Greetings,
----- Original Message -----
> I am trying to implement something like an "LXC on CentOS 7 HowTo"
> for internal use. (Might as well get public afterwards.) I am following
> the HowTo for CentOS 6
> (https://wiki.centos.org/HowTos/LXC-on-CentOS6). So, here's what I
> did so far (Steps 1-6 can easily be omitted, but I am trying to be
> complete.)
Do you want to use the libvirt tools or the lxc-{whatever} tools?
I haven't worked with LXC on EL6 nor EL7 much at all... but I have been playing
with it some on Fedora 23.
Anyway, to create a CentOS container, the lxc tools can do a lot of the work
for you... and I don't know that all of the steps are needed from that wiki...
at least if you use the lxc tools rather than libvirt... although you'll still
use libvirt for it's networking stuff.
To create a CentOS 7 container:
lxc-create -t download -n {desired-name}
That should give you a list of available Templates... and you would type in:
Distribution: centos
Release: 7
Architecture: amd64
It should download the template and put it under /var/cache/lxc/ and create the
container under /var/lib/lxc/.
The Template should just work and not require any fiddling with... I'm hoping.
LXC is still rather lacking in isolation features as it does not give the
container a subset of /proc... so within the container you can see all of the
RAM and disk... and your root user can do bad things if you don't trust them.
That is with a "privileged" container. Supposedly there is a way to run a
container as a user and then grant capabilities as needed to reduce the
security footprint but I don't know much about that.
Docker is a subset of that design for Applications (rather than the full distro
with an init system of its own) that provides a really nice image library and
image builder... but unless you are trying to do fleet computing (aka
microservices) then Docker really isn't the container I've been looking for.
If you want privileged containers you don't have to worry about, you'll most
likely want tp create an OpenVZ host (warning, third-party repo / kernel /
tools needed). The current stable version of OpenVZ is "OpenVZ Legacy" which
is EL6-based. They have been working hard on "Virtuozzo 7" which is merger of
OpenVZ and the upstream Virtuozzo product-line still offering a FLOSS
version... that is based on EL7 and also provides KVM VM management along-side
of containers. They are trying to integrate Virtuozzo support into libvirt and
the libvirt-based tools like virsh and virt-manager... and get as much of that
work upstreamed as possible... and switch from the kernel-patch based
checkpoint code they have in OpenVZ Legacy to the mostly upstreamed CRIU C/R.
Hopefully in the next 3-6 months Virtuozzo 7 will go GA. They basically have
created a complete distro for it which is based on CentOS.
I'd be interested to hear of the lxc tools work for you or not. The little bit
I tried them on EL7 I seemed to get journald CPU max-outs on the host node.
TYL,
--
Scott Dowdle
704 Church Street
Belgrade, MT 59714
(406)388-0827 [home]
(406)994-3931 [work]
_______________________________________________
CentOS-virt mailing list
[email protected]
https://lists.centos.org/mailman/listinfo/centos-virt
