Re: [libvirt] What is the robust/recommended way to retrieve the PID of a VM's init process ?
Hi
Well if I need to run anything in the container context, short of entering it through e.g.
ssh - hoping this is properly set up - well, I can’t..
I am using libvirt / lxc to set up a build box; essentially every night I would spawn a
set of fresh VMs of some flavours (fedora18, ubuntu, what not) and use this to rebuild my
system from scratch
In this context it’s a real hassle to have to even set up ssh, there is no good reason for
the build VM to run an ssh service at all, and I am concerned it might pull dependencies
that I do not need/want
I’d much rather have a direct means to just run some command inside the container.
Admittedly I’m brain-damaged after having used vservers for too long, and their ‘vserver
<container> exec command to run’ feature is in my genes now ;)
Now maybe I am the one who is missing something and there already is something to do that
?
Using the trick below I essentially have what I need mind you, I’m just concerned that it
kind of works by accident :-)
Thanks for the feedback in any case — Thierry
On 20 Jan 2014, at 12:49, Daniel P. Berrange <berrange(a)redhat.com> wrote:
On Mon, Jan 20, 2014 at 11:38:08AM +0100, Thierry Parmentelat wrote:
> Hello there
>
> I am trying to locate the namespaces in place for a given lxc container (specifically
/proc/<pid>/ns/*)
>
> And to this end I was wondering what is the recommended way to probe for an lxc
container's init pid
> (mostly I'm after the mnt and pid namespaces, and probably network ones, but the
actual list probably should not matter)
>
> I've found about "virsh domid" but this gives me the pid for
libvirt_lxc, which turns out to have unmodified namespaces (at least as far as the mnt
ns)
> OTOH this process has exactly one child which is the container's init, which
seems to have the right set of namespaces
>
> My angle right now is to look in /proc/<domid_pid>/task/children for a -
hopefully single - pid and
> that seems to work for now, but I am concerned this code may be fragile so I would
rather use a more
> robust approach; or maybe this is robust ?
We don't really wish to expose the container PIDs to the host or namespace
details to client apps. Can you give more info about what you're trying to
achieve overall. I'd like to understand if there's some higher level API
we're missing that would more directly address your needs.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|