4 # lxc: linux Container library
7 # Daniel Lezcano <daniel.lezcano@free.fr>
9 # This library is free software; you can redistribute it and/or
10 # modify it under the terms of the GNU Lesser General Public
11 # License as published by the Free Software Foundation; either
12 # version 2.1 of the License, or (at your option) any later version.
14 # This library is distributed in the hope that it will be useful,
15 # but WITHOUT ANY WARRANTY; without even the implied warranty of
16 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 # Lesser General Public License for more details.
19 # You should have received a copy of the GNU Lesser General Public
20 # License along with this library; if not, write to the Free Software
21 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
23 SUITE
=${SUITE:-squeeze}
24 MIRROR
=${MIRROR:-http://cdn.debian.net/debian}
31 # squeeze only has /dev/tty and /dev/tty0 by default,
32 # therefore creating missing device nodes for tty1-4.
33 for tty
in $
(seq 1 4); do
34 if [ ! -e $rootfs/dev
/tty
$tty ]; then
35 mknod
$rootfs/dev
/tty
$tty c
4 $tty
39 # configure the inittab
40 cat <<EOF > $rootfs/etc/inittab
42 si::sysinit:/etc/init.d/rcS
43 l0:0:wait:/etc/init.d/rc 0
44 l1:1:wait:/etc/init.d/rc 1
45 l2:2:wait:/etc/init.d/rc 2
46 l3:3:wait:/etc/init.d/rc 3
47 l4:4:wait:/etc/init.d/rc 4
48 l5:5:wait:/etc/init.d/rc 5
49 l6:6:wait:/etc/init.d/rc 6
50 # Normally not reached, but fallthrough in case of emergency.
51 z6:6:respawn:/sbin/sulogin
52 1:2345:respawn:/sbin/getty 38400 console
53 c1:12345:respawn:/sbin/getty 38400 tty1 linux
54 c2:12345:respawn:/sbin/getty 38400 tty2 linux
55 c3:12345:respawn:/sbin/getty 38400 tty3 linux
56 c4:12345:respawn:/sbin/getty 38400 tty4 linux
57 p6::ctrlaltdel:/sbin/init 6
58 p0::powerfail:/sbin/init 0
61 # disable selinux in debian
62 mkdir
-p $rootfs/selinux
63 echo 0 > $rootfs/selinux
/enforce
65 # configure the network using the dhcp
66 cat <<EOF > $rootfs/etc/network/interfaces
68 iface lo inet loopback
75 cat <<EOF > $rootfs/etc/hostname
79 # reconfigure some services
80 if [ -z "$LANG" ]; then
81 chroot
$rootfs locale-gen en_US.UTF-8 UTF-8
82 chroot
$rootfs update-locale LANG
=en_US.UTF-8
84 chroot
$rootfs locale-gen
$LANG $
(echo $LANG | cut
-d.
-f2)
85 chroot
$rootfs update-locale LANG
=$LANG
88 # remove pointless services in a container
89 chroot
$rootfs /usr
/sbin
/update-rc.d
-f checkroot.sh remove
90 chroot
$rootfs /usr
/sbin
/update-rc.d
-f umountfs remove
91 chroot
$rootfs /usr
/sbin
/update-rc.d
-f hwclock.sh remove
92 chroot
$rootfs /usr
/sbin
/update-rc.d
-f hwclockfirst.sh remove
94 echo "root:root" | chroot
$rootfs chpasswd
95 echo "Root password is 'root', please change !"
102 rm -rf $cache/partial-
$SUITE-$arch
103 rm -rf $cache/rootfs-
$SUITE-$arch
122 trap cleanup EXIT SIGHUP SIGINT SIGTERM
123 # check the mini debian was not already downloaded
124 mkdir
-p "$cache/partial-$SUITE-$arch"
125 if [ $?
-ne 0 ]; then
126 echo "Failed to create '$cache/partial-$SUITE-$arch' directory"
130 # download a mini debian into a cache
131 echo "Downloading debian minimal ..."
132 debootstrap
--verbose --variant=minbase
--arch=$arch \
133 --include=$packages \
134 "$SUITE" "$cache/partial-$SUITE-$arch" $MIRROR
135 if [ $?
-ne 0 ]; then
136 echo "Failed to download the rootfs, aborting."
140 mv "$1/partial-$SUITE-$arch" "$1/rootfs-$SUITE-$arch"
141 echo "Download complete."
156 # make a local copy of the minidebian
157 echo -n "Copying rootfs to $rootfs..."
159 rsync
-Ha "$cache/rootfs-$SUITE-$arch"/ $rootfs/ ||
return 1
165 cache
="@LOCALSTATEDIR@/cache/lxc/debian"
167 mkdir
-p @LOCALSTATEDIR@
/lock
/subsys
/
170 if [ $?
-ne 0 ]; then
171 echo "Cache repository is busy."
175 if which dpkg
>/dev
/null
2>&1 ; then
176 arch
=$
(dpkg
--print-architecture)
179 if [ "$arch" = "i686" ]; then
181 elif [ "$arch" = "x86_64" ]; then
183 elif [ "$arch" = "armv7l" ]; then
188 echo "Checking cache download in $cache/rootfs-$SUITE-$arch ... "
189 if [ ! -e "$cache/rootfs-$SUITE-$arch" ]; then
190 download_debian
$cache $arch
191 if [ $?
-ne 0 ]; then
192 echo "Failed to download 'debian base'"
197 copy_debian
$cache $arch $rootfs
198 if [ $?
-ne 0 ]; then
199 echo "Failed to copy rootfs"
205 ) 200>@LOCALSTATEDIR@
/lock
/subsys
/lxc-debian
216 grep -q "^lxc.rootfs" $path/config
2>/dev
/null ||
echo "lxc.rootfs = $rootfs" >> $path/config
217 cat <<EOF >> $path/config
220 lxc.utsname = $hostname
221 lxc.cap.drop = sys_module mac_admin mac_override sys_time
223 # When using LXC with apparmor, uncomment the next line to run unconfined:
224 #lxc.aa_profile = unconfined
226 lxc.cgroup.devices.deny = a
228 lxc.cgroup.devices.allow = c 1:3 rwm
229 lxc.cgroup.devices.allow = c 1:5 rwm
231 lxc.cgroup.devices.allow = c 5:1 rwm
232 lxc.cgroup.devices.allow = c 5:0 rwm
233 lxc.cgroup.devices.allow = c 4:0 rwm
234 lxc.cgroup.devices.allow = c 4:1 rwm
236 lxc.cgroup.devices.allow = c 1:9 rwm
237 lxc.cgroup.devices.allow = c 1:8 rwm
238 lxc.cgroup.devices.allow = c 136:* rwm
239 lxc.cgroup.devices.allow = c 5:2 rwm
241 lxc.cgroup.devices.allow = c 254:0 rm
244 lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
245 lxc.mount.entry = sysfs sys sysfs defaults 0 0
248 if [ $?
-ne 0 ]; then
249 echo "Failed to add configuration"
258 cache
="@LOCALSTATEDIR@/cache/lxc/debian"
260 if [ ! -e $cache ]; then
264 # lock, so we won't purge while someone is creating a repository
268 echo "Cache repository is busy."
272 echo -n "Purging the download cache..."
273 rm --preserve-root --one-file-system -rf $cache && echo "Done." ||
exit 1
276 ) 200>@LOCALSTATEDIR@
/lock
/subsys
/lxc-debian
282 $1 -h|--help -p|--path=<path> --clean
287 options
=$
(getopt
-o hp
:n
:c
-l help,rootfs
:,path
:,name
:,clean
-- "$@")
288 if [ $?
-ne 0 ]; then
292 eval set -- "$options"
297 -h|
--help) usage
$0 && exit 0;;
298 -p|
--path) path
=$2; shift 2;;
299 --rootfs) rootfs
=$2; shift 2;;
300 -n|
--name) name
=$2; shift 2;;
301 -c|
--clean) clean
=$2; shift 2;;
302 --) shift 1; break ;;
307 if [ ! -z "$clean" -a -z "$path" ]; then
313 if [ $?
-ne 0 ]; then
314 echo "'debootstrap' command is missing"
318 if [ -z "$path" ]; then
319 echo "'path' parameter is required"
323 if [ "$(id -u)" != "0" ]; then
324 echo "This script should be run as 'root'"
329 config
="$path/config"
330 if [ -z "$rootfs" ]; then
331 if grep -q '^lxc.rootfs' $config 2>/dev
/null
; then
332 rootfs
=`grep 'lxc.rootfs =' $config | awk -F= '{ print $2 }'`
339 install_debian
$rootfs
340 if [ $?
-ne 0 ]; then
341 echo "failed to install debian"
345 configure_debian
$rootfs $name
346 if [ $?
-ne 0 ]; then
347 echo "failed to configure debian for a container"
351 copy_configuration
$path $rootfs $name
352 if [ $?
-ne 0 ]; then
353 echo "failed write configuration file"
357 if [ ! -z $clean ]; then