LXC Installation

From Sean Lawlor's Wiki
Jump to: navigation, search

Linux Containers (LXC)

For security purposes as well as redundancy concerns most of the services I run are run using the Linux Container technique.

About Linux Containers

Linux containers (abbrv. LXC) are a lightweight visualization technology which share the host kernel so as to minimize the amount of visualization required.

Installation

apt-get install lxc

Setup the virtual network on the host

In order to run multiple LXC containers on a manageable network I recommend using a bridged network interface not attached to any physical interface. You can then route traffic as you wish.

auto br0
iface br0 inet static
        address 10.10.x.1
        netmask 255.255.255.0
        network 10.10.x.0
        broadcast 10.10.x.255
        pre-up brctl addbr br0
iface br0 inet6 static
        address 2001:aaaa:aaaa:aaaa::1
        netmask 64

You then will need to change the LXC bridged interface configuration in /etc/default/lxc-net where it states

USE_LXC_BRIDGE="true"

from "true" to "false". Lastly in /etc/default/lxc set LXC_AUTO to "true" if not already. (This enables the containers to be able to auto-start on system boot)

Creating Containers

Prior to creating a container, one might wish to have the /var/lib/lxc (where all the containers will exist) and /var/cache/lxc (where the OS installation files will be downloaded to) directories be mounted to external media or a separate partition. However for a development system this is not needed.

  1. lxc-create -t ubuntu -n name -- -r trusty -a amd64
  2. Now that it's created, start the container with lxc-start -n name -d (the -d flag starts the container in the background
  3. You can now connect with the container via ssh at
    1. ssh ubuntu@ip.ad.dr.ess
    2. password: ubuntu

Container Configuration

An example configuration for a container named "dns" is shown below. This file would be /var/lib/lxc/dns/config

# Template used to create this container: /usr/share/lxc/templates/lxc-ubuntu
# Parameters passed to the template: -r trusty -a amd64
# For additional config options, please look at lxc.container.conf(5)
 
# Common configuration
lxc.include = /usr/share/lxc/config/ubuntu.common.conf
 
# Container specific configuration
lxc.rootfs = /var/lib/lxc/dns/rootfs
lxc.mount = /var/lib/lxc/dns/fstab
lxc.utsname = dns
lxc.arch = amd64
 
# Network configuration
lxc.network.type = veth
lxc.network.hwaddr = 00:16:3e:d9:23:05
lxc.network.flags = up
lxc.network.link = br0
lxc.start.auto = 1

LXC Container Network Configuration

On the container the network should be set to the following configuration in /etc/network/interfaces

auto eth0
iface eth0 inet static
    address 10.10.3.2
    netmask 255.255.255.0
    gateway 10.10.3.1
    dns-nameservers 10.10.3.1
    dns-search example.com
iface eth0 inet6 static
    address 2001:aaaa:aaaa:aaaa::2
    netmask 64
    gateway 2001:aaaa:aaaa:aaaa::1

Command Cheatsheet

  • lxc-ls --fancy : Display the list of LXC containers and status information (running/ipv4 address/ipv6 address/autostart)
  • lxc-start -n name -d : Start the container int he background
  • lxc-stop -n name : Stop the specified container
  • lxc-destroy -n name : Destroy the container and delete all files about the container (requires a stopped container)