tomponline commented 6 years ago

The template below is mostly useful for bug reports and support questions. Feel free to remove anything which doesn't apply to you and add more information where it makes sense.

Required information

Distribution: CentOS
Distribution version: 7
The output of
- lxc-start --version
```
3.0.2
```
- lxc-checkconfig

[root@rh-vz01 lxc]# lxc-checkconfig
Kernel configuration not found at /proc/config.gz; searching...
Kernel configuration found at /boot/config-3.10.0-862.11.6.el7.x86_64
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
newuidmap is not installed
newgidmap is not installed
Network namespace: enabled
Multiple /dev/pts instances: enabled

--- Control groups ---
Cgroups: enabled

Cgroup v1 mount points: 
/sys/fs/cgroup/systemd
/sys/fs/cgroup/pids
/sys/fs/cgroup/cpu,cpuacct
/sys/fs/cgroup/perf_event
/sys/fs/cgroup/net_cls,net_prio
/sys/fs/cgroup/blkio
/sys/fs/cgroup/devices
/sys/fs/cgroup/cpuset
/sys/fs/cgroup/memory
/sys/fs/cgroup/hugetlb
/sys/fs/cgroup/freezer

Cgroup v2 mount points: 

Cgroup v1 clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: enabled, loaded
Macvlan: enabled, not loaded
Vlan: enabled, not loaded
Bridges: enabled, not loaded
Advanced netfilter: enabled, not loaded
CONFIG_NF_NAT_IPV4: enabled, loaded
CONFIG_NF_NAT_IPV6: enabled, not loaded
CONFIG_IP_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled, not loaded
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, loaded
FUSE (for use with lxcfs): enabled, loaded

--- Checkpoint/Restore ---
checkpoint restore: enabled
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: enabled
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: enabled
CONFIG_NETLINK_DIAG: enabled
File capabilities: 

Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig

uname -a

Linux rh-vz01 3.10.0-862.11.6.el7.x86_64 #1 SMP Tue Aug 14 21:49:04 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

cat /proc/self/cgroup

[root@rh-vz01 lxc]# cat /proc/self/cgroup
11:freezer:/
10:hugetlb:/
9:memory:/user.slice
8:cpuset:/
7:devices:/user.slice
6:blkio:/user.slice
5:net_prio,net_cls:/
4:perf_event:/
3:cpuacct,cpu:/user.slice
2:pids:/user.slice
1:name=systemd:/user.slice/user-0.slice/session-109.scope

cat /proc/1/mounts

rootfs / rootfs rw 0 0
sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
devtmpfs /dev devtmpfs rw,nosuid,size=1890684k,nr_inodes=472671,mode=755 0 0
securityfs /sys/kernel/security securityfs rw,nosuid,nodev,noexec,relatime 0 0
tmpfs /dev/shm tmpfs rw,nosuid,nodev 0 0
devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
tmpfs /run tmpfs rw,nosuid,nodev,mode=755 0 0
tmpfs /sys/fs/cgroup tmpfs ro,nosuid,nodev,noexec,mode=755 0 0
cgroup /sys/fs/cgroup/systemd cgroup rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd 0 0
pstore /sys/fs/pstore pstore rw,nosuid,nodev,noexec,relatime 0 0
cgroup /sys/fs/cgroup/pids cgroup rw,nosuid,nodev,noexec,relatime,pids 0 0
cgroup /sys/fs/cgroup/cpu,cpuacct cgroup rw,nosuid,nodev,noexec,relatime,cpuacct,cpu 0 0
cgroup /sys/fs/cgroup/perf_event cgroup rw,nosuid,nodev,noexec,relatime,perf_event 0 0
cgroup /sys/fs/cgroup/net_cls,net_prio cgroup rw,nosuid,nodev,noexec,relatime,net_prio,net_cls 0 0
cgroup /sys/fs/cgroup/blkio cgroup rw,nosuid,nodev,noexec,relatime,blkio 0 0
cgroup /sys/fs/cgroup/devices cgroup rw,nosuid,nodev,noexec,relatime,devices 0 0
cgroup /sys/fs/cgroup/cpuset cgroup rw,nosuid,nodev,noexec,relatime,cpuset 0 0
cgroup /sys/fs/cgroup/memory cgroup rw,nosuid,nodev,noexec,relatime,memory 0 0
cgroup /sys/fs/cgroup/hugetlb cgroup rw,nosuid,nodev,noexec,relatime,hugetlb 0 0
cgroup /sys/fs/cgroup/freezer cgroup rw,nosuid,nodev,noexec,relatime,freezer 0 0
configfs /sys/kernel/config configfs rw,relatime 0 0
/dev/sda2 / ext4 rw,relatime,data=ordered 0 0
systemd-1 /proc/sys/fs/binfmt_misc autofs rw,relatime,fd=36,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=12503 0 0
mqueue /dev/mqueue mqueue rw,relatime 0 0
hugetlbfs /dev/hugepages hugetlbfs rw,relatime 0 0
debugfs /sys/kernel/debug debugfs rw,relatime 0 0
/dev/sda1 /boot ext4 rw,relatime,data=ordered 0 0
/dev/mapper/VolGroup00-shared /shared ext4 rw,relatime,stripe=128,data=ordered 0 0
/dev/mapper/VolGroup00-backup /backup ext4 rw,relatime,stripe=128,data=ordered 0 0
lxcfs /var/lib/lxcfs fuse.lxcfs rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other 0 0
fusectl /sys/fs/fuse/connections fusectl rw,relatime 0 0
tmpfs /run/user/0 tmpfs rw,nosuid,nodev,relatime,size=380356k,mode=700 0 0

Issue description

When using LVM with LXC, the container shows duplicate / mount points inside the container.e.g

[root@el7build01 /]# cat /proc/mounts | grep ' / '
rootfs / rootfs rw 0 0
/dev/VolGroup00/el7build01 / ext4 rw,relatime,stripe=128,data=ordered 0 0
[root@el7build01 /]# cat /proc/self/mounts | grep ' / '
rootfs / rootfs rw 0 0
/dev/VolGroup00/el7build01 / ext4 rw,relatime,stripe=128,data=ordered 0 0

This confuses monitoring software as there are 2 root mounts.

For some reason, with a Debian host, this is not happening, and I'm not sure what the difference is.

Information to attach

[x] any relevant kernel output (dmesg)
[x] container log (The file from running lxc-start -n <c> -l <log> -o DEBUG)
[x] the containers configuration file

tomponline commented 6 years ago

Example config file

[root@rh-vz01 lxc]# cat /var/lib/lxc/el7build01/config 
# Template used to create this container: /usr/share/lxc/templates/lxc-download
# Parameters passed to the template:
# Template script checksum (SHA-1): 273c51343604eb85f7e294c8da0a5eb769d648f3
# For additional config options, please look at lxc.container.conf(5)

# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)

# Distribution configuration
lxc.include = /usr/share/lxc/config/common.conf
lxc.arch = x86_64

# Container specific configuration
lxc.cgroup.memory.limit_in_bytes = 512M
lxc.cgroup.memory.memsw.limit_in_bytes = 1G
lxc.start.auto = 0
lxc.apparmor.allow_incomplete = 1
lxc.idmap = u 0 1258512 65536
lxc.idmap = g 0 1258512 65536
lxc.rootfs.path = lvm:/dev/VolGroup00/el7build01
lxc.uts.name = el7build01

# Network configuration
lxc.net.0.type = veth
lxc.net.0.flags = up
lxc.net.0.name = eth0
lxc.net.0.ipv4.address = 192.168.1.18/32
lxc.net.0.ipv4.gateway = 169.254.0.1
lxc.net.0.ipv6.address = 2a02::xxxx/128
lxc.net.0.ipv6.gateway = fe80::1
lxc.net.0.script.up = /usr/libexec/lxc/ctctl-netup
lxc.net.0.script.down = /usr/libexec/lxc/ctctl-netup

tomponline commented 6 years ago

Start up debug log el7build01.log

tomponline commented 6 years ago

BTW, did you know your issue template has the args for the debug log the wrong way around?

Says

lxc-start -n <c> -l <log> -o DEBUG

But should be:

lxc-start -n <c> -l DEBUG -o <log>

tomponline commented 6 years ago

This seems to be a behaviour of CentOS 7, as its happening on the physical machine too:

cat /proc/mounts  | grep ' / '
rootfs / rootfs rw 0 0
/dev/vda1 / ext4 rw,noatime,nobarrier,data=ordered 0 0

Seems quite strange, as it doesnt happen on debian 9 hardware nodes, or centos 6 hardware nodes.

lxc / lxc

duplicate root mounts #2599

Required information

Issue description

Information to attach