[lxc-devel] [PATCH] ubuntu: Fix regression in post-process

S.Çağlar Onur caglar at 10ur.org
Wed Dec 4 21:05:10 UTC 2013 

Hi Dwight,

On Wed, Dec 4, 2013 at 3:47 PM, Dwight Engen <dwight.engen at oracle.com> wrote:
> On Tue, 3 Dec 2013 23:34:43 -0500
> S.Çağlar Onur <caglar at 10ur.org> wrote:
>
>> Hi,
>>
>>
>> On Tue, Dec 3, 2013 at 6:53 PM, Stéphane Graber <stgraber at ubuntu.com>
>> wrote:
>> > On Tue, Dec 03, 2013 at 05:43:47PM -0600, Serge Hallyn wrote:
>> >> Quoting S.Çağlar Onur (caglar at 10ur.org):
>> >> > Hey Stéphane,
>> >> >
>> >> > On Wed, Nov 27, 2013 at 7:49 PM, Stéphane Graber
>> >> > <stgraber at ubuntu.com> wrote:
>> >> > > THe recent reorg of lxc-ubuntu introduced some package
>> >> > > installation in post-process but without first disabling
>> >> > > service startup.
>> >> > >
>> >> > > As a result, if the cache is a bit out of date and a ssh
>> >> > > update is available, post-process will apply that update (as
>> >> > > it does apt-get install ssh vim) which in turn will attemp to
>> >> > > start sshd. This will either lead to ssh on the host being
>> >> > > restarted or if there's no sshd on the host, will fail the
>> >> > > container creation as the postinst will get an error from
>> >> > > upstart.
>> >> > >
>> >> > > The fix is very simply to add the same policy-rc.d trick when
>> >> > > running post-process.
>> >> >
>> >> > I'm not sure whether this is the desired outcome (I haven't
>> >> > taken a look at it yet) but it looks like after this change
>> >> > "lxc-create -n t -t ubuntu" started to take more time (order of
>> >> > couple of minutes) to
>> >>
>> >> Can you reproduce this at will - revert the change and it's faster,
>> >> reapply and it's slower?
>> >>
>> >> -serge
>> >
>> > Yes, lxc-ubuntu is now slower when creating a container as an extra
>> > apt-get update run and installation of vim was moved from being done
>> > when creating the cache to being done at container creation time.
>> >
>> > That change was caused by the addition of --packages which allows
>> > users to specify extra packages that should be available in the
>> > container.
>> >
>> > I believe at least one problem with that is that ssh is apt-get
>> > install'ed both at cache creation time and at container creation
>> > time. In most cases this would be a no-op, but if the cache is
>> > outdated, then ssh and openssh-server will get upgraded at
>> > container creation time, creating an extra delay.
>> >
>> > I think we should just be dropping ssh from the list of packages
>> > installed at creation time (since it's already in the original
>> > install) and I'd be happy to change the behaviour so that vim is
>> > always installed (as it used to be) and that this extra apt-get
>> > update + apt-get install run would only happen when extra packages
>> > are actually passed on the command line.
>>
>> To be honest that would be my preference otherwise creating containers
>> in different times will produce different results and it might not be
>> a good thing depending on how you look :)
>>
>> I believe we should be accepting the cache as the authoritative state
>> over what distro provides on its repositories. Users can upgrade their
>> containers or install/uninstall packages after the initial creation as
>> they wish (or using this new --packages parameter) or could invalidate
>> the cache by flushing it.
>
> One of the reasons I didn't do the cache thing in the Oracle template
> (for lxc-create it always fetches pkgs from upstream) was so that if
> you for example say lxc-create -n ol -t oracle -- -R 6.latest you
> actually get a container based on latest. My thought was that if you
> want faster "creates", then you can do the create once and then just use
> lxc-clone after that. This also avoids any cache coherency problems
> that could crop up.

I understand this desire but then question becomes why do we bother to
keep a cache if we are going to download stuff from internet and loose
that time? IMHO only a freshly created cache can help avoid
downloading stuff from internet in this case. If your cache is let's
say Oracle 6.3 and latest points to 6.5 then I bet you will end up
downloading same if not more stuff from the internet while trying to
create the container. And if we think cloning is the way to go then
there is no need to do caching at all. Of course this is just a gut
feeling and I have no empirical data to prove that.

And just to be clear, I'm not opposing this behavior but just saying
that I was expecting create to be an disconnected operation as long as
there is a cache on FS backing that distro/release/arch.

>> > --
>> > Stéphane Graber
>> > Ubuntu developer
>> > http://www.ubuntu.com

Cheers,
-- 
S.Çağlar Onur <caglar at 10ur.org>

More information about the lxc-devel mailing list