[lxc-devel] [PATCH] init: Add upstart jobs and some more changes
Serge Hallyn
serge.hallyn at ubuntu.com
Thu Jan 16 21:30:37 UTC 2014
Quoting Stéphane Graber (stgraber at ubuntu.com):
> This adds the 3 upstart jobs that we've had in Ubuntu for a while:
> - lxc.conf: Main upstart job, triggers lxc-net.conf based on config
> - lxc-instance.conf: Triggered by lxc.conf for each auto-started container
> - lxc-net.conf: Triggered by lxc.conf, sets up lxcbr0, NAT, mangling, ...
>
> In addition, there are two extra config files in /etc/default:
> - lxc: Allows setting some values like http proxying, disabling autostart, ...
> - lxc-net: Network configuration for the lxcbr0 bridge
>
> This change also disables the sysv script for all distros but Oracle as
> the current script won't work on either Ubuntu nor Debian and I suspect
> quite a few more distros, so it's not nearly as distro-agnostic as we
> thought.
>
> For Debian, only install the upstart jobs and systemd unit.
> For Ubuntu, only install the upstart jobs.
>
> This change also moves all the init related stuff to config/init/
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
...
> diff --git a/config/init/upstart/Makefile.am b/config/init/upstart/Makefile.am
> new file mode 100644
> index 0000000..8205f20
> --- /dev/null
> +++ b/config/init/upstart/Makefile.am
> @@ -0,0 +1,22 @@
> +EXTRA_DIST = lxc.conf lxc-instance.conf lxc-net.conf
> +
> +if INIT_SCRIPT_UPSTART
> +install-upstart: lxc.conf lxc-instance.conf lxc-net.conf
> + $(MKDIR_P) $(DESTDIR)$(sysconfdir)/init/
> + $(INSTALL_DATA) lxc.conf $(DESTDIR)$(sysconfdir)/init/
> + $(INSTALL_DATA) lxc-instance.conf $(DESTDIR)$(sysconfdir)/init/
> + $(INSTALL_DATA) lxc-net.conf $(DESTDIR)$(sysconfdir)/init/
> +
> +uninstall-syvinit:
Why do you have uninstall-syvinit here? Did you want an
uninstall-upstart?
> + rm -f $(DESTDIR)$(sysconfdir)/rc.d/init/lxc.conf
> + rm -f $(DESTDIR)$(sysconfdir)/rc.d/init/lxc-instance.conf
> + rm -f $(DESTDIR)$(sysconfdir)/rc.d/init/lxc-net.conf
> + rmdir $(DESTDIR)$(sysconfdir)/rc.d/init || :
> +else
> +install-syvinit:
> +uninstall-upstart:
> +endif
> +
> +install-data-local: install-upstart
> +
> +uninstall-local: uninstall-upstart
> diff --git a/config/init/upstart/lxc-instance.conf b/config/init/upstart/lxc-instance.conf
> new file mode 100644
> index 0000000..58d045d
> --- /dev/null
> +++ b/config/init/upstart/lxc-instance.conf
> @@ -0,0 +1,22 @@
> +description "lxc instance"
> +author "Christian Kampka <chris at emerge-life.de>"
> +
> +stop on stopping lxc
> +
> +# wait for 120 seconds for container to shutdown before killing it
> +kill timeout 120
> +
> +# send SIGPWR to container to trigger a shutdown (see lxc-shutdown(1))
> +kill signal SIGPWR
> +
> +
> +instance $NAME
> +usage "NAME=name of LXC instance"
> +
> +pre-start script
> + lxc-wait -s RUNNING -n $NAME -t 0 && { stop; exit 0; } || true
> +end script
> +
> +script
> + exec lxc-start -n $NAME
> +end script
> diff --git a/config/init/upstart/lxc-net.conf b/config/init/upstart/lxc-net.conf
> new file mode 100644
> index 0000000..517bd2b
> --- /dev/null
> +++ b/config/init/upstart/lxc-net.conf
> @@ -0,0 +1,86 @@
> +description "lxc network"
> +author "Serge Hallyn <serge.hallyn at canonical.com>"
> +
> +start on starting lxc
> +stop on stopped lxc
> +
> +env USE_LXC_BRIDGE="false"
> +env LXC_BRIDGE="lxcbr0"
> +env LXC_ADDR="10.0.3.1"
> +env LXC_NETMASK="255.255.255.0"
> +env LXC_NETWORK="10.0.3.0/24"
> +env LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
> +env LXC_DHCP_MAX="253"
> +env LXC_DHCP_CONFILE=""
> +env varrun="/var/run/lxc"
> +env LXC_DOMAIN=""
> +
> +pre-start script
> + [ -f /etc/default/lxc ] && . /etc/default/lxc
> +
> + [ "x$USE_LXC_BRIDGE" = "xtrue" ] || { stop; exit 0; }
> +
> + use_iptables_lock="-w"
> + iptables -w -L -n 2>&1 > /dev/null || use_iptables_lock=""
> + cleanup() {
> + # dnsmasq failed to start, clean up the bridge
> + iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
> + iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
> + iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
> + iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
> + iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true
> + iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
> + ifconfig ${LXC_BRIDGE} down || true
> + brctl delbr ${LXC_BRIDGE} || true
> + }
> +
> + if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
> + if [ ! -f ${varrun}/network_up ]; then
> + # bridge exists, but we didn't start it
> + stop;
> + fi
> + exit 0;
> + fi
> +
> + # set up the lxc network
> + brctl addbr ${LXC_BRIDGE} || { echo "Missing bridge support in kernel"; stop; exit 0; }
> + echo 1 > /proc/sys/net/ipv4/ip_forward
> + mkdir -p ${varrun}
> + ifconfig ${LXC_BRIDGE} ${LXC_ADDR} netmask ${LXC_NETMASK} up
> + iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
> + iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
> + iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
> + iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
> + iptables $use_iptables_lock -t nat -A POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE
> + iptables $use_iptables_lock -t mangle -A POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
> +
> + LXC_DOMAIN_ARG=""
> + if [ -n "$LXC_DOMAIN" ]; then
> + LXC_DOMAIN_ARG="-s $LXC_DOMAIN"
> + fi
> + dnsmasq $LXC_DOMAIN_ARG -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file=${varrun}/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup
> + touch ${varrun}/network_up
> +end script
> +
> +post-stop script
> + [ -f /etc/default/lxc ] && . /etc/default/lxc
> + [ -f "${varrun}/network_up" ] || exit 0;
> + # if $LXC_BRIDGE has attached interfaces, don't shut it down
> + ls /sys/class/net/${LXC_BRIDGE}/brif/* > /dev/null 2>&1 && exit 0;
> +
> + if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
> + use_iptables_lock="-w"
> + iptables -w -L -n 2>&1 > /dev/null || use_iptables_lock=""
> + ifconfig ${LXC_BRIDGE} down
> + iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
> + iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
> + iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
> + iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
> + iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true
> + iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
> + pid=`cat ${varrun}/dnsmasq.pid 2>/dev/null` && kill -9 $pid || true
> + rm -f ${varrun}/dnsmasq.pid
> + brctl delbr ${LXC_BRIDGE}
> + fi
> + rm -f ${varrun}/network_up
> +end script
> diff --git a/config/init/upstart/lxc.conf b/config/init/upstart/lxc.conf
> new file mode 100644
> index 0000000..1a5c5c9
> --- /dev/null
> +++ b/config/init/upstart/lxc.conf
> @@ -0,0 +1,27 @@
> +description "lxc"
> +author "Serge Hallyn <serge.hallyn at canonical.com>"
> +
> +start on runlevel [2345]
> +stop on starting rc RUNLEVEL=[016]
> +
> +env LXC_AUTO="false"
> +
> +pre-start script
> + [ -f /etc/default/lxc ] && . /etc/default/lxc
> +
> + # don't load profiles if mount mediation is not supported
> + SYSF=/sys/kernel/security/apparmor/features/mount/mask
> + if [ -f $SYSF ]; then
> + if [ -x /lib/init/apparmor-profile-load ]; then
> + /lib/init/apparmor-profile-load usr.bin.lxc-start
> + /lib/init/apparmor-profile-load lxc-containers
> + fi
> + fi
> +
> + [ "x$LXC_AUTO" = "xtrue" ] || exit 0
> +
> + lxc-autostart -L | while read line; do
> + set -- $line
> + (start lxc-instance NAME=$1 && sleep $2) || true
> + done
> +end script
> diff --git a/configure.ac b/configure.ac
> index d8be165..6b93299 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -78,7 +78,7 @@ AM_CONDITIONAL([DISTRO_UBUNTU], [test "x$with_distro" = "xubuntu"])
> AC_MSG_CHECKING([for init system type])
> AC_ARG_WITH([init-script],
> [AC_HELP_STRING([--with-init-script@<:@=TYPE@<:@,TYPE,...@:>@@:>@],
> - [Type(s) of init script to install: sysv, systemd, upstart,
> + [Type(s) of init script to install: sysvinit, systemd, upstart,
> distro @<:@default=distro@:>@])],[],[with_init_script=distro])
> case "$with_init_script" in
> distro)
> @@ -87,17 +87,17 @@ case "$with_init_script" in
> init_script=systemd
> ;;
> redhat|centos|oracle|oracleserver)
> - init_script=sysv
> + init_script=sysvinit
> ;;
> debian)
> - init_script=sysv,upstart,systemd
> + init_script=upstart,systemd
> ;;
> ubuntu)
> init_script=upstart
> ;;
> *)
> - echo -n "Linux distribution init system unknown, defaulting to sysv"
> - init_script=sysv
> + echo -n "Linux distribution init system unknown."
> + init_script=
> ;;
> esac
> ;;
> @@ -110,7 +110,7 @@ esac
> (IFS="," ; for init_sys in $init_script;
> do
> case "$init_sys" in
> - none|sysv|systemd|upstart)
> + none|sysvinit|systemd|upstart)
> ;;
> *)
> exit 1
> @@ -118,7 +118,7 @@ do
> esac
> done) || AC_MSG_ERROR([Unknown init system type in $init_script])
>
> -AM_CONDITIONAL([INIT_SCRIPT_SYSV], [echo "$init_script" |grep -q "sysv"])
> +AM_CONDITIONAL([INIT_SCRIPT_SYSV], [echo "$init_script" |grep -q "sysvinit"])
> AM_CONDITIONAL([INIT_SCRIPT_SYSTEMD], [echo "$init_script" |grep -q "systemd"])
> AM_CONDITIONAL([INIT_SCRIPT_UPSTART], [echo "$init_script" |grep -q "upstart"])
> AC_MSG_RESULT($init_script)
> @@ -547,6 +547,10 @@ AC_CONFIG_FILES([
> lxc.spec
>
> config/Makefile
> + config/init/Makefile
> + config/init/sysvinit/Makefile
> + config/init/systemd/Makefile
> + config/init/upstart/Makefile
> config/etc/Makefile
> config/templates/Makefile
> config/templates/debian.common.conf
> diff --git a/lxc.spec.in b/lxc.spec.in
> index 615fcd6..c8ff08e 100644
> --- a/lxc.spec.in
> +++ b/lxc.spec.in
> @@ -31,7 +31,7 @@
> BuildRequires: systemd-units
> %else
> %global with_systemd 0
> -%define init_script sysv
> +%define init_script sysvinit
> %endif
>
> # RPM needs alpha/beta/rc in Release: not Version: to ensure smooth
> diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am
> index 34d69a6..1a63fca 100644
> --- a/src/lxc/Makefile.am
> +++ b/src/lxc/Makefile.am
> @@ -165,11 +165,8 @@ bin_SCRIPTS = \
>
> EXTRA_DIST = \
> lxc-device \
> - lxc-devsetup \
> lxc-ls \
> - lxc-top \
> - lxc.service \
> - lxc.sysvinit
> + lxc-top
>
> if ENABLE_PYTHON
> bin_SCRIPTS += lxc-device
> @@ -212,43 +209,6 @@ bin_PROGRAMS = \
> pkglibexec_PROGRAMS = \
> lxc-init
>
> -if INIT_SCRIPT_SYSV
> -install-init: lxc.sysvinit
> - $(MKDIR_P) $(DESTDIR)$(sysconfdir)/rc.d/init.d
> - $(INSTALL_SCRIPT) lxc.sysvinit $(DESTDIR)$(sysconfdir)/rc.d/init.d/lxc
> -
> -uninstall-init:
> - rm -f $(DESTDIR)$(sysconfdir)/rc.d/init.d/lxc
> - rmdir $(DESTDIR)$(sysconfdir)/rc.d/init.d || :
> -else
> -install-init:
> -uninstall-init:
> -endif
> -
> -if INIT_SCRIPT_SYSTEMD
> -SYSTEMD_UNIT_DIR = /usr/lib/systemd/system
> -install-systemd: lxc.service lxc-devsetup
> - $(MKDIR_P) $(DESTDIR)$(SYSTEMD_UNIT_DIR)
> - $(INSTALL_DATA) lxc.service $(DESTDIR)$(SYSTEMD_UNIT_DIR)/
> -
> -uninstall-systemd:
> - rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/lxc.service
> - rmdir $(DESTDIR)$(SYSTEMD_UNIT_DIR) || :
> -pkglibexec_SCRIPTS = lxc-devsetup
> -else
> -install-systemd:
> -uninstall-systemd:
> -endif
> -
> -if INIT_SCRIPT_UPSTART
> -# FIXME: install/uninstall upstart script here
> -install-upstart:
> -uninstall-upstart:
> -else
> -install-upstart:
> -uninstall-upstart:
> -endif
> -
> AM_LDFLAGS = -Wl,-E
> if ENABLE_RPATH
> AM_LDFLAGS += -Wl,-rpath -Wl,$(libdir)
> @@ -286,10 +246,6 @@ lxc_snapshot_SOURCES = lxc_snapshot.c
> lxc_usernsexec_SOURCES = lxc_usernsexec.c
> lxc_user_nic_SOURCES = lxc_user_nic.c network.c network.h
>
> -install-data-local: install-init install-systemd install-upstart
> -
> -uninstall-local: uninstall-init uninstall-systemd uninstall-upstart
> -
> install-exec-local: install-soPROGRAMS
> mkdir -p $(DESTDIR)$(datadir)/lxc
> install -c -m 644 lxc.functions $(DESTDIR)$(datadir)/lxc
> diff --git a/src/lxc/lxc-devsetup b/src/lxc/lxc-devsetup
> deleted file mode 100755
> index 3999ac8..0000000
> --- a/src/lxc/lxc-devsetup
> +++ /dev/null
> @@ -1,25 +0,0 @@
> -#!/bin/sh -
> -
> -# lxc.devsetup - Setup host /dev for container /dev subdirectories.
> -
> -if [[ ! -d /dev/.lxc ]]
> -then
> - echo "Creating /dev/.lxc"
> - mkdir /dev/.lxc
> - chmod 755 /dev/.lxc
> -fi
> -
> -if grep -q "/dev devtmpfs " /proc/self/mounts
> -then
> - echo "/dev is devtmpfs"
> -else
> - echo "/dev is not devtmpfs - mounting tmpfs on .lxc"
> - mount -t tmpfs tmpfs /dev/.lxc
> -fi
> -
> -if [[ ! -d /dev/.lxc/user ]]
> -then
> - echo "Creating /dev/.lxc/user"
> - mkdir /dev/.lxc/user
> - chmod 1777 /dev/.lxc/user
> -fi
> diff --git a/src/lxc/lxc.service b/src/lxc/lxc.service
> deleted file mode 100644
> index aa20b91..0000000
> --- a/src/lxc/lxc.service
> +++ /dev/null
> @@ -1,17 +0,0 @@
> -[Unit]
> -Description=LXC Container Initialization and Autoboot Code
> -After=syslog.target
> -
> -[Service]
> -Type=oneshot
> -RemainAfterExit=yes
> -ExecStartPre=/usr/libexec/lxc/lxc-devsetup
> -ExecStart=/usr/libexec/lxc/lxc-startup start
> -ExecStop=/usr/libexec/lxc/lxc-startup stop
> -# Environment=BOOTUP=serial
> -# Environment=CONSOLETYPE=serial
> -StandardOutput=syslog
> -StandardError=syslog
> -
> -[Install]
> -WantedBy=multi-user.target
> diff --git a/src/lxc/lxc.sysvinit b/src/lxc/lxc.sysvinit
> deleted file mode 100755
> index 9128187..0000000
> --- a/src/lxc/lxc.sysvinit
> +++ /dev/null
> @@ -1,64 +0,0 @@
> -#!/bin/sh
> -#
> -# lxc Start/Stop LXC autoboot containers
> -#
> -# chkconfig: 345 99 01
> -# description: Starts/Stops all LXC containers configured for autostart.
> -#
> -### BEGIN INIT INFO
> -# Provides: lxc
> -# Default-Start: 3 4 5
> -# Default-Stop: 0 1 6
> -# Short-Description: Bring up/down LXC autostart containers
> -# Description: Bring up/down LXC autostart containers
> -### END INIT INFO
> -
> -# Source function library.
> -. /etc/init.d/functions
> -
> -# Check for needed utility program
> -[ -x /usr/bin/lxc-autostart ] || exit 1
> -
> -# If libvirtd is providing the bridge, it might not be
> -# immediately available, so wait a bit for it before starting
> -# up the containers or else any that use the bridge will fail
> -# to start
> -wait_for_bridge()
> -{
> - [ -f /etc/lxc/default.conf ] || { return 0; }
> -
> - BRNAME=`grep lxc.network.link /etc/lxc/default.conf |awk '{print $3}'`
> - [ -n $BRNAME ] || { return 0; }
> -
> - for try in `seq 1 30`; do
> - ifconfig -a |grep "^$BRNAME" >/dev/null 2>&1
> - if [ $? = 0 ]; then
> - return
> - fi
> - sleep 1
> - done
> -}
> -
> -# See how we were called.
> -case "$1" in
> - start)
> - [ ! -f /var/lock/subsys/lxc ] || { exit 0; }
> -
> - # Start containers
> - wait_for_bridge
> - action $"Starting LXC containers: " /usr/bin/lxc-autostart
> - touch /var/lock/subsys/lxc
> - ;;
> - stop)
> - action $"Stopping LXC containers: " /usr/bin/lxc-autostart -s
> - rm -f /var/lock/subsys/lxc
> - ;;
> - restart|reload|force-reload)
> - $0 stop
> - $0 start
> - ;;
> - *)
> - echo $"Usage: $0 {start|stop|restart|reload|force-reload}"
> - exit 2
> -esac
> -exit $?
> --
> 1.8.5.2
>
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
More information about the lxc-devel
mailing list