Skip to content

Instantly share code, notes, and snippets.

@tpokorra

tpokorra/lxc-pi

Created January 20, 2016 07:19
Show Gist options
  • Save tpokorra/8bc85d2963ddc219ba0a to your computer and use it in GitHub Desktop.
Save tpokorra/8bc85d2963ddc219ba0a to your computer and use it in GitHub Desktop.
Download ZIP
lxc container Raspberry Pi
Raw
lxc-pi
#!/bin/bash
#
# lxc: linux Container library
# Authors:
# Original Debian:
# Daniel Lezcano <[email protected]>
# Changes for Raspberry Pi by:
# Oliver Heller <[email protected]>
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
SUITE=${SUITE:-jessie}
MIRROR=${MIRROR:-http://archive.raspbian.org/raspbian}
configure_debian()
{
rootfs=$1
hostname=$2
# squeeze only has /dev/tty and /dev/tty0 by default,
# therefore creating missing device nodes for tty1-4.
for tty in $(seq 1 4); do
if [ ! -e $rootfs/dev/tty$tty ]; then
mknod $rootfs/dev/tty$tty c 4 $tty
fi
done
# configure the inittab
cat <<EOF > $rootfs/etc/inittab
id:2:initdefault:
si::sysinit:/etc/init.d/rcS
l0:0:wait:/etc/init.d/rc 0
l1:1:wait:/etc/init.d/rc 1
l2:2:wait:/etc/init.d/rc 2
l3:3:wait:/etc/init.d/rc 3
l4:4:wait:/etc/init.d/rc 4
l5:5:wait:/etc/init.d/rc 5
l6:6:wait:/etc/init.d/rc 6
# Normally not reached, but fallthrough in case of emergency.
z6:6:respawn:/sbin/sulogin
1:2345:respawn:/sbin/getty 38400 console
c1:12345:respawn:/sbin/getty 38400 tty1 linux
c2:12345:respawn:/sbin/getty 38400 tty2 linux
c3:12345:respawn:/sbin/getty 38400 tty3 linux
c4:12345:respawn:/sbin/getty 38400 tty4 linux
EOF
# disable selinux in debian
mkdir -p $rootfs/selinux
echo 0 > $rootfs/selinux/enforce
# configure the network using the dhcp
cat <<EOF > $rootfs/etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
EOF
# set the hostname
cat <<EOF > $rootfs/etc/hostname
$hostname
EOF
# reconfigure some services
LANG="${LANG:-en_US.UTF-8}"
locale="$LANG $(echo $LANG | cut -d. -f2)"
chroot $rootfs echo "locales locales/default_environment_locale select $LANG" | chroot $rootfs sh -c "LANG=C debconf-set-selections"
chroot $rootfs echo "locales locales/default_environment_locale seen true" | chroot $rootfs sh -c "LANG=C debconf-set-selections"
chroot $rootfs echo "locales locales/locales_to_be_generated seen true" | chroot $rootfs sh -c "LANG=C debconf-set-selections"
chroot $rootfs sed -i -e "0,/^[# ]*$locale *$/ s/^[# ]*$locale *$/$locale/" /etc/locale.gen
chroot $rootfs sh -c "LANG=C dpkg-reconfigure locales -f noninteractive"
# remove pointless services in a container
chroot $rootfs /usr/sbin/update-rc.d -f checkroot.sh remove # S
chroot $rootfs /usr/sbin/update-rc.d checkroot.sh stop 09 S .
chroot $rootfs /usr/sbin/update-rc.d -f umountfs remove # 0 6
chroot $rootfs /usr/sbin/update-rc.d umountfs start 09 0 6 .
chroot $rootfs /usr/sbin/update-rc.d -f umountroot remove # 0 6
chroot $rootfs /usr/sbin/update-rc.d umountroot start 10 0 6 .
# The following initscripts don't provide an empty start or stop block.
# To prevent them being enabled on upgrades, we leave a start link on
# runlevel 3.
chroot $rootfs /usr/sbin/update-rc.d -f hwclock.sh remove # S 0 6
chroot $rootfs /usr/sbin/update-rc.d hwclock.sh start 10 3 .
chroot $rootfs /usr/sbin/update-rc.d -f hwclockfirst.sh remove # S
chroot $rootfs /usr/sbin/update-rc.d hwclockfirst start 08 3 .
chroot $rootfs /usr/sbin/update-rc.d -f module-init-tools remove # S
chroot $rootfs /usr/sbin/update-rc.d module-init-tools start 10 3 .
echo "root:root" | chroot $rootfs chpasswd
echo "Root password is 'root', please change !"
return 0
}
cleanup()
{
rm -rf $cache/partial-$SUITE-$arch
rm -rf $cache/rootfs-$SUITE-$arch
}
download_debian()
{
packages=\
ifupdown,\
locales,\
libui-dialog-perl,\
dialog,\
isc-dhcp-client,\
netbase,\
net-tools,\
iproute,\
openssh-server
cache=$1
arch=$2
trap cleanup EXIT SIGHUP SIGINT SIGTERM
# check the mini debian was not already downloaded
mkdir -p "$cache/partial-$SUITE-$arch"
if [ $? -ne 0 ]; then
echo "Failed to create '$cache/partial-$SUITE-$arch' directory"
return 1
fi
# download a mini debian into a cache
echo "Downloading debian minimal ..."
qemu-debootstrap --verbose --variant=minbase --arch=$arch \
--include=$packages \
"$SUITE" "$cache/partial-$SUITE-$arch" $MIRROR
if [ $? -ne 0 ]; then
echo "Failed to download the rootfs, aborting."
return 1
fi
mv "$1/partial-$SUITE-$arch" "$1/rootfs-$SUITE-$arch"
echo "Download complete."
trap EXIT
trap SIGINT
trap SIGTERM
trap SIGHUP
return 0
}
copy_debian()
{
cache=$1
arch=$2
rootfs=$3
# make a local copy of the minidebian
echo -n "Copying rootfs to $rootfs..."
mkdir -p $rootfs
rsync -a "$cache/rootfs-$SUITE-$arch"/ $rootfs/ || return 1
return 0
}
install_debian()
{
cache="/var/cache/lxc/pi"
rootfs=$1
mkdir -p /var/lock/subsys/
(
flock -x 200
if [ $? -ne 0 ]; then
echo "Cache repository is busy."
return 1
fi
arch="armhf"
echo "Checking cache download in $cache/rootfs-$SUITE-$arch ... "
if [ ! -e "$cache/rootfs-$SUITE-$arch" ]; then
download_debian $cache $arch
if [ $? -ne 0 ]; then
echo "Failed to download 'debian base'"
return 1
fi
fi
copy_debian $cache $arch $rootfs
if [ $? -ne 0 ]; then
echo "Failed to copy rootfs"
return 1
fi
return 0
) 200>/var/lock/subsys/lxc
return $?
}
copy_configuration()
{
path=$1
rootfs=$2
name=$3
cat >> $path/config << EOF
# $path/config
## Container
lxc.utsname = $name
lxc.rootfs = $rootfs
lxc.tty = 4
lxc.pts = 1024
#lxc.console = /var/log/lxc/$name.console
## Capabilities
lxc.cap.drop = sys_admin
# uncomment the next line to run the container unconfined:
#lxc.aa_profile = unconfined
## Devices
#lxc.cgroup.devices.allow = a
lxc.cgroup.devices.deny = a
# /dev/null
lxc.cgroup.devices.allow = c 1:3 rwm
# /dev/zero
lxc.cgroup.devices.allow = c 1:5 rwm
# /dev/tty[1-4] consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# /dev/rtc
lxc.cgroup.devices.allow = c 254:0 rwm
## Limits
#lxc.cgroup.cpu.shares = 1024
#lxc.cgroup.cpuset.cpus = 0
#lxc.cgroup.memory.limit_in_bytes = 256M
#lxc.cgroup.memory.memsw.limit_in_bytes = 1G
## Filesystem
lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
lxc.mount.entry = sysfs sys sysfs defaults,ro 0 0
#lxc.mount.entry = /srv/$name srv/$name none defaults,bind 0 0
EOF
if [ $? -ne 0 ]; then
echo "Failed to add configuration"
return 1
fi
return 0
}
clean()
{
cache="/var/cache/lxc/pi"
if [ ! -e $cache ]; then
exit 0
fi
# lock, so we won't purge while someone is creating a repository
(
flock -x 200
if [ $? != 0 ]; then
echo "Cache repository is busy."
exit 1
fi
echo -n "Purging the download cache..."
rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1
exit 0
) 200>/var/lock/subsys/lxc
}
usage()
{
cat <<EOF
$1 -h|--help -p|--rootpath=<path> --clean
EOF
return 0
}
options=$(getopt -o hp:n:c -l help,path:,rootfs:,name:,clean -- "$@")
if [ $? -ne 0 ]; then
usage $(basename $0)
exit 1
fi
eval set -- "$options"
while true
do
case "$1" in
-h|--help) usage $0 && exit 0;;
-p|--path) path=$2; shift 2;;
--rootfs) rootfs=$2; shift 2;;
-n|--name) name=$2; shift 2;;
-c|--clean) clean=$2; shift 2;;
--) shift 1; break ;;
*) break ;;
esac
done
if [ ! -z "$clean" -a -z "$path" ]; then
clean || exit 1
exit 0
fi
type qemu-debootstrap
if [ $? -ne 0 ]; then
echo "'qemu-debootstrap' command is missing"
exit 1
fi
if [ -z "$path" ]; then
echo "'path' parameter is required"
exit 1
fi
if [ "$(id -u)" != "0" ]; then
echo "This script should be run as 'root'"
exit 1
fi
#rootfs=$path/rootfs
install_debian $rootfs
if [ $? -ne 0 ]; then
echo "failed to install debian"
exit 1
fi
configure_debian $rootfs $name
if [ $? -ne 0 ]; then
echo "failed to configure debian for a container"
exit 1
fi
copy_configuration $path $rootfs $name
if [ $? -ne 0 ]; then
echo "failed write configuration file"
exit 1
fi
if [ ! -z $clean ]; then
clean || exit 1
exit 0
fi
@tpokorra
Copy link
Author

For Jessie see debops/ansible-lxc#15

Adding to the end of the config file of the container:

# Custom container options
lxc.mount.auto = cgroup:mixed
lxc.mount.entry = tmpfs dev/shm tmpfs rw,nosuid,nodev,create=dir 0 0
lxc.mount.entry = tmpfs run tmpfs rw,nosuid,nodev,mode=755,create=dir 0 0
lxc.mount.entry = tmpfs run/lock tmpfs rw,nosuid,nodev,noexec,relatime,size=5120k,create=dir 0 0
lxc.mount.entry = debugfs sys/kernel/debug debugfs rw,relatime 0 0
lxc.mount.entry = mqueue dev/mqueue mqueue rw,relatime,create=dir 0 0
lxc.mount.entry = hugetlbfs dev/hugepages hugetlbfs rw,relatime,create=dir 0 0

lxc.cgroup.use = @all

Currently that still does not start for me

  lxc-start 1453274118.906 ERROR    lxc_cgmanager - cgmanager.c:cgm_setup_limits:1378 - call to cgmanager_set_value_sync failed: invalid request
  lxc-start 1453274118.906 ERROR    lxc_cgmanager - cgmanager.c:cgm_setup_limits:1381 - Error setting cgroup use:lxc/raspberry-jessie limit type use
  lxc-start 1453274118.906 ERROR    lxc_start - start.c:lxc_spawn:952 - failed to setup the cgroup limits for 'raspberry-jessie'
  lxc-start 1453274118.946 ERROR    lxc_start - start.c:__lxc_start:1121 - failed to spawn 'raspberry-jessie'
  lxc-start 1453274118.993 ERROR    lxc_start_ui - lxc_start.c:main:341 - The container failed to start.
  lxc-start 1453274118.993 ERROR    lxc_start_ui - lxc_start.c:main:345 - Additional information can be obtained by setting the --logfile and --logpriority options.

@tpokorra
Copy link
Author

trying the config file from Debian Jessie:

# Distribution configuration
lxc.include = /usr/share/lxc/config/debian.common.conf

# Container specific configuration
lxc.utsname                             = raspberry-jessie
lxc.rootfs                              = /var/lib/lxc/raspberry-jessie/rootfs

# Network configuration
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = lxcbr0
lxc.network.hwaddr = 00:16:3e:bd:05:d2
lxc.network.ipv4=10.0.3.50/24
lxc.network.ipv4.gateway=10.0.3.1
lxc.aa_profile = unconfined
lxc.kmsg = 0
lxc.autodev = 1
lxc.cap.drop = mknod

shows error:

systemd 215 running in system mode. (+PAM +AUDIT +SELINUX +IMA +SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ -SECCOMP -APPARMOR)
Detected virtualization 'lxc'.
Detected architecture 'arm'.

Welcome to Raspbian GNU/Linux 8 (jessie)!

Set hostname to <raspberry-jessie>.
Unsupported ioctl: cmd=0x8933
qemu: Unsupported syscall: 355
Failed to allocate manager object: Function not implemented

https://bugs.launchpad.net/qemu/+bug/1470170

@tpokorra
Copy link
Author

original script from https://d24m.de/opensource/2013/07/19/raspbian-unter-lxc.html

goes to /usr/share/lxc/templates/lxc-pi

sudo apt-get install qemu-user-static
sudo lxc-create -t pi -n raspberry-container

@tpokorra
Copy link
Author

on Fedora (qemu 2.3.1 in F22, https://apps.fedoraproject.org/packages/qemu):

sudo dnf install qemu
replace qemu-debootstrap with debootstrap in /usr/share/lxc/templates/lxc-pi
lxc-create -t pi -n raspberry-container

I get this error:

W: Failure trying to run: chroot /var/cache/lxc/pi/partial-jessie-armhf mount -t proc proc /proc
W: See /var/cache/lxc/pi/partial-jessie-armhf/debootstrap/debootstrap.log for details
Failed to download the rootfs, aborting.
Failed to download 'debian base'
failed to install debian
lxc-create: lxccontainer.c: create_run_template: 1201 container creation template for raspberry-container failed
lxc-create: lxc_create.c: main: 274 Error creating container raspberry-container

see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770658, setting Path in lxc-pi before debootstrap call

    PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

That does not seem to help.

Running the script directly:

/usr/share/lxc/templates/lxc-pi -p /var/cache/lxc/pi/test

I hope I could still find the debootstrap log file.

or even more directly:

debootstrap --verbose --variant=minbase --arch=armhf --include=ifupdown,locales,libui-dialog-perl,dialog,isc-dhcp-client,netbase,net-tools,iproute,openssh-server jessie /var/cache/lxc/pi/partial-jessie-armhf http://archive.raspbian.org/raspbian

Shows error:

W: Failure trying to run: chroot /var/cache/lxc/pi/partial-jessie-armhf mount -t proc proc /proc
W: See /var/cache/lxc/pi/partial-jessie-armhf/debootstrap/debootstrap.log for details

Detail in debootstrap.log:

chroot: failed to run command 'mount': No such file or directory

This happens when the arch is different. The /bin/mount works on ARM, but not on my 64 bit. So I need qemu-debootstrap, but I cannot find where to get that on Fedora...

see this: https://wiki.ubuntu.com/ARM/RootfsFromScratch/QemuDebootstrap

splitting into two parts:

rootfs=/var/cache/lxc/pi/partial-jessie-armhf
debootstrap --verbose --foreign --variant=minbase --arch=armhf --include=ifupdown,locales,libui-dialog-perl,dialog,isc-dhcp-client,netbase,net-tools,iproute,openssh-server jessie $rootfs http://archive.raspbian.org/raspbian
cp /usr/bin/qemu-arm $rootfs/usr/bin
sudo chroot $rootfs /bin/bash

that also does not work...

see https://wiki.debian.org/QemuUserEmulation and https://lists.fedoraproject.org/pipermail/arm/2014-January/007307.html

see http://unix.stackexchange.com/questions/41889/how-can-i-chroot-into-a-filesystem-with-a-different-architechture

see https://copr.fedorainfracloud.org/coprs/bboozzoo/qemu-arm-static/ I have rebuilt that package for my Fedora 22, and installed it. see https://copr.fedorainfracloud.org/coprs/tpokorra/qemu-arm-static/

qemu-binfmt-conf.sh
chroot $rootfs /bin/bash
      /debootstrap/debootstrap --second-stage

now works...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment