With the current old CentOS template, dnsmasq was not able to resolve
the hostname of an lxc container after it had been created. This minor
change rectifies that.
Signed-off-by: Kalman Olah <hello@kalmanolah.net>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
When using unprivileged containers, tty fails because of vhangup. Adding
--nohangup to nimgetty, it fixes the issue. This is the same problem
occurred for oracle template, commit 2e83f7201c
Signed-off-by: Claudio Alarcon clalarco@gmail.com
Added lxc.arch to the resulting container configuration files
to support i686 on x86_64 cross arch containers.
Signed-off-by: Michael H. Warfield <mhw@WittsEnd.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Added the environment variable "root_password_expired" to
control if the initial, temporary, root password is initially
set up as "expired". If set to "yes" (default), the root password
is set as "expired" and the user must change it at first login.
Signed-off-by: Michael H. Warfield <mhw@WittsEnd.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Added code to catch SIGPWR for Upstart in Fedora and CentOS
containers as well as for Systemd in Fedora containers.
Signed-off-by: Michael H. Warfield <mhw@WittsEnd.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
If the container does not already contain an /etc/localtime
timezone definition, then copy a definition from the host to
the container. This is often a symlink to an appropriate
system timezone definition files and is presumed to exist in
Signed-off-by: Michael H. Warfield <mhw@WittsEnd.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
For all templates except lxc-ubuntu-cloud and lxc-download, detect not
only --mapped-uid but also --mapped-gid and error out. Detecting will
not be done after -- parameter because of non-option parameters.
Also, change the mode of lxc-archlinux.in 100755 to 100644.
Signed-off-by: TAMUKI Shoichi <tamuki@linet.gr.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Only the download and ubuntu-cloud templates work with unprivileged
containers, for all others, detect --mapped-uid and error out as early
as possible, recommending the use of the download template.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
This change introduces a flag --repo to the lxc-centos template
to allow using a local repository (e.g. a loop mounted installer
iso on your web server).
Signed-off-by: Harald Dunkel <harri@afaics.de>
Acked-by: Michael H. Warfield <mhw@WittsEnd.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Added code to the CentOS and Fedora templates so that x86 32 bit containers
may be built on x86_64 platforms. Like archectectures may also be trivially
used as well.
Option added is "-a {arch}".
Additionally cleaned up some bash specific logic.
Signed-off-by: Michael H. Warfield <mhw@WittsEnd.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This updates the Fedora and CentOS templates to utilize a common
included config. This is largely based on the changes in the Oracle
template with some exceptions.
Dropping of setpcap (present in the Oracle template) is commented out in
the Fedora template. It seems to cause problems, such as large login
delays with Fedora 20 containers (but not Fedora 19 - strange).
The Fedora template is further modified to disable systemd-journald.service
as it is unnecessary in a container and causes serious problems when
running in a Fedora 20 container.
The Fedora template is also updated to default to Fedora 20 when running
on a non-Fedora host.
Regards,
Mike
Signed-off-by: Michael H. Warfield <mhw@WittsEnd.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This is a reissue of two previous patches along with some additional
changes for hardening the root password process based on discussions
on-list.
--
This patch modifies the lxc-fedora and lxc-centos templates for 3 things.
1) Extensively modifies root password generation, storage, and management
based on discussions on the devel list.
Root passwords are hardened and have advanced configurability.
A static password may be provided.
A password based on a template may be generated, including ${RANDOM}.
A password may be generated through mktmp using a template with X's.
Root passwords default to expired, initially.
Passwords may optionally be echoed to stdout at container creation. (no)
Passwords may optionally be stored in ${rootfs_path}/tmp_root_pass. (yes)
Users may be optionally forced to change the password at creation time. (no)
Default is to generate a pattern based password and store, no force change.
All of this may be overridden by environment variables through
conditional assignment.
2) Random static hardware addresses are generated for all configured
interfaces.
3) Add code to create sysv init style scripts to intercept shutdown and
reboot to prevent init restart and hang for CentOS and legacy Fedora
systems on shutdown, reboot, init 0, and init 6. This solves a variety
of hang conditions but only affects newly created containers. Does
not have any impact on systemd based containers.
Signed-off-by: Michael H. Warfield <mhw@WittsEnd.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
- [[ ]] -> [ ]
- == -> =
- source -> .
- redirect of fd 200 is error in mksh, use fd 9
- &> /dev/null -> > /dev/null 2>&1
- useless function keyword
- echo -e -> printf
still left bash shebang which did not validate with checkbashism, mostly
due 'type' being reported as bashism
Signed-Off-By: Elan Ruusamäe <glen@delfi.ee>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Additional logic for dealing with container shutdown / reboot
Fix a problem with CentOS containers and legacy Fedora (<16) containers
not shutting down or rebooting properly. Copy /etc/init.d/halt to
/etc/init.d/lxc-halt, deleting everything from the "hwclock save" and
all after and append a force halt or reboot at the end of the new
script, to prevent reexecing init. Link that script in as
S00lxc-halt in rc0.d and S00lxc-reboot in rc6.d to intercept the
shutdown process before it gets to S01halt / S01reboot causing the hang.
Fixed some typos in the CentOS template that were introduced in the
previous patch for hwaddr settings and missed in regression testing.
Cleaned up some instruction typos and tabs from previous patch.
Signed-off-by: Michael H. Warfield <mhw@WittsEnd.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
This deals with a reported issue when running and building containers
on a CentOS host system.
Fixed various typos in version checking when running on a CentOS system.
Added logic for differences between point releases (6.5) and rolling (6).
Added version detection logic when running on RHEL systems as well.
Fixed cpe detection string (CentOS is not adhering to their own registration).
Added logic to disable the pam_loginuid.so binary in containers.
Signed-off-by: Michael H. Warfield <mhw@WittsEnd.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This adds an lxc-centos template for crreating CentOS 5+ templates. It
does NOT create CentOS 4 or earlier containers as these are way past
end of life and no longer supported. It is based on the work of
Fajar A. Nugraha <github@fajar.net> who modified an earlier Fedora
template. His work has been brought LARGELY into congruence with
the current Fedora template. It still lacks the distro agnostic
bootstrap and systemd code from the Fedora template but those should
only be relevant with CentOS 7 when that can of worms pops open
sometime next year or so.
Signed-off-by: Michael H. Warfield <mhw@WittsEnd.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
