From 75ce4d7edf2e49f16ce686b1f13ebe520396a8f7 Mon Sep 17 00:00:00 2001 From: Joe Rayhawk Date: Tue, 19 Oct 2010 17:03:14 -0700 Subject: notes: lxc_setup.sh.txt: new --- notes/lxc_setup.sh.txt | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 notes/lxc_setup.sh.txt diff --git a/notes/lxc_setup.sh.txt b/notes/lxc_setup.sh.txt new file mode 100644 index 0000000..6e64160 --- /dev/null +++ b/notes/lxc_setup.sh.txt @@ -0,0 +1,52 @@ +container=build +volumegroup=algol +users=( + jrayhawk + lars + andrew +) + +mkdir -p /srv/lxc/ +lvcreate -L 50G -n $container $volumegroup +mkfs.xfs /dev/$volumegroup/$container +mkdir /srv/lxc/$container +echo /dev/$volumegroup/$container /srv/lxc/$container xfs relatime 0 2 >> /etc/fstab +mount /srv/lxc/$container +/usr/lib/lxc/templates/lxc-debian -p /srv/lxc/$container + +addr=11 +while cat /srv/lxc/*/config | grep -q 'lxc\.network\.ipv4 = 192\.168\.1\.'$addr; do + addr=$(($addr+1)) +done + +echo >> /srv/lxc/$container/config +echo '# networking' >> /srv/lxc/$container/config +echo lxc.utsname = $container >> /srv/lxc/$container/config +echo lxc.network.type = veth >> /srv/lxc/$container/config +echo lxc.network.flags = up >> /srv/lxc/$container/config +echo lxc.network.link = br0 >> /srv/lxc/$container/config +echo lxc.network.ipv4 = 192.168.1.$addr/24 >> /srv/lxc/$container/config +echo lxc.network.hwaddr = 00:16:53:00:01:$addr >> /srv/lxc/$container/config + +lxc-create -n $container -f /srv/lxc/build/config + +echo > /srv/lxc/$container/rootfs/etc/network/interfaces + +# why god why are chroots necessary for a paradigm that seeks to replace chroots + +chroot /srv/lxc/$container/rootfs/ passwd -l root +chroot /srv/lxc/$container/rootfs/ apt-get update +chroot /srv/lxc/$container/rootfs/ apt-get install sudo locales less vim +echo '%sudo ALL=(ALL) ALL' >> /srv/lxc/$container/rootfs/etc/sudoers +chroot /srv/lxc/$container/rootfs/ dpkg-reconfigure locales + +for newuser in "${users[@]}"; do + chroot /srv/lxc/$container/rootfs/ adduser --disabled-password --gecos "$(getent passwd $newuser | cut -d : -f 5)" $newuser + chroot /srv/lxc/$container/rootfs/ usermod -p "$(getent shadow $newuser | cut -d : -f 2)" $newuser + chroot /srv/lxc/$container/rootfs/ adduser $newuser sudo + tar -cvvC /home/$newuser/ .ssh | chroot /srv/lxc/$container/rootfs/ tar -xvvC /home/$newuser/ +done + +( grep -v PermitRootLogin\\\|PasswordAuthentication /srv/lxc/$container/rootfs/etc/ssh/sshd_config +echo "PermitRootLogin no" +echo "PasswordAuthentication no" ) | sponge /srv/lxc/$container/rootfs/etc/ssh/sshd_config -- cgit v1.2.3