使用lxc提供轻量级虚拟化
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了使用lxc提供轻量级虚拟化相关的知识,希望对你有一定的参考价值。
lxc(linux containers)是一种基于容器的操作系统层级的虚拟化技术,一个容器就是一个虚拟的执行环境,容器有效地将由单个操作系统管理的资源划分到孤立的组中,以更好地在孤立的组之间平衡有冲突的资源使用需求。
一、如何实现lxc
lxc在资源管理方面依赖于linux内核的cgroups(control groups)子系统,cgroups子系统是linux内核提供的一种可以限制、记录、隔离进程组(process groups)所使用的物理资源(如:CPU, Memory, IO等)的框架。
二、lxc安装配置
1、先安装cgroup
yum -y install libcgroup
service cgconfig start #cgroup对应的服务名称为cgconfig
[[email protected] ~]# yum -y install libcgroup ... [[email protected] ~]# service cgconfig start Starting cgconfig service: [ OK ]
2、提供虚拟网桥接口
在/etc/sysconfig/network-scripts目录中新建名为ifcfg-br0的配置文件,其内容如下:
DEVICE=br0
TYPE=Bridge
BOOTPROTO=static
IPADDR=172.16.100.7
NETMASK=255.255.0.0
GATEWAY=172.16.0.1
ONBOOT=yes
DELAY=0
NM_CONTROLLED=no
接下将桥接的网卡(假设为eth0)关联至前面定义的桥接设备,编辑/etc/sysconfig/network-script/ifcfg-eth0为类似如下内容:
DEVICE=eth0
BOOTPROTO=static
NM_CONTROLLED=no
ONBOOT=yes
TYPE=Ethernet
BRIDGE=br0
上述步骤无误后重启network服务即可。另外,还有其它简单的方式来实现桥接设备的创建,例如使用brctl或virsh等。
[[email protected] ~]# cd /etc/sysconfig/network-scripts [[email protected] network-scripts]# cp ifcfg-eth0 ifcfg-eth0:0 [[email protected] network-scripts]# vim ifcfg-eth0:0 DEVICE=eth0:0 TYPE=Ethernet ONBOOT=yes NM_CONTROLLED=no BOOTPROTO=static IPADDR=172.16.100.1 NETMASK=255.255.0.0 [[email protected] network-scripts]# cp ifcfg-eth0:0 ifcfg-br0 [[email protected] network-scripts]# vim ifcfg-br0 DEVICE=br0 TYPE=Bridge ONBOOT=yes NM_CONTROLLED=no BOOTPROTO=static IPADDR=172.16.100.1 NETMASK=255.255.0.0 DELAY=0 [[email protected] network-scripts]# vim ifcfg-eth0:0 DEVICE=eth0:0 TYPE=Ethernet ONBOOT=yes NM_CONTROLLED=no BOOTPROTO=static BRIDGE=br0 [[email protected] network-scripts]# service network restart ... [[email protected] network-scripts]# ifconfig br0 Link encap:Ethernet HWaddr 00:00:00:00:00:00 inet addr:172.16.100.1 Bcast:172.16.255.255 Mask:255.255.0.0 inet6 addr: fe80::4c16:22ff:febb:9462/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:11 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:746 (746.0 b) eth0 Link encap:Ethernet HWaddr 00:0C:29:CB:26:9B inet addr:192.168.30.13 Bcast:192.168.30.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fecb:269b/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1482 errors:0 dropped:0 overruns:0 frame:0 TX packets:882 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:545127 (532.3 KiB) TX bytes:125219 (122.2 KiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:2 errors:0 dropped:0 overruns:0 frame:0 TX packets:2 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:100 (100.0 b) TX bytes:100 (100.0 b)
3、安装lxc
epel源中提供的lxc版本未带centos系统模板。可到官网下载源码编译安装,以下安装的是根据lxc-1.0.5源码包制作成的适用于centos 6 x86_64平台的rpm包
[[email protected] ~]# yum -y install lxc-libs-1.0.5-1.el6.x86_64.rpm lxc-1.0.5-1.el6.x86_64.rpm ...
4、检查lxc运行环境
lxc-checkconfig
[[email protected] ~]# lxc-checkconfig Kernel configuration not found at /proc/config.gz; searching... Kernel configuration found at /boot/config-2.6.32-431.el6.x86_64 --- Namespaces --- Namespaces: enabled Utsname namespace: enabled Ipc namespace: enabled Pid namespace: enabled User namespace: enabled Network namespace: enabled Multiple /dev/pts instances: enabled --- Control groups --- Cgroup: enabled Cgroup namespace: enabled Cgroup device: enabled ...
5、创建centos虚拟机
模板文件目录:/usr/local/lxc/share/lxc/templates。其中的lxc-centos即为创建lxc centos系统的模板。
默认配置文件:/etc/lxc/default.conf,其中使用的桥接接口名称为virbr0,与前面的创建的接口名称不一致,因此需要作出修改。当然,也可以将此文件复制之后进行修改,并以为作为接下来的要创建的centos虚拟机的专用配置文件。修改后的default.conf如下所示。
lxc.network.type = veth
lxc.network.link = br0
lxc.network.flags = up
创建容器:
lxc-create -n NAME -t TEMPLATE [options]
例:lxc-create -n centos -t /usr/share/lxc/templates/lxc-centos
容器默认存放目录:/var/lib/lxc
目标容器的root用户的初始密码在/var/lib/lxc/NAME/tmp_root_pass文件中
[[email protected] ~]# vim /etc/lxc/default.conf lxc.network.type = veth lxc.network.link = br0 lxc.network.flags = up [[email protected] ~]# lxc-create -n centos2 -t /usr/share/lxc/templates/lxc-centos Complete! Download complete. Copy /var/cache/lxc/centos/x86_64/6/rootfs to /var/lib/lxc/centos2/rootfs ... Copying rootfs to /var/lib/lxc/centos2/rootfs ... Storing root password in ‘/var/lib/lxc/centos2/tmp_root_pass‘ Expiring password for user root. passwd: Success Container rootfs and config have been created. Edit the config file to check/enable networking setup. The temporary root password is stored in: ‘/var/lib/lxc/centos2/tmp_root_pass‘ The root password is set up as expired and will require it to be changed at first login, which you should do as soon as possible. If you lose the root password or wish to change it without starting the container, you can change it from the host by running the following command (which will also reset the expired flag): chroot /var/lib/lxc/centos2/rootfs passwd [[email protected] ~]# cd /var/lib/lxc [[email protected] lxc]# ls centos2 [[email protected] lxc]# ls centos2 config rootfs tmp_root_pass [[email protected] lxc]# cat centos2/tmp_root_pass Root-centos2-pBZoiZ [[email protected] lxc]# ls centos2/rootfs bin boot dev etc home lib lib64 media mnt opt proc root sbin selinux srv sys tmp usr var [[email protected]e3 lxc]# chroot /var/lib/lxc/centos2/rootfs passwd Changing password for user root. New password: Retype new password: passwd: all authentication tokens updated successfully.
6、启动目标容器:
启动lxc容器需要使用lxc-start命令。此命令的常用选项有:
-n NAME:要启动的容器的名称
-d:在后台运行此容器
-o /path/to/somefile:日志文件的保存位置
-l:日志级别
例:lxc-start -n centos
启动后可直接连接至目标系统的控制台,并在显示登录提示符后登录系统即可。需要注意的是,root用户的初始密码已经被设置为过期,因此第一次登录时需要修改密码后方可使用。
[[email protected] ~]# lxc-start -n centos2 CentOS release 6.7 (Final) Kernel 2.6.32-431.el6.x86_64 on an x86_64 centos2 login: init: rcS main process (8) killed by TERM signal Entering non-interactive startup iptables: No config file. [WARNING] Bringing up loopback interface: [ OK ] Bringing up interface eth0: Determining IP information for eth0... failed. [FAILED] Starting system logger: [ OK ] Mounting filesystems: [ OK ] Starting sshd: [ OK ] CentOS release 6.7 (Final) Kernel 2.6.32-431.el6.x86_64 on an x86_64 centos2 login: root Password: Last login: Wed Apr 6 09:24:29 on lxc/console [[email protected] network-scripts]# vi ifcfg-eth0 DEVICE=eth0 BOOTPROTO=static ONBOOT=yes NM_CONTROLLED=no TYPE=Ethernet IPADDR=172.16.100.2 NETMASK=255.255.0.0 GATEWAY=172.16.100.1 [[email protected] network-scripts]# service network restart Shutting down interface eth0: [ OK ] Shutting down loopback interface: [ OK ] Bringing up loopback interface: [ OK ] Bringing up interface eth0: Determining if ip address 172.16.100.2 is already in use for device eth0... [ OK ] [[email protected] network-scripts]# ping 172.16.100.1 PING 172.16.100.1 (172.16.100.1) 56(84) bytes of data. 64 bytes from 172.16.100.1: icmp_seq=1 ttl=64 time=0.920 ms 64 bytes from 172.16.100.1: icmp_seq=2 ttl=64 time=0.048 ms 64 bytes from 172.16.100.1: icmp_seq=3 ttl=64 time=0.295 ms
7、停止容器:lxc-stop -n NAME
8、删除容器:lxc-destory -n NAME
以上是关于使用lxc提供轻量级虚拟化的主要内容,如果未能解决你的问题,请参考以下文章