[Lxc-users] Ubuntu sshd template
Daniel Lezcano
daniel.lezcano at free.fr
Thu Feb 3 22:02:32 UTC 2011
On 02/03/2011 10:51 PM, Gary Ballantyne wrote:
>
> On 2/3/2011 1:47 PM, Trent W. Buck wrote:
>> Gary Ballantyne
>> <gary.ballantyne at haulashore.com> writes:
>>
>>> # /usr/bin/lxc-execute -n foo -f
>>> /usr/share/doc/lxc/examples/lxc-veth.conf /bin/bash
>>>
>>> The container fired up, and I could ping to/from the host. However, when
>>> I left the container (with "exit") things got weird. In a second
>>> terminal (already connected to the host), I got repeated errors of the form:
>>>
>>> [ 1396.169010] unregister_netdevice: waiting for lo to become free.
>>> Usage count = 3.
Kernel bug. I think if you remove the ipv6 address setup in the lxc's
configuration file, that should resolve your problem (as a workaround).
>> I don't know about that one, sorry. IIRC I got the lxc-ssh container to
>> DTRT on 10.04, but it's entirely possible I was getting those dmesg
>> errors and not seeing them, because I wasn't on a local tty.
>
> Good point -- the errors are only shown on the local tty.
>
>> UPDATE: oh, I see you're just using lxc-veth for bash... I dunno
>> anything about that. I guess you could be getting that when bash tries
>> to initialize itself (e.g. setting $HOSTNAME)? Do you get the same
>> problems with /bin/dash or (say) /bin/pwd instead?
>
> Same behavior with dash.
>
> There is no science behind using lxc-veth, only that: (a), it went well
> in 9.10; (b), it appears to use a bridge (which I read somewhere was the
> safest/easiest option); and (c), it seemed a reasonable place to start.
>
>>> Where the bracketed number changes for each error. (A new error appears
>>> every 10 seconds or so).
>>
>> The bracketed number is the number of seconds since boot.
>> The message is being emitted by the kernel.
>>
>>> Any suggestions?
>>
>> Show us your .conf.
>
> Here is the .conf -- I have only changed .ipv4 from the lxc-veth.conf
> that ships with the installation.
>
> lxc.utsname = beta
> lxc.network.type = veth
> lxc.network.flags = up
> lxc.network.link = br0
> lxc.network.hwaddr = 4a:49:43:49:79:bf
> lxc.network.ipv4 = 10.89.233.55/24
> lxc.network.ipv6 = 2003:db8:1:0:214:1234:fe0b:3597
>
> Here is /etc/network/interfaces (I have followed a recipe to set up the
> bridge, but don't really know what I am doing here.)
>
> # The loopback network interface
> auto lo
> iface lo inet loopback
>
> # The primary network interface
> auto eth0
> #iface eth0 inet dhcp
> iface eth0 inet manual
>
> auto br0
> iface br0 inet static
> address 10.89.233.57
> network 10.89.233.0
> netmask 255.255.255.0
> broadcast 10.89.233.255
> gateway 10.89.233.1
> bridge_ports eth0
> bridge_fd 9
> bridge_hello 2
> bridge_maxage 12
> bridge_stp off
Here is my host configuration if you are interested:
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
auto br0
iface br0 inet static
address 172.20.0.1
netmask 255.255.255.0
bridge_stp off
bridge_maxwait 5
pre-up /usr/sbin/brctl addbr br0
post-up /usr/sbin/brctl setfd br0 0
post-up /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
The container is setup with an IP in the 172.20.0.0 network.
As the routes configuration is not yet supported in lxc, you should set
them up yourself with:
#!/bin/bash
route add default gw 172.20.0.1
exec /usr/sbin/sshd
>> Maybe show us some diagnostics, too
>
> These are after a reboot, followed by # /usr/bin/lxc-execute -n foo -f
> /usr/share/doc/lxc/examples/lxc-veth.conf /bin/bash.
>
> After "exit"-ing the container, the usual errors started appearing in
> the local tty and I was told (on the remote tty):
>
> lxc-execute: Device or resource busy - failed to remove cgroup '/cgroup/foo'
>
> I am not sure if it is helpful to repeat the diagnostics below at this
> stage or not -- please let me know if it would be helpful. Cheers.
>
>> lxc-ps auxf
>
>> From the container:
>
> root at beta:/usr/share/doc/lxc/examples# lxc-ps auxf
> CONTAINER USER PID %CPU %MEM VSZ RSS TTY STAT START
> TIME COMMAND
> foo root 1 0.0 0.1 2000 548 pts/0 S 10:22
> 0:00 /usr/lib/lxc/lxc-init -- /bin/bash
> foo root 2 0.0 0.3 5204 1772 pts/0 S 10:22
> 0:00 /bin/bash
> foo root 14 0.0 0.5 6332 2596 pts/0 S+ 10:22
> 0:00 \_ /usr/bin/perl /usr/bin/lxc-ps auxf
> root 15 0.0 0.1 4556 964 pts/0 R+ 10:22
> 0:00 \_ ps auxf
>
>> From the host:
>
> # lxc-ps auxf
> CONTAINER USER PID %CPU %MEM VSZ RSS TTY STAT START
> TIME COMMAND
> root 2 0.0 0.0 0 0 ? S Feb03
> 0:00 [kthreadd]
> root 3 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [ksoftirqd/0]
> root 4 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [migration/0]
> root 5 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [watchdog/0]
> root 6 0.0 0.0 0 0 ? S Feb03
> 0:01 \_ [events/0]
> root 7 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [cpuset]
> root 8 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [khelper]
> root 9 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [netns]
> root 10 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [async/mgr]
> root 11 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [pm]
> root 12 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [sync_supers]
> root 13 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [bdi-default]
> root 14 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [kintegrityd/0]
> root 15 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [kblockd/0]
> root 16 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [kacpid]
> root 17 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [kacpi_notify]
> root 18 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [kacpi_hotplug]
> root 19 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [ata_aux]
> root 20 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [ata_sff/0]
> root 21 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [khubd]
> root 22 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [kseriod]
> root 23 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [kmmcd]
> root 25 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [khungtaskd]
> root 26 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [kswapd0]
> root 27 0.0 0.0 0 0 ? SN Feb03
> 0:00 \_ [ksmd]
> root 28 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [aio/0]
> root 29 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [ecryptfs-kthrea]
> root 30 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [crypto/0]
> root 35 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [pciehpd]
> root 37 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [scsi_eh_0]
> root 38 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [scsi_eh_1]
> root 41 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [kstriped]
> root 42 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [kmpathd/0]
> root 43 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [kmpath_handlerd]
> root 44 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [ksnapd]
> root 45 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [kondemand/0]
> root 46 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [kconservative/0]
> root 239 0.0 0.0 0 0 ? S Feb03
> 0:01 \_ [mpt_poll_0]
> root 240 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [mpt/0]
> root 241 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [scsi_eh_2]
> root 256 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [kdmflush]
> root 267 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [kdmflush]
> root 274 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [jbd2/dm-0-8]
> root 275 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [ext4-dio-unwrit]
> root 539 0.0 0.0 0 0 ? S Feb03
> 0:00 \_ [kpsmoused]
> root 548 0.0 0.0 0 0 ? S Feb03
> 0:01 \_ [vmmemctl]
> root 1240 0.0 0.0 0 0 ? S 10:29
> 0:00 \_ [flush-251:0]
> root 1 0.0 0.3 2856 1580 ? Ss Feb03
> 0:02 /sbin/init
> root 320 0.0 0.1 2396 608 ? S Feb03
> 0:00 upstart-udev-bridge --daemon
> root 326 0.0 0.1 2444 768 ? S<s Feb03
> 0:00 udevd --daemon
> root 439 0.0 0.1 2332 616 ? S< Feb03
> 0:00 \_ udevd --daemon
> root 463 0.0 0.1 2332 564 ? S< Feb03
> 0:00 \_ udevd --daemon
> syslog 723 0.0 0.3 33980 1568 ? Sl Feb03
> 0:00 rsyslogd -c4
> root 767 0.0 0.1 1860 564 tty4 Ss+ Feb03
> 0:00 /sbin/getty -8 38400 tty4
> root 771 0.0 0.1 1860 564 tty5 Ss+ Feb03
> 0:00 /sbin/getty -8 38400 tty5
> root 776 0.0 0.1 1860 560 tty2 Ss+ Feb03
> 0:00 /sbin/getty -8 38400 tty2
> root 778 0.0 0.1 1860 564 tty3 Ss+ Feb03
> 0:00 /sbin/getty -8 38400 tty3
> root 782 0.0 0.1 1860 564 tty6 Ss+ Feb03
> 0:00 /sbin/getty -8 38400 tty6
> root 785 0.0 0.1 2460 796 ? Ss Feb03
> 0:00 cron
> daemon 787 0.0 0.0 2320 356 ? Ss Feb03
> 0:00 atd
> root 836 0.0 0.1 1860 568 tty1 Ss+ Feb03
> 0:00 /sbin/getty -8 38400 tty1
> root 902 0.0 0.4 5644 2204 ? Ss Feb03
> 0:00 /usr/sbin/sshd -D
> root 1091 0.0 0.5 8496 2900 ? Ss 10:16
> 0:00 \_ sshd: root at pts/0
> root 1108 0.0 0.6 6428 3136 pts/0 Ss 10:17
> 0:00 | \_ -bash
> root 1148 0.0 0.1 2000 748 pts/0 S 10:22
> 0:00 | \_ /usr/bin/lxc-execute -n foo -f
> /usr/share/doc/lxc/examples/lxc-veth.conf /bin/bash
> foo root 1161 0.0 0.1 2000 548 pts/0 S 10:22
> 0:00 | \_ /usr/lib/lxc/lxc-init -- /bin/bash
> foo root 1173 0.0 0.3 5204 1796 pts/0 S+ 10:22
> 0:00 | \_ /bin/bash
> root 1203 0.1 0.5 8496 2900 ? Ss 10:28
> 0:00 \_ sshd: root at pts/1
> root 1219 0.1 0.5 6392 3048 pts/1 Ss 10:29
> 0:00 \_ -bash
> root 1261 0.0 0.5 6332 2600 pts/1 S+ 10:31
> 0:00 \_ /usr/bin/perl /usr/bin/lxc-ps auxf
> root 1262 0.0 0.1 4556 1012 pts/1 R+ 10:31
> 0:00 \_ ps auxf
>
>
>> lxc-netstat --name "foo" -nlp
>
>> From the container:
>
> # lxc-netstat --name "foo" -nlp
> Active Internet connections (only servers)
> Proto Recv-Q Send-Q Local Address Foreign Address
> State PID/Program name
> Active UNIX domain sockets (only servers)
> Proto RefCnt Flags Type State I-Node PID/Program
> name Path
>
>> From the host:
>
> # lxc-netstat --name "foo" -nlp
> Active Internet connections (only servers)
> Proto Recv-Q Send-Q Local Address Foreign Address
> State PID/Program name
> Active UNIX domain sockets (only servers)
> Proto RefCnt Flags Type State I-Node PID/Program
> name Path
>
>> netstat -nlp
>
>> From the container:
>
> # netstat -nlp
> Active Internet connections (only servers)
> Proto Recv-Q Send-Q Local Address Foreign Address
> State PID/Program name
> Active UNIX domain sockets (only servers)
> Proto RefCnt Flags Type State I-Node PID/Program
> name Path
>
>> From the host:
>
> # netstat -nlp
> Active Internet connections (only servers)
> Proto Recv-Q Send-Q Local Address Foreign Address
> State PID/Program name
> Active UNIX domain sockets (only servers)
> Proto RefCnt Flags Type State I-Node PID/Program
> name Path
>
>> ip l
>
>> From the container:
>
> # ip l
> 4: eth0:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> state UP qlen 1000
> link/ether 4a:49:43:49:79:bf brd ff:ff:ff:ff:ff:ff
> 6: lo:<LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>
>
>> From the host:
>
> # ip l
> 1: lo:<LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> 2: eth0:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> state UNKNOWN qlen 1000
> link/ether 00:0c:29:a3:c3:82 brd ff:ff:ff:ff:ff:ff
> 3: br0:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
> UNKNOWN
> link/ether 00:0c:29:a3:c3:82 brd ff:ff:ff:ff:ff:ff
> 5: veth79e2MM:<BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc
> pfifo_fast state UP qlen 1000
> link/ether 4a:12:1a:d0:48:6c brd ff:ff:ff:ff:ff:ff
>
>> ip a
>
>> From the container:
>
> # ip a
> 4: eth0:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> state UP qlen 1000
> link/ether 4a:49:43:49:79:bf brd ff:ff:ff:ff:ff:ff
> inet 10.89.233.55/24 brd 10.89.233.0 scope global eth0
> inet6 2003:db8:1:0:214:1234:fe0b:3597/64 scope global
> valid_lft forever preferred_lft forever
> inet6 fe80::4849:43ff:fe49:79bf/64 scope link
> valid_lft forever preferred_lft forever
> 6: lo:<LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> inet6 ::1/128 scope host
> valid_lft forever preferred_lft forever
>
>> From the host:
>
> # ip a
> 1: lo:<LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> inet6 ::1/128 scope host
> valid_lft forever preferred_lft forever
> 2: eth0:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> state UNKNOWN qlen 1000
> link/ether 00:0c:29:a3:c3:82 brd ff:ff:ff:ff:ff:ff
> inet6 fe80::20c:29ff:fea3:c382/64 scope link
> valid_lft forever preferred_lft forever
> 3: br0:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
> UNKNOWN
> link/ether 00:0c:29:a3:c3:82 brd ff:ff:ff:ff:ff:ff
> inet 10.89.233.57/24 brd 10.89.233.255 scope global br0
> inet6 fe80::20c:29ff:fea3:c382/64 scope link
> valid_lft forever preferred_lft forever
> 5: veth79e2MM:<BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc
> pfifo_fast state UP qlen 1000
> link/ether 4a:12:1a:d0:48:6c brd ff:ff:ff:ff:ff:ff
> inet6 fe80::4812:1aff:fed0:486c/64 scope link
> valid_lft forever preferred_lft forever
>
>> ip r
>
>> From the container:
>
> # ip r
> 10.89.233.0/24 dev eth0 proto kernel scope link src 10.89.233.55
>
>> From the host:
>
> # ip r
> 10.89.233.0/24 dev br0 proto kernel scope link src 10.89.233.57
> default via 10.89.233.1 dev br0 metric 100
>
>
>
>>
>>
>> ------------------------------------------------------------------------------
>> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
>> Finally, a world-class log management solution at an even better price-free!
>> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
>> February 28th, so secure your free ArcSight Logger TODAY!
>> http://p.sf.net/sfu/arcsight-sfd2d
>> _______________________________________________
>> Lxc-users mailing list
>> Lxc-users at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/lxc-users
>
> ------------------------------------------------------------------------------
> The modern datacenter depends on network connectivity to access resources
> and provide services. The best practices for maximizing a physical server's
> connectivity to a physical network are well understood - see how these
> rules translate into the virtual world?
> http://p.sf.net/sfu/oracle-sfdevnlfb
> _______________________________________________
> Lxc-users mailing list
> Lxc-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-users
More information about the lxc-users
mailing list