1 |
#!/usr/bin/perl -w |
2 |
# |
3 |
# Dobrica Pavlinusic <dpavlin@rot13.org> 2007-01-07 |
4 |
# |
5 |
use strict; |
6 |
use Shell qw/mkdir vzsplit rm/; |
7 |
use IO::Prompt; |
8 |
use Regexp::Common qw/net/; |
9 |
use lib 'lib'; |
10 |
use VZ; |
11 |
|
12 |
# default debian distribution |
13 |
my $dist = 'etch'; |
14 |
# debian mirror to use |
15 |
my $debian_mirror_uri = 'http://www.debian.org/debian'; |
16 |
my $arh = 'i386'; |
17 |
# split physicial machine in how meny virtual ones? |
18 |
my $ve_total = 4; |
19 |
# swap size (Mb) |
20 |
my $swap_size = 512; |
21 |
# diskspace |
22 |
my $diskspace = '2G:4G'; |
23 |
|
24 |
$dist = 'testing'; |
25 |
$arh = 'amd64'; |
26 |
|
27 |
check_root; |
28 |
|
29 |
my $config_file = $0; |
30 |
$config_file =~ s!-create.pl!-tools.conf!; |
31 |
warn "## $config_file\n"; |
32 |
if (-e $config_file) { |
33 |
open(my $fh, '<', $config_file) || die "can't open $config_file: $!"; |
34 |
eval join("\n", <$fh>); |
35 |
close($fh); |
36 |
die "Error in $config_file: $@" if ($@); |
37 |
} |
38 |
|
39 |
print "Creating new OpenVZ instance...\n"; |
40 |
|
41 |
my ($hostname, $ip) = ('localhost',''); |
42 |
|
43 |
foreach my $arg ( @ARGV ) { |
44 |
|
45 |
if ($arg =~ m/$RE{net}{IPv4}/) { |
46 |
$ip = $arg; |
47 |
if ( my $h = hostname2ip($arg) ) { |
48 |
$hostname = $h; |
49 |
} |
50 |
} elsif ($arg) { |
51 |
if ( my $addr = hostname2ip($arg) ) { |
52 |
( $hostname, $ip ) = ( $arg, $addr ); |
53 |
} else { |
54 |
$hostname = $arg; |
55 |
} |
56 |
} |
57 |
} |
58 |
|
59 |
$ip ||= prompt('Enter IP: ', -require => { |
60 |
'Must be IP (e.g. 192.168.0.1): ' => qr/$RE{net}{IPv4}/, |
61 |
}) unless ($ip =~ /$RE{net}{IPv4}/); |
62 |
|
63 |
$hostname ||= prompt('Enter hostname: ') unless ($hostname); |
64 |
|
65 |
my @ip_split = split(/\./,$ip); |
66 |
|
67 |
my $ve_id = sprintf('%d%03d', $ip_split[2], $ip_split[3]); |
68 |
|
69 |
my $vz_root = '/vz'; |
70 |
|
71 |
die "need to know vz_root, and $vz_root doesn't exist: $!\n" unless (-e $vz_root); |
72 |
|
73 |
print "VEID: $ve_id hostname: $hostname ip: $ip\n"; |
74 |
|
75 |
warn ">> creating directories\n"; |
76 |
|
77 |
mkdir('-p', "$vz_root/root/$ve_id", "$vz_root/private/$ve_id"); |
78 |
|
79 |
warn ">> installing debian $dist $arh from $debian_mirror_uri\n"; |
80 |
|
81 |
if (! -e "$vz_root/private/$ve_id/etc/debian_version") { |
82 |
|
83 |
my $debootstrap = "debootstrap --arch $arh $dist $vz_root/private/$ve_id $debian_mirror_uri"; |
84 |
warn "# $debootstrap\n"; |
85 |
system($debootstrap); |
86 |
|
87 |
} else { |
88 |
warn "Debian allready installed in $vz_root/private/$ve_id\n"; |
89 |
} |
90 |
|
91 |
sub vzctl { |
92 |
my @args = @_; |
93 |
warn "## vzctl ", join(" ",@args), "\n"; |
94 |
system "vzctl", @args; |
95 |
} |
96 |
|
97 |
my $conf_path = "/etc/vz/conf/${ve_id}.conf"; |
98 |
warn ">> creating configuration file $conf_path\n"; |
99 |
|
100 |
if (-e $conf_path) { |
101 |
warn "$conf_path allready exists, not touching it\n"; |
102 |
} else { |
103 |
vzsplit('-n', $ve_total, '-s', $swap_size * 1024, '>', $conf_path); |
104 |
|
105 |
die "configuration file not created" unless -e $conf_path; |
106 |
|
107 |
open(my $tmp, '>>', $conf_path) || die "can't open $conf_path: $!"; |
108 |
print $tmp "OSTEMPLATE=debian-3.1\n"; |
109 |
close($tmp); |
110 |
|
111 |
# vzctl('set', $ve_id, '--applyconfig', 'vps.basic', '--save'); |
112 |
vzctl('set', $ve_id, '--ipadd', $ip, '--save'); |
113 |
vzctl('set', $ve_id, '--hostname', $hostname, '--save'); |
114 |
vzctl('set', $ve_id, '--diskspace', $diskspace, '--save'); |
115 |
} |
116 |
|
117 |
sub create_file { |
118 |
my ($path, $code) = @_; |
119 |
if (! -e $path) { |
120 |
warn ">> creating $path\n"; |
121 |
open(my $tmp, '>', $path) || die "can't create $path: $!"; |
122 |
print $tmp $code->($path); |
123 |
close($tmp); |
124 |
} |
125 |
} |
126 |
|
127 |
create_file( |
128 |
"$vz_root/private/$ve_id/etc/apt/sources.list", |
129 |
"deb $debian_mirror_uri $dist main contrib non-free\n" |
130 |
); |
131 |
|
132 |
vzctl('start', $ve_id); |
133 |
|
134 |
my $customize_sh = <<'__END_OF_SH__'; |
135 |
|
136 |
# use shadow passwords |
137 |
pwconv |
138 |
|
139 |
# upgrade to lastest version |
140 |
apt-get -y update |
141 |
apt-get -y upgrade |
142 |
|
143 |
# install additional packages |
144 |
apt-get -y --force-yes install vim less ssh sudo screen telnet finger |
145 |
|
146 |
# remove unwanted packages |
147 |
apt-get -y remove nano |
148 |
|
149 |
# apt-iselect helper |
150 |
wget -t 1 -T 5 -O /usr/local/bin/apt-iselect http://www.rot13.org/~dpavlin/projects/scripts/apt-iselect |
151 |
chmod 755 /usr/local/bin/apt-iselect |
152 |
|
153 |
# lock root user |
154 |
usermod -L root |
155 |
|
156 |
# disable getty |
157 |
sed -i -e '/getty/d' /etc/inittab |
158 |
|
159 |
# sane permissions for /root directory |
160 |
chmod 700 /root |
161 |
|
162 |
# disable sync() for syslog |
163 |
sed -i -e 's@\([[:space:]]\)\(/var/log/\)@\1-\2@' /etc/syslog.conf |
164 |
|
165 |
# fix /etc/mtab |
166 |
rm -f /etc/mtab |
167 |
ln -s /proc/mounts /etc/mtab |
168 |
|
169 |
# remove unneeded packages |
170 |
dpkg --purge modutils |
171 |
dpkg --purge ppp pppoeconf pppoe pppconfig |
172 |
|
173 |
# disable services |
174 |
update-rc.d -f klogd remove |
175 |
update-rc.d -f quotarpc remove |
176 |
update-rc.d -f exim4 remove |
177 |
update-rc.d -f inetd remove |
178 |
|
179 |
# clean packages |
180 |
apt-get clean |
181 |
|
182 |
__END_OF_SH__ |
183 |
|
184 |
foreach my $l (split(/\n/, $customize_sh)) { |
185 |
next if ($l =~ /^\s*$/); |
186 |
if ($l =~ /^#\s+(.+)$/) { |
187 |
warn ">> $1\n"; |
188 |
} else { |
189 |
vzctl('exec', $ve_id, $l); |
190 |
} |
191 |
} |
192 |
|
193 |
#vzctl('stop', $ve_id); |
194 |
|
195 |
my $passwd = prompt('root passwd: ', -echo=>'*'); |
196 |
vzctl('set', $ve_id, '--userpasswd', 'root:' . $passwd ) if ($passwd); |
197 |
|
198 |
my $login = prompt('create login: '); |
199 |
if ($login) { |
200 |
$passwd = prompt("$login passwd: ", -echo=>'*'); |
201 |
vzctl('exec', $ve_id, "useradd --create-home $login"); |
202 |
vzctl('set', $ve_id, '--userpasswd', "$login:$passwd" ); |
203 |
} |