1. lxc介绍
容器是一种轻量级的虚拟化技术,与qemu/kvm、VMware、Xen等完全的虚拟化方案相比,LXC更像是加强的“chroot”,因为LXC不但没有没有对硬件设备进行仿真,而且可以与主机共享一模一样的操作系统,所以LXC与solaris的zones和BSD的jails相比,更具优势。
目前,有两个比较方便的管理容器的用户空间的工具:libvirt和lxc。libvirt通过"lxc:///"像管理其他虚拟机驱动一样管理lxc虚拟机。另一个是与libvirt完全独立的LXC,它定义了一些列的命令,可以更灵活的管理和使用lxc。
下面,将以LXC为例来介绍lxc的使用。
2 LXC的安装和使用
(1)LXC的安装
- sudo apt-get install lxc
该命令将自动安装LXC依赖的其他软件:cgroup-lite, lvm2, and debootstrap。如果想使用libvirt来实现lxc的管理,还需要安装 libvirt-bin和libvirt-lxc。
(2)LXC主机端的配置文件介绍
在使用LXC之前,首先对其配置文件进行简单的介绍,以便使大家能更好的理解LXC的工作原理。
a. /etc/lxc/lxc.conf
容器默认的配置文件,如果在创建lxc容器的时候不指定配置文件,将默认使用这个配置文件。主要针 对网络以及命名空间的配置。还有一些其他的配置例子可以在/usr/share/doc/lxc/examples/目录下
找到。
找到。
b. /usr/lib/lxc/templates/
该目录下保存了当前LXC支持的各种发行版的linux的模板配置文件,目前主要有:
lxc-ubuntu, lxc-fedora,lxc-opensuse,lxc-debian,lxc-busybox,lxc-sshd,lxc-cloud-ubuntu等。
c. /var/lib/lxc
每个容器的实例存放在这个目录下。
d. /var/cache/lxc
容器实例的cache,当用户创建一种类型的实例后,将会在此目录下cache,再次创建时将不需要从网 上下载,直接采用cache的版本,加速了容器实例的创建过程。
下面来分析下lxc-ubuntu的创建过程(详见最下面的注释说明):
- #!/bin/bash
- #
- # template script for generating ubuntu container for LXC
- #
- # This script consolidates and extends the existing lxc ubuntu scripts
- #
- # Copyright ?2011 Serge Hallyn <serge.hallyn@canonical.com>
- # Copyright ?2010 Wilhelm Meier
- # Author: Wilhelm Meier <wilhelm.meier@fh-kl.de>
- #
- # This program is free software; you can redistribute it and/or modify
- # it under the terms of the GNU General Public License version 2, as
- # published by the Free Software Foundation.
- # This program is distributed in the hope that it will be useful,
- # but WITHOUT ANY WARRANTY; without even the implied warranty of
- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- # GNU General Public License for more details.
- # You should have received a copy of the GNU General Public License along
- # with this program; if not, write to the Free Software Foundation, Inc.,
- # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- #
- set -e ##如果命令带非零值返回,立即退出
- if [ -r /etc/default/lxc ]; then
- . /etc/default/lxc #导入一些环境变量
- fi
- configure_ubuntu()
- {
- rootfs=$1
- hostname=$2
- release=$3
- # configure the network using the dhcp
- cat <<EOF > $rootfs/etc/network/interfaces
- # This file describes the network interfaces available on your system
- # and how to activate them. For more information, see interfaces(5).
- # The loopback network interface
- auto lo
- iface lo inet loopback
- auto eth0
- iface eth0 inet dhcp
- EOF
- # set the hostname
- cat <<EOF > $rootfs/etc/hostname
- $hostname
- EOF
- # set minimal hosts
- cat <<EOF > $rootfs/etc/hosts
- 127.0.0.1 localhost
- 127.0.1.1 $hostname
- # The following lines are desirable for IPv6 capable hosts
- ::1 ip6-localhost ip6-loopback
- fe00::0 ip6-localnet
- ff00::0 ip6-mcastprefix
- ff02::1 ip6-allnodes
- ff02::2 ip6-allrouters
- EOF
- if [ ! -f $rootfs/etc/init/container-detect.conf ]; then
- # suppress log level output for udev
- sed -i "s/=\"err\"/=0/" $rootfs/etc/udev/udev.conf
- # remove jobs for consoles 5 and 6 since we only create 4 consoles in
- # this template
- rm -f $rootfs/etc/init/tty{5,6}.conf
- fi
- if [ -z "$bindhome" ]; then
- chroot $rootfs useradd --create-home -s /bin/bash ubuntu
- echo "ubuntu:ubuntu" | chroot $rootfs chpasswd
- fi
- return 0
- }
- # finish setting up the user in the container by injecting ssh key and
- # adding sudo group membership.
- # passed-in user is either 'ubuntu' or the user to bind in from host.
- finalize_user()
- {
- user=$1
- sudo_version=$(chroot $rootfs dpkg-query -W -f='${Version}' sudo)
- if chroot $rootfs dpkg --compare-versions $sudo_version gt "1.8.3p1-1"; then
- groups="sudo"
- else
- groups="sudo admin"
- fi
- for group in $groups; do
- chroot $rootfs groupadd --system $group >/dev/null 2>&1 || true
- chroot $rootfs adduser ${user} $group >/dev/null 2>&1 || true
- done
- if [ -n "$auth_key" -a -f "$auth_key" ]; then
- u_path="/home/${user}/.ssh"
- root_u_path="$rootfs/$u_path"
- mkdir -p $root_u_path
- cp $auth_key "$root_u_path/authorized_keys"
- chroot $rootfs chown -R ${user}: "$u_path"
- echo "Inserted SSH public key from $auth_key into /home/${user}/.ssh/authorized_keys"
- fi
- return 0
- }
- write_sourceslist()
- {
- # $1 => path to the rootfs
- # $2 => architecture we want to add
- # $3 => whether to use the multi-arch syntax or not
- case $2 in
- amd64|i386)
- MIRROR=${MIRROR:-http://archive.ubuntu.com/ubuntu}
- SECURITY_MIRROR=${SECURITY_MIRROR:-http://security.ubuntu.com/ubuntu}
- ;;
- *)
- MIRROR=${MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
- SECURITY_MIRROR=${SECURITY_MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
- ;;
- esac
- if [ -n "$3" ]; then
- cat >> "$1/etc/apt/sources.list" << EOF
- deb [arch=$2] $MIRROR ${release} main restricted universe multiverse
- deb [arch=$2] $MIRROR ${release}-updates main restricted universe multiverse
- deb [arch=$2] $SECURITY_MIRROR ${release}-security main restricted universe multiverse
- EOF
- else
- cat >> "$1/etc/apt/sources.list" << EOF
- deb $MIRROR ${release} main restricted universe multiverse
- deb $MIRROR ${release}-updates main restricted universe multiverse
- deb $SECURITY_MIRROR ${release}-security main restricted universe multiverse
- EOF
- fi
- }
- download_ubuntu()
- {
- cache=$1
- arch=$2
- release=$3
- packages=vim,ssh
- echo "installing packages: $packages"
- # check the mini ubuntu was not already downloaded
- mkdir -p "$cache/partial-$arch"
- if [ $? -ne 0 ]; then
- echo "Failed to create '$cache/partial-$arch' directory"
- return 1
- fi