Lxc: Unterschied zwischen den Versionen
Aus Vosp.info
V (Diskussion | Beiträge) |
V (Diskussion | Beiträge) (→lxc beschränken CPU & MEMORY) |
||
(27 dazwischenliegende Versionen von 3 Benutzern werden nicht angezeigt) | |||
Zeile 1: | Zeile 1: | ||
+ | |||
+ | |||
+ | |||
== LXC Notizen == | == LXC Notizen == | ||
+ | * [[ LXC auf Ubuntu 14.04-2 LTS ]] | ||
+ | * [[ LXC auf CentOS 7 ]] | ||
+ | * [[ LXC Routed Setup 2019]] | ||
=== Host Allgemein === | === Host Allgemein === | ||
==== Passwort im Container setzen ==== | ==== Passwort im Container setzen ==== | ||
Passwörter können vom Host aus bequem mit chroot gesetzt werden | Passwörter können vom Host aus bequem mit chroot gesetzt werden | ||
<source lang="bash"> | <source lang="bash"> | ||
− | cd /var/lib/lxc/CONTAINER | + | cd /var/lib/lxc/CONTAINER |
− | chroot rootfs /bin/bash | + | chroot rootfs /bin/bash |
− | passwd | + | passwd |
</source> | </source> | ||
Zeile 12: | Zeile 18: | ||
Die Netzwerkeinstellungen und der Hostname des Containers können automatischüber die config erzeugt werden | Die Netzwerkeinstellungen und der Hostname des Containers können automatischüber die config erzeugt werden | ||
Im Container: | Im Container: | ||
− | <source lang="bash"> | + | <source lang="bash"> |
− | rm /etc/network/interfaces | + | rm /etc/network/interfaces |
− | rm /etc/hostname | + | rm /etc/hostname |
− | </source> | + | </source> |
In der Containerconfig: | In der Containerconfig: | ||
<source lang="bash"> | <source lang="bash"> | ||
− | vim /var/lib/lxc/CONTAINER/config | + | vim /var/lib/lxc/CONTAINER/config |
− | lxc.network.type = veth | + | lxc.network.type = veth |
− | lxc.network.flags = up | + | lxc.network.flags = up |
− | lxc.network.link = lxcbr0 # Unter Debian benutzen wir br0 | + | lxc.network.link = lxcbr0 # Unter Debian benutzen wir br0 |
− | lxc.network.hwaddr = XX:XX:XX:XX:XX:XX | + | lxc.network.hwaddr = XX:XX:XX:XX:XX:XX |
− | lxc.network.ipv4 = XXX.XXX.XXX.XXX/32 # IP des Containers | + | lxc.network.ipv4 = XXX.XXX.XXX.XXX/32 # IP des Containers |
− | lxc.network.ipv4.gateway = XXX.XXX.XXX.XXX # IP des Hosts | + | lxc.network.ipv4.gateway = XXX.XXX.XXX.XXX # IP des Hosts |
</source> | </source> | ||
Zeile 41: | Zeile 47: | ||
Failed to mount cgroup at /sys/fs/cgroup/systemd: Permission denied | Failed to mount cgroup at /sys/fs/cgroup/systemd: Permission denied | ||
− | vim /var/lib/lxc/CONTAINER/config | + | vim /var/lib/lxc/CONTAINER/config |
− | lxc.kmsg = 0 | + | lxc.kmsg = 0 |
− | lxc.aa_profile = unconfined | + | lxc.aa_profile = unconfined |
+ | |||
+ | </source> | ||
+ | |||
+ | == Installation eines Containers == | ||
+ | |||
+ | <source lang="bash"> | ||
+ | cd /var/lib/lxc | ||
+ | lxc-create -t download -n ncphp73 -- --dist ubuntu --release bionic --arch amd64 | ||
+ | cp /var/lib/lxc/ncphp73/config /var/lib/lxc/ncphp73/config.original20190418 | ||
+ | vim /var/lib/lxc/ncphp73/config | ||
+ | </source> | ||
+ | |||
+ | |||
+ | <source lang="bash"> | ||
+ | lxc-ls -f | ||
+ | lxc-start -n ncphp73 | ||
+ | lxc-ls -f | ||
+ | lxc-attach -n ncphp73 | ||
+ | </source> | ||
+ | === Konfiguration === | ||
+ | <source lang="bash"> | ||
+ | echo "nameserver 8.8.8.8" >> /etc/resolv.conf | ||
+ | |||
+ | vim /etc/bash.bashrc | ||
+ | # bash-completion auskommentieren | ||
+ | </source> | ||
+ | |||
+ | === Installation von Software === | ||
+ | <source lang="bash"> | ||
+ | apt-get update | ||
+ | apt-get install wget bash-completion zip unzip rsync openssh-server openssh-sftp-server | ||
+ | </source> | ||
+ | ==== Ex-Kurs apache mit php 7.3 ==== | ||
+ | <source lang="bash"> | ||
+ | apt-get install software-properties-common | ||
+ | add-apt-repository ppa:ondrej/php | ||
+ | add-apt-repository ppa:ondrej/apache2 | ||
+ | apt-get update | ||
+ | apt-get install php7.3 php7.3-cli php7.3-common | ||
+ | apt-get install imagemagick apache2 libapache2-mod-php7.3 php7.3-cli php7.3 php7.3-common php7.3-imap php7.3-intl php7.3-mysql php7.3-readline php7.3-soap php7.3-zip php7.3-zip php7.3-gd php7.3-xml php7.3-gd php7.3-json php7.3-opcache php-imagick php7.3-curl php7.3-mbstring php7.3-bcmath php7.3-gmp php7.3-zip composer php7.3-curl php7.3-dev php7.3-gd php7.3-mbstring php7.3-zip php7.3-mysql php7.3-xml php7.3-fpm libapache2-mod-php7.3 php7.3-imagick php7.3-recode php7.3-tidy php7.3-xmlrpc php7.3-intl mysql-server-5.7 phpmyadmin apache2-utils | ||
+ | </source> | ||
+ | |||
+ | * [https://wiki.ubuntuusers.de/MySQL/#Besonderheiten-beim-root-Passwort mysql: Besonderheiten beim root Passwort] | ||
+ | |||
+ | === Konfiguration von Software === | ||
+ | |||
+ | <source lang="bash"> | ||
+ | a2enmod ssl | ||
+ | systemctl restart apache2 | ||
+ | |||
+ | </source> | ||
+ | |||
+ | |||
+ | |||
+ | == LXC Probleme == | ||
+ | |||
+ | === apparmor in lxc3 === | ||
+ | |||
+ | ==== Lösung in LXC Host ==== | ||
+ | <source lang=bash> | ||
+ | |||
+ | vim /var/lib/lxc/anc_ox/config | ||
+ | # folgendes muss rein | ||
+ | lxc.apparmor.profile = generated | ||
+ | lxc.apparmor.allow_nesting = 1 | ||
+ | |||
+ | </source> | ||
+ | |||
+ | ==== apache ==== | ||
+ | |||
+ | * Fehlermeldung | ||
+ | <source lang=bash> | ||
+ | systemctl status apache2.service | ||
+ | |||
+ | ● apache2.service - The Apache HTTP Server | ||
+ | Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled) | ||
+ | Active: failed (Result: exit-code) since Wed 2019-12-18 14:58:03 UTC; 1min 19s ago | ||
+ | Docs: https://httpd.apache.org/docs/2.4/ | ||
+ | Process: 204 ExecStart=/usr/sbin/apachectl start (code=exited, status=226/NAMESPACE) | ||
+ | |||
+ | Dec 18 14:58:03 ancox systemd[1]: Starting The Apache HTTP Server... | ||
+ | Dec 18 14:58:03 ancox systemd[204]: apache2.service: Failed to set up mount namespacing: Perm | ||
+ | ission denied | ||
+ | Dec 18 14:58:03 ancox systemd[204]: apache2.service: Failed at step NAMESPACE spawning /usr/s | ||
+ | bin/apachectl: Permission denied | ||
+ | Dec 18 14:58:03 ancox systemd[1]: apache2.service: Control process exited, code=exited, statu | ||
+ | s=226/NAMESPACE | ||
+ | Dec 18 14:58:03 ancox systemd[1]: apache2.service: Failed with result 'exit-code'. | ||
+ | Dec 18 14:58:03 ancox systemd[1]: Failed to start The Apache HTTP Server. | ||
+ | |||
+ | </source> | ||
+ | |||
+ | |||
+ | * Lösung im Lxc Container | ||
+ | <source lang=bash> | ||
+ | vim /etc/systemd/system/multi-user.target.wants/apache2.service | ||
+ | PrivateTmp=true #aus kommentieren | ||
+ | |||
+ | systemctl daemon-reload | ||
+ | systemctl restart apache2.service | ||
+ | |||
+ | </source> | ||
+ | * https://debianforum.de/forum/viewtopic.php?t=173972 | ||
+ | |||
+ | * Lösung in LXC Host | ||
+ | siehe oben [[lxc#Lösung in LXC Host]] | ||
+ | |||
+ | ==== mariadb ==== | ||
+ | |||
+ | * Fehlermeldung | ||
+ | <source lang=bash> | ||
+ | systemctl status mariadb.service | ||
+ | ● mariadb.service - MariaDB 10.3.18 database server | ||
+ | Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled) | ||
+ | Active: failed (Result: exit-code) since Wed 2019-12-18 15:04:01 UTC; 5s ago | ||
+ | Docs: man:mysqld(8) | ||
+ | https://mariadb.com/kb/en/library/systemd/ | ||
+ | Process: 211 ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var/run/mysqld (code=exited, status= | ||
+ | 226/NAMESPACE) | ||
+ | |||
+ | Dec 18 15:04:01 ancox systemd[1]: Starting MariaDB 10.3.18 database server... | ||
+ | Dec 18 15:04:01 ancox systemd[211]: mariadb.service: Failed to set up mount namespacing: Perm | ||
+ | ission denied | ||
+ | Dec 18 15:04:01 ancox systemd[211]: mariadb.service: Failed at step NAMESPACE spawning /usr/b | ||
+ | in/install: Permission denied | ||
+ | Dec 18 15:04:01 ancox systemd[1]: mariadb.service: Control process exited, code=exited, statu | ||
+ | s=226/NAMESPACE | ||
+ | Dec 18 15:04:01 ancox systemd[1]: mariadb.service: Failed with result 'exit-code'. | ||
+ | Dec 18 15:04:01 ancox systemd[1]: Failed to start MariaDB 10.3.18 database server. | ||
+ | </source> | ||
+ | |||
+ | |||
+ | * Lösung im Lxc Container | ||
+ | <source lang=bash> | ||
+ | vim /etc/systemd/system/multi-user.target.wants/mariadb.service | ||
+ | # folgendes erstmal auskommentieren | ||
+ | # ProtectSystem=full | ||
+ | # PrivateDevices=true | ||
+ | # ProtectHome=true | ||
+ | |||
+ | systemctl daemon-reload | ||
+ | systemctl restart mariadb.service | ||
+ | </source> | ||
+ | * https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920643 | ||
+ | |||
+ | * Lösung in LXC Host | ||
+ | siehe oben [[lxc#Lösung in LXC Host]] | ||
+ | |||
+ | |||
+ | == lxc beschränken CPU & MEMORY == | ||
+ | |||
+ | |||
+ | # in lxc Container config | ||
+ | /var/lib/lxc/$CONTAINERNAME/config | ||
+ | <source lang=bash> | ||
+ | # CPUs setzen | ||
+ | lxc.cgroup.cpuset.cpus=1,3 | ||
+ | #Max MEMORY setzen | ||
+ | lxc.cgroup.memory.limit_in_bytes = 8096M | ||
+ | </source> | ||
+ | |||
+ | <source lang=bash> | ||
+ | # Check im Container Anzahl CPU | ||
+ | cat /proc/cpuinfo | grep processor | ||
+ | processor : 0 | ||
+ | processor : 1 | ||
+ | |||
+ | # Check im Container Anzahl MEMORY | ||
+ | free -m | ||
+ | total used free shared buff/cache available | ||
+ | Mem: 8096 373 7706 2 15 7722 | ||
+ | Swap: 0 0 0 | ||
+ | |||
+ | |||
+ | </source> | ||
+ | |||
+ | === unter ubuntu 20.04 === | ||
+ | hat erst funktioniert nach installation von: | ||
+ | <source lang=bash> | ||
+ | apt-get install lxcfs | ||
</source> | </source> |
Aktuelle Version vom 3. November 2020, 12:34 Uhr
Inhaltsverzeichnis
LXC Notizen
Host Allgemein
Passwort im Container setzen
Passwörter können vom Host aus bequem mit chroot gesetzt werden
cd /var/lib/lxc/CONTAINER
chroot rootfs /bin/bash
passwd
Container Allgemein
Die Netzwerkeinstellungen und der Hostname des Containers können automatischüber die config erzeugt werden Im Container:
rm /etc/network/interfaces
rm /etc/hostname
In der Containerconfig:
vim /var/lib/lxc/CONTAINER/config
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = lxcbr0 # Unter Debian benutzen wir br0
lxc.network.hwaddr = XX:XX:XX:XX:XX:XX
lxc.network.ipv4 = XXX.XXX.XXX.XXX/32 # IP des Containers
lxc.network.ipv4.gateway = XXX.XXX.XXX.XXX # IP des Hosts
Host Debian
Host Ubuntu 14.04
Container mit Systemd starten
Anpassen der Config des Containers
Fehlermeldung verursacht von Apparmor:
Failed to mount cgroup at /sys/fs/cgroup/systemd: Permission denied
vim /var/lib/lxc/CONTAINER/config
lxc.kmsg = 0
lxc.aa_profile = unconfined
Installation eines Containers
cd /var/lib/lxc
lxc-create -t download -n ncphp73 -- --dist ubuntu --release bionic --arch amd64
cp /var/lib/lxc/ncphp73/config /var/lib/lxc/ncphp73/config.original20190418
vim /var/lib/lxc/ncphp73/config
lxc-ls -f
lxc-start -n ncphp73
lxc-ls -f
lxc-attach -n ncphp73
Konfiguration
echo "nameserver 8.8.8.8" >> /etc/resolv.conf
vim /etc/bash.bashrc
# bash-completion auskommentieren
Installation von Software
apt-get update
apt-get install wget bash-completion zip unzip rsync openssh-server openssh-sftp-server
Ex-Kurs apache mit php 7.3
apt-get install software-properties-common
add-apt-repository ppa:ondrej/php
add-apt-repository ppa:ondrej/apache2
apt-get update
apt-get install php7.3 php7.3-cli php7.3-common
apt-get install imagemagick apache2 libapache2-mod-php7.3 php7.3-cli php7.3 php7.3-common php7.3-imap php7.3-intl php7.3-mysql php7.3-readline php7.3-soap php7.3-zip php7.3-zip php7.3-gd php7.3-xml php7.3-gd php7.3-json php7.3-opcache php-imagick php7.3-curl php7.3-mbstring php7.3-bcmath php7.3-gmp php7.3-zip composer php7.3-curl php7.3-dev php7.3-gd php7.3-mbstring php7.3-zip php7.3-mysql php7.3-xml php7.3-fpm libapache2-mod-php7.3 php7.3-imagick php7.3-recode php7.3-tidy php7.3-xmlrpc php7.3-intl mysql-server-5.7 phpmyadmin apache2-utils
Konfiguration von Software
a2enmod ssl
systemctl restart apache2
LXC Probleme
apparmor in lxc3
Lösung in LXC Host
vim /var/lib/lxc/anc_ox/config
# folgendes muss rein
lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 1
apache
- Fehlermeldung
systemctl status apache2.service
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2019-12-18 14:58:03 UTC; 1min 19s ago
Docs: https://httpd.apache.org/docs/2.4/
Process: 204 ExecStart=/usr/sbin/apachectl start (code=exited, status=226/NAMESPACE)
Dec 18 14:58:03 ancox systemd[1]: Starting The Apache HTTP Server...
Dec 18 14:58:03 ancox systemd[204]: apache2.service: Failed to set up mount namespacing: Perm
ission denied
Dec 18 14:58:03 ancox systemd[204]: apache2.service: Failed at step NAMESPACE spawning /usr/s
bin/apachectl: Permission denied
Dec 18 14:58:03 ancox systemd[1]: apache2.service: Control process exited, code=exited, statu
s=226/NAMESPACE
Dec 18 14:58:03 ancox systemd[1]: apache2.service: Failed with result 'exit-code'.
Dec 18 14:58:03 ancox systemd[1]: Failed to start The Apache HTTP Server.
- Lösung im Lxc Container
vim /etc/systemd/system/multi-user.target.wants/apache2.service
PrivateTmp=true #aus kommentieren
systemctl daemon-reload
systemctl restart apache2.service
- Lösung in LXC Host
siehe oben lxc#Lösung in LXC Host
mariadb
- Fehlermeldung
systemctl status mariadb.service
● mariadb.service - MariaDB 10.3.18 database server
Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2019-12-18 15:04:01 UTC; 5s ago
Docs: man:mysqld(8)
https://mariadb.com/kb/en/library/systemd/
Process: 211 ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var/run/mysqld (code=exited, status=
226/NAMESPACE)
Dec 18 15:04:01 ancox systemd[1]: Starting MariaDB 10.3.18 database server...
Dec 18 15:04:01 ancox systemd[211]: mariadb.service: Failed to set up mount namespacing: Perm
ission denied
Dec 18 15:04:01 ancox systemd[211]: mariadb.service: Failed at step NAMESPACE spawning /usr/b
in/install: Permission denied
Dec 18 15:04:01 ancox systemd[1]: mariadb.service: Control process exited, code=exited, statu
s=226/NAMESPACE
Dec 18 15:04:01 ancox systemd[1]: mariadb.service: Failed with result 'exit-code'.
Dec 18 15:04:01 ancox systemd[1]: Failed to start MariaDB 10.3.18 database server.
- Lösung im Lxc Container
vim /etc/systemd/system/multi-user.target.wants/mariadb.service
# folgendes erstmal auskommentieren
# ProtectSystem=full
# PrivateDevices=true
# ProtectHome=true
systemctl daemon-reload
systemctl restart mariadb.service
- Lösung in LXC Host
siehe oben lxc#Lösung in LXC Host
lxc beschränken CPU & MEMORY
- in lxc Container config
/var/lib/lxc/$CONTAINERNAME/config
# CPUs setzen
lxc.cgroup.cpuset.cpus=1,3
#Max MEMORY setzen
lxc.cgroup.memory.limit_in_bytes = 8096M
# Check im Container Anzahl CPU
cat /proc/cpuinfo | grep processor
processor : 0
processor : 1
# Check im Container Anzahl MEMORY
free -m
total used free shared buff/cache available
Mem: 8096 373 7706 2 15 7722
Swap: 0 0 0
unter ubuntu 20.04
hat erst funktioniert nach installation von:
apt-get install lxcfs