#!/bin/bash
#
-# template script for generating centos container for LXC
+# template script for generating CentOS container for LXC
#
# lxc: linux Container library
lxc_network_type=veth
lxc_network_link=lxcbr0
-# is this centos?
+# is this CentOS?
# Alow for weird remixes like the Raspberry Pi
#
# Use the Mitre standard CPE identifier for the release ID if possible...
then
centos_host_ver=${VERSION_ID}
is_centos=true
-elif [ "${CPE_NAME}" != "" -a "${ID}" = "redhat" -a "${VERSION_ID}" != "" ]
+elif [ "${CPE_NAME}" != "" -a "${ID}" = "redhat" -o "${ID}" = "rhel" -a "${VERSION_ID}" != "" ]
then
+ # RHEL 7+ /etc/os-release ID = 'rhel', which doesn't enter this elif without the added OR statement
redhat_host_ver=${VERSION_ID}
is_redhat=true
elif [ -e /etc/centos-release ]
configure_centos()
{
- # disable selinux in centos
+ # disable selinux in CentOS
mkdir -p $rootfs_path/selinux
echo 0 > $rootfs_path/selinux/enforce
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
-HOSTNAME=${UTSNAME}
+HOSTNAME=${utsname}
NM_CONTROLLED=no
TYPE=Ethernet
MTU=${MTU}
-DHCP_HOSTNAME=$name
+DHCP_HOSTNAME=\`hostname\`
EOF
# set the hostname
cat <<EOF > ${rootfs_path}/etc/sysconfig/network
NETWORKING=yes
-HOSTNAME=${UTSNAME}
+HOSTNAME=${utsname}
EOF
# set minimal hosts
# /dev/tty[1-4] will be symlinks to the ptys /dev/lxc/console and
# /dev/lxc/tty[1-4] so that package updates can overwrite the symlinks.
# lxc will maintain these links and bind mount ptys over /dev/lxc/*
- # since lxc.devttydir is specified in the config.
+ # since lxc.tty.dir is specified in the config.
# allow root login on console, tty[1-4], and pts/0 for libvirt
echo "# LXC (Linux Containers)" >>${rootfs_path}/etc/securetty
# prevent mingetty from calling vhangup(2) since it fails with userns.
# Same issue as oracle template: prevent mingetty from calling vhangup(2)
# commit 2e83f7201c5d402478b9849f0a85c62d5b9f1589.
- sed -i 's|mingetty|mingetty --nohangup|' $container_rootfs/etc/init/tty.conf
+ sed -i 's|mingetty|mingetty --nohangup|' $rootfs_path/etc/init/tty.conf
if [ ${root_display_password} = "yes" ]
then
# power-status-changed - shutdown on SIGPWR
#
start on power-status-changed
-
+
exec /sbin/shutdown -h now "SIGPWR received"
EOF
fi
download_centos()
{
- # check the mini centos was not already downloaded
+ # check the mini CentOS was not already downloaded
INSTALL_ROOT=$cache/partial
mkdir -p $INSTALL_ROOT
if [ $? -ne 0 ]; then
return 1
fi
- # download a mini centos into a cache
- echo "Downloading centos minimal ..."
- if [ $(yum -h | grep 'releasever=RELEASEVER') ];then
- YUM="yum --installroot $INSTALL_ROOT -y --nogpgcheck --releasever=$release"
+ # download a mini CentOS into a cache
+ echo "Downloading CentOS minimal ..."
+ YUM0="yum --installroot $INSTALL_ROOT -y --nogpgcheck"
+
+ if yum -h | grep -q 'releasever=RELEASEVER'; then
+ YUM="$YUM0 --releasever=$release"
else
- YUM="yum --installroot $INSTALL_ROOT -y --nogpgcheck"
+ YUM="$YUM0"
fi
- PKG_LIST="yum initscripts passwd rsyslog vim-minimal openssh-server openssh-clients dhclient chkconfig rootfiles policycoreutils"
+ PKG_LIST="yum initscripts passwd rsyslog vim-minimal openssh-server openssh-clients dhclient chkconfig rootfiles policycoreutils cronie"
# use temporary repository definition
+ # always prefer the repo given by the user
+ # if no repo given, use mirrorlist.centos.org for i386 and x86_64
+ # and http://mirror.centos.org/altarch/ otherwise
REPO_FILE=$INSTALL_ROOT/etc/yum.repos.d/lxc-centos-temp.repo
mkdir -p $(dirname $REPO_FILE)
if [ -n "$repo" ]; then
name=local repository
baseurl="$repo"
EOF
-else
+ elif [ ${basearch} = 'i386' ] || [ ${basearch} = 'x86_64' ]; then
cat <<EOF > $REPO_FILE
[base]
name=CentOS-$release - Base
[updates]
name=CentOS-$release - Updates
mirrorlist=http://mirrorlist.centos.org/?release=$release&arch=$basearch&repo=updates
+EOF
+ else
+ cat <<EOF > $REPO_FILE
+[base]
+name=CentOS-$release - Base
+baseurl=http://mirror.centos.org/altarch/7/os/$basearch/
+
+[updates]
+name=CentOS-$release - Updates
+baseurl=http://mirror.centos.org/altarch/7/updates/$basearch/
EOF
fi
$YUM install $PKG_LIST
+ # create symlink for /var/run -> ../run
+ if [ "$release" = "7" ]; then
+ mv $INSTALL_ROOT/var/run/* $INSTALL_ROOT/run/
+ rmdir $INSTALL_ROOT/var/run
+ ln -sf ../run $INSTALL_ROOT/var/run
+ fi
+
if [ $? -ne 0 ]; then
echo "Failed to download the rootfs, aborting."
return 1
mknod -m 666 $INSTALL_ROOT/$INSTALL_ROOT/dev/urandom c 1 9
mkdir -p $INSTALL_ROOT/$INSTALL_ROOT/var/cache/yum
cp -al $INSTALL_ROOT/var/cache/yum/* $INSTALL_ROOT/$INSTALL_ROOT/var/cache/yum/
- chroot $INSTALL_ROOT $YUM install $PKG_LIST
+ chroot $INSTALL_ROOT $YUM0 install $PKG_LIST
if [ $? -ne 0 ]; then
echo "Failed to download the rootfs, aborting."
return 1
copy_centos()
{
- # make a local copy of the mini centos
+ # make a local copy of the mini CentOS
echo -n "Copying rootfs to $rootfs_path ..."
#cp -a $cache/rootfs-$arch $rootfs_path || return 1
# i prefer rsync (no reason really)
if [ ! -e "$cache/rootfs" ]; then
download_centos
if [ $? -ne 0 ]; then
- echo "Failed to download 'centos base'"
+ echo "Failed to download 'CentOS base'"
return 1
fi
else
echo "Cache found. Updating..."
update_centos
if [ $? -ne 0 ]; then
- echo "Failed to update 'centos base', continuing with last known good cache"
+ echo "Failed to update 'CentOS base', continuing with last known good cache"
else
echo "Update finished"
fi
# Seems that \s doesn't work in brackets.
KEY=$(expr "${LINE}" : '\s*\([^ ]*\)\s*=')
- if [[ "${KEY}" != "lxc.network.hwaddr" ]]
+ if [[ "${KEY}" != "lxc.net.0.hwaddr" ]]
then
echo ${LINE} >> $config_path/config
- if [[ "${KEY}" == "lxc.network.link" ]]
+ if [[ "${KEY}" == "lxc.net.0.link" ]]
then
- echo "lxc.network.hwaddr = $(create_hwaddr)" >> $config_path/config
+ echo "lxc.net.0.hwaddr = $(create_hwaddr)" >> $config_path/config
fi
fi
done < $config_path/config.def
#lxc.aa_profile = unconfined
# example simple networking setup, uncomment to enable
-#lxc.network.type = $lxc_network_type
-#lxc.network.flags = up
-#lxc.network.link = $lxc_network_link
-#lxc.network.name = eth0
+#lxc.net.0.type = $lxc_network_type
+#lxc.net.0.flags = up
+#lxc.net.0.link = $lxc_network_link
+#lxc.net.0.name = eth0
# Additional example for veth network type
# static MAC address,
-#lxc.network.hwaddr = 00:16:3e:77:52:20
+#lxc.net.0.hwaddr = 00:16:3e:77:52:20
# persistent veth device name on host side
# Note: This may potentially collide with other containers of same name!
-#lxc.network.veth.pair = v-$name-e0
+#lxc.net.0.veth.pair = v-$name-e0
EOF
exit 1
fi
- echo -n "Purging the download cache for centos-$release..."
+ echo -n "Purging the download cache for CentOS-$release..."
rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1
exit 0
Optional args:
-p,--path path to where the container rootfs will be created, defaults to /var/lib/lxc/name.
-c,--clean clean the cache
- -R,--release Centos release for the new container. if the host is Centos, then it will defaultto the host's release.
+ -R,--release CentOS release for the new container. If the host is CentOS, then it will default to the host's release.
--fqdn fully qualified domain name (FQDN) for DNS and system naming
--repo repository to use (url)
-a,--arch Define what arch the container will be [i686,x86_64]
fi
fi
-cache_base=@LOCALSTATEDIR@/cache/lxc/centos/$basearch
+# Allow the cache base to be set by environment variable
+cache_base=${LXC_CACHE_PATH:-"@LOCALSTATEDIR@/cache/lxc"}/centos/$basearch
# Let's do something better for the initial root password.
# It's not perfect but it will defeat common scanning brute force
# This is needed to clean out bullshit like 6workstation and 6server.
release=$(expr $redhat_host_ver : '\([0-9.]*\)')
else
- echo "This is not a CentOS or Redhat host and release is missing, defaulting to 6 use -R|--release to specify release"
- release=6
+ echo "This is not a CentOS or Red Hat host and release is missing, defaulting to 7, use -R|--release to specify release"
+ release=7
fi
fi
install_centos
if [ $? -ne 0 ]; then
- echo "failed to install centos"
+ echo "failed to install CentOS"
exit 1
fi
configure_centos
if [ $? -ne 0 ]; then
- echo "failed to configure centos for a container"
+ echo "failed to configure CentOS for a container"
exit 1
fi
else
if [ ${root_expire_password} = "yes" ]
then
- echo "
+ if ( mountpoint -q -- "${rootfs_path}" )
+ then
+ echo "To reset the root password, you can do:
+
+ lxc-start -n ${name}
+ lxc-attach -n ${name} -- passwd
+ lxc-stop -n ${name}
+"
+ else
+ echo "
The root password is set up as "expired" and will require it to be changed
at first login, which you should do as soon as possible. If you lose the
root password or wish to change it without starting the container, you
chroot ${rootfs_path} passwd
"
+ fi
fi
fi