Re: [Lxc-users] retrieve guest container's ip address
On 5 January 2013 12:29, Alan McDuff alan.mcd...@yahoo.com wrote: If you paste the .lxc part from http://www.stgraber.org/2012/07/17/easily-ssh-to-your-containers-and-vms-on-ubuntu-12-04-lts/ into your ~/.ssh/config and start the container, then you should be able to ssh with ssh ubu...@guest1.lxc. Thanks, but this doesn't look like a clean setup to me. If there is no better solution, I will write a post-lxc-create script that appends $(host $guestname 10.0.3.1) $guestname to /etc/hosts. I think that writing the address into /etc/hosts may cause you problems eventually because it will get out of date when you remove containers and potentially recycle addresses. Stephane's solution has the advantage that it looks up the address dynamically when you need it. I really like the idea of putting the look-up into ~/.ssh/config, especially because it allows you to other useful things like turning off some security checking and setting the username. If you don't like that solution because of the non-locality, you might prefer to write a small script, say `lxc-ssh`: $1=container ssh $(host $container 10.0.3.1 | tail -1 | awk '{print $NF}') -Ben -- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122412___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Seeking advice on appropriate network layout for my LXC setup
I'm using a very similar setup to this in production now, without any problems. It's not clear from your description how you are planning to do the port forwarding to the reverse proxy. We are using iptables for this. -Ben On 4 January 2013 19:52, James Gallagher ja...@jamesgallagher.ie wrote: Hi, I'm starting to use LXC with a view to service segregation and have come up against a wall in terms of my lack of networking knowledge - I'm now second-guessing myself on everything. So I'd appreciate some suggestions from yourselves. I've previously used VirtualBox for a LAMP RoR environment for self-hosting. I'm now running a fresh Ubuntu 12.10 VM with LXC installed. So far, this VM has a single interface (eth0) using VirtualBox's Bridged Networking and configured with a public IP. This all works fine and I tested connecting to a container running a web server from an external connection. My intention is to have a container running nginx as a reverse proxy and containers running the various combinations of Apache, PHP, RoR, MySQL, etc software for the web apps I want. After experimenting (mixed success) with combinations of the Ubuntu default lxcbr0 (nginx container attached) and macvlan (the other containers + additional interface in the nginx container) I've come back around to looking at simply attaching all containers to lxcbr0. I don't think anything I want to run would have an issue with NAT. I would then port forward connections to the public IP for web onto the nginx container and so on for other services. The nginx container would proxy to the various apache container instances - as they're all connected to lxcbr0 i'm assuming from what I've read that's as straightforward as a regular LAN. As I say, after a few days of experimenting, I'm second guessing myself on everything so would appreciate someone sanity checking my plan. I'm completely open to alternatives if there's a better way of doing this. Thanks, James -- Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and much more. Get web development skills now with LearnDevNow - 350+ hours of step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122812 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122412___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Seeking advice on appropriate network layout for my LXC setup
My intention is to have a container running nginx as a reverse proxy and containers running the various combinations of Apache, PHP, RoR, MySQL, etc software for the web apps I want. After experimenting (mixed success) with combinations of the Ubuntu default lxcbr0 (nginx container attached) and macvlan (the other containers + additional interface in the nginx container) I've come back around to looking at simply attaching all containers to lxcbr0. I don't think anything I want to run would have an issue with NAT. I would then port forward connections to the public IP for web onto the nginx container and so on for other services. The nginx container would proxy to the various apache container instances - as they're all connected to lxcbr0 i'm assuming from what I've read that's as straightforward as a regular LAN. Hi James, Looks like you want the *exact* configuration that i currently use for my FreedomBox. I have put nginx inside a bastion host container where it acts like a reverse proxy for containers running wordpress blogs and for example owncloud. I also have shorewall (a firewall) running which can do NAT. Here are some links if you want my configuration: First, my lxc and network setup http://freedomboxblog.nl/installing-lxc-dhcp-and-dns-on-my-freedombox/ Then, creation of my nginx bastion host container http://freedomboxblog.nl/my-freedombox-internet-module-part-1/ Creation of a wordpress container, connect it to nginx http://freedomboxblog.nl/a-wordpress-module-for-my-freedombox/ Limit what containers can do on the network http://freedomboxblog.nl/adding-a-firewall-and-nat-to-my-freedombox/ Safe ssh access from the internet to any container http://freedomboxblog.nl/ssh-access-from-the-internet-to-my-freedombox/ My setup is running on Debian, so it probably is easy to adapt for Ubuntu. Cheers, Rob. http://freedomboxblog.nl -- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122412 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] retrieve guest container's ip address
Thank you, Ben. I have just searched again for similar questions, and found what I think is the most natural solution: Add this line to /etc/dhcp/dhclient.conf on the host: prepend domain-name-servers 10.0.3.1; Then run service networking restart, and I can log into the guest with ssh ubuntu@guest1 or use nslookup guest1. HTH Alan From: Ben Butler-Cole b...@bridesmere.com To: Alan McDuff alan.mcd...@yahoo.com Cc: Marko Anastasov marko.anasta...@gmail.com; lxc-users@lists.sourceforge.net lxc-users@lists.sourceforge.net Sent: Monday, January 7, 2013 11:11 AM Subject: Re: [Lxc-users] retrieve guest container's ip address On 5 January 2013 12:29, Alan McDuff alan.mcd...@yahoo.com wrote: If you paste the .lxc part from http://www.stgraber.org/2012/07/17/easily-ssh-to-your-containers-and-vms-on-ubuntu-12-04-lts/ into your ~/.ssh/config and start the container, then you should be able to ssh with ssh ubu...@guest1.lxc. Thanks, but this doesn't look like a clean setup to me. If there is no better solution, I will write a post-lxc-create script that appends $(host $guestname 10.0.3.1) $guestname to /etc/hosts. I think that writing the address into /etc/hosts may cause you problems eventually because it will get out of date when you remove containers and potentially recycle addresses. Stephane's solution has the advantage that it looks up the address dynamically when you need it. I really like the idea of putting the look-up into ~/.ssh/config, especially because it allows you to other useful things like turning off some security checking and setting the username. If you don't like that solution because of the non-locality, you might prefer to write a small script, say `lxc-ssh`: $1=container ssh $(host $container 10.0.3.1 | tail -1 | awk '{print $NF}') -Ben-- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122412___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Is it possible to configure a bridge inside an LXC guest ?
Quoting John (l...@jelmail.com): Hi everyone, I haven't yet tried this yet but thought I'd ask first because it Why not? :) seems a bit crazy, but... Not at all. Is it possible to configure a container so that it has a bridge in it ? Yup. The container has a full l2 networking stack. You can create a bridge and bridge eth0 with no problems. -serge -- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122412 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] lxc-ps lxc-netstat not working
Quoting Shibashish (shi...@gmail.com): I am on CentOS 6.3 and got lxc working on it. But when I run lxc-ps or lxc-netstat, i get the following errors... lxc-ps: no cgroup mount point found lxc-netstat: no cgroup mount point found Relevant lines in lxc-ps.in... (I tried bot the options) # Get the filesystem mountpoint of the hierarchy #mountpoint=$(grep -E ^cgroup [^ ]+ [^ ]+ ([^ ]+,)?$subsystems(,[^ ]+)? /proc/self/mounts | cut -d ' ' -f 2) mountpoint=$(grep -E ^[^ ]+ [^ ]+ cgroup ([^ ]+,)?$subsystems(,[^ ]+)? /proc/self/mounts | cut -d ' ' -f 2) Your problem here (in the second one) is the space before the . If you remove that you should get results. This appears to be what is in the upstream lxc (on sf.net). The version in github staging (git://github.com/lxc/lxc.git #staging) is quite different, you may want to try building and running that. -serge -- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122412 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] lxc-ps lxc-netstat not working
On Mon, Jan 7, 2013 at 10:33 AM, Serge Hallyn serge.hal...@canonical.com wrote: Quoting Shibashish (shi...@gmail.com): I am on CentOS 6.3 and got lxc working on it. But when I run lxc-ps or lxc-netstat, i get the following errors... lxc-ps: no cgroup mount point found lxc-netstat: no cgroup mount point found Relevant lines in lxc-ps.in... (I tried bot the options) # Get the filesystem mountpoint of the hierarchy #mountpoint=$(grep -E ^cgroup [^ ]+ [^ ]+ ([^ ]+,)?$subsystems(,[^ ]+)? /proc/self/mounts | cut -d ' ' -f 2) mountpoint=$(grep -E ^[^ ]+ [^ ]+ cgroup ([^ ]+,)?$subsystems(,[^ ]+)? /proc/self/mounts | cut -d ' ' -f 2) Your problem here (in the second one) is the space before the . If you remove that you should get results. This appears to be what is in the upstream lxc (on sf.net). The version in github staging (git://github.com/lxc/lxc.git #staging) is quite different, you may want to try building and running that. I had the same problem on gentoo. I can confirm that replacing the get_parent_cgroup() function with the code from the git staging fixes the issue for me. Thanks John -- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122412 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] sshd container problem
I am trying to create a sshd container. Any ideas on how to fix this? here is the output of my reproducing the issue --- root@ubuntu:/usr/share/lxc/templates# cat /etc/lxc/lxc.conf lxc.network.type=veth lxc.network.link=lxcbr0 lxc.network.flags=up root@ubuntu:/usr/share/lxc/templates# lxc-create -t sshd -n foo No config file specified, using the default config Generating public/private rsa key pair. Enter passphrase (empty for no passphrase): I removed ssh config output 'sshd' template installed 'foo' created root@ubuntu:/usr/share/lxc/templates# lxc-start -n foo lxc-start: Read-only file system - error unlinking /usr/lib/x86_64-linux-gnu/lxc/dev/kmsg lxc-start: failed to setup kmsg for 'foo' lxc-start: failed to setup the container lxc-start: invalid sequence number 1. expected 2 lxc-start: failed to spawn 'foo' root@ubuntu:/usr/share/lxc/templates# ls /usr/lib/x86_64-linux-gnu/lxc/ lxc-init -- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122412 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] sshd container problem
I am trying to create a sshd container. Any ideas on how to fix this? I'm using a stock ubuntu 12.10 server here is the output of my reproducing the issue --- root@ubuntu:/usr/share/lxc/templates# cat /etc/lxc/lxc.conf lxc.network.type=veth lxc.network.link=lxcbr0 lxc.network.flags=up root@ubuntu:/usr/share/lxc/templates# lxc-create -t sshd -n foo No config file specified, using the default config Generating public/private rsa key pair. Enter passphrase (empty for no passphrase): I removed ssh config output 'sshd' template installed 'foo' created root@ubuntu:/usr/share/lxc/templates# lxc-start -n foo lxc-start: Read-only file system - error unlinking /usr/lib/x86_64-linux-gnu/lxc/dev/kmsg lxc-start: failed to setup kmsg for 'foo' lxc-start: failed to setup the container lxc-start: invalid sequence number 1. expected 2 lxc-start: failed to spawn 'foo' root@ubuntu:/usr/share/lxc/templates# ls /usr/lib/x86_64-linux-gnu/lxc/ lxc-init this is the config file created for the container: lxc.network.type=veth lxc.network.link=lxcbr0 lxc.network.flags=up lxc.rootfs = /var/lib/lxc/foo/rootfs lxc.utsname = foo lxc.pts = 1024 # uncomment the next line to run the container unconfined: #lxc.aa_profile = unconfined lxc.mount.entry=/dev dev none ro,bind 0 0 lxc.mount.entry=/lib lib none ro,bind 0 0 lxc.mount.entry=/bin bin none ro,bind 0 0 lxc.mount.entry=/usr usr none ro,bind 0 0 lxc.mount.entry=/sbin sbin none ro,bind 0 0 lxc.mount.entry=tmpfs var/run/sshd tmpfs mode=0644 0 0 lxc.mount.entry=/usr/share/lxc/templates/lxc-sshd sbin/init none bind 0 0 lxc.mount.entry=proc proc proc nodev,noexec,nosuid 0 0 lxc.mount.entry=/lib64 lib64 none ro,bind 0 0 -- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122412 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users