Re: [lxc-users] nested containers

Thu, 05 Mar 2015 04:43:37 -0800 

Thanks ,I am able to create nested containers. I want the children to inherit 
the limits of parent container. I am able to do it in cgroups. But in 
containers i am not able to. Example in cgroups, used the memory.use_hierarchy 
option and contained the cgroups.

      From: Fajar A. Nugraha <[email protected]>
 To: LXC users mailing-list <[email protected]> 
 Sent: Wednesday, March 4, 2015 2:44 PM
 Subject: Re: [lxc-users] nested containers
   
On Wed, Mar 4, 2015 at 12:15 PM, Mohan G <[email protected]> wrote:


> Hi,
> Is there anyway we can have nested containers/cgroups. One parent container
> forming the basis for children containers. i.e subset of parent container.

Yes.

On parent container config (in ubuntu), add this:
lxc.aa_profile=lxc-container-default-with-nesting

And then on that container, you can create containers

utopic ~ # lxc-ls -f --running
NAME  STATE    IPV4                      IPV6  GROUPS  AUTOSTART
-----------------------------------------------------------------
v    RUNNING  10.0.3.1, 192.168.124.173  -    -      NO

utopic ~ # lxc-attach -n v

root@v:~#

root@v:~# cat /proc/1/cgroup
12:name=systemd:/lxc/v
11:perf_event:/lxc/v
10:net_prio:/lxc/v
9:net_cls:/lxc/v
8:memory:/lxc/v
7:hugetlb:/lxc/v
6:freezer:/lxc/v
5:devices:/lxc/v
4:cpuset:/lxc/v
3:cpuacct:/lxc/v
2:cpu:/lxc/v
1:blkio:/lxc/v

root@v:~# lxc-create -t download -n nv -- -d ubuntu -r vivid -a amd64
Using image from local cache
Unpacking the rootfs

---
You just created an Ubuntu container (release=vivid, arch=amd64,
variant=default)

To enable sshd, run: apt-get install openssh-server

For security reason, container images ship without user accounts
and without a root password.

Use lxc-attach or chroot directly into the rootfs to set a root password
or create user accounts.

root@v:~# lxc-start -n nv

root@v:~# lxc-ls -f --running
NAME  STATE    IPV4        IPV6  GROUPS  AUTOSTART
--------------------------------------------------
nv    RUNNING  10.0.3.249  -    -      NO



Now run a process inside the nested container

root@v:~# lxc-attach -n nv -- cat /proc/1/cgroup
12:name=systemd:/lxc/v/lxc/nv
11:perf_event:/lxc/v/lxc/nv
10:net_prio:/lxc/v/lxc/nv
9:net_cls:/lxc/v/lxc/nv
8:memory:/lxc/v/lxc/nv
7:hugetlb:/lxc/v/lxc/nv
6:freezer:/lxc/v/lxc/nv
5:devices:/lxc/v/lxc/nv
4:cpuset:/lxc/v/lxc/nv
3:cpuacct:/lxc/v/lxc/nv
2:cpu:/lxc/v/lxc/nv
1:blkio:/lxc/v/lxc/nv

Note how the cgroup is nested

-- 
Fajar
_______________________________________________
lxc-users mailing list
[email protected]
http://lists.linuxcontainers.org/listinfo/lxc-users

  
_______________________________________________
lxc-users mailing list
[email protected]
http://lists.linuxcontainers.org/listinfo/lxc-users

Reply via email to