Update docs/tech_docs/lxc.md
This commit is contained in:
@@ -1,3 +1,61 @@
|
||||
Certainly! Here's a concise LXC and cgroups administration reference guide using the 80/20 rule, focusing on the most essential concepts and commands:
|
||||
|
||||
LXC and Cgroups Administration Reference Guide
|
||||
|
||||
1. Installing LXC
|
||||
- Ubuntu/Debian: `sudo apt-get install lxc`
|
||||
- CentOS/RHEL: `sudo yum install lxc`
|
||||
|
||||
2. Configuring LXC
|
||||
- Configuration file: `/etc/lxc/default.conf`
|
||||
- Network configuration: `/etc/lxc/lxc-usernet`
|
||||
|
||||
3. Creating and Managing Containers
|
||||
- Create a container: `sudo lxc-create -n <container-name> -t <template>`
|
||||
- Start a container: `sudo lxc-start -n <container-name>`
|
||||
- Stop a container: `sudo lxc-stop -n <container-name>`
|
||||
- Destroy a container: `sudo lxc-destroy -n <container-name>`
|
||||
- List containers: `sudo lxc-ls`
|
||||
|
||||
4. Accessing Containers
|
||||
- Attach to a container: `sudo lxc-attach -n <container-name>`
|
||||
- Execute a command in a container: `sudo lxc-attach -n <container-name> -- <command>`
|
||||
|
||||
5. Configuring Cgroups
|
||||
- Cgroups v1 mount point: `/sys/fs/cgroup`
|
||||
- Cgroups v2 mount point: `/sys/fs/cgroup/unified`
|
||||
- Enable/disable controllers: `/sys/fs/cgroup/<controller>/cgroup.subtree_control`
|
||||
|
||||
6. Managing Container Resources with Cgroups
|
||||
- CPU limits: `lxc.cgroup.cpu.shares`, `lxc.cgroup.cpu.cfs_quota_us`
|
||||
- Memory limits: `lxc.cgroup.memory.limit_in_bytes`, `lxc.cgroup.memory.memsw.limit_in_bytes`
|
||||
- Block I/O limits: `lxc.cgroup.blkio.weight`, `lxc.cgroup.blkio.throttle.read_bps_device`
|
||||
- Network limits: `lxc.cgroup.net_cls.classid`, `lxc.cgroup.net_prio.ifpriomap`
|
||||
|
||||
7. Monitoring Container Resource Usage
|
||||
- CPU usage: `lxc-cgroup -n <container-name> cpuacct.usage`
|
||||
- Memory usage: `lxc-cgroup -n <container-name> memory.usage_in_bytes`
|
||||
- Block I/O usage: `lxc-cgroup -n <container-name> blkio.throttle.io_service_bytes`
|
||||
|
||||
8. Troubleshooting
|
||||
- Check container status: `sudo lxc-info -n <container-name>`
|
||||
- View container logs: `sudo lxc-info -n <container-name> --log-file=<log-file>`
|
||||
- Inspect container configuration: `sudo lxc-config -n <container-name> show`
|
||||
|
||||
9. Security Best Practices
|
||||
- Run containers as unprivileged users
|
||||
- Use AppArmor or SELinux profiles
|
||||
- Set resource limits to prevent DoS attacks
|
||||
- Keep LXC and the host system updated
|
||||
|
||||
10. Integration with Orchestration Tools
|
||||
- Use container orchestration tools like Kubernetes or Docker Swarm for managing LXC containers at scale
|
||||
- Understand how orchestration tools leverage cgroups for resource management and scheduling
|
||||
|
||||
This reference guide covers the essential aspects of LXC and cgroups administration, providing you with the commands and concepts that you'll use most frequently. Keep in mind that there are more advanced features and configurations available, but mastering these fundamentals will allow you to handle the majority of common administration tasks efficiently.
|
||||
|
||||
---
|
||||
|
||||
# LXC CLI Cheatsheet
|
||||
|
||||
## Container Management
|
||||
|
||||
Reference in New Issue
Block a user