*You didn't tell it to use logging.* -> Please, how can i tell it to use logging ?
* And you are using gmail to post to mailing list.* --> yeah ! is there a problem to use gmail to post to the list ? Thanks a lot. Best Regards. 2015-06-21 13:00 GMT+01:00 <lxc-users-requ...@lists.linuxcontainers.org>: > Send lxc-users mailing list submissions to > lxc-users@lists.linuxcontainers.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.linuxcontainers.org/listinfo/lxc-users > or, via email, send a message with subject or body 'help' to > lxc-users-requ...@lists.linuxcontainers.org > > You can reach the person managing the list at > lxc-users-ow...@lists.linuxcontainers.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of lxc-users digest..." > > Today's Topics: > > 1. Re: Where can i find the causes of restart problems (Thouraya TH) > 2. Re: Where can i find the causes of restart problems (Andrey Repin) > > > ---------- Message transféré ---------- > From: Thouraya TH <thouray...@gmail.com> > To: LXC users mailing-list <lxc-users@lists.linuxcontainers.org> > Cc: > Date: Sat, 20 Jun 2015 13:19:14 +0100 > Subject: Re: [lxc-users] Where can i find the causes of restart problems > i can't start the container and i have find 0 lines in the .log file ! > > > root@localhost:/var/log/lxc# lxc-start -n worker1 > ^C > root@localhost:/var/log/lxc# vim worker1.log > root@localhost:/var/log/lxc# > > Best Regards. > > > > 2015-06-20 13:00 GMT+01:00 <lxc-users-requ...@lists.linuxcontainers.org>: > >> Send lxc-users mailing list submissions to >> lxc-users@lists.linuxcontainers.org >> >> To subscribe or unsubscribe via the World Wide Web, visit >> http://lists.linuxcontainers.org/listinfo/lxc-users >> or, via email, send a message with subject or body 'help' to >> lxc-users-requ...@lists.linuxcontainers.org >> >> You can reach the person managing the list at >> lxc-users-ow...@lists.linuxcontainers.org >> >> When replying, please edit your Subject line so it is more specific >> than "Re: Contents of lxc-users digest..." >> >> Today's Topics: >> >> 1. "mesh networking" for lxc containers (similar to weave)? >> (Tomasz Chmielewski) >> 2. Re: Nested container in unpriviledged container (Xavier Gendre) >> 3. Re: "mesh networking" for lxc containers (similar to weave)? >> (Christoph Lehmann) >> 4. Re: "mesh networking" for lxc containers (similar to weave)? >> (Tomasz Chmielewski) >> 5. Re: "mesh networking" for lxc containers (similar to weave)? >> (Janjaap Bos) >> 6. Where can i find the causes of restart problems (Thouraya TH) >> 7. Re: Where can i find the causes of restart problems (Janjaap Bos) >> >> >> ---------- Message transféré ---------- >> From: Tomasz Chmielewski <man...@wpkg.org> >> To: lxc-users@lists.linuxcontainers.org >> Cc: >> Date: Sat, 20 Jun 2015 01:15:23 +0900 >> Subject: [lxc-users] "mesh networking" for lxc containers (similar to >> weave)? >> Are there any solutions which would let one build "mesh networking" for >> lxc containers, similar to what weave does for docker? >> >> Assumptions: >> >> - multiple servers (hosts) which are not in the same subnet (i.e. in >> different DCs in different countries), >> - containers share the same subnet (i.e. 10.0.0.0/8), no matter on which >> host they are running >> - if container is migrated to a different host, it is still reachable on >> the same IP address without any changes in the networking >> >> >> I suppose the solution would run only once on each of the hosts, rather >> than in each container. >> >> Is there something similar for lxc? >> >> -- >> Tomasz Chmielewski >> http://wpkg.org >> >> >> >> >> ---------- Message transféré ---------- >> From: Xavier Gendre <gendre.rei...@gmail.com> >> To: lxc-users@lists.linuxcontainers.org >> Cc: >> Date: Fri, 19 Jun 2015 18:44:14 +0200 >> Subject: Re: [lxc-users] Nested container in unpriviledged container >> Le 18/06/2015 06:35, Serge Hallyn a écrit : >> >>> Quoting Xavier Gendre (gendre.rei...@gmail.com): >>> >>>> Le 15/06/2015 17:17, Serge Hallyn a écrit : >>>> >>>>> Quoting Xavier Gendre (gendre.rei...@gmail.com): >>>>> >>>>>> Hi, >>>>>> >>>>>> i wanted to run a container in an unpriviledged container and i am >>>>>> glad to succes in doing it. The point is that i am not sure if what >>>>>> i did is acceptable from the security point of view or not... >>>>>> >>>>>> Here are the steps i did: >>>>>> >>>>>> 1) create an unpriviledged container (lxc.id_map, ...) called 'test'. >>>>>> >>>>>> 2) mount a tmpfs to /sys/fs/cgroup in 'test' by adding this line in >>>>>> its config file: >>>>>> >>>>>> lxc.mount.auto = cgroup:mixed >>>>>> >>>>>> 3) create a basic container called 'p1' with the download template >>>>>> as root in 'test'. >>>>>> >>>>>> 4) in the host, i chown the cgroup hierarchy of 'test' to give it to >>>>>> the user id mapped to the id 0 in 'test' (this id is 362144 in my >>>>>> example), >>>>>> >>>>>> for T in `ls /sys/fs/cgroup`; do >>>>>> chown -R 362144:362144 /sys/fs/cgroup/$T/lxc/test >>>>>> done >>>>>> >>>>>> 5) succesfully start the container 'p1' in 'test' :-) >>>>>> >>>>>> I am not an expert with cgroups and i am wondering if i am letting >>>>>> the devil enters in my home with that... >>>>>> >>>>>> So, what is your opinion: is it a possible security break or is it >>>>>> safe? >>>>>> >>>>> >>>>> Two things to make this safer >>>>> >>>>> 1. only chown the actual directory /sys/fs/cgroup/$T/lxc/test and maybe >>>>> its 'tasks' and 'cgroup.procs' files. That way the container can >>>>> create >>>>> sub-cgroups but cannot raise its own limits. >>>>> >>>>> 2. Only do this for the controllers you definately need. Freezer and >>>>> memory for example. Then set lxc.cgroup.use in /etc/lxc/lxc.conf >>>>> (see lxc.system.conf(5)). >>>>> >>>>> -serge >>>>> >>>> >>>> Hello Serge, >>>> >>>> thank you for your advices. Indeed, chowning only the directories is >>>> sufficient to start the nested container. I did not have to chown >>>> 'tasks' and 'cgroup.procs' in order to simply start it. >>>> >>>> Your second point is more obscur for me... For now, i have to chown >>>> all the controllers: >>>> >>>> 'blkio' 'cpu,cpuacct' 'cpuset' 'devices' 'freezer' >>>> 'net_cls,net_prio' 'perf_event' >>>> >>>> When you say 'need', it applies to the container 'test' or to 'p1' >>>> in my example? >>>> >>> >>> The child one, p1. With new enough lxc you should be able to >>> use only freezer, setting that as lxc.cgroup.use in the >>> system lxc.conf. >>> >> >> Arf, for now, i am still working with Debian Jessie and LXC 1.0.7. I will >> be able to try your suggestions when more recent version of LXC will appear >> in Debian repositories. Thus, i continue to chown my whole list of >> controllers :-° >> >> If i plan to allow quite general containers to run in >>>> my unpriviledged container, all the controllers should be chowned or >>>> is there some that are definitely not needed? >>>> >>> >>> General containers are fine, it's only if you need the nested containers >>> to be more finely restricted, i.e. if you simply must be able to >>> allocated only a subset of test1's cpus or memory. >>> >> >> Ok, thanks for this example, it is clearer for me now. >> >> Thank you for these explanations, >> Xavier >> >> >> >> ---------- Message transféré ---------- >> From: Christoph Lehmann <p...@christophlehmann.eu> >> To: LXC users mailing-list <lxc-users@lists.linuxcontainers.org> >> Cc: >> Date: Fri, 19 Jun 2015 20:20:21 +0200 >> Subject: Re: [lxc-users] "mesh networking" for lxc containers (similar to >> weave)? >> There is no magic with lxcs networking. Its just a bridge and some >> iptables rules for NAT and a dhcp server. >> >> You can setup a bridge on your public interface, configure the container >> to use that bridge and do the same on your second host. >> >> Am 19. Juni 2015 18:15:23 MESZ, schrieb Tomasz Chmielewski < >> man...@wpkg.org>: >>> >>> Are there any solutions which would let one build "mesh networking" for >>> lxc containers, similar to what weave does for docker? >>> >>> Assumptions: >>> >>> - multiple servers (hosts) which are not in the same subnet (i.e. in >>> different DCs in different countries), >>> - containers share the same subnet (i.e. 10.0.0.0/8), no matter on which >>> host they are running >>> - if container is migrated to a different host, it is still reachable on >>> the same IP address without any changes in the networking >>> >>> >>> I suppose the solution would run only once on each of the hosts, rather >>> than in each container. >>> >>> Is there something similar for lxc? >>> >>> >> -- >> Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail >> gesendet. >> >> >> ---------- Message transféré ---------- >> From: Tomasz Chmielewski <man...@wpkg.org> >> To: LXC users mailing-list <lxc-users@lists.linuxcontainers.org> >> Cc: >> Date: Sat, 20 Jun 2015 10:37:12 +0900 >> Subject: Re: [lxc-users] "mesh networking" for lxc containers (similar to >> weave)? >> I know this is just "normal networking", however, there are at least two >> issues with your suggestions: >> >> - it assumes the hosts are in the same subnet (say, connected to the same >> switch), so it won't work if the hosts have two different public IPs (i.e. >> 46.1.2.3 and 124.8.9.10) >> >> - with just two hosts, you may overcome the above limitation with some >> VPN magic; however, it becomes problematic as the number of hosts grows >> (imagine 10 or more hosts, trying to set it up without SPOF / central VPN >> server; ideally, the hosts should talk to themselves using the shortest >> paths possible) >> >> >> Therefore, I'm asking if there is any better "magic", as you say, for lxc >> networking? >> Possibly it could be achieved with tinc, running on hosts only - >> http://www.tinc-vpn.org/ - but haven't really used it. >> And maybe people have other ideas? >> >> -- >> Tomasz Chmielewski >> http://wpkg.org >> >> >> On 2015-06-20 03:20, Christoph Lehmann wrote: >> >>> There is no magic with lxcs networking. Its just a bridge and some >>> iptables rules for NAT and a dhcp server. >>> >>> You can setup a bridge on your public interface, configure the >>> container to use that bridge and do the same on your second host. >>> >>> Am 19. Juni 2015 18:15:23 MESZ, schrieb Tomasz Chmielewski >>> <man...@wpkg.org>: >>> >>> Are there any solutions which would let one build "mesh networking" >>>> for >>>> lxc containers, similar to what weave does for docker? >>>> >>>> Assumptions: >>>> >>>> - multiple servers (hosts) which are not in the same subnet (i.e. in >>>> >>>> different DCs in different countries), >>>> - containers share the same subnet (i.e. 10.0.0.0/8 [1]), no matter >>>> on which >>>> host they are running >>>> - if container is migrated to a different host, it is still >>>> reachable on >>>> the same IP address without any changes in the networking >>>> >>>> I suppose the solution would run only once on each of the hosts, >>>> rather >>>> than in each container. >>>> >>>> Is there something similar for lxc? >>>> >>> >>> -- >>> Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail >>> gesendet. >>> _______________________________________________ >>> lxc-users mailing list >>> lxc-users@lists.linuxcontainers.org >>> http://lists.linuxcontainers.org/listinfo/lxc-users >>> >> >> >> >> >> ---------- Message transféré ---------- >> From: Janjaap Bos <janjaap...@gmail.com> >> To: LXC users mailing-list <lxc-users@lists.linuxcontainers.org> >> Cc: >> Date: Sat, 20 Jun 2015 08:16:27 +0200 >> Subject: Re: [lxc-users] "mesh networking" for lxc containers (similar to >> weave)? >> Yes, ZeroTier provides peer-to-peer virtual networking. It is cloud / >> container / virtualiser agnostic. It will work anywhere and we use it for >> connecting containers & vm's across clouds. Also to provide access to users >> on Windows / OSX. >> >> Within the container you need access to the /dev/net/tun device and >> depending on the flavour (lxc / lxd / docker) net_admin capabilities. >> >> You can download it at https://www.zerotier.com or build it from >> https://github.com/zerotier/ZeroTierOne >> >> Since it is peer-to-peer there is very little overhead. Packets destined >> for local peers will stay within the local net. You can create very large >> distributed flat ether networks. Great for the type of cloud backplane you >> described. >> >> Also, this enables you to live migrate instances while maintaining their >> network configuration. >> >> 2015-06-20 3:37 GMT+02:00 Tomasz Chmielewski <man...@wpkg.org>: >> >>> I know this is just "normal networking", however, there are at least two >>> issues with your suggestions: >>> >>> - it assumes the hosts are in the same subnet (say, connected to the >>> same switch), so it won't work if the hosts have two different public IPs >>> (i.e. 46.1.2.3 and 124.8.9.10) >>> >>> - with just two hosts, you may overcome the above limitation with some >>> VPN magic; however, it becomes problematic as the number of hosts grows >>> (imagine 10 or more hosts, trying to set it up without SPOF / central VPN >>> server; ideally, the hosts should talk to themselves using the shortest >>> paths possible) >>> >>> >>> Therefore, I'm asking if there is any better "magic", as you say, for >>> lxc networking? >>> Possibly it could be achieved with tinc, running on hosts only - >>> http://www.tinc-vpn.org/ - but haven't really used it. >>> And maybe people have other ideas? >>> >>> -- >>> Tomasz Chmielewski >>> http://wpkg.org >>> >>> >>> On 2015-06-20 03:20, Christoph Lehmann wrote: >>> >>>> There is no magic with lxcs networking. Its just a bridge and some >>>> iptables rules for NAT and a dhcp server. >>>> >>>> You can setup a bridge on your public interface, configure the >>>> container to use that bridge and do the same on your second host. >>>> >>>> Am 19. Juni 2015 18:15:23 MESZ, schrieb Tomasz Chmielewski >>>> <man...@wpkg.org>: >>>> >>>> Are there any solutions which would let one build "mesh networking" >>>>> for >>>>> lxc containers, similar to what weave does for docker? >>>>> >>>>> Assumptions: >>>>> >>>>> - multiple servers (hosts) which are not in the same subnet (i.e. in >>>>> >>>>> different DCs in different countries), >>>>> - containers share the same subnet (i.e. 10.0.0.0/8 [1]), no matter >>>>> on which >>>>> host they are running >>>>> - if container is migrated to a different host, it is still >>>>> reachable on >>>>> the same IP address without any changes in the networking >>>>> >>>>> I suppose the solution would run only once on each of the hosts, >>>>> rather >>>>> than in each container. >>>>> >>>>> Is there something similar for lxc? >>>>> >>>> >>>> -- >>>> Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail >>>> gesendet. >>>> _______________________________________________ >>>> lxc-users mailing list >>>> lxc-users@lists.linuxcontainers.org >>>> http://lists.linuxcontainers.org/listinfo/lxc-users >>>> >>> >>> _______________________________________________ >>> lxc-users mailing list >>> lxc-users@lists.linuxcontainers.org >>> http://lists.linuxcontainers.org/listinfo/lxc-users >>> >> >> >> >> ---------- Message transféré ---------- >> From: Thouraya TH <thouray...@gmail.com> >> To: LXC users mailing-list <lxc-users@lists.linuxcontainers.org> >> Cc: >> Date: Sat, 20 Jun 2015 12:56:03 +0100 >> Subject: [lxc-users] Where can i find the causes of restart problems >> Hello all, >> >> Please, i try to run my container but it is blocked. >> >> >> lxc-start -n worker1 >> >> >> Where can i find the causes of restart problems ? (logs?) >> >> >> Thanks a lot. >> Best Regards. >> >> >> ---------- Message transféré ---------- >> From: Janjaap Bos <janjaap...@gmail.com> >> To: LXC users mailing-list <lxc-users@lists.linuxcontainers.org> >> Cc: >> Date: Sat, 20 Jun 2015 13:57:56 +0200 >> Subject: Re: [lxc-users] Where can i find the causes of restart problems >> /var/log/lxc >> >> 2015-06-20 13:56 GMT+02:00 Thouraya TH <thouray...@gmail.com>: >> >>> Hello all, >>> >>> Please, i try to run my container but it is blocked. >>> >>> >>> lxc-start -n worker1 >>> >>> >>> Where can i find the causes of restart problems ? (logs?) >>> >>> >>> Thanks a lot. >>> Best Regards. >>> >>> _______________________________________________ >>> lxc-users mailing list >>> lxc-users@lists.linuxcontainers.org >>> http://lists.linuxcontainers.org/listinfo/lxc-users >>> >> >> >> _______________________________________________ >> lxc-users mailing list >> lxc-users@lists.linuxcontainers.org >> http://lists.linuxcontainers.org/listinfo/lxc-users >> > > > > ---------- Message transféré ---------- > From: Andrey Repin <anrdae...@yandex.ru> > To: Thouraya TH <lxc-users@lists.linuxcontainers.org> > Cc: > Date: Sat, 20 Jun 2015 16:01:31 +0300 > Subject: Re: [lxc-users] Where can i find the causes of restart problems > Greetings, Thouraya TH! > > > i can't start the container and i have find 0 lines in the .log file ! > > > > root@localhost:/var/log/lxc# lxc-start -n worker1 > > ^C > > root@localhost:/var/log/lxc# vim worker1.log > > root@localhost:/var/log/lxc# > > You didn't tell it to use logging. > And you are using gmail to post to mailing list. > > > -- > With best regards, > Andrey Repin > Saturday, June 20, 2015 16:00:23 > > Sorry for my terrible english... > > > > _______________________________________________ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users >
_______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
