[Lxc-users] Hide container processes on the host...
David Touzeau
david at touzeau.eu
Wed May 4 22:14:01 UTC 2011
Dear,
I have an issue about hide processes on the host
I have a watchdog script on the host that ensure slapd is up
there is different behavior using pidof or pgrep
the ps aux output
# ps aux|grep slapd
root 2444 0.0 0.2 149296 6816 ? Ssl May03
1:21 /usr/sbin/slapd -4 -u root -g root -f /etc/ldap/slapd.conf -h
ldap://127.0.0.1:389/
root 23279 0.0 0.1 29040 6176 ? Ssl 23:40
0:00 /usr/sbin/slapd -4 -u root -g root -f /etc/openldap/slapd.conf -h
ldap://127.0.0.1:389/
Has we can see: The process 23279 running inside the container
the pgrep output the same output
# pgrep -l -f "/usr/sbin/slapd"
2444 /usr/sbin/slapd -4 -u root -g root -f /etc/ldap/slapd.conf -h
ldap://127.0.0.1:389/
23279 /usr/sbin/slapd -4 -u root -g root -f /etc/openldap/slapd.conf -h
ldap://127.0.0.1:389
Only the pidof point to the right process
# pidof /usr/sbin/slapd
2444
The problem is when the slapd process on the host is down, my script
detect the container process, it think that slpad is up and did not
react.
I have searched if there is some "pointers" on the host inside
the /proc/xxx directory (eg /proc/status, /proc/cmdline ) that shgould
helps my script to detecting that the process is not a "host" process
but no luck.
the only way is to do function that parse the result of
#lxc-ps --lxc aux|grep ldap
detect/return the slapd pid to the main script in order to force it to
bypassing this pid in the detection method.
But using this kind of solution is heavy when there is several
containers running on the same host and when you need to do the same
task with apache or mysql or any softwares that running many child
(postfix, amavisd-new,squid...)
I have read some post on the mailing list that there is no currently
solutions to fix this situation with LXC.
Is there a way hiding containers processes without LXC help ?
More information about the lxc-users
mailing list