LXC Alpinelinux Simple: Difference between revisions
m (add rootfs download) |
(1. Enhanced Introduction to describe it as a 'kernel namespace and cgroups-based isolation facility'; 2. Added category: Virtualization; 2. Amended style, grammar) |
||
| (5 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
{{Verified|1}} | {{Verified|1}} | ||
[https://linuxcontainers.org/ Linux Containers (LXC)] | [https://linuxcontainers.org/ Linux Containers (LXC)] provide containers similar to BSD Jails, Linux VServers and Solaris Zones. This kernel namespace and cgroups-based isolation facility gives the impression of virtualization, but it shares the kernel and resources with the "host". | ||
== Setup walkthrough == | == Setup walkthrough == | ||
This basic setup gets you going, but you would still need to read main LXC documentations for advanced features. | |||
=== Objective === | === Objective === | ||
# Install | # Install Alpine Linux. | ||
# Install LXC and its dependencies. | # Install LXC and its dependencies. | ||
# Download required files. | # Download required files. | ||
| Line 16: | Line 16: | ||
* Describe here the test bed/setup used to run the scripts below. | * Describe here the test bed/setup used to run the scripts below. | ||
# MODEL: Dell Laptop. | # MODEL: Dell Laptop. | ||
# CPU: Intel i5 2nd | # CPUs | ||
## CPU: Intel i5 2nd generation. | |||
## CPU: Intel i5 3rd generation with virtualization enabled (2nd setup). | |||
# RAM: 8GB | # RAM: 8GB | ||
==== Install | ==== Install Alpine Linux ==== | ||
# Diskless installs (Ram based) | # Diskless installs (Ram based) | ||
# SYS installs | # SYS installs | ||
{{ | {{Tip| For the following setup to work correctly, it is assumed that it is being run on Alpine Linux versions between ''v3.21.x and v3.22.x''.}} | ||
==== Install LXC and its dependencies ==== | ==== Install LXC and its dependencies ==== | ||
{{Pill||v3.21.x-v3.22.x|cadetblue|lightblue}} | {{Pill||v3.21.x-v3.22.x|cadetblue|lightblue}} | ||
Install the required packages (as root): | Install the required packages (as root): | ||
{{Cmd2|apk add lxc lxcfs bridge}} | {{Cmd2|apk add lxc lxcfs lxc-templates-legacy-alpine bridge}} | ||
==== Setup LXC ==== | ==== Setup LXC ==== | ||
{{Pill||-v3.22.x|cadetblue|lightblue}} | {{Pill||-v3.22.x|cadetblue|lightblue}} | ||
Get required files (as root): | Get/set required files (as root): | ||
{{Cmd2|cd ~ | {{Cmd2|cd ~ | ||
wget https://dl-cdn.alpinelinux.org/v3.21/releases/x86_64/alpine-minirootfs-3.21.1-x86_64.tar.gz | wget https://dl-cdn.alpinelinux.org/v3.21/releases/x86_64/alpine-minirootfs-3.21.1-x86_64.tar.gz | ||
| Line 42: | Line 44: | ||
}} | }} | ||
{{Pill||v3.21.x-v3.22.x|cadetblue|lightblue}} | {{Pill||v3.21.x-v3.22.x|cadetblue|lightblue}} | ||
Fix some issues (as root) | Fix some issues (as root): | ||
{{Cmd2|#### Minor/manual changes #### | {{Cmd2|#### Minor/manual changes #### | ||
rm -f /var/lib/lxc/guest1/rootfs/dev/null | rm -f /var/lib/lxc/guest1/rootfs/dev/null | ||
| Line 49: | Line 51: | ||
{{Pill||v3.21.x-v3.22.x|cadetblue|lightblue}} | {{Pill||v3.21.x-v3.22.x|cadetblue|lightblue}} | ||
Content of /etc/lxc/bridgenat.conf | Content of {{Path|/etc/lxc/bridgenat.conf}} — not needed for manual setup: | ||
<pre> | <pre> | ||
lxc.net.0.type = veth | |||
lxc.net.0.flags = up | |||
lxc.net.0.link = br0 | |||
lxc.net.0.name = eth1 | |||
lxc.net.0.ipv4.address = 192.168.10.2/24 192.168.10.255 | |||
lxc.net.0.ipv4.gateway = 192.168.10.1 | |||
lxc.net.0.veth.pair = veth-if-10 | |||
</pre> | </pre> | ||
{{Pill||v3.21.x-v3.22.x|cadetblue|lightblue}} | {{Pill||v3.21.x-v3.22.x|cadetblue|lightblue}} | ||
Content of guest1/config | Content of {{Path|guest1/config}} (need to create once): | ||
<pre> | <pre> | ||
# default config file that was generated using | |||
# 'lxc-create -n alpine -f /etc/lxc/bridgenat.conf -t alpine' | |||
# config below was modified to a simpler manual setup | |||
lxc.net.0.type = veth | |||
lxc.net.0.flags = up | |||
lxc.net.0.link = br0 | |||
lxc.net.0.name = eth1 | |||
lxc.net.0.ipv4.address = 192.168.10.10/24 192.168.10.255 | |||
lxc.net.0.ipv4.gateway = 192.168.10.1 | |||
# needs to be uniq per guest | |||
lxc.net.0.veth.pair = veth-if-10 | |||
lxc.rootfs.path = dir:/var/lib/lxc/guest1/rootfs | |||
# Specify container architecture. | |||
lxc.arch = x86_64 | |||
# Set hostname. | |||
lxc.uts.name = guest1 | |||
# If something doesn't work, try to comment this out. | |||
lxc.cap.drop = sys_admin | |||
# Comment this out if you have to debug processes by tracing. | |||
lxc.cap.drop = sys_ptrace | |||
# Comment this out if required by your applications. | |||
lxc.cap.drop = setpcap | |||
# Include common configuration. | |||
lxc.include = /usr/share/lxc/config/alpine.common.conf | |||
</pre> | </pre> | ||
==== Start a LXC instance ==== | |||
{{Pill||v3.21.x-v3.22.x|cadetblue|lightblue}} | |||
Start these net/services as root. | |||
{{Cmd2|# brctl addbr br0 # need to set this first once}} | |||
{{Cmd2|# ln -s lxc /etc/init.d/lxc.guest1 # need to do once}} | |||
{{Cmd2|# rc-service lxc.guest1 start}} | |||
<pre> | |||
# KNOWN ISSUEs: | |||
# * /var/lib/lxc/guest1/rootfs is on tmpfs and ALLOW_TMPFS is not set | |||
# * ERROR: lxc.guest1 failed to start | |||
# To avoid seeing error like above in DISKLESS installs, | |||
# SOLUTION is: move /var/lib/lxc to disk, then create a symlink of lxc | |||
</pre> | |||
==== Use LXC ==== | |||
{{Pill||v3.21.x-v3.22.x|cadetblue|lightblue}} | {{Pill||v3.21.x-v3.22.x|cadetblue|lightblue}} | ||
Start these net/services as root. | |||
{{Cmd2|lxc-attach -n guest1 | {{Cmd2|# lxc-attach -n guest1 | ||
passwd root # add a passwd | passwd root # add a passwd | ||
exit | exit | ||
| Line 114: | Line 129: | ||
# OR use lxc-attach to change passwd of root | # OR use lxc-attach to change passwd of root | ||
}} | }} | ||
==== Fix some basic networking ==== | |||
{{Pill||v3.21.x-v3.22.x|cadetblue|lightblue}} | {{Pill||v3.21.x-v3.22.x|cadetblue|lightblue}} | ||
{{Pill||WIP|goldenrod|yellow}} | {{Pill||WIP|goldenrod|yellow}} | ||
Step 1. Bring br0 up (on HOST) | |||
{{Cmd2|# ifconfig br0 192.168.10.1 netmask 255.255.255.0 up }} | |||
<pre> | <pre> | ||
# brctl show | # brctl show | ||
bridge name bridge id STP enabled interfaces | bridge name bridge id STP enabled interfaces | ||
br0 8000. | br0 8000.febdf6e3a9f2 no veth-if-10 | ||
# ifconfig br0 | |||
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 | |||
inet 192.168.10.1 netmask 255.255.255.0 broadcast 192.168.10.255 | |||
... | |||
</pre> | |||
Step 2. Bring eth1 up (on GUEST) | |||
* Nothing to be done. | |||
<pre> | |||
guest1:/tmp# ifconfig | |||
eth1 Link encap:Ethernet HWaddr 5E:2A:70:E0:D9:49 | |||
inet addr:192.168.10.10 Bcast:192.168.10.255 Mask:255.255.255.0 | |||
... | |||
</pre> | </pre> | ||
==== Test networking ==== | |||
{{Pill||v3.21.x-v3.22.x|cadetblue|lightblue}} | |||
Step 1. Test on HOST – ''IMPORTANT:'' remove firewall, if any | |||
{{Cmd2|$ nc -l 1234 > /tmp/filename.out}} | |||
Step 2. Test on GUEST | |||
{{Cmd2|# echo -e "aaa\nbbb" > test.txt}} | |||
{{Cmd2|# nc 192.168.10.1 1234 < test.txt}} | |||
Step 3. Test on HOST | |||
{{Cmd2|$ cat /tmp/filename.out}} | |||
== See also == | == See also == | ||
| Line 131: | Line 175: | ||
# https://linuxcontainers.org/lxc/manpages/ | # https://linuxcontainers.org/lxc/manpages/ | ||
# https://manned.org/pkg/alpine-3.22/lxc-doc | # https://manned.org/pkg/alpine-3.22/lxc-doc | ||
[[Category:Virtualization]] | |||
Latest revision as of 06:41, 20 December 2025
Linux Containers (LXC) provide containers similar to BSD Jails, Linux VServers and Solaris Zones. This kernel namespace and cgroups-based isolation facility gives the impression of virtualization, but it shares the kernel and resources with the "host".
Setup walkthrough
This basic setup gets you going, but you would still need to read main LXC documentations for advanced features.
Objective
- Install Alpine Linux.
- Install LXC and its dependencies.
- Download required files.
- Start a LXC instance.
- Test basic networking.
Test bed
WIP
- Describe here the test bed/setup used to run the scripts below.
- MODEL: Dell Laptop.
- CPUs
- CPU: Intel i5 2nd generation.
- CPU: Intel i5 3rd generation with virtualization enabled (2nd setup).
- RAM: 8GB
Install Alpine Linux
- Diskless installs (Ram based)
- SYS installs
Tip: For the following setup to work correctly, it is assumed that it is being run on Alpine Linux versions between v3.21.x and v3.22.x.
Install LXC and its dependencies
v3.21.x-v3.22.x Install the required packages (as root):
apk add lxc lxcfs lxc-templates-legacy-alpine bridge
Setup LXC
-v3.22.x Get/set required files (as root):
cd ~ wget https://dl-cdn.alpinelinux.org/v3.21/releases/x86_64/alpine-minirootfs-3.21.1-x86_64.tar.gz cd /var/lib/lxc/ mkdir -p guest1/rootfs cd guest1/rootfs tar -zxf ~/alpine-minirootfs-3.21.1-x86_64.tar.gz apk add --root ./ alpine-base
v3.21.x-v3.22.x Fix some issues (as root):
#### Minor/manual changes #### rm -f /var/lib/lxc/guest1/rootfs/dev/null rm -f /var/lib/lxc/guest1/rootfs/dev/zero
v3.21.x-v3.22.x
Content of /etc/lxc/bridgenat.conf — not needed for manual setup:
lxc.net.0.type = veth lxc.net.0.flags = up lxc.net.0.link = br0 lxc.net.0.name = eth1 lxc.net.0.ipv4.address = 192.168.10.2/24 192.168.10.255 lxc.net.0.ipv4.gateway = 192.168.10.1 lxc.net.0.veth.pair = veth-if-10
v3.21.x-v3.22.x
Content of guest1/config (need to create once):
# default config file that was generated using # 'lxc-create -n alpine -f /etc/lxc/bridgenat.conf -t alpine' # config below was modified to a simpler manual setup lxc.net.0.type = veth lxc.net.0.flags = up lxc.net.0.link = br0 lxc.net.0.name = eth1 lxc.net.0.ipv4.address = 192.168.10.10/24 192.168.10.255 lxc.net.0.ipv4.gateway = 192.168.10.1 # needs to be uniq per guest lxc.net.0.veth.pair = veth-if-10 lxc.rootfs.path = dir:/var/lib/lxc/guest1/rootfs # Specify container architecture. lxc.arch = x86_64 # Set hostname. lxc.uts.name = guest1 # If something doesn't work, try to comment this out. lxc.cap.drop = sys_admin # Comment this out if you have to debug processes by tracing. lxc.cap.drop = sys_ptrace # Comment this out if required by your applications. lxc.cap.drop = setpcap # Include common configuration. lxc.include = /usr/share/lxc/config/alpine.common.conf
Start a LXC instance
v3.21.x-v3.22.x Start these net/services as root.
# brctl addbr br0 # need to set this first once
# ln -s lxc /etc/init.d/lxc.guest1 # need to do once
# rc-service lxc.guest1 start
# KNOWN ISSUEs: # * /var/lib/lxc/guest1/rootfs is on tmpfs and ALLOW_TMPFS is not set # * ERROR: lxc.guest1 failed to start # To avoid seeing error like above in DISKLESS installs, # SOLUTION is: move /var/lib/lxc to disk, then create a symlink of lxc
Use LXC
v3.21.x-v3.22.x Start these net/services as root.
# lxc-attach -n guest1 passwd root # add a passwd exit lxc-console -n guest1 # this works !!!, need to create user first then su -l to root # OR use lxc-attach to change passwd of root
Fix some basic networking
v3.21.x-v3.22.x
WIP Step 1. Bring br0 up (on HOST)
# ifconfig br0 192.168.10.1 netmask 255.255.255.0 up
# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.febdf6e3a9f2 no veth-if-10
# ifconfig br0
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.1 netmask 255.255.255.0 broadcast 192.168.10.255
...
Step 2. Bring eth1 up (on GUEST)
- Nothing to be done.
guest1:/tmp# ifconfig
eth1 Link encap:Ethernet HWaddr 5E:2A:70:E0:D9:49
inet addr:192.168.10.10 Bcast:192.168.10.255 Mask:255.255.255.0
...
Test networking
v3.21.x-v3.22.x Step 1. Test on HOST – IMPORTANT: remove firewall, if any
$ nc -l 1234 > /tmp/filename.out
Step 2. Test on GUEST
# echo -e "aaa\nbbb" > test.txt
# nc 192.168.10.1 1234 < test.txt
Step 3. Test on HOST
$ cat /tmp/filename.out