[ -e ssh ] || (echo "You need a ssh dir containing host keys like /etc/ssh_host_*" && false)
setname: beroot
- echo "debian6.local" > $(VMROOT)/rootfs/etc/hostname
- grep -q debian6.local $(VMROOT)/rootfs/etc/hosts || echo "$(IPDEBBASE).$(VEIDDEB) debian6.local debian6" >> $(VMROOT)/rootfs/etc/hosts
+ echo "debian7.local" > $(VMROOT)/rootfs/etc/hostname
+ grep -q debian7.local $(VMROOT)/rootfs/etc/hosts || echo "$(IPDEBBASE).$(VEIDDEB) debian7.local debian7" >> $(VMROOT)/rootfs/etc/hosts
beroot:
@[ $(shell id -u) = "0" ] || (echo "you should be root to run this" ; exit 1)
delrights: beroot
lxc-setcap -d
-installtemplate: /usr/lib/lxc/templates/lxc-debian6 /usr/lib/lxc/templates/lxc-centos5 /usr/lib/lxc/templates/lxc-centos6
+installtemplate: /usr/lib/lxc/templates/lxc-debian7 /usr/lib/lxc/templates/lxc-debian6 /usr/lib/lxc/templates/lxc-centos5 /usr/lib/lxc/templates/lxc-centos6
/usr/lib/lxc/templates/lxc-debian6: lxc-debian6 /usr/lib/lxc
cat lxc-debian6 | sed 's!http://cdn.debian.net/debian/!$(DEBMIRROR)!' > /usr/lib/lxc/templates/lxc-debian6
chmod 755 /usr/lib/lxc/templates/lxc-debian6
+/usr/lib/lxc/templates/lxc-debian7: lxc-debian7 /usr/lib/lxc
+ cat lxc-debian7 | sed 's!http://cdn.debian.net/debian/!$(DEBMIRROR)!' > /usr/lib/lxc/templates/lxc-debian7
+ chmod 755 /usr/lib/lxc/templates/lxc-debian7
+
/usr/lib/lxc/templates/lxc-centos5: lxc-centos5 /usr/lib/lxc
cp lxc-centos5 /usr/lib/lxc/templates/
cp lxc-centos6 /usr/lib/lxc/templates/
createdeb:
- sudo /usr/bin/lxc-create -n dhdebian6.local -f config.debian6 -t debian6
+ sudo /usr/bin/lxc-create -n dhdebian7.local -f config.debian7 -t debian7
createcos: /usr/bin/netmask /usr/bin/rinse
sudo /usr/bin/lxc-create -n dhcentos5.local -f config.centos5 -t centos5
startdeb: checkmount
- sudo LANG=C /usr/bin/lxc-start -n dhdebian6.local -d
+ sudo LANG=C /usr/bin/lxc-start -n dhdebian7.local -d
stopdeb:
- sudo LANG=C /usr/bin/lxc-stop -n dhdebian6.local
+ sudo LANG=C /usr/bin/lxc-stop -n dhdebian7.local
startcos: checkmount
sudo LANG=C /usr/bin/lxc-start -n dhcentos5.local -d
sudo LANG=C /usr/bin/lxc-stop -n dhcentos5.local
destroydeb:
- sudo LANG=C /usr/bin/lxc-stop -n dhdebian6.local
- sudo LANG=C /usr/bin/lxc-destroy -n dhdebian6.local
+ sudo LANG=C /usr/bin/lxc-stop -n dhdebian7.local
+ sudo LANG=C /usr/bin/lxc-destroy -n dhdebian7.local
destroycos:
sudo LANG=C /usr/bin/lxc-stop -n dhcentos5.local
--- /dev/null
+#!/bin/bash
+
+#
+# lxc: linux Container library
+
+# Authors:
+# Daniel Lezcano <daniel.lezcano@free.fr>
+
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+
+LANG=C
+SUITE=${SUITE:-wheezy}
+MIRROR=${MIRROR:-"http://cdn.debian.net/debian/"}
+
+configure_debian()
+{
+ rootfs=$1
+ hostname=$2
+
+ # Squeeze only has /dev/tty and /dev/tty0 by default,
+ # therefore creating missing device nodes for tty1-4.
+ test -e $rootfs/dev/tty1 || mknod $rootfs/dev/tty1 c 4 1
+ test -e $rootfs/dev/tty2 || mknod $rootfs/dev/tty2 c 4 2
+ test -e $rootfs/dev/tty3 || mknod $rootfs/dev/tty3 c 4 3
+ test -e $rootfs/dev/tty4 || mknod $rootfs/dev/tty4 c 4 4
+
+ # configure the inittab
+ cat <<EOF > $rootfs/etc/inittab
+id:3:initdefault:
+si::sysinit:/etc/init.d/rcS
+l0:0:wait:/etc/init.d/rc 0
+l1:1:wait:/etc/init.d/rc 1
+l2:2:wait:/etc/init.d/rc 2
+l3:3:wait:/etc/init.d/rc 3
+l4:4:wait:/etc/init.d/rc 4
+l5:5:wait:/etc/init.d/rc 5
+l6:6:wait:/etc/init.d/rc 6
+# Normally not reached, but fallthrough in case of emergency.
+z6:6:respawn:/sbin/sulogin
+1:2345:respawn:/sbin/getty 38400 console
+c1:12345:respawn:/sbin/getty 38400 tty1 linux
+c2:12345:respawn:/sbin/getty 38400 tty2 linux
+c3:12345:respawn:/sbin/getty 38400 tty3 linux
+c4:12345:respawn:/sbin/getty 38400 tty4 linux
+EOF
+
+ # disable selinux in debian
+ mkdir -p $rootfs/selinux
+ echo 0 > $rootfs/selinux/enforce
+
+ if grep -q ^lxc.network.ipv4 $path/config
+ then
+ # configure static network
+ lxc_network_ipv4=`grep ^lxc.network.ipv4 $path/config | cut -d= -f2`
+ address=`echo $lxc_network_ipv4 | cut -d/ -f1`
+ netmask=`netmask -s $lxc_network_ipv4 | cut -d/ -f2`
+ gateway=`grep ^\#lxc.network.ipv4.gw $path/config | cut -d= -f2`
+ if [ -e $rootfs/etc/network/interfaces ]
+ then
+ cat <<EOF > $rootfs/etc/network/interfaces
+auto lo
+iface lo inet loopback
+
+auto eth0
+iface eth0 inet static
+ address $address
+ netmask $netmask
+EOF
+ if [ ! -z "$gateway" ]
+ then
+ cat <<EOF >> $rootfs/etc/network/interfaces
+ gateway $gateway
+EOF
+ fi
+ cat <<EOF >> $rootfs/etc/hosts
+$address $hostname
+EOF
+ echo "Network configured with static ip"
+ else
+ exit 2
+ fi
+ else
+ # configure the network using the dhcp
+ if [ -e $rootfs/etc/network/interfaces ]
+ then
+ cat <<EOF > $rootfs/etc/network/interfaces
+auto lo
+iface lo inet loopback
+
+auto eth0
+iface eth0 inet dhcp
+EOF
+ cat <<EOF >> $rootfs/etc/hosts
+127.0.1.1 $hostname
+EOF
+ echo "Network configured with dhcp"
+ else
+ exit 3
+ fi
+ fi
+ # When domain is not local, avahi completed by send hostname
+ hostnamebase=`echo $hostname | cut -d. -f1`
+ if [ "$hostnamebase.local" != "$hostname" ]
+ then
+ cat <<EOF >> $rootfs/etc/dhcp/dhclient.conf
+send host-name "$hostnamebase";
+EOF
+ fi
+
+ # set the hostname
+ cat <<EOF > $rootfs/etc/hostname
+$hostname
+EOF
+
+ # reconfigure some services
+ if [ -z "$LANG" ]; then
+ chroot $rootfs locale-gen en_US.UTF-8
+ chroot $rootfs update-locale LANG=en_US.UTF-8
+ else
+ chroot $rootfs locale-gen $LANG
+ chroot $rootfs update-locale LANG=$LANG
+ fi
+
+ # remove pointless services in a container
+ chroot $rootfs /usr/sbin/update-rc.d -f checkroot remove
+ chroot $rootfs /usr/sbin/update-rc.d -f umountfs remove
+ chroot $rootfs /usr/sbin/update-rc.d -f hwclock.sh remove
+ chroot $rootfs /usr/sbin/update-rc.d -f hwclockfirst.sh remove
+
+ # fix avahi
+ if [ -f $rootfs/etc/init.d/avahi-daemon ]
+ then
+ echo 'Fix avahi'
+ sed -i -e "s!-D!-D --no-rlimits!" $rootfs/etc/init.d/avahi-daemon
+ fi
+
+ echo "root:root" | chroot $rootfs chpasswd
+ echo "Root password is 'root', please change !"
+
+ return 0
+}
+
+configure_pubkey(){
+ path=$1
+ rootfs=$2
+ if grep -q ^\#lxc.pubkey $path/config
+ then
+ pubkey=`grep ^\#lxc.pubkey $path/config | cut -d= -f2`
+ fi
+ if [ ! -e $rootfs/root/.ssh ]
+ then
+ mkdir $rootfs/root/.ssh
+ fi
+ if [ ! -z "$pubkey" ]
+ then
+ echo "Copying $pubkey -> $rootfs/root/.ssh/authorized_keys"
+ cp $pubkey $rootfs/root/.ssh/authorized_keys
+ fi
+}
+
+configure_hostkeydir(){
+ rootfs=$1
+ hostkeydir=$2
+ name=$3
+ if [ $# -ne 3 ]
+ then
+ exit 1
+ else
+ [ -d $rootfs/etc/ssh ] || mkdir -p $rootfs/etc/ssh
+ if [ -e $hostkeydir ]
+ then
+ if [ ! -d $hostkeydir/$name ]
+ then
+ mkdir $hostkeydir/$name
+ echo "Creating SSH2 RSA key; this may take some time ..."
+ ssh-keygen -q -f $hostkeydir/$name/ssh_host_rsa_key -N '' -t rsa
+ echo "Creating SSH2 DSA key; this may take some time ..."
+ ssh-keygen -q -f $hostkeydir/$name/ssh_host_dsa_key -N '' -t dsa
+ fi
+ cp $hostkeydir/$name/ssh_host_* $rootfs/etc/ssh/
+ fi
+ fi
+}
+
+download_debian()
+{
+ packages=\
+ifupdown,\
+locales,\
+libui-dialog-perl,\
+dialog,\
+dhcp3-client,\
+netbase,\
+net-tools,\
+iproute,\
+iputils-ping,\
+vim,\
+less,\
+rsync,\
+htop,\
+zsh,\
+debconf-utils,\
+avahi-utils,\
+openssh-server,\
+xbase-clients,\
+phpunit,\
+openjdk-6-jre,\
+iceweasel
+
+ cache=$1
+ arch=$2
+
+ # check the mini debian was not already downloaded
+ mkdir -p "$cache/partial-$SUITE-$arch"
+ if [ $? -ne 0 ]; then
+ echo "Failed to create '$cache/partial-$SUITE-$arch' directory"
+ return 1
+ fi
+
+ # download a mini debian into a cache
+ echo "Downloading debian minimal ..."
+ debootstrap --verbose --variant=minbase --arch=$arch \
+ --include $packages \
+ "$SUITE" "$cache/partial-$SUITE-$arch" $MIRROR
+ if [ $? -ne 0 ]; then
+ echo "Failed to download the rootfs, aborting."
+ return 1
+ fi
+
+ mv "$1/partial-$SUITE-$arch" "$1/rootfs-$SUITE-$arch"
+ echo "Download complete."
+
+ return 0
+}
+
+copy_debian()
+{
+ cache=$1
+ arch=$2
+ rootfs=$3
+
+ # make a local copy of the minidebian
+ echo -n "Copying rootfs to $rootfs..."
+ cp -a "$cache/rootfs-$SUITE-$arch" $rootfs || return 1
+ return 0
+}
+
+install_debian()
+{
+ cache="/var/cache/lxc/debian"
+ rootfs=$1
+ mkdir -p /var/lock/subsys/
+ (
+ flock -n -x 200
+ if [ $? -ne 0 ]; then
+ echo "Cache repository is busy."
+ return 1
+ fi
+
+ arch=$(arch)
+ if [ "$arch" == "x86_64" ]; then
+ arch=amd64
+ fi
+
+ if [ "$arch" == "i686" ]; then
+ arch=i386
+ fi
+
+ echo "Checking cache download in $cache/rootfs-$SUITE-$arch ... "
+ if [ ! -e "$cache/rootfs-$SUITE-$arch" ]; then
+ download_debian $cache $arch
+ if [ $? -ne 0 ]; then
+ echo "Failed to download 'debian base'"
+ return 1
+ fi
+ fi
+
+ copy_debian $cache $arch $rootfs
+ if [ $? -ne 0 ]; then
+ echo "Failed to copy rootfs"
+ return 1
+ fi
+
+ return 0
+
+ ) 200>/var/lock/subsys/lxc
+
+ return $?
+}
+
+gen_mac()
+{
+ dd if=/dev/urandom bs=1 count=3 2>/dev/null | od -tx1 | head -1 | cut -d' ' -f2- | awk '{ print "00:16:3e:"$1":"$2":"$3 }'
+}
+
+copy_configuration()
+{
+ path=$1
+ rootfs=$2
+ name=$3
+ macdir=$4
+
+ if [ ! -e "$macdir/$name" ]
+ then
+ gen_mac > $macdir/$name
+ fi
+ macaddr=`cat $macdir/$name`
+
+ cat <<EOF >> $path/config
+lxc.network.hwaddr = $macaddr
+lxc.tty = 4
+lxc.pts = 1024
+lxc.rootfs = $rootfs
+lxc.cgroup.devices.deny = a
+# /dev/null and zero
+lxc.cgroup.devices.allow = c 1:3 rwm
+lxc.cgroup.devices.allow = c 1:5 rwm
+# consoles
+lxc.cgroup.devices.allow = c 5:1 rwm
+lxc.cgroup.devices.allow = c 5:0 rwm
+lxc.cgroup.devices.allow = c 4:0 rwm
+lxc.cgroup.devices.allow = c 4:1 rwm
+# /dev/{,u}random
+lxc.cgroup.devices.allow = c 1:9 rwm
+lxc.cgroup.devices.allow = c 1:8 rwm
+lxc.cgroup.devices.allow = c 136:* rwm
+lxc.cgroup.devices.allow = c 5:2 rwm
+# rtc
+lxc.cgroup.devices.allow = c 254:0 rwm
+
+# mounts point
+lxc.mount.entry=proc $rootfs/proc proc nodev,noexec,nosuid 0 0
+lxc.mount.entry=devpts $rootfs/dev/pts devpts defaults 0 0
+lxc.mount.entry=sysfs $rootfs/sys sysfs defaults 0 0
+EOF
+
+ if [ $? -ne 0 ]; then
+ echo "Failed to add configuration"
+ return 1
+ fi
+
+ return 0
+}
+
+clean()
+{
+ cache="/var/cache/lxc/debian"
+
+ if [ ! -e $cache ]; then
+ exit 0
+ fi
+
+ # lock, so we won't purge while someone is creating a repository
+ (
+ flock -n -x 200
+ if [ $? != 0 ]; then
+ echo "Cache repository is busy."
+ exit 1
+ fi
+
+ echo -n "Purging the download cache..."
+ rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1
+ exit 0
+
+ ) 200>/var/lock/subsys/lxc
+}
+
+usage()
+{
+ cat <<EOF
+$1 -h|--help -p|--path=<path> --clean
+EOF
+ return 0
+}
+
+options=$(getopt -o hp:n:c -l help,path:,name:,clean -- "$@")
+if [ $? -ne 0 ]; then
+ usage $(basename $0)
+ exit 1
+fi
+eval set -- "$options"
+
+while true
+do
+ case "$1" in
+ -h|--help) usage $0 && exit 0;;
+ -p|--path) path=$2; shift 2;;
+ -n|--name) name=$2; shift 2;;
+ -c|--clean) clean=$2; shift 2;;
+ --) shift 1; break ;;
+ *) break ;;
+ esac
+done
+
+if [ ! -z "$clean" -a -z "$path" ]; then
+ clean || exit 1
+ exit 0
+fi
+
+type debootstrap
+if [ $? -ne 0 ]; then
+ echo "'debootstrap' command is missing"
+ exit 1
+fi
+
+if [ -z "$path" ]; then
+ echo "'path' parameter is required"
+ exit 1
+fi
+
+if [ "$(id -u)" != "0" ]; then
+ echo "This script should be run as 'root'"
+ exit 1
+fi
+
+rootfs=$path/rootfs
+oldhostkeydir=/var/lib/lxc/ssh
+hostkeydir=/var/cache/lxc/ssh
+macdir=/var/cache/lxc/mac
+if [ -e $oldhostkeydir ]
+then
+ if [ ! -e $hostkeydir ]
+ then
+ mv $oldhostkeydir $hostkeydir
+ fi
+fi
+if [ ! -e $hostkeydir ]
+then
+ mkdir -p $hostkeydir
+fi
+if [ ! -e $macdir ]
+then
+ mkdir -p $macdir
+fi
+
+install_debian $rootfs
+if [ $? -ne 0 ]; then
+ echo "failed to install debian"
+ exit 1
+fi
+
+configure_debian $rootfs $name
+if [ $? -ne 0 ]; then
+ echo "failed to configure debian for a container"
+ exit 1
+fi
+
+copy_configuration $path $rootfs $name $macdir
+if [ $? -ne 0 ]; then
+ echo "failed write configuration file"
+ exit 1
+fi
+
+configure_pubkey $path $rootfs
+if [ $? -ne 0 ]; then
+ echo "failed to configure pubkey"
+ exit 1
+fi
+
+configure_hostkeydir $rootfs $hostkeydir $name
+if [ $? -ne 0 ]; then
+ echo "failed to configure hostkeydir"
+ exit 1
+fi
+
+if [ ! -z $clean ]; then
+ clean || exit 1
+ exit 0
+fi