lxc-debian.in revision 853d58fdf5af0960b7b6edc9dea0fadddb8535f1
493N/A#!/bin/bash
0N/A
0N/A#
0N/A# lxc: linux Container library
0N/A
0N/A# Authors:
0N/A# Daniel Lezcano <daniel.lezcano@free.fr>
905N/A
810N/A# This library is free software; you can redistribute it and/or
0N/A# modify it under the terms of the GNU Lesser General Public
0N/A# License as published by the Free Software Foundation; either
919N/A# version 2.1 of the License, or (at your option) any later version.
919N/A
919N/A# This library is distributed in the hope that it will be useful,
919N/A# but WITHOUT ANY WARRANTY; without even the implied warranty of
919N/A# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
0N/A# Lesser General Public License for more details.
919N/A
919N/A# You should have received a copy of the GNU Lesser General Public
919N/A# License along with this library; if not, write to the Free Software
0N/A# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
919N/A
919N/AMIRROR=${MIRROR:-http://cdn.debian.net/debian}
919N/A
919N/Aconfigure_debian()
919N/A{
919N/A rootfs=$1
919N/A hostname=$2
0N/A
0N/A # squeeze only has /dev/tty and /dev/tty0 by default,
0N/A # therefore creating missing device nodes for tty1-4.
0N/A for tty in $(seq 1 4); do
0N/A if [ ! -e $rootfs/dev/tty$tty ]; then
493N/A mknod $rootfs/dev/tty$tty c 4 $tty
0N/A fi
810N/A done
906N/A
906N/A # configure the inittab
0N/A cat <<EOF > $rootfs/etc/inittab
0N/Aid:3:initdefault:
0N/Asi::sysinit:/etc/init.d/rcS
0N/Al0:0:wait:/etc/init.d/rc 0
0N/Al1:1:wait:/etc/init.d/rc 1
0N/Al2:2:wait:/etc/init.d/rc 2
0N/Al3:3:wait:/etc/init.d/rc 3
0N/Al4:4:wait:/etc/init.d/rc 4
0N/Al5:5:wait:/etc/init.d/rc 5
599N/Al6:6:wait:/etc/init.d/rc 6
906N/A# Normally not reached, but fallthrough in case of emergency.
0N/Az6:6:respawn:/sbin/sulogin
906N/A1:2345:respawn:/sbin/getty 38400 console
0N/Ac1:12345:respawn:/sbin/getty 38400 tty1 linux
0N/Ac2:12345:respawn:/sbin/getty 38400 tty2 linux
0N/Ac3:12345:respawn:/sbin/getty 38400 tty3 linux
0N/Ac4:12345:respawn:/sbin/getty 38400 tty4 linux
493N/Ap6::ctrlaltdel:/sbin/init 6
0N/Ap0::powerfail:/sbin/init 0
0N/AEOF
906N/A
906N/A # disable selinux in debian
906N/A mkdir -p $rootfs/selinux
906N/A echo 0 > $rootfs/selinux/enforce
810N/A
906N/A # configure the network using the dhcp
906N/A cat <<EOF > $rootfs/etc/network/interfaces
906N/Aauto lo
906N/Aiface lo inet loopback
906N/A
906N/Aauto eth0
906N/Aiface eth0 inet dhcp
599N/AEOF
802N/A
599N/A # set the hostname
493N/A cat <<EOF > $rootfs/etc/hostname
493N/A$hostname
810N/AEOF
810N/A
810N/A # reconfigure some services
705N/A if [ -z "$LANG" ]; then
906N/A chroot $rootfs locale-gen en_US.UTF-8 UTF-8
493N/A chroot $rootfs update-locale LANG=en_US.UTF-8
906N/A else
810N/A encoding=$(echo $LANG | cut -d. -f2)
810N/A chroot $rootfs sed -e "s/^# \(${LANG} ${encoding}\)/\1/" \
810N/A -i /etc/locale.gen 2>/dev/null
0N/A chroot $rootfs locale-gen $LANG $encoding
0N/A chroot $rootfs update-locale LANG=$LANG
0N/A fi
0N/A
0N/A # remove pointless services in a container
906N/A chroot $rootfs /usr/sbin/update-rc.d -f checkroot.sh remove
906N/A chroot $rootfs /usr/sbin/update-rc.d -f umountfs remove
0N/A chroot $rootfs /usr/sbin/update-rc.d -f hwclock.sh remove
906N/A chroot $rootfs /usr/sbin/update-rc.d -f hwclockfirst.sh remove
906N/A
905N/A echo "root:root" | chroot $rootfs chpasswd
905N/A echo "Root password is 'root', please change !"
0N/A
0N/A return 0
906N/A}
906N/A
906N/Acleanup()
906N/A{
906N/A rm -rf $cache/partial-$release-$arch
493N/A rm -rf $cache/rootfs-$release-$arch
810N/A}
0N/A
0N/Adownload_debian()
{
packages=\
ifupdown,\
locales,\
libui-dialog-perl,\
dialog,\
isc-dhcp-client,\
netbase,\
net-tools,\
iproute,\
openssh-server
cache=$1
arch=$2
release=$3
trap cleanup EXIT SIGHUP SIGINT SIGTERM
# check the mini debian was not already downloaded
mkdir -p "$cache/partial-$release-$arch"
if [ $? -ne 0 ]; then
echo "Failed to create '$cache/partial-$release-$arch' directory"
return 1
fi
# download a mini debian into a cache
echo "Downloading debian minimal ..."
debootstrap --verbose --variant=minbase --arch=$arch \
--include=$packages \
"$release" "$cache/partial-$release-$arch" $MIRROR
if [ $? -ne 0 ]; then
echo "Failed to download the rootfs, aborting."
return 1
fi
mv "$1/partial-$release-$arch" "$1/rootfs-$release-$arch"
echo "Download complete."
trap EXIT
trap SIGINT
trap SIGTERM
trap SIGHUP
return 0
}
copy_debian()
{
cache=$1
arch=$2
rootfs=$3
release=$4
# make a local copy of the minidebian
echo -n "Copying rootfs to $rootfs..."
mkdir -p $rootfs
rsync -Ha "$cache/rootfs-$release-$arch"/ $rootfs/ || return 1
return 0
}
install_debian()
{
cache="@LOCALSTATEDIR@/cache/lxc/debian"
rootfs=$1
release=$2
arch=$3
mkdir -p @LOCALSTATEDIR@/lock/subsys/
(
flock -x 200
if [ $? -ne 0 ]; then
echo "Cache repository is busy."
return 1
fi
echo "Checking cache download in $cache/rootfs-$release-$arch ... "
if [ ! -e "$cache/rootfs-$release-$arch" ]; then
download_debian $cache $arch $release
if [ $? -ne 0 ]; then
echo "Failed to download 'debian base'"
return 1
fi
fi
copy_debian $cache $arch $rootfs $release
if [ $? -ne 0 ]; then
echo "Failed to copy rootfs"
return 1
fi
return 0
) 200>@LOCALSTATEDIR@/lock/subsys/lxc-debian
return $?
}
copy_configuration()
{
path=$1
rootfs=$2
hostname=$3
arch=$4
# if there is exactly one veth network entry, make sure it has an
# associated hwaddr.
nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l`
if [ $nics -eq 1 ]; then
grep -q "^lxc.network.hwaddr" $path/config || sed -i -e "/^lxc\.network\.type[ \t]*=[ \t]*veth/a lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')" $path/config
fi
grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config
cat <<EOF >> $path/config
lxc.tty = 4
lxc.pts = 1024
lxc.arch = $arch
lxc.utsname = $hostname
lxc.cap.drop = sys_module mac_admin mac_override sys_time
# When using LXC with apparmor, uncomment the next line to run unconfined:
#lxc.aa_profile = unconfined
lxc.cgroup.devices.deny = a
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rm
# mounts point
lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
lxc.mount.entry = sysfs sys sysfs defaults 0 0
EOF
if [ $? -ne 0 ]; then
echo "Failed to add configuration"
return 1
fi
return 0
}
clean()
{
cache="@LOCALSTATEDIR@/cache/lxc/debian"
if [ ! -e $cache ]; then
exit 0
fi
# lock, so we won't purge while someone is creating a repository
(
flock -x 200
if [ $? != 0 ]; then
echo "Cache repository is busy."
exit 1
fi
echo -n "Purging the download cache..."
rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1
exit 0
) 200>@LOCALSTATEDIR@/lock/subsys/lxc-debian
}
usage()
{
cat <<EOF
$1 -h|--help -p|--path=<path> [-a|--arch] [-r|--release=<release>] [-c|--clean]
release: the debian release (e.g. wheezy): defaults to current stable
arch: the container architecture (e.g. amd64): defaults to host arch
EOF
return 0
}
options=$(getopt -o hp:n:a:r:c -l help,rootfs:,path:,name:,arch:,release:,clean -- "$@")
if [ $? -ne 0 ]; then
usage $(basename $0)
exit 1
fi
eval set -- "$options"
if which dpkg >/dev/null 2>&1 ; then
arch=$(dpkg --print-architecture)
else
arch=$(uname -m)
if [ "$arch" = "i686" ]; then
arch="i386"
elif [ "$arch" = "x86_64" ]; then
arch="amd64"
elif [ "$arch" = "armv7l" ]; then
arch="armhf"
fi
fi
hostarch=$arch
while true
do
case "$1" in
-h|--help) usage $0 && exit 1;;
-p|--path) path=$2; shift 2;;
--rootfs) rootfs=$2; shift 2;;
-a|--arch) arch=$2; shift 2;;
-r|--release) release=$2; shift 2;;
-n|--name) name=$2; shift 2;;
-c|--clean) clean=$2; shift 2;;
--) shift 1; break ;;
*) break ;;
esac
done
if [ ! -z "$clean" -a -z "$path" ]; then
clean || exit 1
exit 0
fi
if [ "$arch" == "i686" ]; then
arch=i386
fi
if [ "$arch" == "x86_64" ]; then
arch=amd64
fi
if [ $hostarch = "i386" -a $arch = "amd64" ]; then
echo "can't create $arch container on $hostarch"
exit 1
fi
if [ $hostarch = "armhf" -o $hostarch = "armel" ] && \
[ $arch != "armhf" -a $arch != "armel" ]; then
echo "can't create $arch container on $hostarch"
exit 1
fi
if [ $hostarch = "powerpc" -a $arch != "powerpc" ]; then
echo "can't create $arch container on $hostarch"
exit 1
fi
type debootstrap
if [ $? -ne 0 ]; then
echo "'debootstrap' command is missing"
exit 1
fi
if [ -z "$path" ]; then
echo "'path' parameter is required"
exit 1
fi
if [ "$(id -u)" != "0" ]; then
echo "This script should be run as 'root'"
exit 1
fi
current_release=`wget ${MIRROR}/dists/stable/Release -O - 2>/dev/null |\
head |awk '/^Codename: (.*)$/ { print $2; }'`
release=${release:-${current_release}}
valid_releases=('squeeze' 'wheezy' 'jessie' 'sid')
if [[ ! "${valid_releases[*]}" =~ (^|[^[:alpha:]])$release([^[:alpha:]]|$) ]]
then
echo "Invalid release ${release}, valid ones are: ${valid_releases[*]}"
exit 1
fi
# detect rootfs
config="$path/config"
if [ -z "$rootfs" ]; then
if grep -q '^lxc.rootfs' $config 2>/dev/null ; then
rootfs=$(awk -F= '/^lxc.rootfs =/{ print $2 }' $config)
else
rootfs=$path/rootfs
fi
fi
install_debian $rootfs $release $arch
if [ $? -ne 0 ]; then
echo "failed to install debian"
exit 1
fi
configure_debian $rootfs $name
if [ $? -ne 0 ]; then
echo "failed to configure debian for a container"
exit 1
fi
copy_configuration $path $rootfs $name $arch
if [ $? -ne 0 ]; then
echo "failed write configuration file"
exit 1
fi
if [ ! -z $clean ]; then
clean || exit 1
exit 0
fi