Launchpad Entry: cloud-server-n-containers-finetune
Contributors: dlezcano, serge-hallyn, soren
Packages affected: lxc, linux-image
Make the use of containers for service segregation on par with KVM in terms of functionality and transparancy.
Containers functionality has been greatly improved.
Joe is a system administrator who wants to start a temporary image to run postfix. To save on resources he runs it using a container. He wants to be able to update the image without fear of updates un-doing hacks needed for containers.
Jane is a system administrator who wants to be able to mix containers with KVM VMs through libvirt. She wants libvirt to auto-start containers, and virt-manager to cleanly shut down the containers.
BoF agenda and discussion
UDS Natty discussion
== Make LXC ready for production == Conclusions: * Some kernel patches (setns, ipvs, ns-cgroup-removal) are heading upstream * kernel team may backport those into natty * ns cgroup is being deprecated - should be turned off * MUST be associated with taking the clone-children control file patch to replace ns cgroup functionality * For more forward-looking and experimental lxc patches, * Create a kernel based on natty hosted on kernel.ubuntu.com * Create a ppa with both custom kernel and lxc package to exploit it * Examples of functionality: * user namespace * containerized syslog * tinyproc (see below) * Investigate solutions for /proc and /sys containerization * One attractive solution was to separate proc from container-safe tinyproc * could be a mount option * a CAP_HOST_PROC capability is required for mounting full proc * tinyproc does not provide /proc/sysrq-trigger, for instance * Networking: * We should let libvirt handle creation of bridge * Someone should investigate getting netcf working in debian+ubuntu * To play nice with networkmanager * Container auto-start on boot * Let libvirt handle it * Meeting schedule for Friday to investigate a libvirt binding for liblxc * Summary from that meeting: * Action for natty to make a debootstrapped image work on host and in container * Action for Soren to look at libvirt-lxc console bug * (Serge to file a bug) * Action to create a new libvirt-container driver, based on openvz driver, which execs lxc.sf.net programs. * Ping libvirt community for reaction * Updating the existing driver to match lxc.sf.net functionality is too much duplicated work. * Long term, we would like to have the container driver call out to lxc.sf.net library - much more work * Upstart script for lxc * We should see if we can let libvirt handle it all * Action: find someone willing to work on a script on top of lxc for easing container creation * Action: find someone to push top/ps/netstat/etc containerization patches upstream * Action: pursue solutions to container reboot and poweroff * Action: Create trees based on Natty kernel tree, hosted on kernel.ubuntu.com, for more experimental container features to push upstream. * Action: Serge to follow up on user-namespace-over-dbus patch (sent to lkml in May)