From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from pty.hi.pengutronix.de ([2001:67c:670:100:1d::c5]) by metis.ext.pengutronix.de with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1flsgI-0001Q8-Dt for ptxdist@pengutronix.de; Sat, 04 Aug 2018 11:17:02 +0200 Received: from mgr by pty.hi.pengutronix.de with local (Exim 4.89) (envelope-from ) id 1flsgI-0008NY-5a for ptxdist@pengutronix.de; Sat, 04 Aug 2018 11:17:02 +0200 Date: Sat, 4 Aug 2018 11:17:02 +0200 From: Michael Grzeschik Message-ID: <20180804091702.qzxwmfe5niabdi4a@pengutronix.de> References: <20180803133356.4177-1-m.grzeschik@pengutronix.de> <20180803133356.4177-3-m.grzeschik@pengutronix.de> MIME-Version: 1.0 In-Reply-To: <20180803133356.4177-3-m.grzeschik@pengutronix.de> Subject: Re: [ptxdist] [PATCH 2/3] lxc: add new package List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Content-Type: multipart/mixed; boundary="===============1891479960==" Errors-To: ptxdist-bounces@pengutronix.de Sender: "ptxdist" To: ptxdist@pengutronix.de --===============1891479960== Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="ypbwnkvmy2zjqq6u" Content-Disposition: inline --ypbwnkvmy2zjqq6u Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Aug 03, 2018 at 03:33:55PM +0200, Michael Grzeschik wrote: > This patch adds support for the lxc container system. We install the > userspace lib and application. We also add some small configuration to > be able to create a busybox based lxc container. >=20 > $ lxc-create -t busybox -n busybox01 > $ lxc-start busybox01 > $ cp /etc/shadow /var/lib/lxc/busybox01/rootfs/etc/shadow > $ lxc-console -n busybox01 >=20 > Inside the container we can prepare the network: >=20 > $ ip addr add 192.168.0.23/24 dev eth0 > $ ip link set eth0 up >=20 > This way the container has network support in an veth setup. >=20 > To make sure all necessary kernel options are enabled use: > $ CONFIG=3D$(BSP)/config/platform-$(platform)/kernelconfig lxc-checkconfig >=20 > Signed-off-by: Michael Grzeschik > --- > ...te-new-lxcbr0-subnet-at-startup-time.patch | 138 +++++++++++ > patches/lxc-3.0.1/series | 1 + > projectroot/etc/default/lxc-net | 7 + > projectroot/etc/lxc/default.conf | 4 + > rules/lxc.in | 67 ++++++ > rules/lxc.make | 219 ++++++++++++++++++ > 6 files changed, 436 insertions(+) > create mode 100644 patches/lxc-3.0.1/0001-Allocate-new-lxcbr0-subnet-at-= startup-time.patch > create mode 100644 patches/lxc-3.0.1/series > create mode 100644 projectroot/etc/default/lxc-net > create mode 100644 projectroot/etc/lxc/default.conf > create mode 100644 rules/lxc.in > create mode 100644 rules/lxc.make >=20 > diff --git a/patches/lxc-3.0.1/0001-Allocate-new-lxcbr0-subnet-at-startup= -time.patch b/patches/lxc-3.0.1/0001-Allocate-new-lxcbr0-subnet-at-startup-= time.patch > new file mode 100644 > index 000000000..411ed049a > --- /dev/null > +++ b/patches/lxc-3.0.1/0001-Allocate-new-lxcbr0-subnet-at-startup-time.p= atch > @@ -0,0 +1,138 @@ > +From 4ac6a6c863c5b27fbe37d24ee52ec0ee75a07286 Mon Sep 17 00:00:00 2001 > +From: =3D?UTF-8?q?St=3DC3=3DA9phane=3D20Graber?=3D > +Date: Tue, 3 Nov 2015 11:42:58 -0500 > +Subject: [PATCH] Allocate new lxcbr0 subnet at startup time > + > +--- > + config/init/common/lxc-net.in | 100 +++++++++++++++++++++++++++++++--- > + 1 file changed, 91 insertions(+), 9 deletions(-) > + > +diff --git a/config/init/common/lxc-net.in b/config/init/common/lxc-net.= in > +index df9f1181..6837be19 100644 > +--- a/config/init/common/lxc-net.in > ++++ b/config/init/common/lxc-net.in > +@@ -24,6 +24,85 @@ LXC_IPV6_MASK=3D"" > + LXC_IPV6_NETWORK=3D"" > + LXC_IPV6_NAT=3D"false" > +=20 > ++write_lxc_net() > ++{ > ++ local i=3D$1 > ++ cat >> $distrosysconfdir/lxc-net << EOF > ++# Leave USE_LXC_BRIDGE as "true" if you want to use lxcbr0 for your > ++# containers. Set to "false" if you'll use virbr0 or another existing > ++# bridge, or mavlan to your host's NIC. > ++USE_LXC_BRIDGE=3D"true" > ++ > ++# If you change the LXC_BRIDGE to something other than lxcbr0, then > ++# you will also need to update your /etc/lxc/default.conf as well as the > ++# configuration (/var/lib/lxc//config) for any containers > ++# already created using the default config to reflect the new bridge > ++# name. > ++# If you have the dnsmasq daemon installed, you'll also have to update > ++# /etc/dnsmasq.d/lxc and restart the system wide dnsmasq daemon. > ++LXC_BRIDGE=3D"lxcbr0" > ++LXC_ADDR=3D"10.0.$i.1" > ++LXC_NETMASK=3D"255.255.255.0" > ++LXC_NETWORK=3D"10.0.$i.0/24" > ++LXC_DHCP_RANGE=3D"10.0.$i.2,10.0.$i.254" > ++LXC_DHCP_MAX=3D"253" > ++# Uncomment the next line if you'd like to use a conf-file for the lxcb= r0 > ++# dnsmasq. For instance, you can use 'dhcp-host=3Dmail1,10.0.3.100' to= have > ++# container 'mail1' always get ip address 10.0.3.100. > ++#LXC_DHCP_CONFILE=3D/etc/lxc/dnsmasq.conf > ++ > ++# Uncomment the next line if you want lxcbr0's dnsmasq to resolve the .= lxc > ++# domain. You can then add "server=3D/lxc/10.0.$i.1' (or your actual \= $LXC_ADDR) > ++# to your system dnsmasq configuration file (normally /etc/dnsmasq.conf, > ++# or /etc/NetworkManager/dnsmasq.d/lxc.conf on systems that use Network= Manager). > ++# Once these changes are made, restart the lxc-net and network-manager = services. > ++# 'container1.lxc' will then resolve on your host. > ++#LXC_DOMAIN=3D"lxc" > ++EOF > ++} > ++ > ++configure_lxcbr0() > ++{ > ++ local i=3D3 > ++ cat > $distrosysconfdir/lxc-net << EOF > ++# This file is auto-generated by lxc.postinst if it does not > ++# exist. Customizations will not be overridden. > ++EOF > ++ # if lxcbr0 exists, keep using the same network > ++ if ip addr show lxcbr0 > /dev/null 2>&1 ; then > ++ i=3D`ip addr show lxcbr0 | grep "inet\>" | awk '{ print $2 }' |= awk -F. '{ print $3 }'` > ++ write_lxc_net $i > ++ return > ++ fi > ++ # if no lxcbr0, find an open 10.0.a.0 network > ++ for l in `ip addr show | grep "inet\>" |awk '{ print $2 }' | grep '= ^10\.0\.' | sort -n`; do > ++ j=3D`echo $l | awk -F. '{ print $3 }'` > ++ if [ $j -gt $i ]; then > ++ write_lxc_net $i > ++ return > ++ fi > ++ i=3D$((j+1)) > ++ done > ++ if [ $i -ne 254 ]; then > ++ write_lxc_net $i > ++ fi > ++} > ++ > ++update_lxcnet_config() > ++{ > ++ local i=3D3 > ++ # if lxcbr0 exists, keep using the same network > ++ if ip addr show lxcbr0 > /dev/null 2>&1 ; then > ++ return > ++ fi > ++ # our LXC_NET conflicts with an existing interface. Probably first > ++ # run after system install with package pre-install. Find a new su= bnet > ++ configure_lxcbr0 > ++ > ++ # and re-load the newly created config > ++ [ ! -f $distrosysconfdir/lxc-net ] || . $distrosysconfdir/lxc-net > ++} > ++ > + [ ! -f $distrosysconfdir/lxc ] || . $distrosysconfdir/lxc > +=20 > + use_iptables_lock=3D"-w" > +@@ -51,7 +130,19 @@ _ifup() { > + ip link set dev ${LXC_BRIDGE} up > + } > +=20 > ++cleanup() { > ++ set +e > ++ if [ "$FAILED" =3D "1" ]; then > ++ echo "Failed to setup lxc-net." >&2 > ++ stop force > ++ exit 1 > ++ fi > ++} > ++ > + start() { > ++ > ++ [ ! -f $distrosysconfdir/lxc-net ] && update_lxcnet_config > ++ > + [ "x$USE_LXC_BRIDGE" =3D "xtrue" ] || { exit 0; } > +=20 > + [ ! -f "${varrun}/network_up" ] || { echo "lxc-net is already runni= ng"; exit 1; } > +@@ -62,15 +153,6 @@ start() { > +=20 > + FAILED=3D1 > +=20 > +- cleanup() { > +- set +e > +- if [ "$FAILED" =3D "1" ]; then > +- echo "Failed to setup lxc-net." >&2 > +- stop force > +- exit 1 > +- fi > +- } > +- > + trap cleanup EXIT HUP INT TERM > + set -e > +=20 > +--=20 > +2.18.0 > + > diff --git a/patches/lxc-3.0.1/series b/patches/lxc-3.0.1/series > new file mode 100644 > index 000000000..5f855094f > --- /dev/null > +++ b/patches/lxc-3.0.1/series > @@ -0,0 +1 @@ > +0001-Allocate-new-lxcbr0-subnet-at-startup-time.patch > diff --git a/projectroot/etc/default/lxc-net b/projectroot/etc/default/lx= c-net > new file mode 100644 > index 000000000..054a09a0a > --- /dev/null > +++ b/projectroot/etc/default/lxc-net > @@ -0,0 +1,7 @@ > +USE_LXC_BRIDGE=3D"true" > +LXC_BRIDGE=3D"lxcbr0" > +LXC_ADDR=3D"192.168.1.1" > +LXC_NETMASK=3D"255.255.255.0" > +LXC_NETWORK=3D"192.168.1.0/24" > +LXC_DHCP_RANGE=3D"192.168.1.2,192.168.1.254" > +LXC_DHCP_MAX=3D"253" > diff --git a/projectroot/etc/lxc/default.conf b/projectroot/etc/lxc/defau= lt.conf > new file mode 100644 > index 000000000..e7af1e6ae > --- /dev/null > +++ b/projectroot/etc/lxc/default.conf > @@ -0,0 +1,4 @@ > +lxc.net.0.type =3D veth > +lxc.net.0.link =3D lxcbr0 > +lxc.net.0.flags =3D up > +lxc.net.0.hwaddr =3D 00:16:3e:11:22:34 > diff --git a/rules/lxc.in b/rules/lxc.in > new file mode 100644 > index 000000000..57c8249f1 > --- /dev/null > +++ b/rules/lxc.in > @@ -0,0 +1,67 @@ > +## SECTION=3Dsystem_libraries > + > +menuconfig LXC > + bool > + prompt "lxc " > + select GNUTLS if LXC_GNUTLS > + select LIBSELINUX if LXC_SELINUX > + select LIBSECCOMP if LXC_SECCOMP > + select SYSTEMD if LXC_SYSTEMD_UNIT > + help > + LXC is a userspace interface for the Linux kernel containment > + features. Through a powerful API and simple tools, it lets > + Linux users easily create and manage system or application > + containers. > + > +if LXC > + > +config LXC_GNUTLS > + bool > + prompt "LXC gnutls support" > + default n > + help > + Turn on to enable gnutls support in lxc > + > +config LXC_SELINUX > + bool > + prompt "LXC selinux support" > + default n > + help > + Turn on to enable selinux support in lxc > + > +config LXC_SECCOMP > + bool > + prompt "LXC seccomp support" > + default n > + help > + Turn on to enable seccomp support in lxc > + > +config LXC_SYSTEMD_UNIT > + bool When this is checked it will try to start a dnsmasq daemon. Will add the dependency in v2. > + prompt "LXC systemd unit" > + default INITMETHOD_SYSTEMD > + help > + Turn on to install systemd unit for lxc > + > +config LXC_TEST_TOOLS > + bool > + prompt "LXC test applications" > + default n > + help > + Turn on to enable building the lxc test applications > + > +config LXC_HOOKS > + bool > + prompt "LXC default hooks" > + default n > + help > + Turn on to install lxc default hooks > + > +config LXC_TEMPLATES > + bool > + prompt "LXC default templates" > + default n > + help > + Turn on to install lxc default templates > + > +endif > diff --git a/rules/lxc.make b/rules/lxc.make > new file mode 100644 > index 000000000..d4c25d7d7 > --- /dev/null > +++ b/rules/lxc.make > @@ -0,0 +1,219 @@ > +# -*-makefile-*- > +# > +# Copyright (C) 2018 by Michael Grzeschik > +# > +# See CREDITS for details about who has contributed to this project. > +# > +# For further information about the PTXdist project and license conditio= ns > +# see the README file. > +# > + > +# > +# We provide this package > +# > +PACKAGES-$(PTXCONF_LXC) +=3D lxc > + > +# > +# Paths and names > +# > +LXC_VERSION :=3D 3.0.1 > +LXC_MD5 :=3D 8eb396dde561e5832ba2d505513a1935 > +LXC :=3D lxc-$(LXC_VERSION) > +LXC_SUFFIX :=3D tar.gz > +LXC_URL :=3D https://linuxcontainers.org/downloads/lxc/$(LXC).$(LXC_SUF= FIX) > +LXC_SOURCE :=3D $(SRCDIR)/$(LXC).$(LXC_SUFFIX) > +LXC_DIR :=3D $(BUILDDIR)/$(LXC) > +LXC_LICENSE :=3D unknown > + > +# ----------------------------------------------------------------------= ------ > +# Prepare > +# ----------------------------------------------------------------------= ------ > + > +#LXC_CONF_ENV :=3D $(CROSS_ENV) > + > +# > +# autoconf > +# > +LXC_CONF_TOOL :=3D autoconf > +LXC_CONF_OPT :=3D \ > + $(CROSS_AUTOCONF_USR) \ > + --enable-silent-rules \ > + --enable-dependency-tracking \ > + --enable-shared \ > + --disable-static \ > + --disable-fast-install \ > + --disable-libtool-lock \ > + --disable-werror \ > + --disable-rpath \ > + --disable-doc \ > + --disable-api-docs \ > + --disable-apparmor \ > + --$(call ptx/endis, PTXCONF_LXC_GNUTLS)-gnutls \ > + --$(call ptx/endis, PTXCONF_LXC_SELINUX)-selinux \ > + --$(call ptx/endis, PTXCONF_LXC_SECCOMP)-seccomp \ > + --enable-capabilities \ > + --enable-examples \ > + --disable-mutex-debugging \ > + --enable-bash \ > + --enable-tools \ > + --enable-commands \ > + --$(call ptx/endis, PTXCONF_LXC_TEST_TOOLS)-tests \ > + --enable-configpath-log \ > + --disable-pam \ > + --with-init-script=3Dsystemd \ > + --with-systemdsystemunitdir=3D/usr/lib/systemd/system/ \ > + --with-usernic-conf \ > + --with-usernic-db \ > + --with-log-path=3D/var/log \ > + --with-pamdir=3Dnone > + > +# --with-global-conf=3D > +# --with-config-path=3D > +# --with-runtime-path=3D > +# --with-rootfs-path=3D > +# --with-cgroup-pattern=3D > + > +LXC_APPLICATIONS :=3D \ > + copy \ > + cgroup \ > + create \ > + snapshot \ > + freeze \ > + config \ > + monitor \ > + unfreeze \ > + device \ > + destroy \ > + ls \ > + console \ > + wait \ > + execute \ > + update-config \ > + stop \ > + checkconfig \ > + checkpoint \ > + usernsexec \ > + attach \ > + start \ > + top \ > + info \ > + autostart \ > + unshare > + > +ifdef PTXCONF_LXC_TEST_TOOLS > +LXC_TEST_TOOLS :=3D \ > + containertests \ > + may-control \ > + console \ > + locktests \ > + no-new-privs \ > + snapshot \ > + concurrent \ > + shutdowntest \ > + cgpath \ > + get_item \ > + criu-check-feature \ > + apparmor \ > + share-ns \ > + saveconfig \ > + clonetest \ > + createtest \ > + createconfig \ > + shortlived \ > + rootfs \ > + getkeys \ > + console-log \ > + attach \ > + reboot \ > + automount \ > + api-reboot \ > + destroytest \ > + startone \ > + raw-clone \ > + parse-config-file \ > + config-jump-table \ > + autostart \ > + state-server \ > + list \ > + device-add-remove \ > + cloneconfig \ > + utils \ > + lxcpath > +endif > + > +# ----------------------------------------------------------------------= ------ > +# Target-Install > +# ----------------------------------------------------------------------= ------ > + > +$(STATEDIR)/lxc.targetinstall: > + @$(call targetinfo) > + > + @$(call install_init, lxc) > + @$(call install_fixup, lxc, PRIORITY, optional) > + @$(call install_fixup, lxc, SECTION, base) > + @$(call install_fixup, lxc, AUTHOR, "Michael Grzeschik ") > + @$(call install_fixup, lxc, DESCRIPTION, missing) > + > + @$(call install_lib, lxc, 0, 0, 0644, liblxc); > + > + @$(call install_copy, lxc, 0, 0, 0644, /var/lib/lxc); > + > + @$(call install_tree, lxc, 0, 0, -, /usr/share/lxc/config); > + > +ifdef LXC_TEMPLATES This and the next variables should be prefixed with PTXCONF_ Will fix in v2. I blame the heat! :) Regards, Michael > + @$(call install_tree, lxc, 0, 0, -, /usr/share/lxc/templates); > +endif > + > +ifdef LXC_HOOKS > + @$(call install_tree, lxc, 0, 0, -, /usr/share/lxc/hooks); > +endif > + > +ifdef LXC_SELINUX > + @$(call install_tree, lxc, 0, 0, -, /usr/share/lxc/selinux); > +endif > + > + @$(call install_alternative, lxc, 0, 0, 0644, /etc/lxc/default.conf); > + @$(call install_alternative, lxc, 0, 0, 0644, /etc/default/lxc-net); > + > + @$(call install_copy, lxc, 0, 0, 0644, -, /etc/default/lxc) > + > + @$(foreach app, $(LXC_APPLICATIONS), \ > + $(call install_copy, lxc, 0, 0, 0755, $(LXC_PKGDIR)/usr/bin/lxc-$(app)= , \ > + /usr/bin/lxc-$(app))$(ptx/nl)) > + > + @$(foreach app, \ > + containers \ > + net \ > + apparmor-load \ > + user-nic \ > + monitord, \ > + $(call install_copy, lxc, 0, 0, 0755, -, \ > + /usr/libexec/lxc/lxc-$(app))$(ptx/nl)) > + > +ifdef PTXCONF_LXC_TEST_TOOLS > + @$(foreach app, $(LXC_TEST_TOOLS), \ > + $(call install_copy, lxc, 0, 0, 0755, $(LXC_PKGDIR)/usr/bin/lxc-test-$= (app), \ > + /usr/bin/lxc-tests/$(app))$(ptx/nl)) > +endif > + > +ifdef PTXCONF_SYSTEMD_UNIT > + @$(foreach rule, \ > + lxc.service \ > + lxc@.service \ > + lxc-net.service, \ > + $(call install_copy, lxc, 0, 0, 0644, -, \ > + /usr/lib/systemd/system/$(rule))$(ptx/nl)) > + > + @$(foreach rule, \ > + lxc.service \ > + lxc@.service \ > + lxc-net.service, \ > + $(call install_link, lxc, ../$(rule), \ > + /usr/lib/systemd/system/multi-user.target.wants/$(rule))$(ptx/nl)) > +endif > + > + @$(call install_finish, lxc) > + > + @$(call touch) > + > +# vim: syntax=3Dmake > --=20 > 2.18.0 >=20 >=20 > _______________________________________________ > ptxdist mailing list > ptxdist@pengutronix.de --=20 Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | --ypbwnkvmy2zjqq6u Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEElXvEUs6VPX6mDPT8C+njFXoeLGQFAltlbwsACgkQC+njFXoe LGRS8xAAo1ylPWEHDHGix0696qZbBwTJ5F9Hf+vAM3/lVW7616X2JuiypbTEvAHG /fQ0rrjFTYMavf6J96lG5KPTK01ujicw/QhiuaXDCL1gkzWy3FRz/HRP9b6+Gx70 rQMeDVlsGitxrGopR13OhPvTTpjYkDHc9JYnNEwLyciuok1t0wSWx/awai5AUnMB 7wGDLf0Nto/8R+HeOQnWN8qmxRm/bvvozid41Wt1rc77FM1QtCZ/z1nZxngoAJEI /+e84qEU74Vci9XjZfP4Dye/IiMnmmeiODn8n8w2K3WKb6SiLfcg7I7KXAyfFJRJ U0Dts5dXAQrICUA/FwM8gxPCc9MBKyLr4mRQu0D6vxAoPPmruNTkpPvUyVYfgE4s Vd9p2bZ0TO/PZ3PeTZ/daTQGlHNhuBUZ8O3rkRQXs1wVsPRzlWo0d1qS6fh1zwQy 8Fi8fOxwa8eNWrlJkn7De6AsjgOc2NOiHVf9D+BfUYmzF7kJFFMsUd6/i9hO3RGY yy/uPn5TKudcYNDFhRBgqM4IpoO4wlHtxUTM07rsi8Im++Db25sBPhh3PNzMoAZK 9uTNz2MhBN8BrTtApWSWo0HZMhQ2xe7FYYQwqZ5nACzakTZxNM9IN4v/4vmLLv5M 8nC3BH2U5gQ810SvrTzDC2hnDTBL1fTy/Y6OlSZnlZiPLae2S0I= =3LL0 -----END PGP SIGNATURE----- --ypbwnkvmy2zjqq6u-- --===============1891479960== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KcHR4ZGlzdCBt YWlsaW5nIGxpc3QKcHR4ZGlzdEBwZW5ndXRyb25peC5kZQ== --===============1891479960==--