[Lxc-users] Zombie container
Brian K. White
brian at aljex.com
Tue Feb 15 20:47:26 UTC 2011
On 2/14/2011 6:50 PM, Trent W. Buck wrote:
> Daniel Lezcano<daniel.lezcano at free.fr> writes:
>
>> As a quick fix, I suggest you look what application created the new
>> namespace. Launch your container and then look at
>> /cgroup/blackbird/1234/tasks and look for the command line associated
>> with the pid in this file. I suspect vsftpd could be the culprit. If
>> this is the case, there is an option to disable the namespace
>> creation.
>
> Or, of course, pick a different application :-)
>
> If it is vsftpd, I *strongly* recommend switching to SFTP (part of SSH)
> for writes, and HTTP for reads. http://mywiki.wooledge.org/FtpMustDie
Well, of course, but what's that got to do with LXC or the namespace
trick that vsftpd happens to use?
Your observations, which everyone already knows, show that the ftp
protocol is problematic. Granted but so what?
The discussion here is how to get all commonly used tools working within
containers, using lxc, that are currently used outside of containers,
not what tools to use.
3 things:
1) The vstftpd problem is not a problem with the ftp protocol. Apache or
any other service or app that meets your religious or aesthetic approval
might have the same or similar problem at any time. Here we are only
interested in containerizing anything that currently is done on
traditional servers. For better or for worse, FTP is widely used on
trandtional servers, and specifically vsftpd is. And so the discussion
is about how to use vsftpd within a container, not whether to use ftp.
2) As if everyone has any choice in the matter anyway, since most use of
any communication protocol, such as ftp, involve two different parties,
not yourself at both ends. Even if you were so gauche as to try to
dictate internal IT policies and procedures and technologies to your own
customers and vendors, you still don't get to dictate to 2nd or more
removed customers and vendors of your own customers and vendors. So when
_big honking global bank/manufacturer/retailer/shipper/etc_ says they
will ftp to you or you to them, you just *&^*7 do it.
Oh you can offer the alternatives, and occasionally you get lucky, but
that doesn't remove the need to make ftp work. Same goes for every other
commonly used technology that you don't happen to personally like.
3) What makes http so special only for reading and sftp so special only
for writing? Depending on my security needs and other factors I
routinely use http for writing and/or sftp for reading. I also use rsync
(native, not via ssh or rsh) for both reading and writing in many
situations where most people use ftp or sftp or http. Conversely I never
use nfs and only use samba extremely rarely, but I'm sure these
technologies are perfectly justifiable and required for other people in
other situations. Choice of tool is completely dependent on the job at
hand and it's utterly silly to try to say what should and should not be
used except within the context of a specific job, and then the answer
only applies to that one specific job in that one specific context.
--
bkw
More information about the lxc-users
mailing list