<div dir="ltr">Hi All,<div>This patch introduces the following enhancements to the centos templates.<br><div><div><div style="font-family:arial,sans-serif;font-size:12.800000190734863px">1. Added option to not expire the root password</div>
<div style="font-family:arial,sans-serif;font-size:12.800000190734863px">2. Added option to copy the host ssh public key to the container so that one can ssh to the my containers without using password</div><div style="font-family:arial,sans-serif;font-size:12.800000190734863px">
3. Added option to set static IP to the container. Used when run services which needs static ip address, such as hadoop.</div></div><div style="font-family:arial,sans-serif;font-size:12.800000190734863px"><br></div><div style="font-family:arial,sans-serif;font-size:12.800000190734863px">
Let me know if you have any questions. Thanks!</div><div style="font-family:arial,sans-serif;font-size:12.800000190734863px"><br></div><div style="font-family:arial,sans-serif;font-size:12.800000190734863px"><b>Tests have been run:</b></div>
<div style="font-family:arial,sans-serif;font-size:12.800000190734863px">1. Created a container without using the newly added options, the current behaviors are preserved, i.e. root password need to be changed at first log, dynamic ip address and no public key is copied.</div>
<div style="font-family:arial,sans-serif;font-size:12.800000190734863px">2. Tested the new behaviors are working by creating a container using the newly added options.</div><div style="font-family:arial,sans-serif;font-size:12.800000190734863px">
<br></div><div><font face="arial, sans-serif">Signed-off-by: Mingjiang Shi <mrjewes at gmail dot com></font><br></div><div style="font-family:arial,sans-serif;font-size:12.800000190734863px">---</div><div><div><font face="arial, sans-serif">diff --git a/templates/<a href="http://lxc-centos.in">lxc-centos.in</a> b/templates/<a href="http://lxc-centos.in">lxc-centos.in</a></font></div>
<div><font face="arial, sans-serif">index 55e0531..3c0e9e6 100644</font></div><div><font face="arial, sans-serif">--- a/templates/<a href="http://lxc-centos.in">lxc-centos.in</a></font></div><div><font face="arial, sans-serif">+++ b/templates/<a href="http://lxc-centos.in">lxc-centos.in</a></font></div>
<div><font face="arial, sans-serif">@@ -229,31 +229,57 @@ configure_centos()</font></div><div><font face="arial, sans-serif"> cd ${rootfs_path}/etc/rc.d/rc6.d</font></div><div><font face="arial, sans-serif"> ln -s ../init.d/lxc-halt S00lxc-reboot</font></div>
<div><font face="arial, sans-serif"> )</font></div><div><font face="arial, sans-serif"> fi</font></div><div><font face="arial, sans-serif"> </font></div><div><font face="arial, sans-serif">+ if [ $use_static_ip == "yes" ];then</font></div>
<div><font face="arial, sans-serif">+ # configure the network using static ip</font></div><div><font face="arial, sans-serif">+ cat <<EOF > ${rootfs_path}/etc/sysconfig/network-scripts/ifcfg-eth0</font></div>
<div><font face="arial, sans-serif">+DEVICE=eth0</font></div><div><font face="arial, sans-serif">+BOOTPROTO=none</font></div><div><font face="arial, sans-serif">+ONBOOT=yes</font></div><div><font face="arial, sans-serif">+HOSTNAME=${utsname}</font></div>
<div><font face="arial, sans-serif">+NM_CONTROLLED=no</font></div><div><font face="arial, sans-serif">+TYPE=Ethernet</font></div><div><font face="arial, sans-serif">+MTU=${MTU}</font></div><div><font face="arial, sans-serif">+EOF</font></div>
<div><font face="arial, sans-serif">+ # set static route, add the default gateway</font></div><div><font face="arial, sans-serif">+ cat <<EOF > ${rootfs_path}/etc/sysconfig/static-routes</font></div><div><font face="arial, sans-serif">+any net default gw ${gw}</font></div>
<div><font face="arial, sans-serif">+EOF</font></div><div><font face="arial, sans-serif">+</font></div><div><font face="arial, sans-serif">+ # set minimal hosts, don't resolve the hostname to 127.0.0.1</font></div>
<div><font face="arial, sans-serif">+ # resolve it to the static ip</font></div><div><font face="arial, sans-serif">+ cat <<EOF > $rootfs_path/etc/hosts</font></div><div><font face="arial, sans-serif">+127.0.0.1 localhost </font></div>
<div><font face="arial, sans-serif">+$ip ${utsname} $name</font></div><div><font face="arial, sans-serif">+EOF</font></div><div><font face="arial, sans-serif">+</font></div><div><font face="arial, sans-serif">+ else</font></div>
<div><font face="arial, sans-serif"> # configure the network using the dhcp</font></div><div><font face="arial, sans-serif"> cat <<EOF > ${rootfs_path}/etc/sysconfig/network-scripts/ifcfg-eth0</font></div>
<div><font face="arial, sans-serif"> DEVICE=eth0</font></div><div><font face="arial, sans-serif"> BOOTPROTO=dhcp</font></div><div><font face="arial, sans-serif"> ONBOOT=yes</font></div><div><font face="arial, sans-serif">-HOSTNAME=${UTSNAME}</font></div>
<div><font face="arial, sans-serif">+HOSTNAME=${utsname}</font></div><div><font face="arial, sans-serif"> NM_CONTROLLED=no</font></div><div><font face="arial, sans-serif"> TYPE=Ethernet</font></div><div><font face="arial, sans-serif"> MTU=${MTU}</font></div>
<div><font face="arial, sans-serif"> EOF</font></div><div><font face="arial, sans-serif"> </font></div><div><font face="arial, sans-serif">+ # set minimal hosts</font></div><div><font face="arial, sans-serif">+ cat <<EOF > $rootfs_path/etc/hosts</font></div>
<div><font face="arial, sans-serif">+127.0.0.1 localhost $name</font></div><div><font face="arial, sans-serif">+EOF</font></div><div><font face="arial, sans-serif">+ fi</font></div><div><font face="arial, sans-serif">+</font></div>
<div><font face="arial, sans-serif"> # set the hostname</font></div><div><font face="arial, sans-serif"> cat <<EOF > ${rootfs_path}/etc/sysconfig/network</font></div><div><font face="arial, sans-serif"> NETWORKING=yes</font></div>
<div><font face="arial, sans-serif">-HOSTNAME=${UTSNAME}</font></div><div><font face="arial, sans-serif">+HOSTNAME=${utsname}</font></div><div><font face="arial, sans-serif"> EOF</font></div><div><font face="arial, sans-serif"> </font></div>
<div><font face="arial, sans-serif">- # set minimal hosts</font></div><div><font face="arial, sans-serif">- cat <<EOF > $rootfs_path/etc/hosts</font></div><div><font face="arial, sans-serif">-127.0.0.1 localhost $name</font></div>
<div><font face="arial, sans-serif">-EOF</font></div><div><font face="arial, sans-serif"> </font></div><div><font face="arial, sans-serif"> # set minimal fstab</font></div><div><font face="arial, sans-serif"> cat <<EOF > $rootfs_path/etc/fstab</font></div>
<div><font face="arial, sans-serif"> /dev/root / rootfs defaults 0 0</font></div><div><font face="arial, sans-serif"> none /dev/shm tmpfs nosuid,nodev 0 0</font></div>
<div><font face="arial, sans-serif">@@ -337,12 +363,15 @@ EOF</font></div><div><font face="arial, sans-serif"> echo ${root_password} > ${config_path}/tmp_root_pass</font></div><div><font face="arial, sans-serif"> echo "Storing root password in '${config_path}/tmp_root_pass'"</font></div>
<div><font face="arial, sans-serif"> fi</font></div><div><font face="arial, sans-serif"> </font></div><div><font face="arial, sans-serif"> echo "root:$root_password" | chroot $rootfs_path chpasswd</font></div>
<div><font face="arial, sans-serif">- # Also set this password as expired to force the user to change it!</font></div><div><font face="arial, sans-serif">- chroot $rootfs_path passwd -e root</font></div><div><font face="arial, sans-serif">+ </font></div>
<div><font face="arial, sans-serif">+ if [ $expire_root_passwd == "yes" ];then</font></div><div><font face="arial, sans-serif">+ # Set this password as expired to force the user to change it!</font></div>
<div><font face="arial, sans-serif">+ chroot $rootfs_path passwd -e root</font></div><div><font face="arial, sans-serif">+ fi</font></div><div><font face="arial, sans-serif"> </font></div><div><font face="arial, sans-serif"> # This will need to be enhanced for CentOS 7 when systemd</font></div>
<div><font face="arial, sans-serif"> # comes into play... /\/\|=mhw=|\/\/</font></div><div><font face="arial, sans-serif"> </font></div><div><font face="arial, sans-serif"> return 0</font></div><div><font face="arial, sans-serif">@@ -370,11 +399,11 @@ download_centos()</font></div>
<div><font face="arial, sans-serif"> fi</font></div><div><font face="arial, sans-serif"> </font></div><div><font face="arial, sans-serif"> # download a mini centos into a cache</font></div><div><font face="arial, sans-serif"> echo "Downloading centos minimal ..."</font></div>
<div><font face="arial, sans-serif"> YUM="yum --installroot $INSTALL_ROOT -y --nogpgcheck"</font></div><div><font face="arial, sans-serif">- PKG_LIST="yum initscripts passwd rsyslog vim-minimal openssh-server openssh-clients dhclient chkconfig rootfiles policycoreutils"</font></div>
<div><font face="arial, sans-serif">+ PKG_LIST="yum initscripts passwd rsyslog vim openssh-server openssh-clients dhclient chkconfig rootfiles policycoreutils wget tar sudo zip unzip which"</font></div><div>
<font face="arial, sans-serif"> </font></div>
<div><font face="arial, sans-serif"> # use temporary repository definition</font></div><div><font face="arial, sans-serif"> REPO_FILE=$INSTALL_ROOT/etc/yum.repos.d/lxc-centos-temp.repo</font></div><div><font face="arial, sans-serif"> mkdir -p $(dirname $REPO_FILE)</font></div>
<div><font face="arial, sans-serif"> if [ -n "$repo" ]; then</font></div><div><font face="arial, sans-serif">@@ -559,10 +588,15 @@ lxc.rootfs = $rootfs_path</font></div><div><font face="arial, sans-serif"> fi</font></div>
<div><font face="arial, sans-serif"> fi</font></div><div><font face="arial, sans-serif"> done < $config_path/config.def</font></div><div><font face="arial, sans-serif"> </font></div><div><font face="arial, sans-serif"> rm -f $config_path/config.def</font></div>
<div><font face="arial, sans-serif">+ </font></div><div><font face="arial, sans-serif">+ # append the container ip address</font></div><div><font face="arial, sans-serif">+ if [ $use_static_ip == "yes" ];then</font></div>
<div><font face="arial, sans-serif">+ echo "lxc.network.ipv4 = ${ip}/24" >> $config_path/config</font></div><div><font face="arial, sans-serif">+ fi</font></div><div><font face="arial, sans-serif"> </font></div>
<div><font face="arial, sans-serif"> if [ -e "@LXCTEMPLATECONFIG@/centos.common.conf" ]; then</font></div><div><font face="arial, sans-serif"> echo "</font></div><div><font face="arial, sans-serif"> # Include common configuration</font></div>
<div><font face="arial, sans-serif"> lxc.include = @LXCTEMPLATECONFIG@/centos.common.conf</font></div><div><font face="arial, sans-serif">@@ -635,46 +669,87 @@ Optional args:</font></div><div><font face="arial, sans-serif"> -p,--path path to where the container rootfs will be created, defaults to /var/lib/lxc/name.</font></div>
<div><font face="arial, sans-serif"> -c,--clean clean the cache</font></div><div><font face="arial, sans-serif"> -R,--release Centos release for the new container. if the host is Centos, then it will defaultto the host's release.</font></div>
<div><font face="arial, sans-serif"> --fqdn fully qualified domain name (FQDN) for DNS and system naming</font></div><div><font face="arial, sans-serif"> --repo repository to use (url)</font></div>
<div><font face="arial, sans-serif">+ --ip specify a static ip, must use with --gw option</font></div><div><font face="arial, sans-serif">+ --gw specify the default gateway, required if --ip option is used.</font></div>
<div><font face="arial, sans-serif">+ -E, don't set the root password expired</font></div><div><font face="arial, sans-serif">+ -s, Copy the current ssh public key to the authorized host list of the container</font></div>
<div><font face="arial, sans-serif"> -a,--arch Define what arch the container will be [i686,x86_64]</font></div><div><font face="arial, sans-serif"> -h,--help print this help</font></div><div><font face="arial, sans-serif"> EOF</font></div>
<div><font face="arial, sans-serif"> return 0</font></div><div><font face="arial, sans-serif"> }</font></div><div><font face="arial, sans-serif"> </font></div><div><font face="arial, sans-serif">-options=$(getopt -o a:hp:n:cR: -l help,path:,rootfs:,name:,clean,release:,repo:,arch:,fqdn: -- "$@")</font></div>
<div><font face="arial, sans-serif">+copy_ssh_key_to_container()</font></div><div><font face="arial, sans-serif">+{</font></div><div><font face="arial, sans-serif">+ # create the .ssh folder and set permission</font></div>
<div><font face="arial, sans-serif">+ container_ssh_dir=${rootfs_path}/root/.ssh</font></div><div><font face="arial, sans-serif">+ if [ ! -d $container_ssh_dir ];then</font></div><div><font face="arial, sans-serif">+ mkdir -p $container_ssh_dir</font></div>
<div><font face="arial, sans-serif">+ chmod 700 $container_ssh_dir</font></div><div><font face="arial, sans-serif">+ fi</font></div><div><font face="arial, sans-serif">+ </font></div><div><font face="arial, sans-serif">+ # copy the id_rsa.pub to authorized_keys if exists</font></div>
<div><font face="arial, sans-serif">+ my_ssh_id=$HOME/.ssh/id_rsa.pub</font></div><div><font face="arial, sans-serif">+ if [ -f $my_ssh_id ];then</font></div><div><font face="arial, sans-serif">+ cat $my_ssh_id >> $container_ssh_dir/authorized_keys</font></div>
<div><font face="arial, sans-serif">+ fi</font></div><div><font face="arial, sans-serif">+</font></div><div><font face="arial, sans-serif">+ # copy the id_dsa.pub to authorized_keys if exists</font></div><div><font face="arial, sans-serif">+ my_ssh_id=$HOME/.ssh/id_dsa.pub</font></div>
<div><font face="arial, sans-serif">+ if [ -f $my_ssh_id ];then</font></div><div><font face="arial, sans-serif">+ cat $my_ssh_id >> $container_ssh_dir/authorized_keys</font></div><div><font face="arial, sans-serif">+ fi</font></div>
<div><font face="arial, sans-serif">+}</font></div><div><font face="arial, sans-serif">+</font></div><div><font face="arial, sans-serif">+options=$(getopt -o a:hp:n:cR:Es -l help,path:,rootfs:,name:,clean,release:,repo:,arch:,fqdn:,ip:,gw: -- "$@")</font></div>
<div><font face="arial, sans-serif"> if [ $? -ne 0 ]; then</font></div><div><font face="arial, sans-serif"> usage $(basename $0)</font></div><div><font face="arial, sans-serif"> exit 1</font></div><div><font face="arial, sans-serif"> fi</font></div>
<div><font face="arial, sans-serif"> </font></div><div><font face="arial, sans-serif"> arch=$(arch)</font></div><div><font face="arial, sans-serif">+use_static_ip=no</font></div><div><font face="arial, sans-serif">+ip=</font></div>
<div><font face="arial, sans-serif">+gw=</font></div><div><font face="arial, sans-serif">+expire_root_passwd=yes</font></div><div><font face="arial, sans-serif">+copy_ssh_id=no</font></div><div><font face="arial, sans-serif"> eval set -- "$options"</font></div>
<div><font face="arial, sans-serif"> while true</font></div><div><font face="arial, sans-serif"> do</font></div><div><font face="arial, sans-serif"> case "$1" in</font></div><div><font face="arial, sans-serif"> -h|--help) usage $0 && exit 0;;</font></div>
<div><font face="arial, sans-serif"> -p|--path) path=$2; shift 2;;</font></div><div><font face="arial, sans-serif"> --rootfs) rootfs=$2; shift 2;;</font></div><div><font face="arial, sans-serif"> -n|--name) name=$2; shift 2;;</font></div>
<div><font face="arial, sans-serif"> -c|--clean) clean=$2; shift 2;;</font></div><div><font face="arial, sans-serif"> -R|--release) release=$2; shift 2;;</font></div><div><font face="arial, sans-serif">-<span class="" style="white-space:pre"> </span>--repo)<span class="" style="white-space:pre"> </span>repo="$2"; shift 2;;</font></div>
<div><font face="arial, sans-serif">+<span class="" style="white-space:pre"> </span> --repo) <span class="" style="white-space:pre"> </span>repo="$2"; shift 2;;</font></div><div><font face="arial, sans-serif"> -a|--arch) newarch=$2; shift 2;;</font></div>
<div><font face="arial, sans-serif"> --fqdn) utsname=$2; shift 2;;</font></div><div><font face="arial, sans-serif">+ --ip) use_static_ip=yes; ip=$2; shift 2;;</font></div><div><font face="arial, sans-serif">+ --gw) gw=$2; shift 2;;</font></div>
<div><font face="arial, sans-serif">+ -E) expire_root_passwd=no; shift 1;;</font></div><div><font face="arial, sans-serif">+ -s) copy_ssh_id=yes; shift 1;;</font></div><div><font face="arial, sans-serif"> --) shift 1; break ;;</font></div>
<div><font face="arial, sans-serif"> *) break ;;</font></div><div><font face="arial, sans-serif"> esac</font></div><div><font face="arial, sans-serif"> done</font></div><div><font face="arial, sans-serif"> </font></div>
<div><font face="arial, sans-serif"> if [ ! -z "$clean" -a -z "$path" ]; then</font></div><div><font face="arial, sans-serif"> clean || exit 1</font></div><div><font face="arial, sans-serif"> exit 0</font></div>
<div><font face="arial, sans-serif"> fi</font></div><div><font face="arial, sans-serif"> </font></div><div><font face="arial, sans-serif">+if [ ! -z "$ip" -a -z "$gw" ];then</font></div><div><font face="arial, sans-serif">+ echo "Missing the default gateway, use --gw option to specify the default gateway"</font></div>
<div><font face="arial, sans-serif">+ usage $0</font></div><div><font face="arial, sans-serif">+ exit 1</font></div><div><font face="arial, sans-serif">+fi</font></div><div><font face="arial, sans-serif">+</font></div>
<div><font face="arial, sans-serif"> basearch=${arch}</font></div><div><font face="arial, sans-serif"> # Map a few architectures to their generic CentOS repository archs.</font></div><div><font face="arial, sans-serif"> # The two ARM archs are a bit of a guesstimate for the v5 and v6</font></div>
<div><font face="arial, sans-serif"> # archs. V6 should have hardware floating point (Rasberry Pi).</font></div><div><font face="arial, sans-serif"> # The "arm" arch is safer (no hardware floating point). So</font></div>
<div><font face="arial, sans-serif">@@ -846,10 +921,15 @@ if [ $? -ne 0 ]; then</font></div><div><font face="arial, sans-serif"> exit 1</font></div><div><font face="arial, sans-serif"> fi</font></div><div><font face="arial, sans-serif"> </font></div>
<div><font face="arial, sans-serif"> configure_centos_init</font></div><div><font face="arial, sans-serif"> </font></div><div><font face="arial, sans-serif">+# copy the ssh public key to authorized keys in the container</font></div>
<div><font face="arial, sans-serif">+if [ $copy_ssh_id == "yes" ];then</font></div><div><font face="arial, sans-serif">+ copy_ssh_key_to_container</font></div><div><font face="arial, sans-serif">+fi</font></div>
<div><font face="arial, sans-serif">+</font></div><div><font face="arial, sans-serif"> if [ ! -z $clean ]; then</font></div><div><font face="arial, sans-serif"> clean || exit 1</font></div><div><font face="arial, sans-serif"> exit 0</font></div>
<div><font face="arial, sans-serif"> fi</font></div><div><font face="arial, sans-serif"> echo "</font></div><div><font face="arial, sans-serif">@@ -879,15 +959,17 @@ then</font></div><div><font face="arial, sans-serif"> </font></div>
<div><font face="arial, sans-serif"> chroot ${rootfs_path} passwd</font></div><div><font face="arial, sans-serif"> "</font></div><div><font face="arial, sans-serif"> chroot ${rootfs_path} passwd</font></div>
<div><font face="arial, sans-serif"> else</font></div><div><font face="arial, sans-serif">- echo "</font></div><div><font face="arial, sans-serif">-The root password is set up as "expired" and will require it to be changed</font></div>
<div><font face="arial, sans-serif">-at first login, which you should do as soon as possible. If you lose the</font></div><div><font face="arial, sans-serif">-root password or wish to change it without starting the container, you</font></div>
<div><font face="arial, sans-serif">-can change it from the host by running the following command (which will</font></div><div><font face="arial, sans-serif">-also reset the expired flag):</font></div><div><font face="arial, sans-serif">-</font></div>
<div><font face="arial, sans-serif">- chroot ${rootfs_path} passwd</font></div><div><font face="arial, sans-serif">-"</font></div><div><font face="arial, sans-serif">+ if [ $expire_root_passwd == "yes" ];then</font></div>
<div><font face="arial, sans-serif">+<span class="" style="white-space:pre"> </span> echo "</font></div><div><font face="arial, sans-serif">+<span class="" style="white-space:pre"> </span>The root password is set up as "expired" and will require it to be changed</font></div>
<div><font face="arial, sans-serif">+<span class="" style="white-space:pre"> </span>at first login, which you should do as soon as possible. If you lose the</font></div><div><font face="arial, sans-serif">+<span class="" style="white-space:pre"> </span>root password or wish to change it without starting the container, you</font></div>
<div><font face="arial, sans-serif">+<span class="" style="white-space:pre"> </span>can change it from the host by running the following command (which will</font></div><div><font face="arial, sans-serif">+<span class="" style="white-space:pre"> </span>also reset the expired flag):</font></div>
<div><font face="arial, sans-serif">+</font></div><div><font face="arial, sans-serif">+<span class="" style="white-space:pre"> </span>chroot ${rootfs_path} passwd</font></div><div><font face="arial, sans-serif">+<span class="" style="white-space:pre"> </span>"</font></div>
<div><font face="arial, sans-serif">+ fi</font></div><div><font face="arial, sans-serif"> fi</font></div></div><div style="font-family:arial,sans-serif;font-size:12.800000190734863px">---</div><div style="font-family:arial,sans-serif;font-size:12.800000190734863px">
<br></div>-- <br>Thanks<br>-Mingjiang
</div></div></div>