TenForward

技術ブログ。はてなダイアリーから移転しました

LXC (2)

気を取り直して,Plamo Linux 4.71 で lxc を.

準備

lxc-0.6.4.tar.gz をダウンロード.展開.

カーネル再構築

標準カーネルではオプションが足りないので,有効にする.

lxc アーカイブ中の doc/lxc.7 を見ると,以下を有効にせよ,と書いてあります.README にも記述があるが,以下と違って足りない.README の通りにやっても動かなかった気がします.ただ,色々試行錯誤してたので,動くのかもしれません.

                * General setup
                  * Control Group support
                    -> Namespace cgroup subsystem
                    -> Freezer cgroup subsystem
                    -> Cpuset support
                    -> Simple CPU accounting cgroup subsystem
                    -> Resource counters
                      -> Memory resource controllers for Control Groups
                  * Group CPU scheduler
                    -> Basis for grouping tasks (Control Groups)
                  * Namespaces support
                    -> UTS namespace
                    -> IPC namespace
                    -> User namespace
                    -> Pid namespace
                    -> Network namespace
                * Device Drivers
                  * Character devices
                    -> Support multiple instances of devpts
                  * Network device support
                    -> MAC-VLAN support
                    -> Virtual ethernet pair device
                * Networking
                  * Networking options
                    -> 802.1d Ethernet Bridging
                * Security options
                  -> File POSIX Capabilities
3,4c3,4
# diff /boot/config-2.6.31.6-plamoSMP /usr/src/linux/.config
< # Linux kernel version: 2.6.31.5
< # Tue Nov  3 09:12:21 2009
    • -
> # Linux kernel version: 2.6.31.6 > # Tue Dec 15 14:00:17 2009 66c66 < CONFIG_LOCALVERSION="-plamoSMP"
    • -
> CONFIG_LOCALVERSION="-plamoSMP-PAE-2" 98,99c98,114 < # CONFIG_GROUP_SCHED is not set < # CONFIG_CGROUPS is not set
    • -
> CONFIG_GROUP_SCHED=y > CONFIG_FAIR_GROUP_SCHED=y > # CONFIG_RT_GROUP_SCHED is not set > # CONFIG_USER_SCHED is not set > CONFIG_CGROUP_SCHED=y > CONFIG_CGROUPS=y > # CONFIG_CGROUP_DEBUG is not set > CONFIG_CGROUP_NS=y > CONFIG_CGROUP_FREEZER=y > CONFIG_CGROUP_DEVICE=y > CONFIG_CPUSETS=y > CONFIG_PROC_PID_CPUSET=y > CONFIG_CGROUP_CPUACCT=y > CONFIG_RESOURCE_COUNTERS=y > CONFIG_CGROUP_MEM_RES_CTLR=y > # CONFIG_CGROUP_MEM_RES_CTLR_SWAP is not set > CONFIG_MM_OWNER=y 103c118,123 < # CONFIG_NAMESPACES is not set
    • -
> CONFIG_NAMESPACES=y > CONFIG_UTS_NS=y > CONFIG_IPC_NS=y > CONFIG_USER_NS=y > CONFIG_PID_NS=y > CONFIG_NET_NS=y 250a271 > CONFIG_X86_CMPXCHG64=y 294,295c315,316 < CONFIG_HIGHMEM4G=y < # CONFIG_HIGHMEM64G is not set
    • -
> # CONFIG_HIGHMEM4G is not set > CONFIG_HIGHMEM64G=y 303c324,325 < # CONFIG_ARCH_PHYS_ADDR_T_64BIT is not set
    • -
> CONFIG_X86_PAE=y > CONFIG_ARCH_PHYS_ADDR_T_64BIT=y 316c338 < # CONFIG_PHYS_ADDR_T_64BIT is not set
    • -
> CONFIG_PHYS_ADDR_T_64BIT=y 817a840 > # CONFIG_NET_CLS_CGROUP is not set 1449a1473 > CONFIG_I2O_EXT_ADAPTEC_DMA64=y 1993c2017 < # CONFIG_DEVPTS_MULTIPLE_INSTANCES is not set
    • -
> CONFIG_DEVPTS_MULTIPLE_INSTANCES=y 3516d3539 < # CONFIG_ASYNC_TX_DMA is not set 3906c3929 < # CONFIG_SECURITY_FILE_CAPABILITIES is not set
    • -
> CONFIG_SECURITY_FILE_CAPABILITIES=y

cgroup を有効に

# mkdir /cgroup
# mount -t cgroup cgroup /cgroup

最小限の機能のコンテナを作製

コンテナ内で sshd が動く最小限のものを作ってみます.まず,ホストで動いている sshd を停止します.

bash-3.2# lxc-sshd create
What is the container name ? [sshd] 
What hostname do you wish for this container ? [sshd] 
What IP address do you wish for this container ? [172.20.0.20/24] 192.168.0.8/24
no configuration path defined !
Done.

You can run your container with: 
	'lxc-execute -n sshd /usr/sbin/sshd &'

bash-3.2# lxc-execute -n sshd /usr/sbin/sshd &
[1] 5906
bash-3.2# lxc-info -n sshd
'sshd' is RUNNING

母艦で ps でみると,

bash-3.2# ps aux | grep sshd
root      5885  0.0  0.0   1772   628 pts/0    S    19:14   0:00 lxc-execute -n sshd /usr/sbin/sshd
root      5886  0.0  0.0   1772   452 pts/0    S    19:14   0:00 /usr/libexec/lxc-init -- /usr/sbin/sshd
root      5888  0.0  0.0   3800   968 ?        Ss   19:14   0:00 /usr/sbin/sshd
root      5899  0.0  0.0   2952   864 pts/0    R+   19:15   0:00 grep sshd

コンテナ内に入るために ssh ログインすると,

bash-3.2# slogin localhost
Password: 
Last login: Tue Dec 15 18:58:40 2009 from localhost
Linux 2.6.31.6-plamoSMP-PAE-2 (Plamo-4.7) #8 SMP PREEMPT Tue Dec 15 14:22:54 JST 2009
enterprise:~# ps ax
  PID TTY      STAT   TIME COMMAND
    1 pts/0    S+     0:00 /usr/libexec/lxc-init -- /usr/sbin/sshd
    3 ?        Ss     0:00 /usr/sbin/sshd
    4 ?        Ss     0:00 sshd: root@pts/3 
    7 pts/3    Ss     0:00 -bash
   17 pts/3    R+     0:00 ps ax

と,これだけしかプロセスが見えません.

本当はコンテナにもアドレスを与えて実験しないとダメですが,とりあえずこんな手抜きで.

停止

bash-3.2# lxc-stop -n sshd
[1]+  Exit 137                lxc-execute -n sshd /usr/sbin/sshd
bash-3.2# lxc-info -n sshd
'sshd' is STOPPED