On Mon, Jul 22, 2013 at 11:08:07AM -0400, Matt Hicks wrote:
Warning - I'm fairly new to libvirt, lxc and systemd so there is a good chance I'm doing something terribly wrong here. However, instead of continuing to struggle, I figured I would mail the list for some advice. What I'm trying to accomplish is a libvirt-lxc, systemd-based container running on my system (Fedora 19). I've read that sharing the underlying OS filesystem with the containers doesn't work, so I've installed a minimal Fedora 19 install in /srv/mycontainer. Everything seems to work okay but what I'm struggling with is how to setup the initial accounts. I've tried to attach to the container using 'nsenter' (entering all the namespaces) but it doesn't appear that the bind mounts are in place. For example, I see the /etc/passwd for my host OS, not the container. Is there a better way to setup the initial accounts on the container?
Here is what I have installed:
$ rpm -qa | grep lxc libvirt-daemon-driver-lxc-1.0.5.2-1.fc19.x86_64 libvirt-daemon-lxc-1.0.5.2-1.fc19.x86_64
$ rpm -qa | grep systemd systemd-libs-204-9.fc19.x86_64 systemd-python-204-9.fc19.x86_64 systemd-sysv-204-9.fc19.x86_64 systemd-libs-204-9.fc19.i686 systemd-204-9.fc19.x86_64
Here is the scenario I'm trying to go through:
$ export LIBVIRT_DEFAULT_URI=lxc:/// $ getenforce Enforcing
$ sudo yum -y --releasever=19 --nogpg --installroot=/srv/mycontainer --disablerepo='*' --enablerepo=fedora install systemd passwd yum fedora-release vim-minimal ... lots of output
$ ls /srv/mycontainer/ bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
$ cat test2.xml <domain type='lxc'> <name>test2</name> <memory>102400</memory> <os> <type arch='x86_64'>exe</type> <init>/bin/systemd</init> </os> <devices> <console type='pty'/> <filesystem type='mount'> <source dir='/srv/mycontainer'/> <target dir='/'/> </filesystem> </devices> </domain>
$ virsh define test2.xml Domain test2 defined from test2.xml
$ virsh start test2 Domain test2 started
# Attach to container to set account passwords $ sudo nsenter -m -u -i -n -p -t `pgrep -f test2` [sudo] password for mhicks: [root@localhost /]# diff -q /srv/mycontainer/etc/passwd /etc/passwd Files /srv/mycontainer/etc/passwd and /etc/passwd differ
Any ideas?
Your pgrep is probably selecting the wrong process. You want to attach to the 'systemd' process, but I think your pgrep will find the 'libvirt_lxc' process instead. You shoudn't really use nsenter at all - use virsh -c lxc:/// lxc-enter-namespace test2 /bin/sh and it should "do the right thing" automatically finding the processes and namespaces. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|