[lxc-users] nested containers
Fajar A. Nugraha
list at fajar.net
Wed Mar 4 09:14:29 UTC 2015
On Wed, Mar 4, 2015 at 12:15 PM, Mohan G <mohan_gg at yahoo.com> wrote:
> Hi,
> Is there anyway we can have nested containers/cgroups. One parent container
> forming the basis for children containers. i.e subset of parent container.
Yes.
On parent container config (in ubuntu), add this:
lxc.aa_profile=lxc-container-default-with-nesting
And then on that container, you can create containers
utopic ~ # lxc-ls -f --running
NAME STATE IPV4 IPV6 GROUPS AUTOSTART
-----------------------------------------------------------------
v RUNNING 10.0.3.1, 192.168.124.173 - - NO
utopic ~ # lxc-attach -n v
root at v:~#
root at v:~# cat /proc/1/cgroup
12:name=systemd:/lxc/v
11:perf_event:/lxc/v
10:net_prio:/lxc/v
9:net_cls:/lxc/v
8:memory:/lxc/v
7:hugetlb:/lxc/v
6:freezer:/lxc/v
5:devices:/lxc/v
4:cpuset:/lxc/v
3:cpuacct:/lxc/v
2:cpu:/lxc/v
1:blkio:/lxc/v
root at v:~# lxc-create -t download -n nv -- -d ubuntu -r vivid -a amd64
Using image from local cache
Unpacking the rootfs
---
You just created an Ubuntu container (release=vivid, arch=amd64,
variant=default)
To enable sshd, run: apt-get install openssh-server
For security reason, container images ship without user accounts
and without a root password.
Use lxc-attach or chroot directly into the rootfs to set a root password
or create user accounts.
root at v:~# lxc-start -n nv
root at v:~# lxc-ls -f --running
NAME STATE IPV4 IPV6 GROUPS AUTOSTART
--------------------------------------------------
nv RUNNING 10.0.3.249 - - NO
Now run a process inside the nested container
root at v:~# lxc-attach -n nv -- cat /proc/1/cgroup
12:name=systemd:/lxc/v/lxc/nv
11:perf_event:/lxc/v/lxc/nv
10:net_prio:/lxc/v/lxc/nv
9:net_cls:/lxc/v/lxc/nv
8:memory:/lxc/v/lxc/nv
7:hugetlb:/lxc/v/lxc/nv
6:freezer:/lxc/v/lxc/nv
5:devices:/lxc/v/lxc/nv
4:cpuset:/lxc/v/lxc/nv
3:cpuacct:/lxc/v/lxc/nv
2:cpu:/lxc/v/lxc/nv
1:blkio:/lxc/v/lxc/nv
Note how the cgroup is nested
--
Fajar
More information about the lxc-users
mailing list