[Bug 1307829] Re: network namespace error
Thanks for reporting this bug. You say this is only with namespaces pre-created by openstack. I'm confused on that - why is openstack creating new network namespaces inside the container? I've just tested under precise, and 'ip netns add' does the right thing there, so contrary to what I said before it looks like there is no bug in iproute. I'm going to mark this against nova, but really have no idea what part of nova is involved here. ** Also affects: nova (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nova in Ubuntu. https://bugs.launchpad.net/bugs/1307829 Title: network namespace error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iproute/+bug/1307829/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1307829] Re: network namespace error
When you say root@osctrl3dc02:~# ip netns exec vips ip a Is osctrl3dc02 the host or a container? Are you saying that you start a container on the host, and then /var/run/netns/ contents change on the host? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nova in Ubuntu. https://bugs.launchpad.net/bugs/1307829 Title: network namespace error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iproute/+bug/1307829/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1307829] Re: network namespace error
D'oh, never mind, I see it now. ** No longer affects: nova (Ubuntu) ** Also affects: lxc (Ubuntu) Importance: Undecided Status: New ** Changed in: lxc (Ubuntu) Importance: Undecided = Medium ** Changed in: lxc (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nova in Ubuntu. https://bugs.launchpad.net/bugs/1307829 Title: network namespace error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iproute/+bug/1307829/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1307829] Re: network namespace error
** Also affects: linux (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1307829 Title: network namespace error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iproute/+bug/1307829/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1307829] Re: network namespace error
So the particular files /var/run/netns/whatzit are bind-mounted /proc/self/ns/net files from a task which no longer exists, which are pinning the netns. Interestingly, if I reproduce this by hand by doing term 1: lxc-unshare -s NETWORK -- /bin/bash term 2: mkdir /var/run/netns/z; mount --bind /proc/$pid/net/ns /var/run/netns/z lxc-start -n t1 -d; sleep 3; lxc-stop -n t1 -k then /var/run/netns/z permissions are not changed. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1307829 Title: network namespace error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iproute/+bug/1307829/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1307829] Re: network namespace error
Ok I see the problem but am not sure what to do about it. iproute makes /var/run/netns MS_SHARED. When a container starts up, it umounts everything. So the netns bind mounts are being umounted on the host. Ideally it woudl be as simple as marking /var/run/netns MS_SLAVE before spawnign the container. However, 'mount --make-rslave /var/run/netns' fails because /var/run/netns doesn't appear to be in my mounts table. Rather /netns is. ** No longer affects: linux (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1307829 Title: network namespace error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iproute/+bug/1307829/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1307829] Re: network namespace error
(Please disregard the notice about required logs) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1307829 Title: network namespace error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iproute/+bug/1307829/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1307829] Re: network namespace error
** Changed in: iproute (Ubuntu) Importance: Undecided = Medium ** Changed in: iproute (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1307829 Title: network namespace error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iproute/+bug/1307829/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1307829] Re: network namespace error
The reason iproute is doing this is: /* Make it possible for network namespace mounts to propogate between * mount namespaces. This makes it likely that a unmounting a network * namespace file in one namespace will unmount the network namespace * file in all namespaces allowing the network namespace to be freed * sooner. */ The command 'ip netns delete x1' simply unmounts /run/netns/x1. If you have 300 'ip netns exec x$i' commands running, then having /run/netns MS_SHARED will propagate the unmounte to all 300 namespaces causing the network namespace to be freed earlier. Unfortunately that makes it so that any task which unmounts /run/netns/x1, which all can do, unmounts it everywhere. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1307829 Title: network namespace error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iproute/+bug/1307829/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1307829] Re: network namespace error
One way iproute could be helpful here by creating a /run/netns/mnt, onto which one 'iproute' mounts namespace was bind-mounted. Then 'ip netns exec' could setns into that mount namespace, *then* unshare mntns. The /run/netns could be a slave to the host but peer with all its child namepace. (I guess it would have to be /run/netns_mnt for that to be sane) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1307829 Title: network namespace error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iproute/+bug/1307829/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1307829] Re: network namespace error
Ah the problem was that /etc/mtab was a file, and /run/netns did not show up in it so mount refused to act on it. Changing /etc/mtab to a symlink to /proc/mounts allows me to make those rslave. So it should suffice for lxc to always turn all of / into MS_SLAVE. It currently does so only when / is MS_SHARED. ** Changed in: iproute (Ubuntu) Status: Confirmed = Invalid ** Summary changed: - network namespace error + /run/netns/* gets umounted on the host when a container starts -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1307829 Title: /run/netns/* gets umounted on the host when a container starts To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iproute/+bug/1307829/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
