虚拟容器：LXC安装使用

概述

容器是最近比较火的一种东西，不管是学习，还是测试，当需要用到多个主机时，就可以用它来虚拟出来，当然比虚拟机更加快捷方便。lxc是我学习的一种，分享给大家

LXC介绍

LXC: linux containers的简称，是一种基于容器的操作系统层次的虚拟化技术。
lxc可以在操作系统上为进程提供虚拟的操作环境，一个虚拟的执行环境就是一个容器。

• 网站
  https://linuxcontainers.org/
• thub：
  https://github.com/lxc/lxc

安装LXC

安装依赖

yum install epel-release

yum install debootstrap perl libvirt

yum install libcap-devel.x86_64

下载安装包进行安装

将LXC源代码https://linuxcontainers.org/downloads/lxc/lxc-2.1.1.tar.gz
下载到/usr/src/解压，并进入目录

./configure
make
make install

安装zfs

安装zfs的软件包

yum install http://download.zfsonlinux.org/epel/zfs-release.el7_4.noarch.rpm
yum install kernel-devel zfs

若安装错误，则需要

wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum update

如果有报版本错误，可先将zfs-release.e17的低版本先卸载掉

成功后执行

systemctl enable zfs-import-cache
systemctl enable zfs-mount
systemctl enable zfs-share
systemctl enable zfs-zed
systemctl enable zfs.target

配置LXC

创建文件/usr/local/etc/lxc/lxc.conf

内容为：

lxc.lxcpath=/lxcroot

配置主机的IP

在宿主机上配置/etc/sysconfig/network-scripts/ifcfg-enp0s3（我的是cnetos7.4）

TYPE=Ethernet
#BOOTPROTO=dhcp
BOOTPROTO=none
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME="enp0s3"
DEVICE=enp0s3
ONBOOT=yes
BRIDGE=br0

重点在于将BRIDGE=br0，BOOTPROTO=none，将系统原先的IP配置先去掉

配置br0

创建/etc/sysconfig/network-scripts/ifcfg-br0

NAME="br0"
DEVICE="br0"
ONBOOT=yes
IPV6INIT=yes
BOOTPROTO=static
TYPE=Bridge
DELAY=0
IPADDR=192.168.0.96
NETMAST=255.255.255.0
GATEWAY=192.168.0.1
DNS1=114.114.114.114

重点在于TYPE=Bridge，还有你配置的IP

配置好后将网络重启生效

修改LXC创建容器的配置文件

cat /usr/local/etc/lxc/default.conf

lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx

将"lxc.net.0.link = lxcbr0”改为“lxc.net.0.link = br0”

再安装几个软件

yum install net-tools sysstat which

yum groupinstall "Development Tools

创建zfs池

最好添加一块硬盘

添加一块硬盘在虚拟机上，我这里新添了一个10G的sdb盘

[root@LXCtest lxcroot]# fdisk -l|grep sd
WARNING: fdisk GPT support is currently new, and therefore in an experimental phase. Use at your own discretion.
Disk /dev/sda: 8589 MB, 8589934592 bytes, 16777216 sectors
/dev/sda1   *        2048    11720703     5859328   83  Linux
/dev/sda2        11720704    15626239     1952768   82  Linux swap / Solaris
Disk /dev/sdb: 10.7 GB, 10737418240 bytes, 20971520 sectors

用zpool命令将该盘做成zfs文件系统

使用以下命令

zpool  create  lxcroot   /dev/sdb

会自动将sdb盘做成zfs文件系统并且在根下创建此目录，并且将盘挂到该目录

[root@LXCtest lxcroot]# df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/sda1       5.6G  3.5G  2.2G  62% /
devtmpfs        3.9G     0  3.9G   0% /dev
tmpfs           3.9G     0  3.9G   0% /dev/shm
tmpfs           3.9G  8.4M  3.9G   1% /run
tmpfs           3.9G     0  3.9G   0% /sys/fs/cgroup
tmpfs           783M     0  783M   0% /run/user/0
lxcroot         9.3G  885M  8.4G  10% /lxcroot

创建容器

创建指定类型的容器

创建容易命令-t指定容器类型，-n指定名字

[root@LXCtest ~]# lxc-create -t centos -n test01
Host CPE ID from /etc/os-release: cpe:/o:centos:centos:7
Checking cache download in /usr/local/var/cache/lxc/centos/x86_64/7/rootfs ... 
Cache found. Updating...
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.shu.edu.cn
 * updates: mirrors.shu.edu.cn
No packages marked for update
Loaded plugins: fastestmirror
Cleaning repos: base extras updates
0 package files removed
Update finished
Copy /usr/local/var/cache/lxc/centos/x86_64/7/rootfs to /lxcroot/test01/rootfs ... 
Copying rootfs to /lxcroot/test01/rootfs ...
sed: can't read /lxcroot/test01/rootfs/etc/init/tty.conf: No such file or directory
Storing root password in '/lxcroot/test01/tmp_root_pass'
Expiring password for user root.
passwd: Success
sed: can't read /lxcroot/test01/rootfs/etc/rc.sysinit: No such file or directory
sed: can't read /lxcroot/test01/rootfs/etc/rc.d/rc.sysinit: No such file or directory

Container rootfs and config have been created.
Edit the config file to check/enable networking setup.

The temporary root password is stored in:

        '/lxcroot/test01/tmp_root_pass'


The root password is set up as expired and will require it to be changed
at first login, which you should do as soon as possible.  If you lose the
root password or wish to change it without starting the container, you
can change it from the host by running the following command (which will
also reset the expired flag):

        chroot /lxcroot/test01/rootfs passwd

修改容易登录密码

生成的容器会有默认密码，可以修改为自定义密码

[root@LXCtest ~]#  chroot /lxcroot/test01/rootfs passwd
Changing password for user root.
New password: 
BAD PASSWORD: The password contains the user name in some form
Retype new password: 
passwd: all authentication tokens updated successfully.

启动容器

[root@LXCtest test01]# lxc-start -d -n test01

可以查看容器的状态吗，会分配IP

[root@LXCtest test01]# lxc-info -n test01
Name:           test01
State:          RUNNING
PID:            25134
IP:             192.168.0.175
CPU use:        1.31 seconds
BlkIO use:      0 bytes
Memory use:     38.75 MiB
KMem use:       0 bytes
Link:           vethMRND23
 TX bytes:      2.00 KiB
 RX bytes:      5.18 KiB
 Total bytes:   7.18 KiB

此时便可以利用工具通过IP连接到刚刚创建的主机上进行操作了

本次我已经创建的主机信息

[root@LXCtest test01]# lxc-ls -f
NAME           STATE   AUTOSTART GROUPS IPV4          IPV6 
centos         STOPPED 0         -      -             -    
centostemplate STOPPED 0         -      -             -    
test           RUNNING 0         -      192.168.0.174 -    
test01         RUNNING 0         -      192.168.0.175 -    

LXC的常用命令

lxc-ls -f 查看LXC已经创建的主机信息

lxc-start -n name 打开一个容器

lxc-destroy -n name 彻底删除一个容器，与之相关的一切数据都不可用

lxc-stop -n name 关闭一个容器。与lxc-start类似，要stop的容器必须是已经lxc-create并且lxc-start的

lxc-freeze -n name 冻结该容器所有的进程。进程会被锁定，直到lxc-unfreeze进行解锁

lxc-unfreeze -n name 用于解除被lxc-freeze冻结的容器进程。