diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | configure.ac | 1 | ||||
| -rw-r--r-- | templates/Makefile.am | 1 | ||||
| -rw-r--r-- | templates/lxc-altlinux.in | 380 |
4 files changed, 383 insertions, 0 deletions
@@ -30,6 +30,7 @@ templates/lxc-maverick templates/lxc-natty templates/lxc-oneiric templates/lxc-fedora +templates/lxc-altlinux templates/lxc-sshd templates/lxc-busybox diff --git a/configure.ac b/configure.ac index 7a96d64..56c5f98 100644 --- a/configure.ac +++ b/configure.ac @@ -143,6 +143,7 @@ AC_CONFIG_FILES([ templates/lxc-opensuse templates/lxc-busybox templates/lxc-fedora + templates/lxc-altlinux templates/lxc-sshd src/Makefile diff --git a/templates/Makefile.am b/templates/Makefile.am index 658fb2f..046ad91 100644 --- a/templates/Makefile.am +++ b/templates/Makefile.am @@ -6,5 +6,6 @@ templates_SCRIPTS = \ lxc-ubuntu \ lxc-opensuse \ lxc-fedora \ + lxc-altlinux \ lxc-busybox \ lxc-sshd diff --git a/templates/lxc-altlinux.in b/templates/lxc-altlinux.in new file mode 100644 index 0000000..a64367f --- /dev/null +++ b/templates/lxc-altlinux.in @@ -0,0 +1,380 @@ +#!/bin/bash + +# +# template script for generating altlinux container for LXC +# + +# +# lxc: linux Container library + +# Authors: +# Alexey Shabalin <shaba@altlinux.org> + +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. + +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of + # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. + +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +#Configurations +arch=$(arch) +cache_base=/var/cache/lxc/altlinux/$arch +default_path=/var/lib/lxc +default_profile=default +profile_dir=/etc/lxc/profiles +root_password=rooter +lxc_network_type=veth +lxc_network_link=virbr0 + +# is this altlinux? +[ -f /etc/altlinux-release ] && is_altlinux=true + +configure_altlinux() +{ + + # disable selinux in altlinux + mkdir -p $rootfs_path/selinux + echo 0 > $rootfs_path/selinux/enforce + + # configure the network using the dhcp + mkdir -p ${rootfs_path}/etc/net/ifaces/eth0 + cat <<EOF > ${rootfs_path}/etc/net/ifaces/eth0/options +BOOTPROTO=dhcp +ONBOOT=yes +NM_CONTROLLED=no +TYPE=eth +EOF + + # set the hostname + cat <<EOF > ${rootfs_path}/etc/sysconfig/network +NETWORKING=yes +CONFMETHOD=etcnet +HOSTNAME=${UTSNAME} +RESOLV_MODS=yes +EOF + + # set minimal hosts + cat <<EOF > $rootfs_path/etc/hosts +127.0.0.1 localhost.localdomain localhost $name +EOF + # Allow to login at virsh console. loginuid.so doen't work in the absence of auditd. + sed -i 's/^.*loginuid.so.*$/\#&/' ${rootfs_path}/etc/pam.d/common-login + + # Allow root to login at virsh console + echo "pts/0" >> ${rootfs_path}/etc/securetty + + chroot ${rootfs_path} chkconfig network on + chroot ${rootfs_path} chkconfig syslogd on + chroot ${rootfs_path} chkconfig random on + chroot ${rootfs_path} chkconfig rawdevices off + chroot ${rootfs_path} chkconfig fbsetfont off +# chroot ${rootfs_path} chkconfig keytable off + + subst 's/^\([0-9]\+:[0-9]\+:respawn:\/sbin\/mingetty.*\)/#\1/' ${rootfs_path}/etc/inittab + subst 's,\/dev\/tty12,/var/log/syslog/console,' ${rootfs_path}/etc/syslog.conf + + dev_path="${rootfs_path}/dev" + rm -rf $dev_path + mkdir -p $dev_path + mknod -m 666 ${dev_path}/null c 1 3 + mknod -m 666 ${dev_path}/zero c 1 5 + mknod -m 644 ${dev_path}/random c 1 8 + mknod -m 644 ${dev_path}/urandom c 1 9 + mkdir -m 755 ${dev_path}/pts + mkdir -m 1777 ${dev_path}/shm + mknod -m 666 ${dev_path}/tty c 5 0 + mknod -m 666 ${dev_path}/tty0 c 4 0 + mknod -m 666 ${dev_path}/tty1 c 4 1 + mknod -m 666 ${dev_path}/tty2 c 4 2 + mknod -m 666 ${dev_path}/tty3 c 4 3 + mknod -m 666 ${dev_path}/tty4 c 4 4 + mknod -m 600 ${dev_path}/console c 5 1 + mknod -m 666 ${dev_path}/full c 1 7 + mknod -m 600 ${dev_path}/initctl p + mknod -m 666 ${dev_path}/ptmx c 5 2 + + echo "setting root passwd to $root_password" + echo "root:$root_password" | chroot $rootfs_path chpasswd + + return 0 +} + +download_altlinux() +{ + + # check the mini altlinux was not already downloaded + INSTALL_ROOT=$cache/partial + mkdir -p $INSTALL_ROOT + if [ $? -ne 0 ]; then + echo "Failed to create '$INSTALL_ROOT' directory" + return 1 + fi + + # download a mini altlinux into a cache + echo "Downloading altlinux minimal ..." + APT_GET="apt-get -o RPM::RootDir=$INSTALL_ROOT -y" + PKG_LIST="$(grep -hs '^[^#]' "$profile_dir/$profile")" +# PKG_LIST="basesystem apt apt-conf-sisyphus etcnet openssh-server passwd sysklogd net-tools e2fsprogs" + + mkdir -p $INSTALL_ROOT/var/lib/rpm + rpm --root $INSTALL_ROOT --initdb + $APT_GET install $PKG_LIST + + if [ $? -ne 0 ]; then + echo "Failed to download the rootfs, aborting." + return 1 + fi + + mv "$INSTALL_ROOT" "$cache/rootfs" + echo "Download complete." + + return 0 +} + +copy_altlinux() +{ + + # make a local copy of the minialtlinux + echo -n "Copying rootfs to $rootfs_path ..." + #cp -a $cache/rootfs-$arch $rootfs_path || return 1 + # i prefer rsync (no reason really) + mkdir -p $rootfs_path + rsync -a $cache/rootfs/ $rootfs_path/ + return 0 +} + +update_altlinux() +{ + chroot $cache/rootfs apt-get update + chroot $cache/rootfs apt-get -y dist-upgrade +} + +install_altlinux() +{ + mkdir -p /var/lock/subsys/ + ( + flock -n -x 200 + if [ $? -ne 0 ]; then + echo "Cache repository is busy." + return 1 + fi + + echo "Checking cache download in $cache/rootfs ... " + if [ ! -e "$cache/rootfs" ]; then + download_altlinux + if [ $? -ne 0 ]; then + echo "Failed to download 'altlinux base'" + return 1 + fi + else + echo "Cache found. Updating..." + update_altlinux + if [ $? -ne 0 ]; then + echo "Failed to update 'altlinux base', continuing with last known good cache" + else + echo "Update finished" + fi + fi + + echo "Copy $cache/rootfs to $rootfs_path ... " + copy_altlinux + if [ $? -ne 0 ]; then + echo "Failed to copy rootfs" + return 1 + fi + + return 0 + + ) 200>/var/lock/subsys/lxc + + return $? +} + +copy_configuration() +{ + + mkdir -p $config_path + cat <<EOF >> $config_path/config +lxc.utsname = $name +lxc.tty = 4 +lxc.pts = 1024 +lxc.rootfs = $rootfs_path +lxc.mount = $config_path/fstab +#networking +lxc.network.type = $lxc_network_type +lxc.network.flags = up +lxc.network.link = $lxc_network_link +lxc.network.name = eth0 +lxc.network.mtu = 1500 +#cgroups +lxc.cgroup.devices.deny = a +# /dev/null and zero +lxc.cgroup.devices.allow = c 1:3 rwm +lxc.cgroup.devices.allow = c 1:5 rwm +# consoles +lxc.cgroup.devices.allow = c 5:1 rwm +lxc.cgroup.devices.allow = c 5:0 rwm +lxc.cgroup.devices.allow = c 4:0 rwm +lxc.cgroup.devices.allow = c 4:1 rwm +# /dev/{,u}random +lxc.cgroup.devices.allow = c 1:9 rwm +lxc.cgroup.devices.allow = c 1:8 rwm +lxc.cgroup.devices.allow = c 136:* rwm +lxc.cgroup.devices.allow = c 5:2 rwm +# rtc +lxc.cgroup.devices.allow = c 254:0 rwm +EOF + + cat <<EOF > $config_path/fstab +proc $rootfs_path/proc proc nodev,noexec,nosuid 0 0 +devpts $rootfs_path/dev/pts devpts defaults 0 0 +sysfs $rootfs_path/sys sysfs defaults 0 0 +EOF + + if [ $? -ne 0 ]; then + echo "Failed to add configuration" + return 1 + fi + + return 0 +} + +clean() +{ + + if [ ! -e $cache ]; then + exit 0 + fi + + # lock, so we won't purge while someone is creating a repository + ( + flock -n -x 200 + if [ $? != 0 ]; then + echo "Cache repository is busy." + exit 1 + fi + + echo -n "Purging the download cache for ALTLinux-$release..." + rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1 + exit 0 + + ) 200>/var/lock/subsys/lxc +} + +usage() +{ + cat <<EOF +usage: + $1 -n|--name=<container_name> + [-p|--path=<path>] [-c|--clean] [-R|--release=<ALTLinux_release>] + [-P|--profile=<name of the profile>] + [-A|--arch=<arch of the container>] + [-h|--help] +Mandatory args: + -n,--name container name, used to as an identifier for that container from now on +Optional args: + -p,--path path to where the container rootfs will be created, defaults to /var/lib/lxc. The container config will go under /var/lib/lxc in and case + -c,--clean clean the cache + -R,--release ALTLinux release for the new container. if the host is ALTLinux, then it will defaultto the host's release. + -P,--profile Profile name is the file name in /etc/lxc/profiles contained packages name for install to cache. + -A,--arch NOT USED YET. Define what arch the container will be [i686,x86_64] + -h,--help print this help +EOF + return 0 +} + +options=$(getopt -o hp:n:P:cR: -l help,path:,name:,profile:,clean,release: -- "$@") +if [ $? -ne 0 ]; then + usage $(basename $0) + exit 1 +fi +eval set -- "$options" + +while true +do + case "$1" in + -h|--help) usage $0 && exit 0;; + -p|--path) path=$2; shift 2;; + -n|--name) name=$2; shift 2;; + -P|--profile) profile=$2; shift 2;; + -c|--clean) clean=$2; shift 2;; + -R|--release) release=$2; shift 2;; + --) shift 1; break ;; + *) break ;; + esac +done + +if [ ! -z "$clean" -a -z "$path" ]; then + clean || exit 1 + exit 0 +fi + +type apt-get >/dev/null 2>&1 +if [ $? -ne 0 ]; then + echo "'apt-get' command is missing" + exit 1 +fi + +if [ -z "$path" ]; then + path=$default_path +fi + +if [ -z "$profile" ]; then + profile=$default_profile +fi + +if [ -z "$release" ]; then + if [ "$is_altlinux" ]; then + release=$(cat /etc/altlinux-release |awk '/^ALT/ {print $3}') + else + echo "This is not a ALTLinux host and release missing, use -R|--release to specify release" + exit 1 + fi +fi + +if [ "$(id -u)" != "0" ]; then + echo "This script should be run as 'root'" + exit 1 +fi + +rootfs_path=$path/$name/rootfs +config_path=$default_path/$name +cache=$cache_base/$release/$profile + +if [ -f $config_path/config ]; then + echo "A container with that name exists, chose a different name" + exit 1 +fi + +install_altlinux +if [ $? -ne 0 ]; then + echo "failed to install altlinux" + exit 1 +fi + +configure_altlinux +if [ $? -ne 0 ]; then + echo "failed to configure altlinux for a container" + exit 1 +fi + +copy_configuration +if [ $? -ne 0 ]; then + echo "failed write configuration file" + exit 1 +fi + +if [ ! -z $clean ]; then + clean || exit 1 + exit 0 +fi +echo "container rootfs and config created" +echo "container is configured for lxc.network.type=veth and lxc.network.link=virbr0 (which is default if you have libvirt runnig)" |