Re: [lxc-users] Error transferring container data:
On 08/18/2018 05:48 PM, Pierre Couderc wrote: On 08/18/2018 04:16 PM, Stéphane Graber wrote: On Sat, Aug 18, 2018 at 12:02:02PM +0200, Pierre Couderc wrote: Error: Failed container creation: - https://192.168.163.1:8443: Error transferring container data: exit status 12 - https://[2a01:a34:eaaf:c5f0:ca60:ff:fa5a:fd23]:8443: Error transferring container data: websocket: bad handshake nous@couderc:~$ I have tried : nous@couderc:~$rsync -avz root@192.168.163.1:/var/lib/lxd/containers/debian/ . and too : root@server:~# rsync -avz /var/lib/lxd/containers/debian/ nous@192.168.163.253:ttt work without problem (in this "LXD only server", only root is used : no non LXD application, no other user). ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] How can a non-root user assign unique UID/GID range for LXC unprivileged containers ??
Hi Xavier, Thank you for your response. I even tried with bigger range, but still no luck. in 1st container (cont1) config, lxc.id_map = u 0 10 1000 lxc.id_map = g 0 10 1000 & and in 2nd container (cont2) config: lxc.id_map = u 0 101500 1000 lxc.id_map = g 0 101500 1000 get the same error lxc-start 20180817035100.984 ERRORlxc_conf - conf.c:mount_rootfs:798 - Permission denied - Failed to get real path for "/home/oxpd/.local/share/lxc/uidranges/rootfs". lxc-start 20180817035100.984 ERRORlxc_conf - conf.c:setup_rootfs:1220 - Failed to mount rootfs "/home/oxpd/.local/share/lxc/uidranges/rootfs" onto "/usr/lib/x86_64-linux-gnu/lxc" with options "(null)". lxc-start 20180817035100.984 ERRORlxc_conf - conf.c:do_rootfs_setup:3899 - failed to setup rootfs for 'uidranges' lxc-start 20180817035100.984 ERRORlxc_conf - conf.c:lxc_setup:3981 - Error setting up rootfs mount after spawn lxc-start 20180817035100.984 ERRORlxc_start - start.c:do_start:811 - Failed to setup container "uidranges". lxc-start 20180817035100.984 ERRORlxc_sync - sync.c:__sync_wait:57 - An error occurred in another process (expected sequence number 3) lxc-start 20180817035100.985 ERRORlxc_start - start.c:__lxc_start:1358 - Failed to spawn container "uidranges". lxc-start 20180817035106.524 ERRORlxc_start_ui - tools/lxc_start.c:main:366 - The container failed to start. lxc-start 20180817035106.525 ERRORlxc_start_ui - tools/lxc_start.c:main:368 - To get more details, run the container in foreground mode. lxc-start 20180817035106.525 ERRORlxc_start_ui - tools/lxc_start.c:main:370 - Additional information can be obtained by setting the --logfile and --logpriority options. If I try something like below: in 1st container (cont1) config, lxc.id_map = u 0 10 1000 lxc.id_map = g 0 10 1000 and in 2nd container (cont2) config: lxc.id_map = u 0 10 2000 lxc.id_map = g 0 10 2000 it works, but on the host both the containers created by my lxcuser has same userid which is 10. Hence, it is not possible to identify each container uniquely on host machine My query is that, is there any way a non-root user can create various containers and each container will have unique UserId on the host machine ?? Thanks for your help, Yasoda From: Xavier Gendre To: lxc-users@lists.linuxcontainers.org Cc: Bcc: Date: Mon, 20 Aug 2018 09:24:31 +0200 Subject: Re: [lxc-users] How can a non-root user assign unique UID/GID range for LXC unprivileged containers ?? Hi Yasoda, only 10 ids is a bit short for a container. You should increase this number to cover at least the system ids 0-999. Depending on the distribution you run in your containers, you can be sharper and only involve the needed ids but they all have to be covered. Xavier > On Fri, Aug 17, 2018 at 9:34 AM Yasoda Padala > wrote: > >> Hi All, >> I have created non-root user on my Ubuntu (16.04) machine who creates >> unprivileged LXC containers. >> My user's uid/gid on the host is 1000. >> and below are the entries in /etc/subuid & /etc/subgid files >> >> /etc/subuid: >> lxcuser:10 65536 >> >> /etc/subgid: >> lxcuser:10:65536 >> >> My requirement is for each LXC unprivileged container, I should be able >> to pick a UID/GID range. >> For instance, I have created two LXC containers cont1 and cont2 >> in cont1 config, I have added the below id mappings >> lxc.id_map = u 0 10 10 >> lxc.id_map = g 0 10 10 >> >> and in con2 config file, I have added the below id mappings >> lxc.id_map = u 0 100020 10 >> lxc.id_map = g 0 100020 10 >> >> cont1 starts successfullly but cont2 gives the below error while starting >> the container >> >> lxc-start 20180817035100.984 ERRORlxc_conf - conf.c:mount_rootfs:798 >> - Permission denied - Failed to get real path for >> "/home/oxpd/.local/share/lxc/uidranges/rootfs". >> >> lxc-start 20180817035100.984 ERRORlxc_conf - >> conf.c:setup_rootfs:1220 - Failed to mount rootfs >> "/home/oxpd/.local/share/lxc/uidranges/rootfs" onto >> "/usr/lib/x86_64-linux-gnu/lxc" with options "(null)". >> >> lxc-start 20180817035100.984 ERRORlxc_conf - >> conf.c:do_rootfs_setup:3899 - failed to setup rootfs for 'uidranges' >> >> lxc-start 20180817035100.984 ERRORlxc_conf - >> conf.c:lxc_setup:3981 - Error setting up rootfs mount after spawn >> >> lxc-start 20180817035100.984 ERRORlxc_start - >> start.c:do_start:811 - Failed to setup container "uidranges". >> >> lxc-start 20180817035100.984 ERRORlxc_sync - >> sync.c:__sync_wait:57 - An error occurred in another process (expected >> sequence number 3) >> >> lxc-start 20180817035100.985 ERRORlxc_start - >> start.c:__lxc_start:1358 - Failed to spawn container "uidranges". >> >> lxc-start 20180817035106.524 ERRORlxc_start_ui - >> tools/lxc_start.c:main:366 - The container failed to start. >> >> lxc-start 20180817035106.525 ERRORlxc_
Re: [lxc-users] How can a non-root user assign unique UID/GID range for LXC unprivileged containers ??
Hi Yasoda, > get the same error > > lxc-start 20180817035100.984 ERRORlxc_conf - conf.c:mount_rootfs:798 - > Permission denied - Failed to get real path for > "/home/oxpd/.local/share/lxc/uidranges/rootfs". can you check the directory permissions for /home/oxpd/.local/share/lxc/uidranges I think, they should own the LXC-root but the group should be yours and mode 770, the group must have full access. Otherwise the unprivileged user can't access his own container configuration. Best regards Dirk -- +--+ | Dr. Dirk Geschke / Plankensteinweg 61/ 85435 Erding| | Telefon: 08122-559448 / Mobil: 0176-96906350 / Fax: 08122-9818106 | | d...@geschke-online.de / d...@lug-erding.de / kont...@lug-erding.de | +--+ ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] How can a non-root user assign unique UID/GID range for LXC unprivileged containers ??
Hi, Le 21/08/2018 à 13:39, Dirk Geschke a écrit : can you check the directory permissions for /home/oxpd/.local/share/lxc/uidranges As Dirk said, your problem could be related to permissions of the rootfs itself and not to subordinate ids. Le 21/08/2018 à 12:07, Yasoda Padala a écrit : > in 1st container (cont1) config, > lxc.id_map = u 0 10 1000 > lxc.id_map = g 0 10 1000 > & > and in 2nd container (cont2) config: > lxc.id_map = u 0 101500 1000 > lxc.id_map = g 0 101500 1000 > > get the same error On my side, these configurations work fine together and the two containers (created by a non-root user with template "download" and distribution debian stretch amd64 for my tests) start without a trouble. The rootfs of the containers c1 and c2 belongs to subuid 10 and 101500, respectively, just as you want. Xavier ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] ZFS configuration
Hello, I am just getting started with LXD. I have an existing zfs pool, and want to use a ZFS dataset on that pool to store my containers on. I ran the command lxc storage create pool1 zfs source=fast/containers, and it appeared to create it, however, I do not see it in the /fast directory nor does zpool status list this. It's possible that I don't understand how this works however. I do see it created if I run the command lxc storage list, it does indeed show up: | pool1 | | zfs| fast/containers| 0 I created a container for testing thinking it would show up, but no go on that either. Would like to understand how this is implemented and what I should expect? Thanks, Stephen ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] ZFS configuration
On Tue, Aug 21, 2018 at 02:40:12PM -0400, Stephen Brown Jr wrote: > Hello, > I am just getting started with LXD. I have an existing zfs pool, and > want to use a ZFS dataset on that pool to store my containers on. > > I ran the command lxc storage create pool1 zfs source=fast/containers, and > it appeared to create it, however, I do not see it in the /fast directory > nor does zpool status list this. It's not visible under /fast because LXD configures the dataset it creates to get mounted under its own directory. It also wouldn't show up in "zpool" because it's a dataset within your "fast" zpool. You will see it in "zfs list" though. > It's possible that I don't understand how this works however. I do see it > created if I run the command lxc storage list, it does indeed show up: > > | pool1 | | zfs| fast/containers| 0 > > > I created a container for testing thinking it would show up, but no go on > that either. > > Would like to understand how this is implemented and what I should expect? > > Thanks, > Stephen -- Stéphane Graber Ubuntu developer http://www.ubuntu.com signature.asc Description: PGP signature ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] ZFS configuration
On 08/21/2018 11:40 AM, Stephen Brown Jr wrote: Hello, I am just getting started with LXD. I have an existing zfs pool, and want to use a ZFS dataset on that pool to store my containers on. I ran the command lxc storage create pool1 zfs source=fast/containers, and it appeared to create it, however, I do not see it in the /fast directory nor does zpool status list this. It's possible that I don't understand how this works however. I do see it created if I run the command lxc storage list, it does indeed show up: | pool1 | | zfs | fast/containers | 0 I created a container for testing thinking it would show up, but no go on that either. Would like to understand how this is implemented and what I should expect? Hi, I'm also new to zfs and lxd so my help is limited. Did you mount your zfs dataset anywhere? My ubuntu system is like /var /lib /lxd /containers ... /storage-pools /lxd<-- my lxc pool name; zfs dataset name; mountpoint /containers ... /snapshots For this to work you *must* mount your dataset before you create any containers. If you already have containers you won't be able to mount over the top of them. zfs wants an empty mountpoint AFAIK I mounted one level above /containers so I could get all the images, snapshots, deleted, and containers, etc in one place and allow for moving them as a "set". Note that /lxd was put there by the lxc storage command. Your pool1 is probably there, too. ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] Announcing LXC, LXD and LXCFS 3.0.2 bugfix releases
The LXC/LXD/LXCFS team is happy to announce the second round of bugfix releases for the 3.0 LTS branch of LXC, LXD and LXCFS. This includes over two months of accumulated bugfixes as well as the fix for the recently fixed LXC security issue (CVE 2018-6556). The announcements for the 3 projects can be found here: - LXD 3.0.2: https://discuss.linuxcontainers.org/t/lxd-3-0-2-has-been-released/2505/2 - LXC 3.0.2: https://discuss.linuxcontainers.org/t/lxc-3-0-2-has-been-released/2504/2 - LXCFS 3.0.2: https://discuss.linuxcontainers.org/t/lxcfs-3-0-2-has-been-released/2503/2 LTS branches of those projects come with a 5 years support commitment from upstream for security and bugfixes. The 3.0 branch is the current LTS and is supported until June 2023. We'd like to thank all of our contributors and our amazing community for their contributions, bug reports and help testing those releases! On behalf of the LXC, LXD and LXCFS teams, Stéphane Graber signature.asc Description: PGP signature ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users