[lxc-devel] [PATCH] [v3] Integrated lxc-net service for rpm based platforms.
Michael H. Warfield
mhw at WittsEnd.com
Mon Aug 25 22:11:31 UTC 2014
On Mon, 2014-08-25 at 17:58 -0400, Michael H. Warfield wrote:
> On Mon, 2014-08-25 at 17:08 -0400, Michael H. Warfield wrote:
> > On Mon, 2014-08-25 at 16:28 -0400, Stéphane Graber wrote:
> > > Just started reviewing this, it looks like you're at least missing
> > > default.conf.lxcbr in your patch.
> > Crap. I did a "commit -a". Should have been a rename.
> > Grrr... Checking it out. Thanks!
> No idea how it happened but it did. In fact, it missed 4 files. Only
> thing I can figure is that I must have dropped the ball along the way of
> regression testing and rolling up the changes in the 3 versions. :-P
Three more missed files. Sigh. Redid the regression test from a
freshly clone repository and it found the remaining missing files and is
now building on my test platforms. Looks like it missed all the
"untracked" files when I did that v3 commit. Sigh...
Regards,
Mike
--
Subject: [PATCH] Catching up a few more missing files...
Three more missed files.
Signed-off-by: Michael H. Warfield <mhw at WittsEnd.com>
---
config/init/common/Makefile.am | 22 ++++++
config/init/common/lxc-containers.in | 145 +++++++++++++++++++++++++++++++++++
config/init/common/lxc-net.in | 134 ++++++++++++++++++++++++++++++++
3 files changed, 301 insertions(+)
create mode 100644 config/init/common/Makefile.am
create mode 100644 config/init/common/lxc-containers.in
create mode 100644 config/init/common/lxc-net.in
diff --git a/config/init/common/Makefile.am b/config/init/common/Makefile.am
new file mode 100644
index 0000000..1255d52
--- /dev/null
+++ b/config/init/common/Makefile.am
@@ -0,0 +1,22 @@
+EXTRA_DIST = lxc-containers.in lxc-net.in
+
+if INIT_SCRIPT_SYSV
+# If we're installing for sysv init, install the helper scripts
+# directly to the rc directory under the appropriate name.
+
+install-sysvinit: lxc-containers lxc-net
+ $(MKDIR_P) $(DESTDIR)$(sysconfdir)/rc.d/init.d
+ $(INSTALL_SCRIPT) lxc-containers $(DESTDIR)$(sysconfdir)/rc.d/init.d/lxc
+ $(INSTALL_SCRIPT) lxc-net $(DESTDIR)$(sysconfdir)/rc.d/init.d/lxc-net
+
+uninstall-sysvinit:
+ rm -f $(DESTDIR)$(sysconfdir)/rc.d/init.d/lxc
+ rm -f $(DESTDIR)$(sysconfdir)/rc.d/init.d/lxc-net
+ rmdir $(DESTDIR)$(sysconfdir)/rc.d/init.d || :
+
+install-data-local: install-sysvinit
+uninstall-local: uninstall-sysvinit
+endif
+
+pkglibexec_SCRIPTS = lxc-containers lxc-net
+
diff --git a/config/init/common/lxc-containers.in b/config/init/common/lxc-containers.in
new file mode 100644
index 0000000..7f32e3c
--- /dev/null
+++ b/config/init/common/lxc-containers.in
@@ -0,0 +1,145 @@
+#!/bin/sh
+#
+# lxc Start/Stop LXC autoboot containers
+#
+# chkconfig: 345 99 01
+# description: Starts/Stops all LXC containers configured for autostart.
+#
+### BEGIN INIT INFO
+# Provides: lxc
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Bring up/down LXC autostart containers
+# Description: Bring up/down LXC autostart containers
+### END INIT INFO
+
+sysconfdir="@SYSCONFDIR@"
+distrosysconfdir="@LXC_DISTRO_SYSCONF@"
+bindir="@BINDIR@"
+localstatedir="@LOCALSTATEDIR@"
+
+# These can be overridden in @LXC_DISTRO_SYSCONF@/lxc
+
+# Autostart containers?
+LXC_AUTO="true"
+
+# BOOTGROUPS - What groups should start on bootup?
+# Comma separated list of groups.
+# Leading comma, trailing comma or embedded double
+# comma indicates when the NULL group should be run.
+# Example (default): boot the onboot group first then the NULL group
+BOOTGROUPS="onboot,"
+
+# SHUTDOWNDELAY - Wait time for a container to shut down.
+# Container shutdown can result in lengthy system
+# shutdown times. Even 5 seconds per container can be
+# too long.
+SHUTDOWNDELAY=5
+
+# OPTIONS can be used for anything else.
+# If you want to boot everything then
+# options can be "-a" or "-a -A".
+OPTIONS=
+
+# STOPOPTS are stop options. The can be used for anything else to stop.
+# If you want to kill containers fast, use -k
+STOPOPTS="-a -A -s"
+
+# Source function library.
+test ! -r "$sysconfdir"/rc.d/init.d/functions ||
+ . "$sysconfdir"/rc.d/init.d/functions
+
+# provide action() fallback
+if ! type action >/dev/null 2>&1; then
+ # Real basic fallback for sysvinit "action" verbage.
+ action() {
+ echo -n "$1 "
+ "$@" && echo "OK" || echo "Failed"
+ }
+fi
+
+if [ -d "$localstatedir"/lock/subsys ]
+then
+ lockdir="$localstatedir"/lock/subsys
+else
+ lockdir="$localstatedir"/lock
+fi
+
+# Source any configurable options
+[ ! -f "$distrosysconfdir"/lxc ] || . "$distrosysconfdir"/lxc
+
+# Check for needed utility program
+[ -x "$bindir"/lxc-autostart ] || exit 1
+
+# If libvirtd is providing the bridge, it might not be
+# immediately available, so wait a bit for it before starting
+# up the containers or else any that use the bridge will fail
+# to start
+wait_for_bridge()
+{
+ [ -f "$sysconfdir"/lxc/default.conf ] || { return 0; }
+
+ which ifconfig >/dev/null 2>&1
+ if [ $? = 0 ]; then
+ cmd="ifconfig -a"
+ else
+ which ip >/dev/null 2>&1
+ if [ $? = 0 ]; then
+ cmd="ip link list"
+ fi
+ fi
+ [ -n cmd ] || { return 0; }
+
+ BRNAME=`grep '^[ ]*lxc.network.link' "$sysconfdir"/lxc/default.conf | sed 's/^.*=[ ]*//'`
+ if [ -z "$BRNAME" ]; then
+ return 0
+ fi
+
+ for try in `seq 1 30`; do
+ eval $cmd |grep "^$BRNAME" >/dev/null 2>&1
+ if [ $? = 0 ]; then
+ return
+ fi
+ sleep 1
+ done
+}
+
+# See how we were called.
+case "$1" in
+ start)
+ [ "x$LXC_AUTO" = "xtrue" ] || { exit 0; }
+
+ [ ! -f "$lockdir"/lxc ] || { exit 0; }
+
+ if [ -n "$BOOTGROUPS" ]
+ then
+ BOOTGROUPS="-g $BOOTGROUPS"
+ fi
+
+ # Start containers
+ wait_for_bridge
+ # Start autoboot containers first then the NULL group "onboot,".
+ action $"Starting LXC autoboot containers: " "$bindir"/lxc-autostart $OPTIONS $BOOTGROUPS
+ touch "$lockdir"/lxc
+ ;;
+ stop)
+ if [ -n "$SHUTDOWNDELAY" ]
+ then
+ SHUTDOWNDELAY="-t $SHUTDOWNDELAY"
+ fi
+
+ # The stop is serialized and can take excessive time. We need to avoid
+ # delaying the system shutdown / reboot as much as we can since it's not
+ # parallelized... Even 5 second timout may be too long.
+ action $"Stopping LXC containers: " "$bindir"/lxc-autostart $STOPOPTS $SHUTDOWNDELAY
+ rm -f "$lockdir"/lxc
+ ;;
+ restart|reload|force-reload)
+ $0 stop
+ $0 start
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|restart|reload|force-reload}"
+ exit 2
+esac
+exit $?
diff --git a/config/init/common/lxc-net.in b/config/init/common/lxc-net.in
new file mode 100644
index 0000000..6b81d13
--- /dev/null
+++ b/config/init/common/lxc-net.in
@@ -0,0 +1,134 @@
+#!/bin/sh -
+#
+# lxc-net Start/Stop LXC Networking
+#
+# chkconfig: 345 99 01
+# description: Starts/Stops LXC Network Bridge
+#
+### BEGIN INIT INFO
+# Provides: lxc-net
+# Default-Start: 2 3 4 5
+# Default-Stop: 1
+# Short-Description: Bring up/down LXC Network Bridge
+# Description: Bring up/down LXC Network Bridge
+### END INIT INFO
+
+distrosysconfdir="@LXC_DISTRO_SYSCONF@"
+localstatedir="@LOCALSTATEDIR@"
+varrun="@RUNTIME_PATH@/lxc"
+
+# These can be overridden in @LXC_DISTRO_SYSCONF@/lxc
+# or in @LXC_DISTRO_SYSCONF@/lxc-net
+
+USE_LXC_BRIDGE="true"
+LXC_BRIDGE="lxcbr0"
+LXC_ADDR="10.0.3.1"
+LXC_NETMASK="255.255.255.0"
+LXC_NETWORK="10.0.3.0/24"
+LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
+LXC_DHCP_MAX="253"
+LXC_DHCP_CONFILE=""
+LXC_DOMAIN=""
+
+[ ! -f $distrosysconfdir/lxc ] || . $distrosysconfdir/lxc
+
+if [ -d "$localstatedir"/lock/subsys ]
+then
+ lockdir="$localstatedir"/lock/subsys
+else
+ lockdir="$localstatedir"/lock
+fi
+
+start() {
+ [ ! -f "${lockdir}"/lxc-net ] || { exit 0; }
+
+ [ "x$USE_LXC_BRIDGE" = "xtrue" ] || { exit 0; }
+
+ use_iptables_lock="-w"
+ iptables -w -L -n > /dev/null 2>&1 || use_iptables_lock=""
+ cleanup() {
+ # dnsmasq failed to start, clean up the bridge
+ iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
+ iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
+ iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
+ iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
+ iptables $use_iptables_lock -D FORWARD -i ${LXC_BRIDGE} -j ACCEPT
+ iptables $use_iptables_lock -D FORWARD -o ${LXC_BRIDGE} -j ACCEPT
+ iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true
+ iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
+ ifconfig ${LXC_BRIDGE} down || true
+ brctl delbr ${LXC_BRIDGE} || true
+ }
+
+ if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
+ exit 0;
+ fi
+
+ # set up the lxc network
+ brctl addbr ${LXC_BRIDGE} || { echo "Missing bridge support in kernel"; stop; exit 0; }
+ echo 1 > /proc/sys/net/ipv4/ip_forward
+ mkdir -p "${varrun}"
+ ifconfig ${LXC_BRIDGE} ${LXC_ADDR} netmask ${LXC_NETMASK} up
+ iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
+ iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
+ iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
+ iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
+ iptables $use_iptables_lock -I FORWARD -i ${LXC_BRIDGE} -j ACCEPT
+ iptables $use_iptables_lock -I FORWARD -o ${LXC_BRIDGE} -j ACCEPT
+ iptables $use_iptables_lock -t nat -A POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE
+ iptables $use_iptables_lock -t mangle -A POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
+
+ LXC_DOMAIN_ARG=""
+ if [ -n "$LXC_DOMAIN" ]; then
+ LXC_DOMAIN_ARG="-s $LXC_DOMAIN -S /$LXC_DOMAIN/"
+ fi
+ dnsmasq $LXC_DOMAIN_ARG -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file="${varrun}"/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup
+ touch "${varrun}"/network_up
+ touch "${lockdir}"/lxc-net
+}
+
+stop() {
+ [ "x$USE_LXC_BRIDGE" = "xtrue" ] || { exit 0; }
+
+ [ -f "${varrun}/network_up" ] || { exit 0; }
+ # if $LXC_BRIDGE has attached interfaces, don't shut it down
+ ls /sys/class/net/${LXC_BRIDGE}/brif/* > /dev/null 2>&1 && exit 0;
+
+ if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
+ use_iptables_lock="-w"
+ iptables -w -L -n > /dev/null 2>&1 || use_iptables_lock=""
+ ifconfig ${LXC_BRIDGE} down
+ iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
+ iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
+ iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
+ iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
+ iptables $use_iptables_lock -D FORWARD -i ${LXC_BRIDGE} -j ACCEPT
+ iptables $use_iptables_lock -D FORWARD -o ${LXC_BRIDGE} -j ACCEPT
+ iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true
+ iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
+ pid=`cat "${varrun}"/dnsmasq.pid 2>/dev/null` && kill -9 $pid || true
+ rm -f "${varrun}"/dnsmasq.pid
+ brctl delbr ${LXC_BRIDGE}
+ fi
+ rm -f "${varrun}"/network_up
+ rm -f "${lockdir}"/lxc-net
+}
+
+# See how we were called.
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ restart|reload|force-reload)
+ $0 stop
+ $0 start
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|restart|reload|force-reload}"
+ exit 2
+esac
+exit $?
+
--
1.9.3
--
Michael H. Warfield (AI4NB) | (770) 978-7061 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 465 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140825/51cab5df/attachment-0001.sig>
More information about the lxc-devel
mailing list