[lxc-devel] RfC: Script hooks

Daniel Lezcano daniel.lezcano at free.fr
Sun Jan 10 04:42:54 UTC 2010


Michael Tokarev wrote:
> Michael Holzt wrote:
>   
>> I believe it would be nice it it was able to hook scripts in the process
>> of container starting and stopping at some points, e.g. before starting
>> or after pivot_root but before giving over to the container etc.
>>
>> Why? For example i would like to run a script which setups ebtables rules
>> restricting the network access of the container. I think there are other
>> uses for such hooks as well.
>>
>> Comments?
>>     
>
> It's _definitely_ useful, and in fact most of the ad-hoc things
> already implemented in lxc utils can be easily done in hooks
> instead of the utilities directly.  Even the network setup as
> currently done is quite limited.  But people says it's slow --
> starting 10000 containers with hooks in use takes about 0.01s
> longer than without hooks....
>
> (Additional) network setup, namespace preparation, variable
> expansion (mount paths for example), and alot of other things -
> that's many different possibilities.  For now all that stuff
> gets implemented directly in lxc utilities, using poor substitute
> of tools available thanks to shell and other Unix utilities.
>   
You can write a shell script doing all the setup,  execing of /sbin/init 
and run this script with lxc-start as well.
The configuration done by lxc is the minimal needed to run a small 
embedded system, for example an apache server, a HPC job or sshd.
When you spawn thousand of small applications, it's much more faster to 
have a single lxc process doing the setup than execing shell script code.
For a system container, all the scripts are located in the rootfs of the 
container and ran by the init.d services.

But, I agree that providing a mechanism to invoke shell script is a must 
have.




More information about the lxc-devel mailing list