]> git.proxmox.com Git - pve-container.git/blob - src/PVE/LXC/Setup.pm
projects / pve-container.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
setup: recognize 'sles' os_release ID
[pve-container.git] / src / PVE / LXC / Setup.pm
1 package PVE::LXC::Setup;
2
3 use strict;
4 use warnings;
5 use POSIX;
6 use PVE::Tools;
7
8 use PVE::LXC::Setup::Debian;
9 use PVE::LXC::Setup::Ubuntu;
10 use PVE::LXC::Setup::CentOS;
11 use PVE::LXC::Setup::Fedora;
12 use PVE::LXC::Setup::SUSE;
13 use PVE::LXC::Setup::ArchLinux;
14 use PVE::LXC::Setup::Alpine;
15 use PVE::LXC::Setup::Gentoo;
16
17 my $plugins = {
18 debian => 'PVE::LXC::Setup::Debian',
19 ubuntu => 'PVE::LXC::Setup::Ubuntu',
20 centos => 'PVE::LXC::Setup::CentOS',
21 fedora => 'PVE::LXC::Setup::Fedora',
22 opensuse => 'PVE::LXC::Setup::SUSE',
23 sles => 'PVE::LXC::Setup::SUSE',
24 archlinux => 'PVE::LXC::Setup::ArchLinux',
25 arch => 'PVE::LXC::Setup::ArchLinux',
26 alpine => 'PVE::LXC::Setup::Alpine',
27 gentoo => 'PVE::LXC::Setup::Gentoo',
28 };
29
30 my $autodetect_type = sub {
31 my ($self, $rootdir, $os_release) = @_;
32
33 if (my $id = $os_release->{ID}) {
34 return $id if $id =~ /^(?:alpine|arch|centos|debian|fedora|gentoo|opensuse|sles|ubuntu)$/;
35 }
36
37 # fallback compatibility checks
38
39 my $lsb_fn = "$rootdir/etc/lsb-release";
40 if (-f $lsb_fn) {
41 my $data = PVE::Tools::file_get_contents($lsb_fn);
42 if ($data =~ m/^DISTRIB_ID=Ubuntu$/im) {
43 return 'ubuntu';
44 }
45 }
46
47 if (-f "$rootdir/etc/debian_version") {
48 return "debian";
49 } elsif (-f "$rootdir/etc/SuSE-brand" || -f "$rootdir/etc/SuSE-release") {
50 return "opensuse";
51 } elsif (-f "$rootdir/etc/fedora-release") {
52 return "fedora";
53 } elsif (-f "$rootdir/etc/centos-release" || -f "$rootdir/etc/redhat-release") {
54 return "centos";
55 } elsif (-f "$rootdir/etc/arch-release") {
56 return "archlinux";
57 } elsif (-f "$rootdir/etc/alpine-release") {
58 return "alpine";
59 } elsif (-f "$rootdir/etc/gentoo-release") {
60 return "gentoo";
61 }
62 die "unable to detect OS distribution\n";
63 };
64
65 sub new {
66 my ($class, $conf, $rootdir, $type) = @_;
67
68 die "no root directory\n" if !$rootdir || $rootdir eq '/';
69
70 my $self = bless { conf => $conf, rootdir => $rootdir};
71
72 my $os_release = $self->get_ct_os_release();
73
74 if ($conf->{ostype} && $conf->{ostype} eq 'unmanaged') {
75 return $self;
76 } elsif (!defined($type)) {
77 # try to autodetect type
78 $type = &$autodetect_type($self, $rootdir, $os_release);
79 my $expected_type = $conf->{ostype} || $type;
80
81 die "got unexpected ostype ($type != $expected_type)\n"
82 if $type ne $expected_type;
83 }
84
85 my $plugin_class = $plugins->{$type} ||
86 "no such OS type '$type'\n";
87
88 my $plugin = $plugin_class->new($conf, $rootdir, $os_release);
89 $self->{plugin} = $plugin;
90 $self->{in_chroot} = 0;
91
92 # Cache some host files we need access to:
93 $plugin->{host_resolv_conf} = PVE::INotify::read_file('resolvconf');
94
95 # pass on user namespace information:
96 my ($id_map, $rootuid, $rootgid) = PVE::LXC::parse_id_maps($conf);
97 if (@$id_map) {
98 $plugin->{id_map} = $id_map;
99 $plugin->{rootuid} = $rootuid;
100 $plugin->{rootgid} = $rootgid;
101 }
102
103 return $self;
104 }
105
106 # Forks into a chroot and executes $sub
107 sub protected_call {
108 my ($self, $sub) = @_;
109
110 # avoid recursion:
111 return $sub->() if $self->{in_chroot};
112
113 my $rootdir = $self->{rootdir};
114 if (!-d "$rootdir/dev" && !mkdir("$rootdir/dev")) {
115 die "failed to create temporary /dev directory: $!\n";
116 }
117
118 pipe(my $res_in, my $res_out) or die "pipe failed: $!\n";
119
120 my $child = fork();
121 die "fork failed: $!\n" if !defined($child);
122
123 if (!$child) {
124 close($res_in);
125 # avoid recursive forks
126 $self->{in_chroot} = 1;
127 eval {
128 chroot($rootdir) or die "failed to change root to: $rootdir: $!\n";
129 chdir('/') or die "failed to change to root directory\n";
130 my $res = $sub->();
131 if (defined($res)) {
132 print {$res_out} "$res";
133 $res_out->flush();
134 }
135 };
136 if (my $err = $@) {
137 warn $err;
138 POSIX::_exit(1);
139 }
140 POSIX::_exit(0);
141 }
142 close($res_out);
143 my $result = do { local $/ = undef; <$res_in> };
144 while (waitpid($child, 0) != $child) {}
145 if ($? != 0) {
146 my $method = (caller(1))[3];
147 die "error in setup task $method\n";
148 }
149 return $result;
150 }
151
152 sub template_fixup {
153 my ($self) = @_;
154
155 return if !$self->{plugin}; # unmanaged
156
157 my $code = sub {
158 $self->{plugin}->template_fixup($self->{conf});
159 };
160 $self->protected_call($code);
161 }
162
163 sub setup_network {
164 my ($self) = @_;
165
166 return if !$self->{plugin}; # unmanaged
167
168 my $code = sub {
169 $self->{plugin}->setup_network($self->{conf});
170 };
171 $self->protected_call($code);
172 }
173
174 sub set_hostname {
175 my ($self) = @_;
176
177 return if !$self->{plugin}; # unmanaged
178
179 my $code = sub {
180 $self->{plugin}->set_hostname($self->{conf});
181 };
182 $self->protected_call($code);
183 }
184
185 sub set_dns {
186 my ($self) = @_;
187
188 return if !$self->{plugin}; # unmanaged
189
190 my $code = sub {
191 $self->{plugin}->set_dns($self->{conf});
192 };
193 $self->protected_call($code);
194 }
195
196 sub setup_init {
197 my ($self) = @_;
198
199 return if !$self->{plugin}; # unmanaged
200
201 my $code = sub {
202 $self->{plugin}->setup_init($self->{conf});
203 };
204 $self->protected_call($code);
205 }
206
207 sub set_user_password {
208 my ($self, $user, $pw) = @_;
209
210 return if !$self->{plugin}; # unmanaged
211
212 my $code = sub {
213 $self->{plugin}->set_user_password($self->{conf}, $user, $pw);
214 };
215 $self->protected_call($code);
216 }
217
218 sub rewrite_ssh_host_keys {
219 my ($self) = @_;
220
221 return if !$self->{plugin}; # unmanaged
222
223 my $conf = $self->{conf};
224 my $plugin = $self->{plugin};
225 my $rootdir = $self->{rootdir};
226
227 return if ! -d "$rootdir/etc/ssh";
228
229 my $keynames = {
230 rsa => 'ssh_host_rsa_key',
231 dsa => 'ssh_host_dsa_key',
232 ecdsa => 'ssh_host_ecdsa_key',
233 ed25519 => 'ssh_host_ed25519_key',
234 };
235
236 my $hostname = $conf->{hostname} || 'localhost';
237 $hostname =~ s/\..*$//;
238 my $ssh_comment = "root\@$hostname";
239
240 my $keygen_outfunc = sub {
241 my $line = shift;
242
243 print "done: $line\n"
244 if $line =~ m/^(?:[0-9a-f]{2}:)+[0-9a-f]{2}\s+\Q$ssh_comment\E$/i ||
245 $line =~ m/^SHA256:[0-9a-z+\/]{43}\s+\Q$ssh_comment\E$/i;
246 };
247
248 # Create temporary keys in /tmp on the host
249 my $keyfiles = {};
250 foreach my $keytype (keys %$keynames) {
251 my $basename = $keynames->{$keytype};
252 my $file = "/tmp/$$.$basename";
253 print "Creating SSH host key '$basename' - this may take some time ...\n";
254 my $cmd = ['ssh-keygen', '-f', $file, '-t', $keytype,
255 '-N', '', '-E', 'sha256', '-C', $ssh_comment];
256 PVE::Tools::run_command($cmd, outfunc => $keygen_outfunc);
257 $keyfiles->{"/etc/ssh/$basename"} = [PVE::Tools::file_get_contents($file), 0600];
258 $keyfiles->{"/etc/ssh/$basename.pub"} = [PVE::Tools::file_get_contents("$file.pub"), 0644];
259 unlink $file;
260 unlink "$file.pub";
261 }
262
263 # Write keys out in a protected call
264
265 my $code = sub {
266 foreach my $file (keys %$keyfiles) {
267 $plugin->ct_file_set_contents($file, @{$keyfiles->{$file}});
268 }
269 };
270 $self->protected_call($code);
271 }
272
273 sub pre_start_hook {
274 my ($self) = @_;
275
276 return if !$self->{plugin}; # unmanaged
277
278 my $code = sub {
279 # Create /fastboot to skip run fsck
280 $self->{plugin}->ct_file_set_contents('/fastboot', '');
281
282 $self->{plugin}->pre_start_hook($self->{conf});
283 };
284 $self->protected_call($code);
285 }
286
287 sub post_create_hook {
288 my ($self, $root_password, $ssh_keys) = @_;
289
290 return if !$self->{plugin}; # unmanaged
291
292 my $code = sub {
293 $self->{plugin}->post_create_hook($self->{conf}, $root_password, $ssh_keys);
294 };
295 $self->protected_call($code);
296 $self->rewrite_ssh_host_keys();
297 }
298
299 # os-release(5):
300 # (...) a newline-separated list of environment-like shell-compatible
301 # variable assignments. (...) beyond mere variable assignments, no shell
302 # features are supported (this means variable expansion is explicitly not
303 # supported) (...). Variable assignment values must be enclosed in double or
304 # single quotes *if* they include spaces, semicolons or other special
305 # characters outside of A-Z, a-z, 0-9. Shell special characters ("$", quotes,
306 # backslash, backtick) must be escaped with backslashes (...). All strings
307 # should be in UTF-8 format, and non-printable characters should not be used.
308 # It is not supported to concatenate multiple individually quoted strings.
309 # Lines beginning with "#" shall be ignored as comments.
310 my $parse_os_release = sub {
311 my ($data) = @_;
312 my $variables = {};
313 while (defined($data) && $data =~ /^(.+)$/gm) {
314 next if $1 !~ /^\s*([a-zA-Z_][a-zA-Z0-9_]*)=(.*)$/;
315 my ($var, $content) = ($1, $2);
316 chomp $content;
317
318 if ($content =~ /^'([^']*)'/) {
319 $variables->{$var} = $1;
320 } elsif ($content =~ /^"((?:[^"\\]|\\.)*)"/) {
321 my $s = $1;
322 $s =~ s/(\\["'`nt\$\\])/"\"$1\""/eeg;
323 $variables->{$var} = $s;
324 } elsif ($content =~ /^([A-Za-z0-9]*)/) {
325 $variables->{$var} = $1;
326 }
327 }
328 return $variables;
329 };
330
331 sub get_ct_os_release {
332 my ($self) = @_;
333
334 my $code = sub {
335 if (-f '/etc/os-release') {
336 return PVE::Tools::file_get_contents('/etc/os-release');
337 } elsif (-f '/usr/lib/os-release') {
338 return PVE::Tools::file_get_contents('/usr/lib/os-release');
339 }
340 return undef;
341 };
342
343 my $data = $self->protected_call($code);
344
345 return &$parse_os_release($data);
346 }
347
348 1;
PVE Container Toolkit