lxc-centos.in revision 6976826fed04d006608f87ba902a8517358c15ec
7384b4e78eaab44693c985192276e31322155e32Stephan Bosch# template script for generating centos container for LXC
7384b4e78eaab44693c985192276e31322155e32Stephan Bosch# lxc: linux Container library
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch# Daniel Lezcano <daniel.lezcano@free.fr>
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch# Ramez Hanna <rhanna@informatiq.org>
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch# Fajar A. Nugraha <github@fajar.net>
7384b4e78eaab44693c985192276e31322155e32Stephan Bosch# Michael H. Warfield <mhw@WittsEnd.com>
7384b4e78eaab44693c985192276e31322155e32Stephan Bosch# This library is free software; you can redistribute it and/or
7384b4e78eaab44693c985192276e31322155e32Stephan Bosch# modify it under the terms of the GNU Lesser General Public
5257840e8d31a6cb7051703b4cb0931c82aba638Stephan Bosch# License as published by the Free Software Foundation; either
5257840e8d31a6cb7051703b4cb0931c82aba638Stephan Bosch# version 2.1 of the License, or (at your option) any later version.
94d1b08c9e20d637db568a3eab3dfc2b9e96e62aStephan Bosch# This library is distributed in the hope that it will be useful,
7384b4e78eaab44693c985192276e31322155e32Stephan Bosch# but WITHOUT ANY WARRANTY; without even the implied warranty of
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch# Lesser General Public License for more details.
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch# You should have received a copy of the GNU Lesser General Public
a62fe4b300e2f591e939993aec4cac1e7ae30ad1Stephan Bosch# License along with this library; if not, write to the Free Software
a62fe4b300e2f591e939993aec4cac1e7ae30ad1Stephan Bosch# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
de96afeeaa5242cffe89f1966457e935806b5746Stephan Bosch#Configurations
7384b4e78eaab44693c985192276e31322155e32Stephan Bosch# Some combinations of the tuning knobs below do not exactly make sense.
7384b4e78eaab44693c985192276e31322155e32Stephan Bosch# but that's ok.
fc94140acba51adafedafbc8491a3223a51db7a8Stephan Bosch# If the "root_password" is non-blank, use it, else set a default.
7384b4e78eaab44693c985192276e31322155e32Stephan Bosch# This can be passed to the script as an environment variable and is
7384b4e78eaab44693c985192276e31322155e32Stephan Bosch# set by a shell conditional assignment. Looks weird but it is what it is.
7384b4e78eaab44693c985192276e31322155e32Stephan Bosch# If the root password contains a ding ($) then try to expand it.
7384b4e78eaab44693c985192276e31322155e32Stephan Bosch# That will pick up things like ${name} and ${RANDOM}.
7384b4e78eaab44693c985192276e31322155e32Stephan Bosch# If the root password contains more than 3 consecutive X's, pass it as
7384b4e78eaab44693c985192276e31322155e32Stephan Bosch# a template to mktemp and take the result.
a62fe4b300e2f591e939993aec4cac1e7ae30ad1Stephan Bosch# If root_display_password = yes, display the temporary root password at exit.
a62fe4b300e2f591e939993aec4cac1e7ae30ad1Stephan Bosch# If root_store_password = yes, store it in the configuration directory
a62fe4b300e2f591e939993aec4cac1e7ae30ad1Stephan Bosch# If root_prompt_password = yes, invoke "passwd" to force the user to change
e47c2f17d8136c4d972d1074a3f84ba2ecef4fdcStephan Bosch# the root password after the container is created.
ede750711f27ca9d9037a7ab9f016411b57f1ad9Stephan Bosch# If root_expire_password = yes, you will be prompted to change the root
ede750711f27ca9d9037a7ab9f016411b57f1ad9Stephan Bosch# password at the first login.
a62fe4b300e2f591e939993aec4cac1e7ae30ad1Stephan Bosch# These are conditional assignments... The can be overridden from the
fc94140acba51adafedafbc8491a3223a51db7a8Stephan Bosch# preexisting environment variables...
ede750711f27ca9d9037a7ab9f016411b57f1ad9Stephan Bosch# Make sure this is in single quotes to defer expansion to later!
ede750711f27ca9d9037a7ab9f016411b57f1ad9Stephan Bosch# :{root_password='Root-${name}-${RANDOM}'}
ede750711f27ca9d9037a7ab9f016411b57f1ad9Stephan Bosch# Now, it doesn't make much sense to display, store, and force change
ede750711f27ca9d9037a7ab9f016411b57f1ad9Stephan Bosch# together. But, we gotta test, right???
ede750711f27ca9d9037a7ab9f016411b57f1ad9Stephan Bosch# Prompting for something interactive has potential for mayhem
ede750711f27ca9d9037a7ab9f016411b57f1ad9Stephan Bosch# with users running under the API... Don't default to "yes"
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch# Expire root password? Default to yes, but can be overridden from
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch# the environment variable
7384b4e78eaab44693c985192276e31322155e32Stephan Bosch# These are only going into comments in the resulting config...
47a53a80656dc400ff8effdc1432a69fbf5ae8baTimo Sirainen# is this centos?
7384b4e78eaab44693c985192276e31322155e32Stephan Bosch# Alow for weird remixes like the Raspberry Pi
a991cfe2157e58ee43bc580f517ce9ef0dfb7acfStephan Bosch# Use the Mitre standard CPE identifier for the release ID if possible...
4219de12b28f1936219e27501b9c4b27a4f8d53cStephan Bosch# This may be in /etc/os-release or /etc/system-release-cpe. We
4219de12b28f1936219e27501b9c4b27a4f8d53cStephan Bosch# should be able to use EITHER. Give preference to /etc/os-release for now.
4219de12b28f1936219e27501b9c4b27a4f8d53cStephan Bosch# Detect use under userns (unsupported)
4219de12b28f1936219e27501b9c4b27a4f8d53cStephan Bosch if [ "$arg" = "--mapped-uid" -o "$arg" = "--mapped-gid" ]; then
7384b4e78eaab44693c985192276e31322155e32Stephan Bosch echo "This template can't be used for unprivileged containers." 1>&2
7384b4e78eaab44693c985192276e31322155e32Stephan Bosch echo "You may want to try the \"download\" template instead." 1>&2
7384b4e78eaab44693c985192276e31322155e32Stephan Bosch# Make sure the usual locations are in PATH
7384b4e78eaab44693c985192276e31322155e32Stephan Boschexport PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin
65c0e43da8cfc730eeb4634f8aa384081bbfa4e7Timo Sirainen# This is a shell friendly configuration file. We can just source it.
65c0e43da8cfc730eeb4634f8aa384081bbfa4e7Timo Sirainen# What we're looking for in here is the ID, VERSION_ID and the CPE_NAME
93cc87bb22386e020cee1093b6bd59295e0b33f0Stephan Bosch echo "Host CPE ID from /etc/os-release: ${CPE_NAME}"
31fa529029f35f65451fb1d119ed1d5435b62e46Timo Sirainenif [ "${CPE_NAME}" = "" -a -e /etc/system-release-cpe ]
93cc87bb22386e020cee1093b6bd59295e0b33f0Stephan Bosch CPE_URI=$(expr ${CPE_NAME} : '\([^:]*:[^:]*\)')
6bc9fb43cc1ac24693d030a6cbfa43bc7cbc82cbTimo Sirainen # Probably a better way to do this but sill remain posix
6bc9fb43cc1ac24693d030a6cbfa43bc7cbc82cbTimo Sirainen # compatible but this works, shrug...
7384b4e78eaab44693c985192276e31322155e32Stephan Bosch # Must be nice and not introduce convenient bashisms here.
7384b4e78eaab44693c985192276e31322155e32Stephan Bosch # According to the official registration at Mitre and NIST,
4124bebe6daab2cd05acb0416096fc47cb9abd92Timo Sirainen # this should have been something like this for CentOS:
4124bebe6daab2cd05acb0416096fc47cb9abd92Timo Sirainen # cpe:/o:centos:centos:6
7384b4e78eaab44693c985192276e31322155e32Stephan Bosch # cpe:/o:centos:centos:6.5
30f35cf5d1e1374d7fab4231e86144fc106a8e79Stephan Bosch ID=$(expr ${CPE_NAME} : '[^:]*:[^:]*:[^:]*:\([^:]*\)')
87c121a4c05b9cee46f1f757ec6999d441519abfStephan Bosch # The "enterprise_linux" is a bone toss back to RHEL.
8aa91c0f70ea2893d82a16a8b8d0171caccce74cStephan Bosch # Since CentOS and RHEL are so tightly coupled, we'll
8aa91c0f70ea2893d82a16a8b8d0171caccce74cStephan Bosch # take the RHEL version if we're running on it and do the
8aa91c0f70ea2893d82a16a8b8d0171caccce74cStephan Bosch # equivalent version for CentOS.
8aa91c0f70ea2893d82a16a8b8d0171caccce74cStephan Bosch if [ ${ID} = "linux" -o ${ID} = "enterprise_linux" ]
87c121a4c05b9cee46f1f757ec6999d441519abfStephan Bosch # Instead we got this: cpe:/o:centos:linux:6
7384b4e78eaab44693c985192276e31322155e32Stephan Bosch ID=$(expr ${CPE_NAME} : '[^:]*:[^:]*:\([^:]*\)')
eb325a5a90c1d2655e74972bde0de6a699d2c864Stephan Bosch VERSION_ID=$(expr ${CPE_NAME} : '[^:]*:[^:]*:[^:]*:[^:]*:\([^:]*\)')
7384b4e78eaab44693c985192276e31322155e32Stephan Bosch echo "Host CPE ID from /etc/system-release-cpe: ${CPE_NAME}"
a62fe4b300e2f591e939993aec4cac1e7ae30ad1Stephan Boschif [ "${CPE_NAME}" != "" -a "${ID}" = "centos" -a "${VERSION_ID}" != "" ]
7384b4e78eaab44693c985192276e31322155e32Stephan Boschelif [ "${CPE_NAME}" != "" -a "${ID}" = "redhat" -a "${VERSION_ID}" != "" ]
de96afeeaa5242cffe89f1966457e935806b5746Stephan Bosch # Only if all other methods fail, try to parse the redhat-release file.
7abab3b191860a3d77af5192b0649833c8a0c803Stephan Bosch centos_host_ver=$( sed -e '/^CentOS /!d' -e 's/CentOS.*\srelease\s*\([0-9][0-9.]*\)\s.*/\1/' < /etc/centos-release )
de96afeeaa5242cffe89f1966457e935806b5746Stephan Bosch # delete a device node if exists, and create a new one
de96afeeaa5242cffe89f1966457e935806b5746Stephan Bosch rm -f $2 && mknod -m $1 $2 $3 $4 $5
de96afeeaa5242cffe89f1966457e935806b5746Stephan Bosch # Also kill it in the /etc/selinux/config file if it's there...
de96afeeaa5242cffe89f1966457e935806b5746Stephan Bosch sed -i '/^SELINUX=/s/.*/SELINUX=disabled/' $rootfs_path/etc/selinux/config
de96afeeaa5242cffe89f1966457e935806b5746Stephan Bosch # Nice catch from Dwight Engen in the Oracle template.
8a6dc50255a27bf887bbd9ed7c3a87bf629d4179Stephan Bosch # Wantonly plagerized here with much appreciation.
de96afeeaa5242cffe89f1966457e935806b5746Stephan Bosch if [ -f $rootfs_path/usr/sbin/selinuxenabled ]; then
de96afeeaa5242cffe89f1966457e935806b5746Stephan Bosch mv $rootfs_path/usr/sbin/selinuxenabled $rootfs_path/usr/sbin/selinuxenabled.lxcorig
30ccfe4fdc2212d4341fa0edd6e8e73609ef1418Stephan Bosch ln -s /bin/false $rootfs_path/usr/sbin/selinuxenabled
de96afeeaa5242cffe89f1966457e935806b5746Stephan Bosch # This is a known problem and documented in RedHat bugzilla as relating
de96afeeaa5242cffe89f1966457e935806b5746Stephan Bosch # to a problem with auditing enabled. This prevents an error in
ebe0f5e387744621b73c4db79d5891ccbe0a1321Stephan Bosch # the container "Cannot make/remove an entry for the specified session"
de96afeeaa5242cffe89f1966457e935806b5746Stephan Bosch sed -i '/^session.*pam_loginuid.so/s/^session/# session/' ${rootfs_path}/etc/pam.d/login
ede750711f27ca9d9037a7ab9f016411b57f1ad9Stephan Bosch sed -i '/^session.*pam_loginuid.so/s/^session/# session/' ${rootfs_path}/etc/pam.d/sshd
de96afeeaa5242cffe89f1966457e935806b5746Stephan Bosch sed -i '/^session.*pam_loginuid.so/s/^session/# session/' ${rootfs_path}/etc/pam.d/crond
de96afeeaa5242cffe89f1966457e935806b5746Stephan Bosch # In addition to disabling pam_loginuid in the above config files
de96afeeaa5242cffe89f1966457e935806b5746Stephan Bosch # we'll also disable it by linking it to pam_permit to catch any
de96afeeaa5242cffe89f1966457e935806b5746Stephan Bosch # we missed or any that get installed after the container is built.
de96afeeaa5242cffe89f1966457e935806b5746Stephan Bosch if [ -f ${rootfs_path}/lib/security/pam_loginuid.so ]
fe2b0e3de834dd40b698bb579adc5357d5789ec9Stephan Bosch if [ -f ${rootfs_path}/lib64/security/pam_loginuid.so ]
de96afeeaa5242cffe89f1966457e935806b5746Stephan Bosch # Set default localtime to the host localtime if not set...
de96afeeaa5242cffe89f1966457e935806b5746Stephan Bosch if [ -e /etc/localtime -a ! -e ${rootfs_path}/etc/localtime ]
70505f4839520ac67895992621c97d2480c22e7fTimo Sirainen # if /etc/localtime is a symlink, this should preserve it.
de96afeeaa5242cffe89f1966457e935806b5746Stephan Bosch cp -a /etc/localtime ${rootfs_path}/etc/localtime
ede750711f27ca9d9037a7ab9f016411b57f1ad9Stephan Bosch # Deal with some dain bramage in the /etc/init.d/halt script.
7384b4e78eaab44693c985192276e31322155e32Stephan Bosch # Trim it and make it our own and link it in before the default
7384b4e78eaab44693c985192276e31322155e32Stephan Bosch # halt script so we can intercept it. This also preventions package
7384b4e78eaab44693c985192276e31322155e32Stephan Bosch # updates from interferring with our interferring with it.
524d89a40565709964b7ee5e8324a400dc53656bTimo Sirainen # There's generally not much in the halt script that useful but what's
1a64096dcbea2765f370c9d35a3480d0e60c643bTimo Sirainen # in there from resetting the hardware clock down is generally very bad.
1a64096dcbea2765f370c9d35a3480d0e60c643bTimo Sirainen # So we just eliminate the whole bottom half of that script in making
fc94140acba51adafedafbc8491a3223a51db7a8Stephan Bosch # ourselves a copy. That way a major update to the init scripts won't
b66def5dadd3e7c250313a938d26ad113663f86bStephan Bosch echo '$command -f' >> ${rootfs_path}/etc/init.d/lxc-halt
7384b4e78eaab44693c985192276e31322155e32Stephan Bosch cat <<EOF > ${rootfs_path}/etc/sysconfig/network-scripts/ifcfg-eth0
aacf2a69acc59e9382578d6f4e030788abc79706Timo SirainenBOOTPROTO=dhcp
7384b4e78eaab44693c985192276e31322155e32Stephan BoschHOSTNAME=${UTSNAME}
7384b4e78eaab44693c985192276e31322155e32Stephan BoschNM_CONTROLLED=no
7384b4e78eaab44693c985192276e31322155e32Stephan BoschDHCP_HOSTNAME=$name
7384b4e78eaab44693c985192276e31322155e32Stephan Bosch cat <<EOF > ${rootfs_path}/etc/sysconfig/network
7384b4e78eaab44693c985192276e31322155e32Stephan BoschNETWORKING=yes
7384b4e78eaab44693c985192276e31322155e32Stephan BoschHOSTNAME=${UTSNAME}
7384b4e78eaab44693c985192276e31322155e32Stephan Bosch127.0.0.1 localhost $name
7384b4e78eaab44693c985192276e31322155e32Stephan Bosch/dev/root / rootfs defaults 0 0
415e16c3dc185578695b7d88e561a52de6c8b1b1Timo Sirainennone /dev/shm tmpfs nosuid,nodev 0 0
fca68889b287d8eed4babe72a231bd6079da012dStephan Bosch cat <<EOF > $rootfs_path/etc/init/lxc-sysinit.conf
7384b4e78eaab44693c985192276e31322155e32Stephan Boschstart on startup
ede750711f27ca9d9037a7ab9f016411b57f1ad9Stephan Boschpre-start script
aacf2a69acc59e9382578d6f4e030788abc79706Timo Sirainen if [ "x$container" != "xlxc" -a "x$container" != "xlibvirt" ]; then
a991cfe2157e58ee43bc580f517ce9ef0dfb7acfStephan Bosch initctl start tty TTY=console
a991cfe2157e58ee43bc580f517ce9ef0dfb7acfStephan Bosch rm -f /var/lock/subsys/*
7384b4e78eaab44693c985192276e31322155e32Stephan Bosch rm -f /var/run/*.pid
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Boschrm -f /etc/mtab /var/run/*.{pid,lock} /var/lock/subsys/*
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Boschrm -rf {/,/var}/tmp/*
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Boschecho "/dev/root / rootfs defaults 0 0" > /etc/mtab
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch sed -i 's|si::sysinit:/etc/rc.d/rc.sysinit|si::bootwait:/etc/rc.d/lxc.sysinit|' $rootfs_path/etc/inittab
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch # prevent mingetty from calling vhangup(2) since it fails with userns.
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch # Same issue as oracle template: prevent mingetty from calling vhangup(2)
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch # commit 2e83f7201c5d402478b9849f0a85c62d5b9f1589.
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch sed -i 's|^1:|co:2345:respawn:/sbin/mingetty --nohangup console\n1:|' $rootfs_path/etc/inittab
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch sed -i 's|^\([56]:\)|#\1|' $rootfs_path/etc/inittab
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch mknod -m 666 ${dev_path}/null c 1 3
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch mknod -m 666 ${dev_path}/zero c 1 5
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch mknod -m 666 ${dev_path}/random c 1 8
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch mknod -m 666 ${dev_path}/urandom c 1 9
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch mknod -m 666 ${dev_path}/tty c 5 0
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch mknod -m 666 ${dev_path}/tty0 c 4 0
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch mknod -m 666 ${dev_path}/tty1 c 4 1
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch mknod -m 666 ${dev_path}/tty2 c 4 2
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch mknod -m 666 ${dev_path}/tty3 c 4 3
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch mknod -m 666 ${dev_path}/tty4 c 4 4
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch mknod -m 600 ${dev_path}/console c 5 1
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch mknod -m 666 ${dev_path}/full c 1 7
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch mknod -m 666 ${dev_path}/ptmx c 5 2
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch # setup console and tty[1-4] for login. note that /dev/console and
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch # /dev/tty[1-4] will be symlinks to the ptys /dev/lxc/console and
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch # /dev/lxc/tty[1-4] so that package updates can overwrite the symlinks.
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch # lxc will maintain these links and bind mount ptys over /dev/lxc/*
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch # since lxc.devttydir is specified in the config.
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch # allow root login on console, tty[1-4], and pts/0 for libvirt
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch echo "# LXC (Linux Containers)" >>${rootfs_path}/etc/securetty
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch echo "lxc/console" >>${rootfs_path}/etc/securetty
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch echo "lxc/tty1" >>${rootfs_path}/etc/securetty
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch echo "lxc/tty2" >>${rootfs_path}/etc/securetty
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch echo "lxc/tty3" >>${rootfs_path}/etc/securetty
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch echo "lxc/tty4" >>${rootfs_path}/etc/securetty
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch echo "# For libvirt/Virtual Machine Monitor" >>${rootfs_path}/etc/securetty
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch # prevent mingetty from calling vhangup(2) since it fails with userns.
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch # Same issue as oracle template: prevent mingetty from calling vhangup(2)
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch # commit 2e83f7201c5d402478b9849f0a85c62d5b9f1589.
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch sed -i 's|mingetty|mingetty --nohangup|' $container_rootfs/etc/init/tty.conf
7abab3b191860a3d77af5192b0649833c8a0c803Stephan Bosch echo "Setting root password to '$root_password'"
79f8a20424633e806447bc9375a5ab403aabc758Stephan Bosch echo ${root_password} > ${config_path}/tmp_root_pass
79f8a20424633e806447bc9375a5ab403aabc758Stephan Bosch echo "Storing root password in '${config_path}/tmp_root_pass'"
ede750711f27ca9d9037a7ab9f016411b57f1ad9Stephan Bosch echo "root:$root_password" | chroot $rootfs_path chpasswd
99feb6521535a7dc59d8dda89981ceac084b3e88Timo Sirainen # Also set this password as expired to force the user to change it!
6c768e0e1ca2da178e79f7435c32ced01f6bcb24Timo Sirainen # This will need to be enhanced for CentOS 7 when systemd
129596c93692b21d6c6b1313b389774af24c2983Stephan Bosch sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.sysinit
d5c665cf2989d49922b63439ac45714e9755838aTimo Sirainen sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.d/rc.sysinit
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch cat <<EOF >${rootfs_path}/etc/init/power-status-changed.conf
7384b4e78eaab44693c985192276e31322155e32Stephan Bosch# power-status-changed - shutdown on SIGPWR
7384b4e78eaab44693c985192276e31322155e32Stephan Boschstart on power-status-changed
eb325a5a90c1d2655e74972bde0de6a699d2c864Stephan Boschexec /sbin/shutdown -h now "SIGPWR received"
3d1edb8e3a07d91860cc6b4b3cec8282caa70891Stephan Bosch # check the mini centos was not already downloaded
3d1edb8e3a07d91860cc6b4b3cec8282caa70891Stephan Bosch if [ $? -ne 0 ]; then
3d1edb8e3a07d91860cc6b4b3cec8282caa70891Stephan Bosch echo "Failed to create '$INSTALL_ROOT' directory"
fc94140acba51adafedafbc8491a3223a51db7a8Stephan Bosch YUM="yum --installroot $INSTALL_ROOT -y --nogpgcheck"
fc94140acba51adafedafbc8491a3223a51db7a8Stephan Bosch PKG_LIST="yum initscripts passwd rsyslog vim-minimal openssh-server openssh-clients dhclient chkconfig rootfiles policycoreutils"
a62fe4b300e2f591e939993aec4cac1e7ae30ad1Stephan Bosch REPO_FILE=$INSTALL_ROOT/etc/yum.repos.d/lxc-centos-temp.repo
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Boschname=local repository
7384b4e78eaab44693c985192276e31322155e32Stephan Boschbaseurl="$repo"
7384b4e78eaab44693c985192276e31322155e32Stephan Boschname=CentOS-$release - Base
7abab3b191860a3d77af5192b0649833c8a0c803Stephan Boschmirrorlist=http://mirrorlist.centos.org/?release=$release&arch=$basearch&repo=os
7384b4e78eaab44693c985192276e31322155e32Stephan Boschname=CentOS-$release - Updates
7384b4e78eaab44693c985192276e31322155e32Stephan Boschmirrorlist=http://mirrorlist.centos.org/?release=$release&arch=$basearch&repo=updates
ebe0f5e387744621b73c4db79d5891ccbe0a1321Stephan Bosch # create minimal device nodes, needed for "yum install" and "yum update" process
de96afeeaa5242cffe89f1966457e935806b5746Stephan Bosch force_mknod 666 $INSTALL_ROOT/dev/urandom c 1 9
de96afeeaa5242cffe89f1966457e935806b5746Stephan Bosch if [ $? -ne 0 ]; then
7384b4e78eaab44693c985192276e31322155e32Stephan Bosch echo "Failed to download the rootfs, aborting."
70505f4839520ac67895992621c97d2480c22e7fTimo Sirainen # use same nameservers as hosts, needed for "yum update later"
fc94140acba51adafedafbc8491a3223a51db7a8Stephan Bosch if [ ! -e $INSTALL_ROOT/var/lib/rpm/Packages -a -e $INSTALL_ROOT/$HOME/.rpmdb/Packages ]; then
a40a555561b3378c12a986b27f2651c632c8afa4Stephan Bosch mv $INSTALL_ROOT/$HOME/.rpmdb/[A-Z]* $INSTALL_ROOT/var/lib/rpm/
a40a555561b3378c12a986b27f2651c632c8afa4Stephan Bosch chroot $INSTALL_ROOT rpm --rebuilddb 2>/dev/null
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch chroot $INSTALL_ROOT rpm --quiet -q yum 2>/dev/null
de96afeeaa5242cffe89f1966457e935806b5746Stephan Bosch # if "rpm -q" doesn't work due to rpmdb version difference,
de96afeeaa5242cffe89f1966457e935806b5746Stephan Bosch # then we need to redo the process using the newly-installed yum
de96afeeaa5242cffe89f1966457e935806b5746Stephan Bosch if [ $ret -gt 0 ]; then
de96afeeaa5242cffe89f1966457e935806b5746Stephan Bosch mv $INSTALL_ROOT/etc/yum.repos.d/*.repo $INSTALL_ROOT/etc/yum.repos.disabled/
de96afeeaa5242cffe89f1966457e935806b5746Stephan Bosch cp /etc/resolv.conf $INSTALL_ROOT/$INSTALL_ROOT/etc/
de96afeeaa5242cffe89f1966457e935806b5746Stephan Bosch mknod -m 666 $INSTALL_ROOT/$INSTALL_ROOT/dev/null c 1 3
de96afeeaa5242cffe89f1966457e935806b5746Stephan Bosch mknod -m 666 $INSTALL_ROOT/$INSTALL_ROOT/dev/urandom c 1 9
de96afeeaa5242cffe89f1966457e935806b5746Stephan Bosch mkdir -p $INSTALL_ROOT/$INSTALL_ROOT/var/cache/yum
de96afeeaa5242cffe89f1966457e935806b5746Stephan Bosch cp -al $INSTALL_ROOT/var/cache/yum/* $INSTALL_ROOT/$INSTALL_ROOT/var/cache/yum/
de96afeeaa5242cffe89f1966457e935806b5746Stephan Bosch if [ $? -ne 0 ]; then
b66def5dadd3e7c250313a938d26ad113663f86bStephan Bosch echo "Failed to download the rootfs, aborting."
de96afeeaa5242cffe89f1966457e935806b5746Stephan Bosch mv $INSTALL_ROOT/$INSTALL_ROOT $INSTALL_ROOT.tmp
de96afeeaa5242cffe89f1966457e935806b5746Stephan Bosch #cp -a $cache/rootfs-$arch $rootfs_path || return 1
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch YUM="chroot $cache/rootfs yum -y --nogpgcheck"
5a37824675033747fcae3fe3fc3c0dd7ef0ca1cdStephan Bosch if [ $? -ne 0 ]; then
7384b4e78eaab44693c985192276e31322155e32Stephan Bosch if [ $? -ne 0 ]; then
if [ $? -ne 0 ]; then
if [ $? -ne 0 ]; then
if [ $? -ne 0 ]; then
while read LINE
echo ${LINE} >> $config_path/config
done < $config_path/config.def
lxc.include = @LXCTEMPLATECONFIG@/centos.common.conf
if [ $? -ne 0 ]; then
if [ ! -e $cache ]; then
flock -x 9
cat <<EOF
-R,--release Centos release for the new container. if the host is Centos, then it will defaultto the host's release.
options=$(getopt -o a:hp:n:cR: -l help,path:,rootfs:,name:,clean,release:,repo:,arch:,fqdn: -- "$@")
eval set -- "$options"
# utsname and hostname = Container_Name.Domain_Name
if [ -z "$path" ]; then
if [ -z "$release" ]; then
echo "This is not a CentOS or Redhat host and release is missing, defaulting to 6 use -R|--release to specify release"
if [ -z "$rootfs_path" ]; then
# check for 'lxc.rootfs' passed in through default config by lxc-create
if [ ! -z $clean ]; then
echo "The temporary password for root is: '$root_password'