Dec 11 2009

Linux Containers - otherwise known as LXC - are a virtualisation system that's in the Linux kernel right now and ready to use. You can use them to set up vserver/openvz style guests on a host - e.g. separate processes, file systems, but same kernel.

Word on the street is that vservers are being deprecated in Debian beyond squeeze, so it seems like a good time to learn about containers. Here is my five minute guide to getting them up and running on your debian unstable (squeeze) box.

Setup

apt-get install lxc

You want kernel 2.6.29 or later, 2.6.31 is currently in unstable.

Once lxc is installed, lxc-checkconfig will check if your kernel has everything enabled that is needed. It reports most things except for the memory controller for me. As I haven't gotten around to playing with resource limiting in the containers, this doesn't bother me.

You need to mount a cgroup filesystem somewhere to control things:

sudo mkdir /var/local/cgroup
sudo vim /etc/fstab
# add this line:
# cgroup  /var/local/cgroup  cgroup  defaults  0  0
sudo mount cgroup

Networking Prep

You have to set up a bridge so the containers will be able to talk to the outside world (and the outside world can talk back) [1].

This isn't hard, it just involves editing /etc/network/interfaces. Just make sure you stop networking before making the changes:

/etc/init.d/networking stop
vim /etc/network/interfaces

# find the section talking about your physical interface, it's normally
# eth0 or eth1
auto eth0
iface eth0 inet manual # change from 'dhcp' to 'manual'

# add this section
auto br0
iface br0 inet dhcp
    bridge_ports eth0
    bridge_stp off
    bridge_fd 0
    bridge_maxwait 0

Then /etc/init.d/networking start. Try pinging something, it should work just fine. If not, revert your changes and ask a network ninja to help you.

Creating Containers

The lxc-debian script in /usr/share/doc/lxc/examples is useful. I have made some modifications to it, to make it a bit more friendly. You can get it from my git repository:

git clone git://git.nigel.mcnie.name/lxc-debian.git

If you don't have git, just download it from here.

Put the lxc-debian script in /usr/local/bin, and put the init script at /etc/init.d/lxc. Then you're ready to create your first container:

lxc-debian create

You'll have to pick a name and hostname, then some networking related things. You can use route -n to work out your gateway if you don't know it already, and just pick a free IP on your subnet if you don't know anything else to choose.

Once you're done, it will download a bunch of packages with debootstrap, and set up your container. The next time you create a container, it will use the packages from the first time, so it'll only be slow once.

Starting and Accessing your Container

You start it with lxc-start -n [name]. This will dump you at the login prompt - e.g., this is like starting a real server, it's in the foreground. Login is 'root', no password.

You probably actually wanted to daemonize it, so halt it and then type lxc-stop -n [name] in another terminal to shut it down [2].

To start it in the background, do lxc-start -n [name] -d. This will exit immediately and the container will start. You can use lxc-info -n [name] to find out whether it's started up yet, though they tend to start pretty quickly.

Once you're done, you can connect to a tty in the container with lxc-console -n [name] -t 1. You can replace 1 with any tty number (1-6 are started for you). Control-A, q exits.

Or, the lxc-debian script installs and configures an ssh server for you, so you can just ssh root@[ipaddress] to get into it as root. I tend to use this method all the time.

Update: (March '10) I see on the mailing list that there is now some patches floating around to add an lxc-attach command that will execute a command in a container (or a shell if none is specified). They're not in a released version of lxc just yet, but I guess in a couple of months they will be.

I want to remove my container

lxc-debian destroy and answer the questions. This basically does:

lxc-destroy -n [name]
rm -rf /path/to/rootfs

What Next?

Now that you can create, start, connect to and destroy containers, there's not much else you need to know to use containers for development environments or other such uses. Later, I might write an article about some more advanced topics, such as resource limiting.

I'm interested in improving lxc-debian - if you are as well then get in touch, I'd love to hear from you.

Resources

There's two mailing lists for LXC that may be of interest:

Sources

[1]Actually, this is debatable. Martyn seems to be getting along fine with configuring his containers to use the physical interface directly; I had less luck. The bridge Works For Me, and conveniently is what you need for heavier virtualisation like kvm, so I'm sticking with it.
[2]I've found that starting containers in the foreground and then lxc-stopping them can cause the terminal they were in to start behaving strangely. No idea why this is, I tend to always start my containers in the background so it's not an issue for me. [3]
[3]Daniel Lezcano, maintainer of LXC, posted some answers to these footnotes here

Like this post? Subscribe to my RSS feed and follow me on twitter to hear about new posts early.

Want to share this post?

blog comments powered by Disqus