:abbr:`LXC (Linux Containers)` combine kernel's cgroups and support for isolated
namespaces to provide an isolated environment for applications. Docker
does use LXC as one of its execution drivers, enabling image management
-and providing deployment services. More information in [lxc]_, [lxc-namespace]_
+and providing deployment services. More information in [lxc]_, [lxcnamespace]_
and [stgraber]_.
Linux containers can be of two kinds: privileged containers and
users can create containers and will appear in the container as the
root, but will appear as userid <non-zero> on the host. Unprivileged
containers are also better suited to supporting multi-tenancy operating
-environments. More information in [lxc-security]_ and [stgraber]_.
+environments. More information in [lxcsecurity]_ and [stgraber]_.
Privileged Containers
~~~~~~~~~~~~~~~~~~~~~
- Seccomp - secure computing mode, enables filtering of system calls,
[seccomp]_.
-More information in [lxc-security]_ and [lxc-sec-features]_.
+More information in [lxcsecurity]_ and [lxcsecfeatures]_.
**Linux Containers in CSIT**
2. Build - building a container image from scratch or another
container image via :command:`docker build <dockerfile/composefile>` or
customizing LXC templates in
- `https://github.com/lxc/lxc/tree/master/templates`_
+ `GitHub <https://github.com/lxc/lxc/tree/master/templates>`_.
3. (Re-)Create - creating a running instance of a container application
from anew, or re-creating one that failed. A.k.a. (re-)deploy via
~~~
LXC is the well-known and heavily tested low-level Linux container
-runtime [lxc-source]_, that provides a userspace interface for the Linux kernel
+runtime [lxcsource]_, that provides a userspace interface for the Linux kernel
containment features. With a powerful API and simple tools, LXC enables
Linux users to easily create and manage system or application
containers. LXC uses following kernel features to contain processes:
Kubernetes
~~~~~~~~~~
-Kubernetes [k8s-doc]_, or K8s, is a production-grade container orchestration
+Kubernetes [k8sdoc]_, or K8s, is a production-grade container orchestration
platform for automating the deployment, scaling and operating
application containers. Kubernetes groups containers that make up an
application into logical units, pods, for easy management and discovery.
Ligato [ligato]_ is an open-source project developing a set of cloud-native
tools for orchestrating container networking. Ligato integrates with FD.io VPP
-using goVPP [govpp]_ and vpp-agent [vpp-agent]_.
+using goVPP [govpp]_ and vpp-agent [vppagent]_.
**Known Issues**
| | [Arguments] | ${technology} | ${image} | ${cpu_count}=${1} | ${count}=${1}
| | ...
| | ${group}= | Set Variable | VNF
- | | ${guest_dir}= | Set Variable | /mnt/host
- | | ${host_dir}= | Set Variable | /tmp
| | ${skip_cpus}= | Evaluate | ${vpp_cpus}+${system_cpus}
| | Import Library | resources.libraries.python.ContainerUtils.ContainerManager
- | | ... | engine=${technology} | WITH NAME | ${group}
+ | | ... | engine=${container_engine} | WITH NAME | ${group}
| | ${duts}= | Get Matches | ${nodes} | DUT*
| | :FOR | ${dut} | IN | @{duts}
- | | | {env}= | Create List | LC_ALL="en_US.UTF-8"
- | | | ... | DEBIAN_FRONTEND=noninteractive | ETCDV3_ENDPOINTS=172.17.0.1:2379
+ | | | ${env}= | Create List | DEBIAN_FRONTEND=noninteractive
+ | | | ${mnt}= | Create List | /tmp:/mnt/host | /dev:/dev
| | | ${cpu_node}= | Get interfaces numa node | ${nodes['${dut}']}
| | | ... | ${dut1_if1} | ${dut1_if2}
| | | Run Keyword | ${group}.Construct containers
- | | | ... | name=${dut}_${group}
- | | | ... | node=${nodes['${dut}']}
- | | | ... | host_dir=${host_dir}
- | | | ... | guest_dir=${guest_dir}
- | | | ... | image=${image}
- | | | ... | cpu_count=${cpu_count}
- | | | ... | cpu_skip=${skip_cpus}
- | | | ... | smt_used=${False}
- | | | ... | cpuset_mems=${cpu_node}
- | | | ... | cpu_shared=${False}
- | | | ... | env=${env}
+ | | | ... | name=${dut}_${group} | node=${nodes['${dut}']} | mnt=${mnt}
+ | | | ... | image=${container_image} | cpu_count=${container_cpus}
+ | | | ... | cpu_skip=${skip_cpus} | cpuset_mems=${cpu_node}
+ | | | ... | cpu_shared=${False} | env=${env} | count=${container_count}
+ | | | ... | install_dkms=${container_install_dkms}
+ | | Append To List | ${container_groups} | ${group}
Mandatory parameters to create standalone container are: ``node``, ``name``,
-``image`` [image-var]_, ``cpu_count``, ``cpu_skip``, ``smt_used``,
-``cpuset_mems``, ``cpu_shared``.
+``image`` [imagevar]_, ``cpu_count``, ``cpu_skip``, ``cpuset_mems``,
+``cpu_shared``.
There is no parameters check functionality. Passing required arguments is in
coder responsibility. All the above parameters are required to calculate the
- Docker topologies:
- eth-l2xcbase-eth-2memif-1docker.
+ - eth-l2xcbase-eth-1memif-1docker
- Kubernetes/Ligato topologies:
~~~~~~~~~~
.. [lxc] `Linux Containers <https://linuxcontainers.org/>`_
-.. [lxc-namespace] `Resource management: Linux kernel Namespaces and cgroups <https://www.cs.ucsb.edu/~rich/class/cs293b-cloud/papers/lxc-namespace.pdf>`_.
+.. [lxcnamespace] `Resource management: Linux kernel Namespaces and cgroups <https://www.cs.ucsb.edu/~rich/class/cs293b-cloud/papers/lxc-namespace.pdf>`_.
.. [stgraber] `LXC 1.0: Blog post series <https://stgraber.org/2013/12/20/lxc-1-0-blog-post-series/>`_.
-.. [lxc-security] `Linux Containers Security <https://linuxcontainers.org/lxc/security/>`_.
-.. [capabilities] `Linux manual - capabilities - overview of Linux capabilities http://man7.org/linux/man-pages/man7/capabilities.7.html`_.
+.. [lxcsecurity] `Linux Containers Security <https://linuxcontainers.org/lxc/security/>`_.
+.. [capabilities] `Linux manual - capabilities - overview of Linux capabilities <http://man7.org/linux/man-pages/man7/capabilities.7.html>`_.
.. [cgroup1] `Linux kernel documentation: cgroups <https://www.kernel.org/doc/Documentation/cgroup-v1/cgroups.txt>`_.
.. [cgroup2] `Linux kernel documentation: Control Group v2 <https://www.kernel.org/doc/Documentation/cgroup-v2.txt>`_.
.. [selinux] `SELinux Project Wiki <http://selinuxproject.org/page/Main_Page>`_.
-.. [lxc-sec-features] `LXC 1.0: Security features <https://stgraber.org/2014/01/01/lxc-1-0-security-features/>`_.
-.. [lxc-source] `Linux Containers source <https://github.com/lxc/lxc>`_.
+.. [lxcsecfeatures] `LXC 1.0: Security features <https://stgraber.org/2014/01/01/lxc-1-0-security-features/>`_.
+.. [lxcsource] `Linux Containers source <https://github.com/lxc/lxc>`_.
.. [apparmor] `Ubuntu AppArmor <https://wiki.ubuntu.com/AppArmor>`_.
.. [seccomp] `SECure COMPuting with filters <https://www.kernel.org/doc/Documentation/prctl/seccomp_filter.txt>`_.
.. [docker] `Docker <https://www.docker.com/what-docker>`_.
-.. [k8s-doc] `Kubernetes documentation <https://kubernetes.io/docs/home/>`_.
+.. [k8sdoc] `Kubernetes documentation <https://kubernetes.io/docs/home/>`_.
.. [ligato] `Ligato <https://github.com/ligato>`_.
.. [govpp] `FD.io goVPP project <https://wiki.fd.io/view/GoVPP>`_.
-.. [vpp-agent] `Ligato vpp-agent <https://github.com/ligato/vpp-agent>`_.
-.. [image-var] Image parameter is required in initial commit version. There is plan to implement container build class to build Docker/LXC image.
+.. [vppagent] `Ligato vpp-agent <https://github.com/ligato/vpp-agent>`_.
+.. [imagevar] Image parameter is required in initial commit version. There is plan to implement container build class to build Docker/LXC image.
Code Review / csit.git / blobdiff