1 package PVE
::LXC
::Setup
::Base
;
19 my ($class, $conf, $rootdir) = @_;
21 return bless { conf
=> $conf, rootdir
=> $rootdir }, $class;
25 my ($self, $conf) = @_;
27 my $nameserver = $conf->{nameserver
};
28 my $searchdomains = $conf->{searchdomain
};
30 if (!($nameserver && $searchdomains)) {
32 if ($conf->{'testmode'}) {
34 $nameserver = "8.8.8.8 8.8.8.9";
35 $searchdomains = "proxmox.com";
39 my $host_resolv_conf = $self->{host_resolv_conf
};
41 $searchdomains = $host_resolv_conf->{search
};
44 foreach my $k ("dns1", "dns2", "dns3") {
45 if (my $ns = $host_resolv_conf->{$k}) {
49 $nameserver = join(' ', @list);
53 return ($searchdomains, $nameserver);
56 sub update_etc_hosts
{
57 my ($etc_hosts_data, $hostip, $oldname, $newname, $searchdomains) = @_;
63 my $namepart = ($newname =~ s/\..*$//r);
66 if ($newname =~ /\./) {
67 $extra_names .= $namepart;
69 foreach my $domain (PVE
::Tools
::split_list
($searchdomains)) {
70 $extra_names .= ' ' if $extra_names;
71 $extra_names .= "$newname.$domain";
75 foreach my $line (split(/\n/, $etc_hosts_data)) {
76 if ($line =~ m/^#/ || $line =~ m/^\s*$/) {
81 my ($ip, @names) = split(/\s+/, $line);
82 if (($ip eq '127.0.0.1') || ($ip eq '::1')) {
88 foreach my $name (@names) {
89 if ($name eq $oldname || $name eq $newname) {
92 # fixme: record extra names?
95 $found = 1 if defined($hostip) && ($ip eq $hostip);
99 if (defined($hostip)) {
100 push @lines, "$hostip $extra_names $newname";
102 push @lines, "127.0.1.1 $namepart";
113 if (defined($hostip)) {
114 push @lines, "$hostip $extra_names $newname";
116 push @lines, "127.0.1.1 $namepart";
120 my $found_localhost = 0;
121 foreach my $line (@lines) {
122 if ($line =~ m/^127.0.0.1\s/) {
123 $found_localhost = 1;
128 if (!$found_localhost) {
129 unshift @lines, "127.0.0.1 localhost.localnet localhost";
132 $etc_hosts_data = join("\n", @lines) . "\n";
134 return $etc_hosts_data;
138 my ($self, $conf) = @_;
140 # do nothing by default
144 my ($self, $conf) = @_;
146 my ($searchdomains, $nameserver) = $self->lookup_dns_conf($conf);
150 $data .= "search " . join(' ', PVE
::Tools
::split_list
($searchdomains)) . "\n"
153 foreach my $ns ( PVE
::Tools
::split_list
($nameserver)) {
154 $data .= "nameserver $ns\n";
157 $self->ct_file_set_contents("/etc/resolv.conf", $data);
161 my ($self, $conf) = @_;
163 my $hostname = $conf->{hostname
} || 'localhost';
165 my $namepart = ($hostname =~ s/\..*$//r);
167 my $hostname_fn = "/etc/hostname";
169 my $oldname = $self->ct_file_read_firstline($hostname_fn) || 'localhost';
171 my $hosts_fn = "/etc/hosts";
172 my $etc_hosts_data = '';
174 if ($self->ct_file_exists($hosts_fn)) {
175 $etc_hosts_data = $self->ct_file_get_contents($hosts_fn);
178 my ($ipv4, $ipv6) = PVE
::LXC
::get_primary_ips
($conf);
179 my $hostip = $ipv4 || $ipv6;
181 my ($searchdomains) = $self->lookup_dns_conf($conf);
183 $etc_hosts_data = update_etc_hosts
($etc_hosts_data, $hostip, $oldname,
184 $hostname, $searchdomains);
186 $self->ct_file_set_contents($hostname_fn, "$namepart\n");
187 $self->ct_file_set_contents($hosts_fn, $etc_hosts_data);
191 my ($self, $conf) = @_;
193 die "please implement this inside subclass"
197 my ($self, $conf) = @_;
199 die "please implement this inside subclass"
202 sub setup_systemd_console
{
203 my ($self, $conf) = @_;
205 my $systemd_dir_rel = -x
"/lib/systemd/systemd" ?
206 "/lib/systemd/system" : "/usr/lib/systemd/system";
208 my $systemd_getty_service_rel = "$systemd_dir_rel/getty\@.service";
210 return if !$self->ct_file_exists($systemd_getty_service_rel);
212 my $raw = $self->ct_file_get_contents($systemd_getty_service_rel);
214 my $systemd_container_getty_service_rel = "$systemd_dir_rel/container-getty\@.service";
216 # systemd on CenoOS 7.1 is too old (version 205), so there is no
217 # container-getty service
218 if (!$self->ct_file_exists($systemd_container_getty_service_rel)) {
219 if ($raw =~ s!^ConditionPathExists=/dev/tty0$!ConditionPathExists=/dev/tty!m) {
220 $self->ct_file_set_contents($systemd_getty_service_rel, $raw);
223 # undo above change (in case someone updated systemd)
224 if ($raw =~ s!^ConditionPathExists=/dev/tty$!ConditionPathExists=/dev/tty0!m) {
225 $self->ct_file_set_contents($systemd_getty_service_rel, $raw);
229 my $ttycount = PVE
::LXC
::get_tty_count
($conf);
231 for (my $i = 1; $i < 7; $i++) {
232 my $tty_service_lnk = "/etc/systemd/system/getty.target.wants/getty\@tty$i.service";
233 if ($i > $ttycount) {
234 $self->ct_unlink($tty_service_lnk);
236 if (!$self->ct_is_symlink($tty_service_lnk)) {
237 $self->ct_unlink($tty_service_lnk);
238 $self->ct_symlink($systemd_getty_service_rel, $tty_service_lnk);
244 sub setup_systemd_networkd
{
245 my ($self, $conf) = @_;
247 foreach my $k (keys %$conf) {
248 next if $k !~ m/^net(\d+)$/;
249 my $d = PVE
::LXC
::parse_lxc_network
($conf->{$k});
252 my $filename = "/etc/systemd/network/$d->{name}.network";
259 Description = Interface $d->{name} autoconfigured by PVE
263 my ($has_ipv4, $has_ipv6);
266 my @DHCPMODES = ('none', 'v4', 'v6', 'both');
267 my ($NONE, $DHCP4, $DHCP6, $BOTH) = (0, 1, 2, 3);
270 if (defined(my $ip = $d->{ip
})) {
273 } elsif ($ip ne 'manual') {
275 $data .= "Address = $ip\n";
278 if (defined(my $gw = $d->{gw
})) {
279 $data .= "Gateway = $gw\n";
280 if ($has_ipv4 && !PVE
::Network
::is_ip_in_cidr
($gw, $d->{ip
}, 4)) {
281 $routes .= "\n[Route]\nDestination = $gw/32\nScope = link\n";
285 if (defined(my $ip = $d->{ip6
})) {
288 } elsif ($ip ne 'manual') {
290 $data .= "Address = $ip\n";
293 if (defined(my $gw = $d->{gw6
})) {
294 $data .= "Gateway = $gw\n";
295 if ($has_ipv6 && !PVE
::Network
::is_ip_in_cidr
($gw, $d->{ip6
}, 6)) {
296 $routes .= "\n[Route]\nDestination = $gw/128\nScope = link\n";
300 $data .= "DHCP = $DHCPMODES[$dhcp]\n";
301 $data .= $routes if $routes;
303 $self->ct_file_set_contents($filename, $data);
307 sub setup_securetty
{
308 my ($self, $conf, @add) = @_;
310 my $filename = "/etc/securetty";
311 my $data = $self->ct_file_get_contents($filename);
312 chomp $data; $data .= "\n";
313 foreach my $dev (@add) {
314 if ($data !~ m!^\Q$dev\E\s*$!m) {
318 $self->ct_file_set_contents($filename, $data);
321 my $replacepw = sub {
322 my ($self, $file, $user, $epw, $shadow) = @_;
324 my $tmpfile = "$file.$$";
327 my $src = $self->ct_open_file_read($file) ||
328 die "unable to open file '$file' - $!";
330 my $st = $self->ct_stat($src) ||
331 die "unable to stat file - $!";
333 my $dst = $self->ct_open_file_write($tmpfile) ||
334 die "unable to open file '$tmpfile' - $!";
336 # copy owner and permissions
337 chmod $st->mode, $dst;
338 chown $st->uid, $st->gid, $dst;
340 my $last_change = int(time()/(60*60*24));
342 if ($epw =~ m/^\$TEST\$/) { # for regression tests
343 $last_change = 12345;
346 while (defined (my $line = <$src>)) {
348 $line =~ s/^${user}:[^:]*:[^:]*:/${user}:${epw}:${last_change}:/;
350 $line =~ s/^${user}:[^:]*:/${user}:${epw}:/;
355 $src->close() || die "close '$file' failed - $!\n";
356 $dst->close() || die "close '$tmpfile' failed - $!\n";
359 $self->ct_unlink($tmpfile);
361 $self->ct_rename($tmpfile, $file);
362 $self->ct_unlink($tmpfile); # in case rename fails
366 sub set_user_password
{
367 my ($self, $conf, $user, $opt_password) = @_;
369 my $pwfile = "/etc/passwd";
371 return if !$self->ct_file_exists($pwfile);
373 my $shadow = "/etc/shadow";
375 if (defined($opt_password)) {
376 if ($opt_password !~ m/^\$/) {
377 my $time = substr (Digest
::SHA
::sha1_base64
(time), 0, 8);
378 $opt_password = crypt(encode
("utf8", $opt_password), "\$1\$$time\$");
384 if ($self->ct_file_exists($shadow)) {
385 &$replacepw ($self, $shadow, $user, $opt_password, 1);
386 &$replacepw ($self, $pwfile, $user, 'x');
388 &$replacepw ($self, $pwfile, $user, $opt_password);
392 my $randomize_crontab = sub {
393 my ($self, $conf) = @_;
396 # Note: dir_glob_foreach() untaints filenames!
397 PVE
::Tools
::dir_glob_foreach
("/etc/cron.d", qr/[A-Z\-\_a-z0-9]+/, sub {
399 push @files, "/etc/cron.d/$name";
402 my $crontab_fn = "/etc/crontab";
403 unshift @files, $crontab_fn if $self->ct_file_exists($crontab_fn);
405 foreach my $filename (@files) {
406 my $data = $self->ct_file_get_contents($filename);
408 foreach my $line (split(/\n/, $data)) {
409 # we only randomize minutes for root crontab entries
410 if ($line =~ m/^\d+(\s+\S+\s+\S+\s+\S+\s+\S+\s+root\s+\S.*)$/) {
412 my $min = int(rand()*59);
413 $new .= "$min$rest\n";
418 $self->ct_file_set_contents($filename, $new);
423 my ($self, $conf) = @_;
425 $self->setup_init($conf);
426 $self->setup_network($conf);
427 $self->set_hostname($conf);
428 $self->set_dns($conf);
433 sub post_create_hook
{
434 my ($self, $conf, $root_password) = @_;
436 $self->template_fixup($conf);
438 &$randomize_crontab($self, $conf);
440 $self->set_user_password($conf, 'root', $root_password);
441 $self->setup_init($conf);
442 $self->setup_network($conf);
443 $self->set_hostname($conf);
444 $self->set_dns($conf);
449 # File access wrappers for container setup code.
450 # For user-namespace support these might need to take uid and gid maps into account.
452 sub ct_reset_ownership
{
453 my ($self, @files) = @_;
454 my $conf = $self->{conf
};
455 return if !$self->{id_map
};
456 my $uid = $self->{rootuid
};
457 my $gid = $self->{rootgid
};
458 chown($uid, $gid, @files);
462 my ($self, $file, $mask) = @_;
463 # mkdir goes by parameter count - an `undef' mode acts like a mode of 0000
464 if (defined($mask)) {
465 return CORE
::mkdir($file, $mask) && $self->ct_reset_ownership($file);
467 return CORE
::mkdir($file) && $self->ct_reset_ownership($file);
472 my ($self, @files) = @_;
473 foreach my $file (@files) {
479 my ($self, $old, $new) = @_;
480 CORE
::rename($old, $new);
483 sub ct_open_file_read
{
486 return IO
::File-
>new($file, O_RDONLY
, @_);
489 sub ct_open_file_write
{
492 my $fh = IO
::File-
>new($file, O_WRONLY
| O_CREAT
, @_);
493 $self->ct_reset_ownership($fh);
499 if ($self->{id_map
}) {
501 if (ref($opts) eq 'HASH') {
502 $opts->{owner
} = $self->{rootuid
} if !defined($self->{owner
});
503 $opts->{group
} = $self->{rootgid
} if !defined($self->{group
});
505 File
::Path
::make_path
(@_, $opts);
507 File
::Path
::make_path
(@_);
512 my ($self, $old, $new) = @_;
513 return CORE
::symlink($old, $new);
517 my ($self, $file) = @_;
521 sub ct_is_directory
{
522 my ($self, $file) = @_;
527 my ($self, $file) = @_;
532 my ($self, $file) = @_;
533 return File
::stat::stat($file);
536 sub ct_file_read_firstline
{
537 my ($self, $file) = @_;
538 return PVE
::Tools
::file_read_firstline
($file);
541 sub ct_file_get_contents
{
542 my ($self, $file) = @_;
543 return PVE
::Tools
::file_get_contents
($file);
546 sub ct_file_set_contents
{
547 my ($self, $file, $data, $perms) = @_;
548 PVE
::Tools
::file_set_contents
($file, $data, $perms);
549 $self->ct_reset_ownership($file);
552 # Modify a marked portion of a file and move it to the beginning of the file.
553 # If the file becomes empty it will be deleted.
554 sub ct_modify_file_head_portion
{
555 my ($self, $file, $head, $tail, $data) = @_;
556 if ($self->ct_file_exists($file)) {
557 my $old = $self->ct_file_get_contents($file);
558 # remove the portion between $head and $tail (all instances via /g)
559 $old =~ s/(?:^|(?<=\n))\Q$head\E.*\Q$tail\E//gs;
562 # old data existed, append and add the trailing newline
564 $self->ct_file_set_contents($file, $head.$data.$tail . $old."\n");
566 $self->ct_file_set_contents($file, $old."\n");
569 # only our own data will be added
570 $self->ct_file_set_contents($file, $head.$data.$tail);
573 $self->ct_unlink($file);
576 $self->ct_file_set_contents($file, $head.$data.$tail);