Differences

This shows you the differences between two versions of the page.

--- linux:lxc [2016/04/26 07:23] – niziak
+++ linux:lxc [2020/09/07 19:01] (current) – niziak
@@ Line 10: / Line 10: @@
 sudo lxc-checkconfig
 </code>
 Make sure cgroup filesystem is mounted
 <file | /etc/fstab>
 cgroup	/sys/fs/cgroup	cgroup	defaults	0	0
@@ Line 16: / Line 18: @@
 ===== LXC Files ====
 ==== Priviledged containers ====
   * /var/lib/lxc default container place
@@ Line 62: / Line 65: @@
 │       │       └── snaps
 │       │           └── snap0
-''
+</code>
 ===== Basic usage =====
 <code bash>
 lxc-create -n test-container -t ubuntu
+lxc-create -n test-container -t ubuntu -B btrfs
+lxc-create -n test-container -t download -B btrfs
+lxc-destroy -n test-container
 lxc-start -n test-container
 lxc-start -n test-container --daemon
-lxc-info -n test-container
-lxc-attach -n test-container
-lxc-console -n test-container
 lxc-stop -n  test-container
-lxc-destroy -n test-container
-</code>
-==== Getting info ====
-<code bash>
 lxc-ls --fancy
 lxc-info -n test-container
+lxc-attach -n test-container
+lxc-console -n test-container
+lxc-snapshot -n test-container
 </code>
 ==== Bind mounts ====
 <file | local/share/lxc/oldgitlab/config>
 lxc.mount.entry = /host/some/folder container/folder none bind,create=dir,optional 0 0
-</code>
+</file>
 ===== Templates =====
@@ Line 179: / Line 183: @@
 Create container:
 <code bash>lxc-create -t download -n gitlab</code>
+==== Snapshot ====
+  ~$ lxc-snapshot -n gitlab
+  newgidmap: gid range [165536-165537) -> [331072-331073) not allowed
+  error mapping child
+  setgid: Invalid argument
+lxc-snapshow is calling ''newgidmap''
+   lxc-snapshot 20160426080144.153 WARN     lxc_confile - confile.c:config_pivotdir:1877 - lxc.pivotdir is ignored.  It will soon become an error.
+   lxc-snapshot 20160426080144.153 INFO     lxc_confile - confile.c:config_idmap:1498 - read uid map: type u nsid 0 hostid 165536 range 65536
+   lxc-snapshot 20160426080144.153 INFO     lxc_confile - confile.c:config_idmap:1498 - read uid map: type g nsid 0 hostid 165536 range 65536
+   lxc-snapshot 20160426080144.258 WARN     lxc_confile - confile.c:config_pivotdir:1877 - lxc.pivotdir is ignored.  It will soon become an error.
+   lxc-snapshot 20160426080144.258 INFO     lxc_confile - confile.c:config_idmap:1498 - read uid map: type u nsid 0 hostid 165536 range 65536
+   lxc-snapshot 20160426080144.258 INFO     lxc_confile - confile.c:config_idmap:1498 - read uid map: type g nsid 0 hostid 165536 range 65536
+   lxc-snapshot 20160426080144.377 INFO     lxcbtrfs - bdev/lxcbtrfs.c:btrfs_snapshot:306 - btrfs: snapshot create ioctl returned 0
+   lxc-snapshot 20160426080144.397 WARN     bdev - bdev/bdev.c:bdev_copy:393 - Failed to update ownership of /home/lxcgitlab/.local/share/lxc/oldgitlab/snaps/snap2/rootfs
+   lxc-snapshot 20160426080144.397 INFO     lxc_container - lxccontainer.c:copy_file:2622 - Error stat'ing /home/lxcgitlab/.local/share/lxc/oldgitlab/lxc_rdepends
+   lxc-snapshot 20160426080144.398 INFO     lxc_container - lxccontainer.c:copy_rdepends:2781 - Error copying reverse dependencies
 ==== Autostart ====
@@ Line 186: / Line 211: @@
 lxc.start.delay = 5
 lxc.start.order = 100
+lxc.group = onboot
 </file>
 <code>
@@ Line 195: / Line 221: @@
 Edit cron
 <code bash>crontab -e</code>
-<code>@reboot lxc-autostart</code>
+<code>@reboot /usr/bin/lxc-autostart --all</code>
@@ Line 205: / Line 231: @@
 ...
 </file>
+===== Limit resources =====
+<file | config>
+# 512MB memory limit, 256MB soft limie - system treats it as low mem condition
+lxc.cgroup.memory.limit_in_bytes = 512M
+lxc.cgroup.memory.soft_limit_in_bytes = 256M
+# total usage memory (swap+ram) limit to 1G
+lxc.cgroup.memory.memsw.limit_in_bytes = 1G
+# arbitary value which only sets relative priority between containers
+lxc.cgroup.cpu.shares = 100
+# restrict to use cpu core 0 and 1
+lxc.cgroup.cpuset.cpus 0,1
+lxc.cgroup.blkio.weight 500
+</file>
+Limiting runtime:
+<code bash>lxc-cgroup -n test-container cpu.shares 100</code>
+<file | ~/.local/share/lxc/gitlab/config>
+</file>
+==== ulimit change for unpriv container ====
+Inside container, this command fails:
+<code bash>ulimit -n 65536</code>
 ===== Debug =====
@@ Line 227: / Line 283: @@
 lxc-start 1460629578.159 ERROR    lxc_start_ui - lxc_start.c:main:345 - Additional information can be obtained by setting the --logfile and --logpriority options.
 </code>
+Debug levels: ''FATAL ALERT CRIT ERROR WARN NOTICE INFO DEBUG TRACE'' \\
+Configure debug levels in config file:
+  lxc.logfile
+  lxc.loglevel
 ===== Errors =====
+==== Failed to load config for gitlab ====
+Error after system upgrade. LXC has been updated from 2.0.1 to v 3.0.1
+<code bash>
+$ lxc-info gitlab
+Failed to load config for gitlab
+Failure to retrieve information on /home/lxcgitlab/.local/share/lxc:gitlab
+</code>
+SOLUTION:
+<code bash>
+cd /home/lxcgitlab/.local/share/lxc/gitlab
+lxc-update-config -c config
+</code>
 ==== Failed to mount cgroup ====
 <code>
@@ Line 279: / Line 359: @@
 systemctl restart lxc-net
 </code>
+==== umount: /dev/zero: block devices are not permitted on filesystem ====
+During shutdown
+<code>
+umount: /dev/zero: block devices are not permitted on filesystem
+umount: /dev/urandom: block devices are not permitted on filesystem
+umount: /dev/tty: block devices are not permitted on filesystem
+</code>
+>Ah - this is happening because the shutdown process is trying to do a
+>force umount.  We don't allow those (using seccom) because if the fs is
+>a bind mount from a fuse or nfs, it'll disconnect the original mount.
+>
+>You can test this yourself by logging in and doing
+>
+>umount -f /dev/urandom
+>
+>versus
+>
+>umount /dev/urandom

Tools

menus and quick search

quick search

site status

Page Tools

meta data for this page

Differences