On 12/14/2012 03:38 PM, Dwight Engen wrote: > Also: disable the interactive part of ovmd so ol5,6 containers won't > hang if started for the first time with -d. Don't let containers do rawio, > or have access to /dev/rtc0, they can mess up the hosts system clock among > other things. > > Signed-off-by: Dwight Engen <dwight.en...@oracle.com>
Acked-by: Stéphane Graber <stgra...@ubuntu.com>
> ---
> templates/lxc-oracle.in | 123
> ++++++++++++++++++++++++++++++++----------------
> 1 file changed, 83 insertions(+), 40 deletions(-)
>
> diff --git a/templates/lxc-oracle.in b/templates/lxc-oracle.in
> index f325282..3242dc4 100644
> --- a/templates/lxc-oracle.in
> +++ b/templates/lxc-oracle.in
> @@ -49,7 +49,7 @@ is_btrfs_subvolume()
> # fix up the container_rootfs
> container_rootfs_configure()
> {
> - echo "Configuring container for Oracle Linux $container_release_major"
> + echo "Configuring container for Oracle Linux
> $container_release_major.$container_release_minor"
>
> # "disable" selinux. init in OL 5 honors /etc/selinux/config. note that
> # this doesnt actually disable it if it's enabled in the host, since
> @@ -88,6 +88,11 @@ NETWORKING_IPV6=no
> HOSTNAME=$name
> EOF
>
> + # disable interactive ovmd asking questions
> + if [ -f $container_rootfs/etc/sysconfig/ovmd ]; then
> + sed -i 's|INITIAL_CONFIG=yes|INITIAL_CONFIG=no|'
> $container_rootfs/etc/sysconfig/ovmd
> + fi
> +
> # set minimal hosts
> echo "127.0.0.1 localhost $name" > $container_rootfs/etc/hosts
>
> @@ -119,23 +124,46 @@ EOF
> sed -i 's|READAHEAD="yes"|READAHEAD="no"|'
> $container_rootfs/etc/sysconfig/readahead
> fi
>
> + if [ $container_release_major = "4" ]; then
> + # enable fastboot always
> + sed -i 's|\[ -f /fastboot \]|/bin/true|'
> $container_rootfs/etc/rc.sysinit
> + sed -i 's|\[ -f /fastboot \]|/bin/true|'
> $container_rootfs/etc/rc.d/rc.sysinit
> +
> + # dont attempt to set kernel parameters
> + sed -i 's|action $"Configuring kernel parameters|# LXC action
> $"Configuring kernel parameters|' $container_rootfs/etc/rc.sysinit
> + sed -i 's|action $"Configuring kernel parameters|# LXC action
> $"Configuring kernel parameters|' $container_rootfs/etc/rc.d/rc.sysinit
> + sed -i 's|action $"Setting network parameters|# LXC action $"Setting
> network parameters|' $container_rootfs/etc/init.d/network
> + sed -i 's|action $"Setting network parameters|# LXC action $"Setting
> network parameters|' $container_rootfs/etc/init.d/NetworkManager
> + fi
> +
> # disable udev in the container
> - sed -i 's|.sbin.start_udev||' $container_rootfs/etc/rc.sysinit
> - sed -i 's|.sbin.start_udev||' $container_rootfs/etc/rc.d/rc.sysinit
> + if [ $container_release_major = "4" ]; then
> + sed -i 's|\[ -x /sbin/start_udev \]|# LXC no udev|'
> $container_rootfs/etc/rc.sysinit
> + sed -i 's|\[ -x /sbin/start_udev \]|# LXC no udev|'
> $container_rootfs/etc/rc.d/rc.sysinit
> + else
> + sed -i 's|.sbin.start_udev||' $container_rootfs/etc/rc.sysinit
> + sed -i 's|.sbin.start_udev||' $container_rootfs/etc/rc.d/rc.sysinit
> + fi
>
> # disable nash raidautorun in the container since no /dev/md*
> - if [ $container_release_major = "5" ]; then
> + if [ $container_release_major = "4" -o $container_release_major = "5" ];
> then
> sed -i 's|echo "raidautorun /dev/md0"|echo ""|'
> $container_rootfs/etc/rc.sysinit
> sed -i 's|echo "raidautorun /dev/md0"|echo ""|'
> $container_rootfs/etc/rc.d/rc.sysinit
> fi
>
> # prevent rc.sysinit from attempting to loadkeys
> - if [ $container_release_major = "5" -a -e
> $container_rootfs/etc/sysconfig/keyboard ]; then
> + if [ \( $container_release_major = "4" -o $container_release_major = "5"
> \) -a -e $container_rootfs/etc/sysconfig/keyboard ]; then
> rm $container_rootfs/etc/sysconfig/keyboard
> fi
>
> - # dont try to sync the hwclock at shutdown
> - sed -i 's|\[ -x /sbin/hwclock|\[ 0 -eq 1|'
> $container_rootfs/etc/rc.d/init.d/halt
> + # dont use the hwclock, it messes up the host's time
> + if [ $container_release_major = "4" ]; then
> + sed -i 's|runcmd $"Syncing hardware clock|# LXC no hwclock runcmd
> $"Syncing hardware clock|' $container_rootfs/etc/rc.d/init.d/halt
> + else
> + sed -i 's|\[ -x /sbin/hwclock|\[ 0 -eq 1|'
> $container_rootfs/etc/rc.d/init.d/halt
> + fi
> + sed -i 's|/sbin/hwclock|# LXC no hwclock /sbin/hwclock|'
> $container_rootfs/etc/rc.sysinit
> + sed -i 's|/sbin/hwclock|# LXC no hwclock /sbin/hwclock|'
> $container_rootfs/etc/rc.d/rc.sysinit
>
> # dont start lvm
> sed -i 's|action $"Setting up Logical Volume Management:"|#action
> $"Setting up Logical Volume Management:"|' $container_rootfs/etc/rc.sysinit
> @@ -168,7 +196,7 @@ EOF
> sed -i 's|&& $1 !~ /^\\/dev\\/ram/|\&\& $2 !~ /^\\/dev\\/lxc/ \&\& $1 !~
> /^\\/dev\\/ram/|' $container_rootfs/etc/init.d/halt
>
> # start a getty on /dev/console, /dev/tty[1-4]
> - if [ $container_release_major = "5" ]; then
> + if [ $container_release_major = "4" -o $container_release_major = "5" ];
> then
> sed -i '/1:2345:respawn/i cns:2345:respawn:/sbin/mingetty console'
> $container_rootfs/etc/inittab
> sed -i '/5:2345:respawn/d' $container_rootfs/etc/inittab
> sed -i '/6:2345:respawn/d' $container_rootfs/etc/inittab
> @@ -193,10 +221,10 @@ EOF
> # some of these might not exist in the image, so we silence chkconfig
> complaining
> # about the service file not being found
> for service in \
> - acpid auditd autofs cpuspeed dund gpm haldaemon hidd \
> - ip6tables irqbalance iscsi iscsid isdn kdump kudzu \
> - lm_sensors lvm2-monitor mdmonitor microcode_ctl \
> - ntpd postfix sendmail udev-post ;
> + acpid apmd auditd autofs cpuspeed dund gpm haldaemon hidd \
> + ip6tables irqbalance iscsi iscsid isdn kdump kudzu \
> + lm_sensors lvm2-monitor mdmonitor microcode_ctl
> \
> + ntpd pcmcia postfix sendmail udev-post xfs ;
> do
> chroot $container_rootfs chkconfig 2>/dev/null $service off
> done
> @@ -238,7 +266,7 @@ EOF
> rm -f $container_rootfs/var/log/messages
>
> # add oracle user, set root password
> - chroot $container_rootfs useradd --create-home -s /bin/bash oracle
> + chroot $container_rootfs useradd -m -s /bin/bash oracle
> echo "oracle:oracle" | chroot $container_rootfs chpasswd
> echo "root:root" | chroot $container_rootfs chpasswd
> echo -e "Added container user:\033[1moracle\033[0m
> password:\033[1moracle\033[0m"
> @@ -256,7 +284,7 @@ container_config_create()
> sed 's/\(..\)/\1:/g; s/.$//'`"
> mkdir -p $cfg_dir || die "unable to create config dir $cfg_dir"
> cat <<EOF >> $cfg_dir/config || die "unable to create $cfg_dir/config"
> -# Container configuration for Oracle Linux $release_major.$release_minor
> +# Container configuration for Oracle Linux
> $container_release_major.$container_release_minor
> lxc.arch = $arch
> lxc.utsname = $name
> lxc.devttydir = lxc
> @@ -264,6 +292,7 @@ lxc.tty = 4
> lxc.pts = 1024
> lxc.rootfs = $container_rootfs
> lxc.mount = $cfg_dir/fstab
> +lxc.cap.drop = sys_rawio
> # Networking
> EOF
>
> @@ -291,7 +320,6 @@ lxc.cgroup.devices.allow = c 1:8 rwm # /dev/random
> lxc.cgroup.devices.allow = c 1:9 rwm # /dev/urandom
> lxc.cgroup.devices.allow = c 136:* rwm # /dev/tty[1-4] ptys and lxc
> console
> lxc.cgroup.devices.allow = c 5:2 rwm # /dev/ptmx pty master
> -lxc.cgroup.devices.allow = c 254:0 rwm # /dev/rtc0
> EOF
>
> cat <<EOF > $cfg_dir/fstab || die "unable to create $cfg_dir/fstab"
> @@ -317,7 +345,7 @@ container_rootfs_clone()
> container_rootfs_create()
> {
> cmds="rpm wget yum"
> - if [ $release_major = "5" ]; then
> + if [ $container_release_major = "5" ]; then
> if [ $host_distribution = "Ubuntu" ]; then
> db_dump_cmd="db5.1_dump"
> db_load_cmd="db4.3_load"
> @@ -344,16 +372,16 @@ container_rootfs_create()
> die "The template is busy."
> fi
>
> - echo "Downloading release $release_major.$release_minor for
> $basearch"
> + echo "Downloading release
> $container_release_major.$container_release_minor for $basearch"
>
> # get yum repo file
> public_yum_url=http://public-yum.oracle.com
> - if [ $release_major = "5" ]; then
> + if [ $container_release_major = "5" ]; then
> repofile=public-yum-el5.repo
> - elif [ $release_major = "6" ]; then
> + elif [ $container_release_major = "6" ]; then
> repofile=public-yum-ol6.repo
> else
> - die "Unsupported release $release_major"
> + die "Unsupported release $container_release_major"
> fi
> mkdir -p $container_rootfs/etc/yum.repos.d
> wget -q $public_yum_url/$repofile -O
> $container_rootfs/etc/yum.repos.d/$repofile
> @@ -371,16 +399,16 @@ container_rootfs_create()
> fi
>
> # disable all repos, then enable the repo for the version we are
> installing.
> - if [ $release_minor = "latest" ]; then
> - if [ $release_major = "5" ]; then
> - repo="el"$release_major"_"$release_minor
> + if [ $container_release_minor = "latest" ]; then
> + if [ $container_release_major = "5" ]; then
> + repo="el"$container_release_major"_"$container_release_minor
> else
> - repo="ol"$release_major"_"$release_minor
> + repo="ol"$container_release_major"_"$container_release_minor
> fi
> - elif [ $release_minor = "0" ]; then
> - repo="ol"$release_major"_ga_base"
> + elif [ $container_release_minor = "0" ]; then
> + repo="ol"$container_release_major"_ga_base"
> else
> - repo="ol"$release_major"_u"$release_minor"_base"
> +
> repo="ol"$container_release_major"_u"$container_release_minor"_base"
> fi
> sed -i "s|enabled=1|enabled=0|"
> $container_rootfs/etc/yum.repos.d/$repofile
> sed -i "/\[$repo\]/,/\[/ s/enabled=0/enabled=1/"
> $container_rootfs/etc/yum.repos.d/$repofile
> @@ -401,7 +429,7 @@ container_rootfs_create()
> # that coreutils is installed, reinstall the packages so their POSTIN
> # runs right. similarly, libutempter depends on libselinux.so.1 when
> # it runs /usr/sbin/groupadd, so reinstall it too
> - if [ $release_major = "5" ]; then
> + if [ $container_release_major = "5" ]; then
> rpm --root $container_rootfs --nodeps -e rsyslog pam libutempter
> $yum_cmd install rsyslog pam libutempter
> if [ $? -ne 0 ]; then
> @@ -419,7 +447,7 @@ container_rootfs_create()
> # downgrade it to Hash version 8 for use with OL5.x
> db_version=`file $container_rootfs/var/lib/rpm/Packages | \
> grep -o 'version [0-9]*' |awk '{print $2}'`
> - if [ $release_major = "5" -a $db_version != "8" ]; then
> + if [ $container_release_major = "5" -a $db_version != "8" ]; then
> echo "Fixing (downgrading) rpm database from version $db_version"
> rm -f $container_rootfs/var/lib/rpm/__db*
> for db in $container_rootfs/var/lib/rpm/* ; do
> @@ -436,6 +464,22 @@ container_rootfs_create()
> ) 200>@LOCALSTATEDIR@/lock/subsys/lxc-oracle-$name
> }
>
> +container_release_get()
> +{
> + if [ -f $1/etc/oracle-release ]; then
> + container_release_version=`cat $1/etc/oracle-release |awk '/^Oracle/
> {print $5}'`
> + container_release_major=`echo $container_release_version |awk -F '.'
> '{print $1}'`
> + container_release_minor=`echo $container_release_version |awk -F '.'
> '{print $2}'`
> + elif grep -q Nahant $1/etc/redhat-release; then
> + container_release_major=`cat $1/etc/redhat-release |awk '{print $7}'`
> + container_release_minor=`cat $1/etc/redhat-release |awk '{print
> $10}' |tr -d ")"`
> +
> container_release_version="$container_release_major.$container_release_minor"
> + else
> + echo "Unable to determine container release version"
> + exit 1
> + fi
> +}
> +
> usage()
> {
> cat <<EOF
> @@ -465,7 +509,7 @@ do
> -p|--path) cfg_dir=$2; shift 2;;
> -n|--name) name=$2; shift 2;;
> -a|--arch) arch=$2; shift 2;;
> - -R|--release) release_version=$2; shift 2;;
> + -R|--release) container_release_version=$2; shift 2;;
> -u|--url) repourl=$2; shift;;
> -t|--templatefs) template_rootfs=$2; shift 2;;
> --) shift 1; break ;;
> @@ -505,14 +549,15 @@ fi
> container_rootfs="$cfg_dir/rootfs"
>
> if [ -n "$template_rootfs" ]; then
> - release_version=`cat $template_rootfs/etc/oracle-release |awk '/^Oracle/
> {print $5}'`
> -fi
> -if [ -z "$release_version" ]; then
> - echo "No release specified with -R, defaulting to 6.3"
> - release_version="6.3"
> + container_release_get $template_rootfs
> +else
> + if [ -z "$container_release_version" ]; then
> + echo "No release specified with -R, defaulting to 6.3"
> + container_release_version="6.3"
> + fi
> + container_release_major=`echo $container_release_version |awk -F '.'
> '{print $1}'`
> + container_release_minor=`echo $container_release_version |awk -F '.'
> '{print $2}'`
> fi
> -release_major=`echo $release_version |awk -F '.' '{print $1}'`
> -release_minor=`echo $release_version |awk -F '.' '{print $2}'`
>
> if which lsb_release >/dev/null 2>&1; then
> host_distribution=`lsb_release --id |awk '{print $3}'`
> @@ -546,9 +591,7 @@ else
> container_rootfs_create
> fi
>
> -container_release_version=`cat $container_rootfs/etc/oracle-release |awk
> '/^Oracle/ {print $5}'`
> -container_release_major=`echo $container_release_version |awk -F '.' '{print
> $1}'`
> -container_release_minor=`echo $container_release_version |awk -F '.' '{print
> $2}'`
> +container_release_get $container_rootfs
>
> container_rootfs_configure
>
>
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnmore_122712
_______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
