Re: [lxc-devel] lxc final thesis

2011-03-02 Thread Andre Nathan 
On Wed, 2011-03-02 at 22:18 +0100, Daniel Lezcano wrote:
> On 02/28/2011 11:20 AM, Farcasi Ana-Maria wrote:
> > Hi,
> >
> > Indeed, we were refering to the network bandwidth limitation. Sorry for the
> > confusion.
> >
> > We have already done some tests with this limitation using tc and cgroups
> > and we have reached the conclusion that the classification is done
> > correctly, but the limitation of the bandwidth is not done at all. Here we
> > have attached our results [1].
> 
> I just noticed Andre added the network bandwidth limitations from 
> outside of the container using the side of the pair device veth on the host.
> 
> http://andre.people.digirati.com.br/lxc-create.sh

I'm not sure about what the context is here :)  I did it that way
because I couldn't get it to work with tc and cgroups. The downside of
my approach is one extra iptables rule to mark the packets and one "tc
filter" rule per container, if you want to have individual bandwidth
limiting.

Andre


--
Free Software Download: Index, Search & Analyze Logs and other IT data in 
Real-Time with Splunk. Collect, index and harness all the fast moving IT data 
generated by your applications, servers and devices whether physical, virtual
or in the cloud. Deliver compliance at lower cost and gain new business 
insights. http://p.sf.net/sfu/splunk-dev2dev 
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

[lxc-devel] Including files in LXC config

2011-12-06 Thread Andre Nathan 
Hello

Attached is a patch that allows one to include other configuration files
from the main container config. The main motivation is to make the
automation of container configuration changes easier. Shell globs are
allowed, so you can do

lxc.include = /var/lib/lxc/mycontainer/conf.d/*.conf

I used the config value "lxc.include" to avoid having to change the
parse_line function, but since this is not really an LXC setting, maybe
something different would be desired (maybe "#include"?)

Any comments are appreciated.

Thanks in advance,
Andre
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index 550102c..7b7ae94 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -27,6 +27,7 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
@@ -69,6 +70,7 @@ static int config_network_ipv6(const char *, char *, struct lxc_conf *);
 static int config_network_ipv6_gateway(const char *, char *, struct lxc_conf *);
 static int config_cap_drop(const char *, char *, struct lxc_conf *);
 static int config_console(const char *, char *, struct lxc_conf *);
+static int config_include(const char *, char *, struct lxc_conf *);
 
 typedef int (*config_cb)(const char *, char *, struct lxc_conf *);
 
@@ -104,6 +106,7 @@ static struct config config[] = {
 	{ "lxc.network.ipv6", config_network_ipv6 },
 	{ "lxc.cap.drop", config_cap_drop },
 	{ "lxc.console",  config_console  },
+	{ "lxc.include",  config_include  },
 };
 
 static const size_t config_size = sizeof(config)/sizeof(struct config);
@@ -943,6 +946,31 @@ int lxc_config_read(const char *file, struct lxc_conf *conf)
 	return lxc_file_for_each_line(file, parse_line, conf);
 }
 
+static int config_include(const char *key, char *value, struct lxc_conf *lxc_conf)
+{
+	int i, ret;
+	glob_t gl;
+
+	ret = glob(value, GLOB_ERR | GLOB_BRACE | GLOB_TILDE, NULL, &gl);
+	if (ret != 0) {
+		globfree(&gl);
+		ERROR("failed to read included configuration file "
+"'%s': %s", value, strerror(errno));
+		return -1;
+	}
+	for (i = 0; i < gl.gl_pathc; i++) {
+		char *file = gl.gl_pathv[i];
+		ret = lxc_config_read(file, lxc_conf);
+		if (ret != 0) {
+			globfree(&gl);
+			ERROR("failed to read included configuration file "
+"'%s': %s", file, strerror(errno));
+			return -1;
+		}
+	}
+	return 0;
+}
+
 int lxc_config_define_add(struct lxc_list *defines, char* arg)
 {
 	struct lxc_list *dent;
--
Cloud Services Checklist: Pricing and Packaging Optimization
This white paper is intended to serve as a reference, checklist and point of 
discussion for anyone considering optimizing the pricing and packaging model 
of a cloud services business. Read Now!
http://www.accelacomm.com/jaw/sfnl/114/51491232/___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Re: [lxc-devel] Including files in LXC config

2011-12-06 Thread Andre Nathan 
Hi

Guido Jäkel has pointed out that I missed a globfree() call, so that
would have to be added.

There's also the question about redefining pre-existing parameters.
Should this be allowed or should it be an error?

Thanks,
Andre


On Tue, 2011-12-06 at 13:10 -0200, Andre Nathan wrote:
> Hello
> 
> Attached is a patch that allows one to include other configuration files
> from the main container config. The main motivation is to make the
> automation of container configuration changes easier. Shell globs are
> allowed, so you can do
> 
> lxc.include = /var/lib/lxc/mycontainer/conf.d/*.conf
> 
> I used the config value "lxc.include" to avoid having to change the
> parse_line function, but since this is not really an LXC setting, maybe
> something different would be desired (maybe "#include"?)
> 
> Any comments are appreciated.
> 
> Thanks in advance,
> Andre
> --
> Cloud Services Checklist: Pricing and Packaging Optimization
> This white paper is intended to serve as a reference, checklist and point of 
> discussion for anyone considering optimizing the pricing and packaging model 
> of a cloud services business. Read Now!
> http://www.accelacomm.com/jaw/sfnl/114/51491232/
> ___ Lxc-devel mailing list 
> Lxc-devel@lists.sourceforge.net 
> https://lists.sourceforge.net/lists/listinfo/lxc-devel



--
Cloud Services Checklist: Pricing and Packaging Optimization
This white paper is intended to serve as a reference, checklist and point of 
discussion for anyone considering optimizing the pricing and packaging model 
of a cloud services business. Read Now!
http://www.accelacomm.com/jaw/sfnl/114/51491232/
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

[lxc-devel] LXC and Ubuntu 13.04

2013-08-21 Thread Andre Nathan 
Hello

I've found the following issue running lxc-start on Ubuntu 13.04:

   lxc-start: Read-only file system - failed to change apparmor profile 
to unconfined

This happens despite "lxc.aa_profile = unconfined" being set in the 
container configuration. What happened was that aa_am_unconfined() was 
returning false, and investigating why I found that the string returned 
by aa_get_profile() was "unconfined\n/tty1" instead of simply "unconfined".

So adding this bit of code at the end of aa_get_profile() fixed the 
issue for me:

 space = index(buf, '\n');
 if (space)
 *space = '\0';

Has anyone seen this before? I'm not sure if this is a kernel bug (since 
the profile is being read from /proc) or an lxc bug... I'm using kernel 
3.8.0-27-generic and lxc 0.9.0-0ubuntu3.4.

There's a second issue: if I add an IPv6 address to the configuration, as in

   lxc.network.ipv6 = 2001:db8:fedc:abcd::2/80

it used to work on 12.04 but on 13.04 I get the following error:

   lxc-start 1377083732.942 ERRORlxc_confile - No such file or 
directory - invalid ipv6 address: 2001:db8:fedc:abcd::2/80

Is this known?

Thanks
Andre

--
Introducing Performance Central, a new site from SourceForge and 
AppDynamics. Performance Central is your source for news, insights, 
analysis and resources for efficient Application Performance Management. 
Visit us today!
http://pubads.g.doubleclick.net/gampad/clk?id=48897511&iu=/4140/ostg.clktrk
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel