SlideShare a Scribd company logo

Linux Containers (LXC)

Vladimir Melnic
Vladimir Melnic

Linux Containers (LXC) @Open Source Camp Moldova 2018 LXC (Linux Containers) is an operating-system-level virtualization method for running multiple isolated Linux systems (containers) on a control host using a single Linux kernel. https://en.wikipedia.org/wiki/LXC

1 of 50
Download to read offline
Linux Containers LXC Open Source Camp Moldova 2018
$ whoami Vladimir Melnic Developer DevOps https://github.com/vmelnic https://fb.com/melnic.vladimir 2
$ man lxc LXC (Linux Containers) is an operating-system-level virtualization method for running multiple isolated Linux systems (containers) on a control host using a single Linux kernel. https://en.wikipedia.org/wiki/LXC LGPL-2.1 C 88.9% Shell 7.4% M4 2.5% Other 1.2% Initial release: August 6, 2008 Stable release: 3.0.0, 28 May 2018 3
$ man lxd LXD is a next generation system container manager. It offers an user experience similar to virtual machines but using Linux containers instead. https://linuxcontainers.org/lxd/introduction/ Apache-2.0 Go 91.0%, Shell 7.9%, Other 1.1% Stable release: 3.0.0, 3 Apr 2018 4
Features ● cgroups - CPU, memory, block I/O, network, etc. ● namespaces - Process IDs, hostnames, user IDs, file names etc. ● unprivileged containers ● snapshot ● migrations ● LXD - Rest API ● LXCFS - Userspace (FUSE) filesystem https://linuxcontainers.org/lxcfs/introduction/ 5
Install # Ubuntu: $ sudo apt install lxd lxd-client # Centos/RHEL 7: $ sudo yum install yum-plugin-copr epel-release $ sudo yum copr enable ngompa/snapcore-el7 $ sudo yum install snapd $ sudo snap install lxd https://discuss.linuxcontainers.org/t/lxd-on-centos-7/1250 6
Configure $ sudo lxd init > Do you want to configure a new storage pool (yes/no) [default=yes]? yes > Name of the storage backend to use (dir or zfs) [default=dir]: dir > Would you like LXD to be available over the network (yes/no) [default=no]? yes > Address to bind LXD to (not including port) [default=all]: all > Port to bind LXD to [default=8443]: 8443 > Trust password for new clients: * > Again: * > Do you want to configure the LXD bridge (yes/no) [default=yes]? yes 7
Configuring - network 1/11 8
Configuring - network 2/11 9
Configuring - network 3/11 10
Configuring - network 4/11 11
Configuring - network 5/11 12
Configuring - network 6/11 13
Configuring - network 7/11 14
Configuring - network 8/11 15
Configuring - network 9/11 16
Configuring - network 10/11 17
Configuring - network 11/11 18
$ sudo lxd init > Do you want to configure a new storage pool (yes/no) [default=yes]?yes > Name of the storage backend to use (dir or zfs) [default=dir]:dir > Would you like LXD to be available over the network (yes/no) [default=no]?yes > Address to bind LXD to (not including port) [default=all]:all > Port to bind LXD to [default=8443]: 8443 > Trust password for new clients: * > Again: * > Do you want to configure the LXD bridge (yes/no) [default=yes]?yes > LXD has been successfully configured. $ 19
Creating and starting # Creating a container without starting it: $ sudo lxc init ubuntu:16.04 <container> # Creating and starting a new container: $ sudo lxc launch ubuntu:16.04 <container> https://linuxcontainers.org/lxd/getting-started-cli/ 20
21
List containers $ sudo lxc list 22
23
Start, stop and restart containers # Start container: $ sudo lxc start <container> # Stop container: $ sudo lxc stop <container> # Restart container: $ sudo lxc restart <container> 24
25
Delete containers $ sudo lxc delete <container> 26
27
Exec # Get a shell inside container: $ sudo lxc exec <container> -- /bin/bash # Run command inside container: $ sudo lxc exec <container> -- apt-get upgrade -y 28
29
30
Images 1/2 # Built-in image remotes: ● ubuntu: (for stable Ubuntu images) ● ubuntu-daily: (for daily Ubuntu images) ● images: (for a bunch of other distros) # Start a container from image: $ sudo lxc launch ubuntu:14.04 my-ubuntu $ sudo lxc launch ubuntu-daily:16.04 my-ubuntu-dev $ sudo lxc launch images:centos/6/amd64 my-centos 31
Images 2/2 # Using a remote LXD as an image server: $ sudo lxc remote add my-images 1.2.3.4 $ sudo lxc launch my-images:image-name your-container 32
List images # Local images: $ sudo lxc image list # Built-in image remotes: $ sudo lxc image list ubuntu: $ sudo lxc image list ubuntu-daily: $ sudo lxc image list images: https://stgraber.org/2016/03/30/lxd-2-0-image-management-512 33
34
35
Container info # Getting detailed information from a container: $ sudo lxc info <container> 36
37
Snapshot management # Creating a snapshot: $ sudo lxc snapshot <container> <snapshot> # Listing snapshots: $ sudo lxc info <container> # Restoring a snapshot: $ sudo lxc restore <container> <snapshot> # Creating a new container from a snapshot: $ sudo lxc copy <source container>/<snapshot> <destination container> # Deleting a snapshot: $ sudo lxc delete <container>/<snapshot> 38
39
40
Cloning and renaming # Copying a container: $ sudo lxc copy <source container> <destination container> # Moving a container: $ sudo lxc move <old name> <new name> 41
42
43
Resource control ● Disk (only for ZFS or btrfs storage backend) ● CPU ● Memory ● Network I/O (only supported for “bridged” and “p2p” type interfaces) ● Block I/O https://stgraber.org/2016/03/26/lxd-2-0-resource-control-412 44
Applying some limits # Container-wide limits: $ sudo lxc config set <container> <key> <value> # Profile: $ sudo lxc profile set <profile> <key> <value> # Device-specific: $ sudo lxc config device set <container> <device> <key> <value> 45
CPU # Limit a container to 1 CPU: $ sudo lxc config set c1 limits.cpu 1 46
47
Memory # Limit a container memory (RAM) to 256 MB: $ sudo lxc config set c1 limits.memory 256MB 48
49
Questions? 50

Recommended

Introduction to linux containers
Introduction to linux containersIntroduction to linux containers
Introduction to linux containers
Google
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
Luong Vo
 
Kubernetes - A Comprehensive Overview
Kubernetes - A Comprehensive OverviewKubernetes - A Comprehensive Overview
Kubernetes - A Comprehensive Overview
Bob Killen
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes Introduction
Martin Danielsson
 
Kubernetes - introduction
Kubernetes - introductionKubernetes - introduction
Kubernetes - introduction
Sparkbit
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
Raffaele Di Fazio
 
Rancher 2.0 Technical Deep Dive
Rancher 2.0 Technical Deep DiveRancher 2.0 Technical Deep Dive
Rancher 2.0 Technical Deep Dive
LINE Corporation
 
Docker Networking Overview
Docker Networking OverviewDocker Networking Overview
Docker Networking Overview
Sreenivas Makam
 

Recommended

Introduction to linux containers
Introduction to linux containersIntroduction to linux containers
Introduction to linux containers
Google
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
Luong Vo
 
Kubernetes - A Comprehensive Overview
Kubernetes - A Comprehensive OverviewKubernetes - A Comprehensive Overview
Kubernetes - A Comprehensive Overview
Bob Killen
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes Introduction
Martin Danielsson
 
Kubernetes - introduction
Kubernetes - introductionKubernetes - introduction
Kubernetes - introduction
Sparkbit
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
Raffaele Di Fazio
 
Rancher 2.0 Technical Deep Dive
Rancher 2.0 Technical Deep DiveRancher 2.0 Technical Deep Dive
Rancher 2.0 Technical Deep Dive
LINE Corporation
 
Docker Networking Overview
Docker Networking OverviewDocker Networking Overview
Docker Networking Overview
Sreenivas Makam
 
Introduction of Kubernetes - Trang Nguyen
Introduction of Kubernetes - Trang NguyenIntroduction of Kubernetes - Trang Nguyen
Introduction of Kubernetes - Trang Nguyen
Trang Nguyen
 
Advanced Deployment Strategies with Kubernetes and Istio
Advanced Deployment Strategies with Kubernetes and IstioAdvanced Deployment Strategies with Kubernetes and Istio
Advanced Deployment Strategies with Kubernetes and Istio
CloudOps2005
 
Kubernetes Networking 101
Kubernetes Networking 101Kubernetes Networking 101
Kubernetes Networking 101
Weaveworks
 
GitOps and ArgoCD
GitOps and ArgoCDGitOps and ArgoCD
GitOps and ArgoCD
Omar Fathy
 
OpenShift 4 installation
OpenShift 4 installationOpenShift 4 installation
OpenShift 4 installation
Robert Bohne
 
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesKubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
SlideTeam
 
Introduction to Kubernetes and Google Container Engine (GKE)
Introduction to Kubernetes and Google Container Engine (GKE)Introduction to Kubernetes and Google Container Engine (GKE)
Introduction to Kubernetes and Google Container Engine (GKE)
Opsta
 
Kubernetes Basics
Kubernetes BasicsKubernetes Basics
Kubernetes Basics
Eueung Mulyana
 
Kubernetes Workshop
Kubernetes WorkshopKubernetes Workshop
Kubernetes Workshop
loodse
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
Crevise Technologies
 
Kubernetes for Beginners: An Introductory Guide
Kubernetes for Beginners: An Introductory GuideKubernetes for Beginners: An Introductory Guide
Kubernetes for Beginners: An Introductory Guide
Bytemark
 
Intro to GitOps & Flux.pdf
Intro to GitOps & Flux.pdfIntro to GitOps & Flux.pdf
Intro to GitOps & Flux.pdf
Weaveworks
 
OpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platformOpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platform
Kangaroot
 
Docker 101 : Introduction to Docker and Containers
Docker 101 : Introduction to Docker and ContainersDocker 101 : Introduction to Docker and Containers
Docker 101 : Introduction to Docker and Containers
Yajushi Srivastava
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes Introduction
Peng Xiao
 
DevOps with Kubernetes
DevOps with KubernetesDevOps with Kubernetes
DevOps with Kubernetes
EastBanc Tachnologies
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
Peng Xiao
 
How to build a Kubernetes networking solution from scratch
How to build a Kubernetes networking solution from scratchHow to build a Kubernetes networking solution from scratch
How to build a Kubernetes networking solution from scratch
All Things Open
 
Introduction to helm
Introduction to helmIntroduction to helm
Introduction to helm
Jeeva Chelladhurai
 
Gitlab, GitOps & ArgoCD
Gitlab, GitOps & ArgoCDGitlab, GitOps & ArgoCD
Gitlab, GitOps & ArgoCD
Haggai Philip Zagury
 
Lightweight Virtualization: LXC Best Practices
Lightweight Virtualization: LXC Best PracticesLightweight Virtualization: LXC Best Practices
Lightweight Virtualization: LXC Best PracticesWerner Fischer
 
Shifter: Containers in HPC Environments
Shifter: Containers in HPC EnvironmentsShifter: Containers in HPC Environments
Shifter: Containers in HPC Environments
inside-BigData.com
 

More Related Content

What's hot

Introduction of Kubernetes - Trang Nguyen
Introduction of Kubernetes - Trang NguyenIntroduction of Kubernetes - Trang Nguyen
Introduction of Kubernetes - Trang Nguyen
Trang Nguyen
 
Advanced Deployment Strategies with Kubernetes and Istio
Advanced Deployment Strategies with Kubernetes and IstioAdvanced Deployment Strategies with Kubernetes and Istio
Advanced Deployment Strategies with Kubernetes and Istio
CloudOps2005
 
Kubernetes Networking 101
Kubernetes Networking 101Kubernetes Networking 101
Kubernetes Networking 101
Weaveworks
 
GitOps and ArgoCD
GitOps and ArgoCDGitOps and ArgoCD
GitOps and ArgoCD
Omar Fathy
 
OpenShift 4 installation
OpenShift 4 installationOpenShift 4 installation
OpenShift 4 installation
Robert Bohne
 
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesKubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
SlideTeam
 
Introduction to Kubernetes and Google Container Engine (GKE)
Introduction to Kubernetes and Google Container Engine (GKE)Introduction to Kubernetes and Google Container Engine (GKE)
Introduction to Kubernetes and Google Container Engine (GKE)
Opsta
 
Kubernetes Basics
Kubernetes BasicsKubernetes Basics
Kubernetes Basics
Eueung Mulyana
 
Kubernetes Workshop
Kubernetes WorkshopKubernetes Workshop
Kubernetes Workshop
loodse
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
Crevise Technologies
 
Kubernetes for Beginners: An Introductory Guide
Kubernetes for Beginners: An Introductory GuideKubernetes for Beginners: An Introductory Guide
Kubernetes for Beginners: An Introductory Guide
Bytemark
 
Intro to GitOps & Flux.pdf
Intro to GitOps & Flux.pdfIntro to GitOps & Flux.pdf
Intro to GitOps & Flux.pdf
Weaveworks
 
OpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platformOpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platform
Kangaroot
 
Docker 101 : Introduction to Docker and Containers
Docker 101 : Introduction to Docker and ContainersDocker 101 : Introduction to Docker and Containers
Docker 101 : Introduction to Docker and Containers
Yajushi Srivastava
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes Introduction
Peng Xiao
 
DevOps with Kubernetes
DevOps with KubernetesDevOps with Kubernetes
DevOps with Kubernetes
EastBanc Tachnologies
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
Peng Xiao
 
How to build a Kubernetes networking solution from scratch
How to build a Kubernetes networking solution from scratchHow to build a Kubernetes networking solution from scratch
How to build a Kubernetes networking solution from scratch
All Things Open
 
Introduction to helm
Introduction to helmIntroduction to helm
Introduction to helm
Jeeva Chelladhurai
 
Gitlab, GitOps & ArgoCD
Gitlab, GitOps & ArgoCDGitlab, GitOps & ArgoCD
Gitlab, GitOps & ArgoCD
Haggai Philip Zagury
 

What's hot (20)

Introduction of Kubernetes - Trang Nguyen
Introduction of Kubernetes - Trang NguyenIntroduction of Kubernetes - Trang Nguyen
Introduction of Kubernetes - Trang Nguyen
 
Advanced Deployment Strategies with Kubernetes and Istio
Advanced Deployment Strategies with Kubernetes and IstioAdvanced Deployment Strategies with Kubernetes and Istio
Advanced Deployment Strategies with Kubernetes and Istio
 
Kubernetes Networking 101
Kubernetes Networking 101Kubernetes Networking 101
Kubernetes Networking 101
 
GitOps and ArgoCD
GitOps and ArgoCDGitOps and ArgoCD
GitOps and ArgoCD
 
OpenShift 4 installation
OpenShift 4 installationOpenShift 4 installation
OpenShift 4 installation
 
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesKubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
 
Introduction to Kubernetes and Google Container Engine (GKE)
Introduction to Kubernetes and Google Container Engine (GKE)Introduction to Kubernetes and Google Container Engine (GKE)
Introduction to Kubernetes and Google Container Engine (GKE)
 
Kubernetes Basics
Kubernetes BasicsKubernetes Basics
Kubernetes Basics
 
Kubernetes Workshop
Kubernetes WorkshopKubernetes Workshop
Kubernetes Workshop
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
 
Kubernetes for Beginners: An Introductory Guide
Kubernetes for Beginners: An Introductory GuideKubernetes for Beginners: An Introductory Guide
Kubernetes for Beginners: An Introductory Guide
 
Intro to GitOps & Flux.pdf
Intro to GitOps & Flux.pdfIntro to GitOps & Flux.pdf
Intro to GitOps & Flux.pdf
 
OpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platformOpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platform
 
Docker 101 : Introduction to Docker and Containers
Docker 101 : Introduction to Docker and ContainersDocker 101 : Introduction to Docker and Containers
Docker 101 : Introduction to Docker and Containers
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes Introduction
 
DevOps with Kubernetes
DevOps with KubernetesDevOps with Kubernetes
DevOps with Kubernetes
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
 
How to build a Kubernetes networking solution from scratch
How to build a Kubernetes networking solution from scratchHow to build a Kubernetes networking solution from scratch
How to build a Kubernetes networking solution from scratch
 
Introduction to helm
Introduction to helmIntroduction to helm
Introduction to helm
 
Gitlab, GitOps & ArgoCD
Gitlab, GitOps & ArgoCDGitlab, GitOps & ArgoCD
Gitlab, GitOps & ArgoCD
 

Similar to Linux Containers (LXC)

Lightweight Virtualization: LXC Best Practices
Lightweight Virtualization: LXC Best PracticesLightweight Virtualization: LXC Best Practices
Lightweight Virtualization: LXC Best PracticesWerner Fischer
 
Shifter: Containers in HPC Environments
Shifter: Containers in HPC EnvironmentsShifter: Containers in HPC Environments
Shifter: Containers in HPC Environments
inside-BigData.com
 
Linuxcon Barcelon 2012: LXC Best Practices
Linuxcon Barcelon 2012: LXC Best PracticesLinuxcon Barcelon 2012: LXC Best Practices
Linuxcon Barcelon 2012: LXC Best Practices
christophm
 
Docker 基本概念與指令操作
Docker 基本概念與指令操作Docker 基本概念與指令操作
Docker 基本概念與指令操作
NUTC, imac
 
Docker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in PragueDocker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in Prague
tomasbart
 
Introducing Docker
Introducing DockerIntroducing Docker
Introducing Docker
Francesco Pantano
 
Isolating an applications using LXC – Linux Containers
Isolating an applications using LXC – Linux ContainersIsolating an applications using LXC – Linux Containers
Isolating an applications using LXC – Linux Containers
Venkat Raman
 
От sysV к systemd
От sysV к systemdОт sysV к systemd
От sysV к systemd
Denis Kovalev
 
Preparation study of_docker - (MOSG)
Preparation study of_docker - (MOSG)Preparation study of_docker - (MOSG)
Preparation study of_docker - (MOSG)
Soshi Nemoto
 
From zero to Docker
From zero to DockerFrom zero to Docker
From zero to Docker
Giovanni Toraldo
 
Linux Container Technology 101
Linux Container Technology 101Linux Container Technology 101
Linux Container Technology 101
inside-BigData.com
 
Présentation de Docker
Présentation de DockerPrésentation de Docker
Présentation de Docker
Proto204
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
Kevin Littlejohn
 
Develop QNAP NAS App by Docker
Develop QNAP NAS App by DockerDevelop QNAP NAS App by Docker
Develop QNAP NAS App by Docker
Terry Chen
 
BDM32: AdamCloud Project - Part II
BDM32: AdamCloud Project - Part IIBDM32: AdamCloud Project - Part II
BDM32: AdamCloud Project - Part II
David Lauzon
 
LXC
LXCLXC
LXC
Wu Fan-Cheng
 
Security of Linux containers in the cloud
Security of Linux containers in the cloudSecurity of Linux containers in the cloud
Security of Linux containers in the cloud
Dobrica Pavlinušić
 
Docker workshop
Docker workshopDocker workshop
Docker workshopEvans Ye
 
Rooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in DockerRooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in Docker
Phil Estes
 
Automate drupal deployments with linux containers, docker and vagrant
Automate drupal deployments with linux containers, docker and vagrant Automate drupal deployments with linux containers, docker and vagrant
Automate drupal deployments with linux containers, docker and vagrant Ricardo Amaro
 

Similar to Linux Containers (LXC) (20)

Lightweight Virtualization: LXC Best Practices
Lightweight Virtualization: LXC Best PracticesLightweight Virtualization: LXC Best Practices
Lightweight Virtualization: LXC Best Practices
 
Shifter: Containers in HPC Environments
Shifter: Containers in HPC EnvironmentsShifter: Containers in HPC Environments
Shifter: Containers in HPC Environments
 
Linuxcon Barcelon 2012: LXC Best Practices
Linuxcon Barcelon 2012: LXC Best PracticesLinuxcon Barcelon 2012: LXC Best Practices
Linuxcon Barcelon 2012: LXC Best Practices
 
Docker 基本概念與指令操作
Docker 基本概念與指令操作Docker 基本概念與指令操作
Docker 基本概念與指令操作
 
Docker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in PragueDocker and friends at Linux Days 2014 in Prague
Docker and friends at Linux Days 2014 in Prague
 
Introducing Docker
Introducing DockerIntroducing Docker
Introducing Docker
 
Isolating an applications using LXC – Linux Containers
Isolating an applications using LXC – Linux ContainersIsolating an applications using LXC – Linux Containers
Isolating an applications using LXC – Linux Containers
 
От sysV к systemd
От sysV к systemdОт sysV к systemd
От sysV к systemd
 
Preparation study of_docker - (MOSG)
Preparation study of_docker - (MOSG)Preparation study of_docker - (MOSG)
Preparation study of_docker - (MOSG)
 
From zero to Docker
From zero to DockerFrom zero to Docker
From zero to Docker
 
Linux Container Technology 101
Linux Container Technology 101Linux Container Technology 101
Linux Container Technology 101
 
Présentation de Docker
Présentation de DockerPrésentation de Docker
Présentation de Docker
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
 
Develop QNAP NAS App by Docker
Develop QNAP NAS App by DockerDevelop QNAP NAS App by Docker
Develop QNAP NAS App by Docker
 
BDM32: AdamCloud Project - Part II
BDM32: AdamCloud Project - Part IIBDM32: AdamCloud Project - Part II
BDM32: AdamCloud Project - Part II
 
LXC
LXCLXC
LXC
 
Security of Linux containers in the cloud
Security of Linux containers in the cloudSecurity of Linux containers in the cloud
Security of Linux containers in the cloud
 
Docker workshop
Docker workshopDocker workshop
Docker workshop
 
Rooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in DockerRooting Out Root: User namespaces in Docker
Rooting Out Root: User namespaces in Docker
 
Automate drupal deployments with linux containers, docker and vagrant
Automate drupal deployments with linux containers, docker and vagrant Automate drupal deployments with linux containers, docker and vagrant
Automate drupal deployments with linux containers, docker and vagrant
 

More from Vladimir Melnic

Drupal Global Trainig Day Moldova 2018
Drupal Global Trainig Day Moldova 2018Drupal Global Trainig Day Moldova 2018
Drupal Global Trainig Day Moldova 2018
Vladimir Melnic
 
PGP - confidențialitate in mediul online
PGP - confidențialitate in mediul onlinePGP - confidențialitate in mediul online
PGP - confidențialitate in mediul online
Vladimir Melnic
 
Drupal Winter Day 2017
Drupal Winter Day 2017Drupal Winter Day 2017
Drupal Winter Day 2017
Vladimir Melnic
 
Drupal Winter Day 2017 Workshop
Drupal Winter Day 2017 WorkshopDrupal Winter Day 2017 Workshop
Drupal Winter Day 2017 Workshop
Vladimir Melnic
 
Drupal Winter Day 2017 Workshop - Personal Blog
Drupal Winter Day 2017 Workshop - Personal BlogDrupal Winter Day 2017 Workshop - Personal Blog
Drupal Winter Day 2017 Workshop - Personal Blog
Vladimir Melnic
 
Developer Offline 9 - Futurity
Developer Offline 9 - FuturityDeveloper Offline 9 - Futurity
Developer Offline 9 - Futurity
Vladimir Melnic
 
Ecosistemul Drupal
Ecosistemul DrupalEcosistemul Drupal
Ecosistemul Drupal
Vladimir Melnic
 
Xdebug as a Drupal debugging tool
Xdebug as a Drupal debugging toolXdebug as a Drupal debugging tool
Xdebug as a Drupal debugging tool
Vladimir Melnic
 
Eu code week moldova
Eu code week moldovaEu code week moldova
Eu code week moldova
Vladimir Melnic
 
Drupal Install FEST
Drupal Install FESTDrupal Install FEST
Drupal Install FEST
Vladimir Melnic
 
Phing
PhingPhing
Phing
Vladimir Melnic
 
Securitatea sete urilor pe drupal
Securitatea sete urilor pe drupalSecuritatea sete urilor pe drupal
Securitatea sete urilor pe drupal
Vladimir Melnic
 
Instalare drupal
Instalare drupalInstalare drupal
Instalare drupal
Vladimir Melnic
 
New vision in server administration
New vision in server administrationNew vision in server administration
New vision in server administration
Vladimir Melnic
 

More from Vladimir Melnic (14)

Drupal Global Trainig Day Moldova 2018
Drupal Global Trainig Day Moldova 2018Drupal Global Trainig Day Moldova 2018
Drupal Global Trainig Day Moldova 2018
 
PGP - confidențialitate in mediul online
PGP - confidențialitate in mediul onlinePGP - confidențialitate in mediul online
PGP - confidențialitate in mediul online
 
Drupal Winter Day 2017
Drupal Winter Day 2017Drupal Winter Day 2017
Drupal Winter Day 2017
 
Drupal Winter Day 2017 Workshop
Drupal Winter Day 2017 WorkshopDrupal Winter Day 2017 Workshop
Drupal Winter Day 2017 Workshop
 
Drupal Winter Day 2017 Workshop - Personal Blog
Drupal Winter Day 2017 Workshop - Personal BlogDrupal Winter Day 2017 Workshop - Personal Blog
Drupal Winter Day 2017 Workshop - Personal Blog
 
Developer Offline 9 - Futurity
Developer Offline 9 - FuturityDeveloper Offline 9 - Futurity
Developer Offline 9 - Futurity
 
Ecosistemul Drupal
Ecosistemul DrupalEcosistemul Drupal
Ecosistemul Drupal
 
Xdebug as a Drupal debugging tool
Xdebug as a Drupal debugging toolXdebug as a Drupal debugging tool
Xdebug as a Drupal debugging tool
 
Eu code week moldova
Eu code week moldovaEu code week moldova
Eu code week moldova
 
Drupal Install FEST
Drupal Install FESTDrupal Install FEST
Drupal Install FEST
 
Phing
PhingPhing
Phing
 
Securitatea sete urilor pe drupal
Securitatea sete urilor pe drupalSecuritatea sete urilor pe drupal
Securitatea sete urilor pe drupal
 
Instalare drupal
Instalare drupalInstalare drupal
Instalare drupal
 
New vision in server administration
New vision in server administrationNew vision in server administration
New vision in server administration
 

Recently uploaded

Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 

Recently uploaded (20)

Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 

Linux Containers (LXC)

  • 3. $ man lxc LXC (Linux Containers) is an operating-system-level virtualization method for running multiple isolated Linux systems (containers) on a control host using a single Linux kernel. https://en.wikipedia.org/wiki/LXC LGPL-2.1 C 88.9% Shell 7.4% M4 2.5% Other 1.2% Initial release: August 6, 2008 Stable release: 3.0.0, 28 May 2018 3
  • 4. $ man lxd LXD is a next generation system container manager. It offers an user experience similar to virtual machines but using Linux containers instead. https://linuxcontainers.org/lxd/introduction/ Apache-2.0 Go 91.0%, Shell 7.9%, Other 1.1% Stable release: 3.0.0, 3 Apr 2018 4
  • 5. Features ● cgroups - CPU, memory, block I/O, network, etc. ● namespaces - Process IDs, hostnames, user IDs, file names etc. ● unprivileged containers ● snapshot ● migrations ● LXD - Rest API ● LXCFS - Userspace (FUSE) filesystem https://linuxcontainers.org/lxcfs/introduction/ 5
  • 6. Install # Ubuntu: $ sudo apt install lxd lxd-client # Centos/RHEL 7: $ sudo yum install yum-plugin-copr epel-release $ sudo yum copr enable ngompa/snapcore-el7 $ sudo yum install snapd $ sudo snap install lxd https://discuss.linuxcontainers.org/t/lxd-on-centos-7/1250 6
  • 7. Configure $ sudo lxd init > Do you want to configure a new storage pool (yes/no) [default=yes]? yes > Name of the storage backend to use (dir or zfs) [default=dir]: dir > Would you like LXD to be available over the network (yes/no) [default=no]? yes > Address to bind LXD to (not including port) [default=all]: all > Port to bind LXD to [default=8443]: 8443 > Trust password for new clients: * > Again: * > Do you want to configure the LXD bridge (yes/no) [default=yes]? yes 7
  • 19. $ sudo lxd init > Do you want to configure a new storage pool (yes/no) [default=yes]?yes > Name of the storage backend to use (dir or zfs) [default=dir]:dir > Would you like LXD to be available over the network (yes/no) [default=no]?yes > Address to bind LXD to (not including port) [default=all]:all > Port to bind LXD to [default=8443]: 8443 > Trust password for new clients: * > Again: * > Do you want to configure the LXD bridge (yes/no) [default=yes]?yes > LXD has been successfully configured. $ 19
  • 20. Creating and starting # Creating a container without starting it: $ sudo lxc init ubuntu:16.04 <container> # Creating and starting a new container: $ sudo lxc launch ubuntu:16.04 <container> https://linuxcontainers.org/lxd/getting-started-cli/ 20
  • 21. 21
  • 22. List containers $ sudo lxc list 22
  • 23. 23
  • 24. Start, stop and restart containers # Start container: $ sudo lxc start <container> # Stop container: $ sudo lxc stop <container> # Restart container: $ sudo lxc restart <container> 24
  • 25. 25
  • 26. Delete containers $ sudo lxc delete <container> 26
  • 27. 27
  • 28. Exec # Get a shell inside container: $ sudo lxc exec <container> -- /bin/bash # Run command inside container: $ sudo lxc exec <container> -- apt-get upgrade -y 28
  • 29. 29
  • 30. 30
  • 31. Images 1/2 # Built-in image remotes: ● ubuntu: (for stable Ubuntu images) ● ubuntu-daily: (for daily Ubuntu images) ● images: (for a bunch of other distros) # Start a container from image: $ sudo lxc launch ubuntu:14.04 my-ubuntu $ sudo lxc launch ubuntu-daily:16.04 my-ubuntu-dev $ sudo lxc launch images:centos/6/amd64 my-centos 31
  • 32. Images 2/2 # Using a remote LXD as an image server: $ sudo lxc remote add my-images 1.2.3.4 $ sudo lxc launch my-images:image-name your-container 32
  • 33. List images # Local images: $ sudo lxc image list # Built-in image remotes: $ sudo lxc image list ubuntu: $ sudo lxc image list ubuntu-daily: $ sudo lxc image list images: https://stgraber.org/2016/03/30/lxd-2-0-image-management-512 33
  • 34. 34
  • 35. 35
  • 36. Container info # Getting detailed information from a container: $ sudo lxc info <container> 36
  • 37. 37
  • 38. Snapshot management # Creating a snapshot: $ sudo lxc snapshot <container> <snapshot> # Listing snapshots: $ sudo lxc info <container> # Restoring a snapshot: $ sudo lxc restore <container> <snapshot> # Creating a new container from a snapshot: $ sudo lxc copy <source container>/<snapshot> <destination container> # Deleting a snapshot: $ sudo lxc delete <container>/<snapshot> 38
  • 39. 39
  • 40. 40
  • 41. Cloning and renaming # Copying a container: $ sudo lxc copy <source container> <destination container> # Moving a container: $ sudo lxc move <old name> <new name> 41
  • 42. 42
  • 43. 43
  • 44. Resource control ● Disk (only for ZFS or btrfs storage backend) ● CPU ● Memory ● Network I/O (only supported for “bridged” and “p2p” type interfaces) ● Block I/O https://stgraber.org/2016/03/26/lxd-2-0-resource-control-412 44
  • 45. Applying some limits # Container-wide limits: $ sudo lxc config set <container> <key> <value> # Profile: $ sudo lxc profile set <profile> <key> <value> # Device-specific: $ sudo lxc config device set <container> <device> <key> <value> 45
  • 46. CPU # Limit a container to 1 CPU: $ sudo lxc config set c1 limits.cpu 1 46
  • 47. 47
  • 48. Memory # Limit a container memory (RAM) to 256 MB: $ sudo lxc config set c1 limits.memory 256MB 48
  • 49. 49