toft 0.0.3 → 0.0.4

data/scripts/bin/centos/lxc-prepare-host

@@ -0,0 +1,175 @@
+#!/bin/bash
+
+username=`id -nu`	
+if [ ! "$username" = "root" ]; then
+	echo "This command has to be run as root!"
+	exit 1
+fi
+
+gateway_ip="192.168.20.1"
+subnet="192.168.20.0"
+netmask="255.255.255.0"
+range="192.168.20.2 192.168.20.254"
+domain=foo
+
+
+# intsall lxc
+if [[ ! -f /usr/bin/lxc-ls ]]; then
+	(cd /tmp && \
+	wget http://lxc.sourceforge.net/download/lxc/lxc-0.7.4.tar.gz && \
+	tar zxf lxc-0.7.4.tar.gz && \
+	cd lxc-0.7.4 && \
+	./configure --prefix=/usr && \
+	make && \
+	make install)
+fi
+
+# setup bridge interface
+if [[ ! `ip link ls dev br0` ]]; then
+	brctl addbr br0
+	ifconfig br0 $gateway_ip netmask $netmask up
+	sysctl -w net.ipv4.ip_forward=1
+fi
+
+cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-br0
+DEVICE=br0
+ONBOOT=yes
+BOOTPROTO=static
+DELAY=0
+TYPE=Bridge
+IPADDR=$gateway_ip
+NETWORK=$subnet
+NETMASK=$netmask
+GATEWAY=$gateway_ip
+MTU=1500
+IPV6INIT=no
+USERCTL=no
+EOF
+
+# reset iptables
+cat <<EOF > /etc/sysconfig/iptables
+*nat
+:PREROUTING ACCEPT [0:0]
+:POSTROUTING ACCEPT [28:2070]
+:OUTPUT ACCEPT [106:10068]
+-A POSTROUTING -o eth0 -j MASQUERADE 
+COMMIT
+EOF
+
+service iptables restart
+
+# mount cgroup
+if [[ ! -d /cgroup ]]; then
+	mkdir -p /cgroup
+fi
+
+if [[ ! `mount | grep cgroup` ]]; then
+	mount none -t cgroup /cgroup
+fi
+
+if [[ ! `grep "/cgroup" /etc/fstab` ]]; then
+	cat <<EOF >> /etc/fstab
+none /cgroup cgroup defaults 0 0
+EOF
+fi
+
+# setup nameserver
+cat <<EOF > /var/named/named.foo
+\$ORIGIN $domain.
+\$TTL 7200	; 2 hours
+@				IN SOA	ns1.$domain. hostmaster.$domain. (
+				3641625943 ; serial
+				36000      ; refresh (10 hours)
+				900        ; retry (15 minutes)
+				36000      ; expire (10 hours)
+				7200       ; minimum (2 hours)
+				)
+			NS	ns1.$domain.
+ns1		A	$gateway_ip
+EOF
+
+## set bind to forward original nameservers
+original_nameservers=`grep nameserver /etc/resolv.conf | cut -d " " -f2 | sed s/$gateway_ip//`
+bind_forward_options=''
+if [[ -n `echo $original_nameservers | tr -d ' \n\t\r'` ]]; then
+	bind_forward_options="forwarders {
+		`echo $original_nameservers | xargs -n 1 | awk '{ print $1";" }'`	
+	};
+	forward first;"
+fi
+
+mv /etc/named.conf /etc/named.conf.old
+cat <<EOF > /etc/named.conf
+options {
+        directory       "/var/named";
+        dump-file       "/var/named/data/cache_dump.db";
+        statistics-file "/var/named/data/named_stats.txt";
+        memstatistics-file "/var/named/data/named_mem_stats.txt";
+		$bind_forward_options
+};
+
+logging {
+        channel default_debug {
+                file "data/named.run";
+                severity dynamic;
+        };
+};
+
+zone "." IN {
+        type hint;
+        file "named.ca";
+};
+
+include "/etc/named.rfc1912.zones";
+
+zone "$domain" in {
+        type master;
+        file "named.foo";
+        allow-update {any;};
+};
+EOF
+
+# disable selinux to make it happy for bind to creating jnl file
+echo 0 >/selinux/enforce
+
+# fix the dir owner to grant bind to generate jnl 
+chown named:named /var/named
+
+service named restart
+
+# add our nameserver into /etc/resolv.conf
+if [[ ! `grep "nameserver $gateway_ip" /etc/resolv.conf` ]]; then
+	cp /etc/resolv.conf /etc/resolv.conf.old
+	cat <<EOF > /etc/resolv.conf
+nameserver $gateway_ip
+`cat /etc/resolv.conf`
+EOF
+fi
+
+# setup dhcp3 server
+cat <<EOF > /etc/dhcp/dhcpd.conf
+ddns-updates on;
+ddns-update-style interim;
+
+ddns-domainname "$domain.";
+option domain-name "$domain.";
+option domain-name-servers $gateway_ip;
+
+option ntp-servers $gateway_ip;
+default-lease-time 600;
+max-lease-time 7200;
+
+authoritative;
+log-facility local7;
+
+zone $domain. {
+   primary localhost;
+}
+
+subnet $subnet netmask $netmask {
+   range $range;
+   option routers $gateway_ip;
+}
+EOF
+service dhcpd restart
+

data/scripts/{ubuntu/bin → bin/share}/lxc-create-centos-image

@@ -11,10 +11,14 @@ if [ ! "$username" = "root" ]; then
 	exit 1
 fi
 
-cache="/var/cache/lxc/centos"
+cache="/var/cache/lxc"
 suite=$1
 
 arch=$(arch)
+if [ "$arch" == "x86_64" ]; then
+    arch=amd64
+fi
+
 if [ "$arch" == "i686" ]; then
     arch=i386
 fi
@@ -34,13 +38,10 @@ if [[ ! `type rinse` ]]; then
 	make install)
 fi
 
-# install rpm
-apt-get install -y rpm
-
 # create centos image using rinse
 cat <<EOF > /tmp/after_post_install
 chroot $cache/$suite-$arch rpm -Uvh http://rbel.co/rbel6
-chroot $cache/$suite-$arch yum -y install man sudo openssh-server openssh-clients rubygem-chef
+chroot $cache/$suite-$arch yum -y install tar man sudo bind-utils openssh-server openssh-clients rubygem-chef
 EOF
 chmod +x /tmp/after_post_install
 

data/scripts/{ubuntu/bin → bin/ubuntu}/lxc-create-ubuntu-image

@@ -11,7 +11,7 @@ if [ ! "$username" = "root" ]; then
 	exit 1
 fi
 
-cache="/var/cache/lxc/ubuntu"
+cache="/var/cache/lxc"
 suite=$1
 
 arch=$(arch)
@@ -28,8 +28,8 @@ if [ -e "$cache/$suite-$arch.tar.gz" ]; then
 	exit 0
 fi
 
-lucid_packages=dialog,apt,apt-utils,resolvconf,iproute,inetutils-ping,dhcp3-client,ssh,lsb-release,wget,gpgv,gnupg,sudo,ruby,rubygems1.8,ruby-dev,libopenssl-ruby,build-essential,ssl-cert
-natty_packages=dialog,apt,apt-utils,resolvconf,iproute,inetutils-ping,isc-dhcp-client,isc-dhcp-common,ssh,lsb-release,gnupg,netbase,lxcguest,sudo,ruby,rubygems1.8,ruby-dev,libruby,build-essential,wget,ssl-cert
+lucid_packages=dialog,apt,apt-utils,resolvconf,iproute,inetutils-ping,dnsutils,dhcp3-client,ssh,lsb-release,wget,gpgv,gnupg,sudo,ruby,rubygems1.8,ruby-dev,libopenssl-ruby,build-essential,ssl-cert
+natty_packages=dialog,apt,apt-utils,resolvconf,iproute,inetutils-ping,dnsutils,isc-dhcp-client,isc-dhcp-common,ssh,lsb-release,gnupg,netbase,lxcguest,sudo,ruby,rubygems1.8,ruby-dev,libruby,build-essential,wget,ssl-cert
 # check the mini ubuntu was not already downloaded
 rm -rf "$cache/$suite-$arch"
 mkdir -p "$cache/$suite-$arch"

data/scripts/bin/ubuntu/lxc-prepare-host

@@ -0,0 +1,190 @@
+#!/bin/bash
+
+username=`id -nu`	
+if [ ! "$username" = "root" ]; then
+	echo "This command has to be run as root!"
+	exit 1
+fi
+
+OS=`cat /etc/issue | cut -f 1 -d " " -s`
+
+
+gateway_ip="192.168.20.1"
+subnet="192.168.20.0"
+netmask="255.255.255.0"
+range="192.168.20.2 192.168.20.254"
+domain=foo
+
+# setup bridge and nat
+if [[ ! `ip link ls dev br0` ]]; then
+	brctl addbr br0
+	ifconfig br0 $gateway_ip netmask $netmask up
+	iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+	sysctl -w net.ipv4.ip_forward=1
+fi
+
+if [[ ! `grep "auto br0" /etc/network/interfaces` ]]; then
+	cat <<EOF >> /etc/network/interfaces
+auto br0
+iface br0 inet static
+address $gateway_ip
+netmask $netmask
+bridge_stp off
+bridge_maxwait 5
+pre-up brctl addbr br0
+post-up /usr/sbin/brctl setfd br0 0
+EOF
+fi
+
+iptables-save > /etc/firewall.conf
+echo "#!/bin/sh" > /etc/network/if-up.d/iptables 
+echo "iptables-restore < /etc/firewall.conf" >> /etc/network/if-up.d/iptables 
+chmod +x /etc/network/if-up.d/iptables
+
+# setup cgroup
+if [[ ! -d /cgroup ]]; then
+	mkdir -p /cgroup
+fi
+
+if [[ ! `mount | grep cgroup` ]]; then
+	mount none -t cgroup /cgroup
+fi
+
+if [[ ! `grep "/cgroup" /etc/fstab` ]]; then
+	cat <<EOF >> /etc/fstab
+none /cgroup cgroup defaults 0 0
+EOF
+fi
+
+# setup nameserver
+cat <<EOF > /etc/bind/db.foo
+\$ORIGIN $domain.
+\$TTL 7200	; 2 hours
+@				IN SOA	ns1.$domain. hostmaster.$domain. (
+				3641625943 ; serial
+				36000      ; refresh (10 hours)
+				900        ; retry (15 minutes)
+				36000      ; expire (10 hours)
+				7200       ; minimum (2 hours)
+				)
+			NS	ns1.$domain.
+ns1		A	$gateway_ip
+EOF
+
+cat <<EOF > /etc/bind/named.conf.$domain
+zone "$domain" in{
+	type master;
+	file "/etc/bind/db.$domain";
+	allow-update {any;};
+};
+EOF
+
+## set bind to forward original nameservers
+original_nameservers=`grep nameserver /etc/resolv.conf | cut -d " " -f2 | sed s/$gateway_ip//`
+bind_forward_options=''
+if [[ -n `echo $original_nameservers | tr -d ' \n\t\r'` ]]; then
+	bind_forward_options="forwarders {
+		`echo $original_nameservers | xargs -n 1 | awk '{ print $1";" }'`	
+	};
+	forward first;"
+fi
+
+cat <<EOF > /etc/bind/named.conf.options.foo
+options {
+	directory "/var/cache/bind";
+	$bind_forward_options
+	auth-nxdomain no;    # conform to RFC1035
+	listen-on-v6 { any; };
+};
+EOF
+
+# debian bind9 package does not have this default-zones file
+# add this file to make it consistent between debian and ubuntu
+cat <<EOF > /etc/bind/named.conf.default-zones
+// prime the server with knowledge of the root servers
+zone "." {
+	type hint;
+	file "/etc/bind/db.root";
+};
+
+// be authoritative for the localhost forward and reverse zones, and for
+// broadcast zones as per RFC 1912
+
+zone "localhost" {
+	type master;
+	file "/etc/bind/db.local";
+};
+
+zone "127.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.127";
+};
+
+zone "0.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.0";
+};
+
+zone "255.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.255";
+};
+EOF
+
+mv /etc/bind/named.conf /etc/bind/named.conf.old
+cat <<EOF > /etc/bind/named.conf
+include "/etc/bind/named.conf.options.foo";
+include "/etc/bind/named.conf.local";
+include "/etc/bind/named.conf.default-zones";
+include "/etc/bind/named.conf.$domain";
+EOF
+
+sudo chmod 775 /etc/bind
+
+/etc/init.d/bind9 restart
+
+# add our nameserver into /etc/resolv.conf
+if [[ ! `grep "nameserver $gateway_ip" /etc/resolv.conf` ]]; then
+	cp /etc/resolv.conf /etc/resolv.conf.old
+	cat <<EOF > /etc/resolv.conf
+nameserver $gateway_ip
+`cat /etc/resolv.conf`
+EOF
+fi
+
+# setup dhcp server
+if [[ $OS = "Ubuntu" ]]; then
+	dhcp_conf_dir=dhcp
+	dhcp_daemon=isc-dhcp-server
+else
+	dhcp_conf_dir=dhcp3
+	dhcp_daemon=dhcp3-server
+fi
+
+mv /etc/$dhcp_conf_dir/dhcpd.conf /etc/$dhcp_conf_dir/dhcpd.conf.old
+cat <<EOF > /etc/$dhcp_conf_dir/dhcpd.conf
+ddns-updates on;
+ddns-update-style interim;
+
+ddns-domainname "$domain.";
+option domain-name "$domain.";
+option domain-name-servers $gateway_ip;
+
+option ntp-servers $gateway_ip;
+default-lease-time 600;
+max-lease-time 7200;
+
+authoritative;
+log-facility local7;
+
+zone $domain. {
+   primary localhost;
+}
+
+subnet $subnet netmask $netmask {
+   range $range;
+   option routers $gateway_ip;
+}
+EOF
+sudo /etc/init.d/$dhcp_daemon restart
+

data/scripts/cookbooks/lxc/recipes/default.rb

@@ -23,26 +23,20 @@ mount "/cgroup" do
   action [:mount, :enable]
 end
 
-template "/usr/lib/lxc/templates/lxc-lucid-chef" do
-  source "lxc-lucid-chef"
+template "/usr/lib/lxc/templates/lxc-lucid" do
+  source "lxc-lucid"
   mode "0755"
   action :create
 end
 
-template "/usr/lib/lxc/templates/lxc-natty-chef" do
-  source "lxc-natty-chef"
+template "/usr/lib/lxc/templates/lxc-natty" do
+  source "lxc-natty"
   mode "0755"
   action :create
 end
 
-cookbook_file "/usr/local/bin/lxc-create-ubuntu-image" do
-  source "lxc-create-ubuntu-image"
+template "/usr/lib/lxc/templates/lxc-centos-6" do
+  source "lxc-centos-6"
   mode "0755"
-end
-
-bash "create ubuntu rootfs image ... this will take a while" do
-  code <<-EOH
-/usr/local/bin/lxc-create-ubuntu-image natty
-EOH
-end
- 
+  action :create
+end

data/scripts/{ubuntu/lxc-templates → cookbooks/lxc/templates/default}/lxc-centos-6

@@ -24,7 +24,7 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCguB7XL3ARzLZYLsIMZe4UUO371m+H5C6V8MhtmSl
 	# add default route to host
 	cat <<EOF > $rootfs/etc/rc.local
 #!/bin/sh -e
-route add default gw 192.168.20.1
+route add default gw <%= node.network.gateway_ip %>
 exit 0
 EOF
 
@@ -97,7 +97,7 @@ copy_centos()
 
 install_centos()
 {
-    cache="/var/cache/lxc/centos"
+    cache="/var/cache/lxc"
     rootfs=$1
     mkdir -p /var/lock/subsys/
     (
@@ -108,6 +108,10 @@ install_centos()
 	fi
 
 	arch=$(arch)
+	if [ "$arch" == "x86_64" ]; then
+	    arch=amd64
+	fi
+
 	if [ "$arch" == "i686" ]; then
 	    arch=i386
 	fi
@@ -194,7 +198,7 @@ EOF
 
 clean()
 {
-    cache="/var/cache/lxc/centos"
+    cache="/var/cache/lxc"
 
     if [ ! -e $cache ]; then
 	exit 0

data/scripts/cookbooks/lxc/templates/default/{lxc-lucid-chef → lxc-lucid}

@@ -149,7 +149,7 @@ copy_ubuntu()
 
 install_ubuntu()
 {
-    cache="/var/cache/lxc/ubuntu"
+    cache="/var/cache/lxc"
     rootfs=$1
     mkdir -p /var/lock/subsys/
     (
@@ -237,7 +237,7 @@ EOF
 
 clean()
 {
-    cache="/var/cache/lxc/ubuntu"
+    cache="/var/cache/lxc"
 
     if [ ! -e $cache ]; then
 	exit 0

data/scripts/cookbooks/lxc/templates/default/{lxc-natty-chef → lxc-natty}

@@ -70,7 +70,7 @@ copy_ubuntu()
 
 install_ubuntu()
 {
-    cache="/var/cache/lxc/ubuntu"
+    cache="/var/cache/lxc"
     rootfs=$1
     mkdir -p /var/lock/subsys/
     (
@@ -158,7 +158,7 @@ EOF
 
 clean()
 {
-    cache="/var/cache/lxc/ubuntu"
+    cache="/var/cache/lxc"
 
     if [ ! -e $cache ]; then
 	exit 0

data/scripts/lxc-templates/files/rc.local

@@ -0,0 +1,38 @@
+#!/bin/bash
+
+hostname=`hostname`
+gateway_ip="192.168.20.1"
+domain=foo
+
+function get_ip {
+	echo `ifconfig eth0 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'`
+}
+
+function update_ns {
+	ip=`get_ip`
+	# add default route to host and update ns
+	cat <<END > /tmp/nsupdate.txt
+server $gateway_ip
+update delete ${hostname}.$domain
+update add ${hostname}.$domain  86400 A $ip
+send
+END
+
+	route add default gw $gateway_ip
+	nsupdate /tmp/nsupdate.txt
+}
+
+if [[ -n `get_ip` ]] ; then # if manually set ip address
+	# use host dns server
+	rm /etc/resolv.conf
+	cat <<END > /etc/resolv.conf
+nameserver $gateway_ip
+domain $domain
+search $domain
+END
+else # if ip not set, use dhcp
+	/sbin/dhclient eth0
+fi
+
+update_ns
+exit 0