linux containerのいくつかの基本的な応用
9362 ワード
以下は個人の5年前の仕事のノートだけで、間違いは避けられません.参考にしたら、弁証の参考にしてください.
一:linux container basic command
o lxc-checkconfig # verifies that needed kernel config options are on
o lxc-ls # lists all containers on the system
o lxc-info # shows the current state of all containers
o lxc-freeze
o lxc-unfreeze
o lxc-ps
o lxc-kill sdk_v1.6 does not support this command.
o lxc-monitor
o lxc-netstat
o lxc-wait
reference to other test case:
o lxc-create # creates containers : TC-2101
o lxc-destroy # deletes containers : TC-2101
o lxc-start # starts/boots a container : TC-2101
o lxc-stop # stops a container : TC-2101
o lxc-unshare:TC-2555o lxc-execute:TC-2545, TC-2546, TC-2548
1. Create network bridge on host os with the net interface used to link to NW.(It can save network resource)
~# brctl addbr br0
~# brctl addif br0 ethx or fm1-gb1
~# ifconfig br0 192.168.2.XXX/24 up
~# ifconfig ethx or fm1-gb1 0.0.0.0
~# brctl show
2. Create, start linux container on ssh console:
~# lxc-create -n vm1 -t busybox -f/usr/share/doc/lxc/examples/lxc-veth.conf
~# lxc-start -n vm1 -d
~# lxc-console -n vm1
vm1 login: rootPassword: (root)~ #
3.On host os:
Enable udhcpc for linux contianer on host os:
~# lxc-attach -n vm1 -- udhcpcudhcpc (v1.20.2) startedSending discover...Sending select for 192.168.0.58...Lease of 192.168.0.58 obtained, lease time 600
~# lxc-attach -n vm1 -- ifconfig
Start ssh function for linu container on host os
~# lxc-attach -n vm1 -- dropbear
~# ping 192.168.2.1 -c 3
4. ssh to container:
ssh [email protected]
[email protected]'s password:~ #
ps PID USER VSZ STAT COMMAND 1 root 3784 S init 4 root 3784 S /bin/syslogd 6 root 3788 S -sh 7 root 3784 S init 15 root 3784 S udhcpc 18 root 2884 S dropbear 19 root 3384 R dropbear 20 root 3788 S -sh 21 root 3788 R ps
~ # exit
二:share device with host in lxc
1. mount cgroup subsystems2. modiy busybox 3.
Creating device files into container rootfsEdit/usr/share/lxc/templates/lxc-busybox In install_busybox() add: # device zero mknod zero c 1 5 chmod 666 zero # hdd
mknod sdb b 8 16
mknod sdb1 b 8 17
chmod 666 sdb
chmod 666 sdb1
Note: If necessary please modify the major and minor device ID based on your test context.
4.
In ssh console , create ctx1 lxc.
# lxc-create -n ctx1 -t busybox -f/usr/share/doc/lxc/examples/lxc-no-netns.conf
5.
Startup ctx1 lxc:
# lxc-start -n ctx1udhcpc: applet not found
Please press Enter to activate this console.
root@ctx1:/#
6.
Do hdparm test 3 times on hard disk and get the average value.
#hdparm -t/dev/sdb
7.
stop and destroy ctx1 lxc as lxc_startup
三:assign a physical network interface to a container
One approach to providing networking capability to a container is to directly assign an available, unused network interface to the container. The interface is not shared, it becomes the private resource of the container.1. edit a config file as below:lxc-phys.conf
Note: The network type is set to: phys. Make a copy of the example config file and update it with the name of the Ethernet interface to be assigned, an appropriate IP address, and any other appropriate changes (e.g. mac address). For example, the change (in universal diff format) to set the interface fm2-gb0 and IP address 192.168.10.3 would look like: etc
四:configure network with macvlan
An LXC container can be provided with a virtual network interface using the "MAC-VLAN"feature of the Linux kernel (see kernel config option CONFIG_MACVLAN). MAC-VLAN allows virtual interfaces to be created that route packets to or from a MAC address to a physical network interface.
1.The example configuration file lxc-veth.conf demonstrates this approach:
The contents of the provided lxc-phys.conf example configuration file are show below:
modify items as:
lxc.network.link = fmX-gbX
2.
configure network on right host.
# ifconfig fmX-gbX 192.2.1.13# ifconfig fmX-gbX promisc
3.
In right ssh console, create ctx1 lxc with busybox template
# lxc-create -n ctx1 -t busybox -f/usr/share/doc/lxc/examples/lxc-macvlan.conf
4.
Startup ctx1 lxc:
#lxc-start -n ctx1
5. do test.
五:configure network using vlan
A container can be provided with a virtual network interface using VLANs.
See the vlan description in LXC Configuration File Reference for some additional details on this approach to networking.
The example configuration file lxc-veth.conf demonstrates this approach:
The contents of the provided lxc-vlan.conf example configuration file are show below:
Make a copy of the example config file and update it with the physical network interface to be used and the vlan ID, an appropriate IP address, and any other appropriate changes. For example, the change (in universal diff format) to specify the fm2-gb0 interface, a VLAN id of 2, and an IP address of 192.168.30.2 would look like:
In this setup, the host is connected to a test machine through physical interface fm2-gb0. On the test machine, the following commands have been issued (interface p7p1 on this machine has physical link to fm2-gb0):
Test the VLAN interface by starting an application container running/bin/bash:
Test the interface in the now running container:
実はこれまで(lxc-0.9.0)containerが移行できなかったのはcontainerとその中で実行されているprocess状態がstoreできないため、どのように起動するか分かりません.lxc-1.0.0へのlxc-snapshot、または別のtoolsは、将来containerが移行を実現することができる.
一:linux container basic command
o lxc-checkconfig # verifies that needed kernel config options are on
o lxc-ls # lists all containers on the system
o lxc-info # shows the current state of all containers
o lxc-freeze
o lxc-unfreeze
o lxc-ps
o lxc-kill sdk_v1.6 does not support this command.
o lxc-monitor
o lxc-netstat
o lxc-wait
reference to other test case:
o lxc-create # creates containers : TC-2101
o lxc-destroy # deletes containers : TC-2101
o lxc-start # starts/boots a container : TC-2101
o lxc-stop # stops a container : TC-2101
o lxc-unshare:TC-2555o lxc-execute:TC-2545, TC-2546, TC-2548
1. Create network bridge on host os with the net interface used to link to NW.(It can save network resource)
~# brctl addbr br0
~# brctl addif br0 ethx or fm1-gb1
~# ifconfig br0 192.168.2.XXX/24 up
~# ifconfig ethx or fm1-gb1 0.0.0.0
~# brctl show
2. Create, start linux container on ssh console:
~# lxc-create -n vm1 -t busybox -f/usr/share/doc/lxc/examples/lxc-veth.conf
~# lxc-start -n vm1 -d
~# lxc-console -n vm1
vm1 login: rootPassword: (root)~ #
3.On host os:
Enable udhcpc for linux contianer on host os:
~# lxc-attach -n vm1 -- udhcpcudhcpc (v1.20.2) startedSending discover...Sending select for 192.168.0.58...Lease of 192.168.0.58 obtained, lease time 600
~# lxc-attach -n vm1 -- ifconfig
Start ssh function for linu container on host os
~# lxc-attach -n vm1 -- dropbear
~# ping 192.168.2.1 -c 3
4. ssh to container:
ssh [email protected]
[email protected]'s password:~ #
ps PID USER VSZ STAT COMMAND 1 root 3784 S init 4 root 3784 S /bin/syslogd 6 root 3788 S -sh 7 root 3784 S init 15 root 3784 S udhcpc 18 root 2884 S dropbear 19 root 3384 R dropbear 20 root 3788 S -sh 21 root 3788 R ps
~ # exit
二:share device with host in lxc
1. mount cgroup subsystems2. modiy busybox 3.
Creating device files into container rootfsEdit/usr/share/lxc/templates/lxc-busybox In install_busybox() add: # device zero mknod zero c 1 5 chmod 666 zero # hdd
mknod sdb b 8 16
mknod sdb1 b 8 17
chmod 666 sdb
chmod 666 sdb1
Note: If necessary please modify the major and minor device ID based on your test context.
4.
In ssh console , create ctx1 lxc.
# lxc-create -n ctx1 -t busybox -f/usr/share/doc/lxc/examples/lxc-no-netns.conf
5.
Startup ctx1 lxc:
# lxc-start -n ctx1udhcpc: applet not found
Please press Enter to activate this console.
root@ctx1:/#
6.
Do hdparm test 3 times on hard disk and get the average value.
#hdparm -t/dev/sdb
7.
stop and destroy ctx1 lxc as lxc_startup
三:assign a physical network interface to a container
One approach to providing networking capability to a container is to directly assign an available, unused network interface to the container. The interface is not shared, it becomes the private resource of the container.1. edit a config file as below:lxc-phys.conf
# Container with network virtualized using a physical network device with name
# 'eth0'
lxc.utsname = gamma
lxc.network.type = phys
lxc.network.flags = up
lxc.network.link = eth0
lxc.network.hwaddr = 4a:49:43:49:79:ff
lxc.network.ipv4 = 10.2.3.6/24
lxc.network.ipv6 = 2003:db8:1:0:214:1234:fe0b:3297
Note: The network type is set to: phys. Make a copy of the example config file and update it with the name of the Ethernet interface to be assigned, an appropriate IP address, and any other appropriate changes (e.g. mac address). For example, the change (in universal diff format) to set the interface fm2-gb0 and IP address 192.168.10.3 would look like: etc
四:configure network with macvlan
An LXC container can be provided with a virtual network interface using the "MAC-VLAN"feature of the Linux kernel (see kernel config option CONFIG_MACVLAN). MAC-VLAN allows virtual interfaces to be created that route packets to or from a MAC address to a physical network interface.
1.The example configuration file lxc-veth.conf demonstrates this approach:
/usr/share/doc/lxc/examples/lxc-macvlan.conf
The contents of the provided lxc-phys.conf example configuration file are show below:
# Container with network virtualized using the macvlan device driver
lxc.utsname = alpha
lxc.network.type = macvlan
lxc.network.flags = up
lxc.network.link = eth0
lxc.network.hwaddr = 4a:49:43:49:79:bd
lxc.network.ipv4 = 10.2.3.4/24
lxc.network.ipv6 = 2003:db8:1:0:214:1234:fe0b:3596
modify items as:
lxc.network.link = fmX-gbX
2.
configure network on right host.
# ifconfig fmX-gbX 192.2.1.13# ifconfig fmX-gbX promisc
3.
In right ssh console, create ctx1 lxc with busybox template
# lxc-create -n ctx1 -t busybox -f/usr/share/doc/lxc/examples/lxc-macvlan.conf
4.
Startup ctx1 lxc:
#lxc-start -n ctx1
5. do test.
五:configure network using vlan
A container can be provided with a virtual network interface using VLANs.
See the vlan description in LXC Configuration File Reference for some additional details on this approach to networking.
The example configuration file lxc-veth.conf demonstrates this approach:
/usr/share/doc/lxc/examples/lxc-vlan.conf
The contents of the provided lxc-vlan.conf example configuration file are show below:
# Container with network virtualized using the vlan device driver
lxc.utsname = alpha
lxc.network.type = vlan
lxc.network.vlan.id = 1234
lxc.network.flags = up
lxc.network.link = eth0
lxc.network.hwaddr = 4a:49:43:49:79:bd
lxc.network.ipv4 = 10.2.3.4/24
lxc.network.ipv6 = 2003:db8:1:0:214:1234:fe0b:3596
Make a copy of the example config file and update it with the physical network interface to be used and the vlan ID, an appropriate IP address, and any other appropriate changes. For example, the change (in universal diff format) to specify the fm2-gb0 interface, a VLAN id of 2, and an IP address of 192.168.30.2 would look like:
--- /usr/share/doc/lxc/examples/lxc-vlan.conf 2013-05-30 14:22:14.980406375 +0300
+++ lxc-vlan.conf 2013-06-03 13:26:38.477580000 +0300
@@ -1,9 +1,9 @@
# Container with network virtualized using the vlan device driver
lxc.utsname = alpha
lxc.network.type = vlan
-lxc.network.vlan.id = 1234
+lxc.network.vlan.id = 2
lxc.network.flags = up
-lxc.network.link = eth0
+lxc.network.link = fm2-gb0
lxc.network.hwaddr = 4a:49:43:49:79:bd
-lxc.network.ipv4 = 10.2.3.4/24
+lxc.network.ipv4 = 192.168.30.2/24
lxc.network.ipv6 = 2003:db8:1:0:214:1234:fe0b:3596
In this setup, the host is connected to a test machine through physical interface fm2-gb0. On the test machine, the following commands have been issued (interface p7p1 on this machine has physical link to fm2-gb0):
[root@everest][~]# modprobe 8021q
[root@everest][~]# lsmod | grep 8021q
8021q 23476 0
garp 13763 1 8021q
[root@everest][~]# vconfig add p7p1 2
Added VLAN with VID == 2 to IF -:p7p1:-
[root@everest][~]# ifconfig p7p1.2 192.168.30.1 up
Test the VLAN interface by starting an application container running/bin/bash:
# lxc-execute -n mytest -f lxc-vlan.conf -- /bin/bash
bash-4.2#
Test the interface in the now running container:
bash-4.2# /sbin/ifconfig
eth0: flags=4163 mtu 1500
inet 192.168.30.2 netmask 255.255.255.0 broadcast 192.168.30.255
inet6 fe80::21e:c9ff:fe49:bb93 prefixlen 64 scopeid 0x20
ether 00:1e:c9:49:bb:93 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6 bytes 468 (468.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73 mtu 16436
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 0 (Local Loopback)
RX packets 4 bytes 200 (200.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4 bytes 200 (200.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
bash-4.2# ping -c 3 192.168.30.1
PING 192.168.30.1 (192.168.30.1) 56(84) bytes of data.
64 bytes from 192.168.30.1: icmp_req=1 ttl=64 time=0.338 ms
64 bytes from 192.168.30.1: icmp_req=2 ttl=64 time=0.372 ms
64 bytes from 192.168.30.1: icmp_req=3 ttl=64 time=0.355 ms
--- 192.168.30.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.338/0.355/0.372/0.013 ms
実はこれまで(lxc-0.9.0)containerが移行できなかったのはcontainerとその中で実行されているprocess状態がstoreできないため、どのように起動するか分かりません.lxc-1.0.0へのlxc-snapshot、または別のtoolsは、将来containerが移行を実現することができる.