[lxc-users] lxc list --fast
hi, tompos@ttk-mdr:~$ lxc list +---+-++--++---+ | NAME | STATE | IPV4 | IPV6 | TYPE| SNAPSHOTS | +---+-++--++---+ | connect | RUNNING | 10.0.3.3 (eth0)| | PERSISTENT | 9 | +---+-++--++---+ | connect-mysql | RUNNING | 10.0.3.4 (eth0)| | PERSISTENT | 9 | | | | 172.29.251.1 (ttk-mdr) | || | +---+-++--++---+ | proxy | RUNNING | 10.0.3.2 (eth0)| | PERSISTENT | 9 | +---+-++--++---+ tompos@ttk-mdr:~$ lxc list --fast +---+-+--++--++ | NAME | STATE | ARCHITECTURE | CREATED AT | PROFILES | TYPE| +---+-+--++--++ | connect | RUNNING | x86_64 || default | PERSISTENT | +---+-+--++--++ | connect-mysql | RUNNING | x86_64 || default | PERSISTENT | +---+-+--++--++ | proxy | RUNNING | x86_64 || default | PERSISTENT | +---+-+--++--++ Why are arch and create time "important" in case of fast and why not in case of pure list? Thanks, tamas ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Systemd support status
On Wed, Mar 16, 2016 at 6:05 PM, Albert Shih wrote: > Hi all, > > I would like to know what is the status about lxc supporting inside the > guest systemd. It works if you have the prequisite. And since ubuntu is shipping lxc/lxd with ubuntu 16.04 (which uses systemd), they should support it as well. Not sure what the OFFICIAL status of other distros as containers though. > > Last time I try (some mounth ago, with LXC 1.0.X) I was able to start many > guest with classic start script (Debian & Ubuntu) but with systemd (CentOS > 7) I got many trouble. The prequisite includes lxc >= 1.1.x and lxcfs > > As I understand systemd going to be the standard, what would be the status > of LXC ? I assume you use debian jessie host, which is why you're stuck at 1.0.x? try backporting lxc from testing. Or use my unofficial packages: http://debian-lxc.github.io/ -- Fajar ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] snapshot listing
Quoting Tamas Papp (tom...@martos.bme.hu): > > > On 03/17/2016 12:09 AM, Serge Hallyn wrote: > >Quoting Tamas Papp (tom...@martos.bme.hu): > >>hi, > >> > >>I remember, that not very long time ago the 'lxc list' command also > >>listed snapshots too. > >>But now it doesn't. How can I do that now? > >> > >You can see the number of snapshots with > > > >lxc list -c nS > >+--+---+ > >| NAME | SNAPSHOTS | > >+--+---+ > >| x1 | 1 | > >+--+---+ > > > >then see the actual snapshots with > > > >lxc info x1 > >Name: x1 > >Architecture: x86_64 > >Created: 2016/03/14 22:16 UTC > >Status: Stopped > >Type: persistent > >Profiles: default > >Snapshots: > > x1/snap0 (taken at 2016/03/16 23:07 UTC) (stateless) > > > > ShhI should have though on that:) > > > But: > > Snapshots: > zas_2016-03-08 (taken at 2016/03/08 09:22 UTC) (stateless) > zas_2016-03-09 (taken at 2016/03/09 03:32 UTC) (stateless) > zas_2016-03-10 (taken at 2016/03/10 03:30 UTC) (stateless) > zas_2016-03-11 (taken at 2016/03/11 03:32 UTC) (stateless) > zas_2016-03-12 (taken at 2016/03/12 03:32 UTC) (stateless) > zas_2016-03-13 (taken at 2016/03/13 03:32 UTC) (stateless) > zas_2016-03-14 (taken at 2016/03/14 03:32 UTC) (stateless) > zas_2016-03-15 (taken at 2016/03/15 03:32 UTC) (stateless) > zas_2016-03-16 (taken at 2016/03/16 03:32 UTC) (stateless) > zas_2016-03-17 (taken at 2016/03/17 00:55 UTC) (stateful) > zas_2016-03-17a (taken at 2016/03/17 00:56 UTC) (stateful) > zas_2016-03-17b (taken at 2016/03/17 00:56 UTC) (stateful) > zas_2016-03-17c (taken at 2016/03/17 01:03 UTC) (stateful) > zas_2016-03-17d (taken at 2016/03/17 01:05 UTC) (stateful) > > > > It's marked as stateful, but checkpoint was failing due to old criu version: > > > $ lxc snapshot --stateful connect > error: checkpoint failed > > > It's a bug, right? Sounds like a bug. ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] How to set LXD container locale?
On 2016-03-19 10:16, Stéphane Graber wrote: On Sat, Mar 19, 2016 at 03:33:11AM -0700, zzt...@openmailbox.org wrote: None of the typical ways of setting locales seem to stick in my Ubuntu container in an Ubuntu host (Ubuntu 15.10, LXD 2.0.0.rc4) The host's locale shows this LANG=en_US.UTF-8 LANGUAGE= LC_CTYPE="en_US.UTF-8" LC_NUMERIC="en_US.UTF-8" LC_TIME="en_US.UTF-8" LC_COLLATE="en_US.UTF-8" LC_MONETARY="en_US.UTF-8" LC_MESSAGES="en_US.UTF-8" LC_PAPER="en_US.UTF-8" LC_NAME="en_US.UTF-8" LC_ADDRESS="en_US.UTF-8" LC_TELEPHONE="en_US.UTF-8" LC_MEASUREMENT="en_US.UTF-8" LC_IDENTIFICATION="en_US.UTF-8" LC_ALL= but the container shows this LANG= LANGUAGE= LC_CTYPE="POSIX" LC_NUMERIC="POSIX" LC_TIME="POSIX" LC_COLLATE="POSIX" LC_MONETARY="POSIX" LC_MESSAGES="POSIX" LC_PAPER="POSIX" LC_NAME="POSIX" LC_ADDRESS="POSIX" LC_TELEPHONE="POSIX" LC_MEASUREMENT="POSIX" LC_IDENTIFICATION="POSIX" /etc/default/locale contains the same value (LANG="en_US.UTF-8") in both the container and the host, but I cannot get it to set in the container. How is the locale set/changed in an LXD container? Thanks. Note that if you're using "lxc exec", LXD only executes the shell that you asked for, it doesn't setup a PAM session for you, so you start with an empty environment. One way to solve that is to do a "su root" which will then send you through the PAM stack (if your container has one) which will then source any needed environment. Another way if you don't want to go through PAM, is to set environment variables directly on the container or one of its profiles, like: lxc config set CONTAINER environment.LC_ALL=en_US.UTF-8 LXD will then set those environment variables for you every time you exec a command inside the container. ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users Thanks Stéphane. "su " works. What's the difference between that and "lxc exec CONTAINER -- /bin/bash"? And is there another way to enter the container without using "lxc exec" that will setup PAM (or at least do it automatically)? ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] How to setup a static IP in a container with LX[C|D] 2.0.0.*
On Fri, Mar 18, 2016 at 12:15:35PM -0400, Sean McNamara wrote: > On Fri, Mar 18, 2016 at 12:09 PM, Sean McNamara wrote: > > On Fri, Mar 18, 2016 at 11:43 AM, Stéphane Graber > > wrote: > >> Our stance hasn't changed. LXD doesn't know nor care about layer-3 > >> networking, all it does is setup your layer-2. > >> > >> Having LXD pre-initialize your network namespace confuses the heck out > >> of a bunch of distros which expect all network to be unconfigured by the > >> time they apply their own config (they don't clean things up so > >> duplicate entries lead to failure). > > > > > > Okay. > > > > As someone migrating from OpenVZ (and before that, VMware), one > > important use case I was expecting of LXD is that of multi-tenant > > boxes, where you need to give root access to a container to the > > "tenant", and expect them to adhere to a Terms of Service agreement, > > but need to have technical mitigations in place, so that even if they > > decide to violate the ToS (or innocently have their box hacked by a > > malicious third-party who decides to violate the ToS), access to other > > containers and the physical box (host OS) is very difficult to > > impossible (pending any undiscovered vulnerabilities or host-side > > misconfiguration). > > > > As part of that, I was expecting some way to tell LXD to restrict the > > IP addresses that can be claimed/used by a given container. For > > instance, if I have a public Internet IPv4 /26 allocated to a physical > > host by a hosting provider, I'll want to assign only one or two IP > > addresses to each container. Currently, I can have an LXD container > > just spuriously decide to use any arbitrary IP, and I haven't found a > > way to prevent it from doing that if an untrusted user has root access > > in the container. They can just run ifconfig and specify the IP > > address they want to use. > > > > How can I configure the host environment (LXD or something else on the > > host, assuming I'm running a very recent Ubuntu 16.04 Beta nightly) so > > > Just wanted to clarify that I am *not* using or intending to use a > pre-release of 16.04 in a production environment. I'm currently > satisfied with LXD 0.24 on Ubuntu Server 14.04.4 LTS. I'm not > currently in a situation where I have untrusted root users with access > to containers, but I am planning to open up that type of usage in the > future if LXD turns out to be able to support it. And of course that > would be using the final release of Ubuntu Server 16.04 LTS. > > Thanks, > > Sean Note that the latest 2.0 snapshot is currently available in trusty-backports so you don't need to be using pre-release 16.04. We usually update trusty-backports just a couple of hours after pushing the new version to 16.04. > > > > that no packets can be transmitted to/from the guest unless the guest > > is using a specific IP or set of IPs? I also want to make sure that no > > broadcasting is occurring; i.e., the root user in the container should > > not be able to sniff layer 2 and see all the packets going to all the > > other containers. > > > > ...Or is LXD not suitable for this use case? If it isn't, will it ever be? > > > > Thanks, > > > > Sean > > > > > > > >> > >> > >> Nevertheless, we have recently allowed the following key through raw.lxc: > >> - lxc.network.X.ipv4 > >> - lxc.network.X.ipv4.gateway > >> - lxc.network.X.ipv6 > >> - lxc.network.X.ipv6.gateway > >> > >> Note that we require you set the interface index (X above) as mixing > >> those raw entris with the LXD generated config would otherwise randomly > >> cause an invalid config and container startup failure. > >> > >> > >> The recommended way to manage IPs with LXD is to do it exactly the same > >> way you would do it for your VMs or physical machines, so either > >> configure your DHCP server to give a static lease or configure the > >> container to use a static IP (you can use lxc file pull/push/edit to do > >> it on a stopped container). > >> > >> On Fri, Mar 18, 2016 at 10:18:33AM -0400, Sean McNamara wrote: > >>> First of all, there's no such thing as LX[C|D]. You're either using > >>> LXC or LXD. They're different enough in their configuration and > >>> operation that you can't ask an "either-or" question. Pick one > >>> solution and focus on that. > >>> > >>> I just wanted to chime in to say that I have this same question. I'm > >>> stuck using a pre-2.0 release of LXD because it allows me to use the > >>> "raw.lxc" config parameter to specify the IP settings for the guest. > >>> This configuration parameter was removed at some point prior to the > >>> 2.0 RC, so I ended up editing the source code of LXD to bring it back. > >>> I haven't found any equivalent configuration that works without using > >>> raw.lxc. > >>> > >>> raw.lxc: > >>> "lxc.network.ipv4=1.2.3.4/32\nlxc.network.ipv4.gateway=5.6.7.8\nlxc.network.hwaddr=00:11:22:33:44:55\nlxc.network.flags=up > >>> \ \nlxc.network.mtu=1500\n" > >>> volatile.eth0.hwaddr: 00:11:2
Re: [lxc-users] Systemd support status
On Wed, Mar 16, 2016 at 8:00 PM, Albert Shih wrote: >> > As I understand systemd going to be the standard, what would be the status >> > of LXC ? >> >> I assume you use debian jessie host, which is why you're stuck at >> 1.0.x? try backporting lxc from testing. Or use my unofficial >> packages: http://debian-lxc.github.io/ > > Well...In fact actually I'm using vserver. > > When I try lxc I choose 1.0.x because it's say 1.0.x are the stable > version, and for the « virtualisation » i like something stable. When I've 1.0.x -> long term 1.1.x -> stable Personally I'm testing 2.0 (currently in rc), which should be the the next long term when it's released. And so far I'm liking lxd more compared to plain lxc :) > lots of Vm inside, the upgrade for major version is not good for my blood > presure ;-) > > I would try with 1.1.x soon. If you're just started, or setting up a new server and can afford to wait a month or so, I recommend you try latest ubuntu 16.04 daily build now and update it when it's officially released end of april. It integrates lxd and zfs nicely: http://blog.dustinkirkland.com/2016/02/zfs-is-fs-for-containers-in-ubuntu-1604.html I'm using ubuntu 14.04 with zfs and lxd ppa. Works, but not as integrated as what 16.04 would be (i.e. 14.04 needs third-party packages from ppa) -- Fajar ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Wildcard in lxd commands?
On 2016-03-17 07:07, Mark Constable wrote: On 17/03/16 23:01, Janne Savikko wrote: You can not use filters to list running or stopped containers. Lxc start or stop do not support filters, only container name (or names). You though can always pipe commands if you want to stop dozens of containers whose names begin with "web" (note! lxc list keyword filter compares from the start of the name, so "lxc list eb" does not work in this case): $ lxc list web|grep RUNNING|awk '{ print $2 }'|xargs lxc stop It's still rather awkward to reliably script a start/stop of a single container that happens to be called "web" when there might be web1, web2 etc. An explicit non-filtered arg to lxc list with optional regex would be more useful. Plus an option to have plain non-tablewriter output for easier script parsing. [[ `lxc list -cs web` = RUNNING ]]; echo $? ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users I agree. lxc list would be immensely useful if it could output just a list of names or other single attribute of containers that match particular criteria. That could then be fed to a command. Something easy to remember like: lxc list -cn --name=web* --state=running | lxc stop {} ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] How to setup a static IP in a container with LX[C|D] 2.0.0.*
On Fri, Mar 18, 2016 at 12:09 PM, Sean McNamara wrote: > On Fri, Mar 18, 2016 at 11:43 AM, Stéphane Graber wrote: >> Our stance hasn't changed. LXD doesn't know nor care about layer-3 >> networking, all it does is setup your layer-2. >> >> Having LXD pre-initialize your network namespace confuses the heck out >> of a bunch of distros which expect all network to be unconfigured by the >> time they apply their own config (they don't clean things up so >> duplicate entries lead to failure). > > > Okay. > > As someone migrating from OpenVZ (and before that, VMware), one > important use case I was expecting of LXD is that of multi-tenant > boxes, where you need to give root access to a container to the > "tenant", and expect them to adhere to a Terms of Service agreement, > but need to have technical mitigations in place, so that even if they > decide to violate the ToS (or innocently have their box hacked by a > malicious third-party who decides to violate the ToS), access to other > containers and the physical box (host OS) is very difficult to > impossible (pending any undiscovered vulnerabilities or host-side > misconfiguration). > > As part of that, I was expecting some way to tell LXD to restrict the > IP addresses that can be claimed/used by a given container. For > instance, if I have a public Internet IPv4 /26 allocated to a physical > host by a hosting provider, I'll want to assign only one or two IP > addresses to each container. Currently, I can have an LXD container > just spuriously decide to use any arbitrary IP, and I haven't found a > way to prevent it from doing that if an untrusted user has root access > in the container. They can just run ifconfig and specify the IP > address they want to use. > > How can I configure the host environment (LXD or something else on the > host, assuming I'm running a very recent Ubuntu 16.04 Beta nightly) so Just wanted to clarify that I am *not* using or intending to use a pre-release of 16.04 in a production environment. I'm currently satisfied with LXD 0.24 on Ubuntu Server 14.04.4 LTS. I'm not currently in a situation where I have untrusted root users with access to containers, but I am planning to open up that type of usage in the future if LXD turns out to be able to support it. And of course that would be using the final release of Ubuntu Server 16.04 LTS. Thanks, Sean > that no packets can be transmitted to/from the guest unless the guest > is using a specific IP or set of IPs? I also want to make sure that no > broadcasting is occurring; i.e., the root user in the container should > not be able to sniff layer 2 and see all the packets going to all the > other containers. > > ...Or is LXD not suitable for this use case? If it isn't, will it ever be? > > Thanks, > > Sean > > > >> >> >> Nevertheless, we have recently allowed the following key through raw.lxc: >> - lxc.network.X.ipv4 >> - lxc.network.X.ipv4.gateway >> - lxc.network.X.ipv6 >> - lxc.network.X.ipv6.gateway >> >> Note that we require you set the interface index (X above) as mixing >> those raw entris with the LXD generated config would otherwise randomly >> cause an invalid config and container startup failure. >> >> >> The recommended way to manage IPs with LXD is to do it exactly the same >> way you would do it for your VMs or physical machines, so either >> configure your DHCP server to give a static lease or configure the >> container to use a static IP (you can use lxc file pull/push/edit to do >> it on a stopped container). >> >> On Fri, Mar 18, 2016 at 10:18:33AM -0400, Sean McNamara wrote: >>> First of all, there's no such thing as LX[C|D]. You're either using >>> LXC or LXD. They're different enough in their configuration and >>> operation that you can't ask an "either-or" question. Pick one >>> solution and focus on that. >>> >>> I just wanted to chime in to say that I have this same question. I'm >>> stuck using a pre-2.0 release of LXD because it allows me to use the >>> "raw.lxc" config parameter to specify the IP settings for the guest. >>> This configuration parameter was removed at some point prior to the >>> 2.0 RC, so I ended up editing the source code of LXD to bring it back. >>> I haven't found any equivalent configuration that works without using >>> raw.lxc. >>> >>> raw.lxc: >>> "lxc.network.ipv4=1.2.3.4/32\nlxc.network.ipv4.gateway=5.6.7.8\nlxc.network.hwaddr=00:11:22:33:44:55\nlxc.network.flags=up >>> \ \nlxc.network.mtu=1500\n" >>> volatile.eth0.hwaddr: 00:11:22:33:44:55 >>> volatile.eth0.name: eth1 >>> devices: >>> eth0: >>> hwaddr: 00:11:22:33:44:55 >>> nictype: bridged >>> parent: br0 >>> >>> On Ubuntu, you can then set up your bridge as follows in >>> /etc/network/interfaces: >>> >>> auto br0 >>> iface br0 inet static >>> address 1.2.3.4 >>> netmask 255.255.255.0 >>> broadcast 5.6.7.8 >>> gateway 9.10.11.12 >>> bridge_ports eth0 >>> bridge_stp off >>> >>> >>> This is fine with LXD 0.
Re: [lxc-users] snapshot listing
Quoting Tamas Papp (tom...@martos.bme.hu): > > > On 03/17/2016 04:02 AM, Serge Hallyn wrote: > >Quoting Tamas Papp (tom...@martos.bme.hu): > >> > >>On 03/17/2016 12:09 AM, Serge Hallyn wrote: > >>>Quoting Tamas Papp (tom...@martos.bme.hu): > hi, > > I remember, that not very long time ago the 'lxc list' command also > listed snapshots too. > But now it doesn't. How can I do that now? > > >>>You can see the number of snapshots with > >>> > >>>lxc list -c nS > >>>+--+---+ > >>>| NAME | SNAPSHOTS | > >>>+--+---+ > >>>| x1 | 1 | > >>>+--+---+ > >>> > >>>then see the actual snapshots with > >>> > >>>lxc info x1 > >>>Name: x1 > >>>Architecture: x86_64 > >>>Created: 2016/03/14 22:16 UTC > >>>Status: Stopped > >>>Type: persistent > >>>Profiles: default > >>>Snapshots: > >>> x1/snap0 (taken at 2016/03/16 23:07 UTC) (stateless) > >>> > >>ShhI should have though on that:) > >> > >> > >>But: > >> > >>Snapshots: > >> zas_2016-03-08 (taken at 2016/03/08 09:22 UTC) (stateless) > >> zas_2016-03-09 (taken at 2016/03/09 03:32 UTC) (stateless) > >> zas_2016-03-10 (taken at 2016/03/10 03:30 UTC) (stateless) > >> zas_2016-03-11 (taken at 2016/03/11 03:32 UTC) (stateless) > >> zas_2016-03-12 (taken at 2016/03/12 03:32 UTC) (stateless) > >> zas_2016-03-13 (taken at 2016/03/13 03:32 UTC) (stateless) > >> zas_2016-03-14 (taken at 2016/03/14 03:32 UTC) (stateless) > >> zas_2016-03-15 (taken at 2016/03/15 03:32 UTC) (stateless) > >> zas_2016-03-16 (taken at 2016/03/16 03:32 UTC) (stateless) > >> zas_2016-03-17 (taken at 2016/03/17 00:55 UTC) (stateful) > >> zas_2016-03-17a (taken at 2016/03/17 00:56 UTC) (stateful) > >> zas_2016-03-17b (taken at 2016/03/17 00:56 UTC) (stateful) > >> zas_2016-03-17c (taken at 2016/03/17 01:03 UTC) (stateful) > >> zas_2016-03-17d (taken at 2016/03/17 01:05 UTC) (stateful) > >> > >> > >> > >>It's marked as stateful, but checkpoint was failing due to old criu version: > >> > >> > >>$ lxc snapshot --stateful connect > >>error: checkpoint failed > >> > >> > >>It's a bug, right? > >Sounds like a bug. > > > > https://github.com/lxc/lxd/issues/1768 > > > I have a slightly related question. > Do you plan to have a more computer friendly list of snapshots? > It would be great to see them listed as containers, like defining, > what detail(s) I want to see and list only snapshots, greppable etc. It's not planned. Can you open an issue requesting it? Seems like something which must be scriptable and the only way I can think of right now is to use the rest api to get the list of snapshot urls. ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] snapshot listing
Quoting Tamas Papp (tom...@martos.bme.hu): > hi, > > I remember, that not very long time ago the 'lxc list' command also > listed snapshots too. > But now it doesn't. How can I do that now? > You can see the number of snapshots with lxc list -c nS +--+---+ | NAME | SNAPSHOTS | +--+---+ | x1 | 1 | +--+---+ then see the actual snapshots with lxc info x1 Name: x1 Architecture: x86_64 Created: 2016/03/14 22:16 UTC Status: Stopped Type: persistent Profiles: default Snapshots: x1/snap0 (taken at 2016/03/16 23:07 UTC) (stateless) ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] Limit file descriptors
Hello folks, I'm having some troubles where one container can drain the amount of file descriptors available in the host system. Does somebody knows how to limit file descriptors per container? I'm running lxd v2.0.0.rc3 and lxc v2.0.0.rc10 Cheers -- Alan Hoffmeister https://twitter.com/alan_hoff https://github.com/alanhoff https://keybase.io/alanhoff ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] ppa issues
On Sat, Mar 19, 2016 at 11:28:41AM -0700, Mike Wright wrote: > Hi all, > > First: thanks for all your efforts with LXC, etc. I've got to say that LXC > makes accessible virtual machines more easily than any other approaches I've > tried (except maybe renting one in "The Cloud" ;D ) > > Current running lxc-1.1.5 on wily and want to explore 2.x. I'm having > problems with the ppa. > > 'apt-add-repository "http://ppa.launchpad.net/ubuntu-lxc/lxc-stable/ubuntu > wily main"' installed without complaint. > > 'apt-get update' failed with the following error: > > "Err http://ppa.launchpad.net wily/main amd64 Packages >404 Not Found" > > Further errors included GPG with "public key is not available". > > Any helpers out there today? > > Thanks, > Mike Wright You should be using: apt-add-repository ppa:ubuntu-lxc/stable Which will do the setup properly using https and including installing the needed gpg key. -- Stéphane Graber Ubuntu developer http://www.ubuntu.com signature.asc Description: PGP signature ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] ppa issues
Hi all, First: thanks for all your efforts with LXC, etc. I've got to say that LXC makes accessible virtual machines more easily than any other approaches I've tried (except maybe renting one in "The Cloud" ;D ) Current running lxc-1.1.5 on wily and want to explore 2.x. I'm having problems with the ppa. 'apt-add-repository "http://ppa.launchpad.net/ubuntu-lxc/lxc-stable/ubuntu wily main"' installed without complaint. 'apt-get update' failed with the following error: "Err http://ppa.launchpad.net wily/main amd64 Packages 404 Not Found" Further errors included GPG with "public key is not available". Any helpers out there today? Thanks, Mike Wright ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Wildcard in lxd commands?
Quoting zzt...@openmailbox.org (zzt...@openmailbox.org): > Will wildcards be supported in lxd commands? For example, I'd like > to do this: > > $ lxc info host:* > > or > > $ lxc info host:web* > > and get info on all containers/containers starting with "web" on host. > > Is there a quick/easy way to do something similar now? See 'lxc help list'. Filters should get you what you want. ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] snapshot listing
On 03/17/2016 04:02 AM, Serge Hallyn wrote: Quoting Tamas Papp (tom...@martos.bme.hu): On 03/17/2016 12:09 AM, Serge Hallyn wrote: Quoting Tamas Papp (tom...@martos.bme.hu): hi, I remember, that not very long time ago the 'lxc list' command also listed snapshots too. But now it doesn't. How can I do that now? You can see the number of snapshots with lxc list -c nS +--+---+ | NAME | SNAPSHOTS | +--+---+ | x1 | 1 | +--+---+ then see the actual snapshots with lxc info x1 Name: x1 Architecture: x86_64 Created: 2016/03/14 22:16 UTC Status: Stopped Type: persistent Profiles: default Snapshots: x1/snap0 (taken at 2016/03/16 23:07 UTC) (stateless) ShhI should have though on that:) But: Snapshots: zas_2016-03-08 (taken at 2016/03/08 09:22 UTC) (stateless) zas_2016-03-09 (taken at 2016/03/09 03:32 UTC) (stateless) zas_2016-03-10 (taken at 2016/03/10 03:30 UTC) (stateless) zas_2016-03-11 (taken at 2016/03/11 03:32 UTC) (stateless) zas_2016-03-12 (taken at 2016/03/12 03:32 UTC) (stateless) zas_2016-03-13 (taken at 2016/03/13 03:32 UTC) (stateless) zas_2016-03-14 (taken at 2016/03/14 03:32 UTC) (stateless) zas_2016-03-15 (taken at 2016/03/15 03:32 UTC) (stateless) zas_2016-03-16 (taken at 2016/03/16 03:32 UTC) (stateless) zas_2016-03-17 (taken at 2016/03/17 00:55 UTC) (stateful) zas_2016-03-17a (taken at 2016/03/17 00:56 UTC) (stateful) zas_2016-03-17b (taken at 2016/03/17 00:56 UTC) (stateful) zas_2016-03-17c (taken at 2016/03/17 01:03 UTC) (stateful) zas_2016-03-17d (taken at 2016/03/17 01:05 UTC) (stateful) It's marked as stateful, but checkpoint was failing due to old criu version: $ lxc snapshot --stateful connect error: checkpoint failed It's a bug, right? Sounds like a bug. https://github.com/lxc/lxd/issues/1768 I have a slightly related question. Do you plan to have a more computer friendly list of snapshots? It would be great to see them listed as containers, like defining, what detail(s) I want to see and list only snapshots, greppable etc. 10x tamas ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Limit file descriptors
Dear Alan, adjust the limits per Container in /etc/security/limits.conf , e.g. add something like * hardnofile 8192 * softnofile 8000 * hardnproc 1024 * softnproc 1000 and maybe adjust the values at the host, too. Greetings Guido On 17.03.2016 00:40, Alan Hoffmeister wrote: > Hello folks, > > I'm having some troubles where one container can drain the amount of file > descriptors available in the host system. Does somebody knows how to limit > file descriptors per container? > > I'm running lxd v2.0.0.rc3 and lxc v2.0.0.rc10 > > Cheers > > -- > Alan Hoffmeister > https://twitter.com/alan_hoff > https://github.com/alanhoff > https://keybase.io/alanhoff ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] How to setup a static IP in a container with LX[C|D] 2.0.0.*
Our stance hasn't changed. LXD doesn't know nor care about layer-3 networking, all it does is setup your layer-2. Having LXD pre-initialize your network namespace confuses the heck out of a bunch of distros which expect all network to be unconfigured by the time they apply their own config (they don't clean things up so duplicate entries lead to failure). Nevertheless, we have recently allowed the following key through raw.lxc: - lxc.network.X.ipv4 - lxc.network.X.ipv4.gateway - lxc.network.X.ipv6 - lxc.network.X.ipv6.gateway Note that we require you set the interface index (X above) as mixing those raw entris with the LXD generated config would otherwise randomly cause an invalid config and container startup failure. The recommended way to manage IPs with LXD is to do it exactly the same way you would do it for your VMs or physical machines, so either configure your DHCP server to give a static lease or configure the container to use a static IP (you can use lxc file pull/push/edit to do it on a stopped container). On Fri, Mar 18, 2016 at 10:18:33AM -0400, Sean McNamara wrote: > First of all, there's no such thing as LX[C|D]. You're either using > LXC or LXD. They're different enough in their configuration and > operation that you can't ask an "either-or" question. Pick one > solution and focus on that. > > I just wanted to chime in to say that I have this same question. I'm > stuck using a pre-2.0 release of LXD because it allows me to use the > "raw.lxc" config parameter to specify the IP settings for the guest. > This configuration parameter was removed at some point prior to the > 2.0 RC, so I ended up editing the source code of LXD to bring it back. > I haven't found any equivalent configuration that works without using > raw.lxc. > > raw.lxc: > "lxc.network.ipv4=1.2.3.4/32\nlxc.network.ipv4.gateway=5.6.7.8\nlxc.network.hwaddr=00:11:22:33:44:55\nlxc.network.flags=up > \ \nlxc.network.mtu=1500\n" > volatile.eth0.hwaddr: 00:11:22:33:44:55 > volatile.eth0.name: eth1 > devices: > eth0: > hwaddr: 00:11:22:33:44:55 > nictype: bridged > parent: br0 > > On Ubuntu, you can then set up your bridge as follows in > /etc/network/interfaces: > > auto br0 > iface br0 inet static > address 1.2.3.4 > netmask 255.255.255.0 > broadcast 5.6.7.8 > gateway 9.10.11.12 > bridge_ports eth0 > bridge_stp off > > > This is fine with LXD 0.24 that was built about a month before the 2.0 > release candidates started hitting (and with edited source code to > un-block the raw.lxc param) but I'm afraid to upgrade to LXD 2.0 > because I don't know the way forward. > > It seems like support for certain basic network topologies are still > being worked out with LXD. It should be easy, well-documented and > flexible a la OpenVZ, but it's really not, as far as I have seen. The > best way to make any progress that I've found thus far is to start > learning Google Go and reading the source code. > > Thanks, > > Sean > > > > On Fri, Mar 18, 2016 at 9:10 AM, Hans Deragon wrote: > > Greetings, > > > > Ok, this is ridiculous and I apologize for asking help for such a simple > > task, but I fail to find the answers by myself. I fail to find proper > > documentation to setup bridge networking and static IP. Newbie here btw and > > setup details at the end of this email. > > > > I got the container running and with DHCP configured, it has its own IP > > which the host can address with. > > > > Obviously, I attempted to setup the static IP many times following > > instructions found on many web pages, to no vail. For example, I followed > > instructions from https://wiki.debian.org/LXC/SimpleBridge. But turns out > > that I am probably running a different version of LXC and that this page is > > now obsolete. > > > > I went so far to run 'strace lxc restart server2' to realize that > > /var/lib/lxc/server2/config is not read (server2 is the container). This > > seams to be confirmed by the post at > > http://ubuntuforums.org/showthread.php?t=2275372. > > > > I found 'man lxc.container.conf'. Seams promising. However, I fail to find > > within the manual the path where this file should be saved! If you write > > documentation, please always provide the path where configuration files are > > supposed to be stored. > > > > I created a profile named 'bridged' using commands, but I have not found any > > option/instruction on how to apply that profile on my existing image. 'lxc > > start server2' does not provide any option to start the container with a > > particular profile. BTW, where are profile configuration files stored? > > > > I need clear step by step instructions, with full paths on how to set things > > up and I fail to find any on the web. Anybody has a useful link to suggest? > > > > I have a KVM image running (server1) and it works flawlessly with a static > > IP on my bridge. And it wasn't hard to find instructions on how to set it >
Re: [lxc-users] How to set LXD container locale?
On Sat, Mar 19, 2016 at 03:33:11AM -0700, zzt...@openmailbox.org wrote: > None of the typical ways of setting locales seem to stick in my Ubuntu > container in an Ubuntu host (Ubuntu 15.10, LXD 2.0.0.rc4) > > The host's locale shows this > > LANG=en_US.UTF-8 > LANGUAGE= > LC_CTYPE="en_US.UTF-8" > LC_NUMERIC="en_US.UTF-8" > LC_TIME="en_US.UTF-8" > LC_COLLATE="en_US.UTF-8" > LC_MONETARY="en_US.UTF-8" > LC_MESSAGES="en_US.UTF-8" > LC_PAPER="en_US.UTF-8" > LC_NAME="en_US.UTF-8" > LC_ADDRESS="en_US.UTF-8" > LC_TELEPHONE="en_US.UTF-8" > LC_MEASUREMENT="en_US.UTF-8" > LC_IDENTIFICATION="en_US.UTF-8" > LC_ALL= > > > but the container shows this > > > LANG= > LANGUAGE= > LC_CTYPE="POSIX" > LC_NUMERIC="POSIX" > LC_TIME="POSIX" > LC_COLLATE="POSIX" > LC_MONETARY="POSIX" > LC_MESSAGES="POSIX" > LC_PAPER="POSIX" > LC_NAME="POSIX" > LC_ADDRESS="POSIX" > LC_TELEPHONE="POSIX" > LC_MEASUREMENT="POSIX" > LC_IDENTIFICATION="POSIX" > > /etc/default/locale contains the same value (LANG="en_US.UTF-8") in both the > container and the host, but I cannot get it to set in the container. How is > the locale set/changed in an LXD container? > > Thanks. Note that if you're using "lxc exec", LXD only executes the shell that you asked for, it doesn't setup a PAM session for you, so you start with an empty environment. One way to solve that is to do a "su root" which will then send you through the PAM stack (if your container has one) which will then source any needed environment. Another way if you don't want to go through PAM, is to set environment variables directly on the container or one of its profiles, like: lxc config set CONTAINER environment.LC_ALL=en_US.UTF-8 LXD will then set those environment variables for you every time you exec a command inside the container. -- Stéphane Graber Ubuntu developer http://www.ubuntu.com signature.asc Description: PGP signature ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Is there anything in LXC that would prevent DHCPv6 from working?
> On March 18, 2016 at 1:19 PM John Lewis wrote: > > > I am use wide-dhcpv6-server and wide-dhcpv6-client in two diffrent LXCs > with an iproute2 created bridge and lxc created tun/tap devices and I am > using 3.16.0-4-amd64 #1 SMP and my kernel. I don't have any firewall > that would block ipv6 request and responses that would occur on port 546 > and 547, but I don't see any packets out of the interface on the client > that are the packets that I am looking for when I tcpdump it. It is > probably an application issue, but I just want to double check. There shouldn't be anything lxc-specific here as far as I know. Are you saying you have no firewall at all which could block anything, or just that you think it should allow everything? You might still be blocking neighbor discovery packets (which come from a MAC-derived link-local ip address, so you also need to make sure you don't block these by address either.) (Oh also, just in case you're using an alpine linux containers, busybox' dhcpv6 client is still not finished / broken (uses wrong addresses), so that won't work.) ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] snapshot listing
On 03/17/2016 12:09 AM, Serge Hallyn wrote: Quoting Tamas Papp (tom...@martos.bme.hu): hi, I remember, that not very long time ago the 'lxc list' command also listed snapshots too. But now it doesn't. How can I do that now? You can see the number of snapshots with lxc list -c nS +--+---+ | NAME | SNAPSHOTS | +--+---+ | x1 | 1 | +--+---+ then see the actual snapshots with lxc info x1 Name: x1 Architecture: x86_64 Created: 2016/03/14 22:16 UTC Status: Stopped Type: persistent Profiles: default Snapshots: x1/snap0 (taken at 2016/03/16 23:07 UTC) (stateless) ShhI should have though on that:) But: Snapshots: zas_2016-03-08 (taken at 2016/03/08 09:22 UTC) (stateless) zas_2016-03-09 (taken at 2016/03/09 03:32 UTC) (stateless) zas_2016-03-10 (taken at 2016/03/10 03:30 UTC) (stateless) zas_2016-03-11 (taken at 2016/03/11 03:32 UTC) (stateless) zas_2016-03-12 (taken at 2016/03/12 03:32 UTC) (stateless) zas_2016-03-13 (taken at 2016/03/13 03:32 UTC) (stateless) zas_2016-03-14 (taken at 2016/03/14 03:32 UTC) (stateless) zas_2016-03-15 (taken at 2016/03/15 03:32 UTC) (stateless) zas_2016-03-16 (taken at 2016/03/16 03:32 UTC) (stateless) zas_2016-03-17 (taken at 2016/03/17 00:55 UTC) (stateful) zas_2016-03-17a (taken at 2016/03/17 00:56 UTC) (stateful) zas_2016-03-17b (taken at 2016/03/17 00:56 UTC) (stateful) zas_2016-03-17c (taken at 2016/03/17 01:03 UTC) (stateful) zas_2016-03-17d (taken at 2016/03/17 01:05 UTC) (stateful) It's marked as stateful, but checkpoint was failing due to old criu version: $ lxc snapshot --stateful connect error: checkpoint failed It's a bug, right? thanks, tamas ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] How to set LXD container locale?
Have you tried this way: echo "en_US.UTF-8 UTF-8" > /etc/locale.gen locale-gen It's the method we're using the set the locale in LXC containers. On Sat, Mar 19, 2016 at 11:33 AM, wrote: > None of the typical ways of setting locales seem to stick in my Ubuntu > container in an Ubuntu host (Ubuntu 15.10, LXD 2.0.0.rc4) > > The host's locale shows this > > LANG=en_US.UTF-8 > LANGUAGE= > LC_CTYPE="en_US.UTF-8" > LC_NUMERIC="en_US.UTF-8" > LC_TIME="en_US.UTF-8" > LC_COLLATE="en_US.UTF-8" > LC_MONETARY="en_US.UTF-8" > LC_MESSAGES="en_US.UTF-8" > LC_PAPER="en_US.UTF-8" > LC_NAME="en_US.UTF-8" > LC_ADDRESS="en_US.UTF-8" > LC_TELEPHONE="en_US.UTF-8" > LC_MEASUREMENT="en_US.UTF-8" > LC_IDENTIFICATION="en_US.UTF-8" > LC_ALL= > > > but the container shows this > > > LANG= > LANGUAGE= > LC_CTYPE="POSIX" > LC_NUMERIC="POSIX" > LC_TIME="POSIX" > LC_COLLATE="POSIX" > LC_MONETARY="POSIX" > LC_MESSAGES="POSIX" > LC_PAPER="POSIX" > LC_NAME="POSIX" > LC_ADDRESS="POSIX" > LC_TELEPHONE="POSIX" > LC_MEASUREMENT="POSIX" > LC_IDENTIFICATION="POSIX" > > /etc/default/locale contains the same value (LANG="en_US.UTF-8") in both > the container and the host, but I cannot get it to set in the container. > How is the locale set/changed in an LXD container? > > Thanks. > > > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] lxc list --fast
On 03/16/2016 09:48 PM, Stéphane Graber wrote: On Wed, Mar 16, 2016 at 09:37:11PM +0100, Tamas Papp wrote: hi, tompos@ttk-mdr:~$ lxc list +---+-++--++---+ | NAME | STATE | IPV4 | IPV6 |TYPE | SNAPSHOTS | +---+-++--++---+ | connect | RUNNING | 10.0.3.3 (eth0)| | PERSISTENT | 9 | +---+-++--++---+ | connect-mysql | RUNNING | 10.0.3.4 (eth0)| | PERSISTENT | 9 | | | | 172.29.251.1 (ttk-mdr) | || | +---+-++--++---+ | proxy | RUNNING | 10.0.3.2 (eth0)| | PERSISTENT | 9 | +---+-++--++---+ tompos@ttk-mdr:~$ lxc list --fast +---+-+--++--++ | NAME | STATE | ARCHITECTURE | CREATED AT | PROFILES |TYPE | +---+-+--++--++ | connect | RUNNING | x86_64 || default | PERSISTENT | +---+-+--++--++ | connect-mysql | RUNNING | x86_64 || default | PERSISTENT | +---+-+--++--++ | proxy | RUNNING | x86_64 || default | PERSISTENT | +---+-+--++--++ Why are arch and create time "important" in case of fast and why not in case of pure list? Thanks, tamas We wanted an quivalent horizontal space usage in both modes, so added a few more columns to --fast after removing the columns that were causing the slowness. If you want something else, you can just specify the list of column you want to see. For me --fast would mean not just technical aspects and faster output display but also better (faster) readability for humans. Though it's just a note:) 10x tamas ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] How to setup a static IP in a container with LX[C|D] 2.0.0.*
First of all, there's no such thing as LX[C|D]. You're either using LXC or LXD. They're different enough in their configuration and operation that you can't ask an "either-or" question. Pick one solution and focus on that. I just wanted to chime in to say that I have this same question. I'm stuck using a pre-2.0 release of LXD because it allows me to use the "raw.lxc" config parameter to specify the IP settings for the guest. This configuration parameter was removed at some point prior to the 2.0 RC, so I ended up editing the source code of LXD to bring it back. I haven't found any equivalent configuration that works without using raw.lxc. raw.lxc: "lxc.network.ipv4=1.2.3.4/32\nlxc.network.ipv4.gateway=5.6.7.8\nlxc.network.hwaddr=00:11:22:33:44:55\nlxc.network.flags=up \ \nlxc.network.mtu=1500\n" volatile.eth0.hwaddr: 00:11:22:33:44:55 volatile.eth0.name: eth1 devices: eth0: hwaddr: 00:11:22:33:44:55 nictype: bridged parent: br0 On Ubuntu, you can then set up your bridge as follows in /etc/network/interfaces: auto br0 iface br0 inet static address 1.2.3.4 netmask 255.255.255.0 broadcast 5.6.7.8 gateway 9.10.11.12 bridge_ports eth0 bridge_stp off This is fine with LXD 0.24 that was built about a month before the 2.0 release candidates started hitting (and with edited source code to un-block the raw.lxc param) but I'm afraid to upgrade to LXD 2.0 because I don't know the way forward. It seems like support for certain basic network topologies are still being worked out with LXD. It should be easy, well-documented and flexible a la OpenVZ, but it's really not, as far as I have seen. The best way to make any progress that I've found thus far is to start learning Google Go and reading the source code. Thanks, Sean On Fri, Mar 18, 2016 at 9:10 AM, Hans Deragon wrote: > Greetings, > > Ok, this is ridiculous and I apologize for asking help for such a simple > task, but I fail to find the answers by myself. I fail to find proper > documentation to setup bridge networking and static IP. Newbie here btw and > setup details at the end of this email. > > I got the container running and with DHCP configured, it has its own IP > which the host can address with. > > Obviously, I attempted to setup the static IP many times following > instructions found on many web pages, to no vail. For example, I followed > instructions from https://wiki.debian.org/LXC/SimpleBridge. But turns out > that I am probably running a different version of LXC and that this page is > now obsolete. > > I went so far to run 'strace lxc restart server2' to realize that > /var/lib/lxc/server2/config is not read (server2 is the container). This > seams to be confirmed by the post at > http://ubuntuforums.org/showthread.php?t=2275372. > > I found 'man lxc.container.conf'. Seams promising. However, I fail to find > within the manual the path where this file should be saved! If you write > documentation, please always provide the path where configuration files are > supposed to be stored. > > I created a profile named 'bridged' using commands, but I have not found any > option/instruction on how to apply that profile on my existing image. 'lxc > start server2' does not provide any option to start the container with a > particular profile. BTW, where are profile configuration files stored? > > I need clear step by step instructions, with full paths on how to set things > up and I fail to find any on the web. Anybody has a useful link to suggest? > > I have a KVM image running (server1) and it works flawlessly with a static > IP on my bridge. And it wasn't hard to find instructions on how to set it > up. But LXD/LXc is another story. > > The setup: > > Host: Ubuntu 14.04 LTS. > Container: Ubuntu 14.04 LTS. > LXD:2.0.0~rc3-0ubuntu4~ubuntu14.04.1~ppa1 > LXC:2.0.0~rc10-0ubuntu2~ubuntu14.04.1~ppa1 > > Best regards and thanks in advance, > Hans Deragon > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] How to set LXD container locale?
None of the typical ways of setting locales seem to stick in my Ubuntu container in an Ubuntu host (Ubuntu 15.10, LXD 2.0.0.rc4) The host's locale shows this LANG=en_US.UTF-8 LANGUAGE= LC_CTYPE="en_US.UTF-8" LC_NUMERIC="en_US.UTF-8" LC_TIME="en_US.UTF-8" LC_COLLATE="en_US.UTF-8" LC_MONETARY="en_US.UTF-8" LC_MESSAGES="en_US.UTF-8" LC_PAPER="en_US.UTF-8" LC_NAME="en_US.UTF-8" LC_ADDRESS="en_US.UTF-8" LC_TELEPHONE="en_US.UTF-8" LC_MEASUREMENT="en_US.UTF-8" LC_IDENTIFICATION="en_US.UTF-8" LC_ALL= but the container shows this LANG= LANGUAGE= LC_CTYPE="POSIX" LC_NUMERIC="POSIX" LC_TIME="POSIX" LC_COLLATE="POSIX" LC_MONETARY="POSIX" LC_MESSAGES="POSIX" LC_PAPER="POSIX" LC_NAME="POSIX" LC_ADDRESS="POSIX" LC_TELEPHONE="POSIX" LC_MEASUREMENT="POSIX" LC_IDENTIFICATION="POSIX" /etc/default/locale contains the same value (LANG="en_US.UTF-8") in both the container and the host, but I cannot get it to set in the container. How is the locale set/changed in an LXD container? Thanks. ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Wildcard in lxd commands?
On 17/03/16 23:01, Janne Savikko wrote: You can not use filters to list running or stopped containers. Lxc start or stop do not support filters, only container name (or names). You though can always pipe commands if you want to stop dozens of containers whose names begin with "web" (note! lxc list keyword filter compares from the start of the name, so "lxc list eb" does not work in this case): $ lxc list web|grep RUNNING|awk '{ print $2 }'|xargs lxc stop It's still rather awkward to reliably script a start/stop of a single container that happens to be called "web" when there might be web1, web2 etc. An explicit non-filtered arg to lxc list with optional regex would be more useful. Plus an option to have plain non-tablewriter output for easier script parsing. [[ `lxc list -cs web` = RUNNING ]]; echo $? ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] How to setup a static IP in a container with LX[C|D] 2.0.0.*
Greetings, Ok, this is ridiculous and I apologize for asking help for such a simple task, but I fail to find the answers by myself. I fail to find proper documentation to setup bridge networking and static IP. Newbie here btw and setup details at the end of this email. I got the container running and with DHCP configured, it has its own IP which the host can address with. Obviously, I attempted to setup the static IP many times following instructions found on many web pages, to no vail. For example, I followed instructions from https://wiki.debian.org/LXC/SimpleBridge. But turns out that I am probably running a different version of LXC and that this page is now obsolete. I went so far to run 'strace lxc restart server2' to realize that /var/lib/lxc/server2/config is not read (server2 is the container). This seams to be confirmed by the post at http://ubuntuforums.org/showthread.php?t=2275372. I found 'man lxc.container.conf'. Seams promising. However, I fail to find within the manual the path where this file should be saved! If you write documentation, please always provide the path where configuration files are supposed to be stored. I created a profile named 'bridged' using commands, but I have not found any option/instruction on how to apply that profile on my existing image. 'lxc start server2' does not provide any option to start the container with a particular profile. BTW, where are profile configuration files stored? I need clear step by step instructions, with full paths on how to set things up and I fail to find any on the web. Anybody has a useful link to suggest? I have a KVM image running (server1) and it works flawlessly with a static IP on my bridge. And it wasn't hard to find instructions on how to set it up. But LXD/LXc is another story. The setup: Host: Ubuntu 14.04 LTS. Container: Ubuntu 14.04 LTS. LXD:2.0.0~rc3-0ubuntu4~ubuntu14.04.1~ppa1 LXC:2.0.0~rc10-0ubuntu2~ubuntu14.04.1~ppa1 Best regards and thanks in advance, Hans Deragon ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] LXD Newb questions
On Wed, Mar 16, 2016 at 02:06:17AM +, Will Dennis wrote: > > root@xenial-02:~# lxc list all > +---+--+-+---+--++---+ > | HOST| NAME | STATE | IPV4| IPV6 |TYPE| > SNAPSHOTS | > +---+--+-+---+--++---+ > | xenial-01 | u1404-03 | RUNNING | 10.0.3.134 (eth0) | | PERSISTENT | 0 >| > +---+--+-+---+--++---+ > | xenial-02 | u1404-01 | RUNNING | 10.0.3.221 (eth0) | | PERSISTENT | 0 >| > +---+--+-+---+--++---+ > | xenial-02 | u1404-02 | RUNNING | 10.0.3.75 (eth0) | | PERSISTENT | 0 >| > +---+--+-+---+--++---+ > > So do you have to query the hosts one by one, or is there something to give > you a holistic view of all your container hosts and containers on them? No, you need to query the hosts one by one. Tycho ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] Can't start container after lxd/lxc/lxcfs upgrade
lxc => 2.0.0rc4 lxd => 2.0.0rc4 lxcfs => 2.0.0rc6 After the latest upgrade to lxc/lxd tools existing and new containers fail to start, failing on the following stage from the container log: lxc 20160318161829.810 INFO lxc_conf - conf.c:run_script_argv:367 - Executing script '/usr/share/lxcfs/lxc.mount.hook' for container 'testcontainer-20160311-0918', config section 'lxc' lxc 20160318161829.856 ERRORlxc_conf - conf.c:run_buffer:347 - Script exited with status 1 lxc 20160318161829.856 ERRORlxc_conf - conf.c:lxc_setup:3750 - failed to run mount hooks for container 'testcontainer-20160311-0918'. There don't appear to be any logs or debug output from the lxc.mount.hook script that I can see that will help further. LXC, LXD and LXCFS services are reported running by systemd. Any help greatly appreciated! ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] lxc list --fast
On Wed, Mar 16, 2016 at 09:37:11PM +0100, Tamas Papp wrote: > hi, > > tompos@ttk-mdr:~$ lxc list > +---+-++--++---+ > > | NAME | STATE | IPV4 | IPV6 |TYPE > | SNAPSHOTS | > +---+-++--++---+ > > | connect | RUNNING | 10.0.3.3 (eth0)| | PERSISTENT | > 9 | > +---+-++--++---+ > > | connect-mysql | RUNNING | 10.0.3.4 (eth0)| | PERSISTENT | > 9 | > | | | 172.29.251.1 (ttk-mdr) | || > | > +---+-++--++---+ > > | proxy | RUNNING | 10.0.3.2 (eth0)| | PERSISTENT | > 9 | > +---+-++--++---+ > > > > tompos@ttk-mdr:~$ lxc list --fast > +---+-+--++--++ > > | NAME | STATE | ARCHITECTURE | CREATED AT | PROFILES |TYPE > | > +---+-+--++--++ > > | connect | RUNNING | x86_64 || default | > PERSISTENT | > +---+-+--++--++ > > | connect-mysql | RUNNING | x86_64 || default | > PERSISTENT | > +---+-+--++--++ > > | proxy | RUNNING | x86_64 || default | > PERSISTENT | > +---+-+--++--++ > > > > Why are arch and create time "important" in case of fast and why not in case > of pure list? > > > Thanks, > tamas We wanted an quivalent horizontal space usage in both modes, so added a few more columns to --fast after removing the columns that were causing the slowness. If you want something else, you can just specify the list of column you want to see. -- Stéphane Graber Ubuntu developer http://www.ubuntu.com signature.asc Description: PGP signature ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Can't start container after lxd/lxc/lxcfs upgrade
On Sat, Mar 19, 2016 at 05:47:19AM +0700, Fajar A. Nugraha wrote: > On Sat, Mar 19, 2016 at 1:12 AM, B G wrote: > > lxc => 2.0.0rc4 > > lxd => 2.0.0rc4 > > lxcfs => 2.0.0rc6 > > > > After the latest upgrade to lxc/lxd tools existing and new containers fail > > to start, failing on the following stage from the container log: > > > > lxc 20160318161829.810 INFO lxc_conf - conf.c:run_script_argv:367 - > > Executing script '/usr/share/lxcfs/lxc.mount.hook' for container > > 'testcontainer-20160311-0918', config section 'lxc' > > lxc 20160318161829.856 ERRORlxc_conf - conf.c:run_buffer:347 - Script > > exited with status 1 > > lxc 20160318161829.856 ERRORlxc_conf - conf.c:lxc_setup:3750 - failed to > > run mount hooks for container 'testcontainer-20160311-0918'. > > > > There don't appear to be any logs or debug output from the lxc.mount.hook > > script that I can see that will help further. > > I had to add my own debugging lines to figure out what's wrong > > > > > > LXC, LXD and LXCFS services are reported running by systemd. > > > > Any help greatly appreciated! > > > Somewhere close to the end of lxc.mount.hook I setup debugging line > to see what the container's cgroup looks like. It shows this > > + ls -la /usr/lib/x86_64-linux-gnu/lxc/sys/fs/cgroup > total 0 > drwxr-xr-x 12 root root 240 Mar 18 16:25 . > drwxr-xr-x 7 root root 0 Mar 18 16:15 .. > drwxr-xr-x 3 root root 60 Mar 18 16:25 blkio > drwxr-xr-x 3 root root 60 Mar 18 16:25 cpu > drwxr-xr-x 3 root root 60 Mar 18 16:25 cpuset > drwxr-xr-x 3 root root 60 Mar 18 16:25 devices > drwxr-xr-x 3 root root 60 Mar 18 16:25 freezer > drwxr-xr-x 3 root root 60 Mar 18 16:25 hugetlb > drwxr-xr-x 3 root root 60 Mar 18 16:25 memory > drwxr-xr-x 3 root root 60 Mar 18 16:25 net_cls > drwxr-xr-x 3 root root 60 Mar 18 16:25 perf_event > drwxr-xr-x 3 root root 60 Mar 18 16:25 systemd Can you also extract /proc/self/mountinfo at that time please? It indeed looks like the change to add cgroup and cgroup-full lxc.mount.auto support into cgfsng with rc11 is causing some trouble. I'll need to setup a machine where I can reproduce this as none of my systems are running into this, presumably because they all have cgns kernels. > > > That's probably where the bug lies. cpu and net_cls is already their > own directory. However lxc.mount.hook tries to create a symlink from > cpu,cpuset (which will be created and bind-mounted later) to cpu. > Since that directory already exist, it ended up trying to create > /usr/lib/x86_64-linux-gnu/lxc/sys/fs/cgroup/cpu/cpu symlink instead of > /usr/lib/x86_64-linux-gnu/lxc/sys/fs/cgroup/cpu. Which fails. > > I didn't see a relevant change to lxcfs (rc4->rc6) on the "create > symlink" behavior, so the bug is probably somewhere in lxc (?) that > creates "cpu" and "net_cls" cgroup inside the container. > > My workaround: > > # diff -Naru /usr/share/lxcfs/lxc.mount.hook.orig > /usr/share/lxcfs/lxc.mount.hook > --- /usr/share/lxcfs/lxc.mount.hook.orig2016-03-18 > 07:32:48.0 +0700 > +++ /usr/share/lxcfs/lxc.mount.hook 2016-03-18 16:26:33.633345802 +0700 > @@ -51,7 +51,13 @@ > for single in $arr > do > if [ ! -L ${LXC_ROOTFS_MOUNT}/sys/fs/cgroup/$single ]; > then > -ln -s $DEST ${LXC_ROOTFS_MOUNT}/sys/fs/cgroup/$single > +if [ -d > ${LXC_ROOTFS_MOUNT}/sys/fs/cgroup/$single ]; then > +# a cgroup is already mounted there. Just > bind-mount ours > +mount -n --bind $entry > ${LXC_ROOTFS_MOUNT}/sys/fs/cgroup/$single > +else > +# I can simply create a symlink > +ln -s $DEST > ${LXC_ROOTFS_MOUNT}/sys/fs/cgroup/$single > +fi > fi > done > fi > > > The comments speak for themselves. That at least allows the container > to start while waiting for the devs to come up with a proper fix. The > container ended up with a cgroup directory like this: > > # ls -la /sys/fs/cgroup/ > total 0 > drwxr-xr-x 14 root root 320 Mar 18 16:43 . > drwxr-xr-x 7 root root 0 Mar 18 16:43 .. > drwxr-xr-x 3 root root 60 Mar 18 16:43 blkio > drwxr-xr-x 2 root root 0 Mar 19 05:39 cpu > drwxr-xr-x 2 root root 0 Mar 19 05:39 cpu,cpuacct > lrwxrwxrwx 1 root root 11 Mar 18 16:43 cpuacct -> cpu,cpuacct > drwxr-xr-x 3 root root 60 Mar 18 16:43 cpuset > drwxr-xr-x 3 root root 60 Mar 18 16:43 devices > drwxr-xr-x 3 root root 60 Mar 18 16:43 freezer > drwxr-xr-x 3 root root 60 Mar 18 16:43 hugetlb > drwxr-xr-x 3 root root 60 Mar 18 16:43 memory > drwxr-xr-x 2 root root 0 Mar 19 05:39 net_cls > drwxr-xr-x 2 root root 0 Mar 19 05:39 net_cls,net_prio > lrwxrwxrwx 1 root root 16 Mar 18 16:43 net_prio -> net_cls,net_prio > drwxr-xr-x 3 root root 60 Mar 18 16:43 perf_event > drwxr-xr
Re: [lxc-users] Systemd support status
Le 16/03/2016 à 18:50:16+0700, Fajar A. Nugraha a écrit > > I would like to know what is the status about lxc supporting inside the > > guest systemd. > > It works if you have the prequisite. And since ubuntu is shipping > lxc/lxd with ubuntu 16.04 (which uses systemd), they should support it > as well. > Nice. > Not sure what the OFFICIAL status of other distros as containers though. Ok. But if it's in the plan that's ok for me. > > Last time I try (some mounth ago, with LXC 1.0.X) I was able to start many > > guest with classic start script (Debian & Ubuntu) but with systemd (CentOS > > 7) I got many trouble. > > The prequisite includes lxc >= 1.1.x and lxcfs Ok. > > As I understand systemd going to be the standard, what would be the status > > of LXC ? > > I assume you use debian jessie host, which is why you're stuck at > 1.0.x? try backporting lxc from testing. Or use my unofficial > packages: http://debian-lxc.github.io/ Well...In fact actually I'm using vserver. When I try lxc I choose 1.0.x because it's say 1.0.x are the stable version, and for the « virtualisation » i like something stable. When I've lots of Vm inside, the upgrade for major version is not good for my blood presure ;-) I would try with 1.1.x soon. Regards. JAS -- Albert SHIH DIO bâtiment 15 Observatoire de Paris 5 Place Jules Janssen 92195 Meudon Cedex France Téléphone : +33 1 45 07 76 26/+33 6 86 69 95 71 xmpp: j...@obspm.fr Heure local/Local time: mer 16 mar 2016 13:57:16 CET ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Wildcard in lxd commands?
On 03/17/2016 01:03 AM, zzt...@openmailbox.org wrote: On 2016-03-16 11:12, Serge Hallyn wrote: Quoting zzt...@openmailbox.org (zzt...@openmailbox.org): Will wildcards be supported in lxd commands? For example, I'd like to do this: $ lxc info host:* or $ lxc info host:web* and get info on all containers/containers starting with "web" on host. Is there a quick/easy way to do something similar now? See 'lxc help list'. Filters should get you what you want. How would I use that in a command? For example would I stop dozens of containers whose names begin with "web" using the filter? lxc list is not the easiest to parse (https://github.com/lxc/lxd/issues/882). List uses tablewriter (https://github.com/olekukonko/tablewriter) to format output, but it does not have option to output e.g. CSV (sure you can use comma as a column separator, but you get whitespaces because columns data is variable length). You can not use filters to list running or stopped containers. Lxc start or stop do not support filters, only container name (or names). You though can always pipe commands if you want to stop dozens of containers whose names begin with "web" (note! lxc list keyword filter compares from the start of the name, so "lxc list eb" does not work in this case): $ lxc list web|grep RUNNING|awk '{ print $2 }'|xargs lxc stop ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] How to setup a static IP in a container with LX[C|D] 2.0.0.*
On Fri, Mar 18, 2016 at 11:43 AM, Stéphane Graber wrote: > Our stance hasn't changed. LXD doesn't know nor care about layer-3 > networking, all it does is setup your layer-2. > > Having LXD pre-initialize your network namespace confuses the heck out > of a bunch of distros which expect all network to be unconfigured by the > time they apply their own config (they don't clean things up so > duplicate entries lead to failure). Okay. As someone migrating from OpenVZ (and before that, VMware), one important use case I was expecting of LXD is that of multi-tenant boxes, where you need to give root access to a container to the "tenant", and expect them to adhere to a Terms of Service agreement, but need to have technical mitigations in place, so that even if they decide to violate the ToS (or innocently have their box hacked by a malicious third-party who decides to violate the ToS), access to other containers and the physical box (host OS) is very difficult to impossible (pending any undiscovered vulnerabilities or host-side misconfiguration). As part of that, I was expecting some way to tell LXD to restrict the IP addresses that can be claimed/used by a given container. For instance, if I have a public Internet IPv4 /26 allocated to a physical host by a hosting provider, I'll want to assign only one or two IP addresses to each container. Currently, I can have an LXD container just spuriously decide to use any arbitrary IP, and I haven't found a way to prevent it from doing that if an untrusted user has root access in the container. They can just run ifconfig and specify the IP address they want to use. How can I configure the host environment (LXD or something else on the host, assuming I'm running a very recent Ubuntu 16.04 Beta nightly) so that no packets can be transmitted to/from the guest unless the guest is using a specific IP or set of IPs? I also want to make sure that no broadcasting is occurring; i.e., the root user in the container should not be able to sniff layer 2 and see all the packets going to all the other containers. ...Or is LXD not suitable for this use case? If it isn't, will it ever be? Thanks, Sean > > > Nevertheless, we have recently allowed the following key through raw.lxc: > - lxc.network.X.ipv4 > - lxc.network.X.ipv4.gateway > - lxc.network.X.ipv6 > - lxc.network.X.ipv6.gateway > > Note that we require you set the interface index (X above) as mixing > those raw entris with the LXD generated config would otherwise randomly > cause an invalid config and container startup failure. > > > The recommended way to manage IPs with LXD is to do it exactly the same > way you would do it for your VMs or physical machines, so either > configure your DHCP server to give a static lease or configure the > container to use a static IP (you can use lxc file pull/push/edit to do > it on a stopped container). > > On Fri, Mar 18, 2016 at 10:18:33AM -0400, Sean McNamara wrote: >> First of all, there's no such thing as LX[C|D]. You're either using >> LXC or LXD. They're different enough in their configuration and >> operation that you can't ask an "either-or" question. Pick one >> solution and focus on that. >> >> I just wanted to chime in to say that I have this same question. I'm >> stuck using a pre-2.0 release of LXD because it allows me to use the >> "raw.lxc" config parameter to specify the IP settings for the guest. >> This configuration parameter was removed at some point prior to the >> 2.0 RC, so I ended up editing the source code of LXD to bring it back. >> I haven't found any equivalent configuration that works without using >> raw.lxc. >> >> raw.lxc: >> "lxc.network.ipv4=1.2.3.4/32\nlxc.network.ipv4.gateway=5.6.7.8\nlxc.network.hwaddr=00:11:22:33:44:55\nlxc.network.flags=up >> \ \nlxc.network.mtu=1500\n" >> volatile.eth0.hwaddr: 00:11:22:33:44:55 >> volatile.eth0.name: eth1 >> devices: >> eth0: >> hwaddr: 00:11:22:33:44:55 >> nictype: bridged >> parent: br0 >> >> On Ubuntu, you can then set up your bridge as follows in >> /etc/network/interfaces: >> >> auto br0 >> iface br0 inet static >> address 1.2.3.4 >> netmask 255.255.255.0 >> broadcast 5.6.7.8 >> gateway 9.10.11.12 >> bridge_ports eth0 >> bridge_stp off >> >> >> This is fine with LXD 0.24 that was built about a month before the 2.0 >> release candidates started hitting (and with edited source code to >> un-block the raw.lxc param) but I'm afraid to upgrade to LXD 2.0 >> because I don't know the way forward. >> >> It seems like support for certain basic network topologies are still >> being worked out with LXD. It should be easy, well-documented and >> flexible a la OpenVZ, but it's really not, as far as I have seen. The >> best way to make any progress that I've found thus far is to start >> learning Google Go and reading the source code. >> >> Thanks, >> >> Sean >> >> >> >> On Fri, Mar 18, 2016 at 9:10 AM, Hans Deragon wrote: >> > Greetings, >> > >
Re: [lxc-users] Limit file descriptors
Thanks for the reply, I'm trying to allow root access to my containers so adjusting limits inside the rootfs isn't a good idea for me. -- Alan Hoffmeister https://twitter.com/alan_hoff https://github.com/alanhoff https://keybase.io/alanhoff 2016-03-18 3:08 GMT-03:00 Guido Jäkel : > Dear Alan, > > adjust the limits per Container in /etc/security/limits.conf , e.g. add > something like > > > * hardnofile 8192 > * softnofile 8000 > * hardnproc 1024 > * softnproc 1000 > > and maybe adjust the values at the host, too. > > > Greetings > > Guido > > > On 17.03.2016 00:40, Alan Hoffmeister wrote: > > Hello folks, > > > > I'm having some troubles where one container can drain the amount of file > > descriptors available in the host system. Does somebody knows how to > limit > > file descriptors per container? > > > > I'm running lxd v2.0.0.rc3 and lxc v2.0.0.rc10 > > > > Cheers > > > > -- > > Alan Hoffmeister > > https://twitter.com/alan_hoff > > https://github.com/alanhoff > > https://keybase.io/alanhoff > > > > > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users