LXC部署
黄弘新
简介
LXC(LinuX Containers)Linux容器,一种操作系统层虚拟化技术,为Linux内核容器功能的一个用户空间接口。它将应用软件系统打包成一个软件容器(Container),内含应用软件本身的代码,以及所需要的操作系统核心和库。透过统一的名字空间和共享API来分配不同软件容器的可用硬件资源,创造出应用程序的独立沙箱运行环境,使得Linux用户可以容易的创建和管理系统或应用容器。
在Linux内核中,提供了cgroups功能,来达成资源的隔离。它同时也提供了名称空间隔离的功能,使应用程序看到的操作系统环境被区隔成独立区间,包括进程树,网络,用户id,以及挂载的文件系统。但是cgroups并不一定需要启动任何虚拟机。
LXC利用cgroups与名称空间的功能,提供应用软件一个独立的操作系统环境。LXC不需要Hypervisor这个软件层,软件容器(Container)本身极为轻量化,提升了创建虚拟机的速度。
而Docker本质来说不是容器,而是容器的管理工具,最初的Docker也是基于LXC实现的。
LXC关键技术点:
- chroot,根切换,从容器内的角度来看,仿佛真的有自己的根树
- namespaces:名称空间,负责将资源隔离,比如pid,网络,mnt,user,uts等
- CGroups:控制组,负责控制资源的分配
安装LXC
关闭防火墙及selinux
[root@lxc ~]# systemctl disable --now firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@lxc ~]# setenforce 0
[root@lxc ~]# getenforce
Permissive
配置epel源
[root@lxc ~]# yum -y install epel-release
安装LXC软件包和依赖包
[root@lxc ~]# yum -y install lxc lxc-templates bridge-utils lxc-libs libcgroup libvirt
lxc #主程序包
lxc-templates #lxc的配置模板
bridge-utils #网桥管理工具
lxc-libs #lxc所需的库文件
libcgroup #cgroup是为Linux内核提供任务聚集和划分的机制,通过一组参数集合将一些任务组织成一个或多个子系统。
libvirt #管理Linux的虚拟化功能所需的服务器端守护程序。 需要针对特定驱动程序的管理程序。
修改网卡配置
//创建桥接网卡
[root@lxc ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
BOOTPROTO=none
NAME=eth0
DEVICE=eth0
ONBOOT=yes
BRIDGE=br0
[root@lxc ~]# cat /etc/sysconfig/network-scripts/ifcfg-br0
TYPE=Bridge
BOOTPROTO=static
NAME=br0
DEVICE=br0
ONBOOT=yes
IPADDR=192.168.172.88
NETMASK=255.255.255.0
GATEWAY=192.168.172.2
DNS1=114.114.114.114
//修改lxc配置,使用桥接网卡
[root@lxc ~]# cat /etc/lxc/default.conf
lxc.network.type = veth
lxc.network.link = br0
lxc.network.flags = up
//重启网卡
[root@lxc ~]# systemctl restart NetworkManager
启动服务
[root@lxc ~]# systemctl start lxc
[root@lxc ~]# systemctl status lxc
● lxc.service - LXC Container Initialization and Autoboot Code
Loaded: loaded (/usr/lib/systemd/system/lxc.service; disabled; vendor preset: disabled)
Active: active (exited) since 三 2021-12-01 09:43:31 CST; 49s ago
Process: 2324 ExecStart=/usr/libexec/lxc/lxc-autostart-helper start (code=exited, status=0/SUCCESS)
Process: 2317 ExecStartPre=/usr/libexec/lxc/lxc-devsetup (code=exited, status=0/SUCCESS)
Main PID: 2324 (code=exited, status=0/SUCCESS)
12月 01 09:43:01 lxc systemd[1]: Starting LXC Containe...
12月 01 09:43:01 lxc lxc-devsetup[2317]: Creating /dev...
12月 01 09:43:01 lxc lxc-devsetup[2317]: /dev is devtmpfs
12月 01 09:43:01 lxc lxc-devsetup[2317]: Creating /dev...
12月 01 09:43:31 lxc lxc-autostart-helper[2324]: Start...
12月 01 09:43:31 lxc systemd[1]: Started LXC Container...
Hint: Some lines were ellipsized, use -l to show in full.
创建虚拟机
查看当前系统中可用的LXC模板容器
[root@lxc ~]# ls /usr/share/lxc/templates/
lxc-alpine lxc-debian lxc-oracle
lxc-altlinux lxc-download lxc-plamo
lxc-archlinux lxc-fedora lxc-sshd
lxc-busybox lxc-gentoo lxc-ubuntu
lxc-centos lxc-openmandriva lxc-ubuntu-cloud
lxc-cirros lxc-opensuse
创建LXC主机
[root@lxc ~]# lxc-create -t centos -n test1 #创建LXC主机,-t 指定模板容器,-n 指定要创建的主机名
Copy /var/cache/lxc/centos/x86_64/7/rootfs to /var/lib/lxc/test1/rootfs ...
Copying rootfs to /var/lib/lxc/test1/rootfs ... ##生成虚拟系统的根,文件默认路径在/var/lib/lxc/test1下
sed:无法读取 /var/lib/lxc/test1/rootfs/etc/init/tty.conf:没有那个文件或目录
Storing root password in '/var/lib/lxc/test1/tmp_root_pass'
正在终止用户 root 的密码。
passwd: 操作成功
sed:无法读取 /var/lib/lxc/test1/rootfs/etc/rc.sysinit:没有那个文件或目录
sed:无法读取 /var/lib/lxc/test1/rootfs/etc/rc.d/rc.sysinit:没有那个文件或目录
Container rootfs and config have been created.
Edit the config file to check/enable networking setup.
The temporary root password is stored in:
'/var/lib/lxc/test1/tmp_root_pass' #初始密码保存位置
The root password is set up as expired and will require it to be changed
at first login, which you should do as soon as possible. If you lose the
root password or wish to change it without starting the container, you
can change it from the host by running the following command (which will
also reset the expired flag):
chroot /var/lib/lxc/test1/rootfs passwd #可以使用这个命令修改初始root密码
//更改密码
[root@lxc ~]# chroot /var/lib/lxc/test1/rootfs passwd
更改用户 root 的密码 。
新的 密码: eI1dB2j
重新输入新的 密码:
passwd:所有的身份验证令牌已经成功更新。
启动主机
[root@lxc ~]# lxc-start -n test1
systemd 219 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN)
Detected virtualization lxc.
Detected architecture x86-64.
Welcome to CentOS Linux 7 (Core)!
Running in a container, ignoring fstab device entry for /dev/root.
Cannot add dependency job for unit display-manager.service, ignoring: Unit not found.
[ OK ] Created slice Root Slice.
[ OK ] Listening on /dev/init...tibility Named Pipe.
[ OK ] Created slice User and Session Slice.
[ OK ] Started Dispatch Passw...ole Directory Watch.
[ OK ] Reached target Remote File Systems.
[ OK ] Reached target Local Encrypted Volumes.
[ OK ] Listening on Journal Socket.
[ OK ] Started Forward Passwo...all Directory Watch.
[ OK ] Reached target Paths.
[ OK ] Created slice System Slice.
[ OK ] Created slice system-getty.slice.
Starting Journal Service...
Mounting Huge Pages File System...
Mounting POSIX Message Queue File System...
[ OK ] Reached target Swap.
Starting Remount Root ...rnel File Systems...
[ OK ] Listening on Delayed Shutdown Socket.
Starting Read and set ...sysconfig/network...
[ OK ] Reached target Slices.
[ OK ] Mounted POSIX Message Queue File System.
[ OK ] Mounted Huge Pages File System.
[ OK ] Started Journal Service.
[ OK ] Started Read and set N...c/sysconfig/network.
[ OK ] Started Remount Root and Kernel File Systems.
Starting Flush Journal...ersistent Storage...
[ OK ] Reached target Local File Systems (Pre).
Starting Configure read-only root support...
Starting Rebuild Hardware Database...
<46>systemd-journald[14]: Received request to flush runtime journal from PID 1
[ OK ] Started Flush Journal to Persistent Storage.
[ OK ] Started Configure read-only root support.
[ OK ] Reached target Local File Systems.
Starting Mark the need...abel after reboot...
Starting Rebuild Journal Catalog...
Starting Create Volati...s and Directories...
Starting Load/Save Random Seed...
[ OK ] Started Mark the need ...elabel after reboot.
[ OK ] Started Rebuild Journal Catalog.
[ OK ] Started Load/Save Random Seed.
[ OK ] Started Create Volatil...les and Directories.
Starting Update UTMP a...tem Boot/Shutdown...
[ OK ] Started Update UTMP ab...ystem Boot/Shutdown.
[ OK ] Started Rebuild Hardware Database.
Starting Update is Completed...
[ OK ] Started Update is Completed.
[ OK ] Reached target System Initialization.
[ OK ] Listening on D-Bus System Message Bus Socket.
[ OK ] Reached target Sockets.
[ OK ] Reached target Basic System.
[ OK ] Started D-Bus System Message Bus.
Starting Permit User Sessions...
Starting LSB: Bring up/down networking...
Starting OpenSSH Server Key Generation...
Starting Login Service...
[ OK ] Started Daily Cleanup ...mporary Directories.
[ OK ] Reached target Timers.
[ OK ] Started Permit User Sessions.
Starting Cleanup of Temporary Directories...
[ OK ] Started Console Getty.
[ OK ] Started Command Scheduler.
[ OK ] Reached target Login Prompts.
[ OK ] Started Cleanup of Temporary Directories.
[ OK ] Started Login Service.
[ OK ] Started OpenSSH Server Key Generation.
CentOS Linux 7 (Core)
Kernel 3.10.0-862.el7.x86_64 on an x86_64
test1 login:
查看test1主机的ip
[root@test1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
4: eth0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether fe:c8:35:ce:8d:85 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::fcc8:35ff:fece:8d85/64 scope link
valid_lft forever preferred_lft forever
查看主机的运行状态
[root@lxc ~]# lxc-info -n test1
Name: test1
State: RUNNING
PID: 80649
CPU use: 0.38 seconds
BlkIO use: 0 bytes
Memory use: 1.04 MiB
KMem use: 0 bytes
Link: vethWDFUEU
TX bytes: 2.30 KiB
RX bytes: 1.35 KiB
Total bytes: 3.65 KiB
[root@lxc ~]#
类似资料: