Centos7 – Config lxc container.

CentOS7 에서의 Linux Container 구성, Container 에 대해서는 이미 기본은 알고 있다는 가정하에 바로 설치 진행 과정 정리 해봅니다.

yum update 및 관련 pkg 설치

yum update
yum -y install epel-release
yum -y install lxc lxc-templates libcap-devel libcgroup busybox wget bridge-utils lxc-extra
yum install net-tools
yum install libvirt-daemon-driver-lxc.x86_64

selinux off 반영 후에 리부팅

# grep disabled /etc/sysconfig/selinux 
#     disabled - No SELinux policy is loaded.
SELINUX=disabled

네트워크 환경 추가 변경 후 network 재시작

[root@n1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="eth0"
UUID="9c9ec4d4-2aa4-4607-88b0-9c58e5a0bd92"
DEVICE="eth0"
ONBOOT="yes"
NM_CONTROLLED="no"
BRIDGE="virbr0"
[root@n1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-virbr0 
BOOTPROTO="dhcp"
DEFROUTE="yes"
NAME="virbr0"
DEVICE="virbr0"
ONBOOT="yes"
TYPE="Bridge"
NM_CONTROLLED="no"

Container를 위한 libvirtd for lxc 데몬 확인

[root@n1 ~]# systemctl status libvirtd
 libvirtd.service - Virtualization daemon
   Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2018-04-26 14:24:36 KST; 22min ago
     Docs: man:libvirtd(8)
           http://libvirt.org
 Main PID: 949 (libvirtd)
   CGroup: /system.slice/libvirtd.service
           └─949 /usr/sbin/libvirtd

Apr 26 14:24:36 n1 systemd[1]: Starting Virtualization daemon...
Apr 26 14:24:36 n1 systemd[1]: Started Virtualization daemon.

lxc구성 확인

[root@n1 ~]# lxc-checkconfig
Kernel configuration not found at /proc/config.gz; searching...
Kernel configuration found at /boot/config-3.10.0-693.21.1.el7.x86_64
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
newuidmap is not installed
newgidmap is not installed
Network namespace: enabled
Multiple /dev/pts instances: enabled

--- Control groups ---
Cgroup: enabled
Cgroup clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: enabled
Macvlan: enabled
Vlan: enabled
Bridges: enabled
Advanced netfilter: enabled
CONFIG_NF_NAT_IPV4: enabled
CONFIG_NF_NAT_IPV6: enabled
CONFIG_IP_NF_TARGET_MASQUERADE: enabled
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled

--- Checkpoint/Restore ---
checkpoint restore: enabled
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: enabled
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: enabled
CONFIG_NETLINK_DIAG: enabled
File capabilities: enabled

Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig

Container template 목록

[root@n1 ~]# ls /usr/share/lxc/templates/
lxc-alpine    lxc-archlinux  lxc-centos  lxc-debian    lxc-fedora  lxc-openmandriva  lxc-oracle  lxc-sshd    lxc-ubuntu-cloud
lxc-altlinux  lxc-busybox    lxc-cirros  lxc-download  lxc-gentoo  lxc-opensuse      lxc-plamo   lxc-ubuntu

Template를 활용하여, container 생성 ,  -n 컨테이너명 -t 템플릿명

# lxc-create -n centos_lxc -t centos

Host CPE ID from /etc/os-release: cpe:/o:centos:centos:7
 Checking cache download in /var/cache/lxc/centos/x86_64/7/rootfs ...
 Downloading centos minimal ...
 Loaded plugins: fastestmirror
 base                                                                                                                                             | 3.6 kB  00:00:00
 updates                                                                                                                                          | 3.4 kB  00:00:00
 Determining fastest mirrors
 .
 .
 .
 .
 Complete!
 Download complete.
 Copy /var/cache/lxc/centos/x86_64/7/rootfs to /var/lib/lxc/centos_lxc/rootfs ...
 Copying rootfs to /var/lib/lxc/centos_lxc/rootfs ...
 sed: can't read /var/lib/lxc/centos_lxc/rootfs/etc/init/tty.conf: No such file or directory
 Storing root password in '/var/lib/lxc/centos_lxc/tmp_root_pass'
 Expiring password for user root.
 passwd: Successsed: can't read /var/lib/lxc/centos_lxc/rootfs/etc/rc.sysinit: No such file or directory
sed: can't read /var/lib/lxc/centos_lxc/rootfs/etc/rc.d/rc.sysinit: No such file or directory

Container rootfs and config have been created.
Edit the config file to check/enable networking setup.

The temporary root password is stored in:

        '/var/lib/lxc/centos_lxc/tmp_root_pass'


The root password is set up as expired and will require it to be changed
at first login, which you should do as soon as possible.  If you lose the
root password or wish to change it without starting the container, you
can change it from the host by running the following command (which will
also reset the expired flag):

        chroot /var/lib/lxc/centos_lxc/rootfs passwd

생성된 Container 의 계정 설정, 아래의 두가지 방식으로 사용가능

 
# cat /var/lib/lxc/centos_lxc/tmp_root_pass

 Root-centos_lxc-KRzJLy

# chroot /var/lib/lxc/centos_lxc/rootfs passwd <--비번 변경

Container 시작 후 , 터미널 접속

 
# lxc-start -n centos_lxc -d
# lxc-console -n centos_lxc -t 0
Connected to tty 0
 Type <Ctrl+a q> to exit the console, <Ctrl+a Ctrl+a> to enter Ctrl+a itself
 CentOS Linux 7 (Core)
 Kernel 3.10.0-327.el7.x86_64 on an x86_64
 centos_lxc login: root
 Password:
 You are required to change your password immediately (root enforced)
 Changing password for root.
 (current) UNIX password:
 New password:
 Retype new password:
 [root@centos_lxc ~]#
# lxc-stop -n centos_lxc

Container 구성 파일 수정

[root@n1 centos_lxc]# pwd
/var/lib/lxc/centos_lxc
[root@n1 centos_lxc]# cat config 
# Template used to create this container: /usr/share/lxc/templates/lxc-centos
# Parameters passed to the template:
# For additional config options, please look at lxc.container.conf(5)
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = virbr0
lxc.network.hwaddr = fe:56:e6:0d:bc:8d
lxc.rootfs = /var/lib/lxc/centos_lxc/rootfs

# Include common configuration
lxc.include = /usr/share/lxc/config/centos.common.conf

lxc.arch = x86_64
lxc.utsname = centos_lxc
lxc.kmsg = 0 <-- 추가
lxc.autodev = 1

# When using LXC with apparmor, uncomment the next line to run unconfined:
#lxc.aa_profile = unconfined

# example simple networking setup, uncomment to enable
#lxc.network.type = veth
#lxc.network.flags = up
#lxc.network.link = lxcbr0
#lxc.network.name = eth0
# Additional example for veth network type
#    static MAC address,
#lxc.network.hwaddr = 00:16:3e:77:52:20
#    persistent veth device name on host side
#        Note: This may potentially collide with other containers of same name!
#lxc.network.veth.pair = v-centos_lxc-e0

Container 목록

 
# lxc-ls
 centos_lxc
# lxc-ls --active
 centos_lxc

Container 정보

 
[root@n1 centos_lxc]# lxc-info -n centos_lxc
Name:           centos_lxc
State:          RUNNING
PID:            1840
IP:             192.168.79.40
CPU use:        0.21 seconds
BlkIO use:      0 bytes
Memory use:     1.07 MiB
KMem use:       0 bytes
Link:           vethUB88L0
 TX bytes:      1.05 KiB
 RX bytes:      1.39 MiB
 Total bytes:   1.39 MiB

Container Clone 방법

# lxc-clone centos_lxc centos_lxc_clone
 Created container centos_lxc_clone as copy of centos_lxc
# lxc-ls
 centos_lxc  centos_lxc_clone
# lxc_start -n centos_lxc_clone -d
# lxc_console -n centos_lxc_clone -t 0
 Connected to tty 0
 Type <Ctrl+a q> to exit the console, <Ctrl+a Ctrl+a> to enter Ctrl+a itself
 CentOS Linux 7 (Core)
 Kernel 3.10.0-327.el7.x86_64 on an x86_64
 centos_lxc_clone login: root
 Password:
 Last login: Sat Mar 26 14:11:17 from 192.168.12.1
 [root@centos_lxc_clone ~]#
 [root@centos_lxc_clone ~]# poweroff

Container snapshot 생성

# lxc-stop -n centos_lxc_clone
# lxc-snapshot -n centos_lxc_clone
lxc_container: lxccontainer.c: lxcapi_snapshot: 2879 Snapshot of directory-backed container requested.
lxc_container: lxccontainer.c: lxcapi_snapshot: 2880 Making a copy-clone.  If you do want snapshots, then
lxc_container: lxccontainer.c: lxcapi_snapshot: 2881 please create an aufs or overlayfs clone first, snapshot that
lxc_container: lxccontainer.c: lxcapi_snapshot: 2882 and keep the original container pristine.
# lxc-snapshot -L -n centos_lxc_clone
 snap0 (/var/lib/lxcsnaps/centos_lxc_clone) 2018:04:26 10:59:10
# lxc-snapshot -r snap0 -n centos_lxc_clone <-- restore command
# lxc-destroy -n centos_lxc_clone <-- remove command

CentOS7 에서 Ubuntu Container 생성

# yum -y install debootstrap perl
# cd /usr/sbin ; ln -sf debootstrap qemu-debootstrap
# sed -i 's/DEF_HTTPS_MIRROR="https:\/\/mirrors.kernel.org\/debian"/DEF_HTTPS_MIRROR="https:\/\/mirrors.kernel.org\/ubuntu"/g' /usr/sbin/debootstrap
# cd /tmp
# wget "http://archive.ubuntu.com/ubuntu/pool/main/u/ubuntu-keyring/ubuntu-keyring_2011.11.21.tar.gz"
# tar xzf ubuntu-keyring_2011.11.21.tar.gz
# mkdir /usr/share/keyrings/
# cp /tmp/ubuntu-keyring-2011.11.21/keyrings/ubuntu-archive-keyring.gpg /usr/share/keyrings/
# lxc-create -n ubuntu_lxc -t ubuntu

Checking cache download in /var/cache/lxc/precise/rootfs-amd64 ... 
Installing packages in template: ssh,vim,language-pack-en
Downloading ubuntu precise minimal ...
I: Retrieving Release 
I: Retrieving Release.gpg 
I: Checking Release signature
I: Valid Release signature (key id 630239CC130E1A7FD81A27B140976EAF437D05B5)
I: Retrieving Packages 
I: Validating Packages 
I: Retrieving Packages 

Generation complete.
Setting up libdevmapper1.02.1 (2:1.02.48-4ubuntu7.4) ...
Setting up dmsetup (2:1.02.48-4ubuntu7.4) ...
update-initramfs: deferring update (trigger activated)
Processing triggers for libc-bin ...
ldconfig deferred processing now taking place
Processing triggers for initramfs-tools ...
Processing triggers for resolvconf ...
invoke-rc.d: policy-rc.d denied execution of start.
Download complete
Copy /var/cache/lxc/precise/rootfs-amd64 to /var/lib/lxc/ubuntu_lxc/rootfs ... 
Copying rootfs to /var/lib/lxc/ubuntu_lxc/rootfs ...
Generating locales...
  en_US.UTF-8... up-to-date
Generation complete.
Creating SSH2 RSA key; this may take some time ...
Creating SSH2 DSA key; this may take some time ...
Creating SSH2 ECDSA key; this may take some time ...
Timezone in container is not configured. Adjust it manually.
##
# The default user is 'ubuntu' with password 'ubuntu'!
# Use the 'sudo' command to run tasks as root in the container.
##

# lxc_console -n ubuntu_lxc

Ubuntu 12.04.5 LTS ubuntu_lxc console
ubuntu_lxc login: ubuntu
Password: 
Welcome to Ubuntu 12.04.5 LTS (GNU/Linux 3.10.0-327.10.1.el7.x86_64 x86_64)
 * Documentation:  https://help.ubuntu.com/
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
Would you like to enter a security context? [N]  
ubuntu@ubuntu_lxc:~$

Reference Links

  • https://www.itzgeek.com/how-tos/linux/centos-how-tos/setup-linux-container-with-lxc-on-centos-7-rhel-7.html
  • https://serverfault.com/questions/658052/systemd-journal-in-debian-jessie-lxc-container-eats-100-cpu

답글 남기기

이메일은 공개되지 않습니다. 필수 입력창은 * 로 표시되어 있습니다.