[Lxc-users] Ubuntu template questions

Serge Hallyn serge.hallyn at canonical.com
Tue Mar 13 19:02:34 UTC 2012 

Quoting Papp Tamas (tompos at martos.bme.hu):
> hi All,
> 
> I always created an own template with debootstrap and I used it.
> 
> Now I tried lxc-create -t ubuntu and I still have some question and 
> suggestion:

Thanks, Papp.

> 1. I suggest ntpdate not to be installed (remove after debootstrap). 
> Also I think 'update-rc.d -f ondemand remove' would be fine in the 
> container. Actually I see this somewhere in the script, but I had to do 
> it manually.

Hm, perhaps /etc/network/if-up.d/ntpdate should be updated to not run
in a container.

It also might be worth removing CAP_SYS_TIME from the container's
rights.

> 2. It would be nice, if a postinstall script can be called automatically

You mean to run after the container has been created?  That'd be a nice
features, yes.  Stéphane has also suggested pre- and post-start scripts
for container start/stop.

> 3. I think rootfs.hold file should be documented better, for example 
> with a text message in it.

I have no objection to that.

> 4. I always wanted to ask, why lxc-create command has a switch '-n' if 
> it defined in the configuration anyway?

Hmm?  I never put the hostname in my configuration manually.

> 5. There are a number of custom devices, which I think by default should 
> not be there. For example tun and others. Or are they necessary? Is this 
> just a kind of failsafe solution for the beginning/beginners which needs 
> to be tuned?

Well, these templates are used by people doing juju, openstack, and
launchpad/buildd stuff.  Yes we've never really discussed how we should
go about deciding good defaults.  We probably should.

> 6. How can I deploy it to a custom directory? With the switch '-B' I was 
> not successful. Anyway, many times I just want to create a container 
> with no individual partition (volume). Now I copied it from /var/lib/lxc.

Not sure what you mean.  -B only really supports lvm right now.  It should
be made to support loopback qemu-nbd images.

In the lxc server guide (a rough draft is at
https://code.launchpad.net/~serge-hallyn/serverguide/serverguide-lxc
with a rougher but pdf draft at
http://people.canonical.com/~serge/lxc.serverguide.pdf)
I strongly recommend against picking custom locations.  Rather, if you
need more space, symlink or bind-mount in another filesystem to
/var/lib/lxc and /var/cache/lxc.

> 7. Why does lxc-destroy remove the container files without asking about 
> it? I think is a bad idea.

<shrug>  it's what it's always done.  I personally like it - I prefer
limiting interaction.  We could add a --del-rootfs option, without which
it only deletes the config, but I don't really see the point.

> 8. The script creates some custom upstart config file:
> lxc.conf: Why don't use lxcguest package?

lxc.conf is installed with lxc, to be installed on the host.  It's what
starts your /etc/lxc/auto/ containers.

> ssh.conf: why is this necessary?
> console.conf: It should be in the package upstart as tty[0-6].conf or in 
> lxcguest package, isn't it?

Here you need to be specific about what containers you created, with what
options.  If you're creating a precise container on precise host, ssh.conf
won't exist and console.conf is shipped by upstart, just as you say.

> 9. The script just removes config files instead of using dpkg-divert:
> rm -f $rootfs/etc/init/tty{5,6}.conf
> 
> chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls u*.conf); do mv 
> $f $f.orig; done'
> chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls tty[2-9].conf); 
> do mv $f $f.orig; done'
> chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls 
> plymouth*.conf); do mv $f $f.orig; done'
> chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls hwclock*.conf); 
> do mv $f $f.orig; done'
> chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls module*.conf); 
> do mv $f $f.orig; done'
> 
> 
> Why?

In general I think trim'ed containers are considered non-upgradeable
anyway, but if dpkg-divert can be easily used to improve things, that
might be a good idea.  Would you be interested in writing some patches
to that effect?

> 10.
> if [ $release != "lucid" ]; then
>      sed -i 's/^.*emission handled.*$/echo Emitting lo/' 
> $rootfs/etc/network/if-up.d/upstart
> fi
>          * Would not be better if there is an lxclo.conf from lxcguest? 
> Than you don't need to worry about package updates.

Yes, but this is a trimmed container.  Trim means manually slice and
dice the system so you don't need lxcguest.

If you don't do --trim, then this won't be done, and lxcguest will be
installed instead.

> Anyway, nice work guys. Thank you!

Thanks, sorry for taking so long to respond.

-serge

More information about the lxc-users mailing list