Am 15.02.2014 14:37, schrieb arnaud gaboury:
Dear list,
I am bulding a VM using libvirt and lxc for linux container. I have an issue with my cgroups settings:
gabx@hortensia ➤➤ ~ # virsh start dahlia error: Failed to start domain dahlia error: internal error: No valid cgroup for machine dahlia [...] <domain type='lxc'> <name>dahlia</name> <uuid>a34b58db-894f-4f4a-81f0-b13d2d5d7732</uuid> <memory unit='KiB'>409600</memory> <currentMemory unit='KiB'>409600</currentMemory> <vcpu placement='static'>1</vcpu> <resource> <partition>/machine/dahlia</partition> </resource> <os> <type arch='x86_64'>exe</type> <init>/bin/init</init> </os> <idmap> <uid start='0' target='1000' count='10'/> <gid start='0' target='1000' count='10'/> </idmap> <clock offset='utc'/> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> <on_crash>destroy</on_crash> <devices> <emulator>/usr/lib/libvirt/libvirt_lxc</emulator> <interface type='network'> <mac address='52:54:00:89:8f:1a'/> <source network='default'/> </interface> <console type='pty'> <target type='lxc' port='0'/> </console> </devices> </domain>
I have an identical setup. Archlinux for both host and (fully working) container in user_ns with libvirt and <idmap>. Here are some notes I collected while setting this up, it might help you, too. - Systemd creates all necessary cgroups, no need to fiddle with /etc/cgconfig - I do not even have that file, from which package is it? - The cgroup that gets auto-created (machine.slice/machine-lxc...) needs to be chown'ed to the mapped uid/gid. libvirt doesn't do that yet, but there's a patch on the libvirt devel mailing-list by Richard Weinberger which fixes this. Posted yesterday. - The container's rootfs needs to be chown'ed to the mapped uid, I used a simple script that reads `ls -n` and chowns all dirs and files with a defined offset (new_uid=$[$old_uid + 5000] .. you get the idea) - You need to override the dbus.service unit and remove the OOMScoreAdjust, same for any other units the use this. systemd-logind needs dbus. - You need to remove pam_loginuid.so from pam.d/system-auth, it's set to optional on ArchLinux, so actually not an issue here. (At that point you should be able to login using "virsh -c lxc:// console <machine name>") - You need to mask some units in the container so it boots cleanly (like dev-hugepages.mount, sys-fs-fuse.. and anything that wants to mount something) - Using dhcpcd requires a somewhat nasty hack, you better use static network (with a custom unit, netctl doesn't work) - SSH login doesn't work unless you set UseDNS=No in the container's sshd_config. No idea why that happens, confirmed by someone with completely different linux flavors for host and guest. Good luck! ~tom