lxc/templates/lxc-ubuntu-cloud.in

	lxc-ubuntu-cloud.in revision f34ff296835b2afa4b80018651d902448c99ac75
0N/A#!/bin/bash
0N/A
0N/A# template script for generating ubuntu container for LXC based on released cloud
0N/A# images
0N/A#
0N/A# Copyright © 2012 Serge Hallyn <serge.hallyn@canonical.com>
115N/A#
0N/A# This program is free software; you can redistribute it and/or modify
0N/A# it under the terms of the GNU General Public License version 2, as
0N/A# published by the Free Software Foundation.
0N/A
0N/A# This program is distributed in the hope that it will be useful,
115N/A# but WITHOUT ANY WARRANTY; without even the implied warranty of
116N/A# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
0N/A# GNU General Public License for more details.
116N/A
0N/A# You should have received a copy of the GNU General Public License along
0N/A# with this program; if not, write to the Free Software Foundation, Inc.,
0N/A# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
115N/A#
115N/A
115N/Aset -e
13N/A
0N/Aif [ -r /etc/default/lxc ]; then
0N/A    . /etc/default/lxc
0N/Afi
0N/A
0N/Acopy_configuration()
0N/A{
0N/A    path=$1
0N/A    rootfs=$2
0N/A    name=$3
0N/A    arch=$4
0N/A    release=$5
0N/A
115N/A    if [ $arch = "i386" ]; then
115N/A        arch="i686"
115N/A    fi
115N/A
115N/A    # if there is exactly one veth network entry, make sure it has an
0N/A    # associated hwaddr.
0N/A    nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l`
0N/A    if [ $nics -eq 1 ]; then
0N/A        grep -q "^lxc.network.hwaddr" $path/config || cat <<EOF >> $path/config
0N/Alxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')
0N/AEOF
0N/A    fi
0N/A
299N/A    cat <<EOF >> $path/config
0N/Alxc.utsname = $name
299N/A
299N/Alxc.tty = 4
0N/Alxc.pts = 1024
0N/Alxc.rootfs = $rootfs
0N/Alxc.mount  = $path/fstab
0N/Alxc.arch = $arch
0N/Alxc.cap.drop = sys_module mac_admin
205N/A
0N/Alxc.cgroup.devices.deny = a
0N/A# Allow any mknod (but not using the node)
0N/Alxc.cgroup.devices.allow = c *:* m
0N/Alxc.cgroup.devices.allow = b *:* m
0N/A# /dev/null and zero
0N/Alxc.cgroup.devices.allow = c 1:3 rwm
0N/Alxc.cgroup.devices.allow = c 1:5 rwm
0N/A# consoles
0N/Alxc.cgroup.devices.allow = c 5:1 rwm
0N/Alxc.cgroup.devices.allow = c 5:0 rwm
0N/A#lxc.cgroup.devices.allow = c 4:0 rwm
0N/A#lxc.cgroup.devices.allow = c 4:1 rwm
0N/A# /dev/{,u}random
0N/Alxc.cgroup.devices.allow = c 1:9 rwm
0N/Alxc.cgroup.devices.allow = c 1:8 rwm
0N/Alxc.cgroup.devices.allow = c 136:* rwm
0N/Alxc.cgroup.devices.allow = c 5:2 rwm
0N/A# rtc
0N/Alxc.cgroup.devices.allow = c 254:0 rwm
0N/A#fuse
0N/Alxc.cgroup.devices.allow = c 10:229 rwm
0N/A#tun
115N/Alxc.cgroup.devices.allow = c 10:200 rwm
0N/A#full
116N/Alxc.cgroup.devices.allow = c 1:7 rwm
0N/A#hpet
0N/Alxc.cgroup.devices.allow = c 10:228 rwm
0N/A#kvm
0N/Alxc.cgroup.devices.allow = c 10:232 rwm
0N/AEOF
0N/A
0N/A    cat <<EOF > $path/fstab
0N/Aproc            proc         proc    nodev,noexec,nosuid 0 0
0N/Asysfs           sys          sysfs defaults  0 0
0N/AEOF
0N/A
0N/A    # rmdir /dev/shm in precise and quantal containers.
0N/A    # I'm afraid of doing rm -rf $rootfs/dev/shm, in case it did
0N/A    # get bind mounted to the host's /run/shm.  So try to rmdir
0N/A    # it, and in case that fails move it out of the way.
116N/A    if [ $release = "precise" ] || [ $release = "quantal" ]; then
116N/A        [ -d "$rootfs/dev/shm" ] && rmdir $rootfs/dev/shm
116N/A        [ -e "$rootfs/dev/shm" ] && mv $rootfs/dev/shm $rootfs/dev/shm.bak
116N/A        ln -s /run/shm $rootfs/dev/shm
116N/A    fi
116N/A
116N/A    return 0
116N/A}
116N/A
116N/Ausage()
116N/A{
116N/A    cat <<EOF
116N/ALXC Container configuration for Ubuntu Cloud images.
116N/A
116N/AGeneric Options
164N/A[ -r | --release <release> ]: Release name of container, defaults to host
116N/A[ -a | --arch ]: Arhcitecture of container, defaults to host arcitecture
116N/A[ -C | --cloud ]: Configure container for use with meta-data service, defaults to no
116N/A[ -T | --tarball ]: Location of tarball
116N/A[ -d | --debug ]: Run with 'set -x' to debug errors
116N/A[ -s | --stream]: Use specified stream rather than 'released'
116N/A
116N/AOptions, mutually exclusive of "-C" and "--cloud":
116N/A  [ -i | --hostid ]:    HostID for cloud-init, defaults to random string
116N/A  [ -u | --userdata ]:  Cloud-init user-data file to configure container on start
116N/A  [ -S | --auth-key ]:  SSH Public key file to inject into container
116N/A  [ -L | --nolocales ]: Do not copy host's locales into container
116N/A
116N/AEOF
116N/A    return 0
120N/A}
120N/A
177N/Aoptions=$(getopt -o a:hp:r:n:Fi:CLS:T:ds: -l arch:,help,path:,release:,name:,flush-cache,hostid:,auth-key:,cloud,no_locales,tarball:,debug,stream:,userdata: -- "$@")
177N/Aif [ $? -ne 0 ]; then
120N/A    usage $(basename $0)
177N/A    exit 1
177N/Afi
177N/Aeval set -- "$options"
177N/A
177N/Arelease=lucid
177N/Aif [ -f /etc/lsb-release ]; then
177N/A    . /etc/lsb-release
177N/A    case "$DISTRIB_CODENAME" in
177N/A        lucid|natty|oneiric|precise|quantal)
177N/A            release=$DISTRIB_CODENAME
177N/A        ;;
177N/A    esac
177N/Afi
177N/A
177N/Aarch=$(arch)
177N/A
120N/A# Code taken from debootstrap
0N/Aif [ -x /usr/bin/dpkg ] && /usr/bin/dpkg --print-architecture >/dev/null 2>&1; then
0N/A    arch=`/usr/bin/dpkg --print-architecture`
0N/Aelif type udpkg >/dev/null 2>&1 && udpkg --print-architecture >/dev/null 2>&1; then
0N/A    arch=`/usr/bin/udpkg --print-architecture`
0N/Aelse
0N/A    arch=$(arch)
0N/A    if [ "$arch" = "i686" ]; then
0N/A        arch="i386"
0N/A    elif [ "$arch" = "x86_64" ]; then
0N/A        arch="amd64"
0N/A    elif [ "$arch" = "armv7l" ]; then
0N/A        # note: arm images don't exist before oneiric;  are called armhf in
0N/A        # precise and later;  and are not supported by the query, so we don't actually
0N/A        # support them yet (see check later on).  When Query2 is available,
0N/A        # we'll use that to enable arm images.
0N/A        arch="armel"
295N/A    fi
295N/Afi
295N/A
295N/Adebug=0
295N/Ahostarch=$arch
295N/Acloud=0
295N/Alocales=1
295N/Aflushcache=0
295N/Astream="released"
295N/Awhile true
295N/Ado
295N/A    case "$1" in
295N/A    -h|--help)         usage $0 && exit 0;;
295N/A    -p|--path)         path=$2; shift 2;;
295N/A    -n|--name)         name=$2; shift 2;;
295N/A    -F|--flush-cache)  flushcache=1; shift 1;;
295N/A    -r|--release)      release=$2; shift 2;;
295N/A    -a|--arch)         arch=$2; shift 2;;
295N/A    -i|--hostid)       host_id=$2; shift 2;;
295N/A    -u|--userdata)     userdata=$2; shift 2;;
295N/A    -C|--cloud)        cloud=1; shift 1;;
295N/A    -S|--auth-key)     auth_key=$2; shift 2;;
295N/A    -L|--no_locales)   locales=0; shift 2;;
295N/A    -T|--tarball)      tarball=$2; shift 2;;
295N/A    -d|--debug)        debug=1; shift 1;;
301N/A    -s|--stream)       stream=$2; shift 2;;
301N/A    --)                shift 1; break ;;
301N/A        *)              break ;;
301N/A    esac
301N/Adone
336N/A
301N/Aif [ $debug -eq 1 ]; then
301N/A    set -x
301N/Afi
301N/A
301N/Aif [ "$arch" == "i686" ]; then
301N/A    arch=i386
301N/Afi
301N/A
301N/Aif [ $hostarch = "i386" -a $arch = "amd64" ]; then
301N/A    echo "can't create amd64 container on i386"
301N/A    exit 1
301N/Afi
301N/A
301N/Aif [ $arch != "i386" -a $arch != "amd64" ]; then
301N/A    echo "Only i386 and amd64 are supported by the ubuntu cloud template."
301N/A    exit 1
301N/Afi
301N/A
301N/Aif [ "$stream" != "daily" -a "$stream" != "released" ]; then
301N/A    echo "Only 'daily' and 'released' streams are supported"
301N/A    exit 1
301N/Afi
301N/A
301N/Aif [ -n "$userdata" -a ! -f "$userdata" ]; then
301N/A    echo "Userdata does not exist"
301N/A    exit 1
301N/Afi
301N/A
301N/Aif [ -z "$path" ]; then
301N/A    echo "'path' parameter is required"
301N/A    exit 1
301N/Afi
301N/A
301N/Aif [ "$(id -u)" != "0" ]; then
301N/A    echo "This script should be run as 'root'"
301N/A    exit 1
301N/Afi
301N/A
301N/Arootfs=$path/rootfs
301N/A
301N/Atype ubuntu-cloudimg-query
301N/Atype wget
301N/A
0N/A# determine the url, tarball, and directory names
0N/A# download if needed
0N/Acache="/var/cache/lxc/cloud-$release"
0N/A
0N/Amkdir -p $cache
13N/A
136N/Aif [ -n "$tarball" ]; then
    url2="$tarball"
else
    url1=`ubuntu-cloudimg-query $release $stream $arch --format "%{url}\n"`
    url2=`echo $url1 | sed -e 's/.tar.gz/-root\0/'`
fi

filename=`basename $url2`

buildcleanup()
{
    cd $rootfs
    umount -l $cache/$xdir || true
    rm -rf $cache
}

# if the release doesn't have a *-rootfs.tar.gz, then create one from the
# cloudimg.tar.gz by extracting the .img, mounting it loopback, and creating
# a tarball from the mounted image.
build_root_tgz()
{
    url=$1
    filename=$2

    xdir=`mktemp -d -p .`
    tarname=`basename $url`
    imgname="$release-*-cloudimg-$arch.img"
    trap buildcleanup EXIT
    if [ $flushcache -eq 1 -o ! -f $cache/$tarname ]; then
        rm -f $tarname
        echo "Downloading cloud image from $url"
        wget $url || { echo "Couldn't find cloud image $url."; exit 1; }
    fi
    echo "Creating new cached cloud image rootfs"
    tar --wildcards -zxf $tarname $imgname
    mount -o loop $imgname $xdir
    (cd $xdir; tar zcf ../$filename .)
    umount $xdir
    rm -f $tarname $imgname
    rmdir $xdir
    echo "New cloud image cache created"
    trap EXIT
}

mkdir -p /var/lock/subsys/
(
    flock -n -x 200

    cd $cache
    if [ $flushcache -eq 1 ]; then
        echo "Clearing the cached images"
        rm -f $filename
    fi

    if [ ! -f $filename ]; then
       wget $url2 || build_root_tgz $url1 $filename
    fi

    echo "Extracting container rootfs"
    mkdir -p $rootfs
    cd $rootfs
    tar -zxf $cache/$filename


    if [ $cloud -eq 0 ]; then
    echo "Configuring for running outside of a cloud environment"
    echo "If you want to configure for a cloud evironment, please use '-- -C' to create the container"

    seed_d=$rootfs/var/lib/cloud/seed/nocloud-net
    rhostid=$(uuidgen | cut -c -8)
    host_id=${hostid:-$rhostid}
    mkdir -p $seed_d

    cat > "$seed_d/meta-data" <<EOF
instance_id: lxc-$host_id
EOF

    rm $rootfs/etc/hostname

    if [ $locales -eq 1 ]; then
        cp /usr/lib/locale/locale-archive $rootfs/usr/lib/locale/locale-archive
    fi


    if [ -n "$auth_key" -a -f "$auth_key" ]; then
        u_path="/home/ubuntu/.ssh"
        root_u_path="$rootfs/$u_path"
        mkdir -p $root_u_path
        cp $auth_key "$root_u_path/authorized_keys"
        chroot $rootfs chown -R ubuntu: "$u_path"

        echo "Inserted SSH public key from $auth_key into /home/ubuntu/.ssh/authorized_keys"
    fi

    if [ -f "$userdata" ]; then
        echo "Using custom user-data"
        cp $userdata $seed_d/user-data
    else

        if [ -z "$MIRROR" ]; then
            MIRROR="http://archive.ubuntu.com/ubuntu"
        fi

        cat > "$seed_d/user-data" <<EOF
#cloud-config
output: {all: '| tee -a /var/log/cloud-init-output.log'}
apt-mirror: $MIRROR
manage_etc_hosts: localhost
locale: $(/usr/bin/locale | awk -F= '/LANG=/ {print$NF}')
EOF
    fi

    chroot $rootfs /usr/sbin/usermod -U ubuntu
    echo "ubuntu:ubuntu" | chroot $rootfs chpasswd
    echo "Please login as user ubuntu with password ubuntu."

   else

    echo "Configured for running in a cloud environment."
    echo "If you do not have a meta-data service, this container will likely be useless."

   fi

) 200>/var/lock/subsys/lxc-ubucloud

copy_configuration $path $rootfs $name $arch $release

echo "Container $name created."
exit 0