Re: libvirt / lxc : no valid cgroup for machine

Tom Kuther <tom@xxxxxxxxxx> · Sun, 16 Feb 2014 10:57:26 +0100

Am 16.02.2014 00:52, schrieb arnaud gaboury:
>>
>> - Systemd creates all necessary cgroups
> 
> How can I be sure systemd created them ? Are the command line &
> results below OK ?
> 
> gabx@hortensia ➤➤ ~aur/libvirt-git # cat /proc/cgroups
> #subsys_name    hierarchy    num_cgroups    enabled
> cpuset    3    2    1
> cpu    4    2    1
> cpuacct    4    2    1
> memory    5    2    1
> devices    6    2    1
> freezer    7    2    1
> net_cls    8    2    1
> blkio    9    2    1
> 

Looks okay, anyways that's not a good command to check this.
Take a look at /sys/fs/cgroup/systemd/

Or even better:

└» systemd-cgls

(output for my libvirt_lxc container)

├─machine.slice
│ └─machine-lxc\x2darch\x2dweb1.scope
│   ├─28422 /usr/lib/libvirt/libvirt_lxc --name arch-web1 --console 21
--security=none --handshake 24 --background --veth macvlan1
│   └─machine.slice
│     └─machine-lxc\x2darch\x2dweb1.scope
│       ├─machine.slice
│       │ └─machine-lxc\x2darch\x2dweb1.scope
│       │   └─user.slice
│       │     └─user-0.slice
│       │       └─user@0.service
│       │         └─28488 /usr/lib/systemd/systemd --user
│       ├─user.slice
│       │ └─user-0.slice
│       │   └─user@0.service
│       │     └─28489 (sd-pam)
│       └─system.slice
│         ├─28428 /usr/bin/init
│         ├─systemd-logind.service
│         │ └─28459 /usr/lib/systemd/systemd-logind
│         ├─console-getty.service
│         │ └─28463 /sbin/agetty --noclear -s console 115200 38400 9600
│         ├─dbus.service
│         │ └─28458 /usr/bin/dbus-daemon --system --address=systemd:
--nofork --nopidfile --systemd-activation
│         ├─sshd.service
│         │ └─28470 /usr/bin/sshd -D
│         └─systemd-journald.service
│           └─28443 /usr/lib/systemd/systemd-journald

>>
>> - The cgroup that gets auto-created (machine.slice/machine-lxc...)
> 
> Where can I see these cgroup and who auto-created them ?
> 

See above. More info about "who" and "how":
http://libvirt.org/cgroups.html

> 
> needs
>> to be chown'ed to the mapped uid/gid. libvirt doesn't do that yet, but
>> there's a patch on the libvirt devel mailing-list by Richard Weinberger
>> which fixes this. Posted yesterday.
> 
> - I tried to install linvirt-git, but got an error when building.

The libvirt-git AUR package worked fine 2 days ago. But it could be temp
breakage upstream. No error output, no help possible.

> 
>> - The container's rootfs needs to be chown'ed to the mapped uid, I used
>> a simple script that reads `ls -n` and chowns all dirs and files with a
>> defined offset (new_uid=$[$old_uid + 5000] .. you get the idea)
> 
> I think I see. Do you mean sharing your script?

-----snip----
#!/bin/bash
LXC_VM=$1
ID_OFFSET=$2
LXC_BASEDIR=/var/lib/lxc

if [[ ! -d "${LXC_BASEDIR}/${LXC_VM}/rootfs" ]]; then
        echo "ERROR: ${LXC_BASEDIR}/${LXC_VM}/rootfs does not exist"
        exit 1
fi

cd ${LXC_BASEDIR}/${LXC_VM}

echo "Changing directories"
for dir in `find rootfs -type d`; do
        old_uid=`ls -nd ${dir}|awk '{print $3}'`
        old_gid=`ls -nd ${dir}|awk '{print $4}'`
        new_uid=$[${old_uid} + ${ID_OFFSET}]
        new_gid=$[${old_gid} + ${ID_OFFSET}]
        chown ${new_uid}:${new_gid} ${dir}
done
echo "Changing files"
for file in `find rootfs -type f`; do
        old_uid=`ls -nd ${file}|awk '{print $3}'`
        old_gid=`ls -nd ${file}|awk '{print $4}'`
        new_uid=$[${old_uid} + ${ID_OFFSET}]
        new_gid=$[${old_gid} + ${ID_OFFSET}]
        chown ${new_uid}:${new_gid} ${file}
done
----snap----

Disclaimer: separating dirs and files has no real reason here. Needs to
run as root. May kill your cat etc..

> 
> TY Tom for your help.
> 

NP

~tom