[lxc-devel] Cross arch container thoughts - Call for Discussion...
Stéphane Graber
stgraber at ubuntu.com
Wed Apr 2 00:18:47 UTC 2014
On Tue, Apr 01, 2014 at 08:09:30PM -0400, Michael H. Warfield wrote:
> On Tue, 2014-04-01 at 19:58 -0400, Stéphane Graber wrote:
> > On Tue, Apr 01, 2014 at 07:43:32PM -0400, Michael H. Warfield wrote:
> > > So...
> > >
> > > Some may have read an earlier message I wrote primarily to the NST
> > > (Network Security Toolkit) crowd but cc'ed to this list about building
> > > their ISO images in an LXC container. That seems to work pretty well
> > > for the like-on-like case (x86_64 container on x86_64 host).
> > >
> > > The cross arch case (i686 container on x86_64 host) has been beating the
> > > crap out of me for days when I seem to stumble onto the simple answer.
> > > An i686 container running on an x86_64 host still reports x86_64 from
> > > the arch (uname -m) command and related commands. This causes all sorts
> > > of problems when you're running cross-arch. The answer would seem to be
> > > in the "setarch" command. Starting an i686 container by just running
> > > "lxc-start" and arch returns "x86_64". But... Starting it by running
> > > "setarch i686 lxc-start -n ${Container}" and arch returns "i686" and my
> > > tasks seem to be working properly now.
> > >
> > > My question is this... If we are going to support "cross arch"
> > > containers, should we not be incorporating "setarch" into the startup of
> > > those containers? Maybe define an arch type on startup? If it's set
> > > and is not equally to the basearch, then run setarch? That way, LXC
> > > could "fake" the container arch.
> > >
> > > That isn't quite as simple as it sounds. For lxc-autostart, it could be
> > > just an arch parameter in the config file and incorporate the command
> > > before firing up the container when arch doesn't match our basearch.
> > > It's a little more complicated for just lxc-start and I have no idea how
> > > that would be incorporated into lxc-execute.
> > >
> > > I seem to have solved my "problem" with building NST i686 images in an
> > > LXC i686 container on an x86_64 host but seem to have stumbled onto a
> > > bit of a can of worms here... Yes, LXC can fake out the arch for a
> > > container (where reasonable). Should we? How should we?
> > >
> > > Thoughts?
> >
> > Hmm, aren't we already doing that?
> >
> > stgraber at castiana:~$ uname -m
> > x86_64
> >
> > stgraber at castiana:~$ lxc-create -t download -n i386 -- -d ubuntu -r trusty -a i386
> > Using image from local cache
> > Unpacking the rootfs
>
> > ---
> > You just created an Ubuntu container (release=trusty, arch=i386, variant=default)
> > The default username/password is: ubuntu / ubuntu
> > To gain root privileges, please use sudo.
>
> > stgraber at castiana:~$ lxc-start -n i386 -d
>
> > stgraber at castiana:~$ lxc-attach -n i386 -- uname -m
> > i686
>
> > stgraber at castiana:~$ lxc-stop -n i386 -k
> > stgraber at castiana:~$ grep arch .local/share/lxc/i386/config
> > lxc.arch = x86
>
> > lxc.arch lets you override the personality, we currently only support
> > x86 personalities (we probably should look into the armhf/arm64 ones at
> > some point).
>
> Ok... Maybe I missed that and maybe that's something that needs to be
> added to the CentOS and Fedora templates (Dwight? Oracle?). It's
> definitely not working that way right now with the Fedora based
> containers.
Works fine with Centos and Oracle if you use them through the download
template as the config generated by the image builder always includes
the appropriate lxc.arch :)
stgraber at castiana:~$ lxc-attach -n i386 -- uname -m
i686
stgraber at castiana:~$ lxc-attach -n i386 -- cat /etc/redhat-release
CentOS release 6.5 (Final)
>
> > The download template and I believe a few others will set lxc.arch
> > properly by default, so you only need to use setarch for commands
> > running during container creation.
>
> Well, that's exactly what I'm looking for and maybe that is the answer
> that I just didn't know the answer that was there all along.
>
> If that's the case, I'll be testing it out and will probably patch my
> templates for it in the next day or two.
>
> Thanks!
>
> Regards,
> Mike
> --
> Michael H. Warfield (AI4NB) | (770) 978-7061 | mhw at WittsEnd.com
> /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
> NIC whois: MHW9 | An optimist believes we live in the best of all
> PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
>
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140401/0628f7b4/attachment.pgp>
More information about the lxc-devel
mailing list