## network
lxc.network.type = veth
lxc.network.link = br0
lxc.network.name = eth0
lxc.network.hwaddr = 00:00:c3:d2:00:23
lxc.network.veth.pair = br0_
lxc.network.flags = up
lxc.network.type = veth
lxc.network.link = br1
lxc.network.name = eth1
lxc.network.hwaddr = 00:00:c3:d2:01:23
lxc.network.veth.pair = br1_
lxc.network.flags = up
## Container
lxc.utsname =
lxc.rootfs = /var/lib/lxc//rootfs
lxc.arch = x86_64
#lxc.console = /var/log/lxc/.console
lxc.tty = 2
lxc.pts = 1024
## Capabilities
lxc.cap.drop = audit_control
lxc.cap.drop = audit_write
lxc.cap.drop = linux_immutable
lxc.cap.drop = mac_admin
lxc.cap.drop = mac_override
lxc.cap.drop = setpcap
lxc.cap.drop = sys_admin
lxc.cap.drop = sys_boot
lxc.cap.drop = sys_module
lxc.cap.drop = sys_pacct
lxc.cap.drop = sys_rawio
lxc.cap.drop = sys_time
## Devices
# Allow all devices
#lxc.cgroup.devices.allow = a
# Deny all devices
lxc.cgroup.devices.deny = a
# Allow to mknod all devices (but not using them)
lxc.cgroup.devices.allow = c *:* m
lxc.cgroup.devices.allow = b *:* m
# /dev/console
lxc.cgroup.devices.allow = c 5:1 rwm
# /dev/null
lxc.cgroup.devices.allow = c 1:3 rwm
# /dev/ptmx
lxc.cgroup.devices.allow = c 5:2 rwm
# /dev/pts/*
lxc.cgroup.devices.allow = c 136:* rwm
# /dev/random
lxc.cgroup.devices.allow = c 1:8 rwm
# /dev/rtc
lxc.cgroup.devices.allow = c 254:0 rwm
# /dev/tty
lxc.cgroup.devices.allow = c 5:0 rwm
# tty0
lxc.cgroup.devices.allow = c 4:0 rwm
# tty1
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/urandom
lxc.cgroup.devices.allow = c 1:9 rwm
# /dev/zero
lxc.cgroup.devices.allow = c 1:5 rwm
# tun
lxc.cgroup.devices.allow = c 10:200 rwm
## Limits
lxc.cgroup.cpu.shares = 1024
lxc.cgroup.cpuset.cpus = 0
lxc.cgroup.memory.limit_in_bytes = 256M
lxc.cgroup.memory.memsw.limit_in_bytes = 1G
## Filesystem
lxc.mount.entry = proc proc proc ro,nodev,noexec,nosuid 0 0
lxc.mount.entry = sysfs sys sysfs ro 0 0
== console ==
=== ''''/etc/inittab ===
# /sbin/getty invocations for the runlevels.
#
# The "id" field MUST be the same as the last
# characters of the device (after "tty").
#
# Format:
# :::
#
# Note that on most Debian systems tty7 is used by the X Window System,
# so if you want to add more getty's go ahead but skip tty7 if you run X.
#
c1:2345:respawn:/sbin/getty 38400 tty1
#1:2345:respawn:/sbin/getty 38400 tty1
#2:23:respawn:/sbin/getty 38400 tty2
#3:23:respawn:/sbin/getty 38400 tty3
#4:23:respawn:/sbin/getty 38400 tty4
#5:23:respawn:/sbin/getty 38400 tty5
#6:23:respawn:/sbin/getty 38400 tty6
# console
1:12345:respawn:/sbin/agetty --noclear 115200 console linux
===lxc-console===
* VMs auflisten:
*:
* an VM attachen:
*:
* Von Konsole detachen:
*: im screen:
*:: {{Taste|Ctrl}}+{{Taste|a}}{{Taste|a}}{{Taste|q}}
*: ohne screen:
*:: {{Taste|Ctrl}}+{{Taste|a}}{{Taste|q}}
== debian 8 (jessie/systemd lxc) ==
z.b wheezy container upgrade auf jessie
lxc - config
im rootfs container:
https://wiki.archlinux.org/index.php/Lxc-systemd
https://github.com/lxc/lxc/commit/a9bf60bab547013a9873a3fb9efe61155e8694b8
https://wiki.debian.org/LXC#Debian_8_.22Jessie.22.2Ftesting
=== frickeln ===
https://gist.github.com/peo3/1142202
== LXC on ZFS (flatbert) ==
; Container erstellen:
debian lxc bootstrap
:
neues dataset
:
lxc Container verschieben
:
:
lxc Container Config kopieren
:
lxc Container Config anpassen
:
lxc autostart (reboot safe)
:
:
lxc link zum rpool dataset
:
:
lxc / debian jessie upgrade sources.list
:
lxc starten
:
lxc wheezy auf jessie upgraden (ohne systemd)
:
== LXC Debian 7 (Wheezy) Container Upgrade auf Debian 8 (Jessie) mit sysvinit ==
Container läuft mit Wheezy
lxc capabilities anpassen und container restarten
nachschauen ob noch alte interfaces active sind
und ggf. abwarten bis die alten interface ressourcen "freigegeben" sind (nicht mehr auftauchen)
Container neustarten:
Repo anpassen
Container Upgrade
Container Dist-Upgrade
Container von systemd auf sysvinit-core umstellen
Container neustarten:
Container mit Jessie
Bei Fehler:
dann ein:
== Debian 8 (Jessie) HOST mit Debian 8 (Jessie) LXC und sytemd (systemd-sysv) ==
LXC Container capabilities für systemd anpassen
udev (im container) disablen
==upgrade auf systemd lxc container==
=== Container auf Jessie upgrade ===
sobald "Systemdfehler" bei der Installation von dem systemd Package auftaucht, Container stoppen und mit neuer ContainerConfig starten, dann dist-upgrade fortführen
=== Beispiel: systemd kompatible LXC-Config ===
=== systemd reinstall ===
=== udev disable ===
Container neustarten
That's it
== rapid lxc deployment ==
; Siehe: [[rapid-lxc-deployment]]