lost and found ( for me ? )

Fedora 21 : install Linux container ( LXC ) on Fedora 21 and create a CentOS7 container

Here are logs when installing lxc on Fedora 21 and creating a CentOS7 container in that machine.

Host OS : Fedora 21
container : CentOS7

install lxc
# yum install lxc lxc-templates lxc-extra

[root@f21 ~]# rpm -qa | grep lxc

# repoquery --list lxc

# repoquery --list lxc-templates

# repoquery --list lxc-extra

create a centos7 container.

I will create the container with lxc-centos script.
go to the /usr/share/lxc/templates directory so that I can create containers with templates.
[root@f21 templates]# pwd
[root@f21 templates]#
[root@f21 templates]# ls
lxc-alpine     lxc-centos    lxc-fedora        lxc-oracle  lxc-ubuntu-cloud
lxc-altlinux   lxc-cirros    lxc-gentoo        lxc-plamo
lxc-archlinux  lxc-debian    lxc-openmandriva  lxc-sshd
lxc-busybox    lxc-download  lxc-opensuse      lxc-ubuntu
[root@f21 templates]#

create the container.
[root@f21 templates]# ./lxc-centos -n centos7-cn1 -R 7 -p /run/media/hattori/external_HDD/lxc/centos7-cn1
Host CPE ID from /etc/os-release: cpe:/o:fedoraproject:fedora:21
Checking cache download in /var/cache/lxc/centos/x86_64/7/rootfs ...
Cache found. Updating...
warning: Failed to read auxiliary vector, /proc not mounted?
warning: Failed to read auxiliary vector, /proc not mounted?
warning: Failed to read auxiliary vector, /proc not mounted?
warning: Failed to read auxiliary vector, /proc not mounted?

The root password is set up as expired and will require it to be changed
at first login, which you should do as soon as possible.  If you lose the
root password or wish to change it without starting the container, you
can change it from the host by running the following command (which will
also reset the expired flag):

       chroot /run/media/hattori/external_HDD/lxc/centos7-cn1/rootfs passwd

[root@f21 templates]#

okay, the container was created, but I saw warning messages.
nnn, what is this?

Googling this errors, it is okay to ignore this.

add the following line so that the container can use the network.
lxc.network.type = veth
lxc.network.link = virbr0
lxc.network.flags = up
lxc.network.name = eth0

start the container.
[root@f21 ~]# lxc-start -n centos7-cn1

nnn, very slow.. can not login..

let’s see the config file.

# grep -v ^# /var/run/media/hattori/external_HDD/lxc/centos7-cn1/config | grep -v ^$
lxc.rootfs = /run/media/hattori/external_HDD/lxc/centos7-cn1/rootfs
lxc.include = /usr/share/lxc/config/centos.common.conf
lxc.arch = x86_64
lxc.utsname = centos7-cn1
lxc.autodev = 1
lxc.network.type = veth
lxc.network.link = virbr0
lxc.network.flags = up
lxc.network.name = eth0

I found similar issues

The workaround on this is:

edit  centos.common.conf

lxc.cap.drop = mac_admin mac_override setfcap setpcap
lxc.cap.drop = sys_module sys_nice sys_pacct
lxc.cap.drop = sys_rawio sys_time

#lxc.cap.drop = mac_admin mac_override setfcap setpcap
#lxc.cap.drop = sys_module sys_nice sys_pacct
#lxc.cap.drop = sys_rawio sys_time

start the container.
okay, I was able to log into that without delay.
[root@f21 ~]# lxc-start -n centos7-cn1
systemd 208 running in system mode. (+PAM +LIBWRAP +AUDIT +SELINUX +IMA +SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ)
Detected virtualization 'lxc'.

Welcome to CentOS Linux 7 (Core)!

Cannot add dependency job for unit display-manager.service, ignoring: Unit display-manager.service failed to load: No such file or directory.
[  OK  ] Reached target Remote File Systems.
[  OK  ] Listening on Delayed Shutdown Socket.
[  OK  ] Listening on /dev/initctl Compatibility Named Pipe.
[  OK  ] Listening on Journal Socket.
        Mounting Debug File System...
        Starting Journal Service...
[  OK  ] Started Journal Service.
        Mounting Configuration File System...
        Starting Create static device nodes in /dev...
[  OK  ] Reached target Encrypted Volumes.
<46>systemd-journald[11]: Vacuuming done, freed 0 bytes
        Mounting POSIX Message Queue File System...
        Mounting Huge Pages File System...
        Mounting FUSE Control File System...
[  OK  ] Reached target Swap.
        Starting Remount Root and Kernel File Systems...
[  OK  ] Created slice Root Slice.
[  OK  ] Created slice User and Session Slice.
[  OK  ] Created slice System Slice.
[  OK  ] Reached target Slices.
[  OK  ] Created slice system-getty.slice.
[  OK  ] Started Create static device nodes in /dev.
[  OK  ] Mounted Debug File System.
[  OK  ] Mounted Configuration File System.
[  OK  ] Mounted POSIX Message Queue File System.
[  OK  ] Mounted FUSE Control File System.
[  OK  ] Mounted Huge Pages File System.
[  OK  ] Started Remount Root and Kernel File Systems.
        Starting Load/Save Random Seed...
        Starting Configure read-only root support...
[  OK  ] Reached target Local File Systems (Pre).
[  OK  ] Started Load/Save Random Seed.
[  OK  ] Started Configure read-only root support.
[  OK  ] Reached target Local File Systems.
        Starting Trigger Flushing of Journal to Persistent Storage...
        Starting Create Volatile Files and Directories...
[  OK  ] Started Create Volatile Files and Directories.
        Starting Update UTMP about System Reboot/Shutdown...
<46>systemd-journald[11]: Received request to flush runtime journal from PID 1
[  OK  ] Started Trigger Flushing of Journal to Persistent Storage.
[  OK  ] Started Update UTMP about System Reboot/Shutdown.
[  OK  ] Reached target System Initialization.
[  OK  ] Reached target Timers.
[  OK  ] Reached target Paths.
[  OK  ] Listening on D-Bus System Message Bus Socket.
[  OK  ] Reached target Sockets.
[  OK  ] Reached target Basic System.
        Starting LSB: Bring up/down networking...
        Starting System Logging Service...
        Starting Permit User Sessions...
        Starting Login Service...
        Starting D-Bus System Message Bus...
[  OK  ] Started D-Bus System Message Bus.
        Starting Dump dmesg to /var/log/dmesg...
        Starting Cleanup of Temporary Directories...
[  OK  ] Started Permit User Sessions.
        Starting Console Getty...
[  OK  ] Started Console Getty.
[  OK  ] Reached target Login Prompts.
[  OK  ] Started Dump dmesg to /var/log/dmesg.
[  OK  ] Started Login Service.
[  OK  ] Started System Logging Service.
[  OK  ] Started Cleanup of Temporary Directories.

CentOS Linux 7 (Core)
Kernel 3.17.8-300.fc21.x86_64 on an x86_64

centos7-cn1 login: root
Last login: Sat Jan 17 02:43:56 on console
[root@centos7-cn1 ~]# ip add show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
   inet scope host lo
      valid_lft forever preferred_lft forever
   inet6 ::1/128 scope host
      valid_lft forever preferred_lft forever
12: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
   link/ether f2:26:16:ad:ba:23 brd ff:ff:ff:ff:ff:ff
   inet brd scope global dynamic eth0
      valid_lft 3599sec preferred_lft 3599sec
   inet6 fe80::f026:16ff:fead:ba23/64 scope link
      valid_lft forever preferred_lft forever

Here are config files.
# grep -v ^# /var/run/media/hattori/external_HDD/lxc/centos7-cn1/config | grep -v ^$
lxc.rootfs = /run/media/hattori/external_HDD/lxc/centos7-cn1/rootfs
lxc.include = /usr/share/lxc/config/centos.common.conf
lxc.arch = x86_64
lxc.utsname = centos7-cn1
lxc.autodev = 1
lxc.network.type = veth
lxc.network.link = virbr0
lxc.network.flags = up
lxc.network.name = eth0

# grep -v ^# /usr/share/lxc/config/centos.common.conf | grep -v ^$
lxc.devttydir = lxc
lxc.tty = 4
lxc.pts = 1024
lxc.mount.auto = proc:mixed sys:ro
lxc.hook.clone = /usr/share/lxc/hooks/clonehostname
lxc.cgroup.devices.deny = a
lxc.cgroup.devices.allow = c *:* m
lxc.cgroup.devices.allow = b *:* m
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
lxc.cgroup.devices.allow = c 1:7 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
lxc.seccomp = /usr/share/lxc/config/common.seccomp

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.