15 - 12 - 2017

LXC Login issue via serial

If you are using opensuse 13.1 as the LXC guest you probably will meet the issue with login to it via virsh console. But its only when you are running the geust via libvirt. I had no issue with login via lxc-console when using native lxc tools.

The output of the issue looks like this:

└──> ~ $ >> /usr/bin/virsh -c lxc:/// console _LAB_COMPILER
Connected to domain _LAB_COMPILER
Escape character is ^]
Welcome to op
Welcome to openSUSE 13.1 "Bottle" - Kernel 3.11.10-7-desktop (console).

_LAB_COMPILER login: enSUSE 13.1 "Bottle" - Kernel 3.11.10-7-desktop (tty1).
_LAB_COMPILER login:
Welcome to openSUSE 13.1 "Bottle" - Kernel 3.11.10-7-desktop (console).

_LAB_COMPILER login: tomz
Password: Password: Password:

Welcome to openSUSE 13.1 "Bottle" - Kernel 3.11.10-7-desktop (console).

_LAB_COMPILER login:

Welcome to openSUSE 13.1 "Bottle" - Kernel 3.11.10-7-desktop (tty1).

_LAB_COMPILER login:

Welcome to openSUSE 13.1 "Bottle" - Kernel 3.11.10-7-desktop (console).

_LAB_COMPILER login:
 
From the output we can see two things:
  • The login switches between console and tty1
  • It ask three times for password and still can't login (password was 100% correct)
To fix this just follow steps below.
 

Change the pam.d settings for login and sshd(optional), you need to hash the line "session required pam_loginuuid.so". It has to be for pam.d of the LXC machine itself !! Mount the LVM volume or just edit the file under rootfs directory.

_LAB_COMPILER:/etc/pam.d # grep -Ir '#sess' ./
./login:#session  required      pam_loginuid.so
./sshd:#session  required       pam_loginuid.so

Add Second serial controler for Libvirt's Virtual machine

└──> ~ $ >> virsh -c lxc:/// edit _LAB_COMPILER
      </virtualport>
    </interface>
    <console type='pty'>
      <target type='serial' port='0'/>
    </console>
    <console type='pty'>
      <target type='lxc' port='1'/>
    </console>
  </devices>
After applying the configuration in italic bold, but remember to save the configuration. 
 
Now you need to restart the machine and login into it!
 
└──> ~ $ >> virsh -c lxc:/// edit _LAB_COMPILER
Domain _LAB_COMPILER XML configuration edited.

└──> ~ $ >> virsh -c lxc:/// destroy _LAB_COMPILER
Domain _LAB_COMPILER destroyed

└──> ~ $ >> virsh -c lxc:/// start _LAB_COMPILER
Domain _LAB_COMPILER started

└──> pam.d $ >> /usr/bin/virsh -c lxc:/// console _LAB_COMPILER --devname console1
Connected to domain _LAB_COMPILER

Escape character is ^]
Welcome to openSUSE 13.1 "Bottle" - Kernel 3.11.10-7-desktop (tty2).

_LAB_COMPILER login: tomz
Password:
Last login: Fri Apr  4 15:01:12 on pts/0
Have a lot of fun...

If you want to ommit the first step especially for pam.d/login you will meet following warning/issue:

└──> ~ $ >> /usr/bin/virsh -c lxc:/// console _LAB_COMPILER --devname console1
Connected to domain _LAB_COMPILER
Escape character is ^]

Welcome to openSUSE 13.1 "Bottle" - Kernel 3.11.10-7-desktop (tty2).

_LAB_COMPILER login: tomz
Password:
Cannot make/remove an entry for the specified session
 
Login Form