<html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <div class="moz-cite-prefix">On 03/04/14 16:40, Leonid Isaev wrote: </div> <blockquote cite="mid:20140403114052.5e40dc90@hermes" type="cite"> <pre wrap="">Hi, On Thu, 03 Apr 2014 11:25:27 +0100 John Lane <a class="moz-txt-link-rfc2396E" href="mailto:systemd@jelmail.com"><systemd@jelmail.com></a> wrote: </pre> <blockquote type="cite"> <pre wrap="">Hello, I have a number of LXC containers that have been working with systemd for some time. I have just tried to perform some upgrades, taking them from 204 to 212 (actually they are scripted rebuilds rather than upgrades). </pre> </blockquote> <pre wrap=""> You have to tell exactly what you are doing. Just calling lxc-archlinux in a loop? </pre> </blockquote> I am not sure what you mean by "Just calling lxc-archlinux in a loop". I build a container using a script that is similar to, but not the lxc-archlinux template. It uses the Arch tools "mkarchroot" and "pacman" to install a collection of packages and then performs various setup tasks and creates appropriate configuration. Here is the LXC config produced: # Use autodev to be compatible with systemd lxc.autodev = 1 lxc.hook.autodev = /srv/lxc/testcontainer/autodev # hostname lxc.utsname = testcontainer # # network # if the network is not defined then the container # will be able to use the host's network lxc.network.type = veth #lxc.network.flags = up lxc.network.link = br0 lxc.network.name = eth0 lxc.network.mtu = 1500 lxc.network.hwaddr = DE:AD:BE:EF:CA:FE # restrict capabilities (security) see "man capabilities" lxc.cap.drop = sys_module #lxc.cap.drop = sys_admin # only explicit device access lxc.cgroup.devices.deny = a # # Memory Devices lxc.cgroup.devices.allow = c 1:3 rwm lxc.cgroup.devices.allow = c 1:5 rwm lxc.cgroup.devices.allow = c 1:7 rwm lxc.cgroup.devices.allow = c 1:8 rwm lxc.cgroup.devices.allow = c 1:9 rwm # # Terminals lxc.tty = 1 lxc.pts = 1024 lxc.cgroup.devices.allow = c 4:0 rwm lxc.cgroup.devices.allow = c 5:0 rwm lxc.cgroup.devices.allow = c 5:1 rwm lxc.cgroup.devices.allow = c 5:2 rwm lxc.cgroup.devices.allow = c 136:* rwm # # root filesystem lxc.rootfs = /srv/lxc/testcontainer # bind mount the host's pacman cache so container uses the same cache # rather than wasting time downloading packages already downloaded. lxc.mount.entry = /var/cache/pacman/pkg /srv/lxc/testcontainer/var/cache/pacman/pkg none rw,bind 0 0 This works fine with 208 but not with 209 so, I guess I am doing something that was correct for 208 but the goal-posts have been moved by 209. <blockquote cite="mid:20140403114052.5e40dc90@hermes" type="cite"> <pre wrap=""> </pre> <blockquote type="cite"> <pre wrap=""> I have found that they do not work properly with any systemd versions 209 or later. I have read that 209 was a "massive new release". </pre> </blockquote> <pre wrap=""> What do you mean by "do not work properly"? </pre> </blockquote> What I find is that the login prompt never results in a prompt. I enter the correct user/password and it takes an age before redisplaying the login prompt. If apply 208 before starting the container then it works as expected. I can get into the container with "lxc-attach". I'm a bit in the dark as the journal isn't showing me anything (or I don't know where to look). The thing I did notice was the 209 journal contained less than the 208 one which would suggest that 209 is not starting some services that 208 does (see linked pastes). I am looking into that but was hoping there might be an obvious pointer from the list - some things that have changed in 209 that might affect LXC and that I could perhaps look into more. <blockquote cite="mid:20140403114052.5e40dc90@hermes" type="cite"> <pre wrap=""> Also, FWIW: Host: -hermes-11:37-cur_work$ systemctl --version systemd 212 +PAM -AUDIT -SELINUX -IMA -SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ +SECCOMP -APPARMOR Container: [appuser@appserver1 ~]$ systemd-detect-virt lxc [appuser@appserver1 ~]$ uname -a Linux appserver1 3.13.8-1-ARCH #1 SMP PREEMPT Tue Apr 1 12:19:51 CEST 2014 x86_64 GNU/Linux [appuser@appserver1 ~]$ systemctl --version systemd 212 +PAM -AUDIT -SELINUX -IMA -SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ +SECCOMP -APPARMOR [appuser@appserver1 ~]$ journalctl PRIORITY=3 -- Logs begin at Thu 2014-04-03 10:24:09 EDT, end at Thu 2014-04-03 11:27:50 EDT [appuser@appserver1 ~]$ journalctl PRIORITY=4 -- Logs begin at Thu 2014-04-03 10:24:09 EDT, end at Thu 2014-04-03 11:27:50 EDT</pre> </blockquote> Host: $ systemctl --version systemd 211 +PAM -LIBWRAP -AUDIT -SELINUX -IMA -SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ +SECCOMP -APPARMOR Container: $ sudo lxc-attach -n testcontainer # systemd-detect-virt lxc # systemctl --version systemd 212 +PAM -AUDIT -SELINUX -IMA -SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ +SECCOMP -APPARMOR # journalctl PRIORITY=3 -- Logs begin at Thu 2014-04-03 18:27:22 BST, end at Thu 2014-04-03 18:27:23 BST. -- # journalctl PRIORITY=4 -- Logs begin at Thu 2014-04-03 18:27:22 BST, end at Thu 2014-04-03 18:27:23 BST. -- That one had 212, but I get the same effect with 209, 210, 211 and 212. <blockquote cite="mid:20140403114052.5e40dc90@hermes" type="cite"> <pre wrap=""> Cheers, </pre> <fieldset class="mimeAttachmentHeader"></fieldset> <pre wrap="">_______________________________________________ systemd-devel mailing list <a class="moz-txt-link-abbreviated" href="mailto:systemd-devel@lists.freedesktop.org">systemd-devel@lists.freedesktop.org</a> <a class="moz-txt-link-freetext" href="http://lists.freedesktop.org/mailman/listinfo/systemd-devel">http://lists.freedesktop.org/mailman/listinfo/systemd-devel</a> </pre> </blockquote> </body> </html>