~ubuntu-branches/ubuntu/quantal/lxc/quantal-201206011617

Viewing changes to templates/lxc-ubuntu.in

Committer: Package Import Robot
Author(s): Stéphane Graber
Date: 2012-05-18 19:05:44 UTC
Revision ID: package-import@ubuntu.com-20120518190544-d2ejphrownapveg1

Tags: 0.8.0~rc1-4ubuntu8

* Update lxc-ubuntu:
  - Update list of extra packages for debootstrap to only include vim
    and ssh. The others were only relevant when we were still using the
    minbase variant. (LP: #996839)
  - Drop any hardcoded Ubuntu version check and replace by feature
    checks instead.
  - Format lxc-ubuntu to consistently use 4-spaces indent instead of
    mixed spaces/tabs.
  - Update default /etc/network/interfaces to include the header.
  - Update default /etc/hosts to match that of a regular Ubuntu system.
  - Drop support for end-of-life releases (gutsy on sparc).
  - Make sure /etc/resolv.conf is valid before running any apt command.
  - Update template help message for release and arch parameters.
  - Switch default Ubuntu version from lucid to precise.
* Update lxc-start-ephemeral:
  - Remove lxc-ip and replace it by a call to "ip netns" until we have
    an extended lxc-attach we can use for that.
  - Fix a race in lxc-start-ephemeral where the container isn't yet
    running when trying to get its IPs.
  - Update a few calls so that lxc-start-ephemeral can be called as a
    user (ensure consistent usage of sudo across the script).
* Add new lxc-default-with-nesting apparmor profile, allowing nested
  containers.

files added:
.pc/0083-ubuntu-simplify-template

.pc/0083-ubuntu-simplify-template/templates

.pc/0083-ubuntu-simplify-template/templates/lxc-ubuntu.in

debian/lxc-default-with-nesting.apparmor

debian/patches/0083-ubuntu-simplify-template

files removed:
debian/local/lxc-ip

files modified:
.pc/applied-patches

debian/changelog

debian/local/lxc-start-ephemeral

debian/lxc.postrm

debian/patches/series

debian/rules

templates/lxc-ubuntu.in

Show diffs side-by-side

added added

removed removed

templates/lxc-ubuntu.in

# configure the network using the dhcp

cat <<EOF > $rootfs/etc/network/interfaces

# This file describes the network interfaces available on your system

# and how to activate them. For more information, see interfaces(5).

# The loopback network interface

auto lo

iface lo inet loopback

EOF

# set minimal hosts

cat <<EOF > $rootfs/etc/hosts

127.0.0.1 localhost $hostname

127.0.0.1 localhost

127.0.1.1 $hostname

# The following lines are desirable for IPv6 capable hosts

::1 ip6-localhost ip6-loopback

fe00::0 ip6-localnet

ff00::0 ip6-mcastprefix

ff02::1 ip6-allnodes

ff02::2 ip6-allrouters

EOF

if [ "$release" != "precise" ] && [ "$release" != "quantal" ]; then

if [ ! -f $rootfs/etc/init/container-detect.conf ]; then

# suppress log level output for udev

sed -i "s/=\"err\"/=0/" $rootfs/etc/udev/udev.conf

{

user=$1

if [ "$release" = "precise" ] || [ "$release" = "quantal" ]; then

sudo_version=$(chroot $rootfs dpkg-query -W -f='${Version}' sudo)

if chroot $rootfs dpkg --compare-versions $sudo_version gt "1.8.3p1-1"; then

groups="sudo"

else

groups="sudo admin"

104

done

105

106

if [ -n "$auth_key" -a -f "$auth_key" ]; then

u_path="/home/${user}/.ssh"

root_u_path="$rootfs/$u_path"

mkdir -p $root_u_path

cp $auth_key "$root_u_path/authorized_keys"

chroot $rootfs chown -R ${user}: "$u_path"

echo "Inserted SSH public key from $auth_key into /home/${user}/.ssh/authorized_keys"

107

u_path="/home/${user}/.ssh"

108

root_u_path="$rootfs/$u_path"

109

110

mkdir -p $root_u_path

111

cp $auth_key "$root_u_path/authorized_keys"

112

chroot $rootfs chown -R ${user}: "$u_path"

113

114

echo "Inserted SSH public key from $auth_key into /home/${user}/.ssh/authorized_keys"

100

115

101

116

return 0

102

117

}

112

127

MIRROR=${MIRROR:-http://archive.ubuntu.com/ubuntu}

113

128

SECURITY_MIRROR=${SECURITY_MIRROR:-http://security.ubuntu.com/ubuntu}

114

129

;;

115

sparc)

116

case $SUITE in

117

gutsy)

118

MIRROR=${MIRROR:-http://archive.ubuntu.com/ubuntu}

119

SECURITY_MIRROR=${SECURITY_MIRRORMIRROR:-http://security.ubuntu.com/ubuntu}

120

;;

121

122

MIRROR=${MIRROR:-http://ports.ubuntu.com/ubuntu-ports}

123

SECURITY_MIRROR=${SECURITY_MIRROR:-http://ports.ubuntu.com/ubuntu-ports}

124

;;

125

esac

126

;;

127

130

128

131

MIRROR=${MIRROR:-http://ports.ubuntu.com/ubuntu-ports}

129

132

SECURITY_MIRROR=${SECURITY_MIRROR:-http://ports.ubuntu.com/ubuntu-ports}

150

153

arch=$2

151

154

release=$3

152

155

153

if [ $release = "lucid" ]; then

154

packages=dialog,apt,apt-utils,resolvconf,iproute,inetutils-ping,vim,dhcp3-client,ssh,lsb-release,gnupg

155

elif [ $release = "natty" ]; then

156

packages=dialog,apt,apt-utils,resolvconf,iproute,inetutils-ping,vim,isc-dhcp-client,isc-dhcp-common,ssh,lsb-release,gnupg,netbase

157

else

158

packages=dialog,apt,apt-utils,iproute,inetutils-ping,vim,isc-dhcp-client,isc-dhcp-common,ssh,lsb-release,gnupg,netbase,ubuntu-keyring

159

156

packages=vim,ssh

160

157

echo "installing packages: $packages"

161

158

162

159

# check the mini ubuntu was not already downloaded

258

255

flushcache=$3

259

256

cache="/var/cache/lxc/$release"

260

257

mkdir -p /var/lock/subsys/

258

261

259

(

262

flock -n -x 200

263

if [ $? -ne 0 ]; then

264

echo "Cache repository is busy."

265

return 1

266

267

268

269

if [ $flushcache -eq 1 ]; then

270

echo "Flushing cache..."

271

rm -rf "$cache/partial-$arch"

272

rm -rf "$cache/rootfs-$arch"

273

274

275

echo "Checking cache download in $cache/rootfs-$arch ... "

276

if [ ! -e "$cache/rootfs-$arch" ]; then

277

download_ubuntu $cache $arch $release

278

if [ $? -ne 0 ]; then

279

echo "Failed to download 'ubuntu $release base'"

280

return 1

281

282

283

284

echo "Copy $cache/rootfs-$arch to $rootfs ... "

285

copy_ubuntu $cache $arch $rootfs

286

if [ $? -ne 0 ]; then

287

echo "Failed to copy rootfs"

288

return 1

289

290

291

return 0

292

293

) 200>/var/lock/subsys/lxc

260

flock -n -x 200

261

if [ $? -ne 0 ]; then

262

echo "Cache repository is busy."

263

return 1

264

265

266

267

if [ $flushcache -eq 1 ]; then

268

echo "Flushing cache..."

269

rm -rf "$cache/partial-$arch"

270

rm -rf "$cache/rootfs-$arch"

271

272

273

echo "Checking cache download in $cache/rootfs-$arch ... "

274

if [ ! -e "$cache/rootfs-$arch" ]; then

275

download_ubuntu $cache $arch $release

276

if [ $? -ne 0 ]; then

277

echo "Failed to download 'ubuntu $release base'"

278

return 1

279

280

281

282

echo "Copy $cache/rootfs-$arch to $rootfs ... "

283

copy_ubuntu $cache $arch $rootfs

284

if [ $? -ne 0 ]; then

285

echo "Failed to copy rootfs"

286

return 1

287

288

289

return 0

290

291

) 200>/var/lock/subsys/lxc

294

292

295

293

return $?

296

294

}

308

306

309

307

310

308

ttydir=""

311

if [ $release = "precise" ] || [ $release = "quantal" ]; then

309

if [ ! -f $rootfs/etc/init/container-detect.conf ]; then

312

310

ttydir=" lxc"

313

311

314

312

371

369

EOF

372

370

373

371

if [ $? -ne 0 ]; then

374

echo "Failed to add configuration"

375

return 1

372

echo "Failed to add configuration"

373

return 1

376

374

377

375

378

376

return 0

449

447

450

448

# reconfigure some services

451

449

if [ -z "$LANG" ]; then

452

chroot $rootfs locale-gen en_US.UTF-8

453

chroot $rootfs update-locale LANG=en_US.UTF-8

450

chroot $rootfs locale-gen en_US.UTF-8

451

chroot $rootfs update-locale LANG=en_US.UTF-8

454

452

else

455

chroot $rootfs locale-gen $LANG

456

chroot $rootfs update-locale LANG=$LANG

453

chroot $rootfs locale-gen $LANG

454

chroot $rootfs update-locale LANG=$LANG

457

455

458

456

459

457

# remove pointless services in a container

479

477

480

478

if [ $trim_container -eq 1 ]; then

481

479

trim $rootfs $release

482

elif [ $release = "lucid" -o $release = "natty" \

483

-o $release = "oneiric" ]; then

480

elif [ ! -f $rootfs/etc/init/container-detect.conf ]; then

481

# Make sure we have a working resolv.conf

482

cresolvonf="${rootfs}/etc/resolv.conf"

483

mv $cresolvonf ${cresolvonf}.lxcbak

484

cat /etc/resolv.conf > ${cresolvonf}

485

484

486

# for lucid, if not trimming, then add the ubuntu-virt

485

487

# ppa and install lxcguest

486

488

if [ $release = "lucid" ]; then

487

489

chroot $rootfs apt-get install --force-yes -y python-software-properties

488

490

chroot $rootfs add-apt-repository ppa:ubuntu-virt/ppa

489

491

490

cresolvonf="${rootfs}/etc/resolv.conf"

491

mv $cresolvonf ${cresolvonf}.lxcbak

492

cat /etc/resolv.conf > ${cresolvonf}

492

493

chroot $rootfs apt-get update

494

chroot $rootfs apt-get install --force-yes -y lxcguest

495

rm -f ${cresolvonf}

496

mv ${cresolvonf}.lxcbak ${cresolvonf}

495

496

# Restore old resolv.conf

497

rm -f ${cresolvonf}

498

mv ${cresolvonf}.lxcbak ${cresolvonf}

497

499

498

500

499

501

# If the container isn't running a native architecture, setup multiarch

518

520

chroot $rootfs apt-get install --force-yes -y --no-install-recommends upstart:${hostarch} mountall:${hostarch} iproute:${hostarch} isc-dhcp-client:${hostarch}

519

521

520

522

521

# rmdir /dev/shm in precise and quantal containers.

523

# rmdir /dev/shm for containers that have /run/shm

522

524

# I'm afraid of doing rm -rf $rootfs/dev/shm, in case it did

523

525

# get bind mounted to the host's /run/shm. So try to rmdir

524

526

# it, and in case that fails move it out of the way.

525

if [ $release = "precise" ] || [ $release = "quantal" ]; then

527

if [ -d $rootfs/run/shm ]; then

526

528

[ -d "$rootfs/dev/shm" ] && rmdir $rootfs/dev/shm

527

529

[ -e "$rootfs/dev/shm" ] && mv $rootfs/dev/shm $rootfs/dev/shm.bak

528

530

ln -s /run/shm $rootfs/dev/shm

553

555

# bind-mount the user's path into the container's /home

554

556

h=`getent passwd $user | cut -d: -f 6`

555

557

mkdir -p $rootfs/$h

556

# use relative path in container

557

h2=${h#/}

558

while [ ${h2:0:1} = "/" ]; do

559

h2=${h2#/}

560

done

558

559

# use relative path in container

560

h2=${h#/}

561

while [ ${h2:0:1} = "/" ]; do

562

h2=${h2#/}

563

done

561

564

echo "$h $h2 none bind 0 0" >> $path/fstab

562

565

563

566

# Make sure the group exists in container

571

574

cat <<EOF

572

575

$1 -h|--help [-a|--arch] [-b|--bindhome <user>] [--trim] [-d|--debug]

573

576

[-F | --flush-cache] [-r|--release <release>] [ -S | --auth-key <keyfile>]

574

release: lucid | natty | oneiric | precise | quantal

577

release: the ubuntu release (e.g. precise): defaults to host release on ubuntu, otherwise uses latest LTS

575

578

trim: make a minimal (faster, but not upgrade-safe) container

576

579

bindhome: bind <user>'s home into the container

577

580

The ubuntu user will not be created, and <user> will have

578

sudo access.

579

arch: amd64 or i386: defaults to host arch

581

sudo access.

582

arch: the container architecture (e.g. amd64): defaults to host arch

580

583

auth-key: SSH Public key file to inject into container

581

584

EOF

582

585

return 0

589

592

590

593

eval set -- "$options"

591

594

592

release=lucid

595

release=precise # Default to the last Ubuntu LTS release for non-Ubuntu systems

593

596

if [ -f /etc/lsb-release ]; then

594

597

. /etc/lsb-release

595

case "$DISTRIB_CODENAME" in

596

lucid|natty|oneiric|precise|quantal)

597

release=$DISTRIB_CODENAME

598

;;

599

esac

598

if [ "$DISTRIB_ID" = "Ubuntu" ]; then

599

release=$DISTRIB_CODENAME

600

601

602

603

bindhome=

641

642

done

642

643

644

if [ $debug -eq 1 ]; then

644

set -x

645

set -x

645

646

647

648

if [ -n "$bindhome" ]; then

Older »