Improve the lxc-debian script

From: Daniel Lezcano <dlezcano@fr.ibm.com> Changed the lxc-debian script to accept empty password for ssh connection, and to not share the /dev directory with the system. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Improve the lxc-debian script
06388011 · dlezcano · ed502555 · 06388011
Commit 06388011 authored Dec 09, 2008 by dlezcano
Hide whitespace changes
Inline Side-by-side

Showing with 127 additions and 93 deletions

lxc-debian.in scripts/lxc-debian.in +127 -93

No files found.
--- a/scripts/lxc-debian.in
+++ b/scripts/lxc-debian.in
 #!/bin/bash
-# set -ex
+set -ex
 NAME="debian"
 CONFFILE="lxc.conf"
@@ -11,8 +11,127 @@ INTERFACES="/etc/network/interfaces"
 INITTAB="/etc/inittab"
 HOSTNAME="/etc/hostname"
 FSTAB="/etc/fstab"
+SSHD_CONFIG="/etc/ssh/sshd_config"
 CACHE="@LOCALSTATEDIR@/cache/lxc/debian"
+################################################################################
+#                    debian custom configuration files
+################################################################################
+# custom fstab
+write_debian_fstab() {
+cat <<EOF > $ROOTFS/$FSTAB
+tmpfs  /dev/shm   tmpfs  defaults  0 0
+EOF
+}
+# custom inittab
+write_debian_inittab() {
+cat <<EOF > $ROOTFS/$INITTAB
+id:3:initdefault:
+si::sysinit:/etc/init.d/rcS
+l0:0:wait:/etc/init.d/rc 0
+l1:1:wait:/etc/init.d/rc 1
+l2:2:wait:/etc/init.d/rc 2
+l3:3:wait:/etc/init.d/rc 3
+l4:4:wait:/etc/init.d/rc 4
+l5:5:wait:/etc/init.d/rc 5
+l6:6:wait:/etc/init.d/rc 6
+# Normally not reached, but fallthrough in case of emergency.
+z6:6:respawn:/sbin/sulogin
+1:2345:respawn:/sbin/getty 38400 console
+EOF
+}
+# custom network configuration
+write_debian_network() {
+cat <<EOF > $ROOTFS/$INTERFACES
+auto eth0 lo
+iface eth0 inet static
+address $IPV4
+netmask 255.255.255.0
+broadcast 0.0.0.0
+up route add default gw $GATEWAY
+iface lo inet loopback
+EOF
+}
+# custom hostname
+write_debian_hostname() {
+cat <<EOF > $ROOTFS/$HOSTNAME
+$UTSNAME
+EOF
+}
+# custom sshd configuration file
+write_debian_sshd_config() {
+cat <<EOF > $ROOTFS/$SSHD_CONFIG
+Port 22
+Protocol 2
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_dsa_key
+UsePrivilegeSeparation yes
+KeyRegenerationInterval 3600
+ServerKeyBits 768
+SyslogFacility AUTH
+LogLevel INFO
+LoginGraceTime 120
+PermitRootLogin yes
+StrictModes yes
+RSAAuthentication yes
+PubkeyAuthentication yes
+IgnoreRhosts yes
+RhostsRSAAuthentication no
+HostbasedAuthentication no
+PermitEmptyPasswords yes
+ChallengeResponseAuthentication no
+EOF
+}
+################################################################################
+#                        lxc configuration files
+################################################################################
+write_lxc_configuration() {
+cat <<EOF > $CONFFILE
+lxc.utsname = $UTSNAME
+lxc.network.type = veth
+lxc.network.flags = up
+lxc.network.link = br0
+lxc.network.name = eth0
+lxc.mount = $MNTFILE
+lxc.rootfs = $ROOTFS
+lxc.cgroup.devices.deny = a
+# /dev/null and zero
+lxc.cgroup.devices.allow = c 1:3 rwm
+lxc.cgroup.devices.allow = c 1:5 rwm
+# consoles
+lxc.cgroup.devices.allow = c 5:1 rwm
+lxc.cgroup.devices.allow = c 5:0 rwm
+lxc.cgroup.devices.allow = c 4:0 rwm
+lxc.cgroup.devices.allow = c 4:1 rwm
+# /dev/{,u}random
+lxc.cgroup.devices.allow = c 1:9 rwm
+lxc.cgroup.devices.allow = c 1:8 rwm
+# /dev/pts/* - pts namespaces are "coming soon"
+lxc.cgroup.devices.allow = c 136:* rwm
+lxc.cgroup.devices.allow = c 5:2 rwm
+# rtc
+lxc.cgroup.devices.allow = c 254:0 rwm
+EOF
+}
+write_lxc_mounts() {
+cat <<EOF > $MNTFILE
+EOF
+}
 create() {
    # choose a container name, default is 'debian'
@@ -101,104 +220,19 @@ create() {
    fi
-########################################
+write_lxc_mounts
-# lxc configuration files
-########################################
-# lxc mount point
-cat <<EOF > $MNTFILE
-/dev	$(pwd)/$ROOTFS/dev none bind 0 0
-/dev/pts $(pwd)/$ROOTFS/dev/pts none bind 0 0
-/etc/resolv.conf $(pwd)/$ROOTFS/etc/resolv.conf none ro,bind 0 0
-EOF
-# lxc configuration
-cat <<EOF > $CONFFILE
-lxc.utsname = $UTSNAME
-lxc.network.type = veth
-lxc.network.flags = up
-lxc.network.link = br0
-lxc.network.name = eth0
-lxc.mount = $MNTFILE
-lxc.rootfs = $ROOTFS
-lxc.cgroup.devices.deny = a
-# /dev/null and zero
-lxc.cgroup.devices.allow = c 1:3 rwm
-lxc.cgroup.devices.allow = c 1:5 rwm
-# consoles
-lxc.cgroup.devices.allow = c 5:1 rwm
-lxc.cgroup.devices.allow = c 5:0 rwm
-lxc.cgroup.devices.allow = c 4:0 rwm
-lxc.cgroup.devices.allow = c 4:1 rwm
-# /dev/{,u}random
-lxc.cgroup.devices.allow = c 1:9 rwm
-lxc.cgroup.devices.allow = c 1:8 rwm
-# /dev/pts/* - pts namespaces are "coming soon"
-lxc.cgroup.devices.allow = c 136:* rwm
-lxc.cgroup.devices.allow = c 5:2 rwm
-# rtc
-lxc.cgroup.devices.allow = c 254:0 rwm
-EOF
-########################################
-# rootfs configuration files tweak
-########################################
-# inittab
-cat <<EOF > $ROOTFS/$INITTAB
-id:3:initdefault:
-si::sysinit:/etc/init.d/rcS
-l0:0:wait:/etc/init.d/rc 0
-l1:1:wait:/etc/init.d/rc 1
-l2:2:wait:/etc/init.d/rc 2
-l3:3:wait:/etc/init.d/rc 3
-l4:4:wait:/etc/init.d/rc 4
-l5:5:wait:/etc/init.d/rc 5
-l6:6:wait:/etc/init.d/rc 6
-# Normally not reached, but fallthrough in case of emergency.
-z6:6:respawn:/sbin/sulogin
-1:2345:respawn:/sbin/getty 38400 console
-EOF
-# hostname
+write_lxc_configuration
-cat <<EOF > $ROOTFS/$HOSTNAME
-$UTSNAME
-EOF
-# fstab
+write_debian_inittab
-cat <<EOF > $ROOTFS/$FSTAB
+write_debian_hostname
-tmpfs                   /dev/shm                tmpfs   defaults        0 0
-EOF
-# network
+write_debian_fstab
-cat <<EOF > $ROOTFS/$INTERFACES
+write_debian_network
-auto eth0 lo
-iface eth0 inet static
-address $IPV4
-netmask 255.255.255.0
-broadcast 0.0.0.0
-up route add default gw $GATEWAY
-iface lo inet loopback
-EOF
-# create the container object
+write_debian_sshd_config
 @BINDIR@/lxc-create -n $NAME -f $CONFFILE 
 RES=$?