如何在 Fedora Linux 26 上安装和设置 LXC(Linux 容器)
LXC 是 Linux 容器的缩写。它只是一种操作系统级虚拟化技术,用于在单个 Linux 主机上运行多个独立的 Linux 发行版(系统容器)。本教程向您展示如何在 Fedora Linux 服务器上安装和管理 LXC 容器。
我们的示例设置
LXC 通常被描述为轻量级虚拟化技术。您可以将 LXC 视为强化版的 chrooted jail。它不涉及客户操作系统。您只能使用 LXC 运行 Linux 发行版。您不能使用 LXC 运行 MS-Windows 或 *BSD 或任何其他操作系统。您可以使用 LXC 运行 CentOS、Fedora、Ubuntu、Debian、Gentoo 或任何其他 Linux 发行版。传统虚拟化(如 KVM/XEN/VMWARE 和半虚拟化)需要每个实例都有一个完整的操作系统映像。您可以使用传统虚拟化运行任何操作系统。
安装
输入以下 dnf 命令在 Fedora 26 上安装 lxc 和相关软件包:
$ sudo dnf install lxc lxc-templates lxc-extra debootstrap libvirt perl gpg
示例输出:
图 01:Fedora 26 上的 LXC 安装
启动并启用所需的服务
首先使用 systemctl 命令启动名为 libvirtd 和 lxc 的虚拟化守护进程:
示例输出:
$ sudo systemctl start libvirtd.service
$ sudo systemctl start lxc.service
$ sudo systemctl enable lxc.service
Created symlink /etc/systemd/system/multi-user.target.wants/lxc.service ? /usr/lib/systemd/system/lxc.service.
验证服务是否正在运行:
$ sudo systemctl status libvirtd.service
示例输出:
? libvirtd.service - Virtualization daemon Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2017-07-13 07:25:30 UTC; 40s ago Docs: man:libvirtd(8) http://libvirt.org Main PID: 3688 (libvirtd) CGroup: /system.slice/libvirtd.service ??3688 /usr/sbin/libvirtd ??3760 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper ??3761 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper Jul 13 07:25:31 example-f26 dnsmasq[3760]: compile time options: IPv6 GNU-getopt DBus no-i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth DNSSEC loop-detect inotify Jul 13 07:25:31 example-f26 dnsmasq-dhcp[3760]: DHCP, IP range 192.168.122.2 -- 192.168.122.254, lease time 1h Jul 13 07:25:31 example-f26 dnsmasq-dhcp[3760]: DHCP, sockets bound exclusively to interface virbr0 Jul 13 07:25:31 example-f26 dnsmasq[3760]: reading /etc/resolv.conf Jul 13 07:25:31 example-f26 dnsmasq[3760]: using nameserver 139.162.11.5#53 Jul 13 07:25:31 example-f26 dnsmasq[3760]: using nameserver 139.162.13.5#53 Jul 13 07:25:31 example-f26 dnsmasq[3760]: using nameserver 139.162.14.5#53 Jul 13 07:25:31 example-f26 dnsmasq[3760]: read /etc/hosts - 3 addresses Jul 13 07:25:31 example-f26 dnsmasq[3760]: read /var/lib/libvirt/dnsmasq/default.addnhosts - 0 addresses Jul 13 07:25:31 example-f26 dnsmasq-dhcp[3760]: read /var/lib/libvirt/dnsmasq/default.hostsfile
并且:
$ sudo systemctl status lxc.service
示例输出:
? lxc.service - LXC Container Initialization and Autoboot Code Loaded: loaded (/usr/lib/systemd/system/lxc.service; enabled; vendor preset: disabled) Active: active (exited) since Thu 2017-07-13 07:25:34 UTC; 1min 3s ago Docs: man:lxc-autostart man:lxc Main PID: 3830 (code=exited, status=0/SUCCESS) CPU: 9ms Jul 13 07:25:34 example-f26 systemd[1]: Starting LXC Container Initialization and Autoboot Code... Jul 13 07:25:34 example-f26 systemd[1]: Started LXC Container Initialization and Autoboot Code.
LXC 网络
要查看 lxc 的配置网络接口,请运行:
$ sudo brctl show
示例输出:
bridge name bridge id STP enabled interfaces virbr0 8000.525400293323 yes virbr0-nic
您必须在文件 /etc/lxc/default.conf 中将默认网桥设置为 virbr0:
$ sudo vi /etc/lxc/default.conf
示例配置(将 lxc.network.link 的 lxcbr0 替换为 virbr0):
lxc.network.type = veth
lxc.network.link = virbr0
lxc.network.flags = up
lxc.network.hwaddr = 00:16:3e:xx:xx:xx
保存并关闭文件。要查看容器使用的 DHCP 范围,请输入:
$ sudo systemctl status libvirtd.service | grep range
示例输出:
Jul 13 07:25:31 example-f26 dnsmasq-dhcp[3760]: DHCP, IP range 192.168.122.2 -- 192.168.122.254, lease time 1h
要检查当前内核是否支持 lxc,请输入:
$ lxc-checkconfig
示例输出:
Kernel configuration not found at /proc/config.gz; searching... Kernel configuration found at /boot/config-4.11.9-300.fc26.x86_64 --- Namespaces --- Namespaces: enabled Utsname namespace: enabled Ipc namespace: enabled Pid namespace: enabled User namespace: enabled Network namespace: enabled --- Control groups --- Cgroup: enabled Cgroup clone_children flag: enabled Cgroup device: enabled Cgroup sched: enabled Cgroup cpu account: enabled Cgroup memory controller: enabled Cgroup cpuset: enabled --- Misc --- Veth pair device: enabled Macvlan: enabled Vlan: enabled Bridges: enabled Advanced netfilter: enabled CONFIG_NF_NAT_IPV4: enabled CONFIG_NF_NAT_IPV6: enabled CONFIG_IP_NF_TARGET_MASQUERADE: enabled CONFIG_IP6_NF_TARGET_MASQUERADE: enabled CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled FUSE (for use with lxcfs): enabled --- Checkpoint/Restore --- checkpoint restore: enabled CONFIG_FHANDLE: enabled CONFIG_EVENTFD: enabled CONFIG_EPOLL: enabled CONFIG_UNIX_DIAG: enabled CONFIG_INET_DIAG: enabled CONFIG_PACKET_DIAG: enabled CONFIG_NETLINK_DIAG: enabled File capabilities: enabled Note : Before booting a new kernel, you can check its configuration usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig
如何创建 Ubuntu Linux 容器?
输入以下命令来创建 Ubuntu 16.04 LTS 容器:
$ sudo lxc-create -t download -n ubuntu-c1 -- -d ubuntu -r xenial -a amd64
示例输出:
Setting up the GPG keyring Downloading the image index Downloading the rootfs Downloading the metadata The image cache is now ready Unpacking the rootfs --- You just created an Ubuntu container (release=xenial, arch=amd64, variant=default) To enable sshd, run: apt-get install openssh-server For security reason, container images ship without user accounts and without a root password. Use lxc-attach or chroot directly into the rootfs to set a root password or create user accounts.
要设置管理员密码,请运行:
$ sudo chroot /var/lib/lxc/ubuntu-c1/rootfs/ passwd ubuntu
Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
确保 root 帐户已被锁定:
$ sudo chroot /var/lib/lxc/ubuntu-c1/rootfs/ passwd
要启动容器运行:
$ sudo lxc-start -n ubuntu-c1
要登录名为 ubuntu-c1 的容器,请使用之前设置的 ubuntu 用户和密码:
$ lxc-console -n ubuntu-c1
示例输出:
图02:启动指定容器的控制台
ubuntu@ubuntu-c1:~$ sudo apt-get install openssh-serverCtrl+a q
如何创建 Debain Linux 容器?
输入以下命令来创建 Debian 9(“stretch”)容器:
$ sudo lxc-create -t download -n debian-c1 -- -d debian -r stretch -a amd64
示例输出:
Setting up the GPG keyring Downloading the image index Downloading the rootfs Downloading the metadata The image cache is now ready Unpacking the rootfs --- You just created a Debian container (release=stretch, arch=amd64, variant=default) To enable sshd, run: apt-get install openssh-server For security reason, container images ship without user accounts and without a root password. Use lxc-attach or chroot directly into the rootfs to set a root password or create user accounts.
设置root账户密码,运行:
$ sudo chroot /var/lib/lxc/debian-c1/rootfs/ passwd
启动容器并登录进行管理,运行:
$ sudo lxc-start -n debian-c1
$ lxc-console -n debian-c1
如何创建 CentOS Linux 容器?
输入以下命令来创建 CentOS 7 容器:
$ sudo lxc-create -t download -n centos-c1 -- -d centos -r 7 -a amd64
示例输出:
Setting up the GPG keyring Downloading the image index Downloading the rootfs Downloading the metadata The image cache is now ready Unpacking the rootfs --- You just created a CentOS container (release=7, arch=amd64, variant=default) To enable sshd, run: yum install openssh-server For security reason, container images ship without user accounts and without a root password. Use lxc-attach or chroot directly into the rootfs to set a root password or create user accounts.
设置root账号密码并启动容器:
$ sudo chroot /var/lib/lxc/centos-c1/rootfs/ passwd
$ sudo lxc-start -n centos-c1
$ lxc-console -n centos-c1
如何创建 Fedora Linux 容器?
输入以下命令来创建 Fedora 25 容器:
$ sudo lxc-create -t download -n fedora-c1 -- -d fedora -r 25 -a amd64
示例输出:
Setting up the GPG keyring Downloading the image index Downloading the rootfs Downloading the metadata The image cache is now ready Unpacking the rootfs --- You just created a Fedora container (release=25, arch=amd64, variant=default) To enable sshd, run: dnf install openssh-server For security reason, container images ship without user accounts and without a root password. Use lxc-attach or chroot directly into the rootfs to set a root password or create user accounts.
设置root账号密码并启动容器:
$ sudo chroot /var/lib/lxc/fedora-c1/rootfs/ passwd
$ sudo lxc-start -n fedora-c1
$ lxc-console -n fedora-c1
如何创建 CentOS 6 Linux 容器并将其存储在 btrfs 中?
您需要创建或格式化硬盘为 btrfs并使用那个:
如果您没有 /dev/sdb,请使用 dd 或 fallocate 命令创建一个映像,如下所示:
示例输出:
# mkfs.btrfs /dev/sdb
# mount /dev/sdb /mnt/btrfs/
# fallocate -l 10G /example-btrfs.img
# losetup /dev/loop0 /example-btrfs.img
# mkfs.btrfs /dev/loop0
# mount /dev/loop0 /mnt/btrfs/
# btrfs filesystem show
Label: none uuid: 4deee098-94ca-472a-a0b5-0cd36a205c35 Total devices 1 FS bytes used 361.53MiB devid 1 size 10.00GiB used 3.02GiB path /dev/loop0
现在创建一个 CentOS 6 LXC:
示例输出:
# lxc-create -B btrfs -P /mnt/btrfs/ -t download -n centos6-c1 -- -d centos -r 6 -a amd64
# chroot /mnt/btrfs/centos6-c1/rootfs/ passwd
# lxc-start -P /mnt/btrfs/ -n centos6-c1
# lxc-console -P /mnt/btrfs -n centos6-c1
# lxc-ls -P /mnt/btrfs/ -f
NAME STATE AUTOSTART GROUPS IPV4 IPV6 centos6-c1 RUNNING 0 - 192.168.122.145 -
如何查看所有可用图像的列表?
键入以下命令:
$ lxc-create -t download -n NULL -- --list
示例输出:
Setting up the GPG keyring Downloading the image index --- DIST RELEASE ARCH VARIANT BUILD --- alpine 3.1 amd64 default 20170319_17:50 alpine 3.1 armhf default 20161230_08:09 alpine 3.1 i386 default 20170319_17:50 alpine 3.2 amd64 default 20170504_18:43 alpine 3.2 armhf default 20161230_08:09 alpine 3.2 i386 default 20170504_17:50 alpine 3.3 amd64 default 20170712_17:50 alpine 3.3 armhf default 20170103_17:50 alpine 3.3 i386 default 20170712_17:50 alpine 3.4 amd64 default 20170712_17:50 alpine 3.4 armhf default 20170111_20:27 alpine 3.4 i386 default 20170712_17:50 alpine 3.5 amd64 default 20170712_17:50 alpine 3.5 i386 default 20170712_17:50 alpine 3.6 amd64 default 20170712_17:50 alpine 3.6 i386 default 20170712_17:50 alpine edge amd64 default 20170712_17:50 alpine edge armhf default 20170111_20:27 alpine edge i386 default 20170712_17:50 archlinux current amd64 default 20170529_01:27 archlinux current i386 default 20170529_01:27 centos 6 amd64 default 20170713_02:16 centos 6 i386 default 20170713_02:16 centos 7 amd64 default 20170713_02:16 debian jessie amd64 default 20170712_22:42 debian jessie arm64 default 20170712_22:42 debian jessie armel default 20170711_22:42 debian jessie armhf default 20170712_22:42 debian jessie i386 default 20170712_22:42 debian jessie powerpc default 20170712_22:42 debian jessie ppc64el default 20170712_22:42 debian jessie s390x default 20170712_22:42 debian sid amd64 default 20170712_22:42 debian sid arm64 default 20170712_22:42 debian sid armel default 20170712_22:42 debian sid armhf default 20170711_22:42 debian sid i386 default 20170712_22:42 debian sid powerpc default 20170712_22:42 debian sid ppc64el default 20170712_22:42 debian sid s390x default 20170712_22:42 debian stretch amd64 default 20170712_22:42 debian stretch arm64 default 20170712_22:42 debian stretch armel default 20170711_22:42 debian stretch armhf default 20170712_22:42 debian stretch i386 default 20170712_22:42 debian stretch powerpc default 20161104_22:42 debian stretch ppc64el default 20170712_22:42 debian stretch s390x default 20170712_22:42 debian wheezy amd64 default 20170712_22:42 debian wheezy armel default 20170712_22:42 debian wheezy armhf default 20170712_22:42 debian wheezy i386 default 20170712_22:42 debian wheezy powerpc default 20170712_22:42 debian wheezy s390x default 20170712_22:42 fedora 22 amd64 default 20170216_01:27 fedora 22 i386 default 20170216_02:15 fedora 23 amd64 default 20170215_03:33 fedora 23 i386 default 20170215_01:27 fedora 24 amd64 default 20170713_01:27 fedora 24 i386 default 20170713_01:27 fedora 25 amd64 default 20170713_01:27 fedora 25 i386 default 20170713_01:27 gentoo current amd64 default 20170712_14:12 gentoo current i386 default 20170712_14:12 opensuse 13.2 amd64 default 20170320_00:53 opensuse 42.2 amd64 default 20170713_00:53 oracle 6 amd64 default 20170712_11:40 oracle 6 i386 default 20170712_11:40 oracle 7 amd64 default 20170712_11:40 plamo 5.x amd64 default 20170712_21:36 plamo 5.x i386 default 20170712_21:36 plamo 6.x amd64 default 20170712_21:36 plamo 6.x i386 default 20170712_21:36 ubuntu artful amd64 default 20170713_03:49 ubuntu artful arm64 default 20170713_03:49 ubuntu artful armhf default 20170713_03:49 ubuntu artful i386 default 20170713_03:49 ubuntu artful ppc64el default 20170713_03:49 ubuntu artful s390x default 20170713_03:49 ubuntu precise amd64 default 20170713_03:49 ubuntu precise armel default 20170713_03:49 ubuntu precise armhf default 20170713_03:49 ubuntu precise i386 default 20170713_03:49 ubuntu precise powerpc default 20170713_03:49 ubuntu trusty amd64 default 20170713_03:49 ubuntu trusty arm64 default 20170713_03:49 ubuntu trusty armhf default 20170713_03:49 ubuntu trusty i386 default 20170713_03:49 ubuntu trusty powerpc default 20170713_03:49 ubuntu trusty ppc64el default 20170713_03:49 ubuntu xenial amd64 default 20170713_03:49 ubuntu xenial arm64 default 20170713_03:49 ubuntu xenial armhf default 20170713_03:49 ubuntu xenial i386 default 20170713_03:49 ubuntu xenial powerpc default 20170713_03:49 ubuntu xenial ppc64el default 20170713_03:49 ubuntu xenial s390x default 20170713_03:49 ubuntu yakkety amd64 default 20170713_03:49 ubuntu yakkety arm64 default 20170713_03:49 ubuntu yakkety armhf default 20170713_03:49 ubuntu yakkety i386 default 20170713_03:49 ubuntu yakkety powerpc default 20170713_03:49 ubuntu yakkety ppc64el default 20170713_03:49 ubuntu yakkety s390x default 20170713_03:49 ubuntu zesty amd64 default 20170713_03:49 ubuntu zesty arm64 default 20170713_03:49 ubuntu zesty armhf default 20170713_03:49 ubuntu zesty i386 default 20170713_03:49 ubuntu zesty powerpc default 20170317_03:49 ubuntu zesty ppc64el default 20170713_03:49 ubuntu zesty s390x default 20170713_03:49 ---
如何列出系统上现有的容器?
键入以下命令:
$ lxc-ls -f
示例输出:
NAME STATE AUTOSTART GROUPS IPV4 IPV6 centos-c1 RUNNING 0 - 192.168.122.174 - debian-c1 RUNNING 0 - 192.168.122.241 - fedora-c1 RUNNING 0 - 192.168.122.176 - ubuntu-c1 RUNNING 0 - 192.168.122.56 -
如何查询某个集装箱的信息?
语法是:
示例输出:
$ lxc-info -n {container}
$ lxc-info -n centos-c1
Name: centos-c1 State: RUNNING PID: 5749 IP: 192.168.122.174 CPU use: 0.87 seconds BlkIO use: 6.51 MiB Memory use: 31.66 MiB KMem use: 3.01 MiB Link: vethQIP1US TX bytes: 2.04 KiB RX bytes: 8.77 KiB Total bytes: 10.81 KiB
如何停止/启动/重新启动容器?
语法是:
$ sudo lxc-start -n {container}
$ sudo lxc-start -n fedora-c1
$ sudo lxc-stop -n {container}
$ sudo lxc-stop -n fedora-c1
如何监控容器统计信息?
显示容器,每秒更新一次,按内存使用情况排序:
$ lxc-top --delay 1 --sort m
显示容器,每秒更新一次,按 CPU 使用情况排序:
$ lxc-top --delay 1 --sort c
显示容器,每秒更新一次,按块 I/O 使用情况排序:
$ lxc-top --delay 1 --sort b
示例输出:
图 03:使用 lxc-top 显示容器统计信息
如何销毁/删除容器?
语法是:
如果容器正在运行,先停止它并销毁它:
$ sudo lxc-destroy -n {container}
$ sudo lxc-stop -n fedora-c2
$ sudo lxc-destroy -n fedora-c2
$ sudo lxc-destroy -f -n fedora-c2
如何创建、列出和恢复容器快照?
根据快照操作,语法如下。请注意,您必须使用快照感知文件系统,例如 BTRFS/ZFS 或 LVM。
为容器创建快照
$ sudo lxc-snapshot -n {container} -c "comment for snapshot"
$ sudo lxc-snapshot -n centos-c1 -c "13/July/17 before applying patches"
列出容器的快照
$ sudo lxc-snapshot -n centos-c1 -L -C
恢复容器的快照
$ sudo lxc-snapshot -n centos-c1 -r snap0
销毁/删除容器的快照
$ sudo lxc-snapshot -n centos-c1 -d snap0
- 在 Ubuntu 16.04 LTS 上安装 LXD 容器管理程序
- 如何在 Fedora Linux 26 上安装和设置 LXC(Linux 容器)
- 在KVM或Xen虚拟机下设置LXD容器
- 列出 LXD(Linux 容器)中的 VM 映像
- 升级由 Ubuntu/Debian 或 CentOS Linux 驱动的 LXD 容器
- 在 Linux 启动时自动启动 LXD 容器
- 重命名 LXD / LXC 容器的命令
- 在配置启动时在 Linux 容器 (LXD) 实例上运行命令
- 在云实例启动时,使用 shell 脚本中的 LXD(Linux 容器)创建 VM
- 将 LXD VM 移动/迁移到 Linux 上的另一台主机
- Fedora 安装并设置 LXD
- CentOS 7.x 安装并设置 LXD 服务器
- 在 Ubuntu 18.04 LTS 上安装 LXD 纯容器管理程序
- 使用 lxc 命令为 LXD 创建快照
- 在 CentOS/RHEL 8 上设置并安装 LXD
- Ubuntu 20.04 LTS 安装并设置 LXD
- 完整备份和恢复 LXD 容器
- 禁用 LXD 桥上的防火墙和 NAT 规则
- 使用 lxc 删除或移除 LXD 容器
- Linux 文件系统错误:事务失败解决方案
- Ubuntu 22.04 LTS 设置 LXD
- Debian 11 设置 LXD