Updates with LXC 1.0
The LXC userspace tools allow for the management of Linux Containers. The first stable version, LXC 1.0, was released in February 2014.
- 1 Important Updates
- 2 Examples from the Command Line
- 3 Additional Resources
LXC 1.0 is part of Ubuntu 14.04 LTS (trusty) and therefore comes with 5 years of support.
LXC comes with its own API.
Unprivileged Containers Via User Namespaces
Unprivileged containers have been possible since Linux Kernel 3.12. This means that containers can be started as normal users ("not root"). A break out from the container therefore does not automatically supply root rights.
This requires a revision of ID mapping and cgroup management (cgmanager).
Pre-built containers are now available at http://jenkins.linuxcontainers.org.
This was necessary since bootstrapping systems (e.g. debootstrap) can be problematic without root rights.
Containers can now be started within another container. This also requires cgmanager.
Previously, cgroups were administered in LXC via a filesystem interface (e.g. /sys/fs/cgroup/). Cgmanager provides assistance for the introduction of container nesting and the increasingly complex code for cgroup administration. This is done using a D-Bus interface.
The client cgm is contained in the package cgmanager-utils. It allows values, for example, to be queried:
root@lxc:/# cgm getvalue memory '/lxc/test_container' memory.usage_in_bytes method return sender=(null sender) -> dest=(null destination) reply_serial=1 string "1676333056"
Or alternatively via lxc-cgroup:
lxc-cgroup --name test_container memory.usage_in_bytes 1676333056
To limit swap usage, the kernel parameter swapaccount=1 must be added in Ubuntu 14.04. This is done in /etc/default/grub. Afterwards update-grub2 needs to be run with a subsequent restart.
With the lxc-device command, devices can be added to a container from the host.
There are now templates in /usr/share/lxc/config/ that can be used as a basis for individual lxc container configuration files. These templates, embedded using "include", provide a much leaner container configuration.
e.g. centos.common.conf, ubuntu.common.conf, ...
Auto Start Via Container Configuration
Previously, the automatic start of containers was performed via Symlinks in /etc/lxc/auto.
Now this functionality is possible within the container configuration file
lxc.start.auto = 1
Examples from the Command Line
The configured IP in the container can now be listed at the host:
lxc-ls --fancy NAME STATE IPV4 IPV6 AUTOSTART --------------------------------------------------------------------------------- p1 RUNNING 10.0.3.128 2607:f2c0:f00f:2751:216:... YES (ubuntu) p2 RUNNING 10.0.3.165 2607:f2c0:f00f:2751:216:... YES
The attach command functions normally with an updated 14.04 Ubuntu kernel.
lxc-attach -n test_container
- LXC 1.0: Blog post series (0/10) (Stéphane Graber Blog, Dec. 20, 2013)
- S3hh's Blog (Blog, contains many LXC entries)
Author: Christoph Mitasch
Christoph Mitasch works in the Web Operations & Knowledge Transfer team at Thomas-Krenn. He is responsible for the maintenance and further development of the webshop infrastructure. After an internship at IBM Linz, he finished his diploma studies "Computer- and Media-Security" at FH Hagenberg. He lives near Linz and beside working, he is an enthusiastic marathon runner and juggler, where he hold various world-records.