[Lxc-users] lxc-centos/lxc-rhel?

Thu Oct 10 18:56:14 UTC 2013

On Thu, 10 Oct 2013 18:21:31 +0200
Tamas Papp <tompos at martos.bme.hu> wrote:

> On 10/02/2013 05:41 PM, Dwight Engen wrote:
> > On Mon, 30 Sep 2013 23:18:59 +0200
> > Tamas Papp <tompos at martos.bme.hu> wrote:
> >
> >> On 09/30/2013 08:37 PM, Michael H. Warfield wrote:
> >>
> >>
> >> Dwight,
> >>
> >> Actually I have a problem with the Oracle template.
> >> I have a a couple of Oracle Linux containers and they are running
> >> fine. There are running Oracle Databases as well...
> >>
> >> But I cannot run anything through an ssh session noninteractively
> >> or copy files to the containers by scp as a destionation.
> >>
> >> Eg.:
> >>
> >> $ ssh container echo
> >> $ scp file container:
> >>
> >> It's waiting for something and I could not find out.
> > Hi Tamas, sorry, I know you brought this up before and I wasn't
> > sure if you got it solved or not. First off the host doesn't know
> > the container by name so unless you've done something special the
> > resolving of "container" isn't going to just work (ie. "ping
> > container" should fail
> 
> Yes, I know about that. This not that case:)
> 
> > to resolve to an IP). You can use a recent version of lxc-info to
> > get the containers' IP. Here is a session I just did in Ubuntu that
> > I think is similar to what you are trying to do:
> >
> > root at xubu:~# lxc-create -n ol -t oracle -- -u
> > ftp://mymirror/ol-public-yum <lots of output>
> > root at xubu:~# lxc-start -d -n ol
> > <wait a few seconds for it to start>
> > root at xubu:~# lxc-info -n ol
> > state:  RUNNING
> > pid:    8685
> > ip:     10.0.3.163
> > root at xubu:~# ssh 10.0.3.163
> > The authenticity of host '10.0.3.163 (10.0.3.163)' can't be
> > established. RSA key fingerprint is
> > 2c:1a:82:14:24:72:c5:41:db:3e:b8:65:f9:c6:7e:35. Are you sure you
> > want to continue connecting (yes/no)? yes Warning: Permanently
> > added '10.0.3.163' (RSA) to the list of known hosts. <long pause
> > here...> root at 10.0.3.163's password: 
> > [root at ol ~]# vi /etc/ssh/sshd_config
> > <set GSSAPIAuthentication no>
> > [root at ol ~]# halt
> > <container shuts down>
> > root at xubu:~# lxc-start -d -n ol
> > root at xubu:~# ssh 10.0.3.163
> > root at 10.0.3.163's password: 
> > Last login: Wed Oct  2 11:09:07 2013 from 10.0.3.1
> > [root at ol ~]# 
> > [root at ol ~]# exit
> > logout
> > Connection to 10.0.3.163 closed.
> > root at xubu:~# scp 10.0.3.163:/etc/fstab .
> > root at 10.0.3.163's password: 
> > bash: scp: command not found
> > <This is because openssh-clients wasn't installed in the container,
> > so we have to go install that. I think I should add that to be
> > installed by default in the template>
> 
> [Good idea.]
> 
> > root at xubu:~# ssh 10.0.3.163
> > root at 10.0.3.163's password: 
> > Last login: Wed Oct  2 11:11:38 2013 from 10.0.3.1
> > [root at ol ~]# echo "192.168.1.30 mymirror" >>/etc/hosts
> > [root at ol ~]# yum install openssh-clients
> > <lots of yum output>
> > [root at ol ~]# exit
> > logout
> > Connection to 10.0.3.163 closed.
> > root at xubu:~# scp 10.0.3.163:/etc/fstab .
> > root at 10.0.3.163's password: 
> > fstab
> > 100%    0     0.0KB/s   00:00    
> > root at xubu:~# 
> > root at xubu:~# scp fstab 10.0.3.163:
> > root at 10.0.3.163's password: 
> > fstab
> > 100%    0     0.0KB/s   00:00    
> >
> > So I hopefully your situation is similar and disabling the
> > GSSAPIAuthentication or setting UseDNS no in the containers
> > sshd_config will reduce the wait times. Also, the openssh-clients
> > package has to be installed in the container for scp to work. For
> > now you can manually install it in the container using yum or the
> > -r option to the template when creating a new OL container. I'll
> > submit a patch for the template that includes that package by
> > default so scp in/out will work out of the box.
> 
> Unfortunately disabling GSSAPI* and UseDNS options doesn't help. I
> experience the same problem.
> BTW, our system works fine, DNS is fine, Ubuntu and Debian containers,
> HW based OL installations and everything works as they expected.
> In fact OL containers are working fine, except this issue. For I can
> run Oracel DB inside one.
> 
> If you tell me, how to debug, what to do, I can try that. Currently
> I'm out of ideas:/

Hmm not sure what could be the issue. I would start by running ssh -vv
against the container and see where it is getting stuck.

> 10x
> tamas
> 
> ps.: Sorry again and thanks for not forgetting this email;)