Hello All, I am looking for kubernetes kinda solution for lxc containers, is there something available in nascent mode i am not aware of, could someone please enlighten me on the same.
Regs [image: Prasoon Majumdar on about.me] Prasoon Majumdar about.me/prasoonmajumdar <http://about.me/prasoonmajumdar> *This is ten percent luck, twenty percent skill Fifteen percent concentrated power of will Five percent pleasure, fifty percent pain And a hundred percent reason to remember the name* Fort Minor - Remember The Name <http://www.metrolyrics.com/remember-the-name-lyrics-fort-minor.html#ixzz3UGL1XuZV> On 12 July 2016 at 17:30, <[email protected]> wrote: > Send lxc-users mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.linuxcontainers.org/listinfo/lxc-users > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of lxc-users digest..." > > Today's Topics: > > 1. Re: LXD containers with dual nic ([email protected]) > 2. Re: move unprivileged containers - uid/gid map > (Benoit GEORGELIN - Association Web4all) > 3. Re: LXD containers with dual nic (Giuseppe) > 4. Re: LXD containers with dual nic (Giuseppe) > 5. Re: LXD containers with dual nic (Giuseppe) > > > ---------- Forwarded message ---------- > From: [email protected] > To: LXC users mailing-list <[email protected]> > Cc: > Date: Mon, 11 Jul 2016 09:52:53 -0400 > Subject: Re: [lxc-users] LXD containers with dual nic > > Hi all, > > I'm trying to configure a LXD container with two nics but the second one > > cannot reach the external network. Here is my config: > > > > > > Both IP addresses are statically configured in the container, the first > in > > the 192.168.1.0 subnet and the second in the 10.10.0.0 subnet. The first > > nic > > works well, I can ssh from external network. The second one can ping only > > the LXD host address and viceversa. The LXD host address can ping > everyone > > on the 10.10.0.0 network. > > > > What do you mean by "statically configured in the > container"?? > > At least on 1.08 this not necessary, and is probably a bad > idea. > > the entry in the container config should be enough.. > > -steve > > > > What's wrong in my config? Any suggestion? > > > > _______________________________________________ > > lxc-users mailing list > > [email protected] > > http://lists.linuxcontainers.org/listinfo/lxc-users > > > > > > ---------- Forwarded message ---------- > From: Benoit GEORGELIN - Association Web4all <[email protected]> > To: lxc-users <[email protected]> > Cc: > Date: Mon, 11 Jul 2016 16:34:10 +0200 (CEST) > Subject: Re: [lxc-users] move unprivileged containers - uid/gid map > Hello Fajar, > > Thanks , "fuidshift" is what I was looking for :) > It's working . I already made my own script to move it from one host (LXC) > to the other one (LXD) . I guess the one that you were talking about is : > https://github.com/lxc/lxd/blob/master/scripts/lxc-to-lxd > > Have a nice day > > Cordialement, > > Benoît > > ------------------------------ > *De: *"Fajar A. Nugraha" <[email protected]> > *À: *"lxc-users" <[email protected]> > *Envoyé: *Lundi 11 Juillet 2016 02:16:34 > *Objet: *Re: [lxc-users] move unprivileged containers - uid/gid map > > On Sun, Jul 10, 2016 at 7:20 AM, Benoit GEORGELIN - Association Web4all < > [email protected]> wrote: > >> Hi, >> >> I'm looking to move unprivileged containers from one host to another. >> I'm actually moving pure LXC containers to a new LXD/LXC host >> >> I would like to know how should I deal with the uid/gid inside the >> container. >> The root uid/gid is différent on the new host. But I can simply remplace >> the old UID/GUID by the new one with a find request but how should I do >> with the other users id used inside the container ? >> >> > use fuidshift from lxd-tools package > > > >> I did not understand where the uid/gid map is done >> >> Inside the container >> root@w4a:~# id ubuntu >> uid=1000(ubuntu) gid=1000(ubuntu) >> >> Folder : >> drwxr-xr-x 2 ubuntu ubuntu 6 Jul 8 23:17 ubuntu >> >> Outside the container >> drwxr-xr-x 2 166536 166536 6 Jul 8 23:17 ubuntu >> >> How the system know about uid/gid 1000 inside container = uid/gid 166536 >> outside the container >> It look like root uid = 165536 outside the container and it is defined by >> lxc configuration >> id 1000 inside the container will be root uid + user id , so 165536 + >> 1000 = 166536 >> >> > yes > > > >> But what is two container have a user uid 100 ? they will both avec the >> same uid outside the container ? >> >> > short version, yes. > > > >> About migrate the container from, how should I manage it ? >> Should I re-do the mapping myself ? Like looking into /etc/passwd inside >> the container then use the root uid + the id found for that user in >> /etc/passwd and replace the old uid/gid by the new one ? Maybe there is >> faster/better solution ? >> >> > Don't mess with passwd/group inside the container. Just use fuidshift. > > > >> I was looking to add an uid/gid mapping to match the container >> configuration as it was before, but it does not look to work >> >> I have this as an example in a config file dedicated for the container on >> the LXC pure host. >> # Container specific configuration >> lxc.id_map = u 0 951968 65536 >> lxc.id_map = g 0 951968 65536 >> >> Here is what I did to the new host : >> cat /etc/subuid >> gxd:100000:65536 >> root:165536:65536 >> root:951968:65536 >> >> > > The easiest way is to NOT change anything. lxd currently only supports one > uid range for unpriv containers. Undo your changes. > > > >> I also tried to set lxc.raw >> >> cat << EOF |lxc config set test-ct raw.lxc - >> lxc.id_map = u 0 951968 65536 >> lxc.id_map = g 0 951968 65536 >> EOF >> >> But in that case, container does't start. >> >> > > ... which, as you've found out, doesn't work. > > > There's a script to convert lxc -> lxd somewhere on this list, but I > usually do things manually: > (1) create a container in lxd. Start it, stop it, then look at its uid > mapping (i.e. "which u/gid owns > /var/lib/lxd/containers/container_name/rootfs") > (2) use fuidshift with "-r" to shift your lxc container u/gid back to > privileged, using the starting u/gid value in your original lxc config > (should be 951968) > (3) use fuidshift again, but this time without "-r", to shift your lxc > container to unprivileged, using the starting u/gid value from (1) > (4) move your new lxd container's original rootfs somewhere else (or > delete it if you want), then replace it with rootfs from (3) > (5) start your lxd containers > > -- > Fajar > > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users > > > ---------- Forwarded message ---------- > From: Giuseppe <[email protected]> > To: [email protected] > Cc: > Date: Tue, 12 Jul 2016 05:27:43 +0000 (UTC) > Subject: Re: [lxc-users] LXD containers with dual nic > > What do you mean by "statically configured in the > > container"?? > > > > At least on 1.08 this not necessary, and is probably a > bad > > idea. > > > > the entry in the container config should be enough.. > > > > -steve > > I mean that in containers both nic are defined "BOOTPROTO=static" in Centos > and "iface ethx inet static" in Ubuntu. I think it's a routing problem on > the second bridge. I'll try to use the 10Gbe nic only, I'm pretty sure it > will work. > > Giuseppe > > > > > > > > ---------- Forwarded message ---------- > From: Giuseppe <[email protected]> > To: [email protected] > Cc: > Date: Tue, 12 Jul 2016 05:35:41 +0000 (UTC) > Subject: Re: [lxc-users] LXD containers with dual nic > > A good starting question is "is your network configured the same". > Sometimes there are anti spoofing or MAC-limitation rule so that one switch > "port" only allows one MAC or one IP address only. > > One such example is networking in amazon EC2. Your network admin might > enforce the same rule on your 10G switch. > > > > Testing it somewhat difficult though. Perhaps install virtualbox, and set > it to use bridge networking on your problematic interface? > > The only difference in the networks is that the 10Gbe one has a 9000 mtu, > but I tried also with 1500 and nothing changed. This is an home lab, so I > am > the network administrator. At vSphere level the switches are identical, the > only difference is physical nic speed. > > Giuseppe > > > > > > > > ---------- Forwarded message ---------- > From: Giuseppe <[email protected]> > To: [email protected] > Cc: > Date: Tue, 12 Jul 2016 09:21:27 +0000 (UTC) > Subject: Re: [lxc-users] LXD containers with dual nic > Solved > > I believed virtual network switches was identical but the 10Gbe one had the > promiscuous mode rejected. Setting it to accept and everything go. > > Thanks all > > Giuseppe > > > > > > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users >
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
