[lxc-users] nested containers

Mohan G mohan_gg at yahoo.com
Thu Mar 5 12:42:38 UTC 2015 

Thanks ,I am able to create nested containers. I want the children to inherit the limits of parent container. I am able to do it in cgroups. But in containers i am not able to. Example in cgroups, used the memory.use_hierarchy option and contained the cgroups.

      From: Fajar A. Nugraha <list at fajar.net>
 To: LXC users mailing-list <lxc-users at lists.linuxcontainers.org> 
 Sent: Wednesday, March 4, 2015 2:44 PM
 Subject: Re: [lxc-users] nested containers
   
On Wed, Mar 4, 2015 at 12:15 PM, Mohan G <mohan_gg at yahoo.com> wrote:


> Hi,
> Is there anyway we can have nested containers/cgroups. One parent container
> forming the basis for children containers. i.e subset of parent container.

Yes.

On parent container config (in ubuntu), add this:
lxc.aa_profile=lxc-container-default-with-nesting

And then on that container, you can create containers

utopic ~ # lxc-ls -f --running
NAME  STATE    IPV4                      IPV6  GROUPS  AUTOSTART
-----------------------------------------------------------------
v    RUNNING  10.0.3.1, 192.168.124.173  -    -      NO

utopic ~ # lxc-attach -n v

root at v:~#

root at v:~# cat /proc/1/cgroup
12:name=systemd:/lxc/v
11:perf_event:/lxc/v
10:net_prio:/lxc/v
9:net_cls:/lxc/v
8:memory:/lxc/v
7:hugetlb:/lxc/v
6:freezer:/lxc/v
5:devices:/lxc/v
4:cpuset:/lxc/v
3:cpuacct:/lxc/v
2:cpu:/lxc/v
1:blkio:/lxc/v

root at v:~# lxc-create -t download -n nv -- -d ubuntu -r vivid -a amd64
Using image from local cache
Unpacking the rootfs

---
You just created an Ubuntu container (release=vivid, arch=amd64,
variant=default)

To enable sshd, run: apt-get install openssh-server

For security reason, container images ship without user accounts
and without a root password.

Use lxc-attach or chroot directly into the rootfs to set a root password
or create user accounts.

root at v:~# lxc-start -n nv

root at v:~# lxc-ls -f --running
NAME  STATE    IPV4        IPV6  GROUPS  AUTOSTART
--------------------------------------------------
nv    RUNNING  10.0.3.249  -    -      NO



Now run a process inside the nested container

root at v:~# lxc-attach -n nv -- cat /proc/1/cgroup
12:name=systemd:/lxc/v/lxc/nv
11:perf_event:/lxc/v/lxc/nv
10:net_prio:/lxc/v/lxc/nv
9:net_cls:/lxc/v/lxc/nv
8:memory:/lxc/v/lxc/nv
7:hugetlb:/lxc/v/lxc/nv
6:freezer:/lxc/v/lxc/nv
5:devices:/lxc/v/lxc/nv
4:cpuset:/lxc/v/lxc/nv
3:cpuacct:/lxc/v/lxc/nv
2:cpu:/lxc/v/lxc/nv
1:blkio:/lxc/v/lxc/nv

Note how the cgroup is nested

-- 
Fajar
_______________________________________________
lxc-users mailing list
lxc-users at lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20150305/06483211/attachment.html>

More information about the lxc-users mailing list