meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
linux:lxc [2016/04/26 07:33] niziaklinux:lxc [2020/09/07 19:01] (current) niziak
Line 91: Line 91:
 <file | local/share/lxc/oldgitlab/config> <file | local/share/lxc/oldgitlab/config>
 lxc.mount.entry = /host/some/folder container/folder none bind,create=dir,optional 0 0 lxc.mount.entry = /host/some/folder container/folder none bind,create=dir,optional 0 0
-</code>+</file>
  
 ===== Templates ===== ===== Templates =====
Line 183: Line 183:
 Create container: Create container:
 <code bash>lxc-create -t download -n gitlab</code> <code bash>lxc-create -t download -n gitlab</code>
 +
 +==== Snapshot ====
 +
 +  ~$ lxc-snapshot -n gitlab
 +  newgidmap: gid range [165536-165537) -> [331072-331073) not allowed
 +  error mapping child
 +  setgid: Invalid argument
 +
 +lxc-snapshow is calling ''newgidmap'' 
 +
 +   lxc-snapshot 20160426080144.153 WARN     lxc_confile - confile.c:config_pivotdir:1877 - lxc.pivotdir is ignored.  It will soon become an error.
 +   lxc-snapshot 20160426080144.153 INFO     lxc_confile - confile.c:config_idmap:1498 - read uid map: type u nsid 0 hostid 165536 range 65536
 +   lxc-snapshot 20160426080144.153 INFO     lxc_confile - confile.c:config_idmap:1498 - read uid map: type g nsid 0 hostid 165536 range 65536
 +   lxc-snapshot 20160426080144.258 WARN     lxc_confile - confile.c:config_pivotdir:1877 - lxc.pivotdir is ignored.  It will soon become an error.
 +   lxc-snapshot 20160426080144.258 INFO     lxc_confile - confile.c:config_idmap:1498 - read uid map: type u nsid 0 hostid 165536 range 65536
 +   lxc-snapshot 20160426080144.258 INFO     lxc_confile - confile.c:config_idmap:1498 - read uid map: type g nsid 0 hostid 165536 range 65536
 +   lxc-snapshot 20160426080144.377 INFO     lxcbtrfs - bdev/lxcbtrfs.c:btrfs_snapshot:306 - btrfs: snapshot create ioctl returned 0
 +   lxc-snapshot 20160426080144.397 WARN     bdev - bdev/bdev.c:bdev_copy:393 - Failed to update ownership of /home/lxcgitlab/.local/share/lxc/oldgitlab/snaps/snap2/rootfs
 +   lxc-snapshot 20160426080144.397 INFO     lxc_container - lxccontainer.c:copy_file:2622 - Error stat'ing /home/lxcgitlab/.local/share/lxc/oldgitlab/lxc_rdepends
 +   lxc-snapshot 20160426080144.398 INFO     lxc_container - lxccontainer.c:copy_rdepends:2781 - Error copying reverse dependencies
 +
  
 ==== Autostart ==== ==== Autostart ====
Line 190: Line 211:
 lxc.start.delay = 5 lxc.start.delay = 5
 lxc.start.order = 100 lxc.start.order = 100
 +lxc.group = onboot
 </file> </file>
 <code> <code>
Line 199: Line 221:
 Edit cron Edit cron
 <code bash>crontab -e</code> <code bash>crontab -e</code>
-<code>@reboot lxc-autostart</code>+<code>@reboot /usr/bin/lxc-autostart --all</code>
  
  
Line 209: Line 231:
 ... ...
 </file> </file>
 +
 +===== Limit resources =====
 +<file | config>
 +# 512MB memory limit, 256MB soft limie - system treats it as low mem condition
 +lxc.cgroup.memory.limit_in_bytes = 512M
 +lxc.cgroup.memory.soft_limit_in_bytes = 256M
 +# total usage memory (swap+ram) limit to 1G
 +lxc.cgroup.memory.memsw.limit_in_bytes = 1G
 +
 +# arbitary value which only sets relative priority between containers
 +lxc.cgroup.cpu.shares = 100
 +
 +# restrict to use cpu core 0 and 1
 +lxc.cgroup.cpuset.cpus 0,1
 +
 +lxc.cgroup.blkio.weight 500
 +</file>
 +
 +Limiting runtime:
 +<code bash>lxc-cgroup -n test-container cpu.shares 100</code>
 +
 +<file | ~/.local/share/lxc/gitlab/config>
 +</file>
 +==== ulimit change for unpriv container ====
 +Inside container, this command fails:
 +<code bash>ulimit -n 65536</code>
 +
 +
 +
 +
  
 ===== Debug ===== ===== Debug =====
Line 231: Line 283:
 lxc-start 1460629578.159 ERROR    lxc_start_ui - lxc_start.c:main:345 - Additional information can be obtained by setting the --logfile and --logpriority options. lxc-start 1460629578.159 ERROR    lxc_start_ui - lxc_start.c:main:345 - Additional information can be obtained by setting the --logfile and --logpriority options.
 </code> </code>
 +
 +Debug levels: ''FATAL ALERT CRIT ERROR WARN NOTICE INFO DEBUG TRACE'' \\
 +
 +Configure debug levels in config file:
 +  lxc.logfile
 +  lxc.loglevel
 +
  
 ===== Errors ===== ===== Errors =====
 +
 +==== Failed to load config for gitlab ====
 +
 +Error after system upgrade. LXC has been updated from 2.0.1 to v 3.0.1
 +
 +<code bash>
 +$ lxc-info gitlab
 +Failed to load config for gitlab
 +Failure to retrieve information on /home/lxcgitlab/.local/share/lxc:gitlab
 +</code>
 +
 +SOLUTION:
 +<code bash>
 +cd /home/lxcgitlab/.local/share/lxc/gitlab
 +lxc-update-config -c config
 +</code>
 +
 ==== Failed to mount cgroup ==== ==== Failed to mount cgroup ====
 <code> <code>
Line 283: Line 359:
 systemctl restart lxc-net systemctl restart lxc-net
 </code> </code>
 +
 +==== umount: /dev/zero: block devices are not permitted on filesystem ====
 +During shutdown
 +<code>
 +umount: /dev/zero: block devices are not permitted on filesystem
 +umount: /dev/urandom: block devices are not permitted on filesystem
 +umount: /dev/tty: block devices are not permitted on filesystem
 +</code>
 +>Ah - this is happening because the shutdown process is trying to do a
 +>force umount.  We don't allow those (using seccom) because if the fs is
 +>a bind mount from a fuse or nfs, it'll disconnect the original mount.
 +>
 +>You can test this yourself by logging in and doing
 +>
 +>umount -f /dev/urandom
 +>
 +>versus
 +>
 +>umount /dev/urandom