Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Clean up how lxc-create is called - more generic.

Added a doc string about assumptions we make for containers that are
created.
  • Loading branch information...
commit 7abbcfd71aad5aa62e87ccaf7cd291579815adbb 1 parent b802c6e
sundbp sundbp authored
Showing with 726 additions and 15 deletions.
  1. +708 −0 resources/lxc/lxc-ubuntu-root
  2. +18 −15 src/lxc_crate/lxc.clj
708 resources/lxc/lxc-ubuntu-root
View
@@ -0,0 +1,708 @@
+#!/bin/bash
+
+#
+# template script for generating ubuntu container for LXC
+#
+# This script consolidates and extends the existing lxc ubuntu scripts
+#
+
+# Copyright © 2011 Serge Hallyn <serge.hallyn@canonical.com>
+# Copyright © 2010 Wilhelm Meier
+# Author: Wilhelm Meier <wilhelm.meier@fh-kl.de>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2, as
+# published by the Free Software Foundation.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+set -e
+
+if [ -r /etc/default/lxc ]; then
+ . /etc/default/lxc
+fi
+
+configure_ubuntu()
+{
+ rootfs=$1
+ hostname=$2
+ release=$3
+
+ # configure the network using the dhcp
+ cat <<EOF > $rootfs/etc/network/interfaces
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+auto eth0
+iface eth0 inet dhcp
+EOF
+
+ # set the hostname
+ cat <<EOF > $rootfs/etc/hostname
+$hostname
+EOF
+ # set minimal hosts
+ cat <<EOF > $rootfs/etc/hosts
+127.0.0.1 localhost
+127.0.1.1 $hostname
+
+# The following lines are desirable for IPv6 capable hosts
+::1 ip6-localhost ip6-loopback
+fe00::0 ip6-localnet
+ff00::0 ip6-mcastprefix
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
+EOF
+
+ if [ ! -f $rootfs/etc/init/container-detect.conf ]; then
+ # suppress log level output for udev
+ sed -i "s/=\"err\"/=0/" $rootfs/etc/udev/udev.conf
+
+ # remove jobs for consoles 5 and 6 since we only create 4 consoles in
+ # this template
+ rm -f $rootfs/etc/init/tty{5,6}.conf
+ fi
+
+ #if [ -z "$bindhome" ]; then
+ # chroot $rootfs useradd --create-home -s /bin/bash ubuntu
+ # echo "ubuntu:ubuntu" | chroot $rootfs chpasswd
+ #fi
+
+ return 0
+}
+
+# finish setting up the user in the container by injecting ssh key and
+# adding sudo group membership.
+# passed-in user is either 'ubuntu' or the user to bind in from host.
+finalize_user()
+{
+ user=$1
+
+ sudo_version=$(chroot $rootfs dpkg-query -W -f='${Version}' sudo)
+
+ if chroot $rootfs dpkg --compare-versions $sudo_version gt "1.8.3p1-1"; then
+ groups="sudo"
+ else
+ groups="sudo admin"
+ fi
+
+ #for group in $groups; do
+ # chroot $rootfs groupadd --system $group >/dev/null 2>&1 || true
+ # chroot $rootfs adduser ${user} $group >/dev/null 2>&1 || true
+ #done
+
+ if [ -n "$auth_key" -a -f "$auth_key" ]; then
+ u_path="/root/.ssh"
+ root_u_path="$rootfs/$u_path"
+
+ mkdir -p $root_u_path
+ cp $auth_key "$root_u_path/authorized_keys"
+ chroot $rootfs chown -R root: "$u_path"
+
+ echo "Inserted SSH public key from $auth_key into /root/.ssh/authorized_keys"
+ fi
+ return 0
+}
+
+write_sourceslist()
+{
+ # $1 => path to the rootfs
+ # $2 => architecture we want to add
+ # $3 => whether to use the multi-arch syntax or not
+
+ case $2 in
+ amd64|i386)
+ MIRROR=${MIRROR:-http://archive.ubuntu.com/ubuntu}
+ SECURITY_MIRROR=${SECURITY_MIRROR:-http://security.ubuntu.com/ubuntu}
+ ;;
+ *)
+ MIRROR=${MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
+ SECURITY_MIRROR=${SECURITY_MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
+ ;;
+ esac
+ if [ -n "$3" ]; then
+ cat >> "$1/etc/apt/sources.list" << EOF
+deb [arch=$2] $MIRROR ${release} main restricted universe multiverse
+deb [arch=$2] $MIRROR ${release}-updates main restricted universe multiverse
+deb [arch=$2] $SECURITY_MIRROR ${release}-security main restricted universe multiverse
+EOF
+ else
+ cat >> "$1/etc/apt/sources.list" << EOF
+deb $MIRROR ${release} main restricted universe multiverse
+deb $MIRROR ${release}-updates main restricted universe multiverse
+deb $SECURITY_MIRROR ${release}-security main restricted universe multiverse
+EOF
+ fi
+}
+
+cleanup()
+{
+ rm -rf $cache/partial-$arch
+ rm -rf $cache/rootfs-$arch
+}
+
+suggest_flush()
+{
+ echo "Container upgrade failed. The container cache may be out of date,"
+ echo "in which case flushing the case (see -F in the hep output) may help."
+}
+
+download_ubuntu()
+{
+ cache=$1
+ arch=$2
+ release=$3
+
+ packages=vim,ssh
+ echo "installing packages: $packages"
+
+ trap cleanup EXIT SIGHUP SIGINT SIGTERM
+ # check the mini ubuntu was not already downloaded
+ mkdir -p "$cache/partial-$arch"
+ if [ $? -ne 0 ]; then
+ echo "Failed to create '$cache/partial-$arch' directory"
+ return 1
+ fi
+
+ # download a mini ubuntu into a cache
+ echo "Downloading ubuntu $release minimal ..."
+ if [ -n "$(which qemu-debootstrap)" ]; then
+ qemu-debootstrap --verbose --components=main,universe --arch=$arch --include=$packages $release $cache/partial-$arch $MIRROR
+ else
+ debootstrap --verbose --components=main,universe --arch=$arch --include=$packages $release $cache/partial-$arch $MIRROR
+ fi
+
+ if [ $? -ne 0 ]; then
+ echo "Failed to download the rootfs, aborting."
+ return 1
+ fi
+
+ # Serge isn't sure whether we should avoid doing this when
+ # $release == `distro-info -d`
+ echo "Installing updates"
+ > $cache/partial-$arch/etc/apt/sources.list
+ write_sourceslist $cache/partial-$arch/ $arch
+
+ chroot "$1/partial-${arch}" apt-get update
+ if [ $? -ne 0 ]; then
+ echo "Failed to update the apt cache"
+ return 1
+ fi
+ cat > "$1/partial-${arch}"/usr/sbin/policy-rc.d << EOF
+#!/bin/sh
+exit 101
+EOF
+ chmod +x "$1/partial-${arch}"/usr/sbin/policy-rc.d
+
+ lxc-unshare -s MOUNT -- chroot "$1/partial-${arch}" apt-get dist-upgrade -y || { suggest_flush; false; }
+ rm -f "$1/partial-${arch}"/usr/sbin/policy-rc.d
+
+ chroot "$1/partial-${arch}" apt-get clean
+
+ mv "$1/partial-$arch" "$1/rootfs-$arch"
+ trap EXIT
+ trap SIGINT
+ trap SIGTERM
+ trap SIGHUP
+ echo "Download complete"
+ return 0
+}
+
+copy_ubuntu()
+{
+ cache=$1
+ arch=$2
+ rootfs=$3
+
+ # make a local copy of the miniubuntu
+ echo "Copying rootfs to $rootfs ..."
+ mkdir -p $rootfs
+ rsync -a $cache/rootfs-$arch/ $rootfs/ || return 1
+ return 0
+}
+
+install_ubuntu()
+{
+ rootfs=$1
+ release=$2
+ flushcache=$3
+ cache="/var/cache/lxc/$release"
+ mkdir -p /var/lock/subsys/
+
+ (
+ flock -x 200
+ if [ $? -ne 0 ]; then
+ echo "Cache repository is busy."
+ return 1
+ fi
+
+
+ if [ $flushcache -eq 1 ]; then
+ echo "Flushing cache..."
+ rm -rf "$cache/partial-$arch"
+ rm -rf "$cache/rootfs-$arch"
+ fi
+
+ echo "Checking cache download in $cache/rootfs-$arch ... "
+ if [ ! -e "$cache/rootfs-$arch" ]; then
+ download_ubuntu $cache $arch $release
+ if [ $? -ne 0 ]; then
+ echo "Failed to download 'ubuntu $release base'"
+ return 1
+ fi
+ fi
+
+ echo "Copy $cache/rootfs-$arch to $rootfs ... "
+ copy_ubuntu $cache $arch $rootfs
+ if [ $? -ne 0 ]; then
+ echo "Failed to copy rootfs"
+ return 1
+ fi
+
+ return 0
+
+ ) 200>/var/lock/subsys/lxc
+
+ return $?
+}
+
+copy_configuration()
+{
+ path=$1
+ rootfs=$2
+ name=$3
+ arch=$4
+ release=$5
+
+ if [ $arch = "i386" ]; then
+ arch="i686"
+ fi
+
+ ttydir=""
+ if [ -f $rootfs/etc/init/container-detect.conf ]; then
+ ttydir=" lxc"
+ fi
+
+ # if there is exactly one veth network entry, make sure it has an
+ # associated hwaddr.
+ nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l`
+ if [ $nics -eq 1 ]; then
+ grep -q "^lxc.network.hwaddr" $path/config || cat <<EOF >> $path/config
+lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')
+EOF
+ fi
+
+ grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config
+ cat <<EOF >> $path/config
+lxc.utsname = $name
+
+lxc.devttydir =$ttydir
+lxc.tty = 4
+lxc.pts = 1024
+lxc.mount = $path/fstab
+lxc.arch = $arch
+lxc.cap.drop = sys_module mac_admin mac_override
+lxc.pivotdir = lxc_putold
+
+# uncomment the next line to run the container unconfined:
+#lxc.aa_profile = unconfined
+
+lxc.cgroup.devices.deny = a
+# Allow any mknod (but not using the node)
+lxc.cgroup.devices.allow = c *:* m
+lxc.cgroup.devices.allow = b *:* m
+# /dev/null and zero
+lxc.cgroup.devices.allow = c 1:3 rwm
+lxc.cgroup.devices.allow = c 1:5 rwm
+# consoles
+lxc.cgroup.devices.allow = c 5:1 rwm
+lxc.cgroup.devices.allow = c 5:0 rwm
+#lxc.cgroup.devices.allow = c 4:0 rwm
+#lxc.cgroup.devices.allow = c 4:1 rwm
+# /dev/{,u}random
+lxc.cgroup.devices.allow = c 1:9 rwm
+lxc.cgroup.devices.allow = c 1:8 rwm
+lxc.cgroup.devices.allow = c 136:* rwm
+lxc.cgroup.devices.allow = c 5:2 rwm
+# rtc
+lxc.cgroup.devices.allow = c 254:0 rwm
+#fuse
+lxc.cgroup.devices.allow = c 10:229 rwm
+#tun
+lxc.cgroup.devices.allow = c 10:200 rwm
+#full
+lxc.cgroup.devices.allow = c 1:7 rwm
+#hpet
+lxc.cgroup.devices.allow = c 10:228 rwm
+#kvm
+lxc.cgroup.devices.allow = c 10:232 rwm
+EOF
+
+ cat <<EOF > $path/fstab
+proc proc proc nodev,noexec,nosuid 0 0
+sysfs sys sysfs defaults 0 0
+EOF
+
+ if [ $? -ne 0 ]; then
+ echo "Failed to add configuration"
+ return 1
+ fi
+
+ return 0
+}
+
+trim()
+{
+ rootfs=$1
+ release=$2
+
+ # provide the lxc service
+ cat <<EOF > $rootfs/etc/init/lxc.conf
+# fake some events needed for correct startup other services
+
+description "Container Upstart"
+
+start on startup
+
+script
+ rm -rf /var/run/*.pid
+ rm -rf /var/run/network/*
+ /sbin/initctl emit stopped JOB=udevtrigger --no-wait
+ /sbin/initctl emit started JOB=udev --no-wait
+end script
+EOF
+
+ # fix buggus runlevel with sshd
+ cat <<EOF > $rootfs/etc/init/ssh.conf
+# ssh - OpenBSD Secure Shell server
+#
+# The OpenSSH server provides secure shell access to the system.
+
+description "OpenSSH server"
+
+start on filesystem
+stop on runlevel [!2345]
+
+expect fork
+respawn
+respawn limit 10 5
+umask 022
+# replaces SSHD_OOM_ADJUST in /etc/default/ssh
+oom never
+
+pre-start script
+ test -x /usr/sbin/sshd || { stop; exit 0; }
+ test -e /etc/ssh/sshd_not_to_be_run && { stop; exit 0; }
+ test -c /dev/null || { stop; exit 0; }
+
+ mkdir -p -m0755 /var/run/sshd
+end script
+
+# if you used to set SSHD_OPTS in /etc/default/ssh, you can change the
+# 'exec' line here instead
+exec /usr/sbin/sshd
+EOF
+
+ cat <<EOF > $rootfs/etc/init/console.conf
+# console - getty
+#
+# This service maintains a console on tty1 from the point the system is
+# started until it is shut down again.
+
+start on stopped rc RUNLEVEL=[2345]
+stop on runlevel [!2345]
+
+respawn
+exec /sbin/getty -8 38400 /dev/console
+EOF
+
+ cat <<EOF > $rootfs/lib/init/fstab
+# /lib/init/fstab: cleared out for bare-bones lxc
+EOF
+
+ # reconfigure some services
+ if [ -z "$LANG" ]; then
+ chroot $rootfs locale-gen en_US.UTF-8
+ chroot $rootfs update-locale LANG=en_US.UTF-8
+ else
+ chroot $rootfs locale-gen $LANG
+ chroot $rootfs update-locale LANG=$LANG
+ fi
+
+ # remove pointless services in a container
+ chroot $rootfs /usr/sbin/update-rc.d -f ondemand remove
+
+ chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls u*.conf); do mv $f $f.orig; done'
+ chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls tty[2-9].conf); do mv $f $f.orig; done'
+ chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls plymouth*.conf); do mv $f $f.orig; done'
+ chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls hwclock*.conf); do mv $f $f.orig; done'
+ chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls module*.conf); do mv $f $f.orig; done'
+
+ # if this isn't lucid, then we need to twiddle the network upstart bits :(
+ if [ $release != "lucid" ]; then
+ sed -i 's/^.*emission handled.*$/echo Emitting lo/' $rootfs/etc/network/if-up.d/upstart
+ fi
+}
+
+post_process()
+{
+ rootfs=$1
+ release=$2
+ trim_container=$3
+
+ if [ $trim_container -eq 1 ]; then
+ trim $rootfs $release
+ elif [ ! -f $rootfs/etc/init/container-detect.conf ]; then
+ # Make sure we have a working resolv.conf
+ cresolvonf="${rootfs}/etc/resolv.conf"
+ mv $cresolvonf ${cresolvonf}.lxcbak
+ cat /etc/resolv.conf > ${cresolvonf}
+
+ # for lucid, if not trimming, then add the ubuntu-virt
+ # ppa and install lxcguest
+ if [ $release = "lucid" ]; then
+ chroot $rootfs apt-get update
+ chroot $rootfs apt-get install --force-yes -y python-software-properties
+ chroot $rootfs add-apt-repository ppa:ubuntu-virt/ppa
+ fi
+
+ chroot $rootfs apt-get update
+ chroot $rootfs apt-get install --force-yes -y lxcguest
+
+ # Restore old resolv.conf
+ rm -f ${cresolvonf}
+ mv ${cresolvonf}.lxcbak ${cresolvonf}
+ fi
+
+ # If the container isn't running a native architecture, setup multiarch
+ if [ -x "$(ls -1 ${rootfs}/usr/bin/qemu-*-static 2>/dev/null)" ]; then
+ dpkg_version=$(chroot $rootfs dpkg-query -W -f='${Version}' dpkg)
+ if chroot $rootfs dpkg --compare-versions $dpkg_version ge "1.16.2"; then
+ chroot $rootfs dpkg --add-architecture ${hostarch}
+ else
+ mkdir -p ${rootfs}/etc/dpkg/dpkg.cfg.d
+ echo "foreign-architecture ${hostarch}" > ${rootfs}/etc/dpkg/dpkg.cfg.d/lxc-multiarch
+ fi
+
+ # Save existing value of MIRROR and SECURITY_MIRROR
+ DEFAULT_MIRROR=$MIRROR
+ DEFAULT_SECURITY_MIRROR=$SECURITY_MIRROR
+
+ # Write a new sources.list containing both native and multiarch entries
+ > ${rootfs}/etc/apt/sources.list
+ write_sourceslist $rootfs $arch "native"
+
+ MIRROR=$DEFAULT_MIRROR
+ SECURITY_MIRROR=$DEFAULT_SECURITY_MIRROR
+ write_sourceslist $rootfs $hostarch "multiarch"
+
+ # Finally update the lists and install upstart using the host architecture
+ chroot $rootfs apt-get update
+ chroot $rootfs apt-get install --force-yes -y --no-install-recommends upstart:${hostarch} mountall:${hostarch} iproute:${hostarch} isc-dhcp-client:${hostarch}
+ fi
+
+ # rmdir /dev/shm for containers that have /run/shm
+ # I'm afraid of doing rm -rf $rootfs/dev/shm, in case it did
+ # get bind mounted to the host's /run/shm. So try to rmdir
+ # it, and in case that fails move it out of the way.
+ if [ ! -L $rootfs/dev/shm ] && [ -d $rootfs/run/shm ] && [ -e $rootfs/dev/shm ]; then
+ mv $rootfs/dev/shm $rootfs/dev/shm.bak
+ ln -s /run/shm $rootfs/dev/shm
+ fi
+}
+
+do_bindhome()
+{
+ rootfs=$1
+ user=$2
+
+ # copy /etc/passwd, /etc/shadow, and /etc/group entries into container
+ pwd=`getent passwd $user` || { echo "Failed to copy password entry for $user"; false; }
+ echo $pwd >> $rootfs/etc/passwd
+
+ # make sure user's shell exists in the container
+ shell=`echo $pwd | cut -d: -f 7`
+ if [ ! -x $rootfs/$shell ]; then
+ echo "shell $shell for user $user was not found in the container."
+ pkg=`dpkg -S $(readlink -m $shell) | cut -d ':' -f1`
+ echo "Installing $pkg"
+ chroot $rootfs apt-get --force-yes -y install $pkg
+ fi
+
+ shad=`getent shadow $user`
+ echo "$shad" >> $rootfs/etc/shadow
+
+ # bind-mount the user's path into the container's /home
+ h=`getent passwd $user | cut -d: -f 6`
+ mkdir -p $rootfs/$h
+
+ # use relative path in container
+ h2=${h#/}
+ while [ ${h2:0:1} = "/" ]; do
+ h2=${h2#/}
+ done
+ echo "$h $h2 none bind 0 0" >> $path/fstab
+
+ # Make sure the group exists in container
+ grp=`echo $pwd | cut -d: -f 4` # group number for $user
+ grpe=`getent group $grp` || return 0 # if host doesn't define grp, ignore in container
+ chroot $rootfs getent group "$grpe" || echo "$grpe" >> $rootfs/etc/group
+}
+
+usage()
+{
+ cat <<EOF
+$1 -h|--help [-a|--arch] [-b|--bindhome <user>] [--trim] [-d|--debug]
+ [-F | --flush-cache] [-r|--release <release>] [ -S | --auth-key <keyfile>]
+release: the ubuntu release (e.g. precise): defaults to host release on ubuntu, otherwise uses latest LTS
+trim: make a minimal (faster, but not upgrade-safe) container
+bindhome: bind <user>'s home into the container
+ The ubuntu user will not be created, and <user> will have
+ sudo access.
+arch: the container architecture (e.g. amd64): defaults to host arch
+auth-key: SSH Public key file to inject into container
+EOF
+ return 0
+}
+
+options=$(getopt -o a:b:hp:r:xn:FS:d -l arch:,bindhome:,help,path:,release:,trim,name:,flush-cache,auth-key:,debug -- "$@")
+if [ $? -ne 0 ]; then
+ usage $(basename $0)
+ exit 1
+fi
+eval set -- "$options"
+
+release=precise # Default to the last Ubuntu LTS release for non-Ubuntu systems
+if [ -f /etc/lsb-release ]; then
+ . /etc/lsb-release
+ if [ "$DISTRIB_ID" = "Ubuntu" ]; then
+ release=$DISTRIB_CODENAME
+ fi
+fi
+
+bindhome=
+arch=$(arch)
+
+# Code taken from debootstrap
+if [ -x /usr/bin/dpkg ] && /usr/bin/dpkg --print-architecture >/dev/null 2>&1; then
+ arch=`/usr/bin/dpkg --print-architecture`
+elif type udpkg >/dev/null 2>&1 && udpkg --print-architecture >/dev/null 2>&1; then
+ arch=`/usr/bin/udpkg --print-architecture`
+else
+ arch=$(arch)
+ if [ "$arch" = "i686" ]; then
+ arch="i386"
+ elif [ "$arch" = "x86_64" ]; then
+ arch="amd64"
+ elif [ "$arch" = "armv7l" ]; then
+ arch="armel"
+ fi
+fi
+
+debug=0
+trim_container=0
+hostarch=$arch
+flushcache=0
+while true
+do
+ case "$1" in
+ -h|--help) usage $0 && exit 0;;
+ -p|--path) path=$2; shift 2;;
+ -n|--name) name=$2; shift 2;;
+ -F|--flush-cache) flushcache=1; shift 1;;
+ -r|--release) release=$2; shift 2;;
+ -b|--bindhome) bindhome=$2; shift 2;;
+ -a|--arch) arch=$2; shift 2;;
+ -x|--trim) trim_container=1; shift 1;;
+ -S|--auth-key) auth_key=$2; shift 2;;
+ -d|--debug) debug=1; shift 1;;
+ --) shift 1; break ;;
+ *) break ;;
+ esac
+done
+
+if [ $debug -eq 1 ]; then
+ set -x
+fi
+
+if [ -n "$bindhome" ]; then
+ pwd=`getent passwd $bindhome`
+ if [ $? -ne 0 ]; then
+ echo "Error: no password entry found for $bindhome"
+ exit 1
+ fi
+fi
+
+
+if [ "$arch" == "i686" ]; then
+ arch=i386
+fi
+
+if [ $hostarch = "i386" -a $arch = "amd64" ]; then
+ echo "can't create amd64 container on i386"
+ exit 1
+fi
+
+type debootstrap
+if [ $? -ne 0 ]; then
+ echo "'debootstrap' command is missing"
+ exit 1
+fi
+
+if [ -z "$path" ]; then
+ echo "'path' parameter is required"
+ exit 1
+fi
+
+if [ "$(id -u)" != "0" ]; then
+ echo "This script should be run as 'root'"
+ exit 1
+fi
+
+# detect rootfs
+config="$path/config"
+if grep -q '^lxc.rootfs' $config 2>/dev/null ; then
+ rootfs=`grep 'lxc.rootfs =' $config | awk -F= '{ print $2 }'`
+else
+ rootfs=$path/rootfs
+fi
+
+install_ubuntu $rootfs $release $flushcache
+if [ $? -ne 0 ]; then
+ echo "failed to install ubuntu $release"
+ exit 1
+fi
+
+configure_ubuntu $rootfs $name $release
+if [ $? -ne 0 ]; then
+ echo "failed to configure ubuntu $release for a container"
+ exit 1
+fi
+
+copy_configuration $path $rootfs $name $arch $release
+if [ $? -ne 0 ]; then
+ echo "failed write configuration file"
+ exit 1
+fi
+
+post_process $rootfs $release $trim_container
+
+finalize_user root
+
+echo ""
+echo "##"
+echo "# The default user is 'root' with ssh auth."
+echo "##"
+echo ""
33 src/lxc_crate/lxc.clj
View
@@ -66,11 +66,6 @@
(relink-var-lib-lxc-to-home)
(install-ovs-scripts))
-(defplan create-lxc-container
- "Create a new LXC container"
- []
- )
-
(defplan setup-image-server
"Perform all setup needed to make a host an LXC image server."
[]
@@ -90,11 +85,22 @@
:values {:mac mac})))
(defplan create-base-container
- "Create a base container, just the lxc-create step."
- [name conf-file template release auth-key-path]
- (actions/exec-checked-script
- "Create a base container via lxc-create"
- ("lxc-create -n" ~name "-f" ~conf-file "-t" ~template "-- --release" ~release "--auth-key" ~auth-key-path)))
+ "Create a base container, just the lxc-create step.
+ Note: we assume that with the args and the template used after running this
+ we have a container with a known root user ssh key approved.
+ See resources/lxc/lxc-root-ubuntu for an example template.
+ If :auth-key-path key is given it's added to the end of the template-args,
+ which works well with the ubuntu style tempaltes. For other targets work is
+ needed."
+ [name conf-file create-conf & {:keys [auth-key-path]}]
+ (let [template (:t create-conf)
+ template-args (reduce str "" (map (fn [[k v]] (format " --%s %s" (name k) v)) (:template-args create-conf)))
+ template-args (if auth-key-path
+ (str template-args (format " --auth-key %s" auth-key-path))
+ template-args)]
+ (actions/exec-checked-script
+ "Create a base container via lxc-create"
+ ("lxc-create -n" ~name "-f" ~conf-file "-t" ~template "--" ~template-args))))
(defplan boot-up-container
"Boot a given container"
@@ -213,13 +219,10 @@
("sleep 5")
("rm -rf" ~image-dir)))
- ;; TODO: refactor to generate a string of args here and pass the args
- ;; more generic
(create-base-container container-hostname
remote-config-file
- (get-in spec [:lxc-create :t])
- (get-in spec [:lxc-create :template-args :release])
- remote-ssh-key-path)
+ (get spec :lxc-crete)
+ :auth-key-path remote-ssh-key-path)
(when (and (not tmp-run) (:image-url spec))
(let [image-url (:image-url spec)
Please sign in to comment.
Something went wrong with that request. Please try again.