Annotation of /recepies/lxc/lxc-debian

#!/bin/bash

#
# lxc: linux Container library

apt-get install debootstrap

# Authors:
# Daniel Lezcano <daniel.lezcano@free.fr>

# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.

# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# Lesser General Public License for more details.

# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

configure_debian()
{
    rootfs=$1
    hostname=$2

    # configure the inittab
    cat <<EOF > $rootfs/etc/inittab
id:3:initdefault:
si::sysinit:/etc/init.d/rcS
l0:0:wait:/etc/init.d/rc 0
l1:1:wait:/etc/init.d/rc 1
l2:2:wait:/etc/init.d/rc 2
l3:3:wait:/etc/init.d/rc 3
l4:4:wait:/etc/init.d/rc 4
l5:5:wait:/etc/init.d/rc 5
l6:6:wait:/etc/init.d/rc 6
# Normally not reached, but fallthrough in case of emergency.
z6:6:respawn:/sbin/sulogin
1:2345:respawn:/sbin/getty 38400 console
c1:12345:respawn:/sbin/getty 38400 tty1 linux
c2:12345:respawn:/sbin/getty 38400 tty2 linux
c3:12345:respawn:/sbin/getty 38400 tty3 linux
c4:12345:respawn:/sbin/getty 38400 tty4 linux
EOF

    # disable selinux in debian
    mkdir -p $rootfs/selinux
    echo 0 > $rootfs/selinux/enforce

    # by default setup root password with no password
    cat <<EOF > $rootfs/etc/ssh/sshd_config
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords yes
ChallengeResponseAuthentication no
EOF

    # configure the network using the dhcp
    cat <<EOF > $rootfs/etc/network/interfaces
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp
EOF

    # set the hostname
    cat <<EOF > $rootfs/etc/hostname
$hostname
EOF

    # reconfigure some services
    chroot $rootfs /usr/sbin/dpkg-reconfigure locales

    # remove pointless services in a container
    chroot $rootfs /usr/sbin/update-rc.d -f umountfs remove
    chroot $rootfs /usr/sbin/update-rc.d -f hwclock.sh remove
    chroot $rootfs /usr/sbin/update-rc.d -f hwclockfirst.sh remove
}

arch=$(arch)

download_debian()
{
    packages=\
ifupdown,\
locales,\
libui-dialog-perl,\
dialog,\
netbase,\
net-tools,\
iproute,\
openssh-server

    cache=$1

    # check the mini debian was not already downloaded
    mkdir -p "$cache/partial-$arch"
    if [ $? -ne 0 ]; then
        echo "Failed to create '$cache/partial-$arch' directory"
        return 1
    fi

    # download a mini debian into a cache
    echo "Downloading debian minimal ..."
    debootstrap --verbose --variant=minbase --arch=$arch \
        --include $packages \
        wheezy $cache/partial-$arch http://ftp.debian.org/debian
    if [ $? -ne 0 ]; then
        echo "Failed to download the rootfs, aborting."
        return 1
    fi

    mv "$1/partial-$arch" "$1/rootfs-$arch"
    echo "Download complete."

    return 0
}

copy_debian()
{
    cache=$1
    rootfs=$3

    # make a local copy of the minidebian
    echo -n "Copying rootfs to $rootfs..."
    cp -a $cache/rootfs-$arch $rootfs || return 1
    return 0
}

install_debian()
{
    cache="/var/cache/lxc/debian"
    rootfs=$1
    mkdir -p /var/lock/subsys/
    (
        flock -n -x 200
        if [ $? -ne 0 ]; then
            echo "Cache repository is busy."
            return 1
        fi

        if [ "$arch" == "x86_64" ]; then
            arch=amd64
        fi

        if [ "$arch" == "i686" ]; then
            arch=i386
        fi

        echo "Checking cache download in $cache/rootfs-$arch ... "
        if [ ! -e "$cache/rootfs-$arch" ]; then
            download_debian $cache $arch
            if [ $? -ne 0 ]; then
                echo "Failed to download 'debian base'"
                return 1
            fi
        fi

        copy_debian $cache $arch $rootfs
        if [ $? -ne 0 ]; then
            echo "Failed to copy rootfs"
            return 1
        fi

        return 0

        ) 200>/var/lock/subsys/lxc

    return $?
}

copy_configuration()
{
    path=$1
    rootfs=$2
    name=$3

    cat <<EOF >> $path/config
lxc.tty = 4
lxc.pts = 1024
lxc.rootfs = $rootfs
lxc.cgroup.devices.deny = a
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rwm
EOF

    if [ $? -ne 0 ]; then
        echo "Failed to add configuration"
        return 1
    fi

    return 0
}

clean()
{
    cache="/var/cache/lxc/debian"

    if [ ! -e $cache ]; then
        exit 0
    fi

    # lock, so we won't purge while someone is creating a repository
    (
        flock -n -x 200 
        if [ $? != 0 ]; then
            echo "Cache repository is busy."
            exit 1
        fi

        echo -n "Purging the download cache..."
        rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1
        exit 0

    ) 200>/var/lock/subsys/lxc
}

usage()
{
    cat <<EOF
$1 -h|--help -p|--path=<path> -a|--arch=stable --clean
EOF
    return 0
}

options=$(getopt -o hp:n:ca: -l help,path:,name:,clean,arch: -- "$@")
if [ $? -ne 0 ]; then
        usage $(basename $0)
        exit 1
fi
eval set -- "$options"

while true
do
    case "$1" in
        -h|--help)      usage $0 && exit 0;;
        -p|--path)      path=$2; shift 2;;
                -n|--name)      name=$2; shift 2;;
                -c|--clean)     clean=$2; shift 2;;
                -a|--arch)              arch=$2; shift 2;;
        --)             shift 1; break ;;
        *)              break ;;
    esac
done

if [ ! -z "$clean" -a -z "$path" ]; then
    clean || exit 1
    exit 0
fi

type debootstrap
if [ $? -ne 0 ]; then
    echo "'debootstrap' command is missing"
    exit 1
fi

if [ -z "$path" ]; then
    echo "'path' parameter is required"
    exit 1
fi

if [ "$(id -u)" != "0" ]; then
    echo "This script should be run as 'root'"
    exit 1
fi 

rootfs=$path/rootfs

install_debian $rootfs
if [ $? -ne 0 ]; then
    echo "failed to install debian"
    exit 1
fi

configure_debian $rootfs $name
if [ $? -ne 0 ]; then
    echo "failed to configure debian for a container"
    exit 1
fi

copy_configuration $path $rootfs
if [ $? -ne 0 ]; then
    echo "failed write configuration file"
    exit 1
fi

if [ ! -z $clean ]; then
    clean || exit 1
    exit 0
fi
1	dpavlin	174	#!/bin/bash
2
3			#
4			# lxc: linux Container library
5
6	dpavlin	246	apt-get install debootstrap
7
8	dpavlin	174	# Authors:
9			# Daniel Lezcano <daniel.lezcano@free.fr>
10
11			# This library is free software; you can redistribute it and/or
12			# modify it under the terms of the GNU Lesser General Public
13			# License as published by the Free Software Foundation; either
14			# version 2.1 of the License, or (at your option) any later version.
15
16			# This library is distributed in the hope that it will be useful,
17			# but WITHOUT ANY WARRANTY; without even the implied warranty of
18			# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19			# Lesser General Public License for more details.
20
21			# You should have received a copy of the GNU Lesser General Public
22			# License along with this library; if not, write to the Free Software
23			# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
24
25			configure_debian()
26			{
27			rootfs=$1
28			hostname=$2
29
30			# configure the inittab
31			cat <<EOF > $rootfs/etc/inittab
32			id:3:initdefault:
33			si::sysinit:/etc/init.d/rcS
34			l0:0:wait:/etc/init.d/rc 0
35			l1:1:wait:/etc/init.d/rc 1
36			l2:2:wait:/etc/init.d/rc 2
37			l3:3:wait:/etc/init.d/rc 3
38			l4:4:wait:/etc/init.d/rc 4
39			l5:5:wait:/etc/init.d/rc 5
40			l6:6:wait:/etc/init.d/rc 6
41			# Normally not reached, but fallthrough in case of emergency.
42			z6:6:respawn:/sbin/sulogin
43			1:2345:respawn:/sbin/getty 38400 console
44			c1:12345:respawn:/sbin/getty 38400 tty1 linux
45			c2:12345:respawn:/sbin/getty 38400 tty2 linux
46			c3:12345:respawn:/sbin/getty 38400 tty3 linux
47			c4:12345:respawn:/sbin/getty 38400 tty4 linux
48			EOF
49
50			# disable selinux in debian
51			mkdir -p $rootfs/selinux
52			echo 0 > $rootfs/selinux/enforce
53
54			# by default setup root password with no password
55			cat <<EOF > $rootfs/etc/ssh/sshd_config
56			Port 22
57			Protocol 2
58			HostKey /etc/ssh/ssh_host_rsa_key
59			HostKey /etc/ssh/ssh_host_dsa_key
60			UsePrivilegeSeparation yes
61			KeyRegenerationInterval 3600
62			ServerKeyBits 768
63			SyslogFacility AUTH
64			LogLevel INFO
65			LoginGraceTime 120
66			PermitRootLogin yes
67			StrictModes yes
68			RSAAuthentication yes
69			PubkeyAuthentication yes
70			IgnoreRhosts yes
71			RhostsRSAAuthentication no
72			HostbasedAuthentication no
73			PermitEmptyPasswords yes
74			ChallengeResponseAuthentication no
75			EOF
76
77			# configure the network using the dhcp
78			cat <<EOF > $rootfs/etc/network/interfaces
79			auto lo
80			iface lo inet loopback
81
82			auto eth0
83			iface eth0 inet dhcp
84			EOF
85
86			# set the hostname
87			cat <<EOF > $rootfs/etc/hostname
88			$hostname
89			EOF
90
91			# reconfigure some services
92			chroot $rootfs /usr/sbin/dpkg-reconfigure locales
93
94			# remove pointless services in a container
95			chroot $rootfs /usr/sbin/update-rc.d -f umountfs remove
96			chroot $rootfs /usr/sbin/update-rc.d -f hwclock.sh remove
97			chroot $rootfs /usr/sbin/update-rc.d -f hwclockfirst.sh remove
98			}
99
100	dpavlin	176	arch=$(arch)
101
102	dpavlin	174	download_debian()
103			{
104			packages=\
105			ifupdown,\
106			locales,\
107			libui-dialog-perl,\
108			dialog,\
109			netbase,\
110			net-tools,\
111			iproute,\
112			openssh-server
113
114			cache=$1
115
116			# check the mini debian was not already downloaded
117			mkdir -p "$cache/partial-$arch"
118			if [ $? -ne 0 ]; then
119			echo "Failed to create '$cache/partial-$arch' directory"
120			return 1
121			fi
122
123			# download a mini debian into a cache
124			echo "Downloading debian minimal ..."
125			debootstrap --verbose --variant=minbase --arch=$arch \
126			--include $packages \
127	dpavlin	297	wheezy $cache/partial-$arch http://ftp.debian.org/debian
128	dpavlin	174	if [ $? -ne 0 ]; then
129			echo "Failed to download the rootfs, aborting."
130			return 1
131			fi
132
133			mv "$1/partial-$arch" "$1/rootfs-$arch"
134			echo "Download complete."
135
136			return 0
137			}
138
139			copy_debian()
140			{
141			cache=$1
142			rootfs=$3
143
144			# make a local copy of the minidebian
145			echo -n "Copying rootfs to $rootfs..."
146			cp -a $cache/rootfs-$arch $rootfs \|\| return 1
147			return 0
148			}
149
150			install_debian()
151			{
152			cache="/var/cache/lxc/debian"
153			rootfs=$1
154			mkdir -p /var/lock/subsys/
155			(
156			flock -n -x 200
157			if [ $? -ne 0 ]; then
158			echo "Cache repository is busy."
159			return 1
160			fi
161
162			if [ "$arch" == "x86_64" ]; then
163			arch=amd64
164			fi
165
166			if [ "$arch" == "i686" ]; then
167			arch=i386
168			fi
169
170			echo "Checking cache download in $cache/rootfs-$arch ... "
171			if [ ! -e "$cache/rootfs-$arch" ]; then
172			download_debian $cache $arch
173			if [ $? -ne 0 ]; then
174			echo "Failed to download 'debian base'"
175			return 1
176			fi
177			fi
178
179			copy_debian $cache $arch $rootfs
180			if [ $? -ne 0 ]; then
181			echo "Failed to copy rootfs"
182			return 1
183			fi
184
185			return 0
186
187			) 200>/var/lock/subsys/lxc
188
189			return $?
190			}
191
192			copy_configuration()
193			{
194			path=$1
195			rootfs=$2
196			name=$3
197
198			cat <<EOF >> $path/config
199			lxc.tty = 4
200			lxc.pts = 1024
201			lxc.rootfs = $rootfs
202			lxc.cgroup.devices.deny = a
203			# /dev/null and zero
204			lxc.cgroup.devices.allow = c 1:3 rwm
205			lxc.cgroup.devices.allow = c 1:5 rwm
206			# consoles
207			lxc.cgroup.devices.allow = c 5:1 rwm
208			lxc.cgroup.devices.allow = c 5:0 rwm
209			lxc.cgroup.devices.allow = c 4:0 rwm
210			lxc.cgroup.devices.allow = c 4:1 rwm
211			# /dev/{,u}random
212			lxc.cgroup.devices.allow = c 1:9 rwm
213			lxc.cgroup.devices.allow = c 1:8 rwm
214			lxc.cgroup.devices.allow = c 136:* rwm
215			lxc.cgroup.devices.allow = c 5:2 rwm
216			# rtc
217			lxc.cgroup.devices.allow = c 254:0 rwm
218			EOF
219
220			if [ $? -ne 0 ]; then
221			echo "Failed to add configuration"
222			return 1
223			fi
224
225			return 0
226			}
227
228			clean()
229			{
230			cache="/var/cache/lxc/debian"
231
232			if [ ! -e $cache ]; then
233			exit 0
234			fi
235
236			# lock, so we won't purge while someone is creating a repository
237			(
238			flock -n -x 200
239			if [ $? != 0 ]; then
240			echo "Cache repository is busy."
241			exit 1
242			fi
243
244			echo -n "Purging the download cache..."
245			rm --preserve-root --one-file-system -rf $cache && echo "Done." \|\| exit 1
246			exit 0
247
248			) 200>/var/lock/subsys/lxc
249			}
250
251			usage()
252			{
253			cat <<EOF
254	dpavlin	176	$1 -h\|--help -p\|--path=<path> -a\|--arch=stable --clean
255	dpavlin	174	EOF
256			return 0
257			}
258
259	dpavlin	176	options=$(getopt -o hp:n:ca: -l help,path:,name:,clean,arch: -- "$@")
260	dpavlin	174	if [ $? -ne 0 ]; then
261			usage $(basename $0)
262			exit 1
263			fi
264			eval set -- "$options"
265
266			while true
267			do
268			case "$1" in
269			-h\|--help) usage $0 && exit 0;;
270			-p\|--path) path=$2; shift 2;;
271	dpavlin	176	-n\|--name) name=$2; shift 2;;
272			-c\|--clean) clean=$2; shift 2;;
273			-a\|--arch) arch=$2; shift 2;;
274	dpavlin	174	--) shift 1; break ;;
275			*) break ;;
276			esac
277			done
278
279			if [ ! -z "$clean" -a -z "$path" ]; then
280			clean \|\| exit 1
281			exit 0
282			fi
283
284			type debootstrap
285			if [ $? -ne 0 ]; then
286			echo "'debootstrap' command is missing"
287			exit 1
288			fi
289
290			if [ -z "$path" ]; then
291			echo "'path' parameter is required"
292			exit 1
293			fi
294
295			if [ "$(id -u)" != "0" ]; then
296			echo "This script should be run as 'root'"
297			exit 1
298			fi
299
300			rootfs=$path/rootfs
301
302			install_debian $rootfs
303			if [ $? -ne 0 ]; then
304			echo "failed to install debian"
305			exit 1
306			fi
307
308			configure_debian $rootfs $name
309			if [ $? -ne 0 ]; then
310			echo "failed to configure debian for a container"
311			exit 1
312			fi
313
314			copy_configuration $path $rootfs
315			if [ $? -ne 0 ]; then
316			echo "failed write configuration file"
317			exit 1
318			fi
319
320			if [ ! -z $clean ]; then
321			clean \|\| exit 1
322			exit 0
323			fi