Linux Containers (LXC)
For security purposes as well as redundancy concerns most of the services I run are run using the Linux Container technique.
About Linux Containers
Linux containers (abbrv. LXC) are a lightweight visualization technology which share the host kernel so as to minimize the amount of visualization required.
apt-get install lxc
Setup the virtual network on the host
In order to run multiple LXC containers on a manageable network I recommend using a bridged network interface not attached to any physical interface. You can then route traffic as you wish.
auto br0 iface br0 inet static address 10.10.x.1 netmask 255.255.255.0 network 10.10.x.0 broadcast 10.10.x.255 pre-up brctl addbr br0 iface br0 inet6 static address 2001:aaaa:aaaa:aaaa::1 netmask 64
You then will need to change the LXC bridged interface configuration in
/etc/default/lxc-net where it states
from "true" to "false". Lastly in
LXC_AUTO to "true" if not already. (This enables the containers to be able to auto-start on system boot)
Prior to creating a container, one might wish to have the
/var/lib/lxc (where all the containers will exist) and
/var/cache/lxc (where the OS installation files will be downloaded to) directories be mounted to external media or a separate partition. However for a development system this is not needed.
lxc-create -t ubuntu -n name -- -r trusty -a amd64
- Now that it's created, start the container with
lxc-start -n name -d(the
-dflag starts the container in the background
- You can now connect with the container via ssh at
An example configuration for a container named "dns" is shown below. This file would be
# Template used to create this container: /usr/share/lxc/templates/lxc-ubuntu # Parameters passed to the template: -r trusty -a amd64 # For additional config options, please look at lxc.container.conf(5) # Common configuration lxc.include = /usr/share/lxc/config/ubuntu.common.conf # Container specific configuration lxc.rootfs = /var/lib/lxc/dns/rootfs lxc.mount = /var/lib/lxc/dns/fstab lxc.utsname = dns lxc.arch = amd64 # Network configuration lxc.network.type = veth lxc.network.hwaddr = 00:16:3e:d9:23:05 lxc.network.flags = up lxc.network.link = br0 lxc.start.auto = 1
LXC Container Network Configuration
On the container the network should be set to the following configuration in
auto eth0 iface eth0 inet static address 10.10.3.2 netmask 255.255.255.0 gateway 10.10.3.1 dns-nameservers 10.10.3.1 dns-search example.com iface eth0 inet6 static address 2001:aaaa:aaaa:aaaa::2 netmask 64 gateway 2001:aaaa:aaaa:aaaa::1
lxc-ls --fancy: Display the list of LXC containers and status information (running/ipv4 address/ipv6 address/autostart)
lxc-start -n name -d: Start the container int he background
lxc-stop -n name: Stop the specified container
lxc-destroy -n name: Destroy the container and delete all files about the container (requires a stopped container)