5 CACHE
="@LOCALSTATEDIR@/cache/lxc/${DISTRO}"
7 # Default container name
15 # These paths are within the container so do not need to obey configure prefixes
16 INITTAB
="/etc/inittab"
18 SSHD_CONFIG
="/etc/ssh/sshd_config"
20 ################################################################################
21 # DISTRO custom configuration files
22 ################################################################################
26 write_distro_selinux
() {
27 mkdir
-p ${ROOTFS}/selinux
28 echo 0 > ${ROOTFS}/selinux
/enforce
33 write_distro_fstab
() {
34 cat <<EOF > ${ROOTFS}/${FSTAB}
35 tmpfs /dev/shm tmpfs defaults 0 0
41 write_distro_inittab
() {
42 cat <<EOF > ${ROOTFS}/${INITTAB}
44 si::sysinit:/etc/init.d/rcS
45 l0:0:wait:/etc/init.d/rc 0
46 l1:1:wait:/etc/init.d/rc 1
47 l2:2:wait:/etc/init.d/rc 2
48 l3:3:wait:/etc/init.d/rc 3
49 l4:4:wait:/etc/init.d/rc 4
50 l5:5:wait:/etc/init.d/rc 5
51 l6:6:wait:/etc/init.d/rc 6
52 # Normally not reached, but fallthrough in case of emergency.
53 z6:6:respawn:/sbin/sulogin
54 1:2345:respawn:/sbin/getty 38400 console
55 c1:12345:respawn:/sbin/getty 38400 tty1 linux
56 c2:12345:respawn:/sbin/getty 38400 tty2 linux
57 c3:12345:respawn:/sbin/getty 38400 tty3 linux
58 c4:12345:respawn:/sbin/getty 38400 tty4 linux
62 # custom network configuration
63 write_distro_network
() {
64 cat <<EOF > ${ROOTFS}/etc/sysconfig/network-scripts/ifcfg-lo
69 # If you're having problems with gated making 127.0.0.0/8 a martian,
70 # you can change this to something else (255.255.255.255, for example)
71 BROADCAST=127.255.255.255
75 cat <<EOF > ${ROOTFS}/etc/sysconfig/network-scripts/ifcfg-eth0
78 HWADDR=52:54:00:12:34:56
84 NETWORK=$(ipcalc -sn ${IPV4} 255.255.255.0)
86 BROADCAST=$(ipcalc -sb ${IPV4} 255.255.255.0)
93 write_distro_hostname
() {
94 cat <<EOF > ${ROOTFS}/sysconfig/network
100 # custom sshd configuration file
102 write_distro_sshd_config
() {
103 cat <<EOF > ${ROOTFS}/${SSHD_CONFIG}
106 HostKey /etc/ssh/ssh_host_rsa_key
107 HostKey /etc/ssh/ssh_host_dsa_key
108 UsePrivilegeSeparation yes
109 KeyRegenerationInterval 3600
116 RSAAuthentication yes
117 PubkeyAuthentication yes
119 RhostsRSAAuthentication no
120 HostbasedAuthentication no
121 PermitEmptyPasswords yes
122 ChallengeResponseAuthentication no
126 ################################################################################
127 # lxc configuration files
128 ################################################################################
130 write_lxc_configuration
() {
131 cat <<EOF > ${CONFFILE}
132 lxc.utsname = ${UTSNAME}
134 lxc.network.type = veth
135 lxc.network.flags = up
136 lxc.network.link = br0
137 lxc.network.name = eth0
138 lxc.mount = ${MNTFILE}
139 lxc.rootfs = ${ROOTFS}
140 lxc.cgroup.devices.deny = a
142 lxc.cgroup.devices.allow = c 1:3 rwm
143 lxc.cgroup.devices.allow = c 1:5 rwm
145 lxc.cgroup.devices.allow = c 5:1 rwm
146 lxc.cgroup.devices.allow = c 5:0 rwm
147 lxc.cgroup.devices.allow = c 4:0 rwm
148 lxc.cgroup.devices.allow = c 4:1 rwm
150 lxc.cgroup.devices.allow = c 1:9 rwm
151 lxc.cgroup.devices.allow = c 1:8 rwm
152 # /dev/pts/* - pts namespaces are "coming soon"
153 lxc.cgroup.devices.allow = c 136:* rwm
154 lxc.cgroup.devices.allow = c 5:2 rwm
156 lxc.cgroup.devices.allow = c 254:0 rwm
161 cat <<EOF > ${MNTFILE}
168 # choose a container name, default is already in shell NAME variable
169 echo -n "What is the name for the container ? [${NAME}] "
172 if [ ! -z "${_NAME_}" ]; then
176 # choose a hostname, default is the container name
177 echo -n "What hostname do you wish for this container ? [${NAME}] "
180 if [ ! -z "${_UTSNAME_}" ]; then
186 # choose an ipv4 address, better to choose the same network than
188 echo -n "What IP address do you wish for this container ? [${IPV4}] "
191 if [ ! -z "${_IPV4_}" ]; then
195 # choose the gateway ip address
196 echo -n "What is the gateway IP address ? [${GATEWAY}] "
199 if [ ! -z "${_GATEWAY_}" ]; then
203 # the rootfs name will be build with the container name
204 ROOTFS
="./rootfs.${NAME}"
206 # check if the rootfs does already exist
207 if [ ! -e "${ROOTFS}" ]; then
208 mkdir
-p @LOCALSTATEDIR@
/lock
/subsys
/
214 if [ "${RES}" != "0" ]; then
215 echo "Cache repository is busy."
219 # check the mini distro was not already downloaded
220 echo -n "Checking cache download ..."
221 if [ ! -e "${CACHE}/rootfs" ]; then
225 # Rather than write a special yum config we just make the
226 # default RPM and yum layout in ${CACHE}. The alternative is
227 # to copy /etc/yum/yum.conf or /etc/yum.conf and fiddle with
229 mkdir
-p "${CACHE}/partial/var/lib/rpm"
230 mkdir
-p "${CACHE}/partial/var/log"
231 touch "${CACHE}/partial/var/log/yum.log"
233 RELEASE
="$(yum info ${DISTRO}-release | \
234 awk -F '[[:space:]]*:[[:space:]]*' \
235 '/^Release/ { release = $2 }
236 /^Version/ { version = $2 }
237 END { print version "-" release }')"
238 PKG
="${DISTRO}-release.noarch.rpm"
239 RPM
="rpm --root \"${CACHE}/partial\""
241 echo "Initializing RPM cache ..."
243 echo "Downloading ${DISTRO} Release ${RELEASE} description ..."
244 yumdownloader
--destdir="${CACHE}/partial" "${DISTRO}-release.noarch.rpm" && \
245 ${RPM} --nodeps -ihv "${CACHE}/partial/${DISTRO}-release*.noarch.rpm
"
246 echo "Downloading
${DISTRO} minimal ...
"
247 yum --installroot="${CACHE}/partial
" -y groupinstall Base
249 if [ "${RESULT}" != "0" ]; then
250 echo "Failed to download the rootfs
, aborting.
"
253 mv "${CACHE}/partial
" "${CACHE}/rootfs
"
254 echo "Download complete.
"
259 # make a local copy of the mini
260 echo -n "Copying rootfs ...
"
261 cp -a ${CACHE}/rootfs ${ROOTFS} && echo "Done.
" || exit
262 ) 200> "@LOCALSTATEDIR@
/lock
/subsys
/lxc
"
267 write_lxc_configuration
271 write_distro_hostname
277 write_distro_sshd_config
281 @BINDIR@/lxc-create -n ${NAME} -f ${CONFFILE}
284 # remove the configuration files
288 if [ "${RES}" != "0" ]; then
289 echo "Failed to create
'${NAME}'"
294 echo -e "\nYou can run your container with the
'lxc-start -n ${NAME}'\n"
299 echo -n "What is the name
for the container ?
[${NAME}] "
302 if [ ! -z "${_NAME_}" ]; then
306 @BINDIR@/lxc-destroy -n ${NAME}
308 if [ ! ${RETVAL} -eq 0 ]; then
309 echo "Failed to destroyed
'${NAME}'"
313 ROOTFS=".
/rootfs.
${NAME}"
315 echo -n "Shall I remove the rootfs
[y
/n
] ?
"
317 if [ "${REPLY}" = "y
" ]; then
327 This script is a helper to create ${DISTRO} system containers.
329 The script will create the container configuration file following
330 the informations submitted interactively with 'lxc-${DISTRO} create'
332 The first creation will download, with yum, a ${DISTRO} minimal
333 install and store it into a cache.
335 The script will copy from the cache the root filesystem to the
338 If there is a problem with the container, (bad configuration for
339 example), you can destroy the container with 'lxc-${DISTRO} destroy'
340 but without removing the rootfs and recreate it again with
341 'lxc-${DISTRO} create'.
343 If you want to create another ${DISTRO} container, call the 'lxc-${DISTRO}
344 create' again, specifying another name and new parameters.
346 At any time you can purge the ${DISTRO} cache download by calling
347 'lxc-${DISTRO} purge'
356 if [ ! -e ${CACHE} ]; then
360 # lock, so we won't purge while someone is creating a repository
365 if [ "${RES}" != "0" ]; then
366 echo "Cache repository is busy.
"
370 echo -n "Purging the download cache...
"
371 rm --preserve-root --one-file-system -rf ${CACHE} && echo "Done.
" || exit 1
374 ) 200> "@LOCALSTATEDIR@
/lock
/subsys
/lxc
"
377 # Note: assuming uid==0 is root -- might break with userns??
378 if [ "$
(id
-u)" != "0" ]; then
379 echo "This
script should be run as
'root'"
383 # Detect which executable we were run as, lxc-fedora or lxc-redhat
387 *) # default is fedora
390 CACHE="@LOCALSTATEDIR@
/cache
/lxc
/${DISTRO}"
402 echo "Usage
: $0 {create|destroy|purge|
help}"