[lxc-users] Converting from libvirt lxc

Saint Michael venefax at gmail.com
Wed Dec 2 16:09:56 UTC 2015 

I could not find on Google any mention of Red Hat killing LXC on  Libvirt.
Care to elaborate?


On Wed, Dec 2, 2015 at 10:30 AM, Daniel P. Berrange <berrange at redhat.com>
wrote:

> On Mon, Nov 30, 2015 at 02:43:39PM -0800, Peter Steele wrote:
> > This message is a bit long and I apologize for that, although the bulk is
> > cut-and-paste output. I'm migrating our container project from
> libvirt-lxc
> > under CentOS 7.1 to LXC and I'm seeing some errors in /var/log/messages
> that
> > I don't see in libvirt-lxc. The LXC containers I am creating are based on
> > the same custom CentOS image that I've been using with libvirt-lxc. My
> > assumption is that this image should be able to be used without any
> > significant changes as long as I have the appropriate config file defined
> > for this image when an LXC container is installed.
> >
> > The lxc-create command I'm using looks generally like this:
> >
> > # lxc-create -f /hf/cs/vm-03/config -t /bin/true -n vm-03
> > --dir=/hf/cs/vm-03/rootfs
> >
> > where the config file has the following options defined:
> >
> >     lxc.tty = 4
> >     lxc.pts = 1024
> >     lxc.kmsg = 0
> >     lxc.utsname = vm-03
> >     lxc.network.type = veth
> >     lxc.network.flags = up
> >     lxc.network.link = br0
> >     lxc.network.veth.pair = vm-03
> >     lxc.network.hwaddr = fe:d6:e8:f2:aa:e6
> >     lxc.rootfs = /hf/cs/vm-03/rootfs
> >
> > When a container boots, I'm seeing the set of errors below:
> >
> >     Nov 30 09:28:48 vm-03 systemd-udevd: inotify_add_watch(7, /dev/sdb,
> 10)
> > failed: No such file or directory
> >     Nov 30 09:28:48 vm-03 systemd-udevd: inotify_add_watch(7, /dev/sdb1,
> 10)
> > failed: No such file or directory
> >     Nov 30 09:28:48 vm-03 systemd-udevd: inotify_add_watch(7, /dev/sda,
> 10)
> > failed: No such file or directory
> >     Nov 30 09:28:48 vm-03 systemd-udevd: inotify_add_watch(7, /dev/sdb2,
> 10)
> > failed: No such file or directory
> >     Nov 30 09:28:48 vm-03 systemd-udevd: inotify_add_watch(7, /dev/sdb4,
> 10)
> > failed: No such file or directory
> >     Nov 30 09:28:48 vm-03 systemd-udevd: inotify_add_watch(7, /dev/sdb3,
> 10)
> > failed: No such file or directory
> >     Nov 30 09:28:48 vm-03 systemd-udevd: inotify_add_watch(7, /dev/sda4,
> 10)
> > failed: No such file or directory
> >     Nov 30 09:28:48 vm-03 systemd-udevd: inotify_add_watch(7, /dev/sda3,
> 10)
> > failed: No such file or directory
> >     Nov 30 09:28:48 vm-03 systemd-udevd: inotify_add_watch(7, /dev/sda2,
> 10)
> > failed: No such file or directory
> >     Nov 30 09:28:48 vm-03 systemd-udevd: inotify_add_watch(7, /dev/sda1,
> 10)
> > failed: No such file or directory
> >     Nov 30 09:28:49 vm-03 systemd-udevd: inotify_add_watch(7, /dev/sdc,
> 10)
> > failed: No such file or directory
> >     Nov 30 09:28:49 vm-03 systemd-udevd: inotify_add_watch(7, /dev/sdc2,
> 10)
> > failed: No such file or directory
> >     Nov 30 09:28:49 vm-03 systemd-udevd: inotify_add_watch(7, /dev/sdc1,
> 10)
> > failed: No such file or directory
> >     ...
> >     Nov 30 09:28:56 vm-03 systemd-udevd: Failed to apply ACL on
> > /dev/snd/hwC0D0: No such file or directory
> >     Nov 30 09:28:56 vm-03 systemd-udevd: Failed to apply ACL on
> > /dev/snd/controlC0: No such file or directory
> >     Nov 30 09:28:56 vm-03 systemd-udevd: Failed to apply ACL on
> > /dev/snd/pcmC0D0c: No such file or directory
> >     Nov 30 09:28:56 vm-03 systemd-udevd: Failed to apply ACL on
> > /dev/snd/pcmC0D0p: No such file or directory
> >     Nov 30 09:28:56 vm-03 systemd-udevd: Failed to apply ACL on
> > /dev/dri/card0: No such file or directory
> >
> > The host's drives have not been made available in the containers, and
> that's
> > intentional. These errors are all being created by the udev service of
> > course, and that's the ultimate cause. When I create a container under
> > libvirt-lxc though, the udev service is not enabled and I therefore do
> not
> > see these errors. Containers created with LXC using the same CentOS image
> > have the udev suite of services enabled, and even if I explicitly disable
> > them using
> >
> > # systemctl disable systemd-udevd-kernel.socket
> > # systemctl disable systemd-udevd-control.socket
> > # systemctl disable systemd-udevd.service
> > # systemctl disable systemd-udev-trigger.service
> >
> > when I restart the container the services are enabled and I still see
> these
> > errors. My guess is I'm missing something in the config file for my LXC
> > containers but I'm not sure what's needed. This appears to be further
> > indicated by the set of sys services that are running in my libvirt-lxc
> > containers:
>
> The systemd-udevd.service file has
>
>    ConditionPathIsReadWrite=/sys
>
> And libvirt LXC sets /sys as read-only, so if you have /sys as writable
> that could explain the difference in behaviour.
>
> The other notable thing libvirt does is drop  CAP_SYS_MKNOD. Previously
> systemd would look at that capability when starting some things like udev,
> but it looks like these days it triggers off /sys  read-only status.
>
>
> > Is the udev service needed in LXC and if so, how do I keep it from
> > complaining?
>
> No, you really don't want udev enabled or running inside containers at all.
>
> Regards,
> Daniel
> --
> |: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/
> :|
> |: http://libvirt.org              -o-             http://virt-manager.org
> :|
> |: http://autobuild.org       -o-         http://search.cpan.org/~danberr/
> :|
> |: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc
> :|
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20151202/3172a3b0/attachment-0001.html>

More information about the lxc-users mailing list