[lxc-users] lxc list --fast

2016-03-19 Thread Tamas Papp 

hi,

tompos@ttk-mdr:~$ lxc list
+---+-++--++---+ 

| NAME  |  STATE  |  IPV4  | IPV6 |
TYPE| SNAPSHOTS |
+---+-++--++---+ 

| connect   | RUNNING | 10.0.3.3 (eth0)| | 
PERSISTENT | 9 |
+---+-++--++---+ 

| connect-mysql | RUNNING | 10.0.3.4 (eth0)| | 
PERSISTENT | 9 |
|   | | 172.29.251.1 (ttk-mdr) | 
||   |
+---+-++--++---+ 

| proxy | RUNNING | 10.0.3.2 (eth0)| | 
PERSISTENT | 9 |
+---+-++--++---+ 




tompos@ttk-mdr:~$ lxc list --fast
+---+-+--++--++ 

| NAME  |  STATE  | ARCHITECTURE | CREATED AT | PROFILES |
TYPE|
+---+-+--++--++ 

| connect   | RUNNING | x86_64   || default  | 
PERSISTENT |
+---+-+--++--++ 

| connect-mysql | RUNNING | x86_64   || default  | 
PERSISTENT |
+---+-+--++--++ 

| proxy | RUNNING | x86_64   || default  | 
PERSISTENT |
+---+-+--++--++ 




Why are arch and create time "important" in case of fast and why not in 
case of pure list?



Thanks,
tamas
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Systemd support status

2016-03-19 Thread Fajar A. Nugraha 
On Wed, Mar 16, 2016 at 6:05 PM, Albert Shih  wrote:
> Hi all,
>
> I would like to know what is the status about lxc supporting inside the
> guest systemd.

It works if you have the prequisite. And since ubuntu is shipping
lxc/lxd with ubuntu 16.04 (which uses systemd), they should support it
as well.

Not sure what the OFFICIAL status of other distros as containers though.

>
> Last time I try (some mounth ago, with LXC 1.0.X) I was able to start many
> guest with classic start script (Debian & Ubuntu) but with systemd (CentOS
> 7) I got many trouble.

The prequisite includes lxc >= 1.1.x and lxcfs

>
> As I understand systemd going to be the standard, what would be the status
> of LXC ?

I assume you use debian jessie host, which is why you're stuck at
1.0.x? try backporting lxc from testing. Or use my unofficial
packages: http://debian-lxc.github.io/

-- 
Fajar
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] snapshot listing

2016-03-19 Thread Serge Hallyn 
Quoting Tamas Papp (tom...@martos.bme.hu):
> 
> 
> On 03/17/2016 12:09 AM, Serge Hallyn wrote:
> >Quoting Tamas Papp (tom...@martos.bme.hu):
> >>hi,
> >>
> >>I remember, that not very long time ago the 'lxc list' command also
> >>listed snapshots too.
> >>But now it doesn't. How can I do that now?
> >>
> >You can see the number of snapshots with
> >
> >lxc list -c nS
> >+--+---+
> >| NAME | SNAPSHOTS |
> >+--+---+
> >| x1   | 1 |
> >+--+---+
> >
> >then see the actual snapshots with
> >
> >lxc info x1
> >Name: x1
> >Architecture: x86_64
> >Created: 2016/03/14 22:16 UTC
> >Status: Stopped
> >Type: persistent
> >Profiles: default
> >Snapshots:
> >   x1/snap0 (taken at 2016/03/16 23:07 UTC) (stateless)
> >
> 
> ShhI should have though on that:)
> 
> 
> But:
> 
> Snapshots:
>   zas_2016-03-08 (taken at 2016/03/08 09:22 UTC) (stateless)
>   zas_2016-03-09 (taken at 2016/03/09 03:32 UTC) (stateless)
>   zas_2016-03-10 (taken at 2016/03/10 03:30 UTC) (stateless)
>   zas_2016-03-11 (taken at 2016/03/11 03:32 UTC) (stateless)
>   zas_2016-03-12 (taken at 2016/03/12 03:32 UTC) (stateless)
>   zas_2016-03-13 (taken at 2016/03/13 03:32 UTC) (stateless)
>   zas_2016-03-14 (taken at 2016/03/14 03:32 UTC) (stateless)
>   zas_2016-03-15 (taken at 2016/03/15 03:32 UTC) (stateless)
>   zas_2016-03-16 (taken at 2016/03/16 03:32 UTC) (stateless)
>   zas_2016-03-17 (taken at 2016/03/17 00:55 UTC) (stateful)
>   zas_2016-03-17a (taken at 2016/03/17 00:56 UTC) (stateful)
>   zas_2016-03-17b (taken at 2016/03/17 00:56 UTC) (stateful)
>   zas_2016-03-17c (taken at 2016/03/17 01:03 UTC) (stateful)
>   zas_2016-03-17d (taken at 2016/03/17 01:05 UTC) (stateful)
> 
> 
> 
> It's marked as stateful, but checkpoint was failing due to old criu version:
> 
> 
> $ lxc snapshot --stateful connect
> error: checkpoint failed
> 
> 
> It's a bug, right?

Sounds like a bug.
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] How to set LXD container locale?

2016-03-19 Thread zztest 

On 2016-03-19 10:16, Stéphane Graber wrote:

On Sat, Mar 19, 2016 at 03:33:11AM -0700, zzt...@openmailbox.org wrote:

None of the typical ways of setting locales seem to stick in my Ubuntu
container in an Ubuntu host (Ubuntu 15.10, LXD 2.0.0.rc4)

The host's locale shows this

LANG=en_US.UTF-8
LANGUAGE=
LC_CTYPE="en_US.UTF-8"
LC_NUMERIC="en_US.UTF-8"
LC_TIME="en_US.UTF-8"
LC_COLLATE="en_US.UTF-8"
LC_MONETARY="en_US.UTF-8"
LC_MESSAGES="en_US.UTF-8"
LC_PAPER="en_US.UTF-8"
LC_NAME="en_US.UTF-8"
LC_ADDRESS="en_US.UTF-8"
LC_TELEPHONE="en_US.UTF-8"
LC_MEASUREMENT="en_US.UTF-8"
LC_IDENTIFICATION="en_US.UTF-8"
LC_ALL=


but the container shows this


LANG=
LANGUAGE=
LC_CTYPE="POSIX"
LC_NUMERIC="POSIX"
LC_TIME="POSIX"
LC_COLLATE="POSIX"
LC_MONETARY="POSIX"
LC_MESSAGES="POSIX"
LC_PAPER="POSIX"
LC_NAME="POSIX"
LC_ADDRESS="POSIX"
LC_TELEPHONE="POSIX"
LC_MEASUREMENT="POSIX"
LC_IDENTIFICATION="POSIX"

/etc/default/locale contains the same value (LANG="en_US.UTF-8") in 
both the
container and the host, but I cannot get it to set in the container. 
How is

the locale set/changed in an LXD container?

Thanks.


Note that if you're using "lxc exec", LXD only executes the shell that
you asked for, it doesn't setup a PAM session for you, so you start 
with

an empty environment.

One way to solve that is to do a "su root" which will then send you
through the PAM stack (if your container has one) which will then 
source

any needed environment.

Another way if you don't want to go through PAM, is to set environment
variables directly on the container or one of its profiles, like:

lxc config set CONTAINER environment.LC_ALL=en_US.UTF-8

LXD will then set those environment variables for you every time you
exec a command inside the container.

___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users


Thanks Stéphane. "su " works. What's the difference between that 
and "lxc exec CONTAINER -- /bin/bash"?  And is there another way to 
enter the container without using "lxc exec" that will setup PAM (or at 
least do it automatically)?


___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Wildcard in lxd commands?

2016-03-19 Thread zztest 

On 2016-03-17 07:07, Mark Constable wrote:

On 17/03/16 23:01, Janne Savikko wrote:

You can not use filters to list running or stopped containers. Lxc
start or stop do not support filters, only container name (or names).
You though can always pipe commands if you want to stop dozens of
containers whose names begin with "web" (note! lxc list keyword
filter compares from the start of the name, so "lxc list eb" does not
work in this case):


   $ lxc list web|grep RUNNING|awk '{ print $2 }'|xargs lxc stop


It's still rather awkward to reliably script a start/stop of a single
container that happens to be called "web" when there might be web1,
web2 etc. An explicit non-filtered arg to lxc list with optional regex
would be more useful. Plus an option to have plain non-tablewriter
output for easier script parsing.

[[ `lxc list -cs web` = RUNNING ]]; echo $?

___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users


I agree. lxc list would be immensely useful if it could output just a 
list of names or other single attribute of containers that match 
particular criteria. That could then be fed to a command. Something easy 
to remember like:


lxc list -cn --name=web* --state=running | lxc stop {}

___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] How to setup a static IP in a container with LX[C|D] 2.0.0.*

2016-03-19 Thread Sean McNamara 
On Fri, Mar 18, 2016 at 12:09 PM, Sean McNamara  wrote:
> On Fri, Mar 18, 2016 at 11:43 AM, Stéphane Graber  wrote:
>> Our stance hasn't changed. LXD doesn't know nor care about layer-3
>> networking, all it does is setup your layer-2.
>>
>> Having LXD pre-initialize your network namespace confuses the heck out
>> of a bunch of distros which expect all network to be unconfigured by the
>> time they apply their own config (they don't clean things up so
>> duplicate entries lead to failure).
>
>
> Okay.
>
> As someone migrating from OpenVZ (and before that, VMware), one
> important use case I was expecting of LXD is that of multi-tenant
> boxes, where you need to give root access to a container to the
> "tenant", and expect them to adhere to a Terms of Service agreement,
> but need to have technical mitigations in place, so that even if they
> decide to violate the ToS (or innocently have their box hacked by a
> malicious third-party who decides to violate the ToS), access to other
> containers and the physical box (host OS) is very difficult to
> impossible (pending any undiscovered vulnerabilities or host-side
> misconfiguration).
>
> As part of that, I was expecting some way to tell LXD to restrict the
> IP addresses that can be claimed/used by a given container. For
> instance, if I have a public Internet IPv4 /26 allocated to a physical
> host by a hosting provider, I'll want to assign only one or two IP
> addresses to each container. Currently, I can have an LXD container
> just spuriously decide to use any arbitrary IP, and I haven't found a
> way to prevent it from doing that if an untrusted user has root access
> in the container. They can just run ifconfig and specify the IP
> address they want to use.
>
> How can I configure the host environment (LXD or something else on the
> host, assuming I'm running a very recent Ubuntu 16.04 Beta nightly) so


Just wanted to clarify that I am *not* using or intending to use a
pre-release of 16.04 in a production environment. I'm currently
satisfied with LXD 0.24 on Ubuntu Server 14.04.4 LTS. I'm not
currently in a situation where I have untrusted root users with access
to containers, but I am planning to open up that type of usage in the
future if LXD turns out to be able to support it. And of course that
would be using the final release of Ubuntu Server 16.04 LTS.

Thanks,

Sean


> that no packets can be transmitted to/from the guest unless the guest
> is using a specific IP or set of IPs? I also want to make sure that no
> broadcasting is occurring; i.e., the root user in the container should
> not be able to sniff layer 2 and see all the packets going to all the
> other containers.
>
> ...Or is LXD not suitable for this use case? If it isn't, will it ever be?
>
> Thanks,
>
> Sean
>
>
>
>>
>>
>> Nevertheless, we have recently allowed the following key through raw.lxc:
>>  - lxc.network.X.ipv4
>>  - lxc.network.X.ipv4.gateway
>>  - lxc.network.X.ipv6
>>  - lxc.network.X.ipv6.gateway
>>
>> Note that we require you set the interface index (X above) as mixing
>> those raw entris with the LXD generated config would otherwise randomly
>> cause an invalid config and container startup failure.
>>
>>
>> The recommended way to manage IPs with LXD is to do it exactly the same
>> way you would do it for your VMs or physical machines, so either
>> configure your DHCP server to give a static lease or configure the
>> container to use a static IP (you can use lxc file pull/push/edit to do
>> it on a stopped container).
>>
>> On Fri, Mar 18, 2016 at 10:18:33AM -0400, Sean McNamara wrote:
>>> First of all, there's no such thing as LX[C|D]. You're either using
>>> LXC or LXD. They're different enough in their configuration and
>>> operation that you can't ask an "either-or" question. Pick one
>>> solution and focus on that.
>>>
>>> I just wanted to chime in to say that I have this same question. I'm
>>> stuck using a pre-2.0 release of LXD because it allows me to use the
>>> "raw.lxc" config parameter to specify the IP settings for the guest.
>>> This configuration parameter was removed at some point prior to the
>>> 2.0 RC, so I ended up editing the source code of LXD to bring it back.
>>> I haven't found any equivalent configuration that works without using
>>> raw.lxc.
>>>
>>> raw.lxc: 
>>> "lxc.network.ipv4=1.2.3.4/32\nlxc.network.ipv4.gateway=5.6.7.8\nlxc.network.hwaddr=00:11:22:33:44:55\nlxc.network.flags=up
>>> \ \nlxc.network.mtu=1500\n"
>>>   volatile.eth0.hwaddr: 00:11:22:33:44:55
>>>   volatile.eth0.name: eth1
>>> devices:
>>>   eth0:
>>> hwaddr: 00:11:22:33:44:55
>>> nictype: bridged
>>> parent: br0
>>>
>>> On Ubuntu, you can then set up your bridge as follows in
>>> /etc/network/interfaces:
>>>
>>> auto br0
>>> iface br0 inet static
>>> address 1.2.3.4
>>> netmask 255.255.255.0
>>> broadcast 5.6.7.8
>>> gateway 9.10.11.12
>>> bridge_ports eth0
>>> bridge_stp

Re: [lxc-users] snapshot listing

2016-03-19 Thread Serge Hallyn 
Quoting Tamas Papp (tom...@martos.bme.hu):
> 
> 
> On 03/17/2016 04:02 AM, Serge Hallyn wrote:
> >Quoting Tamas Papp (tom...@martos.bme.hu):
> >>
> >>On 03/17/2016 12:09 AM, Serge Hallyn wrote:
> >>>Quoting Tamas Papp (tom...@martos.bme.hu):
> hi,
> 
> I remember, that not very long time ago the 'lxc list' command also
> listed snapshots too.
> But now it doesn't. How can I do that now?
> 
> >>>You can see the number of snapshots with
> >>>
> >>>lxc list -c nS
> >>>+--+---+
> >>>| NAME | SNAPSHOTS |
> >>>+--+---+
> >>>| x1   | 1 |
> >>>+--+---+
> >>>
> >>>then see the actual snapshots with
> >>>
> >>>lxc info x1
> >>>Name: x1
> >>>Architecture: x86_64
> >>>Created: 2016/03/14 22:16 UTC
> >>>Status: Stopped
> >>>Type: persistent
> >>>Profiles: default
> >>>Snapshots:
> >>>   x1/snap0 (taken at 2016/03/16 23:07 UTC) (stateless)
> >>>
> >>ShhI should have though on that:)
> >>
> >>
> >>But:
> >>
> >>Snapshots:
> >>   zas_2016-03-08 (taken at 2016/03/08 09:22 UTC) (stateless)
> >>   zas_2016-03-09 (taken at 2016/03/09 03:32 UTC) (stateless)
> >>   zas_2016-03-10 (taken at 2016/03/10 03:30 UTC) (stateless)
> >>   zas_2016-03-11 (taken at 2016/03/11 03:32 UTC) (stateless)
> >>   zas_2016-03-12 (taken at 2016/03/12 03:32 UTC) (stateless)
> >>   zas_2016-03-13 (taken at 2016/03/13 03:32 UTC) (stateless)
> >>   zas_2016-03-14 (taken at 2016/03/14 03:32 UTC) (stateless)
> >>   zas_2016-03-15 (taken at 2016/03/15 03:32 UTC) (stateless)
> >>   zas_2016-03-16 (taken at 2016/03/16 03:32 UTC) (stateless)
> >>   zas_2016-03-17 (taken at 2016/03/17 00:55 UTC) (stateful)
> >>   zas_2016-03-17a (taken at 2016/03/17 00:56 UTC) (stateful)
> >>   zas_2016-03-17b (taken at 2016/03/17 00:56 UTC) (stateful)
> >>   zas_2016-03-17c (taken at 2016/03/17 01:03 UTC) (stateful)
> >>   zas_2016-03-17d (taken at 2016/03/17 01:05 UTC) (stateful)
> >>
> >>
> >>
> >>It's marked as stateful, but checkpoint was failing due to old criu version:
> >>
> >>
> >>$ lxc snapshot --stateful connect
> >>error: checkpoint failed
> >>
> >>
> >>It's a bug, right?
> >Sounds like a bug.
> >
> 
> https://github.com/lxc/lxd/issues/1768
> 
> 
> I have a slightly related question.
> Do you plan to have a more computer friendly list of snapshots?
> It would be great to see them listed as containers, like defining,
> what detail(s) I want to see and list only snapshots, greppable etc.

It's not planned.  Can you open an issue requesting it?  Seems like
something which must be scriptable and the only way I can think of
right now is to use the rest api to get the list of snapshot urls.
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] snapshot listing

2016-03-19 Thread Serge Hallyn 
Quoting Tamas Papp (tom...@martos.bme.hu):
> hi,
> 
> I remember, that not very long time ago the 'lxc list' command also
> listed snapshots too.
> But now it doesn't. How can I do that now?
> 

You can see the number of snapshots with

lxc list -c nS
+--+---+
| NAME | SNAPSHOTS |
+--+---+
| x1   | 1 |
+--+---+

then see the actual snapshots with

lxc info x1
Name: x1
Architecture: x86_64
Created: 2016/03/14 22:16 UTC
Status: Stopped
Type: persistent
Profiles: default
Snapshots:
  x1/snap0 (taken at 2016/03/16 23:07 UTC) (stateless)

___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] Limit file descriptors

2016-03-19 Thread Alan Hoffmeister 
Hello folks,

I'm having some troubles where one container can drain the amount of file
descriptors available in the host system. Does somebody knows how to limit
file descriptors per container?

I'm running lxd v2.0.0.rc3 and lxc v2.0.0.rc10

Cheers

--
Alan Hoffmeister
https://twitter.com/alan_hoff
https://github.com/alanhoff
https://keybase.io/alanhoff
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] ppa issues

2016-03-19 Thread Stéphane Graber 
On Sat, Mar 19, 2016 at 11:28:41AM -0700, Mike Wright wrote:
> Hi all,
> 
> First: thanks for all your efforts with LXC, etc. I've got to say that LXC
> makes accessible virtual machines more easily than any other approaches I've
> tried (except maybe renting one in "The Cloud" ;D )
> 
> Current running lxc-1.1.5 on wily and want to explore 2.x.  I'm having
> problems with the ppa.
> 
> 'apt-add-repository "http://ppa.launchpad.net/ubuntu-lxc/lxc-stable/ubuntu
> wily main"' installed without complaint.
> 
> 'apt-get update' failed with the following error:
> 
> "Err http://ppa.launchpad.net wily/main amd64 Packages
>404  Not Found"
> 
> Further errors included GPG with "public key is not available".
> 
> Any helpers out there today?
> 
> Thanks,
> Mike Wright

You should be using: apt-add-repository ppa:ubuntu-lxc/stable

Which will do the setup properly using https and including installing
the needed gpg key.

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com


signature.asc
Description: PGP signature
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] ppa issues

2016-03-19 Thread Mike Wright 

Hi all,

First: thanks for all your efforts with LXC, etc. I've got to say that 
LXC makes accessible virtual machines more easily than any other 
approaches I've tried (except maybe renting one in "The Cloud" ;D )


Current running lxc-1.1.5 on wily and want to explore 2.x.  I'm having 
problems with the ppa.


'apt-add-repository 
"http://ppa.launchpad.net/ubuntu-lxc/lxc-stable/ubuntu wily main"' 
installed without complaint.


'apt-get update' failed with the following error:

"Err http://ppa.launchpad.net wily/main amd64 Packages
   404  Not Found"

Further errors included GPG with "public key is not available".

Any helpers out there today?

Thanks,
Mike Wright
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Wildcard in lxd commands?

2016-03-19 Thread Serge Hallyn 
Quoting zzt...@openmailbox.org (zzt...@openmailbox.org):
> Will wildcards be supported in lxd commands? For example, I'd like
> to do this:
> 
>   $ lxc info host:*
> 
> or
> 
>   $ lxc info host:web*
> 
> and get info on all containers/containers starting with "web" on host.
> 
> Is there a quick/easy way to do something similar now?

See 'lxc help list'.  Filters should get you what you want.
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] snapshot listing

2016-03-19 Thread Tamas Papp 



On 03/17/2016 04:02 AM, Serge Hallyn wrote:

Quoting Tamas Papp (tom...@martos.bme.hu):


On 03/17/2016 12:09 AM, Serge Hallyn wrote:

Quoting Tamas Papp (tom...@martos.bme.hu):

hi,

I remember, that not very long time ago the 'lxc list' command also
listed snapshots too.
But now it doesn't. How can I do that now?


You can see the number of snapshots with

lxc list -c nS
+--+---+
| NAME | SNAPSHOTS |
+--+---+
| x1   | 1 |
+--+---+

then see the actual snapshots with

lxc info x1
Name: x1
Architecture: x86_64
Created: 2016/03/14 22:16 UTC
Status: Stopped
Type: persistent
Profiles: default
Snapshots:
   x1/snap0 (taken at 2016/03/16 23:07 UTC) (stateless)


ShhI should have though on that:)


But:

Snapshots:
   zas_2016-03-08 (taken at 2016/03/08 09:22 UTC) (stateless)
   zas_2016-03-09 (taken at 2016/03/09 03:32 UTC) (stateless)
   zas_2016-03-10 (taken at 2016/03/10 03:30 UTC) (stateless)
   zas_2016-03-11 (taken at 2016/03/11 03:32 UTC) (stateless)
   zas_2016-03-12 (taken at 2016/03/12 03:32 UTC) (stateless)
   zas_2016-03-13 (taken at 2016/03/13 03:32 UTC) (stateless)
   zas_2016-03-14 (taken at 2016/03/14 03:32 UTC) (stateless)
   zas_2016-03-15 (taken at 2016/03/15 03:32 UTC) (stateless)
   zas_2016-03-16 (taken at 2016/03/16 03:32 UTC) (stateless)
   zas_2016-03-17 (taken at 2016/03/17 00:55 UTC) (stateful)
   zas_2016-03-17a (taken at 2016/03/17 00:56 UTC) (stateful)
   zas_2016-03-17b (taken at 2016/03/17 00:56 UTC) (stateful)
   zas_2016-03-17c (taken at 2016/03/17 01:03 UTC) (stateful)
   zas_2016-03-17d (taken at 2016/03/17 01:05 UTC) (stateful)



It's marked as stateful, but checkpoint was failing due to old criu version:


$ lxc snapshot --stateful connect
error: checkpoint failed


It's a bug, right?

Sounds like a bug.



https://github.com/lxc/lxd/issues/1768


I have a slightly related question.
Do you plan to have a more computer friendly list of snapshots?
It would be great to see them listed as containers, like defining, what 
detail(s) I want to see and list only snapshots, greppable etc.



10x
tamas


___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Limit file descriptors

2016-03-19 Thread Guido Jäkel 
Dear Alan,

adjust the limits per Container in  /etc/security/limits.conf  , e.g. add 
something like


*   hardnofile  8192
*   softnofile  8000
*   hardnproc   1024
*   softnproc   1000

and maybe adjust the values at the host, too.


Greetings

Guido


On 17.03.2016 00:40, Alan Hoffmeister wrote:
> Hello folks,
> 
> I'm having some troubles where one container can drain the amount of file
> descriptors available in the host system. Does somebody knows how to limit
> file descriptors per container?
> 
> I'm running lxd v2.0.0.rc3 and lxc v2.0.0.rc10
> 
> Cheers
> 
> --
> Alan Hoffmeister
> https://twitter.com/alan_hoff
> https://github.com/alanhoff
> https://keybase.io/alanhoff




___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] How to setup a static IP in a container with LX[C|D] 2.0.0.*

2016-03-19 Thread Stéphane Graber 
Our stance hasn't changed. LXD doesn't know nor care about layer-3
networking, all it does is setup your layer-2.

Having LXD pre-initialize your network namespace confuses the heck out
of a bunch of distros which expect all network to be unconfigured by the
time they apply their own config (they don't clean things up so
duplicate entries lead to failure).


Nevertheless, we have recently allowed the following key through raw.lxc:
 - lxc.network.X.ipv4
 - lxc.network.X.ipv4.gateway
 - lxc.network.X.ipv6
 - lxc.network.X.ipv6.gateway

Note that we require you set the interface index (X above) as mixing
those raw entris with the LXD generated config would otherwise randomly
cause an invalid config and container startup failure.


The recommended way to manage IPs with LXD is to do it exactly the same
way you would do it for your VMs or physical machines, so either
configure your DHCP server to give a static lease or configure the
container to use a static IP (you can use lxc file pull/push/edit to do
it on a stopped container).

On Fri, Mar 18, 2016 at 10:18:33AM -0400, Sean McNamara wrote:
> First of all, there's no such thing as LX[C|D]. You're either using
> LXC or LXD. They're different enough in their configuration and
> operation that you can't ask an "either-or" question. Pick one
> solution and focus on that.
> 
> I just wanted to chime in to say that I have this same question. I'm
> stuck using a pre-2.0 release of LXD because it allows me to use the
> "raw.lxc" config parameter to specify the IP settings for the guest.
> This configuration parameter was removed at some point prior to the
> 2.0 RC, so I ended up editing the source code of LXD to bring it back.
> I haven't found any equivalent configuration that works without using
> raw.lxc.
> 
> raw.lxc: 
> "lxc.network.ipv4=1.2.3.4/32\nlxc.network.ipv4.gateway=5.6.7.8\nlxc.network.hwaddr=00:11:22:33:44:55\nlxc.network.flags=up
> \ \nlxc.network.mtu=1500\n"
>   volatile.eth0.hwaddr: 00:11:22:33:44:55
>   volatile.eth0.name: eth1
> devices:
>   eth0:
> hwaddr: 00:11:22:33:44:55
> nictype: bridged
> parent: br0
> 
> On Ubuntu, you can then set up your bridge as follows in
> /etc/network/interfaces:
> 
> auto br0
> iface br0 inet static
> address 1.2.3.4
> netmask 255.255.255.0
> broadcast 5.6.7.8
> gateway 9.10.11.12
> bridge_ports eth0
> bridge_stp off
> 
> 
> This is fine with LXD 0.24 that was built about a month before the 2.0
> release candidates started hitting (and with edited source code to
> un-block the raw.lxc param) but I'm afraid to upgrade to LXD 2.0
> because I don't know the way forward.
> 
> It seems like support for certain basic network topologies are still
> being worked out with LXD. It should be easy, well-documented and
> flexible a la OpenVZ, but it's really not, as far as I have seen. The
> best way to make any progress that I've found thus far is to start
> learning Google Go and reading the source code.
> 
> Thanks,
> 
> Sean
> 
> 
> 
> On Fri, Mar 18, 2016 at 9:10 AM, Hans Deragon  wrote:
> > Greetings,
> >
> > Ok, this is ridiculous and I apologize for asking help for such a simple
> > task, but I fail to find the answers by myself.  I fail to find proper
> > documentation to setup bridge networking and static IP.  Newbie here btw and
> > setup details at the end of this email.
> >
> > I got the container running and with DHCP configured, it has its own IP
> > which the host can address with.
> >
> > Obviously, I attempted to setup the static IP many times following
> > instructions found on many web pages, to no vail.  For example, I followed
> > instructions from https://wiki.debian.org/LXC/SimpleBridge.  But turns out
> > that I am probably running a different version of LXC and that this page is
> > now obsolete.
> >
> > I went so far to run 'strace lxc restart server2' to realize that
> > /var/lib/lxc/server2/config is not read (server2 is the container).  This
> > seams to be confirmed by the post at
> > http://ubuntuforums.org/showthread.php?t=2275372.
> >
> > I found 'man lxc.container.conf'.  Seams promising.  However, I fail to find
> > within the manual the path where this file should be saved!  If you write
> > documentation, please always provide the path where configuration files are
> > supposed to be stored.
> >
> > I created a profile named 'bridged' using commands, but I have not found any
> > option/instruction on how to apply that profile on my existing image.  'lxc
> > start server2' does not provide any option to start the container with a
> > particular profile.  BTW, where are profile configuration files stored?
> >
> > I need clear step by step instructions, with full paths on how to set things
> > up and I fail to find any on the web.  Anybody has a useful link to suggest?
> >
> > I have a KVM image running (server1) and it works flawlessly with a static
> > IP on my bridge.  And it wasn't hard to find instructions

Re: [lxc-users] How to set LXD container locale?

2016-03-19 Thread Stéphane Graber 
On Sat, Mar 19, 2016 at 03:33:11AM -0700, zzt...@openmailbox.org wrote:
> None of the typical ways of setting locales seem to stick in my Ubuntu
> container in an Ubuntu host (Ubuntu 15.10, LXD 2.0.0.rc4)
> 
> The host's locale shows this
> 
> LANG=en_US.UTF-8
> LANGUAGE=
> LC_CTYPE="en_US.UTF-8"
> LC_NUMERIC="en_US.UTF-8"
> LC_TIME="en_US.UTF-8"
> LC_COLLATE="en_US.UTF-8"
> LC_MONETARY="en_US.UTF-8"
> LC_MESSAGES="en_US.UTF-8"
> LC_PAPER="en_US.UTF-8"
> LC_NAME="en_US.UTF-8"
> LC_ADDRESS="en_US.UTF-8"
> LC_TELEPHONE="en_US.UTF-8"
> LC_MEASUREMENT="en_US.UTF-8"
> LC_IDENTIFICATION="en_US.UTF-8"
> LC_ALL=
> 
> 
> but the container shows this
> 
> 
> LANG=
> LANGUAGE=
> LC_CTYPE="POSIX"
> LC_NUMERIC="POSIX"
> LC_TIME="POSIX"
> LC_COLLATE="POSIX"
> LC_MONETARY="POSIX"
> LC_MESSAGES="POSIX"
> LC_PAPER="POSIX"
> LC_NAME="POSIX"
> LC_ADDRESS="POSIX"
> LC_TELEPHONE="POSIX"
> LC_MEASUREMENT="POSIX"
> LC_IDENTIFICATION="POSIX"
> 
> /etc/default/locale contains the same value (LANG="en_US.UTF-8") in both the
> container and the host, but I cannot get it to set in the container. How is
> the locale set/changed in an LXD container?
> 
> Thanks.

Note that if you're using "lxc exec", LXD only executes the shell that
you asked for, it doesn't setup a PAM session for you, so you start with
an empty environment.

One way to solve that is to do a "su root" which will then send you
through the PAM stack (if your container has one) which will then source
any needed environment.

Another way if you don't want to go through PAM, is to set environment
variables directly on the container or one of its profiles, like:

lxc config set CONTAINER environment.LC_ALL=en_US.UTF-8

LXD will then set those environment variables for you every time you
exec a command inside the container.

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com


signature.asc
Description: PGP signature
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Is there anything in LXC that would prevent DHCPv6 from working?

2016-03-19 Thread Wolfgang Bumiller 
> On March 18, 2016 at 1:19 PM John Lewis  wrote:
> 
> 
> I am use wide-dhcpv6-server and wide-dhcpv6-client in two diffrent LXCs
> with an iproute2 created bridge and lxc created tun/tap devices and I am
> using 3.16.0-4-amd64 #1 SMP and my kernel. I don't have any firewall
> that would block ipv6 request and responses that would occur on port 546
> and 547, but I don't see any packets out of the interface on the client
> that are the packets that I am looking for when I tcpdump it. It is
> probably an application issue, but I just want to double check.

There shouldn't be anything lxc-specific here as far as I know.
Are you saying you have no firewall at all which could block anything,
or just that you think it should allow everything? You might still
be blocking neighbor discovery packets (which come from a MAC-derived
link-local ip address, so you also need to make sure you don't block
these by address either.)

(Oh also, just in case you're using an alpine linux containers, busybox'
dhcpv6 client is still not finished / broken (uses wrong addresses), so
that won't work.)

___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] snapshot listing

2016-03-19 Thread Tamas Papp 



On 03/17/2016 12:09 AM, Serge Hallyn wrote:

Quoting Tamas Papp (tom...@martos.bme.hu):

hi,

I remember, that not very long time ago the 'lxc list' command also
listed snapshots too.
But now it doesn't. How can I do that now?


You can see the number of snapshots with

lxc list -c nS
+--+---+
| NAME | SNAPSHOTS |
+--+---+
| x1   | 1 |
+--+---+

then see the actual snapshots with

lxc info x1
Name: x1
Architecture: x86_64
Created: 2016/03/14 22:16 UTC
Status: Stopped
Type: persistent
Profiles: default
Snapshots:
   x1/snap0 (taken at 2016/03/16 23:07 UTC) (stateless)



ShhI should have though on that:)


But:

Snapshots:
  zas_2016-03-08 (taken at 2016/03/08 09:22 UTC) (stateless)
  zas_2016-03-09 (taken at 2016/03/09 03:32 UTC) (stateless)
  zas_2016-03-10 (taken at 2016/03/10 03:30 UTC) (stateless)
  zas_2016-03-11 (taken at 2016/03/11 03:32 UTC) (stateless)
  zas_2016-03-12 (taken at 2016/03/12 03:32 UTC) (stateless)
  zas_2016-03-13 (taken at 2016/03/13 03:32 UTC) (stateless)
  zas_2016-03-14 (taken at 2016/03/14 03:32 UTC) (stateless)
  zas_2016-03-15 (taken at 2016/03/15 03:32 UTC) (stateless)
  zas_2016-03-16 (taken at 2016/03/16 03:32 UTC) (stateless)
  zas_2016-03-17 (taken at 2016/03/17 00:55 UTC) (stateful)
  zas_2016-03-17a (taken at 2016/03/17 00:56 UTC) (stateful)
  zas_2016-03-17b (taken at 2016/03/17 00:56 UTC) (stateful)
  zas_2016-03-17c (taken at 2016/03/17 01:03 UTC) (stateful)
  zas_2016-03-17d (taken at 2016/03/17 01:05 UTC) (stateful)



It's marked as stateful, but checkpoint was failing due to old criu version:


$ lxc snapshot --stateful connect
error: checkpoint failed


It's a bug, right?


thanks,
tamas
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] How to set LXD container locale?

2016-03-19 Thread Claudio Kuenzler 
Have you tried this way:

echo "en_US.UTF-8 UTF-8" > /etc/locale.gen

locale-gen

It's the method we're using the set the locale in LXC containers.

On Sat, Mar 19, 2016 at 11:33 AM,  wrote:

> None of the typical ways of setting locales seem to stick in my Ubuntu
> container in an Ubuntu host (Ubuntu 15.10, LXD 2.0.0.rc4)
>
> The host's locale shows this
>
> LANG=en_US.UTF-8
> LANGUAGE=
> LC_CTYPE="en_US.UTF-8"
> LC_NUMERIC="en_US.UTF-8"
> LC_TIME="en_US.UTF-8"
> LC_COLLATE="en_US.UTF-8"
> LC_MONETARY="en_US.UTF-8"
> LC_MESSAGES="en_US.UTF-8"
> LC_PAPER="en_US.UTF-8"
> LC_NAME="en_US.UTF-8"
> LC_ADDRESS="en_US.UTF-8"
> LC_TELEPHONE="en_US.UTF-8"
> LC_MEASUREMENT="en_US.UTF-8"
> LC_IDENTIFICATION="en_US.UTF-8"
> LC_ALL=
>
>
> but the container shows this
>
>
> LANG=
> LANGUAGE=
> LC_CTYPE="POSIX"
> LC_NUMERIC="POSIX"
> LC_TIME="POSIX"
> LC_COLLATE="POSIX"
> LC_MONETARY="POSIX"
> LC_MESSAGES="POSIX"
> LC_PAPER="POSIX"
> LC_NAME="POSIX"
> LC_ADDRESS="POSIX"
> LC_TELEPHONE="POSIX"
> LC_MEASUREMENT="POSIX"
> LC_IDENTIFICATION="POSIX"
>
> /etc/default/locale contains the same value (LANG="en_US.UTF-8") in both
> the container and the host, but I cannot get it to set in the container.
> How is the locale set/changed in an LXD container?
>
> Thanks.
>
>
> ___
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] lxc list --fast

2016-03-19 Thread Tamas Papp 



On 03/16/2016 09:48 PM, Stéphane Graber wrote:

On Wed, Mar 16, 2016 at 09:37:11PM +0100, Tamas Papp wrote:

hi,

tompos@ttk-mdr:~$ lxc list
+---+-++--++---+

| NAME  |  STATE  |  IPV4  | IPV6 |TYPE
| SNAPSHOTS |
+---+-++--++---+

| connect   | RUNNING | 10.0.3.3 (eth0)| | PERSISTENT |
9 |
+---+-++--++---+

| connect-mysql | RUNNING | 10.0.3.4 (eth0)| | PERSISTENT |
9 |
|   | | 172.29.251.1 (ttk-mdr) | ||
|
+---+-++--++---+

| proxy | RUNNING | 10.0.3.2 (eth0)| | PERSISTENT |
9 |
+---+-++--++---+



tompos@ttk-mdr:~$ lxc list --fast
+---+-+--++--++

| NAME  |  STATE  | ARCHITECTURE | CREATED AT | PROFILES |TYPE
|
+---+-+--++--++

| connect   | RUNNING | x86_64   || default  |
PERSISTENT |
+---+-+--++--++

| connect-mysql | RUNNING | x86_64   || default  |
PERSISTENT |
+---+-+--++--++

| proxy | RUNNING | x86_64   || default  |
PERSISTENT |
+---+-+--++--++



Why are arch and create time "important" in case of fast and why not in case
of pure list?


Thanks,
tamas

We wanted an quivalent horizontal space usage in both modes, so added a
few more columns to --fast after removing the columns that were causing
the slowness.

If you want something else, you can just specify the list of column you
want to see.


For me --fast would mean not just technical aspects and faster output 
display but also better (faster) readability for humans.

Though it's just a note:)

10x
tamas
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] How to setup a static IP in a container with LX[C|D] 2.0.0.*

2016-03-19 Thread Sean McNamara 
First of all, there's no such thing as LX[C|D]. You're either using
LXC or LXD. They're different enough in their configuration and
operation that you can't ask an "either-or" question. Pick one
solution and focus on that.

I just wanted to chime in to say that I have this same question. I'm
stuck using a pre-2.0 release of LXD because it allows me to use the
"raw.lxc" config parameter to specify the IP settings for the guest.
This configuration parameter was removed at some point prior to the
2.0 RC, so I ended up editing the source code of LXD to bring it back.
I haven't found any equivalent configuration that works without using
raw.lxc.

raw.lxc: 
"lxc.network.ipv4=1.2.3.4/32\nlxc.network.ipv4.gateway=5.6.7.8\nlxc.network.hwaddr=00:11:22:33:44:55\nlxc.network.flags=up
\ \nlxc.network.mtu=1500\n"
  volatile.eth0.hwaddr: 00:11:22:33:44:55
  volatile.eth0.name: eth1
devices:
  eth0:
hwaddr: 00:11:22:33:44:55
nictype: bridged
parent: br0

On Ubuntu, you can then set up your bridge as follows in
/etc/network/interfaces:

auto br0
iface br0 inet static
address 1.2.3.4
netmask 255.255.255.0
broadcast 5.6.7.8
gateway 9.10.11.12
bridge_ports eth0
bridge_stp off


This is fine with LXD 0.24 that was built about a month before the 2.0
release candidates started hitting (and with edited source code to
un-block the raw.lxc param) but I'm afraid to upgrade to LXD 2.0
because I don't know the way forward.

It seems like support for certain basic network topologies are still
being worked out with LXD. It should be easy, well-documented and
flexible a la OpenVZ, but it's really not, as far as I have seen. The
best way to make any progress that I've found thus far is to start
learning Google Go and reading the source code.

Thanks,

Sean



On Fri, Mar 18, 2016 at 9:10 AM, Hans Deragon  wrote:
> Greetings,
>
> Ok, this is ridiculous and I apologize for asking help for such a simple
> task, but I fail to find the answers by myself.  I fail to find proper
> documentation to setup bridge networking and static IP.  Newbie here btw and
> setup details at the end of this email.
>
> I got the container running and with DHCP configured, it has its own IP
> which the host can address with.
>
> Obviously, I attempted to setup the static IP many times following
> instructions found on many web pages, to no vail.  For example, I followed
> instructions from https://wiki.debian.org/LXC/SimpleBridge.  But turns out
> that I am probably running a different version of LXC and that this page is
> now obsolete.
>
> I went so far to run 'strace lxc restart server2' to realize that
> /var/lib/lxc/server2/config is not read (server2 is the container).  This
> seams to be confirmed by the post at
> http://ubuntuforums.org/showthread.php?t=2275372.
>
> I found 'man lxc.container.conf'.  Seams promising.  However, I fail to find
> within the manual the path where this file should be saved!  If you write
> documentation, please always provide the path where configuration files are
> supposed to be stored.
>
> I created a profile named 'bridged' using commands, but I have not found any
> option/instruction on how to apply that profile on my existing image.  'lxc
> start server2' does not provide any option to start the container with a
> particular profile.  BTW, where are profile configuration files stored?
>
> I need clear step by step instructions, with full paths on how to set things
> up and I fail to find any on the web.  Anybody has a useful link to suggest?
>
> I have a KVM image running (server1) and it works flawlessly with a static
> IP on my bridge.  And it wasn't hard to find instructions on how to set it
> up.  But LXD/LXc is another story.
>
> The setup:
>
> Host:   Ubuntu 14.04 LTS.
> Container:  Ubuntu 14.04 LTS.
> LXD:2.0.0~rc3-0ubuntu4~ubuntu14.04.1~ppa1
> LXC:2.0.0~rc10-0ubuntu2~ubuntu14.04.1~ppa1
>
> Best regards and thanks in advance,
> Hans Deragon
> ___
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] How to set LXD container locale?

2016-03-19 Thread zztest 
None of the typical ways of setting locales seem to stick in my Ubuntu 
container in an Ubuntu host (Ubuntu 15.10, LXD 2.0.0.rc4)


The host's locale shows this

LANG=en_US.UTF-8
LANGUAGE=
LC_CTYPE="en_US.UTF-8"
LC_NUMERIC="en_US.UTF-8"
LC_TIME="en_US.UTF-8"
LC_COLLATE="en_US.UTF-8"
LC_MONETARY="en_US.UTF-8"
LC_MESSAGES="en_US.UTF-8"
LC_PAPER="en_US.UTF-8"
LC_NAME="en_US.UTF-8"
LC_ADDRESS="en_US.UTF-8"
LC_TELEPHONE="en_US.UTF-8"
LC_MEASUREMENT="en_US.UTF-8"
LC_IDENTIFICATION="en_US.UTF-8"
LC_ALL=


but the container shows this


LANG=
LANGUAGE=
LC_CTYPE="POSIX"
LC_NUMERIC="POSIX"
LC_TIME="POSIX"
LC_COLLATE="POSIX"
LC_MONETARY="POSIX"
LC_MESSAGES="POSIX"
LC_PAPER="POSIX"
LC_NAME="POSIX"
LC_ADDRESS="POSIX"
LC_TELEPHONE="POSIX"
LC_MEASUREMENT="POSIX"
LC_IDENTIFICATION="POSIX"

/etc/default/locale contains the same value (LANG="en_US.UTF-8") in both 
the container and the host, but I cannot get it to set in the container. 
How is the locale set/changed in an LXD container?


Thanks.


___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Wildcard in lxd commands?

2016-03-19 Thread Mark Constable 

On 17/03/16 23:01, Janne Savikko wrote:

You can not use filters to list running or stopped containers. Lxc
start or stop do not support filters, only container name (or names).
You though can always pipe commands if you want to stop dozens of
containers whose names begin with "web" (note! lxc list keyword
filter compares from the start of the name, so "lxc list eb" does not
work in this case):


   $ lxc list web|grep RUNNING|awk '{ print $2 }'|xargs lxc stop


It's still rather awkward to reliably script a start/stop of a single
container that happens to be called "web" when there might be web1,
web2 etc. An explicit non-filtered arg to lxc list with optional regex
would be more useful. Plus an option to have plain non-tablewriter
output for easier script parsing.

[[ `lxc list -cs web` = RUNNING ]]; echo $?

___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] How to setup a static IP in a container with LX[C|D] 2.0.0.*

2016-03-19 Thread Hans Deragon 

Greetings,

Ok, this is ridiculous and I apologize for asking help for such a simple 
task, but I fail to find the answers by myself.  I fail to find proper 
documentation to setup bridge networking and static IP.  Newbie here btw 
and setup details at the end of this email.


I got the container running and with DHCP configured, it has its own IP 
which the host can address with.


Obviously, I attempted to setup the static IP many times following 
instructions found on many web pages, to no vail.  For example, I 
followed instructions from https://wiki.debian.org/LXC/SimpleBridge.  
But turns out that I am probably running a different version of LXC and 
that this page is now obsolete.


I went so far to run 'strace lxc restart server2' to realize that
/var/lib/lxc/server2/config is not read (server2 is the container).  
This seams to be confirmed by the post at 
http://ubuntuforums.org/showthread.php?t=2275372.


I found 'man lxc.container.conf'.  Seams promising.  However, I fail to 
find within the manual the path where this file should be saved!  If you 
write documentation, please always provide the path where configuration 
files are supposed to be stored.


I created a profile named 'bridged' using commands, but I have not found 
any option/instruction on how to apply that profile on my existing 
image.  'lxc start server2' does not provide any option to start the 
container with a particular profile.  BTW, where are profile 
configuration files stored?


I need clear step by step instructions, with full paths on how to set 
things up and I fail to find any on the web.  Anybody has a useful link 
to suggest?


I have a KVM image running (server1) and it works flawlessly with a 
static IP on my bridge.  And it wasn't hard to find instructions on how 
to set it up.  But LXD/LXc is another story.


The setup:

Host:   Ubuntu 14.04 LTS.
Container:  Ubuntu 14.04 LTS.
LXD:2.0.0~rc3-0ubuntu4~ubuntu14.04.1~ppa1
LXC:2.0.0~rc10-0ubuntu2~ubuntu14.04.1~ppa1

Best regards and thanks in advance,
Hans Deragon
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] LXD Newb questions

2016-03-19 Thread Tycho Andersen 
On Wed, Mar 16, 2016 at 02:06:17AM +, Will Dennis wrote:
>
> root@xenial-02:~# lxc list all
> +---+--+-+---+--++---+
> |   HOST|   NAME   |  STATE  |   IPV4| IPV6 |TYPE| 
> SNAPSHOTS |
> +---+--+-+---+--++---+
> | xenial-01 | u1404-03 | RUNNING | 10.0.3.134 (eth0) |  | PERSISTENT | 0  
>|
> +---+--+-+---+--++---+
> | xenial-02 | u1404-01 | RUNNING | 10.0.3.221 (eth0) |  | PERSISTENT | 0  
>|
> +---+--+-+---+--++---+
> | xenial-02 | u1404-02 | RUNNING | 10.0.3.75 (eth0)  |  | PERSISTENT | 0  
>|
> +---+--+-+---+--++---+
> 
> So do you have to query the hosts one by one, or is there something to give 
> you a holistic view of all your container hosts and containers on them?

No, you need to query the hosts one by one.

Tycho
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] Can't start container after lxd/lxc/lxcfs upgrade

2016-03-19 Thread B G 
lxc => 2.0.0rc4
lxd => 2.0.0rc4
lxcfs => 2.0.0rc6

After the latest upgrade to lxc/lxd tools existing and new containers fail
to start, failing on the following stage from the container log:

lxc 20160318161829.810 INFO lxc_conf - conf.c:run_script_argv:367 -
Executing script '/usr/share/lxcfs/lxc.mount.hook' for container
'testcontainer-20160311-0918', config section 'lxc'
lxc 20160318161829.856 ERRORlxc_conf - conf.c:run_buffer:347 - Script
exited with status 1
lxc 20160318161829.856 ERRORlxc_conf - conf.c:lxc_setup:3750 - failed
to run mount hooks for container 'testcontainer-20160311-0918'.

There don't appear to be any logs or debug output from the lxc.mount.hook
script that I can see that will help further.

LXC, LXD and LXCFS services are reported running by systemd.

Any help greatly appreciated!
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] lxc list --fast

2016-03-19 Thread Stéphane Graber 
On Wed, Mar 16, 2016 at 09:37:11PM +0100, Tamas Papp wrote:
> hi,
> 
> tompos@ttk-mdr:~$ lxc list
> +---+-++--++---+
> 
> | NAME  |  STATE  |  IPV4  | IPV6 |TYPE
> | SNAPSHOTS |
> +---+-++--++---+
> 
> | connect   | RUNNING | 10.0.3.3 (eth0)| | PERSISTENT |
> 9 |
> +---+-++--++---+
> 
> | connect-mysql | RUNNING | 10.0.3.4 (eth0)| | PERSISTENT |
> 9 |
> |   | | 172.29.251.1 (ttk-mdr) | ||
> |
> +---+-++--++---+
> 
> | proxy | RUNNING | 10.0.3.2 (eth0)| | PERSISTENT |
> 9 |
> +---+-++--++---+
> 
> 
> 
> tompos@ttk-mdr:~$ lxc list --fast
> +---+-+--++--++
> 
> | NAME  |  STATE  | ARCHITECTURE | CREATED AT | PROFILES |TYPE
> |
> +---+-+--++--++
> 
> | connect   | RUNNING | x86_64   || default  |
> PERSISTENT |
> +---+-+--++--++
> 
> | connect-mysql | RUNNING | x86_64   || default  |
> PERSISTENT |
> +---+-+--++--++
> 
> | proxy | RUNNING | x86_64   || default  |
> PERSISTENT |
> +---+-+--++--++
> 
> 
> 
> Why are arch and create time "important" in case of fast and why not in case
> of pure list?
> 
> 
> Thanks,
> tamas

We wanted an quivalent horizontal space usage in both modes, so added a
few more columns to --fast after removing the columns that were causing
the slowness.

If you want something else, you can just specify the list of column you
want to see.


-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com


signature.asc
Description: PGP signature
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Can't start container after lxd/lxc/lxcfs upgrade

2016-03-19 Thread Stéphane Graber 
On Sat, Mar 19, 2016 at 05:47:19AM +0700, Fajar A. Nugraha wrote:
> On Sat, Mar 19, 2016 at 1:12 AM, B G  wrote:
> > lxc => 2.0.0rc4
> > lxd => 2.0.0rc4
> > lxcfs => 2.0.0rc6
> >
> > After the latest upgrade to lxc/lxd tools existing and new containers fail
> > to start, failing on the following stage from the container log:
> >
> > lxc 20160318161829.810 INFO lxc_conf - conf.c:run_script_argv:367 -
> > Executing script '/usr/share/lxcfs/lxc.mount.hook' for container
> > 'testcontainer-20160311-0918', config section 'lxc'
> > lxc 20160318161829.856 ERRORlxc_conf - conf.c:run_buffer:347 - Script
> > exited with status 1
> > lxc 20160318161829.856 ERRORlxc_conf - conf.c:lxc_setup:3750 - failed to
> > run mount hooks for container 'testcontainer-20160311-0918'.
> >
> > There don't appear to be any logs or debug output from the lxc.mount.hook
> > script that I can see that will help further.
> 
> I had to add my own debugging lines to figure out what's wrong
> 
> 
> >
> > LXC, LXD and LXCFS services are reported running by systemd.
> >
> > Any help greatly appreciated!
> 
> 
> Somewhere close to the end of  lxc.mount.hook I setup debugging line
> to see what the container's cgroup looks like. It shows this
> 
> + ls -la /usr/lib/x86_64-linux-gnu/lxc/sys/fs/cgroup
> total 0
> drwxr-xr-x 12 root root 240 Mar 18 16:25 .
> drwxr-xr-x  7 root root   0 Mar 18 16:15 ..
> drwxr-xr-x  3 root root  60 Mar 18 16:25 blkio
> drwxr-xr-x  3 root root  60 Mar 18 16:25 cpu
> drwxr-xr-x  3 root root  60 Mar 18 16:25 cpuset
> drwxr-xr-x  3 root root  60 Mar 18 16:25 devices
> drwxr-xr-x  3 root root  60 Mar 18 16:25 freezer
> drwxr-xr-x  3 root root  60 Mar 18 16:25 hugetlb
> drwxr-xr-x  3 root root  60 Mar 18 16:25 memory
> drwxr-xr-x  3 root root  60 Mar 18 16:25 net_cls
> drwxr-xr-x  3 root root  60 Mar 18 16:25 perf_event
> drwxr-xr-x  3 root root  60 Mar 18 16:25 systemd

Can you also extract /proc/self/mountinfo at that time please?

It indeed looks like the change to add cgroup and cgroup-full
lxc.mount.auto support into cgfsng with rc11 is causing some trouble.

I'll need to setup a machine where I can reproduce this as none of my
systems are running into this, presumably because they all have cgns
kernels.

> 
> 
> That's probably where the bug lies. cpu and net_cls is already their
> own directory. However lxc.mount.hook tries to create a symlink from
> cpu,cpuset (which will be created and bind-mounted later) to cpu.
> Since that directory already exist, it ended up trying to create
> /usr/lib/x86_64-linux-gnu/lxc/sys/fs/cgroup/cpu/cpu symlink instead of
>  /usr/lib/x86_64-linux-gnu/lxc/sys/fs/cgroup/cpu. Which fails.
> 
> I didn't see a relevant change to lxcfs (rc4->rc6) on the "create
> symlink" behavior, so the bug is probably somewhere in lxc (?) that
> creates "cpu" and "net_cls" cgroup inside the container.
> 
> My workaround:
> 
> # diff -Naru /usr/share/lxcfs/lxc.mount.hook.orig
> /usr/share/lxcfs/lxc.mount.hook
> --- /usr/share/lxcfs/lxc.mount.hook.orig2016-03-18
> 07:32:48.0 +0700
> +++ /usr/share/lxcfs/lxc.mount.hook 2016-03-18 16:26:33.633345802 +0700
> @@ -51,7 +51,13 @@
>  for single in $arr
>  do
>  if [ ! -L ${LXC_ROOTFS_MOUNT}/sys/fs/cgroup/$single ]; 
> then
> -ln -s $DEST ${LXC_ROOTFS_MOUNT}/sys/fs/cgroup/$single
> +if [ -d
> ${LXC_ROOTFS_MOUNT}/sys/fs/cgroup/$single ]; then
> +# a cgroup is already mounted there. Just
> bind-mount ours
> +mount -n --bind $entry
> ${LXC_ROOTFS_MOUNT}/sys/fs/cgroup/$single
> +else
> +# I can simply create a symlink
> +ln -s $DEST
> ${LXC_ROOTFS_MOUNT}/sys/fs/cgroup/$single
> +fi
>  fi
>  done
>  fi
> 
> 
> The comments speak for themselves. That at least allows the container
> to start while waiting for the devs to come up with a proper fix. The
> container ended up with a cgroup directory like this:
> 
> # ls -la /sys/fs/cgroup/
> total 0
> drwxr-xr-x 14 root root 320 Mar 18 16:43 .
> drwxr-xr-x  7 root root   0 Mar 18 16:43 ..
> drwxr-xr-x  3 root root  60 Mar 18 16:43 blkio
> drwxr-xr-x  2 root root   0 Mar 19 05:39 cpu
> drwxr-xr-x  2 root root   0 Mar 19 05:39 cpu,cpuacct
> lrwxrwxrwx  1 root root  11 Mar 18 16:43 cpuacct -> cpu,cpuacct
> drwxr-xr-x  3 root root  60 Mar 18 16:43 cpuset
> drwxr-xr-x  3 root root  60 Mar 18 16:43 devices
> drwxr-xr-x  3 root root  60 Mar 18 16:43 freezer
> drwxr-xr-x  3 root root  60 Mar 18 16:43 hugetlb
> drwxr-xr-x  3 root root  60 Mar 18 16:43 memory
> drwxr-xr-x  2 root root   0 Mar 19 05:39 net_cls
> drwxr-xr-x  2 root root   0 Mar 19 05:39 net_cls,net_prio
> lrwxrwxrwx  1 root root  16 Mar 18 16:43 net_prio -> net_cls,net_prio
> drwxr-xr-x  3 root root  60 Mar 18 16:43

Re: [lxc-users] Systemd support status

2016-03-19 Thread Albert Shih 
 Le 16/03/2016 à 18:50:16+0700, Fajar A. Nugraha a écrit
> > I would like to know what is the status about lxc supporting inside the
> > guest systemd.
>
> It works if you have the prequisite. And since ubuntu is shipping
> lxc/lxd with ubuntu 16.04 (which uses systemd), they should support it
> as well.
>

Nice.

> Not sure what the OFFICIAL status of other distros as containers though.

Ok. But if it's in the plan that's ok for me.

> > Last time I try (some mounth ago, with LXC 1.0.X) I was able to start many
> > guest with classic start script (Debian & Ubuntu) but with systemd (CentOS
> > 7) I got many trouble.
>
> The prequisite includes lxc >= 1.1.x and lxcfs

Ok.

> > As I understand systemd going to be the standard, what would be the status
> > of LXC ?
>
> I assume you use debian jessie host, which is why you're stuck at
> 1.0.x? try backporting lxc from testing. Or use my unofficial
> packages: http://debian-lxc.github.io/

Well...In fact actually I'm using vserver.

When I try lxc I choose 1.0.x because it's say 1.0.x are the stable
version, and for the « virtualisation » i like something stable. When I've
lots of Vm inside, the upgrade for major version is not good for my blood
presure ;-)

I would try with 1.1.x soon.

Regards.

JAS



--
Albert SHIH
DIO bâtiment 15
Observatoire de Paris
5 Place Jules Janssen
92195 Meudon Cedex
France
Téléphone : +33 1 45 07 76 26/+33 6 86 69 95 71
xmpp: j...@obspm.fr
Heure local/Local time:
mer 16 mar 2016 13:57:16 CET
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Wildcard in lxd commands?

2016-03-19 Thread Janne Savikko 

On 03/17/2016 01:03 AM, zzt...@openmailbox.org wrote:

On 2016-03-16 11:12, Serge Hallyn wrote:

Quoting zzt...@openmailbox.org (zzt...@openmailbox.org):

Will wildcards be supported in lxd commands? For example, I'd like
to do this:

  $ lxc info host:*

or

  $ lxc info host:web*

and get info on all containers/containers starting with "web" on host.

Is there a quick/easy way to do something similar now?


See 'lxc help list'.  Filters should get you what you want.


How would I use that in a command?  For example would I stop dozens of
containers whose names begin with "web" using the filter?



lxc list is not the easiest to parse 
(https://github.com/lxc/lxd/issues/882). List uses tablewriter 
(https://github.com/olekukonko/tablewriter) to format output, but it 
does not have option to output e.g. CSV (sure you can use comma as a 
column separator, but you get whitespaces because columns data is 
variable length).


You can not use filters to list running or stopped containers. Lxc start 
or stop do not support filters, only container name (or names). You 
though can always pipe commands if you want to stop dozens of containers 
whose names begin with "web" (note! lxc list keyword filter compares 
from the start of the name, so "lxc list eb" does not work in this case):


  $ lxc list web|grep RUNNING|awk '{ print $2 }'|xargs lxc stop

___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] How to setup a static IP in a container with LX[C|D] 2.0.0.*

2016-03-19 Thread Sean McNamara 
On Fri, Mar 18, 2016 at 11:43 AM, Stéphane Graber  wrote:
> Our stance hasn't changed. LXD doesn't know nor care about layer-3
> networking, all it does is setup your layer-2.
>
> Having LXD pre-initialize your network namespace confuses the heck out
> of a bunch of distros which expect all network to be unconfigured by the
> time they apply their own config (they don't clean things up so
> duplicate entries lead to failure).


Okay.

As someone migrating from OpenVZ (and before that, VMware), one
important use case I was expecting of LXD is that of multi-tenant
boxes, where you need to give root access to a container to the
"tenant", and expect them to adhere to a Terms of Service agreement,
but need to have technical mitigations in place, so that even if they
decide to violate the ToS (or innocently have their box hacked by a
malicious third-party who decides to violate the ToS), access to other
containers and the physical box (host OS) is very difficult to
impossible (pending any undiscovered vulnerabilities or host-side
misconfiguration).

As part of that, I was expecting some way to tell LXD to restrict the
IP addresses that can be claimed/used by a given container. For
instance, if I have a public Internet IPv4 /26 allocated to a physical
host by a hosting provider, I'll want to assign only one or two IP
addresses to each container. Currently, I can have an LXD container
just spuriously decide to use any arbitrary IP, and I haven't found a
way to prevent it from doing that if an untrusted user has root access
in the container. They can just run ifconfig and specify the IP
address they want to use.

How can I configure the host environment (LXD or something else on the
host, assuming I'm running a very recent Ubuntu 16.04 Beta nightly) so
that no packets can be transmitted to/from the guest unless the guest
is using a specific IP or set of IPs? I also want to make sure that no
broadcasting is occurring; i.e., the root user in the container should
not be able to sniff layer 2 and see all the packets going to all the
other containers.

...Or is LXD not suitable for this use case? If it isn't, will it ever be?

Thanks,

Sean



>
>
> Nevertheless, we have recently allowed the following key through raw.lxc:
>  - lxc.network.X.ipv4
>  - lxc.network.X.ipv4.gateway
>  - lxc.network.X.ipv6
>  - lxc.network.X.ipv6.gateway
>
> Note that we require you set the interface index (X above) as mixing
> those raw entris with the LXD generated config would otherwise randomly
> cause an invalid config and container startup failure.
>
>
> The recommended way to manage IPs with LXD is to do it exactly the same
> way you would do it for your VMs or physical machines, so either
> configure your DHCP server to give a static lease or configure the
> container to use a static IP (you can use lxc file pull/push/edit to do
> it on a stopped container).
>
> On Fri, Mar 18, 2016 at 10:18:33AM -0400, Sean McNamara wrote:
>> First of all, there's no such thing as LX[C|D]. You're either using
>> LXC or LXD. They're different enough in their configuration and
>> operation that you can't ask an "either-or" question. Pick one
>> solution and focus on that.
>>
>> I just wanted to chime in to say that I have this same question. I'm
>> stuck using a pre-2.0 release of LXD because it allows me to use the
>> "raw.lxc" config parameter to specify the IP settings for the guest.
>> This configuration parameter was removed at some point prior to the
>> 2.0 RC, so I ended up editing the source code of LXD to bring it back.
>> I haven't found any equivalent configuration that works without using
>> raw.lxc.
>>
>> raw.lxc: 
>> "lxc.network.ipv4=1.2.3.4/32\nlxc.network.ipv4.gateway=5.6.7.8\nlxc.network.hwaddr=00:11:22:33:44:55\nlxc.network.flags=up
>> \ \nlxc.network.mtu=1500\n"
>>   volatile.eth0.hwaddr: 00:11:22:33:44:55
>>   volatile.eth0.name: eth1
>> devices:
>>   eth0:
>> hwaddr: 00:11:22:33:44:55
>> nictype: bridged
>> parent: br0
>>
>> On Ubuntu, you can then set up your bridge as follows in
>> /etc/network/interfaces:
>>
>> auto br0
>> iface br0 inet static
>> address 1.2.3.4
>> netmask 255.255.255.0
>> broadcast 5.6.7.8
>> gateway 9.10.11.12
>> bridge_ports eth0
>> bridge_stp off
>>
>>
>> This is fine with LXD 0.24 that was built about a month before the 2.0
>> release candidates started hitting (and with edited source code to
>> un-block the raw.lxc param) but I'm afraid to upgrade to LXD 2.0
>> because I don't know the way forward.
>>
>> It seems like support for certain basic network topologies are still
>> being worked out with LXD. It should be easy, well-documented and
>> flexible a la OpenVZ, but it's really not, as far as I have seen. The
>> best way to make any progress that I've found thus far is to start
>> learning Google Go and reading the source code.
>>
>> Thanks,
>>
>> Sean
>>
>>
>>
>> On Fri, Mar 18, 2016 at 9:10 AM, Hans Deragon

Re: [lxc-users] Limit file descriptors

2016-03-19 Thread Alan Hoffmeister 
Thanks for the reply, I'm trying to allow root access to my containers so
adjusting limits inside the rootfs isn't a good idea for me.


--
Alan Hoffmeister
https://twitter.com/alan_hoff
https://github.com/alanhoff
https://keybase.io/alanhoff

2016-03-18 3:08 GMT-03:00 Guido Jäkel :

> Dear Alan,
>
> adjust the limits per Container in  /etc/security/limits.conf  , e.g. add
> something like
>
>
> *   hardnofile  8192
> *   softnofile  8000
> *   hardnproc   1024
> *   softnproc   1000
>
> and maybe adjust the values at the host, too.
>
>
> Greetings
>
> Guido
>
>
> On 17.03.2016 00:40, Alan Hoffmeister wrote:
> > Hello folks,
> >
> > I'm having some troubles where one container can drain the amount of file
> > descriptors available in the host system. Does somebody knows how to
> limit
> > file descriptors per container?
> >
> > I'm running lxd v2.0.0.rc3 and lxc v2.0.0.rc10
> >
> > Cheers
> >
> > --
> > Alan Hoffmeister
> > https://twitter.com/alan_hoff
> > https://github.com/alanhoff
> > https://keybase.io/alanhoff
>
>
>
>
> ___
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users