Make the use of containers for service segregation on par with KVM in terms of functionality and transparancy.

Release Note

Containers functionality has been greatly improved.


User stories

Joe is a system administrator who wants to start a temporary image to run postfix. To save on resources he runs it using a container. He wants to be able to update the image without fear of updates un-doing hacks needed for containers.

Jane is a system administrator who wants to be able to mix containers with KVM VMs through libvirt. She wants libvirt to auto-start containers, and virt-manager to cleanly shut down the containers.




Test/Demo Plan

Unresolved issues

BoF agenda and discussion

UDS Natty discussion

== Make LXC ready for production ==

 * Some kernel patches (setns, ipvs, ns-cgroup-removal) are heading upstream
   * kernel team may backport those into natty
   * ns cgroup is being deprecated - should be turned off
     * MUST be associated with taking the clone-children control file patch to replace ns cgroup functionality
 * For more forward-looking and experimental lxc patches,
   * Create a kernel based on natty hosted on
   * Create a ppa with both custom kernel and lxc package to exploit it
   * Examples of functionality:
     * user namespace
     * containerized syslog
     * tinyproc (see below)
 * Investigate solutions for /proc and /sys containerization
   * One attractive solution was to separate proc from container-safe tinyproc
     * could be a mount option
       * a CAP_HOST_PROC capability is required for mounting full proc
       * tinyproc does not provide /proc/sysrq-trigger, for instance
 * Networking:
   * We should let libvirt handle creation of bridge
   * Someone should investigate getting netcf working in debian+ubuntu
     * To play nice with networkmanager
 * Container auto-start on boot
   * Let libvirt handle it
 * Meeting schedule for Friday to investigate a libvirt binding for liblxc
   * Summary from that meeting:
     * Action for natty to make a debootstrapped image work on host and in container
     * Action for Soren to look at libvirt-lxc console bug
       * (Serge to file a bug)
     * Action to create a new libvirt-container driver, based on openvz driver, which execs programs.
       * Ping libvirt community for reaction
       * Updating the existing driver to match functionality is too much duplicated work.
     * Long term, we would like to have the container driver call out to library - much more work
 * Upstart script for lxc
   * We should see if we can let libvirt handle it all
 * Action: find someone willing to work on a script on top of lxc for easing container creation
 * Action: find someone to push top/ps/netstat/etc containerization patches upstream
 * Action: pursue solutions to container reboot and poweroff
 * Action: Create trees based on Natty kernel tree, hosted on, for more experimental container features to push upstream.
 * Action: Serge to follow up on user-namespace-over-dbus patch (sent to lkml in May)


CloudServerNContainersFinetune (last edited 2010-11-08 23:56:41 by serge-hallyn)