pauper 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- data/bin/pauper +6 -0
- data/lib/dhcpd.rb +1 -2
- data/lib/pauper.rb +668 -8
- metadata +5 -18
data/bin/pauper
CHANGED
data/lib/dhcpd.rb
CHANGED
@@ -11,7 +11,7 @@ class DHCPD
|
|
11
11
|
end
|
12
12
|
|
13
13
|
def subnet
|
14
|
-
@preamble.match(/(
|
14
|
+
@preamble.match(/subnet (\d+\.\d+\.\d+)\.0 netmask/)[1]
|
15
15
|
end
|
16
16
|
|
17
17
|
def save
|
@@ -39,7 +39,6 @@ class DHCPD
|
|
39
39
|
system 'sudo "/Library/Application Support/VMware Fusion/boot.sh" --restart >>vmware.log 2>&1'
|
40
40
|
end
|
41
41
|
|
42
|
-
|
43
42
|
private
|
44
43
|
|
45
44
|
BEGIN_BUM = "#### BEGIN BUM ####"
|
data/lib/pauper.rb
CHANGED
@@ -1,3 +1,4 @@
|
|
1
|
+
# -*- coding: iso-8859-1 -*-
|
1
2
|
require 'rubygems'
|
2
3
|
require 'net/ssh'
|
3
4
|
require 'net/scp'
|
@@ -24,8 +25,11 @@ class Pauper
|
|
24
25
|
|
25
26
|
def bootstrap
|
26
27
|
raise "Base already exists!" if vm_exists?("base")
|
28
|
+
username = ENV['USER']
|
29
|
+
key = "/home/#{username}/.ssh/id_rsa"
|
30
|
+
lxc_pauper_template
|
27
31
|
system("sudo touch /var/lib/lxc/lxc.conf")
|
28
|
-
system("sudo lxc-create -n base -t
|
32
|
+
system("sudo lxc-create -n base -t pauper -f /var/lib/lxc/lxc.conf -- -a amd64 --auth-key #{key + '.pub'} -r lucid")
|
29
33
|
mac = generate_mac
|
30
34
|
ip = "#{@pauper_config.config[:subnet]}.2"
|
31
35
|
|
@@ -41,8 +45,8 @@ class Pauper
|
|
41
45
|
puts "Installing chef.."
|
42
46
|
start_node('base')
|
43
47
|
chef_node = "base#{@pauper_config.config[:node_suffix]}"
|
44
|
-
|
45
|
-
cmd "knife bootstrap --bootstrap-version chef-full -N #{chef_node} -E #{@pauper_config.config[:chef_environment]} -x
|
48
|
+
sleep 3
|
49
|
+
cmd "knife bootstrap --bootstrap-version chef-full -N #{chef_node} -E #{@pauper_config.config[:chef_environment]} -x root -r \"#{@pauper_config.config[:default_run_list].join(",")}\" #{ip}"
|
46
50
|
stop_node('base')
|
47
51
|
end
|
48
52
|
|
@@ -140,7 +144,7 @@ EOF
|
|
140
144
|
}.merge(config[:chef_options]).merge(node_config.config[:chef_options])
|
141
145
|
|
142
146
|
puts "Uploading Chef files..."
|
143
|
-
Net::SCP.start ip,
|
147
|
+
Net::SCP.start ip, ENV['USER'] do |scp|
|
144
148
|
scp.upload! tmp_client_rb_path, "client.rb"
|
145
149
|
scp.upload! config[:validation_key_path], "validation.pem"
|
146
150
|
scp.upload! StringIO.new(chef_attribs.to_json), "client-config.json"
|
@@ -149,11 +153,13 @@ EOF
|
|
149
153
|
FileUtils.rm(tmp_client_rb_path)
|
150
154
|
|
151
155
|
puts "Connecting over SSH..."
|
152
|
-
Net::SSH.start ip,
|
153
|
-
ssh_exec ssh, "mv client.rb /etc/chef/"
|
154
|
-
ssh_exec ssh, "mv
|
156
|
+
Net::SSH.start ip, ENV['USER'] do |ssh|
|
157
|
+
ssh_exec ssh, "sudo mv client.rb /etc/chef/"
|
158
|
+
ssh_exec ssh, "sudo mv validation.pem /etc/chef/"
|
159
|
+
ssh_exec ssh, "sudo mv client-config.json /etc/chef/"
|
160
|
+
ssh_exec ssh, "sudo touch /etc/chef/disabled"
|
155
161
|
|
156
|
-
ssh.exec! "/usr/bin/chef-client" do |channel, stream, data|
|
162
|
+
ssh.exec! "sudo /usr/bin/chef-client" do |channel, stream, data|
|
157
163
|
print data
|
158
164
|
end
|
159
165
|
end
|
@@ -233,6 +239,28 @@ EOF
|
|
233
239
|
hosts.save
|
234
240
|
end
|
235
241
|
|
242
|
+
def write_dhcpd
|
243
|
+
puts "Writing dhcpd.conf file..."
|
244
|
+
|
245
|
+
dhcpd = DHCPD.new(DHCPD_CONF_PATH)
|
246
|
+
|
247
|
+
@pauper_config.config[:nodes].each do |node|
|
248
|
+
vmx = node_vmx(node.name)
|
249
|
+
mac = vmx.data['ethernet0.address']
|
250
|
+
|
251
|
+
node_config = get_node_config(node.name)
|
252
|
+
ip = node_ip(node_config)
|
253
|
+
|
254
|
+
dhcpd.config[node.name] = {
|
255
|
+
'hardware ethernet' => mac,
|
256
|
+
'fixed-address' => ip
|
257
|
+
}
|
258
|
+
dhcpd.save
|
259
|
+
end
|
260
|
+
|
261
|
+
puts "Restarting dhcpd..."
|
262
|
+
dhcpd.restart
|
263
|
+
end
|
236
264
|
|
237
265
|
def start_all
|
238
266
|
puts "Starting all nodes..."
|
@@ -348,6 +376,637 @@ EOF
|
|
348
376
|
File.dirname(@pauper_config.config[:vmx])
|
349
377
|
end
|
350
378
|
|
379
|
+
def lxc_pauper_template
|
380
|
+
@template = <<TEMPLATE
|
381
|
+
#!/bin/bash
|
382
|
+
|
383
|
+
#
|
384
|
+
# template script for generating ubuntu container for LXC
|
385
|
+
#
|
386
|
+
# This script consolidates and extends the existing lxc ubuntu scripts
|
387
|
+
#
|
388
|
+
|
389
|
+
# Copyright � 2011 Serge Hallyn <serge.hallyn@canonical.com>
|
390
|
+
# Copyright � 2010 Wilhelm Meier
|
391
|
+
# Author: Wilhelm Meier <wilhelm.meier@fh-kl.de>
|
392
|
+
#
|
393
|
+
# This program is free software; you can redistribute it and/or modify
|
394
|
+
# it under the terms of the GNU General Public License version 2, as
|
395
|
+
# published by the Free Software Foundation.
|
396
|
+
|
397
|
+
# This program is distributed in the hope that it will be useful,
|
398
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
399
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
400
|
+
# GNU General Public License for more details.
|
401
|
+
|
402
|
+
# You should have received a copy of the GNU General Public License along
|
403
|
+
# with this program; if not, write to the Free Software Foundation, Inc.,
|
404
|
+
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
405
|
+
#
|
406
|
+
|
407
|
+
set -e
|
408
|
+
|
409
|
+
if [ -r /etc/default/lxc ]; then
|
410
|
+
. /etc/default/lxc
|
411
|
+
fi
|
412
|
+
|
413
|
+
configure_ubuntu()
|
414
|
+
{
|
415
|
+
rootfs=$1
|
416
|
+
hostname=$2
|
417
|
+
release=$3
|
418
|
+
|
419
|
+
# configure the network using the dhcp
|
420
|
+
cat <<EOF > $rootfs/etc/network/interfaces
|
421
|
+
# This file describes the network interfaces available on your system
|
422
|
+
# and how to activate them. For more information, see interfaces(5).
|
423
|
+
|
424
|
+
# The loopback network interface
|
425
|
+
auto lo
|
426
|
+
iface lo inet loopback
|
427
|
+
|
428
|
+
auto eth0
|
429
|
+
iface eth0 inet dhcp
|
430
|
+
EOF
|
431
|
+
|
432
|
+
# set the hostname
|
433
|
+
cat <<EOF > $rootfs/etc/hostname
|
434
|
+
$hostname
|
435
|
+
EOF
|
436
|
+
# set minimal hosts
|
437
|
+
cat <<EOF > $rootfs/etc/hosts
|
438
|
+
127.0.0.1 localhost
|
439
|
+
127.0.1.1 $hostname
|
440
|
+
|
441
|
+
# The following lines are desirable for IPv6 capable hosts
|
442
|
+
::1 ip6-localhost ip6-loopback
|
443
|
+
fe00::0 ip6-localnet
|
444
|
+
ff00::0 ip6-mcastprefix
|
445
|
+
ff02::1 ip6-allnodes
|
446
|
+
ff02::2 ip6-allrouters
|
447
|
+
EOF
|
448
|
+
|
449
|
+
if [ ! -f $rootfs/etc/init/container-detect.conf ]; then
|
450
|
+
# suppress log level output for udev
|
451
|
+
sed -i "s/=\"err\"/=0/" $rootfs/etc/udev/udev.conf
|
452
|
+
|
453
|
+
# remove jobs for consoles 5 and 6 since we only create 4 consoles in
|
454
|
+
# this template
|
455
|
+
rm -f $rootfs/etc/init/tty{5,6}.conf
|
456
|
+
fi
|
457
|
+
|
458
|
+
return 0
|
459
|
+
}
|
460
|
+
|
461
|
+
# finish setting up the user in the container by injecting ssh key
|
462
|
+
finalize_user()
|
463
|
+
{
|
464
|
+
if [ -n "$auth_key" -a -f "$auth_key" ]; then
|
465
|
+
u_path="/root/.ssh"
|
466
|
+
root_u_path="$rootfs/$u_path"
|
467
|
+
|
468
|
+
mkdir -p $root_u_path
|
469
|
+
cp $auth_key "$root_u_path/authorized_keys"
|
470
|
+
chroot $rootfs chown -R root: "$u_path"
|
471
|
+
|
472
|
+
echo "Inserted SSH public key from $auth_key into /root/.ssh/authorized_keys"
|
473
|
+
fi
|
474
|
+
return 0
|
475
|
+
}
|
476
|
+
|
477
|
+
write_sourceslist()
|
478
|
+
{
|
479
|
+
# $1 => path to the rootfs
|
480
|
+
# $2 => architecture we want to add
|
481
|
+
# $3 => whether to use the multi-arch syntax or not
|
482
|
+
|
483
|
+
case $2 in
|
484
|
+
amd64|i386)
|
485
|
+
MIRROR=${MIRROR:-http://mirrors.fastly.net/ubuntu}
|
486
|
+
SECURITY_MIRROR=${SECURITY_MIRROR:-http://mirrors.fastly.net/ubuntu}
|
487
|
+
;;
|
488
|
+
*)
|
489
|
+
MIRROR=${MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
|
490
|
+
SECURITY_MIRROR=${SECURITY_MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
|
491
|
+
;;
|
492
|
+
esac
|
493
|
+
if [ -n "$3" ]; then
|
494
|
+
cat >> "$1/etc/apt/sources.list" << EOF
|
495
|
+
deb [arch=$2] $MIRROR ${release} main restricted universe multiverse
|
496
|
+
deb [arch=$2] $MIRROR ${release}-updates main restricted universe multiverse
|
497
|
+
deb [arch=$2] $SECURITY_MIRROR ${release}-security main restricted universe multiverse
|
498
|
+
EOF
|
499
|
+
else
|
500
|
+
cat >> "$1/etc/apt/sources.list" << EOF
|
501
|
+
deb $MIRROR ${release} main restricted universe multiverse
|
502
|
+
deb $MIRROR ${release}-updates main restricted universe multiverse
|
503
|
+
deb $SECURITY_MIRROR ${release}-security main restricted universe multiverse
|
504
|
+
EOF
|
505
|
+
fi
|
506
|
+
}
|
507
|
+
|
508
|
+
cleanup()
|
509
|
+
{
|
510
|
+
rm -rf $cache/partial-$arch
|
511
|
+
rm -rf $cache/rootfs-$arch
|
512
|
+
}
|
513
|
+
|
514
|
+
download_ubuntu()
|
515
|
+
{
|
516
|
+
cache=$1
|
517
|
+
arch=$2
|
518
|
+
release=$3
|
519
|
+
|
520
|
+
packages=vim,ssh,curl,wget
|
521
|
+
echo "installing packages: $packages"
|
522
|
+
|
523
|
+
trap cleanup EXIT SIGHUP SIGINT SIGTERM
|
524
|
+
# check the mini ubuntu was not already downloaded
|
525
|
+
mkdir -p "$cache/partial-$arch"
|
526
|
+
if [ $? -ne 0 ]; then
|
527
|
+
echo "Failed to create '$cache/partial-$arch' directory"
|
528
|
+
return 1
|
529
|
+
fi
|
530
|
+
|
531
|
+
# download a mini ubuntu into a cache
|
532
|
+
echo "Downloading ubuntu $release minimal ..."
|
533
|
+
if [ -n "$(which qemu-debootstrap)" ]; then
|
534
|
+
qemu-debootstrap --verbose --components=main,universe --arch=$arch --include=$packages $release $cache/partial-$arch $MIRROR
|
535
|
+
else
|
536
|
+
debootstrap --verbose --components=main,universe --arch=$arch --include=$packages $release $cache/partial-$arch $MIRROR
|
537
|
+
fi
|
538
|
+
|
539
|
+
if [ $? -ne 0 ]; then
|
540
|
+
echo "Failed to download the rootfs, aborting."
|
541
|
+
return 1
|
542
|
+
fi
|
543
|
+
|
544
|
+
# Serge isn't sure whether we should avoid doing this when
|
545
|
+
# $release == `distro-info -d`
|
546
|
+
echo "Installing updates"
|
547
|
+
> $cache/partial-$arch/etc/apt/sources.list
|
548
|
+
write_sourceslist $cache/partial-$arch/ $arch
|
549
|
+
|
550
|
+
chroot "$1/partial-${arch}" apt-get update
|
551
|
+
if [ $? -ne 0 ]; then
|
552
|
+
echo "Failed to update the apt cache"
|
553
|
+
return 1
|
554
|
+
fi
|
555
|
+
cat > "$1/partial-${arch}"/usr/sbin/policy-rc.d << EOF
|
556
|
+
#!/bin/sh
|
557
|
+
exit 101
|
558
|
+
EOF
|
559
|
+
chmod +x "$1/partial-${arch}"/usr/sbin/policy-rc.d
|
560
|
+
|
561
|
+
lxc-unshare -s MOUNT -- chroot "$1/partial-${arch}" apt-get dist-upgrade -y
|
562
|
+
ret=$?
|
563
|
+
rm -f "$1/partial-${arch}"/usr/sbin/policy-rc.d
|
564
|
+
|
565
|
+
if [ $ret -ne 0 ]; then
|
566
|
+
echo "Failed to upgrade the cache"
|
567
|
+
return 1
|
568
|
+
fi
|
569
|
+
|
570
|
+
mv "$1/partial-$arch" "$1/rootfs-$arch"
|
571
|
+
trap EXIT
|
572
|
+
trap SIGINT
|
573
|
+
trap SIGTERM
|
574
|
+
trap SIGHUP
|
575
|
+
echo "Download complete"
|
576
|
+
return 0
|
577
|
+
}
|
578
|
+
|
579
|
+
copy_ubuntu()
|
580
|
+
{
|
581
|
+
cache=$1
|
582
|
+
arch=$2
|
583
|
+
rootfs=$3
|
584
|
+
|
585
|
+
# make a local copy of the miniubuntu
|
586
|
+
echo "Copying rootfs to $rootfs ..."
|
587
|
+
mkdir -p $rootfs
|
588
|
+
rsync -a $cache/rootfs-$arch/ $rootfs/ || return 1
|
589
|
+
return 0
|
590
|
+
}
|
591
|
+
|
592
|
+
install_ubuntu()
|
593
|
+
{
|
594
|
+
rootfs=$1
|
595
|
+
release=$2
|
596
|
+
flushcache=$3
|
597
|
+
cache="/var/cache/lxc/$release"
|
598
|
+
mkdir -p /var/lock/subsys/
|
599
|
+
|
600
|
+
(
|
601
|
+
flock -x 200
|
602
|
+
if [ $? -ne 0 ]; then
|
603
|
+
echo "Cache repository is busy."
|
604
|
+
return 1
|
605
|
+
fi
|
606
|
+
|
607
|
+
|
608
|
+
if [ $flushcache -eq 1 ]; then
|
609
|
+
echo "Flushing cache..."
|
610
|
+
rm -rf "$cache/partial-$arch"
|
611
|
+
rm -rf "$cache/rootfs-$arch"
|
612
|
+
fi
|
613
|
+
|
614
|
+
echo "Checking cache download in $cache/rootfs-$arch ... "
|
615
|
+
if [ ! -e "$cache/rootfs-$arch" ]; then
|
616
|
+
download_ubuntu $cache $arch $release
|
617
|
+
if [ $? -ne 0 ]; then
|
618
|
+
echo "Failed to download 'ubuntu $release base'"
|
619
|
+
return 1
|
620
|
+
fi
|
621
|
+
fi
|
622
|
+
|
623
|
+
echo "Copy $cache/rootfs-$arch to $rootfs ... "
|
624
|
+
copy_ubuntu $cache $arch $rootfs
|
625
|
+
if [ $? -ne 0 ]; then
|
626
|
+
echo "Failed to copy rootfs"
|
627
|
+
return 1
|
628
|
+
fi
|
629
|
+
|
630
|
+
return 0
|
631
|
+
|
632
|
+
) 200>/var/lock/subsys/lxc
|
633
|
+
|
634
|
+
return $?
|
635
|
+
}
|
636
|
+
|
637
|
+
copy_configuration()
|
638
|
+
{
|
639
|
+
path=$1
|
640
|
+
rootfs=$2
|
641
|
+
name=$3
|
642
|
+
arch=$4
|
643
|
+
release=$5
|
644
|
+
|
645
|
+
if [ $arch = "i386" ]; then
|
646
|
+
arch="i686"
|
647
|
+
fi
|
648
|
+
|
649
|
+
ttydir=""
|
650
|
+
if [ -f $rootfs/etc/init/container-detect.conf ]; then
|
651
|
+
ttydir=" lxc"
|
652
|
+
fi
|
653
|
+
|
654
|
+
# if there is exactly one veth network entry, make sure it has an
|
655
|
+
# associated hwaddr.
|
656
|
+
nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l`
|
657
|
+
if [ $nics -eq 1 ]; then
|
658
|
+
grep -q "^lxc.network.hwaddr" $path/config || cat <<EOF >> $path/config
|
659
|
+
lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')
|
660
|
+
EOF
|
661
|
+
fi
|
662
|
+
|
663
|
+
cat <<EOF >> $path/config
|
664
|
+
lxc.utsname = $name
|
665
|
+
|
666
|
+
lxc.devttydir =$ttydir
|
667
|
+
lxc.tty = 4
|
668
|
+
lxc.pts = 1024
|
669
|
+
lxc.rootfs = $rootfs
|
670
|
+
lxc.mount = $path/fstab
|
671
|
+
lxc.arch = $arch
|
672
|
+
lxc.cap.drop = sys_module mac_admin
|
673
|
+
lxc.pivotdir = lxc_putold
|
674
|
+
|
675
|
+
# uncomment the next line to run the container unconfined:
|
676
|
+
#lxc.aa_profile = unconfined
|
677
|
+
|
678
|
+
lxc.cgroup.devices.deny = a
|
679
|
+
# Allow any mknod (but not using the node)
|
680
|
+
lxc.cgroup.devices.allow = c *:* m
|
681
|
+
lxc.cgroup.devices.allow = b *:* m
|
682
|
+
# /dev/null and zero
|
683
|
+
lxc.cgroup.devices.allow = c 1:3 rwm
|
684
|
+
lxc.cgroup.devices.allow = c 1:5 rwm
|
685
|
+
# consoles
|
686
|
+
lxc.cgroup.devices.allow = c 5:1 rwm
|
687
|
+
lxc.cgroup.devices.allow = c 5:0 rwm
|
688
|
+
#lxc.cgroup.devices.allow = c 4:0 rwm
|
689
|
+
#lxc.cgroup.devices.allow = c 4:1 rwm
|
690
|
+
# /dev/{,u}random
|
691
|
+
lxc.cgroup.devices.allow = c 1:9 rwm
|
692
|
+
lxc.cgroup.devices.allow = c 1:8 rwm
|
693
|
+
lxc.cgroup.devices.allow = c 136:* rwm
|
694
|
+
lxc.cgroup.devices.allow = c 5:2 rwm
|
695
|
+
# rtc
|
696
|
+
lxc.cgroup.devices.allow = c 254:0 rwm
|
697
|
+
#fuse
|
698
|
+
lxc.cgroup.devices.allow = c 10:229 rwm
|
699
|
+
#tun
|
700
|
+
lxc.cgroup.devices.allow = c 10:200 rwm
|
701
|
+
#full
|
702
|
+
lxc.cgroup.devices.allow = c 1:7 rwm
|
703
|
+
#hpet
|
704
|
+
lxc.cgroup.devices.allow = c 10:228 rwm
|
705
|
+
#kvm
|
706
|
+
lxc.cgroup.devices.allow = c 10:232 rwm
|
707
|
+
EOF
|
708
|
+
|
709
|
+
cat <<EOF > $path/fstab
|
710
|
+
proc proc proc nodev,noexec,nosuid 0 0
|
711
|
+
sysfs sys sysfs defaults 0 0
|
712
|
+
EOF
|
713
|
+
|
714
|
+
if [ $? -ne 0 ]; then
|
715
|
+
echo "Failed to add configuration"
|
716
|
+
return 1
|
717
|
+
fi
|
718
|
+
|
719
|
+
return 0
|
720
|
+
}
|
721
|
+
|
722
|
+
trim()
|
723
|
+
{
|
724
|
+
rootfs=$1
|
725
|
+
release=$2
|
726
|
+
|
727
|
+
# provide the lxc service
|
728
|
+
cat <<EOF > $rootfs/etc/init/lxc.conf
|
729
|
+
# fake some events needed for correct startup other services
|
730
|
+
|
731
|
+
description "Container Upstart"
|
732
|
+
|
733
|
+
start on startup
|
734
|
+
|
735
|
+
script
|
736
|
+
rm -rf /var/run/*.pid
|
737
|
+
rm -rf /var/run/network/*
|
738
|
+
/sbin/initctl emit stopped JOB=udevtrigger --no-wait
|
739
|
+
/sbin/initctl emit started JOB=udev --no-wait
|
740
|
+
end script
|
741
|
+
EOF
|
742
|
+
|
743
|
+
# fix buggus runlevel with sshd
|
744
|
+
cat <<EOF > $rootfs/etc/init/ssh.conf
|
745
|
+
# ssh - OpenBSD Secure Shell server
|
746
|
+
#
|
747
|
+
# The OpenSSH server provides secure shell access to the system.
|
748
|
+
|
749
|
+
description "OpenSSH server"
|
750
|
+
|
751
|
+
start on filesystem
|
752
|
+
stop on runlevel [!2345]
|
753
|
+
|
754
|
+
expect fork
|
755
|
+
respawn
|
756
|
+
respawn limit 10 5
|
757
|
+
umask 022
|
758
|
+
# replaces SSHD_OOM_ADJUST in /etc/default/ssh
|
759
|
+
oom never
|
760
|
+
|
761
|
+
pre-start script
|
762
|
+
test -x /usr/sbin/sshd || { stop; exit 0; }
|
763
|
+
test -e /etc/ssh/sshd_not_to_be_run && { stop; exit 0; }
|
764
|
+
test -c /dev/null || { stop; exit 0; }
|
765
|
+
|
766
|
+
mkdir -p -m0755 /var/run/sshd
|
767
|
+
end script
|
768
|
+
|
769
|
+
# if you used to set SSHD_OPTS in /etc/default/ssh, you can change the
|
770
|
+
# 'exec' line here instead
|
771
|
+
exec /usr/sbin/sshd
|
772
|
+
EOF
|
773
|
+
|
774
|
+
cat <<EOF > $rootfs/etc/init/console.conf
|
775
|
+
# console - getty
|
776
|
+
#
|
777
|
+
# This service maintains a console on tty1 from the point the system is
|
778
|
+
# started until it is shut down again.
|
779
|
+
|
780
|
+
start on stopped rc RUNLEVEL=[2345]
|
781
|
+
stop on runlevel [!2345]
|
782
|
+
|
783
|
+
respawn
|
784
|
+
exec /sbin/getty -8 38400 /dev/console
|
785
|
+
EOF
|
786
|
+
|
787
|
+
cat <<EOF > $rootfs/lib/init/fstab
|
788
|
+
# /lib/init/fstab: cleared out for bare-bones lxc
|
789
|
+
EOF
|
790
|
+
|
791
|
+
# reconfigure some services
|
792
|
+
if [ -z "$LANG" ]; then
|
793
|
+
chroot $rootfs locale-gen en_US.UTF-8
|
794
|
+
chroot $rootfs update-locale LANG=en_US.UTF-8
|
795
|
+
else
|
796
|
+
chroot $rootfs locale-gen $LANG
|
797
|
+
chroot $rootfs update-locale LANG=$LANG
|
798
|
+
fi
|
799
|
+
|
800
|
+
# remove pointless services in a container
|
801
|
+
chroot $rootfs /usr/sbin/update-rc.d -f ondemand remove
|
802
|
+
|
803
|
+
chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls u*.conf); do mv $f $f.orig; done'
|
804
|
+
chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls tty[2-9].conf); do mv $f $f.orig; done'
|
805
|
+
chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls plymouth*.conf); do mv $f $f.orig; done'
|
806
|
+
chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls hwclock*.conf); do mv $f $f.orig; done'
|
807
|
+
chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls module*.conf); do mv $f $f.orig; done'
|
808
|
+
|
809
|
+
# if this isn't lucid, then we need to twiddle the network upstart bits :(
|
810
|
+
if [ $release != "lucid" ]; then
|
811
|
+
sed -i 's/^.*emission handled.*$/echo Emitting lo/' $rootfs/etc/network/if-up.d/upstart
|
812
|
+
fi
|
813
|
+
}
|
814
|
+
|
815
|
+
post_process()
|
816
|
+
{
|
817
|
+
rootfs=$1
|
818
|
+
release=$2
|
819
|
+
trim_container=$3
|
820
|
+
|
821
|
+
if [ $trim_container -eq 1 ]; then
|
822
|
+
trim $rootfs $release
|
823
|
+
elif [ ! -f $rootfs/etc/init/container-detect.conf ]; then
|
824
|
+
# Make sure we have a working resolv.conf
|
825
|
+
cresolvonf="${rootfs}/etc/resolv.conf"
|
826
|
+
mv $cresolvonf ${cresolvonf}.lxcbak
|
827
|
+
cat /etc/resolv.conf > ${cresolvonf}
|
828
|
+
|
829
|
+
# for lucid, if not trimming, then add the ubuntu-virt
|
830
|
+
# ppa and install lxcguest
|
831
|
+
if [ $release = "lucid" ]; then
|
832
|
+
chroot $rootfs apt-get install --force-yes -y python-software-properties
|
833
|
+
chroot $rootfs add-apt-repository ppa:ubuntu-virt/ppa
|
834
|
+
fi
|
835
|
+
|
836
|
+
chroot $rootfs apt-get update
|
837
|
+
chroot $rootfs apt-get install --force-yes -y lxcguest
|
838
|
+
|
839
|
+
# Restore old resolv.conf
|
840
|
+
rm -f ${cresolvonf}
|
841
|
+
mv ${cresolvonf}.lxcbak ${cresolvonf}
|
842
|
+
fi
|
843
|
+
|
844
|
+
# If the container isn't running a native architecture, setup multiarch
|
845
|
+
if [ -x "$(ls -1 ${rootfs}/usr/bin/qemu-*-static 2>/dev/null)" ]; then
|
846
|
+
dpkg_version=$(chroot $rootfs dpkg-query -W -f='${Version}' dpkg)
|
847
|
+
if chroot $rootfs dpkg --compare-versions $dpkg_version ge "1.16.2"; then
|
848
|
+
chroot $rootfs dpkg --add-architecture ${hostarch}
|
849
|
+
else
|
850
|
+
mkdir -p ${rootfs}/etc/dpkg/dpkg.cfg.d
|
851
|
+
echo "foreign-architecture ${hostarch}" > ${rootfs}/etc/dpkg/dpkg.cfg.d/lxc-multiarch
|
852
|
+
fi
|
853
|
+
|
854
|
+
# Save existing value of MIRROR and SECURITY_MIRROR
|
855
|
+
DEFAULT_MIRROR=$MIRROR
|
856
|
+
DEFAULT_SECURITY_MIRROR=$SECURITY_MIRROR
|
857
|
+
|
858
|
+
# Write a new sources.list containing both native and multiarch entries
|
859
|
+
> ${rootfs}/etc/apt/sources.list
|
860
|
+
write_sourceslist $rootfs $arch "native"
|
861
|
+
|
862
|
+
MIRROR=$DEFAULT_MIRROR
|
863
|
+
SECURITY_MIRROR=$DEFAULT_SECURITY_MIRROR
|
864
|
+
write_sourceslist $rootfs $hostarch "multiarch"
|
865
|
+
|
866
|
+
# Finally update the lists and install upstart using the host architecture
|
867
|
+
chroot $rootfs apt-get update
|
868
|
+
chroot $rootfs apt-get install --force-yes -y --no-install-recommends upstart:${hostarch} mountall:${hostarch} iproute:${hostarch} isc-dhcp-client:${hostarch}
|
869
|
+
fi
|
870
|
+
|
871
|
+
# rmdir /dev/shm for containers that have /run/shm
|
872
|
+
# I'm afraid of doing rm -rf $rootfs/dev/shm, in case it did
|
873
|
+
# get bind mounted to the host's /run/shm. So try to rmdir
|
874
|
+
# it, and in case that fails move it out of the way.
|
875
|
+
if [ ! -L $rootfs/dev/shm ] && [ -d $rootfs/run/shm ] && [ -e $rootfs/dev/shm ]; then
|
876
|
+
mv $rootfs/dev/shm $rootfs/dev/shm.bak
|
877
|
+
ln -s /run/shm $rootfs/dev/shm
|
878
|
+
fi
|
879
|
+
}
|
880
|
+
|
881
|
+
usage()
|
882
|
+
{
|
883
|
+
cat <<EOF
|
884
|
+
$1 -h|--help [-a|--arch] [--trim] [-d|--debug]
|
885
|
+
[-F | --flush-cache] [-r|--release <release>] [ -S | --auth-key <keyfile>]
|
886
|
+
release: the ubuntu release (e.g. precise): defaults to host release on ubuntu, otherwise uses latest LTS
|
887
|
+
trim: make a minimal (faster, but not upgrade-safe) container
|
888
|
+
arch: the container architecture (e.g. amd64): defaults to host arch
|
889
|
+
auth-key: SSH Public key file to inject into container
|
890
|
+
EOF
|
891
|
+
return 0
|
892
|
+
}
|
893
|
+
|
894
|
+
options=$(getopt -o a:b:hp:r:xn:FS:d -l arch:,help,path:,release:,trim,name:,flush-cache,auth-key:,debug -- "$@")
|
895
|
+
if [ $? -ne 0 ]; then
|
896
|
+
usage $(basename $0)
|
897
|
+
exit 1
|
898
|
+
fi
|
899
|
+
eval set -- "$options"
|
900
|
+
|
901
|
+
release=precise # Default to the last Ubuntu LTS release for non-Ubuntu systems
|
902
|
+
if [ -f /etc/lsb-release ]; then
|
903
|
+
. /etc/lsb-release
|
904
|
+
if [ "$DISTRIB_ID" = "Ubuntu" ]; then
|
905
|
+
release=$DISTRIB_CODENAME
|
906
|
+
fi
|
907
|
+
fi
|
908
|
+
|
909
|
+
bindhome=
|
910
|
+
arch=$(arch)
|
911
|
+
|
912
|
+
# Code taken from debootstrap
|
913
|
+
if [ -x /usr/bin/dpkg ] && /usr/bin/dpkg --print-architecture >/dev/null 2>&1; then
|
914
|
+
arch=`/usr/bin/dpkg --print-architecture`
|
915
|
+
elif type udpkg >/dev/null 2>&1 && udpkg --print-architecture >/dev/null 2>&1; then
|
916
|
+
arch=`/usr/bin/udpkg --print-architecture`
|
917
|
+
else
|
918
|
+
arch=$(arch)
|
919
|
+
if [ "$arch" = "i686" ]; then
|
920
|
+
arch="i386"
|
921
|
+
elif [ "$arch" = "x86_64" ]; then
|
922
|
+
arch="amd64"
|
923
|
+
elif [ "$arch" = "armv7l" ]; then
|
924
|
+
arch="armel"
|
925
|
+
fi
|
926
|
+
fi
|
927
|
+
|
928
|
+
debug=0
|
929
|
+
trim_container=0
|
930
|
+
hostarch=$arch
|
931
|
+
flushcache=0
|
932
|
+
while true
|
933
|
+
do
|
934
|
+
case "$1" in
|
935
|
+
-h|--help) usage $0 && exit 0;;
|
936
|
+
-p|--path) path=$2; shift 2;;
|
937
|
+
-n|--name) name=$2; shift 2;;
|
938
|
+
-F|--flush-cache) flushcache=1; shift 1;;
|
939
|
+
-r|--release) release=$2; shift 2;;
|
940
|
+
-a|--arch) arch=$2; shift 2;;
|
941
|
+
-x|--trim) trim_container=1; shift 1;;
|
942
|
+
-S|--auth-key) auth_key=$2; shift 2;;
|
943
|
+
-d|--debug) debug=1; shift 1;;
|
944
|
+
--) shift 1; break ;;
|
945
|
+
*) break ;;
|
946
|
+
esac
|
947
|
+
done
|
948
|
+
|
949
|
+
if [ $debug -eq 1 ]; then
|
950
|
+
set -x
|
951
|
+
fi
|
952
|
+
|
953
|
+
if [ "$arch" == "i686" ]; then
|
954
|
+
arch=i386
|
955
|
+
fi
|
956
|
+
|
957
|
+
if [ $hostarch = "i386" -a $arch = "amd64" ]; then
|
958
|
+
echo "can't create amd64 container on i386"
|
959
|
+
exit 1
|
960
|
+
fi
|
961
|
+
|
962
|
+
type debootstrap
|
963
|
+
if [ $? -ne 0 ]; then
|
964
|
+
echo "'debootstrap' command is missing"
|
965
|
+
exit 1
|
966
|
+
fi
|
967
|
+
|
968
|
+
if [ -z "$path" ]; then
|
969
|
+
echo "'path' parameter is required"
|
970
|
+
exit 1
|
971
|
+
fi
|
972
|
+
|
973
|
+
if [ "$(id -u)" != "0" ]; then
|
974
|
+
echo "This script should be run as 'root'"
|
975
|
+
exit 1
|
976
|
+
fi
|
977
|
+
|
978
|
+
rootfs=$path/rootfs
|
979
|
+
|
980
|
+
install_ubuntu $rootfs $release $flushcache
|
981
|
+
if [ $? -ne 0 ]; then
|
982
|
+
echo "failed to install ubuntu $release"
|
983
|
+
exit 1
|
984
|
+
fi
|
985
|
+
|
986
|
+
configure_ubuntu $rootfs $name $release
|
987
|
+
if [ $? -ne 0 ]; then
|
988
|
+
echo "failed to configure ubuntu $release for a container"
|
989
|
+
exit 1
|
990
|
+
fi
|
991
|
+
|
992
|
+
copy_configuration $path $rootfs $name $arch $release
|
993
|
+
if [ $? -ne 0 ]; then
|
994
|
+
echo "failed write configuration file"
|
995
|
+
exit 1
|
996
|
+
fi
|
997
|
+
|
998
|
+
post_process $rootfs $release $trim_container
|
999
|
+
|
1000
|
+
finalize_user
|
1001
|
+
|
1002
|
+
TEMPLATE
|
1003
|
+
File.open(".tmp.lxc-pauper.conf",'w') do |f|
|
1004
|
+
f.puts @template
|
1005
|
+
end
|
1006
|
+
system "sudo mv .tmp.lxc-pauper.conf /usr/lib/lxc/templates/lxc-pauper"
|
1007
|
+
system "sudo chmod +x /usr/lib/lxc/templates/lxc-pauper"
|
1008
|
+
end
|
1009
|
+
|
351
1010
|
class Config
|
352
1011
|
attr_reader :config
|
353
1012
|
|
@@ -467,3 +1126,4 @@ EOF
|
|
467
1126
|
end
|
468
1127
|
end
|
469
1128
|
end
|
1129
|
+
|
metadata
CHANGED
@@ -1,13 +1,12 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pauper
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
|
5
|
-
prerelease:
|
4
|
+
prerelease: false
|
6
5
|
segments:
|
7
6
|
- 0
|
8
7
|
- 1
|
9
|
-
-
|
10
|
-
version: 0.1.
|
8
|
+
- 1
|
9
|
+
version: 0.1.1
|
11
10
|
platform: ruby
|
12
11
|
authors:
|
13
12
|
- Tyler McMullen
|
@@ -16,18 +15,16 @@ autorequire:
|
|
16
15
|
bindir: bin
|
17
16
|
cert_chain: []
|
18
17
|
|
19
|
-
date:
|
18
|
+
date: 2013-01-03 00:00:00 -08:00
|
20
19
|
default_executable:
|
21
20
|
dependencies:
|
22
21
|
- !ruby/object:Gem::Dependency
|
23
22
|
name: thor
|
24
23
|
prerelease: false
|
25
24
|
requirement: &id001 !ruby/object:Gem::Requirement
|
26
|
-
none: false
|
27
25
|
requirements:
|
28
26
|
- - ">="
|
29
27
|
- !ruby/object:Gem::Version
|
30
|
-
hash: 3
|
31
28
|
segments:
|
32
29
|
- 0
|
33
30
|
version: "0"
|
@@ -37,11 +34,9 @@ dependencies:
|
|
37
34
|
name: net-ssh
|
38
35
|
prerelease: false
|
39
36
|
requirement: &id002 !ruby/object:Gem::Requirement
|
40
|
-
none: false
|
41
37
|
requirements:
|
42
38
|
- - ">="
|
43
39
|
- !ruby/object:Gem::Version
|
44
|
-
hash: 3
|
45
40
|
segments:
|
46
41
|
- 0
|
47
42
|
version: "0"
|
@@ -51,11 +46,9 @@ dependencies:
|
|
51
46
|
name: net-scp
|
52
47
|
prerelease: false
|
53
48
|
requirement: &id003 !ruby/object:Gem::Requirement
|
54
|
-
none: false
|
55
49
|
requirements:
|
56
50
|
- - ">="
|
57
51
|
- !ruby/object:Gem::Version
|
58
|
-
hash: 3
|
59
52
|
segments:
|
60
53
|
- 0
|
61
54
|
version: "0"
|
@@ -65,11 +58,9 @@ dependencies:
|
|
65
58
|
name: json
|
66
59
|
prerelease: false
|
67
60
|
requirement: &id004 !ruby/object:Gem::Requirement
|
68
|
-
none: false
|
69
61
|
requirements:
|
70
62
|
- - ">="
|
71
63
|
- !ruby/object:Gem::Version
|
72
|
-
hash: 3
|
73
64
|
segments:
|
74
65
|
- 0
|
75
66
|
version: "0"
|
@@ -103,27 +94,23 @@ rdoc_options: []
|
|
103
94
|
require_paths:
|
104
95
|
- lib
|
105
96
|
required_ruby_version: !ruby/object:Gem::Requirement
|
106
|
-
none: false
|
107
97
|
requirements:
|
108
98
|
- - ">="
|
109
99
|
- !ruby/object:Gem::Version
|
110
|
-
hash: 3
|
111
100
|
segments:
|
112
101
|
- 0
|
113
102
|
version: "0"
|
114
103
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
115
|
-
none: false
|
116
104
|
requirements:
|
117
105
|
- - ">="
|
118
106
|
- !ruby/object:Gem::Version
|
119
|
-
hash: 3
|
120
107
|
segments:
|
121
108
|
- 0
|
122
109
|
version: "0"
|
123
110
|
requirements: []
|
124
111
|
|
125
112
|
rubyforge_project:
|
126
|
-
rubygems_version: 1.6
|
113
|
+
rubygems_version: 1.3.6
|
127
114
|
signing_key:
|
128
115
|
specification_version: 3
|
129
116
|
summary: A semi-sane way to manage a multi-vm dev environment
|