<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Thu, Dec 3, 2015 at 9:27 PM, Peter Steele <span dir="ltr"><<a href="mailto:pwsteele@gmail.com" target="_blank">pwsteele@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><span class="">
On 12/02/2015 08:47 PM, Fajar A. Nugraha wrote:<br>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">On Thu, Dec 3, 2015 at 1:14 AM, Peter
Steele <span dir="ltr"><<a href="mailto:pwsteele@gmail.com" target="_blank">pwsteele@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><span> <tt><br>
</tt>
<div><tt>On 12/02/2015 07:23 AM, Fajar A. Nugraha
wrote:</tt><tt><br>
</tt></div>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote"><tt>On Wed, Dec 2, 2015
at 9:49 PM, Peter Steele </tt><tt><span dir="ltr"><<a href="mailto:pwsteele@gmail.com" target="_blank">pwsteele@gmail.com</a>></span></tt><tt>
wrote:</tt><tt><br>
</tt>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><tt><span>
On 12/01/2015 08:25 PM, Fajar A.
Nugraha wrote:<br>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">Is
there a reason why you can't
install a centos7 container
using the download template?
It would've been MUCH easier,
and some of the things you
asked wouldn't even be an
issue.</div>
</div>
</div>
</blockquote>
</span></tt><tt><br>
</tt></div>
</blockquote>
</div>
</div>
</div>
</blockquote>
</span></div>
</blockquote>
<div><br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><tt>lxc-create -t
centos -n test1</tt><tt><br>
</tt><tt><br>
</tt><tt>to create a container using the centos default
settings. The resulting config file doesn't look a
whole lot different than my manually crafted version.
</tt></div>
</blockquote>
<div><br>
</div>
<div><br>
</div>
<div>You DID notice that repeatedly say "DOWNLOAD template"?
as in someting like</div>
<div><br>
</div>
<div># lxc-create -t download -n c7 -- -d centos -r 7 -a
amd64</div>
<div><br>
</div>
</div>
</div>
</div>
</blockquote></span>
The template was downloaded automatically when I ran the lxc-create
command the first time. Is there a difference in how the download is
done using the command you've listed above?<span class=""><br>
<br></span></div></blockquote><div><br></div><div><br></div><div>centos template -> download lost of packages (i.e. RPM) one by one using yum, and then install it</div><div><br></div><div>download template -> download one big tar.xz file (plus several small config files), and then extract it. MUCH faster, and works for unpriv containers as well (not sure what the current state of unpriv containers on centos though)</div><div><br></div><div>However I was actually more concerned about the fact that the templates are maintained separately, so there could be some difference in the resulting container/config. The download template works (I've tested it), while (based on your previous output) the centos template doesn't provide the desired /dev entries.</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000"><span class=""><blockquote type="cite"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div><br>
</div>
<div>The alternative is to configure your own bridge and
configure your containers to use that. After you get the
bridge working, you can start and monitor its boot
progress with something like this:</div>
<div><br>
</div>
</div>
</div>
</div>
</blockquote></span>
That's exactly what I did. I realized this later that the default
centos container assumes you have a lxcbr0 defined (I had hit this
issue before). My servers use br0 so I just changed my test
container's config and it came up fine. Most importantly, the udev
service was not running. So I tweaked the lxc config I had in my
custom install process to more closely match what was used in my
standalone test and my containers are now coming up fine, or at
least udev is no longer running. The /dev directory still has more
entries than my libvirt containers (for example, /dev/snd is still
present), but at least there are no udev errors in
/var/log/messages. <br>
<br></div></blockquote><div><br></div><div><br></div><div>Which is why I suggested the download template. </div><div><br></div><div>I also tested using the resulting config with rootfs replaced by a "native" centos7 install (to be exact, a disk clone of minimal centos7 install on virtualbox), still result in the desired /dev entries (i.e. minimal /dev entries, no /dev/snd).</div><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000">
There *are* other issues (our software isn't running properly), but
I think the major container issues have been resolved.</div></blockquote><div><br></div><div><br></div><div>Which is?</div><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000"> I changed a
few things, including the version of LXC that I'm using, so it's
hard to say what the culprit was with regards to this udev issue.<span class=""><br>
<br></span></div></blockquote><div><br></div><div><br></div><div>IIRC systemd containers are only supported on lxc-1.1.x, so upgrading lxc probably has a big part in that.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000"><span class=""><blockquote type="cite"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div><br>
</div>
<div>If you DO manage to get lxcfs installed and working
later (disclaimer: I've only use it on ubuntu and debian),
you'll be able to get some additional benefits like the
container only seeing its allocated resources (set using
"lxc.cgroup" settings on lxc config file). For example, if
"lxc.cgroup.cpuset.cpus = 0", then the container will only
use cpu0, and "htop" or "cat /proc/cpuinfo" will only show
1 cpu even when your host has multiple cpus.</div>
<br>
</div>
</div>
</div>
</blockquote></span>
That would definitely be nice. Libvirt does a reasonably good job in
this area but it is far from complete, with /proc/cpuinfo being one
of the weak points. I'll definitely have to check out lxcfs.<br>
<br></div></blockquote><div><br></div><div><br></div><div>It should be easier now since latest lxcfs shouldn't need cgmanager anymore.</div><div><br></div><div>And the usual generic suggestion, if you encounter kernel or namespace-related problems, testing latest kernel from kernel-ml (<a href="http://elrepo.org/tiki/kernel-ml">http://elrepo.org/tiki/kernel-ml</a>) might help.</div><div><br></div><div>-- </div><div>Fajar</div></div></div></div>