[Lxc-users] Ubuntu Lucid containers on Ubuntu Natty
Elliot Pahl
elliot.pahl at gmail.com
Tue Jun 21 11:00:11 UTC 2011
There are a few issues with creating a lucid container, then adding the
updates and security repositories.
If you add them later, you'll get problems that prevent your container from
fully starting if you upgrade the following:
mountall (2.14 => 2.15.3) and
ifupdown (0.6.8ubuntu29 => 0.6.8ubuntu29.2)
mountall will override <container>/lib/init/fstab to look like:
>>>
# /lib/init/fstab: static file system information.
#
# These are the filesystems that are always mounted on boot, you can
# override any of these by copying the appropriate line from this file into
# /etc/fstab and tweaking it as you see fit. See fstab(5).
#
# <file system> <mount point> <type> <options>
<dump> <pass>
/dev/root / rootfs defaults
0 1
none /proc proc
nodev,noexec,nosuid 0 0
none /proc/sys/fs/binfmt_misc binfmt_misc
nodev,noexec,nosuid,optional 0 0
none /sys sysfs
nodev,noexec,nosuid 0 0
none /sys/fs/fuse/connections fusectl optional
0 0
none /sys/kernel/debug debugfs optional
0 0
none /sys/kernel/security securityfs optional
0 0
none /spu spufs gid=spu,optional
0 0
none /dev devtmpfs,tmpfs mode=0755
0 0
none /dev/pts devpts
noexec,nosuid,gid=tty,mode=0620 0 0
none /dev/shm tmpfs nosuid,nodev
0 0
none /tmp none defaults
0 0
none /var/run tmpfs
mode=0755,nosuid,showthrough 0 0
none /var/lock tmpfs
nodev,noexec,nosuid,showthrough 0 0
none /lib/init/rw tmpfs
mode=0755,nosuid,optional 0 0
>>>
Instead of:
>>>
# /lib/init/fstab: lxc system fstab
none /spu spufs gid=spu,optional
0 0
none /tmp none defaults
0 0
none /var/lock tmpfs
nodev,noexec,nosuid,showthrough 0 0
none /lib/init/rw tmpfs
mode=0755,nosuid,optional 0 0
>>>
I note that other versions of ubuntu don't seem to require this stripped
down /lib/init/fstab, can anyone explain why?
If you replace it with the old version, you'll be good to go, but...
ifupdown has these changes (though I don't quite understand why they're an
issue, seems like they should just work..):
>>>
diff -u -r
ifupdown-0.6.8ubuntu29/debian/ifupdown.network-interface-security.upstart
ifupdown-0.6.8ubuntu29.2/debian/ifupdown.network-interface-security.upstart
---
ifupdown-0.6.8ubuntu29/debian/ifupdown.network-interface-security.upstart
2010-02-20 17:30:21.000000000 +1300
+++
ifupdown-0.6.8ubuntu29.2/debian/ifupdown.network-interface-security.upstart
2011-01-05 07:48:34.000000000 +1300
@@ -13,14 +13,22 @@
or starting network-manager
or starting networking)
+# In order to handle the lack of upstart feature LP: #568860, we need to
+# run multiple times, for each of the above "starting" service instances,
or
+# else another one might run while we're running, and not wait for us to
+# finish.
+instance $JOB${INTERFACE:+/}${INTERFACE:-}
+
# Since we need these profiles to be loaded before any of the above
services
# begin running, this service must be a pre-start so that its pre-start
# script finishes before the above services' start scripts begin.
pre-start script
+ [ -f /var/run/network-interface-security ] && exit 0 # already ran
[ -d /rofs/etc/apparmor.d ] && exit 0 # do not load on liveCD
[ -d /sys/module/apparmor ] || exit 0 # do not load without AppArmor
[ -x /sbin/apparmor_parser ] || exit 0 # do not load without parser
for link in /etc/apparmor/init/network-interface-security/* ; do
[ -L $link ] && /sbin/apparmor_parser -r -W $link || true
done
+ > /var/run/network-interface-security
end script
diff -u -r ifupdown-0.6.8ubuntu29/debian/ifupdown.network-interface.upstart
ifupdown-0.6.8ubuntu29.2/debian/ifupdown.network-interface.upstart
--- ifupdown-0.6.8ubuntu29/debian/ifupdown.network-interface.upstart
2010-02-20 17:30:21.000000000 +1300
+++ ifupdown-0.6.8ubuntu29.2/debian/ifupdown.network-interface.upstart
2011-01-05 07:48:34.000000000 +1300
@@ -10,8 +10,15 @@
stop on net-device-removed INTERFACE=$INTERFACE
instance $INTERFACE
+export INTERFACE
pre-start script
+ if [ "$INTERFACE" = lo ]; then
+ # bring this up even if /etc/network/interfaces is broken
+ ifconfig lo 127.0.0.1 up || true
+ initctl emit -n net-device-up \
+ IFACE=lo LOGICAL=lo ADDRFAM=inet METHOD=loopback || true
+ fi
mkdir -p /var/run/network
exec ifup --allow auto $INTERFACE
end script
diff -u -r ifupdown-0.6.8ubuntu29/debian/ifupdown.upstart.if-up
ifupdown-0.6.8ubuntu29.2/debian/ifupdown.upstart.if-up
--- ifupdown-0.6.8ubuntu29/debian/ifupdown.upstart.if-up 2010-02-20
17:30:21.000000000 +1300
+++ ifupdown-0.6.8ubuntu29.2/debian/ifupdown.upstart.if-up 2010-07-23
00:59:07.000000000 +1200
@@ -2,6 +2,10 @@
set -e
+if [ "$IFACE" = lo ]; then
+ exit 0 # emission handled by /etc/init/network-interface.conf
+fi
+
initctl emit -n net-device-up \
"IFACE=$IFACE" \
"LOGICAL=$LOGICAL" \
>>>
If you comment out the additions to /etc/network/if-up.d/upstart like so:
>>>
#if [ "$IFACE" = lo ]; then
# exit 0 # emission handled by /etc/init/network-interface.conf
#fi
>>>
Then your lxc will start again, but I'd really prefer not to have to do it
every time I create a lucid container.
Is there a good solution for these issues? Is the solution to modify the
debootstrap template, or does it lie elsewhere?
Cheers,
Elliot Pahl
--
Elliot Pahl
elliot.pahl at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20110621/14796442/attachment.html>
More information about the lxc-users
mailing list