local provider missing network resources under /proc

Bug #1288969 reported by Xiaoming Wang on 2014-03-06
This bug affects 1 person
Affects Status Importance Assigned to Milestone

Bug Description

When create ubunut machine with juju local provider lots of settings under /proc/sys/net/core are missing.
For example, rmem_max. It prevents our application fails to start.

It happens on some my Linux host systems only.
When I work with HPCC charm Matt Bruzek, who help us view the charm also catch this on his system.

I also opened discussion thread at Ubuntu One (Ask): http://askubuntu.com/questions/404969/error-net-core-wmem-default-is-an-unknown-key-on-juju-local-provider

Curtis Hovey (sinzui) on 2014-03-06
affects: juju-core → lxc
Xiaoming Wang (xwang2713) wrote :

This is LXC issue and nothing to do with juju-core/local. I can re-produce it in LXC only environment. This ticket can be closed. We will address the issue with LXC.

Well, it might just be part of the required isolation by namespaces.
In fact there is way more missing in /proc/sys comparing a Host to a Container.

sudo sysctl -a | wc -l gives me:
a) # 669 in a wily Container
b) # 1335 in Trusty Host

Since a) and b) essentially share the kernel it should be the same (without isolation).
In fact we can create a List what is missing.
=> missing-in-container.txt

When you first look at it you might think it is a lot, but the major contributor are virtual devices like bridges existing in the Host, but not in the guest.
After cleaning those out of the files the missing lines like this:
=> cleaned-missing-in-container.txt

This was done on an LXD container, I also tried a privileged LXC container but that made no difference.

Still everything that is missing are just network tunables, so it might just be "intended" for network isolation due to network namespaces.
I'm not yet deep into that, but I hope the identified lists help to shorten the bug handling.

Stéphane Graber (stgraber) wrote :

Nothing LXC can do about this, the list of files available entirely depends on the kernel and what's namespace aware in the Linux kernel.

Changed in lxc:
status: New → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers