|
@@ -44,9 +44,6 @@ cache_base=/var/cache/lxc/vinelinux
|
|
|
default_path=/var/lib/lxc
|
|
|
default_profile=default
|
|
|
profile_dir=/etc/lxc/profiles
|
|
|
-root_password=vineroot
|
|
|
-default_user=vine
|
|
|
-default_user_password=vine123
|
|
|
lxc_network_type=veth
|
|
|
lxc_network_link=lxcbr0
|
|
|
|
|
@@ -198,8 +195,8 @@ EOF
|
|
|
echo ${root_password} > ${config_path}/tmp_root_pass
|
|
|
echo "Storing root password in '${config_path}/tmp_root_pass'"
|
|
|
|
|
|
- # create default user 'vine'
|
|
|
- echo "Create default user 'vine'"
|
|
|
+ # create default user.
|
|
|
+ echo "Create default user '${default_user}'"
|
|
|
chroot ${rootfs_path} /usr/sbin/useradd -G wheel ${default_user}
|
|
|
echo "Setting default user \'${default_user}\' password to $default_user_password"
|
|
|
echo "${default_user}:${default_user_password}" | chroot $rootfs_path chpasswd
|
|
@@ -265,10 +262,14 @@ copy_vinelinux()
|
|
|
|
|
|
# make a local copy of the minivinelinux
|
|
|
echo -n "Copying rootfs to $rootfs_path ..."
|
|
|
- #cp -a $cache/rootfs-$arch $rootfs_path || return 1
|
|
|
- # i prefer rsync (no reason really)
|
|
|
+ # prefer rsync
|
|
|
mkdir -p $rootfs_path
|
|
|
- rsync -Ha $cache/rootfs/ $rootfs_path/
|
|
|
+ if [ -x /usr/bin/rsync ]; then
|
|
|
+ rsync -Ha $cache/rootfs/ $rootfs_path/
|
|
|
+ else
|
|
|
+ echo "rsync is not found, using cp instead."
|
|
|
+ cp -a $cache/rootfs-$arch $rootfs_path
|
|
|
+ fi
|
|
|
return 0
|
|
|
}
|
|
|
|
|
@@ -317,38 +318,49 @@ install_vinelinux()
|
|
|
return $?
|
|
|
}
|
|
|
|
|
|
-copy_configuration()
|
|
|
+create_hwaddr()
|
|
|
{
|
|
|
+ openssl rand -hex 5 | sed -e 's/\(..\)/:\1/g; s/^/fe/'
|
|
|
+}
|
|
|
|
|
|
+copy_configuration()
|
|
|
+{
|
|
|
mkdir -p $config_path
|
|
|
- grep -q "^lxc.rootfs" $config_path/config 2>/dev/null || echo "lxc.rootfs = $rootfs_path" >> $config_path/config
|
|
|
- cat <<EOF >> $config_path/config
|
|
|
-lxc.utsname = $name
|
|
|
-lxc.tty = 4
|
|
|
-lxc.pts = 1024
|
|
|
-lxc.cap.drop = sys_module mac_admin mac_override sys_time
|
|
|
-EOF
|
|
|
|
|
|
- if [ "$arch" == "i386" ] && [ "$(uname -i)" == "x86_64" ]; then
|
|
|
- cat <<EOF >> $config_path/config
|
|
|
+ grep -q "^lxc.rootfs" $config_path/config 2>/dev/null || echo "
|
|
|
+lxc.rootfs = $rootfs_path
|
|
|
+" >> $config_path/config
|
|
|
|
|
|
-# lxc container architecture
|
|
|
-lxc.arch = x86
|
|
|
-EOF
|
|
|
+ # The following code is to create static MAC addresses for each
|
|
|
+ # interface in the container. This code will work for multiple
|
|
|
+ # interfaces in the default config.
|
|
|
+ mv $config_path/config $config_path/config.def
|
|
|
+ while read LINE
|
|
|
+ do
|
|
|
+ # This should catch variable expansions from the default config...
|
|
|
+ if expr "${LINE}" : '.*\$' > /dev/null 2>&1
|
|
|
+ then
|
|
|
+ LINE=$(eval "echo \"${LINE}\"")
|
|
|
+ fi
|
|
|
|
|
|
- fi
|
|
|
+ # There is a tab and a space in the regex bracket below!
|
|
|
+ # Seems that \s doesn't work in brackets.
|
|
|
+ KEY=$(expr "${LINE}" : '\s*\([^ ]*\)\s*=')
|
|
|
|
|
|
- cat <<EOF >> $config_path/config
|
|
|
-# When using LXC with apparmor, uncomment the next line to run unconfined:
|
|
|
-#lxc.aa_profile = unconfined
|
|
|
+ if [[ "${KEY}" != "lxc.network.hwaddr" ]]
|
|
|
+ then
|
|
|
+ echo ${LINE} >> $config_path/config
|
|
|
|
|
|
-#networking
|
|
|
-lxc.network.type = $lxc_network_type
|
|
|
-lxc.network.flags = up
|
|
|
-lxc.network.link = $lxc_network_link
|
|
|
-lxc.network.name = veth0
|
|
|
-lxc.network.mtu = 1500
|
|
|
-EOF
|
|
|
+ if [[ "${KEY}" == "lxc.network.link" ]]
|
|
|
+ then
|
|
|
+ echo "lxc.network.hwaddr = $(create_hwaddr)" >> $config_path/config
|
|
|
+ fi
|
|
|
+ fi
|
|
|
+ done < $config_path/config.def
|
|
|
+
|
|
|
+ rm -f $config_path/config.def
|
|
|
+
|
|
|
+ # static network settings
|
|
|
if [ ! -z ${ipv4} ]; then
|
|
|
cat <<EOF >> $config_path/config
|
|
|
lxc.network.ipv4 = $ipv4
|
|
@@ -369,28 +381,25 @@ EOF
|
|
|
#lxc.network.ipv6.gateway = $gw6
|
|
|
#EOF
|
|
|
#fi
|
|
|
- cat <<EOF >> $config_path/config
|
|
|
-#cgroups
|
|
|
-lxc.cgroup.devices.deny = a
|
|
|
-# /dev/null and zero
|
|
|
-lxc.cgroup.devices.allow = c 1:3 rwm
|
|
|
-lxc.cgroup.devices.allow = c 1:5 rwm
|
|
|
-# consoles
|
|
|
-lxc.cgroup.devices.allow = c 5:1 rwm
|
|
|
-lxc.cgroup.devices.allow = c 5:0 rwm
|
|
|
-lxc.cgroup.devices.allow = c 4:0 rwm
|
|
|
-lxc.cgroup.devices.allow = c 4:1 rwm
|
|
|
-# /dev/{,u}random
|
|
|
-lxc.cgroup.devices.allow = c 1:9 rwm
|
|
|
-lxc.cgroup.devices.allow = c 1:8 rwm
|
|
|
-lxc.cgroup.devices.allow = c 136:* rwm
|
|
|
-lxc.cgroup.devices.allow = c 5:2 rwm
|
|
|
-# rtc
|
|
|
-lxc.cgroup.devices.allow = c 10:135 rwm
|
|
|
-
|
|
|
-lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
|
|
|
+
|
|
|
+ # include common configuration
|
|
|
+ if [ -e "/usr/share/lxc/config/vinelinux.common.conf" ]; then
|
|
|
+ echo "
|
|
|
+# Include common configuration
|
|
|
+lxc.include = /usr/share/lxc/config/vinelinux.common.conf
|
|
|
+" >> $config_path/config
|
|
|
+ fi
|
|
|
+
|
|
|
+ # append lxc.utsname
|
|
|
+ echo "lxc.utsname = $utsname" >> $config_path/config
|
|
|
+ if [ "$arch" == "i386" ] && [ "$(uname -i)" == "x86_64" ]; then
|
|
|
+ cat <<EOF >> $config_path/config
|
|
|
+# lxc container architecture
|
|
|
+lxc.arch = x86
|
|
|
EOF
|
|
|
|
|
|
+ fi
|
|
|
+
|
|
|
if [ $? -ne 0 ]; then
|
|
|
echo "Failed to add configuration"
|
|
|
return 1
|
|
@@ -425,12 +434,13 @@ usage()
|
|
|
cat <<EOF
|
|
|
usage:
|
|
|
$1 -n|--name=<container_name>
|
|
|
- [-p|--path=<path>] [-c|--clean] [-R|--release=<Vine Linux release>]
|
|
|
+ [-p|--path=<path>] [-c|--clean]
|
|
|
+ [-R|--release=<Vine Linux release>]
|
|
|
+ [-A|--arch=<arch of the container>]
|
|
|
[-4|--ipv4=<ipv4 address>]
|
|
|
[-g|--gw=<gw address>] [-d|--dns=<dns address>]
|
|
|
[-u|--user=<user>] [--password=<password>]
|
|
|
[-P|--profile=<name of the profile>] [--rootfs=<path>]
|
|
|
- [-A|--arch=<arch of the container>]
|
|
|
[-h|--help]
|
|
|
Mandatory args:
|
|
|
-n,--name container name, used to as an identifier for that container from now on
|
|
@@ -438,18 +448,22 @@ Optional args:
|
|
|
-p,--path path to where the container rootfs will be created, defaults to /var/lib/lxc. The container config will go under /var/lib/lxc in that case
|
|
|
-c,--clean clean the cache
|
|
|
-R,--release Vine Linux release [VineSeed, 6] for the new container, defaults to VineSeed
|
|
|
+ -A,--arch Define what arch the container will be [i386,x86_64]
|
|
|
-4,--ipv4 specify the ipv4 address to assign to the virtualized interface, eg. 192.168.1.123/24
|
|
|
-g,--gw specify the default gw, eg. 192.168.1.1
|
|
|
-d,--dns specify the DNS server, eg. 192.168.1.2
|
|
|
+ -u,--user specify default user name, who can sudo.
|
|
|
+ --password initial password for default user.
|
|
|
+ --fqdn fully qualified domain name (FQDN) for DNS and system naming.
|
|
|
+ --rootpassword initial password for root user.
|
|
|
-P,--profile Profile name is the file name in /etc/lxc/profiles contained packages name for install to cache.
|
|
|
- -A,--arch Define what arch the container will be [i386,x86_64]
|
|
|
---rootfs rootfs path
|
|
|
-h,--help print this help
|
|
|
EOF
|
|
|
return 0
|
|
|
}
|
|
|
|
|
|
-options=$(getopt -o hp:n:P:cR:4:g:d:u:A: -l help,rootfs:,path:,name:,profile:,clean,release:,ipv4:,gw:,dns:,user:,password:,arch: -- "$@")
|
|
|
+options=$(getopt -o hp:n:P:cR:4:g:d:u:A: -l help,rootfs:,path:,name:,profile:,clean,release:,ipv4:,gw:,dns:,user:,password:,arch:,fqdn:,rootpassword: -- "$@")
|
|
|
if [ $? -ne 0 ]; then
|
|
|
usage $(basename $0)
|
|
|
exit 1
|
|
@@ -472,6 +486,8 @@ do
|
|
|
-d|--dns) dns=$2; shift 2;;
|
|
|
-u|--user) default_user=$2; shift 2;;
|
|
|
--password) default_user_password=$2; shift 2;;
|
|
|
+ --rootpassword) root_password=$2; shift 2;;
|
|
|
+ --fqdn) utsname=$2; shift 2;;
|
|
|
--) shift 1; break ;;
|
|
|
*) break ;;
|
|
|
esac
|
|
@@ -517,13 +533,26 @@ if [ -z "$default_user" ]; then
|
|
|
fi
|
|
|
|
|
|
if [ -z "$default_user_password" ]; then
|
|
|
- default_user_password="vine123"
|
|
|
+ default_user_password="$(mktemp -u XXXXXXXX)"
|
|
|
fi
|
|
|
|
|
|
if [ -z "$arch" ]; then
|
|
|
arch="$(uname -i)"
|
|
|
fi
|
|
|
|
|
|
+if [ -z "${utsname}" ]; then
|
|
|
+ utsname=${name}
|
|
|
+fi
|
|
|
+
|
|
|
+if [ $(expr "$utsname" : '.*\..*\.') = 0 ]; then
|
|
|
+ if [[ "$(dnsdomainname)" != "" && "$(dnsdomainname)" != "localdomain" ]]; then
|
|
|
+ utsname=${utsname}.$(dnsdomainname)
|
|
|
+ fi
|
|
|
+fi
|
|
|
+
|
|
|
+if [ -z "${root_password}" ]; then
|
|
|
+ root_password="$(mktemp -u XXXXXXXX)"
|
|
|
+fi
|
|
|
|
|
|
if [ "$(id -u)" != "0" ]; then
|
|
|
echo "This script should be run as 'root'"
|