[lxc-users] fetching application update out of container's space

Genco Yilmaz gencoyilmaz at gmail.com
Wed Jun 10 22:19:05 UTC 2015 

Thank you for the help Tycho. This makes the behaviour clear for me.

Regards
Genco.

On Thu, Jun 11, 2015 at 12:11 AM, Tycho Andersen <
tycho.andersen at canonical.com> wrote:

> On Thu, Jun 11, 2015 at 12:07:21AM +0200, Genco Yilmaz wrote:
> > On Wed, Jun 10, 2015 at 11:06 PM, Tycho Andersen <
> > tycho.andersen at canonical.com> wrote:
> >
> > > On Wed, Jun 10, 2015 at 09:22:10PM +0200, Genco Yilmaz wrote:
> > > > Hi,
> > > >    I have been playing with containers for a few days only and
> deployed
> > > > several to test some networking features. I have searched on the net
> to
> > > get
> > > > an answer but couldn't find any post/page yet. Issue is that I set
> up a
> > > > small LAB
> > > > containers of which has no internet access. If I need to install an
> > > > application e.g apache2
> > > > I attach to the container like;
> > > >
> > > > #lxc-attach -n container1
> > > > container1#apt-get install apache2
> > > >
> > > > but for this to work, I add a veth peer to let the container access
> > > outside
> > > > network (This isn't something I prefer to do as I need to isolate
> these
> > > > containers)
> > >
> > > Why not just run an apt mirror on the isolated network?
> > >
> > > > I wonder if there is any way to install this app from the master
> host i.e
> > > > by using master
> > > > host's network space but install the app on the container something
> like
> > > > this imaginary command;
> > > >
> > > > #*lxc-run* -n container -c "apt-get install apache2"
> > > >
> > > > i.e pulling the application from repository on the master space but
> > > pushing
> > > > it onto the container.
> > > >
> > > > There is lxc-execute, lxc-attach but they all run inside container's
> > > space
> > > > which doesn't work for me.
> > >
> > > You might like the -s option to lxc-attach.
> > >
> > > Tycho
> > >
> > > > Thanks,
> > > >
> > > > Genco.
> > >
> > >
> > Hi Tycho,
> >  Thanks for the reply. I have tried this one now. Apparently I didn't
> > notice this option:) but there seems to be an issue with name resolution.
> > Not sure what I am doing wrong though but although I am not attaching to
> > container's network namespace,
> > system still checks the resolv.conf file inside the container instead of
> > host's resolv.conf. As you can see,
> > if I add the nameserver to container resolv.conf, name resolution works.
> Is
> > this expected or there is a missing/incorrect option in my command?
>
> This is expected, because you're using the container's mount
> namespace, and thus the tools look at the container's
> /etc/resolv.conf.
>
> Tycho
>
> > or is
> > it because of the MOUNT namespace. Because of this name resolution issue,
> > apt-get also fails
> >
> >
> >
> > root at vhost3:~# lsb_release -a
> > No LSB modules are available.
> > Distributor ID: Ubuntu
> > Description:    Ubuntu 14.04.2 LTS
> > Release:        14.04
> > Codename:       trusty
> >
> > root at vhost3:~# ping archive.ubuntu.com -c 1
> > PING archive.ubuntu.com (91.189.91.15) 56(84) bytes of data.
> > 64 bytes from likho.canonical.com (91.189.91.15): icmp_seq=1 ttl=51
> > time=81.6 ms
> >
> > --- archive.ubuntu.com ping statistics ---
> > 1 packets transmitted, 1 received, 0% packet loss, time 0ms
> > rtt min/avg/max/mdev = 81.607/81.607/81.607/0.000 ms
> >
> > root at vhost3:~# lxc-attach -n LAB1016-co -e -s 'UTSNAME|MOUNT|PID|IPC' --
> > ping archive.ubuntu.com -c 1
> > ping: unknown host archive.ubuntu.com
> >
> > root at vhost3:~# lxc-attach -n LAB1016-co -e -s 'UTSNAME|MOUNT|PID|IPC' --
> > ping 91.189.91.15 -c 1
> > PING 91.189.91.15 (91.189.91.15) 56(84) bytes of data.
> > 64 bytes from 91.189.91.15: icmp_seq=1 ttl=51 time=80.7 ms
> >
> > --- 91.189.91.15 ping statistics ---
> > 1 packets transmitted, 1 received, 0% packet loss, time 0ms
> > rtt min/avg/max/mdev = 80.739/80.739/80.739/0.000 ms
> >
> > root at vhost3:~# cat /etc/resolv.conf
> > # Dynamic resolv.conf(5) file for glibc resolver(3) generated by
> > resolvconf(8)
> > #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
> > nameserver 8.8.8.8
> > search example.com
> >
> > root at vhost3:~# lxc-attach -n LAB1016-co
> > root at LAB1016-co:~# echo "nameserver 8.8.8.8" >> /etc/resolv.conf
> > root at LAB1016-co:~# exit
> > exit
> > root at vhost3:~# lxc-attach -n LAB1016-co -e -s 'UTSNAME|MOUNT|PID|IPC' --
> > ping archive.ubuntu.com -c 1
> > PING archive.ubuntu.com (91.189.91.14) 56(84) bytes of data.
> > 64 bytes from orobas.canonical.com (91.189.91.14): icmp_seq=1 ttl=52
> > time=87.2 ms
> >
> > --- archive.ubuntu.com ping statistics ---
> > 1 packets transmitted, 1 received, 0% packet loss, time 0ms
> > rtt min/avg/max/mdev = 87.250/87.250/87.250/0.000 ms
>
> > _______________________________________________
> > lxc-users mailing list
> > lxc-users at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-users
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20150611/f2ac5c09/attachment.html>

More information about the lxc-users mailing list