lxc-ubuntu-cloud.in revision b8bced69a80a8be95fdbbb6b4e9ad7fa85464b1e
2310N/A#!/bin/bash
2310N/A
2310N/A# template script for generating ubuntu container for LXC based on released cloud
2310N/A# images
2310N/A#
2310N/A# Copyright © 2012 Serge Hallyn <serge.hallyn@canonical.com>
2310N/A#
2310N/A# This program is free software; you can redistribute it and/or modify
2310N/A# it under the terms of the GNU General Public License version 2, as
2310N/A# published by the Free Software Foundation.
2310N/A
2310N/A# This program is distributed in the hope that it will be useful,
2310N/A# but WITHOUT ANY WARRANTY; without even the implied warranty of
2310N/A# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
2310N/A# GNU General Public License for more details.
2310N/A
2310N/A# You should have received a copy of the GNU General Public License along
2310N/A# with this program; if not, write to the Free Software Foundation, Inc.,
2310N/A# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
2310N/A#
2310N/A
2310N/Aset -e
3237N/A
2310N/Aif [ -r /etc/default/lxc ]; then
2310N/A . /etc/default/lxc
2310N/Afi
2310N/A
3237N/Acopy_configuration()
2310N/A{
3237N/A path=$1
2367N/A rootfs=$2
3237N/A name=$3
2310N/A arch=$4
2310N/A release=$5
3216N/A
3216N/A if [ $arch = "i386" ]; then
3216N/A arch="i686"
3216N/A fi
3216N/A
3216N/A # if there is exactly one veth network entry, make sure it has an
3216N/A # associated hwaddr.
3216N/A nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l`
3216N/A if [ $nics -eq 1 ]; then
3216N/A grep -q "^lxc.network.hwaddr" $path/config || cat <<EOF >> $path/config
2310N/Alxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')
2310N/AEOF
2310N/A fi
3216N/A
3216N/A cat <<EOF >> $path/config
3216N/Alxc.utsname = $name
3216N/A
3216N/Alxc.tty = 4
3216N/Alxc.pts = 1024
3216N/Alxc.rootfs = $rootfs
3216N/Alxc.mount = $path/fstab
3216N/Alxc.arch = $arch
2367N/Alxc.cap.drop = sys_module mac_admin
2310N/A
2310N/Alxc.cgroup.devices.deny = a
2310N/A# Allow any mknod (but not using the node)
2479N/Alxc.cgroup.devices.allow = c *:* m
2479N/Alxc.cgroup.devices.allow = b *:* m
2479N/A# /dev/null and zero
2479N/Alxc.cgroup.devices.allow = c 1:3 rwm
2479N/Alxc.cgroup.devices.allow = c 1:5 rwm
2479N/A# consoles
2479N/Alxc.cgroup.devices.allow = c 5:1 rwm
3216N/Alxc.cgroup.devices.allow = c 5:0 rwm
3216N/A#lxc.cgroup.devices.allow = c 4:0 rwm
3216N/A#lxc.cgroup.devices.allow = c 4:1 rwm
3216N/A# /dev/{,u}random
3216N/Alxc.cgroup.devices.allow = c 1:9 rwm
3216N/Alxc.cgroup.devices.allow = c 1:8 rwm
3216N/Alxc.cgroup.devices.allow = c 136:* rwm
3216N/Alxc.cgroup.devices.allow = c 5:2 rwm
3216N/A# rtc
3216N/Alxc.cgroup.devices.allow = c 254:0 rwm
3216N/A#fuse
3216N/Alxc.cgroup.devices.allow = c 10:229 rwm
3216N/A#tun
3216N/Alxc.cgroup.devices.allow = c 10:200 rwm
3216N/A#full
3216N/Alxc.cgroup.devices.allow = c 1:7 rwm
2310N/A#hpet
2310N/Alxc.cgroup.devices.allow = c 10:228 rwm
2310N/A#kvm
2310N/Alxc.cgroup.devices.allow = c 10:232 rwm
3216N/AEOF
2310N/A
2310N/A cat <<EOF > $path/fstab
2310N/Aproc proc proc nodev,noexec,nosuid 0 0
2310N/Asysfs sys sysfs defaults 0 0
3216N/AEOF
2310N/A
2310N/A # rmdir /dev/shm in precise and quantal containers.
2310N/A # I'm afraid of doing rm -rf $rootfs/dev/shm, in case it did
2310N/A # get bind mounted to the host's /run/shm. So try to rmdir
3216N/A # it, and in case that fails move it out of the way.
2310N/A if [ $release = "precise" ] || [ $release = "quantal" ]; then
2310N/A [ -d "$rootfs/dev/shm" ] && rmdir $rootfs/dev/shm
2310N/A [ -e "$rootfs/dev/shm" ] && mv $rootfs/dev/shm $rootfs/dev/shm.bak
2310N/A ln -s /run/shm $rootfs/dev/shm
3216N/A fi
2310N/A
2310N/A return 0
2310N/A}
2310N/A
3216N/Ausage()
2310N/A{
2310N/A cat <<EOF
2310N/ALXC Container configuration for Ubuntu Cloud images.
2310N/A
3216N/AGeneric Options
2310N/A[ -r | --release <release> ]: Release name of container, defaults to host
2310N/A[ -a | --arch ]: Arhcitecture of container, defaults to host arcitecture
2310N/A[ -C | --cloud ]: Configure container for use with meta-data service, defaults to no
2310N/A[ -T | --tarball ]: Location of tarball
3216N/A[ -d | --debug ]: Run with 'set -x' to debug errors
2310N/A[ -s | --stream]: Use specified stream rather than 'released'
2310N/A
2479N/AOptions, mutually exclusive of "-C" and "--cloud":
2479N/A [ -i | --hostid ]: HostID for cloud-init, defaults to random string
2479N/A [ -u | --userdata ]: Cloud-init user-data file to configure container on start
2479N/A [ -S | --auth-key ]: SSH Public key file to inject into container
2479N/A [ -L | --nolocales ]: Do not copy host's locales into container
2479N/A
2479N/AEOF
2479N/A return 0
2479N/A}
2479N/A
2310N/Aoptions=$(getopt -o a:hp:r:n:Fi:CLS:T:ds: -l arch:,help,path:,release:,name:,flush-cache,hostid:,auth-key:,cloud,no_locales,tarball:,debug,stream:,userdata: -- "$@")
2310N/Aif [ $? -ne 0 ]; then
2310N/A usage $(basename $0)
2310N/A exit 1
2858N/Afi
2858N/Aeval set -- "$options"
2310N/A
3216N/Arelease=lucid
2310N/Aif [ -f /etc/lsb-release ]; then
2310N/A . /etc/lsb-release
2310N/A case "$DISTRIB_CODENAME" in
2310N/A lucid|maverick|natty|oneiric|precise|quantal)
2310N/A release=$DISTRIB_CODENAME
2858N/A ;;
2858N/A esac
2349N/Afi
2310N/A
3216N/Aarch=$(arch)
2310N/A
2310N/A# Code taken from debootstrap
2310N/Aif [ -x /usr/bin/dpkg ] && /usr/bin/dpkg --print-architecture >/dev/null 2>&1; then
2310N/A arch=`/usr/bin/dpkg --print-architecture`
2310N/Aelif type udpkg >/dev/null 2>&1 && udpkg --print-architecture >/dev/null 2>&1; then
3216N/A arch=`/usr/bin/udpkg --print-architecture`
2310N/Aelse
2310N/A arch=$(arch)
2310N/A if [ "$arch" = "i686" ]; then
2310N/A arch="i386"
2310N/A elif [ "$arch" = "x86_64" ]; then
2310N/A arch="amd64"
2310N/A elif [ "$arch" = "armv7l" ]; then
2310N/A # note: arm images don't exist before oneiric; are called armhf in
2310N/A # precise and later; and are not supported by the query, so we don't actually
# support them yet (see check later on). When Query2 is available,
# we'll use that to enable arm images.
arch="armel"
fi
fi
debug=0
hostarch=$arch
cloud=0
locales=1
flushcache=0
stream="released"
while true
do
case "$1" in
-h|--help) usage $0 && exit 0;;
-p|--path) path=$2; shift 2;;
-n|--name) name=$2; shift 2;;
-F|--flush-cache) flushcache=1; shift 1;;
-r|--release) release=$2; shift 2;;
-a|--arch) arch=$2; shift 2;;
-i|--hostid) host_id=$2; shift 2;;
-u|--userdata) userdata=$2; shift 2;;
-C|--cloud) cloud=1; shift 1;;
-S|--auth-key) auth_key=$2; shift 2;;
-L|--no_locales) locales=0; shift 2;;
-T|--tarball) tarball=$2; shift 2;;
-d|--debug) debug=1; shift 1;;
-s|--stream) stream=$2; shift 2;;
--) shift 1; break ;;
*) break ;;
esac
done
if [ $debug -eq 1 ]; then
set -x
fi
if [ "$arch" == "i686" ]; then
arch=i386
fi
if [ $hostarch = "i386" -a $arch = "amd64" ]; then
echo "can't create amd64 container on i386"
exit 1
fi
if [ $arch != "i386" -a $arch != "amd64" ]; then
echo "Only i386 and amd64 are supported by the ubuntu cloud template."
exit 1
fi
if [ "$stream" != "daily" -a "$stream" != "released" ]; then
echo "Only 'daily' and 'released' streams are supported"
exit 1
fi
if [ -n "$userdata" -a ! -f "$userdata" ]; then
echo "Userdata does not exist"
exit 1
fi
if [ -z "$path" ]; then
echo "'path' parameter is required"
exit 1
fi
if [ "$(id -u)" != "0" ]; then
echo "This script should be run as 'root'"
exit 1
fi
rootfs=$path/rootfs
type ubuntu-cloudimg-query
type wget
# determine the url, tarball, and directory names
# download if needed
cache="/var/cache/lxc/cloud-$release"
mkdir -p $cache
if [ -n "$tarball" ]; then
url2="$tarball"
else
url1=`ubuntu-cloudimg-query $release $stream $arch --format "%{url}\n"`
url2=`echo $url1 | sed -e 's/.tar.gz/-root\0/'`
fi
filename=`basename $url2`
buildcleanup()
{
cd $rootfs
umount -l $cache/$xdir || true
rm -rf $cache
}
# if the release doesn't have a *-rootfs.tar.gz, then create one from the
# cloudimg.tar.gz by extracting the .img, mounting it loopback, and creating
# a tarball from the mounted image.
build_root_tgz()
{
url=$1
filename=$2
xdir=`mktemp -d -p .`
tarname=`basename $url`
imgname="$release-*-cloudimg-$arch.img"
trap buildcleanup EXIT
if [ $flushcache -eq 1 -o ! -f $cache/$tarname ]; then
rm -f $tarname
echo "Downloading cloud image from $url"
wget $url || { echo "Couldn't find cloud image $url."; exit 1; }
fi
echo "Creating new cached cloud image rootfs"
tar --wildcards -zxf $tarname $imgname
mount -o loop $imgname $xdir
(cd $xdir; tar zcf ../$filename .)
umount $xdir
rm -f $tarname $imgname
rmdir $xdir
echo "New cloud image cache created"
trap EXIT
}
mkdir -p /var/lock/subsys/
(
flock -n -x 200
cd $cache
if [ $flushcache -eq 1 ]; then
echo "Clearing the cached images"
rm -f $filename
fi
if [ ! -f $filename ]; then
wget $url2 || build_root_tgz $url1 $filename
fi
echo "Extracting container rootfs"
mkdir -p $rootfs
cd $rootfs
tar -zxf $cache/$filename
if [ $cloud -eq 0 ]; then
echo "Configuring for running outside of a cloud environment"
echo "If you want to configure for a cloud evironment, please use '-- -C' to create the container"
seed_d=$rootfs/var/lib/cloud/seed/nocloud-net
rhostid=$(uuidgen | cut -c -8)
host_id=${hostid:-$rhostid}
mkdir -p $seed_d
cat > "$seed_d/meta-data" <<EOF
instance_id: lxc-$host_id
EOF
rm $rootfs/etc/hostname
if [ $locales -eq 1 ]; then
cp /usr/lib/locale/locale-archive $rootfs/usr/lib/locale/locale-archive
fi
if [ -n "$auth_key" -a -f "$auth_key" ]; then
u_path="/home/ubuntu/.ssh"
root_u_path="$rootfs/$u_path"
mkdir -p $root_u_path
cp $auth_key "$root_u_path/authorized_keys"
chroot $rootfs chown -R ubuntu: "$u_path"
echo "Inserted SSH public key from $auth_key into /home/ubuntu/.ssh/authorized_keys"
fi
if [ -f "$userdata" ]; then
echo "Using custom user-data"
cp $userdata $seed_d/user-data
else
if [ -z "$MIRROR" ]; then
MIRROR="http://archive.ubuntu.com/ubuntu"
fi
cat > "$seed_d/user-data" <<EOF
#cloud-config
output: {all: '| tee -a /var/log/cloud-init-output.log'}
apt-mirror: $MIRROR
manage_etc_hosts: localhost
locale: $(/usr/bin/locale | awk -F= '/LANG=/ {print$NF}')
EOF
fi
chroot $rootfs /usr/sbin/usermod -U ubuntu
echo "ubuntu:ubuntu" | chroot $rootfs chpasswd
echo "Please login as user ubuntu with password ubuntu."
else
echo "Configured for running in a cloud environment."
echo "If you do not have a meta-data service, this container will likely be useless."
fi
) 200>/var/lock/subsys/lxc-ubucloud
copy_configuration $path $rootfs $name $arch $release
echo "Container $name created."
exit 0