Updates with LXC 1.0

From Thomas-Krenn-Wiki
Jump to: navigation, search

The LXC userspace tools allow for the management of Linux Containers. The first stable version, LXC 1.0, was released in February 2014.

Important Updates

LTS Support

LXC 1.0 is part of Ubuntu 14.04 LTS (trusty) and therefore comes with 5 years of support.

liblxc API

LXC comes with its own API.

Unprivileged Containers Via User Namespaces

Unprivileged containers have been possible since Linux Kernel 3.12. This means that containers can be started as normal users ("not root"). A break out from the container therefore does not automatically supply root rights.

This requires a revision of ID mapping and cgroup management (cgmanager).

Pre-built Containers

Pre-built containers are now available at http://jenkins.linuxcontainers.org.

This was necessary since bootstrapping systems (e.g. debootstrap) can be problematic without root rights.

Container Nesting

Containers can now be started within another container. This also requires cgmanager.

Cgmanager

Previously, cgroups were administered in LXC via a filesystem interface (e.g. /sys/fs/cgroup/). Cgmanager provides assistance for the introduction of container nesting and the increasingly complex code for cgroup administration. This is done using a D-Bus interface.

The client cgm is contained in the package cgmanager-utils. It allows values, for example, to be queried:

root@lxc:/# cgm getvalue memory '/lxc/test_container' memory.usage_in_bytes
method return sender=(null sender) -> dest=(null destination) reply_serial=1
   string "1676333056"

Or alternatively via lxc-cgroup:

lxc-cgroup --name test_container memory.usage_in_bytes
1676333056

To limit swap usage, the kernel parameter swapaccount=1 must be added in Ubuntu 14.04. This is done in /etc/default/grub. Afterwards update-grub2 needs to be run with a subsequent restart.

Adding Devices

With the lxc-device command, devices can be added to a container from the host.

Configuration Templates

There are now templates in /usr/share/lxc/config/ that can be used as a basis for individual lxc container configuration files. These templates, embedded using "include", provide a much leaner container configuration.

e.g. centos.common.conf, ubuntu.common.conf, ...

Auto Start Via Container Configuration

Previously, the automatic start of containers was performed via Symlinks in /etc/lxc/auto.

Now this functionality is possible within the container configuration file

lxc.start.auto = 1

Examples from the Command Line

The configured IP in the container can now be listed at the host:

lxc-ls --fancy 
NAME    STATE    IPV4        IPV6                                    AUTOSTART     
--------------------------------------------------------------------------------- 
p1      RUNNING  10.0.3.128  2607:f2c0:f00f:2751:216:...  YES (ubuntu) 
p2      RUNNING  10.0.3.165  2607:f2c0:f00f:2751:216:...  YES 

The attach command functions normally with an updated 14.04 Ubuntu kernel.

lxc-attach -n test_container 

Additional Resources


Foto Christoph Mitasch.jpg

Author: Christoph Mitasch

Christoph Mitasch works in the Web Operations & Knowledge Transfer team at Thomas-Krenn. He is responsible for the maintenance and further development of the webshop infrastructure. After an internship at IBM Linz, he finished his diploma studies "Computer- and Media-Security" at FH Hagenberg. He lives near Linz and beside working, he is an enthusiastic marathon runner and juggler, where he hold various world-records.


Related articles

Bash Tipps and Tricks
MySQL Performance Tuning
Using Md5sum und sha1sum for Checking Downloaded Files