On 03/04/14 16:40, Leonid Isaev wrote:
Hi,
On Thu, 03 Apr 2014 11:25:27 +0100
John Lane <[email protected]> wrote:
Hello, I have a number of LXC containers that have been working with
systemd for some time. I have just tried to perform some upgrades,
taking them from 204 to 212 (actually they are scripted rebuilds rather
than upgrades).
You have to tell exactly what you are doing. Just calling lxc-archlinux in a
loop?
I am not sure what you mean by "Just calling lxc-archlinux in a loop". I
build a container using a script that is similar to, but not the
lxc-archlinux template. It uses the Arch tools "mkarchroot" and "pacman"
to install a collection of packages and then performs various setup
tasks and creates appropriate configuration. Here is the LXC config
produced:
# Use autodev to be compatible with systemd
lxc.autodev = 1
lxc.hook.autodev = /srv/lxc/testcontainer/autodev
# hostname
lxc.utsname = testcontainer
#
# network
# if the network is not defined then the container
# will be able to use the host's network
lxc.network.type = veth
#lxc.network.flags = up
lxc.network.link = br0
lxc.network.name = eth0
lxc.network.mtu = 1500
lxc.network.hwaddr = DE:AD:BE:EF:CA:FE
# restrict capabilities (security) see "man capabilities"
lxc.cap.drop = sys_module
#lxc.cap.drop = sys_admin
# only explicit device access
lxc.cgroup.devices.deny = a
#
# Memory Devices
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
lxc.cgroup.devices.allow = c 1:7 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 1:9 rwm
#
# Terminals
lxc.tty = 1
lxc.pts = 1024
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:2 rwm
lxc.cgroup.devices.allow = c 136:* rwm
#
# root filesystem
lxc.rootfs = /srv/lxc/testcontainer
# bind mount the host's pacman cache so container uses the same cache
# rather than wasting time downloading packages already downloaded.
lxc.mount.entry = /var/cache/pacman/pkg
/srv/lxc/testcontainer/var/cache/pacman/pkg none rw,bind 0 0
This works fine with 208 but not with 209 so, I guess I am doing
something that was correct for 208 but the goal-posts have been moved by
209.
I have found that they do not work properly with any systemd versions
209 or later. I have read that 209 was a "massive new release".
What do you mean by "do not work properly"?
What I find is that the login prompt never results in a prompt. I enter
the correct user/password and it takes an age before redisplaying the
login prompt. If apply 208 before starting the container then it works
as expected.
I can get into the container with "lxc-attach".
I'm a bit in the dark as the journal isn't showing me anything (or I
don't know where to look). The thing I did notice was the 209 journal
contained less than the 208 one which would suggest that 209 is not
starting some services that 208 does (see linked pastes). I am looking
into that but was hoping there might be an obvious pointer from the list
- some things that have changed in 209 that might affect LXC and that I
could perhaps look into more.
Also, FWIW:
Host:
-hermes-11:37-cur_work$ systemctl --version
systemd 212
+PAM -AUDIT -SELINUX -IMA -SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ +SECCOMP
-APPARMOR
Container:
[appuser@appserver1 ~]$ systemd-detect-virt
lxc
[appuser@appserver1 ~]$ uname -a
Linux appserver1 3.13.8-1-ARCH #1 SMP PREEMPT Tue Apr 1 12:19:51 CEST 2014
x86_64 GNU/Linux
[appuser@appserver1 ~]$ systemctl --version
systemd 212
+PAM -AUDIT -SELINUX -IMA -SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ +SECCOMP
-APPARMOR
[appuser@appserver1 ~]$ journalctl PRIORITY=3
-- Logs begin at Thu 2014-04-03 10:24:09 EDT, end at Thu 2014-04-03 11:27:50
EDT
[appuser@appserver1 ~]$ journalctl PRIORITY=4
-- Logs begin at Thu 2014-04-03 10:24:09 EDT, end at Thu 2014-04-03 11:27:50
EDT
Host:
$ systemctl --version
systemd 211
+PAM -LIBWRAP -AUDIT -SELINUX -IMA -SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL
+XZ +SECCOMP -APPARMOR
Container:
$ sudo lxc-attach -n testcontainer
# systemd-detect-virt
lxc
# systemctl --version
systemd 212
+PAM -AUDIT -SELINUX -IMA -SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ
+SECCOMP -APPARMOR
# journalctl PRIORITY=3
-- Logs begin at Thu 2014-04-03 18:27:22 BST, end at Thu 2014-04-03
18:27:23 BST. --
# journalctl PRIORITY=4
-- Logs begin at Thu 2014-04-03 18:27:22 BST, end at Thu 2014-04-03
18:27:23 BST. --
That one had 212, but I get the same effect with 209, 210, 211 and 212.
Cheers,
_______________________________________________
systemd-devel mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
_______________________________________________
systemd-devel mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
