[lxc-devel] [PATCH] oracle template: improve compatibility with old ol4, 5
Serge Hallyn
serge.hallyn at canonical.com
Tue Feb 5 14:16:06 UTC 2013
Quoting Dwight Engen (dwight.engen at oracle.com):
> Reported-by: Alvaro Miranda <mirandaa at redrock.net.nz>
self-contained, so
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
but question and comment below.
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> ---
> templates/lxc-oracle.in | 63 +++++++++++++++++++++++++++++++++++++------------
> 1 file changed, 48 insertions(+), 15 deletions(-)
>
> diff --git a/templates/lxc-oracle.in b/templates/lxc-oracle.in
> index 95c6275..e6bf489 100644
> --- a/templates/lxc-oracle.in
> +++ b/templates/lxc-oracle.in
> @@ -61,6 +61,7 @@ container_rootfs_configure()
> if [ -e $container_rootfs/etc/selinux/config ]; then
> sed -i 's|SELINUX=enforcing|SELINUX=disabled|' $container_rootfs/etc/selinux/config
> else
> + mkdir -p $container_rootfs/etc/selinux
> echo "SELINUX=disabled" >$container_rootfs/etc/selinux/config
> fi
> sed -i 's|session[ ]*required[ ]*pam_selinux.so[ ]*close|#session required pam_selinux.so close|' $container_rootfs/etc/pam.d/login
> @@ -97,8 +98,10 @@ EOF
> echo "127.0.0.1 localhost $name" > $container_rootfs/etc/hosts
>
> # disable ipv6
> - echo "blacklist ipv6" >>$container_rootfs/etc/modprobe.d/blacklist.conf
> - echo "blacklist net-pf-10" >>$container_rootfs/etc/modprobe.d/blacklist.conf
> + if [ -f $container_rootfs/etc/modprobe.d/blacklist.conf ]; then
Sorry, is this because if that file doesn't exist then it simply won't
be needed? (I would have expected you to create the file if it didn't
exist. modprobe.d isn't exactly a new feature)
...
> @@ -508,6 +530,13 @@ container_rootfs_create()
> echo "Rebuilding rpm database"
> rm -f $container_rootfs/var/lib/rpm/__db*
> chroot $container_rootfs rpm --rebuilddb >/dev/null 2>&1
> +
> + # doing the yum install with release 4 packages causes proc in the
> + # container to be mounted, which makes lxc-destroy fail.
> + if [ $container_release_major = "4" ]; then
> + umount $container_rootfs/proc
> + fi
Another, perhaps more future-proof, way of handling this would be to run
the yum_cmd under lxc-unshare -s MOUNT.
> +
> ) 200>@LOCALSTATEDIR@/lock/subsys/lxc-oracle-$name
> }
>
> @@ -517,10 +546,14 @@ container_release_get()
> container_release_version=`cat $1/etc/oracle-release |awk '/^Oracle/ {print $5}'`
> container_release_major=`echo $container_release_version |awk -F '.' '{print $1}'`
> container_release_minor=`echo $container_release_version |awk -F '.' '{print $2}'`
> - elif grep -q Nahant $1/etc/redhat-release; then
> + elif grep -q "Enterprise Linux AS" $1/etc/redhat-release; then
> container_release_major=`cat $1/etc/redhat-release |awk '{print $7}'`
> container_release_minor=`cat $1/etc/redhat-release |awk '{print $10}' |tr -d ")"`
> container_release_version="$container_release_major.$container_release_minor"
> + elif grep -q "Enterprise Linux Server" $1/etc/redhat-release; then
> + container_release_version=`cat $1/etc/redhat-release |awk '{print $7}'`
> + container_release_major=`echo $container_release_version |awk -F '.' '{print $1}'`
> + container_release_minor=`echo $container_release_version |awk -F '.' '{print $2}'`
> else
> echo "Unable to determine container release version"
> exit 1
> --
> 1.7.12.3
>
>
> ------------------------------------------------------------------------------
> Free Next-Gen Firewall Hardware Offer
> Buy your Sophos next-gen firewall before the end March 2013
> and get the hardware for free! Learn more.
> http://p.sf.net/sfu/sophos-d2d-feb
> _______________________________________________
> Lxc-devel mailing list
> Lxc-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel
More information about the lxc-devel
mailing list