B #7028, #7044, #7041: Add note for LXC driver improvements (#3264)

dann1 · web-flow · commit 25a225b26bdb · 2025-05-22T16:22:14.000+02:00
diff --git a/source/intro_release_notes/release_notes_enterprise/resolved_issues_6104.rst b/source/intro_release_notes/release_notes_enterprise/resolved_issues_6104.rst
@@ -8,6 +8,8 @@ A complete list of solved issues for 6.10.4 can be found in the `project develop
 The following new features have been backported to 6.10.4:
 
 - `Add support of using defined timezone by oneacct utility with flag -t/--timezone  <https://github.com/OpenNebula/one/issues/821>`__.
+- Console logging for :ref:`LXC Driver <lxc_logs>`.
+- Add architecture and hypervisor scheduling requirements to public marketplaces :ref:`public marketplaces <public_marketplaces>`
 
 The following issues has been solved in 6.10.4:
 
@@ -20,6 +22,8 @@ The following issues has been solved in 6.10.4:
 - `Fix ability to add and remove existing users to existing groups and change main group from an user <https://github.com/OpenNebula/one/issues/6980/>`__. In order to add, remove or change main group from and user, please see **Changes in Configuration Files** section below.
 - `Fix vGPU profile monitoring for legacy mode <https://github.com/OpenNebula/one/issues/7012/>`__.
 - `Fix README.md links to old paths <https://github.com/OpenNebula/one/issues/7032>`__.
+- `Fix a silent LXC container start fail <https://github.com/OpenNebula/one/issues/7028>`__.
+- `Fix the use of hardcoded DNS for linuxcontainers marketplace <https://github.com/OpenNebula/one/issues/7041>`__.
 - `Fix Restic backup driver when the server is not deployed together with the frontend <https://github.com/OpenNebula/one/issues/7054>`__.
 - `Fix resource names to not allow special characters '\\t', '\\n', '\\v', '\\f', '\\r' <https://github.com/OpenNebula/one/issues/6950>`__.
 - `Fix HA in case of wrong SQL query <https://github.com/OpenNebula/one/issues/7025>`__.
diff --git a/source/open_cluster_deployment/lxc_node/lxc_driver.rst b/source/open_cluster_deployment/lxc_node/lxc_driver.rst
@@ -14,6 +14,8 @@ Requirements
 Considerations & Limitations
 ================================================================================
 
+.. _lxc_security:
+
 Privileged Containers and Security
 --------------------------------------------------------------------------------
 
@@ -188,6 +190,8 @@ Containers supports remote access via VNC protocol which allows easy access to t
       LISTEN="0.0.0.0",
       TYPE="VNC" ]
 
+.. _lxc_raw:
+
 Additional Attributes
 -----------------------
 
@@ -221,3 +225,27 @@ After defining the profiles they can be used by adding the ``PROFILES`` attribut
   PROFILES = "extra-performance, production"
 
 Profiles, are implemented by using the LXC ``include`` configuration attribute, note that the profiles will be included in the provided order and this order might affect the final configuration of the container.
+
+.. _lxc_logs:
+
+Troubleshooting
+---------------
+
+On top of the regular OpenNebula logs at ``/var/log/one``, the LXC driver generates additional logs for more specific LXC operations. Sometimes a container might fail to start or not behave as intended. You can find out more about what happened by inspecting the log files at ``/var/log/lxc/``:
+
+- ``one-<vm_id>.console`` — Contains the console output seen when starting a container. This includes information regarding how the init process within the container starts and can help identify problems that occur after a successful start yet a failed initialization.
+- ``one-<vm_id>.log`` — Contains information about how LXC handles different container operations.
+
+You can also verify the low-level configuration of the container generated by OpenNebula by inspecting the file ``/var/lib/lxc/one-<vm_id>/config``.
+
+Common Issues
+-------------
+
+- Sometimes the Guest OS may refuse to start completely or some systemd services might fail. In these cases, it might be worth using :ref:`Privileged Containers <lxc_security>`.
+- When running Linux distributions with `AppArmor <https://documentation.ubuntu.com/server/how-to/security/apparmor/index.html>`_, it might be necessary to relax this configuration. Otherwise, services like :ref:`one-context <kvm_contextualization>` have dependencies which do not start. For this, you can set the following :ref:`RAW <lxc_raw>` configuration:
+
+.. code::
+
+  RAW = [
+    TYPE = "lxc",
+    DATA = "lxc.apparmor.profile=unconfined" ]
