summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--share/man/container-create-curl.1.txt129
-rw-r--r--share/man/container-create.1.txt6
-rwxr-xr-xshare/scripts/curl490
-rwxr-xr-xshare/scripts/curl.d/0001-debconf54
-rw-r--r--share/scripts/curl.d/0001-debconf.templates11
5 files changed, 690 insertions, 0 deletions
diff --git a/share/man/container-create-curl.1.txt b/share/man/container-create-curl.1.txt
new file mode 100644
index 0000000..40028c9
--- /dev/null
+++ b/share/man/container-create-curl.1.txt
@@ -0,0 +1,129 @@
+// Copyright (C) 2014-2019 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+//
+// SPDX-License-Identifier: GPL-3.0+
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+CONTAINER-CREATE-CURL(1)
+========================
+:doctype: manpage
+:man manual: Open Infrastructure
+:man source: compute-tools
+:man version: {revnumber}
+
+
+NAME
+----
+container-create-curl - Create a Debian based container by downloading a tarball over the network
+
+
+SYNOPSIS
+--------
+*container create -s curl* ['OPTIONS']
+
+
+DESCRIPTION
+-----------
+The curl container creation script uses curl(1) to download a tarball over the
+network to create a Debian based container.
+
+Depending on the tarball this script otherwise creates a pure Debian system with three modificiations:
+
+ * hostname is set (container name) in /etc/hostname
+ * systemd machine-id is generated in /etc/machine-id
+ * root password is set (user specified or 16 random characters)
+
+
+OPTIONS
+-------
+The following script options are available:
+
+*-n, --name='NAME'*::
+ Specify container name.
+
+*-a, --architecture='ARCHITECTURE'*::
+ Specify container architecture.
+
+"--clean*::
+ Remove downloaded tarball after successfull container creation.
+
+*-p, --root-password='PASSWORD'*::
+ Specify the root password, defaults to a random 16 character password.
+
+*--server='SERVER'*::
+ Specify the image server to download from, defaults to https://get.open-infrastructure.net/system/container/debian.
+
+*--setup='SETUP'*::
+ Specify the setup image name to download, defaults to the value specified through --system using the setup.tar.${COMPRESSION} suffix.
+
+*--system='SYSTEM'*::
+ Specify the system image name to download, defaults to debian-stretch-current_${ARCHITECTURE}.system.tar.${COMPRESSION} (where ${ARCHITECTURE} is the host systems architecture and ${COMPRESSION} either lz, xz, or gz depending on compressor availability on the host system).
+
+
+EXAMPLES
+--------
+*Create a Debian 9 (stretch) based container with same architecture as the host system:*::
+ sudo container create -s curl -n stretch.example.net
+
+*Create a Debian 9 (stretch) based container with different architecture as the host system:*::
+ sudo container create -s curl -n stretch-i386.example.net -- --system debian-stretch-current_i386.system.tar.xz
+
+FILES
+-----
+The following files are used:
+
+*/etc/open-infrastructure/container/config*::
+ Container configuration files.
+
+*/usr/share/open-infrastructure/container/scripts*::
+ Container creation scripts.
+
+*/usr/share/doc/compute-tools*::
+ Container documentation.
+
+*/var/lib/machines*::
+ Container directory.
+
+*/var/cache/open-infrastructure/container*::
+ Container cache directory.
+
+
+CONTAINER IMAGES
+----------------
+
+compute-tools will download tarballs from a server expecting that the images are tarballs with either gzip, lzip, xz, or no compression. See container-images.sh as an example on how to create your own container images.
+
+
+SEE ALSO
+--------
+compute-tools(7),
+container(1).
+
+
+HOMEPAGE
+--------
+More information about compute-tools and the Open Infrastructure project can be found on the homepage at https://open-infrastructure.net.
+
+
+CONTACT
+-------
+Bug reports, feature requests, help, patches, support and everything else
+are welcome on the Open Infrastructure Software Mailing List <software@lists.open-infrastructure.net>.
+
+Debian specific bugs can also be reported in the Debian Bug Tracking System at https://bugs.debian.org.
+
+
+AUTHORS
+-------
+compute-tools were written by Daniel Baumann <daniel.baumann@open-infrastructure.net> and others.
diff --git a/share/man/container-create.1.txt b/share/man/container-create.1.txt
index 5ba4637..7f1f0a9 100644
--- a/share/man/container-create.1.txt
+++ b/share/man/container-create.1.txt
@@ -72,6 +72,9 @@ SCRIPTS
-------
The following container scripts are available:
+*curl*::
+ Basic script to create Debian based container, see container-create-curl(1).
+
*debootstrap*::
Basic script to create Debian based container, see container-create-debootstrap(1).
@@ -84,6 +87,9 @@ The following container scripts are available:
EXAMPLES
--------
+*Create example.net container using curl script:*::
+ sudo container create -n example.net -s curl
+
*Create example.net container using debootstrap script:*::
sudo container create -n example.net -s debootstrap
diff --git a/share/scripts/curl b/share/scripts/curl
new file mode 100755
index 0000000..6b8db26
--- /dev/null
+++ b/share/scripts/curl
@@ -0,0 +1,490 @@
+#!/bin/sh
+
+# Copyright (C) 2014-2019 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+#
+# SPDX-License-Identifier: GPL-3.0+
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+set -e
+
+PROJECT="open-infrastructure"
+SOFTWARE="compute-tools"
+PROGRAM="container"
+SCRIPT="${0}"
+
+HOOKS="/etc/${PROJECT}/${PROGRAM}/hooks"
+KEYS="/etc/${PROJECT}/${PROGRAM}/keys"
+MACHINES="/var/lib/machines"
+CACHE="/var/cache/${PROJECT}/${PROGRAM}/system"
+
+Parameters ()
+{
+ GETOPT_LONGOPTIONS="bind:,bind-ro:,script:,name:,architecture:,clean,password:,server:,setup:,system:,"
+ GETOPT_OPTIONS="b:,s:,n:,a:,p:"
+
+ PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${SCRIPT} --options ${GETOPT_OPTIONS} --shell sh -- ${@})"
+
+ if [ "${?}" != "0" ]
+ then
+ echo "'${SCRIPT}': getopt exit" >&2
+ exit 1
+ fi
+
+ eval set -- "${PARAMETERS}"
+
+ while true
+ do
+ case "${1}" in
+ -b|--bind)
+ # ignore
+ shift 2
+ ;;
+
+ --bind-ro)
+ # ignore
+ shift 2
+ ;;
+
+ --cnt.auto)
+ # ignore
+ shift 2
+ ;;
+
+ --cnt.container-server)
+ # ignore
+ shift 2
+ ;;
+
+ -s|--script)
+ # ignore
+ shift 2
+ ;;
+
+ -n|--name)
+ NAME="${2}"
+ shift 2
+ ;;
+
+ -a|--architecture)
+ ARCHITECTURE="${2}"
+ shift 2
+ ;;
+
+ --clean)
+ CLEAN="true"
+ shift 1
+ ;;
+
+ -p|--password)
+ PASSWORD="${2}"
+ shift 2
+ ;;
+
+ --server)
+ SERVER="${2}"
+ shift 2
+ ;;
+
+ --setup)
+ SETUP="${2}"
+ shift 2
+ ;;
+
+ --system)
+ SYSTEM="${2}"
+ shift 2
+ ;;
+
+ --)
+ shift 1
+ break
+ ;;
+
+ *)
+ echo "'${SCRIPT}': getopt error" >&2
+ exit 1
+ ;;
+ esac
+ done
+}
+
+Usage ()
+{
+ echo "Usage: container create -n|--name NAME -s|--script ${SCRIPT} -- [--clean] [-p|--password PASSWORD] [--server SERVER] [--setup SETUP] [--system SYSTEM]" >&2
+ exit 1
+}
+
+Parameters "${@}"
+
+if [ -z "${NAME}" ]
+then
+ Usage
+fi
+
+if [ -e "${MACHINES}/${NAME}" ]
+then
+ echo "'${NAME}': container already exists" >&2
+ exit 1
+fi
+
+if [ ! -x /usr/bin/curl ]
+then
+ echo "'${NAME}': /usr/bin/curl - no such file." >&2
+ exit 1
+fi
+
+if [ "$(id -u)" -ne 0 ]
+then
+ echo "'${NAME}': need root privileges" >&2
+ exit 1
+fi
+
+COMPRESSIONS=""
+
+if [ -x /usr/bin/lzip ]
+then
+ COMPRESSIONS="${COMPRESSIONS} lz"
+fi
+
+if [ -x /usr/bin/xz ]
+then
+ COMPRESSIONS="${COMPRESSIONS} xz"
+fi
+
+if [ -x /bin/gzip ]
+then
+ COMPRESSIONS="${COMPRESSIONS} gz"
+fi
+
+if [ -z "${COMPRESSIONS}" ]
+then
+ echo "'${NAME}': no supported compressor available (lz, xz, gz)."
+ exit 1
+fi
+
+SERVER="${SERVER:-https://get.open-infrastructure.net/system/container/debian}"
+PASSWORD="${PASSWORD:-$(dd if=/dev/urandom bs=12 count=1 2> /dev/null | base64)}"
+
+VERSION="$(container version)"
+
+export SERVER
+
+Debconf ()
+{
+ # Configure local debconf
+ mkdir -p "${DEBCONF_TMPDIR}/debconf"
+
+cat > "${DEBCONF_TMPDIR}/debconf.systemrc" << EOF
+Config: configdb
+Templates: templatedb
+
+Name: config
+Driver: File
+Mode: 644
+Reject-Type: password
+Filename: ${DEBCONF_TMPDIR}/debconf/config.dat
+
+Name: passwords
+Driver: File
+Mode: 600
+Backup: false
+Required: false
+Accept-Type: password
+Filename: ${DEBCONF_TMPDIR}/debconf/passwords.dat
+
+Name: configdb
+Driver: Stack
+Stack: config, passwords
+
+Name: templatedb
+Driver: File
+Mode: 644
+Filename: ${DEBCONF_TMPDIR}/debconf/templates.dat
+EOF
+
+ DEBCONF_SYSTEMRC="${DEBCONF_TMPDIR}/debconf.systemrc"
+ export DEBCONF_SYSTEMRC
+}
+
+# Pre hooks
+for FILE in "${HOOKS}/pre-${SCRIPT}".* "${HOOKS}/${NAME}.pre-${SCRIPT}"
+do
+ if [ -x "${FILE}" ]
+ then
+ "${FILE}"
+ fi
+done
+
+# Run
+
+# FIXME: default server via configuration file
+
+CURL_OPTIONS=""
+
+if curl -V | grep -qs http2
+then
+ CURL_OPTIONS="${CURL_OPTIONS} --http2"
+fi
+
+if [ -z "${SYSTEM}" ]
+then
+ # Downloading container list
+ if curl --fail --head --output /dev/null --silent "${SERVER}/container-list.txt"
+ then
+ mkdir -p "/tmp/${SOFTWARE}"
+ DEBCONF_TMPDIR="$(mktemp -d -p "/tmp/${SOFTWARE}" -t $(basename ${0}).XXXX)"
+ export DEBCONF_TMPDIR
+
+ if [ -z "${ARCHITECTURE}" ]
+ then
+ case "$(dpkg --print-architecture)" in
+ amd64)
+ GREP_PATTERN="(amd64|i386)"
+ ;;
+ esac
+ fi
+
+ GREP_PATTERN="${GREP_PATTERN:-${ARCHITECTURE}}"
+
+ echo "Downloading $(echo ${SERVER} | awk -F/ '{ print $3 }') container list"
+ curl --fail --location --progress-bar --user-agent ${SOFTWARE}/${VERSION} ${CURL_OPTIONS} \
+ "${SERVER}/container-list.txt" | grep -E "${GREP_PATTERN}" > "${DEBCONF_TMPDIR}/container-list.txt"
+
+ umask 0022
+
+ Debconf
+
+ # Run debconf parts
+ for DEBCONF_SCRIPT in /usr/share/${PROJECT}/${PROGRAM}/scripts/curl.d/*
+ do
+ if [ -x "${DEBCONF_SCRIPT}" ]
+ then
+ "${DEBCONF_SCRIPT}"
+ fi
+ done
+
+ # Read-in configuration from debconf
+ . "${DEBCONF_TMPDIR}/debconf.default"
+
+ # Remove debconf temporary files
+ rm --preserve-root --one-file-system -rf "${DEBCONF_TMPDIR}"
+ rmdir --ignore-fail-on-non-empty "/tmp/${SOFTWARE}" 2>&1 || true
+ fi
+fi
+
+for COMPRESSION in ${COMPRESSIONS}
+do
+ if curl --fail --head --output /dev/null --silent "${SERVER}/${SYSTEM}.${COMPRESSION}"
+ then
+ SYSTEM="${SYSTEM}.${COMPRESSION}"
+ break
+ fi
+done
+
+# Downloading container files
+mkdir -p "${CACHE}"
+
+SETUP="${SETUP:-$(echo ${SYSTEM} | sed -e 's|.system.tar.|.setup.tar.|')}"
+
+for FILE in "${SYSTEM}" "${SYSTEM}.gpg" "${SYSTEM}.sha512" \
+ "${SETUP}" "${SETUP}.gpg" "${SETUP}.sha512"
+do
+ if curl --fail --head --output /dev/null --silent "${SERVER}/${FILE}"
+ then
+ case "${FILE}" in
+ *.sha512)
+ if [ -e "${CACHE}/$(basename ${FILE} .sha512).gpg" ]
+ then
+ continue
+ fi
+ ;;
+ esac
+
+ if [ -e "${CACHE}/${FILE}" ]
+ then
+ CURL_TIME_COND="--time-cond ${CACHE}/${FILE}"
+ else
+ CURL_TIME_COND=""
+ fi
+
+ echo "Downloading ${FILE}"
+ curl --fail --location --progress-bar --user-agent ${SOFTWARE}/${VERSION} ${CURL_OPTIONS} ${CURL_TIME_COND} \
+ "${SERVER}/${FILE}" -o "${CACHE}/${FILE}"
+ fi
+done
+
+cd "${CACHE}"
+
+for FILE in "${SYSTEM}" "${SETUP}"
+do
+ if [ ! -e "${FILE}" ]
+ then
+ continue
+ fi
+
+ if [ -e "${FILE}.gpg" ]
+ then
+ echo -n "Verifying ${FILE}:"
+
+ set +e
+ gpg --homedir "${KEYS}" --verify "${FILE}.gpg" "${FILE}" > /dev/null 2>&1
+ GNUPG="${?}"
+ set -e
+
+ case "${GNUPG}" in
+ 0)
+ echo " gpg ok."
+ continue
+ ;;
+
+ *)
+ echo " gpg failed."
+ exit 1
+ ;;
+ esac
+ elif [ -e "${FILE}.sha512" ]
+ then
+ echo -n "Verifying ${FILE}:"
+
+ set +e
+ sha512sum --check "${FILE}.sha512" --status
+ SHA512SUM="${?}"
+ set -e
+
+ case "${SHA512SUM}" in
+ 0)
+ echo " sha512 ok."
+ ;;
+
+ *)
+ echo " sha512 failed."
+ exit 1
+ ;;
+ esac
+ fi
+done
+
+cd "${OLDPWD}"
+
+case "${SYSTEM}" in
+ *.gz)
+ TAR_OPTIONS="--gzip"
+
+ if [ ! -e /bin/gzip ]
+ then
+ echo -en "\n"
+ echo "'${NAME}': /bin/lzip - no such file." >&2
+ exit 1
+ fi
+ ;;
+
+ *.lz)
+ TAR_OPTIONS="--lzip"
+
+ if [ ! -e /usr/bin/lzip ]
+ then
+ echo -en "\n"
+ echo "'${NAME}': /usr/bin/lzip - no such file." >&2
+ exit 1
+ fi
+ ;;
+
+ *.xz)
+ TAR_OPTIONS="--xz"
+
+ if [ ! -e /usr/bin/xz ]
+ then
+ echo -en "\n"
+ echo "'${NAME}': /usr/bin/xz - no such file." >&2
+ exit 1
+ fi
+ ;;
+
+ *)
+ TAR_OPTIONS=""
+ ;;
+esac
+
+for FILE in "${SYSTEM}" "${SETUP}"
+do
+ if [ ! -e "${CACHE}/${FILE}" ]
+ then
+ continue
+ fi
+
+ case "${FILE}" in
+ *.system.tar.*)
+ DIRECTORY="${MACHINES}/${NAME}"
+ ;;
+
+ *.setup.tar.*)
+ DIRECTORY="${MACHINES}/${NAME}/setup"
+ ;;
+ esac
+
+ mkdir -p "${DIRECTORY}"
+
+ if [ -e /usr/bin/pv ]
+ then
+ echo "Unpacking ${FILE}"
+ pv --format '%p' --width 77 "${CACHE}/${FILE}" | tar xf - ${TAR_OPTIONS} -C "${DIRECTORY}" --strip 1
+ else
+ echo -n "Unpacking ${FILE}:"
+ tar xf "${CACHE}/${FILE}" ${TAR_OPTIONS} -C "${DIRECTORY}" --strip 1
+ echo " ok."
+ fi
+done
+
+if [ -x "${MACHINES}/${NAME}/setup/container" ]
+then
+ chroot "${MACHINES}/${NAME}" /usr/bin/env -i \
+ LC_ALL="C" PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/games:/usr/games" TERM="${TERM}" \
+ DEBIAN_FRONTEND="dialog" DEBIAN_PRIORITY="low" \
+ DEBCONF_NONINTERACTIVE_SEEN="true" DEBCONF_NOWARNINGS="true" \
+ NAME="${NAME}" \
+ /setup/container
+
+ rm -rf "${MACHINES}/${NAME}/setup"
+fi
+
+# Creating machine-id
+chroot "${MACHINES}/${NAME}" systemd-machine-id-setup > /dev/null 2>&1
+
+# Setting hostname
+echo "${NAME}" > "${MACHINES}/${NAME}/etc/hostname"
+
+# Copying resolv.conf
+cp -L /etc/resolv.conf "${MACHINES}/${NAME}/etc/resolv.conf"
+
+# Setting root password
+echo root:${PASSWORD} | chroot "${MACHINES}/${NAME}" chpasswd
+echo "${NAME}: root password set to '${PASSWORD}'."
+
+# Remove cache
+case "${CLEAN}" in
+ true)
+ rm -f "${CACHE}/${SYSTEM}" "${CACHE}/${SYSTEM}.sha512"
+ rm -f "${CACHE}/${SETUP}" "${CACHE}/${SETUP}.sha512"
+ ;;
+esac
+
+# Post hooks
+for FILE in "${HOOKS}/post-${SCRIPT}".* "${HOOKS}/${NAME}.post-${SCRIPT}"
+do
+ if [ -x "${FILE}" ]
+ then
+ "${FILE}"
+ fi
+done
diff --git a/share/scripts/curl.d/0001-debconf b/share/scripts/curl.d/0001-debconf
new file mode 100755
index 0000000..3f98f74
--- /dev/null
+++ b/share/scripts/curl.d/0001-debconf
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+# Copyright (C) 2014-2019 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+#
+# SPDX-License-Identifier: GPL-3.0+
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+set -e
+
+DEBCONF_NOWARNINGS="true"
+export DEBCONF_NOWARNINGS
+
+. /usr/share/debconf/confmodule
+
+System ()
+{
+ TITLE="$(echo ${SERVER} | awk -F/ '{ print $3 }')"
+
+ SYSTEMS="$(for SYSTEM in $(cat ${DEBCONF_TMPDIR}/container-list.txt | cut -d\| -f2 | sed -e 's| |#|g'); do echo -n "$(echo ${SYSTEM} | sed -e 's|#| |g'), "; done | sed -e 's|, $||')"
+ SYSTEMS_C="$(for SYSTEM_C in $(cat ${DEBCONF_TMPDIR}/container-list.txt | cut -d\| -f1); do echo -n "${SYSTEM_C}, "; done | sed -e 's|, $||')"
+
+ db_subst cnt-curl/title TITLE "${TITLE}"
+
+ db_subst cnt-curl/system CHOICES "${SYSTEMS}"
+ db_subst cnt-curl/system CHOICES_C "${SYSTEMS_C}"
+
+ db_fset cnt-curl/system seen false
+
+ db_settitle cnt-curl/title
+ db_input high cnt-curl/system || true
+ db_go
+
+ db_get cnt-curl/system
+ SYSTEM="${RET}" # select
+
+ echo "SYSTEM=\"${SYSTEM}\"" >> "${DEBCONF_TMPDIR}/debconf.default"
+ export SYSTEM
+}
+
+System
+
+db_stop
diff --git a/share/scripts/curl.d/0001-debconf.templates b/share/scripts/curl.d/0001-debconf.templates
new file mode 100644
index 0000000..c87e47e
--- /dev/null
+++ b/share/scripts/curl.d/0001-debconf.templates
@@ -0,0 +1,11 @@
+Template: cnt-curl/title
+Type: title
+Description: ${TITLE}
+
+Template: cnt-curl/system
+Type: select
+Default:
+Choices-C: ${CHOICES_C}
+Choices: ${CHOICES}
+Description: Container list:
+ Select the system to use for creating the container.