> On 08/16/2011 02:14 PM, Alexey Shabalin wrote:
>> Hello.
>> This patch add template for ALTLinux. (based on fedora template)
>> Thanks.
> Applied.
Update ALTLinux template.
--
Alexey Shabalin
diff --git a/templates/lxc-altlinux.in b/templates/lxc-altlinux.in
index a64367f..3aba77b 100644
--- a/templates/lxc-altlinux.in
+++ b/templates/lxc-altlinux.in
@@ -27,7 +27,7 @@
#Configurations
arch=$(arch)
cache_base=/var/cache/lxc/altlinux/$arch
-default_path=/var/lib/lxc
+default_path=@LXCPATH@
default_profile=default
profile_dir=/etc/lxc/profiles
root_password=rooter
@@ -44,15 +44,38 @@ configure_altlinux()
mkdir -p $rootfs_path/selinux
echo 0 > $rootfs_path/selinux/enforce
- # configure the network using the dhcp
- mkdir -p ${rootfs_path}/etc/net/ifaces/eth0
- cat <<EOF > ${rootfs_path}/etc/net/ifaces/eth0/options
-BOOTPROTO=dhcp
+ mkdir -p ${rootfs_path}/etc/net/ifaces/veth0
+ cat <<EOF > ${rootfs_path}/etc/net/ifaces/veth0/options
+BOOTPROTO=${BOOTPROTO}
ONBOOT=yes
NM_CONTROLLED=no
TYPE=eth
EOF
+if [ ${BOOTPROTO} != "dhcp" ]; then
+ # ip address
+ cat <<EOF > ${rootfs_path}/etc/net/ifaces/veth0/ipv4address
+${ipv4}
+EOF
+
+ cat <<EOF > ${rootfs_path}/etc/net/ifaces/veth0/ipv4route
+${gw}
+EOF
+
+ cat <<EOF > ${rootfs_path}/etc/net/ifaces/veth0/resolv.conf
+nameserver ${dns}
+EOF
+
+ cat <<EOF > ${rootfs_path}/etc/net/ifaces/veth0/ipv6address
+${ipv6}
+EOF
+
+ cat <<EOF > ${rootfs_path}/etc/net/ifaces/veth0/ipv6route
+${gw6}
+EOF
+
+fi
+
# set the hostname
cat <<EOF > ${rootfs_path}/etc/sysconfig/network
NETWORKING=yes
@@ -66,10 +89,11 @@ EOF
127.0.0.1 localhost.localdomain localhost $name
EOF
# Allow to login at virsh console. loginuid.so doen't work in the absence of auditd.
- sed -i 's/^.*loginuid.so.*$/\#&/' ${rootfs_path}/etc/pam.d/common-login
+# sed -i 's/^.*loginuid.so.*$/\#&/' ${rootfs_path}/etc/pam.d/common-login
# Allow root to login at virsh console
echo "pts/0" >> ${rootfs_path}/etc/securetty
+ echo "console" >> ${rootfs_path}/etc/securetty
chroot ${rootfs_path} chkconfig network on
chroot ${rootfs_path} chkconfig syslogd on
@@ -78,12 +102,17 @@ EOF
chroot ${rootfs_path} chkconfig fbsetfont off
# chroot ${rootfs_path} chkconfig keytable off
- subst 's/^\([0-9]\+:[0-9]\+:respawn:\/sbin\/mingetty.*\)/#\1/' ${rootfs_path}/etc/inittab
+ subst 's/^\([3-9]\+:[0-9]\+:respawn:\/sbin\/mingetty.*\)/#\1/' ${rootfs_path}/etc/inittab
+ echo "c1:2345:respawn:/sbin/mingetty --noclear console" >> ${rootfs_path}/etc/inittab
subst 's,\/dev\/tty12,/var/log/syslog/console,' ${rootfs_path}/etc/syslog.conf
+# touch file for fastboot
+ touch ${rootfs_path}/fastboot
+ chattr +i ${rootfs_path}/fastboot
+
dev_path="${rootfs_path}/dev"
- rm -rf $dev_path
- mkdir -p $dev_path
+ rm -rf ${dev_path}
+ mkdir -p ${dev_path}
mknod -m 666 ${dev_path}/null c 1 3
mknod -m 666 ${dev_path}/zero c 1 5
mknod -m 644 ${dev_path}/random c 1 8
@@ -91,15 +120,23 @@ EOF
mkdir -m 755 ${dev_path}/pts
mkdir -m 1777 ${dev_path}/shm
mknod -m 666 ${dev_path}/tty c 5 0
- mknod -m 666 ${dev_path}/tty0 c 4 0
- mknod -m 666 ${dev_path}/tty1 c 4 1
- mknod -m 666 ${dev_path}/tty2 c 4 2
- mknod -m 666 ${dev_path}/tty3 c 4 3
- mknod -m 666 ${dev_path}/tty4 c 4 4
+ chown root:tty ${dev_path}/tty
+ mknod -m 600 ${dev_path}/tty0 c 4 0
+ mknod -m 600 ${dev_path}/tty1 c 4 1
+ mknod -m 600 ${dev_path}/tty2 c 4 2
+ mknod -m 600 ${dev_path}/tty3 c 4 3
+ mknod -m 600 ${dev_path}/tty4 c 4 4
mknod -m 600 ${dev_path}/console c 5 1
mknod -m 666 ${dev_path}/full c 1 7
mknod -m 600 ${dev_path}/initctl p
mknod -m 666 ${dev_path}/ptmx c 5 2
+ chown root:tty ${dev_path}/ptmx
+ ln -s /proc/self/fd ${dev_path}/fd
+ ln -s /proc/kcore ${dev_path}/core
+ mkdir -m 755 ${dev_path}/mapper
+ mknod -m 600 ${dev_path}/mapper/control c 10 236
+ mkdir -m 755 ${dev_path}/net
+ mknod -m 666 ${dev_path}/net/tun c 10 200
echo "setting root passwd to $root_password"
echo "root:$root_password" | chroot $rootfs_path chpasswd
@@ -212,8 +249,30 @@ lxc.mount = $config_path/fstab
lxc.network.type = $lxc_network_type
lxc.network.flags = up
lxc.network.link = $lxc_network_link
-lxc.network.name = eth0
+lxc.network.name = veth0
lxc.network.mtu = 1500
+EOF
+if [ ! -z ${ipv4} ]; then
+ cat <<EOF >> $config_path/config
+lxc.network.ipv4 = $ipv4
+EOF
+fi
+if [ ! -z ${gw} ]; then
+ cat <<EOF >> $config_path/config
+lxc.network.ipv4.gateway = $gw
+EOF
+fi
+if [ ! -z ${ipv6} ]; then
+ cat <<EOF >> $config_path/config
+lxc.network.ipv6 = $ipv6
+EOF
+fi
+if [ ! -z ${gw6} ]; then
+ cat <<EOF >> $config_path/config
+lxc.network.ipv6.gateway = $gw6
+EOF
+fi
+ cat <<EOF >> $config_path/config
#cgroups
lxc.cgroup.devices.deny = a
# /dev/null and zero
@@ -230,12 +289,11 @@ lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
-lxc.cgroup.devices.allow = c 254:0 rwm
+lxc.cgroup.devices.allow = c 10:135 rwm
EOF
cat <<EOF > $config_path/fstab
proc $rootfs_path/proc proc nodev,noexec,nosuid 0 0
-devpts $rootfs_path/dev/pts devpts defaults 0 0
sysfs $rootfs_path/sys sysfs defaults 0 0
EOF
@@ -275,6 +333,8 @@ usage()
usage:
$1 -n|--name=<container_name>
[-p|--path=<path>] [-c|--clean] [-R|--release=<ALTLinux_release>]
+ [-4|--ipv4=<ipv4 address>] [-6|--ipv6=<ipv6 address>]
+ [-g|--gw=<gw address>] [-d|--dns=<dns address>]
[-P|--profile=<name of the profile>]
[-A|--arch=<arch of the container>]
[-h|--help]
@@ -284,6 +344,11 @@ Optional args:
-p,--path path to where the container rootfs will be created, defaults to /var/lib/lxc. The container config will go under /var/lib/lxc in and case
-c,--clean clean the cache
-R,--release ALTLinux release for the new container. if the host is ALTLinux, then it will defaultto the host's release.
+ -4,--ipv4 specify the ipv4 address to assign to the virtualized interface, eg. 192.168.1.123/24
+ -6,--ipv6 specify the ipv6 address to assign to the virtualized interface, eg. 2003:db8:1:0:214:1234:fe0b:3596/64
+ -g,--gw specify the default gw, eg. 192.168.1.1
+ -G,--gw6 specify the default gw, eg. 2003:db8:1:0:214:1234:fe0b:3596
+ -d,--dns specify the DNS server, eg. 192.168.1.2
-P,--profile Profile name is the file name in /etc/lxc/profiles contained packages name for install to cache.
-A,--arch NOT USED YET. Define what arch the container will be [i686,x86_64]
-h,--help print this help
@@ -291,7 +356,7 @@ EOF
return 0
}
-options=$(getopt -o hp:n:P:cR: -l help,path:,name:,profile:,clean,release: -- "$@")
+options=$(getopt -o hp:n:P:cR:4:6:g:d: -l help,path:,name:,profile:,clean,release:ipv4:ipv6:gw:dns: -- "$@")
if [ $? -ne 0 ]; then
usage $(basename $0)
exit 1
@@ -306,7 +371,11 @@ do
-n|--name) name=$2; shift 2;;
-P|--profile) profile=$2; shift 2;;
-c|--clean) clean=$2; shift 2;;
- -R|--release) release=$2; shift 2;;
+ -R|--release) release=$2; shift 2;;
+ -4|--ipv4) ipv4=$2; shift 2;;
+ -6|--ipv6) ipv6=$2; shift 2;;
+ -g|--gw) gw=$2; shift 2;;
+ -d|--dns) dns=$2; shift 2;;
--) shift 1; break ;;
*) break ;;
esac
@@ -340,6 +409,12 @@ if [ -z "$release" ]; then
fi
fi
+if [ -z "$ipv4" -a -z "$ipv6" ]; then
+ BOOTPROTO="dhcp"
+else
+ BOOTPROTO="static"
+fi
+
if [ "$(id -u)" != "0" ]; then
echo "This script should be run as 'root'"
exit 1
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
