This is an old revision of the document!
Installing and configuring LXC for Linux Containers
https://linuxcontainers.org/lxc/
Sources:
#### note see “man lxc.conf” for more/different options etc
apt-get install lxc bridge-utils debootstrap
1)
Configure your network as a bridge (in /etc/network/interfaces) so that the future container's veth virtual ethernet interface can share the network link on the physical interface of the host (eth0). More complex setups may be needed (for instance, see /VlanNetworking, for a VLAN + bridge setup description), YMMV.
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet dhcp
Add the bridge interface and set the eth0 to manual.
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet manual auto br0 iface br0 inet static bridge_ports eth0 bridge_fd 0 address 172.16.1.215 netmask 255.255.255.0 gateway 172.16.1.254 dns-nameservers 172.16.1.254
First of all, LXC uses the cgroup kernel facility for resource management. The according file system isn't mounted by default, and LXC doesn't care for where it is mounted, it just needs to be. It seems like /sys/fs/cgroup seems to be the proper place (see 601757), so add the line
"cgroup /sys/fs/cgroup cgroup defaults 0 0"
to your /etc/fstab file and sudo mount cgroup
it.
Firewalling works in lxc, but you'll need to load the modules in the host:
echo iptable_mangle >> /etc/modules echo iptable_nat >> /etc/modules
One final thing before we can go on is checking the the environment via lxc-checkconfig:
#> lxc-checkconfig Kernel config /proc/config.gz not found, looking in other places... Found kernel config file /boot/config-2.6.32-5-amd64 --- Namespaces --- Namespaces: enabled Utsname namespace: enabled Ipc namespace: enabled Pid namespace: enabled User namespace: enabled Network namespace: enabled Multiple /dev/pts instances: enabled --- Control groups --- Cgroup: enabled Cgroup namespace: enabled Cgroup device: enabled Cgroup sched: enabled Cgroup cpu account: enabled Cgroup memory controller: missing Cgroup cpuset: enabled --- Misc --- Veth pair device: enabled Macvlan: enabled Vlan: enabled File capabilities: enabled
Note : Before booting a new kernel, you can check its configuration usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig
All should be enabled, besides the memory controller, which is sad, but expected. Read more in F.A.Q. about this.
Creating a Debian GNU/Linux 6.0 container
The lxc package ships with a few different template scripts. The templates are located in /usr/lib/lxc/templates, the Debian one is named lxc-debian. The template can be used to install a Debian GNU/Linux 5.0 container. Since Lenny is no longer the current stable release, you'll want to update the template so that it leaves you with a Debian GNU/Linux 6.0 container. Start by copying the template.
cp -a /usr/lib/lxc/templates/lxc-debian /usr/lib/lxc/templates/lxc-debian-squeeze
Apply the patch beneath using the following commands.
patch /usr/lib/lxc/templates/lxc-debian-squeeze /path/to/patch
--- lxc-debian 2010-08-04 19:27:58.000000000 +0200 +++ lxc-debian-squeeze 2011-09-15 09:28:39.123239062 +0200 @@ -90,7 +90,7 @@ locales,\ libui-dialog-perl,\ dialog,\ -dhcp-client,\ +isc-dhcp-client,\ netbase,\ net-tools,\ iproute,\ @@ -110,7 +110,7 @@ echo "Downloading debian minimal ..." debootstrap --verbose --variant=minbase --arch=$arch \ --include $packages \ - lenny $cache/partial-$arch http://ftp.debian.org/debian + squeeze $cache/partial-$arch http://ftp.debian.org/debian if [ $? -ne 0 ]; then echo "Failed to download the rootfs, aborting." return 1 @@ -136,7 +136,7 @@ install_debian() { - cache="/var/cache/lxc/debian" + cache="/var/cache/lxc/debian-squeeze" rootfs=$1 mkdir -p /var/lock/subsys/ ( @@ -220,7 +220,7 @@ clean() { - cache="/var/cache/lxc/debian" + cache="/var/cache/lxc/debian-squeeze" if [ ! -e $cache ]; then exit 0
Now that we have a template that will create a Debian GNU/Linux 6.0 container, we can continue creating our container. I used the name vm0 in my example, but you're free to choose a more suitable name.
mkdir -p /var/lib/lxc/vm0 <del>/usr/lib/lxc/templates/lxc-debian-squeeze -p /var/lib/lxc/vm0</del> lxc-create -t debian-squeeze -n vm0
The template script does not create any of the /dev/tty's, and they need to be created by hand. Use the following instructions.
cd /var/lib/lxc/vm0 mknod -m 666 rootfs/dev/tty1 c 4 1 mknod -m 666 rootfs/dev/tty2 c 4 2 mknod -m 666 rootfs/dev/tty3 c 4 3 mknod -m 666 rootfs/dev/tty4 c 4 4
- Remove any clock setting/saving from your runlevels (they will likely fail anyways)
- Remove any starting of udevd as it will not work properly inside a container.
- Remove any thing from your runlevels that uses /proc/mounts to determine what needs to be unmounted.
- Remove any thing that tries to remount / as read only (or add mount -o rw,remount / to the rc.sysinit replacement script)
Configuring the Debian GNU/Linux 6.0 container
The configuration file for the container we've just created, is located at /var/lib/lxc/vm0/config
. LXC populates it for us, but there are some options that must be added in order for the container to work in our setup. Below are the options I added, not all are required. You can see the manpage for lxc.conf
to have an overview of all available options.
lxc.utsname = vm0 # The hostname of the container lxc.network.type = veth # There are a couple of network types you can choose from, but since we are # using a bridged setup, we must choose veth. lxc.network.flags = up # Says the network to be up at start. lxc.network.link = br0 # Specifies the network bridge to which the virtual interface will be added. lxc.network.name = eth0 # This is the name within the container! Don’t mistake this with the name # showing up in the host machine! Don’t set it and it will be eth0 anyway.. # lxc.network.ipv4 = 10.0.0.110/24 # Network address assigned to the virtual interface (when NOT using veth). You can provide multiple, # one per line (man lxc.conf). You have to edit /etc/network/interfaces within # the container (/var/lib/lxc/vm0/rootfs/etc/network/interfaces) as well! lxc.network.veth.pair = veth0 # The name of the interface that shows up on the host machine. LXC will come up # with a name of it's own, but I think this makes more sense. lxc.network.hwaddr = some-mac # The MAC-address of the LXC, if you don't specify one, you'll get a new one each time. # You can leave this off the first time and just grab the MAC-address from the LXC ifconfig-output and put that in the config-file.
Running the Debian GNU/Linux 6.0 container
You can start the container using the following command.
lxc-start -n vm0 -d
The -d options tells it to start in the background.
That should have done the trick. You can check whether it is running with this:
lxc-info -n vm0 'vm0' is RUNNING
Now login to the container, use the lxc console:
lxc-console -n vm0
You should get a login prompt. Just type in “root”, no password (good time to set one).
Thats all. Your first container is up an running. To stop it, just do this:
lxc-stop -n vm0
And check again
#> lxc-info -n vm0 'vm0' is STOPPED
Some other tips for a new installation of Debian, run these two commands:
# dpkg-reconfigure locales # dpkg-reconfigure tzdata
Removing the container
lxc-destroy -n vm0 rm -rf /var/lib/lxc/vm0/rootfs
Starting the container on boot
uncomment RUN=yes
in /etc/default/lxc
set CONTAINERS=“” to the names you want to start…. vm0
then create a symlink to /var/lib/lxc/vm0/config
in /etc/lxc/vm0.conf
you can start lxc by issuing /etc/init.d/lxc
start
Well, thats it for now… you might want to check out http://blog.foaa.de/2010/05/lxc-on-debian-squeeze/ to read more about resource handling, but it's outside the scope of this document.