init: Add upstart jobs and some more changes (v3)

This adds the 3 upstart jobs that we've had in Ubuntu for a while:
 - lxc.conf: Main upstart job, triggers lxc-net.conf based on config
 - lxc-instance.conf: Triggered by lxc.conf for each auto-started container
 - lxc-net.conf: Triggered by lxc.conf, sets up lxcbr0, NAT, mangling, ...

In addition, there are two extra config files in /etc/default:
 - lxc: Allows setting some values like http proxying, disabling autostart, ...
 - lxc-net: Network configuration for the lxcbr0 bridge

This change also disables the sysv script for all distros but Oracle as
the current script won't work on either Ubuntu nor Debian and I suspect
quite a few more distros, so it's not nearly as distro-agnostic as we
thought.

For Debian, only install the upstart jobs and systemd unit.
For Ubuntu, only install the upstart jobs.

This change also moves all the init related stuff to config/init/

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

config/Makefile.am

@@ -1 +1 @@
-SUBDIRS = etc templates
+SUBDIRS = etc init templates

config/init/Makefile.am

@@ -0,0 +1 @@
+SUBDIRS = systemd sysvinit upstart

config/init/systemd/Makefile.am

@@ -0,0 +1,26 @@
+EXTRA_DIST = \
+	lxc-devsetup \
+	lxc.service
+
+if INIT_SCRIPT_SYSTEMD
+if HAVE_DEBIAN
+SYSTEMD_UNIT_DIR = /lib/systemd/system
+else
+SYSTEMD_UNIT_DIR = /usr/lib/systemd/system
+endif
+install-systemd: lxc.service lxc-devsetup
+	$(MKDIR_P) $(DESTDIR)$(SYSTEMD_UNIT_DIR)
+	$(INSTALL_DATA) lxc.service $(DESTDIR)$(SYSTEMD_UNIT_DIR)/
+
+uninstall-systemd:
+	rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/lxc.service
+	rmdir $(DESTDIR)$(SYSTEMD_UNIT_DIR) || :
+pkglibexec_SCRIPTS = lxc-devsetup
+else
+install-systemd:
+uninstall-systemd:
+endif
+
+install-data-local: install-systemd
+
+uninstall-local: uninstall-systemd

config/init/sysvinit/Makefile.am

@@ -0,0 +1,18 @@
+EXTRA_DIST = lxc
+
+if INIT_SCRIPT_SYSV
+install-sysvinit: lxc
+	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/rc.d/init.d
+	$(INSTALL_SCRIPT) lxc $(DESTDIR)$(sysconfdir)/rc.d/init.d/lxc
+
+uninstall-sysvinit:
+	rm -f $(DESTDIR)$(sysconfdir)/rc.d/init.d/lxc
+	rmdir $(DESTDIR)$(sysconfdir)/rc.d/init.d || :
+else
+install-sysvinit:
+uninstall-sysvinit:
+endif
+
+install-data-local: install-sysvinit
+
+uninstall-local: uninstall-sysvinit

config/init/upstart/Makefile.am

@@ -0,0 +1,22 @@
+EXTRA_DIST = lxc.conf lxc-instance.conf lxc-net.conf
+
+if INIT_SCRIPT_UPSTART
+install-upstart: lxc.conf lxc-instance.conf lxc-net.conf
+	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/init/
+	$(INSTALL_DATA) lxc.conf $(DESTDIR)$(sysconfdir)/init/
+	$(INSTALL_DATA) lxc-instance.conf $(DESTDIR)$(sysconfdir)/init/
+	$(INSTALL_DATA) lxc-net.conf $(DESTDIR)$(sysconfdir)/init/
+
+uninstall-upstart:
+	rm -f $(DESTDIR)$(sysconfdir)/init/lxc.conf
+	rm -f $(DESTDIR)$(sysconfdir)/init/lxc-instance.conf
+	rm -f $(DESTDIR)$(sysconfdir)/init/lxc-net.conf
+	rmdir $(DESTDIR)$(sysconfdir)/init || :
+else
+install-upstart:
+uninstall-upstart:
+endif
+
+install-data-local: install-upstart
+
+uninstall-local: uninstall-upstart

config/init/upstart/lxc-instance.conf

@@ -0,0 +1,22 @@
+description "lxc instance"
+author "Christian Kampka <chris@emerge-life.de>"
+
+stop on stopping lxc
+
+# wait for 120 seconds for container to shutdown before killing it
+kill timeout 120
+
+# send SIGPWR to container to trigger a shutdown (see lxc-shutdown(1))
+kill signal SIGPWR
+
+
+instance $NAME
+usage "NAME=name of LXC instance"
+
+pre-start script
+	lxc-wait -s RUNNING -n $NAME -t 0 && { stop; exit 0; } || true
+end script
+
+script
+	exec lxc-start -n $NAME
+end script

config/init/upstart/lxc-net.conf

@@ -0,0 +1,86 @@
+description "lxc network"
+author "Serge Hallyn <serge.hallyn@canonical.com>"
+
+start on starting lxc
+stop on stopped lxc
+
+env USE_LXC_BRIDGE="false"
+env LXC_BRIDGE="lxcbr0"
+env LXC_ADDR="10.0.3.1"
+env LXC_NETMASK="255.255.255.0"
+env LXC_NETWORK="10.0.3.0/24"
+env LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
+env LXC_DHCP_MAX="253"
+env LXC_DHCP_CONFILE=""
+env varrun="/var/run/lxc"
+env LXC_DOMAIN=""
+
+pre-start script
+	[ -f /etc/default/lxc ] && . /etc/default/lxc
+
+	[ "x$USE_LXC_BRIDGE" = "xtrue" ] || { stop; exit 0; }
+
+	use_iptables_lock="-w"
+	iptables -w -L -n 2>&1 > /dev/null || use_iptables_lock=""
+	cleanup() {
+		# dnsmasq failed to start, clean up the bridge
+		iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
+		iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
+		iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
+		iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
+		iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true
+		iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
+		ifconfig ${LXC_BRIDGE} down || true
+		brctl delbr ${LXC_BRIDGE} || true
+	}
+
+	if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
+		if [ ! -f ${varrun}/network_up ]; then
+			# bridge exists, but we didn't start it
+			stop;
+		fi
+		exit 0;
+	fi
+
+	# set up the lxc network
+	brctl addbr ${LXC_BRIDGE} || { echo "Missing bridge support in kernel"; stop; exit 0; }
+	echo 1 > /proc/sys/net/ipv4/ip_forward
+	mkdir -p ${varrun}
+	ifconfig ${LXC_BRIDGE} ${LXC_ADDR} netmask ${LXC_NETMASK} up
+	iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
+	iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
+	iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
+	iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
+	iptables $use_iptables_lock -t nat -A POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE
+	iptables $use_iptables_lock -t mangle -A POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
+
+	LXC_DOMAIN_ARG=""
+	if [ -n "$LXC_DOMAIN" ]; then
+		LXC_DOMAIN_ARG="-s $LXC_DOMAIN"
+	fi
+	dnsmasq $LXC_DOMAIN_ARG -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file=${varrun}/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup
+	touch ${varrun}/network_up
+end script
+
+post-stop script
+	[ -f /etc/default/lxc ] && . /etc/default/lxc
+	[ -f "${varrun}/network_up" ] || exit 0;
+	# if $LXC_BRIDGE has attached interfaces, don't shut it down
+	ls /sys/class/net/${LXC_BRIDGE}/brif/* > /dev/null 2>&1 && exit 0;
+
+	if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
+		use_iptables_lock="-w"
+		iptables -w -L -n 2>&1 > /dev/null || use_iptables_lock=""
+		ifconfig ${LXC_BRIDGE} down
+		iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
+		iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
+		iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
+		iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
+		iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true
+		iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
+		pid=`cat ${varrun}/dnsmasq.pid 2>/dev/null` && kill -9 $pid || true
+		rm -f ${varrun}/dnsmasq.pid
+		brctl delbr ${LXC_BRIDGE}
+	fi
+	rm -f ${varrun}/network_up
+end script

config/init/upstart/lxc.conf

@@ -0,0 +1,27 @@
+description "lxc"
+author "Serge Hallyn <serge.hallyn@canonical.com>"
+
+start on runlevel [2345]
+stop on starting rc RUNLEVEL=[016]
+
+env LXC_AUTO="false"
+
+pre-start script
+	[ -f /etc/default/lxc ] && . /etc/default/lxc
+
+	# don't load profiles if mount mediation is not supported
+	SYSF=/sys/kernel/security/apparmor/features/mount/mask
+	if [ -f $SYSF ]; then
+		if [ -x /lib/init/apparmor-profile-load ]; then
+			/lib/init/apparmor-profile-load usr.bin.lxc-start
+			/lib/init/apparmor-profile-load lxc-containers
+		fi
+	fi
+
+	[ "x$LXC_AUTO" = "xtrue" ] || exit 0
+
+	lxc-autostart -L | while read line; do
+		set -- $line
+		(start lxc-instance NAME=$1 && sleep $2) || true
+	done
+end script

configure.ac

@@ -78,7 +78,7 @@ AM_CONDITIONAL([DISTRO_UBUNTU], [test "x$with_distro" = "xubuntu"])
 AC_MSG_CHECKING([for init system type])
 AC_ARG_WITH([init-script],
 	    [AC_HELP_STRING([--with-init-script@<:@=TYPE@<:@,TYPE,...@:>@@:>@],
-			    [Type(s) of init script to install: sysv, systemd, upstart,
+			    [Type(s) of init script to install: sysvinit, systemd, upstart,
 			     distro @<:@default=distro@:>@])],[],[with_init_script=distro])
 case "$with_init_script" in
 	distro)
@@ -87,17 +87,17 @@ case "$with_init_script" in
 				init_script=systemd
 				;;
 			redhat|centos|oracle|oracleserver)
-				init_script=sysv
+				init_script=sysvinit
 				;;
 			debian)
-				init_script=sysv,upstart,systemd
+				init_script=upstart,systemd
 				;;
 			ubuntu)
 				init_script=upstart
 				;;
 			*)
-				echo -n "Linux distribution init system unknown, defaulting to sysv"
-				init_script=sysv
+				echo -n "Linux distribution init system unknown."
+				init_script=
 				;;
 		esac
 		;;
@@ -110,7 +110,7 @@ esac
 (IFS="," ; for init_sys in $init_script;
 do
 	case "$init_sys" in
-		none|sysv|systemd|upstart)
+		none|sysvinit|systemd|upstart)
 			;;
 		*)
 			exit 1
@@ -118,7 +118,7 @@ do
 	esac
 done) || AC_MSG_ERROR([Unknown init system type in $init_script])
 
-AM_CONDITIONAL([INIT_SCRIPT_SYSV], [echo "$init_script" |grep -q "sysv"])
+AM_CONDITIONAL([INIT_SCRIPT_SYSV], [echo "$init_script" |grep -q "sysvinit"])
 AM_CONDITIONAL([INIT_SCRIPT_SYSTEMD], [echo "$init_script" |grep -q "systemd"])
 AM_CONDITIONAL([INIT_SCRIPT_UPSTART], [echo "$init_script" |grep -q "upstart"])
 AC_MSG_RESULT($init_script)
@@ -547,6 +547,10 @@ AC_CONFIG_FILES([
 	lxc.spec
 
 	config/Makefile
+	config/init/Makefile
+	config/init/sysvinit/Makefile
+	config/init/systemd/Makefile
+	config/init/upstart/Makefile
 	config/etc/Makefile
 	config/templates/Makefile
 	config/templates/debian.common.conf

lxc.spec.in

@@ -31,7 +31,7 @@
 BuildRequires: systemd-units
 %else
 %global with_systemd 0
-%define init_script sysv
+%define init_script sysvinit
 %endif
 
 # RPM needs alpha/beta/rc in Release: not Version: to ensure smooth

src/lxc/Makefile.am

@@ -165,11 +165,8 @@ bin_SCRIPTS = \
 
 EXTRA_DIST = \
 	lxc-device \
-	lxc-devsetup \
 	lxc-ls \
-	lxc-top \
-	lxc.service \
-	lxc.sysvinit
+	lxc-top
 
 if ENABLE_PYTHON
 bin_SCRIPTS += lxc-device
@@ -212,43 +209,6 @@ bin_PROGRAMS = \
 pkglibexec_PROGRAMS = \
 	lxc-init
 
-if INIT_SCRIPT_SYSV
-install-init: lxc.sysvinit
-	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/rc.d/init.d
-	$(INSTALL_SCRIPT) lxc.sysvinit $(DESTDIR)$(sysconfdir)/rc.d/init.d/lxc
-
-uninstall-init:
-	rm -f $(DESTDIR)$(sysconfdir)/rc.d/init.d/lxc
-	rmdir $(DESTDIR)$(sysconfdir)/rc.d/init.d || :
-else
-install-init:
-uninstall-init:
-endif
-
-if INIT_SCRIPT_SYSTEMD
-SYSTEMD_UNIT_DIR = /usr/lib/systemd/system
-install-systemd: lxc.service lxc-devsetup
-	$(MKDIR_P) $(DESTDIR)$(SYSTEMD_UNIT_DIR)
-	$(INSTALL_DATA) lxc.service $(DESTDIR)$(SYSTEMD_UNIT_DIR)/
-
-uninstall-systemd:
-	rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/lxc.service
-	rmdir $(DESTDIR)$(SYSTEMD_UNIT_DIR) || :
-pkglibexec_SCRIPTS = lxc-devsetup
-else
-install-systemd:
-uninstall-systemd:
-endif
-
-if INIT_SCRIPT_UPSTART
-# FIXME: install/uninstall upstart script here
-install-upstart:
-uninstall-upstart:
-else
-install-upstart:
-uninstall-upstart:
-endif
-
 AM_LDFLAGS = -Wl,-E
 if ENABLE_RPATH
 AM_LDFLAGS += -Wl,-rpath -Wl,$(libdir)
@@ -286,10 +246,6 @@ lxc_snapshot_SOURCES = lxc_snapshot.c
 lxc_usernsexec_SOURCES = lxc_usernsexec.c
 lxc_user_nic_SOURCES = lxc_user_nic.c network.c network.h
 
-install-data-local: install-init install-systemd install-upstart
-
-uninstall-local: uninstall-init uninstall-systemd uninstall-upstart
-
 install-exec-local: install-soPROGRAMS
 	mkdir -p $(DESTDIR)$(datadir)/lxc
 	install -c -m 644 lxc.functions $(DESTDIR)$(datadir)/lxc