Ubuntu
lxc package

Merge lp:~ubuntu-branches/ubuntu/precise/lxc/precise-201204100226 into lp:ubuntu/precise/lxc

  1. Precise (12.04)
  2. precise-201204100226
  3. Merge into precise
Proposed by Ubuntu Package Importer
Status: Rejected
Rejected by: James Westby
Proposed branch: lp:~ubuntu-branches/ubuntu/precise/lxc/precise-201204100226
Merge into: lp:ubuntu/precise/lxc
Diff against target: 1163 lines (+1086/-1) (has conflicts)
9 files modified
.pc/.quilt_patches (+1/-0)
.pc/.quilt_series (+1/-0)
.pc/0068-fix-lxc-config-layout/templates/lxc-ubuntu-cloud.in (+361/-0)
.pc/0068-fix-lxc-config-layout/templates/lxc-ubuntu.in (+679/-0)
.pc/applied-patches (+4/-0)
debian/changelog (+9/-0)
debian/local/lxc-start-ephemeral (+1/-1)
debian/patches/0068-fix-lxc-config-layout (+26/-0)
debian/patches/series (+4/-0)
Conflict adding file .pc/0068-fix-lxc-config-layout.  Moved existing file to .pc/0068-fix-lxc-config-layout.moved.
Text conflict in .pc/applied-patches
Text conflict in debian/changelog
Conflict adding file debian/patches/0068-fix-lxc-config-layout.  Moved existing file to debian/patches/0068-fix-lxc-config-layout.moved.
Text conflict in debian/patches/series
To merge this branch: bzr merge lp:~ubuntu-branches/ubuntu/precise/lxc/precise-201204100226
Reviewer Review Type Date Requested Status
Ubuntu branches Pending
Review via email: mp+101320@code.launchpad.net

Description of the change

The package importer has detected a possible inconsistency between the package history in the archive and the history in bzr. As the archive is authoritative the importer has made lp:ubuntu/precise/lxc reflect what is in the archive and the old bzr branch has been pushed to lp:~ubuntu-branches/ubuntu/precise/lxc/precise-201204100226. This merge proposal was created so that an Ubuntu developer can review the situations and perform a merge/upload if necessary. There are three typical cases where this can happen.
  1. Where someone pushes a change to bzr and someone else uploads the package without that change. This is the reason that this check is done by the importer. If this appears to be the case then a merge/upload should be done if the changes that were in bzr are still desirable.
  2. The importer incorrectly detected the above situation when someone made a change in bzr and then uploaded it.
  3. The importer incorrectly detected the above situation when someone just uploaded a package and didn't touch bzr.

If this case doesn't appear to be the first situation then set the status of the merge proposal to "Rejected" and help avoid the problem in future by filing a bug at https://bugs.launchpad.net/udd linking to this merge proposal.

(this is an automatically generated message)

To post a comment you must log in.

Unmerged revisions

91. By Stéphane Graber

Add missing space after lxc.network.hwaddr

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== added file '.pc/.quilt_patches'
--- .pc/.quilt_patches 1970-01-01 00:00:00 +0000
+++ .pc/.quilt_patches 2012-04-10 02:30:27 +0000
@@ -0,0 +1,1 @@
1debian/patches
02
=== added file '.pc/.quilt_series'
--- .pc/.quilt_series 1970-01-01 00:00:00 +0000
+++ .pc/.quilt_series 2012-04-10 02:30:27 +0000
@@ -0,0 +1,1 @@
1series
02
=== added directory '.pc/0068-fix-lxc-config-layout'
=== renamed directory '.pc/0068-fix-lxc-config-layout' => '.pc/0068-fix-lxc-config-layout.moved'
=== added directory '.pc/0068-fix-lxc-config-layout/templates'
=== added file '.pc/0068-fix-lxc-config-layout/templates/lxc-ubuntu-cloud.in'
--- .pc/0068-fix-lxc-config-layout/templates/lxc-ubuntu-cloud.in 1970-01-01 00:00:00 +0000
+++ .pc/0068-fix-lxc-config-layout/templates/lxc-ubuntu-cloud.in 2012-04-10 02:30:27 +0000
@@ -0,0 +1,361 @@
1#!/bin/bash
2
3# template script for generating ubuntu container for LXC based on released cloud
4# images
5#
6# Copyright © 2012 Serge Hallyn <serge.hallyn@canonical.com>
7#
8# This program is free software; you can redistribute it and/or modify
9# it under the terms of the GNU General Public License version 2, as
10# published by the Free Software Foundation.
11
12# This program is distributed in the hope that it will be useful,
13# but WITHOUT ANY WARRANTY; without even the implied warranty of
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15# GNU General Public License for more details.
16
17# You should have received a copy of the GNU General Public License along
18# with this program; if not, write to the Free Software Foundation, Inc.,
19# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20#
21
22set -e
23
24if [ -r /etc/default/lxc ]; then
25 . /etc/default/lxc
26fi
27
28copy_configuration()
29{
30 path=$1
31 rootfs=$2
32 name=$3
33 arch=$4
34
35 if [ $arch = "i386" ]; then
36 arch="i686"
37 fi
38
39 # if there is exactly one veth network entry, make sure it has an
40 # associated hwaddr.
41 nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l`
42 if [ $nics -eq 1 ]; then
43 grep -q "^lxc.network.hwaddr" $path/config || cat <<EOF >> $path/config
44lxc.network.hwaddr= 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')
45EOF
46 fi
47
48 cat <<EOF >> $path/config
49lxc.utsname = $name
50
51lxc.tty = 4
52lxc.pts = 1024
53lxc.rootfs = $rootfs
54lxc.mount = $path/fstab
55lxc.arch = $arch
56lxc.cap.drop = sys_module mac_admin
57# uncomment the next line to run the container unconfined:
58#lxc.aa_profile = unconfined
59
60lxc.cgroup.devices.deny = a
61# Allow any mknod (but not using the node)
62lxc.cgroup.devices.allow = c *:* m
63lxc.cgroup.devices.allow = b *:* m
64# /dev/null and zero
65lxc.cgroup.devices.allow = c 1:3 rwm
66lxc.cgroup.devices.allow = c 1:5 rwm
67# consoles
68lxc.cgroup.devices.allow = c 5:1 rwm
69lxc.cgroup.devices.allow = c 5:0 rwm
70#lxc.cgroup.devices.allow = c 4:0 rwm
71#lxc.cgroup.devices.allow = c 4:1 rwm
72# /dev/{,u}random
73lxc.cgroup.devices.allow = c 1:9 rwm
74lxc.cgroup.devices.allow = c 1:8 rwm
75lxc.cgroup.devices.allow = c 136:* rwm
76lxc.cgroup.devices.allow = c 5:2 rwm
77# rtc
78lxc.cgroup.devices.allow = c 254:0 rwm
79#fuse
80lxc.cgroup.devices.allow = c 10:229 rwm
81#tun
82lxc.cgroup.devices.allow = c 10:200 rwm
83#full
84lxc.cgroup.devices.allow = c 1:7 rwm
85#hpet
86lxc.cgroup.devices.allow = c 10:228 rwm
87#kvm
88lxc.cgroup.devices.allow = c 10:232 rwm
89EOF
90
91 cat <<EOF > $path/fstab
92proc proc proc nodev,noexec,nosuid 0 0
93sysfs sys sysfs defaults 0 0
94EOF
95
96 return 0
97}
98
99usage()
100{
101 cat <<EOF
102LXC Container configuration for Ubuntu Cloud images.
103
104Generic Options
105[ -r | --release <release> ]: Release name of container, defaults to host
106[ -a | --arch ]: Arhcitecture of container, defaults to host arcitecture
107[ -C | --cloud ]: Configure container for use with meta-data service, defaults to no
108[ -T | --tarball ]: Location of tarball
109[ -d | --debug ]: Run with 'set -x' to debug errors
110[ -s | --stream]: Use specified stream rather than 'released'
111
112Options, mutually exclusive of "-C" and "--cloud":
113 [ -i | --hostid ]: HostID for cloud-init, defaults to random string
114 [ -u | --userdata ]: Cloud-init user-data file to configure container on start
115 [ -S | --auth-key ]: SSH Public key file to inject into container
116 [ -L | --nolocales ]: Do not copy host's locales into container
117
118EOF
119 return 0
120}
121
122options=$(getopt -o a:hp:r:n:Fi:CLS:T:ds: -l arch:,help,path:,release:,name:,flush-cache,hostid:,auth-key:,cloud,no_locales,tarball:,debug,stream: -- "$@")
123if [ $? -ne 0 ]; then
124 usage $(basename $0)
125 exit 1
126fi
127eval set -- "$options"
128
129release=lucid
130if [ -f /etc/lsb-release ]; then
131 . /etc/lsb-release
132 case "$DISTRIB_CODENAME" in
133 lucid|maverick|natty|oneiric|precise)
134 release=$DISTRIB_CODENAME
135 ;;
136 esac
137fi
138
139arch=$(arch)
140
141# Code taken from debootstrap
142if [ -x /usr/bin/dpkg ] && /usr/bin/dpkg --print-architecture >/dev/null 2>&1; then
143 arch=`/usr/bin/dpkg --print-architecture`
144elif type udpkg >/dev/null 2>&1 && udpkg --print-architecture >/dev/null 2>&1; then
145 arch=`/usr/bin/udpkg --print-architecture`
146else
147 arch=$(arch)
148 if [ "$arch" = "i686" ]; then
149 arch="i386"
150 elif [ "$arch" = "x86_64" ]; then
151 arch="amd64"
152 elif [ "$arch" = "armv7l" ]; then
153 # note: arm images don't exist before oneiric; are called armhf in
154 # precise; and are not supported by the query, so we don't actually
155 # support them yet (see check later on). When Query2 is available,
156 # we'll use that to enable arm images.
157 arch="armel"
158 fi
159fi
160
161debug=0
162hostarch=$arch
163cloud=0
164locales=1
165flushcache=0
166stream="released"
167while true
168do
169 case "$1" in
170 -h|--help) usage $0 && exit 0;;
171 -p|--path) path=$2; shift 2;;
172 -n|--name) name=$2; shift 2;;
173 -F|--flush-cache) flushcache=1; shift 1;;
174 -r|--release) release=$2; shift 2;;
175 -a|--arch) arch=$2; shift 2;;
176 -i|--hostid) host_id=$2; shift 2;;
177 -u|--userdata) userdata=$2; shift 2;;
178 -C|--cloud) cloud=1; shift 1;;
179 -S|--auth-key) auth_key=$2; shift 2;;
180 -L|--no_locales) locales=0; shift 2;;
181 -T|--tarball) tarball=$2; shift 2;;
182 -d|--debug) debug=1; shift 1;;
183 -s|--stream) stream=$2; shift 2;;
184 --) shift 1; break ;;
185 *) break ;;
186 esac
187done
188
189if [ $debug -eq 1 ]; then
190 set -x
191fi
192
193if [ "$arch" == "i686" ]; then
194 arch=i386
195fi
196
197if [ $hostarch = "i386" -a $arch = "amd64" ]; then
198 echo "can't create amd64 container on i386"
199 exit 1
200fi
201
202if [ $arch != "i386" -a $arch != "amd64" ]; then
203 echo "Only i386 and amd64 are supported by the ubuntu cloud template."
204 exit 1
205fi
206
207if [ "$stream" != "daily" -a "$stream" != "released" ]; then
208 echo "Only 'daily' and 'released' streams are supported"
209 exit 1
210fi
211
212if [ -z "$path" ]; then
213 echo "'path' parameter is required"
214 exit 1
215fi
216
217if [ "$(id -u)" != "0" ]; then
218 echo "This script should be run as 'root'"
219 exit 1
220fi
221
222rootfs=$path/rootfs
223
224type ubuntu-cloudimg-query
225type wget
226
227# determine the url, tarball, and directory names
228# download if needed
229cache="/var/cache/lxc/cloud-$release"
230
231mkdir -p $cache
232
233if [ -n "$tarball" ]; then
234 url2="$tarball"
235else
236 url1=`ubuntu-cloudimg-query $release $stream $arch --format "%{url}\n"`
237 url2=`echo $url1 | sed -e 's/.tar.gz/-root\0/'`
238fi
239
240filename=`basename $url2`
241
242buildcleanup()
243{
244 cd $rootfs
245 umount -l $cache/$xdir || true
246 rm -rf $cache
247}
248
249# if the release doesn't have a *-rootfs.tar.gz, then create one from the
250# cloudimg.tar.gz by extracting the .img, mounting it loopback, and creating
251# a tarball from the mounted image.
252build_root_tgz()
253{
254 url=$1
255 filename=$2
256
257 xdir=`mktemp -d -p .`
258 tarname=`basename $url`
259 imgname="`basename $tarname .tar.gz`.img"
260 trap buildcleanup EXIT
261 if [ $flushcache -eq 1 -o ! -f $cache/$tarname ]; then
262 rm -f $tarname
263 echo "Downloading cloud image from $url"
264 wget $url || { echo "Couldn't find cloud image $url."; exit 1; }
265 fi
266 echo "Creating new cached cloud image rootfs"
267 tar zxf $tarname $imgname
268 mount -o loop $imgname $xdir
269 (cd $xdir; tar zcf ../$filename .)
270 umount $xdir
271 rm -f $tarname $imgname
272 rmdir $xdir
273 echo "New cloud image cache created"
274 trap EXIT
275}
276
277mkdir -p /var/lock/subsys/
278(
279 flock -n -x 200
280
281 cd $cache
282 if [ $flushcache -eq 1 ]; then
283 echo "Clearing the cached images"
284 rm -f $filename
285 fi
286
287 if [ ! -f $filename ]; then
288 wget $url2 || build_root_tgz $url1 $filename
289 fi
290
291 echo "Extracting container rootfs"
292 mkdir -p $rootfs
293 cd $rootfs
294 tar -zxf $cache/$filename
295
296
297 if [ $cloud -eq 0 ]; then
298 echo "Configuring for running outside of a cloud environment"
299 echo "If you want to configure for a cloud evironment, please use '-- -C' to create the container"
300
301 seed_d=$rootfs/var/lib/cloud/seed/nocloud-net
302 rhostid=$(uuidgen | cut -c -8)
303 host_id=${hostid:-$rhostid}
304 mkdir -p $seed_d
305
306 cat > "$seed_d/meta-data" <<EOF
307instance_id: lxc-$host_id
308EOF
309
310 rm $rootfs/etc/hostname
311
312 if [ $locales -eq 1 ]; then
313 cp /usr/lib/locale/locale-archive $rootfs/usr/lib/locale/locale-archive
314 fi
315
316
317 if [ -n "$auth_key" -a -f "$auth_key" ]; then
318 u_path="/home/ubuntu/.ssh"
319 root_u_path="$rootfs/$u_path"
320 mkdir -p $root_u_path
321 cp $auth_key "$root_u_path/authorized_keys"
322 chroot $rootfs chown -R ubuntu: "$u_path"
323
324 echo "Inserted SSH public key from $auth_key into /home/ubuntu/.ssh/authorized_keys"
325 fi
326
327 if [ ! -f $userdata ]; then
328 cp $userdata $data_d/user-data
329 else
330
331 if [ -z "$MIRROR" ]; then
332 MIRROR="http://archive.ubuntu.com/ubuntu"
333 fi
334
335 cat > "$seed_d/user-data" <<EOF
336#cloud-config
337output: {all: '| tee -a /var/log/cloud-init-output.log'}
338apt-mirror: $MIRROR
339manage_etc_hosts: localhost
340locale: $(/usr/bin/locale | awk -F= '/LANG=/ {print$NF}')
341EOF
342
343 fi
344
345 chroot $rootfs /usr/sbin/usermod -U ubuntu
346 echo "ubuntu:ubuntu" | chroot $rootfs chpasswd
347 echo "Please login as user ubuntu with password ubuntu."
348
349 else
350
351 echo "Configured for running in a cloud environment."
352 echo "If you do not have a meta-data service, this container will likely be useless."
353
354 fi
355
356) 200>/var/lock/subsys/lxc-ubucloud
357
358copy_configuration $path $rootfs $name $arch
359
360echo "Container $name created."
361exit 0
0362
=== added file '.pc/0068-fix-lxc-config-layout/templates/lxc-ubuntu.in'
--- .pc/0068-fix-lxc-config-layout/templates/lxc-ubuntu.in 1970-01-01 00:00:00 +0000
+++ .pc/0068-fix-lxc-config-layout/templates/lxc-ubuntu.in 2012-04-10 02:30:27 +0000
@@ -0,0 +1,679 @@
1#!/bin/bash
2
3#
4# template script for generating ubuntu container for LXC
5#
6# This script consolidates and extends the existing lxc ubuntu scripts
7#
8
9# Copyright © 2011 Serge Hallyn <serge.hallyn@canonical.com>
10# Copyright © 2010 Wilhelm Meier
11# Author: Wilhelm Meier <wilhelm.meier@fh-kl.de>
12#
13# This program is free software; you can redistribute it and/or modify
14# it under the terms of the GNU General Public License version 2, as
15# published by the Free Software Foundation.
16
17# This program is distributed in the hope that it will be useful,
18# but WITHOUT ANY WARRANTY; without even the implied warranty of
19# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20# GNU General Public License for more details.
21
22# You should have received a copy of the GNU General Public License along
23# with this program; if not, write to the Free Software Foundation, Inc.,
24# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25#
26
27set -e
28
29if [ -r /etc/default/lxc ]; then
30 . /etc/default/lxc
31fi
32
33configure_ubuntu()
34{
35 rootfs=$1
36 hostname=$2
37 release=$3
38
39 # configure the network using the dhcp
40 cat <<EOF > $rootfs/etc/network/interfaces
41auto lo
42iface lo inet loopback
43
44auto eth0
45iface eth0 inet dhcp
46EOF
47
48 # set the hostname
49 cat <<EOF > $rootfs/etc/hostname
50$hostname
51EOF
52 # set minimal hosts
53 cat <<EOF > $rootfs/etc/hosts
54127.0.0.1 localhost $hostname
55EOF
56
57 if [ "$release" != "precise" ]; then
58 # suppress log level output for udev
59 sed -i "s/=\"err\"/=0/" $rootfs/etc/udev/udev.conf
60
61 # remove jobs for consoles 5 and 6 since we only create 4 consoles in
62 # this template
63 rm -f $rootfs/etc/init/tty{5,6}.conf
64 fi
65
66 if [ -z "$bindhome" ]; then
67 chroot $rootfs useradd --create-home -s /bin/bash ubuntu
68 echo "ubuntu:ubuntu" | chroot $rootfs chpasswd
69 fi
70
71 return 0
72}
73
74# finish setting up the user in the container by injecting ssh key and
75# adding sudo group membership.
76# passed-in user is either 'ubuntu' or the user to bind in from host.
77finalize_user()
78{
79 user=$1
80
81 if [ "$release" = "precise" ]; then
82 groups="sudo"
83 else
84 groups="sudo admin"
85 fi
86
87 for group in $groups; do
88 chroot $rootfs groupadd --system $group >/dev/null 2>&1 || true
89 chroot $rootfs adduser ${user} $group >/dev/null 2>&1 || true
90 done
91
92 if [ -n "$auth_key" -a -f "$auth_key" ]; then
93 u_path="/home/${user}/.ssh"
94 root_u_path="$rootfs/$u_path"
95 mkdir -p $root_u_path
96 cp $auth_key "$root_u_path/authorized_keys"
97 chroot $rootfs chown -R ${user}: "$u_path"
98
99 echo "Inserted SSH public key from $auth_key into /home/${user}/.ssh/authorized_keys"
100 fi
101 return 0
102}
103
104write_sourceslist()
105{
106 # $1 => path to the rootfs
107 # $2 => architecture we want to add
108 # $3 => whether to use the multi-arch syntax or not
109
110 case $2 in
111 amd64|i386)
112 MIRROR=${MIRROR:-http://archive.ubuntu.com/ubuntu}
113 SECURITY_MIRROR=${SECURITY_MIRROR:-http://security.ubuntu.com/ubuntu}
114 ;;
115 sparc)
116 case $SUITE in
117 gutsy)
118 MIRROR=${MIRROR:-http://archive.ubuntu.com/ubuntu}
119 SECURITY_MIRROR=${SECURITY_MIRRORMIRROR:-http://security.ubuntu.com/ubuntu}
120 ;;
121 *)
122 MIRROR=${MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
123 SECURITY_MIRROR=${SECURITY_MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
124 ;;
125 esac
126 ;;
127 *)
128 MIRROR=${MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
129 SECURITY_MIRROR=${SECURITY_MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
130 ;;
131 esac
132 if [ -n "$3" ]; then
133 cat >> "$1/etc/apt/sources.list" << EOF
134deb [arch=$2] $MIRROR ${release} main restricted universe multiverse
135deb [arch=$2] $MIRROR ${release}-updates main restricted universe multiverse
136deb [arch=$2] $SECURITY_MIRROR ${release}-security main restricted universe multiverse
137EOF
138 else
139 cat >> "$1/etc/apt/sources.list" << EOF
140deb $MIRROR ${release} main restricted universe multiverse
141deb $MIRROR ${release}-updates main restricted universe multiverse
142deb $SECURITY_MIRROR ${release}-security main restricted universe multiverse
143EOF
144 fi
145}
146
147download_ubuntu()
148{
149 cache=$1
150 arch=$2
151 release=$3
152
153 if [ $release = "lucid" ]; then
154 packages=dialog,apt,apt-utils,resolvconf,iproute,inetutils-ping,vim,dhcp3-client,ssh,lsb-release,gnupg
155 elif [ $release = "maverick" ]; then
156 packages=dialog,apt,apt-utils,resolvconf,iproute,inetutils-ping,vim,dhcp3-client,ssh,lsb-release,gnupg,netbase
157 elif [ $release = "natty" ]; then
158 packages=dialog,apt,apt-utils,resolvconf,iproute,inetutils-ping,vim,isc-dhcp-client,isc-dhcp-common,ssh,lsb-release,gnupg,netbase
159 else
160 packages=dialog,apt,apt-utils,iproute,inetutils-ping,vim,isc-dhcp-client,isc-dhcp-common,ssh,lsb-release,gnupg,netbase,ubuntu-keyring
161 fi
162 echo "installing packages: $packages"
163
164 # check the mini ubuntu was not already downloaded
165 mkdir -p "$cache/partial-$arch"
166 if [ $? -ne 0 ]; then
167 echo "Failed to create '$cache/partial-$arch' directory"
168 return 1
169 fi
170
171 # download a mini ubuntu into a cache
172 echo "Downloading ubuntu $release minimal ..."
173 if [ -n "$(which qemu-debootstrap)" ]; then
174 qemu-debootstrap --verbose --components=main,universe --arch=$arch --include=$packages $release $cache/partial-$arch $MIRROR
175 else
176 debootstrap --verbose --components=main,universe --arch=$arch --include=$packages $release $cache/partial-$arch $MIRROR
177 fi
178
179 if [ $? -ne 0 ]; then
180 echo "Failed to download the rootfs, aborting."
181 return 1
182 fi
183
184 # Serge isn't sure whether we should avoid doing this when
185 # $release == `distro-info -d`
186 echo "Installing updates"
187 > $cache/partial-$arch/etc/apt/sources.list
188 write_sourceslist $cache/partial-$arch/ $arch
189
190 chroot "$1/partial-${arch}" apt-get update
191 if [ $? -ne 0 ]; then
192 echo "Failed to update the apt cache"
193 return 1
194 fi
195 cat > "$1/partial-${arch}"/usr/sbin/policy-rc.d << EOF
196#!/bin/sh
197exit 101
198EOF
199 chmod +x "$1/partial-${arch}"/usr/sbin/policy-rc.d
200
201 lxc-unshare -s MOUNT -- chroot "$1/partial-${arch}" apt-get dist-upgrade -y
202 ret=$?
203 rm -f "$1/partial-${arch}"/usr/sbin/policy-rc.d
204
205 if [ $ret -ne 0 ]; then
206 echo "Failed to upgrade the cache"
207 return 1
208 fi
209
210 mv "$1/partial-$arch" "$1/rootfs-$arch"
211 echo "Download complete"
212 return 0
213}
214
215copy_ubuntu()
216{
217 cache=$1
218 arch=$2
219 rootfs=$3
220
221 # make a local copy of the miniubuntu
222 echo "Copying rootfs to $rootfs ..."
223 mkdir -p $rootfs
224 rsync -a $cache/rootfs-$arch/ $rootfs/ || return 1
225 return 0
226}
227
228install_ubuntu()
229{
230 rootfs=$1
231 release=$2
232 flushcache=$3
233 cache="/var/cache/lxc/$release"
234 mkdir -p /var/lock/subsys/
235 (
236 flock -n -x 200
237 if [ $? -ne 0 ]; then
238 echo "Cache repository is busy."
239 return 1
240 fi
241
242
243 if [ $flushcache -eq 1 ]; then
244 echo "Flushing cache..."
245 rm -rf "$cache/partial-$arch"
246 rm -rf "$cache/rootfs-$arch"
247 fi
248
249 echo "Checking cache download in $cache/rootfs-$arch ... "
250 if [ ! -e "$cache/rootfs-$arch" ]; then
251 download_ubuntu $cache $arch $release
252 if [ $? -ne 0 ]; then
253 echo "Failed to download 'ubuntu $release base'"
254 return 1
255 fi
256 fi
257
258 echo "Copy $cache/rootfs-$arch to $rootfs ... "
259 copy_ubuntu $cache $arch $rootfs
260 if [ $? -ne 0 ]; then
261 echo "Failed to copy rootfs"
262 return 1
263 fi
264
265 return 0
266
267 ) 200>/var/lock/subsys/lxc
268
269 return $?
270}
271
272copy_configuration()
273{
274 path=$1
275 rootfs=$2
276 name=$3
277 arch=$4
278 release=$5
279
280 if [ $arch = "i386" ]; then
281 arch="i686"
282 fi
283
284 ttydir=""
285 if [ $release = "precise" ]; then
286 ttydir=" lxc"
287 fi
288
289 # if there is exactly one veth network entry, make sure it has an
290 # associated hwaddr.
291 nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l`
292 if [ $nics -eq 1 ]; then
293 grep -q "^lxc.network.hwaddr" $path/config || cat <<EOF >> $path/config
294lxc.network.hwaddr= 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')
295EOF
296 fi
297
298 cat <<EOF >> $path/config
299lxc.utsname = $name
300
301lxc.devttydir =$ttydir
302lxc.tty = 4
303lxc.pts = 1024
304lxc.rootfs = $rootfs
305lxc.mount = $path/fstab
306lxc.arch = $arch
307lxc.cap.drop = sys_module mac_admin
308# uncomment the next line to run the container unconfined:
309#lxc.aa_profile = unconfined
310
311lxc.cgroup.devices.deny = a
312# Allow any mknod (but not using the node)
313lxc.cgroup.devices.allow = c *:* m
314lxc.cgroup.devices.allow = b *:* m
315# /dev/null and zero
316lxc.cgroup.devices.allow = c 1:3 rwm
317lxc.cgroup.devices.allow = c 1:5 rwm
318# consoles
319lxc.cgroup.devices.allow = c 5:1 rwm
320lxc.cgroup.devices.allow = c 5:0 rwm
321#lxc.cgroup.devices.allow = c 4:0 rwm
322#lxc.cgroup.devices.allow = c 4:1 rwm
323# /dev/{,u}random
324lxc.cgroup.devices.allow = c 1:9 rwm
325lxc.cgroup.devices.allow = c 1:8 rwm
326lxc.cgroup.devices.allow = c 136:* rwm
327lxc.cgroup.devices.allow = c 5:2 rwm
328# rtc
329lxc.cgroup.devices.allow = c 254:0 rwm
330#fuse
331lxc.cgroup.devices.allow = c 10:229 rwm
332#tun
333lxc.cgroup.devices.allow = c 10:200 rwm
334#full
335lxc.cgroup.devices.allow = c 1:7 rwm
336#hpet
337lxc.cgroup.devices.allow = c 10:228 rwm
338#kvm
339lxc.cgroup.devices.allow = c 10:232 rwm
340EOF
341
342 cat <<EOF > $path/fstab
343proc proc proc nodev,noexec,nosuid 0 0
344sysfs sys sysfs defaults 0 0
345EOF
346
347 if [ $? -ne 0 ]; then
348 echo "Failed to add configuration"
349 return 1
350 fi
351
352 return 0
353}
354
355trim()
356{
357 rootfs=$1
358 release=$2
359
360 # provide the lxc service
361 cat <<EOF > $rootfs/etc/init/lxc.conf
362# fake some events needed for correct startup other services
363
364description "Container Upstart"
365
366start on startup
367
368script
369 rm -rf /var/run/*.pid
370 rm -rf /var/run/network/*
371 /sbin/initctl emit stopped JOB=udevtrigger --no-wait
372 /sbin/initctl emit started JOB=udev --no-wait
373end script
374EOF
375
376 # fix buggus runlevel with sshd
377 cat <<EOF > $rootfs/etc/init/ssh.conf
378# ssh - OpenBSD Secure Shell server
379#
380# The OpenSSH server provides secure shell access to the system.
381
382description "OpenSSH server"
383
384start on filesystem
385stop on runlevel [!2345]
386
387expect fork
388respawn
389respawn limit 10 5
390umask 022
391# replaces SSHD_OOM_ADJUST in /etc/default/ssh
392oom never
393
394pre-start script
395 test -x /usr/sbin/sshd || { stop; exit 0; }
396 test -e /etc/ssh/sshd_not_to_be_run && { stop; exit 0; }
397 test -c /dev/null || { stop; exit 0; }
398
399 mkdir -p -m0755 /var/run/sshd
400end script
401
402# if you used to set SSHD_OPTS in /etc/default/ssh, you can change the
403# 'exec' line here instead
404exec /usr/sbin/sshd
405EOF
406
407 cat <<EOF > $rootfs/etc/init/console.conf
408# console - getty
409#
410# This service maintains a console on tty1 from the point the system is
411# started until it is shut down again.
412
413start on stopped rc RUNLEVEL=[2345]
414stop on runlevel [!2345]
415
416respawn
417exec /sbin/getty -8 38400 /dev/console
418EOF
419
420 cat <<EOF > $rootfs/lib/init/fstab
421# /lib/init/fstab: cleared out for bare-bones lxc
422EOF
423
424 # reconfigure some services
425 if [ -z "$LANG" ]; then
426 chroot $rootfs locale-gen en_US.UTF-8
427 chroot $rootfs update-locale LANG=en_US.UTF-8
428 else
429 chroot $rootfs locale-gen $LANG
430 chroot $rootfs update-locale LANG=$LANG
431 fi
432
433 # remove pointless services in a container
434 chroot $rootfs /usr/sbin/update-rc.d -f ondemand remove
435
436 chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls u*.conf); do mv $f $f.orig; done'
437 chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls tty[2-9].conf); do mv $f $f.orig; done'
438 chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls plymouth*.conf); do mv $f $f.orig; done'
439 chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls hwclock*.conf); do mv $f $f.orig; done'
440 chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls module*.conf); do mv $f $f.orig; done'
441
442 # if this isn't lucid, then we need to twiddle the network upstart bits :(
443 if [ $release != "lucid" ]; then
444 sed -i 's/^.*emission handled.*$/echo Emitting lo/' $rootfs/etc/network/if-up.d/upstart
445 fi
446}
447
448post_process()
449{
450 rootfs=$1
451 release=$2
452 trim_container=$3
453
454 if [ $trim_container -eq 1 ]; then
455 trim $rootfs $release
456 elif [ $release = "lucid" -o $release = "maverick" -o $release = "natty" \
457 -o $release = "oneiric" ]; then
458 # for lucid and maverick, if not trimming, then add the ubuntu-virt
459 # ppa and install lxcguest
460 if [ $release = "lucid" -o $release = "maverick" ]; then
461 chroot $rootfs apt-get install --force-yes -y python-software-properties
462 chroot $rootfs add-apt-repository ppa:ubuntu-virt/ppa
463 fi
464 cresolvonf="${rootfs}/etc/resolv.conf"
465 mv $cresolvonf ${cresolvonf}.lxcbak
466 cat /etc/resolv.conf > ${cresolvonf}
467 chroot $rootfs apt-get update
468 chroot $rootfs apt-get install --force-yes -y lxcguest
469 rm -f ${cresolvonf}
470 mv ${cresolvonf}.lxcbak ${cresolvonf}
471 fi
472
473 # If the container isn't running a native architecture, setup multiarch
474 if [ -x "$(ls -1 ${rootfs}/usr/bin/qemu-*-static 2>/dev/null)" ]; then
475 mkdir -p ${rootfs}/etc/dpkg/dpkg.cfg.d
476 echo "foreign-architecture ${hostarch}" > ${rootfs}/etc/dpkg/dpkg.cfg.d/lxc-multiarch
477
478 # Save existing value of MIRROR and SECURITY_MIRROR
479 DEFAULT_MIRROR=$MIRROR
480 DEFAULT_SECURITY_MIRROR=$SECURITY_MIRROR
481
482 # Write a new sources.list containing both native and multiarch entries
483 > ${rootfs}/etc/apt/sources.list
484 write_sourceslist $rootfs $arch "native"
485
486 MIRROR=$DEFAULT_MIRROR
487 SECURITY_MIRROR=$DEFAULT_SECURITY_MIRROR
488 write_sourceslist $rootfs $hostarch "multiarch"
489
490 # Finally update the lists and install upstart using the host architecture
491 chroot $rootfs apt-get update
492 chroot $rootfs apt-get install --force-yes -y --no-install-recommends upstart:${hostarch} mountall:amd64 iproute:amd64 isc-dhcp-client:amd64
493 fi
494}
495
496do_bindhome()
497{
498 rootfs=$1
499 user=$2
500
501 # copy /etc/passwd, /etc/shadow, and /etc/group entries into container
502 pwd=`getent passwd $user` || { echo "Failed to copy password entry for $user"; false; }
503 echo $pwd >> $rootfs/etc/passwd
504
505 # make sure user's shell exists in the container
506 shell=`echo $pwd | cut -d: -f 7`
507 if [ ! -x $rootfs/$shell ]; then
508 echo "shell $shell for user $user was not found in the container."
509 pkg=`dpkg -S $(readlink -m $shell) | cut -d ':' -f1`
510 echo "Installing $pkg"
511 chroot $rootfs apt-get --force-yes -y install $pkg
512 fi
513
514 shad=`getent shadow $user`
515 echo "$shad" >> $rootfs/etc/shadow
516
517 # bind-mount the user's path into the container's /home
518 h=`getent passwd $user | cut -d: -f 6`
519 mkdir -p $rootfs/$h
520 # use relative path in container
521 h2=${h#/}
522 while [ ${h2:0:1} = "/" ]; do
523 h2=${h2#/}
524 done
525 echo "$h $h2 none bind 0 0" >> $path/fstab
526
527 # Make sure the group exists in container
528 grp=`echo $pwd | cut -d: -f 4` # group number for $user
529 grpe=`getent group $grp` || return 0 # if host doesn't define grp, ignore in container
530 chroot $rootfs getent group "$grpe" || echo "$grpe" >> $rootfs/etc/group
531}
532
533usage()
534{
535 cat <<EOF
536$1 -h|--help [-a|--arch] [-b|--bindhome <user>] [--trim] [-d|--debug]
537 [-F | --flush-cache] [-r|--release <release>] [ -S | --auth-key <keyfile>]
538release: lucid | maverick | natty | oneiric | precise
539trim: make a minimal (faster, but not upgrade-safe) container
540bindhome: bind <user>'s home into the container
541 The ubuntu user will not be created, and <user> will have
542 sudo access.
543arch: amd64 or i386: defaults to host arch
544auth-key: SSH Public key file to inject into container
545EOF
546 return 0
547}
548
549options=$(getopt -o a:b:hp:r:xn:FS:d -l arch:,bindhome:,help,path:,release:,trim,name:,flush-cache,auth-key:,debug -- "$@")
550if [ $? -ne 0 ]; then
551 usage $(basename $0)
552 exit 1
553fi
554eval set -- "$options"
555
556release=lucid
557if [ -f /etc/lsb-release ]; then
558 . /etc/lsb-release
559 case "$DISTRIB_CODENAME" in
560 lucid|maverick|natty|oneiric|precise)
561 release=$DISTRIB_CODENAME
562 ;;
563 esac
564fi
565
566bindhome=
567arch=$(arch)
568
569# Code taken from debootstrap
570if [ -x /usr/bin/dpkg ] && /usr/bin/dpkg --print-architecture >/dev/null 2>&1; then
571 arch=`/usr/bin/dpkg --print-architecture`
572elif type udpkg >/dev/null 2>&1 && udpkg --print-architecture >/dev/null 2>&1; then
573 arch=`/usr/bin/udpkg --print-architecture`
574else
575 arch=$(arch)
576 if [ "$arch" = "i686" ]; then
577 arch="i386"
578 elif [ "$arch" = "x86_64" ]; then
579 arch="amd64"
580 elif [ "$arch" = "armv7l" ]; then
581 arch="armel"
582 fi
583fi
584
585debug=0
586trim_container=0
587hostarch=$arch
588flushcache=0
589while true
590do
591 case "$1" in
592 -h|--help) usage $0 && exit 0;;
593 -p|--path) path=$2; shift 2;;
594 -n|--name) name=$2; shift 2;;
595 -F|--flush-cache) flushcache=1; shift 1;;
596 -r|--release) release=$2; shift 2;;
597 -b|--bindhome) bindhome=$2; shift 2;;
598 -a|--arch) arch=$2; shift 2;;
599 -x|--trim) trim_container=1; shift 1;;
600 -S|--auth-key) auth_key=$2; shift 2;;
601 -d|--debug) debug=1; shift 1;;
602 --) shift 1; break ;;
603 *) break ;;
604 esac
605done
606
607if [ $debug -eq 1 ]; then
608 set -x
609fi
610
611if [ -n "$bindhome" ]; then
612 pwd=`getent passwd $bindhome`
613 if [ $? -ne 0 ]; then
614 echo "Error: no password entry found for $bindhome"
615 exit 1
616 fi
617fi
618
619
620if [ "$arch" == "i686" ]; then
621 arch=i386
622fi
623
624if [ $hostarch = "i386" -a $arch = "amd64" ]; then
625 echo "can't create amd64 container on i386"
626 exit 1
627fi
628
629type debootstrap
630if [ $? -ne 0 ]; then
631 echo "'debootstrap' command is missing"
632 exit 1
633fi
634
635if [ -z "$path" ]; then
636 echo "'path' parameter is required"
637 exit 1
638fi
639
640if [ "$(id -u)" != "0" ]; then
641 echo "This script should be run as 'root'"
642 exit 1
643fi
644
645rootfs=$path/rootfs
646
647install_ubuntu $rootfs $release $flushcache
648if [ $? -ne 0 ]; then
649 echo "failed to install ubuntu $release"
650 exit 1
651fi
652
653configure_ubuntu $rootfs $name $release
654if [ $? -ne 0 ]; then
655 echo "failed to configure ubuntu $release for a container"
656 exit 1
657fi
658
659copy_configuration $path $rootfs $name $arch $release
660if [ $? -ne 0 ]; then
661 echo "failed write configuration file"
662 exit 1
663fi
664
665post_process $rootfs $release $trim_container
666
667if [ -n "$bindhome" ]; then
668 do_bindhome $rootfs $bindhome
669 finalize_user $bindhome
670else
671 finalize_user ubuntu
672fi
673
674echo ""
675echo "##"
676echo "# The default user is 'ubuntu' with password 'ubuntu'!"
677echo "# Use the 'sudo' command to run tasks as root in the container."
678echo "##"
679echo ""
0680
=== modified file '.pc/applied-patches'
--- .pc/applied-patches 2012-04-09 14:24:24 +0000
+++ .pc/applied-patches 2012-04-10 02:30:27 +0000
@@ -78,5 +78,9 @@
780065-fix-bindhome-relpath780065-fix-bindhome-relpath
790066-confile-typo790066-confile-typo
800067-templates-lxc-profile800067-templates-lxc-profile
81<<<<<<< TREE
810068-fix-lxc-config-layout820068-fix-lxc-config-layout
820069-ubuntu-cloud-fix830069-ubuntu-cloud-fix
84=======
850068-fix-lxc-config-layout
86>>>>>>> MERGE-SOURCE
8387
=== modified file 'debian/changelog'
--- debian/changelog 2012-04-09 14:24:24 +0000
+++ debian/changelog 2012-04-10 02:30:27 +0000
@@ -1,3 +1,4 @@
1<<<<<<< TREE
1lxc (0.7.5-3ubuntu50) precise; urgency=low2lxc (0.7.5-3ubuntu50) precise; urgency=low
23
3 [ Stéphane Graber ]4 [ Stéphane Graber ]
@@ -8,6 +9,14 @@
89
9 -- Ben Howard <ben.howard@canonical.com> Mon, 09 Apr 2012 14:24:24 -060010 -- Ben Howard <ben.howard@canonical.com> Mon, 09 Apr 2012 14:24:24 -0600
1011
12=======
13lxc (0.7.5-3ubuntu50) UNRELEASED; urgency=low
14
15 * Minor ubuntu template tweak to add missing space after lxc.network.hwaddr.
16
17 -- Stéphane Graber <stgraber@ubuntu.com> Mon, 02 Apr 2012 22:21:04 -0400
18
19>>>>>>> MERGE-SOURCE
11lxc (0.7.5-3ubuntu49) precise; urgency=low20lxc (0.7.5-3ubuntu49) precise; urgency=low
1221
13 * debian/lxc-default.apparmor: add mediate_deleted flag (LP: #969299)22 * debian/lxc-default.apparmor: add mediate_deleted flag (LP: #969299)
1423
=== modified file 'debian/local/lxc-start-ephemeral'
--- debian/local/lxc-start-ephemeral 2012-03-21 08:20:06 +0000
+++ debian/local/lxc-start-ephemeral 2012-04-10 02:30:27 +0000
@@ -198,7 +198,7 @@
198 (198 (
199 while read line; do199 while read line; do
200 if [ "${line:0:18}" = "lxc.network.hwaddr" ]; then200 if [ "${line:0:18}" = "lxc.network.hwaddr" ]; then
201 echo "lxc.network.hwaddr= 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')"201 echo "lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')"
202 else202 else
203 echo $line203 echo $line
204 fi204 fi
205205
=== added file 'debian/patches/0068-fix-lxc-config-layout'
--- debian/patches/0068-fix-lxc-config-layout 1970-01-01 00:00:00 +0000
+++ debian/patches/0068-fix-lxc-config-layout 2012-04-10 02:30:27 +0000
@@ -0,0 +1,26 @@
1Description: Minor lxc config template layout fix
2Author: Stéphane Graber <stgraber@ubuntu.com>
3Forwarded: no
4
5--- lxc-0.7.5.orig/templates/lxc-ubuntu-cloud.in
6+++ lxc-0.7.5/templates/lxc-ubuntu-cloud.in
7@@ -41,7 +41,7 @@ copy_configuration()
8 nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l`
9 if [ $nics -eq 1 ]; then
10 grep -q "^lxc.network.hwaddr" $path/config || cat <<EOF >> $path/config
11-lxc.network.hwaddr= 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')
12+lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')
13 EOF
14 fi
15
16--- lxc-0.7.5.orig/templates/lxc-ubuntu.in
17+++ lxc-0.7.5/templates/lxc-ubuntu.in
18@@ -291,7 +291,7 @@ copy_configuration()
19 nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l`
20 if [ $nics -eq 1 ]; then
21 grep -q "^lxc.network.hwaddr" $path/config || cat <<EOF >> $path/config
22-lxc.network.hwaddr= 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')
23+lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')
24 EOF
25 fi
26
027
=== renamed file 'debian/patches/0068-fix-lxc-config-layout' => 'debian/patches/0068-fix-lxc-config-layout.moved'
=== modified file 'debian/patches/series'
--- debian/patches/series 2012-04-09 14:24:24 +0000
+++ debian/patches/series 2012-04-10 02:30:27 +0000
@@ -78,5 +78,9 @@
780065-fix-bindhome-relpath780065-fix-bindhome-relpath
790066-confile-typo790066-confile-typo
800067-templates-lxc-profile800067-templates-lxc-profile
81<<<<<<< TREE
810068-fix-lxc-config-layout820068-fix-lxc-config-layout
820069-ubuntu-cloud-fix830069-ubuntu-cloud-fix
84=======
850068-fix-lxc-config-layout
86>>>>>>> MERGE-SOURCE
8387
=== modified file 'templates/lxc-ubuntu-cloud.in'

Subscribers

People subscribed via source and target branches

to all changes: