4
# template script for generating fedora container for LXC
8
# lxc: linux Container library
11
# Daniel Lezcano <daniel.lezcano@free.fr>
12
# Ramez Hanna <rhanna@informatiq.org>
14
# This library is free software; you can redistribute it and/or
15
# modify it under the terms of the GNU Lesser General Public
16
# License as published by the Free Software Foundation; either
17
# version 2.1 of the License, or (at your option) any later version.
19
# This library is distributed in the hope that it will be useful,
20
# but WITHOUT ANY WARRANTY; without even the implied warranty of
21
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22
# Lesser General Public License for more details.
24
# You should have received a copy of the GNU Lesser General Public
25
# License along with this library; if not, write to the Free Software
26
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
30
cache_base=/var/cache/lxc/fedora/$arch
31
default_path=/var/lib/lxc
35
[ -f /etc/fedora-release ] && is_fedora=true
37
if [ "$arch" = "i686" ]; then
44
# disable selinux in fedora
45
mkdir -p $rootfs_path/selinux
46
echo 0 > $rootfs_path/selinux/enforce
48
# configure the network using the dhcp
49
cat <<EOF > ${rootfs_path}/etc/sysconfig/network-scripts/ifcfg-eth0
60
cat <<EOF > ${rootfs_path}/etc/sysconfig/network
66
cat <<EOF > $rootfs_path/etc/hosts
67
127.0.0.1 localhost $name
70
sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.sysinit
71
sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.d/rc.sysinit
72
# don't mount devpts, for pete's sake
73
sed -i 's/^.*dev.pts.*$/#\0/' ${rootfs_path}/etc/rc.sysinit
74
sed -i 's/^.*dev.pts.*$/#\0/' ${rootfs_path}/etc/rc.d/rc.sysinit
76
chroot ${rootfs_path} chkconfig udev-post off
77
chroot ${rootfs_path} chkconfig network on
79
dev_path="${rootfs_path}/dev"
82
mknod -m 666 ${dev_path}/null c 1 3
83
mknod -m 666 ${dev_path}/zero c 1 5
84
mknod -m 666 ${dev_path}/random c 1 8
85
mknod -m 666 ${dev_path}/urandom c 1 9
86
mkdir -m 755 ${dev_path}/pts
87
mkdir -m 1777 ${dev_path}/shm
88
mknod -m 666 ${dev_path}/tty c 5 0
89
mknod -m 666 ${dev_path}/tty0 c 4 0
90
mknod -m 666 ${dev_path}/tty1 c 4 1
91
mknod -m 666 ${dev_path}/tty2 c 4 2
92
mknod -m 666 ${dev_path}/tty3 c 4 3
93
mknod -m 666 ${dev_path}/tty4 c 4 4
94
mknod -m 600 ${dev_path}/console c 5 1
95
mknod -m 666 ${dev_path}/full c 1 7
96
mknod -m 600 ${dev_path}/initctl p
97
mknod -m 666 ${dev_path}/ptmx c 5 2
99
echo "setting root passwd to $root_password"
100
echo "root:$root_password" | chroot $rootfs_path chpasswd
102
# specifying this in the initial packages doesn't always work.
103
echo "installing fedora-release package"
104
chroot ${rootfs_path} yum --releasever=${release} -y install fedora-release
106
# silence some needless startup errors
107
touch ${rootfs_path}/etc/fstab
109
# give us a console on /dev/console
110
sed -i 's/ACTIVE_CONSOLES=.*$/ACTIVE_CONSOLES="\/dev\/console \/dev\/tty[1-4]"/' \
111
${rootfs_path}/etc/sysconfig/init
119
# check the mini fedora was not already downloaded
120
INSTALL_ROOT=$cache/partial
121
mkdir -p $INSTALL_ROOT
122
if [ $? -ne 0 ]; then
123
echo "Failed to create '$INSTALL_ROOT' directory"
127
# download a mini fedora into a cache
128
echo "Downloading fedora minimal ..."
129
YUM="yum --installroot $INSTALL_ROOT -y --nogpgcheck"
130
PKG_LIST="yum initscripts passwd rsyslog vim-minimal dhclient chkconfig rootfiles policycoreutils fedora-release"
131
MIRRORLIST_URL="http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$release&arch=$arch"
134
for trynumber in 1 2 3; do
135
[ $trynumber != 1 ] && echo "Trying again..."
136
MIRROR_URL=$(curl -s -S -f "$MIRRORLIST_URL" | head -n2 | tail -n1)
137
if [ $? -ne 0 ] || [ -z "$MIRROR_URL" ]; then
138
echo "Failed to get a mirror"
141
RELEASE_URL="$MIRROR_URL/Packages/fedora-release-$release-1.noarch.rpm"
142
echo "Fetching from $RELEASE_URL"
143
curl -f "$RELEASE_URL" > $INSTALL_ROOT/fedora-release-$release.noarch.rpm
144
if [ $? -ne 0 ]; then
145
echo "Failed to download fedora release rpm"
151
if [ $DOWNLOAD_OK != yes ]; then
156
mkdir -p $INSTALL_ROOT/var/lib/rpm
157
rpm --root $INSTALL_ROOT --initdb
158
rpm --root $INSTALL_ROOT -ivh $INSTALL_ROOT/fedora-release-$release.noarch.rpm
159
$YUM install $PKG_LIST
161
if [ $? -ne 0 ]; then
162
echo "Failed to download the rootfs, aborting."
166
mv "$INSTALL_ROOT" "$cache/rootfs"
167
echo "Download complete."
175
# make a local copy of the minifedora
176
echo -n "Copying rootfs to $rootfs_path ..."
177
#cp -a $cache/rootfs-$arch $rootfs_path || return 1
178
# i prefer rsync (no reason really)
179
mkdir -p $rootfs_path
180
rsync -a $cache/rootfs/ $rootfs_path/
186
chroot $cache/rootfs yum -y update
191
mkdir -p /var/lock/subsys/
194
if [ $? -ne 0 ]; then
195
echo "Cache repository is busy."
199
echo "Checking cache download in $cache/rootfs ... "
200
if [ ! -e "$cache/rootfs" ]; then
202
if [ $? -ne 0 ]; then
203
echo "Failed to download 'fedora base'"
207
echo "Cache found. Updating..."
209
if [ $? -ne 0 ]; then
210
echo "Failed to update 'fedora base', continuing with last known good cache"
212
echo "Update finished"
216
echo "Copy $cache/rootfs to $rootfs_path ... "
218
if [ $? -ne 0 ]; then
219
echo "Failed to copy rootfs"
225
) 200>/var/lock/subsys/lxc
233
mkdir -p $config_path
234
cat <<EOF >> $config_path/config
238
lxc.rootfs = $rootfs_path
239
lxc.mount = $config_path/fstab
241
lxc.cgroup.devices.deny = a
243
lxc.cgroup.devices.allow = c 1:3 rwm
244
lxc.cgroup.devices.allow = c 1:5 rwm
246
lxc.cgroup.devices.allow = c 5:1 rwm
247
lxc.cgroup.devices.allow = c 5:0 rwm
248
lxc.cgroup.devices.allow = c 4:0 rwm
249
lxc.cgroup.devices.allow = c 4:1 rwm
251
lxc.cgroup.devices.allow = c 1:9 rwm
252
lxc.cgroup.devices.allow = c 1:8 rwm
253
lxc.cgroup.devices.allow = c 136:* rwm
254
lxc.cgroup.devices.allow = c 5:2 rwm
256
lxc.cgroup.devices.allow = c 254:0 rwm
259
cat <<EOF > $config_path/fstab
260
proc $rootfs_path/proc proc nodev,noexec,nosuid 0 0
261
sysfs $rootfs_path/sys sysfs defaults 0 0
263
if [ $? -ne 0 ]; then
264
echo "Failed to add configuration"
274
if [ ! -e $cache ]; then
278
# lock, so we won't purge while someone is creating a repository
282
echo "Cache repository is busy."
286
echo -n "Purging the download cache for Fedora-$release..."
287
rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1
290
) 200>/var/lock/subsys/lxc
297
$1 -n|--name=<container_name>
298
[-p|--path=<path>] [-c|--clean] [-R|--release=<Fedora_release>] [-A|--arch=<arch of the container>]
301
-n,--name container name, used to as an identifier for that container from now on
303
-p,--path path to where the container rootfs will be created, defaults to /var/lib/lxc. The container config will go under /var/lib/lxc in that case
304
-c,--clean clean the cache
305
-R,--release Fedora release for the new container. if the host is Fedora, then it will defaultto the host's release.
306
-A,--arch NOT USED YET. Define what arch the container will be [i686,x86_64]
307
-h,--help print this help
312
options=$(getopt -o hp:n:cR: -l help,path:,name:,clean,release: -- "$@")
313
if [ $? -ne 0 ]; then
317
eval set -- "$options"
322
-h|--help) usage $0 && exit 0;;
323
-p|--path) path=$2; shift 2;;
324
-n|--name) name=$2; shift 2;;
325
-c|--clean) clean=$2; shift 2;;
326
-R|--release) release=$2; shift 2;;
327
--) shift 1; break ;;
332
if [ ! -z "$clean" -a -z "$path" ]; then
338
type yum >/dev/null 2>&1
339
if [ $? -ne 0 ]; then
340
needed_pkgs="yum $needed_pkgs"
343
type curl >/dev/null 2>&1
344
if [ $? -ne 0 ]; then
345
needed_pkgs="curl $needed_pkgs"
348
if [ -n "$needed_pkgs" ]; then
349
echo "Missing commands: $needed_pkgs"
350
echo "Please install these using \"sudo apt-get install $needed_pkgs\""
354
if [ -z "$path" ]; then
358
if [ -z "$release" ]; then
359
if [ "$is_fedora" ]; then
360
release=$(cat /etc/fedora-release |awk '/^Fedora/ {print $3}')
362
echo "This is not a fedora host and release missing, defaulting to 14. use -R|--release to specify release"
367
if [ "$(id -u)" != "0" ]; then
368
echo "This script should be run as 'root'"
373
rootfs_path=$path/rootfs
374
config_path=$default_path/$name
375
cache=$cache_base/$release
379
echo "Interrupted, so cleaning up"
381
# maybe was interrupted before copy config
383
rm -rf $default_path/$name
388
trap revert SIGHUP SIGINT SIGTERM
391
if [ $? -ne 0 ]; then
392
echo "failed write configuration file"
397
if [ $? -ne 0 ]; then
398
echo "failed to install fedora"
403
if [ $? -ne 0 ]; then
404
echo "failed to configure fedora for a container"
409
if [ ! -z $clean ]; then
413
echo "container rootfs and config created"