{"id":4,"date":"2013-05-31T03:14:07","date_gmt":"2013-05-31T03:14:07","guid":{"rendered":"https:\/\/ghodechhap.net\/blog\/?p=4"},"modified":"2013-06-01T06:43:36","modified_gmt":"2013-06-01T06:43:36","slug":"my-first-lxc-container","status":"publish","type":"post","link":"https:\/\/ghodechhap.net\/blog\/?p=4","title":{"rendered":"My first LXC container"},"content":{"rendered":"

Linux containers<\/a> fascinated me for a long time over other virtualization solutions such as KVM and virtualbox. The low memory footprint and near-native performance are really attractive features.<\/p>\n

But I couldn’t get them running in my two earlier attempts which ended with various problems. However this thread<\/a> on the mailing list inspired me to try one more time and it turned out to be really really easy now.<\/p>\n

Following are simple steps to get a network server running in a container.<\/p>\n

I am using archlinux with kernel 3.9.2 and lxc 0.9.0 on x86_64<\/em>. Arch now defaults to systemd for some time and the container created here also uses the same.<\/p>\n

These steps create a x86_64<\/em> container using archlinux template.<\/span><\/p>\n

Network setup<\/h1>\n

I am running containers on my desktop machine which has one ethernet interface, eth0<\/em> and connected to a DSL router for internet access.<\/p>\n

A bridge interface is one option to provide networking in the containers. Following steps creates the necessary bridge using netctl.<\/p>\n

    \n
  • Stop interface eth0<\/em><\/span><\/li>\n
  • Comment out Address\/Routes\/Gateway\/DNS from ethernet profile, since they won’t be used with the bridge setup.<\/span><\/li>\n
  • Add a bridge interface. \/etc\/netctl\/examples\/bridge<\/em> is a great place to start. Reuse the same IP of eth0<\/em> interface. Bind to eth0<\/em> interface only and set FWDDelay<\/em> to zero.<\/span><\/li>\n
  • Start the ethernet profile followed by the bridge profile. Ensure that networking works.<\/span><\/li>\n
  • Enable both the profiles with netctl enable. Reboot and ensure that the networking still works.<\/span><\/li>\n<\/ul>\n

    Networking is a one-time setup. Same bridge interface can be used for multiple containers.<\/p>\n

    Create the container<\/h1>\n

    Following command creates the container<\/p>\n

    # lxc-create -n webproxy -t archlinux -- -P net-tools,openssh,vi,squid -p \/data\/shridhar\/lxc\/webproxy<\/pre>\n
    The options used are<\/p>\n
      \n
    • \u00a0-n webproxy<\/span><\/li>\n<\/ul>\n
      This option specifies the name of the container and is required to identify it.<\/p>\n
        \n
      • -t archlinux<\/span><\/li>\n<\/ul>\n
        This option specifies container template. Templates set up a particular distribution in the container. lxc ships with templates for many distributions.<\/p>\n
          \n
        • -P net-tools,openssh,vi,squid<\/span><\/li>\n<\/ul>\n
          This is a template specific option which specifies additional packages to install in the container. The template has few basic packages hard-coded in it. Since I will be setting up a squid server in the container, I added it on the command line only. Similarly ssh is required for remote maintenance.<\/p>\n
            \n
          • -p \/data\/shridhar\/lxc\/webproxy<\/span><\/li>\n<\/ul>\n
            This option specifies the path where the container rootfs will be created. Ensure that the destination leaf dir(webproxy<\/em> in this case) does not exist. lxc will create that. The container config will live in the default location of \/var\/lib\/lxc<\/em>.<\/p>\n
            Set up networking for the container<\/h1>\n
            # echo \"lxc.network.ipv4.gateway=192.168.2.1\" >> \/var\/lib\/lxc\/webproxy\/config\r\n # echo \"lxc.network.ipv4=192.168.2.12\/24\" >> \/var\/lib\/lxc\/webproxy\/config<\/pre>\n
            These two commands set up networking for container. It is possible to setup DHCP in container but I don’t have a provider handy and I prefer static address since ssh keys rely on it.<\/p>\n
            Initial setup<\/h1>\n
            Once container is created, some initial setup is required. So start container in foreground.<\/p>\n
            # lxc-start -n webproxy<\/pre>\n
            Login as root. No password is required at the moment.<\/p>\n
              \n
            • Set up password for root<\/span><\/li>\n
            • Ensure that networking is working.<\/span><\/li>\n
            • Edit \/etc\/ssh\/sshd_config<\/em> and explicitly specify address to listen on. This should be done so that the host and the container can offer ssh service simultaneously. Enable and start ssh.<\/span><\/li>\n
            • Edit \/etc\/systemd\/system\/getty.target.wants\/getty\\@tty1.service<\/em> and comment out ConditionPathExists<\/em> line. Without this step, a getty does not start in the container and lxc-console does not work.<\/span><\/li>\n<\/ul>\n
              Apparently\u00a0\/sys\/class\/tty\/console\/active<\/em> in the container reports tty0<\/em> which systemd does not find inside a container and is the cause of getty malfunction.<\/span><\/p>\n
              Now the container can be started in background. Stop it from another terminal and start it in the background, as follows<\/p>\n
              # lxc-stop -n webproxy && lxc-start -d -n webproxy<\/pre>\n
              Now you should be able to ssh into it and use it as if it is a separate machine.<\/p>\n","protected":false},"excerpt":{"rendered":"
              Linux containers fascinated me for a long time over other virtualization solutions such as KVM and virtualbox. The low memory footprint and near-native performance are really attractive features. But I couldn’t get them running in my two earlier attempts which ended with various problems. However this thread on the mailing list inspired me to try […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,1],"tags":[5,4,3],"class_list":["post-4","post","type-post","status-publish","format-standard","hentry","category-technology","category-uncategorized","tag-archlinux","tag-container","tag-lxc"],"_links":{"self":[{"href":"https:\/\/ghodechhap.net\/blog\/index.php?rest_route=\/wp\/v2\/posts\/4","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ghodechhap.net\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ghodechhap.net\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ghodechhap.net\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ghodechhap.net\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4"}],"version-history":[{"count":8,"href":"https:\/\/ghodechhap.net\/blog\/index.php?rest_route=\/wp\/v2\/posts\/4\/revisions"}],"predecessor-version":[{"id":14,"href":"https:\/\/ghodechhap.net\/blog\/index.php?rest_route=\/wp\/v2\/posts\/4\/revisions\/14"}],"wp:attachment":[{"href":"https:\/\/ghodechhap.net\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ghodechhap.net\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ghodechhap.net\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}