4,165 瀏覽數

Ubuntu – LXC (Linux Containers)

LXC (Linux Containers) 是一種作業系統層的虛擬化技術 (Operating system–level virtualization),也就是 LXC 不需要 Hypervisor 這一軟體層.聽起來很模糊,先來用用看吧!!

測試環境為 Ubuntu14.04 ,安裝完 lxc 套件確定一下狀態就可以直接用了.

root@ubuntu:~# apt-get install lxc
root@ubuntu:~# lxc-checkconfig
Kernel configuration not found at /proc/config.gz; searching...
Kernel configuration found at /boot/config-3.16.0-77-generic
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled
Multiple /dev/pts instances: enabled
....

LXC 支援的作業系統

LXC 的虛擬化並不像是 VMware , VirtualBox 透過 Hypervisor 產生一個虛擬的硬體出來,有 Hypervisor 這種虛擬化的好處就是連不同平台的作業系統都可以模擬出來,如 Linux 下的環境可以虛擬出 Windows . 但缺點就是太耗系統資源. 關於 LXC 虛擬化可以參考 http://benjr.tw/95955
但其實使用 Linux 的使用者並沒有太大使用 Windows 的需求.也因此 LXC 這一類的虛擬化就開始大量被應用了,這一類對於虛擬出來的系統叫做 Containers (非虛擬機之類的),因為與主系統共用資源,所以大概能虛擬的作業系統也就是跟 Linux 相關的.在 Ubuntu 下可以檢查檔案 /usr/share/lxc/templates 所列出支援的作業系統有哪一些.

root@ubuntu:~# ll /usr/share/lxc/templates
total 348
drwxr-xr-x 2 root root  4096 Oct 25 01:45 ./
drwxr-xr-x 6 root root  4096 Oct 25 01:45 ../
-rwxr-xr-x 1 root root 10557 Nov 18  2015 lxc-alpine*
-rwxr-xr-x 1 root root 13534 Nov 18  2015 lxc-altlinux*
-rwxr-xr-x 1 root root 10556 Nov 18  2015 lxc-archlinux*
-rwxr-xr-x 1 root root  9878 Nov 18  2015 lxc-busybox*
-rwxr-xr-x 1 root root 29149 Nov 18  2015 lxc-centos*
-rwxr-xr-x 1 root root 10486 Nov 18  2015 lxc-cirros*
-rwxr-xr-x 1 root root 17354 Nov 18  2015 lxc-debian*
-rwxr-xr-x 1 root root 17757 Nov 18  2015 lxc-download*
-rwxr-xr-x 1 root root 49319 Nov 18  2015 lxc-fedora*
-rwxr-xr-x 1 root root 28253 Nov 18  2015 lxc-gentoo*
-rwxr-xr-x 1 root root 13962 Nov 18  2015 lxc-openmandriva*
-rwxr-xr-x 1 root root 14046 Nov 18  2015 lxc-opensuse*
-rwxr-xr-x 1 root root 35540 Nov 18  2015 lxc-oracle*
-rwxr-xr-x 1 root root 11868 Nov 18  2015 lxc-plamo*
-rwxr-xr-x 1 root root  6851 Nov 18  2015 lxc-sshd*
-rwxr-xr-x 1 root root 23494 Nov 18  2015 lxc-ubuntu*
-rwxr-xr-x 1 root root 11349 Nov 18  2015 lxc-ubuntu-cloud*

新增 Container

來試試看新增一個新的 Container (Ubuntu)

root@ubuntu:~# lxc-create -n ubuntu-1 -t ubuntu
Checking cache download in /var/cache/lxc/trusty/rootfs-i386 ... 
Installing packages in template: ssh,vim,language-pack-en
Downloading ubuntu trusty minimal ...
I: Retrieving Release 
I: Retrieving Release.gpg 
I: Checking Release signature
I: Valid Release signature (key id 790BC7277767219C42C86F933B4FE6ACC0B21F32)
I: Retrieving Packages 
I: Validating Packages 
I: Retrieving Packages 
I: Validating Packages 
I: Resolving dependencies of required packages...
I: Resolving dependencies of base packages...
I: Found additional base dependencies: language-pack-en-base libck-connector0 libedit2 libgpm2 libgssapi-krb5-2 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libpython2.7 libpython2.7-minimal libpython2.7-stdlib libwrap0 openssh-client openssh-server openssh-sftp-server vim-runtime 
I: Checking component main on http://archive.ubuntu.com/ubuntu...
I: Retrieving adduser 3.113+nmu3ubuntu3
I: Validating adduser 3.113+nmu3ubuntu3
I: Retrieving apt 1.0.1ubuntu2
I: Validating apt 1.0.1ubuntu2
....


##
# The default user is 'ubuntu' with password 'ubuntu'!
# Use the 'sudo' command to run tasks as root in the container.
##
  • -t template
    哪一些 template 可以用,就是剛剛有提到的檔案 /usr/share/lxc/templates 所列出是有支援的作業系統.
  • -n, –name=NAME
    幫這一個 Container 取一個名稱.

第一次會很花時間在下載所需的檔案,第二次會直接檢查 /var/cache/lxc/trusty/rootfs-i386/ 直接取用.Ubuntu Container ( ubuntu-1 ) 已經建立好了,安裝的最後面有提示使用者名稱與密碼皆為 ubuntu .

root@ubuntu:~# lxc-create -n ubuntu-2 -t ubuntu
Checking cache download in /var/cache/lxc/trusty/rootfs-i386 ... 
Copy /var/cache/lxc/trusty/rootfs-i386 to /var/lib/lxc/ubuntu-2/rootfs ... 
Copying rootfs to /var/lib/lxc/ubuntu-2/rootfs ...
Generating locales...
  en_US.UTF-8... up-to-date
Generation complete.
Creating SSH2 RSA key; this may take some time ...
Creating SSH2 DSA key; this may take some time ...
Creating SSH2 ECDSA key; this may take some time ...
Creating SSH2 ED25519 key; this may take some time ...
update-rc.d: warning: default stop runlevel arguments (0 1 6) do not match ssh Default-Stop values (none)
invoke-rc.d: policy-rc.d denied execution of start.

Current default time zone: 'America/Los_Angeles'
Local time is now:      Wed Oct 26 01:11:17 PDT 2016.
Universal Time is now:  Wed Oct 26 08:11:17 UTC 2016.


##
# The default user is 'ubuntu' with password 'ubuntu'!
# Use the 'sudo' command to run tasks as root in the container.
##

恩!那我們建立了哪一些 Container 呢!可以透過 tree 指令.

root@ubuntu:~# tree -L 2 /var/lib/lxc/
/var/lib/lxc/
├── ubuntu-1
│   ├── config
│   ├── fstab
│   └── rootfs
└── ubuntu-2
    ├── config
    ├── fstab
    └── rootfs

4 directories, 4 files

tree – list contents of directories in a tree-like format.

  • -L level
    Max display depth of the directory tree.

限制 Container 資源

剛剛建立 container 發生得太快,沒有像是 vmware , virtualbox 那樣要設定 CPU ,記憶體 , 儲存空間 多大 ,網路…
透過 tree -L 2 /var/lib/lxc/ 有看到 config container 的設定檔的位置,來看一下.

root@ubuntu:~# cat /var/lib/lxc/ubuntu-1/config 
# Template used to create this container: /usr/share/lxc/templates/lxc-ubuntu
# Parameters passed to the template:
# For additional config options, please look at lxc.container.conf(5)

# Common configuration
lxc.include = /usr/share/lxc/config/ubuntu.common.conf

# Container specific configuration
lxc.rootfs = /var/lib/lxc/ubuntu-1/rootfs
lxc.mount = /var/lib/lxc/ubuntu-1/fstab
lxc.utsname = ubuntu-1
lxc.arch = i686

# Network configuration
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = lxcbr0
lxc.network.hwaddr = 00:16:3e:56:98:f9

Container 跟主系統共用資源,我們還是可以透過設定檔以及 lxc-cgroup (manage the control group associated with a container) 來限制 Container 的 CPU ,記憶體 ,儲存空間 以及網路.
CPU
cpuset.cpus 使用的核心, cpu.shares ??

root@ubuntu:~# lxc-cgroup -n ubuntu-1 cpuset.cpus
0-3
root@ubuntu:~# lxc-cgroup -n ubuntu-1 cpu.shares
1024

Memory

root@ubuntu:~# lxc-cgroup -n ubuntu-1 memory.limit_in_bytes
18446744073709551615
root@ubuntu:~# lxc-cgroup -n ubuntu-1 memory.limit_in_bytes 256M
root@ubuntu:~# lxc-cgroup -n ubuntu-1 memory.limit_in_bytes 
268435456

或是寫到 Container 的設定檔 /var/lib/lxc/ubuntu-1/config

lxc.cgroup.memory.limit_in_bytes = 256M

其他哪一些可以做限制需要參考 LXC 網站說明. https://linuxcontainers.org/lxc/manpages/man5/lxc.container.conf.5.html

啟動 container 並登入

root@ubuntu:~# lxc-start -n ubuntu-1
root@ubuntu:~# lxc-start -n ubuntu-1 
<4>init: plymouth-upstart-bridge main process (5) terminated with status 1
<4>init: plymouth-upstart-bridge main process ended, respawning
<4>init: hwclock main process (7) terminated with status 77
<4>init: ureadahead main process (8) terminated with status 5
<4>init: plymouth-upstart-bridge main process (15) terminated with status 1
<4>init: plymouth-upstart-bridge main process ended, respawning
 * Starting Mount filesystems on boot   ...done.
 * Stopping Send an event to indicate plymouth is up   ...done.
 * Starting Signal sysvinit that the rootfs is mounted   ...done.
....

Ubuntu 14.04.5 LTS ubuntu-1 console

ubuntu-1 login: <4>init: setvtrgb main process (426) terminated with status 1
<4>init: plymouth-upstart-bridge main process ended, respawning


Ubuntu 14.04.5 LTS ubuntu-1 console

ubuntu-1 login: 

啟動 container

root@ubuntu:~# lxc-start -n ubuntu-1 -d

事後要登入 container

root@ubuntu:~# lxc-console -n ubuntu-1

container 關機

直接在 Container 裡面下指令關閉 或是透過 #lxc-stop

ubuntu@ubuntu-1:~$ sudo shutdown -h now
[sudo] password for ubuntu:
root@ubuntu:~# lxc-stop -n ubuntu-1

其他指令

複製 (clone) Container

該 Container 需處於關機狀態才能進行複製.

root@ubuntu:~# lxc-clone -o ubuntu-1 -n ubuntu-clone
lxc_container: lxccontainer.c: lxcapi_clone: 2635 error: Original container (ubuntu-1) is running
clone failed
root@ubuntu:~# lxc-clone -o ubuntu-1 -n ubuntu-clone
Created container ubuntu-clone as copy of ubuntu-1
root@ubuntu:~# tree -L 2 /var/lib/lxc/
/var/lib/lxc/
├── ubuntu-1
│   ├── config
│   ├── fstab
│   └── rootfs
├── ubuntu-2
│   ├── config
│   ├── fstab
│   └── rootfs
└── ubuntu-clone
    ├── config
    ├── fstab
    └── rootfs

6 directories, 6 files

刪除 (destroy) Container

root@ubuntu:~# lxc-destroy -n ubuntu-clone
root@ubuntu:~# tree -L 2 /var/lib/lxc/
/var/lib/lxc/
├── ubuntu-1
│   ├── config
│   ├── fstab
│   └── rootfs
└── ubuntu-2
    ├── config
    ├── fstab
    └── rootfs

4 directories, 4 files

2 Replies to “Ubuntu – LXC (Linux Containers)”

  1. 自動參照通知: LXC – Network – Benjr.tw

  2. 自動參照通知: LXC (Linux Containers) – Benjr.tw

發表迴響