Re: [libvirt-users] Libvirt-lxc and systemd question
On Mon, Jul 22, 2013 at 11:08:07AM -0400, Matt Hicks wrote:
Warning - I'm fairly new to libvirt, lxc and systemd so there is
a
good chance I'm doing something terribly wrong here. However,
instead of continuing to struggle, I figured I would mail the list
for some advice. What I'm trying to accomplish is a libvirt-lxc,
systemd-based container running on my system (Fedora 19). I've read
that sharing the underlying OS filesystem with the containers
doesn't work, so I've installed a minimal Fedora 19 install in
/srv/mycontainer. Everything seems to work okay but what I'm
struggling with is how to setup the initial accounts. I've tried to
attach to the container using 'nsenter' (entering all the
namespaces) but it doesn't appear that the bind mounts are in place.
For example, I see the /etc/passwd for my host OS, not the
container. Is there a better way to setup the initial accounts on
the container?
Here is what I have installed:
$ rpm -qa | grep lxc
libvirt-daemon-driver-lxc-1.0.5.2-1.fc19.x86_64
libvirt-daemon-lxc-1.0.5.2-1.fc19.x86_64
$ rpm -qa | grep systemd
systemd-libs-204-9.fc19.x86_64
systemd-python-204-9.fc19.x86_64
systemd-sysv-204-9.fc19.x86_64
systemd-libs-204-9.fc19.i686
systemd-204-9.fc19.x86_64
Here is the scenario I'm trying to go through:
$ export LIBVIRT_DEFAULT_URI=lxc:///
$ getenforce
Enforcing
$ sudo yum -y --releasever=19 --nogpg --installroot=/srv/mycontainer
--disablerepo='*' --enablerepo=fedora install systemd passwd yum
fedora-release vim-minimal
... lots of output
$ ls /srv/mycontainer/
bin boot dev etc home lib lib64 media mnt opt proc root
run sbin srv sys tmp usr var
$ cat test2.xml
<domain type='lxc'>
<name>test2</name>
<memory>102400</memory>
<os>
<type arch='x86_64'>exe</type>
<init>/bin/systemd</init>
</os>
<devices>
<console type='pty'/>
<filesystem type='mount'>
<source dir='/srv/mycontainer'/>
<target dir='/'/>
</filesystem>
</devices>
</domain>
$ virsh define test2.xml
Domain test2 defined from test2.xml
$ virsh start test2
Domain test2 started
# Attach to container to set account passwords
$ sudo nsenter -m -u -i -n -p -t `pgrep -f test2`
[sudo] password for mhicks:
[root@localhost /]# diff -q /srv/mycontainer/etc/passwd /etc/passwd
Files /srv/mycontainer/etc/passwd and /etc/passwd differ
Any ideas?
Your pgrep is probably selecting the wrong process. You want to attach
to the 'systemd' process, but I think your pgrep will find the
'libvirt_lxc'
process instead.
You shoudn't really use nsenter at all - use
virsh -c lxc:/// lxc-enter-namespace test2 /bin/sh
and it should "do the right thing" automatically finding the processes
and namespaces.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|