Hi all, We are trying to convert our libvirt-lxc containers to LXC containers on CentOS 7 due to race conditions that are causing a lot of instability during our testing of the former. I am currently testing against LXC 1.0.9 because it was easily available to me in the EPEL repo, but I hope to upgrade to an LXC 2.x.x version in the future.
For the most part, this is working great. I can even run lxc-start or lxc-autostart manually and see everything-including our five veth interfaces-successfully come online for the container. The problem, however, is that if I allow the default lxc.service systemd service, or my custom systemd service, to automatically start the container on boot, only a single interface comes online (as in, gets an IP address...though I can attach to the container and do an ip addr show and see that all interfaces are up, just with no IP addresses). Further, if I try to restart the container manually after systemd automatically starts the container, only a single interface continues to come online. I currently have SELinux disabled to try to eliminate at least one possibly source of issue. Thinking that maybe networking isn't up yet (even though the services require networking-online.service), I have tried adding in a four minute delay prior to letting the service attempt to auto-start LXC containers to no avail. Interestingly, after disabling all the above-discussed LXC services, I also tried using the @reboot "hack" to run lxc-autostart as root to no avail. For what it is worth, this container (and others that will follow) can/should be run as root (unprivledged?). We plan to use SELinux to "sandbox" them. I'll paste the current configuration file I'm working with below. If there are specific log files that would be nice to see as well, please let me know. Any help/pointers/etc would be deeply appreciated. Thanks so much, Luke ================================================================================ # Distribution configuration lxc.include = /usr/share/lxc/config/centos.common.conf lxc.arch = x86_64 # Container specific configuration lxc.rootfs = /var/lib/libvirt/filesystems/newcontainer lxc.utsname = newcontainer # SELinux context #lxc.se_context = system_u:system_r:virtd_lxc_t:s0-s0:c0.c1023 lxc.logfile = /newcontainer.log lxc.loglevel = 1 # Enable auto start lxc.start.auto = 1 # Set up some system limits #lxc.cgroup.memory.limit_in_bytes = 488282K #lxc.cgroup.memory.memsw.limit_in_bytes = 500000K #lxc.cgroup.cpuset.cpus = 0 # Network configuration lxc.network.0.type = veth lxc.network.0.flags = up lxc.network.0.link = br-base lxc.network.0.hwaddr = 52:54:00:af:83:80 lxc.network.1.type = veth lxc.network.1.flags = up lxc.network.1.link = br-eth0 lxc.network.1.hwaddr = 52:54:00:6e:5a:47 lxc.network.2.type = veth lxc.network.2.flags = up lxc.network.2.link = br-eth2 lxc.network.2.hwaddr = 52:54:00:4d:b5:6e lxc.network.3.type = veth lxc.network.3.flags = up lxc.network.3.link = br-eth3 lxc.network.3.hwaddr = 52:54:00:eb:a3:24 lxc.network.4.type = veth lxc.network.4.flags = up lxc.network.4.link = br-eth4 lxc.network.4.hwaddr = 52:54:00:ec:a4:4a ================================================================================ This E-mail is confidential. It may also be legally privileged. If you are not the addressee you may not copy, forward, disclose or use any part of it. If you have received this message in error, please delete it and all copies from your system and notify the sender immediately by return E-mail. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions.
_______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
