https://wiki.alpinelinux.org/w/api.php?action=feedcontributions&feedformat=atom&user=JasonDAlpine Linux - User contributions [en]2026-04-30T13:56:32ZUser contributionsMediaWiki 1.40.0https://wiki.alpinelinux.org/w/index.php?title=LXC&diff=10019LXC2014-06-14T16:19:31Z<p>JasonD: /* Installation */ Added lxc-templates to installs. No templates without it.</p>
<hr />
<div>[http://lxc.sourceforge.net/ Linux Containers (LXC)] provides containers similar BSD Jails, Linux VServer and Solaris Zones. It gives the impression of virtualization, but shares the kernel and resources with the "host".<br />
<br />
== Installation ==<br />
Install the required packages:<br />
{{Cmd|apk add lxc lxc-templates bridge}}<br />
<br />
== Prepare network on host ==<br />
Set up a [[bridge]] on the host. Example ''/etc/network/interfaces'':<br />
<pre><br />
auto br0<br />
iface br0 inet dhcp<br />
bridge-ports eth0<br />
</pre><br />
<br />
Create a network configuration template for the guests, ''/etc/lxc/lxc.conf'':<br />
<pre><br />
lxc.network.type = veth<br />
lxc.network.link = br0<br />
lxc.network.flags = up<br />
</pre><br />
<br />
== Create a guest ==<br />
<br />
=== Alpine Template ===<br />
<br />
{{Cmd|lxc-create -n guest1 -f /etc/lxc/lxc.conf -t alpine}}<br />
<br />
This will create a ''/var/lib/lxc/guest1'' directory with a ''config'' file and a ''rootfs'' directory.<br />
<br />
Note that by default alpine template '''does not have networking service on''', you will need to add it using lxc-console<br />
<br />
<br />
If running on x86_64 architecture, it is possible to create a 32bit guest:<br />
<br />
{{Cmd|lxc-create -n guest1 -f /etc/lxc/lxc.conf -t alpine -- --arch x86}}<br />
<br />
=== Debian template ===<br />
<br />
In order to create a debian template container you will need to install some packages:<br />
<br />
{{Cmd|apk add debootstrap rsync}}<br />
<br />
Also you will need to turn off some grsecurity chroot options otherwise the debootstrap will fail:<br />
<br />
{{Cmd|echo 0 > /proc/sys/kernel/grsecurity/chroot_caps<br />
echo 0 > /proc/sys/kernel/grsecurity/chroot_deny_chroot<br />
echo 0 > /proc/sys/kernel/grsecurity/chroot_deny_mount<br />
echo 0 > /proc/sys/kernel/grsecurity/chroot_deny_mknod<br />
echo 0 > /proc/sys/kernel/grsecurity/chroot_deny_chmod<br />
}}<br />
<br />
Please remember to turn them back on, or just simply reboot the system.<br />
<br />
<br />
Now you can run:<br />
{{Cmd|SUITE{{=}}wheezy lxc-create -n guest1 -f /etc/lxc/lxc.conf -t debian}}<br />
<br />
== Starting/Stopping the guest ==<br />
Create a symlink to the ''/etc/init.d/lxc'' script for your guest.<br />
{{Cmd|ln -s lxc /etc/init.d/lxc.guest1}}<br />
<br />
You can start your guest with:<br />
{{Cmd|/etc/init.d/lxc.guest1 start}}<br />
<br />
Stop it with:<br />
{{Cmd|/etc/init.d/lxc.guest1 stop}}<br />
<br />
Make it autostart on boot up with:<br />
{{Cmd| rc-update add lxc.guest1}}<br />
<br />
== Connecting to the guest ==<br />
By default sshd is not installed, so you will have to connect to a virtual console. This is done with:<br />
{{Cmd|lxc-console -n guest1}}<br />
<br />
To disconnect from it, press {{key|Ctrl}}+{{key|a}} {{key|q}}<br />
<br />
== Deleting a guest ==<br />
Make sure the guest is stopped and run:<br />
{{Cmd|lxc-destroy -n guest1}}<br />
This will erase everything, without asking any questions. It is equivalent to: {{Cmd|rm -r /var/lib/lxc/guest1}}<br />
<br />
== Advanced ==<br />
<br />
=== Using static IP ===<br />
<br />
If you're using static IP, you need to configure this properly on guest's /etc/network/interfaces. To stay on the above example, modify ''/var/lib/lxc/guest1/rootfs/etc/network/interfaces'' <br />
<br />
from<br />
<br />
#auto lo<br />
iface lo inet loopback<br />
auto eth0<br />
iface eth0 inet '''dhcp'''<br />
<br />
to <br />
<br />
#auto lo<br />
iface lo inet loopback<br />
auto eth0<br />
iface eth0 inet '''static'''<br />
address <lxc-container-ip> # IP which the lxc container should use<br />
gateway <gateway-ip> # IP of gateway to use, mostly same as on lxc-host<br />
netmask <netmask><br />
<br />
=== mem and swap ===<br />
<br />
{{Cmd|vim /boot/extlinux.conf}}<br />
<br />
{{Cmd|<br />
APPEND initrd{{=}}initramfs-3.10.13-1-grsec root{{=}}UUID{{=}}7cd8789f-5659-40f8-9548-ae8f89c918ab modules{{=}}sd-mod,usb-storage,ext4 quiet cgroup_enable{{=}}memory swapaccount{{=}}1<br />
}}<br />
<br />
=== checkconfig ===<br />
{{Cmd|lxc-checkconfig}}<br />
<br />
{{Cmd|<br />
Kernel configuration not found at /proc/config.gz; searching...<br />
Kernel configuration found at /boot/config-3.10.13-1-grsec<br />
--- Namespaces ---<br />
Namespaces: enabled<br />
Utsname namespace: enabled<br />
Ipc namespace: enabled<br />
Pid namespace: enabled<br />
User namespace: missing<br />
Network namespace: enabled<br />
Multiple /dev/pts instances: enabled<br />
<br />
--- Control groups ---<br />
Cgroup: enabled<br />
Cgroup clone_children flag: enabled<br />
Cgroup device: enabled<br />
Cgroup sched: enabled<br />
Cgroup cpu account: enabled<br />
Cgroup memory controller: missing<br />
Cgroup cpuset: enabled<br />
<br />
--- Misc ---<br />
Veth pair device: enabled<br />
Macvlan: enabled<br />
Vlan: enabled<br />
File capabilities: enabled<br />
<br />
Note : Before booting a new kernel, you can check its configuration<br />
usage : CONFIG{{=}}/path/to/config /usr/bin/lxc-checkconfig<br />
<br />
}}<br />
<br />
=== VirtualBox ===<br />
<br />
In order for network to work on containers you need to set "Promiscuous Mode" to "Allow All" in VirtualBox settings for the network adapter.<br />
<br />
[[File:VirtualBoxNetworkAdapter.jpg]]<br />
<br />
[[Category:Virtualization]]<br />
<br />
== LXC 1.0 Additional information ==<br />
<br />
Some info regarding new features in LXC 1.0<br />
<br />
https://www.stgraber.org/2013/12/20/lxc-1-0-blog-post-series/</div>JasonD