Also: disable the interactive part of ovmd so ol5,6 containers won't
hang if started for the first time with -d. Don't let containers do rawio,
or have access to /dev/rtc0, they can mess up the hosts system clock among
other things.
Signed-off-by: Dwight Engen <dwight.en...@oracle.com>
---
templates/lxc-oracle.in | 123 ++++++++++++++++++++++++++++++++----------------
1 file changed, 83 insertions(+), 40 deletions(-)
diff --git a/templates/lxc-oracle.in b/templates/lxc-oracle.in
index f325282..3242dc4 100644
--- a/templates/lxc-oracle.in
+++ b/templates/lxc-oracle.in
@@ -49,7 +49,7 @@ is_btrfs_subvolume()
# fix up the container_rootfs
container_rootfs_configure()
{
- echo "Configuring container for Oracle Linux $container_release_major"
+ echo "Configuring container for Oracle Linux
$container_release_major.$container_release_minor"
# "disable" selinux. init in OL 5 honors /etc/selinux/config. note that
# this doesnt actually disable it if it's enabled in the host, since
@@ -88,6 +88,11 @@ NETWORKING_IPV6=no
HOSTNAME=$name
EOF
+ # disable interactive ovmd asking questions
+ if [ -f $container_rootfs/etc/sysconfig/ovmd ]; then
+ sed -i 's|INITIAL_CONFIG=yes|INITIAL_CONFIG=no|'
$container_rootfs/etc/sysconfig/ovmd
+ fi
+
# set minimal hosts
echo "127.0.0.1 localhost $name" > $container_rootfs/etc/hosts
@@ -119,23 +124,46 @@ EOF
sed -i 's|READAHEAD="yes"|READAHEAD="no"|'
$container_rootfs/etc/sysconfig/readahead
fi
+ if [ $container_release_major = "4" ]; then
+ # enable fastboot always
+ sed -i 's|\[ -f /fastboot \]|/bin/true|'
$container_rootfs/etc/rc.sysinit
+ sed -i 's|\[ -f /fastboot \]|/bin/true|'
$container_rootfs/etc/rc.d/rc.sysinit
+
+ # dont attempt to set kernel parameters
+ sed -i 's|action $"Configuring kernel parameters|# LXC action
$"Configuring kernel parameters|' $container_rootfs/etc/rc.sysinit
+ sed -i 's|action $"Configuring kernel parameters|# LXC action
$"Configuring kernel parameters|' $container_rootfs/etc/rc.d/rc.sysinit
+ sed -i 's|action $"Setting network parameters|# LXC action $"Setting
network parameters|' $container_rootfs/etc/init.d/network
+ sed -i 's|action $"Setting network parameters|# LXC action $"Setting
network parameters|' $container_rootfs/etc/init.d/NetworkManager
+ fi
+
# disable udev in the container
- sed -i 's|.sbin.start_udev||' $container_rootfs/etc/rc.sysinit
- sed -i 's|.sbin.start_udev||' $container_rootfs/etc/rc.d/rc.sysinit
+ if [ $container_release_major = "4" ]; then
+ sed -i 's|\[ -x /sbin/start_udev \]|# LXC no udev|'
$container_rootfs/etc/rc.sysinit
+ sed -i 's|\[ -x /sbin/start_udev \]|# LXC no udev|'
$container_rootfs/etc/rc.d/rc.sysinit
+ else
+ sed -i 's|.sbin.start_udev||' $container_rootfs/etc/rc.sysinit
+ sed -i 's|.sbin.start_udev||' $container_rootfs/etc/rc.d/rc.sysinit
+ fi
# disable nash raidautorun in the container since no /dev/md*
- if [ $container_release_major = "5" ]; then
+ if [ $container_release_major = "4" -o $container_release_major = "5" ];
then
sed -i 's|echo "raidautorun /dev/md0"|echo ""|'
$container_rootfs/etc/rc.sysinit
sed -i 's|echo "raidautorun /dev/md0"|echo ""|'
$container_rootfs/etc/rc.d/rc.sysinit
fi
# prevent rc.sysinit from attempting to loadkeys
- if [ $container_release_major = "5" -a -e
$container_rootfs/etc/sysconfig/keyboard ]; then
+ if [ \( $container_release_major = "4" -o $container_release_major = "5"
\) -a -e $container_rootfs/etc/sysconfig/keyboard ]; then
rm $container_rootfs/etc/sysconfig/keyboard
fi
- # dont try to sync the hwclock at shutdown
- sed -i 's|\[ -x /sbin/hwclock|\[ 0 -eq 1|'
$container_rootfs/etc/rc.d/init.d/halt
+ # dont use the hwclock, it messes up the host's time
+ if [ $container_release_major = "4" ]; then
+ sed -i 's|runcmd $"Syncing hardware clock|# LXC no hwclock runcmd
$"Syncing hardware clock|' $container_rootfs/etc/rc.d/init.d/halt
+ else
+ sed -i 's|\[ -x /sbin/hwclock|\[ 0 -eq 1|'
$container_rootfs/etc/rc.d/init.d/halt
+ fi
+ sed -i 's|/sbin/hwclock|# LXC no hwclock /sbin/hwclock|'
$container_rootfs/etc/rc.sysinit
+ sed -i 's|/sbin/hwclock|# LXC no hwclock /sbin/hwclock|'
$container_rootfs/etc/rc.d/rc.sysinit
# dont start lvm
sed -i 's|action $"Setting up Logical Volume Management:"|#action
$"Setting up Logical Volume Management:"|' $container_rootfs/etc/rc.sysinit
@@ -168,7 +196,7 @@ EOF
sed -i 's|&& $1 !~ /^\\/dev\\/ram/|\&\& $2 !~ /^\\/dev\\/lxc/ \&\& $1 !~
/^\\/dev\\/ram/|' $container_rootfs/etc/init.d/halt
# start a getty on /dev/console, /dev/tty[1-4]
- if [ $container_release_major = "5" ]; then
+ if [ $container_release_major = "4" -o $container_release_major = "5" ];
then
sed -i '/1:2345:respawn/i cns:2345:respawn:/sbin/mingetty console'
$container_rootfs/etc/inittab
sed -i '/5:2345:respawn/d' $container_rootfs/etc/inittab
sed -i '/6:2345:respawn/d' $container_rootfs/etc/inittab
@@ -193,10 +221,10 @@ EOF
# some of these might not exist in the image, so we silence chkconfig
complaining
# about the service file not being found
for service in \
- acpid auditd autofs cpuspeed dund gpm haldaemon hidd \
- ip6tables irqbalance iscsi iscsid isdn kdump kudzu \
- lm_sensors lvm2-monitor mdmonitor microcode_ctl \
- ntpd postfix sendmail udev-post ;
+ acpid apmd auditd autofs cpuspeed dund gpm haldaemon hidd \
+ ip6tables irqbalance iscsi iscsid isdn kdump kudzu \
+ lm_sensors lvm2-monitor mdmonitor microcode_ctl
\
+ ntpd pcmcia postfix sendmail udev-post xfs ;
do
chroot $container_rootfs chkconfig 2>/dev/null $service off
done
@@ -238,7 +266,7 @@ EOF
rm -f $container_rootfs/var/log/messages
# add oracle user, set root password
- chroot $container_rootfs useradd --create-home -s /bin/bash oracle
+ chroot $container_rootfs useradd -m -s /bin/bash oracle
echo "oracle:oracle" | chroot $container_rootfs chpasswd
echo "root:root" | chroot $container_rootfs chpasswd
echo -e "Added container user:\033[1moracle\033[0m
password:\033[1moracle\033[0m"
@@ -256,7 +284,7 @@ container_config_create()
sed 's/\(..\)/\1:/g; s/.$//'`"
mkdir -p $cfg_dir || die "unable to create config dir $cfg_dir"
cat <<EOF >> $cfg_dir/config || die "unable to create $cfg_dir/config"
-# Container configuration for Oracle Linux $release_major.$release_minor
+# Container configuration for Oracle Linux
$container_release_major.$container_release_minor
lxc.arch = $arch
lxc.utsname = $name
lxc.devttydir = lxc
@@ -264,6 +292,7 @@ lxc.tty = 4
lxc.pts = 1024
lxc.rootfs = $container_rootfs
lxc.mount = $cfg_dir/fstab
+lxc.cap.drop = sys_rawio
# Networking
EOF
@@ -291,7 +320,6 @@ lxc.cgroup.devices.allow = c 1:8 rwm # /dev/random
lxc.cgroup.devices.allow = c 1:9 rwm # /dev/urandom
lxc.cgroup.devices.allow = c 136:* rwm # /dev/tty[1-4] ptys and lxc console
lxc.cgroup.devices.allow = c 5:2 rwm # /dev/ptmx pty master
-lxc.cgroup.devices.allow = c 254:0 rwm # /dev/rtc0
EOF
cat <<EOF > $cfg_dir/fstab || die "unable to create $cfg_dir/fstab"
@@ -317,7 +345,7 @@ container_rootfs_clone()
container_rootfs_create()
{
cmds="rpm wget yum"
- if [ $release_major = "5" ]; then
+ if [ $container_release_major = "5" ]; then
if [ $host_distribution = "Ubuntu" ]; then
db_dump_cmd="db5.1_dump"
db_load_cmd="db4.3_load"
@@ -344,16 +372,16 @@ container_rootfs_create()
die "The template is busy."
fi
- echo "Downloading release $release_major.$release_minor for $basearch"
+ echo "Downloading release
$container_release_major.$container_release_minor for $basearch"
# get yum repo file
public_yum_url=http://public-yum.oracle.com
- if [ $release_major = "5" ]; then
+ if [ $container_release_major = "5" ]; then
repofile=public-yum-el5.repo
- elif [ $release_major = "6" ]; then
+ elif [ $container_release_major = "6" ]; then
repofile=public-yum-ol6.repo
else
- die "Unsupported release $release_major"
+ die "Unsupported release $container_release_major"
fi
mkdir -p $container_rootfs/etc/yum.repos.d
wget -q $public_yum_url/$repofile -O
$container_rootfs/etc/yum.repos.d/$repofile
@@ -371,16 +399,16 @@ container_rootfs_create()
fi
# disable all repos, then enable the repo for the version we are
installing.
- if [ $release_minor = "latest" ]; then
- if [ $release_major = "5" ]; then
- repo="el"$release_major"_"$release_minor
+ if [ $container_release_minor = "latest" ]; then
+ if [ $container_release_major = "5" ]; then
+ repo="el"$container_release_major"_"$container_release_minor
else
- repo="ol"$release_major"_"$release_minor
+ repo="ol"$container_release_major"_"$container_release_minor
fi
- elif [ $release_minor = "0" ]; then
- repo="ol"$release_major"_ga_base"
+ elif [ $container_release_minor = "0" ]; then
+ repo="ol"$container_release_major"_ga_base"
else
- repo="ol"$release_major"_u"$release_minor"_base"
+
repo="ol"$container_release_major"_u"$container_release_minor"_base"
fi
sed -i "s|enabled=1|enabled=0|"
$container_rootfs/etc/yum.repos.d/$repofile
sed -i "/\[$repo\]/,/\[/ s/enabled=0/enabled=1/"
$container_rootfs/etc/yum.repos.d/$repofile
@@ -401,7 +429,7 @@ container_rootfs_create()
# that coreutils is installed, reinstall the packages so their POSTIN
# runs right. similarly, libutempter depends on libselinux.so.1 when
# it runs /usr/sbin/groupadd, so reinstall it too
- if [ $release_major = "5" ]; then
+ if [ $container_release_major = "5" ]; then
rpm --root $container_rootfs --nodeps -e rsyslog pam libutempter
$yum_cmd install rsyslog pam libutempter
if [ $? -ne 0 ]; then
@@ -419,7 +447,7 @@ container_rootfs_create()
# downgrade it to Hash version 8 for use with OL5.x
db_version=`file $container_rootfs/var/lib/rpm/Packages | \
grep -o 'version [0-9]*' |awk '{print $2}'`
- if [ $release_major = "5" -a $db_version != "8" ]; then
+ if [ $container_release_major = "5" -a $db_version != "8" ]; then
echo "Fixing (downgrading) rpm database from version $db_version"
rm -f $container_rootfs/var/lib/rpm/__db*
for db in $container_rootfs/var/lib/rpm/* ; do
@@ -436,6 +464,22 @@ container_rootfs_create()
) 200>@LOCALSTATEDIR@/lock/subsys/lxc-oracle-$name
}
+container_release_get()
+{
+ if [ -f $1/etc/oracle-release ]; then
+ container_release_version=`cat $1/etc/oracle-release |awk '/^Oracle/
{print $5}'`
+ container_release_major=`echo $container_release_version |awk -F '.'
'{print $1}'`
+ container_release_minor=`echo $container_release_version |awk -F '.'
'{print $2}'`
+ elif grep -q Nahant $1/etc/redhat-release; then
+ container_release_major=`cat $1/etc/redhat-release |awk '{print $7}'`
+ container_release_minor=`cat $1/etc/redhat-release |awk '{print $10}'
|tr -d ")"`
+
container_release_version="$container_release_major.$container_release_minor"
+ else
+ echo "Unable to determine container release version"
+ exit 1
+ fi
+}
+
usage()
{
cat <<EOF
@@ -465,7 +509,7 @@ do
-p|--path) cfg_dir=$2; shift 2;;
-n|--name) name=$2; shift 2;;
-a|--arch) arch=$2; shift 2;;
- -R|--release) release_version=$2; shift 2;;
+ -R|--release) container_release_version=$2; shift 2;;
-u|--url) repourl=$2; shift;;
-t|--templatefs) template_rootfs=$2; shift 2;;
--) shift 1; break ;;
@@ -505,14 +549,15 @@ fi
container_rootfs="$cfg_dir/rootfs"
if [ -n "$template_rootfs" ]; then
- release_version=`cat $template_rootfs/etc/oracle-release |awk '/^Oracle/
{print $5}'`
-fi
-if [ -z "$release_version" ]; then
- echo "No release specified with -R, defaulting to 6.3"
- release_version="6.3"
+ container_release_get $template_rootfs
+else
+ if [ -z "$container_release_version" ]; then
+ echo "No release specified with -R, defaulting to 6.3"
+ container_release_version="6.3"
+ fi
+ container_release_major=`echo $container_release_version |awk -F '.'
'{print $1}'`
+ container_release_minor=`echo $container_release_version |awk -F '.'
'{print $2}'`
fi
-release_major=`echo $release_version |awk -F '.' '{print $1}'`
-release_minor=`echo $release_version |awk -F '.' '{print $2}'`
if which lsb_release >/dev/null 2>&1; then
host_distribution=`lsb_release --id |awk '{print $3}'`
@@ -546,9 +591,7 @@ else
container_rootfs_create
fi
-container_release_version=`cat $container_rootfs/etc/oracle-release |awk
'/^Oracle/ {print $5}'`
-container_release_major=`echo $container_release_version |awk -F '.' '{print
$1}'`
-container_release_minor=`echo $container_release_version |awk -F '.' '{print
$2}'`
+container_release_get $container_rootfs
container_rootfs_configure
--
1.7.11.7
------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
