[lxc-devel] [PATCH] [RFC] Reduce duplication in new style configs

Mon Jun 23 13:34:19 UTC 2014

On Fri, 20 Jun 2014 17:30:33 -0400
Stéphane Graber <stgraber at ubuntu.com> wrote:

> This is a rather massive cleanup of config/templates/*
> 
> As new templates were added, I've noticed that we pretty much all
> share the tty/pts configs, some capabilities being dropped and most
> of the cgroup configuration. All the userns configs were also almost
> identical.
> 
> As a result, this change introduces two new files:
>  - common.conf.in
>  - userns.conf.in
> 
> Each is included by the relevant <template>.<type>.conf.in templates,
> this means that the individual per-template configs are now overlays
> on top of the default config.
> 
> Once we see a specific key becoming popular, we ought to check whether
> it should also be applied to the other templates and if more than 50%
> of the templates have it set to the same value, that value ought to be
> moved to the master config file and then overriden for the templates
> that do not use it.
> 
> This change while pretty big and scary, shouldn't be very visible
> from a user point of view, the actual changes can be summarized as:
>  - Extend clonehostname to work with Debian based distros and use it
> for all containers.
>  - lxc.pivotdir is now set to lxc_putold for all templates, this means
>    that instead of using /mnt in the container, lxc will create and
> use /lxc_putold instead. The reason for this is to avoid failures
> when the user bind-mounts something else on top of /mnt.
>  - Some minor cgroup limit changes, the main one I remember is
>    /dev/console now being writable by all of the redhat based
> containers. The rest of the set should be identical with additions in
> the per-distro ones.
>  - Drop binfmtmisc and efivars bind-mounts for non-mountall based
>    unpriivileged containers as I assumed they got those from
> copy/paste from Ubuntu and not because they actually need those
> entries. (If I'm wrong, we probably should move those to userns.conf
> then).
> 
> Additional investigation and changes to reduce the config delta
> between distros would be appreciated. In practice, I only expect
> lxc.cap.drop and lxc.mount.entry to really vary between distros
> (depending on the init system, the rest should be mostly common.
> 
> I'm marking this as RFC because I haven't done any testing on this yet
> and I've got to work on something else right now. I'd appreciate the
> input from the affected template maintainers!

Hi Stéphane, I looked through this and it looks good to me (one minor
comment below). Thanks.

> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
> ---

[...]

> diff --git a/hooks/clonehostname b/hooks/clonehostname
> index 8865c2d..e5676af 100755
> --- a/hooks/clonehostname
> +++ b/hooks/clonehostname
> @@ -20,7 +20,9 @@
>  # Note that /etc/hostname is updated by lxc itself
>  for file in \
>      $LXC_ROOTFS_PATH/etc/sysconfig/network \
> -    $LXC_ROOTFS_PATH/etc/sysconfig/network-scripts/ifcfg-* ;
> +    $LXC_ROOTFS_PATH/etc/sysconfig/network-scripts/ifcfg-* \
> +    $LXC_ROOTFS_PATH/etc/hostname \
> +    $LXC_ROOTFS_PATH/etc/hosts ;
>  do
>      if [ -f $file ]; then
>          sed -i "s|$LXC_SRC_NAME|$LXC_NAME|" $file

As I put in the comment above, I didn't put /etc/hostname into the list
in the hook since clone_update_rootfs() already does it, and if we
put it here it will override the LXC_CLONE_KEEPNAME flag.