Re: [lxc-users] lxc image import: Could not extract image metadata.yaml from tar
On 26 July 2016 at 22:00, Stéphane Graber wrote: > So I wonder if the issue is the prefixing with ./ that your tarball > appears to have. Thanks for hint. Indeed it's a matter of prefix. So the archive tarball has to be created in a way: ~/meta# tar cJf ../meta.tar.xz * ~/meta# tar tf ../meta.tar.xz metadata.yaml templates/ templates/upstart-override.tpl templates/hostname.tpl templates/hosts.tpl Creating it differently (which practically gives same result in terms of decompression) makes LXD to generate error: ~/meta# tar cJf ../meta.tar.xz . or ~# tar cJf meta.tar.xz -C meta . ~/meta# tar tf ../meta.tar.xz ./ ./metadata.yaml ./templates/ ./templates/upstart-override.tpl ./templates/hostname.tpl ./templates/hosts.tpl ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Can a container modify the host rtc?
Interesting - we've had OVZ containers running as ntp servers, being
granted the ability to set the RTC via the CAP_SYS_TIME capability. (never
more than one per physical host though)
Jake
On Tue, Jul 26, 2016 at 9:58 AM, Stewart Brodie wrote:
> Paul Giordano wrote:
>
> > Running LXD 2.0.3
> >
> > I'm trying to have a container be an ntp server, but the container gets
> an
> > EPERM trying to set the hw clock:
> >
> > clock_settime(CLOCK_REALTIME, {1469546956, 258938000}) = -1 EPERM
> (Operation not permitted)
> > adjtimex(0x7b0d6bf0) = -1 EPERM (Operation not permitted)
> > settimeofday({1469546956, 258938}, NULL) = -1 EPERM (Operation not
> permitted)
> > settimeofday({1469546956, 0}, NULL) = -1 EPERM (Operation not permitted)
> >
> > Is there a way to configure the container to allow access to /dev/rtc0?
>
>
> You won't be able to call those functions from a container not in the
> initial user namespace, even if you possess CAP_SYS_TIME, because of the
> way
> the kernel does its permission checks.
>
> AIUI, this is to prevent containers from being able to do system-wide
> things
> that affect other containers. That affects quite a few things (such as
> access to netlink, ability to mount certain types of device, inserting
> kernel modules, access to the kernel logger)
>
>
> --
> Stewart Brodie
> Senior Software Engineer
> Espial UK
> ___
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] lxc image import: Could not extract image metadata.yaml from tar
On Tue, Jul 26, 2016 at 09:18:16PM +0200, tapczan wrote: > Hello > > I'm trying to create custom LXC image. I've create root file system > tarball (rootfs.tar.xz - directly at its root) and meta tar ball: > > # file meta.tar.xz > meta.tar.xz: XZ compressed data > > # tar tf meta.tar.xz > ./ > ./metadata.yaml > ./templates/ > ./templates/upstart-override.tpl > ./templates/hostname.tpl > ./templates/hosts.tpl > > metadata.yaml is at root in the archive > > But import finished with error: > > # lxc image import meta.tar.xz rootfs.tar.xz > Transferring image: 100% > error: Could not extract image metadata.yaml from tar: exit status 2 > (tar: metadata.yaml: Not found in archive) > > Any idea where to find any hint on this? root@castiana:~# tar tf /var/lib/lxd/images/628c432840e1aedc44006d3c6f7ace79d50753d2267b159289cd2e7490f2348f metadata.yaml templates/ templates/upstart-override.tpl templates/cloud-init-meta.tpl templates/interfaces.tpl templates/cloud-init-user.tpl templates/cloud-init-vendor.tpl So I wonder if the issue is the prefixing with ./ that your tarball appears to have. -- Stéphane Graber Ubuntu developer http://www.ubuntu.com signature.asc Description: PGP signature ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Can a container modify the host rtc?
Paul Giordano wrote:
> Running LXD 2.0.3
>
> I'm trying to have a container be an ntp server, but the container gets an
> EPERM trying to set the hw clock:
>
> clock_settime(CLOCK_REALTIME, {1469546956, 258938000}) = -1 EPERM
(Operation not permitted)
> adjtimex(0x7b0d6bf0) = -1 EPERM (Operation not permitted)
> settimeofday({1469546956, 258938}, NULL) = -1 EPERM (Operation not
permitted)
> settimeofday({1469546956, 0}, NULL) = -1 EPERM (Operation not permitted)
>
> Is there a way to configure the container to allow access to /dev/rtc0?
You won't be able to call those functions from a container not in the
initial user namespace, even if you possess CAP_SYS_TIME, because of the way
the kernel does its permission checks.
AIUI, this is to prevent containers from being able to do system-wide things
that affect other containers. That affects quite a few things (such as
access to netlink, ability to mount certain types of device, inserting
kernel modules, access to the kernel logger)
--
Stewart Brodie
Senior Software Engineer
Espial UK
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] lxc image import: Could not extract image metadata.yaml from tar
Hello I'm trying to create custom LXC image. I've create root file system tarball (rootfs.tar.xz - directly at its root) and meta tar ball: # file meta.tar.xz meta.tar.xz: XZ compressed data # tar tf meta.tar.xz ./ ./metadata.yaml ./templates/ ./templates/upstart-override.tpl ./templates/hostname.tpl ./templates/hosts.tpl metadata.yaml is at root in the archive But import finished with error: # lxc image import meta.tar.xz rootfs.tar.xz Transferring image: 100% error: Could not extract image metadata.yaml from tar: exit status 2 (tar: metadata.yaml: Not found in archive) Any idea where to find any hint on this? ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] CirrOS on OpenStack using LXD as a hypervisor
I didn't know that. Thank you very much. It worked! On Tue, Jul 26, 2016 at 6:36 PM, Serge E. Hallyn wrote: > Well, cirros does not in fact have /bin/bash :) Try /bin/sh. > > Quoting Muneeb Ahmad (muneeb.ganda...@gmail.com): > > Thank you for your reply. I tried the way you suggested. ran a lxc cirros > > container and replaced lxd container's rootfs with lxc container's. > > Restarted it and when I try to enter it with 'lxc exec /bin/bash', > > nothing happens. > > In lxc.log, i get an error. Any ideas? > > "ERRORlxc_attach - attach.c:lxc_attach_run_command:1226 - No such > file > > or directory - failed to exec '/bin/bash'" > > > > On Tue, Jul 19, 2016 at 5:38 PM, Serge E. Hallyn > wrote: > > > > > Quoting Muneeb Ahmad (muneeb.ganda...@gmail.com): > > > > Hi guys, > > > > > > > > First of all I greatly appreciate the work you guys have been doing. > > > > My question is about CirrOS. I have deployed OpenStack with nova-lxd > > > > through devstack. Is there any way I can run CirrOS on it as far as I > > > read, > > > > it's not available for LXD yet. Any help? > > > > > > Odd, that surprises me, I thought images.linuxcontainers.org had that. > > > But, > > > you create a lxc cirros container, create a dummy lxd container, copy > the > > > lxc rootfs over into it, then (once verified everything is working) > publish > > > that lxd container as a new image that you can launch containers from. > > > It's > > > a hastle, but only the first time. > > > ___ > > > lxc-users mailing list > > > lxc-users@lists.linuxcontainers.org > > > http://lists.linuxcontainers.org/listinfo/lxc-users > > > ___ > > lxc-users mailing list > > lxc-users@lists.linuxcontainers.org > > http://lists.linuxcontainers.org/listinfo/lxc-users > > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users > ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] Can a container modify the host rtc?
Running LXD 2.0.3
I'm trying to have a container be an ntp server, but the container gets an
EPERM trying to set the hw clock:
clock_settime(CLOCK_REALTIME, {1469546956, 258938000}) = -1 EPERM (Operation
not permitted)
adjtimex(0x7b0d6bf0) = -1 EPERM (Operation not permitted)
settimeofday({1469546956, 258938}, NULL) = -1 EPERM (Operation not permitted)
settimeofday({1469546956, 0}, NULL) = -1 EPERM (Operation not permitted)
Is there a way to configure the container to allow access to /dev/rtc0?
Paul Giordano
Systems Administrator
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] CirrOS on OpenStack using LXD as a hypervisor
Well, cirros does not in fact have /bin/bash :) Try /bin/sh. Quoting Muneeb Ahmad (muneeb.ganda...@gmail.com): > Thank you for your reply. I tried the way you suggested. ran a lxc cirros > container and replaced lxd container's rootfs with lxc container's. > Restarted it and when I try to enter it with 'lxc exec /bin/bash', > nothing happens. > In lxc.log, i get an error. Any ideas? > "ERRORlxc_attach - attach.c:lxc_attach_run_command:1226 - No such file > or directory - failed to exec '/bin/bash'" > > On Tue, Jul 19, 2016 at 5:38 PM, Serge E. Hallyn wrote: > > > Quoting Muneeb Ahmad (muneeb.ganda...@gmail.com): > > > Hi guys, > > > > > > First of all I greatly appreciate the work you guys have been doing. > > > My question is about CirrOS. I have deployed OpenStack with nova-lxd > > > through devstack. Is there any way I can run CirrOS on it as far as I > > read, > > > it's not available for LXD yet. Any help? > > > > Odd, that surprises me, I thought images.linuxcontainers.org had that. > > But, > > you create a lxc cirros container, create a dummy lxd container, copy the > > lxc rootfs over into it, then (once verified everything is working) publish > > that lxd container as a new image that you can launch containers from. > > It's > > a hastle, but only the first time. > > ___ > > lxc-users mailing list > > lxc-users@lists.linuxcontainers.org > > http://lists.linuxcontainers.org/listinfo/lxc-users > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] removing cgmanager
Hi everyone, I'm intending to remove cgmanager from Debian. Upstream and distro maintainers all agree this is the right thing to do, but I don't want this to come as a surprise to anyone - so wanted to send out one last email warning and asking if anyone is depending on it. I've said I'll act on Aug 9, but I may just do it earlier to get it over with. The replacement for cgmanager's functionality is cgroup namespaces and lxcfs. I may well write a replacement for the cgm command line tool (though if someone else has time or has already written one, that'd be even better), as well as a small boot time tool for configuring cgroups. No need for +1's, please just reply if this throws a monkey wrench into your plans. -serge ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] lxc-create using offline mode
HI, I found this: https://lists.linuxcontainers.org/pipermail/lxc-devel/2014-July/009784.html I followed the description for Ubuntu Xenial amd64. root@fcubi:~# LANG="C";lxc-create -n lub7 -t ubuntu -- -r xenial -a amd64 Checking cache download in /var/cache/lxc/xenial/rootfs-amd64 ... Copy /var/cache/lxc/xenial/rootfs-amd64 to /var/lib/lxc/lub7/rootfs ... Copying rootfs to /var/lib/lxc/lub7/rootfs ... /usr/share/lxc/templates/lxc-ubuntu: line 95: /var/lib/lxc/lub7/rootfs/etc/network/interfaces: No such file or directory lxc-create: lxccontainer.c: create_run_template: 1290 container creation template for lub7 failed lxc-create: lxc_create.c: main: 318 Error creating container lub7 lxc-create doesn't work with our auth Squid proxy so I have to download the rootfs manually. I can setup a new container by hand (unpacking the rootfs and making a new config file) but I'd like to use lxc-create. Is that possible in "offline" mode? TIA, Ruzsi ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] CirrOS on OpenStack using LXD as a hypervisor
Thank you for your reply. I tried the way you suggested. ran a lxc cirros container and replaced lxd container's rootfs with lxc container's. Restarted it and when I try to enter it with 'lxc exec /bin/bash', nothing happens. In lxc.log, i get an error. Any ideas? "ERRORlxc_attach - attach.c:lxc_attach_run_command:1226 - No such file or directory - failed to exec '/bin/bash'" On Tue, Jul 19, 2016 at 5:38 PM, Serge E. Hallyn wrote: > Quoting Muneeb Ahmad (muneeb.ganda...@gmail.com): > > Hi guys, > > > > First of all I greatly appreciate the work you guys have been doing. > > My question is about CirrOS. I have deployed OpenStack with nova-lxd > > through devstack. Is there any way I can run CirrOS on it as far as I > read, > > it's not available for LXD yet. Any help? > > Odd, that surprises me, I thought images.linuxcontainers.org had that. > But, > you create a lxc cirros container, create a dummy lxd container, copy the > lxc rootfs over into it, then (once verified everything is working) publish > that lxd container as a new image that you can launch containers from. > It's > a hastle, but only the first time. > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
