[lxc-users] Mounting squashfs inside a container

2017-05-30 Thread Ben Warren 
Hi,

I’m using an LXC to build up a rootfs for another target, and am unable to 
mount a squashfs image:

root@cd-build-dev-385:~# mount -t squashfs -r myproject.squashfs mnt
ioctl: LOOP_SET_STATUS: Operation not permitted
root@cd-build-dev-385:~#

If I instead use ‘unsquashfs’, I get into device creation errors:

root@cd-build-dev-385:~# unsquashfs -x myproject.squashfs 
Parallel unsquashfs: Using 4 processors
13529 inodes (15282 blocks) to write

[|  
   ]21/15282   0%
create_inode: failed to create character device squashfs-root/dev/console, 
because Operation not permitted
create_inode: failed to create character device squashfs-root/dev/null, because 
Operation not permitted
create_inode: failed to create character device squashfs-root/dev/ptmx, because 
Operation not permitted
create_inode: failed to create character device squashfs-root/dev/urandom, 
because Operation not permitted
create_inode: failed to create character device squashfs-root/dev/zero, because 
Operation not permitted


I assume the two issues are related, assuming that creation of device nodes 
within an unprivileged container is prohibited.  In my case I’m less concerned 
about security, and am using containers more for encapsulation.

Is there a configuration override that will allow dynamic device creation 
within a container, or another way of going about this?  I know that I can add 
device nodes externally using ‘lxc device add …’ and have used it for creating 
loopback devices, but that’s static.

Environment:
host: Ubuntu 14.04
LXC:
ben@ben-sc:~$ dpkg -l | grep lx[cd]
ii  liblxc1   
2.0.7-0ubuntu1~14.04.1skyport1 amd64Linux Containers 
userspace tools (library)
ii  lxc-common
2.0.7-0ubuntu1~14.04.1skyport1 amd64Linux Containers 
userspace tools (common tools)
ii  lxcfs 
2.0.6-0ubuntu1~14.04.1 amd64FUSE based filesystem 
for LXC
ii  lxd   
2.0.9-0ubuntu1~14.04.1 amd64Container hypervisor 
based on LXC - daemon
ii  lxd-client
2.0.9-0ubuntu1~14.04.1 amd64Container hypervisor 
based on LXC - client

Note that I’ve built the LXC libraries from source, but based on the current 
‘ubuntu-trusty-backports’ .deb packages.

regards,
Ben


 
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] near-live migration

2017-05-30 Thread Ron Kelley 
While not a direct answer, I filled an enhancement bug recently for this 
exact topic (incremental snapshots to remote server). The enhancement was 
approved, but I don't know when it will be included in the next LXD version.



On May 30, 2017 11:52:34 AM Kees Bos  wrote:


Hi,

Right now I'm using the sequence 'stop - move - start' for migration of
containers (live migration fails too often).

The 'move' step can take some time. I wonder if it would be easy to
implement/do something like:
  - prepare move (e.g. take snapshot an copy upto snaphot)
  - stop
  - copy the rest
  - remove snapshot on dst
  - remove container from src
  - start container on dst

That would minimize downtime without the complexity of a live
migration.

What are your thoughts?

Kees
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users



___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] near-live migration

2017-05-30 Thread Kees Bos 
Hi,

Right now I'm using the sequence 'stop - move - start' for migration of
containers (live migration fails too often).

The 'move' step can take some time. I wonder if it would be easy to
implement/do something like:
  - prepare move (e.g. take snapshot an copy upto snaphot)
  - stop
  - copy the rest
  - remove snapshot on dst
  - remove container from src
  - start container on dst

That would minimize downtime without the complexity of a live
migration.

What are your thoughts?

Kees
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] IPv6-only Bridge?

2017-05-30 Thread Andrey Repin 
Greetings, Thomas Ward!


> I'm trying to set up IPv6 bridging

wat

> so that I can get my IPv6 addresses working properly on containers so they
> can just *get* IPv6 addresses that work, either by static assignment or 
> dynamic.

It's called "routing".

> Attempting to set a bridge breaks host routing for IPv4, and I'm stuck
> on using the serial console to get in.  Is there a way to achieve an
> IPv6-only bridge to the LXD container(s), that can bridge IPv6 addresses
> to an ethernet port without disrupting the IPv4 routing of the host?

> (I currently use DNAT/SNAT/FORWARD rules on the host to route specific
> IPv4 addresses' traffic via 1:1 NAT into individual containers, but I
> need similar functionality with IPv6 and DNAT/SNAT doesn't work in IPv6)

Just dedicate an IPv6 subnet for your containers and route traffic to the
required interface.


-- 
With best regards,
Andrey Repin
Tuesday, May 30, 2017 17:41:43

Sorry for my terrible english...

___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] would there be value in starting an LXD community online collection of how-to related information

2017-05-30 Thread Rick Leir 



On 2017-05-29 10:50 PM, Stéphane Graber wrote:

On Tue, May 30, 2017 at 11:57:24AM +1000, Mark Constable wrote:

On 30/05/17 10:17, Luis Michael Ibarra wrote:

For now we have discussions, Core dev blogs, github *md files, lxd
wiki, etc. Shouldn't be useful to have an official documentation
channel?

I lean towards an independent option so along those lines this is one
possibly crazy suggestion, FWIW...

- someone register linuxcontainers.wiki (~$30/yr)
- start with a 1GB DigitalOcean droplet
- optionally start a patreon.com project to fund the above
- install Wordpress to easily manage user accounts
- install some plugins like...
   - https://wordpress.org/plugins/yada-wiki/
   - https://wordpress.org/plugins/github-embed/
   - https://wordpress.org/plugins/asgaros-forum/
   - https://wordpress.org/plugins/jetpack-markdown/
   - https://wordpress.org/plugins/wordpress-social-login/

Use WP to mainly manage users and host the plugins but any site pages
can also be easily managed and of course the blog part could be used
for "latest news" and "featured articles". The lightweight forum could
be used for meta discussion and of course the wiki plugin is just that.
The github-embed plugin can provide feedback on various Github projects
and the social-login plugin mostly avoids having to specifically signup
to yet-another-blog-site to get directly involved with the wiki.

I could set all of this up in about 15 minutes but it's a complete waste
of my time unless other folks actually wanted to use it.

Can't https://discuss.linuxcontainers.org be used for most of that?

It's self-moderated (to an extent), already has a number of howtos,
posts can be tagged and turned into wikis as needed (not a full wiki but
it means anyone with a particular trust-level can edit/contribute).

Ultimately what most people follow for documentation is the website, but
we already do maintain a pretty length list of links there and certainly
wouldn't have any problem linking to more sources (which you can do
today by forking the website on Github and sending a pull request).


Yes, agreed on linuxcontainers.org , 
and the Fedora folks can get info onto fedoraproject.org/wiki/, 
hopefully linked to the LXC page. It is not _wide_ open for 
contributors, but almost so. This would be just for RHEL related issues, 
and hopefully the Fedora folks would contribute general LXC info to 
linuxcontainers.org. 

cheers -- Rick




___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users


___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users