1 package PVE
::LXC
::Setup
;
11 use PVE
::LXC
::Setup
::Alpine
;
12 use PVE
::LXC
::Setup
::ArchLinux
;
13 use PVE
::LXC
::Setup
::CentOS
;
14 use PVE
::LXC
::Setup
::Debian
;
15 use PVE
::LXC
::Setup
::Devuan
;
16 use PVE
::LXC
::Setup
::Fedora
;
17 use PVE
::LXC
::Setup
::Gentoo
;
18 use PVE
::LXC
::Setup
::SUSE
;
19 use PVE
::LXC
::Setup
::Ubuntu
;
20 use PVE
::LXC
::Setup
::NixOS
;
21 use PVE
::LXC
::Setup
::Unmanaged
;
24 alpine
=> 'PVE::LXC::Setup::Alpine',
25 archlinux
=> 'PVE::LXC::Setup::ArchLinux',
26 centos
=> 'PVE::LXC::Setup::CentOS',
27 debian
=> 'PVE::LXC::Setup::Debian',
28 devuan
=> 'PVE::LXC::Setup::Devuan',
29 fedora
=> 'PVE::LXC::Setup::Fedora',
30 gentoo
=> 'PVE::LXC::Setup::Gentoo',
31 opensuse
=> 'PVE::LXC::Setup::SUSE',
32 ubuntu
=> 'PVE::LXC::Setup::Ubuntu',
33 nixos
=> 'PVE::LXC::Setup::NixOS',
34 unmanaged
=> 'PVE::LXC::Setup::Unmanaged',
37 # a map to allow supporting related distro flavours
39 'opensuse-leap' => 'opensuse',
40 'opensuse-tumbleweed' => 'opensuse',
45 my $autodetect_type = sub {
46 my ($self, $rootdir, $os_release) = @_;
48 if (my $id = $os_release->{ID
}) {
49 return $id if $plugins->{$id};
50 return $plugin_alias->{$id} if $plugin_alias->{$id};
51 warn "unknown ID '$id' in /etc/os-release file, trying fallback detection\n";
54 # fallback compatibility checks
56 my $lsb_fn = "$rootdir/etc/lsb-release";
58 my $data = PVE
::Tools
::file_get_contents
($lsb_fn);
59 if ($data =~ m/^DISTRIB_ID=Ubuntu$/im) {
64 if (-f
"$rootdir/etc/debian_version") {
66 } elsif (-f
"$rootdir/etc/devuan_version") {
68 } elsif (-f
"$rootdir/etc/SuSE-brand" || -f
"$rootdir/etc/SuSE-release") {
70 } elsif (-f
"$rootdir/etc/fedora-release") {
72 } elsif (-f
"$rootdir/etc/centos-release" || -f
"$rootdir/etc/redhat-release") {
74 } elsif (-f
"$rootdir/etc/arch-release") {
76 } elsif (-f
"$rootdir/etc/alpine-release") {
78 } elsif (-f
"$rootdir/etc/gentoo-release") {
80 } elsif (-d
"$rootdir/nix/store") {
82 } elsif (-f
"$rootdir/etc/os-release") {
83 die "unable to detect OS distribution\n";
85 warn "/etc/os-release file not found and autodetection failed, falling back to 'unmanaged'\n";
91 my ($class, $conf, $rootdir, $type) = @_;
93 die "no root directory\n" if !$rootdir || $rootdir eq '/';
95 my $self = bless { conf
=> $conf, rootdir
=> $rootdir}, $class;
97 my $os_release = $self->get_ct_os_release();
99 if ($conf->{ostype
} && $conf->{ostype
} eq 'unmanaged') {
101 } elsif (!defined($type)) {
102 # try to autodetect type
103 $type = &$autodetect_type($self, $rootdir, $os_release);
104 my $expected_type = $conf->{ostype
} || $type;
106 if ($type ne $expected_type) {
107 warn "WARNING: /etc not present in CT, is the rootfs mounted?\n"
108 if ! -e
"$rootdir/etc";
109 warn "got unexpected ostype ($type != $expected_type)\n"
113 my $plugin_class = $plugins->{$type} || die "no such OS type '$type'\n";
115 my $plugin = $plugin_class->new($conf, $rootdir, $os_release);
116 $self->{plugin
} = $plugin;
117 $self->{in_chroot
} = 0;
119 # Cache some host files we need access to:
120 $plugin->{host_resolv_conf
} = PVE
::INotify
::read_file
('resolvconf');
121 $plugin->{host_timezone
} = PVE
::INotify
::read_file
('timezone');
123 abs_path
('/etc/localtime') =~ m
|^(/.+)| or die "invalid /etc
/localtime\n"; # untaint
124 $plugin->{host_localtime} = $1;
126 # pass on user namespace information:
127 my ($id_map, $rootuid, $rootgid) = PVE::LXC::parse_id_maps($conf);
129 $plugin->{id_map} = $id_map;
130 $plugin->{rootuid} = $rootuid;
131 $plugin->{rootgid} = $rootgid;
134 # if arch is unset, we try to autodetect it
135 if (!defined($conf->{arch})) {
136 my $arch = eval { $self->protected_call(sub { $plugin->detect_architecture() }) };
139 warn "Architecture detection failed
: $err" if $err;
142 if (!defined($arch)) {
144 print "Falling back to
$arch.\nUse
`pct set VMID --arch ARCH` to change
.\n";
146 print "Detected container architecture
: $arch\n";
149 $conf->{arch} = $arch;
155 # Forks into a chroot and executes $sub
157 my ($self, $sub) = @_;
160 return $sub->() if $self->{in_chroot};
162 pipe(my $res_in, my $res_out) or die "pipe failed
: $!\n";
165 die "fork failed
: $!\n" if !defined($child);
169 # avoid recursive forks
170 $self->{in_chroot} = 1;
172 my $rootdir = $self->{rootdir};
173 chroot($rootdir) or die "failed to change root to
: $rootdir: $!\n";
174 chdir('/') or die "failed to change to root directory
\n";
177 print {$res_out} "$res";
188 my $result = do { local $/ = undef; <$res_in> };
189 while (waitpid($child, 0) != $child) {}
191 my $method = (caller(1))[3];
192 die "error
in setup task
$method\n";
199 $self->protected_call(sub { $self->{plugin}->template_fixup($self->{conf}) });
204 $self->protected_call(sub { $self->{plugin}->setup_network($self->{conf}) });
209 $self->protected_call(sub { $self->{plugin}->set_hostname($self->{conf}) });
214 $self->protected_call(sub { $self->{plugin}->set_dns($self->{conf}) });
219 $self->protected_call(sub { $self->{plugin}->set_timezone($self->{conf}) });
224 $self->protected_call(sub { $self->{plugin}->setup_init($self->{conf}) });
227 sub set_user_password {
228 my ($self, $user, $pw) = @_;
229 $self->protected_call(sub { $self->{plugin}->set_user_password($self->{conf}, $user, $pw) });
232 my sub generate_ssh_key { # create temporary key in hosts' /run, then read and unlink
233 my ($type, $comment) = @_;
236 my $keygen_outfunc = sub {
237 if ($_[0] =~ m/^((?:[0-9a-f]{2}:)+[0-9a-f]{2}|SHA256:[0-9a-z+\/]{43})\s+\Q$comment\E$/i) {
241 my $file = "/run/pve
/.tmp
$$.$type";
242 PVE::Tools::run_command(
243 ['ssh-keygen', '-f', $file, '-t', $type, '-N', '', '-E', 'sha256', '-C', $comment],
244 outfunc => $keygen_outfunc,
246 my ($private) = (PVE::Tools::file_get_contents($file) =~ /^(.*)$/sg); # untaint
247 my ($public) = (PVE::Tools::file_get_contents("$file.pub
") =~ /^(.*)$/sg); # untaint
248 unlink $file, "$file.pub
";
250 return ($key_id, $private, $public);
253 sub rewrite_ssh_host_keys {
256 my $plugin = $self->{plugin};
258 my $keynames = $plugin->ssh_host_key_types_to_generate();
260 return if ! -d "$self->{rootdir
}/etc/ssh
" || !$keynames || !scalar(keys $keynames->%*);
262 my $hostname = $self->{conf}->{hostname} || 'localhost';
263 $hostname =~ s/\..*$//;
266 for my $keytype (keys $keynames->%*) {
267 my $basename = $keynames->{$keytype};
268 print "Creating SSH host key
'$basename' - this may
take some
time ...\n";
269 my ($id, $private, $public) = generate_ssh_key($keytype, "root\
@$hostname");
272 push $keyfiles->@*, ["/etc/ssh
/$basename", $private, 0600], ["/etc
/ssh/$basename.pub
", $public, 0644];
275 $self->protected_call(sub { # write them now all to the CTs rootfs at once
276 for my $file ($keyfiles->@*) {
277 $plugin->ct_file_set_contents($file->@*);
285 $self->protected_call(sub { $self->{plugin}->pre_start_hook($self->{conf}) });
288 sub post_clone_hook {
289 my ($self, $conf) = @_;
291 $self->protected_call(sub { $self->{plugin}->post_clone_hook($conf) });
294 sub post_create_hook {
295 my ($self, $root_password, $ssh_keys) = @_;
297 $self->protected_call(sub {
298 $self->{plugin}->post_create_hook($self->{conf}, $root_password, $ssh_keys);
300 $self->rewrite_ssh_host_keys();
303 sub unified_cgroupv2_support {
306 return $self->{plugin}->unified_cgroupv2_support($self->get_ct_init_path());
310 # (...) a newline-separated list of environment-like shell-compatible
311 # variable assignments. (...) beyond mere variable assignments, no shell
312 # features are supported (this means variable expansion is explicitly not
313 # supported) (...). Variable assignment values must be enclosed in double or
314 # single quotes *if* they include spaces, semicolons or other special
315 # characters outside of A-Z, a-z, 0-9. Shell special characters ("$", quotes,
316 # backslash, backtick) must be escaped with backslashes (...). All strings
317 # should be in UTF-8 format, and non-printable characters should not be used.
318 # It is not supported to concatenate multiple individually quoted strings.
319 # Lines beginning with "#" shall be ignored as comments.
320 my $parse_os_release = sub {
323 while (defined($data) && $data =~ /^(.+)$/gm) {
324 next if $1 !~ /^\s*([a-zA-Z_][a-zA-Z0-9_]*)=(.*)$/;
325 my ($var, $content) = ($1, $2);
328 if ($content =~ /^'([^']*)'/) {
329 $variables->{$var} = $1;
330 } elsif ($content =~ /^"((?:[^"\\]|\\.)*)"/) {
332 $s =~ s/(\\["'`nt\$\\])/"\"$1\""/eeg;
333 $variables->{$var} = $s;
334 } elsif ($content =~ /^([A-Za-z0-9]*)/) {
335 $variables->{$var} = $1;
341 sub get_ct_os_release
{
344 my $data = $self->protected_call(sub {
345 if (-f
'/etc/os-release') {
346 return PVE
::Tools
::file_get_contents
('/etc/os-release');
347 } elsif (-f
'/usr/lib/os-release') {
348 return PVE
::Tools
::file_get_contents
('/usr/lib/os-release');
353 return &$parse_os_release($data);
356 # Checks whether /sbin/init is a symlink, and if it is, resolves it to the actual binary
357 sub get_ct_init_path
{
360 my $init = $self->protected_call(sub {
361 return $self->{plugin
}->get_ct_init_path();