LXC

Définition
LXC pour LinuX Containers est une technologie de virtualisation de système ou de processus Linux basé sur l'isolation. LXC permet de lancée n'importe quelle distribution Linux récente à l'intérieur d'un conteneur. Ce conteneur peut être configuré pour limité l'accès au ressources physique de la machine hôte (CPU, Memoire, I/O,...) grace à l'utilisation des cgroups.

in english
LXC is a lightweight hypervisor allowing to run isolated appliances. Indeed, it provides a virtual environment that has its own process and network space. It is similar to a chroot. As LXC is implemented on given linux kernel, only operating systems that are compatible with the hosting kernel will be able to run. It is based on cgroups (control groups), a Linux kernel feature to manage ressources like CPU, memory and disk I/O by limiting resources, prioritizing groups, accounting (measuring), isolating (separate namespaces for groups, it means processes, network connections and files are not visible by other groups) and controling groups.

Etat actuel
LXC est actuellement (03/2013) en version 0.9 et son API n'est pas encore stabilisée. Cette technologie est intégrée au noyau Linux et à pour but de remplacer OpenVZ qui n'est pas adapter au version récente du noyau Linux. Son développement est actuellement très actif.

LXC et le Cloud Computing
LXC est pour le moment utilisé pour isolé des services sur un serveur ou dans le Cloud Computing au niveau PaaS comme Heroku. Certaines fonctionnalités indispensable à la sécurité empêche LXC d'être utilisé dans le comme mécanisme de virtualisation pour les systèmes de IaaS.

LXC en pratique
Auteurs :    Jordan Calvi (RICM4), Alexandre Maurice (RICM4), Michael Mercier (RICM5)

Installation
/!\ LXC as been set up succesfully on ubuntu 12.04 LTS as container launching does not works on Debian Wheeze testing OS. /!\

Packages installation
 * /?\ Conteners will be placed in /var/lib/lxc /?\
 * /?\ Conteners will be placed in /var/lib/lxc /?\

''Mounting cgroups automatically : edit /etc/fstab and add the following

''Enabling previous modifications

''Checking everything is ok

Manipulation of containers
''Creating a container running Ubuntu
 * /!\ By default, the version of the guest OS is the same as the hosting one. /!\
 * /!\ By default, the version of the guest OS is the same as the hosting one. /!\

''Showing existing containers and thoses that are running
 * /?\ The first line indicates existing containers and the second one thoses in running state. /?\
 * /?\ The first line indicates existing containers and the second one thoses in running state. /?\

''Obtaining information about ubuntu1

''Starting the container

''Connection to the container

''Shutting down the container

''Exiting console
 * perform

Deleting the container

Configuring the container
At boot time, a virtual machines reads the file /var/lib/lxc/{VM-name}/config to set up its configuration (root file system, number of TTY, limites, etc).  lxc.network.type=veth lxc.network.link=lxcbr0 lxc.network.flags=up lxc.network.hwaddr = 00:16:3e:24:e5:9a lxc.utsname = ubuntu1

lxc.devttydir = lxc lxc.tty = 4 lxc.pts = 1024 lxc.rootfs = /var/lib/lxc/ubuntu1/rootfs lxc.mount = /var/lib/lxc/ubuntu1/fstab lxc.arch = amd64 lxc.cap.drop = sys_module mac_admin lxc.pivotdir = lxc_putold


 * 1) uncomment the next line to run the container unconfined:
 * 2) lxc.aa_profile = unconfined

lxc.cgroup.devices.deny = a lxc.cgroup.devices.allow = c *:* m lxc.cgroup.devices.allow = b *:* m lxc.cgroup.devices.allow = c 1:3 rwm lxc.cgroup.devices.allow = c 1:5 rwm lxc.cgroup.devices.allow = c 5:1 rwm lxc.cgroup.devices.allow = c 5:0 rwm lxc.cgroup.devices.allow = c 1:9 rwm lxc.cgroup.devices.allow = c 1:8 rwm lxc.cgroup.devices.allow = c 136:* rwm lxc.cgroup.devices.allow = c 5:2 rwm lxc.cgroup.devices.allow = c 254:0 rwm lxc.cgroup.devices.allow = c 10:229 rwm lxc.cgroup.devices.allow = c 10:200 rwm lxc.cgroup.devices.allow = c 1:7 rwm lxc.cgroup.devices.allow = c 10:228 rwm lxc.cgroup.devices.allow = c 10:232 rwm 
 * 1) Allow any mknod (but not using the node)
 * 1) /dev/null and zero
 * 1) consoles
 * 1) lxc.cgroup.devices.allow = c 4:0 rwm
 * 2) lxc.cgroup.devices.allow = c 4:1 rwm
 * 3) /dev/{,u}random
 * 1) rtc
 * 1) fuse
 * tun
 * 1) full
 * 1) hpet
 * kvm

Configuring default network and switch
see: /etc/default/lxc

Liens externes
Site officiel