[lxc-users] Looking for Opensuse template

Remco Rohde r.rohde at rug.nl
Sun May 4 20:59:55 UTC 2014


Philip,

Just would like to let you know that the most recent Suse Enterprise
Linux (a.k.a. SLES) v11 SP3 does indeed support LXC. Because i wanted to
run SLES and Ubuntu containers on the same host i invested some spare
time to get SLES containers running on a Ubuntu host. It cost me a
couple of hours to create a working template for a SLES container on
Ubuntu 12.04, and eventually i got it working and I'm now successfully
running enterprise stuff (eDirectory/Identity Manager) in SLES
containers on Ubuntu .... Totally unsupported of course, but good enough
for my test environment and it was a fun exercise to get to know LXC a
little bit better ...

I think this hack will work for other distros as well, but it might be
pretty tricky when the hosts kernel version differs (a lot) from the
SLES kernel. (a.t.m the SLES11 sp3 kernel version is "3.0.101", Ubuntu
12.04 is 3.2.0 ). Until now i got no complaints from the SLES containers
though.

To get a SLES11 container running on Ubuntu 12.04 you need to take the
following steps:
- install lxc and create a dummy container on a SLES host and copy the
/var/cache/lxc/sles directory over to the same location on your (Ubuntu)
host.
- copy the attached lxc template (lxc-sles) to /usr/lib/lxc/templates/
and edit it to your liking (insert ssh keys, bind mounts, and
credentials for online updates)
- create a new sles container:/lxc-create -n slestest -t sles/
- run the container, login and use Yast2 to setup the network. (or use dhcp)

Regards,
Remco.

On 04/05/14 20:55, CDR wrote:
> I did the same for Debian, created a container in Debian transported
> it to the Fedora Host. Then I installed an Ubuntu server and
> transported Fedora 20 and Debian containers.
> My client uses the paid version of Suse, called Suse Enterprise.Linux.
> Do you know if they support LXC containers? I am about to decide what
> host to use for LXC.
> The kernel is identical between Fedora 20 and Ubuntu Server. How is it
> with Suse Enterprise Linux?
> What is your take on this?
> Philip
>
> On Sun, May 4, 2014 at 2:09 PM, Michael H. Warfield <mhw at wittsend.com> wrote:
>> On Sun, 2014-05-04 at 11:21 -0400, CDR wrote:
>>> Does anybody have any idea how to install an LXC container for opensuse?
>> Yes.
>>
>> On what host?  An OpenSuse host, Ubuntu host, or Fedora/CentOS host.
>>
>> If you are doing anything other than OpenSuse on OpenSuse, you're going
>> to have a problem bootstrapping your first container thanks to their
>> requirement of zypper in the template.  I bootstrapped mine setup for
>> OpenSuse by booting a machine with OpenSuse and installing LXC on it,
>> then creating an OpenSuse container which can then be transported over
>> to the target host (Fedora 20).  That first first container can then be
>> used to create new container images.
>>
>> Last time I exchanged E-Mail with the OpenSuse guys about building
>> OpenSuse containers on non-OpenSuse hosts, their response was on the
>> order of "why would anybody want to do that" and "I don't think that
>> will work" and "No I don't think you can build it without using zypper
>> even if it has rpm and yum".
>>
>> I was going to experiment with it using one of their run-live images as
>> a bootstrap core to run the container build from but never got around to
>> it.
>>
>>> Philip
>> Regards,
>> Mike
>> --
>> Michael H. Warfield (AI4NB) | (770) 978-7061 |  mhw at WittsEnd.com
>>    /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
>>    NIC whois: MHW9          | An optimist believes we live in the best of all
>>  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
>>
>>
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users


-- 
Remco Rohde, Consultant
Donald Smits Center for Information Technology
University of Groningen
Nettelbosje 1
9747 AJ Groningen
The Netherlands

r.rohde at rug.nl <mailto:r.rohde at rug.nl>
http://www.rug.nl/cit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20140504/17e28121/attachment-0001.html>
-------------- next part --------------
#!/bin/bash

#
# template script for generating a SLES11 container for LXC
#

#
# lxc: linux Container library

# Authors:
# Daniel Lezcano <daniel.lezcano at free.fr>
# Frederic Crozat <fcrozat at suse.com>
# Adapted for SLES11 by Remco Rohde <r.rohde at rug.nl> 

# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.

# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# Lesser General Public License for more details.

# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

configure_sles()
{
    rootfs=$1
    hostname=$2
    rootpw=$3

   # set network as static, but everything is done by LXC outside the container
   cat <<EOF > $rootfs/etc/sysconfig/network/ifcfg-eth0
STARTMODE='auto'
BOOTPROTO='none'
EOF

   # create empty fstab
   touch $rootfs/etc/fstab
   ln -s -f /proc/self/mounts $rootfs/etc/mtab

    # create minimal /dev
    mknod -m 666 $rootfs/dev/random c 1 8
    mknod -m 666 $rootfs/dev/urandom c 1 9
    mkdir -m 755 $rootfs/dev/pts
    mkdir -m 1777 $rootfs/dev/shm
    mknod -m 666 $rootfs/dev/tty c 5 0
    mknod -m 600 $rootfs/dev/console c 5 1
    mknod -m 666 $rootfs/dev/tty0 c 4 0
    mknod -m 666 $rootfs/dev/tty1 c 4 1
    mknod -m 666 $rootfs/dev/tty2 c 4 2
    mknod -m 666 $rootfs/dev/tty3 c 4 3
    mknod -m 666 $rootfs/dev/tty4 c 4 4
    ln -s null $rootfs/dev/tty10
    mknod -m 666 $rootfs/dev/full c 1 7
    mknod -m 666 $rootfs/dev/ptmx c 5 2
    ln -s /proc/self/fd $rootfs/dev/fd
    ln -s /proc/kcore $rootfs/dev/core
    mkdir -m 755 $rootfs/dev/net
    mknod -m 666 $rootfs/dev/net/tun c 10 200

    # set the hostname
    cat <<EOF > $rootfs/etc/HOSTNAME
$hostname
EOF
    # ensure /etc/hostname is available too
    ln -s -f HOSTNAME $rootfs/etc/hostname

    # do not use hostname from HOSTNAME variable
    cat <<EOF >> $rootfs/etc/sysconfig/cron
unset HOSTNAME
EOF

    # set minimal hosts
    cat <<EOF > $rootfs/etc/hosts
127.0.0.1 localhost $hostname
EOF

    cat <<EOF > $rootfs/etc/sysconfig/network/routes
default 192.168.0.251 - -
EOF

   cat <<EOF > $rootfs/etc/resolv.conf
search test.ln
nameserver 192.168.0.1
nameserver 192.168.0.1
EOF

    # disable various services
    # disable yast->bootloader in container
    cat <<EOF > $rootfs/etc/sysconfig/bootloader
LOADER_TYPE=none
LOADER_LOCATION=none
EOF

    # cut down inittab
    cat <<EOF > $rootfs/etc/inittab
id:3:initdefault:
si::bootwait:/etc/init.d/boot
l0:0:wait:/etc/init.d/rc 0
l1:1:wait:/etc/init.d/rc 1
l2:2:wait:/etc/init.d/rc 2
l3:3:wait:/etc/init.d/rc 3
l6:6:wait:/etc/init.d/rc 6
ls:S:wait:/etc/init.d/rc S
~~:S:respawn:/sbin/sulogin
p6::ctrlaltdel:/sbin/init 6
p0::powerfail:/sbin/init 0
cons:2345:respawn:/sbin/mingetty --noclear console screen
c1:2345:respawn:/sbin/mingetty --noclear tty1 screen
EOF

   # set /dev/console as securetty
   cat << EOF >> $rootfs/etc/securetty
console
EOF

    cat <<EOF >> $rootfs/etc/sysconfig/boot
# disable root fsck
ROOTFS_FSCK="0"
ROOTFS_BLKDEV="/dev/null"
EOF

    # configure suseregister
	# uncomment the following lines, and copy the values for username/password from the host.  
#    cat <<EOF > $rootfs/etc/zypp/credentials.d/NCCcredentials
#username=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
#password=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
#EOF
   
    # remove pointless services in a container
    $rootfs/sbin/insserv -r -f -p $rootfs/etc/init.d boot.udev boot.udev_retry boot.md boot.lvm boot.loadmodules boot.device-mapper boot.clock boot.swap haldaemon boot.klog
    
    #set the random root password!
    echo "root:$rootpw" | chroot $rootfs chpasswd

    # insert ssh keys, uncomment the following lines and enter your own public keys, one per line.
#    mkdir -p $rootfs/root/.ssh
#    cat <<EOF > $rootfs/root/.ssh/authorized_keys
#ssh-dss AAAAB3NzaC1kc3MAAAEBAMEvgFL5i1D+H8HtwxhYzc9pLyVTGDpbsi1K2zLYZpVVGy5APYlaB7UvNeBcqO/1VnYHYsA8LaeYZeyC1QnFlsaChg/lYfWTCAGN5JWgG2Of9FN0mK2AEfSpKzlWN2hEO1IKqplxTHfVjgzUlMpeIend3O1feZ0w78LlDmuUS7nvmYkiP/zTBhxWHRlyXg+PSnkHG7whABr2Ieqkt/9r367KgjCEHpU371p7/ZXIpmBpml3qPS1LJ/sqVZIg7r082ptUGRe69nvdMwblyz+lAnuUnyPlRye1Pv1ywIU3iZhyqvktqUANgm5QilCuFH8tKcWBPeMWWP4H/IwrjgehPXsAAAAVAKqY7j7usgKnDUyD2BZcBFN48FnDAAABAFjXI8W8e3Ws5DVZsuadNPqIcxB8EGDuQgpiFHD32XesJIpe6saa8s/UJwJyWw2padhT/5cle9c4YO2eOJgcHv4BNXBhepnrhL0+6Bt0DNgZQ3DcPYR93PtdJZMiNt7o2JDI7IsZgKgZIvgpLgSGmYqbD+gNTTH4Xxq2HiOS322axhDuz1OT8KvrGFhudgVxGclb3y0E/E9dzqqmWbcWkwn6q7N8tLjtfcPHFqXx2FNC63/Rp2pOP6AjbckizeLegjMhjYwk5hy6gE6ZfBTbCSYcx+ZSmZhrk/Wc0BaL+gMi4rR6qWzlDvBX5Fdh1JwBn0lRVexIvQySp1E8FetJN7AAAAEARl6tKEJqSedAnlAx8piKcimXvVetCk2hwCa8riB2rxXpZETvVNHsGqMfdgjY1nQB9cq2SwKVueUU2VvcCrmICktHK83emnLIDfPSRdlSkjD5+EgxbyCBt2oIPDVnD2Hb455n11zq04q2AHdUMufT2hGsbxuOKWBFeQoXfXv1OByjucMs/r7BcwsJwYlwuIaISyTXO7TNMl0lUcuFFwE1xgdFcMMCJosFCWW6ohb1P95eiD5HVZKucIFjQj0xb7CISMcfTJ4aMF6pLThKIlQ4AqCrTa/sVbpJlmRHeMI082Sli3MvnoQ7DDmTkswhpdZsIlSXRZQQNGkZL4MS/rW6BQ== remco at host
#EOF

#    chmod 700 $rootfs/root/.ssh
#    chmod 600 $rootfs/root/.ssh/authorized_keys

    return 0
}

download_sles()
{
    cache=$1
    arch=$2

    echo "Downloading is illegal, go get ur own SLES, aborting."
    return 1
}

copy_sles()
{
    cache=$1
    arch=$2
    rootfs=$3

    # make a local copy of the mini sles 
    echo -n "Copying rootfs to $rootfs ..."
    mkdir -p $rootfs
    rsync -a $cache/rootfs-$arch/ $rootfs/ || return 1
    return 0
}

install_sles()
{
    cache="/var/cache/lxc/sles"
    rootfs=$1
    mkdir -p /var/lock/subsys/
    (
	flock -x 200
	if [ $? -ne 0 ]; then
	    echo "Cache repository is busy."
	    return 1
	fi

	arch=$(arch)

	echo "Checking cache download in $cache/rootfs-$arch ... "
	if [ ! -e "$cache/rootfs-$arch" ]; then
	    download_sles $cache $arch
	    if [ $? -ne 0 ]; then
		echo "Failed to download 'sles base'"
		return 1
	    fi
	fi

	echo "Copy $cache/rootfs-$arch to $rootfs ... "
	copy_sles $cache $arch $rootfs
	if [ $? -ne 0 ]; then
	    echo "Failed to copy rootfs"
	    return 1
	fi

	return 0

	) 200>/var/lock/subsys/lxc

    return $?
}

copy_configuration()
{
    config_path=$1
    rootfs=$2
    name=$3
    rootpw=$4

    # if there is exactly one veth network entry, make sure it has an
    # associated hwaddr.
    nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l`
    if [ $nics -eq 1 ]; then
        grep -q "^lxc.network.hwaddr" $path/config || cat <<EOF >> $path/config
lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')
EOF
    fi

    cat <<EOF >> $config_path/$name/config
lxc.utsname = $name

lxc.tty = 4
lxc.pts = 1024
lxc.rootfs = $rootfs
lxc.mount = $config_path/$name/fstab
lxc.arch = $(arch)
lxc.cap.drop = sys_module mac_admin
lxc.pivotdir = lxc_putold

#lxc.cgroup.memory.limit_in_bytes = 8096M

# When using LXC with apparmor, uncomment the next line to run unconfined:
#lxc.aa_profile = unconfined

lxc.cgroup.devices.deny = a
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rwm
EOF

# bind mounts to the host, edit!
#mkdir -p $rootfs/media/public >/dev/null 2>&1
#mkdir -p $rootfs/media/cdimages >/dev/null 2>&1

    cat <<EOF > $config_path/$name/fstab
proc            		proc         	proc	nodev,noexec,nosuid 0 0
sysfs           		sys          	sysfs	defaults  0 0
#/export/public  		media/public 	none	noatime,defaults,bind 0 0
#/export/cdimages  		media/cdimages 	none   	ro,noatime,defaults,bind 0 0
EOF

# Put a copy of the fstab inside the container
cp -f $config_path/$name/fstab $rootfs/etc/fstab

    cat <<EOF > $config_path/$name/rootpw
# Please delete this file !
container root password = $rootpw
EOF

chmod 600 $config_path/$name/rootpw

    if [ $? -ne 0 ]; then
	echo "Failed to add configuration"
	return 1
    fi

    return 0
}

clean()
{
    cache="/var/cache/lxc/sles"

    if [ ! -e $cache ]; then
	exit 0
    fi

    # lock, so we won't purge while someone is creating a repository
    (
	flock -x 200
	if [ $? != 0 ]; then
	    echo "Cache repository is busy."
	    exit 1
	fi

	echo -n "Purging the download cache... NOT!"
	#rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1
	exit 0

    ) 200>/var/lock/subsys/lxc
}

usage()
{
    cat <<EOF
$1 -h|--help -p|--path=<path> --clean
EOF
    return 0
}

options=$(getopt -o hp:n:c -l help,path:,name:,clean -- "$@")
if [ $? -ne 0 ]; then
    usage $(basename $0)
    exit 1
fi
eval set -- "$options"

while true
do
    case "$1" in
	-h|--help)      usage $0 && exit 0;;
	-p|--path)      path=$2; shift 2;;
	-n|--name)      name=$2; shift 2;;
	-c|--clean)     clean=$2; shift 2;;
	--)             shift 1; break ;;
        *)              break ;;
    esac
done

if [ ! -z "$clean" -a -z "$path" ]; then
    clean || exit 1
    exit 0
fi

#type zypper > /dev/null
#if [ $? -ne 0 ]; then
#    echo "'zypper' command is missing"
#    exit 1
#fi

type pwgen > /dev/null
if [ $? -ne 0 ]; then
    echo "'pwgen' command is missing. (hint: apt-get install pwgen)"
    exit 1
fi


if [ -z "$path" ]; then
    echo "'path' parameter is required"
    exit 1
fi

if [ "$(id -u)" != "0" ]; then
    echo "This script should be run as 'root'"
    exit 1
fi

rootfs=$path/rootfs
config_path=/var/lib/lxc
rootpw=`pwgen -cnsB1 16 1`

install_sles $rootfs
if [ $? -ne 0 ]; then
    echo "failed to install sles"
    exit 1
fi

configure_sles $rootfs $name $rootpw
if [ $? -ne 0 ]; then
    echo "failed to configure sles for a container"
    exit 1
fi

copy_configuration $config_path $rootfs $name $rootpw
if [ $? -ne 0 ]; then
    echo "failed write configuration file"
    exit 1
fi

if [ ! -z $clean ]; then
    clean || exit 1
    exit 0
fi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3239 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20140504/17e28121/attachment-0001.bin>


More information about the lxc-users mailing list