[lxc-users] Looking for Opensuse template
Remco Rohde
r.rohde at rug.nl
Sun May 4 20:59:55 UTC 2014
Philip,
Just would like to let you know that the most recent Suse Enterprise
Linux (a.k.a. SLES) v11 SP3 does indeed support LXC. Because i wanted to
run SLES and Ubuntu containers on the same host i invested some spare
time to get SLES containers running on a Ubuntu host. It cost me a
couple of hours to create a working template for a SLES container on
Ubuntu 12.04, and eventually i got it working and I'm now successfully
running enterprise stuff (eDirectory/Identity Manager) in SLES
containers on Ubuntu .... Totally unsupported of course, but good enough
for my test environment and it was a fun exercise to get to know LXC a
little bit better ...
I think this hack will work for other distros as well, but it might be
pretty tricky when the hosts kernel version differs (a lot) from the
SLES kernel. (a.t.m the SLES11 sp3 kernel version is "3.0.101", Ubuntu
12.04 is 3.2.0 ). Until now i got no complaints from the SLES containers
though.
To get a SLES11 container running on Ubuntu 12.04 you need to take the
following steps:
- install lxc and create a dummy container on a SLES host and copy the
/var/cache/lxc/sles directory over to the same location on your (Ubuntu)
host.
- copy the attached lxc template (lxc-sles) to /usr/lib/lxc/templates/
and edit it to your liking (insert ssh keys, bind mounts, and
credentials for online updates)
- create a new sles container:/lxc-create -n slestest -t sles/
- run the container, login and use Yast2 to setup the network. (or use dhcp)
Regards,
Remco.
On 04/05/14 20:55, CDR wrote:
> I did the same for Debian, created a container in Debian transported
> it to the Fedora Host. Then I installed an Ubuntu server and
> transported Fedora 20 and Debian containers.
> My client uses the paid version of Suse, called Suse Enterprise.Linux.
> Do you know if they support LXC containers? I am about to decide what
> host to use for LXC.
> The kernel is identical between Fedora 20 and Ubuntu Server. How is it
> with Suse Enterprise Linux?
> What is your take on this?
> Philip
>
> On Sun, May 4, 2014 at 2:09 PM, Michael H. Warfield <mhw at wittsend.com> wrote:
>> On Sun, 2014-05-04 at 11:21 -0400, CDR wrote:
>>> Does anybody have any idea how to install an LXC container for opensuse?
>> Yes.
>>
>> On what host? An OpenSuse host, Ubuntu host, or Fedora/CentOS host.
>>
>> If you are doing anything other than OpenSuse on OpenSuse, you're going
>> to have a problem bootstrapping your first container thanks to their
>> requirement of zypper in the template. I bootstrapped mine setup for
>> OpenSuse by booting a machine with OpenSuse and installing LXC on it,
>> then creating an OpenSuse container which can then be transported over
>> to the target host (Fedora 20). That first first container can then be
>> used to create new container images.
>>
>> Last time I exchanged E-Mail with the OpenSuse guys about building
>> OpenSuse containers on non-OpenSuse hosts, their response was on the
>> order of "why would anybody want to do that" and "I don't think that
>> will work" and "No I don't think you can build it without using zypper
>> even if it has rpm and yum".
>>
>> I was going to experiment with it using one of their run-live images as
>> a bootstrap core to run the container build from but never got around to
>> it.
>>
>>> Philip
>> Regards,
>> Mike
>> --
>> Michael H. Warfield (AI4NB) | (770) 978-7061 | mhw at WittsEnd.com
>> /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
>> NIC whois: MHW9 | An optimist believes we live in the best of all
>> PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
>>
>>
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
--
Remco Rohde, Consultant
Donald Smits Center for Information Technology
University of Groningen
Nettelbosje 1
9747 AJ Groningen
The Netherlands
r.rohde at rug.nl <mailto:r.rohde at rug.nl>
http://www.rug.nl/cit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20140504/17e28121/attachment-0001.html>
-------------- next part --------------
#!/bin/bash
#
# template script for generating a SLES11 container for LXC
#
#
# lxc: linux Container library
# Authors:
# Daniel Lezcano <daniel.lezcano at free.fr>
# Frederic Crozat <fcrozat at suse.com>
# Adapted for SLES11 by Remco Rohde <r.rohde at rug.nl>
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
configure_sles()
{
rootfs=$1
hostname=$2
rootpw=$3
# set network as static, but everything is done by LXC outside the container
cat <<EOF > $rootfs/etc/sysconfig/network/ifcfg-eth0
STARTMODE='auto'
BOOTPROTO='none'
EOF
# create empty fstab
touch $rootfs/etc/fstab
ln -s -f /proc/self/mounts $rootfs/etc/mtab
# create minimal /dev
mknod -m 666 $rootfs/dev/random c 1 8
mknod -m 666 $rootfs/dev/urandom c 1 9
mkdir -m 755 $rootfs/dev/pts
mkdir -m 1777 $rootfs/dev/shm
mknod -m 666 $rootfs/dev/tty c 5 0
mknod -m 600 $rootfs/dev/console c 5 1
mknod -m 666 $rootfs/dev/tty0 c 4 0
mknod -m 666 $rootfs/dev/tty1 c 4 1
mknod -m 666 $rootfs/dev/tty2 c 4 2
mknod -m 666 $rootfs/dev/tty3 c 4 3
mknod -m 666 $rootfs/dev/tty4 c 4 4
ln -s null $rootfs/dev/tty10
mknod -m 666 $rootfs/dev/full c 1 7
mknod -m 666 $rootfs/dev/ptmx c 5 2
ln -s /proc/self/fd $rootfs/dev/fd
ln -s /proc/kcore $rootfs/dev/core
mkdir -m 755 $rootfs/dev/net
mknod -m 666 $rootfs/dev/net/tun c 10 200
# set the hostname
cat <<EOF > $rootfs/etc/HOSTNAME
$hostname
EOF
# ensure /etc/hostname is available too
ln -s -f HOSTNAME $rootfs/etc/hostname
# do not use hostname from HOSTNAME variable
cat <<EOF >> $rootfs/etc/sysconfig/cron
unset HOSTNAME
EOF
# set minimal hosts
cat <<EOF > $rootfs/etc/hosts
127.0.0.1 localhost $hostname
EOF
cat <<EOF > $rootfs/etc/sysconfig/network/routes
default 192.168.0.251 - -
EOF
cat <<EOF > $rootfs/etc/resolv.conf
search test.ln
nameserver 192.168.0.1
nameserver 192.168.0.1
EOF
# disable various services
# disable yast->bootloader in container
cat <<EOF > $rootfs/etc/sysconfig/bootloader
LOADER_TYPE=none
LOADER_LOCATION=none
EOF
# cut down inittab
cat <<EOF > $rootfs/etc/inittab
id:3:initdefault:
si::bootwait:/etc/init.d/boot
l0:0:wait:/etc/init.d/rc 0
l1:1:wait:/etc/init.d/rc 1
l2:2:wait:/etc/init.d/rc 2
l3:3:wait:/etc/init.d/rc 3
l6:6:wait:/etc/init.d/rc 6
ls:S:wait:/etc/init.d/rc S
~~:S:respawn:/sbin/sulogin
p6::ctrlaltdel:/sbin/init 6
p0::powerfail:/sbin/init 0
cons:2345:respawn:/sbin/mingetty --noclear console screen
c1:2345:respawn:/sbin/mingetty --noclear tty1 screen
EOF
# set /dev/console as securetty
cat << EOF >> $rootfs/etc/securetty
console
EOF
cat <<EOF >> $rootfs/etc/sysconfig/boot
# disable root fsck
ROOTFS_FSCK="0"
ROOTFS_BLKDEV="/dev/null"
EOF
# configure suseregister
# uncomment the following lines, and copy the values for username/password from the host.
# cat <<EOF > $rootfs/etc/zypp/credentials.d/NCCcredentials
#username=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
#password=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
#EOF
# remove pointless services in a container
$rootfs/sbin/insserv -r -f -p $rootfs/etc/init.d boot.udev boot.udev_retry boot.md boot.lvm boot.loadmodules boot.device-mapper boot.clock boot.swap haldaemon boot.klog
#set the random root password!
echo "root:$rootpw" | chroot $rootfs chpasswd
# insert ssh keys, uncomment the following lines and enter your own public keys, one per line.
# mkdir -p $rootfs/root/.ssh
# cat <<EOF > $rootfs/root/.ssh/authorized_keys
#ssh-dss AAAAB3NzaC1kc3MAAAEBAMEvgFL5i1D+H8HtwxhYzc9pLyVTGDpbsi1K2zLYZpVVGy5APYlaB7UvNeBcqO/1VnYHYsA8LaeYZeyC1QnFlsaChg/lYfWTCAGN5JWgG2Of9FN0mK2AEfSpKzlWN2hEO1IKqplxTHfVjgzUlMpeIend3O1feZ0w78LlDmuUS7nvmYkiP/zTBhxWHRlyXg+PSnkHG7whABr2Ieqkt/9r367KgjCEHpU371p7/ZXIpmBpml3qPS1LJ/sqVZIg7r082ptUGRe69nvdMwblyz+lAnuUnyPlRye1Pv1ywIU3iZhyqvktqUANgm5QilCuFH8tKcWBPeMWWP4H/IwrjgehPXsAAAAVAKqY7j7usgKnDUyD2BZcBFN48FnDAAABAFjXI8W8e3Ws5DVZsuadNPqIcxB8EGDuQgpiFHD32XesJIpe6saa8s/UJwJyWw2padhT/5cle9c4YO2eOJgcHv4BNXBhepnrhL0+6Bt0DNgZQ3DcPYR93PtdJZMiNt7o2JDI7IsZgKgZIvgpLgSGmYqbD+gNTTH4Xxq2HiOS322axhDuz1OT8KvrGFhudgVxGclb3y0E/E9dzqqmWbcWkwn6q7N8tLjtfcPHFqXx2FNC63/Rp2pOP6AjbckizeLegjMhjYwk5hy6gE6ZfBTbCSYcx+ZSmZhrk/Wc0BaL+gMi4rR6qWzlDvBX5Fdh1JwBn0lRVexIvQySp1E8FetJN7AAAAEARl6tKEJqSedAnlAx8piKcimXvVetCk2hwCa8riB2rxXpZETvVNHsGqMfdgjY1nQB9cq2SwKVueUU2VvcCrmICktHK83emnLIDfPSRdlSkjD5+EgxbyCBt2oIPDVnD2Hb455n11zq04q2AHdUMufT2hGsbxuOKWBFeQoXfXv1OByjucMs/r7BcwsJwYlwuIaISyTXO7TNMl0lUcuFFwE1xgdFcMMCJosFCWW6ohb1P95eiD5HVZKucIFjQj0xb7CISMcfTJ4aMF6pLThKIlQ4AqCrTa/sVbpJlmRHeMI082Sli3MvnoQ7DDmTkswhpdZsIlSXRZQQNGkZL4MS/rW6BQ== remco at host
#EOF
# chmod 700 $rootfs/root/.ssh
# chmod 600 $rootfs/root/.ssh/authorized_keys
return 0
}
download_sles()
{
cache=$1
arch=$2
echo "Downloading is illegal, go get ur own SLES, aborting."
return 1
}
copy_sles()
{
cache=$1
arch=$2
rootfs=$3
# make a local copy of the mini sles
echo -n "Copying rootfs to $rootfs ..."
mkdir -p $rootfs
rsync -a $cache/rootfs-$arch/ $rootfs/ || return 1
return 0
}
install_sles()
{
cache="/var/cache/lxc/sles"
rootfs=$1
mkdir -p /var/lock/subsys/
(
flock -x 200
if [ $? -ne 0 ]; then
echo "Cache repository is busy."
return 1
fi
arch=$(arch)
echo "Checking cache download in $cache/rootfs-$arch ... "
if [ ! -e "$cache/rootfs-$arch" ]; then
download_sles $cache $arch
if [ $? -ne 0 ]; then
echo "Failed to download 'sles base'"
return 1
fi
fi
echo "Copy $cache/rootfs-$arch to $rootfs ... "
copy_sles $cache $arch $rootfs
if [ $? -ne 0 ]; then
echo "Failed to copy rootfs"
return 1
fi
return 0
) 200>/var/lock/subsys/lxc
return $?
}
copy_configuration()
{
config_path=$1
rootfs=$2
name=$3
rootpw=$4
# if there is exactly one veth network entry, make sure it has an
# associated hwaddr.
nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l`
if [ $nics -eq 1 ]; then
grep -q "^lxc.network.hwaddr" $path/config || cat <<EOF >> $path/config
lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')
EOF
fi
cat <<EOF >> $config_path/$name/config
lxc.utsname = $name
lxc.tty = 4
lxc.pts = 1024
lxc.rootfs = $rootfs
lxc.mount = $config_path/$name/fstab
lxc.arch = $(arch)
lxc.cap.drop = sys_module mac_admin
lxc.pivotdir = lxc_putold
#lxc.cgroup.memory.limit_in_bytes = 8096M
# When using LXC with apparmor, uncomment the next line to run unconfined:
#lxc.aa_profile = unconfined
lxc.cgroup.devices.deny = a
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rwm
EOF
# bind mounts to the host, edit!
#mkdir -p $rootfs/media/public >/dev/null 2>&1
#mkdir -p $rootfs/media/cdimages >/dev/null 2>&1
cat <<EOF > $config_path/$name/fstab
proc proc proc nodev,noexec,nosuid 0 0
sysfs sys sysfs defaults 0 0
#/export/public media/public none noatime,defaults,bind 0 0
#/export/cdimages media/cdimages none ro,noatime,defaults,bind 0 0
EOF
# Put a copy of the fstab inside the container
cp -f $config_path/$name/fstab $rootfs/etc/fstab
cat <<EOF > $config_path/$name/rootpw
# Please delete this file !
container root password = $rootpw
EOF
chmod 600 $config_path/$name/rootpw
if [ $? -ne 0 ]; then
echo "Failed to add configuration"
return 1
fi
return 0
}
clean()
{
cache="/var/cache/lxc/sles"
if [ ! -e $cache ]; then
exit 0
fi
# lock, so we won't purge while someone is creating a repository
(
flock -x 200
if [ $? != 0 ]; then
echo "Cache repository is busy."
exit 1
fi
echo -n "Purging the download cache... NOT!"
#rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1
exit 0
) 200>/var/lock/subsys/lxc
}
usage()
{
cat <<EOF
$1 -h|--help -p|--path=<path> --clean
EOF
return 0
}
options=$(getopt -o hp:n:c -l help,path:,name:,clean -- "$@")
if [ $? -ne 0 ]; then
usage $(basename $0)
exit 1
fi
eval set -- "$options"
while true
do
case "$1" in
-h|--help) usage $0 && exit 0;;
-p|--path) path=$2; shift 2;;
-n|--name) name=$2; shift 2;;
-c|--clean) clean=$2; shift 2;;
--) shift 1; break ;;
*) break ;;
esac
done
if [ ! -z "$clean" -a -z "$path" ]; then
clean || exit 1
exit 0
fi
#type zypper > /dev/null
#if [ $? -ne 0 ]; then
# echo "'zypper' command is missing"
# exit 1
#fi
type pwgen > /dev/null
if [ $? -ne 0 ]; then
echo "'pwgen' command is missing. (hint: apt-get install pwgen)"
exit 1
fi
if [ -z "$path" ]; then
echo "'path' parameter is required"
exit 1
fi
if [ "$(id -u)" != "0" ]; then
echo "This script should be run as 'root'"
exit 1
fi
rootfs=$path/rootfs
config_path=/var/lib/lxc
rootpw=`pwgen -cnsB1 16 1`
install_sles $rootfs
if [ $? -ne 0 ]; then
echo "failed to install sles"
exit 1
fi
configure_sles $rootfs $name $rootpw
if [ $? -ne 0 ]; then
echo "failed to configure sles for a container"
exit 1
fi
copy_configuration $config_path $rootfs $name $rootpw
if [ $? -ne 0 ]; then
echo "failed write configuration file"
exit 1
fi
if [ ! -z $clean ]; then
clean || exit 1
exit 0
fi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3239 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20140504/17e28121/attachment-0001.bin>
More information about the lxc-users
mailing list