Ubuntu
lxc package

Merge lp:~serge-hallyn/ubuntu/precise/lxc/fix-resolvconf into lp:ubuntu/precise/lxc

Precise (12.04)
fix-resolvconf
Merge into precise

Proposed by Serge Hallyn on 2012-01-27

Status:	Merged
Merge reported by:	Stéphane Graber
Merged at revision:	not available
Proposed branch:	lp:~serge-hallyn/ubuntu/precise/lxc/fix-resolvconf
Merge into:	lp:ubuntu/precise/lxc
Diff against target:	1246 lines (+1155/-3) 10 files modified .pc/0030-ubuntu-template-fail.patch/templates/lxc-ubuntu.in (+541/-0) .pc/0031-ubuntu-template-resolvconf.patch/templates/lxc-ubuntu.in (+543/-0) .pc/applied-patches (+2/-0) debian/changelog (+12/-0) debian/control (+1/-1) debian/lxcguest.lxcmount.upstart (+2/-1) debian/patches/0030-ubuntu-template-fail.patch (+20/-0) debian/patches/0031-ubuntu-template-resolvconf.patch (+25/-0) debian/patches/series (+2/-0) templates/lxc-ubuntu.in (+7/-1)
To merge this branch:	bzr merge lp:~serge-hallyn/ubuntu/precise/lxc/fix-resolvconf
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Stéphane Graber		2012-01-27	Pending
Review via email: mp+90486@code.launchpad.net

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Serge Hallyn

Ubuntu branches

Ubuntu
lxc package

Merge lp:~serge-hallyn/ubuntu/precise/lxc/fix-resolvconf into lp:ubuntu/precise/lxc

Commit message

Description of the change

Preview Diff

Subscribers

 === added directory '.pc/0030-ubuntu-template-fail.patch'
 === added file '.pc/0030-ubuntu-template-fail.patch/.timestamp'
 === added directory '.pc/0030-ubuntu-template-fail.patch/templates'
 === added file '.pc/0030-ubuntu-template-fail.patch/templates/lxc-ubuntu.in'
 --- .pc/0030-ubuntu-template-fail.patch/templates/lxc-ubuntu.in	1970-01-01 00:00:00 +0000
 +++ .pc/0030-ubuntu-template-fail.patch/templates/lxc-ubuntu.in	2012-01-27 17:24:25 +0000
@@ -0,0 +1,541 @@
++#!/bin/bash
++
++#
++# template script for generating ubuntu container for LXC
++#
++# This script consolidates and extends the existing lxc ubuntu scripts
++#
++
++# Copyright © 2011 Serge Hallyn <serge.hallyn@canonical.com>
++# Copyright © 2010 Wilhelm Meier
++# Author: Wilhelm Meier <wilhelm.meier@fh-kl.de>
++#
++# This program is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License version 2, as
++# published by the Free Software Foundation.
++
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++
++# You should have received a copy of the GNU General Public License along
++# with this program; if not, write to the Free Software Foundation, Inc.,
++# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
++#
++
++if [ -r /etc/default/lxc ]; then
++    . /etc/default/lxc
++fi
++
++configure_ubuntu()
++{
++    rootfs=$1
++    hostname=$2
++
++   # configure the network using the dhcp
++    cat <<EOF > $rootfs/etc/network/interfaces
++auto lo
++iface lo inet loopback
++
++auto eth0
++iface eth0 inet dhcp
++EOF
++
++    # so you can 'ssh $hostname.' or 'ssh $hostname.local'
++    if [ -f $rootfs/etc/dhcp/dhclient.conf ]; then
++        sed -i "s/<hostname>/$hostname/" $rootfs/etc/dhcp/dhclient.conf
++    elif [ -f $rootfs/etc/dhcp3/dhclient.conf ]; then
++        sed -i "s/<hostname>/$hostname/" $rootfs/etc/dhcp3/dhclient.conf
++    fi
++
++    # set the hostname
++    cat <<EOF > $rootfs/etc/hostname
++$hostname
++EOF
++    # set minimal hosts
++    cat <<EOF > $rootfs/etc/hosts
++127.0.0.1 localhost $hostname
++EOF
++
++    # suppress log level output for udev
++    sed -i "s/=\"err\"/=0/" $rootfs/etc/udev/udev.conf
++
++    # remove jobs for consoles 5 and 6 since we only create 4 consoles in
++    # this template
++    rm -f $rootfs/etc/init/tty{5,6}.conf
++
++    echo "Please change root-password !"
++    echo "root:root" | chroot $rootfs chpasswd
++
++    return 0
++}
++
++download_ubuntu()
++{
++    cache=$1
++    arch=$2
++    release=$3
++
++    if [ $release = "lucid" ]; then
++        packages=dialog,apt,apt-utils,resolvconf,iproute,inetutils-ping,vim,dhcp3-client,ssh,lsb-release,gnupg
++    elif [ $release = "maverick" ]; then
++        packages=dialog,apt,apt-utils,resolvconf,iproute,inetutils-ping,vim,dhcp3-client,ssh,lsb-release,gnupg,netbase
++    elif [ $release = "natty" ]; then
++        packages=dialog,apt,apt-utils,resolvconf,iproute,inetutils-ping,vim,isc-dhcp-client,isc-dhcp-common,ssh,lsb-release,gnupg,netbase
++    else
++        packages=dialog,apt,apt-utils,iproute,inetutils-ping,vim,isc-dhcp-client,isc-dhcp-common,ssh,lsb-release,gnupg,netbase,ubuntu-keyring
++    fi
++    echo "installing packages: $packages"
++
++    # check the mini ubuntu was not already downloaded
++    mkdir -p "$cache/partial-$arch"
++    if [ $? -ne 0 ]; then
++        echo "Failed to create '$cache/partial-$arch' directory"
++        return 1
++    fi
++
++    # download a mini ubuntu into a cache
++    echo "Downloading ubuntu $release minimal ..."
++    debootstrap --verbose --components=main,universe --arch=$arch --include=$packages $release $cache/partial-$arch $MIRROR
++    if [ $? -ne 0 ]; then
++        echo "Failed to download the rootfs, aborting."
++            return 1
++    fi
++
++    # Serge isn't sure whether we should avoid doing this when
++    # $release == `distro-info -d`
++    echo "Installing updates"
++    case $arch in
++      amd64|i386)
++            MIRROR=${MIRROR:-http://archive.ubuntu.com/ubuntu}
++            SECURITY_MIRROR=${SECURITY_MIRROR:-http://security.ubuntu.com/ubuntu}
++            ;;
++      sparc)
++            case $SUITE in
++              gutsy)
++            MIRROR=${MIRROR:-http://archive.ubuntu.com/ubuntu}
++            SECURITY_MIRROR=${SECURITY_MIRRORMIRROR:-http://security.ubuntu.com/ubuntu}
++            ;;
++              *)
++            MIRROR=${MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
++            SECURITY_MIRROR=${SECURITY_MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
++            ;;
++            esac
++            ;;
++      *)
++            MIRROR=${MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
++            SECURITY_MIRROR=${SECURITY_MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
++            ;;
++    esac
++    cat >> "$1/partial-${arch}/etc/apt/sources.list" << EOF
++deb $MIRROR ${release}-updates main universe
++deb $SECURITY_MIRROR ${release}-security main universe
++EOF
++    chroot "$1/partial-${arch}" apt-get update
++    if [ $? -ne 0 ]; then
++        echo "Failed to update the apt cache"
++        return 1
++    fi
++    cat > "$1/partial-${arch}"/usr/sbin/policy-rc.d << EOF
++#!/bin/sh
++exit 101
++EOF
++    chmod +x "$1/partial-${arch}"/usr/sbin/policy-rc.d
++
++    lxc-unshare -s MOUNT -- chroot "$1/partial-${arch}" apt-get dist-upgrade -y
++    ret=$?
++    rm -f "$1/partial-${arch}"/usr/sbin/policy-rc.d
++
++    if [ $ret -ne 0 ]; then
++        echo "Failed to upgrade the cache"
++        return 1
++    fi
++
++    mv "$1/partial-$arch" "$1/rootfs-$arch"
++    echo "Download complete"
++    return 0
++}
++
++copy_ubuntu()
++{
++    cache=$1
++    arch=$2
++    rootfs=$3
++
++    # make a local copy of the miniubuntu
++    echo -n "Copying rootfs to $rootfs ..."
++    mkdir -p $rootfs
++    rsync -a $cache/rootfs-$arch/ $rootfs/ || return 1
++    return 0
++}
++
++install_ubuntu()
++{
++    rootfs=$1
++    release=$2
++    flushcache=$3
++    cache="/var/cache/lxc/$release"
++    mkdir -p /var/lock/subsys/
++    (
++	flock -n -x 200
++	if [ $? -ne 0 ]; then
++	    echo "Cache repository is busy."
++	    return 1
++	fi
++
++
++    if [ $flushcache -eq 1 ]; then
++        echo "Flushing cache..."
++        rm -rf "$cache/partial-$arch"
++        rm -rf "$cache/rootfs-$arch"
++    fi
++
++	echo "Checking cache download in $cache/rootfs-$arch ... "
++	if [ ! -e "$cache/rootfs-$arch" ]; then
++	    download_ubuntu $cache $arch $release
++	    if [ $? -ne 0 ]; then
++		echo "Failed to download 'ubuntu $release base'"
++		return 1
++	    fi
++	fi
++
++	echo "Copy $cache/rootfs-$arch to $rootfs ... "
++	copy_ubuntu $cache $arch $rootfs
++	if [ $? -ne 0 ]; then
++	    echo "Failed to copy rootfs"
++	    return 1
++	fi
++
++	return 0
++
++	) 200>/var/lock/subsys/lxc
++
++    return $?
++}
++
++copy_configuration()
++{
++    path=$1
++    rootfs=$2
++    name=$3
++    arch=$4
++
++    if [ $arch = "i386" ]; then
++        arch="i686"
++    fi
++
++    cat <<EOF >> $path/config
++lxc.utsname = $name
++
++lxc.tty = 4
++lxc.pts = 1024
++lxc.rootfs = $rootfs
++lxc.mount  = $path/fstab
++lxc.arch = $arch
++lxc.cap.drop = sys_module mac_admin
++
++lxc.cgroup.devices.deny = a
++# Allow any mknod (but not using the node)
++lxc.cgroup.devices.allow = c *:* m
++lxc.cgroup.devices.allow = b *:* m
++# /dev/null and zero
++lxc.cgroup.devices.allow = c 1:3 rwm
++lxc.cgroup.devices.allow = c 1:5 rwm
++# consoles
++lxc.cgroup.devices.allow = c 5:1 rwm
++lxc.cgroup.devices.allow = c 5:0 rwm
++#lxc.cgroup.devices.allow = c 4:0 rwm
++#lxc.cgroup.devices.allow = c 4:1 rwm
++# /dev/{,u}random
++lxc.cgroup.devices.allow = c 1:9 rwm
++lxc.cgroup.devices.allow = c 1:8 rwm
++lxc.cgroup.devices.allow = c 136:* rwm
++lxc.cgroup.devices.allow = c 5:2 rwm
++# rtc
++lxc.cgroup.devices.allow = c 254:0 rwm
++#fuse
++lxc.cgroup.devices.allow = c 10:229 rwm
++#tun
++lxc.cgroup.devices.allow = c 10:200 rwm
++#full
++lxc.cgroup.devices.allow = c 1:7 rwm
++#hpet
++lxc.cgroup.devices.allow = c 10:228 rwm
++#kvm
++lxc.cgroup.devices.allow = c 10:232 rwm
++EOF
++
++    cat <<EOF > $path/fstab
++proc            $rootfs/proc         proc    nodev,noexec,nosuid 0 0
++sysfs           $rootfs/sys          sysfs defaults  0 0
++EOF
++
++    if [ $? -ne 0 ]; then
++	echo "Failed to add configuration"
++	return 1
++    fi
++
++    return 0
++}
++
++trim()
++{
++    rootfs=$1
++    release=$2
++
++    # provide the lxc service
++    cat <<EOF > $rootfs/etc/init/lxc.conf
++# fake some events needed for correct startup other services
++
++description     "Container Upstart"
++
++start on startup
++
++script
++        rm -rf /var/run/*.pid
++        rm -rf /var/run/network/*
++        /sbin/initctl emit stopped JOB=udevtrigger --no-wait
++        /sbin/initctl emit started JOB=udev --no-wait
++end script
++EOF
++
++    # fix buggus runlevel with sshd
++    cat <<EOF > $rootfs/etc/init/ssh.conf
++# ssh - OpenBSD Secure Shell server
++#
++# The OpenSSH server provides secure shell access to the system.
++
++description	"OpenSSH server"
++
++start on filesystem
++stop on runlevel [!2345]
++
++expect fork
++respawn
++respawn limit 10 5
++umask 022
++# replaces SSHD_OOM_ADJUST in /etc/default/ssh
++oom never
++
++pre-start script
++    test -x /usr/sbin/sshd || { stop; exit 0; }
++    test -e /etc/ssh/sshd_not_to_be_run && { stop; exit 0; }
++    test -c /dev/null || { stop; exit 0; }
++
++    mkdir -p -m0755 /var/run/sshd
++end script
++
++# if you used to set SSHD_OPTS in /etc/default/ssh, you can change the
++# 'exec' line here instead
++exec /usr/sbin/sshd
++EOF
++
++    cat <<EOF > $rootfs/etc/init/console.conf
++# console - getty
++#
++# This service maintains a console on tty1 from the point the system is
++# started until it is shut down again.
++
++start on stopped rc RUNLEVEL=[2345]
++stop on runlevel [!2345]
++
++respawn
++exec /sbin/getty -8 38400 /dev/console
++EOF
++
++    cat <<EOF > $rootfs/lib/init/fstab
++# /lib/init/fstab: cleared out for bare-bones lxc
++EOF
++
++    # reconfigure some services
++    if [ -z "$LANG" ]; then
++	chroot $rootfs locale-gen en_US.UTF-8
++	chroot $rootfs update-locale LANG=en_US.UTF-8
++    else
++	chroot $rootfs locale-gen $LANG
++	chroot $rootfs update-locale LANG=$LANG
++    fi
++
++    # remove pointless services in a container
++    chroot $rootfs /usr/sbin/update-rc.d -f ondemand remove
++
++    chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls u*.conf); do mv $f $f.orig; done'
++    chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls tty[2-9].conf); do mv $f $f.orig; done'
++    chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls plymouth*.conf); do mv $f $f.orig; done'
++    chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls hwclock*.conf); do mv $f $f.orig; done'
++    chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls module*.conf); do mv $f $f.orig; done'
++
++    # if this isn't lucid, then we need to twiddle the network upstart bits :(
++    if [ $release != "lucid" ]; then
++        sed -i 's/^.*emission handled.*$/echo Emitting lo/' $rootfs/etc/network/if-up.d/upstart
++    fi
++}
++
++post_process()
++{
++    rootfs=$1
++    release=$2
++    trim_container=$3
++
++    if [ $trim_container -eq 1 ]; then
++        trim $rootfs $release
++    else
++        # for lucid and maverick, if not trimming, then add the ubuntu-virt
++        # ppa and install lxcguest
++        if [ $release = "lucid" -o $release = "maverick" ]; then
++            chroot $rootfs apt-get install --force-yes -y python-software-properties
++            chroot $rootfs add-apt-repository ppa:ubuntu-virt/ppa
++        fi
++        cp /etc/resolv.conf "${rootfs}/etc"
++        chroot $rootfs apt-get update
++        chroot $rootfs apt-get install --force-yes -y lxcguest
++    fi
++}
++
++do_bindhome()
++{
++    rootfs=$1
++    user=$2
++
++    # copy /etc/passwd, /etc/shadow, and /etc/group entries into container
++    pwd=`getent passwd $user`
++    if [ $? -ne 0 ]; then
++        echo 'Warning: failed to copy password entry for $user'
++	return
++    else
++        echo $pwd >> $rootfs/etc/passwd
++    fi
++    shad=`getent shadow $user`
++    echo $shad >> $rootfs/etc/shadow
++
++    # bind-mount the user's path into the container's /home
++    h=`getent passwd $user | cut -d: -f 6`
++    mkdir -p $rootfs/$h
++    echo "$h $rootfs/$h none bind 0 0" >> $path/fstab
++}
++
++usage()
++{
++    cat <<EOF
++$1 -h|--help [-a|--arch] [-b|--bindhome <user>] [--trim]
++   [-F | --flush-cache] [-r|--release <release>]
++release: lucid | maverick | natty | oneiric | precise
++trim: make a minimal (faster, but not upgrade-safe) container
++bindhome: bind <user>'s home into the container
++arch: amd64 or i386: defaults to host arch
++EOF
++    return 0
++}
++
++options=$(getopt -o a:b:hp:r:xn:F -l arch:,bindhome:,help,path:,release:,trim,name:,flush-cache -- "$@")
++if [ $? -ne 0 ]; then
++    usage $(basename $0)
++    exit 1
++fi
++eval set -- "$options"
++
++release=lucid
++if [ -f /etc/lsb-release ]; then
++    . /etc/lsb-release
++    case "$DISTRIB_CODENAME" in
++        lucid|maverick|natty|oneiric|precise)
++            release=$DISTRIB_CODENAME
++        ;;
++    esac
++fi
++
++bindhome=
++arch=$(arch)
++
++# Code taken from debootstrap
++if [ -x /usr/bin/dpkg ] && /usr/bin/dpkg --print-architecture >/dev/null 2>&1; then
++    arch=`/usr/bin/dpkg --print-architecture`
++elif type udpkg >/dev/null 2>&1 && udpkg --print-architecture >/dev/null 2>&1; then
++    arch=`/usr/bin/udpkg --print-architecture`
++else
++    arch=$(arch)
++    if [ "$arch" = "i686" ]; then
++        arch="i386"
++    elif [ "$arch" = "x86_64" ]; then
++        arch="amd64"
++    elif [ "$arch" = "armv7l" ]; then
++        arch="armel"
++    fi
++fi
++
++trim_container=0
++hostarch=$arch
++flushcache=0
++while true
++do
++    case "$1" in
++    -h|--help)      usage $0 && exit 0;;
++    -p|--path)      path=$2; shift 2;;
++    -n|--name)      name=$2; shift 2;;
++    -F|--flush-cache) flushcache=1; shift 1;;
++    -r|--release)   release=$2; shift 2;;
++    -b|--bindhome)  bindhome=$2; shift 2;;
++    -a|--arch)      arch=$2; shift 2;;
++    -x|--trim)      trim_container=1; shift 1;;
++    --)             shift 1; break ;;
++        *)              break ;;
++    esac
++done
++
++pwd=`getent passwd $bindhome`
++if [ $? -ne 0 ]; then
++    echo "Error: no password entry found for $bindhome"
++    exit 1
++fi
++
++
++if [ "$arch" == "i686" ]; then
++    arch=i386
++fi
++
++if [ $hostarch = "i386" -a $arch = "amd64" ]; then
++    echo "can't create amd64 container on i386"
++    exit 1
++fi
++
++type debootstrap
++if [ $? -ne 0 ]; then
++    echo "'debootstrap' command is missing"
++    exit 1
++fi
++
++if [ -z "$path" ]; then
++    echo "'path' parameter is required"
++    exit 1
++fi
++
++if [ "$(id -u)" != "0" ]; then
++    echo "This script should be run as 'root'"
++    exit 1
++fi
++
++rootfs=$path/rootfs
++
++install_ubuntu $rootfs $release $flushcache
++if [ $? -ne 0 ]; then
++    echo "failed to install ubuntu $release"
++    exit 1
++fi
++
++configure_ubuntu $rootfs $name
++if [ $? -ne 0 ]; then
++    echo "failed to configure ubuntu $release for a container"
++    exit 1
++fi
++
++copy_configuration $path $rootfs $name $arch
++if [ $? -ne 0 ]; then
++    echo "failed write configuration file"
++    exit 1
++fi
++
++post_process $rootfs $release $trim_container
++if [ ! -z $bindhome ]; then
++	do_bindhome $rootfs $bindhome
++fi
 === added directory '.pc/0031-ubuntu-template-resolvconf.patch'
 === added file '.pc/0031-ubuntu-template-resolvconf.patch/.timestamp'
 === added directory '.pc/0031-ubuntu-template-resolvconf.patch/templates'
 === added file '.pc/0031-ubuntu-template-resolvconf.patch/templates/lxc-ubuntu.in'
 --- .pc/0031-ubuntu-template-resolvconf.patch/templates/lxc-ubuntu.in	1970-01-01 00:00:00 +0000
 +++ .pc/0031-ubuntu-template-resolvconf.patch/templates/lxc-ubuntu.in	2012-01-27 17:24:25 +0000
@@ -0,0 +1,543 @@
++#!/bin/bash
++
++#
++# template script for generating ubuntu container for LXC
++#
++# This script consolidates and extends the existing lxc ubuntu scripts
++#
++
++# Copyright © 2011 Serge Hallyn <serge.hallyn@canonical.com>
++# Copyright © 2010 Wilhelm Meier
++# Author: Wilhelm Meier <wilhelm.meier@fh-kl.de>
++#
++# This program is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License version 2, as
++# published by the Free Software Foundation.
++
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++
++# You should have received a copy of the GNU General Public License along
++# with this program; if not, write to the Free Software Foundation, Inc.,
++# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
++#
++
++set -e
++
++if [ -r /etc/default/lxc ]; then
++    . /etc/default/lxc
++fi
++
++configure_ubuntu()
++{
++    rootfs=$1
++    hostname=$2
++
++   # configure the network using the dhcp
++    cat <<EOF > $rootfs/etc/network/interfaces
++auto lo
++iface lo inet loopback
++
++auto eth0
++iface eth0 inet dhcp
++EOF
++
++    # so you can 'ssh $hostname.' or 'ssh $hostname.local'
++    if [ -f $rootfs/etc/dhcp/dhclient.conf ]; then
++        sed -i "s/<hostname>/$hostname/" $rootfs/etc/dhcp/dhclient.conf
++    elif [ -f $rootfs/etc/dhcp3/dhclient.conf ]; then
++        sed -i "s/<hostname>/$hostname/" $rootfs/etc/dhcp3/dhclient.conf
++    fi
++
++    # set the hostname
++    cat <<EOF > $rootfs/etc/hostname
++$hostname
++EOF
++    # set minimal hosts
++    cat <<EOF > $rootfs/etc/hosts
++127.0.0.1 localhost $hostname
++EOF
++
++    # suppress log level output for udev
++    sed -i "s/=\"err\"/=0/" $rootfs/etc/udev/udev.conf
++
++    # remove jobs for consoles 5 and 6 since we only create 4 consoles in
++    # this template
++    rm -f $rootfs/etc/init/tty{5,6}.conf
++
++    echo "Please change root-password !"
++    echo "root:root" | chroot $rootfs chpasswd
++
++    return 0
++}
++
++download_ubuntu()
++{
++    cache=$1
++    arch=$2
++    release=$3
++
++    if [ $release = "lucid" ]; then
++        packages=dialog,apt,apt-utils,resolvconf,iproute,inetutils-ping,vim,dhcp3-client,ssh,lsb-release,gnupg
++    elif [ $release = "maverick" ]; then
++        packages=dialog,apt,apt-utils,resolvconf,iproute,inetutils-ping,vim,dhcp3-client,ssh,lsb-release,gnupg,netbase
++    elif [ $release = "natty" ]; then
++        packages=dialog,apt,apt-utils,resolvconf,iproute,inetutils-ping,vim,isc-dhcp-client,isc-dhcp-common,ssh,lsb-release,gnupg,netbase
++    else
++        packages=dialog,apt,apt-utils,iproute,inetutils-ping,vim,isc-dhcp-client,isc-dhcp-common,ssh,lsb-release,gnupg,netbase,ubuntu-keyring
++    fi
++    echo "installing packages: $packages"
++
++    # check the mini ubuntu was not already downloaded
++    mkdir -p "$cache/partial-$arch"
++    if [ $? -ne 0 ]; then
++        echo "Failed to create '$cache/partial-$arch' directory"
++        return 1
++    fi
++
++    # download a mini ubuntu into a cache
++    echo "Downloading ubuntu $release minimal ..."
++    debootstrap --verbose --components=main,universe --arch=$arch --include=$packages $release $cache/partial-$arch $MIRROR
++    if [ $? -ne 0 ]; then
++        echo "Failed to download the rootfs, aborting."
++            return 1
++    fi
++
++    # Serge isn't sure whether we should avoid doing this when
++    # $release == `distro-info -d`
++    echo "Installing updates"
++    case $arch in
++      amd64|i386)
++            MIRROR=${MIRROR:-http://archive.ubuntu.com/ubuntu}
++            SECURITY_MIRROR=${SECURITY_MIRROR:-http://security.ubuntu.com/ubuntu}
++            ;;
++      sparc)
++            case $SUITE in
++              gutsy)
++            MIRROR=${MIRROR:-http://archive.ubuntu.com/ubuntu}
++            SECURITY_MIRROR=${SECURITY_MIRRORMIRROR:-http://security.ubuntu.com/ubuntu}
++            ;;
++              *)
++            MIRROR=${MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
++            SECURITY_MIRROR=${SECURITY_MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
++            ;;
++            esac
++            ;;
++      *)
++            MIRROR=${MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
++            SECURITY_MIRROR=${SECURITY_MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
++            ;;
++    esac
++    cat >> "$1/partial-${arch}/etc/apt/sources.list" << EOF
++deb $MIRROR ${release}-updates main universe
++deb $SECURITY_MIRROR ${release}-security main universe
++EOF
++    chroot "$1/partial-${arch}" apt-get update
++    if [ $? -ne 0 ]; then
++        echo "Failed to update the apt cache"
++        return 1
++    fi
++    cat > "$1/partial-${arch}"/usr/sbin/policy-rc.d << EOF
++#!/bin/sh
++exit 101
++EOF
++    chmod +x "$1/partial-${arch}"/usr/sbin/policy-rc.d
++
++    lxc-unshare -s MOUNT -- chroot "$1/partial-${arch}" apt-get dist-upgrade -y
++    ret=$?
++    rm -f "$1/partial-${arch}"/usr/sbin/policy-rc.d
++
++    if [ $ret -ne 0 ]; then
++        echo "Failed to upgrade the cache"
++        return 1
++    fi
++
++    mv "$1/partial-$arch" "$1/rootfs-$arch"
++    echo "Download complete"
++    return 0
++}
++
++copy_ubuntu()
++{
++    cache=$1
++    arch=$2
++    rootfs=$3
++
++    # make a local copy of the miniubuntu
++    echo -n "Copying rootfs to $rootfs ..."
++    mkdir -p $rootfs
++    rsync -a $cache/rootfs-$arch/ $rootfs/ || return 1
++    return 0
++}
++
++install_ubuntu()
++{
++    rootfs=$1
++    release=$2
++    flushcache=$3
++    cache="/var/cache/lxc/$release"
++    mkdir -p /var/lock/subsys/
++    (
++	flock -n -x 200
++	if [ $? -ne 0 ]; then
++	    echo "Cache repository is busy."
++	    return 1
++	fi
++
++
++    if [ $flushcache -eq 1 ]; then
++        echo "Flushing cache..."
++        rm -rf "$cache/partial-$arch"
++        rm -rf "$cache/rootfs-$arch"
++    fi
++
++	echo "Checking cache download in $cache/rootfs-$arch ... "
++	if [ ! -e "$cache/rootfs-$arch" ]; then
++	    download_ubuntu $cache $arch $release
++	    if [ $? -ne 0 ]; then
++		echo "Failed to download 'ubuntu $release base'"
++		return 1
++	    fi
++	fi
++
++	echo "Copy $cache/rootfs-$arch to $rootfs ... "
++	copy_ubuntu $cache $arch $rootfs
++	if [ $? -ne 0 ]; then
++	    echo "Failed to copy rootfs"
++	    return 1
++	fi
++
++	return 0
++
++	) 200>/var/lock/subsys/lxc
++
++    return $?
++}
++
++copy_configuration()
++{
++    path=$1
++    rootfs=$2
++    name=$3
++    arch=$4
++
++    if [ $arch = "i386" ]; then
++        arch="i686"
++    fi
++
++    cat <<EOF >> $path/config
++lxc.utsname = $name
++
++lxc.tty = 4
++lxc.pts = 1024
++lxc.rootfs = $rootfs
++lxc.mount  = $path/fstab
++lxc.arch = $arch
++lxc.cap.drop = sys_module mac_admin
++
++lxc.cgroup.devices.deny = a
++# Allow any mknod (but not using the node)
++lxc.cgroup.devices.allow = c *:* m
++lxc.cgroup.devices.allow = b *:* m
++# /dev/null and zero
++lxc.cgroup.devices.allow = c 1:3 rwm
++lxc.cgroup.devices.allow = c 1:5 rwm
++# consoles
++lxc.cgroup.devices.allow = c 5:1 rwm
++lxc.cgroup.devices.allow = c 5:0 rwm
++#lxc.cgroup.devices.allow = c 4:0 rwm
++#lxc.cgroup.devices.allow = c 4:1 rwm
++# /dev/{,u}random
++lxc.cgroup.devices.allow = c 1:9 rwm
++lxc.cgroup.devices.allow = c 1:8 rwm
++lxc.cgroup.devices.allow = c 136:* rwm
++lxc.cgroup.devices.allow = c 5:2 rwm
++# rtc
++lxc.cgroup.devices.allow = c 254:0 rwm
++#fuse
++lxc.cgroup.devices.allow = c 10:229 rwm
++#tun
++lxc.cgroup.devices.allow = c 10:200 rwm
++#full
++lxc.cgroup.devices.allow = c 1:7 rwm
++#hpet
++lxc.cgroup.devices.allow = c 10:228 rwm
++#kvm
++lxc.cgroup.devices.allow = c 10:232 rwm
++EOF
++
++    cat <<EOF > $path/fstab
++proc            $rootfs/proc         proc    nodev,noexec,nosuid 0 0
++sysfs           $rootfs/sys          sysfs defaults  0 0
++EOF
++
++    if [ $? -ne 0 ]; then
++	echo "Failed to add configuration"
++	return 1
++    fi
++
++    return 0
++}
++
++trim()
++{
++    rootfs=$1
++    release=$2
++
++    # provide the lxc service
++    cat <<EOF > $rootfs/etc/init/lxc.conf
++# fake some events needed for correct startup other services
++
++description     "Container Upstart"
++
++start on startup
++
++script
++        rm -rf /var/run/*.pid
++        rm -rf /var/run/network/*
++        /sbin/initctl emit stopped JOB=udevtrigger --no-wait
++        /sbin/initctl emit started JOB=udev --no-wait
++end script
++EOF
++
++    # fix buggus runlevel with sshd
++    cat <<EOF > $rootfs/etc/init/ssh.conf
++# ssh - OpenBSD Secure Shell server
++#
++# The OpenSSH server provides secure shell access to the system.
++
++description	"OpenSSH server"
++
++start on filesystem
++stop on runlevel [!2345]
++
++expect fork
++respawn
++respawn limit 10 5
++umask 022
++# replaces SSHD_OOM_ADJUST in /etc/default/ssh
++oom never
++
++pre-start script
++    test -x /usr/sbin/sshd || { stop; exit 0; }
++    test -e /etc/ssh/sshd_not_to_be_run && { stop; exit 0; }
++    test -c /dev/null || { stop; exit 0; }
++
++    mkdir -p -m0755 /var/run/sshd
++end script
++
++# if you used to set SSHD_OPTS in /etc/default/ssh, you can change the
++# 'exec' line here instead
++exec /usr/sbin/sshd
++EOF
++
++    cat <<EOF > $rootfs/etc/init/console.conf
++# console - getty
++#
++# This service maintains a console on tty1 from the point the system is
++# started until it is shut down again.
++
++start on stopped rc RUNLEVEL=[2345]
++stop on runlevel [!2345]
++
++respawn
++exec /sbin/getty -8 38400 /dev/console
++EOF
++
++    cat <<EOF > $rootfs/lib/init/fstab
++# /lib/init/fstab: cleared out for bare-bones lxc
++EOF
++
++    # reconfigure some services
++    if [ -z "$LANG" ]; then
++	chroot $rootfs locale-gen en_US.UTF-8
++	chroot $rootfs update-locale LANG=en_US.UTF-8
++    else
++	chroot $rootfs locale-gen $LANG
++	chroot $rootfs update-locale LANG=$LANG
++    fi
++
++    # remove pointless services in a container
++    chroot $rootfs /usr/sbin/update-rc.d -f ondemand remove
++
++    chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls u*.conf); do mv $f $f.orig; done'
++    chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls tty[2-9].conf); do mv $f $f.orig; done'
++    chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls plymouth*.conf); do mv $f $f.orig; done'
++    chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls hwclock*.conf); do mv $f $f.orig; done'
++    chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls module*.conf); do mv $f $f.orig; done'
++
++    # if this isn't lucid, then we need to twiddle the network upstart bits :(
++    if [ $release != "lucid" ]; then
++        sed -i 's/^.*emission handled.*$/echo Emitting lo/' $rootfs/etc/network/if-up.d/upstart
++    fi
++}
++
++post_process()
++{
++    rootfs=$1
++    release=$2
++    trim_container=$3
++
++    if [ $trim_container -eq 1 ]; then
++        trim $rootfs $release
++    else
++        # for lucid and maverick, if not trimming, then add the ubuntu-virt
++        # ppa and install lxcguest
++        if [ $release = "lucid" -o $release = "maverick" ]; then
++            chroot $rootfs apt-get install --force-yes -y python-software-properties
++            chroot $rootfs add-apt-repository ppa:ubuntu-virt/ppa
++        fi
++        cp /etc/resolv.conf "${rootfs}/etc"
++        chroot $rootfs apt-get update
++        chroot $rootfs apt-get install --force-yes -y lxcguest
++    fi
++}
++
++do_bindhome()
++{
++    rootfs=$1
++    user=$2
++
++    # copy /etc/passwd, /etc/shadow, and /etc/group entries into container
++    pwd=`getent passwd $user`
++    if [ $? -ne 0 ]; then
++        echo 'Warning: failed to copy password entry for $user'
++	return
++    else
++        echo $pwd >> $rootfs/etc/passwd
++    fi
++    shad=`getent shadow $user`
++    echo $shad >> $rootfs/etc/shadow
++
++    # bind-mount the user's path into the container's /home
++    h=`getent passwd $user | cut -d: -f 6`
++    mkdir -p $rootfs/$h
++    echo "$h $rootfs/$h none bind 0 0" >> $path/fstab
++}
++
++usage()
++{
++    cat <<EOF
++$1 -h|--help [-a|--arch] [-b|--bindhome <user>] [--trim]
++   [-F | --flush-cache] [-r|--release <release>]
++release: lucid | maverick | natty | oneiric | precise
++trim: make a minimal (faster, but not upgrade-safe) container
++bindhome: bind <user>'s home into the container
++arch: amd64 or i386: defaults to host arch
++EOF
++    return 0
++}
++
++options=$(getopt -o a:b:hp:r:xn:F -l arch:,bindhome:,help,path:,release:,trim,name:,flush-cache -- "$@")
++if [ $? -ne 0 ]; then
++    usage $(basename $0)
++    exit 1
++fi
++eval set -- "$options"
++
++release=lucid
++if [ -f /etc/lsb-release ]; then
++    . /etc/lsb-release
++    case "$DISTRIB_CODENAME" in
++        lucid|maverick|natty|oneiric|precise)
++            release=$DISTRIB_CODENAME
++        ;;
++    esac
++fi
++
++bindhome=
++arch=$(arch)
++
++# Code taken from debootstrap
++if [ -x /usr/bin/dpkg ] && /usr/bin/dpkg --print-architecture >/dev/null 2>&1; then
++    arch=`/usr/bin/dpkg --print-architecture`
++elif type udpkg >/dev/null 2>&1 && udpkg --print-architecture >/dev/null 2>&1; then
++    arch=`/usr/bin/udpkg --print-architecture`
++else
++    arch=$(arch)
++    if [ "$arch" = "i686" ]; then
++        arch="i386"
++    elif [ "$arch" = "x86_64" ]; then
++        arch="amd64"
++    elif [ "$arch" = "armv7l" ]; then
++        arch="armel"
++    fi
++fi
++
++trim_container=0
++hostarch=$arch
++flushcache=0
++while true
++do
++    case "$1" in
++    -h|--help)      usage $0 && exit 0;;
++    -p|--path)      path=$2; shift 2;;
++    -n|--name)      name=$2; shift 2;;
++    -F|--flush-cache) flushcache=1; shift 1;;
++    -r|--release)   release=$2; shift 2;;
++    -b|--bindhome)  bindhome=$2; shift 2;;
++    -a|--arch)      arch=$2; shift 2;;
++    -x|--trim)      trim_container=1; shift 1;;
++    --)             shift 1; break ;;
++        *)              break ;;
++    esac
++done
++
++pwd=`getent passwd $bindhome`
++if [ $? -ne 0 ]; then
++    echo "Error: no password entry found for $bindhome"
++    exit 1
++fi
++
++
++if [ "$arch" == "i686" ]; then
++    arch=i386
++fi
++
++if [ $hostarch = "i386" -a $arch = "amd64" ]; then
++    echo "can't create amd64 container on i386"
++    exit 1
++fi
++
++type debootstrap
++if [ $? -ne 0 ]; then
++    echo "'debootstrap' command is missing"
++    exit 1
++fi
++
++if [ -z "$path" ]; then
++    echo "'path' parameter is required"
++    exit 1
++fi
++
++if [ "$(id -u)" != "0" ]; then
++    echo "This script should be run as 'root'"
++    exit 1
++fi
++
++rootfs=$path/rootfs
++
++install_ubuntu $rootfs $release $flushcache
++if [ $? -ne 0 ]; then
++    echo "failed to install ubuntu $release"
++    exit 1
++fi
++
++configure_ubuntu $rootfs $name
++if [ $? -ne 0 ]; then
++    echo "failed to configure ubuntu $release for a container"
++    exit 1
++fi
++
++copy_configuration $path $rootfs $name $arch
++if [ $? -ne 0 ]; then
++    echo "failed write configuration file"
++    exit 1
++fi
++
++post_process $rootfs $release $trim_container
++if [ ! -z $bindhome ]; then
++	do_bindhome $rootfs $bindhome
++fi
 === modified file '.pc/applied-patches'
 --- .pc/applied-patches	2012-01-26 14:15:07 +0000
 +++ .pc/applied-patches	2012-01-27 17:24:25 +0000
@@ -40,3 +40,5 @@
 -fix-lxc-netstat.patch
 -recursively-rmdir-cgroups.patch
 -btrfs-clone-support.patch
++0030-ubuntu-template-fail.patch
++0031-ubuntu-template-resolvconf.patch
 === modified file 'debian/changelog'
 --- debian/changelog	2012-01-26 16:38:10 +0000
 +++ debian/changelog	2012-01-27 17:24:25 +0000
@@ -1,3 +1,15 @@
++lxc (0.7.5-3ubuntu14) precise; urgency=low
++
++  * debian/control: add btrfs-tools to lxc Suggests (LP: #942241)
++  * 0030-ubuntu-template-fail.patch: make lxc-ubuntu template fail on
++    error (LP: #922645)
++  * 0031-ubuntu-template-resolvconf.patch: handle /etc/resolv.conf being
++    a symlink as is now done by resolvconf by default. (LP: #922706)
++  * debian/lxcguest.lxcmount.upstart: emit mounted MOUNTPOINT=/run
++    to make resolvconf start. (LP: #922706)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 27 Jan 2012 11:13:26 -0600
++
  lxc (0.7.5-3ubuntu13) precise; urgency=low
    * 0029-btrfs-clone-support.patch: add support for cloning via
 === modified file 'debian/control'
 --- debian/control	2012-01-20 14:34:54 +0000
 +++ debian/control	2012-01-27 17:24:25 +0000
@@ -13,7 +13,7 @@
  Architecture: linux-any
  Depends: ${misc:Depends}, ${shlibs:Depends}, bridge-utils, dnsmasq-base, iptables, rsync
  Recommends: debootstrap, libcap2-bin, cgroup-lite | cgroup-bin
--Suggests: lvm2
++Suggests: btrfs-tools, lvm2
  Description: Linux containers userspace tools
   Containers are insulated areas inside a system, which have their own namespace
   for filesystem, network, pids, ipc, cpu and memory allocation and which can be
 === modified file 'debian/lxcguest.lxcmount.upstart'
 --- debian/lxcguest.lxcmount.upstart	2011-05-16 14:03:52 +0000
 +++ debian/lxcguest.lxcmount.upstart	2012-01-27 17:24:25 +0000
@@ -32,5 +32,6 @@
  	# Pre-start stops us from getting here if it's neither lxc nor libvirt
  	# So empty $container means it's libvirt from (>= oneiric)
  	[ -z $container ] && container="libvirt"
--	exec mount --bind /lib/init/fstab.$container /lib/init/fstab
++	mount --bind /lib/init/fstab.$container /lib/init/fstab
++	exec initctl emit mounted MOUNTPOINT=/run
  end script
 === added file 'debian/patches/0030-ubuntu-template-fail.patch'
 --- debian/patches/0030-ubuntu-template-fail.patch	1970-01-01 00:00:00 +0000
 +++ debian/patches/0030-ubuntu-template-fail.patch	2012-01-27 17:24:25 +0000
@@ -0,0 +1,20 @@
++Description: ubuntu template: set -e to return error on failures.
++ Otherwise callers can get bad containers without knowing it.
++ This will be forwarded upstream
++Author: Serge Hallyn <serge.hallyn@ubuntu.com>
++Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/922645
++Forwarded: no
++
++Index: lxc/templates/lxc-ubuntu.in
++===================================================================
++--- lxc.orig/templates/lxc-ubuntu.in	2012-01-27 09:33:18.236399000 -0600
+++++ lxc/templates/lxc-ubuntu.in	2012-01-27 09:50:11.961902165 -0600
++@@ -24,6 +24,8 @@
++ # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
++ #
++
+++set -e
+++
++ if [ -r /etc/default/lxc ]; then
++     . /etc/default/lxc
++ fi
 === added file 'debian/patches/0031-ubuntu-template-resolvconf.patch'
 --- debian/patches/0031-ubuntu-template-resolvconf.patch	1970-01-01 00:00:00 +0000
 +++ debian/patches/0031-ubuntu-template-resolvconf.patch	2012-01-27 17:24:25 +0000
@@ -0,0 +1,25 @@
++Description: handle /etc/resolv.conf being a symlink
++ This will be forwarded upstream.
++Author: Serge Hallyn <serge.hallyn@ubuntu.com>
++Forwarded: no
++Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/922706
++
++Index: lxc/templates/lxc-ubuntu.in
++===================================================================
++--- lxc.orig/templates/lxc-ubuntu.in	2012-01-27 10:45:16.167886074 -0600
+++++ lxc/templates/lxc-ubuntu.in	2012-01-27 10:50:39.567880601 -0600
++@@ -389,9 +389,13 @@
++             chroot $rootfs apt-get install --force-yes -y python-software-properties
++             chroot $rootfs add-apt-repository ppa:ubuntu-virt/ppa
++         fi
++-        cp /etc/resolv.conf "${rootfs}/etc"
+++	cresolvonf="${rootfs}/etc/resolv.conf"
+++	mv $cresolvonf ${cresolvonf}.lxcbak
+++        cat /etc/resolv.conf > ${cresolvonf}
++         chroot $rootfs apt-get update
++         chroot $rootfs apt-get install --force-yes -y lxcguest
+++	rm -f ${cresolvonf}
+++	mv ${cresolvonf}.lxcbak ${cresolvonf}
++     fi
++ }
++
 === modified file 'debian/patches/series'
 --- debian/patches/series	2012-01-26 14:15:07 +0000
 +++ debian/patches/series	2012-01-27 17:24:25 +0000
@@ -40,3 +40,5 @@
 -fix-lxc-netstat.patch
 -recursively-rmdir-cgroups.patch
 -btrfs-clone-support.patch
++0030-ubuntu-template-fail.patch
++0031-ubuntu-template-resolvconf.patch
 === modified file 'templates/lxc-ubuntu.in'
 --- templates/lxc-ubuntu.in	2012-01-24 13:10:42 +0000
 +++ templates/lxc-ubuntu.in	2012-01-27 17:24:25 +0000
@@ -24,6 +24,8 @@
  # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ #
++set -e
++
  if [ -r /etc/default/lxc ]; then
      . /etc/default/lxc
  fi
@@ -387,9 +389,13 @@
              chroot $rootfs apt-get install --force-yes -y python-software-properties
              chroot $rootfs add-apt-repository ppa:ubuntu-virt/ppa
          fi
--        cp /etc/resolv.conf "${rootfs}/etc"
++	cresolvonf="${rootfs}/etc/resolv.conf"
++	mv $cresolvonf ${cresolvonf}.lxcbak
++        cat /etc/resolv.conf > ${cresolvonf}
          chroot $rootfs apt-get update
          chroot $rootfs apt-get install --force-yes -y lxcguest
++	rm -f ${cresolvonf}
++	mv ${cresolvonf}.lxcbak ${cresolvonf}
      fi
+ }

Ubuntulxc package

Merge lp:~serge-hallyn/ubuntu/precise/lxc/fix-resolvconf into lp:ubuntu/precise/lxc

Commit message

Description of the change

Preview Diff

Subscribers

Ubuntu
lxc package