# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+# Detect use under userns (unsupported)
+for arg in "$@"; do
+ [ "$arg" = "--" ] && break
+ if [ "$arg" = "--mapped-uid" -o "$arg" = "--mapped-gid" ]; then
+ echo "This template can't be used for unprivileged containers." 1>&2
+ echo "You may want to try the \"download\" template instead." 1>&2
+ exit 1
+ fi
+done
+
+# Make sure the usual locations are in PATH
+export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin
+
#Configurations
arch=$(uname -m)
cache_base=@LOCALSTATEDIR@/cache/lxc/altlinux/$arch
default_path=@LXCPATH@
default_profile=default
profile_dir=/etc/lxc/profiles
-root_password=rooter
lxc_network_type=veth
lxc_network_link=virbr0
mkdir -p $rootfs_path/selinux
echo 0 > $rootfs_path/selinux/enforce
- mkdir -p ${rootfs_path}/etc/net/ifaces/veth0
- cat <<EOF > ${rootfs_path}/etc/net/ifaces/veth0/options
+ mkdir -p ${rootfs_path}/etc/net/ifaces/eth0
+ cat <<EOF > ${rootfs_path}/etc/net/ifaces/eth0/options
BOOTPROTO=${BOOTPROTO}
ONBOOT=yes
-NM_CONTROLLED=no
+NM_CONTROLLED=yes
TYPE=eth
EOF
if [ ${BOOTPROTO} != "dhcp" ]; then
# ip address
- cat <<EOF > ${rootfs_path}/etc/net/ifaces/veth0/ipv4address
+ cat <<EOF > ${rootfs_path}/etc/net/ifaces/eth0/ipv4address
${ipv4}
EOF
- cat <<EOF > ${rootfs_path}/etc/net/ifaces/veth0/ipv4route
+ cat <<EOF > ${rootfs_path}/etc/net/ifaces/eth0/ipv4route
${gw}
EOF
- cat <<EOF > ${rootfs_path}/etc/net/ifaces/veth0/resolv.conf
+ cat <<EOF > ${rootfs_path}/etc/net/ifaces/eth0/resolv.conf
nameserver ${dns}
EOF
- cat <<EOF > ${rootfs_path}/etc/net/ifaces/veth0/ipv6address
+ cat <<EOF > ${rootfs_path}/etc/net/ifaces/eth0/ipv6address
${ipv6}
EOF
- cat <<EOF > ${rootfs_path}/etc/net/ifaces/veth0/ipv6route
+ cat <<EOF > ${rootfs_path}/etc/net/ifaces/eth0/ipv6route
${gw6}
EOF
echo "pts/0" >> ${rootfs_path}/etc/securetty
echo "console" >> ${rootfs_path}/etc/securetty
- chroot ${rootfs_path} chkconfig network on
- chroot ${rootfs_path} chkconfig syslogd on
- chroot ${rootfs_path} chkconfig random on
- chroot ${rootfs_path} chkconfig rawdevices off
- chroot ${rootfs_path} chkconfig fbsetfont off
-# chroot ${rootfs_path} chkconfig keytable off
+ # Enable services
+ for service in network syslogd random NetworkManager
+ do
+ chroot ${rootfs_path} chkconfig $service --list &>/dev/null && chroot ${rootfs_path} chkconfig $service on || true
+ # For systemd
+ chroot ${rootfs_path} systemctl -q enable $service &>/dev/null|| true
+ done
+ # Disable services
+ for service in rawdevices fbsetfont
+ do
+ chroot ${rootfs_path} chkconfig $service --list &>/dev/null && chroot ${rootfs_path} chkconfig $service off || true
+ chroot ${rootfs_path} systemctl -q disable $service &>/dev/null || true
+ done
subst 's/^\([3-9]\+:[0-9]\+:respawn:\/sbin\/mingetty.*\)/#\1/' ${rootfs_path}/etc/inittab
echo "c1:2345:respawn:/sbin/mingetty --noclear console" >> ${rootfs_path}/etc/inittab
- subst 's,\/dev\/tty12,/var/log/syslog/console,' ${rootfs_path}/etc/syslog.conf
-# touch file for fastboot
- touch ${rootfs_path}/fastboot
- chattr +i ${rootfs_path}/fastboot
+ [ -f "${rootfs_path}/etc/syslog.conf" ] && \
+ subst 's,\/dev\/tty12,/var/log/syslog/console,' ${rootfs_path}/etc/syslog.conf
dev_path="${rootfs_path}/dev"
rm -rf ${dev_path}
mkdir -m 755 ${dev_path}/net
mknod -m 666 ${dev_path}/net/tun c 10 200
- echo "setting root passwd to $root_password"
- echo "root:$root_password" | chroot $rootfs_path chpasswd
+ if [ -n "${root_password}" ]; then
+ echo "setting root passwd to $root_password"
+ echo "root:$root_password" | chroot $rootfs_path chpasswd
+ fi
return 0
}
download_altlinux()
{
+ if [ -z "$aptconfver" ]; then
+ case "$release" in
+ sisyphus)
+ aptconfver=apt-conf-sisyphus ;;
+ *)
+ aptconfver=apt-conf-branch ;;
+ esac
+ fi
+
# check the mini altlinux was not already downloaded
INSTALL_ROOT=$cache/partial
mkdir -p $INSTALL_ROOT
echo "Downloading altlinux minimal ..."
APT_GET="apt-get -o RPM::RootDir=$INSTALL_ROOT -y"
PKG_LIST="$(grep -hs '^[^#]' "$profile_dir/$profile")"
-# PKG_LIST="basesystem apt apt-conf-sisyphus etcnet openssh-server passwd sysklogd net-tools e2fsprogs"
+ # if no configuration file $profile -- fall back to default list of packages
+ [ -z "$PKG_LIST" ] && PKG_LIST="interactivesystem apt $aptconfver etcnet-full openssh-server systemd-sysvinit systemd-units systemd NetworkManager-daemon"
mkdir -p $INSTALL_ROOT/var/lib/rpm
rpm --root $INSTALL_ROOT --initdb
+
+ # some scripts want to have /dev/null at least
+ dev_path="$INSTALL_ROOT/dev"
+ if [ ! -c "${dev_path}/null" ]; then
+ mkdir -p "${dev_path}"
+ mknod -m 666 "${dev_path}/null" c 1 3
+ fi
+
$APT_GET install $PKG_LIST
if [ $? -ne 0 ]; then
#cp -a $cache/rootfs-$arch $rootfs_path || return 1
# i prefer rsync (no reason really)
mkdir -p $rootfs_path
- rsync -Ha $cache/rootfs/ $rootfs_path/
+ rsync -SHaAX $cache/rootfs/ $rootfs_path/
return 0
}
{
mkdir -p $config_path
- grep -q "^lxc.rootfs" $config_path/config 2>/dev/null || echo "lxc.rootfs = $rootfs_path" >> $config_path/config
+ grep -q "^lxc.rootfs.path" $config_path/config 2>/dev/null || echo "lxc.rootfs.path = $rootfs_path" >> $config_path/config
cat <<EOF >> $config_path/config
-lxc.utsname = $name
-lxc.tty = 4
-lxc.pts = 1024
-lxc.mount = $config_path/fstab
+lxc.uts.name = $name
+lxc.tty.max = 4
+lxc.pty.max = 1024
lxc.cap.drop = sys_module mac_admin mac_override sys_time
# When using LXC with apparmor, uncomment the next line to run unconfined:
-#lxc.aa_profile = unconfined
+#lxc.apparmor.profile = unconfined
#networking
-lxc.network.type = $lxc_network_type
-lxc.network.flags = up
-lxc.network.link = $lxc_network_link
-lxc.network.name = veth0
-lxc.network.mtu = 1500
+#lxc.net.0.type = $lxc_network_type
+#lxc.net.0.flags = up
+#lxc.net.0.link = $lxc_network_link
+#lxc.net.0.name = veth0
+#lxc.net.0.mtu = 1500
EOF
if [ ! -z ${ipv4} ]; then
cat <<EOF >> $config_path/config
-lxc.network.ipv4 = $ipv4
+lxc.net.0.ipv4.address = $ipv4
EOF
fi
if [ ! -z ${gw} ]; then
cat <<EOF >> $config_path/config
-lxc.network.ipv4.gateway = $gw
+lxc.net.0.ipv4.gateway = $gw
EOF
fi
if [ ! -z ${ipv6} ]; then
cat <<EOF >> $config_path/config
-lxc.network.ipv6 = $ipv6
+lxc.net.0.ipv6.address = $ipv6
EOF
fi
if [ ! -z ${gw6} ]; then
cat <<EOF >> $config_path/config
-lxc.network.ipv6.gateway = $gw6
+lxc.net.0.ipv6.gateway = $gw6
EOF
fi
cat <<EOF >> $config_path/config
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 10:135 rwm
-EOF
- cat <<EOF > $config_path/fstab
-proc proc proc nodev,noexec,nosuid 0 0
-sysfs sys sysfs defaults 0 0
+lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
EOF
if [ $? -ne 0 ]; then
[-4|--ipv4=<ipv4 address>] [-6|--ipv6=<ipv6 address>]
[-g|--gw=<gw address>] [-d|--dns=<dns address>]
[-P|--profile=<name of the profile>] [--rootfs=<path>]
+ [-a|--apt-conf=<apt-conf>]
[-A|--arch=<arch of the container>]
[-h|--help]
Mandatory args:
-g,--gw specify the default gw, eg. 192.168.1.1
-G,--gw6 specify the default gw, eg. 2003:db8:1:0:214:1234:fe0b:3596
-d,--dns specify the DNS server, eg. 192.168.1.2
+ -a,--apt-conf specify preferred 'apt-conf' package, eg. 'apt-conf-branch'
-P,--profile Profile name is the file name in /etc/lxc/profiles contained packages name for install to cache.
-A,--arch NOT USED YET. Define what arch the container will be [i686,x86_64]
---rootfs rootfs path
return 0
}
-options=$(getopt -o hp:n:P:cR:4:6:g:d: -l help,rootfs:,path:,name:,profile:,clean,release:ipv4:ipv6:gw:dns: -- "$@")
+options=$(getopt -o hp:n:P:cR:4:6:g:d:a: -l help,rootfs:,path:,name:,profile:,clean,release:,ipv4:,ipv6:,gw:,dns:,apt-conf: -- "$@")
if [ $? -ne 0 ]; then
usage $(basename $0)
exit 1
--rootfs) rootfs_path=$2; shift 2;;
-n|--name) name=$2; shift 2;;
-P|--profile) profile=$2; shift 2;;
- -c|--clean) clean=$2; shift 2;;
+ -c|--clean) clean=1; shift 1;;
-R|--release) release=$2; shift 2;;
-4|--ipv4) ipv4=$2; shift 2;;
-6|--ipv6) ipv6=$2; shift 2;;
-g|--gw) gw=$2; shift 2;;
-d|--dns) dns=$2; shift 2;;
+ -a|--apt-conf) aptconfver=$2; shift 2;;
--) shift 1; break ;;
*) break ;;
esac
exit 1
fi
-# check for 'lxc.rootfs' passed in through default config by lxc-create
+# check for 'lxc.rootfs.path' passed in through default config by lxc-create
if [ -z "$rootfs_path" ]; then
- if grep -q '^lxc.rootfs' $path/config 2>/dev/null ; then
- rootfs_path=$(awk -F= '/^lxc.rootfs =/{ print $2 }' $path/config)
+ if grep -q '^lxc.rootfs.path' $path/config 2>/dev/null ; then
+ rootfs_path=$(awk -F= '/^lxc.rootfs.path =/{ print $2 }' $path/config)
else
rootfs_path=$path/rootfs
fi
config_path=$default_path/$name
cache=$cache_base/$release/$profile
-if [ -f $config_path/config ]; then
- echo "A container with that name exists, chose a different name"
- exit 1
-fi
-
install_altlinux
if [ $? -ne 0 ]; then
echo "failed to install altlinux"
exit 1
fi
-if [ ! -z $clean ]; then
+if [ ! -z "$clean" ]; then
clean || exit 1
exit 0
fi
projects / mirror_lxc.git / blobdiff