[lxc-devel] [PATCH] Update Fedora and CentOS templates for common conf includes.

Stéphane Graber stgraber at ubuntu.com
Wed Jan 22 18:55:07 UTC 2014 

On Wed, Jan 22, 2014 at 11:38:29AM -0500, Michael H. Warfield wrote:
> On Wed, 2014-01-22 at 10:35 -0500, Stéphane Graber wrote: 
> > On Wed, Jan 22, 2014 at 09:29:23AM -0500, Michael H. Warfield wrote:
> > > On Tue, 2014-01-21 at 20:25 -0500, Stéphane Graber wrote: 
> > > > On Tue, Jan 21, 2014 at 11:56:56AM -0500, Michael H. Warfield wrote:
> > > > > Update Fedora and CentOS templates for common conf includes.
> > > > > 
> > > > > This updates the Fedora and CentOS templates to utilize a common
> > > > > included config.  This is largely based on the changes in the Oracle
> > > > > template with some exceptions.
> > > > > 
> > > > > Dropping of setpcap (present in the Oracle template) is commented out in
> > > > > the Fedora template.  It seems to cause problems, such as large login
> > > > > delays with Fedora 20 containers (but not Fedora 19 - strange).
> > > > > 
> > > > > The Fedora template is further modified to disable systemd-journald.service
> > > > > as it is unnecessary in a container and causes serious problems when
> > > > > running in a Fedora 20 container.
> > > > > 
> > > > > The Fedora template is also updated to default to Fedora 20 when running
> > > > > on a non-Fedora host.
> > > > > 
> > > > > Regards,
> > > > > Mike
> > > > > 
> > > > > Signed-off-by: Michael H. Warfield <mhw at WittsEnd.com>
> > > > 
> > > > Acked-by: Stéphane Graber <stgraber at ubuntu.com>
> > > > 
> > > > I'll setup builds for CentOS 6.5 on amd64 and i386 and for Fedora 19 and
> > > > 20 also on amd64 and i386.
> > > > 
> > > > I believe Fedora 20 also supports armhf but that one may need a bit more
> > > > work to get going (do you know if your template works with armhf?).
> > > 
> > > Fedora does support armhf in mainline now.  Previously it was in aux.
> > > The template was definitely working with Raspberry Pi armhf with
> > > Fedora18.  That was before they created the "Pidora" respin which broke
> > > the Fedora template thanks to the name change and some repo changes.
> > > Since then, I've also done that distro agnostic bootstrap coding.  I
> > > wouldn't be surprised if it was broken, but it should be close.  I'll
> > > have to give it a shot on one of my RPi's.
> > > 
> > > Regards,
> > > Mike
> 
> > The image build worked at least, I still need to actually test the
> > resulting images to make sure they work though.
> 
> > Btw, any chance of getting -A working before 1.0 release?
> 
> Oooo...  Ouch...  Yeah, that place holder has been in there since long
> before I first stuck my nose in there.  I can only foresee two cases
> where that would even be possible.
> 
> Build i386 on x86_64 host
> 
> Build arm (software floating point - arm3, arm4, arm5) on armhfp
> (hardware floating point - arm6+) host.  Except, arm is not in mainline,
> only armhfp is, so it's doubtful this could be done in the short term.
> 
> I can see where the first case would be useful to you for building
> download templates.  I'm not so sure how useful the second one would be.
> 
> Other cases would require hardware emulation.
> 
> I can't guarantee anything but I'll look at it, at least for the i386 on
> x86_64 case.  It might be possible in the limited case to kick something
> out quickly.  The CentOS template may actually be more complicated than
> the Fedora template because I did the bootstrap logic and everything is
> done in chrooted environments in the Fedora template that should cover
> the arch jump.
> 
> ITMT, I've pinged Fredric over at Suse, privately, to see what we can
> get done with the opensuse template.  You listed it as broken for your
> download template due to a requirement of zypper (it also requires
> "build") plus it needed conversion to use the common config includes and
> you needed a base container tarball, iirc.
> 
> It's got more problems than that.  Using a prebuild OpenSUSE starting
> container on my Fedora host, I've been able to build containers for
> OpenSUSE 12.3 and 13.1 (latest) but both have systemd problems and
> doubtlessly need autodev set up (the autodetection logic still keeps us
> out of trouble and keeps us from blowing up a systemd host).  It's also
> set up for a hardcoded version (12.3) with no version option.  :-P
> 
> That one needs some attention paid too it.  Ideally, maybe Fredric or
> one of the other Suse guys can dig into it.  I've had my nose into it
> just deep enough to think a lot of the yum logic SHOULD work and deep
> enough to go "oh here there be dragons".
> 
> Regards,
> Mike

I also just tested the Fedora template in unprivileged LXC and not too
surprisingly systemd blows up to pieces, so I have removed Fedora from
index-user so that lxc-download doesn't show it as available for
unprivileged containers.

The little debugging I've done seems to indicate that:
 - lxc.autodev doesn't work unprivileged
 - systemd tries to mount things it's not allowed to
 - it's possible to workaround some of the issue by mounting a tmpfs on
   /dev but then LXC fails because of missing /dev/pts.

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140122/4d948f62/attachment.pgp>

More information about the lxc-devel mailing list