drvlxc.html.in

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
  <body>
    <h1>LXC container driver</h1>
<p>
The libvirt LXC driver manages "Linux Containers".  Containers are sets of processes
with private namespaces which can (but don't always) look like separate machines, but
do not have their own OS.  Here are two example configurations.  The first is a very
light-weight "application container" which does not have its own root image.
</p>

    <h2><a name="project">Project Links</a></h2>

    <ul>
      <li>
        The <a href="http://lxc.sourceforge.net/">LXC</a> Linux
        container system
      </li>
    </ul>

<h2>Cgroups Requirements</h2>

<p>
The libvirt LXC driver requires that certain cgroups controllers are
mounted on the host OS. The minimum required controllers are 'cpuacct',
'memory' and 'devices', while recommended extra controllers are
'cpu', 'freezer' and 'blkio'. The /etc/cgconfig.conf &amp; cgconfig
init service used to mount cgroups at host boot time. To manually
mount them use:
</p>

<pre>
 # mount -t cgroup cgroup /dev/cgroup -o cpuacct,memory,devices,cpu,freezer,blkio
</pre>

<p>
NB, the blkio controller in some kernels will not allow creation of nested
sub-directories which will prevent correct operation of the libvirt LXC
driver. On such kernels, it may be necessary to unmount the blkio controller.
</p>


<h2>Environment setup for the container init</h2>

<p>
When the container "init" process is started, it will be given several useful
environment variables.
</p>

<dl>
<dt>LIBVIRT_LXC_NAME</dt>
<dd>The name assigned to the container by libvirt</dd>
<dt>LIBVIRT_LXC_UUID</dt>
<dd>The UUID assigned to the container by libvirt</dd>
<dt>LIBVIRT_LXC_CMDLINE</dt>
<dd>The unparsed command line arguments specified in the container configuration</dd>
</dl>


<h3>Example config version 1</h3>
<p></p>
<pre>
&lt;domain type='lxc'&gt;
  &lt;name&gt;vm1&lt;/name&gt;
  &lt;memory&gt;500000&lt;/memory&gt;
  &lt;os&gt;
    &lt;type&gt;exe&lt;/type&gt;
    &lt;init&gt;/bin/sh&lt;/init&gt;
  &lt;/os&gt;
  &lt;vcpu&gt;1&lt;/vcpu&gt;
  &lt;clock offset='utc'/&gt;
  &lt;on_poweroff&gt;destroy&lt;/on_poweroff&gt;
  &lt;on_reboot&gt;restart&lt;/on_reboot&gt;
  &lt;on_crash&gt;destroy&lt;/on_crash&gt;
  &lt;devices&gt;
    &lt;emulator&gt;/usr/libexec/libvirt_lxc&lt;/emulator&gt;
    &lt;interface type='network'&gt;
      &lt;source network='default'/&gt;
    &lt;/interface&gt;
    &lt;console type='pty' /&gt;
  &lt;/devices&gt;
&lt;/domain&gt;
</pre>

<p>
In the &lt;emulator&gt; element, be sure you specify the correct path
to libvirt_lxc, if it does not live in /usr/libexec on your system.
</p>

<p>
The next example assumes there is a private root filesystem
(perhaps hand-crafted using busybox, or installed from media,
debootstrap, whatever) under /opt/vm-1-root:
</p>
<p></p>
<pre>
&lt;domain type='lxc'&gt;
  &lt;name&gt;vm1&lt;/name&gt;
  &lt;memory&gt;32768&lt;/memory&gt;
  &lt;os&gt;
    &lt;type&gt;exe&lt;/type&gt;
    &lt;init&gt;/init&lt;/init&gt;
  &lt;/os&gt;
  &lt;vcpu&gt;1&lt;/vcpu&gt;
  &lt;clock offset='utc'/&gt;
  &lt;on_poweroff&gt;destroy&lt;/on_poweroff&gt;
  &lt;on_reboot&gt;restart&lt;/on_reboot&gt;
  &lt;on_crash&gt;destroy&lt;/on_crash&gt;
  &lt;devices&gt;
    &lt;emulator&gt;/usr/libexec/libvirt_lxc&lt;/emulator&gt;
    &lt;filesystem type='mount'&gt;
      &lt;source dir='/opt/vm-1-root'/&gt;
      &lt;target dir='/'/&gt;
    &lt;/filesystem&gt;
    &lt;interface type='network'&gt;
      &lt;source network='default'/&gt;
    &lt;/interface&gt;
    &lt;console type='pty' /&gt;
  &lt;/devices&gt;
&lt;/domain&gt;
</pre>

<p>
In both cases, you can define and start a container using:</p>
<pre>
virsh --connect lxc:/// define v1.xml
virsh --connect lxc:/// start vm1
</pre>
and then get a console  using:
<pre>
virsh --connect lxc:/// console vm1
</pre>
<p>Now doing 'ps -ef' will only show processes in the container, for
instance.  You can undefine it using
</p>
<pre>
virsh --connect lxc:/// undefine vm1
</pre>
  </body>
</html>