LXD keyingi avlod tizim konteyner menejeri, shuning uchun aytiladi . U virtual mashinalarga o'xshash foydalanuvchi interfeysini taklif qiladi, lekin uning o'rniga Linux konteynerlaridan foydalanadi.
LXD yadrosi mahalliy unix soketi orqali, shuningdek, agar tegishli konfiguratsiya o'rnatilgan bo'lsa, tarmoq orqali REST API ni ta'minlovchi imtiyozli demon (ildiz huquqlari bilan ishlaydigan xizmat). LXD bilan ta'minlangan buyruq qatori vositasi kabi mijozlar ushbu REST API orqali so'rovlar yuboradilar. Bu shuni anglatadiki, siz mahalliy xostga yoki masofaviy xostga kiryapsizmi, barchasi bir xil ishlaydi.
Ushbu maqolada biz LXD tushunchalari haqida batafsil to'xtalib o'tmaymiz, biz hujjatlarda ko'rsatilgan barcha mavjud imkoniyatlarni, shu jumladan LXD ning so'nggi versiyalarida QEMU virtual mashinalarini konteynerlar bilan parallel ravishda qo'llab-quvvatlashni ko'rib chiqmaymiz. Buning o‘rniga biz konteynerlarni boshqarish asoslarini o‘rganamiz – saqlash havzalarini sozlash, tarmoqqa ulanish, konteynerni ishga tushirish, resurs cheklovlarini qo‘llash va LXD haqida asosiy tushunchaga ega bo‘lishingiz va Linuxda konteynerlardan foydalanish uchun oniy tasvirlardan qanday foydalanishni o‘rganamiz.
To'liq ma'lumot uchun rasmiy manbaga murojaat qiling:
Navigatsiya
O'rnatish LXD
Ubuntu distributivlarida LXD o'rnatish
Ubuntu 19.10 tarqatish paketida lxd ko‘rsatuvi bor :
apt search lxd
lxd/eoan 1:0.7 all
Transitional package - lxd -> snap (lxd)Bu shuni anglatadiki, ikkita paket bir vaqtning o'zida o'rnatiladi, biri tizim paketi, ikkinchisi esa tezkor paket sifatida. Tizimga ikkita paketni o'rnatish, agar snap paket menejeri tomonidan o'chirilgan bo'lsa, tizim paketi etim bo'lib qolishi mumkin bo'lgan ba'zi muammolarni keltirib chiqarishi mumkin.
Paketni toping lxd snap omborida siz quyidagi buyruqdan foydalanishingiz mumkin:
snap find lxd
Name Version Summary
lxd 3.21 System container manager and API
lxd-demo-server 0+git.6d54658 Online software demo sessions using LXD
nova ocata OpenStack Compute Service (nova)
nova-hypervisor ocata OpenStack Compute Service - KVM Hypervisor (nova)
distrobuilder 1.0 Image builder for LXC and LXD
fabrica 0.1 Build snaps by simply pointing a web form to...
satellite 0.1.2 Advanced scalable Open source intelligence platformBuyruqni ishga tushirish orqali list paketga ishonch hosil qilishingiz mumkin lxd hali o'rnatilmagan:
snap list
Name Version Rev Tracking Publisher Notes
core 16-2.43.3 8689 stable canonical✓ coreLXD tezkor paket bo'lishiga qaramay, u tizim paketi orqali o'rnatilishi kerak lxd, bu tizimda tegishli guruhni, kerakli yordamchi dasturlarni yaratadi /usr/bin va hokazo.
sudo apt update
sudo apt install lxdKeling, paketning tezkor paket sifatida o'rnatilganligiga ishonch hosil qilaylik:
snap list
Name Version Rev Tracking Publisher Notes
core 16-2.43.3 8689 stable canonical✓ core
lxd 3.21 13474 stable/… canonical✓ -Arch Linux distributivlarida LXD o'rnatish
LXD paketini tizimga o'rnatish uchun siz quyidagi buyruqlarni bajarishingiz kerak, birinchisi omborda mavjud bo'lgan tizimdagi paketlar ro'yxatini yangilaydi, ikkinchisi to'g'ridan-to'g'ri paketni o'rnatadi:
sudo pacman -Syyu && sudo pacman -S lxdPaketni o'rnatgandan so'ng, oddiy foydalanuvchi tomonidan LXD ni boshqarish uchun uni tizim guruhiga qo'shish kerak lxd:
sudo usermod -a -G lxd user1Keling, foydalanuvchiga ishonch hosil qilaylik user1 guruhga qo'shildi lxd:
id -Gn user1
user1 adm dialout cdrom floppy sudo audio dip video plugdev netdev lxdAgar guruh lxd ro'yxatda ko'rinmasa, foydalanuvchi seansini yana faollashtirishingiz kerak. Buning uchun siz tizimdan chiqishingiz va bir xil foydalanuvchi ostida tizimga kirishingiz kerak.
Faollashtirish systemd tizim ishga tushganda LXD xizmatini yuklash:
sudo systemctl enable lxdXizmatni boshlaylik:
sudo systemctl start lxdXizmat holatini tekshirish:
sudo systemctl status lxdSaqlash LXD (Saqlash)
Ishga tushirishni boshlashdan oldin, LXD-da saqlash mantiqiy ravishda qanday tartibga solinganligini tushunishimiz kerak.
Saqlash (saqlash) bir yoki bir nechtadan Saqlash havzasi ZFS, BTRFS, LVM yoki oddiy kataloglar kabi qo'llab-quvvatlanadigan fayl tizimlaridan birini ishlatadi. Har Saqlash havzasi jildlarga bo'linadi (Saqlash hajmi) boshqa maqsadlar uchun tasvirlar, konteynerlar yoki ma'lumotlarni o'z ichiga olgan.
- Rasmlar - bu Linux yadrosisiz maxsus yig'ilgan distributivlar va tashqi manbalardan foydalanish mumkin
- Konteynerlar - bular foydalanishga tayyor tasvirlardan tarqatilgan tarqatmalar
- Suratlar - bular siz qaytishingiz mumkin bo'lgan konteynerlar holatining suratlari
LXD-da saqlashni boshqarish uchun buyruqdan foydalaning lxc storage kalitni ko'rsatish orqali olishingiz mumkin bo'lgan sertifikat - lxc storage --help
Quyidagi buyruq hammasi ro'yxatini ko'rsatadi Saqlash havzasi LXD xotirasida:
lxc storage list
+---------+-------------+--------+--------------------------------+---------+
| NAME | DESCRIPTION | DRIVER | SOURCE | USED BY |
+---------+-------------+--------+--------------------------------+---------+
| hddpool | | btrfs | /dev/loop1 | 2 |
+---------+-------------+--------+--------------------------------+---------+
| ssdpool | | btrfs | /var/lib/lxd/disks/ssdpool.img | 4 |
+---------+-------------+--------+--------------------------------+---------+Hammasi ro'yxatini ko'rish uchun Saqlash hajmi tanlanganda Saqlash havzasi jamoaga xizmat qiladi lxc storage volume list:
lxc storage volume list hddpool
+-------+----------------------------------+-------------+---------+
| TYPE | NAME | DESCRIPTION | USED BY |
+-------+----------------------------------+-------------+---------+
| image | ebd565585223487526ddb3607f515... | | 1 |
+-------+----------------------------------+-------------+---------+lxc storage volume list ssdpool
+-----------+----------------------------------+-------------+---------+
| TYPE | NAME | DESCRIPTION | USED BY |
+-----------+----------------------------------+-------------+---------+
| container | alp3 | | 1 |
+-----------+----------------------------------+-------------+---------+
| container | jupyter | | 1 |
+-----------+----------------------------------+-------------+---------+
| image | ebd565585223487526ddb3607f515... | | 1 |
+-----------+----------------------------------+-------------+---------+Bundan tashqari, agar uchun Saqlash havzasi Yaratishda BTRFS fayl tizimi tanlandi, keyin ro'yxatni oling Saqlash hajmi yoki kichik hajmlar BTRFS talqinida siz ushbu fayl tizimining asboblar to'plamidan foydalanishingiz mumkin:
sudo btrfs subvolume list -p /var/lib/lxd/storage-pools/hddpool
ID 257 gen 818 parent 5 top level 5 path images/ebd565585223487526ddb3607f5156e875c15a89e21b61ef004132196da6a0a3sudo btrfs subvolume list -p /var/lib/lxd/storage-pools/ssdpool
ID 257 gen 1820 parent 5 top level 5 path images/ebd565585223487526ddb3607f5156e875c15a89e21b61ef004132196da6a0a3
ID 260 gen 1819 parent 5 top level 5 path containers/jupyter
ID 263 gen 1820 parent 5 top level 5 path containers/alp3LXD ishga tushirilmoqda
Konteynerlarni yaratish va ishlatishdan oldin siz tarmoq va saqlashni yaratadigan va sozlaydigan umumiy LXD ishga tushirishni amalga oshirishingiz kerak. Bu buyruqni chaqirish orqali ro'yxatda mavjud bo'lgan standart mijoz buyruqlari yordamida qo'lda amalga oshirilishi mumkin lxc --help yoki ishga tushirish ustasidan foydalaning lxd init bir nechta savollarga javob beradi.
Saqlash havzasi uchun fayl tizimini tanlash
Ishga tushirish vaqtida LXD bir nechta savollarni, jumladan, sukut bo'yicha fayl tizimi turini aniqlashni so'raydi Saqlash havzasi. Odatiy bo'lib, u uchun BTRFS fayl tizimi tanlangan. Yaratilgandan keyin boshqa FSga o'tish mumkin bo'lmaydi. FS ni tanlash tavsiya etiladi :
xususiyati
Directory
Btrfs
LVM
ZFS
CEPH
Optimallashtirilgan tasvirni saqlash
Yo'q
ha
ha
ha
ha
Optimallashtirilgan namuna yaratish
Yo'q
ha
ha
ha
ha
Optimallashtirilgan surat yaratish
Yo'q
ha
ha
ha
ha
Optimallashtirilgan tasvir uzatish
Yo'q
ha
Yo'q
ha
ha
Optimallashtirilgan misol uzatish
Yo'q
ha
Yo'q
ha
ha
yozishda nusxa ko'chiring
Yo'q
ha
ha
ha
ha
Blokka asoslangan
Yo'q
Yo'q
ha
Yo'q
ha
Darhol klonlash
Yo'q
ha
ha
ha
ha
Saqlash drayveri konteyner ichida ishlatilishi mumkin
ha
ha
Yo'q
Yo'q
Yo'q
Eski suratlardan tiklash (oxirgi emas)
ha
ha
ha
Yo'q
ha
Saqlash kvotalari
ha(*)
ha
ha
ha
Yo'q
Sehrgar yordamida tarmoq va saqlash havzasini ishga tushirish
Biz ko'rib chiqadigan keyingi buyruq ishga tushirish ustasi yordamida oddiy savollarga javob berish orqali LXD ning asosiy komponentlarini sozlashni taklif qiladi.
Buyruqni ishga tushirish lxc init va quyidagi misolda ko'rsatilganidek, ikkita nuqtadan keyin savollarga javoblarni kiriting yoki ularni shartlaringizga ko'ra o'zgartiring:
lxd init
Would you like to use LXD clustering? (yes/no) [default=no]:
Do you want to configure a new storage pool? (yes/no) [default=yes]:
Name of the new storage pool [default=default]: ssdpool
Name of the storage backend to use (lvm, btrfs, dir) [default=btrfs]:
Create a new BTRFS pool? (yes/no) [default=yes]:
Would you like to use an existing block device? (yes/no) [default=no]:
Size in GB of the new loop device (1GB minimum) [default=15GB]: 10GB
Would you like to connect to a MAAS server? (yes/no) [default=no]:
Would you like to create a new local network bridge? (yes/no) [default=yes]:
What should the new bridge be called? [default=lxdbr0]:
What IPv4 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]: 10.0.5.1/24
Would you like LXD to NAT IPv4 traffic on your bridge? [default=yes]:
What IPv6 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]: none
Would you like LXD to be available over the network? (yes/no) [default=no]:
Would you like stale cached images to be updated automatically? (yes/no) [default=yes] no
Would you like a YAML "lxd init" preseed to be printed? (yes/no) [default=no]: Qo'shimcha saqlash havzasini yaratish
Oldingi bosqichda biz yaratdik Saqlash havzasi qaysi nom berilgan ssdpool va fayl mening tizimimda joylashgan /var/lib/lxd/disks/ssdpool.img. Ushbu fayl tizimi manzili mening shaxsiy kompyuterimdagi jismoniy SSD diskiga mos keladi.
Quyidagi harakatlar, o'ynagan rolni tushunishni kengaytirish Saqlash havzasi omborida biz ikkinchisini yaratamiz Saqlash havzasi u jismonan boshqa turdagi diskda, HDDda joylashgan bo'ladi. Muammo shundaki, LXD sizga yaratishga ruxsat bermaydi Saqlash havzasi manzildan tashqarida /var/lib/lxd/disks/ va hatto ramziy havolalar ham ishlamaydi, . Biz ishga tushirish/formatlash vaqtida bu cheklovni chetlab o'tishimiz mumkin Saqlash havzasi kalitda buni ko'rsatib, qaytarma faylga yo'l o'rniga qiymatni blok qurilmasi sifatida ko'rsatish orqali source.
Shunday qilib, yaratishdan oldin Saqlash havzasi fayl tizimingizdagi u foydalanadigan orqaga aylanish faylini yoki mavjud bo'limni belgilashingiz kerak. Buning uchun biz faylni yaratamiz va undan foydalanamiz, uning hajmi 10 Gb gacha bo'ladi:
dd if=/dev/zero of=/mnt/work/lxd/hddpool.img bs=1MB count=10000
10000+0 records in
10000+0 records out
10000000000 bytes (10 GB, 9,3 GiB) copied, 38,4414 s, 260 MB/sKeling, orqaga aylanish faylini bepul qayta ishlash qurilmasiga ulaymiz:
sudo losetup --find --show /mnt/work/lxd/hddpool.img
/dev/loop1Kalit uchun rahmat --show Buyruqni bajarish ekranga bizning loopback faylimiz ulangan qurilma nomini qaytaradi. Agar kerak bo'lsa, harakatlarimiz to'g'ri ekanligiga ishonch hosil qilish uchun ushbu turdagi barcha band qurilmalar ro'yxatini ko'rsatishimiz mumkin:
losetup -l
NAME SIZELIMIT OFFSET AUTOCLEAR RO BACK-FILE DIO LOG-SEC
/dev/loop1 0 0 0 0 /mnt/work/lxd/hddpool.img 0 512
/dev/loop0 0 0 1 0 /var/lib/lxd/disks/ssdpool.img 0 512Ro'yxatda siz qurilma borligini topishingiz mumkin /dev/loop1 loopback fayli kiritilgan /mnt/work/lxd/hddpool.img, va qurilmada /dev/loop0 loopback fayli kiritilgan /var/lib/lxd/disks/ssdpool.img bu standartga mos keladi Saqlash havzasi.
Quyidagi buyruq yangisini yaratadi Saqlash havzasi LXD da biz hozirgina tayyorlagan orqaga qaytish fayli asosida. LXD orqaga qaytish faylini formatlaydi /mnt/work/lxd/hddpool.img qurilmada /dev/loop1 BTRFS fayl tizimi uchun:
lxc storage create hddpool btrfs size=10GB source=/dev/loop1Keling, hammasi ro'yxatini ko'rsatamiz Saqlash havzasi ekranga chiqarish:
lxc storage list
+---------+-------------+--------+--------------------------------+---------+
| NAME | DESCRIPTION | DRIVER | SOURCE | USED BY |
+---------+-------------+--------+--------------------------------+---------+
| hddpool | | btrfs | /dev/loop1 | 0 |
+---------+-------------+--------+--------------------------------+---------+
| ssdpool | | btrfs | /var/lib/lxd/disks/ssdpool.img | 0 |
+---------+-------------+--------+--------------------------------+---------+Saqlash havzasining hajmini oshirish
Yaratgandan keyin Saqlash havzasi, agar kerak bo'lsa, uni kengaytirish mumkin. Uchun Saqlash havzasi BTRFS fayl tizimi asosida quyidagi buyruqlarni bajaring:
sudo truncate -s +5G /mnt/work/lxd/hddpool.img
sudo losetup -c /dev/loop1
sudo btrfs filesystem resize max /var/lib/lxd/storage-pools/hddpoolOrqaga aylanma faylni qayta ishlash qurilmasi uyasiga avtomatik kiritish
Xost tizimini, faylni qayta ishga tushirishda bizda bitta kichik muammo bor /mnt/work/lxd/hddpool.img qurilmadan "uchib ketadi" /dev/loop1 va LXD xizmati yuklanganda ishlamay qoladi, chunki u ushbu qurilmada uni ko'rmaydi. Ushbu muammoni hal qilish uchun siz ushbu faylni qurilmaga joylashtiradigan tizim xizmatini yaratishingiz kerak /dev/loop1 xost tizimi yuklanganda.
Keling, yarataylik birlik fayl turi xizmat в /etc/systemd/system/ SystemD ishga tushirish tizimi uchun:
cat << EOF | sudo tee -a /etc/systemd/system/lxd-hddpool.service
[Unit]
Description=Losetup LXD Storage Pool (hddpool)
After=local-fs.target
[Service]
Type=oneshot
ExecStart=/sbin/losetup /dev/loop1 /mnt/work/lxd/hddpool.img
RemainAfterExit=true
[Install]
WantedBy=local-fs.target
EOFXizmatni faollashtirish:
sudo systemctl enable lxd-hddpool
Created symlink /etc/systemd/system/local-fs.target.wants/lxd-hddpool.service → /etc/systemd/system/lxd-hddpool.service.Xost tizimini qayta ishga tushirgandan so'ng, biz xizmat holatini tekshiramiz:
systemctl status lxd-hddpool.service
● lxd-hddpool.service - Losetup LXD Storage Pool (hddpool)
Loaded: loaded (/etc/systemd/system/lxd-hddpool.service; enabled; vendor preset: disabled)
Active: active (exited) since Wed 2020-04-08 03:43:53 MSK; 1min 37s ago
Process: 711 ExecStart=/sbin/losetup /dev/loop1 /mnt/work/lxd/hddpool.img (code=exited, status=0/SUCCESS)
Main PID: 711 (code=exited, status=0/SUCCESS)
апр 08 03:43:52 manjaro systemd[1]: Starting Losetup LXD Storage Pool (hddpool)...
апр 08 03:43:53 manjaro systemd[1]: Finished Losetup LXD Storage Pool (hddpool).Chiqishdan biz xizmat holatini tekshirishimiz mumkin faol, skriptimizni bitta buyruqdan bajarish tugallanganiga qaramay, variant bizga buni amalga oshirishga imkon berdi RemainAfterExit=true.
Xavfsizlik. Konteyner imtiyozlari
Barcha konteyner jarayonlari xost tizimida uning yadrosidan foydalangan holda yakka holda ishlayotganligi sababli, konteyner jarayonlarining xost tizimiga kirishini qo'shimcha himoya qilish uchun LXD jarayon imtiyozlarini taqdim etadi, bu erda:
-
Imtiyozli konteynerlar - bular UID va GID jarayonlari xost tizimidagi kabi bir xil egasiga mos keladigan konteynerlar. Misol uchun, UID 0 ga ega bo'lgan konteynerda ishlaydigan jarayon host tizimidagi UID 0 ga ega bo'lgan jarayon bilan bir xil kirish huquqlariga ega. Boshqacha qilib aytganda, konteynerdagi ildiz foydalanuvchi nafaqat barcha huquqlarga ega. konteyner, shuningdek, agar u konteynerning izolyatsiya qilingan nom maydonidan tashqariga chiqa olsa, xost tizimida.
-
Imtiyozsiz konteynerlar - bular 0 dan 65535 gacha raqamlar bilan UID va GID egasiga tegishli jarayonlar bo'lgan konteynerlar, lekin xost tizimi uchun egasi mos ravishda qo'shilgan SubUID va SubGID bitlari yordamida maskalanadi. Masalan, konteynerda UID=0 bo'lgan foydalanuvchi xost tizimida shunday ko'rinadi
SubUID + UID. Bu xost tizimini himoya qiladi, chunki konteynerdagi har qanday jarayon izolyatsiya qilingan nom maydonidan qochib qutula olsa, u faqat noma'lum, juda yuqori UID/GID bilan xost tizimi bilan bog'lanishi mumkin.
Odatiy bo'lib, yangi yaratilgan konteynerlar imtiyozsiz maqomga ega va shuning uchun biz SubUID va SubGIDni belgilashimiz kerak.
Keling, mos ravishda SubUID va SubGID uchun niqobni o'rnatadigan ikkita konfiguratsiya faylini yarataylik:
sudo touch /etc{/subuid,/subgid}
sudo usermod --add-subuids 1000000-1065535 root
sudo usermod --add-subgids 1000000-1065535 rootO'zgarishlarni qo'llash uchun LXD xizmatini qayta ishga tushirish kerak:
sudo systemctl restart lxdVirtual tarmoq kalitini yaratish
Biz ilgari ishga tushirish ustasi yordamida tarmoqni ishga tushirganimiz uchun lxd init va tarmoq qurilmasini yaratdi lxdbr0, keyin ushbu bo'limda biz oddiygina LXD-da tarmoqqa ulanish va mijoz buyrug'i yordamida virtual kommutator (ko'prik) yaratish bilan tanishamiz.
Quyidagi diagrammada kalit (ko'prik) xost va konteynerlarni tarmoqqa qanday ulashi ko'rsatilgan:
Konteynerlar tarmoq orqali boshqa konteynerlar yoki ushbu konteynerlar xizmat ko'rsatadigan xost bilan bog'lanishi mumkin. Buning uchun konteynerlarning virtual tarmoq kartalarini virtual kalit bilan ulashingiz kerak. Biz birinchi navbatda kalit yaratamiz va konteynerning o'zi yaratilgandan so'ng keyingi boblarda konteynerning tarmoq interfeyslari bog'lanadi.
Quyidagi buyruq pastki tarmoq bilan kalitni yaratadi 10.0.5.0/24 va IPv4 manzili 10.0.5.1/24, shuningdek, o'z ichiga oladi ipv4.nat konteynerlar NAT xizmatidan foydalangan holda xost orqali Internetga kirishlari mumkin:
lxc network create lxdbr0 ipv4.address=10.0.5.1/24 ipv4.nat=true ipv6.address=noneLXD da mavjud tarmoq qurilmalari roʻyxatini tekshirish:
lxc network list
+--------+----------+---------+-------------+---------+
| NAME | TYPE | MANAGED | DESCRIPTION | USED BY |
+--------+----------+---------+-------------+---------+
| eno1 | physical | NO | | 0 |
+--------+----------+---------+-------------+---------+
| lxdbr0 | bridge | YES | | 0 |
+--------+----------+---------+-------------+---------+Bundan tashqari, Linux tarqatishning standart vositasi yordamida tarmoq qurilmasi yaratilganligini tekshirishingiz mumkin - ip link yoki ip addr:
ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether bc:ee:7b:5a:6b:44 brd ff:ff:ff:ff:ff:ff
altname enp0s25
inet6 fe80::9571:11f3:6e0c:c07b/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: lxdbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether c2:38:90:df:cb:59 brd ff:ff:ff:ff:ff:ff
inet 10.0.5.1/24 scope global lxdbr0
valid_lft forever preferred_lft forever
inet6 fe80::c038:90ff:fedf:cb59/64 scope link
valid_lft forever preferred_lft forever
5: veth3ddab174@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master lxdbr0 state UP group default qlen 1000
link/ether ca:c3:5c:1d:22:26 brd ff:ff:ff:ff:ff:ff link-netnsid 0Konfiguratsiya profili
LXD-dagi har bir konteyner o'z konfiguratsiyasiga ega va uni global e'lon qilingan konfiguratsiyalar bilan kengaytirishi mumkin. konfiguratsiya profillari. Konteynerga konfiguratsiya profillarini qo'llash kaskad modeliga ega, quyidagi misol buni ko'rsatadi:
Ushbu misolda LXD tizimida uchta profil yaratilgan: default, hddpool и hostfs. Barcha uchta profil mahalliy konfiguratsiyaga (kulrang maydon) ega bo'lgan konteynerga qo'llaniladi. Profil default qurilmaga ega root parametrga ega pool tengdir ssdpool, lekin kaskadli konfiguratsiya ilova modeli tufayli biz konteynerga profilni qo'llashimiz mumkin hddpool parametrga ega pool profildagi bir xil parametrni bekor qiladi default va konteyner qurilma konfiguratsiyasini oladi root parametr bilan pool teng hddpool, va profil hostfs shunchaki konteynerga yangi qurilma qo'shadi.
Mavjud konfiguratsiya profillari ro'yxatini ko'rish uchun quyidagi buyruqdan foydalaning:
lxc profile list
+---------+---------+
| NAME | USED BY |
+---------+---------+
| default | 1 |
+---------+---------+
| hddroot | 0 |
+---------+---------+
| ssdroot | 1 |
+---------+---------+Profil bilan ishlash uchun mavjud buyruqlarning to'liq ro'yxatini kalitni qo'shish orqali olish mumkin --help:
lxc profile --help
Description:
Manage profiles
Usage:
lxc profile [command]
Available Commands:
add Add profiles to instances
assign Assign sets of profiles to instances
copy Copy profiles
create Create profiles
delete Delete profiles
device Manage instance devices
edit Edit profile configurations as YAML
get Get values for profile configuration keys
list List profiles
remove Remove profiles from instances
rename Rename profiles
set Set profile configuration keys
show Show profile configurations
unset Unset profile configuration keysProfilingizni tahrirlash
Standart konfiguratsiya profili default konteyner uchun tarmoq kartasi konfiguratsiyasi mavjud emas va barcha yangi yaratilgan konteynerlar tarmoqqa ega emas, ular uchun alohida buyruq bilan mahalliy (ajratilgan) tarmoq qurilmalarini yaratish kerak, lekin biz konfiguratsiyada global tarmoq qurilmasini yaratishimiz mumkin. ushbu profildan foydalanadigan barcha konteynerlar o'rtasida almashiladigan profil. Shunday qilib, yangi konteyner yaratish buyrug'idan so'ng darhol ular tarmoqqa kirish imkoniyatiga ega bo'ladilar. Shu bilan birga, hech qanday cheklovlar yo'q, agar kerak bo'lsa, biz har doim mahalliy tarmoq qurilmasini yaratishimiz mumkin.
Quyidagi buyruq qurilmani konfiguratsiya profiliga qo'shadi eth0 turi nic tarmoqqa ulangan lxdbr0:
lxc profile device add default eth0 nic network=lxdbr0 name=eth0Shuni ta'kidlash kerakki, biz qurilmani konfiguratsiya profiliga qo'shganimiz sababli, agar biz qurilmada statik IP-manzilni ko'rsatgan bo'lsak, u holda ushbu profildan foydalanadigan barcha konteynerlar bir xil IP-manzilga ega bo'ladi. Agar konteyner uchun ajratilgan statik IP-manzilga ega konteyner yaratish zarurati tug'ilsa, tarmoq qurilmasi konfiguratsiyasini profil darajasida emas, IP-manzil parametri bilan konteyner darajasida (mahalliy konfiguratsiya) yaratishingiz kerak.
Profilni tekshiramiz:
lxc profile show default
config: {}
description: Default LXD profile
devices:
eth0:
name: eth0
network: lxdbr0
type: nic
root:
path: /
pool: ssdpool
type: disk
name: default
used_by: []Ushbu profilda biz barcha yangi yaratilgan konteynerlar uchun ikkita qurilma yaratilishini ko'rishimiz mumkin:
eth0- Qurilma turinickalitga ulangan (tarmoq ko'prigi)lxdbr0root- Qurilma turidisksaqlash hovuzidan foydalanadissdpool
Yangi profillar yaratish
Oldindan yaratilgan foydalanish uchun Saqlash havzasi konteynerlar, konfiguratsiya profilini yarating ssdroot kabi qurilmani qo'shamiz disk o'rnatish nuqtasi bilan / (ildiz) ilgari yaratilganidan foydalangan holda Saqlash havzasi - ssdpool:
lxc profile create ssdroot
lxc profile device add ssdroot root disk path=/ pool=ssdpoolXuddi shunday, biz kabi qurilma yaratamiz disk, lekin bu holda foydalanish Saqlash havzasi - hddpool:
lxc profile create hddroot
lxc profile device add hddroot root disk path=/ pool=hddpoolKonfiguratsiya profillarini tekshirish:
lxc profile show ssdroot
config: {}
description: ""
devices:
root:
path: /
pool: ssdpool
type: disk
name: ssdroot
used_by: []lxc profile show hddroot
config: {}
description: ""
devices:
root:
path: /
pool: hddpool
type: disk
name: hddroot
used_by: []Rasmlar ombori
Konteynerlar Linux yadrosiga ega bo'lmagan maxsus yig'ilgan distributivlar bo'lgan tasvirlardan yaratilgan. Shuning uchun, konteynerni ishga tushirishdan oldin, uni ushbu rasmdan joylashtirish kerak. Tasvirlar manbai mahalliy ombor bo'lib, unga tasvirlar tashqi omborlardan yuklab olinadi.
Masofaviy tasvir omborlari
Odatiy bo'lib, LXD uchta masofaviy manbadan tasvirlarni qabul qilish uchun sozlangan:
- ubuntu: (barqaror Ubuntu tasvirlari uchun)
- ubuntu-daily: (kundalik Ubuntu tasvirlari uchun)
- tasvirlar: (boshqa bir qancha distroslar uchun)
lxc remote list
+-----------------+------------------------------------------+--------+--------+
| NAME | URL | PUBLIC | STATIC |
+-----------------+------------------------------------------+--------+--------+
| images | https://images.linuxcontainers.org | YES | NO |
+-----------------+------------------------------------------+--------+--------+
| local (default) | unix:// | NO | YES |
+-----------------+------------------------------------------+--------+--------+
| ubuntu | https://cloud-images.ubuntu.com/releases | YES | YES |
+-----------------+------------------------------------------+--------+--------+
| ubuntu-daily | https://cloud-images.ubuntu.com/daily | YES | YES |
+-----------------+------------------------------------------+--------+--------+Masalan, ombor ubuntu: quyidagi rasmlarga ega:
lxc image -c dasut list ubuntu: | head -n 11
+----------------------------------------------+--------------+----------+------------+
| DESCRIPTION | ARCHITECTURE | SIZE | TYPE |
+----------------------------------------------+--------------+----------+------------+
| ubuntu 12.04 LTS amd64 (release) (20150728) | x86_64 | 153.72MB | CONTAINER |
+----------------------------------------------+--------------+----------+------------+
| ubuntu 12.04 LTS amd64 (release) (20150819) | x86_64 | 152.91MB | CONTAINER |
+----------------------------------------------+--------------+----------+------------+
| ubuntu 12.04 LTS amd64 (release) (20150906) | x86_64 | 154.69MB | CONTAINER |
+----------------------------------------------+--------------+----------+------------+
| ubuntu 12.04 LTS amd64 (release) (20150930) | x86_64 | 153.86MB | CONTAINER |
+----------------------------------------------+--------------+----------+------------+Cheklangan sonli ustunlarni ko'rsatish uchun biz variantdan foydalandik -c parametrlari bilan dasut, shuningdek, buyruq bilan ro'yxat uzunligini chekladi head.
Tasvirlar ro'yxatini ko'rsatish uchun filtrlash mavjud. Quyidagi buyruq barcha mavjud tarqatish arxitekturalari ro'yxatini beradi :
lxc image -c ldast list images:alpine/3.11
+------------------------------+--------------------------------------+--------------+
| ALIAS | DESCRIPTION | ARCHITECTURE |
+------------------------------+--------------------------------------+--------------+
| alpine/3.11 (3 more) | Alpine 3.11 amd64 (20200220_13:00) | x86_64 |
+------------------------------+--------------------------------------+--------------+
| alpine/3.11/arm64 (1 more) | Alpine 3.11 arm64 (20200220_13:00) | aarch64 |
+------------------------------+--------------------------------------+--------------+
| alpine/3.11/armhf (1 more) | Alpine 3.11 armhf (20200220_13:00) | armv7l |
+------------------------------+--------------------------------------+--------------+
| alpine/3.11/i386 (1 more) | Alpine 3.11 i386 (20200220_13:01) | i686 |
+------------------------------+--------------------------------------+--------------+
| alpine/3.11/ppc64el (1 more) | Alpine 3.11 ppc64el (20200220_13:00) | ppc64le |
+------------------------------+--------------------------------------+--------------+
| alpine/3.11/s390x (1 more) | Alpine 3.11 s390x (20200220_13:00) | s390x |
+------------------------------+--------------------------------------+--------------+Mahalliy tasvirlar ombori
Konteynerdan foydalanishni boshlash uchun siz global ombordan mahalliyga rasm qo'shishingiz kerak local:. Endi mahalliy ombor bo'sh, buyruq bunga ishonch hosil qiladi lxc image list. Agar usul list omborni ko'rsatmang, keyin mahalliy ombor sukut bo'yicha ishlatiladi - local:
lxc image list local:
+-------+-------------+--------+-------------+--------------+------+------+
| ALIAS | FINGERPRINT | PUBLIC | DESCRIPTION | ARCHITECTURE | TYPE | SIZE |
+-------+-------------+--------+-------------+--------------+------+------+Ombordagi tasvirlar quyidagi usullar yordamida boshqariladi:
komanda
tavsifi
lxc rasm afsus
Rasm taxalluslarini boshqaring
lxc rasm nusxa ko'chirish
Tasvirlarni serverlar o'rtasida nusxalash
lxc rasm o'chirish
Rasmlarni o'chirish
lxc rasm tahrir
Rasm xususiyatlarini tahrirlash
lxc rasm eksport
Rasmlarni eksport qilish va yuklab olish
lxc rasm import
Rasmlar do'koniga rasmlarni import qiling
lxc rasm info
Rasmlar haqida foydali ma'lumotlarni ko'rsatish
lxc rasm ro'yxat
Rasmlar ro'yxati
lxc rasm Yangilang
Tasvirlarni yangilash
lxc rasm show
Rasm xususiyatlarini ko'rsatish
Rasmni global ombordan mahalliy omborga nusxalash images::
lxc image copy images:alpine/3.11/amd64 local: --alias=alpine3
Image copied successfully!Keling, mahalliy omborda mavjud bo'lgan barcha rasmlar ro'yxatini ko'rsatamiz local::
lxc image -c lfdatsu list local:
+---------+--------------+------------------------------------+--------------+
| ALIAS | FINGERPRINT | DESCRIPTION | ARCHITECTURE |
+---------+--------------+------------------------------------+--------------+
| alpine3 | 73a3093d4a5c | Alpine 3.11 amd64 (20200220_13:00) | x86_64 |
+---------+--------------+------------------------------------+--------------+LXD konfiguratsiyasi
Interfaol rejimga qo'shimcha ravishda, LXD interaktiv bo'lmagan konfiguratsiyani o'rnatish rejimini ham qo'llab-quvvatlaydi, bu konfiguratsiya YAML fayli ko'rinishida ko'rsatilganda, bajarilishni chetlab o'tib, butun konfiguratsiyani bir vaqtning o'zida o'rnatish imkonini beruvchi maxsus format. Ushbu maqolada yuqorida muhokama qilingan ko'plab interaktiv buyruqlar, jumladan, tarmoq konfiguratsiyasi, konfiguratsiya profillarini yaratish va hk. Biz bu hududni bu yerda yoritmaymiz, uni o'zingiz tekshirib ko'rishingiz mumkin. .
Keyingi interaktiv buyruq lxc config biz ko'rib chiqadigan konfiguratsiyani o'rnatishga imkon beradi. Masalan, mahalliy omborga yuklab olingan tasvirlar global omborlardan avtomatik ravishda yangilanmasligini ta'minlash uchun biz ushbu xatti-harakatni quyidagi buyruq bilan yoqishimiz mumkin:
lxc config set images.auto_update_cached=falseKonteynerni yaratish va boshqarish
Konteyner yaratish uchun buyruqdan foydalaning lxc init qaysi qiymatlar o'tkaziladi репозиторий:образ va keyin konteyner uchun kerakli ID. Repozitoriy mahalliy sifatida belgilanishi mumkin local: har qanday global ham shunday. Agar ombor ko'rsatilmagan bo'lsa, sukut bo'yicha rasmni qidirish uchun mahalliy ombordan foydalaniladi. Agar rasm global ombordan ko'rsatilgan bo'lsa, u holda rasm avval mahalliy omborga yuklab olinadi va keyin konteyner yaratish uchun ishlatiladi.
Birinchi konteynerimizni yaratish uchun quyidagi buyruqni bajaramiz:
lxc init alpine3 alp --storage=hddpool --profile=default --profile=hddrootKeling, bu erda ishlatadigan buyruq tugmachalarini tartibda ko'rib chiqaylik:
alpine3— Mahalliy omborga avval yuklangan rasm uchun taxallus (taxallus) koʻrsatilgan. Agar taxallus ushbu rasm uchun yaratilmagan bo'lsa, unda siz har doim rasmga uning nomi bilan murojaat qilishingiz mumkin Barmoq izi bu jadvalda ko'rsatilgan.alp— Konteyner uchun identifikatorni o'rnatadi--storage— Bu kalit qaysi ekanligini ko'rsatadi Saqlash havzasi konteyner yaratiladi--profile— Ushbu tugmalar kaskadli konfiguratsiyani oldindan yaratilgan konfiguratsiya profillaridan konteynerga qo'llaydi
Biz konteynerni ishga tushiramiz, u tarqatishning init tizimini ishga tushira boshlaydi:
lxc start alpBuyruqdan ham foydalanishingiz mumkin lxc launch bu sizga jamoalarni birlashtirish imkonini beradi lxc init и lxc start bitta operatsiyada.
Idishning holatini tekshirish:
lxc list -c ns46tb
+------+---------+------------------+------+-----------+--------------+
| NAME | STATE | IPV4 | IPV6 | TYPE | STORAGE POOL |
+------+---------+------------------+------+-----------+--------------+
| alp | RUNNING | 10.0.5.46 (eth0) | | CONTAINER | hddpool |
+------+---------+------------------+------+-----------+--------------+Konteyner konfiguratsiyasini tekshirish:
lxc config show alp
architecture: x86_64
config:
image.architecture: amd64
image.description: Alpine 3.11 amd64 (20200326_13:39)
image.os: Alpine
image.release: "3.11"
image.serial: "20200326_13:39"
image.type: squashfs
volatile.base_image: ebd565585223487526ddb3607f5156e875c15a89e21b61ef004132196da6a0a3
volatile.eth0.host_name: vethb1fe71d8
volatile.eth0.hwaddr: 00:16:3e:5f:73:3e
volatile.idmap.base: "0"
volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":65536}]'
volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":65536}]'
volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":65536}]'
volatile.last_state.power: RUNNING
devices:
root:
path: /
pool: hddpool
type: disk
ephemeral: false
profiles:
- default
- hddroot
stateful: false
description: ""Bo'limda profiles biz ushbu konteyner ikkita konfiguratsiya profilidan foydalanishiga ishonch hosil qilishimiz mumkin - default и hddroot. Bo'limda devices biz faqat bitta qurilmani aniqlay olamiz, chunki tarmoq qurilmasi profil darajasida yaratilgan default. Konteyner tomonidan ishlatiladigan barcha qurilmalarni ko'rish uchun siz kalit qo'shishingiz kerak --expanded:
lxc config show alp --expanded
architecture: x86_64
config:
image.architecture: amd64
image.description: Alpine 3.11 amd64 (20200326_13:39)
image.os: Alpine
image.release: "3.11"
image.serial: "20200326_13:39"
image.type: squashfs
volatile.base_image: ebd565585223487526ddb3607f5156e875c15a89e21b61ef004132196da6a0a3
volatile.eth0.host_name: vethb1fe71d8
volatile.eth0.hwaddr: 00:16:3e:5f:73:3e
volatile.idmap.base: "0"
volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":65536}]'
volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":65536}]'
volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":65536}]'
volatile.last_state.power: RUNNING
devices:
eth0:
name: eth0
network: lxdbr0
type: nic
root:
path: /
pool: hddpool
type: disk
ephemeral: false
profiles:
- default
- hddroot
stateful: false
description: ""Statik IP manzilni o'rnatish
Agar biz tarmoq qurilmasi uchun IP-manzilni o'rnatishga harakat qilsak eth0 jamoa lxc config device set alp konteyner konfiguratsiyasi uchun mo'ljallangan bo'lsa, biz qurilma mavjud emasligi haqida xabar beradigan xatolikni olamiz, chunki qurilma eth0 konteyner tomonidan ishlatiladigan profilga tegishli default:
lxc config device set alp eth0 ipv4.address 10.0.5.5
Error: The device doesn't existBiz, albatta, statik IP manzilni o'rnatishimiz mumkin eth0 profildagi qurilmalar, lekin bu profildan foydalanadigan barcha konteynerlar uchun bir xil bo'ladi. Shuning uchun, konteynerga bag'ishlangan qurilmani qo'shamiz:
lxc config device add alp eth0 nic name=eth0 nictype=bridged parent=lxdbr0 ipv4.address=10.0.5.5Keyin konteynerni qayta ishga tushirishingiz kerak:
lxc restart alpAgar hozir konteyner konfiguratsiyasiga qaraydigan bo'lsak, biz variantni ishlatishimiz shart emas --expanded tarmoq qurilmasini ko'rish uchun eth0, chunki biz uni konteyner darajasida yaratdik va u profildan bir xil qurilma ustida kaskad qildi default:
lxc config show alp
architecture: x86_64
config:
image.architecture: amd64
image.description: Alpine 3.11 amd64 (20200326_13:39)
image.os: Alpine
image.release: "3.11"
image.serial: "20200326_13:39"
image.type: squashfs
volatile.base_image: ebd565585223487526ddb3607f5156e875c15a89e21b61ef004132196da6a0a3
volatile.eth0.host_name: veth2a1dc59d
volatile.eth0.hwaddr: 00:16:3e:0e:e2:71
volatile.idmap.base: "0"
volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":65536}]'
volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":65536}]'
volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":65536}]'
volatile.last_state.power: RUNNING
devices:
eth0:
ipv4.address: 10.0.5.5
name: eth0
nictype: bridged
parent: lxdbr0
type: nic
root:
path: /
pool: hddpool
type: disk
ephemeral: false
profiles:
- default
- hddroot
stateful: false
description: ""Konteynerni olib tashlash
Konteynerni olib tashlash uchun buyruqdan foydalaning lxc delete, lekin konteynerni olishdan oldin, buyruq yordamida uni to'xtatish kerak lxc stop:
lxc stop alplxc list
+------+---------+-------------------+------+-----------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+------+---------+-------------------+------+-----------+-----------+
| alp | STOPPED | 10.0.5.10 (eth0) | | CONTAINER | 0 |
+------+---------+-------------------+------+-----------+-----------+Idishning holatini tekshirganimizdan so'ng STOPPEDdan olib tashlash mumkin Saqlash havzasi:
lxc delete alpKonteynerga kirish
Tarmoq ulanishlarini chetlab o'tib, konteynerdagi buyruqlarni to'g'ridan-to'g'ri bajarish uchun buyruqdan foydalaning lxc exec tizim qobig'ini ishga tushirmasdan konteynerdagi buyruqlarni bajaradi. Agar siz qobiqdagi buyruqni o'zgaruvchilar, fayllarni qayta yo'naltirish (quvur) va boshqalar kabi qobiq naqshlari yordamida bajarishingiz kerak bo'lsa, unda siz qobiqni aniq ishga tushirishingiz va buyruqni kalit sifatida topshirishingiz kerak, masalan:
lxc exec alp -- /bin/sh -c "echo $HOME"Buyruq maxsus qochish belgisidan foydalangan maxsus belgi uchun $ shunday qilib, o'zgaruvchi $HOME xost mashinasida talqin qilinmagan, faqat konteyner ichida talqin qilingan.
Bundan tashqari, interaktiv qobiq rejimini ishga tushirish va keyin qisqa tugmani bajarish orqali sessiyani tugatish mumkin CTRL+D:
lxc exec alp -- /bin/shKonteyner resurslarini boshqarish
LXD da siz maxsus konfiguratsiya to'plamidan foydalanib konteyner resurslarini boshqarishingiz mumkin. Konteyner konfiguratsiyasi parametrlarining to'liq ro'yxatini topish mumkin .
RAM resurslarini cheklash
Parametr limits.memory konteyner uchun mavjud RAM miqdorini cheklaydi. Qiymat raqam va bittadan iborat .
Keling, konteynerning RAM chegarasini 256 MB ga o'rnatamiz:
lxc config set alp limits.memory 256MBShuningdek, xotirani cheklash uchun boshqa parametrlar ham mavjud:
limits.memory.enforcelimits.memory.hugepageslimits.memory.swaplimits.memory.swap.priority
komanda lxc config show Sizga butun konteyner konfiguratsiyasini, shu jumladan o'rnatilgan qo'llaniladigan resurs chegarasini ko'rsatishga imkon beradi:
lxc config show alp
architecture: x86_64
config:
image.architecture: amd64
image.description: Alpine 3.11 amd64 (20200220_13:00)
image.os: Alpine
image.release: "3.11"
image.serial: "20200220_13:00"
image.type: squashfs
limits.memory: 256MB
volatile.base_image: 73a3093d4a5ce0148fd84b95369b3fbecd19a537ddfd2e2d20caa2eef0e8fd60
volatile.eth0.host_name: veth75b6df07
volatile.eth0.hwaddr: 00:16:3e:a1:e7:46
volatile.idmap.base: "0"
volatile.idmap.current: '[]'
volatile.idmap.next: '[]'
volatile.last_state.idmap: '[]'
volatile.last_state.power: RUNNING
devices: {}
ephemeral: false
profiles:
- default
stateful: false
description: ""CPU resurs chegarasi
CPU resurslarini cheklashning bir necha yo'li mavjud. :
limit.cpu- konteynerni bir yoki bir nechta CPU yadrolariga bog'laydilimits.cpu.allowance- vaqt chegarasi o'tib ketganda CFS rejalashtiruvchi kvotalari yoki foiz o'tib ketganda universal protsessor resurslarini almashish mexanizmini boshqaradilimits.cpu.priority- protsessorlar to'plamini baham ko'radigan bir nechta misollarga protsessorlarning bir xil foizi tayinlanganda rejalashtirish ustuvorligi
lxc config set alp limits.cpu.allowance 40%lxc config show alp
architecture: x86_64
config:
image.architecture: amd64
image.description: Alpine 3.11 amd64 (20200220_13:00)
image.os: Alpine
image.release: "3.11"
image.serial: "20200220_13:00"
image.type: squashfs
limits.cpu.allowance: 40%
limits.memory: 256MB
volatile.base_image: 73a3093d4a5ce0148fd84b95369b3fbecd19a537ddfd2e2d20caa2eef0e8fd60
volatile.eth0.host_name: veth75b6df07
volatile.eth0.hwaddr: 00:16:3e:a1:e7:46
volatile.idmap.base: "0"
volatile.idmap.current: '[]'
volatile.idmap.next: '[]'
volatile.last_state.idmap: '[]'
volatile.last_state.power: RUNNING
devices: {}
ephemeral: false
profiles:
- default
stateful: false
description: ""Disk maydoni chegarasi
Bunday cheklovlarga qo'shimcha ravishda limits.read, limits.write biz shuningdek, konteyner tomonidan iste'mol qilinadigan disk maydoni miqdorini cheklashimiz mumkin (faqat ZFS yoki BTRFS bilan ishlaydi):
lxc config device set alp root size=2GBO'rnatishdan so'ng, parametrda devices.root.size Belgilangan chegarani tekshirishimiz mumkin:
lxc config show alp
...
devices:
root:
path: /
pool: hddpool
size: 2GB
type: disk
ephemeral: false
profiles:
- default
- hddroot
stateful: false
description: ""Ishlatilgan disk kvotalarini ko'rish uchun biz buyruqdan olishimiz mumkin lxc info:
lxc info alp
...
Resources:
Processes: 5
Disk usage:
root: 1.05GB
CPU usage:
CPU usage (in seconds): 1
Memory usage:
Memory (current): 5.46MB
Network usage:
eth0:
Bytes received: 802B
Bytes sent: 1.59kB
Packets received: 4
Packets sent: 14
lo:
Bytes received: 0B
Bytes sent: 0B
Packets received: 0
Packets sent: 0Konteynerning ildiz qurilmasi uchun 2 GB ga cheklov qo'yganimizga qaramay, tizim yordam dasturlari, masalan df bu cheklovni ko'rmaydi. Buning uchun biz kichik test o'tkazamiz va uning qanday ishlashini bilib olamiz.
Keling, ikkita yangi bir xil konteyner yarataylik Saqlash havzasi (hddpool):
lxc init alpine3 alp1 --storage=hddpool --profile=default --profile=hddroot
lxc init alpine3 alp2 --storage=hddpool --profile=default --profile=hddrootlxc list
+------+---------+------------------+------+-----------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+------+---------+------------------+------+-----------+-----------+
| alp1 | RUNNING | 10.0.5.46 (eth0) | | CONTAINER | 0 |
+------+---------+------------------+------+-----------+-----------+
| alp2 | RUNNING | 10.0.5.30 (eth0) | | CONTAINER | 0 |
+------+---------+------------------+------+-----------+-----------+Keling, konteynerlardan birida 1 Gb fayl yarataylik:
lxc exec alp1 -- dd if=/dev/urandom of=file.img bs=1M count=1000Fayl yaratilganligiga ishonch hosil qilaylik:
lxc exec alp1 -- ls -lh
total 1000M
-rw-r--r-- 1 root root 1000.0M Mar 27 10:16 file.imgAgar biz ikkinchi konteynerga qarasak, xuddi shu joyda fayl mavjudligini tekshiring, keyin bu fayl u erda bo'lmaydi, bu kutilmoqda, chunki konteynerlar o'zlarida yaratilgan. Saqlash hajmi xuddi shunday Saqlash havzasi:
lxc exec alp2 -- ls -lh
total 0Ammo keling, u ishlab chiqaradigan qiymatlarni taqqoslaylik df bir va boshqa konteynerda:
lxc exec alp1 -- df -hT
Filesystem Type Size Used Available Use% Mounted on
/dev/loop1 btrfs 9.3G 1016.4M 7.8G 11% /
...lxc exec alp2 -- df -hT
Filesystem Type Size Used Available Use% Mounted on
/dev/loop1 btrfs 9.3G 1016.4M 7.8G 11% /
...Qurilma /dev/loop1 ildiz bo'limi sifatida o'rnatilgan Saqlash havzasi Bu konteynerlar foydalanadigan, shuning uchun ular hajmini ikkita o'rtasida bo'lishadi.
Resurs iste'moli statistikasi
Buyruq yordamida konteyner uchun resurslarni iste'mol qilish statistikasini ko'rishingiz mumkin:
lxc info alp
Name: alp
Location: none
Remote: unix://
Architecture: x86_64
Created: 2020/04/08 18:05 UTC
Status: Running
Type: container
Profiles: default, hddroot
Pid: 19219
Ips:
eth0: inet 10.0.5.5 veth2a1dc59d
eth0: inet6 fe80::216:3eff:fe0e:e271 veth2a1dc59d
lo: inet 127.0.0.1
lo: inet6 ::1
Resources:
Processes: 5
Disk usage:
root: 495.62kB
CPU usage:
CPU usage (in seconds): 1
Memory usage:
Memory (current): 4.79MB
Network usage:
eth0:
Bytes received: 730B
Bytes sent: 1.59kB
Packets received: 3
Packets sent: 14
lo:
Bytes received: 0B
Bytes sent: 0B
Packets received: 0
Packets sent: 0Suratlar bilan ishlash
LXD oniy tasvirlarni yaratish va ulardan konteyner holatini tiklash qobiliyatiga ega.
Surat yaratish uchun quyidagi buyruqni bajaring:
lxc snapshot alp snapshot1Jamoa lxc snapshot kalit mavjud emas list, shuning uchun oniy tasvirlar ro'yxatini ko'rish uchun konteyner haqida umumiy ma'lumotni ko'rsatadigan buyruqni ishlatishingiz kerak:
lxc info alp
...
...
Snapshots:
snapshot1 (taken at 2020/04/08 18:18 UTC) (stateless)Buyruq yordamida konteynerni oniy rasmdan tiklashingiz mumkin lxc restore Qayta tiklash amalga oshiriladigan konteyner va surat taxallusni ko'rsatish:
lxc restore alp snapshot1Suratni o'chirish uchun quyidagi buyruq ishlatiladi. Shuni esda tutingki, buyruq sintaksisi boshqalarga o'xshamaydi, bu erda konteyner nomidan keyin to'g'ridan-to'g'ri chiziqni belgilashingiz kerak. Agar qiya chiziq qoldirilgan bo'lsa, oniy rasmni o'chirish buyrug'i konteynerni o'chirish buyrug'i sifatida talqin qilinadi!
lxc delete alp/snapshot1Yuqoridagi misolda biz fuqaroligi bo'lmagan oniy tasvirlarni ko'rib chiqdik. LXD-da yana bir turdagi oniy tasvirlar mavjud - bu konteynerdagi barcha jarayonlarning joriy holatini saqlaydi. Holatli oniy suratlar bilan bog'liq bir qator qiziqarli va foydali xususiyatlar mavjud.
Nima yana?
- Python dasturchilari uchun modul mavjud LXD uchun API taqdim etadi
YANGILANISH 10.04.2020/15/00 XNUMX:XNUMX: Navigatsiya qo'shildi
Manba: www.habr.com