Re: [Lxc-users] list admin
On 05/24/2013 09:21 AM, Jäkel, Guido wrote: >> Ok, who wants to be co-administrator of the mailing list ? > Tamas and Mike > Ok, thanks. -- Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] list admin
On 05/24/2013 08:31 AM, Tamas Papp wrote: > On 05/24/2013 02:06 AM, Daniel Lezcano wrote: >> Yes, sure. >> >> Sorry, I have been more and more busy with other stuff and flooded by >> emails, so I did not followed the discussion closely. >> >> Can you explain in a few words what do you need ? >> > > I'd like to be sure, there is no SPOF in the listadmin position:) > > Personally I want to kick off the invalid email address, like Mike said. > Also I think it would be a good idea to change the Reply-To: header to > the list address. Ok, who wants to be co-administrator of the mailing list ? -- Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] list admin
On 05/23/2013 11:44 PM, Tamas Papp wrote: > On 05/23/2013 11:13 PM, Michael H. Warfield wrote: >> Last I knew, it was Daniel who created the list and most likely "owns" >> it. It was created at my suggestion to move "user" questions off the >> "devel" list ages and ages ago. Lately he's typically been "buried over >> his head" busy that he doesn't show up much even in the -devel list >> lately other than to cut a release, must less this list. You're >> probably complaining about that bad E-Mail address that's been on the >> list for like forever. It's been mentioned before. It's a mailman list >> so we just need someone with owner privs and the password. > > I already offered my service on the list a couple of months ago, but > no answer was received:( > I would be glad to kick off that address:) > > Also I think replies should be addressed to the list, though whose > decision it is. > > Daniel, can you help in this? Yes, sure. Sorry, I have been more and more busy with other stuff and flooded by emails, so I did not followed the discussion closely. Can you explain in a few words what do you need ? Thanks -- Daniel -- Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Horrors using Debian Wheezy
On 05/11/2013 04:41 AM, Mason Loring Bliss wrote: > Hi there! > > I'm trying to get LXC to work for me on Debian Wheezy/amd64 and I'm having a > Hellish time. I'm following the advice on wiki.debian.org and other places, > and I believe I'm creating my containers correctly, but when I launch a > container, I get a bunch of messages about needing root to set a hostname, > needing root to mount things, needing root to do various other things, and I > see sshd fail to create keys, and at the very end I get nothing. No console. > I can't use the console command to connect - I get nothing. The status tool > says things are running. > > lxc-checkconfig says everything is hunky-dory and I'm not deviating from the > instructions. > > Can someone suggest what might be going wrong here? Does it starts correctly if run it as root ? -- Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. This 200-page book is written by three acclaimed leaders in the field. The early access version is available now. Download your free book today! http://p.sf.net/sfu/neotech_d2d_may ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Need simple configuration for embedded ARM LXC
On 04/20/2013 03:23 AM, Somnath Mitra wrote: > Is there a workaround/resolution to this? > > I had filed a > bug > http://sourceforge.net/tracker/?func=detail&aid=3610837&group_id=163076&atid=826303 Do you mind to test with a 0.8.0 ? Meanwhile I will investigate the bug (which is probably a signal SIGTTOU/IN received). Thanks -- Daniel > On Mon, Apr 15, 2013 at 1:08 PM, Daniel Lezcano > mailto:daniel.lezc...@free.fr>> wrote: > > On 04/15/2013 03:26 AM, Serge Hallyn wrote: > > Quoting Somnath Mitra (somnath.mi...@xockets.com > <mailto:somnath.mi...@xockets.com>): > >> On Fri, Apr 12, 2013 at 6:53 AM, Serge Hallyn > mailto:serge.hal...@ubuntu.com>>wrote: > >> > >>> Quoting Somnath Mitra (somnath.mi...@xockets.com > <mailto:somnath.mi...@xockets.com>): > >>> > >> > Since the container rootfs is shared with host I am confused > why it > >>> cannot > >>>> find lxc-init? > >>> Sounds like a compilation/packaging problem. It works for me > >>> here, with ubuntu raring: > >>> > >>> cat > lxc.conf << EOF > >>> cat > lxc.conf << EOF > >>> lxc.utsname = beta > >>> lxc.network.type = empty > >>> lxc.rootfs = / > >>> lxc.aa_profile = unconfined > >>> EOF > >>> lxc.utsname = beta > >>> lxc.network.type = empty > >>> lxc.rootfs = / > >>> lxc.aa_profile = unconfined > >>> EOF > >>> > >>> sudo lxc-execute -n foobar -f lxc.conf -l info -o outout -- ps -ef > >>> UIDPID PPID C STIME TTY TIME CMD > >>> root 1 0 0 08:46 pts/100:00:00 > >>> /usr/lib/x86_64-linux-gnu/lxc/lxc-init -- ps -ef > >>> root 2 1 0 08:46 pts/100:00:00 ps -ef > >>> > >>> (an interactive shell doesn't work - just hangs, I don't use > >>> lxc-execute so always forget what is expect to work and what > >>> isn't) > >>> > >> Hangs for me too (on the embedded board). Can you comment on > possible root > >> cause or workaround so we can investigate. My target > application shall need > >> stdin, stdout and, possibly, stderr. > > Hi Daniel, > > > > can you comment on this by chance? I frankly don't use > lxc-execute, and > > I know you know of all sorts of special circumstances > surrounding it... > > For me, > > > > cat > lxc.conf << EOF > > lxc.utsname = beta > > lxc.network.type = empty > > lxc.rootfs = / > > lxc.aa_profile = unconfined > > EOF > > > > lxc-execute -n foobar -f lxc.conf -- ps -ef > > > > works fine, while > > > > lxc-execute -n foobar -f lxc.donf -- /bin/sh > > > > hangs - some tty session thing? > > At the first glance, yes. > > Probably a SIGTTIN / SIGTTOU signal received. Something change > with the > pid group/session leader ? > > > > >>>> I have already checked that kernel is configured correctly using > >>>> lxc-checkconfig. > >>>> > >>>> Pls send a pointer to a simple working configuration for embedded > >>> systems. > >>> > >>> Take a look at src/lxc/execute.c:choose_init(). It will look for > >>> lxc-init in three places: > >>> > >>> LXCINITDIR "/lxc/lxc-init" > >>> /usr/lib/lxc/lxc-init > >>> /sbin/lxc-init > >>> > >>> LXCINITDIR in ubuntu is /usr/lib/x86_64-linux-gnu, and > lxc-init is in > >>> fact at /usr/lib/x86_64-linux-gnu/lxc/lxc-init. (You can find > your > >>> LXCINITDIR in config.log if you built your own lxc). But the > >>> easier thing might be to just copy lxc-init into /sbin. > >>> > >> Yes I had put lxc-* binaries in /usr/bin. Putting them in /sbin > solved it. > >> > >> Thanks, > >> SM. > > -- Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Need simple configuration for embedded ARM LXC
On 04/15/2013 03:26 AM, Serge Hallyn wrote: > Quoting Somnath Mitra (somnath.mi...@xockets.com): >> On Fri, Apr 12, 2013 at 6:53 AM, Serge Hallyn wrote: >> >>> Quoting Somnath Mitra (somnath.mi...@xockets.com): >>> >> > Since the container rootfs is shared with host I am confused why it >>> cannot find lxc-init? >>> Sounds like a compilation/packaging problem. It works for me >>> here, with ubuntu raring: >>> >>> cat > lxc.conf << EOF >>> cat > lxc.conf << EOF >>> lxc.utsname = beta >>> lxc.network.type = empty >>> lxc.rootfs = / >>> lxc.aa_profile = unconfined >>> EOF >>> lxc.utsname = beta >>> lxc.network.type = empty >>> lxc.rootfs = / >>> lxc.aa_profile = unconfined >>> EOF >>> >>> sudo lxc-execute -n foobar -f lxc.conf -l info -o outout -- ps -ef >>> UIDPID PPID C STIME TTY TIME CMD >>> root 1 0 0 08:46 pts/100:00:00 >>> /usr/lib/x86_64-linux-gnu/lxc/lxc-init -- ps -ef >>> root 2 1 0 08:46 pts/100:00:00 ps -ef >>> >>> (an interactive shell doesn't work - just hangs, I don't use >>> lxc-execute so always forget what is expect to work and what >>> isn't) >>> >> Hangs for me too (on the embedded board). Can you comment on possible root >> cause or workaround so we can investigate. My target application shall need >> stdin, stdout and, possibly, stderr. > Hi Daniel, > > can you comment on this by chance? I frankly don't use lxc-execute, and > I know you know of all sorts of special circumstances surrounding it... > For me, > > cat > lxc.conf << EOF > lxc.utsname = beta > lxc.network.type = empty > lxc.rootfs = / > lxc.aa_profile = unconfined > EOF > > lxc-execute -n foobar -f lxc.conf -- ps -ef > > works fine, while > > lxc-execute -n foobar -f lxc.donf -- /bin/sh > > hangs - some tty session thing? At the first glance, yes. Probably a SIGTTIN / SIGTTOU signal received. Something change with the pid group/session leader ? > I have already checked that kernel is configured correctly using lxc-checkconfig. Pls send a pointer to a simple working configuration for embedded >>> systems. >>> >>> Take a look at src/lxc/execute.c:choose_init(). It will look for >>> lxc-init in three places: >>> >>> LXCINITDIR "/lxc/lxc-init" >>> /usr/lib/lxc/lxc-init >>> /sbin/lxc-init >>> >>> LXCINITDIR in ubuntu is /usr/lib/x86_64-linux-gnu, and lxc-init is in >>> fact at /usr/lib/x86_64-linux-gnu/lxc/lxc-init. (You can find your >>> LXCINITDIR in config.log if you built your own lxc). But the >>> easier thing might be to just copy lxc-init into /sbin. >>> >> Yes I had put lxc-* binaries in /usr/bin. Putting them in /sbin solved it. >> >> Thanks, >> SM. -- Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] [lxc-devel] [GIT] lxc branch, master, updated. 7f99e339363d9f005c9386f60a1d8c0953c85053
On 11/01/2012 09:41 PM, Michael H. Warfield wrote: > On Thu, 2012-11-01 at 21:20 +0100, Daniel Baumann wrote: >> On 11/01/2012 09:08 PM, Michael H. Warfield wrote: >>> I know, I KNOW this is an 11th hour request. Can we please get Serge's >>> autodev stuff into this release? Please? >> release early, release often? >> just release current git as 0.8.0 now, and the one with the autofoo as >> 0.8.1 soon after that? > That would be ideal but we've been sitting at 0.8.0rc2 for something > like 3-1/2 months now. I know Daniel (the other Daniel, the Daniel) has > been incredibly busy. I have no objection to getting this out the door > as 0.8.0 with a fast bump to 0.8.1 for the systemd stuff, but another > several months is not good. Can we get this fast bump? We'll be > staring Fedora 18 in the face by then. The working versions of Fedora > are no longer in support and we've got more distros adopting systemd. Yeah, I have to admit I have been a very maintainer the last months and I apologize for that. Thanks to Serge and Stephane who took the patches and consolidate the next version. I prefer to release a 0.8.0 right now and release a 0.8.1 in a couple of weeks. That would be ok for you Michael ? -- LogMeIn Central: Instant, anywhere, Remote PC access and management. Stay in control, update software, and manage PCs from one command center Diagnose problems and improve visibility into emerging IT issues Automate, monitor and manage. Do more in less time with Central http://p.sf.net/sfu/logmein12331_d2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] [lxc-devel] [GIT] lxc branch, master, updated. 7f99e339363d9f005c9386f60a1d8c0953c85053
Thanks to everyone for fixing this.
I am about to release the 0.8.0 version.
I will wait a couple of days before adding a tag and release it in case
there are some fixes to add.
Please test.
Thanks !
-- Daniel
On 10/31/2012 04:45 PM, Daniel Lezcano wrote:
> This is an automated email from the git hooks/post-receive script. It was
> generated because a ref change was pushed to the repository containing
> the project "lxc".
>
> The branch, master has been updated
>via 7f99e339363d9f005c9386f60a1d8c0953c85053 (commit)
>via 773fb9cad76f43540fddb78c7ffef7237a51a06d (commit)
>via 8215fe8e4186ebe8cb79fe4b773f5bcffcdc723b (commit)
>via 192df6e2eb8ebb1a337c7ba025c57852d38e0d26 (commit)
>via c215bff6dfc298bdd6150e11b8c0f76c9d013a0a (commit)
>via 0b53175846e704fc4dd4cf8b4590a86db63e50e6 (commit)
>via a1bd64823cd5e5afc53ba24940a51151e34b8103 (commit)
>via bf7d76cf3ae180820c0a29e0bfbaa97c20ce6a3d (commit)
>via d4eb4ab1290def213396611f5946ef3b7f0d83ef (commit)
>via 5ae26abb52046b6f21afa06bcbac221c3cf8f1c0 (commit)
>via 06a1e1db99844b95e21c3b67964974f9032720ea (commit)
>via 3b9bad3d638ea442bfe6ba7e677cd5c6d39c0916 (commit)
>via c12e775237976bc0c1cf8afdc7aa766de46d3d40 (commit)
>via c6ed4d048deea85ed3bec67c7a04fb6c97009321 (commit)
>via 3f16e26c7063f5004cafe4cfd6d084b7e4d08d1f (commit)
>via 91a5df88ad29bcbc485baa51eacf0b851c6f4834 (commit)
>via 1bd051a6b0a34cb2b2e80584b9fb4643abf1a827 (commit)
>via 5d38621d0bb9b398393806b875d612a05e76c06e (commit)
>via 8aba484aeaccda2881300ff80e9d7dfaaa842b40 (commit)
>via 5d01f6167c2354637e777650558be6d7d69e2579 (commit)
>via 6bc424b5c7c8130ffdb6390eae53b32370a755f8 (commit)
>via d595c68add4ef33cf273c455238b018729de00a5 (commit)
>via b9cb4325d74fb01dc4e71adc211e7e7052471778 (commit)
>via b4578c5b380130a41a69b5b49c970157acaf1dbb (commit)
>via b97b78abdac34fabcbbf64ba49ec8c78939124b4 (commit)
>via 87af3ecd48587775970c0ca731d50183bd24017e (commit)
>via 435d40f7e3dc5b99a5fcbc459f79ba6b04238502 (commit)
>via 6bf8daf9a2aa0d226bfd5b60c4b1580d17105320 (commit)
>via 70542ef9a1d09ce87c7d40ac5ea1706860edec74 (commit)
>via 55116c42e767ce795f796fc51cd2ef7d76cf18af (commit)
>via b942e67226af9e690bd63ac440b99aedb6becbb3 (commit)
>via fbef4590b7b7186890a7d0cb8be0af2780a2df5f (commit)
>via d0a36f2c8b2f41399ae709280cd8b4a2f3bb0165 (commit)
>via cb26f1a5eee13afe1a561ebf57245cb8629797b9 (commit)
>via 337e14712e2bf568db73dd57c709b3364e26d798 (commit)
>via 9ac3ffb51777ee48ffbd42ff3625f63dfe948837 (commit)
>via 10f73bfa4aece7707f48379b82e5858d1909d98f (commit)
>via e7f40d8aaba2c17b8ccb323b5df20a423ef5d0a0 (commit)
>via f02ce27d4b1a9d01b88d0ffaf626e5bafa671bf0 (commit)
>via 33f3de4eaaa4e2084ea6e3695e29da5b736f1095 (commit)
>via e470cba076535e4e9732173e0e314e473165478c (commit)
>via 542939c31bb73bab55f2fd71243b98f5559597d1 (commit)
>via b4df0a1eda252bb7efbd4d7453e9e8a57143c528 (commit)
>via 06f5c6328b73aad7b138096295357d803db26efa (commit)
>via f1ccde27c038e7fb7e538913505248b36ddd9e65 (commit)
>via 4a311c1241805dac5893918854fd40f77b2b6f49 (commit)
>via 4d5fb23ad827eda17b64676f527c3f168cd56ebd (commit)
>via 8b892c55b077d1716eb130e76f9c9725ecb0f73a (commit)
> from 60a742e0afd34e02299f64536df35116d68d888d (commit)
>
> Those revisions listed above that are new to this repository have
> not appeared on any other notification email; so we list those
> revisions in full, below.
>
> - Log -
> commit 7f99e339363d9f005c9386f60a1d8c0953c85053
> Merge: 60a742e 773fb9c
> Author: Daniel Lezcano
> Date: Wed Oct 31 16:39:50 2012 +0100
>
> Merge branch 'upstream-bugfix' of https://github.com/lxc/lxc
>
> * 'upstream-bugfix' of https://github.com/lxc/lxc: (47 commits)
> replace HOOK define with proper code.
> Remove lxc-start-ephemeral from configure.ac
> revert devtmpfs in ubuntu templates
> lxc-ubuntu{-cloud}: Fix missing "fi" in new devtmpfs code
> fix "make rpm"
> display warning when yum missing in fedora template
> templates: mount devtmpfs in ubuntu containers
> handle clone of btrfs snapshots
> if the rootfs is a btrfs subvolume, delete it instead of rm -rf
> lxc-debian: replace isc-dhcp-server by isc-dhcp-client
> lxc-ls: Scan cgroup mount points from fstype
Re: [Lxc-users] [PATCH 1/1] dev_change_net_namespace: send a KOBJ_REMOVED/KOBJ_ADD
On 10/15/2012 07:47 PM, Serge Hallyn wrote: > When a new nic is created in namespace ns1, the kernel sends a KOBJ_ADD uevent > to ns1. When the nic is moved to ns2, we only send a KOBJ_MOVE to ns2, and > nothing to ns1. > > This patch changes that behavior so that when moving a nic from ns1 to ns2, we > send a KOBJ_REMOVED to ns1 and KOBJ_ADD to ns2. (The KOBJ_MOVE is still > sent to ns2). > > The effects of this can be seen when starting and stopping containers in > an upstart based host. Lxc will create a pair of veth nics, the kernel > sends KOBJ_ADD, and upstart starts network-instance jobs for each. When > one nic is moved to the container, because no KOBJ_REMOVED event is > received, the network-instance job for that veth never goes away. This > was reported at https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1065589 > With this patch the networ-instance jobs properly go away. > > The other oddness solved here is that if a nic is passed into a running > upstart-based container, without this patch no network-instance job is > started in the container. But when the container creates a new nic > itself (ip link add new type veth) then network-interface jobs are > created. With this patch, behavior comes in line with a regular host. > > v2: also send KOBJ_ADD to new netns. There will then be a > _MOVE event from the device_rename() call, but that should > be innocuous. > > Signed-off-by: Serge Hallyn > Acked-by: "Eric W. Biederman" Acked-by: Daniel Lezcano > --- > net/core/dev.c |6 ++ > 1 file changed, 6 insertions(+) > > diff --git a/net/core/dev.c b/net/core/dev.c > index e2215ee..2c43aaf 100644 > --- a/net/core/dev.c > +++ b/net/core/dev.c > @@ -6172,6 +6172,9 @@ int dev_change_net_namespace(struct net_device *dev, > struct net *net, const char > dev_uc_flush(dev); > dev_mc_flush(dev); > > + /* Send a netdev-removed uevent to the old namespace */ > + kobject_uevent(&dev->dev.kobj, KOBJ_REMOVE); > + > /* Actually switch the network namespace */ > dev_net_set(dev, net); > > @@ -6183,6 +6186,9 @@ int dev_change_net_namespace(struct net_device *dev, > struct net *net, const char > dev->iflink = dev->ifindex; > } > > + /* Send a netdev-add uevent to the new namespace */ > + kobject_uevent(&dev->dev.kobj, KOBJ_ADD); > + > /* Fixup kobjects */ > err = device_rename(&dev->dev, dev->name); > WARN_ON(err); -- Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] lxc console and control-c
On 07/20/2012 07:14 PM, Stuart Yoder wrote: > On Fri, Jul 20, 2012 at 11:53 AM, Stuart Yoder wrote: >> After I start a container with lxc-start (no -d), ctrl-C doesn''t >> working for me in the container's console. >> >> In the documentation at http://lxc.teegra.net/ it says: >> >> The terminal you start a container in will often lose control-C >> (you can restore that)... >> >> How do you restore control-C functionality to the terminal? >> >> When I connect to the console using lxc-console then control-C does >> work...however, >> perhaps a separate issue is that is not workint to exit the >> console. Any >> ideas on that? > Figured out this second issue...the screen command (which I forgot was > running) was grabbing the Ctrl+a. > > The first issue is still there-- Ctrl+c is not working after an lxc-start in > non daemon mode. The console works for me. What is the distro you are running inside the container ? -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Alternative network protocols
On 07/17/2012 05:12 AM, Joe Stringer wrote: > On 17 July 2012 13:59, Stéphane Graber wrote: >> On 07/16/2012 09:24 PM, Joe Stringer wrote: >>> Hi there, >>> >>> I've come across an issue when trying to use SCTP with lxc, and I >>> wonder if anyone might have some insight into what's causing this. >>> >>> My set up has two lxc hosts connected to an instance of Open vSwitch, >>> vm0 and vm1. When I attempt to use the sctp_test utility that comes >>> with the debian package lksctp-tools from within either VM, it reports >>> back that the address family is not supported:- >>> >>> >>> root@vm0:~# sctp_test -H 0 -P 250 -l >>> local:addr=0.0.0.0, port=250, family=2 >>> seed = 1342081047 >>> >>> Starting tests... >>> socket(SOCK_SEQPACKET, IPPROTO_SCTP) >>> >>>*** socket: failed to create socket: Address family >>> not supported by protocol *** >>> >>> >>> The interfaces appear to be set up fine, I can ping from one vm to the >>> other with no trouble. The host can successfully run the above command >>> as well. >>> >>> Is this because of socket using SOCK_SEQPACKET? >>> >>> Cheers, >>> Joe >> It's not easy to tell whether it's the case here, but some protocols >> require extra kernel modules to work properly. >> On a regular system these modules are loaded dynamically the first time >> you try to create a socket of that type, but in a container, it >> typically won't work. >> >> If that's the case, check on a regular system what the modules are and >> load them on your host, then try again from the container. >> >> -- >> Stéphane Graber >> Ubuntu developer >> http://www.ubuntu.com >> >> > Hi Stéphane, > > Thanks for the quick reply. You're right regarding the use of a kernel > module to support SCTP. I have loaded the 'sctp' module on the host, > but the container still throws up the same error with sctp_test. I > tried restarting the containers after loading the module, but this > doesn't make a difference. > > Are there any configuration files I could post that might help to > identify the cause of this? Hi Joe, never mind the kernel version question. I looked at the kernel source code and the stcp protocol is not modified to be used with containers AFAICT. pfff ... Thanks for reporting this -- Daniel -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Alternative network protocols
On 07/17/2012 05:12 AM, Joe Stringer wrote: > On 17 July 2012 13:59, Stéphane Graber wrote: >> On 07/16/2012 09:24 PM, Joe Stringer wrote: >>> Hi there, >>> >>> I've come across an issue when trying to use SCTP with lxc, and I >>> wonder if anyone might have some insight into what's causing this. >>> >>> My set up has two lxc hosts connected to an instance of Open vSwitch, >>> vm0 and vm1. When I attempt to use the sctp_test utility that comes >>> with the debian package lksctp-tools from within either VM, it reports >>> back that the address family is not supported:- >>> >>> >>> root@vm0:~# sctp_test -H 0 -P 250 -l >>> local:addr=0.0.0.0, port=250, family=2 >>> seed = 1342081047 >>> >>> Starting tests... >>> socket(SOCK_SEQPACKET, IPPROTO_SCTP) >>> >>>*** socket: failed to create socket: Address family >>> not supported by protocol *** >>> >>> >>> The interfaces appear to be set up fine, I can ping from one vm to the >>> other with no trouble. The host can successfully run the above command >>> as well. >>> >>> Is this because of socket using SOCK_SEQPACKET? >>> >>> Cheers, >>> Joe >> It's not easy to tell whether it's the case here, but some protocols >> require extra kernel modules to work properly. >> On a regular system these modules are loaded dynamically the first time >> you try to create a socket of that type, but in a container, it >> typically won't work. >> >> If that's the case, check on a regular system what the modules are and >> load them on your host, then try again from the container. >> >> -- >> Stéphane Graber >> Ubuntu developer >> http://www.ubuntu.com >> >> > Hi Stéphane, > > Thanks for the quick reply. You're right regarding the use of a kernel > module to support SCTP. I have loaded the 'sctp' module on the host, > but the container still throws up the same error with sctp_test. I > tried restarting the containers after loading the module, but this > doesn't make a difference. > > Are there any configuration files I could post that might help to > identify the cause of this? What kernel version are using ? -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Problem with pthread_create SCHED_RR - Operation not permitted
On 07/03/2012 02:29 PM, Hans Feldt wrote: > Thanks for looking into it. > > It means some applications cannot run unmodified in a container then? Did you try by mounting the cgroup but without the 'cpu' subsystem ? -- Daniel > > /Hans > > On 07/02/12 19:08, Serge Hallyn wrote: >> This appears to be a cgroup issue (presumably by design). Without involving >> lxc, just do >> >> sudo bash >> # mkdir /sys/fs/cgroup/cpu/1 >> # echo $$ > /sys/fs/cgroup/cpu/1/tasks >> # (run your test) >> pthread_create failed - Operation not permitted >> >> -serge >> >> Quoting Serge Hallyn (serge.hal...@canonical.com): >>> Quoting Hans Feldt (hans.fe...@ericsson.com): Hi, As the subject says, pthread_create for SCHED_RR fails with EPERM(1) in my container. Program run as root. Same program run directly on host works. I tried disabling the apparmor stuff but no luck. host: ubuntu 12.04 container: generated with the "ubuntu" template Any ideas? >>> Hm, everything I see in the kernel source suggests that CAP_SYS_NICE should >>> suffice. (I assume you didn't add that to lxc.cap_drop) But I don't have >>> a solid grasp of the the autogroup code under kernel/sched. >>> >>> -- >>> Live Security Virtual Conference >>> Exclusive live event will cover all the ways today's security and >>> threat landscape has changed and how IT managers can respond. Discussions >>> will include endpoint security, mobile security and the latest in malware >>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>> ___ >>> Lxc-users mailing list >>> Lxc-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/lxc-users >> > > > -- > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > ___ > Lxc-users mailing list > Lxc-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/lxc-users > -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] kernel.shmmax in LXC
On 06/07/2012 12:45 PM, Jan Den Ouden wrote: > Hi, > > About a week ago I posted exactly the same question on this list, but I > didn't get any responses. I have googled high and low for the answer to > this, but no result. It's not related to capabilities, because you can only > drop capabilities, not add them. It's not related to the cgroup memory > controller, because that seems to deal with total memory, not shared > memory. Therefore, I think it's a bug. I tried on a 3.0.0 kernel version and that works. Isn't possible this is related to app armor ? -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] SIOCGIFNAME
On 05/30/2012 09:35 AM, Papp Tamas wrote:
> On 05/30/2012 04:28 AM, Daniel Lezcano wrote:
>>
>> On 05/29/2012 10:10 PM, Papp Tamas wrote:
>>> On 05/29/2012 07:29 PM, Daniel Lezcano wrote:
>>>>
>>>> On 05/29/2012 03:48 PM, Papp Tamas wrote:
>>>>> hi All,
>>>>>
>>>>>
>>>>> This doesn't work now:
>>>>>
>>>>> ioctl(3, SIOCGIFNAME, {ifr_index=0, ifr_name=???}) = -1 ENODEV (No
>>>>> such
>>>>> device)
>>>>>
>>>>>
>>>>> Is there any way to make it work?
>>>>
>>>> Yep, the index are not virtualized. So ifr_index=0 is for the
>>>> loopback in the init network namespace.
>>>
>>> So there is no way?
>>
>> What do you want to do exactly ?
>
>
> There is a license server and the license depends on the MAC address
> what is determined in this way. Of course I cannot modify the code or
> replace it with alternatives.
I am afraid the code is buggy because it plays with the interface
indexes assuming they will be always +1 and beginning with index 0 which
is not true.
I "assume" if you have your host with two network interfaces, so we have
indexes 0, 1, 2, and you unload the module for interface with index 1,
the license server will fail in the same way. Or you create several
virtual interfaces and then you load the physical network interface
module and destroy the virtual devices making a hole in the index
interval will lead to the same problem.
The correct way for this legacy interface is to use SIOCGIFCONF and then
use SIOCGIFHWADDR with the interface name. This is what does the
ifconfig command and it works well.
In the era of virtual network interfaces, this legacy code is broken
because it was written with stupid assumptions in mind. I know that does
not help you but it is an application bug.
--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] SIOCGIFNAME
On 05/29/2012 10:10 PM, Papp Tamas wrote:
> On 05/29/2012 07:29 PM, Daniel Lezcano wrote:
>>
>> On 05/29/2012 03:48 PM, Papp Tamas wrote:
>>> hi All,
>>>
>>>
>>> This doesn't work now:
>>>
>>> ioctl(3, SIOCGIFNAME, {ifr_index=0, ifr_name=???}) = -1 ENODEV (No such
>>> device)
>>>
>>>
>>> Is there any way to make it work?
>>
>> Yep, the index are not virtualized. So ifr_index=0 is for the
>> loopback in the init network namespace.
>
> So there is no way?
What do you want to do exactly ?
--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] SIOCGIFNAME
On 05/29/2012 03:48 PM, Papp Tamas wrote:
> hi All,
>
>
> This doesn't work now:
>
> ioctl(3, SIOCGIFNAME, {ifr_index=0, ifr_name=???}) = -1 ENODEV (No such
> device)
>
>
> Is there any way to make it work?
Yep, the index are not virtualized. So ifr_index=0 is for the loopback
in the init network namespace.
--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] [PATCH 4/9] pin a container's rootfs
On 04/26/2012 07:09 AM, Serge Hallyn wrote:
> From: Serge Hallyn
>
> If /var/lib/lxc is a separate filesystem, and you start and stop only
> a single container which has it's rootfs at /var/lib/lxc/c1/rootfs,
> then /var/lib/lxc will be re-mounted readonly when the container, at
> shutdown, does 'mount -o remount,ro /'. (Precise hosts actually
> now prevent this using apparmor, but others do not)
>
> The reason this doesn't normally happen is that the container's
> remount attempt fails because the fs is busy. We can force the fs
> to be busy by holding a file open on the fs. So, when starting a
> container, open a file called /var/lib/lxc/c1/rootfs.pin, and keep
> it open until the container is shut down.
>
> Note that Guido had some good feedback on this patch, but I've not had
> the time to consider implementing them.
>
> Changelog: Apr 25: Don't fail if the container doesn't have a
> specified rootfs.
>
> Signed-off-by: Serge Hallyn
> ---
> src/lxc/conf.c | 49 +
> src/lxc/conf.h |2 ++
> src/lxc/start.c | 16
> 3 files changed, 67 insertions(+)
>
> diff --git a/src/lxc/conf.c b/src/lxc/conf.c
> index e8088bb..b0ce92b 100644
> --- a/src/lxc/conf.c
> +++ b/src/lxc/conf.c
> @@ -452,6 +452,55 @@ static int mount_rootfs_block(const char *rootfs, const
> char *target)
> return mount_unknow_fs(rootfs, target, 0);
> }
>
> +/*
> + * pin_rootfs
> + * if rootfs is a directory, then open ${rootfs}.hold for writing for the
> + * duration of the container run, to prevent the container from marking the
> + * underlying fs readonly on shutdown.
> + * return -1 on error.
> + * return -2 if nothing needed to be pinned.
> + * return an open fd (>=0) if we pinned it.
> + */
> +int pin_rootfs(const char *rootfs)
> +{
> + char absrootfs[MAXPATHLEN];
> + char absrootfspin[MAXPATHLEN];
> + struct stat s;
> + int ret, fd;
> +
> + /* it's possible to not specify a rootfs, don't make that fail */
> + if (rootfs == NULL || strlen(rootfs) == 0)
> + return 0;
> +
> + if (!realpath(rootfs, absrootfs)) {
> + SYSERROR("failed to get real path for '%s'", rootfs);
> + return -1;
> + }
> +
> + if (access(absrootfs, F_OK)) {
> + SYSERROR("'%s' is not accessible", absrootfs);
> + return -1;
> + }
> +
> + if (stat(absrootfs,&s)) {
> + SYSERROR("failed to stat '%s'", absrootfs);
> + return -1;
> + }
> +
> + if (!__S_ISTYPE(s.st_mode, S_IFDIR))
> + return -2;
I think you can get ride of all these checks if the function is invoked
from the right place.
> +
> + ret = snprintf(absrootfspin, MAXPATHLEN, "%s%s", absrootfs, ".hold");
> + if (ret>= MAXPATHLEN) {
> + SYSERROR("pathname too long for rootfs hold file");
> + return -1;
> + }
Why create an intermediate directory and not open the rootfs directory
directly ?
> +
> + fd = open(absrootfspin, O_CREAT | O_RDWR, S_IWUSR|S_IRUSR);
> + INFO("opened %s as fd %d\n", absrootfspin, fd);
> + return fd;
> +}
If I understand correctly, you open the directory, let the file
descriptor being inherited in the container and then close the file
descriptor, right ?
> +
> static int mount_rootfs(const char *rootfs, const char *target)
> {
> char absrootfs[MAXPATHLEN];
> diff --git a/src/lxc/conf.h b/src/lxc/conf.h
> index 09f55cb..0d8f28e 100644
> --- a/src/lxc/conf.h
> +++ b/src/lxc/conf.h
> @@ -223,6 +223,8 @@ struct lxc_conf {
>*/
> extern struct lxc_conf *lxc_conf_init(void);
>
> +extern int pin_rootfs(const char *rootfs);
> +
> extern int lxc_create_network(struct lxc_handler *handler);
> extern void lxc_delete_network(struct lxc_list *networks);
> extern int lxc_assign_network(struct lxc_list *networks, pid_t pid);
> diff --git a/src/lxc/start.c b/src/lxc/start.c
> index 7af1e37..96ddd5b 100644
> --- a/src/lxc/start.c
> +++ b/src/lxc/start.c
> @@ -534,6 +534,7 @@ int lxc_spawn(struct lxc_handler *handler)
> int clone_flags;
> int failed_before_rename = 0;
> const char *name = handler->name;
> + int pinfd;
>
> if (lxc_sync_init(handler))
> return -1;
> @@ -563,6 +564,17 @@ int lxc_spawn(struct lxc_handler *handler)
> }
> }
>
> + /*
> + * if the rootfs is not a blockdev, prevent the container from
> + * marking it readonly.
> + */
> +
> + pinfd = pin_rootfs(handler->conf->rootfs.path);
> + if (pinfd == -1) {
> + ERROR("failed to pin the container's rootfs");
> + goto out_abort;
> + }
> +
It is not the right place to do that. That should be done from the
setup_rootfs function in conf.c or in the mount_rootfs_dir function.
> /* Create a process in a new set of namespaces */
> handler->pid = lxc_clone(do_start, handler, clone_flags);
> if (handler->pid< 0) {
Re: [Lxc-users] [PATCH 9/9] lxc-destroy: wait until the container is stopped
On 04/26/2012 07:09 AM, Serge Hallyn wrote: > From: Serge Hallyn > > Author: Timothy Chen > Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/980902 > > Signed-off-by: Serge Hallyn > Cc: Timothy Chen > --- > src/lxc/lxc-destroy.in |1 + > 1 file changed, 1 insertion(+) > > diff --git a/src/lxc/lxc-destroy.in b/src/lxc/lxc-destroy.in > index b0f2da5..17fa6d6 100644 > --- a/src/lxc/lxc-destroy.in > +++ b/src/lxc/lxc-destroy.in > @@ -87,6 +87,7 @@ lxc-info -n $lxc_name 2>/dev/null | grep -q RUNNING > if [ $? -eq 0 ]; then > if [ $force -eq 1 ]; then > lxc-stop -n $lxc_name > + lxc-wait -n $lxc_name -s STOPPED > else > echo "Container $lxc_name is running, aborting the deletion." > exit 1 I don't get why this is needed, lxc-stop is synchronous. When the lxc-stop command exits, we have the guarantee the container has stopped. If it is not the case, that means there is a problem somewhere else. -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] sched_setscheduler fails in a container (was: Re: Lxc-users Digest, Vol 29, Issue 7)
On 05/16/2012 08:58 AM, Jianbin Ma wrote: > In the container,the system call sched_scheduler can't work,I enable the > file capabilities.And the system call still can't work. What is your RLIMIT_RTPRIO value in the container ? Do you have CAP_SYS_NICE ? What policy are trying to set ? Thanks -- Daniel -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] siproxd in LXC
On 05/14/2012 11:27 AM, Miroslav Lednicky wrote: > Hello, > > i am trying running siproxd in LXC (ubuntu 10.04 is LXC guest > and 11.10 is host). Siproxd not working and i see in syslog: > > rtpproxy_relay.c:150 ERROR:pthread_setschedparam failed: Operation not > permitted > > Where can be problem? Are you running it as root ? You need some privilege to invoke this function. -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] [lxc-devel] lxc-devel Mailing List for Patches
On 04/26/2012 03:58 PM, Ward, David - 0663 - MITLL wrote: > It's a bit difficult for me to follow patches when they are going to two > separate mailing lists. Would it be possible to limit patches to the > lxc-devel list, please? I think that is the intended place for them. Yes. Please, everyone, send the patches to lxc-devel and use the lxc-users mailing list for other topics. I will have a better visibility to the patches, if you also put me directly as recipient to the patches and CC the lxc-devel mailing list. > > Also, Daniel I am sure you are very busy, but I just wanted to see if > there was any timeline for looking at the patches against 0.8.0-rc2 that > have been sent to the lists? As more new patches keep coming in, it > might make it more difficult to merge things, or mean that less testing > has gone into the merged code. Yes, sorry for the delay. I am very busy for the moment but I will try to merge the patches as soon as I receive them in the future. Thanks -- Daniel -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] container shutdown
On 03/19/2012 02:45 AM, Fajar A. Nugraha wrote: > On Mon, Mar 19, 2012 at 7:05 AM, Daniel Lezcano > wrote: >> On 03/19/2012 12:00 AM, Serge Hallyn wrote: >>> Hi, >>> >>> Thanks to Jäkel's and Fajar's great ideas, we can now cleanly shut down >>> a container by sending it SIGPWR. I'm attaching two ways to do that. >>> In-line is a patch which modifies lxc-stop to take optional -s and -t >>> args - -s for shutdown (meaning send SIGPWR), and -t for a timeout, >>> after sending SIGPWR, to hard-kill the container. >> >> That may make more sense to implement a lxc-reboot | lxc-shutdow script on >> top of on lxc-kill. >> >> IMHO, I don't think adding a timeout is a good idea because the shutdown >> process may take more than the timeout to stop the services and the >> container could be killed while the services are doing some cleanup or flush >> or whatever. If this option is present, people will tend to use it instead >> of investigating if a service is stuck, or working, or flushing. >> I would recommend to let the shutdown script to handle the timeout by >> themselves. > IIRC xen's "xm shutdown" command does something like this, which can > be a starting design point: > - check whether the container can handle a clean shutdown, by checking > whether anything on the guest is listening on xenbus. If something is > listening, then it's assumed the guest has PV drivers that can do > clean shutdown. > - if yes, issue clean shutdown command. The shutdown command returns > immediately unless a "-w" is specified > - if no, then it does "xm destroy" (i.e. force kill) > > The problem with lxc is that AFAIK there's nothing standard on the > guest that can tell the host "I can do clean shutdown, don't kill me!" > (the equivalent of xenbus listener check). I am not sure to understand what you mean by 'clean shutdown'. Can you elaborate ? Do you mean 'reboot' is supported by the kernel when not in the initial pid namespace ? > Personally I like the timeout (so that the guest container will be > shutdown in the end, no matter what). But then again the timeout can > be ommited from lxc-shutdown if: > - it's assumed the user knows what it's doing (i.e. they will manually > force-kill the guest if needed) IMO, this is the correct approach. Note I am not saying a timeout is not necessary but I think that should not be implemented in lxc directly but in an upper script if it makes sense and that should be trivial with lxc-kill. > - if clean shutdown will be the default action, there will be > additional modification in init/upstart config that can force-kill > guests after a timeout. > Do you mean when the host is shutdown, the upstart scripts will shutdown all the containers ? -- This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] container shutdown
On 03/19/2012 03:50 AM, Serge Hallyn wrote: > Quoting Daniel Lezcano (daniel.lezc...@free.fr): >> On 03/19/2012 12:00 AM, Serge Hallyn wrote: >>> Hi, >>> >>> Thanks to Jäkel's and Fajar's great ideas, we can now cleanly shut down >>> a container by sending it SIGPWR. I'm attaching two ways to do that. >>> In-line is a patch which modifies lxc-stop to take optional -s and -t >>> args - -s for shutdown (meaning send SIGPWR), and -t for a timeout, >>> after sending SIGPWR, to hard-kill the container. >> That may make more sense to implement a lxc-reboot | lxc-shutdow > Is there another signal that would make sense for lxc-reboot? Yes, SIGINT will make the init process to restart the services. I said lxc-reboot but that could be lxc-shutdown -r. >> script on top of on lxc-kill. >> >> IMHO, I don't think adding a timeout is a good idea because the >> shutdown process may take more than the timeout to stop the services >> and the container could be killed while the services are doing some >> cleanup or flush or whatever. If this option is present, people will >> tend to use it instead of investigating if a service is stuck, or >> working, or flushing. >> I would recommend to let the shutdown script to handle the timeout >> by themselves. > By 'let the shutdown script to handle the timeout by themselves", you > mean let the scripts calling lxc-shutdown handle the timeout? I meant the initrd scripts within the container to be fixed to properly shutdown (for example add timeout or optimize the stopping services). The init process will send SIGTERM to all the processes and then SIGKILL after awhile. I don't think that should be handled from outside. Some services are bogus because they don't care when they are stopped in the shutdown process because they expect to be killed. For example, the sshd service was automatically respawned after being killed by init at the shutdown time but that was only spotted with containers. > > leave lxc-shutdown to be as simple as 'lxc-kill -n $1 SIGPWR" ? Yes, lxc-shutdown could be in this case very trivial (may be adding a couple of things like waiting for the container to stop before exiting in order to have a synchronous command). -- This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] container shutdown
On 03/19/2012 12:00 AM, Serge Hallyn wrote:
> Hi,
>
> Thanks to Jäkel's and Fajar's great ideas, we can now cleanly shut down
> a container by sending it SIGPWR. I'm attaching two ways to do that.
> In-line is a patch which modifies lxc-stop to take optional -s and -t
> args - -s for shutdown (meaning send SIGPWR), and -t for a timeout,
> after sending SIGPWR, to hard-kill the container.
That may make more sense to implement a lxc-reboot | lxc-shutdow script
on top of on lxc-kill.
IMHO, I don't think adding a timeout is a good idea because the shutdown
process may take more than the timeout to stop the services and the
container could be killed while the services are doing some cleanup or
flush or whatever. If this option is present, people will tend to use it
instead of investigating if a service is stuck, or working, or flushing.
I would recommend to let the shutdown script to handle the timeout by
themselves.
>
> Attached is a lxc-shutdown script (as an alternative) so lxc-stop can
> continue to work as it has.
>
> Both are in the bzr tree at
> lp:~serge-hallyn/ubuntu/precise/lxc/lxc-shutdown, which builds and gives
> you both.
>
> What do we prefer?
>
> thanks,
> -serge
>
> Signed-off-by: Serge Hallyn
> ---
> doc/lxc-stop.sgml.in | 10 ++
> src/lxc/arguments.h |4
> src/lxc/commands.c |8
> src/lxc/lxc.h|5 -
> src/lxc/lxc_stop.c | 22 +++---
> src/lxc/stop.c | 27 +--
> 6 files changed, 66 insertions(+), 10 deletions(-)
>
> Index: lxc/doc/lxc-stop.sgml.in
> ===
> --- lxc.orig/doc/lxc-stop.sgml.in 2012-03-18 16:33:06.254906000 -0500
> +++ lxc/doc/lxc-stop.sgml.in 2012-03-18 16:34:11.970538920 -0500
> @@ -49,6 +49,7 @@
>
>
> lxc-stop-n name
> +-s -t timeout
>
>
>
> @@ -62,6 +63,15 @@
> longer accessible and can no be exited normally.
>
>
> +
> + If-s (--shutdown) is
> + specified, then ask the container to shut down cleanly by sending
> + aSIGPWR signal. If-t
> timeout
> + is also given, thentimeout seconds after sending
> + SIGPWR, if the container is still up, proceed to kill the container.
> + Note that-t timeout
> implies-s.
> +
> +
>
>
> &commonoptions;
> Index: lxc/src/lxc/arguments.h
> ===
> --- lxc.orig/src/lxc/arguments.h 2012-03-18 16:33:06.254906000 -0500
> +++ lxc/src/lxc/arguments.h 2012-03-18 16:34:19.442575978 -0500
> @@ -46,6 +46,10 @@
> const char *rcfile;
> const char *console;
>
> + /* for lxc-stop */
> + int timeout;
> + int shutdown;
> +
> /* for lxc-checkpoint/restart */
> const char *statefile;
> int statefd;
> Index: lxc/src/lxc/commands.c
> ===
> --- lxc.orig/src/lxc/commands.c 2012-03-18 16:33:06.254906000 -0500
> +++ lxc/src/lxc/commands.c2012-03-18 16:34:26.862612782 -0500
> @@ -162,10 +162,10 @@
> typedef int (*callback)(int, struct lxc_request *, struct lxc_handler
> *);
>
> callback cb[LXC_COMMAND_MAX] = {
> - [LXC_COMMAND_TTY] = lxc_console_callback,
> - [LXC_COMMAND_STOP] = lxc_stop_callback,
> - [LXC_COMMAND_STATE] = lxc_state_callback,
> - [LXC_COMMAND_PID] = lxc_pid_callback,
> + [LXC_COMMAND_TTY] = lxc_console_callback,
> + [LXC_COMMAND_STOP] = lxc_stop_callback,
> + [LXC_COMMAND_STATE] = lxc_state_callback,
> + [LXC_COMMAND_PID] = lxc_pid_callback,
> };
>
> if (request->type< 0 || request->type>= LXC_COMMAND_MAX)
> Index: lxc/src/lxc/lxc_stop.c
> ===
> --- lxc.orig/src/lxc/lxc_stop.c 2012-03-18 16:33:06.254906000 -0500
> +++ lxc/src/lxc/lxc_stop.c2012-03-18 17:24:47.137589512 -0500
> @@ -30,7 +30,18 @@
>
> #include "arguments.h"
>
> +static int my_parser(struct lxc_arguments* args, int c, char* arg)
> +{
> + switch (c) {
> + case 's': args->shutdown = 1; break;
> + case 't': args->timeout = arg; args->shutdown = 1; break;
> + }
> + return 0;
> +}
> +
> static const struct option my_longopts[] = {
> + {"shutdown", no_argument, 0, 's'},
> + {"timeout", required_argument, 0, 't'},
> LXC_COMMON_OPTIONS
> };
>
> @@ -42,10 +53,15 @@
> lxc-stop stops a container with the identifier NAME\n\
> \n\
> Options :\n\
> - -n, --name=NAME NAME for name of the container\n",
> + -n, --name=NAME NAME for name of the container\n\
> + -s, --shutdownAsk container to shut down cleanly\n\
> + -t, --timeout=t Imply -s and hard-kill container after t seconds\n\
> +(default is -1, no timeout)\n",
> .options = my_lo
Re: [Lxc-users] [PATCH] Update manpages to reflect some updated options.
On 03/14/2012 03:39 AM, Serge Hallyn wrote: > (which reminds me a lxc-clone manpage still needs to be written) > > Signed-off-by: Serge Hallyn > --- Fixed duplicate /varlistentry below (line 158 in the file) and applied. Thanks -- Daniel [ ... ] > the template, you can run > + lxc-create -t TEMPLATE -h. > + > + > + > + > -- This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] [PATCH] ubuntu templates cleanups
On 03/12/2012 05:21 PM, Serge Hallyn wrote: > 1. fix inconsistent use of '--auth-key' (not --auth_key) which broke their > usage > 2. add --debug option to lxc-ubuntu (which does set -x to show what broke) > (idea from Idea from lifeless and benji) > 3. fix incorrect assumption about group with -b option. User's default group > may not be the same as username. > --- Applied. -- This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] [PATCH 1/1] do check for utmp checking at the right time
On 03/12/2012 04:52 PM, Serge Hallyn wrote: > We were doing the check for whether we need to watch utmp from a > thread cloned from that which will actually do the utmp watching. > As a result, the utmp file was always being watched, even if it > didn't need to be. > > Move the check to the parent thread. > > Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/948623 > > Signed-off-by: Serge Hallyn > --- Applied. -- This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] limit number of processes
On 03/01/2012 06:49 PM, Ulli Horlacher wrote:
> On Tue 2011-10-18 (14:54), Papp Tamas wrote:
>
>> Is it possible to limit the maximum number of processes per container?
> I have the same problem. A user has killed the host (and therefore all
> containers) with a simple shell command: :(){ :|:& };:
> (Kids, don't try this at home!)
It seems that should be solved soon :)
The task counter cgroup should be merged.
Regards
-- Daniel
--
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] adding a default gateway inside a container as a non root user
On 03/02/2012 11:18 AM, Arun M wrote: > > >> With the 0.8.0 version, you will be able to setup the gateway directly >> from the configuration file. > > Cool. I wanted to try this so tested with the latest code from repository. > > However hit another issue now. > > $ lxc-execute -n alpha -f n1.conf -l DEBUG -o log -- /bin/busybox ash > lxc-execute: No such file or directory - failed to rename cgroup > /cgroup//lxc/3784->/cgroup//lxc/alpha > ... > > lxc-execute 1331137335.969 INFO lxc_cgroup - [1] found cgroup mounted at > '/cgroup',opts='rw,relatime,blkio,net_cls,freezer,devices,memory,cpuacct,cpu,ns,cpuset' > lxc-execute 1331137335.969 DEBUGlxc_cgroup - get_init_cgroup: found init > cgroup for subsys (null) at / > lxc-execute 1331137335.969 DEBUGlxc_cgroup - cgroup /cgroup has flags 0x1 > lxc-execute 1331137335.969 WARN lxc_cgroup - using deprecated ns_cgroup > lxc-execute 1331137335.969 ERRORlxc_cgroup - No such file or directory - > failed to rename cgroup /cgroup//lxc/3840->/cgroup//lxc/alpha > > $ file /cgroup/3840 > /cgroup/3840: directory > > $ file /cgroup/lxc/3840 > /cgroup/lxc/3840: cannot open `/cgroup/lxc/3840' (No such file or directory) > > It appears that lxc-execute is trying to look for a dir under "/cgroup/lxc" > while its actually present under "/cgroup". I guess we should add the 'lxc' path to the cgroup in case of the ns_cgroup because the creation is handled by the kernel. Serge ? -- Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] adding a default gateway inside a container as a non root user
On 03/02/2012 11:18 AM, Arun M wrote: > > >> With the 0.8.0 version, you will be able to setup the gateway directly >> from the configuration file. > > Cool. I wanted to try this so tested with the latest code from repository. > > However hit another issue now. > > $ lxc-execute -n alpha -f n1.conf -l DEBUG -o log -- /bin/busybox ash > lxc-execute: No such file or directory - failed to rename cgroup > /cgroup//lxc/3784->/cgroup//lxc/alpha > ... > > lxc-execute 1331137335.969 INFO lxc_cgroup - [1] found cgroup mounted at > '/cgroup',opts='rw,relatime,blkio,net_cls,freezer,devices,memory,cpuacct,cpu,ns,cpuset' > lxc-execute 1331137335.969 DEBUGlxc_cgroup - get_init_cgroup: found init > cgroup for subsys (null) at / > lxc-execute 1331137335.969 DEBUGlxc_cgroup - cgroup /cgroup has flags 0x1 > lxc-execute 1331137335.969 WARN lxc_cgroup - using deprecated ns_cgroup > lxc-execute 1331137335.969 ERRORlxc_cgroup - No such file or directory - > failed to rename cgroup /cgroup//lxc/3840->/cgroup//lxc/alpha > > $ file /cgroup/3840 > /cgroup/3840: directory > > $ file /cgroup/lxc/3840 > /cgroup/lxc/3840: cannot open `/cgroup/lxc/3840' (No such file or directory) > > It appears that lxc-execute is trying to look for a dir under "/cgroup/lxc" > while its actually present under "/cgroup". > > > Could not try cgroup.clone_children since it looks like this is not available > in kernel 2.6.32. Ok, I see. I will look at fixing this. -- Daniel -- Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] adding a default gateway inside a container as a non root user
On 03/01/2012 08:32 PM, Arun M wrote: > Hi, > > I am trying to add a default gateway inside a lxc container so that the > application can talk to outside network. > > I used lxc-setcap to set capabilities and started the container as a non-root > user. > > lxc-execute -n alpha -f a.conf -- /bin/start.sh > > in start.sh :- > #!/bin/sh > route add default gw 169.254.100.1 > exec sh > > I get the following error :- > route: SIOCADDRT: Operation not permitted > > Tried adding cap_net_admin to lxc-init, making 'route' a suid program etc but > did not help. > > The networking config is as follows:- > lxc.network.type = veth > > lxc.network.flags = up > lxc.network.link = br0 > lxc.network.name = eth1 > lxc.network.ipv4 = 169.254.100.6/24 With the 0.8.0 version, you will be able to setup the gateway directly from the configuration file. -- Daniel -- Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] limit number of processes
On 10/18/2011 02:54 PM, Papp Tamas wrote: > hi! > > Is it possible to limit the maximum number of processes per container? > Not yet but it is on the way. http://lkml.indiana.edu/hypermail/linux/kernel/1109.0/01455.html Hope the patchset will be merged soon in the kernel. -- Daniel -- Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] version 0.8.0 coming soon
Hi all, I will release a 0.8.0-rc1. I am looking for volunteer to test it :) Thanks -- Daniel -- Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] State of lxc-attach support in mainstream
On 02/24/2012 01:31 PM, Ivan Vilata i Balaguer wrote: > Hi all, this message is just to ask for the current state of lxc-attach > support entering into mainstream Linux source code. I've seen that > there are some patches[1] for 3.0 which don't apply cleanly to 3.1 and > newer, and Christian Seiler has sent some more patches[2] to fix some > issues with inherited capabilities and cgroup[3] of the new process. The missing piece is the pid namespace. The author of the patches had no time to send them out and nobody else could take care of them. I can handle that and try to make them upstream but not in a near future, so if somebody else is willing to do that, that would be very nice. Thanks -- Daniel -- Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Creating stand alone container
On 02/15/2012 11:51 AM, bruce bushby wrote: > Hi > > I've been following these two guides: > https://access.redhat.com/kb/docs/DOC-67682 > http://berrange.com/posts/2011/09/27/getting-started-with-lxc-using-libvirt/ > > and I finally have a container running (Happy Days) I wanted to ask > the list if anybody has experience with a "stand alone" container? > > My physical box is an HP running RHEL 6.2. I would like my container > to have it's own rpmdb, root filesystem and OS commands etc. The > container should be 100% separate from the physical BUT will run the > exact same OS as the physical. > > I'm guessing I need to do something like: > 1. create path for container ie "/virtuals/" > 2. Add filesystem path to container xml > 2. copy entire OS from physical into "/virtuals/" > 3. Add network config to container xml > 4. Start container? > > The above links give a busybox example, however I need the exact OS > (development testing environment) > > As always, any help would be much appreciated! Hi Bruce, this mailing list is for the lxc-tools which are different from the libvirt-lxc which has implemented its own lxc driver. I think you should ask at the libvirt@ mailing list. At the first glance, what you are describing is correct. It is the simpler way to create a system container. If you plan to run a lot of containers, there are some alternatives with btrfs or the ro-bind mounts to not duplicate the rootfs again and again. Thanks -- Daniel -- Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] LXC and kernel 3.2..
On 02/13/2012 07:45 AM, Kristian Kirilov wrote: >> On 02/12/2012 09:24 PM, Kristian Kirilov wrote: >>> Hello, >>> >>> im looking for lxc patch to correct LXC issues with namespaces detecting >>> in 3... kernel. >>> I maked some tests with LXC lxc-0.7.5.tar.gz and kernel >>> linux-3.2.5.tar.bz2. Everything is ok but namespaces checking in >>> lxc-checkconfig is shown as "missing". I think this is "bug" because i >>> can >>> start containers and everything works fine. >> Did you make lxc-checkconfig to point to your custem kernel config file ? >> >> with CONFIG= lxc-checkconfig >> >> -- Daniel >> >> >> > lxc-checkconfig found the right config file of my custom build kernel. > > root@botor:~# uname -r > 3.2.5-lxc > root@botor:~# /usr/bin/lxc-checkconfig > Kernel config /proc/config.gz not found, looking in other places... > Found kernel config file /boot/config-3.2.5-lxc > > result is same when i try with > > root@botor:~# CONFIG=/boot/config-3.2.5-lxc /usr/bin/lxc-checkconfig Can you 'pastebin' your kernel config file in order to check the problem ? Thanks -- Daniel -- Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] LXC and kernel 3.2..
On 02/12/2012 09:24 PM, Kristian Kirilov wrote: > Hello, > > im looking for lxc patch to correct LXC issues with namespaces detecting > in 3... kernel. > I maked some tests with LXC lxc-0.7.5.tar.gz and kernel > linux-3.2.5.tar.bz2. Everything is ok but namespaces checking in > lxc-checkconfig is shown as "missing". I think this is "bug" because i can > start containers and everything works fine. Did you make lxc-checkconfig to point to your custem kernel config file ? with CONFIG= lxc-checkconfig -- Daniel -- Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] sparc64-unknown-linux-gnu not supported
On 01/31/2012 04:08 PM, Denny Schierz wrote:
> hi,
>
> I try to get lxc compiling on a Sunfire V245, but configure fails:
>
> [...]
>
> checking for sys/signalfd.h... yes
> checking whether gcc needs -traditional... no
> checking for Linux in /lib/modules//build... not found
> checking for Linux in /usr/src/linux-... not found
> checking for Linux in /usr/src/linux... yes
> checking for linux SRCARCH... configure: error: architecture
> sparc64-unknown-linux-gnu not supported
>
> # uname -a
> Linux foobar 2.6.32-5-sparc64-smp #1 SMP Mon Jan 16 17:28:56 UTC 2012 sparc64
> GNU/Linux
>
> # cat /proc/cpuinfo
> cpu : TI UltraSparc IIIi (Jalapeno)
> fpu : UltraSparc IIIi integrated FPU
> pmu : ultra3i
> prom : OBP 4.22.33 2007/06/18 12:47
> type : sun4u
> ncpus probed : 2
> ncpus active : 2
> D$ parity tl1 : 0
> I$ parity tl1 : 0
> Cpu0ClkTck: 59a53800
> Cpu1ClkTck: 59a53800
> MMU Type : Cheetah+
> State:
> CPU0: online
> CPU1: online
>
> any suggestions?
Yes, that was not ported to sparc. It is not a big deal.
Adding to config/linux.m4 the following should fix this configure error:
arm*-*) LINUX_SRCARCH=arm;;
+ sparc*-*) LINUX_SRCARCH=sparc;;
*) AC_MSG_ERROR([architecture ${host} not supported]);;
Compile and test if that works. An quick and easy test is "lxc-execute
-n foo /bin/bash"
Also, a modification to the lxc_clone function in src/lxc/namespace.c
may be necessary.
-- Daniel
--
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] lxc-execute failed: /dev/mqueue no such device
On 01/12/2012 04:56 AM, 陈竞 wrote: > Hi, i installed lxc in my gentoo os, and compile the kernel, but when i > test lxc, as : Is CONFIG_POSIX_MQUEUE=y ? > lxc-execute -n test /bin/sh > lxc-init: failed to mount /dev/mqueue : No such device > > apparently i have mqueue in /dev, i need help, thank you > > > > -- > RSA(R) Conference 2012 > Mar 27 - Feb 2 > Save $400 by Jan. 27 > Register now! > http://p.sf.net/sfu/rsa-sfdev2dev2 > > > ___ > Lxc-users mailing list > Lxc-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/lxc-users -- RSA(R) Conference 2012 Mar 27 - Feb 2 Save $400 by Jan. 27 Register now! http://p.sf.net/sfu/rsa-sfdev2dev2 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Mount /dev/shm of the host inside a container
On 01/10/2012 01:39 AM, Fred Finkelstein wrote: > I finally found it with the help of the #lxcontainers irc channel. I have > to replace this in lxc.fstab: > /dev/shm /dev/shm bind 0 0 > with this: > /dev/shm /srv/shm none bind 0 0 > and I can access it. Why /srv/shm ? -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] lxc-create is output error
On 01/03/2012 03:42 PM, T.Nomura wrote:
> Hi
>
> I tryed "--localstatedir=/usr/local/var" option.
> But occured same error.
>
> So I seen "lxc-create" command.
> --
> line51: lxc_path=${localstatedir}/lib/lxc
> --
> ${localstatedir} is not replace.
>
> Next I specified "--with-config-path=/usr/local/lxc/var/lib"
> And seen again "lxc-create" command.
> --
> line51: lxc_path=/usr/local/lxc/var/lib
> --
> ${localstatedir} is replaced. OK.
The previous script line should something like that.
localstatedir=/var
lxc_path=${localstatedir}/lib/lxc
Can you try the following ?
./configure --localstatedir=/usr/local/var --prefix=/usr/local
and then create
mkdir /usr/local/var/lib/lxc
> Is this Bug?
>
>
> On 2012/01/03, at 19:08, Daniel Lezcano wrote:
>
>> On 01/03/2012 04:34 AM, T.Nomura wrote:
>>> Hi
>>>
>>> My name is Mr.Nomura.
>>>
>>> I want install lxc "/usr/local/lxc".
>>> So, I runed configure script below.
>>> # ./configure --prefix=/usr/local/lxc&& make&& make install
>>>
>>> Next I run "lxc-create".But output below error.
>>> configuration path '/lib/lxc' not found
>>>
>>> Why?
>>> Please help me.
>> You should specify also --localstatedir=/usr/local/var to the configure
>> option
>
> --
> Write once. Port to many.
> Get the SDK and tools to simplify cross-platform app development. Create
> new or port existing apps to sell to consumers worldwide. Explore the
> Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
> http://p.sf.net/sfu/intel-appdev
> ___
> Lxc-users mailing list
> Lxc-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-users
>
--
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create
new or port existing apps to sell to consumers worldwide. Explore the
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Differences between application and system container
On 12/30/2011 12:14 PM, Ulli Horlacher wrote: > On Mon 2011-12-26 (18:25), Wai-kit Sze wrote: > >> What are the difference between application containers and system >> containers? Both of them can start a command directly. > An application container starts one single program. > A system container starts (boots) a whole linux system. Right. application container => applicaton running in a container system container => system running in a container -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] lxc-create is output error
On 01/03/2012 04:34 AM, T.Nomura wrote: > Hi > > My name is Mr.Nomura. > > I want install lxc "/usr/local/lxc". > So, I runed configure script below. > # ./configure --prefix=/usr/local/lxc&& make&& make install > > Next I run "lxc-create".But output below error. > configuration path '/lib/lxc' not found > > Why? > Please help me. You should specify also --localstatedir=/usr/local/var to the configure option -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] seeing a network pause when starting and stopping LXCs - how do I stop this?
On 12/12/2011 04:48 AM, Derek Simkowiak wrote: > When there are only one bridge on the system or the bridges are not > connected together, this option is pointless and we can set the delay to > '0'. That makes the port to be enabled instantaneously, hence the > container can access the network immediately after the start. > > > As previously posted, this is not what causes the network "freeze" > with LXC. > > The problem is not related to the setfd option. It is caused by > the bridge acquired a new MAC address. Libvirt already has a fix for > this, and there is a patch in the works for the LXC tools. > > See my post about this four days ago at this URL, which includes a > link to the patch and a link to a possible workaround: > > http://osdir.com/ml/lxc-chroot-linux-containers/2011-12/msg00029.html Yes, I was aware of that. I was just explaining why disabling setfd was useful. I have queued the patch to set an higher mac address. Thanks -- Daniel > Thanks, > Derek > > On 12/11/2011 02:21 PM, Daniel Lezcano wrote: >> On 12/08/2011 09:25 AM, Ulli Horlacher wrote: >>> On Thu 2011-12-08 (07:39), Daniel Lezcano wrote: >>>> On 12/08/2011 12:38 AM, Joseph Heck wrote: >>>> >>>>> I've been seeing a pause in the whole networking stack when starting >>>>> and stopping LXC - it seems to be somewhat intermittent, but happens >>>>> reasonably consistently the first time I start up the LXC. >>>>> >>>>> I'm using ubuntu 11.10, which is using LXC 0.7.5 >>>>> >>>>> I'm starting the container with lxc-start -d -n $CONTAINERNAME >>>> That could be the bridge configuration. Did you do 'brctl setfd br0 0' ? >>> I have this in my /etc/network/interfaces (Ubuntu 10.04): >>> >>> auto br0 >>> iface br0 inet static >>> address 129.69.1.227 >>> netmask 255.255.255.0 >>> gateway 129.69.1.254 >>> bridge_ports eth0 >>> bridge_stp off >>> bridge_maxwait 5 >>> post-up /usr/sbin/brctl setfd br0 0 >>> >>> >>> I have never noticed a network freeze and I really often start/stop LXC >>> containers. Does this "brctl setfd br0 0" prevent the freeze? I do not >>> remember why I have added it :-} >> The setfd delay is used when there are several bridge setup on the >> system to detect if the packet are looping across the bridges and to >> learn the spawning tree control. AFAIR, a packet is transmitted on the >> new port and the bridge waits for to see if the packet goes out >> of the bridge and came back from another port. During this delay, the >> port is not enabled. >> >> When there are only one bridge on the system or the bridges are not >> connected together, this option is pointless and we can set the delay to >> '0'. That makes the port to be enabled instantaneously, hence the >> container can access the network immediately after the start. >> >> >> >> -- >> Learn Windows Azure Live! Tuesday, Dec 13, 2011 >> Microsoft is holding a special Learn Windows Azure training event for >> developers. It will provide a great way to learn Windows Azure and what it >> provides. You can attend the event by watching it streamed LIVE online. >> Learn more at http://p.sf.net/sfu/ms-windowsazure >> ___ >> Lxc-users mailing list >> Lxc-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/lxc-users > > -- > Learn Windows Azure Live! Tuesday, Dec 13, 2011 > Microsoft is holding a special Learn Windows Azure training event for > developers. It will provide a great way to learn Windows Azure and what it > provides. You can attend the event by watching it streamed LIVE online. > Learn more at http://p.sf.net/sfu/ms-windowsazure > ___ > Lxc-users mailing list > Lxc-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/lxc-users > -- Learn Windows Azure Live! Tuesday, Dec 13, 2011 Microsoft is holding a special Learn Windows Azure training event for developers. It will provide a great way to learn Windows Azure and what it provides. You can attend the event by watching it streamed LIVE online. Learn more at http://p.sf.net/sfu/ms-windowsazure ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] seeing a network pause when starting and stopping LXCs - how do I stop this?
On 12/08/2011 09:25 AM, Ulli Horlacher wrote: > On Thu 2011-12-08 (07:39), Daniel Lezcano wrote: >> On 12/08/2011 12:38 AM, Joseph Heck wrote: >> >>> I've been seeing a pause in the whole networking stack when starting >>> and stopping LXC - it seems to be somewhat intermittent, but happens >>> reasonably consistently the first time I start up the LXC. >>> >>> I'm using ubuntu 11.10, which is using LXC 0.7.5 >>> >>> I'm starting the container with lxc-start -d -n $CONTAINERNAME >> That could be the bridge configuration. Did you do 'brctl setfd br0 0' ? > I have this in my /etc/network/interfaces (Ubuntu 10.04): > > auto br0 > iface br0 inet static > address 129.69.1.227 > netmask 255.255.255.0 > gateway 129.69.1.254 > bridge_ports eth0 > bridge_stp off > bridge_maxwait 5 > post-up /usr/sbin/brctl setfd br0 0 > > > I have never noticed a network freeze and I really often start/stop LXC > containers. Does this "brctl setfd br0 0" prevent the freeze? I do not > remember why I have added it :-} The setfd delay is used when there are several bridge setup on the system to detect if the packet are looping across the bridges and to learn the spawning tree control. AFAIR, a packet is transmitted on the new port and the bridge waits for to see if the packet goes out of the bridge and came back from another port. During this delay, the port is not enabled. When there are only one bridge on the system or the bridges are not connected together, this option is pointless and we can set the delay to '0'. That makes the port to be enabled instantaneously, hence the container can access the network immediately after the start. -- Learn Windows Azure Live! Tuesday, Dec 13, 2011 Microsoft is holding a special Learn Windows Azure training event for developers. It will provide a great way to learn Windows Azure and what it provides. You can attend the event by watching it streamed LIVE online. Learn more at http://p.sf.net/sfu/ms-windowsazure ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] seeing a network pause when starting and stopping LXCs - how do I stop this?
On 12/08/2011 12:38 AM, Joseph Heck wrote: > I've been seeing a pause in the whole networking stack when starting > and stopping LXC - it seems to be somewhat intermittent, but happens > reasonably consistently the first time I start up the LXC. > > I'm using ubuntu 11.10, which is using LXC 0.7.5 > > I'm starting the container with lxc-start -d -n $CONTAINERNAME That could be the bridge configuration. Did you do 'brctl setfd br0 0' ? -- Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Fedora / CentOS
On 12/05/2011 04:58 PM, István Király - LaKing wrote: > Hi folks. > > I wrote a guide how to get lxc running on CentOs host, with CentOS or Fedora > 14 guest. > http://forums.fedoraforum.org/showthread.php?t=272995 > > I could not get FC15/FC16 containers to work tho. I read somewhere it is > because of systemd. > > Any ideas or suggestions on that subject? I think that has been fixed with lxc 0.7.5, no ? -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Linux Containers vs Solaris Zones
On 11/15/2011 10:14 AM, bruce bushby wrote: > Hello > > I'm hoping someone on the list could answer a couple of questions. I > believe Linux Containers are the perfect answer to some of the issues > I have at work but wanted to confirm some technical bits before > formally submitting any designs. I have worked with Solaris Zones in > the past. Hi Bruce, the lxc is an userspace component which integrate the different kernel functionalities in order to create an object called a "container" which is similar to the Solaris Zones. The lxc is configurable, so some parts can be isolated or not depending of what you want, eg. share the file system or the network stack. > The questions: > Does each "Linux Container" have it's own "network stack"? > If so, how independent is the stackie could each container have a > different routing table? The network stack isolation/virtualization acts at the layer 2, so if you configure the container to have its own network stack (which is done in three lines), you will have a full new network stack for the container with network devices, iptables, raw sockets, routing ... allowing to keep the system network script unchanged for your container. > Does the "Linux Container" share the rpmdb of the "physical host" > or can each lxc have it's own rpmdb? Again, that depends of your configuration. You can share the file system with the host or use an image file, a block device or a directory as a rootfs. You can also make the container to have its own rootfs but bind mount system directories to the rootfs, etc ... It is all configurable. So the short answer is you can choose to share the rpmdb or not. > Does the "Linux Container" share passwd/shadow/pam authentication of > the physical host? Idem. > How does the "Linux Container" handle network cards/MAC addresses? If you don't specify one, the kernel will randomly generate on mac address for you. This default behavior works in most of the cases but with some corner cases in a bridge configuration. > I noticed my RHN Satellite RHEL 6.1 channel doesn't contain the lxc > rpm, anybody running containers on RHEL 6.1. Yes, as far as I know, redhat is the only distro without lxc. A fedora package is available, which could be changed to EPEL [1]. Any volunteer ? :) [1] http://fedoraproject.org/wiki/EPEL I hope you got your answers :) Thanks -- Daniel -- RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] make error of lxc-0.7.5
On 11/10/2011 03:43 AM, 张勇 wrote: > Hi~: > I meet a error when i make lxc-0.7.5 on ubuntu 10.04. > The error info is : > Maybe the docbook tools are not available on your system. You can prevent the documentation to be generated by specifying the --disable-doc option for the configure script. > Using stylesheet: /usr/share/docbook-utils/docbook-utils.dsl#print > Working on: /home/joraye/Downloads/lxc-0.7.5/doc/lxc-create.sgml > nsgmls:/home/joraye/Downloads/lxc-0.7.5/doc/lxc-create.sgml:26:63:W: cannot > generate system identifier for public text "-//Davenport//DTD DocBook > V3.0//EN" > nsgmls:/home/joraye/Downloads/lxc-0.7.5/doc/lxc-create.sgml:30:0:E: > reference to entity "REFENTRY" for which no system identifier could be > generated > nsgmls:/home/joraye/Downloads/lxc-0.7.5/doc/lxc-create.sgml:26:0: entity > was defined here > nsgmls:/home/joraye/Downloads/lxc-0.7.5/doc/lxc-create.sgml:30:0:E: DTD did > not contain element declaration for document type name > nsgmls:/home/joraye/Downloads/lxc-0.7.5/doc/lxc-create.sgml:32:9:E: element > "REFENTRY" undefined > nsgmls:/home/joraye/Downloads/lxc-0.7.5/doc/lxc-create.sgml:34:10:E: > element "DOCINFO" undefined > nsgmls:/home/joraye/Downloads/lxc-0.7.5/doc/lxc-create.sgml:34:16:E: > element "DATE" undefined > nsgmls:/home/joraye/Downloads/lxc-0.7.5/doc/lxc-create.sgml:36:10:E: > element "REFMETA" undefined > nsgmls:/home/joraye/Downloads/lxc-0.7.5/doc/lxc-create.sgml:37:18:E: > element "REFENTRYTITLE" undefined > nsgmls:/home/joraye/Downloads/lxc-0.7.5/doc/lxc-create.sgml:38:14:E: > element "MANVOLNUM" undefined > nsgmls:/home/joraye/Downloads/lxc-0.7.5/doc/lxc-create.sgml:41:13:E: > element "REFNAMEDIV" undefined > nsgmls:/home/joraye/Downloads/lxc-0.7.5/doc/lxc-create.sgml:42:12:E: > element "REFNAME" undefined > nsgmls:/home/joraye/Downloads/lxc-0.7.5/doc/lxc-create.sgml:44:15:E: > element "REFPURPOSE" undefined > nsgmls:/home/joraye/Downloads/lxc-0.7.5/doc/lxc-create.sgml:49:17:E: > element "REFSYNOPSISDIV" undefined > nsgmls:/home/joraye/Downloads/lxc-0.7.5/doc/lxc-create.sgml:50:16:E: > element "CMDSYNOPSIS" undefined > nsgmls:/home/joraye/Downloads/lxc-0.7.5/doc/lxc-create.sgml:51:14:E: > element "COMMAND" undefined > nsgmls:/home/jo > > What a step i had miss? Thanks in advance! > > -zileiye > > > > -- > RSA(R) Conference 2012 > Save $700 by Nov 18 > Register now > http://p.sf.net/sfu/rsa-sfdev2dev1 > > > ___ > Lxc-users mailing list > Lxc-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/lxc-users -- RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] mknod after instance creation?
On 11/05/2011 12:06 AM, Dong-In David Kang wrote: > Hi, > > Is it possible to do "mknod" after creation of an LXC instance? > I need to do "mknod" not only at bootup time, but also at run-time. > This is needed when I want to dynamically add devices to LXC instance. > Is it possible? > If it is, how can I do it? > > I've seen the case of "mknod" at bootup time of an LXC instance. > But, I haven't seen the usage of "mknod" at run-time after boot-up. > Is it the limitation of LXC? Just comment out the lxc.cgroup.devices.* lines in the configuration file. -- RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] mknod inside a container
On 11/04/2011 03:34 PM, Gordon Henderson wrote: > > I have a container that's used to build a Linux image for an embedded > device - and as part of the build script, it creates /dev/ via a sequence > of mknod commands Which all fail )-: > > There are no cap.drop lines in the contianers config files and I'm > currently working round this by doing it on the host and copying the > directory from the host to the container but I'd really rather do it > inside the container... > > So what have I missed, or is it simply not possible? You probably have mknod restrictions through the lxc configuration file. Check for lxc.cgroup.devices.* in the configuration file and comment them all. Cheers -- Daniel -- RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] lxc-stop crashes the host
On 10/25/2011 03:09 PM, Serge E. Hallyn wrote: > Quoting Ulli Horlacher (frams...@rus.uni-stuttgart.de): >> On Mon 2011-10-24 (18:56), Ulli Horlacher wrote: >> >>> vms1 is an Ubuntu 10.04 based host system (4 * Xeon 64bit) with: >>> >>> root@vms1:/lxc# uname -a >>> Linux vms1 2.6.38-11-server #50~lucid1-Ubuntu SMP Tue Sep 13 22:10:53 UTC >>> 2011 x86_64 GNU/Linux >> >> Today 2.6.38-12-server has come. >> >>> But when I try to stop this container with: >>> >>> root@vms1:/lxc# lxc-stop -n fex >>> >>> the host (vms1) crashes with a kernel traceback. >> >> The bug is still there. But I was able to localize what triggers this bug: >> I am able to start/stop the container if I do not use iptables inside the >> container. When I set my ipfilter rules with iptables and then try to stop >> the container, the host crashes again. > > Daniel, > > one of your emails yesterday implied you've figured out the cause? Is that > the case? I am not 100% sure but I think the recent iptables should be flushed before exiting the namespace. I am setting up a qemu with a custom kernel to check the fix works. With the robbery of my laptop bag with the laptop and the backup disk, I have to put in place my testing environment from scratch *gasp* :/ -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] [PATCH 1/1] Drop resolvconf from oneiric container package list
On 10/24/2011 07:09 PM, Serge E. Hallyn wrote: > It prevents containers from getting a good resolv.conf without doing > ifdown eth0; ifup eth0. > > (see pad.lv/880020) > > Signed-off-by: Serge Hallyn > --- Applied. Thanks. -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] lxc-stop crashes the host
On 10/24/2011 09:53 PM, Joerg Gollnick wrote: > Am Montag, 24. Oktober 2011, 21:16:04 schrieb Daniel Lezcano: >> On 10/24/2011 08:59 PM, Daniel Lezcano wrote: >>> On 10/24/2011 07:46 PM, Ulli Horlacher wrote: >>>> On Mon 2011-10-24 (12:33), Serge E. Hallyn wrote: >>>>>> http://fex.rus.uni-stuttgart.de/tmp/vms1-crash.png >>>>>> >>>>>> It's a pity, but this console server (HP IP console) cannot log >>>>>> ASCII >>>>>> based, it is GUI only. I can make only screenshots and cannot >>>>>> scroll back, so the beginning of the kernel crash message is >>>>>> missing. >>>>>> >>>>>> Any tips for debugging or even problem solving? >>>>> Can you use some screencast program to grab the video as the error >>>>> passes by on the gui? Then export a .jpg from the screencast >>>>> video? >>>> I have now booted vms1 with kernel 2.6.35 instead of 2.6.38 (as >>>> before)/ >>>> This kernel crashes also on lxc-stop but it writes something to >>>> /var/log/kern.log : >>> Can you send the iptables rules defined within the container if there >>> are >> Never mind, with the lkml link Jean-Philippe has just send I was able to >> reproduce the problem on a 3.0 kernel :/ >> >> It is weird this bug is not fixed... > I triggered a slightly different issue in nfnetfilter. I worked around this > by > loading nfnetfilter before any other module in this complex. > Maybe it gives somebody a hint. Yes, definitively. Thanks -- Daniel -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] lxc-stop crashes the host
On 10/24/2011 08:59 PM, Daniel Lezcano wrote: > On 10/24/2011 07:46 PM, Ulli Horlacher wrote: >> On Mon 2011-10-24 (12:33), Serge E. Hallyn wrote: >> >>>> http://fex.rus.uni-stuttgart.de/tmp/vms1-crash.png >>>> >>>> It's a pity, but this console server (HP IP console) cannot log ASCII >>>> based, it is GUI only. I can make only screenshots and cannot scroll back, >>>> so the beginning of the kernel crash message is missing. >>>> >>>> Any tips for debugging or even problem solving? >>> Can you use some screencast program to grab the video as the error passes >>> by on the gui? Then export a .jpg from the screencast video? >> I have now booted vms1 with kernel 2.6.35 instead of 2.6.38 (as before)/ >> This kernel crashes also on lxc-stop but it writes something to >> /var/log/kern.log : > Can you send the iptables rules defined within the container if there are Never mind, with the lkml link Jean-Philippe has just send I was able to reproduce the problem on a 3.0 kernel :/ It is weird this bug is not fixed... -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] lxc-stop crashes the host
On 10/24/2011 08:40 PM, Jean-Philippe Menil wrote: > Le 24/10/2011 19:46, Ulli Horlacher a écrit : > >> 2011-10-24 19:34:40 [ 318.526208] br0: port 2(veth2WqDOb) entering >> forwarding state >> 2011-10-24 19:34:40 [ 318.675038] br0: port 2(veth2WqDOb) entering disabled >> state >> 2011-10-24 19:34:40 [ 318.703903] [ cut here ] >> 2011-10-24 19:34:40 [ 318.703960] kernel BUG at >> /build/buildd/linux-lts-backport-maverick-2.6.35/net/netfilter/xt_recent.c:609! > Hi, > > try to load netconsole with appropriate config instead of screenshot. > It's a know bug with kernel < 2.6.37, It seems this bug appears with a 2.6.38-11 kernel version also. -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] lxc-stop crashes the host
On 10/24/2011 07:46 PM, Ulli Horlacher wrote: > On Mon 2011-10-24 (12:33), Serge E. Hallyn wrote: > >>> http://fex.rus.uni-stuttgart.de/tmp/vms1-crash.png >>> >>> It's a pity, but this console server (HP IP console) cannot log ASCII >>> based, it is GUI only. I can make only screenshots and cannot scroll back, >>> so the beginning of the kernel crash message is missing. >>> >>> Any tips for debugging or even problem solving? >> Can you use some screencast program to grab the video as the error passes >> by on the gui? Then export a .jpg from the screencast video? > I have now booted vms1 with kernel 2.6.35 instead of 2.6.38 (as before)/ > This kernel crashes also on lxc-stop but it writes something to > /var/log/kern.log : Can you send the iptables rules defined within the container if there are ? Thanks -- Daniel -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] lxc-stop crashes the host
On 10/24/2011 07:46 PM, Ulli Horlacher wrote: > On Mon 2011-10-24 (12:33), Serge E. Hallyn wrote: > >>> http://fex.rus.uni-stuttgart.de/tmp/vms1-crash.png >>> >>> It's a pity, but this console server (HP IP console) cannot log ASCII >>> based, it is GUI only. I can make only screenshots and cannot scroll back, >>> so the beginning of the kernel crash message is missing. >>> >>> Any tips for debugging or even problem solving? >> Can you use some screencast program to grab the video as the error passes >> by on the gui? Then export a .jpg from the screencast video? > I have now booted vms1 with kernel 2.6.35 instead of 2.6.38 (as before)/ > This kernel crashes also on lxc-stop but it writes something to > /var/log/kern.log : > > 2011-10-24 19:34:40 [ 318.526208] br0: port 2(veth2WqDOb) entering > forwarding state > 2011-10-24 19:34:40 [ 318.675038] br0: port 2(veth2WqDOb) entering disabled > state > 2011-10-24 19:34:40 [ 318.703903] [ cut here ] > 2011-10-24 19:34:40 [ 318.703960] kernel BUG at > /build/buildd/linux-lts-backport-maverick-2.6.35/net/netfilter/xt_recent.c:609! > 2011-10-24 19:34:40 [ 318.704017] invalid opcode: [#1] SMP > 2011-10-24 19:34:40 [ 318.704137] last sysfs file: > /sys/devices/system/cpu/cpu3/cache/index1/shared_cpu_map > 2011-10-24 19:34:40 [ 318.704189] CPU 3 > 2011-10-24 19:34:40 [ 318.704231] Modules linked in: xt_recent veth btrfs > zlib_deflate crc32c libcrc32c ufs qnx4 hfsplus hfs minix ntfs vfat msdos fat > jfs xfs reiserfs nfs fscache pci_stub vboxpci vboxnetadp vboxnetflt vboxdrv > nfsd lockd nfs_acl auth_rpcgss sunrpc exportfs ipt_MASQUERADE iptable_nat > nf_nat ipt_REJECT kvm_intel kvm nf_conntrack_ipv4 nf_defrag_ipv4 xt_state > nf_conntrack ipt_LOG xt_tcpudp iptable_filter ip_tables x_tables bridge 8021q > garp stp ppdev parport_pc i5000_edac edac_core i5k_amb psmouse serio_raw > shpchp lp parport tg3 floppy megaraid_sas > 2011-10-24 19:34:40 [ 318.706762] > 2011-10-24 19:34:40 [ 318.706806] Pid: 21, comm: netns Not tainted > 2.6.35-30-server #60~lucid1-Ubuntu D2119/PRIMERGY RX300 S3 > 2011-10-24 19:34:40 [ 318.706861] RIP: 0010:[] > [] recent_net_exit+0x3c/0x40 [xt_recent] > 2011-10-24 19:34:40 [ 318.706960] RSP: 0018:880236d67d90 EFLAGS: > 00010283 > 2011-10-24 19:34:40 [ 318.707008] RAX: 88022c0a46e0 RBX: > a08ec860 RCX: 0281 > 2011-10-24 19:34:40 [ 318.707059] RDX: 880235ba5200 RSI: > 880236d67dd0 RDI: 88022a6b8880 > 2011-10-24 19:34:40 [ 318.707124] RBP: 880236d67d90 R08: > f000f000 R09: > 2011-10-24 19:34:40 [ 318.707189] R10: 88022a6c4000 R11: > ffc8ffc8 R12: 88022a6b8880 > 2011-10-24 19:34:40 [ 318.707253] R13: 880236d67dd0 R14: > 880001e18dc0 R15: 880236d67fd8 > 2011-10-24 19:34:40 [ 318.707319] FS: () > GS:880001f8() knlGS: > 2011-10-24 19:34:40 [ 318.707400] CS: 0010 DS: ES: CR0: > 8005003b > 2011-10-24 19:34:40 [ 318.707463] CR2: 7f0c32bf61e0 CR3: > 000232f69000 CR4: 06e0 > 2011-10-24 19:34:40 [ 318.707528] DR0: DR1: > DR2: > 2011-10-24 19:34:40 [ 318.707593] DR3: DR6: > 0ff0 DR7: 0400 > 2011-10-24 19:34:40 [ 318.707659] Process netns (pid: 21, threadinfo > 880236d66000, task 880236d5c4d0) > 2011-10-24 19:34:40 [ 318.707738] Stack: > 2011-10-24 19:34:40 [ 318.707793] 880236d67dc0 814ac4a6 > 880236d67da0 880236d67dd0 > 2011-10-24 19:34:40 [ 318.707970] <0> a08ec860 814ac780 > 880236d67e00 814ac88b > 2011-10-24 19:34:40 [ 318.708234] <0> 88022a6b88a8 88022a6b88a8 > 88022a6b8898 88022a6b8898 > 2011-10-24 19:34:40 [ 318.708547] Call Trace: > 2011-10-24 19:34:40 [ 318.708613] [] > ops_exit_list+0x36/0x70 > 2011-10-24 19:34:40 [ 318.708677] [] ? > cleanup_net+0x0/0x1c0 > 2011-10-24 19:34:40 [ 318.708741] [] > cleanup_net+0x10b/0x1c0 > 2011-10-24 19:34:40 [ 318.708808] [] > run_workqueue+0xc5/0x1a0 > 2011-10-24 19:34:40 [ 318.708872] [] > worker_thread+0xa3/0x110 > 2011-10-24 19:34:40 [ 318.708936] [] ? > autoremove_wake_function+0x0/0x40 > 2011-10-24 19:34:40 [ 318.709002] [] ? > worker_thread+0x0/0x110 > 2011-10-24 19:34:40 [ 318.709066] [] kthread+0x96/0xa0 > 2011-10-24 19:34:40 [ 318.709131] [] > kernel_thread_helper+0x4/0x10 > 2011-10-24 19:34:40 [ 318.709195] [] ? kthread+0x0/0xa0 > 2011-10-24 19:34:40 [ 318.709257] [] ? > kernel_thread_helper+0x0/0x10 > 2011-10-24 19:34:40 [ 318.709320] Code: 97 48 08 00 00 85 c0 74 1e 3b 02 77 > 1a 48 98 48 8b 44 c2 10 48 3b 00 75 12 48 c7 c6 52 c6 8e a0 e8 8a b3 8c e0 c9 > c3 0f 0b eb fe <0f> 0b eb fe 55 48 89 e5 53 48 83 ec 08 0f 1f 44 00 00 8b 05 > 74 > 2011-10-24 19:34:40 [ 318.711821] RIP [] > recent_net_exit+0x3c/0x40 [xt_recent] > 2011-10-24 19
Re: [Lxc-users] [PATCH] Define $hostname before its first use
On 09/14/2011 10:27 PM, Serge E. Hallyn wrote: > Otherwise you get 'lxc.utsname =' in config, instead of the > actual hostname being filled in. > > https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/850205 > > Index: lxc/src/lxc/lxc-clone.in Hi Serge, I was not able to apply this patch, it fails with: dlezcano@monster:~/work/src/lxc$ quilt push -f Applying patch lxc-users-define-$hostname-before-its-first-use.patch patching file src/lxc/lxc-clone.in Hunk #1 succeeded at 147 (offset 10 lines). Hunk #2 FAILED at 186. 1 out of 2 hunks FAILED -- saving rejects to file src/lxc/lxc-clone.in.rej Applied patch lxc-users-define-$hostname-before-its-first-use.patch (forced; needs refresh) dlezcano@monster:~/work/src/lxc$ cat src/lxc/lxc-clone.in.rej --- src/lxc/lxc-clone.in2011-09-14 15:04:30.459058616 -0500 +++ src/lxc/lxc-clone.in2011-09-14 15:05:17.179057825 -0500 @@ -186,7 +188,6 @@ fi echo "Updating rootfs..." -hostname=$lxc_new # so you can 'ssh $hostname.' or 'ssh $hostname.local' if [ -f $rootfs/etc/dhcp/dhclient.conf ]; then -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] [PATCH 1/1] lxc-clone: fix dhclient.conf send hostname command
On 09/15/2011 10:53 PM, Serge E. Hallyn wrote: > End the command with ';', which is needed, and put the hostname in > quotes (which doesn't really seem needed, but shown in man page). > > Signed-off-by: Serge Hallyn > --- Applied. -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] [PATCH 1/1] ubuntu template: allow containers to create tap devices
On 09/15/2011 03:30 PM, Serge E. Hallyn wrote: > Thought I had sent this before, but I don't find it anywhere. > > Signed-off-by: Serge Hallyn > --- Applied. -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] [PATCH 1/1] ubuntu template: disallow cap_sys_module (by popular demand)
On 09/15/2011 03:21 PM, Serge E. Hallyn wrote: > This isn't particularly reassuring, and will be moot with user > namespaces, but as people are asking for it, turn off sys_module. > While we're at it, turn off mac_admin and mac_override. > > Signed-off-by: Serge Hallyn > --- Applied. -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] [PATCH 2/2] Accurately detect whether a system supports clone_children
On 09/15/2011 03:12 PM, Serge E. Hallyn wrote: > If multiple cgroups are mounted under /sys/fs/cgroup, then the > original check ends up looking for /sys/fs/cgroup/cgroup.clone_children, > which does not exist because that is just a tmpfs. > > So make sure to check an actual cgroupfs. > > Signed-off-by: Serge Hallyn > --- Applied. -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] [PATCH 1/2] Let sshd template work on ubuntu systems.
On 09/15/2011 03:11 PM, Serge E. Hallyn wrote: > /dev/shm is a symlink to /run/shm, so we need /run/shm > to exist in the container rootfs. Also, /dev/mqueue does > not exist on the host, and can't be created by the container. > But we don't really need it so ignore that. > > Signed-off-by: Serge Hallyn > --- Applied. -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] [PATCH 1/1] lxc-ubuntu: stop early if a bad user is specified in -b option
On 10/20/2011 10:16 PM, Serge E. Hallyn wrote: > Otherwise we end up with a bad container fstab and a container > that won't boot. See > https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/879052 > > Signed-off-by: Serge Hallyn > --- Applied. -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Live Migration of LXC
On 10/24/2011 02:07 PM, Ulli Horlacher wrote: > On Mon 2011-10-24 (12:03), Greg Kurz wrote: > >> C/R and live migration is a complicated matter for LXC containers. > I have assumed nothing else... > > >> No status for the moment... I guess people who really want migration >> should participate > Not every LXC (admin-)user is a kernel hacker, too. I am fluent in Perl > programming, but not in C. > > > >> at least to show kernel maintainers there's a demand for it. > How can we do this? Send mass e-mails (spam) to the kernel maintainers? :-) Different approaches were proposed: * CR from userspace only : we know it is not possible to fully support the CR with this approach. * CR from the kernel space : the CR is monolithic and is very intrusive in the different kernel subsystems and their interactions make the maintenance very complicate for the owner of the subsystem. This is why this approach has been nacked from the community. * a hybrid CR where the userspace collects CR information exported from the kernel. IHMO, this approach is the better in terms of maintenance and flexibility. The latter is for the moment investigated by the containers@ community and AFAIK this approach has a better chance to be accepted but there is still a lot of work to do. -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] cannot start any more any container?! (partially solved)
On 10/21/2011 02:33 PM, Ulli Horlacher wrote: > On Thu 2011-10-20 (09:00), Papp Tamas wrote: > >> Well, I don't see anything like this. Actually I use 0.7.5. Try to upgrade. > After upgrading to lxc 0.7.5 the problem is still there: > I cannot start any container and there is no (log) output at all. For > every lxc-start command I get a new veth interface and the lxc-start > process is not killable (uninterruptable waiting for IO). > > At this point I gave up and tried the Windows problem solving methode: > rebooting (the host server). > > After reboot, I can start and stop containers without any problems. > Everything works fine, as it should. > > I am not happy with this state: I do not know what went wrong and I have > no solution if this problems reappears, besides rebooting, which will > terminate all other container VMs, too. This is a NO-GO for a production > environment! > > I have now installed linux-image-server-lts-backport-natty (Linux 2.6.38) > and hope (*) this fixes the bug. > > > (*) Hope and faith belongs to the church and not to a computing centre. The problem you are describing is not related to LXC but to the network namespace where a dangling reference in the kernel with ipv6 locks the network devices. When the kernel hits this bug, any process creating a network device or deleting one will be stuck in an uninterruptible state. If you are able to start a container with an ipv6 address (lxc.network.ipv6=xxx), stop it, and start it again 10 seconds later then that means the bug is solved in the kernel. The key point is what Serge said, if you have this message in your console: "kernel: unregister_netdevice: waiting for ... to become free" then this is a kernel bug. If you still have this problem with 2.6.38, please let me know, I will ping the netdev@ to fix it and propose it as a fix for natty server ASAP, so that won't be a no-go problem for you. Thanks -- Daniel -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] New LXC Creation Script: lxc-ubuntu-x
On 10/06/2011 08:45 PM, Serge Hallyn wrote: > Quoting Brian K. White (br...@aljex.com): >> Ideally, for the stated purpose, we need something not named ubuntu. > I almost didn't create the page for that reason, but then decided the > content can always get moved if/when someone gets a better domain name. > I don't think we should hold off on collecting the information for this > reason. If sourceforge supported wikis (does it?) then lxc.sf.net/wiki > would be ideal. I think it is possible to put a wiki on lxc.sourceforge.net If refer to http://gaiacrtn.free.fr/articles/MoinMoinWikiOnSourceForge.html we have just to untar MoinMoin in the right directory in order to have the wiki. Shall install it on lxc.sf.net ? or another wiki is preferable ? -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] skype in a lxc
On 10/05/2011 03:43 PM, Lyssa Rabies wrote: > Hello, > > i use different linux distributions and versions of distributions inside > linux containers, so my desktop environment is also running inside a > container. So i don't need to use full virtualisation - i have lxc and i'am > very happy with it. > > Audio works over pulseaudio and for my desktop i'am using XDMCP. I have > allowed video devices, so i can watch TV over xawtv and use webcams. With > mknod i have created all necessary video devices in /dev. My only problem at > the moment is skype. Does skype need udev to query for webcams? If yes, how > can i get udev running inside a container? I don't know if skype needs udev but I would recommend to not use udev in a container as the daemon triggers events at startup which are received within the host and all the other containers. It is not really a problem if there a very few containers. If you really want udev within a container and you should ensure the mknod is allowed for the video in the container with the configuration line: lxc.cgroup.devices.allow = c 81:* rwm Thanks -- Daniel -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] [lxc-devel] please resend patches
On 09/21/2011 06:57 PM, John Drescher wrote: > On Wed, Sep 21, 2011 at 11:53 AM, Daniel Lezcano > wrote: >> On 09/21/2011 05:47 PM, Daniel Lezcano wrote: >>> Hi all, >>> >>> my laptop was stolen yesterday. My email backup history ends to 08/09/2011. >> For English people :) >> >> September 8th >> > I should have every non spam message from the lxc-users list for at > least 1 year in my gmail box. > > You want just the patch emails? Just the patch emails, I have the patches until September 8th. Thanks -- Daniel -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] [lxc-devel] please resend patches
On 09/21/2011 05:47 PM, Daniel Lezcano wrote: > Hi all, > > my laptop was stolen yesterday. My email backup history ends to 08/09/2011. For English people :) September 8th > Is it possible to resend the patches please ? > > Thanks ! > > -- Daniel > > -- > All the data continuously generated in your IT infrastructure contains a > definitive record of customers, application performance, security > threats, fraudulent activity and more. Splunk takes this data and makes > sense of it. Business sense. IT sense. Common sense. > http://p.sf.net/sfu/splunk-d2dcopy1 > ___ > Lxc-devel mailing list > lxc-de...@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/lxc-devel > -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
[Lxc-users] please resend patches
Hi all, my laptop was stolen yesterday. My email backup history ends to 08/09/2011. Is it possible to resend the patches please ? Thanks ! -- Daniel -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] [PATCH] fix broken lxc-*.in scripts
On 09/15/2011 11:55 AM, Greg Kurz wrote: > Commit 92c7f6295518decd3989b2790d75551e7d9a broke the following scipts: > - lxc-setcap > - lxc-setuid > - lxc-create > > This patch adds the missing variables to be substitued by the configure > script. > > Cheers. > > Signed-off-by: Greg Kurz Applied. Thanks Greg. -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Problem with lxc-attach on Linux v3.1.0
On 09/08/2011 07:12 PM, Nikhil Handigol wrote: > It is indeed the case: > > $ type lxc-attach > lxc-attach is /usr/local/bin/lxc-attach Ok. Did you specified the kernel source tree when invoking configure ? It is the --with-linuxdir= Make sure to remove src/lxc/setns.h file which is automatically generated. -- Doing More with Less: The Next Generation Virtual Desktop What are the key obstacles that have prevented many mid-market businesses from deploying virtual desktops? How do next-generation virtual desktops provide companies an easier-to-deploy, easier-to-manage and more affordable virtual desktop model.http://www.accelacomm.com/jaw/sfnl/114/51426474/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Problem with lxc-attach on Linux v3.1.0
On 09/08/2011 06:48 PM, Nikhil Handigol wrote: > Just to be sure that wasn't the case, I tried running the executable > directly from the lxc source directory. I got the same error: > > $ cd src/lxc > $ ./lxc-execute -n foo -f /etc/mn/host.conf -- /bin/bash > root@mnhost:/home/nikhilh/lxc/src/lxc# Yes but the library path is the system path, so to be sure, do: type lxc-attach for me that gives: lxc-attach is /usr/bin/lxc-attach ldd /usr/bin/lxc-attach and that gives: linux-vdso.so.1 => (0x7fff3d56d000) liblxc.so.0 => /usr/lib64/liblxc.so.0 (0x7f7d8359e000) libcap.so.2 => /lib/libcap.so.2 (0x7f7d8336e000) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x7f7d82fd9000) libutil.so.1 => /lib/x86_64-linux-gnu/libutil.so.1 (0x7f7d82dd6000) /lib64/ld-linux-x86-64.so.2 (0x7f7d837ca000) So in your case, that should /usr/local/bin and /usr/local/lib/liblxc.so.. -- Doing More with Less: The Next Generation Virtual Desktop What are the key obstacles that have prevented many mid-market businesses from deploying virtual desktops? How do next-generation virtual desktops provide companies an easier-to-deploy, easier-to-manage and more affordable virtual desktop model.http://www.accelacomm.com/jaw/sfnl/114/51426474/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Problem with lxc-attach on Linux v3.1.0
On 09/08/2011 06:30 PM, Nikhil Handigol wrote: > I just tried running lxc-attach with linux-2.6.38. I got the same error as > with linux-3.0 -- Function not implemented - failed to set namespace 'pid'. > > Here's the exact sequence of steps that I followed: > > Compiled linux-2.6.38.2 with the corresponding setns patches ( > http://lxc.sourceforge.net/patches/linux/2.6.38/2.6.38.2-lxc1/). > > Rebooted into 2.6.38.2 > $ uname -a > Linux nf-build2 2.6.38.2-lxc-0.7.4-with-setns #1 SMP Thu Sep 8 08:42:40 PDT > 2011 x86_64 GNU/Linux > > Compiled lxc-0.7.4: > $ git checkout lxc-0.7.4 > $ ./configure; make; sudo make install Is it possible you have another lxc version installed on your system ? For instance, /usr/bin and the one you are compiling is installed in /usr/local/bin. -- Doing More with Less: The Next Generation Virtual Desktop What are the key obstacles that have prevented many mid-market businesses from deploying virtual desktops? How do next-generation virtual desktops provide companies an easier-to-deploy, easier-to-manage and more affordable virtual desktop model.http://www.accelacomm.com/jaw/sfnl/114/51426474/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] inexplicable effect when starting vnc4server (security hole?)
On 09/08/2011 02:12 PM, sfrazt wrote: > Daniel Lezcano schrieb am 8.09.11 13:56: >>> My question is now: Where does this filename came from? Is it >>> a security hole? >>> >> Is it possible that's coming from an environment variable ? > You are absolutely right. > The value comes from XAUTHORITY which is given to the container. Is it a > wanted behaviour? I suppose this is coming from sysv init which does not take care of cleaning up the env variables (which is better because we can transmit env variables from the host to the container). Can you check XAUTHORITY is set in your container ? and ensure it is set before the vncserver is launched ? -- Doing More with Less: The Next Generation Virtual Desktop What are the key obstacles that have prevented many mid-market businesses from deploying virtual desktops? How do next-generation virtual desktops provide companies an easier-to-deploy, easier-to-manage and more affordable virtual desktop model.http://www.accelacomm.com/jaw/sfnl/114/51426474/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] inexplicable effect when starting vnc4server (security hole?)
On 09/07/2011 10:06 AM, sfrazt wrote: > hi, > > i run lxc under debian sid with lxc version 0.7.5.1. > I run a debian like system in lxc container and vnc4server inside. > Therefor i > have created a user. > > The effect is that. If i start vnc4user manually as user with > > vnc4server :1 -geometry 800x600 > > ps -aux shows as running command > > Xvnc4 :1 -desktop b:1 (lxcuser) -auth /home/lxcuser/.Xauthority > -geometry... > > I get the same when i type as root > su - lxcuser -c "vnc4server :1 -geometry 800x600" > > But, when i put the line > su - lxcuser -c "vnc4server :1 -geometry 800x600 2>/dev/null" > into my container rc.local (so it is autoexecuted at boot) > ps -aux shows > > Xvnc4 :1 -desktop b:1 (lxcuser) -auth > /var/run/gdm3/auth-for-HOSTUSER-6czu0s/database -geometry... > > The problem is that HOSTUSER (my user account at host system > and gdm3 and the file doesn't should exist (and doesn't exist) > in the container. In hole container there is no text where > this filename appears. > > My question is now: Where does this filename came from? Is it > a security hole? > Is it possible that's coming from an environment variable ? -- Doing More with Less: The Next Generation Virtual Desktop What are the key obstacles that have prevented many mid-market businesses from deploying virtual desktops? How do next-generation virtual desktops provide companies an easier-to-deploy, easier-to-manage and more affordable virtual desktop model.http://www.accelacomm.com/jaw/sfnl/114/51426474/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Problem with lxc-attach on Linux v3.1.0
On 09/07/2011 07:49 PM, Goran Cetusic wrote: > Thank you, Daniel. If lxc-attach enters the mainline kernels it will, with > the LANA netgraph implementation, become a powerful tool for network > simulation. The only component inside the kernel that is still missing are > union mounts. Yes, the kernel community is reluctant to merge any union file systems. Hopefully some distros give a kernel with an union fs like aufs for ubuntu. -- Using storage to extend the benefits of virtualization and iSCSI Virtualization increases hardware utilization and delivers a new level of agility. Learn what those decisions are and how to modernize your storage and backup environments for virtualization. http://www.accelacomm.com/jaw/sfnl/114/51434361/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Problem with lxc-attach on Linux v3.1.0
On 09/07/2011 11:33 AM, Greg Kurz wrote: > On Wed, 2011-09-07 at 10:38 +0200, Daniel Lezcano wrote: >> On 09/07/2011 02:17 AM, Nikhil Handigol wrote: >>> Hi, >>> >>> I have been facing problems getting lxc (more specifically, lxc-attach) to >>> work on Linux v3.1.0-rc4. When I run lxc-attach, I get the following error: >>> $ lxc-attach -n foo -- /bin/bash >>> lxc-attach: No such file or directory - failed to open '/proc/821/ns/pid' >>> lxc-attach: failed to enter the namespace >>> >> lxc-attach is ready but in the kernel there is a missing piece, the >> patchset is ready. >> We plan to have it for 3.2. >> > Hi Daniel, > > Is there a place where one can find this patchset ? I've tried here: > > http://git.kernel.org/?p=linux/kernel/git/ebiederm/linux-namespace-control-devel.git Uploaded at: http://lxc.sourceforge.net/patches/linux/3.0.0/3.0.0-lxc1/ Cheers -- Daniel -- Using storage to extend the benefits of virtualization and iSCSI Virtualization increases hardware utilization and delivers a new level of agility. Learn what those decisions are and how to modernize your storage and backup environments for virtualization. http://www.accelacomm.com/jaw/sfnl/114/51434361/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Problem with lxc-attach on Linux v3.1.0
On 09/07/2011 02:17 AM, Nikhil Handigol wrote: > Hi, > > I have been facing problems getting lxc (more specifically, lxc-attach) to > work on Linux v3.1.0-rc4. When I run lxc-attach, I get the following error: > $ lxc-attach -n foo -- /bin/bash > lxc-attach: No such file or directory - failed to open '/proc/821/ns/pid' > lxc-attach: failed to enter the namespace > lxc-attach is ready but in the kernel there is a missing piece, the patchset is ready. We plan to have it for 3.2. -- Using storage to extend the benefits of virtualization and iSCSI Virtualization increases hardware utilization and delivers a new level of agility. Learn what those decisions are and how to modernize your storage and backup environments for virtualization. http://www.accelacomm.com/jaw/sfnl/114/51434361/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] [PATCH] remove the check for container path as it's done in lxc-create
On 09/01/2011 02:00 PM, rha...@informatiq.org wrote: > From: InformatiQ > > > Signed-off-by: InformatiQ > --- Applied. -- Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free "Love Thy Logs" t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] [PATCH 2/2] lxc-fedora.in
On 08/28/2011 01:00 PM, Ramez Hanna wrote: > * if not running on fedora host amd -R is not set, use fedora 14 as default > * trap SIGHUP SIGINT SIGTERM, and cleanup before exiting > Applied. -- Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free "Love Thy Logs" t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] [PATCH 0/3] several mods to lxc-clone.in
On 08/30/2011 05:36 PM, Serge Hallyn wrote: > Thanks. No objections to the patchset. (Other than, better to simply > remove the code lines which you commented out - but no need for a new > set for that). > > I haven't tested it, but it looks correct. > > Acked-by: Serge Hallyn Applied. -- Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free "Love Thy Logs" t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Subject: [PATCH 1/2] fix for missing EOF and fstab contents
On 08/28/2011 12:59 PM, Ramez Hanna wrote: > templates/lxc-fedora.in | 10 +- > 1 files changed, 5 insertions(+), 5 deletions(-) Applied. Thanks. Ramez, I had to fix the diff file, please look at git send-email ... :) -- Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free "Love Thy Logs" t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] how to use cpuset.shares?
On 08/24/2011 04:06 PM, 陈竞 wrote: > i have a computer with 2 cores cpu. I want to create a container with 0.5 > cpu. I found that cpuset.shares means how many time cpu time it get, > but i don't know whether cpuset.shares point to one cpu or all cpu? > if it points to one cpu, is the following configuratian right? > lxc.cgroup.cpuset.cpus = 0 > lxc.cgroup.cpuset.shares = 512 Do you mean lxc.cgroup.cpu.shares = 512 ? If yes, that should be ok. -- EMC VNX: the world's simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] How to rotate logs and console output ?
On 08/19/2011 12:37 PM, Guillaume ZITTA wrote: > Hello, > > lxc-start can handle log output and console output, cool. > But one day or another, we'll have to rotate them. > > Is there a know solution ? > Btw, is there a (easy) way to log into syslog? Did you try with -o /dev/kmsg ? -- Get a FREE DOWNLOAD! and learn more about uberSVN rich system, user administration capabilities and model configuration. Take the hassle out of deploying and managing Subversion and the tools developers use with it. http://p.sf.net/sfu/wandisco-d2d-2 ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Many containers and too many open files
On 08/15/2011 10:05 PM, Gary Ballantyne wrote: > On 16/08/11 06:52, Andre Nathan wrote: >> Hi Gary >> >> On Tue, 2011-08-16 at 06:38 +1200, Gary Ballantyne wrote: >>> Unfortunately, I am still getting the same errors with a little over 40 >>> containers. >> I also had this problem. It was solved after Daniel suggested me to >> increase the following sysctl setting: >> >>fs.inotify.max_user_instances >> >> HTH, >> Andre >> > Hi Andre > > That did it, thanks very much. > > With: > > echo 1024 > /proc/sys/fs/inotify/max_user_instances > > I can fire up (at least) 100 containers. FYI, maximum number of containers I reached was 1024 (the hard limit for the number of bridge ports). I did not try to run more. -- uberSVN's rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Archlinux 3.0 Kernel update breaks LXC
On 08/13/2011 01:54 PM, John wrote: > I've just replaced my "lxc" package with "lxc-git" and it's working > again. Many thanks. > (my installed "lxc" package was probably one version stale also, which > was most likely the problem) > > I guess there's been a change in the kernel. before seeing your response > started to check the kernel config to fix this and noted that > CONFIG_CGROUP_NS is gone. > > Anyway, all working now. The ns_cgroup was removed from the kernel by your humble servant :) http://www.spinics.net/lists/mm-commits/msg80389.html A compatibility flag has been added in the cgroup : clone_children. Maby the version of the package you were using was not aware of this change. A version of lxc >= 0.7.4 should be used to take into account this change in the kernel. It will detect if the ns_cgroup is present or not and use the compatibility flag in case. -- uberSVN's rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] memory limit
On 08/12/2011 11:51 PM, Papp Tamas wrote: > hi! > > I'm asking you about limiting memory. > > This is the test config: > lxc.cgroup.memory.limit_in_bytes = 16M > lxc.cgroup.memory.memsw.limit_in_bytes = 1G > lxc.cgroup.cpuset.cpus = 0-1 > lxc.cgroup.cpu.shares = 1024 > > I run apt-get upgrade and an openfire server (java) as memory harvester > jobs. > > 23:42:37 up 1:54, 3 users, load average: 3.08, 2.47, 1.42 > > $ vmstat 5 > procs ---memory-- ---swap-- -io -system-- > cpu > r b swpd free buff cache si sobibo in cs us sy > id wa > 5 3 94952 2356752 79004 1051784 52 60 132 110 104 170 2 > 1 94 4 > 0 4 97280 2358896 79012 1051772 2105 2254 2105 2396 940 1163 2 > 3 40 56 > 0 1 98544 2358276 79036 1051764 1374 1060 1374 1177 493 963 1 > 2 48 50 > 0 4 99384 2358880 79056 1052460 1538 1432 4286 1526 727 1207 0 > 2 38 59 > 0 3 100596 2355212 79064 1052476 666 645 3718 718 483 1067 1 > 3 37 59 > 0 3 104132 2350996 79064 1052588 1039 1106 4606 1224 540 961 1 > 2 41 56 > 0 3 104488 2350376 79088 1052172 938 641 3624 756 505 865 0 > 1 42 57 > 1 3 103964 2349552 79096 1052568 642 426 3598 477 591 886 16 > 1 26 56 > 0 3 103860 2350008 79112 1052360 491 357 4277 434 850 957 39 > 1 10 50 > 0 4 104652 2350908 79112 1052056 738 746 5207 813 804 1049 23 > 2 18 57 > 0 2 106320 2350016 79120 1052464 825 706 5439 789 941 983 33 > 1 13 53 > 0 8 105540 2347444 79136 1052264 1185 290 4692 379 484 890 1 > 1 34 64 > 0 7 107756 2347000 79144 1052448 948 950 2970 1002 555 900 1 > 2 36 62 > 0 2 106868 2346528 79152 1052428 674 316 4130 402 446 825 1 > 2 43 55 > 0 2 104556 2346372 79160 1052160 570 261 3872 343 492 865 1 > 3 40 55 > 0 2 104976 2345504 79176 1052560 606 506 4298 612 444 839 1 > 2 43 54 > 0 2 104004 2345256 79184 1052476 442 277 3633 362 401 765 2 > 2 40 55 > 0 3 104000 2345248 79192 1052156 555 406 3237 493 475 792 2 > 3 37 58 > 0 7 105044 2344728 79200 1052156 854 775 3691 867 498 902 0 > 2 40 58 > 0 4 105036 2344472 79208 1052396 790 586 3428 668 477 865 1 > 2 33 65 > 0 4 105956 2344248 79216 1052372 590 487 4104 578 562 833 1 > 2 35 62 > 0 4 105268 2343496 79224 1052296 681 317 3506 399 425 793 1 > 0 41 58 > 0 2 105736 2343216 79232 1052284 394 284 3578 373 441 773 0 > 1 45 54 > 0 2 105072 2343464 79248 1052252 773 538 5720 632 534 908 0 > 1 44 55 > 0 2 105572 2342968 79256 1052560 436 342 4547 428 419 806 0 > 1 46 52 > 0 2 106000 2345108 79264 1052444 591 867 4534 946 525 862 1 > 1 44 54 > 1 3 103092 2345076 79280 1052220 906 234 4302 329 470 885 0 > 1 42 57 > 0 2 104636 2345200 79288 1052448 747 870 3556 942 548 886 0 > 1 37 61 > 0 4 105296 2344992 79296 1052152 489 451 3738 550 439 780 0 > 1 44 55 > 0 2 103968 2346372 79304 1052268 858 674 4669 778 578 913 1 > 1 37 61 > 0 2 104052 2346612 79312 1052672 425 346 3766 444 424 786 0 > 1 46 53 > 0 2 104476 2347364 79320 1052164 310 224 3352 294 410 747 0 > 1 42 56 > 0 2 105428 2347356 79328 1052520 408 456 4321 547 471 918 1 > 1 45 53 > 1 4 104384 2349720 79336 1052164 586 320 4389 417 482 828 0 > 1 44 55 > 0 3 104672 2350200 79352 1052136 462 378 3098 502 508 898 0 > 2 38 60 > 0 2 105584 2349820 79368 1052168 544 490 4173 583 501 814 0 > 2 45 54 > 0 2 105344 2349572 79376 1052524 514 266 4138 366 481 822 0 > 1 44 55 > 0 2 105488 2348580 79384 1052424 727 410 4162 492 514 839 0 > 2 41 57 > 0 2 103904 2350068 79400 1052544 1058 781 5232 886 583 926 0 > 2 42 56 > > > Before starting the container the swap usage was zero. > > The problem is all of the container start working slower, for example > the lag of ssh sessions is increased. > > > Is this a normal behaviour? I think, this paging should not do this. If you reduce the memory for a container at a point where it swaps, automatically that will reduce the performances of the whole system by adding a lot of disk IO. Using the cgroup memory is like reducing the RAM. I am not sure 16M is sufficient to run an apt-upgrade command. What are you trying to achieve with 16M on your container ? What application today runs with 16MB of RAM ? -- uberSVN's rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev ___
Re: [Lxc-users] handle memory limits
On 08/12/2011 11:00 PM, sfrazt wrote: > Hi, > > i want to to have a application container that acts with memory limits > as there is simple no more memory. Means: if it reaches the limit the > next question for more memory should simple be denied. > > The default behaviour is to kill the application when it reaches the > limit (not good). > > Then i found out that the config line > lxc.cgroup.memory.oom_control = 1 > turn off the killing, but simple freezes the application. You have the > possibility to get be notified if that happens, but then you could only > kill the application manually or increase the memory limits and the > application runs again. But this is also not that what i want. > > The application should simple behave as there is no more memory, so the > application decides what to do if it gets no more memory. > > > I hope somebody has a solution. Thx in advance for answer. I think when an application in a host reach its *virtual* memory limits, the allocation fails. But if the application is trying to get more memory and there is not enough *physical* memory to do handle this virtual memory (including swap) then it is killed by the oom killer. The behavior of the application is not changed regarding what would have occurred on the host. The memory cgroup acts for the physical memory. If you want your application to fails to allocate memory rather than being killed or frozen, you have to reduce its limits via the ulimit (which does not really make sense). If don't have enough memory on your container, you have to add more RAM :) by increasing the cgroup memory value. -- uberSVN's rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] [NFS] nfs server
On 08/12/2011 08:57 AM, zorg wrote: [ ... ] >> P.S. I believe the fies to make cifs and p9 work already went in, and >> FUSE already did, but it's been a while and I'll have to retest. (I >> know I got 'em all to work, I _think_ all changes necessary to do so >> went upstream.) If you're not tied to NFS, you have several options. >> >> (Getting NFSv4 to work was a crawling horror due to its horrible >> overcomplicated design wanting to merge different mount points into the >> same superblock without even using the --bind mount mechanism, make >> callbacks to kernel threads and userspace with no obvious ownership >> rules... NFSv3 was a piece of cake in comparison, and I don't think I >> ever got lockd to work properly there either. Of course, other network >> filesystems never needed it...) >> >> Rob >> >> -- >> uberSVN's rich system and user administration capabilities and model >> configuration take the hassle out of deploying and managing Subversion and >> the tools developers use with it. Learn more about uberSVN and get a free >> download at: http://p.sf.net/sfu/wandisco-dev2dev >> ___ >> Lxc-users mailing list >> Lxc-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/lxc-users > Hello, > > does this mean that there is no chance ever to make a nfs4 server > working in a lxc container This is not what I read. I think it is just saying it's more difficult to implement. -- FREE DOWNLOAD - uberSVN with Social Coding for Subversion. Subversion made easy with a complete admin console. Easy to use, easy to manage, easy to install, easy to extend. Get a Free download of the new open ALM Subversion platform now. http://p.sf.net/sfu/wandisco-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] [MySQL] Weird performances problem between containers on a same host
On 08/11/2011 09:32 AM, Mauras Olivier wrote: > So here's my results. > On 55 packets transmitted for the mysql request > 25 correct checksums > 28 incorrect > > Disabling TSO and GSO doesn't help much, got exact same result AFAIR, you have to disable all the offloading capabilities of the interface before creating the container. Anyway, it seems you hit this bug: commit 79b569f0ec53a14c4d71e79d93a8676d9a0fda6d Author: Daniel Lezcano Date: Wed Mar 30 02:42:17 2011 -0700 netdev: fix mtu check when TSO is enabled In case the device where is coming from the packet has TSO enabled, we should not check the mtu size value as this one could be bigger than the expected value. This is the case for the macvlan driver when the lower device has TSO enabled. The macvlan inherit this feature and forward the packets without fragmenting them. Then the packets go through dev_forward_skb and are dropped. This patch fix this by checking TSO is not enabled when we want to check the mtu size. Signed-off-by: Daniel Lezcano Acked-by: "Eric W. Biederman" Signed-off-by: David S. Miller IMO, if you have a redhat, you should ask them to incorporate this patch in their kernel. > As for the macvlan bridge mode how can i check if it's available or not?? Hard to say as the Redhat kernel has a lot of backport, not necessarly identified. But at the first glance I would say it is supported otherwise you would not be able to communicate. > Would it let things work even if not supported? No, if the bridge mode is not supported the containers won't be able to communicate through the macvlan. > --- Misc --- > Veth pair device: enabled > Macvlan: enabled > Vlan: enabled > File capabilities: enabled > > > Thanks, > Olivier > > > On Wed, Aug 10, 2011 at 6:25 PM, Daniel Lezcano wrote: > >> On 08/10/2011 05:54 PM, Daniel Lezcano wrote: >>> On 08/10/2011 04:51 PM, Mauras Olivier wrote: >>>> Hello, >>>> >>>> I have several containers running on a host - ~10 >>>> One of them is running a MySQL database. Several of the others are >> running >>>> php code under apache that fetch datas from the database. >>>> >>>> Host is using eth0, while my containers are on a bridge using eth1, and >>>> configured in macvlan bridge mode. Host runs SL6 with 2.6.32 RH kernel - >>>> Host is a VMWare ESX virtual machine for that matter. >>>> Ping latency between containers is at an average of 0.050 ms >>>> >>>> What i noted, is that one webapp were getting very slow... After >>>> investigating, the only thing that i could find, is that requests from >>>> containers are _slower_ than from any other hosts. >>>> >>>> See below: >>>> >>>> container1 ~ # time (echo "select * from testsuites;" | mysql -h >>>> container_mysql -u nmp -pxxx testlink) >>>> id details >>>> 42 >>>> (... cut only 25 entries anyway) >>>> >>>> real*0m0.875s* >>>> >>>> Time varies between 0.8 and 1.2s >>>> >>>> >From the host or another VM on the same network with the exact same >> request: >>>> real*0m0.022s* >>>> >>>> >>>> So that particular app that can loop over 19 requests takes sometimes up >> to >>>> 20s to display a page instead of ~0.5s from another host... >>>> >>>> Is there some sysctl/settings to tweak or it's just not relevant to make >>>> requests between containers on the same host?? >>> Hmm, thanks for the detailed explanation. >>> >>> Can you check with tcpdump if there are problems with the patch checksums >> ? >>> And try to disable the TSO and SGO of eth1 if there are available ? >> Oh, and another question. AFAIK, the bridge mode is available since the >> 2.6.33 kernel. >> If we try to enable the bridge mode on a macvlan while this is not >> supported, no error is reported. >> So I don't know if the RH kernel did backport the bridge mode in their >> .32 kernel. >> -- Get a FREE DOWNLOAD! and learn more about uberSVN rich system, user administration capabilities and model configuration. Take the hassle out of deploying and managing Subversion and the tools developers use with it. http://p.sf.net/sfu/wandisco-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] lxc and libvirt management tools
On 08/10/2011 06:56 PM, Remi Verchere wrote: >>> So, how can I migrate a container configuration managed by lxc tools >>> to libvirt ? Is there any tools or how-to? >> No. That could be very nice if we write a driver for libvirt for the lxc >> tools. >> If someone is willing to do that, that would be great :) > If I had such skills, it would be a pleasure ;) > Can I even use a container created with lxc tools with libvirt (using > hand-made config files) ? Well, more or less. AFAIK, the lxc tools have a bit more container features than the libvirt has, especially on the network part. I think the created rootfs by lxc should work with libvirt with the right configuration. Anyway, I am interested to have your feedback for the libvirt container implementation. >>> Do you know if there is some other generic frontends able to manage >>> lxc containers with/out lxc management tools? >> The text-based gui is planned for the lxc tools. > Ok, thanks. > -- uberSVN's rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] [MySQL] Weird performances problem between containers on a same host
On 08/10/2011 05:54 PM, Daniel Lezcano wrote: > On 08/10/2011 04:51 PM, Mauras Olivier wrote: >> Hello, >> >> I have several containers running on a host - ~10 >> One of them is running a MySQL database. Several of the others are running >> php code under apache that fetch datas from the database. >> >> Host is using eth0, while my containers are on a bridge using eth1, and >> configured in macvlan bridge mode. Host runs SL6 with 2.6.32 RH kernel - >> Host is a VMWare ESX virtual machine for that matter. >> Ping latency between containers is at an average of 0.050 ms >> >> What i noted, is that one webapp were getting very slow... After >> investigating, the only thing that i could find, is that requests from >> containers are _slower_ than from any other hosts. >> >> See below: >> >> container1 ~ # time (echo "select * from testsuites;" | mysql -h >> container_mysql -u nmp -pxxx testlink) >> id details >> 42 >> (... cut only 25 entries anyway) >> >> real*0m0.875s* >> >> Time varies between 0.8 and 1.2s >> >> >From the host or another VM on the same network with the exact same request: >> >> real*0m0.022s* >> >> >> So that particular app that can loop over 19 requests takes sometimes up to >> 20s to display a page instead of ~0.5s from another host... >> >> Is there some sysctl/settings to tweak or it's just not relevant to make >> requests between containers on the same host?? > Hmm, thanks for the detailed explanation. > > Can you check with tcpdump if there are problems with the patch checksums ? > And try to disable the TSO and SGO of eth1 if there are available ? Oh, and another question. AFAIK, the bridge mode is available since the 2.6.33 kernel. If we try to enable the bridge mode on a macvlan while this is not supported, no error is reported. So I don't know if the RH kernel did backport the bridge mode in their .32 kernel. -- uberSVN's rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] [MySQL] Weird performances problem between containers on a same host
On 08/10/2011 05:54 PM, Daniel Lezcano wrote: [ ... ] > Can you check with tcpdump if there are problems with the patch > checksums ? gah ! s/patch/packet -- uberSVN's rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] [MySQL] Weird performances problem between containers on a same host
On 08/10/2011 04:51 PM, Mauras Olivier wrote: > Hello, > > I have several containers running on a host - ~10 > One of them is running a MySQL database. Several of the others are running > php code under apache that fetch datas from the database. > > Host is using eth0, while my containers are on a bridge using eth1, and > configured in macvlan bridge mode. Host runs SL6 with 2.6.32 RH kernel - > Host is a VMWare ESX virtual machine for that matter. > Ping latency between containers is at an average of 0.050 ms > > What i noted, is that one webapp were getting very slow... After > investigating, the only thing that i could find, is that requests from > containers are _slower_ than from any other hosts. > > See below: > > container1 ~ # time (echo "select * from testsuites;" | mysql -h > container_mysql -u nmp -pxxx testlink) > id details > 42 > (... cut only 25 entries anyway) > > real*0m0.875s* > > Time varies between 0.8 and 1.2s > >>From the host or another VM on the same network with the exact same request: > > real*0m0.022s* > > > So that particular app that can loop over 19 requests takes sometimes up to > 20s to display a page instead of ~0.5s from another host... > > Is there some sysctl/settings to tweak or it's just not relevant to make > requests between containers on the same host?? Hmm, thanks for the detailed explanation. Can you check with tcpdump if there are problems with the patch checksums ? And try to disable the TSO and SGO of eth1 if there are available ? -- uberSVN's rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] lxc and libvirt management tools
On 08/10/2011 12:02 PM, Remi Verchere wrote: > Hello, > > I'm using 2 debian LXC containers, and it works fine. I use default > cgroups configuration, and I manage containers using the lxc-* tools. > > I want to manage them using some pretty frontend, such as Archipel > (http://archipelproject.org/), to be included with other VMs. But it > uses libvirt. > > So, how can I migrate a container configuration managed by lxc tools > to libvirt ? Is there any tools or how-to? No. That could be very nice if we write a driver for libvirt for the lxc tools. If someone is willing to do that, that would be great :) > Do you know if there is some other generic frontends able to manage > lxc containers with/out lxc management tools? The text-based gui is planned for the lxc tools. -- uberSVN's rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] [PATCH 1/2] working fedora template
On 08/10/2011 09:21 AM, Ramez Hanna wrote: > On Tue, Aug 9, 2011 at 5:16 PM, Daniel Lezcano wrote: >> On 08/08/2011 10:54 AM, Ramez Hanna wrote: >>> >From c117fc7051971a9166cf5ab1f85cb6331b91a78c Mon Sep 17 00:00:00 2001 >>> From: InformatiQ >>> Date: Wed, 20 Apr 2011 23:15:51 +0300 >>> Subject: [PATCH 1/2] working fedora template >>> >>> signed-off-by: Ramez Hanna >> I was not able to apply your patches. It seems there is some spurious CR >> in the inlined patch. >> >> Did you copy-paste the diff in the email ? > yes i did from gedit > find the patch attached Ok, applied. I got a conflict and part of the patch has been rejected but I fixed the problem. I will let you check the template is working for you when commited. why don't you use git send-email --to lxc-de...@lists.sourceforge.net - ? -- uberSVN's rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
