From: Stéphane Graber Date: Thu, 16 Jan 2014 19:13:14 +0000 (-0500) Subject: init: Add upstart jobs and some more changes (v3) X-Git-Tag: lxc-1.0.0.beta3~95 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dc0682900a79cfb47fd9a416902129bfa68fdcbf;p=thirdparty%2Flxc.git init: Add upstart jobs and some more changes (v3) This adds the 3 upstart jobs that we've had in Ubuntu for a while: - lxc.conf: Main upstart job, triggers lxc-net.conf based on config - lxc-instance.conf: Triggered by lxc.conf for each auto-started container - lxc-net.conf: Triggered by lxc.conf, sets up lxcbr0, NAT, mangling, ... In addition, there are two extra config files in /etc/default: - lxc: Allows setting some values like http proxying, disabling autostart, ... - lxc-net: Network configuration for the lxcbr0 bridge This change also disables the sysv script for all distros but Oracle as the current script won't work on either Ubuntu nor Debian and I suspect quite a few more distros, so it's not nearly as distro-agnostic as we thought. For Debian, only install the upstart jobs and systemd unit. For Ubuntu, only install the upstart jobs. This change also moves all the init related stuff to config/init/ Signed-off-by: Stéphane Graber Acked-by: Serge E. Hallyn --- diff --git a/config/Makefile.am b/config/Makefile.am index 7ca23eb83..02ba9cee6 100644 --- a/config/Makefile.am +++ b/config/Makefile.am @@ -1 +1 @@ -SUBDIRS = etc templates +SUBDIRS = etc init templates diff --git a/config/init/Makefile.am b/config/init/Makefile.am new file mode 100644 index 000000000..e2ffe28ad --- /dev/null +++ b/config/init/Makefile.am @@ -0,0 +1 @@ +SUBDIRS = systemd sysvinit upstart diff --git a/config/init/systemd/Makefile.am b/config/init/systemd/Makefile.am new file mode 100644 index 000000000..82587b019 --- /dev/null +++ b/config/init/systemd/Makefile.am @@ -0,0 +1,26 @@ +EXTRA_DIST = \ + lxc-devsetup \ + lxc.service + +if INIT_SCRIPT_SYSTEMD +if HAVE_DEBIAN +SYSTEMD_UNIT_DIR = /lib/systemd/system +else +SYSTEMD_UNIT_DIR = /usr/lib/systemd/system +endif +install-systemd: lxc.service lxc-devsetup + $(MKDIR_P) $(DESTDIR)$(SYSTEMD_UNIT_DIR) + $(INSTALL_DATA) lxc.service $(DESTDIR)$(SYSTEMD_UNIT_DIR)/ + +uninstall-systemd: + rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/lxc.service + rmdir $(DESTDIR)$(SYSTEMD_UNIT_DIR) || : +pkglibexec_SCRIPTS = lxc-devsetup +else +install-systemd: +uninstall-systemd: +endif + +install-data-local: install-systemd + +uninstall-local: uninstall-systemd diff --git a/src/lxc/lxc-devsetup b/config/init/systemd/lxc-devsetup similarity index 100% rename from src/lxc/lxc-devsetup rename to config/init/systemd/lxc-devsetup diff --git a/src/lxc/lxc.service b/config/init/systemd/lxc.service similarity index 100% rename from src/lxc/lxc.service rename to config/init/systemd/lxc.service diff --git a/config/init/sysvinit/Makefile.am b/config/init/sysvinit/Makefile.am new file mode 100644 index 000000000..4372c2d14 --- /dev/null +++ b/config/init/sysvinit/Makefile.am @@ -0,0 +1,18 @@ +EXTRA_DIST = lxc + +if INIT_SCRIPT_SYSV +install-sysvinit: lxc + $(MKDIR_P) $(DESTDIR)$(sysconfdir)/rc.d/init.d + $(INSTALL_SCRIPT) lxc $(DESTDIR)$(sysconfdir)/rc.d/init.d/lxc + +uninstall-sysvinit: + rm -f $(DESTDIR)$(sysconfdir)/rc.d/init.d/lxc + rmdir $(DESTDIR)$(sysconfdir)/rc.d/init.d || : +else +install-sysvinit: +uninstall-sysvinit: +endif + +install-data-local: install-sysvinit + +uninstall-local: uninstall-sysvinit diff --git a/src/lxc/lxc.sysvinit b/config/init/sysvinit/lxc similarity index 100% rename from src/lxc/lxc.sysvinit rename to config/init/sysvinit/lxc diff --git a/config/init/upstart/Makefile.am b/config/init/upstart/Makefile.am new file mode 100644 index 000000000..fbca0bbee --- /dev/null +++ b/config/init/upstart/Makefile.am @@ -0,0 +1,22 @@ +EXTRA_DIST = lxc.conf lxc-instance.conf lxc-net.conf + +if INIT_SCRIPT_UPSTART +install-upstart: lxc.conf lxc-instance.conf lxc-net.conf + $(MKDIR_P) $(DESTDIR)$(sysconfdir)/init/ + $(INSTALL_DATA) lxc.conf $(DESTDIR)$(sysconfdir)/init/ + $(INSTALL_DATA) lxc-instance.conf $(DESTDIR)$(sysconfdir)/init/ + $(INSTALL_DATA) lxc-net.conf $(DESTDIR)$(sysconfdir)/init/ + +uninstall-upstart: + rm -f $(DESTDIR)$(sysconfdir)/init/lxc.conf + rm -f $(DESTDIR)$(sysconfdir)/init/lxc-instance.conf + rm -f $(DESTDIR)$(sysconfdir)/init/lxc-net.conf + rmdir $(DESTDIR)$(sysconfdir)/init || : +else +install-upstart: +uninstall-upstart: +endif + +install-data-local: install-upstart + +uninstall-local: uninstall-upstart diff --git a/config/init/upstart/lxc-instance.conf b/config/init/upstart/lxc-instance.conf new file mode 100644 index 000000000..58d045db6 --- /dev/null +++ b/config/init/upstart/lxc-instance.conf @@ -0,0 +1,22 @@ +description "lxc instance" +author "Christian Kampka " + +stop on stopping lxc + +# wait for 120 seconds for container to shutdown before killing it +kill timeout 120 + +# send SIGPWR to container to trigger a shutdown (see lxc-shutdown(1)) +kill signal SIGPWR + + +instance $NAME +usage "NAME=name of LXC instance" + +pre-start script + lxc-wait -s RUNNING -n $NAME -t 0 && { stop; exit 0; } || true +end script + +script + exec lxc-start -n $NAME +end script diff --git a/config/init/upstart/lxc-net.conf b/config/init/upstart/lxc-net.conf new file mode 100644 index 000000000..517bd2b80 --- /dev/null +++ b/config/init/upstart/lxc-net.conf @@ -0,0 +1,86 @@ +description "lxc network" +author "Serge Hallyn " + +start on starting lxc +stop on stopped lxc + +env USE_LXC_BRIDGE="false" +env LXC_BRIDGE="lxcbr0" +env LXC_ADDR="10.0.3.1" +env LXC_NETMASK="255.255.255.0" +env LXC_NETWORK="10.0.3.0/24" +env LXC_DHCP_RANGE="10.0.3.2,10.0.3.254" +env LXC_DHCP_MAX="253" +env LXC_DHCP_CONFILE="" +env varrun="/var/run/lxc" +env LXC_DOMAIN="" + +pre-start script + [ -f /etc/default/lxc ] && . /etc/default/lxc + + [ "x$USE_LXC_BRIDGE" = "xtrue" ] || { stop; exit 0; } + + use_iptables_lock="-w" + iptables -w -L -n 2>&1 > /dev/null || use_iptables_lock="" + cleanup() { + # dnsmasq failed to start, clean up the bridge + iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT + iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT + iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT + iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT + iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true + iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill + ifconfig ${LXC_BRIDGE} down || true + brctl delbr ${LXC_BRIDGE} || true + } + + if [ -d /sys/class/net/${LXC_BRIDGE} ]; then + if [ ! -f ${varrun}/network_up ]; then + # bridge exists, but we didn't start it + stop; + fi + exit 0; + fi + + # set up the lxc network + brctl addbr ${LXC_BRIDGE} || { echo "Missing bridge support in kernel"; stop; exit 0; } + echo 1 > /proc/sys/net/ipv4/ip_forward + mkdir -p ${varrun} + ifconfig ${LXC_BRIDGE} ${LXC_ADDR} netmask ${LXC_NETMASK} up + iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT + iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT + iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT + iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT + iptables $use_iptables_lock -t nat -A POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE + iptables $use_iptables_lock -t mangle -A POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill + + LXC_DOMAIN_ARG="" + if [ -n "$LXC_DOMAIN" ]; then + LXC_DOMAIN_ARG="-s $LXC_DOMAIN" + fi + dnsmasq $LXC_DOMAIN_ARG -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file=${varrun}/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup + touch ${varrun}/network_up +end script + +post-stop script + [ -f /etc/default/lxc ] && . /etc/default/lxc + [ -f "${varrun}/network_up" ] || exit 0; + # if $LXC_BRIDGE has attached interfaces, don't shut it down + ls /sys/class/net/${LXC_BRIDGE}/brif/* > /dev/null 2>&1 && exit 0; + + if [ -d /sys/class/net/${LXC_BRIDGE} ]; then + use_iptables_lock="-w" + iptables -w -L -n 2>&1 > /dev/null || use_iptables_lock="" + ifconfig ${LXC_BRIDGE} down + iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT + iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT + iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT + iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT + iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true + iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill + pid=`cat ${varrun}/dnsmasq.pid 2>/dev/null` && kill -9 $pid || true + rm -f ${varrun}/dnsmasq.pid + brctl delbr ${LXC_BRIDGE} + fi + rm -f ${varrun}/network_up +end script diff --git a/config/init/upstart/lxc.conf b/config/init/upstart/lxc.conf new file mode 100644 index 000000000..1a5c5c996 --- /dev/null +++ b/config/init/upstart/lxc.conf @@ -0,0 +1,27 @@ +description "lxc" +author "Serge Hallyn " + +start on runlevel [2345] +stop on starting rc RUNLEVEL=[016] + +env LXC_AUTO="false" + +pre-start script + [ -f /etc/default/lxc ] && . /etc/default/lxc + + # don't load profiles if mount mediation is not supported + SYSF=/sys/kernel/security/apparmor/features/mount/mask + if [ -f $SYSF ]; then + if [ -x /lib/init/apparmor-profile-load ]; then + /lib/init/apparmor-profile-load usr.bin.lxc-start + /lib/init/apparmor-profile-load lxc-containers + fi + fi + + [ "x$LXC_AUTO" = "xtrue" ] || exit 0 + + lxc-autostart -L | while read line; do + set -- $line + (start lxc-instance NAME=$1 && sleep $2) || true + done +end script diff --git a/configure.ac b/configure.ac index d8be165d0..6b932994b 100644 --- a/configure.ac +++ b/configure.ac @@ -78,7 +78,7 @@ AM_CONDITIONAL([DISTRO_UBUNTU], [test "x$with_distro" = "xubuntu"]) AC_MSG_CHECKING([for init system type]) AC_ARG_WITH([init-script], [AC_HELP_STRING([--with-init-script@<:@=TYPE@<:@,TYPE,...@:>@@:>@], - [Type(s) of init script to install: sysv, systemd, upstart, + [Type(s) of init script to install: sysvinit, systemd, upstart, distro @<:@default=distro@:>@])],[],[with_init_script=distro]) case "$with_init_script" in distro) @@ -87,17 +87,17 @@ case "$with_init_script" in init_script=systemd ;; redhat|centos|oracle|oracleserver) - init_script=sysv + init_script=sysvinit ;; debian) - init_script=sysv,upstart,systemd + init_script=upstart,systemd ;; ubuntu) init_script=upstart ;; *) - echo -n "Linux distribution init system unknown, defaulting to sysv" - init_script=sysv + echo -n "Linux distribution init system unknown." + init_script= ;; esac ;; @@ -110,7 +110,7 @@ esac (IFS="," ; for init_sys in $init_script; do case "$init_sys" in - none|sysv|systemd|upstart) + none|sysvinit|systemd|upstart) ;; *) exit 1 @@ -118,7 +118,7 @@ do esac done) || AC_MSG_ERROR([Unknown init system type in $init_script]) -AM_CONDITIONAL([INIT_SCRIPT_SYSV], [echo "$init_script" |grep -q "sysv"]) +AM_CONDITIONAL([INIT_SCRIPT_SYSV], [echo "$init_script" |grep -q "sysvinit"]) AM_CONDITIONAL([INIT_SCRIPT_SYSTEMD], [echo "$init_script" |grep -q "systemd"]) AM_CONDITIONAL([INIT_SCRIPT_UPSTART], [echo "$init_script" |grep -q "upstart"]) AC_MSG_RESULT($init_script) @@ -547,6 +547,10 @@ AC_CONFIG_FILES([ lxc.spec config/Makefile + config/init/Makefile + config/init/sysvinit/Makefile + config/init/systemd/Makefile + config/init/upstart/Makefile config/etc/Makefile config/templates/Makefile config/templates/debian.common.conf diff --git a/lxc.spec.in b/lxc.spec.in index 615fcd61d..c8ff08e8f 100644 --- a/lxc.spec.in +++ b/lxc.spec.in @@ -31,7 +31,7 @@ BuildRequires: systemd-units %else %global with_systemd 0 -%define init_script sysv +%define init_script sysvinit %endif # RPM needs alpha/beta/rc in Release: not Version: to ensure smooth diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am index 34d69a609..1a63fca0c 100644 --- a/src/lxc/Makefile.am +++ b/src/lxc/Makefile.am @@ -165,11 +165,8 @@ bin_SCRIPTS = \ EXTRA_DIST = \ lxc-device \ - lxc-devsetup \ lxc-ls \ - lxc-top \ - lxc.service \ - lxc.sysvinit + lxc-top if ENABLE_PYTHON bin_SCRIPTS += lxc-device @@ -212,43 +209,6 @@ bin_PROGRAMS = \ pkglibexec_PROGRAMS = \ lxc-init -if INIT_SCRIPT_SYSV -install-init: lxc.sysvinit - $(MKDIR_P) $(DESTDIR)$(sysconfdir)/rc.d/init.d - $(INSTALL_SCRIPT) lxc.sysvinit $(DESTDIR)$(sysconfdir)/rc.d/init.d/lxc - -uninstall-init: - rm -f $(DESTDIR)$(sysconfdir)/rc.d/init.d/lxc - rmdir $(DESTDIR)$(sysconfdir)/rc.d/init.d || : -else -install-init: -uninstall-init: -endif - -if INIT_SCRIPT_SYSTEMD -SYSTEMD_UNIT_DIR = /usr/lib/systemd/system -install-systemd: lxc.service lxc-devsetup - $(MKDIR_P) $(DESTDIR)$(SYSTEMD_UNIT_DIR) - $(INSTALL_DATA) lxc.service $(DESTDIR)$(SYSTEMD_UNIT_DIR)/ - -uninstall-systemd: - rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/lxc.service - rmdir $(DESTDIR)$(SYSTEMD_UNIT_DIR) || : -pkglibexec_SCRIPTS = lxc-devsetup -else -install-systemd: -uninstall-systemd: -endif - -if INIT_SCRIPT_UPSTART -# FIXME: install/uninstall upstart script here -install-upstart: -uninstall-upstart: -else -install-upstart: -uninstall-upstart: -endif - AM_LDFLAGS = -Wl,-E if ENABLE_RPATH AM_LDFLAGS += -Wl,-rpath -Wl,$(libdir) @@ -286,10 +246,6 @@ lxc_snapshot_SOURCES = lxc_snapshot.c lxc_usernsexec_SOURCES = lxc_usernsexec.c lxc_user_nic_SOURCES = lxc_user_nic.c network.c network.h -install-data-local: install-init install-systemd install-upstart - -uninstall-local: uninstall-init uninstall-systemd uninstall-upstart - install-exec-local: install-soPROGRAMS mkdir -p $(DESTDIR)$(datadir)/lxc install -c -m 644 lxc.functions $(DESTDIR)$(datadir)/lxc