From f9a8dfcd51e481a49355d94a3e74f2762519378f Mon Sep 17 00:00:00 2001 From: rhatto Date: Sun, 11 Feb 2007 14:29:54 +0000 Subject: changed repository layout to trunk/, tags/ and branches/ scheme git-svn-id: svn+slack://slack.fluxo.info/var/svn/simplepkg@181 04377dda-e619-0410-9926-eae83683ac58 --- .../vserver-legacy/vserver-legacy.s/GPG-KEY | 88 +++++++++++++++++++++ .../vserver-legacy/vserver-legacy.s/devices.tar.gz | Bin 0 -> 322 bytes .../vserver-legacy/vserver-legacy.s/skel.conf | 70 ++++++++++++++++ .../vserver-legacy.s/vserver-legacy.sh | 49 ++++++++++++ 4 files changed, 207 insertions(+) create mode 100644 trunk/templates/vserver-legacy/vserver-legacy.s/GPG-KEY create mode 100644 trunk/templates/vserver-legacy/vserver-legacy.s/devices.tar.gz create mode 100644 trunk/templates/vserver-legacy/vserver-legacy.s/skel.conf create mode 100644 trunk/templates/vserver-legacy/vserver-legacy.s/vserver-legacy.sh (limited to 'trunk/templates/vserver-legacy/vserver-legacy.s') diff --git a/trunk/templates/vserver-legacy/vserver-legacy.s/GPG-KEY b/trunk/templates/vserver-legacy/vserver-legacy.s/GPG-KEY new file mode 100644 index 0000000..fd23e95 --- /dev/null +++ b/trunk/templates/vserver-legacy/vserver-legacy.s/GPG-KEY @@ -0,0 +1,88 @@ +security@slackware.com public key + +Type bits/keyID Date User ID +pub 1024D/40102233 2003-02-26 Slackware Linux Project +sub 1024g/4E523569 2003-02-26 [expires: 2012-12-21] + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.2.1 (GNU/Linux) + +mQGiBD5dIFQRBADB31WinbXdaGk/8RNkpnZclu1w3Xmd5ItACDLB2FhOhArw35EA +MOYzxI0gRtDNWN4pn9n74q4HbFzyRWElThWRtBTYLEpImzrk7HYVCjMxjw5A0fTr +88aiHOth5aS0vPAoq+3TYn6JDSipf2bR03G2JVwgj3Iu066pX4naivNm8wCgldHG +F3y9vT3UPYh3QFgEUlCalt0D/3n6NopRYy0hMN6BPu+NarXwv6NQ9g0GV5FNjEEr +igkrD/htqCyWAUl8zyCKKUFZZx4UGBRZ5guCdNzwgYH3yn3aVMhJYQ6tcSlLsj3f +JIz4LAZ3+rI77rbn7gHHdp7CSAuV+QHv3aNanUD/KGz5SPSvF4w+5qRM4PfPNT1h +LMV8BACzxiyX7vzeE4ZxNYvcuCtv0mvEHl9yD66NFA35RvXaO0QiRVYeoUa5JOQZ +gwq+fIB0zgsEYDhXFkC1hM/QL4NccMRk8C09nFn4eiz4dAEnwKt4rLCJKhkLl1DW +TSoXHe/dOXaLnFyLzB1J8hEYmUvw3SwPt//wMqDiVBLeZfFcdLQwU2xhY2t3YXJl +IExpbnV4IFByb2plY3QgPHNlY3VyaXR5QHNsYWNrd2FyZS5jb20+iF8EExECAB8F +Aj5dIFQFCRJ3owAECwcDAgMVAgMDFgIBAh4BAheAAAoJEGpEY8BAECIzee0An3My +boalJ5nLePD0HCzMuf8Ix8gPAJ9lnU1wqNVGza0t89ACTurDoppQ2rkBDQQ+XSBV +EAQA3VYlpPyRKdOKoM6t1SwNG0YgVFSvxy/eiratBf7misDBsJeH86Pf8H9OfVHO +cqscLiC+iqvDgqeTUX9vASjlnvcoS/3H5TDPlxiifIDggqd2euNtJ8+lyXRBV6yP +sBIA6zki9cR4zphe48hKpSsDfj7uL5sfyc2UmKKboSu3x7cAAwUD/1jmoLQs9bIt +bTosoy+5+Uzrl0ShRlv+iZV8RPzAMFuRJNxUJkUmmThowtXRaPKFI9AVd+pP44aA +J+zxCPtS2isiW20AxubJoBPpXcVatJWi4sG+TM5Z5VRoLg7tIDNVWsyHGXPAhIG2 +Y8Z1kyWwb4P8A/W2b1ZCqS7Fx4yEhTikiEwEGBECAAwFAj5dIFUFCRJ3owAACgkQ +akRjwEAQIjM1uwCdE7V4mPCqdby/nV699NxKX0iW/OsAniaVhEip8Ptff74Sv4JV +tb+Sth2l +=H5uu +-----END PGP PUBLIC KEY BLOCK----- + +slamd64 public key + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.2.6 (GNU/Linux) + +mQGiBELKSBYRBACiElxGMXqxUwdsQBKPngV6/k0Q5AYT34+WLL0B7XRR9kOotCfc +PTLCP5qLM9etpzKhbMbgWGpaBrA/3KEPOJ7JVhk6JcLgjoi0QsMusaI4BGnmrxkw +3mh9xPwc+jPgiYOljbZhNG6FMQtrdlKYV+BmwS8mt/YBymShghtlgdHJjwCg/PAG +YJDsfoG1ebuwcjYlsGoD2x0EAJX7UnTdxxESvmIuk172MunZqw+o8+o/W684z13/ +wOkcVqvuAcd0ejuY0z09GFfyhtig8E55UcKNyVC50+3aJUXlt9//HnENHZo+OEN1 +ezbOXUcJIw8xkU551qaxubqWXtKYEJP9z/khVPe4N0JW2vWOcAFYhuOEx1ylaNrX +gUY4BACDpn+pntq0ooZqkSPT4v1ibOQg/3xh2F1PgsnOahMRrXbVEdL9ItsVnHM/ +ygHBjLhkEMd612nVVSw1BYMBAwQbsYB8Lgn1QxXl0ISBYR1RYW1LvyaJM6A6TDL+ +EdWp+iTtlKOe/VD+oCfHmMONoucZJM2AtK1vXTX3x4Wb4MgVdLQoRnJlZGVyaWNr +IEVtbW90dCA8bWFpbEBmcmVkZW1tb3R0LmNvLnVrPohkBBMRAgAkBQJCykgWAhsD +BQkDwmcABgsJCAcDAgMVAgMDFgIBAh4BAheAAAoJEAd5Da1T/acLGfIAoOqIHrg4 +r2pq/tKi9VifOJS1xg4LAKDpi0I0pzsdDJ2owxCQ88MkoSDKgohMBBARAgAMBQJD +Ed/tBYMDes8pAAoJEFgpV1AFAIOLprQAnRDVVmDPnzVNOWrZ8D55gG2bOwkxAKCl +dGThnu0aQ0IEL7MgUETGtk4hS4iiBBABAgAMBQJDEdpDBYMDetTTAAoJEJugaRW/ +hasxqCwEAKczPTgOrRXXTs4piB14DayJQVgoqVgiNfKzd5qVuvQgYebQrMu7hi5U +0q/n6TbQpjmMDZKxhXhEY1gs32mtzKKDrerTpF+pJAgQVvBLZS2mF4HbVnU74GvL +2UKJtEtgb9u+i1Efd4Q8GIJUzLLJifURQWTk1e3B9qGApKXpWJlviEwEEBECAAwF +AkMR75MFgwN6v4MACgkQTqjEwhXvPN1j7gCbBXZs9MM6YXGI/yTlEhiXyTECxm8A +nj6O1XszSa5kaD7CvnRFzNkm5O5MiEwEEBECAAwFAkMR79UFgwN6v0EACgkQoLYC +8AehV8eLBQCgv8WEdBtFjTh3Wl06WK5dKCw0nHsAn0IIHRbJC5jO4NWrIpupBMnz +3fBsiEwEExECAAwFAkMR9ggFgwN6uQ4ACgkQR+ny47i1wzAfZQCfRACyfYBxs+tu +6OzpLP2DGjEaa1UAnj4MVMH32f/34oN6o9dPKPT8HXWziEwEExECAAwFAkMR9vcF +gwN6uB8ACgkQB0u7y43syeIaogCfVy7lqRjRDbttJs1u1g3FekdbJ1kAnRo726tA +u8Xf+JWD3OrmMo0Uup3giEwEEBECAAwFAkMR+qgFgwN6tG4ACgkQfWXW5We1ioQk +tgCePGa3NpcfEWb8drmO95Mp1C+FaBIAoNEqA89xUvTIpqooucTzFxgAupVgiEwE +EBECAAwFAkMSF+UFgwN6lzEACgkQ/lREvmcCFhscDQCgnMxf4Nmu3B41GWupTWxb +9b+te5sAoIiTZHzOSKtqN4cJ2i22iP/vZPt4iEwEEBECAAwFAkMULeAFgwN4gTYA +CgkQsxZ93p+gHn6bcACgwY/5ZpvvEK+eycM5XNQhVI6w4j8An0JoXlFaGStIzUmW +42obaW6CG4WViEYEExECAAYFAkMUZuAACgkQGnR+RTDgudhG1QCeJelEhnX/3JeW +S5BaM7640suSeLQAnA2RDMH4zIJLI4MWEXBAvaA0lSr7iEwEEBECAAwFAkMUP8gF +gwN4b04ACgkQM/XwBW70U1iAOwCgmah/GnZikIhyeFr6KsKpsmZCQTQAn3Vs7JZm +w4qBLiI+RXxw7vIJlI4AiEwEEBECAAwFAkMUZ9EFgwN4R0UACgkQ72KcVAmwbhAC +FACgiNqao9mzAWZBjIY7iiqz34gbK/QAn34F1bLAb0sHKiSUcFkVi/uZ8R0viEwE +EBECAAwFAkMWFj8FgwN2mNcACgkQn3j4POjENGF+UgCeM+mEKW5+MjNN17QCAvZi +cBVJEHMAn14YyvdSIwBBFUNPWYOw7GwYyAhHiEwEEBECAAwFAkMXW0cFgwN1U88A +CgkQTxqZjtpq5iG4PwCfe2ymOYh5t+bEZGGCtJg3sWJ5hHYAmQGS+jGWcTMlXSe+ +65o/aPfLUkMQuQINBELKSCgQCADjG+pX7C0sRIkX1QQ6lFW3IrajWypXtd4jO1TA +dlLFES7OxF202V15+TRtL9NO34x7u6RPTnF7wi/i2U1dqM9ZjrFcTJA17Y7+OLH+ +yw64/5OJapUi48qI7hnLRTPykz0c+b92pUt1X/BIWmf301jbZ0AbFZV4yvm1OUH4 +wrGLLFeATjiBWTcJarRiR89DzQ/Cm+c791WXdIhEvv5Vp4/d8HzGZhEUVKTCoA3e +Z8ZIdJoy/d7FYfyeg836UDXEqr598n2p9DxMwkRj5oHINB64CrQuKr7zDdP8Zv2g +vKkjeS4mN+07saWK3UTY5ADByNVHSu+P0LZYPhxjze7KOVjHAAUTCACa5ohR/7/N +x2M2OB9VPAwQPjAFNst6fPotcFLDy5Q/jlbBcDNf1OdzgkE/06z7iPGRmIJL6flz +QZH+hYwDqjulVVtPQXiZMVGvlfC9YIAdJX/1Ca2L9mL4c4IBQbFNkSlgkLaPTwUJ +BD2PnA+q+ERy39UANhIR/LVGltK1krDds8CwbxMSYNFvFgf4dmh6GzI5ioByDoTM +8ShfS2GjAekviNVLsGC5UWKuQl/XVaC/j7CTAT7WbikfXWI2uonFBx47vjf2UaPa +E0HnAVwDY0cAZeaObpDKvyogsf8H4CzK9JCKtW9aTUpKurEpyHfcKqB07GMLC/+Q +QiA3bFmrSaTRiE8EGBECAA8FAkLKSCgCGwwFCQPCZwAACgkQB3kNrVP9pwsejwCg +gaQm6lU/H7ja0EUaJJFZnRoqRvAAnRK8CC4PIr/ZYDjd+aeS3R31FjGr +=D1wm +-----END PGP PUBLIC KEY BLOCK----- diff --git a/trunk/templates/vserver-legacy/vserver-legacy.s/devices.tar.gz b/trunk/templates/vserver-legacy/vserver-legacy.s/devices.tar.gz new file mode 100644 index 0000000..992ba79 Binary files /dev/null and b/trunk/templates/vserver-legacy/vserver-legacy.s/devices.tar.gz differ diff --git a/trunk/templates/vserver-legacy/vserver-legacy.s/skel.conf b/trunk/templates/vserver-legacy/vserver-legacy.s/skel.conf new file mode 100644 index 0000000..73985d3 --- /dev/null +++ b/trunk/templates/vserver-legacy/vserver-legacy.s/skel.conf @@ -0,0 +1,70 @@ +if [ "" = "" ] ; then +PROFILE=prod +fi +# Select the IP number assigned to the virtual server +# This IP must be one IP of the server, either an interface +# or an IP alias +# A vserver may have more than one IP. Separate them with spaces. +# do not forget double quotes. +# Some examples: +# IPROOT="1.2.3.4 2.3.4.5" +# IPROOT="eth0:1.2.3.4 eth1:2.3.4.5" +# If the device is not specified, IPROOTDEV is used +case $PROFILE in +prod) +#IPROOT=143.106.35.156 +IPROOT="eth0:192.168.0.1" +# The netmask and broadcast are computed by default from IPROOTDEV +#IPROOTMASK= +#IPROOTBCAST= +# You can define on which device the IP alias will be done +# The IP alias will be set when the server is started and unset +# when the server is stopped +#IPROOTDEV=eth0 +# You can set a different host name for the vserver +# If empty, the host name of the main server is used +S_HOSTNAME=skel +;; +backup) +IPROOT=1.2.3.4 +#IPROOTMASK= +#IPROOTBCAST= +#IPROOTDEV=eth0 +S_HOSTNAME= +;; +esac +# Uncomment the onboot line if you want to enable this +# virtual server at boot time +#ONBOOT=yes +# You can set a different NIS domain for the vserver +# If empty, the current on is kept +# Set it to "none" to have no NIS domain set +S_DOMAINNAME= +# You can set the priority level (nice) of all process in the vserver +# Even root won't be able to raise it +S_NICE= +# You can set various flags for the new security context +# lock: Prevent the vserver from setting new security context +# sched: Merge scheduler priority of all processes in the vserver +# so that it acts a like a single one. +# nproc: Limit the number of processes in the vserver according to ulimit +# (instead of a per user limit, this becomes a per vserver limit) +# private: No other process can join this security context. Even root +# Do not forget the quotes around the flags +S_FLAGS="lock nproc" +# You can set various ulimit flags and they will be inherited by the +# vserver. You enter here various command line argument of ulimit +# ULIMIT="-HS -u 200" +# The example above, combined with the nproc S_FLAGS will limit the +# vserver to a maximum of 200 processes +ULIMIT="-HS -u 1000" +# You can set various capabilities. By default, the vserver are run +# with a limited set, so you can let root run in a vserver and not +# worry about it. He can't take over the machine. In some cases +# you can to give a little more capabilities (such as CAP_NET_RAW) +# S_CAPS="CAP_NET_RAW" +S_CAPS="CAP_SETGID" +# Select an unused context (this is optional) +# The default is to allocate a free context on the fly +# In general you don't need to force a context +#S_CONTEXT= diff --git a/trunk/templates/vserver-legacy/vserver-legacy.s/vserver-legacy.sh b/trunk/templates/vserver-legacy/vserver-legacy.s/vserver-legacy.sh new file mode 100644 index 0000000..4ce8a4b --- /dev/null +++ b/trunk/templates/vserver-legacy/vserver-legacy.s/vserver-legacy.sh @@ -0,0 +1,49 @@ +#!/bin/bash +# +# legacy vserver template +# + +BASE="/etc/simplepkg/templates/vserver-legacy/vserver-legacy.s/" +DEVICES="$BASE/devices.tar.gz" +GPGKEY="$BASE/GPG-KEY" +SKEL="$BASE/skel.conf" + +if [ -z "$2" ]; then + echo "usage: `basename $0` " + exit 1 +elif [ ! -d "$1/$2" ]; then + echo "folder $1/$2 does not exist" + exit 1 +fi + +cp /etc/resolv.conf $1/$2/etc/ +cp /etc/localtime $1/$2/etc/ +echo /dev/hdv1 / ext2 defaults 1 1 > $1/$2/etc/fstab +echo /dev/hdv1 / ext2 rw 0 0 > $1/$2/etc/mtab + +echo "creating devices and dependencies" +if [ -f "$DEVICES" ]; then + cd $1/$2/ + tar zxvf $DEVICES + chroot $1/$2/ sbin/ldconfig +else + echo error: device template $DEVICES not found +fi + +if [ -f "$SKEL" ]; then + echo "creating /etc/vservers/$2.conf" + mkdir -p /etc/vservers + cp $SKEL /etc/vservers/$2.conf +else + echo error: config file template $SKEL not found +fi + +if [ -f "$GPGKEY" ]; then + echo "importing slack gpg pubkey" + mkdir $1/$2/root/.gnupg + gpg --homedir $1/$2/root/.gnupg --import $GPGKEY +fi + +echo "done; now edit /etc/vservers/$2.conf" +echo "then, set all desired iptables rules and start $server vserver" +echo "dont forget to change root's password with the command "vserver $2 exec passwd"" -- cgit v1.2.3