41
42
nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l`
42
43
if [ $nics -eq 1 ]; then
43
44
grep -q "^lxc.network.hwaddr" $path/config || cat <<EOF >> $path/config
44
lxc.network.hwaddr= 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')
45
lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')
49
grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config
48
50
cat <<EOF >> $path/config
49
51
lxc.utsname = $name
54
lxc.mount = $path/fstab
55
lxc.mount = $path/fstab
56
57
lxc.cap.drop = sys_module mac_admin
58
lxc.pivotdir = lxc_putold
60
# When using LXC with apparmor, uncomment the next line to run unconfined:
61
#lxc.aa_profile = unconfined
58
63
lxc.cgroup.devices.deny = a
59
64
# Allow any mknod (but not using the node)
89
94
cat <<EOF > $path/fstab
90
proc $rootfs/proc proc nodev,noexec,nosuid 0 0
91
sysfs $rootfs/sys sysfs defaults 0 0
95
proc proc proc nodev,noexec,nosuid 0 0
96
sysfs sys sysfs defaults 0 0
99
# rmdir /dev/shm for containers that have /run/shm
100
# I'm afraid of doing rm -rf $rootfs/dev/shm, in case it did
101
# get bind mounted to the host's /run/shm. So try to rmdir
102
# it, and in case that fails move it out of the way.
103
if [ ! -L $rootfs/dev/shm ] && [ -d $rootfs/run/shm ] && [ -e $rootfs/dev/shm ]; then
104
mv $rootfs/dev/shm $rootfs/dev/shm.bak
105
ln -s /run/shm $rootfs/dev/shm
104
118
[ -a | --arch ]: Arhcitecture of container, defaults to host arcitecture
105
119
[ -C | --cloud ]: Configure container for use with meta-data service, defaults to no
106
120
[ -T | --tarball ]: Location of tarball
121
[ -d | --debug ]: Run with 'set -x' to debug errors
122
[ -s | --stream]: Use specified stream rather than 'released'
108
124
Options, mutually exclusive of "-C" and "--cloud":
109
125
[ -i | --hostid ]: HostID for cloud-init, defaults to random string
110
126
[ -u | --userdata ]: Cloud-init user-data file to configure container on start
111
[ -S | --auth_key ]: SSH Public key file to inject into container
127
[ -S | --auth-key ]: SSH Public key file to inject into container
112
128
[ -L | --nolocales ]: Do not copy host's locales into container
118
options=$(getopt -o a:hp:r:n:Fi:CLS:T: -l arch:,help,path:,release:,name:,flush-cache,hostid:,auth-key:,cloud,no_locales,tarball: -- "$@")
134
options=$(getopt -o a:hp:r:n:Fi:CLS:T:ds:u: -l arch:,help,path:,release:,name:,flush-cache,hostid:,auth-key:,cloud,no_locales,tarball:,debug,stream:,userdata: -- "$@")
119
135
if [ $? -ne 0 ]; then
120
136
usage $(basename $0)
166
188
-i|--hostid) host_id=$2; shift 2;;
167
189
-u|--userdata) userdata=$2; shift 2;;
168
190
-C|--cloud) cloud=1; shift 1;;
169
-S|--auth_key) auth_key=$2; shift 2;;
170
-L|--no_locales) locales=0; shift 2;;
191
-S|--auth-key) auth_key=$2; shift 2;;
192
-L|--no_locales) locales=0; shift 1;;
171
193
-T|--tarball) tarball=$2; shift 2;;
194
-d|--debug) debug=1; shift 1;;
195
-s|--stream) stream=$2; shift 2;;
172
196
--) shift 1; break ;;
201
if [ $debug -eq 1 ]; then
177
205
if [ "$arch" == "i686" ]; then
219
if [ "$stream" != "daily" -a "$stream" != "released" ]; then
220
echo "Only 'daily' and 'released' streams are supported"
224
if [ -n "$userdata" ]; then
225
if [ ! -f "$userdata" ]; then
226
echo "Userdata ($userdata) does not exist"
229
userdata=`readlink -f $userdata`
233
if [ -n "$auth_key" ]; then
234
if [ ! -f "$auth_key" ]; then
235
echo "--auth-key=${auth_key} must reference a file"
238
auth_key=$(readlink -f "${auth_key}") ||
239
{ echo "failed to get full path for auth_key"; exit 1; }
191
242
if [ -z "$path" ]; then
192
243
echo "'path' parameter is required"
253
config="$path/config"
254
if grep -q '^lxc.rootfs' $config 2>/dev/null ; then
255
rootfs=`grep 'lxc.rootfs =' $config | awk -F= '{ print $2 }'`
203
260
type ubuntu-cloudimg-query
206
263
# determine the url, tarball, and directory names
207
264
# download if needed
208
cache="/var/cache/lxc/cloud-$release"
265
cache="@LOCALSTATEDIR@/cache/lxc/cloud-$release"
212
269
if [ -n "$tarball" ]; then
215
url1=`ubuntu-cloudimg-query precise daily $arch --format "%{url}\n"`
216
url2=`echo $url1 | sed -e 's/.tar.gz/-root\0/'`
272
url1=`ubuntu-cloudimg-query $release $stream $arch --format "%{url}\n"`
273
url2=`echo $url1 | sed -e 's/.tar.gz/-root\0/'`
219
276
filename=`basename $url2`
221
mkdir -p /var/lock/subsys/
286
umount -l $cache/$xdir || true
290
# if the release doesn't have a *-rootfs.tar.gz, then create one from the
291
# cloudimg.tar.gz by extracting the .img, mounting it loopback, and creating
292
# a tarball from the mounted image.
298
xdir=`mktemp -d -p .`
299
tarname=`basename $url`
300
imgname="$release-*-cloudimg-$arch.img"
301
trap buildcleanup EXIT SIGHUP SIGINT SIGTERM
302
if [ $flushcache -eq 1 -o ! -f $cache/$tarname ]; then
304
echo "Downloading cloud image from $url"
305
wget $url || { echo "Couldn't find cloud image $url."; exit 1; }
307
echo "Creating new cached cloud image rootfs"
308
tar --wildcards -zxf $tarname $imgname
309
mount -o loop $imgname $xdir
310
(cd $xdir; tar zcf ../$filename .)
312
rm -f $tarname $imgname
314
echo "New cloud image cache created"
321
mkdir -p @LOCALSTATEDIR@/lock/subsys/
226
326
if [ $flushcache -eq 1 ]; then
331
trap wgetcleanup EXIT SIGHUP SIGINT SIGTERM
231
332
if [ ! -f $filename ]; then
333
wget $url2 || build_root_tgz $url1 $filename
235
echo "Extracting rootfs"
340
echo "Extracting container rootfs"
238
343
tar -zxf $cache/$filename
241
346
if [ $cloud -eq 0 ]; then
242
echo "Configuring for running outside of a cloud environment"
243
echo "If you want to configure for a cloud evironment, please use '-- -C' to create the container"
245
seed_d=$rootfs/var/lib/cloud/seed/nocloud-net
246
rhostid=$(uuidgen | cut -c -8)
247
host_id=${hostid:-$rhostid}
250
cat > "$seed_d/meta-data" <<EOF
251
instance_id: lxc-$host_id
347
echo "Configuring for running outside of a cloud environment"
348
echo "If you want to configure for a cloud evironment, please use '-- -C' to create the container"
350
seed_d=$rootfs/var/lib/cloud/seed/nocloud-net
351
rhostid=$(uuidgen | cut -c -8)
352
host_id=${hostid:-$rhostid}
355
cat > "$seed_d/meta-data" <<EOF
356
instance-id: lxc-$host_id
254
rm $rootfs/etc/hostname
256
if [ $locales -eq 1 ]; then
257
cp /usr/lib/locale/locale-archive $rootfs/usr/lib/locale/locale-archive
261
if [ -n "$auth_key" -a -f "$auth_key" ]; then
262
u_path="/home/ubuntu/.ssh"
263
root_u_path="$rootfs/$u_path"
264
mkdir -p $root_u_path
265
cp $auth_key "$root_u_path/authorized_keys"
266
chroot $rootfs chown -R ubuntu: "$u_path"
268
echo "Inserted SSH public key from $auth_key into /home/ubuntu/.ssh/authorized_keys"
271
if [ ! -f $userdata ]; then
272
cp $userdata $data_d/user-data
275
if [ -z "$MIRROR" ]; then
276
MIRROR="http://archive.ubuntu.com/ubuntu"
279
cat > "$seed_d/user-data" <<EOF
358
if [ -n "$auth_key" ]; then
360
echo "public-keys:" &&
361
sed -e '/^$/d' -e 's,^,- ,' "$auth_key" "$auth_key"
362
} >> "$seed_d/meta-data"
364
{ echo "failed to write public keys to metadata"; exit 1; }
367
rm $rootfs/etc/hostname
369
if [ $locales -eq 1 ]; then
370
cp /usr/lib/locale/locale-archive $rootfs/usr/lib/locale/locale-archive
373
if [ -f "$userdata" ]; then
374
echo "Using custom user-data"
375
cp $userdata $seed_d/user-data
378
if [ -z "$MIRROR" ]; then
379
MIRROR="http://archive.ubuntu.com/ubuntu"
382
cat > "$seed_d/user-data" <<EOF
281
384
output: {all: '| tee -a /var/log/cloud-init-output.log'}
283
386
manage_etc_hosts: localhost
284
387
locale: $(/usr/bin/locale | awk -F= '/LANG=/ {print$NF}')
389
chpasswd: { expire: False }
289
chroot $rootfs /usr/sbin/usermod -U ubuntu
290
echo "Please login as user ubuntu with password ubuntu."
294
echo "Configured for running in a cloud environment."
295
echo "If you do not have a meta-data service, this container will likely be useless."
299
) 200>/var/lock/subsys/lxc-ubucloud
301
copy_configuration $path $rootfs $name $arch
394
echo "Configured for running in a cloud environment."
395
echo "If you do not have a meta-data service, this container will likely be useless."
398
) 200>@LOCALSTATEDIR@/lock/subsys/lxc-ubuntu-cloud
400
copy_configuration $path $rootfs $name $arch $release
303
402
echo "Container $name created."