[lxc-users] LXC 3.0.0: Packaging Changes To Be Aware Of
Christian Brauner
christian.brauner at canonical.com
Sat Apr 7 14:54:07 UTC 2018
Hey everyone,
LX{C,FS,D} upstream here. :)
I'm sorry to ping you all at once in this mail and I seriously hope I only
added actual package maintainers for LXC based projects in their respective
distros to this mail. If not I'm genuinely sorry to have banged on your door
(or rather inbox) on a Saturday!
A few days ago we released LXC [1] and LXD [2] 3.0.0 which are going to be our
next LTS releases receiving support from upstream for 5 years until 2023.
LXC 3.0.0 not just introduces a lot of changes and improvements on all fronts
in general but will also likely require changes in packaging. These changes are
what I'd like to inform you about because we really don't want you all to run
into pointless confusion and problems.
The distros I think should be reached by this mail are:
Alpine
ArchLinux
Debian
Fedora
Gentoo
NixOS
openSUSE
OpenWrt
Please, if anyone of you know other packagers in other distros that are not
derivatives of the above please forward this mail. Don't leave fellow
maintainers hanging. :)
Here is a list of what we consider will most likely affect you as packagers:
1. **Important** the lxc-templates have been moved out of the main LXC tree
into a separate repository
https://github.com/lxc/lxc-templates
This means that without this separate package LXC will now only come with
the following templates:
lxc-busybox
lxc-download
lxc-local
lxc-oci
2. **Important** distrobuilder is the new way of creating machine/system
container images
The templates have been replaced by a new project called "distrobuilder"
[5]. It aims to be a very simple Go project focussed on letting you easily
build full system container images by either using the official cloud image
if one is provided by the distro or by using the respective distro's
recommended tooling (e.g. debootstrap for Debian or pacman for ArchLinux).
It aims to be declarative, using the same set of options for all
distributions while having extensive validation code to ensure everything
that's downloaded is properly validated.
**Warning: Advertisement** please consider packaging distrobuilder.
https://github.com/lxc/distrobuilder
A more lengthy justification can be found at:
https://brauner.github.io/2018/02/27/lxc-removes-legacy-template-build-system.html
3. The python3 bindings have been moved out of the main LXC tree and are
maintained in a separate Github repo under the LXC namespace.
https://github.com/lxc/python3-lxc
This means that the
--with-python
configure flag should be dropped.
A more lengthy justification can be found at:
https://brauner.github.io/2018/02/27/lxc-removes-legacy-template-build-system.html
4. The lua bindings have been moved out of the main LXC tree and are
maintained in a separate Github repo under the LXC namespace.
https://github.com/lxc/lua-lxc
This means that the
--with-lua
configure flag should be dropped.
A more lengthy justification can be found at:
https://brauner.github.io/2018/02/27/lxc-removes-legacy-template-build-system.html
5. **Important** the pam_cgfs.so pam module has moved from the LXCFS tree into
the LXC tree
https://github.com/lxc/lxc/blob/master/src/lxc/pam/pam_cgfs.c
This means that in order to compile the pam module with LXC you should pass:
--enable-pam
and
--with-pamdir=PAM_PATH
when compiling LXC.
In case you don't know what the pam module is for it is used to allow
unprivileged cgroup management for fully unprivileged containers. It
useful for all container runtimes (e.g. openSUSE is shipping and
using it). For a slightly deeper look at it I suggest you read [3].
6. Removeal of legacy cgroup drivers
This includes the cgmanager driver. Which also implies that
This means that the
--with-cgmanager
configure flag should be dropped. The cgmanager package can likely also be
dropped unless you maintain a package for our 1.0 stable branch!
A more lengthy justification can be found at:
https://brauner.github.io/2018/02/20/lxc-removes-legacy-cgroup-drivers.html
7. All legacy configuration keys have been removed.
With LXC 2.1.0 we started to print warning when legacy configuration keys
were used in the container config and started yelling at people that we will
remove legacy configuration keys in LXC 3.0.0. This is now reality.
We ship an upgrade script since LXC 2.1:
chb at conventiont|~
> lxc-update-config
/usr/bin/lxc-update-config -h|--help [-c|--config]
config: the container configuration to update
which will automatically replace legacy configuration keys with their new
counterparts. If the upgrade fails it will have left a *.backup file in the
same directory where the config file was and it can simply be restored.
Please make sure your users know about this update script. Fwiw, [4]
provides a list of all removed legacy configuration keys and their new
counterparts.
8. **Warning: Advertisement** for any distro on here that does not already
package LXCFS which has been around for a long time they should consider it.
It provides a *runtime agnostic* way of partially virtualizing /proc through
a minimal multi-threaded fuse filesystem.
These mocked files can be overmounted over their /proc counterparts in the
container.
https://github.com/lxc/lxcfs
For a thorough overview over what has changed please see:
https://discuss.linuxcontainers.org/t/lxc-3-0-0-has-been-released
Thank you all for packaging LXC, LXCFS, and LXD!
The LXC team
[1]: https://discuss.linuxcontainers.org/t/lxc-3-0-0-has-been-released
[2]: https://discuss.linuxcontainers.org/t/lxd-3-0-0-has-been-released
[3]: https://brauner.github.io/2018/02/28/lxc-includes-cgroup-pam-module.html
[4]: Legacy Key | New Key | Comments
-------------------------------------|-------------------------------|---------
lxc.aa_profile | lxc.apparmor.profile |
lxc.aa_allow_incomplete | lxc.apparmor.allow_incomplete |
lxc.console | lxc.console.path |
lxc.devttydir | lxc.tty.dir |
lxc.haltsignal | lxc.signal.halt |
lxc.id_map | lxc.idmap |
lxc.init_cmd | lxc.init.cmd |
lxc.init_gid | lxc.init.gid |
lxc.init_uid | lxc.init.uid |
lxc.kmsg | - | removed
lxc.limit | lxc.prlimit |
lxc.logfile | lxc.log.file |
lxc.loglevel | lxc.log.level |
lxc.mount | lxc.mount.fstab |
lxc.network | lxc.net |
lxc.network. | lxc.net.[i]. |
lxc.network.flags | lxc.net.[i].flags |
lxc.network.hwaddr | lxc.net.[i].hwaddr |
lxc.network.ipv4 | lxc.net.[i].ipv4.address |
lxc.network.ipv4.gateway | lxc.net.[i].ipv4.gateway |
lxc.network.ipv6 | lxc.net.[i].ipv6.address |
lxc.network.ipv6.gateway | lxc.net.[i].ipv6.gateway |
lxc.network.link | lxc.net.[i].link |
lxc.network.macvlan.mode | lxc.net.[i].macvlan.mode |
lxc.network.mtu | lxc.net.[i].mtu |
lxc.network.name | lxc.net.[i].name |
lxc.network.script.down | lxc.net.[i].script.down |
lxc.network.script.up | lxc.net.[i].script.up |
lxc.network.type | lxc.net.[i].type |
lxc.network.veth.pair | lxc.net.[i].veth.pair |
lxc.network.vlan.id | lxc.net.[i].vlan.id |
lxc.pivotdir | - | removed
lxc.pts | lxc.pty.max |
lxc.rebootsignal | lxc.signal.reboot |
lxc.rootfs | lxc.rootfs.path |
lxc.se_context | lxc.selinux.context |
lxc.seccomp | lxc.seccomp.profile |
lxc.stopsignal | lxc.signal.stop |
lxc.syslog | lxc.log.syslog |
lxc.tty | lxc.tty.max |
lxc.utsname | lxc.uts.name |
[5]: https://github.com/lxc/distrobuilder
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20180407/2d35428b/attachment.sig>
More information about the lxc-users
mailing list