Re: [lxc-users] LXD containers always start

2016-10-19 Thread Christian Tardif 

OK perfect. Thanks!

Christian Tardif




-- Message d'origine --
De: "Stéphane Graber" 
À: "LXC users mailing-list" 
Envoyé : 2016-10-19 23:15:43
Objet : Re: [lxc-users] LXD containers always start


On Thu, Oct 20, 2016 at 03:09:01AM +, Christian Tardif wrote:

 I'm trying to restrict some containers from autobooting on every host
 restart.

 From the documentation, I tried two approaches:

 lxc config set  boot.autostart false

 or

 lxc config set boot.autostart 0

 None of these configs work. Containers always boot on restart.

 Checked in the container profile, and there's nothing there regarding
 autostart.

 Any help?

 Christian Tardif


LXD will restore container state on reboot which is probably the case
here assuming those containers were running at the time the system was
stopped.

We have merged a fix a few days ago that makes boot.autostart override
this behavior, so that you can set it to "false" as you described above
and it'll do the right thing.


That should be in LXD 2.5 and then LXD 2.0.5.

--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] LXD containers always start

2016-10-19 Thread Stéphane Graber 
On Thu, Oct 20, 2016 at 03:09:01AM +, Christian Tardif wrote:
> I'm trying to restrict some containers from autobooting on every host
> restart.
> 
> From the documentation, I tried two approaches:
> 
> lxc config set  boot.autostart false
> 
> or
> 
> lxc config set boot.autostart 0
> 
> None of these configs work. Containers always boot on restart.
> 
> Checked in the container profile, and there's nothing there regarding
> autostart.
> 
> Any help?
> 
> Christian Tardif

LXD will restore container state on reboot which is probably the case
here assuming those containers were running at the time the system was
stopped.

We have merged a fix a few days ago that makes boot.autostart override
this behavior, so that you can set it to "false" as you described above
and it'll do the right thing.


That should be in LXD 2.5 and then LXD 2.0.5.

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com


signature.asc
Description: PGP signature
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] LXD containers always start

2016-10-19 Thread Christian Tardif 
I'm trying to restrict some containers from autobooting on every host 
restart.



From the documentation, I tried two approaches:


lxc config set  boot.autostart false

or

lxc config set boot.autostart 0

None of these configs work. Containers always boot on restart.

Checked in the container profile, and there's nothing there regarding 
autostart.


Any help?

Christian Tardif___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] sudo dpkg-reconfigure -p medium lxd no longer works, what's the alternative

2016-10-19 Thread Stéphane Graber 
On Wed, Oct 19, 2016 at 09:01:34PM -0500, David Favor wrote:
> net12 # sudo dpkg-reconfigure -p medium lxd
> Warning: Stopping lxd.service, but it can still be activated by:
>   lxd.socket
> net12 #
> 
> dpkg-reconfigure no longer allows reconfiguring lxd networking.
> 
> Someone let me know alternatives.
> 
> Thanks.

So you're most likely on LXD 2.3 or higher.

In those versions network management is now done natively by LXD through
the "lxc network" commands.

You can list the defined networks with "lxc network list", then modify
them (for those marked as managed) with "lxc network edit ".

The set of properties you can use is defined at:
  
https://github.com/lxc/lxd/blob/master/doc/configuration.md#network-configuration


-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com


signature.asc
Description: PGP signature
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] sudo dpkg-reconfigure -p medium lxd no longer works, what's the alternative

2016-10-19 Thread David Favor 

net12 # sudo dpkg-reconfigure -p medium lxd
Warning: Stopping lxd.service, but it can still be activated by:
  lxd.socket
net12 #

dpkg-reconfigure no longer allows reconfiguring lxd networking.

Someone let me know alternatives.

Thanks.
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] How can I “exec” a network namespace (ip netns) inside an lxc container

2016-10-19 Thread Yinon 
Adding the steps taken to launch the container:
lxc profile create devstack-profile
lxc profile set devstack-profile linux.kernel_modules br_netfilter
lxc profile device add devstack-profile eth0 nic nictype=bridged 
parent=br-lxd-mgmt
lxc profile device add devstack-profile eth1 nic nictype=bridged 
parent=br-lxd-fip
lxc launch ubuntu:16.04 c1 -p devstack-profile
lxc config device add c1 tun unix-char path=/dev/net/tun
lxc config set c1 security.nesting true 

On Wednesday, October 19, 2016 8:34 AM, Yinon  wrote:
 

 I installed an Ubuntu server 16.04. Inside I installed LXD and running an 
Ubuntu 16.04 container.Initially, I had this problem when trying to "ip netns 
add":
mount –make-shared /var/run/netns failed: Permission denied
And I did this to work around it:
lxc config set container security.nesting true
But now I get:
mount of /sys failed: Operation not permitted
when I try to "ip netns exec".What am I missing?
Also posted here: How can I "exec" a network namespace (ip netns) inside an lxc 
container

  
|  
|  
|  
|   ||

  |

  |
|  
|   |  
How can I "exec" a network namespace (ip netns) inside an lxc con...
 I installed an Ubuntu server 16.04. Inside I installed LXD and running an 
Ubuntu 16.04 container. Initially, I ...  |   |

  |

  |

 

Thanks

   ___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Looking for LXD-2.4.1 Static IP Setup Documentation

2016-10-19 Thread Matt Green 
I've been effectively building a network interfaces file and pushing it to
the container.
I posted my script here:
https://www.reddit.com/r/homelab/comments/50s7jz/lxd_automation_script/

I'm in the process of moving my build scripts to python, but that shell
script worked.

Matt

On 19 October 2016 at 20:22, Caleb Everett  wrote:

> https://github.com/lxc/lxd/issues/2050
>
> On Wed, Oct 19, 2016 at 4:37 AM, Nicola Volpini 
> wrote:
>
>> Hello
>> > ATM what I do is either use dnsmasq to provide DHCP or stop the
>> > container and push a preconfigured interfaces file...
>> >
>> > lxc file push interfaces.tmp CONTAINER/etc/network/interfaces
>> Same approach we are using, but with Ansible as our
>> "bootstrapper/configurer".
>>
>> I've been successfully able to do the following:
>>
>> 1. generate instance-specific config in the form of a cloud-init file
>> 2. create container
>> 3. take down network on the container by running lxc exec ... ifdown -a
>> 4. generate the container's nw config file on the LXD host via ansible
>> and push it to the container via "lxc push" (and remove the default
>> configs if necessary)
>> 5. bring up network on the container by running lxc exec ... ifup -a
>>
>> The cloud-init config is used to inject the ssh key, setup the ssh
>> daemon+config and create an ansible-remote user. That user is necessary
>> for ansible to do later more complex configs by directly accessing the
>> container over ssh, as you would do for a normal ansible host.
>>
>> Something cleaner would be cool, possibly integrated in cloud-init itself.
>>
>> I guess this is somehow possible by creating your custom images and
>> customizing the templates section of the metadata.yaml file, as outlined
>> in the last part of this article
>> https://www.stgraber.org/2016/03/30/lxd-2-0-image-management-512/
>>
>> CONFIDENTIALITY NOTICE: This email message (and any attachment) is
>> intended only for the individual or entity to which it is addressed. The
>> information in this email is confidential and may contain information that
>> is legally privileged or exempt from disclosure under applicable law. If
>> you are not the intended recipient, you are strictly prohibited from
>> reading, using, publishing or disseminating such information and upon
>> receipt, must permanently delete the original and destroy any copies. We
>> take steps to protect against viruses and other defects but advise you to
>> carry out your own checks and precautions as Kambi does not accept any
>> liability for any which remain. Thank you for your co-operation.
>> ___
>> lxc-users mailing list
>> lxc-users@lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>
>
>
> ___
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Looking for LXD-2.4.1 Static IP Setup Documentation

2016-10-19 Thread Caleb Everett 
https://github.com/lxc/lxd/issues/2050

On Wed, Oct 19, 2016 at 4:37 AM, Nicola Volpini 
wrote:

> Hello
> > ATM what I do is either use dnsmasq to provide DHCP or stop the
> > container and push a preconfigured interfaces file...
> >
> > lxc file push interfaces.tmp CONTAINER/etc/network/interfaces
> Same approach we are using, but with Ansible as our
> "bootstrapper/configurer".
>
> I've been successfully able to do the following:
>
> 1. generate instance-specific config in the form of a cloud-init file
> 2. create container
> 3. take down network on the container by running lxc exec ... ifdown -a
> 4. generate the container's nw config file on the LXD host via ansible
> and push it to the container via "lxc push" (and remove the default
> configs if necessary)
> 5. bring up network on the container by running lxc exec ... ifup -a
>
> The cloud-init config is used to inject the ssh key, setup the ssh
> daemon+config and create an ansible-remote user. That user is necessary
> for ansible to do later more complex configs by directly accessing the
> container over ssh, as you would do for a normal ansible host.
>
> Something cleaner would be cool, possibly integrated in cloud-init itself.
>
> I guess this is somehow possible by creating your custom images and
> customizing the templates section of the metadata.yaml file, as outlined
> in the last part of this article
> https://www.stgraber.org/2016/03/30/lxd-2-0-image-management-512/
>
> CONFIDENTIALITY NOTICE: This email message (and any attachment) is
> intended only for the individual or entity to which it is addressed. The
> information in this email is confidential and may contain information that
> is legally privileged or exempt from disclosure under applicable law. If
> you are not the intended recipient, you are strictly prohibited from
> reading, using, publishing or disseminating such information and upon
> receipt, must permanently delete the original and destroy any copies. We
> take steps to protect against viruses and other defects but advise you to
> carry out your own checks and precautions as Kambi does not accept any
> liability for any which remain. Thank you for your co-operation.
> ___
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] How can I “exec” a network namespace (ip netns) inside an lxc container

2016-10-19 Thread Yinon 
I installed an Ubuntu server 16.04. Inside I installed LXD and running an 
Ubuntu 16.04 container.Initially, I had this problem when trying to "ip netns 
add":
mount –make-shared /var/run/netns failed: Permission denied
And I did this to work around it:
lxc config set container security.nesting true
But now I get:
mount of /sys failed: Operation not permitted
when I try to "ip netns exec".What am I missing?
Also posted here: How can I "exec" a network namespace (ip netns) inside an lxc 
container

  
|  
|   
|   
|   ||

   |

  |
|  
|   |  
How can I "exec" a network namespace (ip netns) inside an lxc con...
 I installed an Ubuntu server 16.04. Inside I installed LXD and running an 
Ubuntu 16.04 container. Initially, I ...  |   |

  |

  |

 

Thanks___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Looking for LXD-2.4.1 Static IP Setup Documentation

2016-10-19 Thread Nicola Volpini 
Hello
> ATM what I do is either use dnsmasq to provide DHCP or stop the
> container and push a preconfigured interfaces file...
>
> lxc file push interfaces.tmp CONTAINER/etc/network/interfaces
Same approach we are using, but with Ansible as our
"bootstrapper/configurer".

I've been successfully able to do the following:

1. generate instance-specific config in the form of a cloud-init file
2. create container
3. take down network on the container by running lxc exec ... ifdown -a
4. generate the container's nw config file on the LXD host via ansible
and push it to the container via "lxc push" (and remove the default
configs if necessary)
5. bring up network on the container by running lxc exec ... ifup -a

The cloud-init config is used to inject the ssh key, setup the ssh
daemon+config and create an ansible-remote user. That user is necessary
for ansible to do later more complex configs by directly accessing the
container over ssh, as you would do for a normal ansible host.

Something cleaner would be cool, possibly integrated in cloud-init itself.

I guess this is somehow possible by creating your custom images and
customizing the templates section of the metadata.yaml file, as outlined
in the last part of this article
https://www.stgraber.org/2016/03/30/lxd-2-0-image-management-512/

CONFIDENTIALITY NOTICE: This email message (and any attachment) is intended 
only for the individual or entity to which it is addressed. The information in 
this email is confidential and may contain information that is legally 
privileged or exempt from disclosure under applicable law. If you are not the 
intended recipient, you are strictly prohibited from reading, using, publishing 
or disseminating such information and upon receipt, must permanently delete the 
original and destroy any copies. We take steps to protect against viruses and 
other defects but advise you to carry out your own checks and precautions as 
Kambi does not accept any liability for any which remain. Thank you for your 
co-operation.
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] lxc 2.0: command get_cgroup failed for 'dom1': Permission denied

2016-10-19 Thread Harald Dunkel 
On 10/18/2016 08:59 AM, Harald Dunkel wrote:
> Hi folks,
> 
> since lxc 2.0 my monitoring scripts return error messages about
> running system containers, e.g.:
> 
> % lxc-ls -P /data1/lxc --fancy jerry1
> lxc-ls: commands.c: lxc_cmd_get_cgroup_path: 468 command get_cgroup failed 
> for 'jerry1': Permission denied
> lxc-ls: commands.c: lxc_cmd_get_cgroup_path: 468 command get_cgroup failed 
> for 'jerry1': Permission denied
> lxc-ls: commands.c: lxc_cmd_get_cgroup_path: 468 command get_cgroup failed 
> for 'jerry1': Permission denied
> lxc-ls: commands.c: lxc_cmd_get_cgroup_path: 468 command get_cgroup failed 
> for 'jerry1': Permission denied
> NAME   STATE AUTOSTART GROUPS IPV4 IPV6
> jerry1 - 0 auto   --
> 
> Using strace the "permission denied" is not shown, but the
> output of lxc-ls is still broken.
> 
> This is pretty painful. I wouldn't like to do monitoring
> with root, if it can be avoided.
> 
> 
> Plattform is Jessie, lxc 2.0.4. No systemd.
> 

PS: systemd and the most recent lxc 2.0.5 didn't help,
unfortunately.

Using docker I can add the monitoring user to the "docker"
group. Very convenient. Maybe there is a similar construct
for lxc that I missed in the documentation?


Every helpful comment is highly appreciated
Harri

___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users