Posts tagged container

Linux: speedy LXC introduction

posted on 2015-06-15 23:12:20

Since the official LXC manual is just bollocks, here is the quick and dirty version to get something up and running for people with not overly much time who wish for something that 'just works (TM)':

some notes first

Depending on the kernel you are using, you might have to create containers as root user, since unprivileged containers are a newer feature of LXC.

Also not all funtionalities or flags are present, depending on your luck. Consult the manpage of the command in question to see if the things you are trying are available at all.

More often than not, the availability of programs / feature / options is package-dependant, read:
It just depends what version you get from your package management (If you don't get the source directly.), and what is listed as available in the corresponding manual page.

install

Install lxc package via your package management. lxctl might be nice, too, although it will not be discussed here, as at least my version still had quite some bugs. Where it will definitely help, is with configuring the config which you will not have to edit by hand.

Also these packages will help, do not bother if they are not all available for your distro, it still might work, even though your OS does not know or cannot find them:

lxc-devel
lxc-doc
lxc-extra
lxc-libs
lxc-templates
lxc-python3-lxc
debootstrap

check system

Use lxc-checkconfig. It easily tells you if you have trouble with running containers. Could be due to kernel version or missing userland tools.

have some throwaway space ready

This section can be skipped.

If you bother:
Easiest it'd be if you have a spare hdd at your disposal, but an USB stick will do just nicely. Use LVM to prepare the disk, so the containers can be created with a present volume group, the logical volume will be created during container creation.

Mountpoint would be /var/lib/lxc. The folder which will be used can be passed on the commandline, too, at lxc-create.

You do not have to do this, but it is kind of a security measure. When toying around with LVM, you will not as easily make your desktop go broke, just the USB stick will be wiped.

usage

create / start to container

create / get templates

Containers can be created via lxc-create.
I.e. lxc-create -n <containername> -t <templatename> The list of available templates can be found under /usr/share/lxc/templates, just omit the lxc- prefix:

\ls -Alh /usr/share/lxc/templates | awk '{print $9}' | cut -c5-

(Or wherever man lxc-create tells you to look described at the -t flag.)

If the containers shall not be saved at the default location, use the -P / --lxcpath parameter.

Creating a container off the download template prompts you with a list of operating systems from which you can choose. (lxc-create -n <containername> -t download is all you need to do.) If you do not have the template which you chose, it will be downloaded automatically. The internet will be consulted on how to create the container by LXC and it might take a little, initially.

When the next container is created from the same template, it goes MUCH faster.

Don't forget to note the root password at the console output after lxc-create is finished. Depending on the OS template, the root pw is sometimes 'root', sometimes a random one, sometimes you have to chroot into the container's file system (see file in the container folder) and set the pass by hand first. It 'depends'.

clone

Created containers can be duplicated with the lxc-clone command, i.e.:

lxc-clone <containername> <new_containername>

Look up lxc-clone --help, you can pass the backingstore to use (folder where containerfiles are saved) or the clone method (copy vs. snapshot).

start

Started are containers via lxc-start -n <containername>. That way you will get to the user login prompt.

Else start the container with the -d flag, meaning daemonized... in the background.

There also exists lxc-autostart... That is if you have to start several containers in a certain order.

lxc.start.auto = 0 (disabled) or 1 (enabled)
lxc.start.delay = 0 (delay in second to wait after starting the container)
lxc.start.order = 0 (priority of the container, higher value means starts earlier)
lxc.group = group1,group2,group3,… (groups the container is a member of)

It will also autostart 'autostart'-flagged containers at boot of the host OS, as far as I understood it.

list/watch available containers

lxc-ls will do. There are some options, but just use lxc-ls --fancy, if your version has this functionality. Otherwise you will have to stick to lxc-ls for all containers, and lxc-ls --active for the running ones.

Specific infos on a particular container can be obtained via lxc-info -n <containername>.

lxc-monitor will work like tail -f and tell the status of the container in question. (RUNNING / STOPPED)

connect to / disconnect from container

Connecting to daemonized containers will work via lxc-console -n <containername>

Exit via CTRL+a q. Be cautionous, if you put screen to use the shortcut to escape will not work. Either close the terminal then, or shutdown the container.

pause / unpause containers

lxc-freeze -n <containername>

and

lxc-unfreeze -n <containername>

will do.

stop / delete container

stop

Either turn of the linux (e.g. issuing poweroff or shutdown -h now from within the container). Or use lxc-stop -n <containername>

destroy

Simply lxc-destroy -n <containername>.

snapshots!

Snapshotting VM's does work, somehow. Usually you seem to need LVM for it. See lxc-snapshot for more info.

networking

This is a little hairy if you have never worked with bridges in linux before. You will almost certain have to reconfigure your network settings by hand to let the container access the internet.

Sample settings:

lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = lxcbr0
lxc.network.name = eth0
lxc.network.hwaddr = 00:16:3e:xx:xx:xx

Either put these directly into the container config (but change the xx pair to HEX values), or, to have this set automatically for all containers, put it into the global lxc config (no HEX needed, will be replaced accordingly during container creation). (/etc/lxc/default.conf)

scripting

Container usage can be scripted, i.e. in python. This opens up quite a lot of possibilities for development/deployment/testing workflows. Things run fast due to fast startup times, in a clean environment, which will lower the bar to using proper testsetups quite a lot.

#!/usr/bin/python3

import lxc

c = lxc.Container("<containername>")
c.start()

config

The list of available config options is best looked up in the manpages directly:

man lxc.conf
man 5 lxc.conf
man 5 lxc.system.conf
man 5 lxc.container.conf
man 5 lxc-usernet
man lxc-user-nic

web GUI

See LXC-webpanel, if you're on ubuntu, that is. I haven't tested it, tough. But the pictures for it on the internet look rather nice. :)

closing notes

Well, now you might have a running container, with or without network, depending on your host OS. If you put VLAN's to use, you will have no luck without further work. ;)

For more information, there's some nice documentation over at IBM.

This blog covers .csv, .htaccess, .pfx, .vmx, /etc/crypttab, /etc/network/interfaces, /etc/sudoers, /proc, 10.04, 14.04, AS, ASA, ControlPanel, DS1054Z, GPT, HWR, Hyper-V, IPSEC, KVM, LSI, LVM, LXC, MBR, MTU, MegaCli, PHP, PKI, R, RAID, S.M.A.R.T., SNMP, SSD, SSL, TLS, TRIM, VEEAM, VMware, VServer, VirtualBox, Virtuozzo, XenServer, acpi, adaptec, algorithm, ansible, apache, apache2.4, apachebench, apple, applet, arcconf, arch, architecture, areca, arping, asa, asdm, autoconf, awk, backup, bandit, bar, bash, benchmarking, binding, bitrate, blackarmor, blockdev, blowfish, bochs, bond, bonding, booknotes, bootable, bsd, btrfs, buffer, c-states, cache, caching, ccl, centos, certificate, certtool, cgdisk, cheatsheet, chrome, chroot, cisco, clamav, cli, clp, clush, cluster, coleslaw, colorscheme, common lisp, configuration management, console, container, containers, controller, cron, cryptsetup, csync2, cu, cups, cygwin, d-states, database, date, db2, dcfldd, dcim, dd, debian, debug, debugger, debugging, decimal, desktop, df, dhclient, dhcp, diff, dig, display manager, dm-crypt, dmesg, dmidecode, dns, docker, dos, drivers, dtrace, dtrace4linux, du, dynamictracing, e2fsck, eBPF, ebook, efi, egrep, emacs, encoding, env, error, ess, esx, esxcli, esxi, ethtool, evil, expect, exportfs, factory reset, factory_reset, factoryreset, fail2ban, fbsd, fdisk, fedora, file, filesystem, find, fio, firewall, firmware, fish, flashrom, forensics, free, freebsd, freedos, fritzbox, fsck, fstrim, ftp, ftps, g-states, gentoo, ghostscript, git, git-filter-branch, github, gitolite, global, gnutls, gradle, grep, grml, grub, grub2, guacamole, hardware, haskell, hdd, hdparm, hellowor, hex, hexdump, history, howto, htop, htpasswd, http, httpd, https, i3, icmp, ifenslave, iftop, iis, imagemagick, imap, imaps, init, innoDB, innodb, inodes, intel, ioncube, ios, iostat, ip, iperf, iphone, ipmi, ipmitool, iproute2, ipsec, iptables, ipv6, irc, irssi, iw, iwconfig, iwlist, iwlwifi, jailbreak, jails, java, javascript, javaws, js, juniper, junit, kali, kde, kemp, kernel, keyremap, kill, kpartx, krypton, lacp, lamp, languages, ldap, ldapsearch, less, leviathan, liero, lightning, links, linux, linuxin3months, lisp, list, livedisk, lmctfy, loadbalancing, locale, log, logrotate, looback, loopback, losetup, lsblk, lsi, lsof, lsusb, lsyncd, luks, lvextend, lvm, lvm2, lvreduce, lxc, lxde, macbook, macro, magento, mailclient, mailing, mailq, manpages, markdown, mbr, mdadm, megacli, micro sd, microsoft, minicom, mkfs, mktemp, mod_pagespeed, mod_proxy, modbus, modprobe, mount, mouse, movement, mpstat, multitasking, myISAM, mysql, mysql 5.7, mysql workbench, mysqlcheck, mysqldump, nagios, nas, nat, nc, netfilter, networking, nfs, nginx, nmap, nocaps, nodejs, numberingsystem, numbers, od, onyx, opcode-cache, openVZ, openlierox, openssl, openvpn, openvswitch, openwrt, oracle linux, org-mode, os, oscilloscope, overview, parallel, parameter expansion, parted, partitioning, passwd, patch, pct, pdf, performance, pfsense, php, php7, phpmyadmin, pi, pidgin, pidstat, pins, pkill, plasma, plesk, plugin, posix, postfix, postfixadmin, postgres, postgresql, poudriere, powershell, preview, profiling, prompt, proxmox, ps, puppet, pv, pveam, pvecm, pvesm, pvresize, python, qemu, qemu-img, qm, qmrestore, quicklisp, quickshare, r, racktables, raid, raspberry pi, raspberrypi, raspbian, rbpi, rdp, redhat, redirect, registry, requirements, resize2fs, rewrite, rewrites, rhel, rigol, roccat, routing, rs0485, rs232, rsync, s-states, s_client, samba, sar, sata, sbcl, scite, scp, screen, scripting, seafile, seagate, security, sed, serial, serial port, setup, sftp, sg300, shell, shopware, shortcuts, showmount, signals, slattach, slip, slow-query-log, smbclient, snmpget, snmpwalk, software RAID, software raid, softwareraid, sophos, spacemacs, spam, specification, speedport, spi, sqlite, squid, ssd, ssh, ssh-add, sshd, ssl, stats, storage, strace, stronswan, su, submodules, subzone, sudo, sudoers, sup, swaks, swap, switch, switching, synaptics, synergy, sysfs, systemd, systemtap, tar, tcpdump, tcsh, tee, telnet, terminal, terminator, testdisk, testing, throughput, tmux, todo, tomcat, top, tput, trafficshaping, ttl, tuning, tunnel, tunneling, typo3, uboot, ubuntu, ubuntu 16.04, udev, uefi, ulimit, uname, unetbootin, unit testing, upstart, uptime, usb, usbstick, utf8, utm, utm 220, ux305, vcs, vgchange, vim, vimdiff, virtualbox, virtualization, visual studio code, vlan, vmstat, vmware, vnc, vncviewer, voltage, vpn, vsphere, vzdump, w, w701, wakeonlan, wargames, web, webdav, weechat, wget, whois, wicd, wifi, windowmanager, windows, wine, wireshark, wpa, wpa_passphrase, wpa_supplicant, x11vnc, x2x, xfce, xfreerdp, xmodem, xterm, xxd, yum, zones, zsh


Unless otherwise credited all material Creative Commons License by sjas