Re: [systemd-devel] container /proc/filesystems owned by nobody:can't upgrade

2017-10-03 Thread arnaud gaboury
On 10/03/2017 05:19 PM, Mike Gilbert wrote:
> On Tue, Oct 3, 2017 at 4:01 AM, arnaud gaboury
> <arnaud.gabo...@gmail.com> wrote:
>> My host is Archlinux, nspawn container is Fedora 26. Kernel is 4.13.3
>> I can't fully upgrade my container as some files are owned by
>> nobody:nobody and can't change to root. An example is filesystems.
>> When upgrading, it returns error: < error: unpacking of archive
>> failed on file /proc: cpio: chown > $ ls -a /proc: /proc/filesystems
>> -r--r--r-- 1 nobody nobody 0 Oct 3 09:53 filesystems # chown
>> root:root /proc/filesystems chown: changing ownership of
>> '/proc/filesystems': Operation not permitted Same kind of error with
>> a few other packages. Can someone please help me to find a solution?
>> Thank you
> I find it strange that a package upgrade would be trying to install
> the /proc directory on a running system. That's a directory that
> should only really be touched when performing an initial install; any
> other time, /proc will be mounted already and packages should not
> touch it. I would report this as a bug to Arch.
If it is a bug, it shall be reported on Fedora, which is the OS running
in the container, and not Arch which is the host.



signature.asc
Description: OpenPGP digital signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] container /proc/filesystems owned by nobody:can't upgrade

2017-10-03 Thread arnaud gaboury
On 10/03/2017 04:35 PM, Anthony Joseph Messina wrote:
> On Tuesday, October 3, 2017 3:01:25 AM CDT arnaud gaboury wrote:
>> My host is Archlinux, nspawn container is Fedora 26. Kernel is 4.13.3
>> I can't fully upgrade my container as some files are owned by
>> nobody:nobody and can't change to root. An example is filesystems.
>> When upgrading, it returns error: < error: unpacking of archive
>> failed on file /proc: cpio: chown > $ ls -a /proc: /proc/filesystems
>> -r--r--r-- 1 nobody nobody 0 Oct 3 09:53 filesystems # chown
>> root:root /proc/filesystems chown: changing ownership of
>> '/proc/filesystems': Operation not permitted Same kind of error with
>> a few other packages. Can someone please help me to find a solution?
>> Thank you
> In my experience, certain packages need to be installed/upgraded from
> outside the container to work around this. httpd is another one (if
> using user namespacing) since it sets file attributes on /usr/sbin/httpd.
httpd is indeed one the few package I can't upgrade.
> On a Fedora host (and a Fedora container), I do something like dnf
> --releasever=26 --nogpgcheck \
> --installroot=/var/lib/machines/mymachine --disablerepo='*' \
> --enablerepo=fedora --enablerepo=updates upgrade filesystem httpd I'm
> think Arch will also have a command to install/update files in the
> container from the outside.

I will investigate this direction.
Thank you for your hints.
>
>
> ___ systemd-devel mailing
> list systemd-devel@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/systemd-devel


signature.asc
Description: OpenPGP digital signature
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] container /proc/filesystems owned by nobody:can't upgrade

2017-10-03 Thread arnaud gaboury
My host is Archlinux, nspawn container is Fedora 26. Kernel is 4.13.3

I can't fully upgrade my container as some files are owned by
nobody:nobody and can't change to root. An example is filesystems. When
upgrading, it returns error:
< error: unpacking of archive failed on file /proc: cpio: chown >
$ ls -a /proc:
/proc/filesystems    -r--r--r--   1 nobody  nobody 0
Oct  3 09:53 filesystems

# chown root:root /proc/filesystems
chown: changing ownership of '/proc/filesystems': Operation not permitted

Same kind of error with a few other packages.

Can someone please help me to find a solution? Thank you



___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] access /proc of nspwan container

2017-09-20 Thread arnaud gaboury
For some reasons (custom kernel with user namespace activated) my
container filesystem owners and permissions has lots of errors. In
short, some files/folders belong to nobody/nobody when in fact they
should be owned by root:root.
I can manage to partially fix things from the host where I can chown
vu-poppy-0:vg-poppy-0 (poppy is obviously container name) the
files/folders. I can use too the fuidshift command . I say partially as
the owner group will always stay nobody.

But i have a problem when it comes to upgrade (container is Fedora, host
Arch) some packages, filesystem being one of them. To upgrade, the
system needs access to /proc/filesystems which is unfortunately owned by
nobody:nobody and can't be changed from host.  And the proc folder is
empty for the host, so I can't chwon from host.

How can I access (if I can) container /proc from host?

In general, to solve this annoying owner issue in container
(nobody:nobody), I was thinking making root part of the nobody group. I
know this is a hack, but is there any troubles down the road in doing this?

Thank you for help or hints.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] no user dbus session in container

2017-07-19 Thread arnaud gaboury
On Wed, Jul 19, 2017 at 2:18 PM Simon McVittie <s...@collabora.com> wrote:

> On Wed, 19 Jul 2017 at 09:31:36 +0000, arnaud gaboury wrote:
> > Do I really need a per user dbsu session in my container?
>
> I don't know. Do you? You haven't said anything about how you start the
> container,


With the systemd-nspawn@ default unit file with a small override

% cat /etc/systemd/system/systemd-nspawn@.service.d/override.conf


[Service]
ExecStart=
ExecStart=/usr/bin/systemd-nspawn --quiet --keep-unit --boot
--link-journal=try-guest --network-bridge=br0 -U --settings=override
--machine=%i --bind-ro=/home/gabx
--bind=/home/gabx/share:/home/poisonivy/share


how you log in to the container,


sudo machinectl login poppy


> what its purpose is, or how
> (if at all) its purpose interacts with the session bus.
>

the machine is a web server with http, ssh, ftp, postfix...

>
> Again, the only advice I can give you based on the information you
> provided is to read the system log and look for error messages.
>

I am on the journal

>
> If you believe you have found a bug in some component (systemd or dbus
> or your container manager), the first step in resolving that bug is
> to describe in detail how the bug can be reproduced, including all the
> steps taken and any error messages that result from them.
>
> Since the trigger for this regression was a Fedora upgrade, Fedora support
> channels might be a more useful source of help and information than the
> systemd upstream mailing list (but I suspect the first things they will
> ask you to do are to describe the steps to reproduce the issue and check
> the system log, so you might as well do those first, and include them
> in your request for help).
>

Thank you again for your patience and answers.

>
> S
>
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] permissions issues in systemd machine

2017-07-19 Thread arnaud gaboury
Here is my environment:
Linux kernel 4.11.3 with usernamespace set to YES

 % systemctl --version
systemd 233
+PAM -AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP
+GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN
default-hierarchy=hybrid

% machinectl list
MACHINE CLASS SERVICEOS VERSION ADDRESSES
poppy   container systemd-nspawn fedora 26  192.168.1.94...

% machinectl show poppy
Name=poppy
Id=59b720b533834a4eafe07a62c2482266
Timestamp=Wed 2017-07-12 22:07:15 CEST
TimestampMonotonic=6928076
Service=systemd-nspawn
Unit=systemd-nspawn@poppy.service
Leader=648
Class=container
RootDirectory=/var/lib/machines/poppy
State=running

Now first issue:
--

On container
% systemctl status user@1000.service
● user@1000.service - User Manager for UID 1000
   Loaded: loaded (/usr/lib/systemd/system/user@.service; static; vendor
preset: disabled)
   Active: failed (Result: protocol) since Wed 2017-07-19 01:59:29 CEST; 9h
ago
 Main PID: 264 (code=exited, status=237/KEYRING)

Jul 19 01:59:29 thetradinghall.com systemd[1]: Starting User Manager for
UID 1000...
Jul 19 01:59:29 thetradinghall.com systemd[264]: user@1000.service: Failed
at step KEYRING spawning /usr/lib/systemd/systemd: Permission denied
Jul 19 01:59:29 thetradinghall.com systemd[1]: Failed to start User Manager
for UID 1000.
Jul 19 01:59:29 thetradinghall.com systemd[1]: user@1000.service: Unit
entered failed state.
Jul 19 01:59:29 thetradinghall.com systemd[1]: user@1000.service: Failed
with result 'protocol'.

Everything looks OK when running systemd binary out from unit file:
% ls -al /usr/lib/systemd/systemd
-rwxr-xr-x 1 root root 1.2M Jun 27 23:49 /usr/lib/systemd/systemd*
% /usr/lib/systemd/systemd --v
systemd 233
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP
+GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN
default-hierarchy=hybrid

Can anyone give me some hints why the unit file screams Permission denied?

Second issue:
-

on host : $ mkdir ~/share ; $ touch ~/share/toto
on container: $ mkdir ~/share ;

I start the container with unit file:
% cat /etc/systemd/system/systemd-nspawn@.service.d/override.conf


[Service]
ExecStart=
ExecStart=/usr/bin/systemd-nspawn --quiet --keep-unit --boot
--link-journal=try-guest --network-bridge=br0 -U --settings=override
--machine=%i --bind-ro=/home/gabx
--bind=/home/gabx/share:/home/poisonivy/share

Now on container:
 % ls -al share
total 4.0K
drwxr-xr-x 2 nobodynobody4.0K Jul 19 01:59 ./
drwx-- 1 poisonivy poisonivy  786 Jul 19 01:46 ../
-rw-r--r-- 1 nobodynobody   0 Jul 19 01:59 toto

Why this nobody ? I can see this behavior a lot on my container. Example:

$ ls -al /proc
...
-r--r--r--   1 nobody  nobody 0 Jul 19 11:47 devices
-r--r--r--   1 nobody  nobody 0 Jul 19 11:47 diskstats
-r--r--r--   1 nobody  nobody 0 Jul 19 11:47 dma
-r--r--r--   1 nobody  nobody 0 Jul 19 11:47 execdomains
-r--r--r--   1 nobody  nobody 0 Jul 19 11:47 fb
.

When looking at these folders from host:
# ls -al $POPPY/home/poisonivy/share
total 0
drwxrwxr-x 1 vu-poppy-1000 vg-poppy-1000   0 Jul 19 01:46 ./
drwx-- 1 vu-poppy-1000 vg-poppy-1000 786 Jul 19 01:46 ../
Please note that file toto is not seen

Same user:group for /proc

This comes certainly from my username space being set in Kernel. How can I
deal with nobody as I can't change it?
poisonivy@thetradinghall ➤➤ ~ % chown poisonivy:poisonivy share
chown: changing ownership of 'share': Operation not permitted


Thank you for help/hints with these permissions issues. It starts to be
difficult to run properly my container.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] no user dbus session in container

2017-07-19 Thread arnaud gaboury
On Tue, Jul 18, 2017 at 3:09 PM Simon McVittie <s...@collabora.com> wrote:

> On Fri, 14 Jul 2017 at 12:36:12 +0000, arnaud gaboury wrote:
> > After upgrade from Fedora 25 to 26, there is no more user dbus session
> for user
> > in container.
> ...
> > On container, user can't connect to dbus session, and I have no idea why.
> > May someone please give me some hints on how to debug this issue?
>
> Please start by reading the system log (the Journal).
>
> The chain of events that is meant to result in a D-Bus session bus is:
>
> * A user logging in (somehow) starts a login session
> * The login session starts an instance of `systemd --user`
> * `systemd --user` starts the dbus.socket user service, listening on
>   that user's $XDG_RUNTIME_DIR/bus
> * Some client in the login session interacts with the session bus
> * As a side-effect of connecting to $XDG_RUNTIME_DIR/bus,
>   `systemd --user` starts the dbus.service user service
>   (dbus-daemon --session --address=systemd:)
> * The dbus-daemon accepts the client's connection
>


I can't tell in the container the variable
 DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus. I have tried many
places (~/.pam_environment; /etc/systemd/system/user@.service.d/local.conf;
~/.config/systemd/user.conf).
Could it be at the root of my issue? Do I really need a per user dbsu
session in my container?

>
> The system log should tell you which step in that chain of events is
> no longer happening.
>
> S
> ___
> systemd-devel mailing list
> systemd-devel@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/systemd-devel
>
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] no user dbus session in container

2017-07-14 Thread arnaud gaboury
 % systemctl --version
systemd 233
+PAM -AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP
+GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN
default-hierarchy=hybrid

% machinectl list
MACHINE CLASS SERVICEOS VERSION ADDRESSES
poppy   container systemd-nspawn fedora 26  192.168.1.94...

% machinectl show poppy
Name=poppy
Id=59b720b533834a4eafe07a62c2482266
Timestamp=Wed 2017-07-12 22:07:15 CEST
TimestampMonotonic=6928076
Service=systemd-nspawn
Unit=systemd-nspawn@poppy.service
Leader=648
Class=container
RootDirectory=/var/lib/machines/poppy
State=running

After upgrade from Fedora 25 to 26, there is no more user dbus session for
user in container.

On container:
$ ps -ef | grep dbus
5:dbus35 1  0 Jul13 ?00:00:00 /usr/bin/dbus-daemon
--system --address=systemd: --nofork --nopidfile --systemd-activation
--syslog-only
65:root  1195  1163  0 14:18 pts/000:00:00 grep -nI --color dbus

On host:
$ ps -ef | grep dbus
195:dbus   582 1  1 Jul12 ?00:21:57 /usr/bin/dbus-daemon
--system --address=systemd: --nofork --nopidfile --systemd-activation
204:gabx   614   602  0 Jul12 ?00:00:00 /usr/bin/dbus-daemon
--session --address=systemd: --nofork --nopidfile --systemd-activation
251:gabx  1593  1588  0 Jul12 ?00:00:00 /usr/bin/dbus-daemon
--config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork
--print-address 3
333:vu-popp+ 16543 16502  0 22:52 ?00:00:00 /usr/bin/dbus-daemon
--system --address=systemd: --nofork --nopidfile --systemd-activation
--syslog-only

On container, user can't connect to dbus session, and I have no idea why.
May someone please give me some hints on how to debug this issue? Thank you
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] Systemd weird behavior after upgrade -

2017-07-14 Thread arnaud gaboury
On Thu, Jul 13, 2017 at 11:58 PM Reindl Harald <h.rei...@thelounge.net>
wrote:

>
>
> Am 13.07.2017 um 23:40 schrieb arnaud gaboury:
> > (no HTML crapps)
>
> still HTML and no meaningful quoting to distinct your "i respond to
> myself" answer with your initial post - no idea what you expect by
> sending a bunch of mails with the same content within a few hours nor
> why you think it's a good idea to upgrade to F26 a dy after release if
> the system is important and you have no testing environment
>

I have been dealing for a while and worked hard on this issue. I don't need
your sarcasm neither your advise on going or not Fedora 26. but best a few
hints on how to solve my issues.

Your answer is worthless.

>
> additionally this is the upstzream mailing list and not the Fedora
> users-list nur the Fedora bugtracker - here you go:
> https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora
>
> > OS= Fedora 26
> > Linux container managed by machinectl
> >
> >   % systemctl --version
> > systemd 233
> > +PAM -AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP
> > +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS
> > +KMOD +IDN default-hierarchy=hybrid
> >
> > % machinectl list
> > MACHINE CLASS SERVICEOS VERSION ADDRESSES
> > poppy   container systemd-nspawn fedora 26  192.168.1.94...
> >
> > % machinectl show poppy
> > Name=poppy
> > Id=59b720b533834a4eafe07a62c2482266
> > Timestamp=Wed 2017-07-12 22:07:15 CEST
> > TimestampMonotonic=6928076
> > Service=systemd-nspawn
> > Unit=systemd-nspawn@poppy.service
> > Leader=648
> > Class=container
> > RootDirectory=/var/lib/machines/poppy
> > State=running
> >
> >
> >
> -
> >
> > After upgrade from Fedora 25 to 26, some services are broken.
> > Below are some broken service status
> >
> >
> > % systemctl status user@1000.service
> > ● user@1000.service - User Manager for UID 1000
> > Loaded: loaded (/usr/lib/systemd/system/user@.service; static;
> > vendor preset: disabled)
> > Active: failed (Result: protocol) since Wed 2017-07-12 22:09:45
> > CEST; 15h ago
> >   Main PID: 257 (code=exited, status=237/KEYRING)
> >
> > Jul 12 22:09:45 thetradinghall.com <http://thetradinghall.com>
> > systemd[1]: Starting User Manager for UID 1000...
> > Jul 12 22:09:45 thetradinghall.com <http://thetradinghall.com>
> > systemd[257]: user@1000.service: Failed at step KEYRING spawning
> > /usr/lib/systemd/systemd: Permission denied
> > Jul 12 22:09:45 thetradinghall.com <http://thetradinghall.com>
> > systemd[1]: Failed to start User Manager for UID 1000.
> > Jul 12 22:09:45 thetradinghall.com <http://thetradinghall.com>
> > systemd[1]: user@1000.service: Unit entered failed state.
> > Jul 12 22:09:45 thetradinghall.com <http://thetradinghall.com>
> > systemd[1]: user@1000.service: Failed with result 'protocol'.
> >
> >
> > %  systemctl status user.slice
> > ● user.slice - User and Session Slice
> > Loaded: loaded (/usr/lib/systemd/system/user.slice; static; vendor
> > preset: disabled)
> > Active: active since Wed 2017-07-12 22:07:15 CEST; 15h ago
> >   Docs: man:systemd.special(7)
> > CGroup: /user.slice
> > └─user-1000.slice
> >   ├─session-c1.scope
> >   │ ├─ 256 login -- poisonivy
> >   │ ├─ 258 -zsh
> >   │ ├─ 356 su
> >   │ ├─ 357 zsh
> >   │ ├─1553 systemctl status user.slice
> >   │ └─1554 less
> >   └─session-c2.scope
> > ├─449 login -- poisonivy
> > ├─450 -zsh
> > ├─494 su
> > ├─495 zsh
> > └─526 /usr/bin/python3 -O /usr/bin/ranger
> >
> > Jul 12 22:09:45 thetradinghall.com <http://thetradinghall.com>
> > systemd[1]: user.slice: Failed to set invocation ID on control group
> > /user.slice, ignoring: Operation not permitted
> >
> > % systemctl status opendkim.service
> > ● opendkim.service - DomainKeys Identified Mail (DKIM) Milter
> > Loaded: loaded (/usr/lib/systemd/system/opendkim.service; enabled;
> > vendor preset: disabled)
> >Drop-In: /etc/systemd/system/opendkim.service.d
> > └─override.conf
> > Active: failed (Result: exit-code) since Thu 2

[systemd-devel] Systemd weird behavior after upgrade -

2017-07-13 Thread arnaud gaboury
(no HTML crapps)


OS= Fedora 26
Linux container managed by machinectl

 % systemctl --version
systemd 233
+PAM -AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP
+GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN
default-hierarchy=hybrid

% machinectl list
MACHINE CLASS SERVICEOS VERSION ADDRESSES
poppy   container systemd-nspawn fedora 26  192.168.1.94...

% machinectl show poppy
Name=poppy
Id=59b720b533834a4eafe07a62c2482266
Timestamp=Wed 2017-07-12 22:07:15 CEST
TimestampMonotonic=6928076
Service=systemd-nspawn
Unit=systemd-nspawn@poppy.service
Leader=648
Class=container
RootDirectory=/var/lib/machines/poppy
State=running


-

After upgrade from Fedora 25 to 26, some services are broken.
Below are some broken service status


% systemctl status user@1000.service
● user@1000.service - User Manager for UID 1000
   Loaded: loaded (/usr/lib/systemd/system/user@.service; static; vendor
preset: disabled)
   Active: failed (Result: protocol) since Wed 2017-07-12 22:09:45 CEST;
15h ago
 Main PID: 257 (code=exited, status=237/KEYRING)

Jul 12 22:09:45 thetradinghall.com systemd[1]: Starting User Manager for
UID 1000...
Jul 12 22:09:45 thetradinghall.com systemd[257]: user@1000.service: Failed
at step KEYRING spawning /usr/lib/systemd/systemd: Permission denied
Jul 12 22:09:45 thetradinghall.com systemd[1]: Failed to start User Manager
for UID 1000.
Jul 12 22:09:45 thetradinghall.com systemd[1]: user@1000.service: Unit
entered failed state.
Jul 12 22:09:45 thetradinghall.com systemd[1]: user@1000.service: Failed
with result 'protocol'.


%  systemctl status user.slice
● user.slice - User and Session Slice
   Loaded: loaded (/usr/lib/systemd/system/user.slice; static; vendor
preset: disabled)
   Active: active since Wed 2017-07-12 22:07:15 CEST; 15h ago
 Docs: man:systemd.special(7)
   CGroup: /user.slice
   └─user-1000.slice
 ├─session-c1.scope
 │ ├─ 256 login -- poisonivy
 │ ├─ 258 -zsh
 │ ├─ 356 su
 │ ├─ 357 zsh
 │ ├─1553 systemctl status user.slice
 │ └─1554 less
 └─session-c2.scope
   ├─449 login -- poisonivy
   ├─450 -zsh
   ├─494 su
   ├─495 zsh
   └─526 /usr/bin/python3 -O /usr/bin/ranger

Jul 12 22:09:45 thetradinghall.com systemd[1]: user.slice: Failed to set
invocation ID on control group /user.slice, ignoring: Operation not
permitted

% systemctl status opendkim.service
● opendkim.service - DomainKeys Identified Mail (DKIM) Milter
   Loaded: loaded (/usr/lib/systemd/system/opendkim.service; enabled;
vendor preset: disabled)
  Drop-In: /etc/systemd/system/opendkim.service.d
   └─override.conf
   Active: failed (Result: exit-code) since Thu 2017-07-13 11:33:25 CEST;
2h 30min ago
 Docs: man:opendkim(8)
   man:opendkim.conf(5)
   man:opendkim-genkey(8)
   man:opendkim-genzone(8)


Jul 13 11:33:25 thetradinghall systemd[1]: Starting DomainKeys Identified
Mail (DKIM) Milter...
Jul 13 11:33:25 thetradinghall systemd[1243]: opendkim.service: Failed at
step KEYRING spawning /usr/sbin/opendkim: Permission denied

*N.B:* I can manually start opendkim as root


I have no ideas why these new issues. The only hint is the following one.
Hope below command outputs may help:

--

# /usr/lib/systemd/systemd --user
Failed to create compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/init.scope: Permission denied
Failed to attach 338 to compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or
directory
Failed to attach 247 to compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or
directory
Failed to attach 249 to compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or
directory
Failed to attach 305 to compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or
directory
Failed to attach 306 to compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or
directory
Failed to create compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/dbus.socket: Permission denied
Failed to attach 342 to compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/dbus.socket: No such file or
directory
Failed to create compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/sys-class.mount: Permission
denied

---

# ls -al /sys/fs/cgroup/
total 0
drwxr-xr-x 13 root   root   340 Jul 13 22:52 ./
drwxr-xr-x  4 root   root80 Jul 13 22:52 ../
drwxr-xr-x  2 nobody nobody   0 Jul 13 22:52 blkio/
drwxr-xr-x  2 nobody nobody   0 Jul 13 22:52 cpu,cpuacct/
dr-xr-xr-x  

Re: [systemd-devel] Systemd weird behavior after upgrade

2017-07-13 Thread arnaud gaboury
On Thu, Jul 13, 2017 at 11:02 PM arnaud gaboury <arnaud.gabo...@gmail.com>
wrote:

> On Thu, Jul 13, 2017 at 2:27 PM arnaud gaboury <arnaud.gabo...@gmail.com>
> wrote:
>
>>
>> OS= Fedora 26
>> Linux container managed by machinectl
>>
>>  % systemctl --version
>> systemd 233
>> +PAM -AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP
>> +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN
>> default-hierarchy=hybrid
>>
>> % machinectl list
>> MACHINE CLASS SERVICEOS VERSION ADDRESSES
>> poppy   container systemd-nspawn fedora 26  192.168.1.94...
>>
>> % machinectl show poppy
>> Name=poppy
>> Id=59b720b533834a4eafe07a62c2482266
>> Timestamp=Wed 2017-07-12 22:07:15 CEST
>> TimestampMonotonic=6928076
>> Service=systemd-nspawn
>> Unit=systemd-nspawn@poppy.service
>> Leader=648
>> Class=container
>> RootDirectory=/var/lib/machines/poppy
>> State=running
>>
>>
>>
>> -
>>
>> After upgrade from Fedora 25 to 26, some services are broken.
>> Below are some broken service status
>>
>>
>> % systemctl status user@1000.service
>> ● user@1000.service - User Manager for UID 1000
>>Loaded: loaded (/usr/lib/systemd/system/user@.service; static; vendor
>> preset: disabled)
>>Active: failed (Result: protocol) since Wed 2017-07-12 22:09:45 CEST;
>> 15h ago
>>  Main PID: 257 (code=exited, status=237/KEYRING)
>>
>> Jul 12 22:09:45 thetradinghall.com systemd[1]: Starting User Manager for
>> UID 1000...
>> Jul 12 22:09:45 thetradinghall.com systemd[257]: user@1000.service:
>> Failed at step KEYRING spawning /usr/lib/systemd/systemd: Permission denied
>> Jul 12 22:09:45 thetradinghall.com systemd[1]: Failed to start User
>> Manager for UID 1000.
>> Jul 12 22:09:45 thetradinghall.com systemd[1]: user@1000.service: Unit
>> entered failed state.
>> Jul 12 22:09:45 thetradinghall.com systemd[1]: user@1000.service: Failed
>> with result 'protocol'.
>>
>> *EDIT 1 *On container
>
> # /usr/lib/systemd/systemd --user
> Failed to create compat systemd cgroup
> /user.slice/user-1000.slice/session-c1.scope/init.scope: Permission denied
> Failed to attach 338 to compat systemd cgroup
> /user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or
> directory
> Failed to attach 247 to compat systemd cgroup
> /user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or
> directory
> Failed to attach 249 to compat systemd cgroup
> /user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or
> directory
> Failed to attach 305 to compat systemd cgroup
> /user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or
> directory
> Failed to attach 306 to compat systemd cgroup
> /user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or
> directory
> Failed to create compat systemd cgroup
> /user.slice/user-1000.slice/session-c1.scope/dbus.socket: Permission denied
> Failed to attach 342 to compat systemd cgroup
> /user.slice/user-1000.slice/session-c1.scope/dbus.socket: No such file or
> directory
> Failed to create compat systemd cgroup
> /user.slice/user-1000.slice/session-c1.scope/sys-class.mount: Permission
> denied
> .
>
> *EDIT 2 *on container

# ls -al /sys/fs/cgroup/
total 0
drwxr-xr-x 13 root   root   340 Jul 13 22:52 ./
drwxr-xr-x  4 root   root80 Jul 13 22:52 ../
drwxr-xr-x  2 nobody nobody   0 Jul 13 22:52 blkio/
drwxr-xr-x  2 nobody nobody   0 Jul 13 22:52 cpu,cpuacct/
dr-xr-xr-x  2 nobody nobody   0 Jul 12 22:07 cpuset/
drwxr-xr-x  2 nobody nobody   0 Jul 13 22:52 devices/
dr-xr-xr-x  2 nobody nobody   0 Jul 12 22:07 freezer/
drwxr-xr-x  2 nobody nobody   0 Jul 13 22:52 memory/
dr-xr-xr-x  2 nobody nobody   0 Jul 12 22:07 net_cls,net_prio/
dr-xr-xr-x  2 nobody nobody   0 Jul 12 22:07 perf_event/
drwxr-xr-x  2 nobody nobody   0 Jul 13 22:52 pids/
drwxr-xr-x  2 nobody nobody   0 Jul 13 22:52 systemd/

# chown root:root /sys/fs/cgroup/blkio
chown: changing ownership of '/sys/fs/cgroup/blkio': Operation not permitted

It seems again this nobody:nobody is causing troubles

On host
# ls -al $POPPY/sys/
total 0
dr-xr-xr-x 1 vu-poppy-0 vg-poppy-0   0 Aug 16  2014 ./
dr-xr-xr-x 1 vu-poppy-0 vg-poppy-0 236 Jul 13 14:21 ../


THT
>
>>
>> %  systemctl status user.slice
>> ● user.slice - User and Session Slice
>>Loaded: loaded (/usr/lib/systemd/system/user.slice; static; vendor
>> preset: disabled)
>>Active

Re: [systemd-devel] Systemd weird behavior after upgrade

2017-07-13 Thread arnaud gaboury
On Thu, Jul 13, 2017 at 2:27 PM arnaud gaboury <arnaud.gabo...@gmail.com>
wrote:

>
> OS= Fedora 26
> Linux container managed by machinectl
>
>  % systemctl --version
> systemd 233
> +PAM -AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP
> +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN
> default-hierarchy=hybrid
>
> % machinectl list
> MACHINE CLASS SERVICEOS VERSION ADDRESSES
> poppy   container systemd-nspawn fedora 26  192.168.1.94...
>
> % machinectl show poppy
> Name=poppy
> Id=59b720b533834a4eafe07a62c2482266
> Timestamp=Wed 2017-07-12 22:07:15 CEST
> TimestampMonotonic=6928076
> Service=systemd-nspawn
> Unit=systemd-nspawn@poppy.service
> Leader=648
> Class=container
> RootDirectory=/var/lib/machines/poppy
> State=running
>
>
>
> -
>
> After upgrade from Fedora 25 to 26, some services are broken.
> Below are some broken service status
>
>
> % systemctl status user@1000.service
> ● user@1000.service - User Manager for UID 1000
>Loaded: loaded (/usr/lib/systemd/system/user@.service; static; vendor
> preset: disabled)
>Active: failed (Result: protocol) since Wed 2017-07-12 22:09:45 CEST;
> 15h ago
>  Main PID: 257 (code=exited, status=237/KEYRING)
>
> Jul 12 22:09:45 thetradinghall.com systemd[1]: Starting User Manager for
> UID 1000...
> Jul 12 22:09:45 thetradinghall.com systemd[257]: user@1000.service:
> Failed at step KEYRING spawning /usr/lib/systemd/systemd: Permission denied
> Jul 12 22:09:45 thetradinghall.com systemd[1]: Failed to start User
> Manager for UID 1000.
> Jul 12 22:09:45 thetradinghall.com systemd[1]: user@1000.service: Unit
> entered failed state.
> Jul 12 22:09:45 thetradinghall.com systemd[1]: user@1000.service: Failed
> with result 'protocol'.
>
> *EDIT *On container

# /usr/lib/systemd/systemd --user
Failed to create compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/init.scope: Permission denied
Failed to attach 338 to compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or
directory
Failed to attach 247 to compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or
directory
Failed to attach 249 to compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or
directory
Failed to attach 305 to compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or
directory
Failed to attach 306 to compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/init.scope: No such file or
directory
Failed to create compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/dbus.socket: Permission denied
Failed to attach 342 to compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/dbus.socket: No such file or
directory
Failed to create compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/sys-class.mount: Permission
denied
Failed to create compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/dev-mqueue.mount: Permission
denied
Failed to create compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/sys-kernel.mount: Permission
denied
Failed to create compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/run-systemd-nspawn-incoming.mount:
Permission denied
Failed to create compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/proc-sys-net.mount: Permission
denied
Failed to create compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/db.mount: Permission denied
Failed to create compat systemd cgroup
/user.slice/user-1000.slice/session-c1.scope/sys-block.mount: Permission
denied
.

THT

>
> %  systemctl status user.slice
> ● user.slice - User and Session Slice
>Loaded: loaded (/usr/lib/systemd/system/user.slice; static; vendor
> preset: disabled)
>Active: active since Wed 2017-07-12 22:07:15 CEST; 15h ago
>  Docs: man:systemd.special(7)
>CGroup: /user.slice
>└─user-1000.slice
>  ├─session-c1.scope
>  │ ├─ 256 login -- poisonivy
>  │ ├─ 258 -zsh
>  │ ├─ 356 su
>  │ ├─ 357 zsh
>  │ ├─1553 systemctl status user.slice
>  │ └─1554 less
>  └─session-c2.scope
>├─449 login -- poisonivy
>├─450 -zsh
>├─494 su
>├─495 zsh
>└─526 /usr/bin/python3 -O /usr/bin/ranger
>
> Jul 12 22:09:45 thetradinghall.com systemd[1]: user.slice: Failed to set
> invocation ID on control group /user.slice, ignoring: Operation n

[systemd-devel] Systemd weird behavior after upgrade

2017-07-13 Thread arnaud gaboury
OS= Fedora 26
Linux container managed by machinectl

 % systemctl --version
systemd 233
+PAM -AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP
+GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN
default-hierarchy=hybrid

% machinectl list
MACHINE CLASS SERVICEOS VERSION ADDRESSES
poppy   container systemd-nspawn fedora 26  192.168.1.94...

% machinectl show poppy
Name=poppy
Id=59b720b533834a4eafe07a62c2482266
Timestamp=Wed 2017-07-12 22:07:15 CEST
TimestampMonotonic=6928076
Service=systemd-nspawn
Unit=systemd-nspawn@poppy.service
Leader=648
Class=container
RootDirectory=/var/lib/machines/poppy
State=running


-

After upgrade from Fedora 25 to 26, some services are broken.
Below are some broken service status


% systemctl status user@1000.service
● user@1000.service - User Manager for UID 1000
   Loaded: loaded (/usr/lib/systemd/system/user@.service; static; vendor
preset: disabled)
   Active: failed (Result: protocol) since Wed 2017-07-12 22:09:45 CEST;
15h ago
 Main PID: 257 (code=exited, status=237/KEYRING)

Jul 12 22:09:45 thetradinghall.com systemd[1]: Starting User Manager for
UID 1000...
Jul 12 22:09:45 thetradinghall.com systemd[257]: user@1000.service: Failed
at step KEYRING spawning /usr/lib/systemd/systemd: Permission denied
Jul 12 22:09:45 thetradinghall.com systemd[1]: Failed to start User Manager
for UID 1000.
Jul 12 22:09:45 thetradinghall.com systemd[1]: user@1000.service: Unit
entered failed state.
Jul 12 22:09:45 thetradinghall.com systemd[1]: user@1000.service: Failed
with result 'protocol'.


%  systemctl status user.slice
● user.slice - User and Session Slice
   Loaded: loaded (/usr/lib/systemd/system/user.slice; static; vendor
preset: disabled)
   Active: active since Wed 2017-07-12 22:07:15 CEST; 15h ago
 Docs: man:systemd.special(7)
   CGroup: /user.slice
   └─user-1000.slice
 ├─session-c1.scope
 │ ├─ 256 login -- poisonivy
 │ ├─ 258 -zsh
 │ ├─ 356 su
 │ ├─ 357 zsh
 │ ├─1553 systemctl status user.slice
 │ └─1554 less
 └─session-c2.scope
   ├─449 login -- poisonivy
   ├─450 -zsh
   ├─494 su
   ├─495 zsh
   └─526 /usr/bin/python3 -O /usr/bin/ranger

Jul 12 22:09:45 thetradinghall.com systemd[1]: user.slice: Failed to set
invocation ID on control group /user.slice, ignoring: Operation not
permitted

% systemctl status opendkim.service
● opendkim.service - DomainKeys Identified Mail (DKIM) Milter
   Loaded: loaded (/usr/lib/systemd/system/opendkim.service; enabled;
vendor preset: disabled)
  Drop-In: /etc/systemd/system/opendkim.service.d
   └─override.conf
   Active: failed (Result: exit-code) since Thu 2017-07-13 11:33:25 CEST;
2h 30min ago
 Docs: man:opendkim(8)
   man:opendkim.conf(5)
   man:opendkim-genkey(8)
   man:opendkim-genzone(8)
   man:opendkim-testadsp(8)
   man:opendkim-testkey
   http://www.opendkim.org/docs.html

Jul 13 11:33:25 thetradinghall.com systemd[1]: Starting DomainKeys
Identified Mail (DKIM) Milter...
Jul 13 11:33:25 thetradinghall.com systemd[1243]: opendkim.service: Failed
at step KEYRING spawning /usr/sbin/opendkim: Permission denied

*N.B:* I can manually start opendkim as root
--

I have no ideas why these new issues. The only hint is the following one.

I build my kernel with CONFIG_USER_NS=y since a while. I guess it is this
setting which cause the following trouble with UID/GID

>From host
root@hortensia ➤➤ ~aur # ls -al $POPPY/var/log/journal
total 0
drwxr-xr-x+ 1 vu-poppy-0 systemd-journal   64 Oct  4  2016 ./
drwxr-xr-x  1 vu-poppy-0 vg-poppy-0  1.3K Jul 12 20:20 ../
drwxr-sr-x+ 1 root   systemd-journal 7.8K Mar 11 15:25
59b720b533834a4eafe07a62c2482266/

>From container:
root@thetradinghall ➤➤ dovecot/conf.d # ls -al /var/log/journal
total 0
drwxr-xr-x+ 1 root   nobody   64 Oct  4  2016 ./
drwxr-xr-x  1 root   root   1.3K Jul 12 20:20 ../
drwxr-sr-x+ 1 nobody nobody 7.8K Mar 11 15:25
59b720b533834a4eafe07a62c2482266/

As you can see, on host, root:root is by default vu-poppy-0 vg-poppy-0
On container, I am left with lots of files/folders owned by nobody.

---
When looking at the output of systemctl --failed, and verifying status, I
can observe a commun failure, like the one below:

 postgresql.service: Failed at step KEYRING spawning
/usr/libexec/postgresql-check-db-dir: Permission denied

-

When upgrading some package, I have again a permission issue.

# dnf upgrade filesystem
..
error: unpacking of archive failed on file /proc: cpio: chown

# ls -al /proc/filesystems
.
-r--r--r-- 1 nobody nobody 0 Jul 13 14:22 /proc/filesystems

Re: [systemd-devel] nsapwned container terminal background color

2017-03-20 Thread arnaud gaboury
On Mon, Mar 20, 2017 at 5:12 AM Zbigniew Jędrzejewski-Szmek <
zbys...@in.waw.pl> wrote:

> On Sun, Mar 19, 2017 at 09:30:05PM +, Zbigniew Jędrzejewski-Szmek
> wrote:
> > On Sun, Mar 19, 2017 at 04:37:53PM +0000, arnaud gaboury wrote:
> > > I am trying with no success to have one background terminal color for
> the
> > > host and another one for the container.
> > >
> > > Some settings:
> > > - on host:
> > > window manager : i3
> > > terminal : urxvt-256
> > >
> > > -on container:
> > > no X, it is a server.
> > >
> > > Until now, I have tried to write a wrapper script to urxvt on host.
> This
> > > script is to test value of $HOST or $TERM, then fire urxvt with
> background
> > > color as option. This does not work.
> > >
> > > I have to figure out  that when i log my container, I am first on an
> urxvt
> > > terminal which become, once I am logged as user on container, a xterm.
> > > I am totally lost where to write instruction as the terminal color
> > > background: on host or container? and what app shall be tested to set
> the
> > > environment and decide the bg color (agetty?) ?
> >
> > Are you starting the container manually using systemd-nspawn in a
> terminal
> > emulator window?


Not really. The container is started at machine boot with
systemd-nspawn@container.service. Then, in one urxvt terminal, I log into
the container with :
# machinectl login container

I have not yet tested your solution, but will do it today and come back
wtih the result.

Thank you


> If yes, then the following works (tested with gnome-terminal,
> > but I think urxvt supports the same sequences):
> >
> > [Unit]
> > DefaultDependencies=no
> > Conflicts=shutdown.target
> >
> > [Service]
> > StandardOutput=tty
> > ExecStart=/usr/bin/printf '\033]11;darkgreen\007'
> > ExecStop=/usr/bin/printf '\033]11;black\007'
> > Type=oneshot
> > RemainAfterExit=true
> >
> > [Install]
> > WantedBy=basic.target
> >
> > (It would be nicer to undo the setting and return to whatever the old
> > background was, but I don't know how to do this.)
> I figured it out, although it's a bit ugly ;)
>
> ==> /etc/systemd/system/bgcolor.service <==
> [Unit]
> DefaultDependencies=no
> Conflicts=shutdown.target
> Description=Set terminal background
>
> [Service]
> StandardInput=tty
> StandardOutput=tty
> ExecStart=/usr/local/bin/bgcolor.sh start /run/bgcolor.txt teal
> ExecStop=/usr/local/bin/bgcolor.sh stop /run/bgcolor.txt
> Type=oneshot
> RemainAfterExit=true
>
> [Install]
> WantedBy=sysinit.target
>
> ==> /usr/local/bin/bgcolor.sh <==
> #!/bin/sh -e
>
> file="$2"
> field=11  # background
>
> if [ "$1" == "start" ]; then
> color="$3"
>
> oldstty=$(stty -g)
> stty raw -echo min 0
> #  OSC   Ps  ;Pt ST
> printf "\033]${field};?\033\\"
> IFS=';' read -t1 -r -d '\' answer
> echo "$answer" | sed 's/^.*\;//;s/[^rgb:0-9a-f/]//g' >"$file"
> stty "$oldstty"
>
> printf "\033]${field};${color}\007"
> elif [ "$1" == "stop" ]; then
> color=$(cat "$file")
> printf "\033]${field};${color}\007"
> fi
>
> This will set the background to teal during early boot, storing the
> original color in the specified file, and reset it back during
> shutdown. It seems to interfere with the systemd console output
> (newlines get messed up), and sometimes the restoration does not
> work. I suspect that both issues are caused by interference of
> systemd printing to the console concurrently with the script. Most
> likely putting a verify loop around the query for original
> color would fix the second issue.
>
> Zbyszek
>
>
>
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] nsapwned container terminal background color

2017-03-19 Thread arnaud gaboury
I am trying with no success to have one background terminal color for the
host and another one for the container.

Some settings:
- on host:
window manager : i3
terminal : urxvt-256

-on container:
no X, it is a server.

Until now, I have tried to write a wrapper script to urxvt on host. This
script is to test value of $HOST or $TERM, then fire urxvt with background
color as option. This does not work.

I have to figure out  that when i log my container, I am first on an urxvt
terminal which become, once I am logged as user on container, a xterm.
I am totally lost where to write instruction as the terminal color
background: on host or container? and what app shall be tested to set the
environment and decide the bg color (agetty?) ?

Thank you for any help.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] news on Issue # 4078 ?

2016-12-16 Thread arnaud gaboury
On Thu, Dec 15, 2016 at 7:27 PM Tomasz Torcz <to...@pipebreaker.pl> wrote:

> On Thu, Dec 15, 2016 at 04:37:19PM +0000, arnaud gaboury wrote:
> > I am still with a broken UID/GID container for some specific directories.
> > This is described in issue #4078 [0].
> >
> > It start to be annoying as I can't upgrade some packages on the Fedora
> > container. At least, I think failed upgrades are related to this issue.
> > Let's take one example:
> >
> > # dnf upgrade iputils
> > ...
> >   Upgrading   :
> > iputils-20161105-1.fc25.x86_64
> > 1/2
> > Error unpacking rpm package iputils-20161105-1.fc25.x86_64
> > Error unpacking rpm package iputils-20161105-1.fc25.x86_64
> > error: unpacking of archive failed on file /usr/bin/ping;5852c405: cpio:
> > cap_set_file
> >
> > First, are these errors probably due to my UID/GID issues?
>
>   This error is because ping in Fedora is not suid, instead uses filesystem
> capabilities* to grant only necessary permissions. If you use any
> filesystem
> lacking fscaps (like for example NFS), you get this error and ping will
> work only for root.
>
>
So, what am I suposed to do? Forget iputils package upgrade, changing
filesystem (I am on Btrfs) ?
TY for your help.

>
>
>
> * https://lwn.net/Articles/313838/
>
>
> --
> Tomasz TorczOnly gods can safely risk perfection,
> xmpp: zdzich...@chrome.pl it's a dangerous thing for a man.  -- Alia
>
> ___
> systemd-devel mailing list
> systemd-devel@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/systemd-devel
>
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] UID/GID in nspawn container

2016-12-16 Thread arnaud gaboury
Arch host running a nsapwn Fedora 25 container.

On host,
 % systemctl --version
systemd 232
+PAM -AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP
+GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN
% uname -r
4.8.13-1-hortensia   <<--- custom one


I upgraded recently Fedora from 24 to 25. Not fully sure if it is the
reason why (maybe a kernel change too) , but now looking at my container I
see this:

$ ls -al $POPPY
total 20K
dr-xr-xr-x 1 vu-poppy-0 vg-poppy-0   198 Dec 16 10:01 ./
drwx-- 3 root   root4.0K Dec 15 17:08 ../
dr-xr-xr-x 1 vu-poppy-0 vg-poppy-0 0 Feb  3  2016 boot/
drwxrwxr-x 1 vu-poppy-0 vg-poppy-062 Aug 26 19:59 db/
drwxr-xr-x 1 vu-poppy-0 vg-poppy-0 8 Apr 27  2015 dev/
drwxr-xr-x 1 vu-poppy-0 vg-poppy-0  4.2K Dec 16 10:01 etc/
drwxr-xr-x 1 vu-poppy-0 vg-poppy-086 Feb  3  2016 home/
drwxrwxrwx 1 vu-poppy-0 vg-poppy-0 0 Sep 23 12:39 keybase/
drwxr-xr-x 1 vu-poppy-0 vg-poppy-0 0 Feb  3  2016 media/


When before I had root:root.

Why this change? Is this change expected, or is it due to my issue (see
#4078 [0])? Where can I find any documentation about this new way to show
UID/GID in container? Anything I have to do/change in my setting files?

Thank you for help

[0]https://github.com/systemd/systemd/issues/4078
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] news on Issue # 4078 ?

2016-12-15 Thread arnaud gaboury
I am still with a broken UID/GID container for some specific directories.
This is described in issue #4078 [0].

It start to be annoying as I can't upgrade some packages on the Fedora
container. At least, I think failed upgrades are related to this issue.
Let's take one example:

# dnf upgrade iputils
...
Downloading Packages:
[SKIPPED] iputils-20161105-1.fc25.x86_64.rpm: Already
downloaded
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Upgrading   :
iputils-20161105-1.fc25.x86_64
1/2
Error unpacking rpm package iputils-20161105-1.fc25.x86_64
Error unpacking rpm package iputils-20161105-1.fc25.x86_64
error: unpacking of archive failed on file /usr/bin/ping;5852c405: cpio:
cap_set_file
---
# dnf upgrade httpd

  Upgrading   :
httpd-2.4.23-5.fc25.x86_64
1/2
Error unpacking rpm package httpd-2.4.23-5.fc25.x86_64
Error unpacking rpm package httpd-2.4.23-5.fc25.x86_64
error: unpacking of archive failed on file /usr/sbin/suexec;5852c616: cpio:
cap_set_file
---

First, are these errors probably due to my UID/GID issues?
Second, is there a work around to upgrade these packages before systemd
issue 4078 is solved?

Thank you for help.

[0] https://github.com/systemd/systemd/issues/4078
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] UID/GID broken on container

2016-12-12 Thread arnaud gaboury
I am refering here to issue #4078[0] and see if I missed any progress. I am
still with a broken UID on my container on some directories. Example:

>From inside the container:

---
$ ls -la /proc

-rw-r--r--   1 nobody  nobody 0 Dec 12 11:47 timer_stats
-r--r--r--   1 nobody  nobody 0 Dec 12 11:47 uptime
-r--r--r--   1 nobody  nobody 0 Dec 12 11:47 version
-r   1 nobody  nobody 0 Dec 12 11:47 vmallocinfo
-r--r--r--   1 nobody  nobody 0 Dec 12 11:47 vmstat
-r--r--r--   1 nobody  nobody 0 Dec 12 11:47 zoneinfo
---

I usually use fuidshift command on the host to fix the wrong UID/GID, and
it globally works. But I can't fix  the /proc dir in the container as the
host do not see it.

Can anyone help me in fixing this issue on /proc? I need to upgrade the
container (Fedora) but can't because of the nobody:nobody owner.

In general, user name space is configured in my kernel, and systemd-nspawn@
is the original one, with the -U option. Am I right to think this is the
correct setup ?
Any news on this UID/GID issue?

TY for help


[0]https://github.com/systemd/systemd/issues/4078
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] systemd-networkd: broken network in container

2016-11-22 Thread arnaud gaboury
On Tue, Nov 22, 2016 at 4:54 PM arnaud gaboury <arnaud.gabo...@gmail.com>
wrote:

> Since a few days, after some upgrades, I don't have anymore network in my
> container. Network is OK on my host
>
> ---
> Host: Archlinux -
> % systemctl --version
> systemd 231
> +PAM -AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP
> +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN
>
> Container: Fedora 24 -
> % systemctl --version
> systemd 229
> +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP
> +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN
> --
>
> Looking at journalctl on host, I found these errors:
>
> Nov 22 13:47:54 hortensia systemd-networkd[2777]: br0: Could not append
> VLANs: Operation not permitted
> Nov 22 13:47:54 hortensia systemd-networkd[2777]: br0: Failed to assign
> VLANs to bridge port: Operation not permitted
> Nov 22 13:47:54 hortensia systemd-networkd[2777]: br0: Could not set
> bridge vlan: Operation not permitted
> Nov 22 13:47:54 hortensia systemd-networkd[2777]: enp7s0: IPv6 disabled
> for interface: Success
> Nov 22 13:47:55 hortensia systemd-networkd[2777]: enp7s0: Could not append
> VLANs: Operation not permitted
> Nov 22 13:47:55 hortensia systemd-networkd[2777]: enp7s0: Failed to assign
> VLANs to bridge port: Operation not permitted
> Nov 22 13:47:55 hortensia systemd-networkd[2777]: enp7s0: Could not set
> bridge vlan: Operation not permitted
> Nov 22 13:47:55 hortensia systemd[1]: Started Network Service.
> 
>
> Googling these above lines brings me to this issue: #3876[0]
>
> Any progress on it? I can't see where these errors come from. Any hint or
> dirty hack ?
>

EDIT:

This post[1] gave me the answer. Sad it was already post by me a few months
ago ! I just forgot to make permanent the change to the unit file. So when
I upgrade systemd (a few days ago), the wrong setting came back.
Now I edited the unit file and wrote a unitfile.d/override.conf file, so
change will survive next upgrade :-)

Sorry for the noise.

[1]
https://lists.freedesktop.org/archives/systemd-devel/2016-August/037317.html


> [0]https://github.com/systemd/systemd/issues/3876
>
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] systemd-networkd: broken network in container

2016-11-22 Thread arnaud gaboury
Since a few days, after some upgrades, I don't have anymore network in my
container. Network is OK on my host

---
Host: Archlinux -
% systemctl --version
systemd 231
+PAM -AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP
+GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN

Container: Fedora 24 -
% systemctl --version
systemd 229
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP
+GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN
--

Looking at journalctl on host, I found these errors:

Nov 22 13:47:54 hortensia systemd-networkd[2777]: br0: Could not append
VLANs: Operation not permitted
Nov 22 13:47:54 hortensia systemd-networkd[2777]: br0: Failed to assign
VLANs to bridge port: Operation not permitted
Nov 22 13:47:54 hortensia systemd-networkd[2777]: br0: Could not set bridge
vlan: Operation not permitted
Nov 22 13:47:54 hortensia systemd-networkd[2777]: enp7s0: IPv6 disabled for
interface: Success
Nov 22 13:47:55 hortensia systemd-networkd[2777]: enp7s0: Could not append
VLANs: Operation not permitted
Nov 22 13:47:55 hortensia systemd-networkd[2777]: enp7s0: Failed to assign
VLANs to bridge port: Operation not permitted
Nov 22 13:47:55 hortensia systemd-networkd[2777]: enp7s0: Could not set
bridge vlan: Operation not permitted
Nov 22 13:47:55 hortensia systemd[1]: Started Network Service.


Googling these above lines brings me to this issue: #3876[0]

Any progress on it? I can't see where these errors come from. Any hint or
dirty hack ?

[0]https://github.com/systemd/systemd/issues/3876
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] Broken network in container

2016-11-18 Thread arnaud gaboury
On Fri, Nov 18, 2016 at 6:52 PM arnaud gaboury <arnaud.gabo...@gmail.com>
wrote:

> On Fri, Nov 18, 2016 at 4:03 PM arnaud gaboury <arnaud.gabo...@gmail.com>
> wrote:
>
> On Fri, Nov 18, 2016 at 3:51 PM arnaud gaboury <arnaud.gabo...@gmail.com>
> wrote:
>
> A recent change (upgrade ?) in my setup broke the network in my container.
> Network is OK on the host, but not on the container.
>
> My setup:
>
> Host: Archlinux -
> % systemctl --version
> systemd 231
> +PAM -AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP
> +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN
>
> % ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
> default qlen 1
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
>valid_lft forever preferred_lft forever
> inet6 ::1/128 scope host
>valid_lft forever preferred_lft forever
> 2: enp7s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> master br0 state UP group default qlen 1000
> link/ether 14:da:e9:b5:7a:88 brd ff:ff:ff:ff:ff:ff
> 3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
> group default qlen 1000
> link/ether b6:0c:00:22:f1:4a brd ff:ff:ff:ff:ff:ff
> inet 192.168.1.87/24 brd 192.168.1.255 scope global br0
>valid_lft forever preferred_lft forever
> inet6 fe80::b40c:ff:fe22:f14a/64 scope link
>valid_lft forever preferred_lft forever
> 5: ve-poppy@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
> state UP group default qlen 1000
> link/ether 0e:9a:d7:18:a3:59 brd ff:ff:ff:ff:ff:ff link-netnsid 0
> inet 169.254.92.184/16 brd 169.254.255.255 scope link ve-poppy
>valid_lft forever preferred_lft forever
> inet 10.0.0.1/28 brd 10.0.0.15 scope global ve-poppy
>valid_lft forever preferred_lft forever
> inet 10.0.0.17/28 brd 10.0.0.31 scope global ve-poppy
>valid_lft forever preferred_lft forever
> inet6 fe80::c9a:d7ff:fe18:a359/64 scope link
>valid_lft forever preferred_lft forever
>
> % networkctl status
> ●State: routable
>Address: 192.168.1.87 on br0
> 172.17.0.1 on docker0
> 10.0.0.1 on ve-poppy
> 10.0.0.17 on ve-poppy
> 169.254.92.184 on ve-poppy
> fe80::b40c:ff:fe22:f14a on br0
> fe80::c9a:d7ff:fe18:a359 on ve-poppy
>Gateway: 192.168.1.254 (Technicolor) on br0
>DNS: 192.168.1.254
>
>
> --
> Container: Fedora 24 -
> % systemctl --version
> systemd 229
> +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP
> +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN
>
>  % ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
> default qlen 1
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
>valid_lft forever preferred_lft forever
> inet6 ::1/128 scope host
>valid_lft forever preferred_lft forever
> 2: host0@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
> state UP group default qlen 1000
> link/ether 0e:7f:c3:fb:25:b1 brd ff:ff:ff:ff:ff:ff link-netnsid 0
> inet 192.168.1.94/24 brd 192.168.1.255 scope global host0
>valid_lft forever preferred_lft forever
> inet6 fe80::c7f:c3ff:fefb:25b1/64 scope link
>valid_lft forever preferred_lft forever
>
> % networkctl status
> ●State: routable
>Address: 192.168.1.94 on host0
> fe80::c7f:c3ff:fefb:25b1 on host0
>Gateway: 192.168.1.254 on host0
>DNS: 192.168.1.254
>
> # ping 8.8.8.8
>
> PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
> From 192.168.1.94 icmp_seq=1 Destination Host Unreachable
> From 192.168.1.94 icmp_seq=2 Destination Host Unreachable
> From 192.168.1.94 icmp_seq=3 Destination Host Unreachable
>
> --- 8.8.8.8 ping statistics ---
> 5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4008ms
> pipe 4
> -
>
> Container is started at boot this way: systemd-nspawn@poppy
>
> Network is managed on both OS only by systemd-networkd
>
> /etc/systemd/network/bridge.netdev
> --
> [NetDev]
> Name=br0
> Kind=bridge
>
> /etc/systemd/network/bridge.network
> --
> [Match]
> Name=br0
>
&

Re: [systemd-devel] Broken network in container

2016-11-18 Thread arnaud gaboury
On Fri, Nov 18, 2016 at 4:03 PM arnaud gaboury <arnaud.gabo...@gmail.com>
wrote:

> On Fri, Nov 18, 2016 at 3:51 PM arnaud gaboury <arnaud.gabo...@gmail.com>
> wrote:
>
> A recent change (upgrade ?) in my setup broke the network in my container.
> Network is OK on the host, but not on the container.
>
> My setup:
>
> Host: Archlinux -
> % systemctl --version
> systemd 231
> +PAM -AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP
> +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN
>
> % ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
> default qlen 1
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
>valid_lft forever preferred_lft forever
> inet6 ::1/128 scope host
>valid_lft forever preferred_lft forever
> 2: enp7s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> master br0 state UP group default qlen 1000
> link/ether 14:da:e9:b5:7a:88 brd ff:ff:ff:ff:ff:ff
> 3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
> group default qlen 1000
> link/ether b6:0c:00:22:f1:4a brd ff:ff:ff:ff:ff:ff
> inet 192.168.1.87/24 brd 192.168.1.255 scope global br0
>valid_lft forever preferred_lft forever
> inet6 fe80::b40c:ff:fe22:f14a/64 scope link
>valid_lft forever preferred_lft forever
> 5: ve-poppy@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
> state UP group default qlen 1000
> link/ether 0e:9a:d7:18:a3:59 brd ff:ff:ff:ff:ff:ff link-netnsid 0
> inet 169.254.92.184/16 brd 169.254.255.255 scope link ve-poppy
>valid_lft forever preferred_lft forever
> inet 10.0.0.1/28 brd 10.0.0.15 scope global ve-poppy
>valid_lft forever preferred_lft forever
> inet 10.0.0.17/28 brd 10.0.0.31 scope global ve-poppy
>valid_lft forever preferred_lft forever
> inet6 fe80::c9a:d7ff:fe18:a359/64 scope link
>valid_lft forever preferred_lft forever
>
> % networkctl status
> ●State: routable
>Address: 192.168.1.87 on br0
> 172.17.0.1 on docker0
> 10.0.0.1 on ve-poppy
> 10.0.0.17 on ve-poppy
> 169.254.92.184 on ve-poppy
> fe80::b40c:ff:fe22:f14a on br0
> fe80::c9a:d7ff:fe18:a359 on ve-poppy
>Gateway: 192.168.1.254 (Technicolor) on br0
>DNS: 192.168.1.254
>
>
> --
> Container: Fedora 24 -
> % systemctl --version
> systemd 229
> +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP
> +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN
>
>  % ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
> default qlen 1
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
>valid_lft forever preferred_lft forever
> inet6 ::1/128 scope host
>valid_lft forever preferred_lft forever
> 2: host0@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
> state UP group default qlen 1000
> link/ether 0e:7f:c3:fb:25:b1 brd ff:ff:ff:ff:ff:ff link-netnsid 0
> inet 192.168.1.94/24 brd 192.168.1.255 scope global host0
>valid_lft forever preferred_lft forever
> inet6 fe80::c7f:c3ff:fefb:25b1/64 scope link
>valid_lft forever preferred_lft forever
>
> % networkctl status
> ●State: routable
>Address: 192.168.1.94 on host0
> fe80::c7f:c3ff:fefb:25b1 on host0
>Gateway: 192.168.1.254 on host0
>DNS: 192.168.1.254
>
> # ping 8.8.8.8
>
> PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
> From 192.168.1.94 icmp_seq=1 Destination Host Unreachable
> From 192.168.1.94 icmp_seq=2 Destination Host Unreachable
> From 192.168.1.94 icmp_seq=3 Destination Host Unreachable
>
> --- 8.8.8.8 ping statistics ---
> 5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4008ms
> pipe 4
> -
>
> Container is started at boot this way: systemd-nspawn@poppy
>
> Network is managed on both OS only by systemd-networkd
>
> /etc/systemd/network/bridge.netdev
> --
> [NetDev]
> Name=br0
> Kind=bridge
>
> /etc/systemd/network/bridge.network
> --
> [Match]
> Name=br0
>
> [Network]
> Address=192.168.1.87/24
> Description="Dole - Poppy bridge network"

Re: [systemd-devel] Broken network in container

2016-11-18 Thread arnaud gaboury
On Fri, Nov 18, 2016 at 3:51 PM arnaud gaboury <arnaud.gabo...@gmail.com>
wrote:

> A recent change (upgrade ?) in my setup broke the network in my container.
> Network is OK on the host, but not on the container.
>
> My setup:
>
> Host: Archlinux -
> % systemctl --version
> systemd 231
> +PAM -AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP
> +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN
>
> % ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
> default qlen 1
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
>valid_lft forever preferred_lft forever
> inet6 ::1/128 scope host
>valid_lft forever preferred_lft forever
> 2: enp7s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> master br0 state UP group default qlen 1000
> link/ether 14:da:e9:b5:7a:88 brd ff:ff:ff:ff:ff:ff
> 3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
> group default qlen 1000
> link/ether b6:0c:00:22:f1:4a brd ff:ff:ff:ff:ff:ff
> inet 192.168.1.87/24 brd 192.168.1.255 scope global br0
>valid_lft forever preferred_lft forever
> inet6 fe80::b40c:ff:fe22:f14a/64 scope link
>valid_lft forever preferred_lft forever
> 5: ve-poppy@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
> state UP group default qlen 1000
> link/ether 0e:9a:d7:18:a3:59 brd ff:ff:ff:ff:ff:ff link-netnsid 0
> inet 169.254.92.184/16 brd 169.254.255.255 scope link ve-poppy
>valid_lft forever preferred_lft forever
> inet 10.0.0.1/28 brd 10.0.0.15 scope global ve-poppy
>valid_lft forever preferred_lft forever
> inet 10.0.0.17/28 brd 10.0.0.31 scope global ve-poppy
>valid_lft forever preferred_lft forever
> inet6 fe80::c9a:d7ff:fe18:a359/64 scope link
>valid_lft forever preferred_lft forever
>
> % networkctl status
> ●State: routable
>Address: 192.168.1.87 on br0
> 172.17.0.1 on docker0
> 10.0.0.1 on ve-poppy
> 10.0.0.17 on ve-poppy
> 169.254.92.184 on ve-poppy
> fe80::b40c:ff:fe22:f14a on br0
> fe80::c9a:d7ff:fe18:a359 on ve-poppy
>Gateway: 192.168.1.254 (Technicolor) on br0
>DNS: 192.168.1.254
>
>
> --
> Container: Fedora 24 -
> % systemctl --version
> systemd 229
> +PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP
> +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN
>
>  % ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
> default qlen 1
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
>valid_lft forever preferred_lft forever
> inet6 ::1/128 scope host
>valid_lft forever preferred_lft forever
> 2: host0@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
> state UP group default qlen 1000
> link/ether 0e:7f:c3:fb:25:b1 brd ff:ff:ff:ff:ff:ff link-netnsid 0
> inet 192.168.1.94/24 brd 192.168.1.255 scope global host0
>valid_lft forever preferred_lft forever
> inet6 fe80::c7f:c3ff:fefb:25b1/64 scope link
>valid_lft forever preferred_lft forever
>
> % networkctl status
> ●State: routable
>Address: 192.168.1.94 on host0
> fe80::c7f:c3ff:fefb:25b1 on host0
>Gateway: 192.168.1.254 on host0
>DNS: 192.168.1.254
>
> # ping 8.8.8.8
>
> PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
> From 192.168.1.94 icmp_seq=1 Destination Host Unreachable
> From 192.168.1.94 icmp_seq=2 Destination Host Unreachable
> From 192.168.1.94 icmp_seq=3 Destination Host Unreachable
>
> --- 8.8.8.8 ping statistics ---
> 5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4008ms
> pipe 4
> -
>
> Container is started at boot this way: systemd-nspawn@poppy
>
> Network is managed on both OS only by systemd-networkd
>
> /etc/systemd/network/bridge.netdev
> --
> [NetDev]
> Name=br0
> Kind=bridge
>
> /etc/systemd/network/bridge.network
> --
> [Match]
> Name=br0
>
> [Network]
> Address=192.168.1.87/24
> Description="Dole - Poppy bridge network"
> Gateway=192.168.1.254
> DNS=192.168.1.254
>
> /etc/systemd/network/eth.network
> --

[systemd-devel] Broken network in container

2016-11-18 Thread arnaud gaboury
A recent change (upgrade ?) in my setup broke the network in my container.
Network is OK on the host, but not on the container.

My setup:

Host: Archlinux -
% systemctl --version
systemd 231
+PAM -AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP
+GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN

% ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
   valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
   valid_lft forever preferred_lft forever
2: enp7s0:  mtu 1500 qdisc pfifo_fast
master br0 state UP group default qlen 1000
link/ether 14:da:e9:b5:7a:88 brd ff:ff:ff:ff:ff:ff
3: br0:  mtu 1500 qdisc noqueue state UP
group default qlen 1000
link/ether b6:0c:00:22:f1:4a brd ff:ff:ff:ff:ff:ff
inet 192.168.1.87/24 brd 192.168.1.255 scope global br0
   valid_lft forever preferred_lft forever
inet6 fe80::b40c:ff:fe22:f14a/64 scope link
   valid_lft forever preferred_lft forever
5: ve-poppy@if2:  mtu 1500 qdisc noqueue
state UP group default qlen 1000
link/ether 0e:9a:d7:18:a3:59 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 169.254.92.184/16 brd 169.254.255.255 scope link ve-poppy
   valid_lft forever preferred_lft forever
inet 10.0.0.1/28 brd 10.0.0.15 scope global ve-poppy
   valid_lft forever preferred_lft forever
inet 10.0.0.17/28 brd 10.0.0.31 scope global ve-poppy
   valid_lft forever preferred_lft forever
inet6 fe80::c9a:d7ff:fe18:a359/64 scope link
   valid_lft forever preferred_lft forever

% networkctl status
●State: routable
   Address: 192.168.1.87 on br0
172.17.0.1 on docker0
10.0.0.1 on ve-poppy
10.0.0.17 on ve-poppy
169.254.92.184 on ve-poppy
fe80::b40c:ff:fe22:f14a on br0
fe80::c9a:d7ff:fe18:a359 on ve-poppy
   Gateway: 192.168.1.254 (Technicolor) on br0
   DNS: 192.168.1.254

--
Container: Fedora 24 -
% systemctl --version
systemd 229
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP
+GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN

 % ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
   valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
   valid_lft forever preferred_lft forever
2: host0@if6:  mtu 1500 qdisc noqueue
state UP group default qlen 1000
link/ether 0e:7f:c3:fb:25:b1 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.1.94/24 brd 192.168.1.255 scope global host0
   valid_lft forever preferred_lft forever
inet6 fe80::c7f:c3ff:fefb:25b1/64 scope link
   valid_lft forever preferred_lft forever

% networkctl status
●State: routable
   Address: 192.168.1.94 on host0
fe80::c7f:c3ff:fefb:25b1 on host0
   Gateway: 192.168.1.254 on host0
   DNS: 192.168.1.254

# ping 8.8.8.8

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
>From 192.168.1.94 icmp_seq=1 Destination Host Unreachable
>From 192.168.1.94 icmp_seq=2 Destination Host Unreachable
>From 192.168.1.94 icmp_seq=3 Destination Host Unreachable

--- 8.8.8.8 ping statistics ---
5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4008ms
pipe 4
-

Container is started at boot this way: systemd-nspawn@poppy

Network is managed on both OS only by systemd-networkd

/etc/systemd/network/bridge.netdev
--
[NetDev]
Name=br0
Kind=bridge

/etc/systemd/network/bridge.network
--
[Match]
Name=br0

[Network]
Address=192.168.1.87/24
Description="Dole - Poppy bridge network"
Gateway=192.168.1.254
DNS=192.168.1.254

/etc/systemd/network/eth.network
--
[Match]
Name=enp7s0

[Network]
Description="Dole - Static network with bridge"
Bridge=br0


May some one help me in debugging my issue as I can't see any reason for
this suden issue.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] moving a directory let me with a 65534:65534 owner/group directory

2016-09-01 Thread arnaud gaboury
On Thu, Sep 1, 2016 at 4:24 PM arnaud gaboury <arnaud.gabo...@gmail.com>
wrote:

> On Thu, Sep 1, 2016 at 2:02 PM Lennart Poettering <lenn...@poettering.net>
> wrote:
>
>> On Thu, 01.09.16 10:47, arnaud gaboury (arnaud.gabo...@gmail.com) wrote:
>>
>> > I have been moving directories and files between my host and my
>> container
>> > many times since more than one year with no issues. Host is Archlinux
>> and
>> > container Fedora 24 (upgrade to 24 is quite recent: no more than 2
>> months).
>> >
>> > I moved a directory today from host to container and this let me, for
>> the
>> > first time, with a directory in the container owned by 65534:65534.
>> > > > privileges, as opposed to an ordinary (i.e., *non-privileged*) user.
>> This
>> > UID is often used for individuals accessing the system remotely via FTP
>> or
>> > HTTP[0] >
>>
>> Uh, oh. My gues is this: you are using user namespaces (wich is the
>> default these days if you use systemd-nspawn@.service), and I nevre
>> updated the copy logic in machined to deal with that...
>>
>
I rebuilt my kernel with removing user namespace (as it is set):
 # CONFIG_USER_NS is not set

Here was my container output:

[poisonivy@thetradinghall]/% ls -al
total 16K
dr-xr-xr-x   1 363397120 363397120  198 Sep  1 15:18 ./
dr-xr-xr-x   1 363397120 363397120  198 Sep  1 15:18 ../
dr-xr-xr-x   1 363397120 3633971200 Feb  3  2016 boot/
drwxrwxr-x   1 363397120 363397120   62 Aug 26 19:59 db/
drwxr-xr-x   7 root  root   440 Sep  1 17:33 dev/
drwxr-xr-x   1 363397120 363397120 4.1K Sep  1 15:34 etc/
drwxr-xr-x   1 363397120 363397120   76 Feb  3  2016 home/
drwxrwxrwx   1 363397120 3633971200 Aug 28 13:47 keybase/
drwxr-xr-x   1 363397120 3633971200 Feb  3  2016 media/
drwxr-xr-x   1 363397120 3633971200 Feb  3  2016 mnt/
drwxr-xr-x   1 363397120 363397120   56 Feb  3  2016 opt/
dr-xr-xr-x 376 root  root 0 Sep  1 17:33 proc/
dr-xr-x---   1 363397120 363397120  378 Sep  1 15:32 root/
drwxr-xr-x  32 root  root   800 Sep  1 17:34 run/
drwxr-xr-x   1 root  root 6 Mar  3 17:43 share/
drwxr-xr-x   1 363397120 3633971200 Feb  3  2016 srv/
drwxrwxr-x   1 363397120 363397130  242 Sep  1 16:34 storage/
drwxr-xr-x   9 root  root   180 Sep  1 17:33 sys/
drwxrwxrwt  11 root  root   220 Sep  1 17:39 tmp/
drwxr-xr-x   1 363397120 363397120  100 Dec 14  2015 usr/
drwxr-xr-x   1 363397120 363397120  194 Mar 19 18:29 var/
-rw-r--r--   1 363397120 3633971200 Sep  1 15:18 .autorelabel
lrwxrwxrwx   1 363397120 3633971207 Feb  3  2016 bin -> usr/bin/
lrwxrwxrwx   1 363397120 3633971207 Feb  3  2016 lib -> usr/lib/
lrwxrwxrwx   1 363397120 3633971209 Feb  3  2016 lib64 -> usr/lib64/
lrwxrwxrwx   1 root  root 8 Feb  3  2016 sbin -> usr/sbin/
-

Back with user namespace set to Y, output is correct (except the nobody
story).


> Or in other words, it's a bug in machined.
>>
>> I filed a github issue to keep track of this, so that we can get this
>> fixed:
>>
>> https://github.com/systemd/systemd/issues/4078
>
>
> Thank you for opening the issue. I have been reading quite a lot about
> this on the past few hours. Most of such issues arise with NTFS, which is
> not my case
> # mount
> /dev/sdb1 on / type btrfs
> (rw,noatime,compress=lzo,ssd,space_cache,autodefrag,subvolid=266,subvol=/rootvol)
> ...
>
>  if it can help, from container:
> ---
> root@thetradinghall ➤➤ / # lsattr
>  ./usr
> lsattr: Inappropriate ioctl for device While reading flags on ./run
>  ./boot
> lsattr: Inappropriate ioctl for device While reading flags on ./dev
>  ./home
>  ./media
>  ./mnt
>  ./opt
> lsattr: Inappropriate ioctl for device While reading flags on ./proc
>  ./root
>  ./srv
> lsattr: Inappropriate ioctl for device While reading flags on ./sys
> lsattr: Inappropriate ioctl for device While reading flags on ./tmp
>  ./etc
>  ./var
>  ./db
>  ./storage
>  ./share
> lsattr: Operation not supported While reading flags on ./sbin
>  ./keybase
> lsattr: Operation not supported While reading flags on ./bin
> lsattr: Operation not supported While reading flags on ./lib
> lsattr: Operation not supported While reading flags on ./lib64
> -
>
> 

Re: [systemd-devel] moving a directory let me with a 65534:65534 owner/group directory

2016-09-01 Thread arnaud gaboury
On Thu, Sep 1, 2016 at 2:02 PM Lennart Poettering <lenn...@poettering.net>
wrote:

> On Thu, 01.09.16 10:47, arnaud gaboury (arnaud.gabo...@gmail.com) wrote:
>
> > I have been moving directories and files between my host and my container
> > many times since more than one year with no issues. Host is Archlinux and
> > container Fedora 24 (upgrade to 24 is quite recent: no more than 2
> months).
> >
> > I moved a directory today from host to container and this let me, for the
> > first time, with a directory in the container owned by 65534:65534.
> >  > privileges, as opposed to an ordinary (i.e., *non-privileged*) user. This
> > UID is often used for individuals accessing the system remotely via FTP
> or
> > HTTP[0] >
>
> Uh, oh. My gues is this: you are using user namespaces (wich is the
> default these days if you use systemd-nspawn@.service), and I nevre
> updated the copy logic in machined to deal with that...
>
> Or in other words, it's a bug in machined.
>
> I filed a github issue to keep track of this, so that we can get this
> fixed:
>
> https://github.com/systemd/systemd/issues/4078


Thank you for opening the issue. I have been reading quite a lot about this
on the past few hours. Most of such issues arise with NTFS, which is not my
case
# mount
/dev/sdb1 on / type btrfs
(rw,noatime,compress=lzo,ssd,space_cache,autodefrag,subvolid=266,subvol=/rootvol)
...

 if it can help, from container:
---
root@thetradinghall ➤➤ / # lsattr
 ./usr
lsattr: Inappropriate ioctl for device While reading flags on ./run
 ./boot
lsattr: Inappropriate ioctl for device While reading flags on ./dev
 ./home
 ./media
 ./mnt
 ./opt
lsattr: Inappropriate ioctl for device While reading flags on ./proc
 ./root
 ./srv
lsattr: Inappropriate ioctl for device While reading flags on ./sys
lsattr: Inappropriate ioctl for device While reading flags on ./tmp
 ./etc
 ./var
 ./db
 ./storage
 ./share
lsattr: Operation not supported While reading flags on ./sbin
 ./keybase
lsattr: Operation not supported While reading flags on ./bin
lsattr: Operation not supported While reading flags on ./lib
lsattr: Operation not supported While reading flags on ./lib64
-

This issue is new and have been able to cp/mv from host to container and
preserve file/folders attributes until now. Something in my recent upgrades
have done these changes.


> Lennart
>
> --
> Lennart Poettering, Red Hat
>
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] moving a directory let me with a 65534:65534 owner/group directory

2016-09-01 Thread arnaud gaboury
On Thu, Sep 1, 2016 at 12:47 PM arnaud gaboury <arnaud.gabo...@gmail.com>
wrote:

> I have been moving directories and files between my host and my container
> many times since more than one year with no issues. Host is Archlinux and
> container Fedora 24 (upgrade to 24 is quite recent: no more than 2 months).
>
> I moved a directory today from host to container and this let me, for the
> first time, with a directory in the container owned by 65534:65534.
>  privileges, as opposed to an ordinary (i.e., *non-privileged*) user. This
> UID is often used for individuals accessing the system remotely via FTP or
> HTTP[0] >
> From host, the directory is correctly seen as a root:root
>
> --
> # ls -al
> /var/lib/machines/poppy/storage/tth-blog/pelican-themes/material-TTH/static
> drwxr-xr-x 1 root  root  58 Sep  1 12:10 css/
> --
>
> I can't change owner/group ID from inside the container, which is of
> course very annoying as my folders and their contents are unusable.
>
>
> I didn't change anything in the way my container is mounted:
>
> $ cat /etc/fstab
> -
> LABEL=poppy-root /var/lib/machines/poppy
>  btrfs   rw,noatime,autodefrag,compress=lzo,ssd,subvol=rootvol
>  0   0
> -
> The container is started at boot time with systemd-nspawn@poppy.service
> (poppy is the container name)
>
>
> $ systemctl status systemd-nspawn@poppy.service
>
> ● systemd-nspawn@poppy.service - Container poppy
>Loaded: loaded (/usr/lib/systemd/system/systemd-nspawn@.service;
> enabled; vendor preset: dis
>Active: active (running) since Mon 2016-08-29 00:09:08 CEST; 3 days ago
>  Docs: man:systemd-nspawn(1)
>  Main PID: 612 (systemd-nspawn)
>Status: "Container running."
>CGroup: /machine.slice/systemd-nspawn@poppy.service
>├─612 /usr/bin/systemd-nspawn --quiet --keep-unit --boot
> --link-journal=try-guest --
>├─init.scope
>│ └─617 /usr/lib/systemd/...
>├─system.slice
>│ ├─console-getty.service
>│ │ └─991 /sbin/agetty --no...
>│ ├─dbus.service
>│ │ └─945 /usr/bin/dbus-dae...
>│ ├─dovecot.service
>│ │ ├─ 1016 /usr/sbin/dovecot
>│ │ ├─ 1431 dovecot/lmtp
>│ │ ├─ 1432 dovecot/anvil
>│ │ ├─ 1433 dovecot/log
>│ │ ├─ 1435 dovecot/config
>│ │ ├─ 1436 dovecot/lmtp
>│ │ ├─ 1437 dovecot/lmtp
>│ │ ├─ 1438 dovecot/lmtp
>│ │ ├─ 1439 dovecot/lmtp
>│ │ ├─ 1440 dovecot/lmtp
>│ │ ├─ 1441 dovecot/lmtp
>│ │ ├─ 1442 dovecot/lmtp
>│ │ ├─ 1443 dovecot/lmtp
>│ │ ├─ 1444 dovecot/lmtp
>│ │ ├─ 3222 dovecot/imap-login
>│ │ ├─ 3226 dovecot/imap
>│ │ ├─ 4129 dovecot/imap-login
>│ │ ├─ 4167 dovecot/imap
>│ │ ├─ 6412 dovecot/ssl-params
>│ │ ├─14815 dovecot/imap-login
>│ │ └─14819 dovecot/imap
>│ ├─nginx.service
>│ │ ├─1458 nginx: master pro...
>│ │ ├─1459 nginx: worker proces
>│ │ ├─1460 nginx: worker proces
>│ │ ├─1461 nginx: worker proces
>│ │ ├─1462 nginx: worker proces
>│ │ ├─1463 nginx: worker proces
>│ │ ├─1464 nginx: worker proces
>│ │ ├─1465 nginx: worker proces
>│ │ └─1466 nginx: worker proces
>│ ├─opendkim.service
>│ │ └─10182 /usr/sbin/opendki...
>│ ├─php-fpm.service
>│ │ ├─ 984 php-fpm: master p...
>│ │ ├─1445 php-fpm: pool own...
>│ │ ├─1446 php-fpm: pool own...
>│ │ ├─1447 php-fpm: pool own...
>│ │ ├─1448 php-fpm: pool own...
>│ │ ├─1449 php-fpm: pool own...
>│ │ ├─1450 php-fpm: pool www...
>│ │ ├─1451 php-fpm: pool www...
>│ │ ├─1452 php-fpm: pool www...
>│ │ └─1454 php-fpm: pool www...
>│ ├─polkit.service
>│ │ └─10026 /usr/lib/polkit-1...
>│ ├─postfix.service
>│ │ ├─ 1096 /usr/libexec/post...
>│ │ ├─ 1098 qmgr -l -t unix -u
>│ │ ├─ 1817 tlsmgr -l -t unix -u
>│ │ └─20925 pickup -l -t unix -u
>│ ├─postgresql.service
>│ │ ├─1009 /usr/bin/postgres...
>│ │ ├─1049 postgres: checkpo...
>│ │ ├─1050 postgres: writer ...
>│ │ ├─1051 pos

[systemd-devel] moving a directory let me with a 65534:65534 owner/group directory

2016-09-01 Thread arnaud gaboury
I have been moving directories and files between my host and my container
many times since more than one year with no issues. Host is Archlinux and
container Fedora 24 (upgrade to 24 is quite recent: no more than 2 months).

I moved a directory today from host to container and this let me, for the
first time, with a directory in the container owned by 65534:65534.

>From host, the directory is correctly seen as a root:root

--
# ls -al
/var/lib/machines/poppy/storage/tth-blog/pelican-themes/material-TTH/static
drwxr-xr-x 1 root  root  58 Sep  1 12:10 css/
--

I can't change owner/group ID from inside the container, which is of course
very annoying as my folders and their contents are unusable.


I didn't change anything in the way my container is mounted:

$ cat /etc/fstab
-
LABEL=poppy-root /var/lib/machines/poppy
 btrfs   rw,noatime,autodefrag,compress=lzo,ssd,subvol=rootvol
 0   0
-
The container is started at boot time with systemd-nspawn@poppy.service
(poppy is the container name)


$ systemctl status systemd-nspawn@poppy.service

● systemd-nspawn@poppy.service - Container poppy
   Loaded: loaded (/usr/lib/systemd/system/systemd-nspawn@.service;
enabled; vendor preset: dis
   Active: active (running) since Mon 2016-08-29 00:09:08 CEST; 3 days ago
 Docs: man:systemd-nspawn(1)
 Main PID: 612 (systemd-nspawn)
   Status: "Container running."
   CGroup: /machine.slice/systemd-nspawn@poppy.service
   ├─612 /usr/bin/systemd-nspawn --quiet --keep-unit --boot
--link-journal=try-guest --
   ├─init.scope
   │ └─617 /usr/lib/systemd/...
   ├─system.slice
   │ ├─console-getty.service
   │ │ └─991 /sbin/agetty --no...
   │ ├─dbus.service
   │ │ └─945 /usr/bin/dbus-dae...
   │ ├─dovecot.service
   │ │ ├─ 1016 /usr/sbin/dovecot
   │ │ ├─ 1431 dovecot/lmtp
   │ │ ├─ 1432 dovecot/anvil
   │ │ ├─ 1433 dovecot/log
   │ │ ├─ 1435 dovecot/config
   │ │ ├─ 1436 dovecot/lmtp
   │ │ ├─ 1437 dovecot/lmtp
   │ │ ├─ 1438 dovecot/lmtp
   │ │ ├─ 1439 dovecot/lmtp
   │ │ ├─ 1440 dovecot/lmtp
   │ │ ├─ 1441 dovecot/lmtp
   │ │ ├─ 1442 dovecot/lmtp
   │ │ ├─ 1443 dovecot/lmtp
   │ │ ├─ 1444 dovecot/lmtp
   │ │ ├─ 3222 dovecot/imap-login
   │ │ ├─ 3226 dovecot/imap
   │ │ ├─ 4129 dovecot/imap-login
   │ │ ├─ 4167 dovecot/imap
   │ │ ├─ 6412 dovecot/ssl-params
   │ │ ├─14815 dovecot/imap-login
   │ │ └─14819 dovecot/imap
   │ ├─nginx.service
   │ │ ├─1458 nginx: master pro...
   │ │ ├─1459 nginx: worker proces
   │ │ ├─1460 nginx: worker proces
   │ │ ├─1461 nginx: worker proces
   │ │ ├─1462 nginx: worker proces
   │ │ ├─1463 nginx: worker proces
   │ │ ├─1464 nginx: worker proces
   │ │ ├─1465 nginx: worker proces
   │ │ └─1466 nginx: worker proces
   │ ├─opendkim.service
   │ │ └─10182 /usr/sbin/opendki...
   │ ├─php-fpm.service
   │ │ ├─ 984 php-fpm: master p...
   │ │ ├─1445 php-fpm: pool own...
   │ │ ├─1446 php-fpm: pool own...
   │ │ ├─1447 php-fpm: pool own...
   │ │ ├─1448 php-fpm: pool own...
   │ │ ├─1449 php-fpm: pool own...
   │ │ ├─1450 php-fpm: pool www...
   │ │ ├─1451 php-fpm: pool www...
   │ │ ├─1452 php-fpm: pool www...
   │ │ └─1454 php-fpm: pool www...
   │ ├─polkit.service
   │ │ └─10026 /usr/lib/polkit-1...
   │ ├─postfix.service
   │ │ ├─ 1096 /usr/libexec/post...
   │ │ ├─ 1098 qmgr -l -t unix -u
   │ │ ├─ 1817 tlsmgr -l -t unix -u
   │ │ └─20925 pickup -l -t unix -u
   │ ├─postgresql.service
   │ │ ├─1009 /usr/bin/postgres...
   │ │ ├─1049 postgres: checkpo...
   │ │ ├─1050 postgres: writer ...
   │ │ ├─1051 postgres: wal wri...
   │ │ ├─1052 postgres: autovac...
   │ │ └─1053 postgres: stats c...
   │ ├─redis.service
   │ │ └─976 /usr/bin/redis-se...
   │ ├─saslauthd.service
   │ │ ├─970 /usr/sbin/saslaut...
   │ │ ├─971 /usr/sbin/saslaut...
   │ │ ├─972 /usr/sbin/saslaut...
   │ │ ├─973 /usr/sbin/saslaut...
   │ │ └─974 /usr/sbin/saslaut...
   │ ├─spamassassin.service
   │ │ └─27341 /usr/bin/perl -T ...
   │ ├─system-clamd.slice
   │ │ └─clamd@amavisd.service
   │ │   └─27332 /usr/sbin/clamd -...
   │ ├─systemd-journald.service
   │ │ └─904 /usr/lib/systemd/...
   │ ├─systemd-logind.service
   │ │ └─936 /usr/lib/systemd/...
   │ 

Re: [systemd-devel] Timer: time format

2016-08-23 Thread arnaud gaboury
On Tue, Aug 23, 2016 at 3:39 PM, Michael Chapman <m...@very.puzzling.org> wrote:
> On Tue, 23 Aug 2016, arnaud gaboury wrote:
>>
>> I am really sorry for this post as this may sound like a trivial one,
>> but honestly the timer topic is difficult to understand for me (at
>> least the time format).
>>
>> I am looking to run a service twice a day, never mind the time. I
>> understand I must use OnCalendar, but I have no idea for the rest.
>
>
> You may find it more convenient to use the other On* directives.
>
> For example:
>
>   OnBootSec=1h
>   OnUnitActiveSec=12h

Thank you for all these answers. In fact, without having a look at my
emails, I finally found this solution (which is correct accordingly
what I read):
OnUnitActiveSec=12h

Do I have to add:
Persistent=true
and an OnBootSec entry ?


>
> will trigger the associated service an hour after booting the system, and
> every 12 hours therafter. Take a look at the RandomizedDelaySec= and
> AccuracySec= directives too, to further specify how accurate the timer
> should be.
>
> - Michael



-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] Timer: time format

2016-08-23 Thread arnaud gaboury
On Tue, Aug 23, 2016 at 3:52 PM, arnaud gaboury
<arnaud.gabo...@gmail.com> wrote:
> On Tue, Aug 23, 2016 at 3:39 PM, Michael Chapman <m...@very.puzzling.org> 
> wrote:
>> On Tue, 23 Aug 2016, arnaud gaboury wrote:
>>>
>>> I am really sorry for this post as this may sound like a trivial one,
>>> but honestly the timer topic is difficult to understand for me (at
>>> least the time format).
>>>
>>> I am looking to run a service twice a day, never mind the time. I
>>> understand I must use OnCalendar, but I have no idea for the rest.
>>
>>
>> You may find it more convenient to use the other On* directives.
>>
>> For example:
>>
>>   OnBootSec=1h
>>   OnUnitActiveSec=12h
>
> Thank you for all these answers. In fact, without having a look at my
> emails, I finally found this solution (which is correct accordingly
> what I read):
> OnUnitActiveSec=12h
>
> Do I have to add:
> Persistent=true
NO

> and an OnBootSec entry ?
>
>
>>
>> will trigger the associated service an hour after booting the system, and
>> every 12 hours therafter. Take a look at the RandomizedDelaySec= and
>> AccuracySec= directives too, to further specify how accurate the timer
>> should be.
>>
>> - Michael
>
>
>
> --
>
> google.com/+arnaudgabourygabx



-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] Timer: time format

2016-08-23 Thread arnaud gaboury
I am really sorry for this post as this may sound like a trivial one,
but honestly the timer topic is difficult to understand for me (at
least the time format).

I am looking to run a service twice a day, never mind the time. I
understand I must use OnCalendar, but I have no idea for the rest.

I was thinking of OnCalendar=*:12:00   for running every 12 hours. Is
it right (or will it run every day at noon) ?

Thank you for help

-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] nspawn container: network broken

2016-08-12 Thread arnaud gaboury
On Fri, Aug 12, 2016 at 2:20 PM, arnaud gaboury
<arnaud.gabo...@gmail.com> wrote:
> Host distro: arch linux running systemd 230
> container distro Fedora 24 running systemd 229
>
> I broke systemd-networkd on the host after an upgrade to 231-1. The
> issue was the one described here[0]. In order to get back my network,
> I downgraded to 230 and now network is working on host, BUT still
> broken on the container.
>
> Here are my settings:
>
> Start container:
> # systemctl start systemd-nspawn@poppy
>
> systemd-networkd manage network on host and container.
>
> ## On host ##
> $ ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
> group default qlen 1
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> ...
> 2: enp7s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> master br0 state UP group default qlen 1000
> link/ether 14:da:e9:b5:7a:88 brd ff:ff:ff:ff:ff:ff
> ..
> 4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
> UP group default qlen 1000
> link/ether b6:0c:00:22:f1:4a brd ff:ff:ff:ff:ff:ff
> inet 192.168.1.87/24 brd 192.168.1.255 scope global br0
>valid_lft forever preferred_lft forever
> .
> 5: ve-poppy@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> noqueue state UP group default qlen 1000
> link/ether 0e:9a:d7:18:a3:59 brd ff:ff:ff:ff:ff:ff link-netnsid 0
> inet 169.254.50.244/16 brd 169.254.255.255 scope link ve-poppy
>valid_lft forever preferred_lft forever
> .
>
> /etc/systemd/system/network/bridge.network
> 
> [Match]
> Name=br0
>
> [Network]
> Address=192.168.1.87/24
> Gateway=192.168.1.254
> DNS=192.168.1.254
> --
>
> /etc/systemd/system/network/eth.network
> 
> [Match]
> Name=enp7s0
>
> [Network]
> Bridge=br0
> -
>
> /etc/systemd/system/network/bridge.netdev
> --
> [NetDev]
> Bridge=br0
> Kind=bridge
> 
>
>
> ## On container ##
>
> $ ip a1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state
> UNKNOWN group default qlen 1
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> ...
> 2: host0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
> state UP group default qlen 1000
> link/ether 0e:7f:c3:fb:25:b1 brd ff:ff:ff:ff:ff:ff link-netnsid 0
> inet 192.168.1.94/24 brd 192.168.1.255 scope global host0
>valid_lft forever preferred_lft forever
> 
>
> /etc/systemd/network/poppy.network
> 
> [Match]
> Name=host0
>
> [Network]
> DNS=192.168.1.254
> Address=192.168.1.94/24
> Gateway=192.168.1.254
> --
>
> % systemctl status systemd-networkd
> ● systemd-networkd.service - Network Service
>Loaded: loaded (/usr/lib/systemd/system/systemd-networkd.service;
> enabled; vendor preset: disabled)
>Active: active (running) since Fri 2016-08-12 12:26:59 CEST; 1h 51min ago
>  Docs: man:systemd-networkd.service(8)
>  Main PID: 33 (systemd-network)
>Status: "Processing requests..."
>CGroup: 
> /machine.slice/systemd-nspawn@poppy.service/system.slice/systemd-networkd.service
>└─33 /usr/lib/systemd/systemd-networkd
>
> Aug 12 12:26:59 thetradinghall.com systemd[1]: Starting Network Service...
> Aug 12 12:26:59 thetradinghall.com systemd-networkd[33]: host0: Cannot
> disable kernel IPv6 accept_ra for i
> Aug 12 12:26:59 thetradinghall.com systemd-networkd[33]: Enumeration completed
> Aug 12 12:26:59 thetradinghall.com systemd[1]: Started Network Service.
> Aug 12 12:26:59 thetradinghall.com systemd-networkd[33]: host0: Gained carrier
> Aug 12 12:27:00 thetradinghall.com systemd-networkd[33]: host0: Gained IPv6LL
> Aug 12 12:27:12 thetradinghall.com systemd-networkd[33]: host0:
> Starting DHCPv6 client after NDisc timeout
> Aug 12 12:27:12 thetradinghall.com systemd-networkd[33]: host0: Configured
>
>
> 
>
> May someone help me to fix the broken network on container?

I found the culprit: my /usr/lib/systemd/system/systemd-nspawn@ is a
modified one: I replace --network-veth option with
--network-bridge=br0. This modified file was replaced accidentally by
original one.

>
> Thank you.
>
>
>
> [0]https://github.com/systemd/systemd/issues/3876
>
>
> --
>
> google.com/+arnaudgabourygabx



-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] nspawn container: network broken

2016-08-12 Thread arnaud gaboury
Host distro: arch linux running systemd 230
container distro Fedora 24 running systemd 229

I broke systemd-networkd on the host after an upgrade to 231-1. The
issue was the one described here[0]. In order to get back my network,
I downgraded to 230 and now network is working on host, BUT still
broken on the container.

Here are my settings:

Start container:
# systemctl start systemd-nspawn@poppy

systemd-networkd manage network on host and container.

## On host ##
$ ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN
group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
...
2: enp7s0:  mtu 1500 qdisc pfifo_fast
master br0 state UP group default qlen 1000
link/ether 14:da:e9:b5:7a:88 brd ff:ff:ff:ff:ff:ff
..
4: br0:  mtu 1500 qdisc noqueue state
UP group default qlen 1000
link/ether b6:0c:00:22:f1:4a brd ff:ff:ff:ff:ff:ff
inet 192.168.1.87/24 brd 192.168.1.255 scope global br0
   valid_lft forever preferred_lft forever
.
5: ve-poppy@if2:  mtu 1500 qdisc
noqueue state UP group default qlen 1000
link/ether 0e:9a:d7:18:a3:59 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 169.254.50.244/16 brd 169.254.255.255 scope link ve-poppy
   valid_lft forever preferred_lft forever
.

/etc/systemd/system/network/bridge.network

[Match]
Name=br0

[Network]
Address=192.168.1.87/24
Gateway=192.168.1.254
DNS=192.168.1.254
--

/etc/systemd/system/network/eth.network

[Match]
Name=enp7s0

[Network]
Bridge=br0
-

/etc/systemd/system/network/bridge.netdev
--
[NetDev]
Bridge=br0
Kind=bridge



## On container ##

$ ip a1: lo:  mtu 65536 qdisc noqueue state
UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
...
2: host0@if5:  mtu 1500 qdisc noqueue
state UP group default qlen 1000
link/ether 0e:7f:c3:fb:25:b1 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.1.94/24 brd 192.168.1.255 scope global host0
   valid_lft forever preferred_lft forever


/etc/systemd/network/poppy.network

[Match]
Name=host0

[Network]
DNS=192.168.1.254
Address=192.168.1.94/24
Gateway=192.168.1.254
--

% systemctl status systemd-networkd
● systemd-networkd.service - Network Service
   Loaded: loaded (/usr/lib/systemd/system/systemd-networkd.service;
enabled; vendor preset: disabled)
   Active: active (running) since Fri 2016-08-12 12:26:59 CEST; 1h 51min ago
 Docs: man:systemd-networkd.service(8)
 Main PID: 33 (systemd-network)
   Status: "Processing requests..."
   CGroup: 
/machine.slice/systemd-nspawn@poppy.service/system.slice/systemd-networkd.service
   └─33 /usr/lib/systemd/systemd-networkd

Aug 12 12:26:59 thetradinghall.com systemd[1]: Starting Network Service...
Aug 12 12:26:59 thetradinghall.com systemd-networkd[33]: host0: Cannot
disable kernel IPv6 accept_ra for i
Aug 12 12:26:59 thetradinghall.com systemd-networkd[33]: Enumeration completed
Aug 12 12:26:59 thetradinghall.com systemd[1]: Started Network Service.
Aug 12 12:26:59 thetradinghall.com systemd-networkd[33]: host0: Gained carrier
Aug 12 12:27:00 thetradinghall.com systemd-networkd[33]: host0: Gained IPv6LL
Aug 12 12:27:12 thetradinghall.com systemd-networkd[33]: host0:
Starting DHCPv6 client after NDisc timeout
Aug 12 12:27:12 thetradinghall.com systemd-networkd[33]: host0: Configured




May someone help me to fix the broken network on container?

Thank you.



[0]https://github.com/systemd/systemd/issues/3876


-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] systemd-networkd - Could not append VLANs / operation not permitted

2016-08-11 Thread arnaud gaboury
- Systemd version 213-1
- OS: Arch linux
- a systemd nspawn container is running
- host network is managed by systemd-networkd

After an upgrade, systemd-networkd is broken, exactly the way descibed
in this issue #3876[0]
Everything was working pefectly before.

Config files:

/etc/systemd/system/network/bridge.network

[Match]
Name=br0

[Network]
Address=192.168.1.87/24
Gateway=192.168.1.254
DNS=192.168.1.254
--

/etc/systemd/system/network/eth.network

[Match]
Name=enp7s0

[Network]
Bridge=br0
-

/etc/systemd/system/network/bridge.netdev
--
[NetDev]
Bridge=br0
Kind=bridge



/etc/resolv.conf -> /usr/lib/systemd/resolv.conf

I start systemd-networkd with the regular
/usr/lib/systemd/system/systemd-networkd file distributed with my
distro.

I do not know how to solve this issue, neither understand if it is
closed or still a bug.
This issue is annoying as the container runs a server and is broken.

How can I deal with it? Anything I need to change in my settingss?

TY for help.



[0]https://github.com/systemd/systemd/issues/3876

-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] sshd.socket: connection closed by remote host

2016-03-19 Thread arnaud gaboury
On Sat, Mar 19, 2016 at 3:00 PM, arnaud gaboury <arnaud.gabo...@gmail.com>
wrote:

> OS: fedora 23 server
> systemd: 222
>
> I gave a try at sshd.socket instead of the usual sshd.service. The latter
> was working well on my server but I can't ssh with sshd.socket.
>
> % systemctl cat sshd.socket
> --
> # /usr/lib/systemd/system/sshd.socket
> [Unit]
> Description=OpenSSH Server Socket
> Documentation=man:sshd(8) man:sshd_config(5)
> Conflicts=sshd.service
>
> [Socket]
> ListenStream=22
> Accept=yes
>
> [Install]
> WantedBy=sockets.target
>
> # /etc/systemd/system/sshd.socket.d/override.conf
> [Socket]
> #ListenStream=
> ListenStream=192.168.1.94:X
> FreeBind=true
> --
>
>  % systemctl status sshd.socket
> ---
> ● sshd.socket - OpenSSH Server Socket
>Loaded: loaded (/usr/lib/systemd/system/sshd.socket; enabled; vendor
> preset: disabled)
>   Drop-In: /etc/systemd/system/sshd.socket.d
>└─override.conf
>Active: active (listening) since Sat 2016-03-19 14:42:26 CET; 7min ago
>  Docs: man:sshd(8)
>man:sshd_config(5)
>Listen: 0.0.0.0:22 (Stream)
>192.168.1.94:X (Stream)
>  Accepted: 9; Connected: 0
>
> Mar 19 14:42:26 poppy systemd[1]: Listening on OpenSSH Server Socket.
> Mar 19 14:42:26 poppy systemd[1]: Starting OpenSSH Server Socket.
> ---
>
> As you can see, 9 connections have been accepted, but I do not know why
> connection is closed by host.
>
>
>  % ssh -v -p X u...@thetradinghall.com
> OpenSSH_7.2p1, OpenSSL 1.0.2g  1 Mar 2016
> debug1: Reading configuration data /home/user/.ssh/config
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Connecting to thetradinghall.com [212.147.52.214] port XX.
> debug1: Connection established.
> debug1: identity file /home/user/.ssh/gabx-hortensia_ed25519.pub type 4
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/user/.ssh/gabx-hortensia_ed25519.pub-cert type
> -1
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_7.2
> debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2
> debug1: match: OpenSSH_7.2 pat OpenSSH* compat 0x0400
> debug1: Authenticating to thetradinghall.com:42660 as 'poisonivy'
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: algorithm: curve25519-sha...@libssh.org
> debug1: kex: host key algorithm: ecdsa-sha2-nistp256
> debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC:
>  compression: none
> debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC:
>  compression: none
> debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
> debug1: Server host key: ecdsa-sha2-nistp256
> SHA256:TU3S5iIvTFbyVwHsNtzm1OPcZ6lYWOnfQ06tKnljnXI
> debug1: checking without port identifier
> debug1: Host 'thetradinghall.com' is known and matches the ECDSA host key.
> debug1: Found key in /home/user/.ssh/known_hosts:8
> debug1: found matching key w/out port
> debug1: rekey after 134217728 blocks
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: rekey after 134217728 blocks
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_EXT_INFO received
> debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
> debug1: SSH2_MSG_SERVICE_ACCEPT received
>
> ###
> ## Welcome to TheTradingHall.com ##
> ###
>
> debug1: Authentications that can continue:
> publickey,gssapi-keyex,gssapi-with-mic
> debug1: Next authentication method: publickey
> debug1: Offering ED25519 public key:
> /home/gabx/.ssh/gabx-hortensia_ed25519.pub
> debug1: Server accepts key: pkalg ssh-ed25519 blen 51
> debug1: Authentication succeeded (publickey).
> Authenticated to thetradinghall.com ([212.147.52.214]:XX).
> debug1: channel 0: new [client-session]
> debug1: Requesting no-more-sessi...@openssh.com
> debug1: Entering interactive session.
> debug1: pledge: network
> debug1: channel 0: free: client-session, nchannels 1
> Connection to thetradinghall.com closed by remote host.
> Connection to thetradinghall.com closed.
> Transferred: sent 1948, received 1628 bytes, in 0.0 seconds
> Bytes per second: sent 22886566.4, received 19126966.1
> debug1: Exit status -1
>
>
> --
>
> Nothing in journalctl -unit sshd neither sshd@XY-192.168.1.94
>
> Thank you for any hint why the connection is closed by the server when in
> fact it is accepted.
>
> I found the solution by modfiying /etc/pam.d/sshd and adding
system-remote-login and system-login files.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] sshd.socket: connection closed by remote host

2016-03-19 Thread arnaud gaboury
On Sat, Mar 19, 2016 at 3:00 PM, arnaud gaboury <arnaud.gabo...@gmail.com>
wrote:

> OS: fedora 23 server
> systemd: 222
>
> I gave a try at sshd.socket instead of the usual sshd.service. The latter
> was working well on my server but I can't ssh with sshd.socket.
>
> % systemctl cat sshd.socket
> --
> # /usr/lib/systemd/system/sshd.socket
> [Unit]
> Description=OpenSSH Server Socket
> Documentation=man:sshd(8) man:sshd_config(5)
> Conflicts=sshd.service
>
> [Socket]
> ListenStream=22
> Accept=yes
>
> [Install]
> WantedBy=sockets.target
>
> # /etc/systemd/system/sshd.socket.d/override.conf
> [Socket]
> #ListenStream=
> ListenStream=192.168.1.94:X
> FreeBind=true
> --
>
>  % systemctl status sshd.socket
> ---
> ● sshd.socket - OpenSSH Server Socket
>Loaded: loaded (/usr/lib/systemd/system/sshd.socket; enabled; vendor
> preset: disabled)
>   Drop-In: /etc/systemd/system/sshd.socket.d
>└─override.conf
>Active: active (listening) since Sat 2016-03-19 14:42:26 CET; 7min ago
>  Docs: man:sshd(8)
>man:sshd_config(5)
>Listen: 0.0.0.0:22 (Stream)
>192.168.1.94:X (Stream)
>  Accepted: 9; Connected: 0
>
> Mar 19 14:42:26 poppy systemd[1]: Listening on OpenSSH Server Socket.
> Mar 19 14:42:26 poppy systemd[1]: Starting OpenSSH Server Socket.
> ---
>
> As you can see, 9 connections have been accepted, but I do not know why
> connection is closed by host.
>
>
>  % ssh -v -p X u...@thetradinghall.com
> OpenSSH_7.2p1, OpenSSL 1.0.2g  1 Mar 2016
> debug1: Reading configuration data /home/user/.ssh/config
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Connecting to thetradinghall.com [212.147.52.214] port XX.
> debug1: Connection established.
> debug1: identity file /home/user/.ssh/gabx-hortensia_ed25519.pub type 4
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/user/.ssh/gabx-hortensia_ed25519.pub-cert type
> -1
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_7.2
> debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2
> debug1: match: OpenSSH_7.2 pat OpenSSH* compat 0x0400
> debug1: Authenticating to thetradinghall.com:42660 as 'poisonivy'
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: algorithm: curve25519-sha...@libssh.org
> debug1: kex: host key algorithm: ecdsa-sha2-nistp256
> debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC:
>  compression: none
> debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC:
>  compression: none
> debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
> debug1: Server host key: ecdsa-sha2-nistp256
> SHA256:TU3S5iIvTFbyVwHsNtzm1OPcZ6lYWOnfQ06tKnljnXI
> debug1: checking without port identifier
> debug1: Host 'thetradinghall.com' is known and matches the ECDSA host key.
> debug1: Found key in /home/user/.ssh/known_hosts:8
> debug1: found matching key w/out port
> debug1: rekey after 134217728 blocks
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: rekey after 134217728 blocks
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_EXT_INFO received
> debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
> debug1: SSH2_MSG_SERVICE_ACCEPT received
>
> ###
> ## Welcome to TheTradingHall.com ##
> ###
>
> debug1: Authentications that can continue:
> publickey,gssapi-keyex,gssapi-with-mic
> debug1: Next authentication method: publickey
> debug1: Offering ED25519 public key:
> /home/gabx/.ssh/gabx-hortensia_ed25519.pub
> debug1: Server accepts key: pkalg ssh-ed25519 blen 51
> debug1: Authentication succeeded (publickey).
> Authenticated to thetradinghall.com ([212.147.52.214]:XX).
> debug1: channel 0: new [client-session]
> debug1: Requesting no-more-sessi...@openssh.com
> debug1: Entering interactive session.
> debug1: pledge: network
> debug1: channel 0: free: client-session, nchannels 1
> Connection to thetradinghall.com closed by remote host.
> Connection to thetradinghall.com closed.
> Transferred: sent 1948, received 1628 bytes, in 0.0 seconds
> Bytes per second: sent 22886566.4, received 19126966.1
> debug1: Exit status -1
>
> --
>
> Nothing in journalctl -unit sshd neither sshd@XY-192.168.1.94
>

EDIT: listing sockets/processes with $ ss,

[systemd-devel] sshd.socket: connection closed by remote host

2016-03-19 Thread arnaud gaboury
OS: fedora 23 server
systemd: 222

I gave a try at sshd.socket instead of the usual sshd.service. The latter
was working well on my server but I can't ssh with sshd.socket.

% systemctl cat sshd.socket
--
# /usr/lib/systemd/system/sshd.socket
[Unit]
Description=OpenSSH Server Socket
Documentation=man:sshd(8) man:sshd_config(5)
Conflicts=sshd.service

[Socket]
ListenStream=22
Accept=yes

[Install]
WantedBy=sockets.target

# /etc/systemd/system/sshd.socket.d/override.conf
[Socket]
#ListenStream=
ListenStream=192.168.1.94:X
FreeBind=true
--

 % systemctl status sshd.socket
---
● sshd.socket - OpenSSH Server Socket
   Loaded: loaded (/usr/lib/systemd/system/sshd.socket; enabled; vendor
preset: disabled)
  Drop-In: /etc/systemd/system/sshd.socket.d
   └─override.conf
   Active: active (listening) since Sat 2016-03-19 14:42:26 CET; 7min ago
 Docs: man:sshd(8)
   man:sshd_config(5)
   Listen: 0.0.0.0:22 (Stream)
   192.168.1.94:X (Stream)
 Accepted: 9; Connected: 0

Mar 19 14:42:26 poppy systemd[1]: Listening on OpenSSH Server Socket.
Mar 19 14:42:26 poppy systemd[1]: Starting OpenSSH Server Socket.
---

As you can see, 9 connections have been accepted, but I do not know why
connection is closed by host.


 % ssh -v -p X u...@thetradinghall.com
OpenSSH_7.2p1, OpenSSL 1.0.2g  1 Mar 2016
debug1: Reading configuration data /home/user/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to thetradinghall.com [212.147.52.214] port XX.
debug1: Connection established.
debug1: identity file /home/user/.ssh/gabx-hortensia_ed25519.pub type 4
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/gabx-hortensia_ed25519.pub-cert type
-1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2
debug1: match: OpenSSH_7.2 pat OpenSSH* compat 0x0400
debug1: Authenticating to thetradinghall.com:42660 as 'poisonivy'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha...@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC:
 compression: none
debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC:
 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256
SHA256:TU3S5iIvTFbyVwHsNtzm1OPcZ6lYWOnfQ06tKnljnXI
debug1: checking without port identifier
debug1: Host 'thetradinghall.com' is known and matches the ECDSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:8
debug1: found matching key w/out port
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=
debug1: SSH2_MSG_SERVICE_ACCEPT received

###
## Welcome to TheTradingHall.com ##
###

debug1: Authentications that can continue:
publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Offering ED25519 public key:
/home/gabx/.ssh/gabx-hortensia_ed25519.pub
debug1: Server accepts key: pkalg ssh-ed25519 blen 51
debug1: Authentication succeeded (publickey).
Authenticated to thetradinghall.com ([212.147.52.214]:XX).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessi...@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: channel 0: free: client-session, nchannels 1
Connection to thetradinghall.com closed by remote host.
Connection to thetradinghall.com closed.
Transferred: sent 1948, received 1628 bytes, in 0.0 seconds
Bytes per second: sent 22886566.4, received 19126966.1
debug1: Exit status -1

--

Nothing in journalctl -unit sshd neither sshd@XY-192.168.1.94

Thank you for any hint why the connection is closed by the server when in
fact it is accepted.


-- 

google.com/+arnaudgabourygabx

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] Environment and additional command line options

2016-02-01 Thread arnaud gaboury
On Mon, Feb 1, 2016 at 10:48 AM, Mantas Mikulėnas <graw...@gmail.com> wrote:
> On Mon, Feb 1, 2016 at 11:37 AM, arnaud gaboury <arnaud.gabo...@gmail.com>
> wrote:
>>
>> $ systemctl --version
>> systemd 22
>
>
> v22 was released five years ago, are you sure?
222, sorry for the typo


>
>>
>>  One way to pass additional options is to add one of these lines in
>> the [Service] part of the unit file:
>>
>> 
>> Environment=ONE='one'
>> EnvironmentFile=/path/to
>> ---
>>
>> If I am right, there is another possible mechanism since recent
>> versions by adding a configuration file somewhere in /etc/systemd, but
>> I can't remember how exactly do it. I think the way is to edit a
>> MyService.conf and place it in /etc/systemd/system.conf.d. Am I right?
>>  /etc/systemd/system/MyService.service.conf directory is to add
>> override vendor settings. I
>
>
> Search systemd.unit(5) for "drop-in". There is no special syntax, the
> additional .conf files act exactly like a part of the main unit file.

Yes I have seen it. This mechanism uses
/etc/systemd/system/MyService.service.conf directory to store a
locale.conf. But what about using /etc/systemd/systemd.conf.d
directory instead ?
>
> --
> Mantas Mikulėnas <graw...@gmail.com>



-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] Environment and additional command line options

2016-02-01 Thread arnaud gaboury
$ systemctl --version
systemd 22

 One way to pass additional options is to add one of these lines in
the [Service] part of the unit file:


Environment=ONE='one'
EnvironmentFile=/path/to
---

If I am right, there is another possible mechanism since recent
versions by adding a configuration file somewhere in /etc/systemd, but
I can't remember how exactly do it. I think the way is to edit a
MyService.conf and place it in /etc/systemd/system.conf.d. Am I right?
 /etc/systemd/system/MyService.service.conf directory is to add
override vendor settings. I

So my question: is  /etc/systemd/system.conf.d/MyService.conf the
right place to add options? And how to specify multi options:
in one line like :
param1=value param2=value

or
param1=value
param2=value

Thank you for help.






-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] Fwd: messing with .mount/.automount units

2016-01-30 Thread arnaud gaboury
On Sat, Jan 30, 2016, 5:28 PM Andrei Borzenkov <arvidj...@gmail.com> wrote:

> 30.01.2016 13:44, arnaud gaboury пишет:
> >>> My first attempt was to add this line in my /etc/fstab:
> >>> ---
> >>> UUID=868560c1-ab69-423f-b76d-b8ea5af1b066 /mnt/backup
> >>>   ext2
> noauto,x-systemd.automount,x-systemd.device-timeout=5,x-systemd.idle-timeout=60
> >>>02
> >>> ---
> >>>
> >>> $ ls /run/systemd/generator
> >>> .
> >>> mnt-backup.automount
> >>> mnt-backup.mount
> >>> 
> >>>
> >>> For unknown reasons, the partition did mount at boot and never umount.
> >>
> >> Do you mean - you boot with USB stick inserted (before system power on)
> >> and after boot USB stick is mounted (not automounted)?
> >
> > Yes, I boot with the external USB drive plugged. The drive is LVM
> > partitioned, and yes, the /mnt/backup is mounted with the above fstab
> > Could you show
> >> /proc/mounts output?
> > 
> > systemd-1 /mnt/backup autofs
> > rw,relatime,fd=26,pgrp=1,timeout=60,minproto=5,maxproto=5,direct 0 0
> > .
> >>
>
> So you configured directory for automount and systemd did automount. I
> do not understand what you complain about here.
>

I was just looking for a solution using only fstab, no additional
.mount/.automount files in /etc/systemd/system, as it is was is
recommended. Nothing else.

>
> Your USB stick is *not* mounted.
>
>
> ___
> systemd-devel mailing list
> systemd-devel@lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
>
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] Fwd: messing with .mount/.automount units

2016-01-30 Thread arnaud gaboury
On Sat, Jan 30, 2016 at 8:11 AM, Andrei Borzenkov <arvidj...@gmail.com> wrote:
> 29.01.2016 23:07, arnaud gaboury пишет:
>> BUMP.
>>
>> I run once a week a simple backup with rsync. For that purpose, I
>> wrote a service file (rsync) and a timer unit. They both work with no
>> issues.
>>
>>  /etc/systemd/system/backup-external.service
>> 
>> [Unit]
>> Description=Backup system to external drive
>> Requires=mnt-backup.mount
>
> Why you need it if you use automount anyway? /mnt/backup should be
> mounted on access. As is, I am not sure what effect it has.
>
>> After=mnt-backup.mount
>>
>> [Service]
>> Type=oneshot
>> ExecStart=/usr/bin/rsync -av --delete --exclude-from
>> /etc/conf.d/exclude-hortensia / /mnt/backup/hortensia
>> ExecStartPost=/usr/bin/umount /mnt/backup
>
> Same. I am not even sure whether it attempts to unmount underlying file
> system or autofs. You need to decicde whether you use automount or
> normal mount.
>
>> -
>>
>> I would like to mount/umount the backup partition only when the
>> service is triggered. Backup partition is on a USB external drive and
>> LVM group.
>> My first attempt was to add this line in my /etc/fstab:
>> ---
>> UUID=868560c1-ab69-423f-b76d-b8ea5af1b066 /mnt/backup
>>   ext2
>> noauto,x-systemd.automount,x-systemd.device-timeout=5,x-systemd.idle-timeout=60
>>02
>> ---
>>
>> $ ls /run/systemd/generator
>> .
>> mnt-backup.automount
>> mnt-backup.mount
>> 
>>
>> For unknown reasons, the partition did mount at boot and never umount.
>
> Do you mean - you boot with USB stick inserted (before system power on)
> and after boot USB stick is mounted (not automounted)?

Yes, I boot with the external USB drive plugged. The drive is LVM
partitioned, and yes, the /mnt/backup is mounted with the above fstab
Could you show
> /proc/mounts output?

systemd-1 /mnt/backup autofs
rw,relatime,fd=26,pgrp=1,timeout=60,minproto=5,maxproto=5,direct 0 0
.
>
>> The only way I found to achieve my goal is:
>> - remove the entry in /etc/fstab
>> - copy the .mount and .automonut files in /etc/systemd/system
>>
>
> Copy from where? Please show these units you use now.

I copied then from /run/systemd/generator.

 % cat /run/systemd/generator/mnt-backup.automount
--
# Automatically generated by systemd-fstab-generator

[Unit]
SourcePath=/etc/fstab
Documentation=man:fstab(5) man:systemd-fstab-generator(8)
Before=local-fs.target
[Automount]
Where=/mnt/backup
TimeoutIdleSec=1min


% cat /run/systemd/generator/mnt-backup.mount
--
# Automatically generated by systemd-fstab-generator

[Unit]
SourcePath=/etc/fstab
Documentation=man:fstab(5) man:systemd-fstab-generator(8)
Requires=systemd-fsck@dev-disk-by\x2duuid-868560c1\x2dab69\x2d423f\x2db76d\x2db8ea5af1b066.service
After=systemd-fsck@dev-disk-by\x2duuid-868560c1\x2dab69\x2d423f\x2db76d\x2db8ea5af1b066.service

[Mount]
What=/dev/disk/by-uuid/868560c1-ab69-423f-b76d-b8ea5af1b066
Where=/mnt/backup
Type=ext2
Options=noauto,x-systemd.automount,x-systemd.idle-timeout=60



>
> And does it unmount in this case after backup is finished?

YES
>
>> I have the expected behavior this way.
>> My question: is this the standard way and advised to do it? Why my
>> ftsab entry did not work?
>>
>
>
> What is your systemd version?
systemd 228-3


-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] Fwd: messing with .mount/.automount units

2016-01-29 Thread arnaud gaboury
BUMP.

I run once a week a simple backup with rsync. For that purpose, I
wrote a service file (rsync) and a timer unit. They both work with no
issues.

 /etc/systemd/system/backup-external.service

[Unit]
Description=Backup system to external drive
Requires=mnt-backup.mount
After=mnt-backup.mount

[Service]
Type=oneshot
ExecStart=/usr/bin/rsync -av --delete --exclude-from
/etc/conf.d/exclude-hortensia / /mnt/backup/hortensia
ExecStartPost=/usr/bin/umount /mnt/backup
-

I would like to mount/umount the backup partition only when the
service is triggered. Backup partition is on a USB external drive and
LVM group.
My first attempt was to add this line in my /etc/fstab:
---
UUID=868560c1-ab69-423f-b76d-b8ea5af1b066 /mnt/backup
  ext2
noauto,x-systemd.automount,x-systemd.device-timeout=5,x-systemd.idle-timeout=60
   02
---

$ ls /run/systemd/generator
.
mnt-backup.automount
mnt-backup.mount


For unknown reasons, the partition did mount at boot and never umount.
The only way I found to achieve my goal is:
- remove the entry in /etc/fstab
- copy the .mount and .automonut files in /etc/systemd/system

I have the expected behavior this way.
My question: is this the standard way and advised to do it? Why my
ftsab entry did not work?

Thank you


--

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] messing with .mount/.automount units

2016-01-25 Thread arnaud gaboury
I run once a week a simple backup with rsync. For that purpose, I
wrote a service file (rsync) and a timer unit. They both work with no
issues.

 /etc/systemd/system/backup-external.service

[Unit]
Description=Backup system to external drive
Requires=mnt-backup.mount
After=mnt-backup.mount

[Service]
Type=oneshot
ExecStart=/usr/bin/rsync -av --delete --exclude-from
/etc/conf.d/exclude-hortensia / /mnt/backup/hortensia
ExecStartPost=/usr/bin/umount /mnt/backup
-

I would like to mount/umount the backup partition only when the
service is triggered. Backup partition is on a USB external drive and
LVM group.
My first attempt was to add this line in my /etc/fstab:
---
UUID=868560c1-ab69-423f-b76d-b8ea5af1b066 /mnt/backup
  ext2
noauto,x-systemd.automount,x-systemd.device-timeout=5,x-systemd.idle-timeout=60
   02
---

$ ls /run/systemd/generator
.
mnt-backup.automount
mnt-backup.mount


For unknown reasons, the partition did mount at boot and never umount.
The only way I found to achieve my goal is:
- remove the entry in /etc/fstab
- copy the .mount and .automonut files in /etc/systemd/system

I have the expected behavior this way.
My question: is this the standard way and advised to do it? Why my
ftsab entry did not work?

Thank you


-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] On calendar timer

2016-01-12 Thread arnaud gaboury
On Tue, Jan 12, 2016 at 6:46 PM, Lennart Poettering
<lenn...@poettering.net> wrote:
> On Wed, 06.01.16 17:17, arnaud gaboury (arnaud.gabo...@gmail.com) wrote:
>
>> I am not sure about how to express date/time in a timer unit.
>>
>> I want the timer to be start every year(*), on month 1,3,5,7,9,11,
>> first day of month at 02:00:00 AM. Here is what I wrote:
>>
>> [Timer]
>> OnCalendar=*-1,3,5,7,9,11-01 02:00:00
>>
>> Is this correct ?
>>
>> Now if I want instead not the first day of the cited months, but the
>> first Sunday:
>>
>> OnCalendar=Sun, *-1,3,5,7,9,11-01 02:00:00
>>
>> Or the above will only trigger the service IF first day of the cited
>> month is a Sunday?
>
> The latter. Basically, for each element in the expression one item of the
> specified list must hold for the event to trigger.
>
> To express what you want to express I'd just list all days of the
> first week.
>
> Sun 1,3,5,7,9-1,2,3,4,5,6,7 02:00

Very good. If I follow you correctly, the service will be triggered on
month 1,3,5,7,9, 11 (in fact, every two months. I do not care which
one indeed),  on the first Sunday of these months at 2:00 AM. That is
exactly what I want.
As a side note, I will need to trigger like 8 services at this moment
(in fact, it is a letsencrypt ssl web certificate auto renewal for all
my subdomains). It seems there is no After= for timer, so best would
be to set, say 2:00, 2:05, 2:10 etc (the ssl renewal just need less
than one minute). Or simpler, let 2:00 for all of them ?


>
> Which means: on every sunday, that is one of the first 7 days of the
> months 1, 3, 5, 7 or 9, at 2am.
>
> Of course, we should probably introduce a ".." syntax so that
> 1,2,3,4,5,6,7 could be written as "1..7". Happy to take a patch for
> that.
>
> Hope this is useful.
>
> Lennart
>
> --
> Lennart Poettering, Red Hat



-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] On calendar timer

2016-01-06 Thread arnaud gaboury
I am not sure about how to express date/time in a timer unit.

I want the timer to be start every year(*), on month 1,3,5,7,9,11,
first day of month at 02:00:00 AM. Here is what I wrote:

[Timer]
OnCalendar=*-1,3,5,7,9,11-01 02:00:00

Is this correct ?

Now if I want instead not the first day of the cited months, but the
first Sunday:

OnCalendar=Sun, *-1,3,5,7,9,11-01 02:00:00

Or the above will only trigger the service IF first day of the cited
month is a Sunday?

Thank you for help

-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] empty a directory in service file as ExecStartPre

2016-01-02 Thread arnaud gaboury
On Sat, Jan 2, 2016 at 1:08 PM, Mantas Mikulėnas <graw...@gmail.com> wrote:
> ExecStart does not go through a shell, so it won't expand wildcards.

OK. I understand now.
>
> Try running 'find /dir -mindepth 1 -delete', that also cleans up dotdirs.

In my case, there is one more hurdle. Will post elsewhere as it is OT
in this list.
Thank you for your help.
>
> Alternatively 'sh -c "rm .../*" to handle wildcards.
>
>
> On Sat, Jan 2, 2016, 13:39 arnaud gaboury <arnaud.gabo...@gmail.com> wrote:
>>
>> I can't manage to empty a directory as a Exec in a service file. Here is
>> part:
>>
>> ---
>> [Service]
>> User=postgres
>> Environment=REPORTDIR=/storage/psqlReport
>> ExecStartPre=/usr/bin/rm -f ${REPORTDIR}/*
>> ExecStart=MyCommand
>>
>> --
>>
>> $ journalctl -xe -l
>> ---
>> -- Unit pgcluu_collectd.service has begun starting up.
>> Jan 02 12:34:02 poppy pgcluu_collectd[21593]: *** pgcluu_collectd v2.4
>> (pid:21593) started at Sat Jan  2 12:34:02 2016
>> Jan 02 12:34:02 poppy pgcluu_collectd[21593]: Type Ctrl+c to quit.
>> Jan 02 12:34:02 poppy pgcluu[21594]: FATAL: output directory
>> /storage/psqlReport is not empty. at /usr/bin/pgcluu line 1033.
>> Jan 02 12:34:02 poppy systemd[1]: pgcluu_collectd.service: Control
>> process exited, code=exited status=2
>> -
>>
>> Running manually the rm command as user postgres empty the directory,
>> but when in service file, the directory is still full. I see it as
>> ExecStart=MyCommand complains the directory is full and service exits
>> with an error.
>> User postgres has of course rw access to directory content.
>> No any kind of interactive prompt when running rm.
>> If I start the service with an empty /storage/psqlReport, service success.
>>
>> What am I missing? Is there a better way to empty the directory before
>> running my command ? The service will be timered, so can't empty
>> manually.
>>
>> Thank you for help.
>>
>> --
>>
>> google.com/+arnaudgabourygabx
>> ___
>> systemd-devel mailing list
>> systemd-devel@lists.freedesktop.org
>> http://lists.freedesktop.org/mailman/listinfo/systemd-devel



-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] empty a directory in service file as ExecStartPre

2016-01-02 Thread arnaud gaboury
On Sat, Jan 2, 2016 at 1:57 PM, Reindl Harald <h.rei...@thelounge.net> wrote:
>
>
> Am 02.01.2016 um 13:43 schrieb arnaud gaboury:
>>
>> ExecStartPre=/usr/bin/rm -f ${REPORTDIR}/
>
>
> ExecStartPre=/usr/local/scripts/emptydir.sh $REPORTDIR

Thank you, but I would prefer to avoid any external script.

I finally found the correct way, as I had to remove everything (lucky
all are files) except the one sub directory:

ExecStartPre=/usr/bin/find ${REPORTDIR} -mindepth 1 -type f -delete

>
>
> ___
> systemd-devel mailing list
> systemd-devel@lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
>



-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] empty a directory in service file as ExecStartPre

2016-01-02 Thread arnaud gaboury
I can't manage to empty a directory as a Exec in a service file. Here is part:

---
[Service]
User=postgres
Environment=REPORTDIR=/storage/psqlReport
ExecStartPre=/usr/bin/rm -f ${REPORTDIR}/*
ExecStart=MyCommand

--

$ journalctl -xe -l
---
-- Unit pgcluu_collectd.service has begun starting up.
Jan 02 12:34:02 poppy pgcluu_collectd[21593]: *** pgcluu_collectd v2.4
(pid:21593) started at Sat Jan  2 12:34:02 2016
Jan 02 12:34:02 poppy pgcluu_collectd[21593]: Type Ctrl+c to quit.
Jan 02 12:34:02 poppy pgcluu[21594]: FATAL: output directory
/storage/psqlReport is not empty. at /usr/bin/pgcluu line 1033.
Jan 02 12:34:02 poppy systemd[1]: pgcluu_collectd.service: Control
process exited, code=exited status=2
-

Running manually the rm command as user postgres empty the directory,
but when in service file, the directory is still full. I see it as
ExecStart=MyCommand complains the directory is full and service exits
with an error.
User postgres has of course rw access to directory content.
No any kind of interactive prompt when running rm.
If I start the service with an empty /storage/psqlReport, service success.

What am I missing? Is there a better way to empty the directory before
running my command ? The service will be timered, so can't empty
manually.

Thank you for help.

-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] systemd nspawn container - download speed slow

2015-12-04 Thread arnaud gaboury
Here is my setup:

Arch host
Fedora 23 nspawn container
Network:
From host:
---

 % ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN
group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
   valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
   valid_lft forever preferred_lft forever
2: enp7s0:  mtu 1500 qdisc pfifo_fast
master br0 state UP group default qlen 1000
link/ether 14:da:e9:b5:7a:88 brd ff:ff:ff:ff:ff:ff
inet6 fe80::16da:e9ff:feb5:7a88/64 scope link
   valid_lft forever preferred_lft forever
3: br0:  mtu 1500 qdisc noqueue state
UP group default
link/ether b6:0c:00:22:f1:4a brd ff:ff:ff:ff:ff:ff
inet 192.168.1.87/24 brd 192.168.1.255 scope global br0
   valid_lft forever preferred_lft forever
inet6 fe80::b40c:ff:fe22:f14a/64 scope link
   valid_lft forever preferred_lft forever
4: vb-poppy@if2:  mtu 1500 qdisc
pfifo_fast master br0 state UP group default qlen 1000
link/ether 0e:9a:d7:18:a3:59 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::c9a:d7ff:fe18:a359/64 scope link
   valid_lft forever preferred_lft forever
--

I remark that download speed is much slower in container. Is it
normal? If not, how shall I deal with it?

Thank you for hints.


-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] modules in container

2015-11-08 Thread arnaud gaboury
On Sun, Nov 8, 2015 at 2:57 PM Richard Weinberger <
richard.weinber...@gmail.com> wrote:

> On Sun, Nov 8, 2015 at 1:17 PM, arnaud gaboury <arnaud.gabo...@gmail.com>
> wrote:
> > I am trying to understand how kernel modules are "passed" to nspawn
> container.
>
> A container must not load any module as the kernel is a shared resource.
>
So, why my container, and especially docker.service, is not aware of the
loaded modules from the host?



>
> --
> Thanks,
> //richard
>
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] modules in container

2015-11-08 Thread arnaud gaboury
I am trying to understand how kernel modules are "passed" to nspawn container.

My setup: Archlinux host, Fedora 23 container (function = server).

Example of what I would like to solve:

On container:

--
$ systemctl status docker -l

● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled;
vendor preset: disabled)
   Active: failed (Result: exit-code) since Sun 2015-11-08 10:44:27
CET; 2h 27min ago
 Docs: http://docs.docker.com
 Main PID: 1146 (code=exited, status=1/FAILURE)

Nov 08 10:44:27 poppy docker[1146]:
time="2015-11-08T10:44:27.846565995+01:00" level=warning msg="Docker
could not enable SELinux on the host system"
Nov 08 10:44:27 poppy docker[1146]:
time="2015-11-08T10:44:27.846925084+01:00" level=info msg="Option
DefaultDriver: bridge"
Nov 08 10:44:27 poppy docker[1146]:
time="2015-11-08T10:44:27.846948089+01:00" level=info msg="Option
DefaultNetwork: bridge"
Nov 08 10:44:27 poppy docker[1146]:
time="2015-11-08T10:44:27.848252833+01:00" level=warning msg="Running
modprobe bridge nf_nat br_netfilter failed with message: , error: exit
status 1"
Nov 08 10:44:27 poppy docker[1146]:
time="2015-11-08T10:44:27.852710572+01:00" level=info msg="Firewalld
running: true"
Nov 08 10:44:27 poppy docker[1146]:
time="2015-11-08T10:44:27.918262393+01:00" level=fatal msg="Error
starting daemon: Error initializing network controller: Error
initializing bridge driver: Setup IP forwarding failed: open
/proc/sys/net/ipv4/ip_forward: read-only file system"
Nov 08 10:44:27 poppy systemd[1]: docker.service: Main process exited,
code=exited, status=1/FAILURE
Nov 08 10:44:27 poppy systemd[1]: Failed to start Docker Application
Container Engine.


1- SELinux is disabled as the host distro is difficult to setup with
it, so it is OK
2- Running modprobe bridge nf_nat br_netfilter failed with message: ,
error: exit status 1"
These modules are indeed loaded on host. How can I make the container
aware of it?


Thank you for any pointers/help.

-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] upgrade a Fedora container 22 > 23

2015-11-07 Thread arnaud gaboury
For those of us who are wondering if this can be tricky, I just want
to testify you just have to follow Fedora instruction[1] and restart
the machine. No issues at all and Fedora will be upgraded to 23.

You need to wait a little bit (~ 5-10 mn) after you run
# dnf system-upgrade reboot
for the system to install the new downloaded packages.


Again, a warm thanks to the systemd team for this wonderful container
feature. Really awsome and easy to use.





[1]https://fedoramagazine.org/upgrading-from-fedora-22-to-fedora-23/

-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] Machinectl shell/login do not attach to console

2015-10-17 Thread arnaud gaboury
Honestly, I don't think your issue has to do with the container systemd version.

On my host, archlinux:  systemd 227-1
On my container, Fedora 22:  sysetemd 219

-
# machinectl login poppy
[sudo] password for gabx:
Connected to machine poppy. Press ^] three times within 1s to exit session.

Fedora release 22 (Twenty Two)
Kernel 4.2.2-1-hortensia on an x86_64 (pts/0)

poppy login:


It is working fine.

On Sat, Oct 17, 2015 at 11:09 AM, Lennart Poettering
 wrote:
> On Fri, 16.10.15 14:01, Chris Bell (cwb...@narmos.org) wrote:
>
>> On 2015-10-16 13:55, Chris Bell wrote:
>> >On 2015-10-14 15:58, Lennart Poettering wrote:
>> >>On Mon, 05.10.15 12:30, Chris Bell (cwb...@narmos.org) wrote:
>> >>
>> >>>Hi all,
>> >>>
>> >>>I have an Arch machine with systemd 226, running an Arch container,
>> >>>also
>> >>>with systemd 226. For whatever reason in 225, `machinectl login`
>> >>>stopped
>> >>>working correctly, and in 226 `machinectl login` does not work
>> >>>properly. It
>> >>>attaches to the machine, but does not seem to redirect stdin and
>> >>>stdout to
>> >>>the machine. When I attempt to use login, the login prompt is never
>> >>>printed
>> >>>to the command line:
>> >>
>> >>There were some races when machinectl was too fast and the systemd
>> >>inside the container too slow. This should be fixed in systemd git,
>> >>specifically commit 40e1f4ea7458a0a80eaf1ef356e52bfe0835412e and
>> >>related.
>> >
>> >I've recompiled from git, and the problem has, indeed, been solved! Thank
>> >you!
>>
>> Sorry, I was wrong. I was running 'machinectl shell' without a machine name,
>> and it spawned a shell for my host machine. Guest machine still cannot be
>> accessed with 'shell' or 'login' and stdin/out are still redirected to the
>> journal.
>>
>> I compiled commit 7a1e5abbc6e741e5b6995288c607522faa69c8b4 (Master) from the
>> github repo.
>
> You have to upgrade systemd, machined and nspawn in the container as
> well as on the host, and ensure you reexec all three of these
> components. Otherwise the fix has no effect.
>
> Lennart
>
> --
> Lennart Poettering, Red Hat
> ___
> systemd-devel mailing list
> systemd-devel@lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel



-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] Machinectl shell/login do not attach to console

2015-10-12 Thread arnaud gaboury
On Mon, Oct 5, 2015 at 2:30 PM, Chris Bell  wrote:
> Hi all,
>
> I have an Arch machine with systemd 226,
which arch version exactly? I had the same issue with 226. It is gone
with 226-3.
setup: Arch host running Fedora container.

running an Arch container, also
> with systemd 226. For whatever reason in 225, `machinectl login` stopped
> working correctly, and in 226 `machinectl login` does not work properly. It
> attaches to the machine, but does not seem to redirect stdin and stdout to
> the machine. When I attempt to use login, the login prompt is never printed
> to the command line:
>
> # machinectl login gitlab
> Connected to machine gitlab. Press ^] three times within 1s to exit session.
> <>^]^]
> Connection to machine gitlab terminated.
>
> And nothing of note is printed in the journal (relevant date is Oct 5,
> machine was last started on Sep 28):
>
> # systemctl status systemd-nspawn@gitlab.service
> ● systemd-nspawn@gitlab.service - Container gitlab
>Loaded: loaded (/usr/lib/systemd/system/systemd-nspawn@.service; enabled;
> vendor preset: disabled)
>   Drop-In: /etc/systemd/system/systemd-nspawn@gitlab.service.d
>└─override.conf
>Active: active (running) since Mon 2015-09-28 08:11:33 EDT; 1 weeks 0
> days ago
>  Docs: man:systemd-nspawn(1)
>  Main PID: 18746 (systemd-nspawn)
>Status: "Container running."
>Memory: 1010.7M
>   CPU: 37min 13.126s
>CGroup: /machine.slice/systemd-nspawn@gitlab.service
>├─18746 /usr/bin/systemd-nspawn --quiet --keep-unit --boot
> --link-journal=try-guest --network-bridge=br0 --machine=gitlab
>├─init.scope
>│ └─18753 /usr/lib/systemd/systemd
>└─system.slice
>  ├─gitlab-sidekiq.service
>  │ ├─18886 sh -c sidekiq -q post_receive -q mailer -q
> system_hook -q project_web_hook -q gitlab_shell -q common -q default -q
> archive_repo -e production -L /var/log/gitlab/sidekiq.log >>
> /var/log/gitlab/sidekiq.log 2>&1
>  │ └─18904 sidekiq 3.3.0 gitlab [0 of 25 busy]
>  ├─dbus.service
>  │ └─18789 /usr/bin/dbus-daemon --system --address=systemd:
> --nofork --nopidfile --systemd-activation
>  ├─redis.service
>  │ └─18797 /usr/bin/redis-server 127.0.0.1:6379
>  ├─postfix.service
>  │ ├─18881 /usr/lib/postfix/bin/master -w
>  │ ├─18883 qmgr -l -t unix -u
>  │ └─25044 pickup -l -t unix -u
>  ├─systemd-journald.service
>  │ └─18772 /usr/lib/systemd/systemd-journald
>  ├─gitlab-unicorn.service
>  │ ├─18887 unicorn_rails master -c
> /usr/share/webapps/gitlab/config/unicorn.rb -E production
>  │ ├─25086 unicorn_rails worker[1] -c
> /usr/share/webapps/gitlab/config/unicorn.rb -E production
>  │ ├─25184 unicorn_rails worker[2] -c
> /usr/share/webapps/gitlab/config/unicorn.rb -E production
>  │ └─25355 unicorn_rails worker[0] -c
> /usr/share/webapps/gitlab/config/unicorn.rb -E production
>  ├─systemd-logind.service
>  │ └─18788 /usr/lib/systemd/systemd-logind
>  ├─postgresql.service
>  │ ├─18815 /usr/bin/postgres -D /var/lib/postgres/data
>  │ ├─18854 postgres: checkpointer process
>  │ ├─18855 postgres: writer process
>  │ ├─18856 postgres: wal writer process
>  │ ├─18857 postgres: autovacuum launcher process
>  │ ├─18858 postgres: stats collector process
>  │ ├─18945 postgres: gitlab_db gitlabhq_production [local] idle
>  │ ├─21179 postgres: gitlab_db gitlabhq_production [local] idle
>  │ ├─25090 postgres: gitlab_db gitlabhq_production [local] idle
>  │ ├─25366 postgres: gitlab_db gitlabhq_production [local] idle
>  │ └─25382 postgres: gitlab_db gitlabhq_production [local] idle
>  └─console-getty.service
>└─19441 /sbin/agetty --noclear --keep-baud console 115200
> 38400 9600 vt220
>
> Sep 28 08:11:35 zombie.narmos.org systemd-nspawn[18746]: zombie login: [  OK
> ] Started PostgreSQL database server.
> Sep 28 08:11:35 zombie.narmos.org systemd-nspawn[18746]: [  OK  ] Started
> GitLab Sidekiq Worker.
> Sep 28 08:11:35 zombie.narmos.org systemd-nspawn[18746]: [  OK  ] Started
> GitLab Unicorn Server.
> Sep 28 08:11:35 zombie.narmos.org systemd-nspawn[18746]: [  OK  ] Reached
> target Multi-User System.
> Sep 28 08:11:36 zombie.narmos.org systemd-nspawn[18746]: Arch Linux
> 4.1.6-1-ARCH (console)
> Sep 28 08:12:38 zombie.narmos.org systemd-nspawn[18746]: gitlab login:
> Sep 28 08:12:38 zombie.narmos.org systemd-nspawn[18746]: Arch Linux
> 4.1.6-1-ARCH (console)
> Sep 28 08:12:38 zombie.narmos.org systemd-nspawn[18746]: gitlab login: The
> Zombie, brought to you by Arch Linux 4.1.6-1-ARCH (pts/0)
> Sep 28 08:12:55 zombie.narmos.org systemd-nspawn[18746]: zombie login:
> Sep 28 

[systemd-devel] machinectl shell

2015-10-04 Thread arnaud gaboury
First, thank you for this new feature. I do think this is a much more
clean way to log as root.

I just can't get the correct shell, which is /bin/zsh:

/etc/passwd
---
root:x:0:0:root:/root:/usr/bin/zsh
-

$ machinectl shell
brings me to sh.

Where (if possible) can I change this behavior?

Thank you.
-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] machinectl shell

2015-10-04 Thread arnaud gaboury
On Sun, Oct 4, 2015 at 11:34 AM, Tobias Hunger <tobias.hun...@gmail.com> wrote:
> Hi Arnaud,
>
> Am 04.10.2015 11:27 schrieb "arnaud gaboury" <arnaud.gabo...@gmail.com>:
>>
>> First, thank you for this new feature. I do think this is a much more
>> clean way to log as root.
>>
>> I just can't get the correct shell, which is /bin/zsh:
>>
>> /etc/passwd
>> ---
>> root:x:0:0:root:/root:/usr/bin/zsh
>> -
>
> Is this from the container or the host?

On the host. I just want to use this command instead of $ su
In fact, it is like machinectl is not aware of the original $SHELL
variable, as writen in /etc/password. Surprisngly, every all env
variables are correctly set .Thus my idea to write it somewhere.

>
>> $ machinectl shell
>> brings me to sh.
>
> When I set the root shell in /etc/passwd of the container, then that works
> for me most of the time. "Most of the time" since bigger shells seem to
> sometimes run into a timeout and then I only get an error message and no
> shell. Re-running machinectl shell helps when that happens.
>
> Best Regards,
> Tobias



-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] machinectl shell

2015-10-04 Thread arnaud gaboury
On Sun, Oct 4, 2015 at 11:49 AM, Tomasz Torcz <to...@pipebreaker.pl> wrote:
> On Sun, Oct 04, 2015 at 11:27:20AM +0200, arnaud gaboury wrote:
>> First, thank you for this new feature. I do think this is a much more
>> clean way to log as root.
>>
>> I just can't get the correct shell, which is /bin/zsh:
>>
>> /etc/passwd
>> ---
>> root:x:0:0:root:/root:/usr/bin/zsh
>> -
>>
>> $ machinectl shell
>> brings me to sh.
>
>   This is https://github.com/systemd/systemd/issues/1395

I see. Thank you

>
> --
> Tomasz Torcz   ,,(...) today's high-end is tomorrow's embedded 
> processor.''
> xmpp: zdzich...@chrome.pl  -- Mitchell Blank on LKML
>
> ___
> systemd-devel mailing list
> systemd-devel@lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel



-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] /etc/dbus-1/session-local.conf

2015-10-04 Thread arnaud gaboury
As I am trying to improve my knowledges in how dbus work, I discovered
this file in /etc/dbus-1/session-local.conf


  unix:path=/run/user/1000/dbus/user_bus_socket

--

I Can't remember editing it, but I must have done it.

I understand it overrides settings in /usr/share/dbus-1/session.conf

In my case, it is correct as my session dbus socket is indeed in the
above path, thus override
unix:tmpdir=/tmp in /usr/share/dbus-1/session.conf.

Now I am wondering this: I am user 1000 and almost the only one user
of the machine. But what if another user log in? In this case, the
path will be somewhere else.
Does this file recognize environment varaibles like  ${XDG_RUNTIME_DIR } ?

Thank you for tips.
-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] Multi seats setup How-to

2015-09-06 Thread arnaud gaboury
On Sun, Sep 6, 2015 at 3:36 PM, Lennart Poettering
<lenn...@poettering.net> wrote:
> On Sun, 06.09.15 13:14, arnaud gaboury (arnaud.gabo...@gmail.com) wrote:
>
>> On Sun, Sep 6, 2015 at 1:08 PM, Lennart Poettering
>> <lenn...@poettering.net> wrote:
>> > On Sun, 06.09.15 13:01, arnaud gaboury (arnaud.gabo...@gmail.com) wrote:
>> >
>> >> On Sun, Sep 6, 2015 at 12:53 PM, Lennart Poettering
>> >> <lenn...@poettering.net> wrote:
>> >> > On Thu, 03.09.15 13:26, arnaud gaboury (arnaud.gabo...@gmail.com) wrote:
>> >> >
>> >> >> I plan to use the systemd mutli-seat features, but I am not sure at
>> >> >> all how I must proceed and in waht order. I understand the main
>> >> >> principle for mouse and keyboard: detect the device then
>> >> >> $ loginctl attach seatNumber DevicePath
>> >> >> As for the graphic card, I am lost.
>> >> >>
>> >> >> OS: Fedora 22
>> >> >> gdm
>> >> >> 1 nvidia card
>> >> >> 1 USB3 plugable dockin station for the second monitor
>> >> >
>> >> > I presume this hardware is not marked for "auto seat" yet, using
>> >> > udev's ID_AUTO_SEAT property. If you let me know USB product and
>> >> > vendor id of this device (as reported by lsusb in hex) I'll add it to
>> >> > the default rules files. If that's done then just plugging in the
>> >> > device will make it a new seat, without any configuration.
>> >>
>> >>
>> >> Bus 002 Device 005: ID 17e9:4323 DisplayLink
>> >
>> > The docking station probably is an USB hub with the displaylink device
>> > connected to it. the vendor/product ID i am interested in is the id of
>> > that hub, i.e. the top-level device in the docking station device.
>>
>> If it can help, here is the udev rule and service shipped with the rpm:
>>
>> displaylink.service
>> ---
>> [Unit]
>> Description=DisplayLink Manager Service
>> After=display-manager.service
>> Conflicts=getty@tty7.service
>>
>> [Service]
>> ExecStartPre=/sbin/modprobe evdi
>> ExecStart=/usr/lib/displaylink/DisplayLinkManager
>> Restart=always
>> WorkingDirectory=/usr/lib/displaylink
>> RestartSec=5
>> 
>>
>> /etc/udev/rules.d/99-displaylink.rules
>> ACTION=="add", SUBSYSTEM=="usb", ENV{ID_VENDOR}=="DisplayLink",
>> MODE="0660", RUN+="/bin/systemctl start displaylink.service"
>> ACTION=="remove", SUBSYSTEM=="usb", ENV{ID_VENDOR}=="DisplayLink",
>> RUN+="/bin/systemctl stop displaylink.service"
>
> That's awfully generic...
>
> I'd really just be interested in vendor/product ids if the usb hub
> that is built into your docking station, where the display link is
> connected to.
>
> If in doubt, please run "lsusb" once before you plug in the device,
> and once after you plug it in, and let me know the difference: all the
> lines that appeared in the output by plugging it in.

unplu/plug, diff of $ lsusb

Bus 002 Device 005: ID 17e9:4323 DisplayLink
Bus 002 Device 004: ID 2109:8110 VIA Labs, Inc. Hub
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 008: ID 1a40:0101 Terminus Technology Inc. Hub
Bus 001 Device 007: ID 2109:2811 VIA Labs, Inc. Hub


>
> Thanks,
>
> Lennart
>
> --
> Lennart Poettering, Red Hat



-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] Multi seats setup How-to

2015-09-06 Thread arnaud gaboury
On Sun, Sep 6, 2015 at 4:19 PM, Lennart Poettering
<lenn...@poettering.net> wrote:
> On Sun, 06.09.15 16:02, arnaud gaboury (arnaud.gabo...@gmail.com) wrote:
>
>> > That's awfully generic...
>> >
>> > I'd really just be interested in vendor/product ids if the usb hub
>> > that is built into your docking station, where the display link is
>> > connected to.
>> >
>> > If in doubt, please run "lsusb" once before you plug in the device,
>> > and once after you plug it in, and let me know the difference: all the
>> > lines that appeared in the output by plugging it in.
>>
>> unplu/plug, diff of $ lsusb
>>
>> Bus 002 Device 005: ID 17e9:4323 DisplayLink
>> Bus 002 Device 004: ID 2109:8110 VIA Labs, Inc. Hub
>> Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
>> Bus 001 Device 008: ID 1a40:0101 Terminus Technology Inc. Hub
>> Bus 001 Device 007: ID 2109:2811 VIA Labs, Inc. Hub
>
> Ah, hmm, interesting. Which device is this precisely? Have an amazon
> link or so? The output above suggests the device is not nicely
> recognizable unfortunately.

amazon[0]
>
> Could you redo the output, and do this with "lsusb -v" this time? That
> shows more information about the USB descriptor of the device.


Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Couldn't open device, some information will be missing
Device Descriptor:
  bLength18
  bDescriptorType 1
  bcdUSB   3.00
  bDeviceClass9 Hub
  bDeviceSubClass 0 Unused
  bDeviceProtocol 3
  bMaxPacketSize0 9
  idVendor   0x1d6b Linux Foundation
  idProduct  0x0003 3.0 root hub
  bcdDevice4.01
  iManufacturer   3
  iProduct2
  iSerial 1
  bNumConfigurations  1
  Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength   31
bNumInterfaces  1
bConfigurationValue 1
iConfiguration  0
bmAttributes 0xe0
  Self Powered
  Remote Wakeup
MaxPower0mA
Interface Descriptor:
  bLength 9
  bDescriptorType 4
  bInterfaceNumber0
  bAlternateSetting   0
  bNumEndpoints   1
  bInterfaceClass 9 Hub
  bInterfaceSubClass  0 Unused
  bInterfaceProtocol  0 Full speed (or root) hub
  iInterface  0
  Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x81  EP 1 IN
bmAttributes3
  Transfer TypeInterrupt
  Synch Type   None
  Usage Type   Data
wMaxPacketSize 0x0004  1x 4 bytes
bInterval  12
bMaxBurst

-

Bus 002 Device 009: ID 17e9:4323 DisplayLink
Device Descriptor:
  bLength18
  bDescriptorType 1
  bcdUSB   3.00
  bDeviceClass  239 Miscellaneous Device
  bDeviceSubClass 2 ?
  bDeviceProtocol 1 Interface Association
  bMaxPacketSize0 9
  idVendor   0x17e9 DisplayLink
  idProduct  0x4323
  bcdDevice1.00
  iManufacturer   1
  iProduct2
  iSerial 3
  bNumConfigurations  1
  Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength  627
bNumInterfaces  7
bConfigurationValue 1
iConfiguration  0
bmAttributes 0xe0
  Self Powered
  Remote Wakeup
MaxPower2mA
Interface Descriptor:
  bLength 9
  bDescriptorType 4
  bInterfaceNumber0
  bAlternateSetting   0
  bNumEndpoints   4
  bInterfaceClass   255 Vendor Specific Class
  bInterfaceSubClass  0
  bInterfaceProtocol  3
  iInterface  0
  ** UNRECOGNIZED:  0c 5f 01 00 0a 00 04 04 01 00 04 00
  Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x02  EP 2 OUT
bmAttributes2
  Transfer TypeBulk
  Synch Type   None
  Usage Type   Data
wMaxPacketSize 0x0400  1x 1024 bytes
bInterval   0
bMaxBurst   0
  Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x08  EP 8 OUT
bmAttributes2
  Transfer TypeBulk
  Synch Type   None
  Usage T

Re: [systemd-devel] Multi seats setup How-to

2015-09-06 Thread arnaud gaboury
On Sun, Sep 6, 2015 at 1:08 PM, Lennart Poettering
<lenn...@poettering.net> wrote:
> On Sun, 06.09.15 13:01, arnaud gaboury (arnaud.gabo...@gmail.com) wrote:
>
>> On Sun, Sep 6, 2015 at 12:53 PM, Lennart Poettering
>> <lenn...@poettering.net> wrote:
>> > On Thu, 03.09.15 13:26, arnaud gaboury (arnaud.gabo...@gmail.com) wrote:
>> >
>> >> I plan to use the systemd mutli-seat features, but I am not sure at
>> >> all how I must proceed and in waht order. I understand the main
>> >> principle for mouse and keyboard: detect the device then
>> >> $ loginctl attach seatNumber DevicePath
>> >> As for the graphic card, I am lost.
>> >>
>> >> OS: Fedora 22
>> >> gdm
>> >> 1 nvidia card
>> >> 1 USB3 plugable dockin station for the second monitor
>> >
>> > I presume this hardware is not marked for "auto seat" yet, using
>> > udev's ID_AUTO_SEAT property. If you let me know USB product and
>> > vendor id of this device (as reported by lsusb in hex) I'll add it to
>> > the default rules files. If that's done then just plugging in the
>> > device will make it a new seat, without any configuration.
>>
>>
>> Bus 002 Device 005: ID 17e9:4323 DisplayLink
>
> The docking station probably is an USB hub with the displaylink device
> connected to it. the vendor/product ID i am interested in is the id of
> that hub, i.e. the top-level device in the docking station device.

If it can help, here is the udev rule and service shipped with the rpm:

displaylink.service
---
[Unit]
Description=DisplayLink Manager Service
After=display-manager.service
Conflicts=getty@tty7.service

[Service]
ExecStartPre=/sbin/modprobe evdi
ExecStart=/usr/lib/displaylink/DisplayLinkManager
Restart=always
WorkingDirectory=/usr/lib/displaylink
RestartSec=5


/etc/udev/rules.d/99-displaylink.rules
ACTION=="add", SUBSYSTEM=="usb", ENV{ID_VENDOR}=="DisplayLink",
MODE="0660", RUN+="/bin/systemctl start displaylink.service"
ACTION=="remove", SUBSYSTEM=="usb", ENV{ID_VENDOR}=="DisplayLink",
RUN+="/bin/systemctl stop displaylink.service"

I don't have right now acsess to the box. Will post $ lsusb output later
>
> Lennart
>
> --
> Lennart Poettering, Red Hat



-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] Multi seats setup How-to

2015-09-06 Thread arnaud gaboury
On Sun, Sep 6, 2015 at 12:53 PM, Lennart Poettering
<lenn...@poettering.net> wrote:
> On Thu, 03.09.15 13:26, arnaud gaboury (arnaud.gabo...@gmail.com) wrote:
>
>> I plan to use the systemd mutli-seat features, but I am not sure at
>> all how I must proceed and in waht order. I understand the main
>> principle for mouse and keyboard: detect the device then
>> $ loginctl attach seatNumber DevicePath
>> As for the graphic card, I am lost.
>>
>> OS: Fedora 22
>> gdm
>> 1 nvidia card
>> 1 USB3 plugable dockin station for the second monitor
>
> I presume this hardware is not marked for "auto seat" yet, using
> udev's ID_AUTO_SEAT property. If you let me know USB product and
> vendor id of this device (as reported by lsusb in hex) I'll add it to
> the default rules files. If that's done then just plugging in the
> device will make it a new seat, without any configuration.


Bus 002 Device 005: ID 17e9:4323 DisplayLink

I installed a .rpm package proposed in this Fedora forum thread[0], as
there was no Linux driver for the USB3 plugable dockin station[1]
>
>> Nvidia driver (I would like to avoid using Nouveau if possible).
>
> Well, the closed source nvidia driver won't work out of the box. Only
> the DRM driver is supported nicely with logind, as it exposes proper
> DRM APIs.
>
> Lennart
>
> --
> Lennart Poettering, Red Hat

[0]http://www.displaylink.org/forum/showthread.php?t=64026
[1]http://www.amazon.com/gp/product/B00ECDM78E?redirect=true_=cm_cr_ryp_prd_ttl_sol_0

-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] Multi seats setup How-to

2015-09-06 Thread arnaud gaboury
On Sun, Sep 6, 2015 at 6:53 PM, Lennart Poettering
<lenn...@poettering.net> wrote:
> On Sun, 06.09.15 18:24, arnaud gaboury (arnaud.gabo...@gmail.com) wrote:
>
>> On Sun, Sep 6, 2015 at 5:22 PM, Lennart Poettering
>> <lenn...@poettering.net> wrote:
>> > On Sun, 06.09.15 16:31, arnaud gaboury (arnaud.gabo...@gmail.com) wrote:
>> >
>> > I fear this newer Plugable device is not as carefully designed as the
>> > older ones, and uses non-recognizable vendor/product  ids... Thus we
>> > cannot really add an ID_AUTO_SEAT rule from upstream for it. Pity.
>>
>> I am afraid you are right. I have tried all kind of possibilities and
>> with nouveau driver. All tests point to the creation of seat but left
>> me with a black screen for monitor of seat1.
>
> Hmm? the ID_AUTO_SEAT stuff is just sugar on top, to make sure that
> the multiseat hw just works, without requiring any configuration.

Yes, I understood that and try to configure by hand
>
> Without it it just means you have to manually assign devices to a
> seat, that's all.

$ loginctl attache ...
That's what I tried
>
> Nouveau is a driver for PCI hardware, not for the usb displaylink.
So good, I booted back to Nvidia driver and blacklisted nouveau.
>
> Before thinking of putting together seats, try to make the displaylink
> hw work at all, so that you get something on screen.

Yes I will

 How to do that is
> out of scope for systemd I fear though, can't help you much with that.
>
> In general: systemd just keeps a database of what hw belongs to which
> seat, that's all. Drivers and access to the devices are done in the
> kernel and X11, and systemd has nothing to do with that really.

Looking at this thread[0], it seems the udev rules I use is not good.
I decompressed the Ubuntu package[1] to see how I can modify the rule.

[0]http://support.displaylink.com/forums/287786-displaylink-feature-suggestions/suggestions/7988955-support-linux-on-all-your-devices?page=1_page=20
[1]http://support.displaylink.com/knowledgebase/articles/683482
>
> Lennart
>
> --
> Lennart Poettering, Red Hat



-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] Multi seats setup How-to

2015-09-06 Thread arnaud gaboury
On Sun, Sep 6, 2015 at 5:22 PM, Lennart Poettering
<lenn...@poettering.net> wrote:
> On Sun, 06.09.15 16:31, arnaud gaboury (arnaud.gabo...@gmail.com) wrote:
>
> I fear this newer Plugable device is not as carefully designed as the
> older ones, and uses non-recognizable vendor/product  ids... Thus we
> cannot really add an ID_AUTO_SEAT rule from upstream for it. Pity.

I am afraid you are right. I have tried all kind of possibilities and
with nouveau driver. All tests point to the creation of seat but left
me with a black screen for monitor of seat1.

The Fedora box is not at hand ans can't play with udev rules.

Thank you for your help, as usual.

>
> Lennart
>
> --
> Lennart Poettering, Red Hat



-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] containers

2015-09-06 Thread arnaud gaboury
On Sun, Sep 6, 2015 at 6:00 PM, Lennart Poettering
 wrote:
> On Sun, 06.09.15 17:49, Michał Zegan (webczat_...@poczta.onet.pl) wrote:
>
>> Hello.
>>
>> Is systemd-nspawn intended to eventually become usable for full system
>> containers/general use with enough security to run things like vps hosting?
>> How much is missing to be able to do that, or maybe it already can? Like you
>> have user namespaces support that probably adds more security in addition to
>> other namespaces, not sure though.
>
> Well, Linux containers are currently not a security technology, and
> you really shouldn't mistake them for one.
>
> But yes, we'll close the biggest holes as we can, and the intention is
> certainly to make it hard to escape containers.
>
> nspawn supports user namespaces, but I don't think they are
> practically usable, since there's no logic for automatically
> allocating user id ranges, and file systems have to be altered to make
> them compatible with user namespacing. We'd like to improve the
> situation there, but this requires more kernel work.
>
> The focus with nspawn is indeed on full system containers
> (i.e. containers running an init system in them), and explicitly not
> so much "micro service" virtualization a la docker.
>
> To dogfood myself I run my own dedicated server in an nspawn-based
> solution, and I am pretty happy with it.

Same here with a Fedora 22 server. Lots of web services/web apps
runing very fine and quickly.
>
> Note that nspawn + machined is not supposed to be a complete
> deployment solution, it focuses on the execution runtime of the
> container locally and it does not and will not do orchestration of
> containers across a whole cluster, or update/lifecycle management. Use
> rkt (which builds on nspawn) for that.
>
> Lennart
>
> --
> Lennart Poettering, Red Hat
> ___
> systemd-devel mailing list
> systemd-devel@lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel



-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] Multi seats setup How-to

2015-09-05 Thread arnaud gaboury
On Fri, Sep 4, 2015 at 9:36 PM, Floris  wrote:
>
>> I can't create a new seat1, no idea why.
>>
>> Here is my current configuration:
>>
>> -nvidia card + nvidia driver + nouveau blacklisted
>> - USB 3 dock station with displaylink driver + systemd service
>> - gdm
>> - systemd 219
>>
>>
>> ---
>> $ loginctl seat-status
>> Sessions: *1 c1
>>  Devices:
>>
>>
>> ├─/sys/devices/pci:00/:00:01.0/:01:00.0/drm/card0
>>   │ drm:card0
>>
>> ├─/sys/devices/pci:00/:00:01.0/:01:00.0/drm/renderD128
>>   │ drm:renderD128
>>
>> ├─/sys/devices/pci:00/:00:01.0/:01:00.0/graphics/fb0
>>   │ [MASTER] graphics:fb0 "nouveaufb"
>
>
> there is still some nouveau on your system, but if this belongs to seat0
> this isn't a problem for now.

Unfortunately, I didn't care at first which nvidia driver was
installed by default in Fedora22. And of course, nouveau was the one
indeed.
So I installed nvidia driver and blacklisted nouveau.
>
>>
>> 
>>   ├─/sys/devices/platform/evdi.0/graphics/fb1
>>   │ [MASTER] graphics:fb1 "evdidrmfb" [*]
>
>
>
>>   ├─/sys/devices/platform/evdi.1/drm/card2
>>   │ drm:card2
>>   ├─/sys/devices/platform/evdi.1/graphics/fb2
>>   │ [MASTER] graphics:fb2 "evdidrmfb" [*]
>
>
> [*] attach these two also to seat1, or maybe seat1 and seat2. Your the usb3
> displaylink has two monitor outputs, so you can create three seats ;-)

After nvidia driver was intalled:

 # loginctl attach seat1 /sys/devices/platform/evdi.0/graphics/fb1
# systemctl restart systemd-udev-trigger.service
$  loginctl list-seats

SEAT
seat0
seat1

2 seats listed. AT LEAST

Thank you for your help and advices.

>
>>   ├─/sys/devices/virtual/misc/kvm
>>   │ misc:kvm
>>   └─/sys/devices/virtual/misc/rfkill
>> misc:rfkill
>>
>> -
>>
>> # loginctl attach seat1 /sys/devices/platform/evdi.1/drm/card2
>> then same for usb devices
>>
>>
>> $ ls /etc/udev/rules.d
>> 72-seat-drm-platform-evdi_0.rules
>> 72-seat-drm-platform-evdi_1.rules
>> 72-seat-input-pci-_00_14_0-usb-0_10_4_1_1_1.rules
>> 72-seat-input-pci-_00_14_0-usb-0_10_4_2_1_2.rules
>> 72-seat-usb-pci-_00_14_0.rules
>> 72-seat-usb-pci-_00_14_0-usb-0_10_4.rules
>> 99-displaylink.rules
>
>
>
>> 99-nvidia_seats.rules

I cleaned the /etc/udev/rules.d directory.
>
>
> If your nvidia card is only for seat0, you can remove this rule.
> (everything without a rule belongs to seat0)
>
>
>>
>> NB: All the 72-seat* have been created when I run $ loginctl attache
>> seat1 MyDevice
>>
>> 
>> $ udevadmn info /sys/devices/platform/evdi.1/drm/card2
>>
>> P: /devices/platform/evdi.1/drm/card2
>> N: dri/card2
>> E: DEVNAME=/dev/dri/card2
>> E: DEVPATH=/devices/platform/evdi.1/drm/card2
>> E: DEVTYPE=drm_minor
>> E: ID_FOR_SEAT=drm-platform-evdi_1
>> E: ID_PATH=platform-evdi.1
>> E: ID_PATH_TAG=platform-evdi_1
>> E: ID_SEAT=seat1
>> E: MAJOR=226
>> E: MINOR=2
>> E: SUBSYSTEM=drm
>> E: TAGS=:seat:seat1:uaccess:
>> E: USEC_INITIALIZED=160111782
>> 
>>
>> $ cat /etc/udev/rules.d/99-displaylink.rules
>>  (shipped with the displaylink .rmp driver)
>> ---
>> ACTION=="add", SUBSYSTEM=="usb", ENV{ID_VENDOR}=="DisplayLink",
>> MODE="0660", RUN+="/bin/systemctl start displaylink.service"
>> ACTION=="remove", SUBSYSTEM=="usb", ENV{ID_VENDOR}=="DisplayLink",
>> RUN+="/bin/systemctl stop displaylink.service"
>> --
>>
>> $ cat /etc/udev/rules.d/99-nvidia_seats.rules
>> --
>> # provide a suitable udev rule to tag your NVIDIA card as "master-of-seat"
>>   SUBSYSTEM=="drm", KERNEL=="card[0-9]*", ATTRS{vendor}=="0x10de",
>> DRIVERS=="nvidia", TAG+="master-of-seat"
>>
>>   SUBSYSTEM=="pci", ATTRS{vendor}=="0x10de", DRIVER=="nvidia",
>> TAG+="seat", TAG+="master-of-seat"
>> 
>>
>> cat /etc/udev/rules.d/72-seat-drm-platform-evdi_1.rules
>> ---
>> TAG=="seat", ENV{ID_FOR_SEAT}=="drm-platform-evdi_1", ENV{ID_SEAT}="seat1"
>> -
>>
>> cat
>> /etc/udev/rules.d/72-seat-input-pci-_00_14_0-usb-0_10_4_1_1_1.rules
>> --
>>
>> TAG=="seat", ENV{ID_FOR_SEAT}=="input-pci-_00_14_0-usb-0_10_4_1_1_1",
>> ENV{ID_SEAT}="seat1"
>> ---
>>
>>
>>
>> # systemctl restart 

Re: [systemd-devel] Multi seats setup How-to

2015-09-04 Thread arnaud gaboury
On Thu, Sep 3, 2015 at 5:06 PM, arnaud gaboury <arnaud.gabo...@gmail.com> wrote:
>
> On Thu, Sep 3, 2015, 3:46 PM Floris <jkflo...@dds.nl> wrote:
>
>>
>> I was missing one piece of the puzzle. My USB dock station is
>> Plugable® UD-3900 USB 3.0
>>
>> 
>> 1-
>> I had to install the kernel driver for it, following instructions per
>> this displaylink forum[0]. Once the .rpm package installed, I could
>> verify:
>> $ lsmod | grep evdi
>>
>> evdi   36864  0
>> drm_kms_helper122880  2 evdi,nouveau
>> drm   331776  10 ttm,evdi,drm_kms_helper,nouveau
>>
>>
>> # ll /lib/modules/$(uname -r)/extra/evdi.ko
>> -rw-r--r--. 1 root root 63072  3 sept. 14:29
>> /lib/modules/4.1.6-200.fc22.x86_64/extra/evdi.ko
>>
>> 
>> 2-
>> Now $ loginctl seat-status seat0 returns something more interesting:
>>
>>   ├─/sys/devices/platform/evdi.0/drm/card1
>>   │ drm:card1
>>
>> So I guess now I have indeed two cards.
>>
>
> Lets make things clear. The usb dock will be your second seat. I think
> the next steps will be enough:
>
> loginctl attach seat1 /sys/devices/platform/evdi.0/drm/card1
> loginctl attach seat1 /the path to the usb3 hub
>
> everything you didn't attach with loginctl or with an udev rule will
> be part of seat0. So if your nvidia card is for seat0 you don't have
> to write a rule for it.
>
> Ok. So it would be indeed much simpler than first thought.

x
I can't create a new seat1, no idea why.

Here is my current configuration:

-nvidia card + nvidia driver + nouveau blacklisted
- USB 3 dock station with displaylink driver + systemd service
- gdm
- systemd 219

---
$ loginctl seat-status
Sessions: *1 c1
 Devices:

  ├─/sys/devices/pci:00/:00:01.0/:01:00.0/drm/card0
  │ drm:card0

├─/sys/devices/pci:00/:00:01.0/:01:00.0/drm/renderD128
  │ drm:renderD128

├─/sys/devices/pci:00/:00:01.0/:01:00.0/graphics/fb0
  │ [MASTER] graphics:fb0 "nouveaufb"

  ├─/sys/devices/platform/evdi.0/graphics/fb1
  │ [MASTER] graphics:fb1 "evdidrmfb"
  ├─/sys/devices/platform/evdi.1/drm/card2
  │ drm:card2
  ├─/sys/devices/platform/evdi.1/graphics/fb2
  │ [MASTER] graphics:fb2 "evdidrmfb"
  ├─/sys/devices/virtual/misc/kvm
  │ misc:kvm
  └─/sys/devices/virtual/misc/rfkill
misc:rfkill
-

# loginctl attach seat1 /sys/devices/platform/evdi.1/drm/card2
then same for usb devices


$ ls /etc/udev/rules.d
72-seat-drm-platform-evdi_0.rules
72-seat-drm-platform-evdi_1.rules
72-seat-input-pci-_00_14_0-usb-0_10_4_1_1_1.rules
72-seat-input-pci-_00_14_0-usb-0_10_4_2_1_2.rules
72-seat-usb-pci-_00_14_0.rules
72-seat-usb-pci-_00_14_0-usb-0_10_4.rules
99-displaylink.rules
99-nvidia_seats.rules

NB: All the 72-seat* have been created when I run $ loginctl attache
seat1 MyDevice


$ udevadmn info /sys/devices/platform/evdi.1/drm/card2

P: /devices/platform/evdi.1/drm/card2
N: dri/card2
E: DEVNAME=/dev/dri/card2
E: DEVPATH=/devices/platform/evdi.1/drm/card2
E: DEVTYPE=drm_minor
E: ID_FOR_SEAT=drm-platform-evdi_1
E: ID_PATH=platform-evdi.1
E: ID_PATH_TAG=platform-evdi_1
E: ID_SEAT=seat1
E: MAJOR=226
E: MINOR=2
E: SUBSYSTEM=drm
E: TAGS=:seat:seat1:uaccess:
E: USEC_INITIALIZED=160111782


$ cat /etc/udev/rules.d/99-displaylink.rules
 (shipped with the displaylink .rmp driver)
---
ACTION=="add", SUBSYSTEM=="usb", ENV{ID_VENDOR}=="DisplayLink",
MODE="0660", RUN+="/bin/systemctl start displaylink.service"
ACTION=="remove", SUBSYSTEM=="usb", ENV{ID_VENDOR}=="DisplayLink",
RUN+="/bin/systemctl stop displaylink.service"
--

$ cat /etc/udev/rules.d/99-nvidia_seats.rules
--
# provide a suitable udev rule to tag your NVIDIA card as "master-of-seat"
  SUBSYSTEM=="drm", KERNEL=="card[0-9]*", ATTRS{vendor}=="0x10de

Re: [systemd-devel] Multi seats setup How-to

2015-09-03 Thread arnaud gaboury
On Thu, Sep 3, 2015, 3:46 PM Floris  wrote:

>
> I was missing one piece of the puzzle. My USB dock station is
> Plugable® UD-3900 USB 3.0
>
> 
> 1-
> I had to install the kernel driver for it, following instructions per
> this displaylink forum[0]. Once the .rpm package installed, I could
> verify:
> $ lsmod | grep evdi
>
> evdi   36864  0
> drm_kms_helper122880  2 evdi,nouveau
> drm   331776  10 ttm,evdi,drm_kms_helper,nouveau
>
>
> # ll /lib/modules/$(uname -r)/extra/evdi.ko
> -rw-r--r--. 1 root root 63072  3 sept. 14:29
> /lib/modules/4.1.6-200.fc22.x86_64/extra/evdi.ko
>
> 
> 2-
> Now $ loginctl seat-status seat0 returns something more interesting:
>
>   ├─/sys/devices/platform/evdi.0/drm/card1
>   │ drm:card1
>
> So I guess now I have indeed two cards.
>

Lets make things clear. The usb dock will be your second seat. I think
the next steps will be enough:

loginctl attach seat1 /sys/devices/platform/evdi.0/drm/card1
loginctl attach seat1 /the path to the usb3 hub

everything you didn't attach with loginctl or with an udev rule will
be part of seat0. So if your nvidia card is for seat0 you don't have
to write a rule for it.

Ok. So it would be indeed much simpler than first thought.

Will try this later when I will get hand on the Fedora box.
Thank you so much for your clarifications.

success,

floris
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] Multi seats

2015-09-03 Thread arnaud gaboury
On Fri, Aug 28, 2015 at 1:50 PM, Laércio de Sousa <
laercioso...@sme-mogidascruzes.sp.gov.br> wrote:

> You're right. If you use GNOME, GDM is ready for you. In any other case,
> use LightDM >= 1.12. Automatic multi-seat support for SDDM (used by KDE and
> LXQt) is still WIP.
>
> 2015-08-28 8:42 GMT-03:00 arnaud gaboury <arnaud.gabo...@gmail.com>:
>
>> On Fri, Aug 28, 2015 at 1:37 PM, Laércio de Sousa
>> <laercioso...@sme-mogidascruzes.sp.gov.br> wrote:
>> > Hi Arnaud!
>> >
>> > I've been researching systemd-based multi-seat setups with non-KMS video
>> > drivers for a couple of years.
>> >
>> > In principle, yes, you can set up a multi-seat system with proprietary
>> > NVIDIA drivers, provided you:
>> >
>> > * provide a suitable udev rule to tag your NVIDIA card as
>> "master-of-seat"
>> > (they are tagged by default if using Nouveau drivers). Examples:
>> >
>> > SUBSYSTEM=="drm", KERNEL=="card[0-9]*", ATTRS{vendor}=="0x10de",
>> > DRIVERS=="nvidia", TAG+="master-of-seat"
>> >
>> > SUBSYSTEM=="pci", ATTRS{vendor}=="0x10de", DRIVER=="nvidia",
>> > TAG+="seat", TAG+="master-of-seat"
>> >
>> > * Have xorg-server 1.16 or newer installed
>> >
>> > * Provide a suitable xorg.conf for your NVIDIA card, not forgetting to
>> put
>> > MatchSeat entries in Device/Screen/ServerLayout sections.
>>
>
Any hint/pointer about this configuration?
TY


> >
>> > * Have LightDM 1.12 or newer installed (if you don't use GNOME)
>>
>> In fact I was wrong in my presentation. Login window is now managed by
>> GDM in Fedora 22, not Lightdm. I guess I do not need to install and
>> log with Lightdm, am I right?
>> >
>> > Att.
>> >
>> > 2015-08-28 7:58 GMT-03:00 arnaud gaboury <arnaud.gabo...@gmail.com>:
>> >>
>> >> One year ago, I tried to setup multi seats, see this thread[0]. By
>> >> that time, I gave up as my configuration was not made for such a
>> >> fetaure.
>> >> Now I am back with all the needed tools to do it easily (I think so):
>> >> - Fedora 22
>> >> - lightdm & GDM
>> >> - an USB 3 plugable dockin station
>> >>
>> >> As good how-to on this topic are few, I wonder a few things:
>> >> - is the proprietary Nvidia driver Ok or shall I indeed use Nouveau
>> >> (my card is Nvidia one)?
>> >> - are the lightdm/Xorg setup configuring accordingly or shall I edit
>> >> manually the conf files?
>> >>
>> >> I understand the whole principle to $ loginctl attach seatNumber
>> >> /device/apth.
>> >>
>> >> Thank you for a few hints.
>> >>
>> >>
>> >>
>> >> [0]
>> http://lists.freedesktop.org/archives/systemd-devel/2014-August/022403.html
>> >>
>> >> --
>> >>
>> >> google.com/+arnaudgabourygabx
>> >> ___
>> >> systemd-devel mailing list
>> >> systemd-devel@lists.freedesktop.org
>> >> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
>> >
>> >
>> >
>> >
>> > --
>> > Laércio de Sousa
>> > Orientador de Informática
>> > Escola Municipal "Professor Eulálio Gruppi"
>> > Rua Ismael da Silva Mello, 559, Mogi Moderno
>> > Mogi das Cruzes - SP
>> > CEP 08717-390
>> > Telefone: (11) 4726-8313
>>
>>
>>
>> --
>>
>> google.com/+arnaudgabourygabx
>>
>
>
>
> --
> *Laércio de Sousa*
> *Orientador de Informática*
> *Escola Municipal "Professor Eulálio Gruppi"*
> *Rua Ismael da Silva Mello, 559, Mogi Moderno*
> *Mogi das Cruzes - SPCEP 08717-390*
> Telefone: (11) 4726-8313
>



-- 

google.com/+arnaudgabourygabx
<https://plus.google.com/_/notifications/emlink?emr=05814804238976922326=CKiv-v6PvboCFcfoQgod6msAAA=%2F116159236040461325607%2Fop%2Fu=1383086841306=50>
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] Multi seats setup How-to

2015-09-03 Thread arnaud gaboury
I plan to use the systemd mutli-seat features, but I am not sure at
all how I must proceed and in waht order. I understand the main
principle for mouse and keyboard: detect the device then
$ loginctl attach seatNumber DevicePath
As for the graphic card, I am lost.

OS: Fedora 22
gdm
1 nvidia card
1 USB3 plugable dockin station for the second monitor
Nvidia driver (I would like to avoid using Nouveau if possible).

The actual configuration:


$ loginctl seat-status seat0

seat0
Sessions: 2 *1 c1
 Devices:
  ├─/sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input1
  │ input:input1 "Power Button"
  ├─/sys/device...XSYSTM:00/LNXSYBUS:00/PNP0C0C:00/input/input0
  │ input:input0 "Power Button"
  ├─/sys/devices/pci:00/:00:01.0/:01:00.0/drm/card0
  │ drm:card0
  ├─/sys/device...0:00/:00:01.0/:01:00.0/drm/renderD128
  │ drm:renderD128
  ├─/sys/device...000:00/:00:01.0/:01:00.0/graphics/fb0
  │ [MASTER] graphics:fb0 "nouveaufb"
  ├─/sys/device...:00/:00:01.0/:01:00.1/sound/card1
  │ sound:card1 "NVidia"
  │ ├─/sys/device...00:00:01.0/:01:00.1/sound/card1/input14
  │ │ input:input14 "HDA NVidia HDMI/DP,pcm=3"
  │ ├─/sys/device...00:00:01.0/:01:00.1/sound/card1/input15
  │ │ input:input15 "HDA NVidia HDMI/DP,pcm=7"
  │ ├─/sys/device...00:00:01.0/:01:00.1/sound/card1/input16
  │ │ input:input16 "HDA NVidia HDMI/DP,pcm=8"
  │ └─/sys/device...00:00:01.0/:01:00.1/sound/card1/input17
  │   input:input17 "HDA NVidia HDMI/DP,pcm=9"
├─/sys/devices/pci:00/:00:14.0/usb1
  │ usb:usb1
  │ └─/sys/devices/pci:00/:00:14.0/usb1/1-10
  │   usb:1-10
  │   └─/sys/devices/pci:00/:00:14.0/usb1/1-10/1-10.4
  │ usb:1-10.4
  │ ├─/sys/devic1:1.0/0003:046D:C534.0004/input/input18
  │ │ input:input18 "Logitech USB Receiver"
  │ ├─/sys/devic1:1.1/0003:046D:C534.0005/input/input19
  │ │ input:input19 "Logitech USB Receiver"
  │ └─/sys/devic...B.0008/0003:046D:4003.0009/input/input20
  │   input:input20 "Logitech K270"
  ├─/sys/devices/pci:00/:00:14.0/usb2
  │ usb:usb2
  │ └─/sys/devices/pci:00/:00:14.0/usb2/2-6
  │   usb:2-6
  │   └─/sys/device...14.0/usb2/2-6/2-6.1/2-6.1:1.2/sound/card2
  │ sound:card2 "UD3900"
  ├─/sys/devices/pci:00/:00:1a.0/usb5
  │ usb:usb5
  │ └─/sys/devices/pci:00/:00:1a.0/usb5/5-1
  │   usb:5-1
  ├─/sys/devices/pci:00/:00:1b.0/sound/card0
  │ sound:card0 "PCH"
  │ ├─/sys/devices/pci:00/:00:1b.0/sound/card0/input10
  │ │ input:input10 "HDA Intel PCH Rear Mic"
  │ ├─/sys/devices/pci:00/:00:1b.0/sound/card0/input11
  │ │ input:input11 "HDA Intel PCH Line"
  │ ├─/sys/devices/pci:00/:00:1b.0/sound/card0/input12
  │ │ input:input12 "HDA Intel PCH Line Out"
  │ ├─/sys/devices/pci:00/:00:1b.0/sound/card0/input13
  │ │ input:input13 "HDA Intel PCH Front Headphone"
  │ └─/sys/devices/pci:00/:00:1b.0/sound/card0/input9
  │   input:input9 "HDA Intel PCH Front Mic"
 ├─/sys/devices/pci:00/:00:1c.4/:04:00.0/usb3
  │ usb:usb3
  ├─/sys/devices/pci:00/:00:1c.4/:04:00.0/usb4
  │ usb:usb4
  ├─/sys/devices/pci:00/:00:1d.0/usb6
  │ usb:usb6
  │ └─/sys/devices/pci:00/:00:1d.0/usb6/6-1
  │   usb:6-1
  ├─/sys/device...1f.2/ata6/host5/target5:0:0/5:0:0:0/block/sr0
  │ block:sr0
  ├─/sys/device...a6/host5/target5:0:0/5:0:0:0/scsi_generic/sg2
  │ scsi_generic:sg2
  ├─/sys/devices/platform/eeepc-wmi/input/input8
  │ input:input8 "Eee PC WMI hotkeys"
  ├─/sys/devices/virtual/misc/kvm
  │ misc:kvm
  └─/sys/devices/virtual/misc/rfkill
misc:rfkill

$ lspci

00:00.0 Host bridge: Intel Corporation 4th Gen Core Processor DRAM
Controller (rev 06)
00:01.0 PCI bridge: Intel Corporation Xeon E3-1200 v3/4th Gen Core
Processor PCI Express x16 Controller (rev 

Re: [systemd-devel] Multi seats setup How-to

2015-09-03 Thread arnaud gaboury
On Thu, Sep 3, 2015 at 1:26 PM, arnaud gaboury <arnaud.gabo...@gmail.com> wrote:
> I plan to use the systemd mutli-seat features, but I am not sure at
> all how I must proceed and in waht order. I understand the main
> principle for mouse and keyboard: detect the device then
> $ loginctl attach seatNumber DevicePath
> As for the graphic card, I am lost.
>
> OS: Fedora 22
> gdm
> 1 nvidia card
> 1 USB3 plugable dockin station for the second monitor
> Nvidia driver (I would like to avoid using Nouveau if possible).
>
> The actual configuration:
>
> 
> $ loginctl seat-status seat0
>
> seat0
> Sessions: 2 *1 c1
>  Devices:
>   ├─/sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input1
>   │ input:input1 "Power Button"
>   
> ├─/sys/device...XSYSTM:00/LNXSYBUS:00/PNP0C0C:00/input/input0
>   │ input:input0 "Power Button"
>   
> ├─/sys/devices/pci:00/:00:01.0/:01:00.0/drm/card0
>   │ drm:card0
>   
> ├─/sys/device...0:00/:00:01.0/:01:00.0/drm/renderD128
>   │ drm:renderD128
>   
> ├─/sys/device...000:00/:00:01.0/:01:00.0/graphics/fb0
>   │ [MASTER] graphics:fb0 "nouveaufb"
>   
> ├─/sys/device...:00/:00:01.0/:01:00.1/sound/card1
>   │ sound:card1 "NVidia"
>   │ 
> ├─/sys/device...00:00:01.0/:01:00.1/sound/card1/input14
>   │ │ input:input14 "HDA NVidia HDMI/DP,pcm=3"
>   │ 
> ├─/sys/device...00:00:01.0/:01:00.1/sound/card1/input15
>   │ │ input:input15 "HDA NVidia HDMI/DP,pcm=7"
>   │ 
> ├─/sys/device...00:00:01.0/:01:00.1/sound/card1/input16
>   │ │ input:input16 "HDA NVidia HDMI/DP,pcm=8"
>   │ 
> └─/sys/device...00:00:01.0/:01:00.1/sound/card1/input17
>   │   input:input17 "HDA NVidia HDMI/DP,pcm=9"
> ├─/sys/devices/pci:00/:00:14.0/usb1
>   │ usb:usb1
>   │ └─/sys/devices/pci:00/:00:14.0/usb1/1-10
>   │   usb:1-10
>   │   └─/sys/devices/pci:00/:00:14.0/usb1/1-10/1-10.4
>   │ usb:1-10.4
>   │ 
> ├─/sys/devic1:1.0/0003:046D:C534.0004/input/input18
>   │ │ input:input18 "Logitech USB Receiver"
>   │ 
> ├─/sys/devic1:1.1/0003:046D:C534.0005/input/input19
>   │ │ input:input19 "Logitech USB Receiver"
>   │ 
> └─/sys/devic...B.0008/0003:046D:4003.0009/input/input20
>   │   input:input20 "Logitech K270"
>   ├─/sys/devices/pci:00/:00:14.0/usb2
>   │ usb:usb2
>   │ └─/sys/devices/pci:00/:00:14.0/usb2/2-6
>   │   usb:2-6
>   │   
> └─/sys/device...14.0/usb2/2-6/2-6.1/2-6.1:1.2/sound/card2
>   │ sound:card2 "UD3900"
>   ├─/sys/devices/pci:00/:00:1a.0/usb5
>   │ usb:usb5
>   │ └─/sys/devices/pci:00/:00:1a.0/usb5/5-1
>   │   usb:5-1
>   ├─/sys/devices/pci:00/:00:1b.0/sound/card0
>   │ sound:card0 "PCH"
>   │ ├─/sys/devices/pci:00/:00:1b.0/sound/card0/input10
>   │ │ input:input10 "HDA Intel PCH Rear Mic"
>   │ ├─/sys/devices/pci:00/:00:1b.0/sound/card0/input11
>   │ │ input:input11 "HDA Intel PCH Line"
>   │ ├─/sys/devices/pci:00/:00:1b.0/sound/card0/input12
>   │ │ input:input12 "HDA Intel PCH Line Out"
>   │ ├─/sys/devices/pci:00/:00:1b.0/sound/card0/input13
>   │ │ input:input13 "HDA Intel PCH Front Headphone"
>   │ └─/sys/devices/pci:00/:00:1b.0/sound/card0/input9
>   │   input:input9 "HDA Intel PCH Front Mic"
>  ├─/sys/devices/pci:00/:00:1c.4/:04:00.0/usb3
>   │ usb:usb3
>   ├─/sys/devices/pci:00/:00:1c.4/:04:00.0/usb4
>   │ usb:usb4
>   ├─/sys/devices/pci:00/:00:1d.0/usb6
>   │ usb:usb6
>   │ └─/sys/devices/pci:00/0

Re: [systemd-devel] Multi seats setup How-to

2015-09-03 Thread arnaud gaboury
On Thu, Sep 3, 2015 at 2:12 PM, Floris <jkflo...@dds.nl> wrote:
> Op Thu, 03 Sep 2015 13:51:06 +0200 schreef arnaud gaboury
> <arnaud.gabo...@gmail.com>:
>
>> On Thu, Sep 3, 2015 at 1:26 PM, arnaud gaboury <arnaud.gabo...@gmail.com>
>> wrote:
>>>
>>> I plan to use the systemd mutli-seat features, but I am not sure at
>>> all how I must proceed and in waht order. I understand the main
>>> principle for mouse and keyboard: detect the device then
>>> $ loginctl attach seatNumber DevicePath
>>> As for the graphic card, I am lost.
>>>
>>> OS: Fedora 22
>>> gdm
>>> 1 nvidia card
>>> 1 USB3 plugable dockin station for the second monitor
>>> Nvidia driver (I would like to avoid using Nouveau if possible).
>>>
>
>> Following this old blog[0], it seems I must FIRST assign the graphic
>> card to seat1. So I guess first is to take care of the /etc/X11 stuff.
>> Once I have correctly configured it, I must be able to see two cards,
>> right ?
>>
>
> Here are the steps I took to make my multi seat with Debian Sid:
>
> 1. Install the nvidia drivers and blacklist the nouveau drivers.
> 2. Locate with loginctl seat-status seat0 the address of the graphic
> device you want to be seat1
>
> Maybe there is no graphic device, but I have:
>  ├─/sys/devices/pci:00/:00:05.0/:02:00.1/sound/card2
>  │ sound:card2 "NVidia"

I was missing one piece of the puzzle. My USB dock station is
Plugable® UD-3900 USB 3.0


1-
I had to install the kernel driver for it, following instructions per
this displaylink forum[0]. Once the .rpm package installed, I could
verify:
$ lsmod | grep evdi

evdi   36864  0
drm_kms_helper122880  2 evdi,nouveau
drm   331776  10 ttm,evdi,drm_kms_helper,nouveau


# ll /lib/modules/$(uname -r)/extra/evdi.ko
-rw-r--r--. 1 root root 63072  3 sept. 14:29
/lib/modules/4.1.6-200.fc22.x86_64/extra/evdi.ko


2-
Now $ loginctl seat-status seat0 returns something more interesting:

  ├─/sys/devices/platform/evdi.0/drm/card1
  │ drm:card1

So I guess now I have indeed two cards.


$ udevadmin info /sys/devices/platform/evdi.0/drm/card1

P: /devices/platform/evdi.0/drm/card1
N: dri/card1
E: DEVNAME=/dev/dri/card1
E: DEVPATH=/devices/platform/evdi.0/drm/card1
E: DEVTYPE=drm_minor
E: ID_FOR_SEAT=drm-platform-evdi_0
E: ID_PATH=platform-evdi.0
E: ID_PATH_TAG=platform-evdi_0
E: MAJOR=226
E: MINOR=1
E: SUBSYSTEM=drm
E: TAGS=:seat:uaccess:
E: USEC_INITIALIZED=51309590

NB: no driver section. Is it still ok ?

---
3-
A new udev rule is shipped with the package.
/etc/udev/rules.d/99-displaylink.rules
-
ACTION=="add", SUBSYSTEM=="usb", ENV{ID_VENDOR}=="DisplayLink",
MODE="0660", RUN+="/bin/systemctl start displaylink.service"
ACTION=="remove", SUBSYSTEM=="usb", ENV{ID_VENDOR}=="DisplayLink",
RUN+="/bin/systemctl stop displaylink.service"


and the systemd service is active and loaded when I plug the dock station


Now following your advices, I shall write:

/etc/udev/rules.d/72-seat-1.rules
SUBSYSTEM=="drm", DEVPATH=="/devices//platform/evdi.0/drm/card1",
TAG+="seat", TAG+="master-of-seat", ENV{ID_AUTOSEAT}="1",
ENV{ID_SEAT}="seat1"

and this:
/etc/udev/rules.d/99-nvidia_seats.rules
 SUBSYSTEM=="drm", KERNEL=="card[0-9]*", ATTRS{vendor}=="0x10de",
DRIVERS=="nvidia", TAG+="master-of-seat"
 SUBSYSTEM=="pci", ATTRS{vendor}=="0x10de", DRIVER=="nvidia",
TAG+="seat", TAG+="master-of-seat"

Then do the xorg.conf stuff, reload and attach keyboard + mouse ?



> so the the gpu is /sys/devices/pci:00/:00:05.0/:02:00.0
> use udevadm info /sys/bus/pci/devices/:00:05.0/:02:00.0
> to make sure the address is right
>
> $ udevadm info /sys/bus/pci/devices/:00:05.0/:02:00.0
> P: /devices/pci:00/:00:05.0/:02:00.0
> E: DEVPATH=/devices/pci:00/:00:05.0/:02:00.0
> E: DRIVER=nvidia
> E: ID_AUTOSEAT=1
> E: ID_MODEL_FROM_DATABASE=GF119 [GeForce GT 610]
> E: ID_PCI_CLASS_FROM_DATABASE=Display controller
> E: ID_PCI_INTERFACE_FROM_DATABASE=VGA controller
> E: ID_PCI_SUBCLASS_FROM_DATABASE=VGA compatible controller
> E: ID_SEAT=seat1
> E: ID_VENDOR_FROM_DATABASE=NVIDIA Corporation

[systemd-devel] Kdbus - dbus daemon

2015-08-31 Thread arnaud gaboury
Distro : Arch
Systemd : 224
Kdbus AUR package installed (kdbus module is not in default Arch Kernel)
nspawn container : Fedora 22, systemd 219


I want to give a try to kdbus. If I read correctly the kdbus[0] website:
.
Am I right to understand I will no more need dbus.service and I can
disable it for system and users ?

Will it change something for the container, as it is running a lower
version of systemd ?

Thank you for tips.

[0]http://www.freedesktop.org/wiki/Software/systemd/kdbus/



-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] Multi seats

2015-08-28 Thread arnaud gaboury
On Fri, Aug 28, 2015 at 1:37 PM, Laércio de Sousa
laercioso...@sme-mogidascruzes.sp.gov.br wrote:
 Hi Arnaud!

 I've been researching systemd-based multi-seat setups with non-KMS video
 drivers for a couple of years.

 In principle, yes, you can set up a multi-seat system with proprietary
 NVIDIA drivers, provided you:

 * provide a suitable udev rule to tag your NVIDIA card as master-of-seat
 (they are tagged by default if using Nouveau drivers). Examples:

 SUBSYSTEM==drm, KERNEL==card[0-9]*, ATTRS{vendor}==0x10de,
 DRIVERS==nvidia, TAG+=master-of-seat

 SUBSYSTEM==pci, ATTRS{vendor}==0x10de, DRIVER==nvidia,
 TAG+=seat, TAG+=master-of-seat

 * Have xorg-server 1.16 or newer installed

 * Provide a suitable xorg.conf for your NVIDIA card, not forgetting to put
 MatchSeat entries in Device/Screen/ServerLayout sections.

 * Have LightDM 1.12 or newer installed (if you don't use GNOME)

In fact I was wrong in my presentation. Login window is now managed by
GDM in Fedora 22, not Lightdm. I guess I do not need to install and
log with Lightdm, am I right?

 Att.

 2015-08-28 7:58 GMT-03:00 arnaud gaboury arnaud.gabo...@gmail.com:

 One year ago, I tried to setup multi seats, see this thread[0]. By
 that time, I gave up as my configuration was not made for such a
 fetaure.
 Now I am back with all the needed tools to do it easily (I think so):
 - Fedora 22
 - lightdm  GDM
 - an USB 3 plugable dockin station

 As good how-to on this topic are few, I wonder a few things:
 - is the proprietary Nvidia driver Ok or shall I indeed use Nouveau
 (my card is Nvidia one)?
 - are the lightdm/Xorg setup configuring accordingly or shall I edit
 manually the conf files?

 I understand the whole principle to $ loginctl attach seatNumber
 /device/apth.

 Thank you for a few hints.



 [0]http://lists.freedesktop.org/archives/systemd-devel/2014-August/022403.html

 --

 google.com/+arnaudgabourygabx
 ___
 systemd-devel mailing list
 systemd-devel@lists.freedesktop.org
 http://lists.freedesktop.org/mailman/listinfo/systemd-devel




 --
 Laércio de Sousa
 Orientador de Informática
 Escola Municipal Professor Eulálio Gruppi
 Rua Ismael da Silva Mello, 559, Mogi Moderno
 Mogi das Cruzes - SP
 CEP 08717-390
 Telefone: (11) 4726-8313



-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] Multi seats

2015-08-28 Thread arnaud gaboury
One year ago, I tried to setup multi seats, see this thread[0]. By
that time, I gave up as my configuration was not made for such a
fetaure.
Now I am back with all the needed tools to do it easily (I think so):
- Fedora 22
- lightdm  GDM
- an USB 3 plugable dockin station

As good how-to on this topic are few, I wonder a few things:
- is the proprietary Nvidia driver Ok or shall I indeed use Nouveau
(my card is Nvidia one)?
- are the lightdm/Xorg setup configuring accordingly or shall I edit
manually the conf files?

I understand the whole principle to $ loginctl attach seatNumber /device/apth.

Thank you for a few hints.


[0]http://lists.freedesktop.org/archives/systemd-devel/2014-August/022403.html

-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] SElinux in container

2015-08-24 Thread arnaud gaboury
On Mon, Aug 24, 2015 at 1:30 PM, Daniel J Walsh dwa...@redhat.com wrote:


 On 08/23/2015 08:10 AM, arnaud gaboury wrote:
 Here is my setup:

 Host:  Archlinux systemd 224-1
 Container: Fedora 22 systemd 219

 The container is a server and has vocation to be one day deployed on a
 dediacted server for production. In this way, I would like to set
 SElinux (default in Fedora). Unfortunately, doing it in Arch host is
 not a trivial affair and as host is a desktop, I would like to avoid.

 For now, SElinux is enabled in the Kernel with disables at boot with 
 selinux=0.

 Is there any way to enable and configure SElinux only in the
 container? Looking at capabilities(7) did not give me any hints. As a
 side note, CAP_SYS_MODULE does not work for container. I guess it is
 due to systemd 219 on the container ?

 Thank you.

 You would have to write a policy for this.  You could write a policy
 where everything is
 an unconfined domain, but the containers run confined.

 You would write something where the kernel, systemd ... all run as os_t,
 then allow
 docker or other domain to transition the container domain. container_t.

 But this would not give you fine grained control within the container.

 It also would probably require a lot of policy writing.  But would seem
 to be a good
 university project...

Thank you for these details. Unfortunately, 50 years old and too late
for any university project :-(
As I have many other things to build/code for my current project
(build/deploy R[0] web apps), I will take care of SElinux once I am on
the production server.

[0]https://www.r-project.org/


-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] SElinux in container

2015-08-23 Thread arnaud gaboury
Here is my setup:

Host:  Archlinux systemd 224-1
Container: Fedora 22 systemd 219

The container is a server and has vocation to be one day deployed on a
dediacted server for production. In this way, I would like to set
SElinux (default in Fedora). Unfortunately, doing it in Arch host is
not a trivial affair and as host is a desktop, I would like to avoid.

For now, SElinux is enabled in the Kernel with disables at boot with selinux=0.

Is there any way to enable and configure SElinux only in the
container? Looking at capabilities(7) did not give me any hints. As a
side note, CAP_SYS_MODULE does not work for container. I guess it is
due to systemd 219 on the container ?

Thank you.

-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] error when starting the service : Bad message

2015-05-19 Thread arnaud gaboury
On Tue, May 19, 2015 at 9:05 AM, arnaud gaboury
arnaud.gabo...@gmail.com wrote:
 I maybe did a typo, but looking carefully it doesn't seems so.
 Starting this unit file gives me:
 -
 ● gunicorn.service - gunicorn daemon
Loaded: error (Reason: Bad message)
Active: inactive (dead)

 May 19 08:45:53 poppy systemd[1]:
 [/etc/systemd/system/gunicorn.service:5] Missing '='.
 

 I can't see any missing '='

Issue solved. My service file was not correctly writen
Noting to do with systemd.
Sorry for the noise



 /etc/systemd/system/gunicorn.service
 ---
 [Unit]
 Description=gunicorn daemon
 Requires=gunicorn.socket
 After=systemd-networkd.service

 [Service]
 PIDFile=/run/gunicorn/pid
 User=django
 ExecStart=/storage/django/django-slacklog/django_slacklog/venv/bin/gunicorn

 [Install]
 WantedBy=multi-user.target
 -

 systemd 219.15 on Fedora

 Thank you for hints
 --

 google.com/+arnaudgabourygabx



-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] error when starting the service : Bad message

2015-05-19 Thread arnaud gaboury
I maybe did a typo, but looking carefully it doesn't seems so.
Starting this unit file gives me:
-
● gunicorn.service - gunicorn daemon
   Loaded: error (Reason: Bad message)
   Active: inactive (dead)

May 19 08:45:53 poppy systemd[1]:
[/etc/systemd/system/gunicorn.service:5] Missing '='.


I can't see any missing '='

/etc/systemd/system/gunicorn.service
---
[Unit]
Description=gunicorn daemon
Requires=gunicorn.socket
After=systemd-networkd.service

[Service]
PIDFile=/run/gunicorn/pid
User=django
ExecStart=/storage/django/django-slacklog/django_slacklog/venv/bin/gunicorn

[Install]
WantedBy=multi-user.target
-

systemd 219.15 on Fedora

Thank you for hints
-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] dbus inside nspawn container

2015-05-15 Thread arnaud gaboury
On Fri, May 15, 2015 at 2:21 PM, Dimitri John Ledkov
dimitri.j.led...@intel.com wrote:
 On 15 May 2015 at 13:07, arnaud gaboury arnaud.gabo...@gmail.com wrote:
 Maybe a stupid question, but shall every container user start a per
 user dbus session ?
 Host has a dbus and user session activated, shall it be same in container?

 Thank you for hints

 Depends what your container is... If it is a full system
 installation/chroot the first pid inside container would be something
 like an init which may start both system and user dbus when one logs
 into it. (think VPS)

Container is Fedora server. It will deploy usual web services and many
admin users have access.
With one logged user in container:

# systemd-cgls
─1 /usr/lib/systemd/systemd
├─system.slice
│ ├─dbus.service
│ │ └─35 /usr/bin/dbus-daemon --system --address=systemd: --nofork
--nopidfile --systemd-activation
│ ├─fail2ban.service
│ │ └─101 /usr/bin/python -Es /usr/bin/fail2ban-server -s
/var/run/fail2ban/fail2ban.sock -p /var/run/fail
│ ├─postfix.service
│ │ ├─26547 /usr/libexec/postfix/master -w
│ │ ├─26564 qmgr -l -t unix -u
│ │ └─31987 pickup -l -t unix -u
│ ├─nginx.service
│ │ ├─29015 nginx: master process /usr/sbin/ngin
│ │ ├─29016 nginx: worker proces
│ │ ├─29017 nginx: worker proces
│ │ ├─29018 nginx: worker proces
│ │ ├─29019 nginx: worker proces
│ │ ├─29020 nginx: worker proces
│ │ ├─29021 nginx: worker proces
│ │ ├─29022 nginx: worker proces
│ │ └─29023 nginx: worker proces
│ ├─systemd-journald.service
│ │ └─24 /usr/lib/systemd/systemd-journald
│ ├─vsftpd.service
│ │ └─96 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
│ ├─systemd-logind.service
│ │ └─34 /usr/lib/systemd/systemd-logind
│ ├─system-container\x2dgetty.slice
│ │ └─container-getty@0.service
│ │   └─27376 /sbin/agetty --noclear --keep-baud pts/0 115200 38400 9600 vt220
│ ├─sshd.service
│ │ └─27394 /usr/sbin/sshd -D
│ ├─polkit.service
│ │ └─2662 /usr/lib/polkit-1/polkitd --no-debug
│ ├─postgresql.service
│ │ ├─18288 /usr/bin/postgres -D /db/postgres/data
│ │ ├─18316 postgres: logger process
│ │ ├─18346 postgres: checkpointer process
│ │ ├─18347 postgres: writer process
│ │ ├─18348 postgres: wal writer process
│ │ ├─18349 postgres: autovacuum launcher process
│ │ └─18350 postgres: stats collector process
│ ├─redis-server.service
│ │ └─15677 /usr/bin/redis-server 127.0.0.1:0
│ └─console-getty.service
│   └─73 /sbin/agetty --noclear --keep-baud console 115200 38400 9600 vt220
└─user.slice
  └─user-1000.slice
├─user@1000.service
│ ├─733 /usr/lib/systemd/systemd --user
│ └─734 (sd-pam)
├─session-c5.scope
│ ├─25186 login -- poisonivy
│ ├─25189 -zsh
│ ├─32198 sudo systemd-cgls
│ ├─32199 systemd-cgls
│ └─32200 less
└─session-c1.scope
  ├─21399 /opt/gitlab/embedded/bin/ruby
/opt/gitlab/embedded/bin/omnibus-ctl gitlab /opt/gitlab/embedd
  ├─21401 sh -c find /var/log/gitlab/nginx/gitlab_error.log -type
f -not -path */sasl/* | grep -E -v '
  ├─21404 xargs tail --follow=name --retry
  └─21405 tail --follow=name --retry /var/log/gitlab/nginx/gitlab_error.log
---

On host:
% machinectl status poppy
poppy
   Since: Fri 2015-05-08 13:01:52 CEST; 6 days ago
  Leader: 753 (systemd)
 Service: nspawn; class container
Root: /var/lib/machines/poppy
   Iface: br0
 Address: 192.168.1.94
  fe80::c7f:c3ff:fefb:25b1%3
  OS: Fedora 22 (Twenty Two)
Unit: systemd-nspawn@poppy.service
  ├─718 /usr/bin/systemd-nspawn --quiet --keep-unit
--boot --link-journal=try-guest --netw
  ├─753 /usr/lib/systemd/systemd
  ├─system.slice
  │ ├─dbus.service
  │ │ └─798 /usr/bin/dbus-daemon --system
--address=systemd: --nofork --nopidfile --system
  │ ├─fail2ban.service
  │ │ └─876 /usr/bin/python -Es
/usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.soc
  │ ├─postfix.service
  │ │ ├─14345 pickup -l -t unix -u
  │ │ ├─23509 /usr/libexec/postfix/master -w
  │ │ └─23536 qmgr -l -t unix -u
  │ ├─nginx.service
  │ │ ├─27291 nginx: master process /usr/sbin/ngin
  │ │ ├─27292 nginx: worker proces
  │ │ ├─27293 nginx: worker proces
  │ │ ├─27294 nginx: worker proces
  │ │ ├─27295 nginx: worker proces
  │ │ ├─27297 nginx: worker proces
  │ │ ├─27298 nginx: worker proces
  │ │ ├─27299 nginx: worker proces
  │ │ └─27300 nginx: worker proces
  │ ├─systemd-journald.service
  │ │ └─780 /usr/lib/systemd/systemd-journald
  │ ├─vsftpd.service

[systemd-devel] dbus inside nspawn container

2015-05-15 Thread arnaud gaboury
Maybe a stupid question, but shall every container user start a per
user dbus session ?
Host has a dbus and user session activated, shall it be same in container?

Thank you for hints

-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] dbus inside nspawn container

2015-05-15 Thread arnaud gaboury
 On Fri, May 15, 2015, 4:22 PM Simon McVittie 
simon.mcvit...@collabora.co.uk wrote:

On 15/05/15 14:17, Lennart Poettering wrote:
 On Fri, 15.05.15 14:07, arnaud gaboury (arnaud.gabo...@gmail.com) wrote:
 Maybe a stupid question, but shall every container user start a per
 user dbus session ?

 We make not real distinction there. We intend to provide the same
 execution environment to processes running in a container as to those
 running on the host

Yes. As a result, you would have a `dbus-daemon --session` per user
inside the container, if and only if the same OS running on real
hardware would have a `dbus-daemon --session` per user (the user bus
model).

 The host is Archlinux and has dbus- daemon per user. I am the only user
and most of my services are started on a per user basis.
Container is Fedora with a few allowed admins. But I cant see any debus
user session when they are logged.

In practice this means you get a `dbus-daemon --session` per user if you
have dbus = 1.9.14 compiled with the --enable-user-session option, and
systemd, inside the container.

 Yes systemd is managing services in Fedora 22, the container

Similarly, kdbus systems (inside or outside a container) always get a
user bus per user, as far as I understand it.

--
Simon McVittie
Collabora Ltd. http://www.collabora.com/

___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] networkd must start before nspawn@container

2015-05-02 Thread arnaud gaboury
My host/conatiner networking are both managed by systemd-netwrokd. I
have a bridge Br0 on host and vb-MyContainer for the conatiner. Both
have a fix local IP.

I boot container at host boot  this way:

--
$ cat /etc/systemd/system/systemd-nspawn@.service
.
ExecStart=/usr/bin/systemd-nspawn --quiet --keep-unit --boot
--link-journal=try-guest --network-bridge=br0 --machine=
--

Unfortunately, systemd-nspawn@poppy fails sometimes at boot :


$ systemctl status systemd-nspawn@poppy
● systemd-nspawn@poppy.service - Container poppy
   Loaded: loaded (/etc/systemd/system/systemd-nspawn@.service;
enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Fri 2015-05-01 19:34:56
CEST; 50s ago
 Docs: man:systemd-nspawn(1)
  Process: 544 ExecStart=/usr/bin/systemd-nspawn --quiet --keep-unit
--boot --link-journal=try-guest --net

 work-bridge=br0 --machine=%I (code=exited, status=1/FAILURE)
 Main PID: 544 (code=exited, status=1/FAILURE)

May 01 19:34:55 hortensia systemd[1]: Starting Container poppy...
May 01 19:34:55 hortensia systemd-nspawn[544]: Failed to resolve
interface br0: No such device
May 01 19:34:56 hortensia systemd[1]: systemd-nspawn@poppy.service:
main process exited, code=exite...LURE
May 01 19:34:56 hortensia systemd[1]: Failed to start Container poppy.
May 01 19:34:56 hortensia systemd[1]: Unit
systemd-nspawn@poppy.service entered failed state.
May 01 19:34:56 hortensia systemd[1]: systemd-nspawn@poppy.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
--

Obviously the reason is networkd has not been activated. I solved this
issue this way:

$  cat /etc/systemd/system/network.target
--
[Unit]
Description=Network
Documentation=man:systemd.special(7)
Documentation=http://www.freedesktop.org/wiki/Software/systemd/NetworkTarget
After=network-pre.target
RefuseManualStart=yes

[Install]
WantedBy=machines.target
--
# systemctl enable machines.target

I added machines.target in Before section options in systemd-netwrokd.service
$ cat /etc/systemd/system/systemd-netwrokd.service
--
.
Before=network.target multi-user.target shutdown.target machines.target
..
-

My issue is now solved. I just wonder if my setting is a good practice.

Thank you for advice




google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] mount crypto_LUKS device in conatiner

2015-05-01 Thread arnaud gaboury
My container will need access to a Luks encrypted device (/dev/sdd4) for its DB.

Here is the setup on the host :

-
# cryptsetup --key-file /etc/keys/poppy.luks luksOpen /dev/bcache0 sdd4_crypt
$  lsblk -o NAME,KNAME,MAJ:MIN,FSTYPE,LABEL
..
└─sdd4   sdd4  8:52  bcache
  └─bcache0  bcache0 254:0   crypto_LUKS
└─sdd4_crypt dm-7253:7   btrfs   poppy-encrypt


I am little lost for now how the container manage /dev and  devices
mapper. So I am wondering where to write this device entry in
/etc/fstab  and /etc/crypttab. In host or container?

It seems to me it is more easy to manage anything in the host. Am I right?

Thank you for hints.
-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] network interface down in container

2015-04-30 Thread arnaud gaboury
I already used for a while a container (Arch on Arch). I had two
distinct IP and a working setup thanks to good help from Tom Gundersen

I am trying to replicate my network settings on a new setup (Fedora on
Arch). For now, I am just trying with DHCP.

Here the setup on host:


1- created a virtual bridge

$ cat /etc/systemd/network/Bridge.netdev

[NetDev]
Name=br0
Kind=bridge

2 - bind my eth to the bridge

$ cat /etc/systemd/network/eth.network

[Match]
Name=en*

[Network]
Bridge=br0

3- created bridge network unit

$ cat /etc/systemd/network/bridge.network

[Match]
Name=br0

[Network]
DHCP=IPV4


Nothing else.

when container is up:

$ ip a
2: enp7s0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast
master br0 state UP group default qlen 1000
link/ether 14:da:e9:b5:7a:88 brd ff:ff:ff:ff:ff:ff
inet6 fe80::16da:e9ff:feb5:7a88/64 scope link
   valid_lft forever preferred_lft forever
4: br0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue state
UP group default
link/ether b6:0c:00:22:f1:4a brd ff:ff:ff:ff:ff:ff
inet 192.168.1.87/24 brd 192.168.1.255 scope global br0
   valid_lft forever preferred_lft forever
inet6 fe80::b40c:ff:fe22:f14a/64 scope link
   valid_lft forever preferred_lft forever
9: vb-poppy: NO-CARRIER,BROADCAST,MULTICAST,UP mtu 1500 qdisc
pfifo_fast master br0 state DOWN group default qlen 1000
link/ether 0e:9a:d7:18:a3:59 brd ff:ff:ff:ff:ff:ff
$ ip route
default via 192.168.1.254 dev br0  proto static
192.168.1.0/24 dev br0  proto kernel  scope link  src 192.168.1.87
 % brctl show
bridge name bridge id STP enabledinterfaces
  br08000.b60c0022f14a no  enp7s0

 vb-poppy
---

I used to boot the container this way :
# systemd-nspawn --network-bridge=br0 -bD /path_to/my_container

Is this correct?


  *
Now on the container side:

Nothing configured. NetworkManager enabled, systemd-networkd enabled
and started.

---
$ ip a
2: host0: BROADCAST,MULTICAST mtu 1500 qdisc noop state DOWN group
default qlen 1000
link/ether 0e:7f:c3:fb:25:b1 brd ff:ff:ff:ff:ff:ff
-
host0 is down

$ journalctl -x
..
-- Unit NetworkManager.service has begun starting up.
Apr 27 13:18:01 poppy firewalld[35]: 2015-04-27 13:18:01 ERROR:
ebtables not usable, disabling ethernet bridge firewall.
Apr 27 13:18:01 poppy firewalld[35]: 2015-04-27 13:18:01 FATAL ERROR:
No IPv4 and IPv6 firewall.
Apr 27 13:18:01 poppy firewalld[35]: 2015-04-27 13:18:01 ERROR:
Raising SystemExit in run_server
Apr 27 13:18:01 poppy NetworkManager[67]: info  NetworkManager
(version 1.0.0-8.fc22) is starting...
Apr 27 13:18:01 poppy NetworkManager[67]: info  Read config:
/etc/NetworkManager/NetworkManager.conf
Apr 27 13:18:01 poppy NetworkManager[67]: info  WEXT support is enabled
Apr 27 13:18:01 poppy NetworkManager[67]: warn  Could not get
hostname: failed to read /etc/sysconfig/network
Apr 27 13:18:01 poppy NetworkManager[67]: info  Acquired D-Bus
service com.redhat.ifcfgrh1
..

Obviously my old fashioned way to give two IP adress does not work,
and I can't find any other idea/way to do the setup.
Is this firewall story in journalctl the culprit? I do not want any
basic firewall as hardening will be done with Apparmor  (already built
in the kernel) and grsec in a second step.
Hint: I run a custom kernel. Maybe did I miss some network settings ?

Thank you for hints

-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] network interface down in container

2015-04-30 Thread arnaud gaboury
On Thu, Apr 30, 2015 at 11:44 AM, Lennart Poettering
lenn...@poettering.net wrote:
 On Thu, 30.04.15 10:01, arnaud gaboury (arnaud.gabo...@gmail.com) wrote:

 I used to boot the container this way :
 # systemd-nspawn --network-bridge=br0 -bD /path_to/my_container

 Is this correct?

 Looks fine.



   *
 Now on the container side:

 Nothing configured. NetworkManager enabled, systemd-networkd enabled
 and started.

 NM doesn't really support being run in a container.

I want to disable it to avoid any potential conflict.

systemctl mask NetworkManager
systemctl mask NetworkManager-dispatcher

But when rebooting, it is enabled again. I guess I must write a custom
service file to mask it ?


 ---
 $ ip a
 2: host0: BROADCAST,MULTICAST mtu 1500 qdisc noop state DOWN group
 default qlen 1000
 link/ether 0e:7f:c3:fb:25:b1 brd ff:ff:ff:ff:ff:ff
 -
 host0 is down

 Please check what networkctl status -a in the container shows. It
 should tell you whether networkd is configured to do anything.
E2978F 1: lo
   Link File: n/a
Network File: n/a
Type: loopback
   State: carrier (unmanaged)
 MTU: 65536
 Address: 127.0.0.1
  ::1

E2978F 2: host0
   Link File: n/a
Network File: n/a
Type: ether
   State: off (unmanaged)
  HW Address: 0e:7f:c3:fb:25:b1
 MTU: 1500

Not really sain


 Also, what does journalctl -u systemd-networkd -n 200 show in the
 container?
Apr 30 12:10:55 poppy systemd[1]: Starting Network Service...
Apr 30 12:10:56 poppy systemd-networkd[249]: Enumeration completed
Apr 30 12:10:56 poppy systemd[1]: Started Network Service.

sounds OK.

As said, the only error when booting container is:

Apr 27 13:18:01 poppy firewalld[35]: 2015-04-27 13:18:01 ERROR:
ebtables not usable, disabling ethernet bridge firewall.
Apr 27 13:18:01 poppy firewalld[35]: 2015-04-27 13:18:01 FATAL ERROR:
No IPv4 and IPv6 firewall.
Apr 27 13:18:01 poppy firewalld[35]: 2015-04-27 13:18:01 ERROR:
Raising SystemExit in run_server
Apr 27 13:18:01 poppy NetworkManager[67]: info  NetworkManager
(version 1.0.0-8.fc22) is starting...
Apr 27 13:18:01 poppy NetworkManager[67]: info  Read config:
/etc/NetworkManager/NetworkManager.conf
Apr 27 13:18:01 poppy NetworkManager[67]: info  WEXT support is enabled
Apr 27 13:18:01 poppy NetworkManager[67]: warn  Could not get
hostname: failed to read /etc/sysconfig/network
Apr 27 13:18:01 poppy NetworkManager[67]: info  Acquired D-Bus
service com.redhat.ifcfgrh1
Apr 27 13:18:01 poppy NetworkManager[67]: info  Loaded plugin
ifcfg-rh: (c) 2007 - 2013 Red Hat, Inc.  To report bugs please use the
NetworkManager mailing list.
Apr 27 13:18:01 poppy NetworkManager[67]: info  Loaded plugin
keyfile: (c) 2007 - 2013 Red Hat, Inc.  To report bugs please use the
NetworkManager mailing list.
Apr 27 13:18:01 poppy NetworkManager[67]: info  parsing
/etc/sysconfig/network-scripts/ifcfg-lo ...
Apr 27 13:18:01 poppy NetworkManager[67]: info  monitoring kernel
firmware directory '/lib/firmware'.
Apr 27 13:18:01 poppy NetworkManager[67]: info  WiFi enabled by
radio killswitch; enabled by state file
Apr 27 13:18:01 poppy NetworkManager[67]: info  WWAN enabled by
radio killswitch; enabled by state file
Apr 27 13:18:01 poppy NetworkManager[67]: info  WiMAX enabled by
radio killswitch; enabled by state file
Apr 27 13:18:01 poppy NetworkManager[67]: info  Networking is
enabled by state file
Apr 27 13:18:01 poppy NetworkManager[67]: info  (br0): link connected
Apr 27 13:18:01 poppy NetworkManager[67]: info  (br0): carrier is ON
Apr 27 13:18:01 poppy NetworkManager[67]: info  (br0): new Bridge
device (driver: 'bridge' ifindex: 3)
Apr 27 13:18:01 poppy NetworkManager[67]: info  (br0): exported as
/org/freedesktop/NetworkManager/Devices/0


Not sure if it has any impact

 Lennart

 --
 Lennart Poettering, Red Hat



-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] network interface down in container

2015-04-30 Thread arnaud gaboury
On Thu, Apr 30, 2015 at 12:18 PM, arnaud gaboury
arnaud.gabo...@gmail.com wrote:
 On Thu, Apr 30, 2015 at 11:44 AM, Lennart Poettering
 lenn...@poettering.net wrote:
 On Thu, 30.04.15 10:01, arnaud gaboury (arnaud.gabo...@gmail.com) wrote:

 I used to boot the container this way :
 # systemd-nspawn --network-bridge=br0 -bD /path_to/my_container

 Is this correct?

 Looks fine.



   *
 Now on the container side:

 Nothing configured. NetworkManager enabled, systemd-networkd enabled
 and started.

 NM doesn't really support being run in a container.

 I want to disable it to avoid any potential conflict.

 systemctl mask NetworkManager
 systemctl mask NetworkManager-dispatcher

 But when rebooting, it is enabled again. I guess I must write a custom
 service file to mask it ?


 ---
 $ ip a
 2: host0: BROADCAST,MULTICAST mtu 1500 qdisc noop state DOWN group
 default qlen 1000
 link/ether 0e:7f:c3:fb:25:b1 brd ff:ff:ff:ff:ff:ff
 -
 host0 is down

 Please check what networkctl status -a in the container shows. It
 should tell you whether networkd is configured to do anything.
 E2978F 1: lo
Link File: n/a
 Network File: n/a
 Type: loopback
State: carrier (unmanaged)
  MTU: 65536
  Address: 127.0.0.1
   ::1

 E2978F 2: host0
Link File: n/a
 Network File: n/a
 Type: ether
State: off (unmanaged)
   HW Address: 0e:7f:c3:fb:25:b1
  MTU: 1500

 Not really sain


 Also, what does journalctl -u systemd-networkd -n 200 show in the
 container?
 Apr 30 12:10:55 poppy systemd[1]: Starting Network Service...
 Apr 30 12:10:56 poppy systemd-networkd[249]: Enumeration completed
 Apr 30 12:10:56 poppy systemd[1]: Started Network Service.

 sounds OK.

 As said, the only error when booting container is:

 Apr 27 13:18:01 poppy firewalld[35]: 2015-04-27 13:18:01 ERROR:
 ebtables not usable, disabling ethernet bridge firewall.
 Apr 27 13:18:01 poppy firewalld[35]: 2015-04-27 13:18:01 FATAL ERROR:
 No IPv4 and IPv6 firewall.
 Apr 27 13:18:01 poppy firewalld[35]: 2015-04-27 13:18:01 ERROR:
 Raising SystemExit in run_server
 Apr 27 13:18:01 poppy NetworkManager[67]: info  NetworkManager
 (version 1.0.0-8.fc22) is starting...
 Apr 27 13:18:01 poppy NetworkManager[67]: info  Read config:
 /etc/NetworkManager/NetworkManager.conf
 Apr 27 13:18:01 poppy NetworkManager[67]: info  WEXT support is enabled
 Apr 27 13:18:01 poppy NetworkManager[67]: warn  Could not get
 hostname: failed to read /etc/sysconfig/network
 Apr 27 13:18:01 poppy NetworkManager[67]: info  Acquired D-Bus
 service com.redhat.ifcfgrh1
 Apr 27 13:18:01 poppy NetworkManager[67]: info  Loaded plugin
 ifcfg-rh: (c) 2007 - 2013 Red Hat, Inc.  To report bugs please use the
 NetworkManager mailing list.
 Apr 27 13:18:01 poppy NetworkManager[67]: info  Loaded plugin
 keyfile: (c) 2007 - 2013 Red Hat, Inc.  To report bugs please use the
 NetworkManager mailing list.
 Apr 27 13:18:01 poppy NetworkManager[67]: info  parsing
 /etc/sysconfig/network-scripts/ifcfg-lo ...
 Apr 27 13:18:01 poppy NetworkManager[67]: info  monitoring kernel
 firmware directory '/lib/firmware'.
 Apr 27 13:18:01 poppy NetworkManager[67]: info  WiFi enabled by
 radio killswitch; enabled by state file
 Apr 27 13:18:01 poppy NetworkManager[67]: info  WWAN enabled by
 radio killswitch; enabled by state file
 Apr 27 13:18:01 poppy NetworkManager[67]: info  WiMAX enabled by
 radio killswitch; enabled by state file
 Apr 27 13:18:01 poppy NetworkManager[67]: info  Networking is
 enabled by state file
 Apr 27 13:18:01 poppy NetworkManager[67]: info  (br0): link connected
 Apr 27 13:18:01 poppy NetworkManager[67]: info  (br0): carrier is ON
 Apr 27 13:18:01 poppy NetworkManager[67]: info  (br0): new Bridge
 device (driver: 'bridge' ifindex: 3)
 Apr 27 13:18:01 poppy NetworkManager[67]: info  (br0): exported as
 /org/freedesktop/NetworkManager/Devices/0


 Not sure if it has any impact

Do not know if it is a clean approach, but issue is solved with a
static IP (that is what I want).


On host:

$ cat /etc/systemd/networkd/bridge.network

[Match]
Name=br0

[Network]
DNS=192.168.1.254

[Address]
Address=192.168.1.87/24

[Route]
Gateway=192.168.1.254

# ln -sf /dev/null /etc/systemd/network/80-container-host0.network

-

On container

$ cat /etc/systemd/networkd/poppy.network
[Match]
Name=host0

[Network]
DNS=192.168.1.254
Address=192.168.1.94/24
Gateway=192.168.1.254
-bash-4.3#

# ln -sf /dev/null /etc/systemd/network/80-container-host0.network



#  systemd-nspawn --network-bridge=br0 -bD /var/lib/machines/poppy

host:
$ ip a
7: vb-poppy: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc
pfifo_fast master br0 state UP group default qlen 1000
link/ether 0e:9a:d7:18:a3:59 brd ff:ff:ff:ff:ff:ff
inet6 fe80::c9a:d7ff:fe18:a359/64 scope link

Re: [systemd-devel] network interface down in container

2015-04-30 Thread arnaud gaboury
On Thu, Apr 30, 2015 at 12:48 PM, arnaud gaboury
arnaud.gabo...@gmail.com wrote:
 On Thu, Apr 30, 2015 at 12:18 PM, arnaud gaboury
 arnaud.gabo...@gmail.com wrote:
 On Thu, Apr 30, 2015 at 11:44 AM, Lennart Poettering
 lenn...@poettering.net wrote:
 On Thu, 30.04.15 10:01, arnaud gaboury (arnaud.gabo...@gmail.com) wrote:

 I used to boot the container this way :
 # systemd-nspawn --network-bridge=br0 -bD /path_to/my_container

 Is this correct?

 Looks fine.



   *
 Now on the container side:

 Nothing configured. NetworkManager enabled, systemd-networkd enabled
 and started.

 NM doesn't really support being run in a container.

 I want to disable it to avoid any potential conflict.

 systemctl mask NetworkManager
 systemctl mask NetworkManager-dispatcher

 But when rebooting, it is enabled again. I guess I must write a custom
 service file to mask it ?


 ---
 $ ip a
 2: host0: BROADCAST,MULTICAST mtu 1500 qdisc noop state DOWN group
 default qlen 1000
 link/ether 0e:7f:c3:fb:25:b1 brd ff:ff:ff:ff:ff:ff
 -
 host0 is down

 Please check what networkctl status -a in the container shows. It
 should tell you whether networkd is configured to do anything.
 E2978F 1: lo
Link File: n/a
 Network File: n/a
 Type: loopback
State: carrier (unmanaged)
  MTU: 65536
  Address: 127.0.0.1
   ::1

 E2978F 2: host0
Link File: n/a
 Network File: n/a
 Type: ether
State: off (unmanaged)
   HW Address: 0e:7f:c3:fb:25:b1
  MTU: 1500

 Not really sain


 Also, what does journalctl -u systemd-networkd -n 200 show in the
 container?
 Apr 30 12:10:55 poppy systemd[1]: Starting Network Service...
 Apr 30 12:10:56 poppy systemd-networkd[249]: Enumeration completed
 Apr 30 12:10:56 poppy systemd[1]: Started Network Service.

 sounds OK.

 As said, the only error when booting container is:

 Apr 27 13:18:01 poppy firewalld[35]: 2015-04-27 13:18:01 ERROR:
 ebtables not usable, disabling ethernet bridge firewall.
 Apr 27 13:18:01 poppy firewalld[35]: 2015-04-27 13:18:01 FATAL ERROR:
 No IPv4 and IPv6 firewall.
 Apr 27 13:18:01 poppy firewalld[35]: 2015-04-27 13:18:01 ERROR:
 Raising SystemExit in run_server
 Apr 27 13:18:01 poppy NetworkManager[67]: info  NetworkManager
 (version 1.0.0-8.fc22) is starting...
 Apr 27 13:18:01 poppy NetworkManager[67]: info  Read config:
 /etc/NetworkManager/NetworkManager.conf
 Apr 27 13:18:01 poppy NetworkManager[67]: info  WEXT support is enabled
 Apr 27 13:18:01 poppy NetworkManager[67]: warn  Could not get
 hostname: failed to read /etc/sysconfig/network
 Apr 27 13:18:01 poppy NetworkManager[67]: info  Acquired D-Bus
 service com.redhat.ifcfgrh1
 Apr 27 13:18:01 poppy NetworkManager[67]: info  Loaded plugin
 ifcfg-rh: (c) 2007 - 2013 Red Hat, Inc.  To report bugs please use the
 NetworkManager mailing list.
 Apr 27 13:18:01 poppy NetworkManager[67]: info  Loaded plugin
 keyfile: (c) 2007 - 2013 Red Hat, Inc.  To report bugs please use the
 NetworkManager mailing list.
 Apr 27 13:18:01 poppy NetworkManager[67]: info  parsing
 /etc/sysconfig/network-scripts/ifcfg-lo ...
 Apr 27 13:18:01 poppy NetworkManager[67]: info  monitoring kernel
 firmware directory '/lib/firmware'.
 Apr 27 13:18:01 poppy NetworkManager[67]: info  WiFi enabled by
 radio killswitch; enabled by state file
 Apr 27 13:18:01 poppy NetworkManager[67]: info  WWAN enabled by
 radio killswitch; enabled by state file
 Apr 27 13:18:01 poppy NetworkManager[67]: info  WiMAX enabled by
 radio killswitch; enabled by state file
 Apr 27 13:18:01 poppy NetworkManager[67]: info  Networking is
 enabled by state file
 Apr 27 13:18:01 poppy NetworkManager[67]: info  (br0): link connected
 Apr 27 13:18:01 poppy NetworkManager[67]: info  (br0): carrier is ON
 Apr 27 13:18:01 poppy NetworkManager[67]: info  (br0): new Bridge
 device (driver: 'bridge' ifindex: 3)
 Apr 27 13:18:01 poppy NetworkManager[67]: info  (br0): exported as
 /org/freedesktop/NetworkManager/Devices/0


 Not sure if it has any impact

 Do not know if it is a clean approach, but issue is solved with a
 static IP (that is what I want).


 On host:

 $ cat /etc/systemd/networkd/bridge.network

 [Match]
 Name=br0

 [Network]
 DNS=192.168.1.254

 [Address]
 Address=192.168.1.87/24

 [Route]
 Gateway=192.168.1.254

 # ln -sf /dev/null /etc/systemd/network/80-container-host0.network
Useless. Not needed at all

 -

 On container

 $ cat /etc/systemd/networkd/poppy.network
 [Match]
 Name=host0

 [Network]
 DNS=192.168.1.254
 Address=192.168.1.94/24
 Gateway=192.168.1.254
 -bash-4.3#

 # ln -sf /dev/null /etc/systemd/network/80-container-host0.network

 

 #  systemd-nspawn --network-bridge=br0 -bD /var/lib/machines/poppy

 host:
 $ ip a
 7: vb-poppy: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc
 pfifo_fast master br0

Re: [systemd-devel] network interface down in container

2015-04-30 Thread arnaud gaboury
 On Thu, Apr 30, 2015, 2:22 PM Lennart Poettering lenn...@poettering.net
wrote:

On Thu, 30.04.15 12:48, arnaud gaboury (arnaud.gabo...@gmail.com) wrote:

  E2978F 2: host0
 Link File: n/a
  Network File: n/a
  Type: ether
 State: off (unmanaged)
HW Address: 0e:7f:c3:fb:25:b1
   MTU: 1500

So, as it appears networkd does consider itself responsible for the
interface and doesn't apply any .network file to it.

 $ cat /etc/systemd/networkd/bridge.network

Well, the directory is /etc/systemd/network/, not /etc/systemd/networkd/.

 $ cat /etc/systemd/networkd/poppy.network

Same here.

 Sorry for typo.

Lennart

--
Lennart Poettering, Red Hat
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] Basic network with Fedora conatiner

2015-04-29 Thread arnaud gaboury
After installation of Fedora 22 container, the container (poppy) boots
but no network.

# journalctl -b -M poppy


Apr 29 14:02:20 poppy firewalld[28]: 2015-04-29 14:02:20 ERROR:
ebtables not usable, disabling ethernet bridge firewall.
Apr 29 14:02:20 poppy NetworkManager[56]: warn  Could not get
hostname: failed to read /etc/sysconfig/network
Apr 29 14:02:20 poppy NetworkManager[56]: info  Acquired D-Bus
service com.redhat.ifcfgrh1

On host:

---
$ ip a
1: lo: LOOPBACK,UP,LOWER_UP mtu 65536 qdisc noqueue state UNKNOWN
group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
   valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
   valid_lft forever preferred_lft forever
2: enp7s0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast
master br0 state UP group default qlen 1000
link/ether 14:da:e9:b5:7a:88 brd ff:ff:ff:ff:ff:ff
inet6 fe80::16da:e9ff:feb5:7a88/64 scope link
   valid_lft forever preferred_lft forever
3: br0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue state
UP group default
link/ether b6:0c:00:22:f1:4a brd ff:ff:ff:ff:ff:ff
inet 192.168.1.87/24 brd 192.168.1.255 scope global br0
   valid_lft forever preferred_lft forever
inet6 fe80::b40c:ff:fe22:f14a/64 scope link
   valid_lft forever preferred_lft forever
6: ve-poppy: BROADCAST,MULTICAST mtu 1500 qdisc noop state DOWN
group default qlen 1000
link/ether 0e:9a:d7:18:a3:59 brd ff:ff:ff:ff:ff:ff

 % systemctl status systemd-networkd
● systemd-networkd.service - Network Service
   Loaded: loaded (/usr/lib/systemd/system/systemd-networkd.service;
enabled; vendor preset: enabled)
   Active: inactive (dead) since Wed 2015-04-29 13:36:28 CEST; 32min ago
 Docs: man:systemd-networkd.service(8)
 Main PID: 493 (code=exited, status=0/SUCCESS)
   Status: Shutting down...

Apr 29 13:35:40 hortensia systemd[1]: Starting Network Service...
Apr 29 13:35:40 hortensia systemd-networkd[493]: br0 : netdev ready
Apr 29 13:35:40 hortensia systemd-networkd[493]: Enumeration completed
Apr 29 13:35:40 hortensia systemd[1]: Started Network Service.
Apr 29 13:35:40 hortensia systemd-networkd[493]: enp7s0  :
link configured
Apr 29 13:35:40 hortensia systemd-networkd[493]: br0 :
link configured
Apr 29 13:35:42 hortensia systemd-networkd[493]: enp7s0  :
gained carrier
Apr 29 13:35:42 hortensia systemd-networkd[493]: br0 :
gained carrier


---

on container:

$ ip a
1: lo: LOOPBACK,UP,LOWER_UP mtu 65536 qdisc noqueue state UNKNOWN
group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
   valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
   valid_lft forever preferred_lft forever
2: host0: BROADCAST,MULTICAST mtu 1500 qdisc noop state DOWN group
default qlen 1000
link/ether 0e:7f:c3:fb:25:b1 brd ff:ff:ff:ff:ff:ff

$ systemctl status systemd-networkd
● systemd-networkd.service - Network Service
   Loaded: loaded (/usr/lib/systemd/system/systemd-networkd.service;
disabled; vendor preset: disabled)
   Active: inactive (dead)
 Docs: man:systemd-networkd.service(8)
---

My guess is that I need to get rid of Networkmanager on Fedora
container and instead use systemd-networkd. Am I right ?

-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] Basic network with Fedora conatiner

2015-04-29 Thread arnaud gaboury
On Wed, Apr 29, 2015 at 4:48 PM, Dan Williams d...@redhat.com wrote:

 On Wed, 2015-04-29 at 15:36 +0200, arnaud gaboury wrote:
  After installation of Fedora 22 container, the container (poppy) boots
  but no network.
 
  # journalctl -b -M poppy
  
 
  Apr 29 14:02:20 poppy firewalld[28]: 2015-04-29 14:02:20 ERROR:
  ebtables not usable, disabling ethernet bridge firewall.
  Apr 29 14:02:20 poppy NetworkManager[56]: warn  Could not get
  hostname: failed to read /etc/sysconfig/network
  Apr 29 14:02:20 poppy NetworkManager[56]: info  Acquired D-Bus
  service com.redhat.ifcfgrh1
 
  On host:
 
  ---
  $ ip a
  1: lo: LOOPBACK,UP,LOWER_UP mtu 65536 qdisc noqueue state UNKNOWN
  group default
  link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  inet 127.0.0.1/8 scope host lo
 valid_lft forever preferred_lft forever
  inet6 ::1/128 scope host
 valid_lft forever preferred_lft forever
  2: enp7s0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast
  master br0 state UP group default qlen 1000
  link/ether 14:da:e9:b5:7a:88 brd ff:ff:ff:ff:ff:ff
  inet6 fe80::16da:e9ff:feb5:7a88/64 scope link
 valid_lft forever preferred_lft forever
  3: br0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue state
  UP group default
  link/ether b6:0c:00:22:f1:4a brd ff:ff:ff:ff:ff:ff
  inet 192.168.1.87/24 brd 192.168.1.255 scope global br0
 valid_lft forever preferred_lft forever
  inet6 fe80::b40c:ff:fe22:f14a/64 scope link
 valid_lft forever preferred_lft forever
  6: ve-poppy: BROADCAST,MULTICAST mtu 1500 qdisc noop state DOWN
  group default qlen 1000
  link/ether 0e:9a:d7:18:a3:59 brd ff:ff:ff:ff:ff:ff
 
   % systemctl status systemd-networkd
  ● systemd-networkd.service - Network Service
 Loaded: loaded (/usr/lib/systemd/system/systemd-networkd.service;
  enabled; vendor preset: enabled)
 Active: inactive (dead) since Wed 2015-04-29 13:36:28 CEST; 32min ago
   Docs: man:systemd-networkd.service(8)
   Main PID: 493 (code=exited, status=0/SUCCESS)
 Status: Shutting down...
 
  Apr 29 13:35:40 hortensia systemd[1]: Starting Network Service...
  Apr 29 13:35:40 hortensia systemd-networkd[493]: br0 : netdev 
  ready
  Apr 29 13:35:40 hortensia systemd-networkd[493]: Enumeration completed
  Apr 29 13:35:40 hortensia systemd[1]: Started Network Service.
  Apr 29 13:35:40 hortensia systemd-networkd[493]: enp7s0  :
  link configured
  Apr 29 13:35:40 hortensia systemd-networkd[493]: br0 :
  link configured
  Apr 29 13:35:42 hortensia systemd-networkd[493]: enp7s0  :
  gained carrier
  Apr 29 13:35:42 hortensia systemd-networkd[493]: br0 :
  gained carrier
 
 
  ---
 
  on container:
 
  $ ip a
  1: lo: LOOPBACK,UP,LOWER_UP mtu 65536 qdisc noqueue state UNKNOWN
  group default
  link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  inet 127.0.0.1/8 scope host lo
 valid_lft forever preferred_lft forever
  inet6 ::1/128 scope host
 valid_lft forever preferred_lft forever
  2: host0: BROADCAST,MULTICAST mtu 1500 qdisc noop state DOWN group
  default qlen 1000
  link/ether 0e:7f:c3:fb:25:b1 brd ff:ff:ff:ff:ff:ff
 
  $ systemctl status systemd-networkd
  ● systemd-networkd.service - Network Service
 Loaded: loaded (/usr/lib/systemd/system/systemd-networkd.service;
  disabled; vendor preset: disabled)
 Active: inactive (dead)
   Docs: man:systemd-networkd.service(8)
  ---
 
  My guess is that I need to get rid of Networkmanager on Fedora
  container and instead use systemd-networkd. Am I right ?

 NM shouldn't be messing with the networking that anything else outside
 of NM sets up.  It will co-exist and leave whatever else is managing the
 container network alone (eg, systemd-networkd).  I think we'd need more
 logs from systemd-networkd and NetworkManager to figure out what's going
 on, plus the .network and .link files that you've created for
 systemd-networkd.

1- I have some old configs from a previous Arch container with a
static IP. I need to clean

for example,
--
gabx@hortensia ➤➤ zsh/zshrc.d % ls -al /etc/systemd/network/
total 20K
drwxr-xr-x 2 root root 4.0K Jun  9  2014 ./
drwxr-xr-x 5 root root 4.0K Apr 27 08:15 ../
lrwxrwxrwx 1 root root9 Jun  9  2014 80-container-host0.network - /dev/null
-rw-r--r-- 1 root root   59 Mar 19  2014 bridge.netdev
-rw-r--r-- 1 root root  112 Mar 19  2014 bridge.network
-rw-r--r-- 1 root root   42 Mar 19  2014 eth.network

I removed the custom link to /dev/null

2- I run a custom kernel and need to check everything about

Re: [systemd-devel] Fedora on systemd-nspawn container - ML best practice

2015-04-28 Thread arnaud gaboury
 On Tue, Apr 28, 2015, 11:38 AM Lennart Poettering mzerq...@0pointer.de
wrote:

On Tue, 28.04.15 09:31, arnaud gaboury (arnaud.gabo...@gmail.com) wrote:

 I started running Fedora server on a systemd-nspawn container.

 I am wondering what is the best practice when an issue occurs:
 - send to Fedora user ML
 - send to systemd-devel ML
 - send both with CC

 I am afraid that when sending to only one list I will be told to ask
 the other one, thus wasting time between the two lists. On the other
 hand, CC to both lists can be viewed as spam.

 From a user point of view, best would be to post to both lists as long
 as the issue can come from systemd-nspawn functionality or Fedora.

 use case: after install, boot, upgrade Fedora container, network is
 down in container (when it used to work to install some new packages).

 Thank you for advice about ML posting.

Cross-posting is not particularly popular, so I'd avoid it.

 I know.

If it's nspawn related it's probably best to keep it on the systemd
ML.

Consider using using systemd-networkd in the container and on the
host. If so the network should just work between them.

 I will as systemd- networkd already manage my network on the host. Btw, as
fedora will act as a server, i will need a fix ip, get rid of ebtables and
firewalld in container (kernel is built with apparmor and grsec) etc etc.
Lot of work

Lennart

--
Lennart Poettering, Red Hat
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] Fedora on systemd-nspawn container - ML best practice

2015-04-28 Thread arnaud gaboury
I started running Fedora server on a systemd-nspawn container.

I am wondering what is the best practice when an issue occurs:
- send to Fedora user ML
- send to systemd-devel ML
- send both with CC

I am afraid that when sending to only one list I will be told to ask
the other one, thus wasting time between the two lists. On the other
hand, CC to both lists can be viewed as spam.

From a user point of view, best would be to post to both lists as long
as the issue can come from systemd-nspawn functionality or Fedora.

use case: after install, boot, upgrade Fedora container, network is
down in container (when it used to work to install some new packages).

Thank you for advice about ML posting.

-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


[systemd-devel] systemd-nspawn -- bind multiple directories

2015-04-27 Thread arnaud gaboury
To install a Fedora container from the raw image in my host Archlinux,
I can do this:

# systemd-nspawn -M Fedora-Cloud-Base-22_Beta-20150415.x86_64.raw --
bind=/var/lib/machines/enl:/mnt

Now for the use of two btrfs subvol, I would like to bind
/var/lib/machines/enl/{etc,var}

Does the systemd bind options accept multi directories to bind?
 Soemthing like this :

# systemd-nspawn -M Fedora-Cloud-Base-22_Beta-20150415.x86_64.raw --
bind=/var/lib/machines/enl:/mnt /var/lib/machines/enl/etc:/mnt/etc
/var/lib/machines/enl/var:/mnt/var

Thank you for hints

-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] systemd-nspawn -- bind multiple directories

2015-04-27 Thread arnaud gaboury
On Mon, Apr 27, 2015 at 3:44 PM, Lennart Poettering
lenn...@poettering.net wrote:
 On Mon, 27.04.15 10:19, arnaud gaboury (arnaud.gabo...@gmail.com) wrote:

 To install a Fedora container from the raw image in my host Archlinux,
 I can do this:

 # systemd-nspawn -M Fedora-Cloud-Base-22_Beta-20150415.x86_64.raw --
 bind=/var/lib/machines/enl:/mnt

 Now for the use of two btrfs subvol, I would like to bind
 /var/lib/machines/enl/{etc,var}

 Does the systemd bind options accept multi directories to bind?
  Soemthing like this :

 # systemd-nspawn -M Fedora-Cloud-Base-22_Beta-20150415.x86_64.raw --
 bind=/var/lib/machines/enl:/mnt /var/lib/machines/enl/etc:/mnt/etc
 /var/lib/machines/enl/var:/mnt/var

 You can specify --bind= multiple times in one command line to bind
 mount multiple directories. I have updated the man page now to
 explicit mention this.

 The command line you are using for is hence:

 # systemd-nspawn -M Fedora-Cloud-Base-22_Beta-20150415.x86_64.raw 
 --bind=/var/lib/machines/enl:/mnt --bind=/var/lib/machines/enl/etc:/mnt/etc 
 --bind=/var/lib/machines/enl/var:/mnt/var

This features solved my issue regarding my Btrfs setting of three non
nested volumes : rootvol, etc and var.
Boot first the raw Fedora image, # mkdir -p /mnt/{etc,var}, log out
then boot again when binding  all three subvol.



 Lennart

 --
 Lennart Poettering, Red Hat



-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] systemd-nspawn -- bind multiple directories

2015-04-27 Thread arnaud gaboury
On Mon, Apr 27, 2015 at 3:44 PM, Lennart Poettering
lenn...@poettering.net wrote:
 On Mon, 27.04.15 10:19, arnaud gaboury (arnaud.gabo...@gmail.com) wrote:

 To install a Fedora container from the raw image in my host Archlinux,
 I can do this:

 # systemd-nspawn -M Fedora-Cloud-Base-22_Beta-20150415.x86_64.raw --
 bind=/var/lib/machines/enl:/mnt

 Now for the use of two btrfs subvol, I would like to bind
 /var/lib/machines/enl/{etc,var}

 Does the systemd bind options accept multi directories to bind?
  Soemthing like this :

 # systemd-nspawn -M Fedora-Cloud-Base-22_Beta-20150415.x86_64.raw --
 bind=/var/lib/machines/enl:/mnt /var/lib/machines/enl/etc:/mnt/etc
 /var/lib/machines/enl/var:/mnt/var

 You can specify --bind= multiple times in one command line to bind
 mount multiple directories. I have updated the man page now to
 explicit mention this.

 The command line you are using for is hence:

 # systemd-nspawn -M Fedora-Cloud-Base-22_Beta-20150415.x86_64.raw 
 --bind=/var/lib/machines/enl:/mnt --bind=/var/lib/machines/enl/etc:/mnt/etc 
 --bind=/var/lib/machines/enl/var:/mnt/var

Very good.
Thank you for the hard job


 Lennart

 --
 Lennart Poettering, Red Hat



-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] install Fedora systemd-nspawn container on btrfs

2015-04-24 Thread arnaud gaboury
On Fri, Apr 24, 2015 at 8:16 AM, arnaud gaboury
arnaud.gabo...@gmail.com wrote:
 On Fri, Apr 24, 2015 at 8:14 AM, arnaud gaboury
 arnaud.gabo...@gmail.com wrote:
 On Thu, Apr 23, 2015 at 7:37 PM, arnaud gaboury
 arnaud.gabo...@gmail.com wrote:
 On Thu, Apr 23, 2015 at 7:36 PM, Lennart Poettering
 lenn...@poettering.net wrote:
 On Thu, 23.04.15 19:29, arnaud gaboury (arnaud.gabo...@gmail.com) wrote:

 When in /var/lib/machines/poppy:

 root@hortensia ➤➤ machines/poppy # btrfs subvolume list .
 ID 266 gen 98 top level 5 path rootvol
 ID 268 gen 100 top level 5 path var
 ID 269 gen 101 top level 5 path etc
 ID 271 gen 72 top level 266 path var/lib/machines
 ID 272 gen 77 top level 268 path var/tmp
 ID 273 gen 77 top level 268 path var/lib/machines

 Anyone from the Btrfs ML to help ?

 Note that systemd-tmpfiles will create /var/tmp, and /var/lib/machines
 as subvolumes these days, if they are missing and on btrfs.


 OK, I understand these new subvol

 After cleaning everything, new install. Fedora 22 container boot but
 then hangs: no login prompt.

 I did this:
 enablerepo=fedora install systemd passwd dnf fedora-release-server

 Maybe did I forgot one essential repo?

 EDIT : if it can help:

 gabx@hortensia ➤➤ ~ % systemd-cgls
 ├─1 /usr/lib/systemd/systemd
 ├─machine.slice
 │ └─machine-poppy.scope
 │   ├─5654 /usr/lib/systemd/systemd
 │   └─system.slice
 │ ├─lvm2-lvmetad.service
 │ │ └─5678 /usr/sbin/lvmetad -f
 │ ├─systemd-journald.service
 │ │ └─5676 /usr/lib/systemd/systemd-journald
 │ └─dm-event.service
 │   └─5668 /usr/sbin/dmeventd -f

Issue solved:
Fedora release 22 (Twenty Two)
Kernel 3.19.3-3-apparmor on an x86_64 (console)

poppy login:

What I did: umount my two btrfs subvol
 # umount /var/lib/machines/poppy/etc
 # umount /var/lib/machines/poppy/var

then restart the container.

There is something weird with my btrfs settings.





 I will switch to Fedora ML now.
 TY Lennart for your hints.


 Lennart

 --
 Lennart Poettering, Red Hat



 --

 google.com/+arnaudgabourygabx



 --

 google.com/+arnaudgabourygabx



 --

 google.com/+arnaudgabourygabx



-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] install Fedora systemd-nspawn container on btrfs

2015-04-24 Thread arnaud gaboury
On Fri, Apr 24, 2015 at 8:14 AM, arnaud gaboury
arnaud.gabo...@gmail.com wrote:
 On Thu, Apr 23, 2015 at 7:37 PM, arnaud gaboury
 arnaud.gabo...@gmail.com wrote:
 On Thu, Apr 23, 2015 at 7:36 PM, Lennart Poettering
 lenn...@poettering.net wrote:
 On Thu, 23.04.15 19:29, arnaud gaboury (arnaud.gabo...@gmail.com) wrote:

 When in /var/lib/machines/poppy:

 root@hortensia ➤➤ machines/poppy # btrfs subvolume list .
 ID 266 gen 98 top level 5 path rootvol
 ID 268 gen 100 top level 5 path var
 ID 269 gen 101 top level 5 path etc
 ID 271 gen 72 top level 266 path var/lib/machines
 ID 272 gen 77 top level 268 path var/tmp
 ID 273 gen 77 top level 268 path var/lib/machines

 Anyone from the Btrfs ML to help ?

 Note that systemd-tmpfiles will create /var/tmp, and /var/lib/machines
 as subvolumes these days, if they are missing and on btrfs.


 OK, I understand these new subvol

 After cleaning everything, new install. Fedora 22 container boot but
 then hangs: no login prompt.

 I did this:
 enablerepo=fedora install systemd passwd dnf fedora-release-server

 Maybe did I forgot one essential repo?

EDIT : if it can help:

gabx@hortensia ➤➤ ~ % systemd-cgls
├─1 /usr/lib/systemd/systemd
├─machine.slice
│ └─machine-poppy.scope
│   ├─5654 /usr/lib/systemd/systemd
│   └─system.slice
│ ├─lvm2-lvmetad.service
│ │ └─5678 /usr/sbin/lvmetad -f
│ ├─systemd-journald.service
│ │ └─5676 /usr/lib/systemd/systemd-journald
│ └─dm-event.service
│   └─5668 /usr/sbin/dmeventd -f



 I will switch to Fedora ML now.
 TY Lennart for your hints.


 Lennart

 --
 Lennart Poettering, Red Hat



 --

 google.com/+arnaudgabourygabx



 --

 google.com/+arnaudgabourygabx



-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Re: [systemd-devel] install Fedora systemd-nspawn container on btrfs

2015-04-24 Thread arnaud gaboury
On Thu, Apr 23, 2015 at 7:37 PM, arnaud gaboury
arnaud.gabo...@gmail.com wrote:
 On Thu, Apr 23, 2015 at 7:36 PM, Lennart Poettering
 lenn...@poettering.net wrote:
 On Thu, 23.04.15 19:29, arnaud gaboury (arnaud.gabo...@gmail.com) wrote:

 When in /var/lib/machines/poppy:

 root@hortensia ➤➤ machines/poppy # btrfs subvolume list .
 ID 266 gen 98 top level 5 path rootvol
 ID 268 gen 100 top level 5 path var
 ID 269 gen 101 top level 5 path etc
 ID 271 gen 72 top level 266 path var/lib/machines
 ID 272 gen 77 top level 268 path var/tmp
 ID 273 gen 77 top level 268 path var/lib/machines

 Anyone from the Btrfs ML to help ?

 Note that systemd-tmpfiles will create /var/tmp, and /var/lib/machines
 as subvolumes these days, if they are missing and on btrfs.


 OK, I understand these new subvol

After cleaning everything, new install. Fedora 22 container boot but
then hangs: no login prompt.

I did this:
enablerepo=fedora install systemd passwd dnf fedora-release-server

Maybe did I forgot one essential repo?

I will switch to Fedora ML now.
TY Lennart for your hints.


 Lennart

 --
 Lennart Poettering, Red Hat



 --

 google.com/+arnaudgabourygabx



-- 

google.com/+arnaudgabourygabx
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel


  1   2   >