I made a guide for LXC on debian

Posted on 2015-02-02 (Mon) in linux

This guide is what came out when I tried to setup LXC on debian wheezy. It uses libvirt for the bridged network. You could do the same without libvirt and I will probably add this to the guide as well. You could setup some kvm machines on the same host and use the same network and control everything from libvirt.

If you have an idea to make something better, just tell me. Here is the guide:

Setup Host

  1. install packages

     # apt-get install lxc bridge-utils libvirt-bin debootstrap
    
  2. Add cgroups to /etc/fstab

     cgroup  /sys/fs/cgroup  cgroup  defaults  0   0
    
  3. Mount it

     # mount /sys/fs/cgroup
    
  4. Edit /etc/default/grub. cgroup_enable=memory enables cgroup memory controller, swapaccount=1 enables swap.

     GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"
    
  5. Update grub config

     # update-grub2
    
  6. check if everything works

     # lxc-checkconfig
     Kernel config /proc/config.gz not found, looking in other places...
     Found kernel config file /boot/config-3.2.0-4-amd64
     --- Namespaces ---
     Namespaces: enabled
     Utsname namespace: enabled
     Ipc namespace: enabled
     Pid namespace: enabled
     User namespace: enabled
     Network namespace: enabled
     Multiple /dev/pts instances: enabled
    
     --- Control groups ---
     Cgroup: enabled
     Cgroup namespace: enabled
     Cgroup device: enabled
     Cgroup sched: enabled
     Cgroup cpu account: enabled
     Cgroup memory controller: missing
     Cgroup cpuset: enabled
    
     --- Misc ---
     Veth pair device: enabled
     Macvlan: enabled
     Vlan: enabled
     File capabilities: enabled
    
     Note : Before booting a new kernel, you can check its configuration
     usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig
    

Create container

  • Create container with debian template:

    # lxc-create -n mycontainer -t debian -- -r "wheezy" --mirror="http://http.debian.net/debian/" --packages=vim,iputils-ping
    
  • Edit container config /var/lib/lxc/mycontainer/config

    lxc.network.type = veth
    lxc.network.flags = up
    lxc.network.link = virbr0
    lxc.network.ipv4 = 0.0.0.0/24
    lxc.network.ipv4.gateway = auto
    lxc.network.hwaddr = 00:FF:AA:00:00:01
    
  • Start container in background and put it in the background

    # lxc-start -n mycontainer -d
    
  • Attach to tty1

    # lxc-console -n mycontainer
    
  • Autostart container on boot

    # ln -s /var/lib/lxc/mycontainer/config /etc/lxc/auto/mycontainer
    
  • Fix "telinit: /run/initctl: No such file or directory" running lxc-halt

    • Add device

      # mknod -m 600 /var/lib/lxc/mycontainer/rootfs/run/initctl p
      
    • Add sys_admin to lxc.cap.drop list in /var/lib/lxc/mycontainer/config

      lxc.cap.drop = sys_admin [..]
      

Setup network

  • Check if default network is available

    # virsh -c lxc:/// net-info default
    
  • If not define it

    # virsh -c lxc:/// net-define /etc/libvirt/qemu/networks/default.xml
    
  • Set it to autostart on boot

    # virsh -c lxc:/// net-autostart default
    
  • Modify DHCP

    • Edit default network

      # virsh -c lxc:/// net-edit default
      
    • Add MAC address of container to DHCP

      <dhcp>
        <range start="192.168.122.100" end="192.168.122.254" />
        <host mac="00:FF:AA:00:00:01" name="mycontainer.example.com" ip="192.168.122.100" />
        <host mac="00:FF:AA:00:00:02" name="myothercontainer.example.com" ip="192.168.122.101" />
      </dhcp>
      
  • On container boot dhclient takes a lot of time. Edit configuration in your containers. For Debian containers change /etc/network/interfaces so that no dhclient is started on boot.

    allow-hotplug eth0
    iface eth0 inet manual