fr33.info

User Tools

Site Tools

linux:virtualization:lxc

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
linux:virtualization:lxc [2016/12/10 15:42]
tkilla [brtfs snapshots] 		linux:virtualization:lxc [2022/01/13 23:06]
tkilla [Create new container]
Line 344: Line 344:
 http://wiki.fr33.info/doku.php/linux/virtualization/lxc?&#unprivileged_containers http://wiki.fr33.info/doku.php/linux/virtualization/lxc?&#unprivileged_containers
  
-  lxc-create -n debian8  -B btrfs -t debian -- -r jessie+FIX:  original keyserver is broken! add: --keyserver hkp://keyserver.ubuntu.com 
 + 
 + 
 +  lxc-create -n debian8  -B btrfs -t debian -- -r jessie --keyserver hkp://keyserver.ubuntu.com
  
 or or
  
-  lxc-create -n websrv -t debian-wheezy  -B btrfs+  lxc-create -n websrv -t debian-wheezy  -B btrfs --keyserver hkp://keyserver.ubuntu.com
  
 Start / Stop VS: Start / Stop VS:
Line 356: Line 359:
 Enter VS: Enter VS:
   lxc-console -n websrv   lxc-console -n websrv
 +
 +
 +In Buster, use the lxc-download script:
 +
 +  /usr/share/lxc/templates/lxc-download --list --no-validate| grep debian | grep amd64
 +  lxc-create -t /usr/share/lxc/templates/lxc-download -n <NAME> --  --no-validate -d debian -r buster -a amd64
  
  
Line 366: Line 375:
   lxc-clone --backingstore btrfs --orig vs1 --new vs2 --snapshot   lxc-clone --backingstore btrfs --orig vs1 --new vs2 --snapshot
  
 +\\
 +===== Mount external Dirs in Container =====
 +
 +The recommended way is to add the mountpoint with a relative path in the VS config:
 +
 +  lxc.mount.entry=/home/mountme home none bind,optional,relative,create=dir
 +
 +
 +Under some cicumstances it does not work (in unprivileged containers), but this works:
 +
 +  lxc.mount.entry = /home/test /home/vservers/stretch/rootfs/home/test none bind 0 0
 +
 +Also check Permissions and Ownership. chown to the root ID inside the container.
  
 \\ \\
 ===== brtfs snapshots ===== ===== brtfs snapshots =====
 +
 +the container must be stopped for a lxc-snapshot. use btrfs snapshot to backup running containers (mysql may get inconsitent)
  
 you need to create container with option  -B btrfs!! you need to create container with option  -B btrfs!!
  
   lxc-create -B btrfs -n mycontainer -t ubuntu   lxc-create -B btrfs -n mycontainer -t ubuntu
 +
 +
  
  
Line 380: Line 406:
   btrfs subvolume create /home/vservers/my-lxc-container/rootfs     btrfs subvolume create /home/vservers/my-lxc-container/rootfs  
   btrfs subvolume list /home/vservers   btrfs subvolume list /home/vservers
-  mv /home/vservers/my-lxc-container/rootfs.saved/* /home/vservers/my-lxc-container/rootfs/ 
-  lxc-snapshot -n webdev 
      
   # for unprivileged root container, check UID and GID of rootfs dir (here it is 100000):   # for unprivileged root container, check UID and GID of rootfs dir (here it is 100000):
   chown 100000:100000 /home/vservers/webdev/rootfs/   chown 100000:100000 /home/vservers/webdev/rootfs/
  
 +  mv /home/vservers/my-lxc-container/rootfs.saved/* /home/vservers/my-lxc-container/rootfs/
 +  lxc-snapshot -n webdev
 +
 +snapshot with comment
 +
 +  echo "working my-lxc-container before ..." > snap-comment
 +  lxc-stop -n my-lxc-container
 +  lxc-snapshot -n my-lxc-container -c snap-comment
 +  rm snap-comment
  
   * https://uli-heller.github.io/blog/2013/06/09/lxc-snapshots/   * https://uli-heller.github.io/blog/2013/06/09/lxc-snapshots/
Line 428: Line 461:
   lxc.id_map = g 0 100000 65536   lxc.id_map = g 0 100000 65536
  
 +in buster it's called idmap:
 +  lxc.idmap = u 0 100000 65536
 +  lxc.idmap = g 0 100000 65536
  
 **shift uuids to another span:** **shift uuids to another span:**
Line 524: Line 560:
  
   * https://github.com/debops/ansible-lxc/issues/15   * https://github.com/debops/ansible-lxc/issues/15
 +
 +** systemd cgroups fuckup**
 +
 +Could not find writable mount point for cgroup hierarchy 12 while trying to create cgroup
 +
 +12 is a systemd hierarchy - if you remove systemd and switch to sysvinit-core, this might be leftover.
 +
 +FIXME:
 +
 +check all of systemd is gone (uninstall ii):
 +  dpkg -l *systemd*
 +  apt remove --purge *systemd*    # without systemd apt/preferences.d/ must not be set
 +  
 +/etc/pam.d/common-session - unset this line:
 +
 +  session     optional    pam_cgfs.so -c freezer,memory,name=systemd
 +
 +Check, if 12 is still active:
 +
 +  cat /proc/self/cgroup
 +
 +WORKAROUND:
 +mcedit /etc/lxc/lxc.conf and remove 
 +  lxc.cgroup.use = @all
 +
 +* this is helpful: https://github.com/lxc/lxc/issues/1279
 +* this is not: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769494
 +
 +\\
  
 **SSH Config** **SSH Config**
Line 554: Line 619:
 permanent apt via ipv4: permanent apt via ipv4:
   echo 'Acquire::ForceIPv4 "true";' | tee /etc/apt/apt.conf.d/99force-ipv4   echo 'Acquire::ForceIPv4 "true";' | tee /etc/apt/apt.conf.d/99force-ipv4
 +
 +
 +**rsyslog error**
 +
 +TESTME
 +
 +rsyslog doesnt start on boot and errors in syslog:
 +  .. rsyslogd: imklog: cannot open kernel log(/proc/kmsg): Permission denied.
 +  .. rsyslogd-2145: activation of module imklog failed [try http://www.rsyslog.com/e/2145 ]
 +
 +Disable kernel logging in container /etc/rsyslog.conf:
 +
 +  # $ModLoad imklog   # provides kernel logging support
 +
  
  
linux/virtualization/lxc.txt · Last modified: 2022/01/13 23:08 by tkilla

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki