From: Michael Grzeschik <m.grzeschik@pengutronix.de>
To: ptxdist@pengutronix.de
Subject: [ptxdist] [PATCH 2/3] lxc: add new package
Date: Fri, 3 Aug 2018 15:33:55 +0200 [thread overview]
Message-ID: <20180803133356.4177-3-m.grzeschik@pengutronix.de> (raw)
In-Reply-To: <20180803133356.4177-1-m.grzeschik@pengutronix.de>
This patch adds support for the lxc container system. We install the
userspace lib and application. We also add some small configuration to
be able to create a busybox based lxc container.
$ lxc-create -t busybox -n busybox01
$ lxc-start busybox01
$ cp /etc/shadow /var/lib/lxc/busybox01/rootfs/etc/shadow
$ lxc-console -n busybox01
Inside the container we can prepare the network:
$ ip addr add 192.168.0.23/24 dev eth0
$ ip link set eth0 up
This way the container has network support in an veth setup.
To make sure all necessary kernel options are enabled use:
$ CONFIG=$(BSP)/config/platform-$(platform)/kernelconfig lxc-checkconfig
Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
---
...te-new-lxcbr0-subnet-at-startup-time.patch | 138 +++++++++++
patches/lxc-3.0.1/series | 1 +
projectroot/etc/default/lxc-net | 7 +
projectroot/etc/lxc/default.conf | 4 +
rules/lxc.in | 67 ++++++
rules/lxc.make | 219 ++++++++++++++++++
6 files changed, 436 insertions(+)
create mode 100644 patches/lxc-3.0.1/0001-Allocate-new-lxcbr0-subnet-at-startup-time.patch
create mode 100644 patches/lxc-3.0.1/series
create mode 100644 projectroot/etc/default/lxc-net
create mode 100644 projectroot/etc/lxc/default.conf
create mode 100644 rules/lxc.in
create mode 100644 rules/lxc.make
diff --git a/patches/lxc-3.0.1/0001-Allocate-new-lxcbr0-subnet-at-startup-time.patch b/patches/lxc-3.0.1/0001-Allocate-new-lxcbr0-subnet-at-startup-time.patch
new file mode 100644
index 000000000..411ed049a
--- /dev/null
+++ b/patches/lxc-3.0.1/0001-Allocate-new-lxcbr0-subnet-at-startup-time.patch
@@ -0,0 +1,138 @@
+From 4ac6a6c863c5b27fbe37d24ee52ec0ee75a07286 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@ubuntu.com>
+Date: Tue, 3 Nov 2015 11:42:58 -0500
+Subject: [PATCH] Allocate new lxcbr0 subnet at startup time
+
+---
+ config/init/common/lxc-net.in | 100 +++++++++++++++++++++++++++++++---
+ 1 file changed, 91 insertions(+), 9 deletions(-)
+
+diff --git a/config/init/common/lxc-net.in b/config/init/common/lxc-net.in
+index df9f1181..6837be19 100644
+--- a/config/init/common/lxc-net.in
++++ b/config/init/common/lxc-net.in
+@@ -24,6 +24,85 @@ LXC_IPV6_MASK=""
+ LXC_IPV6_NETWORK=""
+ LXC_IPV6_NAT="false"
+
++write_lxc_net()
++{
++ local i=$1
++ cat >> $distrosysconfdir/lxc-net << EOF
++# Leave USE_LXC_BRIDGE as "true" if you want to use lxcbr0 for your
++# containers. Set to "false" if you'll use virbr0 or another existing
++# bridge, or mavlan to your host's NIC.
++USE_LXC_BRIDGE="true"
++
++# If you change the LXC_BRIDGE to something other than lxcbr0, then
++# you will also need to update your /etc/lxc/default.conf as well as the
++# configuration (/var/lib/lxc/<container>/config) for any containers
++# already created using the default config to reflect the new bridge
++# name.
++# If you have the dnsmasq daemon installed, you'll also have to update
++# /etc/dnsmasq.d/lxc and restart the system wide dnsmasq daemon.
++LXC_BRIDGE="lxcbr0"
++LXC_ADDR="10.0.$i.1"
++LXC_NETMASK="255.255.255.0"
++LXC_NETWORK="10.0.$i.0/24"
++LXC_DHCP_RANGE="10.0.$i.2,10.0.$i.254"
++LXC_DHCP_MAX="253"
++# Uncomment the next line if you'd like to use a conf-file for the lxcbr0
++# dnsmasq. For instance, you can use 'dhcp-host=mail1,10.0.3.100' to have
++# container 'mail1' always get ip address 10.0.3.100.
++#LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf
++
++# Uncomment the next line if you want lxcbr0's dnsmasq to resolve the .lxc
++# domain. You can then add "server=/lxc/10.0.$i.1' (or your actual \$LXC_ADDR)
++# to your system dnsmasq configuration file (normally /etc/dnsmasq.conf,
++# or /etc/NetworkManager/dnsmasq.d/lxc.conf on systems that use NetworkManager).
++# Once these changes are made, restart the lxc-net and network-manager services.
++# 'container1.lxc' will then resolve on your host.
++#LXC_DOMAIN="lxc"
++EOF
++}
++
++configure_lxcbr0()
++{
++ local i=3
++ cat > $distrosysconfdir/lxc-net << EOF
++# This file is auto-generated by lxc.postinst if it does not
++# exist. Customizations will not be overridden.
++EOF
++ # if lxcbr0 exists, keep using the same network
++ if ip addr show lxcbr0 > /dev/null 2>&1 ; then
++ i=`ip addr show lxcbr0 | grep "inet\>" | awk '{ print $2 }' | awk -F. '{ print $3 }'`
++ write_lxc_net $i
++ return
++ fi
++ # if no lxcbr0, find an open 10.0.a.0 network
++ for l in `ip addr show | grep "inet\>" |awk '{ print $2 }' | grep '^10\.0\.' | sort -n`; do
++ j=`echo $l | awk -F. '{ print $3 }'`
++ if [ $j -gt $i ]; then
++ write_lxc_net $i
++ return
++ fi
++ i=$((j+1))
++ done
++ if [ $i -ne 254 ]; then
++ write_lxc_net $i
++ fi
++}
++
++update_lxcnet_config()
++{
++ local i=3
++ # if lxcbr0 exists, keep using the same network
++ if ip addr show lxcbr0 > /dev/null 2>&1 ; then
++ return
++ fi
++ # our LXC_NET conflicts with an existing interface. Probably first
++ # run after system install with package pre-install. Find a new subnet
++ configure_lxcbr0
++
++ # and re-load the newly created config
++ [ ! -f $distrosysconfdir/lxc-net ] || . $distrosysconfdir/lxc-net
++}
++
+ [ ! -f $distrosysconfdir/lxc ] || . $distrosysconfdir/lxc
+
+ use_iptables_lock="-w"
+@@ -51,7 +130,19 @@ _ifup() {
+ ip link set dev ${LXC_BRIDGE} up
+ }
+
++cleanup() {
++ set +e
++ if [ "$FAILED" = "1" ]; then
++ echo "Failed to setup lxc-net." >&2
++ stop force
++ exit 1
++ fi
++}
++
+ start() {
++
++ [ ! -f $distrosysconfdir/lxc-net ] && update_lxcnet_config
++
+ [ "x$USE_LXC_BRIDGE" = "xtrue" ] || { exit 0; }
+
+ [ ! -f "${varrun}/network_up" ] || { echo "lxc-net is already running"; exit 1; }
+@@ -62,15 +153,6 @@ start() {
+
+ FAILED=1
+
+- cleanup() {
+- set +e
+- if [ "$FAILED" = "1" ]; then
+- echo "Failed to setup lxc-net." >&2
+- stop force
+- exit 1
+- fi
+- }
+-
+ trap cleanup EXIT HUP INT TERM
+ set -e
+
+--
+2.18.0
+
diff --git a/patches/lxc-3.0.1/series b/patches/lxc-3.0.1/series
new file mode 100644
index 000000000..5f855094f
--- /dev/null
+++ b/patches/lxc-3.0.1/series
@@ -0,0 +1 @@
+0001-Allocate-new-lxcbr0-subnet-at-startup-time.patch
diff --git a/projectroot/etc/default/lxc-net b/projectroot/etc/default/lxc-net
new file mode 100644
index 000000000..054a09a0a
--- /dev/null
+++ b/projectroot/etc/default/lxc-net
@@ -0,0 +1,7 @@
+USE_LXC_BRIDGE="true"
+LXC_BRIDGE="lxcbr0"
+LXC_ADDR="192.168.1.1"
+LXC_NETMASK="255.255.255.0"
+LXC_NETWORK="192.168.1.0/24"
+LXC_DHCP_RANGE="192.168.1.2,192.168.1.254"
+LXC_DHCP_MAX="253"
diff --git a/projectroot/etc/lxc/default.conf b/projectroot/etc/lxc/default.conf
new file mode 100644
index 000000000..e7af1e6ae
--- /dev/null
+++ b/projectroot/etc/lxc/default.conf
@@ -0,0 +1,4 @@
+lxc.net.0.type = veth
+lxc.net.0.link = lxcbr0
+lxc.net.0.flags = up
+lxc.net.0.hwaddr = 00:16:3e:11:22:34
diff --git a/rules/lxc.in b/rules/lxc.in
new file mode 100644
index 000000000..57c8249f1
--- /dev/null
+++ b/rules/lxc.in
@@ -0,0 +1,67 @@
+## SECTION=system_libraries
+
+menuconfig LXC
+ bool
+ prompt "lxc "
+ select GNUTLS if LXC_GNUTLS
+ select LIBSELINUX if LXC_SELINUX
+ select LIBSECCOMP if LXC_SECCOMP
+ select SYSTEMD if LXC_SYSTEMD_UNIT
+ help
+ LXC is a userspace interface for the Linux kernel containment
+ features. Through a powerful API and simple tools, it lets
+ Linux users easily create and manage system or application
+ containers.
+
+if LXC
+
+config LXC_GNUTLS
+ bool
+ prompt "LXC gnutls support"
+ default n
+ help
+ Turn on to enable gnutls support in lxc
+
+config LXC_SELINUX
+ bool
+ prompt "LXC selinux support"
+ default n
+ help
+ Turn on to enable selinux support in lxc
+
+config LXC_SECCOMP
+ bool
+ prompt "LXC seccomp support"
+ default n
+ help
+ Turn on to enable seccomp support in lxc
+
+config LXC_SYSTEMD_UNIT
+ bool
+ prompt "LXC systemd unit"
+ default INITMETHOD_SYSTEMD
+ help
+ Turn on to install systemd unit for lxc
+
+config LXC_TEST_TOOLS
+ bool
+ prompt "LXC test applications"
+ default n
+ help
+ Turn on to enable building the lxc test applications
+
+config LXC_HOOKS
+ bool
+ prompt "LXC default hooks"
+ default n
+ help
+ Turn on to install lxc default hooks
+
+config LXC_TEMPLATES
+ bool
+ prompt "LXC default templates"
+ default n
+ help
+ Turn on to install lxc default templates
+
+endif
diff --git a/rules/lxc.make b/rules/lxc.make
new file mode 100644
index 000000000..d4c25d7d7
--- /dev/null
+++ b/rules/lxc.make
@@ -0,0 +1,219 @@
+# -*-makefile-*-
+#
+# Copyright (C) 2018 by Michael Grzeschik <mgr@pengutronix.de>
+#
+# See CREDITS for details about who has contributed to this project.
+#
+# For further information about the PTXdist project and license conditions
+# see the README file.
+#
+
+#
+# We provide this package
+#
+PACKAGES-$(PTXCONF_LXC) += lxc
+
+#
+# Paths and names
+#
+LXC_VERSION := 3.0.1
+LXC_MD5 := 8eb396dde561e5832ba2d505513a1935
+LXC := lxc-$(LXC_VERSION)
+LXC_SUFFIX := tar.gz
+LXC_URL := https://linuxcontainers.org/downloads/lxc/$(LXC).$(LXC_SUFFIX)
+LXC_SOURCE := $(SRCDIR)/$(LXC).$(LXC_SUFFIX)
+LXC_DIR := $(BUILDDIR)/$(LXC)
+LXC_LICENSE := unknown
+
+# ----------------------------------------------------------------------------
+# Prepare
+# ----------------------------------------------------------------------------
+
+#LXC_CONF_ENV := $(CROSS_ENV)
+
+#
+# autoconf
+#
+LXC_CONF_TOOL := autoconf
+LXC_CONF_OPT := \
+ $(CROSS_AUTOCONF_USR) \
+ --enable-silent-rules \
+ --enable-dependency-tracking \
+ --enable-shared \
+ --disable-static \
+ --disable-fast-install \
+ --disable-libtool-lock \
+ --disable-werror \
+ --disable-rpath \
+ --disable-doc \
+ --disable-api-docs \
+ --disable-apparmor \
+ --$(call ptx/endis, PTXCONF_LXC_GNUTLS)-gnutls \
+ --$(call ptx/endis, PTXCONF_LXC_SELINUX)-selinux \
+ --$(call ptx/endis, PTXCONF_LXC_SECCOMP)-seccomp \
+ --enable-capabilities \
+ --enable-examples \
+ --disable-mutex-debugging \
+ --enable-bash \
+ --enable-tools \
+ --enable-commands \
+ --$(call ptx/endis, PTXCONF_LXC_TEST_TOOLS)-tests \
+ --enable-configpath-log \
+ --disable-pam \
+ --with-init-script=systemd \
+ --with-systemdsystemunitdir=/usr/lib/systemd/system/ \
+ --with-usernic-conf \
+ --with-usernic-db \
+ --with-log-path=/var/log \
+ --with-pamdir=none
+
+# --with-global-conf=
+# --with-config-path=
+# --with-runtime-path=
+# --with-rootfs-path=
+# --with-cgroup-pattern=
+
+LXC_APPLICATIONS := \
+ copy \
+ cgroup \
+ create \
+ snapshot \
+ freeze \
+ config \
+ monitor \
+ unfreeze \
+ device \
+ destroy \
+ ls \
+ console \
+ wait \
+ execute \
+ update-config \
+ stop \
+ checkconfig \
+ checkpoint \
+ usernsexec \
+ attach \
+ start \
+ top \
+ info \
+ autostart \
+ unshare
+
+ifdef PTXCONF_LXC_TEST_TOOLS
+LXC_TEST_TOOLS := \
+ containertests \
+ may-control \
+ console \
+ locktests \
+ no-new-privs \
+ snapshot \
+ concurrent \
+ shutdowntest \
+ cgpath \
+ get_item \
+ criu-check-feature \
+ apparmor \
+ share-ns \
+ saveconfig \
+ clonetest \
+ createtest \
+ createconfig \
+ shortlived \
+ rootfs \
+ getkeys \
+ console-log \
+ attach \
+ reboot \
+ automount \
+ api-reboot \
+ destroytest \
+ startone \
+ raw-clone \
+ parse-config-file \
+ config-jump-table \
+ autostart \
+ state-server \
+ list \
+ device-add-remove \
+ cloneconfig \
+ utils \
+ lxcpath
+endif
+
+# ----------------------------------------------------------------------------
+# Target-Install
+# ----------------------------------------------------------------------------
+
+$(STATEDIR)/lxc.targetinstall:
+ @$(call targetinfo)
+
+ @$(call install_init, lxc)
+ @$(call install_fixup, lxc, PRIORITY, optional)
+ @$(call install_fixup, lxc, SECTION, base)
+ @$(call install_fixup, lxc, AUTHOR, "Michael Grzeschik <mgr@pengutronix.de>")
+ @$(call install_fixup, lxc, DESCRIPTION, missing)
+
+ @$(call install_lib, lxc, 0, 0, 0644, liblxc);
+
+ @$(call install_copy, lxc, 0, 0, 0644, /var/lib/lxc);
+
+ @$(call install_tree, lxc, 0, 0, -, /usr/share/lxc/config);
+
+ifdef LXC_TEMPLATES
+ @$(call install_tree, lxc, 0, 0, -, /usr/share/lxc/templates);
+endif
+
+ifdef LXC_HOOKS
+ @$(call install_tree, lxc, 0, 0, -, /usr/share/lxc/hooks);
+endif
+
+ifdef LXC_SELINUX
+ @$(call install_tree, lxc, 0, 0, -, /usr/share/lxc/selinux);
+endif
+
+ @$(call install_alternative, lxc, 0, 0, 0644, /etc/lxc/default.conf);
+ @$(call install_alternative, lxc, 0, 0, 0644, /etc/default/lxc-net);
+
+ @$(call install_copy, lxc, 0, 0, 0644, -, /etc/default/lxc)
+
+ @$(foreach app, $(LXC_APPLICATIONS), \
+ $(call install_copy, lxc, 0, 0, 0755, $(LXC_PKGDIR)/usr/bin/lxc-$(app), \
+ /usr/bin/lxc-$(app))$(ptx/nl))
+
+ @$(foreach app, \
+ containers \
+ net \
+ apparmor-load \
+ user-nic \
+ monitord, \
+ $(call install_copy, lxc, 0, 0, 0755, -, \
+ /usr/libexec/lxc/lxc-$(app))$(ptx/nl))
+
+ifdef PTXCONF_LXC_TEST_TOOLS
+ @$(foreach app, $(LXC_TEST_TOOLS), \
+ $(call install_copy, lxc, 0, 0, 0755, $(LXC_PKGDIR)/usr/bin/lxc-test-$(app), \
+ /usr/bin/lxc-tests/$(app))$(ptx/nl))
+endif
+
+ifdef PTXCONF_SYSTEMD_UNIT
+ @$(foreach rule, \
+ lxc.service \
+ lxc@.service \
+ lxc-net.service, \
+ $(call install_copy, lxc, 0, 0, 0644, -, \
+ /usr/lib/systemd/system/$(rule))$(ptx/nl))
+
+ @$(foreach rule, \
+ lxc.service \
+ lxc@.service \
+ lxc-net.service, \
+ $(call install_link, lxc, ../$(rule), \
+ /usr/lib/systemd/system/multi-user.target.wants/$(rule))$(ptx/nl))
+endif
+
+ @$(call install_finish, lxc)
+
+ @$(call touch)
+
+# vim: syntax=make
--
2.18.0
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
next prev parent reply other threads:[~2018-08-03 13:33 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-03 13:33 [ptxdist] [PATCH 0/3] lxc: add support in ptxdist Michael Grzeschik
2018-08-03 13:33 ` [ptxdist] [PATCH 1/3] busybox: don't install /sbin/init link if busybox is not the initmethod Michael Grzeschik
2018-08-03 15:04 ` Michael Grzeschik
2018-08-03 13:33 ` Michael Grzeschik [this message]
2018-08-04 9:17 ` [ptxdist] [PATCH 2/3] lxc: add new package Michael Grzeschik
2018-08-03 13:33 ` [ptxdist] [PATCH 3/3] host-lxc: add new hostside package Michael Grzeschik
2018-08-03 15:05 ` Michael Grzeschik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180803133356.4177-3-m.grzeschik@pengutronix.de \
--to=m.grzeschik@pengutronix.de \
--cc=ptxdist@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox