Debian 8 and LXC

Started by ROM, January 20, 2016, 01:26:27 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

ROM

January 20, 2016, 01:26:27 PM
Hello!

I try to run LXC container and got errors. Here http://www.orangepi.org/orangepibbsen/forum.php?mod=viewthread&tid=667 I saw a similar problem.
As it turned out in the core does not include support for some features.
How fast company can fix this?

root@OLinuXino-A20:/home/rom# uname -a
Linux OLinuXino-A20 3.4.103-00033-g9a1cd03-dirty #17 SMP PREEMPT Tue Sep 8 11:01:09 EEST 2015 armv7l GNU/Linux

root@OLinuXino-A20:/home/rom# lxc-checkconfig
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled
Multiple /dev/pts instances: enabled

--- Control groups ---
Cgroup: enabled
Cgroup clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: missing
Macvlan: missing
Vlan: enabled
Bridges: missing
Advanced netfilter: enabled
CONFIG_NF_NAT_IPV4: missing
CONFIG_NF_NAT_IPV6: missing
CONFIG_IP_NF_TARGET_MASQUERADE: enabled
CONFIG_IP6_NF_TARGET_MASQUERADE: missing
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled

--- Checkpoint/Restore ---
checkpoint restore: missing
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: missing
CONFIG_INET_DIAG: missing
CONFIG_PACKET_DIAG: missing
CONFIG_NETLINK_DIAG: missing
File capabilities: enabled

Same at x86 computer:
user@hq2:~$ sudo lxc-checkconfig
[sudo] password for user:
Kernel configuration not found at /proc/config.gz; searching...
Kernel configuration found at /boot/config-3.16.0-30-generic
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled
Multiple /dev/pts instances: enabled

--- Control groups ---
Cgroup: enabled
Cgroup clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: enabled
Macvlan: enabled
Vlan: enabled
File capabilities: enabled

JohnS

#1
January 20, 2016, 02:39:32 PM
I don't see why you regard this as a "fix".  It's some feature(s) you want that maybe hardly anyone else wants.  There are hundreds of similar could-be-chosen features.  If you want it/them, it's for you to change the config and rebuild.

John

ROM

#2
January 20, 2016, 02:51:31 PM
I think that knowledgeable and experienced people to fix it will be easier than, say, me. ;)

I think this is a mistake because put the setting of such features immediately when a creating new version - no problem.

soenke

#3
January 20, 2016, 03:00:54 PM
You need kernel 3.10 or newer for docker. So build a mainline kernel (and uboot) for the A20 and install it. There are plenty of tutorials an pre-built kernels around the internet you can choose from.

JohnS

#4
January 20, 2016, 03:56:56 PM
Being dev boards with uC chips you're expected to be a developer and able / willing to do some work when you want some feature not already there.

Consider sticking with huge bloated x86 stuff if that's not you :)
You'll be missing the fun of doing dev things, though.

John

igorpec

#5
January 21, 2016, 12:32:13 PM Last Edit: January 21, 2016, 12:36:26 PM by igorpec
http://www.armbian.com/download/

Enabled by default, choose board, vanilla image. We also provide tools if you want to build on your own from sources on your x86 PC.
linux for ARM development boards
www.armbian.com

gregh

#6
November 03, 2023, 02:58:11 PM
I just tried this with recent kernel. There are still some necessary kernel features disabled.
Is there a technical reason for this?
I ask because I am thinking of creating lxc/lxd cluster with some A20 Olinuxino servers, and I think this is a nice use case for them.
Will those features be enabled in the next Olimex bookworm kernel?

Code Select
#  lxc-checkconfig
LXC version 4.0.6
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled

--- Control groups ---
Cgroups: enabled

Cgroup v1 mount points:


Cgroup v2 mount points:
/sys/fs/cgroup

Cgroup v1 systemd controller: missing
Cgroup v1 freezer controller: missing
Cgroup namespace: required
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: enabled, not loaded
Macvlan: enabled, not loaded
Vlan: enabled, not loaded
Bridges: enabled, loaded
Advanced netfilter: enabled, loaded
CONFIG_NF_NAT_IPV4: missing
CONFIG_NF_NAT_IPV6: missing
CONFIG_IP_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled, loaded
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, not loaded
FUSE (for use with lxcfs): enabled, loaded

--- Checkpoint/Restore ---
checkpoint restore: missing
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: enabled
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: enabled
CONFIG_NETLINK_DIAG: enabled
File capabilities:

# uname -r
5.10.180-olimex

LubOlimex

#7
November 03, 2023, 03:45:44 PM
Is there a technical reason for this?

We can't enable all possible kernel packages. It leads to enormous images that are hard to share and also slows the system. We only enable crucial packages for the hardware of the board. Anything extra requires customer to rebuild his image as detailed in the documentation.
Technical support and documentation manager at Olimex

saroy

#8
November 15, 2023, 09:55:05 AM
Quote from: ROM on January 20, 2016, 01:26:27 PMHello!

I try to run LXC container and got errors. Here http://www.orangepi.org/orangepibbsen/forum.php?mod=viewthread&tid=667 I saw a similar problem.
As it turned out in the core does not include support for some features.
How fast company can fix this?

root@OLinuXino-A20:/home/rom# uname -a
Linux OLinuXino-A20 3.4.103-00033-g9a1cd03-dirty #17 SMP PREEMPT Tue Sep 8 11:01:09 EEST 2015 armv7l GNU/Linux

root@OLinuXino-A20:/home/rom# lxc-checkconfig
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled
Multiple /dev/pts instances: enabled

--- Control groups ---
Cgroup: enabled
Cgroup clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: missing
Macvlan: missing
Vlan: enabled
Bridges: missing
Advanced netfilter: enabled
CONFIG_NF_NAT_IPV4: missing
CONFIG_NF_NAT_IPV6: missing
CONFIG_IP_NF_TARGET_MASQUERADE: enabled
CONFIG_IP6_NF_TARGET_MASQUERADE: missing
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled

--- Checkpoint/Restore ---
checkpoint restore: missing
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: missing
CONFIG_INET_DIAG: missing
CONFIG_PACKET_DIAG: missing
CONFIG_NETLINK_DIAG: missing
File capabilities: enabled

Same at x86 computer:
user@hq2:~$ sudo lxc-checkconfig
[sudo] password for user:
Kernel configuration not found at /proc/config.gz; searching...
Kernel configuration found at /boot/config-3.16.0-30-generic
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled
Multiple /dev/pts instances: enabled

--- Control groups ---
Cgroup: enabled
Cgroup clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: enabled
Macvlan: enabled
Vlan: enabled
File capabilities: enabled

you can try to enable these features in the kernel configuration by following these steps:

1. On your OLinuXino-A20, boot into recovery mode by pressing the "Recovery" button during boot.
2. Select "Advanced options" and then "Root access".
3. Log in as root and mount the root filesystem:

```bash
mount -o remount,rw /
```

4. Edit the kernel configuration file:

```bash
nano /boot/config-3.4.103-00033-g9a1cd03-dirty
```

5. Search for the missing features and enable them by removing the "`#`" at the beginning of the line. For example:

```bash
# CONFIG_NF_NAT_IPV4 is not set
# Not set by default. (bool)
#
# This option enables the IPv4 NAT target.
CONFIG_NF_NAT_IPV4=y
```

6. Save and exit the file.
7. Compile the new kernel configuration:

```bash
make oldconfig
```

8. Reboot the system:

```bash
reboot
```

9. Repeat the same steps on your x86 computer if necessary.

After rebooting, you can run `lxc-checkconfig` again to verify that the missing features are now enabled. If the errors persist, you may need to consult the LXC documentation or contact the developers for further assistance.
Print
Go Up Pages1
User actions