init: Add upstart jobs and some more changes (v3)

This adds the 3 upstart jobs that we've had in Ubuntu for a while:
 - lxc.conf: Main upstart job, triggers lxc-net.conf based on config
 - lxc-instance.conf: Triggered by lxc.conf for each auto-started container
 - lxc-net.conf: Triggered by lxc.conf, sets up lxcbr0, NAT, mangling, ...

In addition, there are two extra config files in /etc/default:
 - lxc: Allows setting some values like http proxying, disabling autostart, ...
 - lxc-net: Network configuration for the lxcbr0 bridge

This change also disables the sysv script for all distros but Oracle as
the current script won't work on either Ubuntu nor Debian and I suspect
quite a few more distros, so it's not nearly as distro-agnostic as we
thought.

For Debian, only install the upstart jobs and systemd unit.
For Ubuntu, only install the upstart jobs.

This change also moves all the init related stuff to config/init/

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

diff --git a/config/Makefile.am b/config/Makefile.am
index 7ca23eb83d94d4e9315e4d02d4299d96ffb90f2d..02ba9cee6623d2497ec6c71044988a9706b8ea13 100644 (file)
--- a/config/Makefile.am
+++ b/config/Makefile.am
@@ -1 +1 @@
-SUBDIRS = etc templates
+SUBDIRS = etc init templates

diff --git a/config/init/Makefile.am b/config/init/Makefile.am
new file mode 100644 (file)
index 0000000..e2ffe28
--- /dev/null
+++ b/config/init/Makefile.am
@@ -0,0 +1 @@
+SUBDIRS = systemd sysvinit upstart

diff --git a/config/init/systemd/Makefile.am b/config/init/systemd/Makefile.am
new file mode 100644 (file)
index 0000000..82587b0
--- /dev/null
+++ b/config/init/systemd/Makefile.am
@@ -0,0 +1,26 @@
+EXTRA_DIST = \
+       lxc-devsetup \
+       lxc.service
+
+if INIT_SCRIPT_SYSTEMD
+if HAVE_DEBIAN
+SYSTEMD_UNIT_DIR = /lib/systemd/system
+else
+SYSTEMD_UNIT_DIR = /usr/lib/systemd/system
+endif
+install-systemd: lxc.service lxc-devsetup
+       $(MKDIR_P) $(DESTDIR)$(SYSTEMD_UNIT_DIR)
+       $(INSTALL_DATA) lxc.service $(DESTDIR)$(SYSTEMD_UNIT_DIR)/
+
+uninstall-systemd:
+       rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/lxc.service
+       rmdir $(DESTDIR)$(SYSTEMD_UNIT_DIR) || :
+pkglibexec_SCRIPTS = lxc-devsetup
+else
+install-systemd:
+uninstall-systemd:
+endif
+
+install-data-local: install-systemd
+
+uninstall-local: uninstall-systemd

diff --git a/src/lxc/lxc-devsetup b/config/init/systemd/lxc-devsetup
similarity index 100%
rename from src/lxc/lxc-devsetup
rename to config/init/systemd/lxc-devsetup

diff --git a/src/lxc/lxc.service b/config/init/systemd/lxc.service
similarity index 100%
rename from src/lxc/lxc.service
rename to config/init/systemd/lxc.service

diff --git a/config/init/sysvinit/Makefile.am b/config/init/sysvinit/Makefile.am
new file mode 100644 (file)
index 0000000..4372c2d
--- /dev/null
+++ b/config/init/sysvinit/Makefile.am
@@ -0,0 +1,18 @@
+EXTRA_DIST = lxc
+
+if INIT_SCRIPT_SYSV
+install-sysvinit: lxc
+       $(MKDIR_P) $(DESTDIR)$(sysconfdir)/rc.d/init.d
+       $(INSTALL_SCRIPT) lxc $(DESTDIR)$(sysconfdir)/rc.d/init.d/lxc
+
+uninstall-sysvinit:
+       rm -f $(DESTDIR)$(sysconfdir)/rc.d/init.d/lxc
+       rmdir $(DESTDIR)$(sysconfdir)/rc.d/init.d || :
+else
+install-sysvinit:
+uninstall-sysvinit:
+endif
+
+install-data-local: install-sysvinit
+
+uninstall-local: uninstall-sysvinit

diff --git a/src/lxc/lxc.sysvinit b/config/init/sysvinit/lxc
similarity index 100%
rename from src/lxc/lxc.sysvinit
rename to config/init/sysvinit/lxc

diff --git a/config/init/upstart/Makefile.am b/config/init/upstart/Makefile.am
new file mode 100644 (file)
index 0000000..fbca0bb
--- /dev/null
+++ b/config/init/upstart/Makefile.am
@@ -0,0 +1,22 @@
+EXTRA_DIST = lxc.conf lxc-instance.conf lxc-net.conf
+
+if INIT_SCRIPT_UPSTART
+install-upstart: lxc.conf lxc-instance.conf lxc-net.conf
+       $(MKDIR_P) $(DESTDIR)$(sysconfdir)/init/
+       $(INSTALL_DATA) lxc.conf $(DESTDIR)$(sysconfdir)/init/
+       $(INSTALL_DATA) lxc-instance.conf $(DESTDIR)$(sysconfdir)/init/
+       $(INSTALL_DATA) lxc-net.conf $(DESTDIR)$(sysconfdir)/init/
+
+uninstall-upstart:
+       rm -f $(DESTDIR)$(sysconfdir)/init/lxc.conf
+       rm -f $(DESTDIR)$(sysconfdir)/init/lxc-instance.conf
+       rm -f $(DESTDIR)$(sysconfdir)/init/lxc-net.conf
+       rmdir $(DESTDIR)$(sysconfdir)/init || :
+else
+install-upstart:
+uninstall-upstart:
+endif
+
+install-data-local: install-upstart
+
+uninstall-local: uninstall-upstart

diff --git a/config/init/upstart/lxc-instance.conf b/config/init/upstart/lxc-instance.conf
new file mode 100644 (file)
index 0000000..58d045d
--- /dev/null
+++ b/config/init/upstart/lxc-instance.conf
@@ -0,0 +1,22 @@
+description "lxc instance"
+author "Christian Kampka <chris@emerge-life.de>"
+
+stop on stopping lxc
+
+# wait for 120 seconds for container to shutdown before killing it
+kill timeout 120
+
+# send SIGPWR to container to trigger a shutdown (see lxc-shutdown(1))
+kill signal SIGPWR
+
+
+instance $NAME
+usage "NAME=name of LXC instance"
+
+pre-start script
+       lxc-wait -s RUNNING -n $NAME -t 0 && { stop; exit 0; } || true
+end script
+
+script
+       exec lxc-start -n $NAME
+end script

diff --git a/config/init/upstart/lxc-net.conf b/config/init/upstart/lxc-net.conf
new file mode 100644 (file)
index 0000000..517bd2b
--- /dev/null
+++ b/config/init/upstart/lxc-net.conf
@@ -0,0 +1,86 @@
+description "lxc network"
+author "Serge Hallyn <serge.hallyn@canonical.com>"
+
+start on starting lxc
+stop on stopped lxc
+
+env USE_LXC_BRIDGE="false"
+env LXC_BRIDGE="lxcbr0"
+env LXC_ADDR="10.0.3.1"
+env LXC_NETMASK="255.255.255.0"
+env LXC_NETWORK="10.0.3.0/24"
+env LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
+env LXC_DHCP_MAX="253"
+env LXC_DHCP_CONFILE=""
+env varrun="/var/run/lxc"
+env LXC_DOMAIN=""
+
+pre-start script
+       [ -f /etc/default/lxc ] && . /etc/default/lxc
+
+       [ "x$USE_LXC_BRIDGE" = "xtrue" ] || { stop; exit 0; }
+
+       use_iptables_lock="-w"
+       iptables -w -L -n 2>&1 > /dev/null || use_iptables_lock=""
+       cleanup() {
+               # dnsmasq failed to start, clean up the bridge
+               iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
+               iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
+               iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
+               iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
+               iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true
+               iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
+               ifconfig ${LXC_BRIDGE} down || true
+               brctl delbr ${LXC_BRIDGE} || true
+       }
+
+       if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
+               if [ ! -f ${varrun}/network_up ]; then
+                       # bridge exists, but we didn't start it
+                       stop;
+               fi
+               exit 0;
+       fi
+
+       # set up the lxc network
+       brctl addbr ${LXC_BRIDGE} || { echo "Missing bridge support in kernel"; stop; exit 0; }
+       echo 1 > /proc/sys/net/ipv4/ip_forward
+       mkdir -p ${varrun}
+       ifconfig ${LXC_BRIDGE} ${LXC_ADDR} netmask ${LXC_NETMASK} up
+       iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
+       iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
+       iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
+       iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
+       iptables $use_iptables_lock -t nat -A POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE
+       iptables $use_iptables_lock -t mangle -A POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
+
+       LXC_DOMAIN_ARG=""
+       if [ -n "$LXC_DOMAIN" ]; then
+               LXC_DOMAIN_ARG="-s $LXC_DOMAIN"
+       fi
+       dnsmasq $LXC_DOMAIN_ARG -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file=${varrun}/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup
+       touch ${varrun}/network_up
+end script
+
+post-stop script
+       [ -f /etc/default/lxc ] && . /etc/default/lxc
+       [ -f "${varrun}/network_up" ] || exit 0;
+       # if $LXC_BRIDGE has attached interfaces, don't shut it down
+       ls /sys/class/net/${LXC_BRIDGE}/brif/* > /dev/null 2>&1 && exit 0;
+
+       if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
+               use_iptables_lock="-w"
+               iptables -w -L -n 2>&1 > /dev/null || use_iptables_lock=""
+               ifconfig ${LXC_BRIDGE} down
+               iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
+               iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
+               iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
+               iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
+               iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true
+               iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
+               pid=`cat ${varrun}/dnsmasq.pid 2>/dev/null` && kill -9 $pid || true
+               rm -f ${varrun}/dnsmasq.pid
+               brctl delbr ${LXC_BRIDGE}
+       fi
+       rm -f ${varrun}/network_up
+end script

diff --git a/config/init/upstart/lxc.conf b/config/init/upstart/lxc.conf
new file mode 100644 (file)
index 0000000..1a5c5c9
--- /dev/null
+++ b/config/init/upstart/lxc.conf
@@ -0,0 +1,27 @@
+description "lxc"
+author "Serge Hallyn <serge.hallyn@canonical.com>"
+
+start on runlevel [2345]
+stop on starting rc RUNLEVEL=[016]
+
+env LXC_AUTO="false"
+
+pre-start script
+       [ -f /etc/default/lxc ] && . /etc/default/lxc
+
+       # don't load profiles if mount mediation is not supported
+       SYSF=/sys/kernel/security/apparmor/features/mount/mask
+       if [ -f $SYSF ]; then
+               if [ -x /lib/init/apparmor-profile-load ]; then
+                       /lib/init/apparmor-profile-load usr.bin.lxc-start
+                       /lib/init/apparmor-profile-load lxc-containers
+               fi
+       fi
+
+       [ "x$LXC_AUTO" = "xtrue" ] || exit 0
+
+       lxc-autostart -L | while read line; do
+               set -- $line
+               (start lxc-instance NAME=$1 && sleep $2) || true
+       done
+end script

diff --git a/configure.ac b/configure.ac
index d8be165d08325827191d2df59e2414522279e11d..6b932994b467183b7c565f0bdca3974cbda4d7d5 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -78,7 +78,7 @@ AM_CONDITIONAL([DISTRO_UBUNTU], [test "x$with_distro" = "xubuntu"])
 AC_MSG_CHECKING([for init system type])
 AC_ARG_WITH([init-script],
            [AC_HELP_STRING([--with-init-script@<:@=TYPE@<:@,TYPE,...@:>@@:>@],
-                           [Type(s) of init script to install: sysv, systemd, upstart,
+                           [Type(s) of init script to install: sysvinit, systemd, upstart,
                             distro @<:@default=distro@:>@])],[],[with_init_script=distro])
 case "$with_init_script" in
        distro)
@@ -87,17 +87,17 @@ case "$with_init_script" in
                                init_script=systemd
                                ;;
                        redhat|centos|oracle|oracleserver)
-                               init_script=sysv
+                               init_script=sysvinit
                                ;;
                        debian)
-                               init_script=sysv,upstart,systemd
+                               init_script=upstart,systemd
                                ;;
                        ubuntu)
                                init_script=upstart
                                ;;
                        *)
-                               echo -n "Linux distribution init system unknown, defaulting to sysv"
-                               init_script=sysv
+                               echo -n "Linux distribution init system unknown."
+                               init_script=
                                ;;
                esac
                ;;
@@ -110,7 +110,7 @@ esac
 (IFS="," ; for init_sys in $init_script;
 do
        case "$init_sys" in
-               none|sysv|systemd|upstart)
+               none|sysvinit|systemd|upstart)
                        ;;
                *)
                        exit 1
@@ -118,7 +118,7 @@ do
        esac
 done) || AC_MSG_ERROR([Unknown init system type in $init_script])
 
-AM_CONDITIONAL([INIT_SCRIPT_SYSV], [echo "$init_script" |grep -q "sysv"])
+AM_CONDITIONAL([INIT_SCRIPT_SYSV], [echo "$init_script" |grep -q "sysvinit"])
 AM_CONDITIONAL([INIT_SCRIPT_SYSTEMD], [echo "$init_script" |grep -q "systemd"])
 AM_CONDITIONAL([INIT_SCRIPT_UPSTART], [echo "$init_script" |grep -q "upstart"])
 AC_MSG_RESULT($init_script)
@@ -547,6 +547,10 @@ AC_CONFIG_FILES([
        lxc.spec
 
        config/Makefile
+       config/init/Makefile
+       config/init/sysvinit/Makefile
+       config/init/systemd/Makefile
+       config/init/upstart/Makefile
        config/etc/Makefile
        config/templates/Makefile
        config/templates/debian.common.conf

diff --git a/lxc.spec.in b/lxc.spec.in
index 615fcd61d717e944a52d42448f309b7527e0df90..c8ff08e8f6a98f8e8aa5cb606d4d3913c619ed01 100644 (file)
--- a/lxc.spec.in
+++ b/lxc.spec.in
@@ -31,7 +31,7 @@
 BuildRequires: systemd-units
 %else
 %global with_systemd 0
-%define init_script sysv
+%define init_script sysvinit
 %endif
 
 # RPM needs alpha/beta/rc in Release: not Version: to ensure smooth

diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am
index 34d69a6095e870886654d7b1dda7cfc963bdcbd3..1a63fca0c7b3541b576e4e0d7b9be02bad5b5b78 100644 (file)
--- a/src/lxc/Makefile.am
+++ b/src/lxc/Makefile.am
@@ -165,11 +165,8 @@ bin_SCRIPTS = \
 
 EXTRA_DIST = \
        lxc-device \
-       lxc-devsetup \
        lxc-ls \
-       lxc-top \
-       lxc.service \
-       lxc.sysvinit
+       lxc-top
 
 if ENABLE_PYTHON
 bin_SCRIPTS += lxc-device
@@ -212,43 +209,6 @@ bin_PROGRAMS = \
 pkglibexec_PROGRAMS = \
        lxc-init
 
-if INIT_SCRIPT_SYSV
-install-init: lxc.sysvinit
-       $(MKDIR_P) $(DESTDIR)$(sysconfdir)/rc.d/init.d
-       $(INSTALL_SCRIPT) lxc.sysvinit $(DESTDIR)$(sysconfdir)/rc.d/init.d/lxc
-
-uninstall-init:
-       rm -f $(DESTDIR)$(sysconfdir)/rc.d/init.d/lxc
-       rmdir $(DESTDIR)$(sysconfdir)/rc.d/init.d || :
-else
-install-init:
-uninstall-init:
-endif
-
-if INIT_SCRIPT_SYSTEMD
-SYSTEMD_UNIT_DIR = /usr/lib/systemd/system
-install-systemd: lxc.service lxc-devsetup
-       $(MKDIR_P) $(DESTDIR)$(SYSTEMD_UNIT_DIR)
-       $(INSTALL_DATA) lxc.service $(DESTDIR)$(SYSTEMD_UNIT_DIR)/
-
-uninstall-systemd:
-       rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/lxc.service
-       rmdir $(DESTDIR)$(SYSTEMD_UNIT_DIR) || :
-pkglibexec_SCRIPTS = lxc-devsetup
-else
-install-systemd:
-uninstall-systemd:
-endif
-
-if INIT_SCRIPT_UPSTART
-# FIXME: install/uninstall upstart script here
-install-upstart:
-uninstall-upstart:
-else
-install-upstart:
-uninstall-upstart:
-endif
-
 AM_LDFLAGS = -Wl,-E
 if ENABLE_RPATH
 AM_LDFLAGS += -Wl,-rpath -Wl,$(libdir)
@@ -286,10 +246,6 @@ lxc_snapshot_SOURCES = lxc_snapshot.c
 lxc_usernsexec_SOURCES = lxc_usernsexec.c
 lxc_user_nic_SOURCES = lxc_user_nic.c network.c network.h
 
-install-data-local: install-init install-systemd install-upstart
-
-uninstall-local: uninstall-init uninstall-systemd uninstall-upstart
-
 install-exec-local: install-soPROGRAMS
        mkdir -p $(DESTDIR)$(datadir)/lxc
        install -c -m 644 lxc.functions $(DESTDIR)$(datadir)/lxc