[lxc-devel] LXCFS update problems
Serge Hallyn
serge.hallyn at ubuntu.com
Thu Nov 19 15:46:20 UTC 2015
Quoting Dietmar Maurer (dietmar at proxmox.com):
> > Update the lxcfs package stop/restart the fuse filesystem. So this
> > breaks all active containers.
> >
> > AFAIK restarting fuse without umount is not possible, so are there
> > any other ideas how to solve that problem?
>
> The following lxcfs.service seems to behave much better:
>
> -------------------------------
> [Unit]
> Description=FUSE filesystem for LXC
> ConditionVirtualization=!container
> Before=lxc.service
>
> [Service]
> ExecStart=/usr/bin/lxcfs -f -s -o allow_other /var/lib/lxcfs/
> KillMode=none
> Restart=on-failure
> ExecStop=/bin/fusermount -u /var/lib/lxcfs
>
> [Install]
> WantedBy=multi-user.target
> ---------------------------------
>
> Because this does not kill a running lxcfs as long as there are references.
> Would this have any drawbacks?
I don't think so. At the least we'd need killmode to also umount -l
/var/lib/lxcfs after killing the process, but that's not good enough,
because even if lxcfs is cleanly restarted any running containers will
not get the new lxcfs mount.
To actually support clean updates, I think we would have to
1. have lxcfs MNT_DETACH-umount /var/lib/lxcfs on startup, if no
running lxcfs is found.
2. create a /var/lib/lxcfs.cnt tmpfs and bind-mount proc and cgroup under
there
3. mount /var/lib/lxcfs.cnt into containers in its entirety
4. create symlinks for each lxcfs cgroupfs and each lxcfs procfs,
in the container's /var/lib/lxcfs, pointing into /var/lib/lxcfs.cnt
5. bind mount the /var/lib/lxcfs symlinks onto the targets in the
container.
That way when lxcfs restarts, the container should get the new
/var/lib/lxcfs.cnt tmpfs, and the symlinks should point to the
new targets under there.
More information about the lxc-devel
mailing list