Difference between pages "Linux Containers/pt-br" and "Funtoo Profiles/ru"

< Linux Containers(Difference between pages)
(Starting LXC container during host boot)
 
(Created page with "=== Использование медиа-дополнений ===")
 
Line 1: Line 1:
== Status ==
+
{{#widget:AddThis}}
 +
<languages/>
 +
== Типы профилей ==
  
Como no kernel Linux 3.1.5, o LXC é útil por isolar seus próprios trabalhos de outros. Ele não está pronto ainda para isolar potencialmente usuários de outros ou do sistema hóspede (host). Para uma solução de containers mais madura, que é apropriada para ambientes de hospedagem, veja [[OpenVZ]].
+
Historically, users have had to add a large number of settings to [[Make.conf|{{c|/etc/make.conf}}]] to customize their Gentoo or Funtoo Linux system, which made setup of the operating system more difficult than it should be. In Gentoo Linux, it is possible to only define one ''system profile''. Think of a system profile as the default settings that Portage uses for building everything on your system. Funtoo Linux uses multiple sub-profiles per system. The following profile types are available in Funtoo Linux:
  
Containers LXC ainda não possui seu próprio sistema de atualização, e eles veem tudo que está na saída {{c|dmesg}} no host, entre outras coisas. Mas em geral, a tecnologia funciona.
+
{{TableStart}}
 +
{{2ColHead|Sub-Profile|Description}}
 +
{{2Col|{{c|arch}}|This defines CPU-specific settings. Only one arch profile is enabled at install time, and cannot be changed.}}
 +
{{2Col|{{c|subarch}}|This further refines the CPU-specific settings. One subarch profile is typically enabled at install time.}}
 +
{{2Col|{{c|build}}|This defines the type of stability, such as {{c|current}} or {{c|stable}}, and its associated settings. One build profile is enabled, at install time, and is generally not changed.}}
 +
{{2Col|{{c|flavor}}|This defines the intended use of Funtoo, such as {{c|minimal}}, {{c|core}}, {{c|workstation}} or {{c|desktop}}. One flavor is enabled, and can be changed by the user.}}
 +
{{2Col|{{c|mix-ins}}|These can be enabled by the user, based on the features the user wants, such as {{c|gnome}}, {{c|kde}}, {{c|media}}, {{c|mate}}, {{c|X}}, and {{c|hardened}}.}}
 +
{{TableEnd}}
  
== Informações Básicas ==
+
{{Note|Flavors can (and often do) inherit settings from other flavors and mix-ins. Mix-ins can also inherit settings from other mix-ins. For example, {{c|X}} is inherited by {{c|gnome}}. The {{c|epro}} tool will show both as being enabled so there are no surprises.}}
  
 +
=== Использование epro ===
  
* Linux Containers são baseados em:
+
{{c|epro show}} отображает текущие настройки профилей в вашей системе:
** Kernel namespaces para isolamento de recursos
+
** CGroups para limitação e contabilidade de recursos
+
 
+
{{Package|app-emulation/lxc}} é a ferramenta userspace para os Linux containers
+
 
+
== Grupos de controle (Control groups) ==
+
 
+
* Control groups (cgroups) no kernel desde o 2.6.24
+
** Permite agregação de tarefas e seus filhos (children)
+
** Subsystems (cpuset, memory, blkio,...)
+
** accounting - para medir a quantidade de recursos que certos sistemas utilizam
+
** resource limiting (limitante de recurso) - grupos podem ser configurados para não excederem um determinado limite de memória
+
** prioritization (priorização) - alguns grupos podem ter uma fatia maior do CPU
+
** control - freezing/unfreezing (congelamento/descongelamento) de cgroups, checkpointing (ponto de verificação) e restarting (reinicialização)
+
** No disk quota limitation ( -> image file, LVM, XFS, directory tree quota,...) [sem limitação de cota de disco (-> arquivo imagem, LVM, XFS, cota de arvore de diretório)]
+
 
+
== Subsystems ==
+
<br>
+
 
{{console|body=
 
{{console|body=
###i## cat /proc/cgroups
+
# ##i## epro show
subsys_name hierarchy num_cgroups enabled
+
cpuset
+
cpu
+
cpuacct
+
memory
+
devices
+
freezer
+
blkio
+
perf_event
+
hugetlb
+
}}
+
  
#cpuset    -> limita tarefas para CPU/CPUs específicos
+
=== ##g##Enabled Profiles##!g##: ===
#cpu        -> compartilhamento de CPU
+
#cpuacct    -> contabilização de CPU
+
#memory    -> limitação de contabilização de memória e de swap
+
#devices    -> lista de dispositivo negado ou permitido
+
#freezer    -> suspend/resume tarefas
+
#blkio      -> priorização I/O (weight, throttle, ...)
+
#perf_event -> suporte para monitoramento por-cpu por-cgroup [http://lwn.net/Articles/421574/ perf_events]
+
#hugetlb    -> recurso controlador do cgroup para páginas HugeTLB [http://lwn.net/Articles/499255/ hugetlb]
+
  
== Configurando o Host system do Funtoo ==
+
        arch: ##c## x86-64bit
 +
      build: ##c## current
 +
    subarch: ##c## intel64-haswell
 +
      flavor: ##c## desktop
 +
    mix-ins: ##c## gnome
  
=== Instale o LXC kernel ===
 
Qualquer kernel acima do 3.1.5 provavelmente funcionará. Pessoalmente, eu prefiro o {{Package|sys-kernel/gentoo-sources}} , uma vez que ele possui suporte para todos os namespaces sem sacrificar o suporte a xfs, FUSE ou NFS, por exemplo. Essas verificações foram introduzidas posteriormente, a partir do kernel 3.5, o que pode também significar que o namespace do usuário não está funcionando de forma otimizada.
 
  
* User namespace (EXPERIMENTAL) depende do EXPERIMENTAL e do UIDGID_CONVERTED
+
=== ##g##All inherited flavors from desktop flavor##!g##: ===
** config UIDGID_CONVERTED
+
*** True (verdadeiro) se todos os componentes de software selecionados forem conhecidos por terem uid_t and gid_t convertidos para kuid_t and kgid_t onde se apropriaram e são por outro lado seguros de utilizar com o user namespace.
+
**** Networking - depende do NET_9P = n
+
**** Filesystems - 9P_FS = n, AFS_FS = n, AUTOFS4_FS = n, CEPH_FS = n, CIFS = n, CODA_FS = n, FUSE_FS = n, GFS2_FS = n, NCP_FS = n, NFSD = n, NFS_FS = n, OCFS2_FS = n, XFS_FS = n
+
**** Opções de segurança (Security options) - Grsecurity - GRKERNSEC = n (se aplicável)
+
  
** A partir do kernel 3.10.xx, todas as opções acima são seguras para se usar com User namespaces, excetuando XFS_FS. Consequentemente, com kernel >=3.10.xx, você deverá responder XFS_FS= n, caso queira suporte a User namespaces.
+
                    ##c##workstation (from desktop flavor)
** Em seu diretório da fonte do kernel (kernel source directory), você deve verificar o init/Kconfig e descobrir o que UIDGID_CONVERTED depende
+
                            ##c##core (from workstation flavor)
 +
                        ##c##minimal (from core flavor)
  
==== Configuração do kernel ====
+
=== ##g##All inherited mix-ins from desktop flavor##!g##: ===
Estas opções devem ser habilitadas em seu kernel para ser capaz de tirar o máximo proveito do LXC.
+
  
* General setup
+
                              ##c##X##!c## (from workstation flavor)
** CONFIG_NAMESPACES
+
                          ##c##audio##!c## (from workstation flavor)
*** CONFIG_UTS_NS
+
                            ##c##dvd##!c## (from workstation flavor)
*** CONFIG_IPC_NS
+
                          ##c##media##!c## (from workstation flavor)
*** CONFIG_PID_NS
+
      ##c##mediadevice-audio-consumer##!c## (from media mix-in)
*** CONFIG_NET_NS
+
                ##c##mediadevice-base##!c## (from mediadevice-audio-consumer mix-in)
*** CONFIG_USER_NS
+
      ##c##mediadevice-video-consumer##!c## (from media mix-in)
** CONFIG_CGROUPS
+
                ##c##mediadevice-base##!c## (from mediadevice-video-consumer mix-in)
*** CONFIG_CGROUP_DEVICE
+
        ##c##mediaformat-audio-common##!c## (from media mix-in)
*** CONFIG_CGROUP_SCHED
+
          ##c##mediaformat-gfx-common##!c## (from media mix-in)
*** CONFIG_CGROUP_CPUACCT
+
        ##c##mediaformat-video-common##!c## (from media mix-in)
*** CONFIG_CGROUP_MEM_RES_CTLR (em kernels superiores ao 3.6 essa opção é chamada de CONFIG_MEMCG)
+
                  ##c##console-extras##!c## (from workstation flavor)
*** CONFIG_CGROUP_MEM_RES_CTLR_SWAP (em kernels superiores ao 3.6 essa opção é chamada CONFIG_MEMCG_SWAP)
+
                          ##c##print##!c## (from desktop flavor)
*** CONFIG_CPUSETS (on multiprocessor hosts)
+
* Networking support
+
** Networking options
+
*** CONFIG_VLAN_8021Q
+
* Device Drivers
+
** Character devices
+
*** Unix98 PTY support
+
**** CONFIG_DEVPTS_MULTIPLE_INSTANCES
+
** Network device support
+
*** Network core driver support
+
**** CONFIG_VETH
+
**** CONFIG_MACVLAN
+
 
+
Uma vez que você tenha o lxc instalado, você pode verificar seu kernel config com:
+
{{console|body=
+
# ##i##CONFIG=/path/to/config /usr/sbin/lxc-checkconfig
+
 
}}
 
}}
 +
To view all available sub-profile settings, use {{c|epro list}}:
 +
{{console|body=# ##i## epro list}}
 +
Enabled profiles will be highlighted in cyan. Directly enabled profiles will be in bold and have an asterisk {{c|*}} appended. Sub-profiles enabled via inheritance will be highlighted.
  
=== Emerge lxc ===
+
==== Примеры использования ====
{{console|body=
+
# ##i##emerge app-emulation/lxc
+
}}
+
  
=== Configure a Rede para o Container ===
+
{{TableStart}}
 +
{{2Col|Add the mix-ins {{c|gnome}} and {{c|kde}}|{{console|body=# ##i## epro mix-ins +gnome +kde}}}}
 +
{{2Col|Remove a mix-in, for example {{c|gnome}}|{{console|body=# ##i## epro mix-ins -gnome}}}}
 +
{{2Col|Change the profile arch to x86-64bit|{{console|body=# ##i## epro arch x86-64bit}}}}
 +
{{2Col|Change the subarch to {{c|generic_64}}|{{console|body=# ##i## epro subarch generic_64}}}}
 +
{{2Col|Change the system flavor|{{console|body=# ##i## epro flavor desktop}}}}
 +
{{2Col|Get JSON output of profile settings|{{console|body=# ##i## epro show-json}}}}
 +
{{2Col|Get current sub-profile setting in text form|{{console|body=# ##i## epro get [profiletype]}}}}
 +
{{TableEnd}}
  
Tipicamente, alguém utiliza uma ponte (bridge) para permitir que os containers conectem a rede. Esse é o modo de se fazer isso no Funtoo Linux:
+
== Конфигурации ==
  
# crie uma bridge utilizando os Funtoo network configuration scripts. Nomeie a bridge com algo como {{c|brwan}} (using {{c|/etc/init.d/netif.brwan}}). Configure sua bridge pata ter um endereço IP.
+
В системе можно одновременно задействовать только один профиль конфигурации. Доступны следующие варианты:
# Faça a dua interface física, tal qual {{c|eth0}}, uma interface sem endereço de IP (utilize o template {{c|interface-noip}} do Funtoo.)
+
# Torne o {{c|netif.eth0}} um slave de {{c|netif.brwan}} em {{c|/etc/conf.d/netif.brwan}}.
+
# Habilite sua nova rede já em bridge e certifique-se de que está funcionando corretamente no host.
+
  
Agora você será capaz de configurar LXC para adicionar automaticamente sua interface ethernet virtual do container para criar uma bridge quando ele inicializar, que a conectará a sua rede.
+
{{TableStart}}
 +
{{2ColHead|Flavor|Description}}
 +
<tr><td>{{c|minimal}}</td><td>This contains the bare minimum settings for all Funtoo Linux flavors.</td></tr>
 +
<tr><td>{{c|core}}</td><td>The core flavor includes the minimal flavor, plus reasonable settings, and is used for the [[Funtoo_Linux_Installation#Installing_the_Stage_3_tarball|official stage3 downloads]].</td></tr>
 +
<tr><td>{{c|server}}</td><td>In the future, the server flavor will include the core flavor, plus specific settings designed for servers. At the moment, it is equivalent to the core flavor.</td></tr>
 +
<tr><td>{{c|workstation}}</td><td>The workstation flavor is a minimal desktop system. It includes the core flavor, plus these mix-ins: {{c|X}}, {{c|audio}}, {{c|dvd}}, {{c|media}} and {{c|console-extras}}.</td></tr>
 +
<tr><td>{{c|desktop}}</td><td>The desktop flavor includes the common settings for any full-featured desktop system. It includes the {{c|workstation}} flavor plus {{c|printing}} support. The user is expected to further customize their system with a desktop environment of choice, such as KDE, GNOME, or XFCE, possibly by using a mix-in.</td></tr>
 +
{{TableEnd}}
  
==Definindo um LXC Container do Funtoo Linux ==
+
== Дополнения ==
  
Aqui estão os passos necessários para por o Funtoo Linux para funcionar <i>dentro de</i> um container. Os passos abaixo mostram como definir um container utilizando um template OpenVZ existente do Funtoo Linux. Agora é possível também utilizar o [[Metro]] para consruir um diretamente um tarball do lxc container, que salvará sua configuração manual e fornecerá um arquivo {{c|/etc/fstab.lxc}} que você pode utilizar para o seu host container config. Veja [[Metro Recipes]] para informações de como utilizar o Metro para gerar um lxc container.
+
Одновременно в системе может быть задействовано любое количество дополнений. Доступные следующие варианты дополнений:
  
=== Criar e configurar um Container Filesystem ===
+
{{TableStart}}
 +
{{2ColHead|Mix-in|Description}}
 +
{{2Col|{{c|audio}}|Enables core audio-related settings, currently related to ALSA.}}
 +
{{2Col|{{c|console-extras}}|Enables things that are nice to have for console-only systems. Currently enabling gpm in USE.}}
 +
{{2Col|{{c|dvd}}|USE settings related to optical drives -- CDR/DVD-ROM/RW use.}}
 +
{{2Col|{{c|gnome}}|USE and package.use settings required to merge GNOME. Designed to be used with {{c|desktop}} or {{c|workstation}} flavor.}}
 +
{{2Col|{{c|hardened}}|Enables hardened support.}}
 +
{{2Col|{{c|kde}}|USE and package.use settings required to merge KDE. Designed to be used with {{c|desktop}} or {{c|workstation}} flavor.}}
 +
{{2Col|{{c|media}}|USE settings related to audio/video media encoding. Can be for desktops or servers.}}
 +
{{2Col|{{c|print}}|Enables printing capability.}}
 +
{{2Col|{{c|vmware-guest}}|Settings related to using Funtoo Linux as a VMWare virtual machine guest.}}
 +
{{2Col|{{c|X}}|Settings related to the X Window System and hardware support.}}
 +
{{2Col|{{c|xfce}}|USE settings required for merging XFCE.}}
 +
{{TableEnd}}
  
# Inicie o Funtoo LXC template, e desempacote-o em um diretório tal qual {{c|/lxc/funtoo0/rootfs/}}
+
=== Дополнения для мультимедийных устройств ===
# Crie um arquivo {{c|/lxc/funtoo0/fstab}} vazio
+
# Certifique-se de que a linha {{c|c1}} não está comentada (habilitada) e da linha {{c|c2}} à linha {{c|c6}} estão desabilitadas em {{c|/lxc/funtoo0/rootfs/etc/inittab}}
+
  
Isso é quase tudo o que você precisa para ter o container filesystem pronto para iniciar.
+
Media device mix-ins have been created to support media devices, including external and portable devices, and associated low-level hardware support and hardware-focused codecs. Media devices have been categorized into audio and video categories, and consumer and professional categories. "Consumer" devices are those devices that regular desktop users might typically use, while "professional" devices are those that professionals, hobbyists or enthusiasts would typically use. Here are the new mix-ins for media devices:
  
=== Crie os Arquivos de Configuração do Container ===
+
{{TableStart}}
 +
{{2ColHead|Media Device Mix-in|Description}}
 +
<tr><td>{{c|mediadevice-base}}</td><td>Common, universally-supported media devices, like IEEE-1394 (Firewire), CDDA, CDIO. Other mediadevice mix-ins have this as a parent.</td></tr>
 +
<tr><td>{{c|mediadevice-audio-consumer}}</td><td>Consumer audio devices, such as personal portable media players (iOS, iPod, etc.)</td></tr>
 +
<tr><td>{{c|mediadevice-audio-pro}}</td><td>Pro audio support, such as JACK.</td></tr>
 +
<tr><td>{{c|mediadevice-video-consumer}}</td><td>Consumer video support, such as DVD, Blu Ray, V4L</td></tr>
 +
<tr><td>{{c|mediadevice-video-pro}}</td><td>Pro video support, such as dv, dc1394.</td></tr>
 +
{{TableEnd}}
  
Crie os seguintes arquivos:
+
=== Дополнения для медиа-форматов ===
  
==== {{c|/lxc/funtoo0/config}} ====
+
Media format mix-ins have been created to support media formats for reading, writing, encoding and decoding images, audio and video. They have been organized into a "common" collection, for popular formats, and an "extra" collection, which is intended to include "everything else". Let's look at the new mix-ins:
  
 +
{{TableStart}}
 +
{{2ColHead|Media Format Mix-in|Description}}
 +
<tr><td>{{c|mediaformat-video-common}}</td><td>Common (ie. popular) video formats.</td></tr>
 +
<tr><td>{{c|mediaformat-video-extra}}</td><td>More esoteric video formats.</td></tr>
 +
<tr><td>{{c|mediaformat-audio-common}}</td><td>Common (ie. popular) audio formats.</td></tr>
 +
<tr><td>{{c|mediaformat-audio-extra}}</td><td>More esoteric audio formats.</td></tr>
 +
<tr><td>{{c|mediaformat-gfx-common}}</td><td>Common (ie. popular) graphics formats.</td></tr>
 +
<tr><td>{{c|mediaformat-gfx-extra}}</td><td>More esoteric graphics formats.</td></tr>
 +
{{TableEnd}}
  
e crie também o link simbólico a partir de
+
=== Использование медиа-дополнений ===
==== {{c|/lxc/funtoo0/config to /etc/lxc/funtoo0/config }} ====
+
{{console|body=
+
###i## install -d /etc/lxc/funtoo0
+
###i## ln -s /lxc/funtoo0/config /etc/lxc/funtoo0/config
+
}}
+
  
{{note| Daniel Robbins precisa atualizar esse config para ficar mais alinhado com o http://wiki.progress-linux.org/software/lxc/ -- Esse config aparenta ter permissões de node de dispositivo boa, refinado entre outras coisas. // nota de Havis para Daniel, esse config já é superior.}}
+
Our existing {{c|media}} mix-in still exists, and is still pulled in by the {{c|desktop}} and {{c|workstation}} flavors automatically. It now includes the following parent mix-ins:
  
 +
* {{c|mediadevice-audio-consumer}}
 +
* {{c|mediadevice-video-consumer}}
 +
* {{c|mediaformat-audio-common}}
 +
* {{c|mediaformat-gfx-common}}
 +
* {{c|mediaformat-video-common}}
  
Leia "man 5 lxc.conf" , para obter mais informações sobre o arquivo de configuração do linux container.
+
In addition, there is a new {{c|media-pro}} mix-in which needs to be enabled manually, which pulls in the following mix-ins:
<pre>
+
## Container
+
lxc.utsname                            = funtoo0
+
lxc.rootfs                              = /lxc/funtoo0/rootfs/
+
lxc.arch                                = x86_64
+
#lxc.console                            = /var/log/lxc/funtoo0.console  # uncomment if you want to log containers console
+
lxc.tty                                = 6  # if you plan to use container with physical terminals (eg F1..F6)
+
#lxc.tty                                = 0  # set to 0 if you dont plan to use the container with physical terminal, also comment out in your containers /etc/inittab  c1 to c6 respawns (e.g. c1:12345:respawn:/sbin/agetty 38400 tty1 linux)
+
lxc.pts                                = 1024
+
  
 +
* {{c|mediadevice-audio-pro}}
 +
* {{c|mediadevice-video-pro}}
  
## Capabilities
+
So typically, you would enable the {{c|desktop}} or {{c|workstation}} flavor, and if you need professional hardware support, you'd also enable the {{c|media-pro}} mix-in. If you needed any additional media formats support, you could enable one or more of the {{c|mediaformat-*-extra}} mix-ins to add the formats you needed. Of course, it's possible to enable only the specific mix-ins you need, and also complement these mix-ins with specific USE variable settings you might require.
lxc.cap.drop                            = audit_control
+
lxc.cap.drop                            = audit_write
+
lxc.cap.drop                            = mac_admin
+
lxc.cap.drop                            = mac_override
+
lxc.cap.drop                            = mknod
+
lxc.cap.drop                            = setfcap
+
lxc.cap.drop                            = setpcap
+
lxc.cap.drop                            = sys_admin
+
#lxc.cap.drop                            = sys_boot # capability to reboot the container
+
#lxc.cap.drop                            = sys_chroot # required by SSH
+
lxc.cap.drop                            = sys_module
+
#lxc.cap.drop                            = sys_nice
+
lxc.cap.drop                            = sys_pacct
+
lxc.cap.drop                            = sys_rawio
+
lxc.cap.drop                            = sys_resource
+
lxc.cap.drop                            = sys_time
+
#lxc.cap.drop                            = sys_tty_config # required by getty
+
  
## Devices
+
=== How Profile Settings are Stored ===
#lxc.cgroup.devices.allow              = a # Allow access to all devices
+
lxc.cgroup.devices.deny                = a # Deny access to all devices
+
  
# Allow to mknod all devices (but not using them)
+
Funtoo Linux stores its profile settings in the {{f|/etc/portage/make.profile/parent}} file. Typically, users don't need to modify this file, instead using {{c|ego}} and {{c|epro}} to make changes, but it can be handy to take a look at what the contents of the file look like. A simple server might have profile settings as follows:
lxc.cgroup.devices.allow                = c *:* m
+
{{file|name=/etc/portage/make.profile/parent|body=
lxc.cgroup.devices.allow                = b *:* m
+
gentoo:funtoo/1.0/linux-gnu/arch/x86-64bit
 
+
gentoo:funtoo/1.0/linux-gnu/build/current
lxc.cgroup.devices.allow                = c 1:3 rwm # /dev/null
+
gentoo:funtoo/1.0/linux-gnu/flavor/core
lxc.cgroup.devices.allow                = c 1:5 rwm # /dev/zero
+
lxc.cgroup.devices.allow                = c 1:7 rwm # /dev/full
+
lxc.cgroup.devices.allow                = c 1:8 rwm # /dev/random
+
lxc.cgroup.devices.allow                = c 1:9 rwm # /dev/urandom
+
#lxc.cgroup.devices.allow                = c 4:0 rwm # /dev/tty0 ttys not required if you have lxc.tty = 0
+
#lxc.cgroup.devices.allow                = c 4:1 rwm # /dev/tty1 devices with major number 4 are "real" tty devices
+
#lxc.cgroup.devices.allow                = c 4:2 rwm # /dev/tty2
+
#lxc.cgroup.devices.allow                = c 4:3 rwm # /dev/tty3
+
lxc.cgroup.devices.allow                = c 5:0 rwm # /dev/tty
+
lxc.cgroup.devices.allow                = c 5:1 rwm # /dev/console
+
lxc.cgroup.devices.allow                = c 5:2 rwm # /dev/ptmx
+
lxc.cgroup.devices.allow                = c 10:229 rwm # /dev/fuse
+
lxc.cgroup.devices.allow                = c 136:* rwm # /dev/pts/* devices with major number 136 are pts
+
lxc.cgroup.devices.allow                = c 254:0 rwm # /dev/rtc0
+
 
+
## Limits#
+
lxc.cgroup.cpu.shares                  = 1024
+
lxc.cgroup.cpuset.cpus                = 0       # limits container to CPU0
+
lxc.cgroup.memory.limit_in_bytes      = 512M
+
lxc.cgroup.memory.memsw.limit_in_bytes = 1G
+
#lxc.cgroup.blkio.weight                = 500      # requires cfq block scheduler
+
 
+
## Filesystem
+
#containers fstab should be outside it's rootfs dir (e.g. /lxc/funtoo0/fstab is ok, but /lxc/funtoo0/rootfs/etc/fstab is wrong!!!)
+
#lxc.mount                              = /lxc/funtoo0/fstab     
+
 
+
#lxc.mount.entry is prefered, because it supports relative paths
+
lxc.mount.entry                        = proc proc proc nosuid,nodev,noexec  0 0
+
lxc.mount.entry                        = sysfs sys sysfs nosuid,nodev,noexec,ro 0 0
+
lxc.mount.entry                        = devpts dev/pts devpts nosuid,noexec,mode=0620,ptmxmode=000,newinstance 0 0
+
lxc.mount.entry                        = tmpfs dev/shm tmpfs nosuid,nodev,mode=1777 0 0
+
lxc.mount.entry                        = tmpfs run tmpfs nosuid,nodev,noexec,mode=0755,size=128m 0 0
+
lxc.mount.entry                        = tmpfs tmp tmpfs nosuid,nodev,noexec,mode=1777,size=1g 0 0
+
 
+
##Example of having /var/tmp/portage as tmpfs in container
+
#lxc.mount.entry                        = tmpfs var/tmp/portage tmpfs defaults,size=8g,uid=250,gid=250,mode=0775 0 0
+
##Example of bind mount
+
#lxc.mount.entry                        = /srv/funtoo0 /lxc/funtoo0/rootfs/srv/funtoo0 none defaults,bind 0 0
+
 
+
## Network
+
lxc.network.type                        = veth
+
lxc.network.flags                      = up
+
lxc.network.hwaddr                      = #put your MAC address here, otherwise you will get a random one
+
lxc.network.link                        = br0
+
lxc.network.name                        = eth0
+
#lxc.network.veth.pair                  = veth-example
+
</pre>
+
 
+
Leia "man 7 capabilities" para obter mais informações sobre compatibilidades no Linux.
+
 
+
Acima, utilize o comando a seguir para gerar um MAC randômico (random MAC) para o {{c|lxc.network.hwaddr}}:
+
 
+
{{console|body=
+
###i## openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/.$//'
+
 
}}
 
}}
 
+
Profile settings for a desktop might look like this:
É uma boa ideia atribuir um endereço MAC estático para o seu container utilizar {{c|lxc.network.hwaddr}}. Caso não, LXC will auto-gerará um novo MAC randômico toda vez que seu container inicializar, o qual pode confundir o equipamento de rede que espera que os endereços MAC  permaneça constante.
+
{{file|name=/etc/portage/make.profile/parent|body=
 
+
gentoo:funtoo/1.0/linux-gnu/arch/x86-64bit
Pode acontecer de caso para caso que você não seja capaz de inicializar seu LXC Container com o endereço MAC gerado; então, para todos esse que tiverem esse problema, aqui está um pequeno script que conecta seu IP para o container com o endereço MAC. Apenas salve o código a seguir assim {{c|/etc/lxc/hwaddr.sh}}, torne-o executável e execute-o assim {{c|/etc/lxc/hwaddr.sh xxx.xxx.xxx.xxx}} onde xxx.xxx.xxx.xxx representa o IP do seu Container. <br>{{c|/etc/lxc/hwaddr.sh}}:
+
gentoo:funtoo/1.0/linux-gnu/build/current
 
+
gentoo:funtoo/1.0/linux-gnu/flavor/desktop
<pre>
+
gentoo:funtoo/1.0/linux-gnu/mix-ins/dvd
#!/bin/sh
+
gentoo:funtoo/1.0/linux-gnu/mix-ins/media
IP=$*
+
HA=`printf "02:00:%x:%x:%x:%x" ${IP//./ }`
+
echo $HA
+
</pre>
+
 
+
==== {{c|/lxc/funtoo0/fstab}} ====
+
{{fancynote| é preferível ter entradas mount diretamente no arquivo config ao invés do fstab separado:}}
+
Edite arquivo {{c|/lxc/funtoo0/fstab}}:
+
<pre>
+
none /lxc/funtoo0/dev/pts devpts defaults 0 0
+
none /lxc/funtoo0/proc proc defaults 0 0
+
none /lxc/funtoo0/sys sysfs defaults 0 0
+
none /lxc/funtoo0/dev/shm tmpfs nodev,nosuid,noexec,mode=1777,rw 0 0
+
</pre>
+
 
+
== LXC Networking ==
+
*veth - Ethernet Virtual (bridge)
+
*vlan - Interface da vlan (requer dispositivo capaz de utilizar a vlan tagging)
+
*macvlan (mac-address baseado na lan tagging virtual) possui 3 modos:
+
**private
+
**vepa (Virtual Ethernet Port Aggregator)
+
**bridge
+
*phys - NIC hospede (host) dedicado
+
[https://blog.flameeyes.eu/2010/09/linux-containers-and-networking Linux Containers and Networking]
+
 
+
Habilite o roteamento no host:
+
Por padrão, o Linux workstations e servidores possuem o IPv4 forwarding desabilitado.
+
{{console|body=
+
###i## echo "1" > /proc/sys/net/ipv4/ip_forward
+
###i## cat /proc/sys/net/ipv4/ip_forward
+
# 1
+
 
}}
 
}}
 +
== History and Origins ==
  
== Initializing e Starting o Container ==
+
This new system is really a completion of the original cascading profile design that was co-designed by Daniel Robbins and Seemant Kulleen and implemented by Seemant Kulleen as part of Portage. Funtoo Profiles designed to leverage the existing cascading profile system and provide something much more useable and maintainable for users and developers alike. Here are some of its benefits:
 
+
Provavelmente você precisará definir a senha de administrador (root password) para o container antes que pode logar. Você pode utilizar o chroot para fazer isso rapidamente:
+
 
+
{{console|body=
+
###i## chroot /lxc/funtoo0/rootfs
+
(chroot) ###i## passwd
+
New password: XXXXXXXX
+
Retype new password: XXXXXXXX
+
passwd: password updated successfully
+
(chroot) ###i## exit
+
}}
+
 
+
Agora que a senha de administrador está definida, execute:
+
 
+
{{console|body=
+
###i## lxc-start -n funtoo0 -d
+
}}
+
 
+
A opção {{c|-d}} fará com que rode em plano de fundo (background).
+
 
+
Para anexá-lo ao console:
+
 
+
{{console|body=
+
###i## lxc-console -n funtoo0
+
}}
+
 
+
Agora você deve ser capaz de logar e utilizar o container. Em adição, o container deve agora estar acessível na rede.
+
 
+
Para anexar o container diretamente:
+
 
+
{{console|body=
+
###i## lxc-attach -n funtoo0
+
}}
+
 
+
Para parar o container:
+
 
+
{{console|body=
+
###i## lxc-stop -n funtoo0
+
}}
+
 
+
Certifique-se de que a rede está funcionando de dentro do container enquanto estiver em execução, e você está pronto para trabalhar!
+
 
+
== Inicializando um LXC container durante o  host boot ==
+
 
+
# Você precisa criar um symlink em {{c|/etc/init.d/}} para {{c|/etc/init.d/lxc}} assim ele reflete seu container.
+
# {{c|ln -s /etc/init.d/lxc /etc/init.d/lxc.funtoo0}}
+
# agora você pode adicionar {{c|lxc.funtoo0}} para o runlevel padrão
+
# {{c|rc-update add lxc.funtoo0 default}}
+
{{console|body=
+
###i## rc
+
* Starting funtoo0 ...                  [ ok ]
+
}}
+
 
+
== LXC Bugs/Ausência de Recursos ==
+
 
+
Essa seçao é dedicada a documentar questões como a implementação atual do LXC e suas ferramentas associadas. Estaremos gradualmente expandindo essa seção com descrições detalhadas de problemas, seus status, e soluções de problemas.
+
 
+
=== reboot ===
+
 
+
* Por padrão, o lxc não possui suporte a reiniciar um container. Ele simplesmente parará e o host não saberá inicializá-lo.
+
* Se você quiser que o seu to reinicialize de forma agradável, você precisa da capacidade sys_boot (comente lxc.cap.drop = sys_boot no seu container config)
+
 
+
=== PID namespaces ===
+
 
+
Process ID namespaces são funcionais, mas o container pode ainda visualizar a utilizaçaõ do CPU do host via system load (ie. in {{c|top}}).
+
 
+
=== /dev/pts newinstance ===
+
 
+
* Algumas alterações podem ser exigidas para que o  host implemente implemente "newinstance" {{c|/dev/pts}} corretamente. Veja [https://bugzilla.redhat.com/show_bug.cgi?id=501718 This Red Hat bug].
+
 
+
=== lxc-create e lxc-destroy ===
+
 
+
* Os shell scripts do LXC são mal desenvolvidos e são com certeza caminho para a destruição, evite utilizar o lxc-create e lxc-destroy.
+
 
+
=== inicialização limpeza de rede ===
+
 
+
* Se utilizado network.type = phys after lxc-stop a interface será renomeada para o valor de lxc.network.link. Esperava-se que fosse corrigido na versão 0.7.4, que aconteceu ainda na versão 0.7.5 - http://www.mail-archive.com/lxc-users@lists.sourceforge.net/msg01760.html
+
 
+
* Reiniciar um container pode resultar em uma falar como os recursos da rede estão atrelados a  a partir da já falecida instancia: [http://www.mail-archive.com/lxc-devel@lists.sourceforge.net/msg00824.html]
+
 
+
=== shutdown de forma satisfatória ===
+
 
+
* Para desligar (shutdown) um container de forma satisfatória, seu sistema init precisa cuidar de forma correta o sinal de kill -PWR (kill -PWR signal)
+
* Para o funtoo/gentoo certifique-se de que possui:
+
** pf:12345:powerwait:/sbin/halt
+
** em seus containers /etc/inittab
+
* Para o debian/ubuntu certifique-se de que possui:
+
** pf::powerwait:/sbin/shutdown -t1 -a -h now
+
** em seu container /etc/inittab
+
** e também comente outras linhas iniciadas com pf:powerfail (tal qual pf::powerwait:/etc/init.d/powerfail start) <- esses são utilizados se você possui daemon UPS monitoring instalada!
+
* /etc/init.d/lxc aparenta possuir suporte quebrado para um shutdown satisfatório (ele envia um adequado, mas então tenta também matar (kill) a init com o lxc-stop)
+
 
+
=== funtoo ===
+
 
+
* Nosso udev deve ser atualizado para conter {{c|-lxc}} nos scripts. (Isso tem sido feito da partir de 02-Nov-2011, então deve estar resolvido. Mas não corrigido em nossos templates openvz, então precisamos gerá-los novamente (regen) em agluns dias.)
+
* Nosso openrc dever ter patches para cuidar do caso onde ele não pode montar o tmpfs, e de forma satisfatória cuidar dessa situação de alguma forma. (trabalhos de terceiros em nossos docs acima, que é para montar o tmpfs no {{c|/libexec/rc/init.d}} utilizando o arquivo específico do container {{c|fstab}} (no host.)
+
* Emergir o udev dentro de um container pode/rá falhar quando o realdev estiver em execução, se um node de dispositivo não puder ser criado (tal como o /dev/console) se houver nenhuma compatibilidade com o mknod dentro do container. Isso deve ser corrigido.
+
 
+
== Referências ==
+
 
+
* {{c|man 7 capabilities}}
+
* {{c|man 5 lxc.conf}}
+
 
+
== Links ==
+
 
+
* Há um número de recursos adicionais do lxc que podem ser habilitados via patches: [http://lxc.sourceforge.net/patches/linux/3.0.0/3.0.0-lxc1/]
+
* [https://wiki.ubuntu.com/UserNamespace Ubuntu User Namespaces page]
+
* script de configuração do lxc-gentoo [https://github.com/globalcitizen/lxc-gentoo on GitHub]
+
 
+
* '''Trabalho de desenvolvedores da IBM'''
+
** [http://www.ibm.com/developerworks/linux/library/l-lxc-containers/index.html LXC: Linux Container Tools]
+
** [http://www.ibm.com/developerworks/linux/library/l-lxc-security/ Secure Linux Containers Cookbook]
+
  
* '''Linux Weekly News'''
+
* Fewer settings in <code>/etc/make.conf</code>. <code>CHOST</code> and <code>ARCH</code> no longer set in <code>/etc/make.conf</code>.
** [http://lwn.net/Articles/244531/ Smack for simplified access control]
+
* Separation of concerns -- arch, build, and flavor-related settings are organized together.
 +
* User flexibility - any number of mix-ins can be enabled to tweak masks or USE settings as needed.
  
[[Category:Labs]]
+
{{note|See [[Custom Profiles]] for information on how to extend the profile system.}}
 +
[[Category:Funtoo features]]
 +
[[Category:Portage]]
 
[[Category:HOWTO]]
 
[[Category:HOWTO]]
[[Category:Virtualization]]
+
[[Category:Official Documentation]]

Revision as of 17:25, July 27, 2015

Other languages:
English • ‎português do Brasil • ‎русский

Типы профилей

Historically, users have had to add a large number of settings to /etc/make.conf to customize their Gentoo or Funtoo Linux system, which made setup of the operating system more difficult than it should be. In Gentoo Linux, it is possible to only define one system profile. Think of a system profile as the default settings that Portage uses for building everything on your system. Funtoo Linux uses multiple sub-profiles per system. The following profile types are available in Funtoo Linux:

Sub-ProfileDescription
archThis defines CPU-specific settings. Only one arch profile is enabled at install time, and cannot be changed.
subarchThis further refines the CPU-specific settings. One subarch profile is typically enabled at install time.
buildThis defines the type of stability, such as current or stable, and its associated settings. One build profile is enabled, at install time, and is generally not changed.
flavorThis defines the intended use of Funtoo, such as minimal, core, workstation or desktop. One flavor is enabled, and can be changed by the user.
mix-insThese can be enabled by the user, based on the features the user wants, such as gnome, kde, media, mate, X, and hardened.
Note

Flavors can (and often do) inherit settings from other flavors and mix-ins. Mix-ins can also inherit settings from other mix-ins. For example, X is inherited by gnome. The epro tool will show both as being enabled so there are no surprises.

Использование epro

epro show отображает текущие настройки профилей в вашей системе:

#  epro show

=== Enabled Profiles: ===

        arch:  x86-64bit
       build:  current
     subarch:  intel64-haswell
      flavor:  desktop
     mix-ins:  gnome


=== All inherited flavors from desktop flavor: ===

                     workstation (from desktop flavor)
                            core (from workstation flavor)
                         minimal (from core flavor)

=== All inherited mix-ins from desktop flavor: ===

                               X (from workstation flavor)
                           audio (from workstation flavor)
                             dvd (from workstation flavor)
                           media (from workstation flavor)
      mediadevice-audio-consumer (from media mix-in)
                mediadevice-base (from mediadevice-audio-consumer mix-in)
      mediadevice-video-consumer (from media mix-in)
                mediadevice-base (from mediadevice-video-consumer mix-in)
        mediaformat-audio-common (from media mix-in)
          mediaformat-gfx-common (from media mix-in)
        mediaformat-video-common (from media mix-in)
                  console-extras (from workstation flavor)
                           print (from desktop flavor)

To view all available sub-profile settings, use epro list:

#  epro list

Enabled profiles will be highlighted in cyan. Directly enabled profiles will be in bold and have an asterisk * appended. Sub-profiles enabled via inheritance will be highlighted.

Примеры использования

Add the mix-ins gnome and kde
#  epro mix-ins +gnome +kde
Remove a mix-in, for example gnome
#  epro mix-ins -gnome
Change the profile arch to x86-64bit
#  epro arch x86-64bit
Change the subarch to generic_64
#  epro subarch generic_64
Change the system flavor
#  epro flavor desktop
Get JSON output of profile settings
#  epro show-json
Get current sub-profile setting in text form
#  epro get [profiletype]

Конфигурации

В системе можно одновременно задействовать только один профиль конфигурации. Доступны следующие варианты:

FlavorDescription
minimalThis contains the bare minimum settings for all Funtoo Linux flavors.
coreThe core flavor includes the minimal flavor, plus reasonable settings, and is used for the official stage3 downloads.
serverIn the future, the server flavor will include the core flavor, plus specific settings designed for servers. At the moment, it is equivalent to the core flavor.
workstationThe workstation flavor is a minimal desktop system. It includes the core flavor, plus these mix-ins: X, audio, dvd, media and console-extras.
desktopThe desktop flavor includes the common settings for any full-featured desktop system. It includes the workstation flavor plus printing support. The user is expected to further customize their system with a desktop environment of choice, such as KDE, GNOME, or XFCE, possibly by using a mix-in.

Дополнения

Одновременно в системе может быть задействовано любое количество дополнений. Доступные следующие варианты дополнений:

Mix-inDescription
audioEnables core audio-related settings, currently related to ALSA.
console-extrasEnables things that are nice to have for console-only systems. Currently enabling gpm in USE.
dvdUSE settings related to optical drives -- CDR/DVD-ROM/RW use.
gnomeUSE and package.use settings required to merge GNOME. Designed to be used with desktop or workstation flavor.
hardenedEnables hardened support.
kdeUSE and package.use settings required to merge KDE. Designed to be used with desktop or workstation flavor.
mediaUSE settings related to audio/video media encoding. Can be for desktops or servers.
printEnables printing capability.
vmware-guestSettings related to using Funtoo Linux as a VMWare virtual machine guest.
XSettings related to the X Window System and hardware support.
xfceUSE settings required for merging XFCE.

Дополнения для мультимедийных устройств

Media device mix-ins have been created to support media devices, including external and portable devices, and associated low-level hardware support and hardware-focused codecs. Media devices have been categorized into audio and video categories, and consumer and professional categories. "Consumer" devices are those devices that regular desktop users might typically use, while "professional" devices are those that professionals, hobbyists or enthusiasts would typically use. Here are the new mix-ins for media devices:

Media Device Mix-inDescription
mediadevice-baseCommon, universally-supported media devices, like IEEE-1394 (Firewire), CDDA, CDIO. Other mediadevice mix-ins have this as a parent.
mediadevice-audio-consumerConsumer audio devices, such as personal portable media players (iOS, iPod, etc.)
mediadevice-audio-proPro audio support, such as JACK.
mediadevice-video-consumerConsumer video support, such as DVD, Blu Ray, V4L
mediadevice-video-proPro video support, such as dv, dc1394.

Дополнения для медиа-форматов

Media format mix-ins have been created to support media formats for reading, writing, encoding and decoding images, audio and video. They have been organized into a "common" collection, for popular formats, and an "extra" collection, which is intended to include "everything else". Let's look at the new mix-ins:

Media Format Mix-inDescription
mediaformat-video-commonCommon (ie. popular) video formats.
mediaformat-video-extraMore esoteric video formats.
mediaformat-audio-commonCommon (ie. popular) audio formats.
mediaformat-audio-extraMore esoteric audio formats.
mediaformat-gfx-commonCommon (ie. popular) graphics formats.
mediaformat-gfx-extraMore esoteric graphics formats.

Использование медиа-дополнений

Our existing media mix-in still exists, and is still pulled in by the desktop and workstation flavors automatically. It now includes the following parent mix-ins:

  • mediadevice-audio-consumer
  • mediadevice-video-consumer
  • mediaformat-audio-common
  • mediaformat-gfx-common
  • mediaformat-video-common

In addition, there is a new media-pro mix-in which needs to be enabled manually, which pulls in the following mix-ins:

  • mediadevice-audio-pro
  • mediadevice-video-pro

So typically, you would enable the desktop or workstation flavor, and if you need professional hardware support, you'd also enable the media-pro mix-in. If you needed any additional media formats support, you could enable one or more of the mediaformat-*-extra mix-ins to add the formats you needed. Of course, it's possible to enable only the specific mix-ins you need, and also complement these mix-ins with specific USE variable settings you might require.

How Profile Settings are Stored

Funtoo Linux stores its profile settings in the /etc/portage/make.profile/parent file. Typically, users don't need to modify this file, instead using ego and epro to make changes, but it can be handy to take a look at what the contents of the file look like. A simple server might have profile settings as follows:

/etc/portage/make.profile/parent
gentoo:funtoo/1.0/linux-gnu/arch/x86-64bit
gentoo:funtoo/1.0/linux-gnu/build/current
gentoo:funtoo/1.0/linux-gnu/flavor/core

Profile settings for a desktop might look like this:

/etc/portage/make.profile/parent
gentoo:funtoo/1.0/linux-gnu/arch/x86-64bit
gentoo:funtoo/1.0/linux-gnu/build/current
gentoo:funtoo/1.0/linux-gnu/flavor/desktop
gentoo:funtoo/1.0/linux-gnu/mix-ins/dvd
gentoo:funtoo/1.0/linux-gnu/mix-ins/media

History and Origins

This new system is really a completion of the original cascading profile design that was co-designed by Daniel Robbins and Seemant Kulleen and implemented by Seemant Kulleen as part of Portage. Funtoo Profiles designed to leverage the existing cascading profile system and provide something much more useable and maintainable for users and developers alike. Here are some of its benefits:

  • Fewer settings in /etc/make.conf. CHOST and ARCH no longer set in /etc/make.conf.
  • Separation of concerns -- arch, build, and flavor-related settings are organized together.
  • User flexibility - any number of mix-ins can be enabled to tweak masks or USE settings as needed.
Note

See Custom Profiles for information on how to extend the profile system.