/setup-zone-exclusive.sh
Created Jun 2, 2009
| #!/bin/sh | |
| # Program Name: setup-zone-exclusive.sh | |
| # Author: Alain Hoang | |
| # Purpose: Wrapper around setting up an ipkg branded zone with | |
| # an exclusive interface | |
| # Notes: If you want DHCP you will need the script from the following URL | |
| # http://www.linuxtopia.org/online_books/opensolaris_2008/SYSADV3/html/extkj.html | |
| # Copy that to dhcp-client-event.sh | |
| # | |
| # Copyright (c) 2009, Alain Hoang | |
| # | |
| # Permission is hereby granted, free of charge, to any person obtaining a copy | |
| # of this software and associated documentation files (the "Software"), to deal | |
| # in the Software without restriction, including without limitation the rights | |
| # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
| # copies of the Software, and to permit persons to whom the Software is | |
| # furnished to do so, subject to the following conditions: | |
| # | |
| # The above copyright notice and this permission notice shall be included in | |
| # all copies or substantial portions of the Software. | |
| # | |
| # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
| # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
| # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | |
| # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
| # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | |
| # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN | |
| # THE SOFTWARE. | |
| ################################################ | |
| # Change the following to match what is needed | |
| ################################################ | |
| REAL_IF="bnx0" | |
| TEMPLATE_ZONE="barebones" | |
| ################################################ | |
| # Do not modify below | |
| ################################################ | |
| if test $# -lt 2 | |
| then | |
| echo "Usage: $0 <new zone name> <network interface>" | |
| exit 1 | |
| fi | |
| # Get command line args | |
| NEW_ZONE_NAME=$1 | |
| NET_IF=$2 | |
| # Verify we can only run as root | |
| ROOT_USER=0 | |
| REAL_USER=`id -u` | |
| if test ${ROOT_USER} -ne ${REAL_USER} | |
| then | |
| echo "This must be run as root. Exiting..." | |
| exit 2 | |
| fi | |
| # Check to see if the zone name has already been taken | |
| zone_prov=`zoneadm list -c | grep -c ${NEW_ZONE_NAME}` | |
| if test ${zone_prov} -gt 0 | |
| then | |
| echo "Zone ${NEW_ZONE_NAME} seems to be already configured" | |
| echo "Delete ${NEW_ZONE_NAME} [y/N]?" | |
| read answer | |
| case ${answer} in | |
| y|Y*) | |
| zonecfg -z ${NEW_ZONE_NAME} delete -F | |
| ;; | |
| *) | |
| echo "Zone already configured. Exiting..." | |
| exit 3 | |
| ;; | |
| esac | |
| fi | |
| # Test the virtual nic nam | |
| vnic_on=`dladm show-link | grep -c ${NET_IF}` | |
| vnic_check=`dladm show-vnic | sed -e '1d' | awk ' { print $1 } '` | |
| if test ${vnic_on} -lt 1 | |
| then | |
| # Ask to create a virtual nic if it is not configured | |
| # | |
| # TODO: Ask user which physical interface to bind to | |
| echo "Network interface ${NET_IF} does not seem exist" | |
| echo "Create it [y/N]?" | |
| read answer | |
| case ${answer} in | |
| y|Y*) | |
| dladm create-vnic -l ${REAL_IF} ${NET_IF} | |
| if test $? -ne 0 | |
| then | |
| echo "Create vnic operation failed! Exiting" | |
| exit 5 | |
| fi | |
| ;; | |
| *) | |
| echo "Network interface does not seem to exist" | |
| exit 4 | |
| ;; | |
| esac | |
| else | |
| # Check if the virtual nic is already in use by another zone | |
| # and do nothing if so | |
| no_zone='--' | |
| zone_for_netif=`dladm show-linkprop ${NET_IF} | grep zone | awk ' { print $4 } '` | |
| if test ${zone_for_netif} != ${no_zone} | |
| then | |
| echo "${NET_IF} is in use by ${zone_for_netif}. Choose another interface" | |
| exit 5 | |
| fi | |
| fi | |
| cat > ${NEW_ZONE_NAME}.zonecfg <<ZONECFG_FILE | |
| create -b | |
| set zonepath=/zones/${NEW_ZONE_NAME} | |
| set brand=ipkg | |
| set autoboot=false | |
| set ip-type=exclusive | |
| add net | |
| set physical=${NET_IF} | |
| end | |
| ZONECFG_FILE | |
| cat > ${NEW_ZONE_NAME}.sysidcfg <<SYSIDCFG_FILE | |
| system_locale=C | |
| terminal=xterms | |
| network_interface=primary { | |
| dhcp protocol_ipv6=yes | |
| } | |
| security_policy=NONE | |
| timezone=Japan | |
| SYSIDCFG_FILE | |
| echo "============================" | |
| echo "Configuring ${NEW_ZONE_NAME}..." | |
| pfexec zonecfg -z ${NEW_ZONE_NAME} -f ${NEW_ZONE_NAME}.zonecfg | |
| echo "" | |
| echo "============================" | |
| echo "Configuration for ${NEW_ZONE_NAME} is..." | |
| pfexec zonecfg -z ${NEW_ZONE_NAME} export | |
| echo "" | |
| echo "============================" | |
| echo "Cloning ${NEW_ZONE_NAME} from ${TEMPLATE_ZONE}..." | |
| pfexec zoneadm -z ${NEW_ZONE_NAME} clone ${TEMPLATE_ZONE} | |
| echo "" | |
| echo "============================" | |
| echo "Detaching ${NEW_ZONE_NAME} to autoconfigure..." | |
| pfexec zoneadm -z ${NEW_ZONE_NAME} detach | |
| echo "" | |
| echo "============================" | |
| echo "Copying ${NEW_ZONE_NAME}.sysidcfg into ${NEW_ZONE_NAME}..." | |
| pfexec cp ${NEW_ZONE_NAME}.sysidcfg /zones/${NEW_ZONE_NAME}/root/etc/sysidcfg | |
| echo "" | |
| echo "============================" | |
| echo "Conriguring root password for ${NEW_ZONE_NAME}..." | |
| pfexec cp /zones/${NEW_ZONE_NAME}/root/etc/shadow /tmp/setupzone.$$ | |
| pfexec grep -v root /tmp/setupzone.$$ > /tmp/setupzone2.$$ | |
| pfexec echo 'root:$5$EVUu5LA8$jSAMMLX4DJDQ1tMAIoScYJp2f9EdETnxcIXa/BOLL8A:14146::::::' > /tmp/setupzone.$$ | |
| pfexec cat /tmp/setupzone2.$$ >> /tmp/setupzone.$$ | |
| pfexec mv /tmp/setupzone.$$ /zones/${NEW_ZONE_NAME}/root/etc/shadow | |
| pfexec chmod 0400 /zones/${NEW_ZONE_NAME}/root/etc/shadow | |
| echo "" | |
| echo "============================" | |
| echo "Setting NFSv4 domain for ${NEW_ZONE_NAME}..." | |
| cat /zones/${NEW_ZONE_NAME}/root/etc/default/nfs | sed -e "s/\#NFSMAPID_DOMAIN\=domain/NFSMAPID_DOMAIN=zendo\.bebear\.net/" > /tmp/nfsconfig.$$ | |
| pfexec mv /tmp/nfsconfig.$$ /zones/${NEW_ZONE_NAME}/root/etc/default/nfs | |
| pfexec chmod 644 /zones/${NEW_ZONE_NAME}/root/etc/default/nfs | |
| pfexec touch /zones/${NEW_ZONE_NAME}/root/etc/.NFS4inst_state.domain | |
| echo "" | |
| echo "============================" | |
| echo "Removing .UNCONFIGURED for ${NEW_ZONE_NAME}..." | |
| pfexec rm /zones/${NEW_ZONE_NAME}/root/etc/.UNCONFIGURED | |
| echo "" | |
| echo "============================" | |
| echo "Setting up DHCP event hook into ${NEW_ZONE_NAME}..." | |
| pfexec cp dhcp-client-event.sh /zones/${NEW_ZONE_NAME}/root/etc/dhcp/eventhook | |
| pfexec chmod +x /zones/${NEW_ZONE_NAME}/root/etc/dhcp/eventhook | |
| echo "" | |
| echo "============================" | |
| echo "Setting up nsswitch into ${NEW_ZONE_NAME}..." | |
| pfexec cp /zones/${NEW_ZONE_NAME}/root/etc/nsswitch.dns \ | |
| /zones/${NEW_ZONE_NAME}/root/etc/nsswitch.conf | |
| echo "" | |
| echo "============================" | |
| echo "Re-attaching ${NEW_ZONE_NAME} to autoconfigure..." | |
| pfexec zoneadm -z ${NEW_ZONE_NAME} attach | |
| echo "" | |
| echo "============================" | |
| echo "Booting ${NEW_ZONE_NAME}..." | |
| pfexec zoneadm -z ${NEW_ZONE_NAME} boot | |
| echo "============================" | |
| echo "sysidconfig on ${NEW_ZONE_NAME}..." | |
| pfexec zlogin ${NEW_ZONE_NAME} sysidconfig | |
| echo "============================" | |
| echo "Plumbing ${NEW_ZONE_NAME}'s interface ..." | |
| pfexec zlogin ${NEW_ZONE_NAME} ifconfig ${NET_IF} plumb | |
| echo "============================" | |
| echo "DHCPing ${NEW_ZONE_NAME}'s interface ..." | |
| pfexec zlogin ${NEW_ZONE_NAME} ifconfig ${NET_IF} auto-dhcp | |
| echo "" | |
| echo "============================" | |
| echo "Showing all configured zones" | |
| zoneadm list -cv | |
| echo "" | |
| echo "============================" | |
| echo "Finish the final setup with" | |
| echo " pfexec zlogin -C ${NEW_ZONE_NAME}" | |
| echo " pfexec zoneadm -z ${NEW_ZONE_NAME} boot" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment