Ubuntu
lxc package

Merge lp:~ubuntu-branches/ubuntu/quantal/lxc/quantal-201210151516 into lp:ubuntu/quantal/lxc

  1. Quantal (12.10)
  2. quantal-201210151516
  3. Merge into quantal
Proposed by Ubuntu Package Importer
Status: Rejected
Rejected by: James Westby
Proposed branch: lp:~ubuntu-branches/ubuntu/quantal/lxc/quantal-201210151516
Merge into: lp:ubuntu/quantal/lxc
Diff against target: 1175 lines (+1154/-0) (has conflicts)
3 files modified
.pc/0224-ubuntu-templates-devtmpfs/templates/lxc-ubuntu-cloud.in (+406/-0)
.pc/0224-ubuntu-templates-devtmpfs/templates/lxc-ubuntu.in (+718/-0)
debian/patches/0224-ubuntu-templates-devtmpfs (+30/-0)
Conflict adding file .pc/0224-ubuntu-templates-devtmpfs.  Moved existing file to .pc/0224-ubuntu-templates-devtmpfs.moved.
Conflict adding file debian/patches/0224-ubuntu-templates-devtmpfs.  Moved existing file to debian/patches/0224-ubuntu-templates-devtmpfs.moved.
To merge this branch: bzr merge lp:~ubuntu-branches/ubuntu/quantal/lxc/quantal-201210151516
Reviewer Review Type Date Requested Status
Ubuntu branches Pending
Review via email: mp+129689@code.launchpad.net

Description of the change

The package importer has detected a possible inconsistency between the package history in the archive and the history in bzr. As the archive is authoritative the importer has made lp:ubuntu/quantal/lxc reflect what is in the archive and the old bzr branch has been pushed to lp:~ubuntu-branches/ubuntu/quantal/lxc/quantal-201210151516. This merge proposal was created so that an Ubuntu developer can review the situations and perform a merge/upload if necessary. There are three typical cases where this can happen.
  1. Where someone pushes a change to bzr and someone else uploads the package without that change. This is the reason that this check is done by the importer. If this appears to be the case then a merge/upload should be done if the changes that were in bzr are still desirable.
  2. The importer incorrectly detected the above situation when someone made a change in bzr and then uploaded it.
  3. The importer incorrectly detected the above situation when someone just uploaded a package and didn't touch bzr.

If this case doesn't appear to be the first situation then set the status of the merge proposal to "Rejected" and help avoid the problem in future by filing a bug at https://bugs.launchpad.net/udd linking to this merge proposal.

(this is an automatically generated message)

To post a comment you must log in.

Unmerged revisions

164. By Serge Hallyn

releasing version 0.8.0~rc1-4ubuntu37

163. By Serge Hallyn

0224-ubuntu-templates-devtmpfs: mount devtmpfs in ubuntu containers.
(LP: #1060404)

162. By Serge Hallyn

update 0222-debian-dhcp3-package: use dhcp3-client, not server!

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== added directory '.pc/0224-ubuntu-templates-devtmpfs'
=== renamed directory '.pc/0224-ubuntu-templates-devtmpfs' => '.pc/0224-ubuntu-templates-devtmpfs.moved'
=== added file '.pc/0224-ubuntu-templates-devtmpfs/.timestamp'
=== added directory '.pc/0224-ubuntu-templates-devtmpfs/templates'
=== added file '.pc/0224-ubuntu-templates-devtmpfs/templates/lxc-ubuntu'
=== added file '.pc/0224-ubuntu-templates-devtmpfs/templates/lxc-ubuntu-cloud.in'
--- .pc/0224-ubuntu-templates-devtmpfs/templates/lxc-ubuntu-cloud.in 1970-01-01 00:00:00 +0000
+++ .pc/0224-ubuntu-templates-devtmpfs/templates/lxc-ubuntu-cloud.in 2012-10-15 15:25:24 +0000
@@ -0,0 +1,406 @@
1#!/bin/bash
2
3# template script for generating ubuntu container for LXC based on released cloud
4# images
5#
6# Copyright © 2012 Serge Hallyn <serge.hallyn@canonical.com>
7#
8# This program is free software; you can redistribute it and/or modify
9# it under the terms of the GNU General Public License version 2, as
10# published by the Free Software Foundation.
11
12# This program is distributed in the hope that it will be useful,
13# but WITHOUT ANY WARRANTY; without even the implied warranty of
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15# GNU General Public License for more details.
16
17# You should have received a copy of the GNU General Public License along
18# with this program; if not, write to the Free Software Foundation, Inc.,
19# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20#
21
22set -e
23
24if [ -r /etc/default/lxc ]; then
25 . /etc/default/lxc
26fi
27
28copy_configuration()
29{
30 path=$1
31 rootfs=$2
32 name=$3
33 arch=$4
34 release=$5
35
36 if [ $arch = "i386" ]; then
37 arch="i686"
38 fi
39
40 # if there is exactly one veth network entry, make sure it has an
41 # associated hwaddr.
42 nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l`
43 if [ $nics -eq 1 ]; then
44 grep -q "^lxc.network.hwaddr" $path/config || cat <<EOF >> $path/config
45lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')
46EOF
47 fi
48
49 grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config
50 cat <<EOF >> $path/config
51lxc.utsname = $name
52
53lxc.tty = 4
54lxc.pts = 1024
55lxc.mount = $path/fstab
56lxc.arch = $arch
57lxc.cap.drop = sys_module mac_admin
58lxc.pivotdir = lxc_putold
59
60# uncomment the next line to run the container unconfined:
61#lxc.aa_profile = unconfined
62
63lxc.cgroup.devices.deny = a
64# Allow any mknod (but not using the node)
65lxc.cgroup.devices.allow = c *:* m
66lxc.cgroup.devices.allow = b *:* m
67# /dev/null and zero
68lxc.cgroup.devices.allow = c 1:3 rwm
69lxc.cgroup.devices.allow = c 1:5 rwm
70# consoles
71lxc.cgroup.devices.allow = c 5:1 rwm
72lxc.cgroup.devices.allow = c 5:0 rwm
73#lxc.cgroup.devices.allow = c 4:0 rwm
74#lxc.cgroup.devices.allow = c 4:1 rwm
75# /dev/{,u}random
76lxc.cgroup.devices.allow = c 1:9 rwm
77lxc.cgroup.devices.allow = c 1:8 rwm
78lxc.cgroup.devices.allow = c 136:* rwm
79lxc.cgroup.devices.allow = c 5:2 rwm
80# rtc
81lxc.cgroup.devices.allow = c 254:0 rwm
82#fuse
83lxc.cgroup.devices.allow = c 10:229 rwm
84#tun
85lxc.cgroup.devices.allow = c 10:200 rwm
86#full
87lxc.cgroup.devices.allow = c 1:7 rwm
88#hpet
89lxc.cgroup.devices.allow = c 10:228 rwm
90#kvm
91lxc.cgroup.devices.allow = c 10:232 rwm
92EOF
93
94 cat <<EOF > $path/fstab
95proc proc proc nodev,noexec,nosuid 0 0
96sysfs sys sysfs defaults 0 0
97EOF
98
99 # rmdir /dev/shm for containers that have /run/shm
100 # I'm afraid of doing rm -rf $rootfs/dev/shm, in case it did
101 # get bind mounted to the host's /run/shm. So try to rmdir
102 # it, and in case that fails move it out of the way.
103 if [ ! -L $rootfs/dev/shm ] && [ -d $rootfs/run/shm ] && [ -e $rootfs/dev/shm ]; then
104 mv $rootfs/dev/shm $rootfs/dev/shm.bak
105 ln -s /run/shm $rootfs/dev/shm
106 fi
107
108 return 0
109}
110
111usage()
112{
113 cat <<EOF
114LXC Container configuration for Ubuntu Cloud images.
115
116Generic Options
117[ -r | --release <release> ]: Release name of container, defaults to host
118[ -a | --arch ]: Arhcitecture of container, defaults to host arcitecture
119[ -C | --cloud ]: Configure container for use with meta-data service, defaults to no
120[ -T | --tarball ]: Location of tarball
121[ -d | --debug ]: Run with 'set -x' to debug errors
122[ -s | --stream]: Use specified stream rather than 'released'
123
124Options, mutually exclusive of "-C" and "--cloud":
125 [ -i | --hostid ]: HostID for cloud-init, defaults to random string
126 [ -u | --userdata ]: Cloud-init user-data file to configure container on start
127 [ -S | --auth-key ]: SSH Public key file to inject into container
128 [ -L | --nolocales ]: Do not copy host's locales into container
129
130EOF
131 return 0
132}
133
134options=$(getopt -o a:hp:r:n:Fi:CLS:T:ds: -l arch:,help,path:,release:,name:,flush-cache,hostid:,auth-key:,cloud,no_locales,tarball:,debug,stream:,userdata: -- "$@")
135if [ $? -ne 0 ]; then
136 usage $(basename $0)
137 exit 1
138fi
139eval set -- "$options"
140
141release=lucid
142if [ -f /etc/lsb-release ]; then
143 . /etc/lsb-release
144 case "$DISTRIB_CODENAME" in
145 lucid|natty|oneiric|precise|quantal)
146 release=$DISTRIB_CODENAME
147 ;;
148 esac
149fi
150
151arch=$(arch)
152
153# Code taken from debootstrap
154if [ -x /usr/bin/dpkg ] && /usr/bin/dpkg --print-architecture >/dev/null 2>&1; then
155 arch=`/usr/bin/dpkg --print-architecture`
156elif type udpkg >/dev/null 2>&1 && udpkg --print-architecture >/dev/null 2>&1; then
157 arch=`/usr/bin/udpkg --print-architecture`
158else
159 arch=$(arch)
160 if [ "$arch" = "i686" ]; then
161 arch="i386"
162 elif [ "$arch" = "x86_64" ]; then
163 arch="amd64"
164 elif [ "$arch" = "armv7l" ]; then
165 # note: arm images don't exist before oneiric; are called armhf in
166 # precise and later; and are not supported by the query, so we don't actually
167 # support them yet (see check later on). When Query2 is available,
168 # we'll use that to enable arm images.
169 arch="armel"
170 fi
171fi
172
173debug=0
174hostarch=$arch
175cloud=0
176locales=1
177flushcache=0
178stream="released"
179while true
180do
181 case "$1" in
182 -h|--help) usage $0 && exit 0;;
183 -p|--path) path=$2; shift 2;;
184 -n|--name) name=$2; shift 2;;
185 -F|--flush-cache) flushcache=1; shift 1;;
186 -r|--release) release=$2; shift 2;;
187 -a|--arch) arch=$2; shift 2;;
188 -i|--hostid) host_id=$2; shift 2;;
189 -u|--userdata) userdata=$2; shift 2;;
190 -C|--cloud) cloud=1; shift 1;;
191 -S|--auth-key) auth_key=$2; shift 2;;
192 -L|--no_locales) locales=0; shift 2;;
193 -T|--tarball) tarball=$2; shift 2;;
194 -d|--debug) debug=1; shift 1;;
195 -s|--stream) stream=$2; shift 2;;
196 --) shift 1; break ;;
197 *) break ;;
198 esac
199done
200
201if [ $debug -eq 1 ]; then
202 set -x
203fi
204
205if [ "$arch" == "i686" ]; then
206 arch=i386
207fi
208
209if [ $hostarch = "i386" -a $arch = "amd64" ]; then
210 echo "can't create amd64 container on i386"
211 exit 1
212fi
213
214if [ $arch != "i386" -a $arch != "amd64" ]; then
215 echo "Only i386 and amd64 are supported by the ubuntu cloud template."
216 exit 1
217fi
218
219if [ "$stream" != "daily" -a "$stream" != "released" ]; then
220 echo "Only 'daily' and 'released' streams are supported"
221 exit 1
222fi
223
224if [ -n "$userdata" ]; then
225 if [ ! -f "$userdata" ]; then
226 echo "Userdata ($userdata) does not exist"
227 exit 1
228 else
229 userdata=`readlink -f $userdata`
230 fi
231fi
232
233if [ -n "$auth_key" ]; then
234 if [ ! -f "$auth_key" ]; then
235 echo "--auth-key=${auth_key} must reference a file"
236 exit 1
237 fi
238 auth_key=$(readlink -f "${auth_key}") ||
239 { echo "failed to get full path for auth_key"; exit 1; }
240fi
241
242if [ -z "$path" ]; then
243 echo "'path' parameter is required"
244 exit 1
245fi
246
247if [ "$(id -u)" != "0" ]; then
248 echo "This script should be run as 'root'"
249 exit 1
250fi
251
252# detect rootfs
253config="$path/config"
254if grep -q '^lxc.rootfs' $config 2>/dev/null ; then
255 rootfs=`grep 'lxc.rootfs =' $config | awk -F= '{ print $2 }'`
256else
257 rootfs=$path/rootfs
258fi
259
260type ubuntu-cloudimg-query
261type wget
262
263# determine the url, tarball, and directory names
264# download if needed
265cache="/var/cache/lxc/cloud-$release"
266
267mkdir -p $cache
268
269if [ -n "$tarball" ]; then
270 url2="$tarball"
271else
272 url1=`ubuntu-cloudimg-query $release $stream $arch --format "%{url}\n"`
273 url2=`echo $url1 | sed -e 's/.tar.gz/-root\0/'`
274fi
275
276filename=`basename $url2`
277
278wgetcleanup()
279{
280 rm -f $filename
281}
282
283buildcleanup()
284{
285 cd $rootfs
286 umount -l $cache/$xdir || true
287 rm -rf $cache
288}
289
290# if the release doesn't have a *-rootfs.tar.gz, then create one from the
291# cloudimg.tar.gz by extracting the .img, mounting it loopback, and creating
292# a tarball from the mounted image.
293build_root_tgz()
294{
295 url=$1
296 filename=$2
297
298 xdir=`mktemp -d -p .`
299 tarname=`basename $url`
300 imgname="$release-*-cloudimg-$arch.img"
301 trap buildcleanup EXIT SIGHUP SIGINT SIGTERM
302 if [ $flushcache -eq 1 -o ! -f $cache/$tarname ]; then
303 rm -f $tarname
304 echo "Downloading cloud image from $url"
305 wget $url || { echo "Couldn't find cloud image $url."; exit 1; }
306 fi
307 echo "Creating new cached cloud image rootfs"
308 tar --wildcards -zxf $tarname $imgname
309 mount -o loop $imgname $xdir
310 (cd $xdir; tar zcf ../$filename .)
311 umount $xdir
312 rm -f $tarname $imgname
313 rmdir $xdir
314 echo "New cloud image cache created"
315 trap EXIT
316 trap SIGHUP
317 trap SIGINT
318 trap SIGTERM
319}
320
321mkdir -p /var/lock/subsys/
322(
323 flock -x 200
324
325 cd $cache
326 if [ $flushcache -eq 1 ]; then
327 echo "Clearing the cached images"
328 rm -f $filename
329 fi
330
331 trap wgetcleanup EXIT SIGHUP SIGINT SIGTERM
332 if [ ! -f $filename ]; then
333 wget $url2 || build_root_tgz $url1 $filename
334 fi
335 trap EXIT
336 trap SIGHUP
337 trap SIGINT
338 trap SIGTERM
339
340 echo "Extracting container rootfs"
341 mkdir -p $rootfs
342 cd $rootfs
343 tar -zxf $cache/$filename
344
345
346 if [ $cloud -eq 0 ]; then
347 echo "Configuring for running outside of a cloud environment"
348 echo "If you want to configure for a cloud evironment, please use '-- -C' to create the container"
349
350 seed_d=$rootfs/var/lib/cloud/seed/nocloud-net
351 rhostid=$(uuidgen | cut -c -8)
352 host_id=${hostid:-$rhostid}
353 mkdir -p $seed_d
354
355 cat > "$seed_d/meta-data" <<EOF
356instance-id: lxc-$host_id
357EOF
358 if [ -n "$auth_key" ]; then
359 {
360 echo "public-keys:" &&
361 sed -e '/^$/d' -e 's,^,- ,' "$auth_key" "$auth_key"
362 } >> "$seed_d/meta-data"
363 [ $? -eq 0 ] ||
364 { echo "failed to write public keys to metadata"; exit 1; }
365 fi
366
367 rm $rootfs/etc/hostname
368
369 if [ $locales -eq 1 ]; then
370 cp /usr/lib/locale/locale-archive $rootfs/usr/lib/locale/locale-archive
371 fi
372
373 if [ -f "$userdata" ]; then
374 echo "Using custom user-data"
375 cp $userdata $seed_d/user-data
376 else
377
378 if [ -z "$MIRROR" ]; then
379 MIRROR="http://archive.ubuntu.com/ubuntu"
380 fi
381
382 cat > "$seed_d/user-data" <<EOF
383#cloud-config
384output: {all: '| tee -a /var/log/cloud-init-output.log'}
385apt_mirror: $MIRROR
386manage_etc_hosts: localhost
387locale: $(/usr/bin/locale | awk -F= '/LANG=/ {print$NF}')
388password: ubuntu
389chpasswd: { expire: False }
390EOF
391 fi
392
393 else
394
395 echo "Configured for running in a cloud environment."
396 echo "If you do not have a meta-data service, this container will likely be useless."
397
398 fi
399) 200>/var/lock/subsys/lxc-ubucloud
400
401copy_configuration $path $rootfs $name $arch $release
402
403echo "Container $name created."
404exit 0
405
406# vi: ts=4 expandtab
0407
=== added file '.pc/0224-ubuntu-templates-devtmpfs/templates/lxc-ubuntu.in'
--- .pc/0224-ubuntu-templates-devtmpfs/templates/lxc-ubuntu.in 1970-01-01 00:00:00 +0000
+++ .pc/0224-ubuntu-templates-devtmpfs/templates/lxc-ubuntu.in 2012-10-15 15:25:24 +0000
@@ -0,0 +1,718 @@
1#!/bin/bash
2
3#
4# template script for generating ubuntu container for LXC
5#
6# This script consolidates and extends the existing lxc ubuntu scripts
7#
8
9# Copyright © 2011 Serge Hallyn <serge.hallyn@canonical.com>
10# Copyright © 2010 Wilhelm Meier
11# Author: Wilhelm Meier <wilhelm.meier@fh-kl.de>
12#
13# This program is free software; you can redistribute it and/or modify
14# it under the terms of the GNU General Public License version 2, as
15# published by the Free Software Foundation.
16
17# This program is distributed in the hope that it will be useful,
18# but WITHOUT ANY WARRANTY; without even the implied warranty of
19# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20# GNU General Public License for more details.
21
22# You should have received a copy of the GNU General Public License along
23# with this program; if not, write to the Free Software Foundation, Inc.,
24# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25#
26
27set -e
28
29if [ -r /etc/default/lxc ]; then
30 . /etc/default/lxc
31fi
32
33configure_ubuntu()
34{
35 rootfs=$1
36 hostname=$2
37 release=$3
38
39 # configure the network using the dhcp
40 cat <<EOF > $rootfs/etc/network/interfaces
41# This file describes the network interfaces available on your system
42# and how to activate them. For more information, see interfaces(5).
43
44# The loopback network interface
45auto lo
46iface lo inet loopback
47
48auto eth0
49iface eth0 inet dhcp
50EOF
51
52 # set the hostname
53 cat <<EOF > $rootfs/etc/hostname
54$hostname
55EOF
56 # set minimal hosts
57 cat <<EOF > $rootfs/etc/hosts
58127.0.0.1 localhost
59127.0.1.1 $hostname
60
61# The following lines are desirable for IPv6 capable hosts
62::1 ip6-localhost ip6-loopback
63fe00::0 ip6-localnet
64ff00::0 ip6-mcastprefix
65ff02::1 ip6-allnodes
66ff02::2 ip6-allrouters
67EOF
68
69 if [ ! -f $rootfs/etc/init/container-detect.conf ]; then
70 # suppress log level output for udev
71 sed -i "s/=\"err\"/=0/" $rootfs/etc/udev/udev.conf
72
73 # remove jobs for consoles 5 and 6 since we only create 4 consoles in
74 # this template
75 rm -f $rootfs/etc/init/tty{5,6}.conf
76 fi
77
78 if [ -z "$bindhome" ]; then
79 chroot $rootfs useradd --create-home -s /bin/bash ubuntu
80 echo "ubuntu:ubuntu" | chroot $rootfs chpasswd
81 fi
82
83 return 0
84}
85
86# finish setting up the user in the container by injecting ssh key and
87# adding sudo group membership.
88# passed-in user is either 'ubuntu' or the user to bind in from host.
89finalize_user()
90{
91 user=$1
92
93 sudo_version=$(chroot $rootfs dpkg-query -W -f='${Version}' sudo)
94
95 if chroot $rootfs dpkg --compare-versions $sudo_version gt "1.8.3p1-1"; then
96 groups="sudo"
97 else
98 groups="sudo admin"
99 fi
100
101 for group in $groups; do
102 chroot $rootfs groupadd --system $group >/dev/null 2>&1 || true
103 chroot $rootfs adduser ${user} $group >/dev/null 2>&1 || true
104 done
105
106 if [ -n "$auth_key" -a -f "$auth_key" ]; then
107 u_path="/home/${user}/.ssh"
108 root_u_path="$rootfs/$u_path"
109
110 mkdir -p $root_u_path
111 cp $auth_key "$root_u_path/authorized_keys"
112 chroot $rootfs chown -R ${user}: "$u_path"
113
114 echo "Inserted SSH public key from $auth_key into /home/${user}/.ssh/authorized_keys"
115 fi
116 return 0
117}
118
119write_sourceslist()
120{
121 # $1 => path to the rootfs
122 # $2 => architecture we want to add
123 # $3 => whether to use the multi-arch syntax or not
124
125 case $2 in
126 amd64|i386)
127 MIRROR=${MIRROR:-http://archive.ubuntu.com/ubuntu}
128 SECURITY_MIRROR=${SECURITY_MIRROR:-http://security.ubuntu.com/ubuntu}
129 ;;
130 *)
131 MIRROR=${MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
132 SECURITY_MIRROR=${SECURITY_MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
133 ;;
134 esac
135 if [ -n "$3" ]; then
136 cat >> "$1/etc/apt/sources.list" << EOF
137deb [arch=$2] $MIRROR ${release} main restricted universe multiverse
138deb [arch=$2] $MIRROR ${release}-updates main restricted universe multiverse
139deb [arch=$2] $SECURITY_MIRROR ${release}-security main restricted universe multiverse
140EOF
141 else
142 cat >> "$1/etc/apt/sources.list" << EOF
143deb $MIRROR ${release} main restricted universe multiverse
144deb $MIRROR ${release}-updates main restricted universe multiverse
145deb $SECURITY_MIRROR ${release}-security main restricted universe multiverse
146EOF
147 fi
148}
149
150cleanup()
151{
152 rm -rf $cache/partial-$arch
153 rm -rf $cache/rootfs-$arch
154}
155
156suggest_flush()
157{
158 echo "Container upgrade failed. The container cache may be out of date,"
159 echo "in which case flushing the case (see -F in the hep output) may help."
160}
161
162download_ubuntu()
163{
164 cache=$1
165 arch=$2
166 release=$3
167
168 packages=vim,ssh
169 echo "installing packages: $packages"
170
171 trap cleanup EXIT SIGHUP SIGINT SIGTERM
172 # check the mini ubuntu was not already downloaded
173 mkdir -p "$cache/partial-$arch"
174 if [ $? -ne 0 ]; then
175 echo "Failed to create '$cache/partial-$arch' directory"
176 return 1
177 fi
178
179 # download a mini ubuntu into a cache
180 echo "Downloading ubuntu $release minimal ..."
181 if [ -n "$(which qemu-debootstrap)" ]; then
182 qemu-debootstrap --verbose --components=main,universe --arch=$arch --include=$packages $release $cache/partial-$arch $MIRROR
183 else
184 debootstrap --verbose --components=main,universe --arch=$arch --include=$packages $release $cache/partial-$arch $MIRROR
185 fi
186
187 if [ $? -ne 0 ]; then
188 echo "Failed to download the rootfs, aborting."
189 return 1
190 fi
191
192 # Serge isn't sure whether we should avoid doing this when
193 # $release == `distro-info -d`
194 echo "Installing updates"
195 > $cache/partial-$arch/etc/apt/sources.list
196 write_sourceslist $cache/partial-$arch/ $arch
197
198 chroot "$1/partial-${arch}" apt-get update
199 if [ $? -ne 0 ]; then
200 echo "Failed to update the apt cache"
201 return 1
202 fi
203 cat > "$1/partial-${arch}"/usr/sbin/policy-rc.d << EOF
204#!/bin/sh
205exit 101
206EOF
207 chmod +x "$1/partial-${arch}"/usr/sbin/policy-rc.d
208
209 lxc-unshare -s MOUNT -- chroot "$1/partial-${arch}" apt-get dist-upgrade -y || { suggest_flush; false; }
210 rm -f "$1/partial-${arch}"/usr/sbin/policy-rc.d
211
212 chroot "$1/partial-${arch}" apt-get clean
213
214 mv "$1/partial-$arch" "$1/rootfs-$arch"
215 trap EXIT
216 trap SIGINT
217 trap SIGTERM
218 trap SIGHUP
219 echo "Download complete"
220 return 0
221}
222
223copy_ubuntu()
224{
225 cache=$1
226 arch=$2
227 rootfs=$3
228
229 # make a local copy of the miniubuntu
230 echo "Copying rootfs to $rootfs ..."
231 mkdir -p $rootfs
232 rsync -a $cache/rootfs-$arch/ $rootfs/ || return 1
233 return 0
234}
235
236install_ubuntu()
237{
238 rootfs=$1
239 release=$2
240 flushcache=$3
241 cache="/var/cache/lxc/$release"
242 mkdir -p /var/lock/subsys/
243
244 (
245 flock -x 200
246 if [ $? -ne 0 ]; then
247 echo "Cache repository is busy."
248 return 1
249 fi
250
251
252 if [ $flushcache -eq 1 ]; then
253 echo "Flushing cache..."
254 rm -rf "$cache/partial-$arch"
255 rm -rf "$cache/rootfs-$arch"
256 fi
257
258 echo "Checking cache download in $cache/rootfs-$arch ... "
259 if [ ! -e "$cache/rootfs-$arch" ]; then
260 download_ubuntu $cache $arch $release
261 if [ $? -ne 0 ]; then
262 echo "Failed to download 'ubuntu $release base'"
263 return 1
264 fi
265 fi
266
267 echo "Copy $cache/rootfs-$arch to $rootfs ... "
268 copy_ubuntu $cache $arch $rootfs
269 if [ $? -ne 0 ]; then
270 echo "Failed to copy rootfs"
271 return 1
272 fi
273
274 return 0
275
276 ) 200>/var/lock/subsys/lxc
277
278 return $?
279}
280
281copy_configuration()
282{
283 path=$1
284 rootfs=$2
285 name=$3
286 arch=$4
287 release=$5
288
289 if [ $arch = "i386" ]; then
290 arch="i686"
291 fi
292
293 ttydir=""
294 if [ -f $rootfs/etc/init/container-detect.conf ]; then
295 ttydir=" lxc"
296 fi
297
298 # if there is exactly one veth network entry, make sure it has an
299 # associated hwaddr.
300 nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l`
301 if [ $nics -eq 1 ]; then
302 grep -q "^lxc.network.hwaddr" $path/config || cat <<EOF >> $path/config
303lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')
304EOF
305 fi
306
307 grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config
308 cat <<EOF >> $path/config
309lxc.utsname = $name
310
311lxc.devttydir =$ttydir
312lxc.tty = 4
313lxc.pts = 1024
314lxc.mount = $path/fstab
315lxc.arch = $arch
316lxc.cap.drop = sys_module mac_admin mac_override
317lxc.pivotdir = lxc_putold
318
319# uncomment the next line to run the container unconfined:
320#lxc.aa_profile = unconfined
321
322lxc.cgroup.devices.deny = a
323# Allow any mknod (but not using the node)
324lxc.cgroup.devices.allow = c *:* m
325lxc.cgroup.devices.allow = b *:* m
326# /dev/null and zero
327lxc.cgroup.devices.allow = c 1:3 rwm
328lxc.cgroup.devices.allow = c 1:5 rwm
329# consoles
330lxc.cgroup.devices.allow = c 5:1 rwm
331lxc.cgroup.devices.allow = c 5:0 rwm
332#lxc.cgroup.devices.allow = c 4:0 rwm
333#lxc.cgroup.devices.allow = c 4:1 rwm
334# /dev/{,u}random
335lxc.cgroup.devices.allow = c 1:9 rwm
336lxc.cgroup.devices.allow = c 1:8 rwm
337lxc.cgroup.devices.allow = c 136:* rwm
338lxc.cgroup.devices.allow = c 5:2 rwm
339# rtc
340lxc.cgroup.devices.allow = c 254:0 rwm
341#fuse
342lxc.cgroup.devices.allow = c 10:229 rwm
343#tun
344lxc.cgroup.devices.allow = c 10:200 rwm
345#full
346lxc.cgroup.devices.allow = c 1:7 rwm
347#hpet
348lxc.cgroup.devices.allow = c 10:228 rwm
349#kvm
350lxc.cgroup.devices.allow = c 10:232 rwm
351EOF
352
353 cat <<EOF > $path/fstab
354proc proc proc nodev,noexec,nosuid 0 0
355sysfs sys sysfs defaults 0 0
356EOF
357
358 if [ $? -ne 0 ]; then
359 echo "Failed to add configuration"
360 return 1
361 fi
362
363 return 0
364}
365
366trim()
367{
368 rootfs=$1
369 release=$2
370
371 # provide the lxc service
372 cat <<EOF > $rootfs/etc/init/lxc.conf
373# fake some events needed for correct startup other services
374
375description "Container Upstart"
376
377start on startup
378
379script
380 rm -rf /var/run/*.pid
381 rm -rf /var/run/network/*
382 /sbin/initctl emit stopped JOB=udevtrigger --no-wait
383 /sbin/initctl emit started JOB=udev --no-wait
384end script
385EOF
386
387 # fix buggus runlevel with sshd
388 cat <<EOF > $rootfs/etc/init/ssh.conf
389# ssh - OpenBSD Secure Shell server
390#
391# The OpenSSH server provides secure shell access to the system.
392
393description "OpenSSH server"
394
395start on filesystem
396stop on runlevel [!2345]
397
398expect fork
399respawn
400respawn limit 10 5
401umask 022
402# replaces SSHD_OOM_ADJUST in /etc/default/ssh
403oom never
404
405pre-start script
406 test -x /usr/sbin/sshd || { stop; exit 0; }
407 test -e /etc/ssh/sshd_not_to_be_run && { stop; exit 0; }
408 test -c /dev/null || { stop; exit 0; }
409
410 mkdir -p -m0755 /var/run/sshd
411end script
412
413# if you used to set SSHD_OPTS in /etc/default/ssh, you can change the
414# 'exec' line here instead
415exec /usr/sbin/sshd
416EOF
417
418 cat <<EOF > $rootfs/etc/init/console.conf
419# console - getty
420#
421# This service maintains a console on tty1 from the point the system is
422# started until it is shut down again.
423
424start on stopped rc RUNLEVEL=[2345]
425stop on runlevel [!2345]
426
427respawn
428exec /sbin/getty -8 38400 /dev/console
429EOF
430
431 cat <<EOF > $rootfs/lib/init/fstab
432# /lib/init/fstab: cleared out for bare-bones lxc
433EOF
434
435 # reconfigure some services
436 if [ -z "$LANG" ]; then
437 chroot $rootfs locale-gen en_US.UTF-8
438 chroot $rootfs update-locale LANG=en_US.UTF-8
439 else
440 chroot $rootfs locale-gen $LANG
441 chroot $rootfs update-locale LANG=$LANG
442 fi
443
444 # remove pointless services in a container
445 chroot $rootfs /usr/sbin/update-rc.d -f ondemand remove
446
447 chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls u*.conf); do mv $f $f.orig; done'
448 chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls tty[2-9].conf); do mv $f $f.orig; done'
449 chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls plymouth*.conf); do mv $f $f.orig; done'
450 chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls hwclock*.conf); do mv $f $f.orig; done'
451 chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls module*.conf); do mv $f $f.orig; done'
452
453 # if this isn't lucid, then we need to twiddle the network upstart bits :(
454 if [ $release != "lucid" ]; then
455 sed -i 's/^.*emission handled.*$/echo Emitting lo/' $rootfs/etc/network/if-up.d/upstart
456 fi
457}
458
459post_process()
460{
461 rootfs=$1
462 release=$2
463 trim_container=$3
464
465 if [ $trim_container -eq 1 ]; then
466 trim $rootfs $release
467 elif [ ! -f $rootfs/etc/init/container-detect.conf ]; then
468 # Make sure we have a working resolv.conf
469 cresolvonf="${rootfs}/etc/resolv.conf"
470 mv $cresolvonf ${cresolvonf}.lxcbak
471 cat /etc/resolv.conf > ${cresolvonf}
472
473 # for lucid, if not trimming, then add the ubuntu-virt
474 # ppa and install lxcguest
475 if [ $release = "lucid" ]; then
476 chroot $rootfs apt-get update
477 chroot $rootfs apt-get install --force-yes -y python-software-properties
478 chroot $rootfs add-apt-repository ppa:ubuntu-virt/ppa
479 fi
480
481 chroot $rootfs apt-get update
482 chroot $rootfs apt-get install --force-yes -y lxcguest
483
484 # Restore old resolv.conf
485 rm -f ${cresolvonf}
486 mv ${cresolvonf}.lxcbak ${cresolvonf}
487 fi
488
489 # If the container isn't running a native architecture, setup multiarch
490 if [ -x "$(ls -1 ${rootfs}/usr/bin/qemu-*-static 2>/dev/null)" ]; then
491 dpkg_version=$(chroot $rootfs dpkg-query -W -f='${Version}' dpkg)
492 if chroot $rootfs dpkg --compare-versions $dpkg_version ge "1.16.2"; then
493 chroot $rootfs dpkg --add-architecture ${hostarch}
494 else
495 mkdir -p ${rootfs}/etc/dpkg/dpkg.cfg.d
496 echo "foreign-architecture ${hostarch}" > ${rootfs}/etc/dpkg/dpkg.cfg.d/lxc-multiarch
497 fi
498
499 # Save existing value of MIRROR and SECURITY_MIRROR
500 DEFAULT_MIRROR=$MIRROR
501 DEFAULT_SECURITY_MIRROR=$SECURITY_MIRROR
502
503 # Write a new sources.list containing both native and multiarch entries
504 > ${rootfs}/etc/apt/sources.list
505 write_sourceslist $rootfs $arch "native"
506
507 MIRROR=$DEFAULT_MIRROR
508 SECURITY_MIRROR=$DEFAULT_SECURITY_MIRROR
509 write_sourceslist $rootfs $hostarch "multiarch"
510
511 # Finally update the lists and install upstart using the host architecture
512 chroot $rootfs apt-get update
513 chroot $rootfs apt-get install --force-yes -y --no-install-recommends upstart:${hostarch} mountall:${hostarch} iproute:${hostarch} isc-dhcp-client:${hostarch}
514 fi
515
516 # rmdir /dev/shm for containers that have /run/shm
517 # I'm afraid of doing rm -rf $rootfs/dev/shm, in case it did
518 # get bind mounted to the host's /run/shm. So try to rmdir
519 # it, and in case that fails move it out of the way.
520 if [ ! -L $rootfs/dev/shm ] && [ -d $rootfs/run/shm ] && [ -e $rootfs/dev/shm ]; then
521 mv $rootfs/dev/shm $rootfs/dev/shm.bak
522 ln -s /run/shm $rootfs/dev/shm
523 fi
524}
525
526do_bindhome()
527{
528 rootfs=$1
529 user=$2
530
531 # copy /etc/passwd, /etc/shadow, and /etc/group entries into container
532 pwd=`getent passwd $user` || { echo "Failed to copy password entry for $user"; false; }
533 echo $pwd >> $rootfs/etc/passwd
534
535 # make sure user's shell exists in the container
536 shell=`echo $pwd | cut -d: -f 7`
537 if [ ! -x $rootfs/$shell ]; then
538 echo "shell $shell for user $user was not found in the container."
539 pkg=`dpkg -S $(readlink -m $shell) | cut -d ':' -f1`
540 echo "Installing $pkg"
541 chroot $rootfs apt-get --force-yes -y install $pkg
542 fi
543
544 shad=`getent shadow $user`
545 echo "$shad" >> $rootfs/etc/shadow
546
547 # bind-mount the user's path into the container's /home
548 h=`getent passwd $user | cut -d: -f 6`
549 mkdir -p $rootfs/$h
550
551 # use relative path in container
552 h2=${h#/}
553 while [ ${h2:0:1} = "/" ]; do
554 h2=${h2#/}
555 done
556 echo "$h $h2 none bind 0 0" >> $path/fstab
557
558 # Make sure the group exists in container
559 grp=`echo $pwd | cut -d: -f 4` # group number for $user
560 grpe=`getent group $grp` || return 0 # if host doesn't define grp, ignore in container
561 chroot $rootfs getent group "$grpe" || echo "$grpe" >> $rootfs/etc/group
562}
563
564usage()
565{
566 cat <<EOF
567$1 -h|--help [-a|--arch] [-b|--bindhome <user>] [--trim] [-d|--debug]
568 [-F | --flush-cache] [-r|--release <release>] [ -S | --auth-key <keyfile>]
569release: the ubuntu release (e.g. precise): defaults to host release on ubuntu, otherwise uses latest LTS
570trim: make a minimal (faster, but not upgrade-safe) container
571bindhome: bind <user>'s home into the container
572 The ubuntu user will not be created, and <user> will have
573 sudo access.
574arch: the container architecture (e.g. amd64): defaults to host arch
575auth-key: SSH Public key file to inject into container
576EOF
577 return 0
578}
579
580options=$(getopt -o a:b:hp:r:xn:FS:d -l arch:,bindhome:,help,path:,release:,trim,name:,flush-cache,auth-key:,debug -- "$@")
581if [ $? -ne 0 ]; then
582 usage $(basename $0)
583 exit 1
584fi
585eval set -- "$options"
586
587release=precise # Default to the last Ubuntu LTS release for non-Ubuntu systems
588if [ -f /etc/lsb-release ]; then
589 . /etc/lsb-release
590 if [ "$DISTRIB_ID" = "Ubuntu" ]; then
591 release=$DISTRIB_CODENAME
592 fi
593fi
594
595bindhome=
596arch=$(arch)
597
598# Code taken from debootstrap
599if [ -x /usr/bin/dpkg ] && /usr/bin/dpkg --print-architecture >/dev/null 2>&1; then
600 arch=`/usr/bin/dpkg --print-architecture`
601elif type udpkg >/dev/null 2>&1 && udpkg --print-architecture >/dev/null 2>&1; then
602 arch=`/usr/bin/udpkg --print-architecture`
603else
604 arch=$(arch)
605 if [ "$arch" = "i686" ]; then
606 arch="i386"
607 elif [ "$arch" = "x86_64" ]; then
608 arch="amd64"
609 elif [ "$arch" = "armv7l" ]; then
610 arch="armel"
611 fi
612fi
613
614debug=0
615trim_container=0
616hostarch=$arch
617flushcache=0
618while true
619do
620 case "$1" in
621 -h|--help) usage $0 && exit 0;;
622 -p|--path) path=$2; shift 2;;
623 -n|--name) name=$2; shift 2;;
624 -F|--flush-cache) flushcache=1; shift 1;;
625 -r|--release) release=$2; shift 2;;
626 -b|--bindhome) bindhome=$2; shift 2;;
627 -a|--arch) arch=$2; shift 2;;
628 -x|--trim) trim_container=1; shift 1;;
629 -S|--auth-key) auth_key=$2; shift 2;;
630 -d|--debug) debug=1; shift 1;;
631 --) shift 1; break ;;
632 *) break ;;
633 esac
634done
635
636if [ $debug -eq 1 ]; then
637 set -x
638fi
639
640if [ -n "$bindhome" ]; then
641 pwd=`getent passwd $bindhome`
642 if [ $? -ne 0 ]; then
643 echo "Error: no password entry found for $bindhome"
644 exit 1
645 fi
646fi
647
648
649if [ "$arch" == "i686" ]; then
650 arch=i386
651fi
652
653if [ $hostarch = "i386" -a $arch = "amd64" ]; then
654 echo "can't create amd64 container on i386"
655 exit 1
656fi
657
658type debootstrap
659if [ $? -ne 0 ]; then
660 echo "'debootstrap' command is missing"
661 exit 1
662fi
663
664if [ -z "$path" ]; then
665 echo "'path' parameter is required"
666 exit 1
667fi
668
669if [ "$(id -u)" != "0" ]; then
670 echo "This script should be run as 'root'"
671 exit 1
672fi
673
674# detect rootfs
675config="$path/config"
676if grep -q '^lxc.rootfs' $config 2>/dev/null ; then
677 rootfs=`grep 'lxc.rootfs =' $config | awk -F= '{ print $2 }'`
678else
679 rootfs=$path/rootfs
680fi
681
682install_ubuntu $rootfs $release $flushcache
683if [ $? -ne 0 ]; then
684 echo "failed to install ubuntu $release"
685 exit 1
686fi
687
688configure_ubuntu $rootfs $name $release
689if [ $? -ne 0 ]; then
690 echo "failed to configure ubuntu $release for a container"
691 exit 1
692fi
693
694copy_configuration $path $rootfs $name $arch $release
695if [ $? -ne 0 ]; then
696 echo "failed write configuration file"
697 exit 1
698fi
699
700post_process $rootfs $release $trim_container
701
702if [ -n "$bindhome" ]; then
703 do_bindhome $rootfs $bindhome
704 finalize_user $bindhome
705else
706 finalize_user ubuntu
707fi
708
709echo ""
710echo "##"
711if [ -n "$bindhome" ]; then
712 echo "# Log in as user $bindhome"
713else
714 echo "# The default user is 'ubuntu' with password 'ubuntu'!"
715 echo "# Use the 'sudo' command to run tasks as root in the container."
716fi
717echo "##"
718echo ""
0719
=== added file 'debian/patches/0224-ubuntu-templates-devtmpfs'
--- debian/patches/0224-ubuntu-templates-devtmpfs 1970-01-01 00:00:00 +0000
+++ debian/patches/0224-ubuntu-templates-devtmpfs 2012-10-15 15:25:24 +0000
@@ -0,0 +1,30 @@
1Description: templates: mount devtmpfs in ubuntu containers
2 That way /dev/disk/ exists.
3Author: Serge Hallyn <serge.hallyn@ubuntu.com>
4Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1060404
5Forwarded: yes
6
7Index: lxc/templates/lxc-ubuntu-cloud.in
8===================================================================
9--- lxc.orig/templates/lxc-ubuntu-cloud.in 2012-10-04 11:59:00.784184000 -0500
10+++ lxc/templates/lxc-ubuntu-cloud.in 2012-10-04 12:02:27.983278932 -0500
11@@ -94,6 +94,7 @@
12 cat <<EOF > $path/fstab
13 proc proc proc nodev,noexec,nosuid 0 0
14 sysfs sys sysfs defaults 0 0
15+devtmpfs dev devtmpfs defaults 0 0
16 EOF
17
18 # rmdir /dev/shm for containers that have /run/shm
19Index: lxc/templates/lxc-ubuntu.in
20===================================================================
21--- lxc.orig/templates/lxc-ubuntu.in 2012-10-04 11:59:00.784184000 -0500
22+++ lxc/templates/lxc-ubuntu.in 2012-10-04 12:02:21.439278789 -0500
23@@ -353,6 +353,7 @@
24 cat <<EOF > $path/fstab
25 proc proc proc nodev,noexec,nosuid 0 0
26 sysfs sys sysfs defaults 0 0
27+devtmpfs dev devtmpfs defaults 0 0
28 EOF
29
30 if [ $? -ne 0 ]; then
031
=== renamed file 'debian/patches/0224-ubuntu-templates-devtmpfs' => 'debian/patches/0224-ubuntu-templates-devtmpfs.moved'

Subscribers

People subscribed via source and target branches