alt linux template

Updates. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> --

alt linux template
b031f0d2 · Alexey Shabalin · Daniel Lezcano · 8565ea1c · b031f0d2
Commit b031f0d2 authored Oct 24, 2011 by Alexey Shabalin Committed by Daniel Lezcano Oct 24, 2011
Hide whitespace changes
Inline Side-by-side

Showing with 94 additions and 19 deletions

lxc-altlinux.in templates/lxc-altlinux.in +94 -19

No files found.
--- a/templates/lxc-altlinux.in
+++ b/templates/lxc-altlinux.in
@@ -27,7 +27,7 @@
 #Configurations
 arch=$(arch)
 cache_base=/var/cache/lxc/altlinux/$arch
-default_path=/var/lib/lxc
+default_path=@LXCPATH@
 default_profile=default
 profile_dir=/etc/lxc/profiles
 root_password=rooter
@@ -44,15 +44,38 @@ configure_altlinux()
    mkdir -p $rootfs_path/selinux
    echo 0 > $rootfs_path/selinux/enforce

-   # configure the network using the dhcp
-   mkdir -p ${rootfs_path}/etc/net/ifaces/eth0
-    cat <<EOF > ${rootfs_path}/etc/net/ifaces/eth0/options
-BOOTPROTO=dhcp
+    mkdir -p ${rootfs_path}/etc/net/ifaces/veth0
+    cat <<EOF > ${rootfs_path}/etc/net/ifaces/veth0/options
+BOOTPROTO=${BOOTPROTO}
 ONBOOT=yes
 NM_CONTROLLED=no
 TYPE=eth
 EOF

+if [ ${BOOTPROTO} != "dhcp" ]; then
+    # ip address
+    cat <<EOF > ${rootfs_path}/etc/net/ifaces/veth0/ipv4address
+${ipv4}
+EOF
+
+    cat <<EOF > ${rootfs_path}/etc/net/ifaces/veth0/ipv4route
+${gw}
+EOF
+
+    cat <<EOF > ${rootfs_path}/etc/net/ifaces/veth0/resolv.conf
+nameserver ${dns}
+EOF
+
+    cat <<EOF > ${rootfs_path}/etc/net/ifaces/veth0/ipv6address
+${ipv6}
+EOF
+
+    cat <<EOF > ${rootfs_path}/etc/net/ifaces/veth0/ipv6route
+${gw6}
+EOF
+
+fi
+
    # set the hostname
    cat <<EOF > ${rootfs_path}/etc/sysconfig/network
 NETWORKING=yes
@@ -66,10 +89,11 @@ EOF
 127.0.0.1 localhost.localdomain localhost $name
 EOF
    # Allow to login at virsh console. loginuid.so doen't work in the absence of auditd.
-    sed -i 's/^.*loginuid.so.*$/\#&/' ${rootfs_path}/etc/pam.d/common-login
+#    sed -i 's/^.*loginuid.so.*$/\#&/' ${rootfs_path}/etc/pam.d/common-login

    # Allow root to login at virsh console
    echo "pts/0" >> ${rootfs_path}/etc/securetty
+    echo "console" >> ${rootfs_path}/etc/securetty

    chroot ${rootfs_path} chkconfig network on
    chroot ${rootfs_path} chkconfig syslogd on
@@ -78,12 +102,17 @@ EOF
    chroot ${rootfs_path} chkconfig fbsetfont off
 #    chroot ${rootfs_path} chkconfig keytable off

-    subst 's/^\([0-9]\+:[0-9]\+:respawn:\/sbin\/mingetty.*\)/#\1/' ${rootfs_path}/etc/inittab
+    subst 's/^\([3-9]\+:[0-9]\+:respawn:\/sbin\/mingetty.*\)/#\1/' ${rootfs_path}/etc/inittab
+    echo "c1:2345:respawn:/sbin/mingetty --noclear console" >>  ${rootfs_path}/etc/inittab
    subst 's,\/dev\/tty12,/var/log/syslog/console,' ${rootfs_path}/etc/syslog.conf

+#   touch file for fastboot
+    touch ${rootfs_path}/fastboot
+    chattr +i ${rootfs_path}/fastboot
+
    dev_path="${rootfs_path}/dev"
-    rm -rf $dev_path
-    mkdir -p $dev_path
+    rm -rf ${dev_path}
+    mkdir -p ${dev_path}
    mknod -m 666 ${dev_path}/null c 1 3
    mknod -m 666 ${dev_path}/zero c 1 5
    mknod -m 644 ${dev_path}/random c 1 8
@@ -91,15 +120,23 @@ EOF
    mkdir -m 755 ${dev_path}/pts
    mkdir -m 1777 ${dev_path}/shm
    mknod -m 666 ${dev_path}/tty c 5 0
-    mknod -m 666 ${dev_path}/tty0 c 4 0
-    mknod -m 666 ${dev_path}/tty1 c 4 1
-    mknod -m 666 ${dev_path}/tty2 c 4 2
-    mknod -m 666 ${dev_path}/tty3 c 4 3
-    mknod -m 666 ${dev_path}/tty4 c 4 4
+    chown root:tty ${dev_path}/tty
+    mknod -m 600 ${dev_path}/tty0 c 4 0
+    mknod -m 600 ${dev_path}/tty1 c 4 1
+    mknod -m 600 ${dev_path}/tty2 c 4 2
+    mknod -m 600 ${dev_path}/tty3 c 4 3
+    mknod -m 600 ${dev_path}/tty4 c 4 4
    mknod -m 600 ${dev_path}/console c 5 1
    mknod -m 666 ${dev_path}/full c 1 7
    mknod -m 600 ${dev_path}/initctl p
    mknod -m 666 ${dev_path}/ptmx c 5 2
+    chown root:tty ${dev_path}/ptmx
+    ln -s /proc/self/fd ${dev_path}/fd
+    ln -s /proc/kcore ${dev_path}/core
+    mkdir -m 755 ${dev_path}/mapper
+    mknod -m 600 ${dev_path}/mapper/control c 10 236
+    mkdir -m 755 ${dev_path}/net
+    mknod -m 666 ${dev_path}/net/tun c 10 200

    echo "setting root passwd to $root_password"
    echo "root:$root_password" | chroot $rootfs_path chpasswd
@@ -212,8 +249,30 @@ lxc.mount  = $config_path/fstab
 lxc.network.type = $lxc_network_type
 lxc.network.flags = up
 lxc.network.link = $lxc_network_link
-lxc.network.name = eth0
+lxc.network.name = veth0
 lxc.network.mtu = 1500
+EOF
+if [ ! -z ${ipv4} ]; then
+    cat <<EOF >> $config_path/config
+lxc.network.ipv4 = $ipv4
+EOF
+fi
+if [ ! -z ${gw} ]; then
+    cat <<EOF >> $config_path/config
+lxc.network.ipv4.gateway = $gw
+EOF
+fi
+if [ ! -z ${ipv6} ]; then
+    cat <<EOF >> $config_path/config
+lxc.network.ipv6 = $ipv6
+EOF
+fi
+if [ ! -z ${gw6} ]; then
+    cat <<EOF >> $config_path/config
+lxc.network.ipv6.gateway = $gw6
+EOF
+fi
+    cat <<EOF >> $config_path/config
 #cgroups
 lxc.cgroup.devices.deny = a
 # /dev/null and zero
@@ -230,12 +289,11 @@ lxc.cgroup.devices.allow = c 1:8 rwm
 lxc.cgroup.devices.allow = c 136:* rwm
 lxc.cgroup.devices.allow = c 5:2 rwm
 # rtc
-lxc.cgroup.devices.allow = c 254:0 rwm
+lxc.cgroup.devices.allow = c 10:135 rwm
 EOF

    cat <<EOF > $config_path/fstab
 proc            $rootfs_path/proc         proc    nodev,noexec,nosuid 0 0
-devpts          $rootfs_path/dev/pts      devpts defaults 0 0
 sysfs           $rootfs_path/sys          sysfs defaults  0 0
 EOF

@@ -275,6 +333,8 @@ usage()
 usage:
    $1 -n|--name=<container_name>
        [-p|--path=<path>] [-c|--clean] [-R|--release=<ALTLinux_release>]
+        [-4|--ipv4=<ipv4 address>] [-6|--ipv6=<ipv6 address>]
+        [-g|--gw=<gw address>] [-d|--dns=<dns address>]
        [-P|--profile=<name of the profile>]
        [-A|--arch=<arch of the container>]
        [-h|--help]
@@ -284,6 +344,11 @@ Optional args:
  -p,--path         path to where the container rootfs will be created, defaults to /var/lib/lxc. The container config will go under /var/lib/lxc in and case
  -c,--clean        clean the cache
  -R,--release      ALTLinux release for the new container. if the host is ALTLinux, then it will defaultto the host's release.
+  -4,--ipv4         specify the ipv4 address to assign to the virtualized interface, eg. 192.168.1.123/24
+  -6,--ipv6         specify the ipv6 address to assign to the virtualized interface, eg. 2003:db8:1:0:214:1234:fe0b:3596/64
+  -g,--gw           specify the default gw, eg. 192.168.1.1
+  -G,--gw6          specify the default gw, eg. 2003:db8:1:0:214:1234:fe0b:3596
+  -d,--dns          specify the DNS server, eg. 192.168.1.2
  -P,--profile      Profile name is the file name in /etc/lxc/profiles contained packages name for install to cache.
  -A,--arch         NOT USED YET. Define what arch the container will be [i686,x86_64]
  -h,--help         print this help
@@ -291,7 +356,7 @@ EOF
    return 0
 }

-options=$(getopt -o hp:n:P:cR: -l help,path:,name:,profile:,clean,release: -- "$@")
+options=$(getopt -o hp:n:P:cR:4:6:g:d: -l help,path:,name:,profile:,clean,release:ipv4:ipv6:gw:dns: -- "$@")
 if [ $? -ne 0 ]; then
    usage $(basename $0)
    exit 1
@@ -306,7 +371,11 @@ do
 	-n|--name)      name=$2; shift 2;;
 	-P|--profile)   profile=$2; shift 2;;
 	-c|--clean)     clean=$2; shift 2;;
-        -R|--release)   release=$2; shift 2;;
+	-R|--release)   release=$2; shift 2;;
+	-4|--ipv4)      ipv4=$2; shift 2;;
+	-6|--ipv6)      ipv6=$2; shift 2;;
+	-g|--gw)        gw=$2; shift 2;;
+	-d|--dns)       dns=$2; shift 2;;
 	--)             shift 1; break ;;
        *)              break ;;
    esac
@@ -340,6 +409,12 @@ if [ -z "$release" ]; then
    fi
 fi

+if [ -z "$ipv4" -a -z "$ipv6" ]; then
+    BOOTPROTO="dhcp"
+else
+    BOOTPROTO="static"
+fi
+
 if [ "$(id -u)" != "0" ]; then
    echo "This script should be run as 'root'"
    exit 1