| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
1. fix inconsistent use of '--auth-key' (not --auth_key) which broke their
usage
2. add --debug option to lxc-ubuntu (which does set -x to show what broke)
(idea from Idea from lifeless and benji)
3. fix incorrect assumption about group with -b option. User's default group
may not be the same as username.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
| |
Signed-off-by: InformatiQ <rhanna@informatiq.org>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
|
|
|
|
|
| |
Add a macaddr if precisely one veth is specified but no hwaddr. Allow
specifying ssh authkeys. In cloud template, copy locales by default and allow
a tarball to be specified.
Signed-off-by: Ben Howard <ben.howard@canonical.com>
Signed-off-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
|
|
|
|
|
| |
1. --path is meant to be passed by lxc-create, but should not be passed
in by users. Don't advertise it in --help.
2. --clean syntax ends up not making much sense. Get rid of it, and
add '--flush-cache' option instead.
Signed-off-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Author: Stéphane Graber <stgraber@ubuntu.com>
Use ubuntu/ubuntu instead of root/root by default. Stop
removing tty[56].conf in Precise. Stop messing with dhclient.conf.
Set devttydir on Precise to /dev/lxc to allow for clean upgrades.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Signed-off-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
|
|
|
| |
This is a new template to create containers based on the ubuntu
cloud images, rather than using debootstrap.
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
|
|
|
| |
lxcguest is no longer needed, as precise should boot in a container
un-modified.
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Support building a container of a foreign architecture if
qemu-user-static is installed. This is done by installing some packages
of the host architecture in the container using multi-arch.
Author: Stéphane Graber <stgraber@ubuntu.com>
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
1. Some templates copy the cached pristine rootfs using 'cp a b' where b is
$lxc_path/$name/rootfs. That doesn't do the right thing if rootfs already
exists, as it will when it is an lvm or other mount. So switch to
'rsync a/ b/'. (cp can be made to work too of course).
2. Update lxc-create to support backing stores. For now only lvm is
implemented.
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Particularly for LTS releases, which many people will want to use in
their containers, it is not wise to not use -security and -updates.
Furthermore the fix allowing ssh to allow the container to shut down
is in lucid-updates only.
With this patch, after debootstrapping a container, we add -updates
and -security to sources.list and do an apt-get upgrade under chroot.
Unfortunately we need to do this because debootstrap doesn't know how
to.
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
|
|
| |
Thanks for Scott Moser for these, which allows qemu to run inside a container.
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
|
|
|
|
|
| |
mac_admin stops the container from loading LSM policy. Neither
selinux nor apparmor currently will do well with automatic namespacing
of policy (though it's coming in apparmor, after which we can re-enable
this).
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
| |
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Particularly for LTS releases, which many people will want to use in
their containers, it is not wise to not use release-security and
release-updates. Furthermore the fix allowing ssh to allow the container
to shut down is in lucid-updates only.
With this patch, after debootstrapping a container, we add -updates and
-security to sources.list and do an upgrade under chroot. Unfortunately
we need to do this because debootstrap doesn't know how to.
Changelog:
Nov 14: as Stéphane Graber suggested, make sure no daemons start on
the host while doing dist-upgrade from chroot.
Nov 15: use security.ubuntu.com, not mirror. (stgraber)
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
|
|
| |
Allow mknod (fixing udev upgrades) and drop mac_override and mac_admin
from lxc.cap.drop as apparmor has/will have support for namespaces
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
|
| |
Hi, here's the patch which adds Arch linux container template
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The hardcoded URL seems to be broken and 404 error was not
checked. Now the mirror is selected from mirrorlist (instead of
hardcoding to funet.fi) and fetch errors are checked.
Also added a retry loop (with 3 tries) to find a working mirror, since
some of the mirrors are not OK.
Signed-off-by: Tuomas Suutari <tuomas.suutari@gmail.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
|
|
|
|
| |
There is no i686 variant of Fedora, but Ubuntu seems to return i686
from the arch command.
Signed-off-by: Tuomas Suutari <tuomas.suutari@gmail.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
|
|
|
|
| |
The text says that 14 is default, but release=14 was not set anywhere
in the script.
Signed-off-by: Tuomas Suutari <tuomas.suutari@gmail.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
|
|
|
| |
rely on "build" package, to ensure chroot can be created with
distribution older than 12.1
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
|
|
|
|
|
| |
It prevents containers from getting a good resolv.conf without doing
ifdown eth0; ifup eth0.
(see pad.lv/880020)
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
|
|
| |
Updates.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
--
|
| |
|
|
|
|
|
|
|
| |
Otherwise we end up with a bad container fstab and a container
that won't boot. See
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/879052
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
|
|
| |
Thought I had sent this before, but I don't find it anywhere.
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
|
|
|
|
|
| |
/dev/shm is a symlink to /run/shm, so we need /run/shm
to exist in the container rootfs. Also, /dev/mqueue does
not exist on the host, and can't be created by the container.
But we don't really need it so ignore that.
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
|
|
|
|
| |
This isn't particularly reassuring, and will be moot with user
namespaces, but as people are asking for it, turn off sys_module.
While we're at it, turn off mac_admin and mac_override.
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
| |
Signed-off-by: Tzafrir Cohen <tzafrir@cohens.org.il>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
| |
Signed-off-by: InformatiQ <rhanna@informatiq.org>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
|
|
| |
* if not running on fedora host amd -R is not set, use fedora 14 as default
* trap SIGHUP SIGINT SIGTERM, and cleanup before exiting
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
|
|
|
| |
templates/lxc-fedora.in | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
| |
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
| |
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
| |
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
| |
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
|
|
|
| |
Otherwise apt fails during and after debootstrap.
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
|
|
|
|
| |
When '-b user' is specified to lxc-ubuntu container creation template, do
not automatically add all the groups of which user is a member on the host,
to user's groups in the container.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
|
|
|
| |
As people seem to want it, i.e.
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/800886
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
src/lxc/conf.c will explicitly mount it anyway. Furthermore, the fstab
entry, which is getting processed first, did not specify -o newinstance.
This can cause the host's devpts entry mount options to change, as in
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/607636.
Note - I messed up. This was applied upstream, but I dropped it in
subsequent conversion to lxc-ubuntu template. It therefore needs to
be reapplied.
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The good news is, starting with next openSUSE release (and next SLES 11
Service Pack), patching /etc/init.d/boot won't be needed anymore for
LXC, we integrated detection of LXC (through container variable set to
lxc) in /etc/init.d/boot and /dev is no longer mounted automatically by
initscript.
Signed-off-by: Frederic Crozat <fcrozat@suse.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
|
|
|
| |
If can't match any valid release, use lucid.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
|
|
|
|
|
| |
when we don't have dpkg or udpkg
Changelog: [seh] Don't take arch from environment
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Consolidate lucid, maverick, natty, and oneiric templates into one 'ubuntu'
template.
Add support for specifying architecture.
Add support for '--trim|-x' option, which removes services like the lucid
template used to. This creates smaller, faster-booting containers, but they
will not be safe with certain upgrades, like mountall or udev. When -x is
not specified for lucid or maverick container, then install lxcguest from
the ubuntu-virt ppa, since it does not exist in the official archives, and
the container is not safe to boot without lxcguest.
Add support for '--bindhome <user>' option, which will cause /home/<user>
to be bind-mounted into the container, and create the user with his
original password, shell, and group memberships in the container.
changelog:
june 23:
lxc-ubuntu template: set lxc.arch in config
install lxcguest when NOT trimming the container
lxc-ubuntu: always install lxcguest in postprocess
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| | |
|
| |
|
|
| |
'dpkg --print-architecture' as debootstrap does
|
| |
|
|
|
|
|
|
|
| |
src/lxc/conf.c will explicitly mount it anyway. Furthermore, the fstab
entry, which is getting processed first, did not specify -o newinstance.
This can cause the host's devpts entry mount options to change, as in
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/607636.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
src/lxc/conf.c will explicitly mount it anyway. Furthermore, the fstab
entry, which is getting processed first, did not specify -o newinstance.
This can cause the host's devpts entry mount options to change, as in
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/607636.
I believe the lenny, fedora, and debian templates also will need an
update.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
|
| |
"udpate" should be "update" in configure_debian().
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Author of the patch : Jonathan Liu <???> posted as a bug fix on the lxc
sourceforge website.
OS: Arch Linux 32-bit
/etc/init.d/rcS do not use full path to syslogd, mount and udhcpc executables.
As busybox requires /proc mounted if CONFIG_BUSYBOX_EXEC_PATH="/proc/self/exe"
to run these commands without full path, the full path should be used in the
startup script as /proc is mounted later in the script.
It also fails to start the machine if /lib64 does not exist on the host system
as there is a mount entry for /lib64 in the config.
The attached patch changes commands in /etc/init.d/rcS to use full path and
adds a check for /lib64 on host before adding lib64 mount entries to config.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
We use udev within these containers and we prevent the /dev files
to be created with the cgroup whitelist. So when the udevd receives
the event from the kernel, it will fail to create some nodes in /dev
and will spit error on the console.
We set the log level to zero, so udev will silently fail.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rename 'ubuntu' template to 'lucid'
Add new maverick and natty templates, which do much less tweaking
of the environment. These should only be used on a kernel which
supports sysfs tagging for /sys/class/net, as udev will be running
in the container.
The natty template needed to slightly change the installed packages
for dhclient to be correclty installed.
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
Serge Hallyn
InformatiQ
Serge Hallyn
Stéphane Graber
Alexander Vladimirov
Tuomas Suutari
Frederic Crozat
Alexey Shabalin
Tzafrir Cohen
Alexey Shabalin
Daniel Lezcano
Serge Hallyn
Amit Uttamchandani
GitWeb