User Tools

Site Tools


docs:lxc

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
docs:lxc [2014-07-02 11:06] matkordocs:lxc [2016-08-21 00:36] (current) – [LXC - Linux Container Tools] glen
Line 1: Line 1:
 ====== LXC - Linux Container Tools ====== ====== LXC - Linux Container Tools ======
  
-LXC is a tool to create and manage containers. It contains a full featured container with the isolation / virtualization of the pids, the ipc, the utsname, the mount points, /proc, /sys, the network and it takes into account the control groups. It is very light, flexible, and provides a set of tools around the container like the monitoring with asynchronous events notification, or the freeze of the container. This package is useful to create Virtual Private Server, or to run isolated applications like bash or sshd. +[[https://linuxcontainers.org/lxc/|LXC]] is a tool to create and manage containers. It contains a full featured container with the isolation / virtualization of the pids, the ipc, the utsname, the mount points, /proc, /sys, the network and it takes into account the control groups. It is very light, flexible, and provides a set of tools around the container like the monitoring with asynchronous events notification, or the freeze of the container. This package is useful to create Virtual Private Server, or to run isolated applications like bash or sshd.  
 + 
 +LXC is pretty low level, very flexible and covers just about every containment feature supported by the upstream kernel. For a completely fresh and intuitive user experience with a single command line tool to manage your containers see [[LXD]].  
  
 **Resources** **Resources**
-  * [[http://linuxcontainers.org/|LXC Project homepage]] 
   * [[https://www.stgraber.org/2013/12/20/lxc-1-0-blog-post-series/|LXC 1.0 blog post series]] - must read to get quick overview what's out there   * [[https://www.stgraber.org/2013/12/20/lxc-1-0-blog-post-series/|LXC 1.0 blog post series]] - must read to get quick overview what's out there
   * [[http://lists.linuxfoundation.org/mailman/listinfo/containers|Linux Containers mailing list]]   * [[http://lists.linuxfoundation.org/mailman/listinfo/containers|Linux Containers mailing list]]
Line 21: Line 22:
   * [[package>lxc]] package   * [[package>lxc]] package
   * cgroups mounted, use [[package>systemd]] or [[package>libcgroup]] for that (edit and enable most groups in ///etc/cgconfig.conf// except debug)   * cgroups mounted, use [[package>systemd]] or [[package>libcgroup]] for that (edit and enable most groups in ///etc/cgconfig.conf// except debug)
 +
 +<note warning>Kernels with vserver support compiled in, do not work correctly with LXC
 +
 +  * [[http://lists.pld-linux.org/mailman/pipermail/pld-devel-en/2014-January/thread.html#23786]]
 +  * http://www.paul.sladen.org/vserver/archives/201402/0015.html
 +</note>
  
 ===== Guest creation ===== ===== Guest creation =====
Line 65: Line 72:
  
 ===== Common problems / Useful tricks ===== ===== Common problems / Useful tricks =====
 +
 +==== lxc-start has no output ====
 +
 +In case ''lxc-start -n test'' produces no output, ensure /dev/console is present in guest filesystem.
  
 ==== lxc-stop is not graceful ==== ==== lxc-stop is not graceful ====
Line 126: Line 137:
 ==== general ==== ==== general ====
  
-static networking, set ''VSERVER=yes'' and ''VSERVER_ISOLATION_NET=yes'' in guest ''/etc/sysconfig/system'' to disable all network configuration by guest, set RC_PROMPT=no to avoid hanging startaup scripts, in general it's good idea to turn off there most of things+static networking, set ''VSERVER=yes'' and ''VSERVER_ISOLATION_NET=yes'' in guest ''/etc/sysconfig/system'' to disable all network configuration by guest, set RC_PROMPT=no to avoid hanging startup scripts, in general it's good idea to turn off there most of things
  
 ==== network using macvlan in bridge mode ==== ==== network using macvlan in bridge mode ====
Line 133: Line 144:
   - you can't filter guest straffic  from host's firewall   - you can't filter guest straffic  from host's firewall
   - host can use seme default interface with and without guests running.   - host can use seme default interface with and without guests running.
-  - you HAVE to set mac. If not - on every container start you'll have different one (your router will not pass the traffic)+  - one have better to set static MAC address. If not - on every container start you'll have different MAC generated and your router may have problems with passing  traffic. 
-  - iptables is initialized from lxc.hook.pre-mount hook (ran in the container's namespace and having macvlan interface visible)+  - iptables is initialized from lxc.hook.pre-mount hook (ran in the container's namespace and having guest macvlan interface visible)
  
 first boot with ''hwaddr'' line disabled, look what the random address was assigned, set it in config. first boot with ''hwaddr'' line disabled, look what the random address was assigned, set it in config.
Line 161: Line 172:
 ==== network using bridged veth interfaces  ==== ==== network using bridged veth interfaces  ====
  
 +==== More raeding about network ====
 +
 +[[http://containerops.org/2013/11/19/lxc-networking/|Elaborate article about configuring different types of network ]]
 ===== Sample configs ===== ===== Sample configs =====
 ==== full config ==== ==== full config ====
docs/lxc.1404291999.txt.gz · Last modified: 2014-07-02 11:06 (external edit)

Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
Public Domain Donate Powered by PHP Valid HTML5 Valid CSS PLD Linux Driven by DokuWiki