lxc-gentoo.in revision 96283b546081e7ff709968378fca25cb44f1ab6c
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen# LXC template for gentoo
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen# Author: Guillaume Zitta <lxc@zitta.fr>
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen# Widely inspired from lxc-gentoo script at https://github.com/globalcitizen/lxc-gentoo
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen# this version is reworked with :
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen# - out of the lxc-create compat
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen# - vanilla gentoo config
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen# - ready to use cache
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen# Detect use under userns (unsupported)
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen if [ "$arg" = "--mapped-uid" -o "$arg" = "--mapped-gid" ]; then
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen echo "This template can't be used for unprivileged containers." 1>&2
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen echo "You may want to try the \"download\" template instead." 1>&2
4db61af2cfe2b206113bcc4b6153521679702bb4Timo Sirainen# Make sure the usual locations are in PATH
4db61af2cfe2b206113bcc4b6153521679702bb4Timo Sirainenexport PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen# Ensure strict root's umask doesen't render the VM unusable
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen################################################################################
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen# Various helper functions
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen################################################################################
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen# param: $1: the name of the lock
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen# param: $2: the timeout for the lock
4db61af2cfe2b206113bcc4b6153521679702bb4Timo Sirainen# The rest contain the command to execute and its parameters
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen printf "Attempting to obtain an exclusive lock (timeout: %s sec) named \"%s\"...\n" "${timeout}" "$lock_name"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen if [[ $? -ne 0 ]]; then
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen printf " => unable to obtain lock, aborting.\n"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen } 50> "@LOCALSTATEDIR@/lock/subsys/lxc-gentoo-${lock_name}"
37e8420b32a0fa3442c405616980e45beb494104Timo Sirainen# a die function is always a good idea
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen printf "\n[the last exit code leading to this death was: %s ]\n" "$?"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen# gentoo arch/variant detection
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen printf "### set_default_arch: default arch/variant autodetect...\n"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen if [[ $arch =~ i.86 ]]; then
e22ec7998afd426c53c658483ce66b6e404e27c6Timo Sirainen elif [[ $arch =~ arm.* ]]; then
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen printf " => warn: unexpected arch:${arch} let me knows if it works :)\n"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen printf " => Got: arch=%s variant=%s\n" "${arch}" "${variant}"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen################################################################################
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen# CACHE Preparation
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen################################################################################
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen# during setup cachedir is $cacheroot/partial-$arch-$variant
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen# at the end, it will be $cacheroot/rootfs-$arch-$variant
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen partialfs="${cacheroot}/partial-${arch}-${variant}"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen [[ -d "${cachefs}" && -z "${flush_cache}" ]] && return 0
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen printf "###### cache_setup(): doing cache preparation\n"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen printf "###### cache_setup: Cache should be ready\n"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen printf "### cache_precheck(): doing some pre-start checks ...\n"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen || die 8 "\$cacheroot (%s) IS EMPTY OR MADE OF ONLY DIRECTORY SEPERATORS, THIS IS *VERY* BAD!\n" "${cacheroot}"
a1044a46a8f3512173f4ea2684ef1fc3e61645c7Timo Sirainen#get latest stage3 tarball
a1044a46a8f3512173f4ea2684ef1fc3e61645c7Timo Sirainen printf "### cache_stage3(): stage3 cache deployment...\n"
a1044a46a8f3512173f4ea2684ef1fc3e61645c7Timo Sirainen local stage3_baseurl="${mirror}/releases/${arch}/autobuilds"
a1044a46a8f3512173f4ea2684ef1fc3e61645c7Timo Sirainen local stage3_pointer="${stage3_baseurl}/latest-stage3-${variant}.txt"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen printf "Determining path to latest Gentoo %s (%s) stage3 archive...\n" "${arch}" "${variant}"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen printf " => downloading and processing %s\n" "${stage3_pointer}"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen local stage3_latest_tarball=$(wget -q -O - "${stage3_pointer}" | tail -n1 ) \
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen printf " => Got: %s\n" "${stage3_latest_tarball}"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen printf "Downloading/untarring the actual stage3 tarball...\n"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen wget -O - "${stage3_baseurl}/${stage3_latest_tarball}" | tar -xjpf - -C "${partialfs}" \
1fb5e50695bbbc0da082e5a6f19f29d2bb2f6531Timo Sirainen printf " => extracted to: %s\n" "${partialfs}"
1fb5e50695bbbc0da082e5a6f19f29d2bb2f6531Timo Sirainen tar -xpf "${tarball}" -C "${partialfs}" || die 6 "unable to untar ${tarball} to ${partialfs}"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen chroot ${partialfs} /bin/true || die 1 "Error: chroot %s /bin/true, failed" "${partialfs}"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen printf " => stage3 cache extracted in : %s\n" "${partialfs}"
1fb5e50695bbbc0da082e5a6f19f29d2bb2f6531Timo Sirainen printf "### cache_portage: caching portage tree tarball...\n"
1fb5e50695bbbc0da082e5a6f19f29d2bb2f6531Timo Sirainen [[ -z "${flush_cache}" && -f "${portage_cache}" ]] && return 0
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen printf "Downloading Gentoo portage (software build database) snapshot...\n"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen execute_exclusively portage 60 wget -O "${portage_cache}" "${mirror}/snapshots/portage-latest.tar.bz2" \
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen# custom inittab
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen printf "### cache_inittab: tuning inittab...\n"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen [[ -w "$INITTAB" ]] || die 1 "Error: $INITTAB is not writeable"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen echo "1:12345:respawn:/sbin/agetty -a root --noclear 115200 console linux" >> "$INITTAB"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen # finally we add a pf line to enable clean shutdown on SIGPWR (issue 60)
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen echo "# clean container shutdown on SIGPWR" >> "$INITTAB"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen echo "pf:12345:powerwait:/sbin/halt" >> "$INITTAB"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen # we also blank out /etc/issue here in order to prevent delays spawning login
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen # caused by attempts to determine domainname on disconnected containers
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen sed -i 's/[\][Oo]//g' "${partialfs}/etc/issue"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen printf "### cache_net: doing some useful net tuning...\n"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen grep -i 'search ' /etc/resolv.conf > "${partialfs}/etc/resolv.conf"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen grep -i 'nameserver ' /etc/resolv.conf >> "${partialfs}/etc/resolv.conf"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen # fix boot-time interface config wipe under aggressive cap drop
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen # (openrc 0.9.8.4 ~sep 2012 - https://bugs.gentoo.org/show_bug.cgi?id=436266)
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen # initial warkaround was: sed -i -e 's/^#rc_nostop=""/rc_nostop="net.eth0 net.lo"/' "${partialfs}/etc/rc.conf"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen # but this one does not depends on interfaces names
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen echo 'rc_keyword="-stop"' >> "${partialfs}/etc/conf.d/net"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen #Wait for https://bugs.gentoo.org/show_bug.cgi?id=496054
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen mknod -m 666 "${partialfs}/dev/net/tun" c 10 200
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen# fix openrc system
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen printf "### cache_openrc(): doing openrc tuning\n"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen #Wait for https://bugs.gentoo.org/show_bug.cgi?id=496054
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen chroot "${partialfs}" sed s/-lxc//g -i "/etc/init.d/devfs"
1fb5e50695bbbc0da082e5a6f19f29d2bb2f6531Timo Sirainen################################################################################
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen# CONTAINER Preparation
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen################################################################################
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen printf "##### container_setup(): starting container setup\n"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen #in most cases lxc-create should have provided a copy of default lxc.conf
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen #let's tag where template starts, or just create the files
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen echo '### lxc-gentoo template stuff starts here' >> "$path/config"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen #If backingstore was specified, lxc.rootfs should be present or --rootfs did the rootfs var creation
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen rootfs=`awk -F= '$1 ~ /^lxc.rootfs/ { print $2 }' "$path/config" 2>/dev/null`
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen store_user_message "rootfs of container is : ${rootfs}"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen store_user_message "config of container is : ${path}/config"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen if [ $? -ne 0 ]; then
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen die 1 "container_setup(): one step didn't complete, sorry\n"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen printf "###### container_setup(): container should be ready to start!\n"
1fb5e50695bbbc0da082e5a6f19f29d2bb2f6531Timo Sirainen printf "You could now use you container with: lxc-start -n %s\n" "${name}"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen printf "little things you should know about your container:\n"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen printf "### container_precheck(): doing some pre-start checks ...\n"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen || die 8 "\$name (%s) IS EMPTY OR MADE OF ONLY DIRECTORY SEPERATORS, THIS IS *VERY* BAD!\n" "${name}"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen || die 8 "\$rootfs (%s) IS EMPTY OR MADE OF ONLY DIRECTORY SEPERATORS, THIS IS *VERY* BAD!\n" "${rootfs}"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen || die 8 "\$cachefs (%s) IS EMPTY OR MADE OF ONLY DIRECTORY SEPERATORS, THIS IS *VERY* BAD!\n" "${cachefs}"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen [[ -d "${rootfs}/etc" ]] && die 18 "Error: \$rootfs (%s) already exists!" "${rootfs}"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen [[ ! -d "${cachefs}/etc" ]] && die 1 "Error: \$cachefs (%s) not found!" "${cachefs}"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen printf "#### container_rootfs(): copying rootfs %s from cache %s ...\n" "${rootfs}" "${cachefs}"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen tar -c -f - -C "${cachefs}" . | tar -x -p -f - -C "${rootfs}" || die 1 "Error: cache copy to rootfs failed"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen chroot "${rootfs}" /bin/true || die 1 "Error: 'chroot %s /bin/true' failed"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen printf "#### container_consoles(): setting container consoles ...\n"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen if [[ ${tty} < 6 ]]; then
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen sed -i "s/^c[${mindis}-6]/#&/" "${rootfs}/etc/inittab"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen sed 's/agetty -a root/agetty/' -i "${rootfs}/etc/inittab"
a1044a46a8f3512173f4ea2684ef1fc3e61645c7Timo Sirainen sed "s/agetty -a root/agetty -a ${user}/" -i "${rootfs}/etc/inittab"
6ea145a99eeee923602f04d3c9183bbdba6cd190Timo Sirainen printf " => Autologin on main console for %s enabled\n" "${user}"
6ea145a99eeee923602f04d3c9183bbdba6cd190Timo Sirainen [[ -z "${forced_password}" ]] && unset password
4db61af2cfe2b206113bcc4b6153521679702bb4Timo Sirainen store_user_message "${user} has autologin on main console"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen printf " => Autologin on main console for root enabled\n"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen [[ -z "${forced_password}" ]] && unset password
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen store_user_message "${user} has autologin on main console"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen printf "#### container_tz(): setting container timezone ...\n"
ce74395e2a932342e04fb682395bcce111574969Timo Sirainen chroot "${rootfs}" ln -sf "${target}" "/etc/localtime"
ce74395e2a932342e04fb682395bcce111574969Timo Sirainen printf " => host symlink reproducted in container : %s\n" "${target}"
ce74395e2a932342e04fb682395bcce111574969Timo Sirainen store_user_message "timezone copyed from host"
a1044a46a8f3512173f4ea2684ef1fc3e61645c7Timo Sirainen if [ -e /etc/localtime ]; then
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen cat /etc/localtime > "${rootfs}/etc/localtime"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen printf " => host localtime copyed to container\n"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen store_user_message "timezone was staticly copyed from host"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen chroot "${rootfs}" ln -sf /usr/share/zoneinfo/UTC /etc/localtime
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen store_user_message "timezone was fixed to UTC"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen printf "#### container_portage(): setting container portage... \n"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen portage_mount="#container set with private portage tree, no mount here"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen printf "Warnings are normal here, don't worry\n"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen if chroot ${rootfs} portageq get_repo_path / gentoo > /dev/null ; then
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen portage_container="$(chroot ${rootfs} portageq get_repo_path / gentoo)"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen die 1 "Failed to figure out container portage tree location with portageq get_repo_path / gentoo\n"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen printf "trying to guess portage_dir from host...\n"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen portage_dir="$(portageq get_repo_path / gentoo 2>/dev/null)"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen printf " => host portage detection failed (not gentoo host), fallback to private portage tree\n"
1fb5e50695bbbc0da082e5a6f19f29d2bb2f6531Timo Sirainen die 1 "specified portage_dir (%s) does not contains profiles, is it a portage tree ?\n" "${portage_dir}"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen portage_mount="#container set with shared portage
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainenlxc.mount.entry=${portage_dir} ${portage_container/\//} none ro,bind 0 0
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainenlxc.mount.entry=${portage_dir}/distfiles ${portage_container/\//}/distfiles none rw,bind 0 0
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen#If you use eix, you should uncomment this
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen#lxc.mount.entry=/var/cache/eix var/cache/eix none ro,bind 0 0"
1fb5e50695bbbc0da082e5a6f19f29d2bb2f6531Timo Sirainen store_user_message "container has a shared portage from host's ${portage_dir} to ${portage_container/\//}"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen cat <<- EOF >> "${rootfs}/etc/portage/make.conf"
1fb5e50695bbbc0da082e5a6f19f29d2bb2f6531Timo Sirainen# enable this to store built binary packages
1fb5e50695bbbc0da082e5a6f19f29d2bb2f6531Timo Sirainen#FEATURES="\$FEATURES buildpkg"
1fb5e50695bbbc0da082e5a6f19f29d2bb2f6531Timo Sirainen# enable this to use built binary packages
1fb5e50695bbbc0da082e5a6f19f29d2bb2f6531Timo Sirainen#EMERGE_DEFAULT_OPTS="\${EMERGE_DEFAULT_OPTS} --usepkg"
1fb5e50695bbbc0da082e5a6f19f29d2bb2f6531Timo Sirainen# enable and *tune* this kind of entry to slot binaries, specialy if you use multiples archs and variants
1fb5e50695bbbc0da082e5a6f19f29d2bb2f6531Timo Sirainen#PKGDIR="\${PKGDIR}/amd64
1fb5e50695bbbc0da082e5a6f19f29d2bb2f6531Timo Sirainen#or PKGDIR="\${PKGDIR}/hardened"
1fb5e50695bbbc0da082e5a6f19f29d2bb2f6531Timo Sirainen printf " => portage stuff done, see /etc/portage/make.conf for additionnal tricks\n"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen #called from container_portage() do not call directly from container_setup
2ccb478c35972517721ce415d81fcbd11a73fad3Timo Sirainen printf "# untaring private portage to %s from %s ... \n" "${rootfs}/${portage_container}" "${portage_cache}"
b457d2ecf97fb52064f9dd563fd4e8065af39dfbTimo Sirainen execute_exclusively portage 60 tar -xp --strip-components 1 -C "${rootfs}/${portage_container}" -f "${portage_cache}" \
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen || die 2 "Error: unable to extract the portage tree.\n"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen store_user_message "container has its own portage tree at ${portage_container}"
2ccb478c35972517721ce415d81fcbd11a73fad3Timo Sirainen#helper func for container_genconf_net()
2ccb478c35972517721ce415d81fcbd11a73fad3Timo Sirainen [[ "${nic_conf}" == "dhcp" ]] && nic_managed="${nic_managed} ${nic_name}"
2ccb478c35972517721ce415d81fcbd11a73fad3Timo Sirainen [[ "${nic_conf}" == "null" ]] && nic_unmanaged="${nic_unmanaged} ${nic_name}"
2ccb478c35972517721ce415d81fcbd11a73fad3Timo Sirainen [[ -z "${nic_hwaddr}" && ${nic_type} == "veth" ]] && nic_wo_hwaddr="${nic_wo_hwaddr} ${nic_name}"
f0e811f0e306bb20d3da9c26353bdd5669132f29Timo Sirainen#Analyse lxc.conf and print conf.d/net content
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen #let's do some drity bash things to parse lxc network conf
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen for line in $( sed -r "s/[ ]*=[ ]*/_real_ugly_sep_42_/" "${file}" ); do
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen key=$(echo "${line}" | sed 's/_real_ugly_sep_42_.*$//')
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen value=$(echo "${line}" | sed 's/^.*_real_ugly_sep_42_//')
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen #=> Number is ID munis number of named NIC before
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen nic_name="eth$(( ${nic_last} - ${nic_named} ))"
1856c361aad526948d56d8aafd576bca94516b92Timo Sirainen if [[ "${key}" == "lxc.network.hwaddr" ]]; then
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen if [[ "${key}" =~ ^lxc.network.ipv(4|6) ]]; then
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen #tell openrc to not manage this NIC as LXC set there address
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen printf "container_net(): setting container network conf... \n"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen container_conf_net "$path/config" >> "${rootfs}/etc/conf.d/net"
1fb5e50695bbbc0da082e5a6f19f29d2bb2f6531Timo Sirainen # unless openrc manage a nic, we now have to force openrc to automatic
1fb5e50695bbbc0da082e5a6f19f29d2bb2f6531Timo Sirainen # provision of the 'net' dep. If we do not, network dependent services
1fb5e50695bbbc0da082e5a6f19f29d2bb2f6531Timo Sirainen echo 'rc_provide="net"' >> "${rootfs}/etc/rc.conf"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen if [[ ${nic_count} == 0 ]]; then
6ea145a99eeee923602f04d3c9183bbdba6cd190Timo Sirainen store_user_message "No network interface for this container
4db61af2cfe2b206113bcc4b6153521679702bb4Timo SirainenIt's a pitty, you have bridge, ${bridge}.
4db61af2cfe2b206113bcc4b6153521679702bb4Timo SirainenIf it is for Lxc, use it next time by adding this to your default.conf :
4db61af2cfe2b206113bcc4b6153521679702bb4Timo Sirainenlxc.network.hwaddr = fe:xx:xx:xx:xx:xx"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen store_user_message "No network interface for this container"
1fb5e50695bbbc0da082e5a6f19f29d2bb2f6531Timo Sirainen chroot "${rootfs}" ln -s net.lo "/etc/init.d/net.${nic}"
1fb5e50695bbbc0da082e5a6f19f29d2bb2f6531Timo Sirainen chroot "${rootfs}" rc-update add net.${nic} default
1fb5e50695bbbc0da082e5a6f19f29d2bb2f6531Timo Sirainen #fake sysfs for openrc, in case settings does not provide it
1fb5e50695bbbc0da082e5a6f19f29d2bb2f6531Timo Sirainen echo ${sys_nic_index} > "${rootfs}/sys/class/net/${nic}/ifindex"
1fb5e50695bbbc0da082e5a6f19f29d2bb2f6531Timo Sirainen echo up > "${rootfs}/sys/class/net/${nic}/operstate"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen store_user_message "Warning, these veth NIC don't have fixed hwaddr :
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen${nic_wo_hwaddr}
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainensee http://lists.linuxcontainers.org/pipermail/lxc-devel/2013-December/006736.html
1fb5e50695bbbc0da082e5a6f19f29d2bb2f6531Timo Sirainen# custom hostname
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen printf "#### container_hostname(): setting hostname... \n"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen printf "hostnale=%s\n" "${name}" > "${rootfs}/etc/conf.d/hostname"
1fb5e50695bbbc0da082e5a6f19f29d2bb2f6531Timo Sirainen printf "#### container_auth(): setting authentification... \n"
1fb5e50695bbbc0da082e5a6f19f29d2bb2f6531Timo Sirainen printf " non root user requested, creating... \n"
1fb5e50695bbbc0da082e5a6f19f29d2bb2f6531Timo Sirainen chroot "${rootfs}" useradd --create-home -s /bin/bash "${user}" || die 1 "failed to create user ${user}"
ce74395e2a932342e04fb682395bcce111574969Timo Sirainen store_user_message "Connection user is ${user}"
4db61af2cfe2b206113bcc4b6153521679702bb4Timo Sirainen auth_home=$(chroot "${rootfs}" getent passwd "${user}" | cut -d : -f 6)
ce74395e2a932342e04fb682395bcce111574969Timo Sirainen printf " deploying auth_key %s for user %s ...\n" "${auth_key}" "${user}"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen cat >> "${rootfs}/${auth_home}/.ssh/authorized_keys"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen chroot "${rootfs}" chown "${user}:" "${auth_home}/.ssh/authorized_keys"
4db61af2cfe2b206113bcc4b6153521679702bb4Timo Sirainen printf " => inserted public key in %s/.ssh/authorized_keys\n" "${auth_home}"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen [[ -z "${forced_password}" ]] && unset password
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen store_user_message "${user} has the ssh key you gived us"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen printf " setting password for %s ...\n" "${user}"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen echo "${user}:${password}" | chroot "${rootfs}" chpasswd || die 1 "failed to change password"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen printf " => done. if you didn't specify , default is 'toor'\n"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen store_user_message "${user} has the password you give for him"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen store_user_message "${user} has the default password 'toor', please change it ASAP"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen################################################################################
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen# lxc configuration files
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen################################################################################
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen printf "container_configuration(): making lxc configuration file... \n"
e07677bb15404a3c18ad205efae86d6db31c3150Timo Sirainen if grep -q "^lxc.rootfs" "${conf_file}" ; then
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen conf_rootfs_line="lxc.rootfs = $(readlink -f "${rootfs}")"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen if [[ "${arch}" == "x86" || "${arch}" == "amd64" ]]; then
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen# sets container architecture
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen# If desired architecture != amd64 or x86, then we leave it unset as
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen# LXC does not oficially support anything other than x86 or amd64.
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen${conf_arch_line}
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen# set the hostname
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainenlxc.utsname = ${name}
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainenlxc.tty = ${tty}
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen${conf_rootfs_line}
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen${portage_mount}
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen${conf_mounts}
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainenlxc.include = ${LXC_TEMPLATE_CONFIG}/gentoo.${settings}.conf
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen$1 -h|--help [-a|--arch <arch>] [-v|--variant <variant>] [-P|--private-portage] [--portage-dir <protagedir>] [-t|--tarball <stage3file>]
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen [-F|--flush-cache] [-c|--cache-only] [-u|--user <username>] [-w|--password <password>] [--autologin] [-S|--auth-key <keyfile>]
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen [-s|--settings <name>] [-m|--mirror <gentoomirror>] [--tty <number>]
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainenarch: the container architecture (e.g. amd64): defaults to host arch (currently: '${arch}')
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen If you choose one that needs emulation
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen tested: amd64, x86
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen You could try any other gentoo arch, why not...
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainenvariant: gentoo's Architecture variant as of dec 2013 : (currently: '${variant}')
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen for amd64 arch: amd64 (default), amd64-hardened+nomultilib, amd64-hardened, amd64-nomultilib, x32
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen for x86 arch: i686 (default), i486, i686-hardened
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen for arm arch: armv7a (default), armv7a_hardfp, armv6j, armv6j_hardfp, armv5tel, armv4tl
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainenprivate-portage: by default, /usr/portage is mount-binded with host one if exists (currently: '${private_portage}')
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen this force container to have his own copy
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainenportage-dir: portage dir used for shared portage
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen by default the host on if any (currently: '${portage_dir}')
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainentarball: force usage of local stage3 archive (currently: '${arch}')
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen If empty, latest will be downloaded
61f39b0358a72ebc693d84ba5bac74489ee7df41Timo Sirainenflush-cache: do like there is no previous cache
61f39b0358a72ebc693d84ba5bac74489ee7df41Timo Sirainencache-only: just ensure cache is present
61f39b0358a72ebc693d84ba5bac74489ee7df41Timo Sirainen if cache exists and "flush-cache" not specified, does nothing
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainenuser: user used in auth oriented options (currently: '${user}')
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainenpassword: password for user (currently: '${password}')
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen if default, usage of auth-key will disable password setting
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainenautologin: enable autologin for user (currently: '${autologin}')
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen This unset default password setting
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainenauth-key: SSH Public key file to inject into container for user (currently: '${auth_key}')
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen This unset default password setting
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainensettings: choose common configuration (currently: '${settings}')
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen see ${LXC_TEMPLATE_CONFIG}/gentoo.*.conf
61f39b0358a72ebc693d84ba5bac74489ee7df41Timo Sirainen Available settings:
61f39b0358a72ebc693d84ba5bac74489ee7df41Timo Sirainen $(ls -1 ${LXC_TEMPLATE_CONFIG}/gentoo.*.conf | xargs basename -a -s .conf | sed 's/^gentoo.//')
61f39b0358a72ebc693d84ba5bac74489ee7df41Timo Sirainenmirror: gentoo mirror for download (currently: '${mirror}')
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainentty: number of tty (6 max) (currently: '${tty}')
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen#some overridable defaults
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainenoptions=$(getopt -o hp:n:a:FcPv:t:S:u:w:s:m: -l help,rootfs:,path:,name:,arch:,flush-cache,cache-only,private-portage,variant:,portage-dir:,tarball:,auth_key:,user:,autologin,password:,settings:,mirror:,tty: -- "$@")
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen -P|--private-portage) private_portage=1; shift 1;;
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen -w|--password) forced_password=1; password=$2; shift 2;;
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainen --) shift 1; break ;;
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainencachefs="${cacheroot}/rootfs-${arch}-${variant}"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainenalias wget="wget --timeout=8 --read-timeout=15 -c -t10 -nd"
b772ddf3cfb606dddaa465b317a0dc01bf06c6e4Timo Sirainenexecute_exclusively "cache-${arch}-${variant}" 60 do_all