[mirror_lxc.git] / templates / lxc-centos.in

#!/bin/bash

#
# template script for generating centos container for LXC

#
# lxc: linux Container library

# Authors:
# Daniel Lezcano <daniel.lezcano@free.fr>
# Ramez Hanna <rhanna@informatiq.org>
# Fajar A. Nugraha <github@fajar.net>
# Michael H. Warfield <mhw@WittsEnd.com>

# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.

# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# Lesser General Public License for more details.

# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

#Configurations
arch=$(arch)
cache_base=@LOCALSTATEDIR@/cache/lxc/centos/$arch
default_path=@LXCPATH@
# We really need something better here!
root_password=root

lxc_network_type=veth
lxc_network_link=lxcbr0

# is this centos?
# Alow for weird remixes like the Raspberry Pi
#
# Use the Mitre standard CPE identifier for the release ID if possible...
# This may be in /etc/os-release or /etc/system-release-cpe.  We
# should be able to use EITHER.  Give preference to /etc/os-release for now.

if [ -e /etc/os-release ]
then
# This is a shell friendly configuration file.  We can just source it.
# What we're looking for in here is the ID, VERSION_ID and the CPE_NAME
    . /etc/os-release
    echo "Host CPE ID from /etc/os-release: ${CPE_NAME}"
fi

if [ "${CPE_NAME}" = "" -a -e /etc/system-release-cpe ]
then
    CPE_NAME=$(head -n1 /etc/system-release-cpe)
    CPE_URI=$(expr ${CPE_NAME} : '\([^:]*:[^:]*\)')
    if [ "${CPE_URI}" != "cpe:/o" ]
    then
        CPE_NAME=
    else
        # Probably a better way to do this but sill remain posix
        # compatible but this works, shrug...
        # Must be nice and not introduce convenient bashisms here.
        #
        # According to the official registration at Mitre and NIST,
        # this should have been something like this for CentOS:
        #    cpe:/o:centos:centos:6
        # or this:
        #    cpe:/o:centos:centos:6.5
        #
        ID=$(expr ${CPE_NAME} : '[^:]*:[^:]*:[^:]*:\([^:]*\)')
        # The "enterprise_linux" is a bone toss back to RHEL.
        # Since CentOS and RHEL are so tightly coupled, we'll
        # take the RHEL version if we're running on it and do the
        # equivalent version for CentOS.
        if [ ${ID} = "linux" -o ${ID} = "enterprise_linux" ]
        then
                # Instead we got this: cpe:/o:centos:linux:6
                ID=$(expr ${CPE_NAME} : '[^:]*:[^:]*:\([^:]*\)')
        fi

        VERSION_ID=$(expr ${CPE_NAME} : '[^:]*:[^:]*:[^:]*:[^:]*:\([^:]*\)')
        echo "Host CPE ID from /etc/system-release-cpe: ${CPE_NAME}"
    fi
fi

if [ "${CPE_NAME}" != "" -a "${ID}" = "centos" -a "${VERSION_ID}" != "" ]
then
    centos_host_ver=${VERSION_ID}
    is_centos=true
elif [ "${CPE_NAME}" != "" -a "${ID}" = "redhat" -a "${VERSION_ID}" != "" ]
then
    redhat_host_ver=${VERSION_ID}
    is_redhat=true
elif [ -e /etc/centos-release ]
then
    # Only if all other methods fail, try to parse the redhat-release file.
    centos_host_ver=$( sed -e '/^CentOS /!d' -e 's/CentOS.*\srelease\s*\([0-9][0-9.]*\)\s.*/\1/' < /etc/centos-release )
    if [ "$centos_host_ver" != "" ]
    then
        is_centos=true
    fi
fi

# Map a few architectures to their generic Centos repository archs.
#
# CentOS currently doesn't support ARM but it's copied here from
# the Fedora template for completeness and that it will in the future.
#
# The two ARM archs are a bit of a guesstimate for the v5 and v6
# archs.  V6 should have hardware floating point (Rasberry Pi).
# The "arm" arch is safer (no hardware floating point).  So
# there may be cases where we "get it wrong" for some v6 other
# than RPi.
case "$arch" in
i686) arch=i386 ;;
armv3l|armv4l|armv5l) arch=arm ;;
armv6l|armv7l|armv8l) arch=armhfp ;;
esac

force_mknod()
{
    # delete a device node if exists, and create a new one
    rm -f $2 && mknod -m $1 $2 $3 $4 $5
}

configure_centos()
{

    # disable selinux in centos
    mkdir -p $rootfs_path/selinux
    echo 0 > $rootfs_path/selinux/enforce

    # Also kill it in the /etc/selinux/config file if it's there...
    if [[ -f $rootfs_path/etc/selinux/config ]]
    then
        sed -i '/^SELINUX=/s/.*/SELINUX=disabled/' $rootfs_path/etc/selinux/config
    fi

    # Nice catch from Dwight Engen in the Oracle template.
    # Wantonly plagerized here with much appreciation.
    if [ -f $rootfs_path/usr/sbin/selinuxenabled ]; then
        mv $rootfs_path/usr/sbin/selinuxenabled $rootfs_path/usr/sbin/selinuxenabled.lxcorig
        ln -s /bin/false $rootfs_path/usr/sbin/selinuxenabled
    fi

    # This is a known problem and documented in RedHat bugzilla as relating
    # to a problem with auditing enabled.  This prevents an error in
    # the container "Cannot make/remove an entry for the specified session"
    sed -i '/^session.*pam_loginuid.so/s/^session/# session/' ${rootfs_path}/etc/pam.d/login
    sed -i '/^session.*pam_loginuid.so/s/^session/# session/' ${rootfs_path}/etc/pam.d/sshd

    if [ -f ${rootfs_path}/etc/pam.d/crond ]
    then
        sed -i '/^session.*pam_loginuid.so/s/^session/# session/' ${rootfs_path}/etc/pam.d/crond
    fi

    # In addition to disabling pam_loginuid in the above config files
    # we'll also disable it by linking it to pam_permit to catch any
    # we missed or any that get installed after the container is built.
    #
    # Catch either or both 32 and 64 bit archs.
    if [ -f ${rootfs_path}/lib/security/pam_loginuid.so ]
    then
        ( cd ${rootfs_path}/lib/security/
        mv pam_loginuid.so pam_loginuid.so.disabled
        ln -s pam_permit.so pam_loginuid.so
        )
    fi

    if [ -f ${rootfs_path}/lib64/security/pam_loginuid.so ]
    then
        ( cd ${rootfs_path}/lib64/security/
        mv pam_loginuid.so pam_loginuid.so.disabled
        ln -s pam_permit.so pam_loginuid.so
        )
    fi

   # configure the network using the dhcp
    cat <<EOF > ${rootfs_path}/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
HOSTNAME=${UTSNAME}
NM_CONTROLLED=no
TYPE=Ethernet
MTU=${MTU}
EOF

    # set the hostname
    cat <<EOF > ${rootfs_path}/etc/sysconfig/network
NETWORKING=yes
HOSTNAME=${UTSNAME}
EOF

    # set minimal hosts
    cat <<EOF > $rootfs_path/etc/hosts
127.0.0.1 localhost $name
EOF

    # set minimal fstab
    cat <<EOF > $rootfs_path/etc/fstab
/dev/root               /                       rootfs   defaults        0 0
none                    /dev/shm                tmpfs    nosuid,nodev    0 0
EOF

    # create lxc compatibility init script
    if [ "$release" = "6" ]; then
        cat <<EOF > $rootfs_path/etc/init/lxc-sysinit.conf
start on startup
env container

pre-start script
        if [ "x$container" != "xlxc" -a "x$container" != "xlibvirt" ]; then
                stop;
        fi
        initctl start tty TTY=console
        rm -f /var/lock/subsys/*
        rm -f /var/run/*.pid
        telinit 3
        exit 0;
end script
EOF
    elif [ "$release" = "5" ]; then
        cat <<EOF > $rootfs_path/etc/rc.d/lxc.sysinit
#! /bin/bash
rm -f /etc/mtab /var/run/*.{pid,lock} /var/lock/subsys/*
rm -rf {/,/var}/tmp/*
echo "/dev/root               /                       rootfs   defaults        0 0" > /etc/mtab
exit 0
EOF
        chmod 755 $rootfs_path/etc/rc.d/lxc.sysinit
        sed -i 's|si::sysinit:/etc/rc.d/rc.sysinit|si::bootwait:/etc/rc.d/lxc.sysinit|'  $rootfs_path/etc/inittab
        sed -i 's|^1:|co:2345:respawn:/sbin/mingetty console\n1:|' $rootfs_path/etc/inittab
        sed -i 's|^\([56]:\)|#\1|' $rootfs_path/etc/inittab
    fi

    dev_path="${rootfs_path}/dev"
    rm -rf $dev_path
    mkdir -p $dev_path
    mknod -m 666 ${dev_path}/null c 1 3
    mknod -m 666 ${dev_path}/zero c 1 5
    mknod -m 666 ${dev_path}/random c 1 8
    mknod -m 666 ${dev_path}/urandom c 1 9
    mkdir -m 755 ${dev_path}/pts
    mkdir -m 1777 ${dev_path}/shm
    mknod -m 666 ${dev_path}/tty c 5 0
    mknod -m 666 ${dev_path}/tty0 c 4 0
    mknod -m 666 ${dev_path}/tty1 c 4 1
    mknod -m 666 ${dev_path}/tty2 c 4 2
    mknod -m 666 ${dev_path}/tty3 c 4 3
    mknod -m 666 ${dev_path}/tty4 c 4 4
    mknod -m 600 ${dev_path}/console c 5 1
    mknod -m 666 ${dev_path}/full c 1 7
    mknod -m 600 ${dev_path}/initctl p
    mknod -m 666 ${dev_path}/ptmx c 5 2

    echo "setting root passwd to $root_password"
    echo "root:$root_password" | chroot $rootfs_path chpasswd

    # This will need to be enhanced for CentOS 7 when systemd
    # comes into play...   /\/\|=mhw=|\/\/

    return 0
}

configure_centos_init()
{
    sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.sysinit
    sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.d/rc.sysinit
    if [ "$release" = "6" ]; then
        chroot ${rootfs_path} chkconfig udev-post off
    fi
    chroot ${rootfs_path} chkconfig network on
}

download_centos()
{

    # check the mini centos was not already downloaded
    INSTALL_ROOT=$cache/partial
    mkdir -p $INSTALL_ROOT
    if [ $? -ne 0 ]; then
    echo "Failed to create '$INSTALL_ROOT' directory"
    return 1
    fi

    # download a mini centos into a cache
    echo "Downloading centos minimal ..."
    YUM="yum --installroot $INSTALL_ROOT -y --nogpgcheck"
    PKG_LIST="yum initscripts passwd rsyslog vim-minimal openssh-server openssh-clients dhclient chkconfig rootfiles policycoreutils"

    # use temporary repository definition
    REPO_FILE=$INSTALL_ROOT/etc/yum.repos.d/lxc-centos-temp.repo
    mkdir -p $(dirname $REPO_FILE)
    cat <<EOF > $REPO_FILE
[base]
name=CentOS-$release - Base
mirrorlist=http://mirrorlist.centos.org/?release=$release&arch=$arch&repo=os

[updates]
name=CentOS-$release - Updates
mirrorlist=http://mirrorlist.centos.org/?release=$release&arch=$arch&repo=updates
EOF

    # create minimal device nodes, needed for "yum install" and "yum update" process
    mkdir -p $INSTALL_ROOT/dev
    force_mknod 666 $INSTALL_ROOT/dev/null c 1 3
    force_mknod 666 $INSTALL_ROOT/dev/urandom c 1 9

    $YUM install $PKG_LIST

    if [ $? -ne 0 ]; then
        echo "Failed to download the rootfs, aborting."
        return 1
    fi

    # use same nameservers as hosts, needed for "yum update later"
    cp /etc/resolv.conf $INSTALL_ROOT/etc/

    # check whether rpmdb is under $HOME
    if [ ! -e $INSTALL_ROOT/var/lib/rpm/Packages -a -e $INSTALL_ROOT/$HOME/.rpmdb/Packages ]; then
        echo "Fixing rpmdb location ..."
        mv $INSTALL_ROOT/$HOME/.rpmdb/[A-Z]* $INSTALL_ROOT/var/lib/rpm/
        rm -rf $INSTALL_ROOT/$HOME/.rpmdb
        chroot $INSTALL_ROOT rpm --rebuilddb 2>/dev/null
    fi

    # check whether rpmdb version is correct
    chroot $INSTALL_ROOT rpm --quiet -q yum 2>/dev/null
    ret=$?

    # if "rpm -q" doesn't work due to rpmdb version difference,
    # then we need to redo the process using the newly-installed yum
    if [ $ret -gt 0 ]; then
        echo "Reinstalling packages ..."
        mv $REPO_FILE $REPO_FILE.tmp
        mkdir $INSTALL_ROOT/etc/yum.repos.disabled
        mv $INSTALL_ROOT/etc/yum.repos.d/*.repo $INSTALL_ROOT/etc/yum.repos.disabled/
        mv $REPO_FILE.tmp $REPO_FILE
        mkdir -p $INSTALL_ROOT/$INSTALL_ROOT/etc
        cp /etc/resolv.conf $INSTALL_ROOT/$INSTALL_ROOT/etc/
        mkdir -p $INSTALL_ROOT/$INSTALL_ROOT/dev
        mknod -m 666 $INSTALL_ROOT/$INSTALL_ROOT/dev/null c 1 3
        mknod -m 666 $INSTALL_ROOT/$INSTALL_ROOT/dev/urandom c 1 9
        mkdir -p $INSTALL_ROOT/$INSTALL_ROOT/var/cache/yum
        cp -al $INSTALL_ROOT/var/cache/yum/* $INSTALL_ROOT/$INSTALL_ROOT/var/cache/yum/
        chroot $INSTALL_ROOT $YUM install $PKG_LIST
        if [ $? -ne 0 ]; then
            echo "Failed to download the rootfs, aborting."
            return 1
        fi
        mv $INSTALL_ROOT/$INSTALL_ROOT $INSTALL_ROOT.tmp
        rm -rf $INSTALL_ROOT
        mv $INSTALL_ROOT.tmp $INSTALL_ROOT
    fi

    rm -f $REPO_FILE
    rm -rf $INSTALL_ROOT/var/cache/yum/*

    mv "$INSTALL_ROOT" "$cache/rootfs"
    echo "Download complete."

    return 0
}

copy_centos()
{

    # make a local copy of the mini centos
    echo -n "Copying rootfs to $rootfs_path ..."
    #cp -a $cache/rootfs-$arch $rootfs_path || return 1
    # i prefer rsync (no reason really)
    mkdir -p $rootfs_path
    rsync -a $cache/rootfs/ $rootfs_path/
    return 0
}

update_centos()
{
    YUM="chroot $cache/rootfs yum -y --nogpgcheck"
    $YUM update
    if [ $? -ne 0 ]; then
        return 1
    fi
    $YUM clean packages
}

install_centos()
{
    mkdir -p /var/lock/subsys/
    (
    flock -x 200
    if [ $? -ne 0 ]; then
        echo "Cache repository is busy."
        return 1
    fi

    echo "Checking cache download in $cache/rootfs ... "
    if [ ! -e "$cache/rootfs" ]; then
        download_centos
        if [ $? -ne 0 ]; then
            echo "Failed to download 'centos base'"
            return 1
        fi
    else
        echo "Cache found. Updating..."
        update_centos
        if [ $? -ne 0 ]; then
            echo "Failed to update 'centos base', continuing with last known good cache"
        else
            echo "Update finished"
        fi
    fi

    echo "Copy $cache/rootfs to $rootfs_path ... "
    copy_centos
    if [ $? -ne 0 ]; then
        echo "Failed to copy rootfs"
        return 1
    fi

    return 0

    ) 200>/var/lock/subsys/lxc-centos

    return $?
}

copy_configuration()
{

    mkdir -p $config_path
    cat <<EOF >> $config_path/config
lxc.utsname = $utsname
lxc.tty = 4
lxc.pts = 1024
lxc.rootfs = $rootfs_path
lxc.mount  = $config_path/fstab
lxc.cap.drop = sys_module mac_admin mac_override sys_time

lxc.autodev = $auto_dev

# example simple networking setup, uncomment to enable
#lxc.network.type = $lxc_network_type
#lxc.network.flags = up
#lxc.network.link = $lxc_network_link
#lxc.network.name = eth0
# additional example for veth network type, static MAC address,
# and persistent veth device name on host side
#lxc.network.hwaddr = 00:16:3e:77:52:20
#lxc.network.veth.pair = v-$name-e0

#cgroups
lxc.cgroup.devices.deny = a
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rwm
EOF

    cat <<EOF > $config_path/fstab
proc            proc         proc    nodev,noexec,nosuid 0 0
devpts          dev/pts      devpts defaults 0 0
sysfs           sys          sysfs defaults  0 0
EOF

    if [ $? -ne 0 ]; then
    echo "Failed to add configuration"
    return 1
    fi

    return 0
}

clean()
{

    if [ ! -e $cache ]; then
    exit 0
    fi

    # lock, so we won't purge while someone is creating a repository
    (
    flock -x 200
    if [ $? != 0 ]; then
        echo "Cache repository is busy."
        exit 1
    fi

    echo -n "Purging the download cache for centos-$release..."
    rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1
    exit 0

    ) 200>/var/lock/subsys/lxc-centos
}

usage()
{
    cat <<EOF
usage:
    $1 -n|--name=<container_name>
        [-p|--path=<path>] [-c|--clean] [-R|--release=<CentOS_release>] [-A|--arch=<arch of the container>]
        [-h|--help]
Mandatory args:
  -n,--name         container name, used to as an identifier for that container from now on
Optional args:
  -p,--path         path to where the container rootfs will be created, defaults to /var/lib/lxc. The container config will go under /var/lib/lxc in that case
  -c,--clean        clean the cache
  -R,--release      Centos release for the new container. if the host is Centos, then it will defaultto the host's release.
     --fqdn         fully qualified domain name (FQDN) for DNS and system naming
  -A,--arch         NOT USED YET. Define what arch the container will be [i686,x86_64]
  -h,--help         print this help
EOF
    return 0
}

options=$(getopt -o hp:n:cR: -l help,path:,rootfs:,name:,clean,release:,fqdn: -- "$@")
if [ $? -ne 0 ]; then
    usage $(basename $0)
    exit 1
fi
eval set -- "$options"

while true
do
    case "$1" in
        -h|--help)      usage $0 && exit 0;;
        -p|--path)      path=$2; shift 2;;
        --rootfs)       rootfs=$2; shift 2;;
        -n|--name)      name=$2; shift 2;;
        -c|--clean)     clean=$2; shift 2;;
        -R|--release)   release=$2; shift 2;;
        --fqdn)         utsname=$2; shift 2;;
        --)             shift 1; break ;;
        *)              break ;;
    esac
done

if [ ! -z "$clean" -a -z "$path" ]; then
    clean || exit 1
    exit 0
fi

if [ -z "${utsname}" ]; then
    utsname=${name}
fi

# This follows a standard "resolver" convention that an FQDN must have
# at least two dots or it is considered a local relative host name.
# If it doesn't, append the dns domain name of the host system.
#
# This changes one significant behavior when running
# "lxc_create -n Container_Name" without using the
# --fqdn option.
#
# Old behavior:
#    utsname and hostname = Container_Name
# New behavior:
#    utsname and hostname = Container_Name.Domain_Name

if [ $(expr "$utsname" : '.*\..*\.') = 0 ]; then
    if [ -n "$(dnsdomainname)" ]; then
        utsname=${utsname}.$(dnsdomainname)
    fi
fi

type yum >/dev/null 2>&1
if [ $? -ne 0 ]; then
    echo "'yum' command is missing"
    exit 1
fi

if [ -z "$path" ]; then
    path=$default_path/$name
fi

if [ -z "$release" ]; then
    if [ "$is_centos" -a "$centos_host_ver" ]; then
        release=$centos_host_ver
    elif [ "$is_redhat" -a "$redhat_host_ver" ]; then
        # This is needed to clean out bullshit like 6workstation and 6server.
        release=$(expr $redhat_host_ver : '\([0-9.]*\)')
    else
        echo "This is not a CentOS or Redhat host and release is missing, defaulting to 6 use -R|--release to specify release"
        release=6
    fi
fi

# CentOS 7 and above should run systemd.  We need autodev enabled to keep
# systemd from causing problems.
#
# There is some ambiguity here due to the differnce between versioning
# of point specific releases such as 6.5 and the rolling release 6.  We
# only want the major number here if it's a point release...

mrelease=$(expr $release : '\([0-9]*\)')
if [ $mrelease -gt 6 ]; then
    auto_dev="1"
else
    auto_dev="0"
fi

if [ "$(id -u)" != "0" ]; then
    echo "This script should be run as 'root'"
    exit 1
fi


if [ -z "$rootfs_path" ]; then
    rootfs_path=$path/rootfs
    # check for 'lxc.rootfs' passed in through default config by lxc-create
    if grep -q '^lxc.rootfs' $path/config 2>/dev/null ; then
        rootfs_path=`grep 'lxc.rootfs =' $path/config | awk -F= '{ print $2 }'`
    fi
fi
config_path=$default_path/$name
cache=$cache_base/$release

revert()
{
    echo "Interrupted, so cleaning up"
    lxc-destroy -n $name
    # maybe was interrupted before copy config
    rm -rf $path
    rm -rf $default_path/$name
    echo "exiting..."
    exit 1
}

trap revert SIGHUP SIGINT SIGTERM

copy_configuration
if [ $? -ne 0 ]; then
    echo "failed write configuration file"
    exit 1
fi

install_centos
if [ $? -ne 0 ]; then
    echo "failed to install centos"
    exit 1
fi

configure_centos
if [ $? -ne 0 ]; then
    echo "failed to configure centos for a container"
    exit 1
fi

configure_centos_init

if [ ! -z $clean ]; then
    clean || exit 1
    exit 0
fi
echo "container rootfs and config created, default root password is '$root_password'"
echo "edit the config file to check/enable networking setup"
Commit	Line	Data
164105f6 MW	1	#!/bin/bash
	2
	3	#
	4	# template script for generating centos container for LXC
	5
	6	#
	7	# lxc: linux Container library
	8
	9	# Authors:
	10	# Daniel Lezcano <daniel.lezcano@free.fr>
	11	# Ramez Hanna <rhanna@informatiq.org>
	12	# Fajar A. Nugraha <github@fajar.net>
	13	# Michael H. Warfield <mhw@WittsEnd.com>
	14
	15	# This library is free software; you can redistribute it and/or
	16	# modify it under the terms of the GNU Lesser General Public
	17	# License as published by the Free Software Foundation; either
	18	# version 2.1 of the License, or (at your option) any later version.
	19
	20	# This library is distributed in the hope that it will be useful,
	21	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	22	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	23	# Lesser General Public License for more details.
	24
	25	# You should have received a copy of the GNU Lesser General Public
	26	# License along with this library; if not, write to the Free Software
	27	# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
	28
	29	#Configurations
	30	arch=$(arch)
	31	cache_base=@LOCALSTATEDIR@/cache/lxc/centos/$arch
	32	default_path=@LXCPATH@
	33	# We really need something better here!
	34	root_password=root
	35
	36	lxc_network_type=veth
	37	lxc_network_link=lxcbr0
	38
	39	# is this centos?
	40	# Alow for weird remixes like the Raspberry Pi
	41	#
	42	# Use the Mitre standard CPE identifier for the release ID if possible...
	43	# This may be in /etc/os-release or /etc/system-release-cpe. We
	44	# should be able to use EITHER. Give preference to /etc/os-release for now.
	45
	46	if [ -e /etc/os-release ]
	47	then
	48	# This is a shell friendly configuration file. We can just source it.
	49	# What we're looking for in here is the ID, VERSION_ID and the CPE_NAME
	50	. /etc/os-release
	51	echo "Host CPE ID from /etc/os-release: ${CPE_NAME}"
	52	fi
	53
	54	if [ "${CPE_NAME}" = "" -a -e /etc/system-release-cpe ]
	55	then
	56	CPE_NAME=$(head -n1 /etc/system-release-cpe)
c6df5ca4	57	CPE_URI=$(expr ${CPE_NAME} : '\([^:]:[^:]\)')
164105f6 MW	58	if [ "${CPE_URI}" != "cpe:/o" ]
	59	then
	60	CPE_NAME=
	61	else
164105f6 MW	62	# Probably a better way to do this but sill remain posix
	63	# compatible but this works, shrug...
	64	# Must be nice and not introduce convenient bashisms here.
c6df5ca4 MW	65	#
	66	# According to the official registration at Mitre and NIST,
	67	# this should have been something like this for CentOS:
	68	# cpe:/o:centos:centos:6
	69	# or this:
	70	# cpe:/o:centos:centos:6.5
	71	#
164105f6	72	ID=$(expr ${CPE_NAME} : '[^:]:[^:]:[^:]:\([^:]\)')
c6df5ca4 MW	73	# The "enterprise_linux" is a bone toss back to RHEL.
	74	# Since CentOS and RHEL are so tightly coupled, we'll
	75	# take the RHEL version if we're running on it and do the
	76	# equivalent version for CentOS.
	77	if [ ${ID} = "linux" -o ${ID} = "enterprise_linux" ]
	78	then
	79	# Instead we got this: cpe:/o:centos:linux:6
	80	ID=$(expr ${CPE_NAME} : '[^:]:[^:]:\([^:]*\)')
	81	fi
	82
164105f6	83	VERSION_ID=$(expr ${CPE_NAME} : '[^:]:[^:]:[^:]:[^:]:\([^:]*\)')
c6df5ca4	84	echo "Host CPE ID from /etc/system-release-cpe: ${CPE_NAME}"
164105f6 MW	85	fi
	86	fi
	87
	88	if [ "${CPE_NAME}" != "" -a "${ID}" = "centos" -a "${VERSION_ID}" != "" ]
	89	then
	90	centos_host_ver=${VERSION_ID}
	91	is_centos=true
c6df5ca4 MW	92	elif [ "${CPE_NAME}" != "" -a "${ID}" = "redhat" -a "${VERSION_ID}" != "" ]
	93	then
	94	redhat_host_ver=${VERSION_ID}
	95	is_redhat=true
	96	elif [ -e /etc/centos-release ]
164105f6 MW	97	then
164105f6 MW	98	# Only if all other methods fail, try to parse the redhat-release file.
c6df5ca4	99	centos_host_ver=$( sed -e '/^CentOS /!d' -e 's/CentOS.\srelease\s\([0-9][0-9.]\)\s./\1/' < /etc/centos-release )
164105f6 MW	100	if [ "$centos_host_ver" != "" ]
	101	then
	102	is_centos=true
	103	fi
	104	fi
	105
	106	# Map a few architectures to their generic Centos repository archs.
	107	#
	108	# CentOS currently doesn't support ARM but it's copied here from
	109	# the Fedora template for completeness and that it will in the future.
	110	#
	111	# The two ARM archs are a bit of a guesstimate for the v5 and v6
	112	# archs. V6 should have hardware floating point (Rasberry Pi).
	113	# The "arm" arch is safer (no hardware floating point). So
	114	# there may be cases where we "get it wrong" for some v6 other
	115	# than RPi.
	116	case "$arch" in
	117	i686) arch=i386 ;;
	118	armv3l\|armv4l\|armv5l) arch=arm ;;
	119	armv6l\|armv7l\|armv8l) arch=armhfp ;;
	120	esac
	121
	122	force_mknod()
	123	{
	124	# delete a device node if exists, and create a new one
	125	rm -f $2 && mknod -m $1 $2 $3 $4 $5
	126	}
	127
	128	configure_centos()
	129	{
	130
	131	# disable selinux in centos
	132	mkdir -p $rootfs_path/selinux
	133	echo 0 > $rootfs_path/selinux/enforce
	134
	135	# Also kill it in the /etc/selinux/config file if it's there...
	136	if [[ -f $rootfs_path/etc/selinux/config ]]
	137	then
	138	sed -i '/^SELINUX=/s/.*/SELINUX=disabled/' $rootfs_path/etc/selinux/config
	139	fi
	140
	141	# Nice catch from Dwight Engen in the Oracle template.
	142	# Wantonly plagerized here with much appreciation.
	143	if [ -f $rootfs_path/usr/sbin/selinuxenabled ]; then
	144	mv $rootfs_path/usr/sbin/selinuxenabled $rootfs_path/usr/sbin/selinuxenabled.lxcorig
	145	ln -s /bin/false $rootfs_path/usr/sbin/selinuxenabled
	146	fi
	147
	148	# This is a known problem and documented in RedHat bugzilla as relating
	149	# to a problem with auditing enabled. This prevents an error in
	150	# the container "Cannot make/remove an entry for the specified session"
	151	sed -i '/^session.*pam_loginuid.so/s/^session/# session/' ${rootfs_path}/etc/pam.d/login
	152	sed -i '/^session.*pam_loginuid.so/s/^session/# session/' ${rootfs_path}/etc/pam.d/sshd
	153
c6df5ca4 MW	154	if [ -f ${rootfs_path}/etc/pam.d/crond ]
	155	then
	156	sed -i '/^session.*pam_loginuid.so/s/^session/# session/' ${rootfs_path}/etc/pam.d/crond
	157	fi
	158
	159	# In addition to disabling pam_loginuid in the above config files
	160	# we'll also disable it by linking it to pam_permit to catch any
	161	# we missed or any that get installed after the container is built.
	162	#
	163	# Catch either or both 32 and 64 bit archs.
	164	if [ -f ${rootfs_path}/lib/security/pam_loginuid.so ]
	165	then
	166	( cd ${rootfs_path}/lib/security/
	167	mv pam_loginuid.so pam_loginuid.so.disabled
	168	ln -s pam_permit.so pam_loginuid.so
	169	)
	170	fi
	171
	172	if [ -f ${rootfs_path}/lib64/security/pam_loginuid.so ]
	173	then
	174	( cd ${rootfs_path}/lib64/security/
	175	mv pam_loginuid.so pam_loginuid.so.disabled
	176	ln -s pam_permit.so pam_loginuid.so
	177	)
	178	fi
	179
164105f6 MW	180	# configure the network using the dhcp
	181	cat <<EOF > ${rootfs_path}/etc/sysconfig/network-scripts/ifcfg-eth0
	182	DEVICE=eth0
	183	BOOTPROTO=dhcp
	184	ONBOOT=yes
	185	HOSTNAME=${UTSNAME}
	186	NM_CONTROLLED=no
	187	TYPE=Ethernet
	188	MTU=${MTU}
	189	EOF
	190
	191	# set the hostname
	192	cat <<EOF > ${rootfs_path}/etc/sysconfig/network
	193	NETWORKING=yes
	194	HOSTNAME=${UTSNAME}
	195	EOF
	196
	197	# set minimal hosts
	198	cat <<EOF > $rootfs_path/etc/hosts
	199	127.0.0.1 localhost $name
	200	EOF
	201
	202	# set minimal fstab
	203	cat <<EOF > $rootfs_path/etc/fstab
	204	/dev/root / rootfs defaults 0 0
	205	none /dev/shm tmpfs nosuid,nodev 0 0
	206	EOF
	207
	208	# create lxc compatibility init script
	209	if [ "$release" = "6" ]; then
	210	cat <<EOF > $rootfs_path/etc/init/lxc-sysinit.conf
	211	start on startup
	212	env container
	213
	214	pre-start script
	215	if [ "x$container" != "xlxc" -a "x$container" != "xlibvirt" ]; then
	216	stop;
	217	fi
	218	initctl start tty TTY=console
	219	rm -f /var/lock/subsys/*
	220	rm -f /var/run/*.pid
	221	telinit 3
	222	exit 0;
	223	end script
	224	EOF
	225	elif [ "$release" = "5" ]; then
	226	cat <<EOF > $rootfs_path/etc/rc.d/lxc.sysinit
	227	#! /bin/bash
	228	rm -f /etc/mtab /var/run/.{pid,lock} /var/lock/subsys/
	229	rm -rf {/,/var}/tmp/*
	230	echo "/dev/root / rootfs defaults 0 0" > /etc/mtab
	231	exit 0
	232	EOF
	233	chmod 755 $rootfs_path/etc/rc.d/lxc.sysinit
	234	sed -i 's\|si::sysinit:/etc/rc.d/rc.sysinit\|si::bootwait:/etc/rc.d/lxc.sysinit\|' $rootfs_path/etc/inittab
	235	sed -i 's\|^1:\|co:2345:respawn:/sbin/mingetty console\n1:\|' $rootfs_path/etc/inittab
	236	sed -i 's\|^\([56]:\)\|#\1\|' $rootfs_path/etc/inittab
	237	fi
	238
	239	dev_path="${rootfs_path}/dev"
	240	rm -rf $dev_path
	241	mkdir -p $dev_path
	242	mknod -m 666 ${dev_path}/null c 1 3
	243	mknod -m 666 ${dev_path}/zero c 1 5
244	mknod -m 666 ${dev_path}/random c 1 8
245	mknod -m 666 ${dev_path}/urandom c 1 9
246	mkdir -m 755 ${dev_path}/pts
247	mkdir -m 1777 ${dev_path}/shm
248	mknod -m 666 ${dev_path}/tty c 5 0
249	mknod -m 666 ${dev_path}/tty0 c 4 0
250	mknod -m 666 ${dev_path}/tty1 c 4 1
251	mknod -m 666 ${dev_path}/tty2 c 4 2
252	mknod -m 666 ${dev_path}/tty3 c 4 3
253	mknod -m 666 ${dev_path}/tty4 c 4 4
254	mknod -m 600 ${dev_path}/console c 5 1
255	mknod -m 666 ${dev_path}/full c 1 7
256	mknod -m 600 ${dev_path}/initctl p
257	mknod -m 666 ${dev_path}/ptmx c 5 2
258
259	echo "setting root passwd to $root_password"
260	echo "root:$root_password" \| chroot $rootfs_path chpasswd
261
262	# This will need to be enhanced for CentOS 7 when systemd
263	# comes into play... /\/\\|=mhw=\|\/\/
264
265	return 0
266	}
267
268	configure_centos_init()
269	{
270	sed -i 's\|.sbin.start_udev\|\|' ${rootfs_path}/etc/rc.sysinit
271	sed -i 's\|.sbin.start_udev\|\|' ${rootfs_path}/etc/rc.d/rc.sysinit
272	if [ "$release" = "6" ]; then
273	chroot ${rootfs_path} chkconfig udev-post off
274	fi
275	chroot ${rootfs_path} chkconfig network on
276	}
277
278	download_centos()
279	{
280
281	# check the mini centos was not already downloaded
282	INSTALL_ROOT=$cache/partial
283	mkdir -p $INSTALL_ROOT
284	if [ $? -ne 0 ]; then
285	echo "Failed to create '$INSTALL_ROOT' directory"
286	return 1
287	fi
288
289	# download a mini centos into a cache
290	echo "Downloading centos minimal ..."
291	YUM="yum --installroot $INSTALL_ROOT -y --nogpgcheck"
292	PKG_LIST="yum initscripts passwd rsyslog vim-minimal openssh-server openssh-clients dhclient chkconfig rootfiles policycoreutils"
293
294	# use temporary repository definition
295	REPO_FILE=$INSTALL_ROOT/etc/yum.repos.d/lxc-centos-temp.repo
296	mkdir -p $(dirname $REPO_FILE)
297	cat <<EOF > $REPO_FILE
298	[base]
299	name=CentOS-$release - Base
300	mirrorlist=http://mirrorlist.centos.org/?release=$release&arch=$arch&repo=os
301
302	[updates]
303	name=CentOS-$release - Updates
304	mirrorlist=http://mirrorlist.centos.org/?release=$release&arch=$arch&repo=updates
305	EOF
306
307	# create minimal device nodes, needed for "yum install" and "yum update" process
308	mkdir -p $INSTALL_ROOT/dev
309	force_mknod 666 $INSTALL_ROOT/dev/null c 1 3
310	force_mknod 666 $INSTALL_ROOT/dev/urandom c 1 9
311
312	$YUM install $PKG_LIST
313
314	if [ $? -ne 0 ]; then
315	echo "Failed to download the rootfs, aborting."
316	return 1
317	fi
318
319	# use same nameservers as hosts, needed for "yum update later"
320	cp /etc/resolv.conf $INSTALL_ROOT/etc/
321
322	# check whether rpmdb is under $HOME
323	if [ ! -e $INSTALL_ROOT/var/lib/rpm/Packages -a -e $INSTALL_ROOT/$HOME/.rpmdb/Packages ]; then
324	echo "Fixing rpmdb location ..."
325	mv $INSTALL_ROOT/$HOME/.rpmdb/[A-Z]* $INSTALL_ROOT/var/lib/rpm/
326	rm -rf $INSTALL_ROOT/$HOME/.rpmdb
327	chroot $INSTALL_ROOT rpm --rebuilddb 2>/dev/null
328	fi
329
330	# check whether rpmdb version is correct
331	chroot $INSTALL_ROOT rpm --quiet -q yum 2>/dev/null
332	ret=$?
333
334	# if "rpm -q" doesn't work due to rpmdb version difference,
335	# then we need to redo the process using the newly-installed yum
336	if [ $ret -gt 0 ]; then
337	echo "Reinstalling packages ..."
338	mv $REPO_FILE $REPO_FILE.tmp
339	mkdir $INSTALL_ROOT/etc/yum.repos.disabled
340	mv $INSTALL_ROOT/etc/yum.repos.d/*.repo $INSTALL_ROOT/etc/yum.repos.disabled/
341	mv $REPO_FILE.tmp $REPO_FILE
342	mkdir -p $INSTALL_ROOT/$INSTALL_ROOT/etc
343	cp /etc/resolv.conf $INSTALL_ROOT/$INSTALL_ROOT/etc/
344	mkdir -p $INSTALL_ROOT/$INSTALL_ROOT/dev
345	mknod -m 666 $INSTALL_ROOT/$INSTALL_ROOT/dev/null c 1 3
346	mknod -m 666 $INSTALL_ROOT/$INSTALL_ROOT/dev/urandom c 1 9
347	mkdir -p $INSTALL_ROOT/$INSTALL_ROOT/var/cache/yum
348	cp -al $INSTALL_ROOT/var/cache/yum/* $INSTALL_ROOT/$INSTALL_ROOT/var/cache/yum/
349	chroot $INSTALL_ROOT $YUM install $PKG_LIST
350	if [ $? -ne 0 ]; then
351	echo "Failed to download the rootfs, aborting."
352	return 1
353	fi
354	mv $INSTALL_ROOT/$INSTALL_ROOT $INSTALL_ROOT.tmp
355	rm -rf $INSTALL_ROOT
356	mv $INSTALL_ROOT.tmp $INSTALL_ROOT
357	fi
358
359	rm -f $REPO_FILE
360	rm -rf $INSTALL_ROOT/var/cache/yum/*
361
362	mv "$INSTALL_ROOT" "$cache/rootfs"
363	echo "Download complete."
364
365	return 0
366	}
367
368	copy_centos()
369	{
370
371	# make a local copy of the mini centos
372	echo -n "Copying rootfs to $rootfs_path ..."
373	#cp -a $cache/rootfs-$arch $rootfs_path \|\| return 1
374	# i prefer rsync (no reason really)
375	mkdir -p $rootfs_path
376	rsync -a $cache/rootfs/ $rootfs_path/
377	return 0
378	}
379
380	update_centos()
381	{
382	YUM="chroot $cache/rootfs yum -y --nogpgcheck"
383	$YUM update
384	if [ $? -ne 0 ]; then
385	return 1
386	fi
387	$YUM clean packages
388	}
389
390	install_centos()
391	{
392	mkdir -p /var/lock/subsys/
393	(
394	flock -x 200
395	if [ $? -ne 0 ]; then
396	echo "Cache repository is busy."
397	return 1
398	fi
399
400	echo "Checking cache download in $cache/rootfs ... "
401	if [ ! -e "$cache/rootfs" ]; then
402	download_centos
403	if [ $? -ne 0 ]; then
404	echo "Failed to download 'centos base'"
405	return 1
406	fi
407	else
408	echo "Cache found. Updating..."
409	update_centos
410	if [ $? -ne 0 ]; then
411	echo "Failed to update 'centos base', continuing with last known good cache"
412	else
413	echo "Update finished"
414	fi
415	fi
416
417	echo "Copy $cache/rootfs to $rootfs_path ... "
418	copy_centos
419	if [ $? -ne 0 ]; then
420	echo "Failed to copy rootfs"
421	return 1
422	fi
423
424	return 0
425
826eb798	426	) 200>/var/lock/subsys/lxc-centos
164105f6 MW	427
	428	return $?
	429	}
	430
	431	copy_configuration()
	432	{
	433
	434	mkdir -p $config_path
	435	cat <<EOF >> $config_path/config
	436	lxc.utsname = $utsname
	437	lxc.tty = 4
	438	lxc.pts = 1024
	439	lxc.rootfs = $rootfs_path
	440	lxc.mount = $config_path/fstab
	441	lxc.cap.drop = sys_module mac_admin mac_override sys_time
	442
	443	lxc.autodev = $auto_dev
	444
	445	# example simple networking setup, uncomment to enable
	446	#lxc.network.type = $lxc_network_type
	447	#lxc.network.flags = up
	448	#lxc.network.link = $lxc_network_link
	449	#lxc.network.name = eth0
	450	# additional example for veth network type, static MAC address,
	451	# and persistent veth device name on host side
	452	#lxc.network.hwaddr = 00:16:3e:77:52:20
	453	#lxc.network.veth.pair = v-$name-e0
	454
	455	#cgroups
	456	lxc.cgroup.devices.deny = a
	457	# /dev/null and zero
	458	lxc.cgroup.devices.allow = c 1:3 rwm
	459	lxc.cgroup.devices.allow = c 1:5 rwm
	460	# consoles
	461	lxc.cgroup.devices.allow = c 5:1 rwm
	462	lxc.cgroup.devices.allow = c 5:0 rwm
	463	lxc.cgroup.devices.allow = c 4:0 rwm
	464	lxc.cgroup.devices.allow = c 4:1 rwm
	465	# /dev/{,u}random
	466	lxc.cgroup.devices.allow = c 1:9 rwm
	467	lxc.cgroup.devices.allow = c 1:8 rwm
	468	lxc.cgroup.devices.allow = c 136:* rwm
	469	lxc.cgroup.devices.allow = c 5:2 rwm
	470	# rtc
	471	lxc.cgroup.devices.allow = c 254:0 rwm
	472	EOF
	473
	474	cat <<EOF > $config_path/fstab
	475	proc proc proc nodev,noexec,nosuid 0 0
	476	devpts dev/pts devpts defaults 0 0
	477	sysfs sys sysfs defaults 0 0
	478	EOF
	479
	480	if [ $? -ne 0 ]; then
	481	echo "Failed to add configuration"
	482	return 1
	483	fi
	484
	485	return 0
	486	}
	487
	488	clean()
	489	{
	490
491	if [ ! -e $cache ]; then
492	exit 0
493	fi
494
495	# lock, so we won't purge while someone is creating a repository
496	(
497	flock -x 200
498	if [ $? != 0 ]; then
499	echo "Cache repository is busy."
500	exit 1
501	fi
502
503	echo -n "Purging the download cache for centos-$release..."
504	rm --preserve-root --one-file-system -rf $cache && echo "Done." \|\| exit 1
505	exit 0
506
826eb798	507	) 200>/var/lock/subsys/lxc-centos
164105f6 MW	508	}
	509
	510	usage()
	511	{
	512	cat <<EOF
	513	usage:
	514	$1 -n\|--name=<container_name>
	515	[-p\|--path=<path>] [-c\|--clean] [-R\|--release=<CentOS_release>] [-A\|--arch=<arch of the container>]
	516	[-h\|--help]
	517	Mandatory args:
	518	-n,--name container name, used to as an identifier for that container from now on
	519	Optional args:
	520	-p,--path path to where the container rootfs will be created, defaults to /var/lib/lxc. The container config will go under /var/lib/lxc in that case
	521	-c,--clean clean the cache
	522	-R,--release Centos release for the new container. if the host is Centos, then it will defaultto the host's release.
	523	--fqdn fully qualified domain name (FQDN) for DNS and system naming
	524	-A,--arch NOT USED YET. Define what arch the container will be [i686,x86_64]
	525	-h,--help print this help
	526	EOF
	527	return 0
	528	}
	529
	530	options=$(getopt -o hp:n:cR: -l help,path:,rootfs:,name:,clean,release:,fqdn: -- "$@")
	531	if [ $? -ne 0 ]; then
	532	usage $(basename $0)
	533	exit 1
	534	fi
	535	eval set -- "$options"
	536
	537	while true
	538	do
	539	case "$1" in
	540	-h\|--help) usage $0 && exit 0;;
	541	-p\|--path) path=$2; shift 2;;
	542	--rootfs) rootfs=$2; shift 2;;
	543	-n\|--name) name=$2; shift 2;;
	544	-c\|--clean) clean=$2; shift 2;;
	545	-R\|--release) release=$2; shift 2;;
	546	--fqdn) utsname=$2; shift 2;;
	547	--) shift 1; break ;;
	548	*) break ;;
	549	esac
	550	done
	551
	552	if [ ! -z "$clean" -a -z "$path" ]; then
	553	clean \|\| exit 1
	554	exit 0
	555	fi
	556
	557	if [ -z "${utsname}" ]; then
	558	utsname=${name}
	559	fi
	560
	561	# This follows a standard "resolver" convention that an FQDN must have
	562	# at least two dots or it is considered a local relative host name.
	563	# If it doesn't, append the dns domain name of the host system.
	564	#
	565	# This changes one significant behavior when running
	566	# "lxc_create -n Container_Name" without using the
	567	# --fqdn option.
	568	#
	569	# Old behavior:
	570	# utsname and hostname = Container_Name
	571	# New behavior:
572	# utsname and hostname = Container_Name.Domain_Name
573
574	if [ $(expr "$utsname" : '.\..\.') = 0 ]; then
575	if [ -n "$(dnsdomainname)" ]; then
576	utsname=${utsname}.$(dnsdomainname)
577	fi
578	fi
579
580	type yum >/dev/null 2>&1
581	if [ $? -ne 0 ]; then
582	echo "'yum' command is missing"
583	exit 1
584	fi
585
586	if [ -z "$path" ]; then
587	path=$default_path/$name
588	fi
589
590	if [ -z "$release" ]; then
591	if [ "$is_centos" -a "$centos_host_ver" ]; then
592	release=$centos_host_ver
c6df5ca4 MW	593	elif [ "$is_redhat" -a "$redhat_host_ver" ]; then
	594	# This is needed to clean out bullshit like 6workstation and 6server.
	595	release=$(expr $redhat_host_ver : '\([0-9.]*\)')
164105f6	596	else
c6df5ca4	597	echo "This is not a CentOS or Redhat host and release is missing, defaulting to 6 use -R\|--release to specify release"
164105f6 MW	598	release=6
	599	fi
	600	fi
	601
	602	# CentOS 7 and above should run systemd. We need autodev enabled to keep
	603	# systemd from causing problems.
c6df5ca4 MW	604	#
	605	# There is some ambiguity here due to the differnce between versioning
	606	# of point specific releases such as 6.5 and the rolling release 6. We
	607	# only want the major number here if it's a point release...
	608
	609	mrelease=$(expr $release : '\([0-9]*\)')
	610	if [ $mrelease -gt 6 ]; then
164105f6 MW	611	auto_dev="1"
	612	else
	613	auto_dev="0"
	614	fi
	615
	616	if [ "$(id -u)" != "0" ]; then
	617	echo "This script should be run as 'root'"
	618	exit 1
	619	fi
	620
	621
	622	if [ -z "$rootfs_path" ]; then
	623	rootfs_path=$path/rootfs
	624	# check for 'lxc.rootfs' passed in through default config by lxc-create
	625	if grep -q '^lxc.rootfs' $path/config 2>/dev/null ; then
	626	rootfs_path=`grep 'lxc.rootfs =' $path/config \| awk -F= '{ print $2 }'`
	627	fi
	628	fi
	629	config_path=$default_path/$name
	630	cache=$cache_base/$release
	631
	632	revert()
	633	{
	634	echo "Interrupted, so cleaning up"
	635	lxc-destroy -n $name
	636	# maybe was interrupted before copy config
	637	rm -rf $path
	638	rm -rf $default_path/$name
	639	echo "exiting..."
	640	exit 1
	641	}
	642
	643	trap revert SIGHUP SIGINT SIGTERM
	644
	645	copy_configuration
	646	if [ $? -ne 0 ]; then
	647	echo "failed write configuration file"
	648	exit 1
	649	fi
	650
	651	install_centos
	652	if [ $? -ne 0 ]; then
	653	echo "failed to install centos"
	654	exit 1
	655	fi
	656
	657	configure_centos
	658	if [ $? -ne 0 ]; then
	659	echo "failed to configure centos for a container"
	660	exit 1
	661	fi
	662
	663	configure_centos_init
	664
	665	if [ ! -z $clean ]; then
	666	clean \|\| exit 1
	667	exit 0
	668	fi
	669	echo "container rootfs and config created, default root password is '$root_password'"
	670	echo "edit the config file to check/enable networking setup"