f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr# LXC template for gentoo
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr# Author: Guillaume Zitta <lxc@zitta.fr>
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr# Widely inspired from lxc-gentoo script at https://github.com/globalcitizen/lxc-gentoo
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr# this version is reworked with :
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr# - out of the lxc-create compat
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr# - vanilla gentoo config
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr# - ready to use cache
8ec981fc8b0105da5f071e40811e0c2472a6c3c9Stéphane Graber# Detect use under userns (unsupported)
96283b546081e7ff709968378fca25cb44f1ab6cStéphane Graber if [ "$arg" = "--mapped-uid" -o "$arg" = "--mapped-gid" ]; then
8ec981fc8b0105da5f071e40811e0c2472a6c3c9Stéphane Graber echo "This template can't be used for unprivileged containers." 1>&2
8ec981fc8b0105da5f071e40811e0c2472a6c3c9Stéphane Graber echo "You may want to try the \"download\" template instead." 1>&2
207bf0e475f1dc6e9a2dac2cee3a209b56427855Stéphane Graber# Make sure the usual locations are in PATH
207bf0e475f1dc6e9a2dac2cee3a209b56427855Stéphane Graberexport PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr# Ensure strict root's umask doesen't render the VM unusable
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr################################################################################
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr# Various helper functions
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr################################################################################
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr# param: $1: the name of the lock
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr# param: $2: the timeout for the lock
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr# The rest contain the command to execute and its parameters
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf "Attempting to obtain an exclusive lock (timeout: %s sec) named \"%s\"...\n" "${timeout}" "$lock_name"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr if [[ $? -ne 0 ]]; then
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf " => unable to obtain lock, aborting.\n"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr } 50> "@LOCALSTATEDIR@/lock/subsys/lxc-gentoo-${lock_name}"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr# a die function is always a good idea
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf "\n[the last exit code leading to this death was: %s ]\n" "$?"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr# gentoo arch/variant detection
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf "### set_default_arch: default arch/variant autodetect...\n"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr if [[ $arch =~ i.86 ]]; then
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr elif [[ $arch =~ arm.* ]]; then
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf " => warn: unexpected arch:${arch} let me knows if it works :)\n"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf " => Got: arch=%s variant=%s\n" "${arch}" "${variant}"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr################################################################################
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr# CACHE Preparation
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr################################################################################
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr# during setup cachedir is $cacheroot/partial-$arch-$variant
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr# at the end, it will be $cacheroot/rootfs-$arch-$variant
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr partialfs="${cacheroot}/partial-${arch}-${variant}"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr [[ -d "${cachefs}" && -z "${flush_cache}" ]] && return 0
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf "###### cache_setup(): doing cache preparation\n"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf "###### cache_setup: Cache should be ready\n"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf "### cache_precheck(): doing some pre-start checks ...\n"
ec64264d78d4ed608553842ce9e1f07eeab2a032Veres Lajos || die 8 "\$cacheroot (%s) IS EMPTY OR MADE OF ONLY DIRECTORY SEPARATORS, THIS IS *VERY* BAD!\n" "${cacheroot}"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr#get latest stage3 tarball
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf "### cache_stage3(): stage3 cache deployment...\n"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr local stage3_baseurl="${mirror}/releases/${arch}/autobuilds"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr local stage3_pointer="${stage3_baseurl}/latest-stage3-${variant}.txt"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf "Determining path to latest Gentoo %s (%s) stage3 archive...\n" "${arch}" "${variant}"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf " => downloading and processing %s\n" "${stage3_pointer}"
35e68b0447feb185db41395c70bdf16da6bbad94lxc@zitta.fr local stage3_latest_tarball=$(wget -q -O - "${stage3_pointer}" | tail -n1 | cut -d' ' -f1) \
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf " => Got: %s\n" "${stage3_latest_tarball}"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf "Downloading/untarring the actual stage3 tarball...\n"
dc5518b82e04326639f4b60ebcdb69a4072d0c1cTAMUKI Shoichi wget -O - "${stage3_baseurl}/${stage3_latest_tarball}" \
dc5518b82e04326639f4b60ebcdb69a4072d0c1cTAMUKI Shoichi | tar -xjpf - --numeric-owner -C "${partialfs}" \
dc5518b82e04326639f4b60ebcdb69a4072d0c1cTAMUKI Shoichi tar -xpf "${tarball}" --numeric-owner -C "${partialfs}" \
dc5518b82e04326639f4b60ebcdb69a4072d0c1cTAMUKI Shoichi || die 6 "unable to untar ${tarball} to ${partialfs}"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr chroot ${partialfs} /bin/true || die 1 "Error: chroot %s /bin/true, failed" "${partialfs}"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf " => stage3 cache extracted in : %s\n" "${partialfs}"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf "### cache_portage: caching portage tree tarball...\n"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr [[ -z "${flush_cache}" && -f "${portage_cache}" ]] && return 0
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf "Downloading Gentoo portage (software build database) snapshot...\n"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr execute_exclusively portage 60 wget -O "${portage_cache}" "${mirror}/snapshots/portage-latest.tar.bz2" \
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr# custom inittab
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf "### cache_inittab: tuning inittab...\n"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr [[ -w "$INITTAB" ]] || die 1 "Error: $INITTAB is not writeable"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr echo "1:12345:respawn:/sbin/agetty -a root --noclear 115200 console linux" >> "$INITTAB"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr # finally we add a pf line to enable clean shutdown on SIGPWR (issue 60)
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr echo "# clean container shutdown on SIGPWR" >> "$INITTAB"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr echo "pf:12345:powerwait:/sbin/halt" >> "$INITTAB"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr # we also blank out /etc/issue here in order to prevent delays spawning login
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr # caused by attempts to determine domainname on disconnected containers
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf "### cache_net: doing some useful net tuning...\n"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr grep -i 'search ' /etc/resolv.conf > "${partialfs}/etc/resolv.conf"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr grep -i 'nameserver ' /etc/resolv.conf >> "${partialfs}/etc/resolv.conf"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr # fix boot-time interface config wipe under aggressive cap drop
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr # (openrc 0.9.8.4 ~sep 2012 - https://bugs.gentoo.org/show_bug.cgi?id=436266)
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr # initial warkaround was: sed -i -e 's/^#rc_nostop=""/rc_nostop="net.eth0 net.lo"/' "${partialfs}/etc/rc.conf"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr # but this one does not depends on interfaces names
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr echo 'rc_keyword="-stop"' >> "${partialfs}/etc/conf.d/net"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr #Wait for https://bugs.gentoo.org/show_bug.cgi?id=496054
9749441a0e8072f43e955fba47e07bfd015d0a45Stéphane Graber mknod -m 666 "${partialfs}/dev/net/tun" c 10 200
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr# fix openrc system
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf "### cache_openrc(): doing openrc tuning\n"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr #Wait for https://bugs.gentoo.org/show_bug.cgi?id=496054
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr chroot "${partialfs}" sed s/-lxc//g -i "/etc/init.d/devfs"
3a74e9097a932729d9eff9ce562288e89731b177Guillaume ZITTA printf "### cache_locale(): initiating minimale locale en_US.UTF-8 \n"
3a74e9097a932729d9eff9ce562288e89731b177Guillaume ZITTA echo "en_US.UTF-8 UTF-8" >> "${partialfs}/etc/locale.gen"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr################################################################################
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr# CONTAINER Preparation
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr################################################################################
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf "##### container_setup(): starting container setup\n"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr #in most cases lxc-create should have provided a copy of default lxc.conf
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr #let's tag where template starts, or just create the files
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr echo '### lxc-gentoo template stuff starts here' >> "$path/config"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr #If backingstore was specified, lxc.rootfs should be present or --rootfs did the rootfs var creation
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr rootfs=`awk -F= '$1 ~ /^lxc.rootfs/ { print $2 }' "$path/config" 2>/dev/null`
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr store_user_message "rootfs of container is : ${rootfs}"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr store_user_message "config of container is : ${path}/config"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr if [ $? -ne 0 ]; then
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr die 1 "container_setup(): one step didn't complete, sorry\n"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf "###### container_setup(): container should be ready to start!\n"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf "You could now use you container with: lxc-start -n %s\n" "${name}"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf "little things you should know about your container:\n"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf "### container_precheck(): doing some pre-start checks ...\n"
ec64264d78d4ed608553842ce9e1f07eeab2a032Veres Lajos || die 8 "\$name (%s) IS EMPTY OR MADE OF ONLY DIRECTORY SEPARATORS, THIS IS *VERY* BAD!\n" "${name}"
ec64264d78d4ed608553842ce9e1f07eeab2a032Veres Lajos || die 8 "\$rootfs (%s) IS EMPTY OR MADE OF ONLY DIRECTORY SEPARATORS, THIS IS *VERY* BAD!\n" "${rootfs}"
ec64264d78d4ed608553842ce9e1f07eeab2a032Veres Lajos || die 8 "\$cachefs (%s) IS EMPTY OR MADE OF ONLY DIRECTORY SEPARATORS, THIS IS *VERY* BAD!\n" "${cachefs}"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr [[ -d "${rootfs}/etc" ]] && die 18 "Error: \$rootfs (%s) already exists!" "${rootfs}"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr [[ ! -d "${cachefs}/etc" ]] && die 1 "Error: \$cachefs (%s) not found!" "${cachefs}"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf "#### container_rootfs(): copying rootfs %s from cache %s ...\n" "${rootfs}" "${cachefs}"
dc5518b82e04326639f4b60ebcdb69a4072d0c1cTAMUKI Shoichi tar -c -f - --numeric-owner -C "${cachefs}" . \
dc5518b82e04326639f4b60ebcdb69a4072d0c1cTAMUKI Shoichi | tar -x -p -f - --numeric-owner -C "${rootfs}" \
dc5518b82e04326639f4b60ebcdb69a4072d0c1cTAMUKI Shoichi || die 1 "Error: cache copy to rootfs failed"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr chroot "${rootfs}" /bin/true || die 1 "Error: 'chroot %s /bin/true' failed"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf "#### container_consoles(): setting container consoles ...\n"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr if [[ ${tty} < 6 ]]; then
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr sed -i "s/^c[${mindis}-6]/#&/" "${rootfs}/etc/inittab"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr sed 's/agetty -a root/agetty/' -i "${rootfs}/etc/inittab"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr sed "s/agetty -a root/agetty -a ${user}/" -i "${rootfs}/etc/inittab"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf " => Autologin on main console for %s enabled\n" "${user}"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr [[ -z "${forced_password}" ]] && unset password
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr store_user_message "${user} has autologin on main console"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf " => Autologin on main console for root enabled\n"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr [[ -z "${forced_password}" ]] && unset password
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr store_user_message "${user} has autologin on main console"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf "#### container_tz(): setting container timezone ...\n"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr chroot "${rootfs}" ln -sf "${target}" "/etc/localtime"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf " => host symlink reproducted in container : %s\n" "${target}"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr if [ -e /etc/localtime ]; then
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf " => host localtime copyed to container\n"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr store_user_message "timezone was staticly copyed from host"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr chroot "${rootfs}" ln -sf /usr/share/zoneinfo/UTC /etc/localtime
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf "#### container_portage(): setting container portage... \n"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr portage_mount="#container set with private portage tree, no mount here"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf "Warnings are normal here, don't worry\n"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr if chroot ${rootfs} portageq get_repo_path / gentoo > /dev/null ; then
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr portage_container="$(chroot ${rootfs} portageq get_repo_path / gentoo)"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr die 1 "Failed to figure out container portage tree location with portageq get_repo_path / gentoo\n"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf "trying to guess portage_dir from host...\n"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr portage_dir="$(portageq get_repo_path / gentoo 2>/dev/null)"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf " => host portage detection failed (not gentoo host), fallback to private portage tree\n"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr die 1 "specified portage_dir (%s) does not contains profiles, is it a portage tree ?\n" "${portage_dir}"
b69e7bf14e8182912bfda2472ca7caffd60cef41rabisg printf "trying to guess portage distfiles dir from host ...\n"
b69e7bf14e8182912bfda2472ca7caffd60cef41rabisg portage_distfiles_dir="$(portageq distdir 2>/dev/null)"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr portage_mount="#container set with shared portage
cf261d584e4d78c1482aac56117f6d1266e5b84dgzalxc.mount.entry=${portage_dir} ${portage_container/\//} none ro,bind 0 0
b69e7bf14e8182912bfda2472ca7caffd60cef41rabisglxc.mount.entry=${portage_distfiles_dir} ${portage_container/\//}/distfiles none rw,bind 0 0
cf261d584e4d78c1482aac56117f6d1266e5b84dgza#If you use eix, you should uncomment this
cf261d584e4d78c1482aac56117f6d1266e5b84dgza#lxc.mount.entry=/var/cache/eix var/cache/eix none ro,bind 0 0"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr store_user_message "container has a shared portage from host's ${portage_dir} to ${portage_container/\//}"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr cat <<- EOF >> "${rootfs}/etc/portage/make.conf"
cf261d584e4d78c1482aac56117f6d1266e5b84dgza# enable this to store built binary packages
cf261d584e4d78c1482aac56117f6d1266e5b84dgza#FEATURES="\$FEATURES buildpkg"
cf261d584e4d78c1482aac56117f6d1266e5b84dgza# enable this to use built binary packages
cf261d584e4d78c1482aac56117f6d1266e5b84dgza#EMERGE_DEFAULT_OPTS="\${EMERGE_DEFAULT_OPTS} --usepkg"
cf261d584e4d78c1482aac56117f6d1266e5b84dgza# enable and *tune* this kind of entry to slot binaries, specialy if you use multiples archs and variants
cf261d584e4d78c1482aac56117f6d1266e5b84dgza#PKGDIR="\${PKGDIR}/amd64
cf261d584e4d78c1482aac56117f6d1266e5b84dgza#or PKGDIR="\${PKGDIR}/hardened"
ec64264d78d4ed608553842ce9e1f07eeab2a032Veres Lajos printf " => portage stuff done, see /etc/portage/make.conf for additional tricks\n"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr #called from container_portage() do not call directly from container_setup
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf "# untaring private portage to %s from %s ... \n" "${rootfs}/${portage_container}" "${portage_cache}"
dc5518b82e04326639f4b60ebcdb69a4072d0c1cTAMUKI Shoichi tar -xp --strip-components 1 -C "${rootfs}/${portage_container}" \
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr || die 2 "Error: unable to extract the portage tree.\n"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr store_user_message "container has its own portage tree at ${portage_container}"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr#helper func for container_genconf_net()
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr [[ "${nic_conf}" == "dhcp" ]] && nic_managed="${nic_managed} ${nic_name}"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr [[ "${nic_conf}" == "null" ]] && nic_unmanaged="${nic_unmanaged} ${nic_name}"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr [[ -z "${nic_hwaddr}" && ${nic_type} == "veth" ]] && nic_wo_hwaddr="${nic_wo_hwaddr} ${nic_name}"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr#Analyse lxc.conf and print conf.d/net content
cae3584efccc63f544c8748bd13d80e11bc79aefgza #let's do some drity bash things to parse lxc network conf
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr for line in $( sed -r "s/[ ]*=[ ]*/_real_ugly_sep_42_/" "${file}" ); do
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr key=$(echo "${line}" | sed 's/_real_ugly_sep_42_.*$//')
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr value=$(echo "${line}" | sed 's/^.*_real_ugly_sep_42_//')
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr #=> Number is ID munis number of named NIC before
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr nic_name="eth$(( ${nic_last} - ${nic_named} ))"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr if [[ "${key}" == "lxc.network.hwaddr" ]]; then
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr if [[ "${key}" =~ ^lxc.network.ipv(4|6) ]]; then
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr #tell openrc to not manage this NIC as LXC set there address
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf "container_net(): setting container network conf... \n"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr container_conf_net "$path/config" >> "${rootfs}/etc/conf.d/net"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr # unless openrc manage a nic, we now have to force openrc to automatic
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr # provision of the 'net' dep. If we do not, network dependent services
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr if [[ ${nic_count} == 0 ]]; then
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr store_user_message "No network interface for this container
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.frIt's a pitty, you have bridge, ${bridge}.
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.frIf it is for Lxc, use it next time by adding this to your default.conf :
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.frlxc.network.hwaddr = fe:xx:xx:xx:xx:xx"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr store_user_message "No network interface for this container"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr chroot "${rootfs}" ln -s net.lo "/etc/init.d/net.${nic}"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr chroot "${rootfs}" rc-update add net.${nic} default
cae3584efccc63f544c8748bd13d80e11bc79aefgza #fake sysfs for openrc, in case settings does not provide it
cae3584efccc63f544c8748bd13d80e11bc79aefgza echo ${sys_nic_index} > "${rootfs}/sys/class/net/${nic}/ifindex"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr store_user_message "Warning, these veth NIC don't have fixed hwaddr :
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr${nic_wo_hwaddr}
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.frsee http://lists.linuxcontainers.org/pipermail/lxc-devel/2013-December/006736.html
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr# custom hostname
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf "#### container_hostname(): setting hostname... \n"
3d8b68b1d5be415544a71b18df9635deceb2fd8aDark Templar printf "hostname=\"%s\"\n" "${name}" > "${rootfs}/etc/conf.d/hostname"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf "#### container_auth(): setting authentification... \n"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf " non root user requested, creating... \n"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr chroot "${rootfs}" useradd --create-home -s /bin/bash "${user}" || die 1 "failed to create user ${user}"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr store_user_message "Connection user is ${user}"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr auth_home=$(chroot "${rootfs}" getent passwd "${user}" | cut -d : -f 6)
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf " deploying auth_key %s for user %s ...\n" "${auth_key}" "${user}"
7785e39c96a25bab32a426bf3c1d1e0a1993ac49Erik Mackdanz cat "${auth_key}" >> "${rootfs}/${auth_home}/.ssh/authorized_keys"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr chroot "${rootfs}" chown "${user}:" "${auth_home}/.ssh/authorized_keys"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf " => inserted public key in %s/.ssh/authorized_keys\n" "${auth_home}"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr [[ -z "${forced_password}" ]] && unset password
7785e39c96a25bab32a426bf3c1d1e0a1993ac49Erik Mackdanz store_user_message "${user} has the ssh key you gave us"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf " setting password for %s ...\n" "${user}"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr echo "${user}:${password}" | chroot "${rootfs}" chpasswd || die 1 "failed to change password"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf " => done. if you didn't specify , default is 'toor'\n"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr store_user_message "${user} has the password you give for him"
84ad17ede0febe7cc0d19e1125c25e549dc9104fGuillaume ZITTA printf "#### container_sshd(): enabling sshd... \n"
84ad17ede0febe7cc0d19e1125c25e549dc9104fGuillaume ZITTA chroot "${rootfs}" rc-update add sshd || die 1 "failed to enable sshd\n"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr################################################################################
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr# lxc configuration files
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr################################################################################
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr printf "container_configuration(): making lxc configuration file... \n"
b8ebaa9c78a78e3e3c4043a20d3c84cac9ca7fd1Vicente Olivert Riera # if there is exactly one veth network entry, make sure it has an
b8ebaa9c78a78e3e3c4043a20d3c84cac9ca7fd1Vicente Olivert Riera nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' ${conf_file} | wc -l`
b8ebaa9c78a78e3e3c4043a20d3c84cac9ca7fd1Vicente Olivert Riera if [ $nics -eq 1 ]; then
b8ebaa9c78a78e3e3c4043a20d3c84cac9ca7fd1Vicente Olivert Riera grep -q "^lxc.network.hwaddr" ${conf_file} || sed -i -e "/^lxc\.network\.type[ \t]*=[ \t]*veth/a lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')" ${conf_file}
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr conf_rootfs_line="lxc.rootfs = $(readlink -f "${rootfs}")"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr if [[ "${arch}" == "x86" || "${arch}" == "amd64" ]]; then
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr# sets container architecture
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr# If desired architecture != amd64 or x86, then we leave it unset as
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr# LXC does not oficially support anything other than x86 or amd64.
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr${conf_arch_line}
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr# set the hostname
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.frlxc.utsname = ${name}
cae3584efccc63f544c8748bd13d80e11bc79aefgzalxc.tty = ${tty}
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr${conf_rootfs_line}
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr${portage_mount}
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr${conf_sysfs}
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr${conf_mounts}
cae3584efccc63f544c8748bd13d80e11bc79aefgzalxc.include = ${LXC_TEMPLATE_CONFIG}/gentoo.${settings}.conf
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr$1 -h|--help [-a|--arch <arch>] [-v|--variant <variant>] [-P|--private-portage] [--portage-dir <protagedir>] [-t|--tarball <stage3file>]
cae3584efccc63f544c8748bd13d80e11bc79aefgza [-F|--flush-cache] [-c|--cache-only] [-u|--user <username>] [-w|--password <password>] [--autologin] [-S|--auth-key <keyfile>]
cae3584efccc63f544c8748bd13d80e11bc79aefgza [-s|--settings <name>] [-m|--mirror <gentoomirror>] [--tty <number>]
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.frarch: the container architecture (e.g. amd64): defaults to host arch (currently: '${arch}')
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr If you choose one that needs emulation
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr tested: amd64, x86
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr You could try any other gentoo arch, why not...
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.frvariant: gentoo's Architecture variant as of dec 2013 : (currently: '${variant}')
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr for amd64 arch: amd64 (default), amd64-hardened+nomultilib, amd64-hardened, amd64-nomultilib, x32
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr for x86 arch: i686 (default), i486, i686-hardened
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr for arm arch: armv7a (default), armv7a_hardfp, armv6j, armv6j_hardfp, armv5tel, armv4tl
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.frprivate-portage: by default, /usr/portage is mount-binded with host one if exists (currently: '${private_portage}')
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr this force container to have his own copy
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.frportage-dir: portage dir used for shared portage
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr by default the host on if any (currently: '${portage_dir}')
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.frtarball: force usage of local stage3 archive (currently: '${arch}')
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr If empty, latest will be downloaded
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.frflush-cache: do like there is no previous cache
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.frcache-only: just ensure cache is present
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr if cache exists and "flush-cache" not specified, does nothing
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fruser: user used in auth oriented options (currently: '${user}')
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.frpassword: password for user (currently: '${password}')
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr if default, usage of auth-key will disable password setting
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.frautologin: enable autologin for user (currently: '${autologin}')
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr This unset default password setting
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.frauth-key: SSH Public key file to inject into container for user (currently: '${auth_key}')
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr This unset default password setting
cae3584efccc63f544c8748bd13d80e11bc79aefgzasettings: choose common configuration (currently: '${settings}')
cae3584efccc63f544c8748bd13d80e11bc79aefgza see ${LXC_TEMPLATE_CONFIG}/gentoo.*.conf
cae3584efccc63f544c8748bd13d80e11bc79aefgza Available settings:
cae3584efccc63f544c8748bd13d80e11bc79aefgza $(ls -1 ${LXC_TEMPLATE_CONFIG}/gentoo.*.conf | xargs basename -a -s .conf | sed 's/^gentoo.//')
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.frmirror: gentoo mirror for download (currently: '${mirror}')
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.frtty: number of tty (6 max) (currently: '${tty}')
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr#some overridable defaults
7785e39c96a25bab32a426bf3c1d1e0a1993ac49Erik Mackdanzoptions=$(getopt -o hp:n:a:FcPv:t:S:u:w:s:m: -l help,rootfs:,path:,name:,arch:,flush-cache,cache-only,private-portage,variant:,portage-dir:,tarball:,auth-key:,user:,autologin,password:,settings:,mirror:,tty: -- "$@")
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr -P|--private-portage) private_portage=1; shift 1;;
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr -w|--password) forced_password=1; password=$2; shift 2;;
6dc6f80bfd7cb169948f2ef9a95dcf6d2edee853Kevin Carter --container-cache) containercache=$2; shift 2;;
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fr --) shift 1; break ;;
6dc6f80bfd7cb169948f2ef9a95dcf6d2edee853Kevin Carter# Allow the cache path to be set by environment variable
6dc6f80bfd7cb169948f2ef9a95dcf6d2edee853Kevin Cartercacheroot="${LXC_CACHE_PATH:-"@LOCALSTATEDIR@/cache/lxc"}/gentoo"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.frcachefs="${cacheroot}/rootfs-${arch}-${variant}"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.fralias wget="wget --timeout=8 --read-timeout=15 -c -t10 -nd"
f8d0243a78c65ea3c46eb60fbeef799c3f6e9a5blxc@zitta.frexecute_exclusively "cache-${arch}-${variant}" 60 do_all