LXC: In a Nutshell

What is LXC?

LXC (LinuX Containers) is an operating system-level virtualization method for running multiple isolated Linux systems (containers) on a single control host. LXC provides operating system-level virtualization not via a 

full blown virtual machine, but rather provides a virtual environment that has its own process and network space. LXC is an userspace API which supports Linux Kernel's support for containment.

With containers, you have the option of kicking off any individual process you like inside any container. Instead, what we do is set up a file system containing a copy of a minimal operating system image, and kick off /sbin/init on that partition, in that file system, with its own Ethernet interface. We get the appearance of a VM, each container getting its own IP address, and disk file systems, its own set of software packages installed, and its own set of OS daemons processes.

Linux Container(?)

Features

LXC provides following features of Linux Kernel to support containment:

1. Chroots
2. Control groups (cgroups)
3. Kernel namespaces (ipc, uts, mount, pid, network and user)
4. Apparmor and SELinux 
5. Kernel capabilities and many more...

chroot and LXC

In simple words, LXC builds up from chroot to implement complete virtual systems, adding resource management and isolation mechanisms to Linux’s existing process management infrastructure. LXC is often considered as a virtualization solution between chroot on steroids and complete full blown virtual machine.  The main goal of LXC is to create a closest possible environment as that of a standard Linux installation but without the need for a separate kernel. 

Container Life Cycle

When the container is created, it contains the configuration information. When a process is launched, the container will be starting and running. When the last process running inside the container exits, the container is stopped.

Container Life Cycle

In case of failure when the container is initialized, it will pass through the aborting state.

Components

The current release of LXC is comprised of following main components:

• The liblxc library
• Several language bindings (python, ruby, lua etc.)
• Standard tools to control the containers
• Container templates

Container Management

The containers can be managed with the help of some popular container-management utilites like lxc-tools and other libraries like libvirt. Libvirt is an open source API, daemon and management tool for managing platform virtualization. 

Get LXC

LXC is free software and is released under the terms of the GNU LGPLv2.1+ license. You can get LXC from the latest upstream tarballs from here or directly from git repository of LXC from here. You can also get it using git clone from git clone git://github.com/lxc/lxc.

[Solved] Virtualbox: Could not mount the media/drive

VirtualBox comes with some software packages but they are meant to be installed inside the Virtual Machine to improve the performance of guest OS and add extra features like mouse pointer integration, shared folders, better video support, time synchronization, shared clipboard, drag'N'drop and so on. These packages shipped in an iso image file which you can find at VirtualBox installation location.

Problem

Many times while installing the virtualbox, we encounter an error like "Could not mount the media/drive" with error flag as "VERR_PDM_MEDIA_LOCKED".

VBoxGuestAdditions Error

Solution

The trick to solve this problem is really simple. Follow the below steps:

1. Shut down the guest OS.
2. Now in VM Manager click the relevant VM and click "Settings" tab.
3. Go to "Storage" menu.
4. In "Controller: IDE" section, locate the attachment "VBoxGuestAdditions.iso"
5. Right Click on the attachment "VBoxGuestAdditions.iso" and select "Remove Attachment". In the confirmation dialog box, click "Remove".
   
   
6. Now in the same "Controller: IDE" section, locate the little CD symbol.
   
                          
7. In a dialog box asking to add a virtual CD/DVD disk, select "Leave Empty".
   
                          
8. Click "OK" and start the VM.
   
   Now you should be able to install the VirtualBox Guest Additions inside the VM.    

Cgroups: In a Nutshell

What is Cgroups?

Cgroups is a Linux kernel feature to limit, account and isolate resource usage of process groups. Cgroups allow you to allocate resources—such as CPU time, system memory, network bandwidth, or combinations of these resources—among user-defined groups of tasks (processes) running on a system. You can monitor the cgroups you configure, deny cgroups access to certain resources, and even reconfigure your cgroups dynamically on a running system. 

The above figure describes the CPU shares limitation using Cgroups. We can see that three Cgroups use chunks of CPU. Cgroup #1’s share is 1024. Cgroup #2’s share is greater than both other Cgroups, so it’ll get more CPU than both others. Cgroup #3 will get least CPU share.

Subsystems of Cgroups:

Other than CPU subsystem, there are eight other subsystems available. Let’s have a look at all the Cgroups subsystems in brief:

• blkio — this subsystem sets limits on input/output access to and from block devices such as physical drives (disk, solid state, USB, etc.).
• cpu — this subsystem uses the scheduler to provide cgroup tasks access to the CPU.
• cpuacct — this subsystem generates automatic reports on CPU resources used by tasks in a cgroup.
• cpuset — this subsystem assigns individual CPUs (on a multicore system) and memory nodes to tasks in a cgroup.
• devices — this subsystem allows or denies access to devices by tasks in a cgroup.
• freezer — this subsystem suspends or resumes tasks in a cgroup.
• memory — this subsystem sets limits on memory use by tasks in a cgroup, and generates automatic reports on memory resources used by those tasks.
• net_cls — this subsystem tags network packets with a class identifier (classid) that allows the Linux traffic controller (tc) to identify packets originating from a particular cgroup task.
• net_prio — this subsystem provides a way to dynamically set the priority of network traffic per network interface.
• ns — the namespace subsystem.

Features:

Now, let’s discuss about features provided by Cgroups. 

Cgroups provides following features:

• Resource Limitation: Groups can be set to not exceed a resource limitation. This limitation includes memory limit, file system cache limit, disk I/O throughput limitation etc.
• Prioritization: Some groups may get a larger share of CPU, disk I/O throughput etc.
• Accounting: We can measure how much resources certain systems use.
• Isolation: Separate namespaces are provided for groups, so they remain fully exclusive to each other. The groups cannot see each other’s processes, network connections etc.
• Control: We can freeze groups, checkpoint and restart the container. 

Today, I briefly discussed about Cgroups. Next time, we'll discuss about a buzzing virtualization solution in the Open Source Community, Linux Containers (LXC).

Fedora 21 will be Nameless

Red Hat owned and community-supported Fedora Project developed "Fedora 21" has always had some funky and colorful names. After the Fedora 20 release was named Heisenbug, the next release Fedora 21 will not have any name.  Fedora 19 was called Schrodinger's Cat, Fedora 18 was the Spherical Cow, and Fedora 17 was the Beefy Miracle.

Jaroslav Reznik of Red Hat in his blog post says,

 “What will be the code name for Fedora 21. And again short answer: null. Not null as null string but null. Fedora Board decided to end release names process. It does not mean “no more release names” but it’s up to community or working groups, if anyone wants to step into the role of Name Wrangler and helps running this process. Or reform it in any way.”

Late Release of Fedora 21

A version of Fedora has a relatively short life cycle—the maintenance period is only 13 months: there are 6 months between releases, and version X is supported only until 1 month after version X+2. Typically, the Fedora project has had two releases in any given year: one in the early spring, the other early winter. For 2014, that likely won't be the case. 

Jaroslav Reznik further answers about the schedule of Fedora 21, 

"Is Fedora 21 going to be released in the old model way, or new one? Hard to answer right now. But there's one date - F21 is not going to be released earlier than in August (and I'd say late August)". 

There has been a discussion about Fedora 21's release schedule.

The time gap between Fedora 20 and Fedora 21 should be approximately 6 months. The time between the two releases will be used to work on tooling for quality control and release automation. But this is not the case this time. Jaroslav Reznik further says,

“But this time we are in a bit different situation – there are several working groups trying to redefine, how Fedora should look like in the future and it does not make sense to create schedule. We need resolution from this effort. It’s planned for January.”

2014 will be an exciting year in the Red Hat community, beyond just the evolution of Fedora. Red Hat Enterprise Linux 7 will likely be announced at some point in this year. Moreover, Red Hat recently partnered with its community developed CentOS community Linux project. CentOS is a clone of Red Hat's Red Hat Enterprise Linux (RHEL) platform, and provids a free alternative to Red Hat's RHEL.