LXC

5,252 views

Published on

Introduce LXC and tools taken LXC as provider, such as docker, juju and vagrant. Finally, quickly overview namespace and cgroup.

Published in: Technology
0 Comments
13 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
5,252
On SlideShare
0
From Embeds
0
Number of Embeds
860
Actions
Shares
0
Downloads
154
Comments
0
Likes
13
Embeds 0
No embeds

No notes for slide
  • lxc-setuidlxc-listlxc-checkpointlxc-checkconfiglxc-consolelxc-unsharelxc-setcaplxc-versionlxc-clonelxc-executelxc-executelxc-unshare
  • LXC

    1. 1. LXC Doro Wu fcwu.tw@gmail.com
    2. 2. Who am I • Software Engineer at Canonical • Skills – Legacy, EFI BIOS – Linux Kernel – Android framework & HAL & Apps – Window Apps with wxPython – Linux Desktop Stack • Links – Blog, LinkedIn, github 2
    3. 3. In this talk 3 LXC Applications Internal
    4. 4. Virtualization • Hardware Virtualization – Full: VirtualBox – Para: Xen, KVM • Software – Operating system-level virtualization • LXC • OpenVZ • Linux VServer • FreeBSD Jails • chroot 4 Containers Hardware OS P0 Pn P0 Pn
    5. 5. LXC • LXC (LinuX Containers) – Run a Linux system within another Linux system • Container – a group of processes on a Linux box, put together in an isolated environment • Inside the box, it looks like a VM • Outside the box, it looks like normal processes 5
    6. 6. Benefit • Speed - fast – Boots, create VM, deploy tasks • Footprint - small – aufs or overlayfs • Virtualization – Own network interface – Own filesystem – Isolation and security – Isolation and resource usage 6
    7. 7. Use Cases • Continuous Integration – Run 100 tests in 100 VMs • Escape dependency hell • Do whatever you did in VMs – But faster 7
    8. 8. QUICK START 8
    9. 9. • Ubuntu 12.04.2 9 $ sudo apt-get install lxc $ sudo lxc-create -t ubuntu -n u1 $ sudo lxc-start -n u1 -d $ sudo lxc-console -n u1 username/name: ubuntu ^aq $ sudo lxc-list $ sudo lxc-info -n u1 $ sudo lxc-shutdown -n u1 $ sudo lxc-destroy -n u1
    10. 10. Cheat Sheet • lxc-create - create system container • lxc-destroy - destroy container • lxc-start - start sys container • lxc-stop - stop sys container • lxc-shutdown - safely shut down a container • lxc-execute - Run command in a app container • lxc-start-ephemeral - start an one-time container • lxc-ls - shorter output than lxc-list • lxc-list - List all containers • lxc-info - Print info on the state of a container • lxc-monitor - Monitor state • lxc-wait - Wait for a state change • lxc-restore - restore containers from backups made by lxc-backup • lxc-backup - back up the root filesystems • lxc-freeze - freeze a running container • lxc-unfreeze - unfreeze a frozen container • lxc-cgroup - View and set container control group settings • lxc-netstat - Execute netstat in a running container • lxc-ps - View process info in a running container 10
    11. 11. create x destroy • lxc-create -n {ctx-name} -t {template name} – $ sudo lxc-create -n u1 -t ubuntu – $ sudo lxc-create -n u2 -t ubuntu -- -r raring – Templates are in /usr/lib/lxc/lxc-* – When first created, a base filesystem will put in /var/cache/lxc/ – Then copy a instance to /var/lib/lxc/{name}/ • config • fstab • rootfs/ • lxc-destroy -n {name} 11
    12. 12. start x stop x shutdown • lxc-start -n {name} [-d] [-o logfile] [--logpriority=LEVEL] – Start a system-level container (/sbin/init) • lxc-shutdown -n name [-w] [-r] [-t timeout] – Cleanly shut down a container. • Send SIGPWR • If not stopped, call lxc-stop which sends SIGKILL – -w: wait for shutdown to complete. – -r: reboot (ignore -w). – -t timeout: wait at most timeout seconds (implies -w), then kill the container. • lxc-stop -n {name} 12
    13. 13. execute x start-ephermal • lxc-execute -n {NAME} -- {COMMAND} – Run a command in application-level container • lxc-start-ephemeral [-d] [-u user] [-S key] -o {orig} -- [COMMAND] – Runs an ephemeral (one-off) container – $ sudo lxc-start-ephemeral -u ubuntu -o u1 -- uname -a – Options: • orig - name of the original container • user - the user to connect to the container as • key - the path to the SSH key to use to connect • -d - run in the background 13
    14. 14. cgroup • lxc-cgroup -n {name} {subsystem} {value} – View and set container control group settings – $ sudo lxc-cgroup -n u1 memroy.limit_in_bytes 256M – $ lxc-cgroup -n u1 cpu.shares 512 • maximum is 1024 – $ lxc-cgroup -n u1 cpuset.cpus 0,3 – Configure - /var/lib/lxc/{name}/config, such as • lxc.cgroup.memory.limit_in_bytes = 256M 14
    15. 15. clone x backup x restore • sudo lxc-clone -o {orig} -n {new} • sudo lxc-backup {name} {number} • sudo lxc-restore {name} {number} 15
    16. 16. APPLICATIONS 16
    17. 17. Docker Docker can help you easily create lightweight, portable, self-sufficient containers from any application 17
    18. 18. Deploy Remote Desktop 18 $ sudo apt-get install linux-image-extra-`uname -r` $ sudo add-apt-repository ppa:dotcloud/lxc-docker $ sudo apt-get update $ sudo apt-get install lxc-docker $ docker run -i -t ubuntu /bin/bash $ docker build -t vpsee/docker-desktop git://github.com/rogaha/docker- desktop.git $ docker images $ docker run vpsee/docker-desktop $ docker port a581df505cb9 22 $ docker ps $ ssh -XC docker@localhost -p 49153 ./docker-desktop $ xpra --ssh="ssh -p 49153" attach ssh:docker@localhost:10 http://www.vpsee.com/2013/07/use-docker-and-lxc-to-build-a-desktop/
    19. 19. 19 Dockerfile allow you to automate the steps you would normally manually take to create an image.
    20. 20. Juju Automate your cloud infrastructure Configure, manage, maintain, deploy and scale efficiently with best-practice Charms on any public, private or hybrid cloud from a powerful GUI or the command-line. 20
    21. 21. Deploy WordPress 21 $ sudo apt-add-repository ppa:juju/stable $ sudo apt-get update $ sudo apt-get install lxc mongodb-server juju juju-core $ juju init $ sed -i ‘s/default: amazon/default: local/’ ~/.juju/environments.yaml $ sudo juju bootstrap $ sudo juju deploy wordpress $ sudo juju deploy mysql $ sudo juju add-relation wordpress mysql $ sudo juju expose wordpress $ sudo juju status https://juju.ubuntu.com/docs/
    22. 22. 22
    23. 23. $ sudo juju status environment: local machines: "0": agent-state: started agent-version: 1.14.1.1 dns-name: 10.0.3.1 instance-id: localhost series: precise "2": agent-state: started agent-version: 1.14.1.1 dns-name: 172.16.0.5 instance-id: doro-local-machine-2 series: precise "3": agent-state: started agent-version: 1.14.1.1 dns-name: 172.16.0.5 instance-id: doro-local-machine-3 series: precise services: mysql: charm: cs:precise/mysql-27 exposed: false relations: cluster: - mysql db: - wordpress units: mysql/0: agent-state: started agent-version: 1.14.1.1 machine: "2" public-address: 10.0.3.162 wordpress: charm: cs:precise/wordpress-18 exposed: false relations: db: - mysql loadbalancer: - wordpress units: wordpress/0: agent-state: error agent-state-info: 'hook failed: "install"' agent-version: 1.14.1.1 machine: "3" public-address: 10.0.3.118 23
    24. 24. $ sudo juju destroy-environment $ sudo apt-get purge juju juju-core mongo- server 24
    25. 25. Vagrant Development environments made easy Create and configure lightweight, reproducible, and portable development environments. 25
    26. 26. Create Ubuntu 12.04 64-bits 26 $ vagrant box add precise64 http://files.vagrantup.com/precise64.box $ mkdir my_box $ cd my_box $ vagrant init precise64 $ vagrant up $ vagrant ssh $ vagrant suspend $ vagrant halt $ vagrant destroy vagrant-lxc, https://github.com/fgrehm/vagrant-lxc
    27. 27. INTERNAL 27 http://www.slideshare.net/dotCloud/scale11x-lxc-talk-16766275 http://lwn.net/Articles/531114/
    28. 28. Get Code • $ apt-get source lxc • configure – /etc/lxc/lxc.conf – /etc/lxc/auto • init script – /etc/default/lxc – /etc/init/lxc.conf – /etc/init/lxc-net.conf – /etc/dnsmasq.d-available/lxc 28
    29. 29. Namespaces • Partition essential kernel structures to create virtual environments • Types – pid – net – ipc – mnt – uts (hostname) – user 29
    30. 30. Create Namespaces • flags to the system call clone() – mnt: CLONE_NEWNS – uts: CLONE_NEWUTS – ipc: CLONE_NEWIPC – pid: CLONE_NEWPID – net: CLONE_NEWNET – user: CLONE_NEWUSER • command unshare – unshare [-m] [-u] [-i] [-n] <program> [args...] 30
    31. 31. Create Namespace in Code 31
    32. 32. Network • Each container has its own interface, routing table, iptables rules… • Communication between containers via pairs of veth interface • /etc/init/lxc-net.conf: iptables, dnsmasq… 32 [1] $ sudo unshare --net bash [2] $ echo $$ [1] $ sudo ip link add name lxcbr0 type veth peer name vethdoro [1] $ ip link set vethdoro netns <PID> [2] $ ip link set vethdoro name eth0 [2] $ ifconfig eth0 192.168.1.2 [2] $ ifconfig lo 127.0.0.1 [1] $ ifconfig addif vethdoro
    33. 33. Mount • Deluxe chroot()  pivot_root() • Filesystems mounted in a mnt namespace are visible only in this namespace • You need to remount special filesystem – procfs – devpts • Commands – unshare --mount <program> – mount {--make-[r]shared | --make-[r]slave | -- make -- [r]private | --make-unbindable} <mount-object> 33 http://www.ibm.com/developerworks/linux/library/l-mount-namespaces/index.html
    34. 34. cgroup • Everything exposed through filesystem – cgroup on /sys/fs/cgroup type tmpfs (rw,relatime,mode=755) – cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,relatime,cpuset) – cgroup on /sys/fs/cgroup/cpu type cgroup (rw,relatime,cpu) – cgroup on /sys/fs/cgroup/cpuacct type cgroup (rw,relatime,cpuacct) • Create a cgroup – mkdir -p /sys/fs/cgroup/cpu/lxc/u1 – Add PID to cgroup: echo $PID > /sys/fs/cgroup/cpu/lxc/u1/tasks – Limit: echo 512 > /sys/fs/cgroup/cpu/lxc/u1/cpu.shares 34
    35. 35. Limit & Account • CPU – cpu.shares – cpustat.usage – cpuset.cpus • Memory – memory.[soft_]limit_in_bytes – memory.stat • Block I/O – blkio.throttle.{read,write}.{iops,bps}.device • RTFM: Documentation/cgroup/* 35
    36. 36. 回家吃飯 36

    ×