LXC : containers on CentOS 7 (II)

So we have containers. I now need to learn how to allocate resources on them, how to call them, and so on. My cheat sheet so far is:

  • Container creation:
    lxc-create -n NAME -t DISTRIBUTION
  • Container info:
    lxc-info -n NAME
  • Container list:
    lxc-ls
  • Container login from a privileged account:
    lxc-console -n NAME -t 0
  • Container configuration of NAME
    /var/lib/lxc/NAME/config
  • Container templates:
    /usr/share/lxc/config/

I tested that I can login as root when I’m an user on the same machine the container is running, that is what I wanted, to give ROOT power to a user in a confined hardware subset. I changed the root password right after creating the container, so the user just need to do

ssh -Y root@ip.of.the.container

Now we need to dynamically modify it. There is a long post about container resources that I used as a guide. It looks like there are currently 2 “container philosophies” installed: the one that uses lxc + command ( example: lxc config device set CONTAINER DEVICE KEY VALUE) and the one that uses lxc-cgroup. In my case, that is the one that seems more handy, since the user is going to log in via ssh. So let’s say I want to restrict the user of the container NAME to 2 of the cpus of my machine. I achieve it by typing, as root:

lxc-cgroup -n NAME cpuset.cpus 0,1

The next step will be to try software installation. I will cover the subject in a future post.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s