EzDevInfo.com

lxc interview questions

Top lxc frequently asked interview questions

How to set the MAC address for Docker LXC containers?

Whenever I run a docker container, I see that it uses a random MAC address:

eth0      Link encap:Ethernet  HWaddr de:6f:de:74:bd:d9

How do I set a specific MAC address for a container run?

Will I be able to have multiple containers running simultaneously with the same MAC address? These containers do not need to access the outside network and do not need to talk to each other.


Source: (StackOverflow)

How to configure docker to be able to have internet access via wireless connection?

I am trying to build a docker image by using the ones in the repository however i haven't been able to run 'apt-get update' 'apt-get install' commands because it seems that the container is not connected to the internet. I think the problem is caused by the fact that i am using a wireless connection. Is there a way to configure the docker or lxc to use the wireless network instead of the ethernet.


Source: (StackOverflow)

Advertisements

Docker container exits immediately

I'm using docker v1.2 and having some issues starting a container. The container exits after the "docker run". What's the best way to troubleshoot such issues? Also are there major differences in running containers under AUFS and BTRFS?


Source: (StackOverflow)

What's the difference between Docker and Rocket from CoreOS?

Can anyone understand and explain the fundamental differences of Docker and Rocket?

I don't seem to get it.

Maybe it's just too new of a direction.

Hope someone can explain the fundamental pros and cons of Docker vs Rocket.

Thanks

https://coreos.com/blog/rocket/ https://github.com/coreos/rocket


Source: (StackOverflow)

Docker - How to analyze a container's disk usage?

I've been searching for a while, but couldn't find a way to analyze the disk usage of a Docker container / volume.

I can see that Docker takes 12GB of my filesystem:

2.7G    /var/lib/docker/vfs/dir
2.7G    /var/lib/docker/vfs
2.8G    /var/lib/docker/devicemapper/mnt
6.3G    /var/lib/docker/devicemapper/devicemapper
9.1G    /var/lib/docker/devicemapper
12G     /var/lib/docker

But, how do I know how this is distributed over the containers?

I tried to attach to the containers by running (the new v1.3 command)

docker exec -it <container_name> bash

and then running 'df -h' to analyze the disk usage. It seems to be working, but not with containers that use 'volumes-from'.

For example, I use a data-only container for MongoDB, called 'mongo-data'.

When I run 'docker run -it --volumes-from mongo-data busybox', and then 'df -h' inside the container, It says that the filesystem mounted on '/data/db' (my 'mongo-data' data-only container) uses 11.3G, but when I do 'du -h /data/db', it says that it uses only 2.1G.

So, how do I analyze a container/volume disk usage? Or, in my case, how do I find out the 'mongo-data' container size?

Many thanks,


Source: (StackOverflow)

Running app inside Docker as non-root user

After yesterday's news of Shocker, it seems like apps inside a Docker container should not be run as root. I tried to update my Dockerfile to create an app user however changing permissions on app files (while still root) doesn't seem to work. I'm guessing this is because some LXC permission is not being granted to the root user maybe?

Here's my Dockerfile:

# Node.js app Docker file

FROM dockerfile/nodejs
MAINTAINER Thom Nichols "thom@thomnichols.org"

RUN useradd -ms /bin/bash node

ADD . /data
# This next line doesn't seem to have any effect:
RUN chown -R node /data 

ENV HOME /home/node
USER node

RUN cd /data && npm install

EXPOSE 8888

WORKDIR /data

CMD ["npm", "start"]

Pretty straightforward, but when I ls -l everything is still owned by root:

[ node@ed7ae33e76e1:/data {docker-nonroot-user} ]$ ls -l /data
total 64K
-rw-r--r--  1 root root  383 Jun 18 20:32 Dockerfile
-rw-r--r--  1 root root  862 Jun 18 16:23 Gruntfile.js
-rw-r--r--  1 root root 1.2K Jun 18 15:48 README.md
drwxr-xr-x  4 root root 4.0K May 30 14:24 assets/
-rw-r--r--  1 root root  416 Jun  3 14:22 bower.json
-rw-r--r--  1 root root  930 May 30 01:50 config.js
drwxr-xr-x  4 root root 4.0K Jun 18 16:08 lib/
drwxr-xr-x 42 root root 4.0K Jun 18 16:04 node_modules/
-rw-r--r--  1 root root 2.0K Jun 18 16:04 package.json
-rw-r--r--  1 root root  118 May 30 18:35 server.js
drwxr-xr-x  3 root root 4.0K May 30 02:17 static/
drwxr-xr-x  3 root root 4.0K Jun 18 20:13 test/
drwxr-xr-x  3 root root 4.0K Jun  3 17:38 views/

Update:

My updated dockerfile works great thanks to @creak's clarification of how volumes work. Once the initial files are chowned, npm install is run as the non-root user. And thanks to a postinstall hook, npm runs bower install && grunt assets which takes care of the remaining install steps and avoids any need to npm install -g any node cli tools like bower, grunt or coffeescript.


Source: (StackOverflow)

sudo: effective uid is not 0, is sudo installed setuid root?

I am trying to create deb package from LXC rootfs, and after creating it I want to install that package any computer. Up to this point I achieved packaging and installing deb package, however after installation of LXC package, I cannot be superuser in that lxc. I get this error when I use "sudo" command.

sudo: effective uid is not 0, is sudo installed setuid root?

thanks in advance.


Source: (StackOverflow)

What is the difference between lmctfy and lxc

Recently Google has open sourced lmctfy, Google's container stack. I don't understand it much, I have a few questions.

What are the differences between lmctfy and lxc and docker?
What problem does Google solve with lmctfy?

Thanks


Source: (StackOverflow)

Docker container refuses to get killed after run command turns into a zombie

first thing first. my system info and versions:

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 13.04
Release:    13.04
Codename:   raring

$ sudo docker version
Client version: 0.9.0
Go version (client): go1.2.1
Git commit (client): 2b3fdf2
Server version: 0.9.0
Git commit (server): 2b3fdf2
Go version (server): go1.2.1

$ lxc-version
lxc version: 0.9.0

$ uname -a
Linux ip-10-0-2-86 3.8.0-19-generic #29-Ubuntu SMP Wed Apr 17 18:16:28 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

I am not able to stop a container after the process inside of it becomes a zombie. After upgrading to to docker 0.9.0 I was seeing tons of zombies on my server. example:

$ ps axo stat,ppid,pid,comm | grep -w defunct
Zl   25327 25332 node <defunct>

$ pstree -p
init(1)─┬
        ├─sh(819)───docker(831)─┬
                                ├─lxc-start(25327)───node(25332)───{node}(25378)

I can see that lxc-start(25327) not calling wait() on the node process 25332 keeping to zombie alive. So I checked what it was doing with strace and it seemed to be stuck on a epoll_wait. stract actually gets stuck at first and just shows this:

$sudo strace -ir -ttt -T -v -p 25327
Process 25327 attached - interrupt to quit (when asked to kill)
     0.000103 [    7fe59b9d34b3] epoll_wait(8, 

but after I run a sudo docker kill 3da5764b7bc9358 I get more output:

 0.000103 [    7fe59b9d34b3] epoll_wait(8, {{EPOLLIN, {u32=21673408, u64=21673408}}}, 10, 4294967295) = 1 <8.935002>
 8.935097 [    7fe59bcaff60] accept(4, 0, NULL) = 9 <0.000035>
 0.000095 [    7fe59bcafeb3] fcntl(9, F_SETFD, FD_CLOEXEC) = 0 <0.000027>
 0.000083 [    7fe59b9d401a] setsockopt(9, SOL_SOCKET, SO_PASSCRED, [1], 4) = 0 <0.000027>
 0.000089 [    7fe59b9d347a] epoll_ctl(8, EPOLL_CTL_ADD, 9, {EPOLLIN, {u32=21673472, u64=21673472}}) = 0 <0.000023>
 0.000087 [    7fe59b9d34b3] epoll_wait(8, {{EPOLLIN, {u32=21673472, u64=21673472}}}, 10, 4294967295) = 1 <0.000026>
 0.000090 [    7fe59bcb0130] recvmsg(9, {msg_name(0)=NULL, msg_iov(1)=[{"\3\0\0\0\0\0\0\0", 8}], msg_controllen=32, {cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS{pid=773, uid=0, gid=0}}, msg_flags=0}, 0) = 8 <0.000034>
 0.000128 [    7fe59bcb019d] sendto(9, "\0\0\0\0\0\0\0\0\364b\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 24, 0, NULL, 0) = 24 <0.000029>
 0.000090 [    7fe59b9d34b3] epoll_wait(8, {{EPOLLIN|EPOLLHUP, {u32=21673472, u64=21673472}}}, 10, 4294967295) = 1 <0.000018>
 0.000091 [    7fe59bcb0130] recvmsg(9, {msg_name(0)=NULL, msg_iov(1)=[{"\3\0\0\0\0\0\0\0", 8}], msg_controllen=32, {cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS{pid=0, uid=0, gid=0}}, msg_flags=0}, 0) = 0 <0.000026>
 0.000122 [    7fe59b9d347a] epoll_ctl(8, EPOLL_CTL_DEL, 9, NULL) = 0 <0.000037>
 0.000084 [    7fe59bcafd00] close(9) = 0 <0.000048>
 0.000103 [    7fe59b9d34b3] epoll_wait(8, {{EPOLLIN, {u32=21673408, u64=21673408}}}, 10, 4294967295) = 1 <1.091839>
 1.091916 [    7fe59bcaff60] accept(4, 0, NULL) = 9 <0.000035>
 0.000093 [    7fe59bcafeb3] fcntl(9, F_SETFD, FD_CLOEXEC) = 0 <0.000027>
 0.000083 [    7fe59b9d401a] setsockopt(9, SOL_SOCKET, SO_PASSCRED, [1], 4) = 0 <0.000026>
 0.000090 [    7fe59b9d347a] epoll_ctl(8, EPOLL_CTL_ADD, 9, {EPOLLIN, {u32=21673504, u64=21673504}}) = 0 <0.000032>
 0.000100 [    7fe59b9d34b3] epoll_wait(8, {{EPOLLIN, {u32=21673504, u64=21673504}}}, 10, 4294967295) = 1 <0.000028>
 0.000088 [    7fe59bcb0130] recvmsg(9, {msg_name(0)=NULL, msg_iov(1)=[{"\3\0\0\0\0\0\0\0", 8}], msg_controllen=32, {cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS{pid=774, uid=0, gid=0}}, msg_flags=0}, 0) = 8 <0.000030>
 0.000125 [    7fe59bcb019d] sendto(9, "\0\0\0\0\0\0\0\0\364b\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 24, 0, NULL, 0) = 24 <0.000032>
 0.000119 [    7fe59b9d34b3] epoll_wait(8, {{EPOLLIN|EPOLLHUP, {u32=21673504, u64=21673504}}}, 10, 4294967295) = 1 <0.000071>
 0.000139 [    7fe59bcb0130] recvmsg(9, {msg_name(0)=NULL, msg_iov(1)=[{"\3\0\0\0\0\0\0\0", 8}], msg_controllen=32, {cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS{pid=0, uid=0, gid=0}}, msg_flags=0}, 0) = 0 <0.000018>
 0.000112 [    7fe59b9d347a] epoll_ctl(8, EPOLL_CTL_DEL, 9, NULL) = 0 <0.000028>
 0.000076 [    7fe59bcafd00] close(9) = 0 <0.000027>
 0.000096 [    7fe59b9d34b3] epoll_wait(8,

then I looked at what epoll_wait was waiting which looks like file 8 (i am guessing this from epoll_wait(8, {{EPOLLIN, {u32=21673408, u64=21673408}}}, 10, 4294967295) = 1 <8.935002> which is of the form int epoll_wait(int epfd, struct epoll_event *events, int maxevents, int timeout);

$ cat /proc/25327/fdinfo/8
pos:    0
flags:  02000002
tfd:        7 events:       19 data:          14ab830
tfd:        4 events:       19 data:          14ab5c0

also adding 7 and 4 based on tfd above (not sure what tfd really means)

$ cat /proc/25327/fdinfo/4
pos:    0
flags:  02000002
$ cat /proc/25327/fdinfo/7
pos:    0
flags:  02000002
sigmask:    fffffffe7ffbfab7
$ cd /proc/25327/fd
$ ls -al
lr-x------ 1 root root 64 Mar 13 22:28 0 -> /dev/null
lrwx------ 1 root root 64 Mar 13 22:28 1 -> /dev/pts/17
lrwx------ 1 root root 64 Mar 13 22:28 2 -> /dev/pts/17
l-wx------ 1 root root 64 Mar 13 22:28 3 -> /var/log/lxc/3da5764b7bc935896a72abc9371ce68d4d658d8c70b56e1090aacb631080ec0e.log
lrwx------ 1 root root 64 Mar 13 22:28 4 -> socket:[48415]
lrwx------ 1 root root 64 Mar 14 00:03 5 -> /dev/ptmx
lrwx------ 1 root root 64 Mar 14 00:03 6 -> /dev/pts/18
lrwx------ 1 root root 64 Mar 14 00:03 7 -> anon_inode:[signalfd]
lrwx------ 1 root root 64 Mar 14 00:03 8 -> anon_inode:[eventpoll]

info about socket:

$ sudo netstat -anp | grep 48415
Proto RefCnt Flags       Type       State         I-Node   PID/Program name    Path
unix  2      [ ACC ]     STREAM     LISTENING     48415    25327/lxc-start     @/var/lib/lxc/3da5764b7bc935896a72abc9371ce68d4d658d8c70b56e1090aacb631080ec0e/command

there does seem to be a common pattern in the docker.log all containers that do not stop have this signature:

2014/03/16 16:33:15 Container beb71548b3b23ba3337ca30c6c2efcbfcaf19d4638cf3d5ec5b8a3e4c5f1059a failed to exit within 0 seconds of SIGTERM - using the force
2014/03/16 16:33:25 Container SIGKILL failed to exit within 10 seconds of lxc-kill beb71548b3b2 - trying direct SIGKILL

At this point I have no idea what to do next. any suggestions on how I can find out what is causing these containers not exit? Any other data I should collect? I also sent a SIGCHLD to this process with no avail.

more data: added log to end of the node process we start using the start command in the container:

Mon Mar 17 2014 20:52:52 GMT+0000 (UTC) process: main process = exit code: 0

and here are logs from docker:

2014/03/17 20:52:52 Container f8a3d55e0f... failed to exit within 0 seconds of SIGTERM - using the force
2014/03/17 20:53:02 Container SIGKILL failed to exit within 10 seconds of lxc-kill f8a3d55e0fd8 - trying direct SIGKILL

timestamps show process exited @ 20:52:52

This happens using both native and lxc docker drivers.

EDIT: REPRO STEPS!

turn this into a bash script and run and watch almost 50% of the containers turn into zombies!

CNT=0
while true
do 
  echo $CNT
  DOCK=$(sudo docker run -d -t anandkumarpatel/zombie_bug ./node index.js)
  sleep 60 && sudo docker stop $DOCK > out.log &
  sleep 1
  CNT=$(($CNT+1))
  if [[ "$CNT" == "50" ]]; then
    exit
  fi
done

Source: (StackOverflow)

How does docker use CPU cores from its host operating system?

My understading, based on the fact that Docker is based on LXC, is that Docker containers share various resources from its host operating system. My concern is with CPU cores. Here is a scenario:

  • a host linux OS has 8 cores
  • I have to deploy a set of docker containers on the host OS above.
  • Some of the docker containers that I need to deploy would be better suited to use 2 cores

a) So if I run all of the docker containers on that host, will they consume CPU/cores as needed like if they were being run as normal installed applications on that host OS ?

b) Will the docker container consume its own process and all of the processing that is contained in it will be stuck to that parent process's CPU core ?

c) How can I specify a docker container to use a number of cores ( 4 for example ). I saw there is a -C flag that can point to a core id, but it appears there is no option to specify the container to pick N cores at random.


Source: (StackOverflow)

Start full container in Docker?

According to this github issue it should be possible to start a full container with Upstart, cron etc. with Docker 0.6 or later but how do I do that?

I was expecting that

docker run -t -i ubuntu /sbin/init

would work just like

lxc-start -n ubuntu /sbin/init

and I would get a login screen, but instead it displays nothing. I also tried to access it using ssh, but no luck. I'm using the default ubuntu image from Docker index.


Source: (StackOverflow)

How to SSH into Docker?

I'd like to create the following infrastructure flow:

How can that be achieved using Docker?


Source: (StackOverflow)

How do I move a docker container's image to a persistent disk?

We have noticed that our containers are taking up a lot of space, one of the reasons for this is the images.

We would like to move the images.

I know right now they are stored in /var/lib/docker/graph/<id>/layer

Is there a way to move these to another location/persistent disk?


Source: (StackOverflow)

How to pull a single image from any docker repository?

The docker repositories contains multiple images. Is it possible to just pull the specific image from Repository.

When I use:

docker pull  ubuntu

It pulls down around 8-10 different versions of ubuntu.


Source: (StackOverflow)

Difference between KVM and LXC

What is the difference between KVM and Linux Containers (LXCs)? To me it seems, that LXC is also a way of creating multiple VMs within the same kernel if we use both "namespaces" and "control groups" features of kernel.


Source: (StackOverflow)