#!/bin/bash
#
-# template script for generating centos container for LXC
+# template script for generating CentOS container for LXC
#
# lxc: linux Container library
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
# You should have received a copy of the GNU Lesser General Public
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#Configurations
-arch=$(arch)
-cache_base=@LOCALSTATEDIR@/cache/lxc/centos/$arch
default_path=@LXCPATH@
-# Some combinations of the tunning knobs below do not exactly make sense.
+# Some combinations of the tuning knobs below do not exactly make sense.
# but that's ok.
#
# If the "root_password" is non-blank, use it, else set a default.
#
# If the root password contains a ding ($) then try to expand it.
# That will pick up things like ${name} and ${RANDOM}.
-# If the root password contians more than 3 consecutive X's, pass it as
+# If the root password contains more than 3 consecutive X's, pass it as
# a template to mktemp and take the result.
#
# If root_display_password = yes, display the temporary root password at exit.
# If root_store_password = yes, store it in the configuration directory
# If root_prompt_password = yes, invoke "passwd" to force the user to change
# the root password after the container is created.
+# If root_expire_password = yes, you will be prompted to change the root
+# password at the first login.
#
# These are conditional assignments... The can be overridden from the
# preexisting environment variables...
# with users running under the API... Don't default to "yes"
: ${root_prompt_password='no'}
+# Expire root password? Default to yes, but can be overridden from
+# the environment variable
+: ${root_expire_password='yes'}
+
# These are only going into comments in the resulting config...
lxc_network_type=veth
lxc_network_link=lxcbr0
-# is this centos?
+# is this CentOS?
# Alow for weird remixes like the Raspberry Pi
#
# Use the Mitre standard CPE identifier for the release ID if possible...
# This may be in /etc/os-release or /etc/system-release-cpe. We
# should be able to use EITHER. Give preference to /etc/os-release for now.
+# Detect use under userns (unsupported)
+for arg in "$@"; do
+ [ "$arg" = "--" ] && break
+ if [ "$arg" = "--mapped-uid" -o "$arg" = "--mapped-gid" ]; then
+ echo "This template can't be used for unprivileged containers." 1>&2
+ echo "You may want to try the \"download\" template instead." 1>&2
+ exit 1
+ fi
+done
+
+# Make sure the usual locations are in PATH
+export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin
+
if [ -e /etc/os-release ]
then
# This is a shell friendly configuration file. We can just source it.
then
centos_host_ver=${VERSION_ID}
is_centos=true
-elif [ "${CPE_NAME}" != "" -a "${ID}" = "redhat" -a "${VERSION_ID}" != "" ]
+elif [ "${CPE_NAME}" != "" -a "${ID}" = "redhat" -o "${ID}" = "rhel" -a "${VERSION_ID}" != "" ]
then
+ # RHEL 7+ /etc/os-release ID = 'rhel', which doesn't enter this elif without the added OR statement
redhat_host_ver=${VERSION_ID}
is_redhat=true
elif [ -e /etc/centos-release ]
fi
fi
-# Map a few architectures to their generic Centos repository archs.
-#
-# CentOS currently doesn't support ARM but it's copied here from
-# the Fedora template for completeness and that it will in the future.
-#
-# The two ARM archs are a bit of a guesstimate for the v5 and v6
-# archs. V6 should have hardware floating point (Rasberry Pi).
-# The "arm" arch is safer (no hardware floating point). So
-# there may be cases where we "get it wrong" for some v6 other
-# than RPi.
-case "$arch" in
-i686) arch=i386 ;;
-armv3l|armv4l|armv5l) arch=arm ;;
-armv6l|armv7l|armv8l) arch=armhfp ;;
-esac
-
force_mknod()
{
# delete a device node if exists, and create a new one
configure_centos()
{
- # disable selinux in centos
+ # disable selinux in CentOS
mkdir -p $rootfs_path/selinux
echo 0 > $rootfs_path/selinux/enforce
)
fi
+ # Set default localtime to the host localtime if not set...
+ if [ -e /etc/localtime -a ! -e ${rootfs_path}/etc/localtime ]
+ then
+ # if /etc/localtime is a symlink, this should preserve it.
+ cp -a /etc/localtime ${rootfs_path}/etc/localtime
+ fi
+
# Deal with some dain bramage in the /etc/init.d/halt script.
# Trim it and make it our own and link it in before the default
# halt script so we can intercept it. This also preventions package
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
-HOSTNAME=${UTSNAME}
+HOSTNAME=${utsname}
NM_CONTROLLED=no
TYPE=Ethernet
MTU=${MTU}
+DHCP_HOSTNAME=\`hostname\`
EOF
# set the hostname
cat <<EOF > ${rootfs_path}/etc/sysconfig/network
NETWORKING=yes
-HOSTNAME=${UTSNAME}
+HOSTNAME=${utsname}
EOF
# set minimal hosts
# set minimal fstab
cat <<EOF > $rootfs_path/etc/fstab
/dev/root / rootfs defaults 0 0
-none /dev/shm tmpfs nosuid,nodev 0 0
EOF
# create lxc compatibility init script
env container
pre-start script
- if [ "x$container" != "xlxc" -a "x$container" != "xlibvirt" ]; then
+ if [ "x\$container" != "xlxc" -a "x\$container" != "xlibvirt" ]; then
stop;
fi
- initctl start tty TTY=console
+
rm -f /var/lock/subsys/*
rm -f /var/run/*.pid
+ [ -e /etc/mtab ] || ln -s /proc/mounts /etc/mtab
+ mkdir -p /dev/shm
+ mount -t tmpfs -o nosuid,nodev tmpfs /dev/shm
+
+ initctl start tty TTY=console
telinit 3
- exit 0;
+ exit 0
end script
EOF
elif [ "$release" = "5" ]; then
EOF
chmod 755 $rootfs_path/etc/rc.d/lxc.sysinit
sed -i 's|si::sysinit:/etc/rc.d/rc.sysinit|si::bootwait:/etc/rc.d/lxc.sysinit|' $rootfs_path/etc/inittab
- sed -i 's|^1:|co:2345:respawn:/sbin/mingetty console\n1:|' $rootfs_path/etc/inittab
+ # prevent mingetty from calling vhangup(2) since it fails with userns.
+ # Same issue as oracle template: prevent mingetty from calling vhangup(2)
+ # commit 2e83f7201c5d402478b9849f0a85c62d5b9f1589.
+ sed -i 's|^1:|co:2345:respawn:/sbin/mingetty --nohangup console\n1:|' $rootfs_path/etc/inittab
sed -i 's|^\([56]:\)|#\1|' $rootfs_path/etc/inittab
fi
mknod -m 600 ${dev_path}/initctl p
mknod -m 666 ${dev_path}/ptmx c 5 2
+ # setup console and tty[1-4] for login. note that /dev/console and
+ # /dev/tty[1-4] will be symlinks to the ptys /dev/lxc/console and
+ # /dev/lxc/tty[1-4] so that package updates can overwrite the symlinks.
+ # lxc will maintain these links and bind mount ptys over /dev/lxc/*
+ # since lxc.tty.dir is specified in the config.
+
+ # allow root login on console, tty[1-4], and pts/0 for libvirt
+ echo "# LXC (Linux Containers)" >>${rootfs_path}/etc/securetty
+ echo "lxc/console" >>${rootfs_path}/etc/securetty
+ echo "lxc/tty1" >>${rootfs_path}/etc/securetty
+ echo "lxc/tty2" >>${rootfs_path}/etc/securetty
+ echo "lxc/tty3" >>${rootfs_path}/etc/securetty
+ echo "lxc/tty4" >>${rootfs_path}/etc/securetty
+ echo "# For libvirt/Virtual Machine Monitor" >>${rootfs_path}/etc/securetty
+ echo "pts/0" >>${rootfs_path}/etc/securetty
+
+ # prevent mingetty from calling vhangup(2) since it fails with userns.
+ # Same issue as oracle template: prevent mingetty from calling vhangup(2)
+ # commit 2e83f7201c5d402478b9849f0a85c62d5b9f1589.
+ sed -i 's|mingetty|mingetty --nohangup|' $rootfs_path/etc/init/tty.conf
+
if [ ${root_display_password} = "yes" ]
then
echo "Setting root password to '$root_password'"
fi
echo "root:$root_password" | chroot $rootfs_path chpasswd
- # Also set this password as expired to force the user to change it!
- chroot $rootfs_path passwd -e root
+
+ if [ ${root_expire_password} = "yes" ]
+ then
+ # Also set this password as expired to force the user to change it!
+ chroot $rootfs_path passwd -e root
+ fi
# This will need to be enhanced for CentOS 7 when systemd
# comes into play... /\/\|=mhw=|\/\/
chroot ${rootfs_path} chkconfig udev-post off
fi
chroot ${rootfs_path} chkconfig network on
+
+ if [ -d ${rootfs_path}/etc/init ]
+ then
+ # This is to make upstart honor SIGPWR
+ cat <<EOF >${rootfs_path}/etc/init/power-status-changed.conf
+# power-status-changed - shutdown on SIGPWR
+#
+start on power-status-changed
+
+exec /sbin/shutdown -h now "SIGPWR received"
+EOF
+ fi
}
download_centos()
{
- # check the mini centos was not already downloaded
+ # check the mini CentOS was not already downloaded
INSTALL_ROOT=$cache/partial
mkdir -p $INSTALL_ROOT
if [ $? -ne 0 ]; then
return 1
fi
- # download a mini centos into a cache
- echo "Downloading centos minimal ..."
- YUM="yum --installroot $INSTALL_ROOT -y --nogpgcheck"
- PKG_LIST="yum initscripts passwd rsyslog vim-minimal openssh-server openssh-clients dhclient chkconfig rootfiles policycoreutils"
+ # download a mini CentOS into a cache
+ echo "Downloading CentOS minimal ..."
+ YUM0="yum --installroot $INSTALL_ROOT -y --nogpgcheck"
+
+ if yum -h | grep -q 'releasever=RELEASEVER'; then
+ YUM="$YUM0 --releasever=$release"
+ else
+ YUM="$YUM0"
+ fi
+ PKG_LIST="yum initscripts passwd rsyslog vim-minimal openssh-server openssh-clients dhclient chkconfig rootfiles policycoreutils cronie"
# use temporary repository definition
+ # always prefer the repo given by the user
+ # if no repo given, use mirrorlist.centos.org for i386 and x86_64
+ # and http://mirror.centos.org/altarch/ otherwise
REPO_FILE=$INSTALL_ROOT/etc/yum.repos.d/lxc-centos-temp.repo
mkdir -p $(dirname $REPO_FILE)
- cat <<EOF > $REPO_FILE
+ if [ -n "$repo" ]; then
+ cat <<EOF > $REPO_FILE
+[base]
+name=local repository
+baseurl="$repo"
+EOF
+ elif [ ${basearch} = 'i386' ] || [ ${basearch} = 'x86_64' ]; then
+ cat <<EOF > $REPO_FILE
+[base]
+name=CentOS-$release - Base
+mirrorlist=http://mirrorlist.centos.org/?release=$release&arch=$basearch&repo=os
+
+[updates]
+name=CentOS-$release - Updates
+mirrorlist=http://mirrorlist.centos.org/?release=$release&arch=$basearch&repo=updates
+EOF
+ else
+ cat <<EOF > $REPO_FILE
[base]
name=CentOS-$release - Base
-mirrorlist=http://mirrorlist.centos.org/?release=$release&arch=$arch&repo=os
+baseurl=http://mirror.centos.org/altarch/7/os/$basearch/
[updates]
name=CentOS-$release - Updates
-mirrorlist=http://mirrorlist.centos.org/?release=$release&arch=$arch&repo=updates
+baseurl=http://mirror.centos.org/altarch/7/updates/$basearch/
EOF
+ fi
# create minimal device nodes, needed for "yum install" and "yum update" process
mkdir -p $INSTALL_ROOT/dev
$YUM install $PKG_LIST
+ # create symlink for /var/run -> ../run
+ if [ "$release" = "7" ]; then
+ mv $INSTALL_ROOT/var/run/* $INSTALL_ROOT/run/
+ rmdir $INSTALL_ROOT/var/run
+ ln -sf ../run $INSTALL_ROOT/var/run
+ fi
+
if [ $? -ne 0 ]; then
echo "Failed to download the rootfs, aborting."
return 1
mknod -m 666 $INSTALL_ROOT/$INSTALL_ROOT/dev/urandom c 1 9
mkdir -p $INSTALL_ROOT/$INSTALL_ROOT/var/cache/yum
cp -al $INSTALL_ROOT/var/cache/yum/* $INSTALL_ROOT/$INSTALL_ROOT/var/cache/yum/
- chroot $INSTALL_ROOT $YUM install $PKG_LIST
+ chroot $INSTALL_ROOT $YUM0 install $PKG_LIST
if [ $? -ne 0 ]; then
echo "Failed to download the rootfs, aborting."
return 1
copy_centos()
{
- # make a local copy of the mini centos
+ # make a local copy of the mini CentOS
echo -n "Copying rootfs to $rootfs_path ..."
#cp -a $cache/rootfs-$arch $rootfs_path || return 1
# i prefer rsync (no reason really)
mkdir -p $rootfs_path
- rsync -a $cache/rootfs/ $rootfs_path/
+ rsync -SHaAX $cache/rootfs/ $rootfs_path/
echo
return 0
}
if [ ! -e "$cache/rootfs" ]; then
download_centos
if [ $? -ne 0 ]; then
- echo "Failed to download 'centos base'"
+ echo "Failed to download 'CentOS base'"
return 1
fi
else
echo "Cache found. Updating..."
update_centos
if [ $? -ne 0 ]; then
- echo "Failed to update 'centos base', continuing with last known good cache"
+ echo "Failed to update 'CentOS base', continuing with last known good cache"
else
echo "Update finished"
fi
create_hwaddr()
{
- echo $(dd if=/dev/urandom bs=8 count=1 2>/dev/null | md5sum |
- sed -e 's/\(..\)\(..\)\(..\)\(..\)\(..\).*/fe:\1:\2:\3:\4:\5/')
+ openssl rand -hex 5 | sed -e 's/\(..\)/:\1/g; s/^/fe/'
}
copy_configuration()
{
mkdir -p $config_path
- grep -q "^lxc.rootfs" $config_path/config 2>/dev/null || echo "
-lxc.rootfs = $rootfs_path
+ grep -q "^lxc.rootfs.path" $config_path/config 2>/dev/null || echo "
+lxc.rootfs.path = $rootfs_path
" >> $config_path/config
# The following code is to create static MAC addresses for each
# Seems that \s doesn't work in brackets.
KEY=$(expr "${LINE}" : '\s*\([^ ]*\)\s*=')
- if [[ "${KEY}" != "lxc.network.hwaddr" ]]
+ if [[ "${KEY}" != "lxc.net.0.hwaddr" ]]
then
echo ${LINE} >> $config_path/config
- if [[ "${KEY}" == "lxc.network.link" ]]
+ if [[ "${KEY}" == "lxc.net.0.link" ]]
then
- echo "lxc.network.hwaddr = $(create_hwaddr)" >> $config_path/config
+ echo "lxc.net.0.hwaddr = $(create_hwaddr)" >> $config_path/config
fi
fi
done < $config_path/config.def
rm -f $config_path/config.def
- cat <<EOF >> $config_path/config
-lxc.utsname = $utsname
-lxc.tty = 4
-lxc.pts = 1024
-lxc.mount = $config_path/fstab
-lxc.cap.drop = sys_module mac_admin mac_override sys_time
+ if [ -e "@LXCTEMPLATECONFIG@/centos.common.conf" ]; then
+ echo "
+# Include common configuration
+lxc.include = @LXCTEMPLATECONFIG@/centos.common.conf
+" >> $config_path/config
+ fi
-lxc.autodev = $auto_dev
+ # Append things which require expansion here...
+ cat <<EOF >> $config_path/config
+lxc.arch = $arch
+lxc.uts.name = $utsname
# When using LXC with apparmor, uncomment the next line to run unconfined:
-#lxc.aa_profile = unconfined
+#lxc.apparmor.profile = unconfined
# example simple networking setup, uncomment to enable
-#lxc.network.type = $lxc_network_type
-#lxc.network.flags = up
-#lxc.network.link = $lxc_network_link
-#lxc.network.name = eth0
+#lxc.net.0.type = $lxc_network_type
+#lxc.net.0.flags = up
+#lxc.net.0.link = $lxc_network_link
+#lxc.net.0.name = eth0
# Additional example for veth network type
# static MAC address,
-#lxc.network.hwaddr = 00:16:3e:77:52:20
+#lxc.net.0.hwaddr = 00:16:3e:77:52:20
# persistent veth device name on host side
# Note: This may potentially collide with other containers of same name!
-#lxc.network.veth.pair = v-$name-e0
-
-#cgroups
-lxc.cgroup.devices.deny = a
-# /dev/null and zero
-lxc.cgroup.devices.allow = c 1:3 rwm
-lxc.cgroup.devices.allow = c 1:5 rwm
-# consoles
-lxc.cgroup.devices.allow = c 5:1 rwm
-lxc.cgroup.devices.allow = c 5:0 rwm
-# /dev/{,u}random
-lxc.cgroup.devices.allow = c 1:9 rwm
-lxc.cgroup.devices.allow = c 1:8 rwm
-lxc.cgroup.devices.allow = c 136:* rwm
-lxc.cgroup.devices.allow = c 5:2 rwm
-# rtc
-lxc.cgroup.devices.allow = c 254:0 rwm
-EOF
+#lxc.net.0.veth.pair = v-$name-e0
- cat <<EOF > $config_path/fstab
-proc proc proc nodev,noexec,nosuid 0 0
-sysfs sys sysfs defaults 0 0
EOF
if [ $? -ne 0 ]; then
exit 1
fi
- echo -n "Purging the download cache for centos-$release..."
+ echo -n "Purging the download cache for CentOS-$release..."
rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1
exit 0
cat <<EOF
usage:
$1 -n|--name=<container_name>
- [-p|--path=<path>] [-c|--clean] [-R|--release=<CentOS_release>] [-
A|--arch=<arch of the container>]
+ [-p|--path=<path>] [-c|--clean] [-R|--release=<CentOS_release>] [-
a|--arch=<arch of the container>]
[-h|--help]
Mandatory args:
-n,--name container name, used to as an identifier for that container from now on
Optional args:
- -p,--path path to where the container rootfs will be created, defaults to /var/lib/lxc. The container config will go under /var/lib/lxc in that case
+ -p,--path path to where the container rootfs will be created, defaults to /var/lib/lxc/name.
-c,--clean clean the cache
- -R,--release Centos release for the new container. if the host is Centos, then it will defaultto the host's release.
+ -R,--release CentOS release for the new container. If the host is CentOS, then it will default to the host's release.
--fqdn fully qualified domain name (FQDN) for DNS and system naming
- -A,--arch NOT USED YET. Define what arch the container will be [i686,x86_64]
+ --repo repository to use (url)
+ -a,--arch Define what arch the container will be [i686,x86_64]
-h,--help print this help
EOF
return 0
}
-options=$(getopt -o hp:n:cR: -l help,path:,rootfs:,name:,clean,release:,fqdn: -- "$@")
+options=$(getopt -o a:hp:n:cR: -l help,path:,rootfs:,name:,clean,release:,repo:,arch:,fqdn: -- "$@")
if [ $? -ne 0 ]; then
usage $(basename $0)
exit 1
fi
-eval set -- "$options"
+arch=$(uname -m)
+eval set -- "$options"
while true
do
case "$1" in
-h|--help) usage $0 && exit 0;;
-p|--path) path=$2; shift 2;;
- --rootfs) rootfs=$2; shift 2;;
+ --rootfs) rootfs_path=$2; shift 2;;
-n|--name) name=$2; shift 2;;
- -c|--clean) clean=$2; shift 2;;
+ -c|--clean) clean=1; shift 1;;
-R|--release) release=$2; shift 2;;
+ --repo) repo="$2"; shift 2;;
+ -a|--arch) newarch=$2; shift 2;;
--fqdn) utsname=$2; shift 2;;
--) shift 1; break ;;
*) break ;;
exit 0
fi
+basearch=${arch}
+# Map a few architectures to their generic CentOS repository archs.
+# The two ARM archs are a bit of a guesstimate for the v5 and v6
+# archs. V6 should have hardware floating point (Rasberry Pi).
+# The "arm" arch is safer (no hardware floating point). So
+# there may be cases where we "get it wrong" for some v6 other
+# than RPi.
+case "$arch" in
+i686) basearch=i386 ;;
+armv3l|armv4l|armv5l) basearch=arm ;;
+armv6l|armv7l|armv8l) basearch=armhfp ;;
+*) ;;
+esac
+
+# Somebody wants to specify an arch. This is very limited case.
+# i386/i586/i686 on i386/x86_64
+# - or -
+# x86_64 on x86_64
+if [ "${newarch}" != "" -a "${newarch}" != "${arch}" ]
+then
+ case "${newarch}" in
+ i386|i586|i686)
+ if [ "${basearch}" = "i386" -o "${basearch}" = "x86_64" ]
+ then
+ # Make the arch a generic x86 32 bit...
+ arch=${newarch}
+ basearch=i386
+ else
+ basearch=bad
+ fi
+ ;;
+ *)
+ basearch=bad
+ ;;
+ esac
+
+ if [ "${basearch}" = "bad" ]
+ then
+ echo "You cannot build a ${newarch} CentOS container on a ${arch} host. Sorry!"
+ exit 1
+ fi
+fi
+
+# Allow the cache base to be set by environment variable
+cache_base=${LXC_CACHE_PATH:-"@LOCALSTATEDIR@/cache/lxc"}/centos/$basearch
+
# Let's do something better for the initial root password.
# It's not perfect but it will defeat common scanning brute force
# attacks in the case where ssh is exposed. It will also be set to
root_password=$(eval echo "${root_password}")
fi
- # If it has more than 3 consequtive X's in it, feed it
+ # If it has more than 3 consecutive X's in it, feed it
# through mktemp as a template.
if [ $(expr "${root_password}" : '.*XXXX') != 0 ]
then
# This is needed to clean out bullshit like 6workstation and 6server.
release=$(expr $redhat_host_ver : '\([0-9.]*\)')
else
- echo "This is not a CentOS or Redhat host and release is missing, defaulting to 6 use -R|--release to specify release"
- release=6
+ echo "This is not a CentOS or Red Hat host and release is missing, defaulting to 7, use -R|--release to specify release"
+ release=7
fi
fi
-# CentOS 7 and above should run systemd. We need autodev enabled to keep
-# systemd from causing problems.
-#
-# There is some ambiguity here due to the differnce between versioning
-# of point specific releases such as 6.5 and the rolling release 6. We
-# only want the major number here if it's a point release...
-
-mrelease=$(expr $release : '\([0-9]*\)')
-if [ $mrelease -gt 6 ]; then
- auto_dev="1"
-else
- auto_dev="0"
-fi
-
if [ "$(id -u)" != "0" ]; then
echo "This script should be run as 'root'"
exit 1
fi
-
if [ -z "$rootfs_path" ]; then
rootfs_path=$path/rootfs
- # check for 'lxc.rootfs' passed in through default config by lxc-create
- if grep -q '^lxc.rootfs' $path/config 2>/dev/null ; then
- rootfs_path=`grep 'lxc.rootfs =' $path/config | awk -F= '{ print $2 }'`
+ # check for 'lxc.rootfs.path' passed in through default config by lxc-create
+ if grep -q '^lxc.rootfs.path' $path/config 2>/dev/null ; then
+ rootfs_path=$(sed -e '/^lxc.rootfs.path\s*=/!d' -e 's/\s*#.*//' \
+ -e 's/^lxc.rootfs.path\s*=\s*//' -e q $path/config)
fi
fi
-config_path=$default_path/$name
+config_path=$path
cache=$cache_base/$release
revert()
lxc-destroy -n $name
# maybe was interrupted before copy config
rm -rf $path
- rm -rf $default_path/$name
echo "exiting..."
exit 1
}
install_centos
if [ $? -ne 0 ]; then
- echo "failed to install centos"
+ echo "failed to install CentOS"
exit 1
fi
configure_centos
if [ $? -ne 0 ]; then
- echo "failed to configure centos for a container"
+ echo "failed to configure CentOS for a container"
exit 1
fi
configure_centos_init
-if [ ! -z $clean ]; then
+if [ ! -z "$clean" ]; then
clean || exit 1
exit 0
fi
"
chroot ${rootfs_path} passwd
else
- echo "
+ if [ ${root_expire_password} = "yes" ]
+ then
+ if ( mountpoint -q -- "${rootfs_path}" )
+ then
+ echo "To reset the root password, you can do:
+
+ lxc-start -n ${name}
+ lxc-attach -n ${name} -- passwd
+ lxc-stop -n ${name}
+"
+ else
+ echo "
The root password is set up as "expired" and will require it to be changed
at first login, which you should do as soon as possible. If you lose the
root password or wish to change it without starting the container, you
chroot ${rootfs_path} passwd
"
+ fi
+ fi
fi
projects / mirror_lxc.git / blobdiff