User Tools
docs:lxc
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
docs:lxc [2014-07-02 11:04] matkor |
docs:lxc [2016-08-21 00:36] (current) glen [LXC - Linux Container Tools] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== LXC - Linux Container Tools ====== | ====== LXC - Linux Container Tools ====== | ||
| - | LXC is a tool to create and manage containers. It contains a full featured container with the isolation / virtualization of the pids, the ipc, the utsname, the mount points, /proc, /sys, the network and it takes into account the control groups. It is very light, flexible, and provides a set of tools around the container like the monitoring with asynchronous events notification, or the freeze of the container. This package is useful to create Virtual Private Server, or to run isolated applications like bash or sshd. | + | [[https://linuxcontainers.org/lxc/|LXC]] is a tool to create and manage containers. It contains a full featured container with the isolation / virtualization of the pids, the ipc, the utsname, the mount points, /proc, /sys, the network and it takes into account the control groups. It is very light, flexible, and provides a set of tools around the container like the monitoring with asynchronous events notification, or the freeze of the container. This package is useful to create Virtual Private Server, or to run isolated applications like bash or sshd. |
| + | |||
| + | LXC is pretty low level, very flexible and covers just about every containment feature supported by the upstream kernel. For a completely fresh and intuitive user experience with a single command line tool to manage your containers see [[LXD]]. | ||
| **Resources** | **Resources** | ||
| - | * [[http://linuxcontainers.org/|LXC Project homepage]] | ||
| * [[https://www.stgraber.org/2013/12/20/lxc-1-0-blog-post-series/|LXC 1.0 blog post series]] - must read to get quick overview what's out there | * [[https://www.stgraber.org/2013/12/20/lxc-1-0-blog-post-series/|LXC 1.0 blog post series]] - must read to get quick overview what's out there | ||
| * [[http://lists.linuxfoundation.org/mailman/listinfo/containers|Linux Containers mailing list]] | * [[http://lists.linuxfoundation.org/mailman/listinfo/containers|Linux Containers mailing list]] | ||
| Line 21: | Line 22: | ||
| * [[package>lxc]] package | * [[package>lxc]] package | ||
| * cgroups mounted, use [[package>systemd]] or [[package>libcgroup]] for that (edit and enable most groups in ///etc/cgconfig.conf// except debug) | * cgroups mounted, use [[package>systemd]] or [[package>libcgroup]] for that (edit and enable most groups in ///etc/cgconfig.conf// except debug) | ||
| + | |||
| + | <note warning>Kernels with vserver support compiled in, do not work correctly with LXC | ||
| + | |||
| + | * [[http://lists.pld-linux.org/mailman/pipermail/pld-devel-en/2014-January/thread.html#23786]] | ||
| + | * http://www.paul.sladen.org/vserver/archives/201402/0015.html | ||
| + | </note> | ||
| ===== Guest creation ===== | ===== Guest creation ===== | ||
| Line 65: | Line 72: | ||
| ===== Common problems / Useful tricks ===== | ===== Common problems / Useful tricks ===== | ||
| + | |||
| + | ==== lxc-start has no output ==== | ||
| + | |||
| + | In case ''lxc-start -n test'' produces no output, ensure /dev/console is present in guest filesystem. | ||
| ==== lxc-stop is not graceful ==== | ==== lxc-stop is not graceful ==== | ||
| Line 123: | Line 134: | ||
| - | ==== config for network ==== | + | ===== Network configs ===== |
| + | ==== general ==== | ||
| - | static networking, set ''VSERVER=yes'' and ''VSERVER_ISOLATION_NET=yes'' in guest ''/etc/sysconfig/system'' to disable all network configuration by guest, set RC_PROMPT=no to avoid hanging startaup scripts, in general it's good idea to turn off there most of things | + | static networking, set ''VSERVER=yes'' and ''VSERVER_ISOLATION_NET=yes'' in guest ''/etc/sysconfig/system'' to disable all network configuration by guest, set RC_PROMPT=no to avoid hanging startup scripts, in general it's good idea to turn off there most of things |
| - | === network using macvlan in bridge mode === | + | ==== network using macvlan in bridge mode ==== |
| - traffic from host to guest (and vice-versa) is NOT passed. external trafic works | - traffic from host to guest (and vice-versa) is NOT passed. external trafic works | ||
| - guest interface is NOT visible on host | - guest interface is NOT visible on host | ||
| - you can't filter guest straffic from host's firewall | - you can't filter guest straffic from host's firewall | ||
| - host can use seme default interface with and without guests running. | - host can use seme default interface with and without guests running. | ||
| - | - you HAVE to set mac. If not - on every container start you'll have different one (your router will not pass the traffic). | + | - one have better to set static MAC address. If not - on every container start you'll have different MAC generated and your router may have problems with passing traffic. |
| - | - iptables is initialized from lxc.hook.pre-mount hook (ran in the container's namespace and having macvlan interface visible) | + | - iptables is initialized from lxc.hook.pre-mount hook (ran in the container's namespace and having guest macvlan interface visible) |
| first boot with ''hwaddr'' line disabled, look what the random address was assigned, set it in config. | first boot with ''hwaddr'' line disabled, look what the random address was assigned, set it in config. | ||
| Line 158: | Line 170: | ||
| - | ===== network using bridged veth interfaces ===== | + | ==== network using bridged veth interfaces ==== |
| + | |||
| + | ==== More raeding about network ==== | ||
| + | [[http://containerops.org/2013/11/19/lxc-networking/|Elaborate article about configuring different types of network ]] | ||
| + | ===== Sample configs ===== | ||
| ==== full config ==== | ==== full config ==== | ||
docs/lxc.1404291884.txt.gz · Last modified: 2014-07-02 11:04 by matkor
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
