Difference between pages "Pt-br/Linux Containers" and "Main Page"

(Difference between pages)
(PID namespaces)
 
 
Line 1: Line 1:
== Status ==
+
{{DISPLAYTITLE:Funtoo Linux}}
 +
__NOTITLE__
 +
__NOEDITSECTION__
 +
<div style="text-align:center;">[[File:Fwiki.png|link=Funtoo_Linux_Installation]]</div>
 +
<div style="display: none;"><h1>Welcome to Funtoo Linux</h1></div>
  
Como no kernel Linux 3.1.5, o LXC é útil por isolar seus próprios trabalhos de outros. Ele não está pronto ainda para isolar potencialmente usuários de outros ou do sistema hóspede (host). Para uma solução de containers mais madura, que é apropriada para ambientes de hospedagem, veja [[OpenVZ]].
 
  
Containers LXC ainda não possui seu próprio sistema de atualização, e eles veem tudo que está na saída {{c|dmesg}} no host, entre outras coisas. Mas em geral, a tecnologia funciona.
+
Funtoo Linux is a rolling-release Linux meta-distribution for x86 and ARM systems. It uses Portage as a package manager, and is run by Daniel Robbins, creator of Gentoo Linux. It is a continuation of Daniel's work on Gentoo Linux.  Funtoo Linux is committed to software freedom, independence, and a user-centric model of software development, where our users help define the future direction of the project.
  
== Informações Básicas ==
+
Our goal is to provide a best-of-breed Gentoo-based meta-distribution that is ideal for desktop and servers, and to progressively improve our core technology in a thoughtful and innovative way, while respecting Gentoo design principles, and the history of Unix and Linux.
  
 +
Funtoo Linux provides [[Subarches|optimized builds]] for your specific hardware to ensure the best possible performance, and offers the following features:
 +
*A completely systemd-free system, including GNOME 3.14 without systemd.
 +
* A new [[Funtoo 1.0 Profile|profile system]] to simplify system configuration.
 +
* Improved ease of install with pre-built Debian kernel provided in our install image.
 +
* A new system configuration tool, [News:Better_Experiences:_Ego_and_Vim ego].
 +
* An advanced build and quality assurance tool called [[Metro]], providing optimized install images and enhanced real-world testing.
 +
* The use of git as a default mechanism for getting updated ebuilds (build scripts) to you.
 +
* [[Funtoo Linux Networking|Modular networking scripts]] to simplify creating sophisticated server network configurations.
 +
* Enhanced Python support from the Progress overlay, and inclusion of other popular packages from the Gentoo ecosystem.
  
* Linux Containers são baseados em:
+
<div class="row">
** Kernel namespaces para isolamento de recursos
+
<div class="col-md-3">
** CGroups para limitação e contabilidade de recursos
+
== Getting Started ==
 +
'''[[Funtoo Linux Installation|Install Funtoo]]'''
  
{{Package|app-emulation/lxc}} é a ferramenta userspace para os Linux containers
+
'''{{CreateAccount}}''', which allows you to get involved with the community.  Log in to the [http://www.funtoo.org/ wiki], [http://forums.funtoo.org forums], and [https://bugs.funtoo.org bug tracker] under the same username, and password by unified logins.  See the [[Funtoo Authentication FAQ|Auth FAQ]] for more info about account creation.
  
== Grupos de controle (Control groups) ==
+
Get to know fellow users in our [http://en.wikipedia.org/wiki/IRC IRC] community on [http://webchat.freenode.net/?nick=Funtoo.&channels=%23funtoo&uio=MTA9dHJ1ZSYxMj10cnVlf5 irc.freenode.net #funtoo]  you are encouraged to hang out with us.
  
* Control groups (cgroups) no kernel desde o 2.6.24
+
'''[[Reporting Bugs|Report bugs, and suggest improvements]]''' to our '''[http://bugs.funtoo.org bug tracker]'''. We take all bugs seriously, and all work performed is tracked on our public bug tracker, for purposes of transparency.
** Permite agregação de tarefas e seus filhos (children)
+
** Subsystems (cpuset, memory, blkio,...)
+
** accounting - para medir a quantidade de recursos que certos sistemas utilizam
+
** resource limiting (limitante de recurso) - grupos podem ser configurados para não excederem um determinado limite de memória
+
** prioritization (priorização) - alguns grupos podem ter uma fatia maior do CPU
+
** control - freezing/unfreezing (congelamento/descongelamento) de cgroups, checkpointing (ponto de verificação) e restarting (reinicialização)
+
** No disk quota limitation ( -> image file, LVM, XFS, directory tree quota,...) [sem limitação de cota de disco (-> arquivo imagem, LVM, XFS, cota de arvore de diretório)]
+
  
== Subsystems ==
+
See [http://distrowatch.com/table.php?distribution=funtoo funtoo on distrowatch].<br />
<br>
+
See the [[Funtoo Linux FAQ]].
{{console|body=
+
###i## cat /proc/cgroups
+
subsys_name hierarchy num_cgroups enabled
+
cpuset
+
cpu
+
cpuacct
+
memory
+
devices
+
freezer
+
blkio
+
perf_event
+
hugetlb
+
}}
+
  
#cpuset    -> limita tarefas para CPU/CPUs específicos
+
=== Web Hosting ===
#cpu        -> compartilhamento de CPU
+
Funtoo supports multiple [[web-server-stack | web server stack]] arrangements to get any content on any framework you want published in any way you want with high performance web hosting direct from the distribution.
#cpuacct    -> contabilização de CPU
+
</div>
#memory    -> limitação de contabilização de memória e de swap
+
#devices    -> lista de dispositivo negado ou permitido
+
#freezer    -> suspend/resume tarefas
+
#blkio      -> priorização I/O (weight, throttle, ...)
+
#perf_event -> suporte para monitoramento por-cpu por-cgroup [http://lwn.net/Articles/421574/ perf_events]
+
#hugetlb    -> recurso controlador do cgroup para páginas HugeTLB [http://lwn.net/Articles/499255/ hugetlb]
+
  
== Configurando o Host system do Funtoo ==
+
<div class="col-md-3">
 +
== Official Projects ==
 +
*  '''[[Keychain]]''', an SSH/GPG agent front-end.
 +
* '''[[Metro]]''', automated Funtoo build engine.
 +
* '''[[Linux_Fundamentals,_Part_1|Learn Linux]]'''! [[Awk_by_Example,_Part_1|Awk]], [[Bash_by_Example,_Part_1|Bash]], [[Sed_by_Example,_Part_1|Sed]]  and more.
 +
* Web projects include [http://larrythecow.org larrythecow.org], the Gentoo blog aggregator, [http://kernel-seeds.org kernel-seeds.org], and [http://git.funtoo.org git.funtoo.org].
  
=== Instale o LXC kernel ===
+
== Quality Assurance ==
Qualquer kernel acima do 3.1.5 provavelmente funcionará. Pessoalmente, eu prefiro o {{Package|sys-kernel/gentoo-sources}} , uma vez que ele possui suporte para todos os namespaces sem sacrificar o suporte a xfs, FUSE ou NFS, por exemplo. Essas verificações foram introduzidas posteriormente, a partir do kernel 3.5, o que pode também significar que o namespace do usuário não está funcionando de forma otimizada.
+
Funtoo uses automated testing to ensure that sources build correctly.
 +
''Benefits for desktops'': leaner, optimized, faster system.
 +
''Additional benefits for servers'': enable only what you actually need to reduce attack surface, thus improving security.
 +
</div>
  
* User namespace (EXPERIMENTAL) depende do EXPERIMENTAL e do UIDGID_CONVERTED
 
** config UIDGID_CONVERTED
 
*** True (verdadeiro) se todos os componentes de software selecionados forem conhecidos por terem uid_t and gid_t convertidos para kuid_t and kgid_t onde se apropriaram e são por outro lado seguros de utilizar com o user namespace.
 
**** Networking - depende do NET_9P = n
 
**** Filesystems - 9P_FS = n, AFS_FS = n, AUTOFS4_FS = n, CEPH_FS = n, CIFS = n, CODA_FS = n, FUSE_FS = n, GFS2_FS = n, NCP_FS = n, NFSD = n, NFS_FS = n, OCFS2_FS = n, XFS_FS = n
 
**** Opções de segurança (Security options) - Grsecurity - GRKERNSEC = n (se aplicável)
 
  
** A partir do kernel 3.10.xx, todas as opções acima são seguras para se usar com User namespaces, excetuando XFS_FS. Consequentemente, com kernel >=3.10.xx, você deverá responder XFS_FS= n, caso queira suporte a User namespaces.
+
<div class="col-md-6">
** Em seu diretório da fonte do kernel (kernel source directory), você deve verificar o init/Kconfig e descobrir o que UIDGID_CONVERTED depende
+
=== News ===
 
+
{{NewsList|2}}
==== Configuração do kernel ====
+
=== [[Ebuilds]] ===
Estas opções devem ser habilitadas em seu kernel para ser capaz de tirar o máximo proveito do LXC.
+
'''Ebuild pages recently updated:''' {{#ask: [[Category:Ebuilds]]
 
+
| order=descending
* General setup
+
| sort=Modification date
** CONFIG_NAMESPACES
+
| format=list
*** CONFIG_UTS_NS
+
| limit=10
*** CONFIG_IPC_NS
+
| searchlabel=
*** CONFIG_PID_NS
+
*** CONFIG_NET_NS
+
*** CONFIG_USER_NS
+
** CONFIG_CGROUPS
+
*** CONFIG_CGROUP_DEVICE
+
*** CONFIG_CGROUP_SCHED
+
*** CONFIG_CGROUP_CPUACCT
+
*** CONFIG_CGROUP_MEM_RES_CTLR (em kernels superiores ao 3.6 essa opção é chamada de CONFIG_MEMCG)
+
*** CONFIG_CGROUP_MEM_RES_CTLR_SWAP (em kernels superiores ao 3.6 essa opção é chamada CONFIG_MEMCG_SWAP)
+
*** CONFIG_CPUSETS (on multiprocessor hosts)
+
* Networking support
+
** Networking options
+
*** CONFIG_VLAN_8021Q
+
* Device Drivers
+
** Character devices
+
*** Unix98 PTY support
+
**** CONFIG_DEVPTS_MULTIPLE_INSTANCES
+
** Network device support
+
*** Network core driver support
+
**** CONFIG_VETH
+
**** CONFIG_MACVLAN
+
 
+
Uma vez que você tenha o lxc instalado, você pode verificar seu kernel config com:
+
{{console|body=
+
# ##i##CONFIG=/path/to/config /usr/sbin/lxc-checkconfig
+
 
}}
 
}}
  
=== Emerge lxc ===
+
<div style="transform:translateY(-50%);" class="col-xs-1">[https://www.facebook.com/pages/Funtoo-Linux/107461849335837 <i class="fa fa-facebook"></i>]</div>
{{console|body=
+
  <div style="transform:translateY(-50%);" class="col-xs-1">[https://twitter.com/funtoo <i class="fa fa-twitter"></i>]</div>
# ##i##emerge app-emulation/lxc
+
  <div style="transform:translateY(-50%);" class="col-xs-1">[https://plus.google.com/+funtoo/posts <i class="fa fa-google-plus"></i>]</div>
}}
+
  <div style="transform:translateY(-50%);" class="col-xs-1">[https://www.reddit.com/r/funtoo <i class="fa fa-reddit">r</i>]</div>
 +
  <div style="transform:translateY(-50%);" class="col-xs-1">[https://github.com/funtoo <i class="fa fa-github"></i>]</div>
 +
  <div style="transform:translateY(-50%);" class="col-xs-1">[https://www.youtube.com/channel/UCKmOY6p3c9hxv3vJMAF8vVw <i class="fa fa-youtube"></i>]</div>
 +
  <div style="transform:translateY(-50%);" class="col-xs-1">[[Funtoo_RSS_and_Atom_Feeds | <i class="fa fa-rss-square"></i>]]</div>
 +
</div>
 +
</div>
  
=== Configure a Rede para o Container ===
+
<div class="row">
 +
  <div class="col-md-12">{{Announce|{{SupportBlurb}}}}</div>
 +
</div>
  
Tipicamente, alguém utiliza uma ponte (bridge) para permitir que os containers conectem a rede. Esse é o modo de se fazer isso no Funtoo Linux:
 
  
# crie uma bridge utilizando os Funtoo network configuration scripts. Nomeie a bridge com algo como {{c|brwan}} (using {{c|/etc/init.d/netif.brwan}}). Configure sua bridge pata ter um endereço IP.
+
<div class="row">
# Faça a dua interface física, tal qual {{c|eth0}}, uma interface sem endereço de IP (utilize o template {{c|interface-noip}} do Funtoo.)
+
  <div class="col-md-6">{{FuntooFriendly|Brownrice Internet}}</div>
# Torne o {{c|netif.eth0}} um slave de {{c|netif.brwan}} em {{c|/etc/conf.d/netif.brwan}}.
+
  <div class="col-md-6">{{#widget:YouTube16x9|playlist=PL2YVrx9jFJOewYI7f15FahwLOZlFCRqjZ}}</div>
# Habilite sua nova rede já em bridge e certifique-se de que está funcionando corretamente no host.
+
</div>
  
Agora você será capaz de configurar LXC para adicionar automaticamente sua interface ethernet virtual do container para criar uma bridge quando ele inicializar, que a conectará a sua rede.
+
{{#seo:
 
+
|title=Funtoo Linux
==Definindo um LXC Container do Funtoo Linux ==
+
|keywords=funtoo,linux,gentoo,Daniel Robbins
 
+
|description=Funtoo Linux is a Gentoo-based OS that uses a git-based Portage tree. Run by Daniel Robbins, creator of Gentoo.
Aqui estão os passos necessários para por o Funtoo Linux para funcionar <i>dentro de</i> um container. Os passos abaixo mostram como definir um container utilizando um template OpenVZ existente do Funtoo Linux. Agora é possível também utilizar o [[Metro]] para consruir um diretamente um tarball do lxc container, que salvará sua configuração manual e fornecerá um arquivo {{c|/etc/fstab.lxc}} que você pode utilizar para o seu host container config. Veja [[Metro Recipes]] para informações de como utilizar o Metro para gerar um lxc container.
+
 
+
=== Criar e configurar um Container Filesystem ===
+
 
+
# Inicie o Funtoo LXC template, e desempacote-o em um diretório tal qual {{c|/lxc/funtoo0/rootfs/}}
+
# Crie um arquivo {{c|/lxc/funtoo0/fstab}} vazio
+
# Certifique-se de que a linha {{c|c1}} não está comentada (habilitada) e da linha {{c|c2}} à linha {{c|c6}} estão desabilitadas em {{c|/lxc/funtoo0/rootfs/etc/inittab}}
+
 
+
Isso é quase tudo o que você precisa para ter o container filesystem pronto para iniciar.
+
 
+
=== Crie os Arquivos de Configuração do Container ===
+
 
+
Crie os seguintes arquivos:
+
 
+
==== {{c|/lxc/funtoo0/config}} ====
+
 
+
 
+
e crie também o link simbólico a partir de
+
==== {{c|/lxc/funtoo0/config to /etc/lxc/funtoo0/config }} ====
+
{{console|body=
+
###i## install -d /etc/lxc/funtoo0
+
###i## ln -s /lxc/funtoo0/config /etc/lxc/funtoo0/config
+
 
}}
 
}}
 
{{note| Daniel Robbins precisa atualizar esse config para ficar mais alinhado com o http://wiki.progress-linux.org/software/lxc/ -- Esse config aparenta ter permissões de node de dispositivo boa, refinado entre outras coisas. // nota de Havis para Daniel, esse config já é superior.}}
 
 
 
Leia "man 5 lxc.conf" , para obter mais informações sobre o arquivo de configuração do linux container.
 
<pre>
 
## Container
 
lxc.utsname                            = funtoo0
 
lxc.rootfs                              = /lxc/funtoo0/rootfs/
 
lxc.arch                                = x86_64
 
#lxc.console                            = /var/log/lxc/funtoo0.console  # uncomment if you want to log containers console
 
lxc.tty                                = 6  # if you plan to use container with physical terminals (eg F1..F6)
 
#lxc.tty                                = 0  # set to 0 if you dont plan to use the container with physical terminal, also comment out in your containers /etc/inittab  c1 to c6 respawns (e.g. c1:12345:respawn:/sbin/agetty 38400 tty1 linux)
 
lxc.pts                                = 1024
 
 
 
## Capabilities
 
lxc.cap.drop                            = audit_control
 
lxc.cap.drop                            = audit_write
 
lxc.cap.drop                            = mac_admin
 
lxc.cap.drop                            = mac_override
 
lxc.cap.drop                            = mknod
 
lxc.cap.drop                            = setfcap
 
lxc.cap.drop                            = setpcap
 
lxc.cap.drop                            = sys_admin
 
#lxc.cap.drop                            = sys_boot # capability to reboot the container
 
#lxc.cap.drop                            = sys_chroot # required by SSH
 
lxc.cap.drop                            = sys_module
 
#lxc.cap.drop                            = sys_nice
 
lxc.cap.drop                            = sys_pacct
 
lxc.cap.drop                            = sys_rawio
 
lxc.cap.drop                            = sys_resource
 
lxc.cap.drop                            = sys_time
 
#lxc.cap.drop                            = sys_tty_config # required by getty
 
 
## Devices
 
#lxc.cgroup.devices.allow              = a # Allow access to all devices
 
lxc.cgroup.devices.deny                = a # Deny access to all devices
 
 
# Allow to mknod all devices (but not using them)
 
lxc.cgroup.devices.allow                = c *:* m
 
lxc.cgroup.devices.allow                = b *:* m
 
 
lxc.cgroup.devices.allow                = c 1:3 rwm # /dev/null
 
lxc.cgroup.devices.allow                = c 1:5 rwm # /dev/zero
 
lxc.cgroup.devices.allow                = c 1:7 rwm # /dev/full
 
lxc.cgroup.devices.allow                = c 1:8 rwm # /dev/random
 
lxc.cgroup.devices.allow                = c 1:9 rwm # /dev/urandom
 
#lxc.cgroup.devices.allow                = c 4:0 rwm # /dev/tty0 ttys not required if you have lxc.tty = 0
 
#lxc.cgroup.devices.allow                = c 4:1 rwm # /dev/tty1 devices with major number 4 are "real" tty devices
 
#lxc.cgroup.devices.allow                = c 4:2 rwm # /dev/tty2
 
#lxc.cgroup.devices.allow                = c 4:3 rwm # /dev/tty3
 
lxc.cgroup.devices.allow                = c 5:0 rwm # /dev/tty
 
lxc.cgroup.devices.allow                = c 5:1 rwm # /dev/console
 
lxc.cgroup.devices.allow                = c 5:2 rwm # /dev/ptmx
 
lxc.cgroup.devices.allow                = c 10:229 rwm # /dev/fuse
 
lxc.cgroup.devices.allow                = c 136:* rwm # /dev/pts/* devices with major number 136 are pts
 
lxc.cgroup.devices.allow                = c 254:0 rwm # /dev/rtc0
 
 
## Limits#
 
lxc.cgroup.cpu.shares                  = 1024
 
lxc.cgroup.cpuset.cpus                = 0        # limits container to CPU0
 
lxc.cgroup.memory.limit_in_bytes      = 512M
 
lxc.cgroup.memory.memsw.limit_in_bytes = 1G
 
#lxc.cgroup.blkio.weight                = 500      # requires cfq block scheduler
 
 
## Filesystem
 
#containers fstab should be outside it's rootfs dir (e.g. /lxc/funtoo0/fstab is ok, but /lxc/funtoo0/rootfs/etc/fstab is wrong!!!)
 
#lxc.mount                              = /lxc/funtoo0/fstab     
 
 
#lxc.mount.entry is prefered, because it supports relative paths
 
lxc.mount.entry                        = proc proc proc nosuid,nodev,noexec  0 0
 
lxc.mount.entry                        = sysfs sys sysfs nosuid,nodev,noexec,ro 0 0
 
lxc.mount.entry                        = devpts dev/pts devpts nosuid,noexec,mode=0620,ptmxmode=000,newinstance 0 0
 
lxc.mount.entry                        = tmpfs dev/shm tmpfs nosuid,nodev,mode=1777 0 0
 
lxc.mount.entry                        = tmpfs run tmpfs nosuid,nodev,noexec,mode=0755,size=128m 0 0
 
lxc.mount.entry                        = tmpfs tmp tmpfs nosuid,nodev,noexec,mode=1777,size=1g 0 0
 
 
##Example of having /var/tmp/portage as tmpfs in container
 
#lxc.mount.entry                        = tmpfs var/tmp/portage tmpfs defaults,size=8g,uid=250,gid=250,mode=0775 0 0
 
##Example of bind mount
 
#lxc.mount.entry                        = /srv/funtoo0 /lxc/funtoo0/rootfs/srv/funtoo0 none defaults,bind 0 0
 
 
## Network
 
lxc.network.type                        = veth
 
lxc.network.flags                      = up
 
lxc.network.hwaddr                      = #put your MAC address here, otherwise you will get a random one
 
lxc.network.link                        = br0
 
lxc.network.name                        = eth0
 
#lxc.network.veth.pair                  = veth-example
 
</pre>
 
 
Leia "man 7 capabilities" para obter mais informações sobre compatibilidades no Linux.
 
 
Acima, utilize o comando a seguir para gerar um MAC randômico (random MAC) para o {{c|lxc.network.hwaddr}}:
 
 
{{console|body=
 
###i## openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/.$//'
 
}}
 
 
É uma boa ideia atribuir um endereço MAC estático para o seu container utilizar {{c|lxc.network.hwaddr}}. Caso não, LXC will auto-gerará um novo MAC randômico toda vez que seu container inicializar, o qual pode confundir o equipamento de rede que espera que os endereços MAC  permaneça constante.
 
 
Pode acontecer de caso para caso que você não seja capaz de inicializar seu LXC Container com o endereço MAC gerado; então, para todos esse que tiverem esse problema, aqui está um pequeno script que conecta seu IP para o container com o endereço MAC. Apenas salve o código a seguir assim {{c|/etc/lxc/hwaddr.sh}}, torne-o executável e execute-o assim {{c|/etc/lxc/hwaddr.sh xxx.xxx.xxx.xxx}} onde xxx.xxx.xxx.xxx representa o IP do seu Container. <br>{{c|/etc/lxc/hwaddr.sh}}:
 
 
<pre>
 
#!/bin/sh
 
IP=$*
 
HA=`printf "02:00:%x:%x:%x:%x" ${IP//./ }`
 
echo $HA
 
</pre>
 
 
==== {{c|/lxc/funtoo0/fstab}} ====
 
{{fancynote| é preferível ter entradas mount diretamente no arquivo config ao invés do fstab separado:}}
 
Edite arquivo {{c|/lxc/funtoo0/fstab}}:
 
<pre>
 
none /lxc/funtoo0/dev/pts devpts defaults 0 0
 
none /lxc/funtoo0/proc proc defaults 0 0
 
none /lxc/funtoo0/sys sysfs defaults 0 0
 
none /lxc/funtoo0/dev/shm tmpfs nodev,nosuid,noexec,mode=1777,rw 0 0
 
</pre>
 
 
== LXC Networking ==
 
*veth - Ethernet Virtual (bridge)
 
*vlan - Interface da vlan (requer dispositivo capaz de utilizar a vlan tagging)
 
*macvlan (mac-address baseado na lan tagging virtual) possui 3 modos:
 
**private
 
**vepa (Virtual Ethernet Port Aggregator)
 
**bridge
 
*phys - NIC hospede (host) dedicado
 
[https://blog.flameeyes.eu/2010/09/linux-containers-and-networking Linux Containers and Networking]
 
 
Habilita roteamento no host:
 
Por padrão, o Linux workstations e servidores possuem o IPv4 forwarding desabilitado.
 
{{console|body=
 
###i## echo "1" > /proc/sys/net/ipv4/ip_forward
 
###i## cat /proc/sys/net/ipv4/ip_forward
 
# 1
 
}}
 
 
== Initializing and Starting the Container ==
 
 
You will probably need to set the root password for the container before you can log in. You can use chroot to do this quickly:
 
 
{{console|body=
 
###i## chroot /lxc/funtoo0/rootfs
 
(chroot) ###i## passwd
 
New password: XXXXXXXX
 
Retype new password: XXXXXXXX
 
passwd: password updated successfully
 
(chroot) ###i## exit
 
}}
 
 
Now that the root password is set, run:
 
 
{{console|body=
 
###i## lxc-start -n funtoo0 -d
 
}}
 
 
The {{c|-d}} option will cause it to run in the background.
 
 
To attach to the console:
 
 
{{console|body=
 
###i## lxc-console -n funtoo0
 
}}
 
 
You should now be able to log in and use the container. In addition, the container should now be accessible on the network.
 
 
To directly attach to container:
 
 
{{console|body=
 
###i## lxc-attach -n funtoo0
 
}}
 
 
To stop the container:
 
 
{{console|body=
 
###i## lxc-stop -n funtoo0
 
}}
 
 
Ensure that networking is working from within the container while it is running, and you're good to go!
 
== Starting LXC container during host boot ==
 
 
# You need to create symlink in {{c|/etc/init.d/}} to {{c|/etc/init.d/lxc}} so that it reflects your container.
 
# {{c|ln -s /etc/init.d/lxc /etc/init.d/lxc.funtoo0}}
 
# now you can add {{c|lxc.funtoo0}} to default runlevel
 
# {{c|rc-update add lxc.funtoo0 default}}
 
{{console|body=
 
###i## rc
 
* Starting funtoo0 ...                  [ ok ]
 
}}
 
== LXC Bugs/Missing Features ==
 
 
This section is devoted to documenting issues with the current implementation of LXC and its associated tools. We will be gradually expanding this section with detailed descriptions of problems, their status, and proposed solutions.
 
 
=== reboot ===
 
 
* Por padrão, o lxc não possui suporte a reiniciar um container. Ele simplesmente parará e o host não saberá inicializá-lo.
 
* Se você quiser que o seu to reinicialize de forma agradável, você precisa da capacidade sys_boot (comente lxc.cap.drop = sys_boot no seu container config)
 
 
=== PID namespaces ===
 
 
Process ID namespaces são funcionais, mas o container pode ainda visualizar a utilizaçaõ do CPU do host via system load (ie. in {{c|top}}).
 
 
=== /dev/pts newinstance ===
 
 
* Some changes may be required to the host to properly implement "newinstance" {{c|/dev/pts}}. See [https://bugzilla.redhat.com/show_bug.cgi?id=501718 This Red Hat bug].
 
 
=== lxc-create and lxc-destroy ===
 
 
* LXC's shell scripts are badly designed and are sure way to destruction, avoid using lxc-create and lxc-destroy.
 
 
=== network initialization and cleanup ===
 
 
* If used network.type = phys after lxc-stop the interface will be renamed to value from lxc.network.link. It supposed to be fixed in 0.7.4, happens still on 0.7.5 - http://www.mail-archive.com/lxc-users@lists.sourceforge.net/msg01760.html
 
 
* Re-starting a container can result in a failure as network resource are tied up from the already-defunct instance: [http://www.mail-archive.com/lxc-devel@lists.sourceforge.net/msg00824.html]
 
 
=== graceful shutdown ===
 
 
* To gracefully shutdown a container, it's init system needs to properly handle kill -PWR signal
 
* For funtoo/gentoo make sure that you have:
 
** pf:12345:powerwait:/sbin/halt
 
** in your containers /etc/inittab
 
* For debian/ubuntu make sure that you have:
 
** pf::powerwait:/sbin/shutdown -t1 -a -h now
 
** in your container /etc/inittab
 
** and also comment out other line starting with pf:powerfail (such as pf::powerwait:/etc/init.d/powerfail start) <- these are used if you have UPS monitoring daemon installed!
 
* /etc/init.d/lxc seems to have broken support for graceful shutdown (it sends proper signal, but then also tries to kill the init with lxc-stop)
 
 
=== funtoo ===
 
 
* Our udev should be updated to contain {{c|-lxc}} in scripts. (This has been done as of 02-Nov-2011, so should be resolved. But not fixed in our openvz templates, so need to regen them in a few days.)
 
* Our openrc should be patched to handle the case where it cannot mount tmpfs, and gracefully handle this situation somehow. (Work-around in our docs above, which is to mount tmpfs to {{c|/libexec/rc/init.d}} using the container-specific {{c|fstab}} file (on the host.)
 
* Emerging udev within a container can/will fail when realdev is run, if a device node cannot be created (such as /dev/console) if there are no mknod capabilities within the container. This should be fixed.
 
== References ==
 
 
* {{c|man 7 capabilities}}
 
* {{c|man 5 lxc.conf}}
 
== Links ==
 
 
* There are a number of additional lxc features that can be enabled via patches: [http://lxc.sourceforge.net/patches/linux/3.0.0/3.0.0-lxc1/]
 
* [https://wiki.ubuntu.com/UserNamespace Ubuntu User Namespaces page]
 
* lxc-gentoo setup script [https://github.com/globalcitizen/lxc-gentoo on GitHub]
 
 
* '''IBM developerWorks'''
 
** [http://www.ibm.com/developerworks/linux/library/l-lxc-containers/index.html LXC: Linux Container Tools]
 
** [http://www.ibm.com/developerworks/linux/library/l-lxc-security/ Secure Linux Containers Cookbook]
 
 
* '''Linux Weekly News'''
 
** [http://lwn.net/Articles/244531/ Smack for simplified access control]
 
 
[[Category:Labs]]
 
[[Category:HOWTO]]
 
[[Category:Virtualization]]
 

Revision as of 01:29, May 13, 2015


Fwiki.png

Welcome to Funtoo Linux


Funtoo Linux is a rolling-release Linux meta-distribution for x86 and ARM systems. It uses Portage as a package manager, and is run by Daniel Robbins, creator of Gentoo Linux. It is a continuation of Daniel's work on Gentoo Linux. Funtoo Linux is committed to software freedom, independence, and a user-centric model of software development, where our users help define the future direction of the project.

Our goal is to provide a best-of-breed Gentoo-based meta-distribution that is ideal for desktop and servers, and to progressively improve our core technology in a thoughtful and innovative way, while respecting Gentoo design principles, and the history of Unix and Linux.

Funtoo Linux provides optimized builds for your specific hardware to ensure the best possible performance, and offers the following features:

  • A completely systemd-free system, including GNOME 3.14 without systemd.
  • A new profile system to simplify system configuration.
  • Improved ease of install with pre-built Debian kernel provided in our install image.
  • A new system configuration tool, ego.
  • An advanced build and quality assurance tool called Metro, providing optimized install images and enhanced real-world testing.
  • The use of git as a default mechanism for getting updated ebuilds (build scripts) to you.
  • Modular networking scripts to simplify creating sophisticated server network configurations.
  • Enhanced Python support from the Progress overlay, and inclusion of other popular packages from the Gentoo ecosystem.

Getting Started

Install Funtoo

Create a Funtoo account, which allows you to get involved with the community. Log in to the wiki, forums, and bug tracker under the same username, and password by unified logins. See the Auth FAQ for more info about account creation.

Get to know fellow users in our IRC community on irc.freenode.net #funtoo you are encouraged to hang out with us.

Report bugs, and suggest improvements to our bug tracker. We take all bugs seriously, and all work performed is tracked on our public bug tracker, for purposes of transparency.

See funtoo on distrowatch.
See the Funtoo Linux FAQ.

Web Hosting

Funtoo supports multiple web server stack arrangements to get any content on any framework you want published in any way you want with high performance web hosting direct from the distribution.

Official Projects

Quality Assurance

Funtoo uses automated testing to ensure that sources build correctly. Benefits for desktops: leaner, optimized, faster system. Additional benefits for servers: enable only what you actually need to reduce attack surface, thus improving security.


News

Drobbins

Pre-built kernels!

Funtoo stage3's are now starting to offer pre-built kernels for ease of install. read more....
12 May 2015 by Drobbins
Drobbins

Better Experiences: Ego and Vim

Info on Funtoo's new personality tool called 'ego', and user-focused updates to vim's defaults.
27 April 2015 by Drobbins

Ebuilds

Ebuild pages recently updated: Nginx, Chrony, Coreutils, Nouveau Video Drivers (Open Source), Bash completion, Pt-br/Package:Debian-sources, Pt-br/Package:Vanilla Sources, Qtile, Synaptics, Ruby

Support Funtoo and help us grow! Donate $15 per month and get a free SSD-based Funtoo Virtual Container.
Looking for people interested in testing and documenting Docker support! Contact Daniel Robbins for more info.