lxc/templates/lxc-archlinux.in

	lxc-archlinux.in revision 148315348760faf4ad822ded7c416d2de8050937
144N/A#!/bin/bash
144N/A
144N/A#
144N/A# template script for generating Arch linux container for LXC
144N/A#
144N/A
144N/A#
144N/A# lxc: linux Container library
144N/A
144N/A# Authors:
144N/A# Alexander Vladimirov <idkfa@vlan1.ru>
144N/A
144N/A# This library is free software; you can redistribute it and/or
144N/A# modify it under the terms of the GNU Lesser General Public
144N/A# License as published by the Free Software Foundation; either
144N/A# version 2.1 of the License, or (at your option) any later version.
144N/A
144N/A# This library is distributed in the hope that it will be useful,
144N/A# but WITHOUT ANY WARRANTY; without even the implied warranty of
144N/A# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
144N/A# Lesser General Public License for more details.
187N/A
954N/A# You should have received a copy of the GNU Lesser General Public
954N/A# License along with this library; if not, write to the Free Software
954N/A# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

# defaults
arch=$(uname -m)
lxc_network_type="veth"
lxc_network_link="br0"
default_path="@LXCPATH@"
default_locale="en-US.UTF-8"
default_timezone="UTC"
pacman_config="/etc/pacman.conf"

# sort of minimal package set
base_packages=(
    "systemd"
    "systemd-sysvcompat"
    "filesystem"
    "coreutils"
    "module-init-tools"
    "procps"
    "psmisc"
    "pacman"
    "bash"
    "syslog-ng"
    "cronie"
    "iproute2"
    "iputils"
    "inetutils"
    "dhcpcd"
    "dnsutils"
    "nano"
    "grep"
    "less"
    "gawk"
    "sed"
    "tar"
    "wget"
    "gzip"
    "which"
)
declare -a additional_packages

# split comma-separated string into an array
# ${1} - string to split
# ${2} - separator (default is ",")
# ${result} - result value on success
function split_string {
    local ifs=${IFS}
    IFS="${2:-,}"
    read -a result < <(echo "${1}")
    IFS=${ifs}
    return 0
}

[ -f /etc/arch-release ] && is_arch=true

# Arch-specific preconfiguration for container
function configure_arch {
    # read locale and timezone defaults from system rc.conf if running on Arch
    if [ "${is_arch}" ]; then
        cp -p /etc/vconsole.conf /etc/locale.conf /etc/locale.gen "${rootfs_path}/etc/"
    else
        echo "LANG=${default_lang}" > "${rootfs_path}/etc/locale.conf"
        echo "KEYMAP=us" > "${rootfs_path}/etc/vconsole.conf"
        cat > "${rootfs_path}/etc/adjtime" << EOF
0.0 0.0 0.0
0
LOCAL
EOF
        if [ -e "${rootfs_path}/etc/locale.gen" ]; then
            sed -i 's@^#\(en_US\.UTF-8\)@\1@' "${rootfs_path}/etc/locale.gen"
            if [ ! "${default_locale}" = "en_US.UTF-8" ]; then
                echo "${default_locale} ${default_locale##*.}" >> "${rootfs_path}/etc/locale.gen"
            fi
        fi
    fi
    echo "${name}" > "${rootfs_path}/etc/hostname"
    cat > "${rootfs_path}/etc/hosts" << EOF
127.0.0.1   localhost.localdomain   localhost ${name}
::1     localhost.localdomain   localhost
EOF
    grep nameserver /etc/resolv.conf > "${rootfs_path}/etc/resolv.conf"

    arch-chroot "${rootfs_path}" /bin/bash -s << EOF
mkdir /run/lock
locale-gen
ln -s /usr/share/zoneinfo/${default_timezone} /etc/localtime
# disable services unavailable for container
ln -s /dev/null /etc/systemd/system/systemd-udevd.service
ln -s /dev/null /etc/systemd/system/systemd-udevd-control.socket
ln -s /dev/null /etc/systemd/system/systemd-udevd-kernel.socket
ln -s /dev/null /etc/systemd/system/proc-sys-fs-binfmt_misc.automount
# set default systemd target
ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
EOF
    return 0
}

# write container configuration files
function copy_configuration {
    mkdir -p "${config_path}"
    cat > "${config_path}/config" << EOF
lxc.utsname=${name}
lxc.autodev=1
lxc.tty=1
lxc.pts=1024
lxc.rootfs=${rootfs_path}
lxc.mount=${config_path}/fstab
lxc.cap.drop = sys_module mac_admin mac_override
#networking
lxc.network.type=${lxc_network_type}
lxc.network.link=${lxc_network_link}
lxc.network.flags=up
lxc.network.name=eth0
lxc.network.mtu=1500
#cgroups
lxc.cgroup.devices.deny = a
lxc.cgroup.devices.allow = c *:* m
lxc.cgroup.devices.allow = b *:* m
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
lxc.cgroup.devices.allow = c 1:7 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:2 rwm
lxc.cgroup.devices.allow = c 136:* rwm
EOF

    cat > "${config_path}/fstab" << EOF
sysfs sys sysfs ro,defaults 0 0
proc proc proc nodev,noexec,nosuid 0 0
/proc/sys ${rootfs_path}/proc/sys none ro,bind 0 0
#/var/log/journal ${rootfs_path}/var/log/journal none bind 0 0
EOF

    return 0
}

# install packages within container chroot
function install_arch {
    if ! pacstrap -dcC "${pacman_config}" "${rootfs_path}" ${base_packages[@]}; then
        echo "Failed to install container packages"
        return 1
    fi
    [ -d "${rootfs_path}/lib/modules" ] && ldconfig -r "${rootfs_path}"
    return 0
}

usage() {
    cat <<EOF
usage:
    ${1} -n|--name=<container_name>
        [-P|--packages=<pkg1,pkg2,...>] [-p|--path=<path>] [-t|--network_type=<type>] [-l|--network_link=<link>] [-h|--help]
Mandatory args:
  -n,--name         container name, used to as an identifier for that container from now on
Optional args:
  -p,--path         path to where the container rootfs will be created, defaults to ${default_path}/rootfs. The container config will go under ${default_path} in that case
  -P,--packages     preinstall additional packages, comma-separated list
  -c,--config       use specified pacman config when installing container packages
  -t,--network_type set container network interface type (${lxc_network_type})
  -l,--network_link set network link device (${lxc_network_link})
  -h,--help         print this help
EOF
    return 0
}

options=$(getopt -o hp:P:n:c:l:t: -l help,path:,packages:,name:,config:,network_type:,network_link: -- "${@}")
if [ ${?} -ne 0 ]; then
    usage $(basename ${0})
    exit 1
fi
eval set -- "${options}"

while true
do
    case "${1}" in
    -h|--help)          usage ${0} && exit 0;;
    -p|--path)          path=${2}; shift 2;;
    -n|--name)          name=${2}; shift 2;;
    -P|--packages)      additional_packages=${2}; shift 2;;
    -c|--config)        pacman_config=${2}; shift 2;;
    -t|--network_type)  lxc_network_type=${2}; shift 2;;
    -l|--network_link)  lxc_network_link=${2}; shift 2;;
    --)             shift 1; break ;;
    *)              break ;;
    esac
done

if [ -z "${name}" ]; then
    echo "missing required 'name' parameter"
    exit 1
fi

if [ ! -e /sys/class/net/${lxc_network_link} ]; then
    echo "network link interface does not exist"
    exit 1
fi

type pacman >/dev/null 2>&1
if [ ${?} -ne 0 ]; then
    echo "'pacman' command is missing, refer to wiki.archlinux.org for information about installing pacman"
    exit 1
fi

if [ -z "${path}" ]; then
    path="${default_path}/${name}"
fi

if [ "${EUID}" != "0" ]; then
    echo "This script should be run as 'root'"
    exit 1
fi

rootfs_path="${path}/rootfs"
config_path="${default_path}/${name}"

revert() {
    echo "Interrupted, cleaning up"
    lxc-destroy -n "${name}"
    rm -rf "${path}/${name}"
    rm -rf "${default_path}/${name}"
    exit 1
}

trap revert SIGHUP SIGINT SIGTERM

copy_configuration
if [ ${?} -ne 0 ]; then
    echo "failed to write configuration file"
    rm -rf "${config_path}"
    exit 1
fi

if [ ${#additional_packages[@]} -gt 0 ]; then
    split_string ${additional_packages}
    base_packages+=(${result[@]})
fi

mkdir -p "${rootfs_path}"
install_arch
if [ ${?} -ne 0 ]; then
    echo "failed to install Arch Linux"
    rm -rf "${config_path}" "${path}"
    exit 1
fi

configure_arch
if [ ${?} -ne 0 ]; then
    echo "failed to configure Arch Linux for a container"
    rm -rf "${config_path}" "${path}"
    exit 1
fi

echo "container config is ${config_path}/config"