So we have containers. I now need to learn how to allocate resources on them, how to call them, and so on. My cheat sheet so far is:
- Container creation:
lxc-create -n NAME -t DISTRIBUTION
- Container info:
lxc-info -n NAME
- Container list:
lxc-ls
- Container login from a privileged account:
lxc-console -n NAME -t 0
- Container configuration of NAME
/var/lib/lxc/NAME/config
- Container templates:
/usr/share/lxc/config/
I tested that I can login as root when I’m an user on the same machine the container is running, that is what I wanted, to give ROOT power to a user in a confined hardware subset. I changed the root password right after creating the container, so the user just need to do
ssh -Y root@ip.of.the.container
Now we need to dynamically modify it. There is a long post about container resources that I used as a guide. It looks like there are currently 2 “container philosophies” installed: the one that uses lxc + command ( example: lxc config device set CONTAINER DEVICE KEY VALUE) and the one that uses lxc-cgroup. In my case, that is the one that seems more handy, since the user is going to log in via ssh. So let’s say I want to restrict the user of the container NAME to 2 of the cpus of my machine. I achieve it by typing, as root:
lxc-cgroup -n NAME cpuset.cpus 0,1
The next step will be to try software installation. I will cover the subject in a future post.