Package: lxc
Version: 1:1.0.6-6+deb8u2
Severity: important
Tags: newcomer patch
Dear Maintainer,
* What led up to the situation?
While developing the LXC appliance for TurnKey GNU/Linux which is based on
Debian Jessie, I discovered problems when trying to create containers using
Ansible's lxc_container module. Specifically, Ansible was refusing to create a
container because the lock file /var/lock/subsys/lxc was always set.
* What exactly did you do (or not do) that was effective (or
ineffective)?
Investigation showed that the lock file was being set whenever the lxc service
was started and remained set as long as it was running. 'service lxc stop'
would lear the lock file.
In all the versions of LXC that I've examined, in
lxc/config/init/common/lxc-containers.in the lock is applied just before the
containers are started, and removed at the end of the start sequence.
case "$1" in
start)
[ "x$LXC_AUTO" = "xtrue" ] || { exit 0; }
[ ! -f "$lockdir"/lxc ] || { exit 0; }
if [ -n "$BOOTGROUPS" ]; then
BOOTGROUPS="-g $BOOTGROUPS"
fi
touch "$lockdir"/lxc
# Start containers
wait_for_bridge
# Start autoboot containers first then the NULL group "onboot,".
"$bindir"/lxc-autostart $OPTIONS $BOOTGROUPS
rm -f "$lockdir"/lxc
;;
In the init scripts supplied by the Debian package, the lock is applied at the
end of the start sequence and removed at the end of the stop sequence.
I moved the lines setting and clearing the lock in /etc/init.d/lxc to the
corresponding locations.
case "$1" in
start)
[ ! -f "$localstatedir"/lock/subsys/lxc ] || { exit 0; }
if [ -n "$BOOTGROUPS" ]
then
BOOTGROUPS="-g $BOOTGROUPS"
fi
touch "$localstatedir"/lock/subsys/lxc
# Start containers
wait_for_bridge
# Start autoboot containers first then the NULL group "onboot,".
log_daemon_msg "Starting LXC autoboot containers: "
"$bindir"/lxc-autostart $OPTIONS $BOOTGROUPS
rm -f "$localstatedir"/lock/subsys/lxc
;;
I then had to make the corresponding changes to the systemd file,
/usr/lib/x86_64-linux-gnu/lxc/lxc-autostart-helper and run 'systemctl
daemon-reload'.
* What was the outcome of this action?
The result was that now the lock file is set before the containers are started
and cleared at the end of the start sequence.
* What outcome did you expect instead?
The resulting behavior is what I believe was intended by the upsteam developers
and Ansible is now able to create and manage containers.
* Patch
The following patch will implement the proposed changes.
diff --git a/init.d/lxc b/init.d/lxc
index 54e5dc2..d067e4b 100755
--- a/init.d/lxc
+++ b/init.d/lxc
@@ -104,12 +104,13 @@ case "$1" in
BOOTGROUPS="-g $BOOTGROUPS"
fi
+ touch "$localstatedir"/lock/subsys/lxc
# Start containers
wait_for_bridge
# Start autoboot containers first then the NULL group "onboot,".
log_daemon_msg "Starting LXC autoboot containers: "
"$bindir"/lxc-autostart $OPTIONS $BOOTGROUPS
- touch "$localstatedir"/lock/subsys/lxc
+ rm -f "$localstatedir"/lock/subsys/lxc
;;
stop)
if [ -n "$SHUTDOWNDELAY" ]
@@ -122,7 +123,6 @@ case "$1" in
# parallelized... Even 5 second timout may be too long.
log_daemon_msg "Stopping LXC containers: "
"$bindir"/lxc-autostart $STOPOPTS $SHUTDOWNDELAY
- rm -f "$localstatedir"/lock/subsys/lxc
;;
restart|reload|force-reload)
$0 stop
-- System Information:
Debian Release: 8.2
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=C (charmap=ANSI_X3.4-1968) (ignored: LC_ALL
set to C)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages lxc depends on:
ii init-system-helpers 1.22
ii libapparmor1 2.9.0-3
ii libc6 2.19-18+deb8u1
ii libcap2 1:2.24-8
ii libseccomp2 2.1.1-1
ii libselinux1 2.3-2
ii multiarch-support 2.19-18+deb8u1
ii python3 3.4.2-2
Versions of packages lxc recommends:
ii debootstrap 1.0.67
ii openssl 1.0.1k-3+deb8u2
ii rsync 3.1.1-3
Versions of packages lxc suggests:
pn lua5.2 <none>
-- Configuration Files:
/etc/init.d/lxc changed:
sysconfdir="/etc"
bindir="/usr/bin"
localstatedir="/var"
BOOTGROUPS="onboot,"
SHUTDOWNDELAY=5
OPTIONS=
STOPOPTS="-a -s"
test ! -r /lib/lsb/init-functions ||
. /lib/lsb/init-functions
test ! -r "$sysconfdir"/sysconfig/lxc ||
. "$sysconfdir"/sysconfig/lxc
[ -x "$bindir"/lxc-autostart ] || exit 1
wait_for_bridge()
{
[ -f "$sysconfdir"/lxc/default.conf ] || { return 0; }
which ifconfig >/dev/null 2>&1
if [ $? = 0 ]; then
cmd="ifconfig -a"
else
which ip >/dev/null 2>&1
if [ $? = 0 ]; then
cmd="ip link list"
fi
fi
[ -n cmd ] || { return 0; }
BRNAME=`grep '^[ ]*lxc.network.link' "$sysconfdir"/lxc/default.conf |
sed 's/^.*=[ ]*//'`
if [ -z "$BRNAME" ]; then
return 0
fi
for try in `seq 1 30`; do
eval $cmd |grep "^$BRNAME" >/dev/null 2>&1
if [ $? = 0 ]; then
return
fi
sleep 1
done
}
mkdir -p /var/lock/subsys
case "$1" in
start)
[ ! -f "$localstatedir"/lock/subsys/lxc ] || { exit 0; }
if [ -n "$BOOTGROUPS" ]
then
BOOTGROUPS="-g $BOOTGROUPS"
fi
touch "$localstatedir"/lock/subsys/lxc
# Start containers
wait_for_bridge
# Start autoboot containers first then the NULL group "onboot,".
log_daemon_msg "Starting LXC autoboot containers: "
"$bindir"/lxc-autostart $OPTIONS $BOOTGROUPS
rm -f "$localstatedir"/lock/subsys/lxc
;;
stop)
if [ -n "$SHUTDOWNDELAY" ]
then
SHUTDOWNDELAY="-t $SHUTDOWNDELAY"
fi
# The stop is serialized and can take excessive time. We need to avoid
# delaying the system shutdown / reboot as much as we can since it's not
# parallelized... Even 5 second timout may be too long.
log_daemon_msg "Stopping LXC containers: "
"$bindir"/lxc-autostart $STOPOPTS $SHUTDOWNDELAY
;;
restart|reload|force-reload)
$0 stop
$0 start
;;
*)
echo "Usage: $0 {start|stop|restart|reload|force-reload}"
exit 2
esac
exit $?
/etc/lxc/default.conf changed:
lxc.include = /etc/lxc/natbridge.conf
-- no debconf information
