[mirror_lxc.git] / scripts / lxc-debian.in

#!/bin/bash

#
# lxc: linux Container library

# Authors:
# Daniel Lezcano <daniel.lezcano@free.fr>

# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.

# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# Lesser General Public License for more details.

# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

configure_debian()
{
    rootfs=$1
    hostname=$2

    # configure the inittab
    cat <<EOF > $rootfs/etc/inittab
id:3:initdefault:
si::sysinit:/etc/init.d/rcS
l0:0:wait:/etc/init.d/rc 0
l1:1:wait:/etc/init.d/rc 1
l2:2:wait:/etc/init.d/rc 2
l3:3:wait:/etc/init.d/rc 3
l4:4:wait:/etc/init.d/rc 4
l5:5:wait:/etc/init.d/rc 5
l6:6:wait:/etc/init.d/rc 6
# Normally not reached, but fallthrough in case of emergency.
z6:6:respawn:/sbin/sulogin
1:2345:respawn:/sbin/getty 38400 console
c1:12345:respawn:/sbin/getty 38400 tty1 linux
c2:12345:respawn:/sbin/getty 38400 tty2 linux
c3:12345:respawn:/sbin/getty 38400 tty3 linux
c4:12345:respawn:/sbin/getty 38400 tty4 linux
EOF

    # disable selinux in debian
    mkdir -p $rootfs/selinux
    echo 0 > $rootfs/selinux/enforce

    # by default setup root password with no password
    cat <<EOF > $rootfs/etc/ssh/sshd_config
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords yes
ChallengeResponseAuthentication no
EOF

    # configure the network using the dhcp
    cat <<EOF > $rootfs/etc/network/interfaces
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp
EOF

    # set the hostname
    cat <<EOF > $rootfs/etc/hostname
$hostname
EOF

    # reconfigure some services
    chroot $rootfs /usr/sbin/dpkg-reconfigure locales

    # remove pointless services in a container
    chroot $rootfs /usr/sbin/update-rc.d -f umountfs remove
    chroot $rootfs /usr/sbin/update-rc.d -f hwclock.sh remove
    chroot $rootfs /usr/sbin/update-rc.d -f hwclockfirst.sh remove
}

download_debian()
{
    packages=\
ifupdown,\
locales,\
libui-dialog-perl,\
dialog,\
dhcp-client,\
netbase,\
net-tools,\
iproute,\
openssh-server

    cache=$1
    arch=$2

    # check the mini debian was not already downloaded
    mkdir -p "$cache/partial-$arch"
    if [ $? -ne 0 ]; then
	echo "Failed to create '$cache/partial-$arch' directory"
	return 1
    fi

    # download a mini debian into a cache
    echo "Downloading debian minimal ..."
    debootstrap --verbose --variant=minbase --arch=$arch \
	--include $packages \
	lenny $cache/partial-$arch http://ftp.debian.org/debian
    if [ $? -ne 0 ]; then
	echo "Failed to download the rootfs, aborting."
	return 1
    fi

    mv "$1/partial-$arch" "$1/rootfs-$arch"
    echo "Download complete."

    return 0
}

copy_debian()
{
    cache=$1
    arch=$2
    rootfs=$3

    # make a local copy of the minidebian
    echo -n "Copying rootfs to $rootfs..."
    cp -a $cache/rootfs-$arch $rootfs || return 1
    return 0
}

install_debian()
{
    cache="@LOCALSTATEDIR@/cache/lxc/debian"
    rootfs=$1
    mkdir -p @LOCALSTATEDIR@/lock/subsys/
    (
	flock -n -x 200
	if [ $? -ne 0 ]; then
	    echo "Cache repository is busy."
	    return 1
	fi

	arch=$(arch)
	if [ "$arch" == "x86_64" ]; then
	    arch=amd64
	fi

	if [ "$arch" == "i686" ]; then
	    arch=i386
	fi

	echo "Checking cache download in $cache/rootfs-$arch ... "
	if [ ! -e "$cache/rootfs-$arch" ]; then
	    download_debian $cache $arch
	    if [ $? -ne 0 ]; then
		echo "Failed to download 'debian base'"
		return 1
	    fi
	fi

	copy_debian $cache $arch $rootfs
	if [ $? -ne 0 ]; then
	    echo "Failed to copy rootfs"
	    return 1
	fi

	return 0

	) 200>@LOCALSTATEDIR@/lock/subsys/lxc

    return $?
}

copy_configuration()
{
    path=$1
    rootfs=$2
    name=$3

    cat <<EOF >> $path/config
lxc.tty = 4
lxc.pts = 1024
lxc.rootfs = $rootfs
lxc.cgroup.devices.deny = a
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rwm
EOF

    if [ $? -ne 0 ]; then
	echo "Failed to add configuration"
	return 1
    fi

    return 0
}

clean()
{
    cache="@LOCALSTATEDIR@/cache/lxc/debian"

    if [ ! -e $cache ]; then
	exit 0
    fi

    # lock, so we won't purge while someone is creating a repository
    (
	flock -n -x 200 
	if [ $? != 0 ]; then
	    echo "Cache repository is busy."
	    exit 1
	fi

	echo -n "Purging the download cache..."
	rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1
	exit 0

    ) 200>@LOCALSTATEDIR@/lock/subsys/lxc
}

usage()
{
    cat <<EOF
$1 -h|--help -p|--path=<path> --clean
EOF
    return 0
}

options=$(getopt -o hp:n:c -l help,path:,name:,clean -- "$@")
if [ $? -ne 0 ]; then
        usage $(basename $0)
	exit 1
fi
eval set -- "$options"

while true
do
    case "$1" in
        -h|--help)      usage $0 && exit 0;;
        -p|--path)      path=$2; shift 2;;
	-n|--name)      name=$2; shift 2;;
	-c|--clean)     clean=$2; shift 2;;
        --)             shift 1; break ;;
        *)              break ;;
    esac
done

if [ ! -z "$clean" -a -z "$path" ]; then
    clean || exit 1
    exit 0
fi

type debootstrap
if [ $? -ne 0 ]; then
    echo "'debootstrap' command is missing"
    exit 1
fi

if [ -z "$path" ]; then
    echo "'path' parameter is required"
    exit 1
fi

if [ "$(id -u)" != "0" ]; then
    echo "This script should be run as 'root'"
    exit 1
fi 

rootfs=$path/rootfs

install_debian $rootfs
if [ $? -ne 0 ]; then
    echo "failed to install debian"
    exit 1
fi

configure_debian $rootfs $name
if [ $? -ne 0 ]; then
    echo "failed to configure debian for a container"
    exit 1
fi

copy_configuration $path $rootfs
if [ $? -ne 0 ]; then
    echo "failed write configuration file"
    exit 1
fi

if [ ! -z $clean ]; then
    clean || exit 1
    exit 0
fi
Commit	Line	Data
bad69158	1	#!/bin/bash
7afc269d	2
fb7460fe DL	3	#
fb7460fe DL	4	# lxc: linux Container library
06388011	5
fb7460fe DL	6	# Authors:
	7	# Daniel Lezcano <daniel.lezcano@free.fr>
	8
	9	# This library is free software; you can redistribute it and/or
	10	# modify it under the terms of the GNU Lesser General Public
	11	# License as published by the Free Software Foundation; either
	12	# version 2.1 of the License, or (at your option) any later version.
	13
	14	# This library is distributed in the hope that it will be useful,
	15	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	16	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	17	# Lesser General Public License for more details.
06388011	18
fb7460fe DL	19	# You should have received a copy of the GNU Lesser General Public
	20	# License along with this library; if not, write to the Free Software
	21	# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
06388011	22
fb7460fe DL	23	configure_debian()
	24	{
	25	rootfs=$1
	26	hostname=$2
	27
	28	# configure the inittab
	29	cat <<EOF > $rootfs/etc/inittab
06388011	30	id:3:initdefault:
	31	si::sysinit:/etc/init.d/rcS
	32	l0:0:wait:/etc/init.d/rc 0
	33	l1:1:wait:/etc/init.d/rc 1
	34	l2:2:wait:/etc/init.d/rc 2
	35	l3:3:wait:/etc/init.d/rc 3
	36	l4:4:wait:/etc/init.d/rc 4
	37	l5:5:wait:/etc/init.d/rc 5
	38	l6:6:wait:/etc/init.d/rc 6
	39	# Normally not reached, but fallthrough in case of emergency.
	40	z6:6:respawn:/sbin/sulogin
	41	1:2345:respawn:/sbin/getty 38400 console
b0a33c1e	42	c1:12345:respawn:/sbin/getty 38400 tty1 linux
	43	c2:12345:respawn:/sbin/getty 38400 tty2 linux
	44	c3:12345:respawn:/sbin/getty 38400 tty3 linux
	45	c4:12345:respawn:/sbin/getty 38400 tty4 linux
06388011	46	EOF
06388011	47
fb7460fe DL	48	# disable selinux in debian
	49	mkdir -p $rootfs/selinux
	50	echo 0 > $rootfs/selinux/enforce
06388011	51
fb7460fe DL	52	# by default setup root password with no password
fb7460fe DL	53	cat <<EOF > $rootfs/etc/ssh/sshd_config
06388011	54	Port 22
	55	Protocol 2
	56	HostKey /etc/ssh/ssh_host_rsa_key
	57	HostKey /etc/ssh/ssh_host_dsa_key
	58	UsePrivilegeSeparation yes
	59	KeyRegenerationInterval 3600
	60	ServerKeyBits 768
	61	SyslogFacility AUTH
	62	LogLevel INFO
	63	LoginGraceTime 120
	64	PermitRootLogin yes
	65	StrictModes yes
	66	RSAAuthentication yes
	67	PubkeyAuthentication yes
	68	IgnoreRhosts yes
	69	RhostsRSAAuthentication no
	70	HostbasedAuthentication no
	71	PermitEmptyPasswords yes
	72	ChallengeResponseAuthentication no
	73	EOF
06388011	74
fb7460fe DL	75	# configure the network using the dhcp
	76	cat <<EOF > $rootfs/etc/network/interfaces
	77	auto lo
	78	iface lo inet loopback
06388011	79
fb7460fe DL	80	auto eth0
fb7460fe DL	81	iface eth0 inet dhcp
06388011	82	EOF
1846e71a	83
fb7460fe DL	84	# set the hostname
	85	cat <<EOF > $rootfs/etc/hostname
	86	$hostname
	87	EOF
06388011	88
fb7460fe DL	89	# reconfigure some services
fb7460fe DL	90	chroot $rootfs /usr/sbin/dpkg-reconfigure locales
06388011	91
fb7460fe DL	92	# remove pointless services in a container
	93	chroot $rootfs /usr/sbin/update-rc.d -f umountfs remove
	94	chroot $rootfs /usr/sbin/update-rc.d -f hwclock.sh remove
	95	chroot $rootfs /usr/sbin/update-rc.d -f hwclockfirst.sh remove
06388011	96	}
06388011	97
fb7460fe DL	98	download_debian()
	99	{
	100	packages=\
	101	ifupdown,\
	102	locales,\
	103	libui-dialog-perl,\
	104	dialog,\
	105	dhcp-client,\
	106	netbase,\
	107	net-tools,\
	108	iproute,\
	109	openssh-server
	110
	111	cache=$1
	112	arch=$2
	113
	114	# check the mini debian was not already downloaded
	115	mkdir -p "$cache/partial-$arch"
	116	if [ $? -ne 0 ]; then
	117	echo "Failed to create '$cache/partial-$arch' directory"
	118	return 1
81f6a40a RT	119	fi
81f6a40a RT	120
fb7460fe DL	121	# download a mini debian into a cache
	122	echo "Downloading debian minimal ..."
	123	debootstrap --verbose --variant=minbase --arch=$arch \
	124	--include $packages \
	125	lenny $cache/partial-$arch http://ftp.debian.org/debian
	126	if [ $? -ne 0 ]; then
	127	echo "Failed to download the rootfs, aborting."
	128	return 1
c952d1b9	129	fi
cd830f33	130
fb7460fe DL	131	mv "$1/partial-$arch" "$1/rootfs-$arch"
fb7460fe DL	132	echo "Download complete."
cd830f33	133
fb7460fe	134	return 0
c952d1b9	135	}
bad69158	136
fb7460fe	137	copy_debian()
c952d1b9	138	{
fb7460fe DL	139	cache=$1
	140	arch=$2
	141	rootfs=$3
bad69158	142
fb7460fe DL	143	# make a local copy of the minidebian
	144	echo -n "Copying rootfs to $rootfs..."
	145	cp -a $cache/rootfs-$arch $rootfs \|\| return 1
	146	return 0
c952d1b9	147	}
c952d1b9	148
fb7460fe DL	149	install_debian()
	150	{
	151	cache="@LOCALSTATEDIR@/cache/lxc/debian"
	152	rootfs=$1
	153	mkdir -p @LOCALSTATEDIR@/lock/subsys/
	154	(
	155	flock -n -x 200
	156	if [ $? -ne 0 ]; then
	157	echo "Cache repository is busy."
	158	return 1
	159	fi
7afc269d	160
fb7460fe DL	161	arch=$(arch)
	162	if [ "$arch" == "x86_64" ]; then
	163	arch=amd64
	164	fi
bad69158	165
fb7460fe DL	166	if [ "$arch" == "i686" ]; then
	167	arch=i386
	168	fi
bad69158	169
fb7460fe DL	170	echo "Checking cache download in $cache/rootfs-$arch ... "
	171	if [ ! -e "$cache/rootfs-$arch" ]; then
	172	download_debian $cache $arch
	173	if [ $? -ne 0 ]; then
	174	echo "Failed to download 'debian base'"
	175	return 1
b75afd90	176	fi
fb7460fe	177	fi
c952d1b9	178
fb7460fe DL	179	copy_debian $cache $arch $rootfs
	180	if [ $? -ne 0 ]; then
	181	echo "Failed to copy rootfs"
	182	return 1
	183	fi
c952d1b9	184
fb7460fe	185	return 0
c952d1b9	186
fb7460fe	187	) 200>@LOCALSTATEDIR@/lock/subsys/lxc
85cbaa06	188
fb7460fe	189	return $?
bad69158	190	}
bad69158	191
fb7460fe DL	192	copy_configuration()
	193	{
	194	path=$1
	195	rootfs=$2
	196	name=$3
bad69158	197
fb7460fe DL	198	cat <<EOF >> $path/config
	199	lxc.tty = 4
	200	lxc.pts = 1024
	201	lxc.rootfs = $rootfs
	202	lxc.cgroup.devices.deny = a
	203	# /dev/null and zero
	204	lxc.cgroup.devices.allow = c 1:3 rwm
	205	lxc.cgroup.devices.allow = c 1:5 rwm
	206	# consoles
	207	lxc.cgroup.devices.allow = c 5:1 rwm
	208	lxc.cgroup.devices.allow = c 5:0 rwm
	209	lxc.cgroup.devices.allow = c 4:0 rwm
	210	lxc.cgroup.devices.allow = c 4:1 rwm
	211	# /dev/{,u}random
	212	lxc.cgroup.devices.allow = c 1:9 rwm
	213	lxc.cgroup.devices.allow = c 1:8 rwm
	214	lxc.cgroup.devices.allow = c 136:* rwm
	215	lxc.cgroup.devices.allow = c 5:2 rwm
	216	# rtc
	217	lxc.cgroup.devices.allow = c 254:0 rwm
	218	EOF
bad69158	219
fb7460fe DL	220	if [ $? -ne 0 ]; then
	221	echo "Failed to add configuration"
	222	return 1
bad69158	223	fi
	224
	225	return 0
	226	}
	227
fb7460fe DL	228	clean()
	229	{
	230	cache="@LOCALSTATEDIR@/cache/lxc/debian"
bad69158	231
fb7460fe	232	if [ ! -e $cache ]; then
bad69158	233	exit 0
	234	fi
	235
	236	# lock, so we won't purge while someone is creating a repository
	237	(
	238	flock -n -x 200
fb7460fe	239	if [ $? != 0 ]; then
bad69158	240	echo "Cache repository is busy."
	241	exit 1
	242	fi
	243
	244	echo -n "Purging the download cache..."
fb7460fe	245	rm --preserve-root --one-file-system -rf $cache && echo "Done." \|\| exit 1
bad69158	246	exit 0
bad69158	247
fb7460fe	248	) 200>@LOCALSTATEDIR@/lock/subsys/lxc
bad69158	249	}
bad69158	250
fb7460fe DL	251	usage()
	252	{
	253	cat <<EOF
	254	$1 -h\|--help -p\|--path=<path> --clean
	255	EOF
	256	return 0
	257	}
	258
	259	options=$(getopt -o hp:n:c -l help,path:,name:,clean -- "$@")
	260	if [ $? -ne 0 ]; then
	261	usage $(basename $0)
bad69158	262	exit 1
fb7460fe DL	263	fi
	264	eval set -- "$options"
	265
	266	while true
	267	do
	268	case "$1" in
	269	-h\|--help) usage $0 && exit 0;;
	270	-p\|--path) path=$2; shift 2;;
	271	-n\|--name) name=$2; shift 2;;
	272	-c\|--clean) clean=$2; shift 2;;
	273	--) shift 1; break ;;
	274	*) break ;;
	275	esac
	276	done
	277
	278	if [ ! -z "$clean" -a -z "$path" ]; then
	279	clean \|\| exit 1
	280	exit 0
	281	fi
	282
	283	type debootstrap
	284	if [ $? -ne 0 ]; then
	285	echo "'debootstrap' command is missing"
	286	exit 1
	287	fi
	288
	289	if [ -z "$path" ]; then
	290	echo "'path' parameter is required"
	291	exit 1
	292	fi
	293
	294	if [ "$(id -u)" != "0" ]; then
	295	echo "This script should be run as 'root'"
	296	exit 1
bad69158	297	fi
bad69158	298
fb7460fe DL	299	rootfs=$path/rootfs
	300
	301	install_debian $rootfs
	302	if [ $? -ne 0 ]; then
	303	echo "failed to install debian"
	304	exit 1
	305	fi
	306
	307	configure_debian $rootfs $name
	308	if [ $? -ne 0 ]; then
	309	echo "failed to configure debian for a container"
	310	exit 1
	311	fi
	312
	313	copy_configuration $path $rootfs
	314	if [ $? -ne 0 ]; then
	315	echo "failed write configuration file"
	316	exit 1
	317	fi
	318
	319	if [ ! -z $clean ]; then
	320	clean \|\| exit 1
	321	exit 0
	322	fi