lxc-altlinux.in revision 3d5658d167db8866d5cd3b4b89f0e4becc735719
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher# template script for generating altlinux container for LXC
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek# lxc: linux Container library
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher# Alexey Shabalin <shaba@altlinux.org>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek# This library is free software; you can redistribute it and/or
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek# modify it under the terms of the GNU Lesser General Public
a9228ebcce14888b3123bdf46e610e0900bcd2ccJakub Hrozek# License as published by the Free Software Foundation; either
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek# version 2.1 of the License, or (at your option) any later version.
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher# This library is distributed in the hope that it will be useful,
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher# but WITHOUT ANY WARRANTY; without even the implied warranty of
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher# Lesser General Public License for more details.
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher# You should have received a copy of the GNU Lesser General Public
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher# License along with this library; if not, write to the Free Software
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek# Detect use under userns (unsupported)
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek if [ "$arg" = "--mapped-uid" -o "$arg" = "--mapped-gid" ]; then
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek echo "This template can't be used for unprivileged containers." 1>&2
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher echo "You may want to try the \"download\" template instead." 1>&2
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher# Make sure the usual locations are in PATH
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagherexport PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher#Configurations
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghercache_base=@LOCALSTATEDIR@/cache/lxc/altlinux/$arch
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher# is this altlinux?
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher[ -f /etc/altlinux-release ] && is_altlinux=true
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher mkdir -p ${rootfs_path}/etc/net/ifaces/eth0
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher cat <<EOF > ${rootfs_path}/etc/net/ifaces/eth0/options
2ea6196484055397cc4bc011c5960f790431fa9dStephen GallagherBOOTPROTO=${BOOTPROTO}
2ea6196484055397cc4bc011c5960f790431fa9dStephen GallagherNM_CONTROLLED=yes
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek cat <<EOF > ${rootfs_path}/etc/net/ifaces/eth0/ipv4address
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher cat <<EOF > ${rootfs_path}/etc/net/ifaces/eth0/ipv4route
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher cat <<EOF > ${rootfs_path}/etc/net/ifaces/eth0/resolv.conf
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallaghernameserver ${dns}
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher cat <<EOF > ${rootfs_path}/etc/net/ifaces/eth0/ipv6address
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher cat <<EOF > ${rootfs_path}/etc/net/ifaces/eth0/ipv6route
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher cat <<EOF > ${rootfs_path}/etc/sysconfig/network
52261fe16203dec6e6f69177c6d0a810b47d073fStephen GallagherCONFMETHOD=etcnet
52261fe16203dec6e6f69177c6d0a810b47d073fStephen GallagherHOSTNAME=${UTSNAME}
52261fe16203dec6e6f69177c6d0a810b47d073fStephen GallagherRESOLV_MODS=yes
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher127.0.0.1 localhost.localdomain localhost $name
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher # Allow to login at virsh console. loginuid.so doen't work in the absence of auditd.
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher# sed -i 's/^.*loginuid.so.*$/\#&/' ${rootfs_path}/etc/pam.d/common-login
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher echo "pts/0" >> ${rootfs_path}/etc/securetty
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher echo "console" >> ${rootfs_path}/etc/securetty
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher for service in network syslogd random NetworkManager
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher chroot ${rootfs_path} chkconfig $service --list &>/dev/null && chroot ${rootfs_path} chkconfig $service on || true
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher chroot ${rootfs_path} systemctl -q enable $service &>/dev/null|| true
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher chroot ${rootfs_path} chkconfig $service --list &>/dev/null && chroot ${rootfs_path} chkconfig $service off || true
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher chroot ${rootfs_path} systemctl -q disable $service &>/dev/null || true
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher subst 's/^\([3-9]\+:[0-9]\+:respawn:\/sbin\/mingetty.*\)/#\1/' ${rootfs_path}/etc/inittab
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher echo "c1:2345:respawn:/sbin/mingetty --noclear console" >> ${rootfs_path}/etc/inittab
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher [ -f "${rootfs_path}/etc/syslog.conf" ] && \
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher subst 's,\/dev\/tty12,/var/log/syslog/console,' ${rootfs_path}/etc/syslog.conf
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher mknod -m 666 ${dev_path}/null c 1 3
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher mknod -m 666 ${dev_path}/zero c 1 5
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher mknod -m 644 ${dev_path}/random c 1 8
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher mknod -m 666 ${dev_path}/tty c 5 0
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek mknod -m 600 ${dev_path}/tty0 c 4 0
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher mknod -m 600 ${dev_path}/tty1 c 4 1
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher mknod -m 600 ${dev_path}/tty2 c 4 2
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher mknod -m 600 ${dev_path}/tty3 c 4 3
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher mknod -m 600 ${dev_path}/tty4 c 4 4
65a9065538fd85e6ead925d344e6b421900eb8c2Jakub Hrozek mknod -m 666 ${dev_path}/full c 1 7
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher mknod -m 666 ${dev_path}/ptmx c 5 2
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher mknod -m 600 ${dev_path}/mapper/control c 10 236
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher mknod -m 666 ${dev_path}/net/tun c 10 200
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher echo "setting root passwd to $root_password"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher echo "root:$root_password" | chroot $rootfs_path chpasswd
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher # check the mini altlinux was not already downloaded
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher if [ $? -ne 0 ]; then
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher echo "Failed to create '$INSTALL_ROOT' directory"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher APT_GET="apt-get -o RPM::RootDir=$INSTALL_ROOT -y"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher PKG_LIST="$(grep -hs '^[^#]' "$profile_dir/$profile")"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher # if no configuration file $profile -- fall back to default list of packages
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher [ -z "$PKG_LIST" ] && PKG_LIST="interactivesystem apt apt-conf etcnet-full openssh-server systemd-sysvinit systemd-units systemd NetworkManager-daemon"
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher # some scripts want to have /dev/null at least
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher if [ $? -ne 0 ]; then
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher echo "Failed to download the rootfs, aborting."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher echo -n "Copying rootfs to $rootfs_path ..."
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher #cp -a $cache/rootfs-$arch $rootfs_path || return 1
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher chroot $cache/rootfs apt-get -y dist-upgrade
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek if [ $? -ne 0 ]; then
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek echo "Checking cache download in $cache/rootfs ... "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek if [ $? -ne 0 ]; then
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek if [ $? -ne 0 ]; then
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek echo "Failed to update 'altlinux base', continuing with last known good cache"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek if [ $? -ne 0 ]; then
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek grep -q "^lxc.rootfs" $config_path/config 2>/dev/null || echo "lxc.rootfs = $rootfs_path" >> $config_path/config
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozeklxc.utsname = $name
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozeklxc.pts = 1024
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozeklxc.cap.drop = sys_module mac_admin mac_override sys_time
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek# When using LXC with apparmor, uncomment the next line to run unconfined:
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#lxc.aa_profile = unconfined
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#lxc.network.type = $lxc_network_type
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#lxc.network.flags = up
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#lxc.network.link = $lxc_network_link
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#lxc.network.name = veth0
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#lxc.network.mtu = 1500
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekif [ ! -z ${ipv4} ]; then
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozeklxc.network.ipv4 = $ipv4
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekif [ ! -z ${gw} ]; then
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozeklxc.network.ipv4.gateway = $gw
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekif [ ! -z ${ipv6} ]; then
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozeklxc.network.ipv6 = $ipv6
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekif [ ! -z ${gw6} ]; then
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozeklxc.network.ipv6.gateway = $gw6
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozeklxc.cgroup.devices.deny = a
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek# /dev/null and zero
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozeklxc.cgroup.devices.allow = c 1:3 rwm
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozeklxc.cgroup.devices.allow = c 1:5 rwm
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagherlxc.cgroup.devices.allow = c 5:1 rwm
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagherlxc.cgroup.devices.allow = c 5:0 rwm
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagherlxc.cgroup.devices.allow = c 4:0 rwm
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagherlxc.cgroup.devices.allow = c 4:1 rwm
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek# /dev/{,u}random
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagherlxc.cgroup.devices.allow = c 1:9 rwm
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagherlxc.cgroup.devices.allow = c 1:8 rwm
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagherlxc.cgroup.devices.allow = c 136:* rwm
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagherlxc.cgroup.devices.allow = c 5:2 rwm
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagherlxc.cgroup.devices.allow = c 10:135 rwm
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagherlxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher if [ $? -ne 0 ]; then
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher if [ ! -e $cache ]; then
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher # lock, so we won't purge while someone is creating a repository
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek if [ $? != 0 ]; then
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher echo -n "Purging the download cache for ALTLinux-$release..."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1
e59e09b5010f262228bbdeb92a79b733bf5854b3Stephen Gallagher ) 9>@LOCALSTATEDIR@/lock/subsys/lxc-altlinux
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek $1 -n|--name=<container_name>
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher [-p|--path=<path>] [-c|--clean] [-R|--release=<ALTLinux_release>]
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher [-4|--ipv4=<ipv4 address>] [-6|--ipv6=<ipv6 address>]
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher [-g|--gw=<gw address>] [-d|--dns=<dns address>]
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher [-P|--profile=<name of the profile>] [--rootfs=<path>]
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek [-A|--arch=<arch of the container>]
52261fe16203dec6e6f69177c6d0a810b47d073fStephen GallagherMandatory args:
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher -n,--name container name, used to as an identifier for that container from now on
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher -p,--path path to where the container rootfs will be created, defaults to @LXCPATH@. The container config will go under @LXCPATH@ in that case
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher -c,--clean clean the cache
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher -R,--release ALTLinux release for the new container. if the host is ALTLinux, then it will defaultto the host's release.
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher -4,--ipv4 specify the ipv4 address to assign to the virtualized interface, eg. 192.168.1.123/24
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek -6,--ipv6 specify the ipv6 address to assign to the virtualized interface, eg. 2003:db8:1:0:214:1234:fe0b:3596/64
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher -g,--gw specify the default gw, eg. 192.168.1.1
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher -G,--gw6 specify the default gw, eg. 2003:db8:1:0:214:1234:fe0b:3596
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher -d,--dns specify the DNS server, eg. 192.168.1.2
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher -P,--profile Profile name is the file name in /etc/lxc/profiles contained packages name for install to cache.
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek -A,--arch NOT USED YET. Define what arch the container will be [i686,x86_64]
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher ---rootfs rootfs path
2ea6196484055397cc4bc011c5960f790431fa9dStephen Gallagher -h,--help print this help
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagheroptions=$(getopt -o hp:n:P:cR:4:6:g:d: -l help,rootfs:,path:,name:,profile:,clean,release:,ipv4:,ipv6:,gw:,dns: -- "$@")
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher --) shift 1; break ;;
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagher echo "'apt-get' command is missing"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekif [ -z "$path" ]; then
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozekif [ -z "$profile" ]; then
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekif [ -z "$release" ]; then
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek if [ "$is_altlinux" ]; then
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek release=$(cat /etc/altlinux-release |awk '/^ALT/ {print $3}')
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek echo "This is not a ALTLinux host and release missing, use -R|--release to specify release"
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek echo "This script should be run as 'root'"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek# check for 'lxc.rootfs' passed in through default config by lxc-create
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagherif [ -z "$rootfs_path" ]; then
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek if grep -q '^lxc.rootfs' $path/config 2>/dev/null ; then
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek rootfs_path=$(awk -F= '/^lxc.rootfs =/{ print $2 }' $path/config)
b20208b80e99abb79c00d5ec526caa9465859c52Jakub Hrozek echo "failed to install altlinux"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek echo "failed to configure altlinux for a container"
dd3ba5c5b7d2a9d109963ae9e6c94fff34872221Stephen Gallagher echo "failed write configuration file"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagherif [ ! -z "$clean" ]; then
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagherecho "container rootfs and config created"
52261fe16203dec6e6f69177c6d0a810b47d073fStephen Gallagherecho "network configured as $lxc_network_type in the $lxc_network_link"