Linux container Virtual Technology LXC Concise Manual

LXC container Virtualization

After some tossing, I initially deployed LXC virtual on my work notebook. This is a very lightweight virtual solution, especially suitable for testing environments with limited hardware and a good environment for our system administrator technical training.

For more information, see Introduction to Linux container virtualization technology.

Install

The following installation practices are implemented on the Gentoo x86_64 platform. If the Red Hat system or Debian is used, there should be differences in software installation, but the configuration method should be the same.

 

Install lxc user tools

• Synchronize the portage tree

1	emerge --sync

• Because the currentLXC
  The software package isMasked
  (Not yet mature), so you need to manually remove shielding.

12	echo app-emulation/lxc >> /etc/portage/package.unmaskecho app-emulation/lxc >> /etc/portage/package.keywords

• Install

1	emerge -av lxc

When the compilation and installation are complete, you may see which kernel parameters are not activated.
The complete kernel requirements are as follows:

# namespacesCONFIG_NAMESPACES / "Namespaces"CONFIG_UTS_NS / "Utsname namespace"CONFIG_IPC_NS / "Ipc namespace"CONFIG_PID_NS / "Pid namespace"CONFIG_USER_NS / "User namespace"CONFIG_NET_NS / "Network namespace"DEVPTS_MULTIPLE_INSTANCES / "Multiple /dev/pts instances"# control groupsCONFIG_CGROUPS / "Cgroup"CONFIG_CGROUP_NS / "Cgroup namespace"CONFIG_CGROUP_DEVICE / "Cgroup device"CONFIG_CGROUP_SCHED / "Cgroup sched"CONFIG_CGROUP_CPUACCT / "Cgroup cpu account"CONFIG_CGROUP_MEM_RES_CTLR / "Cgroup memory controller"CONFIG_CPUSETS / "Cgroup cpuset"# miscCONFIG_VETH / "Veth pair device"CONFIG_MACVLAN / "Macvlan"CONFIG_VLAN_8021Q / "Vlan"

Add the preceding configuration to the kernel compilation configuration file to recompile the kernel. Red Hat and Debian are not yet in practice, but release versions usually support these parameters through module mode or pre-compilation, and may not need to be adjusted.

Install the Guest operating system

In the network configuration, the virtual switch of the Virtual Machinebr0
And virtual network carddummy0
In this way, you can run the service as a virtual Intranet without occupying the company's network resources. If you want to provide external services to the virtual machine, bind the actual physical network card as shown in Figureeth0
.

• Set Network

Configuration/etc/conf.d/net

1234	bridge_br0="dummy0"config_dummy0="null"config_br0="10.1.11.1/32 brd 10.1.11.255"routes_br0="10.1.11.0/24 via 10.1.11.1"

Then set the soft connection

12	cd /etc/init.dln -s net.lo net.br0

Start

1	/etc/init.d/net.br0 start

• Allow hosts in the container to access the outside

12	iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADEsysctl -w net.ipv4.ip_forward=1

Cgroup mounting settings

Setcgroup
Mount (reference http://lxc.teegra.net/
)

12	mkdir -p /cgroupmount none -t cgroup /cgroup

For automatic mounting when the system is started/etc/fstab
Add

1	none            /cgroup     cgroup      defaults    0 0

Case Installation

Https://www.granite-mtn.net/xwiki/bin/view/Howto/Linux+Containers
Various cases of guest installation are provided, which are relatively simple and easy to use.
Https://www.ibm.com/developerworks/linux/library/l-lxc-containers/
It is an lxc project initiated by IBM and describes how to build a Debian system.

Install debian Virtual Machine

• Installdebootstrap
  Tools

1	emerge dev-util/debootstrap

• Create a debian container

sid

It is the unstable version code of Debian, but the unstable of Debian is a stable version compared with many other releases. Only Debian Quality

The control requirements are very high. Stable versions often choose "tested" software versions, so they cannot try the latest open-source technology. The unstable version of Debian can be used at the forefront.
Source Technology is stable enough for our daily applications. You can use the stable version for server deployment.

1	mkdir -p /lxc/debian

1	debootstrap sid /lxc/debian http://ftp.us.debian.org/debian/

If you want to create a large number of iner, you can generate a tar package for future installation.

1	debootstrap --make-tarball=sid.packages.tgz sid http://debian.osuosl.org/debian/

• Configuration File/etc/lxc/lxc-debian.conf

1234567891011

# Container with network virtualized using a pre-configured bridge named br0 and# veth pair virtual network deviceslxc.utsname = debianlxc.network.type = vethlxc.network.flags = uplxc.network.link = br0lxc.network.hwaddr = 4a:49:43:49:79:bflxc.network.ipv4 = 10.1.11.2/24lxc.network.name = eth0lxc.mount = /lxc/debian/fstablxc.rootfs = /lxc/debian

• Configure Mount startup/lxc/debian/fstab

123	/dev  /lxc/debian/dev none bind 0 0/dev/pts /lxc/debian/dev/pts  none bind 0 0#/proc/self/fd/0 /lxc/debian/dev/console none bind 0 0

• Create a container

1	lxc-create -n debian -f /etc/lxc/lxc-debian.conf

• Start container

1	lxc-start -n debian

However, there is also a problem in practice: No terminal is available.
I have not solved this problem yet. It should be related to the kernel of my Gentoo host system. This problem also exists in my own VPS system. You still need to find out the cause.

Based on http://lxc.teegra.net/
Description,udev
It cannot work in the lxc virtual container. Reference http://wiki.debian.org/udev
, In Debian,udevd
Service, because of the initialization script/etc/rcS.d/udev
The configuration file is/etc/udev/udev.conf
.

12	cd /lxc/debian/etc/rcS.dls -l S02udev

lrwxrwxrwx 1 root root 14 Sep 12 21:34 S02udev -> ../init.d/udev

Delete the Startup Script

1	rm S02udev

Debian/ubuntu Virtual Machine Installation

Http://sourceforge.net/projects/lxc-provider/
Provides the debian and ubuntu basic container packages. You can download and debug the basic virtual containers of the debian series.

Install the fedora Virtual Machine

Http://people.redhat.com /~ Rjones/febootstrap/
Febootstrap, a tool similar to Debian debootstrap, is provided to generate a virtual machine with the basic installation of fedora. However, there are still some restrictions compared with debootstrap.
According to "About febootstrap", the descriptions are as follows:

• • Febootstrap is a tool used to create a Fedora Startup file system, similar to debootstrap.
    And does not need to run as the root user.
  • Febootstrap provides tools to directly createinitrd.img
    Image (initramfs
    And delete unnecessary files to reduce system space usage.

Dependent software:

• • Fakeroot
  • Fakechroot> = 2.9
  • Yum
  • Perldoc is only used to generate documents
  • Bash
  • Gcc
  • Libext2fs
  • /Sbin/mke2fs is part of e2fsprogs

I am using the Gentto operating system and use the following method to install Dependencies

1	emerge sys-apps/fakeroot sys-apps/fakechroot sys-apps/yum

perldoc
,libext2fs
,mke2fs
It is already available in general Gentoo installation.

123456

wget http://people.redhat.com/ ~rjones/febootstrap/files/febootstrap-2.9.tar.gztar xfz febootstrap-2.9.tar.gzcd febootstrap-2.9./configuremakemake install

• Install the basic system

I installed fedora 13 x86_64

12	mkdir /lxc/fedora-13febootstrap fedora-13 /lxc/fedora-13

The above method for installing fedora is for reference only. I still have problems in practice (python script errors during execution), but the overall idea should be correct and should be resolved in the future.

Virtual machines using vserver as LXC virtual machines

I used to use VServer as a container Virtual Machine. Now, after I transfer to the LXC platform, I want to inherit the VServer virtual machine that has been built previously.
On the Internet, it has been suggested that OpenVZ Virtual Machine (also a container virtual machine technology) can be used as LXC virtual machine, and so on. I believe that VServer virtual machine can also be used to convert to LXC virtual machine.
After some exploration, start by modifyingsysinit
Script to convert VServer virtual machines.

• The init script used by the original VServer is different from the standard Redhat init script./etc/inittab
  Copy the standard init script to the LXC init script first.

12	cd /lxc/centos/etc/rc.dcp rc.sysinit rc.sysinit.lxc

Because udev is not available in the LXC virtual machine, comment out the following section (according to the http://lxc.teegra.net/
Description,udev
It cannot work in the lxc virtual container .)

1234	#nashpid=$(pidof nash 2>/dev/null)#[ -n "$nashpid" ] && kill $nashpid >/dev/null 2>&1#unset nashpid#/sbin/start_udev

• Modify/lxc/centos/etc/inittab
  To direct the startup scriptrc.sysinit.lxc

12	# System initialization.si::sysinit:/etc/rc.d/rc.sysinit.lxc

• Start a VM

1	lxc-start -n centos

Although the terminal is not displayed (this problem remains to be solved later), but ssh has been started, so you can log on to the system remotely through ssh.

Other problems to be solved

• Solve lxc vm unavailabilitydf
  Command

In fact, in the LXC virtual machine, no file system needs to be mounted, and all file systems have been mounted on the Host, the LXC host does not have the permission to mount external devices.
However, in order to be able to be used in guestdf
You can manually generate/etc/mtab
File to reflect the kernel mount. In fact, you can refer to the Host's/etc/mtab
Copy the content you want to see in the guest virtual machine. For example, add

1	echo "rootfs / rootfs rw 0 0" > /etc/mtab

Then, you can usedf
Command to display the disk space.

1

df -h

Filesystem            Size  Used Avail Use% Mounted onrootfs                108G   99G  4.1G  97% /

This command can be stored and executed in the startup script, and other content can be added.

12345

echo "rootfs / rootfs rw 0 0" > /etc/mtabecho "devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0" >> /etc/mtabecho "proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0" >> /etc/mtabecho "sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0" >> /etc/mtabecho "shm /dev/shm tmpfs rw,nosuid,nodev,noexec,relatime 0 0" >> /etc/mtab

1

df -h

Filesystem            Size  Used Avail Use% Mounted onrootfs                108G   99G  4.1G  97% /shm                    10M  172K  9.9M   2% /dev/shm

• Different from VServer, LXC can be used to set routes in the guest virtual machine. Therefore, you can manually set the default gateway in the virtual machine.

12	route add default gw 10.1.11.1netstat -rn

Kernel IP routing tableDestination     Gateway         Genmask         Flags   MSS Window  irtt Iface10.1.11.0       0.0.0.0         255.255.255.0   U         0 0          0 eth00.0.0.0         10.1.11.1       0.0.0.0         UG        0 0          0 eth0

• Different from VServer, LXC can set Kernel Parameters in the guest virtual machine and modifyproc
  The kernel image system is used to install the Oracle database.
  Add the following command in/etc/rc.local
  Medium:

12	echo "2147483648" > /proc/sys/kernel/shmmaxecho "250 32000 100 128" >  /proc/sys/kernel/sem

Copy a VM

• Copycentos
  Virtual Machine

1	(cd /lxc/centos && tar cf - .)|(cd /lxc/oradb1 && tar xfpv -)

• Modify configuration file/lxc/oradb1/fstab
  (Modify path)

123	/dev  /lxc/oradb1/dev none bind 0 0/dev/pts /lxc/oradb1/dev/pts  none bind 0 0#/dev/console /lxc/oradb1/dev/console none bind 0 0

• Copy and create a configuration file/etc/lxc/lxc-oradb1.conf

1	cp /etc/lxc/lxc-centos.conf /etc/lxc/lxc-oradb1.conf

• Modify configuration file/etc/lxc/lxc-oradb1.conf
  (Modify host name and IP address)

12345678910111213

# Container with network virtualized using a pre-configured bridge named br0 and# veth pair virtual network deviceslxc.utsname = oradb1lxc.network.type = vethlxc.network.flags = uplxc.network.link = br0lxc.network.hwaddr = 4a:49:43:49:79:celxc.network.ipv4 = 10.1.11.4/24lxc.network.name = eth0lxc.mount = /lxc/oradb1/fstablxc.rootfs = /lxc/oradb1lxc.tty = 3lxc.pts = 1024

• Create a virtual machine

1	lxc-create -n oradb1 -f /etc/lxc/lxc-oradb1.conf

• Start a VM

1	lxc-start -n oradb1