Re: [lxc-devel] [PATCH 2/6] shutdown fixes for openSUSE container
On 02/19/2013 08:44 PM, Serge Hallyn wrote: > Quoting Jiri Slaby (jsl...@suse.cz): >> From: Frederic Crozat >> >> - mount /run on tmpfs outside container >> - replace /var/run bind mount on /run by a symlink >> --- > > Formality, but could you please sign off your patches? You can stick my: Signed-off-by: Jiri Slaby to all of them... Do you want me to resend? thanks, -- js suse labs -- Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the endpoint security space. For insight on selecting the right partner to tackle endpoint security challenges, access the full report. http://p.sf.net/sfu/symantec-dev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 4/6] lxc-opensuse: update for 12.2
On 02/19/2013 08:51 PM, Serge Hallyn wrote: > Quoting Jiri Slaby (jsl...@suse.cz): >> From: Frederic Crozat >> >> This adaptation of systemd. We also add network configuration support. > > Is there any point in worrying about support for older versions? > > (If not, that's fine) No, as we do not have a capacity to support multiple versions :/. -- js suse labs -- Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the endpoint security space. For insight on selecting the right partner to tackle endpoint security challenges, access the full report. http://p.sf.net/sfu/symantec-dev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH 7/7] lxc-opensuse: print \n from one echo
Otherwise the output looks like: Copying rootfs to /var/lib/lxc/tomcat/rootfs ...Please change root-password ! --- templates/lxc-opensuse.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/lxc-opensuse.in b/templates/lxc-opensuse.in index 1829ddf..d8aa2a1 100644 --- a/templates/lxc-opensuse.in +++ b/templates/lxc-opensuse.in @@ -188,7 +188,7 @@ copy_opensuse() rootfs=$3 # make a local copy of the mini opensuse -echo -n "Copying rootfs to $rootfs ..." +echo "Copying rootfs to $rootfs ..." mkdir -p $rootfs rsync -Ha $cache/rootfs-$arch/ $rootfs/ || return 1 return 0 -- 1.8.1.2 -- Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the endpoint security space. For insight on selecting the right partner to tackle endpoint security challenges, access the full report. http://p.sf.net/sfu/symantec-dev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH 6/6] lxc-opensuse: proper failure
Fail if something goes wrong. We used to continue and show one failure
after another.
---
templates/lxc-opensuse.in | 14 +++---
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/templates/lxc-opensuse.in b/templates/lxc-opensuse.in
index 820368e..1829ddf 100644
--- a/templates/lxc-opensuse.in
+++ b/templates/lxc-opensuse.in
@@ -113,10 +113,10 @@ download_opensuse()
# download a mini opensuse into a cache
echo "Downloading opensuse minimal ..."
mkdir -p "$cache/partial-$arch-packages"
-zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar
http://download.opensuse.org/distribution/$DISTRO/repo/oss/ repo-oss
-zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar
http://download.opensuse.org/update/$DISTRO/ update
-zypper --quiet --root $cache/partial-$arch-packages --non-interactive
--gpg-auto-import-keys update
-zypper --root $cache/partial-$arch-packages --non-interactive in
--auto-agree-with-licenses --download-only zypper lxc patterns-openSUSE-base
bash iputils sed tar
+zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar
http://download.opensuse.org/distribution/$DISTRO/repo/oss/ repo-oss || return 1
+zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar
http://download.opensuse.org/update/$DISTRO/ update || return 1
+zypper --quiet --root $cache/partial-$arch-packages --non-interactive
--gpg-auto-import-keys update || return 1
+zypper --root $cache/partial-$arch-packages --non-interactive in
--auto-agree-with-licenses --download-only zypper lxc patterns-openSUSE-base
bash iputils sed tar || return 1
cat > $cache/partial-$arch-packages/opensuse.conf << EOF
Preinstall: aaa_base bash coreutils diffutils
Preinstall: filesystem fillup glibc grep insserv
@@ -152,9 +152,9 @@ EOF
done
fi
-CLEAN_BUILD=1 BUILD_ARCH="$arch" BUILD_ROOT="$cache/partial-$arch"
BUILD_DIST="$cache/partial-$arch-packages/opensuse.conf"
PATH="$PATH:/usr/lib/build" /usr/lib/build/init_buildsystem --clean
--configdir /usr/lib/build/configs --cachedir $cache/partial-$arch-cache
--repository
$cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/$arch
--repository
$cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/noarch
--repository $cache/partial-$arch-packages/var/cache/zypp/packages/update/$arch
--repository $cache/partial-$arch-packages/var/cache/zypp/packages/update/noarch
-chroot $cache/partial-$arch /usr/bin/zypper --quiet --non-interactive ar
http://download.opensuse.org/distribution/$DISTRO/repo/oss repo-oss
-chroot $cache/partial-$arch /usr/bin/zypper --quiet --non-interactive ar
http://download.opensuse.org/update/$DISTRO/ update
+CLEAN_BUILD=1 BUILD_ARCH="$arch" BUILD_ROOT="$cache/partial-$arch"
BUILD_DIST="$cache/partial-$arch-packages/opensuse.conf"
PATH="$PATH:/usr/lib/build" /usr/lib/build/init_buildsystem --clean
--configdir /usr/lib/build/configs --cachedir $cache/partial-$arch-cache
--repository
$cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/$arch
--repository
$cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/noarch
--repository $cache/partial-$arch-packages/var/cache/zypp/packages/update/$arch
--repository
$cache/partial-$arch-packages/var/cache/zypp/packages/update/noarch || return 1
+chroot $cache/partial-$arch /usr/bin/zypper --quiet --non-interactive ar
http://download.opensuse.org/distribution/$DISTRO/repo/oss repo-oss || return 1
+chroot $cache/partial-$arch /usr/bin/zypper --quiet --non-interactive ar
http://download.opensuse.org/update/$DISTRO/ update || return 1
# really clean the image
rm -fr $cache/partial-$arch/{.build,.guessed_dist,.srcfiles*,installed-pkg}
rm -fr $cache/partial-$arch/dev
--
1.8.1.2
--
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH 4/6] lxc-opensuse: update for 12.2
From: Frederic Crozat
This adaptation of systemd. We also add network configuration support.
Jiri Slaby: cleanups, rebase
---
templates/lxc-opensuse.in | 121 +++---
1 file changed, 61 insertions(+), 60 deletions(-)
diff --git a/templates/lxc-opensuse.in b/templates/lxc-opensuse.in
index 56e93d7..32ff4ec 100644
--- a/templates/lxc-opensuse.in
+++ b/templates/lxc-opensuse.in
@@ -25,7 +25,7 @@
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-DISTRO=12.1
+DISTRO=12.2
configure_opensuse()
{
@@ -34,39 +34,13 @@ configure_opensuse()
# set network as static, but everything is done by LXC outside the container
cat < $rootfs/etc/sysconfig/network/ifcfg-eth0
-STARTMODE='manual'
+STARTMODE='auto'
BOOTPROTO='none'
EOF
- # set default route
- IP=$(/sbin/ip route | awk '/default/ { print $3 }')
- echo "default $IP - -" > $rootfs/etc/sysconfig/network/routes
-
# create empty fstab
touch $rootfs/etc/fstab
-# create minimal /dev
-mknod -m 666 $rootfs/dev/random c 1 8
-mknod -m 666 $rootfs/dev/urandom c 1 9
-mkdir -m 755 $rootfs/dev/pts
-mkdir -m 1777 $rootfs/dev/shm
-mknod -m 666 $rootfs/dev/tty c 5 0
-mknod -m 600 $rootfs/dev/console c 5 1
-mknod -m 666 $rootfs/dev/tty0 c 4 0
-mknod -m 666 $rootfs/dev/tty1 c 4 1
-mknod -m 666 $rootfs/dev/tty2 c 4 2
-mknod -m 666 $rootfs/dev/tty3 c 4 3
-mknod -m 666 $rootfs/dev/tty4 c 4 4
-ln -s null $rootfs/dev/tty10
-mknod -m 666 $rootfs/dev/full c 1 7
-mknod -m 666 $rootfs/dev/ptmx c 5 2
-ln -s /proc/self/fd $rootfs/dev/fd
-ln -s /proc/kcore $rootfs/dev/core
-mkdir -m 755 $rootfs/dev/mapper
-mknod -m 600 $rootfs/dev/mapper/control c 10 60
-mkdir -m 755 $rootfs/dev/net
-mknod -m 666 $rootfs/dev/net/tun c 10 200
-
# set the hostname
cat < $rootfs/etc/HOSTNAME
$hostname
@@ -91,23 +65,6 @@ LOADER_TYPE=none
LOADER_LOCATION=none
EOF
-# cut down inittab
-cat < $rootfs/etc/inittab
-id:3:initdefault:
-si::bootwait:/etc/init.d/boot
-l0:0:wait:/etc/init.d/rc 0
-l1:1:wait:/etc/init.d/rc 1
-l2:2:wait:/etc/init.d/rc 2
-l3:3:wait:/etc/init.d/rc 3
-l6:6:wait:/etc/init.d/rc 6
-ls:S:wait:/etc/init.d/rc S
-~~:S:respawn:/sbin/sulogin
-p6::ctrlaltdel:/sbin/init 6
-p0::powerfail:/sbin/init 0
-cons:2345:respawn:/sbin/mingetty --noclear console screen
-c1:2345:respawn:/sbin/mingetty --noclear tty1 screen
-EOF
-
# set /dev/console as securetty
cat << EOF >> $rootfs/etc/securetty
console
@@ -121,10 +78,15 @@ EOF
# remove pointless services in a container
-chroot $rootfs /sbin/insserv -r -f boot.udev boot.loadmodules
boot.device-mapper boot.clock boot.swap boot.klog kbd
+ln -s /dev/null
$rootfs/etc/systemd/system/proc-sys-fs-binfmt_misc.automount
+ln -s /dev/null $rootfs/etc/systemd/system/console-shell.service
+ln -s /dev/null $rootfs/etc/systemd/system/systemd-vconsole-setup.service
+ln -s /lib/systemd/system/getty@.service
$rootfs/etc/systemd/system/getty.target.wants/getty@console.service
+
+touch $rootfs/etc/sysconfig/kernel
echo "Please change root-password !"
-echo "root:root" | chroot $rootfs chpasswd
+echo "root:root" | chpasswd -R $rootfs
return 0
}
@@ -154,30 +116,45 @@ download_opensuse()
zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar
http://download.opensuse.org/distribution/$DISTRO/repo/oss/ repo-oss
zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar
http://download.opensuse.org/update/$DISTRO/ update
zypper --quiet --root $cache/partial-$arch-packages --non-interactive
--gpg-auto-import-keys update
-zypper --root $cache/partial-$arch-packages --non-interactive in
--auto-agree-with-licenses --download-only zypper lxc patterns-openSUSE-base
sysvinit-init
+zypper --root $cache/partial-$arch-packages --non-interactive in
--auto-agree-with-licenses --download-only zypper lxc patterns-openSUSE-base
iputils
cat > $cache/partial-$arch-packages/opensuse.conf << EOF
Preinstall: aaa_base bash coreutils diffutils
-Preinstall: filesystem fillup glibc grep insserv libacl1 libattr1
-Preinstall: libbz2-1 libgcc46 libxcrypt libncurses5 pam
+Preinstall: filesystem fillup glibc grep insserv
+Preinstall: libbz2-1 libgcc47 libncurses5 pam
Preinstall: permissions libreadline6 rpm sed tar zlib libselinux1
-Preinstall: liblzma5 libcap2 libpcre0
+Preinstall: liblzma5 libcap2 libacl1 libattr1
Preinstall: libpopt0 libelf1 liblua5_1
+Preinstall: libpcre1
RunScripts: aaa_base
Support: zypper
Support: patterns-openSUSE-base
Support: lxc
-Prefer: sysvinit-init
-
-Ignore: patterns-openSUSE-base:patterns-openSUSE-yast2_install_wf
+Support: ncurses-utils
+Support: iputils
+S
[lxc-devel] [PATCH 2/6] shutdown fixes for openSUSE container
From: Frederic Crozat - mount /run on tmpfs outside container - replace /var/run bind mount on /run by a symlink --- templates/lxc-opensuse.in | 5 + 1 file changed, 5 insertions(+) diff --git a/templates/lxc-opensuse.in b/templates/lxc-opensuse.in index f69eae1..56e93d7 100644 --- a/templates/lxc-opensuse.in +++ b/templates/lxc-opensuse.in @@ -188,6 +188,10 @@ EOF # create mtab symlink rm -f $cache/partial-$arch/etc/mtab ln -sf /proc/self/mounts $cache/partial-$arch/etc/mtab + +# ensure /var/run and /run are symlinked +rm -fr $cache/partial-$arch/var/run +ln -s -f ../run $cache/partial-$arch/var/run if [ $? -ne 0 ]; then echo "Failed to download the rootfs, aborting." return 1 @@ -290,6 +294,7 @@ EOF cat < $path/fstab procproc proc nodev,noexec,nosuid 0 0 sysfs sys sysfs defaults 0 0 +tmpfs run tmpfs mode=0755,nodev,nosuid 0 0 EOF if [ $? -ne 0 ]; then -- 1.8.1.2 -- Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the endpoint security space. For insight on selecting the right partner to tackle endpoint security challenges, access the full report. http://p.sf.net/sfu/symantec-dev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH 3/6] give a hint if old cgroup can't be moved
From: Frederic Crozat
When cgroup can't be moved, it might be a hint container is already
running.
---
src/lxc/cgroup.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/lxc/cgroup.c b/src/lxc/cgroup.c
index 28f3474..6630d6c 100644
--- a/src/lxc/cgroup.c
+++ b/src/lxc/cgroup.c
@@ -560,6 +560,9 @@ static int lxc_one_cgroup_create(const char *name,
if (!access(cgname, F_OK) && rmdir(cgname)) {
if (try_to_move_cgname(cgparent, cgname)) {
SYSERROR("failed to remove previous cgroup '%s'",
cgname);
+ ERROR("##");
+ ERROR("# The container might be already running!");
+ ERROR("##");
return -1;
}
}
--
1.8.1.2
--
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH 1/6] various fixes for openSUSE template for lxc-clone usage
From: Frederic Crozat - create /etc/hostname as symlink to /etc/HOSTNAME - fix inadequate space in lxc.mount config, preventing lxc-clone to work Jiri Slaby: some cleanups --- templates/lxc-opensuse.in | 9 +++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/templates/lxc-opensuse.in b/templates/lxc-opensuse.in index 65fb7b0..f69eae1 100644 --- a/templates/lxc-opensuse.in +++ b/templates/lxc-opensuse.in @@ -34,8 +34,8 @@ configure_opensuse() # set network as static, but everything is done by LXC outside the container cat < $rootfs/etc/sysconfig/network/ifcfg-eth0 -STARTMODE='auto' -BOOTPROTO='static' +STARTMODE='manual' +BOOTPROTO='none' EOF # set default route @@ -71,6 +71,8 @@ EOF cat < $rootfs/etc/HOSTNAME $hostname EOF +# ensure /etc/hostname is available too +ln -s -f HOSTNAME $rootfs/etc/hostname # do not use hostname from HOSTNAME variable cat <> $rootfs/etc/sysconfig/cron @@ -253,6 +255,9 @@ copy_configuration() rootfs=$2 name=$3 +# only disable network if no network configuration was passed +grep -q "^lxc.network.type" $path/config || echo 'lxc.network.type = empty' >> $path/config + grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config cat <> $path/config lxc.utsname = $name -- 1.8.1.2 -- Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the endpoint security space. For insight on selecting the right partner to tackle endpoint security challenges, access the full report. http://p.sf.net/sfu/symantec-dev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH 5/6] lxc-opensuse: extend base
Base no longer provides bash, sed and tar, but we need those. So add them. --- templates/lxc-opensuse.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/lxc-opensuse.in b/templates/lxc-opensuse.in index 32ff4ec..820368e 100644 --- a/templates/lxc-opensuse.in +++ b/templates/lxc-opensuse.in @@ -116,7 +116,7 @@ download_opensuse() zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/distribution/$DISTRO/repo/oss/ repo-oss zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update zypper --quiet --root $cache/partial-$arch-packages --non-interactive --gpg-auto-import-keys update -zypper --root $cache/partial-$arch-packages --non-interactive in --auto-agree-with-licenses --download-only zypper lxc patterns-openSUSE-base iputils +zypper --root $cache/partial-$arch-packages --non-interactive in --auto-agree-with-licenses --download-only zypper lxc patterns-openSUSE-base bash iputils sed tar cat > $cache/partial-$arch-packages/opensuse.conf << EOF Preinstall: aaa_base bash coreutils diffutils Preinstall: filesystem fillup glibc grep insserv -- 1.8.1.2 -- Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the endpoint security space. For insight on selecting the right partner to tackle endpoint security challenges, access the full report. http://p.sf.net/sfu/symantec-dev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
