[lxc-users] Lower Version ??

CDR venefax at gmail.com
Sun May 4 05:53:26 UTC 2014 

Well, Ubuntu LXC supports NATted containers, and Fedora did not include that.
I am testing now, let's see if it works,
In Fedora 20 using libvirt's default nat network, I could not make it work.
I hope I am more successful with Ubutu, same exact kernel version.
I am using a virtual machine without virtualization available. That
may be the issue.
Yours
Philip

On Sun, May 4, 2014 at 1:11 AM, Michael H. Warfield <mhw at wittsend.com> wrote:
> On Sun, 2014-05-04 at 00:57 -0400, CDR wrote:
>> Dear Friends
>> I am switching my distribution to Ubuntu server. What would ne the
>> right command for a "make rpm" equivalent?
>> I think Fedora dropped the ball on the community. The LXC
>> implementation by Ubuntu is way ahead, because it includes NAT
>> networking.
>
>> Does everybody agree?
>
> What?
>
> I most emphatically don't agree.  I'm on Fedora 20 and have no problem
> at all with this.  I've been working with LXC since Fedora 14 and have
> been instrumental in getting LXC to work with systemd.
>
> Fedora has libvirt and nat and I have no idea what so ever about what
> your are talking about.  I don't generally use nat, since I've got a
> huge public IP address space and I generally work over IPv6 which
> doesn't require NAT but my test containers are typically a mix of
> bridged native and NAT bridge.  What you're say seems to be nonsense in
> my experience.
>
>> Yours
>> Philip
>
> Regards,
> Mike
>
>> On Fri, May 2, 2014 at 1:14 PM, CDR <venefax at gmail.com> wrote:
>> > great information
>> > many thanks
>> >
>> > On Fri, May 2, 2014 at 11:21 AM, Michael H. Warfield <mhw at wittsend.com> wrote:
>> >> On Fri, 2014-05-02 at 11:14 -0400, CDR wrote:
>> >>> I don´t use Selinux since until I can make this work perfectly, it
>> >>> adds complexity to a complex picture.
>> >>> I changed the permissions on the file to 777 and nothing changed.
>> >>> Let me erase the lxc.service file and reinstall the RPMs, and try again
>> >>
>> >> Let me emphasize this fully.  Do NOT change permissions on a file to
>> >> 777.  Lots of security related applications and applications which run
>> >> as root will spot that as a writable file and refuse to run it as if it
>> >> had "Permission Denied" although they generally choose a better message.
>> >> I don't know if systemd does this but, if it doesn't, it should.  It
>> >> should NEVER run a file that is world writable.  Some applications (ssh)
>> >> will even bitch and refuse to use files that are group writable.  Safest
>> >> mode is 555 (read and execute) like should have been set in the rpm.
>> >>
>> >> Regards,
>> >> Mike
>> >>
>> >>> On Fri, May 2, 2014 at 10:57 AM, Michael H. Warfield <mhw at wittsend.com> wrote:
>> >>> > On Fri, 2014-05-02 at 10:24 -0400, CDR wrote:
>> >>> >> It works fine if I change the systemd service file and replace the two lines.
>> >>> >> I suggest that the patch also changes these two lines, or nobody else
>> >>> >> is going to make this work.
>> >>> >
>> >>> > No.  Dwight and I have been discussing this, some on-list and some
>> >>> > off-list, and he's correct that there's a timing issue if you need
>> >>> > libvirt up and the libvirt bridge.  I've confirmed this in some of my
>> >>> > tests where not all of my containers get started properly (early ones
>> >>> > failing and later ones starting).
>> >>> >
>> >>> > It looks like it works but there's an indeterminency in there that may
>> >>> > not be immediately be apparent.  I suggested it but I see where it may
>> >>> > work in may of my cases but there are too many corner cases where it
>> >>> > won't work properly.
>> >>> >
>> >>> > I think he asked you what the permissions where on the file.  I'm
>> >>> > curious if we're dealing with some sort of selinux gotcha and wondering
>> >>> > if your running with selinux enabled or disabled.
>> >>> >
>> >>> > Regards,
>> >>> > Mike
>> >>> >
>> >>> >> > /usr/lib/systemd/system/lxc.service
>> >>> >> >
>> >>> >> > Change these lines:
>> >>> >> >
>> >>> >> > ExecStart=/usr/libexec/lxc/lxc-startup start
>> >>> >> > ExecStop=/usr/libexec/lxc/lxc-startup stop
>> >>> >> >
>> >>> >> > To this:
>> >>> >> >
>> >>> >> ExecStart=/usr/bin/lxc-autostart -a
>> >>> >> ExecStop=/usr/bin/lxc-autostart -s
>> >>> >>
>> >>> >> On Fri, May 2, 2014 at 9:40 AM, Dwight Engen <dwight.engen at oracle.com> wrote:
>> >>> >> > On Thu, 1 May 2014 22:07:44 -0400
>> >>> >> > CDR <venefax at gmail.com> wrote:
>> >>> >> >
>> >>> >> >> After installng the RPMs with the patch
>> >>> >> >>
>> >>> >> >> systemctl start lxc
>> >>> >> >> Job for lxc.service failed. See 'systemctl status lxc.service' and
>> >>> >> >> 'journalctl -xn' for details.
>> >>> >> >> [root at hyperv ~]# journalctl -xn -l
>> >>> >> >> -- Logs begin at Tue 2014-03-25 10:13:43 EDT, end at Thu 2014-05-01
>> >>> >> >> 10:04:10 EDT. --
>> >>> >> >> May 01 10:04:04 hyperv systemd[1]: Reloading.
>> >>> >> >> May 01 10:04:06 hyperv PackageKit[1531]: daemon quit
>> >>> >> >> May 01 10:04:10 hyperv systemd[1]: Starting LXC Container
>> >>> >> >> Initialization and Autoboot Code...
>> >>> >> >> -- Subject: Unit lxc.service has begun with start-up
>> >>> >> >> -- Defined-By: systemd
>> >>> >> >> -- Support:
>> >>> >> >> http://lists.freedesktop.org/mailman/listinfo/systemd-devel --
>> >>> >> >> -- Unit lxc.service has begun starting up.
>> >>> >> >> May 01 10:04:10 hyperv lxc-devsetup[1817]: Creating /dev/.lxc
>> >>> >> >> May 01 10:04:10 hyperv lxc-devsetup[1817]: /dev is devtmpfs
>> >>> >> >> May 01 10:04:10 hyperv lxc-devsetup[1817]: Creating /dev/.lxc/user
>> >>> >> >> May 01 10:04:10 hyperv systemd[1825]: Failed at step EXEC spawning
>> >>> >> >> /usr/libexec/lxc/lxc-startup: Permission denied
>> >>> >> >
>> >>> >> > Can you check the permissions on /usr/libexec/lxc/lxc-startup? The rpm
>> >>> >> > spec file installs it 0555. Not sure why systemd can't exec it.
>> >>> >> >
>> >>> >> >> -- Subject: Process /usr/libexec/lxc/lxc-startup could not be executed
>> >>> >> >> -- Defined-By: systemd
>> >>> >> >> -- Support:
>> >>> >> >> http://lists.freedesktop.org/mailman/listinfo/systemd-devel --
>> >>> >> >> -- The process /usr/libexec/lxc/lxc-startup could not be executed and
>> >>> >> >> failed. --
>> >>> >> >> -- The error number returned while executing this process is 13.
>> >>> >> >> May 01 10:04:10 hyperv systemd[1]: lxc.service: main process exited,
>> >>> >> >> code=exited, status=203/EXEC
>> >>> >> >> May 01 10:04:10 hyperv systemd[1]: Failed to start LXC Container
>> >>> >> >> Initialization and Autoboot Code.
>> >>> >> >> -- Subject: Unit lxc.service has failed
>> >>> >> >>
>> >>> >> >> On Thu, May 1, 2014 at 9:16 PM, CDR <venefax at gmail.com> wrote:
>> >>> >> >> > When I apply the patch over the git version, I keep getting
>> >>> >> >> >  git am ../lxc.patch
>> >>> >> >> > Patch does not have a valid e-mail address
>> >>> >> >> >
>> >>> >> >> > How should I approach this? Sorry I am not  an expert.
>> >>> >> >> > Philip
>> >>> >> >> >
>> >>> >> >> > On Thu, May 1, 2014 at 9:08 PM, Dwight Engen
>> >>> >> >> > <dwight.engen at oracle.com> wrote:
>> >>> >> >> >> On Thu, 1 May 2014 20:28:44 -0400
>> >>> >> >> >> CDR <venefax at gmail.com> wrote:
>> >>> >> >> >>
>> >>> >> >> >>> Dear Friends
>> >>> >> >> >>>
>> >>> >> >> >>> I followed this instructions
>> >>> >> >> >>>
>> >>> >> >> >>> git clone git://github.com/lxc/lxc
>> >>> >> >> >>> cd lxc
>> >>> >> >> >>> git am /path/to/0001-have-systemd-
>> >>> >> >> >>> service-call-lxc-autostart-via-script.patch
>> >>> >> >> >>> ./autogen.sh
>> >>> >> >> >>> ./configure
>> >>> >> >> >>> make rpm
>> >>> >> >> >>> yum reinstall ~/rpmbuild/RPMS/x86_64/lxc*
>> >>> >> >> >>>
>> >>> >> >> >>> but the RPMs genrated are of a lower version of what I had,
>> >>> >> >> >>> compiled from code
>> >>> >> >> >>>
>> >>> >> >> >>> I get now
>> >>> >> >> >>> /root/rpmbuild/RPMS/x86_64/lxc-1.0.0-1.fc20.x86_64.rpm
>> >>> >> >> >>> /root/rpmbuild/RPMS/x86_64/lxc-devel-1.0.0-1.fc20.x86_64.rpm
>> >>> >> >> >>> /root/rpmbuild/RPMS/x86_64/lxc-debuginfo-1.0.0-1.fc20.x86_64.rpm
>> >>> >> >> >>> /root/rpmbuild/RPMS/x86_64/lxc-libs-1.0.0-1.fc20.x86_64.rpm
>> >>> >> >> >>>
>> >>> >> >> >>> but I have installed
>> >>> >> >> >>>
>> >>> >> >> >>> rpm -qa | grep lxc
>> >>> >> >> >>> lxc-devel-1.0.3-1.fc20.x86_64
>> >>> >> >> >>> libvirt-daemon-driver-lxc-1.1.3.4-4.fc20.x86_64
>> >>> >> >> >>> lxc-libs-1.0.3-1.fc20.x86_64
>> >>> >> >> >>> lxc-debuginfo-1.0.3-1.fc20.x86_64
>> >>> >> >> >>> lxc-1.0.3-1.fc20.x86_64
>> >>> >> >> >>>
>> >>> >> >> >>>
>> >>> >> >> >>> Did I missed something?
>> >>> >> >> >>
>> >>> >> >> >> This is because you are building against git master, 1.0.3 is the
>> >>> >> >> >> stable branch. Stéphane, I wonder if we should set
>> >>> >> >> >> lxc_version_micro in master's configure.ac to x or git or
>> >>> >> >> >> something to make it clear that it isn't the tagged 1.0.0? Of
>> >>> >> >> >> course I don't know if .x is considered "newer" than .3 for an rpm
>> >>> >> >> >> upgrade but it would be less confusing for people building their
>> >>> >> >> >> own rpm.
>> >>> >> >> >>
>> >>> >> >> >>> Thanks for your continued assistance.
>> >>> >> >> >>
>> >>> >> >> >> Philip, you can uninstall your current packages with rpm -e
>> >>> >> >> >> lxc-devel lxc-debuginfo lxc-libs lxc and then install the ones you
>> >>> >> >> >> built.
>> >>> >> >> >>
>> >>> >> >> >>> Philip
>> >>> >> >> >>> _______________________________________________
>> >>> >> >> >>> lxc-users mailing list
>> >>> >> >> >>> lxc-users at lists.linuxcontainers.org
>> >>> >> >> >>> http://lists.linuxcontainers.org/listinfo/lxc-users
>> >>> >> >> >> _______________________________________________
>> >>> >> >> >> lxc-users mailing list
>> >>> >> >> >> lxc-users at lists.linuxcontainers.org
>> >>> >> >> >> http://lists.linuxcontainers.org/listinfo/lxc-users
>> >>> >> >> _______________________________________________
>> >>> >> >> lxc-users mailing list
>> >>> >> >> lxc-users at lists.linuxcontainers.org
>> >>> >> >> http://lists.linuxcontainers.org/listinfo/lxc-users
>> >>> >> > _______________________________________________
>> >>> >> > lxc-users mailing list
>> >>> >> > lxc-users at lists.linuxcontainers.org
>> >>> >> > http://lists.linuxcontainers.org/listinfo/lxc-users
>> >>> >> _______________________________________________
>> >>> >> lxc-users mailing list
>> >>> >> lxc-users at lists.linuxcontainers.org
>> >>> >> http://lists.linuxcontainers.org/listinfo/lxc-users
>> >>> >
>> >>> > --
>> >>> > Michael H. Warfield (AI4NB) | (770) 978-7061 |  mhw at WittsEnd.com
>> >>> >    /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
>> >>> >    NIC whois: MHW9          | An optimist believes we live in the best of all
>> >>> >  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
>> >>> >
>> >>> >
>> >>> > _______________________________________________
>> >>> > lxc-users mailing list
>> >>> > lxc-users at lists.linuxcontainers.org
>> >>> > http://lists.linuxcontainers.org/listinfo/lxc-users
>> >>> _______________________________________________
>> >>> lxc-users mailing list
>> >>> lxc-users at lists.linuxcontainers.org
>> >>> http://lists.linuxcontainers.org/listinfo/lxc-users
>> >>
>> >> --
>> >> Michael H. Warfield (AI4NB) | (770) 978-7061 |  mhw at WittsEnd.com
>> >>    /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
>> >>    NIC whois: MHW9          | An optimist believes we live in the best of all
>> >>  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
>> >>
>> >>
>> >> _______________________________________________
>> >> lxc-users mailing list
>> >> lxc-users at lists.linuxcontainers.org
>> >> http://lists.linuxcontainers.org/listinfo/lxc-users
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>
> --
> Michael H. Warfield (AI4NB) | (770) 978-7061 |  mhw at WittsEnd.com
>    /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
>    NIC whois: MHW9          | An optimist believes we live in the best of all
>  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
>
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users

More information about the lxc-users mailing list