From the front page: “LXC is production ready with LXC 1.0 getting 5 years of security updates and bugfixes (until April 2019).”

I‘m writing this on 29th April 2019, so that statement is … not at all reassuring.

The LXC introduction says “LXC 1.0 will be supported until June 1st 2019”, and also mentions an LXC 2.0. Probably 2.0 should be mentioned on the front page instead of 1.0.

1. Click on the “LXD” item of the site’s header.
2. Navigate to “Product page”, just below “External resources”.
3. Be redirected back to linuxcontainers.org.

Apparently, they’ve removed the page at ubuntu.com. Presumably this link can be just removed.

I had to remove the collapsible link on the feedback and step-by-step widgets as those weren't working after the vanilla port.

@anthonydillon

Additions:

• mention that we would like to see translations (right now this is not mentioned)
  • and maybe a status of translations and participants (if possible)
• Writing Guidelines:
  • mostly Markdown with a bit of html
  • I could add some specifics I included, such as special css-classes for notes etc.
  • different "styles" for website versus documentation
• link directly to open issues, for example: Issue about the Advanced Guide
• mention Ideas and Feature Requests (and not just "Bug Reports")

Corrections:

• python3-markdown (<3.0.0), is not <3.0.0 anymore

Comment:
I can work on Pull requests for most of this, but I wanted to hear oppinions first 😄.

I want to extend whitelist for outgoing requests, so that testing anything with Fedora becomes possible, but can't find where try it backend is located. Worth mentioning in README.md.

Context:
https://linuxcontainers.org/lxd/getting-started-cli/
https://discuss.linuxcontainers.org/t/proposed-additions-and-changes-for-getting-started/7804
https://discuss.linuxcontainers.org/t/request-add-more-info-about-images-into-getting-started/7738

Todo:
Technical:

• TOC (Table of Content)
• Admonitions
• Footnotes
• Attribution Lists (use specific html classes)
• FencedCode
• [blocked] other style for tables (reduced width, vertical borders) (also see: #420)

Content:

• Initial Configuration
• VM's [1]
• Launch Instances [1]
• Images [1]
• Links [1]

Moved Profiles and Tips&Tricks to the Advanced Guide (#413).

[1]: see pull request #433

Note: This is of course not urgent, but because I haven't received an answer in the forum, I wanted to post it here, so it would not be forgotten 🙂 .

I would like to change some things in the "getting started-doc", but before I start to write a pull request for it, I would appreciate to get some answers (so I (and maybe others) know what you want to see included and what not):

1. Regarding general questions for editing (what is allowed etc.):

• can I add links to external websites, like:
  • official external documentation, e.g. cloud-init?
  • blogs like simos blog: https://blog.simos.info/tag/lxd/ (only at the bottom, for "useful links" (or similar)) ?
• I guess everything should be as short as possible?

2. Regarding my ideas for changes;
   I would add more info about:

• the options of lxd-init (like answers to "what is clustering?")

• VMs:
  should I seperate the vm-part from the container-part or mingle it (most topics like images, profiles etc. apply to both)?

• details for "lxc launch" (like requested in this issue)

• profiles (only short info + links)

  • extended info could be in the docs (https://linuxcontainers.org/lxd/docs/master/profiles), but would need a rewrite

• (maybe later) cloud-init (only short info + links):

  • extended info could be in the docs ("cloud-init", but would need a rewrite
  • potencial link: https://cloudinit.readthedocs.io/en/latest/topics/examples.html

• images:

  • "official" images (how to list, find and use them)
  • "download the images yourself"
    • maybe only a link to seperate documentation (would need a new page, maybe "images")
    • otherwise link to imageserver and how to download & import the images
  • "building your own images":
    • maybe only a link to seperate documentation ("images"), otherwise:
      • link to distrobuilder instructions
      • link to image templates
      • extended info: e.g. about how to modify the image templates
  • link to image handling or include it in new document ("images")

• storage (pools) (only short info + links)

2.a) I would also like to add:

• a section for tips & tricks (for better workflow)
• (useful) links:

  • To the documentation and also:

    • Security
    • FAQ

  • To the forum: https://discuss.linuxcontainers.org/

3. Regarding the layout of the document (what kind of layout/style do you prefer?);
   I would like to:

• add a Content-List at the beginning (so one can easier find content inside);
  I created an example here: https://github.com/toby63/linuxcontainers.org/blob/master/content/lxd/getting-started-cli.md#content

• use tables to summarize flags, commands etc., I also created one example in the section about snap packages:
  https://github.com/toby63/linuxcontainers.org/blob/master/content/lxd/getting-started-cli.md#snap-package-arch-linux-debian-fedora-opensuse-and-ubuntu

I am wondering if you could point out to the source code who generates the following file
https://images.linuxcontainers.org/streams/v1/images.json

looking for simplestreams in the code only gives a list of yaml file

do you use juju metadata generate-image or similar approach?
any signed sjson available?

Kind regards

As mentioned previously, I was/am planning on adding the full CLI output of the Python-lxc API to the website.

However, I see that the current way it is arranged is not so clear.

What I propose is:

Click on 'LXC' - Dropdown appears (currently operational and will not change)
Click/Scroll on 'Documentation' and a side-menu (similar to how man-pages works)

When doing the click/scroll over 'Documentation', the results we get would be:

• Main/other-name : which would contain most of the top-level information already present when selecting 'Documentation' currently
• C : Providing the full C API spec with the current example, etc.
• Python : Same as C
• All-other-languages : We can place these as time goes by

The only (slight) problem I have is that I am unsure how to split the 'Documentation' into a menu option itself with sub-menus.

Any suggestions on this will help and I will then go about doing it myself.

• Firefox 49.0.2
• Linux
  Received message : "error: Error opening startup config file: "loading config file for the container failed"

We added an advanced guide on the linuxcontainers.org website:
https://linuxcontainers.org/lxd/advanced-guide/

Below you find a Todo-list.
You can help by:

• creating a pull request to add content or
• adding a comment with ideas for changes or further content.

You find the source-file of the advanced guide here:
https://github.com/lxc/linuxcontainers.org/blob/master/content/lxd/advanced-guide.md

Todo-List:
Improvements:

• add links to manpages (once #471 is implemented)

Content:

• Instance management - Part 2
  • might describe details like snapshots etc.
• Server configuration (partly added)
  • recent security recommendations
  • custom user mappings: https://ubuntu.com/blog/custom-user-mappings-in-lxd-containers
• Clustering, a link to the documentation could be enough: https://linuxcontainers.org/lxd/docs/master/clustering
• Networks
• Storages
• Devices
• GUI in containers (see e.g.: LXD Forum - Overview GUI in containers
• GUI in virtual machines (see e.g.: LXD Forum - GUI in VM's)
• LXD-p2c (Create containers from existing systems (e.g. servers, virtual machines etc.)); see also: forum - howto use lxd p2c and forum - question about lxd p2c (was also requested in #340)
• More Content for Tips & Tricks (first added in #437)
• Backup and Emergency guide (we could maybe just link to https://github.com/lxc/lxd/blob/master/doc/backup.md)
• Guide for setting Limits (for example kernel and CPU limits)

Done:

• Configuration of instances (lxc launch, profiles) (added in #434)
  Note: includes only a description on how to apply options, so no description of the options themself
• Cloud-init (added in #435)
• Remote Servers (see also #431) (added in #435)
• Images - part 2 (build images) (added in #437)
• Command Aliases (added in #437)
• Further Links (added in #434)

Sorted out:
Technical:

• [blocked] other style for tables (reduced width, vertical borders) (see: #420) [H]

Original Post:
We (the LXD-community, including the developers) could create an additional "Advanced Guide" that we link to in "Getting started", that could include topics like:

• networks
• storage pools
• devices
• cloud-init
• Clustering
  etc.

Advantages:

• This could be a good introduction to advanced topics for new users.
• It could also help to seperate in-depth-topics from the Getting Started-doc.
• The regular documentation could be kept technical and rather short-summarized, while an advanced guide could formulate things in more detail.

Examples in the initial training materials would speed things up and avoid confusion if the results of each lxc command were shown.

I was trying out the LXD Container on https://linuxcontainers.org/lxd/try-it/?id=cf717a30-7e47-4bdb-bfba-9f62373f7033#snapshots

And it causes an error when executing the system distribution upgrade command

 root@tryit-capital:~# lxc exec first -- apt-get dist-upgrade -y

I believe this is occuring cause there isn't sudo permissions within the container, or some services aren't active/enabled ? As the following problems are occurring:

Setting up systemd (237-3ubuntu10.31) ...                                                                                                              
Failed to try-restart systemd-networkd.service: Access denied                                                                                          
See system logs and 'systemctl status systemd-networkd.service' for details.                                                                          
Failed to try-restart systemd-resolved.service: Access denied                                                                                          
See system logs and 'systemctl status systemd-resolved.service' for details.                                                                          
Failed to try-restart systemd-timesyncd.service: Access denied                                                                                        
See system logs and 'systemctl status systemd-timesyncd.service' for details.                                                                          
Failed to try-restart systemd-journald.service: Access denied                                                                                          
See system logs and 'systemctl status systemd-journald.service' for details.  
Setting up udev (237-3ubuntu10.31) ...                                                                                                                
Failed to reload daemon: Access denied                                                                                                                
Failed to retrieve unit state: Access denied    

invoke-rc.d: could not determine current runlevel                                                                                                      
Failed to reload daemon: Access denied                                                                                                                
Failed to retrieve unit state: Access denied                                                                                                          
                                                                                                                                                       
Failed to restart udev.service: Access denied                                                                                                          
See system logs and 'systemctl status udev.service' for details.                                                                                      
invoke-rc.d: initscript udev, action "restart" failed.                                                                                                
Failed to get properties: Access denied                                                                                                                
dpkg: error processing package udev (--configure):                                                                                                    
 installed udev package post-installation script subprocess returned error exit status 4  

Processing triggers for libc-bin (2.27-3ubuntu1) ...                                                                                                  
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...                                                                                                  
Processing triggers for dbus (1.12.2-1ubuntu1.1) ...                                                                                                  
Failed to open connection to "system" message bus: Failed to query AppArmor policy: Permission denied                                                  
Processing triggers for mime-support (3.60ubuntu1) ...                                                                                                
Processing triggers for initramfs-tools (0.130ubuntu3.8) ...                                                                                          
Errors were encountered while processing:                                                                                                              
 udev                                                                                                                                                  
E: Sub-process /usr/bin/dpkg returned an error code (1)                                                                                                
W: Operation was interrupted before it could finish                    

=============================================
This command also yields problems:

root@tryit-capital:~# lxc exec first -- apt-get autoremove --purge -y

Reading package lists... Done                                                                                                                          
Building dependency tree                                                                                                                              
Reading state information... Done                                                                                                                      
The following packages will be REMOVED:                                                                                                                
  libfreetype6*                                                                                                                                        
0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.                                                                                        
1 not fully installed or removed.                                                                                                                      
After this operation, 940 kB disk space will be freed.                                                                                                
(Reading database ... 28645 files and directories currently installed.)                                                                                
Removing libfreetype6:amd64 (2.8.1-2ubuntu2) ...                                                                                                      
Setting up udev (237-3ubuntu10.31) ...                                                                                                                
Failed to reload daemon: Access denied    
Failed to retrieve unit state: Access denied                                                                                                          
invoke-rc.d: could not determine current runlevel
Failed to restart udev.service: Access denied                                                                                                          
See system logs and 'systemctl status udev.service' for details.                                                                                      
invoke-rc.d: initscript udev, action "restart" failed.                                                                                                
Failed to get properties: Access denied
                      dpkg: error processing package udev (--configure):                                                                                                     
installed udev package post-installation script subprocess returned error exit status 4                                                              
Processing triggers for libc-bin (2.27-3ubuntu1) ...                                                                                                  
Errors were encountered while processing:                                                                                                              
 udev                                                                                                                                                  
E: Sub-process /usr/bin/dpkg returned an error code (1)                                                                                                
W: Operation was interrupted before it could finish  

Hi, the app "lxd-gui" (https://github.com/dobin/lxd-webgui) can't do make GET to images.linuxcontainers.org because don't allow others origins.
Can you enable it?

╰─$ curl -XOPTIONS https://uk.images.linuxcontainers.org/1.0/images -I
HTTP/1.1 200 OK
Date: Tue, 31 Oct 2017 14:10:48 GMT
Server: Apache/2.4.7 (Ubuntu)
Strict-Transport-Security: max-age=31536000
Allow: POST,OPTIONS,GET,HEAD,TRACE
Content-Length: 0
Content-Type: application/json

Hi Stéphane,

Is it possible to crate issues or PRs for release announcements like ce97519? It is convenient to monitor progress on Linux containers through GiHub notification system, which only notifies about issues and PRs.

While I see that there is a license in https://github.com/lxc/linuxcontainers.org/blob/master/CONTRIBUTING.md
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International

It is not so clearly visible at first sight, so maybe you can add the License in a LICENSE-file.

I would have created a pull request for it, but it is unknown to me, whether I can just copy that license or if there is a license for the license 🤔.

While I was editing getting-started-cli I noticed that the different types of remote servers are not clearly seperated.

I suggest seperating them with different commands, for example:

• lxc imageserver - for imageservers
  (The list could include LXD-Servers as well, but on a seperate list below the regular imageservers)
• lxc remote - only for LXD servers

Advantages:

• This way we can explain the difference better to new users
• A clear seperation avoids confusion
• People who use many LXD-Servers or imageservers have a clear overview as well

It is impossible to reference "Creating and using your first container" paragraph on https://linuxcontainers.org/lxd/getting-started-cli/ because HTML anchors are not generated.

Currently, on http://us.images.linuxcontainers.org/, it leaves the undersiable impression that openSUSE 15.0 supports unprivileged containerization from LXC 1.1 and up. At least for now, that's misleading, see lxc/lxc#1678. While this is fixed in systemd 236, openSUSE 15.0 is shipped with systemd 234. I've opened a downstream bug report about backporting systemd/systemd@d3070fb.

EDIT: Actually, I stumbled over the lxc/lxc#1713 that fixes this problem, so the information is correct. I have to look into what/which version of cgfs is currently being used in Proxmox.

One more question.
At the item in "Change in behavior"

core: pivot_root is now done with the use of lxc.pivotdir, as a result this option is now considered deprecated and will be removed in upcoming releases.

"with" is correctly "without"?

• core: pivot_root is now done without the use of lxc.pivotdir, as a result this option is now considered deprecated and will be removed in upcoming releases.

The /lxd/try-it page is showing an error message instead of the demo.

I noticed that the documentation is saved within the repos of lxd etc.

While I understand that it is this way, because developers maybe favor it to be near the code, I still wanted to suggest to move, or at least link it here.
There already seems to be a place for this:
https://github.com/lxc/linuxcontainers.org/tree/master/content/lxd/docs

Reasons/Advantages:

• the documentation is also a part of the website
• issues regarding the docs could be placed here
• docs could be downloaded with the website (?: I don't know if git can follow links, i never tested that)

Really I need a ask is it 15.10 or future 16.10?

https://github.com/lxc/linuxcontainers.org/blob/bcbed6a27e55ee25d5a07e84ee6b1b760a63b8c5/content/lxd/getting-started-openstack.md#manual-installation---ubuntu-server

In https://github.com/lxc/linuxcontainers.org/blob/master/content/lxc/getting-started.md it is said that

Now, everything below assumes a recent Ubuntu system or another Linux distribution which offers a similar experience (recent kernel, recent version of shadow, cgmanager and default uid/gid allocation).

Just before you create your first container, you probably should logout and login again, or even reboot your machine to make sure that your user is placed in the right cgroups. (This is only required if cgmanager wasn't installed on your machine prior to you installing LXC.)

As cgmanager is considered retired, it should be updated to libpam-cgfs at least for hybrid cgroup hierarchy. In addition, it is instructed at lxc/lxc#3242 (comment) to use

systemd-run --unit=myshell --user --scope -p "Delegate=yes" lxc-start

This trick for pure cgroup2 hierarchy should also be included in getting-started.md

Having spent a few weeks getting to grips with the basics of lxd, I have a couple of suggested additions /improvements that could be made to the lxd getting started guide ( https://linuxcontainers.org/lxd/getting-started-cli/ ) that would've saved me days or weeks of troubleshooting, searching and experimentation.

The first is in respect to lxd networking, specifically the bridge configuration. After days spent reading the lxd forums and trying many configs, I finally worked out why I couldn't get networking to work in any of my containers. It turns out that you have to explicitly disable IPv6 in the lxdbr0 configuration for both NAT and addressing or else it breaks any IPv4 only hosts networking. This may seem obvious but it really isn't and I didn't see this suggested in any of the related lxd blog or forum posts I found and nor was this suggested to me by anyone in the lxcontainers IRC channel.

I would recommend either modifying/extending the Initial configuration section of the getting started guide to cover this or adding a new networking section immediately after that section of the guide that would read something like this:

LXD networking

In order for your lxd containers to get network access, a bridged network device has to be created on your lxd host, this device (usually called lxdbr0) has to be attached to an lxd profile (usually 'default') and this profile needs to be added to your container(s) so that they can access the network. Running lxd init and answering yes when asked about creating a new local network bridge will do nearly all of the required configuration to enable networking for lxd but your IPv4 hosts won't work unless you specifically tell lxd to disable IPv6 NAT and addressing in your bridge configuration.

To disable IPv6, presuming you used lxd init to create a bridged interface called lxdbr0, you would run the command:

# lxc network edit lxdbr0

Then edit it so that the bridge configuration looks something like this:

config:
  ipv4.address: 146.87.119.1/24
  ipv4.nat: "true"
  ipv6.address: none
  ipv6.nat: "false"
description: ""
name: lxdbr0
type: bridge
used_by:
- /1.0/containers/test
managed: true
status: Created
locations:
- none

There is usually no need to restart any containers after changing your lxd host network settings, the changes are applied instantly.

The other addition I would suggest adding to the getting started guide is that it makes no mention of lxd-p2c to ease the process of creating containers from existing servers. I posted a short guide on the usage of lxd-p2c on the forums here https://discuss.linuxcontainers.org/t/howto-use-lxd-p2c/3574/3

Thanks

When starting services in a CentOS guest, many of them want to create private temp directories. This fails under LXC. Widely used services such as Apache, MariaDB and Cyrus Imap are affected and fail to start. This has been discussed in several places on the internet, mainly the Proxmox forums [1]. So you may already be very well aware of the issue. The workaround is to replace

PrivateTmp=true

with

PrivateTmp=false

in the respective configuration file under /usr/lib/systemd/system/

It would be nice, if the workaround would be included or referenced in the documentation on linuxcontainers.org. [2]

[1] https://www.google.de/search?q=PrivateTmp+lxc#q=%22PrivateTmp%22+%22lxc%22

[2] https://linuxcontainers.org/lxd/getting-started-cli/

On e.g. https://linuxcontainers.org/lxd/getting-started-cli/, I'm seeing the navigation first and then having to scroll down the see the content. I assume the navigation is intended to be to the left of the content, so you can start reading the content right away.

(I'm using Firefox 82 on Ubuntu 20.04)

No link on the frontpage nor the menu is working.
I can't imagine how to deploy a change and not even look at a single link and also not having automates link checking.

It would be good to implement a way to search the website.

I remember reading about it (found it here: https://discuss.linuxcontainers.org/t/new-self-hosted-documentation-site/5540/4).
@stgraber suggested implementing a google search.
For privacy reasons I would advocate for DuckDuckgo or similar instead.

Regarding the difficulty implementing it, could you maybe implement a search box, like
https://duckduckgo.com/search_box ?
It works with iframe.

Update:
Example for implementation:

On this page you could describe the usual things:
-who you are
-what you do
etc.

To limit user access based on tls certificates a command or flag is needed to assign a role to a client certificate.

Adding a trust certificate currently works like this
lxc config trust add <cert>

A flag would suffice to set a role, like:
lxc config trust add <cert> --role user
lxc config trust add <cert> --role admin
If a cert would be added twice, the last rule setting should get preference.

Additionally a default role setting should be set in the core settings, like
core.trust_default_role: 'readonly'

The line containing the text "close to possible as the one" should read "close as possible as the one"

It is impossible to copy/paste commands and results from Try it server, because they scroll away after screenful of lines and there is no way to view them back.

Hi,
The command to define multihost in the following page suffers from shell expansion :

https://linuxcontainers.org/lxd/getting-started-cli/

lxc config set core.https_address [::]

will produce :
$ lxc config set core.https_address [::]
$ lxc config show
config:
core.https_address: ':'
core.trust_password: true

The command should read :
$ lxc config set core.https_address '[::]'

Notably, the Vanilla Framework has, for a few releases now, natively supported dropdown navigation items in its header bar, so the custom solution used here can be dropped.

Under https://linuxcontainers.org/lxd/getting-started-cli/#snap-package-archlinux-debian-fedora-opensuse-and-ubuntu there is the line:
The list of Linux distributions we currently test our snap for can be found here.
The link on found here is https://jenkins.linuxcontainers.org/job/lxd-test-snap-stable/ and this is a dead link.

I don't know if there are already more distributions but lxd is already available among Gentoos main packages as opposed to "only Ubuntu".

I have a question.
At the "New features" item "lxc-lua: Now a C binary installed by default (was a lua script)", "lxc-lua" is correctly "lxc-top"?

I just noticed that all links on the website point to URLs ending with no slash (hardcoded), but that the generated website uses the index.html trick to display "clean" slash-ended urls.

Even if the server returns 301 responses, this still means a lot of doubled queries where one would be enough, not counting that nothing else can load before those two requests are finished. As a web dev I mainly think of new visitors for who the speed is a big factor.

The server isn't really slow but this probably wouldn't cost much to make it a bit faster ? Or does it work like this on purpose ? (would be strange)

I can work on a PR if you want. Or maybe is there a better way than editing every file under content/ ?

We should automatically print a header warning with a link to the english version when the matching translated markdown file is older than the source english version.

Try it demo would be more useful it it allowed copy/paste - canonical/lxd-demo-server#5

https://github.com/xtermjs/xterm.js might be a drop-in replacement for current term.js, however it requires npm to start, so it is not entirely clear how to move it into our static website.

Hi guys, im pretty impressed with all the work you've done so far on LXC, LXD and now FANCTL. Shall we add them to linuxcontainers org?

https://linuxcontainers.org/ is giving a Proxy Error right now.

this is the full message:

Proxy Error

The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request

Reason: DNS lookup failure for: web-dl01.srv.dcmtl.stgraber.net

Apache/2.4.29 (Ubuntu) Server at linuxcontainers.org Port 443

It is very inconvenient to scroll through tutorial contents, because after every click browser window scrolls to the top.

Hello.

I got forwarded here from https://linuxcontainers.org/lxd/getting-started-cli/. But I landed on a lxc page.

I am not sure if this is an issue what I will write below, but I will mention it because it is a major road block for me.

First, thank you for all the work done.

I have a very difficult time getting LXD containers to start working properly on Ubuntu 18.04 server. Most specifically having them obtain automatically an IP address from the router via DHCP. All the instructions I found are about old stuff and nothing about new stuff, e.g., netplan.

I think, it would be nice if there were instructions going further than just "lxd init" and creating a container with an 10.x.x.x address.

The part where I need instructions start first afterwards that. For example to have the newly created container get an ip address to which I can bind a domain (not the 10.x.x.x), etcetera.

And I found nothing anywhere. Really! :)

Any help or feedback would be much appreciated.

Thank you.

Please add RSS or Atom for news.

The feedback widget that's supposed to show up at the end of a try-it session (when reaching the final page in the step by step instructions) isn't showing up after the port to vanilla.

If forced to show up, the star rating widget doesn't show up at all and the rest of the form looks oddly spaced.

@anthonydillon

Hi,
https://github.com/lxc/linuxcontainers.org/blame/9ab2227c36fabc975d5f802bcd845537ee51b998/content/lxd/introduction.md#L37

"... Under the scene, LXD uses ...."

I believe this to be an interesting combination of:

• Under the hood
• Behind the scenes

When navigating the master docs at:

https://linuxcontainers.org/lxd/docs/master/instances#hugepage-limits-via-limitshugepagessize

... some of the quick navigation (anchor) links displayed in the right-hand column don't function (such as the one which produced the link included above) - apparently due to the use of characters such as / and [ in the section names.

Console getty keeps respawning in the guests, spamming the logs. The issue was discussed here:

lxc/incus#444

Currently the proposed changes to the templates from images.linuxcontainers.org don't seem to be implemented. It took me an embarrassingly long time to find the correct commands to disable getty.

For a Centos 7 guest they are as follows:

systemctl stop console-getty
systemctl disable console-getty
systemctl mask console-getty

If you don't mask, console-getty will be automatically enabled on the next boot.

Debian Jessie guests are a bit different.

systemctl stop console-getty.service
systemctl stop [email protected]
systemctl stop [email protected]
systemctl stop [email protected]
systemctl stop [email protected]

systemctl disable console-getty.service
systemctl disable [email protected]
systemctl disable [email protected]
systemctl disable [email protected]
systemctl disable [email protected]

systemctl mask console-getty.service
systemctl mask [email protected]
systemctl mask [email protected]
systemctl mask [email protected]
systemctl mask [email protected]

Until the proposed changes to the templates are implemented or another solution is found, it would be really nice for people like me, if the above commands found their way into the documentation. The first place I looked was /etc/inittab, where these settings were changed in Debian before Jessie.

For reference, the respective log looks like this for Debian Jessie:

Dec 19 18:05:15 tttdebian systemd[1]: console-getty.service has no holdoff time, scheduling restart.
Dec 19 18:05:15 tttdebian systemd[1]: [email protected] has no holdoff time, scheduling restart.
Dec 19 18:05:15 tttdebian systemd[1]: [email protected] has no holdoff time, scheduling restart.
Dec 19 18:05:15 tttdebian systemd[1]: [email protected] has no holdoff time, scheduling restart.
Dec 19 18:05:15 tttdebian systemd[1]: Stopping Getty on tty4...
Dec 19 18:05:15 tttdebian systemd[1]: Starting Getty on tty4...
Dec 19 18:05:15 tttdebian systemd[1]: Started Getty on tty4.
Dec 19 18:05:15 tttdebian systemd[1]: Stopping Getty on tty3...
Dec 19 18:05:15 tttdebian systemd[1]: Starting Getty on tty3...
Dec 19 18:05:15 tttdebian systemd[1]: Started Getty on tty3.
Dec 19 18:05:15 tttdebian systemd[1]: Stopping Getty on tty1...
Dec 19 18:05:15 tttdebian systemd[1]: Starting Getty on tty1...
Dec 19 18:05:15 tttdebian systemd[1]: Started Getty on tty1.
Dec 19 18:05:15 tttdebian systemd[1]: Stopping Console Getty...
Dec 19 18:05:15 tttdebian systemd[1]: Starting Console Getty...
Dec 19 18:05:15 tttdebian systemd[1]: Started Console Getty.
Dec 19 18:05:15 tttdebian agetty[373]: /dev/console: Operation not permitted
Dec 19 18:05:15 tttdebian agetty[370]: /dev/tty1: No such file or directory
Dec 19 18:05:15 tttdebian agetty[367]: /dev/tty3: No such file or directory
Dec 19 18:05:15 tttdebian agetty[364]: /dev/tty4: No such file or directory

For Centos 7:

Dec 19 18:06:50 tcentos systemd[1]: Starting Console Getty...
Dec 19 18:06:50 tcentos agetty[566]: /dev/console: Operation not permitted
Dec 19 18:07:00 tcentos systemd[1]: console-getty.service has no holdoff time, scheduling restart.
Dec 19 18:07:00 tcentos systemd[1]: Started Console Getty.

Hi there,

with @BrunnerLivio we notice some inconsistency in the images on the https://images.linuxcontainers.org server.

basically the image listed do have a consistent fingerprint when accessing the image details as depicted in the following code:

curl https://uk.images.linuxcontainers.org/1.0/images | python -m json.tool                                            
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 23352  100 23352    0     0  23352      0  0:00:01 --:--:--  0:00:01 91218
{
    "metadata": [
        "/1.0/images/17ba09371cc3443715d6ce8733c1cc226645863c139450eb503d8eb08a1f7250",
        "/1.0/images/e2a9549f1f318c8faa64963c67efa95ced8572368127666cf6760a8eb7ed0853",
        "/1.0/images/0c03fddf670309012e6bb7bd8545c6c0d6b725ffb84f2dab67d8542a44e3c50b",
        "/1.0/images/f79d48030270234045acba9239cba77dbd3a0ea6e77ab1ec741834dbbb58ee78",
        "/1.0/images/adb7164bbcdcf14a1be1dc8dfecd2825333e6d40757e053617ef9640f5e99fd5",
        "/1.0/images/2bc172159ce57bbb02a1372ad5016f8f3374c709a98760a1059405363424fb50",
        "/1.0/images/0c252ff1d64978e89052f81bc71c91912ed59521658c260facf9cdc1af1b0553",
        "/1.0/images/8884bce09c6b6e5ca573a833e5fb7872c1e3ef44807e9806bd693ccbc97f7d27",
        "/1.0/images/3453e9af2bec38845bb8afa393e6d3e3ba81d449d82ac1748c06683002b7a1c0",
        "/1.0/images/31b1f1fdc46d556963e84b3dd9d482be03916331730d159c89fb8ab129c082f0",
        "/1.0/images/bd847ed151fafbc8d5bf590f0a35cc3fbec87bbda79200ad15564e05d6fa97a6",
        "/1.0/images/faf04466a305b2a874284b5cd54ddd7513e6e734c02de1da71b4a53e016103f6",
       [...]
        "/1.0/images/c6e9b0dcca19764861773c7808d8cb472781009601402142034a818f52c48a55"
    ],
    "status": "Success",
    "status_code": 200,
    "type": "sync"
}

Getting some image details of the /1.0/images/faf04466a305b2a874284b5cd54ddd7513e6e734c02de1da71b4a53e016103f6 results in
the same fingerprint:
"fingerprint": "faf04466a305b2a874284b5cd54ddd7513e6e734c02de1da71b4a53e016103f6",

curl https://uk.images.linuxcontainers.org/1.0/images/faf04466a305b2a874284b5cd54ddd7513e6e734c02de1da71b4a53e016103f6 | python -m json.tool
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   790  100   790    0     0    790      0  0:00:01 --:--:--  0:00:01  1850
{
    "metadata": {
        "aliases": [
            {
                "description": "Alpine 3.5 (amd64) (default)",
                "name": "alpine/3.5/amd64/default",
                "target": "alpine/3.5/amd64/default"
            },
            {
                "description": "Alpine 3.5 (amd64)",
                "name": "alpine/3.5/amd64",
                "target": "alpine/3.5/amd64"
            }
        ],
        "architecture": "x86_64",
        "created_at": "2018-03-08T18:00:24Z",
        "expires_at": "1970-01-01T00:00:00Z",
        "filename": "alpine-3.5-amd64-default-20180308_17:50.tar.xz",
        "fingerprint": "faf04466a305b2a874284b5cd54ddd7513e6e734c02de1da71b4a53e016103f6",
        "properties": {
            "architecture": "amd64",
            "build": "20180308_17:50",
            "description": "Alpine 3.5 (amd64) (20180308_17:50)",
            "distribution": "alpine",
            "release": "3.5"
        },
        "public": true,
        "size": 1749138,
        "uploaded_at": "2018-03-08T18:00:24Z"
    },
    "status": "Success",
    "status_code": 200,
    "type": "sync"
}

Now comes the tricky part, using the lxc (lxc version 2.21) to copy this image from with this fingerprint locally fails:

lxc image copy images:faf04466a305b2a874284b5cd54ddd7513e6e734c02de1da71b4a53e016103f6 local: --copy-aliases           
error: The requested image couldn't be found.

It seems that the exposed REST-API for this server is delivering erroneous/outdated data...

Using the lxc command to get some more information about the alias target image, results in a complete other image Fingerprint :(

lxc image info images:alpine/3.5/amd64                                                                                 
Fingerprint: 9677bdac722171ddc16f3a77c800f840d51e1c46ee7e627c5141d8b237220f5f
Size: 1.70MB
Architecture: x86_64
Public: yes
Timestamps:
    Created: 2018/03/08 00:00 UTC
    Uploaded: 2018/03/08 00:00 UTC
    Expires: never
    Last used: never
Properties:
    serial: 20180308_17:50
    description: Alpine 3.5 amd64 (20180308_17:50)
    os: Alpine
    release: 3.5
    architecture: amd64
Aliases:
    - alpine/3.5/default
    - alpine/3.5/default/amd64
    - alpine/3.5
    - alpine/3.5/amd64
Cached: no
Auto update: disabled

After some digging we noticed that a really small amount of listed image correspond to the proper fingerprint:

lxc image list images: --format yaml | grep -i fingerprint | awk '{print $2}' > lxc-images.fingerprints
curl https://uk.images.linuxcontainers.org/1.0/images | python -m json.tool | grep -i images | cut -d '/' -f4 | tr -d '[",]' > linuxcontainers.org.fingerprints
# comparison
for im in `cat lxc-images.fingerprints`; do grep $im linuxcontainers.org.fingerprints; done                            
4cd85aceb09377aaaf0f67037fa9c00dee46d358012077174a4fe7c1f2b1f000
b1aeef2293c0bcc4639983a52e5eff47600361a27c4e2c5b0b3417362f68c44d
1fd0905297acbd9564b9556b22cc0fb6337c7f3c633ed9be94423bdefcb5bacb
a14a23a034aab22eb4ebbb5826bcb21862c41f4ad07aeb922dcdb68bc46d76e9
fc2de6fd2745b5e94a73ec48ea5c6c3391e82f555d2d9e9c06a0147637cf18e6
6fce0e9befe843135fc6e5c00dd2ef7158feba80cf0eb022b097d967d318d47d

Well the initial idea was to use the LXD rest-api to list the content of the https://images.linuxcontainers.org server and to make some copy operation via webui over this API as specified in https://github.com/lxc/lxd/blob/master/doc/rest-api.md

1.0/images/*

Coud someone have a look at this issue?
Is there an API description to access the simplestreams protocol so it's consistent with the lxc command?

Basically we would need the complete list of images 1.0/images/* and their details 1.0/images/<image_fingerprint>

Cheers
Eric