At first, you need to install the libvirt-sandbox package:
# yum install -y libvirt-sandbox
Note: Before RHEL 7 was released (RHEL 7 Beta, RHEL 7 RC, etc), there was a libvirt-sandbox package available in the main repository.
It’s not the case anymore and you need to build it manually through http://sandbox.libvirt.org/.
Then, you need to start the libvirtd daemon:
# systemctl start libvirtd
And to enable it at boot:
# systemctl enable libvirtd
Now, create the following bash script called cont:
#!/bin/bash case $1 in create) virt-sandbox-service -c lxc:/// create --copy --unit $3 $2 ;; delete) virt-sandbox-service -c lxc:/// delete $2 ;; start) systemctl start $2_sandbox ;; stop) systemctl stop $2_sandbox ;; list) virsh -c lxc:/// list --all ;; connect) virt-sandbox-service connect $2;; enable) virsh -c lxc:/// autostart $2;; disable) virsh -c lxc:/// autostart --disable $2;; dominfo) virsh -c lxc:/// dominfo $2;; esac
And, make it executable:
# chmod u+x cont
Now, it’s time to test.
Let’s say, we want a httpd server container called apache:
# ./cont create apache httpd Created sandbox container dir /var/lib/libvirt/filesystems/apache Created unit file /etc/systemd/system/apache_sandbox.service Created sandbox config /etc/libvirt-sandbox/services/apache/config/sandbox.cfg
We want to start it:
# ./cont start apache
Is it really started?
# ./cont list Id Name State ---------------------------------------------------- 6818 apache running
Is it possible to get more details?
# ./cont dominfo apache Id: 6818 Name: apache UUID: cc897ced-4b82-4a38-ad4d-55b28023e093 OS Type: exe State: running CPU(s): 1 CPU time: 0.6s Max memory: 524288 KiB Used memory: 6808 KiB Persistent: yes Autostart: disable Managed save: unknown Security model: selinux Security DOI: 0 Security label: system_u:system_r:svirt_lxc_net_t:s0 (enforcing)
We want it to start at boot:
# ./cont enable apache Domain apache marked as autostarted
We want to connect to it:
# ./cont connect apache sh-4.2#
Now, we want to leave it:
If we don’t need it anymore, we can stop it and destroy it:
# ./cont stop apache # ./cont delete apache
Note1: As it was marked as autostarted, if we didn’t destroy it, it would have been restarted at the next reboot of the host.
Note2: The cont script is only there to avoid typing more complicated commands.
In addition, you can look at Dan Walsh’s presentation at DevConf.cz 2014 or watch his videos: