[libvirt-users] Libvirt-lxc and systemd question

Daniel P. Berrange berrange at redhat.com
Mon Jul 22 15:12:52 UTC 2013 

On Mon, Jul 22, 2013 at 11:08:07AM -0400, Matt Hicks wrote:
> Warning - I'm fairly new to libvirt, lxc and systemd so there is a
> good chance I'm doing something terribly wrong here.  However,
> instead of continuing to struggle, I figured I would mail the list
> for some advice.  What I'm trying to accomplish is a libvirt-lxc,
> systemd-based container running on my system (Fedora 19).  I've read
> that sharing the underlying OS filesystem with the containers
> doesn't work, so I've installed a minimal Fedora 19 install in
> /srv/mycontainer.  Everything seems to work okay but what I'm
> struggling with is how to setup the initial accounts.  I've tried to
> attach to the container using 'nsenter' (entering all the
> namespaces) but it doesn't appear that the bind mounts are in place.
> For example, I see the /etc/passwd for my host OS, not the
> container.  Is there a better way to setup the initial accounts on
> the container?
> 
> Here is what I have installed:
> 
> $ rpm -qa | grep lxc
> libvirt-daemon-driver-lxc-1.0.5.2-1.fc19.x86_64
> libvirt-daemon-lxc-1.0.5.2-1.fc19.x86_64
> 
> $ rpm -qa | grep systemd
> systemd-libs-204-9.fc19.x86_64
> systemd-python-204-9.fc19.x86_64
> systemd-sysv-204-9.fc19.x86_64
> systemd-libs-204-9.fc19.i686
> systemd-204-9.fc19.x86_64
> 
> 
> Here is the scenario I'm trying to go through:
> 
> $ export LIBVIRT_DEFAULT_URI=lxc:///
> $ getenforce
> Enforcing
> 
> $ sudo yum -y --releasever=19 --nogpg --installroot=/srv/mycontainer
> --disablerepo='*' --enablerepo=fedora install systemd passwd yum
> fedora-release vim-minimal
> ... lots of output
> 
> $ ls /srv/mycontainer/
> bin  boot  dev  etc  home  lib  lib64  media  mnt  opt  proc  root
> run  sbin  srv  sys  tmp  usr  var
> 
> $ cat test2.xml
> <domain type='lxc'>
>   <name>test2</name>
>   <memory>102400</memory>
>   <os>
>     <type arch='x86_64'>exe</type>
>     <init>/bin/systemd</init>
>   </os>
>   <devices>
>     <console type='pty'/>
>     <filesystem type='mount'>
>       <source dir='/srv/mycontainer'/>
>       <target dir='/'/>
>     </filesystem>
>   </devices>
> </domain>
> 
> $ virsh define test2.xml
> Domain test2 defined from test2.xml
> 
> $ virsh start test2
> Domain test2 started
> 
> # Attach to container to set account passwords
> $ sudo nsenter -m -u -i -n -p -t `pgrep -f test2`
> [sudo] password for mhicks:
> [root at localhost /]# diff -q /srv/mycontainer/etc/passwd /etc/passwd
> Files /srv/mycontainer/etc/passwd and /etc/passwd differ
> 
> Any ideas?

Your pgrep is probably selecting the wrong process. You want to attach
to the 'systemd' process, but I think your pgrep will find the 'libvirt_lxc'
process instead.

You shoudn't really use nsenter at all - use

  virsh -c lxc:/// lxc-enter-namespace test2 /bin/sh

and it should "do the right thing" automatically finding the processes
and namespaces.

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

More information about the libvirt-users mailing list