# Make sure the usual locations are in PATH
export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin
-# use virbr0 that is setup by default by libvirtd
-lxc_network_type=veth
-lxc_network_link=virbr0
-
die()
{
echo "failed: $1"
fi
sed -i 's|session[ \t]*required[ \t]*pam_selinux.so[ \t]*close|#session required pam_selinux.so close|' $container_rootfs/etc/pam.d/login
sed -i 's|session[ \t]*required[ \t]*pam_selinux.so[ \t]*open|#session required pam_selinux.so open|' $container_rootfs/etc/pam.d/login
+ sed -i 's|session[ \t]*required[ \t]*pam_selinux.so[ \t]*close|#session required pam_selinux.so close|' $container_rootfs/etc/pam.d/sshd
+ sed -i 's|session[ \t]*required[ \t]*pam_selinux.so[ \t]*open|#session required pam_selinux.so open|' $container_rootfs/etc/pam.d/sshd
# setting /proc/$$/loginuid doesn't work under user namespace, which
# prevents logins from working
# OL7 has systemd, no rc.sysinit
if [ $container_release_major = "7" ]; then
- # from mhw in the fedora template: We do need to disable the
- # "ConditionalPathExists=/dev/tty0" line or no gettys are started on
- # the ttys in the container. Lets do it in an override copy of the
- # service so it can still pass rpm verifies and not be automatically
- # updated by a new systemd version.
- sed -e 's/^ConditionPathExists=/#LXC ConditionPathExists=/' \
- < $container_rootfs/usr/lib/systemd/system/getty\@.service \
- > $container_rootfs/etc/systemd/system/getty\@.service
- # Setup getty service on the 4 ttys we are going to allow in the
- # default config. Number should match lxc.tty
- ( cd $container_rootfs/etc/systemd/system/getty.target.wants
- for i in 1 2 3 4 ; do ln -sf ../getty\@.service getty@tty${i}.service; done )
+ # with newer systemd (OL7.2), getty service include container-getty.service
+ # let that be the one who manage the getty service instead
+ if [ ! -f $container_rootfs/usr/lib/systemd/system/container-getty@.service ]; then
+ # from mhw in the fedora template: We do need to disable the
+ # "ConditionalPathExists=/dev/tty0" line or no gettys are started on
+ # the ttys in the container. Lets do it in an override copy of the
+ # service so it can still pass rpm verifies and not be automatically
+ # updated by a new systemd version.
+ sed -e 's/^ConditionPathExists=/#LXC ConditionPathExists=/' \
+ < $container_rootfs/usr/lib/systemd/system/getty\@.service \
+ > $container_rootfs/etc/systemd/system/getty\@.service
+ # Setup getty service on the 4 ttys we are going to allow in the
+ # default config. Number should match lxc.tty
+ ( cd $container_rootfs/etc/systemd/system/getty.target.wants
+ for i in 1 2 3 4 ; do ln -sf ../getty\@.service getty@tty${i}.service; done )
+ # We only want to spawn a getty on /dev/console in lxc, libvirt-lxc
+ # symlinks /dev/console to /dev/tty1
+ sed -i '/Before=getty.target/a ConditionVirtualization=lxc' $container_rootfs/usr/lib/systemd/system/console-getty.service
+ fi
# disable some systemd services, set default boot, sigpwr target
rm -f $container_rootfs/usr/lib/systemd/system/sysinit.target.wants/kmod-static-nodes.service
chroot $container_rootfs systemctl -q disable graphical.target
chroot $container_rootfs systemctl -q enable multi-user.target
- if [ ! -e $container_rootfs/etc/systemd/system/sigpwr.target ]; then
- chroot $container_rootfs ln -s /usr/lib/systemd/system/halt.target /etc/systemd/system/sigpwr.target
- fi
# systemd in userns won't be able to set /proc/self/oom_score_adj which
# prevents the dbus service from starting
if [ $container_release_major = "4" -o $container_release_major = "5" ]; then
grep -q "mount -t tmpfs tmpfs /dev/shm" $container_rootfs/etc/rc.sysinit
if [ $? -eq 1 ]; then
- echo "mount -t tmpfs tmpfs /dev/shm" >>$container_rootfs/etc/rc.sysinit
- echo "mount -t tmpfs tmpfs /dev/shm" >>$container_rootfs/etc/rc.d/rc.sysinit
+ echo "mkdir -p /dev/shm && mount -t tmpfs tmpfs /dev/shm" >>$container_rootfs/etc/rc.sysinit
+ echo "mkdir -p /dev/shm && mount -t tmpfs tmpfs /dev/shm" >>$container_rootfs/etc/rc.d/rc.sysinit
fi
fi
if [ $container_release_major = "6" ]; then
- sed -i 's|mount -n -o remount /dev/shm >/dev/null 2>&1$|mount -t tmpfs tmpfs /dev/shm # LXC|' $container_rootfs/etc/rc.sysinit
- sed -i 's|mount -n -o remount /dev/shm >/dev/null 2>&1$|mount -t tmpfs tmpfs /dev/shm # LXC|' $container_rootfs/etc/rc.d/rc.sysinit
+ sed -i 's|mount -n -o remount /dev/shm >/dev/null 2>&1$|mkdir -p /dev/shm \&\& mount -t tmpfs tmpfs /dev/shm # LXC|' $container_rootfs/etc/rc.sysinit
+ sed -i 's|mount -n -o remount /dev/shm >/dev/null 2>&1$|mkdir -p /dev/shm \&\& mount -t tmpfs tmpfs /dev/shm # LXC|' $container_rootfs/etc/rc.d/rc.sysinit
fi
# there might be other services that are useless but the below set is a good start
BOOTPROTO=dhcp
ONBOOT=yes
HOSTNAME=$name
-DHCP_HOSTNAME=$name
+DHCP_HOSTNAME=\`hostname\`
NM_CONTROLLED=no
TYPE=Ethernet
EOF
# set the hostname
+ if [ $container_release_major -ge "7" ]; then
+ # systemd honors /etc/hostname
+ echo "$name" >$container_rootfs/etc/hostname
+ fi
cat <<EOF > $container_rootfs/etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
# /dev/tty[1-4] will be symlinks to the ptys /dev/lxc/console and
# /dev/lxc/tty[1-4] so that package updates can overwrite the symlinks.
# lxc will maintain these links and bind mount ptys over /dev/lxc/*
- # since lxc.devttydir is specified in the config.
+ # since lxc.tty.dir is specified in the config.
# allow root login on console, tty[1-4], and pts/0 for libvirt
echo "# LXC (Linux Containers)" >>$container_rootfs/etc/securetty
echo "lxc/console" >>$container_rootfs/etc/securetty
- echo "lxc/tty1" >>$container_rootfs/etc/securetty
- echo "lxc/tty2" >>$container_rootfs/etc/securetty
- echo "lxc/tty3" >>$container_rootfs/etc/securetty
- echo "lxc/tty4" >>$container_rootfs/etc/securetty
+ for i in 1 2 3 4; do
+ echo "lxc/tty$i" >>$container_rootfs/etc/securetty
+ done
echo "# For libvirt/Virtual Machine Monitor" >>$container_rootfs/etc/securetty
- echo "pts/0" >>$container_rootfs/etc/securetty
+ for i in 0 1 2 3 4; do
+ echo "pts/$i" >>$container_rootfs/etc/securetty
+ done
# prevent mingetty from calling vhangup(2) since it fails with userns
if [ -f $container_rootfs/etc/init/tty.conf ]; then
sed -i 's|mingetty|mingetty --nohangup|' $container_rootfs/etc/init/tty.conf
fi
+ # create maygetty which only spawns a getty on the console when running
+ # under lxc, not libvirt-lxc which symlinks /dev/console to the same pty
+ # as /dev/tty1
+ cat <<EOF >$container_rootfs/sbin/maygetty
+#!/bin/sh
+if [ "\$container" = "lxc" ]; then
+ exec /sbin/mingetty \$@
+fi
+exec sleep infinity
+EOF
+ chmod 755 $container_rootfs/sbin/maygetty
+
# start a getty on /dev/console, /dev/tty[1-4]
if [ $container_release_major = "4" -o $container_release_major = "5" ]; then
sed -i 's|mingetty|mingetty --nohangup|' $container_rootfs/etc/inittab
- sed -i '/1:2345:respawn/i cns:2345:respawn:/sbin/mingetty --nohangup --noclear console' $container_rootfs/etc/inittab
+ sed -i '/1:2345:respawn/i cns:2345:respawn:/sbin/maygetty --nohangup --noclear console' $container_rootfs/etc/inittab
sed -i '/5:2345:respawn/d' $container_rootfs/etc/inittab
sed -i '/6:2345:respawn/d' $container_rootfs/etc/inittab
fi
start on stopped rc RUNLEVEL=[2345]
stop on runlevel [!2345]
+env container
respawn
-exec /sbin/mingetty --nohangup --noclear /dev/console
+exec /sbin/maygetty --nohangup --noclear /dev/console
EOF
fi
# start with a clean /var/log/messages
rm -f $container_rootfs/var/log/messages
- # add oracle user, set root password
+ # set initial timezone as on host
+ if [ -f /etc/sysconfig/clock ]; then
+ . /etc/sysconfig/clock
+ if [ $container_release_major = "5" -o $container_release_major = "6" ]; then
+ echo ZONE=$ZONE > $container_rootfs/etc/sysconfig/clock
+ chroot $container_rootfs tzdata-update
+ else
+ ZONE="${ZONE// /_}"
+ chroot $container_rootfs ln -sf ../usr/share/zoneinfo/$ZONE /etc/localtime
+ fi
+ else
+ ZONE=`readlink /etc/localtime | sed -s "s/\.\.\/usr\/share\/zoneinfo\///g"`
+ if [ "$ZONE" ]; then
+ if [ $container_release_major = "5" -o $container_release_major = "6" ]; then
+ echo ZONE=$ZONE > $container_rootfs/etc/sysconfig/clock
+ chroot $container_rootfs tzdata-update
+ else
+ # if /etc/localtime is a symlink, this should preserve it.
+ cp -a /etc/localtime $container_rootfs/etc/localtime
+ fi
+ else
+ echo "Timezone in container is not configured. Adjust it manually."
+ fi
+ fi
+
+ # add oracle user
chroot $container_rootfs useradd -m -s /bin/bash oracle
- echo "oracle:oracle" | chroot $container_rootfs chpasswd
- echo "root:root" | chroot $container_rootfs chpasswd
- printf "Added container user:\033[1moracle\033[0m password:\033[1moracle\033[0m\n"
- printf "Added container user:\033[1mroot\033[0m password:\033[1mroot\033[0m\n"
+ printf "Added container user:\033[1moracle\033[0m\n"
+ printf "Added container user:\033[1mroot\033[0m\n"
}
# create the container's lxc config file
echo "lxc.include = @LXCTEMPLATECONFIG@/oracle.common.conf" >> $cfg_dir/config
fi
- # generate a hwaddr for the container with a high mac address
- # see http://sourceforge.net/tracker/?func=detail&aid=3411497&group_id=163076&atid=826303
- local hwaddr="fe:`dd if=/dev/urandom bs=8 count=1 2>/dev/null |od -t x8 | \
- head -n 1 |awk '{print $2}' | cut -c1-10 |\
- sed 's/\(..\)/\1:/g; s/.$//'`"
cat <<EOF >> $cfg_dir/config || die "unable to create $cfg_dir/config"
# Container configuration for Oracle Linux $container_release_major.$container_release_minor
lxc.arch = $arch
echo "lxc.cap.drop = setfcap setpcap" >>$cfg_dir/config
fi
- # don't create kmsg symlink as it causes journald to use 100% cpu
- if [ $container_release_major = "7" ]; then
- echo "lxc.autodev = 1" >>$cfg_dir/config
- echo "lxc.kmsg = 0" >>$cfg_dir/config
+ echo "# Networking" >>$cfg_dir/config
+ # see if the default network settings were already specified
+ lxc_network_type=`grep '^lxc.net.0.type' $cfg_dir/config | awk -F'[= \t]+' '{ print $2 }'`
+ if [ -z "$lxc_network_type" ]; then
+ echo "lxc.net.0.type = veth" >>$cfg_dir/config
+ lxc_network_type=veth
fi
- echo "# Networking" >>$cfg_dir/config
- # see if the network settings were already specified
- lxc_network_type=`grep '^lxc.network.type' $cfg_dir/config | awk -F'[= \t]+' '{ print $2 }'`
- if [ -z "$lxc_network_type" -a \
- \( $host_distribution = "OracleServer" -o \
- $host_distribution = "Fedora" \) ]; then
- echo "lxc.network.type = veth" >>$cfg_dir/config
- echo "lxc.network.flags = up" >>$cfg_dir/config
- echo "lxc.network.link = virbr0" >>$cfg_dir/config
+ lxc_network_link=`grep '^lxc.net.0.link' $cfg_dir/config | awk -F'[= \t]+' '{ print $2 }'`
+ if [ -z "$lxc_network_link" ]; then
+ echo "lxc.net.0.link = lxcbr0" >>$cfg_dir/config
+ lxc_network_link=lxcbr0
+ fi
+
+ lxc_network_hwaddr=`grep '^lxc.net.0.hwaddr' $cfg_dir/config | awk -F'[= \t]+' '{ print $2 }'`
+ if [ -z "$lxc_network_hwaddr" ]; then
+ # generate a hwaddr for the container
+ # see http://sourceforge.net/tracker/?func=detail&aid=3411497&group_id=163076&atid=826303
+ local hwaddr="00:16:3e:`dd if=/dev/urandom bs=8 count=1 2>/dev/null |od -t x8 | \
+ head -n1 | awk '{print $2}' | cut -c1-6 | \
+ sed 's/\(..\)/\1:/g; s/.$//'`"
+ echo "lxc.net.0.hwaddr = $hwaddr" >>$cfg_dir/config
+ fi
+
+ lxc_network_flags=`grep '^lxc.net.0.flags' $cfg_dir/config | awk -F'[= \t]+' '{ print $2 }'`
+ if [ -z "$lxc_network_flags" ]; then
+ echo "lxc.net.0.flags = up" >>$cfg_dir/config
fi
cat <<EOF >> $cfg_dir/config || die "unable to create $cfg_dir/config"
-lxc.network.name = eth0
-lxc.network.mtu = 1500
-lxc.network.hwaddr = $hwaddr
+lxc.net.0.name = eth0
+lxc.net.0.mtu = 1500
EOF
}
fi
done
- mkdir -p @LOCALSTATEDIR@/lock/subsys/lxc
+ mkdir -p @LOCALSTATEDIR@/lock/subsys
(
flock -x 9
if [ $? -ne 0 ]; then
# disable all repos, then enable the repo for the version we are installing.
if [ $container_release_minor = "latest" ]; then
repo=$latest_L""$container_release_major"_"$container_release_minor
- elif [ $container_release_major = "6" -o $container_release_major = "7" ]; then
+ elif [ $container_release_major = "7" ]; then
+ repo="ol"$container_release_major"_u"$container_release_minor"_base"
+ elif [ $container_release_major = "6" ]; then
if [ $container_release_minor = "0" ]; then
repo="ol"$container_release_major"_ga_base"
else