Linux Containers (LXC) is a lightweight system virtualization that uses resource isolation instead of the hardware emulation approach used by KVM and Xen. For users who do not require full OS virtualization as provided by KVM and Xen, container technologies such as LXC provide an attractive performant solution for virtualization.
This docoument contains the design specification for LXC support in Cloudstack.
Code complete, feature has been merged to master branch.
- Jira: https://issues.apache.org/jira/browse/CLOUDSTACK-922
- Github: https://github.com/gilt/incubator-cloudstack
- Mail thread: http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-dev/201301.mbox/%3CCAD3R0XntF759eiafbLOdvftBQUX8yER2t20wTFGvhph6sgKWgw@mail.gmail.com%3E
- Meeting Notes:
LXC will be implemented as a hypervisor in Cloudstack and will be a first class citizen to the other hypervisors such as Xen, KVM, VMWare. As such, a user will be able to select LXC as the hypervisor for all areas a hypervisor is selectable and where the system resources have been met.
Available storage options for LXC primary storage are NFS and SharedMountPoint.
Unlike other hypervisors where a VM is contained in a single image file, LXC containers run from a directory that serves as the root filesystem. LXC template images will be stored in TAR format in secondary storage. See LXC Templates section for details on how the image is unpacked.
Guest VM creation
Similar to KVM, LXC virtual machines will be created using libvirt. The libvirt domain xml will include two additional elements needed for LXC: <init> and <filesystem>.
Downloadable LXC template images should be stored as either tar.gz or tar formats. The SecondaryStorage VM will download and store the template as a tar file.
During the creation of the first VM for an LXC template, the management server will send a PrimaryStorageDownload command to the agent on the LXC host. This command makes a copy of the template from secondary storage onto primary storage. This copy is used as a base for creating all LXC images for the cluster and is not used directly to run a VM. The copy operation from secondary storage to primary storage will unpack the tar file into the destination template directory.
After a copy of the template is available on primary storage, the management server will send a CreateCommand to the LXC host to create a disk from the template. This involves a recursive copy of the template directory to the root directory for the VM.
Each of the different hypervisors currently have their own System VMs. These system VM images are used to run a console proxy, secondary storage, and router VMs.
We discussed the possibility of creating System VMs for LXC. There was concern with the complexity and potential issues involving iptables for the router inside an LXC container. As an intermediate solution we are going to use KVM System VMs inside the LXC Cluster.
Libvirt supports direct attachment of the guest VM's network to a physical interface. To enable this mode, add the following to agent.properties:
NOTE: The network device that is specified should not be a slave to any bridges.
Environment setup and testing
Obtaining latest code
The LXC code has been merged to the master branch for Cloudstack:
Follow directions in /docs/en-US/build-rpm.xml to build RPMs for Cloudstack.
I will not cover how to install Cloudstack, please use the latest online documents. There are a few things to note when using the LXC code:
1. Use the latest system VM images from Jenkins
Import the latest system VM image:
2. LXC container
Cloudstack will not come bundled with an LXC container image, so you will need to prepare one yourself or download one.