[lxc-devel] [PATCH] init: Add upstart jobs and some more changes
Stéphane Graber
stgraber at ubuntu.com
Thu Jan 16 21:34:12 UTC 2014
On Thu, Jan 16, 2014 at 03:30:37PM -0600, Serge Hallyn wrote:
> Quoting Stéphane Graber (stgraber at ubuntu.com):
> > This adds the 3 upstart jobs that we've had in Ubuntu for a while:
> > - lxc.conf: Main upstart job, triggers lxc-net.conf based on config
> > - lxc-instance.conf: Triggered by lxc.conf for each auto-started container
> > - lxc-net.conf: Triggered by lxc.conf, sets up lxcbr0, NAT, mangling, ...
> >
> > In addition, there are two extra config files in /etc/default:
> > - lxc: Allows setting some values like http proxying, disabling autostart, ...
> > - lxc-net: Network configuration for the lxcbr0 bridge
> >
> > This change also disables the sysv script for all distros but Oracle as
> > the current script won't work on either Ubuntu nor Debian and I suspect
> > quite a few more distros, so it's not nearly as distro-agnostic as we
> > thought.
> >
> > For Debian, only install the upstart jobs and systemd unit.
> > For Ubuntu, only install the upstart jobs.
> >
> > This change also moves all the init related stuff to config/init/
> >
> > Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
>
> ...
>
> > diff --git a/config/init/upstart/Makefile.am b/config/init/upstart/Makefile.am
> > new file mode 100644
> > index 0000000..8205f20
> > --- /dev/null
> > +++ b/config/init/upstart/Makefile.am
> > @@ -0,0 +1,22 @@
> > +EXTRA_DIST = lxc.conf lxc-instance.conf lxc-net.conf
> > +
> > +if INIT_SCRIPT_UPSTART
> > +install-upstart: lxc.conf lxc-instance.conf lxc-net.conf
> > + $(MKDIR_P) $(DESTDIR)$(sysconfdir)/init/
> > + $(INSTALL_DATA) lxc.conf $(DESTDIR)$(sysconfdir)/init/
> > + $(INSTALL_DATA) lxc-instance.conf $(DESTDIR)$(sysconfdir)/init/
> > + $(INSTALL_DATA) lxc-net.conf $(DESTDIR)$(sysconfdir)/init/
> > +
> > +uninstall-syvinit:
>
> Why do you have uninstall-syvinit here? Did you want an
> uninstall-upstart?
I did! Thankfully the typo was consistent and so my tests passed anyway :)
Will fix and re-send.
>
> > + rm -f $(DESTDIR)$(sysconfdir)/rc.d/init/lxc.conf
> > + rm -f $(DESTDIR)$(sysconfdir)/rc.d/init/lxc-instance.conf
> > + rm -f $(DESTDIR)$(sysconfdir)/rc.d/init/lxc-net.conf
> > + rmdir $(DESTDIR)$(sysconfdir)/rc.d/init || :
> > +else
> > +install-syvinit:
> > +uninstall-upstart:
> > +endif
> > +
> > +install-data-local: install-upstart
> > +
> > +uninstall-local: uninstall-upstart
> > diff --git a/config/init/upstart/lxc-instance.conf b/config/init/upstart/lxc-instance.conf
> > new file mode 100644
> > index 0000000..58d045d
> > --- /dev/null
> > +++ b/config/init/upstart/lxc-instance.conf
> > @@ -0,0 +1,22 @@
> > +description "lxc instance"
> > +author "Christian Kampka <chris at emerge-life.de>"
> > +
> > +stop on stopping lxc
> > +
> > +# wait for 120 seconds for container to shutdown before killing it
> > +kill timeout 120
> > +
> > +# send SIGPWR to container to trigger a shutdown (see lxc-shutdown(1))
> > +kill signal SIGPWR
> > +
> > +
> > +instance $NAME
> > +usage "NAME=name of LXC instance"
> > +
> > +pre-start script
> > + lxc-wait -s RUNNING -n $NAME -t 0 && { stop; exit 0; } || true
> > +end script
> > +
> > +script
> > + exec lxc-start -n $NAME
> > +end script
> > diff --git a/config/init/upstart/lxc-net.conf b/config/init/upstart/lxc-net.conf
> > new file mode 100644
> > index 0000000..517bd2b
> > --- /dev/null
> > +++ b/config/init/upstart/lxc-net.conf
> > @@ -0,0 +1,86 @@
> > +description "lxc network"
> > +author "Serge Hallyn <serge.hallyn at canonical.com>"
> > +
> > +start on starting lxc
> > +stop on stopped lxc
> > +
> > +env USE_LXC_BRIDGE="false"
> > +env LXC_BRIDGE="lxcbr0"
> > +env LXC_ADDR="10.0.3.1"
> > +env LXC_NETMASK="255.255.255.0"
> > +env LXC_NETWORK="10.0.3.0/24"
> > +env LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
> > +env LXC_DHCP_MAX="253"
> > +env LXC_DHCP_CONFILE=""
> > +env varrun="/var/run/lxc"
> > +env LXC_DOMAIN=""
> > +
> > +pre-start script
> > + [ -f /etc/default/lxc ] && . /etc/default/lxc
> > +
> > + [ "x$USE_LXC_BRIDGE" = "xtrue" ] || { stop; exit 0; }
> > +
> > + use_iptables_lock="-w"
> > + iptables -w -L -n 2>&1 > /dev/null || use_iptables_lock=""
> > + cleanup() {
> > + # dnsmasq failed to start, clean up the bridge
> > + iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
> > + iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
> > + iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
> > + iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
> > + iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true
> > + iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
> > + ifconfig ${LXC_BRIDGE} down || true
> > + brctl delbr ${LXC_BRIDGE} || true
> > + }
> > +
> > + if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
> > + if [ ! -f ${varrun}/network_up ]; then
> > + # bridge exists, but we didn't start it
> > + stop;
> > + fi
> > + exit 0;
> > + fi
> > +
> > + # set up the lxc network
> > + brctl addbr ${LXC_BRIDGE} || { echo "Missing bridge support in kernel"; stop; exit 0; }
> > + echo 1 > /proc/sys/net/ipv4/ip_forward
> > + mkdir -p ${varrun}
> > + ifconfig ${LXC_BRIDGE} ${LXC_ADDR} netmask ${LXC_NETMASK} up
> > + iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
> > + iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
> > + iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
> > + iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
> > + iptables $use_iptables_lock -t nat -A POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE
> > + iptables $use_iptables_lock -t mangle -A POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
> > +
> > + LXC_DOMAIN_ARG=""
> > + if [ -n "$LXC_DOMAIN" ]; then
> > + LXC_DOMAIN_ARG="-s $LXC_DOMAIN"
> > + fi
> > + dnsmasq $LXC_DOMAIN_ARG -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file=${varrun}/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup
> > + touch ${varrun}/network_up
> > +end script
> > +
> > +post-stop script
> > + [ -f /etc/default/lxc ] && . /etc/default/lxc
> > + [ -f "${varrun}/network_up" ] || exit 0;
> > + # if $LXC_BRIDGE has attached interfaces, don't shut it down
> > + ls /sys/class/net/${LXC_BRIDGE}/brif/* > /dev/null 2>&1 && exit 0;
> > +
> > + if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
> > + use_iptables_lock="-w"
> > + iptables -w -L -n 2>&1 > /dev/null || use_iptables_lock=""
> > + ifconfig ${LXC_BRIDGE} down
> > + iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
> > + iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
> > + iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
> > + iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
> > + iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true
> > + iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
> > + pid=`cat ${varrun}/dnsmasq.pid 2>/dev/null` && kill -9 $pid || true
> > + rm -f ${varrun}/dnsmasq.pid
> > + brctl delbr ${LXC_BRIDGE}
> > + fi
> > + rm -f ${varrun}/network_up
> > +end script
> > diff --git a/config/init/upstart/lxc.conf b/config/init/upstart/lxc.conf
> > new file mode 100644
> > index 0000000..1a5c5c9
> > --- /dev/null
> > +++ b/config/init/upstart/lxc.conf
> > @@ -0,0 +1,27 @@
> > +description "lxc"
> > +author "Serge Hallyn <serge.hallyn at canonical.com>"
> > +
> > +start on runlevel [2345]
> > +stop on starting rc RUNLEVEL=[016]
> > +
> > +env LXC_AUTO="false"
> > +
> > +pre-start script
> > + [ -f /etc/default/lxc ] && . /etc/default/lxc
> > +
> > + # don't load profiles if mount mediation is not supported
> > + SYSF=/sys/kernel/security/apparmor/features/mount/mask
> > + if [ -f $SYSF ]; then
> > + if [ -x /lib/init/apparmor-profile-load ]; then
> > + /lib/init/apparmor-profile-load usr.bin.lxc-start
> > + /lib/init/apparmor-profile-load lxc-containers
> > + fi
> > + fi
> > +
> > + [ "x$LXC_AUTO" = "xtrue" ] || exit 0
> > +
> > + lxc-autostart -L | while read line; do
> > + set -- $line
> > + (start lxc-instance NAME=$1 && sleep $2) || true
> > + done
> > +end script
> > diff --git a/configure.ac b/configure.ac
> > index d8be165..6b93299 100644
> > --- a/configure.ac
> > +++ b/configure.ac
> > @@ -78,7 +78,7 @@ AM_CONDITIONAL([DISTRO_UBUNTU], [test "x$with_distro" = "xubuntu"])
> > AC_MSG_CHECKING([for init system type])
> > AC_ARG_WITH([init-script],
> > [AC_HELP_STRING([--with-init-script@<:@=TYPE@<:@,TYPE,...@:>@@:>@],
> > - [Type(s) of init script to install: sysv, systemd, upstart,
> > + [Type(s) of init script to install: sysvinit, systemd, upstart,
> > distro @<:@default=distro@:>@])],[],[with_init_script=distro])
> > case "$with_init_script" in
> > distro)
> > @@ -87,17 +87,17 @@ case "$with_init_script" in
> > init_script=systemd
> > ;;
> > redhat|centos|oracle|oracleserver)
> > - init_script=sysv
> > + init_script=sysvinit
> > ;;
> > debian)
> > - init_script=sysv,upstart,systemd
> > + init_script=upstart,systemd
> > ;;
> > ubuntu)
> > init_script=upstart
> > ;;
> > *)
> > - echo -n "Linux distribution init system unknown, defaulting to sysv"
> > - init_script=sysv
> > + echo -n "Linux distribution init system unknown."
> > + init_script=
> > ;;
> > esac
> > ;;
> > @@ -110,7 +110,7 @@ esac
> > (IFS="," ; for init_sys in $init_script;
> > do
> > case "$init_sys" in
> > - none|sysv|systemd|upstart)
> > + none|sysvinit|systemd|upstart)
> > ;;
> > *)
> > exit 1
> > @@ -118,7 +118,7 @@ do
> > esac
> > done) || AC_MSG_ERROR([Unknown init system type in $init_script])
> >
> > -AM_CONDITIONAL([INIT_SCRIPT_SYSV], [echo "$init_script" |grep -q "sysv"])
> > +AM_CONDITIONAL([INIT_SCRIPT_SYSV], [echo "$init_script" |grep -q "sysvinit"])
> > AM_CONDITIONAL([INIT_SCRIPT_SYSTEMD], [echo "$init_script" |grep -q "systemd"])
> > AM_CONDITIONAL([INIT_SCRIPT_UPSTART], [echo "$init_script" |grep -q "upstart"])
> > AC_MSG_RESULT($init_script)
> > @@ -547,6 +547,10 @@ AC_CONFIG_FILES([
> > lxc.spec
> >
> > config/Makefile
> > + config/init/Makefile
> > + config/init/sysvinit/Makefile
> > + config/init/systemd/Makefile
> > + config/init/upstart/Makefile
> > config/etc/Makefile
> > config/templates/Makefile
> > config/templates/debian.common.conf
> > diff --git a/lxc.spec.in b/lxc.spec.in
> > index 615fcd6..c8ff08e 100644
> > --- a/lxc.spec.in
> > +++ b/lxc.spec.in
> > @@ -31,7 +31,7 @@
> > BuildRequires: systemd-units
> > %else
> > %global with_systemd 0
> > -%define init_script sysv
> > +%define init_script sysvinit
> > %endif
> >
> > # RPM needs alpha/beta/rc in Release: not Version: to ensure smooth
> > diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am
> > index 34d69a6..1a63fca 100644
> > --- a/src/lxc/Makefile.am
> > +++ b/src/lxc/Makefile.am
> > @@ -165,11 +165,8 @@ bin_SCRIPTS = \
> >
> > EXTRA_DIST = \
> > lxc-device \
> > - lxc-devsetup \
> > lxc-ls \
> > - lxc-top \
> > - lxc.service \
> > - lxc.sysvinit
> > + lxc-top
> >
> > if ENABLE_PYTHON
> > bin_SCRIPTS += lxc-device
> > @@ -212,43 +209,6 @@ bin_PROGRAMS = \
> > pkglibexec_PROGRAMS = \
> > lxc-init
> >
> > -if INIT_SCRIPT_SYSV
> > -install-init: lxc.sysvinit
> > - $(MKDIR_P) $(DESTDIR)$(sysconfdir)/rc.d/init.d
> > - $(INSTALL_SCRIPT) lxc.sysvinit $(DESTDIR)$(sysconfdir)/rc.d/init.d/lxc
> > -
> > -uninstall-init:
> > - rm -f $(DESTDIR)$(sysconfdir)/rc.d/init.d/lxc
> > - rmdir $(DESTDIR)$(sysconfdir)/rc.d/init.d || :
> > -else
> > -install-init:
> > -uninstall-init:
> > -endif
> > -
> > -if INIT_SCRIPT_SYSTEMD
> > -SYSTEMD_UNIT_DIR = /usr/lib/systemd/system
> > -install-systemd: lxc.service lxc-devsetup
> > - $(MKDIR_P) $(DESTDIR)$(SYSTEMD_UNIT_DIR)
> > - $(INSTALL_DATA) lxc.service $(DESTDIR)$(SYSTEMD_UNIT_DIR)/
> > -
> > -uninstall-systemd:
> > - rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/lxc.service
> > - rmdir $(DESTDIR)$(SYSTEMD_UNIT_DIR) || :
> > -pkglibexec_SCRIPTS = lxc-devsetup
> > -else
> > -install-systemd:
> > -uninstall-systemd:
> > -endif
> > -
> > -if INIT_SCRIPT_UPSTART
> > -# FIXME: install/uninstall upstart script here
> > -install-upstart:
> > -uninstall-upstart:
> > -else
> > -install-upstart:
> > -uninstall-upstart:
> > -endif
> > -
> > AM_LDFLAGS = -Wl,-E
> > if ENABLE_RPATH
> > AM_LDFLAGS += -Wl,-rpath -Wl,$(libdir)
> > @@ -286,10 +246,6 @@ lxc_snapshot_SOURCES = lxc_snapshot.c
> > lxc_usernsexec_SOURCES = lxc_usernsexec.c
> > lxc_user_nic_SOURCES = lxc_user_nic.c network.c network.h
> >
> > -install-data-local: install-init install-systemd install-upstart
> > -
> > -uninstall-local: uninstall-init uninstall-systemd uninstall-upstart
> > -
> > install-exec-local: install-soPROGRAMS
> > mkdir -p $(DESTDIR)$(datadir)/lxc
> > install -c -m 644 lxc.functions $(DESTDIR)$(datadir)/lxc
> > diff --git a/src/lxc/lxc-devsetup b/src/lxc/lxc-devsetup
> > deleted file mode 100755
> > index 3999ac8..0000000
> > --- a/src/lxc/lxc-devsetup
> > +++ /dev/null
> > @@ -1,25 +0,0 @@
> > -#!/bin/sh -
> > -
> > -# lxc.devsetup - Setup host /dev for container /dev subdirectories.
> > -
> > -if [[ ! -d /dev/.lxc ]]
> > -then
> > - echo "Creating /dev/.lxc"
> > - mkdir /dev/.lxc
> > - chmod 755 /dev/.lxc
> > -fi
> > -
> > -if grep -q "/dev devtmpfs " /proc/self/mounts
> > -then
> > - echo "/dev is devtmpfs"
> > -else
> > - echo "/dev is not devtmpfs - mounting tmpfs on .lxc"
> > - mount -t tmpfs tmpfs /dev/.lxc
> > -fi
> > -
> > -if [[ ! -d /dev/.lxc/user ]]
> > -then
> > - echo "Creating /dev/.lxc/user"
> > - mkdir /dev/.lxc/user
> > - chmod 1777 /dev/.lxc/user
> > -fi
> > diff --git a/src/lxc/lxc.service b/src/lxc/lxc.service
> > deleted file mode 100644
> > index aa20b91..0000000
> > --- a/src/lxc/lxc.service
> > +++ /dev/null
> > @@ -1,17 +0,0 @@
> > -[Unit]
> > -Description=LXC Container Initialization and Autoboot Code
> > -After=syslog.target
> > -
> > -[Service]
> > -Type=oneshot
> > -RemainAfterExit=yes
> > -ExecStartPre=/usr/libexec/lxc/lxc-devsetup
> > -ExecStart=/usr/libexec/lxc/lxc-startup start
> > -ExecStop=/usr/libexec/lxc/lxc-startup stop
> > -# Environment=BOOTUP=serial
> > -# Environment=CONSOLETYPE=serial
> > -StandardOutput=syslog
> > -StandardError=syslog
> > -
> > -[Install]
> > -WantedBy=multi-user.target
> > diff --git a/src/lxc/lxc.sysvinit b/src/lxc/lxc.sysvinit
> > deleted file mode 100755
> > index 9128187..0000000
> > --- a/src/lxc/lxc.sysvinit
> > +++ /dev/null
> > @@ -1,64 +0,0 @@
> > -#!/bin/sh
> > -#
> > -# lxc Start/Stop LXC autoboot containers
> > -#
> > -# chkconfig: 345 99 01
> > -# description: Starts/Stops all LXC containers configured for autostart.
> > -#
> > -### BEGIN INIT INFO
> > -# Provides: lxc
> > -# Default-Start: 3 4 5
> > -# Default-Stop: 0 1 6
> > -# Short-Description: Bring up/down LXC autostart containers
> > -# Description: Bring up/down LXC autostart containers
> > -### END INIT INFO
> > -
> > -# Source function library.
> > -. /etc/init.d/functions
> > -
> > -# Check for needed utility program
> > -[ -x /usr/bin/lxc-autostart ] || exit 1
> > -
> > -# If libvirtd is providing the bridge, it might not be
> > -# immediately available, so wait a bit for it before starting
> > -# up the containers or else any that use the bridge will fail
> > -# to start
> > -wait_for_bridge()
> > -{
> > - [ -f /etc/lxc/default.conf ] || { return 0; }
> > -
> > - BRNAME=`grep lxc.network.link /etc/lxc/default.conf |awk '{print $3}'`
> > - [ -n $BRNAME ] || { return 0; }
> > -
> > - for try in `seq 1 30`; do
> > - ifconfig -a |grep "^$BRNAME" >/dev/null 2>&1
> > - if [ $? = 0 ]; then
> > - return
> > - fi
> > - sleep 1
> > - done
> > -}
> > -
> > -# See how we were called.
> > -case "$1" in
> > - start)
> > - [ ! -f /var/lock/subsys/lxc ] || { exit 0; }
> > -
> > - # Start containers
> > - wait_for_bridge
> > - action $"Starting LXC containers: " /usr/bin/lxc-autostart
> > - touch /var/lock/subsys/lxc
> > - ;;
> > - stop)
> > - action $"Stopping LXC containers: " /usr/bin/lxc-autostart -s
> > - rm -f /var/lock/subsys/lxc
> > - ;;
> > - restart|reload|force-reload)
> > - $0 stop
> > - $0 start
> > - ;;
> > - *)
> > - echo $"Usage: $0 {start|stop|restart|reload|force-reload}"
> > - exit 2
> > -esac
> > -exit $?
> > --
> > 1.8.5.2
> >
> > _______________________________________________
> > lxc-devel mailing list
> > lxc-devel at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-devel
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140116/5ff303c7/attachment.pgp>
More information about the lxc-devel
mailing list