LXC | Записки системного администратора

Записи с меткой ‘LXC’

Установка и настройка LXC на Centos7

Октябрь 25th, 2016

Evgeniy Kamenev

1.Установка LXС и необходимых утилит Установка EPEL-репозитария

# yum -y install epel-release

1	# yum -y install epel-release

Установка LXC

# yum install bridge-utils debootstrap lxc lxc-templates

1	# yum install bridge-utils debootstrap lxc lxc-templates

Проверка наличия и расположения cgroup

# mount -l | grep cgroup

1	# mount -l \| grep cgroup

tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd)
cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpuacct,cpu)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,nosuid,nodev,noexec,relatime,hugetlb)
cgroup on /sys/fs/cgroup/net_cls type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)

tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)

cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd)

cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)

cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpuacct,cpu)

cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)

cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)

cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,nosuid,nodev,noexec,relatime,hugetlb)

cgroup on /sys/fs/cgroup/net_cls type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls)

cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)

cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)

cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)

Проверка параметров LXC/корректность установки LXC

# lxc-checkconfig

1	# lxc-checkconfig

Kernel configuration not found at /proc/config.gz; searching...
Kernel configuration found at /boot/config-3.10.0-327.36.2.el7.x86_64
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled
Multiple /dev/pts instances: enabled

--- Control groups ---
Cgroup: enabled
Cgroup clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: enabled
Macvlan: enabled
Vlan: enabled
Bridges: enabled
Advanced netfilter: enabled
CONFIG_NF_NAT_IPV4: enabled
CONFIG_NF_NAT_IPV6: enabled
CONFIG_IP_NF_TARGET_MASQUERADE: enabled
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled

--- Checkpoint/Restore ---
checkpoint restore: enabled
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: enabled
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: enabled
CONFIG_NETLINK_DIAG: enabled
File capabilities: enabled

Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig

Kernel configuration not found at /proc/config.gz; searching...

Kernel configuration found at /boot/config-3.10.0-327.36.2.el7.x86_64

--- Namespaces ---

Namespaces: enabled

Utsname namespace: enabled

Ipc namespace: enabled

Pid namespace: enabled

User namespace: enabled

Network namespace: enabled

Multiple /dev/pts instances: enabled

--- Control groups ---

Cgroup: enabled

Cgroup clone_children flag: enabled

Cgroup device: enabled

Cgroup sched: enabled

Cgroup cpu account: enabled

Cgroup memory controller: enabled

Cgroup cpuset: enabled

--- Misc ---

Veth pair device: enabled

Macvlan: enabled

Vlan: enabled

Bridges: enabled

Advanced netfilter: enabled

CONFIG_NF_NAT_IPV4: enabled

CONFIG_NF_NAT_IPV6: enabled

CONFIG_IP_NF_TARGET_MASQUERADE: enabled

CONFIG_IP6_NF_TARGET_MASQUERADE: enabled

CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled

--- Checkpoint/Restore ---

checkpoint restore: enabled

CONFIG_FHANDLE: enabled

CONFIG_EVENTFD: enabled

CONFIG_EPOLL: enabled

CONFIG_UNIX_DIAG: enabled

CONFIG_INET_DIAG: enabled

CONFIG_PACKET_DIAG: enabled

CONFIG_NETLINK_DIAG: enabled

File capabilities: enabled

Note : Before booting a new kernel, you can check its configuration

usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig

Просмотр шаблонов, которые могут быть использованы при создании новых контейнеров для различных дистрибутивов и их разновидностей

# rpm -ql lxc-templates | grep templates

1	# rpm -ql lxc-templates \| grep templates

/usr/share/lxc/templates/lxc-alpine
/usr/share/lxc/templates/lxc-altlinux
/usr/share/lxc/templates/lxc-archlinux
/usr/share/lxc/templates/lxc-busybox
/usr/share/lxc/templates/lxc-centos
/usr/share/lxc/templates/lxc-cirros
/usr/share/lxc/templates/lxc-debian
/usr/share/lxc/templates/lxc-download
/usr/share/lxc/templates/lxc-fedora
/usr/share/lxc/templates/lxc-gentoo
/usr/share/lxc/templates/lxc-openmandriva
/usr/share/lxc/templates/lxc-opensuse
/usr/share/lxc/templates/lxc-oracle
/usr/share/lxc/templates/lxc-plamo
/usr/share/lxc/templates/lxc-sshd
/usr/share/lxc/templates/lxc-ubuntu
/usr/share/lxc/templates/lxc-ubuntu-cloud

/usr/share/lxc/templates/lxc-alpine

/usr/share/lxc/templates/lxc-altlinux

/usr/share/lxc/templates/lxc-archlinux

/usr/share/lxc/templates/lxc-busybox

/usr/share/lxc/templates/lxc-centos

/usr/share/lxc/templates/lxc-cirros

/usr/share/lxc/templates/lxc-debian

/usr/share/lxc/templates/lxc-download

/usr/share/lxc/templates/lxc-fedora

/usr/share/lxc/templates/lxc-gentoo

/usr/share/lxc/templates/lxc-openmandriva

/usr/share/lxc/templates/lxc-opensuse

/usr/share/lxc/templates/lxc-oracle

/usr/share/lxc/templates/lxc-plamo

/usr/share/lxc/templates/lxc-sshd

/usr/share/lxc/templates/lxc-ubuntu

/usr/share/lxc/templates/lxc-ubuntu-cloud

Запск и проверка состояния LXC

# systemctl start lxc

1	# systemctl start lxc

# systemctl status lxc

1	# systemctl status lxc

● lxc.service - LXC Container Initialization and Autoboot Code
   Loaded: loaded (/usr/lib/systemd/system/lxc.service; disabled; vendor preset: disabled)
   Active: active (exited) since Mon 2016-10-17 22:29:34 EEST; 16s ago
  Process: 1258 ExecStart=/usr/libexec/lxc/lxc-autostart-helper start (code=exited, status=0/SUCCESS)
  Process: 1250 ExecStartPre=/usr/libexec/lxc/lxc-devsetup (code=exited, status=0/SUCCESS)
 Main PID: 1258 (code=exited, status=0/SUCCESS)

Oct 17 22:29:04 centos71.kamaok.org.ua systemd[1]: Starting LXC Container Initialization and Autoboot Code...
Oct 17 22:29:04 centos71.kamaok.org.ua lxc-devsetup[1250]: Creating /dev/.lxc
Oct 17 22:29:04 centos71.kamaok.org.ua lxc-devsetup[1250]: /dev is devtmpfs
Oct 17 22:29:04 centos71.kamaok.org.ua lxc-devsetup[1250]: Creating /dev/.lxc/user
Oct 17 22:29:34 centos71.kamaok.org.ua lxc-autostart-helper[1258]: Starting LXC autoboot containers:  [  OK  ]
Oct 17 22:29:34 centos71.kamaok.org.ua systemd[1]: Started LXC Container Initialization and Autoboot Code.

● lxc.service - LXC Container Initialization and Autoboot Code

Loaded: loaded (/usr/lib/systemd/system/lxc.service; disabled; vendor preset: disabled)

Active: active (exited) since Mon 2016-10-17 22:29:34 EEST; 16s ago

Process: 1258 ExecStart=/usr/libexec/lxc/lxc-autostart-helper start (code=exited, status=0/SUCCESS)

Process: 1250 ExecStartPre=/usr/libexec/lxc/lxc-devsetup (code=exited, status=0/SUCCESS)

Main PID: 1258 (code=exited, status=0/SUCCESS)

Oct 17 22:29:04 centos71.kamaok.org.ua systemd[1]: Starting LXC Container Initialization and Autoboot Code...

Oct 17 22:29:04 centos71.kamaok.org.ua lxc-devsetup[1250]: Creating /dev/.lxc

Oct 17 22:29:04 centos71.kamaok.org.ua lxc-devsetup[1250]: /dev is devtmpfs

Oct 17 22:29:04 centos71.kamaok.org.ua lxc-devsetup[1250]: Creating /dev/.lxc/user

Oct 17 22:29:34 centos71.kamaok.org.ua lxc-autostart-helper[1258]: Starting LXC autoboot containers: [ OK ]

Oct 17 22:29:34 centos71.kamaok.org.ua systemd[1]: Started LXC Container Initialization and Autoboot Code.

Добавление в автозагрузку LXC […]

Опубликовано в рубрике Centos, Virtualization

Метки: container, LXC, virtualization

Комментарии отключены

Установка и настройка LXC на Ubuntu14

Август 21st, 2016

Evgeniy Kamenev

1.Установка LXC

# apt-get install lxc

1	# apt-get install lxc

При установке LXC автоматически установятся необходимые пакеты, такие как

bridge-utils debootstrap cgmanager

1	bridge-utils debootstrap cgmanager

и др. Базовая конфигурация сети, которая применяется к контейнерам при их создании находится в файле /etc/lxc/default.conf Например

# cat /etc/lxc/default.conf

1	# cat /etc/lxc/default.conf

lxc.network.type = veth
lxc.network.link = lxcbr0
lxc.network.flags = up
lxc.network.hwaddr = 00:16:3e:xx:xx:xx

lxc.network.type = veth

lxc.network.link = lxcbr0

lxc.network.flags = up

lxc.network.hwaddr = 00:16:3e:xx:xx:xx

После установки LXC на хосте автоматически поднимается интерфейс типа Bridge lxcbr0 Когда USE_LXC_BRIDGE установлена в true в файле /etc/default/lxc (как устанавливается по умолчанию), […]

Опубликовано в рубрике Debian/Ubuntu, Virtualization

Метки: container, LXC, virtualization

Комментарии отключены

Установка и настройка LXC на Debian8

Июль 26th, 2016

Evgeniy Kamenev

1.Установка LXС и необходимых утилит

# apt-get install lxc bridge-utils libvirt-bin debootstrap

1	# apt-get install lxc bridge-utils libvirt-bin debootstrap

Проверка наличия и расположения cgroup( в Debian/Ubuntu cgroup уже смонтирована)

# mount -l | grep cgroup

1	# mount -l \| grep cgroup

tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)

tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)

cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd)

cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)

cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)

cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)

cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)

cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio)

cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)

cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)

В данном случае cgroup расположен в /sys/fs Если cgroup не смонтирован,то монтируем вручную

# nano /etc/fstab

1	# nano /etc/fstab

cgroup  /sys/fs/cgroup  cgroup  defaults  0   0

1	cgroup /sys/fs/cgroup cgroup defaults 0 0

# mount -a

1	# mount -a

Проверка поддержки разделения виртуальной памяти

# mount -l | grep cgroup | grep memory

1	# mount -l \| grep cgroup \| grep memory

#

Включение поддержки разделения виртуальной памяти

# nano /etc/default/grub

1	# nano /etc/default/grub

GRUB_CMDLINE_LINUX_DEFAULT="quiet cgroup_enable=memory swapaccount=1"

1	GRUB_CMDLINE_LINUX_DEFAULT="quiet cgroup_enable=memory swapaccount=1"

Обновление загрузчика и […]

Опубликовано в рубрике Debian/Ubuntu, Virtualization

Метки: container, LXC, virtualization

Комментарии отключены

Записи с меткой ‘LXC’

Установка и настройка LXC на Centos7

Установка и настройка LXC на Ubuntu14

Установка и настройка LXC на Debian8

Страницы

Свежие записи

Архивы

Рубрики

Админ-панель