[Lxc-users] New LXC Creation Script: lxc-ubuntu-x

Derek Simkowiak derek at simkowiak.net
Wed Oct 5 21:44:56 UTC 2011 

Besides the last step, I have it all in my solution which I have posted to
the list several months ago...

      Ulli,
     Thank you for your reply, and posting the link to your script.  I 
looked over it and the approach is a little different.  I believe my 
script has some features which yours does not, and vice versa.

     My script is designed exclusively for creating new containers, from 
scratch.  Your script seems to be a wrapper around the LXC commands, 
including a "Create clone" command that will copy a master template 
filesystem and configure it as a new LXC container.

     Your script requires a series of initial setup commands that say 
"You must not execute [these commands] as a normal script, because it 
contains some instruction for human interaction."  My script does most 
of the same actions as your manual setup (like running debootstrap, 
setting locale, etc.), but it does it without any human interaction.

     Your script only allows for the one, master template located in 
/var/lib/lxc/ubuntu.  With my script, any existing LXC container can be 
a template.  And a key feature of my script is that each "template" can 
also have its own set of configuration hooks, so that each template can 
(optionally) have a series of custom configuration commands.  My LAMP 
template, for example, generates a new, unique Apache SSL certificate 
for each newly deployed LXC container, and also fixes the MySQL init 
script to work with LXC.  I also have a "shared" template, for 
lightweight SSH servers like in the IBM documentation.  You could use 
this feature to set different locales for customers from different 
countries, or to automatically configure LAMP applications during 
deployment.  I think that is an important feature for hosting 
environments, where you'd want to deploy more than one kind of template 
without human interaction.

     Other differences:

- Perl v. Bash

- Your setup instructions include a custom version of the LXC tools and 
init script (installed using wget).  I depend on the official apt-get 
versions.

- Mine generates a unique SSH host key for every new LXC container, and 
a new SSL cert for LAMP servers (using the configuration hooks).  I 
didn't see that in your script, and that's a big deal for production 
environments.

- Your script wraps the standard lxc-tools scripts, to list, start, or 
stop, etc.  My script has no such feature, and refers you to the 
standard lxc-start, lxc-stop, lxc-ps, etc. instead.

- My script automatically caches filesystems into .tgz files for faster 
deployment... not a big deal, but it's faster than cp -a.


     I think there is about 80% overlap between the two projects but 
enough differences to be interesting.  I'll take a closer look at your 
script looking for ideas I may have missed, and I invite you to do the same.


Thanks,
Derek Simkowiak
http://derek.simkowiak.net


On 10/05/2011 06:53 AM, Ulli Horlacher wrote:
> On Thu 2011-09-29 (18:05), Derek Simkowiak wrote:
>> Hello,
>>       I have just published a new Open Source LXC container creation
>> script, called lxc-ubuntu-x.  It implements all the latest "best
>> practices" I found on the web, and introduces some new features.  I am
>> using this script in a production environment, and I invite you to check
>> it out:
>>
>> http://derek.simkowiak.net/lxc-ubuntu-x/
>>
>>       It currently generates Ubuntu or Debian containers.
>>
>>       I created this because the scripts and tutorials I found on the web
>> all had shortcomings of one form or another.  For example, many blogs
>> recommend mounting filesystems within the container's init (which does
>> not allow for a shared read-only mount, because root can simply remount
>> it).  So, this script uses an external fstab file.  Also:
>>
>> - It creates a random MAC address with a high vendor address, to
>> workaround Launchpad bug #58404
>> - It generates new (unique) SSH host keys and SSL certificates for each
>> new container
>> - It applies all necessary dev, mtab, and init script fixes, including
>> booting containers with Upstart
>> - It is fully non-interactive; it allows for automatic generation of
>> containers. (Getting this to work was surprisingly difficult!)
>> - It restricts container "capabilities" as much as possible by default
>> - It creates a default user, sets his password, installs any SSH
>> "authorized_keys" file you want, and adds him to the sudo admin group.
> Besides the last step, I have it all in my solution which I have posted to
> the list several months ago:
>
> http://fex.rus.uni-stuttgart.de/lxc.html
>
> Plus: I can execute any command inside a container without ssh.
>
>
>

More information about the lxc-users mailing list