よく分からずやっています。
真似しないでください。
とりあえず実行してみた備忘録です。
これから色々調べます。
こちらを参考にしました。
Plamo Linux 7.x
lxc-4.0.4
という環境です。
takahiroユーザで非特権コンテナを作成します。
まず/etc/subuidと/etc/subgidを作成しるため、以下コマンドを実行しました。
takahiro@plamovaio:~$ sudo usermod -v 100000-165535 -w 100000-165535 takahiro
takahiro@plamovaio:~$ cat /etc/subuid /etc/subgid
takahiro:100000:65536
takahiro:100000:65536
takahiro:100000:65536
takahiro:100000:65536
takahiro@plamovaio:~$ echo "takahiro veth lxcbr0 10" | sudo tee -a /etc/lxc/lxc-usernet
takahiro veth lxcbr0 10
takahiro@plamovaio:~$ echo "session optional pam_cgfs.so -c all" | sudo tee -a /etc/pam.d/system-session
session optional pam_cgfs.so -c all
ここで再起動しました。ログアウトしてログインだとだめでした。
次に$HOME/.config/lxc/default.confを作成します。
参考にしたサイトではlxc.id_mapになっていましたが、これだとlxc-create実行時にエラーになってしまいます。
こちらを見たところlxc.idmapになっていたので、私の方もそうしましたところエラーにはならなくなりました。
lxcのバージョンによって違うのでしょうか?
まだ調べていません。
takahiro@plamovaio:~$ cd
takahiro@plamovaio:~$ mkdir -p .config/lxc
takahiro@plamovaio:~$ cp /etc/lxc/default.conf .config/lxc/
takahiro@plamovaio:~$ vim .config/lxc/default.conf
takahiro@plamovaio:~$ cat .config/lxc/default.conf
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
コンテナを作成します。
takahiro@plamovaio:~$ lxc-create --name plamolxc02 --template download -- --dist plamo --release 7.x --arch amd64
Setting up the GPG keyring
Downloading the image index
Downloading the rootfs
Downloading the metadata
The image cache is now ready
Unpacking the rootfs
---
You just created an Plamolinux 7.x x86_64 (20201013_01:33) container.
Setting up the GPG keyring
Downloading the image index
Downloading the rootfs
Downloading the metadata
The image cache is now ready
Unpacking the rootfs
---
You just created an Plamolinux 7.x x86_64 (20201013_01:33) container.
takahiro@plamovaio:~ lxc-ls --fancy
NAME STATE AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED
plamolxc02 STOPPED 0 - - - true
NAME STATE AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED
plamolxc02 STOPPED 0 - - - true
コンテナを起動します…が、エラーに。
takahiro@plamovaio:~$ lxc-start -n plamolxc02
lxc-start: plamolxc02: /Plamo-src/plamo/16_virtualization/lxc/lxc-4.0.4/src/lxc/lxccontainer.c: wait_on_daemonized_start: 849 Received container state "ABORTING" instead of "RUNNING"
lxc-start: plamolxc02: /Plamo-src/plamo/16_virtualization/lxc/lxc-4.0.4/src/lxc/tools/lxc_start.c: main: 308 The container failed to start
lxc-start: plamolxc02: /Plamo-src/plamo/16_virtualization/lxc/lxc-4.0.4/src/lxc/tools/lxc_start.c: main: 311 To get more details, run the container in foreground mode
lxc-start: plamolxc02: /Plamo-src/plamo/16_virtualization/lxc/lxc-4.0.4/src/lxc/tools/lxc_start.c: main: 313 Additional information can be obtained by setting the --logfile and --logpriority options
lxc-start: plamolxc02: /Plamo-src/plamo/16_virtualization/lxc/lxc-4.0.4/src/lxc/lxccontainer.c: wait_on_daemonized_start: 849 Received container state "ABORTING" instead of "RUNNING"
lxc-start: plamolxc02: /Plamo-src/plamo/16_virtualization/lxc/lxc-4.0.4/src/lxc/tools/lxc_start.c: main: 308 The container failed to start
lxc-start: plamolxc02: /Plamo-src/plamo/16_virtualization/lxc/lxc-4.0.4/src/lxc/tools/lxc_start.c: main: 311 To get more details, run the container in foreground mode
lxc-start: plamolxc02: /Plamo-src/plamo/16_virtualization/lxc/lxc-4.0.4/src/lxc/tools/lxc_start.c: main: 313 Additional information can be obtained by setting the --logfile and --logpriority options
takahiro@plamovaio:~$ sudo /etc/rc.d/init.d/lxc start
* Starting LXC autoboot containers:
* Starting LXC autoboot containers:
takahiro@plamovaio:~$ lxc-start -n plamolxc02
lxc-start: plamolxc02: /Plamo-src/plamo/16_virtualization/lxc/lxc-4.0.4/src/lxc/lxccontainer.c: wait_on_daemonized_start: 849 Received container state "ABORTING" instead of "RUNNING"
lxc-start: plamolxc02: /Plamo-src/plamo/16_virtualization/lxc/lxc-4.0.4/src/lxc/tools/lxc_start.c: main: 308 The container failed to start
lxc-start: plamolxc02: /Plamo-src/plamo/16_virtualization/lxc/lxc-4.0.4/src/lxc/tools/lxc_start.c: main: 311 To get more details, run the container in foreground mode
lxc-start: plamolxc02: /Plamo-src/plamo/16_virtualization/lxc/lxc-4.0.4/src/lxc/tools/lxc_start.c: main: 313 Additional information can be obtained by setting the --logfile and --logpriority options
lxc-start: plamolxc02: /Plamo-src/plamo/16_virtualization/lxc/lxc-4.0.4/src/lxc/lxccontainer.c: wait_on_daemonized_start: 849 Received container state "ABORTING" instead of "RUNNING"
lxc-start: plamolxc02: /Plamo-src/plamo/16_virtualization/lxc/lxc-4.0.4/src/lxc/tools/lxc_start.c: main: 308 The container failed to start
lxc-start: plamolxc02: /Plamo-src/plamo/16_virtualization/lxc/lxc-4.0.4/src/lxc/tools/lxc_start.c: main: 311 To get more details, run the container in foreground mode
lxc-start: plamolxc02: /Plamo-src/plamo/16_virtualization/lxc/lxc-4.0.4/src/lxc/tools/lxc_start.c: main: 313 Additional information can be obtained by setting the --logfile and --logpriority options
takahiro@plamovaio:~$ sudo /etc/rc.d/init.d/lxcfs start
* Starting... LXCFS
* Starting... LXCFS
takahiro@plamovaio:~$ lxc-start -n plamolxc02
lxc-start: plamolxc02: /Plamo-src/plamo/16_virtualization/lxc/lxc-4.0.4/src/lxc/lxccontainer.c: wait_on_daemonized_start: 849 Received container state "ABORTING" instead of "RUNNING"
lxc-start: plamolxc02: /Plamo-src/plamo/16_virtualization/lxc/lxc-4.0.4/src/lxc/tools/lxc_start.c: main: 308 The container failed to start
lxc-start: plamolxc02: /Plamo-src/plamo/16_virtualization/lxc/lxc-4.0.4/src/lxc/tools/lxc_start.c: main: 311 To get more details, run the container in foreground mode
lxc-start: plamolxc02: /Plamo-src/plamo/16_virtualization/lxc/lxc-4.0.4/src/lxc/tools/lxc_start.c: main: 313 Additional information can be obtained by setting the --logfile and --logpriority options
lxc-start: plamolxc02: /Plamo-src/plamo/16_virtualization/lxc/lxc-4.0.4/src/lxc/lxccontainer.c: wait_on_daemonized_start: 849 Received container state "ABORTING" instead of "RUNNING"
lxc-start: plamolxc02: /Plamo-src/plamo/16_virtualization/lxc/lxc-4.0.4/src/lxc/tools/lxc_start.c: main: 308 The container failed to start
lxc-start: plamolxc02: /Plamo-src/plamo/16_virtualization/lxc/lxc-4.0.4/src/lxc/tools/lxc_start.c: main: 311 To get more details, run the container in foreground mode
lxc-start: plamolxc02: /Plamo-src/plamo/16_virtualization/lxc/lxc-4.0.4/src/lxc/tools/lxc_start.c: main: 313 Additional information can be obtained by setting the --logfile and --logpriority options
takahiro@plamovaio:~$ sudo /etc/rc.d/init.d/cgroupfs-mount start
Mounting cgroupfs hierarchymount: /sys/fs/cgroup/systemd: cgroup は /sys/fs/cgroup にマウント済みです.
Mounting cgroupfs hierarchymount: /sys/fs/cgroup/systemd: cgroup は /sys/fs/cgroup にマウント済みです.
takahiro@plamovaio:~$ lxc-start -n plamolxc02
lxc-start: plamolxc02: /Plamo-src/plamo/16_virtualization/lxc/lxc-4.0.4/src/lxc/lxccontainer.c: wait_on_daemonized_start: 849 Received container state "ABORTING" instead of "RUNNING"
lxc-start: plamolxc02: /Plamo-src/plamo/16_virtualization/lxc/lxc-4.0.4/src/lxc/tools/lxc_start.c: main: 308 The container failed to start
lxc-start: plamolxc02: /Plamo-src/plamo/16_virtualization/lxc/lxc-4.0.4/src/lxc/tools/lxc_start.c: main: 311 To get more details, run the container in foreground mode
lxc-start: plamolxc02: /Plamo-src/plamo/16_virtualization/lxc/lxc-4.0.4/src/lxc/tools/lxc_start.c: main: 313 Additional information can be obtained by setting the --logfile and --logpriority options
lxc-start: plamolxc02: /Plamo-src/plamo/16_virtualization/lxc/lxc-4.0.4/src/lxc/lxccontainer.c: wait_on_daemonized_start: 849 Received container state "ABORTING" instead of "RUNNING"
lxc-start: plamolxc02: /Plamo-src/plamo/16_virtualization/lxc/lxc-4.0.4/src/lxc/tools/lxc_start.c: main: 308 The container failed to start
lxc-start: plamolxc02: /Plamo-src/plamo/16_virtualization/lxc/lxc-4.0.4/src/lxc/tools/lxc_start.c: main: 311 To get more details, run the container in foreground mode
lxc-start: plamolxc02: /Plamo-src/plamo/16_virtualization/lxc/lxc-4.0.4/src/lxc/tools/lxc_start.c: main: 313 Additional information can be obtained by setting the --logfile and --logpriority options
ここでやっとログファイルを見てみようという気に。
takahiro@plamovaio:~ lxc-start -n plamolxc02 --logfile /tmp/lxc-start.log --logpriority DEBUG
/tmp/lxc-start.logを見ると、次のようなエラーがあります。
lxc-4.0.4/src/lxc/start.c:print_top_failing_dir:98 - Permission denied - Could not access /home/takahiro/.local/share. Please grant it x access, or add an ACL for the container root
良いのか分かりませんが、chmod +x しろというエラーのようです。
してみます。
takahiro@plamovaio:~$ ls -l /home/takahiro/.local/
合計 8,192
drwxr-xr-x 3 takahiro users 4,096 10月 6日 22:19 lib/
drwx------ 11 takahiro users 4,096 10月 13日 18:58 share/
合計 8,192
drwxr-xr-x 3 takahiro users 4,096 10月 6日 22:19 lib/
drwx------ 11 takahiro users 4,096 10月 13日 18:58 share/
takahiro@plamovaio:~$ chmod +x /home/takahiro/.local/share
takahiro@plamovaio:~$ ls -l /home/takahiro/.local/
合計 8,192
drwxr-xr-x 3 takahiro users 4,096 10月 6日 22:19 lib/
drwx--x--x 11 takahiro users 4,096 10月 13日 18:58 share/
合計 8,192
drwxr-xr-x 3 takahiro users 4,096 10月 6日 22:19 lib/
drwx--x--x 11 takahiro users 4,096 10月 13日 18:58 share/
再度lxc-startを実行します。
takahiro@plamovaio:~$ lxc-start -n plamolxc02
takahiro@plamovaio:~$
takahiro@plamovaio:~$
何のエラーもなく起動しました。
takahiro@plamovaio:~$ lxc-ls --fancy
NAME STATE AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED
plamolxc02 RUNNING 0 - 10.0.3.66 - true
NAME STATE AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED
plamolxc02 RUNNING 0 - 10.0.3.66 - true
2 件のコメント:
こんにちわ。
lxc.id_map ですが、LXC 2.1 で変更になっています。
https://linuxcontainers.org/ja/lxc/news/#_95
コメントありがとうございます。
そうでしたか。たくさん変更になったのですね。
コメントを投稿