foreword
Well, the blogger here will first post some columns full of dry goods!
The first is a summary of bloggers’ high-quality blogs. The blogs in this column are all the bloggers’ most thoughtful writing. They are full of dry goods. I hope they will be helpful to everyone.
Then there is the blogger's most time-consuming column recently, "Docker From Understanding Practice to Underlying Principles", I hope everyone will pay more attention!
LXC
LXC (LinuX Containers) Linux container, an operating system layer virtualization technology, is a user space interface for the Linux kernel container function. It packages the application software system into a software container (Container) that contains the code of the application software itself, as well as the required operating system core and libraries. Through a unified name space and shared API to allocate the available hardware resources of different software containers, creating an independent sandbox running environment for applications allows Linux users to easily create and manage system or application containers.
LXC is one of the first batch of solutions that really uses the complete container technology with a set of easy-to-use tools and templates to greatly simplify the use of container technology
Although LXC greatly simplifies the use of container technology, the complexity of using container technology is not much lower than that of using container technology directly through kernel calls, because we must learn a set of command tools of LXC, and because the creation of the kernel It is realized through commands, and it is not easy to realize data migration through batch commands. Its isolation is not as strong as a virtual machine.
Later, docker appeared, so to a certain extent, docker is an enhanced version of LXC.
lxc-checkconfig
Check whether the system environment meets the container usage requirements.
lxc-create
Create lxc container
lxc-create -n NAME -t TEMPLATE_NAME [--template-options]
lxc-start
lxc-start -n NAME -d # 启动容器
lxc-ls
lxc-ls -f # 列出所有的容器 -f 表示打印常用的信息
lxc-info
lxc-info -n NAME # 查看容器相关的信息
lxc-attach
into the container
lxc-attach --name=NAME [--COMMAND]
lxc-stop
lxc -stop -n NAME # 停止容器
lxc-destroy
lxc-destroy -n NAME # 删除处于停机状态的容器
lxc installation
https://www.mryunwei.com/294151.html
lxc container combat
Check the running status of lxc.
[root@ALiCentos7:/home/yufc]$ systemctl status lxc
● lxc.service - LXC Container Initialization and Autoboot Code
Loaded: loaded (/usr/lib/systemd/system/lxc.service; disabled; vendor preset: disabled)
Active: active (exited) since Thu 2023-08-31 22:06:05 CST; 2min 56s ago
Process: 5141 ExecStart=/usr/libexec/lxc/lxc-autostart-helper start (code=exited, status=0/SUCCESS)
Process: 5134 ExecStartPre=/usr/libexec/lxc/lxc-devsetup (code=exited, status=0/SUCCESS)
Main PID: 5141 (code=exited, status=0/SUCCESS)
Tasks: 0
Memory: 0B
CGroup: /system.slice/lxc.service
Aug 31 22:05:34 ALiCentos7 systemd[1]: Starting LXC Container Initialization and Autoboot Code...
Aug 31 22:05:34 ALiCentos7 lxc-devsetup[5134]: Creating /dev/.lxc
Aug 31 22:05:34 ALiCentos7 lxc-devsetup[5134]: /dev is devtmpfs
Aug 31 22:05:34 ALiCentos7 lxc-devsetup[5134]: Creating /dev/.lxc/user
Aug 31 22:06:04 ALiCentos7 lxc-autostart-helper[5141]: Starting LXC autoboot containers: [ OK ]
Aug 31 22:06:05 ALiCentos7 systemd[1]: Started LXC Container Initialization and Autoboot Code.
[root@ALiCentos7:/home/yufc]$
Check whether the system environment meets the container usage requirements.
[root@ALiCentos7:/home/yufc]$ lxc-checkconfig
Kernel configuration not found at /proc/config.gz; searching...
Kernel configuration found at /boot/config-3.10.0-1160.88.1.el7.x86_64
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Warning: newuidmap is not setuid-root
Warning: newgidmap is not setuid-root
Network namespace: enabled
Multiple /dev/pts instances: enabled
--- Control groups ---
Cgroup: enabled
Cgroup clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled
--- Misc ---
Veth pair device: enabled
Macvlan: enabled
Vlan: enabled
Bridges: enabled
Advanced netfilter: enabled
CONFIG_NF_NAT_IPV4: enabled
CONFIG_NF_NAT_IPV6: enabled
CONFIG_IP_NF_TARGET_MASQUERADE: enabled
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled
--- Checkpoint/Restore ---
checkpoint restore: enabled
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: enabled
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: enabled
CONFIG_NETLINK_DIAG: enabled
File capabilities: enabled
Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig
[root@ALiCentos7:/home/yufc]$
Check out the container templates provided by lxc.
[root@ALiCentos7:/home/yufc]$ ls /usr/share/lxc/templates/
lxc-alpine lxc-busybox lxc-debian lxc-gentoo lxc-oracle lxc-ubuntu
lxc-altlinux lxc-centos lxc-download lxc-openmandriva lxc-plamo lxc-ubuntu-cloud
lxc-archlinux lxc-cirros lxc-fedora lxc-opensuse lxc-sshd
[root@ALiCentos7:/home/yufc]$
There are such templates.
Create an ubuntu container.
lxc-create -t ubuntu --name lxchost1 -- -r xenial -a amd64
After installing,lxc-ls
[root@ALiCentos7:/home/yufc]$ lxc-ls -f
NAME STATE IPV4 IPV6 AUTOSTART
----------------------------------------
lxchost1 STOPPED - - NO
[root@ALiCentos7:/home/yufc]$
Start this container.
[root@ALiCentos7:/home/yufc]$ lxc-start -n lxchost1 -d # 让他后台运行
[root@ALiCentos7:/home/yufc]$ lxc-ls -f
NAME STATE IPV4 IPV6 AUTOSTART
----------------------------------------
lxchost1 RUNNING - - NO
[root@ALiCentos7:/home/yufc]$
View information about this container.
[root@ALiCentos7:/home/yufc]$ lxc-info -n lxchost1
Name: lxchost1
State: RUNNING
PID: 12901
IP: 192.168.122.244 # 通过这个IP地址,我们可以ssh连接这个容器
CPU use: 0.06 seconds
BlkIO use: 7.29 MiB
Memory use: 7.71 MiB
KMem use: 0 bytes
Link: vethM2V3M1
TX bytes: 2.02 KiB
RX bytes: 4.12 KiB
Total bytes: 6.14 KiB
[root@ALiCentos7:/home/yufc]$
After we have this IP address, we can lxc-attach
connect to the container through the ssh method or the method.
[root@ALiCentos7:/home/yufc]$ ssh [email protected]
The authenticity of host '192.168.122.244 (192.168.122.244)' can't be established.
ECDSA key fingerprint is SHA256:QQF2a8Od/77dtoGj3sDMJMwP4rWIrJRuMFRIu1ofWmw.
ECDSA key fingerprint is MD5:da:54:c2:47:fb:24:ef:fa:fc:49:c0:c3:53:f2:c3:d0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.122.244' (ECDSA) to the list of known hosts.
[email protected]'s password:
Welcome to Ubuntu 16.04.7 LTS (GNU/Linux 3.10.0-1160.88.1.el7.x86_64 x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
ubuntu@lxchost1:~$ # 此时发现,我们的bash已经发生了变化!这里面就是一个容器!!!
At this time, we found that our bash has changed! Here is a container! ! !
By the second way: lxc-attach
the way.
lxc-attach -n lxchost1 --clear-env -- /bin/bash
This way is also possible.
Stop this container.
lxc-stop -n lxchost1
Delete this container.
lxc-destroy -n lxchost1