[lxc-devel] [PATCH] download: Initial template

Serge Hallyn serge.hallyn at ubuntu.com
Sat Jan 11 06:20:41 UTC 2014


Quoting Stéphane Graber (stgraber at ubuntu.com):
> This adds a new template called "download". It's a fairly simple
> template with a minimal set of dependency which will grab any pre-built
> image available on https://images.linuxcontainers.org
> Note that the serverside is still work in progress (missing SSL support).
> 
> Access is done over https by default with a warning being emitted if
> fallback to http was required (may be needed for testing, when behind
> proxy and with private servers). All index files and tarballs are
> gpg-signed with the default pubkeyid contained in the template itself.
> 
> The main benefit of this template is to be entirely
> distribution-agnostic, any template that can be integrated with the
> server build infrastructure will then work on any LXC machine when using
> the download template. This template is also compatible with user
> namespaces and will hopefully help widden the number of distros that may
> work in unprivileged LXC.
> 
> This commit also bundles a small change to the template configs to have
> the ubuntu template (used by the download template) to work with
> unprivileged LXC.
> 
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>

Maybe I should wait until I look at it again with fresh
eyes in the morning, but I don't see any problems with it...

Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

> ---
>  .gitignore                                   |   1 +
>  config/templates/Makefile.am                 |   3 +-
>  config/templates/ubuntu-cloud.userns.conf.in |  18 +-
>  config/templates/ubuntu.userns.conf.in       |  16 ++
>  configure.ac                                 |   2 +
>  templates/Makefile.am                        |  21 +-
>  templates/lxc-download.in                    | 415 +++++++++++++++++++++++++++
>  7 files changed, 449 insertions(+), 27 deletions(-)
>  create mode 100644 config/templates/ubuntu.userns.conf.in
>  create mode 100644 templates/lxc-download.in
> 
> diff --git a/.gitignore b/.gitignore
> index 1115ac6..89f1640 100644
> --- a/.gitignore
> +++ b/.gitignore
> @@ -32,6 +32,7 @@ templates/lxc-busybox
>  templates/lxc-centos
>  templates/lxc-cirros
>  templates/lxc-debian
> +templates/lxc-download
>  templates/lxc-fedora
>  templates/lxc-openmandriva
>  templates/lxc-opensuse
> diff --git a/config/templates/Makefile.am b/config/templates/Makefile.am
> index 6cc045b..3c6cc2e 100644
> --- a/config/templates/Makefile.am
> +++ b/config/templates/Makefile.am
> @@ -5,4 +5,5 @@ templatesconfig_DATA = \
>  	ubuntu-cloud.lucid.conf \
>  	ubuntu-cloud.userns.conf \
>  	ubuntu.common.conf \
> -	ubuntu.lucid.conf
> +	ubuntu.lucid.conf \
> +	ubuntu.userns.conf
> diff --git a/config/templates/ubuntu-cloud.userns.conf.in b/config/templates/ubuntu-cloud.userns.conf.in
> index f47ede3..e1baca8 100644
> --- a/config/templates/ubuntu-cloud.userns.conf.in
> +++ b/config/templates/ubuntu-cloud.userns.conf.in
> @@ -1,16 +1,2 @@
> -# CAP_SYS_ADMIN in init-user-ns is required for cgroup.devices
> -lxc.cgroup.devices.deny =
> -lxc.cgroup.devices.allow =
> -
> -# We can't move bind-mounts, so don't use /dev/lxc/
> -lxc.devttydir =
> -
> -# Extra bind-mounts for userns
> -lxc.mount.entry = /dev/console dev/console none bind,create=file 0 0
> -lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0
> -lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0
> -lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0
> -
> -# Extra fstab entries as mountall can't mount those by itself
> -lxc.mount.entry = /sys/firmware/efi/efivars sys/firmware/efi/efivars none bind,optional 0 0
> -lxc.mount.entry = /proc/sys/fs/binfmt_misc proc/sys/fs/binfmt_misc none bind,optional 0 0
> +# This derives from the main Ubuntu userns config
> +lxc.include = @LXCTEMPLATECONFIG@/ubuntu.userns.conf
> diff --git a/config/templates/ubuntu.userns.conf.in b/config/templates/ubuntu.userns.conf.in
> new file mode 100644
> index 0000000..f47ede3
> --- /dev/null
> +++ b/config/templates/ubuntu.userns.conf.in
> @@ -0,0 +1,16 @@
> +# CAP_SYS_ADMIN in init-user-ns is required for cgroup.devices
> +lxc.cgroup.devices.deny =
> +lxc.cgroup.devices.allow =
> +
> +# We can't move bind-mounts, so don't use /dev/lxc/
> +lxc.devttydir =
> +
> +# Extra bind-mounts for userns
> +lxc.mount.entry = /dev/console dev/console none bind,create=file 0 0
> +lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0
> +lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0
> +lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0
> +
> +# Extra fstab entries as mountall can't mount those by itself
> +lxc.mount.entry = /sys/firmware/efi/efivars sys/firmware/efi/efivars none bind,optional 0 0
> +lxc.mount.entry = /proc/sys/fs/binfmt_misc proc/sys/fs/binfmt_misc none bind,optional 0 0
> diff --git a/configure.ac b/configure.ac
> index cbaa38b..327dc7b 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -537,6 +537,7 @@ AC_CONFIG_FILES([
>  	config/templates/ubuntu-cloud.userns.conf
>  	config/templates/ubuntu.common.conf
>  	config/templates/ubuntu.lucid.conf
> +	config/templates/ubuntu.userns.conf
>  
>  	doc/Makefile
>  	doc/api/Makefile
> @@ -631,6 +632,7 @@ AC_CONFIG_FILES([
>  	templates/Makefile
>  	templates/lxc-cirros
>  	templates/lxc-debian
> +	templates/lxc-download
>  	templates/lxc-ubuntu
>  	templates/lxc-ubuntu-cloud
>  	templates/lxc-opensuse
> diff --git a/templates/Makefile.am b/templates/Makefile.am
> index abdca6f..ff0a603 100644
> --- a/templates/Makefile.am
> +++ b/templates/Makefile.am
> @@ -1,18 +1,19 @@
>  templatesdir=@LXCTEMPLATEDIR@
>  
>  templates_SCRIPTS = \
> -	lxc-debian \
> -	lxc-ubuntu \
> -	lxc-ubuntu-cloud \
> -	lxc-opensuse \
> +	lxc-alpine \
> +	lxc-altlinux \
> +	lxc-archlinux \
> +	lxc-busybox \
>  	lxc-centos \
> +	lxc-cirros \
> +	lxc-debian \
> +	lxc-download \
>  	lxc-fedora \
>  	lxc-openmandriva \
> +	lxc-opensuse \
>  	lxc-oracle \
> -	lxc-altlinux \
> -	lxc-busybox \
> +	lxc-plamo \
>  	lxc-sshd \
> -	lxc-archlinux \
> -	lxc-alpine \
> -	lxc-cirros \
> -	lxc-plamo
> +	lxc-ubuntu \
> +	lxc-ubuntu-cloud
> diff --git a/templates/lxc-download.in b/templates/lxc-download.in
> new file mode 100644
> index 0000000..cab6cbc
> --- /dev/null
> +++ b/templates/lxc-download.in
> @@ -0,0 +1,415 @@
> +#!/bin/sh
> +
> +# Client script for LXC container images.
> +#
> +# Copyright © 2014 Stéphane Graber <stgraber at ubuntu.com>
> +#
> +#  This library is free software; you can redistribute it and/or
> +#  modify it under the terms of the GNU Lesser General Public
> +#  License as published by the Free Software Foundation; either
> +#  version 2.1 of the License, or (at your option) any later version.
> +
> +#  This library is distributed in the hope that it will be useful,
> +#  but WITHOUT ANY WARRANTY; without even the implied warranty of
> +#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> +#  Lesser General Public License for more details.
> +
> +#  You should have received a copy of the GNU Lesser General Public
> +#  License along with this library; if not, write to the Free Software
> +#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301
> +#  USA
> +
> +set -eu
> +
> +LXC_TEMPLATE_CONFIG="@LXCTEMPLATECONFIG@"
> +LXC_HOOK_DIR="@LXCHOOKDIR@"
> +LOCALSTATEDIR="@LOCALSTATEDIR@"
> +
> +# Defaults
> +DOWNLOAD_DIST=
> +DOWNLOAD_RELEASE=
> +DOWNLOAD_ARCH=
> +DOWNLOAD_VARIANT="default"
> +DOWNLOAD_SERVER="images.linuxcontainers.org"
> +DOWNLOAD_KEYID="0xBAEFF88C22F6E216"
> +DOWNLOAD_KEYSERVER="pool.sks-keyservers.net"
> +DOWNLOAD_VALIDATE="true"
> +DOWNLOAD_FLUSH_CACHE="false"
> +DOWNLOAD_MODE="system"
> +DOWNLOAD_USE_CACHE="false"
> +DOWNLOAD_URL=
> +DOWNLOAD_SHOW_HTTP_WARNING="true"
> +DOWNLOAD_SHOW_GPG_WARNING="true"
> +DOWNLOAD_COMPAT_LEVEL=1
> +
> +LXC_NAME=
> +LXC_PATH=
> +LXC_ROOTFS=
> +LXC_MAPPED_UID=
> +
> +# Some useful functions
> +cleanup() {
> +    if [ -d "$DOWNLOAD_TEMP" ]; then
> +        rm -Rf $DOWNLOAD_TEMP
> +    fi
> +}
> +
> +download_file() {
> +    if ! wget -q https://${DOWNLOAD_SERVER}/$1 -O $2 >/dev/null 2>&1; then
> +        if ! wget -q http://${DOWNLOAD_SERVER}/$1 -O $2 >/dev/null 2>&1; then
> +            if [ "$3" = "noexit" ]; then
> +                return 1
> +            else
> +                echo "ERROR: Failed to download $1" 1>&2
> +                exit 1
> +            fi
> +        elif [ "$DOWNLOAD_SHOW_HTTP_WARNING" = "true" ]; then
> +            DOWNLOAD_SHOW_HTTP_WARNING="false"
> +            echo "WARNING: Failed to download the file over HTTPs." 1>&2
> +            echo -n "         The file was instead download over HTTP. " 1>&2
> +            echo "A server replay attack may be possible!" 1>&2
> +        fi
> +    fi
> +}
> +
> +gpg_setup() {
> +    if [ "$DOWNLOAD_VALIDATE" = "false" ]; then
> +        return
> +    fi
> +
> +    echo "Setting up the GPG keyring"
> +
> +    mkdir -p "$DOWNLOAD_TEMP/gpg"
> +    chmod 700 "$DOWNLOAD_TEMP/gpg"
> +    export GNUPGHOME="$DOWNLOAD_TEMP/gpg"
> +    if ! gpg --keyserver $DOWNLOAD_KEYSERVER \
> +            --recv-keys ${DOWNLOAD_KEYID} >/dev/null 2>&1; then
> +        echo "ERROR: Unable to fetch GPG key from keyserver."
> +        exit 1
> +    fi
> +}
> +
> +gpg_validate() {
> +    if [ "$DOWNLOAD_VALIDATE" = "false" ]; then
> +        if [ "$DOWNLOAD_SHOW_GPG_WARNING" = "true" ]; then
> +            echo "WARNING: Running without gpg validation!" 1>&2
> +        fi
> +        DOWNLOAD_SHOW_GPG_WARNING="false"
> +        return 0
> +    fi
> +
> +    if ! gpg --verify $1 >/dev/zero 2>&1; then
> +        echo "ERROR: Invalid signature for $1" 1>&2
> +        exit 1
> +    fi
> +}
> +
> +in_userns() {
> +    [ -e /proc/self/uid_map ] || { echo no; return; }
> +    [ "$(wc -l /proc/self/uid_map | awk '{ print $1 }')" -eq 1 ] || \
> +        { echo yes; return; }
> +    line=$(awk '{ print $1 " " $2 " " $3 }' /proc/self/uid_map)
> +    [ "$line" = "0 0 4294967295" ] && { echo no; return; }
> +    echo yes
> +}
> +
> +relevant_file() {
> +    FILE_PATH="${LXC_CACHE_PATH}/$1"
> +    if [ -e "${FILE_PATH}-${DOWNLOAD_MODE}" ]; then
> +        FILE_PATH="${FILE_PATH}-${DOWNLOAD_MODE}"
> +    fi
> +    if [ -e "$FILE_PATH.${DOWNLOAD_COMPAT_LEVEL}" ]; then
> +        FILE_PATH="${FILE_PATH}.${DOWNLOAD_COMPAT_LEVEL}"
> +    fi
> +
> +    echo $FILE_PATH
> +}
> +
> +usage() {
> +    cat <<EOF
> +LXC container image downloader
> +
> +Required arguments:
> +[ -d | --dist <distribution> ]: The name of the distribution
> +[ -r | --release <release> ]: Release name/version
> +[ -a | --arch <architecture> ]: Architecture of the container
> +[ -h | --help ]: This help message
> +
> +Optional arguments:
> +[ --variant <variant> ]: Variant of the image (default: "default")
> +[ --server <server> ]: Image server (default: "images.linuxcontainers.org")
> +[ --keyid <keyid> ]: GPG keyid (default: 0x...)
> +[ --keyserver <keyserver> ]: GPG keyserver to use
> +[ --no-validate ]: Disable GPG validation (not recommended)
> +[ --flush-cache ]: Flush the local copy (if present)
> +
> +LXC internal arguments (do not pass manually!):
> +[ --name <name> ]: The container name
> +[ --path <path> ]: The path to the container
> +[ --rootfs <rootfs> ]: The path to the container's rootfs
> +[ --mapped-uid <map> ]: A uid/gid map (user namespaces)
> +EOF
> +    return 0
> +}
> +
> +options=$(getopt -o d:r:a:h -l dist:,release:,arch:,help,variant:,server:,\
> +keyid:,no-validate,flush-cache,name:,path:,rootfs:,mapped-uid: -- "$@")
> +
> +if [ $? -ne 0 ]; then
> +    usage
> +    exit 1
> +fi
> +eval set -- "$options"
> +
> +while :; do
> +    case "$1" in
> +        -h|--help)          usage $0 && exit 0;;
> +        -d|--dist)          DOWNLOAD_DIST=$2; shift 2;;
> +        -r|--release)       DOWNLOAD_RELEASE=$2; shift 2;;
> +        -a|--arch)          DOWNLOAD_ARCH=$2; shift 2;;
> +        --variant)          DOWNLOAD_VARIANT=$2; shift 2;;
> +        --server)           DOWNLOAD_SERVER=$2; shift 2;;
> +        --keyid)            DOWNLOAD_KEYID=$2; shift 2;;
> +        --no-validate)      DOWNLOAD_VALIDATE="false"; shift 1;;
> +        --flush-cache)      DOWNLOAD_FLUSH_CACHE="true"; shift 1;;
> +        --name)             LXC_NAME=$2; shift 2;;
> +        --path)             LXC_PATH=$2; shift 2;;
> +        --rootfs)           LXC_ROOTFS=$2; shift 2;;
> +        --mapped-uid)       LXC_MAPPED_UID=$2; shift 2;;
> +        *)                  break;;
> +    esac
> +done
> +
> +# Check for required binaries
> +for bin in tar xz wget; do
> +    if ! type $bin >/dev/null 2>&1; then
> +        echo "ERROR: Missing required tool: $bin" 1>&2
> +        exit 1
> +    fi
> +done
> +
> +# Check for GPG
> +if [ "$DOWNLOAD_VALIDATE" = "true" ]; then
> +    if ! type gpg >/dev/null 2>&1; then
> +        echo "ERROR: Missing recommended tool: gpg" 1>&2
> +        echo "You can workaround this by using --no-validate." 1>&2
> +        exit 1
> +    fi
> +fi
> +
> +# Check that we have all variables we need
> +if [ -z "$LXC_NAME" ] || [ -z "$LXC_PATH" ] || [ -z "$LXC_ROOTFS" ]; then
> +    echo "ERROR: Not running through LXC." 1>&2
> +    exit 1
> +fi
> +
> +if [ "$(in_userns)" = "yes" ]; then
> +    if [ -z "$LXC_MAPPED_UID" ] || [ "$LXC_MAPPED_UID" = "-1" ]; then
> +        echo "ERROR: In a user namespace without a map." 1>&2
> +        exit 1
> +    fi
> +    DOWNLOAD_MODE="user"
> +fi
> +
> +if [ -z "$DOWNLOAD_DIST" ] || [ -z "$DOWNLOAD_RELEASE" ] || \
> +   [ -z "$DOWNLOAD_ARCH" ]; then
> +    echo "ERROR: Missing required argument" 1>&2
> +    usage
> +    exit 1
> +fi
> +
> +# Trap all exit signals
> +trap cleanup EXIT HUP INT TERM
> +DOWNLOAD_TEMP=$(mktemp -d)
> +
> +# Setup the cache
> +if [ "$DOWNLOAD_MODE" = "system" ]; then
> +    LXC_CACHE_BASE="$LOCALSTATEDIR/cache/"
> +    LXC_CACHE_PATH="$LOCALSTATEDIR/cache/lxc/download/$DOWNLOAD_DIST"
> +    LXC_CACHE_PATH="$LXC_CACHE_PATH/$DOWNLOAD_RELEASE/$DOWNLOAD_ARCH"
> +else
> +    LXC_CACHE_BASE="$HOME/.cache/lxc/"
> +    LXC_CACHE_PATH="$HOME/.cache/lxc/download/$DOWNLOAD_DIST"
> +    LXC_CACHE_PATH="$LXC_CACHE_PATH/$DOWNLOAD_RELEASE/$DOWNLOAD_ARCH"
> +fi
> +
> +if [ -d "$LXC_CACHE_PATH" ]; then
> +    if [ "$DOWNLOAD_FLUSH_CACHE" = "true" ]; then
> +        echo "Flushing the cache..."
> +        rm -Rf $LXC_CACHE_PATH
> +    else
> +        DOWNLOAD_USE_CACHE="true"
> +        if [ -e "$(relevant_file expiry)" ]; then
> +            if [ "$(cat $(relevant_file expiry))" -lt $(date +%s) ]; then
> +                echo "The cached copy has expired, re-downloading..."
> +                DOWNLOAD_USE_CACHE="false"
> +                rm -Rf $LXC_CACHE_PATH
> +            fi
> +        fi
> +    fi
> +fi
> +
> +# Download what's needed
> +if [ "$DOWNLOAD_USE_CACHE" = "false" ]; then
> +    # Initialize GPG
> +    gpg_setup
> +
> +    # Grab the index
> +    DOWNLOAD_INDEX_PATH=/meta/1.0/index-${DOWNLOAD_MODE}
> +
> +    echo "Downloading the image index"
> +    if ! download_file ${DOWNLOAD_INDEX_PATH}.${DOWNLOAD_COMPAT_LEVEL} \
> +         ${DOWNLOAD_TEMP}/index noexit ||
> +       ! download_file ${DOWNLOAD_INDEX_PATH}.${DOWNLOAD_COMPAT_LEVEL}.asc \
> +            ${DOWNLOAD_TEMP}/index.asc noexit; then
> +        download_file ${DOWNLOAD_INDEX_PATH} ${DOWNLOAD_TEMP}/index normal
> +        download_file ${DOWNLOAD_INDEX_PATH}.asc \
> +            ${DOWNLOAD_TEMP}/index.asc normal
> +    fi
> +
> +    gpg_validate ${DOWNLOAD_TEMP}/index.asc
> +
> +    # Parse it
> +    while read line; do
> +        # Basic CSV parser
> +        OLD_IFS=$IFS
> +        IFS=";"
> +        set -- $line
> +        IFS=$OLD_IFS
> +
> +        if [ "$1" != "$DOWNLOAD_DIST" ] || \
> +           [ "$2" != "$DOWNLOAD_RELEASE" ] || \
> +           [ "$3" != "$DOWNLOAD_ARCH" ] || \
> +           [ "$4" != "$DOWNLOAD_VARIANT" ] || \
> +           [ -z "$6" ]; then
> +            continue
> +        fi
> +
> +        DOWNLOAD_URL=$6
> +        break
> +    done < ${DOWNLOAD_TEMP}/index
> +
> +    if [ -z "$DOWNLOAD_URL" ]; then
> +        echo "ERROR: Couldn't find a matching image." 1>&1
> +        exit 1
> +    fi
> +
> +    # Download the actual files
> +    echo "Downloading the rootfs"
> +    download_file $DOWNLOAD_URL/rootfs.tar.xz \
> +        ${DOWNLOAD_TEMP}/rootfs.tar.xz normal
> +    download_file $DOWNLOAD_URL/rootfs.tar.xz.asc \
> +         ${DOWNLOAD_TEMP}/rootfs.tar.xz.asc normal
> +    gpg_validate ${DOWNLOAD_TEMP}/rootfs.tar.xz.asc
> +
> +    echo "Downloading the metadata"
> +    download_file $DOWNLOAD_URL/meta.tar.xz \
> +        ${DOWNLOAD_TEMP}/meta.tar.xz normal
> +    download_file $DOWNLOAD_URL/meta.tar.xz.asc \
> +        ${DOWNLOAD_TEMP}/meta.tar.xz.asc normal
> +    gpg_validate ${DOWNLOAD_TEMP}/meta.tar.xz.asc
> +
> +    mkdir -p $LXC_CACHE_PATH
> +    mv ${DOWNLOAD_TEMP}/rootfs.tar.xz $LXC_CACHE_PATH
> +    if ! tar Jxf ${DOWNLOAD_TEMP}/meta.tar.xz -C $LXC_CACHE_PATH; then
> +        echo "ERROR: Invalid rootfs tarball." 2>&1
> +        exit 1
> +    fi
> +
> +    if [ -n "$LXC_MAPPED_UID" ] && [ "$LXC_MAPPED_UID" != "-1" ]; then
> +        chown $LXC_MAPPED_UID -Rf $LXC_CACHE_BASE >/dev/null 2>&1 || true
> +    fi
> +    echo "The image cache is now ready"
> +else
> +    echo "Using image from local cache"
> +fi
> +
> +# Unpack the rootfs
> +echo "Unpacking the rootfs"
> +if [ "$DOWNLOAD_MODE" = "system" ]; then
> +    tar --numeric-owner -xpJf ${LXC_CACHE_PATH}/rootfs.tar.xz -C ${LXC_ROOTFS}
> +else
> +    tar  --anchored --exclude="./dev/*" --numeric-owner -xpJf \
> +        ${LXC_CACHE_PATH}/rootfs.tar.xz -C ${LXC_ROOTFS}
> +    mkdir -p ${LXC_ROOTFS}/dev/pts/
> +fi
> +
> +# Setup the configuration
> +configfile=$(relevant_file config)
> +fstab=$(relevant_file fstab)
> +if [ ! -e $configfile ]; then
> +    echo "ERROR: meta tarball is missing the configuration file" 1>&2
> +    exit 1
> +fi
> +
> +## Extract all the network config entries
> +sed -i -e "/lxc.network/{w ${LXC_PATH}/config-network" -e "d}" \
> +    ${LXC_PATH}/config
> +
> +## Extract any other config entry
> +sed -i -e "/lxc./{w ${LXC_PATH}/config-auto" -e "d}" ${LXC_PATH}/config
> +
> +## Append the defaults
> +echo "" >> ${LXC_PATH}/config
> +echo "# Distribution configuration" >> ${LXC_PATH}/config
> +cat $configfile >> ${LXC_PATH}/config
> +
> +## Add the container-specific config
> +echo "" >> ${LXC_PATH}/config
> +echo "# Container specific configuration" >> ${LXC_PATH}/config
> +if [ -e "${LXC_PATH}/config-auto" ]; then
> +    cat ${LXC_PATH}/config-auto >> ${LXC_PATH}/config
> +    rm ${LXC_PATH}/config-auto
> +fi
> +if [ -e "$fstab" ]; then
> +    echo "lxc.mount = ${LXC_PATH}/fstab" >> ${LXC_PATH}/config
> +fi
> +echo "lxc.utsname = ${LXC_NAME}" >> ${LXC_PATH}/config
> +
> +## Re-add the previously removed network config
> +if [ -e "${LXC_PATH}/config-network" ]; then
> +    echo "" >> ${LXC_PATH}/config
> +    echo "# Network configuration" >> ${LXC_PATH}/config
> +    cat ${LXC_PATH}/config-network >> ${LXC_PATH}/config
> +    rm ${LXC_PATH}/config-network
> +fi
> +
> +TEMPLATE_FILES="${LXC_PATH}/config"
> +
> +# Setup the fstab
> +if [ -e $fstab ]; then
> +    cp ${fstab} ${LXC_PATH}/fstab
> +    TEMPLATE_FILES="$TEMPLATE_FILES ${LXC_PATH}/fstab"
> +fi
> +
> +# Look for extra templates
> +if [ -e "$(relevant_file templates)" ]; then
> +    while read line; do
> +        fullpath=${LXC_ROOTFS}/$line
> +        [ ! -e "$fullpath" ] && continue
> +        TEMPLATE_FILES="$TEMPLATE_FILES $fullpath"
> +    done < $(relevant_file templates)
> +fi
> +
> +# Replace variables in all templates
> +for file in $TEMPLATE_FILES; do
> +    [ ! -e "$file" ] && continue
> +
> +    sed -i "s#LXC_NAME#$LXC_NAME#g" $file
> +    sed -i "s#LXC_PATH#$LXC_PATH#g" $file
> +    sed -i "s#LXC_ROOTFS#$LXC_ROOTFS#g" $file
> +    sed -i "s#LXC_TEMPLATE_CONFIG#$LXC_TEMPLATE_CONFIG#g" $file
> +    sed -i "s#LXC_HOOK_DIR#$LXC_HOOK_DIR#g" $file
> +done
> +
> +if [ -n "$LXC_MAPPED_UID" ] && [ "$LXC_MAPPED_UID" != "-1" ]; then
> +    chown $LXC_MAPPED_UID -f $LXC_PATH/config $LXC_PATH/fstab || true
> +fi
> +
> +if [ -e "$(relevant_file create-message)" ]; then
> +    echo ""
> +    echo "---"
> +    cat "$(relevant_file create-message)"
> +fi
> +
> +exit 0
> -- 
> 1.8.5.2
> 
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel


More information about the lxc-devel mailing list