lxc-gentoo.in revision cae3584efccc63f544c8748bd13d80e11bc79aef
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce# LXC template for gentoo
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce# Author: Guillaume Zitta <lxc@zitta.fr>
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce# Widely inspired from lxc-gentoo script at https://github.com/globalcitizen/lxc-gentoo
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce# this version is reworked with :
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce# - out of the lxc-create compat
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce# - vanilla gentoo config
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce# - ready to use cache
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce# Ensure strict root's umask doesen't render the VM unusable
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce################################################################################
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce# Various helper functions
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce################################################################################
8890a30f5d054187fd7d5b50503f82a49cd025f0Lukas Slebodnik# param: $1: the name of the lock
8890a30f5d054187fd7d5b50503f82a49cd025f0Lukas Slebodnik# param: $2: the timeout for the lock
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce# The rest contain the command to execute and its parameters
efc65e78fa4e01e6cecc8690a9899af61213be62Fabiano Fidêncio printf "Attempting to obtain an exclusive lock (timeout: %s sec) named \"%s\"...\n" "${timeout}" "$lock_name"
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce if [[ $? -ne 0 ]]; then
f35f4e4c8bd5b834504c0554552d78db3624706aFabiano Fidêncio printf " => unable to obtain lock, aborting.\n"
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce } 50> "@LOCALSTATEDIR@/lock/subsys/lxc-gentoo-${lock_name}"
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce# a die function is always a good idea
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek printf "\n[the last exit code leading to this death was: %s ]\n" "$?"
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce# gentoo arch/variant detection
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek printf "### set_default_arch: default arch/variant autodetect...\n"
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek if [[ $arch =~ i.86 ]]; then
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek elif [[ $arch =~ arm.* ]]; then
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce printf " => warn: unexpected arch:${arch} let me knows if it works :)\n"
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce printf " => Got: arch=%s variant=%s\n" "${arch}" "${variant}"
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce################################################################################
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce# CACHE Preparation
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce################################################################################
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce# during setup cachedir is $cacheroot/partial-$arch-$variant
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek# at the end, it will be $cacheroot/rootfs-$arch-$variant
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek partialfs="${cacheroot}/partial-${arch}-${variant}"
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek [[ -d "${cachefs}" && -z "${flush_cache}" ]] && return 0
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek printf "###### cache_setup(): doing cache preparation\n"
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce printf "###### cache_setup: Cache should be ready\n"
f35f4e4c8bd5b834504c0554552d78db3624706aFabiano Fidêncio printf "### cache_precheck(): doing some pre-start checks ...\n"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce || die 8 "\$cacheroot (%s) IS EMPTY OR MADE OF ONLY DIRECTORY SEPERATORS, THIS IS *VERY* BAD!\n" "${cacheroot}"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce#get latest stage3 tarball
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce printf "### cache_stage3(): stage3 cache deployment...\n"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce local stage3_baseurl="${mirror}/releases/${arch}/autobuilds"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce local stage3_pointer="${stage3_baseurl}/latest-stage3-${variant}.txt"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce printf "Determining path to latest Gentoo %s (%s) stage3 archive...\n" "${arch}" "${variant}"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce printf " => downloading and processing %s\n" "${stage3_pointer}"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce local stage3_latest_tarball=$(wget -q -O - "${stage3_pointer}" | tail -n1 ) \
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce printf " => Got: %s\n" "${stage3_latest_tarball}"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce printf "Downloading/untarring the actual stage3 tarball...\n"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce wget -O - "${stage3_baseurl}/${stage3_latest_tarball}" | tar -xjpf - -C "${partialfs}" \
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce tar -xpf "${tarball}" -C "${partialfs}" || die 6 "unable to untar ${tarball} to ${partialfs}"
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek chroot ${partialfs} /bin/true || die 1 "Error: chroot %s /bin/true, failed" "${partialfs}"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce printf " => stage3 cache extracted in : %s\n" "${partialfs}"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce printf "### cache_portage: caching portage tree tarball...\n"
f35f4e4c8bd5b834504c0554552d78db3624706aFabiano Fidêncio [[ -z "${flush_cache}" && -f "${portage_cache}" ]] && return 0
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce printf "Downloading Gentoo portage (software build database) snapshot...\n"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce execute_exclusively portage 60 wget -O "${portage_cache}" "${mirror}/snapshots/portage-latest.tar.bz2" \
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce# custom inittab
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce [[ -w "$INITTAB" ]] || die 1 "Error: $INITTAB is not writeable"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce echo "1:12345:respawn:/sbin/agetty -a root --noclear 115200 console linux" >> "$INITTAB"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce # finally we add a pf line to enable clean shutdown on SIGPWR (issue 60)
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce echo "# clean container shutdown on SIGPWR" >> "$INITTAB"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce echo "pf:12345:powerwait:/sbin/halt" >> "$INITTAB"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce # we also blank out /etc/issue here in order to prevent delays spawning login
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek # caused by attempts to determine domainname on disconnected containers
8bb2fcbce7c3fcfd986f1bc835fbcc43ac7cd9d1Jakub Hrozek printf "### cache_net: doing some useful net tuning...\n"
8bb2fcbce7c3fcfd986f1bc835fbcc43ac7cd9d1Jakub Hrozek grep -i 'search ' /etc/resolv.conf > "${partialfs}/etc/resolv.conf"
8bb2fcbce7c3fcfd986f1bc835fbcc43ac7cd9d1Jakub Hrozek grep -i 'nameserver ' /etc/resolv.conf >> "${partialfs}/etc/resolv.conf"
a8361f37af31a8a9767056bd27c418c947293f56Fabiano Fidêncio # fix boot-time interface config wipe under aggressive cap drop
a9d46b86993ee8d87fddf0ba50665c0b1b78ebb7Simo Sorce # (openrc 0.9.8.4 ~sep 2012 - https://bugs.gentoo.org/show_bug.cgi?id=436266)
f35f4e4c8bd5b834504c0554552d78db3624706aFabiano Fidêncio # initial warkaround was: sed -i -e 's/^#rc_nostop=""/rc_nostop="net.eth0 net.lo"/' "${partialfs}/etc/rc.conf"
f35f4e4c8bd5b834504c0554552d78db3624706aFabiano Fidêncio # but this one does not depends on interfaces names
8bb2fcbce7c3fcfd986f1bc835fbcc43ac7cd9d1Jakub Hrozek echo 'rc_keyword="-stop"' >> "${partialfs}/etc/conf.d/net"
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce #Wait for https://bugs.gentoo.org/show_bug.cgi?id=496054
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce# fix openrc system
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce printf "### cache_openrc(): doing openrc tuning\n"
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek #Wait for https://bugs.gentoo.org/show_bug.cgi?id=496054
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce chroot "${partialfs}" sed s/-lxc//g -i "/etc/init.d/devfs"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce################################################################################
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek# CONTAINER Preparation
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce################################################################################
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce printf "##### container_setup(): starting container setup\n"
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek #in most cases lxc-create should have provided a copy of default lxc.conf
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek #let's tag where template starts, or just create the files
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce echo '### lxc-gentoo template stuff starts here' >> "$path/config"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce #If backingstore was specified, lxc.rootfs should be present or --rootfs did the rootfs var creation
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce rootfs=`awk -F= '$1 ~ /^lxc.rootfs/ { print $2 }' "$path/config" 2>/dev/null`
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce store_user_message "rootfs of container is : ${rootfs}"
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce store_user_message "config of container is : ${path}/config"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce if [ $? -ne 0 ]; then
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce die 1 "container_setup(): one step didn't complete, sorry\n"
f35f4e4c8bd5b834504c0554552d78db3624706aFabiano Fidêncio printf "###### container_setup(): container should be ready to start!\n"
f35f4e4c8bd5b834504c0554552d78db3624706aFabiano Fidêncio printf "You could now use you container with: lxc-start -n %s\n" "${name}"
f35f4e4c8bd5b834504c0554552d78db3624706aFabiano Fidêncio printf "little things you should know about your container:\n"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce printf "### container_precheck(): doing some pre-start checks ...\n"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce || die 8 "\$name (%s) IS EMPTY OR MADE OF ONLY DIRECTORY SEPERATORS, THIS IS *VERY* BAD!\n" "${name}"
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek || die 8 "\$rootfs (%s) IS EMPTY OR MADE OF ONLY DIRECTORY SEPERATORS, THIS IS *VERY* BAD!\n" "${rootfs}"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce || die 8 "\$cachefs (%s) IS EMPTY OR MADE OF ONLY DIRECTORY SEPERATORS, THIS IS *VERY* BAD!\n" "${cachefs}"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce [[ -d "${rootfs}/etc" ]] && die 18 "Error: \$rootfs (%s) already exists!" "${rootfs}"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce [[ ! -d "${cachefs}/etc" ]] && die 1 "Error: \$cachefs (%s) not found!" "${cachefs}"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce printf "#### container_rootfs(): copying rootfs %s from cache %s ...\n" "${rootfs}" "${cachefs}"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce tar -c -f - -C "${cachefs}" . | tar -x -p -f - -C "${rootfs}" || die 1 "Error: cache copy to rootfs failed"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce chroot "${rootfs}" /bin/true || die 1 "Error: 'chroot %s /bin/true' failed"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce printf "#### container_consoles(): setting container consoles ...\n"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce if [[ ${tty} < 6 ]]; then
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce sed -i "s/^c[${mindis}-6]/#&/" "${rootfs}/etc/inittab"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce sed 's/agetty -a root/agetty/' -i "${rootfs}/etc/inittab"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce sed "s/agetty -a root/agetty -a ${user}/" -i "${rootfs}/etc/inittab"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce printf " => Autologin on main console for %s enabled\n" "${user}"
f35f4e4c8bd5b834504c0554552d78db3624706aFabiano Fidêncio store_user_message "${user} has autologin on main console"
f35f4e4c8bd5b834504c0554552d78db3624706aFabiano Fidêncio printf " => Autologin on main console for root enabled\n"
d806427f200dc1ffd44d37724eb40125af5cc8c2Fabiano Fidêncio store_user_message "${user} has autologin on main console"
d806427f200dc1ffd44d37724eb40125af5cc8c2Fabiano Fidêncio printf "#### container_tz(): setting container timezone ...\n"
a9d46b86993ee8d87fddf0ba50665c0b1b78ebb7Simo Sorce chroot "${rootfs}" ln -sf "${target}" "/etc/localtime"
a9d46b86993ee8d87fddf0ba50665c0b1b78ebb7Simo Sorce printf " => host symlink reproducted in container : %s\n" "${target}"
a9d46b86993ee8d87fddf0ba50665c0b1b78ebb7Simo Sorce if [ -e /etc/localtime ]; then
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek printf " => host localtime copyed to container\n"
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek store_user_message "timezone was staticly copyed from host"
a8361f37af31a8a9767056bd27c418c947293f56Fabiano Fidêncio chroot "${rootfs}" ln -sf /usr/share/zoneinfo/UTC /etc/localtime
d806427f200dc1ffd44d37724eb40125af5cc8c2Fabiano Fidêncio printf "#### container_portage(): setting container portage... \n"
d806427f200dc1ffd44d37724eb40125af5cc8c2Fabiano Fidêncio portage_mount="#container set with private portage tree, no mount here"
efc65e78fa4e01e6cecc8690a9899af61213be62Fabiano Fidêncio if chroot ${rootfs} portageq get_repo_path / gentoo > /dev/null ; then
efc65e78fa4e01e6cecc8690a9899af61213be62Fabiano Fidêncio portage_container="$(chroot ${rootfs} portageq get_repo_path / gentoo)"
efc65e78fa4e01e6cecc8690a9899af61213be62Fabiano Fidêncio die 1 "Failed to figure out container portage tree location with portageq get_repo_path / gentoo\n"
efc65e78fa4e01e6cecc8690a9899af61213be62Fabiano Fidêncio printf "trying to guess portage_dir from host...\n"
efc65e78fa4e01e6cecc8690a9899af61213be62Fabiano Fidêncio portage_dir="$(portageq get_repo_path / gentoo 2>/dev/null)"
efc65e78fa4e01e6cecc8690a9899af61213be62Fabiano Fidêncio if [ ! -d "${portage_dir}/profiles" ]; then
efc65e78fa4e01e6cecc8690a9899af61213be62Fabiano Fidêncio printf " => host portage detection failed (not gentoo host), fallback to private portage tree\n"
65a38b8c9cabde6c46cc0e9868f54cb9bb10afbfFabiano Fidêncio if [ ! -d "${portage_dir}/profiles" ]; then
65a38b8c9cabde6c46cc0e9868f54cb9bb10afbfFabiano Fidêncio die 1 "specified portage_dir (%s) does not contains profiles, is it a portage tree ?\n" "${portage_dir}"
65a38b8c9cabde6c46cc0e9868f54cb9bb10afbfFabiano Fidêncio # if we are here, we have shared portage_dir
65a38b8c9cabde6c46cc0e9868f54cb9bb10afbfFabiano Fidêncio chroot "${rootfs}" mkdir ${portage_container}
65a38b8c9cabde6c46cc0e9868f54cb9bb10afbfFabiano Fidêncio portage_mount="#container set with shared portage
65a38b8c9cabde6c46cc0e9868f54cb9bb10afbfFabiano Fidêncio lxc.mount.entry=${portage_dir} ${portage_container/\//} none ro,bind 0 0"
65a38b8c9cabde6c46cc0e9868f54cb9bb10afbfFabiano Fidêncio store_user_message "container has a shared portage from host's ${portage_dir} to ${portage_container/\//}"
65a38b8c9cabde6c46cc0e9868f54cb9bb10afbfFabiano Fidêncio cat <<- EOF >> "${rootfs}/etc/portage/make.conf"
65a38b8c9cabde6c46cc0e9868f54cb9bb10afbfFabiano Fidêncio # enable this to store built binary packages
65a38b8c9cabde6c46cc0e9868f54cb9bb10afbfFabiano Fidêncio #FEATURES="\$FEATURES buildpkg"
65a38b8c9cabde6c46cc0e9868f54cb9bb10afbfFabiano Fidêncio # enable this to use built binary packages
65a38b8c9cabde6c46cc0e9868f54cb9bb10afbfFabiano Fidêncio #EMERGE_DEFAULT_OPTS="\${EMERGE_DEFAULT_OPTS} --usepkg"
65a38b8c9cabde6c46cc0e9868f54cb9bb10afbfFabiano Fidêncio # enable and *tune* this kind of entry to slot binaries, specialy if you use multiples archs and variants
65a38b8c9cabde6c46cc0e9868f54cb9bb10afbfFabiano Fidêncio #PKGDIR="\${PKGDIR}/amd64
65a38b8c9cabde6c46cc0e9868f54cb9bb10afbfFabiano Fidêncio #or PKGDIR="\${PKGDIR}/hardened"
65a38b8c9cabde6c46cc0e9868f54cb9bb10afbfFabiano Fidêncio printf " => portage stuff done, see /etc/portage/make.conf for additionnal tricks\n"
65a38b8c9cabde6c46cc0e9868f54cb9bb10afbfFabiano Fidêncio #called from container_portage() do not call directly from container_setup
65a38b8c9cabde6c46cc0e9868f54cb9bb10afbfFabiano Fidêncio printf "# untaring private portage to %s from %s ... \n" "${rootfs}/${portage_container}" "${portage_cache}"
65a38b8c9cabde6c46cc0e9868f54cb9bb10afbfFabiano Fidêncio execute_exclusively portage 60 tar -xp --strip-components 1 -C "${rootfs}/${portage_container}" -f "${portage_cache}" \
65a38b8c9cabde6c46cc0e9868f54cb9bb10afbfFabiano Fidêncio || die 2 "Error: unable to extract the portage tree.\n"
7171a7584dda534dde5409f3e7f4657e845ece15Fabiano Fidêncio store_user_message "container has its own portage tree at ${portage_container}"
7171a7584dda534dde5409f3e7f4657e845ece15Fabiano Fidêncio#helper func for container_genconf_net()
7171a7584dda534dde5409f3e7f4657e845ece15Fabiano Fidêncio [[ "${nic_conf}" == "dhcp" ]] && nic_managed="${nic_managed} ${nic_name}"
7171a7584dda534dde5409f3e7f4657e845ece15Fabiano Fidêncio [[ "${nic_conf}" == "null" ]] && nic_unmanaged="${nic_unmanaged} ${nic_name}"
7171a7584dda534dde5409f3e7f4657e845ece15Fabiano Fidêncio [[ -z "${nic_hwaddr}" && ${nic_type} == "veth" ]] && nic_wo_hwaddr="${nic_wo_hwaddr} ${nic_name}"
7171a7584dda534dde5409f3e7f4657e845ece15Fabiano Fidêncio#Analyse lxc.conf and print conf.d/net content
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce #let's do some drity bash things to parse lxc network conf
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce for line in $( sed -r "s/[ ]*=[ ]*/_real_ugly_sep_42_/" "${file}" ); do
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce key=$(echo "${line}" | sed 's/_real_ugly_sep_42_.*$//')
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce value=$(echo "${line}" | sed 's/^.*_real_ugly_sep_42_//')
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek #=> Number is ID munis number of named NIC before
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek nic_name="eth$(( ${nic_last} - ${nic_named} ))"
65a38b8c9cabde6c46cc0e9868f54cb9bb10afbfFabiano Fidêncio if [[ "${key}" == "lxc.network.hwaddr" ]]; then
65a38b8c9cabde6c46cc0e9868f54cb9bb10afbfFabiano Fidêncio if [[ "${key}" =~ ^lxc.network.ipv(4|6) ]]; then
65a38b8c9cabde6c46cc0e9868f54cb9bb10afbfFabiano Fidêncio #tell openrc to not manage this NIC as LXC set there address
7171a7584dda534dde5409f3e7f4657e845ece15Fabiano Fidêncio if [[ "${key}" =~ ^lxc.network.name ]]; then
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek printf "container_net(): setting container network conf... \n"
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek container_conf_net "$path/config" >> "${rootfs}/etc/conf.d/net"
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek # unless openrc manage a nic, we now have to force openrc to automatic
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek # provision of the 'net' dep. If we do not, network dependent services
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek echo 'rc_provide="net"' >> "${rootfs}/etc/rc.conf"
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek if [[ ${nic_count} == 0 ]]; then
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek store_user_message "No network interface for this container
7128fadade544efcd86b113a5090b00d20993671Jakub HrozekIt's a pitty, you have bridge, ${bridge}.
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo SorceIf it is for Lxc, use it next time by adding this to your default.conf :
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozeklxc.network.hwaddr = fe:xx:xx:xx:xx:xx"
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek store_user_message "No network interface for this container"
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek chroot "${rootfs}" ln -s net.lo "/etc/init.d/net.${nic}"
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek chroot "${rootfs}" rc-update add net.${nic} default
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek #fake sysfs for openrc, in case settings does not provide it
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek echo ${sys_nic_index} > "${rootfs}/sys/class/net/${nic}/ifindex"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce echo up > "${rootfs}/sys/class/net/${nic}/operstate"
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce store_user_message "Warning, these veth NIC don't have fixed hwaddr :
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce${nic_wo_hwaddr}
f35f4e4c8bd5b834504c0554552d78db3624706aFabiano Fidênciosee http://lists.linuxcontainers.org/pipermail/lxc-devel/2013-December/006736.html
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce# custom hostname
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek printf "#### container_hostname(): setting hostname... \n"
ab7b33fd7d820688545d5994a402cedf4bcdb6e1Fabiano Fidêncio printf "hostnale=%s\n" "${name}" > "${rootfs}/etc/conf.d/hostname"
ab7b33fd7d820688545d5994a402cedf4bcdb6e1Fabiano Fidêncio printf "#### container_auth(): setting authentification... \n"
8bb2fcbce7c3fcfd986f1bc835fbcc43ac7cd9d1Jakub Hrozek printf " non root user requested, creating... \n"
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek chroot "${rootfs}" useradd --create-home -s /bin/bash "${user}" || die 1 "failed to create user ${user}"
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek store_user_message "Connection user is ${user}"
ab7b33fd7d820688545d5994a402cedf4bcdb6e1Fabiano Fidêncio auth_home=$(chroot "${rootfs}" getent passwd "${user}" | cut -d : -f 6)
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek printf " deploying auth_key %s for user %s ...\n" "${auth_key}" "${user}"
8bb2fcbce7c3fcfd986f1bc835fbcc43ac7cd9d1Jakub Hrozek cat >> "${rootfs}/${auth_home}/.ssh/authorized_keys"
ab7b33fd7d820688545d5994a402cedf4bcdb6e1Fabiano Fidêncio chroot "${rootfs}" chown "${user}:" "${auth_home}/.ssh/authorized_keys"
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek printf " => inserted public key in %s/.ssh/authorized_keys\n" "${auth_home}"
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek [[ -z "${forced_password}" ]] && unset password
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek store_user_message "${user} has the ssh key you gived us"
ab7b33fd7d820688545d5994a402cedf4bcdb6e1Fabiano Fidêncio printf " setting password for %s ...\n" "${user}"
ab7b33fd7d820688545d5994a402cedf4bcdb6e1Fabiano Fidêncio echo "${user}:${password}" | chroot "${rootfs}" chpasswd || die 1 "failed to change password"
ab7b33fd7d820688545d5994a402cedf4bcdb6e1Fabiano Fidêncio printf " => done. if you didn't specify , default is 'toor'\n"
8bb2fcbce7c3fcfd986f1bc835fbcc43ac7cd9d1Jakub Hrozek store_user_message "${user} has the password you give for him"
ab7b33fd7d820688545d5994a402cedf4bcdb6e1Fabiano Fidêncio store_user_message "${user} has the default password 'toor', please change it ASAP"
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek################################################################################
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek# lxc configuration files
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek################################################################################
ab7b33fd7d820688545d5994a402cedf4bcdb6e1Fabiano Fidêncio printf "container_configuration(): making lxc configuration file... \n"
f35f4e4c8bd5b834504c0554552d78db3624706aFabiano Fidêncio if grep -q "^lxc.rootfs" "${conf_file}" ; then
a9d46b86993ee8d87fddf0ba50665c0b1b78ebb7Simo Sorce conf_rootfs_line="lxc.rootfs = $(readlink -f "${rootfs}")"
8bb2fcbce7c3fcfd986f1bc835fbcc43ac7cd9d1Jakub Hrozek if [[ "${arch}" == "x86" || "${arch}" == "amd64" ]]; then
8bb2fcbce7c3fcfd986f1bc835fbcc43ac7cd9d1Jakub Hrozek# sets container architecture
a9d46b86993ee8d87fddf0ba50665c0b1b78ebb7Simo Sorce# If desired architecture != amd64 or x86, then we leave it unset as
a9d46b86993ee8d87fddf0ba50665c0b1b78ebb7Simo Sorce# LXC does not oficially support anything other than x86 or amd64.
a9d46b86993ee8d87fddf0ba50665c0b1b78ebb7Simo Sorce${conf_arch_line}
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek# set the hostname
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozeklxc.utsname = ${name}
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozeklxc.tty = ${tty}
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek${conf_rootfs_line}
a9d46b86993ee8d87fddf0ba50665c0b1b78ebb7Simo Sorce${portage_mount}
efc65e78fa4e01e6cecc8690a9899af61213be62Fabiano Fidêncio${conf_mounts}
a9d46b86993ee8d87fddf0ba50665c0b1b78ebb7Simo Sorcelxc.include = ${LXC_TEMPLATE_CONFIG}/gentoo.${settings}.conf
a9d46b86993ee8d87fddf0ba50665c0b1b78ebb7Simo Sorce$1 -h|--help [-a|--arch <arch>] [-v|--variant <variant>] [-P|--private-portage] [--portage-dir <protagedir>] [-t|--tarball <stage3file>]
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek [-F|--flush-cache] [-c|--cache-only] [-u|--user <username>] [-w|--password <password>] [--autologin] [-S|--auth-key <keyfile>]
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek [-s|--settings <name>] [-m|--mirror <gentoomirror>] [--tty <number>]
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozekarch: the container architecture (e.g. amd64): defaults to host arch (currently: '${arch}')
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek If you choose one that needs emulation
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek tested: amd64, x86
a9d46b86993ee8d87fddf0ba50665c0b1b78ebb7Simo Sorce You could try any other gentoo arch, why not...
a9d46b86993ee8d87fddf0ba50665c0b1b78ebb7Simo Sorcevariant: gentoo's Architecture variant as of dec 2013 : (currently: '${variant}')
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek for amd64 arch: amd64 (default), amd64-hardened+nomultilib, amd64-hardened, amd64-nomultilib, x32
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek for x86 arch: i686 (default), i486, i686-hardened
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek for arm arch: armv7a (default), armv7a_hardfp, armv6j, armv6j_hardfp, armv5tel, armv4tl
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozekprivate-portage: by default, /usr/portage is mount-binded with host one if exists (currently: '${private_portage}')
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek this force container to have his own copy
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozekportage-dir: portage dir used for shared portage
7128fadade544efcd86b113a5090b00d20993671Jakub Hrozek by default the host on if any (currently: '${portage_dir}')
a9d46b86993ee8d87fddf0ba50665c0b1b78ebb7Simo Sorcetarball: force usage of local stage3 archive (currently: '${arch}')
a9d46b86993ee8d87fddf0ba50665c0b1b78ebb7Simo Sorce If empty, latest will be downloaded
a9d46b86993ee8d87fddf0ba50665c0b1b78ebb7Simo Sorceflush-cache: do like there is no previous cache
a9d46b86993ee8d87fddf0ba50665c0b1b78ebb7Simo Sorcecache-only: just ensure cache is present
a9d46b86993ee8d87fddf0ba50665c0b1b78ebb7Simo Sorce if cache exists and "flush-cache" not specified, does nothing
a9d46b86993ee8d87fddf0ba50665c0b1b78ebb7Simo Sorceuser: user used in auth oriented options (currently: '${user}')
f35f4e4c8bd5b834504c0554552d78db3624706aFabiano Fidênciopassword: password for user (currently: '${password}')
8bb2fcbce7c3fcfd986f1bc835fbcc43ac7cd9d1Jakub Hrozek if default, usage of auth-key will disable password setting
8bb2fcbce7c3fcfd986f1bc835fbcc43ac7cd9d1Jakub Hrozekautologin: enable autologin for user (currently: '${autologin}')
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce This unset default password setting
8bb2fcbce7c3fcfd986f1bc835fbcc43ac7cd9d1Jakub Hrozekauth-key: SSH Public key file to inject into container for user (currently: '${auth_key}')
8bb2fcbce7c3fcfd986f1bc835fbcc43ac7cd9d1Jakub Hrozek This unset default password setting
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorcesettings: choose common configuration (currently: '${settings}')
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce see ${LXC_TEMPLATE_CONFIG}/gentoo.*.conf
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce Available settings:
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce $(ls -1 ${LXC_TEMPLATE_CONFIG}/gentoo.*.conf | xargs basename -a -s .conf | sed 's/^gentoo.//')
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorcemirror: gentoo mirror for download (currently: '${mirror}')
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorcetty: number of tty (6 max) (currently: '${tty}')
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce#some overridable defaults
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorceoptions=$(getopt -o hp:n:a:FcPv:t:S:u:w:s:m: -l help,rootfs:,path:,name:,arch:,flush-cache,cache-only,private-portage,variant:,portage-dir:,tarball:,auth_key:,user:,autologin,password:,settings:,mirror:,tty: -- "$@")
8bb2fcbce7c3fcfd986f1bc835fbcc43ac7cd9d1Jakub Hrozek -P|--private-portage) private_portage=1; shift 1;;
60612b5fbdaaa62ebe6c7f4c27200316f08506d6Jakub Hrozek -w|--password) forced_password=1; password=$2; shift 2;;
8bb2fcbce7c3fcfd986f1bc835fbcc43ac7cd9d1Jakub Hrozek --) shift 1; break ;;
8bb2fcbce7c3fcfd986f1bc835fbcc43ac7cd9d1Jakub Hrozekalias wget="wget --timeout=8 --read-timeout=15 -c -t10 -nd"
8bb2fcbce7c3fcfd986f1bc835fbcc43ac7cd9d1Jakub Hrozekexecute_exclusively "cache-${arch}-${variant}" 60 do_all