Adrian Moya's picture

Hi! As promised, I'm publishing today what I was able to advance on this topic. I basically took the original lxc-ubuntu script and remove everything that didn't make sense for the task, and added some stuff. The resulting script is meant to be run under a turnkeylinux environment with tklpatch installed, as it uses tklpatch-extract-iso to explode the iso. 

So to test this, you'll:

1. Download a turnkey iso.

2. Run tkl2lxc turnkey.iso

The script will result in a rootfs which you should be able to use under LXC. Just move it to /var/lib/lxc/mycontainername/ and add a config and fstab file (you can use the standar ubuntu files which lxc-ubuntu creates). 

Known issues:

- Init scripts are broken. The same that happened with ovz containers, so I think that Jed latests improvements on those could come handy here. Basically, one of them hangs and the others don't get run (inithooks never get runned). Meanwhile, you can ssh to the container and start up services manually. 

I have included in the script a function called tkl_extras, here we could add what's needed. Speaking of inithooks, there's an fgconsole command that doesn't work under lxc, so I commented it. There must be other things but I haven't have time to finish the script.

Feel free to modify/republish to see if we get this running!

Hans Harder's picture

I am missing the script... :)

where can I download it  ?


QUOTE:  ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol

Adrian Moya's picture

I forgot to hit the upload button after selecting the file . It's available now.

Hans Harder's picture


Most of it works...

I am currently adapting it and merging it with my own script which was also based on the ubuntu template.... and will adapt the init system also, so that inithooks are done also

Will post it later today

QUOTE:  ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol

Hans Harder's picture


I adapted the script and it is working alright now.  I use it as a standalone script now, so no tklpatch needed.  But to make things simpler I will rewrite it for TKLpatch, based on Jeremy's version.  That way you get a tar file and integrate a simple lxc template setup for it which you can use with lxc-create.

Currently it gives:

root@userver1:/var/lib/lxc/test# ./ turnkey-core-11.2-lucid-x86.iso
# extracting root filesystem and isolinux from ISO
Parallel unsquashfs: Using 1 processor
26687 inodes (27784 blocks) to write
[=================================================================/] 27784/27784 100%
created 24282 files
created 2809 directories
created 1808 symlinks
created 86 devices
created 0 fifos
copying dns servers ...
Generating locales...
  en_US.UTF-8... done
Generation complete.
Purging configuration files for webmin-raid ...
Removing webmin-fdisk ...
Purging configuration files for webmin-fdisk ...
Processing triggers for man-db ...
Processing triggers for libc-bin ...
ldconfig deferred processing now taking place
Finished creating lxc rootfs for turnkeylinux

and the lxc-start output

root@userver1:/var/lib/lxc/test# lxc-start -n test
 * Starting Initialization hooks
* Regenerating SSH cryptographic keys
Generating a 1024 bit RSA private key
writing new private key to '.tmpkey.pem'
writing RSA key
                                                                         [ OK ]
 * Starting Shell In A Box Daemon shellinabox                            [ OK ]
 * Starting webmin                                                       [ OK ]

Ubuntu 10.04.1 LTS core /dev/console

core login: root
Welcome to Core, TurnKey Linux 11.2 / Ubuntu 10.04 Lucid LTS
root@core ~# ps -ef
root         1     0  0 11:55 ?        00:00:00 /sbin/init
syslog      42     1  0 11:55 ?        00:00:00 rsyslogd -c4
root        65     1  0 11:55 ?        00:00:00 /usr/sbin/sshd
root        76     1  0 11:55 ?        00:00:00 cron
104        163     1  0 11:55 ?        00:00:00 /usr/bin/shellinaboxd -q --backg
104        165   163  0 11:55 ?        00:00:00 /usr/bin/shellinaboxd -q --backg
root       176     1  0 11:55 ?        00:00:00 /usr/bin/perl /usr/share/webmin/
root       189     1  0 11:55 console  00:00:00 /bin/login --
root       190     1  0 11:55 tty1     00:00:00 /sbin/getty -8 38400 tty1
root       208   189  2 11:55 console  00:00:00 -bash
root       243   208  0 11:55 console  00:00:00 ps -ef
root@core ~#

QUOTE:  ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol

Hans Harder's picture

Same as other thread...

I adapted Jeremy's tkliso2ovz and merged it with Adrian's lxc script and streamlined it a bit, and  now I have the same one for LXC  tkliso2lxc

Perhaps you can get it  and put it on your GitHub. That way you can generate OVZ and LXC files from the TKL iso's

I think TKL is now the only one which can generate prepared LXC containers... :)

apt-get update
apt-get install tklpatch
tklpatch-apply / TKLiso2lxc0.1.tar.gz

tkliso2lxc turnkey-core-11.2-lucid-x86.iso

Almost everything is the same, except the init scripts are original and for inithooks I created a interactive.d directory

I think ovz and lxc are almost compatible, so if there are changes in the ovz conf, they probably are needed also in the lxc conf file.

Inithooks works nicely, at first start keys are generated, for root there is no password.

I think the next job would be to make a template which can be used with lxc-create which just extracts the tar file in a rootfs directory, modifies the resolv.conf, sets the interfaces and sets the root password. 

Hans Harder's picture

make that  and it will work :)


QUOTE:  ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol

Hans Harder's picture


Currently I have the TKL lamp running on a RH6.1 box which is running in VM ESX

TKL lamp startup times are less then 5 seconds... and it is (now) a joy to work with :)


Only problem now is the sshd  which refuses connections with:

fatal: ssh_selinux_getctxbyname: ssh_selinux_getctxbyname: security_getenforce() failed

Probably this has to do with selinux which is enabled on the RH6.1 host


Also the upstart scripts in /etc/init  are troubling..... probably its me, but they are a real pain to get it working...   I am trying to reduce them and just use the init.d scripts.

Problems also with the /etc/network/if-up.d which started ntpdate and I forgot to remove the umount* scripts which resulted in a readonly host filesystem

I have made a small daemon for running inside the container (<10k) which will accept and execute commands from outside the container (using fifo's) and sending back the result. Which helps incase you want to have a proper shutdown instead of lxc-stop which  just kills it very hard.


The sshd seems to be now the only problem left, so I have to figure out what to do with it. As last resort, I will compile it from source altering the selinux check in it...

I will update the tkliso2lxc the coming days to a new improved version.





QUOTE:  ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol

Jeremy Davis's picture

OVZ has these same issues (although the SSH one may be a little different). I assume that the fixes used in the OVZ patch didn't work? Or didn't you fully apply them? (I'm guessing thats a possibility as the OVZ patch removes if-up, umount etc).

Hans Harder's picture

I adapted the first version  (0.2 version can be downloaded)

  • modified more /etc/init scripts
  • removed ntp
  • removed umount
  • At first login, new password is asked and the interactive setup is done
apt-get update
apt-get install tklpatch
tklpatch-apply / tkliso2lxc0.2.tar.gz

tkliso2lxc turnkey-core-11.2-lucid-x86.iso

Some experience:

  • Don't use a host with SElinux enabled, ssh does not work and lxc gives a lot of problems....
  • postfix seems not not start correctly.
  • use sysv init scripts to start/stop services

I use a bridge with an ip range, so the lxc containers have a seperate network  and I use ipchain (and masquerading) rules for connecting to/from the outside world.

I made a small cmd daemon for running inside a lxc containers, so from the host I can execute commands inside the container. Needed that for shutting down a container in an ordered fashion instead of using lxc-stop (pulling the power)

But its works like a charm.... Running inside a ESX vmware  RH6.1 host, a TKL lamp container starts within 3 seconds.

QUOTE:  ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol

Alon Swartz's picture

I've started to look into TurnKey support for LXC (and docker), and wanted to take a look at the work that's already been done, unfortunately the link mentioned above doesn't exist anymore.

If someone has a copy lying around, could you upload it somewhere?

Hans Harder's picture

You are missing the tklpatch programs

Read  the post about tklpatch:

For LXC it is easier now to take the OpenVZ files and modify them a bit.

QUOTE:  ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol

Alon Swartz's picture

Just in case anyone comes across this thread, we've announced TurnKey LXC - both an appliance as well as a generic TurnKey LXC template for deploying any TKL appliance in LXC. Full details in the announcement.

Add new comment