Sunday 25 September 2016

Linux Containers Beginners Guide

LXC(Linux Containers) is a user-space interface for the Linux kernel container features. Through a powerful API and simple tools, it lets Linux users easily create and manage system or application containers. I tried to consolidate most of the daily usages who ever is working on the lxc in simple form.

Installation:

Centos: yum install lxc lxc-templates
Ubuntu: sudo apt-get install lxc lxc-templates

Additional information: 

LXD is a container "hypervisor" founded and currently led by canonical and ubuntu with contributions from a range of other companies and individual contributors.
Some of the biggest features of LXD are :

1. Secure by design(resource restrictions ..etc )
2. Scalable ( from containers on laptop to many compute nodes..)
3. Live migration
4. Image based ... etc 

LXD uses LXC through liblxc and its go binding to create and manage containers. we could consider that to be an alternative to LXC's tools and distribution to template systems with added features that coming from being controllable over the network.


LXC Command Manual:

lxc-commandsDescriptionsCommandsDescriptions
lxc-checkconfigcheck the current kernel for lxc support
lxc-createcreates a container, -t template shortname of an existing lxc-template script called by lxc-create. e.g ls   /usr/share/lxc/templateslxc-create -t centos -n firstcreate a "first" container using "centos" template
lxc-startrun an application inside a container  lxc-start -n firststart container "first" in background
lxc-consoleLaunch a console for the specified container (ctrl-a + q to detach)lxc-console -n firstenter container in one of the way i.e using console
lxc-attachrun the specified command inside container(bypassing console login) Kernel version >=3.8lxc-attach -n first
lxc-attach -n first -- /etc/init.d/sshd restart
spawn bash directly in the container and restart openssh
Running inside the container
lxc-configquery LXC system configurationlxc-config -l firstlets you know all the valid keys on the container
lxc-infoqueries and shows information about containerslxc-info -n firstDisplay information of first container, once you have the IP
you can SSH to container
lxc-stopBy default, it will request clean shutdown(SIGPWR) of the container to container's init process waiting for 60 sec for exit and then returning. If it fails(SIGKILL) to force shutdownlxc-stop -n first
lxc-stop -n first -k
stop container cleanly from outside incase it fails provide "-k"
lxc-autostartcontainers with lxc.start.auto = 1 to start at boot time. To edit each container has /var/lib/lxc/<container>/config edit over there. You can use Lxc-autostart to start/stop/reboot/kill when lxc.start.auto = 1 lxc.group = centos belongs to centos grouplxc-autostart -r -g centosrestart containers belongs to group of centos
lxc-lslist the containers existing on the systemlxc-ls -flist all containers per line with its name,state,ipv4,ipv6 address
lxc-freezefreeze all process inside containers, useful for batch managers to
Schdule a group of processes
lxc-freeze -n firstprocess inside first container frozen, to view state lxc-ls -f
lxc-unfreezethaw all process previously frozen containerslxc-unfreeze -n firstprocess resumed in first container, view staus lxc-ls -f
lxc-devicemanage devices of running containerslxc-device [add/del] -n first /dev/ttyS0creates/deletes /dev/ttyS0 in container first based on
matching device on the host
lxc-copylxc-clone and lxc-start-ephemeral has been depreciated and lxc-copy has Been replaced. Creates and optionally starts copies of existing containers Whole root fs copied to new containerlxc-copy -n first -N clone-firstCreate a clone of first container
lxc-snapshotsnapshot existing container, i.e small copy-on-write copies of the
original container.
lxc-snapshot -n first -c snap-first
lxc-snapshot -n first -L -C
Lxc-snapshot -n first -r snap-first
lxc-snapshot -n first -r snap0 firstsnap0
capture the snapshot
confirm your snapshot created
revert container at a later point of time if you wish
restore snapshot as its own container
lxc-topdisplays container statistics.for performance reasons kernel does not account kernel memory unless kernel memory set
lxc-destroydestroys the system object previously created by the lxc-create command.
Stop container before destroying
lxc-destroy -n firstDestroy first container


LXC Reference : 


Thanks for re-sharing !