最後更新: 2020-10-29
介紹
它是一種 kernel level isolation 技術來, 用來實現 pids, sysv ipc and mount points 的虛擬化
安裝
aptitude install lxc bridge-utils debootstrap
設置網絡
auto br0 iface br0 inet dhcp bridge_ports eth0 bridge_fd 0 <--- forward delay bridge_maxwait 0 .................
建立 CGROPUP
mkdir -p /cgroup
修改 /etc/fstab:
cgroup /cgroup cgroup defaults 0 0
# 在 Debian 6 上啟用 memory control
修改 /etc/default/grub
# Enable: cgroup_enable=memory
GRUB_CMDLINE_LINUX="cgroup_enable=memory"
之後執行:
update-grub2
相關功能:
- CGROUP_MEM_RES_CTLR
- CGROUP_MEM_RES_CTLR_SWAP(Memory Resource Controller Swap Extension)
CGROUP_MEM_RES_CTLR_SWAP
功能: limit mem+swap usage per cgroup
作用: avoid exhaustion swap
# Enable: boot option "swapaccount=1"
# Disable: boot option "noswapaccount"
# 2 bytes per entry(4kbyte)
自動執行
修改 /etc/default/lxc
RUN=yes CONF_DIR=/etc/lxc CONTAINERS=""
檢查一切是否 OK
lxc-checkconfig
--- Namespaces --- ................... --- Control groups --- ................... --- Misc ---
最後 reboot
建立 VM
mkdir -p /var/lib/lxc/vm0
/usr/lib/lxc/templates/lxc-debian -p /var/lib/lxc/vm0/
/usr/bin/lxc-*
Main config file
lxc.utsname = {CONTAINER_NAME} lxc.network.type = veth lxc.network.flags = up lxc.network.link = br0 # Use same bridge device used in your controlling host setup lxc.network.hwaddr = {a1:b2:c3:d4:e5:f6} # As appropiate (line only needed if you wish to dhcp later) lxc.network.ipv4 = {192.168.10.2/24} # (Use 0.0.0.0 if you wish to dhcp later) <-- multiple, one per line lxc.network.name = eth0 # could likely be whatever you want lxc.mount = {/path/to/fstab/for/CONTAINER_NAME} lxc.rootfs = {/path/to/rootfs/of/CONTAINER_NAME}
Container fstab
none {/path/to/rootfs/of/CONTAINER_NAME}/dev/pts devpts defaults 0 0 none {/path/to/rootfs/of/CONTAINER_NAME}/proc proc defaults 0 0 none {/path/to/rootfs/of/CONTAINER_NAME}/sys sysfs defaults 0 0 none {/path/to/rootfs/of/CONTAINER_NAME}/dev/shm tmpfs defaults 0 0
you do not want /dev/initctl from the host to be mapped into your container, unless you want your containers to be able to shut down or reboot your controlling host.
udevd will not work in the container.
mkdir -p ${DEV}
mknod -m 666 ${DEV}/null c 1 3
mknod -m 666 ${DEV}/zero c 1 5
mknod -m 666 ${DEV}/random c 1 8
mknod -m 666 ${DEV}/urandom c 1 9
mkdir -m 755 ${DEV}/pts
mkdir -m 1777 ${DEV}/shm
mknod -m 666 ${DEV}/tty c 5 0
mknod -m 600 ${DEV}/console c 5 1
mknod -m 666 ${DEV}/tty0 c 4 0
mknod -m 666 ${DEV}/full c 1 7
mknod -m 600 ${DEV}/initctl p
mknod -m 666 ${DEV}/ptmx c 5 2
lxc-create -f /path/to/{CONTAINER_NAME}/main/config/file -n {CONTAINER_NAME}
lxc-destroy -n {CONTAINER_NAME}
/etc/conf.d/lxc.conf
CONTAINERS=(CONTAINER_NAME_1 CONTAINER_NAME_2 CONTAINER_NAME3 !CONTAINER_NAME4)
# use the ! prefix to disable starting/stopping a container
/usr/bin/screen -dmS init-CONTAINER_NAME /usr/bin/lxc-start -n CONTAINER_NAME
lxc.conf
lxc.utsname <-- specify the hostname for the container
lxc.network.type
veth
phys
macvlan
lxc.network.ipv4
lxc.network.hwaddr
lxc.network.name
lxc.network.link <-- real network traffic.
Pause
lxc-freeze -n foo
lxc-unfreeze -n foo
狀況
lxc-ls
lxc-ps --name foo
lxc-info -n foo
lxc-monitor -n "foo|bar"
#> lxc-console -n vm0 #vm0> init 0
資源分配
lxc-cgroup
lxc-cgroup -n <vps> <cgroup-name> <value>
echo <value> > /cgroup/vm0/<cgroup-name>
單位 K, M or G (byte)
Memory:
Set max memory:
lxc.cgroup.memory.limit_in_bytes = 256M
Set max swap:
lxc.cgroup.memory.memsw.limit_in_bytes = 1G
CPU:
# Per default all values are set to 1024.
lxc.cgroup.cpu.shares = 512
# assign first CPU to this container:
lxc.cgroup.cpuset.cpus = 0
Disk Space:
LVM or image files