lxc - debain

最後更新: 2020-10-29

介紹

它是一種 kernel level isolation 技術來, 用來實現 pids, sysv ipc and mount  points 的虛擬化

 


安裝

aptitude install lxc bridge-utils debootstrap

 

設置網絡

auto br0
iface br0 inet dhcp
        bridge_ports eth0
        bridge_fd 0    <--- forward delay
        bridge_maxwait 0
        .................

建立 CGROPUP

mkdir -p /cgroup

修改 /etc/fstab:

cgroup          /cgroup         cgroup  defaults        0       0

# 在 Debian 6 上啟用 memory control

修改 /etc/default/grub

# Enable: cgroup_enable=memory

GRUB_CMDLINE_LINUX="cgroup_enable=memory"

之後執行:

update-grub2

相關功能:

  • CGROUP_MEM_RES_CTLR
  • CGROUP_MEM_RES_CTLR_SWAP(Memory Resource Controller Swap Extension)

 


CGROUP_MEM_RES_CTLR_SWAP

 

功能: limit mem+swap usage per cgroup

作用: avoid exhaustion swap

# Enable: boot option "swapaccount=1"
# Disable: boot option "noswapaccount"
# 2 bytes per entry(4kbyte)

 


自動執行

修改 /etc/default/lxc

RUN=yes

CONF_DIR=/etc/lxc

CONTAINERS=""

檢查一切是否 OK

lxc-checkconfig

--- Namespaces ---
...................
--- Control groups ---
...................
--- Misc ---

最後 reboot

 


建立 VM

 

mkdir -p /var/lib/lxc/vm0

/usr/lib/lxc/templates/lxc-debian -p /var/lib/lxc/vm0/

/usr/bin/lxc-*

Main config file

lxc.utsname = {CONTAINER_NAME}
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0 # Use same bridge device used in your controlling host setup
lxc.network.hwaddr =  {a1:b2:c3:d4:e5:f6} # As appropiate (line only needed if you wish to dhcp later)
lxc.network.ipv4 = {192.168.10.2/24} # (Use 0.0.0.0 if you wish to dhcp later) <-- multiple, one per line
lxc.network.name = eth0 # could likely be whatever you want
lxc.mount = {/path/to/fstab/for/CONTAINER_NAME}
lxc.rootfs = {/path/to/rootfs/of/CONTAINER_NAME}

Container fstab

none {/path/to/rootfs/of/CONTAINER_NAME}/dev/pts devpts defaults 0 0
none {/path/to/rootfs/of/CONTAINER_NAME}/proc    proc   defaults 0 0
none {/path/to/rootfs/of/CONTAINER_NAME}/sys     sysfs  defaults 0 0
none {/path/to/rootfs/of/CONTAINER_NAME}/dev/shm tmpfs  defaults 0 0

you do not want /dev/initctl from the host to be mapped into your container, unless you want your containers to be able to shut down or reboot your controlling host.

udevd will not work in the container.

mkdir -p ${DEV}
mknod -m 666 ${DEV}/null c 1 3
mknod -m 666 ${DEV}/zero c 1 5
mknod -m 666 ${DEV}/random c 1 8
mknod -m 666 ${DEV}/urandom c 1 9
mkdir -m 755 ${DEV}/pts
mkdir -m 1777 ${DEV}/shm
mknod -m 666 ${DEV}/tty c 5 0
mknod -m 600 ${DEV}/console c 5 1
mknod -m 666 ${DEV}/tty0 c 4 0
mknod -m 666 ${DEV}/full c 1 7
mknod -m 600 ${DEV}/initctl p
mknod -m 666 ${DEV}/ptmx c 5 2

lxc-create -f /path/to/{CONTAINER_NAME}/main/config/file   -n {CONTAINER_NAME}

lxc-destroy -n {CONTAINER_NAME}

/etc/conf.d/lxc.conf

CONTAINERS=(CONTAINER_NAME_1 CONTAINER_NAME_2 CONTAINER_NAME3 !CONTAINER_NAME4)

# use the ! prefix to disable starting/stopping a container

/usr/bin/screen -dmS init-CONTAINER_NAME /usr/bin/lxc-start -n CONTAINER_NAME

lxc.conf

lxc.utsname <-- specify the hostname for the container

lxc.network.type
veth
phys
macvlan

lxc.network.ipv4
lxc.network.hwaddr
lxc.network.name
lxc.network.link  <-- real network traffic.

 


Pause

 

lxc-freeze -n foo

lxc-unfreeze -n foo

 


狀況

 

lxc-ls

 

lxc-ps --name foo

 

lxc-info -n foo

 

lxc-monitor -n "foo|bar"

#> lxc-console -n vm0
#vm0> init 0

 


資源分配

 

lxc-cgroup

lxc-cgroup -n <vps> <cgroup-name> <value>

echo <value> > /cgroup/vm0/<cgroup-name>

單位 K, M or G  (byte)

Memory:

Set max memory:

lxc.cgroup.memory.limit_in_bytes = 256M

Set max swap:

lxc.cgroup.memory.memsw.limit_in_bytes = 1G

CPU:

# Per default all values are set to 1024.

lxc.cgroup.cpu.shares = 512

# assign first CPU to this container:

lxc.cgroup.cpuset.cpus = 0

Disk Space:

LVM or image files

 

 

Creative Commons license icon Creative Commons license icon