[lxc-devel] [PATCH] lxc-oracle: update to support OL7

Dwight Engen dwight.engen at oracle.com
Tue Apr 8 20:28:54 UTC 2014 

Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
---
 config/templates/oracle.common.conf.in |  2 +-
 templates/lxc-oracle.in                | 93 +++++++++++++++++++++++++---------
 2 files changed, 70 insertions(+), 25 deletions(-)

diff --git a/config/templates/oracle.common.conf.in b/config/templates/oracle.common.conf.in
index 96b266c..ddcdc88 100644
--- a/config/templates/oracle.common.conf.in
+++ b/config/templates/oracle.common.conf.in
@@ -26,7 +26,7 @@ lxc.hook.clone = @LXCHOOKDIR@/clonehostname
 # lxc.cap.drop = audit_control    # breaks sshd (set_loginuid failed)
 # lxc.cap.drop = audit_write
 #
-lxc.cap.drop = mac_admin mac_override setfcap setpcap
+lxc.cap.drop = mac_admin mac_override
 lxc.cap.drop = sys_module sys_nice sys_pacct
 lxc.cap.drop = sys_rawio sys_time
 
diff --git a/templates/lxc-oracle.in b/templates/lxc-oracle.in
index 70d90e5..773409d 100644
--- a/templates/lxc-oracle.in
+++ b/templates/lxc-oracle.in
@@ -9,7 +9,7 @@
 # Modified for Oracle Linux 5
 # Wim Coekaerts <wim.coekaerts at oracle.com>
 #
-# Modified for Oracle Linux 6, combined OL4,5,6 into one template script
+# Modified for Oracle Linux 6,7 combined OL4,5,6 into one template script
 # Dwight Engen <dwight.engen at oracle.com>
 #
 # This library is free software; you can redistribute it and/or
@@ -84,7 +84,7 @@ container_rootfs_patch()
             mkdir -p $container_rootfs/usr/lib/yum-plugins
             cp @DATADIR@/lxc/lxc-patch.py $container_rootfs/usr/lib/yum-plugins
         fi
-        if [ $container_release_major = "6" ]; then
+        if [ $container_release_major -ge "6" ]; then
             mkdir -p $container_rootfs/usr/share/yum-plugins
             cp @DATADIR@/lxc/lxc-patch.py $container_rootfs/usr/share/yum-plugins
         fi
@@ -92,7 +92,7 @@ container_rootfs_patch()
         cat <<EOF > $container_rootfs/etc/yum/pluginconf.d/lxc-patch.conf
 [main]
 enabled=1
-packages=initscripts,iptables,selinux-policy,readahead,udev,util-linux-ng
+packages=dbus,initscripts,iptables,openssh-server,setup,selinux-policy,readahead,udev,util-linux,util-linux-ng
 EOF
     fi
 
@@ -140,6 +140,40 @@ EOF
         ln -s /bin/false $container_rootfs/usr/sbin/selinuxenabled
     fi
 
+    # ensure /dev/ptmx refers to the newinstance devpts of the container, or
+    # pty's will get crossed up with the hosts (https://lkml.org/lkml/2012/1/23/512)
+    rm -f $container_rootfs/dev/ptmx
+    ln -s pts/ptmx $container_rootfs/dev/ptmx
+
+    # OL7 has systemd, no rc.sysinit
+    if [ $container_release_major = "7" ]; then
+        # from mhw in the fedora template: We do need to disable the
+        # "ConditionalPathExists=/dev/tty0" line or no gettys are started on
+        # the ttys in the container. Lets do it in an override copy of the
+        # service so it can still pass rpm verifies and not be automatically
+        # updated by a new systemd version.
+        sed -e 's/^ConditionPathExists=/#LXC ConditionPathExists=/' \
+            < $container_rootfs/usr/lib/systemd/system/getty\@.service \
+            > $container_rootfs/etc/systemd/system/getty\@.service
+        # Setup getty service on the 4 ttys we are going to allow in the
+        # default config.  Number should match lxc.tty
+        ( cd $container_rootfs/etc/systemd/system/getty.target.wants
+            for i in 1 2 3 4 ; do ln -sf ../getty\@.service getty at tty${i}.service; done )
+
+        # disable some systemd services, set default boot, sigpwr target
+        rm -f $container_rootfs/usr/lib/systemd/system/sysinit.target.wants/kmod-static-nodes.service
+        chroot $container_rootfs systemctl -q disable graphical.target
+        chroot $container_rootfs systemctl -q enable multi-user.target
+        if [ ! -e $container_rootfs/etc/systemd/system/sigpwr.target ]; then
+            chroot $container_rootfs ln -s /usr/lib/systemd/system/halt.target /etc/systemd/system/sigpwr.target
+        fi
+
+        # systemd in userns won't be able to set /proc/self/oom_score_adj which
+        # prevents the dbus service from starting
+        sed -i 's|^OOMScoreAdjust|#LXC OOMScoreAdjust|' $container_rootfs/usr/lib/systemd/system/dbus.service
+        return
+    fi
+
     # silence error in checking for selinux
     sed -i 's|cat /proc/self/attr/current|cat /proc/self/attr/current 2>/dev/null|' $container_rootfs/etc/rc.sysinit
     sed -i 's|cat /proc/self/attr/current|cat /proc/self/attr/current 2>/dev/null|' $container_rootfs/etc/rc.d/rc.sysinit
@@ -253,6 +287,20 @@ EOF
     # don't try to unmount swap
     sed -i 's|\[ -f /proc/swaps \]|# LXC [ -f /proc/swaps ]|' $container_rootfs/etc/init.d/halt
 
+    # sem_open(3) checks that /dev/shm is SHMFS_SUPER_MAGIC, so make sure to
+    # mount /dev/shm (normally done by dracut initrd) as tmpfs
+    if [ $container_release_major = "4" -o $container_release_major = "5" ]; then
+        grep -q "mount -t tmpfs tmpfs /dev/shm" $container_rootfs/etc/rc.sysinit
+        if [ $? -eq 1 ]; then
+            echo "mount -t tmpfs tmpfs /dev/shm" >>$container_rootfs/etc/rc.sysinit
+            echo "mount -t tmpfs tmpfs /dev/shm" >>$container_rootfs/etc/rc.d/rc.sysinit
+        fi
+    fi
+    if [ $container_release_major = "6" ]; then
+        sed -i 's|mount -n -o remount /dev/shm >/dev/null 2>&1$|mount -t tmpfs tmpfs /dev/shm # LXC|' $container_rootfs/etc/rc.sysinit
+        sed -i 's|mount -n -o remount /dev/shm >/dev/null 2>&1$|mount -t tmpfs tmpfs /dev/shm # LXC|' $container_rootfs/etc/rc.d/rc.sysinit
+    fi
+
     # there might be other services that are useless but the below set is a good start
     # some of these might not exist in the image, so we silence chkconfig complaining
     # about the service file not being found
@@ -269,11 +317,6 @@ EOF
     do
         chroot $container_rootfs chkconfig 2>/dev/null $service on
     done
-
-    # ensure /dev/ptmx refers to the newinstance devpts of the container, or
-    # pty's will get crossed up with the hosts (https://lkml.org/lkml/2012/1/23/512)
-    rm -f $container_rootfs/dev/ptmx
-    ln -s pts/ptmx $container_rootfs/dev/ptmx
 }
 
 container_rootfs_configure()
@@ -307,19 +350,7 @@ EOF
     touch $container_rootfs/etc/mtab
 
     # don't put devpts,proc, nor sysfs in here, it will already be mounted for us by lxc/libvirt
-    cat <<EOF > $container_rootfs/etc/fstab
-EOF
-
-    # sem_open(3) checks that /dev/shm is SHMFS_SUPER_MAGIC, so make sure to mount /dev/shm (normally done by dracut initrd) as tmpfs
-    if [ $container_release_major = "4" -o $container_release_major = "5" ]; then
-        echo "mount -t tmpfs tmpfs /dev/shm" >>$container_rootfs/etc/rc.sysinit
-        echo "mount -t tmpfs tmpfs /dev/shm" >>$container_rootfs/etc/rc.d/rc.sysinit
-    fi
-
-    if [ $container_release_major = "6" ]; then
-        sed -i 's|mount -n -o remount /dev/shm >/dev/null 2>&1$|mount -t tmpfs tmpfs /dev/shm # LXC|' $container_rootfs/etc/rc.sysinit
-        sed -i 's|mount -n -o remount /dev/shm >/dev/null 2>&1$|mount -t tmpfs tmpfs /dev/shm # LXC|' $container_rootfs/etc/rc.d/rc.sysinit
-    fi
+    echo "" >$container_rootfs/etc/fstab
 
     # setup console and tty[1-4] for login. note that /dev/console and
     # /dev/tty[1-4] will be symlinks to the ptys /dev/lxc/console and
@@ -373,7 +404,7 @@ EOF
     # /com/ubuntu/upstart socket.
     if [ $container_release_major = "4" -o $container_release_major = "5" ]; then
         sed -i 's|pf::powerfail:/sbin/shutdown -f -h +2 "Power Failure; |pf::powerfail:/sbin/shutdown -f -h now "|' $container_rootfs/etc/inittab
-    else
+    elif [ $container_release_major = "6" ]; then
         cat <<EOF > $container_rootfs/etc/init/power-status-changed.conf
 # power-status-changed - used to cleanly shut down the container
 #
@@ -405,7 +436,6 @@ EOF
     mkdir -m 755  $dev_path/pts
     mkdir -m 1777 $dev_path/shm
     mknod -m 666  $dev_path/tty c 5 0
-    mknod -m 666  $dev_path/tty0 c 4 0
     mknod -m 666  $dev_path/tty1 c 4 1
     mknod -m 666  $dev_path/tty2 c 4 2
     mknod -m 666  $dev_path/tty3 c 4 3
@@ -460,6 +490,17 @@ EOF
         echo "lxc.cap.drop = sys_resource" >>$cfg_dir/config
     fi
 
+    # systemd services like logind and journald need these
+    if [ $container_release_major != "7" ]; then
+        echo "lxc.cap.drop = setfcap setpcap" >>$cfg_dir/config
+    fi
+
+    # don't create kmsg symlink as it causes journald to use 100% cpu
+    if [ $container_release_major = "7" ]; then
+        echo "lxc.autodev = 1" >>$cfg_dir/config
+        echo "lxc.kmsg = 0" >>$cfg_dir/config
+    fi
+
     echo "# Networking" >>$cfg_dir/config
     # see if the network settings were already specified
     lxc_network_type=`grep '^lxc.network.type' $cfg_dir/config | awk -F'[= \t]+' '{ print $2 }'`
@@ -577,7 +618,7 @@ container_rootfs_create()
             mkdir -p $container_rootfs/etc/yum.repos.d
             wget -q $yum_url/$repofile -O $container_rootfs/etc/yum.repos.d/$repofile
             if [ $? -ne 0 ]; then
-                die "Failed to download repo file $yum_url/$repofile"
+                die "Unable to download repo file $yum_url/$repofile, release unavailable"
             fi
 
             # yum will take $basearch from host, so force the arch we want
@@ -691,6 +732,9 @@ container_rootfs_create()
         chroot $container_rootfs rpm --rebuilddb >/dev/null 2>&1
 
     ) 9>@LOCALSTATEDIR@/lock/subsys/lxc-oracle-$name
+    if [ $? -ne 0 ]; then
+        exit 1
+    fi
 }
 
 container_release_get()
@@ -728,6 +772,7 @@ usage()
   -h|--help
 
 Release is of the format "major.minor", for example "5.8", "6.3", or "6.latest"
+This template supports Oracle Linux releases 4.6 - 7.0
 EOF
     return 0
 }
-- 
1.8.5.3

More information about the lxc-devel mailing list