# HG changeset patch # User Oleksandr Gavenko # Date 1548718878 -7200 # Node ID fbfaded9734eee6675d2014a75b24e5bff9a6e72 # Parent 26666adc0987a90486c815013f079ed1bd2fac0a Creating unpriviliged containers. diff -r 26666adc0987 -r fbfaded9734e lxc.rst --- a/lxc.rst Tue Jan 29 01:01:06 2019 +0200 +++ b/lxc.rst Tue Jan 29 01:41:18 2019 +0200 @@ -60,6 +60,17 @@ $ sudo service lxc-net start $ sudo systemctl restart lxc-net.service +Project file layout +=================== + +* ``/usr/share/lxc/templates`` is list of templates. +* ``/var/cache/lxc`` is cache for downloaded images. + +* ``~/.local/share/lxc`` container storage. +* ``~/.config/lxc`` container configs. +* ``~/.cache/lxc`` is cache for unprivileged downloded images. +* ``~/.local/share/lxcsnaps`` is storage for unprivileged snapshots. + Create new container in LXC =========================== @@ -136,12 +147,43 @@ $ echo nameserver 8.8.8.8 | sudo tee /var/lib/lxc/$NAME/rootfs/etc/resolv.conf +Creating unpriviliged containers +================================ + +Check if user has assigned ids for namespaces:: + + $ cat /etc/subuid + vagrant:100000:65536 + $ cat /etc/subgid + vagrant:100000:65536 + +If not assign ranges with:: + + sudo usermod -v 100000-165536 -w 100000-165536 vagrant + +or:: + + sudo usermod -add-subuids 100000-165536 vagrant + sudo usermod -add-subgids 100000-165536 vagrant + +Create local config:: + + mkdir -p ~/.config/lxc + cat <~/.config/lxc/default.conf + lxc.idmap = u 0 100000 65536 + lxc.idmap = g 0 100000 65536 + lxc.network.type = veth + lxc.network.link = lxcbr0 + EOF + echo "$USER veth lxcbr0 2" | sudo tee -a /etc/lxc/lxc-usernet + LXC Container management ======================== List available containers:: $ sudo lxc-ls + $ sudo lxc-ls -f $ sudo lxc-ls --fancy Show details about container:: @@ -176,10 +218,42 @@ lxc.start.auto = 1 +Other autostart params:: + + lxc.start.delay = 15 # delay in seconds + lxc.start.order = 50 # higher value means starts earlier + +Limit memory usage:: + + lxc.cgroup.memory.limit_in_bytes = 256M + +Apply memory limit on fly:: + + sudo lxc-cgroup -n $NAME memory.limit_in_bytes 100M + Link containers in non standard location to take them in account:: $ ln -s /opt/lxc/$NAME /var/lib/lxc/$NAME +Show container status/into:: + + $ sudo lxc-info -n $NAME + +Print just state:: + + $ sudo lxc-info -n $NAME -s + $ sudo lxc-info -n $NAME --state + +Print just pid:: + + $ sudo lxc-info -n $NAME -p + $ sudo lxc-info -n $NAME --pid + +Print just IP addresses:: + + $ sudo lxc-info -n $NAME -i + $ sudo lxc-info -n $NAME --ips + Run command in running container:: $ sudo lxc-attach -n $NAME @@ -187,6 +261,16 @@ $ sudo lxc-attach -n $NAME -- ls -a $ sudo lxc-attach -n $NAME -- apk list +Open session in console (attaches container tty process to current terminal, prompt for +user/password):: + + $ sudo lxc-console -n $NAME + +Freeze/unfreeze:: + + $ sudo lxc-freeze -n $NAME + $ sudo lxc-unfreeze -n $NAME + Making snapshot =============== @@ -199,11 +283,11 @@ Make a snapshot:: - $ sudo lcx-halt -n $NAME - $ sudo lcx-snapshot -n $NAME + $ sudo lxc-halt -n $NAME + $ sudo lxc-snapshot -n $NAME Restore from snapshot:: - $ sudo lcx-halt -n $NAME - $ sudo lcx-snapshot -n $NAME -r $SNAPNAME + $ sudo lxc-halt -n $NAME + $ sudo lxc-snapshot -n $NAME -r $SNAPNAME