]>
Commit | Line | Data |
---|---|---|
164105f6 MW |
1 | #!/bin/bash |
2 | ||
3 | # | |
4 | # template script for generating centos container for LXC | |
5 | ||
6 | # | |
7 | # lxc: linux Container library | |
8 | ||
9 | # Authors: | |
10 | # Daniel Lezcano <daniel.lezcano@free.fr> | |
11 | # Ramez Hanna <rhanna@informatiq.org> | |
12 | # Fajar A. Nugraha <github@fajar.net> | |
13 | # Michael H. Warfield <mhw@WittsEnd.com> | |
14 | ||
15 | # This library is free software; you can redistribute it and/or | |
16 | # modify it under the terms of the GNU Lesser General Public | |
17 | # License as published by the Free Software Foundation; either | |
18 | # version 2.1 of the License, or (at your option) any later version. | |
19 | ||
20 | # This library is distributed in the hope that it will be useful, | |
21 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
22 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
23 | # Lesser General Public License for more details. | |
24 | ||
25 | # You should have received a copy of the GNU Lesser General Public | |
26 | # License along with this library; if not, write to the Free Software | |
27 | # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
28 | ||
29 | #Configurations | |
30 | arch=$(arch) | |
31 | cache_base=@LOCALSTATEDIR@/cache/lxc/centos/$arch | |
32 | default_path=@LXCPATH@ | |
33 | # We really need something better here! | |
34 | root_password=root | |
35 | ||
36 | lxc_network_type=veth | |
37 | lxc_network_link=lxcbr0 | |
38 | ||
39 | # is this centos? | |
40 | # Alow for weird remixes like the Raspberry Pi | |
41 | # | |
42 | # Use the Mitre standard CPE identifier for the release ID if possible... | |
43 | # This may be in /etc/os-release or /etc/system-release-cpe. We | |
44 | # should be able to use EITHER. Give preference to /etc/os-release for now. | |
45 | ||
46 | if [ -e /etc/os-release ] | |
47 | then | |
48 | # This is a shell friendly configuration file. We can just source it. | |
49 | # What we're looking for in here is the ID, VERSION_ID and the CPE_NAME | |
50 | . /etc/os-release | |
51 | echo "Host CPE ID from /etc/os-release: ${CPE_NAME}" | |
52 | fi | |
53 | ||
54 | if [ "${CPE_NAME}" = "" -a -e /etc/system-release-cpe ] | |
55 | then | |
56 | CPE_NAME=$(head -n1 /etc/system-release-cpe) | |
c6df5ca4 | 57 | CPE_URI=$(expr ${CPE_NAME} : '\([^:]*:[^:]*\)') |
164105f6 MW |
58 | if [ "${CPE_URI}" != "cpe:/o" ] |
59 | then | |
60 | CPE_NAME= | |
61 | else | |
164105f6 MW |
62 | # Probably a better way to do this but sill remain posix |
63 | # compatible but this works, shrug... | |
64 | # Must be nice and not introduce convenient bashisms here. | |
c6df5ca4 MW |
65 | # |
66 | # According to the official registration at Mitre and NIST, | |
67 | # this should have been something like this for CentOS: | |
68 | # cpe:/o:centos:centos:6 | |
69 | # or this: | |
70 | # cpe:/o:centos:centos:6.5 | |
71 | # | |
164105f6 | 72 | ID=$(expr ${CPE_NAME} : '[^:]*:[^:]*:[^:]*:\([^:]*\)') |
c6df5ca4 MW |
73 | # The "enterprise_linux" is a bone toss back to RHEL. |
74 | # Since CentOS and RHEL are so tightly coupled, we'll | |
75 | # take the RHEL version if we're running on it and do the | |
76 | # equivalent version for CentOS. | |
77 | if [ ${ID} = "linux" -o ${ID} = "enterprise_linux" ] | |
78 | then | |
79 | # Instead we got this: cpe:/o:centos:linux:6 | |
80 | ID=$(expr ${CPE_NAME} : '[^:]*:[^:]*:\([^:]*\)') | |
81 | fi | |
82 | ||
164105f6 | 83 | VERSION_ID=$(expr ${CPE_NAME} : '[^:]*:[^:]*:[^:]*:[^:]*:\([^:]*\)') |
c6df5ca4 | 84 | echo "Host CPE ID from /etc/system-release-cpe: ${CPE_NAME}" |
164105f6 MW |
85 | fi |
86 | fi | |
87 | ||
88 | if [ "${CPE_NAME}" != "" -a "${ID}" = "centos" -a "${VERSION_ID}" != "" ] | |
89 | then | |
90 | centos_host_ver=${VERSION_ID} | |
91 | is_centos=true | |
c6df5ca4 MW |
92 | elif [ "${CPE_NAME}" != "" -a "${ID}" = "redhat" -a "${VERSION_ID}" != "" ] |
93 | then | |
94 | redhat_host_ver=${VERSION_ID} | |
95 | is_redhat=true | |
96 | elif [ -e /etc/centos-release ] | |
164105f6 MW |
97 | then |
98 | # Only if all other methods fail, try to parse the redhat-release file. | |
c6df5ca4 | 99 | centos_host_ver=$( sed -e '/^CentOS /!d' -e 's/CentOS.*\srelease\s*\([0-9][0-9.]*\)\s.*/\1/' < /etc/centos-release ) |
164105f6 MW |
100 | if [ "$centos_host_ver" != "" ] |
101 | then | |
102 | is_centos=true | |
103 | fi | |
104 | fi | |
105 | ||
106 | # Map a few architectures to their generic Centos repository archs. | |
107 | # | |
108 | # CentOS currently doesn't support ARM but it's copied here from | |
109 | # the Fedora template for completeness and that it will in the future. | |
110 | # | |
111 | # The two ARM archs are a bit of a guesstimate for the v5 and v6 | |
112 | # archs. V6 should have hardware floating point (Rasberry Pi). | |
113 | # The "arm" arch is safer (no hardware floating point). So | |
114 | # there may be cases where we "get it wrong" for some v6 other | |
115 | # than RPi. | |
116 | case "$arch" in | |
117 | i686) arch=i386 ;; | |
118 | armv3l|armv4l|armv5l) arch=arm ;; | |
119 | armv6l|armv7l|armv8l) arch=armhfp ;; | |
120 | esac | |
121 | ||
122 | force_mknod() | |
123 | { | |
124 | # delete a device node if exists, and create a new one | |
125 | rm -f $2 && mknod -m $1 $2 $3 $4 $5 | |
126 | } | |
127 | ||
128 | configure_centos() | |
129 | { | |
130 | ||
131 | # disable selinux in centos | |
132 | mkdir -p $rootfs_path/selinux | |
133 | echo 0 > $rootfs_path/selinux/enforce | |
134 | ||
135 | # Also kill it in the /etc/selinux/config file if it's there... | |
136 | if [[ -f $rootfs_path/etc/selinux/config ]] | |
137 | then | |
138 | sed -i '/^SELINUX=/s/.*/SELINUX=disabled/' $rootfs_path/etc/selinux/config | |
139 | fi | |
140 | ||
141 | # Nice catch from Dwight Engen in the Oracle template. | |
142 | # Wantonly plagerized here with much appreciation. | |
143 | if [ -f $rootfs_path/usr/sbin/selinuxenabled ]; then | |
144 | mv $rootfs_path/usr/sbin/selinuxenabled $rootfs_path/usr/sbin/selinuxenabled.lxcorig | |
145 | ln -s /bin/false $rootfs_path/usr/sbin/selinuxenabled | |
146 | fi | |
147 | ||
148 | # This is a known problem and documented in RedHat bugzilla as relating | |
149 | # to a problem with auditing enabled. This prevents an error in | |
150 | # the container "Cannot make/remove an entry for the specified session" | |
151 | sed -i '/^session.*pam_loginuid.so/s/^session/# session/' ${rootfs_path}/etc/pam.d/login | |
152 | sed -i '/^session.*pam_loginuid.so/s/^session/# session/' ${rootfs_path}/etc/pam.d/sshd | |
153 | ||
c6df5ca4 MW |
154 | if [ -f ${rootfs_path}/etc/pam.d/crond ] |
155 | then | |
156 | sed -i '/^session.*pam_loginuid.so/s/^session/# session/' ${rootfs_path}/etc/pam.d/crond | |
157 | fi | |
158 | ||
159 | # In addition to disabling pam_loginuid in the above config files | |
160 | # we'll also disable it by linking it to pam_permit to catch any | |
161 | # we missed or any that get installed after the container is built. | |
162 | # | |
163 | # Catch either or both 32 and 64 bit archs. | |
164 | if [ -f ${rootfs_path}/lib/security/pam_loginuid.so ] | |
165 | then | |
166 | ( cd ${rootfs_path}/lib/security/ | |
167 | mv pam_loginuid.so pam_loginuid.so.disabled | |
168 | ln -s pam_permit.so pam_loginuid.so | |
169 | ) | |
170 | fi | |
171 | ||
172 | if [ -f ${rootfs_path}/lib64/security/pam_loginuid.so ] | |
173 | then | |
174 | ( cd ${rootfs_path}/lib64/security/ | |
175 | mv pam_loginuid.so pam_loginuid.so.disabled | |
176 | ln -s pam_permit.so pam_loginuid.so | |
177 | ) | |
178 | fi | |
179 | ||
164105f6 MW |
180 | # configure the network using the dhcp |
181 | cat <<EOF > ${rootfs_path}/etc/sysconfig/network-scripts/ifcfg-eth0 | |
182 | DEVICE=eth0 | |
183 | BOOTPROTO=dhcp | |
184 | ONBOOT=yes | |
185 | HOSTNAME=${UTSNAME} | |
186 | NM_CONTROLLED=no | |
187 | TYPE=Ethernet | |
188 | MTU=${MTU} | |
189 | EOF | |
190 | ||
191 | # set the hostname | |
192 | cat <<EOF > ${rootfs_path}/etc/sysconfig/network | |
193 | NETWORKING=yes | |
194 | HOSTNAME=${UTSNAME} | |
195 | EOF | |
196 | ||
197 | # set minimal hosts | |
198 | cat <<EOF > $rootfs_path/etc/hosts | |
199 | 127.0.0.1 localhost $name | |
200 | EOF | |
201 | ||
202 | # set minimal fstab | |
203 | cat <<EOF > $rootfs_path/etc/fstab | |
204 | /dev/root / rootfs defaults 0 0 | |
205 | none /dev/shm tmpfs nosuid,nodev 0 0 | |
206 | EOF | |
207 | ||
208 | # create lxc compatibility init script | |
209 | if [ "$release" = "6" ]; then | |
210 | cat <<EOF > $rootfs_path/etc/init/lxc-sysinit.conf | |
211 | start on startup | |
212 | env container | |
213 | ||
214 | pre-start script | |
215 | if [ "x$container" != "xlxc" -a "x$container" != "xlibvirt" ]; then | |
216 | stop; | |
217 | fi | |
218 | initctl start tty TTY=console | |
219 | rm -f /var/lock/subsys/* | |
220 | rm -f /var/run/*.pid | |
221 | telinit 3 | |
222 | exit 0; | |
223 | end script | |
224 | EOF | |
225 | elif [ "$release" = "5" ]; then | |
226 | cat <<EOF > $rootfs_path/etc/rc.d/lxc.sysinit | |
227 | #! /bin/bash | |
228 | rm -f /etc/mtab /var/run/*.{pid,lock} /var/lock/subsys/* | |
229 | rm -rf {/,/var}/tmp/* | |
230 | echo "/dev/root / rootfs defaults 0 0" > /etc/mtab | |
231 | exit 0 | |
232 | EOF | |
233 | chmod 755 $rootfs_path/etc/rc.d/lxc.sysinit | |
234 | sed -i 's|si::sysinit:/etc/rc.d/rc.sysinit|si::bootwait:/etc/rc.d/lxc.sysinit|' $rootfs_path/etc/inittab | |
235 | sed -i 's|^1:|co:2345:respawn:/sbin/mingetty console\n1:|' $rootfs_path/etc/inittab | |
236 | sed -i 's|^\([56]:\)|#\1|' $rootfs_path/etc/inittab | |
237 | fi | |
238 | ||
239 | dev_path="${rootfs_path}/dev" | |
240 | rm -rf $dev_path | |
241 | mkdir -p $dev_path | |
242 | mknod -m 666 ${dev_path}/null c 1 3 | |
243 | mknod -m 666 ${dev_path}/zero c 1 5 | |
244 | mknod -m 666 ${dev_path}/random c 1 8 | |
245 | mknod -m 666 ${dev_path}/urandom c 1 9 | |
246 | mkdir -m 755 ${dev_path}/pts | |
247 | mkdir -m 1777 ${dev_path}/shm | |
248 | mknod -m 666 ${dev_path}/tty c 5 0 | |
249 | mknod -m 666 ${dev_path}/tty0 c 4 0 | |
250 | mknod -m 666 ${dev_path}/tty1 c 4 1 | |
251 | mknod -m 666 ${dev_path}/tty2 c 4 2 | |
252 | mknod -m 666 ${dev_path}/tty3 c 4 3 | |
253 | mknod -m 666 ${dev_path}/tty4 c 4 4 | |
254 | mknod -m 600 ${dev_path}/console c 5 1 | |
255 | mknod -m 666 ${dev_path}/full c 1 7 | |
256 | mknod -m 600 ${dev_path}/initctl p | |
257 | mknod -m 666 ${dev_path}/ptmx c 5 2 | |
258 | ||
259 | echo "setting root passwd to $root_password" | |
260 | echo "root:$root_password" | chroot $rootfs_path chpasswd | |
261 | ||
262 | # This will need to be enhanced for CentOS 7 when systemd | |
263 | # comes into play... /\/\|=mhw=|\/\/ | |
264 | ||
265 | return 0 | |
266 | } | |
267 | ||
268 | configure_centos_init() | |
269 | { | |
270 | sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.sysinit | |
271 | sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.d/rc.sysinit | |
272 | if [ "$release" = "6" ]; then | |
273 | chroot ${rootfs_path} chkconfig udev-post off | |
274 | fi | |
275 | chroot ${rootfs_path} chkconfig network on | |
276 | } | |
277 | ||
278 | download_centos() | |
279 | { | |
280 | ||
281 | # check the mini centos was not already downloaded | |
282 | INSTALL_ROOT=$cache/partial | |
283 | mkdir -p $INSTALL_ROOT | |
284 | if [ $? -ne 0 ]; then | |
285 | echo "Failed to create '$INSTALL_ROOT' directory" | |
286 | return 1 | |
287 | fi | |
288 | ||
289 | # download a mini centos into a cache | |
290 | echo "Downloading centos minimal ..." | |
291 | YUM="yum --installroot $INSTALL_ROOT -y --nogpgcheck" | |
292 | PKG_LIST="yum initscripts passwd rsyslog vim-minimal openssh-server openssh-clients dhclient chkconfig rootfiles policycoreutils" | |
293 | ||
294 | # use temporary repository definition | |
295 | REPO_FILE=$INSTALL_ROOT/etc/yum.repos.d/lxc-centos-temp.repo | |
296 | mkdir -p $(dirname $REPO_FILE) | |
297 | cat <<EOF > $REPO_FILE | |
298 | [base] | |
299 | name=CentOS-$release - Base | |
300 | mirrorlist=http://mirrorlist.centos.org/?release=$release&arch=$arch&repo=os | |
301 | ||
302 | [updates] | |
303 | name=CentOS-$release - Updates | |
304 | mirrorlist=http://mirrorlist.centos.org/?release=$release&arch=$arch&repo=updates | |
305 | EOF | |
306 | ||
307 | # create minimal device nodes, needed for "yum install" and "yum update" process | |
308 | mkdir -p $INSTALL_ROOT/dev | |
309 | force_mknod 666 $INSTALL_ROOT/dev/null c 1 3 | |
310 | force_mknod 666 $INSTALL_ROOT/dev/urandom c 1 9 | |
311 | ||
312 | $YUM install $PKG_LIST | |
313 | ||
314 | if [ $? -ne 0 ]; then | |
315 | echo "Failed to download the rootfs, aborting." | |
316 | return 1 | |
317 | fi | |
318 | ||
319 | # use same nameservers as hosts, needed for "yum update later" | |
320 | cp /etc/resolv.conf $INSTALL_ROOT/etc/ | |
321 | ||
322 | # check whether rpmdb is under $HOME | |
323 | if [ ! -e $INSTALL_ROOT/var/lib/rpm/Packages -a -e $INSTALL_ROOT/$HOME/.rpmdb/Packages ]; then | |
324 | echo "Fixing rpmdb location ..." | |
325 | mv $INSTALL_ROOT/$HOME/.rpmdb/[A-Z]* $INSTALL_ROOT/var/lib/rpm/ | |
326 | rm -rf $INSTALL_ROOT/$HOME/.rpmdb | |
327 | chroot $INSTALL_ROOT rpm --rebuilddb 2>/dev/null | |
328 | fi | |
329 | ||
330 | # check whether rpmdb version is correct | |
331 | chroot $INSTALL_ROOT rpm --quiet -q yum 2>/dev/null | |
332 | ret=$? | |
333 | ||
334 | # if "rpm -q" doesn't work due to rpmdb version difference, | |
335 | # then we need to redo the process using the newly-installed yum | |
336 | if [ $ret -gt 0 ]; then | |
337 | echo "Reinstalling packages ..." | |
338 | mv $REPO_FILE $REPO_FILE.tmp | |
339 | mkdir $INSTALL_ROOT/etc/yum.repos.disabled | |
340 | mv $INSTALL_ROOT/etc/yum.repos.d/*.repo $INSTALL_ROOT/etc/yum.repos.disabled/ | |
341 | mv $REPO_FILE.tmp $REPO_FILE | |
342 | mkdir -p $INSTALL_ROOT/$INSTALL_ROOT/etc | |
343 | cp /etc/resolv.conf $INSTALL_ROOT/$INSTALL_ROOT/etc/ | |
344 | mkdir -p $INSTALL_ROOT/$INSTALL_ROOT/dev | |
345 | mknod -m 666 $INSTALL_ROOT/$INSTALL_ROOT/dev/null c 1 3 | |
346 | mknod -m 666 $INSTALL_ROOT/$INSTALL_ROOT/dev/urandom c 1 9 | |
347 | mkdir -p $INSTALL_ROOT/$INSTALL_ROOT/var/cache/yum | |
348 | cp -al $INSTALL_ROOT/var/cache/yum/* $INSTALL_ROOT/$INSTALL_ROOT/var/cache/yum/ | |
349 | chroot $INSTALL_ROOT $YUM install $PKG_LIST | |
350 | if [ $? -ne 0 ]; then | |
351 | echo "Failed to download the rootfs, aborting." | |
352 | return 1 | |
353 | fi | |
354 | mv $INSTALL_ROOT/$INSTALL_ROOT $INSTALL_ROOT.tmp | |
355 | rm -rf $INSTALL_ROOT | |
356 | mv $INSTALL_ROOT.tmp $INSTALL_ROOT | |
357 | fi | |
358 | ||
359 | rm -f $REPO_FILE | |
360 | rm -rf $INSTALL_ROOT/var/cache/yum/* | |
361 | ||
362 | mv "$INSTALL_ROOT" "$cache/rootfs" | |
363 | echo "Download complete." | |
364 | ||
365 | return 0 | |
366 | } | |
367 | ||
368 | copy_centos() | |
369 | { | |
370 | ||
371 | # make a local copy of the mini centos | |
372 | echo -n "Copying rootfs to $rootfs_path ..." | |
373 | #cp -a $cache/rootfs-$arch $rootfs_path || return 1 | |
374 | # i prefer rsync (no reason really) | |
375 | mkdir -p $rootfs_path | |
376 | rsync -a $cache/rootfs/ $rootfs_path/ | |
377 | return 0 | |
378 | } | |
379 | ||
380 | update_centos() | |
381 | { | |
382 | YUM="chroot $cache/rootfs yum -y --nogpgcheck" | |
383 | $YUM update | |
384 | if [ $? -ne 0 ]; then | |
385 | return 1 | |
386 | fi | |
387 | $YUM clean packages | |
388 | } | |
389 | ||
390 | install_centos() | |
391 | { | |
392 | mkdir -p /var/lock/subsys/ | |
393 | ( | |
394 | flock -x 200 | |
395 | if [ $? -ne 0 ]; then | |
396 | echo "Cache repository is busy." | |
397 | return 1 | |
398 | fi | |
399 | ||
400 | echo "Checking cache download in $cache/rootfs ... " | |
401 | if [ ! -e "$cache/rootfs" ]; then | |
402 | download_centos | |
403 | if [ $? -ne 0 ]; then | |
404 | echo "Failed to download 'centos base'" | |
405 | return 1 | |
406 | fi | |
407 | else | |
408 | echo "Cache found. Updating..." | |
409 | update_centos | |
410 | if [ $? -ne 0 ]; then | |
411 | echo "Failed to update 'centos base', continuing with last known good cache" | |
412 | else | |
413 | echo "Update finished" | |
414 | fi | |
415 | fi | |
416 | ||
417 | echo "Copy $cache/rootfs to $rootfs_path ... " | |
418 | copy_centos | |
419 | if [ $? -ne 0 ]; then | |
420 | echo "Failed to copy rootfs" | |
421 | return 1 | |
422 | fi | |
423 | ||
424 | return 0 | |
425 | ||
826eb798 | 426 | ) 200>/var/lock/subsys/lxc-centos |
164105f6 MW |
427 | |
428 | return $? | |
429 | } | |
430 | ||
431 | copy_configuration() | |
432 | { | |
433 | ||
434 | mkdir -p $config_path | |
435 | cat <<EOF >> $config_path/config | |
436 | lxc.utsname = $utsname | |
437 | lxc.tty = 4 | |
438 | lxc.pts = 1024 | |
439 | lxc.rootfs = $rootfs_path | |
440 | lxc.mount = $config_path/fstab | |
441 | lxc.cap.drop = sys_module mac_admin mac_override sys_time | |
442 | ||
443 | lxc.autodev = $auto_dev | |
444 | ||
445 | # example simple networking setup, uncomment to enable | |
446 | #lxc.network.type = $lxc_network_type | |
447 | #lxc.network.flags = up | |
448 | #lxc.network.link = $lxc_network_link | |
449 | #lxc.network.name = eth0 | |
450 | # additional example for veth network type, static MAC address, | |
451 | # and persistent veth device name on host side | |
452 | #lxc.network.hwaddr = 00:16:3e:77:52:20 | |
453 | #lxc.network.veth.pair = v-$name-e0 | |
454 | ||
455 | #cgroups | |
456 | lxc.cgroup.devices.deny = a | |
457 | # /dev/null and zero | |
458 | lxc.cgroup.devices.allow = c 1:3 rwm | |
459 | lxc.cgroup.devices.allow = c 1:5 rwm | |
460 | # consoles | |
461 | lxc.cgroup.devices.allow = c 5:1 rwm | |
462 | lxc.cgroup.devices.allow = c 5:0 rwm | |
463 | lxc.cgroup.devices.allow = c 4:0 rwm | |
464 | lxc.cgroup.devices.allow = c 4:1 rwm | |
465 | # /dev/{,u}random | |
466 | lxc.cgroup.devices.allow = c 1:9 rwm | |
467 | lxc.cgroup.devices.allow = c 1:8 rwm | |
468 | lxc.cgroup.devices.allow = c 136:* rwm | |
469 | lxc.cgroup.devices.allow = c 5:2 rwm | |
470 | # rtc | |
471 | lxc.cgroup.devices.allow = c 254:0 rwm | |
472 | EOF | |
473 | ||
474 | cat <<EOF > $config_path/fstab | |
475 | proc proc proc nodev,noexec,nosuid 0 0 | |
476 | devpts dev/pts devpts defaults 0 0 | |
477 | sysfs sys sysfs defaults 0 0 | |
478 | EOF | |
479 | ||
480 | if [ $? -ne 0 ]; then | |
481 | echo "Failed to add configuration" | |
482 | return 1 | |
483 | fi | |
484 | ||
485 | return 0 | |
486 | } | |
487 | ||
488 | clean() | |
489 | { | |
490 | ||
491 | if [ ! -e $cache ]; then | |
492 | exit 0 | |
493 | fi | |
494 | ||
495 | # lock, so we won't purge while someone is creating a repository | |
496 | ( | |
497 | flock -x 200 | |
498 | if [ $? != 0 ]; then | |
499 | echo "Cache repository is busy." | |
500 | exit 1 | |
501 | fi | |
502 | ||
503 | echo -n "Purging the download cache for centos-$release..." | |
504 | rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1 | |
505 | exit 0 | |
506 | ||
826eb798 | 507 | ) 200>/var/lock/subsys/lxc-centos |
164105f6 MW |
508 | } |
509 | ||
510 | usage() | |
511 | { | |
512 | cat <<EOF | |
513 | usage: | |
514 | $1 -n|--name=<container_name> | |
515 | [-p|--path=<path>] [-c|--clean] [-R|--release=<CentOS_release>] [-A|--arch=<arch of the container>] | |
516 | [-h|--help] | |
517 | Mandatory args: | |
518 | -n,--name container name, used to as an identifier for that container from now on | |
519 | Optional args: | |
520 | -p,--path path to where the container rootfs will be created, defaults to /var/lib/lxc. The container config will go under /var/lib/lxc in that case | |
521 | -c,--clean clean the cache | |
522 | -R,--release Centos release for the new container. if the host is Centos, then it will defaultto the host's release. | |
523 | --fqdn fully qualified domain name (FQDN) for DNS and system naming | |
524 | -A,--arch NOT USED YET. Define what arch the container will be [i686,x86_64] | |
525 | -h,--help print this help | |
526 | EOF | |
527 | return 0 | |
528 | } | |
529 | ||
530 | options=$(getopt -o hp:n:cR: -l help,path:,rootfs:,name:,clean,release:,fqdn: -- "$@") | |
531 | if [ $? -ne 0 ]; then | |
532 | usage $(basename $0) | |
533 | exit 1 | |
534 | fi | |
535 | eval set -- "$options" | |
536 | ||
537 | while true | |
538 | do | |
539 | case "$1" in | |
540 | -h|--help) usage $0 && exit 0;; | |
541 | -p|--path) path=$2; shift 2;; | |
542 | --rootfs) rootfs=$2; shift 2;; | |
543 | -n|--name) name=$2; shift 2;; | |
544 | -c|--clean) clean=$2; shift 2;; | |
545 | -R|--release) release=$2; shift 2;; | |
546 | --fqdn) utsname=$2; shift 2;; | |
547 | --) shift 1; break ;; | |
548 | *) break ;; | |
549 | esac | |
550 | done | |
551 | ||
552 | if [ ! -z "$clean" -a -z "$path" ]; then | |
553 | clean || exit 1 | |
554 | exit 0 | |
555 | fi | |
556 | ||
557 | if [ -z "${utsname}" ]; then | |
558 | utsname=${name} | |
559 | fi | |
560 | ||
561 | # This follows a standard "resolver" convention that an FQDN must have | |
562 | # at least two dots or it is considered a local relative host name. | |
563 | # If it doesn't, append the dns domain name of the host system. | |
564 | # | |
565 | # This changes one significant behavior when running | |
566 | # "lxc_create -n Container_Name" without using the | |
567 | # --fqdn option. | |
568 | # | |
569 | # Old behavior: | |
570 | # utsname and hostname = Container_Name | |
571 | # New behavior: | |
572 | # utsname and hostname = Container_Name.Domain_Name | |
573 | ||
574 | if [ $(expr "$utsname" : '.*\..*\.') = 0 ]; then | |
575 | if [ -n "$(dnsdomainname)" ]; then | |
576 | utsname=${utsname}.$(dnsdomainname) | |
577 | fi | |
578 | fi | |
579 | ||
580 | type yum >/dev/null 2>&1 | |
581 | if [ $? -ne 0 ]; then | |
582 | echo "'yum' command is missing" | |
583 | exit 1 | |
584 | fi | |
585 | ||
586 | if [ -z "$path" ]; then | |
587 | path=$default_path/$name | |
588 | fi | |
589 | ||
590 | if [ -z "$release" ]; then | |
591 | if [ "$is_centos" -a "$centos_host_ver" ]; then | |
592 | release=$centos_host_ver | |
c6df5ca4 MW |
593 | elif [ "$is_redhat" -a "$redhat_host_ver" ]; then |
594 | # This is needed to clean out bullshit like 6workstation and 6server. | |
595 | release=$(expr $redhat_host_ver : '\([0-9.]*\)') | |
164105f6 | 596 | else |
c6df5ca4 | 597 | echo "This is not a CentOS or Redhat host and release is missing, defaulting to 6 use -R|--release to specify release" |
164105f6 MW |
598 | release=6 |
599 | fi | |
600 | fi | |
601 | ||
602 | # CentOS 7 and above should run systemd. We need autodev enabled to keep | |
603 | # systemd from causing problems. | |
c6df5ca4 MW |
604 | # |
605 | # There is some ambiguity here due to the differnce between versioning | |
606 | # of point specific releases such as 6.5 and the rolling release 6. We | |
607 | # only want the major number here if it's a point release... | |
608 | ||
609 | mrelease=$(expr $release : '\([0-9]*\)') | |
610 | if [ $mrelease -gt 6 ]; then | |
164105f6 MW |
611 | auto_dev="1" |
612 | else | |
613 | auto_dev="0" | |
614 | fi | |
615 | ||
616 | if [ "$(id -u)" != "0" ]; then | |
617 | echo "This script should be run as 'root'" | |
618 | exit 1 | |
619 | fi | |
620 | ||
621 | ||
622 | if [ -z "$rootfs_path" ]; then | |
623 | rootfs_path=$path/rootfs | |
624 | # check for 'lxc.rootfs' passed in through default config by lxc-create | |
625 | if grep -q '^lxc.rootfs' $path/config 2>/dev/null ; then | |
626 | rootfs_path=`grep 'lxc.rootfs =' $path/config | awk -F= '{ print $2 }'` | |
627 | fi | |
628 | fi | |
629 | config_path=$default_path/$name | |
630 | cache=$cache_base/$release | |
631 | ||
632 | revert() | |
633 | { | |
634 | echo "Interrupted, so cleaning up" | |
635 | lxc-destroy -n $name | |
636 | # maybe was interrupted before copy config | |
637 | rm -rf $path | |
638 | rm -rf $default_path/$name | |
639 | echo "exiting..." | |
640 | exit 1 | |
641 | } | |
642 | ||
643 | trap revert SIGHUP SIGINT SIGTERM | |
644 | ||
645 | copy_configuration | |
646 | if [ $? -ne 0 ]; then | |
647 | echo "failed write configuration file" | |
648 | exit 1 | |
649 | fi | |
650 | ||
651 | install_centos | |
652 | if [ $? -ne 0 ]; then | |
653 | echo "failed to install centos" | |
654 | exit 1 | |
655 | fi | |
656 | ||
657 | configure_centos | |
658 | if [ $? -ne 0 ]; then | |
659 | echo "failed to configure centos for a container" | |
660 | exit 1 | |
661 | fi | |
662 | ||
663 | configure_centos_init | |
664 | ||
665 | if [ ! -z $clean ]; then | |
666 | clean || exit 1 | |
667 | exit 0 | |
668 | fi | |
669 | echo "container rootfs and config created, default root password is '$root_password'" | |
670 | echo "edit the config file to check/enable networking setup" |