Lxc: Unterschied zwischen den Versionen

Aus Vosp.info
Wechseln zu:Navigation, Suche
(lxc beschränken CPU & MEMORY)
 
(27 dazwischenliegende Versionen von 3 Benutzern werden nicht angezeigt)
Zeile 1: Zeile 1:
 +
 +
 +
 
== LXC Notizen ==
 
== LXC Notizen ==
 +
* [[ LXC auf Ubuntu 14.04-2 LTS ]]
 +
* [[ LXC auf CentOS 7 ]]
 +
* [[ LXC Routed Setup 2019]]
 
=== Host Allgemein ===
 
=== Host Allgemein ===
 
==== Passwort im Container setzen ====
 
==== Passwort im Container setzen ====
 
  Passwörter können vom Host aus bequem mit chroot gesetzt werden
 
  Passwörter können vom Host aus bequem mit chroot gesetzt werden
 
<source lang="bash">
 
<source lang="bash">
cd /var/lib/lxc/CONTAINER
+
cd /var/lib/lxc/CONTAINER
chroot rootfs /bin/bash
+
chroot rootfs /bin/bash
passwd
+
passwd
 
</source>   
 
</source>   
  
Zeile 12: Zeile 18:
 
  Die Netzwerkeinstellungen und der Hostname des Containers können automatischüber die config erzeugt werden  
 
  Die Netzwerkeinstellungen und der Hostname des Containers können automatischüber die config erzeugt werden  
 
  Im Container:
 
  Im Container:
<source lang="bash">
+
<source lang="bash">
rm /etc/network/interfaces
+
rm /etc/network/interfaces
rm /etc/hostname
+
rm /etc/hostname
</source>
+
</source>
  
 
  In der Containerconfig:
 
  In der Containerconfig:
 
<source lang="bash">
 
<source lang="bash">
vim /var/lib/lxc/CONTAINER/config
+
vim /var/lib/lxc/CONTAINER/config
lxc.network.type = veth
+
lxc.network.type = veth
lxc.network.flags = up
+
lxc.network.flags = up
lxc.network.link = lxcbr0 # Unter Debian benutzen wir br0
+
lxc.network.link = lxcbr0 # Unter Debian benutzen wir br0
lxc.network.hwaddr = XX:XX:XX:XX:XX:XX
+
lxc.network.hwaddr = XX:XX:XX:XX:XX:XX
lxc.network.ipv4 = XXX.XXX.XXX.XXX/32 # IP des Containers
+
lxc.network.ipv4 = XXX.XXX.XXX.XXX/32 # IP des Containers
lxc.network.ipv4.gateway = XXX.XXX.XXX.XXX # IP des Hosts
+
lxc.network.ipv4.gateway = XXX.XXX.XXX.XXX # IP des Hosts
 
</source>
 
</source>
  
Zeile 41: Zeile 47:
 
Failed to mount cgroup at /sys/fs/cgroup/systemd: Permission denied       
 
Failed to mount cgroup at /sys/fs/cgroup/systemd: Permission denied       
  
vim /var/lib/lxc/CONTAINER/config
+
vim /var/lib/lxc/CONTAINER/config
lxc.kmsg = 0
+
lxc.kmsg = 0
lxc.aa_profile = unconfined
+
lxc.aa_profile = unconfined
 +
 
 +
</source>
 +
 
 +
== Installation eines Containers ==
 +
 
 +
<source lang="bash">
 +
cd /var/lib/lxc
 +
lxc-create -t download -n  ncphp73  -- --dist ubuntu --release bionic --arch amd64
 +
cp  /var/lib/lxc/ncphp73/config  /var/lib/lxc/ncphp73/config.original20190418
 +
vim /var/lib/lxc/ncphp73/config
 +
</source>
 +
 
 +
 
 +
<source lang="bash">
 +
lxc-ls -f
 +
lxc-start -n ncphp73
 +
lxc-ls -f
 +
lxc-attach -n ncphp73
 +
</source>
 +
=== Konfiguration ===
 +
<source lang="bash">
 +
echo "nameserver 8.8.8.8" >> /etc/resolv.conf
 +
 
 +
vim /etc/bash.bashrc
 +
# bash-completion auskommentieren
 +
</source>
 +
 
 +
=== Installation von Software ===
 +
<source lang="bash">
 +
apt-get update
 +
apt-get install wget bash-completion zip unzip rsync openssh-server openssh-sftp-server
 +
</source>
 +
==== Ex-Kurs apache mit php 7.3 ====
 +
<source lang="bash">
 +
apt-get install software-properties-common
 +
add-apt-repository ppa:ondrej/php
 +
add-apt-repository ppa:ondrej/apache2
 +
apt-get update
 +
apt-get install php7.3 php7.3-cli php7.3-common
 +
apt-get install imagemagick apache2 libapache2-mod-php7.3 php7.3-cli php7.3 php7.3-common php7.3-imap php7.3-intl php7.3-mysql php7.3-readline php7.3-soap php7.3-zip php7.3-zip php7.3-gd php7.3-xml php7.3-gd php7.3-json php7.3-opcache php-imagick php7.3-curl php7.3-mbstring php7.3-bcmath php7.3-gmp php7.3-zip composer php7.3-curl php7.3-dev php7.3-gd php7.3-mbstring php7.3-zip php7.3-mysql php7.3-xml php7.3-fpm libapache2-mod-php7.3 php7.3-imagick php7.3-recode php7.3-tidy php7.3-xmlrpc php7.3-intl mysql-server-5.7 phpmyadmin apache2-utils
 +
</source>
 +
 
 +
* [https://wiki.ubuntuusers.de/MySQL/#Besonderheiten-beim-root-Passwort mysql: Besonderheiten beim root Passwort]
 +
 
 +
=== Konfiguration von Software ===
 +
 
 +
<source lang="bash">
 +
a2enmod ssl
 +
systemctl restart apache2
 +
 
 +
</source>
 +
 
 +
 
 +
 
 +
== LXC Probleme ==
 +
 
 +
=== apparmor in lxc3 ===
 +
 
 +
==== Lösung in LXC Host ====
 +
<source lang=bash>
 +
 
 +
vim /var/lib/lxc/anc_ox/config
 +
# folgendes muss rein
 +
lxc.apparmor.profile = generated
 +
lxc.apparmor.allow_nesting = 1
 +
 
 +
</source>
 +
 
 +
==== apache ====
 +
 
 +
* Fehlermeldung
 +
<source lang=bash>
 +
systemctl status apache2.service
 +
 
 +
● apache2.service - The Apache HTTP Server
 +
  Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
 +
  Active: failed (Result: exit-code) since Wed 2019-12-18 14:58:03 UTC; 1min 19s ago
 +
    Docs: https://httpd.apache.org/docs/2.4/
 +
  Process: 204 ExecStart=/usr/sbin/apachectl start (code=exited, status=226/NAMESPACE)
 +
 
 +
Dec 18 14:58:03 ancox systemd[1]: Starting The Apache HTTP Server...
 +
Dec 18 14:58:03 ancox systemd[204]: apache2.service: Failed to set up mount namespacing: Perm
 +
ission denied
 +
Dec 18 14:58:03 ancox systemd[204]: apache2.service: Failed at step NAMESPACE spawning /usr/s
 +
bin/apachectl: Permission denied
 +
Dec 18 14:58:03 ancox systemd[1]: apache2.service: Control process exited, code=exited, statu
 +
s=226/NAMESPACE
 +
Dec 18 14:58:03 ancox systemd[1]: apache2.service: Failed with result 'exit-code'.
 +
Dec 18 14:58:03 ancox systemd[1]: Failed to start The Apache HTTP Server.
 +
 
 +
</source>
 +
 
 +
 
 +
* Lösung im Lxc Container
 +
<source lang=bash>
 +
vim /etc/systemd/system/multi-user.target.wants/apache2.service
 +
PrivateTmp=true #aus kommentieren
 +
 
 +
systemctl daemon-reload
 +
systemctl restart  apache2.service
 +
 
 +
</source>
 +
* https://debianforum.de/forum/viewtopic.php?t=173972
 +
 
 +
* Lösung in LXC Host
 +
siehe oben [[lxc#Lösung in LXC Host]]
 +
 
 +
==== mariadb ====
 +
 
 +
* Fehlermeldung
 +
<source lang=bash>
 +
systemctl status mariadb.service
 +
● mariadb.service - MariaDB 10.3.18 database server
 +
  Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled)
 +
  Active: failed (Result: exit-code) since Wed 2019-12-18 15:04:01 UTC; 5s ago
 +
    Docs: man:mysqld(8)
 +
          https://mariadb.com/kb/en/library/systemd/
 +
  Process: 211 ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var/run/mysqld (code=exited, status=
 +
226/NAMESPACE)
 +
 
 +
Dec 18 15:04:01 ancox systemd[1]: Starting MariaDB 10.3.18 database server...
 +
Dec 18 15:04:01 ancox systemd[211]: mariadb.service: Failed to set up mount namespacing: Perm
 +
ission denied
 +
Dec 18 15:04:01 ancox systemd[211]: mariadb.service: Failed at step NAMESPACE spawning /usr/b
 +
in/install: Permission denied
 +
Dec 18 15:04:01 ancox systemd[1]: mariadb.service: Control process exited, code=exited, statu
 +
s=226/NAMESPACE
 +
Dec 18 15:04:01 ancox systemd[1]: mariadb.service: Failed with result 'exit-code'.
 +
Dec 18 15:04:01 ancox systemd[1]: Failed to start MariaDB 10.3.18 database server.
 +
</source>
 +
 
 +
 
 +
* Lösung im Lxc Container
 +
<source lang=bash>
 +
vim /etc/systemd/system/multi-user.target.wants/mariadb.service
 +
# folgendes erstmal auskommentieren
 +
# ProtectSystem=full
 +
# PrivateDevices=true
 +
# ProtectHome=true
 +
 
 +
systemctl daemon-reload
 +
systemctl restart mariadb.service
 +
</source>
 +
* https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920643
 +
 
 +
* Lösung in LXC Host
 +
siehe oben [[lxc#Lösung in LXC Host]]
 +
 
 +
 
 +
== lxc beschränken CPU & MEMORY ==
 +
 
 +
 
 +
# in lxc Container config
 +
/var/lib/lxc/$CONTAINERNAME/config
 +
<source lang=bash>
 +
# CPUs setzen
 +
lxc.cgroup.cpuset.cpus=1,3
 +
#Max MEMORY setzen
 +
lxc.cgroup.memory.limit_in_bytes = 8096M
 +
</source>
 +
 
 +
<source lang=bash>
 +
# Check im Container Anzahl CPU
 +
cat /proc/cpuinfo | grep processor
 +
processor      : 0
 +
processor      : 1
 +
 
 +
# Check im Container Anzahl MEMORY
 +
free -m
 +
              total        used        free      shared  buff/cache  available
 +
Mem:          8096        373        7706          2          15        7722
 +
Swap:            0          0          0
 +
 
 +
 
 +
</source>
 +
 
 +
=== unter ubuntu 20.04 ===
 +
hat erst funktioniert nach installation von:
  
 +
<source lang=bash>
 +
apt-get install lxcfs
 
</source>
 
</source>

Aktuelle Version vom 3. November 2020, 12:34 Uhr


LXC Notizen

Host Allgemein

Passwort im Container setzen

Passwörter können vom Host aus bequem mit chroot gesetzt werden
 cd /var/lib/lxc/CONTAINER
 chroot rootfs /bin/bash
 passwd

Container Allgemein

Die Netzwerkeinstellungen und der Hostname des Containers können automatischüber die config erzeugt werden 
Im Container:
 rm /etc/network/interfaces
 rm /etc/hostname
In der Containerconfig:
 vim /var/lib/lxc/CONTAINER/config
 lxc.network.type = veth
 lxc.network.flags = up
 lxc.network.link = lxcbr0 # Unter Debian benutzen wir br0
 lxc.network.hwaddr = XX:XX:XX:XX:XX:XX
 lxc.network.ipv4 = XXX.XXX.XXX.XXX/32 # IP des Containers
 lxc.network.ipv4.gateway = XXX.XXX.XXX.XXX # IP des Hosts

Host Debian

Host Ubuntu 14.04

Container mit Systemd starten

Anpassen der Config des Containers
Fehlermeldung verursacht von Apparmor:
Failed to mount cgroup at /sys/fs/cgroup/systemd: Permission denied       

 vim /var/lib/lxc/CONTAINER/config
 lxc.kmsg = 0
 lxc.aa_profile = unconfined

Installation eines Containers

cd /var/lib/lxc
lxc-create -t download -n  ncphp73  -- --dist ubuntu --release bionic --arch amd64
cp  /var/lib/lxc/ncphp73/config  /var/lib/lxc/ncphp73/config.original20190418
vim /var/lib/lxc/ncphp73/config


lxc-ls -f
lxc-start -n ncphp73 
lxc-ls -f
lxc-attach -n ncphp73

Konfiguration

echo "nameserver 8.8.8.8" >> /etc/resolv.conf

vim /etc/bash.bashrc 
# bash-completion auskommentieren

Installation von Software

apt-get update
apt-get install wget bash-completion zip unzip rsync openssh-server openssh-sftp-server

Ex-Kurs apache mit php 7.3

apt-get install software-properties-common
add-apt-repository ppa:ondrej/php
add-apt-repository ppa:ondrej/apache2
apt-get update 
apt-get install php7.3 php7.3-cli php7.3-common
apt-get install imagemagick apache2 libapache2-mod-php7.3 php7.3-cli php7.3 php7.3-common php7.3-imap php7.3-intl php7.3-mysql php7.3-readline php7.3-soap php7.3-zip php7.3-zip php7.3-gd php7.3-xml php7.3-gd php7.3-json php7.3-opcache php-imagick php7.3-curl php7.3-mbstring php7.3-bcmath php7.3-gmp php7.3-zip composer php7.3-curl php7.3-dev php7.3-gd php7.3-mbstring php7.3-zip php7.3-mysql php7.3-xml php7.3-fpm libapache2-mod-php7.3 php7.3-imagick php7.3-recode php7.3-tidy php7.3-xmlrpc php7.3-intl mysql-server-5.7 phpmyadmin apache2-utils

Konfiguration von Software

a2enmod ssl
systemctl restart apache2


LXC Probleme

apparmor in lxc3

Lösung in LXC Host

vim /var/lib/lxc/anc_ox/config
# folgendes muss rein
lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 1

apache

  • Fehlermeldung
systemctl status apache2.service

● apache2.service - The Apache HTTP Server
   Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Wed 2019-12-18 14:58:03 UTC; 1min 19s ago
     Docs: https://httpd.apache.org/docs/2.4/
  Process: 204 ExecStart=/usr/sbin/apachectl start (code=exited, status=226/NAMESPACE)

Dec 18 14:58:03 ancox systemd[1]: Starting The Apache HTTP Server...
Dec 18 14:58:03 ancox systemd[204]: apache2.service: Failed to set up mount namespacing: Perm
ission denied
Dec 18 14:58:03 ancox systemd[204]: apache2.service: Failed at step NAMESPACE spawning /usr/s
bin/apachectl: Permission denied
Dec 18 14:58:03 ancox systemd[1]: apache2.service: Control process exited, code=exited, statu
s=226/NAMESPACE
Dec 18 14:58:03 ancox systemd[1]: apache2.service: Failed with result 'exit-code'.
Dec 18 14:58:03 ancox systemd[1]: Failed to start The Apache HTTP Server.


  • Lösung im Lxc Container
vim /etc/systemd/system/multi-user.target.wants/apache2.service
PrivateTmp=true #aus kommentieren 

systemctl daemon-reload
systemctl restart  apache2.service
  • Lösung in LXC Host

siehe oben lxc#Lösung in LXC Host

mariadb

  • Fehlermeldung
systemctl status mariadb.service
● mariadb.service - MariaDB 10.3.18 database server
   Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Wed 2019-12-18 15:04:01 UTC; 5s ago
     Docs: man:mysqld(8)
           https://mariadb.com/kb/en/library/systemd/
  Process: 211 ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var/run/mysqld (code=exited, status=
226/NAMESPACE)

Dec 18 15:04:01 ancox systemd[1]: Starting MariaDB 10.3.18 database server...
Dec 18 15:04:01 ancox systemd[211]: mariadb.service: Failed to set up mount namespacing: Perm
ission denied
Dec 18 15:04:01 ancox systemd[211]: mariadb.service: Failed at step NAMESPACE spawning /usr/b
in/install: Permission denied
Dec 18 15:04:01 ancox systemd[1]: mariadb.service: Control process exited, code=exited, statu
s=226/NAMESPACE
Dec 18 15:04:01 ancox systemd[1]: mariadb.service: Failed with result 'exit-code'.
Dec 18 15:04:01 ancox systemd[1]: Failed to start MariaDB 10.3.18 database server.


  • Lösung im Lxc Container
vim /etc/systemd/system/multi-user.target.wants/mariadb.service 
# folgendes erstmal auskommentieren
# ProtectSystem=full
# PrivateDevices=true
# ProtectHome=true

systemctl daemon-reload
systemctl restart mariadb.service
  • Lösung in LXC Host

siehe oben lxc#Lösung in LXC Host


lxc beschränken CPU & MEMORY

  1. in lxc Container config
/var/lib/lxc/$CONTAINERNAME/config
# CPUs setzen
lxc.cgroup.cpuset.cpus=1,3
#Max MEMORY setzen
lxc.cgroup.memory.limit_in_bytes = 8096M
# Check im Container Anzahl CPU
cat /proc/cpuinfo | grep processor
processor       : 0
processor       : 1

# Check im Container Anzahl MEMORY
free -m
              total        used        free      shared  buff/cache   available
Mem:           8096         373        7706           2          15        7722
Swap:             0           0           0

unter ubuntu 20.04

hat erst funktioniert nach installation von:

apt-get install lxcfs