Quickly run Ubuntu cloud images locally using uvtool
We have long been able to test Ubuntu isos very easily by using ‘testdrive’. It syncs releases/architectures you are interested in and starts them in kvm. Very nice. But nowadays, in addition to the isos, we also distribute cloud images. They are the basis for cloud instances and ubuntu-cloud containers, but starting a local vm based on them took some manual steps. Now you can use ‘uvtool’ to easi
libvirt defaults (and openvswitch bridge performance)
The libvirt-bin package in Ubuntu installs a default NATed virtual network, virbr0. This isn’t always the best choice for everyone, however it “just works” everywhere. It also provides some simple protection – the VMs aren’t exposed on the network for all attackers to see. Two alternatives are sometimes suggested. One is to simply default to a non-NATed bridge. The biggest reason we can’t do this
Creating and using containers – without privilege
Today I posted a (working but mainly POC) patchset against lxc which allows me to create and start ubuntu-cloud containers – completely as an unprivileged user. For more details see the introductory email to the patchset at http://sourceforge.net/mailarchive/forum.php?thread_name=1374246151-7069-9-git-send-email-serge.hallyn%40ubuntu.com&forum_name=lxc-devel Glossing over prerequisites (which you
Introducing lxc-snap
lxc-snap: lxc container snapshot management tool BACKGROUND Lxc supports containers backed by overlayfs snapshots. The way this is typically done is to create a container backed by a regular directory, then create a new container which mounts the first container’s rootfs as a read-only lower mount, with a new private delta directory as its read-write upper mount. For instance, you could sudo lxc-c
LXC – improved clone support
Recently I took some time to work on implementing container clones through the lxc API. lxc-clone previously existed as a shell script which could create snapshot clones of lvm and btrfs containers. There were several shortcomings to this: 1. clone was not exportable through the API (to be used in python, lua, go and c programs). Now it is, so a Go program can create a container clone in one funct
Experimenting with user namespaces
User namespaces are a really neat feature, but there are some subtleties involved which can make them perplexing to first play with. Here I’m going to show a few things you can do with them, with an eye to explaining some of the things which might otherwise be confusing. First, you’ll need a bleeding edge kernel. A 3.9 kernel hand-compiled with user namespace support should be fine (some of the la
User Namespaces LXC meeting
Last week we held an irc meeting to talk about user namespaces as they relate to lxc containers. The IRC log is posted at https://wiki.ubuntu.com/LxcUsernsIrcChat . I had two goals for this meeting. The first was to make sure that lxc developers were familiar with user namespaces, so that as new patches started rolling in to accomodate user namespaces, more people might be inclined to review them
Full Ubuntu container confined in a user namespace
I’ve mentioned user namespaces here before, and shown how to play a bit with them. When a task is cloned into a new user namespace, the uids in the namespace can be mapped (1-1, in blocks) to uids on the host – for instance uid 0 in the container could be uid 100000 on the host. The uids are translated at the kernel-userspace boundary (i.e. stat, etc), and capabilities for a namespaced task are on
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
Upcoming Qemu changes for 14.04
Emulating tagged views in unity
RSS over Pocket
announcing lxc-snapshot
Line buffering (and talking computers and irc meetings)
RSS
2013 Linux Security Summit CFP closing soon
gtd – managing projects
Qemu updates in raring
Call for testing: new qemu packages for raring
deploying multiple (connected) lxc compute nodes – with juju
Easily making a blockdev available to a container