The Go Blog

LXC on CentOS 7

bantana
22 September 2014

CentOS 7 Virtualization Host install

[root@localhost ~]# yum groups install "Virtualization Host"

Clear Network

[root@localhost ~]# systemctl disable NetworkManager

[root@localhost ~]# ifconfig

enp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::222:19ff:fe02:7132  prefixlen 64  scopeid 0x20<link>
        ether 00:22:19:02:71:32  txqueuelen 1000  (Ethernet)
        RX packets 1461  bytes 177166 (173.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 650  bytes 90356 (88.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 16

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 2  bytes 140 (140.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2  bytes 140 (140.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255
        ether 52:54:00:34:1a:c9  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0-nic: flags=4098<BROADCAST,MULTICAST>  mtu 1500
        ether 52:54:00:34:1a:c9  txqueuelen 500  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

destroy virbr0

[root@localhost ~]# virsh net-list
[root@localhost ~]# virsh net-destroy default
[root@localhost ~]# virsh net-undefine default

enp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::222:19ff:fe02:7132  prefixlen 64  scopeid 0x20<link>
        ether 00:22:19:02:71:32  txqueuelen 1000  (Ethernet)
        RX packets 1461  bytes 177166 (173.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 650  bytes 90356 (88.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 16

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 2  bytes 140 (140.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2  bytes 140 (140.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Add bridge nic

[root@localhost ~]# cat /etc/sysconfig/network

NETWORKING=yes
NETWORKING_IPV6=no
PEERNTP=no
NOZEROCONF=yes
GATEWAY=192.168.1.1

[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-enp2s0

HWADDR="00:22:19:02:71:32"
TYPE="Ethernet"
#BOOTPROTO="static"
DEFROUTE="yes"
PEERDNS="yes"
PEERROUTES="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="no"
IPV6_AUTOCONF="no"
IPV6_DEFROUTE="no"
IPV6_PEERDNS="no"
IPV6_PEERROUTES="no"
IPV6_FAILURE_FATAL="no"
NAME="enp2s0"
UUID="65fcabec-4d9c-4d0a-afaa-7e7d1ca90bfe"
BRIDGE="br0"
ONBOOT="yes"

[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-br0

DEVICE="br0"
TYPE="Bridge"
ONBOOT=yes
DELAY=0
BOOTPROTO="static"
IPADDR=192.168.1.18
NETMASK=255.255.255.0
DEFROUTE="yes"
PEERDNS="yes"
PEERROUTES="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="no"
IPV6_AUTOCONF="no"
IPV6_DEFROUTE="no"
IPV6_PEERDNS="no"
IPV6_PEERROUTES="no"
IPV6_FAILURE_FATAL="no"
NAME="br0"

[root@localhost network-scripts]# netstat -rn

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG        0 0          0 br0
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 br0

Create lxc container

# yum -y --installroot=/var/lib/libvirt/filesystems/minicentos7 --releasever=7 group install "Minimal Install"
# echo "pts/0" >> /var/lib/libvirt/filesystems/minicentos7/etc/securetty
# chroot /var/lib/libvirt/filesystems/minicentos7 /bin/passwd root
# virt-install --connect lxc:// --name minicentos7 --ram 512 --network="bridge=br0" --filesystem /var/lib/libvirt/filesystems/minicentos7,/

[root@localhost lxc]# cat /etc/libvirt/lxc/minicentos7.xml
<!--
WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
OVERWRITTEN AND LOST. Changes to this xml configuration should be made using:
  virsh edit minicentos7
or other application using the libvirt API.
-->

<domain type='lxc'>
  <name>minicentos7</name>
  <uuid>12801f66-7b8f-437e-8398-b889ee4411e0</uuid>
  <memory unit='KiB'>524288</memory>
  <currentMemory unit='KiB'>524288</currentMemory>
  <vcpu placement='static'>1</vcpu>
  <os>
    <type arch='x86_64'>exe</type>
    <init>/sbin/init</init>
  </os>
  <clock offset='utc'/>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>restart</on_crash>
  <devices>
    <emulator>/usr/libexec/libvirt_lxc</emulator>
    <filesystem type='mount' accessmode='passthrough'>
      <source dir='/var/lib/libvirt/filesystems/minicentos7'/>
      <target dir='/'/>
    </filesystem>
    <interface type='bridge'>
      <mac address='00:16:3e:5e:03:12'/>
      <source bridge='br0'/>
    </interface>
    <console type='pty'>
      <target type='lxc' port='0'/>
    </console>
  </devices>
</domain>

lxc container network config

[root@localhost ~]# cat /etc/sysconfig/network
# Created by anaconda
NETWORKING=yes
NETWORKING_IPV6=no
PEERNTP=no
NOZEROCONF=yes
GATEWAY=192.168.1.1 #dhcp comment this

[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
HWADDR=00:16:3e:1f:49:44
NAME=eth0
TYPE=Ethernet
BOOTPROTO=dhcp
#BOOTPROTO="static"
#IPADDR=192.168.1.21
#NETMASK=255.255.255.0
ONBOOT=yes
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
IPV6_AUTOCONF=no
IPV6_DEFROUTE=no
IPV6_PEERDNS=no
IPV6_PEERROUTES=no
IPV6_FAILURE_FATAL=no

yum something

yum -y install net-tools
systemctl stop NetworkManager
systemctl disable NetworkManager
yum erase NetworkManager

change lxc container hostname

[root@minicentos7~]# cat /etc/hostname
minicentos7

[root@nginxcentos7 ~]# cat /etc/sysconfig/network
HOSTNAME=nginxcentos7

timezone

on lxc master

timedatectl set-timezone Asia/Shanghai
ntpdate 1.asia.pool.ntp.org

on lxc container

timedatectl set-timezone Asia/Shanghai

runlevel

[root@localhost ~]# runlevel

N 5

[root@localhost ~]# systemctl get-default

graphical.target

[root@localhost ~]# ll /etc/systemd/system/default.target

lrwxrwxrwx 1 root root 40 Sep 24  2014 /etc/systemd/system/default.target -> /usr/lib/systemd/system/graphical.target

[root@localhost ~]# ll /etc/systemd/system/

total 4
drwxr-xr-x 2 root root   30 Sep 24  2014 basic.target.wants
lrwxrwxrwx 1 root root   44 Sep 24  2014 dbus-org.freedesktop.Avahi.service -> /usr/lib/systemd/system/avahi-daemon.service
lrwxrwxrwx 1 root root   40 Sep 24  2014 default.target -> /usr/lib/systemd/system/graphical.target
drwxr-xr-x 2 root root   85 Sep 24  2014 default.target.wants
drwxr-xr-x 2 root root   31 Sep 24  2014 getty.target.wants
drwxr-xr-x 2 root root 4096 Sep 24  2014 multi-user.target.wants
drwxr-xr-x 2 root root   32 Sep 24  2014 sockets.target.wants
drwxr-xr-x 2 root root   43 Sep 24  2014 system-update.target.wants

[root@localhost ~]# systemctl set-default multi-user.target

rm '/etc/systemd/system/default.target'
ln -s '/usr/lib/systemd/system/multi-user.target' '/etc/systemd/system/default.target'

[root@localhost ~]# reboot

[root@localhost ~]# runlevel

N 3

Resouce limit cgroup

[root@localhost ~]# ps -ef|grep -i libvirt

root      1303     1  0 Sep23 ?        00:00:14 /usr/sbin/libvirtd
root     15491     1  0 01:13 ?        00:00:00 /usr/libexec/libvirt_lxc --name nginxcentos7 --console 21 --security=none --handshake 26 --background --veth vnet2
root     17225     1  0 01:20 ?        00:00:00 /usr/libexec/libvirt_lxc --name minicentos7 --console 21 --security=none --handshake 30 --background --veth vnet2
root     18844 18797  0 01:42 pts/2    00:00:00 grep --color=auto -i libvirt

[root@localhost ~]# cat /proc/17225/cgroup

10:hugetlb:/
9:perf_event:/machine.slice/machine-lxc\x2dminicentos7.scope
8:blkio:/machine.slice/machine-lxc\x2dminicentos7.scope
7:net_cls:/machine.slice/machine-lxc\x2dminicentos7.scope
6:freezer:/machine.slice/machine-lxc\x2dminicentos7.scope
5:devices:/machine.slice/machine-lxc\x2dminicentos7.scope
4:memory:/machine.slice/machine-lxc\x2dminicentos7.scope
3:cpuacct,cpu:/machine.slice/machine-lxc\x2dminicentos7.scope
2:cpuset:/machine.slice/machine-lxc\x2dminicentos7.scope
1:name=systemd:/machine.slice/machine-lxc\x2dminicentos7.scope

[root@localhost ~]# pstree -p

systemd(1)─┬─abrt-watch-log(624)
           ├─abrtd(621)
           ├─anacron(14968)
           ├─atd(654)
           ├─auditd(583)───{auditd}(588)
           ├─avahi-daemon(615)───avahi-daemon(626)
           ├─chronyd(650)
           ├─crond(652)
           ├─dbus-daemon(644)
           ├─firewalld(611)───{firewalld}(1216)
           ├─iprdump(713)
           ├─iprinit(690)
           ├─iprupdate(692)
           ├─ksmtuned(660)───sleep(19299)
           ├─libvirt_lxc(15491)─┬─systemd(15493)─┬─agetty(15586)
           │                    │                ├─anacron(19200)
           │                    │                ├─crond(15570)
           │                    │                ├─dbus-daemon(15559)
           │                    │                ├─dhclient(15770)
           │                    │                ├─iprdump(16839)
           │                    │                ├─iprinit(16830)
           │                    │                ├─iprupdate(16827)
           │                    │                ├─master(16316)─┬─pickup(16335)
           │                    │                │               └─qmgr(16336)
           │                    │                ├─rsyslogd(15551)─┬─{rsyslogd}(15572)
           │                    │                │                 └─{rsyslogd}(15573)
           │                    │                ├─sshd(15829)
           │                    │                ├─systemd-journal(15504)
           │                    │                ├─systemd-logind(15556)
           │                    │                └─tuned(15553)─┬─{tuned}(15667)
           │                    │                               ├─{tuned}(15672)
           │                    │                               └─{tuned}(15676)
           │                    └─{libvirt_lxc}(15492)
           ├─libvirt_lxc(17225)─┬─systemd(17227)─┬─agetty(17308)
           │                    │                ├─crond(17294)
           │                    │                ├─dbus-daemon(17290)
           │                    │                ├─iprdump(18554)
           │                    │                ├─iprinit(18542)
           │                    │                ├─iprupdate(18543)
           │                    │                ├─master(18047)─┬─pickup(18055)
           │                    │                │               └─qmgr(18056)
           │                    │                ├─rsyslogd(17286)─┬─{rsyslogd}(17336)
           │                    │                │                 └─{rsyslogd}(17337)
           │                    │                ├─sshd(17536)
           │                    │                ├─systemd-journal(17238)
           │                    │                ├─systemd-logind(17289)
           │                    │                └─tuned(17288)─┬─{tuned}(17442)
           │                    │                               ├─{tuned}(17444)
           │                    │                               └─{tuned}(17447)
           │                    └─{libvirt_lxc}(17226)
           ├─libvirtd(1303)─┬─{libvirtd}(1324)
           │                ├─{libvirtd}(1325)
           │                ├─{libvirtd}(1326)
           │                ├─{libvirtd}(1327)
           │                ├─{libvirtd}(1328)
           │                ├─{libvirtd}(1329)
           │                ├─{libvirtd}(1330)
           │                ├─{libvirtd}(1331)
           │                ├─{libvirtd}(1332)
           │                └─{libvirtd}(1333)
           ├─login(697)───bash(2381)
           ├─lsmd(616)
           ├─lvmetad(485)
           ├─master(1714)─┬─pickup(32592)
           │              └─qmgr(1734)
           ├─polkitd(1226)─┬─{polkitd}(1227)
           │               ├─{polkitd}(1228)
           │               ├─{polkitd}(1229)
           │               ├─{polkitd}(1230)
           │               └─{polkitd}(1231)
           ├─rpc.statd(1346)
           ├─rpcbind(1306)
           ├─rsyslogd(618)─┬─{rsyslogd}(665)
           │               └─{rsyslogd}(666)
           ├─smartd(638)
           ├─sshd(1311)───sshd(19091)───bash(19093)───pstree(19300)
           ├─systemd-journal(459)
           ├─systemd-logind(643)
           ├─systemd-machine(4981)
           ├─systemd-udevd(494)
           └─tuned(630)─┬─{tuned}(785)
                        ├─{tuned}(786)
                        ├─{tuned}(788)
                        └─{tuned}(789)

selinux

[root@nginxcentos7 etc]# sestatus

SELinux status:                 disabled