首页 / 操作系统 / Linux / Linux容器技术-lxc创建虚拟机的执行过程分析

1. lxc介绍    容器是一种轻量级的虚拟化技术，与qemu/kvm、VMware、Xen等完全的虚拟化方案相比，LXC更像是加强的“chroot”，因为LXC不但没有没有对硬件设备进行仿真，而且可以与主机共享一模一样的操作系统，所以LXC与solaris的zones和BSD的jails相比，更具优势。    目前，有两个比较方便的管理容器的用户空间的工具：libvirt和lxc。libvirt通过"lxc:///"像管理其他虚拟机驱动一样管理lxc虚拟机。另一个是与libvirt完全独立的LXC，它定义了一些列的命令，可以更灵活的管理和使用lxc。    下面，将以LXC为例来介绍lxc的使用。2 LXC的安装和使用（1）LXC的安装

1. sudo apt-get install lxc

    该命令将自动安装LXC依赖的其他软件：cgroup-lite, lvm2, and debootstrap。如果想使用libvirt来实现lxc的管理，还需要安装 libvirt-bin和libvirt-lxc。（2）LXC主机端的配置文件介绍    在使用LXC之前，首先对其配置文件进行简单的介绍，以便使大家能更好的理解LXC的工作原理。    a.  /etc/lxc/lxc.conf     容器默认的配置文件，如果在创建lxc容器的时候不指定配置文件，将默认使用这个配置文件。主要针      对网络以及命名空间的配置。还有一些其他的配置例子可以在/usr/share/doc/lxc/examples/目录下      找到。  b. /usr/lib/lxc/templates/     该目录下保存了当前LXC支持的各种发行版的linux的模板配置文件，目前主要有:     lxc-Ubuntu, lxc-Fedora,lxc-openSUSE,lxc-debian,lxc-busybox,lxc-sshd,lxc-cloud-ubuntu等。  c. /var/lib/lxc     每个容器的实例存放在这个目录下。  d. /var/cache/lxc     容器实例的cache，当用户创建一种类型的实例后，将会在此目录下cache，再次创建时将不需要从网      上下载，直接采用cache的版本，加速了容器实例的创建过程。
   下面来分析下lxc-ubuntu的创建过程（详见最下面的注释说明）：

1. #！/bin/bash
3. #
4. # template script for generating ubuntu container for LXC
5. #
6. # This script consolidates and extends the existing lxc ubuntu scripts
7. #
9. # Copyright ？2011 Serge Hallyn <serge.hallyn@canonical.com>
10. # Copyright ？2010 Wilhelm Meier
11. # Author: Wilhelm Meier <wilhelm.meier@fh-kl.de>
12. #
13. # This program is free software; you can redistribute it and/or modify
14. # it under the terms of the GNU General Public License version 2, as
15. # published by the Free Software Foundation.
17. # This program is distributed in the hope that it will be useful,
18. # but WITHOUT ANY WARRANTY; without even the implied warranty of
19. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20. # GNU General Public License for more details.
22. # You should have received a copy of the GNU General Public License along
23. # with this program; if not, write to the Free Software Foundation, Inc.,
24. # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25. #
27. set -e   ##如果命令带非零值返回,立即退出
29. if [ -r /etc/default/lxc ]; then
30. . /etc/default/lxc                 #导入一些环境变量
31. fi
33. configure_ubuntu（）
34. {
35. rootfs=$1
36. hostname=$2
37. release=$3
39. # configure the network using the dhcp
40. cat <<EOF > $rootfs/etc/network/interfaces
41. # This file describes the network interfaces available on your system
42. # and how to activate them. For more information, see interfaces（5）.
44. # The loopback network interface
45. auto lo
46. iface lo inet loopback
48. auto eth0
49. iface eth0 inet dhcp
50. EOF
52. # set the hostname
53. cat <<EOF > $rootfs/etc/hostname
54. $hostname
55. EOF
56. # set minimal hosts
57. cat <<EOF > $rootfs/etc/hosts
58. 127.0.0.1 localhost
59. 127.0.1.1 $hostname
61. # The following lines are desirable for IPv6 capable hosts
62. ::1 ip6-localhost ip6-loopback
63. fe00::0 ip6-localnet
64. ff00::0 ip6-mcastprefix
65. ff02::1 ip6-allnodes
66. ff02::2 ip6-allrouters
67. EOF
69. if [ ！ -f $rootfs/etc/init/container-detect.conf ]; then
70. # suppress log level output for udev
71. sed -i "s/="err"/=0/" $rootfs/etc/udev/udev.conf
73. # remove jobs for consoles 5 and 6 since we only create 4 consoles in
74. # this template
75. rm -f $rootfs/etc/init/tty{5,6}.conf
76. fi
78. if [ -z "$bindhome" ]; then
79. chroot $rootfs useradd --create-home -s /bin/bash ubuntu
80. echo "ubuntu:ubuntu" | chroot $rootfs chpasswd
81. fi
83. return 0
84. }
86. # finish setting up the user in the container by injecting ssh key and
87. # adding sudo group membership.
88. # passed-in user is either "ubuntu" or the user to bind in from host.
89. finalize_user（）
90. {
91. user=$1
93. sudo_version=$（chroot $rootfs dpkg-query -W -f="${Version}" sudo）
95. if chroot $rootfs dpkg --compare-versions $sudo_version gt "1.8.3p1-1"; then
96. groups="sudo"
97. else
98. groups="sudo admin"
99. fi
101. for group in $groups; do
102. chroot $rootfs groupadd --system $group >/dev/null 2>&1 || true
103. chroot $rootfs adduser ${user} $group >/dev/null 2>&1 || true
104. done
106. if [ -n "$auth_key" -a -f "$auth_key" ]; then
107. u_path="/home/${user}/.ssh"
108. root_u_path="$rootfs/$u_path"
110. mkdir -p $root_u_path
111. cp $auth_key "$root_u_path/authorized_keys"
112. chroot $rootfs chown -R ${user}: "$u_path"
114. echo "Inserted SSH public key from $auth_key into /home/${user}/.ssh/authorized_keys"
115. fi
116. return 0
117. }
119. write_sourceslist（）
120. {
121. # $1 => path to the rootfs
122. # $2 => architecture we want to add
123. # $3 => whether to use the multi-arch syntax or not
125. case $2 in
126. amd64|i386）
127. MIRROR=${MIRROR:-http://archive.ubuntu.com/ubuntu}
128. SECURITY_MIRROR=${SECURITY_MIRROR:-http://security.ubuntu.com/ubuntu}
129. ;;
130. *）
131. MIRROR=${MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
132. SECURITY_MIRROR=${SECURITY_MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
133. ;;
134. esac
135. if [ -n "$3" ]; then
136. cat >> "$1/etc/apt/sources.list" << EOF
137. deb [arch=$2] $MIRROR ${release} main restricted universe multiverse
138. deb [arch=$2] $MIRROR ${release}-updates main restricted universe multiverse
139. deb [arch=$2] $SECURITY_MIRROR ${release}-security main restricted universe multiverse
140. EOF
141. else
142. cat >> "$1/etc/apt/sources.list" << EOF
143. deb $MIRROR ${release} main restricted universe multiverse
144. deb $MIRROR ${release}-updates main restricted universe multiverse
145. deb $SECURITY_MIRROR ${release}-security main restricted universe multiverse
146. EOF
147. fi
148. }
150. download_ubuntu（）
151. {
152. cache=$1
153. arch=$2
154. release=$3
156. packages=vim,ssh
157. echo "installing packages: $packages"
159. # check the mini ubuntu was not already downloaded
160. mkdir -p "$cache/partial-$arch"
161. if [ $？ -ne 0 ]; then
162. echo "Failed to create "$cache/partial-$arch" directory"
163. return 1
164. fi
166. # download a mini ubuntu into a cache
167. echo "Downloading ubuntu $release minimal ..."
168. if [ -n "$（which qemu-debootstrap）" ]; then
169. qemu-debootstrap --verbose --components=main,universe --arch=$arch --include=$packages $release $cache/partial-$arch $MIRROR
170. else
171. debootstrap --verbose --components=main,universe --arch=$arch --include=$packages $release $cache/partial-$arch $MIRROR   ##在这里下载制定的linux发行版
172. fi
174. if [ $？ -ne 0 ]; then
175. echo "Failed to download the rootfs, aborting."
176. return 1
177. fi
179. # Serge isn"t sure whether we should avoid doing this when
180. # $release == `distro-info -d`
181. echo "Installing updates"
182. > $cache/partial-$arch/etc/apt/sources.list
183. write_sourceslist $cache/partial-$arch/ $arch   ##下载完成后，修改source.lst文件，升级和安装软件做准备
184. 
     
185. ##改变系统的根目录，执行update，因为，要用新的source.lst

1. chroot "$1/partial-${arch}" apt-get update
2. if [ $？ -ne 0 ]; then
3. echo "Failed to update the apt cache"
4. return 1
5. fi
6. cat > "$1/partial-${arch}"/usr/sbin/policy-rc.d << EOF
7. #！/bin/sh
8. exit 101
9. EOF
10. chmod +x "$1/partial-${arch}"/usr/sbin/policy-rc.d
12. lxc-unshare -s MOUNT -- chroot "$1/partial-${arch}" apt-get dist-upgrade -y
13. ret=$？
14. rm -f "$1/partial-${arch}"/usr/sbin/policy-rc.d
16. if [ $ret -ne 0 ]; then
17. echo "Failed to upgrade the cache"
18. return 1
19. fi
21. mv "$1/partial-$arch" "$1/rootfs-$arch"
22. echo "Download complete"
23. return 0
24. }
26. copy_ubuntu（）
27. {
28. cache=$1
29. arch=$2
30. rootfs=$3
32. # make a local copy of the miniubuntu
33. echo "Copying rootfs to $rootfs ..."
34. mkdir -p $rootfs
35. #使用rsync进行镜像的备份，实际相当于镜像的拷贝
36. rsync -a $cache/rootfs-$arch/ $rootfs/ || return 1
37. return 0
38. }
40. install_ubuntu（）
41. {
42. rootfs=$1
43. release=$2
44. flushcache=$3
45. 收藏该网址