OpenVZ post-copy

#!/bin/bash

#
#  Changes after copying server/VM to configure containers
#


[[ ! ("$#" == 1 && -n "$1") ]] && echo "Only 1 argument required, $# provided" && exit 1;

[[ ! $1 =~ ^[0-9]+$ ]] && echo "Container ID has to be numeric, '$1' provided. Please provide a numeric argument and try again" && exit 1;


if [ `whoami` = root ]
then
    echo Configuring Container $1....
    # ttys/pttys and mounts
    sed -i -e 's/^[0-9].*getty.*tty/#&/g'  /vz/private/$1/etc/inittab
    echo "none /dev/pts devpts rw 0 0" > /vz/private/$1/etc/fstab
    ln -sf /proc/mounts /vz/private/$1/etc/mtab

    # Start afresh
    rm -rf /vz/private/$1/dev /vz/private/$1/mnt /vz/private/$1/proc /vz/private/$1/sys /vz/private/$1/tmp /vz/private/$1/dev/pts /vz/private/$1/etc/udev/devices /vz/private/$1/var/tmp

    # create dev tmp sys proc. Note: if  /vz/private/$1/var/tmp doesn't exist network inside CT wont start
    mkdir  -p /vz/private/$1/dev /vz/private/$1/mnt /vz/private/$1/proc /vz/private/$1/sys /vz/private/$1/tmp /vz/private/$1/dev/pts /vz/private/$1/etc/udev/devices /vz/private/$1/var/tmp

    # udev
    /sbin/MAKEDEV -d /vz/private/$1/dev -x {p,t}ty{a,p}{0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f} console core full kmem kmsg mem null port ptmx random urandom zero ram0
    /sbin/MAKEDEV -d /vz/private/$1/etc/udev/devices -x {p,t}ty{a,p}{0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f} console core full kmem kmsg mem null port ptmx random urandom zero ram0
    [[ `egrep -e "sbin/MAKEDEV pty|sbin/MAKEDEV tty|sbin/MAKEDEV urandom" /vz/private/$1/etc/rc.d/rc.local | wc -l` -ne 3  ]] &&  echo -e "\n/sbin/MAKEDEV pty\n/sbin/MAKEDEV tty\n/sbin/MAKEDEV urandom" >> /vz/private/$1/etc/rc.d/rc.local

    # tmp folders
    chmod 1777 /vz/private/$1/tmp
    chmod 1777 /vz/private/$1/var/tmp

    # disable iptables module. If a modules is needed first load on host and then inside CT
    sed -i -e 's/^IPTABLES_MODULES="\(.*\)"/IPTABLES_MODULES=""/g' /vz/private/$1/etc/sysconfig/iptables-config

    # disable SSH root login
    sed -i -e 's/^PermitRootLogin yes/#PermitRootLogin yes/g'  -e 's/^#PermitRootLogin no/PermitRootLogin no/g'  /vz/private/$1/etc/ssh/sshd_config

    # disable ipv6
    sed -i -e 's/^NETWORKING_IPV6=yes/NETWORKING_IPV6=no/g'  -e 's/^NETWORKING_IPV6="yes"/NETWORKING_IPV6="no"/g'  /vz/private/$1/etc/sysconfig/network
    [[ `egrep -e "blacklist ipv6|blacklist net-pf-10" /vz/private/$1/etc/modprobe.d/blacklist | wc -l` -ne 2  && -e /vz/private/$1/etc/modprobe.d/blacklist ]] &&  echo -e "blacklist ipv6\nblacklist net-pf-10" >> /vz/private/$1/etc/modprobe.d/blacklist

    # disable ethx (if using venet0)
    # ls /vz/private/$1/etc/sysconfig/network-scripts/ifcfg-eth*| xargs sed -ie 's/ONBOOT=yes/ONBOOT=no/g'
    [[ `ls /vz/private/$1/etc/sysconfig/network-scripts/ | egrep if'(down|up)'-venet  | wc -l` -ge 1 ]] && ls /vz/private/$1/etc/sysconfig/network-scripts/ | egrep if'(down|up)'-venet | xargs rm

    # add eth0 interface to the CT
    vzctl set $1 --netif_add eth0 --save
    echo -e "DEVICE=veth$1.0\nONBOOT=yes\nBRIDGE=br0" > /etc/sysconfig/network-scripts/ifcfg-veth$1.0

    # Start CT, enable veth and allow dns traffic inside CT
    vzctl start $1
    ifconfig veth$i.0 0
    vzctl exec  $1 iptables -I RH-Firewall-1-INPUT -p udp -m udp --dport 53 -j ACCEPT
else
    echo 'Need to be "root" to execute this script'
fi