Re: [Lxc-users] Mounting filesystem for container
As mentioned Serge, that maybe the cgroup device white list which prevent you to do that. You can check by temporarly comment out in /var/lib/lxc/mycontainer all the lxc.cgroup.devices lines and then launch the container again. If you are able to mount it, then you should add in the configuration file the line: lxc.cgroup.devices.allow = type major:minor perm Well, yes, that fixed it. Thank you. I had a gap in my knowledge. I assumed incorrectly that the mount was handled in the Host Environment and that the container would just see the mounted file system, therefore not needing access to the file systems's device node. However, I now see that is not the case - the mount is performed within the container and is not actually visible in the host environment (actually a good thing!). This leads me to ask some more questions though... 1) Why not just put the mount inside the container's /etc/fstab ? 2) When do these mounts happen? I have a problem with a daemon not starting during boot because, I think, the filesystem it needs is not yet there. sorry, just learning this stuff - very keen to leave OpenVZ behind -:) John. mail2web.com What can On Demand Business Solutions do for you? http://link.mail2web.com/Business/SharePoint -- Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Mounting filesystem for container
On 09/20/2010 11:13 AM, l...@jelmail.com wrote: As mentioned Serge, that maybe the cgroup device white list which prevent you to do that. You can check by temporarly comment out in /var/lib/lxc/mycontainer all the lxc.cgroup.devices lines and then launch the container again. If you are able to mount it, then you should add in the configuration file the line: lxc.cgroup.devices.allow =type major:minor perm Well, yes, that fixed it. Thank you. I had a gap in my knowledge. I assumed incorrectly that the mount was handled in the Host Environment and that the container would just see the mounted file system, therefore not needing access to the file systems's device node. That's the case if the system mounts something in the container rootfs, the mount point will be inherited in the container creation. It's the behaviour of the mount namespace. As soon as the container is created the new mount points will be isolated. There is a pending discussion with propagating the host mounts to the containers, but I am still looking at this if that fits the current design. However, I now see that is not the case - the mount is performed within the container and is not actually visible in the host environment (actually a good thing!). This leads me to ask some more questions though... 1) Why not just put the mount inside the container's /etc/fstab ? You can choose the better way of creating/configuring your container depending of your needs : add in the container's /etc/fstab, specify it in a local fstab or add a lxc.mount.entry option (which correspond to a line of fstab). Providing different ways of mounting allows to create a container with or without a root filesystem. You can use the host fs with a set of private directories (/var/run, /etc, /home, /tmp, ...) bind mounted to a private directory tree and share the host binaries, this is good to launch a big number of containers (eg. 1024 containers take 2,3 GB of private data only while the rest is shared). You can either specify the mount points in the container's /etc/fstab and let the 'mount' command to update the /etc/mtab and have different distros with different binaries. Another alternative is to launch an application only, like apache with its own configuration option bind mounted in a private directory, ... so you can launch several instances of apache and move you contained environment from one host to another host, etc ... You can create a empty rootfs with an empty directories tree (/usr, /lib, etc ...) and then read-only bind mount, you host directory (/usr = rootfs/usr, /lib = rootfs/lib, etc ...) while you keep private some other directories (eg. /home). Well there are a lot of configurations for the containers, for this reason, there are several ways to configure it. 2) When do these mounts happen? I have a problem with a daemon not starting during boot because, I think, the filesystem it needs is not yet there. These mounts happens before jumping to the rootfs with pivot_root because we may want to mount host filesystem to the container's rootfs. -- Daniel -- Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Mounting filesystem for container
On 09/17/2010 11:41 PM, l...@jelmail.com wrote: Hi, I just tried to mount a filesystem in a container and I got this: [root ~]# lxc-start -n mycontainer lxc-start: Operation not permitted - failed to mount '/dev/sdd1' on '/srv/lxc/mycontainer/mnt' lxc-start: failed to setup the mounts for 'mycontainer' lxc-start: failed to setup the container lxc-start: invalid sequence number 1. expected 2 lxc-start: failed to spawn 'mycontainer' [root ~]# What I did was put this in /etc/lxc/mycontainer.fstab: /dev/sdd1 /srv/lxc/mycontainer/mnt ext3 defaults 0 1 As mentioned Serge, that maybe the cgroup device white list which prevent you to do that. You can check by temporarly comment out in /var/lib/lxc/mycontainer all the lxc.cgroup.devices lines and then launch the container again. If you are able to mount it, then you should add in the configuration file the line: lxc.cgroup.devices.allow = type major:minor perm type : b (block), c (char), etc ... major : major number minor : minor number (wildcard is accepted) perms : r (read), w (write), m (mapping) -- Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] Mounting filesystem for container
Hi, I just tried to mount a filesystem in a container and I got this: [root ~]# lxc-start -n mycontainer lxc-start: Operation not permitted - failed to mount '/dev/sdd1' on '/srv/lxc/mycontainer/mnt' lxc-start: failed to setup the mounts for 'mycontainer' lxc-start: failed to setup the container lxc-start: invalid sequence number 1. expected 2 lxc-start: failed to spawn 'mycontainer' [root ~]# What I did was put this in /etc/lxc/mycontainer.fstab: /dev/sdd1 /srv/lxc/mycontainer/mnt ext3 defaults 0 1 Container boots file without that line. Does this mean I can't mount a filesystem that is for this container, and only for this container ? I did this on OpenVZ without issue. Thanks, John mail2web - Check your email from the web at http://link.mail2web.com/mail2web -- Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Mounting filesystem for container
Quoting l...@jelmail.com (l...@jelmail.com): Hi, I just tried to mount a filesystem in a container and I got this: [root ~]# lxc-start -n mycontainer lxc-start: Operation not permitted - failed to mount '/dev/sdd1' on '/srv/lxc/mycontainer/mnt' lxc-start: failed to setup the mounts for 'mycontainer' lxc-start: failed to setup the container lxc-start: invalid sequence number 1. expected 2 lxc-start: failed to spawn 'mycontainer' [root ~]# What I did was put this in /etc/lxc/mycontainer.fstab: /dev/sdd1 /srv/lxc/mycontainer/mnt ext3 defaults 0 1 Container boots file without that line. Does this mean I can't mount a filesystem that is for this container, and only for this container ? I did this on OpenVZ without issue. Probably the devices cgroup preventing you the access. In /var/lib/lxc/mycontainer/config you'll want to add access usin ga lxc.cgroup.devices.allow statement -- Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users