Monday Aug 05, 2013

Linux Container (LXC) — Part 2: Working With Containers

Containers by Phil Parker, on Flickr
"Containers" by Phil Parker (CC BY 2.0).

Part 1 of this article series provided an overview about the Linux container technology. This second part intends to give you an impression on how to work with containers, by showing a few practical examples. These can be easily followed and reproduced on an up to date Oracle Linux 6 system. For the first steps, it is recommended to install Oracl Linux inside a virtual environment like Oracle VM VirtualBox. Oracle provides a pre-installed and pre-configured Oracle Linux 6 Virtualbox image for free download from the Oracle Technology Network (OTN).

The administration of Linux containers is performed on the command line; so far, there is no integration or support for this technology in applications like Oracle VM Manager or Oracle Enterprise Manager. However, Oracle has developed several enhancements which are included in the lxc package that's part of Oracle Linux 6.4; these changes were also contributed to the upstream LXC project and are now part of the official LXC releases. The support of Linux containers is also included in the libvirt project, which provides a graphical user interface for the management of virtual machines or containers using virt-manager (and other utilities). Libvirt is also included in Oracle Linux.

The creation of Oracle Linux containers can be accomplished on the command line in a few steps, using the LXC utilities. At first, a dedicated directory should be created to host the container file systems. The default location is /container. Creating this directory on top of a Btrfs file system provides a few additional interesting possibilities, e.g. the option to "freeze" a container file system at a certain point in time, or the fast creation (cloning) of additional containers based on a template. Cloning containers using Btrfs snapshots takes place at an instant, without requiring any additional disk space except for the differences to the original template. The creation and management of Btrfs file systems is explained in detail in the chapter "The Btrfs File System" of the "Oracle Linux Administrator's Solutions Guide for Release 6".

The following example creates a Btrfs file system on the second hard disk drive and mounts it to the directory /container:

# mkfs.btrfs /dev/sdb

WARNING! - Btrfs v0.20-rc1 IS EXPERIMENTAL
WARNING! - see http://btrfs.wiki.kernel.org before using

fs created label (null) on /dev/sdb
nodesize 4096 leafsize 4096 sectorsize 4096 size 4.00GB
Btrfs v0.20-rc1

# mdkir -v /container
mkdir: created directory `/container'
# mount -v /dev/sdb /container
mount: you didn't specify a filesystem type for /dev/sdb
I will try type btrfs
/dev/sdb on /container type btrfs (rw)

Now you can create a container of the latest version of Oracle Linux 6 named "ol6cont1" and using the default options by entering the following command. The option "-t" determines the general type of the Linux distribution to be installed (the so-called "template"), e.g. "oracle", "ubuntu" or "fedora". Depending on the template, you can pass template-specific options after the double dashes ("--"). In the case of the Oracle Linux template, you can choose the distribution's version by providing values like "5.8", "6.3" or "6.latest". Further information about the available configuration options can be found in chapter "About the lxc-oracle Template Script" of the Oracle Linux 6 Administrator's Solutions Guide.

# lxc-create -n ol6cont1 -t oracle -- --release=6.latest
/usr/share/lxc/templates/lxc-oracle is /usr/share/lxc/templates/lxc-oracle
Note: Usually the template option is called with a configuration
file option too, mostly to configure the network.
For more information look at lxc.conf (5)

Host is OracleServer 6.4
Create configuration file /container/ol6cont1/config
Downloading release 6.latest for x86_64
Loaded plugins: refresh-packagekit, security
ol6_latest | 1.4 kB 00:00
ol6_latest/primary | 31 MB 01:23
ol6_latest 21879/21879
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package chkconfig.x86_64 0:1.3.49.3-2.el6 will be installed
--> Processing Dependency: libc.so.6(GLIBC_2.4)(64bit) for package: chkconfig-1.3.49.3-2.el6.x86_64
--> Processing Dependency: libc.so.6(GLIBC_2.3.4)(64bit) for package: chkconfig-1.3.49.3-2.el6.x86_64
[...]
--> Processing Dependency: pygpgme for package: yum-3.2.29-40.0.1.el6.noarch
--> Processing Dependency: python-iniparse for package: yum-3.2.29-40.0.1.el6.noarch
--> Processing Dependency: rpm-python for package: yum-3.2.29-40.0.1.el6.noarch
--> Running transaction check
---> Package audit-libs.x86_64 0:2.2-2.el6 will be installed
---> Package bash.x86_64 0:4.1.2-15.el6_4 will be installed
---> Package checkpolicy.x86_64 0:2.0.22-1.el6 will be installed
---> Package coreutils.x86_64 0:8.4-19.0.1.el6_4.2 will be installed
--> Processing Dependency: coreutils-libs = 8.4-19.0.1.el6_4.2 for package: coreutils-8.4-19.0.1.el6_4.2.x86_64
[...]
---> Package pinentry.x86_64 0:0.7.6-6.el6 will be installed
--> Running transaction check
---> Package groff.x86_64 0:1.18.1.4-21.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
chkconfig x86_64 1.3.49.3-2.el6 ol6_latest 158 k
dhclient x86_64 12:4.1.1-34.P1.0.1.el6 ol6_latest 316 k
initscripts x86_64 9.03.38-1.0.1.el6_4.1 ol6_latest 937 k
[...]
rootfiles noarch 8.1-6.1.el6 ol6_latest 6.3 k
rsyslog x86_64 5.8.10-6.el6 ol6_latest 648 k
vim-minimal x86_64 2:7.2.411-1.8.el6 ol6_latest 363 k
yum noarch 3.2.29-40.0.1.el6 ol6_latest 995 k
Installing for dependencies:
MAKEDEV x86_64 3.24-6.el6 ol6_latest 88 k
audit-libs x86_64 2.2-2.el6 ol6_latest 60 k
basesystem noarch 10.0-4.0.1.el6 ol6_latest 4.3 k
[...]
yum-metadata-parser x86_64 1.1.2-16.el6 ol6_latest 26 k
zlib x86_64 1.2.3-29.el6 ol6_latest 72 k

Transaction Summary
================================================================================
Install 135 Package(s)

Total download size: 79 M
Installed size: 294 M
Downloading Packages:
(1/135): MAKEDEV-3.24-6.el6.x86_64.rpm | 88 kB 00:00
(2/135): audit-libs-2.2-2.el6.x86_64.rpm | 60 kB 00:00
(3/135): basesystem-10.0-4.0.1.el6.noarch.rpm | 4.3 kB 00:00
(4/135): bash-4.1.2-15.el6_4.x86_64.rpm | 904 kB 00:02
(5/135): binutils-2.20.51.0.2-5.36.el6.x86_64.rpm | 2.8 MB 00:07
[...]
(131/135): vim-minimal-7.2.411-1.8.el6.x86_64.rpm | 363 kB 00:01
(132/135): xz-libs-4.999.9-0.3.beta.20091007git.el6.x86_ | 89 kB 00:00
(133/135): yum-3.2.29-40.0.1.el6.noarch.rpm | 995 kB 00:03
(134/135): yum-metadata-parser-1.1.2-16.el6.x86_64.rpm | 26 kB 00:00
(135/135): zlib-1.2.3-29.el6.x86_64.rpm | 72 kB 00:00
--------------------------------------------------------------------------------
Total 271 kB/s | 79 MB 04:59
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : libgcc-4.4.7-3.el6.x86_64 1/135
Installing : setup-2.8.14-20.el6.noarch 2/135
Installing : filesystem-2.4.30-3.el6.x86_64 3/135
Installing : basesystem-10.0-4.0.1.el6.noarch 4/135
Installing : ca-certificates-2010.63-3.el6_1.5.noarch 5/135
[...]
Installing : rsyslog-5.8.10-6.el6.x86_64 131/135
Installing : yum-3.2.29-40.0.1.el6.noarch 132/135
Installing : passwd-0.77-4.el6_2.2.x86_64 133/135
Installing : 2:vim-minimal-7.2.411-1.8.el6.x86_64 134/135
Installing : rootfiles-8.1-6.1.el6.noarch 135/135
Verifying : gamin-0.1.10-9.el6.x86_64 1/135
Verifying : procps-3.2.8-25.el6.x86_64 2/135
Verifying : 12:dhclient-4.1.1-34.P1.0.1.el6.x86_64 3/135
Verifying : 2:ethtool-3.5-1.el6.x86_64 4/135
Verifying : ncurses-base-5.7-3.20090208.el6.x86_64 5/135
[...]
Verifying : ca-certificates-2010.63-3.el6_1.5.noarch 130/135
Verifying : libssh2-1.4.2-1.el6.x86_64 131/135
Verifying : cpio-2.10-11.el6_3.x86_64 132/135
Verifying : mingetty-1.08-5.el6.x86_64 133/135
Verifying : libcurl-7.19.7-37.el6_4.x86_64 134/135
Verifying : 1:findutils-4.4.2-6.el6.x86_64 135/135

Installed:
chkconfig.x86_64 0:1.3.49.3-2.el6
dhclient.x86_64 12:4.1.1-34.P1.0.1.el6
initscripts.x86_64 0:9.03.38-1.0.1.el6_4.1
openssh-server.x86_64 0:5.3p1-84.1.el6
[...]
Dependency Installed:
MAKEDEV.x86_64 0:3.24-6.el6
audit-libs.x86_64 0:2.2-2.el6
basesystem.noarch 0:10.0-4.0.1.el6
bash.x86_64 0:4.1.2-15.el6_4
binutils.x86_64 0:2.20.51.0.2-5.36.el6
[...]
upstart.x86_64 0:0.6.5-12.el6_4.1
ustr.x86_64 0:1.0.4-9.1.el6
util-linux-ng.x86_64 0:2.17.2-12.9.el6_4.3
xz-libs.x86_64 0:4.999.9-0.3.beta.20091007git.el6
yum-metadata-parser.x86_64 0:1.1.2-16.el6
zlib.x86_64 0:1.2.3-29.el6

Complete!
Rebuilding rpm database
Configuring container for Oracle Linux 6.4
Added container user:oracle password:oracle
Added container user:root password:root
Container : /container/ol6cont1/rootfs
Config : /container/ol6cont1/config
Network : eth0 () on virbr0
'oracle' template installed
'ol6cont1' created

To prepare a miminal installation of the latest version of Oracle Linux 6 (about 400 MB), the installation script performs a download of the required RPM packages from Oracle's "public-yum" service. The directory structure of the installed container can be found at /container/ol6cont1/rootfs, it can be browsed and evaluated like any other regular directory structure. The script also creates two user accounts "root" and "oracle" and configures a virtual network device, which obtains an IP address via DHCP from the DHCP server provided by the libvirt framework. The container's configuration file created by lxc-create is located at /container/ol6cont1/config and can be adapted and modified using a regular text editor. Before making any changes, it's recommended to create a snapshot of the container first, which can be used to quickly spawn additional containers:

# lxc-clone -o ol6cont1 -n ol6cont2
Tweaking configuration
Copying rootfs...
Create a snapshot of '/container/ol6cont1/rootfs' in '/container/ol6cont2/rootfs'
Updating rootfs...
'ol6cont2' created
# lxc-ls -1
ol6cont1
ol6cont2

Start the container using the following command:

# lxc-start -n ol6cont1 -d -o /container/ol6cont1/ol6cont1.log
# lxc-info -n ol6cont1
state: RUNNING
pid: 311
# lxc-info -n ol6cont2
state: STOPPED
pid: -1

The container has now been started in the background. Eventual log messages will be redirected to the file ol6cont.log. As you can tell from the output of lxc-info, only the container ol6cont1 has been started, while the clone ol6cont2 remains in stopped state until you boot it up using lxc-start.

Now you can log into the container instance's console using the following command. The container's system configuration can now be modified using the usual tools (e.g. yum or rpm to install additional software).

# lxc-console -n ol6cont1

Oracle Linux Server release 6.4
Kernel 2.6.39-400.109.4.el6uek.x86_64 on an x86_64

ol6cont1 login: root
Password:
[root@ol6cont1 ~]# ps x
PID TTY STAT TIME COMMAND
1 ? Ss 0:00 /sbin/init
184 ? Ss 0:00 /sbin/dhclient -H ol6cont1 -1 -q -lf /var/lib/dhclien
207 ? Sl 0:00 /sbin/rsyslogd -i /var/run/syslogd.pid -c 5
249 ? Ss 0:00 /usr/sbin/sshd
256 lxc/console Ss+ 0:00 /sbin/mingetty /dev/console
260 ? Ss 0:00 login -- root
262 lxc/tty2 Ss+ 0:00 /sbin/mingetty /dev/tty2
264 lxc/tty3 Ss+ 0:00 /sbin/mingetty /dev/tty3
266 lxc/tty4 Ss+ 0:00 /sbin/mingetty /dev/tty4
267 lxc/tty1 Ss 0:00 -bash
278 lxc/tty1 R+ 0:00 ps x
[root@ol6cont1 ~]# logout
Oracle Linux Server release 6.4
Kernel 2.6.39-400.109.4.el6uek.x86_64 on an x86_64

ol6cont1 login: CTRL-A Q

The key combination CTRL-A, Q terminates the console session. Alternatively, you can also log in to the container using SSH from the host system. All containers have their own IP address and are connected to a virtual bridge device virbr0 by default, which is also reachable from the host system. This way, you can easily set up simple client/server architectures within a host system.

A running container can easily be suspended using the command lxc-freeze at any time. All running processes will be halted and won't consume CPU ressources anymore, until you release them using lxc-unfreeze again. Since Linux containers are based on the Linux Control Groups (Cgroups) framework, it is also possible to precisely limit the resources available to a container.

A container can be shut down using various ways: either by calling lxc-stop from the host, or from within the container using the usual commands like shutdown -h or poweroff. Containers that are no longer needed can be discarded using the lxc-destroy command.

If you'd like to learn more about this topic, there is a dedicated chapter about Linux containers in the Oracle Linux Administrator's Solutions Guide. It covers the creation, configuration and starting/stopping as well as monitoring of containers in detail. It also explains how to prepare the container storage on a Btrfs file system and how existing containers can be quickly cloned.

More links about the topic of Linux containers:

Wednesday Aug 15, 2012

It's Better with Btrfs

source

Two recently published articles to help you become proficient with the Btrfs file system in Oracle Linux:

How I Got Started with the Btrfs File System in Oracle Linux

By Margaret Bierman

Scalability and volume management. Write methodology and access. Tunables. Margaret describes these capabilities of the Btrfs file system, plus how it deals with redundant configurations, checksums, fault isolation and much more. She also walks you through the steps to create and set up a Btrfs file system so you can become familiar with it.

How I Use the Advanced Features of the Btrfs File System

By Margaret Bierman

How to create and mount a Btrfs file system. How to copy and delete files. How to create and manage a redundant file system configuration. How to check the integrity of the file system and its remaining capacity. How to take snapshots. How to clone. And more. In this article Margaret explores the more advanced features of the Btrfs file system.

Let us know what you think, and what you'd like to see Margaret write about in the future.

- Rick

Website Newsletter Facebook Twitter

Tuesday Mar 13, 2012

Who the Linux Developer Met on His Way to St. Ives

For some reason I still remember this nursery riddle:

"As I was going to Saint Ives
I met a man with seven wives
Each wife had seven sacks
Each cat had seven cats
Each cat had seven kits
How many were going to St Ives?

The answer, of course, is one. More about the riddle here.

Little did I know, when I first learned it, that this rhyme would help me understand the Oracle Exadata Database Machine. Miss Blankenship, please forgive me:

As I was going to St Ives
I met a man with 8 Oracle Exadata Machines
Each machine had 8 sockets
Each socket had 8 cores
Each core had 2 threads
How many CPU's were going to St Ives?

If your i-phone has hobbled you to the point that you can no longer do simple arithmetic in your head, you can get the answer to that riddle by listening to these podcasts (the first one even provides notes):

Podcast: How Oracle Linux Was Optimized for the Oracle Exadata Database Machine

Turns out that when you use off-the-shelf components to build a NUMA system like the Exadata, you lower your hardware costs, but you increase the software work that must be done to optimize the system. Oracle Linux already had a set of optimizations well suited to this task. Chris Mason, director of Linux kernel engineering at Oracle, describes the process engineering used to optimize Exadata's integrated stack, touching everything from storage, to networking, the CPU, I/O speeds, and finally the application. Great Q&A, too.

Podcast: What's So Great About Oracle's Unbreakable Enterprise Kernel?

It's easy to replace your tired rust-bucket of a Linux kernel with the chromed-out Unbreakable Enterprise Kernel from Oracle, but why would you? Sergio Leunissen, Oracle Vice President, and Lenz Grimmer, blogger extraordinaire, explain why it's worth your time to use the Unbreakable Linux Kernel. Sergio and Lenz explain why Oracle went to the trouble to engineer its own kernel, what's included in Release 2, how it is tested, how it is optimized for the Oracle stack, the close relationship with the Linux community, and what benefits it brings developers and sysadmins.

Where to Get It, How to Use It

As you may have already heard, Release 2 of Oracle's Unbreakable Enterprise Kernel for Linux is now available. Here are some resources to help you get started.

- Rick with Todd Trichler

Website

Newsletter

Facebook

Twitter

Tuesday Feb 28, 2012

Santa Clara On April 10 - Next OTN Sysadmin Day

Before the part of Oracle that was then Sun Microsystems moved in, the facility used to be known as the Agnews Insane Asylum. Some of us who worked for Sun at the time thought the image was hilarious. Some thought it was insensitive. Some believed it was a statement about the rise of the corporate state and the demise of benign government. That was the Santa Clara campus back then, a diverse, magical workplace full of people who held strong opinions about everything, yet managed to have a great time together.

Another topic that incites strong opinions among good friends is Oracle Solaris vs Oracle Linux. Which one is better? Which one should I use? Which one should I learn how to use? At our OTN Sysadmin Days, we let you decide. Pavel Anni always opens our OTN Sysadmin Days with a talk about Oracle's dual OS strategy. He explains why Oracle offers two operating systems, and summarizes the main features of each one. Then we split off into two different groups to get our hands on each OS.

One group gets their hands on the ZFS filesystem, virtualization capabilities, and security controls of Oracle Solaris.

The other group gets their hands on the package management tools, services, and runs levels of Oracle Linux, plus its volume management tools and the Btrfs filesystem.

The truly adventurous sysadmins jump between groups. Both groups learn by doing, using the hands-on labs similar to those on OTN's Hands-On Labs page. Why attend an event in person when you could simply work the labs on your own? Two reasons:

  1. Since you are away from the obligations of the data center, you get to focus on working the labs without interruption.
  2. You get help from Oracle experts and other sysadmins who are working on the same labs as you.

I've been to all our OTN Sysadmin Days so far. The sysadmins and IT managers who attended told me that it was time very well spent. However, our attendance has been low. Not sure whether we haven't gotten the word out to enough people, or whether it's just difficult for sysadmins to get away. In any case, if we don't improve attendance, we'll have to cancel OTN Sysadmin Days.

So if you're interested, register now. Santa Clara on April 10 may be your last chance. The event is free. Here's the agenda:

Time Session
8:00 am System Shakedown
9:00 am Oracle's Dual OS Strategy
 

Oracle Solaris Track

Oracle Linux Track

10:00 am HOL: Oracle Solaris ZFS HOL: Package Management and Configuration
11:30 am HOL: Virtualization HOL: Storage Management
1:00 pm Lunch / Surfing OTN
2:00 pm HOL: Oracle Solaris Security HOL: Btrfs filesystem
3:00 pm Presentation: Oracle Enterprise Manager Ops Center 11g
3:30 pm Presentation: Setting Up and In-House Development Environment with Oracle Solaris Studio
4:00 pm Discussion: What are the most pressing issues for sysadmins today?
5:00 pm We all go home

- Rick Ramsey

Website

Newsletter

Facebook

Twitter

Wednesday Sep 14, 2011

OTN Sysadmin Day - Seattle

OTN Sysadmin Day held in Sacramento on Sep 8 was the first time we presented two tracks of hands-on labs:

Time Session
8:00 am System Shakedown
9:00 am Oracle's Dual OS Strategy / Overview of OTN
 

Oracle Solaris Track

Oracle Linux Track

10:00 am HOL: ZFS HOL: managing packages, configuring services
11:30 am HOL: Exploring OS, network, and storage virtualization HOL on Storage Part I: managing storage and file systems
1:00 pm Lunch Break
2:00 pm HOL: Managing software with IPS HOL on Storage Part II: Device Mapper, BTRFS
3:00 pm Presentation: Oracle Enterprise Manager Ops Center 11g
4:00 pm Discussion: What are the most pressing issues for sysadmins today?
5:00 pm We all go home

Participants found the hands-on labs particularly valuable. You get to learn by doing. And what you get to do is install, configure, and manage the technologies of Oracle Solaris 11 and Oracle Linux in the same way as you would in the real world.

Next Sysadmin Day

We are doing another one in Seattle, on September 22nd. From 8:00 am to 5:00 pm. It's free, but you must register. Please stay for the feedback session at the end. They tend to be pretty spirited, and you might win a neat prize. I'll tell you more if you make it to Seattle.

Our next Sysadmin Day won't happen till January 18 (Salt Lake City), so do what you can to make it to Seattle. It's being held at the Seattle Westin Hotel, 1900 5th Avenue.

If you'd like to see some pictures from the Sacramento event, go to the "OTN Sysadmin Day Sacramento" photo folder on the OTN Garage on Facebook.

- Rick
Website
Newsletter
Facebook
Twitter

Wednesday Aug 31, 2011

Save disk space on Linux by cloning files on Btrfs and OCFS2

Rebecca W: Dolly
"Dolly" by Rebecca W (CC BY-SA 2.0).

Btrfs and OCFS2 are two very advanced file systems for Linux. Btrfs is a next-generation local file system for Linux, and it provides a number of nice features like snapshots and subvolumes, dynamic resizing and built-in RAID functionality. OCFS2 is the ideal candidate for creating cluster file systems that can be shared across multiple machines (but it can also be used for local storage).

There is one neat little feature that both Btrfs and OCFS2 have in common — they are capable of creating "lightweight" copies ("snapshots" or "clones") of a file.

In this case the file system does not create a new link pointing to an existing inode, it rather creates a new inode that shares the same disk blocks as the original file. This means that this operation only works within the boundaries of the same file system or subvolume. The outcome looks very much like a copy of the source file, but the actual data blocks have not been duplicated. Due to the copy-on-write nature, a modification of any one of the files will not be visible in the other file. Note that this should not be confused with hard links – this web page provides a good explanation of the differences.

For Btrfs, you can invoke this feature by using the cp(1) utility with the --reflink option, which was added to the GNU coreutils in version 7.5 (released in Aug. 2009):

cp --reflink <source file> <destination file>

Adding support for the reflink implementation of OCFS2 to cp still seems to be under development. For now, you need to download and install a separate reflink binary from here. It works like the ln(1) utility:

reflink <source file> <destination file>

Wim covered OCFS2 reflink in more detail in a blog post a while ago and there is another example for OCFS2 on our Wiki.

These kind of file clones save disk space and allow copy operations to perform much quicker than actually copying entire files. This can be quite useful if you need to create copies of very large files that differ very little from each other, e.g. virtual machine disk images. In this case the disk space savings can be quite significant!

About

Contributors:
Rick Ramsey
Kemer Thomson
and members of the OTN community

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
12
13
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today
Blogs We Like