[Lxc-users] RH and clones 6.2, LXC, SElinux and multiple DEVPTS instances
Hello, I've finally successfully migrated my SMACK setup over SElinux to isolate my containers - Thanks to the folks on #selinux@freenode - on a Scientific Linux 6.2 host. (I may share my policy with some details if some of you are interested) So far so good, after loads of hits and misses almost everything works correctly. The only thing that is not, is the multiple devpts instances. It seems that when specifying lxc.pts option in the container config, ssh stops working while /dev/pts is correctly mounted _but_ is still showing pts devices from the host. There's no specific selinux avc denials, and ssh rejects the shell connection with that kind of errors found when /dev/pts is not correctly mounted: sshd[552]: error: ssh_selinux_setup_pty: security_compute_relabel: No such file or directory sshd[556]: error: ioctl(TIOCSCTTY): Operation not permitted sshd[556]: error: open /dev/tty failed - could not set controlling tty: No such device or address As you may guess /dev/tty is present and /dev/pts is correclty mounted as i can do: ssh root@container ls -la /dev/pts Only assigning the pts device for the shell doesn't... Have any of you also hit this problem? Did you find a solution? Regards, Olivier Ps: Using lxc 0.7.5 -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] * fix cached rootfs update * fix rootfs path * add handling of systemd (aka f15)
On Mon, Mar 5, 2012 at 10:28 PM, rha...@informatiq.org wrote:
From: InformatiQ rha...@informatiq.org
Signed-off-by: InformatiQ rha...@informatiq.org
---
templates/lxc-fedora.in | 35 +++
1 files changed, 27 insertions(+), 8 deletions(-)
diff --git a/templates/lxc-fedora.in b/templates/lxc-fedora.in
index e7f42a6..3f50895 100644
--- a/templates/lxc-fedora.in
+++ b/templates/lxc-fedora.in
@@ -69,11 +69,6 @@ EOF
127.0.0.1 localhost $name
EOF
- sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.sysinit
- sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.d/rc.sysinit
- chroot ${rootfs_path} chkconfig udev-post off
- chroot ${rootfs_path} chkconfig network on
-
dev_path=${rootfs_path}/dev
rm -rf $dev_path
mkdir -p $dev_path
@@ -99,6 +94,23 @@ EOF
return 0
}
+configure_fedora_init()
+{
+ sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.sysinit
+ sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.d/rc.sysinit
+ chroot ${rootfs_path} chkconfig udev-post off
+ chroot ${rootfs_path} chkconfig network on
+}
+
+configure_fedora_systemd()
+{
+ unlink ${rootfs_path}/etc/systemd/system/default.target
+ touch ${rootfs_path}/etc/fstab
+ chroot ${rootfs_path} ln -s /dev/null //etc/systemd/system/udev.service
+ chroot ${rootfs_path} ln -s /lib/systemd/system/multi-user.target
/etc/systemd/system/default.target
+ #dependency on a device unit fails it specially that we disabled udev
+ sed -i 's/After=dev-%i.device/After=/'
${rootfs_path}/lib/systemd/system/getty\@.service
+}
download_fedora()
{
@@ -170,7 +182,8 @@ copy_fedora()
update_fedora()
{
- chroot $cache/rootfs yum -y update
+ YUM=yum --installroot $cache/rootfs -y --nogpgcheck
+ $YUM update
}
install_fedora()
@@ -353,7 +366,7 @@ if [ $(id -u) != 0 ]; then
fi
-rootfs_path=$path/$name/rootfs
+rootfs_path=$path/rootfs
config_path=$default_path/$name
cache=$cache_base/$release
@@ -362,7 +375,7 @@ revert()
echo Interrupted, so cleaning up
lxc-destroy -n $name
# maybe was interrupted before copy config
- rm -rf $path/$name
+ rm -rf $path
rm -rf $default_path/$name
echo exiting...
exit 1
@@ -388,6 +401,12 @@ if [ $? -ne 0 ]; then
exit 1
fi
+type /bin/systemd /dev/null 21
+if [ $? -ne 0 ]; then
+ configure_fedora_init
+else
+ configure_fedora_systemd
+fi
if [ ! -z $clean ]; then
clean || exit 1
--
1.7.7.6
there is only problem about systemd not addressed by this script
is that it does mount /dev which stops getty from starting on tty1
so either make it start on any tty higher than what your host is using
and allow that in your lxc cgroup conf
or mount the $rootfs/dev to a different block dev that way systemd
won't mount /dev
the script below does it nicely in the case you don't have a free
block device. the script create a non persistant mount which you don't
need if you are using lvm
[rhanna@hovercraft bin]$ cat lxc-start-fedora
#! /bin/bash
options=$(getopt -o n: -l name: -- $@)
eval set -- $options
while true
do
case $1 in
-n|--name) name=$2; shift 2;;
--) shift
break;;
*) break ;;
esac
done
if [ -z $name ]; then
echo container name must be set, use -n|--name
exit 1
fi
lxc-ls |grep $name /dev/null 21
if [ $? -ne 0 ]; then
echo Container does not exist
exit 1
fi
lxc-info -s -n$name|grep RUNNING /dev/null 21
if [ $? -eq 0 ]; then
echo container already started
exit 1
fi
mount |grep /tmp/lxc/$name /dev/null 21
if [ $? -eq 0 ]; then
umount /tmp/lxc/$name
fi
rm -rf /tmp/lxc/$name
mkdir -p /tmp/lxc/$name
mount none /tmp/lxc/$name -t tmpfs
rsync -a /var/lib/lxc/$name/rootfs/dev/ /tmp/lxc/$name
mount /tmp/lxc/$name f16/rootfs/dev/ -obind
lxc-start $* -n $name
--
BR
RH
http://informatiq.org
--
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] RH and clones 6.2, LXC, SElinux and multiple DEVPTS instances
Hi Mauras, Do you by any chance have an fstab file in your container's /etc directory that is trying to mount devpts fs also. I had this issue a week ago with some of my SL6.2 containers on a fedora 16 host. After removing everything /dev/pts related from the fstab in the /etc directory of the containers, everything magically worked. BR, --ilf On Tue, 2012-03-06 at 10:54 +0100, Mauras Olivier wrote: Hello, I've finally successfully migrated my SMACK setup over SElinux to isolate my containers - Thanks to the folks on #selinux@freenode - on a Scientific Linux 6.2 host. (I may share my policy with some details if some of you are interested) So far so good, after loads of hits and misses almost everything works correctly. The only thing that is not, is the multiple devpts instances. It seems that when specifying lxc.pts option in the container config, ssh stops working while /dev/pts is correctly mounted _but_ is still showing pts devices from the host. There's no specific selinux avc denials, and ssh rejects the shell connection with that kind of errors found when /dev/pts is not correctly mounted: sshd[552]: error: ssh_selinux_setup_pty: security_compute_relabel: No such file or directory sshd[556]: error: ioctl(TIOCSCTTY): Operation not permitted sshd[556]: error: open /dev/tty failed - could not set controlling tty: No such device or address As you may guess /dev/tty is present and /dev/pts is correclty mounted as i can do: ssh root@container ls -la /dev/pts Only assigning the pts device for the shell doesn't... Have any of you also hit this problem? Did you find a solution? Regards, Olivier Ps: Using lxc 0.7.5 -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] RH and clones 6.2, LXC, SElinux and multiple DEVPTS instances
On Tue, Mar 6, 2012 at 12:06 PM, Iliyan Stoyanov i...@ilf.me wrote: Hi Mauras, Do you by any chance have an fstab file in your container's /etc directory that is trying to mount devpts fs also. I had this issue a week ago with some of my SL6.2 containers on a fedora 16 host. After removing everything /dev/pts related from the fstab in the /etc directory of the containers, everything magically worked. BR, --ilf On Tue, 2012-03-06 at 10:54 +0100, Mauras Olivier wrote: Hello, I've finally successfully migrated my SMACK setup over SElinux to isolate my containers - Thanks to the folks on #selinux@freenode - on a Scientific Linux 6.2 host. (I may share my policy with some details if some of you are interested) So far so good, after loads of hits and misses almost everything works correctly. The only thing that is not, is the multiple devpts instances. It seems that when specifying lxc.pts option in the container config, ssh stops working while /dev/pts is correctly mounted _but_ is still showing pts devices from the host. There's no specific selinux avc denials, and ssh rejects the shell connection with that kind of errors found when /dev/pts is not correctly mounted: sshd[552]: error: ssh_selinux_setup_pty: security_compute_relabel: No such file or directory sshd[556]: error: ioctl(TIOCSCTTY): Operation not permitted sshd[556]: error: open /dev/tty failed - could not set controlling tty: No such device or address As you may guess /dev/tty is present and /dev/pts is correclty mounted as i can do: ssh root@container ls -la /dev/pts Only assigning the pts device for the shell doesn't... Have any of you also hit this problem? Did you find a solution? Regards, Olivier Ps: Using lxc 0.7.5 -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users see my patch regarding f16 and my lxc-start-fedora script should give you an idea -- BR RH http://informatiq.org -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] RH and clones 6.2, LXC, SElinux and multiple DEVPTS instances
Just tried and same problem PTY allocation request failed on channel 0 Cheers, Olivier On Tue, Mar 6, 2012 at 11:06 AM, Iliyan Stoyanov i...@ilf.me wrote: ** Hi Mauras, Do you by any chance have an fstab file in your container's /etc directory that is trying to mount devpts fs also. I had this issue a week ago with some of my SL6.2 containers on a fedora 16 host. After removing everything /dev/pts related from the fstab in the /etc directory of the containers, everything magically worked. BR, --ilf On Tue, 2012-03-06 at 10:54 +0100, Mauras Olivier wrote: Hello, I've finally successfully migrated my SMACK setup over SElinux to isolate my containers - Thanks to the folks on #selinux@freenode - on a Scientific Linux 6.2 host. (I may share my policy with some details if some of you are interested) So far so good, after loads of hits and misses almost everything works correctly. The only thing that is not, is the multiple devpts instances. It seems that when specifying lxc.pts option in the container config, ssh stops working while /dev/pts is correctly mounted _but_ is still showing pts devices from the host. There's no specific selinux avc denials, and ssh rejects the shell connection with that kind of errors found when /dev/pts is not correctly mounted: sshd[552]: error: ssh_selinux_setup_pty: security_compute_relabel: No such file or directory sshd[556]: error: ioctl(TIOCSCTTY): Operation not permitted sshd[556]: error: open /dev/tty failed - could not set controlling tty: No such device or address As you may guess /dev/tty is present and /dev/pts is correclty mounted as i can do: ssh root@container ls -la /dev/pts Only assigning the pts device for the shell doesn't... Have any of you also hit this problem? Did you find a solution? Regards, Olivier Ps: Using lxc 0.7.5 -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now!http://p.sf.net/sfu/learndevnow-d2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] RH and clones 6.2, LXC, SElinux and multiple DEVPTS instances
On Tue, Mar 6, 2012 at 11:12 AM, Ramez Hanna rha...@informatiq.org wrote: On Tue, Mar 6, 2012 at 12:06 PM, Iliyan Stoyanov i...@ilf.me wrote: Hi Mauras, Do you by any chance have an fstab file in your container's /etc directory that is trying to mount devpts fs also. I had this issue a week ago with some of my SL6.2 containers on a fedora 16 host. After removing everything /dev/pts related from the fstab in the /etc directory of the containers, everything magically worked. BR, --ilf On Tue, 2012-03-06 at 10:54 +0100, Mauras Olivier wrote: Hello, I've finally successfully migrated my SMACK setup over SElinux to isolate my containers - Thanks to the folks on #selinux@freenode - on a Scientific Linux 6.2 host. (I may share my policy with some details if some of you are interested) So far so good, after loads of hits and misses almost everything works correctly. The only thing that is not, is the multiple devpts instances. It seems that when specifying lxc.pts option in the container config, ssh stops working while /dev/pts is correctly mounted _but_ is still showing pts devices from the host. There's no specific selinux avc denials, and ssh rejects the shell connection with that kind of errors found when /dev/pts is not correctly mounted: sshd[552]: error: ssh_selinux_setup_pty: security_compute_relabel: No such file or directory sshd[556]: error: ioctl(TIOCSCTTY): Operation not permitted sshd[556]: error: open /dev/tty failed - could not set controlling tty: No such device or address As you may guess /dev/tty is present and /dev/pts is correclty mounted as i can do: ssh root@container ls -la /dev/pts Only assigning the pts device for the shell doesn't... Have any of you also hit this problem? Did you find a solution? Regards, Olivier Ps: Using lxc 0.7.5 -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users see my patch regarding f16 and my lxc-start-fedora script should give you an idea -- BR RH http://informatiq.org Hi, Thanks for your reply, i actually looked at your patch, but i don't think it's relevant to my problem as i don't start any getty in the container at all. Now i may be missing something, if so please enlighten me. Regards, Olivier -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] RH and clones 6.2, LXC, SElinux and multiple DEVPTS instances
On Tue, Mar 6, 2012 at 1:07 PM, Mauras Olivier oliver.mau...@gmail.com wrote: On Tue, Mar 6, 2012 at 11:12 AM, Ramez Hanna rha...@informatiq.org wrote: On Tue, Mar 6, 2012 at 12:06 PM, Iliyan Stoyanov i...@ilf.me wrote: Hi Mauras, Do you by any chance have an fstab file in your container's /etc directory that is trying to mount devpts fs also. I had this issue a week ago with some of my SL6.2 containers on a fedora 16 host. After removing everything /dev/pts related from the fstab in the /etc directory of the containers, everything magically worked. BR, --ilf On Tue, 2012-03-06 at 10:54 +0100, Mauras Olivier wrote: Hello, I've finally successfully migrated my SMACK setup over SElinux to isolate my containers - Thanks to the folks on #selinux@freenode - on a Scientific Linux 6.2 host. (I may share my policy with some details if some of you are interested) So far so good, after loads of hits and misses almost everything works correctly. The only thing that is not, is the multiple devpts instances. It seems that when specifying lxc.pts option in the container config, ssh stops working while /dev/pts is correctly mounted _but_ is still showing pts devices from the host. There's no specific selinux avc denials, and ssh rejects the shell connection with that kind of errors found when /dev/pts is not correctly mounted: sshd[552]: error: ssh_selinux_setup_pty: security_compute_relabel: No such file or directory sshd[556]: error: ioctl(TIOCSCTTY): Operation not permitted sshd[556]: error: open /dev/tty failed - could not set controlling tty: No such device or address As you may guess /dev/tty is present and /dev/pts is correclty mounted as i can do: ssh root@container ls -la /dev/pts Only assigning the pts device for the shell doesn't... Have any of you also hit this problem? Did you find a solution? Regards, Olivier Ps: Using lxc 0.7.5 -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users see my patch regarding f16 and my lxc-start-fedora script should give you an idea -- BR RH http://informatiq.org Hi, Thanks for your reply, i actually looked at your patch, but i don't think it's relevant to my problem as i don't start any getty in the container at all. Now i may be missing something, if so please enlighten me. Regards, Olivier in f16 systemd mounts /ev to devtmpfs no matter what you specify in your fstab the only case where it won't do that is when you have /dev already mounted on a separate block device (that's what my script does to avoid mounting /dev by systemd) if systemd mounts /dev then it has access to your host's devices and is sharing the ttys so for example if running lxc-start -n f16 it will not get you shell or any output from the container because the container is trying to access tty0 which is already in use by the host if you use the -d option then you don't get any access inside the container because lxc-console won't work again because getty will not start on tty1 or any other tty i am not sure if you can start the container or no could be sefull if you post full log of your lxc-start -- BR RH http://informatiq.org -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] RH and clones 6.2, LXC, SElinux and multiple DEVPTS instances
On Tue, Mar 6, 2012 at 12:13 PM, Ramez Hanna rha...@informatiq.org wrote: On Tue, Mar 6, 2012 at 1:07 PM, Mauras Olivier oliver.mau...@gmail.com wrote: On Tue, Mar 6, 2012 at 11:12 AM, Ramez Hanna rha...@informatiq.org wrote: On Tue, Mar 6, 2012 at 12:06 PM, Iliyan Stoyanov i...@ilf.me wrote: Hi Mauras, Do you by any chance have an fstab file in your container's /etc directory that is trying to mount devpts fs also. I had this issue a week ago with some of my SL6.2 containers on a fedora 16 host. After removing everything /dev/pts related from the fstab in the /etc directory of the containers, everything magically worked. BR, --ilf On Tue, 2012-03-06 at 10:54 +0100, Mauras Olivier wrote: Hello, I've finally successfully migrated my SMACK setup over SElinux to isolate my containers - Thanks to the folks on #selinux@freenode - on a Scientific Linux 6.2 host. (I may share my policy with some details if some of you are interested) So far so good, after loads of hits and misses almost everything works correctly. The only thing that is not, is the multiple devpts instances. It seems that when specifying lxc.pts option in the container config, ssh stops working while /dev/pts is correctly mounted _but_ is still showing pts devices from the host. There's no specific selinux avc denials, and ssh rejects the shell connection with that kind of errors found when /dev/pts is not correctly mounted: sshd[552]: error: ssh_selinux_setup_pty: security_compute_relabel: No such file or directory sshd[556]: error: ioctl(TIOCSCTTY): Operation not permitted sshd[556]: error: open /dev/tty failed - could not set controlling tty: No such device or address As you may guess /dev/tty is present and /dev/pts is correclty mounted as i can do: ssh root@container ls -la /dev/pts Only assigning the pts device for the shell doesn't... Have any of you also hit this problem? Did you find a solution? Regards, Olivier Ps: Using lxc 0.7.5 -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users see my patch regarding f16 and my lxc-start-fedora script should give you an idea -- BR RH http://informatiq.org Hi, Thanks for your reply, i actually looked at your patch, but i don't think it's relevant to my problem as i don't start any getty in the container at all. Now i may be missing something, if so please enlighten me. Regards, Olivier in f16 systemd mounts /ev to devtmpfs no matter what you specify in your fstab the only case where it won't do that is when you have /dev already mounted on a separate block device (that's what my script does to avoid mounting /dev by systemd) if systemd mounts /dev then it has access to your host's devices and is sharing the ttys so for example if running lxc-start -n f16 it will not get you shell or any output from the container because the container is trying to access tty0 which is already in use by the host if you use the -d option then you don't get any access inside the container because lxc-console won't work again because getty will not start on tty1 or any other tty i am not sure if you can start the container or no could be sefull if you post full log of your lxc-start -- BR RH http://informatiq.org Ok i get it now. This is what you do here: mount none /tmp/lxc/$name -t tmpfs rsync -a /var/lib/lxc/$name/rootfs/dev/ /tmp/lxc/$name mount /tmp/lxc/$name f16/rootfs/dev/ -obind lxc-start $* -n $name Thing is i don't think i would change anything for my case as it's upstart used and it actually works like a charm on a non enforced selinux system or on a smack isolated container... I really feel like selinux is at fault here but can't find why ... BTW shouldn't
Re: [Lxc-users] RH and clones 6.2, LXC, SElinux and multiple DEVPTS instances
On Tue, Mar 6, 2012 at 1:19 PM, Mauras Olivier oliver.mau...@gmail.comwrote: On Tue, Mar 6, 2012 at 12:13 PM, Ramez Hanna rha...@informatiq.orgwrote: On Tue, Mar 6, 2012 at 1:07 PM, Mauras Olivier oliver.mau...@gmail.com wrote: On Tue, Mar 6, 2012 at 11:12 AM, Ramez Hanna rha...@informatiq.org wrote: On Tue, Mar 6, 2012 at 12:06 PM, Iliyan Stoyanov i...@ilf.me wrote: Hi Mauras, Do you by any chance have an fstab file in your container's /etc directory that is trying to mount devpts fs also. I had this issue a week ago with some of my SL6.2 containers on a fedora 16 host. After removing everything /dev/pts related from the fstab in the /etc directory of the containers, everything magically worked. BR, --ilf On Tue, 2012-03-06 at 10:54 +0100, Mauras Olivier wrote: Hello, I've finally successfully migrated my SMACK setup over SElinux to isolate my containers - Thanks to the folks on #selinux@freenode - on a Scientific Linux 6.2 host. (I may share my policy with some details if some of you are interested) So far so good, after loads of hits and misses almost everything works correctly. The only thing that is not, is the multiple devpts instances. It seems that when specifying lxc.pts option in the container config, ssh stops working while /dev/pts is correctly mounted _but_ is still showing pts devices from the host. There's no specific selinux avc denials, and ssh rejects the shell connection with that kind of errors found when /dev/pts is not correctly mounted: sshd[552]: error: ssh_selinux_setup_pty: security_compute_relabel: No such file or directory sshd[556]: error: ioctl(TIOCSCTTY): Operation not permitted sshd[556]: error: open /dev/tty failed - could not set controlling tty: No such device or address As you may guess /dev/tty is present and /dev/pts is correclty mounted as i can do: ssh root@container ls -la /dev/pts Only assigning the pts device for the shell doesn't... Have any of you also hit this problem? Did you find a solution? Regards, Olivier Ps: Using lxc 0.7.5 -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users see my patch regarding f16 and my lxc-start-fedora script should give you an idea -- BR RH http://informatiq.org Hi, Thanks for your reply, i actually looked at your patch, but i don't think it's relevant to my problem as i don't start any getty in the container at all. Now i may be missing something, if so please enlighten me. Regards, Olivier in f16 systemd mounts /ev to devtmpfs no matter what you specify in your fstab the only case where it won't do that is when you have /dev already mounted on a separate block device (that's what my script does to avoid mounting /dev by systemd) if systemd mounts /dev then it has access to your host's devices and is sharing the ttys so for example if running lxc-start -n f16 it will not get you shell or any output from the container because the container is trying to access tty0 which is already in use by the host if you use the -d option then you don't get any access inside the container because lxc-console won't work again because getty will not start on tty1 or any other tty i am not sure if you can start the container or no could be sefull if you post full log of your lxc-start -- BR RH http://informatiq.org Ok i get it now. This is what you do here: mount none /tmp/lxc/$name -t tmpfs rsync -a /var/lib/lxc/$name/rootfs/dev/ /tmp/lxc/$name mount /tmp/lxc/$name f16/rootfs/dev/ -obind lxc-start $* -n $name Thing is i don't think i would change anything for my case as it's upstart used and it actually works like a charm on a non enforced selinux system or on a smack isolated
[Lxc-users] Sharing resources between containers
Please explain, what is the right way to sharing resources (as example mysql socket) between containers? For example we have 2 VM VM1 : mysql instance VM2 : need access to mysql Yes it's possible to connect via TCP But connect via socket is more liked way So, as basic setup, we can create on host some /share-dir and add to VM1, VM2 fstab mount bind of host /share-dir into containers Is it correct? -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] * fix cached rootfs update * fix rootfs path * add handling of systemd (aka f15)
Quoting Ramez Hanna (rha...@informatiq.org):
On Mon, Mar 5, 2012 at 10:28 PM, rha...@informatiq.org wrote:
From: InformatiQ rha...@informatiq.org
Signed-off-by: InformatiQ rha...@informatiq.org
---
templates/lxc-fedora.in | 35 +++
1 files changed, 27 insertions(+), 8 deletions(-)
diff --git a/templates/lxc-fedora.in b/templates/lxc-fedora.in
index e7f42a6..3f50895 100644
--- a/templates/lxc-fedora.in
+++ b/templates/lxc-fedora.in
@@ -69,11 +69,6 @@ EOF
127.0.0.1 localhost $name
EOF
- sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.sysinit
- sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.d/rc.sysinit
- chroot ${rootfs_path} chkconfig udev-post off
- chroot ${rootfs_path} chkconfig network on
-
dev_path=${rootfs_path}/dev
rm -rf $dev_path
mkdir -p $dev_path
@@ -99,6 +94,23 @@ EOF
return 0
}
+configure_fedora_init()
+{
+ sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.sysinit
+ sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.d/rc.sysinit
+ chroot ${rootfs_path} chkconfig udev-post off
+ chroot ${rootfs_path} chkconfig network on
+}
+
+configure_fedora_systemd()
+{
+ unlink ${rootfs_path}/etc/systemd/system/default.target
+ touch ${rootfs_path}/etc/fstab
+ chroot ${rootfs_path} ln -s /dev/null //etc/systemd/system/udev.service
+ chroot ${rootfs_path} ln -s /lib/systemd/system/multi-user.target
/etc/systemd/system/default.target
+ #dependency on a device unit fails it specially that we disabled udev
+ sed -i 's/After=dev-%i.device/After=/'
${rootfs_path}/lib/systemd/system/getty\@.service
+}
download_fedora()
{
@@ -170,7 +182,8 @@ copy_fedora()
update_fedora()
{
- chroot $cache/rootfs yum -y update
+ YUM=yum --installroot $cache/rootfs -y --nogpgcheck
+ $YUM update
}
install_fedora()
@@ -353,7 +366,7 @@ if [ $(id -u) != 0 ]; then
fi
-rootfs_path=$path/$name/rootfs
+rootfs_path=$path/rootfs
config_path=$default_path/$name
cache=$cache_base/$release
@@ -362,7 +375,7 @@ revert()
echo Interrupted, so cleaning up
lxc-destroy -n $name
# maybe was interrupted before copy config
- rm -rf $path/$name
+ rm -rf $path
rm -rf $default_path/$name
echo exiting...
exit 1
@@ -388,6 +401,12 @@ if [ $? -ne 0 ]; then
exit 1
fi
+type /bin/systemd /dev/null 21
+if [ $? -ne 0 ]; then
+ configure_fedora_init
+else
+ configure_fedora_systemd
+fi
if [ ! -z $clean ]; then
clean || exit 1
--
1.7.7.6
there is only problem about systemd not addressed by this script
is that it does mount /dev which stops getty from starting on tty1
so either make it start on any tty higher than what your host is using
and allow that in your lxc cgroup conf
or mount the $rootfs/dev to a different block dev that way systemd
won't mount /dev
Could the template create a 1M loopback file,
/var/lib/lxc/container/dev.loopback, populated with /dev and
mounted by a lxc.mount.entry?
-serge
--
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] * fix cached rootfs update * fix rootfs path * add handling of systemd (aka f15)
Yes, I think ideally you'd have a single
/var/lib/lxc/fedora-devs
mounted from a single loopback or block device, with each container
having a /var/lib/lxc/fedora-devs/containername directory, populated,
for its dev, bind-mounted in through lxc.mount.entry.
-serge
Quoting rha...@informatiq.org (rha...@informatiq.org):
i can do that but i didn't do it brcause it could be done differently for
different backingsrorage
I'll do it anyway and send patch later
--
Sent from my Nokia N9On 6.3.2012 16:59 Serge Hallyn wrote:
Quoting Ramez Hanna (rha...@informatiq.org):
On Mon, Mar 5, 2012 at 10:28 PM, rha...@informatiq.org wrote:
From: InformatiQ rha...@informatiq.org
Signed-off-by: InformatiQ rha...@informatiq.org
---
templates/lxc-fedora.in | 35 +++
1 files changed, 27 insertions(+), 8 deletions(-)
diff --git a/templates/lxc-fedora.in b/templates/lxc-fedora.in
index e7f42a6..3f50895 100644
--- a/templates/lxc-fedora.in
+++ b/templates/lxc-fedora.in
@@ -69,11 +69,6 @@ EOF
127.0.0.1 localhost $name
EOF
- sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.sysinit
- sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.d/rc.sysinit
- chroot ${rootfs_path} chkconfig udev-post off
- chroot ${rootfs_path} chkconfig network on
-
dev_path=${rootfs_path}/dev
rm -rf $dev_path
mkdir -p $dev_path
@@ -99,6 +94,23 @@ EOF
return 0
}
+configure_fedora_init()
+{
+ sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.sysinit
+ sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.d/rc.sysinit
+ chroot ${rootfs_path} chkconfig udev-post off
+ chroot ${rootfs_path} chkconfig network on
+}
+
+configure_fedora_systemd()
+{
+ unlink ${rootfs_path}/etc/systemd/system/default.target
+ touch ${rootfs_path}/etc/fstab
+ chroot ${rootfs_path} ln -s /dev/null
//etc/systemd/system/udev.service
+ chroot ${rootfs_path} ln -s /lib/systemd/system/multi-user.target
/etc/systemd/system/default.target
+ #dependency on a device unit fails it specially that we disabled udev
+ sed -i 's/After=dev-%i.device/After=/'
${rootfs_path}/lib/systemd/system/getty\@.service
+}
download_fedora()
{
@@ -170,7 +182,8 @@ copy_fedora()
update_fedora()
{
- chroot $cache/rootfs yum -y update
+ YUM=yum --installroot $cache/rootfs -y --nogpgcheck
+ $YUM update
}
install_fedora()
@@ -353,7 +366,7 @@ if [ $(id -u) != 0 ]; then
fi
-rootfs_path=$path/$name/rootfs
+rootfs_path=$path/rootfs
config_path=$default_path/$name
cache=$cache_base/$release
@@ -362,7 +375,7 @@ revert()
echo Interrupted, so cleaning up
lxc-destroy -n $name
# maybe was interrupted before copy config
- rm -rf $path/$name
+ rm -rf $path
rm -rf $default_path/$name
echo exiting...
exit 1
@@ -388,6 +401,12 @@ if [ $? -ne 0 ]; then
exit 1
fi
+type /bin/systemd /dev/null 21
+if [ $? -ne 0 ]; then
+ configure_fedora_init
+else
+ configure_fedora_systemd
+fi
if [ ! -z $clean ]; then
clean || exit 1
--
1.7.7.6
there is only problem about systemd not addressed by this script
is that it does mount /dev which stops getty from starting on tty1
so either make it start on any tty higher than what your host is using
and allow that in your lxc cgroup conf
or mount the $rootfs/dev to a different block dev that way systemd
won't mount /dev
Could the template create a 1M loopback file,
/var/lib/lxc/container/dev.loopback, populated with /dev and
mounted by a lxc.mount.entry?
-serge
--
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] start a debian in lxc with keyboard no response
I start a debian os in lxc, the debian has X server. when the debian login window shows, i found that my keyboard and mouse don't work, i have nothing to do but to reboot my computer. what's wrong with it? -- 陈竞,中科院计算技术研究所,高性能计算机中心 Jing Chen HPCC.ICT.AC China -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] start a debian in lxc with keyboard no response
I start a debian os in lxc, the debian has X server. when the debian login window shows, i found that my keyboard and mouse don't work, i have nothing to do but to reboot my computer. what's wrong with it? See if ssh works from a different machine and look at the xorg log. I think this is an xorg problem not lxc. I expect in the log for xorg you will see a line that says disabling keyboard .. John -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] Ubuntu 12.04 linux-container package and init modifications
I have been preparing to move a bunch of dev VMs running Ubuntu 10.04 on KVM to 12.04 on LXC after the release next month. I am currently testing with the 12.04 beta build and have had good luck getting everything up and running. However I am still making numerous changes to the upstart scripts to make everything start fine. Does anyone here have any experience with the new linux-container package in 12.04? It appears to have made many changes in an attempt to configure the guest to start properly in LXC, however the only reason everything worked was because the upstart failsafe-boot event was eventually emitted. It still took a bit of work to get the system to go through the usual boot process without failsafe needing to kick in. My guest is a Ubuntu 12.04 rootfs generated with debootstrap. Then the linux-container package was added. The network configuration done via that package didnt seem to work right: the default gateway wasnt set and the static-network-up event never fired. Is anyone familiar with the new package in 12.04, and if it is going to be updated before release to work out of the box? Or am I just doing it wrong? :) Thanks! -- Thaddeus -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] * fix cached rootfs update * fix rootfs path * add handling of systemd (aka f15)
On Tue, Mar 6, 2012 at 5:11 PM, Serge Hallyn serge.hal...@canonical.com wrote:
Yes, I think ideally you'd have a single
/var/lib/lxc/fedora-devs
mounted from a single loopback or block device, with each container
having a /var/lib/lxc/fedora-devs/containername directory, populated,
for its dev, bind-mounted in through lxc.mount.entry.
-serge
Quoting rha...@informatiq.org (rha...@informatiq.org):
i can do that but i didn't do it brcause it could be done differently for
different backingsrorage
I'll do it anyway and send patch later
--
Sent from my Nokia N9On 6.3.2012 16:59 Serge Hallyn wrote:
Quoting Ramez Hanna (rha...@informatiq.org):
On Mon, Mar 5, 2012 at 10:28 PM, rha...@informatiq.org wrote:
From: InformatiQ rha...@informatiq.org
Signed-off-by: InformatiQ rha...@informatiq.org
---
templates/lxc-fedora.in | 35 +++
1 files changed, 27 insertions(+), 8 deletions(-)
diff --git a/templates/lxc-fedora.in b/templates/lxc-fedora.in
index e7f42a6..3f50895 100644
--- a/templates/lxc-fedora.in
+++ b/templates/lxc-fedora.in
@@ -69,11 +69,6 @@ EOF
127.0.0.1 localhost $name
EOF
- sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.sysinit
- sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.d/rc.sysinit
- chroot ${rootfs_path} chkconfig udev-post off
- chroot ${rootfs_path} chkconfig network on
-
dev_path=${rootfs_path}/dev
rm -rf $dev_path
mkdir -p $dev_path
@@ -99,6 +94,23 @@ EOF
return 0
}
+configure_fedora_init()
+{
+ sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.sysinit
+ sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.d/rc.sysinit
+ chroot ${rootfs_path} chkconfig udev-post off
+ chroot ${rootfs_path} chkconfig network on
+}
+
+configure_fedora_systemd()
+{
+ unlink ${rootfs_path}/etc/systemd/system/default.target
+ touch ${rootfs_path}/etc/fstab
+ chroot ${rootfs_path} ln -s /dev/null
//etc/systemd/system/udev.service
+ chroot ${rootfs_path} ln -s /lib/systemd/system/multi-user.target
/etc/systemd/system/default.target
+ #dependency on a device unit fails it specially that we disabled
udev
+ sed -i 's/After=dev-%i.device/After=/'
${rootfs_path}/lib/systemd/system/getty\@.service
+}
download_fedora()
{
@@ -170,7 +182,8 @@ copy_fedora()
update_fedora()
{
- chroot $cache/rootfs yum -y update
+ YUM=yum --installroot $cache/rootfs -y --nogpgcheck
+ $YUM update
}
install_fedora()
@@ -353,7 +366,7 @@ if [ $(id -u) != 0 ]; then
fi
-rootfs_path=$path/$name/rootfs
+rootfs_path=$path/rootfs
config_path=$default_path/$name
cache=$cache_base/$release
@@ -362,7 +375,7 @@ revert()
echo Interrupted, so cleaning up
lxc-destroy -n $name
# maybe was interrupted before copy config
- rm -rf $path/$name
+ rm -rf $path
rm -rf $default_path/$name
echo exiting...
exit 1
@@ -388,6 +401,12 @@ if [ $? -ne 0 ]; then
exit 1
fi
+type /bin/systemd /dev/null 21
+if [ $? -ne 0 ]; then
+ configure_fedora_init
+else
+ configure_fedora_systemd
+fi
if [ ! -z $clean ]; then
clean || exit 1
--
1.7.7.6
there is only problem about systemd not addressed by this script
is that it does mount /dev which stops getty from starting on tty1
so either make it start on any tty higher than what your host is using
and allow that in your lxc cgroup conf
or mount the $rootfs/dev to a different block dev that way systemd
won't mount /dev
Could the template create a 1M loopback file,
/var/lib/lxc/container/dev.loopback, populated with /dev and
mounted by a lxc.mount.entry?
-serge
creating a loopback file for each container will not work from
lxc.conf as lxc won't mount it, it has to be bound to a loopdevice
first
i was hoping to make it happen with no pre steps
any ideas? to avoid manual intervention at all
--
BR
RH
http://informatiq.org
--
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Ubuntu 12.04 linux-container package and init modifications
Quoting Fajar A. Nugraha (l...@fajar.net): # cat /etc/init/lxc-lo.conf start on startup env container pre-start script if [ x$container != xlxc -a x$container != xlibvirt ]; then stop; fi initctl start network-interface INTERFACE=lo exit 0; end script So now the modifications (both from lxcguest and my local addition) are all new .conf files, which would be ignored if it's not started in lxc environment. Might try 12.04 container later. If your guest is uptodate 12.04, you should have /etc/init/network-interface-container.conf from ifupdownpackage which emits that signal for you. You shouldn't need your own lxc-lo.conf any more. -serge -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] * fix cached rootfs update * fix rootfs path * add handling of systemd (aka f15)
Quoting Ramez Hanna (rha...@informatiq.org): creating a loopback file for each container will not work from lxc.conf as lxc won't mount it, it has to be bound to a loopdevice first Adding support for a loopback file (or a qemu-nbd file perhaps) to lxc seems worthwhile. i was hoping to make it happen with no pre steps Agreed that'd be nicer. any ideas? to avoid manual intervention at all Not offhand. Maybe use an overlay or aufs mount of the container's /dev over itself? :) -serge -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] how to configure lxc's route table without route cmd?
i start a container with virtual network without configuring route, i wonder if i can configure route table according to lxc configure file or changing some file in host os. i dont want to execute route command in lxc. -- 陈竞,中科院计算技术研究所,高性能计算机中心 Jing Chen HPCC.ICT.AC China -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Ubuntu 12.04 linux-container package and init modifications
On 3/6/2012 9:45 PM, Serge Hallyn wrote: Quoting Fajar A. Nugraha (l...@fajar.net): # cat /etc/init/lxc-lo.conf start on startup env container pre-start script if [ x$container != xlxc -a x$container != xlibvirt ]; then stop; fi initctl start network-interface INTERFACE=lo exit 0; end script So now the modifications (both from lxcguest and my local addition) are all new .conf files, which would be ignored if it's not started in lxc environment. Might try 12.04 container later. If your guest is uptodate 12.04, you should have /etc/init/network-interface-container.conf from ifupdownpackage which emits that signal for you. You shouldn't need your own lxc-lo.conf any more. -serge Failsafe was still kicking in on an out of the box installation. I will grab the latest daily and run through it again to verify there is a problem and that it wasn't me. -- Thaddeus -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Ubuntu 12.04 linux-container package and init modifications
On Wed, Mar 7, 2012 at 10:45 AM, Serge Hallyn serge.hal...@canonical.com wrote: Quoting Fajar A. Nugraha (l...@fajar.net): # cat /etc/init/lxc-lo.conf start on startup env container pre-start script if [ x$container != xlxc -a x$container != xlibvirt ]; then stop; fi initctl start network-interface INTERFACE=lo exit 0; end script So now the modifications (both from lxcguest and my local addition) are all new .conf files, which would be ignored if it's not started in lxc environment. Might try 12.04 container later. If your guest is uptodate 12.04, you should have /etc/init/network-interface-container.conf from ifupdownpackage which emits that signal for you. You shouldn't need your own lxc-lo.conf any more. What is Canonical's plan for older guests? Will network-interface-container.conf be backported to lxc-guest, or will manual configuration still necessary? -- Fajar -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] how to configure lxc's route table without route cmd?
2012/3/7 陈竞 cj.mag...@gmail.com: i start a container with virtual network without configuring route, i wonder if i can configure route table according to lxc configure file or changing some file in host os. i dont want to execute route command in lxc. IMHO it's easier to: - create bridged networking + NAT on host - use dhcp on guest - use iptables on host to restrict guest access, if needed -- Fajar -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Ubuntu 12.04 linux-container package and init modifications
On 3/6/2012 10:31 PM, Fajar A. Nugraha wrote: On Wed, Mar 7, 2012 at 10:45 AM, Serge Hallyn serge.hal...@canonical.com wrote: If your guest is uptodate 12.04, you should have /etc/init/network-interface-container.conf from ifupdownpackage which emits that signal for you. You shouldn't need your own lxc-lo.conf any more. Just tried it btw. Awesome. lxc-create -n precise -t ubuntu -- -r precise create a container that just works, with default user/pass ubuntu/ubuntu. And it's not even using linux-container package, all the needed lxc-specific init files are part of regular packages (upstart, ifupdown) Maybe my issue was starting with a debootstrap created rootfs and not lxc-create, which I have not tried before. I will attempt to use that script. -- Thaddeus -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] how to configure lxc's route table without route cmd?
thankyou, i will try it 在 2012年3月7日 下午12:11,Fajar A. Nugraha l...@fajar.net写道: 2012/3/7 陈竞 cj.mag...@gmail.com: i start a container with virtual network without configuring route, i wonder if i can configure route table according to lxc configure file or changing some file in host os. i dont want to execute route command in lxc. IMHO it's easier to: - create bridged networking + NAT on host - use dhcp on guest - use iptables on host to restrict guest access, if needed -- Fajar -- 陈竞,中科院计算技术研究所,高性能计算机中心 Jing Chen HPCC.ICT.AC China -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
