[lxc-devel] [PATCH] Enhancements to the centos template
Mingjiang Shi
mrjewes at gmail.com
Thu Mar 13 15:49:42 UTC 2014
Hi All,
This patch introduces the following enhancements to the centos templates.
1. Added option to not expire the root password
2. Added option to copy the host ssh public key to the container so that
one can ssh to the my containers without using password
3. Added option to set static IP to the container. Used when run services
which needs static ip address, such as hadoop.
Let me know if you have any questions. Thanks!
*Tests have been run:*
1. Created a container without using the newly added options, the current
behaviors are preserved, i.e. root password need to be changed at first
log, dynamic ip address and no public key is copied.
2. Tested the new behaviors are working by creating a container using the
newly added options.
Signed-off-by: Mingjiang Shi <mrjewes at gmail dot com>
---
diff --git a/templates/lxc-centos.in b/templates/lxc-centos.in
index 55e0531..3c0e9e6 100644
--- a/templates/lxc-centos.in
+++ b/templates/lxc-centos.in
@@ -229,31 +229,57 @@ configure_centos()
cd ${rootfs_path}/etc/rc.d/rc6.d
ln -s ../init.d/lxc-halt S00lxc-reboot
)
fi
+ if [ $use_static_ip == "yes" ];then
+ # configure the network using static ip
+ cat <<EOF > ${rootfs_path}/etc/sysconfig/network-scripts/ifcfg-eth0
+DEVICE=eth0
+BOOTPROTO=none
+ONBOOT=yes
+HOSTNAME=${utsname}
+NM_CONTROLLED=no
+TYPE=Ethernet
+MTU=${MTU}
+EOF
+ # set static route, add the default gateway
+ cat <<EOF > ${rootfs_path}/etc/sysconfig/static-routes
+any net default gw ${gw}
+EOF
+
+ # set minimal hosts, don't resolve the hostname to 127.0.0.1
+ # resolve it to the static ip
+ cat <<EOF > $rootfs_path/etc/hosts
+127.0.0.1 localhost
+$ip ${utsname} $name
+EOF
+
+ else
# configure the network using the dhcp
cat <<EOF > ${rootfs_path}/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
-HOSTNAME=${UTSNAME}
+HOSTNAME=${utsname}
NM_CONTROLLED=no
TYPE=Ethernet
MTU=${MTU}
EOF
+ # set minimal hosts
+ cat <<EOF > $rootfs_path/etc/hosts
+127.0.0.1 localhost $name
+EOF
+ fi
+
# set the hostname
cat <<EOF > ${rootfs_path}/etc/sysconfig/network
NETWORKING=yes
-HOSTNAME=${UTSNAME}
+HOSTNAME=${utsname}
EOF
- # set minimal hosts
- cat <<EOF > $rootfs_path/etc/hosts
-127.0.0.1 localhost $name
-EOF
# set minimal fstab
cat <<EOF > $rootfs_path/etc/fstab
/dev/root / rootfs defaults 0
0
none /dev/shm tmpfs nosuid,nodev 0
0
@@ -337,12 +363,15 @@ EOF
echo ${root_password} > ${config_path}/tmp_root_pass
echo "Storing root password in '${config_path}/tmp_root_pass'"
fi
echo "root:$root_password" | chroot $rootfs_path chpasswd
- # Also set this password as expired to force the user to change it!
- chroot $rootfs_path passwd -e root
+
+ if [ $expire_root_passwd == "yes" ];then
+ # Set this password as expired to force the user to change it!
+ chroot $rootfs_path passwd -e root
+ fi
# This will need to be enhanced for CentOS 7 when systemd
# comes into play... /\/\|=mhw=|\/\/
return 0
@@ -370,11 +399,11 @@ download_centos()
fi
# download a mini centos into a cache
echo "Downloading centos minimal ..."
YUM="yum --installroot $INSTALL_ROOT -y --nogpgcheck"
- PKG_LIST="yum initscripts passwd rsyslog vim-minimal openssh-server
openssh-clients dhclient chkconfig rootfiles policycoreutils"
+ PKG_LIST="yum initscripts passwd rsyslog vim openssh-server
openssh-clients dhclient chkconfig rootfiles policycoreutils wget tar sudo
zip unzip which"
# use temporary repository definition
REPO_FILE=$INSTALL_ROOT/etc/yum.repos.d/lxc-centos-temp.repo
mkdir -p $(dirname $REPO_FILE)
if [ -n "$repo" ]; then
@@ -559,10 +588,15 @@ lxc.rootfs = $rootfs_path
fi
fi
done < $config_path/config.def
rm -f $config_path/config.def
+
+ # append the container ip address
+ if [ $use_static_ip == "yes" ];then
+ echo "lxc.network.ipv4 = ${ip}/24" >> $config_path/config
+ fi
if [ -e "@LXCTEMPLATECONFIG@/centos.common.conf" ]; then
echo "
# Include common configuration
lxc.include = @LXCTEMPLATECONFIG@/centos.common.conf
@@ -635,46 +669,87 @@ Optional args:
-p,--path path to where the container rootfs will be created,
defaults to /var/lib/lxc/name.
-c,--clean clean the cache
-R,--release Centos release for the new container. if the host is
Centos, then it will defaultto the host's release.
--fqdn fully qualified domain name (FQDN) for DNS and system
naming
--repo repository to use (url)
+ --ip specify a static ip, must use with --gw option
+ --gw specify the default gateway, required if --ip option
is used.
+ -E, don't set the root password expired
+ -s, Copy the current ssh public key to the authorized host
list of the container
-a,--arch Define what arch the container will be [i686,x86_64]
-h,--help print this help
EOF
return 0
}
-options=$(getopt -o a:hp:n:cR: -l
help,path:,rootfs:,name:,clean,release:,repo:,arch:,fqdn: -- "$@")
+copy_ssh_key_to_container()
+{
+ # create the .ssh folder and set permission
+ container_ssh_dir=${rootfs_path}/root/.ssh
+ if [ ! -d $container_ssh_dir ];then
+ mkdir -p $container_ssh_dir
+ chmod 700 $container_ssh_dir
+ fi
+
+ # copy the id_rsa.pub to authorized_keys if exists
+ my_ssh_id=$HOME/.ssh/id_rsa.pub
+ if [ -f $my_ssh_id ];then
+ cat $my_ssh_id >> $container_ssh_dir/authorized_keys
+ fi
+
+ # copy the id_dsa.pub to authorized_keys if exists
+ my_ssh_id=$HOME/.ssh/id_dsa.pub
+ if [ -f $my_ssh_id ];then
+ cat $my_ssh_id >> $container_ssh_dir/authorized_keys
+ fi
+}
+
+options=$(getopt -o a:hp:n:cR:Es -l
help,path:,rootfs:,name:,clean,release:,repo:,arch:,fqdn:,ip:,gw: -- "$@")
if [ $? -ne 0 ]; then
usage $(basename $0)
exit 1
fi
arch=$(arch)
+use_static_ip=no
+ip=
+gw=
+expire_root_passwd=yes
+copy_ssh_id=no
eval set -- "$options"
while true
do
case "$1" in
-h|--help) usage $0 && exit 0;;
-p|--path) path=$2; shift 2;;
--rootfs) rootfs=$2; shift 2;;
-n|--name) name=$2; shift 2;;
-c|--clean) clean=$2; shift 2;;
-R|--release) release=$2; shift 2;;
- --repo) repo="$2"; shift 2;;
+ --repo) repo="$2"; shift 2;;
-a|--arch) newarch=$2; shift 2;;
--fqdn) utsname=$2; shift 2;;
+ --ip) use_static_ip=yes; ip=$2; shift 2;;
+ --gw) gw=$2; shift 2;;
+ -E) expire_root_passwd=no; shift 1;;
+ -s) copy_ssh_id=yes; shift 1;;
--) shift 1; break ;;
*) break ;;
esac
done
if [ ! -z "$clean" -a -z "$path" ]; then
clean || exit 1
exit 0
fi
+if [ ! -z "$ip" -a -z "$gw" ];then
+ echo "Missing the default gateway, use --gw option to specify the
default gateway"
+ usage $0
+ exit 1
+fi
+
basearch=${arch}
# Map a few architectures to their generic CentOS repository archs.
# The two ARM archs are a bit of a guesstimate for the v5 and v6
# archs. V6 should have hardware floating point (Rasberry Pi).
# The "arm" arch is safer (no hardware floating point). So
@@ -846,10 +921,15 @@ if [ $? -ne 0 ]; then
exit 1
fi
configure_centos_init
+# copy the ssh public key to authorized keys in the container
+if [ $copy_ssh_id == "yes" ];then
+ copy_ssh_key_to_container
+fi
+
if [ ! -z $clean ]; then
clean || exit 1
exit 0
fi
echo "
@@ -879,15 +959,17 @@ then
chroot ${rootfs_path} passwd
"
chroot ${rootfs_path} passwd
else
- echo "
-The root password is set up as "expired" and will require it to be changed
-at first login, which you should do as soon as possible. If you lose the
-root password or wish to change it without starting the container, you
-can change it from the host by running the following command (which will
-also reset the expired flag):
-
- chroot ${rootfs_path} passwd
-"
+ if [ $expire_root_passwd == "yes" ];then
+ echo "
+ The root password is set up as "expired" and will require it to be changed
+ at first login, which you should do as soon as possible. If you lose the
+ root password or wish to change it without starting the container, you
+ can change it from the host by running the following command (which will
+ also reset the expired flag):
+
+ chroot ${rootfs_path} passwd
+ "
+ fi
fi
---
--
Thanks
-Mingjiang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140313/77170c23/attachment-0001.html>
More information about the lxc-devel
mailing list