#!/bin/sh # # Copyright (C) 2002, Mark Lawrence # # Install a virtual debian server from a debian archive # ---------------------------------------------------------------- # Configurable items: # Root directory of your virtual servers (probably shouldn't change this) VSERVERROOT="/vservers" # Packages to install in addition to the base defaults # MUST INCLUDE ALL DEPENDENCIES INSTALLPKG="less,dnsutils,wget,bzip2,ssh,rsync,libssl0.9.6,libdns5,libisc4,liblwres1,bind9-host,zlib1g,libbz2-1.0" # Packages to remove from the base defaults REMOVEPKG="dhcp-client,lilo,makedev,pcmcia-cs,ppp,pppconfig,pppoe,pppoeconf,setserial,syslinux,nano,fdutils,iptables,libpcap0,pciutils" REMOVELINKS="klogd hwclock.sh setserial urandom networking umountfs halt reboot" # Architecture ARCH="i386" # Which debian distribution (warning: this has only been tested with woody) DIST="woody" # Local or nearest location of a debian mirror MIRROR="http://sunsite.cnlab-switch.ch/ftp/mirror/debian" # ---------------------------------------------------------------- # Nothing from here on should need changing. if [ ! -x /usr/sbin/debootstrap ]; then echo Requires the debootstrap package. exit 1 fi if [ $# = 3 ] ; then VHOST="$1" VDOMAIN="$2" IP="$3" else echo "Usage: $0 " exit 1 fi if [ -d $VSERVERROOT/$VHOST -o -f /etc/vservers/$VHOST.conf ] ; then echo "Virtual Server $VHOST already exists (check /etc/vservers or /vservers)"; exit 1 fi if [ -d $VSERVERROOT/ARCHIVES ]; then mkdir -p $VSERVERROOT/$VHOST/var/cache/apt/archives cp $VSERVERROOT/ARCHIVES/*.deb $VSERVERROOT/$VHOST/var/cache/apt/archives fi if ! debootstrap --arch $ARCH --include=$INSTALLPKG --exclude=$REMOVEPKG \ $DIST $VSERVERROOT/$VHOST $MIRROR ; then echo "$0: debootstrap failure. Cannot continue." exit 1 fi # Fix up the available devices for security if cd $VSERVERROOT/$VHOST/dev; then tar cfp /tmp/dev.tar.$$ full null ptmx random tty urandom zero rm -rf $VSERVERROOT/$VHOST/dev/* tar xfp /tmp/dev.tar.$$ rm /tmp/dev.tar.$$ mkdir pts mkdir shm fi # Give the new host a hostname echo $VHOST > $VSERVERROOT/$VHOST/etc/hostname # Set up the /etc/hosts file (needed for some parts of the base-config) cat << EOF > $VSERVERROOT/$VHOST/etc/hosts # /etc/hosts 127.0.0.1 localhost $IP $VHOST.$VDOMAIN $VHOST # The following lines are desirable for IPv6 capable hosts # (added automatically by netbase upgrade) ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts EOF # Make it so that apt and friends work cp /etc/apt/sources.list $VSERVERROOT/$VHOST/etc/apt/sources.list if [ -f /etc/apt/apt.conf ]; then cp /etc/apt/apt.conf $VSERVERROOT/$VHOST/etc/apt/apt.conf fi # Create a dummy fstab and mtab and motd uname -a > $VSERVERROOT/$VHOST/etc/motd cat << EOF > $VSERVERROOT/$VHOST/etc/fstab # /etc/fstab: static file system information. # # none /dev/shm tmpfs defaults 0 0 /dev/shm /tmp none bind 0 0 EOF # The new vserver patch now automatically mounts /proc cat << EOF > $VSERVERROOT/$VHOST/etc/mtab /dev/vdev / vfs none 0 0 proc /proc proc rw 0 0 EOF cat << EOF > $VSERVERROOT/$VHOST/etc/inittab # /etc/inittab: init(8) configuration. # The default runlevel. id:2:initdefault: # Boot-time system configuration/initialization script. # This is run first except when booting in emergency (-b) mode. si::sysinit:/etc/init.d/rcS # What to do in single-user mode. ~~:S:wait:/sbin/sulogin # /etc/init.d executes the S and K scripts upon change # of runlevel. # # Runlevel 0 is halt. # Runlevel 1 is single-user. # Runlevels 2-5 are multi-user. # Runlevel 6 is reboot. l0:0:wait:/etc/init.d/rc 0 l1:1:wait:/etc/init.d/rc 1 l2:2:wait:/etc/init.d/rc 2 l3:3:wait:/etc/init.d/rc 3 l4:4:wait:/etc/init.d/rc 4 l5:5:wait:/etc/init.d/rc 5 l6:6:wait:/etc/init.d/rc 6 EOF # Create default /etc/vservers entry cat << EOF > /etc/vservers/$VHOST.conf ONBOOT=no IPROOT=$IP IPROOTDEV=eth0 S_HOSTNAME=$VHOST S_DOMAINNAME= S_NICE= S_FLAGS="lock nproc" ULIMIT="-H -u 1000" S_CAPS="CAP_NET_RAW" EOF # ------------------------------------------------------------ # From here on we do things live in the server # Generate the script that runs the rest of the setup from within the # virtual server. cat << EOF > $VSERVERROOT/$VHOST/vserver-config.sh #!/bin/sh dselect update tzsetup -y dpkg-reconfigure passwd tasksel rm -f /etc/exim/exim.conf eximconfig # because the --exclude flag doesn't seem to work on debootstrap apt-get --assume-yes --purge remove `echo $REMOVEPKG | sed -e 's/,/ /g'` for link in $REMOVELINKS do update-rc.d -f \$link remove done EOF # Run the above commands from within the server chmod 755 $VSERVERROOT/$VHOST/vserver-config.sh vserver $VHOST exec /vserver-config.sh rm -f $VSERVERROOT/$VHOST/vserver-config.sh # Stop all the processes that were started inside the server export PREVLEVEL=2 vserver $VHOST exec /etc/init.d/rc 0 vserver $VHOST stop # Populate the archive for future virtual servers if [ ! -d $VSERVERROOT/ARCHIVES ]; then mkdir $VSERVERROOT/ARCHIVES fi cp $VSERVERROOT/$VHOST/var/cache/apt/archives/*.deb $VSERVERROOT/ARCHIVES echo echo "You should now adjust /etc/vservers/$VHOST.conf to suit your needs," echo "or else just go ahead and type 'vserver $VHOST start' to start" echo "your new virtual server." echo