Re: [lxc-users] LXD lxc start
Hi, Thank you for answer, I solved my problem. It didn't work because I installed dnsmasq outside the one provided by LXD and lxdbr0 wasn't accessible anymore. After removing dnsmasq everything is working fine again. Regards, Goran On 1 August 2016 at 20:39, Tycho Andersen wrote: > On Sat, Jul 30, 2016 at 05:12:46PM +0200, Goran Brkuljan wrote: > > Hi, > > > > I am suddenly missing lxdbr0, and I am getting errror while starting lxc > > container. > > What's the output of `journalctl -u lxd-bridge`? > > Tycho > > > lxc start app01 > > error: Error calling 'lxd forkstart app01 /var/lib/lxd/containers > > /var/log/lxd/app01/lxc.conf': err='exit status 1' > > Try `lxc info --show-log app01` for more info > > > > Also when I try '*sudo dpkg-reconfigure -p medium lxd*' lxd bridge is not > > created. > > > > Lxd log in attachment. > > > > Regards, > > > > Goran > > > lxc info --show-log app01, > > > > Name: app01 > > Architecture: x86_64 > > Created: 2016/07/10 14:13 UTC > > Status: Stopped > > Type: persistent > > Profiles: default > > > > Log: > > > > lxc 20160730170007.032 INFO lxc_start - > start.c:lxc_check_inherited:251 - closed inherited fd 3 > > lxc 20160730170007.032 INFO lxc_start - > start.c:lxc_check_inherited:251 - closed inherited fd 7 > > lxc 20160730170007.034 INFO lxc_container - > lxccontainer.c:do_lxcapi_start:797 - Attempting to set proc title to [lxc > monitor] /var/lib/lxd/containers app01 > > lxc 20160730170007.034 INFO lxc_start - > start.c:lxc_check_inherited:251 - closed inherited fd 7 > > lxc 20160730170007.034 INFO lxc_lsm - > lsm/lsm.c:lsm_init:48 - LSM security driver AppArmor > > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:parse_config_v2:342 - processing: .reject_force_umount # comment > this to allow umount -f; not recommended. > > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:parse_config_v2:446 - Adding native rule for reject_force_umount > action 0 > > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:do_resolve_add_rule:216 - Setting seccomp rule to reject force > umounts > > > > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:parse_config_v2:449 - Adding compat rule for reject_force_umount > action 0 > > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:do_resolve_add_rule:216 - Setting seccomp rule to reject force > umounts > > > > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:parse_config_v2:342 - processing: .[all]. > > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:parse_config_v2:342 - processing: .kexec_load errno 1. > > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:parse_config_v2:446 - Adding native rule for kexec_load action > 327681 > > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:parse_config_v2:449 - Adding compat rule for kexec_load action > 327681 > > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:parse_config_v2:342 - processing: .open_by_handle_at errno 1. > > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:parse_config_v2:446 - Adding native rule for open_by_handle_at > action 327681 > > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:parse_config_v2:449 - Adding compat rule for open_by_handle_at > action 327681 > > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:parse_config_v2:342 - processing: .init_module errno 1. > > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:parse_config_v2:446 - Adding native rule for init_module action > 327681 > > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:parse_config_v2:449 - Adding compat rule for init_module action > 327681 > > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:parse_config_v2:342 - processing: .finit_module errno 1. > > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:parse_config_v2:446 - Adding native rule for finit_module action > 327681 > > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:parse_config_v2:449 - Adding compat rule for finit_module action > 327681 > > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:parse_config_v2:342 - processing: .delete_module errno 1. > > lxc 20160730170007.035 INFO lxc_seccomp - > seccomp.c:parse_config_v2:446 - Adding native rule for delete_module action > 327681 > > lxc 20160730170007.035 INFO lxc_seccomp - > seccomp.c:parse_config_v2:449 - Adding compat rule for delete_module action > 327681 > > lxc 20160730170007.035 INFO lxc_seccomp - > seccomp.c:parse_config_v2:456 - Merging in the compat seccomp ctx into the > main one > > lxc 20160730170007.035 INFO lxc_conf - > conf.c:run_script_argv:367 -
[lxc-users] Importing LXD images with split tarballs from URL?
Hi, Is there a way to import images with separate metadata and data tarballs from a URL? We want to use S3 to distribute some images as generated by "lxd export" (which generates a separate `meta-` tarball for metadata); however it seems that the URL import flow (with LXD-Image-Hash/URL) only supports using a single tarball. Thanks ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] undefined symbol: current_config on custom-compiled lxc2
On Mon, Jul 18, 2016 at 04:17:48PM +0300, Nikolay Borisov wrote: > Hello List, > > > So I tried compiling boh lxc 2.0 from github as well as the 2.0.3 stable > package from the web page. Everything went fine: > > > Environment: > - compiler: gcc > - distribution: centos > - init script type(s): sysvinit > - rpath: no > - GnuTLS: no > - Bash integration: yes > > Security features: > - Apparmor: no > - Linux capabilities: yes > - seccomp: yes > - SELinux: yes > - cgmanager: no > > Bindings: > - lua: yes > - python3: yes > > Documentation: > - examples: yes > - API documentation: yes > - user documentation: yes > > Debugging: > - tests: no > - mutex debugging: no > > Paths: > - Logs in configpath: no > > > However, when I try running lxc-create or lxc-start I get the following > error: lxc-start: symbol lookup error: lxc-start: undefined symbol: > current_config. Ldd on the lxc-ls binary shows that all libraries are > resolved. This is on centos 6.7 box with 4.4 kernel. Any ideas? What is the actual output of ldd? I suspect you're picking up the system's liblxc with your custom compiled lxc binaries, which if the system's liblxc is old enough will cause problems. ldconfig -v may shed some light. Tycho ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] LXD lxc start
On Sat, Jul 30, 2016 at 05:12:46PM +0200, Goran Brkuljan wrote: > Hi, > > I am suddenly missing lxdbr0, and I am getting errror while starting lxc > container. What's the output of `journalctl -u lxd-bridge`? Tycho > lxc start app01 > error: Error calling 'lxd forkstart app01 /var/lib/lxd/containers > /var/log/lxd/app01/lxc.conf': err='exit status 1' > Try `lxc info --show-log app01` for more info > > Also when I try '*sudo dpkg-reconfigure -p medium lxd*' lxd bridge is not > created. > > Lxd log in attachment. > > Regards, > > Goran > lxc info --show-log app01, > > Name: app01 > Architecture: x86_64 > Created: 2016/07/10 14:13 UTC > Status: Stopped > Type: persistent > Profiles: default > > Log: > > lxc 20160730170007.032 INFO lxc_start - > start.c:lxc_check_inherited:251 - closed inherited fd 3 > lxc 20160730170007.032 INFO lxc_start - > start.c:lxc_check_inherited:251 - closed inherited fd 7 > lxc 20160730170007.034 INFO lxc_container - > lxccontainer.c:do_lxcapi_start:797 - Attempting to set proc title to [lxc > monitor] /var/lib/lxd/containers app01 > lxc 20160730170007.034 INFO lxc_start - > start.c:lxc_check_inherited:251 - closed inherited fd 7 > lxc 20160730170007.034 INFO lxc_lsm - lsm/lsm.c:lsm_init:48 - > LSM security driver AppArmor > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:parse_config_v2:342 - processing: .reject_force_umount # comment > this to allow umount -f; not recommended. > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:parse_config_v2:446 - Adding native rule for reject_force_umount > action 0 > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:do_resolve_add_rule:216 - Setting seccomp rule to reject force > umounts > > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:parse_config_v2:449 - Adding compat rule for reject_force_umount > action 0 > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:do_resolve_add_rule:216 - Setting seccomp rule to reject force > umounts > > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:parse_config_v2:342 - processing: .[all]. > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:parse_config_v2:342 - processing: .kexec_load errno 1. > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:parse_config_v2:446 - Adding native rule for kexec_load action > 327681 > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:parse_config_v2:449 - Adding compat rule for kexec_load action > 327681 > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:parse_config_v2:342 - processing: .open_by_handle_at errno 1. > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:parse_config_v2:446 - Adding native rule for open_by_handle_at > action 327681 > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:parse_config_v2:449 - Adding compat rule for open_by_handle_at > action 327681 > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:parse_config_v2:342 - processing: .init_module errno 1. > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:parse_config_v2:446 - Adding native rule for init_module action > 327681 > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:parse_config_v2:449 - Adding compat rule for init_module action > 327681 > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:parse_config_v2:342 - processing: .finit_module errno 1. > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:parse_config_v2:446 - Adding native rule for finit_module action > 327681 > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:parse_config_v2:449 - Adding compat rule for finit_module action > 327681 > lxc 20160730170007.034 INFO lxc_seccomp - > seccomp.c:parse_config_v2:342 - processing: .delete_module errno 1. > lxc 20160730170007.035 INFO lxc_seccomp - > seccomp.c:parse_config_v2:446 - Adding native rule for delete_module action > 327681 > lxc 20160730170007.035 INFO lxc_seccomp - > seccomp.c:parse_config_v2:449 - Adding compat rule for delete_module action > 327681 > lxc 20160730170007.035 INFO lxc_seccomp - > seccomp.c:parse_config_v2:456 - Merging in the compat seccomp ctx into the > main one > lxc 20160730170007.035 INFO lxc_conf - > conf.c:run_script_argv:367 - Executing script '/usr/bin/lxd callhook > /var/lib/lxd 165 start' for container 'app01', config section 'lxc' > lxc 20160730170007.035 INFO lxc_start - > start.c:lxc_check_inherited:251 - closed inherited fd 3 > lxc 20160730170007.035 INFO lxc_start - > start.c:lxc_check_inherited:251 - closed inherited fd 7 >
Re: [lxc-users] how to determine if in LXD
On Mon, Aug 01, 2016 at 04:01:00PM +0200, tapczan wrote: > Hello > > There is an easy way to determine if I'm in LXC, content of file > /proc/self/cgroup shows path with /lxc, eg: > > 2:cpu:/lxc/host > > However in LXD this rule is no longer valid: > > 2:cpu:/ > > It looks like real host from that point of view. > > So tools like chef OHAI have issue in determining virtualisation role > and status. > > Is there as easy way to determine if I'm inside LXD container? Try `systemd-detect-virt` on systemd-based distros, or `running-in-container` on upstart-based distros. Tycho > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] I think terminology of LXD & LXC still confuses newcomers
Hi! New user here (first post!) been using LXC/LXD for a few weeks. First, awesome project, wish I had discovered it sooner. Second. I totally agree with this statement. As someone who is learning all about LXC/LXD I was completely confused about commands and syntax in the beginning. I started reading LXD tutorials with only LXC installed and was frustrated when commands weren't working. Got LXD installed and was happy things were working properly, but then some of my LXC tutorials no longer were relevant. I wondered why the LXD team just didn't use lxd to begin with. In the end I found Stephane Graber's excellent tutorials and have only been learning/using LXD commands. Things definitely would have been easier if they were separated from the start. ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] I think terminology of LXD & LXC still confuses newcomers
> *lxc list* I think LXD should not call the binary 'lxc'. Maybe it would cause less confusion when called 'lxd'.. LXD is not the only project which uses LXC a base. For example, Proxmox VE also provide a front-end for LXC (called 'pct'). And it is still valid to use the 'old' lxc-XXX style commands. ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] I think terminology of LXD & LXC still confuses newcomers
Long time users of LXC and now LXD understand the difference & difference of purpose. However, it seems to me that for newcomers to LXD the continuance of reference to LXC seems to cause confusion for those people when doing google searches & they find CLI references/examples for the original LXC syntax. Then they have problems with LXD because of that confusion. example: https://linuxcontainers.org/lxd/introduction/ describes LXD as.. *LXD isn't a rewrite of LXC, in fact it's building on top of LXC to provide a new,better user experience. Under the hood, LXD uses LXC through liblxc and its Go bindingto create and manage the containers.It's basically an alternative to LXC's tools and distribution template systemwith the added features that come from being controllable over the network.* Now if you were "new" to LXC and LXD and do a google search for LXC example use/configs etc you find many examples like: http://www.techrepublic.com/blog/linux-and-open-source/how-to-create-lxc-system-containers-to-isolate-services/ where they show use of the old lxc-create command etc or another... https://levlaz.org/installing-node-js-ghost-in-an-ubuntu-14-04-lxc-container/ where again they use the old LXC syntax to implement node.js in LXC. etc. People follow those types of original LXC examples (or others) and then can't figure out why when with LXD installed they don't see their containers by doing (again just an example: *lxc list* or other LXD syntax type commands. Same goes for differences in the "config" file for original LXC vs how an LXD container's confg is accomplised (or even where the files are). The LXD developers have done an incredible job! I'm only asking this question to see, what if anything, can/could be done to lessen confusion encountered by new LXD users. Especially those that then go out and google "lxc" and find so many examples of the "old" lxc usage/implementations/configurations? Brian ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] How to set up multiple secure (SSL/TLS, Qualys SSL Labs A+) websites using LXD containers
Yes, LXD Containers is what I would use. I often say "LXC/LXD containers" just to remember that LXD is not a container technology and it's require LXC to works :) Great articles btw . thanks for sharing that on the list. Cordialement, Benoît G De: "Eric" À: "lxc-users" , "Simos Xenitellis" Envoyé: Dimanche 31 Juillet 2016 16:30:38 Objet: Re: [lxc-users] How to set up multiple secure (SSL/TLS, Qualys SSL Labs A+) websites using LXD containers On July 31, 2016 4:22:28 PM EDT, Simos Xenitellis wrote: >Hi All, > >I have written a few articles on LXD containers and here is the latest, >https://simos.info/blog/how-to-set-up-multiple-secure-ssltls-qualys-ssl-labs-a-websites-using-lxd-containers/ > > >It's about putting websites in different containers, and getting them >accessed through HAProxy (also in a container), as a TLS Termination >proxy. > >LetsEncrypt is used to provide certificates, however it runs outside >of the containers. If you have an idea on how to run it inside a >container, please tell me. > >In this specific article I omit to mention the nginx configuration so >that it delivers to IP address of the client to the web servers (as >is, the logs show the HAProxy IP address). > >I will probably write a few more articles. > >I use the term "LXD containers"; I am quite happy with it, if you have >another suggestion, please tell me. > >Simos >___ >lxc-users mailing list >lxc-users@lists.linuxcontainers.org >http://lists.linuxcontainers.org/listinfo/lxc-users "LXD containers" help distinguish between "old LXC" and "new LXC + LXD" ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] how to determine if in LXD
Hello There is an easy way to determine if I'm in LXC, content of file /proc/self/cgroup shows path with /lxc, eg: 2:cpu:/lxc/host However in LXD this rule is no longer valid: 2:cpu:/ It looks like real host from that point of view. So tools like chef OHAI have issue in determining virtualisation role and status. Is there as easy way to determine if I'm inside LXD container? ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users