]> git.proxmox.com Git - pve-container.git/blob - src/PVE/LXC/Setup.pm
projects / pve-container.git / blob
? search:


9b91539fd65785088eee39a51ed5eeccfa72f00d
[pve-container.git] / src / PVE / LXC / Setup.pm
1 package PVE::LXC::Setup;
2
3 use strict;
4 use warnings;
5 use POSIX;
6 use PVE::Tools;
7
8 use PVE::LXC::Setup::Debian;
9 use PVE::LXC::Setup::Ubuntu;
10 use PVE::LXC::Setup::CentOS;
11 use PVE::LXC::Setup::Fedora;
12 use PVE::LXC::Setup::SUSE;
13 use PVE::LXC::Setup::ArchLinux;
14 use PVE::LXC::Setup::Alpine;
15 use PVE::LXC::Setup::Gentoo;
16
17 my $plugins = {
18 debian => 'PVE::LXC::Setup::Debian',
19 ubuntu => 'PVE::LXC::Setup::Ubuntu',
20 centos => 'PVE::LXC::Setup::CentOS',
21 fedora => 'PVE::LXC::Setup::Fedora',
22 opensuse => 'PVE::LXC::Setup::SUSE',
23 archlinux => 'PVE::LXC::Setup::ArchLinux',
24 alpine => 'PVE::LXC::Setup::Alpine',
25 gentoo => 'PVE::LXC::Setup::Gentoo',
26 };
27
28 # a map to allow supporting related distro flavours
29 my $plugin_alias = {
30 arch => 'archlinux',
31 sles => 'opensuse',
32 };
33
34 my $autodetect_type = sub {
35 my ($self, $rootdir, $os_release) = @_;
36
37 if (my $id = $os_release->{ID}) {
38 return $id if $plugins->{$id};
39 return $plugin_alias->{$id} if $plugin_alias->{$id};
40 }
41
42 # fallback compatibility checks
43
44 my $lsb_fn = "$rootdir/etc/lsb-release";
45 if (-f $lsb_fn) {
46 my $data = PVE::Tools::file_get_contents($lsb_fn);
47 if ($data =~ m/^DISTRIB_ID=Ubuntu$/im) {
48 return 'ubuntu';
49 }
50 }
51
52 if (-f "$rootdir/etc/debian_version") {
53 return "debian";
54 } elsif (-f "$rootdir/etc/SuSE-brand" || -f "$rootdir/etc/SuSE-release") {
55 return "opensuse";
56 } elsif (-f "$rootdir/etc/fedora-release") {
57 return "fedora";
58 } elsif (-f "$rootdir/etc/centos-release" || -f "$rootdir/etc/redhat-release") {
59 return "centos";
60 } elsif (-f "$rootdir/etc/arch-release") {
61 return "archlinux";
62 } elsif (-f "$rootdir/etc/alpine-release") {
63 return "alpine";
64 } elsif (-f "$rootdir/etc/gentoo-release") {
65 return "gentoo";
66 }
67 die "unable to detect OS distribution\n";
68 };
69
70 sub new {
71 my ($class, $conf, $rootdir, $type) = @_;
72
73 die "no root directory\n" if !$rootdir || $rootdir eq '/';
74
75 my $self = bless { conf => $conf, rootdir => $rootdir};
76
77 my $os_release = $self->get_ct_os_release();
78
79 if ($conf->{ostype} && $conf->{ostype} eq 'unmanaged') {
80 return $self;
81 } elsif (!defined($type)) {
82 # try to autodetect type
83 $type = &$autodetect_type($self, $rootdir, $os_release);
84 my $expected_type = $conf->{ostype} || $type;
85
86 warn "got unexpected ostype ($type != $expected_type)\n"
87 if $type ne $expected_type;
88 }
89
90 my $plugin_class = $plugins->{$type} ||
91 "no such OS type '$type'\n";
92
93 my $plugin = $plugin_class->new($conf, $rootdir, $os_release);
94 $self->{plugin} = $plugin;
95 $self->{in_chroot} = 0;
96
97 # Cache some host files we need access to:
98 $plugin->{host_resolv_conf} = PVE::INotify::read_file('resolvconf');
99
100 # pass on user namespace information:
101 my ($id_map, $rootuid, $rootgid) = PVE::LXC::parse_id_maps($conf);
102 if (@$id_map) {
103 $plugin->{id_map} = $id_map;
104 $plugin->{rootuid} = $rootuid;
105 $plugin->{rootgid} = $rootgid;
106 }
107
108 return $self;
109 }
110
111 # Forks into a chroot and executes $sub
112 sub protected_call {
113 my ($self, $sub) = @_;
114
115 # avoid recursion:
116 return $sub->() if $self->{in_chroot};
117
118 my $rootdir = $self->{rootdir};
119 if (!-d "$rootdir/dev" && !mkdir("$rootdir/dev")) {
120 die "failed to create temporary /dev directory: $!\n";
121 }
122
123 pipe(my $res_in, my $res_out) or die "pipe failed: $!\n";
124
125 my $child = fork();
126 die "fork failed: $!\n" if !defined($child);
127
128 if (!$child) {
129 close($res_in);
130 # avoid recursive forks
131 $self->{in_chroot} = 1;
132 eval {
133 chroot($rootdir) or die "failed to change root to: $rootdir: $!\n";
134 chdir('/') or die "failed to change to root directory\n";
135 my $res = $sub->();
136 if (defined($res)) {
137 print {$res_out} "$res";
138 $res_out->flush();
139 }
140 };
141 if (my $err = $@) {
142 warn $err;
143 POSIX::_exit(1);
144 }
145 POSIX::_exit(0);
146 }
147 close($res_out);
148 my $result = do { local $/ = undef; <$res_in> };
149 while (waitpid($child, 0) != $child) {}
150 if ($? != 0) {
151 my $method = (caller(1))[3];
152 die "error in setup task $method\n";
153 }
154 return $result;
155 }
156
157 sub template_fixup {
158 my ($self) = @_;
159
160 return if !$self->{plugin}; # unmanaged
161
162 my $code = sub {
163 $self->{plugin}->template_fixup($self->{conf});
164 };
165 $self->protected_call($code);
166 }
167
168 sub setup_network {
169 my ($self) = @_;
170
171 return if !$self->{plugin}; # unmanaged
172
173 my $code = sub {
174 $self->{plugin}->setup_network($self->{conf});
175 };
176 $self->protected_call($code);
177 }
178
179 sub set_hostname {
180 my ($self) = @_;
181
182 return if !$self->{plugin}; # unmanaged
183
184 my $code = sub {
185 $self->{plugin}->set_hostname($self->{conf});
186 };
187 $self->protected_call($code);
188 }
189
190 sub set_dns {
191 my ($self) = @_;
192
193 return if !$self->{plugin}; # unmanaged
194
195 my $code = sub {
196 $self->{plugin}->set_dns($self->{conf});
197 };
198 $self->protected_call($code);
199 }
200
201 sub setup_init {
202 my ($self) = @_;
203
204 return if !$self->{plugin}; # unmanaged
205
206 my $code = sub {
207 $self->{plugin}->setup_init($self->{conf});
208 };
209 $self->protected_call($code);
210 }
211
212 sub set_user_password {
213 my ($self, $user, $pw) = @_;
214
215 return if !$self->{plugin}; # unmanaged
216
217 my $code = sub {
218 $self->{plugin}->set_user_password($self->{conf}, $user, $pw);
219 };
220 $self->protected_call($code);
221 }
222
223 sub rewrite_ssh_host_keys {
224 my ($self) = @_;
225
226 return if !$self->{plugin}; # unmanaged
227
228 my $conf = $self->{conf};
229 my $plugin = $self->{plugin};
230 my $rootdir = $self->{rootdir};
231
232 return if ! -d "$rootdir/etc/ssh";
233
234 my $keynames = {
235 rsa => 'ssh_host_rsa_key',
236 dsa => 'ssh_host_dsa_key',
237 ecdsa => 'ssh_host_ecdsa_key',
238 ed25519 => 'ssh_host_ed25519_key',
239 };
240
241 my $hostname = $conf->{hostname} || 'localhost';
242 $hostname =~ s/\..*$//;
243 my $ssh_comment = "root\@$hostname";
244
245 my $keygen_outfunc = sub {
246 my $line = shift;
247
248 print "done: $line\n"
249 if $line =~ m/^(?:[0-9a-f]{2}:)+[0-9a-f]{2}\s+\Q$ssh_comment\E$/i ||
250 $line =~ m/^SHA256:[0-9a-z+\/]{43}\s+\Q$ssh_comment\E$/i;
251 };
252
253 # Create temporary keys in /tmp on the host
254 my $keyfiles = {};
255 foreach my $keytype (keys %$keynames) {
256 my $basename = $keynames->{$keytype};
257 my $file = "/tmp/$$.$basename";
258 print "Creating SSH host key '$basename' - this may take some time ...\n";
259 my $cmd = ['ssh-keygen', '-f', $file, '-t', $keytype,
260 '-N', '', '-E', 'sha256', '-C', $ssh_comment];
261 PVE::Tools::run_command($cmd, outfunc => $keygen_outfunc);
262 $keyfiles->{"/etc/ssh/$basename"} = [PVE::Tools::file_get_contents($file), 0600];
263 $keyfiles->{"/etc/ssh/$basename.pub"} = [PVE::Tools::file_get_contents("$file.pub"), 0644];
264 unlink $file;
265 unlink "$file.pub";
266 }
267
268 # Write keys out in a protected call
269
270 my $code = sub {
271 foreach my $file (keys %$keyfiles) {
272 $plugin->ct_file_set_contents($file, @{$keyfiles->{$file}});
273 }
274 };
275 $self->protected_call($code);
276 }
277
278 sub pre_start_hook {
279 my ($self) = @_;
280
281 return if !$self->{plugin}; # unmanaged
282
283 my $code = sub {
284 # Create /fastboot to skip run fsck
285 $self->{plugin}->ct_file_set_contents('/fastboot', '');
286
287 $self->{plugin}->pre_start_hook($self->{conf});
288 };
289 $self->protected_call($code);
290 }
291
292 sub post_create_hook {
293 my ($self, $root_password, $ssh_keys) = @_;
294
295 return if !$self->{plugin}; # unmanaged
296
297 my $code = sub {
298 $self->{plugin}->post_create_hook($self->{conf}, $root_password, $ssh_keys);
299 };
300 $self->protected_call($code);
301 $self->rewrite_ssh_host_keys();
302 }
303
304 # os-release(5):
305 # (...) a newline-separated list of environment-like shell-compatible
306 # variable assignments. (...) beyond mere variable assignments, no shell
307 # features are supported (this means variable expansion is explicitly not
308 # supported) (...). Variable assignment values must be enclosed in double or
309 # single quotes *if* they include spaces, semicolons or other special
310 # characters outside of A-Z, a-z, 0-9. Shell special characters ("$", quotes,
311 # backslash, backtick) must be escaped with backslashes (...). All strings
312 # should be in UTF-8 format, and non-printable characters should not be used.
313 # It is not supported to concatenate multiple individually quoted strings.
314 # Lines beginning with "#" shall be ignored as comments.
315 my $parse_os_release = sub {
316 my ($data) = @_;
317 my $variables = {};
318 while (defined($data) && $data =~ /^(.+)$/gm) {
319 next if $1 !~ /^\s*([a-zA-Z_][a-zA-Z0-9_]*)=(.*)$/;
320 my ($var, $content) = ($1, $2);
321 chomp $content;
322
323 if ($content =~ /^'([^']*)'/) {
324 $variables->{$var} = $1;
325 } elsif ($content =~ /^"((?:[^"\\]|\\.)*)"/) {
326 my $s = $1;
327 $s =~ s/(\\["'`nt\$\\])/"\"$1\""/eeg;
328 $variables->{$var} = $s;
329 } elsif ($content =~ /^([A-Za-z0-9]*)/) {
330 $variables->{$var} = $1;
331 }
332 }
333 return $variables;
334 };
335
336 sub get_ct_os_release {
337 my ($self) = @_;
338
339 my $code = sub {
340 if (-f '/etc/os-release') {
341 return PVE::Tools::file_get_contents('/etc/os-release');
342 } elsif (-f '/usr/lib/os-release') {
343 return PVE::Tools::file_get_contents('/usr/lib/os-release');
344 }
345 return undef;
346 };
347
348 my $data = $self->protected_call($code);
349
350 return &$parse_os_release($data);
351 }
352
353 1;
PVE Container Toolkit