lxc-cirros.in revision 4165b2c65648b5df521c6e83b1cbad91d0896a00
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# template script for generating ubuntu container for LXC
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# This script consolidates and extends the existing lxc ubuntu scripts
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# Copyright � 2013 Canonical Ltd.
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# Author: Scott Moser <scott.moser@canonical.com>
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# This program is free software; you can redistribute it and/or modify
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# it under the terms of the GNU General Public License version 2, as
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# published by the Free Software Foundation.
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# This program is distributed in the hope that it will be useful,
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# but WITHOUT ANY WARRANTY; without even the implied warranty of
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# GNU General Public License for more details.
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# You should have received a copy of the GNU General Public License along
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# with this program; if not, write to the Free Software Foundation, Inc.,
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
58a46e06210a6321c530735f15f66eb648c4657dSerge HallynDOWNLOAD_URL="http://download.cirros-cloud.net/"
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn${0##*/} [options]
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn -a | --arch A architecture to use [${ARCHES[*]}]
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn default: ${DEF_ARCH}
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn -h | --help this usage
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn -v | --verbose increase verbosity
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn -S | --auth-key K insert auth key 'K'
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn -v | --version V version [${STREAMS[*]}]
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn default: ${DEF_VERSION}
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn -u | --userdata U user-data file
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn --tarball T read from tarball 'T' rather than downloading
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn or using cache.
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn --source S insert userdata/metadata via source S
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn [${SOURCES[*]}]
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallynbad_Usage() { Usage 1>&2; [ $# -eq 0 ] || error "$@"; return 1; }
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn local level=${1}; shift;
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn local path=$1 rootfs=$2 name=$3 arch=$4 release=$5
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# Template used to create this container: cirros
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.rootfs = $rootfs
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn#lxc.mount = $path/fstab
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.pivotdir = lxc_putold
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.pts = 1024
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.utsname = $name
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.arch = $arch
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.cap.drop = sys_module mac_admin mac_override sys_time
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# When using LXC with apparmor, uncomment the next line to run unconfined:
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn#lxc.aa_profile = unconfined
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# To support container nesting on an Ubuntu host, uncomment next two lines:
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn#lxc.aa_profile = lxc-container-default-with-nesting
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn#lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.cgroup.devices.deny = a
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# Allow any mknod (but not using the node)
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.cgroup.devices.allow = c *:* m
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.cgroup.devices.allow = b *:* m
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# /dev/null and zero
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.cgroup.devices.allow = c 1:3 rwm
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.cgroup.devices.allow = c 1:5 rwm
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.cgroup.devices.allow = c 5:1 rwm
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.cgroup.devices.allow = c 5:0 rwm
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# /dev/{,u}random
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.cgroup.devices.allow = c 1:9 rwm
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.cgroup.devices.allow = c 1:8 rwm
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.cgroup.devices.allow = c 136:* rwm
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.cgroup.devices.allow = c 5:2 rwm
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.cgroup.devices.allow = c 254:0 rwm
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.cgroup.devices.allow = c 10:229 rwm
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.cgroup.devices.allow = c 10:200 rwm
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.cgroup.devices.allow = c 1:7 rwm
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.cgroup.devices.allow = c 10:228 rwm
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallynlxc.cgroup.devices.allow = c 10:232 rwm
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn local sdir="$root_d/var/lib/cloud/seed/nocloud"
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn { error "failed to make datasource dir $sdir"; return 1; }
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn { error "failed to clean old data from $sdir"; return 1; }
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn ${authkeys:+"public-keys=${authkeys}"} > "$sdir/meta-data" ||
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn { error "failed to write metadata to $sdir/meta-data"; return 1; }
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn { error "failed to write user-data to $sdir"; return 1; }
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn local dstype="$1" root_d="$2" authkey="$3" udfile="$4"
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn nocloud) insert_ds_nocloud "$root_d" "$authkey" "$udfile"
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn { error "failed to make rootfs dir ${rootfs_d}"; return 1; }
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn { error "failed to populate ${rootfs_d}"; return 1; }
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn local arch="$1" ver="$2" cached="$3" baseurl="$4"
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn { error "failed to create ${outd}"; return 1; }
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn debug 1 "downloading ${baseurl%/}/$dlpath" to "${cached}/$dlpath"
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn wget "${baseurl%/}/$dlpath" -O "$cached/${dlpath}.$$" &&
4165b2c65648b5df521c6e83b1cbad91d0896a00Serge Hallyn local long_opts="arch:,auth-key:,name:,path:,tarball:,userdata:,verbose,version:,rootfs:"
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn --options "${short_opts}" --long "${long_opts}" -- "$@") &&
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn local arch="${DEF_ARCH}" dsource="${DEF_SOURCE}" version="${DEF_VERSION}"
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn local authkey_f="" authkeys="" userdata_f="" path="" tarball=""
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn while [ $# -ne 0 ]; do
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn cur=$1; next=$2;
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn -h|--help) Usage ; return 0;;
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn -p|--path) path=$next; shift;;
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn -v|--version) version=$next; shift;;
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn --) shift; break;;
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn [ $# -eq 0 ] || { bad_Usage "unexpected arguments: $*"; return; }
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn [ -n "$path" ] || { error "'path' parameter is required"; return 1; }
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn { error "bad arch '$arch'. allowed: ${ARCHES[*]}"; return 1; }
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn { error "bad source '$dsource'. allowed: ${SOURCES[*]}"; return 1; }
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn if [ "$dsource" = "none" ] && [ -n "$userdata_f" -o -n "$authkey_f" ]; then
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn error "userdata and authkey are incompatible with --source=none";
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn error "--auth-key=${authkey_f} must reference a file"
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn { error "failed to read ${authkey_f}"; return 1; }
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn if [ -n "$userdata_f" -a ! -f "${userdata_f}" ]; then
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn error "${userdata_f}: --userdata arg not a file"
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn out=$(wget -O - -q "${DOWNLOAD_URL%/}/version/$version") ||
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn { error "failed to convert 'version=$version'"; return 1; }
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn download_tarball "$arch" "$version" "${CACHE_D}" "${DOWNLOAD_URL}" ||
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn extract_rootfs "${tarball}" "${rootfs_d}" || return
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn # cirros 0.3.1 was broken for /dev/random and /dev/urandom
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn mknod --mode=666 "$rootfs_d/dev/random" c 1 8 ||
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn { error "failed to fix /dev/random"; return 1; }
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn mknod --mode=666 "$rootfs_d/dev/urandom" c 1 9 ||
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn { error "failed to fix /dev/urandom"; return 1; }
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn debug 1 "fixing console for lxc and '$version'"
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn sed -i 's,^\(#console.* 115200 \)# /dev/console,\1 console,g' \
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn { error "failed to fix console entry for $version"; return 1; }
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn insert_ds "$dsource" "$path/rootfs" "$authkeys" "$userdata_f" || {
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn error "failed to insert userdata to $path/rootfs"
807732062eab6cd44fb033bfbb37fbb38907aa66Serge Hallyn copy_configuration "$path" "$path/rootfs" "$name" "$arch" "$release"
58a46e06210a6321c530735f15f66eb648c4657dSerge Hallyn# vi: ts=4 expandtab