@Not_Oles said:
Hi guys! Sorry, but I just received an email from Hetrix saying that fmt ping monitor is down on IPv4 and on IPv6. Reported to @Cloudie. Will update when I know more. Thanks very much! Tom
Hetrix says its monitors are again receiving ping responses from fmt as of eight minutes ago.
If you did everything the same as @subenhon, are you seeing any errors? It can be helpful for seeing errors to use the "-F" a/k/a "--foreground" option to lxc-start.
I've been busy, so, unfortunately, I haven't tried this myself yet. But I will, eventually.
It seems that the LXC containers might be working on this server! Thanks to @yoursunny for helping a lot to prepare the way! Thanks to @subenhon for blazing the trail!
~ $ cat $HOME/.config/lxc/default.conf
lxc.include = /etc/lxc/default.conf
lxc.idmap = u 0 1022000000 65536
lxc.idmap = g 0 1022000000 65536
~ $ lxc-create -n alpine -f $HOME/.config/lxc/default.conf -t download -- --dist alpine --release 3.17 --arch amd64
Using image from local cache
Unpacking the rootfs
---
You just created an Alpinelinux 3.17 x86_64 (20230123_20:03) container.
~ $# change container root password and network setting frome dhcp to manual
~ $ lxc-attach -n alpine
/ # passwd
Changing password for root
New password:
Retype password:
passwd: password for root changed by root
/ # exit
~ $ # container ip config
~ $ echo -e "lxc.net.0.ipv4.address = 192.168.188.58/24\nlxc.net.0.ipv4.gateway = auto" >> $HOME/.local/share/lxc/alpine/config
~ $ echo -e "lxc.net.0.ipv6.address = 2602:fba1:999:1c00:58::/64\nlxc.net.0.ipv6.gateway = auto" >> $HOME/.local/share/lxc/alpine/config
~ $ #restart container
~ $ lxc-stop -n alpine
~ $ lxc-start -n alpine
~ $ lxc-console -n alpine
Connected to tty 1
Type <Ctrl+a q> to exit the console, <Ctrl+a Ctrl+a> to enter Ctrl+a itself
Welcome to Alpine Linux 3.17
Kernel 6.1.8-0-lts on an x86_64 (/dev/tty1)
alpine login: root
Password:
Welcome to Alpine!
The Alpine Wiki contains a large amount of how-to guides and general
information about administrating Alpine systems.
See <https://wiki.alpinelinux.org/>.
You can setup the system with the command: setup-alpine
You may change this message by editing /etc/motd.
alpine:~# #add nameserver
alpine:~# echo -e "nameserver 1.1.1.1\nnameserver 2001:470:20::2\n" >> /etc/resolv.conf
alpine:~# ping -4 google.com
PING google.com (142.251.46.238): 56 data bytes
64 bytes from 142.251.46.238: seq=0 ttl=119 time=1.691 ms
64 bytes from 142.251.46.238: seq=1 ttl=119 time=1.604 ms
--- google.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 1.604/1.647/1.691 ms
alpine:~# ping -6 google.com
PING google.com (2607:f8b0:4005:80b::200e): 56 data bytes
64 bytes from 2607:f8b0:4005:80b::200e: seq=0 ttl=117 time=50.880 ms
64 bytes from 2607:f8b0:4005:80b::200e: seq=1 ttl=117 time=1.773 ms
There are some small differences between my procedure and @subenhon's procedure. In particular, I don't understand why @subenhon seemed to get working autoconfigured IPv4 out of the box and I perhaps didn't.
Here is my transcript.
# See @subenhon's post at
# https://lowendspirit.com/discussion/comment/127589/#Comment_127589
fmt:~/.config/lxc$ cat default.conf
lxc.include = /etc/lxc/default.conf
lxc.idmap = u 0 1000000000 65536
lxc.idmap = g 0 1000000000 65536
fmt:~/.config/lxc$ cd
fmt:~$ lxc-create -n alpine -f $HOME/.config/lxc/default.conf -t download -- --dist alpin
e --release 3.17 --arch amd64
../src/lxc/cmd/lxc_usernsexec.c: 64: opentty - Permission denied - Failed to open tty
../src/lxc/cmd/lxc_usernsexec.c: 64: opentty - Permission denied - Failed to open tty
../src/lxc/cmd/lxc_usernsexec.c: 64: opentty - Permission denied - Failed to open tty
Downloading the image index
Downloading the rootfs
Downloading the metadata
The image cache is now ready
Unpacking the rootfs
---
You just created an Alpinelinux 3.17 x86_64 (20230220_13:11) container.
fmt:~$ lxc-ls
alpine
fmt:~$ lxc-attach -n alpine
lxc-attach: alpine: ../src/lxc/attach.c: get_attach_context: 406 Connection refused - Failed to get init pid
lxc-attach: alpine: ../src/lxc/attach.c: lxc_attach: 1470 Connection refused - Failed to get attach context
fmt:~$ lxc-start -n alpine
fmt:~$ lxc-attach -n alpine
/ # cd
/bin/ash: cd: can't cd to /home/notoles: No such file or directory
/ # whoami
root
/ # cd root
~ # pwd
/root
~ # passwd
Changing password for root
New password:
Retype password:
passwd: password for root changed by root
~ # echo -e "nameserver 1.1.1.1\nnameserver 2001:470:20::2\n" >> /etc/resolv.conf
~ # ping -4 -c 2 google.com
ping: bad address 'google.com'
~ # exit
fmt:~$ echo -e "lxc.net.0.ipv4.address = 192.168.188.10/24\nlxc.net.0.ipv4.gateway = auto
" >> $HOME/.local/share/lxc/alpine/config
fmt:~$ echo -e "lxc.net.0.ipv6.address = 2602:fba1:999:1c00:10::/64\nlxc.net.0.ipv6.gatew
ay = auto" >> $HOME/.local/share/lxc/alpine/config
fmt:~$ cat -n $HOME/.local/share/lxc/alpine/config
1 # Template used to create this container: /usr/share/lxc/templates/lxc-download
2 # Parameters passed to the template: --dist alpine --release 3.17 --arch amd64
3 # For additional config options, please look at lxc.container.conf(5)
4
5 # Uncomment the following line to support nesting containers:
6 #lxc.include = /usr/share/lxc/config/nesting.conf
7 # (Be aware this has security implications)
8
9
10 # Distribution configuration
11 lxc.include = /usr/share/lxc/config/common.conf
12 lxc.include = /usr/share/lxc/config/userns.conf
13 lxc.arch = linux64
14
15 # Container specific configuration
16 lxc.include = /etc/lxc/default.conf
17 lxc.idmap = u 0 1000000000 65536
18 lxc.idmap = g 0 1000000000 65536
19 lxc.rootfs.path = dir:/home/notoles/.local/share/lxc/alpine/rootfs
20 lxc.uts.name = alpine
21
22 # Network configuration
23 lxc.net.0.ipv4.address = 192.168.188.10/24
24 lxc.net.0.ipv4.gateway = auto
25 lxc.net.0.ipv6.address = 2602:fba1:999:1c00:10::/64
26 lxc.net.0.ipv6.gateway = auto
fmt:~$ lxc-stop -n alpine
fmt:~$ lxc-start -n alpine
fmt:~$ lxc-attach -n alpine
/ # ping -4 -c 2 google.com
PING google.com (142.251.32.46): 56 data bytes
ping: sendto: Network unreachable
/ # ping -6 -c 2 google.com
PING google.com (2607:f8b0:4005:811::200e): 56 data bytes
64 bytes from 2607:f8b0:4005:811::200e: seq=0 ttl=119 time=1.602 ms
64 bytes from 2607:f8b0:4005:811::200e: seq=1 ttl=119 time=1.561 ms
--- google.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 1.561/1.581/1.602 ms
/ # / # ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0@if35: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether 00:16:3e:24:60:3e brd ff:ff:ff:ff:ff:ff
/ # ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0@if35: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether 00:16:3e:24:60:3e brd ff:ff:ff:ff:ff:ff
inet6 2602:fba1:999:1c00:10::/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::216:3eff:fe24:603e/64 scope link
valid_lft forever preferred_lft forever
/ # ip address add 192.168.188.10/24 dev eth0
/ # ip route add 192.168.188.1 dev eth0
/ # ip route add default via 192.168.188.1 dev eth0
/ # ping -4 -c 2 google.com
PING google.com (142.251.46.238): 56 data bytes
64 bytes from 142.251.46.238: seq=0 ttl=119 time=1.552 ms
64 bytes from 142.251.46.238: seq=1 ttl=119 time=1.534 ms
--- google.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 1.534/1.543/1.552 ms
/ # wget -qO- ipv4.icanhazip.com
23.134.88.227
/ # vi ipv4-up.sh
/ # cat -n ipv4-up.sh
1 ip address add 192.168.188.10/24 dev eth0
2 ip route add 192.168.188.1 dev eth0
3 ip route add default via 192.168.188.1 dev eth0
/ #
Hi @yoursunny! We were talking about setting your container quantity in /etc/lxc/lxc-usernet. Is it time to raise your quantity now? I forget how many you wanted, so can you remind me, please? Thanks!
@Not_Oles said: There are some small differences between my procedure and @subenhon's procedure. In particular, I don't understand why @subenhon seemed to get working autoconfigured IPv4 out of the box and I perhaps didn't.
@Not_Oles I change the network type from dhcp to manual when attach to the container , maybe you missed this part.
~ $# change container root password and network setting from dhcp to manual
~ $ lxc-attach -n alpine
/ # passwd
Changing password for root
New password:
Retype password:
passwd: password for root changed by root
@Not_Oles said:
Hi @yoursunny! We were talking about setting your container quantity in /etc/lxc/lxc-usernet. Is it time to raise your quantity now? I forget how many you wanted, so can you remind me, please? Thanks!
I typically configure "100" in lxc-usernet so it's never a limitation.
There's really no need to place a limit here, because a user can have practically any number of containers by making creating nested containers that isn't subject to this limit.
Comments
Hetrix says its monitors are again receiving ping responses from fmt as of eight minutes ago.
MetalVPS
Hey Tom, just trying it and looks like you need to add me to /etc/sub{u,g}id
The all seeing eye sees everything...
Hi! Okay, added to /etc/sub*id and also to /etc/lxc/lxc-usernet. Please let me know if you need anything else. Have fun!
MetalVPS
Thanks! However, I can't start my LXC container. Maybe it has something to do with lxcbr0?
The all seeing eye sees everything...
Hi again @terrorgen!
Can you please take another look at how @subenhon got his container started?
If you did everything the same as @subenhon, are you seeing any errors? It can be helpful for seeing errors to use the "-F" a/k/a "--foreground" option to
lxc-start
.I've been busy, so, unfortunately, I haven't tried this myself yet. But I will, eventually.
Thanks!
Tom
MetalVPS
I did, and it is stored at
~terrorgen/log
if you want to take a peek.To save everyone's time, I think it is because of this:
Does the lack of
systemd
in Alpine contribute to this? Cause I also saw some TRACE messages related to systemd not being found.The all seeing eye sees everything...
There are many interesting entries in those logs!
I forgot to initialize the bridge when I last rebooted. I have to set the bridge so it starts automagically.
Want to try starting your container again, please?
MetalVPS
And it's still not working for me to get NixOS run on LXC.
I tried downloading a standard debian and Ubuntu templates but was unsuccessful as well.
Must be the configuration.
The all seeing eye sees everything...
It seems that the LXC containers might be working on this server! Thanks to @yoursunny for helping a lot to prepare the way! Thanks to @subenhon for blazing the trail!
There are some small differences between my procedure and @subenhon's procedure. In particular, I don't understand why @subenhon seemed to get working autoconfigured IPv4 out of the box and I perhaps didn't.
Here is my transcript.
MetalVPS
Yes, systemd won't start in LXC container due to lack of cgroups.
See my test report:
https://lowendspirit.com/discussion/comment/125271/#Comment_125271
Look at
lxc.init.cmd
line under "these are typed by user".Webhosting24 aff best VPS; ServerFactory aff best VDS; Cloudie best ASN; Huel aff best brotein.
Hi @yoursunny! We were talking about setting your container quantity in /etc/lxc/lxc-usernet. Is it time to raise your quantity now? I forget how many you wanted, so can you remind me, please? Thanks!
MetalVPS
Sorry to hear. I should try these as well. Do you have any info about what went wrong? Any error messages? Thanks!
MetalVPS
@Not_Oles I change the network type from dhcp to manual when attach to the container , maybe you missed this part.
According to https://wiki.alpinelinux.org/wiki/LXC, cgroup can be enabled with
rc-update add cgroups
Worth a try, @Not_Oles?
The all seeing eye sees everything...
Hi again! Here are some shenanigans with Debian.
MetalVPS
Hi @terrorgen!
Already done, I think. Please take a look at the seond to last entry under Default runlevel.
MetalVPS
It looks like I can get a persistent Debian container by using tmux.
Inside the container, enter Ctrl-b followed by d to detach from the container and return to the host while leaving the container running.
On the host, enter "tmux attach" to reattach to the container which is still running inside tmux.
To stop the container from inside the container (which is inside tmux), enter "exit." To close tmux, enter "exit" again.
MetalVPS
Looks like bash is PID1 in your container?
The all seeing eye sees everything...
Btw, FMT not pingable from my end.
The all seeing eye sees everything...
Yup. Thanks for the reminder! Much appreciated!
MetalVPS
Yeah, work in the datacenter. Downtime was not expected. But it nevertheless seems to have arrived.
You can check
IPv4
IPv6
MetalVPS
Yeah, I think so, as a way to fix certain errors noted above which are, for easy reference, repeated here:
Now the questions are (1) why did the errors happen, and (2) can we find a configuration that prevents them from happening?
MetalVPS
I typically configure "100" in lxc-usernet so it's never a limitation.
There's really no need to place a limit here, because a user can have practically any number of containers by making creating nested containers that isn't subject to this limit.
Webhosting24 aff best VPS; ServerFactory aff best VDS; Cloudie best ASN; Huel aff best brotein.
I got similar errors on my NixOS container about autofs and cgroup and PID1 refusing to proceed further. Looks like a systemd issue now.
The all seeing eye sees everything...
Oh just found this from https://wiki.alpinelinux.org/wiki/LXD:
If you plan to run systemd based Linux distributions (Debian, Ubuntu, etc.), add this to /etc/conf.d/lxc:
systemd_container=yes
and enable both lxc and lxd to start at boot:
If you have problems, try to enable dbus:
rc-update add dbus
Reboot and lxd should be working.
The all seeing eye sees everything...
HI! The server seems to be back up, and services are restarted. If anybody has any issues, please let me know. Thanks!
MetalVPS
Inside LXC Container Described Above
On The Bare Metal Server Node
MetalVPS
I would also love to try one of the accounts. Thank you!!
Hi @superyuluo!
Welcome to LES! I hope you enjoy your time here!
Since you have a new account, I am sure that everyone here would enjoy meeting you. Would you please introduce yourself? Please tell us
who and where you are,
about your Linux experience, and
what you plan to do on the server.
Also, to give you an account, we need your ed25519 ssh public key. Would you please post your key or a link to it?
I am looking forward to having you join us on the server!
Best!
Tom
MetalVPS
Looks like I am still not able to start my container.
@Not_Oles you'll have to do this ☺️
The all seeing eye sees everything...