[lxc-users] Mounting a filesystem into a container without squash

[Scott Lopez]

I want to mount a host filesystem into a container without it squashing all
the UID/GID's down to nobody, is that possible? The documentation I can
find doesn't seem to mention anything about squash at all. The command I
used is:

lxc config device add containersystem shareddata disk source=/shared/data/
path=/data/

Thanks!
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] not allowed to change kernel parameters inside container

[Scott Lopez]

So? Doesn't matter if you're programming a switch or a heart monitor. Learn
how to properly package your application. Apparently it was done before LXC
came along, so it should still be possible today. What you want is an easy
way out of simply cloning an existing installation which is never a good
idea as operating environments are never exactly the same. Any SA worth
their salt would know this and package an application properly. This is
going to come back and bite you in the ass, hard, some day.
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] not allowed to change kernel parameters inside container

[Scott Lopez]

Wow, what a disaster of a thread.

Wouldn't it be easier to learn how to properly package and distribute your
application suite using a tool such as Ansible than to learn how to break
LXC, deal with the quirks and figure out how to shoehorn it into doing what
it wasn't designed to do?

You get a B- for creativity and a F for implementation. I'd never allow
this disaster in a production environment. Too many unforeseen consequences
of the implementation, any issues that pop up are going to be a joy to
track down. Is it the container, is it LXC, is it something else?

Just because you can do something, doesn't mean you should.
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Am I misusing LXCs?

[Scott Lopez]

Is it functioning for you? Yes? Then it isn't wrong. In *nix there are
a dozen ways to skin a cat, and that's before you start scripting in
your language of choice.

Is it the most efficient use? Maybe not. Running a single application
in a LXC container? Maybe you'd be better off with Docker or Rkt. Have
multiple containers to run? Look at CoreOS. Worried about security?
Then maybe separate everything into completely different VMs. Set up
firewalls, vlans and proxies.

So no, you're not misusing LXC. It may not be the best tool for your
job, but your job is running. Be happy!


On Thu, Mar 30, 2017 at 3:20 PM, John Lewis  wrote:
> It is traditional LXC because LXD wasn't out when I set it up
> originally.  I won't build the packages for LXD if I am not even using
> it properly.
>
> I direct incoming connections using iptables with both the the host and
> the virtual router.
>
> I am extremely confident about moving my installation. I will use
> Ansible for the provisioning and the configuration. I will install all
> of the packages I need on a simple VPS. I can still use cgroups to
> control the resource usage of the processes. It will be moderately
> easier for me to secure because it is easy to see where everything is
> and what state everything is in.
>
> I backup the VPS with rsnapshot that is running on a host that I have
> physical access too and I rotate the backup drive to another location.
> The LXCs are disk images.
>
> Could you elaborate on separating data from services?
>
> On Thu, 2017-03-30 at 23:07 +0300, Simos Xenitellis wrote:
>> Is that the traditional LXC or is it LXD/LXC containers?
>> I have a similar set-up (the latter, with LXD/LXC) and there is also a
>> vsftpd in the mix.
>>
>> I think your question is about best practices and whether your
>> installation adheres
>> to some best practices.
>> How do you direct incoming connections to each container? Do you use
>> iptables or something else?
>> If you where to migrate your installation to another VPS, how
>> confident would you be to do that?
>> How do you get backups? Do you take snapshots as backups?
>>
>> I think that if you reach a point where you separate your data from
>> the services, the management of the containers
>> will become much easier and you will feel more confident with the 
>> installation.
>>
>> Simos
>> ___
>> lxc-users mailing list
>> lxc-users@lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>
>
> ___
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Setting PATH environment variable, or installing golang in a container

[Scott Lopez]

This is more a shell question than anything particular to LXD. Just
prepend the variable you want to the beginning of your command:

GOPATH=/some/path/here apt install some_software

for something more permanent, edit the default path variable IN the
container, probably /etc/login.defs - you didn't mention what distro
you're using. or add your GOPATH variable to that file.



On Tue, Sep 20, 2016 at 1:33 PM, Matt Green  wrote:
> Hi,
>
> I'm trying to install golang in a container, I can push an "apt install"
> command to make that work, but then when I try and run stuff I get an error
> about environment variables "$GOPATH not set".
>
> It looks like there's some support for setting them in LXD, but I can't work
> out how to do it, or find an example. Can anyone help?
>
> Cheers,
>
> Matt
>
>
>
> ___
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] I think terminology of LXD & LXC still confuses newcomers

[Scott Lopez]

Hi!

New user here (first post!) been using LXC/LXD for a few weeks. First,
awesome project, wish I had discovered it sooner. Second. I totally
agree with this statement. As someone who is learning all about
LXC/LXD I was completely confused about commands and syntax in the
beginning. I started reading LXD tutorials with only LXC installed and
was frustrated when commands weren't working. Got LXD installed and
was happy things were working properly, but then some of my LXC
tutorials no longer were relevant. I wondered why the LXD team just
didn't use lxd to begin with.

In the end I found Stephane Graber's excellent tutorials and have only
been learning/using LXD commands. Things definitely would have been
easier if they were separated from the start.
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users