[lxc-devel] RfC: Script hooks
Daniel Lezcano
daniel.lezcano at free.fr
Sun Jan 10 04:42:54 UTC 2010
Michael Tokarev wrote:
> Michael Holzt wrote:
>
>> I believe it would be nice it it was able to hook scripts in the process
>> of container starting and stopping at some points, e.g. before starting
>> or after pivot_root but before giving over to the container etc.
>>
>> Why? For example i would like to run a script which setups ebtables rules
>> restricting the network access of the container. I think there are other
>> uses for such hooks as well.
>>
>> Comments?
>>
>
> It's _definitely_ useful, and in fact most of the ad-hoc things
> already implemented in lxc utils can be easily done in hooks
> instead of the utilities directly. Even the network setup as
> currently done is quite limited. But people says it's slow --
> starting 10000 containers with hooks in use takes about 0.01s
> longer than without hooks....
>
> (Additional) network setup, namespace preparation, variable
> expansion (mount paths for example), and alot of other things -
> that's many different possibilities. For now all that stuff
> gets implemented directly in lxc utilities, using poor substitute
> of tools available thanks to shell and other Unix utilities.
>
You can write a shell script doing all the setup, execing of /sbin/init
and run this script with lxc-start as well.
The configuration done by lxc is the minimal needed to run a small
embedded system, for example an apache server, a HPC job or sshd.
When you spawn thousand of small applications, it's much more faster to
have a single lxc process doing the setup than execing shell script code.
For a system container, all the scripts are located in the rootfs of the
container and ran by the init.d services.
But, I agree that providing a mechanism to invoke shell script is a must
have.
More information about the lxc-devel
mailing list