]> git.proxmox.com Git - mirror_lxc.git/blame - templates/lxc-oracle.in
projects / mirror_lxc.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Fix typo in previous commit
[mirror_lxc.git] / templates / lxc-oracle.in
CommitLineData
17abf278 1#!/bin/sh
708f4a80
SH		 2#
3# Template script for generating Oracle Enterprise Linux container for LXC
4# based on lxc-fedora, lxc-ubuntu
5#
8cd80b50
SG		 6# Copyright © 2011 Wim Coekaerts <wim.coekaerts@oracle.com>
7# Copyright © 2012 Dwight Engen <dwight.engen@oracle.com>
708f4a80
SH		 8#
9# Modified for Oracle Linux 5
10# Wim Coekaerts <wim.coekaerts@oracle.com>
11#
da139233 12# Modified for Oracle Linux 6, combined OL4,5,6 into one template script
708f4a80
SH		 13# Dwight Engen <dwight.engen@oracle.com>
14#
15# This library is free software; you can redistribute it and/or
16# modify it under the terms of the GNU Lesser General Public
17# License as published by the Free Software Foundation; either
18# version 2.1 of the License, or (at your option) any later version.
19#
20# This library is distributed in the hope that it will be useful,
21# but WITHOUT ANY WARRANTY; without even the implied warranty of
22# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
23# Lesser General Public License for more details.
24#
25# You should have received a copy of the GNU Lesser General Public
26# License along with this library; if not, write to the Free Software
250b1eec 27# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
708f4a80
SH		 28#
29
8ec981fc 30# Detect use under userns (unsupported)
c63c04fc 31for arg in "$@"; do
96283b54
SG		 32 [ "$arg" = "--" ] && break
33 if [ "$arg" = "--mapped-uid" -o "$arg" = "--mapped-gid" ]; then
8ec981fc
SG		 34 echo "This template can't be used for unprivileged containers." 1>&2
35 echo "You may want to try the \"download\" template instead." 1>&2
36 exit 1
37 fi
38done
39
207bf0e4
SG		 40# Make sure the usual locations are in PATH
41export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin
42
708f4a80
SH		 43# use virbr0 that is setup by default by libvirtd
44lxc_network_type=veth
45lxc_network_link=virbr0
46
47die()
48{
49 echo "failed: $1"
50 exit 1
51}
52
53is_btrfs_subvolume()
54{
55 if which btrfs >/dev/null 2>&1 && \
56 btrfs subvolume list "$1" >/dev/null 2>&1; then
14d9c0f0 57 return 0
708f4a80
SH		 58 fi
59 return 1
60}
61
341c9718
DE		 62can_chcon()
63{
64 if which chcon >/dev/null 2>&1; then
65 selinuxenabled >/dev/null 2>&1
66 return $?
67 fi
68 return 1
69}
70
708f4a80 71# fix up the container_rootfs
7ceebfd1 72container_rootfs_patch()
708f4a80 73{
7ceebfd1
DE		 74 echo "Patching container rootfs $container_rootfs for Oracle Linux $container_release_major.$container_release_minor"
75
76 # copy ourself into the container to be used to --patch the rootfs when
77 # yum update on certain packages is done. we do this here instead of in
78 # container_rootfs_configure() in case the patching done in this function
79 # is updated in the future, we can inject the updated version of ourself
80 # into older containers.
81 if [ $container_rootfs != "/" ]; then
82 cp -f `readlink -f $0` $container_rootfs/usr/bin/lxc-patch
83 if [ $container_release_major -lt "6" ]; then
84 mkdir -p $container_rootfs/usr/lib/yum-plugins
85 cp @DATADIR@/lxc/lxc-patch.py $container_rootfs/usr/lib/yum-plugins
86 fi
87 if [ $container_release_major = "6" ]; then
88 mkdir -p $container_rootfs/usr/share/yum-plugins
89 cp @DATADIR@/lxc/lxc-patch.py $container_rootfs/usr/share/yum-plugins
90 fi
91 mkdir -p $container_rootfs/etc/yum/pluginconf.d
92 cat <<EOF > $container_rootfs/etc/yum/pluginconf.d/lxc-patch.conf
93[main]
94enabled=1
95packages=initscripts,iptables,selinux-policy,readahead,udev,util-linux-ng
96EOF
97 fi
98
99 if [ $container_release_major = "4" ]; then
100 # yum plugin type of TYPE_INTERFACE works in all releases but gives a
101 # deprecation warning on major > 4, so we default to TYPE_INTERACTIVE
102 # and fix it up here
103 sed -i 's|TYPE_INTERACTIVE|TYPE_INTERFACE|' $container_rootfs/usr/lib/yum-plugins/lxc-patch.py
104 if [ -f $container_rootfs/etc/yum.repos.d/ULN-Base.repo ]; then
105 mv $container_rootfs/etc/yum.repos.d/ULN-Base.repo \
106 $container_rootfs/etc/yum.repos.d/ULN-Base.repo.lxc-disabled
107 fi
108 echo "plugins = 1" >>$container_rootfs/etc/yum.conf
109 fi
708f4a80 110
31f38b17
DE		 111 # "disable" selinux in the guest. The policy in the container isn't
112 # likely to match the hosts (unless host == guest exactly) and the
113 # kernel can only be enforcing one policy.
114 #
115 # The OL 5 init honors /etc/selinux/config, but note that
708f4a80
SH		 116 # this doesnt actually disable it if it's enabled in the host, since
117 # libselinux::is_selinux_enabled() in the guest will check
118 # /proc/filesystems and see selinuxfs, thus reporting that it is on
31f38b17
DE		 119 # (ie. check the output of sestatus in the guest). We also replace
120 # /usr/sbin/selinuxenabled with a symlink to /bin/false so that init
121 # scripts (ie. mcstransd) that call that think selinux is disabled.
708f4a80
SH		 122 mkdir -p $container_rootfs/selinux
123 echo 0 > $container_rootfs/selinux/enforce
124 if [ -e $container_rootfs/etc/selinux/config ]; then
14d9c0f0 125 sed -i 's|SELINUX=enforcing|SELINUX=disabled|' $container_rootfs/etc/selinux/config
708f4a80 126 else
c01c25fc 127 mkdir -p $container_rootfs/etc/selinux
14d9c0f0 128 echo "SELINUX=disabled" >$container_rootfs/etc/selinux/config
708f4a80 129 fi
da139233
DE		 130 sed -i 's|session[ \t]*required[ \t]*pam_selinux.so[ \t]*close|#session required pam_selinux.so close|' $container_rootfs/etc/pam.d/login
131 sed -i 's|session[ \t]*required[ \t]*pam_selinux.so[ \t]*open|#session required pam_selinux.so open|' $container_rootfs/etc/pam.d/login
eff9177f
DE		 132
133 # setting /proc/$$/loginuid doesn't work under user namespace, which
134 # prevents logins from working
135 sed -i 's|session[ \t]*required[ \t]*pam_loginuid.so|#session required pam_loginuid.so|' $container_rootfs/etc/pam.d/sshd
da139233 136 sed -i 's|session[ \t]*required[ \t]*pam_loginuid.so|#session required pam_loginuid.so|' $container_rootfs/etc/pam.d/login
000559b5 137
31f38b17
DE		 138 if [ -f $container_rootfs/usr/sbin/selinuxenabled ]; then
139 mv $container_rootfs/usr/sbin/selinuxenabled $container_rootfs/usr/sbin/selinuxenabled.lxcorig
140 ln -s /bin/false $container_rootfs/usr/sbin/selinuxenabled
141 fi
142
da139233
DE		 143 # silence error in checking for selinux
144 sed -i 's|cat /proc/self/attr/current|cat /proc/self/attr/current 2>/dev/null|' $container_rootfs/etc/rc.sysinit
145 sed -i 's|cat /proc/self/attr/current|cat /proc/self/attr/current 2>/dev/null|' $container_rootfs/etc/rc.d/rc.sysinit
708f4a80 146
eff9177f
DE		 147 # on ol4 pam_limits prevents logins when using user namespaces
148 if [ $container_release_major = "4" ]; then
149 sed -i 's|session[ \t]*required[ \t]*/lib/security/\$ISA/pam_limits.so|#session required /lib/security/$ISA/pam_limits.so|' $container_rootfs/etc/pam.d/system-auth
150 fi
151
da139233
DE		 152 # avoid error in ol5 attempting to copy non-existent resolv.conf
153 if [ $container_release_major = "5" ]; then
154 sed -i 's|resolv.conf.predhclient|resolv.conf.predhclient 2>/dev/null|' $container_rootfs/sbin/dhclient-script
155 fi
156
e35cb41b
DE		 157 # disable interactive ovmd asking questions
158 if [ -f $container_rootfs/etc/sysconfig/ovmd ]; then
159 sed -i 's|INITIAL_CONFIG=yes|INITIAL_CONFIG=no|' $container_rootfs/etc/sysconfig/ovmd
160 fi
161
7ceebfd1
DE		 162 # disable disabling of ipv4 forwarding and defrag on shutdown since
163 # we mount /proc/sys ro
164 if [ $container_release_major = "5" ]; then
165 sed -i 's|-f /proc/sys/net/ipv4/ip_forward|-w /proc/sys/net/ipv4/ip_forward|' $container_rootfs/etc/rc.d/init.d/network
166 sed -i 's|-f /proc/sys/net/ipv4/ip_always_defrag|-w /proc/sys/net/ipv4/ip_always_defrag|' $container_rootfs/etc/rc.d/init.d/network
167 fi
708f4a80 168
da139233 169 # disable ipv6 on ol6
7060353a 170 rm -f $container_rootfs/etc/sysconfig/network-scripts/init.ipv6-global
708f4a80 171
708f4a80
SH		 172 # remove module stuff for iptables it just shows errors that are not
173 # relevant in a container
174 if [ -f "$container_rootfs/etc/sysconfig/iptables-config" ]; then
14d9c0f0
SG		 175 sed -i 's|IPTABLES_MODULES=".*|IPTABLES_MODULES=""|' $container_rootfs/etc/sysconfig/iptables-config
176 sed -i 's|IPTABLES_MODULES_UNLOAD=".*|IPTABLES_MODULES_UNLOAD="no"|' $container_rootfs/etc/sysconfig/iptables-config
708f4a80
SH		 177 fi
178
179 # disable readahead in the container
180 if [ $container_release_major = "6" -a -e $container_rootfs/etc/sysconfig/readahead ]; then
14d9c0f0
SG		 181 rm -f $container_rootfs/etc/init/readahead-collector.conf
182 rm -f $container_rootfs/etc/init/readahead-disable-services.conf
183 sed -i 's|READAHEAD="yes"|READAHEAD="no"|' $container_rootfs/etc/sysconfig/readahead
708f4a80
SH		 184 fi
185
e35cb41b
DE		 186 if [ $container_release_major = "4" ]; then
187 # enable fastboot always
188 sed -i 's|\[ -f /fastboot \]|/bin/true|' $container_rootfs/etc/rc.sysinit
189 sed -i 's|\[ -f /fastboot \]|/bin/true|' $container_rootfs/etc/rc.d/rc.sysinit
190
191 # dont attempt to set kernel parameters
192 sed -i 's|action $"Configuring kernel parameters|# LXC action $"Configuring kernel parameters|' $container_rootfs/etc/rc.sysinit
193 sed -i 's|action $"Configuring kernel parameters|# LXC action $"Configuring kernel parameters|' $container_rootfs/etc/rc.d/rc.sysinit
839af5b3
DE		 194 sed -i 's|action $"Setting network parameters|# LXC action $"Setting network parameters|' $container_rootfs/etc/init.d/network 2>/dev/null
195 sed -i 's|action $"Setting network parameters|# LXC action $"Setting network parameters|' $container_rootfs/etc/init.d/NetworkManager 2>/dev/null
e35cb41b
DE		 196 fi
197
da139233
DE		 198 # no need to attempt to mount /
199 sed -i 's|mount -f /$|# LXC mount -f /|' $container_rootfs/etc/rc.sysinit
200 sed -i 's|mount -f /$|# LXC mount -f /|' $container_rootfs/etc/rc.d/rc.sysinit
201 sed -i 's|action \$"Remounting root filesystem|/bin/true # LXC action $"Remounting root filesystem|' $container_rootfs/etc/rc.sysinit
202 sed -i 's|action \$"Remounting root filesystem|/bin/true # LXC action $"Remounting root filesystem|' $container_rootfs/etc/rc.d/rc.sysinit
203
708f4a80 204 # disable udev in the container
e35cb41b
DE		 205 if [ $container_release_major = "4" ]; then
206 sed -i 's|\[ -x /sbin/start_udev \]|# LXC no udev|' $container_rootfs/etc/rc.sysinit
207 sed -i 's|\[ -x /sbin/start_udev \]|# LXC no udev|' $container_rootfs/etc/rc.d/rc.sysinit
208 else
209 sed -i 's|.sbin.start_udev||' $container_rootfs/etc/rc.sysinit
210 sed -i 's|.sbin.start_udev||' $container_rootfs/etc/rc.d/rc.sysinit
211 fi
708f4a80
SH		 212
213 # disable nash raidautorun in the container since no /dev/md*
e35cb41b 214 if [ $container_release_major = "4" -o $container_release_major = "5" ]; then
14d9c0f0
SG		 215 sed -i 's|echo "raidautorun /dev/md0"|echo ""|' $container_rootfs/etc/rc.sysinit
216 sed -i 's|echo "raidautorun /dev/md0"|echo ""|' $container_rootfs/etc/rc.d/rc.sysinit
708f4a80
SH		 217 fi
218
219 # prevent rc.sysinit from attempting to loadkeys
e35cb41b 220 if [ \( $container_release_major = "4" -o $container_release_major = "5" \) -a -e $container_rootfs/etc/sysconfig/keyboard ]; then
14d9c0f0 221 rm $container_rootfs/etc/sysconfig/keyboard
708f4a80
SH		 222 fi
223
e35cb41b
DE		 224 # dont use the hwclock, it messes up the host's time
225 if [ $container_release_major = "4" ]; then
226 sed -i 's|runcmd $"Syncing hardware clock|# LXC no hwclock runcmd $"Syncing hardware clock|' $container_rootfs/etc/rc.d/init.d/halt
227 else
228 sed -i 's|\[ -x /sbin/hwclock|\[ 0 -eq 1|' $container_rootfs/etc/rc.d/init.d/halt
229 fi
da139233
DE		 230 sed -i 's|^\[ -x /sbin/hwclock|\[ 0 -eq 1|' $container_rootfs/etc/rc.sysinit
231 sed -i 's|^\[ -x /sbin/hwclock|\[ 0 -eq 1|' $container_rootfs/etc/rc.d/rc.sysinit
232 sed -i 's|^/sbin/hwclock|# LXC /sbin/nohwclock|' $container_rootfs/etc/rc.sysinit
233 sed -i 's|^/sbin/hwclock|# LXC /sbin/nohwclock|' $container_rootfs/etc/rc.d/rc.sysinit
708f4a80
SH		 234
235 # dont start lvm
7ceebfd1
DE		 236 if [ $container_release_major -lt "6" -a -f $container_rootfs/sbin/lvm.static ]; then
237 mv $container_rootfs/sbin/lvm.static $container_rootfs/sbin/lvm.static.lxc-disabled
238 fi
239 if [ $container_release_major = "6" ]; then
240 touch $container_rootfs/.nolvm
241 fi
708f4a80
SH		 242
243 # fix assumptions that plymouth is available
244 sed -i 's|\[ "$PROMPT" != no \] && plymouth|[ "$PROMPT" != no ] \&\& [ -n "$PLYMOUTH" ] \&\& plymouth|' $container_rootfs/etc/rc.sysinit
245 sed -i 's|\[ "$PROMPT" != no \] && plymouth|[ "$PROMPT" != no ] \&\& [ -n "$PLYMOUTH" ] \&\& plymouth|' $container_rootfs/etc/rc.d/rc.sysinit
7060353a
DE		 246 rm -f $container_rootfs/etc/init/plymouth-shutdown.conf
247 rm -f $container_rootfs/etc/init/quit-plymouth.conf
248 rm -f $container_rootfs/etc/init/splash-manager.conf
708f4a80 249
7ceebfd1
DE		 250 # dont try to unmount /dev/lxc devices
251 sed -i 's|&& $1 !~ /^\\/dev\\/ram/|\&\& $2 !~ /^\\/dev\\/lxc/ \&\& $1 !~ /^\\/dev\\/ram/|' $container_rootfs/etc/init.d/halt
252
253 # don't try to unmount swap
254 sed -i 's|\[ -f /proc/swaps \]|# LXC [ -f /proc/swaps ]|' $container_rootfs/etc/init.d/halt
255
256 # there might be other services that are useless but the below set is a good start
257 # some of these might not exist in the image, so we silence chkconfig complaining
258 # about the service file not being found
259 for service in \
260 acpid apmd auditd autofs cpuspeed dund gpm haldaemon hidd \
261 ip6tables irqbalance iscsi iscsid isdn kdump kudzu \
262 lm_sensors lvm2-monitor mdmonitor microcode_ctl \
263 ntpd pcmcia postfix sendmail udev-post xfs ;
264 do
265 chroot $container_rootfs chkconfig 2>/dev/null $service off
266 done
267
268 for service in rsyslog ;
269 do
270 chroot $container_rootfs chkconfig 2>/dev/null $service on
271 done
272
273 # ensure /dev/ptmx refers to the newinstance devpts of the container, or
274 # pty's will get crossed up with the hosts (https://lkml.org/lkml/2012/1/23/512)
275 rm -f $container_rootfs/dev/ptmx
276 ln -s pts/ptmx $container_rootfs/dev/ptmx
277}
278
279container_rootfs_configure()
280{
281 container_rootfs_patch
282 echo "Configuring container for Oracle Linux $container_release_major.$container_release_minor"
283
284 # configure the network to use dhcp. we set DHCP_HOSTNAME so the guest
285 # will report its name and be resolv'able by the hosts dnsmasq
286 cat <<EOF > $container_rootfs/etc/sysconfig/network-scripts/ifcfg-eth0
287DEVICE=eth0
288BOOTPROTO=dhcp
289ONBOOT=yes
290HOSTNAME=$name
291DHCP_HOSTNAME=$name
292NM_CONTROLLED=no
293TYPE=Ethernet
294EOF
295
296 # set the hostname
297 cat <<EOF > $container_rootfs/etc/sysconfig/network
298NETWORKING=yes
299NETWORKING_IPV6=no
300HOSTNAME=$name
301EOF
302
303 # set minimal hosts
304 echo "127.0.0.1 localhost $name" > $container_rootfs/etc/hosts
305
306 # this file has to exist for libvirt/Virtual machine monitor to boot the container
307 touch $container_rootfs/etc/mtab
308
309 # don't put devpts,proc, nor sysfs in here, it will already be mounted for us by lxc/libvirt
310 cat <<EOF > $container_rootfs/etc/fstab
311EOF
312
313 # sem_open(3) checks that /dev/shm is SHMFS_SUPER_MAGIC, so make sure to mount /dev/shm (normally done by dracut initrd) as tmpfs
314 if [ $container_release_major = "4" -o $container_release_major = "5" ]; then
315 echo "mount -t tmpfs tmpfs /dev/shm" >>$container_rootfs/etc/rc.sysinit
316 echo "mount -t tmpfs tmpfs /dev/shm" >>$container_rootfs/etc/rc.d/rc.sysinit
317 fi
318
319 if [ $container_release_major = "6" ]; then
320 sed -i 's|mount -n -o remount /dev/shm >/dev/null 2>&1$|mount -t tmpfs tmpfs /dev/shm # LXC|' $container_rootfs/etc/rc.sysinit
321 sed -i 's|mount -n -o remount /dev/shm >/dev/null 2>&1$|mount -t tmpfs tmpfs /dev/shm # LXC|' $container_rootfs/etc/rc.d/rc.sysinit
322 fi
323
708f4a80
SH		 324 # setup console and tty[1-4] for login. note that /dev/console and
325 # /dev/tty[1-4] will be symlinks to the ptys /dev/lxc/console and
326 # /dev/lxc/tty[1-4] so that package updates can overwrite the symlinks.
327 # lxc will maintain these links and bind mount ptys over /dev/lxc/*
328 # since lxc.devttydir is specified in the config.
329
000559b5 330 # allow root login on console, tty[1-4], and pts/0 for libvirt
708f4a80
SH		 331 echo "# LXC (Linux Containers)" >>$container_rootfs/etc/securetty
332 echo "lxc/console" >>$container_rootfs/etc/securetty
333 echo "lxc/tty1" >>$container_rootfs/etc/securetty
334 echo "lxc/tty2" >>$container_rootfs/etc/securetty
335 echo "lxc/tty3" >>$container_rootfs/etc/securetty
336 echo "lxc/tty4" >>$container_rootfs/etc/securetty
000559b5
DE		 337 echo "# For libvirt/Virtual Machine Monitor" >>$container_rootfs/etc/securetty
338 echo "pts/0" >>$container_rootfs/etc/securetty
708f4a80 339
2e83f720 340 # prevent mingetty from calling vhangup(2) since it fails with userns
91bcb2dd
DE		 341 if [ -f $container_rootfs/etc/init/tty.conf ]; then
342 sed -i 's|mingetty|mingetty --nohangup|' $container_rootfs/etc/init/tty.conf
343 fi
2e83f720 344
708f4a80 345 # start a getty on /dev/console, /dev/tty[1-4]
e35cb41b 346 if [ $container_release_major = "4" -o $container_release_major = "5" ]; then
2e83f720 347 sed -i 's|mingetty|mingetty --nohangup|' $container_rootfs/etc/inittab
88927db9 348 sed -i '/1:2345:respawn/i cns:2345:respawn:/sbin/mingetty --nohangup --noclear console' $container_rootfs/etc/inittab
14d9c0f0
SG		 349 sed -i '/5:2345:respawn/d' $container_rootfs/etc/inittab
350 sed -i '/6:2345:respawn/d' $container_rootfs/etc/inittab
708f4a80
SH		 351 fi
352
353 if [ $container_release_major = "6" ]; then
14d9c0f0 354 cat <<EOF > $container_rootfs/etc/init/console.conf
708f4a80
SH		 355# console - getty
356#
357# This service maintains a getty on the console from the point the system is
358# started until it is shut down again.
359
360start on stopped rc RUNLEVEL=[2345]
361stop on runlevel [!2345]
362
363respawn
88927db9 364exec /sbin/mingetty --nohangup --noclear /dev/console
708f4a80
SH		 365EOF
366 fi
367
ed34a67d
DE		 368 # lxc-shutdown sends SIGPWR to init, OL4 and OL5 have SysVInit, just
369 # make it do shutdown now instead of delaying 2 minutes. OL6 uses
370 # upstart, so we create an upstart job to handle SIGPWR to shut down
371 # cleanly. We use "init 0" instead of shutdown -h now to avoid SELinux
372 # permission denied when upstart's shutdown tries to connect to the
373 # /com/ubuntu/upstart socket.
374 if [ $container_release_major = "4" -o $container_release_major = "5" ]; then
375 sed -i 's|pf::powerfail:/sbin/shutdown -f -h +2 "Power Failure; |pf::powerfail:/sbin/shutdown -f -h now "|' $container_rootfs/etc/inittab
376 else
377 cat <<EOF > $container_rootfs/etc/init/power-status-changed.conf
378# power-status-changed - used to cleanly shut down the container
379#
380# This task is run whenever init receives SIGPWR
381# Used to shut down the machine.
382
383start on power-status-changed
384
385exec init 0
386EOF
387 fi
388
000559b5
DE		 389 # create required devices. note that /dev/console will be created by lxc
390 # or libvirt itself to be a symlink to the right pty.
708f4a80
SH		 391 # take care to not nuke /dev in case $container_rootfs isn't set
392 dev_path="$container_rootfs/dev"
393 if [ $container_rootfs != "/" -a -d $dev_path ]; then
14d9c0f0
SG		 394 rm -rf $dev_path
395 mkdir -p $dev_path
341c9718 396 if can_chcon; then
c944b920
DE		 397 # ensure symlinks created in /dev have the right context
398 chcon -t device_t $dev_path
399 fi
708f4a80
SH		 400 fi
401 mknod -m 666 $dev_path/null c 1 3
402 mknod -m 666 $dev_path/zero c 1 5
403 mknod -m 666 $dev_path/random c 1 8
404 mknod -m 666 $dev_path/urandom c 1 9
405 mkdir -m 755 $dev_path/pts
406 mkdir -m 1777 $dev_path/shm
407 mknod -m 666 $dev_path/tty c 5 0
408 mknod -m 666 $dev_path/tty0 c 4 0
409 mknod -m 666 $dev_path/tty1 c 4 1
410 mknod -m 666 $dev_path/tty2 c 4 2
411 mknod -m 666 $dev_path/tty3 c 4 3
412 mknod -m 666 $dev_path/tty4 c 4 4
708f4a80
SH		 413 mknod -m 666 $dev_path/full c 1 7
414 mknod -m 600 $dev_path/initctl p
415
da139233 416 # set selinux labels same as host
341c9718 417 if can_chcon; then
da139233
DE		 418 for node in null zero random urandom pts shm \
419 tty tty0 tty1 tty2 tty3 tty4 full ;
420 do
421 chcon --reference /dev/$node $dev_path/$node 2>/dev/null
422 done
423 fi
424
708f4a80
SH		 425 # start with a clean /var/log/messages
426 rm -f $container_rootfs/var/log/messages
427
428 # add oracle user, set root password
e35cb41b 429 chroot $container_rootfs useradd -m -s /bin/bash oracle
708f4a80
SH		 430 echo "oracle:oracle" | chroot $container_rootfs chpasswd
431 echo "root:root" | chroot $container_rootfs chpasswd
17abf278
ER		 432 printf "Added container user:\033[1moracle\033[0m password:\033[1moracle\033[0m\n"
433 printf "Added container user:\033[1mroot\033[0m password:\033[1mroot\033[0m\n"
708f4a80
SH		 434}
435
436# create the container's lxc config file
437container_config_create()
438{
439 echo "Create configuration file $cfg_dir/config"
9e69977f
DE		 440 mkdir -p $cfg_dir || die "unable to create config dir $cfg_dir"
441
442 echo "# Common configuration" >> $cfg_dir/config
443 if [ -e "@LXCTEMPLATECONFIG@/oracle.common.conf" ]; then
444 echo "lxc.include = @LXCTEMPLATECONFIG@/oracle.common.conf" >> $cfg_dir/config
445 fi
446
708f4a80
SH		 447 # generate a hwaddr for the container with a high mac address
448 # see http://sourceforge.net/tracker/?func=detail&aid=3411497&group_id=163076&atid=826303
449 local hwaddr="fe:`dd if=/dev/urandom bs=8 count=1 2>/dev/null |od -t x8 | \
1d1774b1 450 head -n 1 |awk '{print $2}' | cut -c1-10 |\
14d9c0f0 451 sed 's/\(..\)/\1:/g; s/.$//'`"
708f4a80 452 cat <<EOF >> $cfg_dir/config || die "unable to create $cfg_dir/config"
e35cb41b 453# Container configuration for Oracle Linux $container_release_major.$container_release_minor
708f4a80
SH		 454lxc.arch = $arch
455lxc.utsname = $name
b1dc05fd 456EOF
1897e3bc 457 grep -q "^lxc.rootfs" $cfg_dir/config 2>/dev/null || echo "lxc.rootfs = $container_rootfs" >> $cfg_dir/config
b1dc05fd 458
d378aebe
DE		 459 if [ $container_release_major != "4" ]; then
460 echo "lxc.cap.drop = sys_resource" >>$cfg_dir/config
461 fi
462
463 echo "# Networking" >>$cfg_dir/config
b1dc05fd
DE		 464 # see if the network settings were already specified
465 lxc_network_type=`grep '^lxc.network.type' $cfg_dir/config | awk -F'[= \t]+' '{ print $2 }'`
466 if [ -z "$lxc_network_type" -a \
483d21ff
SG		 467 \( $host_distribution = "OracleServer" -o \
468 $host_distribution = "Fedora" \) ]; then
14d9c0f0
SG		 469 echo "lxc.network.type = veth" >>$cfg_dir/config
470 echo "lxc.network.flags = up" >>$cfg_dir/config
471 echo "lxc.network.link = virbr0" >>$cfg_dir/config
b1dc05fd
DE		 472 fi
473
474 cat <<EOF >> $cfg_dir/config || die "unable to create $cfg_dir/config"
708f4a80
SH		 475lxc.network.name = eth0
476lxc.network.mtu = 1500
477lxc.network.hwaddr = $hwaddr
708f4a80
SH		 478EOF
479}
480
481container_rootfs_clone()
482{
483 if is_btrfs_subvolume $template_rootfs; then
14d9c0f0
SG		 484 # lxc-create already made $container_rootfs a btrfs subvolume, but
485 # in this case we want to snapshot the original subvolume so we we
486 # have to delete the one that lxc-create made
487 btrfs subvolume delete $container_rootfs
488 btrfs subvolume snapshot $template_rootfs $container_rootfs || die "btrfs clone template"
708f4a80 489 else
da139233
DE		 490 echo "Copying rootfs ..."
491 cp -axT $template_rootfs $container_rootfs || die "copy template"
708f4a80
SH		 492 fi
493}
494
495container_rootfs_create()
496{
497 cmds="rpm wget yum"
839af5b3 498 if [ $container_release_major -lt "6" ]; then
da139233 499 if [ $host_distribution = "Ubuntu" -o $host_distribution = "Debian" ]; then
14d9c0f0
SG		 500 db_dump_cmd="db5.1_dump"
501 db_load_cmd="db4.3_load"
502 fi
503 if [ $host_distribution = "OracleServer" -o \
504 $host_distribution = "Fedora" ]; then
505 db_dump_cmd="db_dump"
506 db_load_cmd="db43_load"
507 fi
508
509 cmds="$cmds $db_dump_cmd $db_load_cmd file"
708f4a80
SH		 510 fi
511 for cmd in $cmds; do
14d9c0f0
SG		 512 which $cmd >/dev/null 2>&1
513 if [ $? -ne 0 ]; then
514 die "The $cmd command is required, please install it"
515 fi
708f4a80
SH		 516 done
517
fe253caa 518 mkdir -p @LOCALSTATEDIR@/lock/subsys/lxc
708f4a80 519 (
17abf278 520 flock -x 9
14d9c0f0
SG		 521 if [ $? -ne 0 ]; then
522 die "The template is busy."
523 fi
524
e35cb41b 525 echo "Downloading release $container_release_major.$container_release_minor for $basearch"
14d9c0f0
SG		 526
527 # get yum repo file
c5b908a2
DE		 528 if [ -n "$repourl" ]; then
529 yum_url=$repourl
530 else
531 yum_url=http://public-yum.oracle.com
532 fi
839af5b3
DE		 533 if [ $container_release_major = "4" ]; then
534 repofile=public-yum-el4.repo
535 elif [ $container_release_major = "5" ]; then
14d9c0f0 536 repofile=public-yum-el5.repo
e35cb41b 537 elif [ $container_release_major = "6" ]; then
14d9c0f0
SG		 538 repofile=public-yum-ol6.repo
539 else
e35cb41b 540 die "Unsupported release $container_release_major"
14d9c0f0
SG		 541 fi
542 mkdir -p $container_rootfs/etc/yum.repos.d
c5b908a2 543 wget -q $yum_url/$repofile -O $container_rootfs/etc/yum.repos.d/$repofile
14d9c0f0 544 if [ $? -ne 0 ]; then
c5b908a2 545 die "Failed to download repo file $yum_url/$repofile"
14d9c0f0
SG		 546 fi
547
548 # yum will take $basearch from host, so force the arch we want
549 sed -i "s|\$basearch|$basearch|" $container_rootfs/etc/yum.repos.d/$repofile
550
551 # replace url if they specified one
552 if [ -n "$repourl" ]; then
553 sed -i "s|baseurl=http://public-yum.oracle.com/repo|baseurl=$repourl/repo|" $container_rootfs/etc/yum.repos.d/$repofile
554 sed -i "s|gpgkey=http://public-yum.oracle.com|gpgkey=$repourl|" $container_rootfs/etc/yum.repos.d/$repofile
555 fi
556
557 # disable all repos, then enable the repo for the version we are installing.
e35cb41b 558 if [ $container_release_minor = "latest" ]; then
839af5b3
DE		 559 if [ $container_release_major = "4" -o $container_release_major = "5" ]; then
560 repo="el"$container_release_major"_"$container_release_minor
14d9c0f0 561 else
e35cb41b 562 repo="ol"$container_release_major"_"$container_release_minor
14d9c0f0 563 fi
839af5b3 564 elif [ $container_release_major = "6" ]; then
da139233
DE		 565 if [ $container_release_minor = "0" ]; then
566 repo="ol"$container_release_major"_ga_base"
567 else
568 repo="ol"$container_release_major"_u"$container_release_minor"_base"
569 fi
839af5b3 570 elif [ $container_release_major = "5" ]; then
da139233
DE		 571 if [ $container_release_minor = "0" ]; then
572 repo="el"$container_release_major"_ga_base"
573 elif [ $container_release_minor -lt "6" ]; then
839af5b3
DE		 574 repo="el"$container_release_major"_u"$container_release_minor"_base"
575 else
576 repo="ol"$container_release_major"_u"$container_release_minor"_base"
577 fi
578 elif [ $container_release_major = "4" -a $container_release_minor -gt "5" ]; then
579 repo="el"$container_release_major"_u"$container_release_minor"_base"
580 else
581 die "Unsupported release $container_release_major.$container_release_minor"
14d9c0f0
SG		 582 fi
583 sed -i "s|enabled=1|enabled=0|" $container_rootfs/etc/yum.repos.d/$repofile
584 sed -i "/\[$repo\]/,/\[/ s/enabled=0/enabled=1/" $container_rootfs/etc/yum.repos.d/$repofile
585
586 # create rpm db, download and yum install minimal packages
587 mkdir -p $container_rootfs/var/lib/rpm
588 rpm --root $container_rootfs --initdb
da139233 589 yum_args="--installroot $container_rootfs --disablerepo=* --enablerepo=$repo -y --nogpgcheck"
5e00ff01 590 min_pkgs="yum initscripts passwd rsyslog vim-minimal openssh-server openssh-clients dhclient chkconfig rootfiles policycoreutils oraclelinux-release"
14d9c0f0 591
da139233
DE		 592 # we unshare the mount namespace because yum installing the ol4
593 # packages causes $rootfs/proc to be mounted on
9eee2f77 594 lxc-unshare -s MOUNT yum -- $yum_args install $min_pkgs $user_pkgs
14d9c0f0
SG		 595 if [ $? -ne 0 ]; then
596 die "Failed to download and install the rootfs, aborting."
597 fi
598
599 # rsyslog and pam depend on coreutils for some common commands in
600 # their POSTIN scriptlets, but coreutils wasn't installed yet. now
601 # that coreutils is installed, reinstall the packages so their POSTIN
602 # runs right. similarly, libutempter depends on libselinux.so.1 when
603 # it runs /usr/sbin/groupadd, so reinstall it too
da139233 604 redo_pkgs=""
e35cb41b 605 if [ $container_release_major = "5" ]; then
da139233
DE		 606 if [ $container_release_minor = "latest" ]; then
607 redo_pkgs="pam rsyslog libutempter"
608 elif [ $container_release_minor -lt 2 ]; then
609 redo_pkgs="pam"
610 elif [ $container_release_minor -lt 6 ]; then
611 redo_pkgs="pam rsyslog"
612 elif [ $container_release_minor -gt 5 ]; then
613 redo_pkgs="pam rsyslog libutempter"
839af5b3 614 fi
da139233
DE		 615 fi
616 # shadow utils fails on ol4 and ol6.1
617 if [ $container_release_major = "4" -o \
618 $container_release_major = "6" -a $container_release_minor = "1" ]; then
619 redo_pkgs="shadow-utils"
620 fi
621 if [ x"$redo_pkgs" != x ]; then
839af5b3 622 rpm --root $container_rootfs --nodeps -e $redo_pkgs
da139233 623 yum $yum_args install $redo_pkgs
14d9c0f0
SG		 624 if [ $? -ne 0 ]; then
625 die "Unable to reinstall packages"
626 fi
627 fi
628
629 # these distributions put the rpm database in a place the guest is
630 # not expecting it, so move it
da139233 631 if [ $host_distribution = "Ubuntu" -o $host_distribution = "Debian" ]; then
1ff8a460 632 mv $container_rootfs/$HOME/.rpmdb/* $container_rootfs/var/lib/rpm
14d9c0f0
SG		 633 fi
634
635 # if the native rpm created the db with Hash version 9, we need to
636 # downgrade it to Hash version 8 for use with OL5.x
637 db_version=`file $container_rootfs/var/lib/rpm/Packages | \
638 grep -o 'version [0-9]*' |awk '{print $2}'`
839af5b3 639 if [ $container_release_major -lt "6" -a $db_version != "8" ]; then
14d9c0f0
SG		 640 echo "Fixing (downgrading) rpm database from version $db_version"
641 rm -f $container_rootfs/var/lib/rpm/__db*
642 for db in $container_rootfs/var/lib/rpm/* ; do
643 $db_dump_cmd $db |$db_load_cmd $db.new
644 mv $db.new $db
645 done
646 fi
647
648 # the host rpm may not be the same as the guest, rebuild the db with
649 # the guest rpm version
650 echo "Rebuilding rpm database"
651 rm -f $container_rootfs/var/lib/rpm/__db*
652 chroot $container_rootfs rpm --rebuilddb >/dev/null 2>&1
839af5b3 653
17abf278 654 ) 9>@LOCALSTATEDIR@/lock/subsys/lxc-oracle-$name
708f4a80
SH		 655}
656
e35cb41b
DE		 657container_release_get()
658{
659 if [ -f $1/etc/oracle-release ]; then
660 container_release_version=`cat $1/etc/oracle-release |awk '/^Oracle/ {print $5}'`
661 container_release_major=`echo $container_release_version |awk -F '.' '{print $1}'`
662 container_release_minor=`echo $container_release_version |awk -F '.' '{print $2}'`
839af5b3 663 elif grep -q "Enterprise Linux AS" $1/etc/redhat-release; then
e35cb41b
DE		 664 container_release_major=`cat $1/etc/redhat-release |awk '{print $7}'`
665 container_release_minor=`cat $1/etc/redhat-release |awk '{print $10}' |tr -d ")"`
666 container_release_version="$container_release_major.$container_release_minor"
839af5b3
DE		 667 elif grep -q "Enterprise Linux Server" $1/etc/redhat-release; then
668 container_release_version=`cat $1/etc/redhat-release |awk '{print $7}'`
669 container_release_major=`echo $container_release_version |awk -F '.' '{print $1}'`
670 container_release_minor=`echo $container_release_version |awk -F '.' '{print $2}'`
e35cb41b
DE		 671 else
672 echo "Unable to determine container release version"
673 exit 1
674 fi
675}
676
708f4a80
SH		 677usage()
678{
679 cat <<EOF
483d21ff 680 -a|--arch=<arch> architecture (ie. i386, x86_64)
708f4a80 681 -R|--release=<release> release to download for the new container
1897e3bc 682 --rootfs=<path> rootfs path
9eee2f77 683 -r|--rpms=<rpm name> additional rpms to install into container
708f4a80
SH		 684 -u|--url=<url> replace yum repo url (ie. local yum mirror)
685 -t|--templatefs=<path> copy/clone rootfs at path instead of downloading
7ceebfd1 686 -P|--patch=<path> only patch the rootfs at path for use as a container
708f4a80
SH		 687 -h|--help
688
689Release is of the format "major.minor", for example "5.8", "6.3", or "6.latest"
690EOF
691 return 0
692}
693
7ceebfd1 694options=$(getopt -o hp:n:a:R:r:u:t: -l help,rootfs:,path:,name:,arch:,release:,rpms:,url:,templatefs:,patch: -- "$@")
708f4a80
SH		 695if [ $? -ne 0 ]; then
696 usage $(basename $0)
697 exit 1
698fi
699
ed4616b1 700arch=$(uname -m)
708f4a80
SH		 701eval set -- "$options"
702while true
703do
704 case "$1" in
14d9c0f0
SG		 705 -h|--help) usage $0 && exit 0;;
706 -p|--path) cfg_dir=$2; shift 2;;
1897e3bc 707 --rootfs) container_rootfs=$2; shift 2;;
14d9c0f0
SG		 708 -n|--name) name=$2; shift 2;;
709 -a|--arch) arch=$2; shift 2;;
e35cb41b 710 -R|--release) container_release_version=$2; shift 2;;
9eee2f77
DE		 711 -r|--rpms) user_pkgs=$2; shift 2;;
712 -u|--url) repourl=$2; shift 2;;
14d9c0f0 713 -t|--templatefs) template_rootfs=$2; shift 2;;
7ceebfd1 714 --patch) patch_rootfs=$2; shift 2;;
14d9c0f0 715 --) shift 1; break ;;
708f4a80
SH		 716 *) break ;;
717 esac
718done
719
720# make sure mandatory args are given and valid
721if [ "$(id -u)" != "0" ]; then
722 echo "This script should be run as 'root'"
723 exit 1
724fi
725
7ceebfd1
DE		 726if [ -n "$patch_rootfs" ]; then
727 container_rootfs="$patch_rootfs"
728 container_release_get $container_rootfs
729 container_rootfs_patch
730 exit 0
731fi
732
708f4a80
SH		 733if [ -z $name ]; then
734 echo "Container name must be given"
735 usage
736 exit 1
737fi
738
739if [ -z $cfg_dir ]; then
740 echo "Configuration directory must be given, check lxc-create"
741 usage
742 exit 1
743fi
744
745basearch=$arch
746if [ "$arch" = "i686" ]; then
747 basearch="i386"
748fi
749
483d21ff
SG		 750if [ "$arch" != "i386" -a "$arch" != "x86_64" ]; then
751 echo "Bad architecture given, check lxc-create"
752 usage
753 exit 1
754fi
755
b90270a5
DE		 756if which lsb_release >/dev/null 2>&1; then
757 host_distribution=`lsb_release --id |awk '{print $3}'`
758 host_release_version=`lsb_release --release |awk '{print $2}'`
759 host_release_major=`echo $host_release_version |awk -F '.' '{print $1}'`
760 host_release_minor=`echo $host_release_version |awk -F '.' '{print $2}'`
761else
483d21ff
SG		 762 if [ -f /etc/fedora-release ]; then
763 host_distribution="Fedora"
764 host_release_version=`cat /etc/fedora-release |awk '{print $3}'`
765 host_release_major=$host_release_version
766 host_release_minor=0
767 elif [ -f /etc/oracle-release ]; then
768 host_distribution="OracleServer"
769 host_release_version=`cat /etc/oracle-release |awk '{print $5}'`
770 host_release_major=`echo $host_release_version |awk -F '.' '{print $1}'`
771 host_release_minor=`echo $host_release_version |awk -F '.' '{print $2}'`
772 else
773 echo "Unable to determine host distribution, ensure lsb_release is installed"
774 exit 1
775 fi
b90270a5
DE		 776fi
777echo "Host is $host_distribution $host_release_version"
708f4a80 778
1897e3bc
SH		 779if [ -z "$container_rootfs" ]; then
780 container_rootfs="$cfg_dir/rootfs"
781fi
da139233
DE		 782
783if [ -n "$template_rootfs" ]; then
784 container_release_get $template_rootfs
785else
786 if [ -z "$container_release_version" ]; then
787 if [ $host_distribution = "OracleServer" ]; then
788 container_release_version=$host_release_version
789 else
56347672
DE		 790 echo "No release specified with -R, defaulting to 6.5"
791 container_release_version="6.5"
da139233
DE		 792 fi
793 fi
794 container_release_major=`echo $container_release_version |awk -F '.' '{print $1}'`
795 container_release_minor=`echo $container_release_version |awk -F '.' '{print $2}'`
796fi
708f4a80
SH		 797
798container_config_create
799if [ -n "$template_rootfs" ]; then
800 container_rootfs_clone
801else
802 container_rootfs_create
803fi
804
e35cb41b 805container_release_get $container_rootfs
708f4a80
SH		 806
807container_rootfs_configure
808
809echo "Container : $container_rootfs"
810echo "Config : $cfg_dir/config"
811echo "Network : eth0 ($lxc_network_type) on $lxc_network_link"
LXC mirror