pauper 0.2.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/bin/pauper +12 -4
- data/lib/fusion.rb +1 -1
- data/lib/lxc_template.rb +643 -0
- data/lib/pauper.rb +115 -668
- data/lib/pauper/version.rb +1 -1
- data/test/pauper_test.rb +4 -2
- metadata +17 -16
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: af5126775307e89900badb113cdc5e1425799250
|
4
|
+
data.tar.gz: 7e99fd016fbdfb32a35040061af5a07667b47fb3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 58bb795aa47da08f4dcd3f1fc64c74058414009a9a48e668621ee40f883f9973f7ef96e80f228b654197cb48552ea9282d1fe36781eefc324fac80838d35629b
|
7
|
+
data.tar.gz: d8b8d0b344870bdec4798b38bab5ae18dc6781bff2de109498a8d6ce37615e010d06dcd6eb78915a881633a04f4ae3c6ce50e6870deee9e94d9b37037c820749
|
data/bin/pauper
CHANGED
@@ -6,6 +6,7 @@ require 'pauper'
|
|
6
6
|
require 'fusion'
|
7
7
|
|
8
8
|
# Check for new versions on startup
|
9
|
+
|
9
10
|
SKIP_VERSION_CHECK_FLAG = '--skip-version-check'
|
10
11
|
unless ARGV.include?(SKIP_VERSION_CHECK_FLAG)
|
11
12
|
current_version = Gem.loaded_specs['pauper'].version
|
@@ -18,6 +19,9 @@ unless ARGV.include?(SKIP_VERSION_CHECK_FLAG)
|
|
18
19
|
end
|
19
20
|
ARGV.delete(SKIP_VERSION_CHECK_FLAG)
|
20
21
|
|
22
|
+
# Make sure PATH is what ubuntu expects it to be
|
23
|
+
ENV['PATH']='/usr/local/sbin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin'
|
24
|
+
|
21
25
|
require 'vmx'
|
22
26
|
|
23
27
|
module Pauperism
|
@@ -86,9 +90,9 @@ module Pauperism
|
|
86
90
|
class CLI < Thor
|
87
91
|
class_option :pauperfile, :type => :string
|
88
92
|
|
89
|
-
desc "bootstrap", "Initialize the base image"
|
90
|
-
def bootstrap
|
91
|
-
pauper.bootstrap
|
93
|
+
desc "bootstrap [lucid|precise]", "Initialize the base image"
|
94
|
+
def bootstrap(release='lucid')
|
95
|
+
pauper.bootstrap(release)
|
92
96
|
end
|
93
97
|
|
94
98
|
desc "destroy [NODENAME]", "Completely destroy a VM"
|
@@ -155,7 +159,6 @@ module Pauperism
|
|
155
159
|
pauper.write_hosts
|
156
160
|
end
|
157
161
|
|
158
|
-
|
159
162
|
desc 'setup_osx [VMNAME]', 'Set up things for OS X'
|
160
163
|
def setup_osx(vm_path=Fusion::DEFAULT_VMPATH)
|
161
164
|
unless Pauper.osx?
|
@@ -214,6 +217,11 @@ module Pauperism
|
|
214
217
|
|
215
218
|
desc 'vm SUBCOMMAND', 'Operations dealing with VMware Fusion'
|
216
219
|
subcommand 'vm', Vm
|
220
|
+
|
221
|
+
desc 'version', 'Print version'
|
222
|
+
def version
|
223
|
+
Pauper.version
|
224
|
+
end
|
217
225
|
end
|
218
226
|
end
|
219
227
|
|
data/lib/fusion.rb
CHANGED
@@ -44,7 +44,7 @@ class Fusion
|
|
44
44
|
def vmrun(cmd)
|
45
45
|
case cmd
|
46
46
|
when 'start'
|
47
|
-
cmd = "#{@vmrun} -T fusion #{cmd} #{vmx.shellescape} #{@
|
47
|
+
cmd = "#{@vmrun} -T fusion #{cmd} #{vmx.shellescape} #{@nogui}"
|
48
48
|
when 'stop', 'reset', 'suspend'
|
49
49
|
cmd = "#{@vmrun} -T fusion #{cmd} #{vmx.shellescape} #{@force}"
|
50
50
|
when 'pause', 'unpause'
|
data/lib/lxc_template.rb
ADDED
@@ -0,0 +1,643 @@
|
|
1
|
+
# -*- coding: iso-8859-1 -*-
|
2
|
+
class Template
|
3
|
+
def self.lxc
|
4
|
+
<<TEMPLATE
|
5
|
+
#!/bin/bash
|
6
|
+
|
7
|
+
#
|
8
|
+
# template script for generating ubuntu container for LXC
|
9
|
+
#
|
10
|
+
# This script consolidates and extends the existing lxc ubuntu scripts
|
11
|
+
#
|
12
|
+
|
13
|
+
# Copyright © 2011 Serge Hallyn <serge.hallyn@canonical.com>
|
14
|
+
# Copyright © 2010 Wilhelm Meier
|
15
|
+
# Author: Wilhelm Meier <wilhelm.meier@fh-kl.de>
|
16
|
+
#
|
17
|
+
# This program is free software; you can redistribute it and/or modify
|
18
|
+
# it under the terms of the GNU General Public License version 2, as
|
19
|
+
# published by the Free Software Foundation.
|
20
|
+
|
21
|
+
# This program is distributed in the hope that it will be useful,
|
22
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
23
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
24
|
+
# GNU General Public License for more details.
|
25
|
+
|
26
|
+
# You should have received a copy of the GNU General Public License along
|
27
|
+
# with this program; if not, write to the Free Software Foundation, Inc.,
|
28
|
+
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
29
|
+
#
|
30
|
+
|
31
|
+
set -e -x
|
32
|
+
|
33
|
+
if [ -r /etc/default/lxc ]; then
|
34
|
+
. /etc/default/lxc
|
35
|
+
fi
|
36
|
+
|
37
|
+
configure_ubuntu()
|
38
|
+
{
|
39
|
+
rootfs=$1
|
40
|
+
hostname=$2
|
41
|
+
release=$3
|
42
|
+
|
43
|
+
# configure the network using the dhcp
|
44
|
+
cat <<EOF > $rootfs/etc/network/interfaces
|
45
|
+
# This file describes the network interfaces available on your system
|
46
|
+
# and how to activate them. For more information, see interfaces(5).
|
47
|
+
|
48
|
+
# The loopback network interface
|
49
|
+
auto lo
|
50
|
+
iface lo inet loopback
|
51
|
+
|
52
|
+
auto eth0
|
53
|
+
iface eth0 inet dhcp
|
54
|
+
EOF
|
55
|
+
|
56
|
+
# set the hostname
|
57
|
+
cat <<EOF > $rootfs/etc/hostname
|
58
|
+
$hostname
|
59
|
+
EOF
|
60
|
+
# set minimal hosts
|
61
|
+
cat <<EOF > $rootfs/etc/hosts
|
62
|
+
127.0.0.1 localhost
|
63
|
+
127.0.1.1 $hostname
|
64
|
+
|
65
|
+
# The following lines are desirable for IPv6 capable hosts
|
66
|
+
::1 ip6-localhost ip6-loopback
|
67
|
+
fe00::0 ip6-localnet
|
68
|
+
ff00::0 ip6-mcastprefix
|
69
|
+
ff02::1 ip6-allnodes
|
70
|
+
ff02::2 ip6-allrouters
|
71
|
+
EOF
|
72
|
+
|
73
|
+
if [ ! -f $rootfs/etc/init/container-detect.conf ]; then
|
74
|
+
# suppress log level output for udev
|
75
|
+
sed -i "s/=\"err\"/=0/" $rootfs/etc/udev/udev.conf
|
76
|
+
|
77
|
+
# remove jobs for consoles 5 and 6 since we only create 4 consoles in
|
78
|
+
# this template
|
79
|
+
rm -f $rootfs/etc/init/tty{5,6}.conf
|
80
|
+
fi
|
81
|
+
|
82
|
+
return 0
|
83
|
+
}
|
84
|
+
|
85
|
+
# finish setting up the user in the container by injecting ssh key
|
86
|
+
finalize_user()
|
87
|
+
{
|
88
|
+
if [ -n "$auth_key" -a -f "$auth_key" ]; then
|
89
|
+
u_path="/root/.ssh"
|
90
|
+
root_u_path="$rootfs/$u_path"
|
91
|
+
|
92
|
+
mkdir -p $root_u_path
|
93
|
+
cp $auth_key "$root_u_path/authorized_keys"
|
94
|
+
chroot $rootfs chown -R root: "$u_path"
|
95
|
+
|
96
|
+
echo "Inserted SSH public key from $auth_key into /root/.ssh/authorized_keys"
|
97
|
+
fi
|
98
|
+
return 0
|
99
|
+
}
|
100
|
+
|
101
|
+
write_sourceslist()
|
102
|
+
{
|
103
|
+
# $1 => path to the rootfs
|
104
|
+
# $2 => architecture we want to add
|
105
|
+
# $3 => whether to use the multi-arch syntax or not
|
106
|
+
|
107
|
+
case $2 in
|
108
|
+
amd64|i386)
|
109
|
+
MIRROR=${MIRROR:-http://mirrors.fastly.net/ubuntu}
|
110
|
+
SECURITY_MIRROR=${SECURITY_MIRROR:-http://mirrors.fastly.net/ubuntu}
|
111
|
+
;;
|
112
|
+
*)
|
113
|
+
MIRROR=${MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
|
114
|
+
SECURITY_MIRROR=${SECURITY_MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
|
115
|
+
;;
|
116
|
+
esac
|
117
|
+
if [ -n "$3" ]; then
|
118
|
+
cat >> "$1/etc/apt/sources.list" << EOF
|
119
|
+
deb [arch=$2] $MIRROR ${release} main restricted universe multiverse
|
120
|
+
deb [arch=$2] $MIRROR ${release}-updates main restricted universe multiverse
|
121
|
+
deb [arch=$2] $SECURITY_MIRROR ${release}-security main restricted universe multiverse
|
122
|
+
EOF
|
123
|
+
else
|
124
|
+
cat >> "$1/etc/apt/sources.list" << EOF
|
125
|
+
deb $MIRROR ${release} main restricted universe multiverse
|
126
|
+
deb $MIRROR ${release}-updates main restricted universe multiverse
|
127
|
+
deb $SECURITY_MIRROR ${release}-security main restricted universe multiverse
|
128
|
+
EOF
|
129
|
+
fi
|
130
|
+
}
|
131
|
+
|
132
|
+
cleanup()
|
133
|
+
{
|
134
|
+
rm -rf $cache/partial-$arch
|
135
|
+
rm -rf $cache/rootfs-$arch
|
136
|
+
}
|
137
|
+
|
138
|
+
download_ubuntu()
|
139
|
+
{
|
140
|
+
cache=$1
|
141
|
+
arch=$2
|
142
|
+
release=$3
|
143
|
+
|
144
|
+
packages=vim,ssh,curl,wget
|
145
|
+
echo "installing packages: $packages"
|
146
|
+
|
147
|
+
trap cleanup EXIT SIGHUP SIGINT SIGTERM
|
148
|
+
# check the mini ubuntu was not already downloaded
|
149
|
+
mkdir -p "$cache/partial-$arch"
|
150
|
+
if [ $? -ne 0 ]; then
|
151
|
+
echo "Failed to create '$cache/partial-$arch' directory"
|
152
|
+
return 1
|
153
|
+
fi
|
154
|
+
|
155
|
+
# download a mini ubuntu into a cache
|
156
|
+
MIRROR=${MIRROR:-http://mirrors.fastly.net/ubuntu}
|
157
|
+
echo "Downloading ubuntu $release minimal from $MIRROR ..."
|
158
|
+
if [ -n "$(which qemu-debootstrap)" ]; then
|
159
|
+
qemu-debootstrap --verbose --components=main,universe --arch=$arch --include=$packages $release $cache/partial-$arch $MIRROR
|
160
|
+
else
|
161
|
+
debootstrap --verbose --components=main,universe --arch=$arch --include=$packages $release $cache/partial-$arch $MIRROR
|
162
|
+
fi
|
163
|
+
|
164
|
+
if [ $? -ne 0 ]; then
|
165
|
+
echo "Failed to download the rootfs, aborting."
|
166
|
+
return 1
|
167
|
+
fi
|
168
|
+
|
169
|
+
# Serge isn't sure whether we should avoid doing this when
|
170
|
+
# $release == `distro-info -d`
|
171
|
+
echo "Installing updates"
|
172
|
+
> $cache/partial-$arch/etc/apt/sources.list
|
173
|
+
write_sourceslist $cache/partial-$arch/ $arch
|
174
|
+
|
175
|
+
# precise: do not try to use i386 repos, we do not have them
|
176
|
+
if [ $release != "lucid" ]; then
|
177
|
+
rm -f "$1/partial-${arch}/etc/dpkg/dpkg.cfg.d/multiarch"
|
178
|
+
fi
|
179
|
+
|
180
|
+
chroot "$1/partial-${arch}" apt-get update
|
181
|
+
if [ $? -ne 0 ]; then
|
182
|
+
echo "Failed to update the apt cache"
|
183
|
+
return 1
|
184
|
+
fi
|
185
|
+
cat > "$1/partial-${arch}"/usr/sbin/policy-rc.d << EOF
|
186
|
+
#!/bin/sh
|
187
|
+
exit 101
|
188
|
+
EOF
|
189
|
+
chmod +x "$1/partial-${arch}"/usr/sbin/policy-rc.d
|
190
|
+
|
191
|
+
lxc-unshare -s MOUNT -- chroot "$1/partial-${arch}" apt-get dist-upgrade -y
|
192
|
+
ret=$?
|
193
|
+
rm -f "$1/partial-${arch}"/usr/sbin/policy-rc.d
|
194
|
+
|
195
|
+
if [ $ret -ne 0 ]; then
|
196
|
+
echo "Failed to upgrade the cache"
|
197
|
+
return 1
|
198
|
+
fi
|
199
|
+
|
200
|
+
mv "$1/partial-$arch" "$1/rootfs-$arch"
|
201
|
+
trap EXIT
|
202
|
+
trap SIGINT
|
203
|
+
trap SIGTERM
|
204
|
+
trap SIGHUP
|
205
|
+
echo "Download complete"
|
206
|
+
return 0
|
207
|
+
}
|
208
|
+
|
209
|
+
copy_ubuntu()
|
210
|
+
{
|
211
|
+
cache=$1
|
212
|
+
arch=$2
|
213
|
+
rootfs=$3
|
214
|
+
|
215
|
+
# make a local copy of the miniubuntu
|
216
|
+
echo "Copying rootfs to $rootfs ..."
|
217
|
+
mkdir -p $rootfs
|
218
|
+
rsync -a $cache/rootfs-$arch/ $rootfs/ || return 1
|
219
|
+
return 0
|
220
|
+
}
|
221
|
+
|
222
|
+
install_ubuntu()
|
223
|
+
{
|
224
|
+
rootfs=$1
|
225
|
+
release=$2
|
226
|
+
flushcache=$3
|
227
|
+
cache="/var/cache/lxc/$release"
|
228
|
+
mkdir -p /var/lock/subsys/
|
229
|
+
|
230
|
+
(
|
231
|
+
flock -x 200
|
232
|
+
if [ $? -ne 0 ]; then
|
233
|
+
echo "Cache repository is busy."
|
234
|
+
return 1
|
235
|
+
fi
|
236
|
+
|
237
|
+
|
238
|
+
if [ $flushcache -eq 1 ]; then
|
239
|
+
echo "Flushing cache..."
|
240
|
+
rm -rf "$cache/partial-$arch"
|
241
|
+
rm -rf "$cache/rootfs-$arch"
|
242
|
+
fi
|
243
|
+
|
244
|
+
echo "Checking cache download in $cache/rootfs-$arch ... "
|
245
|
+
if [ ! -e "$cache/rootfs-$arch" ]; then
|
246
|
+
download_ubuntu $cache $arch $release
|
247
|
+
if [ $? -ne 0 ]; then
|
248
|
+
echo "Failed to download 'ubuntu $release base'"
|
249
|
+
return 1
|
250
|
+
fi
|
251
|
+
fi
|
252
|
+
|
253
|
+
echo "Copy $cache/rootfs-$arch to $rootfs ... "
|
254
|
+
copy_ubuntu $cache $arch $rootfs
|
255
|
+
if [ $? -ne 0 ]; then
|
256
|
+
echo "Failed to copy rootfs"
|
257
|
+
return 1
|
258
|
+
fi
|
259
|
+
|
260
|
+
return 0
|
261
|
+
|
262
|
+
) 200>/var/lock/subsys/lxc
|
263
|
+
|
264
|
+
return $?
|
265
|
+
}
|
266
|
+
|
267
|
+
copy_configuration()
|
268
|
+
{
|
269
|
+
path=$1
|
270
|
+
rootfs=$2
|
271
|
+
name=$3
|
272
|
+
arch=$4
|
273
|
+
release=$5
|
274
|
+
|
275
|
+
if [ $arch = "i386" ]; then
|
276
|
+
arch="i686"
|
277
|
+
fi
|
278
|
+
|
279
|
+
ttydir=""
|
280
|
+
if [ -f $rootfs/etc/init/container-detect.conf ]; then
|
281
|
+
ttydir=" lxc"
|
282
|
+
fi
|
283
|
+
|
284
|
+
# if there is exactly one veth network entry, make sure it has an
|
285
|
+
# associated hwaddr.
|
286
|
+
nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l`
|
287
|
+
if [ $nics -eq 1 ]; then
|
288
|
+
grep -q "^lxc.network.hwaddr" $path/config || cat <<EOF >> $path/config
|
289
|
+
lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')
|
290
|
+
EOF
|
291
|
+
fi
|
292
|
+
|
293
|
+
cat <<EOF >> $path/config
|
294
|
+
lxc.utsname = $name
|
295
|
+
|
296
|
+
lxc.devttydir =$ttydir
|
297
|
+
lxc.tty = 4
|
298
|
+
lxc.pts = 1024
|
299
|
+
lxc.rootfs = $rootfs
|
300
|
+
lxc.mount = $path/fstab
|
301
|
+
lxc.arch = $arch
|
302
|
+
lxc.cap.drop = sys_module mac_admin
|
303
|
+
lxc.pivotdir = lxc_putold
|
304
|
+
|
305
|
+
# uncomment the next line to run the container unconfined:
|
306
|
+
#lxc.aa_profile = unconfined
|
307
|
+
|
308
|
+
lxc.cgroup.devices.deny = a
|
309
|
+
# Allow any mknod (but not using the node)
|
310
|
+
lxc.cgroup.devices.allow = c *:* m
|
311
|
+
lxc.cgroup.devices.allow = b *:* m
|
312
|
+
# /dev/null and zero
|
313
|
+
lxc.cgroup.devices.allow = c 1:3 rwm
|
314
|
+
lxc.cgroup.devices.allow = c 1:5 rwm
|
315
|
+
# consoles
|
316
|
+
lxc.cgroup.devices.allow = c 5:1 rwm
|
317
|
+
lxc.cgroup.devices.allow = c 5:0 rwm
|
318
|
+
#lxc.cgroup.devices.allow = c 4:0 rwm
|
319
|
+
#lxc.cgroup.devices.allow = c 4:1 rwm
|
320
|
+
# /dev/{,u}random
|
321
|
+
lxc.cgroup.devices.allow = c 1:9 rwm
|
322
|
+
lxc.cgroup.devices.allow = c 1:8 rwm
|
323
|
+
lxc.cgroup.devices.allow = c 136:* rwm
|
324
|
+
lxc.cgroup.devices.allow = c 5:2 rwm
|
325
|
+
# rtc
|
326
|
+
lxc.cgroup.devices.allow = c 254:0 rwm
|
327
|
+
#fuse
|
328
|
+
lxc.cgroup.devices.allow = c 10:229 rwm
|
329
|
+
#tun
|
330
|
+
lxc.cgroup.devices.allow = c 10:200 rwm
|
331
|
+
#full
|
332
|
+
lxc.cgroup.devices.allow = c 1:7 rwm
|
333
|
+
#hpet
|
334
|
+
lxc.cgroup.devices.allow = c 10:228 rwm
|
335
|
+
#kvm
|
336
|
+
lxc.cgroup.devices.allow = c 10:232 rwm
|
337
|
+
EOF
|
338
|
+
|
339
|
+
cat <<EOF > $path/fstab
|
340
|
+
proc proc proc nodev,noexec,nosuid 0 0
|
341
|
+
sysfs sys sysfs defaults 0 0
|
342
|
+
EOF
|
343
|
+
|
344
|
+
if [ $? -ne 0 ]; then
|
345
|
+
echo "Failed to add configuration"
|
346
|
+
return 1
|
347
|
+
fi
|
348
|
+
|
349
|
+
return 0
|
350
|
+
}
|
351
|
+
|
352
|
+
trim()
|
353
|
+
{
|
354
|
+
rootfs=$1
|
355
|
+
release=$2
|
356
|
+
|
357
|
+
# provide the lxc service
|
358
|
+
cat <<EOF > $rootfs/etc/init/lxc.conf
|
359
|
+
# fake some events needed for correct startup other services
|
360
|
+
|
361
|
+
description "Container Upstart"
|
362
|
+
|
363
|
+
start on startup
|
364
|
+
|
365
|
+
script
|
366
|
+
rm -rf /var/run/*.pid
|
367
|
+
rm -rf /var/run/network/*
|
368
|
+
/sbin/initctl emit stopped JOB=udevtrigger --no-wait
|
369
|
+
/sbin/initctl emit started JOB=udev --no-wait
|
370
|
+
end script
|
371
|
+
EOF
|
372
|
+
|
373
|
+
# fix buggus runlevel with sshd
|
374
|
+
cat <<EOF > $rootfs/etc/init/ssh.conf
|
375
|
+
# ssh - OpenBSD Secure Shell server
|
376
|
+
#
|
377
|
+
# The OpenSSH server provides secure shell access to the system.
|
378
|
+
|
379
|
+
description "OpenSSH server"
|
380
|
+
|
381
|
+
start on filesystem
|
382
|
+
stop on runlevel [!2345]
|
383
|
+
|
384
|
+
expect fork
|
385
|
+
respawn
|
386
|
+
respawn limit 10 5
|
387
|
+
umask 022
|
388
|
+
# replaces SSHD_OOM_ADJUST in /etc/default/ssh
|
389
|
+
oom never
|
390
|
+
|
391
|
+
pre-start script
|
392
|
+
test -x /usr/sbin/sshd || { stop; exit 0; }
|
393
|
+
test -e /etc/ssh/sshd_not_to_be_run && { stop; exit 0; }
|
394
|
+
test -c /dev/null || { stop; exit 0; }
|
395
|
+
|
396
|
+
mkdir -p -m0755 /var/run/sshd
|
397
|
+
end script
|
398
|
+
|
399
|
+
# if you used to set SSHD_OPTS in /etc/default/ssh, you can change the
|
400
|
+
# 'exec' line here instead
|
401
|
+
exec /usr/sbin/sshd
|
402
|
+
EOF
|
403
|
+
|
404
|
+
cat <<EOF > $rootfs/etc/init/console.conf
|
405
|
+
# console - getty
|
406
|
+
#
|
407
|
+
# This service maintains a console on tty1 from the point the system is
|
408
|
+
# started until it is shut down again.
|
409
|
+
|
410
|
+
start on stopped rc RUNLEVEL=[2345]
|
411
|
+
stop on runlevel [!2345]
|
412
|
+
|
413
|
+
respawn
|
414
|
+
exec /sbin/getty -8 38400 /dev/console
|
415
|
+
EOF
|
416
|
+
|
417
|
+
cat <<EOF > $rootfs/lib/init/fstab
|
418
|
+
# /lib/init/fstab: cleared out for bare-bones lxc
|
419
|
+
EOF
|
420
|
+
|
421
|
+
# reconfigure some services
|
422
|
+
if [ -z "$LANG" ]; then
|
423
|
+
chroot $rootfs locale-gen en_US.UTF-8
|
424
|
+
chroot $rootfs update-locale LANG=en_US.UTF-8
|
425
|
+
else
|
426
|
+
chroot $rootfs locale-gen $LANG
|
427
|
+
chroot $rootfs update-locale LANG=$LANG
|
428
|
+
fi
|
429
|
+
|
430
|
+
# remove pointless services in a container
|
431
|
+
chroot $rootfs /usr/sbin/update-rc.d -f ondemand remove
|
432
|
+
|
433
|
+
chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls u*.conf); do mv $f $f.orig; done'
|
434
|
+
chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls tty[2-9].conf); do mv $f $f.orig; done'
|
435
|
+
chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls plymouth*.conf); do mv $f $f.orig; done'
|
436
|
+
chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls hwclock*.conf); do mv $f $f.orig; done'
|
437
|
+
chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls module*.conf); do mv $f $f.orig; done'
|
438
|
+
|
439
|
+
# if this isn't lucid, then we need to twiddle the network upstart bits :(
|
440
|
+
if [ $release != "lucid" ]; then
|
441
|
+
sed -i 's/^.*emission handled.*$/echo Emitting lo/' $rootfs/etc/network/if-up.d/upstart
|
442
|
+
fi
|
443
|
+
}
|
444
|
+
|
445
|
+
post_process()
|
446
|
+
{
|
447
|
+
rootfs=$1
|
448
|
+
release=$2
|
449
|
+
trim_container=$3
|
450
|
+
|
451
|
+
if [ $trim_container -eq 1 ]; then
|
452
|
+
trim $rootfs $release
|
453
|
+
elif [ ! -f $rootfs/etc/init/container-detect.conf ]; then
|
454
|
+
# Make sure we have a working resolv.conf
|
455
|
+
cresolvonf="${rootfs}/etc/resolv.conf"
|
456
|
+
mv $cresolvonf ${cresolvonf}.lxcbak
|
457
|
+
cat /etc/resolv.conf > ${cresolvonf}
|
458
|
+
|
459
|
+
# for lucid, if not trimming, then add the ubuntu-virt
|
460
|
+
# ppa and install lxcguest
|
461
|
+
if [ $release = "lucid" ]; then
|
462
|
+
chroot $rootfs apt-get install --force-yes -y python-software-properties
|
463
|
+
chroot $rootfs add-apt-repository ppa:ubuntu-virt/ppa
|
464
|
+
fi
|
465
|
+
|
466
|
+
chroot $rootfs apt-get update
|
467
|
+
chroot $rootfs apt-get install --force-yes -y lxcguest
|
468
|
+
|
469
|
+
# Restore old resolv.conf
|
470
|
+
rm -f ${cresolvonf}
|
471
|
+
mv ${cresolvonf}.lxcbak ${cresolvonf}
|
472
|
+
fi
|
473
|
+
|
474
|
+
# If the container isn't running a native architecture, setup multiarch
|
475
|
+
if [ -x "$(ls -1 ${rootfs}/usr/bin/qemu-*-static 2>/dev/null)" ]; then
|
476
|
+
dpkg_version=$(chroot $rootfs dpkg-query -W -f='${Version}' dpkg)
|
477
|
+
if chroot $rootfs dpkg --compare-versions $dpkg_version ge "1.16.2"; then
|
478
|
+
chroot $rootfs dpkg --add-architecture ${hostarch}
|
479
|
+
else
|
480
|
+
mkdir -p ${rootfs}/etc/dpkg/dpkg.cfg.d
|
481
|
+
echo "foreign-architecture ${hostarch}" > ${rootfs}/etc/dpkg/dpkg.cfg.d/lxc-multiarch
|
482
|
+
fi
|
483
|
+
|
484
|
+
# Save existing value of MIRROR and SECURITY_MIRROR
|
485
|
+
DEFAULT_MIRROR=$MIRROR
|
486
|
+
DEFAULT_SECURITY_MIRROR=$SECURITY_MIRROR
|
487
|
+
|
488
|
+
# Write a new sources.list containing both native and multiarch entries
|
489
|
+
> ${rootfs}/etc/apt/sources.list
|
490
|
+
write_sourceslist $rootfs $arch "native"
|
491
|
+
|
492
|
+
MIRROR=$DEFAULT_MIRROR
|
493
|
+
SECURITY_MIRROR=$DEFAULT_SECURITY_MIRROR
|
494
|
+
write_sourceslist $rootfs $hostarch "multiarch"
|
495
|
+
|
496
|
+
# precise: do not try to use i386 repos, we do not have them
|
497
|
+
if [ $release != "lucid" ]; then
|
498
|
+
rm -f ${rootfs}/etc/dpkg/dpkg.cfg.d/multiarch
|
499
|
+
fi
|
500
|
+
|
501
|
+
# Finally update the lists and install upstart using the host architecture
|
502
|
+
chroot $rootfs apt-get update
|
503
|
+
chroot $rootfs apt-get install --force-yes -y --no-install-recommends upstart:${hostarch} mountall:${hostarch} iproute:${hostarch} isc-dhcp-client:${hostarch}
|
504
|
+
fi
|
505
|
+
|
506
|
+
# rmdir /dev/shm for containers that have /run/shm
|
507
|
+
# I'm afraid of doing rm -rf $rootfs/dev/shm, in case it did
|
508
|
+
# get bind mounted to the host's /run/shm. So try to rmdir
|
509
|
+
# it, and in case that fails move it out of the way.
|
510
|
+
if [ ! -L $rootfs/dev/shm ] && [ -d $rootfs/run/shm ] && [ -e $rootfs/dev/shm ]; then
|
511
|
+
mv $rootfs/dev/shm $rootfs/dev/shm.bak
|
512
|
+
ln -s /run/shm $rootfs/dev/shm
|
513
|
+
fi
|
514
|
+
}
|
515
|
+
|
516
|
+
usage()
|
517
|
+
{
|
518
|
+
cat <<EOF
|
519
|
+
$1 -h|--help [-a|--arch] [--trim] [-d|--debug]
|
520
|
+
[-F | --flush-cache] [-r|--release <release>] [ -S | --auth-key <keyfile>]
|
521
|
+
release: the ubuntu release (e.g. precise): defaults to host release on ubuntu, otherwise uses latest LTS
|
522
|
+
trim: make a minimal (faster, but not upgrade-safe) container
|
523
|
+
arch: the container architecture (e.g. amd64): defaults to host arch
|
524
|
+
auth-key: SSH Public key file to inject into container
|
525
|
+
EOF
|
526
|
+
return 0
|
527
|
+
}
|
528
|
+
|
529
|
+
options=$(getopt -o a:b:hp:r:xn:FS:d -l arch:,help,path:,release:,trim,name:,flush-cache,auth-key:,debug,rootfs: -- "$@")
|
530
|
+
if [ $? -ne 0 ]; then
|
531
|
+
usage $(basename $0)
|
532
|
+
exit 1
|
533
|
+
fi
|
534
|
+
eval set -- "$options"
|
535
|
+
|
536
|
+
release=precise # Default to the last Ubuntu LTS release for non-Ubuntu systems
|
537
|
+
if [ -f /etc/lsb-release ]; then
|
538
|
+
. /etc/lsb-release
|
539
|
+
if [ "$DISTRIB_ID" = "Ubuntu" ]; then
|
540
|
+
release=$DISTRIB_CODENAME
|
541
|
+
fi
|
542
|
+
fi
|
543
|
+
|
544
|
+
bindhome=
|
545
|
+
arch=$(arch)
|
546
|
+
|
547
|
+
# Code taken from debootstrap
|
548
|
+
if [ -x /usr/bin/dpkg ] && /usr/bin/dpkg --print-architecture >/dev/null 2>&1; then
|
549
|
+
arch=`/usr/bin/dpkg --print-architecture`
|
550
|
+
elif type udpkg >/dev/null 2>&1 && udpkg --print-architecture >/dev/null 2>&1; then
|
551
|
+
arch=`/usr/bin/udpkg --print-architecture`
|
552
|
+
else
|
553
|
+
arch=$(arch)
|
554
|
+
if [ "$arch" = "i686" ]; then
|
555
|
+
arch="i386"
|
556
|
+
elif [ "$arch" = "x86_64" ]; then
|
557
|
+
arch="amd64"
|
558
|
+
elif [ "$arch" = "armv7l" ]; then
|
559
|
+
arch="armel"
|
560
|
+
fi
|
561
|
+
fi
|
562
|
+
|
563
|
+
debug=0
|
564
|
+
trim_container=0
|
565
|
+
hostarch=$arch
|
566
|
+
flushcache=0
|
567
|
+
|
568
|
+
while true
|
569
|
+
do
|
570
|
+
case "$1" in
|
571
|
+
-h|--help) usage $0 && exit 0;;
|
572
|
+
-p|--path) path=$2; shift 2;;
|
573
|
+
-n|--name) name=$2; shift 2;;
|
574
|
+
-F|--flush-cache) flushcache=1; shift 1;;
|
575
|
+
-r|--release) release=$2; shift 2;;
|
576
|
+
-a|--arch) arch=$2; shift 2;;
|
577
|
+
-x|--trim) trim_container=1; shift 1;;
|
578
|
+
-S|--auth-key) auth_key=$2; shift 2;;
|
579
|
+
-d|--debug) debug=1; shift 1;;
|
580
|
+
--rootfs) shift 2;;
|
581
|
+
--) shift 1; break ;;
|
582
|
+
"") break ;;
|
583
|
+
*) echo "Got unexpected parameter: $1" ; exit 1 ;;
|
584
|
+
esac
|
585
|
+
done
|
586
|
+
|
587
|
+
if [ $debug -eq 1 ]; then
|
588
|
+
set -x
|
589
|
+
fi
|
590
|
+
|
591
|
+
if [ "$arch" == "i686" ]; then
|
592
|
+
arch=i386
|
593
|
+
fi
|
594
|
+
|
595
|
+
if [ $hostarch = "i386" -a $arch = "amd64" ]; then
|
596
|
+
echo "can't create amd64 container on i386"
|
597
|
+
exit 1
|
598
|
+
fi
|
599
|
+
|
600
|
+
type debootstrap
|
601
|
+
if [ $? -ne 0 ]; then
|
602
|
+
echo "'debootstrap' command is missing"
|
603
|
+
exit 1
|
604
|
+
fi
|
605
|
+
|
606
|
+
if [ -z "$path" ]; then
|
607
|
+
echo "'path' parameter is required"
|
608
|
+
exit 1
|
609
|
+
fi
|
610
|
+
|
611
|
+
if [ "$(id -u)" != "0" ]; then
|
612
|
+
echo "This script should be run as 'root'"
|
613
|
+
exit 1
|
614
|
+
fi
|
615
|
+
|
616
|
+
rootfs=$path/rootfs
|
617
|
+
|
618
|
+
install_ubuntu $rootfs $release $flushcache
|
619
|
+
if [ $? -ne 0 ]; then
|
620
|
+
echo "failed to install ubuntu $release"
|
621
|
+
exit 1
|
622
|
+
fi
|
623
|
+
|
624
|
+
configure_ubuntu $rootfs $name $release
|
625
|
+
if [ $? -ne 0 ]; then
|
626
|
+
echo "failed to configure ubuntu $release for a container"
|
627
|
+
exit 1
|
628
|
+
fi
|
629
|
+
|
630
|
+
copy_configuration $path $rootfs $name $arch $release
|
631
|
+
if [ $? -ne 0 ]; then
|
632
|
+
echo "failed write configuration file"
|
633
|
+
exit 1
|
634
|
+
fi
|
635
|
+
|
636
|
+
post_process $rootfs $release $trim_container
|
637
|
+
|
638
|
+
finalize_user
|
639
|
+
|
640
|
+
TEMPLATE
|
641
|
+
end
|
642
|
+
end
|
643
|
+
|