[lxc-users] using cgroups

[Serge E. Hallyn]

Quoting Rob Edgerton (redgerhoo at yahoo.com.au):
> hi,I have the same problem (cgroups not working as expected) on a clean Xenial build (lxc PPA NOT installed, LXD not installed)In my case I have some Ubuntu Trusty containers I really need to use on Xenial, but they won't start because I use cgroups.If I change the existing containers to remove the "lxc.cgroup" clauses from config they start, but not otherwise.Similarly, I created a new Xenial container for testing. It works, until I add "lxc.cgroups" clauses at which point it also fails to start. at virt-host:~$ lxc-start -n trusty_unp_ibvpn -F -l debug -o lxc.log
> lxc-start: cgfsng.c: cgfsng_setup_limits: 1662 No such file or directory - Error setting cpuset.cpus to 1-3 for trusty_unp_ibvpn
> lxc-start: start.c: lxc_spawn: 1180 failed to setup the cgroup limits for 'trusty_unp_ibvpn'
> lxc-start: start.c: __lxc_start: 1353 failed to spawn 'trusty_unp_ibvpn'
> lxc-start: lxc_start.c: main: 344 The container failed to start.
> lxc-start: lxc_start.c: main: 348 Additional information can be obtained by setting the --logfile and --logpriority  options.
> 
> Logfile Contents=============
>       lxc-start 20160628155820.562 INFO     lxc_start_ui - lxc_start.c:main:264 - using rcfile /mnt/lxc_images/containers/trusty_unp_ibvpn/config
>       lxc-start 20160628155820.562 WARN     lxc_confile - confile.c:config_pivotdir:1879 - lxc.pivotdir is ignored.  It will soon become an error.
>       lxc-start 20160628155820.562 INFO     lxc_confile - confile.c:config_idmap:1500 - read uid map: type u nsid 0 hostid 100000 range 65536
>       lxc-start 20160628155820.562 INFO     lxc_confile - confile.c:config_idmap:1500 - read uid map: type g nsid 0 hostid 100000 range 65536
>       lxc-start 20160628155820.564 INFO     lxc_lsm - lsm/lsm.c:lsm_init:48 - LSM security driver AppArmor
>       lxc-start 20160628155820.564 INFO     lxc_seccomp - seccomp.c:parse_config_v2:342 - processing: .reject_force_umount  # comment this to allow umount -f;  not recommended.
>       lxc-start 20160628155820.564 INFO     lxc_seccomp - seccomp.c:parse_config_v2:446 - Adding native rule for reject_force_umount action 0
>       lxc-start 20160628155820.564 INFO     lxc_seccomp - seccomp.c:do_resolve_add_rule:216 - Setting seccomp rule to reject force umounts
> 
>       lxc-start 20160628155820.564 INFO     lxc_seccomp - seccomp.c:parse_config_v2:449 - Adding compat rule for reject_force_umount action 0
>       lxc-start 20160628155820.564 INFO     lxc_seccomp - seccomp.c:do_resolve_add_rule:216 - Setting seccomp rule to reject force umounts
> 
>       lxc-start 20160628155820.564 INFO     lxc_seccomp - seccomp.c:parse_config_v2:342 - processing: .[all].
>       lxc-start 20160628155820.564 INFO     lxc_seccomp - seccomp.c:parse_config_v2:342 - processing: .kexec_load errno 1.
>       lxc-start 20160628155820.564 INFO     lxc_seccomp - seccomp.c:parse_config_v2:446 - Adding native rule for kexec_load action 327681
>       lxc-start 20160628155820.564 INFO     lxc_seccomp - seccomp.c:parse_config_v2:449 - Adding compat rule for kexec_load action 327681
>       lxc-start 20160628155820.564 INFO     lxc_seccomp - seccomp.c:parse_config_v2:342 - processing: .open_by_handle_at errno 1.
>       lxc-start 20160628155820.564 INFO     lxc_seccomp - seccomp.c:parse_config_v2:446 - Adding native rule for open_by_handle_at action 327681
>       lxc-start 20160628155820.564 INFO     lxc_seccomp - seccomp.c:parse_config_v2:449 - Adding compat rule for open_by_handle_at action 327681
>       lxc-start 20160628155820.564 INFO     lxc_seccomp - seccomp.c:parse_config_v2:342 - processing: .init_module errno 1.
>       lxc-start 20160628155820.564 INFO     lxc_seccomp - seccomp.c:parse_config_v2:446 - Adding native rule for init_module action 327681
>       lxc-start 20160628155820.564 INFO     lxc_seccomp - seccomp.c:parse_config_v2:449 - Adding compat rule for init_module action 327681
>       lxc-start 20160628155820.564 INFO     lxc_seccomp - seccomp.c:parse_config_v2:342 - processing: .finit_module errno 1.
>       lxc-start 20160628155820.564 INFO     lxc_seccomp - seccomp.c:parse_config_v2:446 - Adding native rule for finit_module action 327681
>       lxc-start 20160628155820.564 INFO     lxc_seccomp - seccomp.c:parse_config_v2:449 - Adding compat rule for finit_module action 327681
>       lxc-start 20160628155820.564 INFO     lxc_seccomp - seccomp.c:parse_config_v2:342 - processing: .delete_module errno 1.
>       lxc-start 20160628155820.564 INFO     lxc_seccomp - seccomp.c:parse_config_v2:446 - Adding native rule for delete_module action 327681
>       lxc-start 20160628155820.565 INFO     lxc_seccomp - seccomp.c:parse_config_v2:449 - Adding compat rule for delete_module action 327681
>       lxc-start 20160628155820.565 INFO     lxc_seccomp - seccomp.c:parse_config_v2:456 - Merging in the compat seccomp ctx into the main one
>       lxc-start 20160628155820.565 DEBUG    lxc_start - start.c:setup_signal_fd:289 - sigchild handler set
>       lxc-start 20160628155820.565 DEBUG    lxc_console - console.c:lxc_console_peer_default:431 - opening /dev/tty for console peer
>       lxc-start 20160628155820.565 INFO     lxc_caps - caps.c:lxc_caps_up:101 - Last supported cap was 36
>       lxc-start 20160628155820.565 DEBUG    lxc_console - console.c:lxc_console_peer_default:437 - using '/dev/tty' as console
>       lxc-start 20160628155820.565 DEBUG    lxc_console - console.c:lxc_console_sigwinch_init:145 - 3234 got SIGWINCH fd 9
>       lxc-start 20160628155820.565 DEBUG    lxc_console - console.c:lxc_console_winsz:72 - set winsz dstfd:6 cols:212 rows:73
>       lxc-start 20160628155820.611 INFO     lxc_start - start.c:lxc_init:488 - 'trusty_unp_ibvpn' is initialized
>       lxc-start 20160628155820.611 DEBUG    lxc_start - start.c:__lxc_start:1326 - Not dropping cap_sys_boot or watching utmp
>       lxc-start 20160628155820.611 INFO     lxc_start - start.c:resolve_clone_flags:1013 - Cloning a new user namespace
>       lxc-start 20160628155820.611 INFO     lxc_cgroup - cgroup.c:cgroup_init:68 - cgroup driver cgroupfs-ng initing for trusty_unp_ibvpn
>       lxc-start 20160628155820.614 DEBUG    lxc_cgfsng - cgfsng.c:cgfsng_setup_limits:1667 - cgroup 'devices.allow' set to 'c 10:200 rwm'
>       lxc-start 20160628155820.614 ERROR    lxc_cgfsng - cgfsng.c:cgfsng_setup_limits:1662 - No such file or directory - Error setting cpuset.cpus to 1-3 for trusty_unp_ibvpn

ENOENT - that's unexpected...

>       lxc-start 20160628155820.615 ERROR    lxc_start - start.c:lxc_spawn:1180 - failed to setup the cgroup limits for 'trusty_unp_ibvpn'
>       lxc-start 20160628155820.615 ERROR    lxc_start - start.c:__lxc_start:1353 - failed to spawn 'trusty_unp_ibvpn'
>       lxc-start 20160628155820.659 INFO     lxc_conf - conf.c:run_script_argv:367 - Executing script '/usr/share/lxcfs/lxc.reboot.hook' for container 'trusty_unp_ibvpn', config section 'lxc'
>       lxc-start 20160628155821.172 ERROR    lxc_start_ui - lxc_start.c:main:344 - The container failed to start.
>       lxc-start 20160628155821.172 ERROR    lxc_start_ui - lxc_start.c:main:348 - Additional information can be obtained by setting the --logfile and --logpriority options.
>    
> Repeating the commands you were discussing with Mike
> 
> cgmanager is already the newest version (0.39-2ubuntu5).
> @virt-host:~$cgm --version
> 0.29

Can you show 'dpkg -l | grep cgmanager' ?

as well as cat /etc/*release

> @virt-host:~$ls /proc/self/cgroup
> /proc/self/cgroup
> 
> @virt-host:~$ls /proc/self/mountinfo
> /proc/self/mountinfo

Hi,
For /proc/self/cgroup and /proc/self/mountinfo, we actually need to see
the contents.  Can you show 'cat /proc/self/cgroup' and
'cat /proc/self/mountinfo'?

-serge