[lxc-devel] nested containers

Paul Wexler paul at prometheusresearch.com
Tue Dec 31 17:07:40 UTC 2013 

Thank you for your responses!

I switched our lxc from stable to daily:
    http://ppa.launchpad.net/ubuntu-lxc/daily/ubuntu saucy main
I removed lxc and re-installed it.
>>> lxc.version
'1.0.0.alpha1'
>>>

Using  https://raw.github.com/lxc/lxc/master/hooks/mountcgroups
did not help.  In fact the containers would not start the first time:
    lxc-start: command get_init_pid failed to receive response

Using lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups
The containers start the first time but not the second time -
    lxc-start: command get_init_pid failed to receive response
Only the error message has changed from the stable version.

Following S. Graber's suggestion:

lxc.aa_profile = lxc-container-default-with-nesting
#lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups

Now I can re-start the container.  Now I need to see about configuring
the cgroups in our nested containers.

Thank you for your help !!!!!!

I look forward to lxc using the new cgroup manager.


On Tue, Dec 31, 2013 at 8:56 AM, S.Çağlar Onur <caglar at 10ur.org> wrote:

> Hi,
>
> On Sat, Dec 28, 2013 at 5:21 AM, Stéphane Graber <stgraber at ubuntu.com>
> wrote:
> > On Fri, Dec 27, 2013 at 06:56:15PM -0500, S.Çağlar Onur wrote:
> >> Hey Pauk,
> >>
> >> On Fri, Dec 27, 2013 at 6:49 PM, Paul Wexler
> >> <paul at prometheusresearch.com> wrote:
> >> > Hello lxc community,
> >> >
> >> > Has anyone used nested containers?
> >> >
> >> > I am trying with limited success.  I cannot re-start them.
> >> > I can:
> >> >   1. create a container.
> >> >   2. configure it for nesting (I uncomment 2 lines in config).
> >> >   3. start the container.
> >> >   4. stop the container.
> >> >   5. but I cannot re-start the container.
> >> >
> >> > However, if I do not configure the container for nesting then
> >> > I can stop and re-start the container repeatedly without errors.
> >> >
> >> > Specifically, the following command line sequence fails on the
> >> > second lxc-start (please note I do not show the normal lxc-
> >> > output below, only the error msg):
> >> >
> >> >   # lxc-create -t ubuntu -n C00
> >> >   # X="lxc.aa_profile = lxc-container-default-with-nesting"
> >> >   # sed -i -e "s/^#$X/$X/" /var/lib/lxc/C00/config
> >> >   # X="lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups"
> >> >   # sed -i -e "s/^#$X/$X/" /var/lib/lxc/C00/config
> >> >   # lxc-start -d -n C00
> >> >   # lxc-stop -n C00
> >> >   # lxc-start -d -n C00
> >> >   lxc-start: command get_cgroup failed to receive response
> >>
> >> I believe this issue fixed after alpha has been released [1] so could
> >> you try replacing your mountcgroups hook with [2] and try again to see
> >> what will happen?
> >
> > Right, the issue here appears to be mountcgroups not cleaning up after
> > itself and being confused on the second run.
>
> Oh, right I misunderstood the problem and though starts are failing
> due to lxc.include.
>
> > Hopefully we'll be dropping that hook entirely with the introduction of
> > cgmanger in the next few weeks...
> >
> > Depending on what you are doing, you may also just comment that hook
> > entirely as cgroup-lite in the container will then simply mount the
> > cgroupfs controllers and LXC will be able to use them (however this will
> > most likely bypass any cgroup restriction you applied on the first
> > container, if any).
>
> What about removing those leftover cgroup directories in post-stop hook?
>
> >>
> >> > When I start the container the first time, lxc-ls --fancy
> >> > displays the container's IP address.  Then I can ssh to the
> >> > container as 'ubuntu', install packages there such as lxc,
> >> > and even create containers there, the container is working
> >> > just fine.
> >> >
> >> > But once I stop the container I can never start it again.
> >> > Always with the same get_cgroup error as above.
> >> >
> >> > I am using:
> >> >   lxc version ==  '1.0.0.alpha2'
> >> >   kernel == 3.11.0-12-generic
> >> >
> >> > Any ideas/suggestions on how one might re-start such a container?
> >> > Thank you.
> >> >
> >> >
> >> > _______________________________________________
> >> > lxc-devel mailing list
> >> > lxc-devel at lists.linuxcontainers.org
> >> > http://lists.linuxcontainers.org/listinfo/lxc-devel
> >> >
> >>
> >> [1]
> https://github.com/lxc/lxc/commit/fa7fced87899ae37f193c81115543d1df5c28fbb
> >> [2] https://raw.github.com/lxc/lxc/master/hooks/mountcgroups
> >>
> >> Best,
> >> --
> >> S.Çağlar Onur <caglar at 10ur.org>
> >> _______________________________________________
> >> lxc-devel mailing list
> >> lxc-devel at lists.linuxcontainers.org
> >> http://lists.linuxcontainers.org/listinfo/lxc-devel
> >
> > --
> > Stéphane Graber
> > Ubuntu developer
> > http://www.ubuntu.com
> >
> > _______________________________________________
> > lxc-devel mailing list
> > lxc-devel at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-devel
> >
>
>
>
> --
> S.Çağlar Onur <caglar at 10ur.org>
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20131231/01471145/attachment-0001.html>

More information about the lxc-devel mailing list