Skip to content

Instantly share code, notes, and snippets.

@pklaus

pklaus/60-lxc.conf

Forked from jersub/60-lxc.conf
Created April 28, 2012 14:48
Show Gist options
  • Save pklaus/2519584 to your computer and use it in GitHub Desktop.
Save pklaus/2519584 to your computer and use it in GitHub Desktop.
Download ZIP
Automates the steps to set up LXC containers with virtualized environments on Ubuntu Linux
Raw
60-lxc.conf
net.ipv4.ip_forward=1
net.ipv4.conf.eth0.proxy_arp=1
Raw
interfaces
auto br0
iface br0 inet static
bridge_ports dummy0
bridge_stp off
bridge_fd 0
address 192.168.0.1
netmask 255.255.255.0
pre-up /sbin/modprobe dummy
# Local containers
post-up /sbin/ip route add 192.168.1.0/24 via 192.168.0.1
post-up /sbin/iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
pre-down /sbin/iptables -t nat -D POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
Raw
lxc_create-container.sh
#!/bin/bash
### Script written from another one originally written by Philipp Klaus <philipp.l.klaus @ web.de>
###
### This bash script may be distributed under the license terms of the GNU GPL v3.
DEFAULT_DIR="/srv/lxc"
CONF_DIR="/etc/lxc"
DEFAULT_BRIDGE="br0"
DEFAULT_GATEWAY="192.168.0.1"
COMMON_PACKAGE_LIST="openssh-server,vim,nano,bash-completion,man-db,mlocate,wget"
UBUNTU_PACKAGE_LIST="$COMMON_PACKAGE_LIST,language-pack-en,lxcguest,landscape-common,update-manager-core,update-notifier-common"
UBUNTU_DEFAULT_RELEASE="natty"
UBUNTU_ARCH="amd64"
UBUNTU_ARCHIVE="http://archive.ubuntu.com/ubuntu"
DEBIAN_PACKAGE_LIST="$COMMON_PACKAGE_LIST,locales"
DEBIAN_DEFAULT_RELEASE="squeeze"
DEBIAN_ARCH="amd64"
DEBIAN_ARCHIVE="http://ftp.fr.debian.org/debian"
debian=false
ubuntu=false
locale="en_US"
usage() {
echo "usage"
}
TEMP=`getopt -o dun:r:l:i:m: --long debian,ubuntu,name:,release:,locale:,ip:,mac: -- "$@"`
if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi
eval set -- "$TEMP"
while true ; do
case "$1" in
-u|--ubuntu) ubuntu=true ; shift ;;
-d|--debian) debian=true ; shift ;;
-n|--name)
if [ -z "$2" ] ; then usage ; exit 1 ; fi
hostname="$2" ; shift 2 ;;
-r|--release)
if [ -z "$2" ] ; then usage ; exit 1 ; fi
release="$2" ; shift 2 ;;
-l|--locale)
if [ -z "$2" ] ; then usage ; exit 1 ; fi
locale="$2" ; shift 2 ;;
-i|--ip)
if [ -z "$2" ] ; then usage ; exit 1 ; fi
ip="$2" ; shift 2 ;;
-m|--mac)
if [ -z "$2" ] ; then usage ; exit 1 ; fi
mac_address="$2" ; shift 2 ;;
--) shift ; break ;;
*) echo "Internal error!" ; exit 1 ;;
esac
done
if $ubuntu
then
package_list=$UBUNTU_PACKAGE_LIST
if [ -z "$release" ]
then
release=$UBUNTU_DEFAULT_RELEASE
fi
arch=$UBUNTU_ARCH
archive=$UBUNTU_ARCHIVE
sources_list=$(cat - << EOF
deb http://fr.archive.ubuntu.com/ubuntu $release main restricted universe
deb http://fr.archive.ubuntu.com/ubuntu $release-updates main restricted universe
deb http://security.ubuntu.com/ubuntu $release-security main restricted universe
EOF
)
elif $debian
then
package_list=$DEBIAN_PACKAGE_LIST
if [ -z "$release" ]
then
release=$DEBIAN_DEFAULT_RELEASE
fi
arch=$DEBIAN_ARCH
archive=$DEBIAN_ARCHIVE
sources_list=$(cat - << EOF
deb http://ftp.fr.debian.org/debian $release main
deb http://security.debian.org/ $release/updates main
EOF
)
else
usage
exit 1
fi
if [ -z "$hostname" ] || [ -z "$ip" ]
then
usage
exit 1
fi
directory=$DEFAULT_DIR
echo "Creating the LXC directory $directory"
sudo mkdir -p $directory/rootfs.$hostname
echo "Creating the fstab file for the new LXC"
cat - <<EOF | sudo tee -a $directory/fstab.$hostname 1> /dev/null
none $directory/rootfs.$hostname/dev/pts devpts defaults 0 0
#none $directory/rootfs.$hostname/dev/run tmpfs defaults 0 0
none $directory/rootfs.$hostname/dev/shm tmpfs defaults 0 0
EOF
echo "Installing the base system"
sudo debootstrap --arch $arch --include=$package_list $release $directory/rootfs.$hostname $archive
if $ubuntu
then
echo "Disable the gettys"
sudo rm $directory/rootfs.$hostname/etc/init/tty*
echo "Clean up the included /lib/init/fstab"
sudo cp $directory/rootfs.$hostname/lib/init/fstab $directory/rootfs.$hostname/lib/init/fstab.old
sudo cat $directory/rootfs.$hostname/lib/init/fstab | grep -v "/proc " | grep -v "/dev " | grep -v "/dev/pts" | sudo tee $directory/rootfs.$hostname/lib/init/fstab 1> /dev/null
fi
echo "Setting the locale $locale in /etc/environment"
cat - << EOF | sudo tee -a $directory/rootfs.$hostname/etc/environment 1> /dev/null
LANG="$locale.UTF-8"
LANGUAGE="$locale.UTF-8"
LC_ALL="$locale.UTF-8"
LC_CTYPE="C"
EOF
if $debian
then
echo -e "$locale.UTF-8 UTF-8" | sudo tee $directory/rootfs.$hostname/etc/locale.gen 1> /dev/null
sudo chroot $directory/rootfs.$hostname locale-gen
fi
echo "Setting the hostname"
echo -e "127.0.0.1 localhost $hostname\n" | sudo tee $directory/rootfs.$hostname/etc/hosts 1> /dev/null
echo -e "$hostname\n" | sudo tee $directory/rootfs.$hostname/etc/hostname 1> /dev/null
echo "Adding container routes"
container_rclocal="$directory/rootfs.$hostname/etc/rc.local"
sudo sed -i -e "/exit 0/d" $container_rclocal
cat - << EOF | sudo tee -a $container_rclocal 1> /dev/null
/sbin/ip route add $DEFAULT_GATEWAY dev eth0
/sbin/ip route add default via $DEFAULT_GATEWAY
exit 0
EOF
echo "Setting sources.list"
echo "$sources_list" | sudo tee $directory/rootfs.$hostname/etc/apt/sources.list 1> /dev/null
echo "Creating the LXC configuration file $directory/conf.$hostname"
cat - << EOF | sudo tee -a $CONF_DIR/$hostname.conf 1> /dev/null
lxc.utsname = $hostname
lxc.tty = 4
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = $DEFAULT_BRIDGE
lxc.network.ipv4 = $ip/32
lxc.network.name = eth0
EOF
if [ -n "$mac_address" ]
then
echo "lxc.network.hwaddr = $mac_address" | sudo tee -a $CONF_DIR/$hostname.conf 1> /dev/null
fi
cat - << EOF | sudo tee -a $CONF_DIR/$hostname.conf 1> /dev/null
lxc.mount = $directory/fstab.$hostname
lxc.rootfs = $directory/rootfs.$hostname
lxc.pts = 1024
# Forbid all devices:
lxc.cgroup.devices.deny = a
# /dev/null and /dev/zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles: /dev/console, /dev/tty, /dev/tty0, /dev/tty1
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/urandom, /dev/random, ? and /dev/ptmx
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc: /dev/rtc0
lxc.cgroup.devices.allow = c 254:0 rwm
EOF
echo "Creating the LXC from the configuration file"
sudo lxc-create -n $hostname -f $CONF_DIR/$hostname.conf 1> /dev/null
cat - << EOF
Successfully created the guest operating system installation of $hostname
in the directory $directory.
TODO:
- add static routes on the host
-> /etc/network/interfaces
- declare the container for service start
-> /etc/default/lxc
- create your users
-> chroot $directory/rootfs.$hostname
- start the guest container
-> lxc-start -n $hostname -d
- install useful packages
-> apt-get install htop fail2ban
EOF
exit 0
Raw
lxc_delete-container.sh
#!/bin/bash
DEFAULT_DIR="/srv/lxc"
CONF_DIR="/etc/lxc"
usage() {
echo "usage"
}
TEMP=`getopt -o n: --long name: -- "$@"`
if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi
eval set -- "$TEMP"
while true ; do
case "$1" in
-n|--name)
if [ -z "$2" ] ; then usage ; exit 1 ; fi
container="$2" ; shift 2 ;;
--) shift ; break ;;
*) echo "Internal error!" ; exit 1 ;;
esac
done
if [ -z "$container" ]
then
usage
exit 1
fi
# Checks if the given container exists
lxc-ls | grep -e "^$container$" > /dev/null
if [ $? -ne 0 ]
then
echo "Container $container does not exist!" 1>&2
exit 1
fi
sudo lxc-destroy -n $container
sudo rm $CONF_DIR/$container.conf
sudo rm -rf $DEFAULT_DIR/*.$container
echo "Container $container successfully deleted."
exit 0
Raw
Makefile
BIN=lxc_create-container.sh lxc_delete-container.sh
PREFIX=/usr/local
install:
@install -v $(BIN) $(PREFIX)/bin
uninstall:
@for bin in $(BIN); do \
rm -fv $(PREFIX)/bin/$$bin; \
done;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment