Annotation of /recepies/lxc/lxc-debian

#!/bin/bash

#
# lxc: linux Container library

apt-get install debootstrap

# Authors:
# Daniel Lezcano <daniel.lezcano@free.fr>

# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.

# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# Lesser General Public License for more details.

# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

configure_debian()
{
    rootfs=$1
    hostname=$2

    # configure the inittab
    cat <<EOF > $rootfs/etc/inittab
id:3:initdefault:
si::sysinit:/etc/init.d/rcS
l0:0:wait:/etc/init.d/rc 0
l1:1:wait:/etc/init.d/rc 1
l2:2:wait:/etc/init.d/rc 2
l3:3:wait:/etc/init.d/rc 3
l4:4:wait:/etc/init.d/rc 4
l5:5:wait:/etc/init.d/rc 5
l6:6:wait:/etc/init.d/rc 6
# Normally not reached, but fallthrough in case of emergency.
z6:6:respawn:/sbin/sulogin
1:2345:respawn:/sbin/getty 38400 console
c1:12345:respawn:/sbin/getty 38400 tty1 linux
c2:12345:respawn:/sbin/getty 38400 tty2 linux
c3:12345:respawn:/sbin/getty 38400 tty3 linux
c4:12345:respawn:/sbin/getty 38400 tty4 linux
EOF

    # disable selinux in debian
    mkdir -p $rootfs/selinux
    echo 0 > $rootfs/selinux/enforce

    # by default setup root password with no password
    cat <<EOF > $rootfs/etc/ssh/sshd_config
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords yes
ChallengeResponseAuthentication no
EOF

    # configure the network using the dhcp
    cat <<EOF > $rootfs/etc/network/interfaces
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp
EOF

    # set the hostname
    cat <<EOF > $rootfs/etc/hostname
$hostname
EOF

    # reconfigure some services
    chroot $rootfs /usr/sbin/dpkg-reconfigure locales

    # remove pointless services in a container
    chroot $rootfs /usr/sbin/update-rc.d -f umountfs remove
    chroot $rootfs /usr/sbin/update-rc.d -f hwclock.sh remove
    chroot $rootfs /usr/sbin/update-rc.d -f hwclockfirst.sh remove
}

arch=$(arch)

download_debian()
{
    packages=\
ifupdown,\
locales,\
libui-dialog-perl,\
dialog,\
dhcp-client,\
netbase,\
net-tools,\
iproute,\
openssh-server

    cache=$1

    # check the mini debian was not already downloaded
    mkdir -p "$cache/partial-$arch"
    if [ $? -ne 0 ]; then
        echo "Failed to create '$cache/partial-$arch' directory"
        return 1
    fi

    # download a mini debian into a cache
    echo "Downloading debian minimal ..."
    debootstrap --verbose --variant=minbase --arch=$arch \
        --include $packages \
        lenny $cache/partial-$arch http://ftp.debian.org/debian
    if [ $? -ne 0 ]; then
        echo "Failed to download the rootfs, aborting."
        return 1
    fi

    mv "$1/partial-$arch" "$1/rootfs-$arch"
    echo "Download complete."

    return 0
}

copy_debian()
{
    cache=$1
    rootfs=$3

    # make a local copy of the minidebian
    echo -n "Copying rootfs to $rootfs..."
    cp -a $cache/rootfs-$arch $rootfs || return 1
    return 0
}

install_debian()
{
    cache="/var/cache/lxc/debian"
    rootfs=$1
    mkdir -p /var/lock/subsys/
    (
        flock -n -x 200
        if [ $? -ne 0 ]; then
            echo "Cache repository is busy."
            return 1
        fi

        if [ "$arch" == "x86_64" ]; then
            arch=amd64
        fi

        if [ "$arch" == "i686" ]; then
            arch=i386
        fi

        echo "Checking cache download in $cache/rootfs-$arch ... "
        if [ ! -e "$cache/rootfs-$arch" ]; then
            download_debian $cache $arch
            if [ $? -ne 0 ]; then
                echo "Failed to download 'debian base'"
                return 1
            fi
        fi

        copy_debian $cache $arch $rootfs
        if [ $? -ne 0 ]; then
            echo "Failed to copy rootfs"
            return 1
        fi

        return 0

        ) 200>/var/lock/subsys/lxc

    return $?
}

copy_configuration()
{
    path=$1
    rootfs=$2
    name=$3

    cat <<EOF >> $path/config
lxc.tty = 4
lxc.pts = 1024
lxc.rootfs = $rootfs
lxc.cgroup.devices.deny = a
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rwm
EOF

    if [ $? -ne 0 ]; then
        echo "Failed to add configuration"
        return 1
    fi

    return 0
}

clean()
{
    cache="/var/cache/lxc/debian"

    if [ ! -e $cache ]; then
        exit 0
    fi

    # lock, so we won't purge while someone is creating a repository
    (
        flock -n -x 200 
        if [ $? != 0 ]; then
            echo "Cache repository is busy."
            exit 1
        fi

        echo -n "Purging the download cache..."
        rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1
        exit 0

    ) 200>/var/lock/subsys/lxc
}

usage()
{
    cat <<EOF
$1 -h|--help -p|--path=<path> -a|--arch=stable --clean
EOF
    return 0
}

options=$(getopt -o hp:n:ca: -l help,path:,name:,clean,arch: -- "$@")
if [ $? -ne 0 ]; then
        usage $(basename $0)
        exit 1
fi
eval set -- "$options"

while true
do
    case "$1" in
        -h|--help)      usage $0 && exit 0;;
        -p|--path)      path=$2; shift 2;;
                -n|--name)      name=$2; shift 2;;
                -c|--clean)     clean=$2; shift 2;;
                -a|--arch)              arch=$2; shift 2;;
        --)             shift 1; break ;;
        *)              break ;;
    esac
done

if [ ! -z "$clean" -a -z "$path" ]; then
    clean || exit 1
    exit 0
fi

type debootstrap
if [ $? -ne 0 ]; then
    echo "'debootstrap' command is missing"
    exit 1
fi

if [ -z "$path" ]; then
    echo "'path' parameter is required"
    exit 1
fi

if [ "$(id -u)" != "0" ]; then
    echo "This script should be run as 'root'"
    exit 1
fi 

rootfs=$path/rootfs

install_debian $rootfs
if [ $? -ne 0 ]; then
    echo "failed to install debian"
    exit 1
fi

configure_debian $rootfs $name
if [ $? -ne 0 ]; then
    echo "failed to configure debian for a container"
    exit 1
fi

copy_configuration $path $rootfs
if [ $? -ne 0 ]; then
    echo "failed write configuration file"
    exit 1
fi

if [ ! -z $clean ]; then
    clean || exit 1
    exit 0
fi
1	dpavlin	174	#!/bin/bash
2
3			#
4			# lxc: linux Container library
5
6	dpavlin	246	apt-get install debootstrap
7
8	dpavlin	174	# Authors:
9			# Daniel Lezcano <daniel.lezcano@free.fr>
10
11			# This library is free software; you can redistribute it and/or
12			# modify it under the terms of the GNU Lesser General Public
13			# License as published by the Free Software Foundation; either
14			# version 2.1 of the License, or (at your option) any later version.
15
16			# This library is distributed in the hope that it will be useful,
17			# but WITHOUT ANY WARRANTY; without even the implied warranty of
18			# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19			# Lesser General Public License for more details.
20
21			# You should have received a copy of the GNU Lesser General Public
22			# License along with this library; if not, write to the Free Software
23			# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
24
25			configure_debian()
26			{
27			rootfs=$1
28			hostname=$2
29
30			# configure the inittab
31			cat <<EOF > $rootfs/etc/inittab
32			id:3:initdefault:
33			si::sysinit:/etc/init.d/rcS
34			l0:0:wait:/etc/init.d/rc 0
35			l1:1:wait:/etc/init.d/rc 1
36			l2:2:wait:/etc/init.d/rc 2
37			l3:3:wait:/etc/init.d/rc 3
38			l4:4:wait:/etc/init.d/rc 4
39			l5:5:wait:/etc/init.d/rc 5
40			l6:6:wait:/etc/init.d/rc 6
41			# Normally not reached, but fallthrough in case of emergency.
42			z6:6:respawn:/sbin/sulogin
43			1:2345:respawn:/sbin/getty 38400 console
44			c1:12345:respawn:/sbin/getty 38400 tty1 linux
45			c2:12345:respawn:/sbin/getty 38400 tty2 linux
46			c3:12345:respawn:/sbin/getty 38400 tty3 linux
47			c4:12345:respawn:/sbin/getty 38400 tty4 linux
48			EOF
49
50			# disable selinux in debian
51			mkdir -p $rootfs/selinux
52			echo 0 > $rootfs/selinux/enforce
53
54			# by default setup root password with no password
55			cat <<EOF > $rootfs/etc/ssh/sshd_config
56			Port 22
57			Protocol 2
58			HostKey /etc/ssh/ssh_host_rsa_key
59			HostKey /etc/ssh/ssh_host_dsa_key
60			UsePrivilegeSeparation yes
61			KeyRegenerationInterval 3600
62			ServerKeyBits 768
63			SyslogFacility AUTH
64			LogLevel INFO
65			LoginGraceTime 120
66			PermitRootLogin yes
67			StrictModes yes
68			RSAAuthentication yes
69			PubkeyAuthentication yes
70			IgnoreRhosts yes
71			RhostsRSAAuthentication no
72			HostbasedAuthentication no
73			PermitEmptyPasswords yes
74			ChallengeResponseAuthentication no
75			EOF
76
77			# configure the network using the dhcp
78			cat <<EOF > $rootfs/etc/network/interfaces
79			auto lo
80			iface lo inet loopback
81
82			auto eth0
83			iface eth0 inet dhcp
84			EOF
85
86			# set the hostname
87			cat <<EOF > $rootfs/etc/hostname
88			$hostname
89			EOF
90
91			# reconfigure some services
92			chroot $rootfs /usr/sbin/dpkg-reconfigure locales
93
94			# remove pointless services in a container
95			chroot $rootfs /usr/sbin/update-rc.d -f umountfs remove
96			chroot $rootfs /usr/sbin/update-rc.d -f hwclock.sh remove
97			chroot $rootfs /usr/sbin/update-rc.d -f hwclockfirst.sh remove
98			}
99
100	dpavlin	176	arch=$(arch)
101
102	dpavlin	174	download_debian()
103			{
104			packages=\
105			ifupdown,\
106			locales,\
107			libui-dialog-perl,\
108			dialog,\
109			dhcp-client,\
110			netbase,\
111			net-tools,\
112			iproute,\
113			openssh-server
114
115			cache=$1
116
117			# check the mini debian was not already downloaded
118			mkdir -p "$cache/partial-$arch"
119			if [ $? -ne 0 ]; then
120			echo "Failed to create '$cache/partial-$arch' directory"
121			return 1
122			fi
123
124			# download a mini debian into a cache
125			echo "Downloading debian minimal ..."
126			debootstrap --verbose --variant=minbase --arch=$arch \
127			--include $packages \
128			lenny $cache/partial-$arch http://ftp.debian.org/debian
129			if [ $? -ne 0 ]; then
130			echo "Failed to download the rootfs, aborting."
131			return 1
132			fi
133
134			mv "$1/partial-$arch" "$1/rootfs-$arch"
135			echo "Download complete."
136
137			return 0
138			}
139
140			copy_debian()
141			{
142			cache=$1
143			rootfs=$3
144
145			# make a local copy of the minidebian
146			echo -n "Copying rootfs to $rootfs..."
147			cp -a $cache/rootfs-$arch $rootfs \|\| return 1
148			return 0
149			}
150
151			install_debian()
152			{
153			cache="/var/cache/lxc/debian"
154			rootfs=$1
155			mkdir -p /var/lock/subsys/
156			(
157			flock -n -x 200
158			if [ $? -ne 0 ]; then
159			echo "Cache repository is busy."
160			return 1
161			fi
162
163			if [ "$arch" == "x86_64" ]; then
164			arch=amd64
165			fi
166
167			if [ "$arch" == "i686" ]; then
168			arch=i386
169			fi
170
171			echo "Checking cache download in $cache/rootfs-$arch ... "
172			if [ ! -e "$cache/rootfs-$arch" ]; then
173			download_debian $cache $arch
174			if [ $? -ne 0 ]; then
175			echo "Failed to download 'debian base'"
176			return 1
177			fi
178			fi
179
180			copy_debian $cache $arch $rootfs
181			if [ $? -ne 0 ]; then
182			echo "Failed to copy rootfs"
183			return 1
184			fi
185
186			return 0
187
188			) 200>/var/lock/subsys/lxc
189
190			return $?
191			}
192
193			copy_configuration()
194			{
195			path=$1
196			rootfs=$2
197			name=$3
198
199			cat <<EOF >> $path/config
200			lxc.tty = 4
201			lxc.pts = 1024
202			lxc.rootfs = $rootfs
203			lxc.cgroup.devices.deny = a
204			# /dev/null and zero
205			lxc.cgroup.devices.allow = c 1:3 rwm
206			lxc.cgroup.devices.allow = c 1:5 rwm
207			# consoles
208			lxc.cgroup.devices.allow = c 5:1 rwm
209			lxc.cgroup.devices.allow = c 5:0 rwm
210			lxc.cgroup.devices.allow = c 4:0 rwm
211			lxc.cgroup.devices.allow = c 4:1 rwm
212			# /dev/{,u}random
213			lxc.cgroup.devices.allow = c 1:9 rwm
214			lxc.cgroup.devices.allow = c 1:8 rwm
215			lxc.cgroup.devices.allow = c 136:* rwm
216			lxc.cgroup.devices.allow = c 5:2 rwm
217			# rtc
218			lxc.cgroup.devices.allow = c 254:0 rwm
219			EOF
220
221			if [ $? -ne 0 ]; then
222			echo "Failed to add configuration"
223			return 1
224			fi
225
226			return 0
227			}
228
229			clean()
230			{
231			cache="/var/cache/lxc/debian"
232
233			if [ ! -e $cache ]; then
234			exit 0
235			fi
236
237			# lock, so we won't purge while someone is creating a repository
238			(
239			flock -n -x 200
240			if [ $? != 0 ]; then
241			echo "Cache repository is busy."
242			exit 1
243			fi
244
245			echo -n "Purging the download cache..."
246			rm --preserve-root --one-file-system -rf $cache && echo "Done." \|\| exit 1
247			exit 0
248
249			) 200>/var/lock/subsys/lxc
250			}
251
252			usage()
253			{
254			cat <<EOF
255	dpavlin	176	$1 -h\|--help -p\|--path=<path> -a\|--arch=stable --clean
256	dpavlin	174	EOF
257			return 0
258			}
259
260	dpavlin	176	options=$(getopt -o hp:n:ca: -l help,path:,name:,clean,arch: -- "$@")
261	dpavlin	174	if [ $? -ne 0 ]; then
262			usage $(basename $0)
263			exit 1
264			fi
265			eval set -- "$options"
266
267			while true
268			do
269			case "$1" in
270			-h\|--help) usage $0 && exit 0;;
271			-p\|--path) path=$2; shift 2;;
272	dpavlin	176	-n\|--name) name=$2; shift 2;;
273			-c\|--clean) clean=$2; shift 2;;
274			-a\|--arch) arch=$2; shift 2;;
275	dpavlin	174	--) shift 1; break ;;
276			*) break ;;
277			esac
278			done
279
280			if [ ! -z "$clean" -a -z "$path" ]; then
281			clean \|\| exit 1
282			exit 0
283			fi
284
285			type debootstrap
286			if [ $? -ne 0 ]; then
287			echo "'debootstrap' command is missing"
288			exit 1
289			fi
290
291			if [ -z "$path" ]; then
292			echo "'path' parameter is required"
293			exit 1
294			fi
295
296			if [ "$(id -u)" != "0" ]; then
297			echo "This script should be run as 'root'"
298			exit 1
299			fi
300
301			rootfs=$path/rootfs
302
303			install_debian $rootfs
304			if [ $? -ne 0 ]; then
305			echo "failed to install debian"
306			exit 1
307			fi
308
309			configure_debian $rootfs $name
310			if [ $? -ne 0 ]; then
311			echo "failed to configure debian for a container"
312			exit 1
313			fi
314
315			copy_configuration $path $rootfs
316			if [ $? -ne 0 ]; then
317			echo "failed write configuration file"
318			exit 1
319			fi
320
321			if [ ! -z $clean ]; then
322			clean \|\| exit 1
323			exit 0
324			fi