发布于 2016-05-19 09:48:58 | 142 次阅读 | 评论: 0 | 来源: 网友投递
LXC Linux 容器工具
LXC 项目由一个 Linux 内核补丁和一些 userspace 工具组成。这些 userspace 工具使用由补丁增加的内核新特性,提供一套简化的工具来维护容器。
4月份,LXC发布了LXC 2.0 包含很多新特性,5月16日,LXC 2.0.1发布,修补了一些bug。
重要更新:
All main LXC commands have now been rewritten in C
lxc-ls
lxc-device
lxc-copy
New lxc-copy command taking over the role of lxc-clone and lxc-start-ephemeral
Much improved support for checkpoint/restore of containers
Completely reworked cgroup handling including support for the cgroup namespace
The various command line tools are now much more consistent
Re-organized storage backend implementation, including addition of a Ceph RBD backend
An enormous amount of bugfixes, most of which will be backported to 1.0 and 1.1 over the next few bugfix releases
The C API remains backward compatible with previous versions and is released as 1.2
This release was made possible by contributions (720 commits) from a total of 96 contributors.
更新配置选项
lxc.ephemeral: Controls whether the container is ephemeral and so will be destroyed on shutdown
lxc.rebootsignal: Allows to override the signal sent for container reboot
lxc.hook.destroy: New hook being called on container destruction
lxc.hook.stop: Run in the host context with references to the containers just before namespace teardown
lxc.init_uid: Used by lxc-execute to set an alternative user
lxc.init_gid: Used by lxc-execute to set an alternative group
lxc.monitor.unshare: Allows unsharing the mount namespace prior to running any hook
新特性:
API:
Add support for get_ips()
Add support for get_interfaces()
Add support for rename()
Support for passing the storage backend to create()
New migrate() symbol as an alternative to checkpoint() using a migrate_opts struct to simplify additions
API version is 1.2, fully backward compatible with 1.1 and 1.0
new symbols:
python3
lua
Core:
cgfsng: New cgroup backend driver for recent Linux kernel
cgroup: Partial support for the new cgroup hierarchy
cgroup: Support for the cgroup namespace
checkpoint: Support checkpoint/restore of default LXC containers
checkpoint: Support checkpoint/restore of unprivileged containers
checkpoint: Support for the page server
config: lxc.aa_profile: Now supports an "unchanged" value
config: lxc.init_cmd: Now supports arguments
config: lxc.network.macvlan.mode: Added support for the "passthru" mode
config: lxc.rootfs.backend: Allows to override the storage backend (bypasses auto-detection)
config: New nesting.conf configuration file to setup container nesting
hooks: New LXC_CGNS_AWARE environment variable, set to 1 if LXC supports the cgroup namespace (the kernel however may not)
hooks: New LXC_SRC_NAME environment variable is set in clone hook with the original container name
hooks: New LXC_TARGET environment variable is set with the container goal (stop or reboot)
logging: Updated logging timestamps to be a bit more readable
lxc-usernet: Support for containers usning a veth interface without bridging
lxc-usernet: Support for group-based quotas (use the @ prefix)
network: The bridge interface MTU is now used as the default container interface MTU
start: The process title is now renamed to be easier to read
storage: New Ceph RBD storage backend
Documentation:
Korean translation of all the man pages
Commands:
lxc-attach: Use an intermediate pts device to prevent attacks against the parent shell
lxc-clone: Support for renaming containers
lxc-start-ephemeral: Support for changing bind-mount targets
Init systems:
systemd: Support for instanced service units
Templates
New ALTLinux template
New Slackware template
New SPARCLinux template
alpine: Support installing extra packages
debian: Default to just "main" enabled, allow enabling other repositories through argument
oracle: Set the timezone in the container
openssh: Add OpenSSH support
ubuntu: New -v option allowing the user to set the debootstrap variant
ubuntu-cloud: Support for vendor-data passthrough
bug修复:
apparmor: Also allow fstype=fuse for fuse filesystems
attach: adapt lxc-attach tests & add test for pty logging
attach: don't fail attach on failure to setup a SIGWINCH handler.
attach: fix a variety of lxc-attach pts handling issues
attach: switch console pty to raw mode (fixes ncurses-based programs)
attach: use raw settings of ssh for pty
bindings: fixed python-lxc reference to var before assignment in create()
bindings: set PyErr when Container.__init__ fails
cgfsng: defer to cgfs if needed subsystems are not available
cgfsng: don't require that systemd subsystem be mounted
core: Added missing type to keys in lxc_list_nicconfigs
core: Allow configuration file values to be quoted
core: log: remove duplicate definitons and bump buffer size
core: sync: properly fail on unexpected message sizes
core: Unshare netns after setting the userns mappings (fixes ownership of /proc/net)
core: various fixes as reported by static analysis
c/r: add an option to use faster inotify support in CRIU
c/r: rearrange things to pass struct migrate_opts all the way down
doc: ignore temporary files generated by doxygen
doc: tweak manpage generation date to be compatible with reproducible builds
doc: update MAINTAINERS
doc: update to translated manpages
init: add missing lsb headers to sysvinit scripts
init: don't make sysv init scripts dependant on distribution specifics
init: drop obsolete syslog.target from lxc.service.in
lxc-attach: add logging option to manpage
lxc-checkconfig: better render when stdout isn't a terminal
lxc-create: fix -B best option
lxc-destroy: avoid double print
lxc-ls: use fewer syscalls when doing ipc
templates: Add apt-transport-https to minbase variant of Ubuntu template
templates: fix a typo in the capabilities name for Gentoo (sys_resource)
templates: logic fix in the Centos template for RHEL7+ support
templates: tweak Alpine DHCP configuration to send its hostname
templates: tweak to network configuration of the Oracle template