Merge lp:~ubuntu-branches/ubuntu/quantal/lxc/quantal-201205292108 into lp:ubuntu/quantal/lxc
- Quantal (12.10)
- quantal-201205292108
- Merge into quantal
Status: | Rejected |
---|---|
Rejected by: | James Westby |
Proposed branch: | lp:~ubuntu-branches/ubuntu/quantal/lxc/quantal-201205292108 |
Merge into: | lp:ubuntu/quantal/lxc |
Diff against target: |
1910 lines (+1869/-0) (has conflicts) 6 files modified
.pc/0084-lxc-ubuntu-drop-duplicate-code.patch/templates/lxc-ubuntu.in (+716/-0) .pc/0085-pivot-dir/templates/lxc-ubuntu-cloud.in (+377/-0) .pc/0085-pivot-dir/templates/lxc-ubuntu.in (+688/-0) debian/lxc.dnsmasq (+2/-0) debian/patches/0084-lxc-ubuntu-drop-duplicate-code.patch (+53/-0) debian/patches/0085-pivot-dir (+33/-0) Conflict adding file .pc/0084-lxc-ubuntu-drop-duplicate-code.patch. Moved existing file to .pc/0084-lxc-ubuntu-drop-duplicate-code.patch.moved. Conflict adding file .pc/0085-pivot-dir. Moved existing file to .pc/0085-pivot-dir.moved. Conflict adding file debian/lxc.dnsmasq. Moved existing file to debian/lxc.dnsmasq.moved. Conflict adding file debian/patches/0084-lxc-ubuntu-drop-duplicate-code.patch. Moved existing file to debian/patches/0084-lxc-ubuntu-drop-duplicate-code.patch.moved. Conflict adding file debian/patches/0085-pivot-dir. Moved existing file to debian/patches/0085-pivot-dir.moved. |
To merge this branch: | bzr merge lp:~ubuntu-branches/ubuntu/quantal/lxc/quantal-201205292108 |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Ubuntu branches | Pending | ||
Review via email: mp+107881@code.launchpad.net |
Commit message
Description of the change
The package importer has detected a possible inconsistency between the package history in the archive and the history in bzr. As the archive is authoritative the importer has made lp:ubuntu/quantal/lxc reflect what is in the archive and the old bzr branch has been pushed to lp:~ubuntu-branches/ubuntu/quantal/lxc/quantal-201205292108. This merge proposal was created so that an Ubuntu developer can review the situations and perform a merge/upload if necessary. There are three typical cases where this can happen.
1. Where someone pushes a change to bzr and someone else uploads the package without that change. This is the reason that this check is done by the importer. If this appears to be the case then a merge/upload should be done if the changes that were in bzr are still desirable.
2. The importer incorrectly detected the above situation when someone made a change in bzr and then uploaded it.
3. The importer incorrectly detected the above situation when someone just uploaded a package and didn't touch bzr.
If this case doesn't appear to be the first situation then set the status of the merge proposal to "Rejected" and help avoid the problem in future by filing a bug at https:/
(this is an automatically generated message)
Unmerged revisions
- 112. By Stéphane Graber
-
releasing version 0.8.0~rc1-4ubuntu10
- 111. By Stéphane Graber
-
Add bug number
- 110. By Stéphane Graber
-
Don't force remove the apparmor rules in postrm
- 109. By Stéphane Graber
-
We actually want to get rid of the dnsmasq configuration on removal, not only on purge
- 108. By Stéphane Graber
-
Silence postinst
- 107. By Stéphane Graber
-
Fix wrong option name
- 106. By Stéphane Graber
-
Ship a dnsmasq.d hook in the package to workaround dnsmasq related bugs
- 105. By Serge Hallyn
-
0085-pivot-dir: use a directory other than /mnt to put the pivot_root
old dir into (LP: #986385) - 104. By Serge Hallyn
-
add bug # in changelog
- 103. By Serge Hallyn
-
0084-lxc-
ubuntu- drop-duplicate- code.patch: drop some duplicate code from
the ubuntu template.
Preview Diff
1 | === added directory '.pc/0084-lxc-ubuntu-drop-duplicate-code.patch' |
2 | === renamed directory '.pc/0084-lxc-ubuntu-drop-duplicate-code.patch' => '.pc/0084-lxc-ubuntu-drop-duplicate-code.patch.moved' |
3 | === added file '.pc/0084-lxc-ubuntu-drop-duplicate-code.patch/.timestamp' |
4 | === added directory '.pc/0084-lxc-ubuntu-drop-duplicate-code.patch/templates' |
5 | === added file '.pc/0084-lxc-ubuntu-drop-duplicate-code.patch/templates/lxc-ubuntu.in' |
6 | --- .pc/0084-lxc-ubuntu-drop-duplicate-code.patch/templates/lxc-ubuntu.in 1970-01-01 00:00:00 +0000 |
7 | +++ .pc/0084-lxc-ubuntu-drop-duplicate-code.patch/templates/lxc-ubuntu.in 2012-05-29 21:13:22 +0000 |
8 | @@ -0,0 +1,716 @@ |
9 | +#!/bin/bash |
10 | + |
11 | +# |
12 | +# template script for generating ubuntu container for LXC |
13 | +# |
14 | +# This script consolidates and extends the existing lxc ubuntu scripts |
15 | +# |
16 | + |
17 | +# Copyright © 2011 Serge Hallyn <serge.hallyn@canonical.com> |
18 | +# Copyright © 2010 Wilhelm Meier |
19 | +# Author: Wilhelm Meier <wilhelm.meier@fh-kl.de> |
20 | +# |
21 | +# This program is free software; you can redistribute it and/or modify |
22 | +# it under the terms of the GNU General Public License version 2, as |
23 | +# published by the Free Software Foundation. |
24 | + |
25 | +# This program is distributed in the hope that it will be useful, |
26 | +# but WITHOUT ANY WARRANTY; without even the implied warranty of |
27 | +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
28 | +# GNU General Public License for more details. |
29 | + |
30 | +# You should have received a copy of the GNU General Public License along |
31 | +# with this program; if not, write to the Free Software Foundation, Inc., |
32 | +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
33 | +# |
34 | + |
35 | +set -e |
36 | + |
37 | +if [ -r /etc/default/lxc ]; then |
38 | + . /etc/default/lxc |
39 | +fi |
40 | + |
41 | +configure_ubuntu() |
42 | +{ |
43 | + rootfs=$1 |
44 | + hostname=$2 |
45 | + release=$3 |
46 | + |
47 | + # configure the network using the dhcp |
48 | + cat <<EOF > $rootfs/etc/network/interfaces |
49 | +# This file describes the network interfaces available on your system |
50 | +# and how to activate them. For more information, see interfaces(5). |
51 | + |
52 | +# The loopback network interface |
53 | +auto lo |
54 | +iface lo inet loopback |
55 | + |
56 | +auto eth0 |
57 | +iface eth0 inet dhcp |
58 | +EOF |
59 | + |
60 | + # set the hostname |
61 | + cat <<EOF > $rootfs/etc/hostname |
62 | +$hostname |
63 | +EOF |
64 | + # set minimal hosts |
65 | + cat <<EOF > $rootfs/etc/hosts |
66 | +127.0.0.1 localhost |
67 | +127.0.1.1 $hostname |
68 | + |
69 | +# The following lines are desirable for IPv6 capable hosts |
70 | +::1 ip6-localhost ip6-loopback |
71 | +fe00::0 ip6-localnet |
72 | +ff00::0 ip6-mcastprefix |
73 | +ff02::1 ip6-allnodes |
74 | +ff02::2 ip6-allrouters |
75 | +EOF |
76 | + |
77 | + if [ ! -f $rootfs/etc/init/container-detect.conf ]; then |
78 | + # suppress log level output for udev |
79 | + sed -i "s/=\"err\"/=0/" $rootfs/etc/udev/udev.conf |
80 | + |
81 | + # remove jobs for consoles 5 and 6 since we only create 4 consoles in |
82 | + # this template |
83 | + rm -f $rootfs/etc/init/tty{5,6}.conf |
84 | + fi |
85 | + |
86 | + if [ -z "$bindhome" ]; then |
87 | + chroot $rootfs useradd --create-home -s /bin/bash ubuntu |
88 | + echo "ubuntu:ubuntu" | chroot $rootfs chpasswd |
89 | + fi |
90 | + |
91 | + return 0 |
92 | +} |
93 | + |
94 | +# finish setting up the user in the container by injecting ssh key and |
95 | +# adding sudo group membership. |
96 | +# passed-in user is either 'ubuntu' or the user to bind in from host. |
97 | +finalize_user() |
98 | +{ |
99 | + user=$1 |
100 | + |
101 | + sudo_version=$(chroot $rootfs dpkg-query -W -f='${Version}' sudo) |
102 | + |
103 | + if chroot $rootfs dpkg --compare-versions $sudo_version gt "1.8.3p1-1"; then |
104 | + groups="sudo" |
105 | + else |
106 | + groups="sudo admin" |
107 | + fi |
108 | + |
109 | + for group in $groups; do |
110 | + chroot $rootfs groupadd --system $group >/dev/null 2>&1 || true |
111 | + chroot $rootfs adduser ${user} $group >/dev/null 2>&1 || true |
112 | + done |
113 | + |
114 | + if [ -n "$auth_key" -a -f "$auth_key" ]; then |
115 | + u_path="/home/${user}/.ssh" |
116 | + root_u_path="$rootfs/$u_path" |
117 | + |
118 | + mkdir -p $root_u_path |
119 | + cp $auth_key "$root_u_path/authorized_keys" |
120 | + chroot $rootfs chown -R ${user}: "$u_path" |
121 | + |
122 | + echo "Inserted SSH public key from $auth_key into /home/${user}/.ssh/authorized_keys" |
123 | + fi |
124 | + return 0 |
125 | +} |
126 | + |
127 | +write_sourceslist() |
128 | +{ |
129 | + # $1 => path to the rootfs |
130 | + # $2 => architecture we want to add |
131 | + # $3 => whether to use the multi-arch syntax or not |
132 | + |
133 | + case $2 in |
134 | + amd64|i386) |
135 | + MIRROR=${MIRROR:-http://archive.ubuntu.com/ubuntu} |
136 | + SECURITY_MIRROR=${SECURITY_MIRROR:-http://security.ubuntu.com/ubuntu} |
137 | + ;; |
138 | + *) |
139 | + MIRROR=${MIRROR:-http://ports.ubuntu.com/ubuntu-ports} |
140 | + SECURITY_MIRROR=${SECURITY_MIRROR:-http://ports.ubuntu.com/ubuntu-ports} |
141 | + ;; |
142 | + esac |
143 | + if [ -n "$3" ]; then |
144 | + cat >> "$1/etc/apt/sources.list" << EOF |
145 | +deb [arch=$2] $MIRROR ${release} main restricted universe multiverse |
146 | +deb [arch=$2] $MIRROR ${release}-updates main restricted universe multiverse |
147 | +deb [arch=$2] $SECURITY_MIRROR ${release}-security main restricted universe multiverse |
148 | +EOF |
149 | + else |
150 | + cat >> "$1/etc/apt/sources.list" << EOF |
151 | +deb $MIRROR ${release} main restricted universe multiverse |
152 | +deb $MIRROR ${release}-updates main restricted universe multiverse |
153 | +deb $SECURITY_MIRROR ${release}-security main restricted universe multiverse |
154 | +EOF |
155 | + fi |
156 | +} |
157 | + |
158 | +download_ubuntu() |
159 | +{ |
160 | + cache=$1 |
161 | + arch=$2 |
162 | + release=$3 |
163 | + |
164 | + packages=vim,ssh |
165 | + echo "installing packages: $packages" |
166 | + |
167 | + # check the mini ubuntu was not already downloaded |
168 | + mkdir -p "$cache/partial-$arch" |
169 | + if [ $? -ne 0 ]; then |
170 | + echo "Failed to create '$cache/partial-$arch' directory" |
171 | + return 1 |
172 | + fi |
173 | + |
174 | + # download a mini ubuntu into a cache |
175 | + echo "Downloading ubuntu $release minimal ..." |
176 | + if [ -n "$(which qemu-debootstrap)" ]; then |
177 | + qemu-debootstrap --verbose --components=main,universe --arch=$arch --include=$packages $release $cache/partial-$arch $MIRROR |
178 | + else |
179 | + debootstrap --verbose --components=main,universe --arch=$arch --include=$packages $release $cache/partial-$arch $MIRROR |
180 | + fi |
181 | + |
182 | + if [ $? -ne 0 ]; then |
183 | + echo "Failed to download the rootfs, aborting." |
184 | + return 1 |
185 | + fi |
186 | + |
187 | + echo "Installing updates" |
188 | + if [ -z "$MIRROR" ]; then |
189 | + MIRROR="http://archive.ubuntu.com/ubuntu" |
190 | + fi |
191 | + cat >> "$1/partial-${arch}/etc/apt/sources.list" << EOF |
192 | +deb $MIRROR ${release}-updates main universe |
193 | +deb http://security.ubuntu.com/ubuntu ${release}-security main universe |
194 | +EOF |
195 | + chroot "$1/partial-${arch}" apt-get update |
196 | + if [ $? -ne 0 ]; then |
197 | + echo "Failed to update the apt cache" |
198 | + return 1 |
199 | + fi |
200 | + cat > "$1/partial-${arch}"/usr/sbin/policy-rc.d << EOF |
201 | +#!/bin/sh |
202 | +exit 101 |
203 | +EOF |
204 | + chmod +x "$1/partial-${arch}"/usr/sbin/policy-rc.d |
205 | + |
206 | + chroot "$1/partial-${arch}" apt-get dist-upgrade -y |
207 | + ret=$? |
208 | + |
209 | + rm -f "$1/partial-${arch}"/usr/sbin/policy-rc.d |
210 | + if [ $ret -ne 0 ]; then |
211 | + echo "Failed to upgrade the cache" |
212 | + return 1 |
213 | + fi |
214 | + |
215 | + # Serge isn't sure whether we should avoid doing this when |
216 | + # $release == `distro-info -d` |
217 | + echo "Installing updates" |
218 | + > $cache/partial-$arch/etc/apt/sources.list |
219 | + write_sourceslist $cache/partial-$arch/ $arch |
220 | + |
221 | + chroot "$1/partial-${arch}" apt-get update |
222 | + if [ $? -ne 0 ]; then |
223 | + echo "Failed to update the apt cache" |
224 | + return 1 |
225 | + fi |
226 | + cat > "$1/partial-${arch}"/usr/sbin/policy-rc.d << EOF |
227 | +#!/bin/sh |
228 | +exit 101 |
229 | +EOF |
230 | + chmod +x "$1/partial-${arch}"/usr/sbin/policy-rc.d |
231 | + |
232 | + lxc-unshare -s MOUNT -- chroot "$1/partial-${arch}" apt-get dist-upgrade -y |
233 | + ret=$? |
234 | + rm -f "$1/partial-${arch}"/usr/sbin/policy-rc.d |
235 | + |
236 | + if [ $ret -ne 0 ]; then |
237 | + echo "Failed to upgrade the cache" |
238 | + return 1 |
239 | + fi |
240 | + |
241 | + mv "$1/partial-$arch" "$1/rootfs-$arch" |
242 | + echo "Download complete" |
243 | + return 0 |
244 | +} |
245 | + |
246 | +copy_ubuntu() |
247 | +{ |
248 | + cache=$1 |
249 | + arch=$2 |
250 | + rootfs=$3 |
251 | + |
252 | + # make a local copy of the miniubuntu |
253 | + echo "Copying rootfs to $rootfs ..." |
254 | + mkdir -p $rootfs |
255 | + rsync -a $cache/rootfs-$arch/ $rootfs/ || return 1 |
256 | + return 0 |
257 | +} |
258 | + |
259 | +install_ubuntu() |
260 | +{ |
261 | + rootfs=$1 |
262 | + release=$2 |
263 | + flushcache=$3 |
264 | + cache="/var/cache/lxc/$release" |
265 | + mkdir -p /var/lock/subsys/ |
266 | + |
267 | + ( |
268 | + flock -n -x 200 |
269 | + if [ $? -ne 0 ]; then |
270 | + echo "Cache repository is busy." |
271 | + return 1 |
272 | + fi |
273 | + |
274 | + |
275 | + if [ $flushcache -eq 1 ]; then |
276 | + echo "Flushing cache..." |
277 | + rm -rf "$cache/partial-$arch" |
278 | + rm -rf "$cache/rootfs-$arch" |
279 | + fi |
280 | + |
281 | + echo "Checking cache download in $cache/rootfs-$arch ... " |
282 | + if [ ! -e "$cache/rootfs-$arch" ]; then |
283 | + download_ubuntu $cache $arch $release |
284 | + if [ $? -ne 0 ]; then |
285 | + echo "Failed to download 'ubuntu $release base'" |
286 | + return 1 |
287 | + fi |
288 | + fi |
289 | + |
290 | + echo "Copy $cache/rootfs-$arch to $rootfs ... " |
291 | + copy_ubuntu $cache $arch $rootfs |
292 | + if [ $? -ne 0 ]; then |
293 | + echo "Failed to copy rootfs" |
294 | + return 1 |
295 | + fi |
296 | + |
297 | + return 0 |
298 | + |
299 | + ) 200>/var/lock/subsys/lxc |
300 | + |
301 | + return $? |
302 | +} |
303 | + |
304 | +copy_configuration() |
305 | +{ |
306 | + path=$1 |
307 | + rootfs=$2 |
308 | + name=$3 |
309 | + arch=$4 |
310 | + release=$5 |
311 | + |
312 | + if [ $arch = "i386" ]; then |
313 | + arch="i686" |
314 | + fi |
315 | + |
316 | + ttydir="" |
317 | + if [ ! -f $rootfs/etc/init/container-detect.conf ]; then |
318 | + ttydir=" lxc" |
319 | + fi |
320 | + |
321 | + # if there is exactly one veth network entry, make sure it has an |
322 | + # associated hwaddr. |
323 | + nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l` |
324 | + if [ $nics -eq 1 ]; then |
325 | + grep -q "^lxc.network.hwaddr" $path/config || cat <<EOF >> $path/config |
326 | +lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//') |
327 | +EOF |
328 | + fi |
329 | + |
330 | + cat <<EOF >> $path/config |
331 | +lxc.utsname = $name |
332 | + |
333 | +lxc.devttydir =$ttydir |
334 | +lxc.tty = 4 |
335 | +lxc.pts = 1024 |
336 | +lxc.rootfs = $rootfs |
337 | +lxc.mount = $path/fstab |
338 | +lxc.arch = $arch |
339 | +lxc.cap.drop = sys_module mac_admin mac_override |
340 | +# uncomment the next line to run the container unconfined: |
341 | +#lxc.aa_profile = unconfined |
342 | + |
343 | +lxc.cgroup.devices.deny = a |
344 | +# Allow any mknod (but not using the node) |
345 | +lxc.cgroup.devices.allow = c *:* m |
346 | +lxc.cgroup.devices.allow = b *:* m |
347 | +# /dev/null and zero |
348 | +lxc.cgroup.devices.allow = c 1:3 rwm |
349 | +lxc.cgroup.devices.allow = c 1:5 rwm |
350 | +# consoles |
351 | +lxc.cgroup.devices.allow = c 5:1 rwm |
352 | +lxc.cgroup.devices.allow = c 5:0 rwm |
353 | +#lxc.cgroup.devices.allow = c 4:0 rwm |
354 | +#lxc.cgroup.devices.allow = c 4:1 rwm |
355 | +# /dev/{,u}random |
356 | +lxc.cgroup.devices.allow = c 1:9 rwm |
357 | +lxc.cgroup.devices.allow = c 1:8 rwm |
358 | +lxc.cgroup.devices.allow = c 136:* rwm |
359 | +lxc.cgroup.devices.allow = c 5:2 rwm |
360 | +# rtc |
361 | +lxc.cgroup.devices.allow = c 254:0 rwm |
362 | +#fuse |
363 | +lxc.cgroup.devices.allow = c 10:229 rwm |
364 | +#tun |
365 | +lxc.cgroup.devices.allow = c 10:200 rwm |
366 | +#full |
367 | +lxc.cgroup.devices.allow = c 1:7 rwm |
368 | +#hpet |
369 | +lxc.cgroup.devices.allow = c 10:228 rwm |
370 | +#kvm |
371 | +lxc.cgroup.devices.allow = c 10:232 rwm |
372 | +EOF |
373 | + |
374 | + cat <<EOF > $path/fstab |
375 | +proc proc proc nodev,noexec,nosuid 0 0 |
376 | +sysfs sys sysfs defaults 0 0 |
377 | +EOF |
378 | + |
379 | + if [ $? -ne 0 ]; then |
380 | + echo "Failed to add configuration" |
381 | + return 1 |
382 | + fi |
383 | + |
384 | + return 0 |
385 | +} |
386 | + |
387 | +trim() |
388 | +{ |
389 | + rootfs=$1 |
390 | + release=$2 |
391 | + |
392 | + # provide the lxc service |
393 | + cat <<EOF > $rootfs/etc/init/lxc.conf |
394 | +# fake some events needed for correct startup other services |
395 | + |
396 | +description "Container Upstart" |
397 | + |
398 | +start on startup |
399 | + |
400 | +script |
401 | + rm -rf /var/run/*.pid |
402 | + rm -rf /var/run/network/* |
403 | + /sbin/initctl emit stopped JOB=udevtrigger --no-wait |
404 | + /sbin/initctl emit started JOB=udev --no-wait |
405 | +end script |
406 | +EOF |
407 | + |
408 | + # fix buggus runlevel with sshd |
409 | + cat <<EOF > $rootfs/etc/init/ssh.conf |
410 | +# ssh - OpenBSD Secure Shell server |
411 | +# |
412 | +# The OpenSSH server provides secure shell access to the system. |
413 | + |
414 | +description "OpenSSH server" |
415 | + |
416 | +start on filesystem |
417 | +stop on runlevel [!2345] |
418 | + |
419 | +expect fork |
420 | +respawn |
421 | +respawn limit 10 5 |
422 | +umask 022 |
423 | +# replaces SSHD_OOM_ADJUST in /etc/default/ssh |
424 | +oom never |
425 | + |
426 | +pre-start script |
427 | + test -x /usr/sbin/sshd || { stop; exit 0; } |
428 | + test -e /etc/ssh/sshd_not_to_be_run && { stop; exit 0; } |
429 | + test -c /dev/null || { stop; exit 0; } |
430 | + |
431 | + mkdir -p -m0755 /var/run/sshd |
432 | +end script |
433 | + |
434 | +# if you used to set SSHD_OPTS in /etc/default/ssh, you can change the |
435 | +# 'exec' line here instead |
436 | +exec /usr/sbin/sshd |
437 | +EOF |
438 | + |
439 | + cat <<EOF > $rootfs/etc/init/console.conf |
440 | +# console - getty |
441 | +# |
442 | +# This service maintains a console on tty1 from the point the system is |
443 | +# started until it is shut down again. |
444 | + |
445 | +start on stopped rc RUNLEVEL=[2345] |
446 | +stop on runlevel [!2345] |
447 | + |
448 | +respawn |
449 | +exec /sbin/getty -8 38400 /dev/console |
450 | +EOF |
451 | + |
452 | + cat <<EOF > $rootfs/lib/init/fstab |
453 | +# /lib/init/fstab: cleared out for bare-bones lxc |
454 | +EOF |
455 | + |
456 | + # reconfigure some services |
457 | + if [ -z "$LANG" ]; then |
458 | + chroot $rootfs locale-gen en_US.UTF-8 |
459 | + chroot $rootfs update-locale LANG=en_US.UTF-8 |
460 | + else |
461 | + chroot $rootfs locale-gen $LANG |
462 | + chroot $rootfs update-locale LANG=$LANG |
463 | + fi |
464 | + |
465 | + # remove pointless services in a container |
466 | + chroot $rootfs /usr/sbin/update-rc.d -f ondemand remove |
467 | + |
468 | + chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls u*.conf); do mv $f $f.orig; done' |
469 | + chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls tty[2-9].conf); do mv $f $f.orig; done' |
470 | + chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls plymouth*.conf); do mv $f $f.orig; done' |
471 | + chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls hwclock*.conf); do mv $f $f.orig; done' |
472 | + chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls module*.conf); do mv $f $f.orig; done' |
473 | + |
474 | + # if this isn't lucid, then we need to twiddle the network upstart bits :( |
475 | + if [ $release != "lucid" ]; then |
476 | + sed -i 's/^.*emission handled.*$/echo Emitting lo/' $rootfs/etc/network/if-up.d/upstart |
477 | + fi |
478 | +} |
479 | + |
480 | +post_process() |
481 | +{ |
482 | + rootfs=$1 |
483 | + release=$2 |
484 | + trim_container=$3 |
485 | + |
486 | + if [ $trim_container -eq 1 ]; then |
487 | + trim $rootfs $release |
488 | + elif [ ! -f $rootfs/etc/init/container-detect.conf ]; then |
489 | + # Make sure we have a working resolv.conf |
490 | + cresolvonf="${rootfs}/etc/resolv.conf" |
491 | + mv $cresolvonf ${cresolvonf}.lxcbak |
492 | + cat /etc/resolv.conf > ${cresolvonf} |
493 | + |
494 | + # for lucid, if not trimming, then add the ubuntu-virt |
495 | + # ppa and install lxcguest |
496 | + if [ $release = "lucid" ]; then |
497 | + chroot $rootfs apt-get install --force-yes -y python-software-properties |
498 | + chroot $rootfs add-apt-repository ppa:ubuntu-virt/ppa |
499 | + fi |
500 | + |
501 | + chroot $rootfs apt-get update |
502 | + chroot $rootfs apt-get install --force-yes -y lxcguest |
503 | + |
504 | + # Restore old resolv.conf |
505 | + rm -f ${cresolvonf} |
506 | + mv ${cresolvonf}.lxcbak ${cresolvonf} |
507 | + fi |
508 | + |
509 | + # If the container isn't running a native architecture, setup multiarch |
510 | + if [ -x "$(ls -1 ${rootfs}/usr/bin/qemu-*-static 2>/dev/null)" ]; then |
511 | + mkdir -p ${rootfs}/etc/dpkg/dpkg.cfg.d |
512 | + echo "foreign-architecture ${hostarch}" > ${rootfs}/etc/dpkg/dpkg.cfg.d/lxc-multiarch |
513 | + |
514 | + # Save existing value of MIRROR and SECURITY_MIRROR |
515 | + DEFAULT_MIRROR=$MIRROR |
516 | + DEFAULT_SECURITY_MIRROR=$SECURITY_MIRROR |
517 | + |
518 | + # Write a new sources.list containing both native and multiarch entries |
519 | + > ${rootfs}/etc/apt/sources.list |
520 | + write_sourceslist $rootfs $arch "native" |
521 | + |
522 | + MIRROR=$DEFAULT_MIRROR |
523 | + SECURITY_MIRROR=$DEFAULT_SECURITY_MIRROR |
524 | + write_sourceslist $rootfs $hostarch "multiarch" |
525 | + |
526 | + # Finally update the lists and install upstart using the host architecture |
527 | + chroot $rootfs apt-get update |
528 | + chroot $rootfs apt-get install --force-yes -y --no-install-recommends upstart:${hostarch} mountall:${hostarch} iproute:${hostarch} isc-dhcp-client:${hostarch} |
529 | + fi |
530 | + |
531 | + # rmdir /dev/shm for containers that have /run/shm |
532 | + # I'm afraid of doing rm -rf $rootfs/dev/shm, in case it did |
533 | + # get bind mounted to the host's /run/shm. So try to rmdir |
534 | + # it, and in case that fails move it out of the way. |
535 | + if [ -d $rootfs/run/shm ]; then |
536 | + [ -d "$rootfs/dev/shm" ] && rmdir $rootfs/dev/shm |
537 | + [ -e "$rootfs/dev/shm" ] && mv $rootfs/dev/shm $rootfs/dev/shm.bak |
538 | + ln -s /run/shm $rootfs/dev/shm |
539 | + fi |
540 | +} |
541 | + |
542 | +do_bindhome() |
543 | +{ |
544 | + rootfs=$1 |
545 | + user=$2 |
546 | + |
547 | + # copy /etc/passwd, /etc/shadow, and /etc/group entries into container |
548 | + pwd=`getent passwd $user` || { echo "Failed to copy password entry for $user"; false; } |
549 | + echo $pwd >> $rootfs/etc/passwd |
550 | + |
551 | + # make sure user's shell exists in the container |
552 | + shell=`echo $pwd | cut -d: -f 7` |
553 | + if [ ! -x $rootfs/$shell ]; then |
554 | + echo "shell $shell for user $user was not found in the container." |
555 | + pkg=`dpkg -S $(readlink -m $shell) | cut -d ':' -f1` |
556 | + echo "Installing $pkg" |
557 | + chroot $rootfs apt-get --force-yes -y install $pkg |
558 | + fi |
559 | + |
560 | + shad=`getent shadow $user` |
561 | + echo "$shad" >> $rootfs/etc/shadow |
562 | + |
563 | + # bind-mount the user's path into the container's /home |
564 | + h=`getent passwd $user | cut -d: -f 6` |
565 | + mkdir -p $rootfs/$h |
566 | + |
567 | + # use relative path in container |
568 | + h2=${h#/} |
569 | + while [ ${h2:0:1} = "/" ]; do |
570 | + h2=${h2#/} |
571 | + done |
572 | + echo "$h $h2 none bind 0 0" >> $path/fstab |
573 | + |
574 | + # Make sure the group exists in container |
575 | + grp=`echo $pwd | cut -d: -f 4` # group number for $user |
576 | + grpe=`getent group $grp` || return 0 # if host doesn't define grp, ignore in container |
577 | + chroot $rootfs getent group "$grpe" || echo "$grpe" >> $rootfs/etc/group |
578 | +} |
579 | + |
580 | +usage() |
581 | +{ |
582 | + cat <<EOF |
583 | +$1 -h|--help [-a|--arch] [-b|--bindhome <user>] [--trim] [-d|--debug] |
584 | + [-F | --flush-cache] [-r|--release <release>] [ -S | --auth-key <keyfile>] |
585 | +release: the ubuntu release (e.g. precise): defaults to host release on ubuntu, otherwise uses latest LTS |
586 | +trim: make a minimal (faster, but not upgrade-safe) container |
587 | +bindhome: bind <user>'s home into the container |
588 | + The ubuntu user will not be created, and <user> will have |
589 | + sudo access. |
590 | +arch: the container architecture (e.g. amd64): defaults to host arch |
591 | +auth-key: SSH Public key file to inject into container |
592 | +EOF |
593 | + return 0 |
594 | +} |
595 | + |
596 | +options=$(getopt -o a:b:hp:r:xn:FS:d -l arch:,bindhome:,help,path:,release:,trim,name:,flush-cache,auth-key:,debug -- "$@") |
597 | +if [ $? -ne 0 ]; then |
598 | + usage $(basename $0) |
599 | + exit 1 |
600 | +fi |
601 | +eval set -- "$options" |
602 | + |
603 | +release=precise # Default to the last Ubuntu LTS release for non-Ubuntu systems |
604 | +if [ -f /etc/lsb-release ]; then |
605 | + . /etc/lsb-release |
606 | + if [ "$DISTRIB_ID" = "Ubuntu" ]; then |
607 | + release=$DISTRIB_CODENAME |
608 | + fi |
609 | +fi |
610 | + |
611 | +bindhome= |
612 | +arch=$(arch) |
613 | + |
614 | +# Code taken from debootstrap |
615 | +if [ -x /usr/bin/dpkg ] && /usr/bin/dpkg --print-architecture >/dev/null 2>&1; then |
616 | + arch=`/usr/bin/dpkg --print-architecture` |
617 | +elif type udpkg >/dev/null 2>&1 && udpkg --print-architecture >/dev/null 2>&1; then |
618 | + arch=`/usr/bin/udpkg --print-architecture` |
619 | +else |
620 | + arch=$(arch) |
621 | + if [ "$arch" = "i686" ]; then |
622 | + arch="i386" |
623 | + elif [ "$arch" = "x86_64" ]; then |
624 | + arch="amd64" |
625 | + elif [ "$arch" = "armv7l" ]; then |
626 | + arch="armel" |
627 | + fi |
628 | +fi |
629 | + |
630 | +debug=0 |
631 | +trim_container=0 |
632 | +hostarch=$arch |
633 | +flushcache=0 |
634 | +while true |
635 | +do |
636 | + case "$1" in |
637 | + -h|--help) usage $0 && exit 0;; |
638 | + -p|--path) path=$2; shift 2;; |
639 | + -n|--name) name=$2; shift 2;; |
640 | + -F|--flush-cache) flushcache=1; shift 1;; |
641 | + -r|--release) release=$2; shift 2;; |
642 | + -b|--bindhome) bindhome=$2; shift 2;; |
643 | + -a|--arch) arch=$2; shift 2;; |
644 | + -x|--trim) trim_container=1; shift 1;; |
645 | + -S|--auth-key) auth_key=$2; shift 2;; |
646 | + -d|--debug) debug=1; shift 1;; |
647 | + --) shift 1; break ;; |
648 | + *) break ;; |
649 | + esac |
650 | +done |
651 | + |
652 | +if [ $debug -eq 1 ]; then |
653 | + set -x |
654 | +fi |
655 | + |
656 | +if [ -n "$bindhome" ]; then |
657 | + pwd=`getent passwd $bindhome` |
658 | + if [ $? -ne 0 ]; then |
659 | + echo "Error: no password entry found for $bindhome" |
660 | + exit 1 |
661 | + fi |
662 | +fi |
663 | + |
664 | + |
665 | +if [ "$arch" == "i686" ]; then |
666 | + arch=i386 |
667 | +fi |
668 | + |
669 | +if [ $hostarch = "i386" -a $arch = "amd64" ]; then |
670 | + echo "can't create amd64 container on i386" |
671 | + exit 1 |
672 | +fi |
673 | + |
674 | +type debootstrap |
675 | +if [ $? -ne 0 ]; then |
676 | + echo "'debootstrap' command is missing" |
677 | + exit 1 |
678 | +fi |
679 | + |
680 | +if [ -z "$path" ]; then |
681 | + echo "'path' parameter is required" |
682 | + exit 1 |
683 | +fi |
684 | + |
685 | +if [ "$(id -u)" != "0" ]; then |
686 | + echo "This script should be run as 'root'" |
687 | + exit 1 |
688 | +fi |
689 | + |
690 | +rootfs=$path/rootfs |
691 | + |
692 | +install_ubuntu $rootfs $release $flushcache |
693 | +if [ $? -ne 0 ]; then |
694 | + echo "failed to install ubuntu $release" |
695 | + exit 1 |
696 | +fi |
697 | + |
698 | +configure_ubuntu $rootfs $name $release |
699 | +if [ $? -ne 0 ]; then |
700 | + echo "failed to configure ubuntu $release for a container" |
701 | + exit 1 |
702 | +fi |
703 | + |
704 | +copy_configuration $path $rootfs $name $arch $release |
705 | +if [ $? -ne 0 ]; then |
706 | + echo "failed write configuration file" |
707 | + exit 1 |
708 | +fi |
709 | + |
710 | +post_process $rootfs $release $trim_container |
711 | + |
712 | +if [ -n "$bindhome" ]; then |
713 | + do_bindhome $rootfs $bindhome |
714 | + finalize_user $bindhome |
715 | +else |
716 | + finalize_user ubuntu |
717 | +fi |
718 | + |
719 | +echo "" |
720 | +echo "##" |
721 | +echo "# The default user is 'ubuntu' with password 'ubuntu'!" |
722 | +echo "# Use the 'sudo' command to run tasks as root in the container." |
723 | +echo "##" |
724 | +echo "" |
725 | |
726 | === added directory '.pc/0085-pivot-dir' |
727 | === renamed directory '.pc/0085-pivot-dir' => '.pc/0085-pivot-dir.moved' |
728 | === added file '.pc/0085-pivot-dir/.timestamp' |
729 | === added directory '.pc/0085-pivot-dir/templates' |
730 | === added file '.pc/0085-pivot-dir/templates/lxc-ubuntu-cloud.in' |
731 | --- .pc/0085-pivot-dir/templates/lxc-ubuntu-cloud.in 1970-01-01 00:00:00 +0000 |
732 | +++ .pc/0085-pivot-dir/templates/lxc-ubuntu-cloud.in 2012-05-29 21:13:22 +0000 |
733 | @@ -0,0 +1,377 @@ |
734 | +#!/bin/bash |
735 | + |
736 | +# template script for generating ubuntu container for LXC based on released cloud |
737 | +# images |
738 | +# |
739 | +# Copyright © 2012 Serge Hallyn <serge.hallyn@canonical.com> |
740 | +# |
741 | +# This program is free software; you can redistribute it and/or modify |
742 | +# it under the terms of the GNU General Public License version 2, as |
743 | +# published by the Free Software Foundation. |
744 | + |
745 | +# This program is distributed in the hope that it will be useful, |
746 | +# but WITHOUT ANY WARRANTY; without even the implied warranty of |
747 | +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
748 | +# GNU General Public License for more details. |
749 | + |
750 | +# You should have received a copy of the GNU General Public License along |
751 | +# with this program; if not, write to the Free Software Foundation, Inc., |
752 | +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
753 | +# |
754 | + |
755 | +set -e |
756 | + |
757 | +if [ -r /etc/default/lxc ]; then |
758 | + . /etc/default/lxc |
759 | +fi |
760 | + |
761 | +copy_configuration() |
762 | +{ |
763 | + path=$1 |
764 | + rootfs=$2 |
765 | + name=$3 |
766 | + arch=$4 |
767 | + release=$5 |
768 | + |
769 | + if [ $arch = "i386" ]; then |
770 | + arch="i686" |
771 | + fi |
772 | + |
773 | + # if there is exactly one veth network entry, make sure it has an |
774 | + # associated hwaddr. |
775 | + nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l` |
776 | + if [ $nics -eq 1 ]; then |
777 | + grep -q "^lxc.network.hwaddr" $path/config || cat <<EOF >> $path/config |
778 | +lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//') |
779 | +EOF |
780 | + fi |
781 | + |
782 | + cat <<EOF >> $path/config |
783 | +lxc.utsname = $name |
784 | + |
785 | +lxc.tty = 4 |
786 | +lxc.pts = 1024 |
787 | +lxc.rootfs = $rootfs |
788 | +lxc.mount = $path/fstab |
789 | +lxc.arch = $arch |
790 | +lxc.cap.drop = sys_module mac_admin |
791 | +# uncomment the next line to run the container unconfined: |
792 | +#lxc.aa_profile = unconfined |
793 | + |
794 | +lxc.cgroup.devices.deny = a |
795 | +# Allow any mknod (but not using the node) |
796 | +lxc.cgroup.devices.allow = c *:* m |
797 | +lxc.cgroup.devices.allow = b *:* m |
798 | +# /dev/null and zero |
799 | +lxc.cgroup.devices.allow = c 1:3 rwm |
800 | +lxc.cgroup.devices.allow = c 1:5 rwm |
801 | +# consoles |
802 | +lxc.cgroup.devices.allow = c 5:1 rwm |
803 | +lxc.cgroup.devices.allow = c 5:0 rwm |
804 | +#lxc.cgroup.devices.allow = c 4:0 rwm |
805 | +#lxc.cgroup.devices.allow = c 4:1 rwm |
806 | +# /dev/{,u}random |
807 | +lxc.cgroup.devices.allow = c 1:9 rwm |
808 | +lxc.cgroup.devices.allow = c 1:8 rwm |
809 | +lxc.cgroup.devices.allow = c 136:* rwm |
810 | +lxc.cgroup.devices.allow = c 5:2 rwm |
811 | +# rtc |
812 | +lxc.cgroup.devices.allow = c 254:0 rwm |
813 | +#fuse |
814 | +lxc.cgroup.devices.allow = c 10:229 rwm |
815 | +#tun |
816 | +lxc.cgroup.devices.allow = c 10:200 rwm |
817 | +#full |
818 | +lxc.cgroup.devices.allow = c 1:7 rwm |
819 | +#hpet |
820 | +lxc.cgroup.devices.allow = c 10:228 rwm |
821 | +#kvm |
822 | +lxc.cgroup.devices.allow = c 10:232 rwm |
823 | +EOF |
824 | + |
825 | + cat <<EOF > $path/fstab |
826 | +proc proc proc nodev,noexec,nosuid 0 0 |
827 | +sysfs sys sysfs defaults 0 0 |
828 | +EOF |
829 | + |
830 | + # rmdir /dev/shm in precise and quantal containers. |
831 | + # I'm afraid of doing rm -rf $rootfs/dev/shm, in case it did |
832 | + # get bind mounted to the host's /run/shm. So try to rmdir |
833 | + # it, and in case that fails move it out of the way. |
834 | + if [ $release = "precise" ] || [ $release = "quantal" ]; then |
835 | + [ -d "$rootfs/dev/shm" ] && rmdir $rootfs/dev/shm |
836 | + [ -e "$rootfs/dev/shm" ] && mv $rootfs/dev/shm $rootfs/dev/shm.bak |
837 | + ln -s /run/shm $rootfs/dev/shm |
838 | + fi |
839 | + |
840 | + return 0 |
841 | +} |
842 | + |
843 | +usage() |
844 | +{ |
845 | + cat <<EOF |
846 | +LXC Container configuration for Ubuntu Cloud images. |
847 | + |
848 | +Generic Options |
849 | +[ -r | --release <release> ]: Release name of container, defaults to host |
850 | +[ -a | --arch ]: Arhcitecture of container, defaults to host arcitecture |
851 | +[ -C | --cloud ]: Configure container for use with meta-data service, defaults to no |
852 | +[ -T | --tarball ]: Location of tarball |
853 | +[ -d | --debug ]: Run with 'set -x' to debug errors |
854 | +[ -s | --stream]: Use specified stream rather than 'released' |
855 | + |
856 | +Options, mutually exclusive of "-C" and "--cloud": |
857 | + [ -i | --hostid ]: HostID for cloud-init, defaults to random string |
858 | + [ -u | --userdata ]: Cloud-init user-data file to configure container on start |
859 | + [ -S | --auth-key ]: SSH Public key file to inject into container |
860 | + [ -L | --nolocales ]: Do not copy host's locales into container |
861 | + |
862 | +EOF |
863 | + return 0 |
864 | +} |
865 | + |
866 | +options=$(getopt -o a:hp:r:n:Fi:CLS:T:ds: -l arch:,help,path:,release:,name:,flush-cache,hostid:,auth-key:,cloud,no_locales,tarball:,debug,stream:,userdata: -- "$@") |
867 | +if [ $? -ne 0 ]; then |
868 | + usage $(basename $0) |
869 | + exit 1 |
870 | +fi |
871 | +eval set -- "$options" |
872 | + |
873 | +release=lucid |
874 | +if [ -f /etc/lsb-release ]; then |
875 | + . /etc/lsb-release |
876 | + case "$DISTRIB_CODENAME" in |
877 | + lucid|natty|oneiric|precise|quantal) |
878 | + release=$DISTRIB_CODENAME |
879 | + ;; |
880 | + esac |
881 | +fi |
882 | + |
883 | +arch=$(arch) |
884 | + |
885 | +# Code taken from debootstrap |
886 | +if [ -x /usr/bin/dpkg ] && /usr/bin/dpkg --print-architecture >/dev/null 2>&1; then |
887 | + arch=`/usr/bin/dpkg --print-architecture` |
888 | +elif type udpkg >/dev/null 2>&1 && udpkg --print-architecture >/dev/null 2>&1; then |
889 | + arch=`/usr/bin/udpkg --print-architecture` |
890 | +else |
891 | + arch=$(arch) |
892 | + if [ "$arch" = "i686" ]; then |
893 | + arch="i386" |
894 | + elif [ "$arch" = "x86_64" ]; then |
895 | + arch="amd64" |
896 | + elif [ "$arch" = "armv7l" ]; then |
897 | + # note: arm images don't exist before oneiric; are called armhf in |
898 | + # precise and later; and are not supported by the query, so we don't actually |
899 | + # support them yet (see check later on). When Query2 is available, |
900 | + # we'll use that to enable arm images. |
901 | + arch="armel" |
902 | + fi |
903 | +fi |
904 | + |
905 | +debug=0 |
906 | +hostarch=$arch |
907 | +cloud=0 |
908 | +locales=1 |
909 | +flushcache=0 |
910 | +stream="released" |
911 | +while true |
912 | +do |
913 | + case "$1" in |
914 | + -h|--help) usage $0 && exit 0;; |
915 | + -p|--path) path=$2; shift 2;; |
916 | + -n|--name) name=$2; shift 2;; |
917 | + -F|--flush-cache) flushcache=1; shift 1;; |
918 | + -r|--release) release=$2; shift 2;; |
919 | + -a|--arch) arch=$2; shift 2;; |
920 | + -i|--hostid) host_id=$2; shift 2;; |
921 | + -u|--userdata) userdata=$2; shift 2;; |
922 | + -C|--cloud) cloud=1; shift 1;; |
923 | + -S|--auth-key) auth_key=$2; shift 2;; |
924 | + -L|--no_locales) locales=0; shift 2;; |
925 | + -T|--tarball) tarball=$2; shift 2;; |
926 | + -d|--debug) debug=1; shift 1;; |
927 | + -s|--stream) stream=$2; shift 2;; |
928 | + --) shift 1; break ;; |
929 | + *) break ;; |
930 | + esac |
931 | +done |
932 | + |
933 | +if [ $debug -eq 1 ]; then |
934 | + set -x |
935 | +fi |
936 | + |
937 | +if [ "$arch" == "i686" ]; then |
938 | + arch=i386 |
939 | +fi |
940 | + |
941 | +if [ $hostarch = "i386" -a $arch = "amd64" ]; then |
942 | + echo "can't create amd64 container on i386" |
943 | + exit 1 |
944 | +fi |
945 | + |
946 | +if [ $arch != "i386" -a $arch != "amd64" ]; then |
947 | + echo "Only i386 and amd64 are supported by the ubuntu cloud template." |
948 | + exit 1 |
949 | +fi |
950 | + |
951 | +if [ "$stream" != "daily" -a "$stream" != "released" ]; then |
952 | + echo "Only 'daily' and 'released' streams are supported" |
953 | + exit 1 |
954 | +fi |
955 | + |
956 | +if [ -n "$userdata" -a ! -f "$userdata" ]; then |
957 | + echo "Userdata does not exist" |
958 | + exit 1 |
959 | +fi |
960 | + |
961 | +if [ -z "$path" ]; then |
962 | + echo "'path' parameter is required" |
963 | + exit 1 |
964 | +fi |
965 | + |
966 | +if [ "$(id -u)" != "0" ]; then |
967 | + echo "This script should be run as 'root'" |
968 | + exit 1 |
969 | +fi |
970 | + |
971 | +rootfs=$path/rootfs |
972 | + |
973 | +type ubuntu-cloudimg-query |
974 | +type wget |
975 | + |
976 | +# determine the url, tarball, and directory names |
977 | +# download if needed |
978 | +cache="/var/cache/lxc/cloud-$release" |
979 | + |
980 | +mkdir -p $cache |
981 | + |
982 | +if [ -n "$tarball" ]; then |
983 | + url2="$tarball" |
984 | +else |
985 | + url1=`ubuntu-cloudimg-query $release $stream $arch --format "%{url}\n"` |
986 | + url2=`echo $url1 | sed -e 's/.tar.gz/-root\0/'` |
987 | +fi |
988 | + |
989 | +filename=`basename $url2` |
990 | + |
991 | +buildcleanup() |
992 | +{ |
993 | + cd $rootfs |
994 | + umount -l $cache/$xdir || true |
995 | + rm -rf $cache |
996 | +} |
997 | + |
998 | +# if the release doesn't have a *-rootfs.tar.gz, then create one from the |
999 | +# cloudimg.tar.gz by extracting the .img, mounting it loopback, and creating |
1000 | +# a tarball from the mounted image. |
1001 | +build_root_tgz() |
1002 | +{ |
1003 | + url=$1 |
1004 | + filename=$2 |
1005 | + |
1006 | + xdir=`mktemp -d -p .` |
1007 | + tarname=`basename $url` |
1008 | + imgname="$release-*-cloudimg-$arch.img" |
1009 | + trap buildcleanup EXIT |
1010 | + if [ $flushcache -eq 1 -o ! -f $cache/$tarname ]; then |
1011 | + rm -f $tarname |
1012 | + echo "Downloading cloud image from $url" |
1013 | + wget $url || { echo "Couldn't find cloud image $url."; exit 1; } |
1014 | + fi |
1015 | + echo "Creating new cached cloud image rootfs" |
1016 | + tar --wildcards -zxf $tarname $imgname |
1017 | + mount -o loop $imgname $xdir |
1018 | + (cd $xdir; tar zcf ../$filename .) |
1019 | + umount $xdir |
1020 | + rm -f $tarname $imgname |
1021 | + rmdir $xdir |
1022 | + echo "New cloud image cache created" |
1023 | + trap EXIT |
1024 | +} |
1025 | + |
1026 | +mkdir -p /var/lock/subsys/ |
1027 | +( |
1028 | + flock -n -x 200 |
1029 | + |
1030 | + cd $cache |
1031 | + if [ $flushcache -eq 1 ]; then |
1032 | + echo "Clearing the cached images" |
1033 | + rm -f $filename |
1034 | + fi |
1035 | + |
1036 | + if [ ! -f $filename ]; then |
1037 | + wget $url2 || build_root_tgz $url1 $filename |
1038 | + fi |
1039 | + |
1040 | + echo "Extracting container rootfs" |
1041 | + mkdir -p $rootfs |
1042 | + cd $rootfs |
1043 | + tar -zxf $cache/$filename |
1044 | + |
1045 | + |
1046 | + if [ $cloud -eq 0 ]; then |
1047 | + echo "Configuring for running outside of a cloud environment" |
1048 | + echo "If you want to configure for a cloud evironment, please use '-- -C' to create the container" |
1049 | + |
1050 | + seed_d=$rootfs/var/lib/cloud/seed/nocloud-net |
1051 | + rhostid=$(uuidgen | cut -c -8) |
1052 | + host_id=${hostid:-$rhostid} |
1053 | + mkdir -p $seed_d |
1054 | + |
1055 | + cat > "$seed_d/meta-data" <<EOF |
1056 | +instance_id: lxc-$host_id |
1057 | +EOF |
1058 | + |
1059 | + rm $rootfs/etc/hostname |
1060 | + |
1061 | + if [ $locales -eq 1 ]; then |
1062 | + cp /usr/lib/locale/locale-archive $rootfs/usr/lib/locale/locale-archive |
1063 | + fi |
1064 | + |
1065 | + |
1066 | + if [ -n "$auth_key" -a -f "$auth_key" ]; then |
1067 | + u_path="/home/ubuntu/.ssh" |
1068 | + root_u_path="$rootfs/$u_path" |
1069 | + mkdir -p $root_u_path |
1070 | + cp $auth_key "$root_u_path/authorized_keys" |
1071 | + chroot $rootfs chown -R ubuntu: "$u_path" |
1072 | + |
1073 | + echo "Inserted SSH public key from $auth_key into /home/ubuntu/.ssh/authorized_keys" |
1074 | + fi |
1075 | + |
1076 | + if [ -f "$userdata" ]; then |
1077 | + echo "Using custom user-data" |
1078 | + cp $userdata $seed_d/user-data |
1079 | + else |
1080 | + |
1081 | + if [ -z "$MIRROR" ]; then |
1082 | + MIRROR="http://archive.ubuntu.com/ubuntu" |
1083 | + fi |
1084 | + |
1085 | + cat > "$seed_d/user-data" <<EOF |
1086 | +#cloud-config |
1087 | +output: {all: '| tee -a /var/log/cloud-init-output.log'} |
1088 | +apt-mirror: $MIRROR |
1089 | +manage_etc_hosts: localhost |
1090 | +locale: $(/usr/bin/locale | awk -F= '/LANG=/ {print$NF}') |
1091 | +EOF |
1092 | + fi |
1093 | + |
1094 | + chroot $rootfs /usr/sbin/usermod -U ubuntu |
1095 | + echo "ubuntu:ubuntu" | chroot $rootfs chpasswd |
1096 | + echo "Please login as user ubuntu with password ubuntu." |
1097 | + |
1098 | + else |
1099 | + |
1100 | + echo "Configured for running in a cloud environment." |
1101 | + echo "If you do not have a meta-data service, this container will likely be useless." |
1102 | + |
1103 | + fi |
1104 | + |
1105 | +) 200>/var/lock/subsys/lxc-ubucloud |
1106 | + |
1107 | +copy_configuration $path $rootfs $name $arch $release |
1108 | + |
1109 | +echo "Container $name created." |
1110 | +exit 0 |
1111 | |
1112 | === added file '.pc/0085-pivot-dir/templates/lxc-ubuntu.in' |
1113 | --- .pc/0085-pivot-dir/templates/lxc-ubuntu.in 1970-01-01 00:00:00 +0000 |
1114 | +++ .pc/0085-pivot-dir/templates/lxc-ubuntu.in 2012-05-29 21:13:22 +0000 |
1115 | @@ -0,0 +1,688 @@ |
1116 | +#!/bin/bash |
1117 | + |
1118 | +# |
1119 | +# template script for generating ubuntu container for LXC |
1120 | +# |
1121 | +# This script consolidates and extends the existing lxc ubuntu scripts |
1122 | +# |
1123 | + |
1124 | +# Copyright © 2011 Serge Hallyn <serge.hallyn@canonical.com> |
1125 | +# Copyright © 2010 Wilhelm Meier |
1126 | +# Author: Wilhelm Meier <wilhelm.meier@fh-kl.de> |
1127 | +# |
1128 | +# This program is free software; you can redistribute it and/or modify |
1129 | +# it under the terms of the GNU General Public License version 2, as |
1130 | +# published by the Free Software Foundation. |
1131 | + |
1132 | +# This program is distributed in the hope that it will be useful, |
1133 | +# but WITHOUT ANY WARRANTY; without even the implied warranty of |
1134 | +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
1135 | +# GNU General Public License for more details. |
1136 | + |
1137 | +# You should have received a copy of the GNU General Public License along |
1138 | +# with this program; if not, write to the Free Software Foundation, Inc., |
1139 | +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
1140 | +# |
1141 | + |
1142 | +set -e |
1143 | + |
1144 | +if [ -r /etc/default/lxc ]; then |
1145 | + . /etc/default/lxc |
1146 | +fi |
1147 | + |
1148 | +configure_ubuntu() |
1149 | +{ |
1150 | + rootfs=$1 |
1151 | + hostname=$2 |
1152 | + release=$3 |
1153 | + |
1154 | + # configure the network using the dhcp |
1155 | + cat <<EOF > $rootfs/etc/network/interfaces |
1156 | +# This file describes the network interfaces available on your system |
1157 | +# and how to activate them. For more information, see interfaces(5). |
1158 | + |
1159 | +# The loopback network interface |
1160 | +auto lo |
1161 | +iface lo inet loopback |
1162 | + |
1163 | +auto eth0 |
1164 | +iface eth0 inet dhcp |
1165 | +EOF |
1166 | + |
1167 | + # set the hostname |
1168 | + cat <<EOF > $rootfs/etc/hostname |
1169 | +$hostname |
1170 | +EOF |
1171 | + # set minimal hosts |
1172 | + cat <<EOF > $rootfs/etc/hosts |
1173 | +127.0.0.1 localhost |
1174 | +127.0.1.1 $hostname |
1175 | + |
1176 | +# The following lines are desirable for IPv6 capable hosts |
1177 | +::1 ip6-localhost ip6-loopback |
1178 | +fe00::0 ip6-localnet |
1179 | +ff00::0 ip6-mcastprefix |
1180 | +ff02::1 ip6-allnodes |
1181 | +ff02::2 ip6-allrouters |
1182 | +EOF |
1183 | + |
1184 | + if [ ! -f $rootfs/etc/init/container-detect.conf ]; then |
1185 | + # suppress log level output for udev |
1186 | + sed -i "s/=\"err\"/=0/" $rootfs/etc/udev/udev.conf |
1187 | + |
1188 | + # remove jobs for consoles 5 and 6 since we only create 4 consoles in |
1189 | + # this template |
1190 | + rm -f $rootfs/etc/init/tty{5,6}.conf |
1191 | + fi |
1192 | + |
1193 | + if [ -z "$bindhome" ]; then |
1194 | + chroot $rootfs useradd --create-home -s /bin/bash ubuntu |
1195 | + echo "ubuntu:ubuntu" | chroot $rootfs chpasswd |
1196 | + fi |
1197 | + |
1198 | + return 0 |
1199 | +} |
1200 | + |
1201 | +# finish setting up the user in the container by injecting ssh key and |
1202 | +# adding sudo group membership. |
1203 | +# passed-in user is either 'ubuntu' or the user to bind in from host. |
1204 | +finalize_user() |
1205 | +{ |
1206 | + user=$1 |
1207 | + |
1208 | + sudo_version=$(chroot $rootfs dpkg-query -W -f='${Version}' sudo) |
1209 | + |
1210 | + if chroot $rootfs dpkg --compare-versions $sudo_version gt "1.8.3p1-1"; then |
1211 | + groups="sudo" |
1212 | + else |
1213 | + groups="sudo admin" |
1214 | + fi |
1215 | + |
1216 | + for group in $groups; do |
1217 | + chroot $rootfs groupadd --system $group >/dev/null 2>&1 || true |
1218 | + chroot $rootfs adduser ${user} $group >/dev/null 2>&1 || true |
1219 | + done |
1220 | + |
1221 | + if [ -n "$auth_key" -a -f "$auth_key" ]; then |
1222 | + u_path="/home/${user}/.ssh" |
1223 | + root_u_path="$rootfs/$u_path" |
1224 | + |
1225 | + mkdir -p $root_u_path |
1226 | + cp $auth_key "$root_u_path/authorized_keys" |
1227 | + chroot $rootfs chown -R ${user}: "$u_path" |
1228 | + |
1229 | + echo "Inserted SSH public key from $auth_key into /home/${user}/.ssh/authorized_keys" |
1230 | + fi |
1231 | + return 0 |
1232 | +} |
1233 | + |
1234 | +write_sourceslist() |
1235 | +{ |
1236 | + # $1 => path to the rootfs |
1237 | + # $2 => architecture we want to add |
1238 | + # $3 => whether to use the multi-arch syntax or not |
1239 | + |
1240 | + case $2 in |
1241 | + amd64|i386) |
1242 | + MIRROR=${MIRROR:-http://archive.ubuntu.com/ubuntu} |
1243 | + SECURITY_MIRROR=${SECURITY_MIRROR:-http://security.ubuntu.com/ubuntu} |
1244 | + ;; |
1245 | + *) |
1246 | + MIRROR=${MIRROR:-http://ports.ubuntu.com/ubuntu-ports} |
1247 | + SECURITY_MIRROR=${SECURITY_MIRROR:-http://ports.ubuntu.com/ubuntu-ports} |
1248 | + ;; |
1249 | + esac |
1250 | + if [ -n "$3" ]; then |
1251 | + cat >> "$1/etc/apt/sources.list" << EOF |
1252 | +deb [arch=$2] $MIRROR ${release} main restricted universe multiverse |
1253 | +deb [arch=$2] $MIRROR ${release}-updates main restricted universe multiverse |
1254 | +deb [arch=$2] $SECURITY_MIRROR ${release}-security main restricted universe multiverse |
1255 | +EOF |
1256 | + else |
1257 | + cat >> "$1/etc/apt/sources.list" << EOF |
1258 | +deb $MIRROR ${release} main restricted universe multiverse |
1259 | +deb $MIRROR ${release}-updates main restricted universe multiverse |
1260 | +deb $SECURITY_MIRROR ${release}-security main restricted universe multiverse |
1261 | +EOF |
1262 | + fi |
1263 | +} |
1264 | + |
1265 | +download_ubuntu() |
1266 | +{ |
1267 | + cache=$1 |
1268 | + arch=$2 |
1269 | + release=$3 |
1270 | + |
1271 | + packages=vim,ssh |
1272 | + echo "installing packages: $packages" |
1273 | + |
1274 | + # check the mini ubuntu was not already downloaded |
1275 | + mkdir -p "$cache/partial-$arch" |
1276 | + if [ $? -ne 0 ]; then |
1277 | + echo "Failed to create '$cache/partial-$arch' directory" |
1278 | + return 1 |
1279 | + fi |
1280 | + |
1281 | + # download a mini ubuntu into a cache |
1282 | + echo "Downloading ubuntu $release minimal ..." |
1283 | + if [ -n "$(which qemu-debootstrap)" ]; then |
1284 | + qemu-debootstrap --verbose --components=main,universe --arch=$arch --include=$packages $release $cache/partial-$arch $MIRROR |
1285 | + else |
1286 | + debootstrap --verbose --components=main,universe --arch=$arch --include=$packages $release $cache/partial-$arch $MIRROR |
1287 | + fi |
1288 | + |
1289 | + if [ $? -ne 0 ]; then |
1290 | + echo "Failed to download the rootfs, aborting." |
1291 | + return 1 |
1292 | + fi |
1293 | + |
1294 | + # Serge isn't sure whether we should avoid doing this when |
1295 | + # $release == `distro-info -d` |
1296 | + echo "Installing updates" |
1297 | + > $cache/partial-$arch/etc/apt/sources.list |
1298 | + write_sourceslist $cache/partial-$arch/ $arch |
1299 | + |
1300 | + chroot "$1/partial-${arch}" apt-get update |
1301 | + if [ $? -ne 0 ]; then |
1302 | + echo "Failed to update the apt cache" |
1303 | + return 1 |
1304 | + fi |
1305 | + cat > "$1/partial-${arch}"/usr/sbin/policy-rc.d << EOF |
1306 | +#!/bin/sh |
1307 | +exit 101 |
1308 | +EOF |
1309 | + chmod +x "$1/partial-${arch}"/usr/sbin/policy-rc.d |
1310 | + |
1311 | + lxc-unshare -s MOUNT -- chroot "$1/partial-${arch}" apt-get dist-upgrade -y |
1312 | + ret=$? |
1313 | + rm -f "$1/partial-${arch}"/usr/sbin/policy-rc.d |
1314 | + |
1315 | + if [ $ret -ne 0 ]; then |
1316 | + echo "Failed to upgrade the cache" |
1317 | + return 1 |
1318 | + fi |
1319 | + |
1320 | + mv "$1/partial-$arch" "$1/rootfs-$arch" |
1321 | + echo "Download complete" |
1322 | + return 0 |
1323 | +} |
1324 | + |
1325 | +copy_ubuntu() |
1326 | +{ |
1327 | + cache=$1 |
1328 | + arch=$2 |
1329 | + rootfs=$3 |
1330 | + |
1331 | + # make a local copy of the miniubuntu |
1332 | + echo "Copying rootfs to $rootfs ..." |
1333 | + mkdir -p $rootfs |
1334 | + rsync -a $cache/rootfs-$arch/ $rootfs/ || return 1 |
1335 | + return 0 |
1336 | +} |
1337 | + |
1338 | +install_ubuntu() |
1339 | +{ |
1340 | + rootfs=$1 |
1341 | + release=$2 |
1342 | + flushcache=$3 |
1343 | + cache="/var/cache/lxc/$release" |
1344 | + mkdir -p /var/lock/subsys/ |
1345 | + |
1346 | + ( |
1347 | + flock -n -x 200 |
1348 | + if [ $? -ne 0 ]; then |
1349 | + echo "Cache repository is busy." |
1350 | + return 1 |
1351 | + fi |
1352 | + |
1353 | + |
1354 | + if [ $flushcache -eq 1 ]; then |
1355 | + echo "Flushing cache..." |
1356 | + rm -rf "$cache/partial-$arch" |
1357 | + rm -rf "$cache/rootfs-$arch" |
1358 | + fi |
1359 | + |
1360 | + echo "Checking cache download in $cache/rootfs-$arch ... " |
1361 | + if [ ! -e "$cache/rootfs-$arch" ]; then |
1362 | + download_ubuntu $cache $arch $release |
1363 | + if [ $? -ne 0 ]; then |
1364 | + echo "Failed to download 'ubuntu $release base'" |
1365 | + return 1 |
1366 | + fi |
1367 | + fi |
1368 | + |
1369 | + echo "Copy $cache/rootfs-$arch to $rootfs ... " |
1370 | + copy_ubuntu $cache $arch $rootfs |
1371 | + if [ $? -ne 0 ]; then |
1372 | + echo "Failed to copy rootfs" |
1373 | + return 1 |
1374 | + fi |
1375 | + |
1376 | + return 0 |
1377 | + |
1378 | + ) 200>/var/lock/subsys/lxc |
1379 | + |
1380 | + return $? |
1381 | +} |
1382 | + |
1383 | +copy_configuration() |
1384 | +{ |
1385 | + path=$1 |
1386 | + rootfs=$2 |
1387 | + name=$3 |
1388 | + arch=$4 |
1389 | + release=$5 |
1390 | + |
1391 | + if [ $arch = "i386" ]; then |
1392 | + arch="i686" |
1393 | + fi |
1394 | + |
1395 | + ttydir="" |
1396 | + if [ ! -f $rootfs/etc/init/container-detect.conf ]; then |
1397 | + ttydir=" lxc" |
1398 | + fi |
1399 | + |
1400 | + # if there is exactly one veth network entry, make sure it has an |
1401 | + # associated hwaddr. |
1402 | + nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l` |
1403 | + if [ $nics -eq 1 ]; then |
1404 | + grep -q "^lxc.network.hwaddr" $path/config || cat <<EOF >> $path/config |
1405 | +lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//') |
1406 | +EOF |
1407 | + fi |
1408 | + |
1409 | + cat <<EOF >> $path/config |
1410 | +lxc.utsname = $name |
1411 | + |
1412 | +lxc.devttydir =$ttydir |
1413 | +lxc.tty = 4 |
1414 | +lxc.pts = 1024 |
1415 | +lxc.rootfs = $rootfs |
1416 | +lxc.mount = $path/fstab |
1417 | +lxc.arch = $arch |
1418 | +lxc.cap.drop = sys_module mac_admin mac_override |
1419 | +# uncomment the next line to run the container unconfined: |
1420 | +#lxc.aa_profile = unconfined |
1421 | + |
1422 | +lxc.cgroup.devices.deny = a |
1423 | +# Allow any mknod (but not using the node) |
1424 | +lxc.cgroup.devices.allow = c *:* m |
1425 | +lxc.cgroup.devices.allow = b *:* m |
1426 | +# /dev/null and zero |
1427 | +lxc.cgroup.devices.allow = c 1:3 rwm |
1428 | +lxc.cgroup.devices.allow = c 1:5 rwm |
1429 | +# consoles |
1430 | +lxc.cgroup.devices.allow = c 5:1 rwm |
1431 | +lxc.cgroup.devices.allow = c 5:0 rwm |
1432 | +#lxc.cgroup.devices.allow = c 4:0 rwm |
1433 | +#lxc.cgroup.devices.allow = c 4:1 rwm |
1434 | +# /dev/{,u}random |
1435 | +lxc.cgroup.devices.allow = c 1:9 rwm |
1436 | +lxc.cgroup.devices.allow = c 1:8 rwm |
1437 | +lxc.cgroup.devices.allow = c 136:* rwm |
1438 | +lxc.cgroup.devices.allow = c 5:2 rwm |
1439 | +# rtc |
1440 | +lxc.cgroup.devices.allow = c 254:0 rwm |
1441 | +#fuse |
1442 | +lxc.cgroup.devices.allow = c 10:229 rwm |
1443 | +#tun |
1444 | +lxc.cgroup.devices.allow = c 10:200 rwm |
1445 | +#full |
1446 | +lxc.cgroup.devices.allow = c 1:7 rwm |
1447 | +#hpet |
1448 | +lxc.cgroup.devices.allow = c 10:228 rwm |
1449 | +#kvm |
1450 | +lxc.cgroup.devices.allow = c 10:232 rwm |
1451 | +EOF |
1452 | + |
1453 | + cat <<EOF > $path/fstab |
1454 | +proc proc proc nodev,noexec,nosuid 0 0 |
1455 | +sysfs sys sysfs defaults 0 0 |
1456 | +EOF |
1457 | + |
1458 | + if [ $? -ne 0 ]; then |
1459 | + echo "Failed to add configuration" |
1460 | + return 1 |
1461 | + fi |
1462 | + |
1463 | + return 0 |
1464 | +} |
1465 | + |
1466 | +trim() |
1467 | +{ |
1468 | + rootfs=$1 |
1469 | + release=$2 |
1470 | + |
1471 | + # provide the lxc service |
1472 | + cat <<EOF > $rootfs/etc/init/lxc.conf |
1473 | +# fake some events needed for correct startup other services |
1474 | + |
1475 | +description "Container Upstart" |
1476 | + |
1477 | +start on startup |
1478 | + |
1479 | +script |
1480 | + rm -rf /var/run/*.pid |
1481 | + rm -rf /var/run/network/* |
1482 | + /sbin/initctl emit stopped JOB=udevtrigger --no-wait |
1483 | + /sbin/initctl emit started JOB=udev --no-wait |
1484 | +end script |
1485 | +EOF |
1486 | + |
1487 | + # fix buggus runlevel with sshd |
1488 | + cat <<EOF > $rootfs/etc/init/ssh.conf |
1489 | +# ssh - OpenBSD Secure Shell server |
1490 | +# |
1491 | +# The OpenSSH server provides secure shell access to the system. |
1492 | + |
1493 | +description "OpenSSH server" |
1494 | + |
1495 | +start on filesystem |
1496 | +stop on runlevel [!2345] |
1497 | + |
1498 | +expect fork |
1499 | +respawn |
1500 | +respawn limit 10 5 |
1501 | +umask 022 |
1502 | +# replaces SSHD_OOM_ADJUST in /etc/default/ssh |
1503 | +oom never |
1504 | + |
1505 | +pre-start script |
1506 | + test -x /usr/sbin/sshd || { stop; exit 0; } |
1507 | + test -e /etc/ssh/sshd_not_to_be_run && { stop; exit 0; } |
1508 | + test -c /dev/null || { stop; exit 0; } |
1509 | + |
1510 | + mkdir -p -m0755 /var/run/sshd |
1511 | +end script |
1512 | + |
1513 | +# if you used to set SSHD_OPTS in /etc/default/ssh, you can change the |
1514 | +# 'exec' line here instead |
1515 | +exec /usr/sbin/sshd |
1516 | +EOF |
1517 | + |
1518 | + cat <<EOF > $rootfs/etc/init/console.conf |
1519 | +# console - getty |
1520 | +# |
1521 | +# This service maintains a console on tty1 from the point the system is |
1522 | +# started until it is shut down again. |
1523 | + |
1524 | +start on stopped rc RUNLEVEL=[2345] |
1525 | +stop on runlevel [!2345] |
1526 | + |
1527 | +respawn |
1528 | +exec /sbin/getty -8 38400 /dev/console |
1529 | +EOF |
1530 | + |
1531 | + cat <<EOF > $rootfs/lib/init/fstab |
1532 | +# /lib/init/fstab: cleared out for bare-bones lxc |
1533 | +EOF |
1534 | + |
1535 | + # reconfigure some services |
1536 | + if [ -z "$LANG" ]; then |
1537 | + chroot $rootfs locale-gen en_US.UTF-8 |
1538 | + chroot $rootfs update-locale LANG=en_US.UTF-8 |
1539 | + else |
1540 | + chroot $rootfs locale-gen $LANG |
1541 | + chroot $rootfs update-locale LANG=$LANG |
1542 | + fi |
1543 | + |
1544 | + # remove pointless services in a container |
1545 | + chroot $rootfs /usr/sbin/update-rc.d -f ondemand remove |
1546 | + |
1547 | + chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls u*.conf); do mv $f $f.orig; done' |
1548 | + chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls tty[2-9].conf); do mv $f $f.orig; done' |
1549 | + chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls plymouth*.conf); do mv $f $f.orig; done' |
1550 | + chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls hwclock*.conf); do mv $f $f.orig; done' |
1551 | + chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls module*.conf); do mv $f $f.orig; done' |
1552 | + |
1553 | + # if this isn't lucid, then we need to twiddle the network upstart bits :( |
1554 | + if [ $release != "lucid" ]; then |
1555 | + sed -i 's/^.*emission handled.*$/echo Emitting lo/' $rootfs/etc/network/if-up.d/upstart |
1556 | + fi |
1557 | +} |
1558 | + |
1559 | +post_process() |
1560 | +{ |
1561 | + rootfs=$1 |
1562 | + release=$2 |
1563 | + trim_container=$3 |
1564 | + |
1565 | + if [ $trim_container -eq 1 ]; then |
1566 | + trim $rootfs $release |
1567 | + elif [ ! -f $rootfs/etc/init/container-detect.conf ]; then |
1568 | + # Make sure we have a working resolv.conf |
1569 | + cresolvonf="${rootfs}/etc/resolv.conf" |
1570 | + mv $cresolvonf ${cresolvonf}.lxcbak |
1571 | + cat /etc/resolv.conf > ${cresolvonf} |
1572 | + |
1573 | + # for lucid, if not trimming, then add the ubuntu-virt |
1574 | + # ppa and install lxcguest |
1575 | + if [ $release = "lucid" ]; then |
1576 | + chroot $rootfs apt-get install --force-yes -y python-software-properties |
1577 | + chroot $rootfs add-apt-repository ppa:ubuntu-virt/ppa |
1578 | + fi |
1579 | + |
1580 | + chroot $rootfs apt-get update |
1581 | + chroot $rootfs apt-get install --force-yes -y lxcguest |
1582 | + |
1583 | + # Restore old resolv.conf |
1584 | + rm -f ${cresolvonf} |
1585 | + mv ${cresolvonf}.lxcbak ${cresolvonf} |
1586 | + fi |
1587 | + |
1588 | + # If the container isn't running a native architecture, setup multiarch |
1589 | + if [ -x "$(ls -1 ${rootfs}/usr/bin/qemu-*-static 2>/dev/null)" ]; then |
1590 | + mkdir -p ${rootfs}/etc/dpkg/dpkg.cfg.d |
1591 | + echo "foreign-architecture ${hostarch}" > ${rootfs}/etc/dpkg/dpkg.cfg.d/lxc-multiarch |
1592 | + |
1593 | + # Save existing value of MIRROR and SECURITY_MIRROR |
1594 | + DEFAULT_MIRROR=$MIRROR |
1595 | + DEFAULT_SECURITY_MIRROR=$SECURITY_MIRROR |
1596 | + |
1597 | + # Write a new sources.list containing both native and multiarch entries |
1598 | + > ${rootfs}/etc/apt/sources.list |
1599 | + write_sourceslist $rootfs $arch "native" |
1600 | + |
1601 | + MIRROR=$DEFAULT_MIRROR |
1602 | + SECURITY_MIRROR=$DEFAULT_SECURITY_MIRROR |
1603 | + write_sourceslist $rootfs $hostarch "multiarch" |
1604 | + |
1605 | + # Finally update the lists and install upstart using the host architecture |
1606 | + chroot $rootfs apt-get update |
1607 | + chroot $rootfs apt-get install --force-yes -y --no-install-recommends upstart:${hostarch} mountall:${hostarch} iproute:${hostarch} isc-dhcp-client:${hostarch} |
1608 | + fi |
1609 | + |
1610 | + # rmdir /dev/shm for containers that have /run/shm |
1611 | + # I'm afraid of doing rm -rf $rootfs/dev/shm, in case it did |
1612 | + # get bind mounted to the host's /run/shm. So try to rmdir |
1613 | + # it, and in case that fails move it out of the way. |
1614 | + if [ -d $rootfs/run/shm ]; then |
1615 | + [ -d "$rootfs/dev/shm" ] && rmdir $rootfs/dev/shm |
1616 | + [ -e "$rootfs/dev/shm" ] && mv $rootfs/dev/shm $rootfs/dev/shm.bak |
1617 | + ln -s /run/shm $rootfs/dev/shm |
1618 | + fi |
1619 | +} |
1620 | + |
1621 | +do_bindhome() |
1622 | +{ |
1623 | + rootfs=$1 |
1624 | + user=$2 |
1625 | + |
1626 | + # copy /etc/passwd, /etc/shadow, and /etc/group entries into container |
1627 | + pwd=`getent passwd $user` || { echo "Failed to copy password entry for $user"; false; } |
1628 | + echo $pwd >> $rootfs/etc/passwd |
1629 | + |
1630 | + # make sure user's shell exists in the container |
1631 | + shell=`echo $pwd | cut -d: -f 7` |
1632 | + if [ ! -x $rootfs/$shell ]; then |
1633 | + echo "shell $shell for user $user was not found in the container." |
1634 | + pkg=`dpkg -S $(readlink -m $shell) | cut -d ':' -f1` |
1635 | + echo "Installing $pkg" |
1636 | + chroot $rootfs apt-get --force-yes -y install $pkg |
1637 | + fi |
1638 | + |
1639 | + shad=`getent shadow $user` |
1640 | + echo "$shad" >> $rootfs/etc/shadow |
1641 | + |
1642 | + # bind-mount the user's path into the container's /home |
1643 | + h=`getent passwd $user | cut -d: -f 6` |
1644 | + mkdir -p $rootfs/$h |
1645 | + |
1646 | + # use relative path in container |
1647 | + h2=${h#/} |
1648 | + while [ ${h2:0:1} = "/" ]; do |
1649 | + h2=${h2#/} |
1650 | + done |
1651 | + echo "$h $h2 none bind 0 0" >> $path/fstab |
1652 | + |
1653 | + # Make sure the group exists in container |
1654 | + grp=`echo $pwd | cut -d: -f 4` # group number for $user |
1655 | + grpe=`getent group $grp` || return 0 # if host doesn't define grp, ignore in container |
1656 | + chroot $rootfs getent group "$grpe" || echo "$grpe" >> $rootfs/etc/group |
1657 | +} |
1658 | + |
1659 | +usage() |
1660 | +{ |
1661 | + cat <<EOF |
1662 | +$1 -h|--help [-a|--arch] [-b|--bindhome <user>] [--trim] [-d|--debug] |
1663 | + [-F | --flush-cache] [-r|--release <release>] [ -S | --auth-key <keyfile>] |
1664 | +release: the ubuntu release (e.g. precise): defaults to host release on ubuntu, otherwise uses latest LTS |
1665 | +trim: make a minimal (faster, but not upgrade-safe) container |
1666 | +bindhome: bind <user>'s home into the container |
1667 | + The ubuntu user will not be created, and <user> will have |
1668 | + sudo access. |
1669 | +arch: the container architecture (e.g. amd64): defaults to host arch |
1670 | +auth-key: SSH Public key file to inject into container |
1671 | +EOF |
1672 | + return 0 |
1673 | +} |
1674 | + |
1675 | +options=$(getopt -o a:b:hp:r:xn:FS:d -l arch:,bindhome:,help,path:,release:,trim,name:,flush-cache,auth-key:,debug -- "$@") |
1676 | +if [ $? -ne 0 ]; then |
1677 | + usage $(basename $0) |
1678 | + exit 1 |
1679 | +fi |
1680 | +eval set -- "$options" |
1681 | + |
1682 | +release=precise # Default to the last Ubuntu LTS release for non-Ubuntu systems |
1683 | +if [ -f /etc/lsb-release ]; then |
1684 | + . /etc/lsb-release |
1685 | + if [ "$DISTRIB_ID" = "Ubuntu" ]; then |
1686 | + release=$DISTRIB_CODENAME |
1687 | + fi |
1688 | +fi |
1689 | + |
1690 | +bindhome= |
1691 | +arch=$(arch) |
1692 | + |
1693 | +# Code taken from debootstrap |
1694 | +if [ -x /usr/bin/dpkg ] && /usr/bin/dpkg --print-architecture >/dev/null 2>&1; then |
1695 | + arch=`/usr/bin/dpkg --print-architecture` |
1696 | +elif type udpkg >/dev/null 2>&1 && udpkg --print-architecture >/dev/null 2>&1; then |
1697 | + arch=`/usr/bin/udpkg --print-architecture` |
1698 | +else |
1699 | + arch=$(arch) |
1700 | + if [ "$arch" = "i686" ]; then |
1701 | + arch="i386" |
1702 | + elif [ "$arch" = "x86_64" ]; then |
1703 | + arch="amd64" |
1704 | + elif [ "$arch" = "armv7l" ]; then |
1705 | + arch="armel" |
1706 | + fi |
1707 | +fi |
1708 | + |
1709 | +debug=0 |
1710 | +trim_container=0 |
1711 | +hostarch=$arch |
1712 | +flushcache=0 |
1713 | +while true |
1714 | +do |
1715 | + case "$1" in |
1716 | + -h|--help) usage $0 && exit 0;; |
1717 | + -p|--path) path=$2; shift 2;; |
1718 | + -n|--name) name=$2; shift 2;; |
1719 | + -F|--flush-cache) flushcache=1; shift 1;; |
1720 | + -r|--release) release=$2; shift 2;; |
1721 | + -b|--bindhome) bindhome=$2; shift 2;; |
1722 | + -a|--arch) arch=$2; shift 2;; |
1723 | + -x|--trim) trim_container=1; shift 1;; |
1724 | + -S|--auth-key) auth_key=$2; shift 2;; |
1725 | + -d|--debug) debug=1; shift 1;; |
1726 | + --) shift 1; break ;; |
1727 | + *) break ;; |
1728 | + esac |
1729 | +done |
1730 | + |
1731 | +if [ $debug -eq 1 ]; then |
1732 | + set -x |
1733 | +fi |
1734 | + |
1735 | +if [ -n "$bindhome" ]; then |
1736 | + pwd=`getent passwd $bindhome` |
1737 | + if [ $? -ne 0 ]; then |
1738 | + echo "Error: no password entry found for $bindhome" |
1739 | + exit 1 |
1740 | + fi |
1741 | +fi |
1742 | + |
1743 | + |
1744 | +if [ "$arch" == "i686" ]; then |
1745 | + arch=i386 |
1746 | +fi |
1747 | + |
1748 | +if [ $hostarch = "i386" -a $arch = "amd64" ]; then |
1749 | + echo "can't create amd64 container on i386" |
1750 | + exit 1 |
1751 | +fi |
1752 | + |
1753 | +type debootstrap |
1754 | +if [ $? -ne 0 ]; then |
1755 | + echo "'debootstrap' command is missing" |
1756 | + exit 1 |
1757 | +fi |
1758 | + |
1759 | +if [ -z "$path" ]; then |
1760 | + echo "'path' parameter is required" |
1761 | + exit 1 |
1762 | +fi |
1763 | + |
1764 | +if [ "$(id -u)" != "0" ]; then |
1765 | + echo "This script should be run as 'root'" |
1766 | + exit 1 |
1767 | +fi |
1768 | + |
1769 | +rootfs=$path/rootfs |
1770 | + |
1771 | +install_ubuntu $rootfs $release $flushcache |
1772 | +if [ $? -ne 0 ]; then |
1773 | + echo "failed to install ubuntu $release" |
1774 | + exit 1 |
1775 | +fi |
1776 | + |
1777 | +configure_ubuntu $rootfs $name $release |
1778 | +if [ $? -ne 0 ]; then |
1779 | + echo "failed to configure ubuntu $release for a container" |
1780 | + exit 1 |
1781 | +fi |
1782 | + |
1783 | +copy_configuration $path $rootfs $name $arch $release |
1784 | +if [ $? -ne 0 ]; then |
1785 | + echo "failed write configuration file" |
1786 | + exit 1 |
1787 | +fi |
1788 | + |
1789 | +post_process $rootfs $release $trim_container |
1790 | + |
1791 | +if [ -n "$bindhome" ]; then |
1792 | + do_bindhome $rootfs $bindhome |
1793 | + finalize_user $bindhome |
1794 | +else |
1795 | + finalize_user ubuntu |
1796 | +fi |
1797 | + |
1798 | +echo "" |
1799 | +echo "##" |
1800 | +echo "# The default user is 'ubuntu' with password 'ubuntu'!" |
1801 | +echo "# Use the 'sudo' command to run tasks as root in the container." |
1802 | +echo "##" |
1803 | +echo "" |
1804 | |
1805 | === added file 'debian/lxc.dnsmasq' |
1806 | --- debian/lxc.dnsmasq 1970-01-01 00:00:00 +0000 |
1807 | +++ debian/lxc.dnsmasq 2012-05-29 21:13:22 +0000 |
1808 | @@ -0,0 +1,2 @@ |
1809 | +bind-interfaces |
1810 | +except-interface=lxcbr0 |
1811 | |
1812 | === renamed file 'debian/lxc.dnsmasq' => 'debian/lxc.dnsmasq.moved' |
1813 | === added file 'debian/patches/0084-lxc-ubuntu-drop-duplicate-code.patch' |
1814 | --- debian/patches/0084-lxc-ubuntu-drop-duplicate-code.patch 1970-01-01 00:00:00 +0000 |
1815 | +++ debian/patches/0084-lxc-ubuntu-drop-duplicate-code.patch 2012-05-29 21:13:22 +0000 |
1816 | @@ -0,0 +1,53 @@ |
1817 | +From d163cf279f26f44ad0d2a43c087d97c2b1063e7e Mon Sep 17 00:00:00 2001 |
1818 | +From: Serge Hallyn <serge.hallyn@ubuntu.com> |
1819 | +Date: Thu, 24 May 2012 14:19:57 -0500 |
1820 | +Subject: [PATCH 1/1] lxc-ubuntu.in: drop duplicate code |
1821 | + |
1822 | +Commits 15da01b3938d7ba45472e6c9d3b183a94dd86ca9 and |
1823 | +2e44ed1e647d9fd1544b7ad855bda22ca71abd12 conflicted and resulted in |
1824 | +some duplicate functionality. Drop the poorer version of that block. |
1825 | + |
1826 | +Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> |
1827 | +--- |
1828 | + templates/lxc-ubuntu.in | 28 ---------------------------- |
1829 | + 1 file changed, 28 deletions(-) |
1830 | + |
1831 | +Index: lxc/templates/lxc-ubuntu.in |
1832 | +=================================================================== |
1833 | +--- lxc.orig/templates/lxc-ubuntu.in 2012-05-24 14:24:14.836363000 -0500 |
1834 | ++++ lxc/templates/lxc-ubuntu.in 2012-05-24 14:26:55.384221133 -0500 |
1835 | +@@ -176,34 +176,6 @@ |
1836 | + return 1 |
1837 | + fi |
1838 | + |
1839 | +- echo "Installing updates" |
1840 | +- if [ -z "$MIRROR" ]; then |
1841 | +- MIRROR="http://archive.ubuntu.com/ubuntu" |
1842 | +- fi |
1843 | +- cat >> "$1/partial-${arch}/etc/apt/sources.list" << EOF |
1844 | +-deb $MIRROR ${release}-updates main universe |
1845 | +-deb http://security.ubuntu.com/ubuntu ${release}-security main universe |
1846 | +-EOF |
1847 | +- chroot "$1/partial-${arch}" apt-get update |
1848 | +- if [ $? -ne 0 ]; then |
1849 | +- echo "Failed to update the apt cache" |
1850 | +- return 1 |
1851 | +- fi |
1852 | +- cat > "$1/partial-${arch}"/usr/sbin/policy-rc.d << EOF |
1853 | +-#!/bin/sh |
1854 | +-exit 101 |
1855 | +-EOF |
1856 | +- chmod +x "$1/partial-${arch}"/usr/sbin/policy-rc.d |
1857 | +- |
1858 | +- chroot "$1/partial-${arch}" apt-get dist-upgrade -y |
1859 | +- ret=$? |
1860 | +- |
1861 | +- rm -f "$1/partial-${arch}"/usr/sbin/policy-rc.d |
1862 | +- if [ $ret -ne 0 ]; then |
1863 | +- echo "Failed to upgrade the cache" |
1864 | +- return 1 |
1865 | +- fi |
1866 | +- |
1867 | + # Serge isn't sure whether we should avoid doing this when |
1868 | + # $release == `distro-info -d` |
1869 | + echo "Installing updates" |
1870 | |
1871 | === renamed file 'debian/patches/0084-lxc-ubuntu-drop-duplicate-code.patch' => 'debian/patches/0084-lxc-ubuntu-drop-duplicate-code.patch.moved' |
1872 | === added file 'debian/patches/0085-pivot-dir' |
1873 | --- debian/patches/0085-pivot-dir 1970-01-01 00:00:00 +0000 |
1874 | +++ debian/patches/0085-pivot-dir 2012-05-29 21:13:22 +0000 |
1875 | @@ -0,0 +1,33 @@ |
1876 | +Description: use lxc_putold as the pivot_root put dir |
1877 | + By default we use mnt, but that means that lxc fstab entries do not work |
1878 | + when placed under the container's /mnt/. |
1879 | +Author: Serge Hallyn <serge.hallyn@ubuntu.com> |
1880 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/986385 |
1881 | +Forwarded: yes |
1882 | + |
1883 | +Index: lxc/templates/lxc-ubuntu-cloud.in |
1884 | +=================================================================== |
1885 | +--- lxc.orig/templates/lxc-ubuntu-cloud.in 2012-05-24 14:24:14.836363000 -0500 |
1886 | ++++ lxc/templates/lxc-ubuntu-cloud.in 2012-05-25 11:24:39.800430880 -0500 |
1887 | +@@ -55,6 +55,8 @@ |
1888 | + lxc.mount = $path/fstab |
1889 | + lxc.arch = $arch |
1890 | + lxc.cap.drop = sys_module mac_admin |
1891 | ++lxc.pivotdir = lxc_putold |
1892 | ++ |
1893 | + # uncomment the next line to run the container unconfined: |
1894 | + #lxc.aa_profile = unconfined |
1895 | + |
1896 | +Index: lxc/templates/lxc-ubuntu.in |
1897 | +=================================================================== |
1898 | +--- lxc.orig/templates/lxc-ubuntu.in 2012-05-24 14:26:55.384221133 -0500 |
1899 | ++++ lxc/templates/lxc-ubuntu.in 2012-05-25 11:24:28.688431175 -0500 |
1900 | +@@ -301,6 +301,8 @@ |
1901 | + lxc.mount = $path/fstab |
1902 | + lxc.arch = $arch |
1903 | + lxc.cap.drop = sys_module mac_admin mac_override |
1904 | ++lxc.pivotdir = lxc_putold |
1905 | ++ |
1906 | + # uncomment the next line to run the container unconfined: |
1907 | + #lxc.aa_profile = unconfined |
1908 | + |
1909 | |
1910 | === renamed file 'debian/patches/0085-pivot-dir' => 'debian/patches/0085-pivot-dir.moved' |