+++ /dev/null
-#!/usr/bin/shellmod
-# This module is used to create a new virtual private server
-
-# This module may be use inside linuxconf
-# Do linuxconf --modulemain shellmod --setmod @SBINDIR@/newvserver
-
-# Load shellmod support function
-. /usr/lib/linuxconf/lib/shellmod-lib.sh
-
-USR_SBIN=@SBINDIR@
-USR_LIB_VSERVER=@PKGLIBDIR@
-VSERVER_CMD=$USR_SBIN/vserver
-CHBIND_CMD=$USR_SBIN/chbind
-CHCONTEXT_CMD=$USR_SBIN/chcontext
-SAVE_S_CONTEXT_CMD=$USR_LIB_VSERVER/save_s_context
-CAPCHROOT_CMD=$USR_LIB_VSERVER/capchroot
-VSERVERKILLALL_CMD=$USR_LIB_VSERVER/vserverkillall
-
-
-usage(){
- cat <<-EOF >&2
-
-newvserver [ options ]
-
- Interactive utility to create vservers.
-
-Options:
- --name: Set the name of the new vserver.
- --desc: Set the description.
- --unify 1/0: Turn on unification on and off.
- --hostname: Set the host name of the new vserver
- --ip: Set the IP number(s)
- --ondev: Install the IP numbers as IP aliases on device.
- --clone: Create the vserver from another one or a distribution CD.
-
-The distribution CD are identified by special strings:
- #rh9.0m: RedHat 9 minimal
- #rh9.0f: RedHat 9 complete first CD
- #rh8.0m: RedHat 8 minimal
- #rh8.0f: RedHat 8 complete first CD
- #rh7.3m: RedHat 7.3 minimal
- #rh7.3f: RedHat 7.3 complete first CD
- #rh7.2m: RedHat 7.2 minimal
- #rh7.2f: RedHat 7.2 complete first CD
-
-EOF
-}
-
-register(){
- qecho regmenu main MENU_MISCSERV "Create a new vserver"
-}
-
-check_name(){
- LEN=`echo -n $1 | wc -c`
- SMALL=`expr $LEN \<= 10`
- if [ "$SMALL" = "1" ] ; then
- return 0
- fi
- return 1
-}
-
-check_hostname(){
- case $1 in
- *\.*)
- return 0
- ;;
- *)
- ;;
- esac
- return 1
-}
-
-check_ip(){
- case $1 in
- *\.*\.*\.*)
- return 0
- ;;
- *)
- ;;
- esac
- return 1
-}
-
-check_device(){
- if [ "$1" = "" ] ; then
- return 1;
- fi
- return 0
-}
-
-# Tell the user to mount the CD
-check_cd(){
- echo defval s1 "Make sure the $1"
- echo defval s1 "is mounted on /mnt/cdrom"
- echo defval s1
- echo defval s1 "Execute \"mount /mnt/cdrom\" if not"
- echo notice =s1
-}
-
-# Set a fake fstab and mtab in a vserver
-# $1 is the vserver path (/vserver/id)
-set_fstab(){
- mkdir -p $1/etc
- echo /dev/hdv1 / ext2 defaults 1 1 >$1/etc/fstab
- echo /dev/hdv1 / ext2 rw 1 1 >$1/etc/mtab
-}
-
-# Show a progress bar during installation
-# The sub-process sends the number of output line first, then the lines
-execprogress(){
- LOG=$1
- title=$2
- desc=$3
- shift; shift; shift
- $* |
- (
- >$LOG
- read SIZE rest
- qecho DIALOG
- qecho settype DIATYPE_POPUP
- qecho newf_str p1 "Package"
- qecho newf_gauge s1 "$desc" 0 $SIZE
- qecho show "$title" "$SIZE $rest"
- nb=0
- while read pkg line
- do
- nb=`expr $nb + 1`
- printf "%-20s %s\n" $pkg $line >>$LOG
- qecho newf_str p1 "Package" "$pkg"
- qecho newf_gauge s1 "$desc" $nb $SIZE
- qecho show "$title" "$SIZE $rest"
- done
- qecho end
- )
-}
-
-# install some packages with a progress bar
-installpkgs(){
- LOG=$1
- shift
- execprogress $LOG "Installing" "Packages installed" $*
-}
-
-# Point d'entré du module
-main(){
- name=
- desc=
- clone=/
- unify=1
- hostname=
- ip=
- ondev=eth0
- if [ -f /etc/vservers/newvserver.defaults ] ; then
- source /etc/vservers/newvserver.defaults
- fi
- while [ "$1" != "" ]
- do
- case $1 in
- --help)
- usage
- exit
- ;;
- --name)
- name=$2
- shift; shift
- ;;
- --desc)
- desc=$2
- shift; shift
- ;;
- --unify)
- unify=$2
- shift; shift
- ;;
- --hostname)
- hostname=$2
- shift; shift
- ;;
- --ip)
- ip="$2"
- shift; shift
- ;;
- --ondev)
- ondev=$2
- shift; shift
- ;;
- --clone)
- clone=$2
- shift; shift
- ;;
- *)
- qecho error "Invalid option $1"
- exit 1
- esac
- done
- qecho DIALOG
- qecho newf_title top 1 top
- qecho newf_str name "Vserver name (max 10 chars)" $name
- qecho newf_str desc "Vserver description" "$desc"
- qecho newf_list clone "Clone vserver" $clone
- for conf in /etc/vservers/*.conf
- do
- case $conf in
- /etc/vservers/\*.conf)
- ;;
- *)
- DESC=`grep "# Description:" $conf | ( read a b c; echo $c)`
- qecho listitem `basename $conf .conf` "$DESC"
- ;;
- esac
- done
- qecho listitem / "Root server"
- qecho listitem "#rh9.0m" "From RedHat 9.0 CDrom/Minimal"
- qecho listitem "#rh9.0f" "From RedHat 9.0 CDrom/Full"
- qecho listitem "#rh8.0m" "From RedHat 8.0 CDrom/Minimal"
- qecho listitem "#rh8.0f" "From RedHat 8.0 CDrom/Full"
- qecho listitem "#rh7.3m" "From RedHat 7.3 CDrom/Minimal"
- qecho listitem "#rh7.3f" "From RedHat 7.3 CDrom/Full"
- qecho listitem "#rh7.2" "From RedHat 7.2 CDrom"
- #qecho listitem "#mdk8.2m" "From Mandrake 8.2 CDrom/Minimal"
- #qecho listitem "#mdk8.2f" "From Mandrake 8.2 CDrom/Full"
- qecho newf_chk unify "Unified mode" 1 "Share disk space" $unify
-
- qecho newf_title Networking 1 Networking
- qecho newf_str hostname "Host name" $hostname
- qecho newf_info "" "Up to 16 IP numbers"
- qecho newf_str ip "IP number(s)" "$ip"
- qecho newf_str ondev "Install IP on device" $ondev
-
- qecho newf_title Authentication 1 Authentication
- qecho newf_pass pass1 "Root password"
- qecho newf_pass pass2 "Root password (retype)"
- qecho newf_chk usemd5 "Password format" 1 "Use MD5"
- qecho newf_chk useshadow "Password location" 1 "/etc/shadow"
-
- qecho newf_title NIS/LDAP 1 NIS/LDAP
- qecho newf_str nisserver "NIS server"
- qecho newf_str domainname "NIS domainname"
- qecho newf_str ldapserver "LDAP server"
- qecho newf_str ldapbasedn "LDAP base dn"
-
- qecho newf_title Services 1 Services
- qecho newf_chk crond "crond" 1 "Scheduled tasks"
- qecho newf_chk httpd "httpd" 0 "Web server"
- qecho newf_chk sshd "sshd" 1 "Secure shell server"
- qecho newf_chk cleansshd "" 1 "Redo sshd server keys"
- qecho newf_chk syslog "syslog" 1 "Message logger"
- qecho newf_chk xinetd "xinetd" 0 "On demand inet service"
- qecho newf_chk nscd "nscd" 0 "Name service cache daemon"
-
- qecho newf_title "Backup profile" 1 "Backup profile"
- qecho newf_str bkhostname "Host name"
- qecho newf_info "" "Up to 16 IP numbers"
- qecho newf_str bkip "IP number(s)"
- qecho newf_str bkondev "Install IP on device" eth0
-
- qecho newf_title Extra 1 Extra
- qecho newf_chk onboot "Start server" 0 "at boot time"
- qecho newf_str priority "Start priority" 100
- qecho newf_str nice "Nice level"
- qecho newf_info "Available flags" "lock nproc sched hideinfo private"
- qecho newf_str flags "Flags" "lock nproc"
- qecho newf_str ulimit "Vserver ulimit" "-H -u 1000"
-
-
- qecho newf_title "Shared directories" 1 "Shared directories"
- qecho newf_str dir1 "Directory"
- qecho newf_str dir2 "Directory"
- qecho newf_str dir3 "Directory"
- qecho newf_str dir4 "Directory"
-
- qecho newf_title "Excluded directories" 1 "Excluded directories"
- qecho newf_info "" "Won't copy files in those directories"
- qecho newf_str exdir1 "Directory" "/var/log"
- qecho newf_str exdir2 "Directory" "/var/run"
- qecho newf_str exdir3 "Directory" "/var/spool/mail"
- qecho newf_str exdir4 "Directory" "/tmp"
- qecho newf_str exdir5 "Directory" ""
- qecho newf_str exdir6 "Directory" ""
-
-
- while true
- do
- qecho edit "Vserver basic setup"
- dispatch
- if [ $CODE != "accept" ] ; then
- break
- elif ! check_name $name ; then
- qecho error "You must provide a name (10 chars max)"
- elif ! check_hostname $hostname ; then
- qecho error "You must provide a valid/fully qualified host name"
- elif ! check_ip $ip ; then
- qecho error "You must provide a valid IP number"
- elif ! check_device $ondev ; then
- qecho error "You must provide a valid network device"
- elif [ "$pass1" != "" -a "$pass1" != "$pass2" ] ; then
- echo defval s1 The two passwords differ.
- echo defval s1 You must re-enter the root password.
- echo error =s1
- else
- STARTTIME=`date +%s`
- ONBOOT=no
- if [ "$onboot" = "1" ] ; then
- ONBOOT=yes
- fi
- VROOT=/vservers/$name
- CONF=/etc/vservers/$name.conf
- $USR_LIB_VSERVER/install-pre.sh $name
- rm -f $CONF >/dev/null 2>/dev/null
- echo "# Description: $desc" >>$CONF
- echo >>$CONF
- echo "if [ \"$PROFILE\" = \"\" ]; then" >>$CONF
- echo " PROFILE=prod" >>$CONF
- echo "fi" >>$CONF
- echo "case \$PROFILE in" >>$CONF
- echo "prod)" >>$CONF
- echo " # Select the IP number(s) assigned to the virtual server" >>$CONF
- echo " # These IPs will be defined as IP alias" >>$CONF
- echo " # The alias will be setup on IPROOTDEV" >>$CONF
- echo " # You can specify the device if needed" >>$CONF
- echo " # IPROOT=\"eth0:1.2.3.4 eth1:3.4.5.6\" " >>$CONF
- echo " IPROOT=\"$ip\"" >>$CONF
- echo " # You can define on which device the IP alias will be done" >>$CONF
- echo " # The IP alias will be set when the server is started and unset" >>$CONF
- echo " # when the server is stopped" >>$CONF
- echo " # The netmask and broadcast are computed by default from IPROOTDEV" >>$CONF
- echo " #IPROOTMASK=" >>$CONF
- echo " #IPROOTBCAST=" >>$CONF
- echo " IPROOTDEV=$ondev" >>$CONF
- echo " # You can set a different host name for the vserver" >>$CONF
- echo " # If empty, the host name of the main server is used" >>$CONF
- echo " S_HOSTNAME=$hostname" >>$CONF
- echo " ;;" >>$CONF
- echo "backup)" >>$CONF
- echo " IPROOT=\"$bkip\"" >>$CONF
- echo " #IPROOTMASK=" >>$CONF
- echo " #IPROOTBCAST=" >>$CONF
- echo " IPROOTDEV=$bkondev" >>$CONF
- echo " S_HOSTNAME=$bkhostname" >>$CONF
- echo " ;;" >>$CONF
- echo "esac" >>$CONF
- echo "# Set ONBOOT to yes or no if you want to enable this" >>$CONF
- echo "# virtual server at boot time" >>$CONF
- echo "ONBOOT=$ONBOOT" >>$CONF
- echo "# Control the start order of the vservers" >>$CONF
- echo "# Lower value start first" >>$CONF
- echo "PRIORITY=$priority" >>$CONF
- echo "# You can set a different NIS domain for the vserver" >>$CONF
- echo "# If empty, the current on is kept" >>$CONF
- echo "# Set it to \"none\" to have no NIS domain set" >>$CONF
- echo "S_DOMAINNAME=$domainname" >>$CONF
- echo "# You can set the priority level (nice) of all process in the vserver" >>$CONF
- echo "# Even root won't be able to raise it" >>$CONF
- echo "S_NICE=$nice" >>$CONF
- echo "# You can set various flags for the new security context" >>$CONF
- echo "# lock: Prevent the vserver from setting new security context" >>$CONF
- echo "# sched: Merge scheduler priority of all processes in the vserver" >>$CONF
- echo "# so that it acts a like a single one." >>$CONF
- echo "# nproc: Limit the number of processes in the vserver according to ulimit" >>$CONF
- echo "# (instead of a per user limit, this becomes a per vserver limit)" >>$CONF
- echo "# private: No other process can join this security context. Even root" >>$CONF
- echo "# Do not forget the quotes around the flags" >>$CONF
- echo "S_FLAGS=\"$flags\"" >>$CONF
- echo "# You can set various ulimit flags and they will be inherited by the" >>$CONF
- echo "# vserver. You enter here various command line argument of ulimit" >>$CONF
- echo "# ULIMIT=\"-H -u 200\"" >>$CONF
- echo "# The example above, combined with the nproc S_FLAGS will limit the" >>$CONF
- echo "# vserver to a maximum of 200 processes" >>$CONF
- echo "ULIMIT=\"$ulimit\"" >>$CONF
- echo "# You can set various capabilities. By default, the vserver are run" >>$CONF
- echo "# with a limited set, so you can let root run in a vserver and not" >>$CONF
- echo "# worry about it. He can\'t take over the machine. In some cases" >>$CONF
- echo "# you can to give a little more capabilities \(such as CAP_NET_RAW\)" >>$CONF
- echo "# S_CAPS=\"CAP_NET_RAW\"" >>$CONF
- echo "S_CAPS=\"\"" >>$CONF
- echo "# Select an unused context (this is optional)" >>$CONF
- echo "# The default is to allocate a free context on the fly" >>$CONF
- echo "# In general you don't need to force a context" >>$CONF
- echo "#S_CONTEXT=" >>$CONF
-
- # Now we create the optional companion startup script
- # for the vserver
- SCRIPT=/etc/vservers/$name.sh
- echo "#!/bin/sh" >$SCRIPT
- echo 'case $1 in' >>$SCRIPT
- echo "pre-start)" >>$SCRIPT
- for dir in $dir1 $dir2 $dir3 $dir4 none
- do
- if [ "$dir" != "none" ] ; then
- echo " mkdir -p $VROOT/$dir" >>$SCRIPT
- echo " mount --bind $dir $VROOT/$dir" >>$SCRIPT
- fi
- done
- echo " ;;" >>$SCRIPT
- echo "post-start)" >>$SCRIPT
- echo " ;;" >>$SCRIPT
- echo "pre-stop)" >>$SCRIPT
- echo " ;;" >>$SCRIPT
- echo "post-stop)" >>$SCRIPT
- for dir in $dir1 $dir2 $dir3 $dir4 none
- do
- if [ "$dir" != "none" ] ; then
- echo " umount $VROOT/$dir" >>$SCRIPT
- fi
- done
- echo " ;;" >>$SCRIPT
- echo '*)' >>$SCRIPT
- echo ' echo $0 pre-start' >>$SCRIPT
- echo ' echo $0 pre-stop' >>$SCRIPT
- echo ' echo $0 post-start' >>$SCRIPT
- echo ' echo $0 post-stop' >>$SCRIPT
- echo " ;;" >>$SCRIPT
- echo "esac" >>$SCRIPT
- chmod +x $SCRIPT
-
- LOG=/var/run/newvserver.log.$$
- if [ "$clone" = "/" ] ; then
- # Unification does not work on / yet
- $VSERVER_CMD $name build >$LOG
- elif [ "$clone" = "#rh7.2" ] ; then
- check_cd "first RedHat 7.2 CD"
- set_fstab $VROOT
- installpkgs $LOG $USR_LIB_VSERVER/install-rh7.2 $name
- elif [ "$clone" = "#rh7.3m" -o "$clone" = "#rh7.3f" ] ; then
- check_cd "first RedHat 7.3 CD"
- set_fstab $VROOT
- if [ "$clone" = "#rh7.3m" ] ;then
- installpkgs $LOG $USR_LIB_VSERVER/install-rh7.3 $name minimum
- else
- installpkgs $LOG $USR_LIB_VSERVER/install-rh7.3 $name full
- fi
- elif [ "$clone" = "#rh8.0m" -o "$clone" = "#rh8.0f" ] ; then
- check_cd "first RedHat 8.0 CD"
- set_fstab $VROOT
- if [ "$clone" = "#rh8.0m" ] ;then
- installpkgs $LOG $USR_LIB_VSERVER/install-rh8.0 $name minimum
- else
- installpkgs $LOG $USR_LIB_VSERVER/install-rh8.0 $name full
- fi
- elif [ "$clone" = "#rh9.0m" -o "$clone" = "#rh9.0f" ] ; then
- check_cd "first RedHat 9.0 CD"
- set_fstab $VROOT
- if [ "$clone" = "#rh9.0m" ] ;then
- installpkgs $LOG $USR_LIB_VSERVER/install-rh9.0 $name minimum
- else
- installpkgs $LOG $USR_LIB_VSERVER/install-rh9.0 $name full
- fi
- elif [ "$unify" = "0" ] ; then
- cp -ax /vservers/$clone/. $VROOT/. >$LOG
- else
- EXCLOPT=
- for dir in $exdir1 $exdir2 $exdir3 $exdir4 $exdir5 $exdir6 none
- do
- if [ "$dir" != "none" ] ; then
- EXCLOPT="$EXCLOPT --excldir $dir"
- fi
- done
- $USR_LIB_VSERVER/vbuild $EXCLOPT --stats /vservers/$clone $VROOT >$LOG
- fi
- rm -f $VROOT/var/run/utmp
- $USR_LIB_VSERVER/fakerunlevel 3 $VROOT/var/run/utmp
- test "$crond" = 1 && $VSERVER_CMD $name chkconfig crond on >/dev/null
- test "$httpd" = 1 && $VSERVER_CMD $name chkconfig httpd on >/dev/null
- test "$sshd" = 1 && $VSERVER_CMD $name chkconfig sshd on >/dev/null
- if [ "$cleansshd" = 1 ] ; then
- echo Deleting sshd server keys >>$LOG
- rm -f $VROOT/etc/ssh/*_key
- rm -f $VROOT/etc/ssh/*_key.pub
- fi
- test "$syslog" = 1 && $VSERVER_CMD $name chkconfig syslog on >/dev/null
- test "$xinetd" = 1 && $VSERVER_CMD $name chkconfig xinetd on >/dev/null
- test "$nscd" = 1 && $VSERVER_CMD $name chkconfig nscd on >/dev/null
- host0=`echo $hostname | sed 's/\./ /g' | ( read a b; echo $a)`
- echo $ip $hostname $host0 localhost >$VROOT/etc/hosts
- RHNETWORK=$VROOT/etc/sysconfig/network
- if [ -f $RHNETWORK ] ; then
- cat $RHNETWORK | grep -v HOSTNAME >/tmp/newvserver.tmp.$$
- cp /tmp/newvserver.tmp.$$ $RHNETWORK
- echo HOSTNAME=$hostname >>$RHNETWORK
- fi
- # Umount proc and /dev/pts
- $VSERVER_CMD $name stop >/dev/null
- ENDTIME=`date +%s`
- DURATION=`expr $ENDTIME - $STARTTIME`
-
- echo defval s1 Server $name was installed in $VROOT
- echo defval s1 The configuration file /etc/vservers/$name.conf was created
- echo defval s1 The script /etc/vservers/$name.sh was created
- echo defval s1 Vserver $name was created in $DURATION seconds
- echo defval s1
- cat $LOG | while read line
- do
- echo defval s1 $line
- done
- echo notice =s1
- rm -f $LOG
- # Finish some stuff: root password, account policies
- if [ -x $VROOT/usr/sbin/authconfig ] ; then
- SHADOWOPT=
- MD5OPT=
- NISOPT=
- LDAPOPT=
- if [ "$usemd5" = "1" ] ; then
- MD5OPT=--usemd5
- fi
- if [ "$useshadow" = "1" ] ; then
- SHADOWOPT=--useshadow
- fi
- if [ "$nisserver" != "" ] ; then
- NISOPT="--nisserver $nisserver --nisdomain $domainname"
- fi
- if [ "$ldapserver" != "" ] ; then
- LDAPOPT="--ldapserver $ldapserver --ldapbasedn $ldapbasedn"
- fi
- $VSERVER_CMD $name exec /usr/sbin/authconfig \
- --nostart --kickstart \
- $SHADOWOPT $MD5OPT $NISOPT $LDAPOPT
- fi
- if [ "$pass1" != "" ] ; then
- (echo $pass1; sleep 5; echo $pass1) \
- | $VSERVER_CMD --silent $name exec passwd >/dev/null
- fi
- break
- fi
- done
- qecho end
-}
-
-dispatch