[lxc-devel] [PATCH] ubuntu: Fix regression in post-process

Wed Dec 4 20:47:55 UTC 2013

On Tue, 3 Dec 2013 23:34:43 -0500
S.Çağlar Onur <caglar at 10ur.org> wrote:

> Hi,
> 
> 
> On Tue, Dec 3, 2013 at 6:53 PM, Stéphane Graber <stgraber at ubuntu.com>
> wrote:
> > On Tue, Dec 03, 2013 at 05:43:47PM -0600, Serge Hallyn wrote:
> >> Quoting S.Çağlar Onur (caglar at 10ur.org):
> >> > Hey Stéphane,
> >> >
> >> > On Wed, Nov 27, 2013 at 7:49 PM, Stéphane Graber
> >> > <stgraber at ubuntu.com> wrote:
> >> > > THe recent reorg of lxc-ubuntu introduced some package
> >> > > installation in post-process but without first disabling
> >> > > service startup.
> >> > >
> >> > > As a result, if the cache is a bit out of date and a ssh
> >> > > update is available, post-process will apply that update (as
> >> > > it does apt-get install ssh vim) which in turn will attemp to
> >> > > start sshd. This will either lead to ssh on the host being
> >> > > restarted or if there's no sshd on the host, will fail the
> >> > > container creation as the postinst will get an error from
> >> > > upstart.
> >> > >
> >> > > The fix is very simply to add the same policy-rc.d trick when
> >> > > running post-process.
> >> >
> >> > I'm not sure whether this is the desired outcome (I haven't
> >> > taken a look at it yet) but it looks like after this change
> >> > "lxc-create -n t -t ubuntu" started to take more time (order of
> >> > couple of minutes) to
> >>
> >> Can you reproduce this at will - revert the change and it's faster,
> >> reapply and it's slower?
> >>
> >> -serge
> >
> > Yes, lxc-ubuntu is now slower when creating a container as an extra
> > apt-get update run and installation of vim was moved from being done
> > when creating the cache to being done at container creation time.
> >
> > That change was caused by the addition of --packages which allows
> > users to specify extra packages that should be available in the
> > container.
> >
> > I believe at least one problem with that is that ssh is apt-get
> > install'ed both at cache creation time and at container creation
> > time. In most cases this would be a no-op, but if the cache is
> > outdated, then ssh and openssh-server will get upgraded at
> > container creation time, creating an extra delay.
> >
> > I think we should just be dropping ssh from the list of packages
> > installed at creation time (since it's already in the original
> > install) and I'd be happy to change the behaviour so that vim is
> > always installed (as it used to be) and that this extra apt-get
> > update + apt-get install run would only happen when extra packages
> > are actually passed on the command line.
> 
> To be honest that would be my preference otherwise creating containers
> in different times will produce different results and it might not be
> a good thing depending on how you look :)
> 
> I believe we should be accepting the cache as the authoritative state
> over what distro provides on its repositories. Users can upgrade their
> containers or install/uninstall packages after the initial creation as
> they wish (or using this new --packages parameter) or could invalidate
> the cache by flushing it.

One of the reasons I didn't do the cache thing in the Oracle template
(for lxc-create it always fetches pkgs from upstream) was so that if
you for example say lxc-create -n ol -t oracle -- -R 6.latest you
actually get a container based on latest. My thought was that if you
want faster "creates", then you can do the create once and then just use
lxc-clone after that. This also avoids any cache coherency problems
that could crop up.

> > --
> > Stéphane Graber
> > Ubuntu developer
> > http://www.ubuntu.com
> 
> 
> 