LXC (Linux Containers) 是一種作業系統層的虛擬化技術 (Operating system–level virtualization),也就是 LXC 不需要 Hypervisor 這一軟體層.聽起來很模糊,先來用用看吧!!
測試環境為 Ubuntu14.04 ,安裝完 lxc 套件確定一下狀態就可以直接用了.
root@ubuntu:~# apt-get install lxc root@ubuntu:~# lxc-checkconfig Kernel configuration not found at /proc/config.gz; searching... Kernel configuration found at /boot/config-3.16.0-77-generic --- Namespaces --- Namespaces: enabled Utsname namespace: enabled Ipc namespace: enabled Pid namespace: enabled User namespace: enabled Network namespace: enabled Multiple /dev/pts instances: enabled ....
LXC 支援的作業系統
LXC 的虛擬化並不像是 VMware , VirtualBox 透過 Hypervisor 產生一個虛擬的硬體出來,有 Hypervisor 這種虛擬化的好處就是連不同平台的作業系統都可以模擬出來,如 Linux 下的環境可以虛擬出 Windows . 但缺點就是太耗系統資源. 關於 LXC 虛擬化可以參考 https://benjr.tw/95955
但其實使用 Linux 的使用者並沒有太大使用 Windows 的需求.也因此 LXC 這一類的虛擬化就開始大量被應用了,這一類對於虛擬出來的系統叫做 Containers (非虛擬機之類的),因為與主系統共用資源,所以大概能虛擬的作業系統也就是跟 Linux 相關的.在 Ubuntu 下可以檢查檔案 /usr/share/lxc/templates 所列出支援的作業系統有哪一些.
root@ubuntu:~# ll /usr/share/lxc/templates total 348 drwxr-xr-x 2 root root 4096 Oct 25 01:45 ./ drwxr-xr-x 6 root root 4096 Oct 25 01:45 ../ -rwxr-xr-x 1 root root 10557 Nov 18 2015 lxc-alpine* -rwxr-xr-x 1 root root 13534 Nov 18 2015 lxc-altlinux* -rwxr-xr-x 1 root root 10556 Nov 18 2015 lxc-archlinux* -rwxr-xr-x 1 root root 9878 Nov 18 2015 lxc-busybox* -rwxr-xr-x 1 root root 29149 Nov 18 2015 lxc-centos* -rwxr-xr-x 1 root root 10486 Nov 18 2015 lxc-cirros* -rwxr-xr-x 1 root root 17354 Nov 18 2015 lxc-debian* -rwxr-xr-x 1 root root 17757 Nov 18 2015 lxc-download* -rwxr-xr-x 1 root root 49319 Nov 18 2015 lxc-fedora* -rwxr-xr-x 1 root root 28253 Nov 18 2015 lxc-gentoo* -rwxr-xr-x 1 root root 13962 Nov 18 2015 lxc-openmandriva* -rwxr-xr-x 1 root root 14046 Nov 18 2015 lxc-opensuse* -rwxr-xr-x 1 root root 35540 Nov 18 2015 lxc-oracle* -rwxr-xr-x 1 root root 11868 Nov 18 2015 lxc-plamo* -rwxr-xr-x 1 root root 6851 Nov 18 2015 lxc-sshd* -rwxr-xr-x 1 root root 23494 Nov 18 2015 lxc-ubuntu* -rwxr-xr-x 1 root root 11349 Nov 18 2015 lxc-ubuntu-cloud*
新增 Container
來試試看新增一個新的 Container (Ubuntu)
root@ubuntu:~# lxc-create -n ubuntu-1 -t ubuntu Checking cache download in /var/cache/lxc/trusty/rootfs-i386 ... Installing packages in template: ssh,vim,language-pack-en Downloading ubuntu trusty minimal ... I: Retrieving Release I: Retrieving Release.gpg I: Checking Release signature I: Valid Release signature (key id 790BC7277767219C42C86F933B4FE6ACC0B21F32) I: Retrieving Packages I: Validating Packages I: Retrieving Packages I: Validating Packages I: Resolving dependencies of required packages... I: Resolving dependencies of base packages... I: Found additional base dependencies: language-pack-en-base libck-connector0 libedit2 libgpm2 libgssapi-krb5-2 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libpython2.7 libpython2.7-minimal libpython2.7-stdlib libwrap0 openssh-client openssh-server openssh-sftp-server vim-runtime I: Checking component main on http://archive.ubuntu.com/ubuntu... I: Retrieving adduser 3.113+nmu3ubuntu3 I: Validating adduser 3.113+nmu3ubuntu3 I: Retrieving apt 1.0.1ubuntu2 I: Validating apt 1.0.1ubuntu2 .... ## # The default user is 'ubuntu' with password 'ubuntu'! # Use the 'sudo' command to run tasks as root in the container. ##
- -t template
哪一些 template 可以用,就是剛剛有提到的檔案 /usr/share/lxc/templates 所列出是有支援的作業系統. - -n, –name=NAME
幫這一個 Container 取一個名稱.
第一次會很花時間在下載所需的檔案,第二次會直接檢查 /var/cache/lxc/trusty/rootfs-i386/ 直接取用.Ubuntu Container ( ubuntu-1 ) 已經建立好了,安裝的最後面有提示使用者名稱與密碼皆為 ubuntu .
root@ubuntu:~# lxc-create -n ubuntu-2 -t ubuntu Checking cache download in /var/cache/lxc/trusty/rootfs-i386 ... Copy /var/cache/lxc/trusty/rootfs-i386 to /var/lib/lxc/ubuntu-2/rootfs ... Copying rootfs to /var/lib/lxc/ubuntu-2/rootfs ... Generating locales... en_US.UTF-8... up-to-date Generation complete. Creating SSH2 RSA key; this may take some time ... Creating SSH2 DSA key; this may take some time ... Creating SSH2 ECDSA key; this may take some time ... Creating SSH2 ED25519 key; this may take some time ... update-rc.d: warning: default stop runlevel arguments (0 1 6) do not match ssh Default-Stop values (none) invoke-rc.d: policy-rc.d denied execution of start. Current default time zone: 'America/Los_Angeles' Local time is now: Wed Oct 26 01:11:17 PDT 2016. Universal Time is now: Wed Oct 26 08:11:17 UTC 2016. ## # The default user is 'ubuntu' with password 'ubuntu'! # Use the 'sudo' command to run tasks as root in the container. ##
恩!那我們建立了哪一些 Container 呢!可以透過 tree 指令.
root@ubuntu:~# tree -L 2 /var/lib/lxc/
/var/lib/lxc/
├── ubuntu-1
│ ├── config
│ ├── fstab
│ └── rootfs
└── ubuntu-2
├── config
├── fstab
└── rootfs
4 directories, 4 files
tree – list contents of directories in a tree-like format.
- -L level
Max display depth of the directory tree.
限制 Container 資源
剛剛建立 container 發生得太快,沒有像是 vmware , virtualbox 那樣要設定 CPU ,記憶體 , 儲存空間 多大 ,網路…
透過 tree -L 2 /var/lib/lxc/ 有看到 config container 的設定檔的位置,來看一下.
root@ubuntu:~# cat /var/lib/lxc/ubuntu-1/config # Template used to create this container: /usr/share/lxc/templates/lxc-ubuntu # Parameters passed to the template: # For additional config options, please look at lxc.container.conf(5) # Common configuration lxc.include = /usr/share/lxc/config/ubuntu.common.conf # Container specific configuration lxc.rootfs = /var/lib/lxc/ubuntu-1/rootfs lxc.mount = /var/lib/lxc/ubuntu-1/fstab lxc.utsname = ubuntu-1 lxc.arch = i686 # Network configuration lxc.network.type = veth lxc.network.flags = up lxc.network.link = lxcbr0 lxc.network.hwaddr = 00:16:3e:56:98:f9
Container 跟主系統共用資源,我們還是可以透過設定檔以及 lxc-cgroup (manage the control group associated with a container) 來限制 Container 的 CPU ,記憶體 ,儲存空間 以及網路.
CPU
cpuset.cpus 使用的核心, cpu.shares ??
root@ubuntu:~# lxc-cgroup -n ubuntu-1 cpuset.cpus 0-3 root@ubuntu:~# lxc-cgroup -n ubuntu-1 cpu.shares 1024
Memory
root@ubuntu:~# lxc-cgroup -n ubuntu-1 memory.limit_in_bytes 18446744073709551615 root@ubuntu:~# lxc-cgroup -n ubuntu-1 memory.limit_in_bytes 256M root@ubuntu:~# lxc-cgroup -n ubuntu-1 memory.limit_in_bytes 268435456
或是寫到 Container 的設定檔 /var/lib/lxc/ubuntu-1/config
lxc.cgroup.memory.limit_in_bytes = 256M
其他哪一些可以做限制需要參考 LXC 網站說明. https://linuxcontainers.org/lxc/manpages/man5/lxc.container.conf.5.html
啟動 container 並登入
root@ubuntu:~# lxc-start -n ubuntu-1 root@ubuntu:~# lxc-start -n ubuntu-1 <4>init: plymouth-upstart-bridge main process (5) terminated with status 1 <4>init: plymouth-upstart-bridge main process ended, respawning <4>init: hwclock main process (7) terminated with status 77 <4>init: ureadahead main process (8) terminated with status 5 <4>init: plymouth-upstart-bridge main process (15) terminated with status 1 <4>init: plymouth-upstart-bridge main process ended, respawning * Starting Mount filesystems on boot ...done. * Stopping Send an event to indicate plymouth is up ...done. * Starting Signal sysvinit that the rootfs is mounted ...done. .... Ubuntu 14.04.5 LTS ubuntu-1 console ubuntu-1 login: <4>init: setvtrgb main process (426) terminated with status 1 <4>init: plymouth-upstart-bridge main process ended, respawning Ubuntu 14.04.5 LTS ubuntu-1 console ubuntu-1 login:
啟動 container
root@ubuntu:~# lxc-start -n ubuntu-1 -d
事後要登入 container
root@ubuntu:~# lxc-console -n ubuntu-1
container 關機
直接在 Container 裡面下指令關閉 或是透過 #lxc-stop
ubuntu@ubuntu-1:~$ sudo shutdown -h now [sudo] password for ubuntu:
root@ubuntu:~# lxc-stop -n ubuntu-1
其他指令
複製 (clone) Container
該 Container 需處於關機狀態才能進行複製.
root@ubuntu:~# lxc-clone -o ubuntu-1 -n ubuntu-clone
lxc_container: lxccontainer.c: lxcapi_clone: 2635 error: Original container (ubuntu-1) is running
clone failed
root@ubuntu:~# lxc-clone -o ubuntu-1 -n ubuntu-clone
Created container ubuntu-clone as copy of ubuntu-1
root@ubuntu:~# tree -L 2 /var/lib/lxc/
/var/lib/lxc/
├── ubuntu-1
│ ├── config
│ ├── fstab
│ └── rootfs
├── ubuntu-2
│ ├── config
│ ├── fstab
│ └── rootfs
└── ubuntu-clone
├── config
├── fstab
└── rootfs
6 directories, 6 files
刪除 (destroy) Container
root@ubuntu:~# lxc-destroy -n ubuntu-clone
root@ubuntu:~# tree -L 2 /var/lib/lxc/
/var/lib/lxc/
├── ubuntu-1
│ ├── config
│ ├── fstab
│ └── rootfs
└── ubuntu-2
├── config
├── fstab
└── rootfs
4 directories, 4 files
沒有解決問題,試試搜尋本站其他內容
2 thoughts on “Ubuntu – LXC (Linux Containers)”