Philip, Just would like to let you know that the most recent Suse Enterprise Linux (a.k.a. SLES) v11 SP3 does indeed support LXC. Because i wanted to run SLES and Ubuntu containers on the same host i invested some spare time to get SLES containers running on a Ubuntu host. It cost me a couple of hours to create a working template for a SLES container on Ubuntu 12.04, and eventually i got it working and I'm now successfully running enterprise stuff (eDirectory/Identity Manager) in SLES containers on Ubuntu .... Totally unsupported of course, but good enough for my test environment and it was a fun exercise to get to know LXC a little bit better ...
I think this hack will work for other distros as well, but it might be pretty tricky when the hosts kernel version differs (a lot) from the SLES kernel. (a.t.m the SLES11 sp3 kernel version is "3.0.101", Ubuntu 12.04 is 3.2.0 ). Until now i got no complaints from the SLES containers though. To get a SLES11 container running on Ubuntu 12.04 you need to take the following steps: - install lxc and create a dummy container on a SLES host and copy the /var/cache/lxc/sles directory over to the same location on your (Ubuntu) host. - copy the attached lxc template (lxc-sles) to /usr/lib/lxc/templates/ and edit it to your liking (insert ssh keys, bind mounts, and credentials for online updates) - create a new sles container:/lxc-create -n slestest -t sles/ - run the container, login and use Yast2 to setup the network. (or use dhcp) Regards, Remco. On 04/05/14 20:55, CDR wrote: > I did the same for Debian, created a container in Debian transported > it to the Fedora Host. Then I installed an Ubuntu server and > transported Fedora 20 and Debian containers. > My client uses the paid version of Suse, called Suse Enterprise.Linux. > Do you know if they support LXC containers? I am about to decide what > host to use for LXC. > The kernel is identical between Fedora 20 and Ubuntu Server. How is it > with Suse Enterprise Linux? > What is your take on this? > Philip > > On Sun, May 4, 2014 at 2:09 PM, Michael H. Warfield <[email protected]> wrote: >> On Sun, 2014-05-04 at 11:21 -0400, CDR wrote: >>> Does anybody have any idea how to install an LXC container for opensuse? >> Yes. >> >> On what host? An OpenSuse host, Ubuntu host, or Fedora/CentOS host. >> >> If you are doing anything other than OpenSuse on OpenSuse, you're going >> to have a problem bootstrapping your first container thanks to their >> requirement of zypper in the template. I bootstrapped mine setup for >> OpenSuse by booting a machine with OpenSuse and installing LXC on it, >> then creating an OpenSuse container which can then be transported over >> to the target host (Fedora 20). That first first container can then be >> used to create new container images. >> >> Last time I exchanged E-Mail with the OpenSuse guys about building >> OpenSuse containers on non-OpenSuse hosts, their response was on the >> order of "why would anybody want to do that" and "I don't think that >> will work" and "No I don't think you can build it without using zypper >> even if it has rpm and yum". >> >> I was going to experiment with it using one of their run-live images as >> a bootstrap core to run the container build from but never got around to >> it. >> >>> Philip >> Regards, >> Mike >> -- >> Michael H. Warfield (AI4NB) | (770) 978-7061 | [email protected] >> /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ >> NIC whois: MHW9 | An optimist believes we live in the best of all >> PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it! >> >> >> _______________________________________________ >> lxc-users mailing list >> [email protected] >> http://lists.linuxcontainers.org/listinfo/lxc-users > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users -- Remco Rohde, Consultant Donald Smits Center for Information Technology University of Groningen Nettelbosje 1 9747 AJ Groningen The Netherlands [email protected] <mailto:[email protected]> http://www.rug.nl/cit
#!/bin/bash # # template script for generating a SLES11 container for LXC # # # lxc: linux Container library # Authors: # Daniel Lezcano <[email protected]> # Frederic Crozat <[email protected]> # Adapted for SLES11 by Remco Rohde <[email protected]> # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA configure_sles() { rootfs=$1 hostname=$2 rootpw=$3 # set network as static, but everything is done by LXC outside the container cat <<EOF > $rootfs/etc/sysconfig/network/ifcfg-eth0 STARTMODE='auto' BOOTPROTO='none' EOF # create empty fstab touch $rootfs/etc/fstab ln -s -f /proc/self/mounts $rootfs/etc/mtab # create minimal /dev mknod -m 666 $rootfs/dev/random c 1 8 mknod -m 666 $rootfs/dev/urandom c 1 9 mkdir -m 755 $rootfs/dev/pts mkdir -m 1777 $rootfs/dev/shm mknod -m 666 $rootfs/dev/tty c 5 0 mknod -m 600 $rootfs/dev/console c 5 1 mknod -m 666 $rootfs/dev/tty0 c 4 0 mknod -m 666 $rootfs/dev/tty1 c 4 1 mknod -m 666 $rootfs/dev/tty2 c 4 2 mknod -m 666 $rootfs/dev/tty3 c 4 3 mknod -m 666 $rootfs/dev/tty4 c 4 4 ln -s null $rootfs/dev/tty10 mknod -m 666 $rootfs/dev/full c 1 7 mknod -m 666 $rootfs/dev/ptmx c 5 2 ln -s /proc/self/fd $rootfs/dev/fd ln -s /proc/kcore $rootfs/dev/core mkdir -m 755 $rootfs/dev/net mknod -m 666 $rootfs/dev/net/tun c 10 200 # set the hostname cat <<EOF > $rootfs/etc/HOSTNAME $hostname EOF # ensure /etc/hostname is available too ln -s -f HOSTNAME $rootfs/etc/hostname # do not use hostname from HOSTNAME variable cat <<EOF >> $rootfs/etc/sysconfig/cron unset HOSTNAME EOF # set minimal hosts cat <<EOF > $rootfs/etc/hosts 127.0.0.1 localhost $hostname EOF cat <<EOF > $rootfs/etc/sysconfig/network/routes default 192.168.0.251 - - EOF cat <<EOF > $rootfs/etc/resolv.conf search test.ln nameserver 192.168.0.1 nameserver 192.168.0.1 EOF # disable various services # disable yast->bootloader in container cat <<EOF > $rootfs/etc/sysconfig/bootloader LOADER_TYPE=none LOADER_LOCATION=none EOF # cut down inittab cat <<EOF > $rootfs/etc/inittab id:3:initdefault: si::bootwait:/etc/init.d/boot l0:0:wait:/etc/init.d/rc 0 l1:1:wait:/etc/init.d/rc 1 l2:2:wait:/etc/init.d/rc 2 l3:3:wait:/etc/init.d/rc 3 l6:6:wait:/etc/init.d/rc 6 ls:S:wait:/etc/init.d/rc S ~~:S:respawn:/sbin/sulogin p6::ctrlaltdel:/sbin/init 6 p0::powerfail:/sbin/init 0 cons:2345:respawn:/sbin/mingetty --noclear console screen c1:2345:respawn:/sbin/mingetty --noclear tty1 screen EOF # set /dev/console as securetty cat << EOF >> $rootfs/etc/securetty console EOF cat <<EOF >> $rootfs/etc/sysconfig/boot # disable root fsck ROOTFS_FSCK="0" ROOTFS_BLKDEV="/dev/null" EOF # configure suseregister # uncomment the following lines, and copy the values for username/password from the host. # cat <<EOF > $rootfs/etc/zypp/credentials.d/NCCcredentials #username=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx #password=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx #EOF # remove pointless services in a container $rootfs/sbin/insserv -r -f -p $rootfs/etc/init.d boot.udev boot.udev_retry boot.md boot.lvm boot.loadmodules boot.device-mapper boot.clock boot.swap haldaemon boot.klog #set the random root password! echo "root:$rootpw" | chroot $rootfs chpasswd # insert ssh keys, uncomment the following lines and enter your own public keys, one per line. # mkdir -p $rootfs/root/.ssh # cat <<EOF > $rootfs/root/.ssh/authorized_keys #ssh-dss AAAAB3NzaC1kc3MAAAEBAMEvgFL5i1D+H8HtwxhYzc9pLyVTGDpbsi1K2zLYZpVVGy5APYlaB7UvNeBcqO/1VnYHYsA8LaeYZeyC1QnFlsaChg/lYfWTCAGN5JWgG2Of9FN0mK2AEfSpKzlWN2hEO1IKqplxTHfVjgzUlMpeIend3O1feZ0w78LlDmuUS7nvmYkiP/zTBhxWHRlyXg+PSnkHG7whABr2Ieqkt/9r367KgjCEHpU371p7/ZXIpmBpml3qPS1LJ/sqVZIg7r082ptUGRe69nvdMwblyz+lAnuUnyPlRye1Pv1ywIU3iZhyqvktqUANgm5QilCuFH8tKcWBPeMWWP4H/IwrjgehPXsAAAAVAKqY7j7usgKnDUyD2BZcBFN48FnDAAABAFjXI8W8e3Ws5DVZsuadNPqIcxB8EGDuQgpiFHD32XesJIpe6saa8s/UJwJyWw2padhT/5cle9c4YO2eOJgcHv4BNXBhepnrhL0+6Bt0DNgZQ3DcPYR93PtdJZMiNt7o2JDI7IsZgKgZIvgpLgSGmYqbD+gNTTH4Xxq2HiOS322axhDuz1OT8KvrGFhudgVxGclb3y0E/E9dzqqmWbcWkwn6q7N8tLjtfcPHFqXx2FNC63/Rp2pOP6AjbckizeLegjMhjYwk5hy6gE6ZfBTbCSYcx+ZSmZhrk/Wc0BaL+gMi4rR6qWzlDvBX5Fdh1JwBn0lRVexIvQySp1E8FetJN7AAAAEARl6tKEJqSedAnlAx8piKcimXvVetCk2hwCa8riB2rxXpZETvVNHsGqMfdgjY1nQB9cq2SwKVueUU2VvcCrmICktHK83emnLIDfPSRdlSkjD5+EgxbyCBt2oIPDVnD2Hb455n11zq04q2AHdUMufT2hGsbxuOKWBFeQoXfXv1OByjucMs/r7BcwsJwYlwuIaISyTXO7TNMl0lUcuFFwE1xgdFcMMCJosFCWW6ohb1P95eiD5HVZKucIFjQj0xb7CISMcfTJ4aMF6pLThKIlQ4AqCrTa/sVbpJlmRHeMI082Sli3MvnoQ7DDmTkswhpdZsIlSXRZQQNGkZL4MS/rW6BQ== remco@host #EOF # chmod 700 $rootfs/root/.ssh # chmod 600 $rootfs/root/.ssh/authorized_keys return 0 } download_sles() { cache=$1 arch=$2 echo "Downloading is illegal, go get ur own SLES, aborting." return 1 } copy_sles() { cache=$1 arch=$2 rootfs=$3 # make a local copy of the mini sles echo -n "Copying rootfs to $rootfs ..." mkdir -p $rootfs rsync -a $cache/rootfs-$arch/ $rootfs/ || return 1 return 0 } install_sles() { cache="/var/cache/lxc/sles" rootfs=$1 mkdir -p /var/lock/subsys/ ( flock -x 200 if [ $? -ne 0 ]; then echo "Cache repository is busy." return 1 fi arch=$(arch) echo "Checking cache download in $cache/rootfs-$arch ... " if [ ! -e "$cache/rootfs-$arch" ]; then download_sles $cache $arch if [ $? -ne 0 ]; then echo "Failed to download 'sles base'" return 1 fi fi echo "Copy $cache/rootfs-$arch to $rootfs ... " copy_sles $cache $arch $rootfs if [ $? -ne 0 ]; then echo "Failed to copy rootfs" return 1 fi return 0 ) 200>/var/lock/subsys/lxc return $? } copy_configuration() { config_path=$1 rootfs=$2 name=$3 rootpw=$4 # if there is exactly one veth network entry, make sure it has an # associated hwaddr. nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l` if [ $nics -eq 1 ]; then grep -q "^lxc.network.hwaddr" $path/config || cat <<EOF >> $path/config lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//') EOF fi cat <<EOF >> $config_path/$name/config lxc.utsname = $name lxc.tty = 4 lxc.pts = 1024 lxc.rootfs = $rootfs lxc.mount = $config_path/$name/fstab lxc.arch = $(arch) lxc.cap.drop = sys_module mac_admin lxc.pivotdir = lxc_putold #lxc.cgroup.memory.limit_in_bytes = 8096M # When using LXC with apparmor, uncomment the next line to run unconfined: #lxc.aa_profile = unconfined lxc.cgroup.devices.deny = a # /dev/null and zero lxc.cgroup.devices.allow = c 1:3 rwm lxc.cgroup.devices.allow = c 1:5 rwm # consoles lxc.cgroup.devices.allow = c 5:1 rwm lxc.cgroup.devices.allow = c 5:0 rwm lxc.cgroup.devices.allow = c 4:0 rwm lxc.cgroup.devices.allow = c 4:1 rwm # /dev/{,u}random lxc.cgroup.devices.allow = c 1:9 rwm lxc.cgroup.devices.allow = c 1:8 rwm lxc.cgroup.devices.allow = c 136:* rwm lxc.cgroup.devices.allow = c 5:2 rwm # rtc lxc.cgroup.devices.allow = c 254:0 rwm EOF # bind mounts to the host, edit! #mkdir -p $rootfs/media/public >/dev/null 2>&1 #mkdir -p $rootfs/media/cdimages >/dev/null 2>&1 cat <<EOF > $config_path/$name/fstab proc proc proc nodev,noexec,nosuid 0 0 sysfs sys sysfs defaults 0 0 #/export/public media/public none noatime,defaults,bind 0 0 #/export/cdimages media/cdimages none ro,noatime,defaults,bind 0 0 EOF # Put a copy of the fstab inside the container cp -f $config_path/$name/fstab $rootfs/etc/fstab cat <<EOF > $config_path/$name/rootpw # Please delete this file ! container root password = $rootpw EOF chmod 600 $config_path/$name/rootpw if [ $? -ne 0 ]; then echo "Failed to add configuration" return 1 fi return 0 } clean() { cache="/var/cache/lxc/sles" if [ ! -e $cache ]; then exit 0 fi # lock, so we won't purge while someone is creating a repository ( flock -x 200 if [ $? != 0 ]; then echo "Cache repository is busy." exit 1 fi echo -n "Purging the download cache... NOT!" #rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1 exit 0 ) 200>/var/lock/subsys/lxc } usage() { cat <<EOF $1 -h|--help -p|--path=<path> --clean EOF return 0 } options=$(getopt -o hp:n:c -l help,path:,name:,clean -- "$@") if [ $? -ne 0 ]; then usage $(basename $0) exit 1 fi eval set -- "$options" while true do case "$1" in -h|--help) usage $0 && exit 0;; -p|--path) path=$2; shift 2;; -n|--name) name=$2; shift 2;; -c|--clean) clean=$2; shift 2;; --) shift 1; break ;; *) break ;; esac done if [ ! -z "$clean" -a -z "$path" ]; then clean || exit 1 exit 0 fi #type zypper > /dev/null #if [ $? -ne 0 ]; then # echo "'zypper' command is missing" # exit 1 #fi type pwgen > /dev/null if [ $? -ne 0 ]; then echo "'pwgen' command is missing. (hint: apt-get install pwgen)" exit 1 fi if [ -z "$path" ]; then echo "'path' parameter is required" exit 1 fi if [ "$(id -u)" != "0" ]; then echo "This script should be run as 'root'" exit 1 fi rootfs=$path/rootfs config_path=/var/lib/lxc rootpw=`pwgen -cnsB1 16 1` install_sles $rootfs if [ $? -ne 0 ]; then echo "failed to install sles" exit 1 fi configure_sles $rootfs $name $rootpw if [ $? -ne 0 ]; then echo "failed to configure sles for a container" exit 1 fi copy_configuration $config_path $rootfs $name $rootpw if [ $? -ne 0 ]; then echo "failed write configuration file" exit 1 fi if [ ! -z $clean ]; then clean || exit 1 exit 0 fi
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
