]>
Commit | Line | Data |
---|---|---|
7af97ad5 | 1 | package PVE::LXC::Setup; |
1c7f4f65 DM |
2 | |
3 | use strict; | |
4 | use warnings; | |
f08b2779 | 5 | use POSIX; |
a8e58e9c | 6 | use PVE::Tools; |
1c7f4f65 | 7 | |
7af97ad5 DM |
8 | use PVE::LXC::Setup::Debian; |
9 | use PVE::LXC::Setup::Ubuntu; | |
81a6ec3f | 10 | use PVE::LXC::Setup::CentOS; |
b0143ab1 | 11 | use PVE::LXC::Setup::Fedora; |
fa7cb12b | 12 | use PVE::LXC::Setup::SUSE; |
7af97ad5 | 13 | use PVE::LXC::Setup::ArchLinux; |
a8700492 | 14 | use PVE::LXC::Setup::Alpine; |
ed027b58 | 15 | use PVE::LXC::Setup::Gentoo; |
1c7f4f65 DM |
16 | |
17 | my $plugins = { | |
7af97ad5 DM |
18 | debian => 'PVE::LXC::Setup::Debian', |
19 | ubuntu => 'PVE::LXC::Setup::Ubuntu', | |
81a6ec3f | 20 | centos => 'PVE::LXC::Setup::CentOS', |
b0143ab1 | 21 | fedora => 'PVE::LXC::Setup::Fedora', |
fa7cb12b | 22 | opensuse => 'PVE::LXC::Setup::SUSE', |
7af97ad5 | 23 | archlinux => 'PVE::LXC::Setup::ArchLinux', |
b012f022 | 24 | arch => 'PVE::LXC::Setup::ArchLinux', |
a8700492 | 25 | alpine => 'PVE::LXC::Setup::Alpine', |
ed027b58 | 26 | gentoo => 'PVE::LXC::Setup::Gentoo', |
1c7f4f65 DM |
27 | }; |
28 | ||
bdd4194c | 29 | my $autodetect_type = sub { |
153747ff WB |
30 | my ($self, $rootdir, $os_release) = @_; |
31 | ||
32 | if (my $id = $os_release->{ID}) { | |
33 | return $id if $id =~ /^(?:alpine|arch|centos|debian|fedora|gentoo|opensuse|ubuntu)$/; | |
34 | } | |
35 | ||
36 | # fallback compatibility checks | |
a8e58e9c DM |
37 | |
38 | my $lsb_fn = "$rootdir/etc/lsb-release"; | |
39 | if (-f $lsb_fn) { | |
40 | my $data = PVE::Tools::file_get_contents($lsb_fn); | |
41 | if ($data =~ m/^DISTRIB_ID=Ubuntu$/im) { | |
42 | return 'ubuntu'; | |
43 | } | |
75c7928e DM |
44 | } |
45 | ||
46 | if (-f "$rootdir/etc/debian_version") { | |
bdd4194c | 47 | return "debian"; |
fa7cb12b WB |
48 | } elsif (-f "$rootdir/etc/SuSE-brand" || -f "$rootdir/etc/SuSE-release") { |
49 | return "opensuse"; | |
b0143ab1 WB |
50 | } elsif (-f "$rootdir/etc/fedora-release") { |
51 | return "fedora"; | |
81a6ec3f WB |
52 | } elsif (-f "$rootdir/etc/centos-release" || -f "$rootdir/etc/redhat-release") { |
53 | return "centos"; | |
c1d32b55 WB |
54 | } elsif (-f "$rootdir/etc/arch-release") { |
55 | return "archlinux"; | |
a8700492 JV |
56 | } elsif (-f "$rootdir/etc/alpine-release") { |
57 | return "alpine"; | |
ed027b58 WB |
58 | } elsif (-f "$rootdir/etc/gentoo-release") { |
59 | return "gentoo"; | |
bdd4194c | 60 | } |
3d9113c2 | 61 | die "unable to detect OS distribution\n"; |
bdd4194c DM |
62 | }; |
63 | ||
1c7f4f65 | 64 | sub new { |
5b4657d0 | 65 | my ($class, $conf, $rootdir, $type) = @_; |
1c7f4f65 | 66 | |
5b4657d0 DM |
67 | die "no root directory\n" if !$rootdir || $rootdir eq '/'; |
68 | ||
5b3614f8 | 69 | my $self = bless { conf => $conf, rootdir => $rootdir}; |
1c7f4f65 | 70 | |
153747ff WB |
71 | my $os_release = $self->get_ct_os_release(); |
72 | ||
238b7e3e DM |
73 | if ($conf->{ostype} && $conf->{ostype} eq 'unmanaged') { |
74 | return $self; | |
75 | } elsif (!defined($type)) { | |
bdd4194c | 76 | # try to autodetect type |
153747ff | 77 | $type = &$autodetect_type($self, $rootdir, $os_release); |
238b7e3e DM |
78 | my $expected_type = $conf->{ostype} || $type; |
79 | ||
80 | die "got unexpected ostype ($type != $expected_type)\n" | |
81 | if $type ne $expected_type; | |
bdd4194c | 82 | } |
238b7e3e | 83 | |
633a7bd8 | 84 | my $plugin_class = $plugins->{$type} || |
1c7f4f65 DM |
85 | "no such OS type '$type'\n"; |
86 | ||
153747ff | 87 | my $plugin = $plugin_class->new($conf, $rootdir, $os_release); |
23d928a1 | 88 | $self->{plugin} = $plugin; |
f08b2779 | 89 | $self->{in_chroot} = 0; |
23d928a1 WB |
90 | |
91 | # Cache some host files we need access to: | |
92 | $plugin->{host_resolv_conf} = PVE::INotify::read_file('resolvconf'); | |
c6a605f9 WB |
93 | |
94 | # pass on user namespace information: | |
95 | my ($id_map, $rootuid, $rootgid) = PVE::LXC::parse_id_maps($conf); | |
96 | if (@$id_map) { | |
97 | $plugin->{id_map} = $id_map; | |
98 | $plugin->{rootuid} = $rootuid; | |
99 | $plugin->{rootgid} = $rootgid; | |
100 | } | |
633a7bd8 | 101 | |
1c7f4f65 DM |
102 | return $self; |
103 | } | |
104 | ||
9ba0e0b5 | 105 | # Forks into a chroot and executes $sub |
f08b2779 WB |
106 | sub protected_call { |
107 | my ($self, $sub) = @_; | |
108 | ||
109 | # avoid recursion: | |
110 | return $sub->() if $self->{in_chroot}; | |
111 | ||
112 | my $rootdir = $self->{rootdir}; | |
113 | if (!-d "$rootdir/dev" && !mkdir("$rootdir/dev")) { | |
114 | die "failed to create temporary /dev directory: $!\n"; | |
115 | } | |
116 | ||
9ba0e0b5 WB |
117 | pipe(my $res_in, my $res_out) or die "pipe failed: $!\n"; |
118 | ||
f08b2779 WB |
119 | my $child = fork(); |
120 | die "fork failed: $!\n" if !defined($child); | |
121 | ||
122 | if (!$child) { | |
9ba0e0b5 | 123 | close($res_in); |
f08b2779 WB |
124 | # avoid recursive forks |
125 | $self->{in_chroot} = 1; | |
f08b2779 | 126 | eval { |
f08b2779 WB |
127 | chroot($rootdir) or die "failed to change root to: $rootdir: $!\n"; |
128 | chdir('/') or die "failed to change to root directory\n"; | |
9ba0e0b5 WB |
129 | my $res = $sub->(); |
130 | if (defined($res)) { | |
131 | print {$res_out} "$res"; | |
132 | $res_out->flush(); | |
133 | } | |
f08b2779 WB |
134 | }; |
135 | if (my $err = $@) { | |
797e12e8 | 136 | warn $err; |
f08b2779 WB |
137 | POSIX::_exit(1); |
138 | } | |
139 | POSIX::_exit(0); | |
140 | } | |
9ba0e0b5 WB |
141 | close($res_out); |
142 | my $result = do { local $/ = undef; <$res_in> }; | |
f08b2779 | 143 | while (waitpid($child, 0) != $child) {} |
952de558 WB |
144 | if ($? != 0) { |
145 | my $method = (caller(1))[3]; | |
146 | die "error in setup task $method\n"; | |
147 | } | |
9ba0e0b5 | 148 | return $result; |
f08b2779 WB |
149 | } |
150 | ||
142444d5 DM |
151 | sub template_fixup { |
152 | my ($self) = @_; | |
153 | ||
238b7e3e DM |
154 | return if !$self->{plugin}; # unmanaged |
155 | ||
f08b2779 WB |
156 | my $code = sub { |
157 | $self->{plugin}->template_fixup($self->{conf}); | |
158 | }; | |
159 | $self->protected_call($code); | |
142444d5 DM |
160 | } |
161 | ||
1c7f4f65 | 162 | sub setup_network { |
55fa4e09 | 163 | my ($self) = @_; |
1c7f4f65 | 164 | |
238b7e3e DM |
165 | return if !$self->{plugin}; # unmanaged |
166 | ||
f08b2779 WB |
167 | my $code = sub { |
168 | $self->{plugin}->setup_network($self->{conf}); | |
169 | }; | |
170 | $self->protected_call($code); | |
1c7f4f65 DM |
171 | } |
172 | ||
173 | sub set_hostname { | |
174 | my ($self) = @_; | |
175 | ||
238b7e3e DM |
176 | return if !$self->{plugin}; # unmanaged |
177 | ||
f08b2779 WB |
178 | my $code = sub { |
179 | $self->{plugin}->set_hostname($self->{conf}); | |
180 | }; | |
181 | $self->protected_call($code); | |
1c7f4f65 DM |
182 | } |
183 | ||
c325b32f DM |
184 | sub set_dns { |
185 | my ($self) = @_; | |
186 | ||
238b7e3e DM |
187 | return if !$self->{plugin}; # unmanaged |
188 | ||
f08b2779 WB |
189 | my $code = sub { |
190 | $self->{plugin}->set_dns($self->{conf}); | |
191 | }; | |
192 | $self->protected_call($code); | |
c325b32f DM |
193 | } |
194 | ||
d66768a2 DM |
195 | sub setup_init { |
196 | my ($self) = @_; | |
197 | ||
238b7e3e DM |
198 | return if !$self->{plugin}; # unmanaged |
199 | ||
f08b2779 WB |
200 | my $code = sub { |
201 | $self->{plugin}->setup_init($self->{conf}); | |
202 | }; | |
203 | $self->protected_call($code); | |
d66768a2 DM |
204 | } |
205 | ||
168d6b07 DM |
206 | sub set_user_password { |
207 | my ($self, $user, $pw) = @_; | |
238b7e3e DM |
208 | |
209 | return if !$self->{plugin}; # unmanaged | |
210 | ||
f08b2779 WB |
211 | my $code = sub { |
212 | $self->{plugin}->set_user_password($self->{conf}, $user, $pw); | |
213 | }; | |
214 | $self->protected_call($code); | |
1c7f4f65 DM |
215 | } |
216 | ||
7ee31468 DM |
217 | sub rewrite_ssh_host_keys { |
218 | my ($self) = @_; | |
219 | ||
238b7e3e DM |
220 | return if !$self->{plugin}; # unmanaged |
221 | ||
797e12e8 WB |
222 | my $conf = $self->{conf}; |
223 | my $plugin = $self->{plugin}; | |
224 | my $rootdir = $self->{rootdir}; | |
225 | ||
feb7383b | 226 | return if ! -d "$rootdir/etc/ssh"; |
797e12e8 WB |
227 | |
228 | my $keynames = { | |
797e12e8 WB |
229 | rsa => 'ssh_host_rsa_key', |
230 | dsa => 'ssh_host_dsa_key', | |
231 | ecdsa => 'ssh_host_ecdsa_key', | |
232 | ed25519 => 'ssh_host_ed25519_key', | |
233 | }; | |
234 | ||
235 | my $hostname = $conf->{hostname} || 'localhost'; | |
236 | $hostname =~ s/\..*$//; | |
52a2d3f8 | 237 | my $ssh_comment = "root\@$hostname"; |
797e12e8 | 238 | |
52a2d3f8 FG |
239 | my $keygen_outfunc = sub { |
240 | my $line = shift; | |
241 | ||
242 | print "done: $line\n" | |
bc77a52b WB |
243 | if $line =~ m/^(?:[0-9a-f]{2}:)+[0-9a-f]{2}\s+\Q$ssh_comment\E$/i || |
244 | $line =~ m/^SHA256:[0-9a-z+\/]{43}\s+\Q$ssh_comment\E$/i; | |
52a2d3f8 | 245 | }; |
797e12e8 | 246 | |
52a2d3f8 | 247 | # Create temporary keys in /tmp on the host |
797e12e8 WB |
248 | my $keyfiles = {}; |
249 | foreach my $keytype (keys %$keynames) { | |
250 | my $basename = $keynames->{$keytype}; | |
251 | my $file = "/tmp/$$.$basename"; | |
252 | print "Creating SSH host key '$basename' - this may take some time ...\n"; | |
52a2d3f8 | 253 | my $cmd = ['ssh-keygen', '-f', $file, '-t', $keytype, |
bc77a52b | 254 | '-N', '', '-E', 'sha256', '-C', $ssh_comment]; |
52a2d3f8 | 255 | PVE::Tools::run_command($cmd, outfunc => $keygen_outfunc); |
39db5e47 WB |
256 | $keyfiles->{"/etc/ssh/$basename"} = [PVE::Tools::file_get_contents($file), 0600]; |
257 | $keyfiles->{"/etc/ssh/$basename.pub"} = [PVE::Tools::file_get_contents("$file.pub"), 0644]; | |
797e12e8 WB |
258 | unlink $file; |
259 | unlink "$file.pub"; | |
260 | } | |
261 | ||
262 | # Write keys out in a protected call | |
263 | ||
f08b2779 | 264 | my $code = sub { |
797e12e8 | 265 | foreach my $file (keys %$keyfiles) { |
39db5e47 | 266 | $plugin->ct_file_set_contents($file, @{$keyfiles->{$file}}); |
797e12e8 | 267 | } |
f08b2779 WB |
268 | }; |
269 | $self->protected_call($code); | |
7ee31468 DM |
270 | } |
271 | ||
d66768a2 DM |
272 | sub pre_start_hook { |
273 | my ($self) = @_; | |
274 | ||
238b7e3e DM |
275 | return if !$self->{plugin}; # unmanaged |
276 | ||
f08b2779 WB |
277 | my $code = sub { |
278 | # Create /fastboot to skip run fsck | |
279 | $self->{plugin}->ct_file_set_contents('/fastboot', ''); | |
2988dbbc | 280 | |
f08b2779 WB |
281 | $self->{plugin}->pre_start_hook($self->{conf}); |
282 | }; | |
283 | $self->protected_call($code); | |
d66768a2 DM |
284 | } |
285 | ||
286 | sub post_create_hook { | |
f36ce482 | 287 | my ($self, $root_password, $ssh_keys) = @_; |
1c7f4f65 | 288 | |
238b7e3e DM |
289 | return if !$self->{plugin}; # unmanaged |
290 | ||
f08b2779 | 291 | my $code = sub { |
f36ce482 | 292 | $self->{plugin}->post_create_hook($self->{conf}, $root_password, $ssh_keys); |
f08b2779 WB |
293 | }; |
294 | $self->protected_call($code); | |
797e12e8 | 295 | $self->rewrite_ssh_host_keys(); |
1c7f4f65 DM |
296 | } |
297 | ||
153747ff WB |
298 | # os-release(5): |
299 | # (...) a newline-separated list of environment-like shell-compatible | |
300 | # variable assignments. (...) beyond mere variable assignments, no shell | |
301 | # features are supported (this means variable expansion is explicitly not | |
302 | # supported) (...). Variable assignment values must be enclosed in double or | |
303 | # single quotes *if* they include spaces, semicolons or other special | |
304 | # characters outside of A-Z, a-z, 0-9. Shell special characters ("$", quotes, | |
305 | # backslash, backtick) must be escaped with backslashes (...). All strings | |
306 | # should be in UTF-8 format, and non-printable characters should not be used. | |
307 | # It is not supported to concatenate multiple individually quoted strings. | |
308 | # Lines beginning with "#" shall be ignored as comments. | |
309 | my $parse_os_release = sub { | |
310 | my ($data) = @_; | |
311 | my $variables = {}; | |
312 | while (defined($data) && $data =~ /^(.+)$/gm) { | |
313 | next if $1 !~ /^\s*([a-zA-Z_][a-zA-Z0-9_]*)=(.*)$/; | |
314 | my ($var, $content) = ($1, $2); | |
315 | chomp $content; | |
316 | ||
317 | if ($content =~ /^'([^']*)'/) { | |
318 | $variables->{$var} = $1; | |
319 | } elsif ($content =~ /^"((?:[^"\\]|\\.)*)"/) { | |
320 | my $s = $1; | |
321 | $s =~ s/(\\["'`nt\$\\])/"\"$1\""/eeg; | |
322 | $variables->{$var} = $s; | |
323 | } elsif ($content =~ /^([A-Za-z0-9]*)/) { | |
324 | $variables->{$var} = $1; | |
325 | } | |
326 | } | |
327 | return $variables; | |
328 | }; | |
329 | ||
330 | sub get_ct_os_release { | |
331 | my ($self) = @_; | |
332 | ||
333 | my $code = sub { | |
334 | if (-f '/etc/os-release') { | |
335 | return PVE::Tools::file_get_contents('/etc/os-release'); | |
336 | } elsif (-f '/usr/lib/os-release') { | |
337 | return PVE::Tools::file_get_contents('/usr/lib/os-release'); | |
338 | } | |
339 | return undef; | |
340 | }; | |
341 | ||
342 | my $data = $self->protected_call($code); | |
343 | ||
344 | return &$parse_os_release($data); | |
345 | } | |
346 | ||
1c7f4f65 | 347 | 1; |