Re: [systemd-devel] Unable to remove images using machinectl
On Mon, Mar 02, 2015 at 11:01:44PM +0100, Lennart Poettering wrote: On Mon, 02.03.15 14:10, Erik Johnson (e...@saltstack.com) wrote: On Mon, Mar 02, 2015 at 07:51:35PM +0100, Lennart Poettering wrote: On Mon, 02.03.15 11:06, Erik Johnson (e...@saltstack.com) wrote: I'm getting a similar error to the one described in the following post from a couple weeks ago: https://www.mail-archive.com/systemd-devel@lists.freedesktop.org/msg28255.html I get an access denied error when running machinectl remove, even as root. This was a bug in the dbus policy. It should be fixed with this commit: http://cgit.freedesktop.org/systemd/systemd/commit/src/machine/org.freedesktop.machine1.conf?id=72c3897f77a7352618ea76b880a6764f52d6327b Lennart -- Lennart Poettering, Red Hat Thanks. I applied the patch, restarted dbus, and now I get the following after a 20-30 second pause: Could not remove image: Activation of org.freedesktop.machine1 timed out dbus is not a service that cannot be restarted during normal operation. This is a well-known limitation of dbus. Reloading configuration should be sufficient. You probably need to reboot now to get back to a working system... Lennart -- Lennart Poettering, Red Hat OK. After rebooting, it's still not working. Were the necessary changes limited to that one commit? I'm demoing nspawn at SaltConf tomorrow (http://eventmobi.com/saltconf15/agenda/94463/505550), and if necessary I can just run machined in the foreground. Continuing to troubleshoot this isn't really that necessary. -- Erik Johnson | Senior Engineer 3400 North Ashton Blvd, Suite 110 | Lehi, UT 84043 e...@saltstack.com | http://saltstack.com pgpaDsThEmc0j.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Unable to remove images using machinectl
On Mon, Mar 02, 2015 at 07:51:35PM +0100, Lennart Poettering wrote: On Mon, 02.03.15 11:06, Erik Johnson (e...@saltstack.com) wrote: I'm getting a similar error to the one described in the following post from a couple weeks ago: https://www.mail-archive.com/systemd-devel@lists.freedesktop.org/msg28255.html I get an access denied error when running machinectl remove, even as root. This was a bug in the dbus policy. It should be fixed with this commit: http://cgit.freedesktop.org/systemd/systemd/commit/src/machine/org.freedesktop.machine1.conf?id=72c3897f77a7352618ea76b880a6764f52d6327b Lennart -- Lennart Poettering, Red Hat Thanks. I applied the patch, restarted dbus, and now I get the following after a 20-30 second pause: Could not remove image: Activation of org.freedesktop.machine1 timed out -- Erik Johnson | Senior Engineer 3400 North Ashton Blvd, Suite 110 | Lehi, UT 84043 e...@saltstack.com | http://saltstack.com pgpw42om1BjH5.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] Creating containers from local .raw or tar images
The machinectl pull-* commands allow you to download container images, but no such option (yet) exists for deploying from an image or tar file on your local filesystem. Are there plans to expand the machinectl pull-* commands to support either absolute file paths or file:/// URLs? My current dirty hack is to run an nginx instance that listens only on localhost, and pull from http://localhost/path/to/container.tar.gz, but this is far from ideal. -- Erik Johnson | Senior Engineer 3400 North Ashton Blvd, Suite 110 | Lehi, UT 84043 e...@saltstack.com | http://saltstack.com pgpFotC_3B5wf.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Creating containers from local .raw or tar images
On Mon, Mar 02, 2015 at 06:03:42PM -0500, Daurnimator wrote: AFAIK, all the pull-* commands do is download into /var/lib/machines. You could easily enough just copy things into there yourself. Or even less work: don't copy them in there at all, and pass your image directly to systemd-nspawn (which is what machinectl uses) See: http://www.freedesktop.org/software/systemd/man/systemd-nspawn.html I've done that before, but I am writing nspawn support for SaltStack (http://saltstack.com) and I need to start and stop them unattended. -- Erik Johnson | Senior Engineer 3400 North Ashton Blvd, Suite 110 | Lehi, UT 84043 e...@saltstack.com | http://saltstack.com pgpxDnjOGH0PC.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Creating containers from local .raw or tar images
On Tue, Mar 03, 2015 at 12:24:10AM +0100, Lennart Poettering wrote: On Mon, 02.03.15 15:45, Erik Johnson (e...@saltstack.com) wrote: The machinectl pull-* commands allow you to download container images, but no such option (yet) exists for deploying from an image or tar file on your local filesystem. Are there plans to expand the machinectl pull-* commands to support either absolute file paths or file:/// URLs? My current dirty hack is to run an nginx instance that listens only on localhost, and pull from http://localhost/path/to/container.tar.gz, but this is far from ideal. You can simply place your raw or tar images in /var/lib/machines/ directly. But yeah, pretty high on my list is to add machinectl import-raw, machinectl import-tar, machinectl export-raw, machinectl export-tar, for doing this in a nice way. Lennart -- Lennart Poettering, Red Hat Nice, I figured this would be the logical next step. Right now I am writing support for managing nspawn images in SaltStack, so I was just considering possibilities for functions to add. -- Erik Johnson | Senior Engineer 3400 North Ashton Blvd, Suite 110 | Lehi, UT 84043 e...@saltstack.com | http://saltstack.com pgpL51MUnHJLT.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Unable to remove images using machinectl
On Tue, Mar 03, 2015 at 07:11:18AM +0100, Peter Paule wrote: Excerpts from Erik Johnson's message of 2015-03-02 14:10:06 -0700: Thanks. I applied the patch, restarted dbus, and now I get the following after a 20-30 second pause: @Erik Did you use the aur package or did you compile systemd and install it using make? Do you have experience rolling back to the normal package provided by arch? I'm just asking because I thought about installing systemd on my arch, but as it is my machine which I use very frequently I don't want to crash it. :-) The patch was to the dbus policy, it did not require a recompile. You can always boot to an Arch snapshot ISO, mount your partitions under /mnt, and do an arch-chroot /mnt, then install a previous systemd from /var/cache/pacman/pkg. @Lennart Is is difficult to get rid of a systemd package installed from git? -- Erik Johnson | Senior Engineer 3400 North Ashton Blvd, Suite 110 | Lehi, UT 84043 e...@saltstack.com | http://saltstack.com pgpssCM2ZTpWb.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] Unable to remove images using machinectl
I'm getting a similar error to the one described in the following post from a couple weeks ago: https://www.mail-archive.com/systemd-devel@lists.freedesktop.org/msg28255.html I get an access denied error when running machinectl remove, even as root. For reference, /var/lib/machines is on a btrfs partition and I am running systemd 219 on an Arch Linux host. I am, however, unexperienced with btrfs and may have done something wrong. I did not manually create any subvolumes. I tried stopping systemd-machined and running it under strace to check for permission errors as mentioned by Lennart in the reply to the thread I referenced above. But to my surprise, when I attempted to remove the container I did not get the same permission error and the container was successfully removed. So, it occurs to me that the issue might have to do with the options in the unit file. Below are the contents of the unit file, with the commented lines at the beginning removed for brevity. Any insight that can be offered would be appreciated. [Unit] Description=Virtual Machine and Container Registration Service Documentation=man:systemd-machined.service(8) Documentation=http://www.freedesktop.org/wiki/Software/systemd/machined Wants=machine.slice After=machine.slice [Service] ExecStart=/usr/lib/systemd/systemd-machined BusName=org.freedesktop.machine1 CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH WatchdogSec=1min PrivateTmp=yes PrivateDevices=yes PrivateNetwork=yes ProtectSystem=full ProtectHome=yes -- Erik Johnson | Senior Engineer 3400 North Ashton Blvd, Suite 110 | Lehi, UT 84043 e...@saltstack.com | http://saltstack.com pgp0FuM9AKBoY.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel