Configuring an LXD Container
Common Configurations
- Grant the perf collection permission to other users.
1echo "-1">/proc/sys/kernel/perf_event_paranoid
This operation is not required if only the HPC application analysis task is running. The parameter following echo cannot be set to 3 and needs to be changed on the host machine.
- Enable the privileged option for the container.
1lxc config set template security.privileged=true
This operation enables that files in the same directory on the host machine can be accessed. It is not required if only the HPC application analysis task is running.
Enabling the privileged option for a container will assign all kernel functions to the container, so that the container can execute most events at the host layer. This may pose risks to the system security. You are advised to harden the container and restore the option after using the container.
Figure 1 Checking the permission
- Modify the container configurations to ensure that the files in the /sys/kernel/debug directory can be accessed and the /proc/kcore file can be read.
- Modify the container configuration.
1lxc config edit template
Figure 2 Modifying the configuration
- Press Esc, type :wq!, and press Enter to save the file and exit.
- View the folder content.
1ls
The following information is displayed:
1console.log forkexec.log forkstart.log lxc.conf lxc.log lxc.log.old
- Check the access permission on the files in /sys/kernel/debug.
Figure 3 Permissions
- This operation is not required if only the HPC application analysis task is running. You need to stop the container and then restart it.
lxc stop
Restart the container. The container continues to run from the position where it was stopped last time.
lxc start
- Modify the container configuration.
- Install libunwind.
libunwind is mandatory for installing the tool. Currently, you can only manually install libunwind by copying libunwind to the container environment and compiling it. In this example, libunwind 1.5.0 is used.
1 2 3 4
tar -zxvf libunwind-1.5.0.tar.gz cd libunwind-1.5.0/ ./configure --prefix=/usr/lib64/ make && make install
Configuring the Network Environment (Routing Mode)
In this mode, make sure the host machine and agent server are in the same network segment.
- View the address.
lxc list
- Run the following command on the server where the LXD container resides. Replace the example IP address in the command with the actual one.
1route add -net 10.*.*.*/24 gw 90.*.*.*
- Check the connectivity.
ping 10.x.x.x
Configuring the Network Environment (Bridging Mode)
The following host machine runs Ubuntu 20.04, and the LXD container runs CentOS 8.
- Configure the network of the host machine.
- Modify the network configuration file of the host machine.
1vim /etc/netplan/00-installer-config.yamlFigure 4 Before modification
Figure 5 After modification
- Make the configuration take effect.
1sudo netplan apply
- View the network configuration.
ifconfig
Figure 6 Viewing the network configuration
- Modify the network configuration file of the host machine.
- Add a NIC to the LXD container.
- Bind a NIC.
1sudo lxc network attach NIC_name_of_the_host_machine container_name
- Check the NIC of the container.
lxc config show NIC_name
Figure 7 Viewing the NIC of the container
- Restart the container.
1lxc restart container_name
- Bind a NIC.
- Configure the network of the LXD container.
- Access the container.
1lxc exec container_name /bin/bash
- Modify the NIC configuration in the container.
1vi /etc/sysconfig/network-scripts/ifcfg-eth1Specify an unused IP address on the LAN of the host machine. The mask of the container must be the same as that of the host machine.
Figure 8 After modification
- Restart the network in the container.
1systemctl restart network.service
- View the container address on the host machine.
1lxc listFigure 9 Viewing the network address
- Access the container.