We're transitioning from a VM based environment to one that uses LXC
based containers running under CentOS 7. CTDB runs fine under our CentOS
7 VMs. The same packages running under LXC however seem to have issues:
# systemctl start ctdb.service
Job for ctdb.service failed. See 'systemctl status ctdb.service' and
'journalctl -xn' for details.
# systemctl status ctdb.service
ctdb.service - CTDB
Loaded: loaded (/usr/lib/systemd/system/ctdb.service; disabled)
Active: failed (Result: exit-code) since Tue 2015-08-04 10:09:06
PDT; 5s ago
Process: 9023 ExecStart=/usr/sbin/ctdbd_wrapper /run/ctdb/ctdbd.pid
start (code=exited, status=1/FAILURE)
Aug 04 10:09:04 pws-01 ctdbd[9031]: CTDB starting on node
Aug 04 10:09:04 pws-01 ctdbd[9032]: Starting CTDBD (Version 2.5.4) as
PID: 9032
Aug 04 10:09:04 pws-01 ctdbd[9032]: Created PID file /run/ctdb/ctdbd.pid
Aug 04 10:09:04 pws-01 ctdbd[9032]: Unable to set scheduler to
SCHED_FIFO (Operation not permitted)
Aug 04 10:09:04 pws-01 ctdbd[9032]: CTDB daemon shutting down
Aug 04 10:09:06 pws-01 ctdbd_wrapper[9023]: CTDB exited during
initialisation - check logs.
Aug 04 10:09:06 pws-01 systemd[1]: ctdb.service: control process exited,
code=exited status=1
Aug 04 10:09:06 pws-01 systemd[1]: Failed to start CTDB.
Aug 04 10:09:06 pws-01 systemd[1]: Unit ctdb.service entered failed state.
I haven't dug too deeply into this, but I was wondering if anyone has
any experience with running CTDB inside an LXC container? I have a
suspicion that this is the culprit.
Peter Steele
Hi Peter, On Tue, Aug 04, 2015 at 10:11:56AM -0700, Peter Steele wrote:> We're transitioning from a VM based environment to one that uses LXC based > containers running under CentOS 7. CTDB runs fine under our CentOS 7 VMs. > The same packages running under LXC however seem to have issues: > > # systemctl start ctdb.service > Job for ctdb.service failed. See 'systemctl status ctdb.service' and > 'journalctl -xn' for details. > > # systemctl status ctdb.service > ctdb.service - CTDB > Loaded: loaded (/usr/lib/systemd/system/ctdb.service; disabled) > Active: failed (Result: exit-code) since Tue 2015-08-04 10:09:06 PDT; 5s > ago > Process: 9023 ExecStart=/usr/sbin/ctdbd_wrapper /run/ctdb/ctdbd.pid start > (code=exited, status=1/FAILURE) > > Aug 04 10:09:04 pws-01 ctdbd[9031]: CTDB starting on node > Aug 04 10:09:04 pws-01 ctdbd[9032]: Starting CTDBD (Version 2.5.4) as PID: > 9032 > Aug 04 10:09:04 pws-01 ctdbd[9032]: Created PID file /run/ctdb/ctdbd.pid > Aug 04 10:09:04 pws-01 ctdbd[9032]: Unable to set scheduler to SCHED_FIFO > (Operation not permitted)your container is dopping sys_nice cap, fix the container config. On my Fedora LXC host this is done in a global include that is pulled into all containers by default. I simply gave all caps to the containers intended for ctdb and then it worked just fine. -Ralph -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-370000-0, fax: +49-551-370000-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de,mailto:kontakt at sernet.de
On 2015-08-04 at 19:27 +0200, Ralph Böhme wrote:> Hi Peter, > > On Tue, Aug 04, 2015 at 10:11:56AM -0700, Peter Steele wrote: > > We're transitioning from a VM based environment to one that uses LXC based > > containers running under CentOS 7. CTDB runs fine under our CentOS 7 VMs. > > The same packages running under LXC however seem to have issues: > > > > # systemctl start ctdb.service > > Job for ctdb.service failed. See 'systemctl status ctdb.service' and > > 'journalctl -xn' for details. > > > > # systemctl status ctdb.service > > ctdb.service - CTDB > > Loaded: loaded (/usr/lib/systemd/system/ctdb.service; disabled) > > Active: failed (Result: exit-code) since Tue 2015-08-04 10:09:06 PDT; 5s > > ago > > Process: 9023 ExecStart=/usr/sbin/ctdbd_wrapper /run/ctdb/ctdbd.pid start > > (code=exited, status=1/FAILURE) > > > > Aug 04 10:09:04 pws-01 ctdbd[9031]: CTDB starting on node > > Aug 04 10:09:04 pws-01 ctdbd[9032]: Starting CTDBD (Version 2.5.4) as PID: > > 9032 > > Aug 04 10:09:04 pws-01 ctdbd[9032]: Created PID file /run/ctdb/ctdbd.pid > > Aug 04 10:09:04 pws-01 ctdbd[9032]: Unable to set scheduler to SCHED_FIFO > > (Operation not permitted) > > your container is dopping sys_nice cap, fix the container config.Indeed, to make it more concrete, uncomment "lxc.cap.drop = sys_nice" (or so) in /var/lib/lxc/<container>/config. And more caps may occur.> On my Fedora LXC hostFedora host? -- interesting. :-) Cheers - Michael -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available URL: <http://lists.samba.org/pipermail/samba/attachments/20150804/97710475/attachment.sig>
I'm using libvirt_lxc and that has an XML based configuration. Based on
what I've read, I think I need to add this to the ctdb container's
config:
<features>
<capabilities policy='default'>
<sys_nice state='on'/>
</capabilities>
</features>
That didn't do the trick though. I need to figure out how to turn on all
caps to see if that does the job.
Peter
On 08/04/2015 10:27 AM, Ralph Böhme wrote:> Hi Peter,
>
> On Tue, Aug 04, 2015 at 10:11:56AM -0700, Peter Steele wrote:
>> We're transitioning from a VM based environment to one that uses
LXC based
>> containers running under CentOS 7. CTDB runs fine under our CentOS 7
VMs.
>> The same packages running under LXC however seem to have issues:
>>
>> # systemctl start ctdb.service
>> Job for ctdb.service failed. See 'systemctl status
ctdb.service' and
>> 'journalctl -xn' for details.
>>
>> # systemctl status ctdb.service
>> ctdb.service - CTDB
>> Loaded: loaded (/usr/lib/systemd/system/ctdb.service; disabled)
>> Active: failed (Result: exit-code) since Tue 2015-08-04 10:09:06
PDT; 5s
>> ago
>> Process: 9023 ExecStart=/usr/sbin/ctdbd_wrapper /run/ctdb/ctdbd.pid
start
>> (code=exited, status=1/FAILURE)
>>
>> Aug 04 10:09:04 pws-01 ctdbd[9031]: CTDB starting on node
>> Aug 04 10:09:04 pws-01 ctdbd[9032]: Starting CTDBD (Version 2.5.4) as
PID:
>> 9032
>> Aug 04 10:09:04 pws-01 ctdbd[9032]: Created PID file
/run/ctdb/ctdbd.pid
>> Aug 04 10:09:04 pws-01 ctdbd[9032]: Unable to set scheduler to
SCHED_FIFO
>> (Operation not permitted)
> your container is dopping sys_nice cap, fix the container config. On
> my Fedora LXC host this is done in a global include that is pulled
> into all containers by default. I simply gave all caps to the
> containers intended for ctdb and then it worked just fine.
>
> -Ralph
>