From: Dmitry Mishin <dim-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
To: Daniel Lezcano <dlezcano-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
Cc: Linux Containers
<containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>,
igor-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org
Subject: Re: [Devel] lxc userspace tools 0.3.0 released
Date: Mon, 20 Oct 2008 12:42:47 +0400 [thread overview]
Message-ID: <200810201242.47995.dim@openvz.org> (raw)
In-Reply-To: <48F8F8BE.7080509-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
On Saturday 18 October 2008 00:42:38 Daniel Lezcano wrote:
> Dmitry Mishin wrote:
> > On Thursday 16 October 2008 16:28:08 Daniel Lezcano wrote:
> >> Dmitry Mishin wrote:
> >>> On Thursday 16 October 2008 13:06:45 Daniel Lezcano wrote:
> >>>> Dmitry Mishin wrote:
> >>>>> Hi, Daniel!
> >>>>
> >>>> Hi Dmitry ! good to see you again :)
> >>>
> >>> Thank you ! :)
> >>>
> >>>>> I studied a bit lxc tools and have a couple of questions. Could you
> >>>>> answer them?
> >>>>
> >>>> Of course I can :)
> >>>>
> >>>>> 1) Why did you chose such way of a container's configuration
> >>>>> storing? IMHO, configuration in one file is better, because this file
> >>>>> will be small and could be easily mmap'ed for the following
> >>>>> operations instead of multiple readdir() and filesystem lookups.
> >>>>
> >>>> I wanted to have the configuration easily hackable, so you can edit
> >>>> directly the files inside the directory. For example, if you remove
> >>>> the network directory, when you will start the container, the network
> >>>> will not be unshared. If you have a single file, that will be more
> >>>> difficult to edit especially if it is a binary file.
> >>>>
> >>>> The container tree contains more than the configuration file, for
> >>>> example, it contains some runtime information.
> >>>>
> >>>> It is true having a mmapped configuration is more efficient but it is
> >>>> just for container startup, and there are not thousand of files. The
> >>>> application running inside the container is not impacted.
> >>>
> >>> OK, but what if I need some namespace to be shared between containers?
> >>> How it will be handled? For example, CT 1 and CT 2 need to share
> >>> network namespace, but keep it separated from host one.
> >>
> >> I think that can be solved by nested container, a container 1, unsharing
> >> the network, and inside create 2 containers without unsharing the
> >> network.
> >>
> >> Example:
> >> in a script called myscript.sh:
> >> #!/bin/bash
> >> lxc-execute -n ctr1 echo "hello1" &
> >> lxc-execute -n ctr2 echo "hello2"
> >>
> >> in the shell:
> >> lxc-create -n mynetwork -f myconf
> >> lxc-execute -n mynetwork ./myscript.sh
> >
> > I mean how it will be handled from configuration layout POV?
> >
> >> Do you have an example, an use case for this kind of configuration ?
> >
> > For example, web server and dns server for the same domain, hosted on the
> > external node.
>
> Ok I see, thanks.
>
> > As you mentioned, the goal of this tool is to provide ability for kernel
> > hackers to test namespaces support in mainstream. Thus it should be
> > flexible as possible and do not add limitations over current
> > functionality. Current design of configuration storing is likely to be a
> > week place in this sense. At least I do not understand yet how namespaces
> > inheritance could be reflected in it.
>
> I don't think it is a current limitation as I shown in the previous
> example. Not being able to define a configuration for a nested container
> is not a big issue right now because the nested container are not fully
> supported (eg. network devices being pushed back to init_net).
>
> The configuration storing is I think a good approach and it is not an
> API like the cgroup, it can be changed at any time.
With the respective backward-compatibility or conversion code to be written...
> The advantage of
> having a tree file for a container will appear more clear with the
> future functionalities.
>
> If the nested containers become a must-have and asked by people, the lxc
> tools will be changed in this way. We can imagine to do like the cgroup
> and create in the container directory a new container directory to
> reflect the hierarchy and we access a container by doing for example
> "lxc-stop -n foo/bar" (bar is a child of foo).
Unification with cgroups is good idea, IMHO.
> We can imagine to
> implement a fuse for containers and create / destroy when doing
> mkdir/rmdir, as well as create a directory when doing lxc_create.
>
> The configuration could be something like:
>
> Create a nested container with two configuration files:
> lxc-create -n foo/bar -f foo.conf -f bar.conf
>
> And so execute:
> lxc-execute -n foo/bar /usr/sbin/httpd /bin/bash
>
> will unshare 'foo', exec 'httpd' and so unshare 'bar' (under 'foo') and
> exec 'bash'
>
> Well these are random thoughts... :)
Good thoughts! I need to take a look at cgroups management tools and possibly
develop something usefull for lxc :)
>
> Thanks
> -- Daniel
--
Thanks,
Dmitry.
next prev parent reply other threads:[~2008-10-20 8:42 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-10-14 14:39 lxc userspace tools 0.3.0 released Daniel Lezcano
[not found] ` <48F4AF2E.3000204-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2008-10-14 17:00 ` Cedric Le Goater
2008-10-16 8:10 ` [Devel] " Dmitry Mishin
[not found] ` <200810161210.48149.dim-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2008-10-16 9:06 ` Daniel Lezcano
[not found] ` <48F70425.5090606-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2008-10-16 10:57 ` Dmitry Mishin
[not found] ` <200810161457.45686.dim-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2008-10-16 12:28 ` Daniel Lezcano
[not found] ` <48F73358.80208-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2008-10-17 8:08 ` Dmitry Mishin
[not found] ` <200810171208.51783.dim-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2008-10-17 20:42 ` Daniel Lezcano
[not found] ` <48F8F8BE.7080509-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2008-10-20 8:42 ` Dmitry Mishin [this message]
[not found] ` <200810201242.47995.dim-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
2008-10-20 9:52 ` Daniel Lezcano
2008-10-16 8:22 ` Alexey Eremenko
[not found] ` <7fac565a0810160122n7afa6e71l929be8cb08ba05c6-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-10-16 9:50 ` Daniel Lezcano
[not found] ` <48F70E53.9070002-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2008-10-16 9:56 ` Alexey Eremenko
[not found] ` <7fac565a0810160256mc3de8b5raf4bab31470b051a-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-10-16 10:35 ` Daniel Lezcano
2008-10-16 12:55 ` Cedric Le Goater
[not found] ` <48F739BB.4070201-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>
2008-10-16 13:30 ` Daniel P. Berrange
[not found] ` <20081016133006.GQ27881-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2008-10-16 14:10 ` Daniel Lezcano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200810201242.47995.dim@openvz.org \
--to=dim-gefaqzzx7r8dnm+yrofe0a@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=dlezcano-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org \
--cc=igor-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox