Difference between revisions of "Talk:Linux Containers"

From ArchWiki
Jump to: navigation, search
(Mention linux-hardened: re, close discussion)
(Mention linux-hardened: rm closed)
Line 66: Line 66:
[[User:Monty programador|Monty programador]] ([[User talk:Monty programador|talk]]) 09:54, 28 February 2017 (UTC)
[[User:Monty programador|Monty programador]] ([[User talk:Monty programador|talk]]) 09:54, 28 February 2017 (UTC)
== <s>Mention linux-hardened</s> ==
On the Linux Containers page of the wiki it mentions a request being filed for user namespaces to be added to the kernel for unprivileged containers.  I'm wondering if it should be mentioned that the linux-hardened kernel in the community repo does have user namespaces enabled, and may be an easier option to building a custom kernel. -- <b>IntentropyCS</b> ([[IRC channel|irc]]) 10:02, 27 November 2017 (UTC)
:It should be mentioned that the linux-hardened kernel in the community repo does have user namespaces enabled, about PKGBUILD probably too, but whole section including it is something I saw removed in other articles as custom packages should go to AUR, not articles -- [[User:Svito|Svito]] ([[User talk:Svito|talk]]) 11:47, 27 November 2017 (UTC)
::Done, closing. -- [[User:Svito|Svito]] ([[User talk:Svito|talk]]) 15:04, 24 December 2017 (UTC)

Revision as of 12:15, 3 January 2018

burn down and rebuild

I'd like to take a crack at re-writting this article from the ground up as I feel that would be less work than trying to retrofit into this version. I'm thinking it might be ok for me to rename this page to 'linux_containers-legacy' or the like and others can take a look at whether some info on this page needs to be included in the new one I am proposing. Any objections or thoughts? Graysky (talk) 22:21, 19 April 2015 (UTC)

OK I have taken a good stab at this now. Please review and keep this article neat and tidy. Graysky (talk) 10:07, 20 April 2015 (UTC)
I suppose you've tried to address the status templates that were at the top of the article, but since your edits didn't follow ArchWiki:Contributing#The_3_fundamental_rules, I'll add the links to the previous revisions, to try and make it slightly easier to review this change for anyone who found the time to compare them:
  • previous "Linux Containers" article: [1]
  • previous "Lxc-systemd" article, which has been merged here: [2]
Kynikos (talk) 13:30, 21 April 2015 (UTC)
Sorry, I didn't realize the edits were considered too complex. I actually found it really tough to try to update, simplify, and combine the original page. Thank you for the linking. Graysky (talk) 19:24, 21 April 2015 (UTC)
Don't get me wrong, the previous revisions did need a thorough clean-up, and the current article does look more organized, so I appreciate your effort of course, it's just that without proper edit summaries it's very hard to double-check the change and understand where the apparently removed content has gone. Let's just leave this open and see if somebody wants to review it. — Kynikos (talk) 02:37, 22 April 2015 (UTC)
No objections, peer review is welcomed. Graysky (talk) 07:42, 22 April 2015 (UTC)
I haven't installed a new container in a while so I looked up this wiki article today. I noticed that some information is not present anymore, such as the possible issues when using a systemd container. My conclusion was that these issues no longer exist and the information was therefore deleted from the wiki. After reading this discussion, I'm not sure about that. If it is still relevant, I think it should be part of the main article, or at least referenced. If it isn't, I guess it should be deleted completely. Troja (talk) 15:21, 17 July 2016 (UTC)

Example using only netctl

@Lahwaacz - While I agree that we don't want to duplicate content in other articles, I feel that providing a working configuration within the article is welcomed for completeness just as we do in the beginners guide. Therefore, a few common set ups are needed in my opinion. See, https://wiki.archlinux.org/index.php?title=Linux_Containers&diff=373914&oldid=373913 Graysky (talk) 19:20, 16 May 2015 (UTC)

I'm sorry but these two approaches are opposite: we can either avoid duplication or follow the BG style. What is wrong with instructions such as "Create a bridge named ... as described in ..." which is still sufficiently (IMO) complete? -- Lahwaacz (talk) 21:16, 16 May 2015 (UTC)
I think the article should keep the two examples following the BG style. Just my $0.02. Graysky (talk) 01:24, 17 May 2015 (UTC)
+1 for merging, the wired network section is practically a copy of Bridge with netctl, I don't see anything specific to Linux Containers here. — Kynikos (talk) 03:33, 18 May 2015 (UTC)
-1 for merging the network stuff. The examples provided in the article are appropriate. For me as a consumer of information, the Archwiki merges the past couple years have led to more confusing, fragmented articles/how-to's because now, you end up having to flip back and forth between multiple browser tabs, searching entire articles for the one or two bits that relate to what you are actually trying to accomplish, rather than having relevant info provided in context, right where you need/want it. Sure, have the larger, more exhaustive networking article that I can reference for the nitty, gritty details. And I get that that may also be desirable from wiki maintainers perspective. For a user perspective, however, it's much less efficient for me have to search through it all, try to figure out what context is applicable or not, etc. Tough balancing act. I've just been noticing that as of late things that used to be fairly easy and straight forward to follow, no longer are, and require much more jumping around to sort out the bits you're actually looking for. Peace. Kgunders (talk) 17:33, 28 September 2015 (UTC)
-1 for merging for the reasons nicely articulated by Kgunders. Graysky (talk) 19:11, 28 September 2015 (UTC)

Rewrite a section about "Host network configuration"

I was looking at the above-mentined section, and it does not make any sense to me. First, a bridge interface for containers has nothing to do with whether the host uses wired or wireless connection. Why is it necessary to add an external interface to the bridge? The topology of a network for containers, and how it is connected to the internet is a separate issue.

Therefore, I suggest that I rewrite this section by providing an example of an empty bridge interface. Then, it can be NAT'ed or or whatever. I would argue that NAT is the best setup option because it automatically protects containers from possible malicious network traffic. Lisaev (talk) 02:12, 30 November 2016 (UTC)

Describing this sensibly is difficult because it's not specific to Linux Containers. There is already much info about this on this wiki, see e.g. QEMU#Networking. I think there should be a separate page with the general info about topologies and virtual interfaces, on which other pages could build, adding their specifics etc. -- Lahwaacz (talk) 06:23, 30 November 2016 (UTC)
I agree. To me, sensibly means what I use most in practice on dosens of containers -- an empty bridge with veth interfaces dynamically created by LXC and NAT'ed behind the host. The point here is not to give a complete overview of all LXC networking capabilities, because LXC documentation is written well enough, but to give a starting working configuration. I agree that it is not the only possible configuration, but I think that in the current form the host network section is unnecessary confusing :) Lisaev (talk) 05:11, 2 December 2016 (UTC)
Hi, I've added a section on how to enable the legacy lxcbr0 (before i was aware of exactly how talks work. This information was not easy to come by when sitting on a laptop with just WIFI, and if I want it someone else will was the general idea... --Izznogooood (talk) 20:04, 17 October 2017 (UTC)

Append the section "Container creation" with archlinux-bootstrap images

Arch provides archlinux-bootstrap images that can be used when pacman is not available (on non-arch systems or when it is broken). In fact, I think it is the simplest method that other distros should use. I verified this method on Fedora 24 server system.

Any objections if I add this? Lisaev (talk) 02:39, 30 November 2016 (UTC)

Like the section above, this is not specific to Linux Containers. Bootstrapping Arch is already described in Install_from_existing_Linux#Method_A:_Using_the_bootstrap_image_.28recommended.29, making a container from that should be fairly trivial. Perhaps some links would be enough? -- Lahwaacz (talk) 06:27, 30 November 2016 (UTC)
Actually, I dodn't know about that section you mentioned :) Yes, then it should be mostly a link... I suggested the edit because on non-arch distros, the default lxc-archlinux template fails if pacman is not found. Of course, this is stupid because pacman is not needed at all! Unfortunately, the archlinux template is a bloated mess of features (even if pacman is present) because it does not have a dedicated maintainer who would block some features, and upstream LXC accepts almost any patch that is formally correct. Hence, I wanted to provide a 5-line set of instructions so that ppl who run non-arch hosts could deploy arch guests witjout building pacman... Lisaev (talk) 05:18, 2 December 2016 (UTC)

double tty

When login to the container with lxc-console -n CONTAINER_NAME a problem with a double tty presents.

The problem can be avoided using lxc-console -n CONTAINER_NAME -t 0 but i don't know if it is a good workaround.

I have added that to the page in the section Basic_usage.

More information on the problem:

Monty programador (talk) 09:54, 28 February 2017 (UTC)