Linux Container#

  • lxc package content
  • lxc/lxc
  • ~/.config/lxc/default.conf
  • 存储
    • dir - 默认
      • /var/lib/lxc/container/rootfs
      • ~/.local/share/lxc/<name>/rootfs
    • lvm
    • loop
    • btrfs
    • zfs
    • rbd
    • best
  • man lxc-create.1
  • 参考
  • 注意
    • 可以 poweroff 退出 init
    • lxc 可以嵌套
# /usr/share/lxc/templates/lxc-download
# /lib/security/pam_cgfs.so
apk add lxc shadow-uidmap lxc-bridge lxc-pam lxc-download lxc-templates lxc-templates-oci
# 启动 lxcbr0 - 默认网段
service dnsmasq.lxcbr0 start
# 已安装 template
ls /usr/share/lxc/templates/
# 查看参数
/usr/share/lxc/templates/lxc-download -h
# https://images.linuxcontainers.org
# 使用 tuna 镜像
lxc-create -t download -n alpine-amd64 -- -d alpine -r 3.12 -a amd64 --server mirrors.tuna.tsinghua.edu.cn/lxc-images
# 前台启动
# -d 后台启动
lxc-start -n alpine-amd64 -F
# 启动一个 shell
lxc-attach -n alpine-amd64
# 查看运行的容器
lxc-ls --fancy
# 停止容器
lxc-stop -n alpine-amd64
commanddesc
lxc-attachstart a process inside a running container
lxc-autostartstart/stop/kill auto-started containers
lxc-cgroupmanage the control group associated with a container
lxc-checkconfigcheck the current kernel for lxc support
lxc-checkpointcheckpoints and restores containers
lxc-configquery LXC system configuration
lxc-consoleLaunch a console for the specified container
lxc-copycopy an existing container
lxc-createcreates a container
lxc-destroydestroy a container
lxc-devicemanage devices of running containers
lxc-executerun an application inside a container
lxc-freezefreeze all the container's processes
lxc-infoquery information about a container
lxc-lslist the containers existing on the system
lxc-monitormonitor the container state
lxc-snapshotSnapshot an existing container
lxc-startrun an application inside a container
lxc-stopstop the application running inside a container
lxc-topmonitor container statistics
lxc-unfreezethaw all the container's processes
lxc-unshareRun a task in a new set of namespaces
lxc-update-configupdate a legacy pre LXC 2.1 configuration file
lxc-usernsexecRun a task as root in a new user namespace
lxc-waitwait for a specific container state
modprobe configs
lxc-checkconfig
# 检测其他 kernel 配置
CONFIG=/boot/config-lts /usr/bin/lxc-checkconfig
# 所有配置
lxc-config -l
# 默认配置
# $HOME/.config/lxc/default.conf
lxc-config lxc.default_config
# 路径位置
# $HOME/.local/share/lxc
lxc-config lxc.lxcpath
lxc-attach -n container -- /etc/init.d/cron restart

非特权 LXC 配置#

# sudo usermod -v 100000-200000 -w 100000-200000 $USER
echo "session optional pam_cgfs.so -c freezer,memory,name=systemd,unified" >> /etc/pam.d/system-login
# echo "lxc.idmap = u 0 100000 65536" >> /etc/lxc/default.conf
# echo "lxc.idmap = g 0 100000 65536" >> /etc/lxc/default.conf
echo root:100000:65536 | sudo tee -a /etc/subuid
echo root:100000:65536 | sudo tee -a /etc/subgid
mkdir -p ~/.config/lxc
# 包含全局配置可以少配置一些
echo "lxc.include = /etc/lxc/default.conf" > ~/.config/lxc/default.conf
echo "lxc.idmap = u 0 100000 65536" > ~/.config/lxc/default.conf
echo "lxc.idmap = g 0 100000 65536" >> ~/.config/lxc/default.conf
echo "lxc.net.0.type = veth" >> ~/.config/lxc/default.conf
echo "lxc.net.0.link = lxcbr0" >> ~/.config/lxc/default.conf
echo "$USER veth lxcbr0 2" | sudo tee -a /etc/lxc/lxc-usernet

配置#

lxc#

FAQ#

Docker in LXC#

lxc.apparmor.profile = lxc-container-default-with-nesting

配置错误或不存在#

# 升级配置
lxc-update-config -c ~/.local/share/lxc/alpine-amd64/config