libvirt XLC driver --pass-fds

翻译 2017年09月08日 00:33:31

原文http://www.libvirt.org/drvlxc.html#activation

Systemd Socket Activation Integration

The libvirt LXC driver provides the ability to pass across pre-opened filedescriptors when starting LXC guests. This allows for libvirt LXC to supportsystemd's socketactivation capability, where an incoming client connectionin the host OS will trigger the startup of a container, which runs anothercopy of systemd which gets passed the server socket, and then activates theactual service handler in the container.

libvirt lxc支持传递   已经在host os打开的文件描述符 给LXC guests,这允许LXC支持:当host os收到一个客户端的连接请求时,会触发LXC的启动,LXC会运行systems的一个copy,这使得lXC获得传递过来的服务器套接字描述符,从而激活实际的 在LXC中的服务器处理程序。

Let us assume that you already have a LXC guest created, runninga systemd instance as PID 1 inside the container, which has anSSHD service configured. The goal is to automatically activatethe container when the first SSH connection is made. The firststep is to create a couple of unit files for the host OS systemdinstance. The /etc/systemd/system/mycontainer.serviceunit file specifies how systemd will start the libvirt LXC container

假设我们已经有一个LXC guest,在这个容器内配置了sshd(提供ssh服务),并且 在进程pid=1上运行着systemd 实例,一个ssh连接会激活这个container,第一步便是为host os systemd (为什么不是 container systemd instance ? just scontainer systemd instance is a copy from host os systemd instance ?)实例创建一对单元文件。

/etc/systemd/system/mycontainer.service (host文件) unit文件指定 systemd 启动这个libvirt LXC container.


[Unit]
Description=My little container

[Service]
ExecStart=/usr/bin/virsh -c lxc:/// start --pass-fds 3 mycontainer
ExecStop=/usr/bin/virsh -c lxc:/// destroy mycontainer
Type=oneshot
RemainAfterExit=yes  //virsh 在启动container后不关闭
KillMode=none    //virsh 在启动container后不关闭

The --pass-fds 3 argument specifies that the filedescriptor number 3 that virsh inherits from systemd,is to be passed into the container. Since virsh willexit immediately after starting the container, the RemainAfterExitand KillMode settings must be altered from their defaults.

--pass-fds 3  文件描述符3的exec_on设定导致virsh 继承了来自系统的文件描述符(其实是对应关系,并不一定一致。。。有点不确定)。默认virsh在container启动后关闭,所以需修改参数

KillMode=none   
RemainAfterExit=yes

Next, the /etc/systemd/system/mycontainer.socket unitfile is created to get the host systemd to listen on port 23 forTCP connections. When this unit file is activated by the firstincoming connection, it will cause the mycontainer.serviceunit to be activated with the FD corresponding to the listening TCPsocket passed in as FD 3.

[Unit]
Description=The SSH socket of my little container

[Socket]
ListenStream=23

/etc/systemd/system/mycontainer.socket(host文件) 目的是 (is created to get the host systemd to listen on port 23 for
TCP connections.)(host 正常的ssh使用22,但是想通过host连接到contianer的ssh连接会使用23),当第一次连接到达时,/etc/systemd/system/mycontainer.socke被激活,导致/etc/systemd/system/mycontainer.servic
被激活,并得到一个与(被传递接听套接字描述符like FD 3)相对应的描述符。

Port 23 was picked here so that the container doesn't conflict
with the host's SSH which is on the normal port 22. That's it
in terms of host side configuration.
host 正常的ssh使用22,但是想通过host连接到contianer的ssh连接会使用23,所以不会冲突,这是与host内部的配置相一致的。

Inside the container, the /etc/systemd/system/sshd.socket(cintainer 文件)unit file must be created

[Unit]
Description=SSH Socket for Per-Connection Servers

[Socket]
ListenStream=23
Accept=yes

上述配置说明 来自23的套接字连接请求是被允许的。


The ListenStream value listed in this unit file, mustmatch the value used in the host file. When systemd in the containerreceives the pre-opened FD from libvirt during container startup, itlooks at the ListenStream values to figure out whichFD to give to which service. The actual service to start is definedby a correspondingly named /etc/systemd/system/sshd@.service

[Unit]
Description=SSH Per-Connection Server for %I

[Service]
ExecStart=-/usr/sbin/sshd -i
StandardInput=socket

 /etc/systemd/system/sshd.socket文件内的ListenStream必须与host file内的保持一致。当container接收到被传递的文件描述符
时,他会算出FD相对应的服务,该服务启动的定义在/etc/systemd/system/sshd@.service中。

Finally, make sure this SSH service is set to start on boot of the container,by running the following command inside the container:

# mkdir -p /etc/systemd/system/sockets.target.wants/
# ln -s /etc/systemd/system/sshd.socket /etc/systemd/system/sockets.target.wants/

This example shows how to activate the container based on an incomingSSH connection. If the container was also configured to have an httpdservice, it may be desirable to activate it upon either an httpd or asshd connection attempt. In this case, the mycontainer.socketfile in the host would simply list multiple socket ports. Inside thecontainer a separate xxxxx.socket file would need to becreated for each service, with a corresponding ListenStreamvalue set.

运行以下的命令去确信ssh服务被设置在container的引导启动中。

这展示了一个到来的ssh连接怎样去激活containe,如果container支持多个服务,那么我们需要在container内创建多个xxx.socket,并且设置相应的ListenStream。

相关文章推荐

aix下的Oracle10-安装xlC7

  • 2008-10-18 18:20
  • 279KB
  • 下载

unix的AIX,xlc生成动态库后为什么还要用ln -s 对*.so动态库生成软连接为*.a

在一次偶然的机会中,查看公司(公司用的是unix aix编译器xlc)库代码在看到Makefile 时,发现其后面对生成的动态库进行了软连接的操作。{ 这边插入一个知识点,在unxi,aix,xlc编...

IBM XLC 使用手册

  • 2011-12-17 10:31
  • 3.35MB
  • 下载

aix中使用xlc编译生成动态链接库(shared object)(.so)文件的方法

今天写一个ppt的时候,忽然发现不会用xlc编译成出.so文件,于是baidu,未果。 后cc看了一些命令的选项后,查到了编译的选项 。 假设我有hellofirst.c和hellosecond....

xlc_compiler_reference

  • 2009-04-06 21:20
  • 2.09MB
  • 下载

xlC 9.0 Installation Guide

  • 2010-01-02 00:50
  • 452KB
  • 下载

subprocess.Popen() 必须加上close_fds=True(

转自:http://blog.sina.com.cn/s/blog_524524850100wkvv.html 今天在做一个web页面控制memcached重启的功能,本以为非常简单,不就获...
  • rjs123
  • rjs123
  • 2012-09-25 10:01
  • 3570

xlc-compiler

  • 2010-01-15 14:20
  • 2.71MB
  • 下载

TDS 以及 FDS 光谱系统的成像光束

太赫兹频域光谱运用了光谱技术,通过这个技术材料的属性可用持续波(cw)太赫兹辐射探测出。辐射是通过在高带宽的光电导体中的光外差作用获得的:两个持续波激光的输出转换成太赫兹辐射,正是在不同频率的激光。光...

libvirt-test

  • 2014-08-13 11:12
  • 136KB
  • 下载
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:深度学习:神经网络中的前向传播和反向传播算法推导
举报原因:
原因补充:

(最多只允许输入30个字)