lxc/templates/lxc-centos.in

	lxc-centos.in revision b4f7af7a520b23c873e404562ec518a576e63d4c
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield#!/bin/bash
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield#
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# template script for generating centos container for LXC
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield#
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# lxc: linux Container library
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# Authors:
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# Daniel Lezcano <daniel.lezcano@free.fr>
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# Ramez Hanna <rhanna@informatiq.org>
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# Fajar A. Nugraha <github@fajar.net>
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# Michael H. Warfield <mhw@WittsEnd.com>
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# This library is free software; you can redistribute it and/or
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# modify it under the terms of the GNU Lesser General Public
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# License as published by the Free Software Foundation; either
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# version 2.1 of the License, or (at your option) any later version.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# This library is distributed in the hope that it will be useful,
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# but WITHOUT ANY WARRANTY; without even the implied warranty of
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# Lesser General Public License for more details.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# You should have received a copy of the GNU Lesser General Public
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# License along with this library; if not, write to the Free Software
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield#Configurations
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldarch=$(arch)
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldcache_base=@LOCALSTATEDIR@/cache/lxc/centos/$arch
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfielddefault_path=@LXCPATH@
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# Some combinations of the tunning knobs below do not exactly make sense.
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# but that's ok.
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield#
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# If the "root_password" is non-blank, use it, else set a default.
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# This can be passed to the script as an environment variable and is
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# set by a shell conditional assignment.  Looks weird but it is what it is.
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield#
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# If the root password contains a ding ($) then try to expand it.
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# That will pick up things like ${name} and ${RANDOM}.
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# If the root password contians more than 3 consecutive X's, pass it as
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# a template to mktemp and take the result.
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield#
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# If root_display_password = yes, display the temporary root password at exit.
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# If root_store_password = yes, store it in the configuration directory
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# If root_prompt_password = yes, invoke "passwd" to force the user to change
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# the root password after the container is created.
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield#
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# These are conditional assignments...  The can be overridden from the
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# preexisting environment variables...
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield#
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# Make sure this is in single quotes to defer expansion to later!
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# :{root_password='Root-${name}-${RANDOM}'}
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield: ${root_password='Root-${name}-XXXXXX'}
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# Now, it doesn't make much sense to display, store, and force change
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# together.  But, we gotta test, right???
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield: ${root_display_password='no'}
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield: ${root_store_password='yes'}
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# Prompting for something interactive has potential for mayhem
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# with users running under the API...  Don't default to "yes"
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield: ${root_prompt_password='no'}
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# These are only going into comments in the resulting config...
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldlxc_network_type=veth
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldlxc_network_link=lxcbr0
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# is this centos?
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# Alow for weird remixes like the Raspberry Pi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield#
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# Use the Mitre standard CPE identifier for the release ID if possible...
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# This may be in /etc/os-release or /etc/system-release-cpe.  We
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# should be able to use EITHER.  Give preference to /etc/os-release for now.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldif [ -e /etc/os-release ]
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldthen
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# This is a shell friendly configuration file.  We can just source it.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# What we're looking for in here is the ID, VERSION_ID and the CPE_NAME
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    . /etc/os-release
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    echo "Host CPE ID from /etc/os-release: ${CPE_NAME}"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldfi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldif [ "${CPE_NAME}" = "" -a -e /etc/system-release-cpe ]
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldthen
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    CPE_NAME=$(head -n1 /etc/system-release-cpe)
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield    CPE_URI=$(expr ${CPE_NAME} : '\([^:]*:[^:]*\)')
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    if [ "${CPE_URI}" != "cpe:/o" ]
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        CPE_NAME=
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    else
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        # Probably a better way to do this but sill remain posix
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        # compatible but this works, shrug...
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        # Must be nice and not introduce convenient bashisms here.
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield        #
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield        # According to the official registration at Mitre and NIST,
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield        # this should have been something like this for CentOS:
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield        #    cpe:/o:centos:centos:6
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield        # or this:
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield        #    cpe:/o:centos:centos:6.5
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield        #
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        ID=$(expr ${CPE_NAME} : '[^:]*:[^:]*:[^:]*:\([^:]*\)')
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield        # The "enterprise_linux" is a bone toss back to RHEL.
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield        # Since CentOS and RHEL are so tightly coupled, we'll
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield        # take the RHEL version if we're running on it and do the
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield        # equivalent version for CentOS.
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield        if [ ${ID} = "linux" -o ${ID} = "enterprise_linux" ]
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield        then
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield                # Instead we got this: cpe:/o:centos:linux:6
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield                ID=$(expr ${CPE_NAME} : '[^:]*:[^:]*:\([^:]*\)')
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield        fi
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        VERSION_ID=$(expr ${CPE_NAME} : '[^:]*:[^:]*:[^:]*:[^:]*:\([^:]*\)')
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield        echo "Host CPE ID from /etc/system-release-cpe: ${CPE_NAME}"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    fi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldfi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldif [ "${CPE_NAME}" != "" -a "${ID}" = "centos" -a "${VERSION_ID}" != "" ]
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldthen
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    centos_host_ver=${VERSION_ID}
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    is_centos=true
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfieldelif [ "${CPE_NAME}" != "" -a "${ID}" = "redhat" -a "${VERSION_ID}" != "" ]
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfieldthen
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield    redhat_host_ver=${VERSION_ID}
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield    is_redhat=true
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfieldelif [ -e /etc/centos-release ]
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldthen
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    # Only if all other methods fail, try to parse the redhat-release file.
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield    centos_host_ver=$( sed -e '/^CentOS /!d' -e 's/CentOS.*\srelease\s*\([0-9][0-9.]*\)\s.*/\1/' < /etc/centos-release )
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    if [ "$centos_host_ver" != "" ]
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        is_centos=true
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    fi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldfi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# Map a few architectures to their generic Centos repository archs.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield#
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# CentOS currently doesn't support ARM but it's copied here from
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# the Fedora template for completeness and that it will in the future.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield#
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# The two ARM archs are a bit of a guesstimate for the v5 and v6
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# archs.  V6 should have hardware floating point (Rasberry Pi).
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# The "arm" arch is safer (no hardware floating point).  So
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# there may be cases where we "get it wrong" for some v6 other
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# than RPi.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldcase "$arch" in
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldi686) arch=i386 ;;
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldarmv3l|armv4l|armv5l) arch=arm ;;
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldarmv6l|armv7l|armv8l) arch=armhfp ;;
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldesac
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldforce_mknod()
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield{
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    # delete a device node if exists, and create a new one
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    rm -f $2 && mknod -m $1 $2 $3 $4 $5
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield}
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldconfigure_centos()
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield{
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    # disable selinux in centos
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    mkdir -p $rootfs_path/selinux
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    echo 0 > $rootfs_path/selinux/enforce
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    # Also kill it in the /etc/selinux/config file if it's there...
17abf2784de1047fb2904ff130ee5efe4ea7b598Elan Ruusamäe    if [ -f $rootfs_path/etc/selinux/config ]
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        sed -i '/^SELINUX=/s/.*/SELINUX=disabled/' $rootfs_path/etc/selinux/config
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    fi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    # Nice catch from Dwight Engen in the Oracle template.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    # Wantonly plagerized here with much appreciation.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    if [ -f $rootfs_path/usr/sbin/selinuxenabled ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        mv $rootfs_path/usr/sbin/selinuxenabled $rootfs_path/usr/sbin/selinuxenabled.lxcorig
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        ln -s /bin/false $rootfs_path/usr/sbin/selinuxenabled
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    fi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    # This is a known problem and documented in RedHat bugzilla as relating
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    # to a problem with auditing enabled.  This prevents an error in
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    # the container "Cannot make/remove an entry for the specified session"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    sed -i '/^session.*pam_loginuid.so/s/^session/# session/' ${rootfs_path}/etc/pam.d/login
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    sed -i '/^session.*pam_loginuid.so/s/^session/# session/' ${rootfs_path}/etc/pam.d/sshd
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield    if [ -f ${rootfs_path}/etc/pam.d/crond ]
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield    then
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield        sed -i '/^session.*pam_loginuid.so/s/^session/# session/' ${rootfs_path}/etc/pam.d/crond
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield    fi
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield    # In addition to disabling pam_loginuid in the above config files
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield    # we'll also disable it by linking it to pam_permit to catch any
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield    # we missed or any that get installed after the container is built.
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield    #
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield    # Catch either or both 32 and 64 bit archs.
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield    if [ -f ${rootfs_path}/lib/security/pam_loginuid.so ]
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield    then
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield        ( cd ${rootfs_path}/lib/security/
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield        mv pam_loginuid.so pam_loginuid.so.disabled
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield        ln -s pam_permit.so pam_loginuid.so
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield        )
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield    fi
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield    if [ -f ${rootfs_path}/lib64/security/pam_loginuid.so ]
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield    then
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield        ( cd ${rootfs_path}/lib64/security/
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield        mv pam_loginuid.so pam_loginuid.so.disabled
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield        ln -s pam_permit.so pam_loginuid.so
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield        )
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield    fi
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield    # Deal with some dain bramage in the /etc/init.d/halt script.
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield    # Trim it and make it our own and link it in before the default
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield    # halt script so we can intercept it.  This also preventions package
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield    # updates from interferring with our interferring with it.
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield    #
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield    # There's generally not much in the halt script that useful but what's
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield    # in there from resetting the hardware clock down is generally very bad.
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield    # So we just eliminate the whole bottom half of that script in making
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield    # ourselves a copy.  That way a major update to the init scripts won't
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield    # trash what we've set up.
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield    if [ -f ${rootfs_path}/etc/init.d/halt ]
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield    then
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield        sed -e '/hwclock/,$d' \
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield            < ${rootfs_path}/etc/init.d/halt \
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield            > ${rootfs_path}/etc/init.d/lxc-halt
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield        echo '$command -f' >> ${rootfs_path}/etc/init.d/lxc-halt
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield        chmod 755 ${rootfs_path}/etc/init.d/lxc-halt
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield        # Link them into the rc directories...
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield        (
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield             cd ${rootfs_path}/etc/rc.d/rc0.d
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield             ln -s ../init.d/lxc-halt S00lxc-halt
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield             cd ${rootfs_path}/etc/rc.d/rc6.d
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield             ln -s ../init.d/lxc-halt S00lxc-reboot
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield        )
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield    fi
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield
99c2fb07d74c20d0eec38c05c4ac64e5782d8e7dMichael H. Warfield    # configure the network using the dhcp
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    cat <<EOF > ${rootfs_path}/etc/sysconfig/network-scripts/ifcfg-eth0
164105f6563d98b832f603e28e506dbabed22cf3Michael H. WarfieldDEVICE=eth0
164105f6563d98b832f603e28e506dbabed22cf3Michael H. WarfieldBOOTPROTO=dhcp
164105f6563d98b832f603e28e506dbabed22cf3Michael H. WarfieldONBOOT=yes
164105f6563d98b832f603e28e506dbabed22cf3Michael H. WarfieldHOSTNAME=${UTSNAME}
164105f6563d98b832f603e28e506dbabed22cf3Michael H. WarfieldNM_CONTROLLED=no
164105f6563d98b832f603e28e506dbabed22cf3Michael H. WarfieldTYPE=Ethernet
164105f6563d98b832f603e28e506dbabed22cf3Michael H. WarfieldMTU=${MTU}
164105f6563d98b832f603e28e506dbabed22cf3Michael H. WarfieldEOF
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    # set the hostname
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    cat <<EOF > ${rootfs_path}/etc/sysconfig/network
164105f6563d98b832f603e28e506dbabed22cf3Michael H. WarfieldNETWORKING=yes
164105f6563d98b832f603e28e506dbabed22cf3Michael H. WarfieldHOSTNAME=${UTSNAME}
164105f6563d98b832f603e28e506dbabed22cf3Michael H. WarfieldEOF
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    # set minimal hosts
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    cat <<EOF > $rootfs_path/etc/hosts
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield127.0.0.1 localhost $name
164105f6563d98b832f603e28e506dbabed22cf3Michael H. WarfieldEOF
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    # set minimal fstab
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    cat <<EOF > $rootfs_path/etc/fstab
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield/dev/root               /                       rootfs   defaults        0 0
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldnone                    /dev/shm                tmpfs    nosuid,nodev    0 0
164105f6563d98b832f603e28e506dbabed22cf3Michael H. WarfieldEOF
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    # create lxc compatibility init script
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    if [ "$release" = "6" ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        cat <<EOF > $rootfs_path/etc/init/lxc-sysinit.conf
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldstart on startup
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldenv container
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldpre-start script
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        if [ "x$container" != "xlxc" -a "x$container" != "xlibvirt" ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield                stop;
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        fi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        initctl start tty TTY=console
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        rm -f /var/lock/subsys/*
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        rm -f /var/run/*.pid
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        telinit 3
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        exit 0;
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldend script
164105f6563d98b832f603e28e506dbabed22cf3Michael H. WarfieldEOF
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    elif [ "$release" = "5" ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        cat <<EOF > $rootfs_path/etc/rc.d/lxc.sysinit
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield#! /bin/bash
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldrm -f /etc/mtab /var/run/*.{pid,lock} /var/lock/subsys/*
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldrm -rf {/,/var}/tmp/*
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldecho "/dev/root               /                       rootfs   defaults        0 0" > /etc/mtab
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldexit 0
164105f6563d98b832f603e28e506dbabed22cf3Michael H. WarfieldEOF
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        chmod 755 $rootfs_path/etc/rc.d/lxc.sysinit
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        sed -i 's|si::sysinit:/etc/rc.d/rc.sysinit|si::bootwait:/etc/rc.d/lxc.sysinit|'  $rootfs_path/etc/inittab
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        sed -i 's|^1:|co:2345:respawn:/sbin/mingetty console\n1:|' $rootfs_path/etc/inittab
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        sed -i 's|^\([56]:\)|#\1|' $rootfs_path/etc/inittab
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    fi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    dev_path="${rootfs_path}/dev"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    rm -rf $dev_path
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    mkdir -p $dev_path
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    mknod -m 666 ${dev_path}/null c 1 3
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    mknod -m 666 ${dev_path}/zero c 1 5
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    mknod -m 666 ${dev_path}/random c 1 8
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    mknod -m 666 ${dev_path}/urandom c 1 9
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    mkdir -m 755 ${dev_path}/pts
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    mkdir -m 1777 ${dev_path}/shm
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    mknod -m 666 ${dev_path}/tty c 5 0
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    mknod -m 666 ${dev_path}/tty0 c 4 0
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    mknod -m 666 ${dev_path}/tty1 c 4 1
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    mknod -m 666 ${dev_path}/tty2 c 4 2
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    mknod -m 666 ${dev_path}/tty3 c 4 3
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    mknod -m 666 ${dev_path}/tty4 c 4 4
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    mknod -m 600 ${dev_path}/console c 5 1
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    mknod -m 666 ${dev_path}/full c 1 7
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    mknod -m 600 ${dev_path}/initctl p
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    mknod -m 666 ${dev_path}/ptmx c 5 2
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield    if [ ${root_display_password} = "yes" ]
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield    then
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield        echo "Setting root password to '$root_password'"
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield    fi
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield    if [ ${root_store_password} = "yes" ]
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield    then
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield        touch ${config_path}/tmp_root_pass
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield        chmod 600 ${config_path}/tmp_root_pass
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield        echo ${root_password} > ${config_path}/tmp_root_pass
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield        echo "Storing root password in '${config_path}/tmp_root_pass'"
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield    fi
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    echo "root:$root_password" | chroot $rootfs_path chpasswd
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield    # Also set this password as expired to force the user to change it!
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield    chroot $rootfs_path passwd -e root
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    # This will need to be enhanced for CentOS 7 when systemd
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    # comes into play...   /\/\|=mhw=|\/\/
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    return 0
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield}
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldconfigure_centos_init()
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield{
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.sysinit
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.d/rc.sysinit
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    if [ "$release" = "6" ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        chroot ${rootfs_path} chkconfig udev-post off
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    fi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    chroot ${rootfs_path} chkconfig network on
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield}
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfielddownload_centos()
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield{
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    # check the mini centos was not already downloaded
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    INSTALL_ROOT=$cache/partial
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    mkdir -p $INSTALL_ROOT
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    if [ $? -ne 0 ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    echo "Failed to create '$INSTALL_ROOT' directory"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    return 1
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    fi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    # download a mini centos into a cache
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    echo "Downloading centos minimal ..."
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    YUM="yum --installroot $INSTALL_ROOT -y --nogpgcheck"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    PKG_LIST="yum initscripts passwd rsyslog vim-minimal openssh-server openssh-clients dhclient chkconfig rootfiles policycoreutils"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    # use temporary repository definition
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    REPO_FILE=$INSTALL_ROOT/etc/yum.repos.d/lxc-centos-temp.repo
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    mkdir -p $(dirname $REPO_FILE)
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    cat <<EOF > $REPO_FILE
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield[base]
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldname=CentOS-$release - Base
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldmirrorlist=http://mirrorlist.centos.org/?release=$release&arch=$arch&repo=os
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield[updates]
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldname=CentOS-$release - Updates
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldmirrorlist=http://mirrorlist.centos.org/?release=$release&arch=$arch&repo=updates
164105f6563d98b832f603e28e506dbabed22cf3Michael H. WarfieldEOF
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    # create minimal device nodes, needed for "yum install" and "yum update" process
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    mkdir -p $INSTALL_ROOT/dev
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    force_mknod 666 $INSTALL_ROOT/dev/null c 1 3
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    force_mknod 666 $INSTALL_ROOT/dev/urandom c 1 9
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    $YUM install $PKG_LIST
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    if [ $? -ne 0 ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        echo "Failed to download the rootfs, aborting."
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        return 1
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    fi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    # use same nameservers as hosts, needed for "yum update later"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    cp /etc/resolv.conf $INSTALL_ROOT/etc/
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    # check whether rpmdb is under $HOME
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    if [ ! -e $INSTALL_ROOT/var/lib/rpm/Packages -a -e $INSTALL_ROOT/$HOME/.rpmdb/Packages ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        echo "Fixing rpmdb location ..."
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        mv $INSTALL_ROOT/$HOME/.rpmdb/[A-Z]* $INSTALL_ROOT/var/lib/rpm/
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        rm -rf $INSTALL_ROOT/$HOME/.rpmdb
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        chroot $INSTALL_ROOT rpm --rebuilddb 2>/dev/null
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    fi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    # check whether rpmdb version is correct
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    chroot $INSTALL_ROOT rpm --quiet -q yum 2>/dev/null
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    ret=$?
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    # if "rpm -q" doesn't work due to rpmdb version difference,
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    # then we need to redo the process using the newly-installed yum
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    if [ $ret -gt 0 ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        echo "Reinstalling packages ..."
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        mv $REPO_FILE $REPO_FILE.tmp
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        mkdir $INSTALL_ROOT/etc/yum.repos.disabled
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        mv $INSTALL_ROOT/etc/yum.repos.d/*.repo $INSTALL_ROOT/etc/yum.repos.disabled/
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        mv $REPO_FILE.tmp $REPO_FILE
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        mkdir -p $INSTALL_ROOT/$INSTALL_ROOT/etc
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        cp /etc/resolv.conf $INSTALL_ROOT/$INSTALL_ROOT/etc/
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        mkdir -p $INSTALL_ROOT/$INSTALL_ROOT/dev
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        mknod -m 666 $INSTALL_ROOT/$INSTALL_ROOT/dev/null c 1 3
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        mknod -m 666 $INSTALL_ROOT/$INSTALL_ROOT/dev/urandom c 1 9
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        mkdir -p $INSTALL_ROOT/$INSTALL_ROOT/var/cache/yum
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        cp -al $INSTALL_ROOT/var/cache/yum/* $INSTALL_ROOT/$INSTALL_ROOT/var/cache/yum/
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        chroot $INSTALL_ROOT $YUM install $PKG_LIST
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        if [ $? -ne 0 ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield            echo "Failed to download the rootfs, aborting."
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield            return 1
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        fi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        mv $INSTALL_ROOT/$INSTALL_ROOT $INSTALL_ROOT.tmp
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        rm -rf $INSTALL_ROOT
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        mv $INSTALL_ROOT.tmp $INSTALL_ROOT
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    fi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    rm -f $REPO_FILE
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    rm -rf $INSTALL_ROOT/var/cache/yum/*
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    mv "$INSTALL_ROOT" "$cache/rootfs"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    echo "Download complete."
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    return 0
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield}
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldcopy_centos()
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield{
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    # make a local copy of the mini centos
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    echo -n "Copying rootfs to $rootfs_path ..."
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    #cp -a $cache/rootfs-$arch $rootfs_path || return 1
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    # i prefer rsync (no reason really)
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    mkdir -p $rootfs_path
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    rsync -a $cache/rootfs/ $rootfs_path/
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield    echo
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    return 0
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield}
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldupdate_centos()
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield{
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    YUM="chroot $cache/rootfs yum -y --nogpgcheck"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    $YUM update
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    if [ $? -ne 0 ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        return 1
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    fi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    $YUM clean packages
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield}
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldinstall_centos()
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield{
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    mkdir -p /var/lock/subsys/
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    (
17abf2784de1047fb2904ff130ee5efe4ea7b598Elan Ruusamäe    flock -x 9
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    if [ $? -ne 0 ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        echo "Cache repository is busy."
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        return 1
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    fi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    echo "Checking cache download in $cache/rootfs ... "
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    if [ ! -e "$cache/rootfs" ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        download_centos
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        if [ $? -ne 0 ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield            echo "Failed to download 'centos base'"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield            return 1
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        fi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    else
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        echo "Cache found. Updating..."
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        update_centos
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        if [ $? -ne 0 ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield            echo "Failed to update 'centos base', continuing with last known good cache"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        else
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield            echo "Update finished"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        fi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    fi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    echo "Copy $cache/rootfs to $rootfs_path ... "
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    copy_centos
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    if [ $? -ne 0 ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        echo "Failed to copy rootfs"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        return 1
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    fi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    return 0
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
17abf2784de1047fb2904ff130ee5efe4ea7b598Elan Ruusamäe    ) 9>/var/lock/subsys/lxc-centos
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    return $?
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield}
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfieldcreate_hwaddr()
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield{
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield    echo $(dd if=/dev/urandom bs=8 count=1 2>/dev/null | md5sum |
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield        sed -e 's/\(..\)\(..\)\(..\)\(..\)\(..\).*/fe:\1:\2:\3:\4:\5/')
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield}
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfieldcopy_configuration()
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield{
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    mkdir -p $config_path
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield    grep -q "^lxc.rootfs" $config_path/config 2>/dev/null || echo "
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfieldlxc.rootfs = $rootfs_path
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield" >> $config_path/config
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield    # The following code is to create static MAC addresses for each
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield    # interface in the container.  This code will work for multiple
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield    # interfaces in the default config.
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield    mv $config_path/config $config_path/config.def
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield    while read LINE
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield    do
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield        # This should catch variable expansions from the default config...
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield        if expr "${LINE}" : '.*\$' > /dev/null 2>&1
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield        then
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield                LINE=$(eval "echo \"${LINE}\"")
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield        fi
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield        # There is a tab and a space in the regex bracket below!
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield        # Seems that \s doesn't work in brackets.
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield        KEY=$(expr "${LINE}" : '\s*\([^  ]*\)\s*=')
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield        if [[ "${KEY}" != "lxc.network.hwaddr" ]]
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield        then
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield            echo ${LINE} >> $config_path/config
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield            if [[ "${KEY}" == "lxc.network.link" ]]
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield            then
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield                echo "lxc.network.hwaddr = $(create_hwaddr)" >> $config_path/config
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield            fi
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield        fi
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield    done < $config_path/config.def
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield    rm -f $config_path/config.def
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    cat <<EOF >> $config_path/config
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldlxc.utsname = $utsname
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldlxc.tty = 4
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldlxc.pts = 1024
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfieldlxc.mount = $config_path/fstab
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldlxc.cap.drop = sys_module mac_admin mac_override sys_time
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldlxc.autodev = $auto_dev
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# When using LXC with apparmor, uncomment the next line to run unconfined:
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield#lxc.aa_profile = unconfined
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# example simple networking setup, uncomment to enable
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield#lxc.network.type = $lxc_network_type
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield#lxc.network.flags = up
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield#lxc.network.link = $lxc_network_link
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield#lxc.network.name = eth0
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# Additional example for veth network type
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield#    static MAC address,
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield#lxc.network.hwaddr = 00:16:3e:77:52:20
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield#    persistent veth device name on host side
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield#        Note: This may potentially collide with other containers of same name!
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield#lxc.network.veth.pair = v-$name-e0
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield#cgroups
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldlxc.cgroup.devices.deny = a
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# /dev/null and zero
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldlxc.cgroup.devices.allow = c 1:3 rwm
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldlxc.cgroup.devices.allow = c 1:5 rwm
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# consoles
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldlxc.cgroup.devices.allow = c 5:1 rwm
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldlxc.cgroup.devices.allow = c 5:0 rwm
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# /dev/{,u}random
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldlxc.cgroup.devices.allow = c 1:9 rwm
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldlxc.cgroup.devices.allow = c 1:8 rwm
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldlxc.cgroup.devices.allow = c 136:* rwm
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldlxc.cgroup.devices.allow = c 5:2 rwm
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# rtc
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldlxc.cgroup.devices.allow = c 254:0 rwm
164105f6563d98b832f603e28e506dbabed22cf3Michael H. WarfieldEOF
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    cat <<EOF > $config_path/fstab
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldproc            proc         proc    nodev,noexec,nosuid 0 0
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldsysfs           sys          sysfs defaults  0 0
164105f6563d98b832f603e28e506dbabed22cf3Michael H. WarfieldEOF
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    if [ $? -ne 0 ]; then
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield        echo "Failed to add configuration"
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield        return 1
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    fi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    return 0
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield}
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldclean()
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield{
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    if [ ! -e $cache ]; then
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield        exit 0
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    fi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    # lock, so we won't purge while someone is creating a repository
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    (
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield        flock -x 9
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield        if [ $? != 0 ]; then
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield            echo "Cache repository is busy."
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield            exit 1
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield        fi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield        echo -n "Purging the download cache for centos-$release..."
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield        rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield        exit 0
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield    ) 9>@LOCALSTATEDIR@/lock/subsys/lxc-centos
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield}
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldusage()
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield{
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    cat <<EOF
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldusage:
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    $1 -n|--name=<container_name>
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        [-p|--path=<path>] [-c|--clean] [-R|--release=<CentOS_release>] [-A|--arch=<arch of the container>]
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        [-h|--help]
164105f6563d98b832f603e28e506dbabed22cf3Michael H. WarfieldMandatory args:
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield  -n,--name         container name, used to as an identifier for that container from now on
164105f6563d98b832f603e28e506dbabed22cf3Michael H. WarfieldOptional args:
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield  -p,--path         path to where the container rootfs will be created, defaults to /var/lib/lxc. The container config will go under /var/lib/lxc in that case
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield  -c,--clean        clean the cache
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield  -R,--release      Centos release for the new container. if the host is Centos, then it will defaultto the host's release.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield     --fqdn         fully qualified domain name (FQDN) for DNS and system naming
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield  -A,--arch         NOT USED YET. Define what arch the container will be [i686,x86_64]
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield  -h,--help         print this help
164105f6563d98b832f603e28e506dbabed22cf3Michael H. WarfieldEOF
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    return 0
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield}
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldoptions=$(getopt -o hp:n:cR: -l help,path:,rootfs:,name:,clean,release:,fqdn: -- "$@")
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldif [ $? -ne 0 ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    usage $(basename $0)
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    exit 1
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldfi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldeval set -- "$options"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldwhile true
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfielddo
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    case "$1" in
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        -h|--help)      usage $0 && exit 0;;
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        -p|--path)      path=$2; shift 2;;
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        --rootfs)       rootfs=$2; shift 2;;
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        -n|--name)      name=$2; shift 2;;
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        -c|--clean)     clean=$2; shift 2;;
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        -R|--release)   release=$2; shift 2;;
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        --fqdn)         utsname=$2; shift 2;;
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        --)             shift 1; break ;;
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        *)              break ;;
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    esac
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfielddone
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldif [ ! -z "$clean" -a -z "$path" ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    clean || exit 1
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    exit 0
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldfi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# Let's do something better for the initial root password.
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# It's not perfect but it will defeat common scanning brute force
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# attacks in the case where ssh is exposed.  It will also be set to
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield# expired, forcing the user to change it at first login.
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfieldif [ "${root_password}" = "" ]
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfieldthen
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield    root_password=Root-${name}-${RANDOM}
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfieldelse
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield    # If it's got a ding in it, try and expand it!
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield    if [ $(expr "${root_password}" : '.*$.') != 0 ]
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield    then
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield        root_password=$(eval echo "${root_password}")
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield    fi
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield    # If it has more than 3 consequtive X's in it, feed it
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield    # through mktemp as a template.
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield    if [ $(expr "${root_password}" : '.*XXXX') != 0 ]
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield    then
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield        root_password=$(mktemp -u ${root_password})
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield    fi
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfieldfi
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldif [ -z "${utsname}" ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    utsname=${name}
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldfi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# This follows a standard "resolver" convention that an FQDN must have
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# at least two dots or it is considered a local relative host name.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# If it doesn't, append the dns domain name of the host system.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield#
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# This changes one significant behavior when running
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# "lxc_create -n Container_Name" without using the
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# --fqdn option.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield#
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# Old behavior:
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield#    utsname and hostname = Container_Name
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# New behavior:
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield#    utsname and hostname = Container_Name.Domain_Name
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldif [ $(expr "$utsname" : '.*\..*\.') = 0 ]; then
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield    if [[ "$(dnsdomainname)" != "" && "$(dnsdomainname)" != "localdomain" ]]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        utsname=${utsname}.$(dnsdomainname)
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    fi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldfi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldtype yum >/dev/null 2>&1
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldif [ $? -ne 0 ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    echo "'yum' command is missing"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    exit 1
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldfi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldif [ -z "$path" ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    path=$default_path/$name
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldfi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldif [ -z "$release" ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    if [ "$is_centos" -a "$centos_host_ver" ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        release=$centos_host_ver
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield    elif [ "$is_redhat" -a "$redhat_host_ver" ]; then
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield        # This is needed to clean out bullshit like 6workstation and 6server.
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield        release=$(expr $redhat_host_ver : '\([0-9.]*\)')
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    else
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield        echo "This is not a CentOS or Redhat host and release is missing, defaulting to 6 use -R|--release to specify release"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        release=6
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    fi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldfi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# CentOS 7 and above should run systemd.  We need autodev enabled to keep
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# systemd from causing problems.
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield#
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield# There is some ambiguity here due to the differnce between versioning
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield# of point specific releases such as 6.5 and the rolling release 6.  We
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield# only want the major number here if it's a point release...
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfield
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfieldmrelease=$(expr $release : '\([0-9]*\)')
c6df5ca4603c630a7189cdb1653c96bd2808c7e5Michael H. Warfieldif [ $mrelease -gt 6 ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    auto_dev="1"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldelse
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    auto_dev="0"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldfi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldif [ "$(id -u)" != "0" ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    echo "This script should be run as 'root'"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    exit 1
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldfi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldif [ -z "$rootfs_path" ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    rootfs_path=$path/rootfs
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    # check for 'lxc.rootfs' passed in through default config by lxc-create
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    if grep -q '^lxc.rootfs' $path/config 2>/dev/null ; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield        rootfs_path=`grep 'lxc.rootfs =' $path/config | awk -F= '{ print $2 }'`
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    fi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldfi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldconfig_path=$default_path/$name
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldcache=$cache_base/$release
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldrevert()
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield{
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    echo "Interrupted, so cleaning up"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    lxc-destroy -n $name
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    # maybe was interrupted before copy config
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    rm -rf $path
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    rm -rf $default_path/$name
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    echo "exiting..."
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    exit 1
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield}
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldtrap revert SIGHUP SIGINT SIGTERM
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldcopy_configuration
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldif [ $? -ne 0 ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    echo "failed write configuration file"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    exit 1
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldfi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldinstall_centos
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldif [ $? -ne 0 ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    echo "failed to install centos"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    exit 1
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldfi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldconfigure_centos
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldif [ $? -ne 0 ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    echo "failed to configure centos for a container"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    exit 1
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldfi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldconfigure_centos_init
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldif [ ! -z $clean ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    clean || exit 1
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield    exit 0
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldfi
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfieldecho "
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. WarfieldContainer rootfs and config have been created.
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. WarfieldEdit the config file to check/enable networking setup.
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield"
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfieldif [ ${root_display_password} = "yes" ]
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfieldthen
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield    echo "The temporary password for root is: '$root_password'
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. WarfieldYou may want to note that password down before starting the container.
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield"
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfieldfi
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfieldif [ ${root_store_password} = "yes" ]
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfieldthen
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield    echo "The temporary root password is stored in:
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield        '${config_path}/tmp_root_pass'
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield"
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfieldfi
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfieldif [ ${root_prompt_password} = "yes" ]
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfieldthen
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield    echo "Invoking the passwd command in the container to set the root password.
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield        chroot ${rootfs_path} passwd
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield"
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield    chroot ${rootfs_path} passwd
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfieldelse
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield    echo "
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. WarfieldThe root password is set up as "expired" and will require it to be changed
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfieldat first login, which you should do as soon as possible.  If you lose the
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfieldroot password or wish to change it without starting the container, you
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfieldcan change it from the host by running the following command (which will
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfieldalso reset the expired flag):
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield        chroot ${rootfs_path} passwd
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfield"
b4f7af7a520b23c873e404562ec518a576e63d4cMichael H. Warfieldfi