[lxc-users] Any lxc container started from python (that listen port) is binding port for container

Valeriy Solovyov weldpua2008 at gmail.com
Mon Mar 7 08:08:25 UTC 2016 

Hi,
https://github.com/lxc/lxc/issues/762
I am using the python framework (I run it from uwsgi) to serve an api to
run lxc containers. From those api I run an ansible-playbook that runs bash
script:

NEW=$1
SUDO=""
if [ "$(id -u)" != "0" ]; then
        SUDO=`which sudo 2> /dev/null`
fi
LXC_DIR="/var/lib/lxc"
LXC_CONF_DIR="/etc/lxc"
$SUDO lxc-stop -n $NEW &>>/dev/null
$SUDO lxc-destroy -n $NEW -f &>>/dev/null
$SUDO bash -c "$SUDO lxc-create -n $NEW -f $LXC_CONF_DIR/$NEW.config"
$SUDO bash -c "$SUDO lxc-start -n ${NEW} -d"

When it finished successfully the lxc-start binds on my app's port 8181

lsof |grep -i TCP|grep 8181

lxc-start 11774                    root    3u     IPv4
58905      0t0        TCP *:8181 (LISTEN)
lxc-start 11774                    root   16u     IPv4
57830      0t0        TCP localhost:8181->localhost:39119 (CLOSE_WAIT)
init      11785                    root    3u     IPv4
58905      0t0        TCP *:8181 (LISTEN)
init      11785                    root   16u     IPv4
57830      0t0        TCP localhost:8181->localhost:39119 (CLOSE_WAIT)
upstart-u 11913                    root    3u     IPv4
58905      0t0        TCP *:8181 (LISTEN)
upstart-u 11913                    root   16u     IPv4
57830      0t0        TCP localhost:8181->localhost:39119 (CLOSE_WAIT)
systemd-u 11920                    root    3u     IPv4
58905      0t0        TCP *:8181 (LISTEN)
systemd-u 11920                    root   16u     IPv4
57830      0t0        TCP localhost:8181->localhost:39119 (CLOSE_WAIT)
upstart-s 12009                    root    3u     IPv4
58905      0t0        TCP *:8181 (LISTEN)
upstart-s 12009                    root   16u     IPv4
57830      0t0        TCP localhost:8181->localhost:39119 (CLOSE_WAIT)
dhclient  12012                    root    3u     IPv4
58905      0t0        TCP *:8181 (LISTEN)
dhclient  12012                    root   16u     IPv4
57830      0t0        TCP localhost:8181->localhost:39119 (CLOSE_WAIT)
upstart-f 12022                    root    3u     IPv4
58905      0t0        TCP *:8181 (LISTEN)
upstart-f 12022                    root   16u     IPv4
57830      0t0        TCP localhost:8181->localhost:39119 (CLOSE_WAIT)
getty     12064                    root    3u     IPv4
58905      0t0        TCP *:8181 (LISTEN)
getty     12064                    root   16u     IPv4
57830      0t0        TCP localhost:8181->localhost:39119 (CLOSE_WAIT)
getty     12067                    root    3u     IPv4
58905      0t0        TCP *:8181 (LISTEN)
getty     12067                    root   16u     IPv4
57830      0t0        TCP localhost:8181->localhost:39119 (CLOSE_WAIT)
getty     12068                    root    3u     IPv4
58905      0t0        TCP *:8181 (LISTEN)
getty     12068                    root   16u     IPv4
57830      0t0        TCP localhost:8181->localhost:39119 (CLOSE_WAIT)
cron      12079                    root    3u     IPv4
58905      0t0        TCP *:8181 (LISTEN)
cron      12079                    root   16u     IPv4
57830      0t0        TCP localhost:8181->localhost:39119 (CLOSE_WAIT)
postgres  12117       systemd-bus-proxy    3u     IPv4
58905      0t0        TCP *:8181 (LISTEN)
postgres  12117       systemd-bus-proxy   16u     IPv4
57830      0t0        TCP localhost:8181->localhost:39119 (CLOSE_WAIT)
postgres  12119       systemd-bus-proxy    3u     IPv4
58905      0t0        TCP *:8181 (LISTEN)
postgres  12119       systemd-bus-proxy   16u     IPv4
57830      0t0        TCP localhost:8181->localhost:39119 (CLOSE_WAIT)
postgres  12120       systemd-bus-proxy    3u     IPv4
58905      0t0        TCP *:8181 (LISTEN)
postgres  12120       systemd-bus-proxy   16u     IPv4
57830      0t0        TCP localhost:8181->localhost:39119 (CLOSE_WAIT)
postgres  12121       systemd-bus-proxy    3u     IPv4
58905      0t0        TCP *:8181 (LISTEN)
postgres  12121       systemd-bus-proxy   16u     IPv4
57830      0t0        TCP localhost:8181->localhost:39119 (CLOSE_WAIT)
postgres  12122       systemd-bus-proxy    3u     IPv4
58905      0t0        TCP *:8181 (LISTEN)
postgres  12122       systemd-bus-proxy   16u     IPv4
57830      0t0        TCP localhost:8181->localhost:39119 (CLOSE_WAIT)
postgres  12123       systemd-bus-proxy    3u     IPv4
58905      0t0        TCP *:8181 (LISTEN)
postgres  12123       systemd-bus-proxy   16u     IPv4
57830      0t0        TCP localhost:8181->localhost:39119 (CLOSE_WAIT)
getty     12145                    root    3u     IPv4
58905      0t0        TCP *:8181 (LISTEN)
getty     12145                    root   16u     IPv4
57830      0t0        TCP localhost:8181->localhost:39119 (CLOSE_WAIT)
getty     12148                    root    3u     IPv4
58905      0t0        TCP *:8181 (LISTEN)
getty     12148                    root   16u     IPv4
57830      0t0        TCP localhost:8181->localhost:39119 (CLOSE_WAIT)

netstat -anlp|grep 8181

tcp        0      0 0.0.0.0:8181            0.0.0.0:*
LISTEN      11774/lxc-start
tcp      390      0 10.205.194.11:8181      10.206.102.87:35959
ESTABLISHED -
tcp        1      0 127.0.0.1:8181          127.0.0.1:39119
CLOSE_WAIT  11774/lxc-start
tcp      391      0 10.205.194.11:8181      10.206.102.87:35690
CLOSE_WAIT  -

uwsgi config

[uwsgi]
plugins = python27

http-socket = :8181
chdir = /opt/RDE/rdemanager
check-static = /opt/RDE/rdemanager/html
static-index = index.html
processes = 1
threads = 8
module = rdemanager:app
# Turn this off for production
catch-exceptions = true
stats = /var/run/.uwsgi-stats.socket
touch-reload = /tmp/.uwsgi-reload

The container config:
/etc/lxc/PosgreSQL.config

lxc.tty = 4
lxc.pts = 1024
lxc.rootfs = /var/lib/lxc/PosgreSQL
lxc.cgroup.devices.deny = a
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rwm
# mounts point
lxc.mount.entry=proc /var/lib/lxc/PosgreSQL/proc proc nodev,noexec,nosuid 0 0
lxc.mount.entry=devpts /var/lib/lxc/PosgreSQL/dev/pts devpts defaults 0 0
lxc.mount.entry=sysfs /var/lib/lxc/PosgreSQL/sys sysfs defaults  0 0
lxc.mount.entry = /sys/fs/pstore sys/fs/pstore none bind,optional 0 0

lxc.utsname = PosgreSQL
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0

# Default console settings
lxc.devttydir = lxc



#lxc.network.ipv4=192.168.1.10/24
#lxc.network.ipv4.gateway=192.168.1.1

# Default mount entries
#lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
#lxc.mount.entry = sysfs sys sysfs defaults 0 0
#lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections
none bind,optional 0 0
#lxc.mount.entry = /sys/kernel/debug sys/kernel/debug none bind,optional 0 0
#lxc.mount.entry = /sys/kernel/security sys/kernel/security none
bind,optional 0 0
#lxc.mount.entry = /sys/fs/pstore sys/fs/pstore none bind,optional 0 0

lxc-start --version

1.0.6

cat /etc/os-release

PRETTY_NAME="Debian GNU/Linux 8 (jessie)"
NAME="Debian GNU/Linux"
VERSION_ID="8"
VERSION="8 (jessie)"
ID=debian
HOME_URL="http://www.debian.org/"
SUPPORT_URL="http://www.debian.org/support/"
BUG_REPORT_URL="https://bugs.debian.org/"


PS:
I found only one solution: script connecting by ssh to those host and then
lxc doesn't listen on that port.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20160307/7987dfa7/attachment-0001.html>

More information about the lxc-users mailing list