[lxc-devel] [PATCH] oracle template: improve compatibility with old ol4, 5

Dwight Engen dwight.engen at oracle.com
Tue Feb 5 16:34:03 UTC 2013 

On Tue, 5 Feb 2013 08:16:06 -0600
Serge Hallyn <serge.hallyn at canonical.com> wrote:

> Quoting Dwight Engen (dwight.engen at oracle.com):
> > Reported-by: Alvaro Miranda <mirandaa at redrock.net.nz>
> 
> self-contained, so
> 
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
> 
> but question and comment below.
> 
> > Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> > ---
> >  templates/lxc-oracle.in | 63
> > +++++++++++++++++++++++++++++++++++++------------ 1 file changed,
> > 48 insertions(+), 15 deletions(-)
> > 
> > diff --git a/templates/lxc-oracle.in b/templates/lxc-oracle.in
> > index 95c6275..e6bf489 100644
> > --- a/templates/lxc-oracle.in
> > +++ b/templates/lxc-oracle.in
> > @@ -61,6 +61,7 @@ container_rootfs_configure()
> >      if [ -e $container_rootfs/etc/selinux/config ]; then
> >          sed -i 's|SELINUX=enforcing|SELINUX=disabled|'
> > $container_rootfs/etc/selinux/config else
> > +	mkdir -p $container_rootfs/etc/selinux
> >          echo "SELINUX=disabled"
> > >$container_rootfs/etc/selinux/config fi
> >      sed -i
> > 's|session[ ]*required[ ]*pam_selinux.so[ ]*close|#session required
> > pam_selinux.so close|' $container_rootfs/etc/pam.d/login @@ -97,8
> > +98,10 @@ EOF echo "127.0.0.1 localhost $name" >
> > $container_rootfs/etc/hosts # disable ipv6
> > -    echo "blacklist ipv6"
> > >>$container_rootfs/etc/modprobe.d/blacklist.conf
> > -    echo "blacklist net-pf-10"
> > >>$container_rootfs/etc/modprobe.d/blacklist.conf
> > +    if [ -f $container_rootfs/etc/modprobe.d/blacklist.conf ]; then
> 
> Sorry, is this because if that file doesn't exist then it simply won't
> be needed?  (I would have expected you to create the file if it didn't
> exist.  modprobe.d isn't exactly a new feature)

This file doesn't exist on ol4, but then ol4 isn't trying to load the
modules for ipv6 anyways so no need to try to stop it. Actually I
don't think this section is needed at all any more since the
lxc.cap.drop = sys_module change, so let me look into removing it.

> ...
> > @@ -508,6 +530,13 @@ container_rootfs_create()
> >          echo "Rebuilding rpm database"
> >          rm -f $container_rootfs/var/lib/rpm/__db*
> >          chroot $container_rootfs rpm --rebuilddb >/dev/null 2>&1
> > +
> > +        # doing the yum install with release 4 packages causes
> > proc in the
> > +        # container to be mounted, which makes lxc-destroy fail.
> > +        if [ $container_release_major = "4" ]; then
> > +            umount $container_rootfs/proc
> > +        fi
> 
> Another, perhaps more future-proof, way of handling this would be to
> run the yum_cmd under lxc-unshare -s MOUNT.

Ahh, I like that idea as it would catch any mounts done during the
install. Thanks for the suggestion, let me try that out.

> > +
> >      ) 200>@LOCALSTATEDIR@/lock/subsys/lxc-oracle-$name
> >  }
> >  
> > @@ -517,10 +546,14 @@ container_release_get()
> >          container_release_version=`cat $1/etc/oracle-release |awk
> > '/^Oracle/ {print $5}'` container_release_major=`echo
> > $container_release_version |awk -F '.' '{print $1}'`
> > container_release_minor=`echo $container_release_version |awk -F
> > '.' '{print $2}'`
> > -    elif grep -q Nahant $1/etc/redhat-release; then
> > +    elif grep -q "Enterprise Linux AS" $1/etc/redhat-release; then
> >          container_release_major=`cat $1/etc/redhat-release |awk
> > '{print $7}'` container_release_minor=`cat $1/etc/redhat-release
> > |awk '{print $10}' |tr -d ")"`
> > container_release_version="$container_release_major.$container_release_minor"
> > +    elif grep -q "Enterprise Linux Server" $1/etc/redhat-release;
> > then
> > +        container_release_version=`cat $1/etc/redhat-release |awk
> > '{print $7}'`
> > +        container_release_major=`echo $container_release_version
> > |awk -F '.' '{print $1}'`
> > +        container_release_minor=`echo $container_release_version
> > |awk -F '.' '{print $2}'` else
> >          echo "Unable to determine container release version"
> >          exit 1
> > -- 
> > 1.7.12.3
> > 
> > 
> > ------------------------------------------------------------------------------
> > Free Next-Gen Firewall Hardware Offer
> > Buy your Sophos next-gen firewall before the end March 2013 
> > and get the hardware for free! Learn more.
> > http://p.sf.net/sfu/sophos-d2d-feb
> > _______________________________________________
> > Lxc-devel mailing list
> > Lxc-devel at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/lxc-devel

More information about the lxc-devel mailing list