Re: [ptxdist] [PATCH 2/3] lxc: add new package

[Michael Grzeschik <mgr@pengutronix.de>]

[-- Attachment #1.1: Type: text/plain, Size: 16076 bytes --]

On Fri, Aug 03, 2018 at 03:33:55PM +0200, Michael Grzeschik wrote:
> This patch adds support for the lxc container system. We install the
> userspace lib and application. We also add some small configuration to
> be able to create a busybox based lxc container.
> 
> $ lxc-create -t busybox -n busybox01
> $ lxc-start busybox01
> $ cp /etc/shadow /var/lib/lxc/busybox01/rootfs/etc/shadow
> $ lxc-console -n busybox01
> 
> Inside the container we can prepare the network:
> 
> $ ip addr add 192.168.0.23/24 dev eth0
> $ ip link set eth0 up
> 
> This way the container has network support in an veth setup.
> 
> To make sure all necessary kernel options are enabled use:
> $ CONFIG=$(BSP)/config/platform-$(platform)/kernelconfig lxc-checkconfig
> 
> Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
> ---
>  ...te-new-lxcbr0-subnet-at-startup-time.patch | 138 +++++++++++
>  patches/lxc-3.0.1/series                      |   1 +
>  projectroot/etc/default/lxc-net               |   7 +
>  projectroot/etc/lxc/default.conf              |   4 +
>  rules/lxc.in                                  |  67 ++++++
>  rules/lxc.make                                | 219 ++++++++++++++++++
>  6 files changed, 436 insertions(+)
>  create mode 100644 patches/lxc-3.0.1/0001-Allocate-new-lxcbr0-subnet-at-startup-time.patch
>  create mode 100644 patches/lxc-3.0.1/series
>  create mode 100644 projectroot/etc/default/lxc-net
>  create mode 100644 projectroot/etc/lxc/default.conf
>  create mode 100644 rules/lxc.in
>  create mode 100644 rules/lxc.make
> 
> diff --git a/patches/lxc-3.0.1/0001-Allocate-new-lxcbr0-subnet-at-startup-time.patch b/patches/lxc-3.0.1/0001-Allocate-new-lxcbr0-subnet-at-startup-time.patch
> new file mode 100644
> index 000000000..411ed049a
> --- /dev/null
> +++ b/patches/lxc-3.0.1/0001-Allocate-new-lxcbr0-subnet-at-startup-time.patch
> @@ -0,0 +1,138 @@
> +From 4ac6a6c863c5b27fbe37d24ee52ec0ee75a07286 Mon Sep 17 00:00:00 2001
> +From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@ubuntu.com>
> +Date: Tue, 3 Nov 2015 11:42:58 -0500
> +Subject: [PATCH] Allocate new lxcbr0 subnet at startup time
> +
> +---
> + config/init/common/lxc-net.in | 100 +++++++++++++++++++++++++++++++---
> + 1 file changed, 91 insertions(+), 9 deletions(-)
> +
> +diff --git a/config/init/common/lxc-net.in b/config/init/common/lxc-net.in
> +index df9f1181..6837be19 100644
> +--- a/config/init/common/lxc-net.in
> ++++ b/config/init/common/lxc-net.in
> +@@ -24,6 +24,85 @@ LXC_IPV6_MASK=""
> + LXC_IPV6_NETWORK=""
> + LXC_IPV6_NAT="false"
> + 
> ++write_lxc_net()
> ++{
> ++    local i=$1
> ++    cat >>  $distrosysconfdir/lxc-net << EOF
> ++# Leave USE_LXC_BRIDGE as "true" if you want to use lxcbr0 for your
> ++# containers.  Set to "false" if you'll use virbr0 or another existing
> ++# bridge, or mavlan to your host's NIC.
> ++USE_LXC_BRIDGE="true"
> ++
> ++# If you change the LXC_BRIDGE to something other than lxcbr0, then
> ++# you will also need to update your /etc/lxc/default.conf as well as the
> ++# configuration (/var/lib/lxc/<container>/config) for any containers
> ++# already created using the default config to reflect the new bridge
> ++# name.
> ++# If you have the dnsmasq daemon installed, you'll also have to update
> ++# /etc/dnsmasq.d/lxc and restart the system wide dnsmasq daemon.
> ++LXC_BRIDGE="lxcbr0"
> ++LXC_ADDR="10.0.$i.1"
> ++LXC_NETMASK="255.255.255.0"
> ++LXC_NETWORK="10.0.$i.0/24"
> ++LXC_DHCP_RANGE="10.0.$i.2,10.0.$i.254"
> ++LXC_DHCP_MAX="253"
> ++# Uncomment the next line if you'd like to use a conf-file for the lxcbr0
> ++# dnsmasq.  For instance, you can use 'dhcp-host=mail1,10.0.3.100' to have
> ++# container 'mail1' always get ip address 10.0.3.100.
> ++#LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf
> ++
> ++# Uncomment the next line if you want lxcbr0's dnsmasq to resolve the .lxc
> ++# domain.  You can then add "server=/lxc/10.0.$i.1' (or your actual \$LXC_ADDR)
> ++# to your system dnsmasq configuration file (normally /etc/dnsmasq.conf,
> ++# or /etc/NetworkManager/dnsmasq.d/lxc.conf on systems that use NetworkManager).
> ++# Once these changes are made, restart the lxc-net and network-manager services.
> ++# 'container1.lxc' will then resolve on your host.
> ++#LXC_DOMAIN="lxc"
> ++EOF
> ++}
> ++
> ++configure_lxcbr0()
> ++{
> ++    local i=3
> ++    cat >  $distrosysconfdir/lxc-net << EOF
> ++# This file is auto-generated by lxc.postinst if it does not
> ++# exist.  Customizations will not be overridden.
> ++EOF
> ++    # if lxcbr0 exists, keep using the same network
> ++    if  ip addr show lxcbr0 > /dev/null 2>&1 ; then
> ++        i=`ip addr show lxcbr0 | grep "inet\>" | awk '{ print $2 }' | awk -F. '{ print $3 }'`
> ++        write_lxc_net $i
> ++        return
> ++    fi
> ++    # if no lxcbr0, find an open 10.0.a.0 network
> ++    for l in `ip addr show | grep "inet\>" |awk '{ print $2 }' | grep '^10\.0\.' | sort -n`; do
> ++            j=`echo $l | awk -F. '{ print $3 }'`
> ++            if [ $j -gt $i ]; then
> ++                write_lxc_net $i
> ++                return
> ++            fi
> ++            i=$((j+1))
> ++    done
> ++    if [ $i -ne 254 ]; then
> ++        write_lxc_net $i
> ++    fi
> ++}
> ++
> ++update_lxcnet_config()
> ++{
> ++    local i=3
> ++    # if lxcbr0 exists, keep using the same network
> ++    if  ip addr show lxcbr0 > /dev/null 2>&1 ; then
> ++        return
> ++    fi
> ++    # our LXC_NET conflicts with an existing interface.  Probably first
> ++    # run after system install with package pre-install.  Find a new subnet
> ++    configure_lxcbr0
> ++
> ++    # and re-load the newly created config
> ++    [ ! -f $distrosysconfdir/lxc-net ] || . $distrosysconfdir/lxc-net
> ++}
> ++
> + [ ! -f $distrosysconfdir/lxc ] || . $distrosysconfdir/lxc
> + 
> + use_iptables_lock="-w"
> +@@ -51,7 +130,19 @@ _ifup() {
> +     ip link set dev ${LXC_BRIDGE} up
> + }
> + 
> ++cleanup() {
> ++    set +e
> ++    if [ "$FAILED" = "1" ]; then
> ++        echo "Failed to setup lxc-net." >&2
> ++        stop force
> ++        exit 1
> ++    fi
> ++}
> ++
> + start() {
> ++
> ++    [ ! -f $distrosysconfdir/lxc-net ] && update_lxcnet_config
> ++
> +     [ "x$USE_LXC_BRIDGE" = "xtrue" ] || { exit 0; }
> + 
> +     [ ! -f "${varrun}/network_up" ] || { echo "lxc-net is already running"; exit 1; }
> +@@ -62,15 +153,6 @@ start() {
> + 
> +     FAILED=1
> + 
> +-    cleanup() {
> +-        set +e
> +-        if [ "$FAILED" = "1" ]; then
> +-            echo "Failed to setup lxc-net." >&2
> +-            stop force
> +-            exit 1
> +-        fi
> +-    }
> +-
> +     trap cleanup EXIT HUP INT TERM
> +     set -e
> + 
> +-- 
> +2.18.0
> +
> diff --git a/patches/lxc-3.0.1/series b/patches/lxc-3.0.1/series
> new file mode 100644
> index 000000000..5f855094f
> --- /dev/null
> +++ b/patches/lxc-3.0.1/series
> @@ -0,0 +1 @@
> +0001-Allocate-new-lxcbr0-subnet-at-startup-time.patch
> diff --git a/projectroot/etc/default/lxc-net b/projectroot/etc/default/lxc-net
> new file mode 100644
> index 000000000..054a09a0a
> --- /dev/null
> +++ b/projectroot/etc/default/lxc-net
> @@ -0,0 +1,7 @@
> +USE_LXC_BRIDGE="true"
> +LXC_BRIDGE="lxcbr0"
> +LXC_ADDR="192.168.1.1"
> +LXC_NETMASK="255.255.255.0"
> +LXC_NETWORK="192.168.1.0/24"
> +LXC_DHCP_RANGE="192.168.1.2,192.168.1.254"
> +LXC_DHCP_MAX="253"
> diff --git a/projectroot/etc/lxc/default.conf b/projectroot/etc/lxc/default.conf
> new file mode 100644
> index 000000000..e7af1e6ae
> --- /dev/null
> +++ b/projectroot/etc/lxc/default.conf
> @@ -0,0 +1,4 @@
> +lxc.net.0.type = veth
> +lxc.net.0.link = lxcbr0
> +lxc.net.0.flags = up
> +lxc.net.0.hwaddr = 00:16:3e:11:22:34
> diff --git a/rules/lxc.in b/rules/lxc.in
> new file mode 100644
> index 000000000..57c8249f1
> --- /dev/null
> +++ b/rules/lxc.in
> @@ -0,0 +1,67 @@
> +## SECTION=system_libraries
> +
> +menuconfig LXC
> +	bool
> +	prompt "lxc                           "
> +	select GNUTLS			if LXC_GNUTLS
> +	select LIBSELINUX		if LXC_SELINUX
> +	select LIBSECCOMP		if LXC_SECCOMP
> +	select SYSTEMD			if LXC_SYSTEMD_UNIT
> +	help
> +	  LXC is a userspace interface for the Linux kernel containment
> +	  features. Through a powerful API and simple tools, it lets
> +	  Linux users easily create and manage system or application
> +	  containers.
> +
> +if LXC
> +
> +config LXC_GNUTLS
> +	bool
> +	prompt "LXC gnutls support"
> +	default n
> +	help
> +	  Turn on to enable gnutls support in lxc
> +
> +config LXC_SELINUX
> +	bool
> +	prompt "LXC selinux support"
> +	default n
> +	help
> +	  Turn on to enable selinux support in lxc
> +
> +config LXC_SECCOMP
> +	bool
> +	prompt "LXC seccomp support"
> +	default n
> +	help
> +	  Turn on to enable seccomp support in lxc
> +
> +config LXC_SYSTEMD_UNIT
> +	bool

When this is checked it will try to start
a dnsmasq daemon. Will add the dependency in v2.

> +	prompt "LXC systemd unit"
> +	default INITMETHOD_SYSTEMD
> +	help
> +	  Turn on to install systemd unit for lxc
> +
> +config LXC_TEST_TOOLS
> +	bool
> +	prompt "LXC test applications"
> +	default n
> +	help
> +	  Turn on to enable building the lxc test applications
> +
> +config LXC_HOOKS
> +	bool
> +	prompt "LXC default hooks"
> +	default n
> +	help
> +	  Turn on to install lxc default hooks
> +
> +config LXC_TEMPLATES
> +	bool
> +	prompt "LXC default templates"
> +	default n
> +	help
> +	  Turn on to install lxc default templates
> +
> +endif
> diff --git a/rules/lxc.make b/rules/lxc.make
> new file mode 100644
> index 000000000..d4c25d7d7
> --- /dev/null
> +++ b/rules/lxc.make
> @@ -0,0 +1,219 @@
> +# -*-makefile-*-
> +#
> +# Copyright (C) 2018 by Michael Grzeschik <mgr@pengutronix.de>
> +#
> +# See CREDITS for details about who has contributed to this project.
> +#
> +# For further information about the PTXdist project and license conditions
> +# see the README file.
> +#
> +
> +#
> +# We provide this package
> +#
> +PACKAGES-$(PTXCONF_LXC) += lxc
> +
> +#
> +# Paths and names
> +#
> +LXC_VERSION	:= 3.0.1
> +LXC_MD5		:= 8eb396dde561e5832ba2d505513a1935
> +LXC		:= lxc-$(LXC_VERSION)
> +LXC_SUFFIX	:= tar.gz
> +LXC_URL		:= https://linuxcontainers.org/downloads/lxc/$(LXC).$(LXC_SUFFIX)
> +LXC_SOURCE	:= $(SRCDIR)/$(LXC).$(LXC_SUFFIX)
> +LXC_DIR		:= $(BUILDDIR)/$(LXC)
> +LXC_LICENSE	:= unknown
> +
> +# ----------------------------------------------------------------------------
> +# Prepare
> +# ----------------------------------------------------------------------------
> +
> +#LXC_CONF_ENV	:= $(CROSS_ENV)
> +
> +#
> +# autoconf
> +#
> +LXC_CONF_TOOL	:= autoconf
> +LXC_CONF_OPT	:= \
> +	$(CROSS_AUTOCONF_USR) \
> +	--enable-silent-rules \
> +	--enable-dependency-tracking \
> +	--enable-shared \
> +	--disable-static \
> +	--disable-fast-install \
> +	--disable-libtool-lock \
> +	--disable-werror \
> +	--disable-rpath \
> +	--disable-doc \
> +	--disable-api-docs \
> +	--disable-apparmor \
> +	--$(call ptx/endis, PTXCONF_LXC_GNUTLS)-gnutls \
> +	--$(call ptx/endis, PTXCONF_LXC_SELINUX)-selinux \
> +	--$(call ptx/endis, PTXCONF_LXC_SECCOMP)-seccomp \
> +	--enable-capabilities \
> +	--enable-examples \
> +	--disable-mutex-debugging \
> +	--enable-bash \
> +	--enable-tools \
> +	--enable-commands \
> +	--$(call ptx/endis, PTXCONF_LXC_TEST_TOOLS)-tests \
> +	--enable-configpath-log \
> +	--disable-pam \
> +	--with-init-script=systemd \
> +	--with-systemdsystemunitdir=/usr/lib/systemd/system/ \
> +	--with-usernic-conf \
> +	--with-usernic-db \
> +	--with-log-path=/var/log \
> +	--with-pamdir=none
> +
> +#  --with-global-conf=
> +#  --with-config-path=
> +#  --with-runtime-path=
> +#  --with-rootfs-path=
> +#  --with-cgroup-pattern=
> +
> +LXC_APPLICATIONS := \
> +	copy \
> +	cgroup \
> +	create \
> +	snapshot \
> +	freeze \
> +	config \
> +	monitor \
> +	unfreeze \
> +	device \
> +	destroy \
> +	ls \
> +	console \
> +	wait \
> +	execute \
> +	update-config \
> +	stop \
> +	checkconfig \
> +	checkpoint \
> +	usernsexec \
> +	attach \
> +	start \
> +	top \
> +	info \
> +	autostart \
> +	unshare
> +
> +ifdef PTXCONF_LXC_TEST_TOOLS
> +LXC_TEST_TOOLS := \
> +	containertests \
> +	may-control \
> +	console \
> +	locktests \
> +	no-new-privs \
> +	snapshot \
> +	concurrent \
> +	shutdowntest \
> +	cgpath \
> +	get_item \
> +	criu-check-feature \
> +	apparmor \
> +	share-ns \
> +	saveconfig \
> +	clonetest \
> +	createtest \
> +	createconfig \
> +	shortlived \
> +	rootfs \
> +	getkeys \
> +	console-log \
> +	attach \
> +	reboot \
> +	automount \
> +	api-reboot \
> +	destroytest \
> +	startone \
> +	raw-clone \
> +	parse-config-file \
> +	config-jump-table \
> +	autostart \
> +	state-server \
> +	list \
> +	device-add-remove \
> +	cloneconfig \
> +	utils \
> +	lxcpath
> +endif
> +
> +# ----------------------------------------------------------------------------
> +# Target-Install
> +# ----------------------------------------------------------------------------
> +
> +$(STATEDIR)/lxc.targetinstall:
> +	@$(call targetinfo)
> +
> +	@$(call install_init, lxc)
> +	@$(call install_fixup, lxc, PRIORITY, optional)
> +	@$(call install_fixup, lxc, SECTION, base)
> +	@$(call install_fixup, lxc, AUTHOR, "Michael Grzeschik <mgr@pengutronix.de>")
> +	@$(call install_fixup, lxc, DESCRIPTION, missing)
> +
> +	@$(call install_lib, lxc, 0, 0, 0644, liblxc);
> +
> +	@$(call install_copy, lxc, 0, 0, 0644, /var/lib/lxc);
> +
> +	@$(call install_tree, lxc, 0, 0, -, /usr/share/lxc/config);
> +
> +ifdef LXC_TEMPLATES

This and the next variables should be prefixed with PTXCONF_

Will fix in v2.

I blame the heat! :)

Regards,
Michael

> +	@$(call install_tree, lxc, 0, 0, -, /usr/share/lxc/templates);
> +endif
> +
> +ifdef LXC_HOOKS
> +	@$(call install_tree, lxc, 0, 0, -, /usr/share/lxc/hooks);
> +endif
> +
> +ifdef LXC_SELINUX
> +	@$(call install_tree, lxc, 0, 0, -, /usr/share/lxc/selinux);
> +endif
> +
> +	@$(call install_alternative, lxc, 0, 0, 0644, /etc/lxc/default.conf);
> +	@$(call install_alternative, lxc, 0, 0, 0644, /etc/default/lxc-net);
> +
> +	@$(call install_copy, lxc, 0, 0, 0644, -, /etc/default/lxc)
> +
> +	@$(foreach app, $(LXC_APPLICATIONS), \
> +		$(call install_copy, lxc, 0, 0, 0755, $(LXC_PKGDIR)/usr/bin/lxc-$(app), \
> +			/usr/bin/lxc-$(app))$(ptx/nl))
> +
> +	@$(foreach app, \
> +		containers \
> +		net \
> +		apparmor-load \
> +		user-nic \
> +		monitord, \
> +		$(call install_copy, lxc, 0, 0, 0755, -, \
> +			/usr/libexec/lxc/lxc-$(app))$(ptx/nl))
> +
> +ifdef PTXCONF_LXC_TEST_TOOLS
> +	@$(foreach app, $(LXC_TEST_TOOLS), \
> +		$(call install_copy, lxc, 0, 0, 0755, $(LXC_PKGDIR)/usr/bin/lxc-test-$(app), \
> +			/usr/bin/lxc-tests/$(app))$(ptx/nl))
> +endif
> +
> +ifdef PTXCONF_SYSTEMD_UNIT
> +	@$(foreach rule, \
> +		lxc.service \
> +		lxc@.service \
> +		lxc-net.service, \
> +		$(call install_copy, lxc, 0, 0, 0644, -, \
> +			/usr/lib/systemd/system/$(rule))$(ptx/nl))
> +
> +	@$(foreach rule, \
> +		lxc.service \
> +		lxc@.service \
> +		lxc-net.service, \
> +		$(call install_link, lxc, ../$(rule), \
> +			/usr/lib/systemd/system/multi-user.target.wants/$(rule))$(ptx/nl))
> +endif
> +
> +	@$(call install_finish, lxc)
> +
> +	@$(call touch)
> +
> +# vim: syntax=make
> -- 
> 2.18.0
> 
> 
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

[-- Attachment #2: Type: text/plain, Size: 91 bytes --]

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de