Linux container-Kernel Lightweight virtualization Technology __linux

Source: Internet
Author: User
Tags virtual environment
LXC is a shorthand for Linux container. The Linux container container is a kernel virtualization technology that provides lightweight virtualization to isolate processes and resources without the need for instruction interpretation mechanisms and other complexities of full virtualization. Equivalent to namespace in C + +. Containers effectively divide resources managed by a single operating system into orphaned groups to better balance conflicting resource usage requirements among orphaned groups. Compared with traditional virtualization technology, it has the advantage of: (1) with the host uses the same kernel, the performance loss is small, (2) does not need the instruction level simulation, (3) does not need the immediate (Just-in-time) compilation, (4) The container may operate the instruction in the CPU core local, does not need any specialized explanation mechanism; (5) Avoid the complexity of quasi virtualization and system call substitution, (6) lightweight isolation, while also providing a sharing mechanism to achieve resource sharing between containers and host hosts. Summary: Linux container is a lightweight virtualization tool. Linux container provides a mechanism to support the simultaneous execution of multiple isolated server container on a single, controllable host node. Linux container is a bit like chroot, providing a virtual environment with its own processes and cyberspace, but unlike a virtual machine, because LXC is a virtualization of resources at the operating system level. edit the implementation of this paragraph LXCThere are lxc this open source project on SourceForge. The LXC project itself is simply a set of tools that provide users with a user space to use and manage LXC containers. The real implementation of LXC is dependent on the characteristics of the Linux kernel, and the LXC project just consolidates it. Container based virtualization technology originates from so-called resource containers and security containers. LXC relies on the cgroups subsystem of the Linux kernel in resource management, the Cgroups subsystem is a framework for resource management based on process groups provided by the Linux kernel that can qualify resources for specific process groups. LXC relies on the namespace features of the Linux kernel in isolation control, specifically by adding the corresponding flag (newns newpid, etc.) to the clone. LXC Common commands use: lxc-versionUse to display the version number of the system LXC (this command can be used to determine if the system has LXC installed): Lxc-version For example: lxc-version Lxc-checkconfigUsed to determine if the Linux kernel supports LXC usage: Lxc-checkconfig For example: Lxc-checkconfig lxc-createUsed to create a container usage: lxc-create-n name [f Config_file]-n followed by the name of the container to be created for example:-n foo-f following the path to the container configuration file: 1. Containers created by Lxc-create are not sold after they are stopped Destroyed, to use the Lxc-destroy order to destroy 2. Container command space is global, containers with duplicate names are not allowed in the system, and if-n is followed by an existing container name, the creation fails for example: Lxc-create--n foo--f foo.conf Lxc-executeUsed to perform application usage in a container: Lxc-execute-n name [f Config_file] [-S Key=val]command-n followed by the container name (container name used to manage containers) For example:-n foo-f followed by the container configuration file Path (if there is no configuration file, you can specify the configuration option directly with-s, if nothing, the system takes the default policy) for example:-F foo.conf-s followed by the configuration key value pair For example: lxc.cgroup.cpu.shares=512 command for commands to execute For example:/bin/bash This command will Mount/proc and will automatically create/destroy the container. Note: 1. If the container does not exist, Lxc-execute will automatically create one, and the container will be automatically destroyed after it stops running 2. Start the application with Lxc-execute, and the configuration priority is as follows: If the-f option is specified, Then the configuration file that created the container (if the container is already present) will not be used if you specify the-S option, the configuration key value pairs on the command line overwrite the same configuration file (either before or-f), for example: Lxc-execute--n foo--s Lxc.cgroup.cpu.shares=512/bin/bash Use the actual example: Lxc-execute-n Test/bin/bash This will start a lxc and give a similar CMD window, the network is shared with the operating system, It's just like creating a namespace. If-f is not specified, the default quarantine is used, and this command is required to run the program quickly in an isolated environment. In the physical machine and container will run Lxc-init, on the host, the program used to forward the Lxc-kill signal to the program has been started, in container, the program's PID 1, it will fork to execute the command (PID 2) and execute. Lxc-startUsed to execute a given command usage in a container: lxc-start-n name [-F config_file] [-C Console_file] [-d] [-s key=val] [command]-D the container as daemon execution-F followed by the configuration file -c Specifies a file as the output of the container console, and if not specified, outputs to terminal-s specifies the configuration if no command is specified, Lxc-start will run/sbin/init for example: Lxc-start-n foo-f foo.conf-d/bin/b Ash Note: 1. If the container does not exist, Lxc-start will automatically create one, and the container will be automatically destroyed after it has stopped running 2.lxc-start configuration priority and lxc-execute the same 3.lxc-start and lxc.execute similarities and differences: Both Lxc-start and Lxc-execute can start a process in a container, the difference being that the lxc-start creates the process directly, Lxc-execute creates the lxc-init process, and then lxc-init a process in fork to execute it. (On the 4th, Lxc-init is occupied by a position of what.) The orphan process group and Daemon are not supported by this command to use the Lxc-execute command instead If no command is specified, Lxc-start'll use the default '/sbin/init ' command to run a system container. 4.lxc-start used in container startup System,lxc-execute for executing applications in containers Lxc-killSends a signal to the first user process in the container (process with the container internal Process number 2) Usage: lxc-kil-n name signum-n followed by the container name SIGNUM signal (this parameter optional, default Sigkill) For example: Lxc-kill-n foo Lxc-stopUsed to stop all process usage in a container: Lxc-stop-n name-n followed by the name of the container to be stopped, for example: Lxc-stop--n foo Lxc-destroyUsed to destroy container usage: lxc-destroy-n name-n followed by the name of the container to be stopped, for example: Lxc-destroy--n foo Lxc-cgroupUsed to get or adjust parameter usage related to Cgroup: lxc-cgroup-n name Subsystem value-n followed by the container name to be adjusted for example: lxc-cgroup-n foo devices.list lxc-cgroup-n F OO Cpuset.cpus "0,3" Lxc-infoUser gets the state usage of a container: Lxc-info-n name-n followed by the container name for the operation: Lxc-info--n foo Note: The status of the container is: starting RUNNING stopping STOPPED, aborting Lxc-monitorMonitors the transformation of a container state, and when a state of a container changes, this command prints out the state usage of the container on the screen: lxc-monitor-n name for example: Lxc-monitor-n foo Lxc-lsLists all container usages for the current system: Lxc-ls For example: Lxc-ls Lxc-psLists the process usages running in a specific container: Lxc-ps For example: lxc-ps-n foo More command introduction can be obtained from man page again [1]
LXC Study: http://www.cnblogs.com/zhangzhang/archive/2012/05/08/2489589.html

What LXC can do:

You can bind specific CPUs and memory to a container, assign a specific percentage of CPU time, IO time, limit the amount of memory that can be used (including memory and swap space), provide device access control, and provide an independent namespace (network, PID, IPC, MNT, UTS).


T4: Taobao private cloud LXC: T4: Taobao private Cloud
Http://vdisk.weibo.com/s/gNr1m?t=file

T4: Taobao Private Cloud

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.