PLD Linux Distribution

User Tools

Site Tools

Trace:
docs:lxc

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
docs:lxc [2013-11-19 00:59]
glen Prerequisites 		docs:lxc [2013-11-24 15:24]
glen lxc-stop issue
Line 24: Line 24:
  
 Build the guest container. Build the guest container.
 +
 ==== Bare minimum, no template ==== ==== Bare minimum, no template ====
  
Line 61: Line 62:
  
 !!! WARNING: pld template for LXC is yet to be written !!!  !!! WARNING: pld template for LXC is yet to be written !!! 
 +
 +===== Common problems / Useful tricks =====
 +
 +==== lxc-stop is not graceful ====
 +
 +Currently ''​lxc-stop -n test''​ sends ''​SIGPWR''​ to init inside container, but ''​rc-scripts''​ fails to shutdown things properly (shutdown scripts are not invoked). For workaround, stop services manually before issueing ''​lxc-stop''​.
 +
 +Details: In process table is only this process runrning, no further actions from ''​rc-scripts'':​
 +<​file>​
 +/​sbin/​shutdown -f -h +2 Power Failure; System Shutting Down
 +</​file>​
 +
 +==== loginuid ====
 +
 +''​pam_loginuid.so''​ does not allow ''​sshd''​ to login
 +
 +<​file>​
 +Nov 24 16:02:10 test sshd[2694]: error: PAM: pam_open_session():​ Cannot make/remove an entry for the specified session
 +</​file>​
 +
 +
 +Similar problem as [[http://​kb.parallels.com/​en/​112597|here]],​ to workaround, disable ''​pam_loginuid.so''​ in the authentication rules:
 +<​file>​
 +# sed '/​pam_loginuid.so/​s/​^/#/​g'​ -i  /​etc/​pam.d/​*
 +</​file>​
  
 ===== Vserver comparision ===== ===== Vserver comparision =====
  
 +When in Vserver, guest processes are not visible in host, then in LXC all guest processes are visible. Beware when running ''​killall(1)''​ commands on host.
 +
 +Also, unfortunately ''/​proc/​PID/​root''​ points to ''/''​ for LXC guests as well, so ''​rc-scripts''​ ''​filter_chroot()''​ can't differentiate between host and guest processes.
 +
 +Also, ''​dmesg(1)''​ in guest sees hosts' dmesg by default, you can turn this off by setting ''​kernel.dmesg_restrict=1''​ sysctl param, available since ''​2.6.37''​ kernel.
 +
 +
 +**Commands:​**
 ^ Vserver ^ LXC ^ Notes ^ ^ Vserver ^ LXC ^ Notes ^
-| vserver test enter | lxc-attach -n test -e | Use ''​-e''​ option with care, especially when restarting ​processess ​|+| vserver test enter | lxc-attach -n test -e | Use ''​-e''​ option with care, especially when restarting ​processes ​|
 | vserver test start | lxc-start -n test -d | | vserver test start | lxc-start -n test -d |
 | vserver test stop | lxc-stop -n test | | vserver test stop | lxc-stop -n test |
 | vserver-stat | %%lxc-ls --fancy --running%% | you need ''​python3-lxc''​ installed for this tool | | vserver-stat | %%lxc-ls --fancy --running%% | you need ''​python3-lxc''​ installed for this tool |
- 
 ===== Sample configs ===== ===== Sample configs =====
  
Line 83: Line 116:
 first boot with ''​hwaddr''​ line disabled, look what the random address was assigned, set it in config. first boot with ''​hwaddr''​ line disabled, look what the random address was assigned, set it in config.
  
-also you may use some generation techniques like these (assuming the ip is ''​192.168.2.160''​): +also you may use some generation techniques like these: using last three ip numbers and [[http://​xenbits.xen.org/​docs/​4.3-testing/​misc/​xl-network-configuration.html|Xen'​s OUI (00:​16:​3e)]] address space. If IP is ''​192.168.2.160''​, then:
 <code bash> <code bash>
-$ printf "02:00:%x:​%x:​%x:​%x" ​192 168 2 160 +$ printf "00:16:3e:​%x:​%x:​%x"​ 168 2 160 
-02:00:c0:a8:2:a0+00:16:3e:a8:2:a0
 </​code>​ </​code>​
  
docs/lxc.txt · Last modified: 2016-08-21 00:36 by glen

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
Public Domain Donate Powered by PHP Valid HTML5 Valid CSS PLD Linux Driven by DokuWiki