medusa/the_information_nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2025455967688d0eab9c2c2b39b033567df8c8e4
the_information_nexus/tech_docs/linux/lxc.md
Whisker Jones aeba9bdb34 structure updates
2024-05-01 12:28:44 -06:00

5.6 KiB
Raw Blame History

Certainly! Here's a concise LXC and cgroups administration reference guide using the 80/20 rule, focusing on the most essential concepts and commands:

LXC and Cgroups Administration Reference Guide

  1. Installing LXC

    • Ubuntu/Debian: sudo apt-get install lxc
    • CentOS/RHEL: sudo yum install lxc

  2. Configuring LXC

    • Configuration file: /etc/lxc/default.conf
    • Network configuration: /etc/lxc/lxc-usernet

  3. Creating and Managing Containers

    • Create a container: sudo lxc-create -n <container-name> -t <template>
    • Start a container: sudo lxc-start -n <container-name>
    • Stop a container: sudo lxc-stop -n <container-name>
    • Destroy a container: sudo lxc-destroy -n <container-name>
    • List containers: sudo lxc-ls

  4. Accessing Containers

    • Attach to a container: sudo lxc-attach -n <container-name>
    • Execute a command in a container: sudo lxc-attach -n <container-name> -- <command>

  5. Configuring Cgroups

    • Cgroups v1 mount point: /sys/fs/cgroup
    • Cgroups v2 mount point: /sys/fs/cgroup/unified
    • Enable/disable controllers: /sys/fs/cgroup/<controller>/cgroup.subtree_control

  6. Managing Container Resources with Cgroups

    • CPU limits: lxc.cgroup.cpu.shares, lxc.cgroup.cpu.cfs_quota_us
    • Memory limits: lxc.cgroup.memory.limit_in_bytes, lxc.cgroup.memory.memsw.limit_in_bytes
    • Block I/O limits: lxc.cgroup.blkio.weight, lxc.cgroup.blkio.throttle.read_bps_device
    • Network limits: lxc.cgroup.net_cls.classid, lxc.cgroup.net_prio.ifpriomap

  7. Monitoring Container Resource Usage

    • CPU usage: lxc-cgroup -n <container-name> cpuacct.usage
    • Memory usage: lxc-cgroup -n <container-name> memory.usage_in_bytes
    • Block I/O usage: lxc-cgroup -n <container-name> blkio.throttle.io_service_bytes

  8. Troubleshooting

    • Check container status: sudo lxc-info -n <container-name>
    • View container logs: sudo lxc-info -n <container-name> --log-file=<log-file>
    • Inspect container configuration: sudo lxc-config -n <container-name> show

  9. Security Best Practices

    • Run containers as unprivileged users
    • Use AppArmor or SELinux profiles
    • Set resource limits to prevent DoS attacks
    • Keep LXC and the host system updated

  10. Integration with Orchestration Tools

    • Use container orchestration tools like Kubernetes or Docker Swarm for managing LXC containers at scale
    • Understand how orchestration tools leverage cgroups for resource management and scheduling

This reference guide covers the essential aspects of LXC and cgroups administration, providing you with the commands and concepts that you'll use most frequently. Keep in mind that there are more advanced features and configurations available, but mastering these fundamentals will allow you to handle the majority of common administration tasks efficiently.

LXC CLI Cheatsheet

Container Management

  • Usage: Useful for day-to-day container management tasks like checking container status, executing commands inside containers, and getting detailed information.
  • lxc list -c n,s,4,image.description:image
    Description: Lists containers with specific columns like name, state, IPv4 address, and image description.
  • lxc info <container-name>
    Description: Displays detailed information about a specific container.
    Example: lxc info mycontainer
  • lxc exec <container-name> -- <command>
    Description: Executes a command inside the specified container.
    Example: lxc exec mycontainer -- bash

Image Management

  • Usage: Important for understanding what images are available and for selecting the right image for container deployment.
  • lxc image list
    Description: Lists all available images.
  • lxc image alias list <repository>: <tag>
    Description: Lists all aliases for an image in a repository.
    Example: lxc image alias list ubuntu: '20.04'

Networking

  • Usage: Essential for setting up and troubleshooting container networking, ensuring containers can communicate with each other and the outside world.
  • lxc network list
    Description: Lists all networks.
  • lxc network show <network-name>
    Description: Shows detailed information about a specific network.
    Example: lxc network show lxdbr0

Advanced Container Operations

  • Usage: Advanced features that allow for more complex container management, like cloning containers, and managing container states and backups.
  • lxc launch <image-name>
    Description: Launches a new container from the specified image.
    Examples: lxc launch ubuntu:20.04, lxc launch images:alpine/3.13
  • lxc copy <source-container> <destination-container>
    Description: Copies a container to a new container.
  • lxc snapshot <container-name>
    Description: Creates a snapshot of a container.
  • lxc restore <container-name> <snapshot-name>
    Description: Restores a container from a specified snapshot.

File Management

  • Usage: Useful for deploying configuration files or scripts inside containers.
  • lxc file push <source-path> <container-name>/<destination-path>
    Description: Pushes a file from the host to the container.

Troubleshooting and Help

  • Usage: Crucial for diagnosing and resolving issues with containers and processes.
  • lxc --help
    Description: Displays help for LXC commands.
  • ps -ef | grep <process-name>
    Description: Finds processes related to a specific name, useful for troubleshooting.
    Example: ps -ef | grep dnsmasq

Note: Replace placeholders like <container-name>, <network-name>, and <image-name> with actual names when using the commands.