Re: [lxc-users] LXC unpreviliged problem with aufs mounted on nfs
Hi,All,
BTW, my aufs version is aufs4.
And it will fail to run: useradd newuser in the container's bash with nfs
aufs mount. The result is : useradd: failure while writing changes to
/etc/shadow
Best Regards
Michael Mao
hom...@163.com
From: hom...@163.com
Date: 2020-03-21 08:51
To: lxc-users
Subject: LXC unpreviliged problem with aufs mounted on nfs
Hi, All,
I am working on my project that needs to use aufs as a backend for the LXC.
If I set the local branch as the first rw branch for aufs, as:
mount -t aufs -o br=/home/{lxcname}/data=rw:/home/base/rootfs=ro none
/var/lib/lxc/containers/{lxcname}/rootfs
the LXC works well in unpreviliged mode, I can modify any file in the
container's bash as a root user.
Buf if I set the nfs branch as the first rw branch, as:
mount -t aufs -o br=/nfsmountpoint=rw:/home/base/rootfs=ro none
/var/lib/lxc/containers/{lxcname}/rootfs
the LXC can start up in unpreviliged mode, but I can't modify the files
which's ownner is not root. It seems not working in unpreviliged mode.
My nfs version is nfsv4, and LXC is the latest version.
Please help me , thanks very much.
Best Regards.
Michael Mao
hom...@163.com
From: lxc-users-request
Date: 2020-03-21 07:26
To: lxc-users
Subject: lxc-users Digest, Vol 319, Issue 5
Send lxc-users mailing list submissions to
lxc-users@lists.linuxcontainers.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.linuxcontainers.org/listinfo/lxc-users
or, via email, send a message with subject or body 'help' to
lxc-users-requ...@lists.linuxcontainers.org
You can reach the person managing the list at
lxc-users-ow...@lists.linuxcontainers.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of lxc-users digest..."
Today's Topics:
1. Quick Question (Ray Jender)
2. Re: Quick Question (Tomasz Chmielewski)
3. Re: Quick Question (Ray Jender)
4. Re: Quick Question (Narcis Garcia)
5. Re: Quick Question (Saint Michael)
6. Re: Updating to LXC 3.2.1 fails (Andrey Repin)
7. Re: Updating to LXC 3.2.1 fails (Saint Michael)
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] LXC unpreviliged problem with aufs mounted on nfs
Hi, All,
I am working on my project that needs to use aufs as a backend for the LXC.
If I set the local branch as the first rw branch for aufs, as:
mount -t aufs -o br=/home/{lxcname}/data=rw:/home/base/rootfs=ro none
/var/lib/lxc/containers/{lxcname}/rootfs
the LXC works well in unpreviliged mode, I can modify any file in the
container's bash as a root user.
Buf if I set the nfs branch as the first rw branch, as:
mount -t aufs -o br=/nfsmountpoint=rw:/home/base/rootfs=ro none
/var/lib/lxc/containers/{lxcname}/rootfs
the LXC can start up in unpreviliged mode, but I can't modify the files
which's ownner is not root. It seems not working in unpreviliged mode.
My nfs version is nfsv4, and LXC is the latest version.
Please help me , thanks very much.
Best Regards.
Michael Mao
hom...@163.com
From: lxc-users-request
Date: 2020-03-21 07:26
To: lxc-users
Subject: lxc-users Digest, Vol 319, Issue 5
Send lxc-users mailing list submissions to
lxc-users@lists.linuxcontainers.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.linuxcontainers.org/listinfo/lxc-users
or, via email, send a message with subject or body 'help' to
lxc-users-requ...@lists.linuxcontainers.org
You can reach the person managing the list at
lxc-users-ow...@lists.linuxcontainers.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of lxc-users digest..."
Today's Topics:
1. Quick Question (Ray Jender)
2. Re: Quick Question (Tomasz Chmielewski)
3. Re: Quick Question (Ray Jender)
4. Re: Quick Question (Narcis Garcia)
5. Re: Quick Question (Saint Michael)
6. Re: Updating to LXC 3.2.1 fails (Andrey Repin)
7. Re: Updating to LXC 3.2.1 fails (Saint Michael)
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Updating to LXC 3.2.1 fails
I made lxc 3.2.1 it work, but networking ipvlan is not working at all. I found a solution that works as by miracle, to create the ipvlan interfaces first in the box, then to use type=phys in the container. But this means something is not right in version 3.2.1. I use Vmware ESXi, maybe that us an issue, but 99% of companies do the same. Very few people still use physical boxes, we are all virtual. On Fri, Mar 20, 2020 at 6:50 PM Andrey Repin wrote: > Greetings, Saint Michael! > > > I am using Ubuntu 18.04. In order to update to lxc 3.2.1 (since I need > > ipvlan), I downloaded the tarball and compiled, installed, etc. > > How about not doing that? > > > https://launchpad.net/~ubuntu-lxc/+archive/ubuntu/lxc-git-master?field.series_filter=bionic > > > Previously I "apt remove --purge" every package with the word lcx in the > name. > > > But now lxc-ls shows nothing. what am I missing? > > what is the right way to update lxc in Ubuntu from the current version? > > Just update from the right source. > > > -- > With best regards, > Andrey Repin > Saturday, March 21, 2020 0:55:37 > > Sorry for my terrible english... > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users > ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Updating to LXC 3.2.1 fails
Greetings, Saint Michael! > I am using Ubuntu 18.04. In order to update to lxc 3.2.1 (since I need > ipvlan), I downloaded the tarball and compiled, installed, etc. How about not doing that? https://launchpad.net/~ubuntu-lxc/+archive/ubuntu/lxc-git-master?field.series_filter=bionic > Previously I "apt remove --purge" every package with the word lcx in the name. > But now lxc-ls shows nothing. what am I missing? > what is the right way to update lxc in Ubuntu from the current version? Just update from the right source. -- With best regards, Andrey Repin Saturday, March 21, 2020 0:55:37 Sorry for my terrible english... ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Quick Question
Yes, that is correct. I installed LXC 3.2.1, and I am using now ipvlan, which allows the same MAC to be used in a container as in the host. But I cannot ping anything. Unless to use ipvlan I need to do something else. My kernel is 5.30 On Fri, Mar 20, 2020 at 8:17 AM Tomasz Chmielewski wrote: > On 2020-03-20 21:07, Ray Jender wrote: > > So if I have an LXD container hosting an application that requires > > some specific ports be open, must those same ports be opened on the > > host OS? > > > > For example, I need udp ports 5000-65000 open in the container. Must > > I also open these ports on the host? > > Does the container have a dedicated, public IP? > > Tomasz Chmielewski > https://lxadm.com > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users > ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Quick Question
Different scenarios I know affect this your question: a) Container has public IP assigned b) Container has own LAN IP c) Container has no own NIC and IP (shares host one) d) ? In scenarios A and B the answer is no. In scenario B take care ports are forwarded through gw/wan router to that IP. Narcis Garcia __ I'm using this dedicated address because personal addresses aren't masked enough at this mail public archive. Public archive administrator should fix this against automated addresses collectors. El 20/3/20 a les 14:08, Ray Jender ha escrit: > No. I access the container using a subdomain (amsc1.mydomain.us). The host > VPS is doing port forwarding of ports 80/443, forwarding to another > container > that is hosting HAproxy. HAproxy redirects to the container hosting the > application based on the subdomain portion of the URL (amsc1). > > My app basically works, but disconnects after 10-15 secs. This has been a > known issue of the app having access to udp ports 5000-65000 which I have > opened, but it > has not resolved the disconnect issue. That's why I am wondering if these > ports need to be opened on the host VPS also? > Thanks, > > Ray > -Original Message- > From: Tomasz Chmielewski [mailto:man...@wpkg.org] > Sent: Friday, March 20, 2020 8:17 AM > To: LXC users mailing-list > Cc: Ray Jender > Subject: Re: [lxc-users] Quick Question > > On 2020-03-20 21:07, Ray Jender wrote: >> So if I have an LXD container hosting an application that requires >> some specific ports be open, must those same ports be opened on the >> host OS? >> >> For example, I need udp ports 5000-65000 open in the container. Must >> I also open these ports on the host? > > Does the container have a dedicated, public IP? > > Tomasz Chmielewski > https://lxadm.com > > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users > ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Quick Question
No. I access the container using a subdomain (amsc1.mydomain.us). The host VPS is doing port forwarding of ports 80/443, forwarding to another container that is hosting HAproxy. HAproxy redirects to the container hosting the application based on the subdomain portion of the URL (amsc1). My app basically works, but disconnects after 10-15 secs. This has been a known issue of the app having access to udp ports 5000-65000 which I have opened, but it has not resolved the disconnect issue. That's why I am wondering if these ports need to be opened on the host VPS also? Thanks, Ray -Original Message- From: Tomasz Chmielewski [mailto:man...@wpkg.org] Sent: Friday, March 20, 2020 8:17 AM To: LXC users mailing-list Cc: Ray Jender Subject: Re: [lxc-users] Quick Question On 2020-03-20 21:07, Ray Jender wrote: > So if I have an LXD container hosting an application that requires > some specific ports be open, must those same ports be opened on the > host OS? > > For example, I need udp ports 5000-65000 open in the container. Must > I also open these ports on the host? Does the container have a dedicated, public IP? Tomasz Chmielewski https://lxadm.com ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] Quick Question
So if I have an LXD container hosting an application that requires some specific ports be open, must those same ports be opened on the host OS? For example, I need udp ports 5000-65000 open in the container. Must I also open these ports on the host? Thanks, Ray ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Quick Question
On 2020-03-20 21:07, Ray Jender wrote: So if I have an LXD container hosting an application that requires some specific ports be open, must those same ports be opened on the host OS? For example, I need udp ports 5000-65000 open in the container. Must I also open these ports on the host? Does the container have a dedicated, public IP? Tomasz Chmielewski https://lxadm.com ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] Updating to LXC 3.2.1 fails
> > I am using Ubuntu 18.04. In order to update to lxc 3.2.1 (since I need >> ipvlan), I downloaded the tarball and compiled, installed, etc. Previously >> I "apt remove --purge" every package with the word lcx in the name. > > But now lxc-ls shows nothing. what am I missing? what is the right way to update lxc in Ubuntu from the current version? >> ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Networking
I use plain LXC, not LXD. is ipvlan supported? Also my containers have public IPs, same network as the host. This is why I cannot use NAT. On Fri, Mar 20, 2020 at 12:02 AM Fajar A. Nugraha wrote: > On Thu, Mar 19, 2020 at 12:02 AM Saint Michael wrote: > > > > The question is: how do we share the networking from the host to the > containers, all of if. each container will use one IP, but they could see > all the IPs in the host. This will solve the issue, since a single network > interface, single MAC address, can be associated with hundreds of IP > addresses. > > If you mean "how can a container has it's own ip on the same network > as the host, while also sharing the hosts's mac address", there are > several ways. > > The most obvious one is nat. You NAT each host's IP address to > corresponding vms. > > > A new-ish (but somewhat cumbersome) method is to use ipvlan: > https://lxd.readthedocs.io/en/latest/instances/#nictype-ipvlan > > e.g.: > > # lxc config show tiny > ... > devices: > eth0: > ipv4.address: 10.0.3.101 > name: eth0 > nictype: ipvlan > parent: eth0 > type: nic > > set /etc/resolv.conf on the container manually, and disable network > interface setup inside the container. You'd end up with something like > this inside the container: > > tiny:~# ip ad li eth0 > 10: eth0@if65: mtu 1500 > qdisc noqueue state UNKNOWN qlen 1000 > ... > inet 10.0.3.101/32 brd 255.255.255.255 scope global eth0 > ... > > tiny:~# ip r > default dev eth0 > > > Other servers on the network will see the container using the host's MAC > > # arp -n 10.0.3.162 <=== the host > Address HWtype HWaddress Flags Mask > Iface > 10.0.3.162 ether 00:16:3e:77:1f:92 C > eth0 > > # arp -n 10.0.3.101 <=== the container > Address HWtype HWaddress Flags Mask > Iface > 10.0.3.101 ether 00:16:3e:77:1f:92 C > eth0 > > > if you use plain lxc instead of lxd, look for similar configuration. > > -- > Fajar > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users > ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
