Shulou(Shulou.com)06/01 Report--

Today, I will talk to you about the principle of container technology in Linux, which may not be well understood by many people. in order to make you understand better, the editor has summarized the following content for you. I hope you can get something according to this article.

1.1 isolation and sharing

Run multiple logically isolated server processes in a multiplayer development environment or a server. One's operating environment does not want to affect the other. That is, a physical machine needs to virtualize multiple environments or containers. By providing a way to create and enter the container, the operating system makes the application run as if it were on a separate machine, but can share many underlying resources.

1.2 Virtualized vs container

Traditional virtualization technology is implemented through hardware simulation or operating system software, while container technology can be more lightweight than traditional virtualization.

While providing isolation, containers also save money by sharing these resources, which means that containers have much less overhead than true virtualization. For example, you can effectively share the page cache of common files, such as glibc, because all containers use the same kernel, and all containers often share the same libc library (depending on the container configuration). This sharing can often be extended to other files in the directory that do not need to be written.

Compared with traditional virtualization, containers start quickly, because of sharing system resources, a host can run thousands of containers, and container images are similar to git distribution ideas, users are easier to create, distribute, update and store these images.

1.3 previous and present lives

This life is the era of the docker pandemic, and the previous life is the chroot tool that dates back to 1982, and the lxc technology that has been improved and is still in use. The early code implementation of docker was based on LXC (prior to 0. 9).

The function of Linux container is based on cgroups and Namespace. Therefore, to understand the Linux container, you must first understand cgroup and Namespace.

2.1and cgroups (control group)

Cgroups is a kernel function that manages processes in groups. Through cgroups, you can isolate the process, and at the same time control the resource consumption (CPU, memory, etc.) of the process to limit the physical resources at the bottom of the operating system, playing the role of Container. The cpu resources available to the process are specified by cpuset.

2.2, Namespace (namespace)

Namespace allows each process group to have its own PID, IPC and cyberspace. Namespace is implemented through clone system calls.

The third parameter flags of the clone system call divides resources by setting Namespace.

LXC relies on the installation of epel-release, and EPEL (Extra Packages for Enterprise Linux) is a project built by the Fedora community to provide high-quality software packages, the equivalent of a third-party source.

Yum install epel-release-y

Then install the LXC-related toolkits and the template lxc-templates needed to create the container

Yum install lxc lxc-templates-y

After installation, use lxc-checkconfig to check the operating system's support for container technology

3.1 Overview of LXC toolkits

All the operating tools of LXC api are here, and you can operate on LXC accordingly.

3.2 create a container

Create a container using a predefined template. It automatically downloads the dependent environment package and installs it according to the template settings.

Lxc-create-n container name-t template (no lxc required) lxc-create-n mariolu-console-t centos

The template is the lxc-templates toolkit installed in section 3. All templates are placed in this directory / usr/share/lxc/templates/

Like chroot, after installing the container, all host folder roots are redefined to / var/lib/lxc/mariolu-console

3.3 start the container

Just like after installing the machine, we have to boot up and start the server. Lxc also has corresponding steps.

Lxc-start-n mariolu-console

But we soon found out that you need a password to start, but you don't enter a password to create a container. Is there a default password?

You can't see the root password, the password is either replaced by an x character, or a string of hash codes.

Cat / var/lib/lxc/mariolu-console/rootfs/etc/shadow chroot / var/lib/lxc/mariolu-console/rootfs passwd

A web search did not find the default password, but found the following sentence:

The root password is set up as expired and will require it to be changedat first login, which you should do as soon as possible. If you lose the root password or wish to change it without starting the container, you can change it from the host by running the following command (which will also reset the expired flag)

Chroot / var/lib/lxc/sspl-test/rootfs passwd

YES! Give Me Five! This command tells us to reset the password. We open a new window, complete the password reset, and then switch back to the original window, at this time we can log in happily with the password.

After reading the above, do you have any further understanding of the principle of container technology in Linux? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.