lost and found ( for me ? )

Fedora 21 : nested LXC ( fail )

I was able to do nested LXC on Ubuntu 14.04 and tried that on Fedora 21, but I can not do that..

I gogoled how to do nested LXC on Fedora, but I can not fine solutions.

here are logs.

[root@f21 ~]# cat /run/media/hattori/external_HDD/lxc/centos7-openstack/config
lxc.arch = x86_64
lxc.autodev = 1
lxc.utsname = centos7-openstack

lxc.mount.auto = cgroup
lxc.aa_profile = lxc-container-default-with-nesting

lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = virbr0
lxc.network.name = eth0

lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = virbr51
lxc.network.name = eth1
lxc.network.ipv4 = 192.168.51.10/24

lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = virbr51
lxc.network.name = eth2
lxc.network.ipv4 = 192.168.52.10/24

lxc.rootfs = /run/media/hattori/external_HDD/lxc/centos7-openstack/rootfs


[root@f21 ~]# lxc-start -n centos7-openstack
lxc-start: cgfs.c: cgroupfs_mount_cgroup: 1368 No such file or directory - could not mount tmpfs to /sys/fs/cgroup in the container
lxc-start: conf.c: lxc_mount_auto_mounts: 838 No such file or directory - error mounting /sys/fs/cgroup
lxc-start: conf.c: lxc_setup: 4176 failed to setup the automatic mounts for 'centos7-openstack'
lxc-start: start.c: do_start: 688 failed to setup the container
lxc-start: sync.c: __sync_wait: 51 invalid sequence number 1. expected 2
lxc-start: start.c: __lxc_start: 1080 failed to spawn 'centos7-openstack'
lxc-start: lxc_start.c: main: 342 The container failed to start.
lxc-start: lxc_start.c: main: 346 Additional information can be obtained by setting the --logfile and --logpriority options.

/sys/fs/cgroup directory exits.

[root@f21 ~]# ls /sys/fs/cgroup/
blkio  cpu,cpuacct  cpuset   freezer  memory   net_cls,net_prio  perf_event
cpu    cpuacct      devices  hugetlb  net_cls  net_prio          systemd
[root@f21 ~]#


[root@f21 ~]# mount| grep cgroup
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset,clone_children)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,nosuid,nodev,noexec,relatime,hugetlb)

start the continaer by enabling debug logs.

# lxc-start -n centos7-openstack  --logfile debug.log --logpriority DEBUG -d
lxc-start: lxc_start.c: main: 342 The container failed to start.
lxc-start: lxc_start.c: main: 344 To get more details, run the container in foreground mode.
lxc-start: lxc_start.c: main: 346 Additional information can be obtained by setting the --logfile and --logpriority options.


# cat debug.log
      lxc-start 1421679512.927 INFO     lxc_start_ui - lxc_start.c:main:265 - using rcfile /run/media/hattori/external_HDD/lxc/centos7-openstack/config
      lxc-start 1421679512.927 WARN     lxc_log - log.c:lxc_log_init:316 - lxc_log_init called with log already initialized
      lxc-start 1421679512.928 WARN     lxc_cgfs - cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup cpuset unknown to /run/media/hattori/external_HDD/lxc centos7-openstack
      lxc-start 1421679512.928 WARN     lxc_cgfs - cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup cpu unknown to /run/media/hattori/external_HDD/lxc centos7-openstack
      lxc-start 1421679512.928 WARN     lxc_cgfs - cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup memory unknown to /run/media/hattori/external_HDD/lxc centos7-openstack
      lxc-start 1421679512.928 WARN     lxc_cgfs - cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup devices unknown to /run/media/hattori/external_HDD/lxc centos7-openstack
      lxc-start 1421679512.928 WARN     lxc_cgfs - cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup freezer unknown to /run/media/hattori/external_HDD/lxc centos7-openstack
      lxc-start 1421679512.928 WARN     lxc_cgfs - cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup net_cls unknown to /run/media/hattori/external_HDD/lxc centos7-openstack
      lxc-start 1421679512.928 WARN     lxc_cgfs - cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup blkio unknown to /run/media/hattori/external_HDD/lxc centos7-openstack
      lxc-start 1421679512.928 WARN     lxc_cgfs - cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup perf_event unknown to /run/media/hattori/external_HDD/lxc centos7-openstack
      lxc-start 1421679512.928 WARN     lxc_cgfs - cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup hugetlb unknown to /run/media/hattori/external_HDD/lxc centos7-openstack
      lxc-start 1421679512.929 INFO     lxc_start - start.c:lxc_check_inherited:209 - closed inherited fd 4
      lxc-start 1421679512.934 INFO     lxc_lsm - lsm/lsm.c:lsm_init:48 - LSM security driver nop
      lxc-start 1421679512.934 DEBUG    lxc_start - start.c:setup_signal_fd:247 - sigchild handler set
      lxc-start 1421679512.934 DEBUG    lxc_console - console.c:lxc_console_peer_default:536 - no console peer
      lxc-start 1421679512.934 INFO     lxc_start - start.c:lxc_init:443 - 'centos7-openstack' is initialized
      lxc-start 1421679512.935 INFO     lxc_start - start.c:lxc_check_inherited:209 - closed inherited fd 4
      lxc-start 1421679512.935 DEBUG    lxc_start - start.c:__lxc_start:1058 - Not dropping cap_sys_boot or watching utmp
      lxc-start 1421679512.939 INFO     lxc_monitor - monitor.c:lxc_monitor_sock_name:177 - using monitor sock name lxc/d398895dac6a0a55//run/media/hattori/external_HDD/lxc
      lxc-start 1421679512.940 DEBUG    lxc_conf - conf.c:instantiate_veth:3003 - instantiated veth 'veth1Q1EWB/vethU8YP7Y', index is '63'
      lxc-start 1421679512.943 DEBUG    lxc_conf - conf.c:instantiate_veth:3003 - instantiated veth 'vethNAH36V/vethX7XBBP', index is '65'
      lxc-start 1421679512.946 DEBUG    lxc_conf - conf.c:instantiate_veth:3003 - instantiated veth 'vethFSJTDS/vethL98KQ1', index is '67'
      lxc-start 1421679512.946 INFO     lxc_cgroup - cgroup.c:cgroup_init:62 - cgroup driver cgroupfs initing for centos7-openstack
      lxc-start 1421679512.962 DEBUG    lxc_conf - conf.c:lxc_assign_network:3420 - move 'eth0' to '28813'
      lxc-start 1421679512.980 DEBUG    lxc_conf - conf.c:lxc_assign_network:3420 - move 'eth1' to '28813'
      lxc-start 1421679512.995 DEBUG    lxc_conf - conf.c:lxc_assign_network:3420 - move 'eth2' to '28813'
      lxc-start 1421679513.002 DEBUG    lxc_conf - conf.c:setup_rootfs:1611 - mounted '/run/media/hattori/external_HDD/lxc/centos7-openstack/rootfs' on '/usr/lib64/lxc/rootfs'
      lxc-start 1421679513.002 INFO     lxc_conf - conf.c:setup_utsname:900 - 'centos7-openstack' hostname has been setup
      lxc-start 1421679513.022 DEBUG    lxc_conf - conf.c:setup_netdev:2784 - 'eth0' has been setup
      lxc-start 1421679513.046 DEBUG    lxc_conf - conf.c:setup_netdev:2784 - 'eth1' has been setup
      lxc-start 1421679513.059 DEBUG    lxc_conf - conf.c:setup_netdev:2784 - 'eth2' has been setup
      lxc-start 1421679513.059 INFO     lxc_conf - conf.c:setup_network:2805 - network has been setup
      lxc-start 1421679513.059 INFO     lxc_conf - conf.c:mount_autodev:1418 - Mounting /dev under /usr/lib64/lxc/rootfs
      lxc-start 1421679513.059 DEBUG    lxc_conf - conf.c:mount_check_fs:1250 - entering mount_check_fs for /dev
      lxc-start 1421679513.059 DEBUG    lxc_conf - conf.c:mount_check_fs:1292 - mount_check_fs returning 1 last devtmpfs
      lxc-start 1421679513.060 DEBUG    lxc_conf - conf.c:mount_autodev:1444 - Bind mounting /dev/.lxc/centos7-openstack.5058af9aae44b6ba to /usr/lib64/lxc/rootfs/dev
      lxc-start 1421679513.060 INFO     lxc_conf - conf.c:mount_autodev:1476 - Mounted /dev under /usr/lib64/lxc/rootfs
      lxc-start 1421679513.060 ERROR    lxc_cgfs - cgfs.c:cgroupfs_mount_cgroup:1368 - No such file or directory - could not mount tmpfs to /sys/fs/cgroup in the container
      lxc-start 1421679513.060 ERROR    lxc_conf - conf.c:lxc_mount_auto_mounts:838 - No such file or directory - error mounting /sys/fs/cgroup
      lxc-start 1421679513.060 ERROR    lxc_conf - conf.c:lxc_setup:4176 - failed to setup the automatic mounts for 'centos7-openstack'
      lxc-start 1421679513.060 ERROR    lxc_start - start.c:do_start:688 - failed to setup the container
      lxc-start 1421679513.062 ERROR    lxc_sync - sync.c:__sync_wait:51 - invalid sequence number 1. expected 2
      lxc-start 1421679513.062 WARN     lxc_conf - conf.c:lxc_delete_network:3296 - failed to remove interface 'eth0'
      lxc-start 1421679513.062 WARN     lxc_conf - conf.c:lxc_delete_network:3296 - failed to remove interface 'eth1'
      lxc-start 1421679513.062 WARN     lxc_conf - conf.c:lxc_delete_network:3296 - failed to remove interface 'eth2'
      lxc-start 1421679513.085 ERROR    lxc_start - start.c:__lxc_start:1080 - failed to spawn 'centos7-openstack'
      lxc-start 1421679513.085 INFO     lxc_conf - conf.c:lxc_delete_autodev:1581 - Cleaning /dev/.lxc/centos7-openstack.5058af9aae44b6ba
      lxc-start 1421679513.086 WARN     lxc_commands - commands.c:lxc_cmd_rsp_recv:172 - command get_cgroup failed to receive response
      lxc-start 1421679513.086 WARN     lxc_cgfs - cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup cpuset unknown to /run/media/hattori/external_HDD/lxc centos7-openstack
      lxc-start 1421679513.086 WARN     lxc_cgfs - cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup cpu unknown to /run/media/hattori/external_HDD/lxc centos7-openstack
      lxc-start 1421679513.086 WARN     lxc_cgfs - cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup memory unknown to /run/media/hattori/external_HDD/lxc centos7-openstack
      lxc-start 1421679513.086 WARN     lxc_cgfs - cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup devices unknown to /run/media/hattori/external_HDD/lxc centos7-openstack
      lxc-start 1421679513.086 WARN     lxc_cgfs - cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup freezer unknown to /run/media/hattori/external_HDD/lxc centos7-openstack
      lxc-start 1421679513.086 WARN     lxc_cgfs - cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup net_cls unknown to /run/media/hattori/external_HDD/lxc centos7-openstack
      lxc-start 1421679513.086 WARN     lxc_cgfs - cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup blkio unknown to /run/media/hattori/external_HDD/lxc centos7-openstack
      lxc-start 1421679513.086 WARN     lxc_cgfs - cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup perf_event unknown to /run/media/hattori/external_HDD/lxc centos7-openstack
      lxc-start 1421679513.086 WARN     lxc_cgfs - cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup hugetlb unknown to /run/media/hattori/external_HDD/lxc centos7-openstack
      lxc-start 1421679518.091 ERROR    lxc_start_ui - lxc_start.c:main:342 - The container failed to start.
      lxc-start 1421679518.091 ERROR    lxc_start_ui - lxc_start.c:main:344 - To get more details, run the container in foreground mode.
      lxc-start 1421679518.091 ERROR    lxc_start_ui - lxc_start.c:main:346 - Additional information can be obtained by setting the --logfile and --logpriority options.


[root@f21 ~]# ps -o cgroup
CGROUP
5:devices:/user.slice,1:name=systemd:/user.slice/user-1000.slice/session-1.scope
5:devices:/user.slice,1:name=systemd:/user.slice/user-1000.slice/session-1.scope
5:devices:/user.slice,1:name=systemd:/user.slice/user-1000.slice/session-1.scope
5:devices:/user.slice,1:name=systemd:/user.slice/user-1000.slice/session-1.scope
5:devices:/user.slice,1:name=systemd:/user.slice/user-1000.slice/session-1.scope
[root@f21 ~]#

[root@f21 ~]# cat /proc/5/cgroup
10:hugetlb:/
9:perf_event:/
8:blkio:/
7:net_cls,net_prio:/
6:freezer:/
5:devices:/
4:memory:/
3:cpu,cpuacct:/
2:cpuset:/
1:name=systemd:/

LXC error : failed to attach 'vethBQX66C' to the bridge 'ovsbr10' : No such device

Reference

# dpkg -l lxc
ii  lxc            1.0.6-0ubunt amd64        Linux Containers userspace tools

# ovs-vsctl --version
ovs-vsctl (Open vSwitch) 2.0.2
Compiled Aug 15 2014 14:31:02

# libvirtd --version
libvirtd (libvirt) 1.2.2


When I tried to start a container in combination with openvswitch, I saw the following errors.
-
lxc-start: failed to attach 'vethBQX66C' to the bridge 'ovsbr10' : No such device
-
here is what I did.

create the bridge via ovs-vsct
assign that bridge to the container
start the container.
# ovs-vsctl add-br ovsbr10

# grep -v ^# /var/lib/lxc/ubuntu-cn1/config | grep -v ^$
lxc.include = /usr/share/lxc/config/ubuntu.common.conf
lxc.rootfs = /var/lib/lxc/ubuntu-cn1/rootfs
lxc.mount = /var/lib/lxc/ubuntu-cn1/fstab
lxc.utsname = ubuntu-cn1
lxc.arch = amd64
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = ovsbr10


# lxc-start -n ubuntu-cn1
lxc-start: failed to attach 'vethBQX66C' to the bridge 'ovsbr10' : No such device
lxc-start: failed to create netdev
lxc-start: failed to create the network
lxc-start: failed to spawn 'ubuntu-cn1'
lxc-start: The container failed to start.
lxc-start: Additional information can be obtained by setting the --logfile and --logpriority options.

the workaround on this is

set USE_LXC_BRIDGE to false.
# less /etc/default/lxc-net
# This file is auto-generated by lxc.postinst if it does not
# exist.  Customizations will not be overridden.
# Leave USE_LXC_BRIDGE as "true" if you want to use lxcbr0 for your
# containers.  Set to "false" if you'll use virbr0 or another existing
# bridge, or mavlan to your host's NIC.
USE_LXC_BRIDGE="false"

or

set USE_LXC_BRIDGE to true
# less /etc/default/lxc-net
# This file is auto-generated by lxc.postinst if it does not
# exist.  Customizations will not be overridden.
# Leave USE_LXC_BRIDGE as "true" if you want to use lxcbr0 for your
# containers.  Set to "false" if you'll use virbr0 or another existing
# bridge, or mavlan to your host's NIC.
USE_LXC_BRIDGE="true"

delete the bridge
# ovs-vsctl del-br ovsbr10

add a bridge via virsh.
# cat /etc/libvirt/qemu/networks/ovs-network1.xml
<network>
 <name>ovs-network10</name>
 <bridge name='ovsbr10' stp='off' delay='0'/>
 <ip address='192.168.210.1' netmask='255.255.255.0'>
 </ip>
 <virtualport type='openvswitch'/>
</network>

define the network and start the network.
# virsh net-define ovs-network1.xml
Network ovs-network10 defined from ovs-network1.xml

# virsh net-start ovs-network10
Network ovs-network10 started

# virsh net-info ovs-network10
Name:           ovs-network10
UUID:          
Active:         yes
Persistent:     yes
Autostart:      no
Bridge:         ovsbr10

start the container.
# lxc-start -n ubuntu-cn1

root@ubuntu-cn1:~# ping 192.168.210.1 -c 1
PING 192.168.210.1 (192.168.210.1) 56(84) bytes of data.
64 bytes from 192.168.210.1: icmp_seq=1 ttl=64 time=0.071 ms

--- 192.168.210.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.071/0.071/0.071/0.000 ms

# grep -v ^# /etc/libvirt/qemu/networks/ovs-network10.xml
<!--
WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
OVERWRITTEN AND LOST. Changes to this xml configuration should be made using:
 virsh net-edit ovs-network10
or other application using the libvirt API.
-->

<network>
 <name>ovs-network10</name>
 <uuid>e3f3ccfd-990e-491d-98a9-1f8941ae3b8f</uuid>
 <bridge name='ovsbr10' stp='off' delay='0'/>
 <mac address='52:54:00:18:21:f3'/>
 <ip address='192.168.210.1' netmask='255.255.255.0'>
 </ip>
 <virtualport type='openvswitch'/>
</network>

# grep -v ^# /etc/default/lxc

LXC_AUTO="true"

USE_LXC_BRIDGE="false"  # overridden in lxc-net
[ -f /etc/default/lxc-net ] && . /etc/default/lxc-net

LXC_SHUTDOWN_TIMEOUT=120

# grep -v ^# /etc/default/lxc-net
USE_LXC_BRIDGE="true"

LXC_BRIDGE="lxcbr0"
LXC_ADDR="10.0.3.1"
LXC_NETMASK="255.255.255.0"
LXC_NETWORK="10.0.3.0/24"
LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
LXC_DHCP_MAX="253"

Python : remove ‘\n’ from a list

small tips.

You can delete ‘\n’ with rstrip method like this.

read a text file, put those into a list, remove ‘\n’.
# cat a.txt
hello
cheers
nice
good
bye

# python
>>> f = open('a.txt')
>>>
>>> list = f.readlines()
>>>
>>> list
['hello\n', 'cheers\n', 'nice\n', 'good\n', 'bye\n']
>>>
>>> list2 = []
>>>
>>> for i in list:
...     list2.append(i.rstrip('\n'))
...
>>>
>>> list2
['hello', 'cheers', 'nice', 'good', 'bye']
>>>

Fedora 21: manage a bridge device with nmcli.

Here are logs when adding a bridge with nmcli.

I will create a bridge named ovsbr10.

before adding the bridge, confirm ovsbr10 does not exit.
[root@f21 ~]# ip addr show | grep ovsbr10
[root@f21 ~]#

add a connection profile for the bridge “ovsbr10”.
please note that the connection profile name is “bridge-ovsbr10”.
[root@f21 ~]# nmcli con add type bridge ifname ovsbr10

Connection 'bridge-ovsbr10' (df26c72e-a7f4-4a2a-b91a-c53e27b007b0) successfully added.

[root@f21 ~]# nmcli c show | grep ovsbr
bridge-ovsbr10           df26c72e-a7f4-4a2a-b91a-c53e27b007b0  bridge          --         

add an IP to that connection profile.
[root@f21 ~]# nmcli c modify bridge-ovsbr10 ipv4.method manual ipv4.addresses "192.168.30.1/24"

[root@f21 ~]# nmcli --pretty connection show bridge-ovsbr10
===============================================================================
                 Connection profile details (bridge-ovsbr10)
===============================================================================
connection.id:                          bridge-ovsbr10
connection.uuid:                        df26c72e-a7f4-4a2a-b91a-c53e27b007b0
connection.interface-name:              ovsbr10
connection.type:                        bridge
connection.autoconnect:                 yes
connection.timestamp:                   0
connection.read-only:                   no
connection.permissions:                 
connection.zone:                        --
connection.master:                      --
connection.slave-type:                  --
connection.secondaries:                 
connection.gateway-ping-timeout:        0
-------------------------------------------------------------------------------
ipv4.method:                            manual
ipv4.dns:                               
ipv4.dns-search:                        
ipv4.addresses:                         { ip = 192.168.30.1/24, gw = 0.0.0.0 }
ipv4.routes:                            
ipv4.ignore-auto-routes:                no

bring up the bridge.
[root@f21 ~]# nmcli c up bridge-ovsbr10
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/9)
[root@f21 ~]#

[root@f21 ~]# ip addr show | grep ovsbr10
21: ovsbr10: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
   inet 192.168.30.1/24 brd 192.168.30.255 scope global ovsbr10
[root@f21 ~]#

Fedora 21 : install Linux container ( LXC ) on Fedora 21 and create a CentOS7 container

Here are logs when installing lxc on Fedora 21 and creating a CentOS7 container in that machine.

Host OS : Fedora 21
container : CentOS7

install lxc
# yum install lxc lxc-templates lxc-extra

[root@f21 ~]# rpm -qa | grep lxc
lxc-1.0.7-1.fc21.x86_64
lxc-extra-1.0.7-1.fc21.x86_64
lua-lxc-1.0.7-1.fc21.x86_64
lxc-templates-1.0.7-1.fc21.x86_64
lxc-libs-1.0.7-1.fc21.x86_64
python3-lxc-1.0.7-1.fc21.x86_64

# repoquery --list lxc
/etc/bash_completion.d/lxc
/usr/bin/lxc-attach
/usr/bin/lxc-cgroup
/usr/bin/lxc-checkconfig
/usr/bin/lxc-clone
/usr/bin/lxc-config
/usr/bin/lxc-console
/usr/bin/lxc-create
/usr/bin/lxc-destroy
/usr/bin/lxc-execute


# repoquery --list lxc-templates
/usr/share/lxc/config/centos.common.conf
/usr/share/lxc/config/centos.userns.conf
/usr/share/lxc/config/common.seccomp
/usr/share/lxc/config/debian.common.conf
/usr/share/lxc/config/debian.userns.conf
/usr/share/lxc/config/fedora.common.conf
/usr/share/lxc/config/fedora.userns.conf

# repoquery --list lxc-extra
/usr/bin/lxc-device
/usr/bin/lxc-ls
/usr/bin/lxc-start-ephemeral

create a centos7 container.

I will create the container with lxc-centos script.
go to the /usr/share/lxc/templates directory so that I can create containers with templates.
[root@f21 templates]# pwd
/usr/share/lxc/templates
[root@f21 templates]#
[root@f21 templates]# ls
lxc-alpine     lxc-centos    lxc-fedora        lxc-oracle  lxc-ubuntu-cloud
lxc-altlinux   lxc-cirros    lxc-gentoo        lxc-plamo
lxc-archlinux  lxc-debian    lxc-openmandriva  lxc-sshd
lxc-busybox    lxc-download  lxc-opensuse      lxc-ubuntu
[root@f21 templates]#

create the container.
[root@f21 templates]# ./lxc-centos -n centos7-cn1 -R 7 -p /run/media/hattori/external_HDD/lxc/centos7-cn1
Host CPE ID from /etc/os-release: cpe:/o:fedoraproject:fedora:21
Checking cache download in /var/cache/lxc/centos/x86_64/7/rootfs ...
Cache found. Updating...
warning: Failed to read auxiliary vector, /proc not mounted?
warning: Failed to read auxiliary vector, /proc not mounted?
warning: Failed to read auxiliary vector, /proc not mounted?
warning: Failed to read auxiliary vector, /proc not mounted?

The root password is set up as expired and will require it to be changed
at first login, which you should do as soon as possible.  If you lose the
root password or wish to change it without starting the container, you
can change it from the host by running the following command (which will
also reset the expired flag):

       chroot /run/media/hattori/external_HDD/lxc/centos7-cn1/rootfs passwd

[root@f21 templates]#

okay, the container was created, but I saw warning messages.
nnn, what is this?

Googling this errors, it is okay to ignore this.
https://lists.linuxcontainers.org/pipermail/lxc-users/2013-September/005712.html

add the following line so that the container can use the network.
lxc.network.type = veth
lxc.network.link = virbr0
lxc.network.flags = up
lxc.network.name = eth0

start the container.
[root@f21 ~]# lxc-start -n centos7-cn1

nnn, very slow.. can not login..

let’s see the config file.

# grep -v ^# /var/run/media/hattori/external_HDD/lxc/centos7-cn1/config | grep -v ^$
lxc.rootfs = /run/media/hattori/external_HDD/lxc/centos7-cn1/rootfs
lxc.include = /usr/share/lxc/config/centos.common.conf
lxc.arch = x86_64
lxc.utsname = centos7-cn1
lxc.autodev = 1
lxc.network.type = veth
lxc.network.link = virbr0
lxc.network.flags = up
lxc.network.name = eth0

I found similar issues

The workaround on this is:

edit  centos.common.conf

from
lxc.cap.drop = mac_admin mac_override setfcap setpcap
lxc.cap.drop = sys_module sys_nice sys_pacct
lxc.cap.drop = sys_rawio sys_time

to
#lxc.cap.drop = mac_admin mac_override setfcap setpcap
#lxc.cap.drop = sys_module sys_nice sys_pacct
#lxc.cap.drop = sys_rawio sys_time

start the container.
okay, I was able to log into that without delay.
[root@f21 ~]# lxc-start -n centos7-cn1
systemd 208 running in system mode. (+PAM +LIBWRAP +AUDIT +SELINUX +IMA +SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ)
Detected virtualization 'lxc'.

Welcome to CentOS Linux 7 (Core)!

Cannot add dependency job for unit display-manager.service, ignoring: Unit display-manager.service failed to load: No such file or directory.
[  OK  ] Reached target Remote File Systems.
[  OK  ] Listening on Delayed Shutdown Socket.
[  OK  ] Listening on /dev/initctl Compatibility Named Pipe.
[  OK  ] Listening on Journal Socket.
        Mounting Debug File System...
        Starting Journal Service...
[  OK  ] Started Journal Service.
        Mounting Configuration File System...
        Starting Create static device nodes in /dev...
[  OK  ] Reached target Encrypted Volumes.
<46>systemd-journald[11]: Vacuuming done, freed 0 bytes
        Mounting POSIX Message Queue File System...
        Mounting Huge Pages File System...
        Mounting FUSE Control File System...
[  OK  ] Reached target Swap.
        Starting Remount Root and Kernel File Systems...
[  OK  ] Created slice Root Slice.
[  OK  ] Created slice User and Session Slice.
[  OK  ] Created slice System Slice.
[  OK  ] Reached target Slices.
[  OK  ] Created slice system-getty.slice.
[  OK  ] Started Create static device nodes in /dev.
[  OK  ] Mounted Debug File System.
[  OK  ] Mounted Configuration File System.
[  OK  ] Mounted POSIX Message Queue File System.
[  OK  ] Mounted FUSE Control File System.
[  OK  ] Mounted Huge Pages File System.
[  OK  ] Started Remount Root and Kernel File Systems.
        Starting Load/Save Random Seed...
        Starting Configure read-only root support...
[  OK  ] Reached target Local File Systems (Pre).
[  OK  ] Started Load/Save Random Seed.
[  OK  ] Started Configure read-only root support.
[  OK  ] Reached target Local File Systems.
        Starting Trigger Flushing of Journal to Persistent Storage...
        Starting Create Volatile Files and Directories...
[  OK  ] Started Create Volatile Files and Directories.
        Starting Update UTMP about System Reboot/Shutdown...
<46>systemd-journald[11]: Received request to flush runtime journal from PID 1
[  OK  ] Started Trigger Flushing of Journal to Persistent Storage.
[  OK  ] Started Update UTMP about System Reboot/Shutdown.
[  OK  ] Reached target System Initialization.
[  OK  ] Reached target Timers.
[  OK  ] Reached target Paths.
[  OK  ] Listening on D-Bus System Message Bus Socket.
[  OK  ] Reached target Sockets.
[  OK  ] Reached target Basic System.
        Starting LSB: Bring up/down networking...
        Starting System Logging Service...
        Starting Permit User Sessions...
        Starting Login Service...
        Starting D-Bus System Message Bus...
[  OK  ] Started D-Bus System Message Bus.
        Starting Dump dmesg to /var/log/dmesg...
        Starting Cleanup of Temporary Directories...
[  OK  ] Started Permit User Sessions.
        Starting Console Getty...
[  OK  ] Started Console Getty.
[  OK  ] Reached target Login Prompts.
[  OK  ] Started Dump dmesg to /var/log/dmesg.
[  OK  ] Started Login Service.
[  OK  ] Started System Logging Service.
[  OK  ] Started Cleanup of Temporary Directories.

CentOS Linux 7 (Core)
Kernel 3.17.8-300.fc21.x86_64 on an x86_64

centos7-cn1 login: root
Password:
Last login: Sat Jan 17 02:43:56 on console
[root@centos7-cn1 ~]# ip add show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
   inet 127.0.0.1/8 scope host lo
      valid_lft forever preferred_lft forever
   inet6 ::1/128 scope host
      valid_lft forever preferred_lft forever
12: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
   link/ether f2:26:16:ad:ba:23 brd ff:ff:ff:ff:ff:ff
   inet 192.168.122.78/24 brd 192.168.122.255 scope global dynamic eth0
      valid_lft 3599sec preferred_lft 3599sec
   inet6 fe80::f026:16ff:fead:ba23/64 scope link
      valid_lft forever preferred_lft forever

Here are config files.
# grep -v ^# /var/run/media/hattori/external_HDD/lxc/centos7-cn1/config | grep -v ^$
lxc.rootfs = /run/media/hattori/external_HDD/lxc/centos7-cn1/rootfs
lxc.include = /usr/share/lxc/config/centos.common.conf
lxc.arch = x86_64
lxc.utsname = centos7-cn1
lxc.autodev = 1
lxc.network.type = veth
lxc.network.link = virbr0
lxc.network.flags = up
lxc.network.name = eth0

# grep -v ^# /usr/share/lxc/config/centos.common.conf | grep -v ^$
lxc.devttydir = lxc
lxc.tty = 4
lxc.pts = 1024
lxc.mount.auto = proc:mixed sys:ro
lxc.hook.clone = /usr/share/lxc/hooks/clonehostname
lxc.cgroup.devices.deny = a
lxc.cgroup.devices.allow = c *:* m
lxc.cgroup.devices.allow = b *:* m
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
lxc.cgroup.devices.allow = c 1:7 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
lxc.seccomp = /usr/share/lxc/config/common.seccomp