58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# template script for generating ubuntu container for LXC
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# This script consolidates and extends the existing lxc ubuntu scripts
8cd80b50efe2107ac351bfd0285050dd183398e7Stéphane Graber# Copyright © 2013 Canonical Ltd.
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# Author: Scott Moser <scott.moser@canonical.com>
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# This program is free software; you can redistribute it and/or modify
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# it under the terms of the GNU General Public License version 2, as
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# published by the Free Software Foundation.
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# This program is distributed in the hope that it will be useful,
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# but WITHOUT ANY WARRANTY; without even the implied warranty of
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# GNU General Public License for more details.
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# You should have received a copy of the GNU General Public License along
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# with this program; if not, write to the Free Software Foundation, Inc.,
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
8ec981fc8b0105da5f071e40811e0c2472a6c3c9Stéphane Graber# Detect use under userns (unsupported)
207bf0e475f1dc6e9a2dac2cee3a209b56427855Stéphane Graber# Make sure the usual locations are in PATH
207bf0e475f1dc6e9a2dac2cee3a209b56427855Stéphane Graberexport PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin
58a46e06210a6321c530735f15f66eb648c4657dSerge HallynDOWNLOAD_URL="http://download.cirros-cloud.net/"
6b4105628005f9fdf29aa15a80f85da48960c2d4Serge Hallyn [ -e /proc/self/uid_map ] || { echo no; return; }
6b4105628005f9fdf29aa15a80f85da48960c2d4Serge Hallyn [ "$(wc -l /proc/self/uid_map | awk '{ print $1 }')" -eq 1 ] || { echo yes; return; }
6b4105628005f9fdf29aa15a80f85da48960c2d4Serge Hallyn line=$(awk '{ print $1 " " $2 " " $3 }' /proc/self/uid_map)
6b4105628005f9fdf29aa15a80f85da48960c2d4Serge Hallyn [ "$line" = "0 0 4294967295" ] && { echo no; return; }
6dc6f80bfd7cb169948f2ef9a95dcf6d2edee853Kevin Carter# Allow the cache base to be set by environment variable
6dc6f80bfd7cb169948f2ef9a95dcf6d2edee853Kevin Carter CACHE_D=${LXC_CACHE_PATH:-"@LOCALSTATEDIR@/cache/lxc/cirros"}
6dc6f80bfd7cb169948f2ef9a95dcf6d2edee853Kevin Carter CACHE_D=${LXC_CACHE_PATH:-"$HOME/.cache/lxc/cirros"}
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn${0##*/} [options]
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn -a | --arch A architecture to use [${ARCHES[*]}]
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn default: ${DEF_ARCH}
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn -h | --help this usage
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn -v | --verbose increase verbosity
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn -S | --auth-key K insert auth key 'K'
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn -v | --version V version [${STREAMS[*]}]
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn default: ${DEF_VERSION}
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn -u | --userdata U user-data file
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn --tarball T read from tarball 'T' rather than downloading
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn or using cache.
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn --source S insert userdata/metadata via source S
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn [${SOURCES[*]}]
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallynbad_Usage() { Usage 1>&2; [ $# -eq 0 ] || error "$@"; return 1; }
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn local level=${1}; shift;
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn local path=$1 rootfs=$2 name=$3 arch=$4 release=$5
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# Template used to create this container: cirros
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.rootfs = $rootfs
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.pivotdir = lxc_putold
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.pts = 1024
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.utsname = $name
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.arch = $arch
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.cap.drop = sys_module mac_admin mac_override sys_time
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# When using LXC with apparmor, uncomment the next line to run unconfined:
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn#lxc.aa_profile = unconfined
f24a52d5f588ff4e4575046903fb9498c376d833Stéphane Graberlxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.cgroup.devices.deny = a
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# Allow any mknod (but not using the node)
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.cgroup.devices.allow = c *:* m
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.cgroup.devices.allow = b *:* m
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# /dev/null and zero
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.cgroup.devices.allow = c 1:3 rwm
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.cgroup.devices.allow = c 1:5 rwm
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.cgroup.devices.allow = c 5:1 rwm
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.cgroup.devices.allow = c 5:0 rwm
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# /dev/{,u}random
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.cgroup.devices.allow = c 1:9 rwm
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.cgroup.devices.allow = c 1:8 rwm
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.cgroup.devices.allow = c 136:* rwm
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.cgroup.devices.allow = c 5:2 rwm
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.cgroup.devices.allow = c 254:0 rwm
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.cgroup.devices.allow = c 10:229 rwm
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.cgroup.devices.allow = c 10:200 rwm
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.cgroup.devices.allow = c 1:7 rwm
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.cgroup.devices.allow = c 10:228 rwm
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.cgroup.devices.allow = c 10:232 rwm
6b4105628005f9fdf29aa15a80f85da48960c2d4Serge Hallyn if [ $in_userns -eq 1 ] && [ -e "${LXC_TEMPLATE_CONFIG}/ubuntu-cloud.userns.conf" ]; then
6b4105628005f9fdf29aa15a80f85da48960c2d4Serge Hallyn echo "lxc.include = ${LXC_TEMPLATE_CONFIG}/ubuntu.userns.conf" >> $path/config
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn local sdir="$root_d/var/lib/cloud/seed/nocloud"
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn { error "failed to make datasource dir $sdir"; return 1; }
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn { error "failed to clean old data from $sdir"; return 1; }
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn ${authkeys:+"public-keys=${authkeys}"} > "$sdir/meta-data" ||
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn { error "failed to write metadata to $sdir/meta-data"; return 1; }
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn { error "failed to write user-data to $sdir"; return 1; }
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn local dstype="$1" root_d="$2" authkey="$3" udfile="$4"
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn nocloud) insert_ds_nocloud "$root_d" "$authkey" "$udfile"
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn { error "failed to make rootfs dir ${rootfs_d}"; return 1; }
6b4105628005f9fdf29aa15a80f85da48960c2d4Serge Hallyn if [ $in_userns -eq 1 ]; then
6b4105628005f9fdf29aa15a80f85da48960c2d4Serge Hallyn tar -C "${rootfs_d}" --anchored --exclude="dev/*" -Sxzf "${tarball}" ||
6b4105628005f9fdf29aa15a80f85da48960c2d4Serge Hallyn { error "failed to populate ${rootfs_d}"; return 1; }
6b4105628005f9fdf29aa15a80f85da48960c2d4Serge Hallyn { error "failed to populate ${rootfs_d}"; return 1; }
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn local arch="$1" ver="$2" cached="$3" baseurl="$4"
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn { error "failed to create ${outd}"; return 1; }
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn debug 1 "downloading ${baseurl%/}/$dlpath" to "${cached}/$dlpath"
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn wget "${baseurl%/}/$dlpath" -O "$cached/${dlpath}.$$" &&
6b4105628005f9fdf29aa15a80f85da48960c2d4Serge Hallyn local long_opts="arch:,auth-key:,name:,path:,tarball:,userdata:,verbose,version:,rootfs:,mapped-uid:,mapped-gid:"
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn --options "${short_opts}" --long "${long_opts}" -- "$@") &&
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn local arch="${DEF_ARCH}" dsource="${DEF_SOURCE}" version="${DEF_VERSION}"
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn local authkey_f="" authkeys="" userdata_f="" path="" tarball=""
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn while [ $# -ne 0 ]; do
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn cur=$1; next=$2;
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn -h|--help) Usage ; return 0;;
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn -p|--path) path=$next; shift;;
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn -v|--version) version=$next; shift;;
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn --) shift; break;;
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn [ $# -eq 0 ] || { bad_Usage "unexpected arguments: $*"; return; }
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn [ -n "$path" ] || { error "'path' parameter is required"; return 1; }
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn { error "bad arch '$arch'. allowed: ${ARCHES[*]}"; return 1; }
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn { error "bad source '$dsource'. allowed: ${SOURCES[*]}"; return 1; }
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn if [ "$dsource" = "none" ] && [ -n "$userdata_f" -o -n "$authkey_f" ]; then
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn error "userdata and authkey are incompatible with --source=none";
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn error "--auth-key=${authkey_f} must reference a file"
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn { error "failed to read ${authkey_f}"; return 1; }
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn if [ -n "$userdata_f" -a ! -f "${userdata_f}" ]; then
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn error "${userdata_f}: --userdata arg not a file"
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn out=$(wget -O - -q "${DOWNLOAD_URL%/}/version/$version") ||
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn { error "failed to convert 'version=$version'"; return 1; }
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn download_tarball "$arch" "$version" "${CACHE_D}" "${DOWNLOAD_URL}" ||
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn extract_rootfs "${tarball}" "${rootfs_d}" || return
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn debug 1 "fixing console for lxc and '$version'"
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn sed -i 's,^\(#console.* 115200 \)# /dev/console,\1 console,g' \
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn { error "failed to fix console entry for $version"; return 1; }
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn insert_ds "$dsource" "$path/rootfs" "$authkeys" "$userdata_f" || {
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn error "failed to insert userdata to $path/rootfs"
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn copy_configuration "$path" "$path/rootfs" "$name" "$arch" "$release"
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# vi: ts=4 expandtab