Re: [Lxc-users] Working LXC templates?
Le mercredi 28 août 2013 à 10:31 -0700, Tony Su a écrit : > Was wondering if there is a source for working LXC templates for > deploying non-native distros. > > > Although I'm working on openSUSE, it looks like the default provided > templates are generic, for example author for the fedora template is > Daniel Lezcano and the ubuntu template is Serge Hallyn. > > > An example of current difficulties is that the Fedora repo system > appears to have been restructured in a major way. I've partially made > modifications to the fedora script (which was likely created sometime > around fedora 14) by modifying the repo string to "add" a "f" letter > to the path as follows > > RELEASE_URL="$MIRROR_URL/Packages/f/fedora-release-$release-1.noarch.rpm" > > > But after locating the package and downloading, > > A series of errors follow beginning with a pycurl error unable to > verify the remote host using SSL. > > > Although I can investigate how to disable the check, I thought I might > first ask whether anyone knows of LXC scripts where you can be on a > Host running one distro and run a different distro (preferably at > least Fedora 18, but interested in others as well). > > > BTW - If anyone else is following what I've done to this point on > openSUSE, I also figured out how to pass the "release" parameter in > the template since although the template describes passing that > parameter from the command line, it's not supported by lxc-create on > openSUSE. Unfortunately, I had to "adapt / fix" the openSUSE template for each release of openSUSE, which is why trying to make a "version agnostic" template for openSUSE won't work (at least for now). That's why the version is hardcoded in the template. -- Frederic Crozat SUSE -- Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] total RAM limit
Le mercredi 24 avril 2013 à 08:55 -0500, Serge Hallyn a écrit : > Quoting Frederic Crozat (fcro...@suse.com): > > Le mardi 23 avril 2013 à 10:09 -0500, Serge Hallyn a écrit : > > > Quoting Frederic Crozat (fcro...@suse.com): > > > > > Thanks - clearly my patch needed some love :) Just a few comments below. > > > > hehe :) > > > > > > > + > > > > + /* check if directory exists, and create it otherwise */ > > > > + if (access(path, F_OK)) { > > > > + ret = mkdir(path, 0755); > > > > + if (ret == -1 && errno == EEXIST) { > > > > > > Did you mean errno != EEXIST? > > > > I blindly copied code from lxc_one_cgroup_create (now > > create_lxcgroups :) > > That has: > > if (ret == -1 && errno != EEXIST) { My copy didn't, because I didn't had d7436fc1dfe0323fb5e6905457f342da5ed8ca97 backported.. I'll fix that.. -- Frederic Crozat SUSE -- Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Problem with: lxc.autodev=1
Le lundi 22 avril 2013 à 13:57 +0200, Andreas Otto a écrit : > > Ok. I'll do more tests on my side. But you should open a bug report on > > https://bugzilla.novell.com/ against openSUSE (and assign it to me) so > > we don't loose it. > -> done For the record, I was able to duplicate the problem and found the issue. An umask call was missing. This is already fixed in 0.9.0 (see 3a32201c5a442c2732861aeee1a5f70909718b90 ) but not when I backport lxc.autodev to our package. Should be fixed in a future maintenance update on openSUSE.. -- Frederic Crozat SUSE -- Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] total RAM limit
Le mardi 23 avril 2013 à 10:09 -0500, Serge Hallyn a écrit : > Quoting Frederic Crozat (fcro...@suse.com): > Thanks - clearly my patch needed some love :) Just a few comments below. hehe :) > > > + > > + /* check if directory exists, and create it otherwise */ > > + if (access(path, F_OK)) { > > + ret = mkdir(path, 0755); > > + if (ret == -1 && errno == EEXIST) { > > Did you mean errno != EEXIST? I blindly copied code from lxc_one_cgroup_create (now create_lxcgroups :) > > @@ -384,6 +430,10 @@ static int lxc_one_cgroup_create(const c > > SYSERROR("Failed creating pathname for cgroup parent (%d)\n", > > ret); > > return -1; > > } > > + > > + if (enable_hierarchy(cgparent)) > > + return -1; > > Hm, do we want to fail container start on that, or just log a warning? Hmm, probably log a warning (but if you can't create a file in the main top directory, you are probably very doomed IMHO ;) -- Frederic Crozat SUSE -- Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] total RAM limit
Le lundi 04 février 2013 à 08:38 -0600, Serge Hallyn a écrit : > Quoting Gary Ballantyne (gary.ballant...@haulashore.com): > > On Fri, 1 Feb 2013 10:24:13 -0600 > > Serge Hallyn wrote: > > > > > > > > Did you actually test with a memory hog program? I just noticed there > > > appears to be a bug in that if I > > > > > > d=/sys/fs/cgroup/memory/a > > > mkdir $d > > > echo 1 > $d/memory.use_hierarchy > > > echo 5000 > $d/memory.limit_in_bytes > > > mkdir $d/b > > > > > > then $d/b/memory.limit_in_bytes does not report the reduced limit. > > > However > > > whenI run a program which does char *c = malloc(1) after doing > > > echo $$ > $d/b/tasks > > > > > > then I get killed by OOM. > > > > > > -serge > > > > I tested with a large array in ipython. Though, from your example, it seems > > I'm missing memory.use_hierarchy. > > > > In principle, it seems like I need something like: > > > > echo 1 > /sys/fs/cgroup/memory/lxc/memory.use_hierarchy > > > > But, I can't do that before the container is started (no lxc directory) or > > after it is started (device busy). > > > > Yup, it looks like lxc ought to set that at startup. I can think of > absolutely no cases where we would *not* want that done. Something > like: > > Subject: [PATCH 1/1] Try to enable memory cgroup use_hierarchy option. > > The memory cgroup has a 'memory.use_hierarchy' which is initialized to > 0. It needs to be set to 1 at our top level, that is > /sys/fs/cgroup/memory/lxc/memory.use_hiararchy, before we create any > containers. After the fact is too late. > > Signed-off-by: Serge Hallyn Any reason this patch was not pushed ? After fixing it a bit (it was missing some directory creation and needed some massage), it works as expected on 0.8.0 and it prevents kernel warning about memcgroup use_hierarchy warning. New version (for 0.8.0) attached. -- Frederic Crozat SUSE -- Frederic Crozat SUSE Date: Mon, 4 Feb 2013 08:38:19 -0600 From: Serge Hallyn Subject: [PATCH 1/1] Try to enable memory cgroup use_hierarchy option. The memory cgroup has a 'memory.use_hierarchy' which is initialized to 0. It needs to be set to 1 at our top level, that is /sys/fs/cgroup/memory/lxc/memory.use_hiararchy, before we create any containers. After the fact is too late. Signed-off-by: Serge Hallyn --- src/lxc/cgroup.c | 41 + 1 file changed, 41 insertions(+) Index: lxc-0.8.0/src/lxc/cgroup.c === --- lxc-0.8.0.orig/src/lxc/cgroup.c +++ lxc-0.8.0/src/lxc/cgroup.c @@ -356,6 +356,52 @@ int try_to_move_cgname(char *cgparent, c } /* + * The memory cgroup has a 'memory.use_hierarchy' which is initialized to + * 0. It needs to be set to 1 at our top level, that is + * /sys/fs/cgroup/memory/lxc/memory.use_hierarchy, before we create any + * containers. After the fact is too late. + */ +static int enable_hierarchy(char *path) +{ + char filepath[MAXPATHLEN]; + int ret; + FILE *f; + int len = strlen(path); + + if (strlen(path) < 15 || strncmp(path+15, "memory",6) != 0) + return 0; + + ret = snprintf(filepath, MAXPATHLEN, "%s/memory.use_hierarchy", path); + if (ret < 0 || ret >= MAXPATHLEN) { + SYSERROR("Failed creating memory hierarchy filepath name"); + return -1; + } + + /* check if directory exists, and create it otherwise */ + if (access(path, F_OK)) { + ret = mkdir(path, 0755); + if (ret == -1 && errno == EEXIST) { + SYSERROR("failed to create '%s' directory", path); + return -1; + } + } + + f = fopen(filepath, "w"); + if (!f) { + /* kernel may not support this file - s'ok */ + WARN("Unable to open cgroup memory.use_hierarchy file"); + return 0; + } + + if (fprintf(f, "1") < 1) { + WARN("Unable to set hierarchy to true for memory cgroup"); + } + fclose(f); + + return 0; +} + +/* * create a cgroup for the container in a particular subsystem. */ static int lxc_one_cgroup_create(const char *name, @@ -384,6 +430,10 @@ static int lxc_one_cgroup_create(const c SYSERROR("Failed creating pathname for cgroup parent (%d)\n", ret); return -1; } + + if (enable_hierarchy(cgparent)) + return -1; + ret = snprintf(cgname, MAXPATHLEN, "%s/%s", cgparent, name); if (ret < 0 || ret >= MAXPATHLEN) { SYSERROR("Failed creating pathname for cgroup (%d)\n", ret); -- Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Problem with: lxc.autodev=1
Le lundi 22 avril 2013 à 10:43 +0200, Andreas Otto a écrit : > Am 22.04.2013 10:28, schrieb Frederic Crozat: > > Le samedi 20 avril 2013 à 21:13 +0200, Andreas Otto a écrit : > >> Hi all, > >> > >> my problem: the "autodev" create devices with wrong permissions: > >> > >> > ls -ald /dev/* > >> crw-rw 1 root tty 136, 16 Apr 20 18:34 /dev/console > >> lrwxrwxrwx 1 root root 11 Apr 20 18:34 /dev/core -> /proc/kcore > >> lrwxrwxrwx 1 root root 13 Apr 20 18:34 /dev/fd -> /proc/self/fd > >> crwxr-xr-x 1 root root 1, 7 Apr 20 18:34 /dev/full > >> drwxr-xr-x 2 root root 0 Apr 20 18:34 /dev/hugepages > >> prw--- 1 root root 0 Apr 20 18:34 /dev/initctl > >> lrwxrwxrwx 1 root root 7 Apr 20 18:34 /dev/kmsg -> console > >> srw-rw-rw- 1 root root 0 Apr 20 18:34 /dev/log > >> drwxrwxrwt 2 root root 40 Apr 20 18:34 /dev/mqueue > >> crwxr-xr-x 1 root root 1, 3 Apr 20 18:34 /dev/null > >> lrwxrwxrwx 1 root root 13 Apr 20 18:34 /dev/ptmx -> /dev/pts/ptmx > >> drwxr-xr-x 2 root root 0 Apr 20 18:34 /dev/pts > >> crwxr-xr-x 1 root root 1, 8 Apr 20 18:34 /dev/random > >> drwxrwxrwt 2 root root 40 Apr 20 18:34 /dev/shm > >> lrwxrwxrwx 1 root root 15 Apr 20 18:34 /dev/stderr -> /proc/self/fd/2 > >> lrwxrwxrwx 1 root root 15 Apr 20 18:34 /dev/stdin -> /proc/self/fd/0 > >> lrwxrwxrwx 1 root root 15 Apr 20 18:34 /dev/stdout -> /proc/self/fd/1 > >> crwxr-xr-x 1 root root 5, 0 Apr 20 18:34 /dev/tty > >> crw-rw 1 root tty 136, 12 Apr 20 18:34 /dev/tty1 > >> crw-rw 1 root tty 136, 13 Apr 20 18:34 /dev/tty2 > >> crw-rw 1 root tty 136, 14 Apr 20 18:34 /dev/tty3 > >> crw-rw 1 root tty 136, 15 Apr 20 18:34 /dev/tty4 > >> crwxr-xr-x 1 root root 1, 9 Apr 20 18:34 /dev/urandom > >> crwxr-xr-x 1 root root 1, 5 Apr 20 18:34 /dev/zero > >> > >> > >> check the permissions for "/dev/tty" or "/dev/null" as example. > > Are you checking the permissions when the container is running or after > > it was run ? > while it was running. > it was possible to change permission in the /dev by root after > but every reebot it was gond ;-) I know :) This is because /dev is mounted as a tmpfs when running with systemd, so any change you do will be lost.. > > > >> a "normal" user is not able to use these devices ... > >> example: login into an non-root-user account. > >> > >> > ssh dev01@nhi2 > >> ... > >> Last login: Sat Apr 20 18:34:29 2013 from linux02 > >> Have a lot of fun... > >> -bash: /dev/null: Permission denied > >> -bash: /dev/null: Permission denied > >> -bash: /dev/null: Permission denied > >> > >> Im using opensuse 12.3 on the host and guest. > >> The gues is a fresh lxc container. > > Just to be sure: did you upgrade your system to 12.3 ? It could have an > > "old" cache for the container generation (it should be fixed these days > > when upgrading distro but you never know..). > > > This is a fresh 12.3 on host and on quest ... Ok. I'll do more tests on my side. But you should open a bug report on https://bugzilla.novell.com/ against openSUSE (and assign it to me) so we don't loose it. -- Frederic Crozat SUSE -- Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Problem with: lxc.autodev=1
Le samedi 20 avril 2013 à 21:13 +0200, Andreas Otto a écrit : > Hi all, > > my problem: the "autodev" create devices with wrong permissions: > > > ls -ald /dev/* > crw-rw 1 root tty 136, 16 Apr 20 18:34 /dev/console > lrwxrwxrwx 1 root root 11 Apr 20 18:34 /dev/core -> /proc/kcore > lrwxrwxrwx 1 root root 13 Apr 20 18:34 /dev/fd -> /proc/self/fd > crwxr-xr-x 1 root root 1, 7 Apr 20 18:34 /dev/full > drwxr-xr-x 2 root root 0 Apr 20 18:34 /dev/hugepages > prw--- 1 root root 0 Apr 20 18:34 /dev/initctl > lrwxrwxrwx 1 root root 7 Apr 20 18:34 /dev/kmsg -> console > srw-rw-rw- 1 root root 0 Apr 20 18:34 /dev/log > drwxrwxrwt 2 root root 40 Apr 20 18:34 /dev/mqueue > crwxr-xr-x 1 root root 1, 3 Apr 20 18:34 /dev/null > lrwxrwxrwx 1 root root 13 Apr 20 18:34 /dev/ptmx -> /dev/pts/ptmx > drwxr-xr-x 2 root root 0 Apr 20 18:34 /dev/pts > crwxr-xr-x 1 root root 1, 8 Apr 20 18:34 /dev/random > drwxrwxrwt 2 root root 40 Apr 20 18:34 /dev/shm > lrwxrwxrwx 1 root root 15 Apr 20 18:34 /dev/stderr -> /proc/self/fd/2 > lrwxrwxrwx 1 root root 15 Apr 20 18:34 /dev/stdin -> /proc/self/fd/0 > lrwxrwxrwx 1 root root 15 Apr 20 18:34 /dev/stdout -> /proc/self/fd/1 > crwxr-xr-x 1 root root 5, 0 Apr 20 18:34 /dev/tty > crw-rw 1 root tty 136, 12 Apr 20 18:34 /dev/tty1 > crw-rw 1 root tty 136, 13 Apr 20 18:34 /dev/tty2 > crw-rw 1 root tty 136, 14 Apr 20 18:34 /dev/tty3 > crw-rw 1 root tty 136, 15 Apr 20 18:34 /dev/tty4 > crwxr-xr-x 1 root root 1, 9 Apr 20 18:34 /dev/urandom > crwxr-xr-x 1 root root 1, 5 Apr 20 18:34 /dev/zero > > > check the permissions for "/dev/tty" or "/dev/null" as example. Are you checking the permissions when the container is running or after it was run ? > a "normal" user is not able to use these devices ... > example: login into an non-root-user account. > > > ssh dev01@nhi2 > ... > Last login: Sat Apr 20 18:34:29 2013 from linux02 > Have a lot of fun... > -bash: /dev/null: Permission denied > -bash: /dev/null: Permission denied > -bash: /dev/null: Permission denied > > Im using opensuse 12.3 on the host and guest. > The gues is a fresh lxc container. Just to be sure: did you upgrade your system to 12.3 ? It could have an "old" cache for the container generation (it should be fixed these days when upgrading distro but you never know..). -- Frederic Crozat SUSE -- Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Problem with: lxc.autodev=1
Le samedi 20 avril 2013 à 15:33 -0400, Michael H. Warfield a écrit : > On Sat, 2013-04-20 at 21:13 +0200, Andreas Otto wrote: > > Hi all, > > > my problem: the "autodev" create devices with wrong permissions: > > > > ls -ald /dev/* > > crw-rw 1 root tty 136, 16 Apr 20 18:34 /dev/console > > lrwxrwxrwx 1 root root 11 Apr 20 18:34 /dev/core -> /proc/kcore > > lrwxrwxrwx 1 root root 13 Apr 20 18:34 /dev/fd -> /proc/self/fd > > crwxr-xr-x 1 root root 1, 7 Apr 20 18:34 /dev/full > > drwxr-xr-x 2 root root 0 Apr 20 18:34 /dev/hugepages > > prw--- 1 root root 0 Apr 20 18:34 /dev/initctl > > lrwxrwxrwx 1 root root 7 Apr 20 18:34 /dev/kmsg -> console > > srw-rw-rw- 1 root root 0 Apr 20 18:34 /dev/log > > drwxrwxrwt 2 root root 40 Apr 20 18:34 /dev/mqueue > > crwxr-xr-x 1 root root 1, 3 Apr 20 18:34 /dev/null > > lrwxrwxrwx 1 root root 13 Apr 20 18:34 /dev/ptmx -> /dev/pts/ptmx > > drwxr-xr-x 2 root root 0 Apr 20 18:34 /dev/pts > > crwxr-xr-x 1 root root 1, 8 Apr 20 18:34 /dev/random > > drwxrwxrwt 2 root root 40 Apr 20 18:34 /dev/shm > > lrwxrwxrwx 1 root root 15 Apr 20 18:34 /dev/stderr -> /proc/self/fd/2 > > lrwxrwxrwx 1 root root 15 Apr 20 18:34 /dev/stdin -> /proc/self/fd/0 > > lrwxrwxrwx 1 root root 15 Apr 20 18:34 /dev/stdout -> /proc/self/fd/1 > > crwxr-xr-x 1 root root 5, 0 Apr 20 18:34 /dev/tty > > crw-rw 1 root tty 136, 12 Apr 20 18:34 /dev/tty1 > > crw-rw 1 root tty 136, 13 Apr 20 18:34 /dev/tty2 > > crw-rw 1 root tty 136, 14 Apr 20 18:34 /dev/tty3 > > crw-rw 1 root tty 136, 15 Apr 20 18:34 /dev/tty4 > > crwxr-xr-x 1 root root 1, 9 Apr 20 18:34 /dev/urandom > > crwxr-xr-x 1 root root 1, 5 Apr 20 18:34 /dev/zero > > > check the permissions for "/dev/tty" or "/dev/null" as example. > > I've seen this before when I set autodev=1 on a container which was NOT > running systemd for init. Reviewing the code and all, it looked like it > should be setting the correct permissions and yet it came out wrong for > several devices. In my case, I finally got my Fedora 17 containers > working fine (autodev=1 w/ systemd) and my Fedora 14 containers right > with autodev=0 w/o systemd. If I turned autodev=1 on the Fedora 14 > containers, it did what you're describing. That was back when we were > first working on the systemd support. I don't recall testing that > condition after we cut the patches loose for 0.9.0 that included systemd > support in both the containers and the host. Expect I did the backport of autodev in lxc 0.8.0 package we ship in 12.3, so we could support 12.3 guest nicely. > 1) Is OpenSuse 12.3 running systemd init (I don't run OpenSuse and, > unfortunately, the lxc-opensuse template doesn't seem to work for me on > Fedora)? Yes, we only support systemd starting with 12.3 -- Frederic Crozat SUSE -- Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] LXC in production envivroment
Le vendredi 24 août 2012 à 04:12 -0700, István Király - LaKing a écrit : > Hello users, and mainly developers, .. > > My question is, how reliable, how stable is LXC in a production environment? > > .. how far is LXC from being released as stabile 1.0? > > .. what OS is recommended for a stable environment with LXC? > .. what kernel version is recommended? With my SUSE hat, I'll say we support LXC full-distribution container starting with SLES 11 SP2 (which is running 3.0 kernel). :) -- Frederic Crozat SUSE -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users