Browse Source

lxc/lxc-vinelinux

git-svn-id: http://trac.vinelinux.org/repos/projects/specs@9918 ec354946-7b23-47d6-9f5a-488ba84defc7
daisuke 8 years ago
parent
commit
4b145a7b17
1 changed files with 86 additions and 57 deletions
  1. 86 57
      l/lxc/lxc-vinelinux

+ 86 - 57
l/lxc/lxc-vinelinux

@@ -44,9 +44,6 @@ cache_base=/var/cache/lxc/vinelinux
 default_path=/var/lib/lxc
 default_profile=default
 profile_dir=/etc/lxc/profiles
-root_password=vineroot
-default_user=vine
-default_user_password=vine123
 lxc_network_type=veth
 lxc_network_link=lxcbr0
 
@@ -198,8 +195,8 @@ EOF
     echo ${root_password} > ${config_path}/tmp_root_pass
     echo "Storing root password in '${config_path}/tmp_root_pass'"
 
-    # create default user 'vine'
-    echo "Create default user 'vine'"
+    # create default user.
+    echo "Create default user '${default_user}'"
     chroot ${rootfs_path} /usr/sbin/useradd -G wheel ${default_user}
     echo "Setting default user \'${default_user}\' password to $default_user_password"
     echo "${default_user}:${default_user_password}" | chroot $rootfs_path chpasswd
@@ -265,10 +262,14 @@ copy_vinelinux()
 
     # make a local copy of the minivinelinux
     echo -n "Copying rootfs to $rootfs_path ..."
-    #cp -a $cache/rootfs-$arch $rootfs_path || return 1
-    # i prefer rsync (no reason really)
+    # prefer rsync
     mkdir -p $rootfs_path
-    rsync -Ha $cache/rootfs/ $rootfs_path/
+    if [ -x /usr/bin/rsync ]; then
+      rsync -Ha $cache/rootfs/ $rootfs_path/
+    else
+      echo "rsync is not found, using cp instead."
+      cp -a $cache/rootfs-$arch $rootfs_path
+    fi
     return 0
 }
 
@@ -317,38 +318,49 @@ install_vinelinux()
     return $?
 }
 
-copy_configuration()
+create_hwaddr()
 {
+    openssl rand -hex 5 | sed -e 's/\(..\)/:\1/g; s/^/fe/'
+}
 
+copy_configuration()
+{
     mkdir -p $config_path
-    grep -q "^lxc.rootfs" $config_path/config 2>/dev/null || echo "lxc.rootfs = $rootfs_path" >> $config_path/config
-    cat <<EOF >> $config_path/config
-lxc.utsname = $name
-lxc.tty = 4
-lxc.pts = 1024
-lxc.cap.drop = sys_module mac_admin mac_override sys_time
-EOF
 
-    if [ "$arch" == "i386" ] && [ "$(uname -i)" == "x86_64" ]; then
-        cat <<EOF >> $config_path/config
+    grep -q "^lxc.rootfs" $config_path/config 2>/dev/null || echo "
+lxc.rootfs = $rootfs_path
+" >> $config_path/config
 
-# lxc container architecture
-lxc.arch = x86
-EOF
+    # The following code is to create static MAC addresses for each
+    # interface in the container.  This code will work for multiple
+    # interfaces in the default config.
+    mv $config_path/config $config_path/config.def
+    while read LINE
+    do
+        # This should catch variable expansions from the default config...
+        if expr "${LINE}" : '.*\$' > /dev/null 2>&1
+        then
+                LINE=$(eval "echo \"${LINE}\"")
+        fi
 
-    fi
+        # There is a tab and a space in the regex bracket below!
+        # Seems that \s doesn't work in brackets.
+        KEY=$(expr "${LINE}" : '\s*\([^	 ]*\)\s*=')
 
-    cat <<EOF >> $config_path/config
-# When using LXC with apparmor, uncomment the next line to run unconfined:
-#lxc.aa_profile = unconfined
+        if [[ "${KEY}" != "lxc.network.hwaddr" ]]
+        then
+            echo ${LINE} >> $config_path/config
 
-#networking
-lxc.network.type = $lxc_network_type
-lxc.network.flags = up
-lxc.network.link = $lxc_network_link
-lxc.network.name = veth0
-lxc.network.mtu = 1500
-EOF
+            if [[ "${KEY}" == "lxc.network.link" ]]
+            then
+                echo "lxc.network.hwaddr = $(create_hwaddr)" >> $config_path/config
+            fi
+        fi
+    done < $config_path/config.def
+    
+    rm -f $config_path/config.def
+
+    # static network settings
     if [ ! -z ${ipv4} ]; then
         cat <<EOF >> $config_path/config
 lxc.network.ipv4 = $ipv4
@@ -369,28 +381,25 @@ EOF
 #lxc.network.ipv6.gateway = $gw6
 #EOF
 #fi
-    cat <<EOF >> $config_path/config
-#cgroups
-lxc.cgroup.devices.deny = a
-# /dev/null and zero
-lxc.cgroup.devices.allow = c 1:3 rwm
-lxc.cgroup.devices.allow = c 1:5 rwm
-# consoles
-lxc.cgroup.devices.allow = c 5:1 rwm
-lxc.cgroup.devices.allow = c 5:0 rwm
-lxc.cgroup.devices.allow = c 4:0 rwm
-lxc.cgroup.devices.allow = c 4:1 rwm
-# /dev/{,u}random
-lxc.cgroup.devices.allow = c 1:9 rwm
-lxc.cgroup.devices.allow = c 1:8 rwm
-lxc.cgroup.devices.allow = c 136:* rwm
-lxc.cgroup.devices.allow = c 5:2 rwm
-# rtc
-lxc.cgroup.devices.allow = c 10:135 rwm
-
-lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
+
+    # include common configuration
+    if [ -e "/usr/share/lxc/config/vinelinux.common.conf" ]; then
+        echo "
+# Include common configuration
+lxc.include = /usr/share/lxc/config/vinelinux.common.conf
+" >> $config_path/config
+    fi
+
+    # append lxc.utsname
+    echo "lxc.utsname = $utsname" >> $config_path/config
+    if [ "$arch" == "i386" ] && [ "$(uname -i)" == "x86_64" ]; then
+        cat <<EOF >> $config_path/config
+# lxc container architecture
+lxc.arch = x86
 EOF
 
+    fi
+
     if [ $? -ne 0 ]; then
         echo "Failed to add configuration"
         return 1
@@ -425,12 +434,13 @@ usage()
     cat <<EOF
 usage:
     $1 -n|--name=<container_name>
-        [-p|--path=<path>] [-c|--clean] [-R|--release=<Vine Linux release>]
+        [-p|--path=<path>] [-c|--clean]
+	[-R|--release=<Vine Linux release>]
+        [-A|--arch=<arch of the container>]
         [-4|--ipv4=<ipv4 address>]
         [-g|--gw=<gw address>] [-d|--dns=<dns address>]
 	[-u|--user=<user>] [--password=<password>]
         [-P|--profile=<name of the profile>] [--rootfs=<path>]
-        [-A|--arch=<arch of the container>]
         [-h|--help]
 Mandatory args:
   -n,--name         container name, used to as an identifier for that container from now on
@@ -438,18 +448,22 @@ Optional args:
   -p,--path         path to where the container rootfs will be created, defaults to /var/lib/lxc. The container config will go under /var/lib/lxc in that case
   -c,--clean        clean the cache
   -R,--release      Vine Linux release [VineSeed, 6] for the new container, defaults to VineSeed
+  -A,--arch         Define what arch the container will be [i386,x86_64]
   -4,--ipv4         specify the ipv4 address to assign to the virtualized interface, eg. 192.168.1.123/24
   -g,--gw           specify the default gw, eg. 192.168.1.1
   -d,--dns          specify the DNS server, eg. 192.168.1.2
+  -u,--user         specify default user name, who can sudo.
+  --password        initial password for default user.
+  --fqdn            fully qualified domain name (FQDN) for DNS and system naming.
+  --rootpassword    initial password for root user.
   -P,--profile      Profile name is the file name in /etc/lxc/profiles contained packages name for install to cache.
-  -A,--arch         Define what arch the container will be [i386,x86_64]
   ---rootfs         rootfs path
   -h,--help         print this help
 EOF
     return 0
 }
 
-options=$(getopt -o hp:n:P:cR:4:g:d:u:A: -l help,rootfs:,path:,name:,profile:,clean,release:,ipv4:,gw:,dns:,user:,password:,arch: -- "$@")
+options=$(getopt -o hp:n:P:cR:4:g:d:u:A: -l help,rootfs:,path:,name:,profile:,clean,release:,ipv4:,gw:,dns:,user:,password:,arch:,fqdn:,rootpassword: -- "$@")
 if [ $? -ne 0 ]; then
     usage $(basename $0)
     exit 1
@@ -472,6 +486,8 @@ do
         -d|--dns)       dns=$2; shift 2;;
         -u|--user)      default_user=$2; shift 2;;
         --password)     default_user_password=$2; shift 2;;
+        --rootpassword) root_password=$2; shift 2;;
+	--fqdn)         utsname=$2; shift 2;;
         --)             shift 1; break ;;
         *)              break ;;
     esac
@@ -517,13 +533,26 @@ if [ -z "$default_user" ]; then
 fi
 
 if [ -z "$default_user_password" ]; then
-    default_user_password="vine123"
+    default_user_password="$(mktemp -u XXXXXXXX)"
 fi
 
 if [ -z "$arch" ]; then
     arch="$(uname -i)"
 fi
 
+if [ -z "${utsname}" ]; then
+    utsname=${name}
+fi
+
+if [ $(expr "$utsname" : '.*\..*\.') = 0 ]; then
+    if [[ "$(dnsdomainname)" != "" && "$(dnsdomainname)" != "localdomain" ]]; then
+        utsname=${utsname}.$(dnsdomainname)
+    fi
+fi
+
+if [ -z "${root_password}" ]; then
+    root_password="$(mktemp -u XXXXXXXX)"
+fi
 
 if [ "$(id -u)" != "0" ]; then
     echo "This script should be run as 'root'"