Re: [Lxc-users] On clean reboot of Ubuntu 10.04 containers

[Trent W. Buck]

t...@cybersource.com.au (Trent W. Buck)
writes:

> I might revise that opinion after trying to handle rebooting manually --
> particularly since I've decided to administratively prohibit sys_admin
> inside containers.

OK, so I got it working.  The sticking points are:

    - I *MUST* drop CAP_SYS_ADMIN or otherwise prevent mountall from
      mounting a tmpfs on /var/run/.

    - I *MUST NOT* drop CAP_KILL, or the shutdown script silently fails
      to stop rsyslogd, and lxc-start waits forever for the pid count to
      go from 2 to 1.

    - I *MUST* have the workaround upstart job /etc/init/lxc.conf delete
      everything from /var/run on startup.  At the very least, it's
      critical to delete ifstate, otherwise upstart waits forever for
      the network stack to come up.

After doing these things, "reboot" and "halt" DTRT within the Ubuntu
10.04 container (with lxc 0.7.2 and Ubuntu 10.04 in the dom0).

Actual patch follows.  Thanks to all correspondents for encouraging me
to do it this way, I think it's better than what I had.


commit 72c5eae15f53c85d93de5d16c703599a6cccc51d
Author: root <r...@omega.cybersource.com.au>
Date:   Tue Dec 7 14:31:12 2010 +1100

    Do what lxc wants, not what upstart wants, re /var/run/utmp.

diff --git a/lxc/lxc-create b/lxc/lxc-create
index dcdead6..39ae192 100755
--- a/lxc/lxc-create
+++ b/lxc/lxc-create
@@ -83,7 +83,8 @@ bad_caps=(
     # setuid                                 # rsyslog
     # sys_chroot                             # openssh-server
     # fowner dac_override dac_read_search    # lots of things (like root_squash)
-    audit_control audit_write fsetid ipc_lock ipc_owner kill lease
+    # kill                                   # needed by default to stop rsyslogd/slapd
+    audit_control audit_write fsetid ipc_lock ipc_owner lease
     linux_immutable mac_admin mac_override mknod setfcap setpcap
     sys_admin sys_boot sys_module sys_nice sys_pacct sys_ptrace
     sys_rawio sys_resource sys_time sys_tty_config )
@@ -141,32 +142,18 @@ then
 		description "LXC vs. Upstart workarounds"
 		start on startup
 		task
+		console output
 		script
-		 rm -f /forcereboot /forcehalt /forcepoweroff
+		 # As lxc 0.7's halt/reboot detection hack needs /var/run to NOT be a
+		 # tmpfs, we need to manually clean it -- esp. the ifstate file that
+		 # tells falsely tells ifupdown "lo is up".
+		 find /var/run/ -xdev -not -not -path /var/run/ -print -delete
 		 initctl emit -n stopped JOB=udevtrigger
 		 initctl emit -n started JOB=udev
 		 # This one is needed for broken ifupdown NMU 0.6.8ubuntu29.1
 		 initctl emit -n net-device-up IFACE=lo LOGICAL=lo ADDRFAM=inet METHOD=loopback
 		end script
 		EOF
-        # Use a dirty trick to signal to LXC that it's time to stop the
-        # container.  Rebooting isn't supported, so just treat it like
-        # halt for now.  We do this because lxc's own trick (monitoring
-        # /var/run/utmp) doesn't work if /var/run is a tmpfs, and upstart
-        # REALLY wants a tmpfs on /var/run.
-        chroot $template_dir dpkg-divert --quiet --rename /sbin/reboot
-        chroot $template_dir tee >/dev/null /sbin/reboot <<-EOF
-		#!/bin/bash
-		while getopts nwdfiph opt
-		do [[ f = \$opt ]] && exec kill -SEGV 1
-		done
-		[[ '-w' = "\$*" ]] || # /etc/init.d/umountnfs.sh ALWAYS calls halt -w.
-		touch "/force\${0##*/}"
-		exec -a "$0" "\$0.distrib" "\$@"
-		EOF
-        chroot $template_dir chmod +x /sbin/reboot
-        chroot $template_dir ln -s reboot.distrib /sbin/halt.distrib
-        chroot $template_dir ln -s reboot.distrib /sbin/poweroff.distrib
         # Avoid some noise when shutdown tries to "umount -a" and "swapoff -a".
         #
         # FIXME FIXME FIXME: if you set these to false, you can see that
@@ -251,7 +238,8 @@ then
 		#lxc.mount.entry = none $template_dir/sys/kernel/security securityfs defaults
 		lxc.mount.entry  = none $template_dir/tmp tmpfs defaults
 		lxc.mount.entry  = none $template_dir/var/lock tmpfs nodev,noexec,nosuid,size=8m
-		lxc.mount.entry  = none $template_dir/var/run tmpfs mode=0755,nosuid,size=8m
+		# This mount would break lxc-start's halt/reboot autodetection (in lxc 0.7.x).
+		#lxc.mount.entry  = none $template_dir/var/run tmpfs mode=0755,nosuid,size=8m
 
 		# Provides the apt mirror.
 		lxc.mount.entry  = /srv/mirror $template_dir/srv/mirror none bind,ro
@@ -269,11 +257,11 @@ then
 
         # Apply security updates.
         chroot $template_dir tee >/dev/null /etc/dhcp3/dhclient-exit-hooks.d/lxc-postinst <<-EOF
-		exec >/dev/console 2>&1 </dev/null
 		case \$reason in
 		        BOUND|RENEW|REBIND|REBOOT) :;;
 		        *) return;;
 		esac
+		exec >/dev/console 2>&1 </dev/null
 		export DEBIAN_FRONTEND=noninteractive # DEBCONF_PRIORITY=critical
 		${http_proxy+ export http_proxy=$http_proxy }
 		dpkg --configure -a
@@ -294,8 +282,7 @@ then
 		exec halt
 		set +x
 		EOF
-        lxc-start -n $template_nom -f /etc/lxc/$template_nom.conf -s lxc.console=/dev/stderr || [[ 11 = $? ]]
-        chroot $template_dir rm -f /forcehalt /forcereboot
+        lxc-start -n $template_nom -f /etc/lxc/$template_nom.conf -s lxc.console=/dev/stderr
         tar -c ~root/.ssh ~cyber/.ssh |
         chroot $template_dir tar -xv
         ## From upstream's lxc-ubuntu script.  Is it necessary?

------------------------------------------------------------------------------
What happens now with your Lotus Notes apps - do you make another costly 
upgrade, or settle for being marooned without product support? Time to move
off Lotus Notes and onto the cloud with Force.com, apps are easier to build,
use, and manage than apps on traditional platforms. Sign up for the Lotus 
Notes Migration Kit to learn more. http://p.sf.net/sfu/salesforce-d2d
_______________________________________________
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users