From: Serge Hallyn <serge.hal...@ubuntu.com>
ubuntu-cloud:
. fix handling of non-precise cloud image format
. add '--stream daily' option
. fix handling of userdata (Ben Howard <ben.how...@canonical.com>)
. extract the right filenames from tarball (Ben Howard
<ben.how...@canonical.com>)
lxc-ubuntu:
. use relative path as target for bind mount
(An absolute path will be interpreted as absolute with respect to the
parent's namespace.)
. config layout tweak from Stéphane Graber <stgra...@ubuntu.com>
ubuntu and ubuntu-cloud: in precise, make /dev/shm a symbolic link to /run/shm
Signed-off-by: Serge Hallyn <serge.hal...@ubuntu.com>
Cc: Ben Howard <ben.how...@canonical.com>
Cc: Stéphane Graber <stgra...@ubuntu.com>
---
templates/lxc-ubuntu-cloud.in | 86 +++++++++++++++++++++++++++++++++++------
templates/lxc-ubuntu.in | 36 ++++++++++++-----
2 files changed, 101 insertions(+), 21 deletions(-)
diff --git a/templates/lxc-ubuntu-cloud.in b/templates/lxc-ubuntu-cloud.in
index 267dbab..493c10a 100644
--- a/templates/lxc-ubuntu-cloud.in
+++ b/templates/lxc-ubuntu-cloud.in
@@ -1,6 +1,6 @@
#!/bin/bash
-# template script for generating ubuntu container for LXC based on daily cloud
+# template script for generating ubuntu container for LXC based on released
cloud
# images
#
# Copyright © 2012 Serge Hallyn <serge.hal...@canonical.com>
@@ -31,6 +31,7 @@ copy_configuration()
rootfs=$2
name=$3
arch=$4
+ release=$5
if [ $arch = "i386" ]; then
arch="i686"
@@ -41,7 +42,7 @@ copy_configuration()
nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l`
if [ $nics -eq 1 ]; then
grep -q "^lxc.network.hwaddr" $path/config || cat <<EOF >> $path/config
-lxc.network.hwaddr= 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g;
s/.$//')
+lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g;
s/.$//')
EOF
fi
@@ -91,6 +92,16 @@ proc $rootfs/proc proc
nodev,noexec,nosuid 0 0
sysfs $rootfs/sys sysfs defaults 0 0
EOF
+ # rmdir /dev/shm in precise containers.
+ # I'm afraid of doing rm -rf $rootfs/dev/shm, in case it did
+ # get bind mounted to the host's /run/shm. So try to rmdir
+ # it, and in case that fails move it out of the way.
+ if [ $release = "precise" ]; then
+ [ -d "$rootfs/dev/shm" ] && rmdir $rootfs/dev/shm
+ [ -e "$rootfs/dev/shm" ] && mv $rootfs/dev/shm $rootfs/dev/shm.bak
+ ln -s /run/shm $rootfs/dev/shm
+ fi
+
return 0
}
@@ -105,6 +116,7 @@ Generic Options
[ -C | --cloud ]: Configure container for use with meta-data service, defaults
to no
[ -T | --tarball ]: Location of tarball
[ -d | --debug ]: Run with 'set -x' to debug errors
+[ -s | --stream]: Use specified stream rather than 'released'
Options, mutually exclusive of "-C" and "--cloud":
[ -i | --hostid ]: HostID for cloud-init, defaults to random string
@@ -116,7 +128,7 @@ EOF
return 0
}
-options=$(getopt -o a:hp:r:n:Fi:CLS:T:d -l
arch:,help,path:,release:,name:,flush-cache,hostid:,auth-key:,cloud,no_locales,tarball:,debug
-- "$@")
+options=$(getopt -o a:hp:r:n:Fi:CLS:T:ds: -l
arch:,help,path:,release:,name:,flush-cache,hostid:,auth-key:,cloud,no_locales,tarball:,debug,stream:,userdata:
-- "$@")
if [ $? -ne 0 ]; then
usage $(basename $0)
exit 1
@@ -147,6 +159,10 @@ else
elif [ "$arch" = "x86_64" ]; then
arch="amd64"
elif [ "$arch" = "armv7l" ]; then
+ # note: arm images don't exist before oneiric; are called armhf in
+ # precise; and are not supported by the query, so we don't actually
+ # support them yet (see check later on). When Query2 is available,
+ # we'll use that to enable arm images.
arch="armel"
fi
fi
@@ -156,6 +172,7 @@ hostarch=$arch
cloud=0
locales=1
flushcache=0
+stream="released"
while true
do
case "$1" in
@@ -172,12 +189,13 @@ do
-L|--no_locales) locales=0; shift 2;;
-T|--tarball) tarball=$2; shift 2;;
-d|--debug) debug=1; shift 1;;
+ -s|--stream) stream=$2; shift 2;;
--) shift 1; break ;;
*) break ;;
esac
done
-if [ $debug -eq ]; then
+if [ $debug -eq 1 ]; then
set -x
fi
@@ -195,6 +213,16 @@ if [ $arch != "i386" -a $arch != "amd64" ]; then
exit 1
fi
+if [ "$stream" != "daily" -a "$stream" != "released" ]; then
+ echo "Only 'daily' and 'released' streams are supported"
+ exit 1
+fi
+
+if [ -n "$userdata" -a ! -f "$userdata" ]; then
+ echo "Userdata does not exist"
+ exit 1
+fi
+
if [ -z "$path" ]; then
echo "'path' parameter is required"
exit 1
@@ -219,12 +247,47 @@ mkdir -p $cache
if [ -n "$tarball" ]; then
url2="$tarball"
else
- url1=`ubuntu-cloudimg-query precise daily $arch --format "%{url}\n"`
+ url1=`ubuntu-cloudimg-query $release $stream $arch --format "%{url}\n"`
url2=`echo $url1 | sed -e 's/.tar.gz/-root\0/'`
fi
filename=`basename $url2`
+buildcleanup()
+{
+ cd $rootfs
+ umount -l $cache/$xdir || true
+ rm -rf $cache
+}
+
+# if the release doesn't have a *-rootfs.tar.gz, then create one from the
+# cloudimg.tar.gz by extracting the .img, mounting it loopback, and creating
+# a tarball from the mounted image.
+build_root_tgz()
+{
+ url=$1
+ filename=$2
+
+ xdir=`mktemp -d -p .`
+ tarname=`basename $url`
+ imgname="$release-*-cloudimg-$arch.img"
+ trap buildcleanup EXIT
+ if [ $flushcache -eq 1 -o ! -f $cache/$tarname ]; then
+ rm -f $tarname
+ echo "Downloading cloud image from $url"
+ wget $url || { echo "Couldn't find cloud image $url."; exit 1; }
+ fi
+ echo "Creating new cached cloud image rootfs"
+ tar --wildcards -zxf $tarname $imgname
+ mount -o loop $imgname $xdir
+ (cd $xdir; tar zcf ../$filename .)
+ umount $xdir
+ rm -f $tarname $imgname
+ rmdir $xdir
+ echo "New cloud image cache created"
+ trap EXIT
+}
+
mkdir -p /var/lock/subsys/
(
flock -n -x 200
@@ -236,10 +299,10 @@ mkdir -p /var/lock/subsys/
fi
if [ ! -f $filename ]; then
- wget $url2
+ wget $url2 || build_root_tgz $url1 $filename
fi
- echo "Extracting rootfs"
+ echo "Extracting container rootfs"
mkdir -p $rootfs
cd $rootfs
tar -zxf $cache/$filename
@@ -275,8 +338,9 @@ EOF
echo "Inserted SSH public key from $auth_key into
/home/ubuntu/.ssh/authorized_keys"
fi
- if [ ! -f $userdata ]; then
- cp $userdata $data_d/user-data
+ if [ -f "$userdata" ]; then
+ echo "Using custom user-data"
+ cp $userdata $seed_d/user-data
else
if [ -z "$MIRROR" ]; then
@@ -290,10 +354,10 @@ apt-mirror: $MIRROR
manage_etc_hosts: localhost
locale: $(/usr/bin/locale | awk -F= '/LANG=/ {print$NF}')
EOF
-
fi
chroot $rootfs /usr/sbin/usermod -U ubuntu
+ echo "ubuntu:ubuntu" | chroot $rootfs chpasswd
echo "Please login as user ubuntu with password ubuntu."
else
@@ -305,7 +369,7 @@ EOF
) 200>/var/lock/subsys/lxc-ubucloud
-copy_configuration $path $rootfs $name $arch
+copy_configuration $path $rootfs $name $arch $release
echo "Container $name created."
exit 0
diff --git a/templates/lxc-ubuntu.in b/templates/lxc-ubuntu.in
index aab941f..0c422ea 100644
--- a/templates/lxc-ubuntu.in
+++ b/templates/lxc-ubuntu.in
@@ -319,7 +319,7 @@ copy_configuration()
nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l`
if [ $nics -eq 1 ]; then
grep -q "^lxc.network.hwaddr" $path/config || cat <<EOF >> $path/config
-lxc.network.hwaddr= 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g;
s/.$//')
+lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g;
s/.$//')
EOF
fi
@@ -517,6 +517,16 @@ post_process()
chroot $rootfs apt-get update
chroot $rootfs apt-get install --force-yes -y --no-install-recommends
upstart:${hostarch} mountall:amd64 iproute:amd64 isc-dhcp-client:amd64
fi
+
+ # rmdir /dev/shm in precise containers.
+ # I'm afraid of doing rm -rf $rootfs/dev/shm, in case it did
+ # get bind mounted to the host's /run/shm. So try to rmdir
+ # it, and in case that fails move it out of the way.
+ if [ $release = "precise" ]; then
+ [ -d "$rootfs/dev/shm" ] && rmdir $rootfs/dev/shm
+ [ -e "$rootfs/dev/shm" ] && mv $rootfs/dev/shm $rootfs/dev/shm.bak
+ ln -s /run/shm $rootfs/dev/shm
+ fi
}
do_bindhome()
@@ -543,13 +553,17 @@ do_bindhome()
# bind-mount the user's path into the container's /home
h=`getent passwd $user | cut -d: -f 6`
mkdir -p $rootfs/$h
- echo "$h $rootfs/$h none bind 0 0" >> $path/fstab
+ # use relative path in container
+ h2=${h#/}
+ while [ ${h2:0:1} = "/" ]; do
+ h2=${h2#/}
+ done
+ echo "$h $h2 none bind 0 0" >> $path/fstab
# Make sure the group exists in container
- chroot $rootfs getent group $user || { \
- grp=`getent group $user`
- echo "$grp" >> $rootfs/etc/group
- }
+ grp=`echo $pwd | cut -d: -f 4` # group number for $user
+ grpe=`getent group $grp` || return 0 # if host doesn't define grp, ignore
in container
+ chroot $rootfs getent group "$grpe" || echo "$grpe" >> $rootfs/etc/group
}
usage()
@@ -630,10 +644,12 @@ if [ $debug -eq 1 ]; then
set -x
fi
-pwd=`getent passwd $bindhome`
-if [ $? -ne 0 ]; then
- echo "Error: no password entry found for $bindhome"
- exit 1
+if [ -n "$bindhome" ]; then
+ pwd=`getent passwd $bindhome`
+ if [ $? -ne 0 ]; then
+ echo "Error: no password entry found for $bindhome"
+ exit 1
+ fi
fi
--
1.7.9.5
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
