Re: [lxc-users] Newer upstream releases - Stable for production?

[Janjaap Bos]

I can confirm that we for sure also depend on the stable 2.0 in xenial.

It actually is very easy to install a more recent version nested in 2.0 for
specific use cases.

2017-04-05 23:53 GMT+02:00 Stéphane Graber :

> Yes, it would be.
>
> I also disagree that it's what most people would want.
>
> The majority of the feedback we've been getting from production users so
> far is that they're very happy having an extremely stable version of LXD
> that they don't need to think about and that gets frequent bugfixes and
> security fixes.
>
> For everyone else, you just need to run:
>
> apt install -t xenial-backports lxd lxd-client
>
> On Wed, Apr 05, 2017 at 11:45:32PM +0200, Jakob Gillich wrote:
> > Would it be against distribution policy to upgrade the lxd package in
> > xenial? I feel like most users do not want 2.0, but that's what they get
> by
> > default.
> >
> > On Wed, Apr 5, 2017 at 1:49 AM, Stéphane Graber 
> wrote:
> > > Hi,
> > >
> > > So it really depends on how tolerant you may be to accidental downtime
> > > and need to occasionaly adapt scripts as new features are added.
> > >
> > > LXD 2.0.x only gets bugfixes and security updates and so an upgrade
> will
> > > never break anything that uses the LXD commands or the API.
> > >
> > >
> > > For the newer feature releases, we don't break the REST API, only add
> > > bits to it, but occasionaly those bits mean that some extra
> > > configuration steps may be needed, as was the case with the network API
> > > in 2.3 or the storage API in 2.9.
> > >
> > > Upgrading to such releases will automatically attempt to migrate your
> > > setup so that it keeps working and doesn't suffer any downtime. But
> it's
> > > certainly not completely bug free and we do occasionaly hit issues
> > > there.
> > >
> > >
> > > If you do want the new features, I'd recommend that you at least stay
> on
> > > Ubuntu 16.04 LTS, then do this:
> > >
> > > apt install -t xenial-backports lxd lxd-client
> > >
> > > This will install lxd and lxd-client from "xenial-backports" which is a
> > > special pocket of the main Ubuntu archive. This is far preferable from
> > > using the LXD PPA.
> > >
> > > The LXD stable PPA is automatically generated whenever a new upstream
> > > release has hit the current Ubuntu development release and has passed
> > > automatic testing, which is to say that when an update hits, it would
> > > have seen very little field testing.
> > >
> > > xenial-backports is different in that the packages in there are the
> same
> > > as the PPA, but I only push them through once I feel confident there
> > > aren't any upgrade issues that we should address.
> > >
> > >
> > > One recent example of that was the storage API. PPA users would have
> > > gotten LXD 2.9, 2.9.1, 2.9.2, 2.10, 2.10.1 and 2.11 in quick sucession
> > > as we were sorting out some upgrade issues with the storage API.
> > >
> > > Users of xenial-backports were on LXD 2.8 up until yesterday when I
> > > pushed LXD 2.12 to it as we are now feeling confident that all upgrade
> > > issues that were reported have been satisfyingly resolved.
> > >
> > >
> > > One last note. LXD doesn't support downgrading its database, that means
> > > that if you upgrade from 2.0.x to some 2.x release, there is no going
> > > back. You can't downgrade back to 2.0.x afterwards. You can move LXD
> > > containers from a new release to a server running an older release as
> we
> > > way to do a two stage downgrade, but you may need to alter their
> > > configurations a bit for this to succeed (remove any option key that
> > > came from a newer release).
> > >
> > > Stéphane
> > >
> > > On Tue, Apr 04, 2017 at 02:55:32PM +0200, Gabriel Marais wrote:
> > > >  Hi Guys
> > > >
> > > >  I would like to take advantage in some of the new(er) features
> > > > available in
> > > >  releases higher than 2.0.x
> > > >
> > > >  Would it be advisable to upgrade to 2.12 to be used in a production
> > > >  environment?
> > > >
> > > >
> > > >
> > > >  --
> > > >
> > > >
> > > >
> > > >
> > > >  Regards
> > > >
> > > >  Gabriel Marais
> > > >
> > > >  Office: +27 861 466 546 x 7001
> > > >  Mobile: +27 83 663 
> > > >  Mail: gabriel.j.mar...@gmail.com
> > > >
> > > >  Unit 11, Ground Floor, Berkley Office Park
> > > >  Cnr Bauhinia & Witch Hazel Str,
> > > >  Highveld, Centurion, South-Africa
> > > >  0157
> > > >
> > > >  PO Box 15846, Lyttelton, South Africa, 0140
> > > >  ___
> > > >  lxc-users mailing list
> > > >  lxc-users@lists.linuxcontainers.org
> > > >  http://lists.linuxcontainers.org/listinfo/lxc-users
> > >
> > > --
> > > Stéphane Graber
> > > Ubuntu developer
> > > http://www.ubuntu.com
> > > ___
> > > lxc-users mailing list
> > > lxc-users@lists.linuxcontainers.org
> > > http://lists.linuxcontainers.org/listinfo/lxc-users
> >
> > ___
> > lxc-users mailing list
> > lxc-users@lists.

Re: [lxc-users] Creating a custom LXC container

[Nicholas Chambers]

My bad! I didn't realize there was a difference. At the moment I am 
working with lxc. Also, I forgot to mention, I would ideally like to 
make an unprivledged container, but can make a privledged container if 
necessary.



On 4/5/17 7:20 PM, Spike wrote:
are you suing lxc or lxd? in case it helps, I made a whole bunch of 
custom containers by followed this simple process (which came from: 
https://stgraber.org/2016/03/30/lxd-2-0-image-management-512/) :


- download image (xenial in my case from ubuntu: )
- lxc exec c1 /bin/bash
- make all the changes I want
- lxc stop c1
- lxc publish c1 (gets published to local: repository)

best,

Spike

On Wed, Apr 5, 2017 at 3:05 PM Nicholas Chambers 
> wrote:


Hello! I'm working on a code evaluation bot, and want to make a custom
container for it to work in or out of. Would I just need to modify
[1],
and it will generate the container for me?


 [1]
https://github.com/lxc/lxc/blob/master/templates/lxc-ubuntu.in

--
Nicholas Chambers
Technical Support Specialist
nchamb...@lightspeedsystems.com

1.800.444.9267 
www.lightspeedsystems.com 

___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org

http://lists.linuxcontainers.org/listinfo/lxc-users



___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users


--
Nicholas Chambers
Technical Support Specialist
nchamb...@lightspeedsystems.com
1.800.444.9267
www.lightspeedsystems.com

___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Creating a custom LXC container

[Guido Jäkel]

Dear Nicholas,

there's no real difference in proposed procedure, just use lxc-execude to enter 
a containers enviroment (, i.e. set of namespaces). Or use lxc-attach to attach 
to a console login of the running container

with greetings

Guido

On 06.04.2017 16:01, Nicholas Chambers wrote:
> My bad! I didn't realize there was a difference. At the moment I am working 
> with lxc. Also, I forgot to mention, I would ideally like to make an 
> unprivledged container, but can make a privledged container if necessary.
> 
> 
> On 4/5/17 7:20 PM, Spike wrote:
>> are you suing lxc or lxd? in case it helps, I made a whole bunch of custom 
>> containers by followed this simple process (which came from: 
>> https://stgraber.org/2016/03/30/lxd-2-0-image-management-512/) :
>>
>> - download image (xenial in my case from ubuntu: )
>> - lxc exec c1 /bin/bash
>> - make all the changes I want
>> - lxc stop c1
>> - lxc publish c1 (gets published to local: repository)
>>
>> best,
>>
>> Spike
>>
>> On Wed, Apr 5, 2017 at 3:05 PM Nicholas Chambers 
>> mailto:nchamb...@lightspeedsystems.com>> 
>> wrote:
>>
>> Hello! I'm working on a code evaluation bot, and want to make a custom
>> container for it to work in or out of. Would I just need to modify
>> [1],
>> and it will generate the container for me?
>>
>>
>>  [1]
>> https://github.com/lxc/lxc/blob/master/templates/lxc-ubuntu.in
>>
>> --
>> Nicholas Chambers
>> Technical Support Specialist
>> nchamb...@lightspeedsystems.com
>> 
>> 1.800.444.9267 
>> www.lightspeedsystems.com 
>>
>> ___
>> lxc-users mailing list
>> lxc-users@lists.linuxcontainers.org
>> 
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>
>>
>>
>> ___
>> lxc-users mailing list
>> lxc-users@lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
> 
> 
> 
> ___
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
> 
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Enabling real time support in containers

[Peter Steele]

On 04/05/2017 06:45 AM, Serge E. Hallyn wrote:

  I correct in assuming LXC *does* provide a means to enable RT
The kernel has hardcoded checks (which are not namespaced) that
if you are not (global) root, you cannot set or change the rt
policy.  I suspect there is a way that could be safely relaxed
(i.e. if a container has exclusie use of a cpu), but we'd have
to talk to the scheduling experts about what would make sense.
(see
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/kernel/sched/core.c?id=refs/tags/v4.11-rc5#n4164
)

Otherwise, as a workaround (assuming this is the only problem you
hit) you could simply make sure that the RT policy is correct ahead
of time and the priority is high enough that the application is only
lowering it, then the kernel wouldn't stop it.  Certainly that's
more fragile.  Or you could get fancier and LD_PRELOAD to catch
sys_setscheduler and redirect to an api over a socket to a tiny
deamon on the host kernel which sets it up for you...  But certainly
it would be best for everyone if this was supported in the kernel the
right way.

Most of our containers do not require real time support. There are a 
couple of cases though where our software does use real time threads 
though. We originally were running under libvirt based VMs and real time 
support was not an issue in this kind of environment (it was fully 
supported). We ported our software to libvirt lxc based containers and 
with the appropriate configuration was able to get real time support 
working under this environment as well. We want to make one more 
transition now to LXC (mainly due to lack of active support for 
libvirt-lxc in CentOS). I had assumed this was simply a container 
configuration issue but your response makes me think that it's not as 
simple as that. Not sure where that leaves us.


Peter

___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] Manually building an image

[Robert Johnson]

I have a particular distribution based on CentOS 7 that I would like to 
turn into a LXD container. The post from Stephane Graber here below has 
a section titled Manually building an image, but it gives some pretty 
generic steps that I'm not entirely familiar with. I'm hoping someone 
could point me in the right direction.


1. Generate a container filesystem. This entirely depends on the 
distribution you’re using. For Ubuntu and Debian, it would be by using 
debootstrap.


If anyone has an documentation on "Generating a container filesystem", 
I'm all ears. Specifically pertaining to CentOS 7 would be great.


Could I just create a tarball of / ?

2. Configure anything that’s needed for the distribution to work 
properly in a container (if anything is needed).


How would I know if a distribution needs any special attention?

From there on, the process seems pretty straight forward.
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Experience with large number of LXC/LXD containers

[Serge E. Hallyn]

Quoting Tomasz Chmielewski (man...@wpkg.org):
> On 2017-03-13 06:28, Benoit GEORGELIN - Association Web4all wrote:
> >Hi lxc-users ,
> >
> >I would like to know if you have any experience with a large number of
> >LXC/LXD containers ?
> >In term of performance, stability and limitation .
> >
> >I'm wondering for exemple, if having 100 containers behave the same of
> >having 1.000 or 10.000  with the same configuration to avoid to talk
> >about container usage.
> 
> I'm running LXD on several servers and I'm generally satisfied with
> it - performance, stability are fine. They are mostly <50 containers
> though.
> 
> I also have a LXD server which runs 100+ containers, which
> starts/stops/deletes dozens of containers daily and is used for
> automation. Approximately once every 1-2 months, "lxc stop" / "lxc
> restart" command will fail, which is a bit of stability concern for
> us.
> 
> The cause is unclear. In LXD log for the container, the only thing
> logged is:
> 
> 
> lxc 20170301115514.738 WARN lxc_commands -
> commands.c:lxc_cmd_rsp_recv:172 - Command get_cgroup failed to
> receive response: Connection reset by peer.
> 
> 
> When it starts to happen, it affects all containers - "lxc stop /
> lxc restart" will hang for any of the running containers. What's
> interesting, the container gets stopped with "lxc stop", the command
> just never returns. For "lxc restart" case, it will just stop the
> container (and the command will not return / will not start the
> container again).
> 
> The only thing which fixes that is server restart.
> 
> There is also no clear way to reproduce it reliably (other than
> running the server for long, and starting/stopping a large number of
> containers over that time...).
> 
> I think it's some kernel issue, but unfortunately I was not able to
> debug this any further.

Hi,

would you mind opening an issue for this at github.com/lxc/lxd/issues?
Just add in all the info you have and, if I understand right that you
can't put time into further reproductions, just say so up top so
hopefully we won't bug you too much.
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Experience with large number of LXC/LXD containers

[Tomasz Chmielewski]

On 2017-04-07 06:41, Serge E. Hallyn wrote:


would you mind opening an issue for this at github.com/lxc/lxd/issues?
Just add in all the info you have and, if I understand right that you
can't put time into further reproductions, just say so up top so
hopefully we won't bug you too much.


Here it is:

https://github.com/lxc/lxd/issues/3159


I can try reproducing that if you have any ideas how to do it.

And/or, what exactly to run if it hangs again to get some more debugging 
- note I'll have to run it relatively quickly, then will have to restart 
the server - meaning, most likely no time for any interaction on the 
mailing list / github.



Tomasz Chmielewski
https://lxadm.com
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users