146 lines
4.6 KiB
Plaintext
146 lines
4.6 KiB
Plaintext
== create ==
|
|
|
|
* mit lvm
|
|
*: <source lang="bash">lxc-create -n<container-name> -t <template> -B lvm --lvname <container-name> --vgname <volumen-gruppen-name> --fstype <filesystem-type> --fssize <filesystem-größe></source>
|
|
|
|
* ohne lvm
|
|
*: <source lang="bash">lxc-create -n<container-name> -t <template></source>
|
|
|
|
== start ==
|
|
|
|
* start
|
|
*: <source lang="bash">lxc-start -n<container-name> -f</path/to/config/file> -d</source>
|
|
|
|
== stop ==
|
|
|
|
* stop
|
|
*: <source lang="bash">lxc-stop -n<container-name></source>
|
|
|
|
== config ==
|
|
|
|
<pre>
|
|
## network
|
|
lxc.network.type = veth
|
|
lxc.network.link = br0
|
|
lxc.network.name = eth0
|
|
lxc.network.hwaddr = 00:00:c3:d2:00:23
|
|
lxc.network.veth.pair = br0_<container-name>
|
|
lxc.network.flags = up
|
|
|
|
lxc.network.type = veth
|
|
lxc.network.link = br1
|
|
lxc.network.name = eth1
|
|
lxc.network.hwaddr = 00:00:c3:d2:01:23
|
|
lxc.network.veth.pair = br1_<container-name>
|
|
lxc.network.flags = up
|
|
|
|
## Container
|
|
lxc.utsname = <container-name>
|
|
lxc.rootfs = /var/lib/lxc/<container-name>/rootfs
|
|
lxc.arch = x86_64
|
|
#lxc.console = /var/log/lxc/<container-name>.console
|
|
lxc.tty = 2
|
|
lxc.pts = 1024
|
|
|
|
## Capabilities
|
|
lxc.cap.drop = audit_control
|
|
lxc.cap.drop = audit_write
|
|
lxc.cap.drop = linux_immutable
|
|
lxc.cap.drop = mac_admin
|
|
lxc.cap.drop = mac_override
|
|
lxc.cap.drop = setpcap
|
|
lxc.cap.drop = sys_admin
|
|
lxc.cap.drop = sys_boot
|
|
lxc.cap.drop = sys_module
|
|
lxc.cap.drop = sys_pacct
|
|
lxc.cap.drop = sys_rawio
|
|
lxc.cap.drop = sys_time
|
|
|
|
## Devices
|
|
# Allow all devices
|
|
#lxc.cgroup.devices.allow = a
|
|
|
|
# Deny all devices
|
|
lxc.cgroup.devices.deny = a
|
|
|
|
# Allow to mknod all devices (but not using them)
|
|
lxc.cgroup.devices.allow = c *:* m
|
|
lxc.cgroup.devices.allow = b *:* m
|
|
|
|
# /dev/console
|
|
lxc.cgroup.devices.allow = c 5:1 rwm
|
|
# /dev/null
|
|
lxc.cgroup.devices.allow = c 1:3 rwm
|
|
# /dev/ptmx
|
|
lxc.cgroup.devices.allow = c 5:2 rwm
|
|
# /dev/pts/*
|
|
lxc.cgroup.devices.allow = c 136:* rwm
|
|
# /dev/random
|
|
lxc.cgroup.devices.allow = c 1:8 rwm
|
|
# /dev/rtc
|
|
lxc.cgroup.devices.allow = c 254:0 rwm
|
|
# /dev/tty
|
|
lxc.cgroup.devices.allow = c 5:0 rwm
|
|
# tty0
|
|
lxc.cgroup.devices.allow = c 4:0 rwm
|
|
# tty1
|
|
lxc.cgroup.devices.allow = c 4:1 rwm
|
|
# /dev/urandom
|
|
lxc.cgroup.devices.allow = c 1:9 rwm
|
|
# /dev/zero
|
|
lxc.cgroup.devices.allow = c 1:5 rwm
|
|
# tun
|
|
lxc.cgroup.devices.allow = c 10:200 rwm
|
|
|
|
## Limits
|
|
lxc.cgroup.cpu.shares = 1024
|
|
lxc.cgroup.cpuset.cpus = 0
|
|
lxc.cgroup.memory.limit_in_bytes = 256M
|
|
lxc.cgroup.memory.memsw.limit_in_bytes = 1G
|
|
|
|
## Filesystem
|
|
lxc.mount.entry = proc proc proc ro,nodev,noexec,nosuid 0 0
|
|
lxc.mount.entry = sysfs sys sysfs ro 0 0
|
|
</pre>
|
|
|
|
== console ==
|
|
|
|
=== <code>''</path/to/conatiner/rootfs>''/etc/inittab</code> ===
|
|
|
|
<pre>
|
|
# /sbin/getty invocations for the runlevels.
|
|
#
|
|
# The "id" field MUST be the same as the last
|
|
# characters of the device (after "tty").
|
|
#
|
|
# Format:
|
|
# <id>:<runlevels>:<action>:<process>
|
|
#
|
|
# Note that on most Debian systems tty7 is used by the X Window System,
|
|
# so if you want to add more getty's go ahead but skip tty7 if you run X.
|
|
#
|
|
c1:2345:respawn:/sbin/getty 38400 tty1
|
|
#1:2345:respawn:/sbin/getty 38400 tty1
|
|
#2:23:respawn:/sbin/getty 38400 tty2
|
|
#3:23:respawn:/sbin/getty 38400 tty3
|
|
#4:23:respawn:/sbin/getty 38400 tty4
|
|
#5:23:respawn:/sbin/getty 38400 tty5
|
|
#6:23:respawn:/sbin/getty 38400 tty6
|
|
|
|
# console
|
|
1:12345:respawn:/sbin/agetty --noclear 115200 console linux
|
|
</pre>
|
|
|
|
===lxc-console===
|
|
* VMs auflisten:
|
|
*: <source lang="bash">lxc-list</source>
|
|
|
|
* an VM attachen:
|
|
*: <source lang="bash">lxc-console -n<container-name></source>
|
|
|
|
* Von Konsole detachen:
|
|
*: im screen:
|
|
*:: {{Taste|Ctrl}}+{{Taste|a}}{{Taste|a}}{{Taste|q}}
|
|
*: ohne screen:
|
|
*:: {{Taste|Ctrl}}+{{Taste|a}}{{Taste|q}}
|