[lxc-users] lxs using host fs via aufs?

Fajar A. Nugraha list at fajar.net
Mon Apr 6 05:27:57 UTC 2015 

On Sat, Apr 4, 2015 at 1:37 PM, Johannes Graumann
<johannes_graumann at web.de> wrote:
> Serge Hallyn wrote:
>
>> Quoting Johannes Graumann (johannes_graumann at web.de):
>>> Hello,
>>>
>>> Has someone build lxc containers using the hosts /usr,/var, etc.
>>> partitions mounted througha union file system to the container? Is that
>>> even possible? Ought to be the ultimatively light solution ...
>>
>> It's possible using both aufs and overlayfs.
>
> Pointers to howtos or examples?


Oddly enough the best explanation I find on Google does not come from
ubuntu server guide, but
http://the.binbashtheory.com/using-overlayfs-with-lxc/

See also "man lxc.container.conf":

lxc.rootfs
...
overlayfs:/lower:/upper specifies that the rootfs should be an overlay
with /upper being mounted read-write over a read-only mount of /lower.
aufs:/lower:/upper does the same using aufs in place of overlayfs.


Something like this works for full rootfs overlay, using host root (or
some specially-created directory of your choice) and an upper
directory called "delta" to store the changes

# mkdir /var/lib/lxc/o2

# cd /var/lib/lxc/o2

# mkdir delta

# cat << END > config
lxc.include = /usr/share/lxc/config/ubuntu.common.conf
lxc.arch = x86_64

lxc.rootfs = overlayfs:/:/var/lib/lxc/o2/delta
lxc.utsname = o2

lxc.network.type = veth
lxc.network.link = lxcbr0
lxc.network.flags = up
END

# lxc-start -n o2

# lxc-attach -n o2 passwd
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

# lxc-stop -k -n o2


You can then see the changes are stored in "delta" directory
(including the "shadow" file, which was modified using "passwd"
command earlier)

# find /var/lib/lxc/o2/delta
/var/lib/lxc/o2/delta
...
/var/lib/lxc/o2/delta/etc/shadow
/var/lib/lxc/o2/delta/etc/mtab
...





To only use /usr and /var from the host, you could do something like this:

# lxc-create -t download -n o3 -- -d ubuntu -r utopic -a amd64
Using image from local cache
Unpacking the rootfs

---
You just created an Ubuntu container (release=utopic, arch=amd64,
variant=default)

To enable sshd, run: apt-get install openssh-server

For security reason, container images ship without user accounts
and without a root password.

Use lxc-attach or chroot directly into the rootfs to set a root password
or create user accounts.

# cd /var/lib/lxc/o3

# mkdir delta delta/usr delta/var

# rm -rf rootfs/usr/* rootfs/usr/var/*


... then use similar container config as above, except that now you use this
lxc.rootfs = /var/lib/lxc/o3/rootfs
lxc.utsname = o3
lxc.mount.entry = overlayfs usr overlayfs
lowerdir=/usr,upperdir=/var/lib/lxc/o3/delta/usr 0 0
lxc.mount.entry = overlayfs var overlayfs
lowerdir=/var,upperdir=/var/lib/lxc/o3/delta/var 0 0


Note that in this example only root and var use overlayfs, while
rootfs is a normal directory.
Start the container, run passwd, stop it, and see what's changed

# lxc-start -n o3

# lxc-attach -n o3 passwd
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

# lxc-stop -k -n o3

# find delta
delta
delta/usr
delta/var
delta/var/log
delta/var/log/dmesg.1.gz
...
delta/var/lib/dhcp
delta/var/lib/dhcp/dhclient.eth0.leases


-- 
Fajar

More information about the lxc-users mailing list