Re: [Lxc-users] Moving lxc containers
On Sun, 27 Mar 2011, 11:34:47 EEST, Amit Uttamchandani amit.ut...@gmail.com wrote: I'm just wondering what the best way is to move an lxc container? Can I just tar the root filesystem and untar it on another system? Or should I rsync it over? I understand that before doing any of the above, the container should be shutdown first. However, is there a way to do this while the container is running? Thanks, Amit -- Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users AFAIK you should be able to tar the filesystem even while running in case the container isx already running you might want to skip a few dirs like /proc and /sys and /dev and maybe /var/run -- br rh-- Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Moving lxc containers
On Tue, Mar 29, 2011 at 2:21 AM, Amit Uttamchandani amit.ut...@gmail.comwrote: On Mon, Mar 28, 2011 at 12:59:25PM +1100, Trent W. Buck wrote: If you use tar, make sure to pass --numeric-owner, ESPECIALLY if the container is RH-derived and the host is Debian-derived (or vice-versa). Otherwise things MOSTLY work except you get a few really strange behaviours, and you eventually track it down and realize that the untar operation changed UIDs to match the new dom0, e.g. the container sees -rwsr-xr-- 1 root cups 48112 Feb 18 07:18 /usr/lib/dbus-1.0/dbus-daemon-launch-helper instead of -rwsr-xr-- 1 root messagebug 48112 Feb 18 07:18 /usr/lib/dbus-1.0/dbus-daemon-launch-helper Thanks for the reply. Hmmm...I could try this. I was thinking more along the lines of rsync. Since some containers are running production code, I would then rsync over the container to another system, make and test changes on the mirrored container and then rsync back the changes. -- Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users If this is a production system, I wouldn't rsync back the changes rsync to create the staging container, but rsync back to update the production won't be a good idea what i would do is clone the production using rsync, make changes, then if successfull i would redo the same work on the production -- Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] fedora template
I have been working on a fedora template that actually works febootstrap is not anymore producing fedora rootfs but rather a minimal fedora appliance my solution works by using yum instead, but I am facing a really weired situation whenever i start my fedora container, it would actually try to change the init level of the host host is f14 and container is f14 could anyone shed some light on how the container is actually being isolated, so i can start from there or how can i debug? script used to create the container attached, it is based on the current template with a few modifications here and there -- BR RH lxc-fedora.in Description: Binary data -- Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] fedora template
On Wed, Mar 30, 2011 at 2:19 AM, Serge E. Hallyn serge.hal...@ubuntu.comwrote: Quoting Ramez Hanna (rha...@informatiq.org): I have been working on a fedora template that actually works febootstrap is not anymore producing fedora rootfs but rather a minimal Really, febootstrap can't be used to create a rootfs at all any more? yes as mentioned here http://people.redhat.com/~rjones/febootstrap/ --quote-- febootstrap 3.x is a complete rewrite. febootstrap 2.x could only build Fedora distributions. This version can build many varieties of Linux distros. 3.x only builds supermin appliances, it does not build chroots. --unquote-- fedora appliance my solution works by using yum instead, but I am facing a really weired situation whenever i start my fedora container, it would actually try to change the init level of the host host is f14 and container is f14 could anyone shed some light on how the container is actually being isolated, so i can start from there or how can i debug? script used to create the container attached, it is based on the current template with a few modifications here and there Note that for me to use this template on ubuntu, I have to specify '-R 14', but lxc-create doesn't allow me to forward that option. So I have to first create the config file and then run fedora2 by hand. After that, for some reason I still have no actual rootfs :(. this is a typo in the script i fixed it, find the latest version attached As for trouble with init - is your fedora using systemd? How does it actually start runlevel changes? Upstart uses dbus over abstract unix socket (which is containerized with netns), sysvinit uses ioctl over /dev/init which is a distinct file from the one in the container... Does systemd do something we're not containerizing right now? fedora 14 uses upstart, not yet systemd which is coming along with fedora15 I have a previously created container with febootstrap of fedora 13 and that works, 13 also uses upstart so it must be some config i tried to diff the packages but couldn't see anything that makes sense I'd love to get a working fedora template. i'd love to be able to create new fedora containers thanks, -serge -- Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] fedora template
On Wed, Mar 30, 2011 at 11:10 AM, Ramez Hanna rha...@informatiq.org wrote: On Wed, Mar 30, 2011 at 2:19 AM, Serge E. Hallyn serge.hal...@ubuntu.comwrote: Quoting Ramez Hanna (rha...@informatiq.org): I have been working on a fedora template that actually works febootstrap is not anymore producing fedora rootfs but rather a minimal Really, febootstrap can't be used to create a rootfs at all any more? yes as mentioned here http://people.redhat.com/~rjones/febootstrap/ --quote-- febootstrap 3.x is a complete rewrite. febootstrap 2.x could only build Fedora distributions. This version can build many varieties of Linux distros. 3.x only builds supermin appliances, it does not build chroots. --unquote-- fedora appliance my solution works by using yum instead, but I am facing a really weired situation whenever i start my fedora container, it would actually try to change the init level of the host host is f14 and container is f14 could anyone shed some light on how the container is actually being isolated, so i can start from there or how can i debug? script used to create the container attached, it is based on the current template with a few modifications here and there Note that for me to use this template on ubuntu, I have to specify '-R 14', but lxc-create doesn't allow me to forward that option. So I have to first create the config file and then run fedora2 by hand. After that, for some reason I still have no actual rootfs :(. this is a typo in the script i fixed it, find the latest version attached As for trouble with init - is your fedora using systemd? How does it actually start runlevel changes? Upstart uses dbus over abstract unix socket (which is containerized with netns), sysvinit uses ioctl over /dev/init which is a distinct file from the one in the container... Does systemd do something we're not containerizing right now? fedora 14 uses upstart, not yet systemd which is coming along with fedora15 I have a previously created container with febootstrap of fedora 13 and that works, 13 also uses upstart so it must be some config i tried to diff the packages but couldn't see anything that makes sense I'd love to get a working fedora template. i'd love to be able to create new fedora containers thanks, -serge classic mistake forgot the attachment lxc-fedora.in Description: Binary data -- Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] fedora template
On Wed, Mar 30, 2011 at 7:58 PM, Serge E. Hallyn serge.hal...@ubuntu.comwrote: Quoting Justin Cormack (jus...@specialbusservice.com): On Wed, 2011-03-30 at 10:32 -0500, Serge E. Hallyn wrote: Quoting Justin Cormack (jus...@specialbusservice.com): This one didnt work... lxc.utsname = vm1 lxc.tty = 4 lxc.network.type = veth lxc.network.flags = up lxc.network.link = virbr0 lxc.network.hwaddr = 08:00:27:83:C4:82 lxc.network.ipv4 = 192.168.122.2 lxc.network.name = eth0 lxc.mount = /usr/lib/lxc/vm1/fstab lxc.rootfs = /usr/lib/lxc/vm1/rootfs Odd. Did you start this as root? Yes, just retested and behaving the same. If I get lxc-start to run /bin/bash instead of init (and then mount proc manually) it has brought up eth0 in the container on the right IP, and I can ping the other end, which suggests that it has got network namespaces. And netstat does not list anything. Which is rather confusing as it suggests everything is as expected. And exactly what distro/release/version are the container and host? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJNk2E5AAoJEHmllQITXQdF9mMIAJuBq8nQt6lSO7kBYo5KMsDt GNyQ0qtZwt1uzkEkzAVM9TGYGxBfMlVPZxnh20DO5O5ErpWWfB/n8mBwTqwh4//5 ngLPMbuWI60Godei/OCiR51f4V9tbd7S0gpL1Uty6uEEph01Qm81H9nPrHYEV9kc YORmVl+KlU0yFV58hOmU0WOmerydCgMiIPIXWW8WLIc8dg7X+h35UMAsg8lmAapr 2qVXfO7ocu980OZzJ8TunhV9oyKumaZ8aogK7dsSjhBCB7VDGCHZAnvs0Bz9YbNB jO4y7Lv1hK3x9SeChIvPwljywB2MA77GESWsS8G53af4sYG06sFQ34W+1laj4xU= =jw0k -END PGP SIGNATURE- -- Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users man it seems that enabling network in the container was the solution i wasn't enabling the network and that was getting my host's init affected i thought that if i didn't set network the container would not have network at all (soming from a kvm background) but it seems that if network is not defined at all in the lxc config then it will share the hosts's network, which would really screw things up -- Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] opensuse containers
On Thu, Apr 7, 2011 at 12:14 PM, Brian K. White br...@aljex.com wrote: On 4/7/2011 4:43 AM, Daniel Lezcano wrote: On 04/06/2011 09:07 PM, Ramez Hanna wrote: i have fixed the fedora script earlier when i needed fedora containers but now i need several opensuse containers, but my knowledge of opensuse isn't that deep did anyone create a lxc-opensuse? Nope, I created an opensuse container, so I know that works well but I didn't created the template. As far as I remember, it is very similar than the fedora container. Not really. I have a slightly out of date manual recipe here: http://en.opensuse.org/LXC opensuse has nothing like febootstrap which the fedora template relies on. The closest they have (without using an autoinst.xml) is zypper, but it still requires some user interaction no matter what. Much of the rest of the setup is different too. according to febootstrap developer and the thread with subject fedora template it is no longer usable in that way so i had created a different template using only yum so i beleive it could be done in the same way ith zypper i'll look into it I never made this into a template script because I hadn't yet decided if it was better to do this or do something based on an autoinst.xml instead. I follow this recipe myself when creating new containers if I'm not starting by copying a previously created container. It could be improved though. Some steps are unnecessary wrt the network config files in /etc, they just satisfy yast so the container looks more like a regular system to an admin who might use yast not realising he's even in a container. -- bkw -- Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] lxc on Fedora 15
I have failed to start a container on f15 although it worked fine on 14 here is the log ==snip [root@hovercraft boss]# cat lxc.log lxc-start 1306584262.160 DEBUG lxc_conf - allocated pty '/dev/pts/9' (4/5) lxc-start 1306584262.160 DEBUG lxc_conf - allocated pty '/dev/pts/10' (6/7) lxc-start 1306584262.160 DEBUG lxc_conf - allocated pty '/dev/pts/11' (8/9) lxc-start 1306584262.160 DEBUG lxc_conf - allocated pty '/dev/pts/12' (10/11) lxc-start 1306584262.160 INFO lxc_conf - tty's configured lxc-start 1306584262.160 ERROR lxc_caps - failed to cap_get_flag: Invalid argument lxc-start 1306584262.160 DEBUG lxc_console - using '/dev/tty' as console lxc-start 1306584262.160 DEBUG lxc_start - sigchild handler set lxc-start 1306584262.161 INFO lxc_start - 'boss' is initialized lxc-start 1306584262.161 ERROR lxc_namespace - failed to clone(0x6c02): Operation not permitted lxc-start 1306584262.161 ERROR lxc_start - Operation not permitted - failed to fork into a new namespace lxc-start 1306584262.161 ERROR lxc_start - failed to spawn 'boss' lxc-start 1306584262.161 DEBUG lxc_cgroup - using cgroup mounted at '/sys/fs/cgroup/systemd' lxc-start 1306584262.161 ERROR lxc_cgroup - No such file or directory - failed to remove cgroup '/sys/fs/cgroup/systemd/boss' == end mounts [root@hovercraft boss]# mount |grep cgroup tmpfs on /sys/fs/cgroup type tmpfs (rw,nosuid,nodev,noexec,relatime,mode=755) cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd) cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset) cgroup on /sys/fs/cgroup/ns type cgroup (rw,nosuid,nodev,noexec,relatime,ns) cgroup on /sys/fs/cgroup/cpu type cgroup (rw,nosuid,nodev,noexec,relatime,cpu) cgroup on /sys/fs/cgroup/cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpuacct) cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory) cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices) cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer) cgroup on /sys/fs/cgroup/net_cls type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls) cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio) it looks like lxc is trying to create the container's cgroup under systemd which seems to be the wrong location any leads on how can i debug further how does lxc find where cgroup is mounted? see bug https://bugzilla.redhat.com/show_bug.cgi?id=683667 -- vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] lxc-fedora
hi, here is my lxc-fedora script again based on request from Daniel Lezcano it has been tested to work on fedora and ubuntu hosts it was tested to create fedora 14 and 13 guests (not f15 yet) i had submitted it as a merge request earlier to gitorious repo lxc-mainline this script has extra args to the other scripts so it won't work directly through the lxc-create -t it can be modified to do that but i am not sure if i should spin off several ones with the release hardcoded in them like with debian/ubuntu templates -- BR RH lxc-fedora.in Description: Binary data -- vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] lxc on Fedora 15
On Sat, May 28, 2011 at 3:33 PM, Ramez Hanna rha...@informatiq.org wrote: I have failed to start a container on f15 although it worked fine on 14 here is the log ==snip [root@hovercraft boss]# cat lxc.log lxc-start 1306584262.160 DEBUG lxc_conf - allocated pty '/dev/pts/9' (4/5) lxc-start 1306584262.160 DEBUG lxc_conf - allocated pty '/dev/pts/10' (6/7) lxc-start 1306584262.160 DEBUG lxc_conf - allocated pty '/dev/pts/11' (8/9) lxc-start 1306584262.160 DEBUG lxc_conf - allocated pty '/dev/pts/12' (10/11) lxc-start 1306584262.160 INFO lxc_conf - tty's configured lxc-start 1306584262.160 ERROR lxc_caps - failed to cap_get_flag: Invalid argument lxc-start 1306584262.160 DEBUG lxc_console - using '/dev/tty' as console lxc-start 1306584262.160 DEBUG lxc_start - sigchild handler set lxc-start 1306584262.161 INFO lxc_start - 'boss' is initialized lxc-start 1306584262.161 ERROR lxc_namespace - failed to clone(0x6c02): Operation not permitted lxc-start 1306584262.161 ERROR lxc_start - Operation not permitted - failed to fork into a new namespace lxc-start 1306584262.161 ERROR lxc_start - failed to spawn 'boss' lxc-start 1306584262.161 DEBUG lxc_cgroup - using cgroup mounted at '/sys/fs/cgroup/systemd' lxc-start 1306584262.161 ERROR lxc_cgroup - No such file or directory - failed to remove cgroup '/sys/fs/cgroup/systemd/boss' == end mounts [root@hovercraft boss]# mount |grep cgroup tmpfs on /sys/fs/cgroup type tmpfs (rw,nosuid,nodev,noexec,relatime,mode=755) cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd) cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset) cgroup on /sys/fs/cgroup/ns type cgroup (rw,nosuid,nodev,noexec,relatime,ns) cgroup on /sys/fs/cgroup/cpu type cgroup (rw,nosuid,nodev,noexec,relatime,cpu) cgroup on /sys/fs/cgroup/cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpuacct) cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory) cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices) cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer) cgroup on /sys/fs/cgroup/net_cls type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls) cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio) it looks like lxc is trying to create the container's cgroup under systemd which seems to be the wrong location any leads on how can i debug further how does lxc find where cgroup is mounted? see bug https://bugzilla.redhat.com/show_bug.cgi?id=683667 upgraded to lxc-0.7.4.1-1.1.x86_64 [root@hovercraft ~]# lxc-start -n boss -l DEBUG -o log lxc-start: open /sys/fs/cgroup/systemd/boss/devices.deny : No such file or directory lxc-start: failed to setup the cgroups for 'boss' lxc-start: failed to setup the container lxc-start: invalid sequence number 1. expected 2 lxc-start: failed to spawn 'boss' [root@hovercraft ~]# cat log lxc-start 1306828803.471 DEBUG lxc_conf - allocated pty '/dev/pts/9' (4/5) lxc-start 1306828803.471 DEBUG lxc_conf - allocated pty '/dev/pts/10' (6/7) lxc-start 1306828803.471 DEBUG lxc_conf - allocated pty '/dev/pts/11' (8/9) lxc-start 1306828803.471 DEBUG lxc_conf - allocated pty '/dev/pts/12' (10/11) lxc-start 1306828803.471 INFO lxc_conf - tty's configured lxc-start 1306828803.471 DEBUG lxc_console - using '/dev/tty' as console lxc-start 1306828803.471 DEBUG lxc_start - sigchild handler set lxc-start 1306828803.471 INFO lxc_start - 'boss' is initialized lxc-start 1306828803.478 DEBUG lxc_cgroup - using cgroup mounted at '/sys/fs/cgroup/systemd' lxc-start 1306828803.479 DEBUG lxc_cgroup - cgroup flags is 0x2 lxc-start 1306828803.485 INFO lxc_conf - network has been setup lxc-start 1306828803.485 DEBUG lxc_conf - mounted '/var/lib/lxc/boss/rootfs' on '/usr/lib64/lxc/rootfs' lxc-start 1306828803.485 DEBUG lxc_conf - mounted 'proc' on '/usr/lib64/lxc/rootfs//proc', type 'proc' lxc-start 1306828803.486 DEBUG lxc_conf - mounted 'devpts' on '/usr/lib64/lxc/rootfs//dev/pts', type 'devpts' lxc-start 1306828803.486 DEBUG lxc_conf - mounted 'sysfs' on '/usr/lib64/lxc/rootfs//sys', type 'sysfs' lxc-start 1306828803.486 INFO lxc_conf - mount points have been setup lxc-start 1306828803.486 DEBUG lxc_cgroup - using cgroup mounted at '/sys/fs/cgroup/systemd' lxc-start 1306828803.486 ERROR lxc_cgroup - open /sys/fs/cgroup/systemd/boss/devices.deny : No such file or directory lxc-start 1306828803.486 ERROR lxc_conf - failed to setup the cgroups for 'boss' lxc-start 1306828803.486 ERROR lxc_start - failed to setup the container lxc-start 1306828803.486 ERROR lxc_sync - invalid sequence number 1. expected 2 lxc-start 1306828803.486 ERROR lxc_start - failed to spawn 'boss' lxc-start 1306828803.486 DEBUG lxc_cgroup - using cgroup mounted at '/sys/fs/cgroup/systemd' lxc-start 1306828803.491 DEBUG lxc_cgroup - '/sys
Re: [Lxc-users] lxc on Fedora 15
it seems that lxc cannot handle cgroups when capabilities are not all in the same mount it fails now because it cannot write the devices.deny in the cgroup if i comment out all the lxc.cgroup.devices lines in the config of the container then i can actually start it I would think that the way lxc identifies the cgroup mount might be the part that needs patching On Tue, May 31, 2011 at 11:00 AM, Ramez Hanna rha...@informatiq.org wrote: On Sat, May 28, 2011 at 3:33 PM, Ramez Hanna rha...@informatiq.orgwrote: I have failed to start a container on f15 although it worked fine on 14 here is the log ==snip [root@hovercraft boss]# cat lxc.log lxc-start 1306584262.160 DEBUG lxc_conf - allocated pty '/dev/pts/9' (4/5) lxc-start 1306584262.160 DEBUG lxc_conf - allocated pty '/dev/pts/10' (6/7) lxc-start 1306584262.160 DEBUG lxc_conf - allocated pty '/dev/pts/11' (8/9) lxc-start 1306584262.160 DEBUG lxc_conf - allocated pty '/dev/pts/12' (10/11) lxc-start 1306584262.160 INFO lxc_conf - tty's configured lxc-start 1306584262.160 ERROR lxc_caps - failed to cap_get_flag: Invalid argument lxc-start 1306584262.160 DEBUG lxc_console - using '/dev/tty' as console lxc-start 1306584262.160 DEBUG lxc_start - sigchild handler set lxc-start 1306584262.161 INFO lxc_start - 'boss' is initialized lxc-start 1306584262.161 ERROR lxc_namespace - failed to clone(0x6c02): Operation not permitted lxc-start 1306584262.161 ERROR lxc_start - Operation not permitted - failed to fork into a new namespace lxc-start 1306584262.161 ERROR lxc_start - failed to spawn 'boss' lxc-start 1306584262.161 DEBUG lxc_cgroup - using cgroup mounted at '/sys/fs/cgroup/systemd' lxc-start 1306584262.161 ERROR lxc_cgroup - No such file or directory - failed to remove cgroup '/sys/fs/cgroup/systemd/boss' == end mounts [root@hovercraft boss]# mount |grep cgroup tmpfs on /sys/fs/cgroup type tmpfs (rw,nosuid,nodev,noexec,relatime,mode=755) cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd) cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset) cgroup on /sys/fs/cgroup/ns type cgroup (rw,nosuid,nodev,noexec,relatime,ns) cgroup on /sys/fs/cgroup/cpu type cgroup (rw,nosuid,nodev,noexec,relatime,cpu) cgroup on /sys/fs/cgroup/cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpuacct) cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory) cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices) cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer) cgroup on /sys/fs/cgroup/net_cls type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls) cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio) it looks like lxc is trying to create the container's cgroup under systemd which seems to be the wrong location any leads on how can i debug further how does lxc find where cgroup is mounted? see bug https://bugzilla.redhat.com/show_bug.cgi?id=683667 upgraded to lxc-0.7.4.1-1.1.x86_64 [root@hovercraft ~]# lxc-start -n boss -l DEBUG -o log lxc-start: open /sys/fs/cgroup/systemd/boss/devices.deny : No such file or directory lxc-start: failed to setup the cgroups for 'boss' lxc-start: failed to setup the container lxc-start: invalid sequence number 1. expected 2 lxc-start: failed to spawn 'boss' [root@hovercraft ~]# cat log lxc-start 1306828803.471 DEBUG lxc_conf - allocated pty '/dev/pts/9' (4/5) lxc-start 1306828803.471 DEBUG lxc_conf - allocated pty '/dev/pts/10' (6/7) lxc-start 1306828803.471 DEBUG lxc_conf - allocated pty '/dev/pts/11' (8/9) lxc-start 1306828803.471 DEBUG lxc_conf - allocated pty '/dev/pts/12' (10/11) lxc-start 1306828803.471 INFO lxc_conf - tty's configured lxc-start 1306828803.471 DEBUG lxc_console - using '/dev/tty' as console lxc-start 1306828803.471 DEBUG lxc_start - sigchild handler set lxc-start 1306828803.471 INFO lxc_start - 'boss' is initialized lxc-start 1306828803.478 DEBUG lxc_cgroup - using cgroup mounted at '/sys/fs/cgroup/systemd' lxc-start 1306828803.479 DEBUG lxc_cgroup - cgroup flags is 0x2 lxc-start 1306828803.485 INFO lxc_conf - network has been setup lxc-start 1306828803.485 DEBUG lxc_conf - mounted '/var/lib/lxc/boss/rootfs' on '/usr/lib64/lxc/rootfs' lxc-start 1306828803.485 DEBUG lxc_conf - mounted 'proc' on '/usr/lib64/lxc/rootfs//proc', type 'proc' lxc-start 1306828803.486 DEBUG lxc_conf - mounted 'devpts' on '/usr/lib64/lxc/rootfs//dev/pts', type 'devpts' lxc-start 1306828803.486 DEBUG lxc_conf - mounted 'sysfs' on '/usr/lib64/lxc/rootfs//sys', type 'sysfs' lxc-start 1306828803.486 INFO lxc_conf - mount points have been setup lxc-start 1306828803.486 DEBUG lxc_cgroup - using cgroup mounted at '/sys/fs/cgroup/systemd' lxc-start 1306828803.486 ERROR lxc_cgroup - open /sys/fs/cgroup/systemd/boss
Re: [Lxc-users] lxc on Fedora 15
On Tue, May 31, 2011 at 2:07 PM, Daniel Lezcano daniel.lezc...@free.frwrote: On 05/31/2011 12:33 PM, Ramez Hanna wrote: it seems that lxc cannot handle cgroups when capabilities are not all in the same mount it fails now because it cannot write the devices.deny in the cgroup if i comment out all the lxc.cgroup.devices lines in the config of the container then i can actually start it I would think that the way lxc identifies the cgroup mount might be the part that needs patching Thanks for investigating. The main problem is lxc is cgroup agnostic, so we should find a solution where we don't break that. Maybe one solution would be to collect all the mount points found for the cgroup and try to find the right path when writing or reading from one cgroup file. that is what i had in mind, tried looking into the code but my C skills are next to zero Does systemd run lxc within a cgroup which is not the root cgroup ? the lxc-start command would run under $user/master/ (/sys/fs/cgroup/systemd/$user/$master) and the container itself would run under $container_name (/sys/fs/cgroup/systemd/$container_name) so it would run the container in the root cgroup -- Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Data protection magic? Nope - It's vRanger. Get your free trial download today. http://p.sf.net/sfu/quest-sfdev2dev___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] lxc on Fedora 15
On Tue, May 31, 2011 at 2:54 PM, Daniel Lezcano daniel.lezc...@free.frwrote: On 05/31/2011 01:44 PM, Ramez Hanna wrote: On Tue, May 31, 2011 at 2:07 PM, Daniel Lezcanodaniel.lezc...@free.fr wrote: On 05/31/2011 12:33 PM, Ramez Hanna wrote: it seems that lxc cannot handle cgroups when capabilities are not all in the same mount it fails now because it cannot write the devices.deny in the cgroup if i comment out all the lxc.cgroup.devices lines in the config of the container then i can actually start it I would think that the way lxc identifies the cgroup mount might be the part that needs patching Thanks for investigating. The main problem is lxc is cgroup agnostic, so we should find a solution where we don't break that. Maybe one solution would be to collect all the mount points found for the cgroup and try to find the right path when writing or reading from one cgroup file. that is what i had in mind, tried looking into the code but my C skills are next to zero Does systemd run lxc within a cgroup which is not the root cgroup ? the lxc-start command would run under $user/master/ (/sys/fs/cgroup/systemd/$user/$master) and the container itself would run under $container_name (/sys/fs/cgroup/systemd/$container_name) so it would run the container in the root cgroup ouch ! I have to install systemd on a test machine to check how systemd plays with the cgroup. I don't think the cgroup created by lxc should escape the cgroup the command is assigned to. if there is anything i can investigate for you just let me know -- Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Data protection magic? Nope - It's vRanger. Get your free trial download today. http://p.sf.net/sfu/quest-sfdev2dev___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] [Patch ] lxc-fedora.in
On Mon, May 30, 2011 at 11:00 AM, Daniel Lezcano daniel.lezc...@free.frwrote:
On 05/30/2011 09:32 AM, Ramez Hanna wrote:
hi,
here is my lxc-fedora script again based on request from Daniel Lezcano
it has been tested to work on fedora and ubuntu hosts
it was tested to create fedora 14 and 13 guests (not f15 yet)
i had submitted it as a merge request earlier to gitorious repo
lxc-mainline
this script has extra args to the other scripts so it won't work directly
through the lxc-create -t
it can be modified to do that but i am not sure if i should spin off
several
ones with the release hardcoded in them like with debian/ubuntu templates
Yep, there is a some work to do with the ubuntu templates to factor the
code.
I would suggest you default to one fedora version if no release version is
specified.
I inlined the code in the email so it will be easier to review.
Please in the future make sure the patch is inlined and conforming to the
CONTRIBUTING patch submit, that is with the author, subject and
signed-off-by.
#!/bin/bash
#
# template script for generating fedora container for LXC
#
#
# lxc: linux Container library
# Authors:
# Daniel Lezcano daniel.lezc...@free.fr
# Ramez Hanna rha...@informatiq.org
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#Configurations
arch=$(arch)
cache_base=/var/cache/lxc/fedora/$arch
shouldn't it be /var/cache/lxc/$release/$arch ?
no because later cache=$cache_base/$release when release is actually known
default_path=/var/lib/lxc
root_password=rooter
lxc_network_type=veth
lxc_network_link=virbr0
# is this fedora?
[ -f /etc/fedora-release ] is_fedora=true
configure_fedora()
{
# disable selinux in fedora
mkdir -p $rootfs_path/selinux
echo 0 $rootfs_path/selinux/enforce
# configure the network using the dhcp
cat EOF ${rootfs_path}/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
HOSTNAME=${UTSNAME}
NM_CONTROLLED=no
TYPE=Ethernet
MTU=${MTU}
EOF
# set the hostname
cat EOF ${rootfs_path}/etc/sysconfig/network
NETWORKING=yes
HOSTNAME=${UTSNAME}
EOF
# set minimal hosts
cat EOF $rootfs_path/etc/hosts
127.0.0.1 localhost $name
EOF
sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.sysinit
sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.d/rc.sysinit
chroot ${rootfs_path} chkconfig udev-post off
chroot ${rootfs_path} chkconfig network on
dev_path=${rootfs_path}/dev
rm -rf $dev_path
mkdir -p $dev_path
mknod -m 666 ${dev_path}/null c 1 3
mknod -m 666 ${dev_path}/zero c 1 5
mknod -m 666 ${dev_path}/random c 1 8
mknod -m 666 ${dev_path}/urandom c 1 9
mkdir -m 755 ${dev_path}/pts
mkdir -m 1777 ${dev_path}/shm
mknod -m 666 ${dev_path}/tty c 5 0
mknod -m 666 ${dev_path}/tty0 c 4 0
mknod -m 666 ${dev_path}/tty1 c 4 1
mknod -m 666 ${dev_path}/tty2 c 4 2
mknod -m 666 ${dev_path}/tty3 c 4 3
mknod -m 666 ${dev_path}/tty4 c 4 4
mknod -m 600 ${dev_path}/console c 5 1
mknod -m 666 ${dev_path}/full c 1 7
mknod -m 600 ${dev_path}/initctl p
mknod -m 666 ${dev_path}/ptmx c 5 2
echo setting root passwd to $root_password
echo root:$root_password | chroot $rootfs_path chpasswd
return 0
}
download_fedora()
{
# check the mini fedora was not already downloaded
INSTALL_ROOT=$cache/partial
mkdir -p $INSTALL_ROOT
if [ $? -ne 0 ]; then
echo Failed to create '$INSTALL_ROOT' directory
return 1
fi
# download a mini fedora into a cache
echo Downloading fedora minimal ...
YUM=yum --installroot $INSTALL_ROOT -y --nogpgcheck
PKG_LIST=yum initscripts passwd rsyslog vim-minimal dhclient chkconfig
rootfiles policycoreutils
RELEASE_URL=
http://ftp.funet.fi/pub/mirrors/fedora.redhat.com/pub/fedora/linux/releases/$release/Everything/x86_64/os/Packages/fedora-release-$release-1.noarch.rpm
s/x86_64/$arch ?
curl $RELEASE_URL $INSTALL_ROOT/fedora-release-$release.noarch.rpm
mkdir -p $INSTALL_ROOT/var/lib/rpm
rpm --root $INSTALL_ROOT --initdb
rpm --root $INSTALL_ROOT -ivh
$INSTALL_ROOT/fedora-release-$release.noarch.rpm
$YUM install $PKG_LIST
if [ $? -ne 0 ]; then
echo Failed to download the rootfs, aborting
Re: [Lxc-users] lxc on Fedora 15
On Tue, May 31, 2011 at 5:38 PM, Serge Hallyn serge.hal...@canonical.comwrote: Quoting Daniel Lezcano (daniel.lezc...@free.fr): On 05/31/2011 01:44 PM, Ramez Hanna wrote: On Tue, May 31, 2011 at 2:07 PM, Daniel Lezcanodaniel.lezc...@free.fr wrote: On 05/31/2011 12:33 PM, Ramez Hanna wrote: it seems that lxc cannot handle cgroups when capabilities are not all in the same mount it fails now because it cannot write the devices.deny in the cgroup if i comment out all the lxc.cgroup.devices lines in the config of the container then i can actually start it I would think that the way lxc identifies the cgroup mount might be the part that needs patching Thanks for investigating. The main problem is lxc is cgroup agnostic, so we should find a solution where we don't break that. Maybe one solution would be to collect all the mount points found for the cgroup and try to find the right path when writing or reading from one cgroup file. that is what i had in mind, tried looking into the code but my C skills are next to zero Does systemd run lxc within a cgroup which is not the root cgroup ? the lxc-start command would run under $user/master/ (/sys/fs/cgroup/systemd/$user/$master) and the container itself would run under $container_name (/sys/fs/cgroup/systemd/$container_name) so it would run the container in the root cgroup ouch ! I have to install systemd on a test machine to check how systemd plays with the cgroup. I don't think the cgroup created by lxc should escape the cgroup the command is assigned to. Another similar - and easier to setup - thing we need to address is running on a system with libcgroup installed. For both, I assume it'll basically come down to: 1. figure out the path of the cgroup we are in for each cgroup we care about 2. create new child cgroup for ourselves in each of the above paths whic is unique 3. track those through the lifetime of the container So it just slightly complicates what's being done now. -serge how does libcgroup change things? does it also mount cgroup on different points ? -- Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Data protection magic? Nope - It's vRanger. Get your free trial download today. http://p.sf.net/sfu/quest-sfdev2dev___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] sysctl and lxc
On Sat, Jun 4, 2011 at 7:26 PM, Permjacov Evgeniy permea...@gmail.comwrote: Hello! I'm running several containers on my box. One of them has postgresql installed. When I read postgresql administration parametres, I found suggestion to tune some parametres in sysctl.conf, such as kernel.shmmax=17179869184kernel.shmall=4194304vm.overcommit_memory=2 Should I set this parametres in guest's sysctl.con or in host's one and will first choise affect only the container, entire system or has no effect? -- Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Discover what all the cheering's about. Get your free trial download today. http://p.sf.net/sfu/quest-dev2dev2 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users sinse containers share the same kernel then i don't think u can set it per container even if you set it in the container it will afffect the host (in the case of bind mounting proc) -- Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Discover what all the cheering's about. Get your free trial download today. http://p.sf.net/sfu/quest-dev2dev2 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] rant: Debian template
i had noticed that and avoided it in the lxc-fedora template which takes an argument --release it should be done the same for debian for ubuntu they provide multiple template files with the suite hardcoded to something different it should be trivial, but again is that the only difference or there are other config lines that are changed? On Tue, Jun 21, 2011 at 12:40 PM, Tzafrir Cohen tzafrir.co...@xorcom.comwrote: Hi Anybody actually uses the Debian template? I tried to figure out how I can pass a suite parameter to it, only to see that * The parameter is hardwired (to an obsolete value: http://bugs.debian.org/600456 ) * the script does not pass any custom argumets to the template script, so I'm not encourged to make it a parameter. Compare that to 'vserver build': http://linux-vserver.org/Building_Guest_Systems If this bug is open for so long, I suspect most users don't really use those templates. Am I right? What do you use to set up a new Debian system? And a general rant: no IRC channel to ask questions on, and no link to the mailing list from http://lxc.sourceforge.net (the page mentioned as Homepage of the package on my package manager). Cheers, -- Tzafrir Cohen icq#16849755 jabber:tzafrir.co...@xorcom.com +972-50-7952406 mailto:tzafrir.co...@xorcom.com http://www.xorcom.com iax:gu...@local.xorcom.com/tzafrir -- EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Latest test results - Was: cgroups: support cgroups mounted in multiple places (v3)
where can i get that patched code? should i clone master? On Mon, Jul 4, 2011 at 1:47 AM, Daniel Lezcano daniel.lezc...@free.frwrote: On 07/02/2011 07:28 PM, Michael H. Warfield wrote: Hey all... So my testing has continued and I've now regression tested the v3 patch and extended my testing. Looks like, over all, everything came together nicely. I'd ack that... [ ... ] IAC... The v3 patch does no harm to existing, working, cases and certainly covers the systemd case with F15 and that multipoint mount on /sys/fs/cgroup. The lxc stuff is broken on F15 without it. That's an important step forward and needs to be pushed. Not sure what the deal is here above with the libcgroup cgconfig service enabled on F14 (maybe I'm doing something wrong) but that should not be a show stopper as a mount point in fstab deals with that situation nicely. I'd like to see this applied ASAP and a turn cranked on the revision handle as this is needed for F15 and beyond. Great ! Thanks Michael for testing. Applied. -- Daniel -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Latest test results - Was: cgroups: support cgroups mounted in multiple places (v3)
here is an rpm build for latest master (bcbd102cba31a0054fe4204a39b5e8a411cde42f) http://download.opensuse.org/repositories/home:/ramezhanna/Fedora_15/ for those who want to test on f15 I will keep following master so keep an eye here for updates as well On Thu, Jul 7, 2011 at 4:08 PM, Michael H. Warfield m...@wittsend.comwrote: On Wed, 2011-07-06 at 14:06 +0300, Ramez Hanna wrote: where can i get that patched code? should i clone master? Yeah, that would be one way. Daniel checked it into git. So building from git is probably the best way. It hasn't popped out into a release yet. Maybe soon. His shot to call. On Mon, Jul 4, 2011 at 1:47 AM, Daniel Lezcano daniel.lezc...@free.fr wrote: On 07/02/2011 07:28 PM, Michael H. Warfield wrote: Hey all... So my testing has continued and I've now regression tested the v3 patch and extended my testing. Looks like, over all, everything came together nicely. I'd ack that... [ ... ] IAC... The v3 patch does no harm to existing, working, cases and certainly covers the systemd case with F15 and that multipoint mount on /sys/fs/cgroup. The lxc stuff is broken on F15 without it. That's an important step forward and needs to be pushed. Not sure what the deal is here above with the libcgroup cgconfig service enabled on F14 (maybe I'm doing something wrong) but that should not be a show stopper as a mount point in fstab deals with that situation nicely. I'd like to see this applied ASAP and a turn cranked on the revision handle as this is needed for F15 and beyond. Great ! Thanks Michael for testing. Applied. -- Daniel Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF| possible worlds. A pessimist is sure of it! -- AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on Lean Startup Secrets Revealed. This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Latest test results - Was: cgroups: support cgroups mounted in multiple places (v3)
tested f14 and debian squeeze containers on f15 host (systemd) lxc-ps returns nothing for running container [root@lxc ~]# lxc-info --name=f14 'f14' is RUNNING [root@lxc ~]# lxc-ps --name=f14 CONTAINERPID TTY TIME CMD [root@lxc ~]# used lxc from master built a few days ago (haven't seen any change in master since then) On Thu, Jul 14, 2011 at 12:38 AM, Ramez Hanna rha...@informatiq.org wrote: here is an rpm build for latest master (bcbd102cba31a0054fe4204a39b5e8a411cde42f) http://download.opensuse.org/repositories/home:/ramezhanna/Fedora_15/ for those who want to test on f15 I will keep following master so keep an eye here for updates as well On Thu, Jul 7, 2011 at 4:08 PM, Michael H. Warfield m...@wittsend.comwrote: On Wed, 2011-07-06 at 14:06 +0300, Ramez Hanna wrote: where can i get that patched code? should i clone master? Yeah, that would be one way. Daniel checked it into git. So building from git is probably the best way. It hasn't popped out into a release yet. Maybe soon. His shot to call. On Mon, Jul 4, 2011 at 1:47 AM, Daniel Lezcano daniel.lezc...@free.fr wrote: On 07/02/2011 07:28 PM, Michael H. Warfield wrote: Hey all... So my testing has continued and I've now regression tested the v3 patch and extended my testing. Looks like, over all, everything came together nicely. I'd ack that... [ ... ] IAC... The v3 patch does no harm to existing, working, cases and certainly covers the systemd case with F15 and that multipoint mount on /sys/fs/cgroup. The lxc stuff is broken on F15 without it. That's an important step forward and needs to be pushed. Not sure what the deal is here above with the libcgroup cgconfig service enabled on F14 (maybe I'm doing something wrong) but that should not be a show stopper as a mount point in fstab deals with that situation nicely. I'd like to see this applied ASAP and a turn cranked on the revision handle as this is needed for F15 and beyond. Great ! Thanks Michael for testing. Applied. -- Daniel Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF| possible worlds. A pessimist is sure of it! -- AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on Lean Startup Secrets Revealed. This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Latest test results - Was: cgroups: support cgroups mounted in multiple places (v3)
On Fri, Jul 15, 2011 at 5:38 PM, Michael H. Warfield m...@wittsend.comwrote: On Fri, 2011-07-15 at 17:25 +0300, Ramez Hanna wrote: tested f14 and debian squeeze containers on f15 host (systemd) lxc-ps returns nothing for running container Confirmed broken for F14 container on F15 host. Working on F14 container on F14 host. I wonder what would be the difference between f14 and f15 in regards to the layout of cgroups that makes it work on f14 (libcgroup) and not f15(systemd) Another point on the curve. lxc-ps -A On F15 host shows all the processes but container names are missing. I confirm that On F14 host shows all the processes with correct container names. Regards, Mike [root@lxc ~]# lxc-info --name=f14 'f14' is RUNNING [root@lxc ~]# lxc-ps --name=f14 CONTAINERPID TTY TIME CMD [root@lxc ~]# used lxc from master built a few days ago (haven't seen any change in master since then) On Thu, Jul 14, 2011 at 12:38 AM, Ramez Hanna rha...@informatiq.org wrote: here is an rpm build for latest master (bcbd102cba31a0054fe4204a39b5e8a411cde42f) http://download.opensuse.org/repositories/home:/ramezhanna/Fedora_15/ for those who want to test on f15 I will keep following master so keep an eye here for updates as well On Thu, Jul 7, 2011 at 4:08 PM, Michael H. Warfield m...@wittsend.com wrote: On Wed, 2011-07-06 at 14:06 +0300, Ramez Hanna wrote: where can i get that patched code? should i clone master? Yeah, that would be one way. Daniel checked it into git. So building from git is probably the best way. It hasn't popped out into a release yet. Maybe soon. His shot to call. On Mon, Jul 4, 2011 at 1:47 AM, Daniel Lezcano daniel.lezc...@free.fr wrote: On 07/02/2011 07:28 PM, Michael H. Warfield wrote: Hey all... So my testing has continued and I've now regression tested the v3 patch and extended my testing. Looks like, over all, everything came together nicely. I'd ack that... [ ... ] IAC... The v3 patch does no harm to existing, working, cases and certainly covers the systemd case with F15 and that multipoint mount on /sys/fs/cgroup. The lxc stuff is broken on F15 without it. That's an important step forward and needs to be pushed. Not sure what the deal is here above with the libcgroup cgconfig service enabled on F14 (maybe I'm doing something wrong) but that should not be a show stopper as a mount point in fstab deals with that situation nicely. I'd like to see this applied ASAP and a turn cranked on the revision handle as this is needed for F15 and beyond. Great ! Thanks Michael for testing. Applied. -- Daniel Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF| possible worlds. A pessimist is sure of it! -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF| possible worlds. A pessimist is sure of it! -- AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on Lean Startup Secrets Revealed. This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] fedora template
On Wed, Mar 30, 2011 at 2:19 AM, Serge E. Hallyn serge.hal...@ubuntu.comwrote: Quoting Ramez Hanna (rha...@informatiq.org): I have been working on a fedora template that actually works febootstrap is not anymore producing fedora rootfs but rather a minimal Really, febootstrap can't be used to create a rootfs at all any more? fedora appliance my solution works by using yum instead, but I am facing a really weired situation whenever i start my fedora container, it would actually try to change the init level of the host host is f14 and container is f14 could anyone shed some light on how the container is actually being isolated, so i can start from there or how can i debug? script used to create the container attached, it is based on the current template with a few modifications here and there Note that for me to use this template on ubuntu, I have to specify '-R 14', but lxc-create doesn't allow me to forward that option. So I have to first create the config file and then run fedora2 by hand. After that, for some reason I still have no actual rootfs :(. As for trouble with init - is your fedora using systemd? How does it actually start runlevel changes? Upstart uses dbus over abstract unix socket (which is containerized with netns), sysvinit uses ioctl over /dev/init which is a distinct file from the one in the container... Does systemd do something we're not containerizing right now? FYI I was told on the irc channel that systemd uses /run , so it should be isolated by default although i am facing that issue that my guest is interfering with my host on f15 still debugging I'd love to get a working fedora template. thanks, -serge -- AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on Lean Startup Secrets Revealed. This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] what's the difference in lxc-attach
On Fri, Jul 15, 2011 at 6:04 PM, Michael H. Warfield m...@wittsend.comwrote: On Fri, 2011-07-15 at 17:50 +0300, Ramez Hanna wrote: how can i check if lxc-attach is not working because of the kernel or because of other bug? On Thu, Apr 7, 2011 at 10:09 AM, Cedric Le Goater legoa...@free.fr wrote: On 04/07/2011 07:46 AM, Ramez Hanna wrote: from a post that i found earlier in the archive subject entering a container by Daniel Lezcano i cannot see the differece between lxc-attach and lxc-execute could someone explain? lxc-execute creates a container and exec's a command/application inside it (see manual). lxc-attach enters a *running* container and exec's a command inside it (manual soon to come). This ability of creating an exogenous process inside a container requires a kernel patchset. Has that patch set even made it into a release? If so, what version is it in and what version are you running. It does not work on my F15 system with a 2.6.38 kernel. If it has not made it into a released kernel, have you built a custom kernel with it? I don't know about that patch, so hence my question if there is anyway to know from the host if that capability is available C. Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF| possible worlds. A pessimist is sure of it! -- AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on Lean Startup Secrets Revealed. This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] what's the difference in lxc-attach
On Fri, Jul 15, 2011 at 7:28 PM, Michael H. Warfield m...@wittsend.comwrote: On Fri, 2011-07-15 at 18:36 +0300, Ramez Hanna wrote: On Fri, Jul 15, 2011 at 6:04 PM, Michael H. Warfield m...@wittsend.com wrote: On Fri, 2011-07-15 at 17:50 +0300, Ramez Hanna wrote: how can i check if lxc-attach is not working because of the kernel or because of other bug? On Thu, Apr 7, 2011 at 10:09 AM, Cedric Le Goater legoa...@free.fr wrote: On 04/07/2011 07:46 AM, Ramez Hanna wrote: from a post that i found earlier in the archive subject entering a container by Daniel Lezcano i cannot see the differece between lxc-attach and lxc-execute could someone explain? lxc-execute creates a container and exec's a command/application inside it (see manual). lxc-attach enters a *running* container and exec's a command inside it (manual soon to come). This ability of creating an exogenous process inside a container requires a kernel patchset. Has that patch set even made it into a release? If so, what version is it in and what version are you running. It does not work on my F15 system with a 2.6.38 kernel. If it has not made it into a released kernel, have you built a custom kernel with it? I don't know about that patch, so hence my question if there is anyway to know from the host if that capability is available From what I can tell, based on some threads from back in March, the patchset has not been merged into the upstream kernel at this time and is almost certainly NOT in 2.6.38.*. I'm currently running Fedora 15 2.6.38.8-32.fc15.x86_64 which does not have the patch and lxc-attach gives this error: [root@forest Alcove]# lxc-attach --name Alcove lxc-attach: Does this kernel version support 'attach' ? lxc-attach: failed to enter the namespace That's probably about the best answer you're going to get. From what I can tell, the last patchset is here: http://lxc.sourceforge.net/patches/linux/2.6.38/ If you want it, you're probably going to have to build yourself a custom kernel with it patched in. Some of the patches have been merged into the upstream kernel but it's not clear to me if we'll have to wait for 3.0 to be released to see them but I suspect that to be the case. We're currently sitting at 3.0-rc7 on that one. 2.6.39.3 is released and stable nut I have no clue what's in there. 2.6.38 is currently at 2.6.38.8, which is what we see in F15 so it is what it is. C. Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF| possible worlds. A pessimist is sure of it! thanks a lot for the detailed answer by the way have you been succesfull in starting a f15 container on your f15? I have been debuggin for 2 hours now when i start f15 container it screws my host by interfering with my hosts's systemd which somehow doesn't make sense and when i use systemd-nspawn i get a bunch of errors and the system doesn't finish starting here is a paste of systemd log from systemd-nspawn session http://pastie.org/2218625 -- AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on Lean Startup Secrets Revealed. This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] what's the difference in lxc-attach
On Fri, Jul 15, 2011 at 8:07 PM, Michael H. Warfield m...@wittsend.comwrote: On Fri, 2011-07-15 at 19:41 +0300, Ramez Hanna wrote: On Fri, Jul 15, 2011 at 7:28 PM, Michael H. Warfield m...@wittsend.com wrote: On Fri, 2011-07-15 at 18:36 +0300, Ramez Hanna wrote: On Fri, Jul 15, 2011 at 6:04 PM, Michael H. Warfield m...@wittsend.com wrote: On Fri, 2011-07-15 at 17:50 +0300, Ramez Hanna wrote: how can i check if lxc-attach is not working because of the kernel or because of other bug? On Thu, Apr 7, 2011 at 10:09 AM, Cedric Le Goater legoa...@free.fr wrote: On 04/07/2011 07:46 AM, Ramez Hanna wrote: from a post that i found earlier in the archive subject entering a container by Daniel Lezcano i cannot see the differece between lxc-attach and lxc-execute could someone explain? lxc-execute creates a container and exec's a command/application inside it (see manual). lxc-attach enters a *running* container and exec's a command inside it (manual soon to come). This ability of creating an exogenous process inside a container requires a kernel patchset. Has that patch set even made it into a release? If so, what version is it in and what version are you running. It does not work on my F15 system with a 2.6.38 kernel. If it has not made it into a released kernel, have you built a custom kernel with it? I don't know about that patch, so hence my question if there is anyway to know from the host if that capability is available From what I can tell, based on some threads from back in March, the patchset has not been merged into the upstream kernel at this time and is almost certainly NOT in 2.6.38.*. I'm currently running Fedora 15 2.6.38.8-32.fc15.x86_64 which does not have the patch and lxc-attach gives this error: [root@forest Alcove]# lxc-attach --name Alcove lxc-attach: Does this kernel version support 'attach' ? lxc-attach: failed to enter the namespace That's probably about the best answer you're going to get. From what I can tell, the last patchset is here: http://lxc.sourceforge.net/patches/linux/2.6.38/ If you want it, you're probably going to have to build yourself a custom kernel with it patched in. Some of the patches have been merged into the upstream kernel but it's not clear to me if we'll have to wait for 3.0 to be released to see them but I suspect that to be the case. We're currently sitting at 3.0-rc7 on that one. 2.6.39.3 is released and stable nut I have no clue what's in there. 2.6.38 is currently at 2.6.38.8, which is what we see in F15 so it is what it is. C. Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF| possible worlds. A pessimist is sure of it! thanks a lot for the detailed answer by the way have you been succesfull in starting a f15 container on your f15? I have been debuggin for 2 hours now when i start f15 container it screws my host by interfering with my hosts's systemd which somehow doesn't make sense and when i use systemd-nspawn i get a bunch of errors and the system doesn't finish starting here is a paste of systemd log from systemd-nspawn session http://pastie.org/2218625 I haven't tried it yet. Will see what I can do. Couple of quick questions. 1) You say it screws your host if you don't uses nospawn. What happens? host console is not useable, random issues around missing characters when i type unable to login on other terminals because i cannot type and i see so many systemd logs on the console 2) Have you disabled the sys_admin cap by dropping it in that container? I find that causes me all sorts of grief. i will try that 3) Was this a fresh template build or did you upgrade an F14 machine to F15 (I was going to use yum --releasever=15 distro-sync in one of my running F14 containers). yes fresh install Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF| possible worlds. A pessimist is sure of it! -- AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on Lean Startup Secrets Revealed. This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu
Re: [Lxc-users] what's the difference in lxc-attach
On Sat, Jul 16, 2011 at 8:27 PM, Michael H. Warfield m...@wittsend.comwrote:
On Fri, 2011-07-15 at 20:17 +0300, Ramez Hanna wrote:
Big Snip
thanks a lot for the detailed answer
by the way have you been succesfull in starting a f15 container on
your
f15?
I now have an F15 container working.
I have been debuggin for 2 hours now
when i start f15 container it screws my host by interfering with my
hosts's
systemd which somehow doesn't make sense
and when i use systemd-nspawn i get a bunch of errors and the system
doesn't
finish starting
here is a paste of systemd log from systemd-nspawn session
http://pastie.org/2218625
I haven't tried it yet. Will see what I can do.
Couple of quick questions.
1) You say it screws your host if you don't uses nospawn. What
happens?
host console is not useable, random issues around missing characters when
i
type
unable to login on other terminals because i cannot type
and i see so many systemd logs on the console
I have a very strong suspicion that systemd is not going to be
compatible with running in a container because it wants to set up and
managed cgroups in the container which it can not do.
When I try to start it with systemd, the first process doesn't even seem
to come up (number of tasks is 0) and then the host can not remove the
container even after I've done an lxc-stop on it. But that's when I'm
logged in and running lxc-start from an ssh terminal Window. If I start
it from a real ttyX console then I get all sorts of startup messages
from the container and the consoles are hosed up like the console in the
container has gotten crosswise with the console in the host. Things try
to initialize but all sorts of things time out and eventually I have to
reset the host with an Magic SysRq sequence.
Gave up on systemd.
2) Have you disabled the sys_admin cap by dropping it in that
container?
I find that causes me all sorts of grief.
i will try that
Don't. It wouldn't do any good and causes lots of other problems (for
me at least).
3) Was this a fresh template build or did you upgrade an F14 machine to
F15 (I was going to use yum --releasever=15 distro-sync in one of my
running F14 containers).
yes fresh install
Here's what I've done and now gotten an F15 container to work.
I started out with an F14 container and upgraded it to F15 using the
yum --releasever=15 distro-sync method. I was able to reproduce your
problems above and thought there may be some conflicts over cgroups so I
decided to disable systemd.
If it's not present (it wasn't for me) install upstart into the
container from the host using yum --installroot={your VM root}
upstart.
Next cd to {your VM root}/sbin and rm init (which is symlinked
to ../bin/systemd) and symlink it to upstart (which is in sbin).
This got me almost there. The machine was starting but I was having
your funky console problem and I realized (largely because I'm working
on other related problems) that it was the ptmx device causing this. It
was mapping incorrectly.
So, cd to {your VM root}/dev and rm ptmx if it's a hard device and not a
symlink. Then symlink pts/ptmx to ptmx. If you started with some sort
of template, this may already be done and you may not run into this
problem at all.
Now you should be able to fire your F15 container up.
Also find the lines in /etc/init.d/halt that remount file systems ro or
you'll screw your /dev/pts fs in the host when you shut that container
down or reboot it (and, no, newinstance is not helping with that
problem).
Regards,
Mike
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com
/\/\|=mhw=|\/\/ | (678) 463-0932 |
http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of
all
PGP Key: 0x674627FF| possible worlds. A pessimist is sure of it!
it is very clear to me that systemd is interfering with the host's systemd
your solution of running f15 is not much different than running a f14
container (as systemd is the major diff)
systemd-nspawn can start systemd inside a light weight container
i think the problem is related to the fact that when lxc starts teh cgroup
is on the root of the tree
while it should have been under the user's tree
maybe serge can say somethiing about this
--
AppSumo Presents a FREE Video for the SourceForge Community by Eric
Ries, the creator of the Lean Startup Methodology on Lean Startup
Secrets Revealed. This video shows you how to validate your ideas,
optimize your ideas and identify your business strategy.
http://p.sf.net/sfu/appsumosfdev2dev___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] what's the difference in lxc-attach
On Sun, Jul 17, 2011 at 2:25 AM, Michael H. Warfield m...@wittsend.comwrote:
On Sat, 2011-07-16 at 23:59 +0300, Ramez Hanna wrote:
On Sat, Jul 16, 2011 at 8:27 PM, Michael H. Warfield m...@wittsend.com
wrote:
On Fri, 2011-07-15 at 20:17 +0300, Ramez Hanna wrote:
Big Snip
thanks a lot for the detailed answer
by the way have you been succesfull in starting a f15 container
on
your
f15?
I now have an F15 container working.
I have been debuggin for 2 hours now
when i start f15 container it screws my host by interfering with
my
hosts's
systemd which somehow doesn't make sense
and when i use systemd-nspawn i get a bunch of errors and the
system
doesn't
finish starting
here is a paste of systemd log from systemd-nspawn session
http://pastie.org/2218625
I haven't tried it yet. Will see what I can do.
Couple of quick questions.
1) You say it screws your host if you don't uses nospawn. What
happens?
host console is not useable, random issues around missing characters
when
i
type
unable to login on other terminals because i cannot type
and i see so many systemd logs on the console
I have a very strong suspicion that systemd is not going to be
compatible with running in a container because it wants to set up and
managed cgroups in the container which it can not do.
When I try to start it with systemd, the first process doesn't even
seem
to come up (number of tasks is 0) and then the host can not remove the
container even after I've done an lxc-stop on it. But that's when I'm
logged in and running lxc-start from an ssh terminal Window. If I
start
it from a real ttyX console then I get all sorts of startup messages
from the container and the consoles are hosed up like the console in
the
container has gotten crosswise with the console in the host. Things
try
to initialize but all sorts of things time out and eventually I have to
reset the host with an Magic SysRq sequence.
Gave up on systemd.
2) Have you disabled the sys_admin cap by dropping it in that
container?
I find that causes me all sorts of grief.
i will try that
Don't. It wouldn't do any good and causes lots of other problems (for
me at least).
3) Was this a fresh template build or did you upgrade an F14
machine to
F15 (I was going to use yum --releasever=15 distro-sync in one of
my
running F14 containers).
yes fresh install
Here's what I've done and now gotten an F15 container to work.
I started out with an F14 container and upgraded it to F15 using the
yum --releasever=15 distro-sync method. I was able to reproduce your
problems above and thought there may be some conflicts over cgroups so
I
decided to disable systemd.
If it's not present (it wasn't for me) install upstart into the
container from the host using yum --installroot={your VM root}
upstart.
Next cd to {your VM root}/sbin and rm init (which is symlinked
to ../bin/systemd) and symlink it to upstart (which is in sbin).
This got me almost there. The machine was starting but I was having
your funky console problem and I realized (largely because I'm working
on other related problems) that it was the ptmx device causing this.
It
was mapping incorrectly.
So, cd to {your VM root}/dev and rm ptmx if it's a hard device and not
a
symlink. Then symlink pts/ptmx to ptmx. If you started with some sort
of template, this may already be done and you may not run into this
problem at all.
Now you should be able to fire your F15 container up.
Also find the lines in /etc/init.d/halt that remount file systems ro or
you'll screw your /dev/pts fs in the host when you shut that container
down or reboot it (and, no, newinstance is not helping with that
problem).
Regards,
Mike
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com
/\/\|=mhw=|\/\/ | (678) 463-0932 |
http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best
of
all
PGP Key: 0x674627FF| possible worlds. A pessimist is sure of
it!
it is very clear to me that systemd is interfering with the host's
systemd
your solution of running f15 is not much different than running a f14
container (as systemd is the major diff)
systemd-nspawn can start systemd inside a light weight container
i think the problem is related to the fact that when lxc starts teh
cgroup
is on the root of the tree
while it should have been under the user's tree
I'm not so sure I understand what you mean by that last line. What
user's tree are you referring to?
in f15 systemd whenever a user starts a process it looks like this
├ user
│ ├ root
Re: [Lxc-users] mount from outside of a container online
i am not sure as far as i understand the rootfs location you setup is not what is used by the container i think it does mount it under another path, /usr/lib64/lxc/rootfs/ which is in a seperate namespacce, hence only visible to the process or something like that not sure if this is helpful or no On Mon, Jul 18, 2011 at 6:07 PM, Papp Tamas tom...@martos.bme.hu wrote: On 2011-07-16 19:41, Papp Tamas wrote: hi! Is it possible somehow? I'd like to bind mount a directory into a container and also I'd like to avoid restarting it. Does this mean, it's not possible? Thank you, tamas -- AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on Lean Startup Secrets Revealed. This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on Lean Startup Secrets Revealed. This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Fedora 15 on Fedora 15 LXC with Libvirt
On Tue, Aug 2, 2011 at 8:44 PM, Michael H. Warfield m...@wittsend.com wrote:
Ah... Serge? Reference back to the thread on [Lxc-users] what's the
difference in lxc-attach please? We were discussing systemd back in
that thread too.
On Tue, 2011-08-02 at 19:22 +0300, Iliyan ILF Stoyanov wrote:
Hi,
I don't think this template will work as it references two files that do
not exist in F15 i.e.
${rootfs_path}/etc/rc.sysinit
and
${rootfs_path}/etc/rc.d/rc.sysinit
this is because of the fact that system.d doesn't use such scripts for
init.
You mean systemd and not system.d but I got your point.
I have an F15 container running on an F15 host but the only way I was
able to do this was by installing upstart and relinking init to upstart.
Systemd seems to get a great deal of heartburn over trying to
mount /sys/fs/cgroup in the container and things catch fire and burn all
over the place. I do have it working with Upstart. Until a bunch of us
can sort out the details of what systemd is doing and expect and should
behave under what circumstances, F15 systemd in a container is going to
be a crap shoot.
Regards,
Mike
I can always just use Scientific Linux for my setup, however we made the
decision a long time ago that all our dev servers will stick to Fedora,
so that we are better prepared for the quirks that might come up in
RHEL/CentOS/SL when some technology gets included in the TUV releases.
It is not a must to have LXC running on Fedora 15 with Fedora 15 guests,
but it would be nice to crack the hard nut that system.d is proving to
be. By the way, I see that your email is at canonical and it seems a
most of the people here are running LXC on Ubuntu, is LXC actually
sponsored by canonical or is primarily developed around Debian/Ubuntu,
because if that is the case, it might explain certain incompatibilities
with the way Red Hat/Fedora are set up.
BR,
ilf
On Tue, 2011-08-02 at 09:02 -0500, Serge E. Hallyn wrote:
Quoting Iliyan ILF Stoyanov (i...@ilf.me):
On the other side, would someone be so kind to point me in the right
direction (either documentation, source or anything else available) that
I can follow so that I set up lxc container just with the LXC tools. I
Ramez Hanna has posted a new fedora template. I think this was the
latest:
http://www.mail-archive.com/lxc-users@lists.sourceforge.net/msg01707.html
It looks like it was for F13 and F14 containers, but it should be a
starting point. See the usage() section. I've not used it myself,
but the author should be on this list.
-serge
--
BlackBerryreg; DevCon Americas, Oct. 18-20, San Francisco, CA
The must-attend event for mobile developers. Connect with experts.
Get tools for creating Super Apps. See the latest technologies.
Sessions, hands-on labs, demos much more. Register early save!
http://p.sf.net/sfu/rim-blackberry-1
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
--
BlackBerryreg; DevCon Americas, Oct. 18-20, San Francisco, CA
The must-attend event for mobile developers. Connect with experts.
Get tools for creating Super Apps. See the latest technologies.
Sessions, hands-on labs, demos much more. Register early save!
http://p.sf.net/sfu/rim-blackberry-1
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
the fedora template works for 14 but not 15
the reason is systemd but not really related to rc.sysinit (yes this
needs cleanup)
systemd in the container seems to interfere with systemd on the host
screwing up the host
i haven't been looking at it lately, but i think it might be related
to mount points or something
as systemd uses /var/run/ which is a tmpfs, som maybe something goes wrong there
--
BlackBerryreg; DevCon Americas, Oct. 18-20, San Francisco, CA
The must-attend event for mobile developers. Connect with experts.
Get tools for creating Super Apps. See the latest technologies.
Sessions, hands-on labs, demos much more. Register early save!
http://p.sf.net/sfu/rim-blackberry-1
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] [PATCH 1/2] working fedora template
From c117fc7051971a9166cf5ab1f85cb6331b91a78c Mon Sep 17 00:00:00 2001
From: InformatiQ rha...@informatiq.org
Date: Wed, 20 Apr 2011 23:15:51 +0300
Subject: [PATCH 1/2] working fedora template
signed-off-by: Ramez Hanna rha...@informatiq.org
---
templates/lxc-fedora.in | 264 ++-
1 files changed, 146 insertions(+), 118 deletions(-)
diff --git a/templates/lxc-fedora.in b/templates/lxc-fedora.in
index f4f19c0..e26d73a 100644
--- a/templates/lxc-fedora.in
+++ b/templates/lxc-fedora.in
@@ -9,6 +9,7 @@
# Authors:
# Daniel Lezcano daniel.lezc...@free.fr
+# Ramez Hanna rha...@informatiq.org
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
@@ -24,117 +25,106 @@
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-DISTRO=fedora-10
+#Configurations
+arch=$(arch)
+cache_base=/var/cache/lxc/fedora/$arch
+default_path=/var/lib/lxc
+root_password=rooter
+lxc_network_type=veth
+lxc_network_link=virbr0
+
+# is this fedora?
+[ -f /etc/fedora-release ] is_fedora=true
configure_fedora()
{
-rootfs=$1
-hostname=$2
# disable selinux in fedora
-mkdir -p $rootfs/selinux
-echo 0 $rootfs/selinux/enforce
+mkdir -p $rootfs_path/selinux
+echo 0 $rootfs_path/selinux/enforce
# configure the network using the dhcp
-cat EOF $rootfs/etc/network/interfaces
-auto lo
-iface lo inet loopback
-
-auto eth0
-iface eth0 inet dhcp
+cat EOF ${rootfs_path}/etc/sysconfig/network-scripts/ifcfg-eth0
+DEVICE=eth0
+BOOTPROTO=dhcp
+ONBOOT=yes
+HOSTNAME=${UTSNAME}
+NM_CONTROLLED=no
+TYPE=Ethernet
+MTU=${MTU}
EOF
# set the hostname
-cat EOF $rootfs/etc/hostname
-$hostname
-EOF
-# set minimal hosts
-cat EOF $rootfs/etc/hosts
-127.0.0.1 localhost $hostname
-EOF
-
-# provide the lxc service
-cat EOF $rootfs/etc/init/lxc.conf
-# fake some events needed for correct startup other services
-
-description Container Upstart
-
-start on startup
-
-script
-rm -rf /var/run/*.pid
-rm -rf /var/run/network/*
-/sbin/initctl emit stopped JOB=udevtrigger --no-wait
-/sbin/initctl emit started JOB=udev --no-wait
-end script
-EOF
-
-cat EOF $rootfs/etc/init/console.conf
-# console - getty
-#
-# This service maintains a console on tty1 from the point the system is
-# started until it is shut down again.
-
-start on stopped rc RUNLEVEL=[2345]
-stop on runlevel [!2345]
-
-respawn
-exec /sbin/getty -8 38400 /dev/console
+cat EOF ${rootfs_path}/etc/sysconfig/network
+NETWORKING=yes
+HOSTNAME=${UTSNAME}
EOF
-cat EOF $rootfs/lib/init/fstab
-# /lib/init/fstab: lxc system fstab
-none/spu spufs
gid=spu,optional 0 0
-none/tmp nonedefaults
0 0
-none/var/lock tmpfs
nodev,noexec,nosuid,showthrough 0 0
-none/lib/init/rw tmpfs
mode=0755,nosuid,optional 0 0
+# set minimal hosts
+cat EOF $rootfs_path/etc/hosts
+127.0.0.1 localhost $name
EOF
-# reconfigure some services
-if [ -z $LANG ]; then
- chroot $rootfs locale-gen en_US.UTF-8
- chroot $rootfs update-locale LANG=en_US.UTF-8
-else
- chroot $rootfs locale-gen $LANG
- chroot $rootfs update-locale LANG=$LANG
-fi
-
-# remove pointless services in a container
-chroot $rootfs /usr/sbin/update-rc.d -f ondemand remove
-
-chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls
u*.conf); do mv $f $f.orig; done'
-chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls
tty[2-9].conf); do mv $f $f.orig; done'
-chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls
plymouth*.conf); do mv $f $f.orig; done'
-chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls
hwclock*.conf); do mv $f $f.orig; done'
-chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls
module*.conf); do mv $f $f.orig; done'
-
-echo Please change root-password !
-echo root:root | chroot $rootfs chpasswd
+sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.sysinit
+sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.d/rc.sysinit
+chroot ${rootfs_path} chkconfig udev-post off
+chroot ${rootfs_path} chkconfig network on
+
+dev_path=${rootfs_path}/dev
+rm -rf $dev_path
+mkdir -p $dev_path
+mknod -m 666 ${dev_path}/null c 1 3
+mknod -m 666 ${dev_path}/zero c 1 5
+mknod -m 666 ${dev_path}/random c 1 8
+mknod -m 666 ${dev_path}/urandom c 1 9
+mkdir -m 755 ${dev_path}/pts
+mkdir -m 1777 ${dev_path}/shm
+mknod -m 666 ${dev_path}/tty c 5 0
+mknod -m 666 ${dev_path}/tty0 c 4 0
+mknod -m 666 ${dev_path}/tty1 c 4 1
+mknod -m 666 ${dev_path}/tty2 c 4 2
+mknod -m 666 ${dev_path}/tty3 c 4 3
+mknod -m 666
[Lxc-users] [PATCH 2/2] fix RELEAE_URL to not hardcode the arch
From e959e5d5661841c5546b07575e7f3da84ac0ba7f Mon Sep 17 00:00:00 2001 From: InformatiQ rha...@informatiq.org Date: Thu, 14 Jul 2011 00:41:03 +0300 Subject: [PATCH 2/2] fix RELEAE_URL to not hardcode the arch --- templates/lxc-fedora.in |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/templates/lxc-fedora.in b/templates/lxc-fedora.in index e26d73a..0262013 100644 --- a/templates/lxc-fedora.in +++ b/templates/lxc-fedora.in @@ -111,7 +111,7 @@ download_fedora() echo Downloading fedora minimal ... YUM=yum --installroot $INSTALL_ROOT -y --nogpgcheck PKG_LIST=yum initscripts passwd rsyslog vim-minimal dhclient chkconfig rootfiles policycoreutils - RELEASE_URL=http://ftp.funet.fi/pub/mirrors/fedora.redhat.com/pub/fedora/linux/releases/$release/Everything/x86_64/os/Packages/fedora-release-$release-1.noarch.rpm; + RELEASE_URL=http://ftp.funet.fi/pub/mirrors/fedora.redhat.com/pub/fedora/linux/releases/$release/Everything/$arch/os/Packages/fedora-release-$release-1.noarch.rpm; curl $RELEASE_URL $INSTALL_ROOT/fedora-release-$release.noarch.rpm mkdir -p $INSTALL_ROOT/var/lib/rpm -- 1.7.6 -- BlackBerryreg; DevCon Americas, Oct. 18-20, San Francisco, CA The must-attend event for mobile developers. Connect with experts. Get tools for creating Super Apps. See the latest technologies. Sessions, hands-on labs, demos much more. Register early save! http://p.sf.net/sfu/rim-blackberry-1 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] [PATCH 1/2] working fedora template
On Wed, Aug 10, 2011 at 5:54 PM, Daniel Lezcano daniel.lezc...@free.fr wrote: On 08/10/2011 09:21 AM, Ramez Hanna wrote: On Tue, Aug 9, 2011 at 5:16 PM, Daniel Lezcano daniel.lezc...@free.fr wrote: On 08/08/2011 10:54 AM, Ramez Hanna wrote: From c117fc7051971a9166cf5ab1f85cb6331b91a78c Mon Sep 17 00:00:00 2001 From: InformatiQ rha...@informatiq.org Date: Wed, 20 Apr 2011 23:15:51 +0300 Subject: [PATCH 1/2] working fedora template signed-off-by: Ramez Hanna rha...@informatiq.org I was not able to apply your patches. It seems there is some spurious CR in the inlined patch. Did you copy-paste the diff in the email ? yes i did from gedit find the patch attached Ok, applied. I got a conflict and part of the patch has been rejected but I fixed the problem. I will let you check the template is working for you when commited. why don't you use git send-email --to lxc-de...@lists.sourceforge.net -nrpatches ? my git skills are next to zero, only know how to commit and push. will try that next time. sorry for the trouble -- Get a FREE DOWNLOAD! and learn more about uberSVN rich system, user administration capabilities and model configuration. Take the hassle out of deploying and managing Subversion and the tools developers use with it. http://p.sf.net/sfu/wandisco-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] [PATCH 1/2] working fedora template
this is a bug in the fedora-release-15-1.noarch
and was fixed in fedora-release-15-3.noarch from updates
which basically breaks the script, i'm wporking on fixing it
you could easily fix that in the script at line 114
but be aware that f15 won't boot, there needs to be tweaks to the
rootfs, which i haven't yet
On Tue, Aug 16, 2011 at 7:20 PM, Iliyan Stoyanov i...@ilf.me wrote:
Hi all,
I pulled the latest version of lxc from git (up to this commit:
e6238180c6963bcdbab42258a0f66b1d498c0e13) and it seems this patch is
already applied, however I seem to have a problem using the lxc-fedora
template to generate Fedora image. Am I completely stupid (or|and) am I
doing something wrong, because I can't seem to generate fedora
environment.
What I always get is an error looking like this:
warning:
/var/cache/lxc/fedora/x86_64/15/partial/fedora-release-15.noarch.rpm: Header
V3 RSA/SHA256 Signature, key ID 069c8460: NOKEY
error: Failed dependencies:
fedora-release-rawhide = 15-1 is needed by fedora-release-15-1.noarch
fedora/metalink | 20 kB
00:00
Could not parse metalink
https://mirrors.fedoraproject.org/metalink?repo=fedora-$releaseverarch=x86_64
error was
No repomd file
Error: Cannot retrieve repository metadata (repomd.xml) for repository:
fedora. Please verify its path and try again
Failed to download the rootfs, aborting.
Failed to download 'fedora base'
failed to install fedora
Which seems to be a problem that the template is not fetching another
needed rpm. However I'm not sure I know how to fix that. Any ideas?
--ilf
On Mon, 2011-08-08 at 11:54 +0300, Ramez Hanna wrote:
From c117fc7051971a9166cf5ab1f85cb6331b91a78c Mon Sep 17 00:00:00 2001
From: InformatiQ rha...@informatiq.org
Date: Wed, 20 Apr 2011 23:15:51 +0300
Subject: [PATCH 1/2] working fedora template
signed-off-by: Ramez Hanna rha...@informatiq.org
---
templates/lxc-fedora.in | 264
++-
1 files changed, 146 insertions(+), 118 deletions(-)
diff --git a/templates/lxc-fedora.in b/templates/lxc-fedora.in
index f4f19c0..e26d73a 100644
--- a/templates/lxc-fedora.in
+++ b/templates/lxc-fedora.in
@@ -9,6 +9,7 @@
# Authors:
# Daniel Lezcano daniel.lezc...@free.fr
+# Ramez Hanna rha...@informatiq.org
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
@@ -24,117 +25,106 @@
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-DISTRO=fedora-10
+#Configurations
+arch=$(arch)
+cache_base=/var/cache/lxc/fedora/$arch
+default_path=/var/lib/lxc
+root_password=rooter
+lxc_network_type=veth
+lxc_network_link=virbr0
+
+# is this fedora?
+[ -f /etc/fedora-release ] is_fedora=true
configure_fedora()
{
- rootfs=$1
- hostname=$2
# disable selinux in fedora
- mkdir -p $rootfs/selinux
- echo 0 $rootfs/selinux/enforce
+ mkdir -p $rootfs_path/selinux
+ echo 0 $rootfs_path/selinux/enforce
# configure the network using the dhcp
- cat EOF $rootfs/etc/network/interfaces
-auto lo
-iface lo inet loopback
-
-auto eth0
-iface eth0 inet dhcp
+ cat EOF ${rootfs_path}/etc/sysconfig/network-scripts/ifcfg-eth0
+DEVICE=eth0
+BOOTPROTO=dhcp
+ONBOOT=yes
+HOSTNAME=${UTSNAME}
+NM_CONTROLLED=no
+TYPE=Ethernet
+MTU=${MTU}
EOF
# set the hostname
- cat EOF $rootfs/etc/hostname
-$hostname
-EOF
- # set minimal hosts
- cat EOF $rootfs/etc/hosts
-127.0.0.1 localhost $hostname
-EOF
-
- # provide the lxc service
- cat EOF $rootfs/etc/init/lxc.conf
-# fake some events needed for correct startup other services
-
-description Container Upstart
-
-start on startup
-
-script
- rm -rf /var/run/*.pid
- rm -rf /var/run/network/*
- /sbin/initctl emit stopped JOB=udevtrigger --no-wait
- /sbin/initctl emit started JOB=udev --no-wait
-end script
-EOF
-
- cat EOF $rootfs/etc/init/console.conf
-# console - getty
-#
-# This service maintains a console on tty1 from the point the system is
-# started until it is shut down again.
-
-start on stopped rc RUNLEVEL=[2345]
-stop on runlevel [!2345]
-
-respawn
-exec /sbin/getty -8 38400 /dev/console
+ cat EOF ${rootfs_path}/etc/sysconfig/network
+NETWORKING=yes
+HOSTNAME=${UTSNAME}
EOF
- cat EOF $rootfs/lib/init/fstab
-# /lib/init/fstab: lxc system fstab
-none /spu spufs
gid=spu,optional 0 0
-none /tmp none defaults
0 0
-none /var/lock tmpfs
nodev,noexec,nosuid,showthrough 0 0
-none /lib/init/rw tmpfs
mode=0755,nosuid,optional 0 0
+ # set minimal hosts
+ cat EOF $rootfs_path
Re: [Lxc-users] [RFC] best way to add creation of lvm containers
first thought put it in lxc-create
then again, conversion is needed too hence i also want an lxc-convert
i am coming from a qemu background
so qemu-img does create and convert
so optimum is to see an lxc-convert and have that function also
available as part of lxc-create
On Fri, Jul 1, 2011 at 8:31 PM, Serge E. Hallyn se...@hallyn.com wrote:
Hey,
so lxc-clone will create a snapshot-based clone of an lvm-backed
container in about a second. Creating the first lvm-backed
container is a bit of a pain though. I do it using the script
below, called 'lxclvmconvert' on my machine. So I do
lxc-create -t ubuntu -f /etc/lxc.conf -n mavbase -- -r maverick
lxclvmconvert mavbase
and from then on I can do fast
lxc-clone -s -o mavbase -n mav-bugxyz
My question is, where do we want to put this functionality? Of course
I *can* put it in the ubuntu template itself, but I'm leary of adding
too many options to that. Consider that just for the lvm support we'd
need to add optional arguments for:
backing store type: (lvm, loopback file, real blockdev)
backing store fstype
backing store size
other options, i.e. lvm volume group name
So, do you think it would be better for the container creation templates
to offer this support, or to have a separate tool, not lxclvmconvert, but
maybe 'lxc-convert', which converts a container from any supported backing
type to any other. Backing types I guess could start out by including
directory (the current way)
lvm
loopback file
raw device
thanks,
-serge
#!/bin/sh
if [ $# -lt 1 ]; then
echo Usage: $0 container-name size fstype
exit 1
fi
c=$1
size=2G
fstype=ext3
echo converting container $c
if [ $# -gt 1 ]; then
size=$2
echo Using size $size
fi
if [ $# -gt 2 ]; then
fstype=$3
echo Using fstype $fstype
fi
if [ ! -d /var/lib/lxc/$c/rootfs ]; then
echo Container $c doesn't seem to exist?
exit 1
fi
if [ -e /dev/lxc/$c ]; then
echo /dev/lxc/$c already exists. Bailing
exit 1
fi
lvcreate -L $size -n $c lxc || cleanup
sleep 1
mkfs -t $fstype /dev/lxc/$c
if [ $? -ne 0 ]; then
echo Failed to create the filesystem
lvremove -f /dev/lxc/$c
exit 1
fi
mkdir /var/lib/lxc/$c/lvm || { lvremove -f /dev/lxc/$c; exit 1; }
mount -t $fstype /dev/lxc/$c /var/lib/lxc/$c/lvm || { lvremove -f
/dev/lxc/$c; exit 1; }
rsync -va /var/lib/lxc/$c/rootfs/ /var/lib/lxc/$c/lvm || echo Rsync had
errors, you may want to check; continuing
umount /var/lib/lxc/$c/lvm
rmdir /var/lib/lxc/$c/lvm
rm -rf /var/lib/lxc/$c/rootfs
mkdir /var/lib/lxc/$c/rootfs
sed -i '/lxc.rootfs/d' /var/lib/lxc/$c/config
echo lxc.rootfs = /dev/lxc/$c /var/lib/lxc/$c/config
echo Finished
--
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
--
EMC VNX: the world's simplest storage, starting under $10K
The only unified storage solution that offers unified management
Up to 160% more powerful than alternatives and 25% more efficient.
Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] lxc-clone
Hi, I have started using lxc to setup a pre-production system instead of KVM at first glance clone seemd to me that it would copy everything to a new roots but turns out that in case of LVM it will snapshot AFAIK snapshots are meant more for backup or testing some changes and discarding them later do you think it makes sense if I modify the script in this way if user doesn't specify -s, then a new lv is created and copy all comtents to it, rather than snapshot which would work if user uses the -s option? On Tue, Jun 21, 2011 at 8:58 PM, Serge Hallyn serge.hal...@canonical.com wrote: Hi Daniel, Quoting Daniel Lezcano (daniel.lezc...@free.fr): +echo Tweaking configuration +cp $lxc_path/$lxc_orig/config $lxc_path/$lxc_new/config +sed -i '/lxc.utsname/d' $lxc_path/$lxc_new/config +echo lxc.utsname = $hostname $lxc_path/$lxc_new/config We should not assume lxc.utsname is in the configuration file in order to not write a hostname in all the cases. The user may want to let the container to setup itself the hostname. What do you think is the best way to do this? We could allow the user to specify a 'firstboot' script, which gets copied into root directory of the container. Maybe boot the container when it's done, run /firstboot.sh, and shut down. Or just let that happen when the user first boots. We could use a /etc/init.d/lxc-firstboot script, but that will only work if the container's init system actually looks at sysvinit scripts. Obviously sysvinit and upstart do, and I must assume that systemd does. lxc-init I assume doesn't. Mmh, that's look a bit complicate for the user. I was thinking about something simpler like: grep -q lxc.utsname $lxc_path/$lxc_new/config if [ $? == 0 ]; then sed -e s/lxc.utsname/lxc.utsname=$hostname $lxc_path/$lxc_new/config else echo lxc.utsname = $hostname $lxc_path/$lxc_new/config fi I started changing my code to this, but now am wondering how this differs from what I was doing, which was: sed -i '/lxc.utsname/d' $lxc_path/$lxc_new/config echo lxc.utsname = $hostname $lxc_path/$lxc_new/config The only difference is that in mine, if the original config had a hostname at top of file, it'll now be at bottom of file. But with both your snippets and mine, the 'lxc.utsname = new_hostname' will be the one and only utsname in the config. If you still think it's worth changing I'll do so, but I like that mine is shorter. -serge -- EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- EMC VNX: the world's simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] [PATCH] multiple mods to lxc-clone
* allow cloning of non-snapshot lvm devices
* if no -s then create a copy of the lvm block device and copy data
from the orig to the new container device
* first take a snapshot, then use this snapshot to copy data,
remove snapshot after done
* if orig container is running freeze it while copying
* in case lvm block device, the container is only frozen during
creation of snapshot ~1 sec
* use rsync -ax insted of cp -a
* in case copying a live contrainer it won't copy runtine mounted
files such as /proc, /sys and some /dev
* new opts
* fstype: type of fs for the newly created lvm device in case of
non-snapshot lvm
* lvprefix: prefix for new lvm device name.
* do not delete the lines lxc.mount by default
* check is fstab exists then copy it
* only modify lines that contain lxc.mount =, debian template
seems to not have that line but uses lxc.mount. lines which get
screwed
Signed-off-by: InformatiQ rha...@informatiq.org
---
src/lxc/lxc-clone.in | 98 ++
1 files changed, 75 insertions(+), 23 deletions(-)
mode change 100644 = 100755 src/lxc/lxc-clone.in
diff --git a/src/lxc/lxc-clone.in b/src/lxc/lxc-clone.in
old mode 100644
new mode 100755
index 91944a0..d42160b
--- a/src/lxc/lxc-clone.in
+++ b/src/lxc/lxc-clone.in
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/bash
#
# lxc: linux Container library
@@ -22,7 +22,7 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
usage() {
-echo usage: lxc-clone -o orig -n new [-s] [-h] [-L fssize]
[-v vgname]
+echo usage: lxc-clone -o orig -n new [-s] [-h] [-L fssize]
[-v vgname] [-p lxc_lv_prefix] [-t fstype]
}
help() {
@@ -36,15 +36,19 @@ help() {
echo -s : make the new rootfs a snapshot of the original
echo fssize : size if creating a new fs. By default, 2G
echo vgname : lvm volume group name, lxc by default
+echo lvprefix : lvm volume name prefix, none by default, e.g.
--lvprefix=lxc_ then new lxc lv name will be lxc_newname
+echo fstype : new container file system type, ext3 by
default (only works for non-snapshot lvm)
}
-shortoptions='ho:n:sL:v:'
-longoptions='help,orig:,name:,snapshot,fssize,vgname'
+shortoptions='ho:n:sL:v:p:t:'
+longoptions='help,orig:,name:,snapshot,fssize:,vgname:,lvprefix:,fstype:'
lxc_path=/var/lib/lxc
bindir=/usr/bin
snapshot=no
lxc_size=2G
lxc_vg=lxc
+lxc_lv_prefix=
+fstype=ext3
getopt=$(getopt -o $shortoptions --longoptions $longoptions -- $@)
if [ $? != 0 ]; then
@@ -63,6 +67,7 @@ while true; do
-s|--snapshot)
shift
snapshot=yes
+snapshot_opt=-s
;;
-o|--orig)
shift
@@ -84,6 +89,11 @@ while true; do
lxc_new=$1
shift
;;
+-p|--lvprefix)
+shift
+lxc_lv_prefix=$1
+shift
+;;
--)
shift
break;;
@@ -141,50 +151,92 @@ trap ${bindir}/lxc-destroy -n $lxc_new; echo
aborted; exit 1 SIGHUP SIGINT SIG
mkdir -p $lxc_path/$lxc_new
+hostname=$lxc_new
+
echo Tweaking configuration
cp $lxc_path/$lxc_orig/config $lxc_path/$lxc_new/config
sed -i '/lxc.utsname/d' $lxc_path/$lxc_new/config
echo lxc.utsname = $hostname $lxc_path/$lxc_new/config
-sed -i '/lxc.mount/d' $lxc_path/$lxc_new/config
-echo lxc.mount = $lxc_path/$lxc_new/fstab $lxc_path/$lxc_new/config
+grep lxc.mount = $lxc_path/$lxc_new/config /dev/null 21 { sed
-i '/lxc.mount =/d' $lxc_path/$lxc_new/config; echo lxc.mount =
$lxc_path/$lxc_new/fstab $lxc_path/$lxc_new/config; }
-cp $lxc_path/$lxc_orig/fstab $lxc_path/$lxc_new/fstab
-sed -i s@$lxc_path/$lxc_orig@$lxc_path/$lxc_new@ $lxc_path/$lxc_new/fstab
+if [ -e $lxc_path/$lxc_orig/fstab ];then
+cp $lxc_path/$lxc_orig/fstab $lxc_path/$lxc_new/fstab
+sed -i s@$lxc_path/$lxc_orig@$lxc_path/$lxc_new@ $lxc_path/$lxc_new/fstab
+fi
echo Copying rootfs...
rootfs=$lxc_path/$lxc_new/rootfs
# First figure out if the old is a device. For now we only support
# lvm devices.
mounted=0
+#is container running
+lxc-info -s -n $lxc_orig|grep RUNNING /dev/null 21
+if [ $? -ne 0 ]; then
+container_running=True
+fi
sed -i '/lxc.rootfs/d' $lxc_path/$lxc_new/config
oldroot=`grep lxc.rootfs $lxc_path/$lxc_orig/config | awk -F= '{ print $2 '}`
if [ -b $oldroot ]; then
# this is a device. If we don't want to snapshot, then mkfs, mount
# and rsync. Trivial but not yet implemented
- if [ $snapshot == no ]; then
- echo non-snapshot and non-lvm clone of block device not yet
implemented
- exit 1
- fi
+ #if [ $snapshot == no ]; then
+ # echo non-snapshot and non-lvm clone of block device not yet
implemented
+ # exit 1
+ #fi
lvdisplay $oldroot /dev/null 21
if [ $? -ne 0 ]; then
- echo
[Lxc-users] Subject: [PATCH 1/2] fix for missing EOF and fstab contents
templates/lxc-fedora.in | 10 +- 1 files changed, 5 insertions(+), 5 deletions(-) diff --git a/templates/lxc-fedora.in b/templates/lxc-fedora.in index 81f8bc4..c166efb 100644 --- a/templates/lxc-fedora.in +++ b/templates/lxc-fedora.in @@ -224,10 +224,10 @@ lxc.cgroup.devices.allow = c 254:0 rwm EOF cat EOF $config_path/fstab -+proc$rootfs_path/proc procnodev,noexec,nosuid 0 0 -+devpts $rootfs_path/dev/pts devpts defaults 0 0 -+sysfs $rootfs_path/sys sysfs defaults 0 0 - +proc$rootfs_path/proc procnodev,noexec,nosuid 0 0 +devpts $rootfs_path/dev/pts devpts defaults 0 0 +sysfs $rootfs_path/sys sysfs defaults 0 0 +EOF if [ $? -ne 0 ]; then echo Failed to add configuration return 1 @@ -268,7 +268,7 @@ usage: Mandatory args: -n,--name container name, used to as an identifier for that container from now on Optional args: - -p,--path path to where the container rootfs will be created, defaults to /var/lib/lxc. The container config will go under /var/lib/lxc in and case + -p,--path path to where the container rootfs will be created, defaults to /var/lib/lxc. The container config will go under /var/lib/lxc in that case -c,--cleanclean the cache -R,--release Fedora release for the new container. if the host is Fedora, then it will defaultto the host's release. -A,--arch NOT USED YET. Define what arch the container will be [i686,x86_64] -- 1.7.6 -- EMC VNX: the world's simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] [PATCH 2/2] lxc-fedora.in
* if not running on fedora host amd -R is not set, use fedora 14 as default
* trap SIGHUP SIGINT SIGTERM, and cleanup before exiting
---
templates/lxc-fedora.in | 28 +---
1 files changed, 21 insertions(+), 7 deletions(-)
diff --git a/templates/lxc-fedora.in b/templates/lxc-fedora.in
index c166efb..48cb1c0 100644
--- a/templates/lxc-fedora.in
+++ b/templates/lxc-fedora.in
@@ -316,8 +316,7 @@ if [ -z $release ]; then
if [ $is_fedora ]; then
release=$(cat /etc/fedora-release |awk '/^Fedora/ {print $3}')
else
-echo This is not a fedora host and release missing, use
-R|--release to specify release
-exit 1
+echo This is not a fedora host and release missing,
defaulting to 14. use -R|--release to specify release
fi
fi
@@ -326,6 +325,7 @@ if [ $(id -u) != 0 ]; then
exit 1
fi
+
rootfs_path=$path/$name/rootfs
config_path=$default_path/$name
cache=$cache_base/$release
@@ -335,6 +335,25 @@ if [ -f $config_path/config ]; then
exit 1
fi
+revert()
+{
+echo Interrupted, so cleaning up
+lxc-destroy -n $name
+# maybe was interrupted before copy config
+rm -rf $path/$name
+rm -rf $default_path/$name
+echo exiting...
+exit 1
+}
+
+trap revert SIGHUP SIGINT SIGTERM
+
+copy_configuration
+if [ $? -ne 0 ]; then
+echo failed write configuration file
+exit 1
+fi
+
install_fedora
if [ $? -ne 0 ]; then
echo failed to install fedora
@@ -347,11 +366,6 @@ if [ $? -ne 0 ]; then
exit 1
fi
-copy_configuration
-if [ $? -ne 0 ]; then
-echo failed write configuration file
-exit 1
-fi
if [ ! -z $clean ]; then
clean || exit 1
--
1.7.6
--
EMC VNX: the world's simplest storage, starting under $10K
The only unified storage solution that offers unified management
Up to 160% more powerful than alternatives and 25% more efficient.
Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] lxc-clone
On Mon, Aug 29, 2011 at 4:19 PM, Serge Hallyn serge.hal...@canonical.com wrote: Quoting Ramez Hanna (rha...@informatiq.org): Hi, I have started using lxc to setup a pre-production system instead of KVM at first glance clone seemd to me that it would copy everything to a new roots but turns out that in case of LVM it will snapshot AFAIK snapshots are meant more for backup or testing some changes and discarding them later do you think it makes sense if I modify the script in this way if user doesn't specify -s, then a new lv is created and copy all comtents to it, rather than snapshot which would work if user uses the -s option? Yes, I guess I didn't implement that bit yet, but not specifying -s was meant to do a simple copy. You'll probably want to check whether the original was a simple directory tree or an lvm, and only lvcreate if the original was an lvm. (then lxc-convert can offer conversion from one to the other.) -serge I did implemet that patch submitted yesterday, would appreciate any comments -- Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free Love Thy Logs t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] [PATCH] multiple mods to lxc-clone
On Tue, Aug 30, 2011 at 1:08 AM, Serge Hallyn
serge.hal...@canonical.com wrote:
Thanks, Ramez. It looks good to me. My only comment would be that
if the rootfs copy fails (either rsync or lvm clone), and you've
frozen the original container, then you need to unfreeze the original
container before erroring out.
-serge
good catch
thanks
resending in a bit
Quoting Ramez Hanna (rha...@informatiq.org):
* allow cloning of non-snapshot lvm devices
* if no -s then create a copy of the lvm block device and copy data
from the orig to the new container device
* first take a snapshot, then use this snapshot to copy data,
remove snapshot after done
* if orig container is running freeze it while copying
* in case lvm block device, the container is only frozen during
creation of snapshot ~1 sec
* use rsync -ax insted of cp -a
* in case copying a live contrainer it won't copy runtine mounted
files such as /proc, /sys and some /dev
* new opts
* fstype: type of fs for the newly created lvm device in case of
non-snapshot lvm
* lvprefix: prefix for new lvm device name.
* do not delete the lines lxc.mount by default
* check is fstab exists then copy it
* only modify lines that contain lxc.mount =, debian template
seems to not have that line but uses lxc.mount. lines which get
screwed
Signed-off-by: InformatiQ rha...@informatiq.org
---
src/lxc/lxc-clone.in | 98
++
1 files changed, 75 insertions(+), 23 deletions(-)
mode change 100644 = 100755 src/lxc/lxc-clone.in
diff --git a/src/lxc/lxc-clone.in b/src/lxc/lxc-clone.in
old mode 100644
new mode 100755
index 91944a0..d42160b
--- a/src/lxc/lxc-clone.in
+++ b/src/lxc/lxc-clone.in
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/bash
#
# lxc: linux Container library
@@ -22,7 +22,7 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
usage() {
- echo usage: lxc-clone -o orig -n new [-s] [-h] [-L fssize]
[-v vgname]
+ echo usage: lxc-clone -o orig -n new [-s] [-h] [-L fssize]
[-v vgname] [-p lxc_lv_prefix] [-t fstype]
}
help() {
@@ -36,15 +36,19 @@ help() {
echo -s : make the new rootfs a snapshot of the original
echo fssize : size if creating a new fs. By default, 2G
echo vgname : lvm volume group name, lxc by default
+ echo lvprefix : lvm volume name prefix, none by default, e.g.
--lvprefix=lxc_ then new lxc lv name will be lxc_newname
+ echo fstype : new container file system type, ext3 by
default (only works for non-snapshot lvm)
}
-shortoptions='ho:n:sL:v:'
-longoptions='help,orig:,name:,snapshot,fssize,vgname'
+shortoptions='ho:n:sL:v:p:t:'
+longoptions='help,orig:,name:,snapshot,fssize:,vgname:,lvprefix:,fstype:'
lxc_path=/var/lib/lxc
bindir=/usr/bin
snapshot=no
lxc_size=2G
lxc_vg=lxc
+lxc_lv_prefix=
+fstype=ext3
getopt=$(getopt -o $shortoptions --longoptions $longoptions -- $@)
if [ $? != 0 ]; then
@@ -63,6 +67,7 @@ while true; do
-s|--snapshot)
shift
snapshot=yes
+ snapshot_opt=-s
;;
-o|--orig)
shift
@@ -84,6 +89,11 @@ while true; do
lxc_new=$1
shift
;;
+ -p|--lvprefix)
+ shift
+ lxc_lv_prefix=$1
+ shift
+ ;;
--)
shift
break;;
@@ -141,50 +151,92 @@ trap ${bindir}/lxc-destroy -n $lxc_new; echo
aborted; exit 1 SIGHUP SIGINT SIG
mkdir -p $lxc_path/$lxc_new
+hostname=$lxc_new
+
echo Tweaking configuration
cp $lxc_path/$lxc_orig/config $lxc_path/$lxc_new/config
sed -i '/lxc.utsname/d' $lxc_path/$lxc_new/config
echo lxc.utsname = $hostname $lxc_path/$lxc_new/config
-sed -i '/lxc.mount/d' $lxc_path/$lxc_new/config
-echo lxc.mount = $lxc_path/$lxc_new/fstab $lxc_path/$lxc_new/config
+grep lxc.mount = $lxc_path/$lxc_new/config /dev/null 21 { sed
-i '/lxc.mount =/d' $lxc_path/$lxc_new/config; echo lxc.mount =
$lxc_path/$lxc_new/fstab $lxc_path/$lxc_new/config; }
-cp $lxc_path/$lxc_orig/fstab $lxc_path/$lxc_new/fstab
-sed -i s@$lxc_path/$lxc_orig@$lxc_path/$lxc_new@ $lxc_path/$lxc_new/fstab
+if [ -e $lxc_path/$lxc_orig/fstab ];then
+ cp $lxc_path/$lxc_orig/fstab $lxc_path/$lxc_new/fstab
+ sed -i s@$lxc_path/$lxc_orig@$lxc_path/$lxc_new@
$lxc_path/$lxc_new/fstab
+fi
echo Copying rootfs...
rootfs=$lxc_path/$lxc_new/rootfs
# First figure out if the old is a device. For now we only support
# lvm devices.
mounted=0
+#is container running
+lxc-info -s -n $lxc_orig|grep RUNNING /dev/null 21
+if [ $? -ne 0 ]; then
+ container_running=True
+fi
sed -i '/lxc.rootfs/d' $lxc_path/$lxc_new/config
oldroot=`grep lxc.rootfs $lxc_path/$lxc_orig/config | awk -F= '{ print $2
'}`
if [ -b $oldroot ]; then
# this is a device
[Lxc-users] Fwd: help regarding lxc
-- Forwarded message -- From: Ramez Hanna rha...@informatiq.org Date: Tue, Aug 30, 2011 at 2:36 PM Subject: Re: [Lxc-users] help regarding lxc To: nishant mungse nishantmun...@gmail.com there is a lxc-fedora template which wors just fine for fedora releases prior to 15 lxc-create -n lxc -t fedora -- -R14 this will create a fedora 14 container that works for you I don't know about that tar file you downloaded, is it a fedora container? or just a fedora install tarred On Tue, Aug 30, 2011 at 2:25 PM, nishant mungse nishantmun...@gmail.com wrote: hiii 1.First i downloaded the fedora-11-x86.tar.gz into /home/nishant/fedora 2.tar -xvf fedora-11-x86.tar.gz in same folder 3.created fstab and conf file 4.lxc-create -n lxc -f /home/nishant/fedora.conf 5.lxc-start -n fedora. And after that what happened i have disp in prev thread. Regards, Nishant. On Tue, Aug 30, 2011 at 4:48 PM, Ramez Hanna rha...@informatiq.org wrote: On Tue, Aug 30, 2011 at 2:13 PM, nishant mungse nishantmun...@gmail.com wrote: Hi Canhua I hv created a fedora container. commnd::lxc-start -n fedora Welcome to Fedora ... .. .. Setting hostname fedora: [ OK ] Checking filesystems [ OK ] mount: according to mtab, rootfs is already mounted on / Mounting local filesystems: [ OK ] Enabling local filesystem quotas: [ OK ] Enabling /etc/fstab swaps: [ OK ] hangs after this .. What should i do.?? i have deleted allthe contents form fstab also. What might be d problem??? plZ hlp me ASAP Regards, Nishant. On Tue, Aug 30, 2011 at 12:40 PM, Canhua dreamerat...@gmail.com wrote: this file is needed. some form of bootstrap is need to setup these system files. On Tue, Aug 30, 2011 at 3:07 PM, nishant mungse nishantmun...@gmail.com wrote: hii Canhua No there is no such file. Regards, Nishant On Tue, Aug 30, 2011 at 12:20 PM, Canhua dreamerat...@gmail.com wrote: do you have /sbin/init file in container's rootfs? e.g. /var/lib/lxc/guest/sbin/init On Tue, Aug 30, 2011 at 2:39 PM, nishant mungse nishantmun...@gmail.com wrote: hi Joerg Thnks 4 reply. I have executed the script now the error is gone but there is some problem. lxc-start -n guest lxc-start: No such file or directory - failed to exec /sbin/init lxc-start: invalid sequence number 1. expected 2 lxc-start: failed to spawn 'guest' lxc-start: Device or resource busy - failed to remove cgroup '/cgrouplxc/guest' Why it failed to exec /sbin/init? and what might be the solution to this. And i am not using any of the templates in creating the container. Regards, Nishant -- Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free Love Thy Logs t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free Love Thy Logs t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users how did you create the fedora container? -- -- BR RH -- -- BR RH -- Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free Love Thy Logs t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Is it possible to create symbolic links between different containers
On Tue, Aug 30, 2011 at 6:00 PM, Bodhi Zazen bodhi.za...@montanalinux.org wrote: You might be able to achieve this with mount bind - Original Message - From: nishant mungse nishantmun...@gmail.com To: lxc-users@lists.sourceforge.net, contain...@lists.linux-foundation.org Sent: Tuesday, August 30, 2011 7:38:07 AM Subject: [Lxc-users] Is it possible to create symbolic links between different containers Hi all I want to create a sym link between different containers. Is it possible to create?and how? Regards, Nishant. -- Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free Love Thy Logs t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free Love Thy Logs t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users what is your purpose for the symlink? -- BR RH -- Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free Love Thy Logs t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] possible to create/run lxc containers inside an lxc container?
On Thu, Sep 22, 2011 at 11:02 AM, Jesse Andrews anotherje...@gmail.com wrote: When I try to create a container inside a container I get an error: root@OUTER $ lxc-create -n INNER -f net.conf -t natty debootstrap is /usr/sbin/debootstrap Checking cache download in /var/cache/lxc/natty/rootfs-amd64 ... Downloading ubuntu natty minimal ... [...snip...] I: Extracting xz-utils... I: Extracting zlib1g... Failed to download the rootfs, aborting. apparently the error is about downloading nothing yet about nested containers check if the networking nside the container is configured and working or simply copy a container inside and start it to see if nesting works or not Failed to download 'ubuntu natty base' failed to install ubuntu natty failed to execute template 'natty' Any way to nest containers? Thanks, Jesse -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- -- BR RH -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] newbie: lxc on Fedora 15
On Mon, Oct 10, 2011 at 1:18 AM, sean darcy seandar...@gmail.com wrote: I'm trying to install F15 in an lxc container on an F15 host. I have found the script: setup_lxc_rootfs_fedora15.sh could you post a link to that script, i haven't seen it before and the template: lxc-fedora.in (Why, BTW, doesn't the Fedora rpm include the templates?) for some reason the maintainer of this package removed all the templates you can find a a pcakage containing the latest master from git and has the templates at http://software.opensuse.org/download.html?project=home:ramezhannapackage=lxc But very confused about what to actually do. Are the script and the template related? Do I need to run the script before lxc-create? Or do is it just: lxc-create -n NewF15 -t lxc-fedora.in And do I need a configuration file if I'm using the script and/or template? I've looked at http://lxc.teegra.net/ but can't figure out how much is superseded by script and template. Thanks, sean -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- -- BR RH -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2d-oct ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] newbie: lxc on Fedora 15
On Wed, Oct 12, 2011 at 9:49 AM, Ramez Hanna rha...@informatiq.org wrote: On Mon, Oct 10, 2011 at 1:18 AM, sean darcy seandar...@gmail.com wrote: I'm trying to install F15 in an lxc container on an F15 host. I have found the script: setup_lxc_rootfs_fedora15.sh could you post a link to that script, i haven't seen it before and the template: lxc-fedora.in (Why, BTW, doesn't the Fedora rpm include the templates?) for some reason the maintainer of this package removed all the templates you can find a a pcakage containing the latest master from git and has the templates at http://software.opensuse.org/download.html?project=home:ramezhannapackage=lxc But very confused about what to actually do. Are the script and the template related? Do I need to run the script before lxc-create? Or do is it just: lxc-create -n NewF15 -t lxc-fedora.in And do I need a configuration file if I'm using the script and/or template? I've looked at http://lxc.teegra.net/ but can't figure out how much is superseded by script and template. Thanks, sean -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- -- BR RH as mentioned at (where i found the script) https://gist.github.com/1142202 this script runs on top of an already created rootfs, it does some configuration on top of systemd but it only works when run on an openVZ pre created rootfs, if you use the fedora template it doesn't work -- -- BR RH -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2d-oct ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] lxc-ls does not list
i have built latest master on
http://software.opensuse.org/download.html?project=home:ramezhannapackage=lxc
now lxc-ls does not list my containers
looking at the lxc-ls code
lxcpath=${localstatedir}/lib/lxc
where ${localstatedir} seems to be not set
lxc-start -n name does work even though lxc-ls does not show it
i would guess this is related to all bash scripts
is this a build issue or a code issue (I have 0 knowledge of the automake stuff)
--
--
BR
RH
--
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Fedora / CentOS
there should be no issue runnig ubuntu on redhat like systems but f15/16 don't run becuase of something related to systemd I have been trying although there was thread about running f15 starting from a openVZ rootfs On Tue, Dec 6, 2011 at 1:36 AM, Huang Liang excee...@gmail.com wrote: I remember that it is not possible to run ubuntu guests on CentOs host due to the upstart things. On Dec 6, 2011, at 2:58 AM, István Király - LaKing wrote: Hi folks. I wrote a guide how to get lxc running on CentOs host, with CentOS or Fedora 14 guest. http://forums.fedoraforum.org/showthread.php?t=272995 I could not get FC15/FC16 containers to work tho. I read somewhere it is because of systemd. Any ideas or suggestions on that subject? Thank you. lak...@d250.hu D250 Laboratories www.D250.hu -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- BR RH http://informatiq.org -- Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] .. CentOS .. + ubuntu
On Tue, Dec 6, 2011 at 8:24 PM, István Király - LaKing d...@yahoo.com wrote: Huang Liang excee...@gmail.com there should be no issue runnig ubuntu on redhat like systems but f15/16 don't run becuase of something related to systemd I have been trying although there was thread about running f15 starting from a openVZ rootfs On Fedora 16 host, with the ubuntu container, I get the same errors then with fedora or centos containers. On a CentOS 6, with ubunto containers, I get the following errors: lxc-start 1323193897.780 DEBUG lxc_conf - umounted '/mnt' lxc-start 1323193897.781 INFO lxc_conf - created new pts instance lxc-start 1323193897.781 INFO lxc_conf - set personality to '0x0' lxc-start 1323193897.781 DEBUG lxc_conf - capabilities has been setup lxc-start 1323193897.781 NOTICE lxc_conf - 'ub' is setup. lxc-start 1323193897.781 NOTICE lxc_start - exec'ing '/sbin/init' lxc-start 1323193897.781 NOTICE lxc_start - '/sbin/init' started with pid '13324' lxc-start 1323193897.781 DEBUG lxc_utmp - Added '/proc/13324/root/var/run' to inotifywatch lxc-start 1323193897.798 DEBUG lxc_utmp - got inotify event 256 for utmp Here the guest system hangs ... restart lxc-start 1323195414.802 NOTICE lxc_conf - 'ub' is setup. lxc-start 1323195414.802 NOTICE lxc_start - exec'ing '/sbin/init' lxc-start 1323195414.802 NOTICE lxc_start - '/sbin/init' started with pid '13522' lxc-start 1323195414.802 ERROR lxc_commands - failed to create the command service point lxc-start 1323195414.802 ERROR lxc_start - failed to add command handler to mainloop lxc-start 1323195414.803 ERROR lxc_start - mainloop exited with an error lxc-start 1323195414.803 DEBUG lxc_cgroup - destroying /cgroup ub lxc-start 1323195414.808 DEBUG lxc_cgroup - '/cgroup/ub' unlinked But seems like I can start a /bin/bash in the ubuntu container. -- Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users could you post your conf file of that container -- BR RH http://informatiq.org -- Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] How to start the network services so as to get the IP address using lxc-execute???
On Thu, Dec 8, 2011 at 12:33 PM, nishant mungse nishantmun...@gmail.com wrote: Hi, I want to manually invoke a networking setup to start the network service to get the IP address of container , But the problem is i don't want to start the container and want to use lxc-execute. When I tried these things happened:: command :: lxc-execute -n base -f /home/nishant/ubuntu.conf /var/lib/lxc/base1/rootfs/etc/init.d/networking start O/P Rather than invoking init scripts through /etc/init.d, use the service(8) utility, e.g. service networking start Since the script you are attempting to invoke has been converted to an Upstart job, you may also use the start(8) utility, e.g. start networking start: Unable to connect to Upstart: Failed to connect to socket /com/ubuntu/upstart: Connection refused How to start the network services so as to get the IP addresses of containers? Regards, Nishant -- Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users looks like the upstart scripts need upstart to be running! you could use a different script to start the networking say from a sysv init but I am not sure that with execute you will get the networking stack/isolation available -- BR RH http://informatiq.org -- Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] fedora 16 under lxc
hei I have been able to get some form of f16 under lxc running but some quirks so steps (untill i make a patch or a new script) use the current lxc-fedora to create a container chroot into the rootfs unlink /etc/systemd/system/default.target ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target touch /etc/fstab now that should in theory work my setup is a KVM guest with lxc installed i'm using VM-manager so i get to see the ttys while i start the container from ssh in fedora the tty1 is empty i make sure i have tty1 visible start the container from an ssh session using the -d flag looking at the tty1 of the VM i can see the console log from the lxc container so 1st quirk: i only get the container output on tty1 of the host (kvm guest) and not from the lxc-console lxc-console is blank when i installed ssh inside the container i was able to access it and use it nicely only had 2 services failing systemd-kmsg-syslogd.service plymouth-start.service any hints on how does lxc-console work to help me figure it out also agetty on tty* keeps restarting (maybe that's why no lxc-console) anyoe interested in trying it out? -- BR RH http://informatiq.org -- Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] version 0.8.0 coming soon
On Tue, Feb 28, 2012 at 5:13 PM, Serge Hallyn
serge.hal...@canonical.com wrote:
Quoting Papp Tamas (tom...@martos.bme.hu):
On 02/28/2012 01:20 AM, Serge Hallyn wrote:
Quoting Daniel Lezcano (daniel.lezc...@free.fr):
Hi all,
I will release a 0.8.0-rc1. I am looking for volunteer to test it :)
Worked fine for me. Tested create and clone of ubuntu, ubuntu and
ubuntu-cloud images, with dir and lvm backing stores. (And a run
of lp:~serge-hallyn/+junk/lxc-test)
Note, because upstream kernel didn't much care about the
'mount -o remount,ro /' problem, I'm going to patch lxc to
pin open a '${rootfs}.hold' file, as long as the container
is running. That will prevent the underlying fs from being
remounted ro. (see
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/942325 for
details). That'll buy us some time to find a better solution
in the kernel.
Why can a container change mount options outside of its rootfs?
Sorry for the stupid question:)
It's not a stupid question at all.
The container isn't changing mount options outside of its rootfs. THere
are two places an fs can be marked readonly - in the mount itself, and in
the superblock. When you make a bind mount, you are creating more mounts
(vfsmounts) using the same superblcok.
If you do
mount --bind / / # not needed in container bc it's already been done
mount --bind -o remount,ro /
then you are setting the reasonly flag on the mount itself. If you just do
mount -o remount,ro /
then you are setting the reasonly flag on the superblock, which will
force all other mounts of that superblcok to also be readonly.
Right now there is no way to prevent a container from doing that. I sent
a patch to make the devices cgroup be consulted on that, so that it could
reteurn -EPERM. That was refused. The two other options I'm considering
(and it wouldn't hurt ot have both) are 1. to pass the remoutn flags to the
LSM (selinux or apparmor or smack) so that it can deny permission. Right
now it can't do that (except for all-or-nothing check on remount). And 2.
to make it so that after doing
mount --bind / /
mount --bind -o remount,ro /
mount --bind -o remount,rw /
any subsequent
mount -o remount,rw /
would be refused (or automatically done only at the mount level). I don't
think that should be hard to do at fs/namespace.c:do_remount().
-serge
--
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
tested it on f16
ubuntu container from older version still works
cleaning up of nested cgroups now works and no need for me to manually
rmdir all cgroups
f16 container starts (with some issues as before)
f14 works
--
BR
RH
http://informatiq.org
--
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] * fix cached rootfs update * fix rootfs path * add handling of systemd (aka f15)
On Mon, Mar 5, 2012 at 10:28 PM, rha...@informatiq.org wrote:
From: InformatiQ rha...@informatiq.org
Signed-off-by: InformatiQ rha...@informatiq.org
---
templates/lxc-fedora.in | 35 +++
1 files changed, 27 insertions(+), 8 deletions(-)
diff --git a/templates/lxc-fedora.in b/templates/lxc-fedora.in
index e7f42a6..3f50895 100644
--- a/templates/lxc-fedora.in
+++ b/templates/lxc-fedora.in
@@ -69,11 +69,6 @@ EOF
127.0.0.1 localhost $name
EOF
- sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.sysinit
- sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.d/rc.sysinit
- chroot ${rootfs_path} chkconfig udev-post off
- chroot ${rootfs_path} chkconfig network on
-
dev_path=${rootfs_path}/dev
rm -rf $dev_path
mkdir -p $dev_path
@@ -99,6 +94,23 @@ EOF
return 0
}
+configure_fedora_init()
+{
+ sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.sysinit
+ sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.d/rc.sysinit
+ chroot ${rootfs_path} chkconfig udev-post off
+ chroot ${rootfs_path} chkconfig network on
+}
+
+configure_fedora_systemd()
+{
+ unlink ${rootfs_path}/etc/systemd/system/default.target
+ touch ${rootfs_path}/etc/fstab
+ chroot ${rootfs_path} ln -s /dev/null //etc/systemd/system/udev.service
+ chroot ${rootfs_path} ln -s /lib/systemd/system/multi-user.target
/etc/systemd/system/default.target
+ #dependency on a device unit fails it specially that we disabled udev
+ sed -i 's/After=dev-%i.device/After=/'
${rootfs_path}/lib/systemd/system/getty\@.service
+}
download_fedora()
{
@@ -170,7 +182,8 @@ copy_fedora()
update_fedora()
{
- chroot $cache/rootfs yum -y update
+ YUM=yum --installroot $cache/rootfs -y --nogpgcheck
+ $YUM update
}
install_fedora()
@@ -353,7 +366,7 @@ if [ $(id -u) != 0 ]; then
fi
-rootfs_path=$path/$name/rootfs
+rootfs_path=$path/rootfs
config_path=$default_path/$name
cache=$cache_base/$release
@@ -362,7 +375,7 @@ revert()
echo Interrupted, so cleaning up
lxc-destroy -n $name
# maybe was interrupted before copy config
- rm -rf $path/$name
+ rm -rf $path
rm -rf $default_path/$name
echo exiting...
exit 1
@@ -388,6 +401,12 @@ if [ $? -ne 0 ]; then
exit 1
fi
+type /bin/systemd /dev/null 21
+if [ $? -ne 0 ]; then
+ configure_fedora_init
+else
+ configure_fedora_systemd
+fi
if [ ! -z $clean ]; then
clean || exit 1
--
1.7.7.6
there is only problem about systemd not addressed by this script
is that it does mount /dev which stops getty from starting on tty1
so either make it start on any tty higher than what your host is using
and allow that in your lxc cgroup conf
or mount the $rootfs/dev to a different block dev that way systemd
won't mount /dev
the script below does it nicely in the case you don't have a free
block device. the script create a non persistant mount which you don't
need if you are using lvm
[rhanna@hovercraft bin]$ cat lxc-start-fedora
#! /bin/bash
options=$(getopt -o n: -l name: -- $@)
eval set -- $options
while true
do
case $1 in
-n|--name) name=$2; shift 2;;
--) shift
break;;
*) break ;;
esac
done
if [ -z $name ]; then
echo container name must be set, use -n|--name
exit 1
fi
lxc-ls |grep $name /dev/null 21
if [ $? -ne 0 ]; then
echo Container does not exist
exit 1
fi
lxc-info -s -n$name|grep RUNNING /dev/null 21
if [ $? -eq 0 ]; then
echo container already started
exit 1
fi
mount |grep /tmp/lxc/$name /dev/null 21
if [ $? -eq 0 ]; then
umount /tmp/lxc/$name
fi
rm -rf /tmp/lxc/$name
mkdir -p /tmp/lxc/$name
mount none /tmp/lxc/$name -t tmpfs
rsync -a /var/lib/lxc/$name/rootfs/dev/ /tmp/lxc/$name
mount /tmp/lxc/$name f16/rootfs/dev/ -obind
lxc-start $* -n $name
--
BR
RH
http://informatiq.org
--
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] RH and clones 6.2, LXC, SElinux and multiple DEVPTS instances
On Tue, Mar 6, 2012 at 12:06 PM, Iliyan Stoyanov i...@ilf.me wrote: Hi Mauras, Do you by any chance have an fstab file in your container's /etc directory that is trying to mount devpts fs also. I had this issue a week ago with some of my SL6.2 containers on a fedora 16 host. After removing everything /dev/pts related from the fstab in the /etc directory of the containers, everything magically worked. BR, --ilf On Tue, 2012-03-06 at 10:54 +0100, Mauras Olivier wrote: Hello, I've finally successfully migrated my SMACK setup over SElinux to isolate my containers - Thanks to the folks on #selinux@freenode - on a Scientific Linux 6.2 host. (I may share my policy with some details if some of you are interested) So far so good, after loads of hits and misses almost everything works correctly. The only thing that is not, is the multiple devpts instances. It seems that when specifying lxc.pts option in the container config, ssh stops working while /dev/pts is correctly mounted _but_ is still showing pts devices from the host. There's no specific selinux avc denials, and ssh rejects the shell connection with that kind of errors found when /dev/pts is not correctly mounted: sshd[552]: error: ssh_selinux_setup_pty: security_compute_relabel: No such file or directory sshd[556]: error: ioctl(TIOCSCTTY): Operation not permitted sshd[556]: error: open /dev/tty failed - could not set controlling tty: No such device or address As you may guess /dev/tty is present and /dev/pts is correclty mounted as i can do: ssh root@container ls -la /dev/pts Only assigning the pts device for the shell doesn't... Have any of you also hit this problem? Did you find a solution? Regards, Olivier Ps: Using lxc 0.7.5 -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users see my patch regarding f16 and my lxc-start-fedora script should give you an idea -- BR RH http://informatiq.org -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] RH and clones 6.2, LXC, SElinux and multiple DEVPTS instances
On Tue, Mar 6, 2012 at 1:07 PM, Mauras Olivier oliver.mau...@gmail.com wrote: On Tue, Mar 6, 2012 at 11:12 AM, Ramez Hanna rha...@informatiq.org wrote: On Tue, Mar 6, 2012 at 12:06 PM, Iliyan Stoyanov i...@ilf.me wrote: Hi Mauras, Do you by any chance have an fstab file in your container's /etc directory that is trying to mount devpts fs also. I had this issue a week ago with some of my SL6.2 containers on a fedora 16 host. After removing everything /dev/pts related from the fstab in the /etc directory of the containers, everything magically worked. BR, --ilf On Tue, 2012-03-06 at 10:54 +0100, Mauras Olivier wrote: Hello, I've finally successfully migrated my SMACK setup over SElinux to isolate my containers - Thanks to the folks on #selinux@freenode - on a Scientific Linux 6.2 host. (I may share my policy with some details if some of you are interested) So far so good, after loads of hits and misses almost everything works correctly. The only thing that is not, is the multiple devpts instances. It seems that when specifying lxc.pts option in the container config, ssh stops working while /dev/pts is correctly mounted _but_ is still showing pts devices from the host. There's no specific selinux avc denials, and ssh rejects the shell connection with that kind of errors found when /dev/pts is not correctly mounted: sshd[552]: error: ssh_selinux_setup_pty: security_compute_relabel: No such file or directory sshd[556]: error: ioctl(TIOCSCTTY): Operation not permitted sshd[556]: error: open /dev/tty failed - could not set controlling tty: No such device or address As you may guess /dev/tty is present and /dev/pts is correclty mounted as i can do: ssh root@container ls -la /dev/pts Only assigning the pts device for the shell doesn't... Have any of you also hit this problem? Did you find a solution? Regards, Olivier Ps: Using lxc 0.7.5 -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users see my patch regarding f16 and my lxc-start-fedora script should give you an idea -- BR RH http://informatiq.org Hi, Thanks for your reply, i actually looked at your patch, but i don't think it's relevant to my problem as i don't start any getty in the container at all. Now i may be missing something, if so please enlighten me. Regards, Olivier in f16 systemd mounts /ev to devtmpfs no matter what you specify in your fstab the only case where it won't do that is when you have /dev already mounted on a separate block device (that's what my script does to avoid mounting /dev by systemd) if systemd mounts /dev then it has access to your host's devices and is sharing the ttys so for example if running lxc-start -n f16 it will not get you shell or any output from the container because the container is trying to access tty0 which is already in use by the host if you use the -d option then you don't get any access inside the container because lxc-console won't work again because getty will not start on tty1 or any other tty i am not sure if you can start the container or no could be sefull if you post full log of your lxc-start -- BR RH http://informatiq.org -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] * fix cached rootfs update * fix rootfs path * add handling of systemd (aka f15)
On Tue, Mar 6, 2012 at 5:11 PM, Serge Hallyn serge.hal...@canonical.com wrote:
Yes, I think ideally you'd have a single
/var/lib/lxc/fedora-devs
mounted from a single loopback or block device, with each container
having a /var/lib/lxc/fedora-devs/containername directory, populated,
for its dev, bind-mounted in through lxc.mount.entry.
-serge
Quoting rha...@informatiq.org (rha...@informatiq.org):
i can do that but i didn't do it brcause it could be done differently for
different backingsrorage
I'll do it anyway and send patch later
--
Sent from my Nokia N9On 6.3.2012 16:59 Serge Hallyn wrote:
Quoting Ramez Hanna (rha...@informatiq.org):
On Mon, Mar 5, 2012 at 10:28 PM, rha...@informatiq.org wrote:
From: InformatiQ rha...@informatiq.org
Signed-off-by: InformatiQ rha...@informatiq.org
---
templates/lxc-fedora.in | 35 +++
1 files changed, 27 insertions(+), 8 deletions(-)
diff --git a/templates/lxc-fedora.in b/templates/lxc-fedora.in
index e7f42a6..3f50895 100644
--- a/templates/lxc-fedora.in
+++ b/templates/lxc-fedora.in
@@ -69,11 +69,6 @@ EOF
127.0.0.1 localhost $name
EOF
- sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.sysinit
- sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.d/rc.sysinit
- chroot ${rootfs_path} chkconfig udev-post off
- chroot ${rootfs_path} chkconfig network on
-
dev_path=${rootfs_path}/dev
rm -rf $dev_path
mkdir -p $dev_path
@@ -99,6 +94,23 @@ EOF
return 0
}
+configure_fedora_init()
+{
+ sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.sysinit
+ sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.d/rc.sysinit
+ chroot ${rootfs_path} chkconfig udev-post off
+ chroot ${rootfs_path} chkconfig network on
+}
+
+configure_fedora_systemd()
+{
+ unlink ${rootfs_path}/etc/systemd/system/default.target
+ touch ${rootfs_path}/etc/fstab
+ chroot ${rootfs_path} ln -s /dev/null
//etc/systemd/system/udev.service
+ chroot ${rootfs_path} ln -s /lib/systemd/system/multi-user.target
/etc/systemd/system/default.target
+ #dependency on a device unit fails it specially that we disabled
udev
+ sed -i 's/After=dev-%i.device/After=/'
${rootfs_path}/lib/systemd/system/getty\@.service
+}
download_fedora()
{
@@ -170,7 +182,8 @@ copy_fedora()
update_fedora()
{
- chroot $cache/rootfs yum -y update
+ YUM=yum --installroot $cache/rootfs -y --nogpgcheck
+ $YUM update
}
install_fedora()
@@ -353,7 +366,7 @@ if [ $(id -u) != 0 ]; then
fi
-rootfs_path=$path/$name/rootfs
+rootfs_path=$path/rootfs
config_path=$default_path/$name
cache=$cache_base/$release
@@ -362,7 +375,7 @@ revert()
echo Interrupted, so cleaning up
lxc-destroy -n $name
# maybe was interrupted before copy config
- rm -rf $path/$name
+ rm -rf $path
rm -rf $default_path/$name
echo exiting...
exit 1
@@ -388,6 +401,12 @@ if [ $? -ne 0 ]; then
exit 1
fi
+type /bin/systemd /dev/null 21
+if [ $? -ne 0 ]; then
+ configure_fedora_init
+else
+ configure_fedora_systemd
+fi
if [ ! -z $clean ]; then
clean || exit 1
--
1.7.7.6
there is only problem about systemd not addressed by this script
is that it does mount /dev which stops getty from starting on tty1
so either make it start on any tty higher than what your host is using
and allow that in your lxc cgroup conf
or mount the $rootfs/dev to a different block dev that way systemd
won't mount /dev
Could the template create a 1M loopback file,
/var/lib/lxc/container/dev.loopback, populated with /dev and
mounted by a lxc.mount.entry?
-serge
creating a loopback file for each container will not work from
lxc.conf as lxc won't mount it, it has to be bound to a loopdevice
first
i was hoping to make it happen with no pre steps
any ideas? to avoid manual intervention at all
--
BR
RH
http://informatiq.org
--
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Know issue? lxc-fedora command/script missing?
On Sat, Jul 14, 2012 at 8:17 PM, Schorschi schors...@dc.rr.com wrote: Know issue? lxc-fedora command/script missing? when doing... # yum install lxc no command/script is added called 'lxc-fedora' I untared the 0.7.5 and 0.8.0rc2 tars, and there is a template script file... lxc-fedora.in in both. So what gives? Also, a lot of the LXC documentation, blogs, etc is very dated. Including the official LXC web page. Is someone going to update for Fedora 17? Most of the references in Google are over 2 years old now. Last, has febootstrap been depreciated for use with LXC? This seems to be a point of confusion given the dated information and the few blog comments out on the internet. Schorschi -Original Message- From: Stéphane Graber [mailto:stgra...@ubuntu.com] Sent: Saturday, July 14, 2012 08:30 To: Serge Hallyn Cc: Lxc-users@lists.sourceforge.net Subject: Re: [Lxc-users] lxcbr0 on Ubuntu 12.04 On 07/14/2012 09:48 AM, Serge Hallyn wrote: Quoting Clemens Perz (cp...@gmx.net): On 13.07.2012 17:08, Stéphane Graber wrote: On 07/13/2012 03:36 AM, groupie wrote: Hi all! I tried to figure out a glitch with the bridge interface in precise. Its a fresh desktop install and after booting the machine, lxcbr0 never exists. I open a terminal and do sudo service lxc restart and woop, without errors, it just comes up. Two more details: I dont have any containers in auto, I start them as needed. And there is a named running for local dns resolution on all virtual networks (using kde and vmware on the same machine) Any ideas where to tweak? Cheers, Your groupie You'll probably want to check /var/log/upstart/lxc* for errors. That contained a hint indeed: dnsmasq: failed to create listening socket for 192.168.122.1: Address already in use A look into lxc-net.conf shows that it buggers out when it cant start dnsmasq and removes the bridge completely. So at starttime named is some milliseconds faster to aquire the bridge interface and makes dnsmasq fail. Bridge removed, named kicked in the ass. So you do a restart later everything works fine. I just added USE_LXC_DNSMASQ=false to the lxc defaults and the corresponding if statement to lxc-net.conf. Works now even on boot time. Cheers, Groupie Note that the fix for this (installing an /etc/dnsmasq.d/lxc file which makes the system-wide dnsmasq bind-interfaces except lxcbr0) should be clearing SRU soon. (I thouhgt it already had) -serge It did. It was part of the last batch (0.7.5-3ubuntu59). -- Stéphane Graber Ubuntu developer http://www.ubuntu.com -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users I did most of the work for the fedora template yes the febootstrap is deprecated, because the developer of febootstrap changed direction and is focusing on creating ultra thin fedora images which did not work for lxc http://informatiq.org/content/lxc-fedora-now-works-f15-onwards for more info lxc-fedora is a template script in /usr/lib64/lxc/templates/lxc-fedora and is called when u pass the -t parameter to lxc-create there is also a script i pated in the mailing list called lxc-start-fedora as a workaround I'll try to write up more about lxc and fedora soon -- BR RH http://informatiq.org -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] error starting lxc containers
host: fedora 17 kernel: 3.6.11-5.fc17.x86_64 lxc: 0.9 alpha2 systemd: systemd-44-23.fc17.x86_64 selinux is disabled lxc-start -n build02 build02 is a wheezy container built with the debina template was working fine both kernel and systemd were upgraded (can't tell which one broke it) error is lxc-start 1358593239.324 INFO lxc_conf - cgroup has been setup lxc-start 1358593239.324 INFO lxc_conf - console has been setup lxc-start 1358593239.325 ERRORlxc_conf - Operation not permitted - error creating /usr/lib64/lxc/rootfs/dev/tty1 lxc-start 1358593239.329 ERRORlxc_conf - Operation not permitted - error creating /usr/lib64/lxc/rootfs/dev/tty2 lxc-start 1358593239.330 ERRORlxc_conf - Operation not permitted - error creating /usr/lib64/lxc/rootfs/dev/tty3 lxc-start 1358593239.332 ERRORlxc_conf - Operation not permitted - error creating /usr/lib64/lxc/rootfs/dev/tty4 lxc-start 1358593239.334 INFO lxc_conf - 4 tty(s) has been setup lxc-start 1358593239.334 DEBUGlxc_conf - mountpoint for old rootfs is '/usr/lib64/lxc/rootfs/lxc_putold' lxc-start 1358593239.334 ERRORlxc_conf - Invalid argument - pivot_root syscall failed lxc-start 1358593239.336 ERRORlxc_conf - failed to setup pivot root lxc-start 1358593239.337 ERRORlxc_conf - failed to set rootfs for 'f17' lxc-start 1358593239.338 ERRORlxc_start - failed to setup the container lxc-start 1358593239.339 ERRORlxc_sync - invalid sequence number 1. expected 2 lxc-start 1358593239.340 ERRORlxc_start - failed to spawn 'f17' any pointers to where this comes from? -- BR RH http://informatiq.org -- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122912___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] error starting lxc containers
On Sun, Jan 20, 2013 at 1:27 AM, Michael H. Warfield m...@wittsend.comwrote: On Sat, 2013-01-19 at 23:33 +0200, Ramez Hanna wrote: host: fedora 17 kernel: 3.6.11-5.fc17.x86_64 lxc: 0.9 alpha2 systemd: systemd-44-23.fc17.x86_64 selinux is disabled I have a Fedora 17 host (and several other hosts as well as Fedora 18 for testing)... The latest update to systemd broke lxc due to the pivot_root problem with their use of the MS_SHARED mount attribute that has been under active discussion for the last couple of weeks. No, it is not functional under 0.9.0 alpha2. It is, more or less, fixed under current staging (fixed with a lot of uglyness that we're trying to address). Your errors reported below don't seem to exactly correspond to the errors I would expect but, I would expect that, if you had recently upgraded that Fedora 17 host to the latest systemd, you are going to fail, period. Most likely, I would expect you to fail with a pivot_root failure but anything is possible. It's broken and we know it. lxc-start -n build02 build02 is a wheezy container built with the debina template was working fine both kernel and systemd were upgraded (can't tell which one broke it) Most likely, it's the systemd upgrade that caused the failure. Fedora 17 with the latest systemd from fedora-upgrades has broken lxc and even 0.9.0 alpha2 does not fix it. You have to use staging from git and build your own. Regards, Mike error is lxc-start 1358593239.324 INFO lxc_conf - cgroup has been setup lxc-start 1358593239.324 INFO lxc_conf - console has been setup lxc-start 1358593239.325 ERRORlxc_conf - Operation not permitted - error creating /usr/lib64/lxc/rootfs/dev/tty1 lxc-start 1358593239.329 ERRORlxc_conf - Operation not permitted - error creating /usr/lib64/lxc/rootfs/dev/tty2 lxc-start 1358593239.330 ERRORlxc_conf - Operation not permitted - error creating /usr/lib64/lxc/rootfs/dev/tty3 lxc-start 1358593239.332 ERRORlxc_conf - Operation not permitted - error creating /usr/lib64/lxc/rootfs/dev/tty4 lxc-start 1358593239.334 INFO lxc_conf - 4 tty(s) has been setup lxc-start 1358593239.334 DEBUGlxc_conf - mountpoint for old rootfs is '/usr/lib64/lxc/rootfs/lxc_putold' lxc-start 1358593239.334 ERRORlxc_conf - Invalid argument - pivot_root syscall failed lxc-start 1358593239.336 ERRORlxc_conf - failed to setup pivot root lxc-start 1358593239.337 ERRORlxc_conf - failed to set rootfs for 'f17' lxc-start 1358593239.338 ERRORlxc_start - failed to setup the container lxc-start 1358593239.339 ERRORlxc_sync - invalid sequence number 1. expected 2 lxc-start 1358593239.340 ERRORlxc_start - failed to spawn 'f17' any pointers to where this comes from? -- BR RH http://informatiq.org -- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122912 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF| possible worlds. A pessimist is sure of it! ouch that stings. I'll be testing staging then -- BR RH http://informatiq.org -- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnnow-d2d___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] error starting lxc containers
I am reporting that staging works on fedora for debian containers at least haven't yet tested fedora containers On Tue, Jan 22, 2013 at 9:42 AM, Ramez Hanna rha...@informatiq.org wrote: On Sun, Jan 20, 2013 at 1:27 AM, Michael H. Warfield m...@wittsend.comwrote: On Sat, 2013-01-19 at 23:33 +0200, Ramez Hanna wrote: host: fedora 17 kernel: 3.6.11-5.fc17.x86_64 lxc: 0.9 alpha2 systemd: systemd-44-23.fc17.x86_64 selinux is disabled I have a Fedora 17 host (and several other hosts as well as Fedora 18 for testing)... The latest update to systemd broke lxc due to the pivot_root problem with their use of the MS_SHARED mount attribute that has been under active discussion for the last couple of weeks. No, it is not functional under 0.9.0 alpha2. It is, more or less, fixed under current staging (fixed with a lot of uglyness that we're trying to address). Your errors reported below don't seem to exactly correspond to the errors I would expect but, I would expect that, if you had recently upgraded that Fedora 17 host to the latest systemd, you are going to fail, period. Most likely, I would expect you to fail with a pivot_root failure but anything is possible. It's broken and we know it. lxc-start -n build02 build02 is a wheezy container built with the debina template was working fine both kernel and systemd were upgraded (can't tell which one broke it) Most likely, it's the systemd upgrade that caused the failure. Fedora 17 with the latest systemd from fedora-upgrades has broken lxc and even 0.9.0 alpha2 does not fix it. You have to use staging from git and build your own. Regards, Mike error is lxc-start 1358593239.324 INFO lxc_conf - cgroup has been setup lxc-start 1358593239.324 INFO lxc_conf - console has been setup lxc-start 1358593239.325 ERRORlxc_conf - Operation not permitted - error creating /usr/lib64/lxc/rootfs/dev/tty1 lxc-start 1358593239.329 ERRORlxc_conf - Operation not permitted - error creating /usr/lib64/lxc/rootfs/dev/tty2 lxc-start 1358593239.330 ERRORlxc_conf - Operation not permitted - error creating /usr/lib64/lxc/rootfs/dev/tty3 lxc-start 1358593239.332 ERRORlxc_conf - Operation not permitted - error creating /usr/lib64/lxc/rootfs/dev/tty4 lxc-start 1358593239.334 INFO lxc_conf - 4 tty(s) has been setup lxc-start 1358593239.334 DEBUGlxc_conf - mountpoint for old rootfs is '/usr/lib64/lxc/rootfs/lxc_putold' lxc-start 1358593239.334 ERRORlxc_conf - Invalid argument - pivot_root syscall failed lxc-start 1358593239.336 ERRORlxc_conf - failed to setup pivot root lxc-start 1358593239.337 ERRORlxc_conf - failed to set rootfs for 'f17' lxc-start 1358593239.338 ERRORlxc_start - failed to setup the container lxc-start 1358593239.339 ERRORlxc_sync - invalid sequence number 1. expected 2 lxc-start 1358593239.340 ERRORlxc_start - failed to spawn 'f17' any pointers to where this comes from? -- BR RH http://informatiq.org -- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122912 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF| possible worlds. A pessimist is sure of it! ouch that stings. I'll be testing staging then -- BR RH http://informatiq.org -- BR RH http://informatiq.org -- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnnow-d2d___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
