lxc-fedora.in revision 7bd44bf6f68bfee9044ba783d1c3fc10f5f7650c
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi# template script for generating fedora container for LXC
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi# lxc: linux Container library
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi# Daniel Lezcano <daniel.lezcano@free.fr>
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi# Ramez Hanna <rhanna@informatiq.org>
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi# This library is free software; you can redistribute it and/or
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi# modify it under the terms of the GNU Lesser General Public
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi# License as published by the Free Software Foundation; either
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi# version 2.1 of the License, or (at your option) any later version.
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi# This library is distributed in the hope that it will be useful,
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi# but WITHOUT ANY WARRANTY; without even the implied warranty of
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
a5ba96715d4ef264c43d4f187251de491ba198c0KATOH Yasufumi# Lesser General Public License for more details.
8900b9eb2514c07047541833286428572493a9fdStéphane Graber# You should have received a copy of the GNU Lesser General Public
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi# License along with this library; if not, write to the Free Software
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi#Configurations
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi# is this fedora?
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi cat <<EOF > ${rootfs_path}/etc/sysconfig/network-scripts/ifcfg-eth0
57da8c32f85c0255efa61ee32e260068afdaa565KATOH YasufumiBOOTPROTO=dhcp
57da8c32f85c0255efa61ee32e260068afdaa565KATOH YasufumiHOSTNAME=${UTSNAME}
57da8c32f85c0255efa61ee32e260068afdaa565KATOH YasufumiNM_CONTROLLED=no
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi cat <<EOF > ${rootfs_path}/etc/sysconfig/network
57da8c32f85c0255efa61ee32e260068afdaa565KATOH YasufumiNETWORKING=yes
57da8c32f85c0255efa61ee32e260068afdaa565KATOH YasufumiHOSTNAME=${UTSNAME}
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi127.0.0.1 localhost $name
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.sysinit
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.d/rc.sysinit
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi chroot ${rootfs_path} chkconfig udev-post off
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi mknod -m 666 ${dev_path}/null c 1 3
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi mknod -m 666 ${dev_path}/zero c 1 5
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi mknod -m 666 ${dev_path}/random c 1 8
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi mknod -m 666 ${dev_path}/urandom c 1 9
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi mknod -m 666 ${dev_path}/tty c 5 0
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi mknod -m 666 ${dev_path}/tty0 c 4 0
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi mknod -m 666 ${dev_path}/tty1 c 4 1
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi mknod -m 666 ${dev_path}/tty2 c 4 2
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi mknod -m 666 ${dev_path}/tty3 c 4 3
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi mknod -m 666 ${dev_path}/tty4 c 4 4
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi mknod -m 600 ${dev_path}/console c 5 1
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi mknod -m 666 ${dev_path}/full c 1 7
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi mknod -m 666 ${dev_path}/ptmx c 5 2
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi echo "root:$root_password" | chroot $rootfs_path chpasswd
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi # check the mini fedora was not already downloaded
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi if [ $? -ne 0 ]; then
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi echo "Failed to create '$INSTALL_ROOT' directory"
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi YUM="yum --installroot $INSTALL_ROOT -y --nogpgcheck"
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi PKG_LIST="yum initscripts passwd rsyslog vim-minimal dhclient chkconfig rootfiles policycoreutils"
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi MIRRORLIST_URL="http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$release&arch=$arch"
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi [ $trynumber != 1 ] && echo "Trying again..."
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi MIRROR_URL=$(curl -s -S -f "$MIRRORLIST_URL" | head -n2 | tail -n1)
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi if [ $? -ne 0 ] || [ -z "$MIRROR_URL" ]; then
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi RELEASE_URL="$MIRROR_URL/Packages/fedora-release-$release-1.noarch.rpm"
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi curl -f "$RELEASE_URL" > $INSTALL_ROOT/fedora-release-$release.noarch.rpm
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi if [ $? -ne 0 ]; then
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi if [ $DOWNLOAD_OK != yes ]; then
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi rpm --root $INSTALL_ROOT -ivh $INSTALL_ROOT/fedora-release-$release.noarch.rpm
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi if [ $? -ne 0 ]; then
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi echo "Failed to download the rootfs, aborting."
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi #cp -a $cache/rootfs-$arch $rootfs_path || return 1
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi if [ $? -ne 0 ]; then
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi echo "Checking cache download in $cache/rootfs ... "
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi if [ $? -ne 0 ]; then
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi if [ $? -ne 0 ]; then
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi echo "Failed to update 'fedora base', continuing with last known good cache"
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi echo "Copy $cache/rootfs to $rootfs_path ... "
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi if [ $? -ne 0 ]; then
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumilxc.utsname = $name
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumilxc.pts = 1024
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumilxc.rootfs = $rootfs_path
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumilxc.mount = $config_path/fstab
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumilxc.network.type = $lxc_network_type
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumilxc.network.flags = up
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumilxc.network.link = $lxc_network_link
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumilxc.network.name = eth0
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumilxc.network.mtu = 1500
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumilxc.cgroup.devices.deny = a
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi# /dev/null and zero
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumilxc.cgroup.devices.allow = c 1:3 rwm
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumilxc.cgroup.devices.allow = c 1:5 rwm
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumilxc.cgroup.devices.allow = c 5:1 rwm
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumilxc.cgroup.devices.allow = c 5:0 rwm
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumilxc.cgroup.devices.allow = c 4:0 rwm
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumilxc.cgroup.devices.allow = c 4:1 rwm
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi# /dev/{,u}random
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumilxc.cgroup.devices.allow = c 1:9 rwm
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumilxc.cgroup.devices.allow = c 1:8 rwm
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumilxc.cgroup.devices.allow = c 136:* rwm
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumilxc.cgroup.devices.allow = c 5:2 rwm
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumilxc.cgroup.devices.allow = c 254:0 rwm
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumiproc $rootfs_path/proc proc nodev,noexec,nosuid 0 0
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumidevpts $rootfs_path/dev/pts devpts defaults 0 0
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumisysfs $rootfs_path/sys sysfs defaults 0 0
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi if [ $? -ne 0 ]; then
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi if [ ! -e $cache ]; then
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi # lock, so we won't purge while someone is creating a repository
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi if [ $? != 0 ]; then
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi echo -n "Purging the download cache for Fedora-$release..."
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi $1 -n|--name=<container_name>
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi [-p|--path=<path>] [-c|--clean] [-R|--release=<Fedora_release>] [-A|--arch=<arch of the container>]
57da8c32f85c0255efa61ee32e260068afdaa565KATOH YasufumiMandatory args:
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi -n,--name container name, used to as an identifier for that container from now on
57da8c32f85c0255efa61ee32e260068afdaa565KATOH YasufumiOptional args:
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi -p,--path path to where the container rootfs will be created, defaults to /var/lib/lxc. The container config will go under /var/lib/lxc in that case
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi -c,--clean clean the cache
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi -R,--release Fedora release for the new container. if the host is Fedora, then it will defaultto the host's release.
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi -A,--arch NOT USED YET. Define what arch the container will be [i686,x86_64]
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi -h,--help print this help
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumioptions=$(getopt -o hp:n:cR: -l help,path:,name:,clean,release: -- "$@")
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi --) shift 1; break ;;
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi echo "'yum' command is missing"
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumiif [ -z "$path" ]; then
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumiif [ -z "$release" ]; then
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi if [ "$is_fedora" ]; then
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi release=$(cat /etc/fedora-release |awk '/^Fedora/ {print $3}')
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi echo "This is not a fedora host and release missing, defaulting to 14. use -R|--release to specify release"
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi echo "This script should be run as 'root'"
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi echo "failed write configuration file"
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi echo "failed to install fedora"
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumi echo "failed to configure fedora for a container"
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumiif [ ! -z $clean ]; then
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumiecho "container rootfs and config created"
57da8c32f85c0255efa61ee32e260068afdaa565KATOH Yasufumiecho "container is configured for lxc.network.type=veth and lxc.network.link=virbr0 (which is default if you have libvirt runnig)"