[Plugin] LXC Plugin

[SirLupus]

I did downgrade because the system was freezing constantly several times a day. I am not the only one with that problem. There is already a german thread with this problem and an english one. I also tried to deactivate docker and use LXC only, but the problem persisted. Since we need an stable internet connection for working from home, I did downgrade. I suspect it has something to do with SMB, but didn't have the time to investigate further. Also my drives were not happy about the hard crashes multiple times a day...

 

I read the note about cgroupv2 on the first page and that did the trick. Thank you! Also quite confusing as I am pretty sure I did run Debian Bookworm on 6.11.5 without adding cgroup2 to syslinux. Well, doesn't matter, it works now. Back to reinstall your Unbound/AdGuard/LANCache

[ich777]

43 minutes ago, SirLupus said:

I did downgrade because the system was freezing constantly several times a day.

Was it the MACVLAN bug?

 

43 minutes ago, SirLupus said:

I am not the only one with that problem. There is already a german thread with this problem and an english one

I have no issue at all but I have to say that I'm using IPVLAN.

 

44 minutes ago, SirLupus said:

I suspect it has something to do with SMB, but didn't have the time to investigate further.

I really don't think so...

 

44 minutes ago, SirLupus said:

Also quite confusing as I am pretty sure I did run Debian Bookworm on 6.11.5 without adding cgroup2 to syslinux.

But not on 6.11.5 only Bullseye was working.

 

45 minutes ago, SirLupus said:

Well, doesn't matter, it works now. Back to reinstall your Unbound/AdGuard/LANCache

LXC also now has a backup function that I've wrote and that can be even be set up as a User Script, see page 12 the last few posts where I explain it in detail.

[SirLupus]

1 hour ago, ich777 said:

Was it the MACVLAN bug?

I have no issue at all but I have to say that I'm using IPVLAN.

 

Yup, the MACVLAN / IPVLAN issue. No matter what I chose, it kept crashing, even when disabling docker. One day I found a weird SMB error message in the logs, disabled SMB sharing and it wasn't crashing for a while. Not 100% sure if this was the culprit but definitely a weird concidence. Completely disabling SMB was not an option, hence the restore to 6.11. If I find some time, I could try the newest 6.12.3.

 

1 hour ago, ich777 said:

But not on 6.11.5 only Bullseye was working.

That could be. Just looked up the official relase dates and it very much could have been Bulleye. That's the only and logical explanation.

 

 

[waxed-boarder8215]

My config 
 

Configuration file location: /mnt/disk3/lxc/ubuntu-20.04/config

# Template used to create this container: /usr/share/lxc/templates/lxc-download
# Parameters passed to the template: --dist ubuntu --release focal --arch amd64
# Template script checksum (SHA-1): 78b012f582aaa2d12f0c70cc47e910e9ad9be619
# For additional config options, please look at lxc.container.conf(5)

# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)


# Distribution configuration
lxc.include = /usr/share/lxc/config/common.conf
lxc.arch = linux64

# Container specific configuration
lxc.rootfs.path = dir:/mnt/disk3/lxc/ubuntu-20.04/rootfs
lxc.uts.name = ubuntu-20.04

# Network configuration
lxc.net.0.type = veth
lxc.net.0.flags = up
lxc.net.0.link=br0
lxc.net.0.name = eth0

lxc.net.0.hwaddr=52:54:00:44:F5:2F
lxc.start.auto=0

#Resource limitations
lxc.cgroup2.cpuset.cpus = 0-1
lxc.cgroup2.memory.max = 2G

the resource limits are not enforced what am i doing wrong ?
Goal to limit the lxc conatiner to core 0,1 and to max 2gb ram out of my 32 gb ram 

Edited August 12, 2023 by waxed-boarder8215

[ich777]

8 hours ago, waxed-boarder8215 said:

the resource limits are not enforced what am i doing wrong ?

A bit more information please, Diagnostics would be helpful.

 

I can't reproduce this on my system:

[laiaman]

hi

For beginners, the image was never downloaded, but the ping was successful  

Tried many things, but nothing worked 

[ich777]

5 minutes ago, laiaman said:

Tried many things, but nothing worked 

It is possible that they currently have issues with their image distribution system.

May I ask where you are located in the world?

 

Have you yet tried to download a Debian Bookworm or Bust image? Do other images work?

There is not much I can do about if the download doesn't work because this is a LXC thing. Do you have any ADBlockers or special Firewall rules set on your network?

 

Can you download this file from your local computer:
https://images.linuxcontainers.org/images/debian/bullseye/amd64/default/20230817_05%3A24/rootfs.tar.xz

 

 

A simple ping doesn't mean often times that everything else is working, the above linked file is what the plugin tries to download. If the download from your local computer is working (which it is in my case and also on Unraid) something else with your Network configuration may be wrong.

[laiaman]

On 8/17/2023 at 5:20 PM, ich777 said:

It is possible that they currently have issues with their image distribution system.

May I ask where you are located in the world?

 

Have you yet tried to download a Debian Bookworm or Bust image? Do other images work?

There is not much I can do about if the download doesn't work because this is a LXC thing. Do you have any ADBlockers or special Firewall rules set on your network?

 

Can you download this file from your local computer:
https://images.linuxcontainers.org/images/debian/bullseye/amd64/default/20230817_05%3A24/rootfs.tar.xz

 

 

A simple ping doesn't mean often times that everything else is working, the above linked file is what the plugin tries to download. If the download from your local computer is working (which it is in my case and also on Unraid) something else with your Network configuration may be wrong.

Thank you, it is still a network problem, the original download speed is too slow to time out, through the proxy connection, i can install normally.  

ps：I'm in China 

[ich777]

1 hour ago, laiaman said:

Thank you, it is still a network problem, the original download speed is too slow to time out

That is really strange, as far as I remember they don't have a timeout for the downloads in the source, it just stops when the download pipe breaks.

 

1 hour ago, laiaman said:

i can install normally.

1 hour ago, laiaman said:

ps：I'm in China 

Do you maybe have a LXC mirror over there?

I added the possibility to change the download URL from the LXC containers. If there is a mirror over there and they follow the default structure you can change the URL on the Settings page from LXC.

 

Just a little side information, the mirror need to have all the necessary metadata in place which you can find here and of course the corresponding images like they are structured here.

[Joly0]

Hey guys, i think the recent unraid update (6.12.4) broke something regarding lxc networking. I have updated and switched to macvtap driver (disabled bridging) and now my containers are unable to ping my lxc container and vice-versa. The lxc cointainer is also unable to ping the host. I have tested eth0 and virhost0 as network interfaces for lxc, but both arent working. Is there anything i can do?

[ich777]

17 minutes ago, Joly0 said:

Is there anything i can do?

Please do the following:

 

Enable Host access in the Docker Settings:

 

On the LXC Settings page set the network to eth0, click the Box "Change network from existing container" and then hit Apply:

 

This should do the trick.

[Joly0]

already done this, or to be precise, already have been doing this since ever

 

But ok, i did this and it worked, so i guess the update broke the setting there. It was still enabled, but it seems like it was disabled. Disabling and reenabling it helped, thx

Edited September 6, 2023 by Joly0

[ich777]

2 minutes ago, Joly0 said:

already done this, or to be precise, already have been doing this since ever

I introduced this settings to the plugin because of the macvtap change in Unraid and tested this excessively. The only thing that is really necessary is that you enable Host access on the Docker page and that you also tick the box Change networks from existing containers.

 

You can also use virhost0 instead of eth0 but I don't recommend that and would actually not display the correct traffic on the LXC page <- please note that you will now only see the whole traffic for eth0 right next to the containers, this is a downside from macvtap and I can't do much about that.

[Brramble]

Hello

 

Just wondering if I have missed anything obvious here... I'm on 6.12.3 and fresh install of the LXC plugin. When I use the following config, the memory and CPU within the LXC container doesn't get applied. For example when I run htop, I can still see the full specification of the host.

 

Quote

# Spec config
lxc.cgroup2.cpuset.cpus = 0-1
lxc.cgroup2.memory.max = 2G
 

 

Thanks for any advice in advance

[ich777]

  

10 minutes ago, Brramble said:

When I use the following config, the memory and CPU within the LXC container doesn't get applied

They do get applied but htop inside the container is still able to see all the system resources but will not be able to use them:

 

For example if you install something like stress and then stress the CPU, with more than two cores you will see that it only uses cores 0-1 on my system:

I hope you see that I got two terminal windows, the window in the background is from the container where I started a stress test with 12 cores and the htop terminal window is also from within the container where you can see that only the first two cores are used (please ignore core 7 since it's doing most certainly something else).

 

For RAM it is a bit more difficult to test but the limit is also applied.

 

Hope that helps and makes sense.

[Brramble]

3 minutes ago, ich777 said:

  Hope that helps and makes sense.

 

Thank you for confirming that @ich777, makes complete sense now. I recently moved from Proxmox and was familiar with seeing the configuration reflect within htop. I wonder why it is this way, do you happen to know?

 

Thanks again.

[ich777]

2 minutes ago, Brramble said:

I wonder why it is this way, do you happen to know?

This is caused because these are privileged containers, this is nothing to worry about in the default configuration btw.

 

Unprivileged containers are on my to do list but this is something for way later...

[Mainfrezzer]

On 9/6/2023 at 3:29 PM, ich777 said:

Please do the following:

 

Enable Host access in the Docker Settings:

 

On the LXC Settings page set the network to eth0, click the Box "Change network from existing container" and then hit Apply:

 

This should do the trick.

should have looked here before figuring that out for myself. I was baffled earlier today when i couldnt use the lxc container anymore to use the reverse proxy i set up on it to access my dockers to circumvent the host access requirement. i could have sworn that was working before.

Since i have to activate it now for it to work, i can scap the lxc plugin completely. thank you for the plugin, served me very well ❤️

[keywal]

Apologies for the moronic question but...

Is it possible to change a containers icon in the unraid GUI?

Perhaps something I can add to config file?

[ich777]

On 9/14/2023 at 9:41 PM, keywal said:

Is it possible to change a containers icon in the unraid GUI?

Yes, that is indeed possible.

 

Go to your LXC storage path which you've defined in the LXC settings on your server, create a folder called "custom-icons" in there and put a .png file named exactly like the container is named in there.

 

Here is what it looks like on my server:

 

So to speak if the container is named DNS the file must be named DNS.png, if the container is named PiHoleTest the file must be PiHoleTest.png

I also would recommend that you choose a file which is square otherwise it will be stretched.

[keywal]

Thank you kindly!

[ben-nl]

I'm just started playing with the LXC-plugin and it's fantastic.

Now that I'm here I have one question.
It would be easy if you could rename or add a description to the snapshots.
It's not super important, can easily live without it.
Thanks for making this plugin.

Edited September 24, 2023 by ben-nl

[ich777]

22 minutes ago, ben-nl said:

It would be easy if you could rename or add a description to the snapshots.

Sorry but this is not supported, however it is possible create a snapshot from the command line and add a comment to a snapshot but that doesn‘t add much value (because it’s very limited what it can do) and therefore I don‘t implemented it.

 

However look into the backup function (you first have to configure it in the plugin settings to actually use it).

 

There are already two features that you can use from the command line and are unique to Unraid:

lxc-autobackup

lxc-autosnapshot

 

But there are currently no plans to extend the snapshot/backup features since they do what they should do currently and I‘m trying to improve the plugin further.

 

Good to hear that you are happy with the plugin so far, always great to read such messages. 😊

[ben-nl]

3 hours ago, ich777 said:

Sorry but this is not supported, however it is possible create a snapshot from the command line and add a comment to a snapshot but that doesn‘t add much value (because it’s very limited what it can do) and therefore I don‘t implemented it.

I can easily live without it. 😀

 

3 hours ago, ich777 said:

currently and I‘m trying to improve the plugin further.

That is good news, thanks. 👍

 

 

[wy586]

我正在就我在尝试创建容器时遇到的问题寻求您的帮助。

尝试创建容器时，我收到以下错误消息：

如果您对如何解决此问题有任何建议，建议或进一步说明，我将不胜感激。

非常感谢您的时间和关注。我期待你的回复。