lxc-archlinux.in revision 4852d800d11740225072579e8bd8c4b56df581ee
70N/A#!/bin/bash
70N/A
286N/A#
70N/A# template script for generating Arch linux container for LXC
70N/A#
70N/A
70N/A#
70N/A# lxc: linux Container library
70N/A
70N/A# Authors:
70N/A# Alexander Vladimirov <idkfa@vlan1.ru>
70N/A
70N/A# This library is free software; you can redistribute it and/or
70N/A# modify it under the terms of the GNU Lesser General Public
70N/A# License as published by the Free Software Foundation; either
70N/A# version 2.1 of the License, or (at your option) any later version.
70N/A
70N/A# This library is distributed in the hope that it will be useful,
70N/A# but WITHOUT ANY WARRANTY; without even the implied warranty of
70N/A# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
70N/A# Lesser General Public License for more details.
70N/A
70N/A# You should have received a copy of the GNU Lesser General Public
70N/A# License along with this library; if not, write to the Free Software
70N/A# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
70N/A
70N/A# defaults
70N/Aarch=$(uname -m)
70N/Alxc_network_type="veth"
70N/Alxc_network_link="br0"
530N/Adefault_path="@LXCPATH@"
70N/Adefault_locale="en-US.UTF-8"
70N/Adefault_timezone="UTC"
70N/Apacman_config="/etc/pacman.conf"
359N/A
359N/A# sort of minimal package set
359N/Abase_packages=(
98N/A "systemd"
321N/A "systemd-sysvcompat"
493N/A "filesystem"
321N/A "coreutils"
213N/A "kmod"
304N/A "procps"
530N/A "psmisc"
425N/A "pacman"
425N/A "bash"
325N/A "cronie"
493N/A "iproute2"
456N/A "iputils"
320N/A "inetutils"
332N/A "dhcpcd"
501N/A "dnsutils"
231N/A "nano"
523N/A "grep"
98N/A "less"
347N/A "gawk"
525N/A "sed"
463N/A "tar"
493N/A "gzip"
425N/A "which"
493N/A)
472N/Adeclare -a additional_packages
324N/A
347N/A# split comma-separated string into an array
310N/A# ${1} - string to split
316N/A# ${2} - separator (default is ",")
474N/A# ${result} - result value on success
290N/Afunction split_string {
332N/A local ifs=${IFS}
464N/A IFS="${2:-,}"
332N/A read -a result < <(echo "${1}")
509N/A IFS=${ifs}
332N/A return 0
210N/A}
493N/A
128N/A[ -f /etc/arch-release ] && is_arch=true
414N/A
484N/A# Arch-specific preconfiguration for container
326N/Afunction configure_arch {
493N/A # read locale and timezone defaults from system rc.conf if running on Arch
335N/A if [ "${is_arch}" ]; then
493N/A cp -p /etc/vconsole.conf /etc/locale.conf /etc/locale.gen "${rootfs_path}/etc/"
493N/A else
425N/A echo "LANG=${default_lang}" > "${rootfs_path}/etc/locale.conf"
370N/A echo "KEYMAP=us" > "${rootfs_path}/etc/vconsole.conf"
70N/A cat > "${rootfs_path}/etc/adjtime" << EOF
400N/A0.0 0.0 0.0
294N/A0
435N/ALOCAL
98N/AEOF
434N/A if [ -e "${rootfs_path}/etc/locale.gen" ]; then
505N/A sed -i 's@^#\(en_US\.UTF-8\)@\1@' "${rootfs_path}/etc/locale.gen"
277N/A if [ ! "${default_locale}" = "en_US.UTF-8" ]; then
433N/A echo "${default_locale} ${default_locale##*.}" >> "${rootfs_path}/etc/locale.gen"
356N/A fi
289N/A fi
326N/A fi
439N/A echo "${name}" > "${rootfs_path}/etc/hostname"
501N/A cat > "${rootfs_path}/etc/hosts" << EOF
469N/A127.0.0.1 localhost.localdomain localhost ${name}
290N/A::1 localhost.localdomain localhost
424N/AEOF
286N/A grep nameserver /etc/resolv.conf > "${rootfs_path}/etc/resolv.conf"
90N/A
475N/A arch-chroot "${rootfs_path}" /bin/bash -s << EOF
295N/Amkdir /run/lock
70N/Alocale-gen
299N/Aln -s /usr/share/zoneinfo/${default_timezone} /etc/localtime
262N/A# disable services unavailable for container
455N/Aln -s /dev/null /etc/systemd/system/systemd-udevd.service
277N/Aln -s /dev/null /etc/systemd/system/systemd-udevd-control.socket
332N/Aln -s /dev/null /etc/systemd/system/systemd-udevd-kernel.socket
332N/Aln -s /dev/null /etc/systemd/system/proc-sys-fs-binfmt_misc.automount
493N/A# set default systemd target
70N/Aln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
70N/AEOF
319N/A return 0
280N/A}
319N/A
359N/A# write container configuration files
493N/Afunction copy_configuration {
70N/A mkdir -p "${config_path}"
98N/A cat > "${config_path}/config" << EOF
98N/Alxc.utsname=${name}
414N/Alxc.autodev=1
98N/Alxc.tty=1
493N/Alxc.pts=1024
493N/Alxc.rootfs=${rootfs_path}
70N/Alxc.mount=${config_path}/fstab
493N/Alxc.cap.drop = mknod sys_module mac_admin mac_override
493N/A#networking
493N/Alxc.network.type=${lxc_network_type}
lxc.network.link=${lxc_network_link}
lxc.network.flags=up
lxc.network.name=eth0
lxc.network.mtu=1500
#cgroups
lxc.cgroup.devices.deny = a
lxc.cgroup.devices.allow = c *:* m
lxc.cgroup.devices.allow = b *:* m
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
lxc.cgroup.devices.allow = c 1:7 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:2 rwm
lxc.cgroup.devices.allow = c 136:* rwm
EOF
cat > "${config_path}/fstab" << EOF
sysfs sys sysfs ro,defaults 0 0
proc proc proc nodev,noexec,nosuid 0 0
/proc/sys ${rootfs_path}/proc/sys none ro,bind 0 0
#/var/log/journal ${rootfs_path}/var/log/journal none bind 0 0
EOF
return 0
}
# install packages within container chroot
function install_arch {
if ! pacstrap -dcC "${pacman_config}" "${rootfs_path}" ${base_packages[@]}; then
echo "Failed to install container packages"
return 1
fi
[ -d "${rootfs_path}/lib/modules" ] && ldconfig -r "${rootfs_path}"
return 0
}
usage() {
cat <<EOF
usage:
${1} -n|--name=<container_name>
[-P|--packages=<pkg1,pkg2,...>] [-p|--path=<path>] [-t|--network_type=<type>] [-l|--network_link=<link>] [-h|--help]
Mandatory args:
-n,--name container name, used to as an identifier for that container from now on
Optional args:
-p,--path path to where the container rootfs will be created, defaults to ${default_path}/rootfs. The container config will go under ${default_path} in that case
-P,--packages preinstall additional packages, comma-separated list
-c,--config use specified pacman config when installing container packages
-t,--network_type set container network interface type (${lxc_network_type})
-l,--network_link set network link device (${lxc_network_link})
-h,--help print this help
EOF
return 0
}
options=$(getopt -o hp:P:n:c:l:t: -l help,path:,packages:,name:,config:,network_type:,network_link: -- "${@}")
if [ ${?} -ne 0 ]; then
usage $(basename ${0})
exit 1
fi
eval set -- "${options}"
while true
do
case "${1}" in
-h|--help) usage ${0} && exit 0;;
-p|--path) path=${2}; shift 2;;
-n|--name) name=${2}; shift 2;;
-P|--packages) additional_packages=${2}; shift 2;;
-c|--config) pacman_config=${2}; shift 2;;
-t|--network_type) lxc_network_type=${2}; shift 2;;
-l|--network_link) lxc_network_link=${2}; shift 2;;
--) shift 1; break ;;
*) break ;;
esac
done
if [ -z "${name}" ]; then
echo "missing required 'name' parameter"
exit 1
fi
if [ ! -e /sys/class/net/${lxc_network_link} ]; then
echo "network link interface does not exist"
exit 1
fi
type pacman >/dev/null 2>&1
if [ ${?} -ne 0 ]; then
echo "'pacman' command is missing, refer to wiki.archlinux.org for information about installing pacman"
exit 1
fi
if [ -z "${path}" ]; then
path="${default_path}/${name}"
fi
if [ "${EUID}" != "0" ]; then
echo "This script should be run as 'root'"
exit 1
fi
rootfs_path="${path}/rootfs"
config_path="${default_path}/${name}"
revert() {
echo "Interrupted, cleaning up"
lxc-destroy -n "${name}"
rm -rf "${path}/${name}"
rm -rf "${default_path}/${name}"
exit 1
}
trap revert SIGHUP SIGINT SIGTERM
copy_configuration
if [ ${?} -ne 0 ]; then
echo "failed to write configuration file"
rm -rf "${config_path}"
exit 1
fi
if [ ${#additional_packages[@]} -gt 0 ]; then
split_string ${additional_packages}
base_packages+=(${result[@]})
fi
mkdir -p "${rootfs_path}"
install_arch
if [ ${?} -ne 0 ]; then
echo "failed to install Arch Linux"
rm -rf "${config_path}" "${path}"
exit 1
fi
configure_arch
if [ ${?} -ne 0 ]; then
echo "failed to configure Arch Linux for a container"
rm -rf "${config_path}" "${path}"
exit 1
fi
echo "container config is ${config_path}/config"