templates/lxc-debian.in

   1 #!/bin/bash
   2
   3 #
   4 # lxc: linux Container library
   5
   6 # Authors:
   7 # Daniel Lezcano <daniel.lezcano@free.fr>
   8
   9 # This library is free software; you can redistribute it and/or
  10 # modify it under the terms of the GNU Lesser General Public
  11 # License as published by the Free Software Foundation; either
  12 # version 2.1 of the License, or (at your option) any later version.
  13
  14 # This library is distributed in the hope that it will be useful,
  15 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  16 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  17 # Lesser General Public License for more details.
  18
  19 # You should have received a copy of the GNU Lesser General Public
  20 # License along with this library; if not, write to the Free Software
  21 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  22
  23 SUITE=${SUITE:-squeeze}
  24 MIRROR=${MIRROR:-http://cdn.debian.net/debian}
  25
  26 configure_debian()
  27 {
  28     rootfs=$1
  29     hostname=$2
  30
  31     # squeeze only has /dev/tty and /dev/tty0 by default,
  32     # therefore creating missing device nodes for tty1-4.
  33     for tty in $(seq 1 4); do
  34         if [ ! -e $rootfs/dev/tty$tty ]; then
  35             mknod $rootfs/dev/tty$tty c 4 $tty
  36         fi
  37     done
  38
  39     # configure the inittab
  40     cat <<EOF > $rootfs/etc/inittab
  41 id:3:initdefault:
  42 si::sysinit:/etc/init.d/rcS
  43 l0:0:wait:/etc/init.d/rc 0
  44 l1:1:wait:/etc/init.d/rc 1
  45 l2:2:wait:/etc/init.d/rc 2
  46 l3:3:wait:/etc/init.d/rc 3
  47 l4:4:wait:/etc/init.d/rc 4
  48 l5:5:wait:/etc/init.d/rc 5
  49 l6:6:wait:/etc/init.d/rc 6
  50 # Normally not reached, but fallthrough in case of emergency.
  51 z6:6:respawn:/sbin/sulogin
  52 1:2345:respawn:/sbin/getty 38400 console
  53 c1:12345:respawn:/sbin/getty 38400 tty1 linux
  54 c2:12345:respawn:/sbin/getty 38400 tty2 linux
  55 c3:12345:respawn:/sbin/getty 38400 tty3 linux
  56 c4:12345:respawn:/sbin/getty 38400 tty4 linux
  57 p6::ctrlaltdel:/sbin/init 6
  58 p0::powerfail:/sbin/init 0
  59 EOF
  60
  61     # disable selinux in debian
  62     mkdir -p $rootfs/selinux
  63     echo 0 > $rootfs/selinux/enforce
  64
  65     # configure the network using the dhcp
  66     cat <<EOF > $rootfs/etc/network/interfaces
  67 auto lo
  68 iface lo inet loopback
  69
  70 auto eth0
  71 iface eth0 inet dhcp
  72 EOF
  73
  74     # set the hostname
  75     cat <<EOF > $rootfs/etc/hostname
  76 $hostname
  77 EOF
  78
  79     # reconfigure some services
  80     if [ -z "$LANG" ]; then
  81         chroot $rootfs locale-gen en_US.UTF-8 UTF-8
  82         chroot $rootfs update-locale LANG=en_US.UTF-8
  83     else
  84         chroot $rootfs locale-gen $LANG $(echo $LANG | cut -d. -f2)
  85         chroot $rootfs update-locale LANG=$LANG
  86     fi
  87
  88     # remove pointless services in a container
  89     chroot $rootfs /usr/sbin/update-rc.d -f checkroot.sh remove
  90     chroot $rootfs /usr/sbin/update-rc.d -f umountfs remove
  91     chroot $rootfs /usr/sbin/update-rc.d -f hwclock.sh remove
  92     chroot $rootfs /usr/sbin/update-rc.d -f hwclockfirst.sh remove
  93
  94     echo "root:root" | chroot $rootfs chpasswd
  95     echo "Root password is 'root', please change !"
  96
  97     return 0
  98 }
  99
 100 cleanup()
 101 {
 102     rm -rf $cache/partial-$SUITE-$arch
 103     rm -rf $cache/rootfs-$SUITE-$arch
 104 }
 105
 106 download_debian()
 107 {
 108     packages=\
 109 ifupdown,\
 110 locales,\
 111 libui-dialog-perl,\
 112 dialog,\
 113 isc-dhcp-client,\
 114 netbase,\
 115 net-tools,\
 116 iproute,\
 117 openssh-server
 118
 119     cache=$1
 120     arch=$2
 121
 122     trap cleanup EXIT SIGHUP SIGINT SIGTERM
 123     # check the mini debian was not already downloaded
 124     mkdir -p "$cache/partial-$SUITE-$arch"
 125     if [ $? -ne 0 ]; then
 126         echo "Failed to create '$cache/partial-$SUITE-$arch' directory"
 127         return 1
 128     fi
 129
 130     # download a mini debian into a cache
 131     echo "Downloading debian minimal ..."
 132     debootstrap --verbose --variant=minbase --arch=$arch \
 133         --include=$packages \
 134         "$SUITE" "$cache/partial-$SUITE-$arch" $MIRROR
 135     if [ $? -ne 0 ]; then
 136         echo "Failed to download the rootfs, aborting."
 137         return 1
 138     fi
 139
 140     mv "$1/partial-$SUITE-$arch" "$1/rootfs-$SUITE-$arch"
 141     echo "Download complete."
 142     trap EXIT
 143     trap SIGINT
 144     trap SIGTERM
 145     trap SIGHUP
 146
 147     return 0
 148 }
 149
 150 copy_debian()
 151 {
 152     cache=$1
 153     arch=$2
 154     rootfs=$3
 155
 156     # make a local copy of the minidebian
 157     echo -n "Copying rootfs to $rootfs..."
 158     mkdir -p $rootfs
 159     rsync -Ha "$cache/rootfs-$SUITE-$arch"/ $rootfs/ || return 1
 160     return 0
 161 }
 162
 163 install_debian()
 164 {
 165     cache="@LOCALSTATEDIR@/cache/lxc/debian"
 166     rootfs=$1
 167     mkdir -p @LOCALSTATEDIR@/lock/subsys/
 168     (
 169         flock -x 200
 170         if [ $? -ne 0 ]; then
 171             echo "Cache repository is busy."
 172             return 1
 173         fi
 174
 175         if which dpkg >/dev/null 2>&1 ; then
 176             arch=$(dpkg --print-architecture)
 177         else
 178             arch=$(uname -m)
 179             if [ "$arch" = "i686" ]; then
 180                 arch="i386"
 181             elif [ "$arch" = "x86_64" ]; then
 182                 arch="amd64"
 183             elif [ "$arch" = "armv7l" ]; then
 184                 arch="armhf"
 185             fi
 186         fi
 187
 188         echo "Checking cache download in $cache/rootfs-$SUITE-$arch ... "
 189         if [ ! -e "$cache/rootfs-$SUITE-$arch" ]; then
 190             download_debian $cache $arch
 191             if [ $? -ne 0 ]; then
 192                 echo "Failed to download 'debian base'"
 193                 return 1
 194             fi
 195         fi
 196
 197         copy_debian $cache $arch $rootfs
 198         if [ $? -ne 0 ]; then
 199             echo "Failed to copy rootfs"
 200             return 1
 201         fi
 202
 203         return 0
 204
 205         ) 200>@LOCALSTATEDIR@/lock/subsys/lxc-debian
 206
 207     return $?
 208 }
 209
 210 copy_configuration()
 211 {
 212     path=$1
 213     rootfs=$2
 214     hostname=$3
 215
 216     grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config
 217     cat <<EOF >> $path/config
 218 lxc.tty = 4
 219 lxc.pts = 1024
 220 lxc.utsname = $hostname
 221 lxc.cap.drop = sys_module mac_admin mac_override sys_time
 222
 223 # When using LXC with apparmor, uncomment the next line to run unconfined:
 224 #lxc.aa_profile = unconfined
 225
 226 lxc.cgroup.devices.deny = a
 227 # /dev/null and zero
 228 lxc.cgroup.devices.allow = c 1:3 rwm
 229 lxc.cgroup.devices.allow = c 1:5 rwm
 230 # consoles
 231 lxc.cgroup.devices.allow = c 5:1 rwm
 232 lxc.cgroup.devices.allow = c 5:0 rwm
 233 lxc.cgroup.devices.allow = c 4:0 rwm
 234 lxc.cgroup.devices.allow = c 4:1 rwm
 235 # /dev/{,u}random
 236 lxc.cgroup.devices.allow = c 1:9 rwm
 237 lxc.cgroup.devices.allow = c 1:8 rwm
 238 lxc.cgroup.devices.allow = c 136:* rwm
 239 lxc.cgroup.devices.allow = c 5:2 rwm
 240 # rtc
 241 lxc.cgroup.devices.allow = c 254:0 rm
 242
 243 # mounts point
 244 lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
 245 lxc.mount.entry = sysfs sys sysfs defaults  0 0
 246 EOF
 247
 248     if [ $? -ne 0 ]; then
 249         echo "Failed to add configuration"
 250         return 1
 251     fi
 252
 253     return 0
 254 }
 255
 256 clean()
 257 {
 258     cache="@LOCALSTATEDIR@/cache/lxc/debian"
 259
 260     if [ ! -e $cache ]; then
 261         exit 0
 262     fi
 263
 264     # lock, so we won't purge while someone is creating a repository
 265     (
 266         flock -x 200
 267         if [ $? != 0 ]; then
 268             echo "Cache repository is busy."
 269             exit 1
 270         fi
 271
 272         echo -n "Purging the download cache..."
 273         rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1
 274         exit 0
 275
 276     ) 200>@LOCALSTATEDIR@/lock/subsys/lxc-debian
 277 }
 278
 279 usage()
 280 {
 281     cat <<EOF
 282 $1 -h|--help -p|--path=<path> --clean
 283 EOF
 284     return 0
 285 }
 286
 287 options=$(getopt -o hp:n:c -l help,rootfs:,path:,name:,clean -- "$@")
 288 if [ $? -ne 0 ]; then
 289         usage $(basename $0)
 290         exit 1
 291 fi
 292 eval set -- "$options"
 293
 294 while true
 295 do
 296     case "$1" in
 297         -h|--help)      usage $0 && exit 0;;
 298         -p|--path)      path=$2; shift 2;;
 299         --rootfs)       rootfs=$2; shift 2;;
 300         -n|--name)      name=$2; shift 2;;
 301         -c|--clean)     clean=$2; shift 2;;
 302         --)             shift 1; break ;;
 303         *)              break ;;
 304     esac
 305 done
 306
 307 if [ ! -z "$clean" -a -z "$path" ]; then
 308     clean || exit 1
 309     exit 0
 310 fi
 311
 312 type debootstrap
 313 if [ $? -ne 0 ]; then
 314     echo "'debootstrap' command is missing"
 315     exit 1
 316 fi
 317
 318 if [ -z "$path" ]; then
 319     echo "'path' parameter is required"
 320     exit 1
 321 fi
 322
 323 if [ "$(id -u)" != "0" ]; then
 324     echo "This script should be run as 'root'"
 325     exit 1
 326 fi
 327
 328 # detect rootfs
 329 config="$path/config"
 330 if [ -z "$rootfs" ]; then
 331     if grep -q '^lxc.rootfs' $config 2>/dev/null ; then
 332         rootfs=`grep 'lxc.rootfs =' $config | awk -F= '{ print $2 }'`
 333     else
 334         rootfs=$path/rootfs
 335     fi
 336 fi
 337
 338
 339 install_debian $rootfs
 340 if [ $? -ne 0 ]; then
 341     echo "failed to install debian"
 342     exit 1
 343 fi
 344
 345 configure_debian $rootfs $name
 346 if [ $? -ne 0 ]; then
 347     echo "failed to configure debian for a container"
 348     exit 1
 349 fi
 350
 351 copy_configuration $path $rootfs $name
 352 if [ $? -ne 0 ]; then
 353     echo "failed write configuration file"
 354     exit 1
 355 fi
 356
 357 if [ ! -z $clean ]; then
 358     clean || exit 1
 359     exit 0
 360 fi