[lxc-users] Lower Version ??
Michael H. Warfield
mhw at WittsEnd.com
Sun May 4 05:11:29 UTC 2014
On Sun, 2014-05-04 at 00:57 -0400, CDR wrote:
> Dear Friends
> I am switching my distribution to Ubuntu server. What would ne the
> right command for a "make rpm" equivalent?
> I think Fedora dropped the ball on the community. The LXC
> implementation by Ubuntu is way ahead, because it includes NAT
> networking.
> Does everybody agree?
What?
I most emphatically don't agree. I'm on Fedora 20 and have no problem
at all with this. I've been working with LXC since Fedora 14 and have
been instrumental in getting LXC to work with systemd.
Fedora has libvirt and nat and I have no idea what so ever about what
your are talking about. I don't generally use nat, since I've got a
huge public IP address space and I generally work over IPv6 which
doesn't require NAT but my test containers are typically a mix of
bridged native and NAT bridge. What you're say seems to be nonsense in
my experience.
> Yours
> Philip
Regards,
Mike
> On Fri, May 2, 2014 at 1:14 PM, CDR <venefax at gmail.com> wrote:
> > great information
> > many thanks
> >
> > On Fri, May 2, 2014 at 11:21 AM, Michael H. Warfield <mhw at wittsend.com> wrote:
> >> On Fri, 2014-05-02 at 11:14 -0400, CDR wrote:
> >>> I don´t use Selinux since until I can make this work perfectly, it
> >>> adds complexity to a complex picture.
> >>> I changed the permissions on the file to 777 and nothing changed.
> >>> Let me erase the lxc.service file and reinstall the RPMs, and try again
> >>
> >> Let me emphasize this fully. Do NOT change permissions on a file to
> >> 777. Lots of security related applications and applications which run
> >> as root will spot that as a writable file and refuse to run it as if it
> >> had "Permission Denied" although they generally choose a better message.
> >> I don't know if systemd does this but, if it doesn't, it should. It
> >> should NEVER run a file that is world writable. Some applications (ssh)
> >> will even bitch and refuse to use files that are group writable. Safest
> >> mode is 555 (read and execute) like should have been set in the rpm.
> >>
> >> Regards,
> >> Mike
> >>
> >>> On Fri, May 2, 2014 at 10:57 AM, Michael H. Warfield <mhw at wittsend.com> wrote:
> >>> > On Fri, 2014-05-02 at 10:24 -0400, CDR wrote:
> >>> >> It works fine if I change the systemd service file and replace the two lines.
> >>> >> I suggest that the patch also changes these two lines, or nobody else
> >>> >> is going to make this work.
> >>> >
> >>> > No. Dwight and I have been discussing this, some on-list and some
> >>> > off-list, and he's correct that there's a timing issue if you need
> >>> > libvirt up and the libvirt bridge. I've confirmed this in some of my
> >>> > tests where not all of my containers get started properly (early ones
> >>> > failing and later ones starting).
> >>> >
> >>> > It looks like it works but there's an indeterminency in there that may
> >>> > not be immediately be apparent. I suggested it but I see where it may
> >>> > work in may of my cases but there are too many corner cases where it
> >>> > won't work properly.
> >>> >
> >>> > I think he asked you what the permissions where on the file. I'm
> >>> > curious if we're dealing with some sort of selinux gotcha and wondering
> >>> > if your running with selinux enabled or disabled.
> >>> >
> >>> > Regards,
> >>> > Mike
> >>> >
> >>> >> > /usr/lib/systemd/system/lxc.service
> >>> >> >
> >>> >> > Change these lines:
> >>> >> >
> >>> >> > ExecStart=/usr/libexec/lxc/lxc-startup start
> >>> >> > ExecStop=/usr/libexec/lxc/lxc-startup stop
> >>> >> >
> >>> >> > To this:
> >>> >> >
> >>> >> ExecStart=/usr/bin/lxc-autostart -a
> >>> >> ExecStop=/usr/bin/lxc-autostart -s
> >>> >>
> >>> >> On Fri, May 2, 2014 at 9:40 AM, Dwight Engen <dwight.engen at oracle.com> wrote:
> >>> >> > On Thu, 1 May 2014 22:07:44 -0400
> >>> >> > CDR <venefax at gmail.com> wrote:
> >>> >> >
> >>> >> >> After installng the RPMs with the patch
> >>> >> >>
> >>> >> >> systemctl start lxc
> >>> >> >> Job for lxc.service failed. See 'systemctl status lxc.service' and
> >>> >> >> 'journalctl -xn' for details.
> >>> >> >> [root at hyperv ~]# journalctl -xn -l
> >>> >> >> -- Logs begin at Tue 2014-03-25 10:13:43 EDT, end at Thu 2014-05-01
> >>> >> >> 10:04:10 EDT. --
> >>> >> >> May 01 10:04:04 hyperv systemd[1]: Reloading.
> >>> >> >> May 01 10:04:06 hyperv PackageKit[1531]: daemon quit
> >>> >> >> May 01 10:04:10 hyperv systemd[1]: Starting LXC Container
> >>> >> >> Initialization and Autoboot Code...
> >>> >> >> -- Subject: Unit lxc.service has begun with start-up
> >>> >> >> -- Defined-By: systemd
> >>> >> >> -- Support:
> >>> >> >> http://lists.freedesktop.org/mailman/listinfo/systemd-devel --
> >>> >> >> -- Unit lxc.service has begun starting up.
> >>> >> >> May 01 10:04:10 hyperv lxc-devsetup[1817]: Creating /dev/.lxc
> >>> >> >> May 01 10:04:10 hyperv lxc-devsetup[1817]: /dev is devtmpfs
> >>> >> >> May 01 10:04:10 hyperv lxc-devsetup[1817]: Creating /dev/.lxc/user
> >>> >> >> May 01 10:04:10 hyperv systemd[1825]: Failed at step EXEC spawning
> >>> >> >> /usr/libexec/lxc/lxc-startup: Permission denied
> >>> >> >
> >>> >> > Can you check the permissions on /usr/libexec/lxc/lxc-startup? The rpm
> >>> >> > spec file installs it 0555. Not sure why systemd can't exec it.
> >>> >> >
> >>> >> >> -- Subject: Process /usr/libexec/lxc/lxc-startup could not be executed
> >>> >> >> -- Defined-By: systemd
> >>> >> >> -- Support:
> >>> >> >> http://lists.freedesktop.org/mailman/listinfo/systemd-devel --
> >>> >> >> -- The process /usr/libexec/lxc/lxc-startup could not be executed and
> >>> >> >> failed. --
> >>> >> >> -- The error number returned while executing this process is 13.
> >>> >> >> May 01 10:04:10 hyperv systemd[1]: lxc.service: main process exited,
> >>> >> >> code=exited, status=203/EXEC
> >>> >> >> May 01 10:04:10 hyperv systemd[1]: Failed to start LXC Container
> >>> >> >> Initialization and Autoboot Code.
> >>> >> >> -- Subject: Unit lxc.service has failed
> >>> >> >>
> >>> >> >> On Thu, May 1, 2014 at 9:16 PM, CDR <venefax at gmail.com> wrote:
> >>> >> >> > When I apply the patch over the git version, I keep getting
> >>> >> >> > git am ../lxc.patch
> >>> >> >> > Patch does not have a valid e-mail address
> >>> >> >> >
> >>> >> >> > How should I approach this? Sorry I am not an expert.
> >>> >> >> > Philip
> >>> >> >> >
> >>> >> >> > On Thu, May 1, 2014 at 9:08 PM, Dwight Engen
> >>> >> >> > <dwight.engen at oracle.com> wrote:
> >>> >> >> >> On Thu, 1 May 2014 20:28:44 -0400
> >>> >> >> >> CDR <venefax at gmail.com> wrote:
> >>> >> >> >>
> >>> >> >> >>> Dear Friends
> >>> >> >> >>>
> >>> >> >> >>> I followed this instructions
> >>> >> >> >>>
> >>> >> >> >>> git clone git://github.com/lxc/lxc
> >>> >> >> >>> cd lxc
> >>> >> >> >>> git am /path/to/0001-have-systemd-
> >>> >> >> >>> service-call-lxc-autostart-via-script.patch
> >>> >> >> >>> ./autogen.sh
> >>> >> >> >>> ./configure
> >>> >> >> >>> make rpm
> >>> >> >> >>> yum reinstall ~/rpmbuild/RPMS/x86_64/lxc*
> >>> >> >> >>>
> >>> >> >> >>> but the RPMs genrated are of a lower version of what I had,
> >>> >> >> >>> compiled from code
> >>> >> >> >>>
> >>> >> >> >>> I get now
> >>> >> >> >>> /root/rpmbuild/RPMS/x86_64/lxc-1.0.0-1.fc20.x86_64.rpm
> >>> >> >> >>> /root/rpmbuild/RPMS/x86_64/lxc-devel-1.0.0-1.fc20.x86_64.rpm
> >>> >> >> >>> /root/rpmbuild/RPMS/x86_64/lxc-debuginfo-1.0.0-1.fc20.x86_64.rpm
> >>> >> >> >>> /root/rpmbuild/RPMS/x86_64/lxc-libs-1.0.0-1.fc20.x86_64.rpm
> >>> >> >> >>>
> >>> >> >> >>> but I have installed
> >>> >> >> >>>
> >>> >> >> >>> rpm -qa | grep lxc
> >>> >> >> >>> lxc-devel-1.0.3-1.fc20.x86_64
> >>> >> >> >>> libvirt-daemon-driver-lxc-1.1.3.4-4.fc20.x86_64
> >>> >> >> >>> lxc-libs-1.0.3-1.fc20.x86_64
> >>> >> >> >>> lxc-debuginfo-1.0.3-1.fc20.x86_64
> >>> >> >> >>> lxc-1.0.3-1.fc20.x86_64
> >>> >> >> >>>
> >>> >> >> >>>
> >>> >> >> >>> Did I missed something?
> >>> >> >> >>
> >>> >> >> >> This is because you are building against git master, 1.0.3 is the
> >>> >> >> >> stable branch. Stéphane, I wonder if we should set
> >>> >> >> >> lxc_version_micro in master's configure.ac to x or git or
> >>> >> >> >> something to make it clear that it isn't the tagged 1.0.0? Of
> >>> >> >> >> course I don't know if .x is considered "newer" than .3 for an rpm
> >>> >> >> >> upgrade but it would be less confusing for people building their
> >>> >> >> >> own rpm.
> >>> >> >> >>
> >>> >> >> >>> Thanks for your continued assistance.
> >>> >> >> >>
> >>> >> >> >> Philip, you can uninstall your current packages with rpm -e
> >>> >> >> >> lxc-devel lxc-debuginfo lxc-libs lxc and then install the ones you
> >>> >> >> >> built.
> >>> >> >> >>
> >>> >> >> >>> Philip
> >>> >> >> >>> _______________________________________________
> >>> >> >> >>> lxc-users mailing list
> >>> >> >> >>> lxc-users at lists.linuxcontainers.org
> >>> >> >> >>> http://lists.linuxcontainers.org/listinfo/lxc-users
> >>> >> >> >> _______________________________________________
> >>> >> >> >> lxc-users mailing list
> >>> >> >> >> lxc-users at lists.linuxcontainers.org
> >>> >> >> >> http://lists.linuxcontainers.org/listinfo/lxc-users
> >>> >> >> _______________________________________________
> >>> >> >> lxc-users mailing list
> >>> >> >> lxc-users at lists.linuxcontainers.org
> >>> >> >> http://lists.linuxcontainers.org/listinfo/lxc-users
> >>> >> > _______________________________________________
> >>> >> > lxc-users mailing list
> >>> >> > lxc-users at lists.linuxcontainers.org
> >>> >> > http://lists.linuxcontainers.org/listinfo/lxc-users
> >>> >> _______________________________________________
> >>> >> lxc-users mailing list
> >>> >> lxc-users at lists.linuxcontainers.org
> >>> >> http://lists.linuxcontainers.org/listinfo/lxc-users
> >>> >
> >>> > --
> >>> > Michael H. Warfield (AI4NB) | (770) 978-7061 | mhw at WittsEnd.com
> >>> > /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
> >>> > NIC whois: MHW9 | An optimist believes we live in the best of all
> >>> > PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
> >>> >
> >>> >
> >>> > _______________________________________________
> >>> > lxc-users mailing list
> >>> > lxc-users at lists.linuxcontainers.org
> >>> > http://lists.linuxcontainers.org/listinfo/lxc-users
> >>> _______________________________________________
> >>> lxc-users mailing list
> >>> lxc-users at lists.linuxcontainers.org
> >>> http://lists.linuxcontainers.org/listinfo/lxc-users
> >>
> >> --
> >> Michael H. Warfield (AI4NB) | (770) 978-7061 | mhw at WittsEnd.com
> >> /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
> >> NIC whois: MHW9 | An optimist believes we live in the best of all
> >> PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
> >>
> >>
> >> _______________________________________________
> >> lxc-users mailing list
> >> lxc-users at lists.linuxcontainers.org
> >> http://lists.linuxcontainers.org/listinfo/lxc-users
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
--
Michael H. Warfield (AI4NB) | (770) 978-7061 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20140504/0aabc57b/attachment.sig>
More information about the lxc-users
mailing list