[Lxc-users] rant: Debian template
Hi Anybody actually uses the Debian template? I tried to figure out how I can pass a suite parameter to it, only to see that * The parameter is hardwired (to an obsolete value: http://bugs.debian.org/600456 ) * the script does not pass any custom argumets to the template script, so I'm not encourged to make it a parameter. Compare that to 'vserver build': http://linux-vserver.org/Building_Guest_Systems If this bug is open for so long, I suspect most users don't really use those templates. Am I right? What do you use to set up a new Debian system? And a general rant: no IRC channel to ask questions on, and no link to the mailing list from http://lxc.sourceforge.net (the page mentioned as Homepage of the package on my package manager). Cheers, -- Tzafrir Cohen icq#16849755 jabber:tzafrir.co...@xorcom.com +972-50-7952406 mailto:tzafrir.co...@xorcom.com http://www.xorcom.com iax:gu...@local.xorcom.com/tzafrir -- EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] Ubuntu Lucid containers on Ubuntu Natty
There are a few issues with creating a lucid container, then adding the
updates and security repositories.
If you add them later, you'll get problems that prevent your container from
fully starting if you upgrade the following:
mountall (2.14 = 2.15.3) and
ifupdown (0.6.8ubuntu29 = 0.6.8ubuntu29.2)
mountall will override container/lib/init/fstab to look like:
# /lib/init/fstab: static file system information.
#
# These are the filesystems that are always mounted on boot, you can
# override any of these by copying the appropriate line from this file into
# /etc/fstab and tweaking it as you see fit. See fstab(5).
#
# file system mount point type options
dump pass
/dev/root / rootfs defaults
0 1
none/proc proc
nodev,noexec,nosuid 0 0
none/proc/sys/fs/binfmt_misc binfmt_misc
nodev,noexec,nosuid,optional 0 0
none/sys sysfs
nodev,noexec,nosuid 0 0
none/sys/fs/fuse/connections fusectl optional
0 0
none/sys/kernel/debug debugfs optional
0 0
none/sys/kernel/security securityfs optional
0 0
none/spu spufs gid=spu,optional
0 0
none/dev devtmpfs,tmpfs mode=0755
0 0
none/dev/pts devpts
noexec,nosuid,gid=tty,mode=0620 0 0
none/dev/shm tmpfs nosuid,nodev
0 0
none/tmp nonedefaults
0 0
none/var/run tmpfs
mode=0755,nosuid,showthrough 0 0
none/var/lock tmpfs
nodev,noexec,nosuid,showthrough 0 0
none/lib/init/rw tmpfs
mode=0755,nosuid,optional 0 0
Instead of:
# /lib/init/fstab: lxc system fstab
none/spu spufs gid=spu,optional
0 0
none/tmp nonedefaults
0 0
none/var/lock tmpfs
nodev,noexec,nosuid,showthrough 0 0
none/lib/init/rw tmpfs
mode=0755,nosuid,optional 0 0
I note that other versions of ubuntu don't seem to require this stripped
down /lib/init/fstab, can anyone explain why?
If you replace it with the old version, you'll be good to go, but...
ifupdown has these changes (though I don't quite understand why they're an
issue, seems like they should just work..):
diff -u -r
ifupdown-0.6.8ubuntu29/debian/ifupdown.network-interface-security.upstart
ifupdown-0.6.8ubuntu29.2/debian/ifupdown.network-interface-security.upstart
---
ifupdown-0.6.8ubuntu29/debian/ifupdown.network-interface-security.upstart
2010-02-20 17:30:21.0 +1300
+++
ifupdown-0.6.8ubuntu29.2/debian/ifupdown.network-interface-security.upstart
2011-01-05 07:48:34.0 +1300
@@ -13,14 +13,22 @@
or starting network-manager
or starting networking)
+# In order to handle the lack of upstart feature LP: #568860, we need to
+# run multiple times, for each of the above starting service instances,
or
+# else another one might run while we're running, and not wait for us to
+# finish.
+instance $JOB${INTERFACE:+/}${INTERFACE:-}
+
# Since we need these profiles to be loaded before any of the above
services
# begin running, this service must be a pre-start so that its pre-start
# script finishes before the above services' start scripts begin.
pre-start script
+[ -f /var/run/network-interface-security ] exit 0 # already ran
[ -d /rofs/etc/apparmor.d ] exit 0 # do not load on liveCD
[ -d /sys/module/apparmor ] || exit 0 # do not load without AppArmor
[ -x /sbin/apparmor_parser ] || exit 0 # do not load without parser
for link in /etc/apparmor/init/network-interface-security/* ; do
[ -L $link ] /sbin/apparmor_parser -r -W $link || true
done
+ /var/run/network-interface-security
end script
diff -u -r ifupdown-0.6.8ubuntu29/debian/ifupdown.network-interface.upstart
ifupdown-0.6.8ubuntu29.2/debian/ifupdown.network-interface.upstart
--- ifupdown-0.6.8ubuntu29/debian/ifupdown.network-interface.upstart
2010-02-20 17:30:21.0 +1300
+++ ifupdown-0.6.8ubuntu29.2/debian/ifupdown.network-interface.upstart
2011-01-05 07:48:34.0 +1300
@@ -10,8 +10,15 @@
stop on net-device-removed INTERFACE=$INTERFACE
instance $INTERFACE
+export INTERFACE
pre-start script
+if [ $INTERFACE = lo ]; then
+ # bring this up even if /etc/network/interfaces is broken
+ ifconfig lo 127.0.0.1 up || true
+ initctl emit -n net-device-up \
+ IFACE=lo LOGICAL=lo ADDRFAM=inet METHOD=loopback || true
+fi
mkdir -p
Re: [Lxc-users] rant: Debian template
i had noticed that and avoided it in the lxc-fedora template which takes an argument --release it should be done the same for debian for ubuntu they provide multiple template files with the suite hardcoded to something different it should be trivial, but again is that the only difference or there are other config lines that are changed? On Tue, Jun 21, 2011 at 12:40 PM, Tzafrir Cohen tzafrir.co...@xorcom.comwrote: Hi Anybody actually uses the Debian template? I tried to figure out how I can pass a suite parameter to it, only to see that * The parameter is hardwired (to an obsolete value: http://bugs.debian.org/600456 ) * the script does not pass any custom argumets to the template script, so I'm not encourged to make it a parameter. Compare that to 'vserver build': http://linux-vserver.org/Building_Guest_Systems If this bug is open for so long, I suspect most users don't really use those templates. Am I right? What do you use to set up a new Debian system? And a general rant: no IRC channel to ask questions on, and no link to the mailing list from http://lxc.sourceforge.net (the page mentioned as Homepage of the package on my package manager). Cheers, -- Tzafrir Cohen icq#16849755 jabber:tzafrir.co...@xorcom.com +972-50-7952406 mailto:tzafrir.co...@xorcom.com http://www.xorcom.com iax:gu...@local.xorcom.com/tzafrir -- EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Ubuntu Lucid containers on Ubuntu Natty
Quoting Elliot Pahl (elliot.p...@gmail.com): Is there a good solution for these issues? Is the solution to modify the debootstrap template, or does it lie elsewhere? Thanks for bringing this up, Elliot. I've gone ahead and backported the oneiric lxc package to lucid and pushed it to https://launchpad.net/~ubuntu-virt/+archive/ppa?field.series_filter=lucid I created a full lucid debootstrap - actually I copied /usr/lib/lxc/templates/lxc-natty to /usr/lib/lxc/templates/lxc-lucidfull, removed 'lxcguest' from the list of packages to be installed with debootstrap, and used '-t lucifull' to create a container. Then I chrooted into that container and installed the backported lxcguest*.deb. Exited, started the container, success. -serge -- EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] lxc-clone
Hi Daniel, Quoting Daniel Lezcano (daniel.lezc...@free.fr): +echo Tweaking configuration +cp $lxc_path/$lxc_orig/config $lxc_path/$lxc_new/config +sed -i '/lxc.utsname/d' $lxc_path/$lxc_new/config +echo lxc.utsname = $hostname $lxc_path/$lxc_new/config We should not assume lxc.utsname is in the configuration file in order to not write a hostname in all the cases. The user may want to let the container to setup itself the hostname. What do you think is the best way to do this? We could allow the user to specify a 'firstboot' script, which gets copied into root directory of the container. Maybe boot the container when it's done, run /firstboot.sh, and shut down. Or just let that happen when the user first boots. We could use a /etc/init.d/lxc-firstboot script, but that will only work if the container's init system actually looks at sysvinit scripts. Obviously sysvinit and upstart do, and I must assume that systemd does. lxc-init I assume doesn't. Mmh, that's look a bit complicate for the user. I was thinking about something simpler like: grep -q lxc.utsname $lxc_path/$lxc_new/config if [ $? == 0 ]; then sed -e s/lxc.utsname/lxc.utsname=$hostname $lxc_path/$lxc_new/config else echo lxc.utsname = $hostname $lxc_path/$lxc_new/config fi I started changing my code to this, but now am wondering how this differs from what I was doing, which was: sed -i '/lxc.utsname/d' $lxc_path/$lxc_new/config echo lxc.utsname = $hostname $lxc_path/$lxc_new/config The only difference is that in mine, if the original config had a hostname at top of file, it'll now be at bottom of file. But with both your snippets and mine, the 'lxc.utsname = new_hostname' will be the one and only utsname in the config. If you still think it's worth changing I'll do so, but I like that mine is shorter. -serge -- EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] [PATCH 1/1] Add lxc-clone script
Create an lxc-clone script to clone containers. It should probably
be factored into helpers and then enhanced, in particular to convert
between LVM and non-LVM containers, create non-snapshot LVM clones,
support loopback devices, and, when stable enough, to use
overlayfs, btrfs, etc.
But this is a start.
Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com
---
configure.ac |1 +
lxc.spec.in |1 +
src/lxc/Makefile.am |1 +
src/lxc/lxc-clone.in | 208 ++
4 files changed, 211 insertions(+), 0 deletions(-)
create mode 100644 src/lxc/lxc-clone.in
diff --git a/configure.ac b/configure.ac
index 6cce1b4..0d4f4c0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -157,6 +157,7 @@ AC_CONFIG_FILES([
src/lxc/lxc-setuid
src/lxc/lxc-version
src/lxc/lxc-create
+ src/lxc/lxc-clone
src/lxc/lxc-destroy
])
diff --git a/lxc.spec.in b/lxc.spec.in
index 452493d..f22cd06 100644
--- a/lxc.spec.in
+++ b/lxc.spec.in
@@ -78,6 +78,7 @@ rm -rf %{buildroot}
%{_bindir}/*
%attr(4111,root,root) %{_bindir}/lxc-attach
%attr(4111,root,root) %{_bindir}/lxc-create
+%attr(4111,root,root) %{_bindir}/lxc-clone
%attr(4111,root,root) %{_bindir}/lxc-start
%attr(4111,root,root) %{_bindir}/lxc-netstat
%attr(4111,root,root) %{_bindir}/lxc-unshare
diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am
index 9def453..1dfca00 100644
--- a/src/lxc/Makefile.am
+++ b/src/lxc/Makefile.am
@@ -70,6 +70,7 @@ bin_SCRIPTS = \
lxc-setuid \
lxc-version \
lxc-create \
+ lxc-clone \
lxc-destroy
bin_PROGRAMS = \
diff --git a/src/lxc/lxc-clone.in b/src/lxc/lxc-clone.in
new file mode 100644
index 000..91944a0
--- /dev/null
+++ b/src/lxc/lxc-clone.in
@@ -0,0 +1,208 @@
+#!/bin/bash
+
+#
+# lxc: linux Container library
+
+# Authors:
+# Serge Hallyn serge.hal...@ubuntu.com
+# Daniel Lezcano daniel.lezc...@free.fr
+
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+usage() {
+echo usage: lxc-clone -o orig -n new [-s] [-h] [-L fssize] [-v
vgname]
+}
+
+help() {
+usage
+echo
+echo creates a lxc system object.
+echo
+echo Options:
+echo orig: name of the original container
+echo new : name of the new container
+echo -s : make the new rootfs a snapshot of the original
+echo fssize : size if creating a new fs. By default, 2G
+echo vgname : lvm volume group name, lxc by default
+}
+
+shortoptions='ho:n:sL:v:'
+longoptions='help,orig:,name:,snapshot,fssize,vgname'
+lxc_path=/var/lib/lxc
+bindir=/usr/bin
+snapshot=no
+lxc_size=2G
+lxc_vg=lxc
+
+getopt=$(getopt -o $shortoptions --longoptions $longoptions -- $@)
+if [ $? != 0 ]; then
+usage
+exit 1;
+fi
+
+eval set -- $getopt
+
+while true; do
+case $1 in
+ -h|--help)
+ help
+ exit 1
+ ;;
+ -s|--snapshot)
+ shift
+ snapshot=yes
+ ;;
+ -o|--orig)
+ shift
+ lxc_orig=$1
+ shift
+ ;;
+ -L|--fssize)
+ shift
+ lxc_size=$1
+ shift
+ ;;
+ -v|--vgname)
+ shift
+ lxc_vg=$1
+ shift
+ ;;
+ -n|--new)
+ shift
+ lxc_new=$1
+ shift
+ ;;
+--)
+ shift
+ break;;
+*)
+ echo $1
+ usage
+ exit 1
+ ;;
+esac
+done
+
+if [ -z $lxc_path ]; then
+echo no configuration path defined !
+exit 1
+fi
+
+if [ ! -r $lxc_path ]; then
+echo configuration path '$lxc_path' not found
+exit 1
+fi
+
+if [ -z $lxc_orig ]; then
+echo no original container name specified
+usage
+exit 1
+fi
+
+if [ -z $lxc_new ]; then
+echo no new container name specified
+usage
+exit 1
+fi
+
+if [ $(id -u) != 0 ]; then
+ echo This command has to be run as root
+ exit 1
+fi
+
+if [ ! -r $lxc_path ]; then
+echo no configuration path defined !
+exit 1
+fi
+
+if [ ! -d $lxc_path/$lxc_orig ]; then
+echo '$lxc_orig' does not exist
+
