4 # lxc: linux Container library
6 apt-get install debootstrap
9 # Daniel Lezcano <daniel.lezcano@free.fr>
11 # This library is free software; you can redistribute it and/or
12 # modify it under the terms of the GNU Lesser General Public
13 # License as published by the Free Software Foundation; either
14 # version 2.1 of the License, or (at your option) any later version.
16 # This library is distributed in the hope that it will be useful,
17 # but WITHOUT ANY WARRANTY; without even the implied warranty of
18 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 # Lesser General Public License for more details.
21 # You should have received a copy of the GNU Lesser General Public
22 # License along with this library; if not, write to the Free Software
23 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
30 # configure the inittab
31 cat <<EOF > $rootfs/etc/inittab
33 si::sysinit:/etc/init.d/rcS
34 l0:0:wait:/etc/init.d/rc 0
35 l1:1:wait:/etc/init.d/rc 1
36 l2:2:wait:/etc/init.d/rc 2
37 l3:3:wait:/etc/init.d/rc 3
38 l4:4:wait:/etc/init.d/rc 4
39 l5:5:wait:/etc/init.d/rc 5
40 l6:6:wait:/etc/init.d/rc 6
41 # Normally not reached, but fallthrough in case of emergency.
42 z6:6:respawn:/sbin/sulogin
43 1:2345:respawn:/sbin/getty 38400 console
44 c1:12345:respawn:/sbin/getty 38400 tty1 linux
45 c2:12345:respawn:/sbin/getty 38400 tty2 linux
46 c3:12345:respawn:/sbin/getty 38400 tty3 linux
47 c4:12345:respawn:/sbin/getty 38400 tty4 linux
50 # disable selinux in debian
51 mkdir -p $rootfs/selinux
52 echo 0 > $rootfs/selinux/enforce
54 # by default setup root password with no password
55 cat <<EOF > $rootfs/etc/ssh/sshd_config
58 HostKey /etc/ssh/ssh_host_rsa_key
59 HostKey /etc/ssh/ssh_host_dsa_key
60 UsePrivilegeSeparation yes
61 KeyRegenerationInterval 3600
69 PubkeyAuthentication yes
71 RhostsRSAAuthentication no
72 HostbasedAuthentication no
73 PermitEmptyPasswords yes
74 ChallengeResponseAuthentication no
77 # configure the network using the dhcp
78 cat <<EOF > $rootfs/etc/network/interfaces
80 iface lo inet loopback
87 cat <<EOF > $rootfs/etc/hostname
91 # reconfigure some services
92 chroot $rootfs /usr/sbin/dpkg-reconfigure locales
94 # remove pointless services in a container
95 chroot $rootfs /usr/sbin/update-rc.d -f umountfs remove
96 chroot $rootfs /usr/sbin/update-rc.d -f hwclock.sh remove
97 chroot $rootfs /usr/sbin/update-rc.d -f hwclockfirst.sh remove
117 # check the mini debian was not already downloaded
118 mkdir -p "$cache/partial-$arch"
119 if [ $? -ne 0 ]; then
120 echo "Failed to create '$cache/partial-$arch' directory"
124 # download a mini debian into a cache
125 echo "Downloading debian minimal ..."
126 debootstrap --verbose --variant=minbase --arch=$arch \
127 --include $packages \
128 lenny $cache/partial-$arch http://ftp.debian.org/debian
129 if [ $? -ne 0 ]; then
130 echo "Failed to download the rootfs, aborting."
134 mv "$1/partial-$arch" "$1/rootfs-$arch"
135 echo "Download complete."
145 # make a local copy of the minidebian
146 echo -n "Copying rootfs to $rootfs..."
147 cp -a $cache/rootfs-$arch $rootfs || return 1
153 cache="/var/cache/lxc/debian"
155 mkdir -p /var/lock/subsys/
158 if [ $? -ne 0 ]; then
159 echo "Cache repository is busy."
163 if [ "$arch" == "x86_64" ]; then
167 if [ "$arch" == "i686" ]; then
171 echo "Checking cache download in $cache/rootfs-$arch ... "
172 if [ ! -e "$cache/rootfs-$arch" ]; then
173 download_debian $cache $arch
174 if [ $? -ne 0 ]; then
175 echo "Failed to download 'debian base'"
180 copy_debian $cache $arch $rootfs
181 if [ $? -ne 0 ]; then
182 echo "Failed to copy rootfs"
188 ) 200>/var/lock/subsys/lxc
199 cat <<EOF >> $path/config
203 lxc.cgroup.devices.deny = a
205 lxc.cgroup.devices.allow = c 1:3 rwm
206 lxc.cgroup.devices.allow = c 1:5 rwm
208 lxc.cgroup.devices.allow = c 5:1 rwm
209 lxc.cgroup.devices.allow = c 5:0 rwm
210 lxc.cgroup.devices.allow = c 4:0 rwm
211 lxc.cgroup.devices.allow = c 4:1 rwm
213 lxc.cgroup.devices.allow = c 1:9 rwm
214 lxc.cgroup.devices.allow = c 1:8 rwm
215 lxc.cgroup.devices.allow = c 136:* rwm
216 lxc.cgroup.devices.allow = c 5:2 rwm
218 lxc.cgroup.devices.allow = c 254:0 rwm
221 if [ $? -ne 0 ]; then
222 echo "Failed to add configuration"
231 cache="/var/cache/lxc/debian"
233 if [ ! -e $cache ]; then
237 # lock, so we won't purge while someone is creating a repository
241 echo "Cache repository is busy."
245 echo -n "Purging the download cache..."
246 rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1
249 ) 200>/var/lock/subsys/lxc
255 $1 -h|--help -p|--path=<path> -a|--arch=stable --clean
260 options=$(getopt -o hp:n:ca: -l help,path:,name:,clean,arch: -- "$@")
261 if [ $? -ne 0 ]; then
265 eval set -- "$options"
270 -h|--help) usage $0 && exit 0;;
271 -p|--path) path=$2; shift 2;;
272 -n|--name) name=$2; shift 2;;
273 -c|--clean) clean=$2; shift 2;;
274 -a|--arch) arch=$2; shift 2;;
275 --) shift 1; break ;;
280 if [ ! -z "$clean" -a -z "$path" ]; then
286 if [ $? -ne 0 ]; then
287 echo "'debootstrap' command is missing"
291 if [ -z "$path" ]; then
292 echo "'path' parameter is required"
296 if [ "$(id -u)" != "0" ]; then
297 echo "This script should be run as 'root'"
303 install_debian $rootfs
304 if [ $? -ne 0 ]; then
305 echo "failed to install debian"
309 configure_debian $rootfs $name
310 if [ $? -ne 0 ]; then
311 echo "failed to configure debian for a container"
315 copy_configuration $path $rootfs
316 if [ $? -ne 0 ]; then
317 echo "failed write configuration file"
321 if [ ! -z $clean ]; then