Homepage: http://lxc.sourceforge.net/ License: LGPLv3 LinuX Containers is a mainline-powered shared-kernel virtualisation technology (aimed to be ;)) similar to OpenVZ, VServer or Solaris Zones. This is low-level userspace utilities for LXC.
Created attachment 207712 [details] 0.6.3 version ebuild Tested only on amd64, so there is only this keyword.
Created attachment 207713 [details] metadata for the package
Created attachment 207714 [details] patch for usable documentaion generation man's require docbook-sgml-utils installed, which is not very light, so I preffer to isolate them with USE flag. This require fixing configure.ac automagical sgml detection.
Created attachment 207733 [details] Ebuild with fixed RDEPEND Err, sorry, noticed at last moment - of cource, sgml-utils should not be containted into RDEPEND. Separated. And, just to be clear: depend on linux-headers required to compile, as far as I could see, version specified just because 2.6.29 is first kernel that don't need any patches. Implicit check over kernel version, IMO, is not needed, as any kernel before 2.6.29 will not pass CONFIG_* checks.
@Tiziano As already have an ebuild for it in your overlay and Diego is happy, I will assign the bug to you. Please add the ebuild to the tree.
Created attachment 208155 [details] Merged ebuild with mainline one This is a merged ebuild with mainline one. Difference is in: 1) additional information about kernel options 2) doc flag ( README, which was forgoten in previous ebuild, contains copy of lxc(1) ) 3) static-libs flag
Created attachment 208660 [details, diff] lxc-fix-automagic patch for current git. sent to upstream
Created attachment 208661 [details] app-admin/lxc-9999 live version 0.6.3 version rather unusable, so here comes live version, which is much more powerfull. It still containts one patch, but I've sent it to upstream, and, with any hope, it'll be applied.
I've added Diego as CC, as it was him, who commited ebuild into tree, so, I suppose, not he is responsible for this package. Maybe bug should be reassigned
Definitely not going to commit any live ebuild to the tree, I might find time to look about snapshotting in the weekend, but if you think 0.6.3 is not good enough you definitely should bring that up with Upstream.
Ok, as you say. If you'll look at snapshotting - commit b9f94fc1e8afdf814ee72cb01a5d298dfa4a7d75 is a good way to start (imho). I'm currently using it, and I don't seen any problems yet. I'll post any changes to live ebuild still, just to keep actual version on bugzilla if anyone will need it.
Created attachment 208893 [details] app-admin/lxc-9999 static-libs now unneeded and generating QA warnings, removed. Multi-pts info added
Created attachment 209000 [details, diff] files/9999-extra/0001-add-capabilities-support.patch This patch allows to set capabilities into config file. Defaults mostly taken from vzctl code (in syntax of cap_to_text): =ep cap_net_admin,cap_sys_module,cap_sys_rawio,cap_sys_pacct,cap_sys_boot,cap_sys_time,cap_audit_write,cap_audit_control,cap_setfcap-ep Syntax in config file is: lxc.capability.<capability name without initial cap_, lowercase> = on|off i.e. lxc.capability.sys_admin = off will turn CAP_SYS_ADMIN off, efficiently making your container unusable (can't mount /proc) ;) Rather hacky and dirty, but do it's work (i'm not a c-programmer, anyway =)) Enabled by 'extra' USE-flag. Not yet sent to upstream (maybe i/someone will find better implementation)
Created attachment 209001 [details, diff] files/9999-extra/0002-add-config-include.patch This patch adds config.include = <file to include (relative to current workdir, so use absolute pathes)> Also fast and dirty, must be rewritten to be relative to main config's dir, as other path-options do (fstab, rootfs). Recursion and other nasty things are not catched, so be carefull, but it is extreemly usefull for 'common configs', like allowed devices list, other cgroup configurations and capabilities. Also, included by 'extra' USE-flag
Created attachment 209003 [details] lxc-9999.ebuild with 'extra' USE-flag Ebuild with 'extra' USE-flag on 9999 patches
Created attachment 209005 [details] metadata.xml with 'extra' USE-flag description
I'd sincerely consider this fixed. A new snapshot might be requested separately (although asking for a new upstream release would be better), your 9999/extra ebuild should probably be maintained in an overlay, tree is definitely not the place for that.
Heh, it's already in overlay, which i'm using (http://git.niifaq.ru/portage-niifaq/). But it has no layman record and I not plan to add it, so it's not very 'public'. sunrise will not accept not mantainer-wanted ebuilds (anyway, this will not accept hacks like this patches), so, bugzilla looks like only true place to keep them public, until they will be mature enough to be sent to upstream. Other overlays should be considered as [necessary] evil =). I'll continue to post any changes here, if you are not against, anyone who don't interested may un-CC (bug, probably, should be un-assigned in that case) Efficiently, bugzilla is also overlay with bugzilla:// protocol =)
http://git.niifaq.ru/portage-niifaq/tree/app-admin/lxc/files/lxc.initd LXC init.d work-in-middle. It mostly works, but needs some hooks for start procedure (I'll produce two for sysvinit), so now it's completely unsync on start (we can't use lxc-wait as it isn't multi-threaded, blocking socket. Maybe it should (actually, it _should_ be patched, I'll look into it some days later, I hope)) be patched, but now we need some hacks/workarounds) (anyway, lxc-wait will give us only init-started sync) Currently if you will start and then rapidly stop, stop will print many garbage and will unconditionally force-stop container. That's because start init-boot stage unsynced and stop procedure catches double 'init boot', which is not predicted. I'll post complete version some time later (days), as it will be complete. If anyone interested, any testing welcome. Eh, and yes, Diego, you hand't commented my additions for your in-tree ebuild. This is rejected? Maybe bug should be keeped in some open way, so users may easily find it...
Created attachment 209180 [details] files/lxc.initd This not just a simple init.d script: this is collection of hacks and workarounds about some incapables of lxc =). Tested on three containers on 16-cored machine. Seems to work, further testing required. TODO list: 1) conf.d with comments and examples of hooks for manual-forged /sbin/init's 2) lxc-monitor should be patched to allow it run in client-server daemon mode, locking socket and receiving connects from lxc-wait's (this should be also patched). This will remove some especially nasty hacks. 3) Try to find some way to execute commands inside container, except SIGINT and rewriting inittab. This will remove second part of most-nasty-hacks. 4) Good idea, to make script capable for both batch threaded running with explicit container run procedure via symlink lxc.<container_name>. This should be useful if order of starting is important. ...) network configuration could be extended to support simple routes. It will take most cases, allowing net_admin to be dropped for most of containers (actually, nothing more that over-paranoia, there is, imho, only few capabilities that affect shared resources - sys_time and sys_module, so far). !) rewrite capabilities code and sent upstream, extend include code and sent upstream
Created attachment 209181 [details] lxc-9999.ebuild with initd handling
Created attachment 209206 [details] lxc-9999.ebuild Automagic patch applied by upstream, removing
Created attachment 209207 [details] files/lxc.init.d Couple of fixes: 1) LXC_PARALLEL not specify exactly maximum number of concurrent threads, not max-1, as previous 2) Added second lxc_get_single_init call (redundant in most cases) to init some time, it takes less that sleep 1, but seems to be sufficient to catch boot phase and wait for it's end.
Created attachment 209739 [details, diff] files/lxc-9999-fix-ipv6-addrs.patch patch for fixing /0 prefix in configured ipv6 addrs. Sent to upstream.
Created attachment 209742 [details] files/lxc.initd This init.d allows more precise container boot sequence control via ln -s /etc/init.d/lxc /etc/init.d/lxc.<container.name> So you may first specify a few containers that should be started first, and that run the rest ones in parallel. But beware, that at least veth when linked into bridge is inaccessible for a few seconds, so, if your containers are net-depended from each other, provide a script into container's runlevel which would wait until ping for some static route would be accessible. Also consider changing LXC_TIMEOUT value. Configuration values could be specified, for 'single mode' starts, both in /etc/conf.d/lxc and /etc/conf.d/lxc.<container.name>, but /etc/init.d/lxc currently loads after /etc/conf.d/lxc.<container.name>, so, if you want to change some global value into /etc/conf.d/lxc, but still remain able to control it via /etc/conf.d/lxc.<container name>, use : ${VAR_NAME:=VALUE} syntax into /etc/conf.d/lxc
Created attachment 209744 [details] lxc-9999.ebuild Ebuild with patch for ipv6
Created attachment 210659 [details, diff] files/9999-extra/0001-add-config-include.patch Updated config.include patch for current git. Now it's checking if path is relative and, if it is, prepends LXCPATH before it.
Created attachment 210661 [details, diff] files/9999-extra/0002-add-variables.patch This adds variables into config, currently only three vars supported: ${var.lxcpath} == LXCPATH ${lxc.rootfs} == whatever you have pointed lxc.rootfs (should be defined before use) ${lxc.name} == container's name This vars are also resolved into fstab files (thus specified into lxc.mount = ) Syntax is $varname<spacing requried!> or ${varname} - second is preffered. This patch also adds multi-fstab support, i.e. you may specify several lxc.mount = /some/path entries and lxc will process them all in specified order Very useful with config.include, as you may extract all common mounts (/usr/portage, for example) in common fstab, using ${lxc.rootfs} (fstabs are processed always after config).
Created attachment 210662 [details, diff] files/9999-extra/0003-add-capabilities.patch Capabilities patch, updated for current git. Syntax changes - as there is limitation of only dropping capabilities on|off values are changed to keep|drop.
Created attachment 210664 [details] files/lxc.initd This is updated init.d for new LXCPATH value and with added LXC_CONFIG_PATH variable.
Created attachment 210665 [details] lxc-9999.ebuild Finally ebuild with all this changes. There is no need for 'normal' patches on git, only extra patches. Also default LXCPATH changed to /etc/lxc with newly introduced configure option --with-config-path=