4 # template script for generating centos container for LXC
7 # lxc: linux Container library
10 # Daniel Lezcano <daniel.lezcano@free.fr>
11 # Ramez Hanna <rhanna@informatiq.org>
12 # Fajar A. Nugraha <github@fajar.net>
13 # Michael H. Warfield <mhw@WittsEnd.com>
15 # This library is free software; you can redistribute it and/or
16 # modify it under the terms of the GNU Lesser General Public
17 # License as published by the Free Software Foundation; either
18 # version 2.1 of the License, or (at your option) any later version.
20 # This library is distributed in the hope that it will be useful,
21 # but WITHOUT ANY WARRANTY; without even the implied warranty of
22 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
23 # Lesser General Public License for more details.
25 # You should have received a copy of the GNU Lesser General Public
26 # License along with this library; if not, write to the Free Software
27 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
30 default_path
=@LXCPATH@
32 # Some combinations of the tuning knobs below do not exactly make sense.
35 # If the "root_password" is non-blank, use it, else set a default.
36 # This can be passed to the script as an environment variable and is
37 # set by a shell conditional assignment. Looks weird but it is what it is.
39 # If the root password contains a ding ($) then try to expand it.
40 # That will pick up things like ${name} and ${RANDOM}.
41 # If the root password contians more than 3 consecutive X's, pass it as
42 # a template to mktemp and take the result.
44 # If root_display_password = yes, display the temporary root password at exit.
45 # If root_store_password = yes, store it in the configuration directory
46 # If root_prompt_password = yes, invoke "passwd" to force the user to change
47 # the root password after the container is created.
48 # If root_expire_password = yes, you will be prompted to change the root
49 # password at the first login.
51 # These are conditional assignments... The can be overridden from the
52 # preexisting environment variables...
54 # Make sure this is in single quotes to defer expansion to later!
55 # :{root_password='Root-${name}-${RANDOM}'}
56 : ${root_password='Root-${name}-XXXXXX'}
58 # Now, it doesn't make much sense to display, store, and force change
59 # together. But, we gotta test, right???
60 : ${root_display_password='no'}
61 : ${root_store_password='yes'}
62 # Prompting for something interactive has potential for mayhem
63 # with users running under the API... Don't default to "yes"
64 : ${root_prompt_password='no'}
66 # Expire root password? Default to yes, but can be overridden from
67 # the environment variable
68 : ${root_expire_password='yes'}
70 # These are only going into comments in the resulting config...
72 lxc_network_link
=lxcbr0
75 # Alow for weird remixes like the Raspberry Pi
77 # Use the Mitre standard CPE identifier for the release ID if possible...
78 # This may be in /etc/os-release or /etc/system-release-cpe. We
79 # should be able to use EITHER. Give preference to /etc/os-release for now.
81 # Detect use under userns (unsupported)
83 [ "$arg" = "--" ] && break
84 if [ "$arg" = "--mapped-uid" -o "$arg" = "--mapped-gid" ]; then
85 echo "This template can't be used for unprivileged containers." 1>&2
86 echo "You may want to try the \"download\" template instead." 1>&2
91 # Make sure the usual locations are in PATH
92 export PATH
=$PATH:/usr
/sbin
:/usr
/bin
:/sbin
:/bin
94 if [ -e /etc
/os-release
]
96 # This is a shell friendly configuration file. We can just source it.
97 # What we're looking for in here is the ID, VERSION_ID and the CPE_NAME
99 echo "Host CPE ID from /etc/os-release: ${CPE_NAME}"
102 if [ "${CPE_NAME}" = "" -a -e /etc
/system-release-cpe
]
104 CPE_NAME
=$
(head -n1 /etc
/system-release-cpe
)
105 CPE_URI
=$
(expr ${CPE_NAME} : '\([^:]*:[^:]*\)')
106 if [ "${CPE_URI}" != "cpe:/o" ]
110 # Probably a better way to do this but sill remain posix
111 # compatible but this works, shrug...
112 # Must be nice and not introduce convenient bashisms here.
114 # According to the official registration at Mitre and NIST,
115 # this should have been something like this for CentOS:
116 # cpe:/o:centos:centos:6
118 # cpe:/o:centos:centos:6.5
120 ID
=$
(expr ${CPE_NAME} : '[^:]*:[^:]*:[^:]*:\([^:]*\)')
121 # The "enterprise_linux" is a bone toss back to RHEL.
122 # Since CentOS and RHEL are so tightly coupled, we'll
123 # take the RHEL version if we're running on it and do the
124 # equivalent version for CentOS.
125 if [ ${ID} = "linux" -o ${ID} = "enterprise_linux" ]
127 # Instead we got this: cpe:/o:centos:linux:6
128 ID
=$
(expr ${CPE_NAME} : '[^:]*:[^:]*:\([^:]*\)')
131 VERSION_ID
=$
(expr ${CPE_NAME} : '[^:]*:[^:]*:[^:]*:[^:]*:\([^:]*\)')
132 echo "Host CPE ID from /etc/system-release-cpe: ${CPE_NAME}"
136 if [ "${CPE_NAME}" != "" -a "${ID}" = "centos" -a "${VERSION_ID}" != "" ]
138 centos_host_ver
=${VERSION_ID}
140 elif [ "${CPE_NAME}" != "" -a "${ID}" = "redhat" -a "${VERSION_ID}" != "" ]
142 redhat_host_ver
=${VERSION_ID}
144 elif [ -e /etc
/centos-release
]
146 # Only if all other methods fail, try to parse the redhat-release file.
147 centos_host_ver
=$
( sed -e '/^CentOS /!d' -e 's/CentOS.*\srelease\s*\([0-9][0-9.]*\)\s.*/\1/' < /etc
/centos-release
)
148 if [ "$centos_host_ver" != "" ]
156 # delete a device node if exists, and create a new one
157 rm -f $2 && mknod
-m $1 $2 $3 $4 $5
163 # disable selinux in centos
164 mkdir
-p $rootfs_path/selinux
165 echo 0 > $rootfs_path/selinux
/enforce
167 # Also kill it in the /etc/selinux/config file if it's there...
168 if [ -f $rootfs_path/etc
/selinux
/config
]
170 sed -i '/^SELINUX=/s/.*/SELINUX=disabled/' $rootfs_path/etc
/selinux
/config
173 # Nice catch from Dwight Engen in the Oracle template.
174 # Wantonly plagerized here with much appreciation.
175 if [ -f $rootfs_path/usr
/sbin
/selinuxenabled
]; then
176 mv $rootfs_path/usr
/sbin
/selinuxenabled
$rootfs_path/usr
/sbin
/selinuxenabled.lxcorig
177 ln -s /bin
/false
$rootfs_path/usr
/sbin
/selinuxenabled
180 # This is a known problem and documented in RedHat bugzilla as relating
181 # to a problem with auditing enabled. This prevents an error in
182 # the container "Cannot make/remove an entry for the specified session"
183 sed -i '/^session.*pam_loginuid.so/s/^session/# session/' ${rootfs_path}/etc
/pam.d
/login
184 sed -i '/^session.*pam_loginuid.so/s/^session/# session/' ${rootfs_path}/etc
/pam.d
/sshd
186 if [ -f ${rootfs_path}/etc
/pam.d
/crond
]
188 sed -i '/^session.*pam_loginuid.so/s/^session/# session/' ${rootfs_path}/etc
/pam.d
/crond
191 # In addition to disabling pam_loginuid in the above config files
192 # we'll also disable it by linking it to pam_permit to catch any
193 # we missed or any that get installed after the container is built.
195 # Catch either or both 32 and 64 bit archs.
196 if [ -f ${rootfs_path}/lib
/security
/pam_loginuid.so
]
198 ( cd ${rootfs_path}/lib
/security
/
199 mv pam_loginuid.so pam_loginuid.so.disabled
200 ln -s pam_permit.so pam_loginuid.so
204 if [ -f ${rootfs_path}/lib64
/security
/pam_loginuid.so
]
206 ( cd ${rootfs_path}/lib64
/security
/
207 mv pam_loginuid.so pam_loginuid.so.disabled
208 ln -s pam_permit.so pam_loginuid.so
212 # Set default localtime to the host localtime if not set...
213 if [ -e /etc
/localtime
-a ! -e ${rootfs_path}/etc
/localtime
]
215 # if /etc/localtime is a symlink, this should preserve it.
216 cp -a /etc
/localtime
${rootfs_path}/etc
/localtime
219 # Deal with some dain bramage in the /etc/init.d/halt script.
220 # Trim it and make it our own and link it in before the default
221 # halt script so we can intercept it. This also preventions package
222 # updates from interferring with our interferring with it.
224 # There's generally not much in the halt script that useful but what's
225 # in there from resetting the hardware clock down is generally very bad.
226 # So we just eliminate the whole bottom half of that script in making
227 # ourselves a copy. That way a major update to the init scripts won't
228 # trash what we've set up.
229 if [ -f ${rootfs_path}/etc
/init.d
/halt
]
231 sed -e '/hwclock/,$d' \
232 < ${rootfs_path}/etc
/init.d
/halt \
233 > ${rootfs_path}/etc
/init.d
/lxc-halt
235 echo '$command -f' >> ${rootfs_path}/etc
/init.d
/lxc-halt
236 chmod 755 ${rootfs_path}/etc
/init.d
/lxc-halt
238 # Link them into the rc directories...
240 cd ${rootfs_path}/etc
/rc.d
/rc0.d
241 ln -s ..
/init.d
/lxc-halt S00lxc-halt
242 cd ${rootfs_path}/etc
/rc.d
/rc6.d
243 ln -s ..
/init.d
/lxc-halt S00lxc-reboot
247 # configure the network using the dhcp
248 cat <<EOF > ${rootfs_path}/etc/sysconfig/network-scripts/ifcfg-eth0
259 cat <<EOF > ${rootfs_path}/etc/sysconfig/network
265 cat <<EOF > $rootfs_path/etc/hosts
266 127.0.0.1 localhost $name
270 cat <<EOF > $rootfs_path/etc/fstab
271 /dev/root / rootfs defaults 0 0
272 none /dev/shm tmpfs nosuid,nodev 0 0
275 # create lxc compatibility init script
276 if [ "$release" = "6" ]; then
277 cat <<EOF > $rootfs_path/etc/init/lxc-sysinit.conf
282 if [ "x$container" != "xlxc" -a "x$container" != "xlibvirt" ]; then
285 initctl start tty TTY=console
286 rm -f /var/lock/subsys/*
292 elif [ "$release" = "5" ]; then
293 cat <<EOF > $rootfs_path/etc/rc.d/lxc.sysinit
295 rm -f /etc/mtab /var/run/*.{pid,lock} /var/lock/subsys/*
296 rm -rf {/,/var}/tmp/*
297 echo "/dev/root / rootfs defaults 0 0" > /etc/mtab
300 chmod 755 $rootfs_path/etc
/rc.d
/lxc.sysinit
301 sed -i 's|si::sysinit:/etc/rc.d/rc.sysinit|si::bootwait:/etc/rc.d/lxc.sysinit|' $rootfs_path/etc
/inittab
302 sed -i 's|^1:|co:2345:respawn:/sbin/mingetty console\n1:|' $rootfs_path/etc
/inittab
303 sed -i 's|^\([56]:\)|#\1|' $rootfs_path/etc
/inittab
306 dev_path
="${rootfs_path}/dev"
309 mknod
-m 666 ${dev_path}/null c
1 3
310 mknod
-m 666 ${dev_path}/zero c
1 5
311 mknod
-m 666 ${dev_path}/random c
1 8
312 mknod
-m 666 ${dev_path}/urandom c
1 9
313 mkdir
-m 755 ${dev_path}/pts
314 mkdir
-m 1777 ${dev_path}/shm
315 mknod
-m 666 ${dev_path}/tty c
5 0
316 mknod
-m 666 ${dev_path}/tty0 c
4 0
317 mknod
-m 666 ${dev_path}/tty1 c
4 1
318 mknod
-m 666 ${dev_path}/tty2 c
4 2
319 mknod
-m 666 ${dev_path}/tty3 c
4 3
320 mknod
-m 666 ${dev_path}/tty4 c
4 4
321 mknod
-m 600 ${dev_path}/console c
5 1
322 mknod
-m 666 ${dev_path}/full c
1 7
323 mknod
-m 600 ${dev_path}/initctl p
324 mknod
-m 666 ${dev_path}/ptmx c
5 2
326 # setup console and tty[1-4] for login. note that /dev/console and
327 # /dev/tty[1-4] will be symlinks to the ptys /dev/lxc/console and
328 # /dev/lxc/tty[1-4] so that package updates can overwrite the symlinks.
329 # lxc will maintain these links and bind mount ptys over /dev/lxc/*
330 # since lxc.devttydir is specified in the config.
332 # allow root login on console, tty[1-4], and pts/0 for libvirt
333 echo "# LXC (Linux Containers)" >>${rootfs_path}/etc
/securetty
334 echo "lxc/console" >>${rootfs_path}/etc
/securetty
335 echo "lxc/tty1" >>${rootfs_path}/etc
/securetty
336 echo "lxc/tty2" >>${rootfs_path}/etc
/securetty
337 echo "lxc/tty3" >>${rootfs_path}/etc
/securetty
338 echo "lxc/tty4" >>${rootfs_path}/etc
/securetty
339 echo "# For libvirt/Virtual Machine Monitor" >>${rootfs_path}/etc
/securetty
340 echo "pts/0" >>${rootfs_path}/etc
/securetty
342 if [ ${root_display_password} = "yes" ]
344 echo "Setting root password to '$root_password'"
346 if [ ${root_store_password} = "yes" ]
348 touch ${config_path}/tmp_root_pass
349 chmod 600 ${config_path}/tmp_root_pass
350 echo ${root_password} > ${config_path}/tmp_root_pass
351 echo "Storing root password in '${config_path}/tmp_root_pass'"
354 echo "root:$root_password" | chroot
$rootfs_path chpasswd
356 if [ ${root_expire_password} = "yes" ]
358 # Also set this password as expired to force the user to change it!
359 chroot
$rootfs_path passwd
-e root
362 # This will need to be enhanced for CentOS 7 when systemd
363 # comes into play... /\/\|=mhw=|\/\/
368 configure_centos_init
()
370 sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc
/rc.sysinit
371 sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc
/rc.d
/rc.sysinit
372 if [ "$release" = "6" ]; then
373 chroot
${rootfs_path} chkconfig udev-post off
375 chroot
${rootfs_path} chkconfig network on
377 if [ -d ${rootfs_path}/etc
/init
]
379 # This is to make upstart honor SIGPWR
380 cat <<EOF >${rootfs_path}/etc/init/power-status-changed.conf
381 # power-status-changed - shutdown on SIGPWR
383 start on power-status-changed
385 exec /sbin/shutdown -h now "SIGPWR received"
393 # check the mini centos was not already downloaded
394 INSTALL_ROOT
=$cache/partial
395 mkdir
-p $INSTALL_ROOT
396 if [ $?
-ne 0 ]; then
397 echo "Failed to create '$INSTALL_ROOT' directory"
401 # download a mini centos into a cache
402 echo "Downloading centos minimal ..."
403 YUM
="yum --installroot $INSTALL_ROOT -y --nogpgcheck"
404 PKG_LIST
="yum initscripts passwd rsyslog vim-minimal openssh-server openssh-clients dhclient chkconfig rootfiles policycoreutils"
406 # use temporary repository definition
407 REPO_FILE
=$INSTALL_ROOT/etc
/yum.repos.d
/lxc-centos-temp.repo
408 mkdir
-p $
(dirname $REPO_FILE)
409 if [ -n "$repo" ]; then
410 cat <<EOF > $REPO_FILE
412 name=local repository
416 cat <<EOF > $REPO_FILE
418 name=CentOS-$release - Base
419 mirrorlist=http://mirrorlist.centos.org/?release=$release&arch=$basearch&repo=os
422 name=CentOS-$release - Updates
423 mirrorlist=http://mirrorlist.centos.org/?release=$release&arch=$basearch&repo=updates
427 # create minimal device nodes, needed for "yum install" and "yum update" process
428 mkdir
-p $INSTALL_ROOT/dev
429 force_mknod
666 $INSTALL_ROOT/dev
/null c
1 3
430 force_mknod
666 $INSTALL_ROOT/dev
/urandom c
1 9
432 $YUM install $PKG_LIST
434 if [ $?
-ne 0 ]; then
435 echo "Failed to download the rootfs, aborting."
439 # use same nameservers as hosts, needed for "yum update later"
440 cp /etc
/resolv.conf
$INSTALL_ROOT/etc
/
442 # check whether rpmdb is under $HOME
443 if [ ! -e $INSTALL_ROOT/var
/lib
/rpm
/Packages
-a -e $INSTALL_ROOT/$HOME/.rpmdb
/Packages
]; then
444 echo "Fixing rpmdb location ..."
445 mv $INSTALL_ROOT/$HOME/.rpmdb
/[A-Z
]* $INSTALL_ROOT/var
/lib
/rpm
/
446 rm -rf $INSTALL_ROOT/$HOME/.rpmdb
447 chroot
$INSTALL_ROOT rpm
--rebuilddb 2>/dev
/null
450 # check whether rpmdb version is correct
451 chroot
$INSTALL_ROOT rpm
--quiet -q yum
2>/dev
/null
454 # if "rpm -q" doesn't work due to rpmdb version difference,
455 # then we need to redo the process using the newly-installed yum
456 if [ $ret -gt 0 ]; then
457 echo "Reinstalling packages ..."
458 mv $REPO_FILE $REPO_FILE.tmp
459 mkdir
$INSTALL_ROOT/etc
/yum.repos.disabled
460 mv $INSTALL_ROOT/etc
/yum.repos.d
/*.repo
$INSTALL_ROOT/etc
/yum.repos.disabled
/
461 mv $REPO_FILE.tmp
$REPO_FILE
462 mkdir
-p $INSTALL_ROOT/$INSTALL_ROOT/etc
463 cp /etc
/resolv.conf
$INSTALL_ROOT/$INSTALL_ROOT/etc
/
464 mkdir
-p $INSTALL_ROOT/$INSTALL_ROOT/dev
465 mknod
-m 666 $INSTALL_ROOT/$INSTALL_ROOT/dev
/null c
1 3
466 mknod
-m 666 $INSTALL_ROOT/$INSTALL_ROOT/dev
/urandom c
1 9
467 mkdir
-p $INSTALL_ROOT/$INSTALL_ROOT/var
/cache
/yum
468 cp -al $INSTALL_ROOT/var
/cache
/yum
/* $INSTALL_ROOT/$INSTALL_ROOT/var
/cache
/yum
/
469 chroot
$INSTALL_ROOT $YUM install $PKG_LIST
470 if [ $?
-ne 0 ]; then
471 echo "Failed to download the rootfs, aborting."
474 mv $INSTALL_ROOT/$INSTALL_ROOT $INSTALL_ROOT.tmp
476 mv $INSTALL_ROOT.tmp
$INSTALL_ROOT
480 rm -rf $INSTALL_ROOT/var
/cache
/yum
/*
482 mv "$INSTALL_ROOT" "$cache/rootfs"
483 echo "Download complete."
491 # make a local copy of the mini centos
492 echo -n "Copying rootfs to $rootfs_path ..."
493 #cp -a $cache/rootfs-$arch $rootfs_path || return 1
494 # i prefer rsync (no reason really)
495 mkdir
-p $rootfs_path
496 rsync
-a $cache/rootfs
/ $rootfs_path/
503 YUM
="chroot $cache/rootfs yum -y --nogpgcheck"
505 if [ $?
-ne 0 ]; then
513 mkdir
-p /var
/lock
/subsys
/
516 if [ $?
-ne 0 ]; then
517 echo "Cache repository is busy."
521 echo "Checking cache download in $cache/rootfs ... "
522 if [ ! -e "$cache/rootfs" ]; then
524 if [ $?
-ne 0 ]; then
525 echo "Failed to download 'centos base'"
529 echo "Cache found. Updating..."
531 if [ $?
-ne 0 ]; then
532 echo "Failed to update 'centos base', continuing with last known good cache"
534 echo "Update finished"
538 echo "Copy $cache/rootfs to $rootfs_path ... "
540 if [ $?
-ne 0 ]; then
541 echo "Failed to copy rootfs"
547 ) 9>/var
/lock
/subsys
/lxc-centos
554 openssl rand
-hex 5 |
sed -e 's/\(..\)/:\1/g; s/^/fe/'
559 mkdir
-p $config_path
561 grep -q "^lxc.rootfs" $config_path/config
2>/dev
/null ||
echo "
562 lxc.rootfs = $rootfs_path
563 " >> $config_path/config
565 # The following code is to create static MAC addresses for each
566 # interface in the container. This code will work for multiple
567 # interfaces in the default config.
568 mv $config_path/config
$config_path/config.def
571 # This should catch variable expansions from the default config...
572 if expr "${LINE}" : '.*\$' > /dev
/null
2>&1
574 LINE
=$
(eval "echo \"${LINE}\"")
577 # There is a tab and a space in the regex bracket below!
578 # Seems that \s doesn't work in brackets.
579 KEY
=$
(expr "${LINE}" : '\s*\([^ ]*\)\s*=')
581 if [[ "${KEY}" != "lxc.network.hwaddr" ]]
583 echo ${LINE} >> $config_path/config
585 if [[ "${KEY}" == "lxc.network.link" ]]
587 echo "lxc.network.hwaddr = $(create_hwaddr)" >> $config_path/config
590 done < $config_path/config.def
592 rm -f $config_path/config.def
594 if [ -e "@LXCTEMPLATECONFIG@/centos.common.conf" ]; then
596 # Include common configuration
597 lxc.include = @LXCTEMPLATECONFIG@/centos.common.conf
598 " >> $config_path/config
601 # Append things which require expansion here...
602 cat <<EOF >> $config_path/config
604 lxc.utsname = $utsname
606 lxc.autodev = $auto_dev
608 # When using LXC with apparmor, uncomment the next line to run unconfined:
609 #lxc.aa_profile = unconfined
611 # example simple networking setup, uncomment to enable
612 #lxc.network.type = $lxc_network_type
613 #lxc.network.flags = up
614 #lxc.network.link = $lxc_network_link
615 #lxc.network.name = eth0
616 # Additional example for veth network type
617 # static MAC address,
618 #lxc.network.hwaddr = 00:16:3e:77:52:20
619 # persistent veth device name on host side
620 # Note: This may potentially collide with other containers of same name!
621 #lxc.network.veth.pair = v-$name-e0
625 if [ $?
-ne 0 ]; then
626 echo "Failed to add configuration"
636 if [ ! -e $cache ]; then
640 # lock, so we won't purge while someone is creating a repository
644 echo "Cache repository is busy."
648 echo -n "Purging the download cache for centos-$release..."
649 rm --preserve-root --one-file-system -rf $cache && echo "Done." ||
exit 1
652 ) 9>@LOCALSTATEDIR@
/lock
/subsys
/lxc-centos
659 $1 -n|--name=<container_name>
660 [-p|--path=<path>] [-c|--clean] [-R|--release=<CentOS_release>] [-A|--arch=<arch of the container>]
663 -n,--name container name, used to as an identifier for that container from now on
665 -p,--path path to where the container rootfs will be created, defaults to /var/lib/lxc/name.
666 -c,--clean clean the cache
667 -R,--release Centos release for the new container. if the host is Centos, then it will defaultto the host's release.
668 --fqdn fully qualified domain name (FQDN) for DNS and system naming
669 --repo repository to use (url)
670 -a,--arch Define what arch the container will be [i686,x86_64]
671 -h,--help print this help
676 options
=$
(getopt
-o a
:hp
:n
:cR
: -l help,path
:,rootfs
:,name
:,clean
,release
:,repo
:,arch
:,fqdn
: -- "$@")
677 if [ $?
-ne 0 ]; then
683 eval set -- "$options"
687 -h|
--help) usage
$0 && exit 0;;
688 -p|
--path) path
=$2; shift 2;;
689 --rootfs) rootfs
=$2; shift 2;;
690 -n|
--name) name
=$2; shift 2;;
691 -c|
--clean) clean
=$2; shift 2;;
692 -R|
--release) release
=$2; shift 2;;
693 --repo) repo
="$2"; shift 2;;
694 -a|
--arch) newarch
=$2; shift 2;;
695 --fqdn) utsname
=$2; shift 2;;
696 --) shift 1; break ;;
701 if [ ! -z "$clean" -a -z "$path" ]; then
707 # Map a few architectures to their generic CentOS repository archs.
708 # The two ARM archs are a bit of a guesstimate for the v5 and v6
709 # archs. V6 should have hardware floating point (Rasberry Pi).
710 # The "arm" arch is safer (no hardware floating point). So
711 # there may be cases where we "get it wrong" for some v6 other
714 i686
) basearch
=i386
;;
715 armv3l|armv4l|armv5l
) basearch
=arm
;;
716 armv6l|armv7l|armv8l
) basearch
=armhfp
;;
720 # Somebody wants to specify an arch. This is very limited case.
721 # i386/i586/i686 on i386/x86_64
724 if [ "${newarch}" != "" -a "${newarch}" != "${arch}" ]
728 if [ "${basearch}" = "i386" -o "${basearch}" = "x86_64" ]
730 # Make the arch a generic x86 32 bit...
742 if [ "${basearch}" = "bad" ]
744 echo "You cannot build a ${newarch} CentOS container on a ${arch} host. Sorry!"
749 cache_base
=@LOCALSTATEDIR@
/cache
/lxc
/centos
/$basearch
751 # Let's do something better for the initial root password.
752 # It's not perfect but it will defeat common scanning brute force
753 # attacks in the case where ssh is exposed. It will also be set to
754 # expired, forcing the user to change it at first login.
755 if [ "${root_password}" = "" ]
757 root_password
=Root-
${name}-${RANDOM}
759 # If it's got a ding in it, try and expand it!
760 if [ $
(expr "${root_password}" : '.*$.') != 0 ]
762 root_password
=$
(eval echo "${root_password}")
765 # If it has more than 3 consequtive X's in it, feed it
766 # through mktemp as a template.
767 if [ $
(expr "${root_password}" : '.*XXXX') != 0 ]
769 root_password
=$
(mktemp
-u ${root_password})
773 if [ -z "${utsname}" ]; then
777 # This follows a standard "resolver" convention that an FQDN must have
778 # at least two dots or it is considered a local relative host name.
779 # If it doesn't, append the dns domain name of the host system.
781 # This changes one significant behavior when running
782 # "lxc_create -n Container_Name" without using the
786 # utsname and hostname = Container_Name
788 # utsname and hostname = Container_Name.Domain_Name
790 if [ $
(expr "$utsname" : '.*\..*\.') = 0 ]; then
791 if [[ "$(dnsdomainname)" != "" && "$(dnsdomainname)" != "localdomain" ]]; then
792 utsname
=${utsname}.$
(dnsdomainname
)
796 type yum
>/dev
/null
2>&1
797 if [ $?
-ne 0 ]; then
798 echo "'yum' command is missing"
802 if [ -z "$path" ]; then
803 path
=$default_path/$name
806 if [ -z "$release" ]; then
807 if [ "$is_centos" -a "$centos_host_ver" ]; then
808 release
=$centos_host_ver
809 elif [ "$is_redhat" -a "$redhat_host_ver" ]; then
810 # This is needed to clean out bullshit like 6workstation and 6server.
811 release
=$
(expr $redhat_host_ver : '\([0-9.]*\)')
813 echo "This is not a CentOS or Redhat host and release is missing, defaulting to 6 use -R|--release to specify release"
818 # CentOS 7 and above should run systemd. We need autodev enabled to keep
819 # systemd from causing problems.
821 # There is some ambiguity here due to the differnce between versioning
822 # of point specific releases such as 6.5 and the rolling release 6. We
823 # only want the major number here if it's a point release...
825 mrelease
=$
(expr $release : '\([0-9]*\)')
826 if [ $mrelease -gt 6 ]; then
832 if [ "$(id -u)" != "0" ]; then
833 echo "This script should be run as 'root'"
838 if [ -z "$rootfs_path" ]; then
839 rootfs_path
=$path/rootfs
840 # check for 'lxc.rootfs' passed in through default config by lxc-create
841 if grep -q '^lxc.rootfs' $path/config
2>/dev
/null
; then
842 rootfs_path
=$
(sed -e '/^lxc.rootfs\s*=/!d' -e 's/\s*#.*//' \
843 -e 's/^lxc.rootfs\s*=\s*//' -e q
$path/config
)
847 cache
=$cache_base/$release
851 echo "Interrupted, so cleaning up"
853 # maybe was interrupted before copy config
859 trap revert SIGHUP SIGINT SIGTERM
862 if [ $?
-ne 0 ]; then
863 echo "failed write configuration file"
868 if [ $?
-ne 0 ]; then
869 echo "failed to install centos"
874 if [ $?
-ne 0 ]; then
875 echo "failed to configure centos for a container"
879 configure_centos_init
881 if [ ! -z $clean ]; then
886 Container rootfs and config have been created.
887 Edit the config file to check/enable networking setup.
890 if [ ${root_display_password} = "yes" ]
892 echo "The temporary password for root is: '$root_password'
894 You may want to note that password down before starting the container.
898 if [ ${root_store_password} = "yes" ]
900 echo "The temporary root password is stored in:
902 '${config_path}/tmp_root_pass'
906 if [ ${root_prompt_password} = "yes" ]
908 echo "Invoking the passwd command in the container to set the root password.
910 chroot ${rootfs_path} passwd
912 chroot
${rootfs_path} passwd
914 if [ ${root_expire_password} = "yes" ]
917 The root password is set up as "expired
" and will require it to be changed
918 at first login, which you should do as soon as possible. If you lose the
919 root password or wish to change it without starting the container, you
920 can change it from the host by running the following command (which will
921 also reset the expired flag):
923 chroot ${rootfs_path} passwd