<div dir="ltr"><div><div>Hi,<br></div>Thank you so much for answer :)</div><div>It did'nt work for me.</div><div><br></div><div>lxc config set workerTest limits.cpu 2</div><div><br></div><div>No command 'lxc' found, did you mean:<br> Command 'lpc' from package 'cups-bsd' (main)<br> Command 'lpc' from package 'lpr' (universe)<br> Command 'lpc' from package 'lprng' (universe)<br> Command 'axc' from package 'afnix' (universe)<br> Command 'llc' from package 'llvm' (universe)<br> Command 'lc' from package 'mono-devel' (main)<br>lxc: command not found</div><div><br></div><div><br></div>Best regards. <br></div><div class="gmail_extra"><br><div class="gmail_quote">2017-11-07 13:00 GMT+01:00 <span dir="ltr"><<a href="mailto:lxc-users-request@lists.linuxcontainers.org" target="_blank">lxc-users-request@lists.linuxcontainers.org</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Send lxc-users mailing list submissions to<br>
<a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.<wbr>linuxcontainers.org</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="http://lists.linuxcontainers.org/listinfo/lxc-users" rel="noreferrer" target="_blank">http://lists.linuxcontainers.<wbr>org/listinfo/lxc-users</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:lxc-users-request@lists.linuxcontainers.org">lxc-users-request@lists.<wbr>linuxcontainers.org</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:lxc-users-owner@lists.linuxcontainers.org">lxc-users-owner@lists.<wbr>linuxcontainers.org</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of lxc-users digest..."<br>
<br>Today's Topics:<br>
<br>
1. Race condition in IPv6 network configuration (MegaBrutal)<br>
2. Number of core for a container (Thouraya TH)<br>
3. Re: Number of core for a container (Renato dos Santos)<br>
4. Re: Number of core for a container (Stéphane Graber)<br>
5. Re: Race condition in IPv6 network configuration (Marat Khalili)<br>
6. Re: Race condition in IPv6 network configuration (MegaBrutal)<br>
7. Re: Race condition in IPv6 network configuration (Marat Khalili)<br>
<br><br>---------- Message transféré ----------<br>From: MegaBrutal <<a href="mailto:megabrutal@gmail.com">megabrutal@gmail.com</a>><br>To: LXC users mailing-list <<a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a>><br>Cc: <br>Bcc: <br>Date: Mon, 6 Nov 2017 14:15:00 +0100<br>Subject: [lxc-users] Race condition in IPv6 network configuration<br>Hi all,<br>
<br>
I experience an annoying race condition when my LXC container's<br>
network interface comes up. By default, nodes are expected to<br>
configure themselves with Router Advertisements; but for some<br>
containers, I'd prefer to set a static address. In these containers, I<br>
use a static configuration in /etc/network/interfaces, and explicitly<br>
disable RAs. Yet somehow, these containers configure themselves<br>
through RA before the static configuration would occur. Then the<br>
static address is added, but the default route acquired from RA stays<br>
there. Then as RAs get disabled, this default route expires after<br>
time, and the host remains without a default route. Then I receive<br>
ping test fail alerts on my monitoring system... If I reboot the<br>
container multiple times, once I'll get lucky and the interface<br>
configuration happens before an RA is received, and I get a permanent<br>
default route and everything's fine. But it's annoying because I have<br>
to reboot the container multiple times before it happens.<br>
<br>
What am I doing wrong?<br>
<br>
Here is my LXC config file:<br>
<br>
# Template used to create this container: /usr/share/lxc/templates/lxc-<wbr>ubuntu<br>
# Parameters passed to the template: -S /home/megabrutal/.ssh/id_rsa.<wbr>pub<br>
# For additional config options, please look at lxc.conf(5)<br>
<br>
# Common configuration<br>
lxc.include = /usr/share/lxc/config/ubuntu.<wbr>common.conf<br>
<br>
# Container specific configuration<br>
lxc.start.auto = 1<br>
lxc.rootfs.path = /dev/vmdata-vg/lxc-reverse<br>
lxc.rootfs.options = subvol=@reverse<br>
<a href="http://lxc.uts.name" rel="noreferrer" target="_blank">lxc.uts.name</a> = reverse<br>
lxc.arch = amd64<br>
<br>
# Network configuration<br>
lxc.net.0.type = veth<br>
lxc.net.0.hwaddr = 00:16:3e:7b:9e:b4<br>
#lxc.net.0.flags = up<br>
lxc.net.0.link = br0<br>
<br>
<br>
Take a note how I explicitly commented out the net flags, as I don't<br>
want the interface to be in UP state when the container starts; I want<br>
the container to configure its interface for itself. At first, I<br>
thought commenting out "lxc.net.0.flags = up" would solve the issue,<br>
and sure it did help something, because at least now the configuration<br>
SOMETIMES works as intended. Before that, the static configuration<br>
never succeeded.<br>
<br>
Here is /etc/network/interfaces from within the container:<br>
<br>
# This file describes the network interfaces available on your system<br>
# and how to activate them. For more information, see interfaces(5).<br>
<br>
# The loopback network interface<br>
auto lo<br>
iface lo inet loopback<br>
<br>
auto eth0<br>
iface eth0 inet dhcp<br>
<br>
iface eth0 inet6 static<br>
address 2001:xxxx:xxxx:xxxx:xxxx:xxxx:<wbr>xxxx:xxxx<br>
netmask 64<br>
gateway fe80::xxxx:xxxx:xxxx:xxxx<br>
autoconf 0<br>
accept_ra 0<br>
<br>
<br>
So I want the container to receive its IPv4 address through DHCP and<br>
have a static IPv6 configuration at the same time. What is the best<br>
practice for this without race conditions with RA?<br>
<br>
Note: I use the old LXC interface / tools, have no plans to migrate to LXD yet.<br>
Thanks for your help in advance!<br>
<br>
<br>
Regards,<br>
MegaBrutal<br>
<br>
<br><br>---------- Message transféré ----------<br>From: Thouraya TH <<a href="mailto:thouraya87@gmail.com">thouraya87@gmail.com</a>><br>To: LXC users mailing-list <<a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a>><br>Cc: <br>Bcc: <br>Date: Mon, 6 Nov 2017 19:40:03 +0100<br>Subject: [lxc-users] Number of core for a container<br><div dir="ltr"><div><div>Hi all,<br><br></div><div>Please, how can i fix number of cores (CPU) for a container when i use lxc-create or lxc-clone ?<br></div><div><br></div>Thanks a lot for help.<br></div>Best reagrds. <br><div><br></div></div>
<br><br>---------- Message transféré ----------<br>From: Renato dos Santos <<a href="mailto:renato.santos@wplex.com.br">renato.santos@wplex.com.br</a>><br>To: <a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br>Cc: <br>Bcc: <br>Date: Mon, 6 Nov 2017 17:20:32 -0200<br>Subject: Re: [lxc-users] Number of core for a container<br>
<div text="#000000" bgcolor="#FFFFFF">
<p>Hi Thouraya,</p>
<p>You can use this after create the container:<br>
</p>
Set the container to use any 2 CPUs on the host.<br>
<br>
$ lxc config set your-container limits.cpu 2<br>
<br>
Set the container to use physical CPU 0, 3, 7, 8 and 9 on the host.<br>
<br>
$ lxc config set your-container limits.cpu 0,3,7-9<br>
<br>
Set the container to use 20% of the available CPU on the host or
more if it’s available.<br>
<br>
$ lxc config set your-container limits.cpu.allowance 20%<br>
<br>
Set the container to use no more than 50% of the available CPU on
the host, or 100ms for every 200ms of CPU time available.<br>
<br>
$ lxc config set your-container limits.cpu.allowance 100ms/200ms<br>
<br>
other option, use the profile.<br>
<br>
<br>
<div class="m_-1143121915652904559moz-cite-prefix">On 06/11/2017 16:40, Thouraya TH wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>
<div>Hi all,<br>
<br>
</div>
<div>Please, how can i fix number of cores (CPU) for a
container when i use lxc-create or lxc-clone ?<br>
</div>
<div><br>
</div>
Thanks a lot for help.<br>
</div>
Best reagrds. <br>
<div><br>
</div>
</div>
<br>
<fieldset class="m_-1143121915652904559mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>_________________
lxc-users mailing list
<a class="m_-1143121915652904559moz-txt-link-abbreviated" href="mailto:lxc-users@lists.linuxcontainers.org" target="_blank">lxc-users@lists.<wbr>linuxcontainers.org</a>
<a class="m_-1143121915652904559moz-txt-link-freetext" href="http://lists.linuxcontainers.org/listinfo/lxc-users" target="_blank">http://lists.linuxcontainers.<wbr>org/listinfo/lxc-users</a></pre>
</blockquote>
<br>
<div class="m_-1143121915652904559moz-signature">-- <br>
<div style="font-family:Trebuchet MS,Arial,Helvetica,sans-serif;vertical-align:baseline;line-height:18px;font-size:12px;color:#666;clear:right;width:100%">
<span style="color:#333">Renato dos Santos</span><br>
Analista de Infraestrutura<br>
<br>
48 3239-2400 Pabx<br>
<span style="display:inline-block;padding-top:10px">WPLEX
Software Ltda.</span><br>
<span style="font-size:12px">Rodovia SC 401, 8600 Corporate
Park Bloco 5 Sala 101<br>
88050-000 Santo Antônio de Lisboa, Florianópolis SC<br>
<a href="http://wplex.com.br" style="text-decoration:none;color:#333" target="_blank">wplex.com.br</a><br>
</span>
<img src="http://www.wplex.com.br/logo_mail.png" style="margin-top:6px;margin-bottom:21px;float:none;clear:right" alt="WPLEX" border="0" align="left">
</div>
</div>
</div>
<br><br>---------- Message transféré ----------<br>From: "Stéphane Graber" <<a href="mailto:stgraber@ubuntu.com">stgraber@ubuntu.com</a>><br>To: LXC users mailing-list <<a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a>><br>Cc: <br>Bcc: <br>Date: Mon, 6 Nov 2017 14:23:12 -0500<br>Subject: Re: [lxc-users] Number of core for a container<br>Those instructions are for LXD, not for low level LXC.<br>
<br>
For LXC, you'd need to use the lxc.cgroup.cpuset config keys to directly<br>
configure the cpuset cgroup.<br>
<br>
Note that since LXC doesn't have a long running manager like LXD does,<br>
you're going to need to do the scheduling/balancing of those containers<br>
yourself.<br>
<br>
On Mon, Nov 06, 2017 at 05:20:32PM -0200, Renato dos Santos wrote:<br>
> Hi Thouraya,<br>
><br>
> You can use this after create the container:<br>
><br>
> Set the container to use any 2 CPUs on the host.<br>
><br>
> $ lxc config set your-container limits.cpu 2<br>
><br>
> Set the container to use physical CPU 0, 3, 7, 8 and 9 on the host.<br>
><br>
> $ lxc config set your-container limits.cpu 0,3,7-9<br>
><br>
> Set the container to use 20% of the available CPU on the host or more if<br>
> it’s available.<br>
><br>
> $ lxc config set your-container limits.cpu.allowance 20%<br>
><br>
> Set the container to use no more than 50% of the available CPU on the host,<br>
> or 100ms for every 200ms of CPU time available.<br>
><br>
> $ lxc config set your-container limits.cpu.allowance 100ms/200ms<br>
><br>
> other option, use the profile.<br>
><br>
><br>
> On 06/11/2017 16:40, Thouraya TH wrote:<br>
> > Hi all,<br>
> ><br>
> > Please, how can i fix number of cores (CPU) for a container when i use<br>
> > lxc-create or lxc-clone ?<br>
> ><br>
> > Thanks a lot for help.<br>
> > Best reagrds.<br>
> ><br>
> ><br>
> ><br>
> > ______________________________<wbr>_________________<br>
> > lxc-users mailing list<br>
> > <a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.<wbr>linuxcontainers.org</a><br>
> > <a href="http://lists.linuxcontainers.org/listinfo/lxc-users" rel="noreferrer" target="_blank">http://lists.linuxcontainers.<wbr>org/listinfo/lxc-users</a><br>
><br>
> --<br>
> Renato dos Santos<br>
> Analista de Infraestrutura<br>
><br>
> 48 3239-2400 Pabx<br>
> WPLEX Software Ltda.<br>
> Rodovia SC 401, 8600 Corporate Park Bloco 5 Sala 101<br>
> 88050-000 Santo Antônio de Lisboa, Florianópolis SC<br>
> <a href="http://wplex.com.br" rel="noreferrer" target="_blank">wplex.com.br</a> <<a href="http://wplex.com.br" rel="noreferrer" target="_blank">http://wplex.com.br</a>><br>
> WPLEX<br>
<br>
> ______________________________<wbr>_________________<br>
> lxc-users mailing list<br>
> <a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.<wbr>linuxcontainers.org</a><br>
> <a href="http://lists.linuxcontainers.org/listinfo/lxc-users" rel="noreferrer" target="_blank">http://lists.linuxcontainers.<wbr>org/listinfo/lxc-users</a><br>
<br>
<br>
--<br>
Stéphane Graber<br>
Ubuntu developer<br>
<a href="http://www.ubuntu.com" rel="noreferrer" target="_blank">http://www.ubuntu.com</a><br>
<br><br>---------- Message transféré ----------<br>From: Marat Khalili <<a href="mailto:mkh@rqc.ru">mkh@rqc.ru</a>><br>To: <a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br>Cc: <br>Bcc: <br>Date: Tue, 7 Nov 2017 10:17:59 +0300<br>Subject: Re: [lxc-users] Race condition in IPv6 network configuration<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
If I reboot the<br>
container multiple times, once I'll get lucky and the interface<br>
configuration happens before an RA is received, and I get a permanent<br>
default route and everything's fine. But it's annoying because I have<br>
to reboot the container multiple times before it happens.<br>
</blockquote>
I don't know the cause of your problem, but I also encountered some race in container network configuration: <a href="https://lists.linuxcontainers.org/pipermail/lxc-users/2017-June/013456.html" rel="noreferrer" target="_blank">https://lists.linuxcontainers.<wbr>org/pipermail/lxc-users/2017-J<wbr>une/013456.html</a> . Since no one knows why it happens, I ended up checking container network configurations from a cron job and restarting resolvconf if it's wrong then email administrator; emailing is necessary since in my case some services may have already failed to start by the time configuration is auto-corrected. Even better solution would be to put a check in a systemd service with correct dependencies, but I haven't implemented it yet.<br>
<br>
Until someone finds proper solution of your problem, I suggest you to:<br>
<br>
1) Restart not the whole container but something smaller, like networking or specific interface.<br>
<br>
2) Automate check and restart as I did.<br>
<br>
3) Write systemd service for this if you have enough time at hand, then share it :)<br>
<br>
--<br>
<br>
With Best Regards,<br>
Marat Khalili<br>
<br>
<br>
<br><br>---------- Message transféré ----------<br>From: MegaBrutal <<a href="mailto:megabrutal@gmail.com">megabrutal@gmail.com</a>><br>To: LXC users mailing-list <<a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a>><br>Cc: <br>Bcc: <br>Date: Tue, 7 Nov 2017 11:45:00 +0100<br>Subject: Re: [lxc-users] Race condition in IPv6 network configuration<br>Hi Marat,<br>
<br>
First of all, I also suggest you to comment out the line<br>
"lxc.net.0.flags = up" in your LXC container configuration<br>
(/var/lib/lxc/containername/<wbr>config). (Note, if you have an older<br>
version of LXC, the line is "lxc.network.flags", if I remember<br>
correctly.) Probably it would help your container to have it bring up<br>
an interface from DOWN state, than to configure an interface which is<br>
already UP and probably is in ambiguous state.<br>
<br>
<br>
2017-11-07 8:17 GMT+01:00 Marat Khalili <<a href="mailto:mkh@rqc.ru">mkh@rqc.ru</a>>:<br>
><br>
> Until someone finds proper solution of your problem, I suggest you to:<br>
><br>
> 1) Restart not the whole container but something smaller, like networking or<br>
> specific interface.<br>
<br>
Actually, that's more cumbersome. I'd have to remove all IPs, routes,<br>
and bring the interface down (ip link set dev eth0 down), and then run<br>
ifup. A reboot is quicker, as I don't run heavy applications in the<br>
problematic containers.<br>
<br>
I also tried ifdown, but that usually doesn't work, because as far as<br>
the system is concerned, the interface is not configured (as it failed<br>
configuration when ifupdown tried to bring it up, so it is in a<br>
half-configured state).<br>
<br>
><br>
> 2) Automate check and restart as I did.<br>
<br>
At least I monitor it with Zabbix.<br>
<br>
><br>
> 3) Write systemd service for this if you have enough time at hand, then<br>
> share it :)<br>
<br>
Yes, but it feels like a workaround. I'd prefer to know the cause and<br>
find a better solution.<br>
<br>
<br><br>---------- Message transféré ----------<br>From: Marat Khalili <<a href="mailto:mkh@rqc.ru">mkh@rqc.ru</a>><br>To: <a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br>Cc: <br>Bcc: <br>Date: Tue, 7 Nov 2017 14:55:47 +0300<br>Subject: Re: [lxc-users] Race condition in IPv6 network configuration<br>On 07/11/17 13:45, MegaBrutal wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
First of all, I also suggest you to comment out the line<br>
"lxc.net.0.flags = up" in your LXC container configuration<br>
(/var/lib/lxc/containername/co<wbr>nfig).<br>
</blockquote>
Will definitely try it, although since it happens so rarely in my case (approximately once per month in different containers) it will take some time to confirm the solution.<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I also tried ifdown, but that usually doesn't work, because as far as<br>
the system is concerned, the interface is not configured (as it failed<br>
configuration when ifupdown tried to bring it up, so it is in a<br>
half-configured state).<br>
</blockquote>
Looks tough.<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
3) Write systemd service for this if you have enough time at hand, then<br>
share it :)<br>
</blockquote>
Yes, but it feels like a workaround. I'd prefer to know the cause and<br>
find a better solution.<br>
</blockquote>
Me too. Just a wild idea: you could try to play with ip6tables to find out what process sends RA requests, and also (another workaround) to filter out corresponding packets.<br>
<br>
--<br>
<br>
With Best Regards,<br>
Marat Khalili<br>
<br>
<br>
<br>______________________________<wbr>_________________<br>
lxc-users mailing list<br>
<a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.<wbr>linuxcontainers.org</a><br>
<a href="http://lists.linuxcontainers.org/listinfo/lxc-users" rel="noreferrer" target="_blank">http://lists.linuxcontainers.<wbr>org/listinfo/lxc-users</a><br></blockquote></div><br></div>