lxc-centos.in revision d510d5224b0ddfc831c85ec3bca944f949ebd84f
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# template script for generating centos container for LXC
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# lxc: linux Container library
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# Daniel Lezcano <daniel.lezcano@free.fr>
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# Ramez Hanna <rhanna@informatiq.org>
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# Fajar A. Nugraha <github@fajar.net>
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# Michael H. Warfield <mhw@WittsEnd.com>
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# This library is free software; you can redistribute it and/or
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# modify it under the terms of the GNU Lesser General Public
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# License as published by the Free Software Foundation; either
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# version 2.1 of the License, or (at your option) any later version.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# This library is distributed in the hope that it will be useful,
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# but WITHOUT ANY WARRANTY; without even the implied warranty of
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# Lesser General Public License for more details.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# You should have received a copy of the GNU Lesser General Public
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# License along with this library; if not, write to the Free Software
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield#Configurations
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# Some combinations of the tuning knobs below do not exactly make sense.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# but that's ok.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# If the "root_password" is non-blank, use it, else set a default.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# This can be passed to the script as an environment variable and is
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# set by a shell conditional assignment. Looks weird but it is what it is.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# If the root password contains a ding ($) then try to expand it.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# That will pick up things like ${name} and ${RANDOM}.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# If the root password contains more than 3 consecutive X's, pass it as
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# a template to mktemp and take the result.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# If root_display_password = yes, display the temporary root password at exit.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# If root_store_password = yes, store it in the configuration directory
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# If root_prompt_password = yes, invoke "passwd" to force the user to change
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# the root password after the container is created.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# If root_expire_password = yes, you will be prompted to change the root
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# password at the first login.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# These are conditional assignments... The can be overridden from the
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# preexisting environment variables...
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# Make sure this is in single quotes to defer expansion to later!
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# :{root_password='Root-${name}-${RANDOM}'}
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# Now, it doesn't make much sense to display, store, and force change
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# together. But, we gotta test, right???
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# Prompting for something interactive has potential for mayhem
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# with users running under the API... Don't default to "yes"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# Expire root password? Default to yes, but can be overridden from
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# the environment variable
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# These are only going into comments in the resulting config...
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# is this centos?
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# Alow for weird remixes like the Raspberry Pi
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# Use the Mitre standard CPE identifier for the release ID if possible...
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# This may be in /etc/os-release or /etc/system-release-cpe. We
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# should be able to use EITHER. Give preference to /etc/os-release for now.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# Detect use under userns (unsupported)
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if [ "$arg" = "--mapped-uid" -o "$arg" = "--mapped-gid" ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield echo "This template can't be used for unprivileged containers." 1>&2
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield echo "You may want to try the \"download\" template instead." 1>&2
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# Make sure the usual locations are in PATH
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldexport PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# This is a shell friendly configuration file. We can just source it.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# What we're looking for in here is the ID, VERSION_ID and the CPE_NAME
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield echo "Host CPE ID from /etc/os-release: ${CPE_NAME}"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldif [ "${CPE_NAME}" = "" -a -e /etc/system-release-cpe ]
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield CPE_NAME=$(head -n1 /etc/system-release-cpe)
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield CPE_URI=$(expr ${CPE_NAME} : '\([^:]*:[^:]*\)')
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # Probably a better way to do this but sill remain posix
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # compatible but this works, shrug...
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # Must be nice and not introduce convenient bashisms here.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # According to the official registration at Mitre and NIST,
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # this should have been something like this for CentOS:
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # cpe:/o:centos:centos:6
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # cpe:/o:centos:centos:6.5
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield ID=$(expr ${CPE_NAME} : '[^:]*:[^:]*:[^:]*:\([^:]*\)')
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # The "enterprise_linux" is a bone toss back to RHEL.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # Since CentOS and RHEL are so tightly coupled, we'll
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # take the RHEL version if we're running on it and do the
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # equivalent version for CentOS.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if [ ${ID} = "linux" -o ${ID} = "enterprise_linux" ]
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # Instead we got this: cpe:/o:centos:linux:6
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield ID=$(expr ${CPE_NAME} : '[^:]*:[^:]*:\([^:]*\)')
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield VERSION_ID=$(expr ${CPE_NAME} : '[^:]*:[^:]*:[^:]*:[^:]*:\([^:]*\)')
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield echo "Host CPE ID from /etc/system-release-cpe: ${CPE_NAME}"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldif [ "${CPE_NAME}" != "" -a "${ID}" = "centos" -a "${VERSION_ID}" != "" ]
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldelif [ "${CPE_NAME}" != "" -a "${ID}" = "redhat" -a "${VERSION_ID}" != "" ]
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # Only if all other methods fail, try to parse the redhat-release file.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield centos_host_ver=$( sed -e '/^CentOS /!d' -e 's/CentOS.*\srelease\s*\([0-9][0-9.]*\)\s.*/\1/' < /etc/centos-release )
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # delete a device node if exists, and create a new one
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield rm -f $2 && mknod -m $1 $2 $3 $4 $5
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # Also kill it in the /etc/selinux/config file if it's there...
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if [ -f $rootfs_path/etc/selinux/config ]
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield sed -i '/^SELINUX=/s/.*/SELINUX=disabled/' $rootfs_path/etc/selinux/config
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # Nice catch from Dwight Engen in the Oracle template.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # Wantonly plagerized here with much appreciation.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if [ -f $rootfs_path/usr/sbin/selinuxenabled ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mv $rootfs_path/usr/sbin/selinuxenabled $rootfs_path/usr/sbin/selinuxenabled.lxcorig
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield ln -s /bin/false $rootfs_path/usr/sbin/selinuxenabled
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # This is a known problem and documented in RedHat bugzilla as relating
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # to a problem with auditing enabled. This prevents an error in
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # the container "Cannot make/remove an entry for the specified session"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield sed -i '/^session.*pam_loginuid.so/s/^session/# session/' ${rootfs_path}/etc/pam.d/login
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield sed -i '/^session.*pam_loginuid.so/s/^session/# session/' ${rootfs_path}/etc/pam.d/sshd
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if [ -f ${rootfs_path}/etc/pam.d/crond ]
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield sed -i '/^session.*pam_loginuid.so/s/^session/# session/' ${rootfs_path}/etc/pam.d/crond
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # In addition to disabling pam_loginuid in the above config files
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # we'll also disable it by linking it to pam_permit to catch any
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # we missed or any that get installed after the container is built.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # Catch either or both 32 and 64 bit archs.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if [ -f ${rootfs_path}/lib/security/pam_loginuid.so ]
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mv pam_loginuid.so pam_loginuid.so.disabled
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if [ -f ${rootfs_path}/lib64/security/pam_loginuid.so ]
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mv pam_loginuid.so pam_loginuid.so.disabled
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # Set default localtime to the host localtime if not set...
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if [ -e /etc/localtime -a ! -e ${rootfs_path}/etc/localtime ]
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # if /etc/localtime is a symlink, this should preserve it.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield cp -a /etc/localtime ${rootfs_path}/etc/localtime
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # Deal with some dain bramage in the /etc/init.d/halt script.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # Trim it and make it our own and link it in before the default
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # halt script so we can intercept it. This also preventions package
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # updates from interferring with our interferring with it.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # There's generally not much in the halt script that useful but what's
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # in there from resetting the hardware clock down is generally very bad.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # So we just eliminate the whole bottom half of that script in making
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # ourselves a copy. That way a major update to the init scripts won't
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if [ -f ${rootfs_path}/etc/init.d/halt ]
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield echo '$command -f' >> ${rootfs_path}/etc/init.d/lxc-halt
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield chmod 755 ${rootfs_path}/etc/init.d/lxc-halt
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield cat <<EOF > ${rootfs_path}/etc/sysconfig/network-scripts/ifcfg-eth0
164105f6563d98b832f603e28e506dbabed22cf3Michael H. WarfieldHOSTNAME=${UTSNAME}
164105f6563d98b832f603e28e506dbabed22cf3Michael H. WarfieldNM_CONTROLLED=no
164105f6563d98b832f603e28e506dbabed22cf3Michael H. WarfieldDHCP_HOSTNAME=\`hostname\`
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield cat <<EOF > ${rootfs_path}/etc/sysconfig/network
164105f6563d98b832f603e28e506dbabed22cf3Michael H. WarfieldHOSTNAME=${UTSNAME}
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield127.0.0.1 localhost $name
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield/dev/root / rootfs defaults 0 0
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield cat <<EOF > $rootfs_path/etc/init/lxc-sysinit.conf
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldstart on startup
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldpre-start script
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if [ "x\$container" != "xlxc" -a "x\$container" != "xlibvirt" ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield rm -f /var/lock/subsys/*
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield rm -f /var/run/*.pid
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield [ -e /etc/mtab ] || ln -s /proc/mounts /etc/mtab
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mkdir -p /dev/shm
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mount -t tmpfs -o nosuid,nodev tmpfs /dev/shm
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield initctl start tty TTY=console
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield cat <<EOF > $rootfs_path/etc/rc.d/lxc.sysinit
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldrm -f /etc/mtab /var/run/*.{pid,lock} /var/lock/subsys/*
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldrm -rf {/,/var}/tmp/*
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldecho "/dev/root / rootfs defaults 0 0" > /etc/mtab
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield chmod 755 $rootfs_path/etc/rc.d/lxc.sysinit
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield sed -i 's|si::sysinit:/etc/rc.d/rc.sysinit|si::bootwait:/etc/rc.d/lxc.sysinit|' $rootfs_path/etc/inittab
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # prevent mingetty from calling vhangup(2) since it fails with userns.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # Same issue as oracle template: prevent mingetty from calling vhangup(2)
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # commit 2e83f7201c5d402478b9849f0a85c62d5b9f1589.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield sed -i 's|^1:|co:2345:respawn:/sbin/mingetty --nohangup console\n1:|' $rootfs_path/etc/inittab
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield sed -i 's|^\([56]:\)|#\1|' $rootfs_path/etc/inittab
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mknod -m 666 ${dev_path}/null c 1 3
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mknod -m 666 ${dev_path}/zero c 1 5
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mknod -m 666 ${dev_path}/tty c 5 0
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mknod -m 666 ${dev_path}/tty0 c 4 0
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mknod -m 666 ${dev_path}/tty1 c 4 1
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mknod -m 666 ${dev_path}/tty2 c 4 2
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mknod -m 666 ${dev_path}/tty3 c 4 3
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mknod -m 666 ${dev_path}/tty4 c 4 4
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mknod -m 666 ${dev_path}/full c 1 7
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mknod -m 666 ${dev_path}/ptmx c 5 2
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # setup console and tty[1-4] for login. note that /dev/console and
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # /dev/tty[1-4] will be symlinks to the ptys /dev/lxc/console and
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # /dev/lxc/tty[1-4] so that package updates can overwrite the symlinks.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # lxc will maintain these links and bind mount ptys over /dev/lxc/*
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # since lxc.devttydir is specified in the config.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # allow root login on console, tty[1-4], and pts/0 for libvirt
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield echo "# LXC (Linux Containers)" >>${rootfs_path}/etc/securetty
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield echo "lxc/console" >>${rootfs_path}/etc/securetty
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield echo "lxc/tty1" >>${rootfs_path}/etc/securetty
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield echo "lxc/tty2" >>${rootfs_path}/etc/securetty
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield echo "lxc/tty3" >>${rootfs_path}/etc/securetty
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield echo "lxc/tty4" >>${rootfs_path}/etc/securetty
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield echo "# For libvirt/Virtual Machine Monitor" >>${rootfs_path}/etc/securetty
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield echo "pts/0" >>${rootfs_path}/etc/securetty
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # prevent mingetty from calling vhangup(2) since it fails with userns.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # Same issue as oracle template: prevent mingetty from calling vhangup(2)
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # commit 2e83f7201c5d402478b9849f0a85c62d5b9f1589.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield sed -i 's|mingetty|mingetty --nohangup|' $rootfs_path/etc/init/tty.conf
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield echo "Setting root password to '$root_password'"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield echo ${root_password} > ${config_path}/tmp_root_pass
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield echo "Storing root password in '${config_path}/tmp_root_pass'"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield echo "root:$root_password" | chroot $rootfs_path chpasswd
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # Also set this password as expired to force the user to change it!
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # This will need to be enhanced for CentOS 7 when systemd
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.sysinit
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.d/rc.sysinit
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield chroot ${rootfs_path} chkconfig udev-post off
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield chroot ${rootfs_path} chkconfig network on
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield cat <<EOF >${rootfs_path}/etc/init/power-status-changed.conf
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield# power-status-changed - shutdown on SIGPWR
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldstart on power-status-changed
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldexec /sbin/shutdown -h now "SIGPWR received"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # check the mini centos was not already downloaded
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if [ $? -ne 0 ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield echo "Failed to create '$INSTALL_ROOT' directory"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield YUM0="yum --installroot $INSTALL_ROOT -y --nogpgcheck"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if yum -h | grep -q 'releasever=RELEASEVER'; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield PKG_LIST="yum initscripts passwd rsyslog vim-minimal openssh-server openssh-clients dhclient chkconfig rootfiles policycoreutils"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield REPO_FILE=$INSTALL_ROOT/etc/yum.repos.d/lxc-centos-temp.repo
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldname=local repository
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldbaseurl="$repo"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldname=CentOS-$release - Base
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldmirrorlist=http://mirrorlist.centos.org/?release=$release&arch=$basearch&repo=os
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldname=CentOS-$release - Updates
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfieldmirrorlist=http://mirrorlist.centos.org/?release=$release&arch=$basearch&repo=updates
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # create minimal device nodes, needed for "yum install" and "yum update" process
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield force_mknod 666 $INSTALL_ROOT/dev/null c 1 3
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield force_mknod 666 $INSTALL_ROOT/dev/urandom c 1 9
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if [ $? -ne 0 ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield echo "Failed to download the rootfs, aborting."
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # use same nameservers as hosts, needed for "yum update later"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if [ ! -e $INSTALL_ROOT/var/lib/rpm/Packages -a -e $INSTALL_ROOT/$HOME/.rpmdb/Packages ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mv $INSTALL_ROOT/$HOME/.rpmdb/[A-Z]* $INSTALL_ROOT/var/lib/rpm/
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield chroot $INSTALL_ROOT rpm --rebuilddb 2>/dev/null
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # check whether rpmdb version is correct
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield chroot $INSTALL_ROOT rpm --quiet -q yum 2>/dev/null
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # if "rpm -q" doesn't work due to rpmdb version difference,
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # then we need to redo the process using the newly-installed yum
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if [ $ret -gt 0 ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mkdir $INSTALL_ROOT/etc/yum.repos.disabled
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mv $INSTALL_ROOT/etc/yum.repos.d/*.repo $INSTALL_ROOT/etc/yum.repos.disabled/
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mkdir -p $INSTALL_ROOT/$INSTALL_ROOT/etc
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield cp /etc/resolv.conf $INSTALL_ROOT/$INSTALL_ROOT/etc/
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mkdir -p $INSTALL_ROOT/$INSTALL_ROOT/dev
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mknod -m 666 $INSTALL_ROOT/$INSTALL_ROOT/dev/null c 1 3
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mknod -m 666 $INSTALL_ROOT/$INSTALL_ROOT/dev/urandom c 1 9
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mkdir -p $INSTALL_ROOT/$INSTALL_ROOT/var/cache/yum
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield cp -al $INSTALL_ROOT/var/cache/yum/* $INSTALL_ROOT/$INSTALL_ROOT/var/cache/yum/
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield chroot $INSTALL_ROOT $YUM0 install $PKG_LIST
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if [ $? -ne 0 ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield echo "Failed to download the rootfs, aborting."
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mv $INSTALL_ROOT/$INSTALL_ROOT $INSTALL_ROOT.tmp
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield echo -n "Copying rootfs to $rootfs_path ..."
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield #cp -a $cache/rootfs-$arch $rootfs_path || return 1
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield YUM="chroot $cache/rootfs yum -y --nogpgcheck"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if [ $? -ne 0 ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if [ $? -ne 0 ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield echo "Checking cache download in $cache/rootfs ... "
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if [ $? -ne 0 ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if [ $? -ne 0 ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield echo "Failed to update 'centos base', continuing with last known good cache"
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield echo "Copy $cache/rootfs to $rootfs_path ... "
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if [ $? -ne 0 ]; then
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield openssl rand -hex 5 | sed -e 's/\(..\)/:\1/g; s/^/fe/'
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield grep -q "^lxc.rootfs" $config_path/config 2>/dev/null || echo "
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # The following code is to create static MAC addresses for each
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # interface in the container. This code will work for multiple
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield mv $config_path/config $config_path/config.def
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # This should catch variable expansions from the default config...
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if expr "${LINE}" : '.*\$' > /dev/null 2>&1
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # There is a tab and a space in the regex bracket below!
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield # Seems that \s doesn't work in brackets.
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield KEY=$(expr "${LINE}" : '\s*\([^ ]*\)\s*=')
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if [[ "${KEY}" != "lxc.network.hwaddr" ]]
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield echo "lxc.network.hwaddr = $(create_hwaddr)" >> $config_path/config
164105f6563d98b832f603e28e506dbabed22cf3Michael H. Warfield if [ -e "@LXCTEMPLATECONFIG@/centos.common.conf" ]; then
lxc.include = @LXCTEMPLATECONFIG@/centos.common.conf
if [ $? -ne 0 ]; then
if [ ! -e $cache ]; then
flock -x 9
cat <<EOF
-R,--release Centos release for the new container. if the host is Centos, then it will defaultto the host's release.
options=$(getopt -o a:hp:n:cR: -l help,path:,rootfs:,name:,clean,release:,repo:,arch:,fqdn: -- "$@")
eval set -- "$options"
# utsname and hostname = Container_Name.Domain_Name
if [ -z "$path" ]; then
if [ -z "$release" ]; then
echo "This is not a CentOS or Redhat host and release is missing, defaulting to 6 use -R|--release to specify release"
if [ -z "$rootfs_path" ]; then
# check for 'lxc.rootfs' passed in through default config by lxc-create
if [ ! -z "$clean" ]; then
echo "The temporary password for root is: '$root_password'