You are here
Jessie LXCs under Wheezy hosts
As a followup to the article about running Jessie LXCs without CAP_SYS_ADMIN, this article describes how to run Jessie LXCs under Wheezy.
Prerequisites
In order for this to work, wheezy-backports must be activated (look for Wheezy there, not Squeeze). You will need a backported version LXC 1.0 in order to properly run systemd containers: apt-get install -t wheezy-backports lxc. (Or you can alter your APT preferences and pin the packages lxc, init-system-helpers and libseccomp2 from wheezy-backports to a higher priority and just upgrade.) Beware: the LXC utilities from LXC 1.0 can't properly talk to running LXC processes of older LXC versions, so LXC started with an older version can't be shut down properly (except for SSH login and shutdown from within the LXC). Thus, if you upgrade to LXC 1.0 (the same applies for upgrading to Jessie that comes with LXC 1.0), you should stop all running LXC instances first, then upgrade your LXC version and restart them afterwards.
You will also most likely need a backported kernel: apt-get install -t wheezy-backports linux-image-amd64 (or whatever your architecture is). Note that tests indicate that simply starting a Jessie LXC under Wheezy's default 3.2 kernel does indeed work (no errors), but systemd's requirements state kernel 3.7. If you do choose to remain with kernel 3.2, things may break unexpectedly. You have been warned. Also note that lxc-attach will work with the kernel from backports, but won't work with Wheezy's default kernel.
cgroup logic
The main ingredient that's now still missing is to pre-mount a named systemd cgroup hierarchy on the host (that will remain unused on the host except for LXC). How that can be mounted depends a bit on how the current cgroup setup is done. If Debians recommendations were followed, an entry in /etc/fstab exists to mount all kernel subsystems together to /sys/fs/cgroup. However, other ways of mounting cgroups is to mount a tmpfs to /sys/fs/cgroup, create directories for each controller there and then mount each controller separately to /sys/fs/cgroup/$controller.
If the former is the case, /sys/fs/cgroup is already used, so creating /sys/fs/cgroup/systemd and mounting systemd's hierarchy there is not a good idea. Fortunately, LXC 1.0 is intelligent enough to pick up cgroup hierarchies regardless of their mount point, so it can simply be mounted to /run/cgroup/systemd, which is not a canonical path, but will work.
If the latter scheme is used, it should be sufficient to simply create /sys/fs/cgroup/systemd and mount the hierarchy there. There is a simple package in wheezy-backports to do the latter scheme for all kernel controllers, cgroupfs-mount.
I have created a simple init script for Wheezy that will mount the systemd hierarchy in addition to the other hierarchies. It's logic is simple:
- If it detects that
cgroupfs-mountis installed and no entry in/etc/fstabexists for cgroups, it will create/sys/fs/cgroup/systemdand mount thesystemdhierarchy there. - Otherwise, to be conservative, it will mount the hierarchy to
/run/cgroup/systemdto not get in the way.
Depending on how your cgroup setup is precisely, you might want to customize this, but the script should work out of the box for most (if not all) setups. To install, simply copy it to /etc/init.d/cgroupfs-systemd, make it executable and run:
update-rc.d cgroupfs-systemd defaults
In order not to have to reboot, just start it manually:
/etc/init.d/cgroupfs-systemd start
Note on using cgroupfs-mount
If you do decide to use cgroupfs-mount to mount the kernel cgroups (and not the /etc/fstab entry), note that the LSB headers in that script cause it to be started relatively late in the boot process, in parallel actually with LXC's init script. This means that the normal cgroups might not be set up yet at that point. This can easily be fixed by creating /etc/insserv/overrides/cgroupfs-mount and putting in the following:
### BEGIN INIT INFO # Provides: cgroupfs-mount # Required-Start: $local_fs # Required-Stop: $local_fs # Default-Start: S # Default-Stop: 0 6 # Short-Description: Set up cgroupfs mounts. # Description: # Control groups are a kernel mechanism for tracking and imposing # limits on resource usage on groups of tasks. ### END INIT INFO
After a simple call to:
update-rc.d cgroupfs-mount remove update-rc.d cgroupfs-mount defaults
The script will be started earlier in the boot process, mitigating that problem.
That's it
With these steps it's possible to run Jessie LXCs with systemd under Wheezy hosts. Just follow the instructions in the article about running Jessie LXCs for further details (lxc.cgroup.use = @all also has to be set here, for example), with the backport the same LXC version, the rest of the configuration is identical.
Update
This article was updated to reflect that LXC 1.0 is now in wheezy-backports and does not need to be backported manually.
- Log in to post comments