首頁 » lxc

LXC - Centos 6

由 datahunter 在 四, 29/10/2020 - 12:54 發表

最後更新: 2022-06-09

目錄

  • Installation
  • Setup
  • Build Container
  • 參考

 

Installation

 

yum install lxc lxc-templates libcgroup bridge-utils

/etc/init.d/cgconfig start

lscgroup

cpuset:/
cpu:/
cpuacct:/
memory:/
devices:/
freezer:/
net_cls:/
blkio:/

/etc/init.d/lxc start

chkconfig cgconfig on

chkconfig lxc on

 

Setup

 

  • Bridge
  • Firewall

 

[Bridge]

/etc/sysconfig/network-scripts/ifcfg-lxcbr0

ONBOOT=yes
DEVICE=lxcbr0
TYPE=Bridge
BOOTPROTO="static"
IPADDR=192.168.200.254
NETMASK=255.255.255.0
NETWORK=192.168.200.0
NM_CONTROLLED=no
IPV6INIT="no"
STP=off
DELAY=0

/etc/lxc/default.conf

lxc.network.type = veth
lxc.network.link = lxcbr0
lxc.network.flags = up

[Firewall]

echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf

sysctl -p                                     # Apply

sysctl net.ipv4.ip_forward            # Checking

/etc/sysconfig/iptables

# Wan: eth0, LXC Subnet: 192.168.200.0/24

*filter
:FORWARD DROP [0:0]

# Masquerade
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -i lxcbr0 -o eth0 -s 192.168.200.0/24 -j ACCEPT
COMMIT


*nat
# LXC access Internet
-A POSTROUTING -s 192.168.200.0/24 -o eth0 -j MASQUERADE
COMMIT

service iptables restart

 

Build Container

 

lxc-create -t download -n webmail -- -d centos -r 6 -a i386

/var/lib/lxc/webmail/config

# Distribution configuration
lxc.include = /usr/share/lxc/config/centos.common.conf
lxc.arch = i686

# Container specific configuration
lxc.rootfs = /var/lib/lxc/webmail/rootfs
lxc.utsname = webmail

# Network configuration
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = lxcbr0
lxc.network.veth.pair = webmail

# Auto start
lxc.start.auto = 1
lxc.start.delay = 5

# RAM = 512M
lxc.cgroup.memory.limit_in_bytes = 256M
# RAM + SWAP = 1G
lxc.cgroup.memory.memsw.limit_in_bytes = 1G

# ACL
# Remark
# C6 不可以加 sys_admin 
lxc.cap.drop = sys_time mknod sys_module mac_admin mac_override
lxc.cap.drop = sys_pacct sys_ptrace
lxc.cap.drop = setfcap setpcap

chroot /var/lib/lxc/webmail/rootfs

passwd

echo lxc/console >> /etc/securetty           # for lxc-console

chkconfig sendmail off                             #

/etc/sysconfig/network-scripts/ifcfg-eth0   # for no dnsmasq

DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=192.168.200.21
NETMASK=255.255.255.0
GATEWAY=192.168.200.254
DNS1=8.8.8.8
DNS2=8.8.4.4
HOSTNAME=webmail

 

參考

 

 

 

 

»
  • 瀏覽次數: 658