toft 0.0.2 → 0.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,75 @@
1
+ #!/bin/bash
2
+
3
+ if [ $# -eq 0 ]; then
4
+ echo "Usage: `basename $0` <sid|wheeze|squeeze|lenny|lucid|maverick|natty>"
5
+ exit 1
6
+ fi
7
+
8
+ username=`id -nu`
9
+ if [ ! "$username" = "root" ]; then
10
+ echo "This command has to be run as root!"
11
+ exit 1
12
+ fi
13
+
14
+ cache="/var/cache/lxc/ubuntu"
15
+ suite=$1
16
+
17
+ arch=$(arch)
18
+ if [ "$arch" == "x86_64" ]; then
19
+ arch=amd64
20
+ fi
21
+
22
+ if [ "$arch" == "i686" ]; then
23
+ arch=i386
24
+ fi
25
+
26
+ if [ -e "$cache/$suite-$arch.tar.gz" ]; then
27
+ echo "Cache rootfs already exists!"
28
+ exit 0
29
+ fi
30
+
31
+ lucid_packages=dialog,apt,apt-utils,resolvconf,iproute,inetutils-ping,dhcp3-client,ssh,lsb-release,wget,gpgv,gnupg,sudo,ruby,rubygems1.8,ruby-dev,libopenssl-ruby,build-essential,ssl-cert
32
+ natty_packages=dialog,apt,apt-utils,resolvconf,iproute,inetutils-ping,isc-dhcp-client,isc-dhcp-common,ssh,lsb-release,gnupg,netbase,lxcguest,sudo,ruby,rubygems1.8,ruby-dev,libruby,build-essential,wget,ssl-cert
33
+ # check the mini ubuntu was not already downloaded
34
+ rm -rf "$cache/$suite-$arch"
35
+ mkdir -p "$cache/$suite-$arch"
36
+ if [ $? -ne 0 ]; then
37
+ echo "Failed to create '$cache/$suite-$arch' directory"
38
+ exit 1
39
+ fi
40
+
41
+ # download a mini ubuntu into a cache
42
+ echo "Downloading ubuntu minimal ..."
43
+ eval "packages=\$${suite}_packages"
44
+ cmd="debootstrap --verbose --variant=minbase --components=main,universe --arch=$arch --include=$packages $suite $cache/$suite-$arch"
45
+ echo $cmd
46
+ eval $cmd
47
+ if [ $? -ne 0 ]; then
48
+ echo "Failed to download the rootfs, aborting."
49
+ exit 1
50
+ fi
51
+
52
+ echo "Download complete."
53
+
54
+ # install chef
55
+ cat <<EOF > "$cache/$suite-$arch/tmp/install-chef-ubuntu.sh"
56
+ echo "deb http://apt.opscode.com/ $suite-0.10 main" | tee /etc/apt/sources.list.d/opscode.list
57
+
58
+ mkdir -p /etc/apt/trusted.gpg.d
59
+ gpg --keyserver keys.gnupg.net --recv-keys 83EF826A
60
+ gpg --export packages@opscode.com | tee /etc/apt/trusted.gpg.d/opscode-keyring.gpg > /dev/null
61
+ apt-get update
62
+ apt-get install ucf --force-yes -y
63
+ yes | apt-get install opscode-keyring --force-yes -y # permanent upgradeable keyring
64
+
65
+ export DEBIAN_FRONTEND=noninteractive
66
+ apt-get install chef --force-yes -qy
67
+ EOF
68
+ chroot "$cache/$suite-$arch" bash /tmp/install-chef-ubuntu.sh
69
+
70
+ # compress root image
71
+ echo "Packaging rootfs ..."
72
+ (cd $cache/$suite-$arch && tar zcf $suite-$arch.tar.gz .)
73
+ mv $cache/$suite-$arch/$suite-$arch.tar.gz $cache
74
+
75
+
@@ -0,0 +1,24 @@
1
+ #!/bin/bash
2
+
3
+ username=`id -nu`
4
+ if [ ! "$username" = "root" ]; then
5
+ echo "This command has to be run as root!"
6
+ exit 1
7
+ fi
8
+
9
+ apt-get install -y lxc bridge-utils debootstrap
10
+
11
+ if [[ ! `ip link ls dev br0` ]]; then
12
+ brctl addbr br0
13
+ ifconfig br0 192.168.20.1 netmask 255.255.255.0 up
14
+ iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
15
+ sysctl -w net.ipv4.ip_forward=1
16
+ fi
17
+
18
+ if [[ ! -d /cgroup ]]; then
19
+ mkdir -p /cgroup
20
+ fi
21
+
22
+ if [[ ! `mount | grep cgroup` ]]; then
23
+ mount none -t cgroup /cgroup
24
+ fi
@@ -0,0 +1,283 @@
1
+ #!/bin/bash
2
+
3
+ echo "Creating centos-6 node..."
4
+
5
+ configure_centos()
6
+ {
7
+ rootfs=$1
8
+ hostname=$2
9
+
10
+ # disable selinux in centos
11
+ mkdir -p $rootfs/selinux
12
+ echo 0 > $rootfs/selinux/enforce
13
+
14
+ # add host root ssh access
15
+ mkdir $rootfs/root/.ssh
16
+ chmod 0600 $rootfs/root/.ssh
17
+ cat <<-EOF > $rootfs/root/.ssh/authorized_keys
18
+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCguB7XL3ARzLZYLsIMZe4UUO371m+H5C6V8MhtmSlgXtgHDo7eZhNSm5zCeoyGd32OKeLxuxCCEkXfDDF1aa2a6twcASE3pmWNdnBS7auiOH4P7g+eQ4Aw9v7DdESbIVgHF/NDiAEFFdmApYNM3oCX2FhEVNVKxkkIokUr4axYFJzmJ6Xoi5Sd8JtPC85FZVXqDucZDnHQlOcCkbSo0UOmsWQGwtu8eUHoDeUG0dB8ntb9xlBeLctdrAPhuFYCX8IfFkdcakkzv61ETPbKE6g9wdTDC/TEep7/AHGYmarziRnwKiVOL1jnE1coOJLqy8wOC3dKGmRZy9D4sTc+FRV root insecure public key
19
+ EOF
20
+
21
+ # copy host resolve
22
+ cp /etc/resolv.conf $rootfs/etc/resolv.conf
23
+
24
+ # add default route to host
25
+ cat <<EOF > $rootfs/etc/rc.local
26
+ #!/bin/sh -e
27
+ route add default gw 192.168.20.1
28
+ exit 0
29
+ EOF
30
+
31
+ # set the hostname
32
+ cat <<EOF > $rootfs/etc/hostname
33
+ $hostname
34
+ EOF
35
+ # set minimal hosts
36
+ cat <<EOF > $rootfs/etc/hosts
37
+ 127.0.0.1 localhost $hostname
38
+ EOF
39
+
40
+ cat <<EOF > $rootfs/etc/init/console.conf
41
+ # console - mingetty
42
+ #
43
+ # This service maintains a console on tty1 from the point the system is
44
+ # started until it is shut down again.
45
+
46
+ start on stopped rc RUNLEVEL=[2345]
47
+ stop on runlevel [!2345]
48
+
49
+ respawn
50
+ exec /sbin/mingetty console
51
+ EOF
52
+
53
+ cat <<EOF > $rootfs/etc/fstab
54
+ none /dev/pts devpts defaults 0 0
55
+ EOF
56
+
57
+ [ ! -f $rootfs/etc/init/kexec-disable.conf ] || mv $rootfs/etc/init/kexec-disable.conf $rootfs/etc/init/kexec-disable.conf.orig
58
+ sed -i -e 's:/sbin/start_udev:#/sbin/start_udev:' $rootfs/etc/rc.d/rc.sysinit
59
+
60
+ sed -i -e 's:\(Defaults *requiretty\):# \1:' $rootfs/etc/sudoers
61
+
62
+ # create necessary devices
63
+ rm $rootfs/dev/null
64
+ mknod -m 666 $rootfs/dev/null c 1 3
65
+ mknod -m 666 $rootfs/dev/random c 1 8
66
+ mknod -m 666 $rootfs/dev/urandom c 1 9
67
+ mkdir -m 755 $rootfs/dev/pts
68
+ mknod -m 666 $rootfs/dev/tty c 5 0
69
+ mknod -m 666 $rootfs/dev/tty0 c 4 0
70
+ mknod -m 666 $rootfs/dev/tty1 c 4 1
71
+ mknod -m 666 $rootfs/dev/tty2 c 4 2
72
+ mknod -m 666 $rootfs/dev/tty3 c 4 3
73
+ mknod -m 666 $rootfs/dev/tty4 c 4 4
74
+ mknod -m 600 $rootfs/dev/console c 5 1
75
+ mknod -m 666 $rootfs/dev/full c 1 7
76
+ mknod -m 600 $rootfs/dev/initctl p
77
+
78
+ # change root password
79
+ echo "Set root password to 'root'"
80
+ echo "root:root" | chroot $rootfs chpasswd
81
+
82
+ return 0
83
+ }
84
+
85
+ copy_centos()
86
+ {
87
+ cache=$1
88
+ arch=$2
89
+ rootfs=$3
90
+
91
+ # make a local copy of the minicentos
92
+ echo "Extracting rootfs image to $rootfs ..."
93
+ mkdir $rootfs
94
+ tar zxf $cache/centos-6-$arch.tar.gz -C $rootfs || return 1
95
+ return 0
96
+ }
97
+
98
+ install_centos()
99
+ {
100
+ cache="/var/cache/lxc/centos"
101
+ rootfs=$1
102
+ mkdir -p /var/lock/subsys/
103
+ (
104
+ flock -n -x 200
105
+ if [ $? -ne 0 ]; then
106
+ echo "Cache repository is busy."
107
+ return 1
108
+ fi
109
+
110
+ arch=$(arch)
111
+ if [ "$arch" == "i686" ]; then
112
+ arch=i386
113
+ fi
114
+
115
+ echo "Checking image cache in $cache/rootfs-$arch ... "
116
+ if [ ! -e "$cache/rootfs-$arch" ]; then
117
+ if [ $? -ne 0 ]; then
118
+ echo "Failed to download 'centos base'"
119
+ return 1
120
+ fi
121
+ fi
122
+
123
+ copy_centos $cache $arch $rootfs
124
+ if [ $? -ne 0 ]; then
125
+ echo "Failed to copy rootfs"
126
+ return 1
127
+ fi
128
+
129
+ return 0
130
+
131
+ ) 200>/var/lock/subsys/lxc
132
+
133
+ return $?
134
+ }
135
+
136
+ copy_configuration()
137
+ {
138
+ path=$1
139
+ rootfs=$2
140
+ name=$3
141
+
142
+ cat <<EOF >> $path/config
143
+ lxc.utsname = $name
144
+
145
+ lxc.tty = 4
146
+ lxc.pts = 1024
147
+ lxc.rootfs = $rootfs
148
+ lxc.mount = $path/fstab
149
+
150
+ lxc.cgroup.devices.deny = a
151
+
152
+ lxc.cgroup.devices.allow = b 1:0 rwm
153
+ lxc.cgroup.devices.allow = b 1:1 rwm
154
+ lxc.cgroup.devices.allow = c 1:1 rwm
155
+ lxc.cgroup.devices.allow = c 1:2 rwm
156
+ lxc.cgroup.devices.allow = c 1:4 rwm
157
+ lxc.cgroup.devices.allow = c 1:6 rwm
158
+ lxc.cgroup.devices.allow = c 1:7 rwm
159
+ lxc.cgroup.devices.allow = c 1:11 rwm
160
+
161
+ lxc.cgroup.devices.allow = c 2:* rwm
162
+ lxc.cgroup.devices.allow = c 3:* rwm
163
+
164
+ # /dev/null and zero
165
+ lxc.cgroup.devices.allow = c 1:3 rwm
166
+ lxc.cgroup.devices.allow = c 1:5 rwm
167
+ # consoles
168
+ lxc.cgroup.devices.allow = c 5:1 rwm
169
+ lxc.cgroup.devices.allow = c 5:0 rwm
170
+ lxc.cgroup.devices.allow = c 4:0 rwm
171
+ lxc.cgroup.devices.allow = c 4:1 rwm
172
+ # /dev/{,u}random
173
+ lxc.cgroup.devices.allow = c 1:9 rwm
174
+ lxc.cgroup.devices.allow = c 1:8 rwm
175
+ lxc.cgroup.devices.allow = c 136:* rwm
176
+ lxc.cgroup.devices.allow = c 5:2 rwm
177
+ # rtc
178
+ lxc.cgroup.devices.allow = c 254:0 rwm
179
+ EOF
180
+
181
+ cat <<EOF > $path/fstab
182
+ proc $rootfs/proc proc nodev,noexec,nosuid 0 0
183
+ devpts $rootfs/dev/pts devpts defaults 0 0
184
+ sysfs $rootfs/sys sysfs defaults 0 0
185
+ EOF
186
+
187
+ if [ $? -ne 0 ]; then
188
+ echo "Failed to add configuration"
189
+ return 1
190
+ fi
191
+
192
+ return 0
193
+ }
194
+
195
+ clean()
196
+ {
197
+ cache="/var/cache/lxc/centos"
198
+
199
+ if [ ! -e $cache ]; then
200
+ exit 0
201
+ fi
202
+
203
+ # lock, so we won't purge while someone is creating a repository
204
+ (
205
+ flock -n -x 200
206
+ if [ $? != 0 ]; then
207
+ echo "Cache repository is busy."
208
+ exit 1
209
+ fi
210
+
211
+ echo -n "Purging the download cache..."
212
+ rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1
213
+ exit 0
214
+
215
+ ) 200>/var/lock/subsys/lxc
216
+ }
217
+
218
+ usage()
219
+ {
220
+ cat <<EOF
221
+ $1 -h|--help -p|--path=<path> --clean
222
+ EOF
223
+ return 0
224
+ }
225
+
226
+ options=$(getopt -o hp:n:c -l help,path:,name:,clean -- "$@")
227
+ if [ $? -ne 0 ]; then
228
+ usage $(basename $0)
229
+ exit 1
230
+ fi
231
+ eval set -- "$options"
232
+
233
+ while true
234
+ do
235
+ case "$1" in
236
+ -h|--help) usage $0 && exit 0;;
237
+ -p|--path) path=$2; shift 2;;
238
+ -n|--name) name=$2; shift 2;;
239
+ -c|--clean) clean=$2; shift 2;;
240
+ --) shift 1; break ;;
241
+ *) break ;;
242
+ esac
243
+ done
244
+
245
+ if [ ! -z "$clean" -a -z "$path" ]; then
246
+ clean || exit 1
247
+ exit 0
248
+ fi
249
+
250
+ if [ -z "$path" ]; then
251
+ echo "'path' parameter is required"
252
+ exit 1
253
+ fi
254
+
255
+ if [ "$(id -u)" != "0" ]; then
256
+ echo "This script should be run as 'root'"
257
+ exit 1
258
+ fi
259
+
260
+ rootfs=$path/rootfs
261
+
262
+ install_centos $rootfs
263
+ if [ $? -ne 0 ]; then
264
+ echo "failed to install centos"
265
+ exit 1
266
+ fi
267
+
268
+ configure_centos $rootfs $name
269
+ if [ $? -ne 0 ]; then
270
+ echo "failed to configure centos for a container"
271
+ exit 1
272
+ fi
273
+
274
+ copy_configuration $path $rootfs $name
275
+ if [ $? -ne 0 ]; then
276
+ echo "failed write configuration file"
277
+ exit 1
278
+ fi
279
+
280
+ if [ ! -z $clean ]; then
281
+ clean || exit 1
282
+ exit 0
283
+ fi
@@ -0,0 +1,332 @@
1
+ #!/bin/bash
2
+
3
+ echo "Creating lucid node..."
4
+
5
+ configure_ubuntu()
6
+ {
7
+ rootfs=$1
8
+ hostname=$2
9
+
10
+ # disable selinux in ubuntu
11
+ mkdir -p $rootfs/selinux
12
+ echo 0 > $rootfs/selinux/enforce
13
+
14
+ # add host root ssh access
15
+ mkdir $rootfs/root/.ssh
16
+ chmod 0600 $rootfs/root/.ssh
17
+ cat <<-EOF > $rootfs/root/.ssh/authorized_keys
18
+ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCguB7XL3ARzLZYLsIMZe4UUO371m+H5C6V8MhtmSlgXtgHDo7eZhNSm5zCeoyGd32OKeLxuxCCEkXfDDF1aa2a6twcASE3pmWNdnBS7auiOH4P7g+eQ4Aw9v7DdESbIVgHF/NDiAEFFdmApYNM3oCX2FhEVNVKxkkIokUr4axYFJzmJ6Xoi5Sd8JtPC85FZVXqDucZDnHQlOcCkbSo0UOmsWQGwtu8eUHoDeUG0dB8ntb9xlBeLctdrAPhuFYCX8IfFkdcakkzv61ETPbKE6g9wdTDC/TEep7/AHGYmarziRnwKiVOL1jnE1coOJLqy8wOC3dKGmRZy9D4sTc+FRV root insecure public key
19
+ EOF
20
+
21
+ # copy host resolve
22
+ rm $rootfs/etc/resolv.conf
23
+ cp /etc/resolv.conf $rootfs/etc/resolv.conf
24
+
25
+ # add default route to host
26
+ cat <<EOF > $rootfs/etc/rc.local
27
+ #!/bin/sh -e
28
+ route add default gw 192.168.20.1
29
+ exit 0
30
+ EOF
31
+
32
+ # disable selinux in ubuntu
33
+ mkdir -p $rootfs/selinux
34
+ echo 0 > $rootfs/selinux/enforce
35
+
36
+ # set the hostname
37
+ cat <<EOF > $rootfs/etc/hostname
38
+ $hostname
39
+ EOF
40
+ # set minimal hosts
41
+ cat <<EOF > $rootfs/etc/hosts
42
+ 127.0.0.1 localhost $hostname
43
+ EOF
44
+
45
+ # provide the lxc service
46
+ cat <<EOF > $rootfs/etc/init/lxc.conf
47
+ # fake some events needed for correct startup other services
48
+
49
+ description "Container Upstart"
50
+
51
+ start on startup
52
+
53
+ script
54
+ rm -rf /var/run/*.pid
55
+ rm -rf /var/run/network/*
56
+ /sbin/initctl emit stopped JOB=udevtrigger --no-wait
57
+ /sbin/initctl emit started JOB=udev --no-wait
58
+ end script
59
+ EOF
60
+
61
+ # fix buggus runlevel with sshd
62
+ cat <<EOF > $rootfs/etc/init/ssh.conf
63
+ # ssh - OpenBSD Secure Shell server
64
+ #
65
+ # The OpenSSH server provides secure shell access to the system.
66
+
67
+ description "OpenSSH server"
68
+
69
+ start on filesystem
70
+ stop on runlevel [!2345]
71
+
72
+ expect fork
73
+ respawn
74
+ respawn limit 10 5
75
+ umask 022
76
+ # replaces SSHD_OOM_ADJUST in /etc/default/ssh
77
+ oom never
78
+
79
+ pre-start script
80
+ test -x /usr/sbin/sshd || { stop; exit 0; }
81
+ test -e /etc/ssh/sshd_not_to_be_run && { stop; exit 0; }
82
+ test -c /dev/null || { stop; exit 0; }
83
+
84
+ mkdir -p -m0755 /var/run/sshd
85
+ end script
86
+
87
+ # if you used to set SSHD_OPTS in /etc/default/ssh, you can change the
88
+ # 'exec' line here instead
89
+ exec /usr/sbin/sshd
90
+ EOF
91
+
92
+ cat <<EOF > $rootfs/etc/init/console.conf
93
+ # console - getty
94
+ #
95
+ # This service maintains a console on tty1 from the point the system is
96
+ # started until it is shut down again.
97
+
98
+ start on stopped rc RUNLEVEL=[2345]
99
+ stop on runlevel [!2345]
100
+
101
+ respawn
102
+ exec /sbin/getty -8 38400 /dev/console
103
+ EOF
104
+
105
+ cat <<EOF > $rootfs/lib/init/fstab
106
+ # /lib/init/fstab: lxc system fstab
107
+ none /spu spufs gid=spu,optional 0 0
108
+ none /tmp none defaults 0 0
109
+ none /var/lock tmpfs nodev,noexec,nosuid,showthrough 0 0
110
+ none /lib/init/rw tmpfs mode=0755,nosuid,optional 0 0
111
+ EOF
112
+
113
+ # reconfigure some services
114
+ if [ -z "$LANG" ]; then
115
+ chroot $rootfs locale-gen en_US.UTF-8
116
+ chroot $rootfs update-locale LANG=en_US.UTF-8
117
+ else
118
+ chroot $rootfs locale-gen $LANG
119
+ chroot $rootfs update-locale LANG=$LANG
120
+ fi
121
+
122
+ # remove pointless services in a container
123
+ chroot $rootfs /usr/sbin/update-rc.d -f ondemand remove
124
+
125
+ chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls u*.conf); do mv $f $f.orig; done'
126
+ chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls tty[2-9].conf); do mv $f $f.orig; done'
127
+ chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls plymouth*.conf); do mv $f $f.orig; done'
128
+ chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls hwclock*.conf); do mv $f $f.orig; done'
129
+ chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls module*.conf); do mv $f $f.orig; done'
130
+
131
+ echo "Set root password to 'root'"
132
+ echo "root:root" | chroot $rootfs chpasswd
133
+
134
+ return 0
135
+ }
136
+
137
+ copy_ubuntu()
138
+ {
139
+ cache=$1
140
+ arch=$2
141
+ rootfs=$3
142
+
143
+ # make a local copy of the miniubuntu
144
+ echo "Extracting rootfs image to $rootfs ..."
145
+ mkdir $rootfs
146
+ tar zxf $cache/lucid-$arch.tar.gz -C $rootfs || return 1
147
+ return 0
148
+ }
149
+
150
+ install_ubuntu()
151
+ {
152
+ cache="/var/cache/lxc/ubuntu"
153
+ rootfs=$1
154
+ mkdir -p /var/lock/subsys/
155
+ (
156
+ flock -n -x 200
157
+ if [ $? -ne 0 ]; then
158
+ echo "Cache repository is busy."
159
+ return 1
160
+ fi
161
+
162
+ arch=$(arch)
163
+ if [ "$arch" == "x86_64" ]; then
164
+ arch=amd64
165
+ fi
166
+
167
+ if [ "$arch" == "i686" ]; then
168
+ arch=i386
169
+ fi
170
+
171
+ echo "Checking image cache in $cache/rootfs-$arch ... "
172
+ if [ ! -e "$cache/rootfs-$arch" ]; then
173
+ if [ $? -ne 0 ]; then
174
+ echo "Failed to download 'ubuntu base'"
175
+ return 1
176
+ fi
177
+ fi
178
+
179
+ copy_ubuntu $cache $arch $rootfs
180
+ if [ $? -ne 0 ]; then
181
+ echo "Failed to copy rootfs"
182
+ return 1
183
+ fi
184
+
185
+ return 0
186
+
187
+ ) 200>/var/lock/subsys/lxc
188
+
189
+ return $?
190
+ }
191
+
192
+ copy_configuration()
193
+ {
194
+ path=$1
195
+ rootfs=$2
196
+ name=$3
197
+
198
+ cat <<EOF >> $path/config
199
+ lxc.utsname = $name
200
+
201
+ lxc.tty = 4
202
+ lxc.pts = 1024
203
+ lxc.rootfs = $rootfs
204
+ lxc.mount = $path/fstab
205
+
206
+ lxc.cgroup.devices.deny = a
207
+ # /dev/null and zero
208
+ lxc.cgroup.devices.allow = c 1:3 rwm
209
+ lxc.cgroup.devices.allow = c 1:5 rwm
210
+ # consoles
211
+ lxc.cgroup.devices.allow = c 5:1 rwm
212
+ lxc.cgroup.devices.allow = c 5:0 rwm
213
+ lxc.cgroup.devices.allow = c 4:0 rwm
214
+ lxc.cgroup.devices.allow = c 4:1 rwm
215
+ # /dev/{,u}random
216
+ lxc.cgroup.devices.allow = c 1:9 rwm
217
+ lxc.cgroup.devices.allow = c 1:8 rwm
218
+ lxc.cgroup.devices.allow = c 136:* rwm
219
+ lxc.cgroup.devices.allow = c 5:2 rwm
220
+ # rtc
221
+ lxc.cgroup.devices.allow = c 254:0 rwm
222
+ EOF
223
+
224
+ cat <<EOF > $path/fstab
225
+ proc $rootfs/proc proc nodev,noexec,nosuid 0 0
226
+ devpts $rootfs/dev/pts devpts defaults 0 0
227
+ sysfs $rootfs/sys sysfs defaults 0 0
228
+ EOF
229
+
230
+ if [ $? -ne 0 ]; then
231
+ echo "Failed to add configuration"
232
+ return 1
233
+ fi
234
+
235
+ return 0
236
+ }
237
+
238
+ clean()
239
+ {
240
+ cache="/var/cache/lxc/ubuntu"
241
+
242
+ if [ ! -e $cache ]; then
243
+ exit 0
244
+ fi
245
+
246
+ # lock, so we won't purge while someone is creating a repository
247
+ (
248
+ flock -n -x 200
249
+ if [ $? != 0 ]; then
250
+ echo "Cache repository is busy."
251
+ exit 1
252
+ fi
253
+
254
+ echo -n "Purging the download cache..."
255
+ rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1
256
+ exit 0
257
+
258
+ ) 200>/var/lock/subsys/lxc
259
+ }
260
+
261
+ usage()
262
+ {
263
+ cat <<EOF
264
+ $1 -h|--help -p|--path=<path> --clean
265
+ EOF
266
+ return 0
267
+ }
268
+
269
+ options=$(getopt -o hp:n:c -l help,path:,name:,clean -- "$@")
270
+ if [ $? -ne 0 ]; then
271
+ usage $(basename $0)
272
+ exit 1
273
+ fi
274
+ eval set -- "$options"
275
+
276
+ while true
277
+ do
278
+ case "$1" in
279
+ -h|--help) usage $0 && exit 0;;
280
+ -p|--path) path=$2; shift 2;;
281
+ -n|--name) name=$2; shift 2;;
282
+ -c|--clean) clean=$2; shift 2;;
283
+ --) shift 1; break ;;
284
+ *) break ;;
285
+ esac
286
+ done
287
+
288
+ if [ ! -z "$clean" -a -z "$path" ]; then
289
+ clean || exit 1
290
+ exit 0
291
+ fi
292
+
293
+ type debootstrap
294
+ if [ $? -ne 0 ]; then
295
+ echo "'debootstrap' command is missing"
296
+ exit 1
297
+ fi
298
+
299
+ if [ -z "$path" ]; then
300
+ echo "'path' parameter is required"
301
+ exit 1
302
+ fi
303
+
304
+ if [ "$(id -u)" != "0" ]; then
305
+ echo "This script should be run as 'root'"
306
+ exit 1
307
+ fi
308
+
309
+ rootfs=$path/rootfs
310
+
311
+ install_ubuntu $rootfs
312
+ if [ $? -ne 0 ]; then
313
+ echo "failed to install ubuntu"
314
+ exit 1
315
+ fi
316
+
317
+ configure_ubuntu $rootfs $name
318
+ if [ $? -ne 0 ]; then
319
+ echo "failed to configure ubuntu for a container"
320
+ exit 1
321
+ fi
322
+
323
+ copy_configuration $path $rootfs $name
324
+ if [ $? -ne 0 ]; then
325
+ echo "failed write configuration file"
326
+ exit 1
327
+ fi
328
+
329
+ if [ ! -z $clean ]; then
330
+ clean || exit 1
331
+ exit 0
332
+ fi