linux容器技术-lxc创建虚拟机的执行过程分析

1. lxc介绍

容器是一种轻量级的虚拟化技术,与qemu/kvm、VMware、Xen等完全的虚拟化方案相比,LXC更像是加强的“chroot”,因为LXC不但没有没有对硬件设备进行仿真,而且可以与主机共享一模一样的操作系统,所以LXC与solaris的zones和BSD的jails相比,更具优势。

目前,有两个比较方便的管理容器的用户空间的工具:libvirt和lxc。libvirt通过"lxc:///"像管理其他虚拟机驱动一样管理lxc虚拟机。另一个是与libvirt完全独立的LXC,它定义了一些列的命令,可以更灵活的管理和使用lxc。

下面,将以LXC为例来介绍lxc的使用。

2 LXC的安装和使用

(1)LXC的安装

  1. sudo apt-get install lxc
该命令将自动安装LXC依赖的其他软件: cgroup-lite, lvm2, and debootstrap。如果想使用libvirt来实现lxc的管理,还需要安装 libvirt-bin和libvirt-lxc。
(2)LXC主机端的配置文件介绍
在使用LXC之前,首先对其配置文件进行简单的介绍,以便使大家能更好的理解LXC的工作原理。
a. /etc/lxc/lxc.conf
容器默认的配置文件,如果在创建lxc容器的时候不指定配置文件,将默认使用这个配置文件。主要针 对网络以及命名空间的配置。还有一些其他的配置例子可以在/usr/share/doc/lxc/examples/目录下 找到。
b. /usr/lib/lxc/templates/
该目录下保存了当前LXC支持的各种发行版的linux的模板配置文件,目前主要有:
lxc-ubuntu, lxc-fedora,lxc-opensuse,lxc-debian,lxc-busybox,lxc-sshd,lxc-cloud-ubuntu等。
c. /var/lib/lxc
每个容器的实例存放在这个目录下。
d. /var/cache/lxc
容器实例的cache,当用户创建一种类型的实例后,将会在此目录下cache,再次创建时将不需要从网 上下载,直接采用cache的版本,加速了容器实例的创建过程。

下面来分析下lxc-ubuntu的创建过程(详见最下面的注释说明):

  1. #!/bin/bash
  2. #
  3. # template script for generating ubuntu container for LXC
  4. #
  5. # This script consolidates and extends the existing lxc ubuntu scripts
  6. #
  7. # Copyright ?2011 Serge Hallyn <[email protected]>
  8. # Copyright ?2010 Wilhelm Meier
  9. # Author: Wilhelm Meier <[email protected]>
  10. #
  11. # This program is free software; you can redistribute it and/or modify
  12. # it under the terms of the GNU General Public License version 2, as
  13. # published by the Free Software Foundation.
  14. # This program is distributed in the hope that it will be useful,
  15. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  16. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  17. # GNU General Public License for more details.
  18. # You should have received a copy of the GNU General Public License along
  19. # with this program; if not, write to the Free Software Foundation, Inc.,
  20. # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  21. #
  22. set -e ##如果命令带非零值返回,立即退出
  23. if [ -r /etc/default/lxc ]; then
  24. . /etc/default/lxc #导入一些环境变量
  25. fi
  26. configure_ubuntu()
  27. {
  28. rootfs=$1
  29. hostname=$2
  30. release=$3
  31. # configure the network using the dhcp
  32. cat <<EOF > $rootfs/etc/network/interfaces
  33. # This file describes the network interfaces available on your system
  34. # and how to activate them. For more information, see interfaces(5).
  35. # The loopback network interface
  36. auto lo
  37. iface lo inet loopback
  38. auto eth0
  39. iface eth0 inet dhcp
  40. EOF
  41. # set the hostname
  42. cat <<EOF > $rootfs/etc/hostname
  43. $hostname
  44. EOF
  45. # set minimal hosts
  46. cat <<EOF > $rootfs/etc/hosts
  47. 127.0.0.1 localhost
  48. 127.0.1.1 $hostname
  49. # The following lines are desirable for IPv6 capable hosts
  50. ::1 ip6-localhost ip6-loopback
  51. fe00::0 ip6-localnet
  52. ff00::0 ip6-mcastprefix
  53. ff02::1 ip6-allnodes
  54. ff02::2 ip6-allrouters
  55. EOF
  56. if [ ! -f $rootfs/etc/init/container-detect.conf ]; then
  57. # suppress log level output for udev
  58. sed -i "s/=\"err\"/=0/" $rootfs/etc/udev/udev.conf
  59. # remove jobs for consoles 5 and 6 since we only create 4 consoles in
  60. # this template
  61. rm -f $rootfs/etc/init/tty{5,6}.conf
  62. fi
  63. if [ -z "$bindhome" ]; then
  64. chroot $rootfs useradd --create-home -s /bin/bash ubuntu
  65. echo "ubuntu:ubuntu" | chroot $rootfs chpasswd
  66. fi
  67. return 0
  68. }
  69. # finish setting up the user in the container by injecting ssh key and
  70. # adding sudo group membership.
  71. # passed-in user is either 'ubuntu' or the user to bind in from host.
  72. finalize_user()
  73. {
  74. user=$1
  75. sudo_version=$(chroot $rootfs dpkg-query -W -f='${Version}' sudo)
  76. if chroot $rootfs dpkg --compare-versions $sudo_version gt "1.8.3p1-1"; then
  77. groups="sudo"
  78. else
  79. groups="sudo admin"
  80. fi
  81. for group in $groups; do
  82. chroot $rootfs groupadd --system $group >/dev/null 2>&1 || true
  83. chroot $rootfs adduser ${user} $group >/dev/null 2>&1 || true
  84. done
  85. if [ -n "$auth_key" -a -f "$auth_key" ]; then
  86. u_path="/home/${user}/.ssh"
  87. root_u_path="$rootfs/$u_path"
  88. mkdir -p $root_u_path
  89. cp $auth_key "$root_u_path/authorized_keys"
  90. chroot $rootfs chown -R ${user}: "$u_path"
  91. echo "Inserted SSH public key from $auth_key into /home/${user}/.ssh/authorized_keys"
  92. fi
  93. return 0
  94. }
  95. write_sourceslist()
  96. {
  97. # $1 => path to the rootfs
  98. # $2 => architecture we want to add
  99. # $3 => whether to use the multi-arch syntax or not
  100. case $2 in
  101. amd64|i386)
  102. MIRROR=${MIRROR:-http://archive.ubuntu.com/ubuntu}
  103. SECURITY_MIRROR=${SECURITY_MIRROR:-http://security.ubuntu.com/ubuntu}
  104. ;;
  105. *)
  106. MIRROR=${MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
  107. SECURITY_MIRROR=${SECURITY_MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
  108. ;;
  109. esac
  110. if [ -n "$3" ]; then
  111. cat >> "$1/etc/apt/sources.list" << EOF
  112. deb [arch=$2] $MIRROR ${release} main restricted universe multiverse
  113. deb [arch=$2] $MIRROR ${release}-updates main restricted universe multiverse
  114. deb [arch=$2] $SECURITY_MIRROR ${release}-security main restricted universe multiverse
  115. EOF
  116. else
  117. cat >> "$1/etc/apt/sources.list" << EOF
  118. deb $MIRROR ${release} main restricted universe multiverse
  119. deb $MIRROR ${release}-updates main restricted universe multiverse
  120. deb $SECURITY_MIRROR ${release}-security main restricted universe multiverse
  121. EOF
  122. fi
  123. }
  124. download_ubuntu()
  125. {
  126. cache=$1
  127. arch=$2
  128. release=$3
  129. packages=vim,ssh
  130. echo "installing packages: $packages"
  131. # check the mini ubuntu was not already downloaded
  132. mkdir -p "$cache/partial-$arch"
  133. if [ $? -ne 0 ]; then
  134. echo "Failed to create '$cache/partial-$arch' directory"
  135. return 1
  136. fi
  137. # download a mini ubuntu into a cache
  138. echo "Downloading ubuntu $release minimal ..."
  139. if [ -n "$(which qemu-debootstrap)" ]; then
  140. qemu-debootstrap --verbose --components=main,universe --arch=$arch --include=$packages $release $cache/partial-$arch $MIRROR
  141. else
  142. debootstrap --verbose --components=main,universe --arch=$arch --include=$packages $release $cache/partial-$arch $MIRROR ##在这里下载制定的linux发行版
  143. fi
  144. if [ $? -ne 0 ]; then
  145. echo "Failed to download the rootfs, aborting."
  146. return 1
  147. fi
  148. # Serge isn't sure whether we should avoid doing this when
  149. # $release == `distro-info -d`
  150. echo "Installing updates"
  151. > $cache/partial-$arch/etc/apt/sources.list
  152. write_sourceslist $cache/partial-$arch/ $arch ##下载完成后,修改source.lst文件,升级和安装软件做准备

  153. ##改变系统的根目录,执行update,因为,要用新的source.lst
  1. chroot "$1/partial-${arch}" apt-get update
  2. if [ $? -ne 0 ]; then
  3. echo "Failed to update the apt cache"
  4. return 1
  5. fi
  6. cat > "$1/partial-${arch}"/usr/sbin/policy-rc.d << EOF
  7. #!/bin/sh
  8. exit 101
  9. EOF
  10. chmod +x "$1/partial-${arch}"/usr/sbin/policy-rc.d
  11. lxc-unshare -s MOUNT -- chroot "$1/partial-${arch}" apt-get dist-upgrade -y
  12. ret=$?
  13. rm -f "$1/partial-${arch}"/usr/sbin/policy-rc.d
  14. if [ $ret -ne 0 ]; then
  15. echo "Failed to upgrade the cache"
  16. return 1
  17. fi
  18. mv "$1/partial-$arch" "$1/rootfs-$arch"
  19. echo "Download complete"
  20. return 0
  21. }
  22. copy_ubuntu()
  23. {
  24. cache=$1
  25. arch=$2
  26. rootfs=$3
  27. # make a local copy of the miniubuntu
  28. echo "Copying rootfs to $rootfs ..."
  29. mkdir -p $rootfs
  30. #使用rsync进行镜像的备份,实际相当于镜像的拷贝
  31. rsync -a $cache/rootfs-$arch/ $rootfs/ || return 1
  32. return 0
  33. }
  34. install_ubuntu()
  35. {
  36. rootfs=$1
  37. release=$2
  38. flushcache=$3
  39. cache="/var/cache/lxc/$release"
  40. mkdir -p /var/lock/subsys/
  41. (
  42. flock -x 200
  43. if [ $? -ne 0 ]; then
  44. echo "Cache repository is busy."
  45. return 1
  46. fi
  47. if [ $flushcache -eq 1 ]; then
  48. echo "Flushing cache..."
  49. rm -rf "$cache/partial-$arch"
  50. rm -rf "$cache/rootfs-$arch"
  51. fi
  52. echo "Checking cache download in $cache/rootfs-$arch ... "
  53. if [ ! -e "$cache/rootfs-$arch" ]; then
  54. download_ubuntu $cache $arch $release ##下载指定版本的系统到cache目录下
  55. if [ $? -ne 0 ]; then
  56. echo "Failed to download 'ubuntu $release base'"
  57. return 1
  58. fi
  59. fi
  60. echo "Copy $cache/rootfs-$arch to $rootfs ... "
  61. copy_ubuntu $cache $arch $rootfs ##从cache目录下拷贝到真正的根目录下
  62. if [ $? -ne 0 ]; then
  63. echo "Failed to copy rootfs"
  64. return 1
  65. fi
  66. return 0
  67. ) 200>/var/lock/subsys/lxc
  68. return $?
  69. }
  70. copy_configuration()
  71. {
  72. path=$1
  73. rootfs=$2
  74. name=$3
  75. arch=$4
  76. release=$5
  77. if [ $arch = "i386" ]; then
  78. arch="i686"
  79. fi
  80. ttydir=""
  81. if [ -f $rootfs/etc/init/container-detect.conf ]; then
  82. ttydir=" lxc"
  83. fi
  84. # if there is exactly one veth network entry, make sure it has an
  85. # associated hwaddr.
  86. nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l`
  87. if [ $nics -eq 1 ]; then
  88. grep -q "^lxc.network.hwaddr" $path/config || cat <<EOF >> $path/config
  89. lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')
  90. EOF
  91. fi
  92. cat <<EOF >> $path/config
  93. lxc.utsname = $name
  94. lxc.devttydir =$ttydir
  95. lxc.tty = 4
  96. lxc.pts = 1024
  97. lxc.rootfs = $rootfs
  98. lxc.mount = $path/fstab
  99. lxc.arch = $arch
  100. lxc.cap.drop = sys_module mac_admin
  101. lxc.pivotdir = lxc_putold
  102. # uncomment the next line to run the container unconfined:
  103. #lxc.aa_profile = unconfined
  104. lxc.cgroup.devices.deny = a
  105. # Allow any mknod (but not using the node)
  106. lxc.cgroup.devices.allow = c *:* m
  107. lxc.cgroup.devices.allow = b *:* m
  108. # /dev/null and zero
  109. lxc.cgroup.devices.allow = c 1:3 rwm
  110. lxc.cgroup.devices.allow = c 1:5 rwm
  111. # consoles
  112. lxc.cgroup.devices.allow = c 5:1 rwm
  113. lxc.cgroup.devices.allow = c 5:0 rwm
  114. #lxc.cgroup.devices.allow = c 4:0 rwm
  115. #lxc.cgroup.devices.allow = c 4:1 rwm
  116. # /dev/{,u}random
  117. lxc.cgroup.devices.allow = c 1:9 rwm
  118. lxc.cgroup.devices.allow = c 1:8 rwm
  119. lxc.cgroup.devices.allow = c 136:* rwm
  120. lxc.cgroup.devices.allow = c 5:2 rwm
  121. # rtc
  122. lxc.cgroup.devices.allow = c 254:0 rwm
  123. #fuse
  124. lxc.cgroup.devices.allow = c 10:229 rwm
  125. #tun
  126. lxc.cgroup.devices.allow = c 10:200 rwm
  127. #full
  128. lxc.cgroup.devices.allow = c 1:7 rwm
  129. #hpet
  130. lxc.cgroup.devices.allow = c 10:228 rwm
  131. #kvm
  132. lxc.cgroup.devices.allow = c 10:232 rwm
  133. EOF
  134. cat <<EOF > $path/fstab
  135. proc proc proc nodev,noexec,nosuid 0 0
  136. sysfs sys sysfs defaults 0 0
  137. EOF
  138. if [ $? -ne 0 ]; then
  139. echo "Failed to add configuration"
  140. return 1
  141. fi
  142. return 0
  143. }
  144. trim()
  145. {
  146. rootfs=$1
  147. release=$2
  148. # provide the lxc service
  149. cat <<EOF > $rootfs/etc/init/lxc.conf
  150. # fake some events needed for correct startup other services
  151. description "Container Upstart"
  152. start on startup
  153. script
  154. rm -rf /var/run/*.pid
  155. rm -rf /var/run/network/*
  156. /sbin/initctl emit stopped JOB=udevtrigger --no-wait
  157. /sbin/initctl emit started JOB=udev --no-wait
  158. end script
  159. EOF
  160. # fix buggus runlevel with sshd
  161. cat <<EOF > $rootfs/etc/init/ssh.conf
  162. # ssh - OpenBSD Secure Shell server
  163. #
  164. # The OpenSSH server provides secure shell access to the system.
  165. description "OpenSSH server"
  166. start on filesystem
  167. stop on runlevel [!2345]
  168. expect fork
  169. respawn
  170. respawn limit 10 5
  171. umask 022
  172. # replaces SSHD_OOM_ADJUST in /etc/default/ssh
  173. oom never
  174. pre-start script
  175. test -x /usr/sbin/sshd || { stop; exit 0; }
  176. test -e /etc/ssh/sshd_not_to_be_run && { stop; exit 0; }
  177. test -c /dev/null || { stop; exit 0; }
  178. mkdir -p -m0755 /var/run/sshd
  179. end script
  180. # if you used to set SSHD_OPTS in /etc/default/ssh, you can change the
  181. # 'exec' line here instead
  182. exec /usr/sbin/sshd
  183. EOF
  184. cat <<EOF > $rootfs/etc/init/console.conf
  185. # console - getty
  186. #
  187. # This service maintains a console on tty1 from the point the system is
  188. # started until it is shut down again.
  189. start on stopped rc RUNLEVEL=[2345]
  190. stop on runlevel [!2345]
  191. respawn
  192. exec /sbin/getty -8 38400 /dev/console
  193. EOF
  194. cat <<EOF > $rootfs/lib/init/fstab
  195. # /lib/init/fstab: cleared out for bare-bones lxc
  196. EOF
  197. # reconfigure some services
  198. if [ -z "$LANG" ]; then
  199. chroot $rootfs locale-gen en_US.UTF-8
  200. chroot $rootfs update-locale LANG=en_US.UTF-8
  201. else
  202. chroot $rootfs locale-gen $LANG
  203. chroot $rootfs update-locale LANG=$LANG
  204. fi
  205. # remove pointless services in a container
  206. chroot $rootfs /usr/sbin/update-rc.d -f ondemand remove
  207. chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls u*.conf); do mv $f $f.orig; done'
  208. chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls tty[2-9].conf); do mv $f $f.orig; done'
  209. chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls plymouth*.conf); do mv $f $f.orig; done'
  210. chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls hwclock*.conf); do mv $f $f.orig; done'
  211. chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls module*.conf); do mv $f $f.orig; done'
  212. # if this isn't lucid, then we need to twiddle the network upstart bits :(
  213. if [ $release != "lucid" ]; then
  214. sed -i 's/^.*emission handled.*$/echo Emitting lo/' $rootfs/etc/network/if-up.d/upstart
  215. fi
  216. }
  217. post_process()
  218. {
  219. rootfs=$1
  220. release=$2
  221. trim_container=$3
  222. if [ $trim_container -eq 1 ]; then
  223. trim $rootfs $release
  224. elif [ ! -f $rootfs/etc/init/container-detect.conf ]; then
  225. # Make sure we have a working resolv.conf
  226. cresolvonf="${rootfs}/etc/resolv.conf"
  227. mv $cresolvonf ${cresolvonf}.lxcbak
  228. cat /etc/resolv.conf > ${cresolvonf}
  229. # for lucid, if not trimming, then add the ubuntu-virt
  230. # ppa and install lxcguest
  231. if [ $release = "lucid" ]; then
  232. chroot $rootfs apt-get install --force-yes -y python-software-properties
  233. chroot $rootfs add-apt-repository ppa:ubuntu-virt/ppa
  234. fi
  235. chroot $rootfs apt-get update
  236. chroot $rootfs apt-get install --force-yes -y lxcguest
  237. # Restore old resolv.conf
  238. rm -f ${cresolvonf}
  239. mv ${cresolvonf}.lxcbak ${cresolvonf}
  240. fi
  241. # If the container isn't running a native architecture, setup multiarch
  242. if [ -x "$(ls -1 ${rootfs}/usr/bin/qemu-*-static 2>/dev/null)" ]; then
  243. dpkg_version=$(chroot $rootfs dpkg-query -W -f='${Version}' dpkg)
  244. if chroot $rootfs dpkg --compare-versions $dpkg_version ge "1.16.2"; then
  245. chroot $rootfs dpkg --add-architecture ${hostarch}
  246. else
  247. mkdir -p ${rootfs}/etc/dpkg/dpkg.cfg.d
  248. echo "foreign-architecture ${hostarch}" > ${rootfs}/etc/dpkg/dpkg.cfg.d/lxc-multiarch
  249. fi
  250. # Save existing value of MIRROR and SECURITY_MIRROR
  251. DEFAULT_MIRROR=$MIRROR
  252. DEFAULT_SECURITY_MIRROR=$SECURITY_MIRROR
  253. # Write a new sources.list containing both native and multiarch entries
  254. > ${rootfs}/etc/apt/sources.list
  255. write_sourceslist $rootfs $arch "native"
  256. MIRROR=$DEFAULT_MIRROR
  257. SECURITY_MIRROR=$DEFAULT_SECURITY_MIRROR
  258. write_sourceslist $rootfs $hostarch "multiarch"
  259. # Finally update the lists and install upstart using the host architecture
  260. chroot $rootfs apt-get update
  261. chroot $rootfs apt-get install --force-yes -y --no-install-recommends upstart:${hostarch} mountall:${hostarch} iproute:${hostarch} isc-dhcp-client:${hostarch}
  262. fi
  263. # rmdir /dev/shm for containers that have /run/shm
  264. # I'm afraid of doing rm -rf $rootfs/dev/shm, in case it did
  265. # get bind mounted to the host's /run/shm. So try to rmdir
  266. # it, and in case that fails move it out of the way.
  267. if [ -d $rootfs/run/shm ]; then
  268. [ -d "$rootfs/dev/shm" ] && rmdir $rootfs/dev/shm
  269. [ -e "$rootfs/dev/shm" ] && mv $rootfs/dev/shm $rootfs/dev/shm.bak
  270. ln -s /run/shm $rootfs/dev/shm
  271. fi
  272. }
  273. do_bindhome()
  274. {
  275. rootfs=$1
  276. user=$2
  277. # copy /etc/passwd, /etc/shadow, and /etc/group entries into container
  278. pwd=`getent passwd $user` || { echo "Failed to copy password entry for $user"; false; }
  279. echo $pwd >> $rootfs/etc/passwd
  280. # make sure user's shell exists in the container
  281. shell=`echo $pwd | cut -d: -f 7`
  282. if [ ! -x $rootfs/$shell ]; then
  283. echo "shell $shell for user $user was not found in the container."
  284. pkg=`dpkg -S $(readlink -m $shell) | cut -d ':' -f1`
  285. echo "Installing $pkg"
  286. chroot $rootfs apt-get --force-yes -y install $pkg
  287. fi
  288. shad=`getent shadow $user`
  289. echo "$shad" >> $rootfs/etc/shadow
  290. # bind-mount the user's path into the container's /home
  291. h=`getent passwd $user | cut -d: -f 6`
  292. mkdir -p $rootfs/$h
  293. # use relative path in container
  294. h2=${h#/}
  295. while [ ${h2:0:1} = "/" ]; do
  296. h2=${h2#/}
  297. done
  298. echo "$h $h2 none bind 0 0" >> $path/fstab
  299. # Make sure the group exists in container
  300. grp=`echo $pwd | cut -d: -f 4` # group number for $user
  301. grpe=`getent group $grp` || return 0 # if host doesn't define grp, ignore in container
  302. chroot $rootfs getent group "$grpe" || echo "$grpe" >> $rootfs/etc/group
  303. }
  304. usage()
  305. {
  306. cat <<EOF
  307. $1 -h|--help [-a|--arch] [-b|--bindhome <user>] [--trim] [-d|--debug]
  308. [-F | --flush-cache] [-r|--release <release>] [ -S | --auth-key <keyfile>]
  309. release: the ubuntu release (e.g. precise): defaults to host release on ubuntu, otherwise uses latest LTS
  310. trim: make a minimal (faster, but not upgrade-safe) container
  311. bindhome: bind <user>'s home into the container
  312. The ubuntu user will not be created, and <user> will have
  313. sudo access.
  314. arch: the container architecture (e.g. amd64): defaults to host arch
  315. auth-key: SSH Public key file to inject into container
  316. EOF
  317. return 0
  318. }
  319. options=$(getopt -o a:b:hp:r:xn:FS:d -l arch:,bindhome:,help,path:,release:,trim,name:,flush-cache,auth-key:,debug -- "$@")
  320. if [ $? -ne 0 ]; then
  321. usage $(basename $0)
  322. exit 1
  323. fi
  324. eval set -- "$options"
  325. release=precise # Default to the last Ubuntu LTS release for non-Ubuntu systems
  326. if [ -f /etc/lsb-release ]; then
  327. . /etc/lsb-release
  328. if [ "$DISTRIB_ID" = "Ubuntu" ]; then
  329. release=$DISTRIB_CODENAME
  330. fi
  331. fi
  332. bindhome=
  333. arch=$(arch)
  334. # Code taken from debootstrap
  335. if [ -x /usr/bin/dpkg ] && /usr/bin/dpkg --print-architecture >/dev/null 2>&1; then
  336. arch=`/usr/bin/dpkg --print-architecture`
  337. elif type udpkg >/dev/null 2>&1 && udpkg --print-architecture >/dev/null 2>&1; then
  338. arch=`/usr/bin/udpkg --print-architecture`
  339. else
  340. arch=$(arch)
  341. if [ "$arch" = "i686" ]; then
  342. arch="i386"
  343. elif [ "$arch" = "x86_64" ]; then
  344. arch="amd64"
  345. elif [ "$arch" = "armv7l" ]; then
  346. arch="armel"
  347. fi
  348. fi
  349. debug=0
  350. trim_container=0
  351. hostarch=$arch
  352. flushcache=0
  353. while true
  354. do
  355. case "$1" in
  356. -h|--help) usage $0 && exit 0;;
  357. -p|--path) path=$2; shift 2;;
  358. -n|--name) name=$2; shift 2;;
  359. -F|--flush-cache) flushcache=1; shift 1;;
  360. -r|--release) release=$2; shift 2;;
  361. -b|--bindhome) bindhome=$2; shift 2;;
  362. -a|--arch) arch=$2; shift 2;;
  363. -x|--trim) trim_container=1; shift 1;;
  364. -S|--auth-key) auth_key=$2; shift 2;;
  365. -d|--debug) debug=1; shift 1;;
  366. --) shift 1; break ;;
  367. *) break ;;
  368. esac
  369. done
  370. if [ $debug -eq 1 ]; then
  371. set -x
  372. fi
  373. if [ -n "$bindhome" ]; then
  374. pwd=`getent passwd $bindhome`
  375. if [ $? -ne 0 ]; then
  376. echo "Error: no password entry found for $bindhome"
  377. exit 1
  378. fi
  379. fi
  380. if [ "$arch" == "i686" ]; then
  381. arch=i386
  382. fi
  383. if [ $hostarch = "i386" -a $arch = "amd64" ]; then
  384. echo "can't create amd64 container on i386"
  385. exit 1
  386. fi
  387. type debootstrap
  388. if [ $? -ne 0 ]; then
  389. echo "'debootstrap' command is missing"
  390. exit 1
  391. fi
  392. if [ -z "$path" ]; then
  393. echo "'path' parameter is required"
  394. exit 1
  395. fi
  396. if [ "$(id -u)" != "0" ]; then
  397. echo "This script should be run as 'root'"
  398. exit 1
  399. fi
  400. rootfs=$path/rootfs
  401. ##执行的第一个操作,rootfs文件系统挂载点,flushcache创建cache的目录,release创建实例的版本
  402. install_ubuntu $rootfs $release $flushcache
  403. if [ $? -ne 0 ]; then
  404. echo "failed to install ubuntu $release"
  405. exit 1
  406. fi
  407. configure_ubuntu $rootfs $name $release ##将镜像从cache拷贝到真正的rootfs
  408. if [ $? -ne 0 ]; then
  409. echo "failed to configure ubuntu $release for a container"
  410. exit 1
  411. fi
  412. copy_configuration $path $rootfs $name $arch $release ##在根目录下生成config文件,并在fstab中挂载/proc和/fs
  413. if [ $? -ne 0 ]; then
  414. echo "failed write configuration file"
  415. exit 1
  416. fi

##配置resolv.conf,并在新生成的镜像中安装一些必要的软件,如:lxcguest
  1. post_process $rootfs $release $trim_container
  2. if [ -n "$bindhome" ]; then
  3. do_bindhome $rootfs $bindhome
  4. finalize_user $bindhome
  5. else
  6. finalize_user ubuntu ##创建用户/属组,配置ssh用户名和密码
  7. fi
  8. echo ""
  9. echo "##"
  10. echo "# The default user is 'ubuntu' with password 'ubuntu'!"
  11. echo "# Use the 'sudo' command to run tasks as root in the container."
  12. echo "##"
  13. echo ""
lxc创建ubuntu虚拟机的详细过程参见上面红色注释!

LXC的其他内容将会在后面的文章中继续介绍!

你可能感兴趣的:(linux)