On 12/10/2015 06:13 AM, Peter Steele wrote:
On 12/09/2015 06:43 PM, Serge Hallyn wrote:
Ok, systemd does behave differently if it shouldn't be able
to create devices. If you add
lxc.cap.drop = mknod sys_rawio
to your configs does that help?
This did not help. I took it a step further and did an install with the
lxc capabilities configured to be as similar as possible to my libvirt
containers and even with this I saw the systemd errors. The only
difference between the cap sets of the two was cap_audit_control; the
lxc containers would not start without this capability but libvirt
containers didn't seem to need it.
I don't know if this is relevant, but we are running the 4.0.5 release
of the kernel-ml package set from elrepo. The stock CentOS 7.1 kernel
(3.10) has a bug that impacts bond modes 5 and 6 in containers, so we
had to find an alternative kernel. Other than a problem with RAID 1
mdadm volumes, the 4.0.5 kernel has been solid for us with libvirt based
containers.
I did another test this morning, installing six containers based on the
downloaded CentOS template. When these containers are started
simultaneously there are no errors reported with systemd. I then went
into each container and updated the set of CentOS packages making up the
template to include the additional rpms that we use in our containers.
The default template has something like 157 rpms. After installing the
additional rpms, the containers had 354 installed packages. I then did
another test of shutting down all the containers and restarting them
simultaneously using
for vm in `lxc-ls`; do lxc-start -n $vm; done
I hit the systemd errors on the very first try. This would seem to imply
the problem may be related to one of the additional CentOS rpms that we
use, although it certainly isn't clear which one (ones?) this might be.
I'm going to iteratively reduce the set of packages we use to try to
narrow down the cultprit.
Peter
_______________________________________________
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
