[lxc-users] Converting from libvirt lxc

Peter Steele pwsteele at gmail.com
Wed Dec 2 18:14:58 UTC 2015 

On 12/02/2015 07:23 AM, Fajar A. Nugraha wrote:
> On Wed, Dec 2, 2015 at 9:49 PM, Peter Steele <pwsteele at gmail.com 
> <mailto:pwsteele at gmail.com>>wrote:
>
>     On 12/01/2015 08:25 PM, Fajar A. Nugraha wrote:
>>     Is there a reason why you can't install a centos7 container using
>>     the download template? It would've been MUCH easier, and some of
>>     the things you asked wouldn't even be an issue.
>
>     So, that long winded answer is why we can't just use the LXC
>     template for CentOS directly. I was assuming (hoping) that the
>     libvirt container image we build would be largely LXC friendly.
>     Apparently it's not going to be quite as straightforward as I'd
>     hoped. I'm going to have to dissect the steps used for creating a
>     CentOS LXC template and make sure our container image provides
>     what is needed/expected by LXC.
>
>
>
> Actually my point was about the config file :)
D'oh! My mistake; sorry for the history lesson then, I hope it was 
interesting reading... :-)

As for the config file, I believe what I am now using is the same config 
file, more or less, that's used by LXC containers created with the 
CentOS template. I just incorporated the centos.common.conf settings 
into my own config file directly. Although I did tweak some things a bit 
and eliminated things that weren't needed (like lxc.seccomp). I did a 
quick test and ran the command

lxc-create -t centos -n test1

to create a container using the centos default settings. The resulting 
config file doesn't look a whole lot different than my manually crafted 
version. Something doesn't seem quite right though; when I run lxc-start 
-n test1 the container takes forever to boot. I could log in eventually 
but it's not working too well:

[root at test1 ~]# systemctl
          Starting Trigger Flushing of Journal to Persistent Storage...
[FAILED] Failed to start LSB: Bring up/down networking.
See 'systemctl status network.service' for details.
<28>systemd-sysctl[261]: Failed to write '1' to 
'/proc/sys/kernel/core_uses_pid': Read-only file system
Failed to get D-Bus connection: Failed to authenticate in time.

Shouldn't a container built with the stock config work "out of the box"?

> The rootfs should be OK as is, as any systemd-related problem inside 
> the container should've also been fixed if you've managed to run it 
> under libvirt. I was suggesting to create a centos7 container from the 
> download template (which would reference the common configs, and use 
> lxcfs), then copy its config file.

There was no explicit reference to lxcfs in the centos.common.conf file, 
nor in any of the config files for the other templates. My impression is 
that this is not part of the LXC version that I am using.

> It occurs to me that the difference might be related to lxcfs. It 
> provides a private, customized copy of parts of /sys and /proc to the 
> container, so the container doesn't need to see what the host has. And 
> IIRC libvirt has something that functions similarly to lxcfs.
Containers in libvirt have private versions of /sys and /proc, although 
there is nothing to configure to provide this functionality, this is the 
default behavior. There is nothing really quite like lxcfs.

> Do you also have lxcfs installed? What version of lxc are you using?
> Try installing lxcfs and use lxc-1.1.x. Then try to install a new 
> container using download template to see if it's similar to what you 
> want. If it is, copy it's config file (and modify things like name and 
> paths, obviously) for your former-libvirt container.

I am using the version 1.0.7 RPMs that are available on EPEL. I assume 
there are no RPMs available for 1.1? We tend to use binary versions of 
the third party packages we've included in our system but I will check 
out 1.1 and investigate lxcfs. The set of LXC RPMs I installed from EPEL 
are:

lua-lxc.1.0.7-4.el7.x86_64
lxc.1.0.7-4.el7.x86_64
lxc-libs.1.0.7-4.el7.x86_64
lxc-templates.1.0.7-4.el7.x86_64

Peter

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20151202/b239555a/attachment.html>

More information about the lxc-users mailing list