the ipv6 address to assign to the virtualized interface, eg. 2003:db8:1:0:214:1234:fe0b:3596/64
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalin -g,--gw specify the default gw, eg. 192.168.1.1
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalin -G,--gw6 specify the default gw, eg. 2003:db8:1:0:214:1234:fe0b:3596
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalin -d,--dns specify the DNS server, eg. 192.168.1.2
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin -P,--profile Profile name is the file name in /etc/lxc/profiles contained packages name for install to cache.
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin -A,--arch NOT USED YET. Define what arch the container will be [i686,x86_64]
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin -h,--help print this help
b031f0d2ca1b40eab86286b82d3c5e8b379122e6Alexey Shabalinoptions=$(getopt -o hp:n:P:cR:4:6:g:d: -l help,path:,name:,profile:,clean,release:ipv4:ipv6:gw:dns: -- "$@")
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin --) shift 1; break ;;
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin echo "'apt-get' command is missing"
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalinif [ -z "$path" ]; then
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalinif [ -z "$profile" ]; then
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalinif [ -z "$release" ]; then
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin release=$(cat /etc/altlinux-release |awk '/^ALT/ {print $3}')
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin echo "This is not a ALTLinux host and release missing, use -R|--release to specify release"
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin echo "This script should be run as 'root'"
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin echo "A container with that name exists, chose a different name"
1881820ae4ff9004beef1bf7f04553580840441dSerge Hallyn# check for 'lxc.rootfs' passed in through default config by lxc-create
1881820ae4ff9004beef1bf7f04553580840441dSerge Hallynif grep -q '^lxc.rootfs' $path/config 2>/dev/null ; then
1881820ae4ff9004beef1bf7f04553580840441dSerge Hallyn rootfs_path=`grep 'lxc.rootfs =' $path/config | awk -F= '{ print $2 }'`
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin echo "failed to install altlinux"
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin echo "failed to configure altlinux for a container"
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalin echo "failed write configuration file"
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalinif [ ! -z $clean ]; then
262f4e48a51a55ad9cee06abbcfe4a6ad6166f49Alexey Shabalinecho "container rootfs and config created"
eba7df9ee0a1963984ef212e7ddfc0e0835af288Stéphane Graberecho "network configured as $lxc_network_type in the $lxc_network_link"