Re: [lxc-users] Networking not working in unconfined overlayfs container

2015-10-12 Thread Serge Hallyn 
Hi,

before I try to reproduce this, can you confirm whether using the
kernel from vivid-proposed fixes it?

Quoting Frederico Araujo (arau...@gmail.com):
> Hi Serge,
> 
> Yes, I downloaded a fresh template for ubuntu and its overlay clones start
> okay, and I'm able to attach and run commands on them. However, eth0 has no
> IP assigned when unconfined.
> 
> I think the problem might be related to changes in systemd (I'm using
> version 219) and overlayfs on vivid. I do see many permission denied
> messages in the boot logs of the container (please see attached an example
> output), but couldn't find much help online.
> 
> lxc-attach -n test -- ifconfig -a
> eth0  Link encap:Ethernet  HWaddr 00:16:3e:23:59:24
>   inet6 addr: fe80::216:3eff:fe23:5924/64 Scope:Link
>   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>   RX packets:29 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:1000
>   RX bytes:4285 (4.2 KB)  TX bytes:648 (648.0 B)
> 
> loLink encap:Local Loopback
>   inet addr:127.0.0.1  Mask:255.0.0.0
>   inet6 addr: ::1/128 Scope:Host
>   UP LOOPBACK RUNNING  MTU:65536  Metric:1
>   RX packets:24 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:0
>   RX bytes:1888 (1.8 KB)  TX bytes:1888 (1.8 KB)
> 
> lxc-attach -n test -- ps -ef
> UIDPID  PPID  C STIME TTY  TIME CMD
> root 1 0  0 15:45 ?00:00:00 /sbin/init
> root   352 1  0 15:45 ?00:00:00
> /lib/systemd/systemd-journald
> root   613 1  0 15:45 ?00:00:00 /usr/sbin/cron -f
> syslog 673 1  0 15:45 ?00:00:00 /usr/sbin/rsyslogd -n
> root   710 1  0 15:45 ?00:00:00 /usr/sbin/sshd -D
> root   760 1  0 15:45 pts/100:00:00 /sbin/agetty --noclear
> --keep-baud pts/1 115200 38400 9600 vt220
> root   770 1  0 15:45 lxc/console 00:00:00 /sbin/agetty --noclear
> --keep-baud console 115200 38400 9600 v
> root   780 1  0 15:45 pts/200:00:00 /sbin/agetty --noclear
> --keep-baud pts/2 115200 38400 9600 vt220
> root   790 1  0 15:45 pts/000:00:00 /sbin/agetty --noclear
> --keep-baud pts/0 115200 38400 9600 vt220
> root   800 1  0 15:45 pts/300:00:00 /sbin/agetty --noclear
> --keep-baud pts/3 115200 38400 9600 vt220
> root   913 0  0 15:50 pts/200:00:00 ps -ef
> 
> Thanks!
> 
> Best,
> Fred
> 
> 
> On Mon, Oct 5, 2015 at 11:49 AM, Serge Hallyn 
> wrote:
> 
> > Quoting Frederico Araujo (arau...@gmail.com):
> > > Hi,
> > >
> > > I've been using LXC for over two years without problems. This week, I
> > > upgraded my Ubuntu from Trusty to Vivid, and I noticed that my overlayfs
> > > containers stopped getting IP assigned. In my machine the error can be
> > > reproduced in this way:
> > >
> > > 1. lxc-create -n base -t ubuntu
> >
> > Do you have this problem if you use the download template?
> >
> > > 2. Edit ubuntu/config to add  lxc.aa_profile = unconfined
> >
> > interesting that it has to be unconfined.
> >
> > if you tail -f /var/log/syslog and then start the container, does
> > the tail -f output show any DENIED messages?
> >
> > > 3. lxc-clone -s -B overlayfs ubuntu tmp
> >
> > Does the 'ubuntu' container start ok?
> >
> > > 4. lxc-start -n tmp -d
> > > 5. lxc-ls -f shows:
> > >
> > > NAME   STATEIPV4IPV6  GROUPS  AUTOSTART
> > > ---
> > > tmpRUNNING  - *(no IP)*   - -   NO
> > > ubuntu STOPPED  -   - -   NO
> >
> > Are you able to lxc-attach -n tmp and look around?  what does 'ps -ef'
> > and 'ifconfig -a' show?
> >
> > > Interestingly, I don't run into this issue when running the container in
> > > confined mode (without lxc.aa_profile = unconfined). I checked past
> > threads
> > > in this list and in launchpad, and noticed that some people had problems
> > > with overlayfs when upgrading to vivid, but it seems that these problems
> > > were fixed in LXC 1.1 release. I'm running on LXC 1.1.2.
> > >
> > > Any thoughts?
> > >
> > > Thanks,
> > > Fred
> >
> > > ___
> > > lxc-users mailing list
> > > lxc-users@lists.linuxcontainers.org
> > > http://lists.linuxcontainers.org/listinfo/lxc-users
> >
> > ___
> > lxc-users mailing list
> > lxc-users@lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-users


> ___
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users

___
lxc-users mailing list

Re: [lxc-users] Networking not working in unconfined overlayfs container

2015-10-05 Thread Frederico Araujo 
Hi Serge,

Yes, I downloaded a fresh template for ubuntu and its overlay clones start
okay, and I'm able to attach and run commands on them. However, eth0 has no
IP assigned when unconfined.

I think the problem might be related to changes in systemd (I'm using
version 219) and overlayfs on vivid. I do see many permission denied
messages in the boot logs of the container (please see attached an example
output), but couldn't find much help online.

lxc-attach -n test -- ifconfig -a
eth0  Link encap:Ethernet  HWaddr 00:16:3e:23:59:24
  inet6 addr: fe80::216:3eff:fe23:5924/64 Scope:Link
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:29 errors:0 dropped:0 overruns:0 frame:0
  TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:1000
  RX bytes:4285 (4.2 KB)  TX bytes:648 (648.0 B)

loLink encap:Local Loopback
  inet addr:127.0.0.1  Mask:255.0.0.0
  inet6 addr: ::1/128 Scope:Host
  UP LOOPBACK RUNNING  MTU:65536  Metric:1
  RX packets:24 errors:0 dropped:0 overruns:0 frame:0
  TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0
  RX bytes:1888 (1.8 KB)  TX bytes:1888 (1.8 KB)

lxc-attach -n test -- ps -ef
UIDPID  PPID  C STIME TTY  TIME CMD
root 1 0  0 15:45 ?00:00:00 /sbin/init
root   352 1  0 15:45 ?00:00:00
/lib/systemd/systemd-journald
root   613 1  0 15:45 ?00:00:00 /usr/sbin/cron -f
syslog 673 1  0 15:45 ?00:00:00 /usr/sbin/rsyslogd -n
root   710 1  0 15:45 ?00:00:00 /usr/sbin/sshd -D
root   760 1  0 15:45 pts/100:00:00 /sbin/agetty --noclear
--keep-baud pts/1 115200 38400 9600 vt220
root   770 1  0 15:45 lxc/console 00:00:00 /sbin/agetty --noclear
--keep-baud console 115200 38400 9600 v
root   780 1  0 15:45 pts/200:00:00 /sbin/agetty --noclear
--keep-baud pts/2 115200 38400 9600 vt220
root   790 1  0 15:45 pts/000:00:00 /sbin/agetty --noclear
--keep-baud pts/0 115200 38400 9600 vt220
root   800 1  0 15:45 pts/300:00:00 /sbin/agetty --noclear
--keep-baud pts/3 115200 38400 9600 vt220
root   913 0  0 15:50 pts/200:00:00 ps -ef

Thanks!

Best,
Fred


On Mon, Oct 5, 2015 at 11:49 AM, Serge Hallyn 
wrote:

> Quoting Frederico Araujo (arau...@gmail.com):
> > Hi,
> >
> > I've been using LXC for over two years without problems. This week, I
> > upgraded my Ubuntu from Trusty to Vivid, and I noticed that my overlayfs
> > containers stopped getting IP assigned. In my machine the error can be
> > reproduced in this way:
> >
> > 1. lxc-create -n base -t ubuntu
>
> Do you have this problem if you use the download template?
>
> > 2. Edit ubuntu/config to add  lxc.aa_profile = unconfined
>
> interesting that it has to be unconfined.
>
> if you tail -f /var/log/syslog and then start the container, does
> the tail -f output show any DENIED messages?
>
> > 3. lxc-clone -s -B overlayfs ubuntu tmp
>
> Does the 'ubuntu' container start ok?
>
> > 4. lxc-start -n tmp -d
> > 5. lxc-ls -f shows:
> >
> > NAME   STATEIPV4IPV6  GROUPS  AUTOSTART
> > ---
> > tmpRUNNING  - *(no IP)*   - -   NO
> > ubuntu STOPPED  -   - -   NO
>
> Are you able to lxc-attach -n tmp and look around?  what does 'ps -ef'
> and 'ifconfig -a' show?
>
> > Interestingly, I don't run into this issue when running the container in
> > confined mode (without lxc.aa_profile = unconfined). I checked past
> threads
> > in this list and in launchpad, and noticed that some people had problems
> > with overlayfs when upgrading to vivid, but it seems that these problems
> > were fixed in LXC 1.1 release. I'm running on LXC 1.1.2.
> >
> > Any thoughts?
> >
> > Thanks,
> > Fred
>
> > ___
> > lxc-users mailing list
> > lxc-users@lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-users
>
> ___
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users


test.log
Description: Binary data
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Networking not working in unconfined overlayfs container

2015-10-05 Thread Serge Hallyn 
Quoting Frederico Araujo (arau...@gmail.com):
> Hi,
> 
> I've been using LXC for over two years without problems. This week, I
> upgraded my Ubuntu from Trusty to Vivid, and I noticed that my overlayfs
> containers stopped getting IP assigned. In my machine the error can be
> reproduced in this way:
> 
> 1. lxc-create -n base -t ubuntu

Do you have this problem if you use the download template?

> 2. Edit ubuntu/config to add  lxc.aa_profile = unconfined

interesting that it has to be unconfined.

if you tail -f /var/log/syslog and then start the container, does
the tail -f output show any DENIED messages?

> 3. lxc-clone -s -B overlayfs ubuntu tmp

Does the 'ubuntu' container start ok?

> 4. lxc-start -n tmp -d
> 5. lxc-ls -f shows:
> 
> NAME   STATEIPV4IPV6  GROUPS  AUTOSTART
> ---
> tmpRUNNING  - *(no IP)*   - -   NO
> ubuntu STOPPED  -   - -   NO

Are you able to lxc-attach -n tmp and look around?  what does 'ps -ef'
and 'ifconfig -a' show?

> Interestingly, I don't run into this issue when running the container in
> confined mode (without lxc.aa_profile = unconfined). I checked past threads
> in this list and in launchpad, and noticed that some people had problems
> with overlayfs when upgrading to vivid, but it seems that these problems
> were fixed in LXC 1.1 release. I'm running on LXC 1.1.2.
> 
> Any thoughts?
> 
> Thanks,
> Fred

> ___
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users

___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] Networking not working in unconfined overlayfs container

2015-10-04 Thread Frederico Araujo 
Hi,

I've been using LXC for over two years without problems. This week, I
upgraded my Ubuntu from Trusty to Vivid, and I noticed that my overlayfs
containers stopped getting IP assigned. In my machine the error can be
reproduced in this way:

1. lxc-create -n base -t ubuntu
2. Edit ubuntu/config to add  lxc.aa_profile = unconfined
3. lxc-clone -s -B overlayfs ubuntu tmp
4. lxc-start -n tmp -d
5. lxc-ls -f shows:

NAME   STATEIPV4IPV6  GROUPS  AUTOSTART
---
tmpRUNNING  - *(no IP)*   - -   NO
ubuntu STOPPED  -   - -   NO

Interestingly, I don't run into this issue when running the container in
confined mode (without lxc.aa_profile = unconfined). I checked past threads
in this list and in launchpad, and noticed that some people had problems
with overlayfs when upgrading to vivid, but it seems that these problems
were fixed in LXC 1.1 release. I'm running on LXC 1.1.2.

Any thoughts?

Thanks,
Fred
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users