Contents of /recepies/lxc/lxc-debian

#!/bin/bash

#
# lxc: linux Container library

# Authors:
# Daniel Lezcano <daniel.lezcano@free.fr>

# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.

# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# Lesser General Public License for more details.

# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

configure_debian()
{
    rootfs=$1
    hostname=$2

    # configure the inittab
    cat <<EOF > $rootfs/etc/inittab
id:3:initdefault:
si::sysinit:/etc/init.d/rcS
l0:0:wait:/etc/init.d/rc 0
l1:1:wait:/etc/init.d/rc 1
l2:2:wait:/etc/init.d/rc 2
l3:3:wait:/etc/init.d/rc 3
l4:4:wait:/etc/init.d/rc 4
l5:5:wait:/etc/init.d/rc 5
l6:6:wait:/etc/init.d/rc 6
# Normally not reached, but fallthrough in case of emergency.
z6:6:respawn:/sbin/sulogin
1:2345:respawn:/sbin/getty 38400 console
c1:12345:respawn:/sbin/getty 38400 tty1 linux
c2:12345:respawn:/sbin/getty 38400 tty2 linux
c3:12345:respawn:/sbin/getty 38400 tty3 linux
c4:12345:respawn:/sbin/getty 38400 tty4 linux
EOF

    # disable selinux in debian
    mkdir -p $rootfs/selinux
    echo 0 > $rootfs/selinux/enforce

    # by default setup root password with no password
    cat <<EOF > $rootfs/etc/ssh/sshd_config
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords yes
ChallengeResponseAuthentication no
EOF

    # configure the network using the dhcp
    cat <<EOF > $rootfs/etc/network/interfaces
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp
EOF

    # set the hostname
    cat <<EOF > $rootfs/etc/hostname
$hostname
EOF

    # reconfigure some services
    chroot $rootfs /usr/sbin/dpkg-reconfigure locales

    # remove pointless services in a container
    chroot $rootfs /usr/sbin/update-rc.d -f umountfs remove
    chroot $rootfs /usr/sbin/update-rc.d -f hwclock.sh remove
    chroot $rootfs /usr/sbin/update-rc.d -f hwclockfirst.sh remove
}

download_debian()
{
    packages=\
ifupdown,\
locales,\
libui-dialog-perl,\
dialog,\
dhcp-client,\
netbase,\
net-tools,\
iproute,\
openssh-server

    cache=$1
    arch=$2

    # check the mini debian was not already downloaded
    mkdir -p "$cache/partial-$arch"
    if [ $? -ne 0 ]; then
        echo "Failed to create '$cache/partial-$arch' directory"
        return 1
    fi

    # download a mini debian into a cache
    echo "Downloading debian minimal ..."
    debootstrap --verbose --variant=minbase --arch=$arch \
        --include $packages \
        lenny $cache/partial-$arch http://ftp.debian.org/debian
    if [ $? -ne 0 ]; then
        echo "Failed to download the rootfs, aborting."
        return 1
    fi

    mv "$1/partial-$arch" "$1/rootfs-$arch"
    echo "Download complete."

    return 0
}

copy_debian()
{
    cache=$1
    arch=$2
    rootfs=$3

    # make a local copy of the minidebian
    echo -n "Copying rootfs to $rootfs..."
    cp -a $cache/rootfs-$arch $rootfs || return 1
    return 0
}

install_debian()
{
    cache="/var/cache/lxc/debian"
    rootfs=$1
    mkdir -p /var/lock/subsys/
    (
        flock -n -x 200
        if [ $? -ne 0 ]; then
            echo "Cache repository is busy."
            return 1
        fi

        arch=$(arch)
        if [ "$arch" == "x86_64" ]; then
            arch=amd64
        fi

        if [ "$arch" == "i686" ]; then
            arch=i386
        fi

        echo "Checking cache download in $cache/rootfs-$arch ... "
        if [ ! -e "$cache/rootfs-$arch" ]; then
            download_debian $cache $arch
            if [ $? -ne 0 ]; then
                echo "Failed to download 'debian base'"
                return 1
            fi
        fi

        copy_debian $cache $arch $rootfs
        if [ $? -ne 0 ]; then
            echo "Failed to copy rootfs"
            return 1
        fi

        return 0

        ) 200>/var/lock/subsys/lxc

    return $?
}

copy_configuration()
{
    path=$1
    rootfs=$2
    name=$3

    cat <<EOF >> $path/config
lxc.tty = 4
lxc.pts = 1024
lxc.rootfs = $rootfs
lxc.cgroup.devices.deny = a
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rwm
EOF

    if [ $? -ne 0 ]; then
        echo "Failed to add configuration"
        return 1
    fi

    return 0
}

clean()
{
    cache="/var/cache/lxc/debian"

    if [ ! -e $cache ]; then
        exit 0
    fi

    # lock, so we won't purge while someone is creating a repository
    (
        flock -n -x 200 
        if [ $? != 0 ]; then
            echo "Cache repository is busy."
            exit 1
        fi

        echo -n "Purging the download cache..."
        rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1
        exit 0

    ) 200>/var/lock/subsys/lxc
}

usage()
{
    cat <<EOF
$1 -h|--help -p|--path=<path> --clean
EOF
    return 0
}

options=$(getopt -o hp:n:c -l help,path:,name:,clean -- "$@")
if [ $? -ne 0 ]; then
        usage $(basename $0)
        exit 1
fi
eval set -- "$options"

while true
do
    case "$1" in
        -h|--help)      usage $0 && exit 0;;
        -p|--path)      path=$2; shift 2;;
        -n|--name)      name=$2; shift 2;;
        -c|--clean)     clean=$2; shift 2;;
        --)             shift 1; break ;;
        *)              break ;;
    esac
done

if [ ! -z "$clean" -a -z "$path" ]; then
    clean || exit 1
    exit 0
fi

type debootstrap
if [ $? -ne 0 ]; then
    echo "'debootstrap' command is missing"
    exit 1
fi

if [ -z "$path" ]; then
    echo "'path' parameter is required"
    exit 1
fi

if [ "$(id -u)" != "0" ]; then
    echo "This script should be run as 'root'"
    exit 1
fi 

rootfs=$path/rootfs

install_debian $rootfs
if [ $? -ne 0 ]; then
    echo "failed to install debian"
    exit 1
fi

configure_debian $rootfs $name
if [ $? -ne 0 ]; then
    echo "failed to configure debian for a container"
    exit 1
fi

copy_configuration $path $rootfs
if [ $? -ne 0 ]; then
    echo "failed write configuration file"
    exit 1
fi

if [ ! -z $clean ]; then
    clean || exit 1
    exit 0
fi
1	#!/bin/bash
2
3	#
4	# lxc: linux Container library
5
6	# Authors:
7	# Daniel Lezcano <daniel.lezcano@free.fr>
8
9	# This library is free software; you can redistribute it and/or
10	# modify it under the terms of the GNU Lesser General Public
11	# License as published by the Free Software Foundation; either
12	# version 2.1 of the License, or (at your option) any later version.
13
14	# This library is distributed in the hope that it will be useful,
15	# but WITHOUT ANY WARRANTY; without even the implied warranty of
16	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17	# Lesser General Public License for more details.
18
19	# You should have received a copy of the GNU Lesser General Public
20	# License along with this library; if not, write to the Free Software
21	# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22
23	configure_debian()
24	{
25	rootfs=$1
26	hostname=$2
27
28	# configure the inittab
29	cat <<EOF > $rootfs/etc/inittab
30	id:3:initdefault:
31	si::sysinit:/etc/init.d/rcS
32	l0:0:wait:/etc/init.d/rc 0
33	l1:1:wait:/etc/init.d/rc 1
34	l2:2:wait:/etc/init.d/rc 2
35	l3:3:wait:/etc/init.d/rc 3
36	l4:4:wait:/etc/init.d/rc 4
37	l5:5:wait:/etc/init.d/rc 5
38	l6:6:wait:/etc/init.d/rc 6
39	# Normally not reached, but fallthrough in case of emergency.
40	z6:6:respawn:/sbin/sulogin
41	1:2345:respawn:/sbin/getty 38400 console
42	c1:12345:respawn:/sbin/getty 38400 tty1 linux
43	c2:12345:respawn:/sbin/getty 38400 tty2 linux
44	c3:12345:respawn:/sbin/getty 38400 tty3 linux
45	c4:12345:respawn:/sbin/getty 38400 tty4 linux
46	EOF
47
48	# disable selinux in debian
49	mkdir -p $rootfs/selinux
50	echo 0 > $rootfs/selinux/enforce
51
52	# by default setup root password with no password
53	cat <<EOF > $rootfs/etc/ssh/sshd_config
54	Port 22
55	Protocol 2
56	HostKey /etc/ssh/ssh_host_rsa_key
57	HostKey /etc/ssh/ssh_host_dsa_key
58	UsePrivilegeSeparation yes
59	KeyRegenerationInterval 3600
60	ServerKeyBits 768
61	SyslogFacility AUTH
62	LogLevel INFO
63	LoginGraceTime 120
64	PermitRootLogin yes
65	StrictModes yes
66	RSAAuthentication yes
67	PubkeyAuthentication yes
68	IgnoreRhosts yes
69	RhostsRSAAuthentication no
70	HostbasedAuthentication no
71	PermitEmptyPasswords yes
72	ChallengeResponseAuthentication no
73	EOF
74
75	# configure the network using the dhcp
76	cat <<EOF > $rootfs/etc/network/interfaces
77	auto lo
78	iface lo inet loopback
79
80	auto eth0
81	iface eth0 inet dhcp
82	EOF
83
84	# set the hostname
85	cat <<EOF > $rootfs/etc/hostname
86	$hostname
87	EOF
88
89	# reconfigure some services
90	chroot $rootfs /usr/sbin/dpkg-reconfigure locales
91
92	# remove pointless services in a container
93	chroot $rootfs /usr/sbin/update-rc.d -f umountfs remove
94	chroot $rootfs /usr/sbin/update-rc.d -f hwclock.sh remove
95	chroot $rootfs /usr/sbin/update-rc.d -f hwclockfirst.sh remove
96	}
97
98	download_debian()
99	{
100	packages=\
101	ifupdown,\
102	locales,\
103	libui-dialog-perl,\
104	dialog,\
105	dhcp-client,\
106	netbase,\
107	net-tools,\
108	iproute,\
109	openssh-server
110
111	cache=$1
112	arch=$2
113
114	# check the mini debian was not already downloaded
115	mkdir -p "$cache/partial-$arch"
116	if [ $? -ne 0 ]; then
117	echo "Failed to create '$cache/partial-$arch' directory"
118	return 1
119	fi
120
121	# download a mini debian into a cache
122	echo "Downloading debian minimal ..."
123	debootstrap --verbose --variant=minbase --arch=$arch \
124	--include $packages \
125	lenny $cache/partial-$arch http://ftp.debian.org/debian
126	if [ $? -ne 0 ]; then
127	echo "Failed to download the rootfs, aborting."
128	return 1
129	fi
130
131	mv "$1/partial-$arch" "$1/rootfs-$arch"
132	echo "Download complete."
133
134	return 0
135	}
136
137	copy_debian()
138	{
139	cache=$1
140	arch=$2
141	rootfs=$3
142
143	# make a local copy of the minidebian
144	echo -n "Copying rootfs to $rootfs..."
145	cp -a $cache/rootfs-$arch $rootfs \|\| return 1
146	return 0
147	}
148
149	install_debian()
150	{
151	cache="/var/cache/lxc/debian"
152	rootfs=$1
153	mkdir -p /var/lock/subsys/
154	(
155	flock -n -x 200
156	if [ $? -ne 0 ]; then
157	echo "Cache repository is busy."
158	return 1
159	fi
160
161	arch=$(arch)
162	if [ "$arch" == "x86_64" ]; then
163	arch=amd64
164	fi
165
166	if [ "$arch" == "i686" ]; then
167	arch=i386
168	fi
169
170	echo "Checking cache download in $cache/rootfs-$arch ... "
171	if [ ! -e "$cache/rootfs-$arch" ]; then
172	download_debian $cache $arch
173	if [ $? -ne 0 ]; then
174	echo "Failed to download 'debian base'"
175	return 1
176	fi
177	fi
178
179	copy_debian $cache $arch $rootfs
180	if [ $? -ne 0 ]; then
181	echo "Failed to copy rootfs"
182	return 1
183	fi
184
185	return 0
186
187	) 200>/var/lock/subsys/lxc
188
189	return $?
190	}
191
192	copy_configuration()
193	{
194	path=$1
195	rootfs=$2
196	name=$3
197
198	cat <<EOF >> $path/config
199	lxc.tty = 4
200	lxc.pts = 1024
201	lxc.rootfs = $rootfs
202	lxc.cgroup.devices.deny = a
203	# /dev/null and zero
204	lxc.cgroup.devices.allow = c 1:3 rwm
205	lxc.cgroup.devices.allow = c 1:5 rwm
206	# consoles
207	lxc.cgroup.devices.allow = c 5:1 rwm
208	lxc.cgroup.devices.allow = c 5:0 rwm
209	lxc.cgroup.devices.allow = c 4:0 rwm
210	lxc.cgroup.devices.allow = c 4:1 rwm
211	# /dev/{,u}random
212	lxc.cgroup.devices.allow = c 1:9 rwm
213	lxc.cgroup.devices.allow = c 1:8 rwm
214	lxc.cgroup.devices.allow = c 136:* rwm
215	lxc.cgroup.devices.allow = c 5:2 rwm
216	# rtc
217	lxc.cgroup.devices.allow = c 254:0 rwm
218	EOF
219
220	if [ $? -ne 0 ]; then
221	echo "Failed to add configuration"
222	return 1
223	fi
224
225	return 0
226	}
227
228	clean()
229	{
230	cache="/var/cache/lxc/debian"
231
232	if [ ! -e $cache ]; then
233	exit 0
234	fi
235
236	# lock, so we won't purge while someone is creating a repository
237	(
238	flock -n -x 200
239	if [ $? != 0 ]; then
240	echo "Cache repository is busy."
241	exit 1
242	fi
243
244	echo -n "Purging the download cache..."
245	rm --preserve-root --one-file-system -rf $cache && echo "Done." \|\| exit 1
246	exit 0
247
248	) 200>/var/lock/subsys/lxc
249	}
250
251	usage()
252	{
253	cat <<EOF
254	$1 -h\|--help -p\|--path=<path> --clean
255	EOF
256	return 0
257	}
258
259	options=$(getopt -o hp:n:c -l help,path:,name:,clean -- "$@")
260	if [ $? -ne 0 ]; then
261	usage $(basename $0)
262	exit 1
263	fi
264	eval set -- "$options"
265
266	while true
267	do
268	case "$1" in
269	-h\|--help) usage $0 && exit 0;;
270	-p\|--path) path=$2; shift 2;;
271	-n\|--name) name=$2; shift 2;;
272	-c\|--clean) clean=$2; shift 2;;
273	--) shift 1; break ;;
274	*) break ;;
275	esac
276	done
277
278	if [ ! -z "$clean" -a -z "$path" ]; then
279	clean \|\| exit 1
280	exit 0
281	fi
282
283	type debootstrap
284	if [ $? -ne 0 ]; then
285	echo "'debootstrap' command is missing"
286	exit 1
287	fi
288
289	if [ -z "$path" ]; then
290	echo "'path' parameter is required"
291	exit 1
292	fi
293
294	if [ "$(id -u)" != "0" ]; then
295	echo "This script should be run as 'root'"
296	exit 1
297	fi
298
299	rootfs=$path/rootfs
300
301	install_debian $rootfs
302	if [ $? -ne 0 ]; then
303	echo "failed to install debian"
304	exit 1
305	fi
306
307	configure_debian $rootfs $name
308	if [ $? -ne 0 ]; then
309	echo "failed to configure debian for a container"
310	exit 1
311	fi
312
313	copy_configuration $path $rootfs
314	if [ $? -ne 0 ]; then
315	echo "failed write configuration file"
316	exit 1
317	fi
318
319	if [ ! -z $clean ]; then
320	clean \|\| exit 1
321	exit 0
322	fi