[lxc-devel] [PATCH] [RFC] Reduce duplication in new style configs

Stéphane Graber stgraber at ubuntu.com
Mon Jun 23 13:49:40 UTC 2014 

On Mon, Jun 23, 2014 at 09:34:19AM -0400, Dwight Engen wrote:
> On Fri, 20 Jun 2014 17:30:33 -0400
> Stéphane Graber <stgraber at ubuntu.com> wrote:
> 
> > This is a rather massive cleanup of config/templates/*
> > 
> > As new templates were added, I've noticed that we pretty much all
> > share the tty/pts configs, some capabilities being dropped and most
> > of the cgroup configuration. All the userns configs were also almost
> > identical.
> > 
> > As a result, this change introduces two new files:
> >  - common.conf.in
> >  - userns.conf.in
> > 
> > Each is included by the relevant <template>.<type>.conf.in templates,
> > this means that the individual per-template configs are now overlays
> > on top of the default config.
> > 
> > Once we see a specific key becoming popular, we ought to check whether
> > it should also be applied to the other templates and if more than 50%
> > of the templates have it set to the same value, that value ought to be
> > moved to the master config file and then overriden for the templates
> > that do not use it.
> > 
> > This change while pretty big and scary, shouldn't be very visible
> > from a user point of view, the actual changes can be summarized as:
> >  - Extend clonehostname to work with Debian based distros and use it
> > for all containers.
> >  - lxc.pivotdir is now set to lxc_putold for all templates, this means
> >    that instead of using /mnt in the container, lxc will create and
> > use /lxc_putold instead. The reason for this is to avoid failures
> > when the user bind-mounts something else on top of /mnt.
> >  - Some minor cgroup limit changes, the main one I remember is
> >    /dev/console now being writable by all of the redhat based
> > containers. The rest of the set should be identical with additions in
> > the per-distro ones.
> >  - Drop binfmtmisc and efivars bind-mounts for non-mountall based
> >    unpriivileged containers as I assumed they got those from
> > copy/paste from Ubuntu and not because they actually need those
> > entries. (If I'm wrong, we probably should move those to userns.conf
> > then).
> > 
> > Additional investigation and changes to reduce the config delta
> > between distros would be appreciated. In practice, I only expect
> > lxc.cap.drop and lxc.mount.entry to really vary between distros
> > (depending on the init system, the rest should be mostly common.
> > 
> > I'm marking this as RFC because I haven't done any testing on this yet
> > and I've got to work on something else right now. I'd appreciate the
> > input from the affected template maintainers!
> 
> Hi Stéphane, I looked through this and it looks good to me (one minor
> comment below). Thanks.
>  
> > Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
> > ---
> 
> [...]
> 
> > diff --git a/hooks/clonehostname b/hooks/clonehostname
> > index 8865c2d..e5676af 100755
> > --- a/hooks/clonehostname
> > +++ b/hooks/clonehostname
> > @@ -20,7 +20,9 @@
> >  # Note that /etc/hostname is updated by lxc itself
> >  for file in \
> >      $LXC_ROOTFS_PATH/etc/sysconfig/network \
> > -    $LXC_ROOTFS_PATH/etc/sysconfig/network-scripts/ifcfg-* ;
> > +    $LXC_ROOTFS_PATH/etc/sysconfig/network-scripts/ifcfg-* \
> > +    $LXC_ROOTFS_PATH/etc/hostname \
> > +    $LXC_ROOTFS_PATH/etc/hosts ;
> >  do
> >      if [ -f $file ]; then
> >          sed -i "s|$LXC_SRC_NAME|$LXC_NAME|" $file
> 
> As I put in the comment above, I didn't put /etc/hostname into the list
> in the hook since clone_update_rootfs() already does it, and if we
> put it here it will override the LXC_CLONE_KEEPNAME flag.

Doh, I should have read the comment, I'll drop it from the list then :)

> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140623/0101c8c4/attachment.sig>

More information about the lxc-devel mailing list