Skip to content

L
lxc
Commit 08754f30 by Michael H. Warfield Committed by Stéphane Graber
Options

Update CentOS and Fedora templates to support archtectures option.

Added code to the CentOS and Fedora templates so that x86 32 bit containers may be built on x86_64 platforms. Like archectectures may also be trivially used as well. Option added is "-a {arch}". Additionally cleaned up some bash specific logic. Signed-off-by: 's avatarMichael H. Warfield <mhw@WittsEnd.com> Acked-by: 's avatarStéphane Graber <stgraber@ubuntu.com>
parent 3ec1648d
Showing with 131 additions and 59 deletions
templates/lxc-centos.in
...@@ -27,8 +27,6 @@ ...@@ -27,8 +27,6 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#Configurations #Configurations
arch=$(arch)
cache_base=@LOCALSTATEDIR@/cache/lxc/centos/$arch
default_path=@LXCPATH@ default_path=@LXCPATH@
# Some combinations of the tunning knobs below do not exactly make sense. # Some combinations of the tunning knobs below do not exactly make sense.
...@@ -134,22 +132,6 @@ then ...@@ -134,22 +132,6 @@ then
fi fi
fi fi
# Map a few architectures to their generic Centos repository archs.
#
# CentOS currently doesn't support ARM but it's copied here from
# the Fedora template for completeness and that it will in the future.
#
# The two ARM archs are a bit of a guesstimate for the v5 and v6
# archs. V6 should have hardware floating point (Rasberry Pi).
# The "arm" arch is safer (no hardware floating point). So
# there may be cases where we "get it wrong" for some v6 other
# than RPi.
case "$arch" in
i686) arch=i386 ;;
armv3l|armv4l|armv5l) arch=arm ;;
armv6l|armv7l|armv8l) arch=armhfp ;;
esac
force_mknod() force_mknod()
{ {
# delete a device node if exists, and create a new one # delete a device node if exists, and create a new one
...@@ -385,11 +367,11 @@ download_centos() ...@@ -385,11 +367,11 @@ download_centos()
cat <<EOF > $REPO_FILE cat <<EOF > $REPO_FILE
[base] [base]
name=CentOS-$release - Base name=CentOS-$release - Base
mirrorlist=http://mirrorlist.centos.org/?release=$release&arch=$arch&repo=os mirrorlist=http://mirrorlist.centos.org/?release=$release&arch=$basearch&repo=os
[updates] [updates]
name=CentOS-$release - Updates name=CentOS-$release - Updates
mirrorlist=http://mirrorlist.centos.org/?release=$release&arch=$arch&repo=updates mirrorlist=http://mirrorlist.centos.org/?release=$release&arch=$basearch&repo=updates
EOF EOF
# create minimal device nodes, needed for "yum install" and "yum update" process # create minimal device nodes, needed for "yum install" and "yum update" process
...@@ -519,8 +501,7 @@ install_centos() ...@@ -519,8 +501,7 @@ install_centos()
create_hwaddr() create_hwaddr()
{ {
echo $(dd if=/dev/urandom bs=8 count=1 2>/dev/null | md5sum | openssl rand -hex 5 | sed -e 's/\(..\)/:\1/g; s/^/fe/'
sed -e 's/\(..\)\(..\)\(..\)\(..\)\(..\).*/fe:\1:\2:\3:\4:\5/')
} }
copy_configuration() copy_configuration()
...@@ -630,23 +611,24 @@ usage: ...@@ -630,23 +611,24 @@ usage:
Mandatory args: Mandatory args:
-n,--name container name, used to as an identifier for that container from now on -n,--name container name, used to as an identifier for that container from now on
Optional args: Optional args:
-p,--path path to where the container rootfs will be created, defaults to /var/lib/lxc. The container config will go under /var/lib/lxc in that case -p,--path path to where the container rootfs will be created, defaults to /var/lib/lxc/name.
-c,--clean clean the cache -c,--clean clean the cache
-R,--release Centos release for the new container. if the host is Centos, then it will defaultto the host's release. -R,--release Centos release for the new container. if the host is Centos, then it will defaultto the host's release.
--fqdn fully qualified domain name (FQDN) for DNS and system naming --fqdn fully qualified domain name (FQDN) for DNS and system naming
-A,--arch NOT USED YET. Define what arch the container will be [i686,x86_64] -a,--arch Define what arch the container will be [i686,x86_64]
-h,--help print this help -h,--help print this help
EOF EOF
return 0 return 0
} }
options=$(getopt -o hp:n:cR: -l help,path:,rootfs:,name:,clean,release:,fqdn: -- "$@") options=$(getopt -o a:hp:n:cR: -l help,path:,rootfs:,name:,clean,release:,arch:,fqdn: -- "$@")
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
usage $(basename $0) usage $(basename $0)
exit 1 exit 1
fi fi
eval set -- "$options"
arch=$(arch)
eval set -- "$options"
while true while true
do do
case "$1" in case "$1" in
...@@ -656,6 +638,7 @@ do ...@@ -656,6 +638,7 @@ do
-n|--name) name=$2; shift 2;; -n|--name) name=$2; shift 2;;
-c|--clean) clean=$2; shift 2;; -c|--clean) clean=$2; shift 2;;
-R|--release) release=$2; shift 2;; -R|--release) release=$2; shift 2;;
-a|--arch) newarch=$2; shift 2;;
--fqdn) utsname=$2; shift 2;; --fqdn) utsname=$2; shift 2;;
--) shift 1; break ;; --) shift 1; break ;;
*) break ;; *) break ;;
...@@ -667,6 +650,51 @@ if [ ! -z "$clean" -a -z "$path" ]; then ...@@ -667,6 +650,51 @@ if [ ! -z "$clean" -a -z "$path" ]; then
exit 0 exit 0
fi fi
basearch=${arch}
# Map a few architectures to their generic CentOS repository archs.
# The two ARM archs are a bit of a guesstimate for the v5 and v6
# archs. V6 should have hardware floating point (Rasberry Pi).
# The "arm" arch is safer (no hardware floating point). So
# there may be cases where we "get it wrong" for some v6 other
# than RPi.
case "$arch" in
i686) basearch=i386 ;;
armv3l|armv4l|armv5l) basearch=arm ;;
armv6l|armv7l|armv8l) basearch=armhfp ;;
*) ;;
esac
# Somebody wants to specify an arch. This is very limited case.
# i386/i586/i686 on i386/x86_64
# - or -
# x86_64 on x86_64
if [ "${newarch}" != "" -a "${newarch}" != "${arch}" ]
then
case "${newarch}" in
i386|i586|i686)
if [ "${basearch}" = "i386" -o "${basearch}" = "x86_64" ]
then
# Make the arch a generic x86 32 bit...
arch=${newarch}
basearch=i386
else
basearch=bad
fi
;;
*)
basearch=bad
;;
esac
if [ "${basearch}" = "bad" ]
then
echo "You cannot build a ${newarch} CentOS container on a ${arch} host. Sorry!"
exit 1
fi
fi
cache_base=@LOCALSTATEDIR@/cache/lxc/centos/$basearch
# Let's do something better for the initial root password. # Let's do something better for the initial root password.
# It's not perfect but it will defeat common scanning brute force # It's not perfect but it will defeat common scanning brute force
# attacks in the case where ssh is exposed. It will also be set to # attacks in the case where ssh is exposed. It will also be set to
...@@ -758,10 +786,11 @@ if [ -z "$rootfs_path" ]; then ...@@ -758,10 +786,11 @@ if [ -z "$rootfs_path" ]; then
rootfs_path=$path/rootfs rootfs_path=$path/rootfs
# check for 'lxc.rootfs' passed in through default config by lxc-create # check for 'lxc.rootfs' passed in through default config by lxc-create
if grep -q '^lxc.rootfs' $path/config 2>/dev/null ; then if grep -q '^lxc.rootfs' $path/config 2>/dev/null ; then
rootfs_path=`grep 'lxc.rootfs =' $path/config | awk -F= '{ print $2 }'` rootfs_path=$(sed -e '/^lxc.rootfs\s*=/!d' -e 's/\s*#.*//' \
-e 's/^lxc.rootfs\s*=\s*//' -e q $path/config)
fi fi
fi fi
config_path=$default_path/$name config_path=$path
cache=$cache_base/$release cache=$cache_base/$release
revert() revert()
...@@ -770,7 +799,6 @@ revert() ...@@ -770,7 +799,6 @@ revert()
lxc-destroy -n $name lxc-destroy -n $name
# maybe was interrupted before copy config # maybe was interrupted before copy config
rm -rf $path rm -rf $path
rm -rf $default_path/$name
echo "exiting..." echo "exiting..."
exit 1 exit 1
} }
......
templates/lxc-fedora.in
...@@ -27,8 +27,6 @@ ...@@ -27,8 +27,6 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
#Configurations #Configurations
arch=$(uname -m)
cache_base=@LOCALSTATEDIR@/cache/lxc/fedora/$arch
default_path=@LXCPATH@ default_path=@LXCPATH@
# Some combinations of the tunning knobs below do not exactly make sense. # Some combinations of the tunning knobs below do not exactly make sense.
...@@ -113,18 +111,6 @@ then ...@@ -113,18 +111,6 @@ then
fi fi
fi fi
# Map a few architectures to their generic Fedora repository archs.
# The two ARM archs are a bit of a guesstimate for the v5 and v6
# archs. V6 should have hardware floating point (Rasberry Pi).
# The "arm" arch is safer (no hardware floating point). So
# there may be cases where we "get it wrong" for some v6 other
# than RPi.
case "$arch" in
i686) arch=i386 ;;
armv3l|armv4l|armv5l) arch=arm ;;
armv6l|armv7l|armv8l) arch=armhfp ;;
esac
configure_fedora() configure_fedora()
{ {
...@@ -394,7 +380,7 @@ configure_fedora_systemd() ...@@ -394,7 +380,7 @@ configure_fedora_systemd()
# #
# Stage 2 becomes our bootstrap file system which can be cached # Stage 2 becomes our bootstrap file system which can be cached
# and then used to build other arbitrary vesions of Fedora of a # and then used to build other arbitrary vesions of Fedora of a
# given architecture. Not that this only has to run once for # given architecture. Note that this only has to run once for
# Fedora on a given architecture since rpm and yum can build other # Fedora on a given architecture since rpm and yum can build other
# versions. We'll arbitrarily pick Fedora 20 to build this. This # versions. We'll arbitrarily pick Fedora 20 to build this. This
# will need to change as time goes on. # will need to change as time goes on.
...@@ -550,7 +536,7 @@ Have a beer or a cup of coffee. This will take a bit (~300MB). ...@@ -550,7 +536,7 @@ Have a beer or a cup of coffee. This will take a bit (~300MB).
# Right now, we are using Fedora 20 for the inial bootstrap. # Right now, we are using Fedora 20 for the inial bootstrap.
# We could make this the "current" Fedora rev (F > 15). # We could make this the "current" Fedora rev (F > 15).
rsync -av mirrors.kernel.org::fedora/releases/20/Fedora/$arch/os/LiveOS . rsync -av mirrors.kernel.org::fedora/releases/20/Fedora/$basearch/os/LiveOS .
if [[ 0 == $? ]] if [[ 0 == $? ]]
then then
...@@ -627,8 +613,8 @@ This will take a couple of minutes. Patience..." ...@@ -627,8 +613,8 @@ This will take a couple of minutes. Patience..."
# of this LiveOS image we're camped out on. This is the beginning # of this LiveOS image we're camped out on. This is the beginning
# of the butt ugly hack. Look close or you may missing it... # of the butt ugly hack. Look close or you may missing it...
rsync -av mirrors.kernel.org::fedora/releases/20/Fedora/$arch/os/Packages/r/rpm-[0-9]* \ rsync -av mirrors.kernel.org::fedora/releases/20/Fedora/$basearch/os/Packages/r/rpm-[0-9]* \
mirrors.kernel.org::fedora/releases/20/Fedora/$arch/os/Packages/y/yum-[0-9]* . mirrors.kernel.org::fedora/releases/20/Fedora/$basearch/os/Packages/y/yum-[0-9]* .
# And here it is... # And here it is...
# The --nodeps is STUPID but F15 had a bogus dependency on RawHide?!?! # The --nodeps is STUPID but F15 had a bogus dependency on RawHide?!?!
...@@ -660,10 +646,14 @@ This will take a couple of minutes. Patience..." ...@@ -660,10 +646,14 @@ This will take a couple of minutes. Patience..."
echo "Stage 1 creation complete. Building stage 2 Installation Bootstrap" echo "Stage 1 creation complete. Building stage 2 Installation Bootstrap"
mount -o bind ../bootstrap run/install mount -o bind ../bootstrap run/install
rsync -av mirrors.kernel.org::fedora/releases/20/Fedora/$arch/os/Packages/f/fedora-release-20* . rsync -av mirrors.kernel.org::fedora/releases/20/Fedora/$basearch/os/Packages/f/fedora-release-20* .
# The --nodeps is STUPID but F15 had a bogus dependency on RawHide?!?! # The --nodeps is STUPID but F15 had a bogus dependency on RawHide?!?!
chroot . rpm --root /run/install --nodeps -ivh fedora-release-* chroot . rpm --root /run/install --nodeps -ivh fedora-release-*
# yum will take $basearch from host, so force the arch we want
sed -i "s|\$basearch|$basearch|" ./etc/yum.repos.d/*
chroot . yum -y --nogpgcheck --installroot /run/install install python rpm yum chroot . yum -y --nogpgcheck --installroot /run/install install python rpm yum
umount run/install umount run/install
...@@ -680,6 +670,9 @@ This will take a couple of minutes. Patience..." ...@@ -680,6 +670,9 @@ This will take a couple of minutes. Patience..."
# Always make sure /etc/resolv.conf is up to date in the target! # Always make sure /etc/resolv.conf is up to date in the target!
cp /etc/resolv.conf etc/ cp /etc/resolv.conf etc/
# yum will take $basearch from host, so force the arch we want
sed -i "s|\$basearch|$basearch|" ./etc/yum.repos.d/*
chroot . yum -y update chroot . yum -y update
RC=$? RC=$?
...@@ -774,7 +767,7 @@ download_fedora() ...@@ -774,7 +767,7 @@ download_fedora()
BOOTSTRAP_CHROOT= BOOTSTRAP_CHROOT=
PKG_LIST="yum initscripts passwd rsyslog vim-minimal openssh-server openssh-clients dhclient chkconfig rootfiles policycoreutils fedora-release" PKG_LIST="yum initscripts passwd rsyslog vim-minimal openssh-server openssh-clients dhclient chkconfig rootfiles policycoreutils fedora-release"
MIRRORLIST_URL="http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$release&arch=$arch" MIRRORLIST_URL="http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$release&arch=$basearch"
if [[ ${release} -lt 17 ]] if [[ ${release} -lt 17 ]]
then then
...@@ -850,6 +843,10 @@ download_fedora() ...@@ -850,6 +843,10 @@ download_fedora()
${BOOTSTRAP_CHROOT}rpm --root ${BOOTSTRAP_INSTALL_ROOT} --initdb ${BOOTSTRAP_CHROOT}rpm --root ${BOOTSTRAP_INSTALL_ROOT} --initdb
# The --nodeps is STUPID but F15 had a bogus dependency on RawHide?!?! # The --nodeps is STUPID but F15 had a bogus dependency on RawHide?!?!
${BOOTSTRAP_CHROOT}rpm --root ${BOOTSTRAP_INSTALL_ROOT} --nodeps -ivh ${BOOTSTRAP_INSTALL_ROOT}/${RELEASE_RPM} ${BOOTSTRAP_CHROOT}rpm --root ${BOOTSTRAP_INSTALL_ROOT} --nodeps -ivh ${BOOTSTRAP_INSTALL_ROOT}/${RELEASE_RPM}
# yum will take $basearch from host, so force the arch we want
sed -i "s|\$basearch|$basearch|" ${BOOTSTRAP_INSTALL_ROOT}/etc/yum.repos.d/*
${BOOTSTRAP_CHROOT}yum --installroot ${BOOTSTRAP_INSTALL_ROOT} -y --nogpgcheck install ${PKG_LIST} ${BOOTSTRAP_CHROOT}yum --installroot ${BOOTSTRAP_INSTALL_ROOT} -y --nogpgcheck install ${PKG_LIST}
RC=$? RC=$?
...@@ -928,7 +925,7 @@ copy_fedora() ...@@ -928,7 +925,7 @@ copy_fedora()
# make a local copy of the minifedora # make a local copy of the minifedora
echo -n "Copying rootfs to $rootfs_path ..." echo -n "Copying rootfs to $rootfs_path ..."
#cp -a $cache/rootfs-$arch $rootfs_path || return 1 #cp -a $cache/rootfs-$basearch $rootfs_path || return 1
# i prefer rsync (no reason really) # i prefer rsync (no reason really)
mkdir -p $rootfs_path mkdir -p $rootfs_path
rsync -Ha $cache/rootfs/ $rootfs_path/ rsync -Ha $cache/rootfs/ $rootfs_path/
...@@ -991,8 +988,7 @@ install_fedora() ...@@ -991,8 +988,7 @@ install_fedora()
# 5 random bytes... # 5 random bytes...
create_hwaddr() create_hwaddr()
{ {
echo $(dd if=/dev/urandom bs=8 count=1 2>/dev/null | md5sum | openssl rand -hex 5 | sed -e 's/\(..\)/:\1/g; s/^/fe/'
sed -e 's/\(..\)\(..\)\(..\)\(..\)\(..\).*/fe:\1:\2:\3:\4:\5/')
} }
copy_configuration() copy_configuration()
...@@ -1098,7 +1094,7 @@ usage() ...@@ -1098,7 +1094,7 @@ usage()
cat <<EOF cat <<EOF
usage: usage:
$1 -n|--name=<container_name> $1 -n|--name=<container_name>
[-p|--path=<path>] [-c|--clean] [-R|--release=<Fedora_release>] [--fqdn=<network name of container>] [-A|--arch=<arch of the container>] [-p|--path=<path>] [-c|--clean] [-R|--release=<Fedora_release>] [--fqdn=<network name of container>] [-a|--arch=<arch of the container>]
[-h|--help] [-h|--help]
Mandatory args: Mandatory args:
-n,--name container name, used to as an identifier for that container from now on -n,--name container name, used to as an identifier for that container from now on
...@@ -1108,19 +1104,20 @@ Optional args: ...@@ -1108,19 +1104,20 @@ Optional args:
-c,--clean clean the cache -c,--clean clean the cache
-R,--release Fedora release for the new container. if the host is Fedora, then it will default to the host's release. -R,--release Fedora release for the new container. if the host is Fedora, then it will default to the host's release.
--fqdn fully qualified domain name (FQDN) for DNS and system naming --fqdn fully qualified domain name (FQDN) for DNS and system naming
-A,--arch NOT USED YET. Define what arch the container will be [i686,x86_64] -a,--arch Define what arch the container will be [i686,x86_64]
-h,--help print this help -h,--help print this help
EOF EOF
return 0 return 0
} }
options=$(getopt -o hp:n:cR: -l help,path:,rootfs:,name:,clean,release:,fqdn: -- "$@") options=$(getopt -o a:hp:n:cR: -l help,path:,rootfs:,name:,clean,release:,arch:,fqdn: -- "$@")
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
usage $(basename $0) usage $(basename $0)
exit 1 exit 1
fi fi
eval set -- "$options"
arch=$(arch)
eval set -- "$options"
while true while true
do do
case "$1" in case "$1" in
...@@ -1130,6 +1127,7 @@ do ...@@ -1130,6 +1127,7 @@ do
-n|--name) name=$2; shift 2;; -n|--name) name=$2; shift 2;;
-c|--clean) clean=$2; shift 2;; -c|--clean) clean=$2; shift 2;;
-R|--release) release=$2; shift 2;; -R|--release) release=$2; shift 2;;
-a|--arch) newarch=$2; shift 2;;
--fqdn) utsname=$2; shift 2;; --fqdn) utsname=$2; shift 2;;
--) shift 1; break ;; --) shift 1; break ;;
*) break ;; *) break ;;
...@@ -1141,6 +1139,52 @@ if [ ! -z "$clean" -a -z "$path" ]; then ...@@ -1141,6 +1139,52 @@ if [ ! -z "$clean" -a -z "$path" ]; then
exit 0 exit 0
fi fi
basearch=${arch}
# Map a few architectures to their generic Fedora repository archs.
# The two ARM archs are a bit of a guesstimate for the v5 and v6
# archs. V6 should have hardware floating point (Rasberry Pi).
# The "arm" arch is safer (no hardware floating point). So
# there may be cases where we "get it wrong" for some v6 other
# than RPi.
case "$arch" in
i686) basearch=i386 ;;
armv3l|armv4l|armv5l) basearch=arm ;;
armv6l|armv7l|armv8l) basearch=armhfp ;;
*) ;;
esac
# Somebody wants to specify an arch. This is very limited case.
# i386/i586/i686 on i386/x86_64
# - or -
# x86_64 on x86_64
if [ "${newarch}" != "" -a "${newarch}" != "${arch}" ]
then
case "${newarch}" in
i386|i586|i686)
if [ "${basearch}" = "i386" -o "${basearch}" = "x86_64" ]
then
# Make the arch a generic x86 32 bit...
arch=${newarch}
basearch=i386
else
basearch=bad
fi
;;
*)
basearch=bad
;;
esac
if [ "${basearch}" = "bad" ]
then
echo "You cannot build a ${newarch} Fedora container on a ${arch} host. Sorry!"
exit 1
fi
fi
cache_base=@LOCALSTATEDIR@/cache/lxc/fedora/$basearch
# Let's do something better for the initial root password. # Let's do something better for the initial root password.
# It's not perfect but it will defeat common scanning brute force # It's not perfect but it will defeat common scanning brute force
# attacks in the case where ssh is exposed. It will also be set to # attacks in the case where ssh is exposed. It will also be set to
...@@ -1230,10 +1274,11 @@ if [ -z "$rootfs_path" ]; then ...@@ -1230,10 +1274,11 @@ if [ -z "$rootfs_path" ]; then
rootfs_path=$path/rootfs rootfs_path=$path/rootfs
# check for 'lxc.rootfs' passed in through default config by lxc-create # check for 'lxc.rootfs' passed in through default config by lxc-create
if grep -q '^lxc.rootfs' $path/config 2>/dev/null ; then if grep -q '^lxc.rootfs' $path/config 2>/dev/null ; then
rootfs_path=$(awk -F= '/^lxc.rootfs =/{ print $2 }' $path/config) rootfs_path=$(sed -e '/^lxc.rootfs\s*=/!d' -e 's/\s*#.*//' \
-e 's/^lxc.rootfs\s*=\s*//' -e q $path/config)
fi fi
fi fi
config_path=$default_path/$name config_path=$path
cache=$cache_base/$release cache=$cache_base/$release
revert() revert()
...@@ -1242,7 +1287,6 @@ revert() ...@@ -1242,7 +1287,6 @@ revert()
lxc-destroy -n $name lxc-destroy -n $name
# maybe was interrupted before copy config # maybe was interrupted before copy config
rm -rf $path rm -rf $path
rm -rf $default_path/$name
echo "exiting..." echo "exiting..."
exit 1 exit 1
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment