Home » Mailing lists » Users » More on making an OpenVZ template
| More on making an OpenVZ template [message #43284] |
Fri, 19 August 2011 20:18  |
samiam
Messages: 15
Registered: July 2011
|
Junior Member |
|
|
I am continuing the work of making a tiny OpenVZ template. One
discovery I have is that, for the OpenVZ tools to work, not only is it
mandatory for the system to have the Bash shell, but also that /bin/sh
has to be a symlink to Bash. This is because the "vzctl" program
prepends the contents of the Bash-only
"/etc/vz/dists/scripts/functions" script to any script used by the
container to configure the system, and there does not appear to be any
way to configure a container to not use this Bash-only script.
In other words, any OpenVZ template without /bin/sh being an alias for
Bash can not be configured via the "vzctl" tools (nor the
corresponding Proxmox/SolusVM/whataever tools that call "vzctl").
This in mind, the next release of TinyVZ will include the Bash shell.
I actually prefer Bash over Busybox's "ash" shell; I *really* miss the
"!$" and "!*" shortcuts, as well as the "history" command, when using
this minimal shell.
Since this is an open source project I am not getting paid for, I have
no timeline of when I will make another TinyVZ release, nor do I
guarantee I will even make such a release. Working on TinyVZ has
taught me a lot about OpenVZ and hopefully is something that is
useful.
- Sam
|
|
|
|
| Re: More on making an OpenVZ template [message #43285 is a reply to message #43284] |
Sat, 20 August 2011 16:53  |
Benjamin Henrion
Messages: 51
Registered: February 2011
|
Member |
|
|
On Fri, Aug 19, 2011 at 10:18 PM, Sam Trenholme
<strenholme.usenet@gmail.com> wrote:
> I am continuing the work of making a tiny OpenVZ template. One
> discovery I have is that, for the OpenVZ tools to work, not only is it
> mandatory for the system to have the Bash shell, but also that /bin/sh
> has to be a symlink to Bash. This is because the "vzctl" program
> prepends the contents of the Bash-only
> "/etc/vz/dists/scripts/functions" script to any script used by the
> container to configure the system, and there does not appear to be any
> way to configure a container to not use this Bash-only script.
>
> In other words, any OpenVZ template without /bin/sh being an alias for
> Bash can not be configured via the "vzctl" tools (nor the
> corresponding Proxmox/SolusVM/whataever tools that call "vzctl").
>
> This in mind, the next release of TinyVZ will include the Bash shell.
> I actually prefer Bash over Busybox's "ash" shell; I *really* miss the
> "!$" and "!*" shortcuts, as well as the "history" command, when using
> this minimal shell.
>
> Since this is an open source project I am not getting paid for, I have
> no timeline of when I will make another TinyVZ release, nor do I
> guarantee I will even make such a release. Working on TinyVZ has
> taught me a lot about OpenVZ and hopefully is something that is
> useful.
This is a very useful for me, I was about to spend time on an openwrt
container, which does not use bash at all.
Where in the source code of vzctl do you see this requirement?
--
Benjamin Henrion <bhenrion at ffii.org>
FFII Brussels - +32-484-566109 - +32-2-4148403
"In July 2005, after several failed attempts to legalise software
patents in Europe, the patent establishment changed its strategy.
Instead of explicitly seeking to sanction the patentability of
software, they are now seeking to create a central European patent
court, which would establish and enforce patentability rules in their
favor, without any possibility of correction by competing courts or
democratically elected legislators."
|
|
|
|
| Re: More on making an OpenVZ template [message #43286 is a reply to message #43285] |
Sat, 20 August 2011 17:12 |
samiam
Messages: 15
Registered: July 2011
|
Junior Member |
|
|
The actual deed of concatenating the Bash-only script with the
distribution-specific script run by vzctl is done by the read_script()
function in src/lib/script.c. read_script() is, in turn, called by
vps_exec_script() in src/lib/exec.c; vps_exec_script() is called from
several places.
The offending script has the name DIST_FUNC whenever it is used to
specify the offending function in vps_exec_script(). DIST_FUNC is
specified in include/dist.h.
Yes, the code is spaghetti code; it took me hours to unravel all of this.
The best solution to this issue would be to replace DIST_FUNC with a
parameter that can be controlled by the /etc/vz/dists/${distname}.func
configuration file.
- Sam
2011/8/20 Benjamin Henrion <bh@udev.org>:
> On Fri, Aug 19, 2011 at 10:18 PM, Sam Trenholme
> <strenholme.usenet@gmail.com> wrote:
>> I am continuing the work of making a tiny OpenVZ template. One
>> discovery I have is that, for the OpenVZ tools to work, not only is it
>> mandatory for the system to have the Bash shell, but also that /bin/sh
>> has to be a symlink to Bash. This is because the "vzctl" program
>> prepends the contents of the Bash-only
>> "/etc/vz/dists/scripts/functions" script to any script used by the
>> container to configure the system, and there does not appear to be any
>> way to configure a container to not use this Bash-only script.
>>
>> In other words, any OpenVZ template without /bin/sh being an alias for
>> Bash can not be configured via the "vzctl" tools (nor the
>> corresponding Proxmox/SolusVM/whataever tools that call "vzctl").
>>
>> This in mind, the next release of TinyVZ will include the Bash shell.
>> I actually prefer Bash over Busybox's "ash" shell; I *really* miss the
>> "!$" and "!*" shortcuts, as well as the "history" command, when using
>> this minimal shell.
>>
>> Since this is an open source project I am not getting paid for, I have
>> no timeline of when I will make another TinyVZ release, nor do I
>> guarantee I will even make such a release. Working on TinyVZ has
>> taught me a lot about OpenVZ and hopefully is something that is
>> useful.
>
> This is a very useful for me, I was about to spend time on an openwrt
> container, which does not use bash at all.
>
> Where in the source code of vzctl do you see this requirement?
>
> --
> Benjamin Henrion <bhenrion at ffii.org>
> FFII Brussels - +32-484-566109 - +32-2-4148403
> "In July 2005, after several failed attempts to legalise software
> patents in Europe, the patent establishment changed its strategy.
> Instead of explicitly seeking to sanction the patentability of
> software, they are now seeking to create a central European patent
> court, which would establish and enforce patentability rules in their
> favor, without any possibility of correction by competing courts or
> democratically elected legislators."
>
|
|
|
|
| Re: More on making an OpenVZ template [message #43295 is a reply to message #43284] |
Sun, 21 August 2011 14:10 |
|
|
On 08/20/2011 12:18 AM, Sam Trenholme wrote:
> I am continuing the work of making a tiny OpenVZ template. One
> discovery I have is that, for the OpenVZ tools to work, not only is it
> mandatory for the system to have the Bash shell, but also that /bin/sh
> has to be a symlink to Bash. This is because the "vzctl" program
> prepends the contents of the Bash-only
> "/etc/vz/dists/scripts/functions" script to any script used by the
> container to configure the system, and there does not appear to be any
> way to configure a container to not use this Bash-only script.
>
> In other words, any OpenVZ template without /bin/sh being an alias for
> Bash can not be configured via the "vzctl" tools (nor the
> corresponding Proxmox/SolusVM/whataever tools that call "vzctl").
>
> This in mind, the next release of TinyVZ will include the Bash shell.
> I actually prefer Bash over Busybox's "ash" shell; I *really* miss the
> "!$" and "!*" shortcuts, as well as the "history" command, when using
> this minimal shell.
This is one way of doing things. The other way would be to rectify the
'/etc/dists/scripts/functions' to not be dependent on bash.
I am currently looking at it, so far I only found that it uses the
'function' keyword
which is bashism. With that removed, it looks like it is working fine in
either dash
or busybox sh.
I have committed the patch:
http://git.openvz.org/?p=vzctl;a=commit;h=f83b28435f582f2f74fb3267b89b061a551b32e2
And then a few more (to check it works in Debian without /bin/bash):
http://git.openvz.org/?p=vzctl;a=commit;h=a86beacde8c1fba4002eaf5bf48a535e7d46ffc0
http://git.openvz.org/?p=vzctl;a=commit;h=382f306cd0865bb4bcafc4f7a4b5cfe2f809296c
> Since this is an open source project I am not getting paid for, I have
> no timeline of when I will make another TinyVZ release, nor do I
> guarantee I will even make such a release. Working on TinyVZ has
> taught me a lot about OpenVZ and hopefully is something that is
> useful.
>
> - Sam
Kir Kolyshkin
|
|
|
|
| Re: More on making an OpenVZ template [message #43297 is a reply to message #43295] |
Sun, 21 August 2011 15:26 |
Benjamin Henrion
Messages: 51
Registered: February 2011
|
Member |
|
|
On Sun, Aug 21, 2011 at 4:10 PM, Kir Kolyshkin <kir@openvz.org> wrote:
> On 08/20/2011 12:18 AM, Sam Trenholme wrote:
>>
>> I am continuing the work of making a tiny OpenVZ template. One
>> discovery I have is that, for the OpenVZ tools to work, not only is it
>> mandatory for the system to have the Bash shell, but also that /bin/sh
>> has to be a symlink to Bash. This is because the "vzctl" program
>> prepends the contents of the Bash-only
>> "/etc/vz/dists/scripts/functions" script to any script used by the
>> container to configure the system, and there does not appear to be any
>> way to configure a container to not use this Bash-only script.
>>
>> In other words, any OpenVZ template without /bin/sh being an alias for
>> Bash can not be configured via the "vzctl" tools (nor the
>> corresponding Proxmox/SolusVM/whataever tools that call "vzctl").
>>
>> This in mind, the next release of TinyVZ will include the Bash shell.
>> I actually prefer Bash over Busybox's "ash" shell; I *really* miss the
>> "!$" and "!*" shortcuts, as well as the "history" command, when using
>> this minimal shell.
>
> This is one way of doing things. The other way would be to rectify the
> '/etc/dists/scripts/functions' to not be dependent on bash.
>
> I am currently looking at it, so far I only found that it uses the
> 'function' keyword
> which is bashism. With that removed, it looks like it is working fine in
> either dash
> or busybox sh.
>
> I have committed the patch:
> http://git.openvz.org/?p=vzctl;a=commit;h=f83b28435f582f2f74fb3267b89b061a551b32e2
>
> And then a few more (to check it works in Debian without /bin/bash):
> http://git.openvz.org/?p=vzctl;a=commit;h=a86beacde8c1fba4002eaf5bf48a535e7d46ffc0
> http://git.openvz.org/?p=vzctl;a=commit;h=382f306cd0865bb4bcafc4f7a4b5cfe2f809296c
I have compiled it, and I can report it works, I have remove the bash
binary I got from tinyvz, and now it enters well in openwrt rootfs (I
have tested with the original vzctl 3.0.24 where it fails to enter if
there is no /bin/bash):
==================================================
root@mybox /root/zoobab/openwrt-openvz [46]# ./vzctl --version
vzctl version 3.0.28.3-70.git.382f306
root@mybox /root/zoobab/openwrt-openvz [40]# ./vzctl enter 889
entered into CT 889
BusyBox v1.15.3 (2011-07-14 17:03:04 CEST) built-in shell (ash)
Enter 'help' for a list of built-in commands.
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
Backfire (10.03.1-RC5, r27608) --------------------------
* 1/3 shot Kahlua In a shot glass, layer Kahlua
* 1/3 shot Bailey's on the bottom, then Bailey's,
* 1/3 shot Vodka then Vodka.
---------------------------------------------------
root@OpenWrt:/#
==================================================
--
Benjamin Henrion <bhenrion at ffii.org>
FFII Brussels - +32-484-566109 - +32-2-4148403
"In July 2005, after several failed attempts to legalise software
patents in Europe, the patent establishment changed its strategy.
Instead of explicitly seeking to sanction the patentability of
software, they are now seeking to create a central European patent
court, which would establish and enforce patentability rules in their
favor, without any possibility of correction by competing courts or
democratically elected legislators."
|
|
|
|
| Re: More on making an OpenVZ template [message #43298 is a reply to message #43297] |
Sun, 21 August 2011 16:18 |
|
|
On 08/21/2011 07:26 PM, Benjamin Henrion wrote:
> On Sun, Aug 21, 2011 at 4:10 PM, Kir Kolyshkin<kir@openvz.org> wrote:
>> I have committed the patch:
>> http://git.openvz.org/?p=vzctl;a=commit;h=f83b28435f582f2f74fb3267b89b061a551b32e2
>>
>> And then a few more (to check it works in Debian without /bin/bash):
>> http://git.openvz.org/?p=vzctl;a=commit;h=a86beacde8c1fba4002eaf5bf48a535e7d46ffc0
>> http://git.openvz.org/?p=vzctl;a=commit;h=382f306cd0865bb4bcafc4f7a4b5cfe2f809296c
> I have compiled it, and I can report it works
Thanks for testing!
> I have remove the bash
> binary I got from tinyvz, and now it enters well in openwrt rootfs (I
> have tested with the original vzctl 3.0.24 where it fails to enter if
> there is no /bin/bash):
Well, these patches only affect vzctl create (which runs postcreate.sh
script)
and vzctl set (--ipadd/--ipdel, --nameserver, --hostname, --quotaugidlimit
and --userpasswd).
vzctl enter have nothing to do with the abovementioned patches.
There was a bug in vzctl which prevented enter/exec to work if there was
no /bin/bash in CT and /bin/sh was the one from busybox, see
http://bugzilla.openvz.org/1314
Hmm, strange, my changelogs say it was fixed in vzctl-3.0.24...perhaps you
were using some earlier version?
For the record, the fixes were:
http://git.openvz.org/?p=vzctl;a=commitdiff;h=aeb821cd
http://git.openvz.org/?p=vzctl;a=commitdiff;h=adb8af36
>
> ==================================================
> root@mybox /root/zoobab/openwrt-openvz [46]# ./vzctl --version
> vzctl version 3.0.28.3-70.git.382f306
> root@mybox /root/zoobab/openwrt-openvz [40]# ./vzctl enter 889
> entered into CT 889
>
>
> BusyBox v1.15.3 (2011-07-14 17:03:04 CEST) built-in shell (ash)
> Enter 'help' for a list of built-in commands.
>
> _______ ________ __
> | |.-----.-----.-----.| | | |.----.| |_
> | - || _ | -__| || | | || _|| _|
> |_______|| __|_____|__|__||________||__| |____|
> |__| W I R E L E S S F R E E D O M
> Backfire (10.03.1-RC5, r27608) --------------------------
> * 1/3 shot Kahlua In a shot glass, layer Kahlua
> * 1/3 shot Bailey's on the bottom, then Bailey's,
> * 1/3 shot Vodka then Vodka.
> ---------------------------------------------------
> root@OpenWrt:/#
> ==================================================
>
Kir Kolyshkin
|
|
|
|
| Re: More on making an OpenVZ template [message #43299 is a reply to message #43298] |
Sun, 21 August 2011 16:40 |
Benjamin Henrion
Messages: 51
Registered: February 2011
|
Member |
|
|
On Sun, Aug 21, 2011 at 6:18 PM, Kir Kolyshkin <kir@openvz.org> wrote:
> On 08/21/2011 07:26 PM, Benjamin Henrion wrote:
>>
>> On Sun, Aug 21, 2011 at 4:10 PM, Kir Kolyshkin<kir@openvz.org> wrote:
>>>
>>> I have committed the patch:
>>>
>>> http://git.openvz.org/?p=vzctl;a=commit;h=f83b28435f582f2f74fb3267b89b061a551b32e2
>>>
>>> And then a few more (to check it works in Debian without /bin/bash):
>>>
>>> http://git.openvz.org/?p=vzctl;a=commit;h=a86beacde8c1fba4002eaf5bf48a535e7d46ffc0
>>>
>>> http://git.openvz.org/?p=vzctl;a=commit;h=382f306cd0865bb4bcafc4f7a4b5cfe2f809296c
>>
>> I have compiled it, and I can report it works
>
> Thanks for testing!
>
>> I have remove the bash
>> binary I got from tinyvz, and now it enters well in openwrt rootfs (I
>> have tested with the original vzctl 3.0.24 where it fails to enter if
>> there is no /bin/bash):
>
> Well, these patches only affect vzctl create (which runs postcreate.sh
> script)
> and vzctl set (--ipadd/--ipdel, --nameserver, --hostname, --quotaugidlimit
> and --userpasswd).
>
> vzctl enter have nothing to do with the abovementioned patches.
>
> There was a bug in vzctl which prevented enter/exec to work if there was
> no /bin/bash in CT and /bin/sh was the one from busybox, see
> http://bugzilla.openvz.org/1314
>
> Hmm, strange, my changelogs say it was fixed in vzctl-3.0.24...perhaps you
> were using some earlier version?
I am using the one of debian squeeze:
root@mybox /root/zoobab/openwrt-openvz [5]# vzctl --version
vzctl version 3.0.24
Will check in the debian sources if the patch was applied or not.
--
Benjamin Henrion <bhenrion at ffii.org>
FFII Brussels - +32-484-566109 - +32-2-4148403
"In July 2005, after several failed attempts to legalise software
patents in Europe, the patent establishment changed its strategy.
Instead of explicitly seeking to sanction the patentability of
software, they are now seeking to create a central European patent
court, which would establish and enforce patentability rules in their
favor, without any possibility of correction by competing courts or
democratically elected legislators."
|
|
|
|
| Re: More on making an OpenVZ template [message #43303 is a reply to message #43299] |
Sun, 21 August 2011 21:13 |
samiam
Messages: 15
Registered: July 2011
|
Junior Member |
|
|
> I am using the one of debian squeeze:
As a side note, one of my long-standing annoyance with Debian's
software policies is that, once a given release is frozen, Debian will
not update a software package unless there is a CVE-worth security bug
in it. Other bugs will not get fixed. Not even if the fix is minor.
They certainly will not keep current with a release in any bugfix-only
branch of the software provided upstream.
I can understand this software policy; open-source development is, by
nature, undisciplined and a lot of developers are not very good at
only fixing bugs without adding other potential bug-inducing features.
Debian's policies wouldn't be a big deal, except that some Debian
users have this really annoying habit of bugging upstream about a bug
which has already been fixed upstream, just not applied to the
appropriate Debian software repository. There is a Debian bug
tracking system to file bug reports or feature requests, and Debian
users are probably best using this system; if the package maintainer
says it's an upstream issue, then it is time to contact upstream about
the issue.
- Sam
|
|
|
|
| Re: More on making an OpenVZ template [message #43304 is a reply to message #43295] |
Sun, 21 August 2011 21:30 |
samiam
Messages: 15
Registered: July 2011
|
Junior Member |
|
|
Thank you very much for fixing this bug. I can't think of an active
Linux distribution that doesn't have a POSIX-compatible /bin/sh out
there [1] [2], so it's reasonable to expect a container to have
/bin/sh (which can be dash, busybox, pdksh, whatever).
- Sam
[1] There are projects which use Plan 9's userspace instead of a
POSIX-compatible one, but none of them are a full non-POSIX-compatible
Linux distro. Plan 9 from User Space is an addition to a
POSIX-compatible Linux distribution. The Glendix project, which would
have been a non-POSIX-like distro, hasn't been updated since 2009.
[2] There is csh and tcsh, and maybe some BSD systems in the 1980s had
csh but no /bin/sh, but the only recent system to use a csh as a
default shell was Mac OS X up until 10.3 (tcsh). There is also fish,
but there doesn't appear to be any full fledged distro that replaced
/bin/sh with fish. Ksh is POSIX compatible; all the other UNIX
command shell projects (except possibly kes) appear moribund or dead.
2011/8/21 Kir Kolyshkin <kir@openvz.org>:
> On 08/20/2011 12:18 AM, Sam Trenholme wrote:
>>
>> I am continuing the work of making a tiny OpenVZ template. One
>> discovery I have is that, for the OpenVZ tools to work, not only is it
>> mandatory for the system to have the Bash shell, but also that /bin/sh
>> has to be a symlink to Bash. This is because the "vzctl" program
>> prepends the contents of the Bash-only
>> "/etc/vz/dists/scripts/functions" script to any script used by the
>> container to configure the system, and there does not appear to be any
>> way to configure a container to not use this Bash-only script.
>>
>> In other words, any OpenVZ template without /bin/sh being an alias for
>> Bash can not be configured via the "vzctl" tools (nor the
>> corresponding Proxmox/SolusVM/whataever tools that call "vzctl").
>>
>> This in mind, the next release of TinyVZ will include the Bash shell.
>> I actually prefer Bash over Busybox's "ash" shell; I *really* miss the
>> "!$" and "!*" shortcuts, as well as the "history" command, when using
>> this minimal shell.
>
> This is one way of doing things. The other way would be to rectify the
> '/etc/dists/scripts/functions' to not be dependent on bash.
>
> I am currently looking at it, so far I only found that it uses the
> 'function' keyword
> which is bashism. With that removed, it looks like it is working fine in
> either dash
> or busybox sh.
>
> I have committed the patch:
> http://git.openvz.org/?p=vzctl;a=commit;h=f83b28435f582f2f74fb3267b89b061a551b32e2
>
> And then a few more (to check it works in Debian without /bin/bash):
> http://git.openvz.org/?p=vzctl;a=commit;h=a86beacde8c1fba4002eaf5bf48a535e7d46ffc0
> http://git.openvz.org/?p=vzctl;a=commit;h=382f306cd0865bb4bcafc4f7a4b5cfe2f809296c
>
>> Since this is an open source project I am not getting paid for, I have
>> no timeline of when I will make another TinyVZ release, nor do I
>> guarantee I will even make such a release. Working on TinyVZ has
>> taught me a lot about OpenVZ and hopefully is something that is
>> useful.
>>
>> - Sam
|
|
|
|
| Re: More on making an OpenVZ template [message #44424 is a reply to message #43303] |
Wed, 07 December 2011 04:42 |
Enrico Weigelt
Messages: 31
Registered: July 2006
|
Member |
|
|
* Sam Trenholme <strenholme.usenet@gmail.com> wrote:
> Debian's policies wouldn't be a big deal, except that some Debian
> users have this really annoying habit of bugging upstream about a bug
> which has already been fixed upstream, just not applied to the
> appropriate Debian software repository. There is a Debian bug
> tracking system to file bug reports or feature requests, and Debian
> users are probably best using this system; if the package maintainer
> says it's an upstream issue, then it is time to contact upstream about
> the issue.
Is there an separate repository containing new packages ?
If not, we should just create one.
cu
--
------------------------------------------------------------ ----------
Enrico Weigelt, metux IT service -- http://www.metux.de/
phone: +49 36207 519931 email: weigelt@metux.de
mobile: +49 151 27565287 icq: 210169427 skype: nekrad666
------------------------------------------------------------ ----------
Embedded-Linux / Portierung / Opensource-QM / Verteilte Systeme
------------------------------------------------------------ ----------
|
|
|
|
Goto Forum:
Current Time: Sun May 19 10:10:39 GMT 2024
Total time taken to generate the page: 0.01391 seconds
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
