Skip to content

Instantly share code, notes, and snippets.

@badsyntax
Forked from senko/create-new-lxc.sh
Created March 20, 2014 12:58
Show Gist options
  • Save badsyntax/9663207 to your computer and use it in GitHub Desktop.
Save badsyntax/9663207 to your computer and use it in GitHub Desktop.
#!/bin/bash
#
# Initialize new virtual server using LXC and set up networking and HTTP proxy
#
# Written by: Deni Bertovic <deni.bertovic@dobarkod.hr>
#
# Released into Public Domain. You may use, modify and distribute it as you
# see fit.
#
# This script will:
# 1. Create a new LXC virtual machine based on the template container
# 2. Allocate a static IP on the LXC network (must be /24) for the new vm
# 3. Set up a SSH forwarding on a high-port (*022) from the host to the vm
# 4. Set up NGinX to forward requests for <vm>.<domain_suffix> to the new vm
# 5. Start the new VM
#
# To make use of this script, first prepare a virtual machine that will be
# used as the base template. Install and set up everything you'd want to
# be present on every VM.
LXC_TEMPLATE_NAME="minimal-template"
DOMAIN_SUFFIX="dobarkod.hr"
HOST_IP="5.9.97.232"
LXC_NETWORK_PREFIX="10.0.3"
set -e
if [[ $(/usr/bin/id -u) -ne 0 ]]; then
echo "Script needs to be run as root";
exit 1;
fi
if [ $# -ne 1 ]; then
echo "Usage: $0 <container-name>"
exit 1;
fi
## clone new container from minimal-template
name=$1
if [ -d /var/lib/lxc/$name/ ]; then
echo "Container named $name already exists."
exit 1;
fi
lxc-clone -o $LXC_TEMPLATE_NAME -n $name
## set up networking
macAddress=`grep "lxc.network.hwaddr" /var/lib/lxc/$name/config | cut -d ' ' -f 2`
lastUsedIP=`tail -n 1 /etc/ethers | cut -d ' ' -f 2 | cut -d '.' -f 4`
newIP=`expr $lastUsedIP + 1`
echo "# $name" >> /etc/ethers
echo "$macAddress $LXC_NETWORK_PREFIX.$newIP" >> /etc/ethers
## restart dnsmasq to reload the new mac/ip combos from /etc/ethers
killall -s SIGHUP dnsmasq
## add ip tables rule
port=$newIP"022"
iptables -t nat -A PREROUTING -p tcp -d $HOST_IP -j DNAT --dport $port --to-destination $LXC_NETWORK_PREFIX.$newIP:22
iptables-save > /etc/iptables.conf
## add in autostart procedure
ln -s /var/lib/lxc/$name/config /etc/lxc/auto/$name
## start the lxc container
lxc-start -n $name -d
## set up Nginx reverse proxying
cat > /etc/nginx/sites-available/$name.$DOMAIN_SUFFIX <<EOF
server {
listen 80;
server_name $name.$DOMAIN_SUFFIX;
access_log /var/log/nginx/$name.access.log;
error_log /var/log/nginx/$name.error.log;
location / {
proxy_pass_header Server;
proxy_set_header Host \$http_host;
proxy_redirect off;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Scheme \$scheme;
proxy_connect_timeout 3;
proxy_read_timeout 10;
proxy_pass http://$LXC_NETWORK_PREFIX.$newIP:80/;
}
}
EOF
ln -s /etc/nginx/sites-available/$name.$DOMAIN_SUFFIX /etc/nginx/sites-enabled/$name.$DOMAIN_SUFFIX
nginx -t
service nginx restart
echo "New container $name created."
echo " Internal IP: $LXC_NETWORK_PREFIX.$newIP"
echo " External SSH access port: $port"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment