lxc常用操作

• • lxc常用操作
  • • 1. lxc命令用法
    • 2. 下载lxc的epel源,并安装lxc软件包和依赖包
    • 3. 添加网桥
    • 4. 启动lxc
    • 5. 用于判断linux内核是否支持LXC
    • 6. 创建lxc主机，查看当前系统中可用的LXC模板容器
    • 7. 修改密码
    • 8. 启动
    • 9. 查看lxc主机的一些系统信息
    • 10. 用ssh远程连接容器
    • 11. 删除lxc

• 1.Linux容器，一种操作系统层虚拟化技术，为Linux内核容器功能的一个用户空间接口。它将应用软件系统打包成一个软件容器，内含应用软件本身的代码，以及所需要的操作系统核心和库。透过统一的名字空间和共享API来分配不同软件容器的可用硬件资源，创造出应用程序的独立沙箱运行环境，使得Linux用户可以容易的创建和管理系统或应用容器。

• 2.在Linux内核中，提供了cgroups功能，来达成资源的隔离。它同时也提供了名称空间隔离的功能，使应用程序看到的操作系统环境被区隔成独立区间，包括进程树，网络，用户id，以及挂载的文件系统。但是cgroups并不一定需要启动任何虚拟机。

• 3.LXC利用cgroups与名称空间的功能，提供应用软件一个独立的操作系统环境。LXC不需要Hypervisor这个软件层，软件容器本身极为轻量化，提升了创建虚拟机的速度

• 4.Docker本质来说不是容器，而是容器的管理工具，最初的Docker也是基于LXC实现的。

[root@localhost ~]# yum -y install epel-release
[root@localhost ~]# yum -y install lxc lxc-templates bridge-utils lxc-libs libcgroup libvirt
lxc           #主程序包
lxc-templates #lxc的配置模板
bridge-utils  #网桥管理工具
lxc-libs      #lxc所需的库文件
libcgroup     #cgroup是为Linux内核提供任务聚集和划分的机制，通过一组参数集合将一些任务组织成一个或多个子系统。
libvirt       #管理Linux的虚拟化功能所需的服务器端守护程序。 需要针对特定驱动程序的管理程序。

brctl addbr virbr0  #添加网桥
brctl addif virbr0 ens160 ; # 将网桥关联到ens160这个网卡 
ip addr del dev ens160 192.168.232.132/24 ; #把网卡上的ip删了 
ifconfig  virbr0 192.168.232.132/32 up  #给网桥配置ip 
ip addr add 192.168.232.132/32 dev virbr0
ip link set virbr0 ip
route add default gw 192.168.232.2 #设置默认网关

[root@localhost ~]# systemctl start lxc
[root@localhost ~]# systemctl status lxc
● lxc.service - LXC Container Initialization and Autoboot Code
   Loaded: loaded (/usr/lib/systemd/system/lxc.service; disabled; vendor preset: disabled)
   Active: active (exited) since 一 2022-04-25 13:26:58 CST; 19s ago
  Process: 7265 ExecStart=/usr/libexec/lxc/lxc-autostart-helper start (code=exited, status=0/SUCCESS)
  Process: 7246 ExecStartPre=/usr/libexec/lxc/lxc-devsetup (code=exited, status=0/SUCCESS)
 Main PID: 7265 (code=exited, status=0/SUCCESS)

4月 25 13:26:27 localhost.localdomain systemd[1]: Starting...
4月 25 13:26:27 localhost.localdomain lxc-devsetup[7246]: ...
4月 25 13:26:27 localhost.localdomain lxc-devsetup[7246]: ...
4月 25 13:26:27 localhost.localdomain lxc-devsetup[7246]: ...
4月 25 13:26:58 localhost.localdomain lxc-autostart-helper[7265]: ...
4月 25 13:26:58 localhost.localdomain systemd[1]: Started ...
Hint: Some lines were ellipsized, use -l to show in full.
[root@localhost ~]# systemctl start libvirtd
[root@localhost ~]# 

[root@localhost ~]# lxc-checkconfig
Kernel configuration not found at /proc/config.gz; searching...
Kernel configuration found at /boot/config-3.10.0-1160.el7.x86_64
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Warning: newuidmap is not setuid-root
Warning: newgidmap is not setuid-root
Network namespace: enabled
Multiple /dev/pts instances: enabled

--- Control groups ---
Cgroup: enabled
Cgroup clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: enabled
Macvlan: enabled
Vlan: enabled
Bridges: enabled
Advanced netfilter: enabled
CONFIG_NF_NAT_IPV4: enabled
CONFIG_NF_NAT_IPV6: enabled
CONFIG_IP_NF_TARGET_MASQUERADE: enabled
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled

--- Checkpoint/Restore ---
checkpoint restore: enabled
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: enabled
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: enabled
CONFIG_NETLINK_DIAG: enabled
File capabilities: enabled

Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig

[root@localhost ~]# 

查看当前系统中可用的LXC模板容器
[root@localhost ~]# ls /usr/share/lxc/templates/
lxc-alpine     lxc-debian        lxc-oracle
lxc-altlinux   lxc-download      lxc-plamo
lxc-archlinux  lxc-fedora        lxc-sshd
lxc-busybox    lxc-gentoo        lxc-ubuntu
lxc-centos     lxc-openmandriva  lxc-ubuntu-cloud
lxc-cirros     lxc-opensuse
创建lxc主机-t 指定模板容器，-n 指定要创建的主机名
[root@localhost ~]# lxc-create -t centos -n muhost

Copy /var/cache/lxc/centos/x86_64/7/rootfs to /var/lib/lxc/muhost/rootfs ... 
Copying rootfs to /var/lib/lxc/muhost/rootfs 生成虚拟系统的根，文件默认路径在/var/lib/lxc/muhsot下
sed：无法读取 /var/lib/lxc/muhost/rootfs/etc/init/tty.conf：没有那个文件或目录
Storing root password in '/var/lib/lxc/muhost/tmp_root_pass'
chpasswd：无法打开 /etc/passwd
正在终止用户 root 的密码。
passwd: Libuser error at line: 425 - Error replacing `/etc/passwd': 权限不够.
passwd: 错误
sed：无法读取 /var/lib/lxc/muhost/rootfs/etc/rc.sysinit：没有那个文件或目录
sed：无法读取 /var/lib/lxc/muhost/rootfs/etc/rc.d/rc.sysinit：没有那个文件或目录

Container rootfs and config have been created.
Edit the config file to check/enable networking setup.

The temporary root password is stored in:

        '/var/lib/lxc/muhost/tmp_root_pass这个文件保存了主机的初始root密码


The root password is set up as expired and will require it to be changed
at first login, which you should do as soon as possible.  If you lose the
root password or wish to change it without starting the container, you
can change it from the host by running the following command (which will
also reset the expired flag):

        chroot /var/lib/lxc/muhost/rootfs passwd可以使用这个命令修改初始root密码

[root@localhost ~]# 

lxc所生成文件的默认路径

[root@localhost ~]# tree /var/lib/lxc/muhost/ -L 1
/var/lib/lxc/muhost/
├── config  //配置文件
├── rootfs   //根目录
└── tmp_root_pass //root密码

1 directory, 2 files
[root@localhost ~]# 

[root@localhost ~]# chroot /var/lib/lxc/muhost/rootfs passwd
更改用户 root 的密码 。
新的 密码 RunPanny123!
重新输入新的 密码：
passwd：所有的身份验证令牌已经成功更新。
[root@localhost ~]# 

[root@localhost ~]# lxc-start -n muhost
systemd 219 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN)
Detected virtualization lxc.
Detected architecture x86-64.

Welcome to CentOS Linux 7 (Core)!

Running in a container, ignoring fstab device entry for /dev/root.
Cannot add dependency job for unit display-manager.service, ignoring: Unit not found.
[  OK  ] Reached target Local Encrypted Volumes.
[  OK  ] Reached target Swap.
[  OK  ] Created slice Root Slice.
[  OK  ] Created slice System Slice.
[  OK  ] Listening on /dev/initctl Compatibility Named Pipe.
[  OK  ] Reached target Remote File Systems.
[  OK  ] Started Forward Password R...o Wall Directory Watch.
[  OK  ] Listening on Delayed Shutdown Socket.
[  OK  ] Created slice User and Session Slice.
[  OK  ] Reached target Slices.
[  OK  ] Started Dispatch Password ...onsole Directory Watch.
[  OK  ] Reached target Paths.
[  OK  ] Created slice system-getty.slice.
[  OK  ] Listening on Journal Socket.
         Starting Read and set NIS ...tc/sysconfig/network...
         Starting Journal Service...
         Mounting Huge Pages File System...
         Mounting POSIX Message Queue File System...
         Mounting FUSE Control File System...
         Starting Remount Root and Kernel File Systems...
[  OK  ] Mounted FUSE Control File System.
[  OK  ] Mounted POSIX Message Queue File System.
[  OK  ] Mounted Huge Pages File System.
[  OK  ] Started Journal Service.
[  OK  ] Started Read and set NIS d.../etc/sysconfig/network.
[  OK  ] Started Remount Root and Kernel File Systems.
[  OK  ] Reached target Local File Systems (Pre).
         Starting Rebuild Hardware Database...
         Starting Configure read-only root support...
         Starting Flush Journal to Persistent Storage...
<46>systemd-journald[15]: Received request to flush runtime journal from PID 1
[  OK  ] Started Flush Journal to Persistent Storage.
[  OK  ] Started Configure read-only root support.
         Starting Load/Save Random Seed...
[  OK  ] Reached target Local File Systems.
         Starting Mark the need to relabel after reboot...
         Starting Rebuild Journal Catalog...
         Starting Create Volatile Files and Directories...
[  OK  ] Started Load/Save Random Seed.
[  OK  ] Started Rebuild Journal Catalog.
[  OK  ] Started Mark the need to relabel after reboot.
[  OK  ] Started Create Volatile Files and Directories.
         Starting Update UTMP about System Boot/Shutdown...
[  OK  ] Started Update UTMP about System Boot/Shutdown.
[  OK  ] Started Rebuild Hardware Database.
         Starting Update is Completed...
[  OK  ] Started Update is Completed.
[  OK  ] Reached target System Initialization.
[  OK  ] Started Daily Cleanup of Temporary Directories.
[  OK  ] Reached target Timers.
[  OK  ] Listening on D-Bus System Message Bus Socket.
[  OK  ] Reached target Sockets.
[  OK  ] Reached target Basic System.
         Starting Login Service...
         Starting LSB: Bring up/down networking...
         Starting OpenSSH Server Key Generation...
         Starting Permit User Sessions...
[  OK  ] Started D-Bus System Message Bus.
[  OK  ] Started Permit User Sessions.
[  OK  ] Started Console Getty.
[  OK  ] Started Command Scheduler.
[  OK  ] Reached target Login Prompts.
[  OK  ] Started Login Service.
[  OK  ] Started OpenSSH Server Key Generation.

CentOS Linux 7 (Core)
Kernel 3.10.0-1160.el7.x86_64 on an x86_64

muhost login: root
Password: <28>systemd-sysctl[296]: Failed to write '1' to '/proc/sys/fs/protected_symlinks': Read-only file system

[root@muhost ~]# 

[root@muhost ~]# df -h
Filesystem               Size  Used Avail Use% Mounted on
/dev/mapper/centos-root   17G  2.9G   15G  17% /
devtmpfs                 475M     0  475M   0% /dev
tmpfs                    487M     0  487M   0% /dev/shm
tmpfs                    487M  6.2M  480M   2% /run
tmpfs                    487M     0  487M   0% /sys/fs/cgroup
tmpfs                     98M     0   98M   0% /run/user/0
[root@muhost ~]# ll /boot/
total 0//因为lxc共享物理主机的内核，所以lxc主机的/boot目录是空的。
查看网卡信息
[root@muhost ~]# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
5: eth0@if6:  mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether fe:7a:5f:d7:a3:d9 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.122.190/24 brd 192.168.122.255 scope global dynamic eth0
       valid_lft 3407sec preferred_lft 3407sec
    inet6 fe80::fc7a:5fff:fed7:a3d9/64 scope link 
       valid_lft forever preferred_lft forever
[root@muhost ~]# 

lxc-start -n myhost1 -d                     
#在启动时添加-d选项可以把主机防止后台有运行
lxc-console -n myhost1                      
#使用lxc-console 进行连接

Connected to tty 1
Type  to exit the console,  to enter Ctrl+a itself
                                            
#敲击Ctrl+a然后q，就可以从容器控制台中退出。

[root@localhost ~]# ssh 192.168.122.190
root@192.168.122.190's password: 
Last failed login: Mon Apr 25 06:13:18 UTC 2022 from gateway on ssh:notty
There were 3 failed login attempts since the last successful login.
Last login: Mon Apr 25 06:06:54 2022
[root@muhost ~]# 

[root@localhost ~]# lxc-destroy -n muhost
[root@localhost ~]#