Is there any plan to support LXC in the default OpenWRT ?
The MVEBU platform may work with it on the official Turris Omnia refork of OpenWRT...
Can we get the LXC support for MVEBU platforms, EspressoBin Boards in the defaults OpenWRT ?
Thanks...
This LXC maintenance thread https://github.com/openwrt/packages/issues/7694 might be self-explanatory (lack of maintainer resources)
1 Like
Got all working...
Will try to produce a howto and make some diff to propose for mainline support...
Then will have to test 3.x and 4.0 versions of LXC !
Actually I have collected some tips, mainly from; https://github.com/zxdavb/openwrt_custom_packages
The autostart work with some uci commands (undocumented)...
The network works fine with some config tweak...
The kernel support is just simple as activating some components...
...STAY TUNED
1 Like
For References : [SOLVED] EspressoBin Board kernel and LXC
Patches needed for 19.07-snapshot :
diff --git a/utils/lxc/files/lxc-auto.init b/utils/lxc/files/lxc-auto.init
index 937f08269..dc293ecd3 100755
--- a/utils/lxc/files/lxc-auto.init
+++ b/utils/lxc/files/lxc-auto.init
@@ -58,3 +58,13 @@ stop() {
fi
}
+### ZX: Create missing LXC resources (cgroup mount points)
+boot() {
+ if [ ! -d /sys/fs/cgroup/systemd ]; then
+ echo "Creating systemd cgroup..."
+ mkdir -p /sys/fs/cgroup/systemd
+ mount -t cgroup -o rw,nosuid,nodev,noexec,relatime,none,name=systemd cgroup /sys/fs/cgroup/systemd
+ fi
+
+ start
+}
and
diff --git a/config/Config-kernel.in b/config/Config-kernel.in
index 87053b7f23..02c8b5f88e 100644
--- a/config/Config-kernel.in
+++ b/config/Config-kernel.in
@@ -200,15 +200,15 @@ config KERNEL_KPROBE_EVENTS
config KERNEL_AIO
bool "Compile the kernel with asynchronous IO support"
- default n
+ default y if !SMALL_FLASH
config KERNEL_FHANDLE
bool "Compile the kernel with support for fhandle syscalls"
- default n
+ default y if !SMALL_FLASH
config KERNEL_FANOTIFY
bool "Compile the kernel with modern file notification support"
- default n
+ default y if !SMALL_FLASH
config KERNEL_BLK_DEV_BSG
bool "Compile the kernel with SCSI generic v4 support for any block device"
@@ -322,7 +322,7 @@ config KERNEL_ENCRYPTED_KEYS
config KERNEL_CGROUPS
bool "Enable kernel cgroups"
- default n
+ default y if !SMALL_FLASH
if KERNEL_CGROUPS
@@ -361,7 +361,7 @@ if KERNEL_CGROUPS
config KERNEL_CPUSETS
bool "Cpuset support"
- default n
+ default y if !SMALL_FLASH
help
This option will let you create and manage CPUSETs which
allow dynamically partitioning a system into sets of CPUs and
@@ -375,14 +375,14 @@ if KERNEL_CGROUPS
config KERNEL_CGROUP_CPUACCT
bool "Simple CPU accounting cgroup subsystem"
- default n
+ default y if !SMALL_FLASH
help
Provides a simple Resource Controller for monitoring the
total CPU consumed by the tasks in a cgroup.
config KERNEL_RESOURCE_COUNTERS
bool "Resource counters"
- default n
+ default y if !SMALL_FLASH
help
This option enables controller independent resource accounting
infrastructure that works with cgroups.
@@ -393,7 +393,7 @@ if KERNEL_CGROUPS
config KERNEL_MEMCG
bool "Memory Resource Controller for Control Groups"
- default n
+ default y if !SMALL_FLASH
depends on KERNEL_RESOURCE_COUNTERS || !LINUX_3_18
help
Provides a memory resource controller that manages both anonymous
@@ -451,7 +451,7 @@ if KERNEL_CGROUPS
config KERNEL_MEMCG_KMEM
bool "Memory Resource Controller Kernel Memory accounting (EXPERIMENTAL)"
- default n
+ default y if !SMALL_FLASH
depends on KERNEL_MEMCG
help
The Kernel Memory extension for Memory Resource Controller can limit
@@ -472,7 +472,7 @@ if KERNEL_CGROUPS
menuconfig KERNEL_CGROUP_SCHED
bool "Group CPU scheduler"
- default n
+ default y if !SMALL_FLASH
help
This feature lets CPU scheduler recognize task groups and control CPU
bandwidth allocation to such task groups. It uses cgroups to group
@@ -482,7 +482,7 @@ if KERNEL_CGROUPS
config KERNEL_FAIR_GROUP_SCHED
bool "Group scheduling for SCHED_OTHER"
- default n
+ default y if !SMALL_FLASH
config KERNEL_CFS_BANDWIDTH
bool "CPU bandwidth provisioning for FAIR_GROUP_SCHED"
@@ -497,7 +497,7 @@ if KERNEL_CGROUPS
config KERNEL_RT_GROUP_SCHED
bool "Group scheduling for SCHED_RR/FIFO"
- default n
+ default y if !SMALL_FLASH
help
This feature lets you explicitly allocate real CPU bandwidth
to task groups. If enabled, it will also make it impossible to
@@ -563,7 +563,7 @@ endif
config KERNEL_NAMESPACES
bool "Enable kernel namespaces"
- default n
+ default y if !SMALL_FLASH
if KERNEL_NAMESPACES
@@ -611,7 +611,7 @@ endif
config KERNEL_LXC_MISC
bool "Enable miscellaneous LXC related options"
- default n
+ default y if !SMALL_FLASH
if KERNEL_LXC_MISC
@@ -643,13 +643,13 @@ endif
config KERNEL_SECCOMP_FILTER
bool
- default n
+ default y if !SMALL_FLASH
config KERNEL_SECCOMP
bool "Enable seccomp support"
depends on !(TARGET_uml)
select KERNEL_SECCOMP_FILTER
- default n
+ default y if !SMALL_FLASH
help
Build kernel with support for seccomp.
For auto boot, you will need also to modify the /etc/config/lxc-auto and add lxc vms like ;
config container
option name 'myDEBIAN'
option timeout '30'
for network support, you'll have to append at the end of your lxc VM config file the needed parameters, as ;
# Network configuration
lxc.net.0.type = veth
lxc.net.0.link = br-lan
lxc.net.0.flags = up
lxc.network.hwaddr = 00:FF:AA:00:00:02
then you'll get ip with dhcp (tested in debian buster and debian stretch)
post install after Debian rootfs download :
from openwrt :
# lxc-start -n myDEBIAN
# lxc-attach -n myDEBIAN
from myDEBIAN (LXC chrooted)
...
$ passwd root # optional
...
$ adduser admin
$ addgroup admin sudo
...
$ apt install ssh sudo nano
then you'll able to ssh to your LXC container :
ssh admin@myDEBIAN.local
tested with the official openwrt-19.07.3 branch, and just adding the 4 flags for LXC kernel, look like working with a charm !
Can this flags for lxc support in kernel beeing added in the main and official releases for mvebu ?
...thanks...
Just made a request on the buglist : https://bugs.openwrt.org/index.php?do=details&task_id=3305
I have tested with those flags :
CONFIG_KERNEL_LXC_MISC=y
CONFIG_LXC_KERNEL_OPTIONS=y
CONFIG_LXC_BUSYBOX_OPTIONS=y
CONFIG_LXC_SECCOMP=y
CONFIG_LXC_NETWORKING=y
May want to add a note regarding any additional kernel size, given the ongoing fight to shrink kernel size due to a couple of mvebu targets exceeding partition space. PR3205
1 Like
Thanks, I will test with latest kernel and also check the kernel size with the LXC necessary flags enabled...
Default Image (kernel) from official 19.07.4 = 7.6Mb
My own custom Image (kernel with LXC support) from tag 19.07.4 = 7.9Mb
Can someone give advice on how to better add these kernel flags ?
I want to make a PR to official master, but do not knew where LXC support can bestly been added !
lxc testing news from snapshot (version 4.0.2)
# Distribution configuration
lxc.include = /usr/share/lxc/config/common.conf
lxc.arch = linux64
instead of debian.conf
and 2 FIXME :
//FIXME ERROR: Unable to fetch GPG key from keyserver. -> opkg install gnupg-utils
//FIXME "lxc Failed to create lock for" -> mkdir /run
# LXC related stuff
CONFIG_KERNEL_NAMESPACES=y
CONFIG_KERNEL_UTS_NS=y
CONFIG_KERNEL_IPC_NS=y
CONFIG_KERNEL_PID_NS=y
CONFIG_KERNEL_USER_NS=y
CONFIG_KERNEL_NET_NS=y
CONFIG_KERNEL_CGROUPS=y
CONFIG_KERNEL_CGROUP_DEVICE=y
CONFIG_KERNEL_CGROUP_SCHED=y
CONFIG_KERNEL_FAIR_GROUP_SCHED=y
CONFIG_KERNEL_CFS_BANDWIDTH=y
CONFIG_KERNEL_CGROUP_PIDS=y
CONFIG_KERNEL_CGROUP_CPUACCT=y
CONFIG_KERNEL_CGROUP_FREEZER=y
CONFIG_KERNEL_CPUSETS=y
CONFIG_KERNEL_RESOURCE_COUNTERS=y
CONFIG_KERNEL_MEMCG=y
CONFIG_KERNEL_MEMCG_SWAP=y
CONFIG_KERNEL_POSIX_MQUEUE=y
CONFIG_KERNEL_LXC_MISC=y
CONFIG_LXC_KERNEL_OPTIONS=y
CONFIG_LXC_BUSYBOX_OPTIONS=y
CONFIG_LXC_SECCOMP=y
CONFIG_LXC_NETWORKING=y
CONFIG_RSYNC_xattr=y
I am setting a few others too
CONFIG_KERNEL_BLK_CGROUP=y
CONFIG_KERNEL_CC_STACKPROTECTOR_REGULAR=y
CONFIG_KERNEL_CFQ_GROUP_IOSCHED=y
CONFIG_KERNEL_DEVPTS_MULTIPLE_INSTANCES=y
CONFIG_KERNEL_FREEZER=y
CONFIG_KERNEL_IOSCHED_DEADLINE=m
CONFIG_KERNEL_MM_OWNER=y
CONFIG_KERNEL_NET_CLS_CGROUP=y
CONFIG_KERNEL_NETPRIO_CGROUP=y
hw: rpi4-8G
3 Likes
Thanks ! Will try to add them to my custom builds...