~serge-hallyn/ubuntu/natty/lxc/lxc-clone

« back to all changes in this revision

Viewing changes to doc/lxc.conf.sgml.in

Committer: Bazaar Package Importer
Author(s): Guido Trotter
Date: 2009-04-29 17:49:13 UTC
Revision ID: james.westby@ubuntu.com-20090429174913-jvahs1ykizqtodje

Tags: upstream-0.6.2

Import upstream version 0.6.2

files added:

AUTHORS

CONTRIBUTING

COPYING

ChangeLog

INSTALL

MAINTAINERS

Makefile.am

Makefile.in

NEWS

README

TODO

aclocal.m4

autogen.sh

config

config/Makefile.am

config/Makefile.in

config/acinclude.m4

config/compile

config/config.guess

config/config.sub

config/depcomp

config/install-sh

config/ltmain.sh

config/missing

configure

configure.ac

doc/FAQ.txt

doc/Makefile.am

doc/Makefile.in

doc/lxc-cgroup.sgml.in

doc/lxc-console.sgml.in

doc/lxc-create.sgml.in

doc/lxc-destroy.sgml.in

doc/lxc-execute.sgml.in

doc/lxc-freeze.sgml.in

doc/lxc-ls.sgml.in

doc/lxc-monitor.sgml.in

doc/lxc-ps.sgml.in

doc/lxc-start.sgml.in

doc/lxc-stop.sgml.in

doc/lxc-unfreeze.sgml.in

doc/lxc-wait.sgml.in

doc/lxc.conf.sgml.in

doc/lxc.sgml.in

etc/Makefile.am

etc/Makefile.in

etc/lxc-complex-config.in

etc/lxc-empty-netns.conf.in

etc/lxc-macvlan.conf.in

etc/lxc-no-netns.conf.in

etc/lxc-phys.conf.in

etc/lxc-veth.conf.in

lxc.spec

lxc.spec.in

scripts

scripts/Makefile.am

scripts/Makefile.in

scripts/lxc-debian.in

scripts/lxc-fedora.in

scripts/lxc-sshd.in

src/Makefile.am

src/Makefile.in

src/config.h.in

src/lxc

src/lxc/Makefile.am

src/lxc/Makefile.in

src/lxc/af_unix.c

src/lxc/af_unix.h

src/lxc/cgroup.c

src/lxc/cgroup.h

src/lxc/checkpoint.c

src/lxc/conf.c

src/lxc/conf.h

src/lxc/confile.c

src/lxc/confile.h

src/lxc/console.c

src/lxc/cr_plugin_columbia.c

src/lxc/create.c

src/lxc/destroy.c

src/lxc/error.c

src/lxc/error.h

src/lxc/freezer.c

src/lxc/genl.c

src/lxc/genl.h

src/lxc/list.h

src/lxc/lock.c

src/lxc/lock.h

src/lxc/log.c

src/lxc/log.h

src/lxc/lxc-checkconfig.in

src/lxc/lxc-ls.in

src/lxc/lxc-netstat.in

src/lxc/lxc-ps.in

src/lxc/lxc-setcap.in

src/lxc/lxc.h

src/lxc/lxc_cgroup.c

src/lxc/lxc_checkpoint.c

src/lxc/lxc_console.c

src/lxc/lxc_create.c

src/lxc/lxc_destroy.c

src/lxc/lxc_execute.c

src/lxc/lxc_freeze.c

src/lxc/lxc_info.c

src/lxc/lxc_init.c

src/lxc/lxc_monitor.c

src/lxc/lxc_plugin.h

src/lxc/lxc_restart.c

src/lxc/lxc_start.c

src/lxc/lxc_stop.c

src/lxc/lxc_unfreeze.c

src/lxc/lxc_unshare.c

src/lxc/lxc_utils.h

src/lxc/lxc_version.c

src/lxc/lxc_wait.c

src/lxc/mainloop.c

src/lxc/mainloop.h

src/lxc/monitor.c

src/lxc/monitor.h

src/lxc/namespace.h

src/lxc/network.c

src/lxc/network.h

src/lxc/nl.c

src/lxc/nl.h

src/lxc/parse.c

src/lxc/parse.h

src/lxc/restart.c

src/lxc/rtnl.c

src/lxc/rtnl.h

src/lxc/start.c

src/lxc/state.c

src/lxc/state.h

src/lxc/stop.c

src/lxc/utils.h

src/lxc/version.c

test

test/Makefile.am

test/Makefile.in

test/conf.c

test/confile.c

test/dev.c

test/forward.c

test/ipv4_add.c

test/ipv6_add.c

test/lxc_create.c

test/lxc_destroy.c

test/lxc_low_monitor.c

test/lxc_monitor.c

test/lxc_start.c

test/lxc_state.c

test/lxc_stop.c

test/macvlan.c

test/movedev.c

test/proxy.c

test/tst_list.c

test/veth.c

Show diffs side-by-side

added added

removed removed

doc/lxc.conf.sgml.in

<!--

lxc: linux Container library

Authors:

Daniel Lezcano <dlezcano at fr.ibm.com>

This library is free software; you can redistribute it and/or

modify it under the terms of the GNU Lesser General Public

License as published by the Free Software Foundation; either

version 2.1 of the License, or (at your option) any later version.

This library is distributed in the hope that it will be useful,

but WITHOUT ANY WARRANTY; without even the implied warranty of

MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public

License along with this library; if not, write to the Free Software

Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

-->

<!DOCTYPE refentry PUBLIC "-//Davenport//DTD DocBook V3.0//EN">

<docinfo><date>@LXC_GENERATE_DATE@</date></docinfo>

</refmeta>

linux container configuration file

</refpurpose>

</refnamediv>

<title>Description</title>

<para>

The linux containers (<command>lxc</command>) are always created

before being used. This creation defines a set of system

resources to be virtualized / isolated when a process is using

the container. By default, the pids, sysv ipc and mount points

are virtualized and isolated. The other system resources are

shared across containers, until they are explicitly defined in

the configuration file. For example, if there is no network

configuration, the network will be shared between the creator of

the container and the container itself, but if the network is

specified, a new network stack is created for the container and

the container can no longer use the network of its ancestor.

</para>

<para>

The configuration file defines the different system resources to

be assigned for the container. At present, the utsname, the

network, the mount points, the root file system and the control

groups are supported.

</para>

<para>

Each option in the configuration file has the form <command>key

= value</command> fitting in one line. The '#' caracter means

the line is a comment.

</para>

<title>Hostname</title>

<para>

The utsname section defines the hostname to be set for the

container. That means the container can set its own hostname

without changing the one from the system. That makes the

hostname private for the container.

</para>

<term>

<option>lxc.utsname</option>

</term>

<para>

specify the hostname for the container

</para>

</listitem>

</varlistentry>

</variablelist>

</refsect2>

<title>Network</title>

<para>

100

The network section defines how the network is virtualized in

101

the container. The network virtualization acts at the layer

102

two, so in order to use the network, a few information should

103

be specified to define the network interfaces to be used by

104

the container. Several virtual interfaces can be assigned and

105

used in a container either if the system has only one physical

106

network interface.

107

</para>

108

109

110

<term>

111

<option>lxc.network.type</option>

112

</term>

113

114

<para>

115

specify what kind of network virtualization to be used

116

for the container. Each time

117

a <option>lxc.network.type</option> field is found a new

118

round of network configuration begins. By this way

119

several network virtualization can be specified for the

120

same container, as well as assigning several network

121

interfaces for one container. The different

122

virtualization types can be:

123

</para>

124

125

<para>

126

<option>empty:</option> a new network stack is created

127

for the container, but it will not contain any network

128

interface.

129

</para>

130

131

<para>

132

<option>veth:</option> a new network stack is created, a

133

peer network device is created with one side assigned to

134

the container and the other side attached to a bridge

135

specified by the <option>lxc.network.link</option>. The

136

bridge has to be setup before on the

137

system, <command>lxc</command> won't handle

138

configuration outside of the container.

139

</para>

140

141

<para>

142

<option>macvlan:</option> a new network stack is

143

created, a macvlan interface is linked with the

144

interface specified by

145

the <option>lxc.network.link</option> and assigned to

146

the container.

147

</para>

148

149

<para>

150

<option>phys:</option> a new network stack is created

151

and the interface specified by

152

the <option>lxc.network.link</option> is assigned to the

153

container.

154

</para>

155

</listitem>

156

</varlistentry>

157

158

159

<term>

160

<option>lxc.network.flags</option>

161

</term>

162

163

<para>

164

specify an action to do for the

165

network.

166

</para>

167

168

<para><option>up:</option> activates the interface.

169

</para>

170

</listitem>

171

</varlistentry>

172

173

174

<term>

175

<option>lxc.network.link</option>

176

</term>

177

178

<para>

179

specify the interface to be used for real network

180

traffic.

181

</para>

182

</listitem>

183

</varlistentry>

184

185

186

<term>

187

<option>lxc.network.name</option>

188

</term>

189

190

<para>

191

the interface name is dynamically allocated, but if an

192

other name is needed because the configuration files

193

being used by the container use a generic name,

194

eg. eth0, this option will rename the interface in the

195

container.

196

</para>

197

</listitem>

198

</varlistentry>

199

200

201

<term>

202

<option>lxc.network.hwaddr</option>

203

</term>

204

205

<para>

206

the interface mac address is dynamically allocated by

207

default to the virtual interface, but in some case, this

208

is needed to resolve a mac address conflict or to have

209

always the same link-locak ipv6 address.

210

</para>

211

</listitem>

212

</varlistentry>

213

214

215

<term>

216

<option>lxc.network.ipv4</option>

217

</term>

218

219

<para>

220

specify the ipv4 address to assign to the virtualized

221

interface. Several lines specify several ipv4 addresses.

222

The address is in format x.y.z.t/m,

223

eg. 192.168.1.123/24.

224

</para>

225

</listitem>

226

</varlistentry>

227

228

229

<term>

230

<option>lxc.network.ipv6</option>

231

</term>

232

233

<para>

234

specify the ipv6 address to assign to the virtualized

235

interface. Several lines specify several ipv6 addresses.

236

The address is in format x::y/m,

237

eg. 2003:db8:1:0:214:1234:fe0b:3596/64

238

</para>

239

</listitem>

240

</varlistentry>

241

242

</variablelist>

243

244

</refsect2>

245

246

247

<title>New pseudo tty instance (devpts)</title>

248

<para>

249

For stricter isolation the container can have its own private

250

instance of the pseudo tty.

251

</para>

252

253

254

<term>

255

256

</term>

257

258

<para>

259

Specify the container should have a new pseudo tty

260

instance making this private to it. The value specified

261

is ignored for but it is preferable to specify a

262

consistent value representing the maximum number of

263

pseudo tty allowed for pts instance either if it is

264

ignored for now.

265

</para>

266

</listitem>

267

</varlistentry>

268

</variablelist>

269

</refsect2>

270

271

272

<title>Console through the ttys</title>

273

<para>

274

If the container is configured with a root filesystem and the

275

inittab file is setup to launch a getty on the ttys. This

276

option will specify the number of ttys to be available for the

277

container. The number of getty in the inittab file of the

278

container and the number of tty specified in this

279

configuration file should be equal, otherwise the getty will

280

die and respawn indefinitly giving annoying messages on the

281

console.

282

</para>

283

284

285

<term>

286

287

</term>

288

289

<para>

290

Specify the number of tty to make available to the

291

container.

292

</para>

293

</listitem>

294

</varlistentry>

295

</variablelist>

296

</refsect2>

297

298

299

<title>Mount points</title>

300

<para>

301

The mount points section specifies the different places to be

302

mounted. These mount points will be private to the container

303

and won't be visible by the processes running outside of the

304

container. This is useful to mount /etc, /var or /home for

305

examples.

306

</para>

307

308

309

<term>

310

<option>lxc.mount</option>

311

</term>

312

313

<para>

314

specify a file location in

315

the <filename>fstab</filename> format, containing the

316

mount informations.

317

</para>

318

</listitem>

319

</varlistentry>

320

</variablelist>

321

</refsect2>

322

323

324

<title>Root file system</title>

325

<para>

326

The root file system is the location where the container will

327

chroot.

328

</para>

329

330

331

<term>

332

<option>lxc.rootfs</option>

333

</term>

334

335

<para>

336

specify a file location containing the new file tree for

337

a root file system.

338

</para>

339

</listitem>

340

</varlistentry>

341

</variablelist>

342

</refsect2>

343

344

345

<title>Control group</title>

346

<para>

347

The control group section contains the configuration for the

348

different subsystem. <command>lxc</command> does not check the

349

correctness of the subsystem name. This has the inconvenient

350

to have the error being detected at runtime, but the advantage

351

to support any future subsystem.

352

</para>

353

354

355

<term>

356

<option>lxc.cgroup.[subsystem name]</option>

357

</term>

358

359

<para>

360

specify the control group value to be set. This field is

361

the identifier to tell the following keyword is the

362

literal name of the control group subsystem,

363

eg. <option>lxc.cgroup.cpuset.cpus</option>

364

</para>

365

</listitem>

366

</varlistentry>

367

</variablelist>

368

</refsect2>

369

370

</refsect1>

371

372

373

<title>Examples</title>

374

375

<title>Network</title>

376

<para>This configuration sets up a container to use a veth pair

377

device with one side plugged to a bridge br0 (which has been

378

configured before on the system by the administrator). The

379

virtual network device visible in the container is renamed to

380

eth0.</para>

381

382

383

384

385

<term>lxc.utsname = myhostname</term>

386

387

</varlistentry>

388

389

390

<term>lxc.network.type = veth</term>

391

392

</varlistentry>

393

394

395

<term>lxc.network.flags = up</term>

396

397

</varlistentry>

398

399

400

<term>lxc.network.link = br0</term>

401

402

</varlistentry>

403

404

405

<term>lxc.network.name = eth0</term>

406

407

</varlistentry>

408

409

410

<term>lxc.network.hwaddr = 4a:49:43:49:79:bf</term>

411

412

</varlistentry>

413

414

415

<term>lxc.network.ipv4 = 1.2.3.5/24</term>

416

417

</varlistentry>

418

419

420

<term>lxc.network.ipv6 = 2003:db8:1:0:214:1234:fe0b:3597</term>

421

422

</varlistentry>

423

424

</variablelist>

425

426

</refsect2>

427

428

429

<title>Control group</title>

430

<para>This configuration will setup several control groups for

431

the application, cpuset.cpus restricts usage of the defined cpu,

432

cpus.share prioritize the control group, devices.allow makes

433

usable the specified devices.</para>

434

435

436

437

<term>lxc.cgroup.cpuset.cpus = 0,1</term>

438

439

</varlistentry>

440

441

442

<term>lxc.cgroup.cpu.shares = 1234</term>

443

444

</varlistentry>

445

446

447

<term>lxc.cgroup.devices.deny = a</term>

448

449

</varlistentry>

450

451

452

<term>lxc.cgroup.devices.allow = c 1:3 rw</term>

453

454

</varlistentry>

455

456

457

<term>lxc.cgroup.devices.allow = b 8:0 rw</term>

458

459

</varlistentry>

460

</variablelist>

461

462

</refsect2>

463

464

465

<title>Complex configuration</title>

466

<para>This example show a complex configuration making a complex

467

network stack, using the control groups, setting a new hostname,

468

mounting some locations and a changing the root file

469

system.</para>

470

471

472

473

<term>lxc.utsname = complex</term>

474

475

</varlistentry>

476

477

<term>lxc.network.type = veth</term>

478

479

</varlistentry>

480

481

<term>lxc.network.flags = up</term>

482

483

</varlistentry>

484

485

<term>lxc.network.link = br0</term>

486

487

</varlistentry>

488

489

<term>lxc.network.hwaddr = 4a:49:43:49:79:bf</term>

490

491

</varlistentry>

492

493

<term>lxc.network.ipv4 = 1.2.3.5/24</term>

494

495

</varlistentry>

496

497

<term>lxc.network.ipv6 = 2003:db8:1:0:214:1234:fe0b:3597</term>

498

499

</varlistentry>

500

501

<term>lxc.network.ipv6 = 2003:db8:1:0:214:5432:feab:3588</term>

502

503

</varlistentry>

504

505

<term>lxc.network.type = macvlan</term>

506

507

</varlistentry>

508

509

<term>lxc.network.flags = up</term>

510

511

</varlistentry>

512

513

<term>lxc.network.link = eth0</term>

514

515

</varlistentry>

516

517

<term>lxc.network.hwaddr = 4a:49:43:49:79:bd</term>

518

519

</varlistentry>

520

521

<term>lxc.network.ipv4 = 1.2.3.4/24</term>

522

523

</varlistentry>

524

525

<term>lxc.network.ipv4 = 192.168.10.125/24</term>

526

527

</varlistentry>

528

529

<term>lxc.network.ipv6 = 2003:db8:1:0:214:1234:fe0b:3596</term>

530

531

</varlistentry>

532

533

<term>lxc.network.type = phys</term>

534

535

</varlistentry>

536

537

<term>lxc.network.flags = up</term>

538

539

</varlistentry>

540

541

<term>lxc.network.link = dummy0</term>

542

543

</varlistentry>

544

545

<term>lxc.network.hwaddr = 4a:49:43:49:79:ff</term>

546

547

</varlistentry>

548

549

<term>lxc.network.ipv4 = 1.2.3.6/24</term>

550

551

</varlistentry>

552

553

<term>lxc.network.ipv6 = 2003:db8:1:0:214:1234:fe0b:3297</term>

554

555

</varlistentry>

556

557

<term>lxc.cgroup.cpuset.cpus = 0,1</term>

558

559

</varlistentry>

560

561

<term>lxc.cgroup.cpu.shares = 1234</term>

562

563

</varlistentry>

564

565

<term>lxc.cgroup.devices.deny = a</term>

566

567

</varlistentry>

568

569

<term>lxc.cgroup.devices.allow = c 1:3 rw</term>

570

571

</varlistentry>

572

573

<term>lxc.cgroup.devices.allow = b 8:0 rw</term>

574

575

</varlistentry>

576

577

<term>lxc.mount = /etc/fstab.complex</term>

578

579

</varlistentry>

580

581

<term>lxc.rootfs = /mnt/rootfs.complex</term>

582

583

</varlistentry>

584

</variablelist>

585

</refsect2>

586

587

</refsect1>

588

589

590

591

592

593

<refentrytitle><command>lxc-create</command></refentrytitle>

594

595

</citerefentry>,

596

597

598

<refentrytitle><command>lxc-execute</command></refentrytitle>

599

600

</citerefentry>,

601

602

603

<refentrytitle><command>chroot</command></refentrytitle>

604

605

</citerefentry>,

606

607

608

<refentrytitle><command>pivot_root</command></refentrytitle>

609

610

</citerefentry>,

611

612

613

<refentrytitle><filename>fstab</filename></refentrytitle>

614

615

</citerefentry>

616

617

</simpara>

618

</refsect1>

619

620

621

<title>Author</title>

622

<para>Daniel Lezcano <email>daniel.lezcano@free.fr</email></para>

623

</refsect1>

624

625

</refentry>

626

627

<!-- Keep this comment at the end of the file

628

Local variables:

629

mode: sgml

630

sgml-omittag:t

631

sgml-shorttag:t

632

sgml-minimize-attributes:nil

633

sgml-always-quote-attributes:t

634

sgml-indent-step:2

635

sgml-indent-data:t

636

sgml-parent-document:nil

637

sgml-default-dtd-file:nil

638

sgml-exposed-tags:nil

639

sgml-local-catalogs:nil

640

sgml-local-ecat-files:nil

641

End:

642

-->

Older »