[lxc-users] Where can i find the causes of restart problems

Thouraya TH thouraya87 at gmail.com
Sat Jun 20 12:19:14 UTC 2015 

i can't start the container and i have find 0 lines in the .log file !


root at localhost:/var/log/lxc# lxc-start -n worker1
^C
root at localhost:/var/log/lxc# vim worker1.log
root at localhost:/var/log/lxc#

Best Regards.



2015-06-20 13:00 GMT+01:00 <lxc-users-request at lists.linuxcontainers.org>:

> Send lxc-users mailing list submissions to
>         lxc-users at lists.linuxcontainers.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://lists.linuxcontainers.org/listinfo/lxc-users
> or, via email, send a message with subject or body 'help' to
>         lxc-users-request at lists.linuxcontainers.org
>
> You can reach the person managing the list at
>         lxc-users-owner at lists.linuxcontainers.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of lxc-users digest..."
>
> Today's Topics:
>
>    1. "mesh networking" for lxc containers (similar to weave)?
>       (Tomasz Chmielewski)
>    2. Re: Nested container in unpriviledged container (Xavier Gendre)
>    3. Re: "mesh networking" for lxc containers (similar to      weave)?
>       (Christoph Lehmann)
>    4. Re: "mesh networking" for lxc containers (similar to      weave)?
>       (Tomasz Chmielewski)
>    5. Re: "mesh networking" for lxc containers (similar to      weave)?
>       (Janjaap Bos)
>    6. Where can i find the causes of restart problems (Thouraya TH)
>    7. Re: Where can i find the causes of restart problems (Janjaap Bos)
>
>
> ---------- Message transféré ----------
> From: Tomasz Chmielewski <mangoo at wpkg.org>
> To: lxc-users at lists.linuxcontainers.org
> Cc:
> Date: Sat, 20 Jun 2015 01:15:23 +0900
> Subject: [lxc-users] "mesh networking" for lxc containers (similar to
> weave)?
> Are there any solutions which would let one build "mesh networking" for
> lxc containers, similar to what weave does for docker?
>
> Assumptions:
>
> - multiple servers (hosts) which are not in the same subnet (i.e. in
> different DCs in different countries),
> - containers share the same subnet (i.e. 10.0.0.0/8), no matter on which
> host they are running
> - if container is migrated to a different host, it is still reachable on
> the same IP address without any changes in the networking
>
>
> I suppose the solution would run only once on each of the hosts, rather
> than in each container.
>
> Is there something similar for lxc?
>
> --
> Tomasz Chmielewski
> http://wpkg.org
>
>
>
>
> ---------- Message transféré ----------
> From: Xavier Gendre <gendre.reivax at gmail.com>
> To: lxc-users at lists.linuxcontainers.org
> Cc:
> Date: Fri, 19 Jun 2015 18:44:14 +0200
> Subject: Re: [lxc-users] Nested container in unpriviledged container
> Le 18/06/2015 06:35, Serge Hallyn a écrit :
>
>> Quoting Xavier Gendre (gendre.reivax at gmail.com):
>>
>>> Le 15/06/2015 17:17, Serge Hallyn a écrit :
>>>
>>>> Quoting Xavier Gendre (gendre.reivax at gmail.com):
>>>>
>>>>> Hi,
>>>>>
>>>>> i wanted to run a container in an unpriviledged container and i am
>>>>> glad to succes in doing it. The point is that i am not sure if what
>>>>> i did is acceptable from the security point of view or not...
>>>>>
>>>>> Here are the steps i did:
>>>>>
>>>>> 1) create an unpriviledged container (lxc.id_map, ...) called 'test'.
>>>>>
>>>>> 2) mount a tmpfs to /sys/fs/cgroup in 'test' by adding this line in
>>>>> its config file:
>>>>>
>>>>> lxc.mount.auto = cgroup:mixed
>>>>>
>>>>> 3) create a basic container called 'p1' with the download template
>>>>> as root in 'test'.
>>>>>
>>>>> 4) in the host, i chown the cgroup hierarchy of 'test' to give it to
>>>>> the user id mapped to the id 0 in 'test' (this id is 362144 in my
>>>>> example),
>>>>>
>>>>> for T in `ls /sys/fs/cgroup`; do
>>>>>    chown -R 362144:362144 /sys/fs/cgroup/$T/lxc/test
>>>>> done
>>>>>
>>>>> 5) succesfully start the container 'p1' in 'test' :-)
>>>>>
>>>>> I am not an expert with cgroups and i am wondering if i am letting
>>>>> the devil enters in my home with that...
>>>>>
>>>>> So, what is your opinion: is it a possible security break or is it
>>>>> safe?
>>>>>
>>>>
>>>> Two things to make this safer
>>>>
>>>> 1. only chown the actual directory /sys/fs/cgroup/$T/lxc/test and maybe
>>>> its 'tasks' and 'cgroup.procs' files.  That way the container can create
>>>> sub-cgroups but cannot raise its own limits.
>>>>
>>>> 2. Only do this for the controllers you definately need.  Freezer and
>>>> memory for example.  Then set lxc.cgroup.use in /etc/lxc/lxc.conf
>>>> (see lxc.system.conf(5)).
>>>>
>>>> -serge
>>>>
>>>
>>> Hello Serge,
>>>
>>> thank you for your advices. Indeed, chowning only the directories is
>>> sufficient to start the nested container. I did not have to chown
>>> 'tasks' and 'cgroup.procs' in order to simply start it.
>>>
>>> Your second point is more obscur for me... For now, i have to chown
>>> all the controllers:
>>>
>>> 'blkio' 'cpu,cpuacct' 'cpuset' 'devices' 'freezer'
>>> 'net_cls,net_prio' 'perf_event'
>>>
>>> When you say 'need', it applies to the container 'test' or to 'p1'
>>> in my example?
>>>
>>
>> The child one, p1.  With new enough lxc you should be able to
>> use only freezer, setting that as lxc.cgroup.use in the
>> system lxc.conf.
>>
>
> Arf, for now, i am still working with Debian Jessie and LXC 1.0.7. I will
> be able to try your suggestions when more recent version of LXC will appear
> in Debian repositories. Thus, i continue to chown my whole list of
> controllers :-°
>
>  If i plan to allow quite general containers to run in
>>> my unpriviledged container, all the controllers should be chowned or
>>> is there some that are definitely not needed?
>>>
>>
>> General containers are fine, it's only if you need the nested containers
>> to be more finely restricted, i.e. if you simply must be able to
>> allocated only a subset of test1's cpus or memory.
>>
>
> Ok, thanks for this example, it is clearer for me now.
>
> Thank you for these explanations,
> Xavier
>
>
>
> ---------- Message transféré ----------
> From: Christoph Lehmann <post at christophlehmann.eu>
> To: LXC users mailing-list <lxc-users at lists.linuxcontainers.org>
> Cc:
> Date: Fri, 19 Jun 2015 20:20:21 +0200
> Subject: Re: [lxc-users] "mesh networking" for lxc containers (similar to
> weave)?
> There is no magic with lxcs networking. Its just a bridge and some
> iptables rules for NAT and a dhcp server.
>
> You can setup a bridge on your public interface, configure the container
> to use that bridge and do the same on your second host.
>
> Am 19. Juni 2015 18:15:23 MESZ, schrieb Tomasz Chmielewski <
> mangoo at wpkg.org>:
>>
>> Are there any solutions which would let one build "mesh networking" for
>> lxc containers, similar to what weave does for docker?
>>
>> Assumptions:
>>
>> - multiple servers (hosts) which are not in the same subnet (i.e. in
>> different DCs in different countries),
>> - containers share the same subnet (i.e. 10.0.0.0/8), no matter on which
>> host they are running
>> - if container is migrated to a different host, it is still reachable on
>> the same IP address without any changes in the networking
>>
>>
>> I suppose the solution would run only once on each of the hosts, rather
>> than in each container.
>>
>> Is there something similar for lxc?
>>
>>
> --
> Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail
> gesendet.
>
>
> ---------- Message transféré ----------
> From: Tomasz Chmielewski <mangoo at wpkg.org>
> To: LXC users mailing-list <lxc-users at lists.linuxcontainers.org>
> Cc:
> Date: Sat, 20 Jun 2015 10:37:12 +0900
> Subject: Re: [lxc-users] "mesh networking" for lxc containers (similar to
> weave)?
> I know this is just "normal networking", however, there are at least two
> issues with your suggestions:
>
> - it assumes the hosts are in the same subnet (say, connected to the same
> switch), so it won't work if the hosts have two different public IPs (i.e.
> 46.1.2.3 and 124.8.9.10)
>
> - with just two hosts, you may overcome the above limitation with some VPN
> magic; however, it becomes problematic as the number of hosts grows
> (imagine 10 or more hosts, trying to set it up without SPOF / central VPN
> server; ideally, the hosts should talk to themselves using the shortest
> paths possible)
>
>
> Therefore, I'm asking if there is any better "magic", as you say, for lxc
> networking?
> Possibly it could be achieved with tinc, running on hosts only -
> http://www.tinc-vpn.org/ - but haven't really used it.
> And maybe people have other ideas?
>
> --
> Tomasz Chmielewski
> http://wpkg.org
>
>
> On 2015-06-20 03:20, Christoph Lehmann wrote:
>
>> There is no magic with lxcs networking. Its just a bridge and some
>> iptables rules for NAT and a dhcp server.
>>
>>  You can setup a bridge on your public interface, configure the
>> container to use that bridge and do the same on your second host.
>>
>> Am 19. Juni 2015 18:15:23 MESZ, schrieb Tomasz Chmielewski
>> <mangoo at wpkg.org>:
>>
>>  Are there any solutions which would let one build "mesh networking"
>>> for
>>> lxc containers, similar to what weave does for docker?
>>>
>>> Assumptions:
>>>
>>> - multiple servers (hosts) which are not in the same subnet (i.e. in
>>>
>>> different DCs in different countries),
>>> - containers share the same subnet (i.e. 10.0.0.0/8 [1]), no matter
>>> on which
>>> host they are running
>>> - if container is migrated to a different host, it is still
>>> reachable on
>>> the same IP address without any changes in the networking
>>>
>>> I suppose the solution would run only once on each of the hosts,
>>> rather
>>> than in each container.
>>>
>>> Is there something similar for lxc?
>>>
>>
>>  --
>>  Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail
>> gesendet.
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>
>
>
>
>
> ---------- Message transféré ----------
> From: Janjaap Bos <janjaapbos at gmail.com>
> To: LXC users mailing-list <lxc-users at lists.linuxcontainers.org>
> Cc:
> Date: Sat, 20 Jun 2015 08:16:27 +0200
> Subject: Re: [lxc-users] "mesh networking" for lxc containers (similar to
> weave)?
> Yes, ZeroTier provides peer-to-peer virtual networking. It is cloud /
> container / virtualiser agnostic. It will work anywhere and we use it for
> connecting containers & vm's across clouds. Also to provide access to users
> on Windows / OSX.
>
> Within the container you need access to the /dev/net/tun device and
> depending on the flavour (lxc / lxd / docker) net_admin capabilities.
>
> You can download it at https://www.zerotier.com or build it from
> https://github.com/zerotier/ZeroTierOne
>
> Since it is peer-to-peer there is very little overhead. Packets destined
> for local peers will stay within the local net. You can create very large
> distributed flat ether networks. Great for the type of cloud backplane you
> described.
>
> Also, this enables you to live migrate instances while maintaining their
> network configuration.
>
> 2015-06-20 3:37 GMT+02:00 Tomasz Chmielewski <mangoo at wpkg.org>:
>
>> I know this is just "normal networking", however, there are at least two
>> issues with your suggestions:
>>
>> - it assumes the hosts are in the same subnet (say, connected to the same
>> switch), so it won't work if the hosts have two different public IPs (i.e.
>> 46.1.2.3 and 124.8.9.10)
>>
>> - with just two hosts, you may overcome the above limitation with some
>> VPN magic; however, it becomes problematic as the number of hosts grows
>> (imagine 10 or more hosts, trying to set it up without SPOF / central VPN
>> server; ideally, the hosts should talk to themselves using the shortest
>> paths possible)
>>
>>
>> Therefore, I'm asking if there is any better "magic", as you say, for lxc
>> networking?
>> Possibly it could be achieved with tinc, running on hosts only -
>> http://www.tinc-vpn.org/ - but haven't really used it.
>> And maybe people have other ideas?
>>
>> --
>> Tomasz Chmielewski
>> http://wpkg.org
>>
>>
>> On 2015-06-20 03:20, Christoph Lehmann wrote:
>>
>>> There is no magic with lxcs networking. Its just a bridge and some
>>> iptables rules for NAT and a dhcp server.
>>>
>>>  You can setup a bridge on your public interface, configure the
>>> container to use that bridge and do the same on your second host.
>>>
>>> Am 19. Juni 2015 18:15:23 MESZ, schrieb Tomasz Chmielewski
>>> <mangoo at wpkg.org>:
>>>
>>>  Are there any solutions which would let one build "mesh networking"
>>>> for
>>>> lxc containers, similar to what weave does for docker?
>>>>
>>>> Assumptions:
>>>>
>>>> - multiple servers (hosts) which are not in the same subnet (i.e. in
>>>>
>>>> different DCs in different countries),
>>>> - containers share the same subnet (i.e. 10.0.0.0/8 [1]), no matter
>>>> on which
>>>> host they are running
>>>> - if container is migrated to a different host, it is still
>>>> reachable on
>>>> the same IP address without any changes in the networking
>>>>
>>>> I suppose the solution would run only once on each of the hosts,
>>>> rather
>>>> than in each container.
>>>>
>>>> Is there something similar for lxc?
>>>>
>>>
>>>  --
>>>  Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail
>>> gesendet.
>>> _______________________________________________
>>> lxc-users mailing list
>>> lxc-users at lists.linuxcontainers.org
>>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>>
>>
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>
>
>
>
> ---------- Message transféré ----------
> From: Thouraya TH <thouraya87 at gmail.com>
> To: LXC users mailing-list <lxc-users at lists.linuxcontainers.org>
> Cc:
> Date: Sat, 20 Jun 2015 12:56:03 +0100
> Subject: [lxc-users] Where can i find the causes of restart problems
> Hello all,
>
> Please, i try to run my container but it is blocked.
>
>
> lxc-start -n worker1
>
>
> Where can i find the causes of restart problems ? (logs?)
>
>
> Thanks a lot.
> Best Regards.
>
>
> ---------- Message transféré ----------
> From: Janjaap Bos <janjaapbos at gmail.com>
> To: LXC users mailing-list <lxc-users at lists.linuxcontainers.org>
> Cc:
> Date: Sat, 20 Jun 2015 13:57:56 +0200
> Subject: Re: [lxc-users] Where can i find the causes of restart problems
> /var/log/lxc
>
> 2015-06-20 13:56 GMT+02:00 Thouraya TH <thouraya87 at gmail.com>:
>
>> Hello all,
>>
>> Please, i try to run my container but it is blocked.
>>
>>
>> lxc-start -n worker1
>>
>>
>> Where can i find the causes of restart problems ? (logs?)
>>
>>
>> Thanks a lot.
>> Best Regards.
>>
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>
>
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20150620/3b1c62a9/attachment.html>

More information about the lxc-users mailing list