LXC - Centos 7

最後更新: 2018-04-16

介紹

 

 


Centos7: Epel

 

Install Package

yum install lxc-extra lxc lxc-templates

# lxc-ls is part of the lxc-extra package

yum install bridge-utils

Check & Start

lxc-checkconfig

systemctl start lxc.service

systemctl enable lxc.service

Checking

systemctl status lxc.service

mount | grep cgroup

 


Host System Setting

 

# Enable IP forward 功能

echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf

sysctl -p

# Checking

sysctl net.ipv4.ip_forward

 


Host Bridge For VPS

 

# 查看對應的 Bridge

cat /etc/lxc/default.conf

lxc.network.type = veth
lxc.network.link = virbr0
lxc.network.flags = up

# 建立 Bridge

/etc/sysconfig/network-scripts/ifcfg-virbr0

ONBOOT=yes
DEVICE=virbr0
TYPE=Bridge
BOOTPROTO="static"
IPADDR=192.168.200.254
NETMASK=255.255.255.0
NETWORK=192.168.200.0
NM_CONTROLLED=no
IPV6INIT="no"
STP=off
DELAY=0

service network restart        # Or "ifup virbr0"

# Checking

brctl show

bridge name     bridge id               STP enabled     interfaces
virbr0          8000.000000000000       no

 


Firewall - Masquerade & Port Forward

 

Masquerade

# 把 Bridge 放到另一個 zone

# 新 Interface default 在 public zone
firewall-cmd --zone=public --remove-interface=virbr0 --permanent
firewall-cmd --zone=public --add-interface=ens192 --permanent
firewall-cmd --zone=internal --add-interface=virbr0 --permanent

# firewall-cmd --reload 不可以把 Interface 轉 zone

service firewalld restart

Checking

firewall-cmd --get-active-zone

internal
  interfaces: virbr0
public
  interfaces: ens192

# 設定 masquerade

firewall-cmd --zone=public --add-masquerade --permanent

firewall-cmd --reload

Checking

firewall-cmd --zone=public --query-masquerade

Port Forward

firewall-cmd --zone=public --permanent \
  --add-forward-port=port=2222:proto=tcp:toport=22:toaddr=192.168.200.11

 


LXC Data Storage

 

mkdir /mnt/lxc /mnt/lxc/cache /mnt/lxc/vps

UUID="3fcc2a73-b8cd-4fc9-8d59-0fecdcdd7391"   /mnt/lxc        ext4    noatime 0 0
/mnt/lxc/cache                                /var/cache/lxc  none    bind    0 0
/mnt/lxc/vps                                  /var/lib/lxc    none    bind    0 0

 


VPS Templates (建立 VPS)

 

# templates 的 help

/usr/share/lxc/templates/lxc-centos -h

...
-R,--release      # CentOS release for the new container.
-a,--arch           # Define what arch the container will be [i686,x86_64]

位置

 - Cache - /var/cache/lxc

 - VPS    - /var/lib/lxc

# 建立與 system 一樣的 VPS

lxc-create -n vm01 -t centos

# 建立 Centos 6 i386 的 VPS ( size: 351M) # 這 template 沒有 sshd service

lxc-create -n test-centos6  -t centos -- -a i386 -R 6
 


Config VPS Network

 

/var/lib/lxc/test-centos6/config

lxc.network.flags = up
lxc.network.veth.pair = v-test-centos6-e0
lxc.network.name = eth0
lxc.network.ipv4 = 192.168.200.11/24
lxc.network.ipv4.gateway = 192.168.200.254
# DNS 在這裡設定不了

 


Resource Setting

 

/var/lib/lxc/test-centos6/config

# RAM = 512M
lxc.cgroup.memory.limit_in_bytes = 512M

# RAM + SWAP = 1G
lxc.cgroup.memory.memsw.limit_in_bytes = 1G

 

 


Container hooks environment variables

 

Available to the startup hooks to provide configuration information and assist in the functioning of the hooks

  • LXC_NAME (-n)
  • LXC_CONFIG_FILE (-f)
  • LXC_ROOTFS_PATH (lxc.rootfs)

Call: ${LXC_ROOTFS_MOUNT}

lxc.environment

i.e.

# set SYSLOG_SERVER
lxc.environment = SYSLOG_SERVER=192.0.2.42

# inherit host environment
lxc.environment = PATH

 



Centos7 Template

 

 

sys_admin

# 在 C7 上行 C7, 當沒 sys_admin 後 contrainer 會 start fail

lxc.cap.drop = sys_admin

lxc-start centos7 -F

Failed to mount tmpfs at /dev/shm: Operation not permitted
Failed to mount tmpfs at /run: Operation not permitted
Failed to mount tmpfs at /sys/fs/cgroup: Operation not permitted
Failed to mount cgroup at /sys/fs/cgroup/systemd: No such file or directory
[!!!!!!] Failed to mount API filesystems, freezing.

setfcap

lxc.cap.drop = setfcap

yum update httpd

error: unpacking of archive failed on file /usr/sbin/suexec;62fdabc8: cpio: cap_set_file

 


Centos6 Template

 

# first time start vps

lxc-start -n test-centos6

lxc-start -n test-centos6 -d

# 第一次 login 的 password

/var/lib/lxc/test-centos6/tmp_root_pass

# reset password

chroot /var/lib/lxc/test-centos6/rootfs passwd

lxc-console -n test-centos6

Type <Ctrl+a q> to exit the console, <Ctrl+a Ctrl+a> to enter Ctrl+a itself

# checking

lxc-ls -f


 

Creative Commons license icon Creative Commons license icon