== create == * mit lvm *: * ohne lvm *: == start == * start *: == stop == * stop *: == config ==
## network lxc.network.type = veth lxc.network.link = br0 lxc.network.name = eth0 lxc.network.hwaddr = 00:00:c3:d2:00:23 lxc.network.veth.pair = br0_== console == ===lxc.network.flags = up lxc.network.type = veth lxc.network.link = br1 lxc.network.name = eth1 lxc.network.hwaddr = 00:00:c3:d2:01:23 lxc.network.veth.pair = br1_ lxc.network.flags = up ## Container lxc.utsname = lxc.rootfs = /var/lib/lxc/ /rootfs lxc.arch = x86_64 #lxc.console = /var/log/lxc/ .console lxc.tty = 2 lxc.pts = 1024 ## Capabilities lxc.cap.drop = audit_control lxc.cap.drop = audit_write lxc.cap.drop = linux_immutable lxc.cap.drop = mac_admin lxc.cap.drop = mac_override lxc.cap.drop = setpcap lxc.cap.drop = sys_admin lxc.cap.drop = sys_boot lxc.cap.drop = sys_module lxc.cap.drop = sys_pacct lxc.cap.drop = sys_rawio lxc.cap.drop = sys_time ## Devices # Allow all devices #lxc.cgroup.devices.allow = a # Deny all devices lxc.cgroup.devices.deny = a # Allow to mknod all devices (but not using them) lxc.cgroup.devices.allow = c *:* m lxc.cgroup.devices.allow = b *:* m # /dev/console lxc.cgroup.devices.allow = c 5:1 rwm # /dev/null lxc.cgroup.devices.allow = c 1:3 rwm # /dev/ptmx lxc.cgroup.devices.allow = c 5:2 rwm # /dev/pts/* lxc.cgroup.devices.allow = c 136:* rwm # /dev/random lxc.cgroup.devices.allow = c 1:8 rwm # /dev/rtc lxc.cgroup.devices.allow = c 254:0 rwm # /dev/tty lxc.cgroup.devices.allow = c 5:0 rwm # tty0 lxc.cgroup.devices.allow = c 4:0 rwm # tty1 lxc.cgroup.devices.allow = c 4:1 rwm # /dev/urandom lxc.cgroup.devices.allow = c 1:9 rwm # /dev/zero lxc.cgroup.devices.allow = c 1:5 rwm # tun lxc.cgroup.devices.allow = c 10:200 rwm ## Limits lxc.cgroup.cpu.shares = 1024 lxc.cgroup.cpuset.cpus = 0 lxc.cgroup.memory.limit_in_bytes = 256M lxc.cgroup.memory.memsw.limit_in_bytes = 1G ## Filesystem lxc.mount.entry = proc proc proc ro,nodev,noexec,nosuid 0 0 lxc.mount.entry = sysfs sys sysfs ro 0 0
''''/etc/inittab
===
# /sbin/getty invocations for the runlevels. # # The "id" field MUST be the same as the last # characters of the device (after "tty"). # # Format: #===lxc-console=== * VMs auflisten: *: * an VM attachen: *: * Von Konsole detachen: *: im screen: *:: {{Taste|Ctrl}}+{{Taste|a}}{{Taste|a}}{{Taste|q}} *: ohne screen: *:: {{Taste|Ctrl}}+{{Taste|a}}{{Taste|q}} == debian 8 (jessie/systemd lxc) == z.b wheezy container upgrade auf jessie lxc - config im rootfs container: https://wiki.archlinux.org/index.php/Lxc-systemd https://github.com/lxc/lxc/commit/a9bf60bab547013a9873a3fb9efe61155e8694b8 https://wiki.debian.org/LXC#Debian_8_.22Jessie.22.2Ftesting === frickeln === https://gist.github.com/peo3/1142202 == LXC on ZFS (flatbert) == ; Container erstellen: debian lxc bootstrap : neues dataset : lxc Container verschieben : : lxc Container Config kopieren : lxc Container Config anpassen :: : : # # Note that on most Debian systems tty7 is used by the X Window System, # so if you want to add more getty's go ahead but skip tty7 if you run X. # c1:2345:respawn:/sbin/getty 38400 tty1 #1:2345:respawn:/sbin/getty 38400 tty1 #2:23:respawn:/sbin/getty 38400 tty2 #3:23:respawn:/sbin/getty 38400 tty3 #4:23:respawn:/sbin/getty 38400 tty4 #5:23:respawn:/sbin/getty 38400 tty5 #6:23:respawn:/sbin/getty 38400 tty6 # console 1:12345:respawn:/sbin/agetty --noclear 115200 console linux
### ### namen, pfade, mac adresse, cap, rootfs pfad ### # ### LXC - jessie/systemd hacks // ### lxc.autodev = 1 lxc.kmsg = 0 lxc.cap.drop=mac_admin mac_override setfcap setpcap sys_boot sys_module sys_pacct sys_rawio sys_resource sys_time sys_tty_config # lxc.pts = 1024 ### // LXC - jessie/systemd hacks ### #lxc autostart (reboot safe) : : lxc link zum rpool dataset : : lxc / debian jessie upgrade sources.list : lxc starten : lxc wheezy auf jessie upgraden (ohne systemd) : == LXC Debian 7 (Wheezy) Container Upgrade auf Debian 8 (Jessie) mit sysvinit == Container läuft mit Wheezy lxc capabilities anpassen und container restarten nachschauen ob noch alte interfaces active sind und ggf. abwarten bis die alten interface ressourcen "freigegeben" sind (nicht mehr auftauchen) Container neustarten: Repo anpassen Container Upgrade Container Dist-Upgrade Container von systemd auf sysvinit-core umstellen Container neustarten: Container mit Jessie Bei Fehler: dann ein: == Debian 8 (Jessie) HOST mit Debian 8 (Jessie) LXC und sytemd (systemd-sysv) == LXC Container capabilities für systemd anpassen udev (im container) disablen That's it