Wednesday 2 October 2013

LXC Linux Containers on Debian Wheezy

Linux Containers (LXC) is a fairly new operating-system level virtualisation technology.  

Getting it working in Debian Wheezy isn't as straight forward as it could be right now.  There are a couple of fixes needed (which I'm sure are in the pipeline).  Here are my notes on getting it going.  This may not be the best way of doing it and certainly wont be the only way but it works!

Also be aware that LXC is considered by many to not be production ready yet.  There are potential security issues.  This isn't an issue when you are using it yourself just to play with or as I do, to set up virtual systems on a server or desktop where I'm the only user!


How To Install LXC on Debian Wheezy and configuring the host


Install required packages:
  apt-get install lxc bridge-utils libvirt-bin debootstrap
Add this line to fstab:
  cgroup    /sys/fs/cgroup    cgroup  defaults    0  0

Mount it and make sure it is mounted OK

Set up a network bridge on the host in /etc/network/interface along the lines of:
  auto br0
  iface br0 inet static
        address 192.168.0.100
        netmask 255.255.255.0
        gateway 192.168.0.1
        bridge_ports eth0
        bridge_fd 0
        bridge_maxwait 0

Bring it up:
  ifup br0

and check it's OK.


Creating a virtual system (container)

Generate the container and it's root file system using the supplied script:
  lxc-create -n myvps -t debian
where 'myvps' is the host name you want to give the container and also the folder it's file system will be in.  You'll be asked various questions, they're self explanatory.

Note - I'll be using 'myvps' throughout the example, the commands will fail if you don't replace this with the real host name.  Copying&pasting directly from online how-to guides is never a great idea :)

If you don't know what a pre-seed file is then you can just skip that question that comes up at first!

Edit the config file /var/lib/lxc/myvps/config to add network device config such as:
  ## Network
  lxc.network.type                        = veth
  lxc.network.flags                       = up
  lxc.network.hwaddr                      = 00:FF:00:00:00:01
  lxc.network.link                        = br0
  lxc.network.name                        = lxceth1
  lxc.network.ipv4  = 192.168.0.1/24

Each container needs a unique MAC and device name (and IP, obviously).  Omit the last line if you want DHCP.

Edit the network config for the container /var/lib/lxc/myvps/rootfs/etc/network/interfaces to add the network devices such as:
  auto lxceth1
  iface lxceth1 inet static
  address 192.168.0.1
  netmask 255.255.255.0
  gateway 192.168.0.1
  dns-nameservers 192.168.0.1
Or as DHCP if no IP was put in the config file above.

At this point, you should be ready but there are a couple of fixes needed which the lxc scripts for Debian don't currently cover.

Fixing LXC Debian set up

At the time of writing, there are a couple of problems with the way the lxc-create script works in Debian.  One of these is that it doesn't create the necessary tty1, so manually add it:
  mknod -m 660 /var/lib/lxc/myvps/rootfs/dev/tty1 c 5 1
At this stage the container will actually start up so do that:
  lxc-start -n myvps -d
Note - the -d option detaches from the container's console.  You need to do this or you'll be permanently attached to it unless you completely stop the container!

Then console to the container:
  lxc-console -n myvps
This is safe because you can disconnect at any point using the "ctrl+a q" combination and the container stays running for you to connect to later on.

Log in using the root password you set during the container configuration process.

sshd will be running but broken, keys need regenerating:
  dpkg-reconfigure openssh-server
Two last things to fix are to add a default route and put a working dns server into /etc/resolv.conf (which is easiest from the host machine rather than the container due to lack of a text editor!).

Now you have a very basic Debian install.

To fix locale warnings with apt-get:
  dpkg-reconfigure locales 
To make containers start on boot of host (do this on the host, not the container):
ln -s /var/lib/lxc/myvps/config /etc/lxc/myvps
And make sure LXC_AUTO is set to "true" in /etc/default/lxc on the host so it starts on boot (if you want that).

Once you are familiar with this, setting up containers is very easy.  It will be even easier once the lxc-create debian script is improved.  I have used LXC in Ubuntu too and it is stupidly easy to get it going (although as a result you are given less options and less flexibility unless you re-configure it).

1 comment:

  1. I'm using my own guide to set up a new LXC install on a new Debian Jessie system. It's even easier now, there's no fixes needed and no questions asked during the lxc-create procedure.

    just make sure to change the root password in the container as it'll be set up with the word "root" as the password.

    ReplyDelete