[Lxc-users] host init scripts

Brian K. White brian at aljex.com
Mon Feb 15 17:06:42 UTC 2010

Thanks to two threads on this list earlier, I now have a nice working 
set of init scripts for opensuse, packaged in an rpm, that implements 
the two key tricks from those threads:

* Host killing or restarting a container at the containers request, by 
monitoring the containers runlevel and tasklist in order to know when 
it's ok to, and waiting in between actions with inotify.

* Container shutting itself down at the hosts request via the inittab 
powerfail signal.

All together, in order to integrate cleanly with init scripts which 
require specific exit values from helper scripts in order to know 
specific standardized status states (running, not running, error, 
etc..." I ended up making

/etc/init.d/lxc and a sympling /usr/sbin/rclxc
   which runs at different times, each of

lxc-shutdown-agent - essentially my rendition of lxc-waiton-init. I 
called it that because to me, thats what it is, an agent that acts on 
behalf of a container to perform an act on the host that the container 
can't otherwise do. Namely lxc-stop or lxc-stop;lxc-start, emulating 
what would normally be done by a motherboard bios.

lxc-startup-all - loops through config files and starts up each 
container found.

lxc-shutdown-all - loops through the output of "lxc-ps -C init", ignores 
the header and the host's own init, and sends the SIGPWR to every 
container found.

lxc-status-all - loops through the output of "lxc-ls -1", counts all the 
occurances of RUNNING. If at the end the counter is greater than 0, exit 
0, else exit 3. which are the two exit values that the rc_status 
functions in the init script interpret as  the "service" Up or Down.

I can cleanly reboot the host by any normal means including automatic 
reaction to UPS power fail or ctrl-alt-del (except I disable that hotkey 
  on my production boxes, why take a chance?) And my merely-human 
co-workers can be working on a container system and issue reboot 
commands like normal without needing to know or care they're on a 
container, and on the host they can check the status of lxc just like 
any other service "rclxc status" or restart it "rclxc stop; rclxc start"
or reboot the host without breaking the containers other than that they 
too will be shut down.

And just for giggles I managed to do it all directly in shell. No sed 
grep, awk or even cut or wc!. A minimum of subshells of any sort.

But, they'll now have to start growing. It's just a start at this point. 
  It all works great, but it requires things to be set up the right way 
to work. I need to do more checking of things like, running containers 
that don't happen to be full OS's with an init process, containers that 
don't have the special powerfail line in inittab (or don't even have an 

It's all in here:

For easier access, for an unspecified time the scripts are directly 
viewable here:
They're symlinks to the actual scripts running on that box though, so as 
I keep working on them, they'll change, but right now they're the same 
as what's in the rpm.

So thanks for those two all-important tricks that make it possible 
because before that thread I had NO idea how I was going to make this 
My container host box is one sweet hosting _machine_ now, and, it's 
practically effortless to make more of them just by installing one rpm.
And fast? I have 9 containers on that box so far, each is a full normal 
"base" (no gui) install of opensuse 11.2 x86_64, and it takes literally 
a few seconds, like, not even a few tens of seconds, from the time the 
lxc init script starts for all 9 to reach fully up state where you can 
get an ssh login. Insane.
Damn this stuff is cool...

I know you're all using debian and arch, but, suse now has prepackaged 
system integration ;) Well, sorta. It'll be a million years before I 
could make an actual Yast module which is really what defines system 
integration on suse.


More information about the lxc-users mailing list