[Lxc-users] host init scripts
Brian K. White
brian at aljex.com
Mon Feb 15 17:06:42 UTC 2010
Thanks to two threads on this list earlier, I now have a nice working
set of init scripts for opensuse, packaged in an rpm, that implements
the two key tricks from those threads:
* Host killing or restarting a container at the containers request, by
monitoring the containers runlevel and tasklist in order to know when
it's ok to, and waiting in between actions with inotify.
* Container shutting itself down at the hosts request via the inittab
All together, in order to integrate cleanly with init scripts which
require specific exit values from helper scripts in order to know
specific standardized status states (running, not running, error,
etc..." I ended up making
/etc/init.d/lxc and a sympling /usr/sbin/rclxc
which runs at different times, each of
lxc-shutdown-agent - essentially my rendition of lxc-waiton-init. I
called it that because to me, thats what it is, an agent that acts on
behalf of a container to perform an act on the host that the container
can't otherwise do. Namely lxc-stop or lxc-stop;lxc-start, emulating
what would normally be done by a motherboard bios.
lxc-startup-all - loops through config files and starts up each
lxc-shutdown-all - loops through the output of "lxc-ps -C init", ignores
the header and the host's own init, and sends the SIGPWR to every
lxc-status-all - loops through the output of "lxc-ls -1", counts all the
occurances of RUNNING. If at the end the counter is greater than 0, exit
0, else exit 3. which are the two exit values that the rc_status
functions in the init script interpret as the "service" Up or Down.
I can cleanly reboot the host by any normal means including automatic
reaction to UPS power fail or ctrl-alt-del (except I disable that hotkey
on my production boxes, why take a chance?) And my merely-human
co-workers can be working on a container system and issue reboot
commands like normal without needing to know or care they're on a
container, and on the host they can check the status of lxc just like
any other service "rclxc status" or restart it "rclxc stop; rclxc start"
or reboot the host without breaking the containers other than that they
too will be shut down.
And just for giggles I managed to do it all directly in shell. No sed
grep, awk or even cut or wc!. A minimum of subshells of any sort.
But, they'll now have to start growing. It's just a start at this point.
It all works great, but it requires things to be set up the right way
to work. I need to do more checking of things like, running containers
that don't happen to be full OS's with an init process, containers that
don't have the special powerfail line in inittab (or don't even have an
It's all in here:
For easier access, for an unspecified time the scripts are directly
They're symlinks to the actual scripts running on that box though, so as
I keep working on them, they'll change, but right now they're the same
as what's in the rpm.
So thanks for those two all-important tricks that make it possible
because before that thread I had NO idea how I was going to make this
My container host box is one sweet hosting _machine_ now, and, it's
practically effortless to make more of them just by installing one rpm.
And fast? I have 9 containers on that box so far, each is a full normal
"base" (no gui) install of opensuse 11.2 x86_64, and it takes literally
a few seconds, like, not even a few tens of seconds, from the time the
lxc init script starts for all 9 to reach fully up state where you can
get an ssh login. Insane.
Damn this stuff is cool...
I know you're all using debian and arch, but, suse now has prepackaged
system integration ;) Well, sorta. It'll be a million years before I
could make an actual Yast module which is really what defines system
integration on suse.
More information about the lxc-users