[lxc-users] configuration via Rest-API

[Ingo Baab]

Hello,
I want to reconfigure an already created lxd-container (named 'baab') with
the RestAPI. I searched and read on [1] and [2], but can't figure it 
out. Can

anyone tell me, whats wrong here. What is the difference between "config"
and "expanded_config" (is the first one from the profile and the second "an
overwrite"?). I attached a "GET lxd/1.0/containers/baab" as [3].
Thank you for any hint. Here is my unsuccessful attempt:


*    jq .metadata <<< $(   curl -s --unix-socket 
/var/lib/lxd/unix.socket -X PUT -d '{"expanded_config": {"limits.cpu": 
"4"}}' lxd/1.0/containers/baab  )

*
    {
      "id": "ee4e3187-332e-44ff-b88f-531c243b4108",
      "class": "task",
      "created_at": "2019-03-03T16:32:38.036308794+01:00",
      "updated_at": "2019-03-03T16:32:38.036308794+01:00",
      "status": "Running",
      "status_code": 103,
      "resources": {
        "containers": [
      "/1.0/containers/baab"
        ]
      },
      "metadata": null,
      "may_cancel": false,
      "err": ""
    }


kind regards,
Ingo Baab



[1] https://stgraber.org/2016/04/18/lxd-api-direct-interaction/
[2] https://lxd.readthedocs.io/en/latest/rest-api/

[3] jq .metadata <<< $(   curl -s --unix-socket /var/lib/lxd/unix.socket 
-X GET lxd/1.0/containers/baab  )

{
  "architecture": "x86_64",
  "config": {
    "boot.autostart": "true",
    "image.architecture": "amd64",
    "image.description": "ubuntu 16.04 LTS amd64 (release) (20180306)",
    "image.label": "release",
    "image.os": "ubuntu",
    "image.release": "xenial",
    "image.serial": "20180306",
    "image.version": "16.04",
    "raw.apparmor": "mount,",
    "volatile.base_image": 
"c5bbef7f4e1c19f0104fd49b862b2e549095d894765c75c6d72775f1d98185ec",

    "volatile.eth0.hwaddr": "00:16:3e:5b:cb:d8",
    "volatile.idmap.base": "0",
    "volatile.idmap.next": 
"[{\"Isuid\":true,\"Isgid\":false,\"Hostid\":10,\"Nsid\":0,\"Maprange\":65536},{\"Isuid\":false,\"Isgid\":true,\"Hostid\":10,\"Nsid\":0,\"Maprange\":65536}]",
    "volatile.last_state.idmap": 
"[{\"Isuid\":true,\"Isgid\":false,\"Hostid\":10,\"Nsid\":0,\"Maprange\":65536},{\"Isuid\":false,\"Isgid\":true,\"Hostid\":10,\"Nsid\":0,\"Maprange\":65536}]",

    "volatile.last_state.power": "RUNNING"
  },
  "devices": {
    "system": {
  "path": "/var/www/system",
  "source": "/root/system",
  "type": "disk"
    }
  },
  "ephemeral": false,
  "profiles": [
    "default"
  ],
  "stateful": false,
  "description": "",
  "created_at": "2019-02-22T14:51:50Z",
  "expanded_config": {
    "boot.autostart": "true",
    "environment.http_proxy": "",
    "image.architecture": "amd64",
    "image.description": "ubuntu 16.04 LTS amd64 (release) (20180306)",
    "image.label": "release",
    "image.os": "ubuntu",
    "image.release": "xenial",
    "image.serial": "20180306",
    "image.version": "16.04",
    "limits.cpu": "3",
    "limits.cpu.allowance": "10%",
    "limits.cpu.priority": "0",
    "limits.memory": "4GB",
    "raw.apparmor": "mount,",
    "user.network_mode": "",
    "volatile.base_image": 
"c5bbef7f4e1c19f0104fd49b862b2e549095d894765c75c6d72775f1d98185ec",

    "volatile.eth0.hwaddr": "00:16:3e:5b:cb:d8",
    "volatile.idmap.base": "0",
    "volatile.idmap.next": 
"[{\"Isuid\":true,\"Isgid\":false,\"Hostid\":10,\"Nsid\":0,\"Maprange\":65536},{\"Isuid\":false,\"Isgid\":true,\"Hostid\":10,\"Nsid\":0,\"Maprange\":65536}]",
    "volatile.last_state.idmap": 
"[{\"Isuid\":true,\"Isgid\":false,\"Hostid\":10,\"Nsid\":0,\"Maprange\":65536},{\"Isuid\":false,\"Isgid\":true,\"Hostid\":10,\"Nsid\":0,\"Maprange\":65536}]",

    "volatile.last_state.power": "RUNNING"
  },
  "expanded_devices": {
    "eth0": {
  "name": "eth0",
  "nictype": "bridged",
  "parent": "lxdbr0",
  "type": "nic"
    },
    "root": {
  "path": "/",
  "pool": "lxd",
  "size": "120GB",
  "type": "disk"
    },
    "system": {
  "path": "/var/www/system",
  "source": "/root/system",
  "type": "disk"
    }
  },
  "name": "baab",
  "status": "Running",
  "status_code": 103,
  "last_used_at": "2019-02-22T14:57:25.577377793Z"
}

___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] Is anybody of this list at the cloudfest (Germany, March 10-16)

[Ingo Baab]

Hello Everybody,

LXD/LXC is cloud-computing! Is anybody of you at german "CLOUDFEST" 2018 
in Europa-Park-Rust?

I am there and I would like to meet interessting people :)

kind regards,
Ingo Baab - https://baab.de
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] zfs mountpoint disappeared

[Ingo Baab]

Hello All,

 I had a strange behaviour today and want to report it: I am using ZFS 
and the mountpoint
of my container "seemed to be disappeared", - but it was working 
(container worked..) so
mountpoint havt to exist - just mount did not show the mountpoint. I 
googled around and
found that I am not the first user finding this problem [1]. Is there 
more information for me

out there? My experience so far:

    zfs mount -a

reported:

    filesystem 'lxd/containers/webhosting1' is already mounted
    cannot mount 'lxd/containers/webhosting1': mountpoint or dataset is 
busy


I helpded myself with:

    lxc stop webhosting1
    zfs mount -a
    lxc start webhosting1

Is there more information what is happening here?
___
[1] 
https://lists.linuxcontainers.org/pipermail/lxc-users/2016-May/011742.html


___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] lxc copy without snapshots?

[Ingo Baab]

Hello Sjoerd,

thank you for the answer, but I get (lxc --version says "2.0.10"):

   Usage: lxc copy [:][/]
   [[:]] [--ephemeral|e]
   Copy containers within or in between LXD instances.

   Options:
    --debug  (= false)
    Enable debug mode
    -e, --ephemeral  (= false)
    Ephemeral container
    --force-local  (= false)
    Force using the local unix socket
    --no-alias  (= false)
    Ignore aliases when determining what command to run
    --verbose  (= false)
    Enable verbose mode

I am on Ubuntu 16.04.3 LTS, with LXD 2.0.10
Any Ideas?
Ingo


Am 13.09.2017 um 18:43 schrieb Sjoerd:



On 13-09-17 16:07, Ingo Baab wrote:

Hi All,

how can I copy a container between LXD instances without all its 
snapshots?
I read at 
https://insights.ubuntu.com/2016/03/22/lxd-2-0-your-first-lxd-container/


"The destination container will be identical in every way to the 
source one, except it won’t have any snapshot and volatile keys (MAC 
address) will be reset."


But my invoked command "lxc copy remotebox:ubuntu16 ubuntu16" did 
copy all snapshots, which took a long time.. - both of my LXD servers 
are using ZFS.



Have you tried with --container-only as well?

If you would just give lxc copy  you'll see the options you can 
pass and for --container-only it describes:

--container-only  (= false)
    Copy the container without its snapshots

Cheers,
Sjoerd

___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users


___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] lxc copy without snapshots?

[Ingo Baab]

Hi All,

how can I copy a container between LXD instances without all its snapshots?
I read at 
https://insights.ubuntu.com/2016/03/22/lxd-2-0-your-first-lxd-container/


"The destination container will be identical in every way to the source 
one, except it won’t have any snapshot and volatile keys (MAC address) 
will be reset."


But my invoked command "lxc copy remotebox:ubuntu16 ubuntu16" did copy 
all snapshots, which took a long time.. - both of my LXD servers are 
using ZFS.


Kind regards,
Ingo
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Bind public IP that is available on host's ens3:1 to a specific LXD container?

[Ingo Baab]

Hello Thomas,

I use a nginx-reverse-proxy for accessing the container(s) webspace(s).

If I need to access something (a specific port) of a container from the
outside world, I use iptables to reach it, in your case i.e. to access your
containers ssh-server (on outside-port 22022) you can use:

interface=ens3
ipt_src_port=22022
ipt_src_port=1.2.3.107
ipt_dst_ip_addr=$your_container_ip
ipt_dst_port=22

sudo iptables -i {$interface} -t nat -A PREROUTING -p tcp -m tcp --dport 
{$ipt_src_port} -j DNAT --to {$ipt_dst_ip_addr}:{$ipt_dst_port}


Hope that helps anybody too..

PS: I use LXD/LXC to highly separate wordpress-installations from each 
other.
If anybody on the list is also doing nginx-webhosting within containers, 
I am
highly interested on others experiences and contacts, - I am highly 
satisfied

how far LXD/LXC has developed so far. If you are working in the same 'field'
you can contact me for exchange.

Greetings from Germany,
Ingo Baab https://baab.de

Am 20.05.2017 um 04:01 schrieb Thomas Ward:

Hello.

I've got a VDS from RamNode - which is essentially a KVM VPS with
dedicated CPUs, and larger RAM capacity.  This VDS has three IPs.  I'm
going to obfuscate them here, but essentially the host box is configured
like this:


# The primary network interface
auto ens3
iface ens3 inet static
 address 1.2.3.107
 netmask 255.255.255.0
 gateway 1.2.3.1
 dns-nameserver 8.8.8.8 8.8.4.4

auto ens3:1
iface ens3:2 inet static
 address 1.2.4.17
 netmask 255.255.255.0
 gateway 1.2.4.1
 dns-nameserver 8.8.8.8 8.8.4.4

auto ens3:2
iface ens3:2 inet static
 address 1.2.4.34
 netmask 255.255.255.0
 gateway 1.2.4.1
 dns-nameserver 8.8.8.8 8.8.4.4


Now, I've got a container I'd like to route the 1.2.4.17 to a specific
container once I've created it, but ens3 is the only actual physical NIC
on the system, and I don't have the ability to add any more physical NICs.

How would I go about routing 1.2.4.17 to the 'new' container I'm going
to create?

Note that by default, new containers are attached to an 'lxdbr0' which
NATs container traffic, this new container would have to reside outside
that obviously, but I'm not fluent in LXC/LXD networking so a guide
and/or how-tos for this would be wonderful to have.


--

Thomas

___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users


___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] lxc exec comand, redirecting

[Ingo Baab]

Yes, it does. Thank you!
Ingo


Am 10.04.2017 um 11:20 schrieb Marat Khalili:


Also the following might work:

root@host ~ $ lxc exec container -- rsync -azR 
vps270841.ovh.net:/var/www/website.com/htdocs/ /


--

With Best Regards,
Marat Khalili



___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users


___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] lxc exec comand, redirecting

[Ingo Baab]

Hello lxc-users,

Inside a Linuxcontainer I use:

root@container ~ $ ssh vps270841.ovh.net tar czf - 
/var/www/website.com/htdocs | tar xzpf - -C/


to get a tar archive from another remote server by ssh and extract it 
inside the container, works fine.
But how can I achieve the same from the host system? I tried different 
things, but no success.


I tried it with:

root@host ~ $ lxc exec container -- ssh vps7456.ovh.net 'tar czf - 
/var/www/website.com/htdocs' | tar xzpf - -C/


but this pipe 'goes' to the host system :( Is there another possibility 
with `lxc push -` - or any sugestion from you?


Thank you in advance for any hint.
Ingo Baab

___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] Linuxcontainers security?

[Ingo Baab]

Hi LXD/LXC Users,

 today I read that at the hacking contest "Pwn2Own" 'they' escaped from 
a VMWare
(running Windows10) using three exploits together (exploiting Edge and 
using a windows-

10-kernel-hack..) [1].

I asked myself, how secure is a (my) LXD/LXC container system?

How do you 'estimate' the security running a webhosting-container as I 
do getting compromised?
I do successfully setup and run nginx, php7, redis-server, mysql-server 
on my linux-containers.


Any information or links are highly apreciated,
Ingo Baab
___
[1] 
https://arstechnica.com/security/2017/03/hack-that-escapes-vm-by-exploiting-edge-browser-fetches-105000-at-pwn2own/


___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] lxd image server and user access rigths

[Ingo Baab]

Yes, you can. Start reading here: 
https://insights.ubuntu.com/2016/04/01/lxd-2-0-image-management-512/

kind regards,
-Ingo


Am 16.03.2017 um 19:55 schrieb jf:

Hi,

I'm really new on lxd and I'm a little bit lost.

I would like to provide a lxd images server for my little company to 
allow users to pull and push images.
I'd like to restrict pull access to a list of images to a restricted 
list of users. On the same way I'd to restrict push to a list of users.
For example user U1 can pull image I1 but not I2 image, and user U2 
can pull image I1 and I2.


Can I achieve this requirement with a standard lxd server ?
Do you have links or softwares to manage lxd images server access rights ?

Thanks.


___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users


___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] zfs issue after 'apt upgrade'

[Ingo Baab]

Hi Pavol,

 thank you for your help, I really appriciate it.. Seems that lxd did 
not upgrade - or what do you guess?
I do not remember exactly all packages, buw what I know is that the 
zfs-kernel-modules were upgraded..


So far, I am here:

r...@myrootbox.com ~ $ *uname -a*
Linux myrootbox.com 4.4.0-57-generic #78-Ubuntu SMP Fri Dec 9 23:50:32 
UTC 2016 x86_64 x86_64 x86_64 GNU/Linux


r...@myrootbox.com ~ $ *lxc --version*
2.7

r...@myrootbox.com ~ $ *lxd --version*
2.7

r...@myrootbox.com ~ $*lsof | grep /lxd/*
systemd  1  root   44u unix 
0x8800d912a000  0t0  14622 /var/lib/lxd/unix.socket type=STREAM
lxd   2267  root4w REG  253,2  
9401277 390147 /var/log/lxd/lxd.log
lxd   2267  root5u REG   0,38  
1353728 15 /lxd/lxd.db
lxd   2267  root6u REG   0,38  
1353728 15 /lxd/lxd.db


r...@myrootbox.com ~ $ *apt upgrade -y*
Paketlisten werden gelesen... Fertig
Abhängigkeitsbaum wird aufgebaut.
Statusinformationen werden eingelesen Fertig
Paketaktualisierung (Upgrade) wird berechnet... Fertig
Die folgenden Pakete wurden automatisch installiert und werden nicht 
mehr benötigt:

  linux-headers-4.4.0-47 linux-headers-4.4.0-47-generic
Verwenden Sie »apt autoremove«, um sie zu entfernen.
0 aktualisiert, 0 neu installiert, 0 zu entfernen und 0 nicht aktualisiert.
1 nicht vollständig installiert oder entfernt.
Nach dieser Operation werden 0 B Plattenplatz zusätzlich benutzt.
lxd (2.7-0ubuntu2~ubuntu16.04.1~ppa1) wird eingerichtet ...

Old bridge configuration detected in /etc/default/lxd-bridge, upgrading
Unsetting deprecated profile options
Attempting to kill current lxd-bridge
Bringing down and renaming existing bridge lxdbr0 to lxd-upgrade
Creating a new LXD bridge
*error: The network already exists*
dpkg: Fehler beim Bearbeiten des Paketes lxd (--configure):
 Unterprozess installiertes post-installation-Skript gab den Fehlerwert 
1 zurück

Fehler traten auf beim Bearbeiten von:
 lxd
E: Sub-process /usr/bin/dpkg returned an error code (1)


Am 05.01.2017 um 21:33 schrieb Pavol Cupka:
what packages were upgraded, what versions of lxc,lxd are you running, 
and what kernel versions are you running? what files are open on the 
affected dataset?


On Thu, Jan 5, 2017 at 9:19 PM, Ingo Baab <i...@baab.de 
<mailto:i...@baab.de>> wrote:


Hello List,

I got some serious issues with my zfs-file-system, after upgrade
of my ubuntu system.
"lxc list" reports a status of ERROR and if I try to start a
container I get:

r...@myrootbox.com <mailto:r...@myrootbox.com> / $ lxc start
--debug u16

DBUG[01-05|21:07:03] Raw response: {"error":"Failed to run: zfs
set mountpoint=none lxd: umount: /lxd/images: target is busy\n   
(In some cases useful info about processes that\n use

the device is found by lsof(8) or fuser(1).)\ncannot unmount
'/lxd/images': umount failed","error_code":500,"type":"error"}


error: Failed to run: zfs set mountpoint=none lxd: umount:
/lxd/images: target is busy
(In some cases useful info about processes that
 use the device is found by lsof(8) or fuser(1).)
cannot unmount '/lxd/images': umount failed

Some more output about my problem you can find at:
https://github.com/lxc/lxd/issues/1990
<https://github.com/lxc/lxd/issues/1990>

Help! Any tip or help is highly appriciated!
kind regards,
-Ingo

___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
<mailto:lxc-users@lists.linuxcontainers.org>
http://lists.linuxcontainers.org/listinfo/lxc-users
<http://lists.linuxcontainers.org/listinfo/lxc-users>




___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users


___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] zfs issue after 'apt upgrade'

[Ingo Baab]

Hello List,

I got some serious issues with my zfs-file-system, after upgrade of my 
ubuntu system.
"lxc list" reports a status of ERROR and if I try to start a container I 
get:


r...@myrootbox.com / $ lxc start --debug u16

DBUG[01-05|21:07:03] Raw response: {"error":"Failed to run: zfs set 
mountpoint=none lxd: umount: /lxd/images: target is busy\n(In 
some cases useful info about processes that\n use the device is 
found by lsof(8) or fuser(1).)\ncannot unmount '/lxd/images': umount 
failed","error_code":500,"type":"error"}



error: Failed to run: zfs set mountpoint=none lxd: umount: /lxd/images: 
target is busy

(In some cases useful info about processes that
 use the device is found by lsof(8) or fuser(1).)
cannot unmount '/lxd/images': umount failed

Some more output about my problem you can find at:
https://github.com/lxc/lxd/issues/1990

Help! Any tip or help is highly appriciated!
kind regards,
-Ingo

___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Strange freezes with btrfs backend

[Ingo Baab]

Hi Sergiusz,

 I am using a vm running ubuntu 16.04 with ~6GB Ram utilizing ZFS as 
loopback running multiple containers
(multiple wordpress containers and one mailserver container.. What do 
you suggest as minimum Ram

requirement for using ZFS?

Thank you
Ingo


Am 03.12.2016 um 05:49 schrieb Sergiusz Pawlowicz:

With 1GB of memory is is not recommended to use ZFS not BTRFS,
especially via a disk image file. Just forget about it.

S.
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users


___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Feature request: raw lxc utilities output format and operations with multiplie containers?

[Ingo Baab]

Boy, - grab a coffee :) and google while your servers are working..
here was a similar question.. 
https://lists.linuxcontainers.org/pipermail/lxc-users/2016-January/010899.html

-Ingo


Am 10.11.2016 um 22:46 schrieb Andriy Tovstik:

Yep!
nice idea, boys! moreover i can use -r switch with jq. But 
unfortunately your solution can't execute tasks in parallel ;)


чт, 10 нояб. 2016 г. в 19:33, Ingo Baab <i...@baab.de <mailto:i...@baab.de>>:

Andriy, (meanwhile) you can help yourself with (doing that
sequentially)..

for container in `lxc list mysql-rep --format=json | jq .[].name |
tr -d '"'`; do lxc exec $container -- apt update; done

-Ingo


Am 10.11.2016 um 15:36 schrieb Andriy Tovstik:

Thanks, Stéphane, i'm very inattentive... Now it looks better.
Additional output format seems to be more comfortable than
additional tools. But it insignificantly.

And what do you think about the second question about ability to
run commands on multiplie containers simultaneously using regexps
as container name ? Is this feature looks useful?


чт, 10 нояб. 2016 г. в 15:25, Stéphane Graber
<stgra...@ubuntu.com <mailto:stgra...@ubuntu.com>>:

stgraber@castiana:~$ lxc list --format=json | jq .[].name
"android"
"lxd"
"snapcraft"
"test"
"ubuntu-core"
"ubuntu-zesty"
"xen"
"yak"

On Thu, Nov 10, 2016 at 12:31:01PM +, Andriy Tovstik wrote:
> Hi, Janjaap Bos!
>
> I tried jq. But as i have already wrote, some useful fileds
like container
> name are missing in json output...
>
> чт, 10 нояб. 2016 г. в 14:27, Janjaap Bos
<janjaap...@gmail.com <mailto:janjaap...@gmail.com>>:
>
> > You can pipe the json through jq.
> >
> > See: https://stedolan.github.io/jq/tutorial
> >
> >
> > 2016-11-10 11:17 GMT+01:00 Andriy Tovstik
<andriy.tovs...@gmail.com <mailto:andriy.tovs...@gmail.com>>:
> >
> > Hi all!
> >
> > During LXD learning i encountered with lack of some features.
> >
> > The first one is "raw" output format of lxc list.
Currently lxc list
> > supports two formats: table and json. Unfortunately both
formats are
> > unusable for scripting.
> > It is very difficult to pass to script output likes:
> > # lxc list --format table -c n
> > ++
> > |NAME|
> > ++
> > | mysql-rep1 |
> > ++
> > | mysql-rep2 |
> > ++
> > | mysql-rep3 |
> > ++
> >
> > When i try to use json format i see that useful fields
like container name
> > are missing in output. May be it will be useful to
implement feature like:
> >
> > # lxc list --format raw -c n --no-header
> > mysql-rep1
> > mysql-rep2
> > mysql-rep3
> >
> > The second feature looks useful is ability run commands
on multiplie
> > containers simultaneously. For example:
> >
> > # lxc exec web-node* -- apt update
> >
> > What do you think about it?
> > --
> > WBR, Andriy Tovstik
> >
> > ___
> > lxc-users mailing list
> > lxc-users@lists.linuxcontainers.org
<mailto:lxc-users@lists.linuxcontainers.org>
> > http://lists.linuxcontainers.org/listinfo/lxc-users
> >
> >
> > ___
> > lxc-users mailing list
> > lxc-users@lists.linuxcontainers.org
<mailto:lxc-users@lists.linuxcontainers.org>
> > http://lists.linuxcontainers.org/listinfo/lxc-users
>
> --
> WBR, Andriy Tovstik

> ___
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org
<mailto:lxc-users@lists.linuxcontainers.org>
> http://lists.linuxcontainers.org/listinfo/lxc-users


--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
___
lxc-users mailing list
lxc-users@lists.linuxcontainer

Re: [lxc-users] Feature request: raw lxc utilities output format and operations with multiplie containers?

[Ingo Baab]

Andriy, (meanwhile) you can help yourself with (doing that sequentially)..

for container in `lxc list mysql-rep --format=json | jq .[].name | tr -d 
'"'`; do lxc exec $container -- apt update; done


-Ingo


Am 10.11.2016 um 15:36 schrieb Andriy Tovstik:
Thanks, Stéphane, i'm very inattentive... Now it looks better. 
Additional output format seems to be more comfortable than additional 
tools. But it insignificantly.


And what do you think about the second question about ability to run 
commands on multiplie containers simultaneously using regexps as 
container name ? Is this feature looks useful?



чт, 10 нояб. 2016 г. в 15:25, Stéphane Graber >:


stgraber@castiana:~$ lxc list --format=json | jq .[].name
"android"
"lxd"
"snapcraft"
"test"
"ubuntu-core"
"ubuntu-zesty"
"xen"
"yak"

On Thu, Nov 10, 2016 at 12:31:01PM +, Andriy Tovstik wrote:
> Hi, Janjaap Bos!
>
> I tried jq. But as i have already wrote, some useful fileds like
container
> name are missing in json output...
>
> чт, 10 нояб. 2016 г. в 14:27, Janjaap Bos >:
>
> > You can pipe the json through jq.
> >
> > See: https://stedolan.github.io/jq/tutorial
> >
> >
> > 2016-11-10 11:17 GMT+01:00 Andriy Tovstik
>:
> >
> > Hi all!
> >
> > During LXD learning i encountered with lack of some features.
> >
> > The first one is "raw" output format of lxc list. Currently
lxc list
> > supports two formats: table and json. Unfortunately both
formats are
> > unusable for scripting.
> > It is very difficult to pass to script output likes:
> > # lxc list --format table -c n
> > ++
> > |NAME|
> > ++
> > | mysql-rep1 |
> > ++
> > | mysql-rep2 |
> > ++
> > | mysql-rep3 |
> > ++
> >
> > When i try to use json format i see that useful fields like
container name
> > are missing in output. May be it will be useful to implement
feature like:
> >
> > # lxc list --format raw -c n --no-header
> > mysql-rep1
> > mysql-rep2
> > mysql-rep3
> >
> > The second feature looks useful is ability run commands on
multiplie
> > containers simultaneously. For example:
> >
> > # lxc exec web-node* -- apt update
> >
> > What do you think about it?
> > --
> > WBR, Andriy Tovstik
> >
> > ___
> > lxc-users mailing list
> > lxc-users@lists.linuxcontainers.org

> > http://lists.linuxcontainers.org/listinfo/lxc-users
> >
> >
> > ___
> > lxc-users mailing list
> > lxc-users@lists.linuxcontainers.org

> > http://lists.linuxcontainers.org/listinfo/lxc-users
>
> --
> WBR, Andriy Tovstik

> ___
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org

> http://lists.linuxcontainers.org/listinfo/lxc-users


--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org

http://lists.linuxcontainers.org/listinfo/lxc-users

--
WBR, Andriy Tovstik


___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users


___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] LXD: flag provided but not defined

[Ingo Baab]

try:

lxc exec mycontainer -- apt-get install -y puppet

-Ingo


Am 27.09.2016 um 05:47 schrieb Christian Tardif:

Hi,

I'm creating my lxd containers with ansible lxd_container module. 
Working great. But once created, I need to execute a command inside 
the container. Thought that I could simply type in my command as:


lxc exec mycontainer apt-get install -y puppet

You'll understand that this is a Ubuntu container, on which I need to 
install puppet automatically, without having to do anything, as this 
is from an ansible-playbook driven task.  I also tried to type my 
command manually, without any luck either.


How can I set the -y parameter (in this case) so it is not interpreted 
by lxc exec command, but passed in the exec string to the container? 
Tried to surround with quotes, but it does not work.


THanks,


*Christian Tardif*



___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users


___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Recommended techniques for dynamically provisioning containers using lxd

[Ingo Baab]

sorry list,
- this mail was accidentally send by me to the list..  sorry.
-Ingo


Am 23.08.2016 um 17:56 schrieb Ingo Baab:


https://www.youtube.com/watch?v=5PXxINlP_8Y

http://mysticlabs.com/consulting/



Am 23.08.2016 um 17:02 schrieb Zach Lanich:
P.Lowe, did you ever get an answer on this. I’m doing something very 
similar with SaltStack.


Best Regards,

Zach Lanich
/Business Owner, Entrepreneur, Creative/
*/Owner/CTO/*
weCreate LLC
/www.WeCreate.com <http://www.wecreate.com>/

On Aug 17, 2016, at 4:48 PM, P. Lowe <pl...@zitovault.com 
<mailto:pl...@zitovault.com>> wrote:



Hi,

I am investigating the use of lxd to dynamically spin up server 
instances.


I'm thinking about using a code-as-infrastructure approach using a 
chef-solo cookbook that is pulled out of git upon the container's 
initial boot and does all the provisioning upon initial boot.


Would people recommend creating a new container from a base image, 
modifying rc.local to pull the cookbook from git and launch it upon 
initial bootup, after which rc.local is reset to be empty and the 
server is restarted?


After rc.local is modified, the new container would be published to 
the local image store, so that whenever a new container is launched, 
it will boot up, run rc.local, pull the cookbook from git, run the 
cookbook and apply all the local provisioning operations, empty out 
rc.local, and then reboot the machine, after which it will boot with 
the customized provisioning parameters for normal operation.


What is the recommended way to send provisioning parameters (e.g. ip 
address, gateway, hostname, block device mounts, secrets (certs / 
keys)) to the container? Would people just drop a config file into 
the container using the lxc push command, or any other better 
techniques?


Thanks,

P.Lowe


___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org 
<mailto:lxc-users@lists.linuxcontainers.org>

http://lists.linuxcontainers.org/listinfo/lxc-users




___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users




___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users


___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Recommended techniques for dynamically provisioning containers using lxd

[Ingo Baab]

https://www.youtube.com/watch?v=5PXxINlP_8Y

http://mysticlabs.com/consulting/



Am 23.08.2016 um 17:02 schrieb Zach Lanich:
P.Lowe, did you ever get an answer on this. I’m doing something very 
similar with SaltStack.


Best Regards,

Zach Lanich
/Business Owner, Entrepreneur, Creative/
*/Owner/CTO/*
weCreate LLC
/www.WeCreate.com /

On Aug 17, 2016, at 4:48 PM, P. Lowe > wrote:



Hi,

I am investigating the use of lxd to dynamically spin up server 
instances.


I'm thinking about using a code-as-infrastructure approach using a 
chef-solo cookbook that is pulled out of git upon the container's 
initial boot and does all the provisioning upon initial boot.


Would people recommend creating a new container from a base image, 
modifying rc.local to pull the cookbook from git and launch it upon 
initial bootup, after which rc.local is reset to be empty and the 
server is restarted?


After rc.local is modified, the new container would be published to 
the local image store, so that whenever a new container is launched, 
it will boot up, run rc.local, pull the cookbook from git, run the 
cookbook and apply all the local provisioning operations, empty out 
rc.local, and then reboot the machine, after which it will boot with 
the customized provisioning parameters for normal operation.


What is the recommended way to send provisioning parameters (e.g. ip 
address, gateway, hostname, block device mounts, secrets (certs / 
keys)) to the container? Would people just drop a config file into 
the container using the lxc push command, or any other better techniques?


Thanks,

P.Lowe


___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org 


http://lists.linuxcontainers.org/listinfo/lxc-users




___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users


___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Unprivileged container woes: unable to install packages

[Ingo Baab]

What were the issues, running a Mailserver as an unpriviledged LXC?
I do the same.. and it seems to work without problems.. I just made the 
Mailports forward to the LXC with iptables..


Just curriously,
-Ingo


Am 20.08.2016 um 20:52 schrieb jjs - mainphrame:

Greetings,

I've given up on the unprivileged container for now. I've created a 
new container with the same role, and the same configuration except 
that it is privileged. The privileged version of this container is 
working more or less as expected.


This container isn't doing anything I'd have considered exotic - it's 
running postfix, clamd, and maiad (a modern derivative of amavisd-new).


This is a data point which may prove useful to those who may read this 
at some point down the road.


Jake

On Thu, Aug 18, 2016 at 10:42 AM, jjs - mainphrame > wrote:


Greetings,

I had decided to build an lxd version of an lxc server which had
been running reliably for some time. Unfortunately, it doesn't
seem to be running quite as smoothly. is some sort of special
permissions hacking required?

Here is one example of a problem in the new lxd container, which
was never seen in the lxc container, namely attempting to install
a package:

Please pardon me if this is a FAQ as I've been primarily working
with openvz of late - point me to TFM if there is a TFM which
would enlighten me on this subject.


Dependencies Resolved


==
 Package   Arch   Version   Repository   Size

==
Installing:
 httpd x86_64 2.4.6-40.el7.centos.4   updates
2.7 M

Transaction Summary

==
Install  1 Package

Total download size: 2.7 M
Installed size: 9.4 M
Is this ok [y/d/N]: y
Downloading packages:
httpd-2.4.6-40.el7.centos.4.x86_64.rpm   | 2.7 MB  00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : httpd-2.4.6-40.el7.centos.4.x86_64
1/1

Error unpacking rpm package httpd-2.4.6-40.el7.centos.4.x86_64
error: unpacking of archive failed on file /usr/sbin/suexec: cpio:
cap_set_file
  Verifying  : httpd-2.4.6-40.el7.centos.4.x86_64
1/1


Failed:
  httpd.x86_64 0:2.4.6-40.el7.centos.4

Jake




___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users


___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] mount ZFS issues

[Ingo Baab]

Hello LXC-User,

I am working with LXD/LXC on a ZFS Filesystem and I am happy with it in 
general, but every time I reboot my machine the ZFS filesystem i not 
mounted and therefore LXC are also not started.. I tried "mount -a" in 
rc.local and "zfs mount -a" also there. And then I get this message: 
cannot mount '/lxd/images': directory is not empty. I am on Ubuntu 16.04 
LTS and I don't know how to do it the right way...


Can someone point me to a good 'cookbook-solution'?

kind regards,
Ingo

___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] LXC, LXCFS and LXD 2.0.1 have been released!

[Ingo Baab]

Hello Stéphane,

 how can I upgrade to 2.0.1 (on an Ubuntu 16.04 LTS)?
Hope this is not a dump question, I am not so famliliar with Ubuntu.

-Ingo Baab


Am 17.05.2016 um 05:09 schrieb Stéphane Graber:

Hello everyone,

Today we're publishing the first bugfix release of all 3 LXC projects,
LXC, LXCFS and LXD.

They each contain the accumulated bugfixes since we released our 2.0
long term support releases a bit over a month ago.

Detailed changelog can be found at:
  -https://linuxcontainers.org/lxc/news/
  -https://linuxcontainers.org/lxcfs/news/
  -https://linuxcontainers.org/lxd/news/

As a reminder, the 2.0 series of all of those is supported for bugfix
and security updates up until June 2021.

Thanks to everyone who contributed to those projects and helped make
this possible!


Stéphane Graber
On behalf of the LXC, LXCFS and LXD development teams


___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users


___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] LXC Security?

[Ingo Baab]

Hello LXC-Users,

 I just started to experiment with LXC/LXD and now I am looking for a 
good starting point (some kind of "cookbook") to get UN-priviledged 
containers managed. I am a little confused by lxc versus the (older?) 
lxc-* commands. Are they "different systems"? How are they related?


I need:
- A Cookbook for securing LXC
- How are (the older) lxc-* and lxc/lxd related?

Thynk you in advance,
Ingo Baab

_
Already read here and there..
https://wiki.ubuntu.com/LxcSecurity
https://help.ubuntu.com/lts/serverguide/lxc.html#lxc-security
https://linuxcontainers.org/lxc/security/
https://www.sans.org/reading-room/whitepapers/linux/securing-linux-containers-36142 


___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users