From: Dmitry Mishin <dim-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
To: Daniel Lezcano <dlezcano-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
Cc: Linux Containers
<containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>,
igor-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org
Subject: Re: [Devel] lxc userspace tools 0.3.0 released
Date: Mon, 20 Oct 2008 12:42:47 +0400 [thread overview]
Message-ID: <200810201242.47995.dim@openvz.org> (raw)
In-Reply-To: <48F8F8BE.7080509-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
On Saturday 18 October 2008 00:42:38 Daniel Lezcano wrote:
> Dmitry Mishin wrote:
> > On Thursday 16 October 2008 16:28:08 Daniel Lezcano wrote:
> >> Dmitry Mishin wrote:
> >>> On Thursday 16 October 2008 13:06:45 Daniel Lezcano wrote:
> >>>> Dmitry Mishin wrote:
> >>>>> Hi, Daniel!
> >>>>
> >>>> Hi Dmitry ! good to see you again :)
> >>>
> >>> Thank you ! :)
> >>>
> >>>>> I studied a bit lxc tools and have a couple of questions. Could you
> >>>>> answer them?
> >>>>
> >>>> Of course I can :)
> >>>>
> >>>>> 1) Why did you chose such way of a container's configuration
> >>>>> storing? IMHO, configuration in one file is better, because this file
> >>>>> will be small and could be easily mmap'ed for the following
> >>>>> operations instead of multiple readdir() and filesystem lookups.
> >>>>
> >>>> I wanted to have the configuration easily hackable, so you can edit
> >>>> directly the files inside the directory. For example, if you remove
> >>>> the network directory, when you will start the container, the network
> >>>> will not be unshared. If you have a single file, that will be more
> >>>> difficult to edit especially if it is a binary file.
> >>>>
> >>>> The container tree contains more than the configuration file, for
> >>>> example, it contains some runtime information.
> >>>>
> >>>> It is true having a mmapped configuration is more efficient but it is
> >>>> just for container startup, and there are not thousand of files. The
> >>>> application running inside the container is not impacted.
> >>>
> >>> OK, but what if I need some namespace to be shared between containers?
> >>> How it will be handled? For example, CT 1 and CT 2 need to share
> >>> network namespace, but keep it separated from host one.
> >>
> >> I think that can be solved by nested container, a container 1, unsharing
> >> the network, and inside create 2 containers without unsharing the
> >> network.
> >>
> >> Example:
> >> in a script called myscript.sh:
> >> #!/bin/bash
> >> lxc-execute -n ctr1 echo "hello1" &
> >> lxc-execute -n ctr2 echo "hello2"
> >>
> >> in the shell:
> >> lxc-create -n mynetwork -f myconf
> >> lxc-execute -n mynetwork ./myscript.sh
> >
> > I mean how it will be handled from configuration layout POV?
> >
> >> Do you have an example, an use case for this kind of configuration ?
> >
> > For example, web server and dns server for the same domain, hosted on the
> > external node.
>
> Ok I see, thanks.
>
> > As you mentioned, the goal of this tool is to provide ability for kernel
> > hackers to test namespaces support in mainstream. Thus it should be
> > flexible as possible and do not add limitations over current
> > functionality. Current design of configuration storing is likely to be a
> > week place in this sense. At least I do not understand yet how namespaces
> > inheritance could be reflected in it.
>
> I don't think it is a current limitation as I shown in the previous
> example. Not being able to define a configuration for a nested container
> is not a big issue right now because the nested container are not fully
> supported (eg. network devices being pushed back to init_net).
>
> The configuration storing is I think a good approach and it is not an
> API like the cgroup, it can be changed at any time.
With the respective backward-compatibility or conversion code to be written...
> The advantage of
> having a tree file for a container will appear more clear with the
> future functionalities.
>
> If the nested containers become a must-have and asked by people, the lxc
> tools will be changed in this way. We can imagine to do like the cgroup
> and create in the container directory a new container directory to
> reflect the hierarchy and we access a container by doing for example
> "lxc-stop -n foo/bar" (bar is a child of foo).
Unification with cgroups is good idea, IMHO.
> We can imagine to
> implement a fuse for containers and create / destroy when doing
> mkdir/rmdir, as well as create a directory when doing lxc_create.
>
> The configuration could be something like:
>
> Create a nested container with two configuration files:
> lxc-create -n foo/bar -f foo.conf -f bar.conf
>
> And so execute:
> lxc-execute -n foo/bar /usr/sbin/httpd /bin/bash
>
> will unshare 'foo', exec 'httpd' and so unshare 'bar' (under 'foo') and
> exec 'bash'
>
> Well these are random thoughts... :)
Good thoughts! I need to take a look at cgroups management tools and possibly
develop something usefull for lxc :)
>
> Thanks
> -- Daniel
--
Thanks,
Dmitry.
next prev parent reply other threads:[~2008-10-20 8:42 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-10-14 14:39 lxc userspace tools 0.3.0 released Daniel Lezcano
[not found] ` <48F4AF2E.3000204-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2008-10-14 17:00 ` Cedric Le Goater
2008-10-16 8:10 ` [Devel] " Dmitry Mishin
[not found] ` <200810161210.48149.dim-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2008-10-16 9:06 ` Daniel Lezcano
[not found] ` <48F70425.5090606-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2008-10-16 10:57 ` Dmitry Mishin
[not found] ` <200810161457.45686.dim-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2008-10-16 12:28 ` Daniel Lezcano
[not found] ` <48F73358.80208-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2008-10-17 8:08 ` Dmitry Mishin
[not found] ` <200810171208.51783.dim-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2008-10-17 20:42 ` Daniel Lezcano
[not found] ` <48F8F8BE.7080509-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2008-10-20 8:42 ` Dmitry Mishin [this message]
[not found] ` <200810201242.47995.dim-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2008-10-20 9:52 ` Daniel Lezcano
2008-10-16 8:22 ` Alexey Eremenko
[not found] ` <7fac565a0810160122n7afa6e71l929be8cb08ba05c6-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-10-16 9:50 ` Daniel Lezcano
[not found] ` <48F70E53.9070002-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2008-10-16 9:56 ` Alexey Eremenko
[not found] ` <7fac565a0810160256mc3de8b5raf4bab31470b051a-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-10-16 10:35 ` Daniel Lezcano
2008-10-16 12:55 ` Cedric Le Goater
[not found] ` <48F739BB.4070201-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2008-10-16 13:30 ` Daniel P. Berrange
[not found] ` <20081016133006.GQ27881-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2008-10-16 14:10 ` Daniel Lezcano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200810201242.47995.dim@openvz.org \
--to=dim-gefaqzzx7r8dnm+yrofe0a@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=dlezcano-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org \
--cc=igor-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.