[lxc-users] Converting from libvirt lxc
Fajar A. Nugraha
list at fajar.net
Fri Dec 4 04:42:33 UTC 2015
On Fri, Dec 4, 2015 at 12:10 AM, Peter Steele <pwsteele at gmail.com> wrote:
> I've used the downloaded template's config file to create a custom config
> for our containers.
>
Also, are you SURE this is based on download template's config?
> The container specific portion of the config looks something like this:
>
>
>
> lxc.autodev = 1
>
That is not common.conf (though I'm not sure whether it matters)
>
> lxc.kmsg = 0
>
Neither is that. Though it should be the default value
>
>
> # Remove capabilities we don't want in containers
> lxc.cap.drop = mac_admin mac_override sys_time sys_module
>
>
centos.common.conf also has lxc.cap.drop = sys_nice sys_pacct sys_rawio.
You don't have that.
lxc.cgroup.devices.allow = c 5:0 rwm
>
> lxc.cgroup.devices.allow = c 136:* rwm
> ## /dev/ptmx pty master
> lxc.cgroup.devices.allow = c 5:2 rwm
>
>
you' re missing 5:1 (console), 10:229 (fuse). Both are in common.conf.
> # Setup the default mounts
> lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
> lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none
> bind,optional 0 0
>
> As you can see this was largely pulled from centos.common.conf and
> common.conf. I assume something isn't quite right since I see more
> entries under /dev than I do when I'm running under libvirt, using the same
> custom tarball. I'll be satisfied with this for now though as long as the
> extra entries aren't causing issues.
>
>
>
Is there a reason why you didn't test simply using the same config, which
also does the "includes" instead of copying SOME of them? Is there a reason
wht you don't copy ALL of them? It should be easier to start with a known
good setup, then do incremental changes.
--
Fajar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20151204/fe64cec4/attachment.html>
More information about the lxc-users
mailing list