<div dir="ltr">Hello All,<div><br></div><div>I am looking for kubernetes kinda solution for lxc containers, is there something available in nascent mode i am not aware of, could someone please enlighten me on the same.</div><div><br></div><div>Regs<br><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><a href="http://about.me/prasoonmajumdar" style="margin:0px;padding:0px;border:0px;outline:0px;font-size:14px;font-family:proxima-nova-1,proxima-nova-2,Tahoma,Helvetica,Verdana,sans-serif;vertical-align:baseline;color:rgb(58,169,233);text-decoration:none;line-height:18.200000762939453px" target="_blank"><table style="margin:0px;padding:0px;border:0px;outline:0px;font-weight:inherit;font-style:inherit;font-family:inherit;vertical-align:baseline;border-spacing:0px" border="0" cellpadding="0" cellspacing="0"><tbody style="margin:0px;padding:0px;border:0px;outline:0px;font-weight:inherit;font-style:inherit;font-family:inherit;vertical-align:baseline"><tr style="margin:0px;padding:0px;border:0px;outline:0px;font-weight:inherit;font-style:inherit;font-family:inherit;vertical-align:baseline"><td colspan="3" style="padding:0px;border:0px;outline:0px;font-style:inherit;font-size:0px;font-family:inherit;vertical-align:baseline;height:30px"> </td></tr><tr style="margin:0px;padding:0px;border:0px;outline:0px;font-weight:inherit;font-style:inherit;font-family:inherit;vertical-align:baseline"><td style="padding:0px;border:0px;outline:0px;font-style:inherit;font-family:inherit;vertical-align:top;line-height:1" align="left" valign="top"><div style="margin:0px;padding:0px;border:0px;outline:0px;font-weight:inherit;font-style:inherit;font-family:inherit;vertical-align:baseline"><img src="http://d3mod6n032mdiz.cloudfront.net/thumb2/p/r/a/prasoonmajumdar/prasoonmajumdar-105x70.jpg" alt="Prasoon Majumdar on about.me" style="margin:0px;padding:0px;border:1px solid rgb(238,238,238);outline:0px;font-weight:inherit;font-style:inherit;font-family:inherit;vertical-align:baseline;display:block" height="70" width="105"></div></td><td style="padding:0px;border:0px;outline:0px;font-style:inherit;font-size:0px;font-family:inherit;vertical-align:baseline;width:10px"> </td><td style="padding:0px 0px 3px;border:0px;outline:0px;font-style:inherit;font-family:inherit;vertical-align:bottom;line-height:1" align="left" valign="bottom"><div style="margin:0px;padding:0px;border:0px;outline:0px;font-weight:bold;font-style:inherit;font-size:18px;font-family:proxima-nova-1,Proxima-Nova,Helvetica,Arial,sans-serif;vertical-align:baseline;line-height:1;color:rgb(51,51,51)">Prasoon Majumdar</div><div style="margin:1px 0px 0px;padding:0px;border:0px;outline:0px;font-weight:inherit;font-style:inherit;font-size:12px;font-family:proxima-nova-1,Proxima-Nova,Helvetica,Arial,sans-serif;vertical-align:baseline;color:rgb(43,130,173)">about.me/prasoonmajumdar</div></td></tr><tr style="margin:0px;padding:0px;border:0px;outline:0px;font-weight:inherit;font-style:inherit;font-family:inherit;vertical-align:baseline"><td colspan="3" style="padding:0px;border:0px;outline:0px;font-style:inherit;font-size:0px;font-family:inherit;vertical-align:baseline;height:20px"> </td></tr></tbody></table></a><h2 style="line-height:25px"><font color="#990000" face="tahoma, sans-serif" size="1"><i>This is ten percent luck, twenty percent skill<br>
Fifteen percent concentrated power of will<br>
Five percent pleasure, fifty percent pain<br>
And a hundred percent reason to remember the name</i></font></h2><br> <a style="color:rgb(0,51,153)" href="http://www.metrolyrics.com/remember-the-name-lyrics-fort-minor.html#ixzz3UGL1XuZV" target="_blank">Fort Minor - Remember The Name </a></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On 12 July 2016 at 17:30, <span dir="ltr"><<a href="mailto:lxc-users-request@lists.linuxcontainers.org" target="_blank">lxc-users-request@lists.linuxcontainers.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Send lxc-users mailing list submissions to<br>
<a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="http://lists.linuxcontainers.org/listinfo/lxc-users" rel="noreferrer" target="_blank">http://lists.linuxcontainers.org/listinfo/lxc-users</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:lxc-users-request@lists.linuxcontainers.org">lxc-users-request@lists.linuxcontainers.org</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:lxc-users-owner@lists.linuxcontainers.org">lxc-users-owner@lists.linuxcontainers.org</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of lxc-users digest..."<br>
<br>Today's Topics:<br>
<br>
1. Re: LXD containers with dual nic (<a href="mailto:steve@linuxsuite.org">steve@linuxsuite.org</a>)<br>
2. Re: move unprivileged containers - uid/gid map<br>
(Benoit GEORGELIN - Association Web4all)<br>
3. Re: LXD containers with dual nic (Giuseppe)<br>
4. Re: LXD containers with dual nic (Giuseppe)<br>
5. Re: LXD containers with dual nic (Giuseppe)<br>
<br><br>---------- Forwarded message ----------<br>From: <a href="mailto:steve@linuxsuite.org">steve@linuxsuite.org</a><br>To: LXC users mailing-list <<a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a>><br>Cc: <br>Date: Mon, 11 Jul 2016 09:52:53 -0400<br>Subject: Re: [lxc-users] LXD containers with dual nic<br>> Hi all,<br>
> I'm trying to configure a LXD container with two nics but the second one<br>
> cannot reach the external network. Here is my config:<br>
><br>
><br>
> Both IP addresses are statically configured in the container, the first in<br>
> the 192.168.1.0 subnet and the second in the 10.10.0.0 subnet. The first<br>
> nic<br>
> works well, I can ssh from external network. The second one can ping only<br>
> the LXD host address and viceversa. The LXD host address can ping everyone<br>
> on the 10.10.0.0 network.<br>
><br>
<br>
What do you mean by "statically configured in the<br>
container"??<br>
<br>
At least on 1.08 this not necessary, and is probably a bad<br>
idea.<br>
<br>
the entry in the container config should be enough..<br>
<br>
-steve<br>
<br>
<br>
> What's wrong in my config? Any suggestion?<br>
><br>
> _______________________________________________<br>
> lxc-users mailing list<br>
> <a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br>
> <a href="http://lists.linuxcontainers.org/listinfo/lxc-users" rel="noreferrer" target="_blank">http://lists.linuxcontainers.org/listinfo/lxc-users</a><br>
<br>
<br>
<br>
<br><br>---------- Forwarded message ----------<br>From: Benoit GEORGELIN - Association Web4all <<a href="mailto:benoit.georgelin@web4all.fr">benoit.georgelin@web4all.fr</a>><br>To: lxc-users <<a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a>><br>Cc: <br>Date: Mon, 11 Jul 2016 16:34:10 +0200 (CEST)<br>Subject: Re: [lxc-users] move unprivileged containers - uid/gid map<br><div><div style="font-family:arial,helvetica,sans-serif;font-size:10pt;color:#000000"><div>Hello Fajar,</div><div><br></div><div>Thanks , "<span style="color:#000000;font-family:arial,helvetica,sans-serif;font-size:13.3333px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;display:inline!important;float:none;background-color:#ffffff">fuidshift" is what I was looking for :)<br>It's working . I already made my own script to move it from one host (LXC) to the other one (LXD) . I guess the one that you were talking about is : <a href="https://github.com/lxc/lxd/blob/master/scripts/lxc-to-lxd" target="_blank">https://github.com/lxc/lxd/blob/master/scripts/lxc-to-lxd</a></span></div><div><span style="color:#000000;font-family:arial,helvetica,sans-serif;font-size:13.3333px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;display:inline!important;float:none;background-color:#ffffff"><br></span></div><div><span style="color:#000000;font-family:arial,helvetica,sans-serif;font-size:13.3333px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;display:inline!important;float:none;background-color:#ffffff">Have a nice day</span></div><div><br></div><div><div><span style="color:rgb(51,51,51);font-family:times new roman,new york,times,serif">Cordialement,</span><span style="color:rgb(51,51,51);font-family:times new roman,new york,times,serif;font-weight:bold"><span style="color:rgb(51,51,51);font-family:times new roman,new york,times,serif;font-weight:bold"><br></span></span></div><div><br></div><div><span style="color:rgb(51,51,51);font-family:times new roman,new york,times,serif;font-weight:bold">Benoît</span><span style="color:rgb(51,51,51);font-family:times new roman,new york,times,serif;font-weight:bold"><br></span></div></div><br><hr><div><b>De: </b>"Fajar A. Nugraha" <<a href="mailto:list@fajar.net" target="_blank">list@fajar.net</a>><br><b>À: </b>"lxc-users" <<a href="mailto:lxc-users@lists.linuxcontainers.org" target="_blank">lxc-users@lists.linuxcontainers.org</a>><br><b>Envoyé: </b>Lundi 11 Juillet 2016 02:16:34<br><b>Objet: </b>Re: [lxc-users] move unprivileged containers - uid/gid map<br></div><br><div><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Sun, Jul 10, 2016 at 7:20 AM, Benoit GEORGELIN - Association Web4all <span dir="ltr"><<a href="mailto:benoit.georgelin@web4all.fr" target="_blank">benoit.georgelin@web4all.fr</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid #cccccc;padding-left:1ex"><div><div style="font-family:arial,helvetica,sans-serif;font-size:10pt;color:#000000"><div>Hi,</div><br><div>I'm looking to move unprivileged containers from one host to another. <br>I'm actually moving pure LXC containers to a new LXD/LXC host</div><br><div>I would like to know how should I deal with the uid/gid inside the container.</div><div>The root uid/gid is différent on the new host. But I can simply remplace the old UID/GUID by the new one with a find request but how should I do with the other users id used inside the container ?</div><br></div></div></blockquote><br><div>use fuidshift from lxd-tools package</div><br><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid #cccccc;padding-left:1ex"><div><div style="font-family:arial,helvetica,sans-serif;font-size:10pt;color:#000000"><div>I did not understand where the uid/gid map is done </div><div><br>Inside the container</div><div>root@w4a:~# id ubuntu<br>uid=1000(ubuntu) gid=1000(ubuntu) </div><br><div>Folder :</div><div>drwxr-xr-x 2 ubuntu ubuntu 6 Jul 8 23:17 ubuntu</div><br><div>Outside the container </div><div>drwxr-xr-x 2 166536 166536 6 Jul 8 23:17 ubuntu</div><br><div>How the system know about uid/gid 1000 inside container = uid/gid <span style="color:#000000;font-family:arial,helvetica,sans-serif;font-size:13.3333px;font-style:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important;background-color:#ffffff">166536 outside the container </span></div><div>It look like root uid = 165536 outside the container and it is defined by lxc configuration <br>id 1000 inside the container will be root uid + user id , so 165536 + 1000 = <span style="color:#000000;font-family:arial,helvetica,sans-serif;font-size:13.3333px;font-style:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important;background-color:#ffffff">166536 </span></div><div><span style="color:#000000;font-family:arial,helvetica,sans-serif;font-size:13.3333px;font-style:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important;background-color:#ffffff"><br></span></div></div></div></blockquote><br><div>yes</div><br><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid #cccccc;padding-left:1ex"><div><div style="font-family:arial,helvetica,sans-serif;font-size:10pt;color:#000000"><div><span style="color:#000000;font-family:arial,helvetica,sans-serif;font-size:13.3333px;font-style:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important;background-color:#ffffff"></span></div><div><span style="color:#000000;font-family:arial,helvetica,sans-serif;font-size:13.3333px;font-style:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important;background-color:#ffffff">But what is two container have a user uid 100 ? they will both avec the same uid outside the container ? </span></div><div><span style="color:#000000;font-family:arial,helvetica,sans-serif;font-size:13.3333px;font-style:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important;background-color:#ffffff"><br></span></div></div></div></blockquote><br><div>short version, yes.</div><br><div> <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid #cccccc;padding-left:1ex"><div><div style="font-family:arial,helvetica,sans-serif;font-size:10pt;color:#000000"><div><span style="color:#000000;font-family:arial,helvetica,sans-serif;font-size:13.3333px;font-style:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important;background-color:#ffffff"></span></div><div><span style="font-size:13.3333px">About migrate the container from, how should I manage it ?</span></div><div><span style="font-size:13.3333px">Should I re-do the mapping myself ? Like looking into /etc/passwd inside the container then use the root uid + the id found for that user in /etc/passwd and replace the old uid/gid by the new one ? Maybe there is faster/better solution ?</span></div><div><span style="font-size:13.3333px"><br></span></div></div></div></blockquote><br><div>Don't mess with passwd/group inside the container. Just use fuidshift.</div><br><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid #cccccc;padding-left:1ex"><div><div style="font-family:arial,helvetica,sans-serif;font-size:10pt;color:#000000"><div><span style="font-size:13.3333px"></span></div><div><span style="font-size:13.3333px">I was looking to add an uid/gid mapping to match the container configuration as it was before, but it does not look to work </span></div><div><span style="font-size:13.3333px"><br></span></div><div><span style="font-size:13.3333px">I have this as an example in a config file dedicated for the container on the LXC pure host. </span></div><div><span style="font-size:13.3333px"># Container specific configuration<br>lxc.id_map = u 0 951968 65536<br>lxc.id_map = g 0 951968 65536<br></span></div><div><span style="font-size:13.3333px"><br></span></div><div>Here is what I did to the new host : </div><div>cat /etc/subuid<br>gxd:100000:65536<br>root:165536:65536<br>root:951968:65536<br></div><br></div></div></blockquote><br><br><div>The easiest way is to NOT change anything. lxd currently only supports one uid range for unpriv containers. Undo your changes.</div><br><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid #cccccc;padding-left:1ex"><div><div style="font-family:arial,helvetica,sans-serif;font-size:10pt;color:#000000"><div>I also tried to set lxc.raw </div><br><div>cat << EOF |lxc config set test-ct raw.lxc -<br>lxc.id_map = u 0 <span style="color:#000000;font-family:arial,helvetica,sans-serif;font-size:13.3333px;font-style:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important;background-color:#ffffff">951968 65536</span><br>lxc.id_map = g 0 <span style="color:#000000;font-family:arial,helvetica,sans-serif;font-size:13.3333px;font-style:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important;background-color:#ffffff">951968 65536</span><br>EOF<br></div><div><span style="font-size:13.3333px"><br></span></div><div><span style="font-size:13.3333px">But in that case, container does't start.</span></div><div><span style="font-size:13.3333px"><br></span></div></div></div></blockquote><br></div><br></div><div class="gmail_extra">... which, as you've found out, doesn't work.</div><div class="gmail_extra"><br></div><div class="gmail_extra"><br></div><div class="gmail_extra">There's a script to convert lxc -> lxd somewhere on this list, but I usually do things manually:</div><div class="gmail_extra">(1) create a container in lxd. Start it, stop it, then look at its uid mapping (i.e. "which u/gid owns /var/lib/lxd/containers/container_name/rootfs")</div><div class="gmail_extra">(2) use fuidshift with "-r" to shift your lxc container u/gid back to privileged, using the starting u/gid value in your original lxc config (should be <span style="color:#000000;font-family:arial,helvetica,sans-serif;font-size:13.3333px">951968)</span></div><div class="gmail_extra"><span color="#000000" face="arial, helvetica, sans-serif" style="color:#000000;font-family:arial,helvetica,sans-serif"><span style="font-size:13.3333px">(3) use fuidshift again, but this time without "-r", to shift your lxc container to unprivileged, using the starting u/gid value from (1)</span></span></div><div class="gmail_extra"><span color="#000000" face="arial, helvetica, sans-serif" style="color:#000000;font-family:arial,helvetica,sans-serif"><span style="font-size:13.3333px">(4) move your new lxd container's original rootfs somewhere else (or delete it if you want), then replace it with rootfs from (3)</span></span></div><div class="gmail_extra"><span color="#000000" face="arial, helvetica, sans-serif" style="color:#000000;font-family:arial,helvetica,sans-serif"><span style="font-size:13.3333px">(5) start your lxd containers</span></span></div><div class="gmail_extra"><br></div><div class="gmail_extra">-- </div><div class="gmail_extra">Fajar</div></div>
<br>_______________________________________________<br>lxc-users mailing list<br><a href="mailto:lxc-users@lists.linuxcontainers.org" target="_blank">lxc-users@lists.linuxcontainers.org</a><br><a href="http://lists.linuxcontainers.org/listinfo/lxc-users" target="_blank">http://lists.linuxcontainers.org/listinfo/lxc-users</a><br></div></div></div><br><br>---------- Forwarded message ----------<br>From: Giuseppe <<a href="mailto:gcesab@gmail.com">gcesab@gmail.com</a>><br>To: <a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br>Cc: <br>Date: Tue, 12 Jul 2016 05:27:43 +0000 (UTC)<br>Subject: Re: [lxc-users] LXD containers with dual nic<br>> What do you mean by "statically configured in the<br>
> container"??<br>
><br>
> At least on 1.08 this not necessary, and is probably a bad<br>
> idea.<br>
><br>
> the entry in the container config should be enough..<br>
><br>
> -steve<br>
<br>
I mean that in containers both nic are defined "BOOTPROTO=static" in Centos<br>
and "iface ethx inet static" in Ubuntu. I think it's a routing problem on<br>
the second bridge. I'll try to use the 10Gbe nic only, I'm pretty sure it<br>
will work.<br>
<br>
Giuseppe<br>
<br>
<br>
<br>
<br>
<br>
<br><br>---------- Forwarded message ----------<br>From: Giuseppe <<a href="mailto:gcesab@gmail.com">gcesab@gmail.com</a>><br>To: <a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br>Cc: <br>Date: Tue, 12 Jul 2016 05:35:41 +0000 (UTC)<br>Subject: Re: [lxc-users] LXD containers with dual nic<br>> A good starting question is "is your network configured the same".<br>
Sometimes there are anti spoofing or MAC-limitation rule so that one switch<br>
"port" only allows one MAC or one IP address only.<br>
> One such example is networking in amazon EC2. Your network admin might<br>
enforce the same rule on your 10G switch.<br>
><br>
> Testing it somewhat difficult though. Perhaps install virtualbox, and set<br>
it to use bridge networking on your problematic interface?<br>
<br>
The only difference in the networks is that the 10Gbe one has a 9000 mtu,<br>
but I tried also with 1500 and nothing changed. This is an home lab, so I am<br>
the network administrator. At vSphere level the switches are identical, the<br>
only difference is physical nic speed.<br>
<br>
Giuseppe<br>
<br>
<br>
<br>
<br>
<br>
<br><br>---------- Forwarded message ----------<br>From: Giuseppe <<a href="mailto:gcesab@gmail.com">gcesab@gmail.com</a>><br>To: <a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br>Cc: <br>Date: Tue, 12 Jul 2016 09:21:27 +0000 (UTC)<br>Subject: Re: [lxc-users] LXD containers with dual nic<br>Solved<br>
<br>
I believed virtual network switches was identical but the 10Gbe one had the<br>
promiscuous mode rejected. Setting it to accept and everything go.<br>
<br>
Thanks all<br>
<br>
Giuseppe<br>
<br>
<br>
<br>
<br>
<br>_______________________________________________<br>
lxc-users mailing list<br>
<a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br>
<a href="http://lists.linuxcontainers.org/listinfo/lxc-users" rel="noreferrer" target="_blank">http://lists.linuxcontainers.org/listinfo/lxc-users</a><br></blockquote></div><br></div></div></div>