/[sysadmin-cookbook]/recepies/lxc/lxc-debian
This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Contents of /recepies/lxc/lxc-debian

Parent Directory Parent Directory | Revision Log Revision Log


Revision 297 - (show annotations)
Mon Jun 25 12:18:30 2012 UTC (11 years, 9 months ago) by dpavlin
File size: 6854 byte(s)
install wheezy
1 #!/bin/bash
2
3 #
4 # lxc: linux Container library
5
6 apt-get install debootstrap
7
8 # Authors:
9 # Daniel Lezcano <daniel.lezcano@free.fr>
10
11 # This library is free software; you can redistribute it and/or
12 # modify it under the terms of the GNU Lesser General Public
13 # License as published by the Free Software Foundation; either
14 # version 2.1 of the License, or (at your option) any later version.
15
16 # This library is distributed in the hope that it will be useful,
17 # but WITHOUT ANY WARRANTY; without even the implied warranty of
18 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 # Lesser General Public License for more details.
20
21 # You should have received a copy of the GNU Lesser General Public
22 # License along with this library; if not, write to the Free Software
23 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
24
25 configure_debian()
26 {
27 rootfs=$1
28 hostname=$2
29
30 # configure the inittab
31 cat <<EOF > $rootfs/etc/inittab
32 id:3:initdefault:
33 si::sysinit:/etc/init.d/rcS
34 l0:0:wait:/etc/init.d/rc 0
35 l1:1:wait:/etc/init.d/rc 1
36 l2:2:wait:/etc/init.d/rc 2
37 l3:3:wait:/etc/init.d/rc 3
38 l4:4:wait:/etc/init.d/rc 4
39 l5:5:wait:/etc/init.d/rc 5
40 l6:6:wait:/etc/init.d/rc 6
41 # Normally not reached, but fallthrough in case of emergency.
42 z6:6:respawn:/sbin/sulogin
43 1:2345:respawn:/sbin/getty 38400 console
44 c1:12345:respawn:/sbin/getty 38400 tty1 linux
45 c2:12345:respawn:/sbin/getty 38400 tty2 linux
46 c3:12345:respawn:/sbin/getty 38400 tty3 linux
47 c4:12345:respawn:/sbin/getty 38400 tty4 linux
48 EOF
49
50 # disable selinux in debian
51 mkdir -p $rootfs/selinux
52 echo 0 > $rootfs/selinux/enforce
53
54 # by default setup root password with no password
55 cat <<EOF > $rootfs/etc/ssh/sshd_config
56 Port 22
57 Protocol 2
58 HostKey /etc/ssh/ssh_host_rsa_key
59 HostKey /etc/ssh/ssh_host_dsa_key
60 UsePrivilegeSeparation yes
61 KeyRegenerationInterval 3600
62 ServerKeyBits 768
63 SyslogFacility AUTH
64 LogLevel INFO
65 LoginGraceTime 120
66 PermitRootLogin yes
67 StrictModes yes
68 RSAAuthentication yes
69 PubkeyAuthentication yes
70 IgnoreRhosts yes
71 RhostsRSAAuthentication no
72 HostbasedAuthentication no
73 PermitEmptyPasswords yes
74 ChallengeResponseAuthentication no
75 EOF
76
77 # configure the network using the dhcp
78 cat <<EOF > $rootfs/etc/network/interfaces
79 auto lo
80 iface lo inet loopback
81
82 auto eth0
83 iface eth0 inet dhcp
84 EOF
85
86 # set the hostname
87 cat <<EOF > $rootfs/etc/hostname
88 $hostname
89 EOF
90
91 # reconfigure some services
92 chroot $rootfs /usr/sbin/dpkg-reconfigure locales
93
94 # remove pointless services in a container
95 chroot $rootfs /usr/sbin/update-rc.d -f umountfs remove
96 chroot $rootfs /usr/sbin/update-rc.d -f hwclock.sh remove
97 chroot $rootfs /usr/sbin/update-rc.d -f hwclockfirst.sh remove
98 }
99
100 arch=$(arch)
101
102 download_debian()
103 {
104 packages=\
105 ifupdown,\
106 locales,\
107 libui-dialog-perl,\
108 dialog,\
109 netbase,\
110 net-tools,\
111 iproute,\
112 openssh-server
113
114 cache=$1
115
116 # check the mini debian was not already downloaded
117 mkdir -p "$cache/partial-$arch"
118 if [ $? -ne 0 ]; then
119 echo "Failed to create '$cache/partial-$arch' directory"
120 return 1
121 fi
122
123 # download a mini debian into a cache
124 echo "Downloading debian minimal ..."
125 debootstrap --verbose --variant=minbase --arch=$arch \
126 --include $packages \
127 wheezy $cache/partial-$arch http://ftp.debian.org/debian
128 if [ $? -ne 0 ]; then
129 echo "Failed to download the rootfs, aborting."
130 return 1
131 fi
132
133 mv "$1/partial-$arch" "$1/rootfs-$arch"
134 echo "Download complete."
135
136 return 0
137 }
138
139 copy_debian()
140 {
141 cache=$1
142 rootfs=$3
143
144 # make a local copy of the minidebian
145 echo -n "Copying rootfs to $rootfs..."
146 cp -a $cache/rootfs-$arch $rootfs || return 1
147 return 0
148 }
149
150 install_debian()
151 {
152 cache="/var/cache/lxc/debian"
153 rootfs=$1
154 mkdir -p /var/lock/subsys/
155 (
156 flock -n -x 200
157 if [ $? -ne 0 ]; then
158 echo "Cache repository is busy."
159 return 1
160 fi
161
162 if [ "$arch" == "x86_64" ]; then
163 arch=amd64
164 fi
165
166 if [ "$arch" == "i686" ]; then
167 arch=i386
168 fi
169
170 echo "Checking cache download in $cache/rootfs-$arch ... "
171 if [ ! -e "$cache/rootfs-$arch" ]; then
172 download_debian $cache $arch
173 if [ $? -ne 0 ]; then
174 echo "Failed to download 'debian base'"
175 return 1
176 fi
177 fi
178
179 copy_debian $cache $arch $rootfs
180 if [ $? -ne 0 ]; then
181 echo "Failed to copy rootfs"
182 return 1
183 fi
184
185 return 0
186
187 ) 200>/var/lock/subsys/lxc
188
189 return $?
190 }
191
192 copy_configuration()
193 {
194 path=$1
195 rootfs=$2
196 name=$3
197
198 cat <<EOF >> $path/config
199 lxc.tty = 4
200 lxc.pts = 1024
201 lxc.rootfs = $rootfs
202 lxc.cgroup.devices.deny = a
203 # /dev/null and zero
204 lxc.cgroup.devices.allow = c 1:3 rwm
205 lxc.cgroup.devices.allow = c 1:5 rwm
206 # consoles
207 lxc.cgroup.devices.allow = c 5:1 rwm
208 lxc.cgroup.devices.allow = c 5:0 rwm
209 lxc.cgroup.devices.allow = c 4:0 rwm
210 lxc.cgroup.devices.allow = c 4:1 rwm
211 # /dev/{,u}random
212 lxc.cgroup.devices.allow = c 1:9 rwm
213 lxc.cgroup.devices.allow = c 1:8 rwm
214 lxc.cgroup.devices.allow = c 136:* rwm
215 lxc.cgroup.devices.allow = c 5:2 rwm
216 # rtc
217 lxc.cgroup.devices.allow = c 254:0 rwm
218 EOF
219
220 if [ $? -ne 0 ]; then
221 echo "Failed to add configuration"
222 return 1
223 fi
224
225 return 0
226 }
227
228 clean()
229 {
230 cache="/var/cache/lxc/debian"
231
232 if [ ! -e $cache ]; then
233 exit 0
234 fi
235
236 # lock, so we won't purge while someone is creating a repository
237 (
238 flock -n -x 200
239 if [ $? != 0 ]; then
240 echo "Cache repository is busy."
241 exit 1
242 fi
243
244 echo -n "Purging the download cache..."
245 rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1
246 exit 0
247
248 ) 200>/var/lock/subsys/lxc
249 }
250
251 usage()
252 {
253 cat <<EOF
254 $1 -h|--help -p|--path=<path> -a|--arch=stable --clean
255 EOF
256 return 0
257 }
258
259 options=$(getopt -o hp:n:ca: -l help,path:,name:,clean,arch: -- "$@")
260 if [ $? -ne 0 ]; then
261 usage $(basename $0)
262 exit 1
263 fi
264 eval set -- "$options"
265
266 while true
267 do
268 case "$1" in
269 -h|--help) usage $0 && exit 0;;
270 -p|--path) path=$2; shift 2;;
271 -n|--name) name=$2; shift 2;;
272 -c|--clean) clean=$2; shift 2;;
273 -a|--arch) arch=$2; shift 2;;
274 --) shift 1; break ;;
275 *) break ;;
276 esac
277 done
278
279 if [ ! -z "$clean" -a -z "$path" ]; then
280 clean || exit 1
281 exit 0
282 fi
283
284 type debootstrap
285 if [ $? -ne 0 ]; then
286 echo "'debootstrap' command is missing"
287 exit 1
288 fi
289
290 if [ -z "$path" ]; then
291 echo "'path' parameter is required"
292 exit 1
293 fi
294
295 if [ "$(id -u)" != "0" ]; then
296 echo "This script should be run as 'root'"
297 exit 1
298 fi
299
300 rootfs=$path/rootfs
301
302 install_debian $rootfs
303 if [ $? -ne 0 ]; then
304 echo "failed to install debian"
305 exit 1
306 fi
307
308 configure_debian $rootfs $name
309 if [ $? -ne 0 ]; then
310 echo "failed to configure debian for a container"
311 exit 1
312 fi
313
314 copy_configuration $path $rootfs
315 if [ $? -ne 0 ]; then
316 echo "failed write configuration file"
317 exit 1
318 fi
319
320 if [ ! -z $clean ]; then
321 clean || exit 1
322 exit 0
323 fi

Properties

Name Value
svn:executable *

  ViewVC Help
Powered by ViewVC 1.1.26