[lxc-users] lxc container management solutions

Prasoon Majumdar prasoonprince at gmail.com
Tue Jul 12 13:34:49 UTC 2016 

Hello All,

I am looking for kubernetes kinda solution for lxc containers, is there
something available in nascent mode i am not aware of, could someone please
enlighten me on the same.

Regs



[image: Prasoon Majumdar on about.me]

Prasoon Majumdar
about.me/prasoonmajumdar
  <http://about.me/prasoonmajumdar>


*This is ten percent luck, twenty percent skill Fifteen percent
concentrated power of will Five percent pleasure, fifty percent pain And a
hundred percent reason to remember the name*
 Fort Minor - Remember The Name
<http://www.metrolyrics.com/remember-the-name-lyrics-fort-minor.html#ixzz3UGL1XuZV>

On 12 July 2016 at 17:30, <lxc-users-request at lists.linuxcontainers.org>
wrote:

> Send lxc-users mailing list submissions to
>         lxc-users at lists.linuxcontainers.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://lists.linuxcontainers.org/listinfo/lxc-users
> or, via email, send a message with subject or body 'help' to
>         lxc-users-request at lists.linuxcontainers.org
>
> You can reach the person managing the list at
>         lxc-users-owner at lists.linuxcontainers.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of lxc-users digest..."
>
> Today's Topics:
>
>    1. Re: LXD containers with dual nic (steve at linuxsuite.org)
>    2. Re: move unprivileged containers - uid/gid map
>       (Benoit GEORGELIN - Association Web4all)
>    3. Re: LXD containers with dual nic (Giuseppe)
>    4. Re: LXD containers with dual nic (Giuseppe)
>    5. Re: LXD containers with dual nic (Giuseppe)
>
>
> ---------- Forwarded message ----------
> From: steve at linuxsuite.org
> To: LXC users mailing-list <lxc-users at lists.linuxcontainers.org>
> Cc:
> Date: Mon, 11 Jul 2016 09:52:53 -0400
> Subject: Re: [lxc-users] LXD containers with dual nic
> > Hi all,
> > I'm trying to configure a LXD container with two nics but the second one
> > cannot reach the external network. Here is my config:
> >
> >
> > Both IP addresses are statically configured in the container, the first
> in
> > the 192.168.1.0 subnet and the second in the 10.10.0.0 subnet. The first
> > nic
> > works well, I can ssh from external network. The second one can ping only
> > the LXD host address and viceversa. The LXD host address can ping
> everyone
> > on the 10.10.0.0 network.
> >
>
>                 What do you mean by "statically configured in the
> container"??
>
>                 At least on 1.08 this not necessary, and is probably a bad
> idea.
>
>                the entry in the container config should be enough..
>
>           -steve
>
>
> > What's wrong in my config? Any suggestion?
> >
> > _______________________________________________
> > lxc-users mailing list
> > lxc-users at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-users
>
>
>
>
>
> ---------- Forwarded message ----------
> From: Benoit GEORGELIN - Association Web4all <benoit.georgelin at web4all.fr>
> To: lxc-users <lxc-users at lists.linuxcontainers.org>
> Cc:
> Date: Mon, 11 Jul 2016 16:34:10 +0200 (CEST)
> Subject: Re: [lxc-users] move unprivileged containers - uid/gid map
> Hello Fajar,
>
> Thanks , "fuidshift" is what I was looking for :)
> It's working . I already made my own script to move it from one host (LXC)
> to the other one (LXD) .  I guess the one that you were talking about is  :
> https://github.com/lxc/lxd/blob/master/scripts/lxc-to-lxd
>
> Have a nice day
>
> Cordialement,
>
> Benoît
>
> ------------------------------
> *De: *"Fajar A. Nugraha" <list at fajar.net>
> *À: *"lxc-users" <lxc-users at lists.linuxcontainers.org>
> *Envoyé: *Lundi 11 Juillet 2016 02:16:34
> *Objet: *Re: [lxc-users] move unprivileged containers - uid/gid map
>
> On Sun, Jul 10, 2016 at 7:20 AM, Benoit GEORGELIN - Association Web4all <
> benoit.georgelin at web4all.fr> wrote:
>
>> Hi,
>>
>> I'm looking to move unprivileged containers from one host to another.
>> I'm actually moving pure LXC containers to a new LXD/LXC host
>>
>> I would like to know how should I deal with the uid/gid inside the
>> container.
>> The root uid/gid is différent on the new host.  But I can simply remplace
>> the old UID/GUID by the new one with a find request but how should I do
>> with the other users id used inside the container ?
>>
>>
> use fuidshift from lxd-tools package
>
>
>
>> I did not understand where the uid/gid map is done
>>
>> Inside the container
>> root at w4a:~# id ubuntu
>> uid=1000(ubuntu) gid=1000(ubuntu)
>>
>> Folder :
>> drwxr-xr-x  2 ubuntu ubuntu  6 Jul  8 23:17 ubuntu
>>
>> Outside the container
>> drwxr-xr-x  2 166536 166536  6 Jul  8 23:17 ubuntu
>>
>> How the system know about uid/gid 1000 inside container = uid/gid 166536
>> outside the container
>> It look like root uid = 165536 outside the container and it is defined by
>> lxc configuration
>> id 1000 inside the container will be root uid + user id , so 165536 +
>> 1000 = 166536
>>
>>
> yes
>
>
>
>> But what is two container have a user uid 100 ? they will both avec the
>> same uid outside the container ?
>>
>>
> short version, yes.
>
>
>
>> About migrate the container from, how should I manage it ?
>> Should I re-do the mapping myself ?  Like looking into /etc/passwd inside
>> the container then use the root uid + the id found for that user in
>> /etc/passwd and replace the old uid/gid by the new one ? Maybe there is
>> faster/better solution ?
>>
>>
> Don't mess with passwd/group inside the container. Just use fuidshift.
>
>
>
>> I was looking to add an uid/gid mapping to match the container
>> configuration as it was before, but it does not look to work
>>
>> I have this as an example in a config file dedicated for the container on
>> the LXC pure host.
>> # Container specific configuration
>> lxc.id_map = u 0 951968 65536
>> lxc.id_map = g 0 951968 65536
>>
>> Here is what I did to the new host :
>> cat /etc/subuid
>> gxd:100000:65536
>> root:165536:65536
>> root:951968:65536
>>
>>
>
> The easiest way is to NOT change anything. lxd currently only supports one
> uid range for unpriv containers. Undo your changes.
>
>
>
>> I also tried to set lxc.raw
>>
>> cat << EOF |lxc config set test-ct raw.lxc -
>> lxc.id_map = u 0 951968 65536
>> lxc.id_map = g 0 951968 65536
>> EOF
>>
>> But in that case, container does't start.
>>
>>
>
> ... which, as you've found out, doesn't work.
>
>
> There's a script to convert lxc -> lxd somewhere on this list, but I
> usually do things manually:
> (1) create a container in lxd. Start it, stop it, then look at its uid
> mapping (i.e. "which u/gid owns
> /var/lib/lxd/containers/container_name/rootfs")
> (2) use fuidshift with "-r" to shift your lxc container u/gid back to
> privileged, using the starting u/gid value in your original lxc config
> (should be 951968)
> (3) use fuidshift again, but this time without "-r", to shift your lxc
> container to unprivileged, using the starting u/gid value from (1)
> (4) move your new lxd container's original rootfs somewhere else (or
> delete it if you want), then replace it with rootfs from (3)
> (5) start your lxd containers
>
> --
> Fajar
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
>
> ---------- Forwarded message ----------
> From: Giuseppe <gcesab at gmail.com>
> To: lxc-users at lists.linuxcontainers.org
> Cc:
> Date: Tue, 12 Jul 2016 05:27:43 +0000 (UTC)
> Subject: Re: [lxc-users] LXD containers with dual nic
> >                 What do you mean by "statically configured in the
> > container"??
> >
> >                 At least on 1.08 this not necessary, and is probably a
> bad
> > idea.
> >
> >                the entry in the container config should be enough..
> >
> >           -steve
>
> I mean that in containers both nic are defined "BOOTPROTO=static" in Centos
> and "iface ethx inet static" in Ubuntu. I think it's a routing problem on
> the second bridge. I'll try to use the 10Gbe nic only, I'm pretty sure it
> will work.
>
> Giuseppe
>
>
>
>
>
>
>
> ---------- Forwarded message ----------
> From: Giuseppe <gcesab at gmail.com>
> To: lxc-users at lists.linuxcontainers.org
> Cc:
> Date: Tue, 12 Jul 2016 05:35:41 +0000 (UTC)
> Subject: Re: [lxc-users] LXD containers with dual nic
> > A good starting question is "is your network configured the same".
> Sometimes there are anti spoofing or MAC-limitation rule so that one switch
> "port" only allows one MAC or one IP address only.
> > One such example is networking in amazon EC2. Your network admin might
> enforce the same rule on your 10G switch.
> >
> > Testing it somewhat difficult though. Perhaps install virtualbox, and set
> it to use bridge networking on your problematic interface?
>
> The only difference in the networks is that the 10Gbe one has a 9000 mtu,
> but I tried also with 1500 and nothing changed. This is an home lab, so I
> am
> the network administrator. At vSphere level the switches are identical, the
> only difference is physical nic speed.
>
> Giuseppe
>
>
>
>
>
>
>
> ---------- Forwarded message ----------
> From: Giuseppe <gcesab at gmail.com>
> To: lxc-users at lists.linuxcontainers.org
> Cc:
> Date: Tue, 12 Jul 2016 09:21:27 +0000 (UTC)
> Subject: Re: [lxc-users] LXD containers with dual nic
> Solved
>
> I believed virtual network switches was identical but the 10Gbe one had the
> promiscuous mode rejected. Setting it to accept and everything go.
>
> Thanks all
>
> Giuseppe
>
>
>
>
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20160712/5125917e/attachment.html>

More information about the lxc-users mailing list