[lxc-devel] Q: general lxc architecture
Daniel Lezcano
daniel.lezcano at free.fr
Wed Nov 11 20:30:27 UTC 2009
Andrian Nord wrote:
> On Tue, Nov 10, 2009 at 09:40:46PM +0100, Daniel Lezcano wrote:
> > * finish with the /var/lxc/* cleanup and maybe change lxc-create
> > and lxc-destroy to a simple wrapper script doing roughly cp and rm.
> >
> Heh, just like I'm doing now (copying 'template' container, that
> sed'ing config and fstab as s/template/<container>/) - maybe it make
> some sense not to rm -Rf container config directory, but silently
> move it to .<container>.destroyed, as vzctl does, so it could be
> reused if container whould be ressurected (or user may just simply rm
> -Rf it himself).
I don't see the point of resurrecting a destroyed container.
> Still, if you want to just copy container, you need the source,
> which, theoretically, should be user-modifitable. It could be some
> hardcoded path/name or, maybe, do you plan something like global
> lxc.conf config?
What I have in mind is to just copy the file somewhere with lxc-create
and remove it with lxc-destroy. And, much more later, integrate in a
nicer way lxc-debian, lxc-sshd, lxc-fedora, lxc-busybox, etc ...
> > / * launch containers without creating it (not persistent in the
> > system).
> I.e. autocreating following some hardcoded defaults inside memory,
> without producing corresponding disc structures? And how it will be
> controlled by user, if he want to have other defaults? Or you mean
> ability of start-time changing of particular config options,
> following user to specify something like lxc-execute -n lxc.temporary
> --hostname ssh.example.com /usr/sbin/sshd where 'lxc.temporary' is
> name of some persistent configuration, which is loaded as defaults?
Not exactly.
1) You created the container before, lxc-start/lxc-execute use the
configuration.
2) You didn't create the container before, lxc-start/lxc-execute use the
configuration file specified in the command line (if none specified,
then default values).
eg. lxc-start/lxc-execute -f <config> -n mycontainer -- /bin/bash
At present, this is what happens more or less because when you call
lxc-execute and the container does not exist, it is created before and
destroyed after. In case of failure, (machine crash, lxc bug, kill -9),
the container is not destroyed.
And I think it is much more simple to keep a single generic
configuration to pass it to several lxc-start/lxc-execute instead of
creating them before. But that do not prevent the create the containers
before to keep a persistent configuration for a specific container. Both
behavior are kept.
> > * check and fix the lxc-debian and lxc-sshd to match the recent
> > modifications around the /var/lxc/*
> And lxc-netstat, it assumes that initpid contained into
> ${lxcroot}/${name}/initpid
Aha, good point ! To be fixed :)
> > Yes, that makes sense with the cleanup of /var/lxc. But there are
> > some clarifications to do around the owner of a container. eg.
> > shall we let only root to create the containers and assign
> > permissions to it so a non-root user can use it ?
>
> Hm, at least this is configurable by root. He may specify some
> write-group for lxcpath, of for some specific containers only. Or he
> may just make a simple sed+echo script and give sudo on it for
> specific users =)
I think that makes sense to let root to create a container and assign
the permissions.
That can be added in the lxc-create script.
> > I am fine with this patch, is it tested ? Shall I take it ?
>
> When i've posted it i'd tested that it at compiles and changes
> LXCPATH correctly. Now I've tested it more - with this patch and
> copied configs all my 16 containers succesfully were restarted. So it
> works.
Cool, thanks.
> But, maybe it will be also usefull to move than all contents that are
> installed currently into /etc/lxc/ (examples) into
> ${docdir}/examples, where they should be, theoretically?
Yes.
> Here comes additional patch for that. I don't sure if we really need
> another configure switch for examples, but some distros like to
> provide documentation themselfs, i.e. with additional compression, so
> this could be useful for them.
>
> Also, if everyone in agreement, that /etc/lxc/ is better placement
> for configurations, maybe it could be done as default? It will break
> backward compability, but everyone who uses git version must be
> awared of such things and next release will probably need some
> migration-tool anyway.
I would like to keep the actual default and let the different distro
maintainers to change that in their spec files and add a post-install
script to move the existing containers from /var/lxc to /etc/lxc. When
everyone moved to /etc then we can change the default.
As I specified in the man page of lxc, I don't guarantee, until version
1.0.0 is reached, the compatibility between version. Of course, that
don't prevent us to take care of that in the changes ;)
lxc is not yet stable enough (in terms of api / cli syntax / behaviour),
to plan a migration tool.
> Also, if you are planning to have some general lxc-utils' config (say
> /etc/lxc/lxc.conf), maybe lxcpath should be pointed at
> /etc/lxc/containers/ or something like that? (I'm currently using
> /etc/lxc/common/ directory for internal use, i.e. for common for
> containers configuration files that are bind'ed into container and
> symliked at their systems path)
>
> Patch moves etc/* contents into doc/examples/ and adds
> --disable-examples configure switch which may be used not to install
> examples. Default is to install them into ${docdir}/examples
> (commonly: /usr/share/doc/lxc/examples)
>
> Signed-off-by: Andrian Nord <NightNord at gmail.com>
>
> diff --git a/Makefile.am b/Makefile.am index 3933d2a..90b771b 100644
> --- a/Makefile.am +++ b/Makefile.am @@ -2,8 +2,8 @@
>
> ACLOCAL_AMFLAGS = -I config
>
> -SUBDIRS = src etc scripts doc -DIST_SUBDIRS = config src etc scripts
> doc +SUBDIRS = src scripts doc +DIST_SUBDIRS = config src scripts doc
> EXTRA_DIST = autogen.sh lxc.spec CONTRIBUTING MAINTAINERS ChangeLog
>
> pcdatadir = $(datadir)/pkgconfig diff --git a/configure.ac
> b/configure.ac index 5e4ac46..66f9b1b 100644 --- a/configure.ac +++
> b/configure.ac @@ -25,6 +25,12 @@ fi
>
> AM_CONDITIONAL([ENABLE_DOCBOOK], [test "x$have_docbook" = "xyes"])
>
> +AC_ARG_ENABLE([examples], + [AC_HELP_STRING([--disable-examples],
> [do not install configuration examples])], + [],
> [enable_examples=yes]) + +AM_CONDITIONAL([ENABLE_EXAMPLES], [test
> "x$enable_examples" = "xyes"]) + AS_AC_EXPAND(PREFIX, $prefix)
> AS_AC_EXPAND(LIBDIR, $libdir) AS_AC_EXPAND(BINDIR, $bindir) @@
> -107,13 +113,13 @@ AC_CONFIG_FILES([ src/lxc/lxc-setcap
> src/lxc/lxc-version
>
> - etc/Makefile - etc/lxc-macvlan.conf - etc/lxc-no-netns.conf -
> etc/lxc-empty-netns.conf - etc/lxc-phys.conf - etc/lxc-veth.conf -
> etc/lxc-complex-config + doc/examples/Makefile +
> doc/examples/lxc-macvlan.conf + doc/examples/lxc-no-netns.conf +
> doc/examples/lxc-empty-netns.conf + doc/examples/lxc-phys.conf +
> doc/examples/lxc-veth.conf + doc/examples/lxc-complex-config ])
> AC_CONFIG_COMMANDS([default],[[]],[[]]) AC_OUTPUT diff --git
> a/doc/Makefile.am b/doc/Makefile.am index 9f7bf69..bd96c99 100644 ---
> a/doc/Makefile.am +++ b/doc/Makefile.am @@ -1,3 +1,5 @@ +SUBDIRS =
> examples +DIST_SUBDIRS = examples
>
> EXTRA_DIST = \ FAQ.txt \ diff --git a/doc/examples/Makefile.am
> b/doc/examples/Makefile.am new file mode 100644 index
> 0000000..0490a8b --- /dev/null +++ b/doc/examples/Makefile.am @@ -0,0
> +1,21 @@ +EXTRA_DIST = $(pkgexamples_DATA) + +if ENABLE_EXAMPLES
> +pkgexamplesdir=$(docdir)/examples + +pkgexamples_DATA = \ +
> lxc-macvlan.conf \ + lxc-no-netns.conf \ + lxc-empty-netns.conf \ +
> lxc-phys.conf \ + lxc-veth.conf \ + lxc-complex-config +endif +
> +noinst_DATA = \ + lxc-macvlan.conf.in \ +
lxc-empty-netns.conf.in \
> + lxc-no-netns.conf.in \ + lxc-phys.conf.in \ +
lxc-veth.conf.in \ +
> lxc-complex-config.in diff --git a/doc/examples/lxc-complex-config
> b/doc/examples/lxc-complex-config
Oops, you moved a wrong one :)
Thanks
-- Daniel
More information about the lxc-devel
mailing list