Linux container hand-crafted

Document directory

• MySQL and other scripts cannot be executed in Ubuntu Virtual Environment

Objectives:

Quickly establish the environment language test Deb package installation/Web application deployment.

See readme for https://github.com/wolf0403/lvmvm

Basic Environment:

Ubuntu natty (11.04) server.

File System:

The rapid deployment of the test environment depends on LVM (logical volume management ). There are no restrictions on how to install the host system. Leave enough hard disks to create a single partition, such as/dev/sda5.

Create this partition as an LVM physical volume

pvcreate /dev/sda5

Create an LVM group on this partition

vgcreate data /dev/sda5

Create logical partitions

lvcreate -n natty /dev/data -L2G

Create a File System

mkfs.ext4 /dev/data/natty
Create and mount a mount point
mkdir /mnt/nattymount /dev/data/natty /mnt/natty
Create a test environment
debootstrap natty /mnt/natty
The completed/mnt/natty is the most basic Ubuntu natty environment (other versions such as oneiric can be specified in debootstrap. Unmount/mnt/natty as a template.
Umount/mnt/natty
Allows you to compress partitions to save disk space: minimizes the number of file systems.
Resize2fs-M/dev/data/natty # It is required that e2fsck-F/dev/data/natty be executed first.
Then, compress the logical volume according to the file system size. $ New_size indicates the size of the file system after the previous operation is executed; leave proper room; otherwise, the file system may be damaged. Or use the-R parameter.
Lvresize-L $ new_size/dev/data/natty
Create a new test environment
Use the snapshot function of LVM to create a test environment:
NEWSIZE=`lvdisplay /dev/data/natty | grep 'Current LE' | egrep -o '[[:digit:]]+'`VOL=snap1lvcreate -s /dev/data/natty -n $VOL -l$NEWSIZEmkdir /mnt/$VOLmount /dev/data/$VOL /mnt/$VOL
Export MP =/mnt/$ voltouch $ MP/chroot. $ vol # Mount -- bind/dev $ MP/dev
mount none $MP/dev/pts -t devpts
mount --bind /proc $MP/proc
mount --bind /sys $MP/syschroot /mnt/$VOL
Network
In this case, the created test environment is shared even though the file system is independent. If you create multiple environments to run network services (such as Web server or FastCGI) at the same time, a port conflict may occur. The solution is to assign an independent network to each environment through veth.
Reference: http://lxc.sourceforge.net/index.php/about/kernel-namespaces/network/configuration/
Strategy:
Open routing and ARP proxy in the host environment
 echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
Create a virtual Nic pair
ip link add type veth
Specify the address of the host that the network adapter is connected. It should not conflict with ethx
ifconfig veth0 192.168.3.101/24 up
Enable ARP forwarding for the virtual Nic
echo 1 > /proc/sys/net/ipv4/conf/veth0/proxy_arp
Specify a route for the Peer of the virtual network card (192.168.3.102 is the IP address used by the virtual environment)
route add -host 192.168.3.102 dev veth0
Start another session and the chroot enters the virtual environment. Use the unshare command to isolate the network space of the host
Unshare-mun chroot/mnt/$ vol
If you run ifconfig, you cannot see the NIC. If you run ifconfig lo0, you can see the loopback Nic, but there is no IP address. Execute in this shell
Echo $
Obtain the PID
Run in the first session (host environment)
ip link set veth1 netns $PID
Route veth1 to the Virtual Environment
In the chroot shell of the virtual environment, ifconfig should be able to see veth1. Specify the veth1 address as the aforementioned (route pointing) IP Address
Ifconfig veth1 192.168.3.102
Test listening in a Virtual Environment
nc -vv -l 10888
Test in host
NC-VV localhost 10888
Failed,
NC-VV 192.168.2.102 10888
Success indicates that the network isolation room is successful.
CPU and memory resources
Test Using cgroups to limit available memory and CPU
Create a group using cgcreate-G memory: name, and then set it in/sys/fs/cgroup/memory/name/memory. limit_in_bytes, for example, Echo 10 m> memory. limit_in_bytes.
Fixme: For (;) malloc (1024*1024) does not measure the corresponding results, memory growth (top virt/RES/SHR) and the actual usage (/sys/fs/cgroup/name/memory. usage_in_bytes) does not match.
In the Ubuntu virtual environment, the system startup script after Ubuntu 8.04 cannot be executed by scripts such as MySQL, and is replaced by upstart by sysvinit. Sysvinit is a set of simple shell scripts. It is relatively simple to create and execute processes independently by/sbin/init. Ubuntu uses an upstart System (http://upstart.ubuntu.com) that relies on swap communication, so the execution of the script depends on the execution of/sbin/init. However, UBUNTU/sbni/init requires that its PID be 1; otherwise, it exits directly. Because the above unshare command can only process networks, systems
Vipc and other namespaces, but the space is still shared and cannot be normally executed in the virtual environment/sbin/init. Solution 1: For services dependent on upstart, manually start (for example, manually execute mysqld) solution 2: use ld_preload to hijack getpid to return 1/sbin/INIT (http://blog.csdn.net/Wolf0403/article/details/389276) force starting Virtual Environment)
#include <sys/types.h>#include <sys/stat.h>#include <fcntl.h>#include <dlfcn.h>#include <stdio.h>#include <stdlib.h>#include <stdarg.h>pid_t getpid (void) {  char *pidstr = getenv ("HJPID");  if (pidstr && pidstr[0] == '1' && pidstr[1] == '\0') {    return (pid_t) 1;  }  void *dlh = dlopen ("libc.so.6", RTLD_LAZY);  if ( !dlh ) {    exit (1);  }  pid_t (* glibc_getpid) ();  glibc_getpid = dlsym ( dlh, "getpid" );  if ( ! glibc_getpid ) {    exit (2);  }  pid_t r = glibc_getpid ();  dlclose ( dlh );  return r;}
Compile
cc -shared -fPIC getpid.c -o libpid.so -ldl
Then, use env ld_preload = libpid. So hjpid = 1 to insert/sbin/init to start/sbin/init, but there is still a problem with MySQL startup. Fixme: currently, successful testing is to execute nginx/PHP-fcgi in the virtual environment. MySQL can execute the script in chroot: https://github.com/wolf0403/lvmvmconcerning PID namespace, Linux clone (2) A new clone_newpid parameter is provided for system calls to isolate the PID namespace. Http://linux.die.net/man/2/clone can try to integrate into unshare (Todo ). Resource upstart/sbin/init pid = 1: http://linux-vserver.org/Upstart_issuesLinux unshare (1) command: http://linux.die.net/man/1/unshare