LinuxContainer - henk52/knowledgesharing GitHub Wiki
summary creating a linux container.
-
SHED_RR
-
http://serverfault.com/questions/444232/limit-memory-and-cpu-with-lxc-execute
-
https://lists.linuxcontainers.org/pipermail/lxc-users/2012-July/003790.html
-
https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt
-
https://www.kernel.org/doc/Documentation/scheduler/sched-rt-group.txt
-
https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt
-
-
https://www.nsnam.org/wiki/HOWTO_Use_Linux_Containers_to_set_up_virtual_networks
-
https://www.stgraber.org/2013/12/20/lxc-1-0-your-first-ubuntu-container/
-
http://www.nsnam.org/wiki/HOWTO_Use_Linux_Containers_to_set_up_virtual_networks
-
http://docs.oracle.com/cd/E37670_01/E37355/html/ol_config_os_containers.html
-
http://fabian-affolter.ch/blog/linux-container-lxc-on-fedora/
-
http://cameroncros.blogspot.com/2013/04/creating-fedora-18-lxc-containers-using.html
-
http://cameroncros.blogspot.com/2013/04/creating-fedora-18-lxc-containers-using.html
-
http://www.slideshare.net/jpetazzo/linux-containers-lxc-docker-and-security
-
http://www.slideshare.net/BodenRussell/realizing-linux-containerslxc
-
Storage
-
Tips
Support commands:
-
repoquery -lq lxc-extra
-
List content of non installed package.
-
-
/var/cache/lxc - Where downloaded images are stored.
-
/usr/share/lxc/templates - The storage directory for the templates.
-
/etc/lxc - Configuration files.
-
/var/lib/lxc - Where the created containers are stored.
The first time 'lxc-create' runs it will download the files to:
-
/var/cache/lxc/fedora
Please note, once the cache has been populated, then it will not be downloaded again.
-
lxc-copy - Copy base to a new container. E.g. lxc-copy --name f24 --newname f24_graphite
-
lxc-create -
-
sudo lxc-create -t centos -n base_centos7 — --release 7
-
sudo lxc-create --template download --name myubuntu — --dist ubuntu --release focal --arch amd64
-
lxc-start -
-
lxc-stop -
-
lxc-execute -
-
lxc-attach -
-
lxc-console -
-
lxc-monitor -
-
lxc-wait -
-
lxc-cgroup -
-
lxc-ls -
-
lxc-info -
-
lxc-freeze -
-
lxc-unfreeze -
-
lxc-clone - Seems to be replaced with: 'lxc-copy'. clone a new container from an existing one.
-
lxc-destroy -
-
sudo lxc-clone u1 u_base -
sudo lxc-start --name u_base -
apt-get install puppet git-
sudo lxc-attach -n u_base — /usr/bin/apt-get --assume-yes install puppet git binutils unzip
-
-
shutdown -h now-
sudo lxc-attach -n u_base — /sbin/shutdown -h now
-
-
sudo lxc-wait -n u_base -s 'STOPPED'
-
sudo lxc-destroy -n u_bld -
sudo lxc-clone u_base u_bld-
10s
-
-
sudo mkdir /var/lib/lxc/u_bld/rootfs/vagrant -
sudo chmod +x /var/lib/lxc/u_bld/rootfs/vagrant/install -
sudo lxc-start --name u_bld -
sudo lxc-wait -n u_bld -s 'RUNNING' -
sudo lxc-attach -n u_bld — /vagrant/install
#!/bin/sh
BASEPATH="/vagrant"
cd ${BASEPATH}
git clone https://github.com/henk52/vagrant-devmachine.git
cd ${BASEPATH}/vagrant-devmachine
echo "sudo puppet apply build_machine_install.pp"From a Local repo
Change: mirrorurl in /usr/share/lxc/templates/lxc-fedora or add the address to your /etc/hosts.
On the Repo server
-
dnf install rsync-daemon
-
systemctl daemon-reload
-
vi /etc/rsync.conf
[ fedora ]
path = /var/ks/mirrors/fedora20
read only = yes
write only = no
list = yes
uid = 0
gid = 0
incoming chmod = 0644
outgoing chmod = 0644
max connections = 0
# This file is being maintained by Puppet.
# DO NOT EDITOn ubuntu: 1. grep mirrorurl /usr/share/lxc/templates/lxc-fedora 1. sudo vi /etc/hosts 1. sudo lxc-create -t fedora -n p1
If you’re using the logical volume manager (which I recommend highly), specifying “-B lvm” will cause it to allocate a new logical volume for the guest. There are options to change the volume group, disk space allocation, and file system type if necessary. For this article, I’ll be taking the defaults.
-
sudo apt-get install yum
-
sudo /usr/share/lxc/templates/lxc-centos --name=graphite --release=7
-
sudo chroot /var/lib/lxc/graphite/rootfs passwd
-
sudo vi /var/lib/lxc/graphite/config
-
sudo lxc-start -n graphite
-
sudo lxc-attach -n graphite
Uncomment these lines:
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = lxcbr0
lxc.network.name = eth0-
https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/
-
https://github.com/lxc/lxc/issues/206
-
sudo apt-get update
-
sudo apt-get dist-upgrade
-
-
This will not upgrade to a new OS version. It is just more thorough in its update.
-
see also
man apt-get-
sudo puppet apply lxc.pp
-
sudo usermod --add-subuids 100000-165536 lxctst
-
sudo usermod --add-subgids 100000-165536 lxctst
-
sudo chmod +x ~lxctst
-
lxc-create -t download -n u1 — -d ubuntu -r trusty -a amd64
-
WARN: could not reopen tty: Permission denied
WARN: could not reopen tty: Permission denied
WARN: could not reopen tty: Permission denied
WARN: could not reopen tty: Permission denied
Setting up the GPG keyring
Downloading the image index
Downloading the rootfs
date
Downloading the metadata
The image cache is now ready
Unpacking the rootfs
---
You just created an Ubuntu container (release=trusty, arch=amd64, variant=default)
To enable sshd, run: apt-get install openssh-server
For security reason, container images ship without user accounts
and without a root password.
Use lxc-attach or chroot directly into the rootfs to set a root password
or create user accounts.
lxctst@XXX:~$ date
Wed Jul 29 02:48:17 CEST 2015-
sudo rm --preserve-root --one-file-system -rf /var/cache/lxc/fedora/x86_64/20
man lxc.container.conf
sudo -E lxc-create -t fedora -n comp1 -f my_lxc.conf
lxc.network.type=veth
lxc.network.type=internalbr0
lxc.network.name=eth0
lxc.network.flags=up
lxc.network.type=veth
lxc.network.type=internalbr1
lxc.network.name=eth1
lxc.network.flags=up-
http://unix.stackexchange.com/questions/50201/how-to-configure-external-ip-addresses-for-lxc-guests
-
https://coderwall.com/p/k0gutq/clean-lxc-nat-configuration-debian-wheezy
-
brctl addbr testbr0
-
ifconfig testbr0 up
-
Update the config file for each container
-
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = testbr0
lxc.network.hwaddr = 00:16:3e:ce:7b:fd
lxc.network.ipv4 = 172.16.0.1/24-
Please remember that the hwaddr has to be unique
-
you could also leave out the network address and then set it inside the container as you do with a normal machine.
What is needed to set-up an lxc environment on a vagrant machine, during boot.
-
optional proxy server.
-
lxc package
-
lxc patches to make it run on Fedora 20.
-
Base environment.
-
Since this takes about 10 min, it might be a good idea to have this in a tgz.
-
Here I need a list of additional packages that has to go into the lxc to form a base image.
-
Can I use augeas to hack this?
-
vi /usr/share/lxc/templates/lxc-fedora
-
search for PKG_LIST and add your own packages to the end of the list.
-
http://www.slideshare.net/BodenRussell/realizing-linux-containerslxc
-
https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt
-
http://serverfault.com/questions/444232/limit-memory-and-cpu-with-lxc-execute
-
https://lists.linuxcontainers.org/pipermail/lxc-users/2012-July/003784.html
-
https://www.kernel.org/doc/Documentation/scheduler/sched-rt-group.txt
-
lssubsys –am
-
sudo yum install libcgroup-tools
From: https://www.kernel.org/doc/Documentation/cgroups/cgroups.txt When mounting a cgroup hierarchy, you may specify a comma-separated list of subsystems to mount as the filesystem mount options. By default, mounting the cgroup filesystem attempts to mount a hierarchy containing all registered subsystems.
Fix: apt-get install yum
lxc-create -t centos -n graphite
Host CPE ID from /etc/os-release:
'yum' command is missing
lxc-create: lxccontainer.c: create_run_template: 1295 container creation template for graphite failed
lxc-create: tools/lxc_create.c: main: 318 Error creating container graphite[email protected] holdoff time over, scheduling restart.
Maybe I need to put the fedora.common.conf into /usr/share/lxc/config ?
[email protected] holdoff time over, scheduling restart.
[email protected] holdoff time over, scheduling restart.
[email protected] holdoff time over, scheduling restart.
[email protected] holdoff time over, scheduling restart.You don’t have to set 'audit=0'
You can download from https://github.com/lxc/lxc
Add 'audit=0' to the 'linux' command line in /boot/grub2/grub.cfg of the hosts OS. * https://bugzilla.redhat.com/show_bug.cgi?id=966807 * https://bugzilla.redhat.com/show_bug.cgi?id=1002914
p1 login: root
Password:
Cannot make/remove an entry for the specified sessionlxc-create -t download -n u1 -- -d ubuntu -r trusty -a amd64
WARN: could not reopen tty: Permission denied
newuidmap: uid range [0-1) -> [100000-100001) not allowed
error mapping child
setgid: Invalid argument
lxc_container: lxccontainer.c: do_create_container_dir: 760 Failed to chown container dir
lxc_container: lxc_create.c: main: 271 Error creating container u1lxc_container: cgmanager.c: lxc_cgmanager_create: 299 call to cgmanager_create_sync failed: invalid request
Fix, for ubuntu 14.04.1: # sudo apt-get update # sudo apt-get dist-upgrade
It seems like a newer systemd is needed.
lxc-start -n u1
WARN: could not reopen tty: Permission denied
WARN: could not reopen tty: Permission denied
WARN: could not reopen tty: Permission denied
WARN: could not reopen tty: Permission denied
WARN: could not reopen tty: Permission denied
lxc_container: cgmanager.c: lxc_cgmanager_create: 299 call to cgmanager_create_sync failed: invalid request
lxc_container: cgmanager.c: lxc_cgmanager_create: 301 Failed to create hugetlb:u1
lxc_container: cgmanager.c: cgm_create: 646 Error creating cgroup hugetlb:u1
lxc_container: start.c: lxc_spawn: 861 failed creating cgroups
lxc_container: start.c: __lxc_start: 1080 failed to spawn 'u1'
lxc_container: lxc_start.c: main: 342 The container failed to start.
lxc_container: lxc_start.c: main: 346 Additional information can be obtained by setting the --logfile and --logpriority options.