[libvirt] What is the robust/recommended way to retrieve the PID of a VM's init process ?

Mon Jan 20 17:53:28 UTC 2014

Hi

Well if I need to run anything in the container context, short of entering it through e.g. ssh - hoping this is properly set up - well, I can’t..

I am using libvirt / lxc to set up a build box; essentially every night I would spawn a set of fresh VMs of some flavours (fedora18, ubuntu, what not) and use this to rebuild my system from scratch
In this context it’s a real hassle to have to even set up ssh, there is no good reason for the build VM to run an ssh service at all, and I am concerned it might pull dependencies that I do not need/want
I’d much rather have a direct means to just run some command inside the container.

Admittedly I’m brain-damaged after having used vservers for too long, and their ‘vserver <container> exec command to run’ feature is in my genes now ;)

Now maybe I am the one who is missing something and there already is something to do that ?
Using the trick below I essentially have what I need mind you, I’m just concerned that it kind of works by accident :-)

Thanks for the feedback in any case — Thierry

On 20 Jan 2014, at 12:49, Daniel P. Berrange <berrange at redhat.com> wrote:

> On Mon, Jan 20, 2014 at 11:38:08AM +0100, Thierry Parmentelat wrote:
>> Hello there
>> 
>> I am trying to locate the namespaces in place for a given lxc container (specifically /proc/<pid>/ns/*)
>> 
>> And to this end I was wondering what is the recommended way to probe for an lxc container's init pid
>> (mostly I'm after the mnt and pid namespaces, and probably network ones, but the actual list probably should not matter) 
>> 
>> I've found about "virsh domid" but this gives me the pid for libvirt_lxc, which turns out to have unmodified namespaces (at least as far as the mnt ns)
>> OTOH this process has exactly one child which is the container's init, which seems to have the right set of namespaces 
>> 
>> My angle right now is to look in /proc/<domid_pid>/task/children for a - hopefully single - pid and
>> that seems to work for now, but I am concerned this code may be fragile so I would rather use a more
>> robust approach; or maybe this is robust ? 
> 
> We don't really wish to expose the container PIDs to the host or namespace
> details to client apps. Can you give more info about what you're trying to
> achieve overall. I'd like to understand if there's some higher level API
> we're missing that would more directly address your needs.
> 
> 
> Daniel
> -- 
> |: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
> |: http://libvirt.org              -o-             http://virt-manager.org :|
> |: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
> |: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|