Introduction to docker container technology and LXC configuration

Introduction to docker

First, let's introduce the difference between container and virtualization
VM(VMware) creates virtual layer, virtualized operating system and virtualized warehouse on the basis of host machine and host machine operating system, and then installs applications;

Docker creates a docker engine on the operating system of the host machine and directly calls hardware resources on the operating system of the host machine, rather than virtualizing the operating system and hardware resources, so the operation speed is fast.

Docker is an open source project implemented in Go language, which allows us to easily create and use containers. Docker packages programs and all program dependencies into docker container, so that your programs can have consistent performance in any environment. The dependencies of program operation here are containers, just like containers, The operating system environment in which the container is located is like a cargo ship or port. The performance of the program is only related to the container (container), and has nothing to do with which cargo ship or port the container is placed (operating system).

Therefore, we can see that docker can shield environmental differences, that is, as long as your program is packaged in docker, the behavior of the program is consistent no matter what environment it runs in.

In addition, another advantage of docker is rapid deployment, which is the most common application scenario in Internet companies. One reason is that the container starts very fast, and the other reason is that as long as you ensure that the programs in a container run correctly, you can be sure that no matter how much you deploy in the production environment can run correctly.

Background of docker

The reason and background of a software or service is to solve the problems encountered in the production or working environment

  • The problems arising from production and work are different from the development and operation and maintenance environment or configuration, resulting in problems in the operation and maintenance environment for the deliverables with good development environment. Such problems are very annoying.

  • In the traditional operation and maintenance process, if there are ten machines on the line, each machine needs to be redeployed for repeated work.

  • The application environment cannot be configured across platforms.

  • Multiple applications installed in the environment may conflict, such as port conflict.

Traditional publishing process:

Package - > publish (app store) - > download package - > install available

docker publishing process:

Software package - > package with environment (image) - > docker warehouse: Store - > Download published image - > run directly available

docker mechanism solves these problems well

1. docker originates from the idea of container. It has its own isolation mechanism, and there is no interference between containers
2. Build once and run everywhere. Docker can package the written image file and run it in any docker service. This is derived from the container format of docker: the container format is used by the docker engine to package the namespace, control group and federated file system together. The default container format is libcontainer
3. The docker control group and the federated file system can set the cpu, memory and other usage limits of processes, while the federated file system can establish a federated mount point and share storage.

What is LXC

If we use the container function in the traditional way, we need to write our own code to make system calls to create the kernel. In fact, few people have this ability. LXC (LinuX Container) makes the container technology easier to use and makes the container functions needed into a set of tools, which greatly simplifies the trouble of users using container technology.

LXC is one of the first batch of schemes that really use the complete container technology with a set of simple tools and templates to greatly simplify the use of container technology.

Although LXC greatly simplifies the use of container technology, its complexity is not much reduced compared with using container technology directly through kernel call, because we must learn a set of command tools of LXC, and because the creation of kernel is realized through commands, it is not easy to realize data migration through batch commands. Its isolation is not as powerful as virtual machines.

Later, docker appeared, so to some extent, docker is an enhanced version of LXC.

Environmental description:

System versionIP address
centos 7.5192.168.182.131

LXC installation and deployment

[root@localhost ~]# Yum - y install epel release / / install epel source code

Install LXC and its dependent packages

[root@localhost ~]# yum -y install lxc lxc-templates bridge-utils lxc-libs libcgroup libvirt perl debootstrap

lxc-templat  //LXC configuration template
bridge-utils  //This is a toolkit for bridge management
lxc-libs  //Library files required by LXC
libcgroup  //cgroup is a mechanism that provides task aggregation and partitioning for linux kernel. It organizes some tasks into one or more subsystems through a set of parameters.
libvirt   //Server side daemons required to manage linux virtualization functions. A driver specific hypervisor is required.

Open service

[root@localhost ~]# systemctl start lxc
[root@localhost ~]# systemctl start libvirtd

[root@localhost ~]# LxC checkconfig / / check the configuration
Kernel configuration not found at /proc/config.gz; searching...
Kernel configuration found at /boot/config-3.10.0-862.el7.x86_64
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
newuidmap is not installed
newgidmap is not installed
Network namespace: enabled
Multiple /dev/pts instances: enabled

--- Control groups ---
Cgroup: enabled
Cgroup clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: enabled
Macvlan: enabled
Vlan: enabled
Bridges: enabled
Advanced netfilter: enabled
CONFIG_NF_NAT_IPV4: enabled
CONFIG_NF_NAT_IPV6: enabled
CONFIG_IP_NF_TARGET_MASQUERADE: enabled
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled

--- Checkpoint/Restore ---
checkpoint restore: enabled
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: enabled
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: enabled
CONFIG_NETLINK_DIAG: enabled
File capabilities: enabled

Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig

Create virtual machine

// View the LXC template containers available in the current system
[root@localhost ~]# ls /usr/share/lxc/templates/
lxc-alpine    lxc-archlinux  lxc-centos  lxc-debian    lxc-fedora  lxc-openmandriva  lxc-oracle  lxc-sshd    lxc-ubuntu-cloud
lxc-altlinux  lxc-busybox    lxc-cirros  lxc-download  lxc-gentoo  lxc-opensuse      lxc-plamo   lxc-ubuntu

Create LXC host

[root@localhost ~]# LXC create - t CentOS - n myhost1 / / create LXC host, - t specify template container, - N specify host name to create

Copying rootfs to /var/lib/lxc/myhost1/rootfs ...   #Generate the root of the virtual system. The default path of the file is / var/lib/lxc/myhsot1
/var/lib/lxc/myhost1/tmp_root_pass'        #This file holds the initial root password of the host
chroot /var/lib/lxc/myhost1/rootfs passwd   #You can use this command to change the initial root password

The default path of files generated by LXC host is in / var/lib/lxc / hostname / directory

[root@localhost myhost1]# pwd
/var/lib/lxc/myhost1

[root@localhost myhost1]# ls
config  rootfs  tmp_root_pass
// config is a configuration file
// rootfs is the root directory
// tmp_root_pass root password storage location

Start host

[root@localhost myhost1]# chroot /var/lib/lxc/myhost1/rootfs/ passwd / / modify the initial password
 Change user root Your password.
New password:
Re enter the new password:
passwd: All authentication tokens have been successfully updated.

[root@localhost myhost1]# lxc-start -n myhost1
systemd 219 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN)
Detected virtualization lxc.
Detected architecture x86-64.

Welcome to CentOS Linux 7 (Core)!

Running in a container, ignoring fstab device entry for /dev/root.
Cannot add dependency job for unit display-manager.service, ignoring: Unit not found.
[  OK  ] Reached target Remote File Systems.
Omitted here N that 's ok
myhost1 login: root     #Log in as root
Password:           #Enter the set root password

View some system information of lxc host

[root@myhost1 ~]# df -h
Filesystem               Size  Used Avail Use% Mounted on
/dev/mapper/centos-root   50G  2.3G   48G   5% /
devtmpfs                 1.4G     0  1.4G   0% /dev
tmpfs                    1.4G     0  1.4G   0% /dev/shm
tmpfs                    1.4G   17M  1.4G   2% /run
tmpfs                    1.4G     0  1.4G   0% /sys/fs/cgroup
tmpfs                    280M     0  280M   0% /run/user/0

[root@myhost1 ~]# ip a / / view the network card information
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
5: eth0@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether fe:9f:2e:9a:ff:b5 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.122.118/24 brd 192.168.122.255 scope global dynamic eth0
       valid_lft 3403sec preferred_lft 3403sec
    inet6 fe80::fc9f:2eff:fe9a:ffb5/64 scope link 
       valid_lft forever preferred_lft forever

lxc-start -n myhost1 -d                     #Adding the - d option at startup can prevent the host from running in the background
lxc-console -n myhost1                      #Connect using LxC console

[root@localhost ~]# ssh root@192.168.122.118
root@192.168.122.118's password:  //You can connect Using ssh

View the running status of the host

[root@localhost myhost1]# lxc-info -n myhost1
Name:           myhost1
State:          RUNNING
PID:            1741
IP:             192.168.122.118
CPU use:        0.17 seconds
BlkIO use:      15.54 MiB
Memory use:     8.04 MiB
KMem use:       0 bytes
Link:           veth55YWH2
 TX bytes:      1.42 KiB
 RX bytes:      6.19 KiB
 Total bytes:   7.61 KiB

Stop LXC host

[root@localhost myhost1]# lxc-stop -n myhost1

Clone host

[root@localhost myhost1]# LxC clone - O myhost1 - n myhost2 / / Clone myhost1 as myhost2
Created container myhost2 as copy of myhost1

Delete host

[root@localhost myhost1]# lxc-destroy -n myhost1
[root@localhost ~]# lxc-start -n myhost2
systemd 219 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN)
Detected virtualization lxc.
Detected architecture x86-64.

Welcome to CentOS Linux 7 (Core)!
Omitted here N that 's ok
myhost2 login: root
Password:   //The password is the same as myhost1

Tags: PHP MySQL Apache

Posted on Wed, 01 Dec 2021 01:27:32 -0500 by 758