[Lxc-users] sshd container problem
I am trying to create a sshd container. Any ideas on how to fix this? I'm using a stock ubuntu 12.10 server here is the output of my reproducing the issue --- root@ubuntu:/usr/share/lxc/templates# cat /etc/lxc/lxc.conf lxc.network.type=veth lxc.network.link=lxcbr0 lxc.network.flags=up root@ubuntu:/usr/share/lxc/templates# lxc-create -t sshd -n foo No config file specified, using the default config Generating public/private rsa key pair. Enter passphrase (empty for no passphrase): 'sshd' template installed 'foo' created root@ubuntu:/usr/share/lxc/templates# lxc-start -n foo lxc-start: Read-only file system - error unlinking /usr/lib/x86_64-linux-gnu/lxc/dev/kmsg lxc-start: failed to setup kmsg for 'foo' lxc-start: failed to setup the container lxc-start: invalid sequence number 1. expected 2 lxc-start: failed to spawn 'foo' root@ubuntu:/usr/share/lxc/templates# ls /usr/lib/x86_64-linux-gnu/lxc/ lxc-init this is the config file created for the container: lxc.network.type=veth lxc.network.link=lxcbr0 lxc.network.flags=up lxc.rootfs = /var/lib/lxc/foo/rootfs lxc.utsname = foo lxc.pts = 1024 # uncomment the next line to run the container unconfined: #lxc.aa_profile = unconfined lxc.mount.entry=/dev dev none ro,bind 0 0 lxc.mount.entry=/lib lib none ro,bind 0 0 lxc.mount.entry=/bin bin none ro,bind 0 0 lxc.mount.entry=/usr usr none ro,bind 0 0 lxc.mount.entry=/sbin sbin none ro,bind 0 0 lxc.mount.entry=tmpfs var/run/sshd tmpfs mode=0644 0 0 lxc.mount.entry=/usr/share/lxc/templates/lxc-sshd sbin/init none bind 0 0 lxc.mount.entry=proc proc proc nodev,noexec,nosuid 0 0 lxc.mount.entry=/lib64 lib64 none ro,bind 0 0 -- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122412 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] sshd container problem
I am trying to create a sshd container. Any ideas on how to fix this? here is the output of my reproducing the issue --- root@ubuntu:/usr/share/lxc/templates# cat /etc/lxc/lxc.conf lxc.network.type=veth lxc.network.link=lxcbr0 lxc.network.flags=up root@ubuntu:/usr/share/lxc/templates# lxc-create -t sshd -n foo No config file specified, using the default config Generating public/private rsa key pair. Enter passphrase (empty for no passphrase): 'sshd' template installed 'foo' created root@ubuntu:/usr/share/lxc/templates# lxc-start -n foo lxc-start: Read-only file system - error unlinking /usr/lib/x86_64-linux-gnu/lxc/dev/kmsg lxc-start: failed to setup kmsg for 'foo' lxc-start: failed to setup the container lxc-start: invalid sequence number 1. expected 2 lxc-start: failed to spawn 'foo' root@ubuntu:/usr/share/lxc/templates# ls /usr/lib/x86_64-linux-gnu/lxc/ lxc-init -- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122412 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] lxc-ps lxc-netstat not working
On Mon, Jan 7, 2013 at 10:33 AM, Serge Hallyn wrote: > Quoting Shibashish (shi...@gmail.com): >> I am on CentOS 6.3 and got lxc working on it. But when I run lxc-ps or >> lxc-netstat, i get the following errors... >> >> lxc-ps: no cgroup mount point found >> lxc-netstat: no cgroup mount point found >> >> >> Relevant lines in lxc-ps.in... (I tried bot the options) >> >> # Get the filesystem mountpoint of the hierarchy >> #mountpoint=$(grep -E "^cgroup [^ ]+ [^ ]+ ([^ >> ]+,)?$subsystems(,[^ ]+)? " /proc/self/mounts | cut -d ' ' -f 2) >> mountpoint=$(grep -E "^[^ ]+ [^ ]+ cgroup ([^ >> ]+,)?$subsystems(,[^ ]+)? " /proc/self/mounts | cut -d ' ' -f 2) > > Your problem here (in the second one) is the space before the ". If you > remove that you should get results. > > This appears to be what is in the upstream lxc (on sf.net). The version > in github staging (git://github.com/lxc/lxc.git #staging) is quite > different, you may want to try building and running that. > I had the same problem on gentoo. I can confirm that replacing the get_parent_cgroup() function with the code from the git staging fixes the issue for me. Thanks John -- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122412 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] lxc-ps lxc-netstat not working
Quoting Shibashish (shi...@gmail.com): > I am on CentOS 6.3 and got lxc working on it. But when I run lxc-ps or > lxc-netstat, i get the following errors... > > lxc-ps: no cgroup mount point found > lxc-netstat: no cgroup mount point found > > > Relevant lines in lxc-ps.in... (I tried bot the options) > > # Get the filesystem mountpoint of the hierarchy > #mountpoint=$(grep -E "^cgroup [^ ]+ [^ ]+ ([^ > ]+,)?$subsystems(,[^ ]+)? " /proc/self/mounts | cut -d ' ' -f 2) > mountpoint=$(grep -E "^[^ ]+ [^ ]+ cgroup ([^ > ]+,)?$subsystems(,[^ ]+)? " /proc/self/mounts | cut -d ' ' -f 2) Your problem here (in the second one) is the space before the ". If you remove that you should get results. This appears to be what is in the upstream lxc (on sf.net). The version in github staging (git://github.com/lxc/lxc.git #staging) is quite different, you may want to try building and running that. -serge -- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122412 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Is it possible to configure a bridge inside an LXC guest ?
Quoting John (l...@jelmail.com): > Hi everyone, > > I haven't yet tried this yet but thought I'd ask first because it Why not? :) > seems a bit crazy, but... Not at all. > Is it possible to configure a container so that it has a bridge in it ? Yup. The container has a full l2 networking stack. You can create a bridge and bridge eth0 with no problems. -serge -- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122412 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] lxc-ps lxc-netstat not working
I am on CentOS 6.3 and got lxc working on it. But when I run lxc-ps or lxc-netstat, i get the following errors... lxc-ps: no cgroup mount point found lxc-netstat: no cgroup mount point found Relevant lines in lxc-ps.in... (I tried bot the options) # Get the filesystem mountpoint of the hierarchy #mountpoint=$(grep -E "^cgroup [^ ]+ [^ ]+ ([^ ]+,)?$subsystems(,[^ ]+)? " /proc/self/mounts | cut -d ' ' -f 2) mountpoint=$(grep -E "^[^ ]+ [^ ]+ cgroup ([^ ]+,)?$subsystems(,[^ ]+)? " /proc/self/mounts | cut -d ' ' -f 2) if [ -z "$mountpoint" ]; then continue; fi # mount | grep cgroup none on /cgroup type cgroup (rw) # grep cgroup /etc/fstab none /cgroup cgroup defaults 0 0 # grep cgroup /proc/self/mounts none /cgroup cgroup rw,relatime,net_prio,perf_event,blkio,net_cls,freezer,devices,memory,cpuacct,cpu,ns,cpuset 0 0 ShiB. while ( ! ( succeed = try() ) ); -- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122412___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] retrieve guest container's ip address
Thank you, Ben. I have just searched again for similar questions, and found
what I think is the most "natural" solution:
Add this line to /etc/dhcp/dhclient.conf on the host:
prepend domain-name-servers 10.0.3.1;
Then run "service networking restart", and I can log into the guest with "ssh
ubuntu@guest1" or use "nslookup guest1".
HTH
Alan
From: Ben Butler-Cole
To: Alan McDuff
Cc: Marko Anastasov ;
"lxc-users@lists.sourceforge.net"
Sent: Monday, January 7, 2013 11:11 AM
Subject: Re: [Lxc-users] retrieve guest container's ip address
On 5 January 2013 12:29, Alan McDuff wrote:
>If you paste the .lxc part from
>http://www.stgraber.org/2012/07/17/easily-ssh-to-your-containers-and-vms-on-ubuntu-12-04-lts/
> into your ~/.ssh/config >and start the container, then you should be able to
>ssh with "ssh ubu...@guest1.lxc".
>
>Thanks, but this doesn't look like a clean setup to me. If there is no better
>solution, I will write a post-lxc-create script that appends "$(host
>$guestname 10.0.3.1) $guestname" to /etc/hosts.
>
I think that writing the address into /etc/hosts may cause you problems
eventually because it will get out of date when you remove containers and
potentially recycle addresses.
Stephane's solution has the advantage that it looks up the address dynamically
when you need it. I really like the idea of putting the look-up into
~/.ssh/config, especially because it allows you to other useful things like
turning off some security checking and setting the username.
If you don't like that solution because of the non-locality, you might prefer
to write a small script, say `lxc-ssh`:
$1=container
ssh $(host $container 10.0.3.1 | tail -1 | awk '{print $NF}')
-Ben--
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. SALE $99.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122412___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Seeking advice on appropriate network layout for my LXC setup
> My intention is to have a container running nginx as a reverse proxy > and containers running the various combinations of Apache, PHP, RoR, > MySQL, etc software for the web apps I want. After experimenting > (mixed success) with combinations of the Ubuntu default lxcbr0 (nginx > container attached) and macvlan (the other containers + additional > interface in the nginx container) I've come back around to looking at > simply attaching all containers to lxcbr0. I don't think anything I > want to run would have an issue with NAT. I would then port forward > connections to the public IP for web onto the nginx container and so > on for other services. The nginx container would proxy to the various > apache container instances - as they're all connected to lxcbr0 i'm > assuming from what I've read that's as straightforward as a regular > LAN. Hi James, Looks like you want the *exact* configuration that i currently use for my FreedomBox. I have put nginx inside a "bastion host" container where it acts like a reverse proxy for containers running wordpress blogs and for example owncloud. I also have shorewall (a firewall) running which can do NAT. Here are some links if you want my configuration: First, my lxc and network setup http://freedomboxblog.nl/installing-lxc-dhcp-and-dns-on-my-freedombox/ Then, creation of my nginx "bastion host" container http://freedomboxblog.nl/my-freedombox-internet-module-part-1/ Creation of a wordpress container, connect it to nginx http://freedomboxblog.nl/a-wordpress-module-for-my-freedombox/ Limit what containers can do on the network http://freedomboxblog.nl/adding-a-firewall-and-nat-to-my-freedombox/ Safe ssh access from the internet to any container http://freedomboxblog.nl/ssh-access-from-the-internet-to-my-freedombox/ My setup is running on Debian, so it probably is easy to adapt for Ubuntu. Cheers, Rob. http://freedomboxblog.nl -- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122412 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Seeking advice on appropriate network layout for my LXC setup
I'm using a very similar setup to this in production now, without any problems. It's not clear from your description how you are planning to do the port forwarding to the reverse proxy. We are using iptables for this. -Ben On 4 January 2013 19:52, James Gallagher wrote: > Hi, > > I'm starting to use LXC with a view to service segregation and have come > up against a wall in terms of my lack of networking knowledge - I'm now > second-guessing myself on everything. So I'd appreciate some suggestions > from yourselves. > > I've previously used VirtualBox for a LAMP & RoR environment for > self-hosting. I'm now running a fresh Ubuntu 12.10 VM with LXC > installed. So far, this VM has a single interface (eth0) using VirtualBox's > Bridged Networking and configured with a public IP. This all works fine and > I tested connecting to a container running a web server from an external > connection. > > My intention is to have a container running nginx as a reverse proxy and > containers running the various combinations of Apache, PHP, RoR, MySQL, etc > software for the web apps I want. After experimenting (mixed success) with > combinations of the Ubuntu default lxcbr0 (nginx container attached) and > macvlan (the other containers + additional interface in the nginx > container) I've come back around to looking at simply attaching all > containers to lxcbr0. I don't think anything I want to run would have an > issue with NAT. I would then port forward connections to the public IP for > web onto the nginx container and so on for other services. The nginx > container would proxy to the various apache container instances - as > they're all connected to lxcbr0 i'm assuming from what I've read that's as > straightforward as a regular LAN. > > As I say, after a few days of experimenting, I'm second guessing myself on > everything so would appreciate someone sanity checking my plan. I'm > completely open to alternatives if there's a better way of doing this. > > Thanks, > James > > > -- > Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and > much more. Get web development skills now with LearnDevNow - > 350+ hours of step-by-step video tutorials by Microsoft MVPs and experts. > SALE $99.99 this month only -- learn more at: > http://p.sf.net/sfu/learnmore_122812 > ___ > Lxc-users mailing list > Lxc-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/lxc-users > > -- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122412___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] retrieve guest container's ip address
On 5 January 2013 12:29, Alan McDuff wrote:
> >If you paste the .lxc part from
> http://www.stgraber.org/2012/07/17/easily-ssh-to-your-containers-and-vms-on-ubuntu-12-04-lts/
> into
> your ~/.ssh/config >and start the container, then you should be able to ssh
> with "ssh ubu...@guest1.lxc".
>
> Thanks, but this doesn't look like a clean setup to me. If there is no
> better solution, I will write a post-lxc-create script that appends "$(host
> $guestname 10.0.3.1) $guestname" to /etc/hosts.
>
I think that writing the address into /etc/hosts may cause you problems
eventually because it will get out of date when you remove containers and
potentially recycle addresses.
Stephane's solution has the advantage that it looks up the address
dynamically when you need it. I really like the idea of putting the look-up
into ~/.ssh/config, especially because it allows you to other useful things
like turning off some security checking and setting the username.
If you don't like that solution because of the non-locality, you might
prefer to write a small script, say `lxc-ssh`:
$1=container
ssh $(host $container 10.0.3.1 | tail -1 | awk '{print $NF}')
-Ben
--
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. SALE $99.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122412___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
