Hands-on with Native Linux Containers (LXC) Workbook

Similar documents
NetIQ Aegis: Automated Workflow Magic Lab

Identity Manager 4 Package Manager Lab

Update Management ZENworks Mobile Management 3.2.x September 2015

Novell Identity Manager

Making your Applications Portable with Novell ZAV 9 Lecture

Novell PlateSpin Forge

NovellTM Client. for Linux README. October 12, 2005

Novell ZENworks Asset Management 7.5

Novell Open Workgroup Suite Small Business Edition

3 Mobility Pack Installation Instructions

Novell Access Manager

Novell ZENworks Application Virtualization

Novell Data Synchronizer Mobility Pack Overview. Novell. Readme. January 28, 2013

Configuring Google Cloud Messaging Service for Android Devices

Novell GroupWise Migration Utility for Microsoft * Exchange

1 A product that should be in a device s inventory is not showing up in the inventory

Novell ZENworks Endpoint Security Management 4.1 Interim Release 1. 1 Issues Resolved in IR1. Novell. April 16, 2010

3 NetWare/Windows: Software Installation

User Guide SecureLogin 7.0 SP3 April, 2012

This Readme describes the NetIQ Access Manager 3.1 SP5 release.

AUTHORIZED DOCUMENTATION. Using ZENworks with Novell Service Desk Novell Service Desk February 03,

ZENworks Reporting Migration Guide

Novell Identity Manager

Version is the follow-on release after version 8.1, featuring:

ZENworks Linux Management Migration Guide

Novell Identity Manager

Novell ZENworks Handheld Management

Update Process and Recommendations

AUTHORIZED DOCUMENTATION

Online documentation: Novell Documentation Web site. ( documentation/securelogin70/index.html)

The Novell Client for SUSE Linux Enterprise 11 Service Pack1(SLE 11 SP1) requires workstations / servers running one of the following:

Novell NetWare. Novell QuickFinderTM 5.0 Server Administration Guide 6.5 SP8. novdocx (en) 17 September November 9,

Novell Kerberos KDC 1.5 Quickstart. novdocx (en) 11 December Novell Kerberos KDC QUICK START.

Adding Users and Enrolling Devices

System Performance: Sizing and Tuning

Endpoint Security Policies Reference

System Performance: Sizing and Tuning

Asset Management Migration Guide

Pre-Installation ZENworks Mobile Management 2.7.x August 2013

Novell Access Manager

Novell Open Workgroup Suite Small Business Edition

Best Practices Guide Simplifying Filr Deployments with File Reporter and Storage Manager October 5, 2015

Staying out of the Front Page Headlines Using NEPS Lab

SUSE Linux Enterprise 11 Fundamentals Workbook

Novell ZENworks Orchestrator

Server Installation ZENworks Mobile Management 2.6.x January 2013

Using ZENworks with Novell Service Desk

Identity Tracking. 6.1r1 SENTINEL SOLUTION OVERVIEW. Aug 2008

Understanding Roles Based Provisioning 4.01 Roles, Security and Resource Model-Lecture

System Performance: Sizing and Tuning

WebAccess Mobile User Guide

Novell ZENworks Endpoint Security Management

Full Disk Encryption Pre-Boot Authentication Reference

Configuration Guide Data Synchronizer Mobility Pack Connector for GroupWise January 28, 2013

GroupWise Messenger 2 Support Pack 3

Style Guide GroupWise Product Documentation August 2013

iprint Manager Health Monitor for Linux Administration Guide

Personality Migration Reference

Novell Access Manager

Client TM 2.0 SP2 for Linux

GroupWise Connector for Outlook

Novell Client for Windows Vista User Guide. novdocx (en) 6 April NovellTM Client. for Windows Vista * USER GUIDE.

Novell Identity Manager

Fundamentals of ZENworks Configuration Management Imaging Lecture

Novell Identity Manager Driver for Linux* and UNIX* Settings

Configuration Guide Data Synchronizer Mobility Pack Connector for Mobility January 28, 2013

Novell Identity Manager

Virtualization with SUSE Linux Enterprise 11 SP2 Lab

Novell GroupWise. GROUPWISE CLIENT FREQUENTLY ASKED QUESTIONS (FAQ) August 15, 2005

Novell Identity Manager

Interoperability Guide

Driver for edirectory Implementation Guide

Novell GroupWise. WEBACCESS CLIENT USER GUIDE. August 15, 2005

Novell Data Synchronizer 1.2

Novell Access Manager

Novell Operations Center

Novell Sentinel Novell 1 Overview 1.1 Prerequisites

Novell PlateSpin Orchestrate

Compliance Manager ZENworks Mobile Management 2.7.x August 2013

ios Supervised Devices

Novell ZENworks 10 Personality Migration

Overview GroupWise Software Developer Kit May 2013

Novell PlateSpin Protect

Novell ZENworks Suite

Quick Start Access Manager 3.1 SP5 January 2013

ZENworks Endpoint Security Management. Version 3.2. Installation and Quick-Start Guide

Novell TM. Client. for Linux 1.2. Novell Client for Linux 1.2 Administration Guide. novdocx (ENU) 01 February

Conferencing 1.0 User Guide. novdocx (en) 24 April Novell Conferencing USER GUIDE. June 25, 2008

White Paper. IDM Toolbox. product brief. version: 1.1. created: /11/2016 7:47:00 AM IDM Toolbox White Paper-en v1.1.

Endpoint Security Utilities Reference

Novell Compliance Management Platform

Novell Business Continuity Clustering

Novell Messenger. Installation Guide 2.0. novdocx (en) 17 September January 15, Messenger 2.0 Installation Guide

Multi-System Administration Guide

Entitlements Guide Identity Manager Aprl 15, 2011

Novell Client Login Extension

Distributing ZENworks Mobile Management for ios as an Enterprise Application

The issues included in this document were identified in Novell ZENworks 7.3 Linux Management with Interim Release 3 (IR3).

Novell Identity Manager

Installation and Configuration Guide

Transcription:

Hands-on with Native Linux Containers (LXC) Workbook Course ATT1801.0.0 Lab Manual September 6, 2012

Proprietary Statement Copyright 2012 Novell, Inc. All rights reserved. Novell, Inc., has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed on the Novell Legal Patents Web page (http://www.novell.com/company/legal/patents/) and one or more additional patents or pending patent applications in the U.S. and in other countries. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher. Novell, Inc. 404 Wyman Street, Suite 500 Waltham, MA 02451 U.S.A. www.novell.com Novell Trademarks For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/trademarks/tmlist.html). Third-Party Materials All third-party trademarks are the property of their respective owners. Software Piracy Throughout the world, unauthorized duplication of software is subject to both criminal and civil penalties. If you know of illegal copying of software, contact your local Software Antipiracy Hotline. For the Hotline number for your area, access Novell s World Wide Web page (http://www.novell.com) and look for the piracy page under Programs. Or, contact Novell s anti-piracy headquarters in the U.S. at 800-PIRATES (747-2837) or 801-861-7101. Disclaimer Novell, Inc., makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. Further, Novell, Inc., makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes. Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See the Novell International Trade Services Web page (http://www.novell.com/info/exports/) for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals. This Novell Training Manual is published solely to instruct students in the use of Novell networking software. Although third-party application software packages are used in Novell training courses, this is for demonstration purposes only and shall not constitute an endorsement of any of these software applications. Further, Novell, Inc. does not represent itself as having any particular expertise in these application software packages and any use by students of the same shall be done at the student s own risk.

Contents Section 1 Exercise 1.1 Exercise 1.2 Exercise 1.3 Exercise 1.4 Exercise 1.5 Exercise 1.6 Exercise 1.7 Introduction to LXC...5 Create a Clone of your System as a Chroot Jail with Jailbird2...6 Task I: Create a Chroot Jail Using Jailbird2...6 Task II: Use a Jailbird2 Created Jail...6 Enable Linux Control Groups...8 Task I: Install the cgroups Packages...8 Task II: Enable cgroups to Start Automatically...8 Create a Network Bridge...9 Task I: Create a Network Bridge with YaST...9 Create a Simple LXC Container...10 Task I: Create a Basic Configuration File for the Container...10 Task II: Create the LXC Container...10 Task III: Enable root Logins to the New Container...11 Task IV: Test the New Container...11 Create a Clone of your System as a LXC Container with Jailbird2...13 Task I: Create a LXC Container Using Jailbird2...13 Task II: Use a Jailbird2 Created LXC Container...13 Explore Process Isolation in a LXC Container...15 Task I: View Processes in the Host System and a Chroot Jail...15 Task II: View the Processes in the Host System and a LXC Container...15 Configure and Run X Windows in a LXC Container...17 Task I: Create a Clone of the Host system as a LXC Container...17 Task II: Configure the X Server in a LXC Container...17 Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES 3

Hands-on with Native Linux Containers (LXC) List of Figures 4 Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

Introduction to LXC Section 1 Introduction to LXC In this section you being using LXC. Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES 5

Hands-on with Native Linux Containers (LXC) 1.1 Create a Clone of your System as a Chroot Jail with Jailbird2 In this exercise you using the jailbird2-create command to clone the host system into and chroot jail. Objectives: Task I: Create a Chroot Jail Using Jailbird2 Task II: Use a Jailbird2 Created Jail Special Instructrisions and Notes: You will need to obtain the jailbird2 package from the instructor. The package may already have been added to your virtual machine environment. Enter which jailbird2-create to see. Task I: Create a Chroot Jail Using Jailbird2 1. As the root user, open a terminal window and enter the following command to create a clone of your host system as an LXC container: cd /root jailbird2-create sles01 Task II: Use a Jailbird2 Created Jail 1. Enter the following command to start the sles01 container: jailbird2-start /root/sles01 2. Ente rthe olloaing command to show that the jail is started: jailbird2-status You should see the jail listed mount grep /root/sles01 You should see that proc and sys are mounted on the /proc and /sys directories in the jail 3. Enter the following command to chroot into the jail: chroot /root/sles01 You should see your prompt change to now begin with (jail) 4. To exit the jail enter the following: exit Your prompt should now change back to normal 6 Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

Introduction to LXC 5. In another terminal window enter the following command to stop the sles01 jail: jailbird2-stop /root/sles01 6. Enter the following commands to see that the jail is now stopped: jailbird2-status You should not see the sles1 jail listed mount grep /root/sles01 You should see that proc and sys are no longer mounted in the jail (End of Exercise) Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES 7

Hands-on with Native Linux Containers (LXC) 1.2 Enable Linux Control Groups In this exercise you install and enable Linux control groups (cgroups). Objectives: Task I: Install the cgroups Packages Task II: Enable cgroups to Start Automatically Special Instructions and Notes: (none) Task I: Install the cgroups Packages 1. Log in as the root user 2. Enter the following command to install the cgroups package(s) rpm -q libcgroup1 zypper in -y libcgroup1 Task II: Enable cgroups to Start Automatically 1. As the root user, enter the following command to activate cgroups: /etc/init.d/boot.cgroup start 2. Enter the following commands to enable cgroups to start at boot time: insserv boot.cgroup 3. Enter the following command to see that cgroups are enabled: mount grep cgroup You should see several entries with /sys/fs/cgroup/subsystem as the mountpoint. (End of Exercise) 8 Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

Introduction to LXC 1.3 Create a Network Bridge In this exercise you will create a network bridge. Objectives: Task I: Create a Network Bridge with YaST Special Instructions and Notes: Record the following information for the eth0 network interface IP_ADDRESS: SUBNET_MASK: Task I: Create a Network Bridge with YaST In this task you will create a network bridge using YaST. 1. Launch the YaST Network Card module YaST->Network Devices->Network Card 2. Select Traditional Method with ifup and the Next 3. Highlight the physical network interface that the bridge will be attached to (eth0) and select Delete 4. Click Add 5. From the Device Type drop-down list select Network Bridge 6. Click Next 7. Select Static Address Setup 8. Us the following for the IP address information: IP Address Subnet Mask IP_ADDRESS SUBNET_MASK 9. In the Bridged Devices list select the network interface that corresponds to eth0 10. Click Next and then Finish 11. Open a terminal window and enter the following commands: ip addr show /sbin/brctl show You should see a new network interface and new bridge named br0 (End of Exercise) Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES 9

Hands-on with Native Linux Containers (LXC) 1.4 Create a Simple LXC Container In this exercise you create a simple LXC container using a template. Objectives: Task I: Create a Basic Configuration File for the Container Task II: Create the LXC Container Task III: Enable root Logins to the New Container Task IV: Test the New Container Special Instructions and Notes: A network bridge name br0 must exist before performing this exercise Task I: Create a Basic Configuration File for the Container To create an LXC container you must have a basic configuration file that defines the network configuration for the container. 1. As the root user, open a terminal window and enter the following command to create an initial configuration file for the container: lxc-createconfig -n basic-sles -b br0 -t sles When prompted to create the container config enter: y You should see a file name /root/basic-sles.conf that contains something like the following: lxc.network.type = veth lxc.network.flags = up lxc.network.link = br0 lxc.network.hwaddr = 02:00:5c:b6:00:40 lxc.network.name = eth0 Task II: Create the LXC Container Before starting a container the container must be created. This can be done by running the lxc-create command and referencing a template. The template will create everything required for the container: config file, rootfs, etc. 1. As the root user, enter the following command to create the LXC container: lxc-create -n basic-sles -f /root/basic-sles.conf -t sles When the command is finished running you should have a new container named basic-sles in /var/lib/lxc/ 10 Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

2. Enter the following command to see that the container was created: lxc-ls Introduction to LXC The command should show a list of the existing container which in this case is only basic-sles 3. Enter the following command to see the current state of the new container: lxc-info basic-sles The command should show that the container is state is STOPPED Task III: Enable root Logins to the New Container The basic SLES container needs to have the root password set and the console added to the securetty file so that the root user can log in to the container. 1. To set the root password in the new container, enter the following commands: chroot /var/lib/lxc/basic-sles/rootfs passwd root (enter password: linux) exit 2. To allow the root user to log into the new container, In the text editor you your choice, open the /var/lib/lxc/basic-sles/rootfs/etc/securetty file to be edited 3. Add the following line to the end of the file: console 4. Save the file and close the text editor Task IV: Test the New Container 1. Enter the following commands to ensure that the network bridge named br0 is up and running: brctl show ip link show dev br0 You should see that the br0 bridge is created and up Note: If br0 doesn't exist, enter the following commands to create it and bring it up: brctl addbr br0 ip link set up dev br0 Re-run the brctl show and ip link show commands to verify it worked 2. Enter the following command to start the new container: lxc-start -n basic-sles You should see the boot messages while the container starts and then be placed at a Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES 11

Hands-on with Native Linux Containers (LXC) login prompt 3. Log into the container with the following credentials: Username: root Password: linux You should be at shell prompt as root in the new container 4. In another terminal window, enter the following command to see the current state of the new container: lxc-info -n basic-sles You should see that the container's state is RUNNING 5. Close the terminal window that you launched and are currently logged into the container in 6. Enter the followng to view the current state of the container: lxc-info -n basic-sles You should see that the container is still running even though you close the terminal that launched it 7. Open another terminal window and enter the following command to connect to the console of the running container: lxc-console -n basic-sles You should be at a login prompt of the container 8. In another terminal window, enter the following command to shutdown the container: lxc-stop -n basic-sles 9. Enter the following command to see the current state of the container: lxc-info -n basic-sles You should see that the current state of the container is now STOPPED (End of Exercise) 12 Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

Introduction to LXC 1.5 Create a Clone of your System as a LXC Container with Jailbird2 In this exercise you using the lxc-jailbird2-create command to clone the host system into and LXC container. Objectives: Task I: Create a LXC Container Using Jailbird2 Task II: Use a Jailbird2 Created LXC Container Special Instructrisions and Notes: You will need to obtain the jailbird2 package from the instructor. The package may already have been added to your virtual machine environment. Enter which lcx-jailbird2-create to see. Task I: Create a LXC Container Using Jailbird2 1. As the root user, enter the following command to create a clone of your host system as an LXC container: lxc-jailbird2-create sles02 Task II: Use a Jailbird2 Created LXC Container 1. As the root user, enter the following command to verify that the container created in Task I is available: lxc-ls You should see the sles02 container listed 2. Enter the following command to view the status of the sles02 container: lxc-info -n sles02 You should see thats its status is STOPPED 3. Enter the following command to start the sles02 container: lxc-start -n sles02 You should see the container start 4. Log into the container with the default username and password: Username: root Password: linux 5. In another terminal window enter the following command to stop the sles02 container: Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES 13

Hands-on with Native Linux Containers (LXC) lxc-stop -n sles02 (End of Exercise) 14 Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

Introduction to LXC 1.6 Explore Process Isolation in a LXC Container In this exercise you explore the differences in process isolation between the host system, a chroot jail and a LXC container. Objectives: Task I: View Processes in the Host System and a Chroot Jail Task II: View the Processes in the Host System and a LXC Container Special Instructions and Notes: The sles01 chroot jail and the sles02 LXC container must be created with the Jailbird2 utility before performing this exercise Task I: View Processes in the Host System and a Chroot Jail A task description goes here (not required) 1. As the root user, open a terminal window and enter the following command to view the process list in the host: ps -A 2. Open a second terminal window and as the root user enter the following commands to start and chroot into a jail: jailbird2-start /root/sles01 chroot /root/sles01 3. Enter the ps command again from within the context of the jail: ps -A the process lists from the host and the container should be pretty much the same Task II: View the Processes in the Host System and a LXC Container 1. Open a third terminal window and as the root user enter the following command to start a LXC container: lxc-start -n sles02 2. Log into the container as the root user: Username: root Password: linux 3. In the host system terminal window enter the ps command again: Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES 15

Hands-on with Native Linux Containers (LXC) ps -A 4. In the container's terminal window enter the PS command: ps -A Notice that the process lists are dramatically different. Also notice that the host system can see the process for the container but the container can only see its own processes. Also notice that the PIDs of the processes in the container are different from their PIDs as seen in the host system. 5. In the chroot jail's terminal window enter the ps command: ps -A 6. Notice that the chroot jail can also see the container's processes. 7. Shut down the container (from the host system's terminal window): lxc-stop -n sles02 8. Shut down the chroot jail (from the chroot jail's terminal window): exit jailbird2-stop /home/sles01 (End of Exercise) 16 Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

Introduction to LXC 1.7 Configure and Run X Windows in a LXC Container In this exercise you configure and run X Window in a LXC container. Objectives: Task I: Create a Clone of the Host system as a LXC Container Task II: Configure the X Server in a LXC Container Special Instructions and Notes: (none) Task I: Create a Clone of the Host system as a LXC Container 1. While logged in as the root user open a terminal window and enter the following command to create a new cloned container: lxc-jailbird2-create sles-x 2. When the container creation is finished start and log into the container: lxc-start -n sles-x Username: root Password: linux Task II: Configure the X Server in a LXC Container 1. Enter the following command to generate a configuration file for the X server: sax2 -r -a 2. Enter the following command try to start an X server: startx The X server shouldn't start. Note the fatal server error saying that it Cannot open virtual console 8. 3. Enter the following command to view a list of the device files available to the container: ls -l /dev You should notice that there is no tty8 (virtual console 8) device file 4. Enter the following command to attempt to create the device file: mknod -m 666 /dev/tty8 c 4 8 You should get an error that the mknod operation is not permitted Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES 17

Hands-on with Native Linux Containers (LXC) 5. Enter the following command (from the console of the sles-x container) to shut down the container: halt Note: If the screen switches away form the GUI to a virtual terminal just press Ctrl+Alt+F7 to return to the GUI 6. Enter the following commands to changing into the container's rootfs and create the tty8 device file: cd /var/lib/lxc/sles-x/rootfs/dev mknod -m 666 tty8 c 4 8 This time the mknod command should succeed 7. Start the container again and log in as root: lxc-start -n sles-x Username: root Password: linux 8. Verify that the tty8 device file is present: ls -l /dev You should see the tty8 device file 9. Try to start the X server again: startx The X server should not start and you should,see the same critical error again (cannot open virtual console 8). Why do you think this is? 10. Shut down the sles-x container again: halt 11. In the text editor of your choice, as the root user, open the sles-x container's configuration file (/etc/lxc/sles-x/config) In the consoles section of the cgroups definitions notice that access to the tty8 (c 4:8) device is not allowed. 12. Add the following line at the end of the consoles section of the cgroup definitions to allow the container to access tty8: lxc.cgroup.devices.allow = c 4:8 rwm 13. Save the file and close the text editor 14. Start the sles-x container again and log into the container as root: lxc-start -n sles-x Username: root Password: linux 18 Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

Introduction to LXC 15. Try to start the X server again: startx This time the X server should start by opening a new X display on virtual terminal 8. 16. Launch Nautilus (double-click of the home directory) and open a GNOME Terminal (right-click on the Desktop > Open in terminal) 17. Switch back to the X session for the host system by pressing: Ctrl+Alt+F7 You should be back at the X session belonging to the host system 18. Switch back to the X session for the sles-x container: Ctrl+Alt+F8 19. Shut down the sles-x container again by entering the following in the GNOME Teminal window: halt You should see the sles-x container shut down (End of Exercise) Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES 19

Hands-on with Native Linux Containers (LXC) 20 Copying all or part of this manual, or distributing such copies, is strictly prohibited. To report suspected copying, please call 1-800-PIRATES

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback