Re: [Lxc-users] possible to create/run lxc containers inside an lxc container?
Any reason for this? What is the usecase? ~Nirmal On Thu, Sep 22, 2011 at 1:02 AM, Jesse Andrews anotherje...@gmail.com wrote: When I try to create a container inside a container I get an error: root@OUTER $ lxc-create -n INNER -f net.conf -t natty debootstrap is /usr/sbin/debootstrap Checking cache download in /var/cache/lxc/natty/rootfs-amd64 ... Downloading ubuntu natty minimal ... [...snip...] I: Extracting xz-utils... I: Extracting zlib1g... Failed to download the rootfs, aborting. Failed to download 'ubuntu natty base' failed to install ubuntu natty failed to execute template 'natty' Any way to nest containers? Thanks, Jesse -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] Sharing rootfs - expected?
Hi, Is it an expected behavior for containers to share the host root filesystem when I *specify* the rootfs in the config file? I hope not. Here is my config lxc.utsname = mylxc lxc.rootfs = /lxc/test/rootfs lxc.mount = /lxc/test.fstab lxc.tty = 3 Note that I do not have network related config. I expected the network to be shared but not the rootfs. I use liblxc.so.0.7.2 and 2.6.32 kernel. Thanks, ~nirmal -- The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] GUI container
On Mon, Feb 14, 2011 at 5:06 PM, Nirmal Guhan vavat...@gmail.com wrote: On Fri, Dec 17, 2010 at 10:46 AM, matto fransen ma...@matto.nl wrote: Hi, On 17 December 2010 11:28, Matto Fransen ma...@matto.nl wrote: Do I need to start container with X (level 5?). I tried these steps : I have set up an short howto on setting up an xserver in an lxc linux container, see http://box.matto.nl/lxcxserver.html Cheers, Matto Hi, Am trying these steps and installed X, xdm, xterm and blackbox in the lxc container (which is fedora 12). Restarted my container and I see that xdm service is running. However a Xnest :1 -query container ip from my workstation shows up just a black window. On the container log file, I see (WW) xf86OpenConsole: setpgid failed: Operation not permitted (WW) xf86OpenConsole: setsid failed: Operation not permitted Fatal server error: xf86OpenConsole: Cannot open virtual console 8 (No such file or directory) Do you have any clues? selinux is disabled in my system. Also though I installed blackbox in my container, not sure how that will be used since xdm does not have references to it. Can you clarify please? Thanks, ~nirmal -- The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] LXC and OVF
Hi, Is anybody using OVF (open virtualization format) with LXC for containers? Please let me know. Or any plans of making lxc-start/stop understand OVF format apart from the config file infe? Thanks, Guhan -- The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Jumping out of a read-only bind mount container
On Mon, Feb 7, 2011 at 4:53 AM, Andre Nathan an...@digirati.com.br wrote: On Mon, 2011-02-07 at 10:27 -0200, Andre Nathan wrote: So far, for a container running apache and cron, plus the usual stuff (init, getty, login), I managed to drop these: audit_control, audit_write, fowner, fsetid, ipc_lock, ipc_owner, lease, linux_immutable, mac_admin, mac_override, mknod, net_raw, setfcap, setpcap, sys_admin, sys_boot, sys_module, sys_nice, sys_pacct, sys_ptrace, sys_rawio, sys_resource, sys_time, sys_tty_config So far everything seems to be working, but possibly some more will have to be removed from the list. Ping needs net_raw on Ubuntu. In mycase, I need to disable some sysctl from container. For eg, sysctl -w kernel.randomize_va_space (for ASLR) Am still able to do the above after dropping SYS_ADMIN. How do I go about figuring capability vs functionality mapping. ~nirmal -- The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Container broadcast address
On Fri, Feb 4, 2011 at 4:08 PM, Daniel Lezcano daniel.lezc...@free.fr wrote: On 02/04/2011 03:43 PM, Andre Nathan wrote: Hello I have the following container network configuration: lxc.network.type = veth lxc.network.link = br0 lxc.network.flags = up lxc.network.ipv4 = 192.168.0.2/24 lxc.network.name = eth0 When the container starts up, this is how its eth0 interface is configured: eth0 Link encap:Ethernet HWaddr 2e:bd:69:e3:ed:d3 inet addr:192.168.0.2 Bcast:192.168.0.0 Mask:255.255.255.0 inet6 addr: fe80::2cbd:69ff:fee3:edd3/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:12 errors:0 dropped:0 overruns:0 frame:0 TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1124 (1.1 KB) TX bytes:866 (866.0 B) The broadcast address should be 192.168.0.255. Is there a way I can set this? lxc.network.ipv4 = 192.168.0.2/24 192.168.0.255 Actually, I just noticed in my case too inet 192.168.1.7/24 brd 192.168.1.0 Shouldn't it be 192.168.1.255 by default? -Nirmal -- The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] How are pseudorandom MACs selected?
On Wed, Feb 2, 2011 at 6:25 PM, Trent W. Buck t...@cybersource.com.au wrote: Brian K. White br...@aljex.com writes: I just use 02:00:ip address which ends up being automatically unique enough to not collide with anything else on your subnet assuming you already know the ip's you want to use IP=192.168.0.50 # container nic IP HA=`printf 02:00:%x:%x:%x:%x ${IP//./ }` # generate a MAC from the IP I think I'll adopt a slight variation of this -- computing the MAC from the hostname, which are guaranteed by my site policy to be [a-z]{5}. Where 06 is an arbitrarily chosen local unicast range, $ f () { python -c print '06%010x' % int('$(LC_ALL=C tr $1 a-z 0-9a-p)',26); } $ f zorba 06b240be This allows my DHCP server to continue mapping MAC-IP, while actually getting it from a hostname (which policy says won't change). And I'll do this for all my containers, so that even containers that have automatically assigned IPs will be relatively persistent (because dnsmasq remembers MAC-IP leases and re-uses them preferentially). Provided container's hostname are unique across different hosts? ~nirmal -- Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Forwarding packets from host to container
On Tue, Jan 11, 2011 at 5:35 PM, Nirmal Guhan vavat...@gmail.com wrote: On Tue, Jan 11, 2011 at 5:34 PM, Nirmal Guhan vavat...@gmail.com wrote: On Tue, Jan 11, 2011 at 5:25 PM, Nirmal Guhan vavat...@gmail.com wrote: Hi, How do I forward packets (ethernet frames included) from host to container. I plan to run a packet capture program (tcpdump for instance) within container that will capture the packets coming to host eth1 interface. I tried both using bridge and iptables but they do not seem to help. iptables -A FORWARD -i eth1 -o br1 -j ACCEPT and/or iptables -A FORWARD -i eth1 -o vethZtPPol -j ACCEPT Instead of the above, I also tried adding host eth1 to br1 but still tcpdump from container cannot see the packets sent to eth1 from external world. I use fedora 12 for both host and container. xc.network.type = veth lxc.network.link = br1 lxc.network.name = eth1 lxc.network.flags = up lxc.network.mtu = 1500 -Nirmal An update : If I connect host eth1 to a bridge br2 and add lxc.network.type = veth lxc.network.link = br2 lxc.network.name = eth2 lxc.network.flags = up lxc.network.mtu = 1500 I can then see packets coming into eth2 (basically echo reply from external machine) but not the ones going out. Kindly help. -Nirmal A typo : packets coming into eth1 of the host... Still trying...Any help on this will be much appreciated!! -Nirmal -- Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Forwarding packets from host to container
On Wed, Jan 12, 2011 at 12:42 PM, Daniel Lezcano daniel.lezc...@free.fr wrote: On 01/12/2011 02:25 AM, Nirmal Guhan wrote: Hi, How do I forward packets (ethernet frames included) from host to container. I plan to run a packet capture program (tcpdump for instance) within container that will capture the packets coming to host eth1 interface. I tried both using bridge and iptables but they do not seem to help. iptables -A FORWARD -i eth1 -o br1 -j ACCEPT and/or iptables -A FORWARD -i eth1 -o vethZtPPol -j ACCEPT Instead of the above, I also tried adding host eth1 to br1 but still tcpdump from container cannot see the packets sent to eth1 from external world. I use fedora 12 for both host and container. xc.network.type = veth lxc.network.link = br1 lxc.network.name = eth1 lxc.network.flags = up lxc.network.mtu = 1500 What about just moving the physical eth1 within the container directly instead of trying to forward the trafic ? Curious to know how to achieve that!! Meanwhile, I might still need the eth1 in host for other reasons. I just need the packet capturing utility to work inside the container and capture the packets sent over eth1 to *wherever*. ~Nirmal -- Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Forwarding packets from host to container
On Wed, Jan 12, 2011 at 2:07 PM, Nirmal Guhan vavat...@gmail.com wrote: On Wed, Jan 12, 2011 at 1:45 PM, Daniel Lezcano daniel.lezc...@free.fr wrote: On 01/12/2011 10:28 PM, Nirmal Guhan wrote: On Wed, Jan 12, 2011 at 12:42 PM, Daniel Lezcanodaniel.lezc...@free.fr wrote: On 01/12/2011 02:25 AM, Nirmal Guhan wrote: Hi, How do I forward packets (ethernet frames included) from host to container. I plan to run a packet capture program (tcpdump for instance) within container that will capture the packets coming to host eth1 interface. I tried both using bridge and iptables but they do not seem to help. iptables -A FORWARD -i eth1 -o br1 -j ACCEPT and/or iptables -A FORWARD -i eth1 -o vethZtPPol -j ACCEPT Instead of the above, I also tried adding host eth1 to br1 but still tcpdump from container cannot see the packets sent to eth1 from external world. I use fedora 12 for both host and container. xc.network.type = veth lxc.network.link = br1 lxc.network.name = eth1 lxc.network.flags = up lxc.network.mtu = 1500 What about just moving the physical eth1 within the container directly instead of trying to forward the trafic ? Curious to know how to achieve that!! lxc.network.type = phys lxc.network.link = eth1 lxc.network.name = eth1 lxc.network.flags = up Of course, the host won't be able to use this interface while it is in the container ;) Meanwhile, I might still need the eth1 in host for other reasons. I just need the packet capturing utility to work inside the container and capture the packets sent over eth1 to *wherever*. Mmh, hard to achieve. The network is isolated and you are trying to get rid of it. Maybe the bonding is a good alternative to the bridge, not sure ... http://en.wikipedia.org/wiki/Channel_bonding But lxc should be modified to take care of it at the configuration level. -- Daniel Thanks. I was thinking adding host eth1 and container eth1 to the same bridge (as done now), container veth should be able to see the ethernet frames. It actually sees some packets (like echo reply) but not all. Am I missing anything? ~nirmal I worked it around by capturing the packet in eth1 and fwding it to the veth of container using libpcap. ~Nirmal -- Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] how to use routing with LXC?
On Fri, Jan 7, 2011 at 5:39 PM, Mike deb...@good-with-numbers.com wrote: The instructions that I've seen for LXC suggest creating a bridge in the host, placing its name in lxc.network.link. On a diskless system I have eth0 eth1, and create the bridge on eth1. I can't put eth0 in a bridge, because it's the port for the NFS root. But when I want traffic to go from the container's port to (the host's) eth0, I don't see how to direct that--I don't think that's even possible. It instead goes out eth1 to the next hop, where the eth0 address isn't even routeable. So it seems that a router configuration for LXC is what I want. I've done this in Xen, using their vif-route script. How would that work with LXC? -- Gaining the trust of online customers is vital for the success of any company that requires sensitive data to be transmitted over the Web. Learn how to best implement a security strategy that keeps consumers' information secure and instills the confidence they need to proceed with transactions. http://p.sf.net/sfu/oracle-sfdevnl ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users Did you try macvlan instead of veth? ~Nirmal -- Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] Forwarding packets from host to container
Hi, How do I forward packets (ethernet frames included) from host to container. I plan to run a packet capture program (tcpdump for instance) within container that will capture the packets coming to host eth1 interface. I tried both using bridge and iptables but they do not seem to help. iptables -A FORWARD -i eth1 -o br1 -j ACCEPT and/or iptables -A FORWARD -i eth1 -o vethZtPPol -j ACCEPT Instead of the above, I also tried adding host eth1 to br1 but still tcpdump from container cannot see the packets sent to eth1 from external world. I use fedora 12 for both host and container. xc.network.type = veth lxc.network.link = br1 lxc.network.name = eth1 lxc.network.flags = up lxc.network.mtu = 1500 -Nirmal -- Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Forwarding packets from host to container
On Tue, Jan 11, 2011 at 5:25 PM, Nirmal Guhan vavat...@gmail.com wrote: Hi, How do I forward packets (ethernet frames included) from host to container. I plan to run a packet capture program (tcpdump for instance) within container that will capture the packets coming to host eth1 interface. I tried both using bridge and iptables but they do not seem to help. iptables -A FORWARD -i eth1 -o br1 -j ACCEPT and/or iptables -A FORWARD -i eth1 -o vethZtPPol -j ACCEPT Instead of the above, I also tried adding host eth1 to br1 but still tcpdump from container cannot see the packets sent to eth1 from external world. I use fedora 12 for both host and container. xc.network.type = veth lxc.network.link = br1 lxc.network.name = eth1 lxc.network.flags = up lxc.network.mtu = 1500 -Nirmal An update : If I connect host eth1 to a bridge br2 and add lxc.network.type = veth lxc.network.link = br2 lxc.network.name = eth2 lxc.network.flags = up lxc.network.mtu = 1500 I can then see packets coming into eth2 (basically echo reply from external machine) but not the ones going out. Kindly help. -Nirmal -- Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Forwarding packets from host to container
On Tue, Jan 11, 2011 at 5:34 PM, Nirmal Guhan vavat...@gmail.com wrote: On Tue, Jan 11, 2011 at 5:25 PM, Nirmal Guhan vavat...@gmail.com wrote: Hi, How do I forward packets (ethernet frames included) from host to container. I plan to run a packet capture program (tcpdump for instance) within container that will capture the packets coming to host eth1 interface. I tried both using bridge and iptables but they do not seem to help. iptables -A FORWARD -i eth1 -o br1 -j ACCEPT and/or iptables -A FORWARD -i eth1 -o vethZtPPol -j ACCEPT Instead of the above, I also tried adding host eth1 to br1 but still tcpdump from container cannot see the packets sent to eth1 from external world. I use fedora 12 for both host and container. xc.network.type = veth lxc.network.link = br1 lxc.network.name = eth1 lxc.network.flags = up lxc.network.mtu = 1500 -Nirmal An update : If I connect host eth1 to a bridge br2 and add lxc.network.type = veth lxc.network.link = br2 lxc.network.name = eth2 lxc.network.flags = up lxc.network.mtu = 1500 I can then see packets coming into eth2 (basically echo reply from external machine) but not the ones going out. Kindly help. -Nirmal A typo : packets coming into eth1 of the host... -- Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] GUI container
On Fri, Dec 10, 2010 at 2:40 PM, Christoph Willing c.will...@uq.edu.au wrote: On 11/12/2010, at 1:04 AM, Matto Fransen wrote: Hi, On Thu, Dec 09, 2010 at 10:21:49PM -0800, Nirmal Guhan wrote: Has anyone tried running a GUI app (firefox for instance) inside a container or as an application container? Just want to know if this requires any special steps before I tread that path. Am using Fedora 12 for both host and container. It is no problem to run GUI apps in a container. I have set up one of my containers as an X-server. From an old laptop I do X -query ip-number and run the window-manager that is installed on the container. You can use ssh -X to log in into the container and start your X-app. Most of my containers are without X (run level 3). When I have one that needs a X environment I start an Xvfb with a simple window manager (mwm) using a boot script. When I need gui type access to it, I run x11vnc in the container and access that environment from anywhere with vncviewer. chris Christoph Willing +61 7 3365 8316 QCIF Access Grid Manager University of Queensland Do I need to start container with X (level 5?). I tried these steps : 1. Start container in level 3. 2. lxc-console into container 3. Run Xvfb (that returned error as) #Xvfb :0 -screen 0 1024x768x16 -ac SELinux: Invalid object class mapping, disabling SELinux support. (EE) AIGLX error: dlopen of /usr/lib/dri/swrast_dri.so failed (/usr/lib/dri/swrast_dri.so: cannot open shared object file: No such file or directory) (EE) GLX: could not load software renderer 4. Run mwm # mwm Error: Can't open display: 0.0 I have set display to 0.0 If I start Xvfb with no options I still get the above errors. Any idea on what I am missing? Thanks, Nirmal -- Lotusphere 2011 Register now for Lotusphere 2011 and learn how to connect the dots, take your collaborative environment to the next level, and enter the era of Social Business. http://p.sf.net/sfu/lotusphere-d2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] GUI container
On Thu, Dec 16, 2010 at 12:06 PM, Nirmal Guhan vavat...@gmail.com wrote: On Fri, Dec 10, 2010 at 2:40 PM, Christoph Willing c.will...@uq.edu.au wrote: On 11/12/2010, at 1:04 AM, Matto Fransen wrote: Hi, On Thu, Dec 09, 2010 at 10:21:49PM -0800, Nirmal Guhan wrote: Has anyone tried running a GUI app (firefox for instance) inside a container or as an application container? Just want to know if this requires any special steps before I tread that path. Am using Fedora 12 for both host and container. It is no problem to run GUI apps in a container. I have set up one of my containers as an X-server. From an old laptop I do X -query ip-number and run the window-manager that is installed on the container. You can use ssh -X to log in into the container and start your X-app. Most of my containers are without X (run level 3). When I have one that needs a X environment I start an Xvfb with a simple window manager (mwm) using a boot script. When I need gui type access to it, I run x11vnc in the container and access that environment from anywhere with vncviewer. chris Christoph Willing +61 7 3365 8316 QCIF Access Grid Manager University of Queensland Do I need to start container with X (level 5?). I tried these steps : 1. Start container in level 3. 2. lxc-console into container 3. Run Xvfb (that returned error as) #Xvfb :0 -screen 0 1024x768x16 -ac SELinux: Invalid object class mapping, disabling SELinux support. (EE) AIGLX error: dlopen of /usr/lib/dri/swrast_dri.so failed (/usr/lib/dri/swrast_dri.so: cannot open shared object file: No such file or directory) (EE) GLX: could not load software renderer 4. Run mwm # mwm Error: Can't open display: 0.0 I have set display to 0.0 If I start Xvfb with no options I still get the above errors. Any idea on what I am missing? Thanks, Nirmal Worked after setting the display to ipaddress:0. BTW, a naive question. Is it possible to start the container itself in level 5 as I do for host so I don't have to use vnc stuff ? --Nirmal -- Lotusphere 2011 Register now for Lotusphere 2011 and learn how to connect the dots, take your collaborative environment to the next level, and enter the era of Social Business. http://p.sf.net/sfu/lotusphere-d2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] GUI container
On Thu, Dec 16, 2010 at 3:54 PM, Christoph Willing c.will...@uq.edu.au wrote: On 17/12/2010, at 9:40 AM, Nirmal Guhan wrote: On Thu, Dec 16, 2010 at 12:06 PM, Nirmal Guhan vavat...@gmail.com wrote: On Fri, Dec 10, 2010 at 2:40 PM, Christoph Willing c.will...@uq.edu.au wrote: On 11/12/2010, at 1:04 AM, Matto Fransen wrote: Hi, On Thu, Dec 09, 2010 at 10:21:49PM -0800, Nirmal Guhan wrote: Has anyone tried running a GUI app (firefox for instance) inside a container or as an application container? Just want to know if this requires any special steps before I tread that path. Am using Fedora 12 for both host and container. It is no problem to run GUI apps in a container. I have set up one of my containers as an X-server. From an old laptop I do X -query ip-number and run the window-manager that is installed on the container. You can use ssh -X to log in into the container and start your X-app. Most of my containers are without X (run level 3). When I have one that needs a X environment I start an Xvfb with a simple window manager (mwm) using a boot script. When I need gui type access to it, I run x11vnc in the container and access that environment from anywhere with vncviewer. Do I need to start container with X (level 5?). I tried these steps : 1. Start container in level 3. 2. lxc-console into container 3. Run Xvfb (that returned error as) #Xvfb :0 -screen 0 1024x768x16 -ac SELinux: Invalid object class mapping, disabling SELinux support. (EE) AIGLX error: dlopen of /usr/lib/dri/swrast_dri.so failed (/usr/lib/dri/swrast_dri.so: cannot open shared object file: No such file or directory) (EE) GLX: could not load software renderer 4. Run mwm # mwm Error: Can't open display: 0.0 I have set display to 0.0 If I start Xvfb with no options I still get the above errors. Any idea on what I am missing? Thanks, Nirmal Worked after setting the display to ipaddress:0. BTW, a naive question. Is it possible to start the container itself in level 5 as I do for host so I don't have to use vnc stuff ? I haven't tried it but it may work if you have a different physical display available - maybe even a different graphics card is needed. If you have the host and container each at run level 5 then they would each be running an X server. I don't think they could both control the same graphics card - you'd probably need 1 card for each X server. I'm just guessing though ... chris Christoph Willing +61 7 3365 8316 QCIF Access Grid Manager University of Queensland May be I wasn't clear. My host is at level 3 always. So can the container be at level 5 and I don't have to use xvnc but just start my GUI Apps from the container itself ? --Nirmal -- Lotusphere 2011 Register now for Lotusphere 2011 and learn how to connect the dots, take your collaborative environment to the next level, and enter the era of Social Business. http://p.sf.net/sfu/lotusphere-d2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] GUI container
On Fri, Dec 10, 2010 at 2:40 PM, Christoph Willing c.will...@uq.edu.au wrote: On 11/12/2010, at 1:04 AM, Matto Fransen wrote: Hi, On Thu, Dec 09, 2010 at 10:21:49PM -0800, Nirmal Guhan wrote: Has anyone tried running a GUI app (firefox for instance) inside a container or as an application container? Just want to know if this requires any special steps before I tread that path. Am using Fedora 12 for both host and container. It is no problem to run GUI apps in a container. I have set up one of my containers as an X-server. From an old laptop I do X -query ip-number and run the window-manager that is installed on the container. You can use ssh -X to log in into the container and start your X-app. Most of my containers are without X (run level 3). When I have one that needs a X environment I start an Xvfb with a simple window manager (mwm) using a boot script. When I need gui type access to it, I run x11vnc in the container and access that environment from anywhere with vncviewer. chris Christoph Willing +61 7 3365 8316 QCIF Access Grid Manager University of Queensland Thanks for all the replies. I will try and let this forum know how it goes. Thanks, Nirmal -- Oracle to DB2 Conversion Guide: Learn learn about native support for PL/SQL, new data types, scalar functions, improved concurrency, built-in packages, OCI, SQL*Plus, data movement tools, best practices and more. http://p.sf.net/sfu/oracle-sfdev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Container taking over host tty
On Thu, Nov 4, 2010 at 3:19 PM, Duc-Saysana HOANG d.ho...@numericable.com wrote: On Sun, 31 Oct 2010 18:42:43 + thewanderer thewande...@gim11.pl wrote: My configuration file is as follows: lxc.utsname = rkaw.pl lxc.tty = 2 lxc.network.type = veth lxc.network.flags = up lxc.network.link = lbrpriv lxc.network.hwaddr = 4a:00:00:00:00:01 lxc.network.ipv4 = 10.0.7.1/24 lxc.cgroup.cpuset.cpus = 0 lxc.cgroup.cpu.shares = 1000 lxc.cgroup.memory.max_usage_in_bytes = 536870912 lxc.rootfs = /srv/vz/private/121 lxc.mount = /srv/vz/private/121.fstab lxc.cgroup.devices.deny = a lxc.cgroup.devices.allow = c 5:1 rwm lxc.cgroup.devices.allow = c 5:0 rwm lxc.cgroup.devices.allow = c 4:0 rwm lxc.cgroup.devices.allow = c 4:1 rwm # /dev/null and zero lxc.cgroup.devices.allow = c 1:3 rwm lxc.cgroup.devices.allow = c 1:5 rwm # /dev/{,u}random lxc.cgroup.devices.allow = c 1:9 rwm lxc.cgroup.devices.allow = c 1:8 rwm # /dev/pts/* - pts namespaces are coming soon lxc.cgroup.devices.allow = c 136:* rwm lxc.cgroup.devices.allow = c 5:2 rwm I thought that setting lxc.tty to 2 would prevent the container from accessing my host's ttys. However, I am logged in on tty1 and when I run `lxc-start -n rkaw` I see the boot output on tty1 and my console is captured a while after. tty2 is also affected - even lines go into the container and odd lines get delivered to the host system. How to isolate the container's ttys from my own ttys and be able to do `lxc-console`? I'm at a loss. Debian Squeeze/Sid amd64, kernel 2.6.36 with all needed features on, cgroup mounted, lxc utilities 0.7.3. Oh, and is `lxc-ls` supposed to show _two_ entries of rkaw, one per line? -- Nokia and ATT present the 2010 Calling All Innovators-North America contest Create new apps games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users Hello, When you execute 'lxc-start -n rkaw' it launch your container in foreground. Your current console is attached to the processus lxc-start. That's why you see all the boot messages of your container in your current consoles (tty1 and tty2) because some boot messages are sent to STDERR, not STDOUT ... Well my guess may be wrong though. If you do not want to lanch your container with your current console attached to it, you have to launch lxc-start as a daemon with option -d. You can add -o option too to tell lxc-start to send all his logs to the given (log) file. Hope that can help. Cheers, D.S.HOANG -- The Next 800 Companies to Lead America's Growth: New Video Whitepaper David G. Thomson, author of the best-selling book Blueprint to a Billion shares his insights and actions to help propel your business during the next growth cycle. Listen Now! http://p.sf.net/sfu/SAP-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users Have you set up /dev/tty* in your container properly i.e not shared with host? -Nirmal -- The Next 800 Companies to Lead America's Growth: New Video Whitepaper David G. Thomson, author of the best-selling book Blueprint to a Billion shares his insights and actions to help propel your business during the next growth cycle. Listen Now! http://p.sf.net/sfu/SAP-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] container not pinging default gw
On Thu, Nov 4, 2010 at 2:31 AM, Daniel Lezcano daniel.lezc...@free.fr wrote: On 11/04/2010 01:28 AM, Nirmal Guhan wrote: On Tue, Nov 2, 2010 at 6:05 PM, Nirmal Guhanvavat...@gmail.com wrote: What could be the reason for container not able to ping the default gw while host can do? I use macvlan instead of bridge. Do I need to configure something in the host? -Nirmal Just realized my gw is actually a private IP (vmnet). While host can ping it, am not able to do from within container. Is this something that anyone has faced before? You can ping the addresses between macvlan only if you set the network with: lxc.network.macvlan.mode=bridge and you set your gateway address on a macvlan on the host. Thanks. Is this supposed to work in 2.6.32 ? It didn't work for me. I tried these : ip link add link eth0 name myvmnet address 00:aa:bb:cc:dd:ee type macvlan mode bridge ifconfig myvmnet gwaddr up and then in my lxc config lxc.network.type = macvlan lxc.network.macvlan.mode = bridge lxc.network.link = myvmnet lxc.network.ipv4 = x.y.z.p/24 lxc.network.name = eth0 lxc.network.flags = up lxc.network.mtu = 1500 I still can't ping the gwaddr from container. Also after a while my host hung as my root is at a nfs location. Not sure if these are related. -Nirmal -- The Next 800 Companies to Lead America's Growth: New Video Whitepaper David G. Thomson, author of the best-selling book Blueprint to a Billion shares his insights and actions to help propel your business during the next growth cycle. Listen Now! http://p.sf.net/sfu/SAP-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] container not pinging default gw
On Tue, Nov 2, 2010 at 6:05 PM, Nirmal Guhan vavat...@gmail.com wrote: What could be the reason for container not able to ping the default gw while host can do? I use macvlan instead of bridge. Do I need to configure something in the host? -Nirmal Just realized my gw is actually a private IP (vmnet). While host can ping it, am not able to do from within container. Is this something that anyone has faced before? -Nirmal -- The Next 800 Companies to Lead America's Growth: New Video Whitepaper David G. Thomson, author of the best-selling book Blueprint to a Billion shares his insights and actions to help propel your business during the next growth cycle. Listen Now! http://p.sf.net/sfu/SAP-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Two virtual interfaces in a container
On Mon, Oct 25, 2010 at 4:15 AM, Daniel Lezcano daniel.lezc...@free.fr wrote: On 10/25/2010 07:24 AM, Nirmal Guhan wrote: On Sun, Oct 24, 2010 at 3:07 PM, Daniel Lezcanodlezc...@fr.ibm.com wrote: [ snip ] How does it work when I have eth0 in lxc attached to br0? I still assign IP to eth0 in this case as part of lxc config. Is this a special case where IP is required for interface attached to the bridge? I assume you are talking about a veth + bridge, right ? The network stacks are separated between the host and the container and the veth is a pass-through network device, it is a pair device (vethA - vethB). When the packets are injected to vethA, they are received by vethB and when they are injected to vethB, they are received by vethA. Practically, when the container is created, the vethA is attached to the bridge and vethB is moved inside the container and renamed eth0 for convenience. No IP address is assigned to vethA but it is assigned to vethB. Assuming you have an IP address 1.2.3.4 on vethB and another host with the IP 1.2.3.5, if you ping from the container to the host, here is what happens: (container) : search the route for dest address 1.2.3.5 (container) : found the dev where to send packet is eth0 (aka vethB) (container) : send the packet to this device (host) : the packet arrives from vethA (host) : the bridge hooks the packet (host) : lookup the destination with the mac @ (host) : send the packet on all the ports (host) : the packet goes through the real device eth0 (peer) : the packet arrives to the peer and this one answers (host) : the packet arrives on the real device eth0 (host) : the packet is hooked by the bridge code (host) : the bridge look for the dest mac @ and find vethA (host) : the bridge send the packet to vethA (container) : the packet arrives to eth0 (aka vethB) Thanks for the detailed explanation. So, if I have multiple interfaces (eth, tap) attached to bridge, I will assign IP to bridge. As I tested, I was also able to assign IP to tap interface attached to bridge (so there are two IPs and still ping both of them. Only missing piece is - bridge is a layer 2 device that can take an L3 IP too :-) This helps me, though!! ~Nirmal -- Nokia and ATT present the 2010 Calling All Innovators-North America contest Create new apps games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Two virtual interfaces in a container
On Sun, Oct 24, 2010 at 3:07 PM, Daniel Lezcano dlezc...@fr.ibm.com wrote: On 10/23/2010 12:48 AM, Nirmal Guhan wrote: On Tue, Oct 19, 2010 at 3:58 PM, Serge E. Hallyn serge.hal...@canonical.com wrote: Quoting Nirmal Guhan (vavat...@gmail.com): On Tue, Oct 19, 2010 at 3:03 PM, Serge E. Hallyn serge.hal...@canonical.com wrote: Quoting Serge E. Hallyn (serge.hal...@canonical.com): Quoting Nirmal Guhan (vavat...@gmail.com): Hi, I have a requirement to create two virtual interfaces (eth0, eth1) in a linux container and separate traffic between the two based on ip route. Basically eth0 (or eth1) should be used for external world and eth1 for communication terminating at host. How do I go about doing this? I created two interfaces in the config and can see both of them in the container. lxc.network.type = veth lxc.network.link = br0 lxc.network.ipv4 = 128.107.159.183/22 lxc.network.name = eth0 lxc.network.flags = up lxc.network.mtu = 1500 lxc.network.type = veth lxc.network.link = br0 If you want eth1 to be connected internally only, then shouldn't you create a bridge br1, and use that here? Don't connect br1 to the physical nic, and you'll have your host-only bridge. Ok. This is what I did. #brctl addbr br1 Modified above config to lxc.network.link=br1 for eth1 and removed eth0 so there is only one i/f. Since br1 is not attached to nic, how do I now test host-guest communication.Obviously I can't reach eth0 ip from lxc. Easiest and most telling wrt whether your setup will work, would be to create a second container the same way, and try to ping or nc to each other. -serge Thanks. Pinging between containers work. Going back to my original query, I need a tap interface as well in the bridge so it is actually tap-bridge-veth on container . So I created a tap 'gtap' interface in the host and added it to br1. Assinged IP to gtap and tried to ping from the container but that does not work. Here are some add'l info : 26: gtap:BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500 link/ether fa:ad:bb:c0:d4:4c brd ff:ff:ff:ff:ff:ff inet 192.168.1.15/24 brd 192.168.1.255 scope global gtap inet6 fe80::f8ad:bbff:fec0:d44c/64 scope link valid_lft forever preferred_lft forever 27: br1:BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue state UNKNOWN link/ether 92:e1:7e:95:4d:bc brd ff:ff:ff:ff:ff:ff inet6 fe80::f8ad:bbff:fec0:d44c/64 scope link valid_lft forever preferred_lft forever [128:~]$ brctl show bridge name bridge id STP enabled interfaces br1 8000.92e17e954dbc no gtap veths4EgPK $ ip route show 192.168.1.0/24 dev gtap proto kernel scope link src 192.168.1.15 $sbin/arp Address HWtype HWaddress Flags Mask Iface 192.168.1.10 (incomplete) gtap From container: $ip route show 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.10 $ /sbin/arp Address HWtype HWaddress Flags Mask Iface 192.168.1.15 (incomplete) eth1 Do I assign IP address to br1 instead of gtap? Yep, IP addresses must go to the bridge. No IP should be assigned to a interface attached to the bridge. -- Daniel How does it work when I have eth0 in lxc attached to br0? I still assign IP to eth0 in this case as part of lxc config. Is this a special case where IP is required for interface attached to the bridge? -Nirmal -- Nokia and ATT present the 2010 Calling All Innovators-North America contest Create new apps games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Two virtual interfaces in a container
On Fri, Oct 22, 2010 at 3:48 PM, Nirmal Guhan vavat...@gmail.com wrote: On Tue, Oct 19, 2010 at 3:58 PM, Serge E. Hallyn serge.hal...@canonical.com wrote: Quoting Nirmal Guhan (vavat...@gmail.com): On Tue, Oct 19, 2010 at 3:03 PM, Serge E. Hallyn serge.hal...@canonical.com wrote: Quoting Serge E. Hallyn (serge.hal...@canonical.com): Quoting Nirmal Guhan (vavat...@gmail.com): Hi, I have a requirement to create two virtual interfaces (eth0, eth1) in a linux container and separate traffic between the two based on ip route. Basically eth0 (or eth1) should be used for external world and eth1 for communication terminating at host. How do I go about doing this? I created two interfaces in the config and can see both of them in the container. lxc.network.type = veth lxc.network.link = br0 lxc.network.ipv4 = 128.107.159.183/22 lxc.network.name = eth0 lxc.network.flags = up lxc.network.mtu = 1500 lxc.network.type = veth lxc.network.link = br0 If you want eth1 to be connected internally only, then shouldn't you create a bridge br1, and use that here? Don't connect br1 to the physical nic, and you'll have your host-only bridge. Ok. This is what I did. #brctl addbr br1 Modified above config to lxc.network.link=br1 for eth1 and removed eth0 so there is only one i/f. Since br1 is not attached to nic, how do I now test host-guest communication.Obviously I can't reach eth0 ip from lxc. Easiest and most telling wrt whether your setup will work, would be to create a second container the same way, and try to ping or nc to each other. -serge Thanks. Pinging between containers work. Going back to my original query, I need a tap interface as well in the bridge so it is actually tap-bridge-veth on container . So I created a tap 'gtap' interface in the host and added it to br1. Assinged IP to gtap and tried to ping from the container but that does not work. Here are some add'l info : 26: gtap: BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500 link/ether fa:ad:bb:c0:d4:4c brd ff:ff:ff:ff:ff:ff inet 192.168.1.15/24 brd 192.168.1.255 scope global gtap inet6 fe80::f8ad:bbff:fec0:d44c/64 scope link valid_lft forever preferred_lft forever 27: br1: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue state UNKNOWN link/ether 92:e1:7e:95:4d:bc brd ff:ff:ff:ff:ff:ff inet6 fe80::f8ad:bbff:fec0:d44c/64 scope link valid_lft forever preferred_lft forever [128:~]$ brctl show bridge name bridge id STP enabled interfaces br1 8000.92e17e954dbc no gtap veths4EgPK $ ip route show 192.168.1.0/24 dev gtap proto kernel scope link src 192.168.1.15 $sbin/arp Address HWtype HWaddress Flags Mask Iface 192.168.1.10 (incomplete) gtap From container: $ip route show 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.10 $ /sbin/arp Address HWtype HWaddress Flags Mask Iface 192.168.1.15 (incomplete) eth1 Do I assign IP address to br1 instead of gtap? Thanks, Nirmal Here is an update : After adding a route as ip route add 192.168.1.0/24 dev br1 I can ping tap interface from container. But two weird things : 1.tcpdump -i gtap does not show any packet but tcpdump -i br1 shows the packets. 2. If I bring down gtap as in ifconfig gtap down am still able to ping gtap ip with the above ip route configured. Still looking for reasoning... -Nirmal -- Nokia and ATT present the 2010 Calling All Innovators-North America contest Create new apps games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Two virtual interfaces in a container
On Tue, Oct 19, 2010 at 3:58 PM, Serge E. Hallyn serge.hal...@canonical.com wrote: Quoting Nirmal Guhan (vavat...@gmail.com): On Tue, Oct 19, 2010 at 3:03 PM, Serge E. Hallyn serge.hal...@canonical.com wrote: Quoting Serge E. Hallyn (serge.hal...@canonical.com): Quoting Nirmal Guhan (vavat...@gmail.com): Hi, I have a requirement to create two virtual interfaces (eth0, eth1) in a linux container and separate traffic between the two based on ip route. Basically eth0 (or eth1) should be used for external world and eth1 for communication terminating at host. How do I go about doing this? I created two interfaces in the config and can see both of them in the container. lxc.network.type = veth lxc.network.link = br0 lxc.network.ipv4 = 128.107.159.183/22 lxc.network.name = eth0 lxc.network.flags = up lxc.network.mtu = 1500 lxc.network.type = veth lxc.network.link = br0 If you want eth1 to be connected internally only, then shouldn't you create a bridge br1, and use that here? Don't connect br1 to the physical nic, and you'll have your host-only bridge. Ok. This is what I did. #brctl addbr br1 Modified above config to lxc.network.link=br1 for eth1 and removed eth0 so there is only one i/f. Since br1 is not attached to nic, how do I now test host-guest communication.Obviously I can't reach eth0 ip from lxc. Easiest and most telling wrt whether your setup will work, would be to create a second container the same way, and try to ping or nc to each other. -serge Thanks. Pinging between containers work. Going back to my original query, I need a tap interface as well in the bridge so it is actually tap-bridge-veth on container . So I created a tap 'gtap' interface in the host and added it to br1. Assinged IP to gtap and tried to ping from the container but that does not work. Here are some add'l info : 26: gtap: BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500 link/ether fa:ad:bb:c0:d4:4c brd ff:ff:ff:ff:ff:ff inet 192.168.1.15/24 brd 192.168.1.255 scope global gtap inet6 fe80::f8ad:bbff:fec0:d44c/64 scope link valid_lft forever preferred_lft forever 27: br1: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue state UNKNOWN link/ether 92:e1:7e:95:4d:bc brd ff:ff:ff:ff:ff:ff inet6 fe80::f8ad:bbff:fec0:d44c/64 scope link valid_lft forever preferred_lft forever [128:~]$ brctl show bridge name bridge id STP enabled interfaces br1 8000.92e17e954dbc no gtap veths4EgPK $ ip route show 192.168.1.0/24 dev gtap proto kernel scope link src 192.168.1.15 $sbin/arp Address HWtype HWaddress Flags MaskIface 192.168.1.10 (incomplete) gtap From container: $ip route show 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.10 $ /sbin/arp Address HWtype HWaddress Flags MaskIface 192.168.1.15 (incomplete) eth1 Do I assign IP address to br1 instead of gtap? Thanks, Nirmal -- Nokia and ATT present the 2010 Calling All Innovators-North America contest Create new apps games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] Two virtual interfaces in a container
Hi, I have a requirement to create two virtual interfaces (eth0, eth1) in a linux container and separate traffic between the two based on ip route. Basically eth0 (or eth1) should be used for external world and eth1 for communication terminating at host. How do I go about doing this? I created two interfaces in the config and can see both of them in the container. lxc.network.type = veth lxc.network.link = br0 lxc.network.ipv4 = 128.107.159.183/22 lxc.network.name = eth0 lxc.network.flags = up lxc.network.mtu = 1500 lxc.network.type = veth lxc.network.link = br0 lxc.network.ipv4 = 128.107.159.185/22 lxc.network.name = eth1 lxc.network.flags = up 159: eth0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state UP qlen 1000 161: eth1: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state UP qlen 1000 The problem is using eth1, I cannot ping the default gw. # ip route show 128.107.156.0/22 dev eth0 proto kernel scope link src 128.107.159.183 128.107.156.0/22 dev eth1 proto kernel scope link src 128.107.159.185 default via 128.107.159.175 dev eth1 Added host as well in the route as just adding default gw didn't work default via 128.107.156.2 dev eth1 default gw default via 128.107.156.2 dev eth0 BTW, I run 2.6.32 + fedora 12. Thanks, Nirmal -- Download new Adobe(R) Flash(R) Builder(TM) 4 The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly Flex(R) Builder(TM)) enable the development of rich applications that run across multiple browsers and platforms. Download your free trials today! http://p.sf.net/sfu/adobe-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Two virtual interfaces in a container
On Tue, Oct 19, 2010 at 3:03 PM, Serge E. Hallyn serge.hal...@canonical.com wrote: Quoting Serge E. Hallyn (serge.hal...@canonical.com): Quoting Nirmal Guhan (vavat...@gmail.com): Hi, I have a requirement to create two virtual interfaces (eth0, eth1) in a linux container and separate traffic between the two based on ip route. Basically eth0 (or eth1) should be used for external world and eth1 for communication terminating at host. How do I go about doing this? I created two interfaces in the config and can see both of them in the container. lxc.network.type = veth lxc.network.link = br0 lxc.network.ipv4 = 128.107.159.183/22 lxc.network.name = eth0 lxc.network.flags = up lxc.network.mtu = 1500 lxc.network.type = veth lxc.network.link = br0 If you want eth1 to be connected internally only, then shouldn't you create a bridge br1, and use that here? Don't connect br1 to the physical nic, and you'll have your host-only bridge. Ok. This is what I did. #brctl addbr br1 Modified above config to lxc.network.link=br1 for eth1 and removed eth0 so there is only one i/f. Since br1 is not attached to nic, how do I now test host-guest communication.Obviously I can't reach eth0 ip from lxc. (BTW, I assume that the reason you failed to ping then was that your eth1 in the container had an address on a different subnet, and - I assume - there was no route known on the host to that subnet. I could be wrong, but since your test seemed to be unrelated to your end goal I thought I'd comment first on how to do what you want) It is in same subnet. I think it was to do with ip route setup. --Nirmal -serge -- Download new Adobe(R) Flash(R) Builder(TM) 4 The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly Flex(R) Builder(TM)) enable the development of rich applications that run across multiple browsers and platforms. Download your free trials today! http://p.sf.net/sfu/adobe-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Error starting a container - could not unmount old rootfs
On Wed, Sep 22, 2010 at 1:14 AM, Daniel Lezcano daniel.lezc...@free.fr wrote: On 09/22/2010 09:50 AM, Nirmal Guhan wrote: On Wed, Sep 22, 2010 at 12:36 AM, Daniel Lezcanodaniel.lezc...@free.fr wrote: On 09/22/2010 06:25 AM, Nirmal Guhan wrote: Hi, When starting a container, am getting an error as : lxc-start: Device or resource busy - could not unmount old rootfs lxc-start: failed to pivot_root to '/lxc/f12' lxc-start: failed to set rootfs for 'f12connew' lxc-start: failed to setup the container My config is very simple : lxc.utsname = f12connew lxc.rootfs = /lxc/f12 lxc.mount = /lxc/f12.fstab lxc.tty = 3 Am running 2.6.32.16 kernel. Am able to start the same container while running the same kernel with only one difference - the one that does NOT work has CONFIG_MACVLAN=y but I doubt if that is the issue. Please help. What is the lxc version ? lxc version: 0.6.5. Please note that the lxc version is same across the working and non-working kernels. Mmh, this problem was solved with the 0.7.2 version I think, is it possible to try it ? It works. Thanks. Can I understand the reason for 0.6.5 error? It didn't show up always. -Nirmal -- Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Launch multiple apps in exactly on container
On Fri, Sep 17, 2010 at 3:33 AM, Jon Nordby jono...@gmail.com wrote: On 17 September 2010 06:55, Jue Hong hon...@gmail.com wrote: BKW, you're right. Now we're going to use the method as you say. But, being able to start apps outside is really convenient in some cases :) It is. Before the kernel stuff for attach lands, you can use ssh for this purpose as a workaround. You mean ssh for a container started using lxc-execute? I was hoping this was possible only if sshd was running within container (and /sbin/init). I usually use lxc-execute to run a specific application and wonder how ssh is possible. Please enlighten. --Nirmal -- Regards Jon Nordby - www.jonnor.com -- Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] port numbers for containers
Hi, Want to know if port numbers are virtualized for containers or do the containers and host share the port space ? Please let me know. --Nirmal -- This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] port numbers for containers
On Wed, Aug 11, 2010 at 11:05 AM, Serge Hallyn serge.hal...@canonical.com wrote: Quoting Nirmal Guhan (vavat...@gmail.com): On Wed, Aug 11, 2010 at 5:06 AM, Serge Hallyn serge.hal...@canonical.com wrote: Quoting Nirmal Guhan (vavat...@gmail.com): Hi, Want to know if port numbers are virtualized for containers or do the containers and host share the port space ? Please let me know. Wrong layer. If the container shares a network namespace with the host, then it shares its networking. If it has its own network namespace, then it has its own entire network stack. So no, 'port space' isn't virtualized.vs.shared, but the network devices are. Thanks. How do I configure the container to have its own network stack? I did cat /etc/lxc-basic.conf EOF lxc.network.type=veth lxc.network.link=virbr0 lxc.network.flags=up EOF lxc-create -n ubuntu1 -f /etc/lxc-basic.conf -t ubuntu Thanks. If I do macvlan, I assume there is no separate network namespace and hence ports will be shared and otherwise(veth) not ? --Nirmal -serge -- This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] usb devices
On Mon, Aug 2, 2010 at 6:07 PM, Toby Corkindale toby.corkind...@strategicdata.com.au wrote: On 03/08/10 09:04, Nirmal Guhan wrote: Hi, Am running fedora 12 with 2.6.32.10-90.fc12.i686 kernel. Currently I use bind mount to access usb disks. For instance : /media /lxc/f12/usbdisk none bind 0 0 udev mounts usb devices on /media. There are some issues with this approach : 1) Since this is hard coded config, it has to be updated everytime the mount point (/media in this case) changes. 2) If I unmount /media from the host, the container can still access the disk from /usbdisk i.e ls /usbdisk and other operations work within container but not /media from the host. How is this possible ? 3) By #2, I assume there is some sort of usb pass-through within container? Is this true ? No, it's not true. There is no special USB pass-thru to the container. By making a bind-mount, you are replicating part of the filesystem so that it is inside the bit of the filesystem that LXC is using. This is done at the filesystem level - not at the USB level. This explains why you can still access it after unmounting at the host level. You have effectively mounted it twice, so it needs to be unmounted from both locations too. Ah! yes. Good catch. 4) Hot swap does not work within the container. After usb device is reinserted, container cannot recognize it but host can. 5) mount within the container always displays just one single line while I have few more in fstab including the above /media stuff. none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) Again, that's because of the way LXC works with the filesystem. Perhaps you could just bind-mount the whole /media directory into the guest containers, to their /media directory? That might work better for you, although still not quite what you want. Thanks Toby. I doubt if this will address #1 and #4 above. Basically, how to make hot swap work? Or what are the workaround to get notifications if I have to manually mount/umount. -Toby -- The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] usb devices
Hi, Am running fedora 12 with 2.6.32.10-90.fc12.i686 kernel. Currently I use bind mount to access usb disks. For instance : /media /lxc/f12/usbdisk none bind 0 0 udev mounts usb devices on /media. There are some issues with this approach : 1) Since this is hard coded config, it has to be updated everytime the mount point (/media in this case) changes. 2) If I unmount /media from the host, the container can still access the disk from /usbdisk i.e ls /usbdisk and other operations work within container but not /media from the host. How is this possible ? 3) By #2, I assume there is some sort of usb pass-through within container? Is this true ? 4) Hot swap does not work within the container. After usb device is reinserted, container cannot recognize it but host can. 5) mount within the container always displays just one single line while I have few more in fstab including the above /media stuff. none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) Are there better ways of doing this ? Basically support dynamic devices possibly by making udev work within container ? -Nirmal -- The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] Dual NIC support
Assuming I have a two NIC system, is it possible to assign a NIC exclusively per container ? Traffic to NIC 1 get routed to container 1 and NIC 2 to container 2 ? Please let me know. --Nirmal -- This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] User space driver
On Mon, Jun 28, 2010 at 4:18 PM, Serge E. Hallyn serge.hal...@canonical.com wrote: Quoting Nirmal Guhan (vavat...@gmail.com): I need to add user space device driver from a container and the driver is specific to the container (host won't see it). Is it possible to do so? I hope so but wanted to confirm before I start (and any other things I should keep in mind). Please let me know. --Nirmal Forgive my ignorance. Can you point me to an example of how you insert such a driver, and how it interacts with the kernel? I would assume it talks iocts over some device file... In any case it's certainly doable, but likely not with any pretense of protecting the other containers or the host from that driver. -serge I stand corrected. I just want to create my driver the usual way (in kernel space) but want to differentiate between the host and container accesses. Host accesses to /dev/mydevice may have higher privileges than container accesses. Is there a way to differentiate between the requestors (host vs container) ? --Nirmal -- This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] User space driver
I need to add user space device driver from a container and the driver is specific to the container (host won't see it). Is it possible to do so? I hope so but wanted to confirm before I start (and any other things I should keep in mind). Please let me know. --Nirmal -- This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Help with Wikipedia entries
Wayne, Couple of questions based on the wiki (same as what I had asked earlier today) : 1. Isn't MIPS support available yet? 2. Are tools licensed under GPLv2 or v3? Thanks, Nirmal On Mon, Jun 21, 2010 at 9:06 PM, Wayne Sherman wsher...@gmail.com wrote: I notice there is not much information regarding lxc Linux Containers on Wikipedia so I added some entries on these pages: http://en.wikipedia.org/wiki/Comparison_of_platform_virtual_machines#General_information http://en.wikipedia.org/wiki/Operating_system-level_virtualization#Implementations The entries are not complete and may not be entirely correct, so please feel free to make corrections and fill in the details if you have more information. Thanks, Wayne -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Networking Qs
On Fri, Jun 18, 2010 at 9:39 AM, Daniel Lezcano daniel.lezc...@free.fr wrote: On 06/17/2010 06:49 PM, Nirmal Guhan wrote: Hi, Any reason why we require bridging in the host for lxc ? Am not able to setup IP address for the container unless I configure bridge in the host. You can use the macvlan but the container -- host communication won't work. Not sure what am doing wrong but container -- gateway too does not work with macvlan. If I change it back to veth and bridge it works fine. So just wondering what is the point of configuring macvlan? Am I missing anything? Also couple of other questions : 1. Can I configure container and host be in different networks / subnets (assuming I have multiple interfaces) ? I can't try this yet as I just have one interface. 2. Does container and host use different routing tables / VRFs ? Yes, the virtualization begins at the network layer 2 and a virtual interface is created for the container. Look at the lxc.conf man page and the doc/examples configuration files. A quick start: lxc-execute -n foo -s lxc.network.type=macvlan -s lxc.network.link=eth0 -s lxc.network.flags=up -s lxc.network.ipv4=1.2.3.4 -- /bin/bash -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] Reboot from container
Hi, I gave a reboot command (accidently) from container. Although it did not reboot the system, it made it less functional. All the vtys were closed and could not open any new terminal. Had to reboot the system to make it functional again. Have any one seen such behavior ? This is with 2.6.32 kernel. --Nirmal -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] Networking Qs
Hi, Any reason why we require bridging in the host for lxc ? Am not able to setup IP address for the container unless I configure bridge in the host. Also couple of other questions : 1. Can I configure container and host be in different networks / subnets (assuming I have multiple interfaces) ? I can't try this yet as I just have one interface. 2. Does container and host use different routing tables / VRFs ? --Nirmal -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] IPC between containers
On Mon, Jun 7, 2010 at 5:21 PM, Brian K. White br...@aljex.com wrote: On 6/7/2010 7:51 PM, Nirmal Guhan wrote: Hi, Is there a way to use shared memory between the containers? Any other better/faster IPC mechanisms? I don't want to use sockets. Please let me know. Fifos on shared filesystem on the host? Multiply hardlinked files on the host which appear in the same place in each container? Except I don't know how you could safely allow more than one client mount the fs except read-only, other than by means which are ultimately sockets just with fs overhead on top of that. (various network and distributed filesystems, and distributed ipc, distributed locking systems, all are network based) Or if the multiple-hardlink idea doesn't actually work, I guess you could put an incron job on the host which has access to all the container's fs's and can watch a special directory in the same place in all containers fs's and whenever a file is modified in one container, incrond on the host notices and replicates it in all other containers. None of this sounds as good as ordinary socket communications, which is my point. The whole point of a container is to ensure that exactly that (IPC) can't happen so I am tempted to say if you don't want something which contains, then don't use containers. -- bkw I would prefer using the RAM for performance, something like /dev/shm. I tried mounting /dev/shm of host on container using mount --bind and it works. I don't know if this is preferable though. Is there a similar implementation(to /dev/shm) that is more secure and can be used across containers? Or anything on the cards? --Nirmal -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] File sharing between host and container during startup
On Sun, Jun 6, 2010 at 11:16 AM, Daniel Lezcano daniel.lezc...@free.frwrote: On 06/04/2010 05:44 PM, Nirmal Guhan wrote: Hi, I tried to extend the fstab as below: /etc/resolv.conf /lxc/lenny/rootfs.lenny/etc/ resolv.conf none bind 0 0 /test /testdir none bind 0 0--- I added this line From the host : # ls /testdir a b c From the container : [r...@test-fedora lenny]# chroot rootfs.lenny/ test-fedora:/# ls /test test-fedora:/# But when I do lxc-start I get an error as : #lxc-start -n lencon lxc-start: No such file or directory - failed to mount '/test' on '/testdir' Basically what am trying to do is to share the host library files (/lib) between the containers. Any clues on the error above? Please let me know. Also, any better way to share the files between host and container will be helpful. Hi Nimal, I am not sure to understand what you are trying to achieve. You created a system container, but you want to launch it as an application container. Can you give your use case if possible, so I may be able to give more clues on how to set ip up. Thanks -- Daniel Hi Daniel, I want to run my application on fedora as a container and use the libraries (/lib, /usr/lib) from the host (so my application container size is small). I did lxc-create but lxc-execute failed (I had sent a mail earlier on this). Suggestion was to use lxc-start itself and run as system container. I changed the fstab file and could share the lib directory. Please let me know if there are better solution for my use case. I would like to try it too. Thanks, -Nirmal -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] File sharing between host and container during startup
Hi, I tried to extend the fstab as below: /etc/resolv.conf /lxc/lenny/rootfs.lenny/etc/ resolv.conf none bind 0 0 /test /testdir none bind 0 0 --- I added this line From the host : # ls /testdir a b c From the container : [r...@test-fedora lenny]# chroot rootfs.lenny/ test-fedora:/# ls /test test-fedora:/# But when I do lxc-start I get an error as : #lxc-start -n lencon lxc-start: No such file or directory - failed to mount '/test' on '/testdir' Basically what am trying to do is to share the host library files (/lib) between the containers. Any clues on the error above? Please let me know. Also, any better way to share the files between host and container will be helpful. --Nirmal -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] Questions on lxc-execute
Have few questions on lxc-execute : 1) Getting an error as : [r...@guhan-fedora lxc]# lxc-execute --name=centos /bin/bash lxc-execute: No such file or directory - failed to exec /usr/libexec/lxc-init [r...@guhan-fedora lxc]# lxc-execute --name=centos -- /bin/bash lxc-execute: No such file or directory - failed to exec /usr/libexec/lxc-init [r...@guhan-fedora lxc]# ls -l /usr/libexec/lxc-init -rwxr-xr-x. 1 root root 8004 2010-02-17 21:38 /usr/libexec/lxc-init 2) Can the container run only one application at a time - such as one instance of lxc-execute ? So do I have to create multiple containers if I have to lxc-execute multiple applications or if I want to run lxc-start and lxc-execute in parallel ? From the man pages, it looks like the case but please clarify. 3) Related to #2 above. While I can understand multiple lxc-start does not make sense, any reason for preventing two lxc-execute? Thanks, Nirmal -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] LXC bringup issue on Fedora
Hi, Am trying to get lenny (latest debian from http://ftp.us.debian.org/debian) run as a container on Fedora12 with 2.6.32.13 kernel and running into below error : lxc-start -n lennycont SELinux: Could not open policy file = /etc/selinux/targeted/policy/policy.24: No such file or directory INIT: version 2.86 booting INIT: Entering runlevel: 2 Starting enhanced syslogd: rsyslogd. Starting periodic command scheduler: crond. INIT: Id 4 respawning too fast: disabled for 5 minutes INIT: Id 2 respawning too fast: disabled for 5 minutes INIT: Id T1 respawning too fast: disabled for 5 minutes INIT: Id 1 respawning too fast: disabled for 5 minutes INIT: Id 5 respawning too fast: disabled for 5 minutes INIT: Id 3 respawning too fast: disabled for 5 minutes INIT: Id T0 respawning too fast: disabled for 5 minutes INIT: Id 6 respawning too fast: disabled for 5 minutes INIT: no more processes left in this runlevel My config file is as below : lxc.utsname = lennycont lxc.network.type = veth lxc.network.flags = up lxc.network.link = br0 lxc.network.ipv4 = 128.107.159.180/22 lxc.network.name = eth0 lxc.rootfs = /lxc/lenny-chroot lxc.mount = /lxc/lenny.fstab lxc.tty = 1 fstab : none /lxc/lenny-chroot/dev/pts devpts defaults 0 0 none /lxc/lenny-chroot/procproc defaults 0 0 none /lxc/lenny-chroot/sys sysfs defaults 0 0 none /lxc/lenny-chroot/dev/shm tmpfs defaults 0 0 I googled and found some solutions but none of them worked for me :-( Could you please help? Thanks, Nirmal -- ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] LXC bringup issue on Fedora
Hi Andy, Thanks for the reply. I tried these steps and it is hung for other (unknown) reasons now. Please see my latest post. Any help will be much appreciated. --Nirmal On Wed, Jun 2, 2010 at 1:00 AM, atp andrew.phill...@lmax.com wrote: Nirmal, From a quick look I'd suggest you investigate your lxc.tty setting. You've allowed a single tty for your container. Its likely that your container is starting gettys for more than one tty. They're dying immediately, hence the respawning too fast. Either reduce the number of ttys, or increase the lxc.tty setting (and make the dev special files in the container /dev) Andy On Wed, 2010-06-02 at 00:20 -0700, Nirmal Guhan wrote: Hi, Am trying to get lenny (latest debian from http://ftp.us.debian.org/debian) run as a container on Fedora12 with 2.6.32.13 kernel and running into below error : lxc-start -n lennycont SELinux: Could not open policy file = /etc/selinux/targeted/policy/policy.24: No such file or directory INIT: version 2.86 booting INIT: Entering runlevel: 2 Starting enhanced syslogd: rsyslogd. Starting periodic command scheduler: crond. INIT: Id 4 respawning too fast: disabled for 5 minutes INIT: Id 2 respawning too fast: disabled for 5 minutes INIT: Id T1 respawning too fast: disabled for 5 minutes INIT: Id 1 respawning too fast: disabled for 5 minutes INIT: Id 5 respawning too fast: disabled for 5 minutes INIT: Id 3 respawning too fast: disabled for 5 minutes INIT: Id T0 respawning too fast: disabled for 5 minutes INIT: Id 6 respawning too fast: disabled for 5 minutes INIT: no more processes left in this runlevel My config file is as below : lxc.utsname = lennycont lxc.network.type = veth lxc.network.flags = up lxc.network.link = br0 lxc.network.ipv4 = 128.107.159.180/22 lxc.network.name = eth0 lxc.rootfs = /lxc/lenny-chroot lxc.mount = /lxc/lenny.fstab lxc.tty = 1 fstab : none /lxc/lenny-chroot/dev/pts devpts defaults 0 0 none /lxc/lenny-chroot/procproc defaults 0 0 none /lxc/lenny-chroot/sys sysfs defaults 0 0 none /lxc/lenny-chroot/dev/shm tmpfs defaults 0 0 I googled and found some solutions but none of them worked for me :-( Could you please help? Thanks, Nirmal -- ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users Andrew Phillips Head of Systems www.lmax.com Office: +44 203 1922509 Mobile: +44 (0)7595 242 900 LMAX | Level 2, Yellow Building | 1 Nicholas Road | London | W11 4AN The information in this e-mail and any attachment is confidential and is intended only for the named recipient(s). The e-mail may not be disclosed or used by any person other than the addressee, nor may it be copied in any way. If you are not a named recipient please notify the sender immediately and delete any copies of this message. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Any view or opinions presented are solely those of the author and do not necessarily represent those of the company. -- ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users