Shulou(Shulou.com)06/01 Report--

This article mainly explains "what are the basic commands of Linux Container". Friends who are interested may wish to have a look at it. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn "what are the basic orders of Linux Container"?

What can lxc do:

You can bind specific cpu and memory to the container, allocate a specific proportion of cpu time and IO time, limit the amount of memory (including memory and swap space) that can be used, provide device access control, and provide independent namespace (network, pid, ipc, mnt, uts).

The default lxc configuration is to isolate pids (process) sysv ipc (interprocess communication) and mount points. If you want to run sshd, you must provide a new network stack and hostname, and if you want to avoid file conflicts, you need to remount the conflicting files to a different place. If you want to avoid all conflicts, you need to remount a file system.

Implementation of lxc:

LXC is an open source project on Sourceforge, but the LXC project itself is just a toolset that provides users with a user space to use and manage LXC containers. The real implementation of LXC depends on the relevant features of the Linux kernel, which is just integrated by the LXC project. Container-based virtualization technology originates from the so-called resource containers and security containers.

LXC relies on the cgroups subsystem of the Linux kernel for resource management. The cgroups subsystem is a process group-based resource management framework provided by the Linux kernel, which can limit the resources that can be used for specific process groups. LXC relies on the namespace feature of the Linux kernel for isolation control, specifically by adding the corresponding flag (NEWNS NEWPID, etc.) to the clone.

Common lxc commands use:

Lxc-version is used to display the version number of the system LXC (you can use this command to determine whether the system has lxc installed)

Usage: lxc-version

For example:

The code is as follows:

Lxc-version

Lxc-checkconfig is used to determine whether the linux kernel supports LXC.

Usage: lxc-checkconfig

For example:

The code is as follows:

Lxc-checkconfig

Lxc-create is used to create a container

Usage: lxc-create-n name [- f config_file]

-n followed by the name of the container to be created, for example:-n foo

-f followed by the path to the container configuration file

Note: 1. Containers created with lxc-create will not be destroyed after they are stopped, but can only be destroyed using the lxc-destroy command.

two。 The container command space is global. A container with the same name is not allowed in the system. If-n is followed by an existing container name, the creation will fail.

For example:

The code is as follows:

Lxc-create-- n foo-- f foo.conf

Lxc-execute is used to execute applications in a container

Usage: lxc-execute-n name [- f config_file] [- s KEY=VAL] command

-n is followed by a container name (container name is used to manage containers) for example:-n foo

-f is followed by the path to the container configuration file (if there is no configuration file, you can directly specify the configuration option with-s, if there is nothing, the system uses the default policy) for example:-f foo.conf

-s is followed by a configuration key-value pair such as: lxc.cgroup.cpu.shares=512

Command is the command to be executed for example: / bin/bash

This command will mount / proc and automatically create / destroy the container.

Note: 1. If the container does not already exist, lxc-execute will automatically create one, and the container will be automatically destroyed when it stops running.

two。 Start the application with lxc-execute and configure the priority as follows:

If you specify the-f option, the configuration file that previously created the container (if the container already exists) will not be used

If the-s option is specified, the configuration key-value pair on the command line overwrites the same configuration file (whether previously or-f specified)

For example:

The code is as follows:

Lxc-execute-- n foo-- s lxc.cgroup.cpu.shares=512 / bin/bash

Use practical examples:

The code is as follows:

Lxc-execute-n test / bin/bash

This launches a lxc and gives a similar cmd window. The network is shared with the operating system, and it seems that just a namespace has been created.

If-f is not specified, the default isolation will be used when you need a quick program to run in an isolated environment. Lxc-init runs on both the physical machine and the container. On the host, this program is used to forward the lxc-kill signal to the program that has been started. In container, the program's pid is 1, it will fork the command to be executed (pid is 2) and execute it.

Lxc-start is used to execute a given command in a container

Usage: lxc-start-n name [- f config_file] [- c console_file] [- d] [- s KEY=VAL]

[command]

-d executes the container as a daemon

-f followed by configuration file

-c specifies a file as the output of the container console, if not specified, to the terminal

-s specify configuration

If no command is specified, lxc-start will run / sbin/init

For example:

The code is as follows:

Lxc-start-n foo-f foo.conf-d / bin/bash

Note: 1. If the container does not already exist, lxc-start will automatically create one, and the container will be automatically destroyed when it stops running.

2.lxc-start configuration priority is the same as lxc-execute

Similarities and differences between 3.lxc-start and lxc.execute:

Both lxc-start and lxc-execute can start a process in a container. The difference is that lxc-start creates a process directly. Lxc-execute first creates a lxc-init process, and then fork a process to execute it in lxc-init. With regard to point 4, what kind of position does lxc-init occupy?

The orphan process group and daemon are not supported by this command

Use the lxc-execute command instead

If no command is specified, lxc-start will use the default "/ sbin/init"

Command to run a system container.

4.lxc-start is used to launch system,lxc-execute in the container to execute applications in the container.

Lxc-kill sends a signal to the first user process in the container (process number 2 inside the container)

Usage: lxc-kil-n name SIGNUM

-n followed by container name

SIGNUM signal (this parameter is optional, default SIGKILL)

For example:

The code is as follows:

Lxc-kill-n foo

Lxc-stop is used to stop all processes in the container

Usage: lxc-stop-n name

-n followed by the name of the container to be stopped

For example:

The code is as follows:

Lxc-stop-- n foo

Lxc-destroy is used to destroy containers

Usage: lxc-destroy-n name

-n followed by the name of the container to be stopped

For example:

The code is as follows:

Lxc-destroy-- n foo

Lxc-cgroup is used to get or adjust parameters related to cgroup

Usage: lxc-cgroup-n name subsystem value

-n followed by the name of the container to be adjusted

For example:

The code is as follows:

Lxc-cgroup-n foo devices.list

Lxc-cgroup-n foo cpuset.cpus "0Pol 3"

Lxc-info users get the status of a container

Usage: lxc-info-n name

-n followed by the name of the container for the operation

For example:

The code is as follows:

Lxc-info-- n foo

Note: the status of the container is: STARTING RUNNING STOPPING STOPPED ABORTING

Lxc-monitor monitors the transition of the state of a container. When the state of a container changes, this command prints the status of the container on the screen.

Usage: lxc-monitor-n name

For example:

The code is as follows:

Lxc-monitor-n foo

Lxc-ls lists all the containers in the current system

Usage: lxc-ls

For example:

The code is as follows:

Lxc-ls

Lxc-ps lists the processes running in a specific container

Usage: lxc-ps

For example:

The code is as follows:

Lxc-ps-n foo

View and adjust the priority of containers

The code is as follows:

Lxc-priority-n name

Lxc-priority-n name-p priority

Continuously observe the status and priority changes of the container:

The code is as follows:

Lxc-monitor-n name

LXC uses the cgroup file system to manage containers. Parts of the cgroup file system can be read and manipulated through LXC. To manage the use of cpu by each container, you can do this by reading and adjusting the container's cpu.shares:

The code is as follows:

Lxc-cgroup-n name cpu.shares

Lxc-cgroup-n name cpu.shares howmany

Pause and resume

[/ code] lxc-freeze-n name

Lxc-unfreeze-n name [/ code]

Stop it

Stopping a container will cause all processes started in that container to die and clean the container:

The code is as follows:

Lxc-stop-n name

Destroy

To destroy a container is to delete the configuration files and metadata associated with the name through the lxc-create step:

The code is as follows:

Lxc-destroy-n name

At this point, I believe you have a deeper understanding of "what are the basic commands of Linux Container". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.