c3d2-wiki/LXC.mw

== create ==

* mit lvm
*: <source lang="bash">lxc-create -n<container-name> -t <template> -B lvm --lvname <container-name> --vgname <volumen-gruppen-name> --fstype <filesystem-type> --fssize <filesystem-größe></source>

* ohne lvm
*: <source lang="bash">lxc-create -n<container-name> -t <template></source>

== start ==

* start
*: <source lang="bash">lxc-start -n<container-name> -f</path/to/config/file> -d</source>

== stop ==

* stop
*: <source lang="bash">lxc-stop -n<container-name></source>

== config ==

<pre>
## network
lxc.network.type                        = veth
lxc.network.link                        = br0
lxc.network.name                        = eth0
lxc.network.hwaddr                      = 00:00:c3:d2:00:23
lxc.network.veth.pair                   = br0_<container-name>
lxc.network.flags                       = up

lxc.network.type                        = veth
lxc.network.link                        = br1
lxc.network.name                        = eth1
lxc.network.hwaddr                      = 00:00:c3:d2:01:23
lxc.network.veth.pair                   = br1_<container-name>
lxc.network.flags                       = up

## Container
lxc.utsname                             = <container-name>
lxc.rootfs                              = /var/lib/lxc/<container-name>/rootfs
lxc.arch                                = x86_64
#lxc.console                            = /var/log/lxc/<container-name>.console
lxc.tty                                 = 2
lxc.pts                                 = 1024

## Capabilities
lxc.cap.drop                            = audit_control
lxc.cap.drop                            = audit_write
lxc.cap.drop                            = linux_immutable
lxc.cap.drop                            = mac_admin
lxc.cap.drop                            = mac_override
lxc.cap.drop                            = setpcap
lxc.cap.drop                            = sys_admin
lxc.cap.drop                            = sys_boot
lxc.cap.drop                            = sys_module
lxc.cap.drop                            = sys_pacct
lxc.cap.drop                            = sys_rawio
lxc.cap.drop                            = sys_time

## Devices
# Allow all devices
#lxc.cgroup.devices.allow               = a

# Deny all devices
lxc.cgroup.devices.deny                 = a

# Allow to mknod all devices (but not using them)
lxc.cgroup.devices.allow                = c *:* m
lxc.cgroup.devices.allow                = b *:* m

# /dev/console
lxc.cgroup.devices.allow                = c 5:1 rwm
# /dev/null
lxc.cgroup.devices.allow                = c 1:3 rwm
# /dev/ptmx
lxc.cgroup.devices.allow                = c 5:2 rwm
# /dev/pts/*
lxc.cgroup.devices.allow                = c 136:* rwm
# /dev/random
lxc.cgroup.devices.allow                = c 1:8 rwm
# /dev/rtc
lxc.cgroup.devices.allow                = c 254:0 rwm
# /dev/tty
lxc.cgroup.devices.allow                = c 5:0 rwm
# tty0
lxc.cgroup.devices.allow                = c 4:0 rwm
# tty1
lxc.cgroup.devices.allow                = c 4:1 rwm
# /dev/urandom
lxc.cgroup.devices.allow                = c 1:9 rwm
# /dev/zero
lxc.cgroup.devices.allow                = c 1:5 rwm
# tun
lxc.cgroup.devices.allow                = c 10:200 rwm

## Limits
lxc.cgroup.cpu.shares                  = 1024
lxc.cgroup.cpuset.cpus                 = 0
lxc.cgroup.memory.limit_in_bytes       = 256M
lxc.cgroup.memory.memsw.limit_in_bytes = 1G

## Filesystem
lxc.mount.entry                         = proc proc proc ro,nodev,noexec,nosuid 0 0
lxc.mount.entry                         = sysfs sys sysfs ro 0 0
</pre>

== console ==

=== <code>''</path/to/conatiner/rootfs>''/etc/inittab</code> ===

<pre>
# /sbin/getty invocations for the runlevels.
#
# The "id" field MUST be the same as the last
# characters of the device (after "tty").
#
# Format:
#  <id>:<runlevels>:<action>:<process>
#
# Note that on most Debian systems tty7 is used by the X Window System,
# so if you want to add more getty's go ahead but skip tty7 if you run X.
#
c1:2345:respawn:/sbin/getty 38400 tty1
#1:2345:respawn:/sbin/getty 38400 tty1
#2:23:respawn:/sbin/getty 38400 tty2
#3:23:respawn:/sbin/getty 38400 tty3
#4:23:respawn:/sbin/getty 38400 tty4
#5:23:respawn:/sbin/getty 38400 tty5
#6:23:respawn:/sbin/getty 38400 tty6

# console
1:12345:respawn:/sbin/agetty --noclear 115200 console linux
</pre>

===lxc-console===
* VMs auflisten:
*: <source lang="bash">lxc-list</source>

* an VM attachen:
*: <source lang="bash">lxc-console -n<container-name></source>

* Von Konsole detachen:
*: im screen:
*:: {{Taste|Ctrl}}+{{Taste|a}}{{Taste|a}}{{Taste|q}}
*: ohne screen:
*:: {{Taste|Ctrl}}+{{Taste|a}}{{Taste|q}}

== debian 8 (jessie/systemd lxc) ==

z.b wheezy container upgrade auf jessie

lxc - config
<source lang="bash">
lxc.autodev = 1
lxc.kmsg = 0
</source>

im rootfs container:
<source lang="bash">
apt-get install dbus (sofern vergessen)

# udev fuu deaktivieren:
ln -s /dev/null /etc/systemd/system/systemd-udevd.service
ln -s /dev/null /etc/systemd/system/systemd-udevd-control.socket
ln -s /dev/null /etc/systemd/system/systemd-udevd-kernel.socket
ln -s /dev/null /etc/systemd/system/proc-sys-fs-binfmt_misc.automount

# tty fuu deaktivieren: /var/lib/lxc/{container}/rootfs/lib/systemd/system/getty@.service
ConditionPathExists=/dev/tty0

# permission fuu
ln -s -f /bin/true /usr/bin/chfn
</source>

https://wiki.archlinux.org/index.php/Lxc-systemd

https://github.com/lxc/lxc/commit/a9bf60bab547013a9873a3fb9efe61155e8694b8

https://wiki.debian.org/LXC#Debian_8_.22Jessie.22.2Ftesting

=== frickeln ===

https://gist.github.com/peo3/1142202