diff options
| author | Joe Rayhawk <jrayhawk@omgwallhack.org> | 2010-10-19 17:03:14 -0700 |
|---|---|---|
| committer | Joe Rayhawk <jrayhawk@omgwallhack.org> | 2010-10-19 17:03:14 -0700 |
| commit | 75ce4d7edf2e49f16ce686b1f13ebe520396a8f7 (patch) | |
| tree | 883bcb0a521364ff3bdc8d1b9c5b282eefefb6be /notes | |
| parent | 637e1773c3b40e18fb5f7df8751538931b868309 (diff) | |
| download | jrayhawk-75ce4d7edf2e49f16ce686b1f13ebe520396a8f7.tar.gz jrayhawk-75ce4d7edf2e49f16ce686b1f13ebe520396a8f7.zip | |
notes: lxc_setup.sh.txt: new
Diffstat (limited to 'notes')
| -rw-r--r-- | notes/lxc_setup.sh.txt | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/notes/lxc_setup.sh.txt b/notes/lxc_setup.sh.txt new file mode 100644 index 0000000..6e64160 --- /dev/null +++ b/notes/lxc_setup.sh.txt @@ -0,0 +1,52 @@ +container=build +volumegroup=algol +users=( + jrayhawk + lars + andrew +) + +mkdir -p /srv/lxc/ +lvcreate -L 50G -n $container $volumegroup +mkfs.xfs /dev/$volumegroup/$container +mkdir /srv/lxc/$container +echo /dev/$volumegroup/$container /srv/lxc/$container xfs relatime 0 2 >> /etc/fstab +mount /srv/lxc/$container +/usr/lib/lxc/templates/lxc-debian -p /srv/lxc/$container + +addr=11 +while cat /srv/lxc/*/config | grep -q 'lxc\.network\.ipv4 = 192\.168\.1\.'$addr; do + addr=$(($addr+1)) +done + +echo >> /srv/lxc/$container/config +echo '# networking' >> /srv/lxc/$container/config +echo lxc.utsname = $container >> /srv/lxc/$container/config +echo lxc.network.type = veth >> /srv/lxc/$container/config +echo lxc.network.flags = up >> /srv/lxc/$container/config +echo lxc.network.link = br0 >> /srv/lxc/$container/config +echo lxc.network.ipv4 = 192.168.1.$addr/24 >> /srv/lxc/$container/config +echo lxc.network.hwaddr = 00:16:53:00:01:$addr >> /srv/lxc/$container/config + +lxc-create -n $container -f /srv/lxc/build/config + +echo > /srv/lxc/$container/rootfs/etc/network/interfaces + +# why god why are chroots necessary for a paradigm that seeks to replace chroots + +chroot /srv/lxc/$container/rootfs/ passwd -l root +chroot /srv/lxc/$container/rootfs/ apt-get update +chroot /srv/lxc/$container/rootfs/ apt-get install sudo locales less vim +echo '%sudo ALL=(ALL) ALL' >> /srv/lxc/$container/rootfs/etc/sudoers +chroot /srv/lxc/$container/rootfs/ dpkg-reconfigure locales + +for newuser in "${users[@]}"; do + chroot /srv/lxc/$container/rootfs/ adduser --disabled-password --gecos "$(getent passwd $newuser | cut -d : -f 5)" $newuser + chroot /srv/lxc/$container/rootfs/ usermod -p "$(getent shadow $newuser | cut -d : -f 2)" $newuser + chroot /srv/lxc/$container/rootfs/ adduser $newuser sudo + tar -cvvC /home/$newuser/ .ssh | chroot /srv/lxc/$container/rootfs/ tar -xvvC /home/$newuser/ +done + +( grep -v PermitRootLogin\\\|PasswordAuthentication /srv/lxc/$container/rootfs/etc/ssh/sshd_config +echo "PermitRootLogin no" +echo "PasswordAuthentication no" ) | sponge /srv/lxc/$container/rootfs/etc/ssh/sshd_config |