[Lxc-users] Regarding creating a LXC container in fedora 17

Michael H. Warfield mhw at WittsEnd.com
Sat May 18 18:19:50 UTC 2013


On Sat, 2013-05-18 at 19:41 +0530, Ajith Adapa wrote:
> Hmm sounds one more road block for using lxc in fedora 17 because of
> systemd.

It's not a roadblock.  More like a mile long stretch of stingers (stop
spike strips / tire deflators).  We're getting there.  It's just one
more unnecessary puzzle to solve.  Sigh...

> Currently there is no place where there is a guide for starting up
> with LXC for latest fedora versions. I think a page in fedoraproject
> would be of great help with the known issues and steps using lxc under
> various fedora versions.

First we get it working but, yeah, that would be incredibly nice and
then also add it to this project as well.

> I am really thinking to start using LXC containers in fedora 14. Build
> and Boot it up with latest stable kernel version (Might be 3.4) and
> LXC version (>0.9) and try out using LXC- containers :)
> 
> 
> 
> 
> On Sat, May 18, 2013 at 7:28 PM, Michael H. Warfield
> <mhw at wittsend.com> wrote:
>         On Sat, 2013-05-18 at 19:02 +0530, Ajith Adapa wrote:
>         > Sorry for the confusion.
>         
>         > In case of issue 3, I felt host kernel crashed because of
>         the soft
>         > lock issue mentioned in Issue 2.That's the reason I was
>         saying "as a
>         > result of ..". Ideally speaking I haven't done anything
>         other than
>         > creating the lxc-container at the time. Once I restarted the
>         host
>         > machine after crash I havent observed any issues.
>         
>         > Then I have started the container using below command and
>         tried to
>         > connect to its shell using lxc-console command but I ended
>         up with
>         > below message. Ideally I should see a prompt but its just
>         hangs down
>         > there. <Ctl+a q> works and nothing else.
>         
>         > [root at ipiblr ~]# lxc-start -n TEST -d
>         > [root at ipiblr ~]# lxc-console -n TEST
>         
>         > Type <Ctrl+a q> to exit the console, <Ctrl+a Ctrl+a> to
>         enter Ctrl+a
>         > itself
>         
>         
>         Oh, crap...  I keep forgetting about that (because I don't use
>         it).
>         That needs to be noted somewhere in the documentation.
>         
>         That's yet another BAD decision on the part of the systemd
>         crowd,
>         lxc-console is probably not going to work, at least for the
>         time being.
>         They (systemd) intentionally, with documented malice a
>         forethought,
>         disable gettys on the vtys in the container if systemd detects
>         that it's
>         in a container.  However, /dev/console in the container is
>         still active
>         and is connected to lxc-start and I'm able to log in there but
>         I have
>         never gotten lxc-console to work with a systemd container and
>         I don't
>         know of anything I can do about it.  You would need some way
>         to force
>         the container to start gettys on the vtys.
>         
>         Maybe, if I (or someone else) can figure out a way to do that
>         (force the
>         gettys to start on the vtys), it could be integrated into the
>         Fedora
>         template.  My patches for the autodev stuff (plus other stuff)
>         have now
>         been accepted and applied by Serge, so that's done.  Maybe I
>         can look
>         deeper into this morass now.
>         
>         Regards,
>         Mike
>         
>         > Regards,
>         > Ajith
>         >
>         >
>         >
>         >
>         > On Sat, May 18, 2013 at 5:55 PM, Michael H. Warfield
>         > <mhw at wittsend.com> wrote:
>         >         Hello,
>         >
>         >         On Sat, 2013-05-18 at 12:35 +0530, Ajith Adapa
>         wrote:
>         >         > Hi,
>         >
>         >         > I have installed all the rpms created by @thomas
>         and
>         >         followed @michael
>         >         > steps to start a lxc container.
>         >
>         >         > I have a doubt.
>         >
>         >         > 1. When I give lxc-create command I came across
>         huge
>         >         download of various
>         >         > files.
>         >         > As per my understanding rootfs is created for new
>         container
>         >         (where can i
>         >         > get the steps for it ? ).
>         >
>         >
>         >         Steps for what?  It's
>         in /var/lib/lxc/{Container}/rootfs/
>         >
>         >         > But I see below log. Is there any issue ?
>         >
>         >         > Copy /var/cache/lxc/fedora/i686/17/rootfs
>         >         to /var/lib/lxc/TEST/TEST/rootfs
>         >         > ...
>         >         > Copying rootfs
>         to /var/lib/lxc/TEST/TEST/rootfs ...setting
>         >         root passwd to
>         >         > root
>         >         > installing fedora-release package
>         >         > warning: Failed to read auxiliary vector, /proc
>         not mounted?
>         >         > warning: Failed to read auxiliary vector, /proc
>         not mounted?
>         >         > warning: Failed to read auxiliary vector, /proc
>         not mounted?
>         >         > warning: Failed to read auxiliary vector, /proc
>         not mounted?
>         >         > warning: Failed to read auxiliary vector, /proc
>         not mounted?
>         >         > warning: Failed to read auxiliary vector, /proc
>         not mounted?
>         >         > warning: Failed to read auxiliary vector, /proc
>         not mounted?
>         >         > warning: Failed to read auxiliary vector, /proc
>         not mounted?
>         >
>         >
>         >         The warnings are perfectly normal and harmless.  I
>         ran into
>         >         this with
>         >         recent versions of yum and researched it.  It's
>         because /proc
>         >         is not
>         >         mounted in the container itself when the container
>         is being
>         >         created.
>         >         You can ignore them.
>         >
>         >         > Package fedora-release-17-2.noarch already
>         installed and
>         >         latest version
>         >         > Nothing to do
>         >
>         >
>         >         Again, normal.
>         >
>         >         > container rootfs and config created
>         >         > 'fedora' template installed
>         >         > 'TEST' created
>         >
>         >
>         >         Looks like your container was created.  I don't see
>         a problem.
>         >
>         >         > 2.I see a SOFT LOCK issue with latest version
>         kernel shown
>         >         below.
>         >
>         >         > # uname -a
>         >         > Linux blr 3.8.8-100.fc17.i686 #1 SMP Wed Apr 17
>         17:26:59 UTC
>         >         2013 i686 i686
>         >         > i386 GNU/Linux
>         >         >
>         >         >
>         >         > [1098069.351017] SELinux: initialized (dev
>         binfmt_misc, type
>         >         binfmt_misc),
>         >         > uses genfs_contexts
>         >         > [1281973.370052] BUG: soft lockup - CPU#0 stuck
>         for 23s!
>         >         [kworker/0:1:2201]
>         >
>         >
>         >         I've seen that on my Dell 610's but they haven't
>         caused any
>         >         real
>         >         failures.  Not quite sure what that is.
>         >
>         >         > [1281973.370052] Modules linked in: binfmt_misc
>         lockd sunrpc
>         >         snd_intel8x0
>         >         > snd_ac97_codec ac97_bus snd_seq snd_seq_device
>         snd_pcm
>         >         i2c_piix4 i2c_core
>         >         > microcode virtio_balloon snd_page_alloc snd_timer
>         snd
>         >         soundcore virtio_net
>         >         > uinput virtio_blk
>         >         > [1281973.370052] Pid: 2201, comm: kworker/0:1 Not
>         tainted
>         >         > 3.8.8-100.fc17.i686 #1 Bochs Bochs
>         >         > [1281973.370052] EIP: 0060:[<c068b17a>] EFLAGS:
>         00000206
>         >         CPU: 0
>         >         > [1281973.370052] EIP is at iowrite16+0x1a/0x40
>         >         > [1281973.370052] EAX: 00000001 EBX: f69b3000 ECX:
>         0001c050
>         >         EDX: 0000c050
>         >         > [1281973.370052] ESI: e9d9b600 EDI: 00000000 EBP:
>         f5009b90
>         >         ESP: f5009b8c
>         >         > [1281973.370052]  DS: 007b ES: 007b FS: 00d8 GS:
>         00e0 SS:
>         >         0068
>         >         > [1281973.370052] CR0: 8005003b CR2: 09cae530 CR3:
>         345e0000
>         >         CR4: 000006d0
>         >         > [1281973.370052] DR0: 00000000 DR1: 00000000 DR2:
>         00000000
>         >         DR3: 00000000
>         >         > [1281973.370052] DR6: ffff0ff0 DR7: 00000400
>         >         > [1281973.370052] Process kworker/0:1 (pid: 2201,
>         ti=f5008000
>         >         task=f6830cb0
>         >         > task.ti=f4bb2000)
>         >         > [1281973.370052] Stack:
>         >         > [1281973.370052]  c07107cd f5009b9c c070ffb9
>         f4a17a00
>         >         f5009bcc f7c36f2b
>         >         > 00000000 e9d9b600
>         >         > [1281973.370052]  00000020 00000000 e9d9b600
>         00000000
>         >         f69b2000 00000000
>         >         > f4b5a740 00000036
>         >         > [1281973.370052]  f5009c00 c088ea5e e9d9b600
>         00000000
>         >         f7c384c0 f6822600
>         >         > f69b2000 00000000
>         >         > [1281973.370052] Call Trace:
>         >         > [1281973.370052]  [<c07107cd>] ? vp_notify
>         +0x1d/0x20
>         >         > [1281973.370052]  [<c070ffb9>] virtqueue_kick
>         +0x19/0x20
>         >         > [1281973.370052]  [<f7c36f2b>] start_xmit
>         +0x14b/0x370
>         >         [virtio_net]
>         >         > [1281973.370052]  [<c088ea5e>] dev_hard_start_xmit
>         >         +0x24e/0x4c0
>         >         > [1281973.370052]  [<c08a793f>] sch_direct_xmit
>         +0xaf/0x180
>         >         > [1281973.370052]  [<c088f01e>] dev_queue_xmit
>         +0x12e/0x370
>         >         > [1281973.370052]  [<c08bf670>] ? ip_fragment
>         +0x870/0x870
>         >         > [1281973.370052]  [<c08bf88e>] ip_finish_output
>         +0x21e/0x3b0
>         >         > [1281973.370052]  [<c08bf670>] ? ip_fragment
>         +0x870/0x870
>         >         > [1281973.370052]  [<c08c0354>] ip_output+0x84/0xd0
>         >         > [1281973.370052]  [<c08bf670>] ? ip_fragment
>         +0x870/0x870
>         >         > [1281973.370052]  [<c08bfb00>] ip_local_out
>         +0x20/0x30
>         >         > [1281973.370052]  [<c08bfc3f>] ip_queue_xmit
>         +0x12f/0x3b0
>         >         > [1281973.370052]  [<c08d62fb>] tcp_transmit_skb
>         +0x3cb/0x850
>         >         > [1281973.370052]  [<c097a440>] ?
>         apic_timer_interrupt
>         >         +0x34/0x3c
>         >         > [1281973.370052]  [<c08d8b50>] tcp_send_ack
>         +0xd0/0x120
>         >         > [1281973.370052]  [<c08cc096>] __tcp_ack_snd_check
>         +0x56/0x90
>         >         > [1281973.370052]  [<c08d3038>] tcp_rcv_established
>         >         +0x1c8/0x890
>         >         > [1281973.370052]  [<c08dc8f3>] tcp_v4_do_rcv
>         +0x223/0x3e0
>         >         > [1281973.370052]  [<c06233f4>] ?
>         security_sock_rcv_skb
>         >         +0x14/0x20
>         >         > [1281973.370052]  [<c08de39c>] tcp_v4_rcv
>         +0x53c/0x770
>         >         > [1281973.370052]  [<c08bb110>] ? ip_rcv_finish
>         +0x320/0x320
>         >         > [1281973.370052]  [<c08bb1c2>]
>         ip_local_deliver_finish
>         >         +0xb2/0x260
>         >         > [1281973.370052]  [<c08bb4ac>] ip_local_deliver
>         +0x3c/0x80
>         >         > [1281973.370052]  [<c08bb110>] ? ip_rcv_finish
>         +0x320/0x320
>         >         > [1281973.370052]  [<c08bae50>] ip_rcv_finish
>         +0x60/0x320
>         >         > [1281973.370052]  [<c043009c>] ?
>         pvclock_clocksource_read
>         >         +0x9c/0x130
>         >         > [1281973.370052]  [<c08bb73c>] ip_rcv+0x24c/0x370
>         >         > [1281973.370052]  [<c088d5db>] __netif_receive_skb
>         >         +0x5bb/0x740
>         >         > [1281973.370052]  [<c088d8ce>] netif_receive_skb
>         +0x2e/0x90
>         >         > [1281973.370052]  [<f7c36a49>] virtnet_poll
>         +0x449/0x6a0
>         >         [virtio_net]
>         >         > [1281973.370052]  [<c044d6aa>] ? run_timer_softirq
>         >         +0x1a/0x210
>         >         > [1281973.370052]  [<c088decd>] net_rx_action
>         +0x11d/0x1f0
>         >         > [1281973.370052]  [<c044695b>] __do_softirq
>         +0xab/0x1c0
>         >         > [1281973.370052]  [<c04468b0>] ?
>         local_bh_enable_ip
>         >         +0x90/0x90
>         >         > [1281973.370052]  <IRQ>
>         >         > [1281973.370052]  [<c0446bdd>] ? irq_exit
>         +0x9d/0xb0
>         >         > [1281973.370052]  [<c04258ee>] ?
>         smp_apic_timer_interrupt
>         >         +0x5e/0x90
>         >         > [1281973.370052]  [<c097a440>] ?
>         apic_timer_interrupt
>         >         +0x34/0x3c
>         >         > [1281973.370052]  [<c044007b>] ? console_start
>         +0xb/0x20
>         >         > [1281973.370052]  [<c0979bbf>] ?
>         _raw_spin_unlock_irqrestore
>         >         +0xf/0x20
>         >         > [1281973.370052]  [<c07918d6>] ? ata_scsi_queuecmd
>         >         +0x96/0x250
>         >         > [1281973.370052]  [<c076ad18>] ? scsi_dispatch_cmd
>         >         +0xb8/0x260
>         >         > [1281973.370052]  [<c066007b>] ?
>         queue_store_random
>         >         +0x4b/0x70
>         >         > [1281973.370052]  [<c07711b3>] ? scsi_request_fn
>         +0x2c3/0x4b0
>         >         > [1281973.370052]  [<c042f2b7>] ? kvm_clock_read
>         +0x17/0x20
>         >         > [1281973.370052]  [<c0409448>] ? sched_clock
>         +0x8/0x10
>         >         > [1281973.370052]  [<c065cace>] ? __blk_run_queue
>         +0x2e/0x40
>         >         > [1281973.370052]  [<c066214a>] ?
>         blk_execute_rq_nowait
>         >         +0x6a/0xd0
>         >         > [1281973.370052]  [<c066221d>] ? blk_execute_rq
>         +0x6d/0xe0
>         >         > [1281973.370052]  [<c06620b0>] ?
>         __raw_spin_unlock_irq
>         >         +0x10/0x10
>         >         > [1281973.370052]  [<c0446ba7>] ? irq_exit
>         +0x67/0xb0
>         >         > [1281973.370052]  [<c04258ee>] ?
>         smp_apic_timer_interrupt
>         >         +0x5e/0x90
>         >         > [1281973.370052]  [<c097a440>] ?
>         apic_timer_interrupt
>         >         +0x34/0x3c
>         >         > [1281973.370052]  [<c076ffa0>] ? scsi_execute
>         +0xb0/0x140
>         >         > [1281973.370052]  [<c0771429>] ? scsi_execute_req
>         +0x89/0x100
>         >         > [1281973.370052]  [<c077f3d5>] ? sr_check_events
>         +0xb5/0x2e0
>         >         > [1281973.370052]  [<c07a64cd>] ?
>         cdrom_check_events
>         >         +0x1d/0x40
>         >         > [1281973.370052]  [<c077f856>] ?
>         sr_block_check_events
>         >         +0x16/0x20
>         >         > [1281973.370052]  [<c06663c5>] ? disk_check_events
>         +0x45/0xf0
>         >         > [1281973.370052]  [<c0666485>] ?
>         disk_events_workfn
>         >         +0x15/0x20
>         >         > [1281973.370052]  [<c045788e>] ? process_one_work
>         >         +0x12e/0x3d0
>         >         > [1281973.370052]  [<c097a440>] ?
>         apic_timer_interrupt
>         >         +0x34/0x3c
>         >         > [1281973.370052]  [<c0459939>] ? worker_thread
>         +0x119/0x3b0
>         >         > [1281973.370052]  [<c0459820>] ?
>         flush_delayed_work
>         >         +0x50/0x50
>         >         > [1281973.370052]  [<c045e2a4>] ? kthread+0x94/0xa0
>         >         > [1281973.370052]  [<c0980ef7>] ?
>         ret_from_kernel_thread
>         >         +0x1b/0x28
>         >         > [1281973.370052]  [<c045e210>] ?
>         kthread_create_on_node
>         >         +0xc0/0xc0
>         >         > [1281973.370052] Code: 5d c3 8d b4 26 00 00 00 00
>         89 02 c3
>         >         90 8d 74 26 00
>         >         > 81 fa ff ff 03 00 89 d1 77 2e 81 fa 00 00 01 00 76
>         0e 81 e2
>         >         ff ff 00 00 66
>         >         > ef <c3> 90 8d 74 26 00 55 ba 2c 5a b2 c0 89 e5 89
>         c8 e8 01
>         >         ff ff ff
>         >         > [1281991.139165] ata2: lost interrupt (Status
>         0x58)
>         >         > [1281991.148055] ata2: drained 12 bytes to clear
>         DRQ
>         >         > [1281991.165039] ata2.00: exception Emask 0x0 SAct
>         0x0 SErr
>         >         0x0 action 0x6
>         >         > frozen
>         >         > [1281991.172924] sr 1:0:0:0: CDB:
>         >         > [1281991.172932] Get event status notification: 4a
>         01 00 00
>         >         10 00 00 00 08
>         >         > 00
>         >         > [1281991.497342] ata2.00: cmd
>         >         a0/00:00:00:08:00/00:00:00:00:00/a0 tag 0 pio
>         >         > 16392 in
>         >         > [1281991.497342]          res
>         >         40/00:02:00:04:00/00:00:00:00:00/a0 Emask 0x4
>         >         > (timeout)
>         >         > [1281991.523767] ata2.00: status: { DRDY }
>         >         > [1281991.616161] ata2: soft resetting link
>         >         > [1281998.232648] ata2.01: qc timeout (cmd 0xec)
>         >         > [1281998.238559] ata2.01: failed to IDENTIFY (I/O
>         error,
>         >         err_mask=0x4)
>         >         > [1281998.247432] ata2: soft resetting link
>         >         > [1281998.575468] ata2.01: NODEV after polling
>         detection
>         >         > [1281998.698009] ata2.00: configured for MWDMA2
>         >         > [1281998.714460] ata2: EH complete
>         >
>         >
>         >         Not sure what the deal is with that ATA error.
>          That's a hard
>         >         drive lost
>         >         interrupt problem.  Looks to be on your CD Rom
>         drive?  Looks
>         >         like it
>         >         recovered.
>         >
>         >         > 3. Last but not least after sometime my host
>         kernel crashed
>         >         as a result
>         >         > need to restart the VPC.
>         >
>         >
>         >         I don't understand what you are saying here.  You're
>         saying
>         >         your kernel
>         >         crashed but I don't understand the "as a result
>         of..."  What
>         >         did you do,
>         >         why did you do it, and what happened?
>         >
>         >         > Regards,
>         >         > Ajith
>         >
>         >         Regards,
>         >         Mike
>         >
>         >         > On Thu, May 16, 2013 at 8:09 PM, Ajith Adapa
>         >         <ajith.adapa at gmail.com> wrote:
>         >         >
>         >         > > Thanks @thomas and @michael.
>         >         > >
>         >         > > I will try the RPMs and steps provided to start
>         a
>         >         container.
>         >         > >
>         >         > > Regards,
>         >         > > Ajith
>         >         > >
>         >         > >
>         >         > > On Wed, May 15, 2013 at 2:01 PM, Thomas Moschny
>         >         <thomas.moschny at gmail.com>wrote:
>         >         > >
>         >         > >> 2013/5/14 Michael H. Warfield
>         <mhw at wittsend.com>:
>         >         > >> > What I would recommend as steps on Fedora
>         17...
>         >         > >> >
>         >         > >> > Download lxc-0.9.0 here:
>         >         > >> >
>         >         > >> >
>         >
>         http://lxc.sourceforge.net/download/lxc/lxc-0.9.0.tar.gz
>         >         > >> >
>         >         > >> > You should have rpm-build and friends
>         installed via yum
>         >         on your system.
>         >         > >> > Build the lxc rpms by running rpmbuild (as
>         any user) as
>         >         follows:
>         >         > >>
>         >         > >> You could also try using the pre-built packages
>         I put
>         >         here:
>         >         > >> http://thm.fedorapeople.org/lxc/ .
>         >         > >>
>         >         > >> Regards,
>         >         > >> Thomas
>         >         > >>
>         >         > >>
>         >         > >>
>         >
>         ------------------------------------------------------------------------------
>         >         > >> AlienVault Unified Security Management (USM)
>         platform
>         >         delivers complete
>         >         > >> security visibility with the essential security
>         >         capabilities. Easily and
>         >         > >> efficiently configure, manage, and operate all
>         of your
>         >         security controls
>         >         > >> from a single console and one unified
>         framework. Download
>         >         a free trial.
>         >         > >> http://p.sf.net/sfu/alienvault_d2d
>         >         > >> _______________________________________________
>         >         > >> Lxc-users mailing list
>         >         > >> Lxc-users at lists.sourceforge.net
>         >         > >>
>         https://lists.sourceforge.net/lists/listinfo/lxc-users
>         >         > >>
>         >         > >
>         >         > >
>         >         >
>         >         >
>         >
>         ------------------------------------------------------------------------------
>         >         > AlienVault Unified Security Management (USM)
>         platform
>         >         delivers complete
>         >         > security visibility with the essential security
>         >         capabilities. Easily and
>         >         > efficiently configure, manage, and operate all of
>         your
>         >         security controls
>         >         > from a single console and one unified framework.
>         Download a
>         >         free trial.
>         >         > http://p.sf.net/sfu/alienvault_d2d
>         >         > _______________________________________________
>         Lxc-users
>         >         mailing list Lxc-users at lists.sourceforge.net
>         >
>         https://lists.sourceforge.net/lists/listinfo/lxc-users
>         >
>         >
>         >         --
>         >         Michael H. Warfield (AI4NB) | (770) 985-6132 |
>         >          mhw at WittsEnd.com
>         >            /\/\|=mhw=|\/\/          | (678) 463-0932 |
>         >          http://www.wittsend.com/mhw/
>         >            NIC whois: MHW9          | An optimist believes
>         we live in
>         >         the best of all
>         >          PGP Key: 0x674627FF        | possible worlds.  A
>         pessimist is
>         >         sure of it!
>         >
>         >
>         >
>         >
>         
>         > --
>         > This message has been scanned for viruses and
>         > dangerous content by MailScanner, and is
>         > believed to be clean.
>         
>         --
>         Michael H. Warfield (AI4NB) | (770) 985-6132 |
>          mhw at WittsEnd.com
>            /\/\|=mhw=|\/\/          | (678) 463-0932 |
>          http://www.wittsend.com/mhw/
>            NIC whois: MHW9          | An optimist believes we live in
>         the best of all
>          PGP Key: 0x674627FF        | possible worlds.  A pessimist is
>         sure of it!
>         
> 
> 
> 
> -- 
> This message has been scanned for viruses and 
> dangerous content by MailScanner, and is 
> believed to be clean.

-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20130518/aa132c13/attachment.pgp>


More information about the lxc-users mailing list