Linux Containers - otherwise known as LXC - are a virtualisation system that's in the Linux kernel right now and ready to use. You can use them to set up vserver/openvz style guests on a host - e.g. separate processes, file systems, but same kernel.
Word on the street is that vservers are being deprecated in Debian beyond squeeze, so it seems like a good time to learn about containers. Here is my five minute guide to getting them up and running on your debian unstable (squeeze) box.
apt-get install lxc
You want kernel 2.6.29 or later, 2.6.31 is currently in unstable.
Once lxc is installed, lxc-checkconfig will check if your kernel has everything enabled that is needed. It reports most things except for the memory controller for me. As I haven't gotten around to playing with resource limiting in the containers, this doesn't bother me.
You need to mount a cgroup filesystem somewhere to control things:
sudo mkdir /var/local/cgroup sudo vim /etc/fstab # add this line: # cgroup /var/local/cgroup cgroup defaults 0 0 sudo mount cgroup
You have to set up a bridge so the containers will be able to talk to the outside world (and the outside world can talk back) .
This isn't hard, it just involves editing /etc/network/interfaces. Just make sure you stop networking before making the changes:
/etc/init.d/networking stop vim /etc/network/interfaces # find the section talking about your physical interface, it's normally # eth0 or eth1 auto eth0 iface eth0 inet manual # change from 'dhcp' to 'manual' # add this section auto br0 iface br0 inet dhcp bridge_ports eth0 bridge_stp off bridge_fd 0 bridge_maxwait 0
Then /etc/init.d/networking start. Try pinging something, it should work just fine. If not, revert your changes and ask a network ninja to help you.
The lxc-debian script in /usr/share/doc/lxc/examples is useful. I have made some modifications to it, to make it a bit more friendly. You can get it from my git repository:
git clone git://git.nigel.mcnie.name/lxc-debian.git
If you don't have git, just download it from here.
Put the lxc-debian script in /usr/local/bin, and put the init script at /etc/init.d/lxc. Then you're ready to create your first container:
You'll have to pick a name and hostname, then some networking related things. You can use route -n to work out your gateway if you don't know it already, and just pick a free IP on your subnet if you don't know anything else to choose.
Once you're done, it will download a bunch of packages with debootstrap, and set up your container. The next time you create a container, it will use the packages from the first time, so it'll only be slow once.
Starting and Accessing your Container
You start it with lxc-start -n [name]. This will dump you at the login prompt - e.g., this is like starting a real server, it's in the foreground. Login is 'root', no password.
You probably actually wanted to daemonize it, so halt it and then type lxc-stop -n [name] in another terminal to shut it down .
To start it in the background, do lxc-start -n [name] -d. This will exit immediately and the container will start. You can use lxc-info -n [name] to find out whether it's started up yet, though they tend to start pretty quickly.
Once you're done, you can connect to a tty in the container with lxc-console -n [name] -t 1. You can replace 1 with any tty number (1-6 are started for you). Control-A, q exits.
Or, the lxc-debian script installs and configures an ssh server for you, so you can just ssh root@[ipaddress] to get into it as root. I tend to use this method all the time.
Update: (March '10) I see on the mailing list that there is now some patches floating around to add an lxc-attach command that will execute a command in a container (or a shell if none is specified). They're not in a released version of lxc just yet, but I guess in a couple of months they will be.
I want to remove my container
lxc-debian destroy and answer the questions. This basically does:
lxc-destroy -n [name] rm -rf /path/to/rootfs
Now that you can create, start, connect to and destroy containers, there's not much else you need to know to use containers for development environments or other such uses. Later, I might write an article about some more advanced topics, such as resource limiting.
I'm interested in improving lxc-debian - if you are as well then get in touch, I'd love to hear from you.
There's two mailing lists for LXC that may be of interest:
- http://lxc.teegra.net/ - has notes, targetted at arch linux. lxc-debian and the modern lxc-create seem to handle most of the container setup that article suggests.
- man lxc - A worthwhile read, in slightly idomatic english but understandable enough.
- http://openvz.org/pipermail/devel/2008-September/014314.html - lxc with libvirt
- http://jim.studt.net/depository/index.php/using-linux-containers-with-debian-lenny - similar to the experiments I've had
|||Actually, this is debatable. Martyn seems to be getting along fine with configuring his containers to use the physical interface directly; I had less luck. The bridge Works For Me, and conveniently is what you need for heavier virtualisation like kvm, so I'm sticking with it.|
|||I've found that starting containers in the foreground and then lxc-stopping them can cause the terminal they were in to start behaving strangely. No idea why this is, I tend to always start my containers in the background so it's not an issue for me. |
|||Daniel Lezcano, maintainer of LXC, posted some answers to these footnotes here|
Want to share this post? Tweet