Re: [Lxc-users] container shutdown

[Brian K. White]

On 3/19/2012 9:25 AM, Serge Hallyn wrote:
 Quoting Daniel Lezcano (daniel.lezc...@free.fr):
 On 03/19/2012 03:50 AM, Serge Hallyn wrote:
 Quoting Daniel Lezcano (daniel.lezc...@free.fr):
 On 03/19/2012 12:00 AM, Serge Hallyn wrote:
 Hi,

 Thanks to Jäkel's and Fajar's great ideas, we can now cleanly shut down
 a container by sending it SIGPWR.  I'm attaching two ways to do that.
 In-line is a patch which modifies lxc-stop to take optional -s and -t
 args - -s for shutdown (meaning send SIGPWR), and -t for a timeout,
 after sending SIGPWR, to hard-kill the container.
 That may make more sense to implement a lxc-reboot | lxc-shutdow
 Is there another signal that would make sense for lxc-reboot?

 Yes, SIGINT will make the init process to restart the services. I
 said lxc-reboot but that could be lxc-shutdown -r.

 I personally prefer lxc-reboot, but I can imagine people liking
 lxc-shutdown -r.  What do others prefer?

 script on top of on lxc-kill.

 IMHO, I don't think adding a timeout is a good idea because the
 shutdown process may take more than the timeout to stop the services
 and the container could be killed while the services are doing some
 cleanup or flush or whatever. If this option is present, people will
 tend to use it instead of investigating if a service is stuck, or
 working, or flushing.
 I would recommend to let the shutdown script to handle the timeout
 by themselves.
 By 'let the shutdown script to handle the timeout by themselves, you
 mean let the scripts calling lxc-shutdown handle the timeout?

 I meant the initrd scripts within the container to be fixed to
 properly shutdown (for example add timeout or optimize the stopping
 services). The init process will send SIGTERM to all the processes
 and then SIGKILL after awhile. I don't think that should be handled
 from outside.

 I agree we want to do that where we can.  I disagree that we should
 rely on it.

 Some services are bogus because they don't care when
 they are stopped in the shutdown process because they expect to be
 killed. For example, the sshd service was automatically respawned
 after being killed by init at the shutdown time but that was only
 spotted with containers.

 Right, and we should (and did) fix that, but lxc shouldn't look
 broken when the container misbehaves.

 leave lxc-shutdown to be as simple as 'lxc-kill -n $1 SIGPWR ?

 Yes, lxc-shutdown could be in this case very trivial (may be adding
 a couple of things like waiting for the container to stop before
 exiting in order to have a synchronous command).

 (I dunno, from there it seems to me the next logical step to add a
 timeout :)  But just waiting is fine for me.)

 Ok, so

 lxc-kill -n $1 SIGPWR
 lxc-wait -n $1 STOPPED

 I'll wait for comments on lxc-reboot v lxc-shutdown -r.

Timout:
I can think of no excuse to omit a timeout option. It would be easy and 
it would be useful and it would be more admin-friendly than requiring 
the init script author to do it, or fail to do it, or do it poorly, or 
have 12 different distro's all do it differently, etc...

Any that want to do it themselves, still can, since it's merely an 
option not a hard coded behavior. If you need to watch for something 
that _you_ know means it's ok to destroy, yet doesn't look like 
stopped to lxc-wait, no problem, just don't use that option.

But by far the more usual and therefor should be the default behavior, 
would be don't allow a hung container to prevent the host from shutting 
down gracefully. That allows one bad container to possibly harm the host 
and thereby all other containers on that host. My own init script for 
suse has this problem. I know ways I could fix it but I've just been 
busy with other work so it just continues to have this problem for a 
year now...

Executable name:
I would prefer several almost identical actions to be implemented in one 
program with options instead of several almost identical programs. So I 
say lxc-shutdown -r than lxc-reboot. But I have no problem with 
lxc-shutdown doing -r based on argv0 as well as getopts. Everyone can 
have what they want without asking you the author to write multiple 
programs.

-- 
bkw

--
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here 
http://p.sf.net/sfu/sfd2d-msazure
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] failed to rename cgroup ?

[Brian K. White]

Are you running vsftpd inside the container?
If so, make sure it has these two lines in /etc/vsftpd.conf (in the 
container not the host)

# LXC compatibility
# http://www.mail-archive.com/lxc-users@lists.sourceforge.net/msg01110.html
isolate=NO
isolate_network=NO

Do the same for all containers.

Then reboot the host, because you can't clear the problem any other way, 
only prevent it from happening in the first place.

Then see if you still have a problem shutting down and restarting that 
container.

-- 
bkw


On 3/7/2012 4:32 AM, 陈竞 wrote:
 i dont konw how to solve the problem, can you give me some advise? thank you

 在 2012年3月7日 下午5:04，Papp Tamas tom...@martos.bme.hu
 mailto:tom...@martos.bme.hu写道：

 On 03/07/2012 09:58 AM, 陈竞 wrote:
   i want to start lxc-sshd, but get error:
  
   localhost lxc # /usr/local/bin/lxc-start -n sshd
   lxc-start: No such file or directory - failed to rename cgroup
   /cgroup//lxc/9740-/cgroup//lxc/sshd
   lxc-start: failed to spawn 'sshd'
   lxc-start: No such file or directory - failed to remove cgroup
   '/cgroup//lxc/sshd'
  
   what does it mean?

 Remove, not rename.

 tamas

 
 --
 Virtualization  Cloud Management Using Capacity Planning
 Cloud computing makes use of virtualization - but cloud computing
 also focuses on allowing computing to be delivered as a service.
 http://www.accelacomm.com/jaw/sfnl/114/51521223/
 ___
 Lxc-users mailing list
 Lxc-users@lists.sourceforge.net mailto:Lxc-users@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/lxc-users




 --
 陈竞，中科院计算技术研究所，高性能计算机中心
 Jing Chen HPCC.ICT.AC http://HPCC.ICT.AC China


 --
 Virtualization  Cloud Management Using Capacity Planning
 Cloud computing makes use of virtualization - but cloud computing
 also focuses on allowing computing to be delivered as a service.
 http://www.accelacomm.com/jaw/sfnl/114/51521223/



 ___
 Lxc-users mailing list
 Lxc-users@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/lxc-users


--
Virtualization  Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing 
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] How to start the network services so as to get the IP address using lxc-execute???

[Brian K. White]

This isn't meant as an insult but you seem to be trying to do things 
backwards and expecting, worse, demanding, a low level tool to contain 
high level features that really should be provided by your own 
scripting, or by other tools that already exist for that purpose.

If you want to assign container ip addresses in some particular order, 
then simply do so. You can ensure container IP's get set whatever way 
you want by any number of means. You can write a start script that 
writes IP's into the container config files and/or rewrites them 
dynamically every time it's started up, you can tell the containers to 
use dhcp and you can control the dhcp server. If you want to read the 
containers IP, you can get it from the hosts dhcp server state/log file 
or possibly from the arp table on the host or by directly reading files 
from the containers filesystem.

Someone already gave you a good example of a simple bit of shell 
scripting that takes the container name and uses that to produce the ip 
address as long as the container names adhered to a consistent pattern.

If that's not what you wanted then what? Chronological order? That's 
sort of meaningless since containers can be stopped and restarted.

If you want the ip's to be assigned chronologically, ie, the first 
container to be started gets ip #1, that's trivial too, just write the 
start script to keep count in a temp file every time it is started, or 
have it parse the list of all running containers and add one to whatever 
is the current highest number running before starting a new container. 
But then this points out how meaningless this request is from the 
beginning. What happens after containers have been stopped and 
restarted? Do you want a restarted container to get a new next-highest 
number? or remember it's original number? If you want it to get a new 
number, then what happens when the always incrementing number gets to 
the end of the netmask? If you want it to remember the number that it 
got originally then what why not just write that number in it's config 
file from the beginning? If you want it to reuse IP's dynamically from a 
pool then that is already what a dhcp server does.

I really don't understand what you are trying to do or trying to avoid 
doing or why, that isn't easily answered by a little shell scripting 
and/or a dhcp server.

-- 
bkw

On 12/8/2011 7:59 AM, nishant mungse wrote:

 Hi Greg,

 Thanks 4 reply.

 I just want the IP addresses of the containers. And one more thing can I
 get the IP address of containers in sequence for eg. container1 ::
 198.208.168.1 container 2 :: 198.208.168.2 and like this.

 Please help me ASAP.

 Regards,
 Nishant

 On Thu, Dec 8, 2011 at 5:09 PM, Greg Kurz gk...@fr.ibm.com
 mailto:gk...@fr.ibm.com wrote:

 On Thu, 2011-12-08 at 16:03 +0530, nishant mungse wrote:
   Hi,
  
   I want to manually invoke a networking setup to start the network
   service to get the IP address of container , But the problem is i
   don't want to start the container and want to use lxc-execute.
  
   When I tried these things happened::
  
   command :: lxc-execute -n base
   -f /home/nishant/ubuntu.conf
 /var/lib/lxc/base1/rootfs/etc/init.d/networking start

 Ok... this can't work. lxc-execute is for application containers only:
 it runs lxc-init instead of standard /sbin/init. The networking script
 you invoke needs upstart to be already running in the container... You
 seem to have a system container here, it _MUST_ be started with
 lxc-start.

  
   O/P
  
   Rather than invoking init scripts through /etc/init.d, use the
   service(8)
   utility, e.g. service networking start
  
   Since the script you are attempting to invoke has been converted
 to an
   Upstart job, you may also use the start(8) utility, e.g. start
   networking
   start: Unable to connect to Upstart: Failed to connect to
   socket /com/ubuntu/upstart: Connection refused
  
  
   How to start the network services so as to get the IP addresses of
   containers?
  

 What's your true need here ? Controlling the containers network services
 from the host or just knowing the addresses used by the containers ? I
 guess both are doable in a variety of ways.

 Cheers.

  
   Regards,
   Nishant
  
  
  
  
 
 --
   Cloud Services Checklist: Pricing and Packaging Optimization
   This white paper is intended to serve as a reference, checklist
 and point of
   discussion for anyone considering optimizing the pricing and
 packaging model
   of a cloud services business. Read Now!
   http://www.accelacomm.com/jaw/sfnl/114/51491232/
   ___ Lxc-users mailing
 list Lxc-users@lists.sourceforge.net
 

Re: [Lxc-users] cannot start any more any container?!

[Brian K. White]

On 10/19/2011 1:24 PM, Ulli Horlacher wrote:
 Besides my problem with cannot stop/kill lxc-start (see other mail), I
 have now an even more severe problem: I cannot start ANY container anymore!

 I am sure I have overlooked something, but I cannot see what. I am really
 desperate now, because this happens to my production environment!

 Server host is:

 root@vms1:/lxc# lsb_release -a; uname -a; lxc-version
 No LSB modules are available.
 Distributor ID: Ubuntu
 Description:Ubuntu 10.04.3 LTS
 Release:10.04
 Codename:   lucid
 Linux vms1 2.6.35-30-server #60~lucid1-Ubuntu SMP Tue Sep 20 22:28:40 UTC 
 2011 x86_64 GNU/Linux
 lxc version: 0.7.4.1

 (linux-image-server-lts-backport-maverick)

 All my lxc files reside in /lxc :

 root@vms1:/lxc# l vmtest1*
 dRWX   - 2011-05-17 19:47 vmtest1
 -RWT   1,127 2011-10-19 18:54 vmtest1.cfg
 -RW- 476 2011-10-19 18:54 vmtest1.fstab

 I boot the container with:

 root@vms1:/lxc# lxc-start -f /data/lxc/vmtest1.cfg -n vmtest1 -d -o 
 /data/lxc/vmtest1.log


 But nothing happens, there is only a lxc-start process dangling around:

 root@vms1:/lxc# psg vmtest1
 USER   PID  PPID %CPUVSZ COMMAND
 root 31571 1  0.0  20872 lxc-start -f /data/lxc/vmtest1.cfg -n 
 vmtest1 -d -o /data/lxc/vmtest1.log

 The logfile is empty:

 root@vms1:/lxc# l vmtest1.log
 -RW-   0 2011-10-19 19:09 vmtest1.log


 And no corresponding /cgroup/vmtest1 entry:

 root@vms1:/lxc# l /cgroup/
 dRWX   - 2011-10-10 17:50 /cgroup/2004
 dRWX   - 2011-10-10 17:50 /cgroup/2017
 dRWX   - 2011-10-10 17:50 /cgroup/libvirt
 -RW-   0 2011-10-10 17:50 /cgroup/cgroup.event_control
 -RW-   0 2011-10-10 17:50 /cgroup/cgroup.procs
 -RW-   0 2011-10-10 17:50 /cgroup/cpu.rt_period_us
 -RW-   0 2011-10-10 17:50 /cgroup/cpu.rt_runtime_us
 -RW-   0 2011-10-10 17:50 /cgroup/cpu.shares
 -RW-   0 2011-10-10 17:50 /cgroup/cpuacct.stat
 -RW-   0 2011-10-10 17:50 /cgroup/cpuacct.usage
 -RW-   0 2011-10-10 17:50 /cgroup/cpuacct.usage_percpu
 -RW-   0 2011-10-10 17:50 /cgroup/cpuset.cpu_exclusive
 -RW-   0 2011-10-10 17:50 /cgroup/cpuset.cpus
 -RW-   0 2011-10-10 17:50 /cgroup/cpuset.mem_exclusive
 -RW-   0 2011-10-10 17:50 /cgroup/cpuset.mem_hardwall
 -RW-   0 2011-10-10 17:50 /cgroup/cpuset.memory_migrate
 -RW-   0 2011-10-10 17:50 /cgroup/cpuset.memory_pressure
 -RW-   0 2011-10-10 17:50 /cgroup/cpuset.memory_pressure_enabled
 -RW-   0 2011-10-10 17:50 /cgroup/cpuset.memory_spread_page
 -RW-   0 2011-10-10 17:50 /cgroup/cpuset.memory_spread_slab
 -RW-   0 2011-10-10 17:50 /cgroup/cpuset.mems
 -RW-   0 2011-10-10 17:50 /cgroup/cpuset.sched_load_balance
 -RW-   0 2011-10-10 17:50 /cgroup/cpuset.sched_relax_domain_level
 -RW-   0 2011-10-10 17:50 /cgroup/devices.allow
 -RW-   0 2011-10-10 17:50 /cgroup/devices.deny
 -RW-   0 2011-10-10 17:50 /cgroup/devices.list
 -RW-   0 2011-10-10 17:50 /cgroup/memory.failcnt
 -RW-   0 2011-10-10 17:50 /cgroup/memory.force_empty
 -RW-   0 2011-10-10 17:50 /cgroup/memory.limit_in_bytes
 -RW-   0 2011-10-10 17:50 /cgroup/memory.max_usage_in_bytes
 -RW-   0 2011-10-10 17:50 /cgroup/memory.memsw.failcnt
 -RW-   0 2011-10-10 17:50 /cgroup/memory.memsw.limit_in_bytes
 -RW-   0 2011-10-10 17:50 /cgroup/memory.memsw.max_usage_in_bytes
 -RW-   0 2011-10-10 17:50 /cgroup/memory.memsw.usage_in_bytes
 -RW-   0 2011-10-10 17:50 /cgroup/memory.move_charge_at_immigrate
 -RW-   0 2011-10-10 17:50 /cgroup/memory.oom_control
 -RW-   0 2011-10-10 17:50 /cgroup/memory.soft_limit_in_bytes
 -RW-   0 2011-10-10 17:50 /cgroup/memory.stat
 -RW-   0 2011-10-10 17:50 /cgroup/memory.swappiness
 -RW-   0 2011-10-10 17:50 /cgroup/memory.usage_in_bytes
 -RW-   0 2011-10-10 17:50 /cgroup/memory.use_hierarchy
 -RW-   0 2011-10-10 17:50 /cgroup/net_cls.classid
 -RW-   0 2011-10-10 17:50 /cgroup/notify_on_release
 -RW-   0 2011-10-10 17:50 /cgroup/release_agent
 -RW-   0 2011-10-10 17:50 /cgroup/tasks

 At last the container config file:

 lxc.utsname = vmtest1
 lxc.tty = 4
 lxc.pts = 1024
 lxc.network.type = veth
 lxc.network.link = br0
 lxc.network.name = eth0
 lxc.network.flags = up
 lxc.network.mtu = 1500
 lxc.network.ipv4 = 129.69.1.42/24
 lxc.rootfs = /lxc/vmtest1
 lxc.mount = /lxc/vmtest1.fstab
 # which CPUs
 lxc.cgroup.cpuset.cpus = 1,2,3
 lxc.cgroup.cpu.shares = 1024
 # http://www.mjmwired.net/kernel/Documentation/cgroups/memory.txt
 lxc.cgroup.memory.limit_in_bytes = 512M
 lxc.cgroup.memory.memsw.limit_in_bytes = 512M

Re: [Lxc-users] shutting down CentOS6 container

[Brian K. White]

On 10/17/2011 5:01 PM, Papp Tamas wrote:
 On 10/17/2011 10:54 PM, Derek Simkowiak wrote:
  /I tried the python script, it just works fine./

 Q1: How does the kill -INT init method affect running processes,
 especially MySQL and other databases that may need to shutdown
 gracefully to avoid data corruption?

 I believe that the child processes (incl. mysqld, apache, etc.) would
 be able to shutdown gracefully without data corruption, because they'd
 be killed with a signal that will invoke their internal signal
 handlers. But, I am looking for independent confirmation.

 That's right.

 Q2: How is lxc-stop -n $CONTAINERNAME different from the Python script
 mentioned below? Will lxc-stop on a container cause an unclean
 shutdown, or does it also use a Unix signal?

 lxc-stop is part of the script.
 If I'm right it's equivalent of pushing the power button of the machine.

I would say it's like pulling the power cord.

Not just being a pedant. The terminology matters since you are trying 
specifically to clarify and nail down exactly that all-important 
behavioral detail.

Pressing the power button is ambiguous since pressing the power button 
can be either a polite signal resulting in a graceful and orderly 
shutdown, OR not, depending on the machine. And that difference is all 
the difference in the world.

Just in case someone asks I guess you could also say lxc-destroy is like 
removing everything but the hard drive.

-- 
bkw

--
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] Fwd: RE: Price Request For lxc.org

[Brian K. White]

IEEE does not honor requests for applicant requested id's, but even 
for the locally administered,

lxc 6c:78:63
and
LXC 4c:58:43

are both out. l (6c) and L (4c) both have a second nibble c which has a 
second-least-significant bit 0

1100
--^-

Too bad, it's nice and high to avoid the bridge low mac address interaction.


Backwards, cxl and CXL are both ok.
43:58:4c
63:78:6c
-^:--:--

3
0011
--^-

cxl, containers by linux ?


-- 
bkw

On 10/11/2011 4:07 PM, Derek Simkowiak wrote:
   /Add it to the possible wish list along with the MAC address prefix/

  If there is interest in an official LXC vendor MAC address prefix,
 I'd like to call your attention to this Linux kernel bug:

 https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/584048
 https://www.redhat.com/archives/libvir-list/2010-July/msg00450.html

  These bug reports are for KVM with bridging, however, I have seen
 the same symptom using LXC.  The symptom is that the network bridge goes
 dead for several seconds when starting or stopping containers.  The root
 of the issue is in the Linux kernel, and how it handles the MAC address
 of bridges (and bond interfaces, too).

  In summary, the MAC prefix can't be arbitrary, because a low MAC
 vendor prefix causes a short-term network blackout on the bridge device
 when starting or stopping LXC containers, or KVM/qemu VMs, or any other
 environment using non-physical interfaces.  The blackout is (apparently)
 caused by the bridge changing its MAC address.

  I have added a workaround to my script for this bug (see Comment
 #60 in Launchpad, above).  According to Serge Hallyn: That it is a
 general bridge property is indeed known. The fix in this bug is, like
 your script, simply working around that fact.


 Thank You,
 Derek Simkowiak
 de...@simkowiak.net

 On 10/11/2011 06:08 AM, Brian K. White wrote:
 That's a pretty substantial reduction. Add it to the possible wish list
 along with the MAC address prefix. Sadly I never finished the research
 to get that. The $600 is easy, the time to figure out what you're
 supposed to do is not ;)




 --
 All the data continuously generated in your IT infrastructure contains a
 definitive record of customers, application performance, security
 threats, fraudulent activity and more. Splunk takes this data and makes
 sense of it. Business sense. IT sense. Common sense.
 http://p.sf.net/sfu/splunk-d2d-oct



 ___
 Lxc-users mailing list
 Lxc-users@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/lxc-users


--
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] New LXC Creation Script: lxc-ubuntu-x

[Brian K. White]

Ideally, for the stated purpose, we need something not named ubuntu.

I already have the same sort of wiki page on opensuse.org since a year 
ago but that's of course highly opensuse specific, which is exactly the 
problem a central wiki proposes to avoid.

Meanwhile I'm getting less and less in love with suse every day anyways 
due to changes over the last couple years, and so I'm probably going to 
start basing my systems on Arch or who-knows-what sooner or later.

So, sourceforge or code.google.com or .. blah, lxc.org is for sale for a 
mere $5000 haha.

-- 
bkw

On 10/6/2011 8:44 AM, Serge E. Hallyn wrote:
 Quoting Jäkel, Guido (g.jae...@dnb.de):
  I think there is about 80% overlap between the two projects but
 enough differences to be interesting.  I'll take a closer look at your
 script looking for ideas I may have missed, and I invite you to do the same.

 @Derek: well-spoken.


 @Daniel  Serge: Is there already something like a Wiki to collect such 
 contribute work? I think, there are much more people around here which 
 have developed such tools around LXC: Focused on their own requirements and 
 conditions and therefore not fitted to publish to the community. But usefull 
 to study for others to take an idea of it for own purposes.

 I've just created https://wiki.ubuntu.com/lxc.  Please feel free to add your 
 own or, Derek and Uli, please fill in your own description of yours :)

 thanks,
 -serge

 --
 All the data continuously generated in your IT infrastructure contains a
 definitive record of customers, application performance, security
 threats, fraudulent activity and more. Splunk takes this data and makes
 sense of it. Business sense. IT sense. Common sense.
 http://p.sf.net/sfu/splunk-d2dcopy1
 ___
 Lxc-users mailing list
 Lxc-users@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/lxc-users



--
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] stopping a container

[Brian K. White]

On 9/5/2011 12:34 PM, Michael H. Warfield wrote:
 On Mon, 2011-09-05 at 09:24 +0200, Papp Tamas wrote:
 On 09/05/2011 08:38 AM, Jäkel, Guido wrote:
 What is the right way to stop a container?
 Dear Papp,

 Like with the thread paradigm in computing langugages, the right
 way is that the thread decides to stop. Therefore your container have
 to leave.

 Depending on your Linxus flavor inside the container, you e.g. may
 send a signal to it's init process to proper shut down. This mechanism
 is historical intended to be used by an USV poser supply. In the
 moment, I'm using an old-style sytem v init and I may just send a
 SIGINT to reboot and a SIGPWR to halt it (must be enabled in the
 inittab).


 Another (planned) way is to use lxc-execute, but this is still not
 working. Ulli Hornbacher therefore wrote it's own workaround: A little
 daemon executes all command pushed in by a command running at the host
 -- disregarding to all aspects of security.

 If you're running a sshd inside the container -- and in the most
 case you will I think -- you may use this (with a deposited key) to
 directly send commands to it.

 hi,

 I don't like the ssh way. I think, halting a container automatically
 through an ssh connection is a joke, wich should not be used in any
 way.

 Another way that I have used is to send the init process a kill signal.
 I think it was the power fail sig but that should do it.  That
 definitely worked with the sysv init but I see to recall I had some
 problem with upstart (and systemd won't currently run in a container
 anyways - so you can forget that pig).

That's not another way. That's exactly the way already stated first above.

-- 
bkw

--
Malware Security Report: Protecting Your Business, Customers, and the 
Bottom Line. Protect your business and customers by understanding the 
threat from malware and how it can impact your online business. 
http://www.accelacomm.com/jaw/sfnl/114/51427462/
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] can't remove cgroup

[Brian K. White]

On 6/17/2011 12:06 PM, Serge Hallyn wrote:
 Quoting Brian K. White (br...@aljex.com):
 On 6/16/2011 3:26 PM, Serge Hallyn wrote:
 Quoting Brian K. White (br...@aljex.com):
 I thought we killed this problem?
 ...
 nj12:~ # rm -rf /sys/fs/cgroup/vps001

 rmdir


 Did that too. no joy.

 In fact I did both the main directory and several runs of find|xargs to
 delete files and directories using rm -f , rm -rf and rmdir.
 I'll have to wait for it to happen again to diagnose what the problem
 was. I had to reboot the host because I needed that vm back up.

 I'm guessing the developer was doing something I didn't expect within
 the vm, besides the use of the reboot command, to tie up the context
 group even after all processes went away.

 Or maybe, if you don't have a release agent set, he just ran something
 like vsftpd which created new cgroups by cloning?

 -serge


I do have a release agent, and I usually have the required vsftpd config 
options to disable namespace usage as part of my recipe for setting up 
all systems, but I did not do most of the setup of these particular 
vm's, I'm trying to get one of my people up to speed so they can do it 
so I intentionally stayed away.

It's entirely possible the special vsftpd config either didn't get done, 
or got lost in a full distribution version in-place upgrade that was 
done from within the vm.

... aha, just checked. An old version of my template vsftpd config was 
used which did not yet have the namespace options.

I will add them and test! (as well as update the source of the template 
config obviously)

Thank you even if this doesn't turn out to be the culprit of this 
incident, it's still a hole I missed.

-- 
bkw

--
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

[Lxc-users] can't remove cgroup

[Brian K. White]

I thought we killed this problem?

nj12:~ # lxc-start -n vps001 -f /etc/lxc/vps001/config
lxc-start: Device or resource busy - failed to remove previous cgroup 
'/sys/fs/cgroup/vps001'
lxc-start: failed to spawn 'vps001'
lxc-start: Device or resource busy - failed to remove cgroup 
'/sys/fs/cgroup/vps001'

nj12:~ # lxc-ps auxwww |grep vps001
root  9307  0.0  0.0   7668   808 pts/0S+   14:06 
0:00 grep vps001

nj12:~ # lxc-info -n vps001
'vps001' is STOPPED

nj12:~ # lxc-destroy -n vps001
'vps001' does not exist

nj12:~ # mount |grep cgroup
cgroup on /sys/fs/cgroup type cgroup (rw)

nj12:~ # rm -rf /sys/fs/cgroup/vps001
rm: cannot remove 
`/sys/fs/cgroup/vps001/30149/cpuset.memory_spread_slab': Operation not 
permitted
rm: cannot remove 
`/sys/fs/cgroup/vps001/30149/cpuset.memory_spread_page': Operation not 
permitted
[...]
rm: cannot remove `/sys/fs/cgroup/vps001/cgroup.procs': Operation not 
permitted
rm: cannot remove `/sys/fs/cgroup/vps001/tasks': Operation not permitted
nj12:~ #

The dirs and files still exist so just ignore the error doesn't apply 
here. What happened was the user issued the command reboot from within 
the container. In my own testing I had only ever used shutdown -r now 
which worked fine.

This is lxc 0.7.4.2 on kernel 2.6.39

How can I clear this cgroup? How can I even tell if there are really any 
processes holding it open if lxc-ps shows none?
How can I restart this container other than by editing the start script 
to use a different cgroup name or restarting the entire host?

-- 
bkw

--
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] can't remove cgroup

[Brian K. White]

On 6/16/2011 3:26 PM, Serge Hallyn wrote:
 Quoting Brian K. White (br...@aljex.com):
 I thought we killed this problem?
 ...
 nj12:~ # rm -rf /sys/fs/cgroup/vps001

 rmdir


Did that too. no joy.

In fact I did both the main directory and several runs of find|xargs to 
delete files and directories using rm -f , rm -rf and rmdir.
I'll have to wait for it to happen again to diagnose what the problem 
was. I had to reboot the host because I needed that vm back up.

I'm guessing the developer was doing something I didn't expect within 
the vm, besides the use of the reboot command, to tie up the context 
group even after all processes went away.

-- 
bkw

--
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] [lxc-devel] [PATCH] ignore non-lxc configuration line

[Brian K. White]

On 6/2/2011 3:41 PM, Daniel Lezcano wrote:
 On 06/02/2011 07:03 PM, Michael H. Warfield wrote:
 On Wed, 2011-06-01 at 20:10 -0400, Michael H. Warfield wrote:
 On Fri, 2011-05-13 at 22:32 +0200, Daniel Lezcano wrote:
 From: Daniel Lezcanodaniel.lezc...@free.fr
 We ignore the line of in the configuration file not beginning by lxc.
 So we can mix the configuration file with another information used for
 another component through the lxc library.
 Wow...

 I seem to recall requesting this sort of thing ages ago.  Maybe even
 before we created the -users list and only had the -dev list and was
 shot down.  I have s wanted this feature.  That can implement many
 of the OpenVZ compatibility things we need the high level scripts to
 perform and keep them in one file.  Many thanks.  I as SO glad to see
 this!
 I see that this has not, apparently, made it into a release bundle yet.
 Any idea when it will be out?

 It will be for the lxc-0.7.5 version. No ETA for the moment.
 I would like to have new feature for lxc before releasing a new version,
 the delta with 0.7.4 are mostly bug fixes.

Bugfixes-only for a micro (0.0.x) version increase sounds perfectly fine 
to me. Hold up 0.8.0 or 1.0.0 for features indefinitely and it's fine, 
but hold back bug fixes just so features can go with them?
This is rather what the micro part of the version is for isn't it?

-- 
bkw

--
Simplify data backup and recovery for your virtual environment with vRanger.
Installation's a snap, and flexible recovery options mean your data is safe,
secure and there when you need it. Discover what all the cheering's about.
Get your free trial download today. 
http://p.sf.net/sfu/quest-dev2dev2 
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] Howto detect we are in LXC contener

[Brian K. White]

On 5/25/2011 7:51 PM, David Touzeau wrote:
 Dear all

 to detect if we are inside an OpenVZ, openvzve,xen machine
 we can check the presence of :
 /proc/vz/veinfo
 /proc/vz/version
 /proc/sys/xen
 /sys/bus/xen
 /proc/xen

 But i did not find any information inside the LXC contener in order to
 detect We are really in an LXC contener.

 Is there a tip ??

 Best regards

Recent lxc_start sets an environment variable in the init process.

http://lxc.git.sourceforge.net/git/gitweb.cgi?p=lxc/lxc;a=commit;h=3244e75040a98d2854144ebc169a5a61ddbe0a26

But I like the other trick of checking if init is in a cgroup better for 
now, since it will work for containers that were created by other means 
than lxc_start.

-- 
bkw

--
vRanger cuts backup time in half-while increasing security.
With the market-leading solution for virtual backup and recovery, 
you get blazing-fast, flexible, and affordable data protection.
Download your free trial now. 
http://p.sf.net/sfu/quest-d2dcopy1
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] Mixing public and private IPs for guests - network configuration?

[Brian K. White]

On 5/21/2011 7:48 PM, Benjamin Kiessling wrote:
 Hi,

 Indeed this is not a virtualization specific problem. You want your host to 
 operate as a router for
 the other two IP addresses and, depending on the configuration of OVH, 
 ARP-Proxy the whole stuff.
 Assuming you want have PUB-IP1 on the host and want to assign PUB-IP2 to the 
 container (lets say
 with veths).
 Just assign PUB-IP1 to your host (ip addr a PUB-IP1 dev ethN), add the route 
 for PUB-IP2 to the
 veth of the container on the host (ip r a PUB-IP2 dev vethN), add PUB-IP2 to 
 the interface in the
 container (ip addr a PUB-IP2 dev vethContainer) and set a default route over 
 PUB-IP1 in the
 container (ip r a PUB-IP1/32 dev vethContainer  ip r a default via PUB-IP1 
 dev vethContainer).
 Enable Routing (/proc/sys/net/ipv4/ip_forward) and if OVH uses reverse path 
 filtering proxy-arp
 (/proc/sys/net/ipv4/conf/$DEV/proxy_arp) on the host.
 That should do it. You could use a bridge and still reach all containers (the 
 bridge would have the
 address PUB-IP1 and would include all veths and the physical device) but 
 it'll complicate the setup
 if NAT is required for certain containers. Just set the routes explicitly for 
 each container veth.

 Regards,
 Benjamin Kiessling

I'm not the OP but just wanted to say this was good stuff and I 
appreciate a handy run-down like that.

-- 
bkw

--
What Every C/C++ and Fortran developer Should Know!
Read this article and learn how Intel has extended the reach of its 
next-generation tools to help Windows* and Linux* C/C++ and Fortran 
developers boost performance applications - including clusters. 
http://p.sf.net/sfu/intel-dev2devmay
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] updated lxc template for debian squeeze - with attachedscript ; )

[Brian K. White]

Not at all, this is good info.

It's not an old thread as long as the proposed task hasn't been done 
yet, and it hasn't.

I still need to finish researching what exactly we should get, and then how.

-- 
bkw

On 4/23/2011 3:25 AM, Geordy Korte wrote:
 Hello,

 Sorry to revive an old thread but I would like to share some information
 with you that might give you an insight into why an OUI is advisable.

 I work for IBM as a Technical Pre-Sales consultant for Blade network
 technologies (what a mouth full). BNT creates switches that are very
 very good but that is not the point. One of the features that we have is
 VMready which basically means that when the switch detects a Virtualized
 uplink to a server it will analyse the traffic and create PORTS for
 every virtual host running on that server. This tech allows you to
 create policy for that port with which you can set QOS, ACL and anything
 else you would like. Now Vmready is fully vmotion enabled so that when
 you migrate a virtualhost to another server, the policy moves with it.

 The reason for me writing this to the list is that Vmready works for
 Hypervisor, vmware, kvm, powervm...  and it only works because of the
 mac address. Each switch has a database of Macs that belong to a
 virtualization product and by matching passing traffic to the list
 Vmready works. Should LXC get it's own block then I can make sure it's
 added to the Vmready database.

 Sorry if this sounds like a sales pitch... it's not meant too.

 Geordy Korte

 On Fri, Mar 11, 2011 at 11:08 PM, Brian K. White br...@aljex.com
 mailto:br...@aljex.com wrote:

 On 3/11/2011 10:14 AM, Michael H. Warfield wrote:
   On Thu, 2011-03-10 at 19:09 +, Walter Stanish wrote:
   ...  I have read up on the OUI documentation and
   looking at the detail on the site LXC could opt for a 32bit
 OUI which would
   cost $600 for one block. The dev guys might want to setup a
 pledge program...
  
   I will pay for it.
  
   I too am willing to pay the whole thing, so, halvsies? Or see
 how many
   others want to split even?
  
   Sounds good.  I guess we can nominate you as the finance go-to
 on this
   one then :)
  
   Let us know details when they emerge.
  
   Can someone explain to me why we can't simply use a block of
 addresses
   with the 0200 (local administration) bit or'ed in.  Out of 48 bits of
   addressing, we can use 46 bits of them for anything we want as
 long as
   that bit is set and the 0100 bit (multicast) is clear.  By the
 standard,
   those are locally managed and allocated MAC addresses that are not
   guaranteed to be globally unique.  They don't even need to be
 unique in
   an entire network, only on the local subnet.  Use any convention you
   want.  Stuff the 32 bit IP address of the host in the lower 32
 bits and
   you've still got 14 bits worth of assignable addressing per host.
   That's what that bit is intended for.

 That is exactly what I do myself.

 I'm not sure there is a specific need for a recognizable lxc address
 space, but exactly the same thing could be said about xen and for some
 reason they have one. I don't claim it's necessary I just claim three
 things:

 1) It wouldn't hurt.

 2) It's cheap enough in both cash and time not to matter, more than
 enough volunteers have already presented themselves.

 3) I don't presume that because I don't perceive a reason, that no
 reason exists.

 One scenario I envision off-hand would be that automated vmware tools
 and xen tools and lxc tools could each provision addresses from their
 own spaces and guaranteed never step on each others toes.

 --
 bkw

 
 --
 Colocation vs. Managed Hosting
 A question and answer guide to determining the best fit
 for your organization - today and in the future.
 http://p.sf.net/sfu/internap-sfd2d
 ___
 Lxc-users mailing list
 Lxc-users@lists.sourceforge.net mailto:Lxc-users@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/lxc-users




 --
 ==
 Geordy Korte
 MSN geo...@geordy.nl mailto:geo...@geordy.nl



 --
 Fulfilling the Lean Software Promise
 Lean software platforms are now widely adopted and the benefits have been
 demonstrated beyond question. Learn why your peers are replacing JEE
 containers with lightweight application servers - and what you can gain
 from the move. http://p.sf.net/sfu/vmware-sfemails



 ___
 Lxc-users mailing list
 Lxc-users@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] native (non-NAT) routing?

[Brian K. White]

On 4/9/2011 3:00 AM, Ulli Horlacher wrote:
 On Wed 2011-04-06 (12:31), Daniel Lezcano wrote:

 root@zoo:/lxc# brctl show
 bridge name bridge id   STP enabled interfaces
 br0 8000.0050568e0003   no  eth0

 is your container up when you show the bridge information ?

 Yes:

 root@zoo:/lxc# brctl  show
 bridge name bridge id   STP enabled interfaces
 br0 8000.0050568e0003   no  eth0

 root@zoo:/lxc# lxc -l
 container  size (MB)   start-PID
 fex  377   0
 test 376   0
 ubuntu   6003311


 is it possible you give the ip addr result on the host ?

 What do you mean? Which result?



He's asking you to run ip addr on the host and post the result here.

-- 
bkw

--
Xperia(TM) PLAY
It's a major breakthrough. An authentic gaming
smartphone on the nation's most reliable network.
And it wants your games.
http://p.sf.net/sfu/verizon-sfdev
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] Container with different architecture like arm on x86 [How-to]

[Brian K. White]

On 4/7/2011 5:23 AM, l...@zitta.fr wrote:

 qemu has 2 modes system and user
 You described system mode and I used user mode

That resolves a lot of the mystery right there. I hadn't realized qemu 
had such a mode.

The other issues are either

* obviated by the fact that you're already doing it and the world didn't 
blow up (kernel/abi/environment compatibility),

* or the usefulness outweighs the cost (each process runs in it's own 
qemu instance).

Pretty slick.

-- 
bkw

--
Xperia(TM) PLAY
It's a major breakthrough. An authentic gaming
smartphone on the nation's most reliable network.
And it wants your games.
http://p.sf.net/sfu/verizon-sfdev
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] Cluster Resource Agent

[Brian K. White]

On 4/6/2011 4:56 AM, Christoph Mitasch wrote:
 Hi,

 I'm wondering if anybody is using LXC in a high availability cluster.

 I tried to use it in a Pacemaker Cluster together with DRBD.

 In theory there would be the VirtualDomain Resource Agent supporting
 libvirt. But since my libvirt experience together with LXC was not
 promising, I think the best option is to use lxc-tools.

 It worked for me when using the lxc init script (/etc/init.d/lxc) for
 active/passive configurations.

 As far as I found out only /etc/lxc/ and corresponding lxc rootfs dirs
 have to be shared. /var/lib/lxc should not be necessary, because lxc
 init script doesn't use lxc-create/lxc-destroy.

 Anything else to take care of when moving LXC containers around machines?

 For active/active and more advanced configurations an OCF Resource Agent
 for LXC would be nice. It could be similar to the ManageVE RA for OpenVZ:
 http://hg.linux-ha.org/agents/raw-file/tip/heartbeat/ManageVE

 Regards,
 Christoph

What lxc init script? I think we all write our own and there is no 
official one yet.

I write one for openSUSE but it's not in the suse lxc package nor in any 
other official suse package, just in a stand-alone rclxc package in my 
buildservice repo.

If the official packages for other distros includes an init script, it 
will be different for each one since containers are such a low-level 
feature that can be used for so many different kinds of jobs, it's hard 
to imagine what an official init script would even be like.

-- 
bkw

--
Xperia(TM) PLAY
It's a major breakthrough. An authentic gaming
smartphone on the nation's most reliable network.
And it wants your games.
http://p.sf.net/sfu/verizon-sfdev
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] Container with different architecture like arm on x86 [How-to]

[Brian K. White]

On 4/6/2011 3:26 PM, l...@zitta.fr wrote:
 Hi,

 I tried to run an arm container under a x86_64 host and it works 

 Little how-to :

 build a static compiled qemu-arm
   take qemu sources and build it with :
   ./configure --static --target-list=arm-linux-user; make
   U will find static qemu for arm at ./arm-linux-user/qemu-arm
 use the binfmt_misc kernel module
   mount the pseudofs :
   mount binfmt_misc -t binfmt_misc /proc/sys/fs/binfmt_misc
 have an arm container
   let's say it is at /lxc/armcontainer
 copy qemu in the container :
   cp ./arm-linux-user/qemu-arm /lxc/armcontainer/
 enable binfmt :
 echo
 ':arm:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/local/bin/qemu-arm:'/proc/sys/fs/binfmt_misc/register
 launch your container normaly.

 I found this cool, I hope it be useful someone else.

 I have made this how-to from bash history, I could have made some mistakes.
 feel free to ask if you're in troubles.

 regards,

 Guillaume ZITTA


A few questions,

The echo command references /usr/local/bin/qemu-arm, but I don't see 
that anywhere else in the recipe. Is that a x86_64 binary on the host or 
is that supposed to be a arm binary in the container, or is it simply 
ignored in this case and doesn't matter that it doesn't exist?

It sort of looks like you are telling the host x86_64 kernel to run a 
x86_64 qemu-arm executable any time it encounters an arm elf executable, 
and then since you are placing an arm qemu-arm executable in the 
container fs I guess you are implying that the arm executable you will 
be trying to run will be that arm qemu executable? Why would you do that?

foo - qemu - qemu - kernel ??

ie: arm-executable foo - arm executable qemu-arm - x86_64 executable 
qemu-arm - x86_64 host kernel ??

Assuming that even works. Doesn't there have to be an arm kernel in 
there somewhere? Like:

arm-foo - arm-kernel - x86_64-qemu-arm - x86_64-host-kernel

I don't see the point in this. As long as you have qemu in there 
anywhere it means you are doing full cpu virtualization, avoiding which 
is pretty much the sole purpose of containers.

If it's really true that you can have qemu provide _only_ cpu 
virtualization yet somehow have the host kernel support the arm 
executables through that I guess that's a win since you have a single 
kernel doling out resources directly to all processes instead of kernels 
within kernels. Then again wouldn't that result in every single arm 
executable running inside it's own instance of qemu, auto launched by 
the binfmt? That might be ok for application containers that only run 
one process but that would be terrible for a full system container 
unless that container really only ran one process directly, an arm 
kernel. And in that case I don't see the point of doing that inside a 
container. It's already even more isolated inside qemu than what the 
container provides and the container layer just becomes pointless overhead.

But doesn't the arm kernel have rather a lot more differences than 
merely understanding the arm binary format and cpu? I would have thought 
the container would have to run an x86_64 (or i386) binary, which would 
be qemu, and that qemu would have to run an arm kernel, and all other 
arm processes would have to run in that arm kernel.

I think I need an example to illustrate a use case for this.

-- 
bkw

--
Xperia(TM) PLAY
It's a major breakthrough. An authentic gaming
smartphone on the nation's most reliable network.
And it wants your games.
http://p.sf.net/sfu/verizon-sfdev
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] Container with different architecture like arm on x86 [How-to]

[Brian K. White]

On 4/6/2011 5:30 PM, Justin Cormack wrote:
 On Wed, 2011-04-06 at 16:45 -0400, Brian K. White wrote:

 A few questions,

 The echo command references /usr/local/bin/qemu-arm, but I don't see
 that anywhere else in the recipe. Is that a x86_64 binary on the host or
 is that supposed to be a arm binary in the container, or is it simply
 ignored in this case and doesn't matter that it doesn't exist?

 It sort of looks like you are telling the host x86_64 kernel to run a
 x86_64 qemu-arm executable any time it encounters an arm elf executable,
 and then since you are placing an arm qemu-arm executable in the
 container fs I guess you are implying that the arm executable you will
 be trying to run will be that arm qemu executable? Why would you do that?

 foo -  qemu -  qemu -  kernel ??

 ie: arm-executable foo -  arm executable qemu-arm -  x86_64 executable
 qemu-arm -  x86_64 host kernel ??

 Assuming that even works. Doesn't there have to be an arm kernel in
 there somewhere? Like:

 arm-foo -  arm-kernel -  x86_64-qemu-arm -  x86_64-host-kernel

 I don't see the point in this. As long as you have qemu in there
 anywhere it means you are doing full cpu virtualization, avoiding which
 is pretty much the sole purpose of containers.

 If it's really true that you can have qemu provide _only_ cpu
 virtualization yet somehow have the host kernel support the arm
 executables through that I guess that's a win since you have a single
 kernel doling out resources directly to all processes instead of kernels
 within kernels. Then again wouldn't that result in every single arm
 executable running inside it's own instance of qemu, auto launched by
 the binfmt? That might be ok for application containers that only run
 one process but that would be terrible for a full system container
 unless that container really only ran one process directly, an arm
 kernel. And in that case I don't see the point of doing that inside a
 container. It's already even more isolated inside qemu than what the
 container provides and the container layer just becomes pointless overhead.

 But doesn't the arm kernel have rather a lot more differences than
 merely understanding the arm binary format and cpu? I would have thought
 the container would have to run an x86_64 (or i386) binary, which would
 be qemu, and that qemu would have to run an arm kernel, and all other
 arm processes would have to run in that arm kernel.

 I think I need an example to illustrate a use case for this.


 Qemu is just being used as an arm instruction set interpreter, making
 x86 system calls to the native kernel. binfmt_misc lets you run other
 architecture binaries via emulation just by executing the binary.
 Obviously its slow, but if you want to build an arm distro say it gives
 another option other than cross compiling or a native compile on a slow
 machine.

 Justin

Back to the first question, this actually works for binaries other than 
hello.c ? How many binaries live entirely within the high level calls 
that are really fully abstracted by the kernel?

I guess I have to try this because I don't believe it.
qemu just emulates hardware, as in the cpu and some of the supporting 
system. You can't run user executable on hardware. Only specially 
crafted free-standing things which is pretty much just bios/efi, 
bootloaders, kernels, and memtest86. Not ls for instance.

I'm familiar with binfmt since I used to use iBCS and then linux-abi 
ages ago to run SCO binaries on linux, and similarly to run linux 
binaries within lxrun on SCO, and similarly osrcompat to run unixware 
binaries on open server and vice-versa, and linux on freebsd, etc ...)

But in all those cases, the following always is true:

* The executables have the same cpu instruction set as the host kernel.

* The executables have the same endianness as the host kernel and 
filesystem and utilities.

And at least one or more of the following is also always true:

* The emulation layer explicitly goes to lengths to handle various 
unavoidable differences and conflicts. Like remapping syscalls that take 
different numbers or types of arguments, and exhibit different behavior, 
even though they are named the same and do nominally the same job. 
Faking various system level environmental things like fake device nodes, 
/proc entries, etc... maybe cpu registers or memory/io addresses too I 
don't know everything but I know it's not exactly trivial or ignorable.

* The emulation layer provides fail-as-graceful-as-possible stubs for 
things that can't or haven't yet been really translated.

* Users of the emulation layer simply know that only a small subset of 
things will actually work. Anything might have any sort of problem, and 
if it breaks you get to keep the pieces. It's useful in a few very 
special cases and requires significant hacks and workarounds and 
compromises, but isn't generally useful.

I mean it's not just a few things, it's things everywhere you turn, 
filesystems that return values

Re: [Lxc-users] Control panel

[Brian K. White]

On 3/16/2011 5:11 AM, Geordy Korte wrote:
 On Tue, Mar 8, 2011 at 12:42 PM, Stuart Johnson stu...@stu.org.uk
 mailto:stu...@stu.org.uk wrote:


   maybe just define what you want. Gathering ideas could/would inspire
   someone to implement it.

 Ideally I want a simple ncurses application that shows you what
 containers are active, and allows simple functionality, such as create,
 start, stop and configure settings.  Super easy to install, and runs
 from the ssh console. No need for web servers, or opening up special
 ports.

 Hello,

 Had some time to spare and decided that I would pitch in. Attached a
 simple dialog system that will allow you to start/stop an lxc container
 and open the console.  It's really really really early (lol took me 5
 minutes) but let me know if this is what you are looking for and if so
 what you would like to have added to it.

 You need the dialog package for this to work:
 apt-get install dialog
 --
 Geordy Korte

This is a great start.

Although it's true what has been said that a real curses (or other 
compiled) app will ultimately be able to do a lot more by using liblxc, 
I really want to build on this in the mean time. I already have several 
things I want to do to it to use in conjunction with my inid.d script 
for openSUSE.

With almost trivial additions I could have it integrate with my 
particular config scheme so that this could also:

* start/stop all containers
* mark a container as enabled/disabled for automatic start at (host) boot
* display per/container status like process list
* poor-mans-top that adds a column to show what container a process 
belongs to
* display other misc info that's handy for the host admin, like the 
ip's/bridges/vlans associated with each container, rootfs and other 
mounts, etc.
* display/edit container config

With somewhat more work I could add:

* a wizard to create new containers (very simple at first, where it only 
creates one kind of container system)
* iotop-alike that shows container
* iftop-alike that shows container
* wall one or all containers

Can we put this up in a google code project, or do you mind if I do it?

A few of the things I want will be specific to openSUSE, or rather, 
specific to how I chose to do my init.d, since there is no standard yet, 
I just made up my own. But I still think it shouldn't be too hard to 
make this distribution agnostic. The wizard to create a container will 
just use template scripts and I'll just supply an openSUSE template 
script. The init.d integration is the only thing that will be really 
distribution specific but that is very simple.

I'd love to get a few more things into it and include it into my rclxc 
package for openSUSE or make it it's own package.

-- 
bkw

--
Enable your software for Intel(R) Active Management Technology to meet the
growing manageability and security demands of your customers. Businesses
are taking advantage of Intel(R) vPro (TM) technology - will your software 
be a part of the solution? Download the Intel(R) Manageability Checker 
today! http://p.sf.net/sfu/intel-dev2devmar
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] updated lxc template for debian squeeze - with attachedscript ; )

[Brian K. White]

On 3/11/2011 10:14 AM, Michael H. Warfield wrote:
 On Thu, 2011-03-10 at 19:09 +, Walter Stanish wrote:
 ...  I have read up on the OUI documentation and
 looking at the detail on the site LXC could opt for a 32bit OUI which 
 would
 cost $600 for one block. The dev guys might want to setup a pledge 
 program...

 I will pay for it.

 I too am willing to pay the whole thing, so, halvsies? Or see how many
 others want to split even?

 Sounds good.  I guess we can nominate you as the finance go-to on this
 one then :)

 Let us know details when they emerge.

 Can someone explain to me why we can't simply use a block of addresses
 with the 0200 (local administration) bit or'ed in.  Out of 48 bits of
 addressing, we can use 46 bits of them for anything we want as long as
 that bit is set and the 0100 bit (multicast) is clear.  By the standard,
 those are locally managed and allocated MAC addresses that are not
 guaranteed to be globally unique.  They don't even need to be unique in
 an entire network, only on the local subnet.  Use any convention you
 want.  Stuff the 32 bit IP address of the host in the lower 32 bits and
 you've still got 14 bits worth of assignable addressing per host.
 That's what that bit is intended for.

That is exactly what I do myself.

I'm not sure there is a specific need for a recognizable lxc address 
space, but exactly the same thing could be said about xen and for some 
reason they have one. I don't claim it's necessary I just claim three 
things:

1) It wouldn't hurt.

2) It's cheap enough in both cash and time not to matter, more than 
enough volunteers have already presented themselves.

3) I don't presume that because I don't perceive a reason, that no 
reason exists.

One scenario I envision off-hand would be that automated vmware tools 
and xen tools and lxc tools could each provision addresses from their 
own spaces and guaranteed never step on each others toes.

-- 
bkw

--
Colocation vs. Managed Hosting
A question and answer guide to determining the best fit
for your organization - today and in the future.
http://p.sf.net/sfu/internap-sfd2d
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] Control panel

[Brian K. White]

On 3/10/2011 9:04 PM, Stuart Johnson wrote:

 Meaning you think python would be too heavyweight?
 Certainly as one approaches the embedded end of the spectrum, there's
 something to be said for avoiding dependencies on large (compared to
 busybox ash) interpreters.  It'd be neat if I could deploy per-service
 containers on, say, a router with an 8MB MTD and 32MB RAM, and using
 python/perl/ruby/whatever would make that harder.  Mybe lua would be
 a better fit; I tend to stick to busybox ash, since it's already there.

 Perhaps we should be asking first, should an ncurses control panel be
 part of LXC or a separate project?  If it's the latter, then its rather
 immaterial, although personally I would love it to be part of LXC.  I
 want to able to install LXC on any Linux box, and start managing
 containers with the least amount of effort.

The embedded example just shows how everyones needs are very different.
I can see that wanting the lightest of non-interactive shell scripts run 
as cgi from a web server and all ui done via browser, or possibly run 
directly by the web server from a built-in mod_php or such with no use 
for ncurses at all.

I say let the main lxc package just continue to make better 
non-interactive command line tools, and let all higher level front-ends 
be separate packages written in whatever language(s) the authors like, 
serving whatever diverse special purposes they may.

Ideally of course would be to improve libvirt and/or other virt managers 
add lxc support to them and modify lxc relatively little just to 
facilitate that where indicated.

-- 
bkw

--
Colocation vs. Managed Hosting
A question and answer guide to determining the best fit
for your organization - today and in the future.
http://p.sf.net/sfu/internap-sfd2d
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] How are pseudorandom MACs selected?

[Brian K. White]

On 2/2/2011 6:20 AM, Daniel Lezcano wrote:
 On 02/02/2011 10:26 AM, Trent W. Buck wrote:
 For each lxc.network.type = veth, if you DON'T specify an
 lxc.network.hwaddr, you get one assigned at random (example below).

 Are these assignments made from a reserved range (a la 169.254/16 in
 IPv4), or are they randomized across the entire address space?  AFAICT,
 it MUST be the latter.

 Further, when manually allocating a static hwaddr (so I can map it to an
 IP within the DHCP server),

 The dhcp relies on an identifier to map the IP, the default is to use
 the mac address but you can use another identifier like the hostname for
 example. AFAIR, there is an option in the system network configuration
 scripts to send the hostname for the dhcp requests.

is there any particular range I should avoid
 or stick to?

 This is how the kernel allocates the mac address.

 /**
* random_ether_addr - Generate software assigned random Ethernet address
* @addr: Pointer to a six-byte array containing the Ethernet address
*
* Generate a random Ethernet address (MAC) that is not multicast
* and has the local assigned bit set.
*/
 static inline void random_ether_addr(u8 *addr)
 {
   get_random_bytes (addr, ETH_ALEN);
   addr [0]= 0xfe;   /* clear multicast bit */
   addr [0] |= 0x02;   /* set local assignment bit (IEEE802) */
 }


 Maybe you can use the mac address range used for the virtual nic of vmware.

I just use 02:00:ip address which ends up being automatically unique 
enough to not collide with anything else on your subnet assuming you 
already know the ip's you want to use

IP=192.168.0.50   # container nic IP
HA=`printf 02:00:%x:%x:%x:%x ${IP//./ }` # generate a MAC from the IP

The assumption is that you are already prepared to manage IP's somehow 
and wish the MAC's would be automatic yet at least relatively stable to 
keep from breaking things too often that track macs. So this way as you 
provision vm's, the macs will never collide without you having to 
actually track them manually, yet they aren't generated randomly and 
they stay the same as long as a given vm's ip stays the same.

-- 
bkw

--
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] release candidate for lxc

[Brian K. White]

On 2/1/2011 5:22 AM, Daniel Lezcano wrote:
 Hi All,

 The lxc-0.7.4 version will be released very soon.

 I suppose most of you are using the version 0.7.3, not the dev version.
 Before releasing this new version, I would like to release a pre-version
 and that will be very nice if you can check this version is ok for you,
 especially the mount regression we had with the 0.7.3.

 Thanks in advance
 -- Daniel

Works for me.

I'm currently on 0.7.2 not 0.7.3 because of the breakage, but I had no 
problems building/installing/trying 0.7.3 and am just as ready to try a 
new version any time.

Do I just grab the current latest git version now or will you post a 
specific version to get?

-- 
bkw

--
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] An application container for apache?

[Brian K. White]

On 1/20/2011 10:29 AM, Sergio Daniel Troiano wrote:
 Andre,

 I'm using Slackware and i've compiled lxc-7.2 because when i tried to
 use lxc-7.3 i couldnt mount anything within the container.

 You have to create a root enviroment , i use /container, here are all
 shared files and directories (/usr, /bin, /etc and so on)
 besides you must create no-shared directories (for example apache logs)
 you'll mount them when you start the container.

 You can use DEBUG mode when you start the container lxc-start -n web -d
 -lDEBUG -o log_debug_file -f lxc.conf
 i use 2 config files , the first one is lxc.conf

 lxc.utsname = web
 lxc.mount = config.fstab
 lxc.rootfs = /container
 lxc.tty = 12
 lxc.pts = 1024
 lxc.cgroup.cpuset.cpus = 0,1,2,3,4,5,6,7
 lxc.network.type = veth
 lxc.network.flags = up
 lxc.network.link = br0
 lxc.network.name = eth0
 lxc.network.ipv4 = 192.168.1.241/24
 lxc.cgroup.devices.allow = a

 The second one is config.fstab


 ## Apache logs, fcgid
 /home/skel.containers/web/usr/local/apache2/logs
 /container/usr/local/apache2/logs bind defaults,bind 0 0
 ## Apache conf
 /home/skel.containers/web/usr/local/apache2/conf
 /container/usr/local/apache2/conf bind defaults,bind 0 0
 none /container/proc proc defaults 0 0
 none /container/dev/pts devpts newinstance 0 0


 */Sergio D. Troiano/*
 /Development Team./


 /Av. de los Incas 3085/
 /(C1426ELA) Capital Federal/



 On Thu, 2011-01-20 at 13:51 -0200, Andre Nathan wrote:
 On Thu, 2011-01-20 at 11:44 -0200, Sergio Daniel Troiano wrote:
   Sure but there are a lot of things i have found about lxc , how far
   are you? where are you  stuck?

 I'm just beginning with LXC... I have tried to use the lxc-sshd script
 as a starting point but I still haven't got it to work yet.

 Do you have apache starting up as a normal user? Are you using read-only
 bind mounts? Which directories did you have to make user-specific, and
 which are shared by the host and the containers?

 Thanks a lot,
 Andre

I've been unable to use 7.3 also, at least with my existing 7.2 configs.

I assume it must work, and only the developer who changed it knows how 
to make it work after that change.

I'd like a description of that here or somewhere so I can stay up to 
date. I saw only an unclear answer to a similar question a while back.
Something about the mount paths being relative to some other context 
than before, but it wasn't explained exactly what needs to be specified 
relative to what.

I haven't tried to deduce it by trial  error since I need all my 
working lxc hosts to actually work at the moment, so they have to keep 
running 7.2. I haven't had time to set up a new lxc host purely for 
testing that I can try 7.3 on without disturbing the production boxes.

-- 
bkw

--
Protect Your Site and Customers from Malware Attacks
Learn about various malware tactics and how to avoid them. Understand 
malware threats, the impact they can have on your business, and how you 
can protect your company and customers by using code signing.
http://p.sf.net/sfu/oracle-sfdevnl
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

[Lxc-users] multi-homed host

[Brian K. White]

Shouldn't I be able to have two different nics on a host, on two 
different, unrelated, public networks, and have two bridge devices on 
the host, and some containers on one bridge and some containers on the 
other bridge, and have all containers be able to talk to their 
respective internet connections regardless which nic happens to be the 
default gateway fro the host?

Host setup:

eth0 - 10.0.0.x - lan with other 10.0.0.x machines

eth1 - br0 - a.a.a.x - public wan 1 , cable modem

eth2 - br1 - b.b.b.x - public wan 2 , fios

ip forwarding is enabled

eth0 lan works fine.
The host talks to other 10.0.0.x boxes via this with no problem.

eth1/br0 works fine.
The hosts's default gateway is a.a.a.1
The host talks to the internet  vice/versa just fine via this.

eth2/br1 works fine from the hosts point of view.
other b.b.b.x machines are reached directly via this, not routing over 
eth1/br0.

Containers:

Containers with a.a.a.x ip's work fully and as expected.
They can reach the internet and the internet can reach them.
These containers have a.a.a.x ips and their default gw is a.a.a.1

Containers with b.b.b.x addresses do not work fully.
These have b.b.b.x ip's and default gw b.b.b.1
They can see the host and each other on the same host, and they can even 
see other neighboring b.b.b.x hosts, external to the host, but on the 
same physical local switch where traffic does not have to go out of the 
switch up to the b.b.b.1 default gateway.
(b.b.b.1 is on the other end of the fios line, not on premises and not 
owned or operated by me but by verizon)

None of the hosts nor the switch has any vlans or tagging other than the 
default vlan id is 1 in the switch when left undefined.
Software firewalls are disabled in the hosts and containers at least for 
now while still trying to figure this out.

What in the world could allow a container in the host talk outside the 
host well enough to talk to other neighboring hosts on the same switch, 
but but just not be able to reach the default gateway outside the 
switch? It's like the gateway has firewalled certain ip's and not 
others, but the ips actually work fine if put on a laptop directly or if 
the hosts default gateway and nameserver are switched over to the 
b.b.b.x network. Say the host br1 is b.b.b.50 and a container is 
b.b.b.60, and there is one single switch connecting 4 things
b.b.b.1 - default gateway on other end of uplink
b.b.b.40 - neighboring host, regular traditional server, single ip.
b.b.b.41 - neighboring host, regular traditional server, single ip.
b.b.b.50 - the host
b.b.b.51 - container 1 on host
b.b.b.52 - container 2 on host
All but the container are plugged into the same single switch, but .50 
and .51 are on the same bridge on the host.

The host .50 can ping and be pinged by all, itself, it's containers, 
neighboring hosts, containers inside neighboring hosts, and the gateway.

The container .51 can ping .50, .52, and .40 and .41, but not .1 !
How in the world can .51 reach across the hosts br1 and across the 
switch to .41, and yet not do exactly the same thing for .1 which is 
exactly the same number and forms of hops away ?

I've already called verizon tech support and they just said their equip 
ony reports all well, and I tested all ip's with a laptop directly on 
the b.b.b.x ethernet drop and they all worked fine that way , and 
swapped out my switch for another one just for the heck of it, so I'm 
down to config in my lxc hosts as the culprit.

About the only consistent pattern I can find is the hosts default 
gateway. The only the containers that work fully are the ones that 
happen to use the same gateway as the host, but if a bridge interface is 
just a software switch then why should the hosts default gateway 
setting matter at all to the containers ability to talk across it?

-- 
bkw


--
Lotusphere 2011
Register now for Lotusphere 2011 and learn how
to connect the dots, take your collaborative environment
to the next level, and enter the era of Social Business.
http://p.sf.net/sfu/lotusphere-d2d
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] regular lxc development call?

[Brian K. White]

On 12/13/2010 1:03 PM, Stéphane Graber wrote:
 On Tue, 2010-11-30 at 03:06 +, Serge E. Hallyn wrote:
 Quoting Daniel Lezcano (daniel.lezc...@free.fr):
 On 11/29/2010 03:53 PM, Serge E. Hallyn wrote:
 Hi,

 at UDS-N we had a session on 'fine-tuning containers'.  The focus was
 things we can do in the next few months to improve containers.  The
 meeting proeedings can be found at
 https://wiki.ubuntu.com/UDSProceedings/N/CloudInfrastructure#Make%20LXC%20ready%20for%20production

 We have a few work items written down at
 https://blueprints.edge.launchpad.net/ubuntu/+spec/cloud-server-n-containers-finetune
 The list is flexible fwiw, but we thought it might help to have a regular
 call, perhaps every other week, to discuss work items, their design,
 and their progress.  For some features like reboot/shutdown, I think
 design still needs discussion.  For other things, it's more important
 that we just discuss who's doing what and what's been done.

 Is there interest in having such a call?


 Yep, IMO it is a good idea.

 I suspect most of the containers work now is purely volunteer driven,
 so a free venue seems worthwhile.  Should we do this over skype?  IRC?
 Does someone want to set up a conference number?


 I don't have a conf number, if anyone has one that will be great,
 otherwise I am fine with skype or irc.

 Looks like we'll be starting small anyway, so let's just try skype.  Anyone
 interested in joining, please send me your skype id.

 What is a good time?  I'll just toss thursday at 9:30am US Central time
 (15:30 UTC) out there.

 -serge

 I'd like to attend that call, Skype ID: stgraber

 Depending on how many people are going to attend and where they're from,
 I might be able to provide a conf number.
 I asked my company (Revolution Linux) and we can use our 1-800 number
 for the call. I can also invite people from other countries as long as
 they are on landline.

 9:30am central is a bit early for me as I tend to arrive at the office
 around 10am central (9am eastern).

 I'm usually around from 9am eastern to 11:30am and 12:30pm to 5:30pm.
 Monday being usually quite busy so would like to avoid if possible :)

 I guess it might be useful to have a list somewhere (wiki ?) of people
 who'd like to attend with availabilities and timezone.

I would like to lurk on that.
I don't have a skype account and would have preferred irc but I'll get a 
skype account.

I'm currently using lxc in limited forms of production (production that 
must work, but can tolerate occasional down time, apologies, growing 
pains) using that as a way to create and then improve 
distribution-specific packaging and integration in opensuse. Using that 
as a stepping stone to real production later where customers will 
actually run on lxc vm's and they must work well enough that I never 
have to apologize to a customer.

I'm not affiliated with opensuse, but no one else is writing any distro 
integration yet so my build service packages and opensuse wiki article 
are pretty much all there is for opensuse yet.

As you said, several startup/shutdown issues need to be discussed 
further to arrive at a general consensus for best practice and most 
expected behavior, which is where my interest lies at the moment. C/R 
will be nice but it's too far off for me to use practically although I 
think some of the userspace glue is within my areas of interest and ability.

-- 
bkw

--
Lotusphere 2011
Register now for Lotusphere 2011 and learn how
to connect the dots, take your collaborative environment
to the next level, and enter the era of Social Business.
http://p.sf.net/sfu/lotusphere-d2d
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] regular lxc development call?

[Brian K. White]

skype ID brian.kenyon.white

-- 
bkw

--
Lotusphere 2011
Register now for Lotusphere 2011 and learn how
to connect the dots, take your collaborative environment
to the next level, and enter the era of Social Business.
http://p.sf.net/sfu/lotusphere-d2d
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] On clean shutdown of Ubuntu 10.04 containers

[Brian K. White]

... 
 done

nj10:~ # rclxc status
Checking for LXC containers... 
 unused

nj10:~ # rclxc list
Listing LXC containers...
'vps001' is STOPPED
'vps002' is STOPPED
'vps003' is STOPPED
'vps004' is STOPPED
'vps005' is STOPPED
'vps006' is STOPPED
'vps007' is STOPPED
'vps008' is STOPPED
'vps009' is STOPPED
'vps011' is STOPPED
'vps012' is STOPPED
'vps013' is STOPPED
nj10:~ # time rclxc start
Starting LXC containers... 
 done


real0m0.242s
user0m0.012s
sys 0m0.000s
nj10:~ # rclxc list
Listing LXC containers...
'vps001' is RUNNING
'vps002' is RUNNING
'vps003' is RUNNING
'vps004' is RUNNING
'vps005' is RUNNING
'vps006' is RUNNING
'vps007' is RUNNING
'vps008' is RUNNING
'vps009' is RUNNING
'vps011' is RUNNING
'vps012' is RUNNING
'vps013' is RUNNING
nj10:~ # screen -r vps013

INIT: version 2.88 booting
INIT: Entering runlevel: 3
blogd: can not set console device to /dev/pts/34: Device or resource busy
Master Resource Control: previous runlevel: N, switching to runlevel:3
Initializing random number generator done
Starting syslog services done
Starting D-Bus daemondone
No keyboard map to load
Loading compose table winkeys shiftctrl latin1.add   done
Stop Unicode modedone
Setting up (localfs) network interfaces:
lo
loIP address: 127.0.0.1/8
  IP address: 127.0.0.2/8
lo   done
eth0
eth0  IP address: 71.187.206.90/24
eth0 done
Setting up service (localfs) network  .  .  .  .  .  .  .  .  .  .   done
Starting SSH daemon  done
Loading CPUFreq modules (CPUFreq not supported)
Starting HAL daemon  done
Setting up (remotefs) network interfaces:
Setting up service (remotefs) network  .  .  .  .  .  .  .  .  .  .  done
Re-Starting syslog services  done
Starting auditd The audit system is disabled
 done
Starting incron  done
Starting mail service (Postfix)  done
Starting CRON daemon done
Starting rpcbind done
Starting rsync daemondone
Starting smartd  unused
Starting vsftpd  done
Starting INET services. (xinetd) done
Master Resource Control: runlevel 3 has been reached
Skipped services in runlevel 3:splash smartd

Welcome to openSUSE 11.3 Teal - Kernel 2.6.37-rc3-3-default (console).


nj10-013 login:

[detached]
nj10:~ # time rclxc stop
Shutting down LXC containers... 
 done


real0m8.537s
user0m0.048s
sys 0m0.124s
nj10:~ # rclxc list
Listing LXC containers...
'vps001' is STOPPED
'vps002' is STOPPED
'vps003' is STOPPED
'vps004' is STOPPED
'vps005' is STOPPED
'vps006' is STOPPED
'vps007' is STOPPED
'vps008' is STOPPED
'vps009' is STOPPED
'vps011' is STOPPED
'vps012' is STOPPED
'vps013' is STOPPED
nj10:~ # screen -ls
No Sockets found in /var/run/screens/S-root.
nj10:~ # lxc-ps --lxc auxwww
CONTAINER  USER   PID %CPU %MEMVSZ   RSS TTY  STAT START 
TIME COMMAND

nj10:~ #


--
bkw
#!/bin/sh
# /etc/init.d/lxc
#   and its symbolic link
# /usr/sbin/rclxc
#
# System startup script for LXC containers.
# For lxc 0.7.2 which doesn't require an external monitor process to perform
# the lxc-stop when a containers init process requests init 0|1|6 .
#
# 20101108 - Brian K. White - br...@aljex.com
#
### BEGIN INIT INFO
# Provides:  lxc
# Required-Start:$ALL
# Should-Start:
# Required-Stop: $ALL
# Should-Stop:
# Default-Start: 3 5
# Default-Stop:  0 1 2 6
# Short-Description: LXC Linux Containers
# Description:   Start/Stop LXC containers.

### END INIT INFO

. /etc/rc.status

LXC_ETC=/etc/lxc
LXC_SRV=/srv/lxc
CGROUP_MOUNT_POINT=/var/run/lxc/cgroup
CGROUP_MOUNT_NAME=lxc
CGROUP_MOUNTED=false
CGROUP_RELEASE_AGENT=/usr/sbin/lxc_cgroup_release_agent
LXC_CONF=${LXC_ETC}/lxc.conf
[[ -s $LXC_CONF ]]  . $LXC_CONF

# Various possible overrides to cgroup mount point.
# If kernel supplies cgroup mount point, prefer it.
[[ -d /sys/fs/cgroup ]]  CGROUP_MOUNT_POINT=/sys/fs/cgroup 
CGROUP_MOUNT_NAME=cgroup
# If cgroup already mounted, use it no matter where

Re: [Lxc-users] On clean reboot of Ubuntu 10.04 containers

[Brian K. White]

On 12/6/2010 3:01 AM, Trent W. Buck wrote:
 Trent W. Buck writes:

 This post describes my attempts to get clean shutdown of Ubuntu 10.04
 containers.  The goal here is that a shutdown -h now of the dom0
 should not result in a potentially inconsistent domU postgres database,
 cf. a naive lxc-stop.


In my previous note about parallel shutdowns, that same system also 
works for this too. User may ssh in to the container as root and issue 
shutdown-r now or shutdown -h now and it works as expected from 
their point of view. No cron job on the host. In lxc 0.6.5 you would 
have a watchdog process per container that uses inotify to be alerted 
the instant the containers runlevel file and/or cgroup tasks list file 
changed. I had that as just a shell function right in the init script. 
In 0.7.2 this is handled by lxc internally and is rather more reliable, 
since it was possible to break or kill the separate watchdog processes.

I think you are working harder than necessary for some things although 
it appears you have a legitimate problem with the upstart and tmpfs 
issue. Whether the fault is lxc's or ubuntu's in that case I can't say 
because ideally neither should have such a hard coded assumption.

-- 
bkw

--
What happens now with your Lotus Notes apps - do you make another costly 
upgrade, or settle for being marooned without product support? Time to move
off Lotus Notes and onto the cloud with Force.com, apps are easier to build,
use, and manage than apps on traditional platforms. Sign up for the Lotus 
Notes Migration Kit to learn more. http://p.sf.net/sfu/salesforce-d2d
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] On clean shutdown of Ubuntu 10.04 containers

[Brian K. White]

On 12/6/2010 3:34 PM, Michael H. Warfield wrote:
 On Mon, 2010-12-06 at 12:38 -0500, Brian K. White wrote:
 On 12/6/2010 2:42 AM, Trent W. Buck wrote:
 This post describes my attempts to get clean shutdown of Ubuntu 10.04
 containers.  The goal here is that a shutdown -h now of the dom0
 should not result in a potentially inconsistent domU postgres database,
 cf. a naive lxc-stop.

 As at Ubuntu 10.04 with lxc 0.7.2, lxc-start detects that a container
 has halted by 1) seeing a reboot event incontainer/var/run/utmp; or
 2) seeingcontainer's PID 1 terminate.

 Ubuntu 10.04 simply REQUIRES /var/run to be a tmpfs; this is hard-coded
 into mountall's (upstart's) /lib/init/fstab.  Without it, the most
 immediate issue is that /var/run/ifstate isn't reaped on reboot, ifup(8)
 thinks lo (at least) is already configured, and the boot process hangs
 waiting for the network.

 Unfortunately, lxc 0.7's utmp detect requires /var/run to NOT be a
 tmpfs.  The shipped lxc-ubuntu script works around this by deleting the
 ifstate file and not mounting a tmpfs on /var/run, but to me that is
 simply waiting for something else to assume /var/run is empty.  It also
 doesn't cope with a mountall upgrade rewriting /lib/init/fstab.

 More or less by accident, I discovered that I can tell lxc-start that
 the container is ready to halt by crashing upstart:

   container# kill -SEGV 1

 Likewise I can spoof a ctrl-alt-delete event in the container with:

   dom0# pkill -INT lxc-start

 I automate the former signalling at the end of shutdowns thusly:

   chroot $template_dir dpkg-divert --quiet --rename /sbin/reboot
   chroot $template_dir tee/dev/null /sbin/reboot-EOF
 #!/bin/bash
 while getopts nwdfiph opt
 do [[ f = \$opt ]]   exec kill -SEGV 1
 done
 exec -a $0 \$0.distrib \$@
 EOF
   chroot $template_dir chmod +x /sbin/reboot
   chroot $template_dir ln -s reboot.distrib /sbin/halt.distrib
   chroot $template_dir ln -s reboot.distrib /sbin/poweroff.distrib

 I use the latter in my customized /etc/init.d/lxc stop rule.
 Note that the lxc-wait's SHOULD be parallelized, but this is not
 possible as at lxc 0.7.2 :-(

 Sure it is.
 I parallelize the shutdowns (in any version, including 0.7.2) by doing
 all the lxc-stop in parallel without looking or waiting, then in a
 separate following step do a loop that waits for no containers running.

 Here is my openSUSE init.d/lxc:
 https://build.opensuse.org/package/files?package=lxcproject=home:aljex
 And the packages:
 http://download.opensuse.org/repositories/home:/aljex/*/lxc-0.7.2*.rpm

 It makes assumptions that are wrong for ubuntu and is more limited than
 you may want in terms of what it even tries to handle. But that's beside
 the point of parallel shutdowns.

 Also wrong for Fedora.

 * cgroup handling includes a particular stack of override logic for
 possible cgroup mount points that makes sense to me.
 - start with built-in default /var/run/lxc/cgroup, and name it lxc so
 as not to conflict with any other cgroup setup by default.
 - if you defined something in $LXC_CONF, prefer it over default
 - if kernel is providing /sys/fs/cgroup automatically, prefer that over
 either default or $LXC_CONF
 - if a cgroup named lxc is already mounted, prefer that over all else

 I'm not quite sure if I would put those last two in that order.
 Especially after the last little discussion over on LKML over the per
 tty cgroups in the kernel vs in user space, I think I would let the
 kernel defined /sys/fs/cgroup trump all else if it exists.  Something
 that's been mounted may not have been mounted with all the options you
 may want, but I'm not sure how much difference that's going to make.  I
 would think the kernel definition would be preferable.  Is there
 something specific you had in mind that would lead you to want to
 override that?

 * assumes lxc 0.7.2 because the script is part of a lxc-0.7.2 rpm
 - removes the shutdown/reboot watchdog functions that were needed in
 0.6.5 but are built in to 0.7.2 now.

 * only starts containers that are defined by $LXC_ETC/*/config

 Yeah, that's something where I wish we had an onboot and/or disabled
 config file like OpenVZ does.  So you can have some configured but that
 don't autoboot when you boot the system.  As that stands, you would have
 to rename or remove the config file.  :-P

 * only shuts down containers that it started

 I don't quite see that as happening literally as described.  Looks like
 it's going to shut down any container for which it can find a powerfail
 init, even if it was started by some other means, say manually.  It
 doesn't seem to be actually tracking what ones it started.  Granted,
 during normal operation, you're going to try to start everything with a
 config but it looks like it will shut down manually started containers
 as well, even if they are not listed with configs and would not even
 show up in your status

Re: [Lxc-users] Proposal for an FHS-compliant default guest filesystem location

[Brian K. White]

On 11/8/2010 1:14 PM, Michael H. Warfield wrote:
 On Mon, 2010-11-01 at 08:40 -0500, Serge E. Hallyn wrote:
 Quoting Walter Stanish (walter.stan...@saffrondigital.com):
 http://lxc.git.sourceforge.net/git/gitweb.cgi?p=lxc/lxc;a=commitdiff_plain;h=c01d62f21b21ba6c2b8b78ab3c2b37cc8f8fd265

 This commit only moves the location of the 'templates', which are
 just scripts that install a guest fs.  It doesn't/shouldn't move
 the location of the actual guest fs's.

 Therefore I humbly propose:
   - the establishment of /var/lib/lxc as the default top-level
 directory for guest filesystems

 AFAICS we are still using /var/cache/lxc right now.  Which I like
 better than /var/lib/lxc.  If it has 'lib' in the pathname, it should
 have libraries!

 Actually, I would beg to differ with you on that since it's in /var and
 that's where system applications write and store data.  Libraries
 (meaning linked libraries, dynamic and static) should be under /usr
 or /lib since they are not generally written to.  You could have
 libraries in there, I suppose, but I would not consider that the safest
 place for them and most of what you find there is not libraries, unless
 you mean libraries in the sense of libraries of files as in a
 collection of files, which is another sense of the word.  But then,
 that would certainly be an applicable location for the machine
 configuration files as now.

 Mailman is another example application which keeps most of its python
 code under /usr/lib/mailman while longer term storage of lists,
 archives, and databases are stored in /var/lib/mailman.

 Samba is another fine example of this and, in fact, we (the Samba team)
 and the distros moved away from using /var/cache/samba for things like
 the tdb databases and storing extraneous data such as Windows device
 drivers the server can serve up.

 Personally, I like and use /srv/lxc for my VMs and don't see any
 conflict with the FHS.  It is, after all, a site local configuration
 sort of thing that gets set up when you build the images and comprises,
 potentially, entire FHS-like sub hierarchies for the VMs.

(eg: /var/lib/lxc/guestname)
   - all use of /etc/lxc/guestname/rootfs should be considered deprecated

 For the cgroup mount point, I've been using /var/lib/cgroup and I think
 (believe) that was the consensus of a discussion quite some time ago and
 is what's recommended in some howtos.  For the container mount-points
 and storage of the registered configuration files(s), /var/lib/lxc works
 just fine and would be in agreement with the strategy if /var/lib/cgroup
 for the cgroups, IMHO.

Why in the world would you want to break the ability to safely back up 
just /etc and know that you got practically everything needed to 
re-create a server without having to back up the entire server full of 
redundant junk that would be better to come from new install media?

Yes there are already special cases that break this assumption but they 
are few and should be reduced and avoided not embraced and increased.

I have rsync/backup scripts that just grab /etc, /home, /srv, and a 
couple application specific data dirs, and this not only makes my 
backups (and restores, and migrations, and clones) small and fast, it 
makes it easier to move to newer versions of the distribution, different 
cpu platforms, and even different OS's.

I'd like config files in /etc/lxc/guestname/config just like most 
other things work.

/srv/lxc sounds good to me for the rootfs's for the same reason I want 
/etc/lxc for the configs.

cgroups is another issue.
/cgroup makes sense because of /proc /sys /dev etc, but there are also 
/dev/pts and /sys/kernel/debug etc so mounting kernel virtual fs's on / 
is not universal.

I think, just talking about the undifferentiated (distribution agnostic) 
default here, it might make sense to have a lxc-specific cgroup mount 
point in one of:
/var/run/lxc/cgroup
/var/lxc/cgroup
This way lxc can organize itself and tend to it's own needs without 
caring how/where/if the distribution mounts a generic system cgroup fs 
or not. Your lxc start/stop/status scripts can safely know the location 
of the mount, and can safely write the notify/release options and/or 
delete the unused cgroups itself and/or lxc-stop/start could manipulate 
them itself safely too.

And the expect and encourage most distributions to override that with 
their particular system wide generic or separate cgroup mount points 
organized according to their particular design principles.

The special empty directory for the pivot_root mount point should 
probably be in /usr/lib/lxc as was discussed some time ago. (I don't 
remember if that's what was decided, just that it was discussed)

-- 
bkw

--
The Next 800 Companies to Lead America's Growth: New Video Whitepaper
David G. Thomson, author of the best-selling book Blueprint to a 
Billion shares his insights and actions to help propel your 

Re: [Lxc-users] can't restart container without rebooting entire host, because can't delete cgroups files, tasks is 0

[Brian K. White]

On 11/8/2010 1:32 PM, Serge Hallyn wrote:
 Quoting Brian K. White (br...@aljex.com):
 But also, since upgrading to kernel 2.6.36 (and already using lxc 0.7.2)
 I haven't had to delete any cgroups manually anyways. It's probably not
 my release_agent because I just noticed I didn't have a working
 release_agent (no output in it's log, probably because the script wasn't
 chmod 755)

 It's only been a couple days and only a few starts/stops while working
 on a new start/stop/status init script though.

 Hm, really?  Can you please let me know if that continues to be the
 case?  If it is, then I won't bother with a patch for lxc.  Really,
 since it'll drop ns cgroup support anyway, I suppose the patch might
 not be worthwhile anyway.

 (I ran my test on a 2.6.35 kernel)


I might be full of crap. I forgot that I had added the find -delete 
command in the and of the stop) section of my new lxc init script, I 
will test more diligently and report back.

-- 
bkw

--
The Next 800 Companies to Lead America's Growth: New Video Whitepaper
David G. Thomson, author of the best-selling book Blueprint to a 
Billion shares his insights and actions to help propel your 
business during the next growth cycle. Listen Now!
http://p.sf.net/sfu/SAP-dev2dev
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

[Lxc-users] can't restart container without rebooting entire host, because can't delete cgroups files, tasks is 0

[Brian K. White]

I have lxc 0.7.2 on openSUSE 11.2, which is kernel 2.6.31

I get this all the time on my other boxes which up to now have been lxc 
0.6.5 on the same kernel, but I've lived with it by just trying to never 
reboot containers, and only using containers for services that can stand 
to be rebooted so that I can actually reboot the host and thus all 
containers if I have to.

Now I have a few containers on another box with lxc 0.7.2 and the user 
of one of the containers tried to reboot his vps and it can't restart 
because there are cgroups files that can't be deleted. tasks file is 
empty in that cgroups directory,
nj9:~ # cat /cgroup/nj10-014/tasks |od
000
nj9:~ #
but there are several pid subdirectories with files in each. They can't 
be deleted.
lxc-ps -elf shows no processes in that container.

lxc-ls shows no containers at all, although definitely one other 
container is running and working and has processes in lxc-ps.

And I can't really reboot the host this time without telling a lot of 
paying customers to get out and stop working for a while.

I could probably get this container back up temporarily by just renaming 
it so it doesn't collide with the stale cgroups files, but the question 
is, I thought this was fixed? was it a kernel bug and I need a newer 
kernel to clear this up ?

-- 
bkw

--
The Next 800 Companies to Lead America's Growth: New Video Whitepaper
David G. Thomson, author of the best-selling book Blueprint to a 
Billion shares his insights and actions to help propel your 
business during the next growth cycle. Listen Now!
http://p.sf.net/sfu/SAP-dev2dev
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] can't restart container without rebooting entire host, because can't delete cgroups files, tasks is 0

[Brian K. White]

On 11/5/2010 1:34 PM, Serge E. Hallyn wrote:
 A few comments:

 1. To remove the directories, rmdir all descendent directories.  I'd
 think something like 'find . -type d -print0 | xargs rmdir' would
 do.

I can't delete _anything_ in there. Not a file, let alone a directory 
with or without files. Of course I tried that.

 2. You can prevent this from happening by using a notify-on-release
 handler.

How will it delete a file I can not? But I do remember the discussion 
about that a while ago and I did forget to set that up on this new box 
so I'll do that also, but I can't see how it will fix the root problem 
of not being able to delete the files.

 3. This should stop happening when lxc (soon) switches to using the
 clone-child cgroup helper instead of the ns cgroup.

Here's hoping. Thanks.

-- 
bkw

--
The Next 800 Companies to Lead America's Growth: New Video Whitepaper
David G. Thomson, author of the best-selling book Blueprint to a 
Billion shares his insights and actions to help propel your 
business during the next growth cycle. Listen Now!
http://p.sf.net/sfu/SAP-dev2dev
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] can't restart container without rebooting entire host, because can't delete cgroups files, tasks is 0

[Brian K. White]

On 11/5/2010 1:34 PM, Serge E. Hallyn wrote:
 A few comments:

 1. To remove the directories, rmdir all descendent directories.  I'd
 think something like 'find . -type d -print0 | xargs rmdir' would
 do.
 2. You can prevent this from happening by using a notify-on-release
 handler.
 3. This should stop happening when lxc (soon) switches to using the
 clone-child cgroup helper instead of the ns cgroup.

 -serge


Just to make it clear...

nj9:~ # lxc-stop -n nj10-014
nj9:~ # lxc-info -n nj10-014
'nj10-014' is STOPPED
nj9:~ # lxc-destroy -n nj10-014
'nj10-014' does not exist
nj9:~ # lxc-ps -elf |grep nj10-014
0 S root  3037 32341  0  80   0 -   579 pipe_w 14:25 
pts/400:00:00 grep nj10-014
nj9:~ #
nj9:~ # rm -vrf /cgroup/nj10-014
rm: cannot remove `/cgroup/nj10-014/19237/3/cpuset.memory_spread_slab': 
Operation not permitted
rm: cannot remove `/cgroup/nj10-014/19237/3/cpuset.memory_spread_page': 
Operation not permitted
[...]
rm: cannot remove `/cgroup/nj10-014/net_cls.classid': Operation not 
permitted
rm: cannot remove `/cgroup/nj10-014/notify_on_release': Operation not 
permitted
rm: cannot remove `/cgroup/nj10-014/tasks': Operation not permitted
nj9:~ #

I don't know how to track down if there is possibly some process that is 
part of the cgroup even though lxc-ps doesn't show any.
Examine every single process and verify that it's part of the host or 
another container until I find one I can't account for?

Since this happens to me all the time and on different hosts (albeit 
using the same kernel versions and other software all configured the 
same way) I can't believe this doesn't happen to many others and I'm 
surprised I don't see more acknowledgment of the issue here. I see other 
people reporting the problem, but I also see the responses simply say to 
delete the files, which, we can't do.

So i wonder is my configuration and usage simply wrong? I'm using very 
simple config files copied from the veth samples.

nj9:~ # find /etc/lxc/nj10-010 -type f |xargs -tn1 cat
cat /etc/lxc/nj10-010/fstab
none /lxc/nj10-010/dev/pts devpts defaults 0 0
none /lxc/nj10-010/procproc   defaults 0 0
none /lxc/nj10-010/sys sysfs  defaults 0 0
none /lxc/nj10-010/dev/shm tmpfs  defaults 0 0
cat /etc/lxc/nj10-010/config
lxc.utsname = nj10-010
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0
lxc.network.hwaddr = 02:00:47:bb:ce:56
lxc.network.ipv4 = 71.187.206.86/24
lxc.network.name = eth0
lxc.mount = /etc/lxc/nj10-010/fstab
lxc.rootfs = /lxc/nj10-010
nj9:~ #


How are you not having the same problem?

-- 
bkw

--
The Next 800 Companies to Lead America's Growth: New Video Whitepaper
David G. Thomson, author of the best-selling book Blueprint to a 
Billion shares his insights and actions to help propel your 
business during the next growth cycle. Listen Now!
http://p.sf.net/sfu/SAP-dev2dev
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] can't restart container without rebooting entire host, because can't delete cgroups files, tasks is 0

[Brian K. White]

On 11/5/2010 4:20 PM, Serge E. Hallyn wrote:
 Quoting Brian K. White (br...@aljex.com):
 I don't know how to track down if there is possibly some process that is
 part of the cgroup even though lxc-ps doesn't show any.
 Examine every single process and verify that it's part of the host or
 another container until I find one I can't account for?

 Does find /cgroup -name tasks -print0 | xargs cat show anything?


It shows a bezillion things, but what does that prove?

Did you mean just for the bad container?

find /cgroup/nj10-014 -name tasks -print0 | xargs -0 cat
produces no output.

This is a clearer picture:

nj9:~ # find /cgroup/nj10-014 -name tasks -print0 | xargs -t0n1 cat
cat /cgroup/nj10-014/19237/3/tasks
cat /cgroup/nj10-014/19237/2/tasks
cat /cgroup/nj10-014/19237/tasks
cat /cgroup/nj10-014/19206/3/tasks
cat /cgroup/nj10-014/19206/2/tasks
cat /cgroup/nj10-014/19206/tasks
cat /cgroup/nj10-014/19064/3/tasks
cat /cgroup/nj10-014/19064/2/tasks
cat /cgroup/nj10-014/19064/tasks
cat /cgroup/nj10-014/19061/2/tasks
cat /cgroup/nj10-014/19061/tasks
cat /cgroup/nj10-014/19056/2/tasks
cat /cgroup/nj10-014/19056/tasks
cat /cgroup/nj10-014/16826/2/tasks
cat /cgroup/nj10-014/16826/tasks
cat /cgroup/nj10-014/16818/2/tasks
cat /cgroup/nj10-014/16818/tasks
cat /cgroup/nj10-014/6363/2/tasks
cat /cgroup/nj10-014/6363/tasks
cat /cgroup/nj10-014/6360/2/tasks
cat /cgroup/nj10-014/6360/tasks
cat /cgroup/nj10-014/2845/2/tasks
cat /cgroup/nj10-014/2845/tasks
cat /cgroup/nj10-014/2842/2/tasks
cat /cgroup/nj10-014/2842/tasks
cat /cgroup/nj10-014/tasks
nj9:~ #

nj9:~ # find /cgroup/nj10-014 -name tasks -print0 | xargs -0 ls -l
-rw-r--r-- 1 root root 0 2010-11-03 09:36 /cgroup/nj10-014/16818/2/tasks
-rw-r--r-- 1 root root 0 2010-11-03 09:36 /cgroup/nj10-014/16818/tasks
-rw-r--r-- 1 root root 0 2010-11-03 09:38 /cgroup/nj10-014/16826/2/tasks
-rw-r--r-- 1 root root 0 2010-11-03 09:38 /cgroup/nj10-014/16826/tasks
-rw-r--r-- 1 root root 0 2010-11-03 15:38 /cgroup/nj10-014/19056/2/tasks
-rw-r--r-- 1 root root 0 2010-11-03 15:38 /cgroup/nj10-014/19056/tasks
-rw-r--r-- 1 root root 0 2010-11-03 15:38 /cgroup/nj10-014/19061/2/tasks
-rw-r--r-- 1 root root 0 2010-11-03 15:38 /cgroup/nj10-014/19061/tasks
-rw-r--r-- 1 root root 0 2010-11-03 15:38 /cgroup/nj10-014/19064/2/tasks
-rw-r--r-- 1 root root 0 2010-11-03 15:38 /cgroup/nj10-014/19064/3/tasks
-rw-r--r-- 1 root root 0 2010-11-03 15:38 /cgroup/nj10-014/19064/tasks
-rw-r--r-- 1 root root 0 2010-11-03 15:40 /cgroup/nj10-014/19206/2/tasks
-rw-r--r-- 1 root root 0 2010-11-03 15:40 /cgroup/nj10-014/19206/3/tasks
-rw-r--r-- 1 root root 0 2010-11-03 15:40 /cgroup/nj10-014/19206/tasks
-rw-r--r-- 1 root root 0 2010-11-03 15:40 /cgroup/nj10-014/19237/2/tasks
-rw-r--r-- 1 root root 0 2010-11-03 15:40 /cgroup/nj10-014/19237/3/tasks
-rw-r--r-- 1 root root 0 2010-11-03 15:40 /cgroup/nj10-014/19237/tasks
-rw-r--r-- 1 root root 0 2010-11-01 18:27 /cgroup/nj10-014/2842/2/tasks
-rw-r--r-- 1 root root 0 2010-11-01 18:27 /cgroup/nj10-014/2842/tasks
-rw-r--r-- 1 root root 0 2010-11-01 18:27 /cgroup/nj10-014/2845/2/tasks
-rw-r--r-- 1 root root 0 2010-11-01 18:27 /cgroup/nj10-014/2845/tasks
-rw-r--r-- 1 root root 0 2010-11-01 22:06 /cgroup/nj10-014/6360/2/tasks
-rw-r--r-- 1 root root 0 2010-11-01 22:06 /cgroup/nj10-014/6360/tasks
-rw-r--r-- 1 root root 0 2010-11-01 22:08 /cgroup/nj10-014/6363/2/tasks
-rw-r--r-- 1 root root 0 2010-11-01 22:08 /cgroup/nj10-014/6363/tasks
-rw-r--r-- 1 root root 0 2010-11-01 18:04 /cgroup/nj10-014/tasks
nj9:~ #

! wait, you are saying just ignore the fact that there are files in 
the directories and try to remove the directories, uh directly?

nj9:~ # find /cgroup/nj10-014 -type d -delete
nj9:~ # ls -lR /cgroup/nj10-014
ls: cannot access /cgroup/nj10-014: No such file or directory


 It never even slightly occured to me to try that!

Thanks! Now I know what to put in the release agent too. Awsome. Thanks 
again.

-- 
bkw

--
The Next 800 Companies to Lead America's Growth: New Video Whitepaper
David G. Thomson, author of the best-selling book Blueprint to a 
Billion shares his insights and actions to help propel your 
business during the next growth cycle. Listen Now!
http://p.sf.net/sfu/SAP-dev2dev
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] Launch multiple apps in exactly on container

[Brian K. White]

On 9/16/2010 3:36 AM, Jue Hong wrote:
 As I understand, running one application with the command lxc-execute
 will create a container instance. E.g., by running lxc-execute -n foo
 /bin/bash, a container named foo will be created, and I can find a foo
 directory under the mounted cgroup directory, like /dev/cgroup/foo.
 While retype lxc-execute -n foo /bin/bash, I'm told that：lxc-execute:
 Device or resource busy.

 Does it mean I cannot run multiple apps within exactly the same
 container foo via using lxc-execute or lxc-start? Or what should I do
 if it's possible?

You can run essentially as many apps as you want inside a single 
container, you just can't start them from the outside.

For a single service or app, run lxc-execute ... myapp

For multiple services/apps, run lxc-start , which will run /sbin/init 
inside the container, and init starts up multiple services the same way 
a regular server does.

You could do almost as much with lxc-execute.../bin/bash, but you do it 
from that shell, from inside the container, not by trying to run 
lxc-execute multiple times to create multiple processes.

-- 
bkw

--
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] Cannot start a container with a new MAC address

[Brian K. White]

On 8/27/2010 8:20 AM, Matto Fransen wrote:
 Hi,

 On Fri, Aug 27, 2010 at 11:27:16AM +0200, Sebastien Douche wrote:
 I created a container with an interface. I stop it, I change the MAC
 address, restart it:

 lxc-start: ioctl failure : Cannot assign requested address
 lxc-start: failed to setup hw address for 'eth0'
 lxc-start: failed to setup netdev
 lxc-start: failed to setup the network for 'vsonde43'
 lxc-start: failed to setup the container
 lxc-start: invalid sequence number 1. expected 2


 Have I Missed a step?

 This happens to me when I choose a 'wrong' mac-address.

 Example:
 lxc.network.hwaddr = 4a:59:43:49:79:bf works fine
 lxc.network.hwaddr = 4b:59:43:49:79:bfA results in a errormessage like above.

 Perhaps it is best to keep the first three pairs the same as in
 the LXC exampels.

Picking mac addresses is always going to require a little special care.
You can't just use anything.
Based on looking at what openvz and various other virtualization systems 
and/or their front-ends, and reading the rules for mac addresses, I do 
this to generate a valid mac from a desired ip address.
It uses only the mac address space reserved for local/virtual use and 
will never collide with any real nic, and will usually be unique 
automatically because even grocery-bagger-by-day admins are used to 
worrying about keeping ip's unique within a lan.
If the IP is 192.168.20.115:

$ printf 02:00:%x:%x:%x:%x 192 168 20 115

Or as part of a script where you can enter the ip or read it out of a 
config file in normal format:

$ IP=192.168.20.115
$ HA=`printf 02:00:%x:%x:%x:%x ${IP//./ }`
# echo $HA
02:00:c0:a8:14:73

macs are expected to be stable and ip's mutable, so it's a bit backwards 
to define a mac from an ip, but it's easier for most people in most 
cases that way. Everyone already is used to tracking ip's and making 
sure they're unique and recognizing immediately when there is an 
collision. Not so with mac's. I guess the downside will come when you 
generate a mac for a vm, then change that vm's ip, and then generate a 
new vm with the same IP that you just freed up. In that case the new vm 
will get the same mac as the old one.

The real answer of course is to track all your macs, virtual and real, 
in a spreadsheet or purpose designed app so you can sort and find dupes, 
prevent entering new dupes, and prevent entering invalid macs and merely 
unwise macs. An app might even be able to probe the network and try to 
determine if a proposed new mac is visible at the moment, and maybe even 
try to find past evidence in arp caches, syslog, etc.

-- 
bkw

--
Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
Be part of this innovative community and reach millions of netbook users 
worldwide. Take advantage of special opportunities to increase revenue and 
speed time-to-market. Join now, and jumpstart your future.
http://p.sf.net/sfu/intel-atom-d2d
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] Best way to shutdown a container

[Brian K. White]

On 8/17/2010 11:43 AM, Gordon Henderson wrote:
 On Fri, 13 Aug 2010, Clemens Perz wrote:

 Hi!

 I used to run lxc-stop on my system containers when I actually want to
 run a halt. Only today I noticed, that stop actually kills all
 processes, not really doing a halt. I went through the lxc commands and
 did not find something graceful to do this job from the host systems
 shutdown scripts.

 Did I miss it? Maybe lxc-halt is a missing piece ;-) Is there a simple
 way to do it, preventing the need to login to the container and run halt?

 Am I the only one using lxc-watchdog by Dobrica Pavlinusic ?

 http://blog.rot13.org/2010/03/lxc-watchdog_missing_bits_for_openvz_-_linux_containers_migration.html

 I've had to tweak it a bit for my own setup, but otherwise it seems to
 work OK.

 It modified a containers inittab at start time and then sends a powerfail
 event to it's running init to simulate a reboot...

 Gordon

Have you not read the various posts in this thread?
That is essentially what everyone already does.

Everyone has their own slight twist on the scripts and packaging, 
including that one, including myself (on openSUSE where I put some 
scripts and setup logic into an rpm with lxc-tools and a wiki page to 
document it), but they all do exactly that same thing, based off a 
couple posts to this list a while back when someone first came up with 
the init idea and somene else came up with the inotify enhancement. They 
don't all actually modify the containers init automatically, but neither 
do I agree that that is necessarily correct. It's a handy twist, but a 
trivial detail on top of everything else.

In my case, although my scripts could be enhanced a lot, rather than 
enhance them further I'm living with them for now since they do work (in 
production), and when I'm ready to upgrade to the new lxc with built-in 
watchdog/agent, I'll invest in that for further enhancements.

-- 
bkw

--
This SF.net email is sponsored by 

Make an app they can't live without
Enter the BlackBerry Developer Challenge
http://p.sf.net/sfu/RIM-dev2dev 
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] IPC between containers

[Brian K. White]

On 6/7/2010 7:51 PM, Nirmal Guhan wrote:
 Hi,

 Is there a way to use shared memory between the containers? Any other 
 better/faster IPC mechanisms? I don't want to use sockets.

 Please let me know.

Fifos on shared filesystem on the host?
Multiply hardlinked files on the host which appear in the same place in 
each container?

Except I don't know how you could safely allow more than one client 
mount the fs except read-only, other than by means which are ultimately 
sockets just with fs overhead on top of that. (various network and 
distributed filesystems, and distributed ipc, distributed locking 
systems, all are network based)

Or if the multiple-hardlink idea doesn't actually work, I guess you 
could put an incron job on the host which has access to all the 
container's fs's and can watch a special directory in the same place in 
all containers fs's and whenever a file is modified in one container, 
incrond on the host notices and replicates it in all other containers.

None of this sounds as good as ordinary socket communications, which is 
my point.

The whole point of a container is to ensure that exactly that (IPC) 
can't happen so I am tempted to say if you don't want something which 
contains, then don't use containers.

-- 
bkw

--
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] help with root mount parameters

[Brian K. White]

On 5/26/2010 4:54 AM, Ralf Schmitt wrote:
 Daniel Lezcanodlezc...@fr.ibm.com  writes:


 This is internal stuff of lxc. Before this commit, several temporary
 directories were created and never destroyed, polluting '/tmp'.

 In order to do pivot_root, we have to mount --bind the rootfs somewhere.
 This 'somewhere' was a temporary directory and now it is
 /usr/lib64/lxc by default (choosen at configure time), or optionally
 configurable with lxc.rootfs.mount.
  
 /var/run/lxc looks like a much better choice to me.


As has been discussed pretty thoroughly already, this is not variable 
data but a completely fixed, static bit of package-specific support 
infrastructure. It's just like a package specific library or other 
component file whose name never changes and which that single file 
services all running instances concurrently.
The library or other support file just happens to be an empty 
directory in this case.
As such, something/lib/package/something is really the most correct 
place. Just pretend you can't hear the word temporary in the 
description of it's purpose.

Maybe the install target that creates this directory could also place a 
small text file in the directory explaining the directories purpose?
This directory must exist, even though no contents are ever placed 
here. see http: for details
That shouldn't affect it's use as a mount point and helps the system to 
self-document.

-- 
bkw

--

___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] lxc-start leaves temporary pivot dir behind

[Brian K. White]

On 5/10/2010 10:48 AM, Daniel Lezcano wrote:
 Ferenc Wagner wrote:

 Daniel Lezcanodaniel.lezc...@free.fr  writes:


  
 Ferenc Wagner wrote:



 Ferenc Wagnerwf...@niif.hu  writes:


  
 Daniel Lezcanodlezc...@fr.ibm.com  writes:



 Ferenc Wagner wrote:


  
 Daniel Lezcanodaniel.lezc...@free.fr  writes:



 Ferenc Wagner wrote:


  
 While playing with lxc-start, I noticed that /tmp is infested by
 empty lxc-r* directories: [...] Ok, this name comes from lxc-rootfs
 in conf.c:setup_rootfs.  After setup_rootfs_pivot_root returns, the
 original /tmp is not available anymore, so rmdir(tmpname) at the
 bottom of setup_rootfs can't achieve much.  Why is this temporary
 name needed anyway?  Is pivoting impossible without it?



 That was put in place with chroot, before pivot_root, so the distro's
 scripts can remount their '/' without failing.

 Now we have pivot_root, I suppose we can change that to something 
 cleaner...

  

 Like simply nuking it?  Shall I send a patch?



 Sure, if we can kill it, I will be glad to take your patch :)

  

 I can't see any reason why lxc-start couldn't do without that temporary
 recursive bind mount of the original root.  If neither do you, I'll
 patch it out and see if it still flies.


 For my purposes the patch below works fine.  I only run applications,
 though, not full systems, so wider testing is definitely needed.

  From 98b24c13f809f18ab8969fb4d84defe6f812b25c Mon Sep 17 00:00:00 2001
 From: Ferenc Wagnerwf...@niif.hu
 Date: Thu, 6 May 2010 14:47:39 +0200
 Subject: [PATCH] no need to use a temporary directory for pivoting
 [...]

  
 We can't simply remove it because of the pivot_root which returns EBUSY.
 I suppose it's coming from: new_root and put_old must not be on the
 same file system as the current root.


 Hmm, this could indeed be a problem if lxc.rootfs is on the current root
 file system.  I didn't consider pivoting to the same FS, but looks like
 this is the very reason for the current complexity in the architecture.

 Btw. is this really a safe thing to do, to pivot into a subdirectory of
 a file system?  Is there really no way out of that?

  
 It seems pivot_root on the same fs works if an intermediate mount point
 is inserted between old_root and new_root but at the cost of having a
 lazy unmount when we unmount the old rootfs filesystems . I didn't find
 a better solution in order to allow the rootfs to be a directory with a
 full files system tree.

 I am looking at making possible to specify a rootfs which is a file
 system image or a block device. I am not sure this should be done by lxc
 but looking forward ...


 But as we will pivot_root right after, we won't reuse the real rootfs,
 so we can safely use the host /tmp.


 That will cause problems if rootfs is under /tmp, don't you think?

  
 Right :)


 Actually, I'm not sure you can fully solve this.  If rootfs is a
 separate file system, this is only much ado about nothing.  If rootfs
 isn't a separate filesystem, you can't automatically find a good place
 and also clean it up.
  
 Maybe a single /tmp/lxc directory may be used as the mount points are
 private to the container. So it would be acceptable to have a single
 directory for N containers, no ?


 So why not require that rootfs is a separate
 filesystem, and let the user deal with it by doing the necessary bind
 mount in the lxc config?

  
 Hmm, that will break the actual user configurations.

 We can add a WARNING if rootfs is not a separate file system and provide
 the ability to let the user to do whatever he wants, IMO if it is well
 documented it is not a problem.


Just putting in a hopefully unnecessary vote, if you are still deciding 
what's ultimately going to be possible or impossible:
As a user, I can say I really want to continue using a shared filesystem 
where the containrs roots are subdirectories on a single host filesystem.
The ability to use seperate filesystems or image files or real devices 
would be nice options, but the way I want to run most instances, is out 
of subdirectories.
I specifically deliberately want to allow any container to consume as 
much or as little space as it needs at any time without warning and at 
unpredictable rates, changing or spiking at unpredictable times.

I can describe all the reasons why I want that and why it's not wrong 
in my case but I'm assuming they are unnecessary and uninteresting.

Switching to bind mounts are ok. I don't mind if the details change 
about how to set up the config files and what steps the init scripts 
have to perform to launch a container, as long as it's still true that I 
don't have to provision fixed container sizes.

-- 
bkw

--

Re: [Lxc-users] lxc-start: Device or resource busy - could not unmount old rootfs

[Brian K. White]

'/lxc-oldrootfs-y10fSV/var/lib/urizen-slicer/fs/test/dev/console'
  lxc-start 1271189821.573 DEBUGlxc_conf - umounted
'/lxc-oldrootfs-y10fSV/var/lib/urizen-slicer/fs/test/dev/tty1'
  lxc-start 1271189821.573 DEBUGlxc_conf - umounted
'/lxc-oldrootfs-y10fSV/var/lib/urizen-slicer/fs/test/dev/tty2'
  lxc-start 1271189821.573 DEBUGlxc_conf - umounted
'/lxc-oldrootfs-y10fSV/var/lib/urizen-slicer/fs/test/dev/tty3'
  lxc-start 1271189821.573 DEBUGlxc_conf - umounted
'/lxc-oldrootfs-y10fSV/var/lib/urizen-slicer/fs/test/dev/tty4'
  lxc-start 1271189821.573 DEBUGlxc_conf - umounted
'/lxc-oldrootfs-y10fSV/dev'
  lxc-start 1271189821.573 DEBUGlxc_conf - umounted
'/lxc-oldrootfs-y10fSV/sys'
  lxc-start 1271189821.573 DEBUGlxc_conf - umounted
'/lxc-oldrootfs-y10fSV/var'
  lxc-start 1271189821.573 ERRORlxc_conf - Device or resource
busy - could not unmount old rootfs
lxc-start: Device or resource busy - could not unmount old rootfs
  lxc-start 1271189821.573 ERRORlxc_conf - failed to
pivot_root to '/var/lib/urizen-slicer/fs/test'
lxc-start: failed to pivot_root to '/var/lib/urizen-slicer/fs/test'
  lxc-start 1271189821.573 ERRORlxc_conf - failed to set
rootfs for 'test'
lxc-start: failed to set rootfs for 'test'
  lxc-start 1271189821.573 ERRORlxc_start - failed to setup
the container
lxc-start: failed to setup the container
  lxc-start 1271189821.573 NOTICE   lxc_start - '/sbin/init'
started with pid '2229'
  lxc-start 1271189821.573 DEBUGlxc_utils - closing fd '1'
  lxc-start 1271189821.573 DEBUGlxc_utils - closing fd '0'
  lxc-start 1271189821.573 DEBUGlxc_utils - closed all
inherited file descriptors
  lxc-start 1271189821.634 DEBUGlxc_start - child exited
  lxc-start 1271189821.634 INFO lxc_error - child2229  ended
on error (255)
  lxc-start 1271189821.634 DEBUGlxc_cgroup - using cgroup
mounted at '/cgroup'
  lxc-start 1271189821.714 DEBUGlxc_cgroup - '/cgroup/test' unlinked


Thanks,
--
Matt Bailey


--
Download Intel#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users




--
Download Intel#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev



___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users



--
Download Intel#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users



Re: [Lxc-users] Can't start a 2nd container with 0.6.5
Daniel Lezcano
Sat, 23 Jan 2010 13:44:33 -0800

Brian K. White wrote:
 However, now when I go to make a 2nd container, I can't start it.
 I can create it, but not execute or start.
 [...] 
 Well I'm more boggled now.
 I stopped my first container nj12.
 lxc-ls shows nothing, screen -ls shows nothing, mount shows nothing extra, 
 yet trying to start nj13 still fails, and trying to start nj12 still succeeds.

 I can't find anything functionally different between nj12 and nj13...
 What could I be missing???

Yep, there is a problem with the pivot root and the umount of the different 
mount point in the old rootfs. This problem appears with some configuration (I 
didn't figure out which one yet), I did a hot fix, which is more a workaround 
than a real fix, (I didnt't understand where is coming the real problem).

As soon as I find the culprit, I will release a 0.6.6 version to fix that as 
the 0.6.5 is bogus.

In the meantime, if you wish to test, I attached the patch to this email.

Thanks for reporting the problem.

 -- Daniel

---
 src/lxc/conf.c |   41 ++---
 1 file changed, 30 insertions(+), 11 deletions(-)

Index: lxc/src/lxc/conf.c
===
--- lxc.orig/src/lxc/conf.c
+++ lxc/src/lxc/conf.c
@@ -67,6 +67,10 @@ lxc_log_define

Re: [Lxc-users] mac addresses

[Brian K. White]

Brian K. White wrote:
 Michael H. Warfield wrote:
 On Fri, 2010-02-12 at 11:37 -0500, Brian K. White wrote:
 So my question is, is 02:x:x:x:x:x in some way non-routable just 
 because it sets the locally-administered bit?
 I use that all the time without any problems.  It may be something in
 the way their switch is set up that limits the number of mac addresses
 on that port.
 
 Aha. Plausible. I'll check it out. 24 hrs is still 12 hrs away... I 
 wonder which will be quicker, calling Verizon and actually getting 
 anyone who can even spell MAC or just waiting another day! :)
 
 Thanks much.
 

In the course of talking to Verizon I discovered the off the cuff 
shell/awk loop I used to re-write all my config files at once had a typo 
and created the same exact mac in all config files.

stopped all containers, wrote the intended _non_duplicate_ macs in all 
files and restarted all containers and everything is fine.

*sigh*

They were actually pretty helpful believe it or not and it only took a 
minute to bump past the first couple layers to get to a person whose 
time was more valuable for me to waste.

-- 
bkw

--
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users