lxc-debian.in revision f7365a247b7582f858fab6a92270c21e43973bf5
642N/A#!/bin/bash
642N/A
642N/A#
642N/A# lxc: linux Container library
642N/A
642N/A# Authors:
642N/A# Daniel Lezcano <daniel.lezcano@free.fr>
642N/A
642N/A# This library is free software; you can redistribute it and/or
642N/A# modify it under the terms of the GNU Lesser General Public
642N/A# License as published by the Free Software Foundation; either
642N/A# version 2.1 of the License, or (at your option) any later version.
642N/A
642N/A# This library is distributed in the hope that it will be useful,
642N/A# but WITHOUT ANY WARRANTY; without even the implied warranty of
642N/A# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
642N/A# Lesser General Public License for more details.
642N/A
642N/A# You should have received a copy of the GNU Lesser General Public
642N/A# License along with this library; if not, write to the Free Software
642N/A# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
642N/A
3158N/AMIRROR=${MIRROR:-http://cdn.debian.net/debian}
3158N/A
3158N/Aconfigure_debian()
642N/A{
642N/A rootfs=$1
642N/A hostname=$2
642N/A
642N/A # squeeze only has /dev/tty and /dev/tty0 by default,
642N/A # therefore creating missing device nodes for tty1-4.
642N/A for tty in $(seq 1 4); do
642N/A if [ ! -e $rootfs/dev/tty$tty ]; then
642N/A mknod $rootfs/dev/tty$tty c 4 $tty
642N/A fi
3158N/A done
642N/A
642N/A # configure the inittab
642N/A cat <<EOF > $rootfs/etc/inittab
642N/Aid:3:initdefault:
642N/Asi::sysinit:/etc/init.d/rcS
642N/Al0:0:wait:/etc/init.d/rc 0
642N/Al1:1:wait:/etc/init.d/rc 1
642N/Al2:2:wait:/etc/init.d/rc 2
642N/Al3:3:wait:/etc/init.d/rc 3
642N/Al4:4:wait:/etc/init.d/rc 4
642N/Al5:5:wait:/etc/init.d/rc 5
642N/Al6:6:wait:/etc/init.d/rc 6
642N/A# Normally not reached, but fallthrough in case of emergency.
642N/Az6:6:respawn:/sbin/sulogin
642N/A1:2345:respawn:/sbin/getty 38400 console
642N/Ac1:12345:respawn:/sbin/getty 38400 tty1 linux
642N/Ac2:12345:respawn:/sbin/getty 38400 tty2 linux
642N/Ac3:12345:respawn:/sbin/getty 38400 tty3 linux
642N/Ac4:12345:respawn:/sbin/getty 38400 tty4 linux
642N/Ap6::ctrlaltdel:/sbin/init 6
642N/Ap0::powerfail:/sbin/init 0
642N/AEOF
# disable selinux in debian
mkdir -p $rootfs/selinux
echo 0 > $rootfs/selinux/enforce
# configure the network using the dhcp
cat <<EOF > $rootfs/etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
EOF
# set the hostname
cat <<EOF > $rootfs/etc/hostname
$hostname
EOF
# reconfigure some services
if [ -z "$LANG" ]; then
chroot $rootfs locale-gen en_US.UTF-8 UTF-8
chroot $rootfs update-locale LANG=en_US.UTF-8
else
encoding=$(echo $LANG | cut -d. -f2)
chroot $rootfs sed -e "s/^# \(${LANG} ${encoding}\)/\1/" \
-i /etc/locale.gen 2>/dev/null
chroot $rootfs locale-gen $LANG $encoding
chroot $rootfs update-locale LANG=$LANG
fi
# remove pointless services in a container
chroot $rootfs /usr/sbin/update-rc.d -f checkroot.sh remove
chroot $rootfs /usr/sbin/update-rc.d -f umountfs remove
chroot $rootfs /usr/sbin/update-rc.d -f hwclock.sh remove
chroot $rootfs /usr/sbin/update-rc.d -f hwclockfirst.sh remove
# set initial timezone as on host
if [ -f /etc/timezone ]; then
echo $(cat /etc/timezone) > $rootfs/etc/timezone
chroot $rootfs dpkg-reconfigure -f noninteractive tzdata
elif [ -f /etc/sysconfig/clock ]; then
source /etc/sysconfig/clock
echo $ZONE > $rootfs/etc/timezone
chroot $rootfs dpkg-reconfigure -f noninteractive tzdata
else
echo "Timezone in container is not configured. Adjust it manually."
fi
echo "root:root" | chroot $rootfs chpasswd
echo "Root password is 'root', please change !"
return 0
}
cleanup()
{
rm -rf $cache/partial-$release-$arch
rm -rf $cache/rootfs-$release-$arch
}
download_debian()
{
packages=\
ifupdown,\
locales,\
libui-dialog-perl,\
dialog,\
isc-dhcp-client,\
netbase,\
net-tools,\
iproute,\
openssh-server
cache=$1
arch=$2
release=$3
trap cleanup EXIT SIGHUP SIGINT SIGTERM
# check the mini debian was not already downloaded
mkdir -p "$cache/partial-$release-$arch"
if [ $? -ne 0 ]; then
echo "Failed to create '$cache/partial-$release-$arch' directory"
return 1
fi
# download a mini debian into a cache
echo "Downloading debian minimal ..."
debootstrap --verbose --variant=minbase --arch=$arch \
--include=$packages \
"$release" "$cache/partial-$release-$arch" $MIRROR
if [ $? -ne 0 ]; then
echo "Failed to download the rootfs, aborting."
return 1
fi
mv "$1/partial-$release-$arch" "$1/rootfs-$release-$arch"
echo "Download complete."
trap EXIT
trap SIGINT
trap SIGTERM
trap SIGHUP
return 0
}
copy_debian()
{
cache=$1
arch=$2
rootfs=$3
release=$4
# make a local copy of the minidebian
echo -n "Copying rootfs to $rootfs..."
mkdir -p $rootfs
rsync -Ha "$cache/rootfs-$release-$arch"/ $rootfs/ || return 1
return 0
}
install_debian()
{
cache="@LOCALSTATEDIR@/cache/lxc/debian"
rootfs=$1
release=$2
arch=$3
mkdir -p @LOCALSTATEDIR@/lock/subsys/
(
flock -x 200
if [ $? -ne 0 ]; then
echo "Cache repository is busy."
return 1
fi
echo "Checking cache download in $cache/rootfs-$release-$arch ... "
if [ ! -e "$cache/rootfs-$release-$arch" ]; then
download_debian $cache $arch $release
if [ $? -ne 0 ]; then
echo "Failed to download 'debian base'"
return 1
fi
fi
copy_debian $cache $arch $rootfs $release
if [ $? -ne 0 ]; then
echo "Failed to copy rootfs"
return 1
fi
return 0
) 200>@LOCALSTATEDIR@/lock/subsys/lxc-debian
return $?
}
copy_configuration()
{
path=$1
rootfs=$2
hostname=$3
arch=$4
# if there is exactly one veth network entry, make sure it has an
# associated hwaddr.
nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l`
if [ $nics -eq 1 ]; then
grep -q "^lxc.network.hwaddr" $path/config || sed -i -e "/^lxc\.network\.type[ \t]*=[ \t]*veth/a lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')" $path/config
fi
grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config
cat <<EOF >> $path/config
lxc.tty = 4
lxc.pts = 1024
lxc.arch = $arch
lxc.utsname = $hostname
lxc.cap.drop = sys_module mac_admin mac_override sys_time
# When using LXC with apparmor, uncomment the next line to run unconfined:
#lxc.aa_profile = unconfined
lxc.cgroup.devices.deny = a
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rm
# mounts point
lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
lxc.mount.entry = sysfs sys sysfs defaults 0 0
EOF
if [ $? -ne 0 ]; then
echo "Failed to add configuration"
return 1
fi
return 0
}
clean()
{
cache="@LOCALSTATEDIR@/cache/lxc/debian"
if [ ! -e $cache ]; then
exit 0
fi
# lock, so we won't purge while someone is creating a repository
(
flock -x 200
if [ $? != 0 ]; then
echo "Cache repository is busy."
exit 1
fi
echo -n "Purging the download cache..."
rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1
exit 0
) 200>@LOCALSTATEDIR@/lock/subsys/lxc-debian
}
usage()
{
cat <<EOF
$1 -h|--help -p|--path=<path> [-a|--arch] [-r|--release=<release>] [-c|--clean]
release: the debian release (e.g. wheezy): defaults to current stable
arch: the container architecture (e.g. amd64): defaults to host arch
EOF
return 0
}
options=$(getopt -o hp:n:a:r:c -l help,rootfs:,path:,name:,arch:,release:,clean -- "$@")
if [ $? -ne 0 ]; then
usage $(basename $0)
exit 1
fi
eval set -- "$options"
if which dpkg >/dev/null 2>&1 ; then
arch=$(dpkg --print-architecture)
else
arch=$(uname -m)
if [ "$arch" = "i686" ]; then
arch="i386"
elif [ "$arch" = "x86_64" ]; then
arch="amd64"
elif [ "$arch" = "armv7l" ]; then
arch="armhf"
fi
fi
hostarch=$arch
while true
do
case "$1" in
-h|--help) usage $0 && exit 1;;
-p|--path) path=$2; shift 2;;
--rootfs) rootfs=$2; shift 2;;
-a|--arch) arch=$2; shift 2;;
-r|--release) release=$2; shift 2;;
-n|--name) name=$2; shift 2;;
-c|--clean) clean=$2; shift 2;;
--) shift 1; break ;;
*) break ;;
esac
done
if [ ! -z "$clean" -a -z "$path" ]; then
clean || exit 1
exit 0
fi
if [ "$arch" == "i686" ]; then
arch=i386
fi
if [ "$arch" == "x86_64" ]; then
arch=amd64
fi
if [ $hostarch = "i386" -a $arch = "amd64" ]; then
echo "can't create $arch container on $hostarch"
exit 1
fi
if [ $hostarch = "armhf" -o $hostarch = "armel" ] && \
[ $arch != "armhf" -a $arch != "armel" ]; then
echo "can't create $arch container on $hostarch"
exit 1
fi
if [ $hostarch = "powerpc" -a $arch != "powerpc" ]; then
echo "can't create $arch container on $hostarch"
exit 1
fi
type debootstrap
if [ $? -ne 0 ]; then
echo "'debootstrap' command is missing"
exit 1
fi
if [ -z "$path" ]; then
echo "'path' parameter is required"
exit 1
fi
if [ "$(id -u)" != "0" ]; then
echo "This script should be run as 'root'"
exit 1
fi
current_release=`wget ${MIRROR}/dists/stable/Release -O - 2>/dev/null |\
head |awk '/^Codename: (.*)$/ { print $2; }'`
release=${release:-${current_release}}
valid_releases=('squeeze' 'wheezy' 'jessie' 'sid')
if [[ ! "${valid_releases[*]}" =~ (^|[^[:alpha:]])$release([^[:alpha:]]|$) ]]
then
echo "Invalid release ${release}, valid ones are: ${valid_releases[*]}"
exit 1
fi
# detect rootfs
config="$path/config"
if [ -z "$rootfs" ]; then
if grep -q '^lxc.rootfs' $config 2>/dev/null ; then
rootfs=$(awk -F= '/^lxc.rootfs =/{ print $2 }' $config)
else
rootfs=$path/rootfs
fi
fi
install_debian $rootfs $release $arch
if [ $? -ne 0 ]; then
echo "failed to install debian"
exit 1
fi
configure_debian $rootfs $name
if [ $? -ne 0 ]; then
echo "failed to configure debian for a container"
exit 1
fi
copy_configuration $path $rootfs $name $arch
if [ $? -ne 0 ]; then
echo "failed write configuration file"
exit 1
fi
if [ ! -z $clean ]; then
clean || exit 1
exit 0
fi