lxc/templates/lxc-ubuntu.in

	lxc-ubuntu.in revision 623f98d8cc0ae38cce244b355a804a7e8e607bc3
1516N/A#!/bin/bash
1431N/A
1431N/A#
1431N/A# template script for generating ubuntu container for LXC
1431N/A#
1431N/A# This script consolidates and extends the existing lxc ubuntu scripts
1431N/A#
1431N/A
1431N/A# XXX todo: add -lvm option
1431N/A
1431N/A# Copyright � 2011 Serge Hallyn <serge.hallyn@canonical.com>
1431N/A# Copyright � 2010 Wilhelm Meier
1431N/A# Author: Wilhelm Meier <wilhelm.meier@fh-kl.de>
1431N/A#
1431N/A# This program is free software; you can redistribute it and/or modify
1431N/A# it under the terms of the GNU General Public License version 2, as
1431N/A# published by the Free Software Foundation.
1431N/A
1431N/A# This program is distributed in the hope that it will be useful,
1431N/A# but WITHOUT ANY WARRANTY; without even the implied warranty of
1431N/A# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
1431N/A# GNU General Public License for more details.
1431N/A
3339N/A# You should have received a copy of the GNU General Public License along
1431N/A# with this program; if not, write to the Free Software Foundation, Inc.,
1431N/A# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
3339N/A#
1431N/A
1431N/Aif [ -r /etc/default/lxc ]; then
1715N/A    . /etc/default/lxc
1431N/Afi
1431N/A
1968N/Aconfigure_ubuntu()
1431N/A{
1431N/A    rootfs=$1
1431N/A    hostname=$2
1431N/A
1431N/A   # configure the network using the dhcp
1431N/A    cat <<EOF > $rootfs/etc/network/interfaces
1431N/Aauto lo
1431N/Aiface lo inet loopback
3234N/A
3234N/Aauto eth0
1895N/Aiface eth0 inet dhcp
1715N/AEOF
1431N/A
1715N/A    # so you can 'ssh $hostname.' or 'ssh $hostname.local'
1431N/A    if [ -f $rootfs/etc/dhcp/dhclient.conf ]; then
1431N/A        sed -i "s/<hostname>/$hostname/" $rootfs/etc/dhcp/dhclient.conf
1431N/A    elif [ -f $rootfs/etc/dhcp3/dhclient.conf ]; then
3234N/A        sed -i "s/<hostname>/$hostname/" $rootfs/etc/dhcp3/dhclient.conf
1431N/A    fi
1431N/A
1431N/A    # set the hostname
1431N/A    cat <<EOF > $rootfs/etc/hostname
3234N/A$hostname
1431N/AEOF
1431N/A    # set minimal hosts
1431N/A    cat <<EOF > $rootfs/etc/hosts
1431N/A127.0.0.1 localhost $hostname
1431N/AEOF
3234N/A
1431N/A    # suppress log level output for udev
1431N/A    sed -i "s/=\"err\"/=0/" $rootfs/etc/udev/udev.conf
1431N/A
1431N/A    # remove jobs for consoles 5 and 6 since we only create 4 consoles in
1431N/A    # this template
3234N/A    rm -f $rootfs/etc/init/tty{5,6}.conf
1431N/A
1431N/A    echo "Please change root-password !"
1431N/A    echo "root:root" | chroot $rootfs chpasswd
1431N/A
1431N/A    return 0
1431N/A}
1715N/A
1431N/Adownload_ubuntu()
1431N/A{
1715N/A    cache=$1
1715N/A    arch=$2
1715N/A    release=$3
1431N/A
1715N/A    if [ $release = "lucid" ]; then
1431N/A        packages=dialog,apt,apt-utils,resolvconf,iproute,inetutils-ping,vim,dhcp3-client,ssh,lsb-release,gnupg
1431N/A    elif [ $release = "maverick" ]; then
1431N/A        packages=dialog,apt,apt-utils,resolvconf,iproute,inetutils-ping,vim,dhcp3-client,ssh,lsb-release,gnupg,netbase
1431N/A    else
1431N/A        packages=dialog,apt,apt-utils,resolvconf,iproute,inetutils-ping,vim,isc-dhcp-client,isc-dhcp-common,ssh,lsb-release,gnupg,netbase
1431N/A    fi
1431N/A    echo "installing packages: $packages"
1715N/A
1715N/A    # check the mini ubuntu was not already downloaded
1431N/A    mkdir -p "$cache/partial-$arch"
1431N/A    if [ $? -ne 0 ]; then
1715N/A        echo "Failed to create '$cache/partial-$arch' directory"
1715N/A        return 1
1715N/A    fi
1715N/A
1431N/A    # download a mini ubuntu into a cache
3234N/A    echo "Downloading ubuntu $release minimal ..."
1431N/A    debootstrap --verbose --variant=minbase --components=main,universe --arch=$arch --include=$packages $release $cache/partial-$arch $MIRROR
1431N/A    if [ $? -ne 0 ]; then
1715N/A        echo "Failed to download the rootfs, aborting."
1715N/A            return 1
1715N/A    fi
1715N/A
1431N/A    mv "$1/partial-$arch" "$1/rootfs-$arch"
1431N/A    echo "Download complete."
1431N/A
1431N/A    return 0
1431N/A}
1431N/A
1431N/Acopy_ubuntu()
1895N/A{
1895N/A    cache=$1
1895N/A    arch=$2
1715N/A    rootfs=$3
1431N/A
1431N/A    # make a local copy of the miniubuntu
1431N/A    echo -n "Copying rootfs to $rootfs ..."
1431N/A    cp -a $cache/rootfs-$arch $rootfs || return 1
1895N/A    return 0
1895N/A}
1895N/A
1431N/Ainstall_ubuntu()
1431N/A{
1431N/A    rootfs=$1
1431N/A    release=$2
1431N/A    cache="/var/cache/lxc/$release"
1431N/A    mkdir -p /var/lock/subsys/
1431N/A    (
1431N/A    flock -n -x 200
1895N/A    if [ $? -ne 0 ]; then
1895N/A        echo "Cache repository is busy."
1431N/A        return 1
1715N/A    fi
2625N/A
1431N/A
1431N/A    echo "Checking cache download in $cache/rootfs-$arch ... "
1431N/A    if [ ! -e "$cache/rootfs-$arch" ]; then
3234N/A        download_ubuntu $cache $arch $release
3234N/A        if [ $? -ne 0 ]; then
1431N/A        echo "Failed to download 'ubuntu $release base'"
1431N/A        return 1
2028N/A        fi
3171N/A    fi
1431N/A
1431N/A    echo "Copy $cache/rootfs-$arch to $rootfs ... "
3158N/A    copy_ubuntu $cache $arch $rootfs
1431N/A    if [ $? -ne 0 ]; then
1431N/A        echo "Failed to copy rootfs"
1431N/A        return 1
1431N/A    fi
1431N/A
1431N/A    return 0
1431N/A
2958N/A    ) 200>/var/lock/subsys/lxc
1431N/A
1431N/A    return $?
1431N/A}
1431N/A
3158N/Acopy_configuration()
3158N/A{
3158N/A    path=$1
1431N/A    rootfs=$2
1431N/A    name=$3
1431N/A    arch=$4
1431N/A
1431N/A    if [ $arch = "i386" ]; then
1431N/A        arch="i686"
1431N/A    fi
1431N/A
1431N/A    cat <<EOF >> $path/config
1431N/Alxc.utsname = $name
1431N/A
1431N/Alxc.tty = 4
1431N/Alxc.pts = 1024
3158N/Alxc.rootfs = $rootfs
1431N/Alxc.mount  = $path/fstab
2028N/Alxc.arch = $arch
3234N/A
1431N/Alxc.cgroup.devices.deny = a
1431N/A# /dev/null and zero
1431N/Alxc.cgroup.devices.allow = c 1:3 rwm
1431N/Alxc.cgroup.devices.allow = c 1:5 rwm
3339N/A# consoles
1431N/Alxc.cgroup.devices.allow = c 5:1 rwm
1431N/Alxc.cgroup.devices.allow = c 5:0 rwm
1431N/A#lxc.cgroup.devices.allow = c 4:0 rwm
1431N/A#lxc.cgroup.devices.allow = c 4:1 rwm
1431N/A# /dev/{,u}random
1431N/Alxc.cgroup.devices.allow = c 1:9 rwm
1431N/Alxc.cgroup.devices.allow = c 1:8 rwm
1431N/Alxc.cgroup.devices.allow = c 136:* rwm
1431N/Alxc.cgroup.devices.allow = c 5:2 rwm
1431N/A# rtc
1431N/Alxc.cgroup.devices.allow = c 254:0 rwm
1431N/A#fuse
1431N/Alxc.cgroup.devices.allow = c 10:229 rwm
1431N/AEOF
1431N/A
1431N/A    cat <<EOF > $path/fstab
1431N/Aproc            $rootfs/proc         proc    nodev,noexec,nosuid 0 0
1431N/Asysfs           $rootfs/sys          sysfs defaults  0 0
1431N/AEOF
1431N/A
1431N/A    if [ $? -ne 0 ]; then
2625N/A    echo "Failed to add configuration"
2625N/A    return 1
1431N/A    fi
3339N/A
1431N/A    return 0
1431N/A}
1431N/A
1431N/Atrim()
1431N/A{
1431N/A    rootfs=$1
1431N/A    release=$2
1431N/A
1431N/A    # provide the lxc service
1431N/A    cat <<EOF > $rootfs/etc/init/lxc.conf
1431N/A# fake some events needed for correct startup other services

description     "Container Upstart"

start on startup

script
        rm -rf /var/run/*.pid
        rm -rf /var/run/network/*
        /sbin/initctl emit stopped JOB=udevtrigger --no-wait
        /sbin/initctl emit started JOB=udev --no-wait
end script
EOF

    # fix buggus runlevel with sshd
    cat <<EOF > $rootfs/etc/init/ssh.conf
# ssh - OpenBSD Secure Shell server
#
# The OpenSSH server provides secure shell access to the system.

description "OpenSSH server"

start on filesystem
stop on runlevel [!2345]

expect fork
respawn
respawn limit 10 5
umask 022
# replaces SSHD_OOM_ADJUST in /etc/default/ssh
oom never

pre-start script
    test -x /usr/sbin/sshd || { stop; exit 0; }
    test -e /etc/ssh/sshd_not_to_be_run && { stop; exit 0; }
    test -c /dev/null || { stop; exit 0; }

    mkdir -p -m0755 /var/run/sshd
end script

# if you used to set SSHD_OPTS in /etc/default/ssh, you can change the
# 'exec' line here instead
exec /usr/sbin/sshd
EOF

    cat <<EOF > $rootfs/etc/init/console.conf
# console - getty
#
# This service maintains a console on tty1 from the point the system is
# started until it is shut down again.

start on stopped rc RUNLEVEL=[2345]
stop on runlevel [!2345]

respawn
exec /sbin/getty -8 38400 /dev/console
EOF

    cat <<EOF > $rootfs/lib/init/fstab
# /lib/init/fstab: cleared out for bare-bones lxc
EOF

    # reconfigure some services
    if [ -z "$LANG" ]; then
    chroot $rootfs locale-gen en_US.UTF-8
    chroot $rootfs update-locale LANG=en_US.UTF-8
    else
    chroot $rootfs locale-gen $LANG
    chroot $rootfs update-locale LANG=$LANG
    fi

    # remove pointless services in a container
    chroot $rootfs /usr/sbin/update-rc.d -f ondemand remove

    chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls u*.conf); do mv $f $f.orig; done'
    chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls tty[2-9].conf); do mv $f $f.orig; done'
    chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls plymouth*.conf); do mv $f $f.orig; done'
    chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls hwclock*.conf); do mv $f $f.orig; done'
    chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls module*.conf); do mv $f $f.orig; done'

    # if this isn't lucid, then we need to twiddle the network upstart bits :(
    if [ $release != "lucid" ]; then
        sed -i 's/^.*emission handled.*$/echo Emitting lo/' $rootfs/etc/network/if-up.d/upstart
    fi
}

post_process()
{
    rootfs=$1
    release=$2
    trim_container=$3

    if [ $trim_container -eq 1 ]; then
        trim $rootfs $release
    else
        # for lucid and maverick, if not trimming, then add the ubuntu-virt
        # ppa and install lxcguest
        if [ $release = "lucid" -o $release = "maverick" ]; then
            chroot $rootfs apt-get install --force-yes -y python-software-properties
            chroot $rootfs add-apt-repository ppa:ubuntu-virt/ppa
            chroot $rootfs apt-get update
        fi
        chroot $rootfs apt-get install --force-yes -y lxcguest
    fi
}

do_bindhome()
{
    rootfs=$1
    user=$2

    # bind-mount the user's path into the container's /home
    h=`getent passwd $user | cut -d: -f 6`
    mkdir -p $rootfs/$h
    echo "$h $rootfs/$h none bind 0 0" >> $path/fstab

    # copy /etc/passwd, /etc/shadow, and /etc/group entries into container
    pwd=`getent passwd $user`
    if [ $? -ne 0 ]; then
        echo 'Warning: failed to copy password entry for $user'
    else
        echo $pwd >> $rootfs/etc/passwd
    fi
    shad=`getent shadow $user`
    echo $shad >> $rootfs/etc/shadow
    for g in `groups $user | cut -d: -f 2-`; do
        chroot $rootfs adduser $user $g
    done
}

clean()
{
    release=$1
    cache="/var/cache/lxc/$release"

    if [ ! -e $cache ]; then
    exit 0
    fi

    # lock, so we won't purge while someone is creating a repository
    (
    flock -n -x 200
    if [ $? != 0 ]; then
        echo "Cache repository is busy."
        exit 1
    fi

    echo -n "Purging the download cache..."
    rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1
    exit 0

    ) 200>/var/lock/subsys/lxc
}

usage()
{
    cat <<EOF
$1 -h|--help -p|--path=<path> --clean [-a|--arch] [-b|--bindhome <user>] [--trim] [-r|--release]
release: lucid | maverick | natty | oneiric
trim: make a minimal (faster, but not upgrade-safe) container
bindhome: bind <user>'s home into the container
arch: amd64 or i386: defaults to host arch
EOF
    return 0
}

options=$(getopt -o a:b:hp:r:xn:c -l arch:,bindhome:,help,path:,release:,trim,name:,clean -- "$@")
if [ $? -ne 0 ]; then
    usage $(basename $0)
    exit 1
fi
eval set -- "$options"

release=lucid
if [ -f /etc/lsb-release ]; then
    . /etc/lsb-release
    case "$DISTRIB_CODENAME" in
        lucid|maverick|natty|oneiric)
            release=$DISTRIB_CODENAME
        ;;
    esac
fi

bindhome=
arch=$(arch)

# Code taken from debootstrap
if [ -x /usr/bin/dpkg ] && /usr/bin/dpkg --print-architecture >/dev/null 2>&1; then
    arch=`/usr/bin/dpkg --print-architecture`
elif type udpkg >/dev/null 2>&1 && udpkg --print-architecture >/dev/null 2>&1; then
    arch=`/usr/bin/udpkg --print-architecture`
else
    arch=$(arch)
    if [ "$arch" = "i686" ]; then
        arch="i386"
    elif [ "$arch" = "x86_64" ]; then
        arch="amd64"
    elif [ "$arch" = "armv7l" ]; then
        arch="armel"
    fi
fi

trim_container=0
hostarch=$arch
while true
do
    case "$1" in
    -h|--help)      usage $0 && exit 0;;
    -p|--path)      path=$2; shift 2;;
    -n|--name)      name=$2; shift 2;;
    -c|--clean)     clean=$2; shift 2;;
    -r|--release)   release=$2; shift 2;;
    -b|--bindhome)  bindhome=$2; shift 2;;
    -a|--arch)      arch=$2; shift 2;;
    -x|--trim)      trim_container=1; shift 1;;
    --)             shift 1; break ;;
        *)              break ;;
    esac
done

if [ "$arch" == "i686" ]; then
    arch=i386
fi

if [ ! -z "$clean" -a -z "$path" ]; then
    clean || exit 1
    exit 0
fi

if [ $hostarch = "i386" -a $arch = "amd64" ]; then
    echo "can't create amd64 container on i386"
    exit 1
fi

type debootstrap
if [ $? -ne 0 ]; then
    echo "'debootstrap' command is missing"
    exit 1
fi

if [ -z "$path" ]; then
    echo "'path' parameter is required"
    exit 1
fi

if [ "$(id -u)" != "0" ]; then
    echo "This script should be run as 'root'"
    exit 1
fi

rootfs=$path/rootfs

install_ubuntu $rootfs $release
if [ $? -ne 0 ]; then
    echo "failed to install ubuntu $release"
    exit 1
fi

configure_ubuntu $rootfs $name
if [ $? -ne 0 ]; then
    echo "failed to configure ubuntu $release for a container"
    exit 1
fi

copy_configuration $path $rootfs $name $arch
if [ $? -ne 0 ]; then
    echo "failed write configuration file"
    exit 1
fi

post_process $rootfs $release $trim_container
if [ ! -z $bindhome ]; then
    do_bindhome $rootfs $bindhome
fi

if [ ! -z $clean ]; then
    clean $release || exit 1
    exit 0
fi