Re: [Lxc-users] Moving lxc containers
On Sun, 27 Mar 2011, 11:34:47 EEST, Amit Uttamchandani amit.ut...@gmail.com wrote: I'm just wondering what the best way is to move an lxc container? Can I just tar the root filesystem and untar it on another system? Or should I rsync it over? I understand that before doing any of the above, the container should be shutdown first. However, is there a way to do this while the container is running? Thanks, Amit -- Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users AFAIK you should be able to tar the filesystem even while running in case the container isx already running you might want to skip a few dirs like /proc and /sys and /dev and maybe /var/run -- br rh-- Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Moving lxc containers
On Tue, Mar 29, 2011 at 2:21 AM, Amit Uttamchandani amit.ut...@gmail.comwrote: On Mon, Mar 28, 2011 at 12:59:25PM +1100, Trent W. Buck wrote: If you use tar, make sure to pass --numeric-owner, ESPECIALLY if the container is RH-derived and the host is Debian-derived (or vice-versa). Otherwise things MOSTLY work except you get a few really strange behaviours, and you eventually track it down and realize that the untar operation changed UIDs to match the new dom0, e.g. the container sees -rwsr-xr-- 1 root cups 48112 Feb 18 07:18 /usr/lib/dbus-1.0/dbus-daemon-launch-helper instead of -rwsr-xr-- 1 root messagebug 48112 Feb 18 07:18 /usr/lib/dbus-1.0/dbus-daemon-launch-helper Thanks for the reply. Hmmm...I could try this. I was thinking more along the lines of rsync. Since some containers are running production code, I would then rsync over the container to another system, make and test changes on the mirrored container and then rsync back the changes. -- Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users If this is a production system, I wouldn't rsync back the changes rsync to create the staging container, but rsync back to update the production won't be a good idea what i would do is clone the production using rsync, make changes, then if successfull i would redo the same work on the production -- Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] fedora template
I have been working on a fedora template that actually works febootstrap is not anymore producing fedora rootfs but rather a minimal fedora appliance my solution works by using yum instead, but I am facing a really weired situation whenever i start my fedora container, it would actually try to change the init level of the host host is f14 and container is f14 could anyone shed some light on how the container is actually being isolated, so i can start from there or how can i debug? script used to create the container attached, it is based on the current template with a few modifications here and there -- BR RH lxc-fedora.in Description: Binary data -- Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] fedora template
On Wed, Mar 30, 2011 at 2:19 AM, Serge E. Hallyn serge.hal...@ubuntu.comwrote: Quoting Ramez Hanna (rha...@informatiq.org): I have been working on a fedora template that actually works febootstrap is not anymore producing fedora rootfs but rather a minimal Really, febootstrap can't be used to create a rootfs at all any more? yes as mentioned here http://people.redhat.com/~rjones/febootstrap/ --quote-- febootstrap 3.x is a complete rewrite. febootstrap 2.x could only build Fedora distributions. This version can build many varieties of Linux distros. 3.x only builds supermin appliances, it does not build chroots. --unquote-- fedora appliance my solution works by using yum instead, but I am facing a really weired situation whenever i start my fedora container, it would actually try to change the init level of the host host is f14 and container is f14 could anyone shed some light on how the container is actually being isolated, so i can start from there or how can i debug? script used to create the container attached, it is based on the current template with a few modifications here and there Note that for me to use this template on ubuntu, I have to specify '-R 14', but lxc-create doesn't allow me to forward that option. So I have to first create the config file and then run fedora2 by hand. After that, for some reason I still have no actual rootfs :(. this is a typo in the script i fixed it, find the latest version attached As for trouble with init - is your fedora using systemd? How does it actually start runlevel changes? Upstart uses dbus over abstract unix socket (which is containerized with netns), sysvinit uses ioctl over /dev/init which is a distinct file from the one in the container... Does systemd do something we're not containerizing right now? fedora 14 uses upstart, not yet systemd which is coming along with fedora15 I have a previously created container with febootstrap of fedora 13 and that works, 13 also uses upstart so it must be some config i tried to diff the packages but couldn't see anything that makes sense I'd love to get a working fedora template. i'd love to be able to create new fedora containers thanks, -serge -- Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] fedora template
On Wed, Mar 30, 2011 at 11:10 AM, Ramez Hanna rha...@informatiq.org wrote: On Wed, Mar 30, 2011 at 2:19 AM, Serge E. Hallyn serge.hal...@ubuntu.comwrote: Quoting Ramez Hanna (rha...@informatiq.org): I have been working on a fedora template that actually works febootstrap is not anymore producing fedora rootfs but rather a minimal Really, febootstrap can't be used to create a rootfs at all any more? yes as mentioned here http://people.redhat.com/~rjones/febootstrap/ --quote-- febootstrap 3.x is a complete rewrite. febootstrap 2.x could only build Fedora distributions. This version can build many varieties of Linux distros. 3.x only builds supermin appliances, it does not build chroots. --unquote-- fedora appliance my solution works by using yum instead, but I am facing a really weired situation whenever i start my fedora container, it would actually try to change the init level of the host host is f14 and container is f14 could anyone shed some light on how the container is actually being isolated, so i can start from there or how can i debug? script used to create the container attached, it is based on the current template with a few modifications here and there Note that for me to use this template on ubuntu, I have to specify '-R 14', but lxc-create doesn't allow me to forward that option. So I have to first create the config file and then run fedora2 by hand. After that, for some reason I still have no actual rootfs :(. this is a typo in the script i fixed it, find the latest version attached As for trouble with init - is your fedora using systemd? How does it actually start runlevel changes? Upstart uses dbus over abstract unix socket (which is containerized with netns), sysvinit uses ioctl over /dev/init which is a distinct file from the one in the container... Does systemd do something we're not containerizing right now? fedora 14 uses upstart, not yet systemd which is coming along with fedora15 I have a previously created container with febootstrap of fedora 13 and that works, 13 also uses upstart so it must be some config i tried to diff the packages but couldn't see anything that makes sense I'd love to get a working fedora template. i'd love to be able to create new fedora containers thanks, -serge classic mistake forgot the attachment lxc-fedora.in Description: Binary data -- Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] fedora template
On Wed, Mar 30, 2011 at 7:58 PM, Serge E. Hallyn serge.hal...@ubuntu.comwrote: Quoting Justin Cormack (jus...@specialbusservice.com): On Wed, 2011-03-30 at 10:32 -0500, Serge E. Hallyn wrote: Quoting Justin Cormack (jus...@specialbusservice.com): This one didnt work... lxc.utsname = vm1 lxc.tty = 4 lxc.network.type = veth lxc.network.flags = up lxc.network.link = virbr0 lxc.network.hwaddr = 08:00:27:83:C4:82 lxc.network.ipv4 = 192.168.122.2 lxc.network.name = eth0 lxc.mount = /usr/lib/lxc/vm1/fstab lxc.rootfs = /usr/lib/lxc/vm1/rootfs Odd. Did you start this as root? Yes, just retested and behaving the same. If I get lxc-start to run /bin/bash instead of init (and then mount proc manually) it has brought up eth0 in the container on the right IP, and I can ping the other end, which suggests that it has got network namespaces. And netstat does not list anything. Which is rather confusing as it suggests everything is as expected. And exactly what distro/release/version are the container and host? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJNk2E5AAoJEHmllQITXQdF9mMIAJuBq8nQt6lSO7kBYo5KMsDt GNyQ0qtZwt1uzkEkzAVM9TGYGxBfMlVPZxnh20DO5O5ErpWWfB/n8mBwTqwh4//5 ngLPMbuWI60Godei/OCiR51f4V9tbd7S0gpL1Uty6uEEph01Qm81H9nPrHYEV9kc YORmVl+KlU0yFV58hOmU0WOmerydCgMiIPIXWW8WLIc8dg7X+h35UMAsg8lmAapr 2qVXfO7ocu980OZzJ8TunhV9oyKumaZ8aogK7dsSjhBCB7VDGCHZAnvs0Bz9YbNB jO4y7Lv1hK3x9SeChIvPwljywB2MA77GESWsS8G53af4sYG06sFQ34W+1laj4xU= =jw0k -END PGP SIGNATURE- -- Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users man it seems that enabling network in the container was the solution i wasn't enabling the network and that was getting my host's init affected i thought that if i didn't set network the container would not have network at all (soming from a kvm background) but it seems that if network is not defined at all in the lxc config then it will share the hosts's network, which would really screw things up -- Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] opensuse containers
On Thu, Apr 7, 2011 at 12:14 PM, Brian K. White br...@aljex.com wrote: On 4/7/2011 4:43 AM, Daniel Lezcano wrote: On 04/06/2011 09:07 PM, Ramez Hanna wrote: i have fixed the fedora script earlier when i needed fedora containers but now i need several opensuse containers, but my knowledge of opensuse isn't that deep did anyone create a lxc-opensuse? Nope, I created an opensuse container, so I know that works well but I didn't created the template. As far as I remember, it is very similar than the fedora container. Not really. I have a slightly out of date manual recipe here: http://en.opensuse.org/LXC opensuse has nothing like febootstrap which the fedora template relies on. The closest they have (without using an autoinst.xml) is zypper, but it still requires some user interaction no matter what. Much of the rest of the setup is different too. according to febootstrap developer and the thread with subject fedora template it is no longer usable in that way so i had created a different template using only yum so i beleive it could be done in the same way ith zypper i'll look into it I never made this into a template script because I hadn't yet decided if it was better to do this or do something based on an autoinst.xml instead. I follow this recipe myself when creating new containers if I'm not starting by copying a previously created container. It could be improved though. Some steps are unnecessary wrt the network config files in /etc, they just satisfy yast so the container looks more like a regular system to an admin who might use yast not realising he's even in a container. -- bkw -- Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] lxc on Fedora 15
I have failed to start a container on f15 although it worked fine on 14 here is the log ==snip [root@hovercraft boss]# cat lxc.log lxc-start 1306584262.160 DEBUG lxc_conf - allocated pty '/dev/pts/9' (4/5) lxc-start 1306584262.160 DEBUG lxc_conf - allocated pty '/dev/pts/10' (6/7) lxc-start 1306584262.160 DEBUG lxc_conf - allocated pty '/dev/pts/11' (8/9) lxc-start 1306584262.160 DEBUG lxc_conf - allocated pty '/dev/pts/12' (10/11) lxc-start 1306584262.160 INFO lxc_conf - tty's configured lxc-start 1306584262.160 ERROR lxc_caps - failed to cap_get_flag: Invalid argument lxc-start 1306584262.160 DEBUG lxc_console - using '/dev/tty' as console lxc-start 1306584262.160 DEBUG lxc_start - sigchild handler set lxc-start 1306584262.161 INFO lxc_start - 'boss' is initialized lxc-start 1306584262.161 ERROR lxc_namespace - failed to clone(0x6c02): Operation not permitted lxc-start 1306584262.161 ERROR lxc_start - Operation not permitted - failed to fork into a new namespace lxc-start 1306584262.161 ERROR lxc_start - failed to spawn 'boss' lxc-start 1306584262.161 DEBUG lxc_cgroup - using cgroup mounted at '/sys/fs/cgroup/systemd' lxc-start 1306584262.161 ERROR lxc_cgroup - No such file or directory - failed to remove cgroup '/sys/fs/cgroup/systemd/boss' == end mounts [root@hovercraft boss]# mount |grep cgroup tmpfs on /sys/fs/cgroup type tmpfs (rw,nosuid,nodev,noexec,relatime,mode=755) cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd) cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset) cgroup on /sys/fs/cgroup/ns type cgroup (rw,nosuid,nodev,noexec,relatime,ns) cgroup on /sys/fs/cgroup/cpu type cgroup (rw,nosuid,nodev,noexec,relatime,cpu) cgroup on /sys/fs/cgroup/cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpuacct) cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory) cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices) cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer) cgroup on /sys/fs/cgroup/net_cls type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls) cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio) it looks like lxc is trying to create the container's cgroup under systemd which seems to be the wrong location any leads on how can i debug further how does lxc find where cgroup is mounted? see bug https://bugzilla.redhat.com/show_bug.cgi?id=683667 -- vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] lxc-fedora
hi, here is my lxc-fedora script again based on request from Daniel Lezcano it has been tested to work on fedora and ubuntu hosts it was tested to create fedora 14 and 13 guests (not f15 yet) i had submitted it as a merge request earlier to gitorious repo lxc-mainline this script has extra args to the other scripts so it won't work directly through the lxc-create -t it can be modified to do that but i am not sure if i should spin off several ones with the release hardcoded in them like with debian/ubuntu templates -- BR RH lxc-fedora.in Description: Binary data -- vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] lxc on Fedora 15
On Sat, May 28, 2011 at 3:33 PM, Ramez Hanna rha...@informatiq.org wrote: I have failed to start a container on f15 although it worked fine on 14 here is the log ==snip [root@hovercraft boss]# cat lxc.log lxc-start 1306584262.160 DEBUG lxc_conf - allocated pty '/dev/pts/9' (4/5) lxc-start 1306584262.160 DEBUG lxc_conf - allocated pty '/dev/pts/10' (6/7) lxc-start 1306584262.160 DEBUG lxc_conf - allocated pty '/dev/pts/11' (8/9) lxc-start 1306584262.160 DEBUG lxc_conf - allocated pty '/dev/pts/12' (10/11) lxc-start 1306584262.160 INFO lxc_conf - tty's configured lxc-start 1306584262.160 ERROR lxc_caps - failed to cap_get_flag: Invalid argument lxc-start 1306584262.160 DEBUG lxc_console - using '/dev/tty' as console lxc-start 1306584262.160 DEBUG lxc_start - sigchild handler set lxc-start 1306584262.161 INFO lxc_start - 'boss' is initialized lxc-start 1306584262.161 ERROR lxc_namespace - failed to clone(0x6c02): Operation not permitted lxc-start 1306584262.161 ERROR lxc_start - Operation not permitted - failed to fork into a new namespace lxc-start 1306584262.161 ERROR lxc_start - failed to spawn 'boss' lxc-start 1306584262.161 DEBUG lxc_cgroup - using cgroup mounted at '/sys/fs/cgroup/systemd' lxc-start 1306584262.161 ERROR lxc_cgroup - No such file or directory - failed to remove cgroup '/sys/fs/cgroup/systemd/boss' == end mounts [root@hovercraft boss]# mount |grep cgroup tmpfs on /sys/fs/cgroup type tmpfs (rw,nosuid,nodev,noexec,relatime,mode=755) cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd) cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset) cgroup on /sys/fs/cgroup/ns type cgroup (rw,nosuid,nodev,noexec,relatime,ns) cgroup on /sys/fs/cgroup/cpu type cgroup (rw,nosuid,nodev,noexec,relatime,cpu) cgroup on /sys/fs/cgroup/cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpuacct) cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory) cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices) cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer) cgroup on /sys/fs/cgroup/net_cls type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls) cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio) it looks like lxc is trying to create the container's cgroup under systemd which seems to be the wrong location any leads on how can i debug further how does lxc find where cgroup is mounted? see bug https://bugzilla.redhat.com/show_bug.cgi?id=683667 upgraded to lxc-0.7.4.1-1.1.x86_64 [root@hovercraft ~]# lxc-start -n boss -l DEBUG -o log lxc-start: open /sys/fs/cgroup/systemd/boss/devices.deny : No such file or directory lxc-start: failed to setup the cgroups for 'boss' lxc-start: failed to setup the container lxc-start: invalid sequence number 1. expected 2 lxc-start: failed to spawn 'boss' [root@hovercraft ~]# cat log lxc-start 1306828803.471 DEBUG lxc_conf - allocated pty '/dev/pts/9' (4/5) lxc-start 1306828803.471 DEBUG lxc_conf - allocated pty '/dev/pts/10' (6/7) lxc-start 1306828803.471 DEBUG lxc_conf - allocated pty '/dev/pts/11' (8/9) lxc-start 1306828803.471 DEBUG lxc_conf - allocated pty '/dev/pts/12' (10/11) lxc-start 1306828803.471 INFO lxc_conf - tty's configured lxc-start 1306828803.471 DEBUG lxc_console - using '/dev/tty' as console lxc-start 1306828803.471 DEBUG lxc_start - sigchild handler set lxc-start 1306828803.471 INFO lxc_start - 'boss' is initialized lxc-start 1306828803.478 DEBUG lxc_cgroup - using cgroup mounted at '/sys/fs/cgroup/systemd' lxc-start 1306828803.479 DEBUG lxc_cgroup - cgroup flags is 0x2 lxc-start 1306828803.485 INFO lxc_conf - network has been setup lxc-start 1306828803.485 DEBUG lxc_conf - mounted '/var/lib/lxc/boss/rootfs' on '/usr/lib64/lxc/rootfs' lxc-start 1306828803.485 DEBUG lxc_conf - mounted 'proc' on '/usr/lib64/lxc/rootfs//proc', type 'proc' lxc-start 1306828803.486 DEBUG lxc_conf - mounted 'devpts' on '/usr/lib64/lxc/rootfs//dev/pts', type 'devpts' lxc-start 1306828803.486 DEBUG lxc_conf - mounted 'sysfs' on '/usr/lib64/lxc/rootfs//sys', type 'sysfs' lxc-start 1306828803.486 INFO lxc_conf - mount points have been setup lxc-start 1306828803.486 DEBUG lxc_cgroup - using cgroup mounted at '/sys/fs/cgroup/systemd' lxc-start 1306828803.486 ERROR lxc_cgroup - open /sys/fs/cgroup/systemd/boss/devices.deny : No such file or directory lxc-start 1306828803.486 ERROR lxc_conf - failed to setup the cgroups for 'boss' lxc-start 1306828803.486 ERROR lxc_start - failed to setup the container lxc-start 1306828803.486 ERROR lxc_sync - invalid sequence number 1. expected 2 lxc-start 1306828803.486 ERROR lxc_start - failed to spawn 'boss' lxc-start 1306828803.486 DEBUG lxc_cgroup - using cgroup mounted at '/sys/fs/cgroup/systemd' lxc-start 1306828803.491 DEBUG lxc_cgroup - '/sys
Re: [Lxc-users] lxc on Fedora 15
it seems that lxc cannot handle cgroups when capabilities are not all in the same mount it fails now because it cannot write the devices.deny in the cgroup if i comment out all the lxc.cgroup.devices lines in the config of the container then i can actually start it I would think that the way lxc identifies the cgroup mount might be the part that needs patching On Tue, May 31, 2011 at 11:00 AM, Ramez Hanna rha...@informatiq.org wrote: On Sat, May 28, 2011 at 3:33 PM, Ramez Hanna rha...@informatiq.orgwrote: I have failed to start a container on f15 although it worked fine on 14 here is the log ==snip [root@hovercraft boss]# cat lxc.log lxc-start 1306584262.160 DEBUG lxc_conf - allocated pty '/dev/pts/9' (4/5) lxc-start 1306584262.160 DEBUG lxc_conf - allocated pty '/dev/pts/10' (6/7) lxc-start 1306584262.160 DEBUG lxc_conf - allocated pty '/dev/pts/11' (8/9) lxc-start 1306584262.160 DEBUG lxc_conf - allocated pty '/dev/pts/12' (10/11) lxc-start 1306584262.160 INFO lxc_conf - tty's configured lxc-start 1306584262.160 ERROR lxc_caps - failed to cap_get_flag: Invalid argument lxc-start 1306584262.160 DEBUG lxc_console - using '/dev/tty' as console lxc-start 1306584262.160 DEBUG lxc_start - sigchild handler set lxc-start 1306584262.161 INFO lxc_start - 'boss' is initialized lxc-start 1306584262.161 ERROR lxc_namespace - failed to clone(0x6c02): Operation not permitted lxc-start 1306584262.161 ERROR lxc_start - Operation not permitted - failed to fork into a new namespace lxc-start 1306584262.161 ERROR lxc_start - failed to spawn 'boss' lxc-start 1306584262.161 DEBUG lxc_cgroup - using cgroup mounted at '/sys/fs/cgroup/systemd' lxc-start 1306584262.161 ERROR lxc_cgroup - No such file or directory - failed to remove cgroup '/sys/fs/cgroup/systemd/boss' == end mounts [root@hovercraft boss]# mount |grep cgroup tmpfs on /sys/fs/cgroup type tmpfs (rw,nosuid,nodev,noexec,relatime,mode=755) cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd) cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset) cgroup on /sys/fs/cgroup/ns type cgroup (rw,nosuid,nodev,noexec,relatime,ns) cgroup on /sys/fs/cgroup/cpu type cgroup (rw,nosuid,nodev,noexec,relatime,cpu) cgroup on /sys/fs/cgroup/cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpuacct) cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory) cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices) cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer) cgroup on /sys/fs/cgroup/net_cls type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls) cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio) it looks like lxc is trying to create the container's cgroup under systemd which seems to be the wrong location any leads on how can i debug further how does lxc find where cgroup is mounted? see bug https://bugzilla.redhat.com/show_bug.cgi?id=683667 upgraded to lxc-0.7.4.1-1.1.x86_64 [root@hovercraft ~]# lxc-start -n boss -l DEBUG -o log lxc-start: open /sys/fs/cgroup/systemd/boss/devices.deny : No such file or directory lxc-start: failed to setup the cgroups for 'boss' lxc-start: failed to setup the container lxc-start: invalid sequence number 1. expected 2 lxc-start: failed to spawn 'boss' [root@hovercraft ~]# cat log lxc-start 1306828803.471 DEBUG lxc_conf - allocated pty '/dev/pts/9' (4/5) lxc-start 1306828803.471 DEBUG lxc_conf - allocated pty '/dev/pts/10' (6/7) lxc-start 1306828803.471 DEBUG lxc_conf - allocated pty '/dev/pts/11' (8/9) lxc-start 1306828803.471 DEBUG lxc_conf - allocated pty '/dev/pts/12' (10/11) lxc-start 1306828803.471 INFO lxc_conf - tty's configured lxc-start 1306828803.471 DEBUG lxc_console - using '/dev/tty' as console lxc-start 1306828803.471 DEBUG lxc_start - sigchild handler set lxc-start 1306828803.471 INFO lxc_start - 'boss' is initialized lxc-start 1306828803.478 DEBUG lxc_cgroup - using cgroup mounted at '/sys/fs/cgroup/systemd' lxc-start 1306828803.479 DEBUG lxc_cgroup - cgroup flags is 0x2 lxc-start 1306828803.485 INFO lxc_conf - network has been setup lxc-start 1306828803.485 DEBUG lxc_conf - mounted '/var/lib/lxc/boss/rootfs' on '/usr/lib64/lxc/rootfs' lxc-start 1306828803.485 DEBUG lxc_conf - mounted 'proc' on '/usr/lib64/lxc/rootfs//proc', type 'proc' lxc-start 1306828803.486 DEBUG lxc_conf - mounted 'devpts' on '/usr/lib64/lxc/rootfs//dev/pts', type 'devpts' lxc-start 1306828803.486 DEBUG lxc_conf - mounted 'sysfs' on '/usr/lib64/lxc/rootfs//sys', type 'sysfs' lxc-start 1306828803.486 INFO lxc_conf - mount points have been setup lxc-start 1306828803.486 DEBUG lxc_cgroup - using cgroup mounted at '/sys/fs/cgroup/systemd' lxc-start 1306828803.486 ERROR lxc_cgroup - open /sys/fs/cgroup/systemd/boss
Re: [Lxc-users] lxc on Fedora 15
On Tue, May 31, 2011 at 2:07 PM, Daniel Lezcano daniel.lezc...@free.frwrote: On 05/31/2011 12:33 PM, Ramez Hanna wrote: it seems that lxc cannot handle cgroups when capabilities are not all in the same mount it fails now because it cannot write the devices.deny in the cgroup if i comment out all the lxc.cgroup.devices lines in the config of the container then i can actually start it I would think that the way lxc identifies the cgroup mount might be the part that needs patching Thanks for investigating. The main problem is lxc is cgroup agnostic, so we should find a solution where we don't break that. Maybe one solution would be to collect all the mount points found for the cgroup and try to find the right path when writing or reading from one cgroup file. that is what i had in mind, tried looking into the code but my C skills are next to zero Does systemd run lxc within a cgroup which is not the root cgroup ? the lxc-start command would run under $user/master/ (/sys/fs/cgroup/systemd/$user/$master) and the container itself would run under $container_name (/sys/fs/cgroup/systemd/$container_name) so it would run the container in the root cgroup -- Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Data protection magic? Nope - It's vRanger. Get your free trial download today. http://p.sf.net/sfu/quest-sfdev2dev___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] lxc on Fedora 15
On Tue, May 31, 2011 at 2:54 PM, Daniel Lezcano daniel.lezc...@free.frwrote: On 05/31/2011 01:44 PM, Ramez Hanna wrote: On Tue, May 31, 2011 at 2:07 PM, Daniel Lezcanodaniel.lezc...@free.fr wrote: On 05/31/2011 12:33 PM, Ramez Hanna wrote: it seems that lxc cannot handle cgroups when capabilities are not all in the same mount it fails now because it cannot write the devices.deny in the cgroup if i comment out all the lxc.cgroup.devices lines in the config of the container then i can actually start it I would think that the way lxc identifies the cgroup mount might be the part that needs patching Thanks for investigating. The main problem is lxc is cgroup agnostic, so we should find a solution where we don't break that. Maybe one solution would be to collect all the mount points found for the cgroup and try to find the right path when writing or reading from one cgroup file. that is what i had in mind, tried looking into the code but my C skills are next to zero Does systemd run lxc within a cgroup which is not the root cgroup ? the lxc-start command would run under $user/master/ (/sys/fs/cgroup/systemd/$user/$master) and the container itself would run under $container_name (/sys/fs/cgroup/systemd/$container_name) so it would run the container in the root cgroup ouch ! I have to install systemd on a test machine to check how systemd plays with the cgroup. I don't think the cgroup created by lxc should escape the cgroup the command is assigned to. if there is anything i can investigate for you just let me know -- Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Data protection magic? Nope - It's vRanger. Get your free trial download today. http://p.sf.net/sfu/quest-sfdev2dev___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] [Patch ] lxc-fedora.in
On Mon, May 30, 2011 at 11:00 AM, Daniel Lezcano daniel.lezc...@free.frwrote: On 05/30/2011 09:32 AM, Ramez Hanna wrote: hi, here is my lxc-fedora script again based on request from Daniel Lezcano it has been tested to work on fedora and ubuntu hosts it was tested to create fedora 14 and 13 guests (not f15 yet) i had submitted it as a merge request earlier to gitorious repo lxc-mainline this script has extra args to the other scripts so it won't work directly through the lxc-create -t it can be modified to do that but i am not sure if i should spin off several ones with the release hardcoded in them like with debian/ubuntu templates Yep, there is a some work to do with the ubuntu templates to factor the code. I would suggest you default to one fedora version if no release version is specified. I inlined the code in the email so it will be easier to review. Please in the future make sure the patch is inlined and conforming to the CONTRIBUTING patch submit, that is with the author, subject and signed-off-by. #!/bin/bash # # template script for generating fedora container for LXC # # # lxc: linux Container library # Authors: # Daniel Lezcano daniel.lezc...@free.fr # Ramez Hanna rha...@informatiq.org # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #Configurations arch=$(arch) cache_base=/var/cache/lxc/fedora/$arch shouldn't it be /var/cache/lxc/$release/$arch ? no because later cache=$cache_base/$release when release is actually known default_path=/var/lib/lxc root_password=rooter lxc_network_type=veth lxc_network_link=virbr0 # is this fedora? [ -f /etc/fedora-release ] is_fedora=true configure_fedora() { # disable selinux in fedora mkdir -p $rootfs_path/selinux echo 0 $rootfs_path/selinux/enforce # configure the network using the dhcp cat EOF ${rootfs_path}/etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 BOOTPROTO=dhcp ONBOOT=yes HOSTNAME=${UTSNAME} NM_CONTROLLED=no TYPE=Ethernet MTU=${MTU} EOF # set the hostname cat EOF ${rootfs_path}/etc/sysconfig/network NETWORKING=yes HOSTNAME=${UTSNAME} EOF # set minimal hosts cat EOF $rootfs_path/etc/hosts 127.0.0.1 localhost $name EOF sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.sysinit sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.d/rc.sysinit chroot ${rootfs_path} chkconfig udev-post off chroot ${rootfs_path} chkconfig network on dev_path=${rootfs_path}/dev rm -rf $dev_path mkdir -p $dev_path mknod -m 666 ${dev_path}/null c 1 3 mknod -m 666 ${dev_path}/zero c 1 5 mknod -m 666 ${dev_path}/random c 1 8 mknod -m 666 ${dev_path}/urandom c 1 9 mkdir -m 755 ${dev_path}/pts mkdir -m 1777 ${dev_path}/shm mknod -m 666 ${dev_path}/tty c 5 0 mknod -m 666 ${dev_path}/tty0 c 4 0 mknod -m 666 ${dev_path}/tty1 c 4 1 mknod -m 666 ${dev_path}/tty2 c 4 2 mknod -m 666 ${dev_path}/tty3 c 4 3 mknod -m 666 ${dev_path}/tty4 c 4 4 mknod -m 600 ${dev_path}/console c 5 1 mknod -m 666 ${dev_path}/full c 1 7 mknod -m 600 ${dev_path}/initctl p mknod -m 666 ${dev_path}/ptmx c 5 2 echo setting root passwd to $root_password echo root:$root_password | chroot $rootfs_path chpasswd return 0 } download_fedora() { # check the mini fedora was not already downloaded INSTALL_ROOT=$cache/partial mkdir -p $INSTALL_ROOT if [ $? -ne 0 ]; then echo Failed to create '$INSTALL_ROOT' directory return 1 fi # download a mini fedora into a cache echo Downloading fedora minimal ... YUM=yum --installroot $INSTALL_ROOT -y --nogpgcheck PKG_LIST=yum initscripts passwd rsyslog vim-minimal dhclient chkconfig rootfiles policycoreutils RELEASE_URL= http://ftp.funet.fi/pub/mirrors/fedora.redhat.com/pub/fedora/linux/releases/$release/Everything/x86_64/os/Packages/fedora-release-$release-1.noarch.rpm s/x86_64/$arch ? curl $RELEASE_URL $INSTALL_ROOT/fedora-release-$release.noarch.rpm mkdir -p $INSTALL_ROOT/var/lib/rpm rpm --root $INSTALL_ROOT --initdb rpm --root $INSTALL_ROOT -ivh $INSTALL_ROOT/fedora-release-$release.noarch.rpm $YUM install $PKG_LIST if [ $? -ne 0 ]; then echo Failed to download the rootfs, aborting
Re: [Lxc-users] lxc on Fedora 15
On Tue, May 31, 2011 at 5:38 PM, Serge Hallyn serge.hal...@canonical.comwrote: Quoting Daniel Lezcano (daniel.lezc...@free.fr): On 05/31/2011 01:44 PM, Ramez Hanna wrote: On Tue, May 31, 2011 at 2:07 PM, Daniel Lezcanodaniel.lezc...@free.fr wrote: On 05/31/2011 12:33 PM, Ramez Hanna wrote: it seems that lxc cannot handle cgroups when capabilities are not all in the same mount it fails now because it cannot write the devices.deny in the cgroup if i comment out all the lxc.cgroup.devices lines in the config of the container then i can actually start it I would think that the way lxc identifies the cgroup mount might be the part that needs patching Thanks for investigating. The main problem is lxc is cgroup agnostic, so we should find a solution where we don't break that. Maybe one solution would be to collect all the mount points found for the cgroup and try to find the right path when writing or reading from one cgroup file. that is what i had in mind, tried looking into the code but my C skills are next to zero Does systemd run lxc within a cgroup which is not the root cgroup ? the lxc-start command would run under $user/master/ (/sys/fs/cgroup/systemd/$user/$master) and the container itself would run under $container_name (/sys/fs/cgroup/systemd/$container_name) so it would run the container in the root cgroup ouch ! I have to install systemd on a test machine to check how systemd plays with the cgroup. I don't think the cgroup created by lxc should escape the cgroup the command is assigned to. Another similar - and easier to setup - thing we need to address is running on a system with libcgroup installed. For both, I assume it'll basically come down to: 1. figure out the path of the cgroup we are in for each cgroup we care about 2. create new child cgroup for ourselves in each of the above paths whic is unique 3. track those through the lifetime of the container So it just slightly complicates what's being done now. -serge how does libcgroup change things? does it also mount cgroup on different points ? -- Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Data protection magic? Nope - It's vRanger. Get your free trial download today. http://p.sf.net/sfu/quest-sfdev2dev___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] sysctl and lxc
On Sat, Jun 4, 2011 at 7:26 PM, Permjacov Evgeniy permea...@gmail.comwrote: Hello! I'm running several containers on my box. One of them has postgresql installed. When I read postgresql administration parametres, I found suggestion to tune some parametres in sysctl.conf, such as kernel.shmmax=17179869184kernel.shmall=4194304vm.overcommit_memory=2 Should I set this parametres in guest's sysctl.con or in host's one and will first choise affect only the container, entire system or has no effect? -- Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Discover what all the cheering's about. Get your free trial download today. http://p.sf.net/sfu/quest-dev2dev2 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users sinse containers share the same kernel then i don't think u can set it per container even if you set it in the container it will afffect the host (in the case of bind mounting proc) -- Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Discover what all the cheering's about. Get your free trial download today. http://p.sf.net/sfu/quest-dev2dev2 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] rant: Debian template
i had noticed that and avoided it in the lxc-fedora template which takes an argument --release it should be done the same for debian for ubuntu they provide multiple template files with the suite hardcoded to something different it should be trivial, but again is that the only difference or there are other config lines that are changed? On Tue, Jun 21, 2011 at 12:40 PM, Tzafrir Cohen tzafrir.co...@xorcom.comwrote: Hi Anybody actually uses the Debian template? I tried to figure out how I can pass a suite parameter to it, only to see that * The parameter is hardwired (to an obsolete value: http://bugs.debian.org/600456 ) * the script does not pass any custom argumets to the template script, so I'm not encourged to make it a parameter. Compare that to 'vserver build': http://linux-vserver.org/Building_Guest_Systems If this bug is open for so long, I suspect most users don't really use those templates. Am I right? What do you use to set up a new Debian system? And a general rant: no IRC channel to ask questions on, and no link to the mailing list from http://lxc.sourceforge.net (the page mentioned as Homepage of the package on my package manager). Cheers, -- Tzafrir Cohen icq#16849755 jabber:tzafrir.co...@xorcom.com +972-50-7952406 mailto:tzafrir.co...@xorcom.com http://www.xorcom.com iax:gu...@local.xorcom.com/tzafrir -- EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Latest test results - Was: cgroups: support cgroups mounted in multiple places (v3)
where can i get that patched code? should i clone master? On Mon, Jul 4, 2011 at 1:47 AM, Daniel Lezcano daniel.lezc...@free.frwrote: On 07/02/2011 07:28 PM, Michael H. Warfield wrote: Hey all... So my testing has continued and I've now regression tested the v3 patch and extended my testing. Looks like, over all, everything came together nicely. I'd ack that... [ ... ] IAC... The v3 patch does no harm to existing, working, cases and certainly covers the systemd case with F15 and that multipoint mount on /sys/fs/cgroup. The lxc stuff is broken on F15 without it. That's an important step forward and needs to be pushed. Not sure what the deal is here above with the libcgroup cgconfig service enabled on F14 (maybe I'm doing something wrong) but that should not be a show stopper as a mount point in fstab deals with that situation nicely. I'd like to see this applied ASAP and a turn cranked on the revision handle as this is needed for F15 and beyond. Great ! Thanks Michael for testing. Applied. -- Daniel -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Latest test results - Was: cgroups: support cgroups mounted in multiple places (v3)
here is an rpm build for latest master (bcbd102cba31a0054fe4204a39b5e8a411cde42f) http://download.opensuse.org/repositories/home:/ramezhanna/Fedora_15/ for those who want to test on f15 I will keep following master so keep an eye here for updates as well On Thu, Jul 7, 2011 at 4:08 PM, Michael H. Warfield m...@wittsend.comwrote: On Wed, 2011-07-06 at 14:06 +0300, Ramez Hanna wrote: where can i get that patched code? should i clone master? Yeah, that would be one way. Daniel checked it into git. So building from git is probably the best way. It hasn't popped out into a release yet. Maybe soon. His shot to call. On Mon, Jul 4, 2011 at 1:47 AM, Daniel Lezcano daniel.lezc...@free.fr wrote: On 07/02/2011 07:28 PM, Michael H. Warfield wrote: Hey all... So my testing has continued and I've now regression tested the v3 patch and extended my testing. Looks like, over all, everything came together nicely. I'd ack that... [ ... ] IAC... The v3 patch does no harm to existing, working, cases and certainly covers the systemd case with F15 and that multipoint mount on /sys/fs/cgroup. The lxc stuff is broken on F15 without it. That's an important step forward and needs to be pushed. Not sure what the deal is here above with the libcgroup cgconfig service enabled on F14 (maybe I'm doing something wrong) but that should not be a show stopper as a mount point in fstab deals with that situation nicely. I'd like to see this applied ASAP and a turn cranked on the revision handle as this is needed for F15 and beyond. Great ! Thanks Michael for testing. Applied. -- Daniel Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF| possible worlds. A pessimist is sure of it! -- AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on Lean Startup Secrets Revealed. This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Latest test results - Was: cgroups: support cgroups mounted in multiple places (v3)
tested f14 and debian squeeze containers on f15 host (systemd) lxc-ps returns nothing for running container [root@lxc ~]# lxc-info --name=f14 'f14' is RUNNING [root@lxc ~]# lxc-ps --name=f14 CONTAINERPID TTY TIME CMD [root@lxc ~]# used lxc from master built a few days ago (haven't seen any change in master since then) On Thu, Jul 14, 2011 at 12:38 AM, Ramez Hanna rha...@informatiq.org wrote: here is an rpm build for latest master (bcbd102cba31a0054fe4204a39b5e8a411cde42f) http://download.opensuse.org/repositories/home:/ramezhanna/Fedora_15/ for those who want to test on f15 I will keep following master so keep an eye here for updates as well On Thu, Jul 7, 2011 at 4:08 PM, Michael H. Warfield m...@wittsend.comwrote: On Wed, 2011-07-06 at 14:06 +0300, Ramez Hanna wrote: where can i get that patched code? should i clone master? Yeah, that would be one way. Daniel checked it into git. So building from git is probably the best way. It hasn't popped out into a release yet. Maybe soon. His shot to call. On Mon, Jul 4, 2011 at 1:47 AM, Daniel Lezcano daniel.lezc...@free.fr wrote: On 07/02/2011 07:28 PM, Michael H. Warfield wrote: Hey all... So my testing has continued and I've now regression tested the v3 patch and extended my testing. Looks like, over all, everything came together nicely. I'd ack that... [ ... ] IAC... The v3 patch does no harm to existing, working, cases and certainly covers the systemd case with F15 and that multipoint mount on /sys/fs/cgroup. The lxc stuff is broken on F15 without it. That's an important step forward and needs to be pushed. Not sure what the deal is here above with the libcgroup cgconfig service enabled on F14 (maybe I'm doing something wrong) but that should not be a show stopper as a mount point in fstab deals with that situation nicely. I'd like to see this applied ASAP and a turn cranked on the revision handle as this is needed for F15 and beyond. Great ! Thanks Michael for testing. Applied. -- Daniel Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF| possible worlds. A pessimist is sure of it! -- AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on Lean Startup Secrets Revealed. This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Latest test results - Was: cgroups: support cgroups mounted in multiple places (v3)
On Fri, Jul 15, 2011 at 5:38 PM, Michael H. Warfield m...@wittsend.comwrote: On Fri, 2011-07-15 at 17:25 +0300, Ramez Hanna wrote: tested f14 and debian squeeze containers on f15 host (systemd) lxc-ps returns nothing for running container Confirmed broken for F14 container on F15 host. Working on F14 container on F14 host. I wonder what would be the difference between f14 and f15 in regards to the layout of cgroups that makes it work on f14 (libcgroup) and not f15(systemd) Another point on the curve. lxc-ps -A On F15 host shows all the processes but container names are missing. I confirm that On F14 host shows all the processes with correct container names. Regards, Mike [root@lxc ~]# lxc-info --name=f14 'f14' is RUNNING [root@lxc ~]# lxc-ps --name=f14 CONTAINERPID TTY TIME CMD [root@lxc ~]# used lxc from master built a few days ago (haven't seen any change in master since then) On Thu, Jul 14, 2011 at 12:38 AM, Ramez Hanna rha...@informatiq.org wrote: here is an rpm build for latest master (bcbd102cba31a0054fe4204a39b5e8a411cde42f) http://download.opensuse.org/repositories/home:/ramezhanna/Fedora_15/ for those who want to test on f15 I will keep following master so keep an eye here for updates as well On Thu, Jul 7, 2011 at 4:08 PM, Michael H. Warfield m...@wittsend.com wrote: On Wed, 2011-07-06 at 14:06 +0300, Ramez Hanna wrote: where can i get that patched code? should i clone master? Yeah, that would be one way. Daniel checked it into git. So building from git is probably the best way. It hasn't popped out into a release yet. Maybe soon. His shot to call. On Mon, Jul 4, 2011 at 1:47 AM, Daniel Lezcano daniel.lezc...@free.fr wrote: On 07/02/2011 07:28 PM, Michael H. Warfield wrote: Hey all... So my testing has continued and I've now regression tested the v3 patch and extended my testing. Looks like, over all, everything came together nicely. I'd ack that... [ ... ] IAC... The v3 patch does no harm to existing, working, cases and certainly covers the systemd case with F15 and that multipoint mount on /sys/fs/cgroup. The lxc stuff is broken on F15 without it. That's an important step forward and needs to be pushed. Not sure what the deal is here above with the libcgroup cgconfig service enabled on F14 (maybe I'm doing something wrong) but that should not be a show stopper as a mount point in fstab deals with that situation nicely. I'd like to see this applied ASAP and a turn cranked on the revision handle as this is needed for F15 and beyond. Great ! Thanks Michael for testing. Applied. -- Daniel Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF| possible worlds. A pessimist is sure of it! -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF| possible worlds. A pessimist is sure of it! -- AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on Lean Startup Secrets Revealed. This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] fedora template
On Wed, Mar 30, 2011 at 2:19 AM, Serge E. Hallyn serge.hal...@ubuntu.comwrote: Quoting Ramez Hanna (rha...@informatiq.org): I have been working on a fedora template that actually works febootstrap is not anymore producing fedora rootfs but rather a minimal Really, febootstrap can't be used to create a rootfs at all any more? fedora appliance my solution works by using yum instead, but I am facing a really weired situation whenever i start my fedora container, it would actually try to change the init level of the host host is f14 and container is f14 could anyone shed some light on how the container is actually being isolated, so i can start from there or how can i debug? script used to create the container attached, it is based on the current template with a few modifications here and there Note that for me to use this template on ubuntu, I have to specify '-R 14', but lxc-create doesn't allow me to forward that option. So I have to first create the config file and then run fedora2 by hand. After that, for some reason I still have no actual rootfs :(. As for trouble with init - is your fedora using systemd? How does it actually start runlevel changes? Upstart uses dbus over abstract unix socket (which is containerized with netns), sysvinit uses ioctl over /dev/init which is a distinct file from the one in the container... Does systemd do something we're not containerizing right now? FYI I was told on the irc channel that systemd uses /run , so it should be isolated by default although i am facing that issue that my guest is interfering with my host on f15 still debugging I'd love to get a working fedora template. thanks, -serge -- AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on Lean Startup Secrets Revealed. This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] what's the difference in lxc-attach
On Fri, Jul 15, 2011 at 6:04 PM, Michael H. Warfield m...@wittsend.comwrote: On Fri, 2011-07-15 at 17:50 +0300, Ramez Hanna wrote: how can i check if lxc-attach is not working because of the kernel or because of other bug? On Thu, Apr 7, 2011 at 10:09 AM, Cedric Le Goater legoa...@free.fr wrote: On 04/07/2011 07:46 AM, Ramez Hanna wrote: from a post that i found earlier in the archive subject entering a container by Daniel Lezcano i cannot see the differece between lxc-attach and lxc-execute could someone explain? lxc-execute creates a container and exec's a command/application inside it (see manual). lxc-attach enters a *running* container and exec's a command inside it (manual soon to come). This ability of creating an exogenous process inside a container requires a kernel patchset. Has that patch set even made it into a release? If so, what version is it in and what version are you running. It does not work on my F15 system with a 2.6.38 kernel. If it has not made it into a released kernel, have you built a custom kernel with it? I don't know about that patch, so hence my question if there is anyway to know from the host if that capability is available C. Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF| possible worlds. A pessimist is sure of it! -- AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on Lean Startup Secrets Revealed. This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] what's the difference in lxc-attach
On Fri, Jul 15, 2011 at 7:28 PM, Michael H. Warfield m...@wittsend.comwrote: On Fri, 2011-07-15 at 18:36 +0300, Ramez Hanna wrote: On Fri, Jul 15, 2011 at 6:04 PM, Michael H. Warfield m...@wittsend.com wrote: On Fri, 2011-07-15 at 17:50 +0300, Ramez Hanna wrote: how can i check if lxc-attach is not working because of the kernel or because of other bug? On Thu, Apr 7, 2011 at 10:09 AM, Cedric Le Goater legoa...@free.fr wrote: On 04/07/2011 07:46 AM, Ramez Hanna wrote: from a post that i found earlier in the archive subject entering a container by Daniel Lezcano i cannot see the differece between lxc-attach and lxc-execute could someone explain? lxc-execute creates a container and exec's a command/application inside it (see manual). lxc-attach enters a *running* container and exec's a command inside it (manual soon to come). This ability of creating an exogenous process inside a container requires a kernel patchset. Has that patch set even made it into a release? If so, what version is it in and what version are you running. It does not work on my F15 system with a 2.6.38 kernel. If it has not made it into a released kernel, have you built a custom kernel with it? I don't know about that patch, so hence my question if there is anyway to know from the host if that capability is available From what I can tell, based on some threads from back in March, the patchset has not been merged into the upstream kernel at this time and is almost certainly NOT in 2.6.38.*. I'm currently running Fedora 15 2.6.38.8-32.fc15.x86_64 which does not have the patch and lxc-attach gives this error: [root@forest Alcove]# lxc-attach --name Alcove lxc-attach: Does this kernel version support 'attach' ? lxc-attach: failed to enter the namespace That's probably about the best answer you're going to get. From what I can tell, the last patchset is here: http://lxc.sourceforge.net/patches/linux/2.6.38/ If you want it, you're probably going to have to build yourself a custom kernel with it patched in. Some of the patches have been merged into the upstream kernel but it's not clear to me if we'll have to wait for 3.0 to be released to see them but I suspect that to be the case. We're currently sitting at 3.0-rc7 on that one. 2.6.39.3 is released and stable nut I have no clue what's in there. 2.6.38 is currently at 2.6.38.8, which is what we see in F15 so it is what it is. C. Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF| possible worlds. A pessimist is sure of it! thanks a lot for the detailed answer by the way have you been succesfull in starting a f15 container on your f15? I have been debuggin for 2 hours now when i start f15 container it screws my host by interfering with my hosts's systemd which somehow doesn't make sense and when i use systemd-nspawn i get a bunch of errors and the system doesn't finish starting here is a paste of systemd log from systemd-nspawn session http://pastie.org/2218625 -- AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on Lean Startup Secrets Revealed. This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] what's the difference in lxc-attach
On Fri, Jul 15, 2011 at 8:07 PM, Michael H. Warfield m...@wittsend.comwrote: On Fri, 2011-07-15 at 19:41 +0300, Ramez Hanna wrote: On Fri, Jul 15, 2011 at 7:28 PM, Michael H. Warfield m...@wittsend.com wrote: On Fri, 2011-07-15 at 18:36 +0300, Ramez Hanna wrote: On Fri, Jul 15, 2011 at 6:04 PM, Michael H. Warfield m...@wittsend.com wrote: On Fri, 2011-07-15 at 17:50 +0300, Ramez Hanna wrote: how can i check if lxc-attach is not working because of the kernel or because of other bug? On Thu, Apr 7, 2011 at 10:09 AM, Cedric Le Goater legoa...@free.fr wrote: On 04/07/2011 07:46 AM, Ramez Hanna wrote: from a post that i found earlier in the archive subject entering a container by Daniel Lezcano i cannot see the differece between lxc-attach and lxc-execute could someone explain? lxc-execute creates a container and exec's a command/application inside it (see manual). lxc-attach enters a *running* container and exec's a command inside it (manual soon to come). This ability of creating an exogenous process inside a container requires a kernel patchset. Has that patch set even made it into a release? If so, what version is it in and what version are you running. It does not work on my F15 system with a 2.6.38 kernel. If it has not made it into a released kernel, have you built a custom kernel with it? I don't know about that patch, so hence my question if there is anyway to know from the host if that capability is available From what I can tell, based on some threads from back in March, the patchset has not been merged into the upstream kernel at this time and is almost certainly NOT in 2.6.38.*. I'm currently running Fedora 15 2.6.38.8-32.fc15.x86_64 which does not have the patch and lxc-attach gives this error: [root@forest Alcove]# lxc-attach --name Alcove lxc-attach: Does this kernel version support 'attach' ? lxc-attach: failed to enter the namespace That's probably about the best answer you're going to get. From what I can tell, the last patchset is here: http://lxc.sourceforge.net/patches/linux/2.6.38/ If you want it, you're probably going to have to build yourself a custom kernel with it patched in. Some of the patches have been merged into the upstream kernel but it's not clear to me if we'll have to wait for 3.0 to be released to see them but I suspect that to be the case. We're currently sitting at 3.0-rc7 on that one. 2.6.39.3 is released and stable nut I have no clue what's in there. 2.6.38 is currently at 2.6.38.8, which is what we see in F15 so it is what it is. C. Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF| possible worlds. A pessimist is sure of it! thanks a lot for the detailed answer by the way have you been succesfull in starting a f15 container on your f15? I have been debuggin for 2 hours now when i start f15 container it screws my host by interfering with my hosts's systemd which somehow doesn't make sense and when i use systemd-nspawn i get a bunch of errors and the system doesn't finish starting here is a paste of systemd log from systemd-nspawn session http://pastie.org/2218625 I haven't tried it yet. Will see what I can do. Couple of quick questions. 1) You say it screws your host if you don't uses nospawn. What happens? host console is not useable, random issues around missing characters when i type unable to login on other terminals because i cannot type and i see so many systemd logs on the console 2) Have you disabled the sys_admin cap by dropping it in that container? I find that causes me all sorts of grief. i will try that 3) Was this a fresh template build or did you upgrade an F14 machine to F15 (I was going to use yum --releasever=15 distro-sync in one of my running F14 containers). yes fresh install Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF| possible worlds. A pessimist is sure of it! -- AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on Lean Startup Secrets Revealed. This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu
Re: [Lxc-users] what's the difference in lxc-attach
On Sat, Jul 16, 2011 at 8:27 PM, Michael H. Warfield m...@wittsend.comwrote: On Fri, 2011-07-15 at 20:17 +0300, Ramez Hanna wrote: Big Snip thanks a lot for the detailed answer by the way have you been succesfull in starting a f15 container on your f15? I now have an F15 container working. I have been debuggin for 2 hours now when i start f15 container it screws my host by interfering with my hosts's systemd which somehow doesn't make sense and when i use systemd-nspawn i get a bunch of errors and the system doesn't finish starting here is a paste of systemd log from systemd-nspawn session http://pastie.org/2218625 I haven't tried it yet. Will see what I can do. Couple of quick questions. 1) You say it screws your host if you don't uses nospawn. What happens? host console is not useable, random issues around missing characters when i type unable to login on other terminals because i cannot type and i see so many systemd logs on the console I have a very strong suspicion that systemd is not going to be compatible with running in a container because it wants to set up and managed cgroups in the container which it can not do. When I try to start it with systemd, the first process doesn't even seem to come up (number of tasks is 0) and then the host can not remove the container even after I've done an lxc-stop on it. But that's when I'm logged in and running lxc-start from an ssh terminal Window. If I start it from a real ttyX console then I get all sorts of startup messages from the container and the consoles are hosed up like the console in the container has gotten crosswise with the console in the host. Things try to initialize but all sorts of things time out and eventually I have to reset the host with an Magic SysRq sequence. Gave up on systemd. 2) Have you disabled the sys_admin cap by dropping it in that container? I find that causes me all sorts of grief. i will try that Don't. It wouldn't do any good and causes lots of other problems (for me at least). 3) Was this a fresh template build or did you upgrade an F14 machine to F15 (I was going to use yum --releasever=15 distro-sync in one of my running F14 containers). yes fresh install Here's what I've done and now gotten an F15 container to work. I started out with an F14 container and upgraded it to F15 using the yum --releasever=15 distro-sync method. I was able to reproduce your problems above and thought there may be some conflicts over cgroups so I decided to disable systemd. If it's not present (it wasn't for me) install upstart into the container from the host using yum --installroot={your VM root} upstart. Next cd to {your VM root}/sbin and rm init (which is symlinked to ../bin/systemd) and symlink it to upstart (which is in sbin). This got me almost there. The machine was starting but I was having your funky console problem and I realized (largely because I'm working on other related problems) that it was the ptmx device causing this. It was mapping incorrectly. So, cd to {your VM root}/dev and rm ptmx if it's a hard device and not a symlink. Then symlink pts/ptmx to ptmx. If you started with some sort of template, this may already be done and you may not run into this problem at all. Now you should be able to fire your F15 container up. Also find the lines in /etc/init.d/halt that remount file systems ro or you'll screw your /dev/pts fs in the host when you shut that container down or reboot it (and, no, newinstance is not helping with that problem). Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF| possible worlds. A pessimist is sure of it! it is very clear to me that systemd is interfering with the host's systemd your solution of running f15 is not much different than running a f14 container (as systemd is the major diff) systemd-nspawn can start systemd inside a light weight container i think the problem is related to the fact that when lxc starts teh cgroup is on the root of the tree while it should have been under the user's tree maybe serge can say somethiing about this -- AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on Lean Startup Secrets Revealed. This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] what's the difference in lxc-attach
On Sun, Jul 17, 2011 at 2:25 AM, Michael H. Warfield m...@wittsend.comwrote: On Sat, 2011-07-16 at 23:59 +0300, Ramez Hanna wrote: On Sat, Jul 16, 2011 at 8:27 PM, Michael H. Warfield m...@wittsend.com wrote: On Fri, 2011-07-15 at 20:17 +0300, Ramez Hanna wrote: Big Snip thanks a lot for the detailed answer by the way have you been succesfull in starting a f15 container on your f15? I now have an F15 container working. I have been debuggin for 2 hours now when i start f15 container it screws my host by interfering with my hosts's systemd which somehow doesn't make sense and when i use systemd-nspawn i get a bunch of errors and the system doesn't finish starting here is a paste of systemd log from systemd-nspawn session http://pastie.org/2218625 I haven't tried it yet. Will see what I can do. Couple of quick questions. 1) You say it screws your host if you don't uses nospawn. What happens? host console is not useable, random issues around missing characters when i type unable to login on other terminals because i cannot type and i see so many systemd logs on the console I have a very strong suspicion that systemd is not going to be compatible with running in a container because it wants to set up and managed cgroups in the container which it can not do. When I try to start it with systemd, the first process doesn't even seem to come up (number of tasks is 0) and then the host can not remove the container even after I've done an lxc-stop on it. But that's when I'm logged in and running lxc-start from an ssh terminal Window. If I start it from a real ttyX console then I get all sorts of startup messages from the container and the consoles are hosed up like the console in the container has gotten crosswise with the console in the host. Things try to initialize but all sorts of things time out and eventually I have to reset the host with an Magic SysRq sequence. Gave up on systemd. 2) Have you disabled the sys_admin cap by dropping it in that container? I find that causes me all sorts of grief. i will try that Don't. It wouldn't do any good and causes lots of other problems (for me at least). 3) Was this a fresh template build or did you upgrade an F14 machine to F15 (I was going to use yum --releasever=15 distro-sync in one of my running F14 containers). yes fresh install Here's what I've done and now gotten an F15 container to work. I started out with an F14 container and upgraded it to F15 using the yum --releasever=15 distro-sync method. I was able to reproduce your problems above and thought there may be some conflicts over cgroups so I decided to disable systemd. If it's not present (it wasn't for me) install upstart into the container from the host using yum --installroot={your VM root} upstart. Next cd to {your VM root}/sbin and rm init (which is symlinked to ../bin/systemd) and symlink it to upstart (which is in sbin). This got me almost there. The machine was starting but I was having your funky console problem and I realized (largely because I'm working on other related problems) that it was the ptmx device causing this. It was mapping incorrectly. So, cd to {your VM root}/dev and rm ptmx if it's a hard device and not a symlink. Then symlink pts/ptmx to ptmx. If you started with some sort of template, this may already be done and you may not run into this problem at all. Now you should be able to fire your F15 container up. Also find the lines in /etc/init.d/halt that remount file systems ro or you'll screw your /dev/pts fs in the host when you shut that container down or reboot it (and, no, newinstance is not helping with that problem). Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF| possible worlds. A pessimist is sure of it! it is very clear to me that systemd is interfering with the host's systemd your solution of running f15 is not much different than running a f14 container (as systemd is the major diff) systemd-nspawn can start systemd inside a light weight container i think the problem is related to the fact that when lxc starts teh cgroup is on the root of the tree while it should have been under the user's tree I'm not so sure I understand what you mean by that last line. What user's tree are you referring to? in f15 systemd whenever a user starts a process it looks like this ├ user │ ├ root
Re: [Lxc-users] mount from outside of a container online
i am not sure as far as i understand the rootfs location you setup is not what is used by the container i think it does mount it under another path, /usr/lib64/lxc/rootfs/ which is in a seperate namespacce, hence only visible to the process or something like that not sure if this is helpful or no On Mon, Jul 18, 2011 at 6:07 PM, Papp Tamas tom...@martos.bme.hu wrote: On 2011-07-16 19:41, Papp Tamas wrote: hi! Is it possible somehow? I'd like to bind mount a directory into a container and also I'd like to avoid restarting it. Does this mean, it's not possible? Thank you, tamas -- AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on Lean Startup Secrets Revealed. This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on Lean Startup Secrets Revealed. This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Fedora 15 on Fedora 15 LXC with Libvirt
On Tue, Aug 2, 2011 at 8:44 PM, Michael H. Warfield m...@wittsend.com wrote: Ah... Serge? Reference back to the thread on [Lxc-users] what's the difference in lxc-attach please? We were discussing systemd back in that thread too. On Tue, 2011-08-02 at 19:22 +0300, Iliyan ILF Stoyanov wrote: Hi, I don't think this template will work as it references two files that do not exist in F15 i.e. ${rootfs_path}/etc/rc.sysinit and ${rootfs_path}/etc/rc.d/rc.sysinit this is because of the fact that system.d doesn't use such scripts for init. You mean systemd and not system.d but I got your point. I have an F15 container running on an F15 host but the only way I was able to do this was by installing upstart and relinking init to upstart. Systemd seems to get a great deal of heartburn over trying to mount /sys/fs/cgroup in the container and things catch fire and burn all over the place. I do have it working with Upstart. Until a bunch of us can sort out the details of what systemd is doing and expect and should behave under what circumstances, F15 systemd in a container is going to be a crap shoot. Regards, Mike I can always just use Scientific Linux for my setup, however we made the decision a long time ago that all our dev servers will stick to Fedora, so that we are better prepared for the quirks that might come up in RHEL/CentOS/SL when some technology gets included in the TUV releases. It is not a must to have LXC running on Fedora 15 with Fedora 15 guests, but it would be nice to crack the hard nut that system.d is proving to be. By the way, I see that your email is at canonical and it seems a most of the people here are running LXC on Ubuntu, is LXC actually sponsored by canonical or is primarily developed around Debian/Ubuntu, because if that is the case, it might explain certain incompatibilities with the way Red Hat/Fedora are set up. BR, ilf On Tue, 2011-08-02 at 09:02 -0500, Serge E. Hallyn wrote: Quoting Iliyan ILF Stoyanov (i...@ilf.me): On the other side, would someone be so kind to point me in the right direction (either documentation, source or anything else available) that I can follow so that I set up lxc container just with the LXC tools. I Ramez Hanna has posted a new fedora template. I think this was the latest: http://www.mail-archive.com/lxc-users@lists.sourceforge.net/msg01707.html It looks like it was for F13 and F14 containers, but it should be a starting point. See the usage() section. I've not used it myself, but the author should be on this list. -serge -- BlackBerryreg; DevCon Americas, Oct. 18-20, San Francisco, CA The must-attend event for mobile developers. Connect with experts. Get tools for creating Super Apps. See the latest technologies. Sessions, hands-on labs, demos much more. Register early save! http://p.sf.net/sfu/rim-blackberry-1 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it! -- BlackBerryreg; DevCon Americas, Oct. 18-20, San Francisco, CA The must-attend event for mobile developers. Connect with experts. Get tools for creating Super Apps. See the latest technologies. Sessions, hands-on labs, demos much more. Register early save! http://p.sf.net/sfu/rim-blackberry-1 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users the fedora template works for 14 but not 15 the reason is systemd but not really related to rc.sysinit (yes this needs cleanup) systemd in the container seems to interfere with systemd on the host screwing up the host i haven't been looking at it lately, but i think it might be related to mount points or something as systemd uses /var/run/ which is a tmpfs, som maybe something goes wrong there -- BlackBerryreg; DevCon Americas, Oct. 18-20, San Francisco, CA The must-attend event for mobile developers. Connect with experts. Get tools for creating Super Apps. See the latest technologies. Sessions, hands-on labs, demos much more. Register early save! http://p.sf.net/sfu/rim-blackberry-1 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] [PATCH 1/2] working fedora template
From c117fc7051971a9166cf5ab1f85cb6331b91a78c Mon Sep 17 00:00:00 2001 From: InformatiQ rha...@informatiq.org Date: Wed, 20 Apr 2011 23:15:51 +0300 Subject: [PATCH 1/2] working fedora template signed-off-by: Ramez Hanna rha...@informatiq.org --- templates/lxc-fedora.in | 264 ++- 1 files changed, 146 insertions(+), 118 deletions(-) diff --git a/templates/lxc-fedora.in b/templates/lxc-fedora.in index f4f19c0..e26d73a 100644 --- a/templates/lxc-fedora.in +++ b/templates/lxc-fedora.in @@ -9,6 +9,7 @@ # Authors: # Daniel Lezcano daniel.lezc...@free.fr +# Ramez Hanna rha...@informatiq.org # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -24,117 +25,106 @@ # License along with this library; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -DISTRO=fedora-10 +#Configurations +arch=$(arch) +cache_base=/var/cache/lxc/fedora/$arch +default_path=/var/lib/lxc +root_password=rooter +lxc_network_type=veth +lxc_network_link=virbr0 + +# is this fedora? +[ -f /etc/fedora-release ] is_fedora=true configure_fedora() { -rootfs=$1 -hostname=$2 # disable selinux in fedora -mkdir -p $rootfs/selinux -echo 0 $rootfs/selinux/enforce +mkdir -p $rootfs_path/selinux +echo 0 $rootfs_path/selinux/enforce # configure the network using the dhcp -cat EOF $rootfs/etc/network/interfaces -auto lo -iface lo inet loopback - -auto eth0 -iface eth0 inet dhcp +cat EOF ${rootfs_path}/etc/sysconfig/network-scripts/ifcfg-eth0 +DEVICE=eth0 +BOOTPROTO=dhcp +ONBOOT=yes +HOSTNAME=${UTSNAME} +NM_CONTROLLED=no +TYPE=Ethernet +MTU=${MTU} EOF # set the hostname -cat EOF $rootfs/etc/hostname -$hostname -EOF -# set minimal hosts -cat EOF $rootfs/etc/hosts -127.0.0.1 localhost $hostname -EOF - -# provide the lxc service -cat EOF $rootfs/etc/init/lxc.conf -# fake some events needed for correct startup other services - -description Container Upstart - -start on startup - -script -rm -rf /var/run/*.pid -rm -rf /var/run/network/* -/sbin/initctl emit stopped JOB=udevtrigger --no-wait -/sbin/initctl emit started JOB=udev --no-wait -end script -EOF - -cat EOF $rootfs/etc/init/console.conf -# console - getty -# -# This service maintains a console on tty1 from the point the system is -# started until it is shut down again. - -start on stopped rc RUNLEVEL=[2345] -stop on runlevel [!2345] - -respawn -exec /sbin/getty -8 38400 /dev/console +cat EOF ${rootfs_path}/etc/sysconfig/network +NETWORKING=yes +HOSTNAME=${UTSNAME} EOF -cat EOF $rootfs/lib/init/fstab -# /lib/init/fstab: lxc system fstab -none/spu spufs gid=spu,optional 0 0 -none/tmp nonedefaults 0 0 -none/var/lock tmpfs nodev,noexec,nosuid,showthrough 0 0 -none/lib/init/rw tmpfs mode=0755,nosuid,optional 0 0 +# set minimal hosts +cat EOF $rootfs_path/etc/hosts +127.0.0.1 localhost $name EOF -# reconfigure some services -if [ -z $LANG ]; then - chroot $rootfs locale-gen en_US.UTF-8 - chroot $rootfs update-locale LANG=en_US.UTF-8 -else - chroot $rootfs locale-gen $LANG - chroot $rootfs update-locale LANG=$LANG -fi - -# remove pointless services in a container -chroot $rootfs /usr/sbin/update-rc.d -f ondemand remove - -chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls u*.conf); do mv $f $f.orig; done' -chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls tty[2-9].conf); do mv $f $f.orig; done' -chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls plymouth*.conf); do mv $f $f.orig; done' -chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls hwclock*.conf); do mv $f $f.orig; done' -chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls module*.conf); do mv $f $f.orig; done' - -echo Please change root-password ! -echo root:root | chroot $rootfs chpasswd +sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.sysinit +sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.d/rc.sysinit +chroot ${rootfs_path} chkconfig udev-post off +chroot ${rootfs_path} chkconfig network on + +dev_path=${rootfs_path}/dev +rm -rf $dev_path +mkdir -p $dev_path +mknod -m 666 ${dev_path}/null c 1 3 +mknod -m 666 ${dev_path}/zero c 1 5 +mknod -m 666 ${dev_path}/random c 1 8 +mknod -m 666 ${dev_path}/urandom c 1 9 +mkdir -m 755 ${dev_path}/pts +mkdir -m 1777 ${dev_path}/shm +mknod -m 666 ${dev_path}/tty c 5 0 +mknod -m 666 ${dev_path}/tty0 c 4 0 +mknod -m 666 ${dev_path}/tty1 c 4 1 +mknod -m 666 ${dev_path}/tty2 c 4 2 +mknod -m 666 ${dev_path}/tty3 c 4 3 +mknod -m 666
[Lxc-users] [PATCH 2/2] fix RELEAE_URL to not hardcode the arch
From e959e5d5661841c5546b07575e7f3da84ac0ba7f Mon Sep 17 00:00:00 2001 From: InformatiQ rha...@informatiq.org Date: Thu, 14 Jul 2011 00:41:03 +0300 Subject: [PATCH 2/2] fix RELEAE_URL to not hardcode the arch --- templates/lxc-fedora.in |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/templates/lxc-fedora.in b/templates/lxc-fedora.in index e26d73a..0262013 100644 --- a/templates/lxc-fedora.in +++ b/templates/lxc-fedora.in @@ -111,7 +111,7 @@ download_fedora() echo Downloading fedora minimal ... YUM=yum --installroot $INSTALL_ROOT -y --nogpgcheck PKG_LIST=yum initscripts passwd rsyslog vim-minimal dhclient chkconfig rootfiles policycoreutils - RELEASE_URL=http://ftp.funet.fi/pub/mirrors/fedora.redhat.com/pub/fedora/linux/releases/$release/Everything/x86_64/os/Packages/fedora-release-$release-1.noarch.rpm; + RELEASE_URL=http://ftp.funet.fi/pub/mirrors/fedora.redhat.com/pub/fedora/linux/releases/$release/Everything/$arch/os/Packages/fedora-release-$release-1.noarch.rpm; curl $RELEASE_URL $INSTALL_ROOT/fedora-release-$release.noarch.rpm mkdir -p $INSTALL_ROOT/var/lib/rpm -- 1.7.6 -- BlackBerryreg; DevCon Americas, Oct. 18-20, San Francisco, CA The must-attend event for mobile developers. Connect with experts. Get tools for creating Super Apps. See the latest technologies. Sessions, hands-on labs, demos much more. Register early save! http://p.sf.net/sfu/rim-blackberry-1 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] [PATCH 1/2] working fedora template
On Wed, Aug 10, 2011 at 5:54 PM, Daniel Lezcano daniel.lezc...@free.fr wrote: On 08/10/2011 09:21 AM, Ramez Hanna wrote: On Tue, Aug 9, 2011 at 5:16 PM, Daniel Lezcano daniel.lezc...@free.fr wrote: On 08/08/2011 10:54 AM, Ramez Hanna wrote: From c117fc7051971a9166cf5ab1f85cb6331b91a78c Mon Sep 17 00:00:00 2001 From: InformatiQ rha...@informatiq.org Date: Wed, 20 Apr 2011 23:15:51 +0300 Subject: [PATCH 1/2] working fedora template signed-off-by: Ramez Hanna rha...@informatiq.org I was not able to apply your patches. It seems there is some spurious CR in the inlined patch. Did you copy-paste the diff in the email ? yes i did from gedit find the patch attached Ok, applied. I got a conflict and part of the patch has been rejected but I fixed the problem. I will let you check the template is working for you when commited. why don't you use git send-email --to lxc-de...@lists.sourceforge.net -nrpatches ? my git skills are next to zero, only know how to commit and push. will try that next time. sorry for the trouble -- Get a FREE DOWNLOAD! and learn more about uberSVN rich system, user administration capabilities and model configuration. Take the hassle out of deploying and managing Subversion and the tools developers use with it. http://p.sf.net/sfu/wandisco-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] [PATCH 1/2] working fedora template
this is a bug in the fedora-release-15-1.noarch and was fixed in fedora-release-15-3.noarch from updates which basically breaks the script, i'm wporking on fixing it you could easily fix that in the script at line 114 but be aware that f15 won't boot, there needs to be tweaks to the rootfs, which i haven't yet On Tue, Aug 16, 2011 at 7:20 PM, Iliyan Stoyanov i...@ilf.me wrote: Hi all, I pulled the latest version of lxc from git (up to this commit: e6238180c6963bcdbab42258a0f66b1d498c0e13) and it seems this patch is already applied, however I seem to have a problem using the lxc-fedora template to generate Fedora image. Am I completely stupid (or|and) am I doing something wrong, because I can't seem to generate fedora environment. What I always get is an error looking like this: warning: /var/cache/lxc/fedora/x86_64/15/partial/fedora-release-15.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID 069c8460: NOKEY error: Failed dependencies: fedora-release-rawhide = 15-1 is needed by fedora-release-15-1.noarch fedora/metalink | 20 kB 00:00 Could not parse metalink https://mirrors.fedoraproject.org/metalink?repo=fedora-$releaseverarch=x86_64 error was No repomd file Error: Cannot retrieve repository metadata (repomd.xml) for repository: fedora. Please verify its path and try again Failed to download the rootfs, aborting. Failed to download 'fedora base' failed to install fedora Which seems to be a problem that the template is not fetching another needed rpm. However I'm not sure I know how to fix that. Any ideas? --ilf On Mon, 2011-08-08 at 11:54 +0300, Ramez Hanna wrote: From c117fc7051971a9166cf5ab1f85cb6331b91a78c Mon Sep 17 00:00:00 2001 From: InformatiQ rha...@informatiq.org Date: Wed, 20 Apr 2011 23:15:51 +0300 Subject: [PATCH 1/2] working fedora template signed-off-by: Ramez Hanna rha...@informatiq.org --- templates/lxc-fedora.in | 264 ++- 1 files changed, 146 insertions(+), 118 deletions(-) diff --git a/templates/lxc-fedora.in b/templates/lxc-fedora.in index f4f19c0..e26d73a 100644 --- a/templates/lxc-fedora.in +++ b/templates/lxc-fedora.in @@ -9,6 +9,7 @@ # Authors: # Daniel Lezcano daniel.lezc...@free.fr +# Ramez Hanna rha...@informatiq.org # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -24,117 +25,106 @@ # License along with this library; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -DISTRO=fedora-10 +#Configurations +arch=$(arch) +cache_base=/var/cache/lxc/fedora/$arch +default_path=/var/lib/lxc +root_password=rooter +lxc_network_type=veth +lxc_network_link=virbr0 + +# is this fedora? +[ -f /etc/fedora-release ] is_fedora=true configure_fedora() { - rootfs=$1 - hostname=$2 # disable selinux in fedora - mkdir -p $rootfs/selinux - echo 0 $rootfs/selinux/enforce + mkdir -p $rootfs_path/selinux + echo 0 $rootfs_path/selinux/enforce # configure the network using the dhcp - cat EOF $rootfs/etc/network/interfaces -auto lo -iface lo inet loopback - -auto eth0 -iface eth0 inet dhcp + cat EOF ${rootfs_path}/etc/sysconfig/network-scripts/ifcfg-eth0 +DEVICE=eth0 +BOOTPROTO=dhcp +ONBOOT=yes +HOSTNAME=${UTSNAME} +NM_CONTROLLED=no +TYPE=Ethernet +MTU=${MTU} EOF # set the hostname - cat EOF $rootfs/etc/hostname -$hostname -EOF - # set minimal hosts - cat EOF $rootfs/etc/hosts -127.0.0.1 localhost $hostname -EOF - - # provide the lxc service - cat EOF $rootfs/etc/init/lxc.conf -# fake some events needed for correct startup other services - -description Container Upstart - -start on startup - -script - rm -rf /var/run/*.pid - rm -rf /var/run/network/* - /sbin/initctl emit stopped JOB=udevtrigger --no-wait - /sbin/initctl emit started JOB=udev --no-wait -end script -EOF - - cat EOF $rootfs/etc/init/console.conf -# console - getty -# -# This service maintains a console on tty1 from the point the system is -# started until it is shut down again. - -start on stopped rc RUNLEVEL=[2345] -stop on runlevel [!2345] - -respawn -exec /sbin/getty -8 38400 /dev/console + cat EOF ${rootfs_path}/etc/sysconfig/network +NETWORKING=yes +HOSTNAME=${UTSNAME} EOF - cat EOF $rootfs/lib/init/fstab -# /lib/init/fstab: lxc system fstab -none /spu spufs gid=spu,optional 0 0 -none /tmp none defaults 0 0 -none /var/lock tmpfs nodev,noexec,nosuid,showthrough 0 0 -none /lib/init/rw tmpfs mode=0755,nosuid,optional 0 0 + # set minimal hosts + cat EOF $rootfs_path
Re: [Lxc-users] [RFC] best way to add creation of lvm containers
first thought put it in lxc-create then again, conversion is needed too hence i also want an lxc-convert i am coming from a qemu background so qemu-img does create and convert so optimum is to see an lxc-convert and have that function also available as part of lxc-create On Fri, Jul 1, 2011 at 8:31 PM, Serge E. Hallyn se...@hallyn.com wrote: Hey, so lxc-clone will create a snapshot-based clone of an lvm-backed container in about a second. Creating the first lvm-backed container is a bit of a pain though. I do it using the script below, called 'lxclvmconvert' on my machine. So I do lxc-create -t ubuntu -f /etc/lxc.conf -n mavbase -- -r maverick lxclvmconvert mavbase and from then on I can do fast lxc-clone -s -o mavbase -n mav-bugxyz My question is, where do we want to put this functionality? Of course I *can* put it in the ubuntu template itself, but I'm leary of adding too many options to that. Consider that just for the lvm support we'd need to add optional arguments for: backing store type: (lvm, loopback file, real blockdev) backing store fstype backing store size other options, i.e. lvm volume group name So, do you think it would be better for the container creation templates to offer this support, or to have a separate tool, not lxclvmconvert, but maybe 'lxc-convert', which converts a container from any supported backing type to any other. Backing types I guess could start out by including directory (the current way) lvm loopback file raw device thanks, -serge #!/bin/sh if [ $# -lt 1 ]; then echo Usage: $0 container-name size fstype exit 1 fi c=$1 size=2G fstype=ext3 echo converting container $c if [ $# -gt 1 ]; then size=$2 echo Using size $size fi if [ $# -gt 2 ]; then fstype=$3 echo Using fstype $fstype fi if [ ! -d /var/lib/lxc/$c/rootfs ]; then echo Container $c doesn't seem to exist? exit 1 fi if [ -e /dev/lxc/$c ]; then echo /dev/lxc/$c already exists. Bailing exit 1 fi lvcreate -L $size -n $c lxc || cleanup sleep 1 mkfs -t $fstype /dev/lxc/$c if [ $? -ne 0 ]; then echo Failed to create the filesystem lvremove -f /dev/lxc/$c exit 1 fi mkdir /var/lib/lxc/$c/lvm || { lvremove -f /dev/lxc/$c; exit 1; } mount -t $fstype /dev/lxc/$c /var/lib/lxc/$c/lvm || { lvremove -f /dev/lxc/$c; exit 1; } rsync -va /var/lib/lxc/$c/rootfs/ /var/lib/lxc/$c/lvm || echo Rsync had errors, you may want to check; continuing umount /var/lib/lxc/$c/lvm rmdir /var/lib/lxc/$c/lvm rm -rf /var/lib/lxc/$c/rootfs mkdir /var/lib/lxc/$c/rootfs sed -i '/lxc.rootfs/d' /var/lib/lxc/$c/config echo lxc.rootfs = /dev/lxc/$c /var/lib/lxc/$c/config echo Finished -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- EMC VNX: the world's simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] lxc-clone
Hi, I have started using lxc to setup a pre-production system instead of KVM at first glance clone seemd to me that it would copy everything to a new roots but turns out that in case of LVM it will snapshot AFAIK snapshots are meant more for backup or testing some changes and discarding them later do you think it makes sense if I modify the script in this way if user doesn't specify -s, then a new lv is created and copy all comtents to it, rather than snapshot which would work if user uses the -s option? On Tue, Jun 21, 2011 at 8:58 PM, Serge Hallyn serge.hal...@canonical.com wrote: Hi Daniel, Quoting Daniel Lezcano (daniel.lezc...@free.fr): +echo Tweaking configuration +cp $lxc_path/$lxc_orig/config $lxc_path/$lxc_new/config +sed -i '/lxc.utsname/d' $lxc_path/$lxc_new/config +echo lxc.utsname = $hostname $lxc_path/$lxc_new/config We should not assume lxc.utsname is in the configuration file in order to not write a hostname in all the cases. The user may want to let the container to setup itself the hostname. What do you think is the best way to do this? We could allow the user to specify a 'firstboot' script, which gets copied into root directory of the container. Maybe boot the container when it's done, run /firstboot.sh, and shut down. Or just let that happen when the user first boots. We could use a /etc/init.d/lxc-firstboot script, but that will only work if the container's init system actually looks at sysvinit scripts. Obviously sysvinit and upstart do, and I must assume that systemd does. lxc-init I assume doesn't. Mmh, that's look a bit complicate for the user. I was thinking about something simpler like: grep -q lxc.utsname $lxc_path/$lxc_new/config if [ $? == 0 ]; then sed -e s/lxc.utsname/lxc.utsname=$hostname $lxc_path/$lxc_new/config else echo lxc.utsname = $hostname $lxc_path/$lxc_new/config fi I started changing my code to this, but now am wondering how this differs from what I was doing, which was: sed -i '/lxc.utsname/d' $lxc_path/$lxc_new/config echo lxc.utsname = $hostname $lxc_path/$lxc_new/config The only difference is that in mine, if the original config had a hostname at top of file, it'll now be at bottom of file. But with both your snippets and mine, the 'lxc.utsname = new_hostname' will be the one and only utsname in the config. If you still think it's worth changing I'll do so, but I like that mine is shorter. -serge -- EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- EMC VNX: the world's simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] [PATCH] multiple mods to lxc-clone
* allow cloning of non-snapshot lvm devices * if no -s then create a copy of the lvm block device and copy data from the orig to the new container device * first take a snapshot, then use this snapshot to copy data, remove snapshot after done * if orig container is running freeze it while copying * in case lvm block device, the container is only frozen during creation of snapshot ~1 sec * use rsync -ax insted of cp -a * in case copying a live contrainer it won't copy runtine mounted files such as /proc, /sys and some /dev * new opts * fstype: type of fs for the newly created lvm device in case of non-snapshot lvm * lvprefix: prefix for new lvm device name. * do not delete the lines lxc.mount by default * check is fstab exists then copy it * only modify lines that contain lxc.mount =, debian template seems to not have that line but uses lxc.mount. lines which get screwed Signed-off-by: InformatiQ rha...@informatiq.org --- src/lxc/lxc-clone.in | 98 ++ 1 files changed, 75 insertions(+), 23 deletions(-) mode change 100644 = 100755 src/lxc/lxc-clone.in diff --git a/src/lxc/lxc-clone.in b/src/lxc/lxc-clone.in old mode 100644 new mode 100755 index 91944a0..d42160b --- a/src/lxc/lxc-clone.in +++ b/src/lxc/lxc-clone.in @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/bash # # lxc: linux Container library @@ -22,7 +22,7 @@ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA usage() { -echo usage: lxc-clone -o orig -n new [-s] [-h] [-L fssize] [-v vgname] +echo usage: lxc-clone -o orig -n new [-s] [-h] [-L fssize] [-v vgname] [-p lxc_lv_prefix] [-t fstype] } help() { @@ -36,15 +36,19 @@ help() { echo -s : make the new rootfs a snapshot of the original echo fssize : size if creating a new fs. By default, 2G echo vgname : lvm volume group name, lxc by default +echo lvprefix : lvm volume name prefix, none by default, e.g. --lvprefix=lxc_ then new lxc lv name will be lxc_newname +echo fstype : new container file system type, ext3 by default (only works for non-snapshot lvm) } -shortoptions='ho:n:sL:v:' -longoptions='help,orig:,name:,snapshot,fssize,vgname' +shortoptions='ho:n:sL:v:p:t:' +longoptions='help,orig:,name:,snapshot,fssize:,vgname:,lvprefix:,fstype:' lxc_path=/var/lib/lxc bindir=/usr/bin snapshot=no lxc_size=2G lxc_vg=lxc +lxc_lv_prefix= +fstype=ext3 getopt=$(getopt -o $shortoptions --longoptions $longoptions -- $@) if [ $? != 0 ]; then @@ -63,6 +67,7 @@ while true; do -s|--snapshot) shift snapshot=yes +snapshot_opt=-s ;; -o|--orig) shift @@ -84,6 +89,11 @@ while true; do lxc_new=$1 shift ;; +-p|--lvprefix) +shift +lxc_lv_prefix=$1 +shift +;; --) shift break;; @@ -141,50 +151,92 @@ trap ${bindir}/lxc-destroy -n $lxc_new; echo aborted; exit 1 SIGHUP SIGINT SIG mkdir -p $lxc_path/$lxc_new +hostname=$lxc_new + echo Tweaking configuration cp $lxc_path/$lxc_orig/config $lxc_path/$lxc_new/config sed -i '/lxc.utsname/d' $lxc_path/$lxc_new/config echo lxc.utsname = $hostname $lxc_path/$lxc_new/config -sed -i '/lxc.mount/d' $lxc_path/$lxc_new/config -echo lxc.mount = $lxc_path/$lxc_new/fstab $lxc_path/$lxc_new/config +grep lxc.mount = $lxc_path/$lxc_new/config /dev/null 21 { sed -i '/lxc.mount =/d' $lxc_path/$lxc_new/config; echo lxc.mount = $lxc_path/$lxc_new/fstab $lxc_path/$lxc_new/config; } -cp $lxc_path/$lxc_orig/fstab $lxc_path/$lxc_new/fstab -sed -i s@$lxc_path/$lxc_orig@$lxc_path/$lxc_new@ $lxc_path/$lxc_new/fstab +if [ -e $lxc_path/$lxc_orig/fstab ];then +cp $lxc_path/$lxc_orig/fstab $lxc_path/$lxc_new/fstab +sed -i s@$lxc_path/$lxc_orig@$lxc_path/$lxc_new@ $lxc_path/$lxc_new/fstab +fi echo Copying rootfs... rootfs=$lxc_path/$lxc_new/rootfs # First figure out if the old is a device. For now we only support # lvm devices. mounted=0 +#is container running +lxc-info -s -n $lxc_orig|grep RUNNING /dev/null 21 +if [ $? -ne 0 ]; then +container_running=True +fi sed -i '/lxc.rootfs/d' $lxc_path/$lxc_new/config oldroot=`grep lxc.rootfs $lxc_path/$lxc_orig/config | awk -F= '{ print $2 '}` if [ -b $oldroot ]; then # this is a device. If we don't want to snapshot, then mkfs, mount # and rsync. Trivial but not yet implemented - if [ $snapshot == no ]; then - echo non-snapshot and non-lvm clone of block device not yet implemented - exit 1 - fi + #if [ $snapshot == no ]; then + # echo non-snapshot and non-lvm clone of block device not yet implemented + # exit 1 + #fi lvdisplay $oldroot /dev/null 21 if [ $? -ne 0 ]; then - echo
[Lxc-users] Subject: [PATCH 1/2] fix for missing EOF and fstab contents
templates/lxc-fedora.in | 10 +- 1 files changed, 5 insertions(+), 5 deletions(-) diff --git a/templates/lxc-fedora.in b/templates/lxc-fedora.in index 81f8bc4..c166efb 100644 --- a/templates/lxc-fedora.in +++ b/templates/lxc-fedora.in @@ -224,10 +224,10 @@ lxc.cgroup.devices.allow = c 254:0 rwm EOF cat EOF $config_path/fstab -+proc$rootfs_path/proc procnodev,noexec,nosuid 0 0 -+devpts $rootfs_path/dev/pts devpts defaults 0 0 -+sysfs $rootfs_path/sys sysfs defaults 0 0 - +proc$rootfs_path/proc procnodev,noexec,nosuid 0 0 +devpts $rootfs_path/dev/pts devpts defaults 0 0 +sysfs $rootfs_path/sys sysfs defaults 0 0 +EOF if [ $? -ne 0 ]; then echo Failed to add configuration return 1 @@ -268,7 +268,7 @@ usage: Mandatory args: -n,--name container name, used to as an identifier for that container from now on Optional args: - -p,--path path to where the container rootfs will be created, defaults to /var/lib/lxc. The container config will go under /var/lib/lxc in and case + -p,--path path to where the container rootfs will be created, defaults to /var/lib/lxc. The container config will go under /var/lib/lxc in that case -c,--cleanclean the cache -R,--release Fedora release for the new container. if the host is Fedora, then it will defaultto the host's release. -A,--arch NOT USED YET. Define what arch the container will be [i686,x86_64] -- 1.7.6 -- EMC VNX: the world's simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] [PATCH 2/2] lxc-fedora.in
* if not running on fedora host amd -R is not set, use fedora 14 as default * trap SIGHUP SIGINT SIGTERM, and cleanup before exiting --- templates/lxc-fedora.in | 28 +--- 1 files changed, 21 insertions(+), 7 deletions(-) diff --git a/templates/lxc-fedora.in b/templates/lxc-fedora.in index c166efb..48cb1c0 100644 --- a/templates/lxc-fedora.in +++ b/templates/lxc-fedora.in @@ -316,8 +316,7 @@ if [ -z $release ]; then if [ $is_fedora ]; then release=$(cat /etc/fedora-release |awk '/^Fedora/ {print $3}') else -echo This is not a fedora host and release missing, use -R|--release to specify release -exit 1 +echo This is not a fedora host and release missing, defaulting to 14. use -R|--release to specify release fi fi @@ -326,6 +325,7 @@ if [ $(id -u) != 0 ]; then exit 1 fi + rootfs_path=$path/$name/rootfs config_path=$default_path/$name cache=$cache_base/$release @@ -335,6 +335,25 @@ if [ -f $config_path/config ]; then exit 1 fi +revert() +{ +echo Interrupted, so cleaning up +lxc-destroy -n $name +# maybe was interrupted before copy config +rm -rf $path/$name +rm -rf $default_path/$name +echo exiting... +exit 1 +} + +trap revert SIGHUP SIGINT SIGTERM + +copy_configuration +if [ $? -ne 0 ]; then +echo failed write configuration file +exit 1 +fi + install_fedora if [ $? -ne 0 ]; then echo failed to install fedora @@ -347,11 +366,6 @@ if [ $? -ne 0 ]; then exit 1 fi -copy_configuration -if [ $? -ne 0 ]; then -echo failed write configuration file -exit 1 -fi if [ ! -z $clean ]; then clean || exit 1 -- 1.7.6 -- EMC VNX: the world's simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] lxc-clone
On Mon, Aug 29, 2011 at 4:19 PM, Serge Hallyn serge.hal...@canonical.com wrote: Quoting Ramez Hanna (rha...@informatiq.org): Hi, I have started using lxc to setup a pre-production system instead of KVM at first glance clone seemd to me that it would copy everything to a new roots but turns out that in case of LVM it will snapshot AFAIK snapshots are meant more for backup or testing some changes and discarding them later do you think it makes sense if I modify the script in this way if user doesn't specify -s, then a new lv is created and copy all comtents to it, rather than snapshot which would work if user uses the -s option? Yes, I guess I didn't implement that bit yet, but not specifying -s was meant to do a simple copy. You'll probably want to check whether the original was a simple directory tree or an lvm, and only lvcreate if the original was an lvm. (then lxc-convert can offer conversion from one to the other.) -serge I did implemet that patch submitted yesterday, would appreciate any comments -- Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free Love Thy Logs t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] [PATCH] multiple mods to lxc-clone
On Tue, Aug 30, 2011 at 1:08 AM, Serge Hallyn serge.hal...@canonical.com wrote: Thanks, Ramez. It looks good to me. My only comment would be that if the rootfs copy fails (either rsync or lvm clone), and you've frozen the original container, then you need to unfreeze the original container before erroring out. -serge good catch thanks resending in a bit Quoting Ramez Hanna (rha...@informatiq.org): * allow cloning of non-snapshot lvm devices * if no -s then create a copy of the lvm block device and copy data from the orig to the new container device * first take a snapshot, then use this snapshot to copy data, remove snapshot after done * if orig container is running freeze it while copying * in case lvm block device, the container is only frozen during creation of snapshot ~1 sec * use rsync -ax insted of cp -a * in case copying a live contrainer it won't copy runtine mounted files such as /proc, /sys and some /dev * new opts * fstype: type of fs for the newly created lvm device in case of non-snapshot lvm * lvprefix: prefix for new lvm device name. * do not delete the lines lxc.mount by default * check is fstab exists then copy it * only modify lines that contain lxc.mount =, debian template seems to not have that line but uses lxc.mount. lines which get screwed Signed-off-by: InformatiQ rha...@informatiq.org --- src/lxc/lxc-clone.in | 98 ++ 1 files changed, 75 insertions(+), 23 deletions(-) mode change 100644 = 100755 src/lxc/lxc-clone.in diff --git a/src/lxc/lxc-clone.in b/src/lxc/lxc-clone.in old mode 100644 new mode 100755 index 91944a0..d42160b --- a/src/lxc/lxc-clone.in +++ b/src/lxc/lxc-clone.in @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/bash # # lxc: linux Container library @@ -22,7 +22,7 @@ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA usage() { - echo usage: lxc-clone -o orig -n new [-s] [-h] [-L fssize] [-v vgname] + echo usage: lxc-clone -o orig -n new [-s] [-h] [-L fssize] [-v vgname] [-p lxc_lv_prefix] [-t fstype] } help() { @@ -36,15 +36,19 @@ help() { echo -s : make the new rootfs a snapshot of the original echo fssize : size if creating a new fs. By default, 2G echo vgname : lvm volume group name, lxc by default + echo lvprefix : lvm volume name prefix, none by default, e.g. --lvprefix=lxc_ then new lxc lv name will be lxc_newname + echo fstype : new container file system type, ext3 by default (only works for non-snapshot lvm) } -shortoptions='ho:n:sL:v:' -longoptions='help,orig:,name:,snapshot,fssize,vgname' +shortoptions='ho:n:sL:v:p:t:' +longoptions='help,orig:,name:,snapshot,fssize:,vgname:,lvprefix:,fstype:' lxc_path=/var/lib/lxc bindir=/usr/bin snapshot=no lxc_size=2G lxc_vg=lxc +lxc_lv_prefix= +fstype=ext3 getopt=$(getopt -o $shortoptions --longoptions $longoptions -- $@) if [ $? != 0 ]; then @@ -63,6 +67,7 @@ while true; do -s|--snapshot) shift snapshot=yes + snapshot_opt=-s ;; -o|--orig) shift @@ -84,6 +89,11 @@ while true; do lxc_new=$1 shift ;; + -p|--lvprefix) + shift + lxc_lv_prefix=$1 + shift + ;; --) shift break;; @@ -141,50 +151,92 @@ trap ${bindir}/lxc-destroy -n $lxc_new; echo aborted; exit 1 SIGHUP SIGINT SIG mkdir -p $lxc_path/$lxc_new +hostname=$lxc_new + echo Tweaking configuration cp $lxc_path/$lxc_orig/config $lxc_path/$lxc_new/config sed -i '/lxc.utsname/d' $lxc_path/$lxc_new/config echo lxc.utsname = $hostname $lxc_path/$lxc_new/config -sed -i '/lxc.mount/d' $lxc_path/$lxc_new/config -echo lxc.mount = $lxc_path/$lxc_new/fstab $lxc_path/$lxc_new/config +grep lxc.mount = $lxc_path/$lxc_new/config /dev/null 21 { sed -i '/lxc.mount =/d' $lxc_path/$lxc_new/config; echo lxc.mount = $lxc_path/$lxc_new/fstab $lxc_path/$lxc_new/config; } -cp $lxc_path/$lxc_orig/fstab $lxc_path/$lxc_new/fstab -sed -i s@$lxc_path/$lxc_orig@$lxc_path/$lxc_new@ $lxc_path/$lxc_new/fstab +if [ -e $lxc_path/$lxc_orig/fstab ];then + cp $lxc_path/$lxc_orig/fstab $lxc_path/$lxc_new/fstab + sed -i s@$lxc_path/$lxc_orig@$lxc_path/$lxc_new@ $lxc_path/$lxc_new/fstab +fi echo Copying rootfs... rootfs=$lxc_path/$lxc_new/rootfs # First figure out if the old is a device. For now we only support # lvm devices. mounted=0 +#is container running +lxc-info -s -n $lxc_orig|grep RUNNING /dev/null 21 +if [ $? -ne 0 ]; then + container_running=True +fi sed -i '/lxc.rootfs/d' $lxc_path/$lxc_new/config oldroot=`grep lxc.rootfs $lxc_path/$lxc_orig/config | awk -F= '{ print $2 '}` if [ -b $oldroot ]; then # this is a device
[Lxc-users] Fwd: help regarding lxc
-- Forwarded message -- From: Ramez Hanna rha...@informatiq.org Date: Tue, Aug 30, 2011 at 2:36 PM Subject: Re: [Lxc-users] help regarding lxc To: nishant mungse nishantmun...@gmail.com there is a lxc-fedora template which wors just fine for fedora releases prior to 15 lxc-create -n lxc -t fedora -- -R14 this will create a fedora 14 container that works for you I don't know about that tar file you downloaded, is it a fedora container? or just a fedora install tarred On Tue, Aug 30, 2011 at 2:25 PM, nishant mungse nishantmun...@gmail.com wrote: hiii 1.First i downloaded the fedora-11-x86.tar.gz into /home/nishant/fedora 2.tar -xvf fedora-11-x86.tar.gz in same folder 3.created fstab and conf file 4.lxc-create -n lxc -f /home/nishant/fedora.conf 5.lxc-start -n fedora. And after that what happened i have disp in prev thread. Regards, Nishant. On Tue, Aug 30, 2011 at 4:48 PM, Ramez Hanna rha...@informatiq.org wrote: On Tue, Aug 30, 2011 at 2:13 PM, nishant mungse nishantmun...@gmail.com wrote: Hi Canhua I hv created a fedora container. commnd::lxc-start -n fedora Welcome to Fedora ... .. .. Setting hostname fedora: [ OK ] Checking filesystems [ OK ] mount: according to mtab, rootfs is already mounted on / Mounting local filesystems: [ OK ] Enabling local filesystem quotas: [ OK ] Enabling /etc/fstab swaps: [ OK ] hangs after this .. What should i do.?? i have deleted allthe contents form fstab also. What might be d problem??? plZ hlp me ASAP Regards, Nishant. On Tue, Aug 30, 2011 at 12:40 PM, Canhua dreamerat...@gmail.com wrote: this file is needed. some form of bootstrap is need to setup these system files. On Tue, Aug 30, 2011 at 3:07 PM, nishant mungse nishantmun...@gmail.com wrote: hii Canhua No there is no such file. Regards, Nishant On Tue, Aug 30, 2011 at 12:20 PM, Canhua dreamerat...@gmail.com wrote: do you have /sbin/init file in container's rootfs? e.g. /var/lib/lxc/guest/sbin/init On Tue, Aug 30, 2011 at 2:39 PM, nishant mungse nishantmun...@gmail.com wrote: hi Joerg Thnks 4 reply. I have executed the script now the error is gone but there is some problem. lxc-start -n guest lxc-start: No such file or directory - failed to exec /sbin/init lxc-start: invalid sequence number 1. expected 2 lxc-start: failed to spawn 'guest' lxc-start: Device or resource busy - failed to remove cgroup '/cgrouplxc/guest' Why it failed to exec /sbin/init? and what might be the solution to this. And i am not using any of the templates in creating the container. Regards, Nishant -- Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free Love Thy Logs t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free Love Thy Logs t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users how did you create the fedora container? -- -- BR RH -- -- BR RH -- Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free Love Thy Logs t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Is it possible to create symbolic links between different containers
On Tue, Aug 30, 2011 at 6:00 PM, Bodhi Zazen bodhi.za...@montanalinux.org wrote: You might be able to achieve this with mount bind - Original Message - From: nishant mungse nishantmun...@gmail.com To: lxc-users@lists.sourceforge.net, contain...@lists.linux-foundation.org Sent: Tuesday, August 30, 2011 7:38:07 AM Subject: [Lxc-users] Is it possible to create symbolic links between different containers Hi all I want to create a sym link between different containers. Is it possible to create?and how? Regards, Nishant. -- Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free Love Thy Logs t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free Love Thy Logs t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users what is your purpose for the symlink? -- BR RH -- Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free Love Thy Logs t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] possible to create/run lxc containers inside an lxc container?
On Thu, Sep 22, 2011 at 11:02 AM, Jesse Andrews anotherje...@gmail.com wrote: When I try to create a container inside a container I get an error: root@OUTER $ lxc-create -n INNER -f net.conf -t natty debootstrap is /usr/sbin/debootstrap Checking cache download in /var/cache/lxc/natty/rootfs-amd64 ... Downloading ubuntu natty minimal ... [...snip...] I: Extracting xz-utils... I: Extracting zlib1g... Failed to download the rootfs, aborting. apparently the error is about downloading nothing yet about nested containers check if the networking nside the container is configured and working or simply copy a container inside and start it to see if nesting works or not Failed to download 'ubuntu natty base' failed to install ubuntu natty failed to execute template 'natty' Any way to nest containers? Thanks, Jesse -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- -- BR RH -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] newbie: lxc on Fedora 15
On Mon, Oct 10, 2011 at 1:18 AM, sean darcy seandar...@gmail.com wrote: I'm trying to install F15 in an lxc container on an F15 host. I have found the script: setup_lxc_rootfs_fedora15.sh could you post a link to that script, i haven't seen it before and the template: lxc-fedora.in (Why, BTW, doesn't the Fedora rpm include the templates?) for some reason the maintainer of this package removed all the templates you can find a a pcakage containing the latest master from git and has the templates at http://software.opensuse.org/download.html?project=home:ramezhannapackage=lxc But very confused about what to actually do. Are the script and the template related? Do I need to run the script before lxc-create? Or do is it just: lxc-create -n NewF15 -t lxc-fedora.in And do I need a configuration file if I'm using the script and/or template? I've looked at http://lxc.teegra.net/ but can't figure out how much is superseded by script and template. Thanks, sean -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- -- BR RH -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2d-oct ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] newbie: lxc on Fedora 15
On Wed, Oct 12, 2011 at 9:49 AM, Ramez Hanna rha...@informatiq.org wrote: On Mon, Oct 10, 2011 at 1:18 AM, sean darcy seandar...@gmail.com wrote: I'm trying to install F15 in an lxc container on an F15 host. I have found the script: setup_lxc_rootfs_fedora15.sh could you post a link to that script, i haven't seen it before and the template: lxc-fedora.in (Why, BTW, doesn't the Fedora rpm include the templates?) for some reason the maintainer of this package removed all the templates you can find a a pcakage containing the latest master from git and has the templates at http://software.opensuse.org/download.html?project=home:ramezhannapackage=lxc But very confused about what to actually do. Are the script and the template related? Do I need to run the script before lxc-create? Or do is it just: lxc-create -n NewF15 -t lxc-fedora.in And do I need a configuration file if I'm using the script and/or template? I've looked at http://lxc.teegra.net/ but can't figure out how much is superseded by script and template. Thanks, sean -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- -- BR RH as mentioned at (where i found the script) https://gist.github.com/1142202 this script runs on top of an already created rootfs, it does some configuration on top of systemd but it only works when run on an openVZ pre created rootfs, if you use the fedora template it doesn't work -- -- BR RH -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2d-oct ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] lxc-ls does not list
i have built latest master on http://software.opensuse.org/download.html?project=home:ramezhannapackage=lxc now lxc-ls does not list my containers looking at the lxc-ls code lxcpath=${localstatedir}/lib/lxc where ${localstatedir} seems to be not set lxc-start -n name does work even though lxc-ls does not show it i would guess this is related to all bash scripts is this a build issue or a code issue (I have 0 knowledge of the automake stuff) -- -- BR RH -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2d-oct ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Fedora / CentOS
there should be no issue runnig ubuntu on redhat like systems but f15/16 don't run becuase of something related to systemd I have been trying although there was thread about running f15 starting from a openVZ rootfs On Tue, Dec 6, 2011 at 1:36 AM, Huang Liang excee...@gmail.com wrote: I remember that it is not possible to run ubuntu guests on CentOs host due to the upstart things. On Dec 6, 2011, at 2:58 AM, István Király - LaKing wrote: Hi folks. I wrote a guide how to get lxc running on CentOs host, with CentOS or Fedora 14 guest. http://forums.fedoraforum.org/showthread.php?t=272995 I could not get FC15/FC16 containers to work tho. I read somewhere it is because of systemd. Any ideas or suggestions on that subject? Thank you. lak...@d250.hu D250 Laboratories www.D250.hu -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- BR RH http://informatiq.org -- Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] .. CentOS .. + ubuntu
On Tue, Dec 6, 2011 at 8:24 PM, István Király - LaKing d...@yahoo.com wrote: Huang Liang excee...@gmail.com there should be no issue runnig ubuntu on redhat like systems but f15/16 don't run becuase of something related to systemd I have been trying although there was thread about running f15 starting from a openVZ rootfs On Fedora 16 host, with the ubuntu container, I get the same errors then with fedora or centos containers. On a CentOS 6, with ubunto containers, I get the following errors: lxc-start 1323193897.780 DEBUG lxc_conf - umounted '/mnt' lxc-start 1323193897.781 INFO lxc_conf - created new pts instance lxc-start 1323193897.781 INFO lxc_conf - set personality to '0x0' lxc-start 1323193897.781 DEBUG lxc_conf - capabilities has been setup lxc-start 1323193897.781 NOTICE lxc_conf - 'ub' is setup. lxc-start 1323193897.781 NOTICE lxc_start - exec'ing '/sbin/init' lxc-start 1323193897.781 NOTICE lxc_start - '/sbin/init' started with pid '13324' lxc-start 1323193897.781 DEBUG lxc_utmp - Added '/proc/13324/root/var/run' to inotifywatch lxc-start 1323193897.798 DEBUG lxc_utmp - got inotify event 256 for utmp Here the guest system hangs ... restart lxc-start 1323195414.802 NOTICE lxc_conf - 'ub' is setup. lxc-start 1323195414.802 NOTICE lxc_start - exec'ing '/sbin/init' lxc-start 1323195414.802 NOTICE lxc_start - '/sbin/init' started with pid '13522' lxc-start 1323195414.802 ERROR lxc_commands - failed to create the command service point lxc-start 1323195414.802 ERROR lxc_start - failed to add command handler to mainloop lxc-start 1323195414.803 ERROR lxc_start - mainloop exited with an error lxc-start 1323195414.803 DEBUG lxc_cgroup - destroying /cgroup ub lxc-start 1323195414.808 DEBUG lxc_cgroup - '/cgroup/ub' unlinked But seems like I can start a /bin/bash in the ubuntu container. -- Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users could you post your conf file of that container -- BR RH http://informatiq.org -- Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] How to start the network services so as to get the IP address using lxc-execute???
On Thu, Dec 8, 2011 at 12:33 PM, nishant mungse nishantmun...@gmail.com wrote: Hi, I want to manually invoke a networking setup to start the network service to get the IP address of container , But the problem is i don't want to start the container and want to use lxc-execute. When I tried these things happened:: command :: lxc-execute -n base -f /home/nishant/ubuntu.conf /var/lib/lxc/base1/rootfs/etc/init.d/networking start O/P Rather than invoking init scripts through /etc/init.d, use the service(8) utility, e.g. service networking start Since the script you are attempting to invoke has been converted to an Upstart job, you may also use the start(8) utility, e.g. start networking start: Unable to connect to Upstart: Failed to connect to socket /com/ubuntu/upstart: Connection refused How to start the network services so as to get the IP addresses of containers? Regards, Nishant -- Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users looks like the upstart scripts need upstart to be running! you could use a different script to start the networking say from a sysv init but I am not sure that with execute you will get the networking stack/isolation available -- BR RH http://informatiq.org -- Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] fedora 16 under lxc
hei I have been able to get some form of f16 under lxc running but some quirks so steps (untill i make a patch or a new script) use the current lxc-fedora to create a container chroot into the rootfs unlink /etc/systemd/system/default.target ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target touch /etc/fstab now that should in theory work my setup is a KVM guest with lxc installed i'm using VM-manager so i get to see the ttys while i start the container from ssh in fedora the tty1 is empty i make sure i have tty1 visible start the container from an ssh session using the -d flag looking at the tty1 of the VM i can see the console log from the lxc container so 1st quirk: i only get the container output on tty1 of the host (kvm guest) and not from the lxc-console lxc-console is blank when i installed ssh inside the container i was able to access it and use it nicely only had 2 services failing systemd-kmsg-syslogd.service plymouth-start.service any hints on how does lxc-console work to help me figure it out also agetty on tty* keeps restarting (maybe that's why no lxc-console) anyoe interested in trying it out? -- BR RH http://informatiq.org -- Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] version 0.8.0 coming soon
On Tue, Feb 28, 2012 at 5:13 PM, Serge Hallyn serge.hal...@canonical.com wrote: Quoting Papp Tamas (tom...@martos.bme.hu): On 02/28/2012 01:20 AM, Serge Hallyn wrote: Quoting Daniel Lezcano (daniel.lezc...@free.fr): Hi all, I will release a 0.8.0-rc1. I am looking for volunteer to test it :) Worked fine for me. Tested create and clone of ubuntu, ubuntu and ubuntu-cloud images, with dir and lvm backing stores. (And a run of lp:~serge-hallyn/+junk/lxc-test) Note, because upstream kernel didn't much care about the 'mount -o remount,ro /' problem, I'm going to patch lxc to pin open a '${rootfs}.hold' file, as long as the container is running. That will prevent the underlying fs from being remounted ro. (see https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/942325 for details). That'll buy us some time to find a better solution in the kernel. Why can a container change mount options outside of its rootfs? Sorry for the stupid question:) It's not a stupid question at all. The container isn't changing mount options outside of its rootfs. THere are two places an fs can be marked readonly - in the mount itself, and in the superblock. When you make a bind mount, you are creating more mounts (vfsmounts) using the same superblcok. If you do mount --bind / / # not needed in container bc it's already been done mount --bind -o remount,ro / then you are setting the reasonly flag on the mount itself. If you just do mount -o remount,ro / then you are setting the reasonly flag on the superblock, which will force all other mounts of that superblcok to also be readonly. Right now there is no way to prevent a container from doing that. I sent a patch to make the devices cgroup be consulted on that, so that it could reteurn -EPERM. That was refused. The two other options I'm considering (and it wouldn't hurt ot have both) are 1. to pass the remoutn flags to the LSM (selinux or apparmor or smack) so that it can deny permission. Right now it can't do that (except for all-or-nothing check on remount). And 2. to make it so that after doing mount --bind / / mount --bind -o remount,ro / mount --bind -o remount,rw / any subsequent mount -o remount,rw / would be refused (or automatically done only at the mount level). I don't think that should be hard to do at fs/namespace.c:do_remount(). -serge -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users tested it on f16 ubuntu container from older version still works cleaning up of nested cgroups now works and no need for me to manually rmdir all cgroups f16 container starts (with some issues as before) f14 works -- BR RH http://informatiq.org -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] * fix cached rootfs update * fix rootfs path * add handling of systemd (aka f15)
On Mon, Mar 5, 2012 at 10:28 PM, rha...@informatiq.org wrote: From: InformatiQ rha...@informatiq.org Signed-off-by: InformatiQ rha...@informatiq.org --- templates/lxc-fedora.in | 35 +++ 1 files changed, 27 insertions(+), 8 deletions(-) diff --git a/templates/lxc-fedora.in b/templates/lxc-fedora.in index e7f42a6..3f50895 100644 --- a/templates/lxc-fedora.in +++ b/templates/lxc-fedora.in @@ -69,11 +69,6 @@ EOF 127.0.0.1 localhost $name EOF - sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.sysinit - sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.d/rc.sysinit - chroot ${rootfs_path} chkconfig udev-post off - chroot ${rootfs_path} chkconfig network on - dev_path=${rootfs_path}/dev rm -rf $dev_path mkdir -p $dev_path @@ -99,6 +94,23 @@ EOF return 0 } +configure_fedora_init() +{ + sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.sysinit + sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.d/rc.sysinit + chroot ${rootfs_path} chkconfig udev-post off + chroot ${rootfs_path} chkconfig network on +} + +configure_fedora_systemd() +{ + unlink ${rootfs_path}/etc/systemd/system/default.target + touch ${rootfs_path}/etc/fstab + chroot ${rootfs_path} ln -s /dev/null //etc/systemd/system/udev.service + chroot ${rootfs_path} ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target + #dependency on a device unit fails it specially that we disabled udev + sed -i 's/After=dev-%i.device/After=/' ${rootfs_path}/lib/systemd/system/getty\@.service +} download_fedora() { @@ -170,7 +182,8 @@ copy_fedora() update_fedora() { - chroot $cache/rootfs yum -y update + YUM=yum --installroot $cache/rootfs -y --nogpgcheck + $YUM update } install_fedora() @@ -353,7 +366,7 @@ if [ $(id -u) != 0 ]; then fi -rootfs_path=$path/$name/rootfs +rootfs_path=$path/rootfs config_path=$default_path/$name cache=$cache_base/$release @@ -362,7 +375,7 @@ revert() echo Interrupted, so cleaning up lxc-destroy -n $name # maybe was interrupted before copy config - rm -rf $path/$name + rm -rf $path rm -rf $default_path/$name echo exiting... exit 1 @@ -388,6 +401,12 @@ if [ $? -ne 0 ]; then exit 1 fi +type /bin/systemd /dev/null 21 +if [ $? -ne 0 ]; then + configure_fedora_init +else + configure_fedora_systemd +fi if [ ! -z $clean ]; then clean || exit 1 -- 1.7.7.6 there is only problem about systemd not addressed by this script is that it does mount /dev which stops getty from starting on tty1 so either make it start on any tty higher than what your host is using and allow that in your lxc cgroup conf or mount the $rootfs/dev to a different block dev that way systemd won't mount /dev the script below does it nicely in the case you don't have a free block device. the script create a non persistant mount which you don't need if you are using lvm [rhanna@hovercraft bin]$ cat lxc-start-fedora #! /bin/bash options=$(getopt -o n: -l name: -- $@) eval set -- $options while true do case $1 in -n|--name) name=$2; shift 2;; --) shift break;; *) break ;; esac done if [ -z $name ]; then echo container name must be set, use -n|--name exit 1 fi lxc-ls |grep $name /dev/null 21 if [ $? -ne 0 ]; then echo Container does not exist exit 1 fi lxc-info -s -n$name|grep RUNNING /dev/null 21 if [ $? -eq 0 ]; then echo container already started exit 1 fi mount |grep /tmp/lxc/$name /dev/null 21 if [ $? -eq 0 ]; then umount /tmp/lxc/$name fi rm -rf /tmp/lxc/$name mkdir -p /tmp/lxc/$name mount none /tmp/lxc/$name -t tmpfs rsync -a /var/lib/lxc/$name/rootfs/dev/ /tmp/lxc/$name mount /tmp/lxc/$name f16/rootfs/dev/ -obind lxc-start $* -n $name -- BR RH http://informatiq.org -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] RH and clones 6.2, LXC, SElinux and multiple DEVPTS instances
On Tue, Mar 6, 2012 at 12:06 PM, Iliyan Stoyanov i...@ilf.me wrote: Hi Mauras, Do you by any chance have an fstab file in your container's /etc directory that is trying to mount devpts fs also. I had this issue a week ago with some of my SL6.2 containers on a fedora 16 host. After removing everything /dev/pts related from the fstab in the /etc directory of the containers, everything magically worked. BR, --ilf On Tue, 2012-03-06 at 10:54 +0100, Mauras Olivier wrote: Hello, I've finally successfully migrated my SMACK setup over SElinux to isolate my containers - Thanks to the folks on #selinux@freenode - on a Scientific Linux 6.2 host. (I may share my policy with some details if some of you are interested) So far so good, after loads of hits and misses almost everything works correctly. The only thing that is not, is the multiple devpts instances. It seems that when specifying lxc.pts option in the container config, ssh stops working while /dev/pts is correctly mounted _but_ is still showing pts devices from the host. There's no specific selinux avc denials, and ssh rejects the shell connection with that kind of errors found when /dev/pts is not correctly mounted: sshd[552]: error: ssh_selinux_setup_pty: security_compute_relabel: No such file or directory sshd[556]: error: ioctl(TIOCSCTTY): Operation not permitted sshd[556]: error: open /dev/tty failed - could not set controlling tty: No such device or address As you may guess /dev/tty is present and /dev/pts is correclty mounted as i can do: ssh root@container ls -la /dev/pts Only assigning the pts device for the shell doesn't... Have any of you also hit this problem? Did you find a solution? Regards, Olivier Ps: Using lxc 0.7.5 -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users see my patch regarding f16 and my lxc-start-fedora script should give you an idea -- BR RH http://informatiq.org -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] RH and clones 6.2, LXC, SElinux and multiple DEVPTS instances
On Tue, Mar 6, 2012 at 1:07 PM, Mauras Olivier oliver.mau...@gmail.com wrote: On Tue, Mar 6, 2012 at 11:12 AM, Ramez Hanna rha...@informatiq.org wrote: On Tue, Mar 6, 2012 at 12:06 PM, Iliyan Stoyanov i...@ilf.me wrote: Hi Mauras, Do you by any chance have an fstab file in your container's /etc directory that is trying to mount devpts fs also. I had this issue a week ago with some of my SL6.2 containers on a fedora 16 host. After removing everything /dev/pts related from the fstab in the /etc directory of the containers, everything magically worked. BR, --ilf On Tue, 2012-03-06 at 10:54 +0100, Mauras Olivier wrote: Hello, I've finally successfully migrated my SMACK setup over SElinux to isolate my containers - Thanks to the folks on #selinux@freenode - on a Scientific Linux 6.2 host. (I may share my policy with some details if some of you are interested) So far so good, after loads of hits and misses almost everything works correctly. The only thing that is not, is the multiple devpts instances. It seems that when specifying lxc.pts option in the container config, ssh stops working while /dev/pts is correctly mounted _but_ is still showing pts devices from the host. There's no specific selinux avc denials, and ssh rejects the shell connection with that kind of errors found when /dev/pts is not correctly mounted: sshd[552]: error: ssh_selinux_setup_pty: security_compute_relabel: No such file or directory sshd[556]: error: ioctl(TIOCSCTTY): Operation not permitted sshd[556]: error: open /dev/tty failed - could not set controlling tty: No such device or address As you may guess /dev/tty is present and /dev/pts is correclty mounted as i can do: ssh root@container ls -la /dev/pts Only assigning the pts device for the shell doesn't... Have any of you also hit this problem? Did you find a solution? Regards, Olivier Ps: Using lxc 0.7.5 -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users see my patch regarding f16 and my lxc-start-fedora script should give you an idea -- BR RH http://informatiq.org Hi, Thanks for your reply, i actually looked at your patch, but i don't think it's relevant to my problem as i don't start any getty in the container at all. Now i may be missing something, if so please enlighten me. Regards, Olivier in f16 systemd mounts /ev to devtmpfs no matter what you specify in your fstab the only case where it won't do that is when you have /dev already mounted on a separate block device (that's what my script does to avoid mounting /dev by systemd) if systemd mounts /dev then it has access to your host's devices and is sharing the ttys so for example if running lxc-start -n f16 it will not get you shell or any output from the container because the container is trying to access tty0 which is already in use by the host if you use the -d option then you don't get any access inside the container because lxc-console won't work again because getty will not start on tty1 or any other tty i am not sure if you can start the container or no could be sefull if you post full log of your lxc-start -- BR RH http://informatiq.org -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] * fix cached rootfs update * fix rootfs path * add handling of systemd (aka f15)
On Tue, Mar 6, 2012 at 5:11 PM, Serge Hallyn serge.hal...@canonical.com wrote: Yes, I think ideally you'd have a single /var/lib/lxc/fedora-devs mounted from a single loopback or block device, with each container having a /var/lib/lxc/fedora-devs/containername directory, populated, for its dev, bind-mounted in through lxc.mount.entry. -serge Quoting rha...@informatiq.org (rha...@informatiq.org): i can do that but i didn't do it brcause it could be done differently for different backingsrorage I'll do it anyway and send patch later -- Sent from my Nokia N9On 6.3.2012 16:59 Serge Hallyn wrote: Quoting Ramez Hanna (rha...@informatiq.org): On Mon, Mar 5, 2012 at 10:28 PM, rha...@informatiq.org wrote: From: InformatiQ rha...@informatiq.org Signed-off-by: InformatiQ rha...@informatiq.org --- templates/lxc-fedora.in | 35 +++ 1 files changed, 27 insertions(+), 8 deletions(-) diff --git a/templates/lxc-fedora.in b/templates/lxc-fedora.in index e7f42a6..3f50895 100644 --- a/templates/lxc-fedora.in +++ b/templates/lxc-fedora.in @@ -69,11 +69,6 @@ EOF 127.0.0.1 localhost $name EOF - sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.sysinit - sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.d/rc.sysinit - chroot ${rootfs_path} chkconfig udev-post off - chroot ${rootfs_path} chkconfig network on - dev_path=${rootfs_path}/dev rm -rf $dev_path mkdir -p $dev_path @@ -99,6 +94,23 @@ EOF return 0 } +configure_fedora_init() +{ + sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.sysinit + sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.d/rc.sysinit + chroot ${rootfs_path} chkconfig udev-post off + chroot ${rootfs_path} chkconfig network on +} + +configure_fedora_systemd() +{ + unlink ${rootfs_path}/etc/systemd/system/default.target + touch ${rootfs_path}/etc/fstab + chroot ${rootfs_path} ln -s /dev/null //etc/systemd/system/udev.service + chroot ${rootfs_path} ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target + #dependency on a device unit fails it specially that we disabled udev + sed -i 's/After=dev-%i.device/After=/' ${rootfs_path}/lib/systemd/system/getty\@.service +} download_fedora() { @@ -170,7 +182,8 @@ copy_fedora() update_fedora() { - chroot $cache/rootfs yum -y update + YUM=yum --installroot $cache/rootfs -y --nogpgcheck + $YUM update } install_fedora() @@ -353,7 +366,7 @@ if [ $(id -u) != 0 ]; then fi -rootfs_path=$path/$name/rootfs +rootfs_path=$path/rootfs config_path=$default_path/$name cache=$cache_base/$release @@ -362,7 +375,7 @@ revert() echo Interrupted, so cleaning up lxc-destroy -n $name # maybe was interrupted before copy config - rm -rf $path/$name + rm -rf $path rm -rf $default_path/$name echo exiting... exit 1 @@ -388,6 +401,12 @@ if [ $? -ne 0 ]; then exit 1 fi +type /bin/systemd /dev/null 21 +if [ $? -ne 0 ]; then + configure_fedora_init +else + configure_fedora_systemd +fi if [ ! -z $clean ]; then clean || exit 1 -- 1.7.7.6 there is only problem about systemd not addressed by this script is that it does mount /dev which stops getty from starting on tty1 so either make it start on any tty higher than what your host is using and allow that in your lxc cgroup conf or mount the $rootfs/dev to a different block dev that way systemd won't mount /dev Could the template create a 1M loopback file, /var/lib/lxc/container/dev.loopback, populated with /dev and mounted by a lxc.mount.entry? -serge creating a loopback file for each container will not work from lxc.conf as lxc won't mount it, it has to be bound to a loopdevice first i was hoping to make it happen with no pre steps any ideas? to avoid manual intervention at all -- BR RH http://informatiq.org -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Know issue? lxc-fedora command/script missing?
On Sat, Jul 14, 2012 at 8:17 PM, Schorschi schors...@dc.rr.com wrote: Know issue? lxc-fedora command/script missing? when doing... # yum install lxc no command/script is added called 'lxc-fedora' I untared the 0.7.5 and 0.8.0rc2 tars, and there is a template script file... lxc-fedora.in in both. So what gives? Also, a lot of the LXC documentation, blogs, etc is very dated. Including the official LXC web page. Is someone going to update for Fedora 17? Most of the references in Google are over 2 years old now. Last, has febootstrap been depreciated for use with LXC? This seems to be a point of confusion given the dated information and the few blog comments out on the internet. Schorschi -Original Message- From: Stéphane Graber [mailto:stgra...@ubuntu.com] Sent: Saturday, July 14, 2012 08:30 To: Serge Hallyn Cc: Lxc-users@lists.sourceforge.net Subject: Re: [Lxc-users] lxcbr0 on Ubuntu 12.04 On 07/14/2012 09:48 AM, Serge Hallyn wrote: Quoting Clemens Perz (cp...@gmx.net): On 13.07.2012 17:08, Stéphane Graber wrote: On 07/13/2012 03:36 AM, groupie wrote: Hi all! I tried to figure out a glitch with the bridge interface in precise. Its a fresh desktop install and after booting the machine, lxcbr0 never exists. I open a terminal and do sudo service lxc restart and woop, without errors, it just comes up. Two more details: I dont have any containers in auto, I start them as needed. And there is a named running for local dns resolution on all virtual networks (using kde and vmware on the same machine) Any ideas where to tweak? Cheers, Your groupie You'll probably want to check /var/log/upstart/lxc* for errors. That contained a hint indeed: dnsmasq: failed to create listening socket for 192.168.122.1: Address already in use A look into lxc-net.conf shows that it buggers out when it cant start dnsmasq and removes the bridge completely. So at starttime named is some milliseconds faster to aquire the bridge interface and makes dnsmasq fail. Bridge removed, named kicked in the ass. So you do a restart later everything works fine. I just added USE_LXC_DNSMASQ=false to the lxc defaults and the corresponding if statement to lxc-net.conf. Works now even on boot time. Cheers, Groupie Note that the fix for this (installing an /etc/dnsmasq.d/lxc file which makes the system-wide dnsmasq bind-interfaces except lxcbr0) should be clearing SRU soon. (I thouhgt it already had) -serge It did. It was part of the last batch (0.7.5-3ubuntu59). -- Stéphane Graber Ubuntu developer http://www.ubuntu.com -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users I did most of the work for the fedora template yes the febootstrap is deprecated, because the developer of febootstrap changed direction and is focusing on creating ultra thin fedora images which did not work for lxc http://informatiq.org/content/lxc-fedora-now-works-f15-onwards for more info lxc-fedora is a template script in /usr/lib64/lxc/templates/lxc-fedora and is called when u pass the -t parameter to lxc-create there is also a script i pated in the mailing list called lxc-start-fedora as a workaround I'll try to write up more about lxc and fedora soon -- BR RH http://informatiq.org -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] error starting lxc containers
host: fedora 17 kernel: 3.6.11-5.fc17.x86_64 lxc: 0.9 alpha2 systemd: systemd-44-23.fc17.x86_64 selinux is disabled lxc-start -n build02 build02 is a wheezy container built with the debina template was working fine both kernel and systemd were upgraded (can't tell which one broke it) error is lxc-start 1358593239.324 INFO lxc_conf - cgroup has been setup lxc-start 1358593239.324 INFO lxc_conf - console has been setup lxc-start 1358593239.325 ERRORlxc_conf - Operation not permitted - error creating /usr/lib64/lxc/rootfs/dev/tty1 lxc-start 1358593239.329 ERRORlxc_conf - Operation not permitted - error creating /usr/lib64/lxc/rootfs/dev/tty2 lxc-start 1358593239.330 ERRORlxc_conf - Operation not permitted - error creating /usr/lib64/lxc/rootfs/dev/tty3 lxc-start 1358593239.332 ERRORlxc_conf - Operation not permitted - error creating /usr/lib64/lxc/rootfs/dev/tty4 lxc-start 1358593239.334 INFO lxc_conf - 4 tty(s) has been setup lxc-start 1358593239.334 DEBUGlxc_conf - mountpoint for old rootfs is '/usr/lib64/lxc/rootfs/lxc_putold' lxc-start 1358593239.334 ERRORlxc_conf - Invalid argument - pivot_root syscall failed lxc-start 1358593239.336 ERRORlxc_conf - failed to setup pivot root lxc-start 1358593239.337 ERRORlxc_conf - failed to set rootfs for 'f17' lxc-start 1358593239.338 ERRORlxc_start - failed to setup the container lxc-start 1358593239.339 ERRORlxc_sync - invalid sequence number 1. expected 2 lxc-start 1358593239.340 ERRORlxc_start - failed to spawn 'f17' any pointers to where this comes from? -- BR RH http://informatiq.org -- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122912___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] error starting lxc containers
On Sun, Jan 20, 2013 at 1:27 AM, Michael H. Warfield m...@wittsend.comwrote: On Sat, 2013-01-19 at 23:33 +0200, Ramez Hanna wrote: host: fedora 17 kernel: 3.6.11-5.fc17.x86_64 lxc: 0.9 alpha2 systemd: systemd-44-23.fc17.x86_64 selinux is disabled I have a Fedora 17 host (and several other hosts as well as Fedora 18 for testing)... The latest update to systemd broke lxc due to the pivot_root problem with their use of the MS_SHARED mount attribute that has been under active discussion for the last couple of weeks. No, it is not functional under 0.9.0 alpha2. It is, more or less, fixed under current staging (fixed with a lot of uglyness that we're trying to address). Your errors reported below don't seem to exactly correspond to the errors I would expect but, I would expect that, if you had recently upgraded that Fedora 17 host to the latest systemd, you are going to fail, period. Most likely, I would expect you to fail with a pivot_root failure but anything is possible. It's broken and we know it. lxc-start -n build02 build02 is a wheezy container built with the debina template was working fine both kernel and systemd were upgraded (can't tell which one broke it) Most likely, it's the systemd upgrade that caused the failure. Fedora 17 with the latest systemd from fedora-upgrades has broken lxc and even 0.9.0 alpha2 does not fix it. You have to use staging from git and build your own. Regards, Mike error is lxc-start 1358593239.324 INFO lxc_conf - cgroup has been setup lxc-start 1358593239.324 INFO lxc_conf - console has been setup lxc-start 1358593239.325 ERRORlxc_conf - Operation not permitted - error creating /usr/lib64/lxc/rootfs/dev/tty1 lxc-start 1358593239.329 ERRORlxc_conf - Operation not permitted - error creating /usr/lib64/lxc/rootfs/dev/tty2 lxc-start 1358593239.330 ERRORlxc_conf - Operation not permitted - error creating /usr/lib64/lxc/rootfs/dev/tty3 lxc-start 1358593239.332 ERRORlxc_conf - Operation not permitted - error creating /usr/lib64/lxc/rootfs/dev/tty4 lxc-start 1358593239.334 INFO lxc_conf - 4 tty(s) has been setup lxc-start 1358593239.334 DEBUGlxc_conf - mountpoint for old rootfs is '/usr/lib64/lxc/rootfs/lxc_putold' lxc-start 1358593239.334 ERRORlxc_conf - Invalid argument - pivot_root syscall failed lxc-start 1358593239.336 ERRORlxc_conf - failed to setup pivot root lxc-start 1358593239.337 ERRORlxc_conf - failed to set rootfs for 'f17' lxc-start 1358593239.338 ERRORlxc_start - failed to setup the container lxc-start 1358593239.339 ERRORlxc_sync - invalid sequence number 1. expected 2 lxc-start 1358593239.340 ERRORlxc_start - failed to spawn 'f17' any pointers to where this comes from? -- BR RH http://informatiq.org -- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122912 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF| possible worlds. A pessimist is sure of it! ouch that stings. I'll be testing staging then -- BR RH http://informatiq.org -- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnnow-d2d___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] error starting lxc containers
I am reporting that staging works on fedora for debian containers at least haven't yet tested fedora containers On Tue, Jan 22, 2013 at 9:42 AM, Ramez Hanna rha...@informatiq.org wrote: On Sun, Jan 20, 2013 at 1:27 AM, Michael H. Warfield m...@wittsend.comwrote: On Sat, 2013-01-19 at 23:33 +0200, Ramez Hanna wrote: host: fedora 17 kernel: 3.6.11-5.fc17.x86_64 lxc: 0.9 alpha2 systemd: systemd-44-23.fc17.x86_64 selinux is disabled I have a Fedora 17 host (and several other hosts as well as Fedora 18 for testing)... The latest update to systemd broke lxc due to the pivot_root problem with their use of the MS_SHARED mount attribute that has been under active discussion for the last couple of weeks. No, it is not functional under 0.9.0 alpha2. It is, more or less, fixed under current staging (fixed with a lot of uglyness that we're trying to address). Your errors reported below don't seem to exactly correspond to the errors I would expect but, I would expect that, if you had recently upgraded that Fedora 17 host to the latest systemd, you are going to fail, period. Most likely, I would expect you to fail with a pivot_root failure but anything is possible. It's broken and we know it. lxc-start -n build02 build02 is a wheezy container built with the debina template was working fine both kernel and systemd were upgraded (can't tell which one broke it) Most likely, it's the systemd upgrade that caused the failure. Fedora 17 with the latest systemd from fedora-upgrades has broken lxc and even 0.9.0 alpha2 does not fix it. You have to use staging from git and build your own. Regards, Mike error is lxc-start 1358593239.324 INFO lxc_conf - cgroup has been setup lxc-start 1358593239.324 INFO lxc_conf - console has been setup lxc-start 1358593239.325 ERRORlxc_conf - Operation not permitted - error creating /usr/lib64/lxc/rootfs/dev/tty1 lxc-start 1358593239.329 ERRORlxc_conf - Operation not permitted - error creating /usr/lib64/lxc/rootfs/dev/tty2 lxc-start 1358593239.330 ERRORlxc_conf - Operation not permitted - error creating /usr/lib64/lxc/rootfs/dev/tty3 lxc-start 1358593239.332 ERRORlxc_conf - Operation not permitted - error creating /usr/lib64/lxc/rootfs/dev/tty4 lxc-start 1358593239.334 INFO lxc_conf - 4 tty(s) has been setup lxc-start 1358593239.334 DEBUGlxc_conf - mountpoint for old rootfs is '/usr/lib64/lxc/rootfs/lxc_putold' lxc-start 1358593239.334 ERRORlxc_conf - Invalid argument - pivot_root syscall failed lxc-start 1358593239.336 ERRORlxc_conf - failed to setup pivot root lxc-start 1358593239.337 ERRORlxc_conf - failed to set rootfs for 'f17' lxc-start 1358593239.338 ERRORlxc_start - failed to setup the container lxc-start 1358593239.339 ERRORlxc_sync - invalid sequence number 1. expected 2 lxc-start 1358593239.340 ERRORlxc_start - failed to spawn 'f17' any pointers to where this comes from? -- BR RH http://informatiq.org -- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122912 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF| possible worlds. A pessimist is sure of it! ouch that stings. I'll be testing staging then -- BR RH http://informatiq.org -- BR RH http://informatiq.org -- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnnow-d2d___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users