Difference between revisions of "LXC"

m (→‎Troubleshooting: to level2)
 
(32 intermediate revisions by 7 users not shown)
Line 1: Line 1:
=Prepare a Linux Container (CT)=
+
== Requirements ==
==Requirements==
 
* A console should be disabled (lxc.console = none)
 
* udev should not run in CT ($ mv /sbin/udevd{,.bcp})
 
  
== Prepare a host environment ==
+
You should have built and installed a recent (>= 1.3.1) version of CRIU.
  
* Mount cgroupfs
+
== Checkpointing and restoring a container ==
$ mount -t cgroup c /cgroup
 
* Create a network bridge
 
# cat /etc/sysconfig/network-scripts/ifcfg-br0
 
DEVICE=br0
 
TYPE=Bridge
 
BOOTPROTO=dhcp
 
ONBOOT=yes
 
DELAY=5
 
NM_CONTROLLED=n
 
$ cat /etc/sysconfig/network-scripts/ifcfg-eth0
 
DEVICE="eth0"
 
NM_CONTROLLED="no"
 
ONBOOT="yes"
 
BRIDGE=br0
 
==Create CT==
 
* Download an OpenVZ template and extract it.
 
curl http://download.openvz.org/template/precreated/centos-6-x86_64.tar.gz | tar -xz -C test-lxc
 
  
* Create a config files
+
LXC upstream has begun to integrate checkpoint/restore support through the lxc-checkpoint tool. This functionality has been in the recent released version of LXC---LXC 1.1.0 , you can install the LXC 1.1.0 or you can check out the development version on Ubuntu by doing:
$ cat ~/test-lxc.conf
+
<source lang="bash">
lxc.console=none
+
sudo add-apt-repository ppa:ubuntu-lxc/daily
lxc.utsname = test-lxc
+
sudo apt-get update
lxc.network.type = veth
+
sudo apt-get install lxc
lxc.network.flags = up
+
</source>
lxc.network.link = br0
 
lxc.network.name = eth0
 
lxc.mount = /root/test-lxc/etc/fstab
 
lxc.rootfs = /root/test-lxc-root/
 
  
$ cat /root/test-lxc/etc/fstab
+
Next, create a container:
none /root/test-lxc-root/dev/pts devpts defaults 0 0
 
none /root/test-lxc-root/proc    proc  defaults 0 0
 
none /root/test-lxc-root/sys    sysfs  defaults 0 0
 
none /root/test-lxc-root/dev/shm tmpfs  defaults 0 0
 
  
* Register CT
+
<source lang="bash">
  $ lxc-create -n test-lxc -f test-lxc.conf
+
  sudo lxc-create -t ubuntu -n u1 -- -r trusty -a amd64
 +
</source>
  
* Start CT
+
And add the following lines (as above) to its config:
$ mount --bind test-lxc test-lxc-root/
 
$ lxc-start -n test-lxc
 
  
= Dump/Restore a Linux Container =
+
<source lang="bash">
==Installation==
+
cat | sudo tee -a /var/lib/lxc/u1/config << EOF
* Install [[CR tools]] and all requirements according with [[Installation | instructions]]
+
# hax for criu
 +
lxc.console = none
 +
lxc.tty = 0
 +
lxc.cgroup.devices.deny = c 5:1 rwm
 +
EOF
 +
</source>
 +
 
 +
Finally, start, and checkpoint the container:
 +
 
 +
<source lang="bash">
 +
sudo lxc-start -n u1
 +
sleep 5s  # let the container get to a more interesting state
 +
sudo lxc-checkpoint -s -D /tmp/checkpoint -n u1
 +
</source>
 +
 
 +
At this point, the container's state is stored in /tmp/checkpoint, and the filesystem is in /var/lib/lxc/u1/rootfs. You can restore the container by doing:
 +
 
 +
<source lang="bash">
 +
sudo lxc-checkpoint -r -D /tmp/checkpoint -n u1
 +
</source>
 +
 
 +
And then, get your container's IP and ssh in:
 +
 
 +
<source lang="bash">
 +
ssh ubuntu@$(sudo lxc-info -i -H -n u1)
 +
</source>
 +
 
 +
== Troubleshooting ==
 +
 +
=== Error (mount.c:805): fusectl isn't empty: 8388625 ===
 +
 
 +
Dumping of fuse filesystems is currently not supported. Empty the container's <code>/sys/fs/fuse/connections</code> and try again.
 +
 
 +
=== Error (mount.c:517): Mount 58 (master_id: 12 shared_id: 0) has unreachable sharing ===
 +
 
 +
CRIU doesn't yet support shared mountpoints as LXC does; make sure your rootfs is on a non-shared mount.
 +
 
 +
== External links ==
 +
 
 +
* [https://www.youtube.com/watch?v=a9T2gcnQg2k&feature=youtu.be&t=18m8s The New New Thing: Turning Docker Tech into a Full Speed Hypervisor] - Talk of Tycho Andersen with demo of migration LXC container with Doom inside
 +
* [https://github.com/tych0/presentations/blob/master/ods2014.md Demo script]
 +
 
 +
[[Category: HOWTO]]
 +
[[Category: Live migration]]

Latest revision as of 19:20, 21 September 2016

RequirementsEdit

You should have built and installed a recent (>= 1.3.1) version of CRIU.

Checkpointing and restoring a containerEdit

LXC upstream has begun to integrate checkpoint/restore support through the lxc-checkpoint tool. This functionality has been in the recent released version of LXC---LXC 1.1.0 , you can install the LXC 1.1.0 or you can check out the development version on Ubuntu by doing:

sudo add-apt-repository ppa:ubuntu-lxc/daily
sudo apt-get update
sudo apt-get install lxc

Next, create a container:

 sudo lxc-create -t ubuntu -n u1 -- -r trusty -a amd64

And add the following lines (as above) to its config:

cat | sudo tee -a /var/lib/lxc/u1/config << EOF
# hax for criu
lxc.console = none
lxc.tty = 0
lxc.cgroup.devices.deny = c 5:1 rwm
EOF

Finally, start, and checkpoint the container:

sudo lxc-start -n u1
sleep 5s  # let the container get to a more interesting state
sudo lxc-checkpoint -s -D /tmp/checkpoint -n u1

At this point, the container's state is stored in /tmp/checkpoint, and the filesystem is in /var/lib/lxc/u1/rootfs. You can restore the container by doing:

sudo lxc-checkpoint -r -D /tmp/checkpoint -n u1

And then, get your container's IP and ssh in:

ssh ubuntu@$(sudo lxc-info -i -H -n u1)

TroubleshootingEdit

Error (mount.c:805): fusectl isn't empty: 8388625Edit

Dumping of fuse filesystems is currently not supported. Empty the container's /sys/fs/fuse/connections and try again.

Error (mount.c:517): Mount 58 (master_id: 12 shared_id: 0) has unreachable sharingEdit

CRIU doesn't yet support shared mountpoints as LXC does; make sure your rootfs is on a non-shared mount.

External linksEdit