From 06a0d66616bc755b25848d0ade3274a58289decb Mon Sep 17 00:00:00 2001 From: Fabio Rehm Date: Wed, 1 May 2013 22:01:59 -0300 Subject: [PATCH] "Merge" in code from debian lxc template that comes with Ubuntu 13.04 --- boxes/debian/lxc-template | 150 +++++++------------------------------- 1 file changed, 26 insertions(+), 124 deletions(-) diff --git a/boxes/debian/lxc-template b/boxes/debian/lxc-template index 2168760..0e7cc28 100755 --- a/boxes/debian/lxc-template +++ b/boxes/debian/lxc-template @@ -1,7 +1,7 @@ #!/bin/bash # This is a modified version of /usr/share/lxc/templates/lxc-debian -# that comes with Ubuntu 12.10 changed to suit vagrant-lxc needs +# that comes with Ubuntu 13.04 changed to suit vagrant-lxc needs set -e @@ -18,6 +18,14 @@ configure_debian() hostname=$2 release=$3 + # squeeze only has /dev/tty and /dev/tty0 by default, + # therefore creating missing device nodes for tty1-4. + for tty in $(seq 1 4); do + if [ ! -e $rootfs/dev/tty$tty ]; then + mknod $rootfs/dev/tty$tty c 4 $tty + fi + done + # configure the inittab cat < $rootfs/etc/inittab id:3:initdefault: @@ -32,45 +40,33 @@ l6:6:wait:/etc/init.d/rc 6 # Normally not reached, but fallthrough in case of emergency. z6:6:respawn:/sbin/sulogin 1:2345:respawn:/sbin/getty 38400 console -#c1:12345:respawn:/sbin/getty 38400 tty1 linux +c1:12345:respawn:/sbin/getty 38400 tty1 linux c2:12345:respawn:/sbin/getty 38400 tty2 linux c3:12345:respawn:/sbin/getty 38400 tty3 linux c4:12345:respawn:/sbin/getty 38400 tty4 linux +p6::ctrlaltdel:/sbin/init 6 +p0::powerfail:/sbin/init 0 EOF - echo '/etc/inittab created' # disable selinux in debian mkdir -p $rootfs/selinux echo 0 > $rootfs/selinux/enforce - echo 'selinux disabled' # configure the network using the dhcp cat < $rootfs/etc/network/interfaces -# This file describes the network interfaces available on your system -# and how to activate them. For more information, see interfaces(5). - -# The loopback network interface auto lo iface lo inet loopback auto eth0 iface eth0 inet dhcp EOF - echo 'network configured (dhcp on eth0)' - # set the hostname cat < $rootfs/etc/hostname $hostname EOF - echo "/etc/hostname created (${hostname})" - - # set dhcp hostname - cat <> $rootfs/etc/dhcp/dhclient.conf -send host-name "$hostname"; -EOF - echo 'dhcp hostname set' + # reconfigure some services if [ ! -z "${LANG}" ]; then # set default locale cat < $rootfs/etc/locale.gen @@ -82,64 +78,11 @@ EOF echo 'update-locale done' fi - # set proxy if any - if [ ! -z "${HTTP_PROXY}" ]; then - cat < $rootfs/etc/apt/apt.conf.d/10proxy -Acquire::http::Proxy "${HTTP_PROXY}"; -Acquire::ftp::Proxy "${HTTP_PROXY}"; -Acquire::ftp::Timeout "15"; -Acquire::ftp::Passive "true"; -Acquire::ftp::Proxy::Passive "true"; -EOF - echo "Apt default proxy set to ${HTTP_PROXY}" - cat <> $rootfs/etc/environment -HTTP_PROXY=${HTTP_PROXY} -HTTPS_PROXY=${HTTP_PROXY} -FTP_PROXY=${HTTP_PROXY} -EOF - echo "proxy ${HTTP_PROXY} added to /etc/environment" - fi - - # recommends are as of now still abused in many packages - cat < $rootfs/etc/apt/apt.conf.d/90recommends -APT::Install-Recommends "0"; -APT::Install-Suggests "0"; -EOF - echo '/etc/apt/apt.conf.d/90recommends created' - - # set default release - cat < $rootfs/etc/apt/apt.conf.d/30release -DPkg::Default-Release "${release}"; -APT::Default-Release "${release}"; -EOF - echo '/etc/apt/apt.conf.d/30release created' - - - # set minimal hosts - cat < $rootfs/etc/hosts -127.0.0.1 localhost -127.0.1.1 $hostname.vagrantup.com $hostname - -# The following lines are desirable for IPv6 capable hosts -::1 ip6-localhost ip6-loopback -fe00::0 ip6-localnet -ff00::0 ip6-mcastprefix -ff02::1 ip6-allnodes -ff02::2 ip6-allrouters -EOF - # remove pointless services in a container - for service in checkroot \ - umountfs \ - hwclock.sh \ - hwclockfirst.sh \ - mountall.sh ; do - chroot $rootfs /usr/sbin/update-rc.d -f $service remove > /dev/null 2>&1 - echo "service ${service} removed from init" - done - - # suppress log level output for udev - #sed -i "s/=\"err\"/=0/" $rootfs/etc/udev/udev.conf + chroot $rootfs /usr/sbin/update-rc.d -f checkroot.sh remove + chroot $rootfs /usr/sbin/update-rc.d -f umountfs remove + chroot $rootfs /usr/sbin/update-rc.d -f hwclock.sh remove + chroot $rootfs /usr/sbin/update-rc.d -f hwclockfirst.sh remove echo "root:vagrant" | chroot $rootfs chpasswd @@ -209,19 +152,16 @@ copy_configuration() rootfs=$2 name=$3 arch=$4 - release=$5 - - cat <> $path/fstab -none $rootfs/dev/pts devpts defaults 0 0 -none $rootfs/proc proc defaults 0 0 -none $rootfs/sys sysfs defaults 0 0 -none $rootfs/dev/shm tmpfs defaults 0 0 -EOF + grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config cat <> $path/config lxc.tty = 4 lxc.pts = 1024 -lxc.rootfs = ${rootfs} +lxc.utsname = ${name} + +# When using LXC with apparmor, uncomment the next line to run unconfined: +#lxc.aa_profile = unconfined + lxc.cgroup.devices.deny = a # /dev/null and zero lxc.cgroup.devices.allow = c 1:3 rwm @@ -240,46 +180,8 @@ lxc.cgroup.devices.allow = c 5:2 rwm lxc.cgroup.devices.allow = c 254:0 rwm # mounts point -#lxc.mount.entry=proc $rootfs/proc proc nodev,noexec,nosuid 0 0 -#lxc.mount.entry=devpts $rootfs/dev/pts devpts defaults 0 0 -#lxc.mount.entry=sysfs $rootfs/sys sysfs defaults 0 0 -lxc.mount = ${path}/fstab - -lxc.utsname = ${name} - -# networking - -#lxc.network.type = veth -#lxc.network.flags = up -# Bridged network -#lxc.network.link = br42 -#lxc.network.name = eth0 -# It is fine to be commented out -# Warn: interface name 'vethXXXX' too long (>15) -#lxc.network.veth.pair = veth${name#*-} -#lxc.network.ipv4 = 10.1.1.1/24 -#lxc.network.hwaddr = 00:12:34:56:78:9A -#lxc.network.hwaddr = \ -00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//') - -# Limits - -# Set max memory -lxc.cgroup.memory.limit_in_bytes = 1024M - -# Scheduler, works like this: You assign to vm0 the value of 10 and to vm1 -# the value of 20. This means: in each CPU Second vm1 will get the double -# amount of CPU cycles as vm0. Per default all values are set to 1024. -#lxc.cgroup.cpu.shares = 512 - -# CPUs -# assign first CPU to this container: -#lxc.cgroup.cpuset.cpus = 0 -# assign the first, the second and the last CPU -#lxc.cgroup.cpuset.cpus = 0-1,3 -# assign the first and the last CPU -#lxc.cgroup.cpuset.cpus = 0,3 - +lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0 +lxc.mount.entry = sysfs sys sysfs defaults 0 0 EOF if [ $? -ne 0 ]; then @@ -407,7 +309,7 @@ if [ $? -ne 0 ]; then exit 1 fi -copy_configuration $path $rootfs $name $arch $release +copy_configuration $path $rootfs $name if [ $? -ne 0 ]; then echo "failed write configuration file" exit 1