]> git.proxmox.com Git - pve-container.git/blob - src/PVE/LXC/Setup.pm
projects / pve-container.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
use /etc/os-release
[pve-container.git] / src / PVE / LXC / Setup.pm
1 package PVE::LXC::Setup;
2
3 use strict;
4 use warnings;
5 use POSIX;
6 use PVE::Tools;
7
8 use PVE::LXC::Setup::Debian;
9 use PVE::LXC::Setup::Ubuntu;
10 use PVE::LXC::Setup::CentOS;
11 use PVE::LXC::Setup::Fedora;
12 use PVE::LXC::Setup::SUSE;
13 use PVE::LXC::Setup::ArchLinux;
14 use PVE::LXC::Setup::Alpine;
15 use PVE::LXC::Setup::Gentoo;
16
17 my $plugins = {
18 debian => 'PVE::LXC::Setup::Debian',
19 ubuntu => 'PVE::LXC::Setup::Ubuntu',
20 centos => 'PVE::LXC::Setup::CentOS',
21 fedora => 'PVE::LXC::Setup::Fedora',
22 opensuse => 'PVE::LXC::Setup::SUSE',
23 archlinux => 'PVE::LXC::Setup::ArchLinux',
24 arch => 'PVE::LXC::Setup::ArchLinux',
25 alpine => 'PVE::LXC::Setup::Alpine',
26 gentoo => 'PVE::LXC::Setup::Gentoo',
27 };
28
29 my $autodetect_type = sub {
30 my ($self, $rootdir, $os_release) = @_;
31
32 if (my $id = $os_release->{ID}) {
33 return $id if $id =~ /^(?:alpine|arch|centos|debian|fedora|gentoo|opensuse|ubuntu)$/;
34 }
35
36 # fallback compatibility checks
37
38 my $lsb_fn = "$rootdir/etc/lsb-release";
39 if (-f $lsb_fn) {
40 my $data = PVE::Tools::file_get_contents($lsb_fn);
41 if ($data =~ m/^DISTRIB_ID=Ubuntu$/im) {
42 return 'ubuntu';
43 }
44 }
45
46 if (-f "$rootdir/etc/debian_version") {
47 return "debian";
48 } elsif (-f "$rootdir/etc/SuSE-brand" || -f "$rootdir/etc/SuSE-release") {
49 return "opensuse";
50 } elsif (-f "$rootdir/etc/fedora-release") {
51 return "fedora";
52 } elsif (-f "$rootdir/etc/centos-release" || -f "$rootdir/etc/redhat-release") {
53 return "centos";
54 } elsif (-f "$rootdir/etc/arch-release") {
55 return "archlinux";
56 } elsif (-f "$rootdir/etc/alpine-release") {
57 return "alpine";
58 } elsif (-f "$rootdir/etc/gentoo-release") {
59 return "gentoo";
60 }
61 die "unable to detect OS distribution\n";
62 };
63
64 sub new {
65 my ($class, $conf, $rootdir, $type) = @_;
66
67 die "no root directory\n" if !$rootdir || $rootdir eq '/';
68
69 my $self = bless { conf => $conf, rootdir => $rootdir};
70
71 my $os_release = $self->get_ct_os_release();
72
73 if ($conf->{ostype} && $conf->{ostype} eq 'unmanaged') {
74 return $self;
75 } elsif (!defined($type)) {
76 # try to autodetect type
77 $type = &$autodetect_type($self, $rootdir, $os_release);
78 my $expected_type = $conf->{ostype} || $type;
79
80 die "got unexpected ostype ($type != $expected_type)\n"
81 if $type ne $expected_type;
82 }
83
84 my $plugin_class = $plugins->{$type} ||
85 "no such OS type '$type'\n";
86
87 my $plugin = $plugin_class->new($conf, $rootdir, $os_release);
88 $self->{plugin} = $plugin;
89 $self->{in_chroot} = 0;
90
91 # Cache some host files we need access to:
92 $plugin->{host_resolv_conf} = PVE::INotify::read_file('resolvconf');
93
94 # pass on user namespace information:
95 my ($id_map, $rootuid, $rootgid) = PVE::LXC::parse_id_maps($conf);
96 if (@$id_map) {
97 $plugin->{id_map} = $id_map;
98 $plugin->{rootuid} = $rootuid;
99 $plugin->{rootgid} = $rootgid;
100 }
101
102 return $self;
103 }
104
105 # Forks into a chroot and executes $sub
106 sub protected_call {
107 my ($self, $sub) = @_;
108
109 # avoid recursion:
110 return $sub->() if $self->{in_chroot};
111
112 my $rootdir = $self->{rootdir};
113 if (!-d "$rootdir/dev" && !mkdir("$rootdir/dev")) {
114 die "failed to create temporary /dev directory: $!\n";
115 }
116
117 pipe(my $res_in, my $res_out) or die "pipe failed: $!\n";
118
119 my $child = fork();
120 die "fork failed: $!\n" if !defined($child);
121
122 if (!$child) {
123 close($res_in);
124 # avoid recursive forks
125 $self->{in_chroot} = 1;
126 eval {
127 chroot($rootdir) or die "failed to change root to: $rootdir: $!\n";
128 chdir('/') or die "failed to change to root directory\n";
129 my $res = $sub->();
130 if (defined($res)) {
131 print {$res_out} "$res";
132 $res_out->flush();
133 }
134 };
135 if (my $err = $@) {
136 warn $err;
137 POSIX::_exit(1);
138 }
139 POSIX::_exit(0);
140 }
141 close($res_out);
142 my $result = do { local $/ = undef; <$res_in> };
143 while (waitpid($child, 0) != $child) {}
144 if ($? != 0) {
145 my $method = (caller(1))[3];
146 die "error in setup task $method\n";
147 }
148 return $result;
149 }
150
151 sub template_fixup {
152 my ($self) = @_;
153
154 return if !$self->{plugin}; # unmanaged
155
156 my $code = sub {
157 $self->{plugin}->template_fixup($self->{conf});
158 };
159 $self->protected_call($code);
160 }
161
162 sub setup_network {
163 my ($self) = @_;
164
165 return if !$self->{plugin}; # unmanaged
166
167 my $code = sub {
168 $self->{plugin}->setup_network($self->{conf});
169 };
170 $self->protected_call($code);
171 }
172
173 sub set_hostname {
174 my ($self) = @_;
175
176 return if !$self->{plugin}; # unmanaged
177
178 my $code = sub {
179 $self->{plugin}->set_hostname($self->{conf});
180 };
181 $self->protected_call($code);
182 }
183
184 sub set_dns {
185 my ($self) = @_;
186
187 return if !$self->{plugin}; # unmanaged
188
189 my $code = sub {
190 $self->{plugin}->set_dns($self->{conf});
191 };
192 $self->protected_call($code);
193 }
194
195 sub setup_init {
196 my ($self) = @_;
197
198 return if !$self->{plugin}; # unmanaged
199
200 my $code = sub {
201 $self->{plugin}->setup_init($self->{conf});
202 };
203 $self->protected_call($code);
204 }
205
206 sub set_user_password {
207 my ($self, $user, $pw) = @_;
208
209 return if !$self->{plugin}; # unmanaged
210
211 my $code = sub {
212 $self->{plugin}->set_user_password($self->{conf}, $user, $pw);
213 };
214 $self->protected_call($code);
215 }
216
217 sub rewrite_ssh_host_keys {
218 my ($self) = @_;
219
220 return if !$self->{plugin}; # unmanaged
221
222 my $conf = $self->{conf};
223 my $plugin = $self->{plugin};
224 my $rootdir = $self->{rootdir};
225
226 return if ! -d "$rootdir/etc/ssh";
227
228 my $keynames = {
229 rsa => 'ssh_host_rsa_key',
230 dsa => 'ssh_host_dsa_key',
231 ecdsa => 'ssh_host_ecdsa_key',
232 ed25519 => 'ssh_host_ed25519_key',
233 };
234
235 my $hostname = $conf->{hostname} || 'localhost';
236 $hostname =~ s/\..*$//;
237 my $ssh_comment = "root\@$hostname";
238
239 my $keygen_outfunc = sub {
240 my $line = shift;
241
242 print "done: $line\n"
243 if $line =~ m/^(?:[0-9a-f]{2}:)+[0-9a-f]{2}\s+\Q$ssh_comment\E$/i ||
244 $line =~ m/^SHA256:[0-9a-z+\/]{43}\s+\Q$ssh_comment\E$/i;
245 };
246
247 # Create temporary keys in /tmp on the host
248 my $keyfiles = {};
249 foreach my $keytype (keys %$keynames) {
250 my $basename = $keynames->{$keytype};
251 my $file = "/tmp/$$.$basename";
252 print "Creating SSH host key '$basename' - this may take some time ...\n";
253 my $cmd = ['ssh-keygen', '-f', $file, '-t', $keytype,
254 '-N', '', '-E', 'sha256', '-C', $ssh_comment];
255 PVE::Tools::run_command($cmd, outfunc => $keygen_outfunc);
256 $keyfiles->{"/etc/ssh/$basename"} = [PVE::Tools::file_get_contents($file), 0600];
257 $keyfiles->{"/etc/ssh/$basename.pub"} = [PVE::Tools::file_get_contents("$file.pub"), 0644];
258 unlink $file;
259 unlink "$file.pub";
260 }
261
262 # Write keys out in a protected call
263
264 my $code = sub {
265 foreach my $file (keys %$keyfiles) {
266 $plugin->ct_file_set_contents($file, @{$keyfiles->{$file}});
267 }
268 };
269 $self->protected_call($code);
270 }
271
272 sub pre_start_hook {
273 my ($self) = @_;
274
275 return if !$self->{plugin}; # unmanaged
276
277 my $code = sub {
278 # Create /fastboot to skip run fsck
279 $self->{plugin}->ct_file_set_contents('/fastboot', '');
280
281 $self->{plugin}->pre_start_hook($self->{conf});
282 };
283 $self->protected_call($code);
284 }
285
286 sub post_create_hook {
287 my ($self, $root_password, $ssh_keys) = @_;
288
289 return if !$self->{plugin}; # unmanaged
290
291 my $code = sub {
292 $self->{plugin}->post_create_hook($self->{conf}, $root_password, $ssh_keys);
293 };
294 $self->protected_call($code);
295 $self->rewrite_ssh_host_keys();
296 }
297
298 # os-release(5):
299 # (...) a newline-separated list of environment-like shell-compatible
300 # variable assignments. (...) beyond mere variable assignments, no shell
301 # features are supported (this means variable expansion is explicitly not
302 # supported) (...). Variable assignment values must be enclosed in double or
303 # single quotes *if* they include spaces, semicolons or other special
304 # characters outside of A-Z, a-z, 0-9. Shell special characters ("$", quotes,
305 # backslash, backtick) must be escaped with backslashes (...). All strings
306 # should be in UTF-8 format, and non-printable characters should not be used.
307 # It is not supported to concatenate multiple individually quoted strings.
308 # Lines beginning with "#" shall be ignored as comments.
309 my $parse_os_release = sub {
310 my ($data) = @_;
311 my $variables = {};
312 while (defined($data) && $data =~ /^(.+)$/gm) {
313 next if $1 !~ /^\s*([a-zA-Z_][a-zA-Z0-9_]*)=(.*)$/;
314 my ($var, $content) = ($1, $2);
315 chomp $content;
316
317 if ($content =~ /^'([^']*)'/) {
318 $variables->{$var} = $1;
319 } elsif ($content =~ /^"((?:[^"\\]|\\.)*)"/) {
320 my $s = $1;
321 $s =~ s/(\\["'`nt\$\\])/"\"$1\""/eeg;
322 $variables->{$var} = $s;
323 } elsif ($content =~ /^([A-Za-z0-9]*)/) {
324 $variables->{$var} = $1;
325 }
326 }
327 return $variables;
328 };
329
330 sub get_ct_os_release {
331 my ($self) = @_;
332
333 my $code = sub {
334 if (-f '/etc/os-release') {
335 return PVE::Tools::file_get_contents('/etc/os-release');
336 } elsif (-f '/usr/lib/os-release') {
337 return PVE::Tools::file_get_contents('/usr/lib/os-release');
338 }
339 return undef;
340 };
341
342 my $data = $self->protected_call($code);
343
344 return &$parse_os_release($data);
345 }
346
347 1;
PVE Container Toolkit