Re: [lxc-users] OVS / GRE - guest-transparent mesh networking across multiple hosts

On Thu, Aug 3, 2017 at 9:05 PM, Fajar A. Nugraha <l...@fajar.net> wrote: > On Thu, Aug 3, 2017 at 11:46 AM, Amaury Amblard-Ladurantie > <ama...@linux.com> wrote: >> Hello, >> >> I am deploying 10< bare metal servers to serve as hosts for containers &

Re: [lxc-users] OVS / GRE - guest-transparent mesh networking across multiple hosts

On Thu, Aug 3, 2017 at 11:46 AM, Amaury Amblard-Ladurantie wrote: > Hello, > > I am deploying 10< bare metal servers to serve as hosts for containers > managed through LXD. > As the number of container grows, management of inter-container > running on different hosts becomes

Re: [lxc-users] Fastest way to copy containers

On Tue, Jul 25, 2017 at 7:23 PM, Ron Kelley wrote: > Thanks Fajar. > > Interesting, I have not seen/used “lxd init” yet. > It's 'lxc init'. 'lxd init' is something entirely different :) > The output of “lxc -h” does not show the init command. Guess it must be a >

Re: [lxc-users] Fastest way to copy containers

On Tue, Jul 25, 2017 at 7:11 PM, Ron Kelley wrote: > Greetings all, > > I am trying to copy sites from one LXD to another - both running BTRFS. > The normal “lxc copy” command uses btrfs send/receive which is terribly > slow. Since rsync works much, much faster, is there a

Re: [lxc-users] LXD 2.14 - Ubuntu 16.04 - kernel 4.4.0-57-generic - SWAP continuing to grow

On Sat, Jul 15, 2017 at 10:48 PM, Ron Kelley wrote: > Thanks for the great replies. > > Marat/Fajar: How many servers do you guys have running in production, and > what are their characteristics (RAM, CPU, workloads, etc)? My biggest production one was AWS r4.16xlarge

Re: [lxc-users] LXD 2.14 - Ubuntu 16.04 - kernel 4.4.0-57-generic - SWAP continuing to grow

On Sat, Jul 15, 2017 at 1:58 AM, Ron Kelley wrote: > Wondering if anyone else has similar issues. > > We have 5x LXD 2.12 servers running (U16.04 - kernel 4.4.0-57-generic - 8G > RAM, 19G SWAP). Each server is running about 50 LXD containers - Wordpress > w/Nginx and PHP7.

Re: [lxc-users] MySQL Unable to install on 14.04 Container

Adding the list back to cc. On Thu, Jul 6, 2017 at 5:57 AM, Gabriel Marais wrote: > Fajar, > > Here is an extract from my log file, /var/log/mysql/error.log > > 170705 22:52:42 [Warning] Using unique option prefix myisam-recover > instead of myisam-recover-options is

Re: [lxc-users] MySQL Unable to install on 14.04 Container

On Wed, Jul 5, 2017 at 4:06 PM, Gabriel Marais wrote: > Hi Guys > > Recently I have been trying to install MySQL on a Ubuntu 14.04 container. > The files are downloaded fine, and installation continues to the point > where one needs to specify the root password for

Re: [lxc-users] Is it possible to change lxc.cgroup.memory.limit_in_bytes in runtime? [LXD]

On Mon, Jul 3, 2017 at 7:05 AM, Ivan Kurnosov wrote: > Hi, > > I've went through the lxd and go-lxc binding to find the answer myself but > I stuck at > > bool go_lxc_set_config_item(struct lxc_container *c, const char *key, > const char *value) { > return c->set_config_item(c,

Re: [lxc-users] How to check DNS records of containers

On Wed, Jun 28, 2017 at 11:12 PM, Adil Baig wrote: > I actually don't have a separate dnsmasq instance running on the host. > ... and that, is the root cause of your problem. But just `dig +short devop-tools.lxd` doesn't. Which means the queries are > not being forwarded

Re: [lxc-users] How to check DNS records of containers

On Wed, Jun 28, 2017 at 6:34 PM, Adil Baig wrote: > This hasn't worked for me. > > lxc network show lxdbr0 > description: "" > config: > dns.domain: lxd > dns.mode: managed > ipv4.address: 10.0.1.1/24 > ipv4.dhcp.ranges: 10.0.1.2-10.0.1.254 > ipv4.nat: "true" >

Re: [lxc-users] How to check DNS records of containers

On Wed, Jun 28, 2017 at 6:12 PM, Adil Baig wrote: > How do i restart dnsmasq without restarting lxd? That would pause all my > containers. > > The hosts's dsnsmasq. Not the one managed by lxd. systemctl restart dnsmasq. And in any case, test on your dev system first. On

Re: [lxc-users] How to check DNS records of containers

On Wed, Jun 28, 2017 at 4:36 PM, Adil Baig wrote: > In the new LXD (2.5+) is there automatic DNS resolution for containers on > the host? > > It can. But you need to make it so. > I'd like to configure a virtual host on Apache (on the host mahcine) to > proxy requests to

Re: [lxc-users] command "free" show different values on host and container

On Thu, Jun 1, 2017 at 11:42 PM, Denis Bozhok wrote: > Hello! > There is some strange problem. > When I'm typing "free" on the host, I've got a result: > > free -g > totalusedfree shared buff/cache > available > Mem:251

Re: [lxc-users] lxc 2.0 adding a nic to a container on another vlan (was: access to snapshots from within the containers)

On Fri, Jun 16, 2017 at 8:45 PM, Michel Jansens wrote: > Thanks a lot Fajar, > > I did : > lxc config device add welcome-lemur eth1 nic nictype=bridged > parent=brvlan3904 name=eth1 > And ‘brctl show' shows the interface ‘veth41aa07e1’ was added to the > brvlan3904

Re: [lxc-users] access to snapshots from within the containers

On Thu, Jun 15, 2017 at 12:58 PM, mjansens wrote: > Where I might get stuck is in the network part: I will need at some point > to lock some containers in specific VLANs. I more or less have gathered > from various info on the web that LXD2.0.x networking is limited to

Re: [lxc-users] access to snapshots from within the containers

On Wed, Jun 14, 2017 at 3:21 PM, Michel Jansens wrote: > > I understand that version 2.0.9 is not the latest version available > upstream, but what I don’t get, is will I get support from Canonical if I > use a more recent version? > If Canonical offers LXD2.0.x in

Re: [lxc-users] Unable to fork - LXD process limit?

On Tue, Jun 13, 2017 at 3:56 PM, Phillips, Julian < julian.phill...@roke.co.uk> wrote: > Hello, > > > > I’m trying to setup LXD (2.0.9) on Ubuntu 16.04 to run 32 Centos 6 > containers, but I seem to be running into a process limit? > > > > After building the containers, if I run “lxc exec

Re: [lxc-users] lxc image copy from behind NAT

On Tue, Jun 13, 2017 at 1:33 PM, Christoph Mathys wrote: > Thanks for your input! > > > You can probably try something like this: > > lxc copy local:src_vm remote_name:dst_vm > > Unfortunately, this does not work either. > > Ugh. You are right. After further testing, that

Re: [lxc-users] lxc image copy from behind NAT

On Mon, Jun 12, 2017 at 10:22 PM, Christoph Mathys wrote: > In a test setup, I run an VM with lxd in a NATed network. When I try > to copy an image to another server (on the other side of the NAT), it > cannot do that because the other server tries to connect to the IP of >

Re: [lxc-users] Need help with static IP address -- Simplest use case.

On Sat, Jun 10, 2017 at 12:38 PM, Michael Johnson wrote: > Thanks for all the suggestions. I seem to have magically fixed it. When > I changed the parent from lxdbr0 to br0 it now works. Lxdbr0 was a > 'network' I created with 'lxc network create' and br0 was the host >

Re: [lxc-users] LXD 2.13 - Containers using lots of swap despite having free RAM

On Tue, Jun 6, 2017 at 4:29 PM, Ron Kelley wrote: > (Similar to a redit post: https://www.reddit.com/r/LXD/ > comments/53l7on/how_does_lxd_manage_swap_space). > > Ubuntu 16.04, LXC 2.13 running about 50 containers. System has 8G RAM and > 20G swap. From what I can tell,

Re: [lxc-users] ?==?utf-8?q? LXD and Kernel Samepage Merging (KSM)

On Tue, Jun 6, 2017 at 4:13 PM, Andreas Freudenberg wrote: > Hi, > > as stated by Tomasz, KSM will only work for applications which support it. > ... or when you use ksm_preload > If you want a KSM for all apllications you could try UKSM [1]. > > UKSM is not in

Re: [lxc-users] LXD and Kernel Samepage Merging (KSM)

On Mon, Jun 5, 2017 at 9:02 AM, Ron Kelley wrote: > Thanks for the feedback and info. Seems something is amiss with my setup. > > What does your Ubuntu install look like? I have a standard Ubuntu 16.04 > with up-to-date patches and with LXD 2.12. Guess I need to find the

Re: [lxc-users] LXD and Kernel Samepage Merging (KSM)

On Mon, Jun 5, 2017 at 7:48 AM, Ron Kelley wrote: > > As for the openvz link; I read that a few times but I don’t get any > positive results using those methods. This leads me to believe (a) LXD > does not support KSM or (b) the applications are not registering w/the KSM >

Re: [lxc-users] LXD and Kernel Samepage Merging (KSM)

On Sun, Jun 4, 2017 at 11:16 PM, Ron Kelley wrote: > (Reviving the thread about Container Scaling: > https://lists.linuxcontainers.org/pipermail/lxc-users/2016-May/011607.html > ) > > We have hit critical mass with LXD 2.12 and I need to get Kernel Samepage > Merging (KSM)

Re: [lxc-users] instantiate_veth: 2669 failed to attach 'vethMU7OO1' to the bridge

On Mon, May 29, 2017 at 2:56 PM, Rick Leir wrote: > > IMHO the easiest way to use lxc is with lxd. Unofficial packages exists > (at least it did in the past) for fedora, but the easiest way to get > started with lxd is on ubuntu (a live trial is available on >

Re: [lxc-users] instantiate_veth: 2669 failed to attach 'vethMU7OO1' to the bridge

On Mon, May 29, 2017 at 5:58 AM, Rick Leir wrote: > # brctl show > > bridge namebridge idSTP enabledinterfaces > virbr08000.525400c7428byesvirbr0-nic > # lxc-checkconfig > > > # lxc-create -n crowdsr -t fedora > > # lxc-start -n crowdsr -F

Re: [lxc-users] Args for lxd init via script

On Mon, May 22, 2017 at 1:41 PM, gunnar.wagner <gunnar.wag...@netcologne.de> wrote: > > > On 5/22/2017 2:35 PM, Fajar A. Nugraha wrote: > > On Mon, May 22, 2017 at 1:09 PM, gunnar.wagner < > gunnar.wag...@netcologne.de> wrote: > >> >>

Re: [lxc-users] Args for lxd init via script

On Mon, May 22, 2017 at 1:09 PM, gunnar.wagner <gunnar.wag...@netcologne.de> wrote: > > > On 5/22/2017 11:55 AM, Fajar A. Nugraha wrote: > >> subvolume with btrfs does not provide correct df. >> zfs dataset provide correct df. >> > > isn'tbtrfs subv

Re: [lxc-users] Args for lxd init via script

On Mon, May 22, 2017 at 10:25 AM, Mark Constable <ma...@renta.net> wrote: > On 5/22/17 12:28 PM, Fajar A. Nugraha wrote: > >> Yes but I also want the current disk usage to be available inside >>> the container so that, for instance, df returns realistic results. &

Re: [lxc-users] Args for lxd init via script

On Sun, May 21, 2017 at 10:05 PM, Mark Constable wrote: > On 5/21/17 11:16 PM, gunnar.wagner wrote: > >> just for my understanding ... you want to monitor disk usage on the >> LXD host, right? >> > > Yes but I also want the current disk usage to be available inside the >

Re: [lxc-users] Args for lxd init via script

On Sun, May 21, 2017 at 2:51 PM, Mark Constable wrote: > On 5/21/17 4:02 PM, Jeff Kowalczyk wrote: > >> My question, is it reasonable to provide a separate profile and >>> zfs pool per container and is there a better or more efficient way >>> to get the same end result? >>> >>

Re: [lxc-users] lxc-templates dependency on debootstrap

On Sat, May 20, 2017 at 7:43 AM, Andrey Repin wrote: > Greetings, All! > > I've tried to roll a new template, but suddenly realized that I have no > "debootstrap" package installed. > Checking dependencies, it turned out it is listed as "recommended" > dependency > of

Re: [lxc-users] Bind public IP that is available on host's ens3:1 to a specific LXD container?

On Sat, May 20, 2017 at 10:31 AM, Thomas Ward wrote: > I've been able to switch this to a bridged method, with the > host interfaces set to 'manual', an inet0 bridge created that is static > IP'd for the host system to have its primary IP, and can have manual IP > assignments

Re: [lxc-users] Args for lxd init via script

On Fri, May 19, 2017 at 1:39 PM, Mark Constable wrote: > I'm trying to automate a simple setup of LXD via a bash script and I'm > not sure of the best way to provide some preset arguments to "lxd init", > if at all possible. Specifically... > > Name of the storage backend to use

Re: [lxc-users] Possible bug

On Fri, May 19, 2017 at 9:12 AM, Saint Michael wrote: > The container is Debian 7. It does not use systemd. > > Yes. I was using systemd-jessie-unpriv-container case as an example for 'customization required'. In your case, it should be as simple as: - use template (or to be

Re: [lxc-users] Possible bug

On Fri, May 19, 2017 at 7:45 AM, gunnar.wagner wrote: > a bit OT related to this thread but from what Fajar has posted here it > almost sounds like you shouldn't/couldn't use debian inside a container > unless you are prepared to conduct far from trivial post launch

Re: [lxc-users] Possible bug

On Fri, May 19, 2017 at 7:16 AM, Saint Michael wrote: > The host is Ubuntu 16.04.2 LTS, the container is Debian GNU/Linux 7 > > > On Thu, May 18, 2017 at 8:13 PM, Saint Michael wrote: > >> In my debian container, it is file. >> It gets recreated all the

Re: [lxc-users] Possible bug

On Thu, May 18, 2017 at 11:06 PM, Saint Michael wrote: > On Ubuntu 16.04..2 LTS, kernel 4.4.0-78-generi > > inside a container I erase the file /etc/mtab > why? > the containers start, a new file /etc/mtab gets created > Is it a regular file or a symlink? IIRC on ubuntu

Re: [lxc-users] Using predefined cgroups

On Wed, May 17, 2017 at 10:59 AM, Dr. Todor Dimitrov wrote: > I guess LXD would not be an option since we are talking about resource > constrained devices. The unprivileged user is actually used only for > namespacing purposes and not for actual logins. The power user

Re: [lxc-users] LXD launch fails

On Wed, May 17, 2017 at 7:59 AM, CLOSE Dave wrote: > Instructions modified to handle the company proxy per > and-configuring-lxd-212/>: > ># lxc config set core.proxy_http

Re: [lxc-users] Using predefined cgroups

On Tue, May 16, 2017 at 12:21 PM, Dr. Todor Dimitrov wrote: > My understanding is that the unprivileged user owning the container can > still alter the cgroups, right? > > You should really try lxd. e.g. https://linuxcontainers.org/lxd/try-it/ , or install it on your

Re: [lxc-users] Using predefined cgroups

On Tue, May 16, 2017 at 1:18 AM, Dr. Todor Dimitrov wrote: > Hallo, > > LXC automatically creates the "/sys/fs/cgroup/*/lxc/some-container-name" > cgroups, which are setup to reflect the restrictions as defined in the > container configuration file. I was wondering

Re: [lxc-users] More secure container

On Wed, May 10, 2017 at 2:20 PM, T.C 吳天健 wrote: > Great thanks to Fajar, Andrey, Jared and all of you. > > Usually on embedded system our porting/upgrading strategy is as prudent as > possible. My previous survey showing that GOLANG is either undone or not > popular on

Re: [lxc-users] More secure container

On Wed, May 10, 2017 at 1:33 PM, T.C 吳天健 wrote: > Fajar and Andrey, > > I run lxc-1.0 on embedded system and I don't have lxd on that platform. > (i.e. I cross-compile lxc-1.0 from scratch no prebuild package available). > And yes I run container with root privilege . > I

Re: [lxc-users] More secure container

On Wed, May 10, 2017 at 4:22 AM, Andrey Repin wrote: > Greetings, T.C 吳天健! > > > Its said privileged container is unsecured . For example, if a user in > the > > container (suppose it's running a service toward the public) hack the > system > > with some kind of root kit. >

Re: [lxc-users] LXD firewall container?

On Fri, May 5, 2017 at 9:29 PM, Ron Kelley wrote: > Fajar, > > Just following up on this thread. Thanks for pointing out the redundant > NAT problem with ufw. I found another solution to prevent this issue when > restarting ufw (from here:

Re: [lxc-users] HOWTO: How to run graphics-accelerated GUI apps in LXD containers on your Ubuntu desktop

On Thu, May 4, 2017 at 6:04 AM, Simos Xenitellis wrote: > Hi All, > > I completed the tutorial on how to run graphics-accelerated GUI apps > in (local) LXD containers, > https://blog.simos.info/how-to-run-graphics-accelerated- >

Re: [lxc-users] LXD move, how to reduce downtime without live migration

On Mon, May 1, 2017 at 12:49 AM, Andrey Repin wrote: > Greetings, Spike! > > > thank you for sharing Fajar, this is very helpful. A couple questions: > > 1. how do you ensure data consistency? I don't think it's safe to take a > > snap of a mysql container with mysql running

Re: [lxc-users] LXD move, how to reduce downtime without live migration

On Sun, Apr 30, 2017 at 3:15 AM, Spike wrote: > thank you for sharing Fajar, this is very helpful. A couple questions: > 1. how do you ensure data consistency? I don't think it's safe to take a > snap of a mysql container with mysql running for example. Other backup > solutions

Re: [lxc-users] Running LXD on those new ARM64 cloud servers by Scaleway

On Fri, Apr 28, 2017 at 8:20 PM, Simos Xenitellis < simos.li...@googlemail.com> wrote: > Hi All, > > I've put together my notes about running LXD on those new ARM64 cloud > servers by Scaleway. > > Thanks for the info. > 1. These are inexpensive cloud servers. Not baremetal, but KVM. On > ARM64

Re: [lxc-users] Running LXD on those new ARM64 cloud servers by Scaleway

On Sat, Apr 29, 2017 at 11:29 AM, Saint Michael wrote: > I use the new kernel 4.10 and you may do with XFS almost anything you can > do with BTRFS or ZFS, like duperemove, and it is still XFS. > > Wait, what? So using functions listed on

Re: [lxc-users] LXD move, how to reduce downtime without live migration

On Thu, Apr 27, 2017 at 9:09 PM, Spike wrote: > Tamas, > > are you actually doing this? any gotchas? > > I'm trying to set up exactly the same, have a live node and a backup node, > both running zfs. I have the same containers, with the same mac, at > destination, however I'm

Re: [lxc-users] LXD firewall container?

On Fri, Apr 28, 2017 at 1:05 AM, Ron Kelley wrote: > Thanks for the feedback, Spike. After looking around for a while, I, too, > decided a small ubuntu container with a minimal firewall tool is the way to > go. In my case, I used “ufw” but will also look at "firehol”. > >

Re: [lxc-users] how do you create an image from scratch?

On Thu, Apr 27, 2017 at 8:12 AM, T.C 吳天健 wrote: > What's the trick of building unprivileged container rootfs by the way ? > I believe the answer is "you don't". Build the images privileged, then shift the uids when used as unpriv. > I guess device files permission might

Re: [lxc-users] how do you create an image from scratch?

On Wed, Apr 26, 2017 at 10:11 PM, Spike wrote: > thank you Fajar and T.C., > > your experience is very precious and the lxc template looks very good as a > source of inspiration. I'll try commenting out everything in fstab and see > what happens. Other pages I found like this one

Re: [lxc-users] how do you create an image from scratch?

On Wed, Apr 26, 2017 at 9:40 PM, Spike wrote: > yeah I've seen that link before and used the lxd image publish / export > approach (it's what I'm doing right now in fact). However that post isn't > very clear on what it takes to start from scratch. There is a section on >

Re: [lxc-users] lxd init - howto

On Fri, Apr 21, 2017 at 5:33 PM, gunnar.wagner wrote: > is there any how-to about which options to choose and why during the 'lxd > init' process available anywhere? > > Did you read ubuntu's docs? https://help.ubuntu.com/lts/serverguide/lxd.html#lxd-configuration

Re: [lxc-users] LXC containers recovery from pool

On Thu, Apr 20, 2017 at 5:11 PM, Andriy Tovstik wrote: > Hi, all! > > Due to hardware failure i loose my system HDD with ubuntu installation. > I'm going to reinstall system. Also i have two HDD with ZFS filesystem - > lxc pool from this system. > Could anyone explain me, is

Re: [lxc-users] lxc 2.0.7: sysvinit on the host breaks systemd based containers

On Mon, Apr 3, 2017 at 12:03 PM, Harald Dunkel wrote: > Hi folks, > > using sysvinit-core on the host the systemd based containers get > stuck in /sbin/init. lxc-attach shows: > > root@lxcclient:~# ps -ef > UIDPID PPID C STIME TTY TIME CMD > root 1

Re: [lxc-users] nfs server in [unprivileged] container?

On Thu, Mar 30, 2017 at 2:19 PM, Marat Khalili wrote: > https://launchpad.net/~gluster/+archive/ubuntu/nfs-ganesha > > > Disclamer: I haven't tested it. > > Yes, I found it too, but its production readiness is unclear to

Re: [lxc-users] nfs server in [unprivileged] container?

On Thu, Mar 30, 2017 at 12:47 PM, Marat Khalili wrote: > The story would be all different for userspace nfs server, but apparently > there's none. > > https://launchpad.net/~gluster/+archive/ubuntu/nfs-ganesha Disclamer: I haven't tested it. -- Fajar

Re: [lxc-users] subuids and subgid range with multiple LXC containers

On Wed, Mar 29, 2017 at 4:20 AM, Serge E. Hallyn wrote: > Quoting BIGOT Adrien (adrien.bi...@smile.fr): > > Hello, > > > > Actually hosting many containers (2000+) with OpenVZ technology, we > > want to move to LXC/LXD. > > The goal is to host up to 20 unprivilegied containers

Re: [lxc-users] Profile Assignment Error

On Wed, Mar 22, 2017 at 6:50 PM, Gabriel Marais wrote: > Hi Guys > > I am having an issue assigning a profile to a container. Below my steps:- > > 1. List Profiles > > [13:43:12] root@vm-server-01:*~* # lxc profile list > > +-+-+ > > | NAME | USED

Re: [lxc-users] Question about creating a container from an ISO

On Fri, Mar 24, 2017 at 6:44 AM, Michel RENON wrote: > Hi, > > I'm begining with lxc and containers. > > I downloaded an ISO that is an installer. > I already used it to create a vm in virtualbox. > > That ISO is based on debian installer and it adds some telephony >

Re: [lxc-users] Increase temp space /tmp

On Sat, Mar 18, 2017 at 10:29 AM, Saint Michael wrote: > My application could no use more space per thread on the temporary file > system. These are privileged containers and I need that they have access to > the full resources of the parent, which are essentially unlimited. >

Re: [lxc-users] Import Existing LVM Thin Pool Using lxc storage Commands

On Fri, Mar 10, 2017 at 11:39 PM, Steven Butterworth < bwo...@physics.utoronto.ca> wrote: > It appears that, at least by default, the LXD storage API for LVM expects > to have exclusive control of an entire volume group. I don't have space on > one of my servers to make a new volume group to give

Re: [lxc-users] backup strategies for lxd + zfs

On Wed, Mar 8, 2017 at 12:08 AM, Spike wrote: > Hi, > > I'm on Ubuntu Xenial running LXD from PPA + a ZFS storage backend. > > I've been reading everything I could find on backup strategies, but I've > not found anything "official" or that even looked like a best practice so I >

Re: [lxc-users] rename veth interfaces on the host

On Tue, Mar 7, 2017 at 10:32 PM, Spike wrote: > Dear all, > > I'm using bridged mode for networking and would love to be able to tell > which veth is which on the host by using more meaningful names. This would > also very useful for monitoring and debugging. > > I found some

Re: [lxc-users] Can you update templates without full image rebuild?

On Tue, Mar 7, 2017 at 10:43 PM, RayFerguson wrote: > I'm cheap, so I don't have great storage on my dev boxes and I have some > custom templates that I want in my images. My current process is something > like. > > lxc publish contain --alias=foo > lxc image export

Re: [lxc-users] RE xrdp in lxc 2.0 container

On Tue, Feb 21, 2017 at 10:21 AM, Alex Clarke wrote: > Works fine in a privileged container. > > According to https://lists.linuxcontainers.org/pipermail/ > lxc-users/2016-June/011848.html > > This should work in unprivileged, with no access to audio or file transfer > >

Re: [lxc-users] Can unprivileged containers start from a loop device?

se: # Container specific configuration lxc.id_map = u 0 165536 65536 lxc.id_map = g 0 165536 65536 lxc.rootfs = loop:/var/lib/lxc/alpine/rootdev lxc.rootfs.backend = loop -- Fajar > On 02/08/2017 08:42 AM, Fajar A. Nugraha wrote: > > On Wed, Feb 8, 2017 at 7:57 PM, John Lewis <oflam...@

Re: [lxc-users] Can unprivileged containers start from a loop device?

On Wed, Feb 8, 2017 at 7:57 PM, John Lewis wrote: > Can unprivileged containers start from a loop device? > IMHO you should explain what you're trying to achieve, and how you think using a loop device will help. I can say that "lxd uses unpriv containers by default, and it

Re: [lxc-users] idmap, lxd and pylxde

rootfs manually), which (among others) result in 'volatile.last_state.idmap' doesn't match what the actual rootfs uses. -- Fajar > On Wed, Jan 25, 2017, 11:50 PM Fajar A. Nugraha <l...@fajar.net> wrote: > >> On Wed, Jan 25, 2017 at 10:12 PM, Witold Filipczyk <gglate...@gmail.com&g

Re: [lxc-users] idmap, lxd and pylxde

On Wed, Jan 25, 2017 at 10:12 PM, Witold Filipczyk wrote: > On Wed, Jan 25, 2017 at 08:36:23AM -0500, brian mullan wrote: > > Witold > > > > There is a tool called "fuidshift" you can use to shift the gid/uid for > you. > > > >

Re: [lxc-users] moving containers from amd host to Intel host

On Mon, Jan 23, 2017 at 10:27 AM, Jules wrote: > On Sun, Jan 22, 2017 at 4:24 PM, Tomasz Chmielewski > wrote: >> >> You need the same magic as booting for example a x86-64 livecd on an >> Intel system or AMD system... > > > ugh, turns out my new host is

Re: [lxc-users] old Ubuntu 8.04 container, /sbin/init fails

On Sun, Jan 22, 2017 at 3:53 AM, jf wrote: > Thanks for the help. > So what I miss is how to debug /sbin/init in a container ? > I saw that lxc-start has an extra argument to execute the init command > like lxc-start -n container /sbin/init. > lxc-start will run /sbin/init by

Re: [lxc-users] old Ubuntu 8.04 container, /sbin/init fails

On Sun, Jan 22, 2017 at 3:08 AM, jf wrote: > Hi, > > I'm using Ubuntu 16.04 with the default Ubuntu lxd package. > I'm trying to start a Ubuntu 8.04 container, but I didn't find any image. > So I built and imported an image from deboostrap. > > Whenever possibly, don't try to

Re: [lxc-users] Risk/benefit of enabling user namespaces in the kernel for running unprivileged containers

On Sat, Jan 14, 2017 at 4:56 AM, Fajar A. Nugraha <l...@fajar.net> wrote: > On Sat, Jan 14, 2017 at 3:52 AM, John <da_audioph...@yahoo.com> wrote: > >> >> Again, thank you for the detailed reply. Are the nature of these sorts >> of interactions such that

Re: [lxc-users] Risk/benefit of enabling user namespaces in the kernel for running unprivileged containers

On Sat, Jan 14, 2017 at 3:52 AM, John wrote: > > Again, thank you for the detailed reply. Are the nature of these sorts of > interactions such that users require physical access or ssh access to the > host machine in order to exploit, or can they originate from within

Re: [lxc-users] would there be value in starting an LXD community online collection of how-to related information

On Fri, Jan 13, 2017 at 12:05 AM, brian mullan wrote: > I guess I'd like to hear from other LXD users out there that would be > interested in more general "how-to" guides for LXD being available. > > A helpful documentation would always be useful > Myself, I'm not a sw

Re: [lxc-users] Numerous errors running unprivileged container on Arch Linux x86_64

On Thu, Jan 12, 2017 at 3:02 AM, John wrote: > Thank you for the kind reply. My goal is to have openvpn and a LAMP stack > run from within the > unprivileged container. The problem (perhaps related to my config being > incorrectly configured) is that openvpn will not

Re: [lxc-users] Numerous errors running unprivileged container on Arch Linux x86_64

On Wed, Jan 11, 2017 at 3:54 AM, John wrote: > I pulled down the archlinux current amd64 image. > > > The problem is when I start the container, I see numerous errors relating > to systemd and I am now sure what is missing from my config. Advice is > deeply

Re: [lxc-users] Elasticsearch 5.0 <-> LXD

On Mon, Jan 9, 2017 at 8:08 AM, Fajar A. Nugraha <l...@fajar.net> wrote: > On Wed, Dec 28, 2016 at 10:51 PM, James Beedy <jamesbe...@gmail.com> > wrote: > >> I've stumbled onto what I think is a blocker for having Elasticsearch 5.0 >> run in a LXD container

Re: [lxc-users] Elasticsearch 5.0 <-> LXD

On Wed, Dec 28, 2016 at 10:51 PM, James Beedy wrote: > I've stumbled onto what I think is a blocker for having Elasticsearch 5.0 > run in a LXD container. I can install Elasticsearch 5.0, and start it with > the default elasticsearch.yml (listens on localhost by default),

Re: [lxc-users] LXC Containers and Bridge Networking in Arch Linux

On Thu, Jan 5, 2017 at 3:27 AM, Saurabh Deshpande < saurabh.n.deshpa...@gmail.com> wrote: > I am looking to run lxc containers on Arch Linux. >> Hypothetically this Arch Linux server has a local IP of 10.10.10.120 with >> Gateway of 10.10.10.250 and DNS Address as 10.10.10.249 >> I would like to

Re: [lxc-users] LXC Containers and Bridge Networking in Arch Linux

On Tue, Jan 3, 2017 at 8:21 PM, Saurabh Deshpande < saurabh.n.deshpa...@gmail.com> wrote: > Hello Guys, > > > I am trying to set up LXC on Arch Linux with systemd-networkd for > networking. > I see that the bridge can be set up to either use DHCP or a static IP but > we lose a static IP set on

Re: [lxc-users] Install BLCR in a lxc container

On Tue, Dec 27, 2016 at 6:39 PM, Thouraya TH wrote: > Hi all, > > Please, i'd like to know if there is someone has intsalled BLCR > https://upc-bugs.lbl.gov/blcr-dist/blcr-0.8.6_b4.tar.gz inside a > container ? > > > > I have installed BLCR on a HOST ubuntu but i can't

Re: [lxc-users] can't login by ssh with root to my containers

On Wed, Dec 21, 2016 at 5:03 PM, mierdatutis mi wrote: > Hi, > I'm trying to login by ssh from my host to my lxc servers with root. > When I'm trying with ubuntu user I don't have any problems but when I do > with root says me password incorrect. > In my lxc I do "sudo passwd"

Re: [lxc-users] no ping between host and lxc container

On Tue, Dec 20, 2016 at 5:48 PM, Mateusz Korniak < mateusz-li...@ant.gliwice.pl> wrote: > On Tuesday 20 of December 2016 17:04:08 Fajar A. Nugraha wrote: > > What I did in my host, is create a macvlan interface for the host, and > move > > host's eth0 IP address there. &g

Re: [lxc-users] no ping between host and lxc container

On Tue, Dec 20, 2016 at 3:07 AM, Andrey Repin wrote: > Greetings, mierdatutis mi! > > > Hi, > > I've configured a container with ubuntu and my host with ubuntu also. My > > idea is that they are in same lan with statics ip's. > > For these I've configured macvlan. > > I

Re: [lxc-users] Debian 8 container on Ubuntu 16.04 host

On Fri, Dec 16, 2016 at 12:41 PM, Fajar A. Nugraha <l...@fajar.net> wrote: > On Fri, Dec 16, 2016 at 9:58 AM, William Cooley <maili...@wtip.net> wrote: > >> I am trying to install a Debian 8 container on a Ubuntu 16.04 host. >> The Ubuntu host is running lxc

Re: [lxc-users] Debian 8 container on Ubuntu 16.04 host

On Fri, Dec 16, 2016 at 9:58 AM, William Cooley wrote: > I am trying to install a Debian 8 container on a Ubuntu 16.04 host. > The Ubuntu host is running lxc version 2.0.8 from the default ubuntu repo > and Kernel 4.4.0-53-generic #74-Ubuntu. > > I'm using the default

Re: [lxc-users] can't have internet in lxc container

On Wed, Dec 14, 2016 at 3:57 PM, mierdatutis mi wrote: > I have a host ubuntu with dhcp and I would like to have a ubuntu guest > container with ip fixed. I'm trying to set up the /etc/network/interface > with these conf: > Also, I've modified the config file of the ubuntu

Re: [lxc-users] base container for multiple children on zfs

On Wed, Dec 14, 2016 at 12:51 AM, Volker Cordes wrote: > Hello, > > I would like to set up a hosted web app with lxd. I was thinking of > using a separate container for each user by creating a base container > with the webapp preinstalled, publishing it as an image and create

Re: [lxc-users] Strange freezes with btrfs backend

On Sat, Dec 3, 2016 at 7:56 PM, Ron Kelley wrote: > My 0.02 > > We have been using btrfs in production for more than a year on other > projects and about 6mos with LXD. It has been rock solid. I have multiple > LXD servers each with >20 containers. We have a separate

Re: [lxc-users] Strange freezes with btrfs backend

On Sat, Dec 3, 2016 at 6:01 PM, Sergiusz Pawlowicz wrote: > > You'd need to set arc to be as small as possible: > > # cat /etc/modprobe.d/zfs-arc-max.conf > > options zfs zfs_arc_max=67108865 > > What is a sense of using ZFS if you don't use its cache? Non sense. it > -

Re: [lxc-users] Strange freezes with btrfs backend

On Sat, Dec 3, 2016 at 11:30 AM, Pierce Ng wrote: > Hi all, > > I'm running LXD on a Ubuntu 16.04 VPS with ~1GB RAM. My setup uses a disk > image > file, running on the default ext4 base filesystem, as the btrfs backend. > The > server runs four containers, of which only

Re: [lxc-users] Error: /proc must be mounted

On Mon, Nov 28, 2016 at 2:43 AM, Itamar Gal wrote: > Hey Fajar, > > Thank you for your help. Following your advice, I checked to make sure > that lxcfs is running: > > $ pgrep lxcfs | xargs ps -f -p > > UIDPID PPID C STIME TTY TIME CMD > root

<    1   2   3   4   5   6   >