Re: [lxc-users] Fwd: ciab errors in update/upgrade of nested container - these are the packages

[brian mullan]

Stephane

I just tried enabling nesting on the "child" container
then entered it and tried

apt-get update
apt-get upgrade -y

still get the same errors...

Brian


On Fri, Mar 15, 2019 at 11:36 AM brian mullan 
wrote:

> Stephane
>
> Thanks... I've tried everything else I could think of so I'll give that a
> shot and see what happens.
>
> A few months ago I think this all worked but my memory is so good anymore
> :-)
>
> I'll let you know what happens.
>
> Brian
>
>
>
> On Fri, Mar 15, 2019 at 11:19 AM Stéphane Graber 
> wrote:
>
>> On Fri, Mar 15, 2019 at 10:41:55AM -0400, brian mullan wrote:
>> > I am encountering a strange problem with Nested LXD on AWS EC2 Ubuntu
>> 18.04
>> > instances...
>> >
>> >
>> > >
>> > >
>> > >
>> > >
>> > > *snap2.37.4snapd   2.37.4series  16ubuntu  18.04kernel
>> > > 4.15.0-46-genericLXD 3.11*
>> >
>> >
>> > In my AWS 18.04 host I install SNAP LXD and create an Ubuntu 18.04
>> > container lets call *"parent"*
>> >
>> > I enable Nesting for *"parent"*
>> >
>> > I enter "parent" and  apt-get update, apt-get upgrade ... no problem
>> >
>> > In "parent" I also install SNAP LXD and create an Ubuntu 18.04 container
>> > lets call *"child"*
>> >
>> > I enter "child" and when I try to "*apt-get update, apt-get upgrade*"
>> ... I
>> > see the very *same* packages to be upgraded
>> > as I did when I upgrade "*parent*" ... however in *"child"* I get errors
>> > related to apport, udev ??
>> >
>> > I also see failure messages related to systemd-networkd.service access
>> > denied etc (see below)
>> >
>> > Note:  I tried this on a local KVM Ubuntu 18.04 VM
>> >
>> > *These are some of the packages that would be updated/upgraded in BOTH
>> the
>> > "parent" and "child" Ubuntu 18.04 container on an AWS EC2 Ubuntu Bionic
>> > instance:*
>> >
>> > The following package was automatically installed and is no longer
>> required:
>> >   libfreetype6
>> > Use 'apt autoremove' to remove it.
>> > The following packages will be upgraded:
>> >   *apport* libnss-systemd libpam-modules libpam-modules-bin
>> libpam-runtime
>> > libpam-systemd libpam0g libseccomp2 libsystemd0 libudev1
>> >   libxcb1 python3-apport python3-problem-report snapd systemd
>> systemd-sysv*
>> > udev*
>> > 17 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
>> > Need to get 19.9 MB of archives.
>> > After this operation, 49.2 kB of additional disk space will be used.
>> > Do you want to continue? [Y/n]
>> >
>> > *Here are some of the errors that result...*
>> >
>> > (Reading database ... 28595 files and directories currently installed.)
>> > Preparing to unpack .../libpam-runtime_1.1.8-3.6ubuntu2.18.04.1_all.deb
>> ...
>> > Unpacking libpam-runtime (1.1.8-3.6ubuntu2.18.04.1) over
>> (1.1.8-3.6ubuntu2)
>> > ...
>> > Setting up libpam-runtime (1.1.8-3.6ubuntu2.18.04.1) ...
>> > Setting up systemd (237-3ubuntu10.15) ...
>> > *Failed to try-restart systemd-networkd.service: Access denied*
>> > See system logs and 'systemctl status systemd-networkd.service' for
>> details.
>> > *Failed to try-restart systemd-resolved.service: Access denied*
>> > See system logs and 'systemctl status systemd-resolved.service' for
>> details.
>> > *Failed to try-restart systemd-timesyncd.service: Access denied*
>> > See system logs and 'systemctl status systemd-timesyncd.service' for
>> > details.
>> > *Failed to try-restart systemd-journald.service: Access denied*
>> > See system logs and 'systemctl status systemd-journald.service' for
>> details.
>> > (Reading database ... 28595 files and directories currently installed.)
>> > Preparing to unpack .../systemd-sysv_237-3ubuntu10.15_amd64.deb ...
>> > Unpacking systemd-sysv (237-3ubuntu10.15) over (237-3ubuntu10.13) ...
>> > Preparing to unpack .../libseccomp2_2.3.1-2.1ubuntu4.1_amd64.deb ...
>> > Unpacking libseccomp2:amd64 (2.3.1-2.1ubuntu4.1) over
>> (2.3.1-2.1ubuntu4) ...
>> > Setting up libseccomp2:amd64 (2.3.1-2.1ubuntu4.1) ...
>> > (Reading database ... 28595 files and directories currently installed.)
>> > Preparing to unpack .../libxcb1_1.13-2~ubuntu18.04_amd6

Re: [lxc-users] Fwd: ciab errors in update/upgrade of nested container - these are the packages

[brian mullan]

Stephane

Thanks... I've tried everything else I could think of so I'll give that a
shot and see what happens.

A few months ago I think this all worked but my memory is so good anymore
:-)

I'll let you know what happens.

Brian



On Fri, Mar 15, 2019 at 11:19 AM Stéphane Graber 
wrote:

> On Fri, Mar 15, 2019 at 10:41:55AM -0400, brian mullan wrote:
> > I am encountering a strange problem with Nested LXD on AWS EC2 Ubuntu
> 18.04
> > instances...
> >
> >
> > >
> > >
> > >
> > >
> > > *snap2.37.4snapd   2.37.4series  16ubuntu  18.04kernel
> > > 4.15.0-46-genericLXD 3.11*
> >
> >
> > In my AWS 18.04 host I install SNAP LXD and create an Ubuntu 18.04
> > container lets call *"parent"*
> >
> > I enable Nesting for *"parent"*
> >
> > I enter "parent" and  apt-get update, apt-get upgrade ... no problem
> >
> > In "parent" I also install SNAP LXD and create an Ubuntu 18.04 container
> > lets call *"child"*
> >
> > I enter "child" and when I try to "*apt-get update, apt-get upgrade*"
> ... I
> > see the very *same* packages to be upgraded
> > as I did when I upgrade "*parent*" ... however in *"child"* I get errors
> > related to apport, udev ??
> >
> > I also see failure messages related to systemd-networkd.service access
> > denied etc (see below)
> >
> > Note:  I tried this on a local KVM Ubuntu 18.04 VM
> >
> > *These are some of the packages that would be updated/upgraded in BOTH
> the
> > "parent" and "child" Ubuntu 18.04 container on an AWS EC2 Ubuntu Bionic
> > instance:*
> >
> > The following package was automatically installed and is no longer
> required:
> >   libfreetype6
> > Use 'apt autoremove' to remove it.
> > The following packages will be upgraded:
> >   *apport* libnss-systemd libpam-modules libpam-modules-bin
> libpam-runtime
> > libpam-systemd libpam0g libseccomp2 libsystemd0 libudev1
> >   libxcb1 python3-apport python3-problem-report snapd systemd
> systemd-sysv*
> > udev*
> > 17 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
> > Need to get 19.9 MB of archives.
> > After this operation, 49.2 kB of additional disk space will be used.
> > Do you want to continue? [Y/n]
> >
> > *Here are some of the errors that result...*
> >
> > (Reading database ... 28595 files and directories currently installed.)
> > Preparing to unpack .../libpam-runtime_1.1.8-3.6ubuntu2.18.04.1_all.deb
> ...
> > Unpacking libpam-runtime (1.1.8-3.6ubuntu2.18.04.1) over
> (1.1.8-3.6ubuntu2)
> > ...
> > Setting up libpam-runtime (1.1.8-3.6ubuntu2.18.04.1) ...
> > Setting up systemd (237-3ubuntu10.15) ...
> > *Failed to try-restart systemd-networkd.service: Access denied*
> > See system logs and 'systemctl status systemd-networkd.service' for
> details.
> > *Failed to try-restart systemd-resolved.service: Access denied*
> > See system logs and 'systemctl status systemd-resolved.service' for
> details.
> > *Failed to try-restart systemd-timesyncd.service: Access denied*
> > See system logs and 'systemctl status systemd-timesyncd.service' for
> > details.
> > *Failed to try-restart systemd-journald.service: Access denied*
> > See system logs and 'systemctl status systemd-journald.service' for
> details.
> > (Reading database ... 28595 files and directories currently installed.)
> > Preparing to unpack .../systemd-sysv_237-3ubuntu10.15_amd64.deb ...
> > Unpacking systemd-sysv (237-3ubuntu10.15) over (237-3ubuntu10.13) ...
> > Preparing to unpack .../libseccomp2_2.3.1-2.1ubuntu4.1_amd64.deb ...
> > Unpacking libseccomp2:amd64 (2.3.1-2.1ubuntu4.1) over (2.3.1-2.1ubuntu4)
> ...
> > Setting up libseccomp2:amd64 (2.3.1-2.1ubuntu4.1) ...
> > (Reading database ... 28595 files and directories currently installed.)
> > Preparing to unpack .../libxcb1_1.13-2~ubuntu18.04_amd64.deb ...
> > Unpacking libxcb1:amd64 (1.13-2~ubuntu18.04) over (1.13-1) ...
> > Preparing to unpack .../python3-problem-report_2.20.9-0ubuntu7.6_all.deb
> ...
> > Unpacking python3-problem-report (2.20.9-0ubuntu7.6) over
> > (2.20.9-0ubuntu7.5) ...
> > Preparing to unpack .../python3-apport_2.20.9-0ubuntu7.6_all.deb ...
> > Unpacking python3-apport (2.20.9-0ubuntu7.6) over (2.20.9-0ubuntu7.5) ...
> > Preparing to unpack .../apport_2.20.9-0ubuntu7.6_all.deb ...
> > *Failed to retrieve unit state: Access denied*
> > *invoke-rc.d: could not determine current runlevel*
> > *Failed t

[lxc-users] Fwd: ciab errors in update/upgrade of nested container - these are the packages

[brian mullan]

I am encountering a strange problem with Nested LXD on AWS EC2 Ubuntu 18.04
instances...


>
>
>
>
> *snap2.37.4snapd   2.37.4series  16ubuntu  18.04kernel
> 4.15.0-46-genericLXD 3.11*


In my AWS 18.04 host I install SNAP LXD and create an Ubuntu 18.04
container lets call *"parent"*

I enable Nesting for *"parent"*

I enter "parent" and  apt-get update, apt-get upgrade ... no problem

In "parent" I also install SNAP LXD and create an Ubuntu 18.04 container
lets call *"child"*

I enter "child" and when I try to "*apt-get update, apt-get upgrade*" ... I
see the very *same* packages to be upgraded
as I did when I upgrade "*parent*" ... however in *"child"* I get errors
related to apport, udev ??

I also see failure messages related to systemd-networkd.service access
denied etc (see below)

Note:  I tried this on a local KVM Ubuntu 18.04 VM

*These are some of the packages that would be updated/upgraded in BOTH the
"parent" and "child" Ubuntu 18.04 container on an AWS EC2 Ubuntu Bionic
instance:*

The following package was automatically installed and is no longer required:
  libfreetype6
Use 'apt autoremove' to remove it.
The following packages will be upgraded:
  *apport* libnss-systemd libpam-modules libpam-modules-bin libpam-runtime
libpam-systemd libpam0g libseccomp2 libsystemd0 libudev1
  libxcb1 python3-apport python3-problem-report snapd systemd systemd-sysv*
udev*
17 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 19.9 MB of archives.
After this operation, 49.2 kB of additional disk space will be used.
Do you want to continue? [Y/n]

*Here are some of the errors that result...*

(Reading database ... 28595 files and directories currently installed.)
Preparing to unpack .../libpam-runtime_1.1.8-3.6ubuntu2.18.04.1_all.deb ...
Unpacking libpam-runtime (1.1.8-3.6ubuntu2.18.04.1) over (1.1.8-3.6ubuntu2)
...
Setting up libpam-runtime (1.1.8-3.6ubuntu2.18.04.1) ...
Setting up systemd (237-3ubuntu10.15) ...
*Failed to try-restart systemd-networkd.service: Access denied*
See system logs and 'systemctl status systemd-networkd.service' for details.
*Failed to try-restart systemd-resolved.service: Access denied*
See system logs and 'systemctl status systemd-resolved.service' for details.
*Failed to try-restart systemd-timesyncd.service: Access denied*
See system logs and 'systemctl status systemd-timesyncd.service' for
details.
*Failed to try-restart systemd-journald.service: Access denied*
See system logs and 'systemctl status systemd-journald.service' for details.
(Reading database ... 28595 files and directories currently installed.)
Preparing to unpack .../systemd-sysv_237-3ubuntu10.15_amd64.deb ...
Unpacking systemd-sysv (237-3ubuntu10.15) over (237-3ubuntu10.13) ...
Preparing to unpack .../libseccomp2_2.3.1-2.1ubuntu4.1_amd64.deb ...
Unpacking libseccomp2:amd64 (2.3.1-2.1ubuntu4.1) over (2.3.1-2.1ubuntu4) ...
Setting up libseccomp2:amd64 (2.3.1-2.1ubuntu4.1) ...
(Reading database ... 28595 files and directories currently installed.)
Preparing to unpack .../libxcb1_1.13-2~ubuntu18.04_amd64.deb ...
Unpacking libxcb1:amd64 (1.13-2~ubuntu18.04) over (1.13-1) ...
Preparing to unpack .../python3-problem-report_2.20.9-0ubuntu7.6_all.deb ...
Unpacking python3-problem-report (2.20.9-0ubuntu7.6) over
(2.20.9-0ubuntu7.5) ...
Preparing to unpack .../python3-apport_2.20.9-0ubuntu7.6_all.deb ...
Unpacking python3-apport (2.20.9-0ubuntu7.6) over (2.20.9-0ubuntu7.5) ...
Preparing to unpack .../apport_2.20.9-0ubuntu7.6_all.deb ...
*Failed to retrieve unit state: Access denied*
*invoke-rc.d: could not determine current runlevel*
*Failed to reload daemon: Access denied*

*So I interrupted the script that was doing the above attempt at   apt
update && apt upgrade -y *
*and opened a terminal and t**hen..  and tried this:*

lxc exec test bash
apt update && apt upgrade

But of course because i'd interrupted the above apt upgrade I had to do  *dpkg
--configure -a*

*dpkg --configure -a*
Setting up libnss-systemd:amd64 (237-3ubuntu10.15) ...
Processing triggers for ureadahead (0.100.0-20) ...
Setting up systemd-sysv (237-3ubuntu10.15) ...
Setting up python3-problem-report (2.20.9-0ubuntu7.6) ...
Processing triggers for libc-bin (2.27-3ubuntu1) ...
Setting up udev (237-3ubuntu10.15) ...
*Failed to reload daemon: Access denied*
dpkg: error processing package udev (--configure):
 installed udev package post-installation script subprocess was interrupted
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Processing triggers for dbus (1.12.2-1ubuntu1) ...
*Failed to open connection to "system" message bus: Failed to query
AppArmor policy: Permission denied*
Setting up libxcb1:amd64 (1.13-2~ubuntu18.04) ...
Setting up libpam-systemd:amd64 (237-3ubuntu10.15) ...
Setting up python3-apport (2.20.9-0ubuntu7.6) ...
dpkg: error processing package apport (--configure):
 package is in a very bad inconsistent state; you should
 reinstall it before attempting configuration
Processing triggers for libc-bin 

Re: [lxc-users] Nova-lxd plugin installation

[brian mullan]

martin...

I don't know if this will help you at all with your specific problem but I
had read
an email thread by one of the nova-lxd plugin developers

that I thought was useful
info so I posted it on the LXD sub-reddit.

Brian
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Samba4 DC in an unprivileged container

[brian mullan]

Did you try to create/ configure a totally new Samba4 unprivileged
container or just clone your Workin privileged one and then convert the
clone to unprivileged using:

lxc config set $CONTAINER_NAME security.privileged false
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] LXD connectors for any web VM management platforms?

[brian mullan]

Not sure if this still works but it did when I last tried it.

https://github.com/dobin/lxd-webgui

This one is newer and has recent updates:

https://github.com/AdaptiveScale/lxdui

OpenNebula now has LXD container orchestration support..

https://opennebula.org/lxdone-lightweight-virtualization-for-opennebula/

Brian
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Kubernetes support for LXD as CRI container runtime?

[brian mullan]

An IBM Researcher named Lin Sun recently demo'd use of LXD containers for
both Kubernetes "server" and "worker" nodes.

https://youtu.be/DXnrOgPt1Cs

I contacted her on linkedin to ask if the IBM scripts/modifications had
been published somewhere yet & she said no.

But at least the video shows it can/could be done.

Brian
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] can no longer install desktop environment into lxd container

[brian mullan]

solved this... upgraded to lxd 2.13 and DE now install ok.

sorry for the noise.

Brian


On Sat, May 13, 2017 at 12:30 PM, brian mullan <bmullan.m...@gmail.com>
wrote:

> I've done this for years now & then used either xrdp or x2go to access the
> desktop
> environment in the LXD containers.
>
> But something has obviously changed as for 2 days now I've tried multiple
> times to get either ubuntu-desktop or ubuntu-mate desktop to install and
> the install always fails the same.  I cannot be sure but it looks like its
> all due to bluez faling but maybe I don't know how to determine root cause.
>
> *Errors were encountered while processing:*
> * bluez*
> * blueman*
> * gnome-bluetooth*
> * indicator-bluetooth*
> * unity-control-center*
> * gnome-user-share*
> * pulseaudio-module-bluetooth*
> * ubuntu-mate-core*
> * ubuntu-mate-desktop*
> * unity-control-center-signon*
> *E: Sub-process /usr/bin/dpkg returned an error code (1)*
>
> I am using LXD v 2.0.9
>
> My host is:
>
>
>
>
> *Distributor ID:UbuntuDescription:Ubuntu 16.04.2 LTSRelease:
> 16.04Codename:xenial*
>
> The container I am creating is AMD64 Xenial.
>
> The container creates ok, I then "lxc exec cn1 bash" to access it.
> Then
> apt update
> apt upgrade
> apt dist-upgrade
>
> then install minimal ubuntu desktop (unity)
>
> # apt install --no-install-recommends ubuntu-desktop
>
> *I then see the above failures..*.
>
> I stop the container and delete it.
>
> I then recreate the container and try again but try to install Mate DE:
>
> add-apt-repository ppa:ubuntu-mate-dev/xenial-mate -y
>
> apt update
>
> apt upgrade
>
> apt install lightdm ubuntu-mate-core ubuntu-mate-desktop
>
> *I then see the above failures again...*
>
> Is this a change in LXD apparmor or capabilities preventing this install
> from completion or should I be looking at launchpad bugs for bluez failures?
>
> Thanks for any advice/guidance.
>
> As I said I've been using the same scripts to install this for a long time
> and its always worked successfully on Ubuntu 14.04 & on Ubuntu 16.04 until
> recently.
>
> Brian
>
>
>
>
>
>
>
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] can no longer install desktop environment into lxd container

[brian mullan]

I've done this for years now & then used either xrdp or x2go to access the
desktop
environment in the LXD containers.

But something has obviously changed as for 2 days now I've tried multiple
times to get either ubuntu-desktop or ubuntu-mate desktop to install and
the install always fails the same.  I cannot be sure but it looks like its
all due to bluez faling but maybe I don't know how to determine root cause.

*Errors were encountered while processing:*
* bluez*
* blueman*
* gnome-bluetooth*
* indicator-bluetooth*
* unity-control-center*
* gnome-user-share*
* pulseaudio-module-bluetooth*
* ubuntu-mate-core*
* ubuntu-mate-desktop*
* unity-control-center-signon*
*E: Sub-process /usr/bin/dpkg returned an error code (1)*

I am using LXD v 2.0.9

My host is:




*Distributor ID:UbuntuDescription:Ubuntu 16.04.2 LTSRelease:
16.04Codename:xenial*

The container I am creating is AMD64 Xenial.

The container creates ok, I then "lxc exec cn1 bash" to access it.
Then
apt update
apt upgrade
apt dist-upgrade

then install minimal ubuntu desktop (unity)

# apt install --no-install-recommends ubuntu-desktop

*I then see the above failures..*.

I stop the container and delete it.

I then recreate the container and try again but try to install Mate DE:

add-apt-repository ppa:ubuntu-mate-dev/xenial-mate -y

apt update

apt upgrade

apt install lightdm ubuntu-mate-core ubuntu-mate-desktop

*I then see the above failures again...*

Is this a change in LXD apparmor or capabilities preventing this install
from completion or should I be looking at launchpad bugs for bluez failures?

Thanks for any advice/guidance.

As I said I've been using the same scripts to install this for a long time
and its always worked successfully on Ubuntu 14.04 & on Ubuntu 16.04 until
recently.

Brian
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] does anyone know of a public LXD image server besides the default

[brian mullan]

Does anyone know of an existing public LXD image server besides the default
?

Not for the default base images but for applications and/or an LXD
container for a set of integrated apps...  like pre-built LAMP stack.

Essentially the equivalent of a Docker Hub but for LXD containers.

I keep getting *private messages* sent to me as the moderator on the LXD
sub-reddit

https://www.reddit.com/r/LXD/

asking this question and I'm not sure I've ever seen anyone mention the
establishment of one on
this email list.

The closest thing I've seen is from an org called Subutai Social which
looks very interesting:

Subutai Social - Peer-to-Peer Social Cloud Computing using LXD, Canonical's
snappy & more  (subutai.io
)
Brian
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] lxc-users Digest, Vol 170, Issue 1

[brian mullan]

Great question & one I was asked lately by Credit Suisse



On Mar 13, 2017 8:00 AM, 
wrote:

> Send lxc-users mailing list submissions to
> lxc-users@lists.linuxcontainers.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.linuxcontainers.org/listinfo/lxc-users
> or, via email, send a message with subject or body 'help' to
> lxc-users-requ...@lists.linuxcontainers.org
>
> You can reach the person managing the list at
> lxc-users-ow...@lists.linuxcontainers.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of lxc-users digest..."
>
> Today's Topics:
>
>1. Experience with large number of LXC/LXD containers
>   (Benoit GEORGELIN - Association Web4all)
>
>
> -- Forwarded message --
> From: Benoit GEORGELIN - Association Web4all 
> To: lxc-users 
> Cc:
> Bcc:
> Date: Sun, 12 Mar 2017 22:28:45 +0100 (CET)
> Subject: [lxc-users] Experience with large number of LXC/LXD containers
> Hi lxc-users ,
>
> I would like to know if you have any experience with a large number of
> LXC/LXD containers ?
> In term of performance, stability and limitation .
>
> I'm wondering for exemple, if having 100 containers behave the same of
> having 1.000 or 10.000  with the same configuration to avoid to talk about
> container usage.
>
> I have been looking around for a couple of days to found any user/admin
> feedback experience but i'm not able to find large deployments
>
> Is there any ressources limits or any maximum number that can be deployed
> on the same node ?
> Beside physical performance of the node, is there any specific behavior
> that a large number of LXC/LXD containers can experience ? I'm not aware of
> any test or limits that can occurs beside number of process. But I'm sure
> from LXC/LXD side it might have some technical contraints ?
> Maybe on namespace availability , or any other technical layer used by
> LXC/LXD
>
> I will be interested to here from your experience or if you have any
> links/books/story about this large deployments
>
> Thanks
>
> Cordialement,
>
> Benoît G
>
> ___
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] idmap, lxd and pylxde

[brian mullan]

Witold

There is a tool called "fuidshift" you can use to shift the gid/uid for you.

http://manpages.ubuntu.com/manpages/xenial/man1/fuidshift.1.html

This previous lxc-users mailer thread can also give you some idea of its
use:

http://lxc-users.linuxcontainers.narkive.com/atlj58eG/proper-usage-of-fuidshift

fuidshift will be installed along with some other "tools" if you install
the lxd-tools package:

*sudo apt-get install lxd-tools*

Brian



> From: Witold Filipczyk 
> To: lxc-users@lists.linuxcontainers.org
> Cc:
> Date: Wed, 25 Jan 2017 10:06:41 +0100
> Subject: [lxc-users] idmap, lxd and pylxde
> Sorry for dumb questions.
> /etc/subuid looks like this
> root:10:65536
> root:20:65536
> root:30:65536
> and so on
>
> /etc/subgid the same
>
> I want to create lxd containers so they have separate set of uids.
> How to do it with lxd commands and with pylxd?
>
> I tried:
> uids = 20
> config = { 'limits.memory' : '1024MB', 'limits.cpu' : '1',
> 'name' : 'test', 'raw.id_map' : 'uid 0-65536 %d-%d\ngid 0-65536 %d-%d' %
> (uids, uids+65536, uids, uids+65536)}
> container = client.containers.create(config, wait=True)
>
> but result is that uids inside container's rootfs starts with 10.
>
> Please, give some examples.
>
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] would there be value in starting an LXD community online collection of how-to related information

[brian mullan]

Thanks Adam & Stephane ...

I guess I'd like to hear from other LXD users out there that would be
interested in more general "how-to" guides for LXD being available.

Myself, I'm not a sw developer and not overly familiar with Github's
utilization.  I suspect there may be alot of LXD users that are more
*"integrators"* of technologies into LXD and perhaps not dev's or Github
users but I could certainly be wrong.

In my mind I'd like to see something very easy to edit/submit/change/search *by
the general LXD community of users*... much like a wiki is.

Maybe github is all those things and its my lack of familiarity & daily use
of it that makes me feel otherwise but I think the fact that on the LXD
Github there are currently only 85 contributors *(nearly all are
coder/devs) makes me think that many people may just not know "how" to add
LXD related "user" generated content like this via gitub*?

Anyway I'd like to see what others think.

I have found:  https://meta.miraheze.org/wiki/Miraheze which is a highly
rated, *widely used, open source, and free hosting *wiki site that supports
a visual editor, subscribing & auto-notification to topics/subjects,
etc.But that is just  one possibility for consideration for *a
user-friendly, easy-to-use* alternative?

The end goal of coarse should be encouraging & enabling a greater community
contribution of "how-to" type info related to LXD usage and to have it
collected in one place versus spread  all over the web on personal sites,
blogs etc.

Brian




On Thu, Jan 12, 2017 at 11:28 AM, Adam Stokes <adam.sto...@canonical.com>
wrote:

> Hi Brian,
>
> I spoke with Stephane and it is preferred to go GitHub and fork their
> website repo https://github.com/lxc/linuxcontainers.org. This is the best
> place for all LXD related documentation since it is not entirely Ubuntu
> specific. The other benefit is that any documentation that gets added to
> the project repo will be available for others to translate.
>
> They are also open to any suggestions you may have for structuring any of
> the documentation to make it easier for users to benefit.
>
> Thanks!
>
> On Mon, Jan 9, 2017 at 10:43 PM Stéphane Graber <stgra...@ubuntu.com>
> wrote:
>
>> On Sun, Jan 08, 2017 at 02:51:34PM -0500, brian mullan wrote:
>> > I know there is the LXD github info that the developers provide and
>> there
>> > are other awesome sources of info like Stephane Graber, Serge Hallyn,
>> > Tycho's etc websites on LXD.
>> >
>> > But I've also seen a tremendous amount of LXD related "how-to's"
>> scattered
>> > all over the web.and I've tried to collect what I personally found on
>> the
>> > LXD subreddit:  https://www.reddit.com/r/LXD/
>> >
>> > I see great questions & answers on the lxc-users mailer all the time but
>> > unless I cut & paste ones that are particularly insightful in order to
>> save
>> > them for later I find it sometimes hard to "re-find" them later by
>> going to
>> > the lxc-users mailer archive (
>> > https://lists.linuxcontainers.org/pipermail/lxc-users/) as I haven't
>> found
>> > a convenient way to "search" the entire archive for specific info other
>> > than expanding each month-by-month entry by subject although I do
>> > understand that there appears to be a way to make pipermail archives
>> > searchable -
>> > https://wiki.list.org/DOC/How%20do%20I%20make%20the%
>> 20archives%20searchable
>> >
>> > All too often I read comments by people along the lines of * "Why is
>> there
>> > no general LXD Users Guide"*.
>> >
>> > Those types of comments are are often accompanied by questions related
>> to
>> > specific areas like how to map devices or other "how-to" configure type
>> > questions.
>> >
>> > Myself, I'd started collecting tidbits into a .ODT file to reference
>> when I
>> > need to and so far I have about 19 pages of info on various topics.I
>> > have to believe I'm not the only one that's got their own list of LXD
>> > how-to's saved away on their pc!
>> >
>> > All of the info I've gathered was gleaned off of various sites on the
>> web
>> > and unfortunately since I was, at the time only collecting the info for
>> > myself, I didn't keep a Link or author reference to where some of it
>> came
>> > from (sorry about that).  Some of my .ODT probably came from things I'd
>> > read by the above individuals.
>> >
>> > Attached is my .ODT.   The format may not be the greatest 

[lxc-users] would there be value in starting an LXD community online collection of how-to related information

[brian mullan]

I know there is the LXD github info that the developers provide and there
are other awesome sources of info like Stephane Graber, Serge Hallyn,
Tycho's etc websites on LXD.

But I've also seen a tremendous amount of LXD related "how-to's" scattered
all over the web.and I've tried to collect what I personally found on the
LXD subreddit:  https://www.reddit.com/r/LXD/

I see great questions & answers on the lxc-users mailer all the time but
unless I cut & paste ones that are particularly insightful in order to save
them for later I find it sometimes hard to "re-find" them later by going to
the lxc-users mailer archive (
https://lists.linuxcontainers.org/pipermail/lxc-users/) as I haven't found
a convenient way to "search" the entire archive for specific info other
than expanding each month-by-month entry by subject although I do
understand that there appears to be a way to make pipermail archives
searchable -
https://wiki.list.org/DOC/How%20do%20I%20make%20the%20archives%20searchable

All too often I read comments by people along the lines of * "Why is there
no general LXD Users Guide"*.

Those types of comments are are often accompanied by questions related to
specific areas like how to map devices or other "how-to" configure type
questions.

Myself, I'd started collecting tidbits into a .ODT file to reference when I
need to and so far I have about 19 pages of info on various topics.I
have to believe I'm not the only one that's got their own list of LXD
how-to's saved away on their pc!

All of the info I've gathered was gleaned off of various sites on the web
and unfortunately since I was, at the time only collecting the info for
myself, I didn't keep a Link or author reference to where some of it came
from (sorry about that).  Some of my .ODT probably came from things I'd
read by the above individuals.

Attached is my .ODT.   The format may not be the greatest but again, it has
been for my own reference so far.

I was thinking if something like this might be of interested to more people
then we could host the file on github somewhere and the LXD user community
could add/correct/delete info as time went on "how to" do things with LXD?

So thought I'd just throw this out there.

Brian


Collection of how-to's related to LXD.odt
Description: application/vnd.oasis.opendocument.text
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] LAN for LXD containers (with multiple LXD servers)?

[brian mullan]

Serge,


>
>
>
> *> Automatically builds tunnels through firewalls and NATs without any
> further> setup (for example, port forwarding).I would not appreciate
> something which "automatically" (whatever itmeans) traverse my firewalls,
> to be honest. We should treat our dataseriously, Brian.*


First, a sysadmin person has to install/setup/configure PeerVPN on each
server so I guess like installing/configuring TINC or any other VPN
solution there is some assumption of some sort of "trust" in that person's
work.

Second, in PeerVPN's configuration file
 on each
server  you (re the sysadmin) have to
specify 2 security related items:

PORT x# the Port to be opened/used by PeerVPN

But you point out a good question -
regarding that bullet by the author on the PeerVPN web page.   Tobias Volk
may be referring to something  else as *it CLEARLY states in the short
PeerVPN tutorial  you MUST port-forward the
"port" configured for PeerVPN to use if Nodes are behind a NAT.   *

*I know PeerVPN doesn't work if you have not done that from my own use.:*


*Configuration of node A*


> Create the peervpn.conf of Node A with the following content:



port 7000
> networkname ExampleNet
> psk mysecretpassword
> enabletunneling yes
> interface peervpn0
> ifconfig4 10.8.0.1/24



This will open UDP port 7000 and create a virtual ethernet interface with
> the name peervpn0 and the IP address 10.8.0.1.



Please note that Node A needs to be directly reachable from Node B.
> *If Node A is behind a NAT device, you will have to forward port 7000. *



*Configuration of node B*


> Create the peervpn.conf of Node B with the following content:



port 7000
> networkname ExampleNet
> psk mysecretpassword
> enabletunneling yes
> interface peervpn0
> ifconfig4 10.8.0.2/24
> initpeers node-a.example.com 7000



Replace node-a.example.com with the real address of Node A.

Further there is the shared PSK crypto key generation that also limits
connections to "peers" sharing the "same" PSK "seed" in the configuration
file.

In a PeerVPN mesh different server/hosts can have multiple PSK "seed"
configured to allow any 1 host to "peer" with different specific systems in
the "mesh" who have a matching PSK "seed" configured.
I can email Tobias and ask for clarification as to what "bullet" means.

Brian
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] LAN for LXD containers (with multiple LXD servers)?

[brian mullan]

Tomasz

After experimenting with TINC, OpenVPN & others I found and have used
PeerVPN to do this:

https://peervpn.net/

PeerVPN is a full-mesh VPN and is auto-learning..

   - Ethernet tunneling support using TAP devices.
   - IPv6 support.
   - Full mesh network topology.
   - Automatically builds tunnels through firewalls and NATs without any
   further setup (for example, port forwarding).
   - Shared key encryption and authentication support.

At the time *I found PeerVPN much simpler to configure that TINC !*

A PeerVPN mesh is extremely easy to configure as you only have to install
PeerVPN on each host server and edit its config file on that server.

The brief tutorial page (https://peervpn.net/tutorial/) shows that config
for a basic PeerVPN only requires about 7 lines on each of your servers.

In Apr 2015 I documented a proof-of-concept test setup

I'd done to interconnect LXC containers on AWS, DIgital Ocean and here
locally (so much like you want to do I think).

*NOTE:  * that documentation *was before* my use of LXD !

*The reason I mention this is that with the advent of LXD the entire
> container IP addressing setup using PeerVPN becomes even easier ! *   This
> is because when I did those tests I never took the time to create a single
> DHCP source for all lxc containers on all hosts.   In my 2015
> proof-of-concept test of PeerVPN I just a quick & dirty config using the
> assumption that no 2 containers (for my test purposes) would get assigned
> the same 10.0.3.x IP address by their local Server/Host.


Today, LXD *during installation* allows you much more control over each
Server/Host's LXDBR0 bridge IP and the 10.x.x.x IP address range that is
used for that Host's lxc containers.

*So if you were to use PeerVPN,  during LXD installation on each server
just reserve a portion of the 10.x.x.x IP address range for each
Server/Host to avoid any possibility of any 2 containers on any 2 Hosts
getting assigned the same IP.*

The last config step on each Server/Host is to connect the PeerVPN mesh
Tunnel End Point (TEP to the local LXDBR0 bridge to enable all the
containers attached to that bridge to pass data over the VPN tunnel to the
other servers since my documentation set up a Layer 2 VPN (note PeerVPN
supports a Layer 3 tunnel as well I believe).

Since the PeerVPN TEP "interface" ... called "peervpn0" in my tutorial
example is just like any other Linux ethernet interface you only have to
use the "ip link" command to connect "peervpn0" to the LXD "lxdbr0" bridge.

*$ sudo ip link set dev peervpn0 master lxdbr0*

After you've done that on all 3 hosts your containers on all the hosts
should be able to reach each other since they would all be on what
logically is the same "ethernet" via the VPN & the fact that you setup all
of the LXD installs with the same same 10.x.x.x network.

Also, the containers on each Server/Host still get external Internet access
(if you permit it) via their local Host.

Anyway, I thought I'd send this info in case it is helpful as this should
work with servers locally or remotely using LXD.

Brian
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Has anyone ever configured or used LPVS with LXD/LXC before?

[brian mullan]

correction... I mis-typed IPVS in a couple places... its IPVS not LPVS...
sorry.


On Wed, Sep 7, 2016 at 8:45 AM, brian mullan <bmullan.m...@gmail.com> wrote:

> A few years ago I'd done some experimentation with LPVS but that was
> before I began using LXC/LXD and had forgotten about it since.
>
> LPVS has been in the Linux kernel for nearly 15 years now!
>
> Recently I read that someone has utilized LPVS capabilities with docker
> containers:
> https://blog.codeship.com/kernel-load-balancing-for-
> docker-containers-using-ipvs/
>
> That Uber dev also put out a GO application to help admin/provision the
> IPVS called GORB:
> https://github.com/kobolog/gorb
>
> GORB (Go Routing and Balancing) is described as:
>
> Go Routing and Balancing
>> This daemon is an IPVS frontend with a REST API interface. You can use it
>> to control local IPVS instance in the Kernel to dynamically register
>> virtual services and backends. It also supports basic TCP and HTTP health
>> checks (called Gorb Pulse).
>>
>>- TCP: tries to establish a TCP connection to the backend's host and
>>port.
>>
>>
>>- HTTP: tries to fetch a specified location from backend's host and
>>port.
>>
>> Backends which fail to pass the health check will have weights set to
>> zero to inhibit any traffic from being routed into their direction. When a
>> backend comes back online, GORB won't immediately set its weight to the
>> previous value, but instead gradually restore it based on backend's
>> accumulated health statistics.
>>
>> GORB also supports basic service discovery registration via *Consul
>> <https://www.consul.io/>: *just pass in the *Consul* endpoint to GORB
>> and it will take care of everything else – your services will be registered
>> with names like nginx-80-tcp. Keep in mind that you can use Consul's
>> built-in DNS server to make it even easier to discover your services!
>>
>> Check out these* slides for my DockerCon EU 2015 talk
>> <http://www.slideshare.net/kobolog/ipvs-for-docker-containers>* for more
>> information about IPVS, GORB and how to use it with Docker.
>
>
>
> There is already a *Consul* setup/config tool for LXD:
>  https://github.com/badmadrad/lxd-consul
> <https://github.com/badmadrad/lxd-consul>
>
> So I thought I'd ask if anyone had any experience setting up or using LPVS
> with LXD containers?
>
> Brian
>
>
>
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] inventory / dashboard tool to manage LXD containers' lifecycle

[brian mullan]

Michael DeHaan was the creator of both Cobbler and Ansible and he lives in
the same city as I do (Raleigh  NC).

I'd met Michael when he briefly worked at Cisco Systems a few years ago and
over lunch I'd talked to him about some of my work with (at the time) LXC.

Michael and already moved on from Cobbler and had just developed what
became Ansible.

Anyway.. a year ago he posted his thoughts on LXC after using it for a
while:

http://michaeldehaan.net/post/111599240017/skipping-docker-for-lxc-for-local-development

I'd also like to throw this out there.   A year or so ago I'd learned about
Rundeck.

http://rundeck.org/docs/manual/introduction.html

Rundeck is used by folks like Disney, Salesforce, etc/

I installed & used Rundeck for a short time just to see how it worked and
felt that it would make a great LXC & now LXD orchestration/provisioning
system.I kept meaning to go back and spend some more time with it but
other projects diverted my short attention span :-)

The Rundeck "tutorials" 
would should give you an idea why...

Rundeck could easily be adapted to LXD's* command line* syntax.

But someone more technically inclined than me I believe could also create
an LXD JSON plugin for Rundeck's Plugin API ecosystem
  that would also make management of
LXD containers (remotely or locally) easy.

Rundeck does support the concept of "roles" so that too could enable "user"
vs "admin" type LXD jobs to be developed.

Anyway, I thought I'd mention it as Rundeck's Web interface is easy and (to
me) it seemed a good fit for use with LXD.

Brian
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] ustuehler's lxc-desktop package

[brian mullan]

Dan

I'd seen that same github on the lxc-desktop by Uwe Stuehler and tried to
figure out how to contact him but had no luck (his email isn't on his
github page).

So I added some info to one of my "issues" I'd created on Uwe's GitHub:
https://github.com/ustuehler/lxc-desktop/issues/12

Assuming what I posted there solves the sticking points he had around
a *pre-start
hook for LXD* to set audio/video devices from the Host into the containers
then that would only leave the effort of creating an lxd template for it
which I don't have any experience with so not sure of how much work that
would be.

Brian
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] Red Hat GM appears to make argumeny for system containers over application containers

[brian mullan]

This is not dissing Docker but this discussion:

http://www.cbronline.com/news/enterprise-it/software/containers-debunked-devops-security-and-why-containers-will-not-replace-virtual-machines-4977492?src=fridayfive1email

With the GM of Red Hat's Integrated Solutions points out the weakness in
Docker's application repo model in regards to security patches being
by-passed as time goes on.

His statements also imply in a way (at least I read it that way) that OS
containers at least give you the ability to apply security patches even if
the original image author hasn't updated that image himself.
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] New sub-Reddit dedicated to LXD created

[brian mullan]

On the hugely popular Reddit, for some time been a perhaps little known LXC
sub-reddit:

*https://www.reddit.com/r/LXC/* <https://www.reddit.com/r/LXC/>

I requested from Reddit & was allowed to take over Moderator of the /r/LXC
subreddit a couple years ago after it appeared to be more or less abandoned
by the existing moderator for some reason.

*Since that time I have tried to post as many links to interesting content
related to LXC initially and new LXD when it was introduced to the /r/LXC
subreddit as I became aware of.*

With the advent of LXD I wanted to start an LXD subreddit but unfortunately *at
the time* /r/lxd was already in use by some kind of fan group for a music
group.

However, this year /r/LXD became abandoned after the only moderator deleted
his/her Reddit account so I requested to take over /r/LXD.   Today I was
approved as the new owner/moderator of the /r/LXD subreddit !

*So I have spent today migrating LXD specific posts from the Reddit /r/LXC
subreddit to the newly re-purposed /r/LXD subreddit:*

*https://www.reddit.com/r/LXD/* <https://www.reddit.com/r/LXD/>

I wanted to make others on this mailer aware of this as Reddit is a great
way to share info and new projects related to LXD with others in the
popular Reddit web forums.

Please subscribe if you use Reddit & help other Redditor's learn more about
LXD!

Also, if you'd like to help with this LXD subreddit as a Moderator ... send
me an email as it would be good to have a couple extra Moderators involved.

Brian Mullan
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] I think terminology of LXD & LXC still confuses newcomers

[brian mullan]

Long time users of LXC and now LXD understand the difference & difference
of purpose.

However, it seems to me that for newcomers to LXD the continuance of
reference to LXC seems to cause confusion for those people when doing
google searches & they find CLI references/examples for the original LXC
syntax.   Then they have problems with LXD because of that confusion.

example:

https://linuxcontainers.org/lxd/introduction/

describes LXD as..






*LXD isn't a rewrite of LXC, in fact it's building on top of LXC to provide
a new,better user experience. Under the hood, LXD uses LXC through liblxc
and its Go bindingto create and manage the containers.It's basically an
alternative to LXC's tools and distribution template systemwith the added
features that come from being controllable over the network.*

Now if you were "new" to LXC and LXD and do a google search for LXC example
use/configs etc you find many examples like:

http://www.techrepublic.com/blog/linux-and-open-source/how-to-create-lxc-system-containers-to-isolate-services/


where they show use of the old lxc-create command etc

or another...

https://levlaz.org/installing-node-js-ghost-in-an-ubuntu-14-04-lxc-container/


where again they use the old LXC syntax to implement node.js in LXC.

etc.

People follow those types of original LXC examples (or others) and then
can't figure out why when with LXD installed they don't see their
containers by doing (again just an example:

*lxc list*


or other LXD syntax type commands.

Same goes for differences in the "config" file for original LXC vs how an
LXD container's confg is accomplised (or even where the files are).

The LXD developers have done an incredible job!

I'm only asking this question to see, what if anything, can/could be done
to lessen confusion encountered by new LXD users.

Especially those that then go out and google "lxc" and find so many
examples of the "old" lxc usage/implementations/configurations?

Brian
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] LXD Based Container For Desktop Applications - Some Success - Help

[brian mullan]

Rob

If you want to run single apps from the container like with microsofts
remoteapp then a really simple way to accomplish it is with x2go & the x2go
published applications

capabilty.

I just configured a new LXD container.   Its simple to setup/configure and
sound, printing, shared folders all work

*Step #1*

Create a privileged container & configure it to autostart:

# Launch an Ubuntu xenial 16.04 64 bit containers and name it cn1.  We are
launching CN1 as a
# PRIVILEGED container:

lxc launch images:ubuntu/xenial/amd64 cn1 -c security.privileged=true

# set LXC container CN1 to autostart when the Host is rebooted

lxc config set cn1 boot.autostart 1

*Step #2*

$ lxc exec cn1 bash

# you will be logged into the CN1 container as root so just execute the
following to install
# Ubuntu-Mate Desktop

Note: you can put all of the following in a bash script..

# Install a desktop in it (I use Ubuntu-Mate:

echo "deb http://archive.canonical.com/ubuntu xenial partner" | tee -a
/etc/apt/sources.list
echo "deb-src http://archive.canonical.com/ubuntu xenial partner" | tee -a
/etc/apt/sources.list
echo "deb http://us.archive.ubuntu.com/ubuntu/ xenial-backports main
restricted universe multiverse" | tee -a /etc/apt/sources.list
echo "deb-src http://us.archive.ubuntu.com/ubuntu/ xenial-backports main
restricted universe multiverse" | tee -a /etc/apt/sources.list

# update & upgrade container
apt-get update
apt-get upgrade -y

# install apt
apt-get install apt -y

# From here on we can use apt to update Everything
apt dist-upgrade -y

#Install miscellaneous

apt install pulseaudio pulseaudio-utils alsa-base alsa-utils
linux-sound-base gstreamer1.0-pulseaudio gstreamer1.0-alsa libpulse-dev -y

# Install UBUNTU-MATE desktop environment as default for all users
including ones added in the # future

add-apt-repository ppa:ubuntu-mate-dev/xenial-mate -y
add-apt-repository ppa:x2go/stable

apt update

apt install lightdm ubuntu-mate-core ubuntu-mate-desktop ufw
ubuntu-restricted-extras ubuntu-restricted-addons -y

echo "Desktop Install Done"

# Configure the Xsession file default desktop environment change ALL future
User additions to default xsession to be UBUNTU-MATE

update-alternatives --set x-session-manager /usr/bin/mate-session

# and some gui based useful tools that aren't included in the
minimal-xubuntu-desktop

apt install gdebi synaptic gedit wget git terminator network-manager -y

apt install x2goserver x2goserver-xsession

adduser yourID and password in the container and any others you want to add
as users.

# reboot

*Step #3*

On the host all you have to do is install the x2go client

add-apt-repository ppa:x2go/stable

apt update

apt install x2goclient

*Step #4*

launch the x2goclient & follow the directions on the x2go published
applications page (use the IP of your container)

In the x2goclient when you create the Published Application "profile" click
on the connection tab and slide it all the way to the right so x2go doesn't
waste cpu doing any compression.

Save that new Published Application Profile and it will move to the right
side of the x2goclient menu.

Click on it & answer yes to the ssh question on adding the new server.

Look on your top menu bar and you will notice 2 new icons shown,  Click on
the one that has the little Seal icon on it (thats HOCA they mascot for
x2go) and you will see
a pull down menu item called Published Applicaitons.

Click on any one of those and they will startup in the container but be
displayed on your Host Desktop,

x2go has clients for Linux, Mac and Windows as well as a python client.
All are open source.

Brian
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] LXD containers lose outbound network

[brian mullan]

david

rather than using ping what does traceroute show you?

Your problem sounds an awful lot like what many Docker users started
reporting in this long thread

https://github.com/docker/docker/issues/13381

If you take the time to read through all of it you will notice several
people came up with several different causes ranging from 1 guy's Dlink
wireless router having a bug with its internal dns support to another user
adding to /etc/resolv.conf the google dns

however... most of the users on that thread report something similar to
this guy's statement:

*We are having the same issue. After about 16-19 hours of uptime (longer on
the weekends), the container goes into a state where it cannot talk to the
outside world. Restarting the container or the docker daemon (which in turn
restarts the container) will bring everything back to operating properly...
for the next 16-19 hours or so. *

I'm only bringing this up because there are a lot of "moving parts"
involved and no one but you knows the "big picture" of your complete
server/network setup such as what router's you use, what Distro & release,
what kernel etc.

I thought the above link might give you some ideas of things to check on
your LXD network issue.

Brian
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Desktop Environment in LXD

[brian mullan]

I do this using 3 different methods.
using xnest
using xRDP & Guacamole
and using x2go.

For me the most easiest & most full featured approach is x2go.

Guacamole & xRDP works great & only requires an HTML5 bBrowser but there is
alot to the setup and some capabilities of Guacamole (cut & paste,
printing) are still a bit cumbersome to accomplish.

The following is going to assume Ubuntu 16.04 and x2go...

## Create an LXD container using say Ubuntu 16.04

## enter the container:

lxc exec container_name bash

## add some repositories for xenial (re 16.04)

echo "deb http://archive.canonical.com/ubuntu xenial partner" | sudo tee -a
/etc/apt/sources.list
echo  "deb-src http://archive.canonical.com/ubuntu xenial partner" | sudo
tee -a /etc/apt/sources.list
echo "deb http://us.archive.ubuntu.com/ubuntu/ xenial-backports main
restricted universe multiverse" | sudo tee -a /etc/apt/sources.list
echo "deb-src http://us.archive.ubuntu.com/ubuntu/ xenial-backports main
restricted universe multiverse" | sudo tee -a /etc/apt/sources.list

apt install software-properties-common -y

## add the ubuntu-mate repository

sudo add-apt-repository ppa:ubuntu-mate-dev/xenial-mate -y

## add the x2go repository

add-apt-repository ppa:x2go/stable

## update & upgrade the container

apt update && apt upgrade -y

## install ubuntu-mate dekstop or xubuntu-desktop or lubuntu-desktop (this
will take upto 30 min or more depending on PC/HD etc)

sudo apt install lightdm ubuntu-mate-core ubuntu-mate-desktop -y

## set things up so all future user accounts you create in this container
default to the Ubuntu-Mate desktop

sudo update-alternatives --set x-session-manager /usr/bin/mate-session

## install the x2go server side software

apt install x2goserver x2goserver-xsession

## create user accounts for your "users" as you normally would

## then depending on whether you want to use login/password or a key based
login edit the /etc/ssh/sshd_config and set it up appropriately
## adn when done configuring the container...  reboot the container


>>> On the Host:

sudo apt install software-properties-common -y

## add the x2go repository

sudo add-apt-repository ppa:x2go/stable

sudo apt install x2goclient

= = = = = = =

Finally make sure you container is started & get its IP address

Start the x2go client (Click the DASH icon and type "x2go") then click on
the x2go icon that comes up

In the x2go client gui create a Profile (upper left corner icon of the x2go
gui)  for the container

   1. enter some Profile "name" at the top to ID what that profile is for
   say "My Ubuntu-Mate Desktop)
   2. input the container's HOST IP,
   3. click the drop down menu and select which Desktop Environment (re
   Session Type) you installed (Mate in the case)
   4. Save that profile.

You will see that there will appear a new square icon on the right side of
the x2go GUI.

Then execute that Profile by clicking on it & login using one of the login
ID's you created in the container.

Audio/Printing etc should also all just work.

If you can't login the usual problem are authentication is not setup right
(login ID + password vs key based)  remember to do that in container.

Note:
Once you've created the 1st container like this you can just clone/copy it
to create more.
On the Host just create a different x2go Login Profile for each
container/IP & give each Profile a different TItle.  You can also have diff
containers with different desktops (xubuntu, lubuntu, ubuntu-mate etc)

If you leave the x2go Profile LOGIN field empty any valid user can click on
the Profile Icon and just fill in their ID and Password in order to log
into the container.

Brian
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] lxd documentation about use of ZFS

[brian mullan]

Sorry..  yes forgot the details as it was late.

Ubuntu 16.04 with root on ZFS verson 5

My systems currently are running ZFS filesystem version 5.

I've installed Ubuntu 16.04 on several systems with root on ZFS using
zfsonlinux guide:
https://github.com/zfsonlinux/zfs/wiki/Ubuntu-16.04-Root-on-ZFS

LXD 2.0.2 was installed, via apt install lxd
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] lxd documentation about use of ZFS

[brian mullan]

Just out of curiousity I took a test system that was setup with ext4
installed LXD & chose ZFS backing store.

I showed a failure messge as expected but it also did something to the host
file system so that it was no longer bootable.

Should there be a warning when installing LXD when you get to the point of
choosing DIR or ZFS backing store that your LXD host system must be on ZFS
in order to choose ZFS ?

I am only suggesting this so that those new to LXD & perhaps ZFS don't make
some assumption that LXD somehow can be using ZFS regardless of the host's
file system.
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Publishing LXD Images ... is there a public repository yet?

[brian mullan]

I forgot to include the link to Serge's writeup from Jun 2015...

https://insights.ubuntu.com/2015/06/30/publishing-lxd-images/

On Sun, Mar 6, 2016 at 8:26 AM, brian mullan <bmullan.m...@gmail.com> wrote:

> When I read Serge Hallyn's writeup last year I thought it was great that
> LXD/LXC now had this capability to "publish" an image so it could be shared
> publicly.
>
> But then forgot about the article until last week when it dawned on me to
> ask if there already exists a "public repository" that anyone could
> publish/share their LXD/LXC container work to and share with others.
>
> To me this would be the LXD/LXC equiv of the Docker "hub" concept and
> really spur lxd/lxc use.
>
> I did some google searchs but didn't come up with anything related to such
> existing but searches being what they are I could have "asked' wrong.
>
> So I thought I'd ask here on the lxc-user alias.Does this exist?
> Does the existing lxd/lxc image repository have all the capabilities to
> support public publishing of images?
>
> If so...  is there a document that describes how to use it?   By that I
> mean that I would imagine it would have to have some meta (descriptive)
> data available that contributing container authors provide regarding "what"
> their image does, limitations etc?
>
> thanks for any info.
>
> Brian
>
>
>
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] Publishing LXD Images ... is there a public repository yet?

[brian mullan]

When I read Serge Hallyn's writeup last year I thought it was great that
LXD/LXC now had this capability to "publish" an image so it could be shared
publicly.

But then forgot about the article until last week when it dawned on me to
ask if there already exists a "public repository" that anyone could
publish/share their LXD/LXC container work to and share with others.

To me this would be the LXD/LXC equiv of the Docker "hub" concept and
really spur lxd/lxc use.

I did some google searchs but didn't come up with anything related to such
existing but searches being what they are I could have "asked' wrong.

So I thought I'd ask here on the lxc-user alias.Does this exist?   Does
the existing lxd/lxc image repository have all the capabilities to support
public publishing of images?

If so...  is there a document that describes how to use it?   By that I
mean that I would imagine it would have to have some meta (descriptive)
data available that contributing container authors provide regarding "what"
their image does, limitations etc?

thanks for any info.

Brian
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] trying to create/install mate-desktop into unprivileged LXC container fails

[brian mullan]

Thanks Serge

This did NOT work:

lxc config device add *lxcfs* fuse unix-char major=10 minor=229
path=/dev/fuse

But this DID 

lxc config device add ** fuse unix-char major=10 minor=229
path=/dev/fuse

Thanks so much for the tip.

Brian
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] trying to create/install mate-desktop into unprivileged LXC container fails

[brian mullan]

My host is Ubuntu 15.10 with LXD/LXC installed.   LXC is v 0.27

I have a script that creates a Privileged LXC container and attempts to
create/install mate-desktop into *Privileged* LXC container...  this all
works fine!

If I modify the line in the script to create an Unprivileged LXC container
then run the script to
create/install mate-desktop into *Unprivileged* LXC container it fails!

I'm fine with just using Privileged containers for this!

But should it be expected that installing a complete Desktop (ubuntu-mate,
xubuntu-desktop) etc into an Unprivileged container is not allowed?

Or is installing a normal Desktop Environment into  Unprivileged container
not allowed?

one of a couple errors that occurs during installation is:

*Setting up fuse (2.9.4-1ubuntu1) ...*
*Creating fuse device...*
*mknod: ‘fuse-’: Operation not permitted*
*makedev fuse c 10 229 root root 0660: failed*
*chmod: cannot access ‘/dev/fuse’: No such file or directory*
*dpkg: error processing package fuse (--configure):*
* subprocess installed post-installation script returned error exit status
1*
*Setting up avahi-utils (0.6.31-4ubuntu4) ...*
*Errors were encountered while processing:*
* fuse*
*E: Sub-process /usr/bin/dpkg returned an error code (1)*

As I mentioned there is no problem with a Privileged container just the
Unprivileged.

Both host & container are Ubuntu 15.10.

thanks for any insight.

Brian
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] trying to create/install mate-desktop into unprivileged LXC container fails

[brian mullan]

I should mention that I installed LXD/LXC using the ppa:

*add-apt-repository ppa:ubuntu-lxc/lxd-stable*

I know I mentioned that I was using LXC v 0.27 in the question I asked
although *I know I actually* have LXD v0.27 and LXC is actually v
1.15.

However I just ran the following and that's what reported 0.27 (sorry for
any confusion)...  maybe the following command is wrong or its reporting
LXD's version instead of LXC's ??


*$ lxc --version0.27*

brian


than





On Thu, Jan 21, 2016 at 8:57 AM, brian mullan <bmullan.m...@gmail.com>
wrote:

> My host is Ubuntu 15.10 with LXD/LXC installed.   LXC is v 0.27
>
> I have a script that creates a Privileged LXC container and attempts to
> create/install mate-desktop into *Privileged* LXC container...  this all
> works fine!
>
> If I modify the line in the script to create an Unprivileged LXC container
> then run the script to
> create/install mate-desktop into *Unprivileged* LXC container it fails!
>
> I'm fine with just using Privileged containers for this!
>
> But should it be expected that installing a complete Desktop (ubuntu-mate,
> xubuntu-desktop) etc into an Unprivileged container is not allowed?
>
> Or is installing a normal Desktop Environment into  Unprivileged container
> not allowed?
>
> one of a couple errors that occurs during installation is:
>
> *Setting up fuse (2.9.4-1ubuntu1) ...*
> *Creating fuse device...*
> *mknod: ‘fuse-’: Operation not permitted*
> *makedev fuse c 10 229 root root 0660: failed*
> *chmod: cannot access ‘/dev/fuse’: No such file or directory*
> *dpkg: error processing package fuse (--configure):*
> * subprocess installed post-installation script returned error exit status
> 1*
> *Setting up avahi-utils (0.6.31-4ubuntu4) ...*
> *Errors were encountered while processing:*
> * fuse*
> *E: Sub-process /usr/bin/dpkg returned an error code (1)*
>
> As I mentioned there is no problem with a Privileged container just the
> Unprivileged.
>
> Both host & container are Ubuntu 15.10.
>
> thanks for any insight.
>
> Brian
>
>
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] how to use pulseaudio to get audio/sound from an LXC container

[brian mullan]

Last week I'd posted to the alias 1 method I'd done to get a working
Desktop in an LXC container with sound/clipboard/printing.That post was
just part of figuring out out how to get sound working from a container
desktop and isn't necessarily the best 'remote desktop' solution nor the
only one (x2go is great & guacamole also works).

Anyway audio/sound has always been a problem for me with LXC containers.

I found that Pulseaudio's TCP module can make it simple & easy to support
audio/sound from a container.

The container has to have pulseaudio installed.
Your Container User acct also will need to have the following Environment
variable set for you at login:

*PULSE_SERVER=10.0.3.1*

That will tell the container pulseaudio to redirect any audio/sound to the
Host (which in the container is at 10.0.3.1).   You can just put that in
your .bashrc file in the Container.

The above IP could also be the IP address of an actual remote machine if
you were doing some kind of remote desktop to a linux machine's and/or its
containers.

In the container you also will want to make sure your UserID is a member of
the
following "groups":


*pulse*

*pulse-access*
*audio*

In the Host, the setup is also very simple.

All you need to do is add the following 2 lines to the Host's Pulseaudio
configuration file located at - /etc/pulse/system.pa.

Once that's done either kill the Pulseaudio daemon (it automatically
restarts to pick up the 2 lines) or wait till your next reboot.


*load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1;10.0.3.0/24
load-module module-zeroconf-publish*

reference the Pulseaudio section on Authorization:
http://www.freedesktop.org/wiki/Software/PulseAudio/Documentation/User/Network/

The 1st line above tells Pulseaudio in the Host to load its TCP module at
startup (its not by default) and also to apply that access list (ACL) which
says to accept sound connections ONLY from the localhost and also from any
host on the 10.0.3.x network.

You can be as restrictive with the ACL as you want but this will let any
container play sound on the host.

That's it... sound will work from the container.

A couple extra tips for container Desktop users are these:

With the "load-module" the  ACL can accept pulseaudio connections from
anywhere given the right ACL and that PulseAudio's Port 4713 is open in the
network.   So you could have 2 containers, one playing sound to your Host
and another redirecting sound to a laptop on your deck?

If you have a Desktop environment installed in the container you might also
want to install 2 pulseaudio mgmt tools:

pavucontrol
paprefs

If you want to use Firefox in the Container Desktop environment I did find
& report what I considered a bug.

Executing firefox from a terminal in the container (with the above
configuration) sound would work & play on the Host's speakers.

Executing firefox from a menu in the Container's Desktop did not.   I found
that executing Firefox from the menu didn't directly execute the firefox
binary but a script (/user/lib/firefox/firefox.sh) which I guess did not
inherit the User's environment & thus the PULSE_SERVER setting.

If you add *PULSE_SERVER=10.0.3.1 *to the top of that firefox.sh script
that will fix it.
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] In LXD/LXC container avahi-daemon fails installation

[brian mullan]

I have been trying to figure out why in my LXC container the avahi-daemon
fails.

Because the avahi-daemon fails other apps that have it as a dependency fail
to install also!

This morning I happened to find this post:
https://gist.github.com/jpouellet/c0d0698d669f1f364ab3

The author was encountering the same problem & errors as I have been seeing:

*update-rc.d: warning: start and stop actions are no longer supported;
falling back to defaults
Job for avahi-daemon.service failed because the control process exited
with error code. See "systemctl status avahi-daemon.service" and
"journalctl -xe" for details.
invoke-rc.d: initscript avahi-daemon, action "start" failed.
dpkg: error processing package avahi-daemon (--configure):
 subprocess installed post-installation script returned error exit status 1
dpkg: dependency problems prevent configuration of libnss-mdns:amd64:
 libnss-mdns:amd64 depends on avahi-daemon (>= 0.6.16-1); however:
  Package avahi-daemon is not configured yet.

dpkg: error processing package libnss-mdns:amd64 (--configure):
 dependency problems - leaving unconfigured*


However... the author also had a work around to get avahi to install
successfully in LXC:

*$ sudo -s
# apt-get install avahi-daemon avahi-utils
... bunch of errors ...
# systemctl disable avahi-daemon
# systemctl stop avahi-daemon
# apt-get autoremove
# apt-get install -f avahi-daemon avahi-utils*


I tried his workaround and it did work for me also !

Once avahi installed OK the other programs that had a dependency on avahi
and avahi-daemon could also install correctly such as some of the
pulseaudio related software.

My Host is ubuntu 15.10, my LXC container is Ubuntu 15.10.

As this doesn't happen on my Host ... is this an LXC bug?

$ lxc --version
0.26

thanks
brian
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] config scripts for an LXC Ubuntu-Mate desktop

[brian mullan]

I just put some scripts/files on github which will create an LXC container
your Host and install Ubuntu-Mate desktop in the container.

I've also utilized PulseAudio's TCP module to redirect any sound/audio from
the cn1 container
to your Host's speakers.

I'm hoping the README file and all the comments I put into the 2 scripts
explain everything.

On the Host there are minimal pre-reqs:

1)  pulseaudio must already be installed
2)  LXD must already be installed
3)  as the access to the LXC Mate desktop is via RDP (xrdp) Its recommended
you install
 xfreerdp to access the desktop instead of rdesktop as its faster &
more reliable & the
 command line is simpler to understand
4) you may need unzip installed to decompress the .zip file you download
from github.

During installation the scripts only make 1 change in the Host and that is
appending 2 lines to the */etc/pulse/system.pa * file so
Pulseaudio will load its TCP module on its next restart.

All of that is mentioned in either the README or comments in the scripts or
both.

Installation can take from 20-40 minutes depending on your Host (re ssd vs
hd, cpu type etc).

Once complete & the cn1 container rebooted you can use it.

If you wanted more containers setup like this you can just use LXC
clone/copy the original cn1 container.

I've only tested this on Ubuntu 15.04 and 15.10 so far.

The files can be found at:   https://github.com/bmullan/ciab-lxc-desktop

clipboard, sound & printing (may need to install CUPs and/or ghostscript in
cn1) all work.

Make sure to read anything I marked as "NOTE:".

I did uncover a couple bugs while doing this but I explain them again in
the README and/or in the comments in the scripts.

One was related to Firefox (how it starts from CLI vs Menu) and the other
was with installing the avahi-daemon in a container.

I filed a bug on the Firefox issue but also implemented a work-around for
it in the installation script.

The avahi installation problem I found someone else had hit and they had
posted their work-around on the web... it worked ... so I documented that
also.

Brian
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] re Networking issues with LXC containers in EC2

[brian mullan]

All I did was install/configure PeerVPN on say server1 and server2 and make
sure they
connected.

While logged into each of your servers you should then be able to ping
10.x.x.x IP address of the other PeerVPN member server(s) ... assuming you
are using PeerVPN as an L2 VPN and not a L3 VPN.

The next step I did was to connect the TEP (tunnel end-point) to the LXCBR0
or in your case I guess the BR0 bridge to enable containers attached to
that bridge to pass data over the VPN tunnel.

Since the PeerVPN TEP interface (“peervpn0” in the Tutorial example) is
just like any other Linux ethernet interface we can use the “ip link”
command to connect the peervpn0 interface to the LXC lxcbr0 (or BR0)
bridge.You need to do that on both of your server/instances.

*$ sudo ip link set dev peervpn0 master lxcbr0*
or

*   $ sudo ip link set dev peervpn0 master br0*

now the 10.x.x.x network (being an L2 VPN) is like one big ethernet from
the LXC container perspective on either host and you should be able to ping
from say cn1 on server1 to cn2 on server2.

I wrote up some of what I did a long time ago but I'd never gone back and
updated the info to reflect using a common dnsmasq for all containers on
all host/servers.   At the time I was just trying to see if it worked.

I don't know if my writeup

will help.

Brian
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] re Networking issues with LXC containers in EC2

[brian mullan]

Peter

On AWS unless you are using VPC I don't think you can use secondary
addresses because AWS won't route any of that traffic.  Also with your
addresses routing would be affected by the split-horizon problem with the
same network on 2 sides.

You probably know this ... but on AWS each instance has a Public & a
Private IP address.

If ec2-server1  pings  ec2-server2's Public IP address...

Inside EC2 AWS redirects your server1 to server2 pings to the Private IP of
server2 not the Public IP even though that's what you input to the ping
command.  EC2 inter-instance traffic is always to/from the Private IP
addresses.

This can be useful & save $$ because traffic internal to EC2 doesn't get
charged to you like outbound  or inbound traffic from the Internet does.

I install PeerVPN (www.peervpn.net) on my AWS servers to support
inter-server LXC communications.   Its dead simple to setup, its
auto-learning & full mesh vpn and you can then interconnect not only LXC on
multiple AWS servers but on different Clouds like AWS & Digital Ocean
and/or your own servers at home/office.

It also doesn't require firewall changes beyond what you already use.

Flockport did a nice writeup on how to install/use PeerVPN

also.   Maybe that will help.
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] re Networking issues with LXC containers in EC2

[brian mullan]

re: I *can* ping a container in host 2 but not host 2 itself

welcome to networking... its a layer 2 network and each host itself is the
tunnel end point.
I had kept something that explained some of it and if I can find it send it
to you tomorrow.

Your br0 interfaces on the 2 servers you assign an IP and are they
different IP addresses?

No its not expected to see that error etc. When I have it up its pretty
solid.

We can take this offline from the mailer list... just send email directly
to each other so we don't bug the other list members.

Brian


On Tue, Jan 12, 2016 at 6:39 PM, Peter Steele <pwste...@gmail.com> wrote:

> On 01/12/2016 01:34 PM, brian mullan wrote:
>
> All I did was install/configure PeerVPN on say server1 and server2 and
> make sure they
> connected.
>
> While logged into each of your servers you should then be able to ping
> 10.x.x.x IP address of the other PeerVPN member server(s) ... assuming you
> are using PeerVPN as an L2 VPN and not a L3 VPN.
> The next step I did was to connect the TEP (tunnel end-point) to the
> LXCBR0 or in your case I guess the BR0 bridge to enable
>
> containers attached to that bridge to pass data over the VPN tunnel.
> Since the PeerVPN TEP interface (“peervpn0” in the Tutorial example)
>
> is just like any other Linux ethernet interface we can use the “ip link”
> command to connect the peervpn0 interface to the LXC lxcbr0 (or BR0)
> bridge.You need to do that on both of your server/instances.
>
> *$ sudo ip link set dev peervpn0 master lxcbr0*
> or
>
> *$ sudo ip link set dev peervpn0 master br0*
>
> now the 10.x.x.x network (being an L2 VPN) is like one big ethernet from
> the LXC container perspective on either host and you should be able to ping
> from say cn1 on server1 to cn2 on server2.
>
> I wrote up some of what I did a long time ago but I'd never gone back and
> updated the info to reflect using a common dnsmasq for all containers on
> all host/servers.   At the time I was just trying to see if it worked.
>
> I don't know if my writeup
> <https://bmullan.wordpress.com/2015/05/12/proof-of-concept-using-mesh-vpn-to-interconnect-lxc-containers-on-multiple-hosts-on-multiple-clouds/>
> will help.
>
> Brian
>
> I've already found your write-up and that pointed me to the missing ip
> link command. I've got it to work, although I'm having somewhat mixed
> results. For one thing, when I do get communication to work for containers,
> I am still unable to ping from a container on host 1 to a second host. I
> *can* ping a container in host 2 but not host 2 itself. I can also ping the
> host 2 host from host 1, just not from a container in the host 1. Is this
> expected? Our containers also need to be able to communicate with other
> hosts in our framework, not just with other containers.
>
> For some reason, once I have it set up and working, it suddenly stops
> working, and I've even had my instance completely hang and needed to
> stop/start it. I'm seeing multiple warnings on this sort appearing on the
> screen in both of my peervpn sessions:
>
> [44] warning: recursive packet filtered!
>
> Is this indicative of some kind of issue or is this expected?
>
> Peter
>
>
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] lxd lxc exec command to container tries to execute on Host instead?

[brian mullan]

Ignore my previous question I figured out how to make it work

Instead of:

*   lxc exec cn1 -- chmod +x /home/$USER/*.sh*

I used this...

   lxc exec cn1 -- /bin/bash -c "chmod +x /home/$USER/*.sh"

and that worked !

sorry for the noise

Brian
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] lxd lxc exec command to container tries to execute on Host instead?

[brian mullan]

I was working on a bash script to automate some LXD/LXC container setups.

I successfully created the container cn1

I successfully added a new User to cn1

I successfully PUSHed several script files to the Home directory of the new
User in CN1

However, when I try to chmod +x those scripts using:



*  lxc exec cn1 -- chmod +x /home/$USER/*.sh*it seems to be trying to
do it on the Host instead & fails!

I have searched but can't find a reason why or if I am using the exec
command wrong.

A snippit of my Host script is below:



*   lxc remote add images images.linuxcontainers.org
  # this works*

*   # launch as a Priviliged container *













*   lxc launch images:ubuntu/wily/amd64 cn1 -c security.privileged=true  #
this works   # create the new User in BOTH cn1 container   lxc exec cn1 - -
adduser $USER # this works
#
# Next pushing the appropriate script to its now running container.
#-
lxc file push ./mk-cn1-environment.sh cn1/home/$USER/ # this works   #
make sure bash scripts we pushed are executable --  THIS FAILS   lxc exec
cn1 - - chmod +x /home/$USER/*.sh*


That last command outputs the following error messages:




*$ lxc exec cn1 -- chmod +x /home/$USER/*.shchmod: cannot access
'/home/bmullan/createlxc.sh': No such file or directorychmod: cannot
access '/home/bmullan/deletelxc.sh': No such file or directorychmod:
cannot access '/home/bmullan/mkcn.sh': No such file or directory*


However, those .sh files are on my Host in /home/bmullan NOT the ones I
pushed
to cn1 in /home/bmullan ?

Am I using lxc exec incorrectly somehow ?

thanks for any advice.

Brian
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] re I can't create tun device in Systemd Linux container {john lewis}

[brian mullan]

Check the syntax of tuntap creation and make sure you
have the command right...

http://baturin.org/docs/iproute2/#Add%20an%20tun/tap%20device%20useable%20by%20root

brian
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] re Cockpit-like frontend for LXD?

[brian mullan]

I've not seen any project announce such a tool yet.

In one sense I think what Canonical has been planning & working toward with
the OpenStack & the nclxd/LXD Neutron plugin coupled with Juju for the
Ubuntu 16.04 LTS release next April
 sometime
is going to enable much of what Cockpit appears to do and perhaps quite a
bit more.

I'm hoping a properly enabled LXD OpenStack would let me use OpenStack
"services"  to deploy, orchestrate,
monitor and manage and LXD containers/server created in OpenStack.

Services such as...

OpenStack Heat service for orchestration


Horizon - OpenStack's Dashboard


OpenStack's Ceilometer - the telemetry service


On top of what all the above might provide the integrated use of those
Canonical projects (LXD, Juju, the NCLXD Neutron plugin
 etc)... you then can deploy any
of the many existing Juju Charms for Applications
.

However, with what I've already seen with LXD on my 15.04 & 15.10 tests I
would expect many new tools to appear around LXD...

But there are lots of projects I think are close to something similar...

Some like Proxmox, who with their just released v4.0,
 switched from openvz to LXC I would
think eventually enhance that with LXD if nothing else but because it would
make managing remote LXC containers simple.

KaanalNet  - although designed to help learn SDN
technologies uses LXC containers instead of only the network namespace
pieces of liblxc like the Mininet network emulator does.

With KaanalNet you could run real payloads in the LXC containers it
manages.By its nature I'd expect that eventually KaanalNet will
incorporate LXD to enhance its existing LXC capabilities.

However, both of the above implemented LXC but no LXD support yet.

But as I said I'd expect alot of developers looking at LXD because of its
REST api coupling to multi-server LXC container orchestration but also
because the LXD cli syntax is really pretty simple to follow imho.

It would also be great to see a developer take the cockpit source & add LXD
capabilties to it as well.
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] re lxcbr0 doesn't exist after upgrade to 15.10

[brian mullan]

Norberto

Great coincidence as I read your msg to the lxc-users list about the lxcbr0
bridge
disappearing after upgrade to Ubuntu 15.10.

I just finished upgrading one of my machines to 15.10 this weekend and
today I noticed
I couldn't start any containers.

Then I noticed there is no lxcbr0 any longer.

I followed same steps as you w/ service lxc-net stop/start etc also.

I looked on launchpad for any bugs files on lxc for this but didn't spot
anything yet however
there were several mentions of one or more systemd problems

$ lsb_release -d
Description:Ubuntu 15.10

$ sudo lxc --version
0.20

$ uname -a
Linux server3  4.2.0-16-generic #19-Ubuntu SMP Thu Oct 8 15:35:06 UTC 2015
x86_64 x86_64 x86_64 GNU/Linux

$ sudo lxc-start -n test
lxc-start: lxc_start.c: main: 344 The container failed to start.
lxc-start: lxc_start.c: main: 346 To get more details, run the container in
foreground mode.
lxc-start: lxc_start.c: main: 348 Additional information can be obtained by
setting the --logfile and --logpriority options.

# the logfile I created contained this...

$ more *.log
  lxc-start 1445897600.815 ERRORlxc_conf -
conf.c:instantiate_veth:2621 - failed to attach 'vethTB8U9R' to the bridge
'lx
cbr0': Operation not permitted
  lxc-start 1445897600.846 ERRORlxc_conf -
conf.c:lxc_create_network:2904 - failed to create netdev
  lxc-start 1445897600.846 ERRORlxc_start - start.c:lxc_spawn:920 -
failed to create the network
  lxc-start 1445897600.846 ERRORlxc_start -
start.c:__lxc_start:1172 - failed to spawn 'test'
  lxc-start 1445897600.846 ERRORlxc_start_ui - lxc_start.c:main:344
- The container failed to start.
  lxc-start 1445897600.846 ERRORlxc_start_ui - lxc_start.c:main:348
- Additional information can be obtained by setting t
he --logfile and --logpriority options.
  lxc-start 1445899155.144 ERRORlxc_conf -
conf.c:instantiate_veth:2621 - failed to attach 'vethGQAYMM' to the bridge
'lx
cbr0': Operation not permitted
  lxc-start 1445899155.170 ERRORlxc_conf -
conf.c:lxc_create_network:2904 - failed to create netdev
  lxc-start 1445899155.170 ERRORlxc_start - start.c:lxc_spawn:920 -
failed to create the network
  lxc-start 1445899155.170 ERRORlxc_start -
start.c:__lxc_start:1172 - failed to spawn 'test'
  lxc-start 1445899160.176 ERRORlxc_start_ui - lxc_start.c:main:344
- The container failed to start.
  lxc-start 1445899160.176 ERRORlxc_start_ui - lxc_start.c:main:346
- To get more details, run the container in foregroun
d mode.
  lxc-start 1445899160.176 ERRORlxc_start_ui - lxc_start.c:main:348
- Additional information can be obtained by setting t
he --logfile and --logpriority options.

Brian
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] Cloud agnostic containers

[brian mullan]

Luis

I used PeerVPN (by Tobias Volk) to connect my LXC containers on AWS &
Digital Ocean.   Servers on both were also connected in a mesh to a server
here at my home.

Tobias was a recent PHD graduate who wrote PeerVPN and after exchange of
some emails w/him I learned he had already taken into consideration things
such as auto-fragmentation & reassembly of large packets etc.

PeerVPN is a full mesh vpn and w/auto-learning of any new nodes added.

http://www.peervpn.net/

The PeerVPN source files are on Github and you might find the PeerVPN
config file comments/documentation very useful in regards to
"capabilities/features":
https://github.com/peervpn/peervpn/blob/master/peervpn.conf

PeerVPN supports both IPv4 & IPv6, layer 2 & Layer 3 VPN and is *very
simple* to configure compared to some other VPN solutions I looked at!

I documented my initial proof-of-concept doing this but Flockport did a
nice write-up of PeerVPN's
use with LXC also which included the L3 config info you might want.

https://www.flockport.com/build-layer2-and-layer-3-overlay-networks-with-peervpn/

Brian
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] subreddit for lxc

[brian mullan]

Didnt' know how many of you were aware that there is a sub-reddit for LXC

https://www.reddit.com/r/LXC/

Brian
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] this would seem to be good news - proxmox adopting LXC for container based vm's

[brian mullan]

I haven't used Proxmox (yet) but was always interested in it because I've
seen so many posts over the past years about how great an environment it
was to utilize.

In the past I saw they utilized OpenVZ for any Proxmox container use.

They (proxmox) just announced they are switching to LXC..!

http://forum.proxmox.com/threads/22532-Proxmox-VE-4-0-beta1-released

Their link to linux containers on this page
http://pve.proxmox.com/wiki/Linux_Container (see below) now points to
linxucontainers.org.

*Migrate container from OpenVZ to Linux container*

*NOTE:At the moment you must do it manually later it will work with backup
and restore. Make a Backup (use gzip) of the OpenVZ container. *

*Then copy the backup file in /var/lib/vz/template/cache/ *

*Now it is possible to create a new CT, using the backup as template. see
create container. Create_container
http://pve.proxmox.com/wiki/Linux_Container#Create_container*
 *References*

*Wikipedia Linux Container https://en.wikipedia.org/wiki/LXC*

*Linux Container https://linuxcontainers.org/*

*GIT Linux Container https://github.com/lxc*
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] mesh networking for lxc containers (similar to weave)?

[brian mullan]

First, i would say that I only read about Canonical's FAN yesterday so have
no insight into what it can or can't do.

This spring I spent time looking at various solutions for network overlays
because of my interest in SDN and LXC.

My use-case requirements were:

   1. to *be able to interconnect LXC containers on any server on any Cloud*
   or private DataCenter
   2. *be simple* to install  configure
   3. *be full-mesh* without requiring any super-node in the network
   4. provide layer 2 (L2) support thus supporting BOTH...* IPv4 -and- IPv6*
   5. *support multi-tenancy *use
   6.
*transparency to firewall  NAT *
   7.
*be open source *

For SDN use VxLAN is problematic because of its usual requirement for
multicast to be enabled in the network which for most ISPs or Cloud
environments is not available.

Yes, there are some unicast VxLAN solutions now but they almost all (AFAIK)
require use of proprietary networking hardware (cisco, juniper).I've
not used Flannel yet but I do not believe it requires multicast.

So I began looking at various full mesh VPN solutions including:

   - ControlTier - required a super-node
   - Tinc - fairly complex setup/configuration
   - others.

I also examined CJDNS but learned it may not be appropriate for my use case
because of the way its architected.

A side benefit of a full-mesh VPN Network Overlay was that all the traffic
would be encrypted.

After looking at various full-mesh vpn solutions I found and used *PeerVPN*.


PeerVPN:

   - was created by a recent PHD (Tobias Volk)
   - was implemented in C  is fast
   - is open source
   - is self-learning full-mesh vpn
   - provides strong encryption
   - and worked great with  LXC but also with with Docker and other
   container technologies.

Because PeerVPN is an L2 VPN it also can support:

   - both IPv4 and IPv6 (simple configuration)
   - use of routing protocols over it
   - implementation  use of VxLAN later when I get time
   - multi-tenancy use

Because I wanted to interconnect LXC between any IaaS Cloud the PeerVPN
encryption would ensure the security of the traffic.

This worked extremely well and met all of use-case requirements.

PeerVPN was simple to configure  setup (only 5 or 6 commands)... maybe 10
if you configure *both* IPv4 and IPv6.   Its also a self-learning full mesh
vpn w/no super-node requirement.

I documented all of this on a blog post where I hope I have provided enough
info.I had input from the author (Tobias Volk) and others who had read
it.

Proof-of-Concept Secure Mesh VPN Network Interconnect for LXC containers in
Multiple IaaS Clouds https://bmullan.wordpress.com/

My testing of this included LXC containers running on host Servers on AWS
and Digital Ocean Clouds as well as a local server.

No machine required more than 5-6 simple config commands for either IPv4
-or- IPv6 and maybe 10 commands total if using both.

The full mesh VPN learned new nodes quickly and quickly provided an
any-to-any connection, usually within a few seconds).

With the advent of LXD capabilities for remote LXC management/control the
PeerVPN solution also presents a simple solution to a complex problem in a
multi-cloud environment.

Brian
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] Unity8inLXC

[brian mullan]

I just became aware of this today and thought I'd pass the info along in
case others hadn't seen it yet...

Ubuntu Wiki - The Unity 8 Desktop (Preview) in an LXC
https://wiki.ubuntu.com/Unity8inLXC

Brian
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Is there a guide to LXC ipv6 configuration

[brian mullan]

Xavier 

I am just learning ipv6 but as I understand it from my reading so far
similar solutions exist in ipv6 as for ipv4 such as dhcp6 etc.

There is stateless address autoconfiguration
(https://tools.ietf.org/html/rfc4862) and Neighbor Discovery protocol (NDP)
for ipv6 (https://tools.ietf.org/html/rfc4861).   

NDP seems to only be used on local link for address discovery but that would
seem appropriate for lxc container address assignments !

From what I understand so far IPv6 has two types of auto-configuration:

Stateless auto-configuration (the RFC mentioned above) which is intended
for small orgs   individual use.  Because this method needs no server to
approve the use of an address its supposed to be simpler to implement. 

It's intended to let a host propose an ipv6 address based on the ipv6
network prefix  the host interface MAC address (see EUI-64).  This
assumes the result will be a unique ipv6 address (re no address conflicts).

Stateful auto-configuration uses the dhcp6 protocol.   dhcp6 is called
stateful” because both the dhcp6 server  the client have to keep state
information to insure no address conflicts occur  to manage
lease/lease-renewals.

I was hoping that either someone had used something in these areas to
implement an automatic local ipv6 address assignment to LXC containers
created on any one host or knew of a guide somewhere related to ipv6  lxc.

Thanks for your reply!

Brian
 

___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] Is there a guide to LXC ipv6 configuration

[brian mullan]

LXC default is to setup NAT'd ipv4 for containers.

is there any guide to how to change the default to setup ipv6 instead so
lxc-create -t  -n cn_name

cn_name ends up with an ipv6 address.

I searched thru all the lxc-users archive and didn't find any mention of
this
and google searches tend to just show examples of static ipv6 config for a
container

I was hoping there was the ipv6 equivalent of the default ipv4 lxc-create
results.

brian
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] ONOS laptop setup using LXC

[brian mullan]

One of my interests is SDN and I recently spent some time looking at ONOS.

ONOS (open network operating system) is a project started to help Service
Providers (SP) implement/utilize
SDN to hopefully lower future operating costs.

I was happy to learn that on the ONOS website they show how to utilize LXC
to create ONOS cells.

https://wiki.onosproject.org/display/ONOS/Multiple+instances+using+LXC

Brian
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] Has anyone looked at an LXC solution like the proposal for native Docker Multi-Host Networking

[brian mullan]

Just curious if anyone knows of any work going on around something like
this Docker proposal for Multi-Host networking:

https://github.com/docker/docker/issues/8951

Given the direction of LXD/LXC and their increased use in data centers 
clouds I would like to know if anyone has looked at the proposal for native
Docker multi-host networking in regards to an LXD/LXC solution for the same
problem(s).

I've been looking at VXFLD (vxlan flood)
https://github.com/CumulusNetworks/vxfld which was open-sourced last year
by Cumulus Networks and MetaCloud (just before Cisco bought MetaCloud).

VXFLD attempts to solve the problem handling BUM (Broadcast, Unknown 
Multicast) packets for VxLAN without requiring that the network support
Multi-Cast.

VXFLD was submitted to IETF as a proposed uni-cast VxLAN solution but I'm
not sure where it stands.

re. a uni-cast VxLAN solution which would enable Overlay networking of LXC
containers.

These 2 topics (multi-host networking) and what VXFLD attempts to solve
(unicast VxLAN) are big topics in OpenStack  SDN today.

I've been thinking that either an LXC host could be used as the VxLAN
VTEP (Virtual Tunnel End Point) and traffic from LXC containers on that
host could be inter-connected with any other LXC container on any other
Host via the VxLAN tunnel.

Just thought I'd ask if anyone else was or has looked at this kind of
problem/solution in LXC deployments?

Brian
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Has anyone looked at an LXC solution like the proposal for native Docker Multi-Host Networking

[brian mullan]

I just setup a test environment which I think will validate this with cloud
servers.

I created 2 LXC containers  cn1,  cn2

In both cn1 and cn2 I create 2 nested LXC containers

Now as expected the cn1 and cn2 get the default 10.0.3.x addresses and they
can both ping the internet  each other (by default)

The nested containers in both cn1 and cn2 get a 10.0.4.x address.

The nested LXC containers in each cannot ping the nested containers in the
other so I think this seems to make a valid test-case for VXFLD or some
other solution in regards to a working unicast vxlan setup.

Brian


___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] processes escaped from memory cgroup in container, but CPU group is OK

[brian mullan]

forgot to cc the list


On Fri, Nov 21, 2014 at 11:25 AM, brian mullan bmullan.m...@gmail.com
wrote:

 systemd was one of the topics discussed at last weeks Ubuntu Developer's
 Summit
 Systemd transition - 2014-11-14 18:00..18:55 in Platform 1
 http://summit.ubuntu.com/uos-1411/meeting/22401/systemd-transition/
 The various developers discussed the current status and planning for the
 coming
 releases in regards to systemd.   They also discuss some of the blocking
 factors.

 You might want to check it out.

 brian


 -- Forwarded message --
 From: Michael R. Hines mrhi...@linux.vnet.ibm.com
 To: lxc-users@lists.linuxcontainers.org
 Cc:
 Date: Fri, 21 Nov 2014 15:45:47 +0800
 Subject: [lxc-users] processes escaped from memory cgroup in container,
 but CPU group is OK
 Hi All,

 I am using LXC 1.0.5, and I have container running Redhat 7.0 on a Power7
 processor. My host kernel version is 3.10.42.

 The cgroup for this container located at /cgroup/cpu works very well - I
 can manually echo
 different shares and control resource usage as expected.

 But, to my surprise, I set the memory.limit_in_bytes option of the
 container in /cgroup/memory/lxc/../containe
 r/memory.limit
 to a low number (like 2G in bytes), and the container was still able to
 consume all the memory in the system.

 So, digging deeper I printed the output of cgroup.procs and found that
 *only* systemd inside the container
 was properly joined into the group, whereas all the other child processes
 of the container were missing.

 As a further test, I repeated the same procedure with a Ubuntu 14 guest
 (which does not appear to use systemd),
 and the cgroup memory limit worked as expected - all the child processes
 were correctly added to cgroup.procs
 without any problems. When I try to set memory.limit_in_bytes, the control
 works very well.

 So, what gives? Any ideas?

 - Michael

___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] Can LXD be installed used on same system with LXC use

[brian mullan]

I've still not found LXD documentation yet but as I use LXC alot I'd
like to know if there are any caveats to installing  using LXD on a system
that is also being used for LXC ?

Thanks
Brian
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] Can LXD be installed used on same system with LXC use

[brian mullan]

Nick...

I know how to utilize nested LXC as I've been doing that for quite a while.

My question was about the new LXD hypervisor Canonical announced last
week called LXD

see:   http://www.ubuntu.com/cloud/tools/lxd


Brian
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] openstack support

[brian mullan]

Okay I see what you were asking.

You might also want to refer to this Openstack page:

https://wiki.openstack.org/wiki/HypervisorSupportMatrix


On Thu, Sep 25, 2014 at 9:25 AM, Tamas Papp tom...@martos.bme.hu wrote:


 On 09/25/2014 03:18 PM, brian mullan wrote:

 tamas

 not sure the intent you had for lxc and openstack but just in case you
 hadn't seen this yet take a look at the new Ubuntu Cloud-Installer for
 OpenStack:

 http://ubuntu-cloud-installer.readthedocs.org/en/latest/

 both the Multi  Single mode installers ... install OpenStack using a
 combo of KVM and LXC.

 the single mode  installs everything onto your laptop/PC.

 The guide does state that you should have 8 cpu core available etc but
 I've done this several times already and it worked for me.

 Its really an interesting deployment of OpenStack as its the first I've
 seen that intelligently uses LXC and hw virtualization (where an openstack
 component requires it).


 I know, that openstack supports LXC, but according to this page, it's only
 by the libvirt driver:

 http://docs.openstack.org/trunk/config-reference/content/lxc.html


 I am curious about this implementation of lxc:)


 t

___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] openstack support

[brian mullan]

Another reference  about LXC w/Nova -
https://wiki.openstack.org/wiki/CaaS_demo

However, it may be using LXC to represent libvirt-lxc.



On Thu, Sep 25, 2014 at 9:36 AM, brian mullan bmullan.m...@gmail.com
wrote:

 Okay I see what you were asking.

 You might also want to refer to this Openstack page:

 https://wiki.openstack.org/wiki/HypervisorSupportMatrix


 On Thu, Sep 25, 2014 at 9:25 AM, Tamas Papp tom...@martos.bme.hu wrote:


 On 09/25/2014 03:18 PM, brian mullan wrote:

 tamas

 not sure the intent you had for lxc and openstack but just in case you
 hadn't seen this yet take a look at the new Ubuntu Cloud-Installer for
 OpenStack:

 http://ubuntu-cloud-installer.readthedocs.org/en/latest/

 both the Multi  Single mode installers ... install OpenStack using a
 combo of KVM and LXC.

 the single mode  installs everything onto your laptop/PC.

 The guide does state that you should have 8 cpu core available etc but
 I've done this several times already and it worked for me.

 Its really an interesting deployment of OpenStack as its the first I've
 seen that intelligently uses LXC and hw virtualization (where an openstack
 component requires it).


 I know, that openstack supports LXC, but according to this page, it's
 only by the libvirt driver:

 http://docs.openstack.org/trunk/config-reference/content/lxc.html


 I am curious about this implementation of lxc:)


 t



___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] How to cancel lxc-autostart

[brian mullan]

I've been reading this thread and this is the first *and only time* I've
ever heard anyone request such a kill all command for LXC to terminate
auto-start.

Developer time is always in short supply and IMHO asking one of them to
spend their time on such a *corner-case issue* is not putting their
efforts to good use.

There have been 2 alternatives proposed that seem would handle this event
and my opinion is that should be sufficient.

LXC 1.x has a lot of important work going on and I'd rather see people
focused on the existing roadmap or on addressing critical bugs.

Of course its all Open Source so anyone that can't live without such a
feature could either contribute the patches themselves or offer a bounty to
have it done for them.

again just my opinion

Brian
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Unable to SSH into LXC on Host PC

[brian mullan]

Zhong Jiang..

Normally I'd go to Stephane Graber's web blog but I can't reach it right now.

However, another really good blog post on LXC networking can be found here:

http://containerops.org/2013/11/19/lxc-networking/

In his examples he uses vagrant w/lxc but if you ignore the references the
vagrant the rest of the write-up is very good in regards to networking LXC
containers.

Brian




___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] Nice Linux Container video by IBM's Boden Russell

[brian mullan]

At the recent Openstack summit Boden Russell gave a good overview of Linux
containers including cgroup, name-spaces etc.

Although this is not LXC specific I thought it might be of interest to some
of you as general info.

https://www.youtube.com/watch?v=a4oOAVhNLjU
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] LXC with X, specifically KDE v. VM

[brian mullan]

Fajar and others have given you some answers that all work.

I've done what you are wanting to do using multiple methods.

   - x2go works great and is easy to install.

server side (lxc container for you):

   - sudo add-apt-repository ppa:x2go/stable
  - sudo apt-get update
  - sudo apt-get install x2goserver x2goserver-xsession
  - then edit /etc/ssh/sshd_config and change both of the following
  lines to yes
  - ChallengeResponseAuthentication yes
  - PasswordAuthentication yes

client-side (your Ubuntu Host)

   - sudo add-apt-repository ppa:x2go/stable
   - sudo apt-get update
   - sudo apt-get install x2goclient

On the  ubuntu host start x2go, put in the IP address of the lxc container
in the profile form, input your login user id (assuming you created a
userID in the lxc container) and at the bottom tell x2go what Desktop you
are using (lxde, kde, xfce, mate, etc etc), hit save, then click on the
icon representing that session profile enter your password, answer yes to
the SSH key prompt, and you should see your desktop in 2-3 seconds.



   - guacamole installed in the container works very well also but its a
   little more of a setup than x2goserver in the container but guacamole does
   NOT require anything on the Host OS because it uses HTML5 to present its
   remote desktop from the container (see: http://guac-dev.org/ ) using
   either vnc or rdp (if you configure rdp in the container which means x11rdp
   and xfreerdp (latest versions can be installed in the container following
   the excellent scarygliders.com website which will automagically build
   then install both for you using the latest source code.




NX from NoMachine's is not open source any longer but I believe that you
can still use their sw for a 1 or 2 user setup.

My personal opinion is that nothing beats x2go at this point in time for
remote desktop and its still open source.  Guacamole is working well for me
now too but not quite x2go level

If both your Host and LXC container are ubuntu you can even set x2go up so
from the host you use just a browser to log in:
http://wiki.x2go.org/doku.php/wiki:advanced:x2goplugin
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Lxc and OVS

[brian mullan]

Pradeep your diagram doesn't provide any info on the network connections.

What does ifconfig show for a network address and are they separate from
the Hosts network address?

Nor do you say how you configured Floodlight.   By default Floodlight uses
Reactive Flow control where unknown pkt-in are sent to the controller but
you
can configure Floodlight for Proactive flow control where the controller
pre-populates
a flow to the switches when you installed the controller you would
have had to make a config decision to change the default tho'.



-- Forwarded message --
From: Pradeep Kiruvale pradeepkiruv...@gmail.com
To: lxc-users@lists.linuxcontainers.org
Cc:
Date: Wed, 9 Apr 2014 13:16:49 +0200
Subject: [lxc-users] Lxc and OVS
Hi All,

   For one of my project   I have a setup as below



   openflow controller(floodlight controller)
   |
openflow switch
   |
    |_
   ||
container1   container2


Everything setup perfectly and ping works from one container to the other
and the from host to containers.

But I am not receiving any messages in open-controller.They bypass the
controller
and communicated.As per the openflow protocol first message should come to
controller
and then install a  flow and then they can communicate afterwards.

Am I missing something here?

Thanks  Regards,
Pradeep
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] Nested containers

[brian mullan]

Marc

Not sure if you saw all the latest LXC writeups that Stephane Graber posted
in the last month on LXC.

http://voices.canonical.com/tag/lxc/

Check under the entry titled:  Container Nesting

but also do a page search fo nest

As nesting is discussed in several of the posts referred to by the above
URL.

Brian
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users