Quoting Peter Steele ([email protected]): > On 12/09/2015 09:43 AM, Serge Hallyn wrote: > >And "the systemd errors" is the ssh-keygen ones only? Or is there > >more? > Various services are being impacted, for example, I saw these errors > in a run yesterday: > > Dec 7 13:52:00 pws-vm-00 systemd: Failed at step CGROUP spawning > /usr/bin/kmod: No such file or directory > Dec 7 13:52:00 pws-vm-00 systemd: Mounted Huge Pages File System. > Dec 7 13:52:00 pws-vm-00 systemd: kmod-static-nodes.service: main > process exited, code=exited, status=219/CGROUP > Dec 7 13:52:00 pws-vm-00 systemd: Failed to start Create list of > required static device nodes for the current kernel. > Dec 7 13:52:00 pws-vm-00 systemd: Unit kmod-static-nodes.service > entered failed state.
This is the kind of thing I'd expect when using cgmanager or lxcfs, but not with straight lxc+cgfs. Can you show what /sys/fs/cgroup tree and /proc/1/cgroup looks like in a working container? > Dec 7 13:52:01 pws-vm-00 systemd: Failed at step CGROUP spawning > /etc/rc.d/init.d/jexec: No such file or directory > Dec 7 13:52:01 pws-vm-00 systemd: jexec.service: control process > exited, code=exited status=219 > Dec 7 13:52:01 pws-vm-00 systemd: Failed to start LSB: Supports the > direct execution of binary formats.. > Dec 7 13:52:01 pws-vm-00 systemd: Unit jexec.service entered failed state. > > At least a half dozen different services have failed in the various > tests I've done, and the set is always different from run to run. > >And you do, or do not, also get these with containers created > >through the download template? > > > Most of my tests have been with my custom containers of course since > we need the additional tools and files that make up our management > software. I did a test though where I blew away the containers that > were created by my install framework and replaced them all with the > generic CentOS download template. I was unable to reproduce the > systemd errors with this simple container. I then installed the > additional OS modules and other third party packages that we use in > our software on top of this basic container and the systemd errors > returned. I'm going to break this process down a bit more to see if > I can identify what additions to the base container cause systemd to > fail. Interesting. I suppose just looking at the 'capsh --print' output difference for the bounding set between the custom containers spawned by lxc and libvirt-lxc could be enlightening. _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
