#!/bin/bash

#
# template script for generating openmandriva container for LXC
#

#
# lxc: linux Container library

# Authors:
# Alexander Stefanov <alexander@mezon.ru>
# Vokhmin Alexey V   <avokhmin@gmail.com>
# Bernhard Rosenkraenzer <bero@lindev.ch>

# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.

# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# Lesser General Public License for more details.

# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
#

# Detect use under userns (unsupported)
for arg in "$@"; do
	[ "$arg" = "--" ] && break
	if [ "$arg" = "--mapped-uid" -o "$arg" = "--mapped-gid" ]; then
		echo "This template can't be used for unprivileged containers." 1>&2
		echo "You may want to try the \"download\" template instead." 1>&2
		exit 1
	fi
done

# Make sure the usual locations are in PATH
export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin

#Configurations
#distro=cooker
hostarch=$(uname -m)
# Allow the cache base to be set by environment variable
cache_base="${LXC_CACHE_PATH:-/var/lib/cache/lxc/openmandriva/$arch}"
default_path=/var/lib/lib/lxc
default_profile=default
lxc_network_type=veth
lxc_network_link=lxcbr0

# is this openmandriva?
grep -q OpenMandriva /etc/os-release && is_openmandriva=true

configure_openmandriva()
{
	# set the hostname
	echo "${utsname}" > ${rootfs_path}/etc/hostname

	# set minimal hosts
	cat <<EOF > $rootfs_path/etc/hosts
127.0.0.1 localhost.localdomain localhost $utsname
::1				 localhost6.localdomain6 localhost6
EOF
}

populate_dev()
{
	echo -n "Create devices in /dev/"
	dev_path="${rootfs_path}/dev"
	rm -rf $dev_path
	mkdir -p $dev_path
	mknod -m 666 ${dev_path}/null c 1 3
	mknod -m 666 ${dev_path}/zero c 1 5
	mknod -m 666 ${dev_path}/random c 1 8
	mknod -m 666 ${dev_path}/urandom c 1 9
	mkdir -m 755 ${dev_path}/pts
	mkdir -m 1777 ${dev_path}/shm
	mknod -m 666 ${dev_path}/tty c 5 0
	mknod -m 666 ${dev_path}/tty0 c 4 0
	mknod -m 666 ${dev_path}/tty1 c 4 1
	mknod -m 666 ${dev_path}/tty2 c 4 2
	mknod -m 666 ${dev_path}/tty3 c 4 3
	mknod -m 666 ${dev_path}/tty4 c 4 4
	mknod -m 666 ${dev_path}/tty5 c 4 5
	mknod -m 666 ${dev_path}/tty6 c 4 6
	mknod -m 600 ${dev_path}/console c 5 1
	mknod -m 666 ${dev_path}/full c 1 7
	mknod -m 600 ${dev_path}/initctl p
	mknod -m 666 ${dev_path}/ptmx c 5 2
	mkdir -m 755 ${dev_path}/net
	mknod -m 666 ${dev_path}/net/tun c 10 200
}

set_guest_root_password()
{
	[ -z "$root_password" ] && return # pass is empty, abort

	echo " - setting guest root password.."
	echo "root passwd is: $root_password"
	echo "root:$root_password" | chroot "$rootfs_path" chpasswd
	echo "done."
}

create_chroot_openmandriva()
{
	# check the mini openmandriva was not already downloaded
	INSTALL_ROOT=$cache/cache
	mkdir -p $INSTALL_ROOT
	if [ $? -ne 0 ]; then
		echo "Failed to create '$INSTALL_ROOT' directory"
		return 1
	fi

	# Poor man's version of "dnf install --installroot=" --
	# need to get the repository configs from rpm packages
	# without having the repositories configured...
	PKGS=http://abf-downloads.rosalinux.ru/$release/repository/$arch/main/release/
	curl -s -L $PKGS |grep '^<a' |cut -d'"' -f2 >PACKAGES
	PRE_PACKAGES="rosa-repos"
	for i in $PRE_PACKAGES; do
		P=`grep "^$i-[0-9].*" PACKAGES`
		if [ "$?" != "0" ]; then
			echo "Can't find $i package for target" >&2
			exit 1
		fi
		curl -O $PKGS/$P
		rpm -r $INSTALL_ROOT -Uvh --ignorearch --nodeps $P
	done

	# package list to install
	PKG_LIST="basesystem-minimal locales locales-en systemd dnf networkmanager kbd"
	# download a mini openmandriva into a cache
	echo "Downloading openmandriva minimal ..."
	DNF="/usr/bin/dnf -y install --nogpgcheck --installroot=$INSTALL_ROOT --releasever=$release --forcearch=$arch $PKG_LIST"
	echo $DNF
	$DNF
	# We're splitting the old loop into two loops plus a directory retrival.
	# First loop...  Try and retrive a mirror list with retries and a slight
	# delay between attempts...
	if [ $? -ne 0 ]; then
		echo "Failed to download the rootfs, aborting."
		return 1
	fi

	mv "$INSTALL_ROOT" "$cache/rootfs"
	echo "Download complete."

	return 0
}

copy_openmandriva()
{

	echo -n "Copying rootfs to $rootfs_path ..."
	mkdir -p $rootfs_path
	rsync -SHaAX $cache/rootfs/ $rootfs_path/
	return 0
}

update_openmandriva()
{
	echo "automated update in progress..."
	dnf -y distro-sync --installroot=$cache/rootfs
}

configure_openmandriva_systemd()
{
	chroot ${rootfs_path} ln -s /dev/null /etc/systemd/system/proc-sys-fs-binfmt_misc.automount
	chroot ${rootfs_path} ln -s /dev/null /etc/systemd/system/systemd-udevd.service
	chroot ${rootfs_path} ln -s /dev/null /etc/systemd/system/systemd-udevd-control.socket
	chroot ${rootfs_path} ln -s /dev/null /etc/systemd/system/systemd-udevd-kernel.socket
	# remove numlock service
	# KDGKBLED: Inappropriate ioctl for device
	rm -f ${rootfs_path}/etc/systemd/system/getty@.service.d/enable-numlock.conf

	unlink ${rootfs_path}/etc/systemd/system/default.target
	chroot ${rootfs_path} ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
	sed -i 's!ConditionPathExists=/dev/tty0!ConditionPathExists=|/dev/tty0\nConditionVirtualization=|lxc!' \
		${rootfs_path}/lib/systemd/system/getty\@.service
}


install_openmandriva()
{
	mkdir -p /var/lib/lock/subsys/
	(
		flock -x 9
		if [ $? -ne 0 ]; then
			echo "Cache repository is busy."
			return 1
		fi

		echo "Checking cache download in $cache/rootfs ... "
		if [ ! -e "$cache/rootfs" ]; then
			echo $cache/rootfs
			create_chroot_openmandriva
			if [ $? -ne 0 ]; then
				echo "Failed to download 'openmandriva basesystem-minimal'"
				return 1
			fi
		else
			echo "Cache found. Updating..."
			update_openmandriva
			if [ $? -ne 0 ]; then
				echo "Failed to update 'openmandriva base', continuing with last known good cache"
			else
				echo "Update finished"
			fi
		fi

		echo "Copy $cache/rootfs to $rootfs_path ... "
		copy_openmandriva
		if [ $? -ne 0 ]; then
			echo "Failed to copy rootfs"
			return 1
		fi
		return 0
	) 9>/var/lib/lock/subsys/lxc-openmandriva

	return $?
}

copy_configuration()
{

	mkdir -p $config_path
	grep -q "^lxc.rootfs.path" $config_path/config 2>/dev/null || echo "lxc.rootfs.path = $rootfs_path" >> $config_path/config
	cat <<EOF >> $config_path/config
lxc.uts.name = $name
lxc.tty.max = 4
lxc.pty.max = 1024
lxc.cap.drop = sys_module mac_admin mac_override sys_time
lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed

# When using LXC with apparmor, uncomment the next line to run unconfined:
#lxc.apparmor.profile = unconfined

#networking
lxc.net.0.type = $lxc_network_type
lxc.net.0.flags = up
lxc.net.0.link = $lxc_network_link
lxc.net.0.name = eth0
lxc.net.0.mtu = 1500
EOF
if [ ! -z ${ipv4} ]; then
	cat <<EOF >> $config_path/config
lxc.net.0.ipv4.address = $ipv4
EOF
fi
if [ ! -z ${gw} ]; then
	cat <<EOF >> $config_path/config
lxc.net.0.ipv4.gateway = $gw
EOF
fi
if [ ! -z ${ipv6} ]; then
	cat <<EOF >> $config_path/config
lxc.net.0.ipv6.address = $ipv6
EOF
fi
if [ ! -z ${gw6} ]; then
	cat <<EOF >> $config_path/config
lxc.net.0.ipv6.gateway = $gw6
EOF
fi
	cat <<EOF >> $config_path/config
#cgroups
lxc.cgroup.devices.deny = a
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 10:135 rwm
EOF

	if [ $? -ne 0 ]; then
		echo "Failed to add configuration"
		return 1
	fi

	return 0
}

clean()
{

	if [ ! -e $cache ]; then
		exit 0
	fi

	# lock, so we won't purge while someone is creating a repository
	(
		flock -x 9
		if [ $? != 0 ]; then
			echo "Cache repository is busy."
			exit 1
		fi

		echo -n "Purging the download cache for OpenMandriva-$release..."
		rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1
		exit 0
	) 9>/var/lib/lock/subsys/lxc-openmandriva
}

usage()
{
	cat <<EOF
usage:
	$1 -n|--name=<container_name>
		[-p|--path=<path>] [-c|--clean] [-R|--release=<openmandriva2013.0/rosa2012.1/cooker/ release>]
		[-4|--ipv4=<ipv4 address>] [-6|--ipv6=<ipv6 address>]
		[-g|--gw=<gw address>] [-d|--dns=<dns address>]
		[-P|--profile=<name of the profile>] [--rootfs=<path>]
		[-A|--arch=<arch of the container>]
		[-h|--help]
Mandatory args:
  -n,--name		 container name, used to as an identifier for that container from now on
Optional args:
  -p,--path		 path to where the container rootfs will be created, defaults to /var/lib/lib/lxc. The container config will go under /var/lib/lib/lxc in that case
  -c,--clean		clean the cache
  -R,--release	  openmandriva2013.0/cooker/rosa2012.1 release for the new container. if the host is OpenMandriva, then it will default to the host's release.
  -4,--ipv4		 specify the ipv4 address to assign to the virtualized interface, eg. 192.168.1.123/24
  -6,--ipv6		 specify the ipv6 address to assign to the virtualized interface, eg. 2003:db8:1:0:214:1234:fe0b:3596/64
  -g,--gw		   specify the default gw, eg. 192.168.1.1
  -G,--gw6		  specify the default gw, eg. 2003:db8:1:0:214:1234:fe0b:3596
  -d,--dns		  specify the DNS server, eg. 192.168.1.2
  -P,--profile	  Profile name is the file name in /etc/lxc/profiles contained packages name for install to cache.
  -A,--arch		 Define what arch the container will be [i586,x86_64,armv7l,armv7hl]
  ---rootfs		 rootfs path
  -h,--help		 print this help
EOF
	return 0
}

options=$(getopt -o hp:n:P:cR:4:6:g:d:A -l help,rootfs:,path:,name:,profile:,clean:,release:,ipv4:,ipv6:,gw:,dns:,arch: -- "$@")
if [ $? -ne 0 ]; then
	usage $(basename $0)
	exit 1
fi
eval set -- "$options"

release=${release:-"cooker"}

while true
do
	case "$1" in
		-h|--help)	  usage $0 && exit 0;;
		-p|--path)	  path=$2; shift 2;;
		--rootfs)	   rootfs_path=$2; shift 2;;
		-n|--name)	  name=$2; shift 2;;
		-P|--profile)   profile=$2; shift 2;;
		-c|--clean)	 clean=1; shift 1;;
		-R|--release)   release=$2; shift 2;;
		-A|--arch)	  arch=$2; shift 2;;
		-4|--ipv4)	  ipv4=$2; shift 2;;
		-6|--ipv6)	  ipv6=$2; shift 2;;
		-g|--gw)		gw=$2; shift 2;;
		-d|--dns)	   dns=$2; shift 2;;
		--)			 shift 1; break ;;
		*)			  break ;;
	esac
done

arch=${arch:-$hostarch}

if [ ! -z "$clean" -a -z "$path" ]; then
	clean || exit 1
	exit 0
fi

if [ -z "${utsname}" ]; then
	utsname=${name}
fi

type urpmi >/dev/null 2>&1
if [ $? -ne 0 ]; then
	echo "'urpmi' command is missing"
	exit 1
fi

if [ -z "$path" ]; then
	path=$default_path
fi

if [ -z "$profile" ]; then
	profile=$default_profile
fi

if [ $hostarch = "i686" -a $arch = "x86_64" ]; then
	 echo "can't create x86_64 container on i686"
	 exit 1
fi

if [ -z "$ipv4" -a -z "$ipv6" ]; then
	BOOTPROTO="dhcp"
else
	BOOTPROTO="static"
fi

if [ "$(id -u)" != "0" ]; then
	echo "This script should be run as 'root'"
	exit 1
fi

# check for 'lxc.rootfs.path' passed in through default config by lxc-create
if [ -z "$rootfs_path" ]; then
	if grep -q '^lxc.rootfs.path' $path/config 2>/dev/null ; then
		rootfs_path=$(awk -F= '/^lxc.rootfs.path =/{ print $2 }' $path/config)
	else
		rootfs_path=$path/$name/rootfs
	fi
fi

config_path=$default_path/$name
cache=$cache_base/$release/$arch/$profile

if [ ! -f $config_path/config ]; then
	echo "A container with that name exists, chose a different name"
	exit 1
fi

install_openmandriva
if [ $? -ne 0 ]; then
	echo "failed to install openmandriva"
	exit 1
fi

configure_openmandriva
if [ $? -ne 0 ]; then
	echo "failed to configure openmandriva for a container"
	exit 1
fi

# If the systemd configuration directory exists - set it up for what we need.
if [ -d ${rootfs_path}/etc/systemd/system ]
then
	configure_openmandriva_systemd
fi

populate_dev
if [ $? -ne 0 ]; then
	echo "failed to populated /dev/ devices"
	exit 1
fi

set_guest_root_password
if [ $? -ne 0 ]; then
	echo "failed to configure password for chroot"
	exit 1
fi

copy_configuration
if [ $? -ne 0 ]; then
	echo "failed write configuration file"
	exit 1
fi

if [ ! -z "$clean" ]; then
	clean || exit 1
	exit 0
fi
echo "container rootfs and config created"
