toft 0.0.2 → 0.0.3

data/scripts/ubuntu/bin/lxc-create-ubuntu-image

@@ -0,0 +1,75 @@
+#!/bin/bash
+
+if [ $# -eq 0 ]; then
+	echo "Usage: `basename $0` <sid|wheeze|squeeze|lenny|lucid|maverick|natty>"
+	exit 1
+fi
+
+username=`id -nu`	
+if [ ! "$username" = "root" ]; then
+	echo "This command has to be run as root!"
+	exit 1
+fi
+
+cache="/var/cache/lxc/ubuntu"
+suite=$1
+
+arch=$(arch)
+if [ "$arch" == "x86_64" ]; then
+    arch=amd64
+fi
+
+if [ "$arch" == "i686" ]; then
+    arch=i386
+fi
+
+if [ -e "$cache/$suite-$arch.tar.gz" ]; then
+	echo "Cache rootfs already exists!"
+	exit 0
+fi
+
+lucid_packages=dialog,apt,apt-utils,resolvconf,iproute,inetutils-ping,dhcp3-client,ssh,lsb-release,wget,gpgv,gnupg,sudo,ruby,rubygems1.8,ruby-dev,libopenssl-ruby,build-essential,ssl-cert
+natty_packages=dialog,apt,apt-utils,resolvconf,iproute,inetutils-ping,isc-dhcp-client,isc-dhcp-common,ssh,lsb-release,gnupg,netbase,lxcguest,sudo,ruby,rubygems1.8,ruby-dev,libruby,build-essential,wget,ssl-cert
+# check the mini ubuntu was not already downloaded
+rm -rf "$cache/$suite-$arch"
+mkdir -p "$cache/$suite-$arch"
+if [ $? -ne 0 ]; then
+	echo "Failed to create '$cache/$suite-$arch' directory"
+	exit 1
+fi
+
+# download a mini ubuntu into a cache
+echo "Downloading ubuntu minimal ..."
+eval "packages=\$${suite}_packages"
+cmd="debootstrap --verbose --variant=minbase --components=main,universe --arch=$arch --include=$packages $suite $cache/$suite-$arch"
+echo $cmd
+eval $cmd
+if [ $? -ne 0 ]; then
+	echo "Failed to download the rootfs, aborting."
+	exit 1
+fi
+
+echo "Download complete."
+
+# install chef
+cat <<EOF > "$cache/$suite-$arch/tmp/install-chef-ubuntu.sh"
+echo "deb http://apt.opscode.com/ $suite-0.10 main" | tee /etc/apt/sources.list.d/opscode.list
+
+mkdir -p /etc/apt/trusted.gpg.d
+gpg --keyserver keys.gnupg.net --recv-keys 83EF826A
+gpg --export packages@opscode.com | tee /etc/apt/trusted.gpg.d/opscode-keyring.gpg > /dev/null
+apt-get update
+apt-get install ucf --force-yes -y
+yes | apt-get install opscode-keyring --force-yes -y # permanent upgradeable keyring
+
+export DEBIAN_FRONTEND=noninteractive
+apt-get install chef --force-yes -qy
+EOF
+chroot "$cache/$suite-$arch" bash /tmp/install-chef-ubuntu.sh
+
+# compress root image
+echo "Packaging rootfs ..."
+(cd $cache/$suite-$arch && tar zcf $suite-$arch.tar.gz .)
+mv $cache/$suite-$arch/$suite-$arch.tar.gz $cache
+
+

data/scripts/ubuntu/bin/lxc-prepare-host

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+username=`id -nu`	
+if [ ! "$username" = "root" ]; then
+	echo "This command has to be run as root!"
+	exit 1
+fi
+
+apt-get install -y lxc bridge-utils debootstrap
+
+if [[ ! `ip link ls dev br0` ]]; then
+	brctl addbr br0
+	ifconfig br0 192.168.20.1 netmask 255.255.255.0 up
+	iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+	sysctl -w net.ipv4.ip_forward=1
+fi
+
+if [[ ! -d /cgroup ]]; then
+	mkdir -p /cgroup
+fi
+
+if [[ ! `mount | grep cgroup` ]]; then
+	mount none -t cgroup /cgroup
+fi

data/scripts/ubuntu/lxc-templates/lxc-centos-6

@@ -0,0 +1,283 @@
+#!/bin/bash
+
+echo "Creating centos-6 node..."
+
+configure_centos()
+{
+    rootfs=$1
+    hostname=$2
+
+	# disable selinux in centos
+    mkdir -p $rootfs/selinux
+    echo 0 > $rootfs/selinux/enforce
+
+	# add host root ssh access
+    mkdir $rootfs/root/.ssh
+    chmod 0600 $rootfs/root/.ssh
+	cat <<-EOF > $rootfs/root/.ssh/authorized_keys
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCguB7XL3ARzLZYLsIMZe4UUO371m+H5C6V8MhtmSlgXtgHDo7eZhNSm5zCeoyGd32OKeLxuxCCEkXfDDF1aa2a6twcASE3pmWNdnBS7auiOH4P7g+eQ4Aw9v7DdESbIVgHF/NDiAEFFdmApYNM3oCX2FhEVNVKxkkIokUr4axYFJzmJ6Xoi5Sd8JtPC85FZVXqDucZDnHQlOcCkbSo0UOmsWQGwtu8eUHoDeUG0dB8ntb9xlBeLctdrAPhuFYCX8IfFkdcakkzv61ETPbKE6g9wdTDC/TEep7/AHGYmarziRnwKiVOL1jnE1coOJLqy8wOC3dKGmRZy9D4sTc+FRV root insecure public key
+	EOF
+
+	# copy host resolve 
+    cp /etc/resolv.conf $rootfs/etc/resolv.conf
+
+	# add default route to host
+	cat <<EOF > $rootfs/etc/rc.local
+#!/bin/sh -e
+route add default gw 192.168.20.1
+exit 0
+EOF
+
+    # set the hostname
+    cat <<EOF > $rootfs/etc/hostname
+$hostname
+EOF
+    # set minimal hosts
+    cat <<EOF > $rootfs/etc/hosts
+127.0.0.1 localhost $hostname
+EOF
+
+    cat <<EOF > $rootfs/etc/init/console.conf
+# console - mingetty
+#
+# This service maintains a console on tty1 from the point the system is
+# started until it is shut down again.
+
+start on stopped rc RUNLEVEL=[2345]
+stop on runlevel [!2345]
+
+respawn
+exec /sbin/mingetty console
+EOF
+
+	cat <<EOF > $rootfs/etc/fstab
+none /dev/pts devpts defaults 0 0
+EOF
+
+	[ ! -f $rootfs/etc/init/kexec-disable.conf ] || mv $rootfs/etc/init/kexec-disable.conf $rootfs/etc/init/kexec-disable.conf.orig
+	sed -i -e 's:/sbin/start_udev:#/sbin/start_udev:' $rootfs/etc/rc.d/rc.sysinit
+	
+	sed -i -e 's:\(Defaults *requiretty\):# \1:' $rootfs/etc/sudoers
+		
+	# create necessary devices
+	rm $rootfs/dev/null
+	mknod -m 666 $rootfs/dev/null c 1 3
+	mknod -m 666 $rootfs/dev/random c 1 8
+	mknod -m 666 $rootfs/dev/urandom c 1 9
+	mkdir -m 755 $rootfs/dev/pts
+	mknod -m 666 $rootfs/dev/tty c 5 0
+	mknod -m 666 $rootfs/dev/tty0 c 4 0
+	mknod -m 666 $rootfs/dev/tty1 c 4 1
+	mknod -m 666 $rootfs/dev/tty2 c 4 2
+	mknod -m 666 $rootfs/dev/tty3 c 4 3
+	mknod -m 666 $rootfs/dev/tty4 c 4 4
+	mknod -m 600 $rootfs/dev/console c 5 1
+	mknod -m 666 $rootfs/dev/full c 1 7
+	mknod -m 600 $rootfs/dev/initctl p
+
+	# change root password
+    echo "Set root password to 'root'"
+    echo "root:root" | chroot $rootfs chpasswd
+
+    return 0
+}
+
+copy_centos()
+{
+    cache=$1
+    arch=$2
+    rootfs=$3
+
+    # make a local copy of the minicentos
+    echo "Extracting rootfs image to $rootfs ..."
+    mkdir $rootfs
+    tar zxf $cache/centos-6-$arch.tar.gz -C $rootfs || return 1
+    return 0
+}
+
+install_centos()
+{
+    cache="/var/cache/lxc/centos"
+    rootfs=$1
+    mkdir -p /var/lock/subsys/
+    (
+	flock -n -x 200
+	if [ $? -ne 0 ]; then
+	    echo "Cache repository is busy."
+	    return 1
+	fi
+
+	arch=$(arch)
+	if [ "$arch" == "i686" ]; then
+	    arch=i386
+	fi
+
+	echo "Checking image cache in $cache/rootfs-$arch ... "
+	if [ ! -e "$cache/rootfs-$arch" ]; then
+	    if [ $? -ne 0 ]; then
+		echo "Failed to download 'centos base'"
+		return 1
+	    fi
+	fi
+
+	copy_centos $cache $arch $rootfs
+	if [ $? -ne 0 ]; then
+	    echo "Failed to copy rootfs"
+	    return 1
+	fi
+
+	return 0
+
+	) 200>/var/lock/subsys/lxc
+
+    return $?
+}
+
+copy_configuration()
+{
+    path=$1
+    rootfs=$2
+    name=$3
+
+    cat <<EOF >> $path/config
+lxc.utsname = $name
+
+lxc.tty = 4
+lxc.pts = 1024
+lxc.rootfs = $rootfs
+lxc.mount  = $path/fstab
+
+lxc.cgroup.devices.deny = a
+
+lxc.cgroup.devices.allow = b 1:0 rwm
+lxc.cgroup.devices.allow = b 1:1 rwm
+lxc.cgroup.devices.allow = c 1:1 rwm
+lxc.cgroup.devices.allow = c 1:2 rwm
+lxc.cgroup.devices.allow = c 1:4 rwm
+lxc.cgroup.devices.allow = c 1:6 rwm
+lxc.cgroup.devices.allow = c 1:7 rwm
+lxc.cgroup.devices.allow = c 1:11 rwm
+
+lxc.cgroup.devices.allow = c 2:* rwm
+lxc.cgroup.devices.allow = c 3:* rwm
+
+# /dev/null and zero
+lxc.cgroup.devices.allow = c 1:3 rwm
+lxc.cgroup.devices.allow = c 1:5 rwm
+# consoles
+lxc.cgroup.devices.allow = c 5:1 rwm
+lxc.cgroup.devices.allow = c 5:0 rwm
+lxc.cgroup.devices.allow = c 4:0 rwm
+lxc.cgroup.devices.allow = c 4:1 rwm
+# /dev/{,u}random
+lxc.cgroup.devices.allow = c 1:9 rwm
+lxc.cgroup.devices.allow = c 1:8 rwm
+lxc.cgroup.devices.allow = c 136:* rwm
+lxc.cgroup.devices.allow = c 5:2 rwm
+# rtc
+lxc.cgroup.devices.allow = c 254:0 rwm
+EOF
+
+    cat <<EOF > $path/fstab
+proc            $rootfs/proc         proc    nodev,noexec,nosuid 0 0
+devpts          $rootfs/dev/pts      devpts defaults 0 0
+sysfs           $rootfs/sys          sysfs defaults  0 0
+EOF
+
+    if [ $? -ne 0 ]; then
+		echo "Failed to add configuration"
+		return 1
+    fi
+
+    return 0
+}
+
+clean()
+{
+    cache="/var/cache/lxc/centos"
+
+    if [ ! -e $cache ]; then
+	exit 0
+    fi
+
+    # lock, so we won't purge while someone is creating a repository
+    (
+	flock -n -x 200
+	if [ $? != 0 ]; then
+	    echo "Cache repository is busy."
+	    exit 1
+	fi
+
+	echo -n "Purging the download cache..."
+	rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1
+	exit 0
+
+    ) 200>/var/lock/subsys/lxc
+}
+
+usage()
+{
+    cat <<EOF
+$1 -h|--help -p|--path=<path> --clean
+EOF
+    return 0
+}
+
+options=$(getopt -o hp:n:c -l help,path:,name:,clean -- "$@")
+if [ $? -ne 0 ]; then
+    usage $(basename $0)
+    exit 1
+fi
+eval set -- "$options"
+
+while true
+do
+    case "$1" in
+	-h|--help)      usage $0 && exit 0;;
+	-p|--path)      path=$2; shift 2;;
+	-n|--name)      name=$2; shift 2;;
+	-c|--clean)     clean=$2; shift 2;;
+	--)             shift 1; break ;;
+        *)              break ;;
+    esac
+done
+
+if [ ! -z "$clean" -a -z "$path" ]; then
+    clean || exit 1
+    exit 0
+fi
+
+if [ -z "$path" ]; then
+    echo "'path' parameter is required"
+    exit 1
+fi
+
+if [ "$(id -u)" != "0" ]; then
+    echo "This script should be run as 'root'"
+    exit 1
+fi
+
+rootfs=$path/rootfs
+
+install_centos $rootfs
+if [ $? -ne 0 ]; then
+    echo "failed to install centos"
+    exit 1
+fi
+
+configure_centos $rootfs $name
+if [ $? -ne 0 ]; then
+    echo "failed to configure centos for a container"
+    exit 1
+fi
+
+copy_configuration $path $rootfs $name
+if [ $? -ne 0 ]; then
+    echo "failed write configuration file"
+    exit 1
+fi
+
+if [ ! -z $clean ]; then
+    clean || exit 1
+    exit 0
+fi

data/scripts/ubuntu/lxc-templates/lxc-lucid

@@ -0,0 +1,332 @@
+#!/bin/bash
+
+echo "Creating lucid node..."
+
+configure_ubuntu()
+{
+    rootfs=$1
+    hostname=$2
+
+	# disable selinux in ubuntu
+    mkdir -p $rootfs/selinux
+    echo 0 > $rootfs/selinux/enforce
+
+	# add host root ssh access
+    mkdir $rootfs/root/.ssh
+    chmod 0600 $rootfs/root/.ssh
+	cat <<-EOF > $rootfs/root/.ssh/authorized_keys
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCguB7XL3ARzLZYLsIMZe4UUO371m+H5C6V8MhtmSlgXtgHDo7eZhNSm5zCeoyGd32OKeLxuxCCEkXfDDF1aa2a6twcASE3pmWNdnBS7auiOH4P7g+eQ4Aw9v7DdESbIVgHF/NDiAEFFdmApYNM3oCX2FhEVNVKxkkIokUr4axYFJzmJ6Xoi5Sd8JtPC85FZVXqDucZDnHQlOcCkbSo0UOmsWQGwtu8eUHoDeUG0dB8ntb9xlBeLctdrAPhuFYCX8IfFkdcakkzv61ETPbKE6g9wdTDC/TEep7/AHGYmarziRnwKiVOL1jnE1coOJLqy8wOC3dKGmRZy9D4sTc+FRV root insecure public key
+	EOF
+
+	# copy host resolve 
+    rm $rootfs/etc/resolv.conf
+    cp /etc/resolv.conf $rootfs/etc/resolv.conf
+
+	# add default route to host
+	cat <<EOF > $rootfs/etc/rc.local
+#!/bin/sh -e
+route add default gw 192.168.20.1
+exit 0
+EOF
+
+    # disable selinux in ubuntu
+    mkdir -p $rootfs/selinux
+    echo 0 > $rootfs/selinux/enforce
+
+    # set the hostname
+    cat <<EOF > $rootfs/etc/hostname
+$hostname
+EOF
+    # set minimal hosts
+    cat <<EOF > $rootfs/etc/hosts
+127.0.0.1 localhost $hostname
+EOF
+
+    # provide the lxc service
+    cat <<EOF > $rootfs/etc/init/lxc.conf
+# fake some events needed for correct startup other services
+
+description     "Container Upstart"
+
+start on startup
+
+script
+        rm -rf /var/run/*.pid
+        rm -rf /var/run/network/*
+        /sbin/initctl emit stopped JOB=udevtrigger --no-wait
+        /sbin/initctl emit started JOB=udev --no-wait
+end script
+EOF
+
+    # fix buggus runlevel with sshd
+    cat <<EOF > $rootfs/etc/init/ssh.conf
+# ssh - OpenBSD Secure Shell server
+#
+# The OpenSSH server provides secure shell access to the system.
+
+description	"OpenSSH server"
+
+start on filesystem
+stop on runlevel [!2345]
+
+expect fork
+respawn
+respawn limit 10 5
+umask 022
+# replaces SSHD_OOM_ADJUST in /etc/default/ssh
+oom never
+
+pre-start script
+    test -x /usr/sbin/sshd || { stop; exit 0; }
+    test -e /etc/ssh/sshd_not_to_be_run && { stop; exit 0; }
+    test -c /dev/null || { stop; exit 0; }
+
+    mkdir -p -m0755 /var/run/sshd
+end script
+
+# if you used to set SSHD_OPTS in /etc/default/ssh, you can change the
+# 'exec' line here instead
+exec /usr/sbin/sshd
+EOF
+
+    cat <<EOF > $rootfs/etc/init/console.conf
+# console - getty
+#
+# This service maintains a console on tty1 from the point the system is
+# started until it is shut down again.
+
+start on stopped rc RUNLEVEL=[2345]
+stop on runlevel [!2345]
+
+respawn
+exec /sbin/getty -8 38400 /dev/console
+EOF
+
+    cat <<EOF > $rootfs/lib/init/fstab
+# /lib/init/fstab: lxc system fstab
+none            /spu                      spufs           gid=spu,optional                  0 0
+none            /tmp                      none            defaults                          0 0
+none            /var/lock                 tmpfs           nodev,noexec,nosuid,showthrough   0 0
+none            /lib/init/rw              tmpfs           mode=0755,nosuid,optional         0 0
+EOF
+
+    # reconfigure some services
+    if [ -z "$LANG" ]; then
+		chroot $rootfs locale-gen en_US.UTF-8
+		chroot $rootfs update-locale LANG=en_US.UTF-8
+    else
+		chroot $rootfs locale-gen $LANG
+		chroot $rootfs update-locale LANG=$LANG
+    fi
+
+    # remove pointless services in a container
+    chroot $rootfs /usr/sbin/update-rc.d -f ondemand remove
+
+    chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls u*.conf); do mv $f $f.orig; done'
+    chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls tty[2-9].conf); do mv $f $f.orig; done'
+    chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls plymouth*.conf); do mv $f $f.orig; done'
+    chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls hwclock*.conf); do mv $f $f.orig; done'
+    chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls module*.conf); do mv $f $f.orig; done'
+
+    echo "Set root password to 'root'"
+    echo "root:root" | chroot $rootfs chpasswd
+
+    return 0
+}
+
+copy_ubuntu()
+{
+    cache=$1
+    arch=$2
+    rootfs=$3
+
+    # make a local copy of the miniubuntu
+    echo "Extracting rootfs image to $rootfs ..."
+    mkdir $rootfs
+    tar zxf $cache/lucid-$arch.tar.gz -C $rootfs || return 1
+    return 0
+}
+
+install_ubuntu()
+{
+    cache="/var/cache/lxc/ubuntu"
+    rootfs=$1
+    mkdir -p /var/lock/subsys/
+    (
+	flock -n -x 200
+	if [ $? -ne 0 ]; then
+	    echo "Cache repository is busy."
+	    return 1
+	fi
+
+	arch=$(arch)
+	if [ "$arch" == "x86_64" ]; then
+	    arch=amd64
+	fi
+
+	if [ "$arch" == "i686" ]; then
+	    arch=i386
+	fi
+
+	echo "Checking image cache in $cache/rootfs-$arch ... "
+	if [ ! -e "$cache/rootfs-$arch" ]; then
+	    if [ $? -ne 0 ]; then
+		echo "Failed to download 'ubuntu base'"
+		return 1
+	    fi
+	fi
+
+	copy_ubuntu $cache $arch $rootfs
+	if [ $? -ne 0 ]; then
+	    echo "Failed to copy rootfs"
+	    return 1
+	fi
+
+	return 0
+
+	) 200>/var/lock/subsys/lxc
+
+    return $?
+}
+
+copy_configuration()
+{
+    path=$1
+    rootfs=$2
+    name=$3
+
+    cat <<EOF >> $path/config
+lxc.utsname = $name
+
+lxc.tty = 4
+lxc.pts = 1024
+lxc.rootfs = $rootfs
+lxc.mount  = $path/fstab
+
+lxc.cgroup.devices.deny = a
+# /dev/null and zero
+lxc.cgroup.devices.allow = c 1:3 rwm
+lxc.cgroup.devices.allow = c 1:5 rwm
+# consoles
+lxc.cgroup.devices.allow = c 5:1 rwm
+lxc.cgroup.devices.allow = c 5:0 rwm
+lxc.cgroup.devices.allow = c 4:0 rwm
+lxc.cgroup.devices.allow = c 4:1 rwm
+# /dev/{,u}random
+lxc.cgroup.devices.allow = c 1:9 rwm
+lxc.cgroup.devices.allow = c 1:8 rwm
+lxc.cgroup.devices.allow = c 136:* rwm
+lxc.cgroup.devices.allow = c 5:2 rwm
+# rtc
+lxc.cgroup.devices.allow = c 254:0 rwm
+EOF
+
+    cat <<EOF > $path/fstab
+proc            $rootfs/proc         proc    nodev,noexec,nosuid 0 0
+devpts          $rootfs/dev/pts      devpts defaults 0 0
+sysfs           $rootfs/sys          sysfs defaults  0 0
+EOF
+
+    if [ $? -ne 0 ]; then
+	echo "Failed to add configuration"
+	return 1
+    fi
+
+    return 0
+}
+
+clean()
+{
+    cache="/var/cache/lxc/ubuntu"
+
+    if [ ! -e $cache ]; then
+	exit 0
+    fi
+
+    # lock, so we won't purge while someone is creating a repository
+    (
+	flock -n -x 200
+	if [ $? != 0 ]; then
+	    echo "Cache repository is busy."
+	    exit 1
+	fi
+
+	echo -n "Purging the download cache..."
+	rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1
+	exit 0
+
+    ) 200>/var/lock/subsys/lxc
+}
+
+usage()
+{
+    cat <<EOF
+$1 -h|--help -p|--path=<path> --clean
+EOF
+    return 0
+}
+
+options=$(getopt -o hp:n:c -l help,path:,name:,clean -- "$@")
+if [ $? -ne 0 ]; then
+    usage $(basename $0)
+    exit 1
+fi
+eval set -- "$options"
+
+while true
+do
+    case "$1" in
+	-h|--help)      usage $0 && exit 0;;
+	-p|--path)      path=$2; shift 2;;
+	-n|--name)      name=$2; shift 2;;
+	-c|--clean)     clean=$2; shift 2;;
+	--)             shift 1; break ;;
+        *)              break ;;
+    esac
+done
+
+if [ ! -z "$clean" -a -z "$path" ]; then
+    clean || exit 1
+    exit 0
+fi
+
+type debootstrap
+if [ $? -ne 0 ]; then
+    echo "'debootstrap' command is missing"
+    exit 1
+fi
+
+if [ -z "$path" ]; then
+    echo "'path' parameter is required"
+    exit 1
+fi
+
+if [ "$(id -u)" != "0" ]; then
+    echo "This script should be run as 'root'"
+    exit 1
+fi
+
+rootfs=$path/rootfs
+
+install_ubuntu $rootfs
+if [ $? -ne 0 ]; then
+    echo "failed to install ubuntu"
+    exit 1
+fi
+
+configure_ubuntu $rootfs $name
+if [ $? -ne 0 ]; then
+    echo "failed to configure ubuntu for a container"
+    exit 1
+fi
+
+copy_configuration $path $rootfs $name
+if [ $? -ne 0 ]; then
+    echo "failed write configuration file"
+    exit 1
+fi
+
+if [ ! -z $clean ]; then
+    clean || exit 1
+    exit 0
+fi