Pode ser (apenas um palpite), transformar user_namespaces em seria de alguma ajuda em sua situação:
sysctl -w kernel.unprivileged_userns_clone=1
Estou escrevendo alguns scripts de bootstrapping, e não consigo fazer com que os contêineres LXC do modo de usuário funcionem no Ubuntu 14.04 sem reinicialização.
Aqui está o que eu faço.
Primeiro, eu faço o download e insto servidor Ubuntu 14.04.1 amd64 com tudo padrão em uma máquina nova (convidado virtual no VirtualBox).
Então eu faço login e atualizo o & atualize-o e reinicialize se o kernel foi atualizado.
Em seguida, efetuo login e emita os seguintes comandos:
$ sudo apt-get --yes install lxc
Reading package lists...
Building dependency tree...
Reading state information...
The following extra packages will be installed:
bridge-utils cgmanager cloud-image-utils debootstrap distro-info
distro-info-data dnsmasq-base euca2ools genisoimage libaio1
libboost-system1.54.0 libboost-thread1.54.0 liblxc1 libmnl0
libnetfilter-conntrack3 librados2 librbd1 libseccomp2 libxslt1.1
lxc-templates python-distro-info python-lxml python-requestbuilder
python-setuptools python3-lxc qemu-utils sharutils uidmap
Suggested packages:
cgmanager-utils shunit2 wodim cdrkit-doc lxctl qemu-user-static
python-lxml-dbg bsd-mailx mailx
The following NEW packages will be installed:
bridge-utils cgmanager cloud-image-utils debootstrap distro-info
distro-info-data dnsmasq-base euca2ools genisoimage libaio1
libboost-system1.54.0 libboost-thread1.54.0 liblxc1 libmnl0
libnetfilter-conntrack3 librados2 librbd1 libseccomp2 libxslt1.1 lxc
lxc-templates python-distro-info python-lxml python-requestbuilder
python-setuptools python3-lxc qemu-utils sharutils uidmap
0 upgraded, 29 newly installed, 0 to remove and 0 not upgraded.
Need to get 5219 kB of archives.
$ rm -rf /home/zosia/.config/lxc /home/zosia/.local/share/lxc
$ sudo mkdir /opt/lxc
$ sudo chown -R zosia /opt/lxc
$ mkdir /opt/lxc/config /opt/lxc/store
$ ln -s /opt/lxc/store /home/zosia/.local/share/lxc
$ ln -s /opt/lxc/config /home/zosia/.config/lxc
$ sudo usermod --add-subuids 100000-165536 zosia
$ sudo usermod --add-subgids 100000-165536 zosia
$ sudo chmod +x /home/zosia
$ tee /home/zosia/.config/lxc/default.conf <<EOT
lxc.include = /etc/lxc/default.conf
lxc.id_map = u 0 100000 65536
lxc.id_map = g 0 100000 65536
$ echo 'zosia veth lxcbr0 10' | sudo tee -a /etc/lxc/lxc-usernet
zosia veth lxcbr0 10
$ mkdir -p /home/zosia/.cache/lxc
$ sudo chmod -R +x /home/zosia/.local
$ lxc-create -t download -n usik -- -d ubuntu -r trusty -a amd64
Setting up the GPG keyring
Downloading the image index
Downloading the rootfs
Downloading the metadata
The image cache is now ready
Unpacking the rootfs
You just created an Ubuntu container (release=trusty, arch=amd64, variant=default)
To enable sshd, run: apt-get install openssh-server
For security reason, container images ship without user accounts
and without a root password.
Use lxc-attach or chroot directly into the rootfs to set a root password
or create user accounts.
$ lxc-start -n usik
lxc_container: call to cgmanager_create_sync failed: invalid request
lxc_container: Failed to create hugetlb:usik
lxc_container: Error creating cgroup hugetlb:usik
lxc_container: failed creating cgroups
lxc_container: failed to spawn 'usik'
lxc_container: The container failed to start.
lxc_container: Additional information can be obtained by setting the --logfile and --logpriority options.
A menos que o host seja reinicializado após todos esses comandos, o lxc-start -n usik
emitirá um erro. Reiniciar o serviço lxc
, lxc-net
ou cgmanager
também não ajuda.
O arquivo de log diz o seguinte:
lxc-start 1418283881.262 INFO lxc_start_ui - using rcfile /home/zosia/.local/share/lxc/usik/config
lxc-start 1418283881.262 INFO lxc_confile - read uid map: type u nsid 0 hostid 100000 range 65536
lxc-start 1418283881.262 INFO lxc_confile - read uid map: type g nsid 0 hostid 100000 range 65536
lxc-start 1418283881.263 WARN lxc_log - lxc_log_init called with log already initialized
lxc-start 1418283881.263 INFO lxc_lsm - LSM security driver AppArmor
lxc-start 1418283881.264 DEBUG lxc_conf - allocated pty '/dev/pts/1' (5/6)
lxc-start 1418283881.264 DEBUG lxc_conf - allocated pty '/dev/pts/6' (7/8)
lxc-start 1418283881.264 DEBUG lxc_conf - allocated pty '/dev/pts/7' (9/10)
lxc-start 1418283881.264 DEBUG lxc_conf - allocated pty '/dev/pts/8' (11/12)
lxc-start 1418283881.264 INFO lxc_conf - tty's configured
lxc-start 1418283881.264 DEBUG lxc_start - sigchild handler set
lxc-start 1418283881.264 DEBUG lxc_console - opening /dev/tty for console peer
lxc-start 1418283881.264 DEBUG lxc_console - using '/dev/tty' as console
lxc-start 1418283881.264 DEBUG lxc_console - 3809 got SIGWINCH fd 17
lxc-start 1418283881.264 DEBUG lxc_console - set winsz dstfd:14 cols:151 rows:41
lxc-start 1418283881.309 INFO lxc_start - 'usik' is initialized
lxc-start 1418283881.309 DEBUG lxc_start - Not dropping cap_sys_boot or watching utmp
lxc-start 1418283881.309 INFO lxc_start - Cloning a new user namespace
lxc-start 1418283881.309 INFO lxc_cgroup - cgroup driver cgmanager initing for usik
lxc-start 1418283881.310 ERROR lxc_cgmanager - call to cgmanager_create_sync failed: invalid request
lxc-start 1418283881.311 ERROR lxc_cgmanager - Failed to create hugetlb:usik
lxc-start 1418283881.311 ERROR lxc_cgmanager - Error creating cgroup hugetlb:usik
lxc-start 1418283881.312 INFO lxc_cgmanager - cgroup removal attempt: hugetlb:usik did not exist
lxc-start 1418283881.312 INFO lxc_cgmanager - cgroup removal attempt: perf_event:usik did not exist
lxc-start 1418283881.312 INFO lxc_cgmanager - cgroup removal attempt: blkio:usik did not exist
lxc-start 1418283881.312 INFO lxc_cgmanager - cgroup removal attempt: freezer:usik did not exist
lxc-start 1418283881.313 INFO lxc_cgmanager - cgroup removal attempt: devices:usik did not exist
lxc-start 1418283881.313 INFO lxc_cgmanager - cgroup removal attempt: memory:usik did not exist
lxc-start 1418283881.313 INFO lxc_cgmanager - cgroup removal attempt: cpuacct:usik did not exist
lxc-start 1418283881.313 INFO lxc_cgmanager - cgroup removal attempt: cpu:usik did not exist
lxc-start 1418283881.313 INFO lxc_cgmanager - cgroup removal attempt: cpuset:usik did not exist
lxc-start 1418283881.313 INFO lxc_cgmanager - cgroup removal attempt: name=systemd:usik did not exist
lxc-start 1418283881.313 ERROR lxc_start - failed creating cgroups
lxc-start 1418283881.314 ERROR lxc_start - failed to spawn 'usik'
lxc-start 1418283881.315 ERROR lxc_start_ui - The container failed to start.
lxc-start 1418283881.315 ERROR lxc_start_ui - Additional information can be obtained by setting the --logfile and --logpriority options.
Pode ser (apenas um palpite), transformar user_namespaces em seria de alguma ajuda em sua situação:
sysctl -w kernel.unprivileged_userns_clone=1
Você precisa reiniciar o dbus. Você terá que sair e voltar (eu estava usando o SSH), mas configura os cgroups corretamente e você será capaz de iniciar o container sem reiniciar o servidor inteiro.
Se você não quiser sair e voltar, você pode tentar criar cgroups manualmente com cgm, como explicado aqui link . Consegui iniciar um contêiner, mas não consegui mais usá-lo depois de sair e voltar, já que os cgroups criados manualmente eram diferentes daqueles criados automaticamente no login.
Tags virtualization lxc ubuntu