<div dir="ltr"><div>Yes, i haven't modified the script, as it's on this url: <br><a href="http://tycho.ws/blog/2014/09/container-migration.html">http://tycho.ws/blog/2014/09/container-migration.html</a><br><br></div>Bests. <br><div><div><div class="gmail_extra"><br><div class="gmail_quote">2015-02-04 12:54 GMT+01:00 <span dir="ltr"><<a href="mailto:lxc-users-request@lists.linuxcontainers.org" target="_blank">lxc-users-request@lists.linuxcontainers.org</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Send lxc-users mailing list submissions to<br>
<a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="http://lists.linuxcontainers.org/listinfo/lxc-users" target="_blank">http://lists.linuxcontainers.org/listinfo/lxc-users</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:lxc-users-request@lists.linuxcontainers.org">lxc-users-request@lists.linuxcontainers.org</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:lxc-users-owner@lists.linuxcontainers.org">lxc-users-owner@lists.linuxcontainers.org</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of lxc-users digest..."<br>
<br>Today's Topics:<br>
<br>
1. Live Migration of a Container (Thouraya TH)<br>
2. Re: Live Migration of a Container (Tycho Andersen)<br>
3. Unprivileged containers on Debian Jessie (Xavier Gendre)<br>
4. unprivileged container with zfs backing (Adam Gold)<br>
5. Re: unprivileged container with zfs backing (Fajar A. Nugraha)<br>
6. Re: unprivileged container with zfs backing (Adam Gold)<br>
7. Re: [Marketing Mail] Re: unprivileged container with zfs<br>
backing (Jäkel)<br>
8. Re: unprivileged container with zfs backing (Fajar A. Nugraha)<br>
9. Re: unprivileged container with zfs backing (Fajar A. Nugraha)<br>
<br><br>---------- Message transféré ----------<br>From: Thouraya TH <<a href="mailto:thouraya87@gmail.com">thouraya87@gmail.com</a>><br>To: LXC users mailing-list <<a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a>><br>Cc: <br>Date: Tue, 3 Feb 2015 13:06:56 +0100<br>Subject: [lxc-users] Live Migration of a Container<br><div dir="ltr"><div>Hello,<br><br></div><b>1)</b> Please, can you explain details of these command:<br><pre><span style="font-family:arial,helvetica,sans-serif"><code><span style="font-family:arial,helvetica,sans-serif">$ sudo ./migrate u1 ubuntu@criu2.local</span><br></code></span></pre><pre><code><span style="font-family:arial,helvetica,sans-serif">i try : <br>./migrate u1 root@g-3.xxx.yyyyy.zz<br>Bad number of args.<br>-bash container <a href="mailto:user@host.to.migrate.to" target="_blank">user@host.to.migrate.to</a></span><b><font face="arial,helvetica,sans-serif"><br><br></font></b></code></pre><pre><code><b><font face="arial,helvetica,sans-serif">2) </font></b></code><br><span style="font-family:arial,helvetica,sans-serif"><font><span lang="en"><span>Is</span> <span>there</span> <span>a</span> <span>tutorial that</span> <span>specifies the</span> <span>data that will</span> <span>be imported</span> <span>during <br>a migration</span> <span>of a</span> <span>container</span><span>?</span> <span>only</span> <span>CRIU</span> <span>images? <br><br></span></span></font></span></pre><pre><code><font face="arial,helvetica,sans-serif">Thanks a lot for help.<br></font></code></pre><pre><code><font face="arial,helvetica,sans-serif">Best Regards. </font><b><font face="arial,helvetica,sans-serif"><br><br></font></b></code></pre><pre><code><font face="arial,helvetica,sans-serif">Thouraya. </font><b><font face="arial,helvetica,sans-serif"><br></font></b></code></pre></div>
<br><br>---------- Message transféré ----------<br>From: Tycho Andersen <<a href="mailto:tycho.andersen@canonical.com">tycho.andersen@canonical.com</a>><br>To: LXC users mailing-list <<a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a>><br>Cc: <br>Date: Tue, 3 Feb 2015 14:12:17 +0200<br>Subject: Re: [lxc-users] Live Migration of a Container<br>On Tue, Feb 03, 2015 at 01:06:56PM +0100, Thouraya TH wrote:<br>
> Hello,<br>
><br>
> *1)* Please, can you explain details of these command:<br>
><br>
> $ sudo ./migrate u1 ubuntu@criu2.local<br>
><br>
> i try :<br>
> ./migrate u1 root@g-3.xxx.yyyyy.zz<br>
> Bad number of args.<br>
> -bash container <a href="mailto:user@host.to.migrate.to">user@host.to.migrate.to</a><br>
<br>
Hmm. Are you using the migrate script unmodified?<br>
<br>
> *2) *<br>
> Is there a tutorial that specifies the data that will be imported during<br>
> a migration of a container? only CRIU images?<br>
<br>
Both the CRIU images and the container disk will be moved; you can see<br>
this because there are two calls to do_rsync in the script.<br>
<br>
Tycho<br>
<br>
> Thanks a lot for help.<br>
><br>
> Best Regards.<br>
><br>
> Thouraya.<br>
<br>
> _______________________________________________<br>
> lxc-users mailing list<br>
> <a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br>
> <a href="http://lists.linuxcontainers.org/listinfo/lxc-users" target="_blank">http://lists.linuxcontainers.org/listinfo/lxc-users</a><br>
<br>
<br>
<br><br>---------- Message transféré ----------<br>From: Xavier Gendre <<a href="mailto:gendre.reivax@gmail.com">gendre.reivax@gmail.com</a>><br>To: <a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br>Cc: <br>Date: Wed, 04 Feb 2015 10:34:07 +0100<br>Subject: [lxc-users] Unprivileged containers on Debian Jessie<br>Hi,<br>
<br>
following the hints given by Serge Hallyn on the lxc-devel list, I managed to run an unprivileged container on my Debian Jessie \o/<br>
<br>
Now, I want to avoid handlings and get it works on startup. Thus, I set permanently kernel.unprivileged_userns_<u></u>clone to 1 and I create a systemd service to run the following script:<br>
<br>
#!/bin/bash<br>
<br>
echo 1 > /sys/fs/cgroup/cpuset/cgroup.<u></u>clone_children<br>
<br>
# Allowed users<br>
lxc_users="user1 user2"<br>
<br>
for u in $lxc_users; do<br>
for d in /sys/fs/cgroup/*; do<br>
mkdir -p $d/$u<br>
chown -R $u: $d/$u<br>
done<br>
done<br>
<br>
The only thing that I need now is to put a 'good' PID in the tasks files in order to be allowed to start my unprivileged containers. I can do that by login as an allowed user and by putting the PID of the current shell in my tasks file. But this solution is volatile and has to be done on each startup for each container :-/<br>
<br>
Is my approach good? Maybe there is a simpler solution to my problem... If this is the way, how can I put a valid PID in the tasks files of the allowed users on startup in order, for example, to autostart some unprivileged containers?<br>
<br>
Thanks,<br>
Xavier<br>
<br>
<br><br>---------- Message transféré ----------<br>From: Adam Gold <<a href="mailto:awg1@gmx.com">awg1@gmx.com</a>><br>To: <a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br>Cc: <br>Date: Wed, 04 Feb 2015 09:58:04 +0000<br>Subject: [lxc-users] unprivileged container with zfs backing<br>I'm trying to set up an unprivileged container with user lxcd using a<br>
zfs filesystem (equivalent of btrfs sub volume) for each container. I'm<br>
aware that for unprivilged container creation, zfs has to be manually<br>
created. My zfs file system is:<br>
<br>
zfs (the pool)<br>
zfs/lxc<br>
zfs/lxc/containers<br>
<br>
<br>
The above has been created using the 'zfs create ...' and I have run<br>
chown -R lxcd:lxcd ./lxc. The umask is the default 022.<br>
<br>
In ~/.config/lxc/lxc.conf I have: 'lxc.lxcpath = /zpool1/lxc/containers'<br>
In ~/.config/lxc/default.conf I have:<br>
lxc.id_map = u 0 100000 65536<br>
lxc.id_map = g 0 100000 65536<br>
lxc.network.type = veth<br>
lxc.network.link = lxcbr0<br>
lxc.network.flags = up<br>
<a href="http://lxc.network.name" target="_blank">lxc.network.name</a> = eth0<br>
lxc.network.hwaddr = 00:16:3e:xx:xx:xx<br>
<br>
Here's the problem: I try to create a container c1 with the zfs<br>
filesystem already in place so the first thing I do is run, as root,<br>
'zfs create zfs/lxc/containers/c1' and then chown -R lxcd:lxcd ./c1.<br>
<br>
I then run 'lxc-create -t download -n c1 -B dir — –dist ubuntu –release<br>
trusty –arch amd64' and get the following error:<br>
lxc_container: lxccontainer.c: create_partial: 164 Permission denied -<br>
Erorr creating partial file<br>
lxc_container: lxc_create.c: main: 271 Error creating container c1<br>
<br>
When I check, c1 directory is empty.<br>
<br>
I think this is zfs-lxc related (as opposed to just lxc) because if I<br>
remove the zfs/lxc/containers/c1 filesystem and run the same command<br>
which now attempts to create the container on a simple dir backing store<br>
there is no problem.<br>
<br>
I've also tried manually creating the directory rootfs underneath c1 and<br>
then running 'lxc-create -t download -n c1 -B dir --dir<br>
/zfs/lxc/containers/c1/rootfs — –dist ubuntu –release trusty –arch<br>
amd64' but I get the same error messages.<br>
<br>
I guess then, the only time it works in zfs, is when the location for<br>
creating containers is specified in ~/.config/lxc/lxc.conf and the<br>
rootfs directory of the new container is two dirs down from the root of<br>
the nearest zfs filesystem (in my example which works:<br>
zfs/lxc/containers is the specified location, the container rootfs is<br>
zfs/lxc/containers/c1/rootfs).<br>
<br>
In summary, I would like each unprivileged container to run on top of a<br>
new zfs filesystem which I create as root and assign relevant ownership<br>
to. Is this possible?<br>
<br>
<br><br>---------- Message transféré ----------<br>From: "Fajar A. Nugraha" <<a href="mailto:list@fajar.net">list@fajar.net</a>><br>To: LXC users mailing-list <<a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a>><br>Cc: <br>Date: Wed, 4 Feb 2015 17:10:36 +0700<br>Subject: Re: [lxc-users] unprivileged container with zfs backing<br><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Wed, Feb 4, 2015 at 4:58 PM, Adam Gold <span dir="ltr"><<a href="mailto:awg1@gmx.com" target="_blank">awg1@gmx.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">In summary, I would like each unprivileged container to run on top of a<br>
new zfs filesystem which I create as root and assign relevant ownership<br>
to. Is this possible?<br></blockquote><div><br></div><div>should be possible, BUT not with lxc-create.</div><div><br></div><div>The easiest method would probably be to create a "template" container for that particular user, and clone it manually (e.g. using zfs snapshot/clone, plus edit the config file manually). You already create the fs manually, so this workaround might be acceptable.</div><div><br></div><div>It might be a bug in lxc-create code which is beyond my abilities.</div><div><br></div><div>-- </div><div>Fajar</div></div></div></div>
<br><br>---------- Message transféré ----------<br>From: Adam Gold <<a href="mailto:awg1@gmx.com">awg1@gmx.com</a>><br>To: <a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br>Cc: <br>Date: Wed, 04 Feb 2015 10:46:06 +0000<br>Subject: Re: [lxc-users] unprivileged container with zfs backing<br><br>
<br>
On 04/02/2015 10:10, Fajar A. Nugraha wrote:<br>
> On Wed, Feb 4, 2015 at 4:58 PM, Adam Gold <<a href="mailto:awg1@gmx.com">awg1@gmx.com</a><br>
> <mailto:<a href="mailto:awg1@gmx.com">awg1@gmx.com</a>>> wrote:<br>
><br>
> In summary, I would like each unprivileged container to run on top of a<br>
> new zfs filesystem which I create as root and assign relevant ownership<br>
> to. Is this possible?<br>
><br>
><br>
> should be possible, BUT not with lxc-create.<br>
><br>
> The easiest method would probably be to create a "template" container<br>
> for that particular user, and clone it manually (e.g. using zfs<br>
> snapshot/clone, plus edit the config file manually). You already create<br>
> the fs manually, so this workaround might be acceptable.<br>
<br>
I've only ever created containers using lxc-create. Are you saying that<br>
I should manually create a template container at the root of a<br>
particular zfs filesystem (e.g. zfs/lxc/containers/c1) and then I simply<br>
use zfs clone to create each new container (and, of course, tweak the<br>
config)? If so, what's the best way to manually create a template in<br>
unprivileged mode to ensure all the subuids and subgids are assigned<br>
correctly.<br>
<br>
Also, for the additional containers that I get from zfs cloning, will<br>
they be recognised by 'lxc-* -n' commands?<br>
<br>
Thanks for your interest in this!<br>
<br>
<br>
<br>
<br>
<br><br>---------- Message transféré ----------<br>From: "Jäkel, Guido" <<a href="mailto:G.Jaekel@dnb.de">G.Jaekel@dnb.de</a>><br>To: "'<a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a>'" <<a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a>><br>Cc: <br>Date: Wed, 4 Feb 2015 10:59:07 +0000<br>Subject: Re: [lxc-users] [Marketing Mail] Re: unprivileged container with zfs backing<br>Dear Adam,<br>
<br>
>From: lxc-users [mailto:<a href="mailto:lxc-users-bounces@lists.linuxcontainers.org">lxc-users-bounces@lists.linuxcontainers.org</a>] On Behalf Of Adam Gold<br>
><br>
>I've only ever created containers using lxc-create. Are you saying that<br>
>I should manually create a template container at the root of a<br>
>particular zfs filesystem (e.g. zfs/lxc/containers/c1) and then I simply<br>
>use zfs clone to create each new container (and, of course, tweak the<br>
>config)? If so, what's the best way to manually create a template in<br>
>unprivileged mode to ensure all the subuids and subgids are assigned<br>
>correctly.<br>
><br>
>Also, for the additional containers that I get from zfs cloning, will<br>
>they be recognised by 'lxc-* -n' commands?<br>
<br>
You also have to clone and tweak the Container's configuration file, usual located at /etc/lxc/ . You'll see what is obvious to change - like the (nearly arbitrary) location of the containers rootfs.<br>
<br>
Guido<br>
<br><br>---------- Message transféré ----------<br>From: "Fajar A. Nugraha" <<a href="mailto:list@fajar.net">list@fajar.net</a>><br>To: LXC users mailing-list <<a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a>><br>Cc: <br>Date: Wed, 4 Feb 2015 18:01:50 +0700<br>Subject: Re: [lxc-users] unprivileged container with zfs backing<br><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Wed, Feb 4, 2015 at 5:46 PM, Adam Gold <span dir="ltr"><<a href="mailto:awg1@gmx.com" target="_blank">awg1@gmx.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span><br>
<br>
On 04/02/2015 10:10, Fajar A. Nugraha wrote:<br>
> On Wed, Feb 4, 2015 at 4:58 PM, Adam Gold <<a href="mailto:awg1@gmx.com" target="_blank">awg1@gmx.com</a><br>
</span><span>> <mailto:<a href="mailto:awg1@gmx.com" target="_blank">awg1@gmx.com</a>>> wrote:<br>
><br>
> In summary, I would like each unprivileged container to run on top of a<br>
> new zfs filesystem which I create as root and assign relevant ownership<br>
> to. Is this possible?<br>
><br>
><br>
> should be possible, BUT not with lxc-create.<br>
><br>
> The easiest method would probably be to create a "template" container<br>
> for that particular user, and clone it manually (e.g. using zfs<br>
> snapshot/clone, plus edit the config file manually). You already create<br>
> the fs manually, so this workaround might be acceptable.<br>
<br>
</span>I've only ever created containers using lxc-create. Are you saying that<br>
I should manually create a template container at the root of a<br>
particular zfs filesystem (e.g. zfs/lxc/containers/c1) and then I simply<br>
use zfs clone to create each new container (and, of course, tweak the<br>
config)?</blockquote><div><br></div><div>That is the best way that I know of.</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> If so, what's the best way to manually create a template in<br>
unprivileged mode to ensure all the subuids and subgids are assigned<br>
correctly.<br></blockquote><div><br></div><div>Create it using any normal method known to work. It should be OK when .local/share/lxc is on the same filesystem as $HOME, right?</div><div>After that, copy it manually to your template dataset (<span style="font-size:12.8px">zfs/lxc/containers/template ?) using "rsync -avP" or whatever tool of your choice. When you clone the template to a new directory, don't forget to change these settings manually in the new container config:</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">lxc.rootfs</span><br></div><div><span style="font-size:12.8px">lxc.utsname</span><br></div><div><div><span style="font-size:12.8px">lxc.network.hwaddr</span></div><div><span style="font-size:12.8px">lxc.network.veth.pair (if you use this)</span></div></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Also, for the additional containers that I get from zfs cloning, will<br>
they be recognised by 'lxc-* -n' commands?<br>
<br></blockquote><div><br></div><div>AFAIK most lxc commands simply reads whatever is under the directory, and doesn't really care what fs they are on.</div><div><br></div><div>-- </div><div>Fajar</div><div><br></div></div></div></div>
<br><br>---------- Message transféré ----------<br>From: "Fajar A. Nugraha" <<a href="mailto:list@fajar.net">list@fajar.net</a>><br>To: LXC users mailing-list <<a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a>><br>Cc: <br>Date: Wed, 4 Feb 2015 18:54:06 +0700<br>Subject: Re: [lxc-users] unprivileged container with zfs backing<br><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Wed, Feb 4, 2015 at 6:01 PM, Fajar A. Nugraha <span dir="ltr"><<a href="mailto:list@fajar.net" target="_blank">list@fajar.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><span>On Wed, Feb 4, 2015 at 5:46 PM, Adam Gold <span dir="ltr"><<a href="mailto:awg1@gmx.com" target="_blank">awg1@gmx.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br></blockquote></span><span><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> If so, what's the best way to manually create a template in<br>
unprivileged mode to ensure all the subuids and subgids are assigned<br>
correctly.<br></blockquote><div><br></div></span><div>Create it using any normal method known to work. It should be OK when .local/share/lxc is on the same filesystem as $HOME, right?</div><div>After that, copy it manually to your template dataset (<span style="font-size:12.8px">zfs/lxc/containers/template ?) using "rsync -avP" or whatever tool of your choice. When you clone the template to a new directory, don't forget to change these settings manually in the new container config:</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px"></span></div></div></div></div></blockquote><div><br></div><div><br></div><div>This is what I just tested. Environment:</div><div>- there's a system container called "template"</div><div>- user "user" is allowed to create its own container (including setting /etc/subuid)</div><div>- I want to copy the system container to user container</div><div><br></div><div>Current permissions:</div><div><div># grep user /etc/subuid</div><div>user:100000:65537<br></div><div><br></div><div># grep user /etc/subgid</div><div>user:100000:65537<br></div></div><div><br></div><div><div># ls -la /var/lib/lxc/template/</div><div>total 6</div><div>drwxr-xr-x 3 root root 4 Jul 10 2014 .</div><div>drwxr-xr-x 4 root root 4 Jan 22 19:26 ..</div><div>-rw-r--r-- 1 root root 691 Jul 10 2014 config</div><div>drwxr-xr-x 21 root root 21 Feb 4 18:32 rootfs</div></div><div><br></div><div><div># ls -la /home/user/.local/share/lxc/template/</div><div>total 6</div><div>drwxr-xr-x 3 user user 4 Feb 4 18:39 .</div><div>drwxr-xr-x 3 user user 4 Feb 4 18:37 ..</div><div>drwxr-xr-x 21 100000 100000 21 Feb 4 18:32 rootfs<br></div></div><div><br></div><div><div># df -h /home/user/.local/share/lxc/template/</div><div>Filesystem Size Used Avail Use% Mounted on</div><div>rpool/lxc/user/template 46G 164M 46G 1% /home/user/.local/share/lxc/template</div></div><div><br></div><div>Note that /home/user/.local/share/lxc/template/rootfs is EMPTY. The zfs datasets, owner, and permission were created/set by root.</div><div>I can then run this command to copy system's rootfs to users's rootfs, with the correct permissions:<br></div><div><br></div><div><div># tar -C /var/lib/lxc/template/rootfs -cf - . | su - user -c "lxc-usernsexec -- tar -C /home/user/.local/share/lxc/template/rootfs -xf - --exclude ./dev/*"</div><div><br></div><div>WARN: could not reopen tty: No such file or directory</div><div>tar: ./dev/log: socket ignored</div></div><div><br></div><div>Ignore the warning messages. Next step is to create /home/user/.local/share/lxc/template/config, like so:</div><div>###</div><div><div># Template used to create this container: /usr/share/lxc/templates/lxc-download</div><div># Parameters passed to the template: -d ubuntu -r trusty -a amd64</div><div># For additional config options, please look at lxc.conf(5)</div><div><br></div><div># Distribution configuration</div><div>lxc.include = /usr/share/lxc/config/ubuntu.common.conf</div><div>lxc.include = /usr/share/lxc/config/ubuntu.userns.conf</div><div>lxc.arch = x86_64</div><div><br></div><div># Container specific configuration</div><div>lxc.id_map = u 0 100000 65536</div><div>lxc.id_map = g 0 100000 65536</div><div>lxc.rootfs = /home/user/.local/share/lxc/template/rootfs</div><div>lxc.utsname = template</div><div><br></div><div># Network configuration</div><div>lxc.network.type = veth</div><div>lxc.network.veth.pair = veth-u-te-0</div><div>lxc.network.flags = up</div><div>lxc.network.link = br0</div><div>lxc.network.hwaddr = 00:16:3E:3A:53:E7</div></div><div>###</div><div><br></div><div>Note that I use br0, where the default bridge created by lxc is lxcbr0, so you need to make sure it's correct.</div><div><br></div><div>When creating another container for the same user "user", I can simply use zfs clone rpool/lxc/user/template. If I wanted to create container for another user (e.g. "user2"), then I need to repeat the "tar" method above as a different user (e.g. "| su - user2 -c ...")</div><div> <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><span><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Also, for the additional containers that I get from zfs cloning, will<br>
they be recognised by 'lxc-* -n' commands?<br>
<br></blockquote><div><br></div></span><div>AFAIK most lxc commands simply reads whatever is under the directory, and doesn't really care what fs they are on.</div><span><font color="#888888"><div><br></div></font></span></div></div></div></blockquote><div><br></div><div><br></div><div>After doing the above steps I can do this:</div><div><br></div><div><div>$ id</div><div>uid=1000(user) gid=1000(user) groups=1000(user),4(adm),6(disk),27(sudo)</div><div><br></div><div>$ lxc-ls -f</div><div>NAME STATE IPV4 IPV6 GROUPS AUTOSTART </div><div>------------------------------------------------</div><div>template STOPPED - - - NO </div><div><br></div><div>$ lxc-start -d -n template</div><div><br></div><div>$ lxc-ls -f</div><div>NAME STATE IPV4 IPV6 GROUPS AUTOSTART </div><div>-----------------------------------------------------------</div><div>template RUNNING 192.168.124.104 - - NO </div><div><br></div><div><div>$ lxc-attach -n template id</div><div>uid=0(root) gid=0(root) groups=0(root)</div></div><div><br></div><div>$ lxc-attach -n template ip ad li eth0<br></div><div>25: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000</div><div> link/ether 00:16:3e:3a:53:e7 brd ff:ff:ff:ff:ff:ff</div><div> inet <a href="http://192.168.124.104/24" target="_blank">192.168.124.104/24</a> brd 192.168.124.255 scope global eth0</div><div> valid_lft forever preferred_lft forever</div><div> inet6 fe80::216:3eff:fe3a:53e7/64 scope link </div><div> valid_lft forever preferred_lft forever</div><div><br></div><div>$ lxc-stop -n template</div><div><br></div><div>$ lxc-ls -f<br></div><div>NAME STATE IPV4 IPV6 GROUPS AUTOSTART </div><div>------------------------------------------------</div><div>template STOPPED - - - NO </div></div><div><br></div><div>-- </div><div>Fajar</div></div></div></div>
<br>_______________________________________________<br>
lxc-users mailing list<br>
<a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br>
<a href="http://lists.linuxcontainers.org/listinfo/lxc-users" target="_blank">http://lists.linuxcontainers.org/listinfo/lxc-users</a><br></blockquote></div><br></div></div></div></div>