Linux containers part two

Mon, Jan 7, 2019 · 4 minute read
linux

It’s taken awhile to get round to part two but here are some notes and observations.

Creating a container

init vs launch vs copy vs move

init and launch both create a container from an existing local or remote image.
The difference is that launch will create and start the new container whereas init will only create the container.

copy creates a copy of an existing container.
move copies and renames an existing container then deletes the original, see following note regarding ZFS.
Both copy and move can be used to move container between storage pools.

ZFS

If you use ZFS (e.g. on Ubuntu server) then there are a few things to be aware of:

Creating a container from an image (init or launch) uses ZFS clone to make the required filesystem.
This is great but a problem arises when (or if) the source (probably local) image is deleted.
When that happens the source image filesystem is marked readonly and cannot be deleted, e.g.

# zfs destroy lxd/deleted/images/28c933dd7561bea9195799b518df7b0ff8e227e79e7c5e63f775e5a49b48cc4e
cannot destroy 'lxd/deleted/images/28c933dd7561bea9195799b518df7b0ff8e227e79e7c5e63f775e5a49b48cc4e': filesystem has children
use '-r' to destroy the following datasets:
lxd/deleted/images/28c933dd7561bea9195799b518df7b0ff8e227e79e7c5e63f775e5a49b48cc4e@readonly
# zfs destroy lxd/deleted/images/28c933dd7561bea9195799b518df7b0ff8e227e79e7c5e63f775e5a49b48cc4e -r
cannot destroy 'lxd/deleted/images/28c933dd7561bea9195799b518df7b0ff8e227e79e7c5e63f775e5a49b48cc4e': filesystem has dependent clones
use '-R' to destroy the following datasets:
lxd/containers/container1

Use of ZFS as a filesystem is not supported by some packages.
Notable amongst those that do not support ZFS is Microsoft SQL Server on Linux.

BTRFS

Experience over many months using LXD has led me to use BTRFS as the default filesystem for containers,
typically we also use the latest long term support version of Ubuntu server for container hosts and containers.
There is one downside to using BTRFS - storage quotas are not listed correctly in the container, but they are still honoured.

Resource control

Memory

Default is to use all available memory on host

$ lxc exec container1 -- cat /proc/meminfo | grep ^MemTot
MemTotal:        2040764 kB
$ lxc config get container1 limits.memory

$ lxc config set container1 limits.memory 256MB
$ lxc config get container1 limits.memory
256MB
$ lxc exec container1 -- cat /proc/meminfo | grep ^MemTot
MemTotal:         262144 kB

CPU

Default is for container to use all available CPU’s
Simple to limit number of CPU’s, takes effect immediately

$ lxc exec container1 -- cat /proc/cpuinfo | grep ^proces
processor   : 0
processor   : 1
$ lxc config set container1 limits.cpu 1
$ lxc exec container1 -- cat /proc/cpuinfo | grep ^proces
processor   : 0

Storage

Set quota on root filesystem

$ lxc stop container1

$ lxc config device set container1 root size 5GB

$ lxc start container1

$ lxc exec container1 -- df -h /
Filesystem      Size  Used Avail Use% Mounted on
/dev/sdb        100G  1.1G   98G   2% /

$ lxc config show container1
architecture: x86_64
config:
  security.privileged: "true"
  volatile.base_image: 42087ba1bc1cf68c62ce3c79b22e8b79772599055198bcd287c6fd5ef223015c
  volatile.eth0.hwaddr: 00:16:3e:83:a3:cb
  volatile.eth0.name: eth0
  volatile.idmap.base: "0"
  volatile.idmap.next: '[]'
  volatile.last_state.idmap: '[]'
  volatile.last_state.power: RUNNING
devices:
  eth0:
    ipv4.address: 10.1.3.156
    nictype: bridged
    parent: bitsbr3
    type: nic
  root:
    path: /
    pool: lxd
    size: 5GB
    type: disk
ephemeral: false
profiles:
- default
stateful: false
description: ""

$ lxc exec container1 -- bash

root@container1:~# df -h /
Filesystem      Size  Used Avail Use% Mounted on
/dev/sdb        100G  1.1G   98G   2% /

So the storage resource setting doesnt like it is applied - but is recorded.
See: https://discuss.linuxcontainers.org/t/unable-to-set-a-disk-size-for-using-btrfs/394
Unlike ZFS, BTRFS does not render quotas in df but they are honoured, use btrfs utiltiy to prove

~# btrfs quota enable /var/lib/lxd/storage-pools/lxd

~# btrfs qgroup show -ref /var/lib/lxd/storage-pools/lxd/containers/container1
qgroupid         rfer         excl     max_rfer     max_excl
--------         ----         ----     --------     --------
0/287       872.86MiB    118.00MiB         none      5.00GiB

Quota on ZFS works much better …

~$ lxc exec c56LVyPf6n -- df -h /
Filesystem                 Size  Used Avail Use% Mounted on
lxd/containers/c56LVyPf6n   97G  455M   96G   1% /

~$ lxc stop c56LVyPf6n

~$ lxc config device set c56LVyPf6n root size 5GB

~$ lxc start c56LVyPf6n

~$ lxc exec c56LVyPf6n -- df -h /
Filesystem                 Size  Used Avail Use% Mounted on
lxd/containers/c56LVyPf6n  5.4G  455M  5.0G   9% /

What Did I Learn Today