]>
Commit | Line | Data |
---|---|---|
17abf278 | 1 | #!/bin/sh |
708f4a80 SH |
2 | # |
3 | # Template script for generating Oracle Enterprise Linux container for LXC | |
4 | # based on lxc-fedora, lxc-ubuntu | |
5 | # | |
8cd80b50 SG |
6 | # Copyright © 2011 Wim Coekaerts <wim.coekaerts@oracle.com> |
7 | # Copyright © 2012 Dwight Engen <dwight.engen@oracle.com> | |
708f4a80 SH |
8 | # |
9 | # Modified for Oracle Linux 5 | |
10 | # Wim Coekaerts <wim.coekaerts@oracle.com> | |
11 | # | |
c937991e | 12 | # Modified for Oracle Linux 6,7 combined OL4,5,6 into one template script |
708f4a80 SH |
13 | # Dwight Engen <dwight.engen@oracle.com> |
14 | # | |
15 | # This library is free software; you can redistribute it and/or | |
16 | # modify it under the terms of the GNU Lesser General Public | |
17 | # License as published by the Free Software Foundation; either | |
18 | # version 2.1 of the License, or (at your option) any later version. | |
19 | # | |
20 | # This library is distributed in the hope that it will be useful, | |
21 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
22 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
23 | # Lesser General Public License for more details. | |
24 | # | |
25 | # You should have received a copy of the GNU Lesser General Public | |
26 | # License along with this library; if not, write to the Free Software | |
250b1eec | 27 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
708f4a80 SH |
28 | # |
29 | ||
8ec981fc | 30 | # Detect use under userns (unsupported) |
c63c04fc | 31 | for arg in "$@"; do |
96283b54 SG |
32 | [ "$arg" = "--" ] && break |
33 | if [ "$arg" = "--mapped-uid" -o "$arg" = "--mapped-gid" ]; then | |
8ec981fc SG |
34 | echo "This template can't be used for unprivileged containers." 1>&2 |
35 | echo "You may want to try the \"download\" template instead." 1>&2 | |
36 | exit 1 | |
37 | fi | |
38 | done | |
39 | ||
207bf0e4 SG |
40 | # Make sure the usual locations are in PATH |
41 | export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin | |
42 | ||
708f4a80 SH |
43 | # use virbr0 that is setup by default by libvirtd |
44 | lxc_network_type=veth | |
45 | lxc_network_link=virbr0 | |
46 | ||
47 | die() | |
48 | { | |
49 | echo "failed: $1" | |
50 | exit 1 | |
51 | } | |
52 | ||
53 | is_btrfs_subvolume() | |
54 | { | |
55 | if which btrfs >/dev/null 2>&1 && \ | |
56 | btrfs subvolume list "$1" >/dev/null 2>&1; then | |
14d9c0f0 | 57 | return 0 |
708f4a80 SH |
58 | fi |
59 | return 1 | |
60 | } | |
61 | ||
341c9718 DE |
62 | can_chcon() |
63 | { | |
64 | if which chcon >/dev/null 2>&1; then | |
65 | selinuxenabled >/dev/null 2>&1 | |
66 | return $? | |
67 | fi | |
68 | return 1 | |
69 | } | |
70 | ||
708f4a80 | 71 | # fix up the container_rootfs |
7ceebfd1 | 72 | container_rootfs_patch() |
708f4a80 | 73 | { |
7ceebfd1 DE |
74 | echo "Patching container rootfs $container_rootfs for Oracle Linux $container_release_major.$container_release_minor" |
75 | ||
76 | # copy ourself into the container to be used to --patch the rootfs when | |
77 | # yum update on certain packages is done. we do this here instead of in | |
78 | # container_rootfs_configure() in case the patching done in this function | |
79 | # is updated in the future, we can inject the updated version of ourself | |
80 | # into older containers. | |
81 | if [ $container_rootfs != "/" ]; then | |
82 | cp -f `readlink -f $0` $container_rootfs/usr/bin/lxc-patch | |
83 | if [ $container_release_major -lt "6" ]; then | |
84 | mkdir -p $container_rootfs/usr/lib/yum-plugins | |
85 | cp @DATADIR@/lxc/lxc-patch.py $container_rootfs/usr/lib/yum-plugins | |
86 | fi | |
c937991e | 87 | if [ $container_release_major -ge "6" ]; then |
7ceebfd1 DE |
88 | mkdir -p $container_rootfs/usr/share/yum-plugins |
89 | cp @DATADIR@/lxc/lxc-patch.py $container_rootfs/usr/share/yum-plugins | |
90 | fi | |
91 | mkdir -p $container_rootfs/etc/yum/pluginconf.d | |
92 | cat <<EOF > $container_rootfs/etc/yum/pluginconf.d/lxc-patch.conf | |
93 | [main] | |
94 | enabled=1 | |
c937991e | 95 | packages=dbus,initscripts,iptables,openssh-server,setup,selinux-policy,readahead,udev,util-linux,util-linux-ng |
7ceebfd1 DE |
96 | EOF |
97 | fi | |
98 | ||
99 | if [ $container_release_major = "4" ]; then | |
100 | # yum plugin type of TYPE_INTERFACE works in all releases but gives a | |
101 | # deprecation warning on major > 4, so we default to TYPE_INTERACTIVE | |
102 | # and fix it up here | |
103 | sed -i 's|TYPE_INTERACTIVE|TYPE_INTERFACE|' $container_rootfs/usr/lib/yum-plugins/lxc-patch.py | |
104 | if [ -f $container_rootfs/etc/yum.repos.d/ULN-Base.repo ]; then | |
105 | mv $container_rootfs/etc/yum.repos.d/ULN-Base.repo \ | |
106 | $container_rootfs/etc/yum.repos.d/ULN-Base.repo.lxc-disabled | |
107 | fi | |
108 | echo "plugins = 1" >>$container_rootfs/etc/yum.conf | |
109 | fi | |
708f4a80 | 110 | |
31f38b17 DE |
111 | # "disable" selinux in the guest. The policy in the container isn't |
112 | # likely to match the hosts (unless host == guest exactly) and the | |
113 | # kernel can only be enforcing one policy. | |
114 | # | |
115 | # The OL 5 init honors /etc/selinux/config, but note that | |
708f4a80 SH |
116 | # this doesnt actually disable it if it's enabled in the host, since |
117 | # libselinux::is_selinux_enabled() in the guest will check | |
118 | # /proc/filesystems and see selinuxfs, thus reporting that it is on | |
31f38b17 DE |
119 | # (ie. check the output of sestatus in the guest). We also replace |
120 | # /usr/sbin/selinuxenabled with a symlink to /bin/false so that init | |
121 | # scripts (ie. mcstransd) that call that think selinux is disabled. | |
708f4a80 SH |
122 | mkdir -p $container_rootfs/selinux |
123 | echo 0 > $container_rootfs/selinux/enforce | |
124 | if [ -e $container_rootfs/etc/selinux/config ]; then | |
14d9c0f0 | 125 | sed -i 's|SELINUX=enforcing|SELINUX=disabled|' $container_rootfs/etc/selinux/config |
708f4a80 | 126 | else |
c01c25fc | 127 | mkdir -p $container_rootfs/etc/selinux |
14d9c0f0 | 128 | echo "SELINUX=disabled" >$container_rootfs/etc/selinux/config |
708f4a80 | 129 | fi |
da139233 DE |
130 | sed -i 's|session[ \t]*required[ \t]*pam_selinux.so[ \t]*close|#session required pam_selinux.so close|' $container_rootfs/etc/pam.d/login |
131 | sed -i 's|session[ \t]*required[ \t]*pam_selinux.so[ \t]*open|#session required pam_selinux.so open|' $container_rootfs/etc/pam.d/login | |
5b457f7b DE |
132 | sed -i 's|session[ \t]*required[ \t]*pam_selinux.so[ \t]*close|#session required pam_selinux.so close|' $container_rootfs/etc/pam.d/sshd |
133 | sed -i 's|session[ \t]*required[ \t]*pam_selinux.so[ \t]*open|#session required pam_selinux.so open|' $container_rootfs/etc/pam.d/sshd | |
eff9177f DE |
134 | |
135 | # setting /proc/$$/loginuid doesn't work under user namespace, which | |
136 | # prevents logins from working | |
137 | sed -i 's|session[ \t]*required[ \t]*pam_loginuid.so|#session required pam_loginuid.so|' $container_rootfs/etc/pam.d/sshd | |
da139233 | 138 | sed -i 's|session[ \t]*required[ \t]*pam_loginuid.so|#session required pam_loginuid.so|' $container_rootfs/etc/pam.d/login |
000559b5 | 139 | |
31f38b17 DE |
140 | if [ -f $container_rootfs/usr/sbin/selinuxenabled ]; then |
141 | mv $container_rootfs/usr/sbin/selinuxenabled $container_rootfs/usr/sbin/selinuxenabled.lxcorig | |
142 | ln -s /bin/false $container_rootfs/usr/sbin/selinuxenabled | |
143 | fi | |
144 | ||
c937991e DE |
145 | # ensure /dev/ptmx refers to the newinstance devpts of the container, or |
146 | # pty's will get crossed up with the hosts (https://lkml.org/lkml/2012/1/23/512) | |
147 | rm -f $container_rootfs/dev/ptmx | |
148 | ln -s pts/ptmx $container_rootfs/dev/ptmx | |
149 | ||
150 | # OL7 has systemd, no rc.sysinit | |
151 | if [ $container_release_major = "7" ]; then | |
152 | # from mhw in the fedora template: We do need to disable the | |
153 | # "ConditionalPathExists=/dev/tty0" line or no gettys are started on | |
154 | # the ttys in the container. Lets do it in an override copy of the | |
155 | # service so it can still pass rpm verifies and not be automatically | |
156 | # updated by a new systemd version. | |
157 | sed -e 's/^ConditionPathExists=/#LXC ConditionPathExists=/' \ | |
158 | < $container_rootfs/usr/lib/systemd/system/getty\@.service \ | |
159 | > $container_rootfs/etc/systemd/system/getty\@.service | |
160 | # Setup getty service on the 4 ttys we are going to allow in the | |
161 | # default config. Number should match lxc.tty | |
162 | ( cd $container_rootfs/etc/systemd/system/getty.target.wants | |
163 | for i in 1 2 3 4 ; do ln -sf ../getty\@.service getty@tty${i}.service; done ) | |
5f2ea8cf DE |
164 | # We only want to spawn a getty on /dev/console in lxc, libvirt-lxc |
165 | # symlinks /dev/console to /dev/tty1 | |
166 | sed -i '/Before=getty.target/a ConditionVirtualization=lxc' $container_rootfs/usr/lib/systemd/system/console-getty.service | |
c937991e DE |
167 | |
168 | # disable some systemd services, set default boot, sigpwr target | |
169 | rm -f $container_rootfs/usr/lib/systemd/system/sysinit.target.wants/kmod-static-nodes.service | |
170 | chroot $container_rootfs systemctl -q disable graphical.target | |
171 | chroot $container_rootfs systemctl -q enable multi-user.target | |
172 | if [ ! -e $container_rootfs/etc/systemd/system/sigpwr.target ]; then | |
173 | chroot $container_rootfs ln -s /usr/lib/systemd/system/halt.target /etc/systemd/system/sigpwr.target | |
174 | fi | |
175 | ||
176 | # systemd in userns won't be able to set /proc/self/oom_score_adj which | |
177 | # prevents the dbus service from starting | |
178 | sed -i 's|^OOMScoreAdjust|#LXC OOMScoreAdjust|' $container_rootfs/usr/lib/systemd/system/dbus.service | |
179 | return | |
180 | fi | |
181 | ||
da139233 DE |
182 | # silence error in checking for selinux |
183 | sed -i 's|cat /proc/self/attr/current|cat /proc/self/attr/current 2>/dev/null|' $container_rootfs/etc/rc.sysinit | |
184 | sed -i 's|cat /proc/self/attr/current|cat /proc/self/attr/current 2>/dev/null|' $container_rootfs/etc/rc.d/rc.sysinit | |
708f4a80 | 185 | |
eff9177f DE |
186 | # on ol4 pam_limits prevents logins when using user namespaces |
187 | if [ $container_release_major = "4" ]; then | |
188 | sed -i 's|session[ \t]*required[ \t]*/lib/security/\$ISA/pam_limits.so|#session required /lib/security/$ISA/pam_limits.so|' $container_rootfs/etc/pam.d/system-auth | |
189 | fi | |
190 | ||
da139233 DE |
191 | # avoid error in ol5 attempting to copy non-existent resolv.conf |
192 | if [ $container_release_major = "5" ]; then | |
193 | sed -i 's|resolv.conf.predhclient|resolv.conf.predhclient 2>/dev/null|' $container_rootfs/sbin/dhclient-script | |
194 | fi | |
195 | ||
e35cb41b DE |
196 | # disable interactive ovmd asking questions |
197 | if [ -f $container_rootfs/etc/sysconfig/ovmd ]; then | |
198 | sed -i 's|INITIAL_CONFIG=yes|INITIAL_CONFIG=no|' $container_rootfs/etc/sysconfig/ovmd | |
199 | fi | |
200 | ||
7ceebfd1 DE |
201 | # disable disabling of ipv4 forwarding and defrag on shutdown since |
202 | # we mount /proc/sys ro | |
203 | if [ $container_release_major = "5" ]; then | |
204 | sed -i 's|-f /proc/sys/net/ipv4/ip_forward|-w /proc/sys/net/ipv4/ip_forward|' $container_rootfs/etc/rc.d/init.d/network | |
205 | sed -i 's|-f /proc/sys/net/ipv4/ip_always_defrag|-w /proc/sys/net/ipv4/ip_always_defrag|' $container_rootfs/etc/rc.d/init.d/network | |
206 | fi | |
708f4a80 | 207 | |
da139233 | 208 | # disable ipv6 on ol6 |
7060353a | 209 | rm -f $container_rootfs/etc/sysconfig/network-scripts/init.ipv6-global |
708f4a80 | 210 | |
708f4a80 SH |
211 | # remove module stuff for iptables it just shows errors that are not |
212 | # relevant in a container | |
213 | if [ -f "$container_rootfs/etc/sysconfig/iptables-config" ]; then | |
14d9c0f0 SG |
214 | sed -i 's|IPTABLES_MODULES=".*|IPTABLES_MODULES=""|' $container_rootfs/etc/sysconfig/iptables-config |
215 | sed -i 's|IPTABLES_MODULES_UNLOAD=".*|IPTABLES_MODULES_UNLOAD="no"|' $container_rootfs/etc/sysconfig/iptables-config | |
708f4a80 SH |
216 | fi |
217 | ||
218 | # disable readahead in the container | |
219 | if [ $container_release_major = "6" -a -e $container_rootfs/etc/sysconfig/readahead ]; then | |
14d9c0f0 SG |
220 | rm -f $container_rootfs/etc/init/readahead-collector.conf |
221 | rm -f $container_rootfs/etc/init/readahead-disable-services.conf | |
222 | sed -i 's|READAHEAD="yes"|READAHEAD="no"|' $container_rootfs/etc/sysconfig/readahead | |
708f4a80 SH |
223 | fi |
224 | ||
e35cb41b DE |
225 | if [ $container_release_major = "4" ]; then |
226 | # enable fastboot always | |
227 | sed -i 's|\[ -f /fastboot \]|/bin/true|' $container_rootfs/etc/rc.sysinit | |
228 | sed -i 's|\[ -f /fastboot \]|/bin/true|' $container_rootfs/etc/rc.d/rc.sysinit | |
229 | ||
230 | # dont attempt to set kernel parameters | |
231 | sed -i 's|action $"Configuring kernel parameters|# LXC action $"Configuring kernel parameters|' $container_rootfs/etc/rc.sysinit | |
232 | sed -i 's|action $"Configuring kernel parameters|# LXC action $"Configuring kernel parameters|' $container_rootfs/etc/rc.d/rc.sysinit | |
839af5b3 DE |
233 | sed -i 's|action $"Setting network parameters|# LXC action $"Setting network parameters|' $container_rootfs/etc/init.d/network 2>/dev/null |
234 | sed -i 's|action $"Setting network parameters|# LXC action $"Setting network parameters|' $container_rootfs/etc/init.d/NetworkManager 2>/dev/null | |
e35cb41b DE |
235 | fi |
236 | ||
da139233 DE |
237 | # no need to attempt to mount / |
238 | sed -i 's|mount -f /$|# LXC mount -f /|' $container_rootfs/etc/rc.sysinit | |
239 | sed -i 's|mount -f /$|# LXC mount -f /|' $container_rootfs/etc/rc.d/rc.sysinit | |
240 | sed -i 's|action \$"Remounting root filesystem|/bin/true # LXC action $"Remounting root filesystem|' $container_rootfs/etc/rc.sysinit | |
241 | sed -i 's|action \$"Remounting root filesystem|/bin/true # LXC action $"Remounting root filesystem|' $container_rootfs/etc/rc.d/rc.sysinit | |
242 | ||
708f4a80 | 243 | # disable udev in the container |
e35cb41b DE |
244 | if [ $container_release_major = "4" ]; then |
245 | sed -i 's|\[ -x /sbin/start_udev \]|# LXC no udev|' $container_rootfs/etc/rc.sysinit | |
246 | sed -i 's|\[ -x /sbin/start_udev \]|# LXC no udev|' $container_rootfs/etc/rc.d/rc.sysinit | |
247 | else | |
248 | sed -i 's|.sbin.start_udev||' $container_rootfs/etc/rc.sysinit | |
249 | sed -i 's|.sbin.start_udev||' $container_rootfs/etc/rc.d/rc.sysinit | |
250 | fi | |
708f4a80 SH |
251 | |
252 | # disable nash raidautorun in the container since no /dev/md* | |
e35cb41b | 253 | if [ $container_release_major = "4" -o $container_release_major = "5" ]; then |
14d9c0f0 SG |
254 | sed -i 's|echo "raidautorun /dev/md0"|echo ""|' $container_rootfs/etc/rc.sysinit |
255 | sed -i 's|echo "raidautorun /dev/md0"|echo ""|' $container_rootfs/etc/rc.d/rc.sysinit | |
708f4a80 SH |
256 | fi |
257 | ||
258 | # prevent rc.sysinit from attempting to loadkeys | |
e35cb41b | 259 | if [ \( $container_release_major = "4" -o $container_release_major = "5" \) -a -e $container_rootfs/etc/sysconfig/keyboard ]; then |
14d9c0f0 | 260 | rm $container_rootfs/etc/sysconfig/keyboard |
708f4a80 SH |
261 | fi |
262 | ||
e35cb41b DE |
263 | # dont use the hwclock, it messes up the host's time |
264 | if [ $container_release_major = "4" ]; then | |
265 | sed -i 's|runcmd $"Syncing hardware clock|# LXC no hwclock runcmd $"Syncing hardware clock|' $container_rootfs/etc/rc.d/init.d/halt | |
266 | else | |
267 | sed -i 's|\[ -x /sbin/hwclock|\[ 0 -eq 1|' $container_rootfs/etc/rc.d/init.d/halt | |
268 | fi | |
da139233 DE |
269 | sed -i 's|^\[ -x /sbin/hwclock|\[ 0 -eq 1|' $container_rootfs/etc/rc.sysinit |
270 | sed -i 's|^\[ -x /sbin/hwclock|\[ 0 -eq 1|' $container_rootfs/etc/rc.d/rc.sysinit | |
271 | sed -i 's|^/sbin/hwclock|# LXC /sbin/nohwclock|' $container_rootfs/etc/rc.sysinit | |
272 | sed -i 's|^/sbin/hwclock|# LXC /sbin/nohwclock|' $container_rootfs/etc/rc.d/rc.sysinit | |
708f4a80 SH |
273 | |
274 | # dont start lvm | |
7ceebfd1 DE |
275 | if [ $container_release_major -lt "6" -a -f $container_rootfs/sbin/lvm.static ]; then |
276 | mv $container_rootfs/sbin/lvm.static $container_rootfs/sbin/lvm.static.lxc-disabled | |
277 | fi | |
278 | if [ $container_release_major = "6" ]; then | |
279 | touch $container_rootfs/.nolvm | |
280 | fi | |
708f4a80 SH |
281 | |
282 | # fix assumptions that plymouth is available | |
283 | sed -i 's|\[ "$PROMPT" != no \] && plymouth|[ "$PROMPT" != no ] \&\& [ -n "$PLYMOUTH" ] \&\& plymouth|' $container_rootfs/etc/rc.sysinit | |
284 | sed -i 's|\[ "$PROMPT" != no \] && plymouth|[ "$PROMPT" != no ] \&\& [ -n "$PLYMOUTH" ] \&\& plymouth|' $container_rootfs/etc/rc.d/rc.sysinit | |
7060353a DE |
285 | rm -f $container_rootfs/etc/init/plymouth-shutdown.conf |
286 | rm -f $container_rootfs/etc/init/quit-plymouth.conf | |
287 | rm -f $container_rootfs/etc/init/splash-manager.conf | |
708f4a80 | 288 | |
7ceebfd1 DE |
289 | # dont try to unmount /dev/lxc devices |
290 | sed -i 's|&& $1 !~ /^\\/dev\\/ram/|\&\& $2 !~ /^\\/dev\\/lxc/ \&\& $1 !~ /^\\/dev\\/ram/|' $container_rootfs/etc/init.d/halt | |
291 | ||
292 | # don't try to unmount swap | |
293 | sed -i 's|\[ -f /proc/swaps \]|# LXC [ -f /proc/swaps ]|' $container_rootfs/etc/init.d/halt | |
294 | ||
c937991e DE |
295 | # sem_open(3) checks that /dev/shm is SHMFS_SUPER_MAGIC, so make sure to |
296 | # mount /dev/shm (normally done by dracut initrd) as tmpfs | |
297 | if [ $container_release_major = "4" -o $container_release_major = "5" ]; then | |
298 | grep -q "mount -t tmpfs tmpfs /dev/shm" $container_rootfs/etc/rc.sysinit | |
299 | if [ $? -eq 1 ]; then | |
300 | echo "mount -t tmpfs tmpfs /dev/shm" >>$container_rootfs/etc/rc.sysinit | |
301 | echo "mount -t tmpfs tmpfs /dev/shm" >>$container_rootfs/etc/rc.d/rc.sysinit | |
302 | fi | |
303 | fi | |
304 | if [ $container_release_major = "6" ]; then | |
305 | sed -i 's|mount -n -o remount /dev/shm >/dev/null 2>&1$|mount -t tmpfs tmpfs /dev/shm # LXC|' $container_rootfs/etc/rc.sysinit | |
306 | sed -i 's|mount -n -o remount /dev/shm >/dev/null 2>&1$|mount -t tmpfs tmpfs /dev/shm # LXC|' $container_rootfs/etc/rc.d/rc.sysinit | |
307 | fi | |
308 | ||
7ceebfd1 DE |
309 | # there might be other services that are useless but the below set is a good start |
310 | # some of these might not exist in the image, so we silence chkconfig complaining | |
311 | # about the service file not being found | |
312 | for service in \ | |
313 | acpid apmd auditd autofs cpuspeed dund gpm haldaemon hidd \ | |
314 | ip6tables irqbalance iscsi iscsid isdn kdump kudzu \ | |
315 | lm_sensors lvm2-monitor mdmonitor microcode_ctl \ | |
316 | ntpd pcmcia postfix sendmail udev-post xfs ; | |
317 | do | |
318 | chroot $container_rootfs chkconfig 2>/dev/null $service off | |
319 | done | |
320 | ||
321 | for service in rsyslog ; | |
322 | do | |
323 | chroot $container_rootfs chkconfig 2>/dev/null $service on | |
324 | done | |
7ceebfd1 DE |
325 | } |
326 | ||
327 | container_rootfs_configure() | |
328 | { | |
329 | container_rootfs_patch | |
330 | echo "Configuring container for Oracle Linux $container_release_major.$container_release_minor" | |
331 | ||
332 | # configure the network to use dhcp. we set DHCP_HOSTNAME so the guest | |
333 | # will report its name and be resolv'able by the hosts dnsmasq | |
334 | cat <<EOF > $container_rootfs/etc/sysconfig/network-scripts/ifcfg-eth0 | |
335 | DEVICE=eth0 | |
336 | BOOTPROTO=dhcp | |
337 | ONBOOT=yes | |
338 | HOSTNAME=$name | |
339 | DHCP_HOSTNAME=$name | |
340 | NM_CONTROLLED=no | |
341 | TYPE=Ethernet | |
342 | EOF | |
343 | ||
344 | # set the hostname | |
fd4d297d DE |
345 | if [ $container_release_major -ge "7" ]; then |
346 | # systemd honors /etc/hostname | |
347 | echo "$name" >$container_rootfs/etc/hostname | |
348 | fi | |
7ceebfd1 DE |
349 | cat <<EOF > $container_rootfs/etc/sysconfig/network |
350 | NETWORKING=yes | |
351 | NETWORKING_IPV6=no | |
352 | HOSTNAME=$name | |
353 | EOF | |
354 | ||
355 | # set minimal hosts | |
356 | echo "127.0.0.1 localhost $name" > $container_rootfs/etc/hosts | |
357 | ||
358 | # this file has to exist for libvirt/Virtual machine monitor to boot the container | |
359 | touch $container_rootfs/etc/mtab | |
360 | ||
708f4a80 SH |
361 | # setup console and tty[1-4] for login. note that /dev/console and |
362 | # /dev/tty[1-4] will be symlinks to the ptys /dev/lxc/console and | |
363 | # /dev/lxc/tty[1-4] so that package updates can overwrite the symlinks. | |
364 | # lxc will maintain these links and bind mount ptys over /dev/lxc/* | |
365 | # since lxc.devttydir is specified in the config. | |
366 | ||
000559b5 | 367 | # allow root login on console, tty[1-4], and pts/0 for libvirt |
708f4a80 SH |
368 | echo "# LXC (Linux Containers)" >>$container_rootfs/etc/securetty |
369 | echo "lxc/console" >>$container_rootfs/etc/securetty | |
5f2ea8cf DE |
370 | for i in 1 2 3 4; do |
371 | echo "lxc/tty$i" >>$container_rootfs/etc/securetty | |
372 | done | |
000559b5 | 373 | echo "# For libvirt/Virtual Machine Monitor" >>$container_rootfs/etc/securetty |
5f2ea8cf DE |
374 | for i in 0 1 2 3 4; do |
375 | echo "pts/$i" >>$container_rootfs/etc/securetty | |
376 | done | |
708f4a80 | 377 | |
2e83f720 | 378 | # prevent mingetty from calling vhangup(2) since it fails with userns |
91bcb2dd DE |
379 | if [ -f $container_rootfs/etc/init/tty.conf ]; then |
380 | sed -i 's|mingetty|mingetty --nohangup|' $container_rootfs/etc/init/tty.conf | |
381 | fi | |
2e83f720 | 382 | |
5f2ea8cf DE |
383 | # create maygetty which only spawns a getty on the console when running |
384 | # under lxc, not libvirt-lxc which symlinks /dev/console to the same pty | |
385 | # as /dev/tty1 | |
386 | cat <<EOF >$container_rootfs/sbin/maygetty | |
387 | #!/bin/sh | |
388 | if [ "\$container" = "lxc" ]; then | |
389 | exec /sbin/mingetty \$@ | |
390 | fi | |
391 | exec sleep infinity | |
392 | EOF | |
393 | chmod 755 $container_rootfs/sbin/maygetty | |
394 | ||
708f4a80 | 395 | # start a getty on /dev/console, /dev/tty[1-4] |
e35cb41b | 396 | if [ $container_release_major = "4" -o $container_release_major = "5" ]; then |
2e83f720 | 397 | sed -i 's|mingetty|mingetty --nohangup|' $container_rootfs/etc/inittab |
5f2ea8cf | 398 | sed -i '/1:2345:respawn/i cns:2345:respawn:/sbin/maygetty --nohangup --noclear console' $container_rootfs/etc/inittab |
14d9c0f0 SG |
399 | sed -i '/5:2345:respawn/d' $container_rootfs/etc/inittab |
400 | sed -i '/6:2345:respawn/d' $container_rootfs/etc/inittab | |
708f4a80 SH |
401 | fi |
402 | ||
403 | if [ $container_release_major = "6" ]; then | |
14d9c0f0 | 404 | cat <<EOF > $container_rootfs/etc/init/console.conf |
708f4a80 SH |
405 | # console - getty |
406 | # | |
407 | # This service maintains a getty on the console from the point the system is | |
408 | # started until it is shut down again. | |
409 | ||
410 | start on stopped rc RUNLEVEL=[2345] | |
411 | stop on runlevel [!2345] | |
7e4ca1a2 | 412 | env container |
708f4a80 SH |
413 | |
414 | respawn | |
5f2ea8cf | 415 | exec /sbin/maygetty --nohangup --noclear /dev/console |
708f4a80 SH |
416 | EOF |
417 | fi | |
418 | ||
ed34a67d DE |
419 | # lxc-shutdown sends SIGPWR to init, OL4 and OL5 have SysVInit, just |
420 | # make it do shutdown now instead of delaying 2 minutes. OL6 uses | |
421 | # upstart, so we create an upstart job to handle SIGPWR to shut down | |
422 | # cleanly. We use "init 0" instead of shutdown -h now to avoid SELinux | |
423 | # permission denied when upstart's shutdown tries to connect to the | |
424 | # /com/ubuntu/upstart socket. | |
425 | if [ $container_release_major = "4" -o $container_release_major = "5" ]; then | |
426 | sed -i 's|pf::powerfail:/sbin/shutdown -f -h +2 "Power Failure; |pf::powerfail:/sbin/shutdown -f -h now "|' $container_rootfs/etc/inittab | |
c937991e | 427 | elif [ $container_release_major = "6" ]; then |
ed34a67d DE |
428 | cat <<EOF > $container_rootfs/etc/init/power-status-changed.conf |
429 | # power-status-changed - used to cleanly shut down the container | |
430 | # | |
431 | # This task is run whenever init receives SIGPWR | |
432 | # Used to shut down the machine. | |
433 | ||
434 | start on power-status-changed | |
435 | ||
436 | exec init 0 | |
437 | EOF | |
438 | fi | |
439 | ||
708f4a80 SH |
440 | # start with a clean /var/log/messages |
441 | rm -f $container_rootfs/var/log/messages | |
442 | ||
443 | # add oracle user, set root password | |
e35cb41b | 444 | chroot $container_rootfs useradd -m -s /bin/bash oracle |
708f4a80 SH |
445 | echo "oracle:oracle" | chroot $container_rootfs chpasswd |
446 | echo "root:root" | chroot $container_rootfs chpasswd | |
17abf278 ER |
447 | printf "Added container user:\033[1moracle\033[0m password:\033[1moracle\033[0m\n" |
448 | printf "Added container user:\033[1mroot\033[0m password:\033[1mroot\033[0m\n" | |
708f4a80 SH |
449 | } |
450 | ||
451 | # create the container's lxc config file | |
452 | container_config_create() | |
453 | { | |
454 | echo "Create configuration file $cfg_dir/config" | |
9e69977f DE |
455 | mkdir -p $cfg_dir || die "unable to create config dir $cfg_dir" |
456 | ||
457 | echo "# Common configuration" >> $cfg_dir/config | |
458 | if [ -e "@LXCTEMPLATECONFIG@/oracle.common.conf" ]; then | |
459 | echo "lxc.include = @LXCTEMPLATECONFIG@/oracle.common.conf" >> $cfg_dir/config | |
460 | fi | |
461 | ||
708f4a80 SH |
462 | # generate a hwaddr for the container with a high mac address |
463 | # see http://sourceforge.net/tracker/?func=detail&aid=3411497&group_id=163076&atid=826303 | |
464 | local hwaddr="fe:`dd if=/dev/urandom bs=8 count=1 2>/dev/null |od -t x8 | \ | |
1d1774b1 | 465 | head -n 1 |awk '{print $2}' | cut -c1-10 |\ |
14d9c0f0 | 466 | sed 's/\(..\)/\1:/g; s/.$//'`" |
708f4a80 | 467 | cat <<EOF >> $cfg_dir/config || die "unable to create $cfg_dir/config" |
e35cb41b | 468 | # Container configuration for Oracle Linux $container_release_major.$container_release_minor |
708f4a80 SH |
469 | lxc.arch = $arch |
470 | lxc.utsname = $name | |
b1dc05fd | 471 | EOF |
1897e3bc | 472 | grep -q "^lxc.rootfs" $cfg_dir/config 2>/dev/null || echo "lxc.rootfs = $container_rootfs" >> $cfg_dir/config |
b1dc05fd | 473 | |
d378aebe DE |
474 | if [ $container_release_major != "4" ]; then |
475 | echo "lxc.cap.drop = sys_resource" >>$cfg_dir/config | |
476 | fi | |
477 | ||
c937991e DE |
478 | # systemd services like logind and journald need these |
479 | if [ $container_release_major != "7" ]; then | |
480 | echo "lxc.cap.drop = setfcap setpcap" >>$cfg_dir/config | |
481 | fi | |
482 | ||
d378aebe | 483 | echo "# Networking" >>$cfg_dir/config |
b1dc05fd DE |
484 | # see if the network settings were already specified |
485 | lxc_network_type=`grep '^lxc.network.type' $cfg_dir/config | awk -F'[= \t]+' '{ print $2 }'` | |
486 | if [ -z "$lxc_network_type" -a \ | |
483d21ff SG |
487 | \( $host_distribution = "OracleServer" -o \ |
488 | $host_distribution = "Fedora" \) ]; then | |
14d9c0f0 SG |
489 | echo "lxc.network.type = veth" >>$cfg_dir/config |
490 | echo "lxc.network.flags = up" >>$cfg_dir/config | |
491 | echo "lxc.network.link = virbr0" >>$cfg_dir/config | |
b1dc05fd DE |
492 | fi |
493 | ||
494 | cat <<EOF >> $cfg_dir/config || die "unable to create $cfg_dir/config" | |
708f4a80 SH |
495 | lxc.network.name = eth0 |
496 | lxc.network.mtu = 1500 | |
497 | lxc.network.hwaddr = $hwaddr | |
708f4a80 SH |
498 | EOF |
499 | } | |
500 | ||
501 | container_rootfs_clone() | |
502 | { | |
503 | if is_btrfs_subvolume $template_rootfs; then | |
14d9c0f0 SG |
504 | # lxc-create already made $container_rootfs a btrfs subvolume, but |
505 | # in this case we want to snapshot the original subvolume so we we | |
506 | # have to delete the one that lxc-create made | |
507 | btrfs subvolume delete $container_rootfs | |
508 | btrfs subvolume snapshot $template_rootfs $container_rootfs || die "btrfs clone template" | |
708f4a80 | 509 | else |
da139233 DE |
510 | echo "Copying rootfs ..." |
511 | cp -axT $template_rootfs $container_rootfs || die "copy template" | |
708f4a80 SH |
512 | fi |
513 | } | |
514 | ||
e120d057 DE |
515 | container_rootfs_repo_create() |
516 | { | |
517 | echo "# LXC generated .repo file" >$1 | |
518 | echo "[$2]" >>$1 | |
519 | echo "name=Oracle Linux $container_release_major.$container_release_minor ($basearch)" >>$1 | |
520 | echo "baseurl=$3/" >>$1 | |
521 | echo "enabled=1" >>$1 | |
522 | echo "skip_if_unavailable=1" >>$1 | |
523 | ||
524 | if [ "$4" != "" ]; then | |
525 | echo "gpgkey=$yum_url/RPM-GPG-KEY-oracle-ol$container_release_major" >>$1 | |
526 | echo "gpgcheck=1" >>$1 | |
527 | else | |
528 | echo "gpgcheck=0" >>$1 | |
529 | fi | |
530 | } | |
531 | ||
9e607c2f DE |
532 | container_rootfs_dev_create() |
533 | { | |
534 | # create required devices. note that /dev/console will be created by lxc | |
535 | # or libvirt itself to be a symlink to the right pty. | |
536 | # take care to not nuke /dev in case $container_rootfs isn't set | |
537 | dev_path="$container_rootfs/dev" | |
538 | if [ $container_rootfs != "/" -a -d $dev_path ]; then | |
539 | rm -rf $dev_path | |
540 | fi | |
541 | mkdir -p $dev_path | |
542 | if can_chcon; then | |
543 | # ensure symlinks created in /dev have the right context | |
544 | chcon -t device_t $dev_path | |
545 | fi | |
546 | mknod -m 666 $dev_path/null c 1 3 | |
547 | mknod -m 666 $dev_path/zero c 1 5 | |
548 | mknod -m 666 $dev_path/random c 1 8 | |
549 | mknod -m 666 $dev_path/urandom c 1 9 | |
550 | mkdir -m 755 $dev_path/pts | |
551 | mkdir -m 1777 $dev_path/shm | |
552 | mknod -m 666 $dev_path/tty c 5 0 | |
553 | mknod -m 666 $dev_path/tty1 c 4 1 | |
554 | mknod -m 666 $dev_path/tty2 c 4 2 | |
555 | mknod -m 666 $dev_path/tty3 c 4 3 | |
556 | mknod -m 666 $dev_path/tty4 c 4 4 | |
557 | mknod -m 666 $dev_path/full c 1 7 | |
558 | mknod -m 600 $dev_path/initctl p | |
559 | ||
560 | # set selinux labels same as host | |
561 | if can_chcon; then | |
562 | for node in null zero random urandom pts shm \ | |
563 | tty tty0 tty1 tty2 tty3 tty4 full ; | |
564 | do | |
565 | chcon --reference /dev/$node $dev_path/$node 2>/dev/null | |
566 | done | |
567 | fi | |
568 | } | |
569 | ||
708f4a80 SH |
570 | container_rootfs_create() |
571 | { | |
9e607c2f DE |
572 | if can_chcon; then |
573 | chcon --reference / $container_rootfs 2>/dev/null | |
574 | fi | |
575 | ||
708f4a80 | 576 | cmds="rpm wget yum" |
839af5b3 | 577 | if [ $container_release_major -lt "6" ]; then |
da139233 | 578 | if [ $host_distribution = "Ubuntu" -o $host_distribution = "Debian" ]; then |
14d9c0f0 | 579 | db_dump_cmd="db5.1_dump" |
14d9c0f0 SG |
580 | fi |
581 | if [ $host_distribution = "OracleServer" -o \ | |
582 | $host_distribution = "Fedora" ]; then | |
583 | db_dump_cmd="db_dump" | |
14d9c0f0 SG |
584 | fi |
585 | ||
f6d5cecc | 586 | cmds="$cmds $db_dump_cmd file" |
708f4a80 SH |
587 | fi |
588 | for cmd in $cmds; do | |
14d9c0f0 SG |
589 | which $cmd >/dev/null 2>&1 |
590 | if [ $? -ne 0 ]; then | |
591 | die "The $cmd command is required, please install it" | |
592 | fi | |
708f4a80 SH |
593 | done |
594 | ||
fce070c8 | 595 | mkdir -p @LOCALSTATEDIR@/lock/subsys |
708f4a80 | 596 | ( |
17abf278 | 597 | flock -x 9 |
14d9c0f0 SG |
598 | if [ $? -ne 0 ]; then |
599 | die "The template is busy." | |
600 | fi | |
601 | ||
e120d057 | 602 | echo "Yum installing release $container_release_major.$container_release_minor for $basearch" |
14d9c0f0 | 603 | |
c5b908a2 DE |
604 | if [ -n "$repourl" ]; then |
605 | yum_url=$repourl | |
606 | else | |
607 | yum_url=http://public-yum.oracle.com | |
608 | fi | |
e120d057 DE |
609 | if [ $container_release_major = "4" -o $container_release_major = "5" ]; then |
610 | latest_L="el" | |
611 | latest_U="EL" | |
14d9c0f0 | 612 | else |
e120d057 DE |
613 | latest_L="ol" |
614 | latest_U="OL" | |
14d9c0f0 SG |
615 | fi |
616 | ||
e120d057 DE |
617 | if [ -n "$baseurl" ]; then |
618 | # create .repo pointing at baseurl | |
619 | repo="lxc-install" | |
620 | mkdir -p $container_rootfs/etc/yum.repos.d | |
621 | container_rootfs_repo_create \ | |
622 | $container_rootfs/etc/yum.repos.d/lxc-install.repo $repo $baseurl | |
623 | else | |
624 | # get public-yum repo file | |
625 | if [ $container_release_major = "4" ]; then | |
626 | repofile=public-yum-el4.repo | |
627 | elif [ $container_release_major = "5" ]; then | |
628 | repofile=public-yum-el5.repo | |
629 | elif [ $container_release_major = "6" ]; then | |
630 | repofile=public-yum-ol6.repo | |
631 | elif [ $container_release_major = "7" ]; then | |
632 | repofile=public-yum-ol7.repo | |
14d9c0f0 | 633 | else |
e120d057 | 634 | die "Unsupported release $container_release_major" |
14d9c0f0 | 635 | fi |
e120d057 DE |
636 | |
637 | mkdir -p $container_rootfs/etc/yum.repos.d | |
638 | wget -q $yum_url/$repofile -O $container_rootfs/etc/yum.repos.d/$repofile | |
639 | if [ $? -ne 0 ]; then | |
c937991e | 640 | die "Unable to download repo file $yum_url/$repofile, release unavailable" |
e120d057 DE |
641 | fi |
642 | ||
643 | # yum will take $basearch from host, so force the arch we want | |
644 | sed -i "s|\$basearch|$basearch|" $container_rootfs/etc/yum.repos.d/$repofile | |
645 | ||
646 | # replace url if they specified one | |
647 | if [ -n "$repourl" ]; then | |
648 | sed -i "s|baseurl=http://public-yum.oracle.com/repo|baseurl=$repourl/repo|" $container_rootfs/etc/yum.repos.d/$repofile | |
649 | sed -i "s|gpgkey=http://public-yum.oracle.com|gpgkey=$repourl|" $container_rootfs/etc/yum.repos.d/$repofile | |
da139233 | 650 | fi |
e120d057 DE |
651 | |
652 | # disable all repos, then enable the repo for the version we are installing. | |
653 | if [ $container_release_minor = "latest" ]; then | |
654 | repo=$latest_L""$container_release_major"_"$container_release_minor | |
6000d5ba DE |
655 | elif [ $container_release_major = "7" ]; then |
656 | repo="ol"$container_release_major"_u"$container_release_minor"_base" | |
657 | elif [ $container_release_major = "6" ]; then | |
e120d057 DE |
658 | if [ $container_release_minor = "0" ]; then |
659 | repo="ol"$container_release_major"_ga_base" | |
660 | else | |
661 | repo="ol"$container_release_major"_u"$container_release_minor"_base" | |
662 | fi | |
663 | elif [ $container_release_major = "5" ]; then | |
664 | if [ $container_release_minor = "0" ]; then | |
665 | repo="el"$container_release_major"_ga_base" | |
666 | elif [ $container_release_minor -lt "6" ]; then | |
667 | repo="el"$container_release_major"_u"$container_release_minor"_base" | |
668 | else | |
669 | repo="ol"$container_release_major"_u"$container_release_minor"_base" | |
670 | fi | |
671 | elif [ $container_release_major = "4" -a $container_release_minor -gt "5" ]; then | |
839af5b3 DE |
672 | repo="el"$container_release_major"_u"$container_release_minor"_base" |
673 | else | |
e120d057 | 674 | die "Unsupported release $container_release_major.$container_release_minor" |
839af5b3 | 675 | fi |
e120d057 DE |
676 | sed -i "s|enabled=1|enabled=0|" $container_rootfs/etc/yum.repos.d/$repofile |
677 | sed -i "/\[$repo\]/,/\[/ s/enabled=0/enabled=1/" $container_rootfs/etc/yum.repos.d/$repofile | |
14d9c0f0 | 678 | fi |
14d9c0f0 | 679 | |
9e607c2f DE |
680 | container_rootfs_dev_create |
681 | ||
682 | # don't put devpts,proc, nor sysfs in here, it will already be mounted for us by lxc/libvirt | |
683 | echo "" >$container_rootfs/etc/fstab | |
684 | ||
14d9c0f0 SG |
685 | # create rpm db, download and yum install minimal packages |
686 | mkdir -p $container_rootfs/var/lib/rpm | |
687 | rpm --root $container_rootfs --initdb | |
da139233 | 688 | yum_args="--installroot $container_rootfs --disablerepo=* --enablerepo=$repo -y --nogpgcheck" |
5e00ff01 | 689 | min_pkgs="yum initscripts passwd rsyslog vim-minimal openssh-server openssh-clients dhclient chkconfig rootfiles policycoreutils oraclelinux-release" |
f6d5cecc DE |
690 | if [ $container_release_major -lt "6" ]; then |
691 | min_pkgs="$min_pkgs db4-utils" | |
692 | fi | |
14d9c0f0 | 693 | |
da139233 DE |
694 | # we unshare the mount namespace because yum installing the ol4 |
695 | # packages causes $rootfs/proc to be mounted on | |
9eee2f77 | 696 | lxc-unshare -s MOUNT yum -- $yum_args install $min_pkgs $user_pkgs |
14d9c0f0 SG |
697 | if [ $? -ne 0 ]; then |
698 | die "Failed to download and install the rootfs, aborting." | |
699 | fi | |
700 | ||
701 | # rsyslog and pam depend on coreutils for some common commands in | |
702 | # their POSTIN scriptlets, but coreutils wasn't installed yet. now | |
703 | # that coreutils is installed, reinstall the packages so their POSTIN | |
704 | # runs right. similarly, libutempter depends on libselinux.so.1 when | |
705 | # it runs /usr/sbin/groupadd, so reinstall it too | |
da139233 | 706 | redo_pkgs="" |
e35cb41b | 707 | if [ $container_release_major = "5" ]; then |
da139233 DE |
708 | if [ $container_release_minor = "latest" ]; then |
709 | redo_pkgs="pam rsyslog libutempter" | |
710 | elif [ $container_release_minor -lt 2 ]; then | |
711 | redo_pkgs="pam" | |
712 | elif [ $container_release_minor -lt 6 ]; then | |
713 | redo_pkgs="pam rsyslog" | |
714 | elif [ $container_release_minor -gt 5 ]; then | |
715 | redo_pkgs="pam rsyslog libutempter" | |
839af5b3 | 716 | fi |
da139233 DE |
717 | fi |
718 | # shadow utils fails on ol4 and ol6.1 | |
719 | if [ $container_release_major = "4" -o \ | |
720 | $container_release_major = "6" -a $container_release_minor = "1" ]; then | |
721 | redo_pkgs="shadow-utils" | |
722 | fi | |
723 | if [ x"$redo_pkgs" != x ]; then | |
839af5b3 | 724 | rpm --root $container_rootfs --nodeps -e $redo_pkgs |
e120d057 | 725 | lxc-unshare -s MOUNT yum -- $yum_args install $redo_pkgs |
14d9c0f0 SG |
726 | if [ $? -ne 0 ]; then |
727 | die "Unable to reinstall packages" | |
728 | fi | |
729 | fi | |
730 | ||
e120d057 DE |
731 | # if installing from a baseurl, create a .repo that the container |
732 | # can use to update to _latest from http://public-yum.oracle.com | |
30ecf669 DE |
733 | if [ -n "$baseurl" ]; then |
734 | container_rootfs_repo_create \ | |
735 | "$container_rootfs/etc/yum.repos.d/public-yum-"$latestL""$container_release_major".repo" \ | |
736 | $latest_L""$container_release_major"_latest" \ | |
737 | $yum_url"/repo/OracleLinux/"$latest_U""$container_release_major"/latest/$basearch" gpg | |
738 | fi | |
e120d057 | 739 | |
14d9c0f0 SG |
740 | # these distributions put the rpm database in a place the guest is |
741 | # not expecting it, so move it | |
da139233 | 742 | if [ $host_distribution = "Ubuntu" -o $host_distribution = "Debian" ]; then |
1ff8a460 | 743 | mv $container_rootfs/$HOME/.rpmdb/* $container_rootfs/var/lib/rpm |
14d9c0f0 SG |
744 | fi |
745 | ||
746 | # if the native rpm created the db with Hash version 9, we need to | |
747 | # downgrade it to Hash version 8 for use with OL5.x | |
748 | db_version=`file $container_rootfs/var/lib/rpm/Packages | \ | |
749 | grep -o 'version [0-9]*' |awk '{print $2}'` | |
839af5b3 | 750 | if [ $container_release_major -lt "6" -a $db_version != "8" ]; then |
14d9c0f0 SG |
751 | echo "Fixing (downgrading) rpm database from version $db_version" |
752 | rm -f $container_rootfs/var/lib/rpm/__db* | |
753 | for db in $container_rootfs/var/lib/rpm/* ; do | |
f6d5cecc | 754 | $db_dump_cmd $db |chroot $container_rootfs db_load /var/lib/rpm/`basename $db`.new |
14d9c0f0 SG |
755 | mv $db.new $db |
756 | done | |
757 | fi | |
758 | ||
759 | # the host rpm may not be the same as the guest, rebuild the db with | |
760 | # the guest rpm version | |
761 | echo "Rebuilding rpm database" | |
762 | rm -f $container_rootfs/var/lib/rpm/__db* | |
763 | chroot $container_rootfs rpm --rebuilddb >/dev/null 2>&1 | |
839af5b3 | 764 | |
17abf278 | 765 | ) 9>@LOCALSTATEDIR@/lock/subsys/lxc-oracle-$name |
c937991e DE |
766 | if [ $? -ne 0 ]; then |
767 | exit 1 | |
768 | fi | |
708f4a80 SH |
769 | } |
770 | ||
e35cb41b DE |
771 | container_release_get() |
772 | { | |
773 | if [ -f $1/etc/oracle-release ]; then | |
774 | container_release_version=`cat $1/etc/oracle-release |awk '/^Oracle/ {print $5}'` | |
775 | container_release_major=`echo $container_release_version |awk -F '.' '{print $1}'` | |
776 | container_release_minor=`echo $container_release_version |awk -F '.' '{print $2}'` | |
839af5b3 | 777 | elif grep -q "Enterprise Linux AS" $1/etc/redhat-release; then |
e35cb41b DE |
778 | container_release_major=`cat $1/etc/redhat-release |awk '{print $7}'` |
779 | container_release_minor=`cat $1/etc/redhat-release |awk '{print $10}' |tr -d ")"` | |
780 | container_release_version="$container_release_major.$container_release_minor" | |
839af5b3 DE |
781 | elif grep -q "Enterprise Linux Server" $1/etc/redhat-release; then |
782 | container_release_version=`cat $1/etc/redhat-release |awk '{print $7}'` | |
783 | container_release_major=`echo $container_release_version |awk -F '.' '{print $1}'` | |
784 | container_release_minor=`echo $container_release_version |awk -F '.' '{print $2}'` | |
e35cb41b DE |
785 | else |
786 | echo "Unable to determine container release version" | |
787 | exit 1 | |
788 | fi | |
789 | } | |
790 | ||
708f4a80 SH |
791 | usage() |
792 | { | |
793 | cat <<EOF | |
483d21ff | 794 | -a|--arch=<arch> architecture (ie. i386, x86_64) |
708f4a80 | 795 | -R|--release=<release> release to download for the new container |
1897e3bc | 796 | --rootfs=<path> rootfs path |
9eee2f77 | 797 | -r|--rpms=<rpm name> additional rpms to install into container |
e120d057 DE |
798 | -u|--url=<url> replace yum repo url (ie. Oracle public-yum mirror) |
799 | --baseurl=<url> use package repository (ie. file:///mnt) | |
800 | arch and release must also be specified | |
708f4a80 | 801 | -t|--templatefs=<path> copy/clone rootfs at path instead of downloading |
7ceebfd1 | 802 | -P|--patch=<path> only patch the rootfs at path for use as a container |
708f4a80 SH |
803 | -h|--help |
804 | ||
805 | Release is of the format "major.minor", for example "5.8", "6.3", or "6.latest" | |
c937991e | 806 | This template supports Oracle Linux releases 4.6 - 7.0 |
708f4a80 SH |
807 | EOF |
808 | return 0 | |
809 | } | |
810 | ||
e120d057 | 811 | options=$(getopt -o hp:n:a:R:r:u:t: -l help,rootfs:,path:,name:,arch:,release:,rpms:,url:,templatefs:,patch:,baseurl: -- "$@") |
708f4a80 SH |
812 | if [ $? -ne 0 ]; then |
813 | usage $(basename $0) | |
814 | exit 1 | |
815 | fi | |
816 | ||
708f4a80 SH |
817 | eval set -- "$options" |
818 | while true | |
819 | do | |
820 | case "$1" in | |
14d9c0f0 SG |
821 | -h|--help) usage $0 && exit 0;; |
822 | -p|--path) cfg_dir=$2; shift 2;; | |
1897e3bc | 823 | --rootfs) container_rootfs=$2; shift 2;; |
14d9c0f0 SG |
824 | -n|--name) name=$2; shift 2;; |
825 | -a|--arch) arch=$2; shift 2;; | |
e35cb41b | 826 | -R|--release) container_release_version=$2; shift 2;; |
9eee2f77 DE |
827 | -r|--rpms) user_pkgs=$2; shift 2;; |
828 | -u|--url) repourl=$2; shift 2;; | |
14d9c0f0 | 829 | -t|--templatefs) template_rootfs=$2; shift 2;; |
7ceebfd1 | 830 | --patch) patch_rootfs=$2; shift 2;; |
e120d057 | 831 | --baseurl) baseurl=$2; shift 2;; |
14d9c0f0 | 832 | --) shift 1; break ;; |
708f4a80 SH |
833 | *) break ;; |
834 | esac | |
835 | done | |
836 | ||
837 | # make sure mandatory args are given and valid | |
838 | if [ "$(id -u)" != "0" ]; then | |
839 | echo "This script should be run as 'root'" | |
840 | exit 1 | |
841 | fi | |
842 | ||
e120d057 DE |
843 | if [ -n "$baseurl" ]; then |
844 | if [ "$arch" = "" -o "$container_release_version" = "" ]; then | |
845 | echo "The --arch and --release must be specified when using --baseurl" | |
846 | usage | |
847 | exit 1 | |
848 | fi | |
849 | fi | |
850 | ||
851 | if [ "$arch" = "" ]; then | |
852 | arch=$(uname -m) | |
853 | fi | |
854 | ||
7ceebfd1 DE |
855 | if [ -n "$patch_rootfs" ]; then |
856 | container_rootfs="$patch_rootfs" | |
857 | container_release_get $container_rootfs | |
858 | container_rootfs_patch | |
859 | exit 0 | |
860 | fi | |
861 | ||
708f4a80 SH |
862 | if [ -z $name ]; then |
863 | echo "Container name must be given" | |
864 | usage | |
865 | exit 1 | |
866 | fi | |
867 | ||
868 | if [ -z $cfg_dir ]; then | |
869 | echo "Configuration directory must be given, check lxc-create" | |
870 | usage | |
871 | exit 1 | |
872 | fi | |
873 | ||
874 | basearch=$arch | |
875 | if [ "$arch" = "i686" ]; then | |
876 | basearch="i386" | |
877 | fi | |
878 | ||
483d21ff SG |
879 | if [ "$arch" != "i386" -a "$arch" != "x86_64" ]; then |
880 | echo "Bad architecture given, check lxc-create" | |
881 | usage | |
882 | exit 1 | |
883 | fi | |
884 | ||
b90270a5 DE |
885 | if which lsb_release >/dev/null 2>&1; then |
886 | host_distribution=`lsb_release --id |awk '{print $3}'` | |
887 | host_release_version=`lsb_release --release |awk '{print $2}'` | |
888 | host_release_major=`echo $host_release_version |awk -F '.' '{print $1}'` | |
889 | host_release_minor=`echo $host_release_version |awk -F '.' '{print $2}'` | |
890 | else | |
483d21ff SG |
891 | if [ -f /etc/fedora-release ]; then |
892 | host_distribution="Fedora" | |
893 | host_release_version=`cat /etc/fedora-release |awk '{print $3}'` | |
894 | host_release_major=$host_release_version | |
895 | host_release_minor=0 | |
896 | elif [ -f /etc/oracle-release ]; then | |
897 | host_distribution="OracleServer" | |
898 | host_release_version=`cat /etc/oracle-release |awk '{print $5}'` | |
899 | host_release_major=`echo $host_release_version |awk -F '.' '{print $1}'` | |
900 | host_release_minor=`echo $host_release_version |awk -F '.' '{print $2}'` | |
901 | else | |
902 | echo "Unable to determine host distribution, ensure lsb_release is installed" | |
903 | exit 1 | |
904 | fi | |
b90270a5 DE |
905 | fi |
906 | echo "Host is $host_distribution $host_release_version" | |
708f4a80 | 907 | |
1897e3bc SH |
908 | if [ -z "$container_rootfs" ]; then |
909 | container_rootfs="$cfg_dir/rootfs" | |
910 | fi | |
da139233 DE |
911 | |
912 | if [ -n "$template_rootfs" ]; then | |
913 | container_release_get $template_rootfs | |
914 | else | |
915 | if [ -z "$container_release_version" ]; then | |
916 | if [ $host_distribution = "OracleServer" ]; then | |
917 | container_release_version=$host_release_version | |
918 | else | |
56347672 DE |
919 | echo "No release specified with -R, defaulting to 6.5" |
920 | container_release_version="6.5" | |
da139233 DE |
921 | fi |
922 | fi | |
923 | container_release_major=`echo $container_release_version |awk -F '.' '{print $1}'` | |
924 | container_release_minor=`echo $container_release_version |awk -F '.' '{print $2}'` | |
925 | fi | |
708f4a80 SH |
926 | |
927 | container_config_create | |
928 | if [ -n "$template_rootfs" ]; then | |
929 | container_rootfs_clone | |
930 | else | |
931 | container_rootfs_create | |
932 | fi | |
933 | ||
e35cb41b | 934 | container_release_get $container_rootfs |
708f4a80 SH |
935 | |
936 | container_rootfs_configure | |
937 | ||
938 | echo "Container : $container_rootfs" | |
939 | echo "Config : $cfg_dir/config" | |
940 | echo "Network : eth0 ($lxc_network_type) on $lxc_network_link" |