]>
git.proxmox.com Git - pve-container.git/blob - src/PVE/LXC/Setup.pm
cf72b03cb3dd0ef717f1aa014f6ad193a0e27c84
1 package PVE
::LXC
::Setup
;
10 use PVE
::LXC
::Setup
::Debian
;
11 use PVE
::LXC
::Setup
::Ubuntu
;
12 use PVE
::LXC
::Setup
::CentOS
;
13 use PVE
::LXC
::Setup
::Fedora
;
14 use PVE
::LXC
::Setup
::SUSE
;
15 use PVE
::LXC
::Setup
::ArchLinux
;
16 use PVE
::LXC
::Setup
::Alpine
;
17 use PVE
::LXC
::Setup
::Gentoo
;
18 use PVE
::LXC
::Setup
::Devuan
;
21 debian
=> 'PVE::LXC::Setup::Debian',
22 devuan
=> 'PVE::LXC::Setup::Devuan',
23 ubuntu
=> 'PVE::LXC::Setup::Ubuntu',
24 centos
=> 'PVE::LXC::Setup::CentOS',
25 fedora
=> 'PVE::LXC::Setup::Fedora',
26 opensuse
=> 'PVE::LXC::Setup::SUSE',
27 archlinux
=> 'PVE::LXC::Setup::ArchLinux',
28 alpine
=> 'PVE::LXC::Setup::Alpine',
29 gentoo
=> 'PVE::LXC::Setup::Gentoo',
32 # a map to allow supporting related distro flavours
36 'opensuse-leap' => 'opensuse',
37 'opensuse-tumbleweed' => 'opensuse',
40 my $autodetect_type = sub {
41 my ($self, $rootdir, $os_release) = @_;
43 if (my $id = $os_release->{ID
}) {
44 return $id if $plugins->{$id};
45 return $plugin_alias->{$id} if $plugin_alias->{$id};
46 warn "unknown ID '$id' in /etc/os-release file, trying fallback detection\n";
49 # fallback compatibility checks
51 my $lsb_fn = "$rootdir/etc/lsb-release";
53 my $data = PVE
::Tools
::file_get_contents
($lsb_fn);
54 if ($data =~ m/^DISTRIB_ID=Ubuntu$/im) {
59 if (-f
"$rootdir/etc/debian_version") {
61 } elsif (-f
"$rootdir/etc/devuan_version") {
63 } elsif (-f
"$rootdir/etc/SuSE-brand" || -f
"$rootdir/etc/SuSE-release") {
65 } elsif (-f
"$rootdir/etc/fedora-release") {
67 } elsif (-f
"$rootdir/etc/centos-release" || -f
"$rootdir/etc/redhat-release") {
69 } elsif (-f
"$rootdir/etc/arch-release") {
71 } elsif (-f
"$rootdir/etc/alpine-release") {
73 } elsif (-f
"$rootdir/etc/gentoo-release") {
75 } elsif (-f
"$rootdir/etc/os-release") {
76 die "unable to detect OS distribution\n";
78 warn "/etc/os-release file not found and autodetection failed, falling back to 'unmanaged'\n";
84 my ($class, $conf, $rootdir, $type) = @_;
86 die "no root directory\n" if !$rootdir || $rootdir eq '/';
88 my $self = bless { conf
=> $conf, rootdir
=> $rootdir};
90 my $os_release = $self->get_ct_os_release();
92 if ($conf->{ostype
} && $conf->{ostype
} eq 'unmanaged') {
94 } elsif (!defined($type)) {
95 # try to autodetect type
96 $type = &$autodetect_type($self, $rootdir, $os_release);
97 my $expected_type = $conf->{ostype
} || $type;
99 if ($type ne $expected_type) {
100 warn "WARNING: /etc not present in CT, is the rootfs mounted?\n"
101 if ! -e
"$rootdir/etc";
102 warn "got unexpected ostype ($type != $expected_type)\n"
106 if ($type eq 'unmanaged') {
107 $conf->{ostype
} = $type;
111 my $plugin_class = $plugins->{$type} ||
112 "no such OS type '$type'\n";
114 my $plugin = $plugin_class->new($conf, $rootdir, $os_release);
115 $self->{plugin
} = $plugin;
116 $self->{in_chroot
} = 0;
118 # Cache some host files we need access to:
119 $plugin->{host_resolv_conf
} = PVE
::INotify
::read_file
('resolvconf');
120 $plugin->{host_localtime
} = abs_path
('/etc/localtime');
122 # pass on user namespace information:
123 my ($id_map, $rootuid, $rootgid) = PVE
::LXC
::parse_id_maps
($conf);
125 $plugin->{id_map
} = $id_map;
126 $plugin->{rootuid
} = $rootuid;
127 $plugin->{rootgid
} = $rootgid;
133 # Forks into a chroot and executes $sub
135 my ($self, $sub) = @_;
138 return $sub->() if $self->{in_chroot
};
140 pipe(my $res_in, my $res_out) or die "pipe failed: $!\n";
143 die "fork failed: $!\n" if !defined($child);
147 # avoid recursive forks
148 $self->{in_chroot
} = 1;
150 my $rootdir = $self->{rootdir
};
151 chroot($rootdir) or die "failed to change root to: $rootdir: $!\n";
152 chdir('/') or die "failed to change to root directory\n";
155 print {$res_out} "$res";
166 my $result = do { local $/ = undef; <$res_in> };
167 while (waitpid($child, 0) != $child) {}
169 my $method = (caller(1))[3];
170 die "error in setup task $method\n";
178 return if !$self->{plugin
}; # unmanaged
181 $self->{plugin
}->template_fixup($self->{conf
});
183 $self->protected_call($code);
189 return if !$self->{plugin
}; # unmanaged
192 $self->{plugin
}->setup_network($self->{conf
});
194 $self->protected_call($code);
200 return if !$self->{plugin
}; # unmanaged
203 $self->{plugin
}->set_hostname($self->{conf
});
205 $self->protected_call($code);
211 return if !$self->{plugin
}; # unmanaged
214 $self->{plugin
}->set_dns($self->{conf
});
216 $self->protected_call($code);
222 return if !$self->{plugin
}; # unmanaged
224 $self->{plugin
}->set_timezone($self->{conf
});
226 $self->protected_call($code);
232 return if !$self->{plugin
}; # unmanaged
235 $self->{plugin
}->setup_init($self->{conf
});
237 $self->protected_call($code);
240 sub set_user_password
{
241 my ($self, $user, $pw) = @_;
243 return if !$self->{plugin
}; # unmanaged
246 $self->{plugin
}->set_user_password($self->{conf
}, $user, $pw);
248 $self->protected_call($code);
251 sub rewrite_ssh_host_keys
{
254 return if !$self->{plugin
}; # unmanaged
256 my $conf = $self->{conf
};
257 my $plugin = $self->{plugin
};
258 my $rootdir = $self->{rootdir
};
260 return if ! -d
"$rootdir/etc/ssh";
263 rsa
=> 'ssh_host_rsa_key',
264 dsa
=> 'ssh_host_dsa_key',
265 ecdsa
=> 'ssh_host_ecdsa_key',
266 ed25519
=> 'ssh_host_ed25519_key',
269 my $hostname = $conf->{hostname
} || 'localhost';
270 $hostname =~ s/\..*$//;
271 my $ssh_comment = "root\@$hostname";
273 my $keygen_outfunc = sub {
276 print "done: $line\n"
277 if $line =~ m/^(?:[0-9a-f]{2}:)+[0-9a-f]{2}\s+\Q$ssh_comment\E$/i ||
278 $line =~ m/^SHA256:[0-9a-z+\/]{43}\s
+\Q
$ssh_comment\E$/i;
281 # Create temporary keys in /tmp on the host
283 foreach my $keytype (keys %$keynames) {
284 my $basename = $keynames->{$keytype};
285 my $file = "/tmp/$$.$basename";
286 print "Creating SSH host key '$basename' - this may take some time ...\n";
287 my $cmd = ['ssh-keygen', '-f', $file, '-t', $keytype,
288 '-N', '', '-E', 'sha256', '-C', $ssh_comment];
289 PVE
::Tools
::run_command
($cmd, outfunc
=> $keygen_outfunc);
290 $keyfiles->{"/etc/ssh/$basename"} = [PVE
::Tools
::file_get_contents
($file), 0600];
291 $keyfiles->{"/etc/ssh/$basename.pub"} = [PVE
::Tools
::file_get_contents
("$file.pub"), 0644];
296 # Write keys out in a protected call
299 foreach my $file (keys %$keyfiles) {
300 $plugin->ct_file_set_contents($file, @{$keyfiles->{$file}});
303 $self->protected_call($code);
306 my $container_emulator_path = {
307 'amd64' => '/usr/bin/qemu-x86_64-static',
308 'arm64' => '/usr/bin/qemu-aarch64-static',
314 return if !$self->{plugin
}; # unmanaged
316 my $host_arch = PVE
::Tools
::get_host_arch
();
318 # containers use different architecture names
319 if ($host_arch eq 'x86_64') {
320 $host_arch = 'amd64';
321 } elsif ($host_arch eq 'aarch64') {
322 $host_arch = 'arm64';
324 die "unsupported host architecture '$host_arch'\n";
327 my $container_arch = $self->{conf
}->{arch
};
329 $container_arch = 'amd64' if $container_arch eq 'i386'; # always use 64 bit version
330 $container_arch = 'arm64' if $container_arch eq 'armhf'; # always use 64 bit version
335 if ($host_arch ne $container_arch) {
336 if ($emul = $container_emulator_path->{$container_arch}) {
337 $emul_data = PVE
::Tools
::file_get_contents
($emul, 10*1024*1024) if -f
$emul;
343 if ($emul && $emul_data) {
344 $self->{plugin
}->ct_file_set_contents($emul, $emul_data, 0755);
347 # Create /fastboot to skip run fsck
348 $self->{plugin
}->ct_file_set_contents('/fastboot', '');
350 $self->{plugin
}->pre_start_hook($self->{conf
});
352 $self->protected_call($code);
355 sub post_clone_hook
{
356 my ($self, $conf) = @_;
358 $self->protected_call(sub {
359 $self->{plugin
}->post_clone_hook($conf);
363 sub post_create_hook
{
364 my ($self, $root_password, $ssh_keys) = @_;
366 return if !$self->{plugin
}; # unmanaged
369 $self->{plugin
}->post_create_hook($self->{conf
}, $root_password, $ssh_keys);
371 $self->protected_call($code);
372 $self->rewrite_ssh_host_keys();
376 # (...) a newline-separated list of environment-like shell-compatible
377 # variable assignments. (...) beyond mere variable assignments, no shell
378 # features are supported (this means variable expansion is explicitly not
379 # supported) (...). Variable assignment values must be enclosed in double or
380 # single quotes *if* they include spaces, semicolons or other special
381 # characters outside of A-Z, a-z, 0-9. Shell special characters ("$", quotes,
382 # backslash, backtick) must be escaped with backslashes (...). All strings
383 # should be in UTF-8 format, and non-printable characters should not be used.
384 # It is not supported to concatenate multiple individually quoted strings.
385 # Lines beginning with "#" shall be ignored as comments.
386 my $parse_os_release = sub {
389 while (defined($data) && $data =~ /^(.+)$/gm) {
390 next if $1 !~ /^\s*([a-zA-Z_][a-zA-Z0-9_]*)=(.*)$/;
391 my ($var, $content) = ($1, $2);
394 if ($content =~ /^'([^']*)'/) {
395 $variables->{$var} = $1;
396 } elsif ($content =~ /^"((?:[^"\\]|\\.)*)"/) {
398 $s =~ s/(\\["'`nt\$\\])/"\"$1\""/eeg;
399 $variables->{$var} = $s;
400 } elsif ($content =~ /^([A-Za-z0-9]*)/) {
401 $variables->{$var} = $1;
407 sub get_ct_os_release
{
411 if (-f
'/etc/os-release') {
412 return PVE
::Tools
::file_get_contents
('/etc/os-release');
413 } elsif (-f
'/usr/lib/os-release') {
414 return PVE
::Tools
::file_get_contents
('/usr/lib/os-release');
419 my $data = $self->protected_call($code);
421 return &$parse_os_release($data);