Sign in to follow this  
Followers 0

HPR - HPR2934: Server Basics 106: Namespaces and containers

1 post in this topic

Namespaces provide context and constraints for processes on a Linux system. They are utilised by the infrastructure of "the cloud" to create distinct "containers", in which processes may run without awareness of the system they are actually running upon.

// prove you are not running some process

$ pidof tcsh
// nothing

$ sudo pidof tcsh
// nothing

// launch tcsh in a new namespace with unshare:

$ sudo unshare --fork --pid --mount-proc tcsh

// from within that session:

# pidof tcsh

// wait what??
// yes tcsh is the first pid of its own namespace

// from another term
$ ps 1

$ pidof tcsh

// from inside the namespace, pid is seen as 1
// from outside, pid is normal

$ ps tree | less
// search for tcsh

// See evidence of namespaces:

$ ls /proc/*/ns

$ ls /proc/26814/ns
ipc net pid user uts [...]

To see this in action for a slightly more pragmatic purpose, you can use the lxc command. The LXC system uses namespaces and cgroups to create functional containers that act, more or less, like a Virtual Machine, except that they are built in containers so that they do not have to emulate hardware.

If your system doesn't have LXC installed, first install it:

$ sudo dnf install lxc lxc-templates lxc-doc

// on Ubuntu or Debian:

$ apt install lxc

You also need to create a network bridge so that your container and your host system (that's the computer you're sitting in front of right now) can communicate.

$ sudo ip link add br0 type bridge
$ sudo ip addr show br0
7: br0: <BROADCAST,MULTICAST> mtu 1500 qdisc
   noop state DOWN group default qlen 1000
   link/ether 26:fa:21:5f:cf:99 brd ff:ff:ff:ff:ff:ff

Now give your bridge device an IP address that doesn't conflict with any existing IP address on your network:

$ sudo ip addr add dev br0
$ sudo ip link set br0 up

Create a configuration for your container. You can base this on the samples provided by lxc (located in /usr/share/docs/lxc or similar). Everything but veth, br0, and up is arbitrary. You can make up all the values.

lxc.utsname = hackerpublicradio = veth = up = br0 = 4a:49:43:49:79:bd = = 2003:db8:1:0:214:c0ff:ee0b:3596

Now install an OS into your container. OS templates are provided by LXC in /usr/share/doc/lxc/templates or a similar location.

$ ls -m /usr/share/lxc/templates/
lxc-alpine, lxc-altlinux, lxc-archlinux, lxc-busybox, lxc-centos [...]

Choose a template and install. I use Alpine in the recorded show, because it's supposed to be really small. I don't necessarily recommend Alpine. I recommend Slackware, of course.

$ sudo lxc-create --name slackware --template slackware

Once the install is done, start your container:

$ sudo lxc-start --name slackware
--rcfile ~/mycontainer.conf

Now attach to the container:

$ sudo lxc-attach --name slackware

Run a command.

# uname -av
Linux hackerpublicradio 5.3.0.x86_64 #1 SMP Wed Oct 10 18:34:01 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

This is the technology that Docker and OCI projects use to create containers. And when a bunch of containers start swarming around on a bunch of hosts, you eventually end up with a cloud. How do you manage all of these things? That will be the topic for the next entry in this series, I'll bet.

View the full article


Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0