Skip to content

Document LXC driver improvements #3264

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rsmontero merged 4 commits into from
May 22, 2025
Merged

Document LXC driver improvements #3264

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
cb646a2
B OpenNebula/one#7028: Document improvements
dann1 May 5, 2025
54fff7b
F OpenNebula/one#7044: Document feature
dann1 May 5, 2025
5bd907b
B OpenNebula/one#7041: Document fix
dann1 May 5, 2025
3bb96f5
Merge branch 'one-6.10-maintenance' into b-6935
rsmontero May 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions source/intro_release_notes/release_notes_enterprise/resolved_issues_6104.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ A complete list of solved issues for 6.10.4 can be found in the `project develop
The following new features have been backported to 6.10.4:

- `Add support of using defined timezone by oneacct utility with flag -t/--timezone <https://github.com/OpenNebula/one/issues/821>`__.
- Console logging for :ref:`LXC Driver <lxc_logs>`.
- Add architecture and hypervisor scheduling requirements to public marketplaces :ref:`public marketplaces <public_marketplaces>`

The following issues has been solved in 6.10.4:

Expand All @@ -20,6 +22,8 @@ The following issues has been solved in 6.10.4:
- `Fix ability to add and remove existing users to existing groups and change main group from an user <https://github.com/OpenNebula/one/issues/6980/>`__. In order to add, remove or change main group from and user, please see **Changes in Configuration Files** section below.
- `Fix vGPU profile monitoring for legacy mode <https://github.com/OpenNebula/one/issues/7012/>`__.
- `Fix README.md links to old paths <https://github.com/OpenNebula/one/issues/7032>`__.
- `Fix a silent LXC container start fail <https://github.com/OpenNebula/one/issues/7028>`__.
- `Fix the use of hardcoded DNS for linuxcontainers marketplace <https://github.com/OpenNebula/one/issues/7041>`__.
- `Fix Restic backup driver when the server is not deployed together with the frontend <https://github.com/OpenNebula/one/issues/7054>`__.
- `Fix resource names to not allow special characters '\\t', '\\n', '\\v', '\\f', '\\r' <https://github.com/OpenNebula/one/issues/6950>`__.
- `Fix HA in case of wrong SQL query <https://github.com/OpenNebula/one/issues/7025>`__.
Expand Down
28 changes: 28 additions & 0 deletions source/open_cluster_deployment/lxc_node/lxc_driver.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@ Requirements
Considerations & Limitations
================================================================================

.. _lxc_security:

Privileged Containers and Security
--------------------------------------------------------------------------------

Expand Down Expand Up @@ -188,6 +190,8 @@ Containers supports remote access via VNC protocol which allows easy access to t
LISTEN="0.0.0.0",
TYPE="VNC" ]

.. _lxc_raw:

Additional Attributes
-----------------------

Expand Down Expand Up @@ -221,3 +225,27 @@ After defining the profiles they can be used by adding the ``PROFILES`` attribut
PROFILES = "extra-performance, production"

Profiles, are implemented by using the LXC ``include`` configuration attribute, note that the profiles will be included in the provided order and this order might affect the final configuration of the container.

.. _lxc_logs:

Troubleshooting
---------------

On top of the regular OpenNebula logs at ``/var/log/one``, the LXC driver generates additional logs for more specific LXC operations. Sometimes a container might fail to start or not behave as intended. You can find out more about what happened by inspecting the log files at ``/var/log/lxc/``:

- ``one-<vm_id>.console`` — Contains the console output seen when starting a container. This includes information regarding how the init process within the container starts and can help identify problems that occur after a successful start yet a failed initialization.
- ``one-<vm_id>.log`` — Contains information about how LXC handles different container operations.

You can also verify the low-level configuration of the container generated by OpenNebula by inspecting the file ``/var/lib/lxc/one-<vm_id>/config``.

Common Issues
-------------

- Sometimes the Guest OS may refuse to start completely or some systemd services might fail. In these cases, it might be worth using :ref:`Privileged Containers <lxc_security>`.
- When running Linux distributions with `AppArmor <https://documentation.ubuntu.com/server/how-to/security/apparmor/index.html>`_, it might be necessary to relax this configuration. Otherwise, services like :ref:`one-context <kvm_contextualization>` have dependencies which do not start. For this, you can set the following :ref:`RAW <lxc_raw>` configuration:

.. code::

RAW = [
TYPE = "lxc",
DATA = "lxc.apparmor.profile=unconfined" ]