Notes - LXC Container

In the previous lab, we used a docker container with AppMgr to do application hosting on IOS-XR. Another option for container hosting is running an LXC (Linux container).

This is a bit more involved to setup, because the LXC needs to be created off-box. From a ubuntu machine:

sudo apt-get -y install lxc lxctl lxc-templates
sudo lxc-create -t ubuntu --name xr-lxc-app
sudo lxc-start --name xr-lxc-app -F

! You are now in the ubuntu LXC
sudo apt-get -y install iperf3
sudo shutdown -h now

! Back in the NSO machine
sudo -s
cd /var/lib/lxc/xr-lxc-app/rootfs
tar -czf xr-lxc-app-rootfs.tar.gz *
mv *.tar.gz /home/ubuntu

In addition to the tarball, an LXC needs a spec file that is in XML. This file is called xr-lxc-app.xml

<domain type='lxc' xmlns:lxc='http://libvirt.org/schemas/domain/lxc/1.0' >
<name>xr-lxc-app</name>
<memory>327680</memory>
<os>
<type>exe</type>
<init>/sbin/init</init>
</os>
<lxc:namespace>
<sharenet type='netns' value='global-vrf'/>
</lxc:namespace>
<vcpu>1</vcpu>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/lib64/libvirt/libvirt_lxc</emulator>
<filesystem type='mount'>
<source dir='/misc/app_host/xr-lxc-app/'/>
<target dir='/'/>
</filesystem>
<console type='pty'/>
</devices>
</domain>

The two files are transferred over to the IOS-XR router in the /misc/app_host/scratch directory.

scp xr-lxc-app-rootfs.tar.gz cisco@10.100.100.101:/misc/app_host/scratch/
scp xr-lxc-app.xml cisco@10.100.100.101:/misc/app_host/scratch/

You then unpack the tar archive and use “virsh” to launch the container. (Note: From the book “Containers in IOS-XE/XR…”, while the /misc/app_host directory is accessible from the XRNNS, it is not advisable to run third-party apps here. Instead of using “run” we should use “bash” to enter the TPNNS.)

XR#run
mkdir /misc/app_host/xr-lxc-app/
cd /misc/app_host/xr-lxc-app/
sudo tar -zxf ../scratch/xr-lxc-app-rootfs.tar.gz
! Ignore any errors

cd ~
sudo -i
virsh create /misc/app_host/scratch/xr-lxc-app.xml
virsh console xr-lxc-app

Because of the line <sharenet type='netns' value='global-vrf'/> in the XML file, the LXC shares the same namespace as the XR router. We can see that the interfaces are mapped directly to the LXC.

We can run iperf3 from here in -s mode listening on a unique port. The test is working:

Overall this method seems much less popular than using Docker, because with the AppMgr, we can manage the lifecycle of the container (starting it on bootup and restarting it on RSP failover). The LXC appears to need to be managed manually from the bash shell.

It seems that the AppMgr could theoretically manage LXCs as well as docker containers, but this does not appear to be an option.

RP/0/RP0/CPU0:XR11(config)#appmgr application my-app activate type ?
  docker  Docker application
RP/0/RP0/CPU0:XR11(config)#appmgr application my-app activate type

I followed this tutorial to run the LXC here: https://xrdocs.io/application-hosting/tutorials/2016-06-16-xr-toolbox-part-4-bring-your-own-container-lxc-app/

PreviousLab - iperf3 Docker Container NextNotes - Native Applications

Last updated 3 months ago