Re: [Lxc-users] adding a default gateway inside a container as a non root user
Hi; On Fri, Mar 2, 2012 at 19:27, Serge Hallyn serge.hal...@canonical.com wrote: [...] Right now in ubuntu precise, it's lxc-create -t ubuntu -n p1 lxc-start -n p1 [...] If you want to deploy a bunch of cloned images, you can lxc-create -t ubuntu -n plain -B lvm customize /dev/lxc/plain image if you like for i in `seq 1 20`; do lxc-clone -s -o plain -n p$i done The only things different in Ubuntu are that a lxcbr0 bridge gets installed by default (*1), and the release has been tweaked a bit so no changes are needed to run in a container. The first can't really be done in lxc.git (because it's distro-dependent), I've looked into ubuntu precise lxc package, and after then realised /etc/init/lxc-net.conf have a better implementation than I've been trying to accomplish in simplelxc. I've been trying to distribute IP addresses for containers by my, using dnsmasq seems sane, actually I don't understand why I've been trying to re-invent dhcp. This might be a disto-dependent solution but maybe other distros could implement the same concept and this provide inter-distro consistency about default lxc networking. Daniel (Bauman), what do you think about implementing a similar solution into debian package, it looks sensible, we can add a new init.d script like the one in ubuntu:precise:lxc:/etc/init/lxc-net.conf and prepare host system there. and the second is of course independent of lxc. -serge (*1) and if you don't specify a configuration file at creation time, a default one using lxcbr0 is used. -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] adding a default gateway inside a container as a non root user
Quoting Bekir Dogan (beki...@gmail.com): Hi; On Fri, Mar 2, 2012 at 19:27, Serge Hallyn serge.hal...@canonical.com wrote: [...] Right now in ubuntu precise, it's lxc-create -t ubuntu -n p1 lxc-start -n p1 [...] If you want to deploy a bunch of cloned images, you can lxc-create -t ubuntu -n plain -B lvm customize /dev/lxc/plain image if you like for i in `seq 1 20`; do lxc-clone -s -o plain -n p$i done The only things different in Ubuntu are that a lxcbr0 bridge gets installed by default (*1), and the release has been tweaked a bit so no changes are needed to run in a container. The first can't really be done in lxc.git (because it's distro-dependent), I've looked into ubuntu precise lxc package, and after then realised /etc/init/lxc-net.conf have a better implementation than I've been trying to accomplish in simplelxc. I've been trying to distribute IP addresses for containers by my, using dnsmasq seems sane, actually I don't understand why I've been trying to re-invent dhcp. This might be a disto-dependent solution but maybe other distros could implement the same concept and this provide inter-distro consistency about default lxc networking. Daniel (Bauman), what do you think about implementing a similar solution into debian package, it looks sensible, we can add a new init.d script like the one in ubuntu:precise:lxc:/etc/init/lxc-net.conf and prepare host system there. No, no. As soon as 0.8.0 comes out, I need to produce a reasonable debdiff from debian-ubuntu and propose it for merge into debian. Please don't put the onus on Daniel right now, it's my fault. -serge -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] adding a default gateway inside a container as a non root user
On 03/02/2012 11:18 AM, Arun M wrote: With the 0.8.0 version, you will be able to setup the gateway directly from the configuration file. Cool. I wanted to try this so tested with the latest code from repository. However hit another issue now. $ lxc-execute -n alpha -f n1.conf -l DEBUG -o log -- /bin/busybox ash lxc-execute: No such file or directory - failed to rename cgroup /cgroup//lxc/3784-/cgroup//lxc/alpha ... lxc-execute 1331137335.969 INFO lxc_cgroup - [1] found cgroup mounted at '/cgroup',opts='rw,relatime,blkio,net_cls,freezer,devices,memory,cpuacct,cpu,ns,cpuset' lxc-execute 1331137335.969 DEBUGlxc_cgroup - get_init_cgroup: found init cgroup for subsys (null) at / lxc-execute 1331137335.969 DEBUGlxc_cgroup - cgroup /cgroup has flags 0x1 lxc-execute 1331137335.969 WARN lxc_cgroup - using deprecated ns_cgroup lxc-execute 1331137335.969 ERRORlxc_cgroup - No such file or directory - failed to rename cgroup /cgroup//lxc/3840-/cgroup//lxc/alpha $ file /cgroup/3840 /cgroup/3840: directory $ file /cgroup/lxc/3840 /cgroup/lxc/3840: cannot open `/cgroup/lxc/3840' (No such file or directory) It appears that lxc-execute is trying to look for a dir under /cgroup/lxc while its actually present under /cgroup. Could not try cgroup.clone_children since it looks like this is not available in kernel 2.6.32. Ok, I see. I will look at fixing this. -- Daniel -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] adding a default gateway inside a container as a non root user
On 03/02/2012 11:18 AM, Arun M wrote: With the 0.8.0 version, you will be able to setup the gateway directly from the configuration file. Cool. I wanted to try this so tested with the latest code from repository. However hit another issue now. $ lxc-execute -n alpha -f n1.conf -l DEBUG -o log -- /bin/busybox ash lxc-execute: No such file or directory - failed to rename cgroup /cgroup//lxc/3784-/cgroup//lxc/alpha ... lxc-execute 1331137335.969 INFO lxc_cgroup - [1] found cgroup mounted at '/cgroup',opts='rw,relatime,blkio,net_cls,freezer,devices,memory,cpuacct,cpu,ns,cpuset' lxc-execute 1331137335.969 DEBUGlxc_cgroup - get_init_cgroup: found init cgroup for subsys (null) at / lxc-execute 1331137335.969 DEBUGlxc_cgroup - cgroup /cgroup has flags 0x1 lxc-execute 1331137335.969 WARN lxc_cgroup - using deprecated ns_cgroup lxc-execute 1331137335.969 ERRORlxc_cgroup - No such file or directory - failed to rename cgroup /cgroup//lxc/3840-/cgroup//lxc/alpha $ file /cgroup/3840 /cgroup/3840: directory $ file /cgroup/lxc/3840 /cgroup/lxc/3840: cannot open `/cgroup/lxc/3840' (No such file or directory) It appears that lxc-execute is trying to look for a dir under /cgroup/lxc while its actually present under /cgroup. I guess we should add the 'lxc' path to the cgroup in case of the ns_cgroup because the creation is handled by the kernel. Serge ? -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] adding a default gateway inside a container as a non root user
Quoting Daniel Lezcano (daniel.lezc...@free.fr): On 03/02/2012 11:18 AM, Arun M wrote: With the 0.8.0 version, you will be able to setup the gateway directly from the configuration file. Cool. I wanted to try this so tested with the latest code from repository. However hit another issue now. $ lxc-execute -n alpha -f n1.conf -l DEBUG -o log -- /bin/busybox ash lxc-execute: No such file or directory - failed to rename cgroup /cgroup//lxc/3784-/cgroup//lxc/alpha ... lxc-execute 1331137335.969 INFO lxc_cgroup - [1] found cgroup mounted at '/cgroup',opts='rw,relatime,blkio,net_cls,freezer,devices,memory,cpuacct,cpu,ns,cpuset' lxc-execute 1331137335.969 DEBUGlxc_cgroup - get_init_cgroup: found init cgroup for subsys (null) at / lxc-execute 1331137335.969 DEBUGlxc_cgroup - cgroup /cgroup has flags 0x1 lxc-execute 1331137335.969 WARN lxc_cgroup - using deprecated ns_cgroup lxc-execute 1331137335.969 ERRORlxc_cgroup - No such file or directory - failed to rename cgroup /cgroup//lxc/3840-/cgroup//lxc/alpha $ file /cgroup/3840 /cgroup/3840: directory $ file /cgroup/lxc/3840 /cgroup/lxc/3840: cannot open `/cgroup/lxc/3840' (No such file or directory) It appears that lxc-execute is trying to look for a dir under /cgroup/lxc while its actually present under /cgroup. I guess we should add the 'lxc' path to the cgroup in case of the ns_cgroup because the creation is handled by the kernel. Serge ? Drat, yes. -serge -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] adding a default gateway inside a container as a non root user
Quoting Bekir Dogan (beki...@gmail.com): Hi Daniel, On Thu, Mar 1, 2012 at 23:20, Daniel Lezcano daniel.lezc...@free.fr wrote: [...] With the 0.8.0 version, you will be able to setup the gateway directly from the configuration file. Can we see project plans or a todo list or something like these which gives us about the future features should come in next releases. I can't find something like this in a TODO file, open bug reports or a special page in sourceforge. Or do you suggest something to follow other than these. I'm about to start a project (https://github.com/bergerx/simplelxc#readme) for mainly laptop users to create and manage networking enabled test containers so simply which also setup initial networking for both lxc containers and host system. I would like to use networking as it should be and determine the project direction according to this or I should be in a position to re-implement some parts. I've talked implementing some ideas into debian lxc package Daniel Baumann mainy about a simple creation scenario without asking anything other than container name. Right now in ubuntu precise, it's lxc-create -t ubuntu -n p1 lxc-start -n p1 or lxc-create -t ubuntu-cloud -n p1 lxc-start -n p1 If you want to deploy a bunch of cloned images, you can lxc-create -t ubuntu -n plain -B lvm customize /dev/lxc/plain image if you like for i in `seq 1 20`; do lxc-clone -s -o plain -n p$i done The only things different in Ubuntu are that a lxcbr0 bridge gets installed by default (*1), and the release has been tweaked a bit so no changes are needed to run in a container. The first can't really be done in lxc.git (because it's distro-dependent), and the second is of course independent of lxc. -serge (*1) and if you don't specify a configuration file at creation time, a default one using lxcbr0 is used. -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] adding a default gateway inside a container as a non root user
On 03/01/2012 08:32 PM, Arun M wrote: Hi, I am trying to add a default gateway inside a lxc container so that the application can talk to outside network. I used lxc-setcap to set capabilities and started the container as a non-root user. lxc-execute -n alpha -f a.conf -- /bin/start.sh in start.sh :- #!/bin/sh route add default gw 169.254.100.1 exec sh I get the following error :- route: SIOCADDRT: Operation not permitted Tried adding cap_net_admin to lxc-init, making 'route' a suid program etc but did not help. The networking config is as follows:- lxc.network.type = veth lxc.network.flags = up lxc.network.link = br0 lxc.network.name = eth1 lxc.network.ipv4 = 169.254.100.6/24 With the 0.8.0 version, you will be able to setup the gateway directly from the configuration file. -- Daniel -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] adding a default gateway inside a container as a non root user
Dear Arun, You may also use a DHCP environment to setup the containers network IP, routing, DNS-Servers etc. This approach will ease any changes of the network infrastructure and will help you to make your templates more generic. For that, you have the to assign a fix MAC address to the container and to configure a fixed parameter table (host/IP/MAC) at the dhcpd. At my lxc-starter I'm using the formula IP=$(gethostbyname $CONTAINER) HWADDR=`IP=${IP#*.}; printf 00:50:C2:%02X:%02X:%02X ${IP//./ }` # a.b.c.d - 00:50:C2:bb:cc:dd (hex) [...] lxc-start -n $CONTAINER [...] -s lxc.network.hwaddr=$HWADDR Guido My tactical work around was to inject the route add into /etc/rc.d/rc.local in the rootfs template for my LXC containers, so when I create each container rc.local is staged, did the same with /etc/resolv.conf as well. Hi, I am trying to add a default gateway inside a lxc container so that the application can talk to outside network. -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users