LXC: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(Seite erstellt; ja, sieht schlimm aus, aber hat erstmal basic infos) |
Keine Bearbeitungszusammenfassung |
||
Zeile 1: | Zeile 1: | ||
==Erstellen== | |||
* mit lvm | |||
<pre> | |||
lxc-create -n<container-name> -t <template> -B lvm --lvname <container-name> --vgname <volumen-gruppen-name> --fstype <filesystem-type> --fssize <filesystem-größe> | |||
</pre> | |||
Von Konsole detachen: | * ohne lvm | ||
<pre> | |||
lxc-create -n<container-name> -t <template> | |||
</pre> | |||
==Start/Stop== | |||
* start | |||
<pre> | |||
lxc-start -n<container-name> -f</path/to/config/file> -d | |||
</pre> | |||
* stop | |||
<pre> | |||
lxc-stop -n<container-name> | |||
</pre> | |||
==Config== | |||
<pre> | |||
## network | |||
lxc.network.type=veth | |||
lxc.network.link=br0 | |||
lxc.network.name=eth0 | |||
lxc.network.hwaddr=00:00:c3:d2:00:23 | |||
lxc.network.veth.pair=br0_<container-name> | |||
lxc.network.flags=up | |||
lxc.network.type=veth | |||
lxc.network.link=br1 | |||
lxc.network.name=eth1 | |||
lxc.network.hwaddr=00:00:c3:d2:01:23 | |||
lxc.network.veth.pair=br1_<container-name> | |||
lxc.network.flags=up | |||
## Container | |||
lxc.utsname = <container-name> | |||
lxc.rootfs = /var/lib/lxc/<container-name>/rootfs | |||
lxc.arch = x86_64 | |||
#lxc.console = /var/log/lxc/<container-name>.console | |||
lxc.tty = 2 | |||
lxc.pts = 1024 | |||
## Capabilities | |||
lxc.cap.drop = audit_control | |||
lxc.cap.drop = audit_write | |||
lxc.cap.drop = linux_immutable | |||
lxc.cap.drop = mac_admin | |||
lxc.cap.drop = mac_override | |||
lxc.cap.drop = setpcap | |||
lxc.cap.drop = sys_admin | |||
lxc.cap.drop = sys_boot | |||
lxc.cap.drop = sys_module | |||
lxc.cap.drop = sys_pacct | |||
lxc.cap.drop = sys_rawio | |||
lxc.cap.drop = sys_time | |||
## Devices | |||
# Allow all devices | |||
#lxc.cgroup.devices.allow = a | |||
# Deny all devices | |||
lxc.cgroup.devices.deny = a | |||
# Allow to mknod all devices (but not using them) | |||
lxc.cgroup.devices.allow = c *:* m | |||
lxc.cgroup.devices.allow = b *:* m | |||
# /dev/console | |||
lxc.cgroup.devices.allow = c 5:1 rwm | |||
# /dev/null | |||
lxc.cgroup.devices.allow = c 1:3 rwm | |||
# /dev/ptmx | |||
lxc.cgroup.devices.allow = c 5:2 rwm | |||
# /dev/pts/* | |||
lxc.cgroup.devices.allow = c 136:* rwm | |||
# /dev/random | |||
lxc.cgroup.devices.allow = c 1:8 rwm | |||
# /dev/rtc | |||
lxc.cgroup.devices.allow = c 254:0 rwm | |||
# /dev/tty | |||
lxc.cgroup.devices.allow = c 5:0 rwm | |||
# tty0 | |||
lxc.cgroup.devices.allow = c 4:0 rwm | |||
# tty1 | |||
lxc.cgroup.devices.allow = c 4:1 rwm | |||
# /dev/urandom | |||
lxc.cgroup.devices.allow = c 1:9 rwm | |||
# /dev/zero | |||
lxc.cgroup.devices.allow = c 1:5 rwm | |||
# tun | |||
lxc.cgroup.devices.allow = c 10:200 rwm | |||
## Limits | |||
lxc.cgroup.cpu.shares = 1024 | |||
lxc.cgroup.cpuset.cpus = 0 | |||
lxc.cgroup.memory.limit_in_bytes = 256M | |||
lxc.cgroup.memory.memsw.limit_in_bytes = 1G | |||
## Filesystem | |||
lxc.mount.entry = proc proc proc ro,nodev,noexec,nosuid 0 0 | |||
lxc.mount.entry = sysfs sys sysfs ro 0 0 | |||
</pre> | |||
==Console== | |||
===</path/to/conatiner/rootfs>/etc/inittab=== | |||
<pre> | |||
# /sbin/getty invocations for the runlevels. | |||
# | |||
# The "id" field MUST be the same as the last | |||
# characters of the device (after "tty"). | |||
# | |||
# Format: | |||
# <id>:<runlevels>:<action>:<process> | |||
# | |||
# Note that on most Debian systems tty7 is used by the X Window System, | |||
# so if you want to add more getty's go ahead but skip tty7 if you run X. | |||
# | |||
c1:2345:respawn:/sbin/getty 38400 tty1 | |||
#1:2345:respawn:/sbin/getty 38400 tty1 | |||
#2:23:respawn:/sbin/getty 38400 tty2 | |||
#3:23:respawn:/sbin/getty 38400 tty3 | |||
#4:23:respawn:/sbin/getty 38400 tty4 | |||
#5:23:respawn:/sbin/getty 38400 tty5 | |||
#6:23:respawn:/sbin/getty 38400 tty6 | |||
# console | |||
1:12345:respawn:/sbin/agetty --noclear 115200 console linux | |||
</pre> | |||
===lxc-console=== | |||
* VMs auflisten: | |||
<pre> | |||
lxc-list | |||
</pre> | |||
* an VM attachen: | |||
<pre> | |||
lxc-console -n<container-name> | |||
</pre> | |||
* Von Konsole detachen: | |||
: im screen: | |||
<pre> | |||
strg+a a q | |||
</pre> | |||
: ohne screen: | |||
<pre> | |||
strg+a q | |||
</pre> |
Version vom 30. September 2013, 16:23 Uhr
Erstellen
- mit lvm
lxc-create -n<container-name> -t <template> -B lvm --lvname <container-name> --vgname <volumen-gruppen-name> --fstype <filesystem-type> --fssize <filesystem-größe>
- ohne lvm
lxc-create -n<container-name> -t <template>
Start/Stop
- start
lxc-start -n<container-name> -f</path/to/config/file> -d
- stop
lxc-stop -n<container-name>
Config
## network lxc.network.type=veth lxc.network.link=br0 lxc.network.name=eth0 lxc.network.hwaddr=00:00:c3:d2:00:23 lxc.network.veth.pair=br0_<container-name> lxc.network.flags=up lxc.network.type=veth lxc.network.link=br1 lxc.network.name=eth1 lxc.network.hwaddr=00:00:c3:d2:01:23 lxc.network.veth.pair=br1_<container-name> lxc.network.flags=up ## Container lxc.utsname = <container-name> lxc.rootfs = /var/lib/lxc/<container-name>/rootfs lxc.arch = x86_64 #lxc.console = /var/log/lxc/<container-name>.console lxc.tty = 2 lxc.pts = 1024 ## Capabilities lxc.cap.drop = audit_control lxc.cap.drop = audit_write lxc.cap.drop = linux_immutable lxc.cap.drop = mac_admin lxc.cap.drop = mac_override lxc.cap.drop = setpcap lxc.cap.drop = sys_admin lxc.cap.drop = sys_boot lxc.cap.drop = sys_module lxc.cap.drop = sys_pacct lxc.cap.drop = sys_rawio lxc.cap.drop = sys_time ## Devices # Allow all devices #lxc.cgroup.devices.allow = a # Deny all devices lxc.cgroup.devices.deny = a # Allow to mknod all devices (but not using them) lxc.cgroup.devices.allow = c *:* m lxc.cgroup.devices.allow = b *:* m # /dev/console lxc.cgroup.devices.allow = c 5:1 rwm # /dev/null lxc.cgroup.devices.allow = c 1:3 rwm # /dev/ptmx lxc.cgroup.devices.allow = c 5:2 rwm # /dev/pts/* lxc.cgroup.devices.allow = c 136:* rwm # /dev/random lxc.cgroup.devices.allow = c 1:8 rwm # /dev/rtc lxc.cgroup.devices.allow = c 254:0 rwm # /dev/tty lxc.cgroup.devices.allow = c 5:0 rwm # tty0 lxc.cgroup.devices.allow = c 4:0 rwm # tty1 lxc.cgroup.devices.allow = c 4:1 rwm # /dev/urandom lxc.cgroup.devices.allow = c 1:9 rwm # /dev/zero lxc.cgroup.devices.allow = c 1:5 rwm # tun lxc.cgroup.devices.allow = c 10:200 rwm ## Limits lxc.cgroup.cpu.shares = 1024 lxc.cgroup.cpuset.cpus = 0 lxc.cgroup.memory.limit_in_bytes = 256M lxc.cgroup.memory.memsw.limit_in_bytes = 1G ## Filesystem lxc.mount.entry = proc proc proc ro,nodev,noexec,nosuid 0 0 lxc.mount.entry = sysfs sys sysfs ro 0 0
Console
</path/to/conatiner/rootfs>/etc/inittab
# /sbin/getty invocations for the runlevels. # # The "id" field MUST be the same as the last # characters of the device (after "tty"). # # Format: # <id>:<runlevels>:<action>:<process> # # Note that on most Debian systems tty7 is used by the X Window System, # so if you want to add more getty's go ahead but skip tty7 if you run X. # c1:2345:respawn:/sbin/getty 38400 tty1 #1:2345:respawn:/sbin/getty 38400 tty1 #2:23:respawn:/sbin/getty 38400 tty2 #3:23:respawn:/sbin/getty 38400 tty3 #4:23:respawn:/sbin/getty 38400 tty4 #5:23:respawn:/sbin/getty 38400 tty5 #6:23:respawn:/sbin/getty 38400 tty6 # console 1:12345:respawn:/sbin/agetty --noclear 115200 console linux
lxc-console
- VMs auflisten:
lxc-list
- an VM attachen:
lxc-console -n<container-name>
- Von Konsole detachen:
- im screen:
strg+a a q
- ohne screen:
strg+a q