[lxc-devel] [PATCH] [v3] Integrated lxc-net service for rpm based platforms.
Michael H. Warfield
mhw at WittsEnd.com
Tue Aug 26 16:56:43 UTC 2014
On Tue, 2014-08-26 at 11:58 -0400, Stéphane Graber wrote:
> I'm doing some testing and iterating on your patch some more to try and
> get this to work and be policy compliant for Debian systems too.
> The current work is happening at:
> https://github.com/stgraber/lxc
> I'll send an updated patch once I'm satisfied by the result.
Excellent. Let me know where there any discrepancies with the Debian
policy stuff too, so I can file that for future reference. I suspect
there's going to be some more evolution in this area (including
refactoring the Upstart lxc.conf code ala the lxc-net.conf code).
The Debian / Ubuntu build areas are some of the ones I'm not equipped to
test.
ITMT, I'm working on some much postponed template work.
Regards,
Mike
> On Mon, Aug 25, 2014 at 03:00:46PM -0400, Michael H. Warfield wrote:
> > Version 3 Integration of lxc-net service for rpm based platforms.
> >
> > Initial version is deprecated and obsoleted by this version.
> >
> > Version 2 was discussed in private E-Mail
> >
> > Patch is against current master.
> >
> > This includes some patches for the SUSE / OpenSUSE platforms.
> >
> > Regards,
> > Mike
> >
> > --
> > [v3] Integrated lxc-net service for rpm based platforms.
> >
> > This fixes build and run problems on rpm based platforms (CentOS,
> > Fedora, Oracle, SUSE) running with the systemd init following the
> > refactoring of the Ubuntu lxc networking logic into a systemd service.
> >
> > Added lxc-net.in based on src/lxc/lxc.net and lxc.in for sysvinit
> > and systemd init systems in parallel with lxc.in.
> >
> > Added autoconfigure variable for distro specific sysconfigdir and
> > implemented in both lxc.in and lxc-net.in.
> >
> > Fixed configure.ac for "OpenSUSE project" return from lsb_release.
> >
> > Renamed config/etc/default.conf.ubuntu to config/etc/default.conf.lxcbr
> > and set that as the default for Ubuntu, Fedora, CentOS, Oracle, SUSE,
> > and OpenSUSE*. Only other things left are "unknown".
> >
> > Updated lxc-net.service.in for new path to lxc-net script in
> > LIBEXECDIR instead of DATADIR.
> >
> > Renamed config/init/sysvinit to config/init/common reflecting the
> > fact that the code in that directory is common to all three init
> > paradigms.
> >
> > Removed src/lxc/lxc.net as it has been replaced by
> > config/init/common/lxc-net.in installed in /usr/libexec/lxc.
> >
> > Changed name of lxc-autostart-helper.in to lxc-containers.in
> >
> > Added the "lxc-net" sysvinit script for sysvinit rpm packaging
> > (CentOS 6, Oracle 6, etc).
> >
> > Added autogeneration of /etc/sysconfig/lxc-net for rpm based
> > distributions into the lxc.spec file.
> >
> > Added creation of lxc-dnsmasq system user.
> >
> > Fixed fallbacks for "action" init script verb and lock file
> > locations.
> >
> > Fixed potentially uninitialized variable in lxc_user_nic.c which
> > was causing builds to fail on CentOS and Oracle with warnings
> > treated as errors.
> >
> > Fixed lxc.spec.in for several SUSE build gotcha's.
> >
> > Signed-off-by: Michael H. Warfield <mhw at WittsEnd.com>
> > ---
> > config/Makefile.am | 2 +-
> > config/etc/Makefile.am | 2 +-
> > config/etc/default.conf.ubuntu | 4 -
> > config/init/Makefile.am | 2 +-
> > config/init/systemd/Makefile.am | 14 +---
> > config/init/systemd/lxc-net.service.in | 4 +-
> > config/init/systemd/lxc.service.in | 4 +-
> > config/init/sysvinit/Makefile.am | 14 ----
> > config/init/sysvinit/lxc.in | 131 ---------------------------------
> > config/init/upstart/lxc-net.conf | 4 +-
> > configure.ac | 19 +++--
> > lxc.spec.in | 110 ++++++++++++++++++++++++++-
> > src/lxc/Makefile.am | 4 +-
> > src/lxc/lxc.net | 103 --------------------------
> > src/lxc/lxc_user_nic.c | 2 +-
> > 15 files changed, 134 insertions(+), 285 deletions(-)
> > delete mode 100644 config/etc/default.conf.ubuntu
> > delete mode 100644 config/init/sysvinit/Makefile.am
> > delete mode 100644 config/init/sysvinit/lxc.in
> > delete mode 100755 src/lxc/lxc.net
> >
> > diff --git a/config/Makefile.am b/config/Makefile.am
> > index 37fd24b..54f8859 100644
> > --- a/config/Makefile.am
> > +++ b/config/Makefile.am
> > @@ -1 +1 @@
> > -SUBDIRS = apparmor bash etc init selinux templates yum
> > +SUBDIRS = apparmor bash etc init selinux templates yum sysconfig
> > diff --git a/config/etc/Makefile.am b/config/etc/Makefile.am
> > index 03193da..fa8bc2f 100644
> > --- a/config/etc/Makefile.am
> > +++ b/config/etc/Makefile.am
> > @@ -1,7 +1,7 @@
> > configdir = $(sysconfdir)/lxc
> > config_DATA = default.conf
> >
> > -EXTRA_DIST = default.conf.ubuntu default.conf.libvirt default.conf.unknown
> > +EXTRA_DIST = default.conf.lxcbr default.conf.libvirt default.conf.unknown
> >
> > clean-local:
> > @$(RM) -f default.conf
> > diff --git a/config/etc/default.conf.ubuntu b/config/etc/default.conf.ubuntu
> > deleted file mode 100644
> > index 661718b..0000000
> > --- a/config/etc/default.conf.ubuntu
> > +++ /dev/null
> > @@ -1,4 +0,0 @@
> > -lxc.network.type = veth
> > -lxc.network.link = lxcbr0
> > -lxc.network.flags = up
> > -lxc.network.hwaddr = 00:16:3e:xx:xx:xx
> > diff --git a/config/init/Makefile.am b/config/init/Makefile.am
> > index e2ffe28..dea8e3f 100644
> > --- a/config/init/Makefile.am
> > +++ b/config/init/Makefile.am
> > @@ -1 +1 @@
> > -SUBDIRS = systemd sysvinit upstart
> > +SUBDIRS = common systemd upstart
> > diff --git a/config/init/systemd/Makefile.am b/config/init/systemd/Makefile.am
> > index 5959cd8..6ded467 100644
> > --- a/config/init/systemd/Makefile.am
> > +++ b/config/init/systemd/Makefile.am
> > @@ -6,17 +6,9 @@ EXTRA_DIST = \
> > $(NULL)
> >
> > if INIT_SCRIPT_SYSTEMD
> > -lxc-autostart-helper: ../sysvinit/lxc.in $(top_builddir)/config.status
> > - $(AM_V_GEN)sed \
> > - -e 's|[@]SYSCONFDIR[@]|$(sysconfdir)|g' \
> > - -e 's|[@]LOCALSTATEDIR[@]|$(localstatedir)|g' \
> > - -e 's|[@]BINDIR[@]|$(bindir)|g' \
> > - < $< > $@-t && \
> > - chmod a+x $@-t && \
> > - mv $@-t $@
> > -BUILT_SOURCES = lxc-autostart-helper lxc.service lxc-net.service
> > +BUILT_SOURCES = lxc.service lxc-net.service
> >
> > -install-systemd: lxc.service lxc-net.service lxc-devsetup lxc-apparmor-load lxc-autostart-helper
> > +install-systemd: lxc.service lxc-net.service lxc-devsetup lxc-apparmor-load
> > $(MKDIR_P) $(DESTDIR)$(SYSTEMD_UNIT_DIR)
> > $(INSTALL_DATA) lxc.service lxc-net.service $(DESTDIR)$(SYSTEMD_UNIT_DIR)/
> >
> > @@ -25,7 +17,7 @@ uninstall-systemd:
> > rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/lxc-net.service
> > rmdir $(DESTDIR)$(SYSTEMD_UNIT_DIR) || :
> >
> > -pkglibexec_SCRIPTS = lxc-devsetup lxc-apparmor-load lxc-autostart-helper
> > +pkglibexec_SCRIPTS = lxc-devsetup lxc-apparmor-load
> >
> > install-data-local: install-systemd
> > uninstall-local: uninstall-systemd
> > diff --git a/config/init/systemd/lxc-net.service.in b/config/init/systemd/lxc-net.service.in
> > index 37d1d69..c054702 100644
> > --- a/config/init/systemd/lxc-net.service.in
> > +++ b/config/init/systemd/lxc-net.service.in
> > @@ -6,5 +6,5 @@ Before=lxc.service
> > [Service]
> > Type=oneshot
> > RemainAfterExit=yes
> > -ExecStart=@DATADIR@/lxc/lxc.net start
> > -ExecStop=@DATADIR@/lxc/lxc.net stop
> > +ExecStart=@LIBEXECDIR@/lxc/lxc-net start
> > +ExecStop=@LIBEXECDIR@/lxc/lxc-net stop
> > diff --git a/config/init/systemd/lxc.service.in b/config/init/systemd/lxc.service.in
> > index f64610f..33da987 100644
> > --- a/config/init/systemd/lxc.service.in
> > +++ b/config/init/systemd/lxc.service.in
> > @@ -8,8 +8,8 @@ Type=oneshot
> > RemainAfterExit=yes
> > ExecStartPre=@LIBEXECDIR@/lxc/lxc-devsetup
> > ExecStartPre=@LIBEXECDIR@/lxc/lxc-apparmor-load
> > -ExecStart=@LIBEXECDIR@/lxc/lxc-autostart-helper start
> > -ExecStop=@LIBEXECDIR@/lxc/lxc-autostart-helper stop
> > +ExecStart=@LIBEXECDIR@/lxc/lxc-containers start
> > +ExecStop=@LIBEXECDIR@/lxc/lxc-containers stop
> > # Environment=BOOTUP=serial
> > # Environment=CONSOLETYPE=serial
> > StandardOutput=syslog
> > diff --git a/config/init/sysvinit/Makefile.am b/config/init/sysvinit/Makefile.am
> > deleted file mode 100644
> > index 66c190d..0000000
> > --- a/config/init/sysvinit/Makefile.am
> > +++ /dev/null
> > @@ -1,14 +0,0 @@
> > -EXTRA_DIST = lxc
> > -
> > -if INIT_SCRIPT_SYSV
> > -install-sysvinit: lxc
> > - $(MKDIR_P) $(DESTDIR)$(sysconfdir)/rc.d/init.d
> > - $(INSTALL_SCRIPT) lxc $(DESTDIR)$(sysconfdir)/rc.d/init.d/lxc
> > -
> > -uninstall-sysvinit:
> > - rm -f $(DESTDIR)$(sysconfdir)/rc.d/init.d/lxc
> > - rmdir $(DESTDIR)$(sysconfdir)/rc.d/init.d || :
> > -
> > -install-data-local: install-sysvinit
> > -uninstall-local: uninstall-sysvinit
> > -endif
> > diff --git a/config/init/sysvinit/lxc.in b/config/init/sysvinit/lxc.in
> > deleted file mode 100644
> > index 7cad8c8..0000000
> > --- a/config/init/sysvinit/lxc.in
> > +++ /dev/null
> > @@ -1,131 +0,0 @@
> > -#!/bin/sh
> > -#
> > -# lxc Start/Stop LXC autoboot containers
> > -#
> > -# chkconfig: 345 99 01
> > -# description: Starts/Stops all LXC containers configured for autostart.
> > -#
> > -### BEGIN INIT INFO
> > -# Provides: lxc
> > -# Default-Start: 3 4 5
> > -# Default-Stop: 0 1 6
> > -# Short-Description: Bring up/down LXC autostart containers
> > -# Description: Bring up/down LXC autostart containers
> > -### END INIT INFO
> > -
> > -sysconfdir="@SYSCONFDIR@"
> > -bindir="@BINDIR@"
> > -localstatedir="@LOCALSTATEDIR@"
> > -
> > -# These can be overridden in @SYSCONFDIR@/sysconfig/lxc
> > -
> > -# BOOTGROUPS - What groups should start on bootup?
> > -# Comma separated list of groups.
> > -# Leading comma, trailing comma or embedded double
> > -# comma indicates when the NULL group should be run.
> > -# Example (default): boot the onboot group first then the NULL group
> > -BOOTGROUPS="onboot,"
> > -
> > -# SHUTDOWNDELAY - Wait time for a container to shut down.
> > -# ner shutdown can result in lengthy system
> > -# shutdown times. Even 5 seconds per container can be
> > -# too long.
> > -SHUTDOWNDELAY=5
> > -
> > -# OPTIONS can be used for anything else.
> > -# If you want to boot everything then
> > -# options can be "-a" or "-a -A".
> > -OPTIONS=
> > -
> > -# STOPOPTS are stop options. The can be used for anything else to stop.
> > -# If you want to kill containers fast, use -k
> > -STOPOPTS="-a -A -s"
> > -
> > -# Source function library.
> > -test ! -r "$sysconfdir"/rc.d/init.d/functions ||
> > - . "$sysconfdir"/rc.d/init.d/functions
> > -
> > -# provide action() fallback
> > -if ! type action >/dev/null 2>&1; then
> > - action() {
> > - echo "$@"
> > - }
> > -fi
> > -
> > -# Source any configurable options
> > -test ! -r "$sysconfdir"/sysconfig/lxc ||
> > - . "$sysconfdir"/sysconfig/lxc
> > -
> > -# Check for needed utility program
> > -[ -x "$bindir"/lxc-autostart ] || exit 1
> > -
> > -# If libvirtd is providing the bridge, it might not be
> > -# immediately available, so wait a bit for it before starting
> > -# up the containers or else any that use the bridge will fail
> > -# to start
> > -wait_for_bridge()
> > -{
> > - [ -f "$sysconfdir"/lxc/default.conf ] || { return 0; }
> > -
> > - which ifconfig >/dev/null 2>&1
> > - if [ $? = 0 ]; then
> > - cmd="ifconfig -a"
> > - else
> > - which ip >/dev/null 2>&1
> > - if [ $? = 0 ]; then
> > - cmd="ip link list"
> > - fi
> > - fi
> > - [ -n cmd ] || { return 0; }
> > -
> > - BRNAME=`grep '^[ ]*lxc.network.link' "$sysconfdir"/lxc/default.conf | sed 's/^.*=[ ]*//'`
> > - if [ -z "$BRNAME" ]; then
> > - return 0
> > - fi
> > -
> > - for try in `seq 1 30`; do
> > - eval $cmd |grep "^$BRNAME" >/dev/null 2>&1
> > - if [ $? = 0 ]; then
> > - return
> > - fi
> > - sleep 1
> > - done
> > -}
> > -
> > -# See how we were called.
> > -case "$1" in
> > - start)
> > - [ ! -f "$localstatedir"/lock/subsys/lxc ] || { exit 0; }
> > -
> > - if [ -n "$BOOTGROUPS" ]
> > - then
> > - BOOTGROUPS="-g $BOOTGROUPS"
> > - fi
> > -
> > - # Start containers
> > - wait_for_bridge
> > - # Start autoboot containers first then the NULL group "onboot,".
> > - action $"Starting LXC autoboot containers: " "$bindir"/lxc-autostart $OPTIONS $BOOTGROUPS
> > - touch "$localstatedir"/lock/subsys/lxc
> > - ;;
> > - stop)
> > - if [ -n "$SHUTDOWNDELAY" ]
> > - then
> > - SHUTDOWNDELAY="-t $SHUTDOWNDELAY"
> > - fi
> > -
> > - # The stop is serialized and can take excessive time. We need to avoid
> > - # delaying the system shutdown / reboot as much as we can since it's not
> > - # parallelized... Even 5 second timout may be too long.
> > - action $"Stopping LXC containers: " "$bindir"/lxc-autostart $STOPOPTS $SHUTDOWNDELAY
> > - rm -f "$localstatedir"/lock/subsys/lxc
> > - ;;
> > - restart|reload|force-reload)
> > - $0 stop
> > - $0 start
> > - ;;
> > - *)
> > - echo "Usage: $0 {start|stop|restart|reload|force-reload}"
> > - exit 2
> > -esac
> > -exit $?
> > diff --git a/config/init/upstart/lxc-net.conf b/config/init/upstart/lxc-net.conf
> > index 38f6ea3..15460eb 100644
> > --- a/config/init/upstart/lxc-net.conf
> > +++ b/config/init/upstart/lxc-net.conf
> > @@ -4,5 +4,5 @@ author "Serge Hallyn <serge.hallyn at canonical.com>"
> > start on starting lxc
> > stop on stopped lxc
> >
> > -pre-start exec /usr/share/lxc/lxc.net start
> > -post-stop exec /usr/share/lxc/lxc.net stop
> > +pre-start exec /usr/libexec/lxc/lxc-net start
> > +post-stop exec /usr/libexec/lxc/lxc-net stop
> > diff --git a/configure.ac b/configure.ac
> > index 1a55521..5d5f974 100644
> > --- a/configure.ac
> > +++ b/configure.ac
> > @@ -60,13 +60,16 @@ if test "z$with_distro" = "z"; then
> > fi
> > case $with_distro in
> > ubuntu|raspbian)
> > - distroconf=default.conf.ubuntu
> > + distroconf=default.conf.lxcbr
> > + distrosysconf="$sysconfdir/default"
> > ;;
> > - redhat|centos|fedora|oracle|oracleserver)
> > - distroconf=default.conf.libvirt
> > + redhat|centos|fedora|oracle|oracleserver|suse|opensuse*)
> > + distroconf=default.conf.lxcbr
> > + distrosysconf="$sysconfdir/sysconfig"
> > ;;
> > *)
> > distroconf=default.conf.unknown
> > + distrosysconf="$sysconfdir/default"
> > ;;
> > esac
> > AC_MSG_RESULT([$with_distro])
> > @@ -84,7 +87,7 @@ AC_ARG_WITH([init-script],
> > case "$with_init_script" in
> > distro)
> > case $with_distro in
> > - fedora)
> > + fedora|opensuse*)
> > init_script=systemd
> > ;;
> > redhat|centos|oracle|oracleserver)
> > @@ -520,6 +523,7 @@ AS_AC_EXPAND(LXCPATH, "$with_config_path")
> > AS_AC_EXPAND(LXC_GLOBAL_CONF, "$with_global_conf")
> > AS_AC_EXPAND(LXC_USERNIC_CONF, "$with_usernic_conf")
> > AS_AC_EXPAND(LXC_USERNIC_DB, "$with_usernic_db")
> > +AS_AC_EXPAND(LXC_DISTRO_SYSCONF, "$distrosysconf")
> > AS_AC_EXPAND(LXCROOTFSMOUNT, "$with_rootfs_path")
> > AS_AC_EXPAND(LXCTEMPLATEDIR, "$datadir/lxc/templates")
> > AS_AC_EXPAND(LXCTEMPLATECONFIG, "$datadir/lxc/config")
> > @@ -602,8 +606,9 @@ AC_CONFIG_FILES([
> > config/bash/Makefile
> > config/bash/lxc
> > config/init/Makefile
> > - config/init/sysvinit/Makefile
> > - config/init/sysvinit/lxc
> > + config/init/common/Makefile
> > + config/init/common/lxc-containers
> > + config/init/common/lxc-net
> > config/init/systemd/Makefile
> > config/init/systemd/lxc.service
> > config/init/systemd/lxc-net.service
> > @@ -636,6 +641,8 @@ AC_CONFIG_FILES([
> > config/templates/ubuntu.userns.conf
> > config/templates/userns.conf
> > config/yum/Makefile
> > + config/sysconfig/Makefile
> > + config/sysconfig/lxc
> >
> > doc/Makefile
> > doc/api/Makefile
> > diff --git a/lxc.spec.in b/lxc.spec.in
> > index 57912a1..52b6326 100644
> > --- a/lxc.spec.in
> > +++ b/lxc.spec.in
> > @@ -28,7 +28,16 @@
> > %if 0%{?fedora} >= 14 || 0%{?rhel} >= 7 || 0%{?suse_version} >= 1210
> > %global with_systemd 1
> > %define init_script systemd
> > +#
> > +# BuildRequires systemd-units on fedora and rhel
> > +%if 0%{?fedora} >= 14 || 0%{?rhel} >= 7
> > BuildRequires: systemd-units
> > +#
> > +# BuildRequires systemd on openSUSE and SUSE
> > +%endif
> > +%if 0%{?suse_version} >= 1210
> > +BuildRequires: systemd
> > +%endif
> > %else
> > %global with_systemd 0
> > %define init_script sysvinit
> > @@ -53,8 +62,25 @@ Summary: Linux Containers userspace tools
> > Group: Applications/System
> > License: LGPLv2+
> > BuildRoot: %{_tmppath}/%{name}-%{version}-build
> > -Requires: openssl rsync
> > -BuildRequires: libcap libcap-devel docbook2X graphviz
> > +Requires: openssl rsync dnsmasq
> > +# Note for Suse. The "docbook2X" BuildRequires does properly
> > +# match docbook2x on Suse in a case insensitive manner
> > +BuildRequires: libcap libcap-devel docbook2X graphviz libxslt pkgconfig
> > +
> > +#
> > +# Additional packages for openSUSE and SUSE
> > +#
> > +%if 0%{?suse_version} >= 1210
> > +PreReq: permissions
> > +BuildRequires: libapparmor-devel linux-glibc-devel lsb-release docbook-utils
> > +
> > +#
> > +# libseccomp-devel only needed on i386/i586/i686 and X86_64
> > +#
> > +%ifarch %ix86 x86_64
> > +BuildRequires: libseccomp-devel
> > +%endif
> > +%endif
> >
> > %if %{with_python}
> > Requires: python3
> > @@ -105,6 +131,9 @@ PATH=$PATH:/usr/sbin:/sbin %configure $args \
> > %if %{with_python}
> > --enable-python \
> > %endif
> > +%if "x%{_unitdir}" != "x"
> > + --with-systemdsystemunitdir=%{_unitdir} \
> > +%endif
> > --disable-rpath \
> > --with-init-script=%{init_script}
> > make %{?_smp_mflags}
> > @@ -117,28 +146,102 @@ find %{buildroot} -type f -name '*.la' -exec rm -f {} ';'
> > %clean
> > rm -rf %{buildroot}
> >
> > +%pre
> > +# Ensure that lxcdnsmasq uid & gid gets correctly allocated
> > +if getent passwd lxc-dnsmasq >/dev/null 2>&1 ; then : ; else \
> > + /usr/sbin/useradd -M -r -s /sbin/nologin \
> > + -c "LXC Networking Service" -d %_localstatedir/%name lxc-dnsmasq 2> /dev/null \
> > + || exit 1
> > +fi
> > +
> > %post
> > +# This test should trigger a network configure on a new install.
> > +if [ ! -f %{_sysconfdir}/sysconfig/lxc-net ] || ! grep -q 'USE_LXC_BRIDGE=' %{_sysconfdir}/sysconfig/lxc-net
> > +then
> > + # Grab a random 10net subnet. Need to add test logic...
> > + while [ true ]
> > + do
> > + SUBNET=10.$(($RANDOM % 256)).$(($RANDOM % 256))
> > + if ! ip -4 route ls | grep -q "^$SUBNET"
> > + then
> > + break
> > + fi
> > + done
> > +
> > + cat > %{_sysconfdir}/sysconfig/lxc-net <<EOF
> > +# Leave USE_LXC_BRIDGE as "true" if you want to use lxcbr0 for your
> > +# containers. Set to "false" if you'll use virbr0 or another existing
> > +# bridge, or mavlan to your host's NIC.
> > +USE_LXC_BRIDGE="true"
> > +
> > +# If you change the LXC_BRIDGE to something other than lxcbr0, then
> > +# you will also need to update your /etc/lxc/default.conf as well as the
> > +# configuration (/var/lib/lxc/<container>/config) for any containers
> > +# already created using the default config to reflect the new bridge
> > +# name.
> > +# If you have the dnsmasq daemon installed, you'll also have to update
> > +# /etc/dnsmasq.d/lxc and restart the system wide dnsmasq daemon.
> > +LXC_BRIDGE="lxcbr0"
> > +LXC_ADDR="$SUBNET.1"
> > +LXC_NETMASK="255.255.255.0"
> > +LXC_NETWORK="$SUBNET.0/24"
> > +LXC_DHCP_RANGE="$SUBNET.2,$SUBNET.254"
> > +LXC_DHCP_MAX="253"
> > +# Uncomment the next line if you'd like to use a conf-file for the lxcbr0
> > +# dnsmasq. For instance, you can use 'dhcp-host=mail1,10.0.3.100' to have
> > +# container 'mail1' always get ip address 10.0.3.100.
> > +#LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf
> > +
> > +# Uncomment the next line if you want lxcbr0's dnsmasq to resolve the .lxc
> > +# domain. You can then add "server=/lxc/10.0.3.1' (or your actual $LXC_ADDR)
> > +# to /etc/dnsmasq.conf, after which 'container1.lxc' will resolve on your
> > +# host.
> > +#LXC_DOMAIN="lxc"
> > +EOF
> > +fi
> > +
> > %post libs -p /sbin/ldconfig
> > %postun libs -p /sbin/ldconfig
> >
> > %files
> > %defattr(-,root,root)
> > %{_bindir}/*
> > +# openSUSE/SUSE
> > +%if 0%{?suse_version} >= 1210
> > +%dir %{_sysconfdir}/apparmor.d
> > +%dir %{_sysconfdir}/apparmor.d/abstractions
> > +%dir %{_sysconfdir}/apparmor.d/abstractions/%{name}
> > +%config %{_sysconfdir}/apparmor.d/abstractions/%{name}/container-base
> > +%config %{_sysconfdir}/apparmor.d/abstractions/%{name}/start-container
> > +%config %{_sysconfdir}/apparmor.d/%{name}-containers
> > +%dir %{_sysconfdir}/apparmor.d/%{name}
> > +%config %{_sysconfdir}/apparmor.d/%{name}/%{name}-default
> > +%config %{_sysconfdir}/apparmor.d/%{name}/%{name}-default-with-mounting
> > +%config %{_sysconfdir}/apparmor.d/%{name}/%{name}-default-with-nesting
> > +%config %{_sysconfdir}/apparmor.d/usr.bin.%{name}-start
> > +%endif
> > %{_mandir}/man1/lxc*
> > %{_mandir}/man5/lxc*
> > %{_mandir}/man7/lxc*
> > +# not openSUSE/SUSE
> > +%if %{undefined suse_version}
> > %{_mandir}/ja/man1/lxc*
> > %{_mandir}/ja/man5/lxc*
> > %{_mandir}/ja/man7/lxc*
> > +%endif
> > %{_datadir}/doc/*
> > %{_datadir}/lxc/*
> > %{_sysconfdir}/bash_completion.d
> > +%{_sysconfdir}/sysconfig/*
> > %config(noreplace) %{_sysconfdir}/lxc/*
> > +%config(noreplace) %{_sysconfdir}/sysconfig/*
> >
> > %if %{with_systemd}
> > +%{_unitdir}/lxc-net.service
> > %{_unitdir}/lxc.service
> > %else
> > %{_sysconfdir}/rc.d/init.d/lxc
> > +%{_sysconfdir}/rc.d/init.d/lxc-net
> > %endif
> >
> > %files libs
> > @@ -154,7 +257,8 @@ rm -rf %{buildroot}
> > %attr(4111,root,root) %{_libexecdir}/%{name}/lxc-user-nic
> > %if %{with_systemd}
> > %attr(555,root,root) %{_libexecdir}/%{name}/lxc-devsetup
> > -%attr(555,root,root) %{_libexecdir}/%{name}/lxc-autostart-helper
> > +%attr(555,root,root) %{_libexecdir}/%{name}/lxc-net
> > +%attr(555,root,root) %{_libexecdir}/%{name}/lxc-containers
> > %endif
> >
> > %if %{with_python}
> > diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am
> > index c1a67d6..6543164 100644
> > --- a/src/lxc/Makefile.am
> > +++ b/src/lxc/Makefile.am
> > @@ -165,8 +165,7 @@ bin_SCRIPTS = lxc-checkconfig
> > EXTRA_DIST = \
> > lxc-device \
> > lxc-ls \
> > - lxc-top \
> > - lxc.net
> > + lxc-top
> >
> > if ENABLE_PYTHON
> > bin_SCRIPTS += lxc-device
> > @@ -253,7 +252,6 @@ endif
> > install-exec-local: install-soPROGRAMS
> > mkdir -p $(DESTDIR)$(datadir)/lxc
> > install -c -m 644 lxc.functions $(DESTDIR)$(datadir)/lxc
> > - install -c -m 755 lxc.net $(DESTDIR)$(datadir)/lxc
> > mv $(DESTDIR)$(libdir)/liblxc.so $(DESTDIR)$(libdir)/liblxc.so.$(VERSION)
> > cd $(DESTDIR)$(libdir); \
> > ln -sf liblxc.so.$(VERSION) liblxc.so.$(firstword $(subst ., ,$(VERSION))); \
> > diff --git a/src/lxc/lxc.net b/src/lxc/lxc.net
> > deleted file mode 100755
> > index 9ec9695..0000000
> > --- a/src/lxc/lxc.net
> > +++ /dev/null
> > @@ -1,103 +0,0 @@
> > -#!/bin/sh
> > -set -eu
> > -
> > -USE_LXC_BRIDGE="true"
> > -LXC_BRIDGE="lxcbr0"
> > -LXC_ADDR="10.0.3.1"
> > -LXC_NETMASK="255.255.255.0"
> > -LXC_NETWORK="10.0.3.0/24"
> > -LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
> > -LXC_DHCP_MAX="253"
> > -LXC_DHCP_CONFILE=""
> > -varrun="/run/lxc"
> > -LXC_DOMAIN=""
> > -
> > -start() {
> > - [ -f /etc/default/lxc ] && . /etc/default/lxc
> > -
> > - [ "x$USE_LXC_BRIDGE" = "xtrue" ] || { stop; exit 0; }
> > -
> > - use_iptables_lock="-w"
> > - iptables -w -L -n > /dev/null 2>&1 || use_iptables_lock=""
> > - cleanup() {
> > - # dnsmasq failed to start, clean up the bridge
> > - iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
> > - iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
> > - iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
> > - iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
> > - iptables $use_iptables_lock -D FORWARD -i ${LXC_BRIDGE} -j ACCEPT
> > - iptables $use_iptables_lock -D FORWARD -o ${LXC_BRIDGE} -j ACCEPT
> > - iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true
> > - iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
> > - ifconfig ${LXC_BRIDGE} down || true
> > - brctl delbr ${LXC_BRIDGE} || true
> > - }
> > -
> > - if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
> > - if [ ! -f ${varrun}/network_up ]; then
> > - # bridge exists, but we didn't start it
> > - stop;
> > - fi
> > - exit 0;
> > - fi
> > -
> > - # set up the lxc network
> > - brctl addbr ${LXC_BRIDGE} || { echo "Missing bridge support in kernel"; stop; exit 0; }
> > - echo 1 > /proc/sys/net/ipv4/ip_forward
> > - mkdir -p ${varrun}
> > - ifconfig ${LXC_BRIDGE} ${LXC_ADDR} netmask ${LXC_NETMASK} up
> > - iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
> > - iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
> > - iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
> > - iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
> > - iptables $use_iptables_lock -I FORWARD -i ${LXC_BRIDGE} -j ACCEPT
> > - iptables $use_iptables_lock -I FORWARD -o ${LXC_BRIDGE} -j ACCEPT
> > - iptables $use_iptables_lock -t nat -A POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE
> > - iptables $use_iptables_lock -t mangle -A POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
> > -
> > - LXC_DOMAIN_ARG=""
> > - if [ -n "$LXC_DOMAIN" ]; then
> > - LXC_DOMAIN_ARG="-s $LXC_DOMAIN -S /$LXC_DOMAIN/"
> > - fi
> > - DNSMASQ_USER="lxc-dnsmasq"
> > - if ! getent passwd ${DNSMASQ_USER} >/dev/null; then
> > - DNSMASQ_USER="dnsmasq"
> > - fi
> > - dnsmasq $LXC_DOMAIN_ARG -u ${DNSMASQ_USER} --strict-order --bind-interfaces --pid-file=${varrun}/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup
> > - touch ${varrun}/network_up
> > -}
> > -
> > -stop() {
> > - [ -f /etc/default/lxc ] && . /etc/default/lxc
> > - [ -f "${varrun}/network_up" ] || exit 0;
> > - # if $LXC_BRIDGE has attached interfaces, don't shut it down
> > - ls /sys/class/net/${LXC_BRIDGE}/brif/* > /dev/null 2>&1 && exit 0;
> > -
> > - if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
> > - use_iptables_lock="-w"
> > - iptables -w -L -n > /dev/null 2>&1 || use_iptables_lock=""
> > - ifconfig ${LXC_BRIDGE} down
> > - iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
> > - iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
> > - iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
> > - iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
> > - iptables $use_iptables_lock -D FORWARD -i ${LXC_BRIDGE} -j ACCEPT
> > - iptables $use_iptables_lock -D FORWARD -o ${LXC_BRIDGE} -j ACCEPT
> > - iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true
> > - iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
> > - pid=`cat ${varrun}/dnsmasq.pid 2>/dev/null` && kill -9 $pid || true
> > - rm -f ${varrun}/dnsmasq.pid
> > - brctl delbr ${LXC_BRIDGE}
> > - fi
> > - rm -f ${varrun}/network_up
> > -}
> > -
> > -if [ "$1" = start ]; then
> > - start
> > -elif [ "$1" = stop ]; then
> > - stop
> > -else
> > - echo "Usage: $0 start|stop" >&2
> > - exit 1
> > -fi
> > -
> > diff --git a/src/lxc/lxc_user_nic.c b/src/lxc/lxc_user_nic.c
> > index 145a35d..7a87503 100644
> > --- a/src/lxc/lxc_user_nic.c
> > +++ b/src/lxc/lxc_user_nic.c
> > @@ -475,7 +475,7 @@ again:
> > static int rename_in_ns(int pid, char *oldname, char **newnamep)
> > {
> > char nspath[MAXPATHLEN];
> > - int fd = -1, ofd = -1, ret, ifindex;
> > + int fd = -1, ofd = -1, ret, ifindex = 0;
> > bool grab_newname = false;
> >
> > ret = snprintf(nspath, MAXPATHLEN, "/proc/%d/ns/net", getpid());
> > --
> > 1.9.3
> >
> >
> > --
> > Michael H. Warfield (AI4NB) | (770) 978-7061 | mhw at WittsEnd.com
> > /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
> > NIC whois: MHW9 | An optimist believes we live in the best of all
> > PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
> >
>
>
>
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
--
Michael H. Warfield (AI4NB) | (770) 978-7061 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 465 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140826/c70f3c7f/attachment.sig>
More information about the lxc-devel
mailing list