~ubuntu-branches/ubuntu/precise/lxc/precise

Viewing changes to .pc/0070-templates-rmdir-dev-shm/templates/lxc-ubuntu-cloud.in

Committer: Package Import Robot
Author(s): Serge Hallyn
Date: 2012-04-12 09:54:22 UTC
Revision ID: package-import@ubuntu.com-20120412095422-lzg0tj2ktp5669zs

Tags: 0.7.5-3ubuntu51

0070-templates-rmdir-dev-shm: in precise containers, rmdir $rootfs/dev/shm
and and create it as a symbolic link to /run/shm. (LP: #974584)

files added:
.pc/0070-templates-rmdir-dev-shm

.pc/0070-templates-rmdir-dev-shm/templates

.pc/0070-templates-rmdir-dev-shm/templates/lxc-ubuntu-cloud.in

.pc/0070-templates-rmdir-dev-shm/templates/lxc-ubuntu.in

debian/patches/0070-templates-rmdir-dev-shm

files modified:
.pc/applied-patches

debian/changelog

debian/patches/series

templates/lxc-ubuntu-cloud.in

templates/lxc-ubuntu.in

Show diffs side-by-side

added added

removed removed

.pc/0070-templates-rmdir-dev-shm/templates/lxc-ubuntu-cloud.in

#!/bin/bash

# template script for generating ubuntu container for LXC based on released cloud

# images

# This program is free software; you can redistribute it and/or modify

# it under the terms of the GNU General Public License version 2, as

# published by the Free Software Foundation.

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

# GNU General Public License for more details.

# You should have received a copy of the GNU General Public License along

# with this program; if not, write to the Free Software Foundation, Inc.,

# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

set -e

if [ -r /etc/default/lxc ]; then

. /etc/default/lxc

copy_configuration()

{

path=$1

rootfs=$2

name=$3

arch=$4

if [ $arch = "i386" ]; then

arch="i686"

# if there is exactly one veth network entry, make sure it has an

# associated hwaddr.

nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l`

if [ $nics -eq 1 ]; then

grep -q "^lxc.network.hwaddr" $path/config || cat <<EOF >> $path/config

lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/$..$/\1:/g; s/.$//')

EOF

cat <<EOF >> $path/config

lxc.utsname = $name

lxc.tty = 4

lxc.pts = 1024

lxc.rootfs = $rootfs

lxc.mount = $path/fstab

lxc.arch = $arch

lxc.cap.drop = sys_module mac_admin

# uncomment the next line to run the container unconfined:

#lxc.aa_profile = unconfined

lxc.cgroup.devices.deny = a

# Allow any mknod (but not using the node)

lxc.cgroup.devices.allow = c *:* m

lxc.cgroup.devices.allow = b *:* m

# /dev/null and zero

lxc.cgroup.devices.allow = c 1:3 rwm

lxc.cgroup.devices.allow = c 1:5 rwm

# consoles

lxc.cgroup.devices.allow = c 5:1 rwm

lxc.cgroup.devices.allow = c 5:0 rwm

#lxc.cgroup.devices.allow = c 4:0 rwm

#lxc.cgroup.devices.allow = c 4:1 rwm

# /dev/{,u}random

lxc.cgroup.devices.allow = c 1:9 rwm

lxc.cgroup.devices.allow = c 1:8 rwm

lxc.cgroup.devices.allow = c 136:* rwm

lxc.cgroup.devices.allow = c 5:2 rwm

# rtc

lxc.cgroup.devices.allow = c 254:0 rwm

#fuse

lxc.cgroup.devices.allow = c 10:229 rwm

#tun

lxc.cgroup.devices.allow = c 10:200 rwm

#full

lxc.cgroup.devices.allow = c 1:7 rwm

#hpet

lxc.cgroup.devices.allow = c 10:228 rwm

#kvm

lxc.cgroup.devices.allow = c 10:232 rwm

EOF

cat <<EOF > $path/fstab

proc proc proc nodev,noexec,nosuid 0 0

sysfs sys sysfs defaults 0 0

EOF

return 0

}

usage()

100

{

101

cat <<EOF

102

LXC Container configuration for Ubuntu Cloud images.

103

104

Generic Options

105

[ -r | --release <release> ]: Release name of container, defaults to host

106

[ -a | --arch ]: Arhcitecture of container, defaults to host arcitecture

107

[ -C | --cloud ]: Configure container for use with meta-data service, defaults to no

108

[ -T | --tarball ]: Location of tarball

109

[ -d | --debug ]: Run with 'set -x' to debug errors

110

[ -s | --stream]: Use specified stream rather than 'released'

111

112

Options, mutually exclusive of "-C" and "--cloud":

113

[ -i | --hostid ]: HostID for cloud-init, defaults to random string

114

[ -u | --userdata ]: Cloud-init user-data file to configure container on start

115

[ -S | --auth-key ]: SSH Public key file to inject into container

116

[ -L | --nolocales ]: Do not copy host's locales into container

117

118

EOF

119

return 0

120

}

121

122

options=$(getopt -o a:hp:r:n:Fi:CLS:T:ds: -l arch:,help,path:,release:,name:,flush-cache,hostid:,auth-key:,cloud,no_locales,tarball:,debug,stream:,userdata: -- "$@")

123

if [ $? -ne 0 ]; then

124

usage $(basename $0)

125

exit 1

126

127

eval set -- "$options"

128

129

release=lucid

130

if [ -f /etc/lsb-release ]; then

131

. /etc/lsb-release

132

case "$DISTRIB_CODENAME" in

133

lucid|maverick|natty|oneiric|precise)

134

release=$DISTRIB_CODENAME

135

;;

136

esac

137

138

139

arch=$(arch)

140

141

# Code taken from debootstrap

142

if [ -x /usr/bin/dpkg ] && /usr/bin/dpkg --print-architecture >/dev/null 2>&1; then

143

arch=`/usr/bin/dpkg --print-architecture`

144

elif type udpkg >/dev/null 2>&1 && udpkg --print-architecture >/dev/null 2>&1; then

145

arch=`/usr/bin/udpkg --print-architecture`

146

else

147

arch=$(arch)

148

if [ "$arch" = "i686" ]; then

149

arch="i386"

150

elif [ "$arch" = "x86_64" ]; then

151

arch="amd64"

152

elif [ "$arch" = "armv7l" ]; then

153

# note: arm images don't exist before oneiric; are called armhf in

154

# precise; and are not supported by the query, so we don't actually

155

# support them yet (see check later on). When Query2 is available,

156

# we'll use that to enable arm images.

157

arch="armel"

158

159

160

161

debug=0

162

hostarch=$arch

163

cloud=0

164

locales=1

165

flushcache=0

166

stream="released"

167

while true

168

169

case "$1" in

170

-h|--help) usage $0 && exit 0;;

171

-p|--path) path=$2; shift 2;;

172

-n|--name) name=$2; shift 2;;

173

-F|--flush-cache) flushcache=1; shift 1;;

174

-r|--release) release=$2; shift 2;;

175

-a|--arch) arch=$2; shift 2;;

176

-i|--hostid) host_id=$2; shift 2;;

177

-u|--userdata) userdata=$2; shift 2;;

178

-C|--cloud) cloud=1; shift 1;;

179

-S|--auth-key) auth_key=$2; shift 2;;

180

-L|--no_locales) locales=0; shift 2;;

181

-T|--tarball) tarball=$2; shift 2;;

182

-d|--debug) debug=1; shift 1;;

183

-s|--stream) stream=$2; shift 2;;

184

--) shift 1; break ;;

185

*) break ;;

186

esac

187

done

188

189

if [ $debug -eq 1 ]; then

190

set -x

191

192

193

if [ "$arch" == "i686" ]; then

194

arch=i386

195

196

197

if [ $hostarch = "i386" -a $arch = "amd64" ]; then

198

echo "can't create amd64 container on i386"

199

exit 1

200

201

202

if [ $arch != "i386" -a $arch != "amd64" ]; then

203

echo "Only i386 and amd64 are supported by the ubuntu cloud template."

204

exit 1

205

206

207

if [ "$stream" != "daily" -a "$stream" != "released" ]; then

208

echo "Only 'daily' and 'released' streams are supported"

209

exit 1

210

211

212

if [ -n "$userdata" -a ! -f "$userdata" ]; then

213

echo "Userdata does not exist"

214

exit 1

215

216

217

if [ -z "$path" ]; then

218

echo "'path' parameter is required"

219

exit 1

220

221

222

if [ "$(id -u)" != "0" ]; then

223

echo "This script should be run as 'root'"

224

exit 1

225

226

227

rootfs=$path/rootfs

228

229

type ubuntu-cloudimg-query

230

type wget

231

232

# determine the url, tarball, and directory names

233

# download if needed

234

cache="/var/cache/lxc/cloud-$release"

235

236

mkdir -p $cache

237

238

if [ -n "$tarball" ]; then

239

url2="$tarball"

240

else

241

url1=`ubuntu-cloudimg-query $release $stream $arch --format "%{url}\n"`

242

url2=`echo $url1 | sed -e 's/.tar.gz/-root\0/'`

243

244

245

filename=`basename $url2`

246

247

buildcleanup()

248

{

249

cd $rootfs

250

umount -l $cache/$xdir || true

251

rm -rf $cache

252

}

253

254

# if the release doesn't have a *-rootfs.tar.gz, then create one from the

255

# cloudimg.tar.gz by extracting the .img, mounting it loopback, and creating

256

# a tarball from the mounted image.

257

build_root_tgz()

258

{

259

url=$1

260

filename=$2

261

262

xdir=`mktemp -d -p .`

263

tarname=`basename $url`

264

imgname="`basename $tarname .tar.gz`.img"

265

trap buildcleanup EXIT

266

if [ $flushcache -eq 1 -o ! -f $cache/$tarname ]; then

267

rm -f $tarname

268

echo "Downloading cloud image from $url"

269

wget $url || { echo "Couldn't find cloud image $url."; exit 1; }

270

271

echo "Creating new cached cloud image rootfs"

272

tar zxf $tarname $imgname

273

mount -o loop $imgname $xdir

274

(cd $xdir; tar zcf ../$filename .)

275

umount $xdir

276

rm -f $tarname $imgname

277

rmdir $xdir

278

echo "New cloud image cache created"

279

trap EXIT

280

}

281

282

mkdir -p /var/lock/subsys/

283

(

284

flock -n -x 200

285

286

cd $cache

287

if [ $flushcache -eq 1 ]; then

288

echo "Clearing the cached images"

289

rm -f $filename

290

291

292

if [ ! -f $filename ]; then

293

wget $url2 || build_root_tgz $url1 $filename

294

295

296

echo "Extracting container rootfs"

297

mkdir -p $rootfs

298

cd $rootfs

299

tar -zxf $cache/$filename

300

301

302

if [ $cloud -eq 0 ]; then

303

echo "Configuring for running outside of a cloud environment"

304

echo "If you want to configure for a cloud evironment, please use '-- -C' to create the container"

305

306

seed_d=$rootfs/var/lib/cloud/seed/nocloud-net

307

rhostid=$(uuidgen | cut -c -8)

308

host_id=${hostid:-$rhostid}

309

mkdir -p $seed_d

310

311

cat > "$seed_d/meta-data" <<EOF

312

instance_id: lxc-$host_id

313

EOF

314

315

rm $rootfs/etc/hostname

316

317

if [ $locales -eq 1 ]; then

318

cp /usr/lib/locale/locale-archive $rootfs/usr/lib/locale/locale-archive

319

320

321

322

if [ -n "$auth_key" -a -f "$auth_key" ]; then

323

u_path="/home/ubuntu/.ssh"

324

root_u_path="$rootfs/$u_path"

325

mkdir -p $root_u_path

326

cp $auth_key "$root_u_path/authorized_keys"

327

chroot $rootfs chown -R ubuntu: "$u_path"

328

329

echo "Inserted SSH public key from $auth_key into /home/ubuntu/.ssh/authorized_keys"

330

331

332

if [ -f "$userdata" ]; then

333

echo "Using custom user-data"

334

cp $userdata $seed_d/user-data

335

else

336

337

if [ -z "$MIRROR" ]; then

338

MIRROR="http://archive.ubuntu.com/ubuntu"

339

340

341

cat > "$seed_d/user-data" <<EOF

342

#cloud-config

343

output: {all: '| tee -a /var/log/cloud-init-output.log'}

344

apt-mirror: $MIRROR

345

manage_etc_hosts: localhost

346

locale: $(/usr/bin/locale | awk -F= '/LANG=/ {print$NF}')

347

EOF

348

349

350

chroot $rootfs /usr/sbin/usermod -U ubuntu

351

echo "ubuntu:ubuntu" | chroot $rootfs chpasswd

352

echo "Please login as user ubuntu with password ubuntu."

353

354

else

355

356

echo "Configured for running in a cloud environment."

357

echo "If you do not have a meta-data service, this container will likely be useless."

358

359

360

361

) 200>/var/lock/subsys/lxc-ubucloud

362

363

copy_configuration $path $rootfs $name $arch

364

365

echo "Container $name created."

366

exit 0

Older »