安装
1.centos的epel源提供了lxc的安装包,在使用epel源时首先安装epel-release包:
yum -y install epel-release
2.安装lxc软件包和依赖包
yum -y install lxc lxc-templates bridge-utils lxc-libs libcgroup libvirt
安装完成后,通过 lxc-checkconfig 命令来检查系统是否支持 LXC:
lxc-checkconfig
[root@jn-weiyw-qd01 ~]# lxc-checkconfig
Kernel configuration not found at /proc/config.gz; searching...
Kernel configuration found at /boot/config-3.10.0-1160.el7.x86_64
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Warning: newuidmap is not setuid-root
Warning: newgidmap is not setuid-root
Network namespace: enabled
Multiple /dev/pts instances: enabled--- Control groups ---
Cgroup: enabled
Cgroup clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled--- Misc ---
Veth pair device: enabled
Macvlan: enabled
Vlan: enabled
Bridges: enabled
Advanced netfilter: enabled
CONFIG_NF_NAT_IPV4: enabled
CONFIG_NF_NAT_IPV6: enabled
CONFIG_IP_NF_TARGET_MASQUERADE: enabled
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled--- Checkpoint/Restore ---
checkpoint restore: enabled
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: enabled
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: enabled
CONFIG_NETLINK_DIAG: enabled
File capabilities: enabledNote : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig[root@jn-weiyw-qd01 ~]#
在使用 LXC 之前,我们需要先进行一些配置。我们需要创建一个 LXC 的网络桥接接口,用于容器之间的通信。可以通过编辑 /etc/sysconfig/network-scripts/ifcfg-br0 文件来创建一个名为 br0 的网络桥接接口,如果没有ifcfg-br0文件我们可以自己创建一个,然后 添加:
vim /etc/sysconfig/network-scripts/ifcfg-br0
在文件内添加如下内容:
DEVICE="br0"
TYPE="Bridge"
BOOTPROTO="dhcp"
ONBOOT="yes"
DELAY="0"
然后需要修改 /etc/lxc/lxc.conf 文件,将其中的 lxc.network.link 参数设置为 br0,以便容器可以连接到该网络桥接接口:
lxc.network.link = "br0"
之后需要重启网络服务,以使配置生效:
systemctl restart network
再重启服务时遇到了如下错误
Failed to get D-Bus connection: Operation not permitted
解决办法是更换systemctl文件
首先备份systemctl文件
mv /usr/bin/systemctl /usr/bin/systemctl.old
然后执行
curl https://raw.githubusercontent.com/gdraheim/docker-systemctl-replacement/master/files/docker/systemctl.py > /usr/bin/systemctl
也可以自己打开该网站https://raw.githubusercontent.com/gdraheim/docker-systemctl-replacement/master/files/docker/systemctl.py,将里面的内容自己复制到 /usr/bin/systemctl
vim /usr/bin/systemctl
最后执行
chmod +x /usr/bin/systemctl
就可以解决报错了!
重启网络服务,使配置生效后,接下来我们可以看一下当前系统中可用的LXC模板容器
ls /usr/share/lxc/templates/
[root@jn-weiyw-qd01 ~]# ls /usr/share/lxc/templates/
lxc-alpine lxc-busybox lxc-debian lxc-gentoo lxc-oracle lxc-ubuntu
lxc-altlinux lxc-centos lxc-download lxc-openmandriva lxc-plamo lxc-ubuntu-cloud
lxc-archlinux lxc-cirros lxc-fedora lxc-opensuse lxc-sshd
创建lxc主机-t 指定模板容器,-n 指定要创建的主机名
lxc-create -n mycentos -t centos
创建完成后,我们可以使用以下命令来启动容器:
lxc-start -n mycentos
[root@jn-weiyw-qd01 ~]# lxc-start -n mycentos
systemd 219 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN)
Detected virtualization lxc.
Detected architecture x86-64.Welcome to CentOS Linux 7 (Core)!
Running in a container, ignoring fstab device entry for /dev/root.
Cannot add dependency job for unit display-manager.service, ignoring: Unit not found.
[ OK ] Started Forward Password Requests to Wall Directory Watch.
[ OK ] Reached target Local Encrypted Volumes.
[ OK ] Reached target Remote File Systems.
[ OK ] Reached target Swap.
[ OK ] Started Dispatch Password Requests to Console Directory Watch.
[ OK ] Reached target Paths.
[ OK ] Created slice Root Slice.
[ OK ] Listening on Delayed Shutdown Socket.
[ OK ] Listening on /dev/initctl Compatibility Named Pipe.
[ OK ] Listening on Journal Socket.
[ OK ] Created slice System Slice.
Mounting Huge Pages File System...
Starting Remount Root and Kernel File Systems...
Mounting POSIX Message Queue File System...
Mounting FUSE Control File System...
Starting Journal Service...
Starting Read and set NIS domainname from /etc/sysconfig/network...
[ OK ] Created slice User and Session Slice.
[ OK ] Reached target Slices.
[ OK ] Created slice system-getty.slice.
[ OK ] Mounted FUSE Control File System.
[ OK ] Mounted POSIX Message Queue File System.
[ OK ] Mounted Huge Pages File System.
[ OK ] Started Remount Root and Kernel File Systems.
Starting Configure read-only root support...
[ OK ] Reached target Local File Systems (Pre).
[ OK ] Started Journal Service.
Starting Flush Journal to Persistent Storage...
[ OK ] Started Read and set NIS domainname from /etc/sysconfig/network.
<46>systemd-journald[19]: Received request to flush runtime journal from PID 1
[ OK ] Started Configure read-only root support.
[ OK ] Reached target Local File Systems.
Starting Load/Save Random Seed...
[ OK ] Started Load/Save Random Seed.
[ OK ] Started Flush Journal to Persistent Storage.
Starting Create Volatile Files and Directories...
[ OK ] Started Create Volatile Files and Directories.
Starting Update UTMP about System Boot/Shutdown...
[ OK ] Started Update UTMP about System Boot/Shutdown.
[ OK ] Reached target System Initialization.
[ OK ] Listening on D-Bus System Message Bus Socket.
[ OK ] Reached target Sockets.
[ OK ] Reached target Basic System.
Starting LSB: Bring up/down networking...
Starting Permit User Sessions...
[ OK ] Started D-Bus System Message Bus.
Starting Login Service...
[ OK ] Started Daily Cleanup of Temporary Directories.
[ OK ] Reached target Timers.
[ OK ] Started Permit User Sessions.
Starting Cleanup of Temporary Directories...
[ OK ] Started Command Scheduler.
[ OK ] Started Console Getty.
[ OK ] Reached target Login Prompts.
[ OK ] Started Cleanup of Temporary Directories.
[ OK ] Started Login Service.CentOS Linux 7 (Core)
Kernel 5.10.16.3-microsoft-standard-WSL2 on an x86_64mycentos login: toor
Password:
Login incorrect
启动之前,我们要在/var/lib/lxc/mycentos/tmp_root_pass查看一下容器的默认密码:
cat /var/lib/lxc/mycentos/tmp_root_pass
[root@jn-weiyw-qd01 ~]# cat /var/lib/lxc/mycentos/tmp_root_pass
Root-mycentos-Mt5z0f
之后修改密码后就可以进入容器了