[lxc-devel] Question using macvlan
Hi, I think this is a frequently asked question, but I can't find the answer ... The host machine has 2 NIC, eth0 and eth1. eth0 is used a an internal and eth1 is used as an external interface. The lxc-container is setup using a macvlan interface in bridge mode on eth0 with a static ip address. I can't figure out how the container can communicate with the host! I found an advice to create a macvlan for the host either: I tried that but without luck. It would be nice if someone could me direct to the right direction here. Thanks! -- Wilhelm -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH 0/2] some cleanup around lxc-create
Hi, I had a go against lxc-create trying to debug the console issue. There is still a serious issue: the template scripts use some 'arch' binary, which isn't present on my system. What is that? Why not use 'uname -m' instead? Thanks, Feri. Ferenc Wagner (2): remove misleading copy&paste comment correct template directory documentation doc/lxc-create.sgml.in | 11 ++- src/lxc/lxc-create.in |5 - 2 files changed, 6 insertions(+), 10 deletions(-) -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH 1/2] remove misleading copy&paste comment
Signed-off-by: Ferenc Wagner
---
src/lxc/lxc-create.in |5 -
1 files changed, 0 insertions(+), 5 deletions(-)
diff --git a/src/lxc/lxc-create.in b/src/lxc/lxc-create.in
index ee5173e..16011ab 100644
--- a/src/lxc/lxc-create.in
+++ b/src/lxc/lxc-create.in
@@ -20,11 +20,6 @@
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-#
-# This script allows to set or remove the capabilities on the lxc tools.
-# When the capabilities are set, a non root user can manage the containers.
-#
-
usage() {
echo "usage: lxc-create -n [-f configuration] [-t template] [-h]"
}
--
1.6.5
--
ThinkGeek and WIRED's GeekDad team up for the Ultimate
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
lucky parental unit. See the prize list and enter to win:
http://p.sf.net/sfu/thinkgeek-promo
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH 2/2] correct template directory documentation
Signed-off-by: Ferenc Wagner --- doc/lxc-create.sgml.in | 11 ++- 1 files changed, 6 insertions(+), 5 deletions(-) diff --git a/doc/lxc-create.sgml.in b/doc/lxc-create.sgml.in index 5505eea..f3e8524 100644 --- a/doc/lxc-create.sgml.in +++ b/doc/lxc-create.sgml.in @@ -65,7 +65,8 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA lxc commands. - The object is a directory created in @LXCPATH@ and identified by its name. + The object is a directory created in @LXCPATH@ + and identified by its name. @@ -105,10 +106,10 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 'template' is the short name of an existing 'lxc-template' - script that is called by lxc-create. - eg: lxc-busybox, lxc-debian, lxc-fedora, lxc-sshd. - Refer to those exemples in @BINDIR@ - for details of expecting script structure. + script that is called by lxc-create, + eg. busybox, debian, fedora, ubuntu or sshd. + Refer to the examples in @LXCTEMPLATEDIR@ + for details of the expected script structure. -- 1.6.5 -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 0/5] Signal stuff v2 and some documentation
Daniel Lezcano writes: > On 06/10/2010 11:47 PM, Ferenc Wagner wrote: > >> If you provide me with an example (and some description of >> lxc.console), I can give it some testing and concretize this pure >> guesswork. > > lxc-create -n ubuntu -f ~/mynetwork.conf -t ubuntu > lxc-start -n ubuntu -s lxc.console=$(tty) -o $(tty) -l DEBUG I'm not there yet, but found something interesting. If lxc-checkconfig reports full green, clone(NEWNS|NEWUTS|NEWIPC|NEWPID|NEWNET) in lxc-start shouldn't fail. Who's wrong here? Cheers, Feri. $ lxc-checkconfig Kernel config /proc/config.gz not found, looking in other places... Found kernel config file /boot/config-2.6.26-2-686 --- Namespaces --- Namespaces: enabled Utsname namespace: enabled Ipc namespace: enabled Pid namespace: enabled User namespace: enabled Network namespace: enabled Multiple /dev/pts instances: enabled --- Control groups --- Cgroup: enabled Cgroup namespace: enabled Cgroup device: enabled Cgroup sched: enabled Cgroup cpu account: enabled Cgroup memory controller: enabled Cgroup cpuset: enabled --- Misc --- Veth pair device: enabled Macvlan: enabled Vlan: enabled File capabilities: enabled Note : Before booting a new kernel, you can check its configuration usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig $ sudo lxc-start -n debian -s lxc.console=$(tty) lxc-start: failed to clone(0x6c02): Invalid argument lxc-start: Invalid argument - failed to fork into a new namespace lxc-start: failed to spawn 'debian' lxc-start: No such file or directory - failed to remove cgroup '/mnt/debian' -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [RFC][PATCH][lxc]: unfreeze while stopping
On 06/09/2010 07:29 PM, Sukadev Bhattiprolu wrote: > Michel Normand [norm...@fr.ibm.com] wrote: > | Le mardi 08 juin 2010 à 19:07 -0700, Sukadev Bhattiprolu a écrit : > |> I am not too sure, but if user wants to stop a container is there a > |> reason not to implicitly unfreeze the container and stop ? > |> > |> --- > |> From: Sukadev Bhattiprolu > |> Date: Tue, 8 Jun 2010 18:42:00 -0700 > |> Subject: [PATCH 1/1]: unfreeze while stopping container > |> > |> When a container is being stopped, it must also be unfrozen after posting > |> the SIGKILL. Otherwise if the container is frozen when the SIGKILL is > posted, > |> the SIGKILL will remain pending and the lxc-stop command will block until > |> lxc-unfreeze is explicitly called). > | > | For me the lxc-start/lxc-stop and > | lxc-freeze/lxc-unfreeze are two sets of commands > | that should not be mixed. > | > | If the container was previously frozen by a lxc-freeze > | then the user has to issue a lxc-unfreeze before to issue the lxc-stop. > > Ok, if that is the design, then we should change the lxc_stop_callback() > to send an answer even on success ? Currently on successful stop it expects > the socket to close, which will unblock the waiting lxc_stop() caller. > > But if the container is frozen the lxc_stop() caller waits indefinitely. > Its not an issue for the lxc-stop command, but is an issue when > lxc-checkpoint calls lxc_stop() (in response to the --kill option). Suka, Can you resend your patch as it is without the RFC prefix and add a note to the man page ? Thanks -- Daniel -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 0/5] Signal stuff v2 and some documentation
Daniel Lezcano writes: > On 06/15/2010 02:13 PM, Ferenc Wagner wrote: > >> Daniel Lezcano writes: >> >>> On 06/10/2010 11:47 PM, Ferenc Wagner wrote: >>> If you provide me with an example (and some description of lxc.console), I can give it some testing and concretize this pure guesswork. >>> >>> lxc-create -n ubuntu -f ~/mynetwork.conf -t ubuntu >>> lxc-start -n ubuntu -s lxc.console=$(tty) -o $(tty) -l DEBUG >> >> I'm not there yet, but found something interesting. If lxc-checkconfig >> reports full green, clone(NEWNS|NEWUTS|NEWIPC|NEWPID|NEWNET) in >> lxc-start shouldn't fail. Who's wrong here? >> >> $ lxc-checkconfig >> Kernel config /proc/config.gz not found, looking in other places... >> Found kernel config file /boot/config-2.6.26-2-686 > > 2.6.26 ? Mmmh, You need at least a 2.6.29 for a system container > (better to have a 2.6.32). Yeah, it runs with 2.6.32. Btw. what happened in 2.6.29, which made it particularly suitable for running system containers? > Bah ! Looks like the lxc-checkconfig is buggy (fix in attachment). With your fix it indeed misses a couple of things: Network namespace: missing Multiple /dev/pts instances: missing Cgroup memory controller: missing Macvlan: missing Thanks for the fix! Now let's see why lxc-start gets suspended when I try to type at the console... Interestingly, it stays in S state until I kill the container. I'm afraid the console functionality (is there any documentation for it?) may make lxc-start unsuitable for pushing into the background. After all, it is an interactive foreground process in that case, a real proxy towards some getty (if I understand this console thingie right). Maybe this should be handled differently to application containers. But then I'm not sure how Ctrl-C and similar should be forwarded to a getty... -- Cheers, Feri. -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 0/2] some cleanup around lxc-create
On 06/15/2010 01:59 PM, Ferenc Wagner wrote: > Hi, > > I had a go against lxc-create trying to debug the console issue. > There is still a serious issue: the template scripts use some 'arch' > binary, which isn't present on my system. What is that? Why not use > 'uname -m' instead? > There is no particular reason for the 'arch' command, 'uname -m' should be ok too and maybe preferable. > Ferenc Wagner (2): >remove misleading copy&paste comment >correct template directory documentation > > doc/lxc-create.sgml.in | 11 ++- > src/lxc/lxc-create.in |5 - > 2 files changed, 6 insertions(+), 10 deletions(-) > Thanks for fixing these nasty things. -- Daniel -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 0/5] Signal stuff v2 and some documentation
On 06/15/2010 04:47 PM, Ferenc Wagner wrote: > Daniel Lezcano writes: > >> On 06/15/2010 02:13 PM, Ferenc Wagner wrote: >> >>> Daniel Lezcano writes: >>> On 06/10/2010 11:47 PM, Ferenc Wagner wrote: > If you provide me with an example (and some description of > lxc.console), I can give it some testing and concretize this pure > guesswork. lxc-create -n ubuntu -f ~/mynetwork.conf -t ubuntu lxc-start -n ubuntu -s lxc.console=$(tty) -o $(tty) -l DEBUG >>> >>> I'm not there yet, but found something interesting. If lxc-checkconfig >>> reports full green, clone(NEWNS|NEWUTS|NEWIPC|NEWPID|NEWNET) in >>> lxc-start shouldn't fail. Who's wrong here? >>> >>> $ lxc-checkconfig >>> Kernel config /proc/config.gz not found, looking in other places... >>> Found kernel config file /boot/config-2.6.26-2-686 >> >> 2.6.26 ? Mmmh, You need at least a 2.6.29 for a system container >> (better to have a 2.6.32). > > Yeah, it runs with 2.6.32. Btw. what happened in 2.6.29, which made it > particularly suitable for running system containers? The network virtualization was merged upstream. >> Bah ! Looks like the lxc-checkconfig is buggy (fix in attachment). > > With your fix it indeed misses a couple of things: > > Network namespace: missing Better to have it for a system container, otherwise the guest system will reconfigure your host network :/ > Multiple /dev/pts instances: missing Better to have it but not mandatory until you remove the lxc.pts option. > Cgroup memory controller: missing Not mandatory. > Macvlan: missing Better to have, it is more flexible to configure the network. but not mandatory. > Thanks for the fix! Now let's see why lxc-start gets suspended when I > try to type at the console... I think it happens exactly what you described in the previous email, that is if a background process tries to read/write to the tty, then a SIGTTIN / SIGTTOU / is sent to it, where the default action is to stop the process. > Interestingly, it stays in S state until > I kill the container. I'm afraid the console functionality (is there > any documentation for it?) may make lxc-start unsuitable for pushing > into the background. After all, it is an interactive foreground process > in that case, a real proxy towards some getty (if I understand this > console thingie right). Maybe this should be handled differently to > application containers. But then I'm not sure how Ctrl-C and similar > should be forwarded to a getty... argh. yes, chicken-egg problem. -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 0/5] Signal stuff v2 and some documentation
On 06/15/2010 02:13 PM, Ferenc Wagner wrote:
Daniel Lezcano writes:
On 06/10/2010 11:47 PM, Ferenc Wagner wrote:
If you provide me with an example (and some description of
lxc.console), I can give it some testing and concretize this pure
guesswork.
lxc-create -n ubuntu -f ~/mynetwork.conf -t ubuntu
lxc-start -n ubuntu -s lxc.console=$(tty) -o $(tty) -l DEBUG
I'm not there yet, but found something interesting. If lxc-checkconfig
reports full green, clone(NEWNS|NEWUTS|NEWIPC|NEWPID|NEWNET) in
lxc-start shouldn't fail. Who's wrong here?
Cheers,
Feri.
$ lxc-checkconfig
Kernel config /proc/config.gz not found, looking in other places...
Found kernel config file /boot/config-2.6.26-2-686
2.6.26 ? Mmmh, You need at least a 2.6.29 for a system container (better
to have a 2.6.32).
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled
Multiple /dev/pts instances: enabled
--- Control groups ---
Cgroup: enabled
Cgroup namespace: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled
--- Misc ---
Veth pair device: enabled
Macvlan: enabled
Vlan: enabled
File capabilities: enabled
Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig
$ sudo lxc-start -n debian -s lxc.console=$(tty)
lxc-start: failed to clone(0x6c02): Invalid argument
lxc-start: Invalid argument - failed to fork into a new namespace
lxc-start: failed to spawn 'debian'
lxc-start: No such file or directory - failed to remove cgroup '/mnt/debian'
Bah ! Looks like the lxc-checkconfig is buggy (fix in attachment).
---
src/lxc/lxc-checkconfig.in |4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
Index: lxc/src/lxc/lxc-checkconfig.in
===
--- lxc.orig/src/lxc/lxc-checkconfig.in
+++ lxc/src/lxc/lxc-checkconfig.in
@@ -11,8 +11,6 @@ SETCOLOR_NORMAL="echo -en \\033[0;39m"
is_set() {
$GREP -q "$1=[y|m]" $CONFIG
-RES=$?
-
return $?
}
@@ -22,7 +20,7 @@ is_enabled() {
is_set $1
RES=$?
-if [ $RES = 0 ]; then
+if [ $RES -eq 0 ]; then
$SETCOLOR_SUCCESS && echo -e "enabled" && $SETCOLOR_NORMAL
else
if [ ! -z "$mandatory" -a "$mandatory" = yes ]; then
--
ThinkGeek and WIRED's GeekDad team up for the Ultimate
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
lucky parental unit. See the prize list and enter to win:
http://p.sf.net/sfu/thinkgeek-promo___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 0/5] Signal stuff v2 and some documentation
Hi, Apologies if this is the wrong list. > > Interestingly, it stays in S state until > > I kill the container. I'm afraid the console functionality (is there > > any documentation for it?) may make lxc-start unsuitable for pushing > > into the background. After all, it is an interactive foreground process > > in that case, a real proxy towards some getty (if I understand this > > console thingie right). Maybe this should be handled differently to > > application containers. But then I'm not sure how Ctrl-C and similar > > should be forwarded to a getty... > > argh. yes, chicken-egg problem. The lxc.console=$(tty) thing was something I was thinking about. There are a couple of things I've noticed and was pondering how to fix; 1) The expectation I have from xen, kvm etc is that you can detach from the console like lxc-console allows. i.e. lxc-start -C -n test behaves like lxc-start -n test ; lxc-console - at the moment you have an interactive foreground process. 2) If you have a getty on the console, when you start without -s lxc.console=$(tty) it puts the system messages and the getty on the host system console. That gets confusing when logging in on a lights out console. Was this what lxcd was for? Should it be that lxc-start always goes into the background, and holds onto the console, which you can connect to via lxcd by specifying a flag to lxc-console? lxc-start -s lxc.console gets replaced by lxc-start -C which is equivalent to lxc-start ; lxc-console Happy to devote some time to fixing this... Andy Andrew Phillips Head of Systems www.lmax.com Office: +44 203 1922509 Mobile: +44 (0)7595 242 900 LMAX | Level 2, Yellow Building | 1 Nicholas Road | London | W11 4AN The information in this e-mail and any attachment is confidential and is intended only for the named recipient(s). The e-mail may not be disclosed or used by any person other than the addressee, nor may it be copied in any way. If you are not a named recipient please notify the sender immediately and delete any copies of this message. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Any view or opinions presented are solely those of the author and do not necessarily represent those of the company. -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
