fbe7891bd38e5db9d2cb97f5779f546c9d0bf959Roman Mueller# template script for generating CentOS container for LXC
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# lxc: linux Container library
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# Daniel Lezcano <daniel.lezcano@free.fr>
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# Ramez Hanna <rhanna@informatiq.org>
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# Fajar A. Nugraha <github@fajar.net>
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# Michael H. Warfield <mhw@WittsEnd.com>
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# This library is free software; you can redistribute it and/or
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# modify it under the terms of the GNU Lesser General Public
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# License as published by the Free Software Foundation; either
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# version 2.1 of the License, or (at your option) any later version.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# This library is distributed in the hope that it will be useful,
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# but WITHOUT ANY WARRANTY; without even the implied warranty of
96283b546081e7ff709968378fca25cb44f1ab6cStéphane Graber# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# Lesser General Public License for more details.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# You should have received a copy of the GNU Lesser General Public
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# License along with this library; if not, write to the Free Software
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield#Configurations
826cde7c2100e1f4419a54b5c930c0854e01e87eMichael H. Warfield# Some combinations of the tuning knobs below do not exactly make sense.
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# but that's ok.
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# If the "root_password" is non-blank, use it, else set a default.
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# This can be passed to the script as an environment variable and is
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# set by a shell conditional assignment. Looks weird but it is what it is.
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# If the root password contains a ding ($) then try to expand it.
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# That will pick up things like ${name} and ${RANDOM}.
ec64264d78d4ed608553842ce9e1f07eeab2a032Veres Lajos# If the root password contains more than 3 consecutive X's, pass it as
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# a template to mktemp and take the result.
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# If root_display_password = yes, display the temporary root password at exit.
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# If root_store_password = yes, store it in the configuration directory
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# If root_prompt_password = yes, invoke "passwd" to force the user to change
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# the root password after the container is created.
826cde7c2100e1f4419a54b5c930c0854e01e87eMichael H. Warfield# If root_expire_password = yes, you will be prompted to change the root
826cde7c2100e1f4419a54b5c930c0854e01e87eMichael H. Warfield# password at the first login.
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# These are conditional assignments... The can be overridden from the
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# preexisting environment variables...
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# Make sure this is in single quotes to defer expansion to later!
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# :{root_password='Root-${name}-${RANDOM}'}
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# Now, it doesn't make much sense to display, store, and force change
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# together. But, we gotta test, right???
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# Prompting for something interactive has potential for mayhem
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# with users running under the API... Don't default to "yes"
826cde7c2100e1f4419a54b5c930c0854e01e87eMichael H. Warfield# Expire root password? Default to yes, but can be overridden from
826cde7c2100e1f4419a54b5c930c0854e01e87eMichael H. Warfield# the environment variable
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# These are only going into comments in the resulting config...
fbe7891bd38e5db9d2cb97f5779f546c9d0bf959Roman Mueller# is this CentOS?
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# Alow for weird remixes like the Raspberry Pi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# Use the Mitre standard CPE identifier for the release ID if possible...
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# This may be in /etc/os-release or /etc/system-release-cpe. We
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# should be able to use EITHER. Give preference to /etc/os-release for now.
8ec981fc8b0105da5f071e40811e0c2472a6c3c9Stéphane Graber# Detect use under userns (unsupported)
96283b546081e7ff709968378fca25cb44f1ab6cStéphane Graber if [ "$arg" = "--mapped-uid" -o "$arg" = "--mapped-gid" ]; then
8ec981fc8b0105da5f071e40811e0c2472a6c3c9Stéphane Graber echo "This template can't be used for unprivileged containers." 1>&2
8ec981fc8b0105da5f071e40811e0c2472a6c3c9Stéphane Graber echo "You may want to try the \"download\" template instead." 1>&2
207bf0e475f1dc6e9a2dac2cee3a209b56427855Stéphane Graber# Make sure the usual locations are in PATH
207bf0e475f1dc6e9a2dac2cee3a209b56427855Stéphane Graberexport PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# This is a shell friendly configuration file. We can just source it.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# What we're looking for in here is the ID, VERSION_ID and the CPE_NAME
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield echo "Host CPE ID from /etc/os-release: ${CPE_NAME}"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldif [ "${CPE_NAME}" = "" -a -e /etc/system-release-cpe ]
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield CPE_NAME=$(head -n1 /etc/system-release-cpe)
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield CPE_URI=$(expr ${CPE_NAME} : '\([^:]*:[^:]*\)')
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # Probably a better way to do this but sill remain posix
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # compatible but this works, shrug...
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # Must be nice and not introduce convenient bashisms here.
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield # According to the official registration at Mitre and NIST,
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield # this should have been something like this for CentOS:
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield # cpe:/o:centos:centos:6
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield # cpe:/o:centos:centos:6.5
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield ID=$(expr ${CPE_NAME} : '[^:]*:[^:]*:[^:]*:\([^:]*\)')
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield # The "enterprise_linux" is a bone toss back to RHEL.
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield # Since CentOS and RHEL are so tightly coupled, we'll
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield # take the RHEL version if we're running on it and do the
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield # equivalent version for CentOS.
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield if [ ${ID} = "linux" -o ${ID} = "enterprise_linux" ]
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield # Instead we got this: cpe:/o:centos:linux:6
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield ID=$(expr ${CPE_NAME} : '[^:]*:[^:]*:\([^:]*\)')
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield VERSION_ID=$(expr ${CPE_NAME} : '[^:]*:[^:]*:[^:]*:[^:]*:\([^:]*\)')
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield echo "Host CPE ID from /etc/system-release-cpe: ${CPE_NAME}"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldif [ "${CPE_NAME}" != "" -a "${ID}" = "centos" -a "${VERSION_ID}" != "" ]
563148e2df423ca51c1878cd6f5370a69d58744fHartnell Fosterelif [ "${CPE_NAME}" != "" -a "${ID}" = "redhat" -o "${ID}" = "rhel" -a "${VERSION_ID}" != "" ]
563148e2df423ca51c1878cd6f5370a69d58744fHartnell Foster # RHEL 7+ /etc/os-release ID = 'rhel', which doesn't enter this elif without the added OR statement
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # Only if all other methods fail, try to parse the redhat-release file.
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield centos_host_ver=$( sed -e '/^CentOS /!d' -e 's/CentOS.*\srelease\s*\([0-9][0-9.]*\)\s.*/\1/' < /etc/centos-release )
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # delete a device node if exists, and create a new one
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield rm -f $2 && mknod -m $1 $2 $3 $4 $5
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # Also kill it in the /etc/selinux/config file if it's there...
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield sed -i '/^SELINUX=/s/.*/SELINUX=disabled/' $rootfs_path/etc/selinux/config
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # Nice catch from Dwight Engen in the Oracle template.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # Wantonly plagerized here with much appreciation.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if [ -f $rootfs_path/usr/sbin/selinuxenabled ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mv $rootfs_path/usr/sbin/selinuxenabled $rootfs_path/usr/sbin/selinuxenabled.lxcorig
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield ln -s /bin/false $rootfs_path/usr/sbin/selinuxenabled
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # This is a known problem and documented in RedHat bugzilla as relating
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # to a problem with auditing enabled. This prevents an error in
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # the container "Cannot make/remove an entry for the specified session"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield sed -i '/^session.*pam_loginuid.so/s/^session/# session/' ${rootfs_path}/etc/pam.d/login
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield sed -i '/^session.*pam_loginuid.so/s/^session/# session/' ${rootfs_path}/etc/pam.d/sshd
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield if [ -f ${rootfs_path}/etc/pam.d/crond ]
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield sed -i '/^session.*pam_loginuid.so/s/^session/# session/' ${rootfs_path}/etc/pam.d/crond
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield # In addition to disabling pam_loginuid in the above config files
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield # we'll also disable it by linking it to pam_permit to catch any
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield # we missed or any that get installed after the container is built.
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield # Catch either or both 32 and 64 bit archs.
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield if [ -f ${rootfs_path}/lib/security/pam_loginuid.so ]
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield mv pam_loginuid.so pam_loginuid.so.disabled
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield if [ -f ${rootfs_path}/lib64/security/pam_loginuid.so ]
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield mv pam_loginuid.so pam_loginuid.so.disabled
f5067ecbcc1e97052c33269b4afa6375073a91a1Michael H. Warfield # Set default localtime to the host localtime if not set...
f5067ecbcc1e97052c33269b4afa6375073a91a1Michael H. Warfield if [ -e /etc/localtime -a ! -e ${rootfs_path}/etc/localtime ]
f5067ecbcc1e97052c33269b4afa6375073a91a1Michael H. Warfield # if /etc/localtime is a symlink, this should preserve it.
f5067ecbcc1e97052c33269b4afa6375073a91a1Michael H. Warfield cp -a /etc/localtime ${rootfs_path}/etc/localtime
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield # Deal with some dain bramage in the /etc/init.d/halt script.
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield # Trim it and make it our own and link it in before the default
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield # halt script so we can intercept it. This also preventions package
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield # updates from interferring with our interferring with it.
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield # There's generally not much in the halt script that useful but what's
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield # in there from resetting the hardware clock down is generally very bad.
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield # So we just eliminate the whole bottom half of that script in making
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield # ourselves a copy. That way a major update to the init scripts won't
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield if [ -f ${rootfs_path}/etc/init.d/halt ]
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield echo '$command -f' >> ${rootfs_path}/etc/init.d/lxc-halt
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield chmod 755 ${rootfs_path}/etc/init.d/lxc-halt
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield cat <<EOF > ${rootfs_path}/etc/sysconfig/network-scripts/ifcfg-eth0
54a0b57d45645df3a6e0aac208ae09765618a70aKURODA HirakuHOSTNAME=${utsname}
164105f6563d98b832f603e28e506dbabed22cf3Michael H. WarfieldNM_CONTROLLED=no
7e1a946f61d92226453f57cf6d38967303f1bc76Lenz GrimmerDHCP_HOSTNAME=\`hostname\`
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield cat <<EOF > ${rootfs_path}/etc/sysconfig/network
54a0b57d45645df3a6e0aac208ae09765618a70aKURODA HirakuHOSTNAME=${utsname}
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield127.0.0.1 localhost $name
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield/dev/root / rootfs defaults 0 0
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield cat <<EOF > $rootfs_path/etc/init/lxc-sysinit.conf
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldstart on startup
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldpre-start script
a79df22733c48898aaeb600cc073278236d4b489Stéphane Graber if [ "x\$container" != "xlxc" -a "x\$container" != "xlibvirt" ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield rm -f /var/lock/subsys/*
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield rm -f /var/run/*.pid
a79df22733c48898aaeb600cc073278236d4b489Stéphane Graber [ -e /etc/mtab ] || ln -s /proc/mounts /etc/mtab
a79df22733c48898aaeb600cc073278236d4b489Stéphane Graber mkdir -p /dev/shm
a79df22733c48898aaeb600cc073278236d4b489Stéphane Graber mount -t tmpfs -o nosuid,nodev tmpfs /dev/shm
a79df22733c48898aaeb600cc073278236d4b489Stéphane Graber initctl start tty TTY=console
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield cat <<EOF > $rootfs_path/etc/rc.d/lxc.sysinit
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldrm -f /etc/mtab /var/run/*.{pid,lock} /var/lock/subsys/*
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldrm -rf {/,/var}/tmp/*
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldecho "/dev/root / rootfs defaults 0 0" > /etc/mtab
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield chmod 755 $rootfs_path/etc/rc.d/lxc.sysinit
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield sed -i 's|si::sysinit:/etc/rc.d/rc.sysinit|si::bootwait:/etc/rc.d/lxc.sysinit|' $rootfs_path/etc/inittab
7edae51efcb3cb3a05e7fe850905dc836d120512Claudio Alarcon-Reyes # prevent mingetty from calling vhangup(2) since it fails with userns.
7edae51efcb3cb3a05e7fe850905dc836d120512Claudio Alarcon-Reyes # Same issue as oracle template: prevent mingetty from calling vhangup(2)
7edae51efcb3cb3a05e7fe850905dc836d120512Claudio Alarcon-Reyes # commit 2e83f7201c5d402478b9849f0a85c62d5b9f1589.
7edae51efcb3cb3a05e7fe850905dc836d120512Claudio Alarcon-Reyes sed -i 's|^1:|co:2345:respawn:/sbin/mingetty --nohangup console\n1:|' $rootfs_path/etc/inittab
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield sed -i 's|^\([56]:\)|#\1|' $rootfs_path/etc/inittab
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mknod -m 666 ${dev_path}/null c 1 3
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mknod -m 666 ${dev_path}/zero c 1 5
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mknod -m 666 ${dev_path}/tty c 5 0
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mknod -m 666 ${dev_path}/tty0 c 4 0
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mknod -m 666 ${dev_path}/tty1 c 4 1
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mknod -m 666 ${dev_path}/tty2 c 4 2
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mknod -m 666 ${dev_path}/tty3 c 4 3
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mknod -m 666 ${dev_path}/tty4 c 4 4
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mknod -m 666 ${dev_path}/full c 1 7
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mknod -m 666 ${dev_path}/ptmx c 5 2
1ecee40b7dcb933d2c9910f07ed26c6a55e18206Michael H. Warfield # setup console and tty[1-4] for login. note that /dev/console and
1ecee40b7dcb933d2c9910f07ed26c6a55e18206Michael H. Warfield # /dev/tty[1-4] will be symlinks to the ptys /dev/lxc/console and
1ecee40b7dcb933d2c9910f07ed26c6a55e18206Michael H. Warfield # /dev/lxc/tty[1-4] so that package updates can overwrite the symlinks.
1ecee40b7dcb933d2c9910f07ed26c6a55e18206Michael H. Warfield # lxc will maintain these links and bind mount ptys over /dev/lxc/*
1ecee40b7dcb933d2c9910f07ed26c6a55e18206Michael H. Warfield # since lxc.devttydir is specified in the config.
1ecee40b7dcb933d2c9910f07ed26c6a55e18206Michael H. Warfield # allow root login on console, tty[1-4], and pts/0 for libvirt
1ecee40b7dcb933d2c9910f07ed26c6a55e18206Michael H. Warfield echo "# LXC (Linux Containers)" >>${rootfs_path}/etc/securetty
1ecee40b7dcb933d2c9910f07ed26c6a55e18206Michael H. Warfield echo "lxc/console" >>${rootfs_path}/etc/securetty
1ecee40b7dcb933d2c9910f07ed26c6a55e18206Michael H. Warfield echo "lxc/tty1" >>${rootfs_path}/etc/securetty
1ecee40b7dcb933d2c9910f07ed26c6a55e18206Michael H. Warfield echo "lxc/tty2" >>${rootfs_path}/etc/securetty
1ecee40b7dcb933d2c9910f07ed26c6a55e18206Michael H. Warfield echo "lxc/tty3" >>${rootfs_path}/etc/securetty
1ecee40b7dcb933d2c9910f07ed26c6a55e18206Michael H. Warfield echo "lxc/tty4" >>${rootfs_path}/etc/securetty
1ecee40b7dcb933d2c9910f07ed26c6a55e18206Michael H. Warfield echo "# For libvirt/Virtual Machine Monitor" >>${rootfs_path}/etc/securetty
1ecee40b7dcb933d2c9910f07ed26c6a55e18206Michael H. Warfield echo "pts/0" >>${rootfs_path}/etc/securetty
7edae51efcb3cb3a05e7fe850905dc836d120512Claudio Alarcon-Reyes # prevent mingetty from calling vhangup(2) since it fails with userns.
7edae51efcb3cb3a05e7fe850905dc836d120512Claudio Alarcon-Reyes # Same issue as oracle template: prevent mingetty from calling vhangup(2)
7edae51efcb3cb3a05e7fe850905dc836d120512Claudio Alarcon-Reyes # commit 2e83f7201c5d402478b9849f0a85c62d5b9f1589.
3335c60896056f3c5d260e0b96dc918db688b77fteruo-oshida sed -i 's|mingetty|mingetty --nohangup|' $rootfs_path/etc/init/tty.conf
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield echo "Setting root password to '$root_password'"
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield echo ${root_password} > ${config_path}/tmp_root_pass
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield echo "Storing root password in '${config_path}/tmp_root_pass'"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield echo "root:$root_password" | chroot $rootfs_path chpasswd
826cde7c2100e1f4419a54b5c930c0854e01e87eMichael H. Warfield # Also set this password as expired to force the user to change it!
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # This will need to be enhanced for CentOS 7 when systemd
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.sysinit
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.d/rc.sysinit
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield chroot ${rootfs_path} chkconfig udev-post off
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield chroot ${rootfs_path} chkconfig network on
779b47fdca6975f70541fbc7c25a34393ec5c24bMichael H. Warfield cat <<EOF >${rootfs_path}/etc/init/power-status-changed.conf
779b47fdca6975f70541fbc7c25a34393ec5c24bMichael H. Warfield# power-status-changed - shutdown on SIGPWR
779b47fdca6975f70541fbc7c25a34393ec5c24bMichael H. Warfieldstart on power-status-changed
779b47fdca6975f70541fbc7c25a34393ec5c24bMichael H. Warfieldexec /sbin/shutdown -h now "SIGPWR received"
fbe7891bd38e5db9d2cb97f5779f546c9d0bf959Roman Mueller # check the mini CentOS was not already downloaded
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if [ $? -ne 0 ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield echo "Failed to create '$INSTALL_ROOT' directory"
75d87a4b802444afb50b1181e972c6e35b112532Dwight Schauer YUM0="yum --installroot $INSTALL_ROOT -y --nogpgcheck"
85ccd3d569dcafc4bff3b45798935e1d8fa02ddfAlexandre Létourneau if yum -h | grep -q 'releasever=RELEASEVER'; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield PKG_LIST="yum initscripts passwd rsyslog vim-minimal openssh-server openssh-clients dhclient chkconfig rootfiles policycoreutils"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield REPO_FILE=$INSTALL_ROOT/etc/yum.repos.d/lxc-centos-temp.repo
3a6ef65aa29206b2f2061fdb020c32118f6d74f2Harald Dunkelname=local repository
3a6ef65aa29206b2f2061fdb020c32118f6d74f2Harald Dunkelbaseurl="$repo"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldname=CentOS-$release - Base
08754f305b580801ae800df32ace5dc7b9b191d9Michael H. Warfieldmirrorlist=http://mirrorlist.centos.org/?release=$release&arch=$basearch&repo=os
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldname=CentOS-$release - Updates
08754f305b580801ae800df32ace5dc7b9b191d9Michael H. Warfieldmirrorlist=http://mirrorlist.centos.org/?release=$release&arch=$basearch&repo=updates
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # create minimal device nodes, needed for "yum install" and "yum update" process
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield force_mknod 666 $INSTALL_ROOT/dev/null c 1 3
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield force_mknod 666 $INSTALL_ROOT/dev/urandom c 1 9
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if [ $? -ne 0 ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield echo "Failed to download the rootfs, aborting."
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # use same nameservers as hosts, needed for "yum update later"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if [ ! -e $INSTALL_ROOT/var/lib/rpm/Packages -a -e $INSTALL_ROOT/$HOME/.rpmdb/Packages ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mv $INSTALL_ROOT/$HOME/.rpmdb/[A-Z]* $INSTALL_ROOT/var/lib/rpm/
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield chroot $INSTALL_ROOT rpm --rebuilddb 2>/dev/null
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # check whether rpmdb version is correct
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield chroot $INSTALL_ROOT rpm --quiet -q yum 2>/dev/null
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # if "rpm -q" doesn't work due to rpmdb version difference,
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # then we need to redo the process using the newly-installed yum
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if [ $ret -gt 0 ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mkdir $INSTALL_ROOT/etc/yum.repos.disabled
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mv $INSTALL_ROOT/etc/yum.repos.d/*.repo $INSTALL_ROOT/etc/yum.repos.disabled/
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mkdir -p $INSTALL_ROOT/$INSTALL_ROOT/etc
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield cp /etc/resolv.conf $INSTALL_ROOT/$INSTALL_ROOT/etc/
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mkdir -p $INSTALL_ROOT/$INSTALL_ROOT/dev
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mknod -m 666 $INSTALL_ROOT/$INSTALL_ROOT/dev/null c 1 3
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mknod -m 666 $INSTALL_ROOT/$INSTALL_ROOT/dev/urandom c 1 9
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mkdir -p $INSTALL_ROOT/$INSTALL_ROOT/var/cache/yum
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield cp -al $INSTALL_ROOT/var/cache/yum/* $INSTALL_ROOT/$INSTALL_ROOT/var/cache/yum/
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if [ $? -ne 0 ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield echo "Failed to download the rootfs, aborting."
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mv $INSTALL_ROOT/$INSTALL_ROOT $INSTALL_ROOT.tmp
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield echo -n "Copying rootfs to $rootfs_path ..."
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield #cp -a $cache/rootfs-$arch $rootfs_path || return 1
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield YUM="chroot $cache/rootfs yum -y --nogpgcheck"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if [ $? -ne 0 ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if [ $? -ne 0 ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield echo "Checking cache download in $cache/rootfs ... "
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if [ $? -ne 0 ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if [ $? -ne 0 ]; then
fbe7891bd38e5db9d2cb97f5779f546c9d0bf959Roman Mueller echo "Failed to update 'CentOS base', continuing with last known good cache"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield echo "Copy $cache/rootfs to $rootfs_path ... "
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if [ $? -ne 0 ]; then
08754f305b580801ae800df32ace5dc7b9b191d9Michael H. Warfield openssl rand -hex 5 | sed -e 's/\(..\)/:\1/g; s/^/fe/'
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield grep -q "^lxc.rootfs" $config_path/config 2>/dev/null || echo "
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield # The following code is to create static MAC addresses for each
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield # interface in the container. This code will work for multiple
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield mv $config_path/config $config_path/config.def
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield # This should catch variable expansions from the default config...
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield if expr "${LINE}" : '.*\$' > /dev/null 2>&1
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield # There is a tab and a space in the regex bracket below!
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield # Seems that \s doesn't work in brackets.
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield KEY=$(expr "${LINE}" : '\s*\([^ ]*\)\s*=')
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield if [[ "${KEY}" != "lxc.network.hwaddr" ]]
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield echo "lxc.network.hwaddr = $(create_hwaddr)" >> $config_path/config
1ecee40b7dcb933d2c9910f07ed26c6a55e18206Michael H. Warfield if [ -e "@LXCTEMPLATECONFIG@/centos.common.conf" ]; then
1ecee40b7dcb933d2c9910f07ed26c6a55e18206Michael H. Warfield# Include common configuration
1ecee40b7dcb933d2c9910f07ed26c6a55e18206Michael H. Warfieldlxc.include = @LXCTEMPLATECONFIG@/centos.common.conf
1ecee40b7dcb933d2c9910f07ed26c6a55e18206Michael H. Warfield # Append things which require expansion here...
e13923c71155453c856f423e15bdec11d92039faMichael H. Warfieldlxc.arch = $arch
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldlxc.utsname = $utsname
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# When using LXC with apparmor, uncomment the next line to run unconfined:
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield#lxc.aa_profile = unconfined
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# example simple networking setup, uncomment to enable
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield#lxc.network.type = $lxc_network_type
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield#lxc.network.flags = up
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield#lxc.network.link = $lxc_network_link
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield#lxc.network.name = eth0
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# Additional example for veth network type
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# static MAC address,
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield#lxc.network.hwaddr = 00:16:3e:77:52:20
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# persistent veth device name on host side
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# Note: This may potentially collide with other containers of same name!
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield#lxc.network.veth.pair = v-$name-e0
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if [ $? -ne 0 ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if [ ! -e $cache ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # lock, so we won't purge while someone is creating a repository
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield if [ $? != 0 ]; then
fbe7891bd38e5db9d2cb97f5779f546c9d0bf959Roman Mueller echo -n "Purging the download cache for CentOS-$release..."
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield ) 9>@LOCALSTATEDIR@/lock/subsys/lxc-centos
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield $1 -n|--name=<container_name>
6bfb727c4bd75d1f5229a862b84e12ec54e67a6f謝致邦 [-p|--path=<path>] [-c|--clean] [-R|--release=<CentOS_release>] [-a|--arch=<arch of the container>]
164105f6563d98b832f603e28e506dbabed22cf3Michael H. WarfieldMandatory args:
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield -n,--name container name, used to as an identifier for that container from now on
08754f305b580801ae800df32ace5dc7b9b191d9Michael H. Warfield -p,--path path to where the container rootfs will be created, defaults to /var/lib/lxc/name.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield -c,--clean clean the cache
fbe7891bd38e5db9d2cb97f5779f546c9d0bf959Roman Mueller -R,--release CentOS release for the new container. If the host is CentOS, then it will default to the host's release.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield --fqdn fully qualified domain name (FQDN) for DNS and system naming
3a6ef65aa29206b2f2061fdb020c32118f6d74f2Harald Dunkel --repo repository to use (url)
08754f305b580801ae800df32ace5dc7b9b191d9Michael H. Warfield -a,--arch Define what arch the container will be [i686,x86_64]
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield -h,--help print this help
3a6ef65aa29206b2f2061fdb020c32118f6d74f2Harald Dunkeloptions=$(getopt -o a:hp:n:cR: -l help,path:,rootfs:,name:,clean,release:,repo:,arch:,fqdn: -- "$@")
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield --) shift 1; break ;;
08754f305b580801ae800df32ace5dc7b9b191d9Michael H. Warfield# Map a few architectures to their generic CentOS repository archs.
08754f305b580801ae800df32ace5dc7b9b191d9Michael H. Warfield# The two ARM archs are a bit of a guesstimate for the v5 and v6
08754f305b580801ae800df32ace5dc7b9b191d9Michael H. Warfield# archs. V6 should have hardware floating point (Rasberry Pi).
08754f305b580801ae800df32ace5dc7b9b191d9Michael H. Warfield# The "arm" arch is safer (no hardware floating point). So
08754f305b580801ae800df32ace5dc7b9b191d9Michael H. Warfield# there may be cases where we "get it wrong" for some v6 other
08754f305b580801ae800df32ace5dc7b9b191d9Michael H. Warfield# Somebody wants to specify an arch. This is very limited case.
08754f305b580801ae800df32ace5dc7b9b191d9Michael H. Warfield# x86_64 on x86_64
08754f305b580801ae800df32ace5dc7b9b191d9Michael H. Warfieldif [ "${newarch}" != "" -a "${newarch}" != "${arch}" ]
08754f305b580801ae800df32ace5dc7b9b191d9Michael H. Warfield if [ "${basearch}" = "i386" -o "${basearch}" = "x86_64" ]
08754f305b580801ae800df32ace5dc7b9b191d9Michael H. Warfield # Make the arch a generic x86 32 bit...
08754f305b580801ae800df32ace5dc7b9b191d9Michael H. Warfield echo "You cannot build a ${newarch} CentOS container on a ${arch} host. Sorry!"
6dc6f80bfd7cb169948f2ef9a95dcf6d2edee853Kevin Carter# Allow the cache base to be set by environment variable
6dc6f80bfd7cb169948f2ef9a95dcf6d2edee853Kevin Cartercache_base=${LXC_CACHE_PATH:-"@LOCALSTATEDIR@/cache/lxc"}/centos/$basearch
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# Let's do something better for the initial root password.
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# It's not perfect but it will defeat common scanning brute force
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# attacks in the case where ssh is exposed. It will also be set to
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# expired, forcing the user to change it at first login.
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield # If it's got a ding in it, try and expand it!
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield if [ $(expr "${root_password}" : '.*$.') != 0 ]
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield root_password=$(eval echo "${root_password}")
ec64264d78d4ed608553842ce9e1f07eeab2a032Veres Lajos # If it has more than 3 consecutive X's in it, feed it
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield # through mktemp as a template.
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield if [ $(expr "${root_password}" : '.*XXXX') != 0 ]
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield root_password=$(mktemp -u ${root_password})
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldif [ -z "${utsname}" ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# This follows a standard "resolver" convention that an FQDN must have
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# at least two dots or it is considered a local relative host name.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# If it doesn't, append the dns domain name of the host system.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# This changes one significant behavior when running
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# "lxc_create -n Container_Name" without using the
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# --fqdn option.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# Old behavior:
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# utsname and hostname = Container_Name
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# New behavior:
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# utsname and hostname = Container_Name.Domain_Name
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldif [ $(expr "$utsname" : '.*\..*\.') = 0 ]; then
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield if [[ "$(dnsdomainname)" != "" && "$(dnsdomainname)" != "localdomain" ]]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield echo "'yum' command is missing"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldif [ -z "$path" ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldif [ -z "$release" ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if [ "$is_centos" -a "$centos_host_ver" ]; then
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield elif [ "$is_redhat" -a "$redhat_host_ver" ]; then
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield # This is needed to clean out bullshit like 6workstation and 6server.
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield release=$(expr $redhat_host_ver : '\([0-9.]*\)')
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield echo "This is not a CentOS or Redhat host and release is missing, defaulting to 6 use -R|--release to specify release"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield echo "This script should be run as 'root'"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldif [ -z "$rootfs_path" ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # check for 'lxc.rootfs' passed in through default config by lxc-create
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if grep -q '^lxc.rootfs' $path/config 2>/dev/null ; then
08754f305b580801ae800df32ace5dc7b9b191d9Michael H. Warfield rootfs_path=$(sed -e '/^lxc.rootfs\s*=/!d' -e 's/\s*#.*//' \
08754f305b580801ae800df32ace5dc7b9b191d9Michael H. Warfield -e 's/^lxc.rootfs\s*=\s*//' -e q $path/config)
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # maybe was interrupted before copy config
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield echo "failed write configuration file"
fbe7891bd38e5db9d2cb97f5779f546c9d0bf959Roman Mueller echo "failed to install CentOS"
fbe7891bd38e5db9d2cb97f5779f546c9d0bf959Roman Mueller echo "failed to configure CentOS for a container"
a2780518da9102cda2d261bd866237710559d348Michael Adamif [ ! -z "$clean" ]; then
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. WarfieldContainer rootfs and config have been created.
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. WarfieldEdit the config file to check/enable networking setup.
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield echo "The temporary password for root is: '$root_password'
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. WarfieldYou may want to note that password down before starting the container.
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield echo "The temporary root password is stored in:
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield '${config_path}/tmp_root_pass'
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield echo "Invoking the passwd command in the container to set the root password.
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield chroot ${rootfs_path} passwd
d510d5224b0ddfc831c85ec3bca944f949ebd84fNehal J Wani echo "To reset the root password, you can do:
d510d5224b0ddfc831c85ec3bca944f949ebd84fNehal J Wani lxc-start -n ${name}
d510d5224b0ddfc831c85ec3bca944f949ebd84fNehal J Wani lxc-attach -n ${name} -- passwd
d510d5224b0ddfc831c85ec3bca944f949ebd84fNehal J Wani lxc-stop -n ${name}
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. WarfieldThe root password is set up as "expired" and will require it to be changed
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfieldat first login, which you should do as soon as possible. If you lose the
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfieldroot password or wish to change it without starting the container, you
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfieldcan change it from the host by running the following command (which will
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfieldalso reset the expired flag):
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield chroot ${rootfs_path} passwd