maehachi08 Anything Blog

2012年06月24日
カーネのLXC(Linux Containers)対応確認

LXC(Linux Containers)のインストール

本家サイトダウンロードページからソースtarボールをダウンロードして、configure -> make -> make installを実行。。。

でも構わないのですが、ソースからインストールすると管理が大変なので、私はRPMパッケージをビルドしてインストールしました。

詳細は、

LXC(Linux Containers)のRPMビルド

を参照してください。

カーネルのLXC(Linux Containers)対応確認

LXCをインストールした環境でlxc-checkconfigコマンドを実行します。

# cat /etc/redhat-release
CentOS release 6.2 (Final)

# uname -an
Linux cobbler01 2.6.32-220.el6.x86_64 #1 SMP Tue Dec 6 19:48:22 GMT 2011 x86_64 x86_64 x86_64 GNU/Linux

# lxc-checkconfig
Kernel config /proc/config.gz not found, looking in other places...
Found kernel config file /boot/config-2.6.32-220.el6.x86_64
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled
Multiple /dev/pts instances: enabled

--- Control groups ---
Cgroup: enabled
Cgroup namespace: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: enabled
Macvlan: enabled
Vlan: enabled
File capabilities: enabled

Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig

lxc-checkconfigコマンドの実態は/usr/bin/lxc-checkconfigというシェルスクリプトなので、LXCコンテナを作成するために何が必要かを知ることができます。

# cat /usr/bin/lxc-checkconfig
#!/bin/bash

# Allow environment variables to override grep and config
: ${CONFIG:=/proc/config.gz}
: ${GREP:=zgrep}

SETCOLOR_SUCCESS="echo -en \\033[1;32m"
SETCOLOR_FAILURE="echo -en \\033[1;31m"
SETCOLOR_WARNING="echo -en \\033[1;33m"
SETCOLOR_NORMAL="echo -en \\033[0;39m"

is_set() {
    $GREP -q "$1=[y|m]" $CONFIG
    return $?
}

is_enabled() {
    mandatory=$2

    is_set $1
    RES=$?

    if [ $RES -eq 0 ]; then
        $SETCOLOR_SUCCESS && echo -e "enabled" && $SETCOLOR_NORMAL
    else
        if [ ! -z "$mandatory" -a "$mandatory" = yes ]; then
            $SETCOLOR_FAILURE && echo -e "required" && $SETCOLOR_NORMAL
        else
            $SETCOLOR_WARNING && echo -e "missing" && $SETCOLOR_NORMAL
        fi
    fi
}

if [ ! -f $CONFIG ]; then
    echo "Kernel config $CONFIG not found, looking in other places..."
    KVER="`uname -r`"
    HEADERS_CONFIG="/lib/modules/$KVER/build/.config"
    BOOT_CONFIG="/boot/config-$KVER"
    [ -f "${HEADERS_CONFIG}" ] && CONFIG=${HEADERS_CONFIG}
    [ -f "${BOOT_CONFIG}" ] && CONFIG=${BOOT_CONFIG}
    GREP=grep
    if [ ! -f $CONFIG ]; then
        echo
        echo "The kernel configuration can not be retrieved."
        echo "Please recompile with IKCONFIG_PROC, or"
        echo "install the kernel headers, or specify"
        echo "the path to the config file with: CONFIG=<path> lxc-checkconfig"
        echo
        exit 1
    else
        echo "Found kernel config file $CONFIG"
    fi
fi

echo "--- Namespaces ---"
echo -n "Namespaces: " && is_enabled CONFIG_NAMESPACES yes
echo -n "Utsname namespace: " && is_enabled CONFIG_UTS_NS
echo -n "Ipc namespace: " && is_enabled CONFIG_IPC_NS yes
echo -n "Pid namespace: " && is_enabled CONFIG_PID_NS yes
echo -n "User namespace: " && is_enabled CONFIG_USER_NS
echo -n "Network namespace: " && is_enabled CONFIG_NET_NS
echo -n "Multiple /dev/pts instances: " && is_enabled DEVPTS_MULTIPLE_INSTANCES
echo
echo "--- Control groups ---"

print_cgroups() {
  # print all mountpoints for cgroup filesystems
  awk '$1 !~ /#/ && $3 == mp { print $2; } ; END { exit(0); } '  "mp=$1" "$2" ;
}

CGROUP_MNT_PATH=`print_cgroups cgroup /proc/self/mounts | head -1`

echo -n "Cgroup: " && is_enabled CONFIG_CGROUPS yes

if [ -f $CGROUP_MNT_PATH/cgroup.clone_children ]; then
    echo -n "Cgroup clone_children flag: " &&
    $SETCOLOR_SUCCESS && echo -e "enabled" && $SETCOLOR_NORMAL
else
    echo -n "Cgroup namespace: " && is_enabled CONFIG_CGROUP_NS yes
fi
echo -n "Cgroup device: " && is_enabled CONFIG_CGROUP_DEVICE
echo -n "Cgroup sched: " && is_enabled CONFIG_CGROUP_SCHED
echo -n "Cgroup cpu account: " && is_enabled CONFIG_CGROUP_CPUACCT
echo -n "Cgroup memory controller: " && is_enabled CONFIG_CGROUP_MEM_RES_CTLR
is_set CONFIG_SMP && echo -n "Cgroup cpuset: " && is_enabled CONFIG_CPUSETS
echo
echo "--- Misc ---"
echo -n "Veth pair device: " && is_enabled CONFIG_VETH
echo -n "Macvlan: " && is_enabled CONFIG_MACVLAN
echo -n "Vlan: " && is_enabled CONFIG_VLAN_8021Q
KVER_MAJOR=$($GREP '^# Linux' $CONFIG | \
    sed -r 's/.* ([0-9])\.[0-9]{1,2}\.[0-9]{1,3}.*/\1/')
if [[ $KVER_MAJOR == 2 ]]; then
KVER_MINOR=$($GREP '^# Linux' $CONFIG | \
    sed -r 's/.* 2.6.([0-9]{2}).*/\1/')
else
KVER_MINOR=$($GREP '^# Linux' $CONFIG | \
    sed -r 's/.* [0-9]\.([0-9]{1,3})\.[0-9]{1,3}.*/\1/')
fi
echo -n "File capabilities: " &&
    ( [[ ${KVER_MAJOR} == 2 && ${KVER_MINOR} < 33 ]] &&
       is_enabled CONFIG_SECURITY_FILE_CAPABILITIES ) ||
    ( [[ ( ${KVER_MAJOR} == 2 && ${KVER_MINOR} > 32 ) ||
         ${KVER_MAJOR} > 2 ]] && $SETCOLOR_SUCCESS &&
         echo -e "enabled" && $SETCOLOR_NORMAL )

echo
echo "Note : Before booting a new kernel, you can check its configuration"
echo "usage : CONFIG=/path/to/config $0"
echo