Linux Containers (LXC) provides containers similar BSD Jails, Linux VServer and Solaris Zones. It gives the impression of virtualization, but shares the kernel and resources with the "host".
- 1 Installation
- 2 Prepare network on host
- 3 Create a guest
- 4 Starting/Stopping the guest
- 5 Connecting to the guest
- 6 Deleting a guest
- 7 Advanced
- 8 LXC 1.0 Additional information
Install the required packages:
Prepare network on host
Set up a bridge on the host. Example /etc/network/interfaces:
auto br0 iface br0 inet dhcp bridge-ports eth0
Create a network configuration template for the guests, /etc/lxc/lxc.conf:
lxc.network.type = veth lxc.network.link = br0 lxc.network.flags = up
Create a guest
This will create a /var/lib/lxc/guest1 directory with a config file and a rootfs directory.
Note that by default alpine template does not have networking service on, you will need to add it using lxc-console
If running on x86_64 architecture, it is possible to create a 32bit guest:
In order to create a debian template container you will need to install some packages:
Also you will need to turn off some grsecurity chroot options otherwise the debootstrap will fail:
Please remember to turn them back on, or just simply reboot the system.
Now you can run:
Starting/Stopping the guest
Create a symlink to the /etc/init.d/lxc script for your guest.
You can start your guest with:
Stop it with:
Make it autostart on boot up with:
Connecting to the guest
By default sshd is not installed, so you will have to connect to a virtual console. This is done with:
To disconnect from it, press+
Deleting a guest
Make sure the guest is stopped and run:
This will erase everything, without asking any questions. It is equivalent to:
Creating a LXC container without modifying your network interfaces
The problem with bridging is that the interface you bridge gets replaced with your new bridge interface. That is to say that say you have an interface eth0 that you want to bridge, your eth0 interface gets replaced with the br0 interface that you create. It also means that the interface you use needs to be placed into promiscuous mode to catch all the traffic that could de destined to the other side of the bridge, which again may not be what you want.
The solution is to create a dummy network interface, bridge that, and set up NAT so that traffic out of your bridge interface gets pushed through the interface of your choice.
So, first, lets create that dummy interface (thanks to ncopa for talking me out of macvlan)
This will create a dummy interface called dummy0
Now we will create a bridge called br0
and then make that dummy interface one end
Next, let's give that bridged interface a reason to exists
Create a file for your container, let's say /etc/lxc/bridgenat.conf, with the following settings.
lxc.network.type = veth lxc.network.flags = up lxc.network.link = br0 lxc.network.name = eth1 lxc.network.ipv4 = 192.168.1.2/24
and build your container with that file
You should now be able to ping your container from your hosts, and your host from your container.
Your container needs to know where to push traffic that isn't within it's subnet. To do so, we tell the container to route through the bridge interface br0 From inside the container run
The next step is you push the traffic coming from your private subnet over br0 out through your internet facing interface, or any interface you chose
We are messing with your IP tables here, so make sure these settings don't conflict with anything you may have already set up, obviously.
Say eth0 was your internet facing network interface, and br0 is the name of the bridge you made earlier, we'd do this:
Now you should be able to route through your bridge interface to the internet facing interface of your host from your container, just like at home!
Using static IP
If you're using static IP, you need to configure this properly on guest's /etc/network/interfaces. To stay on the above example, modify /var/lib/lxc/guest1/rootfs/etc/network/interfaces
#auto lo iface lo inet loopback auto eth0 iface eth0 inet dhcp
#auto lo iface lo inet loopback auto eth0 iface eth0 inet static address <lxc-container-ip> # IP which the lxc container should use gateway <gateway-ip> # IP of gateway to use, mostly same as on lxc-host netmask <netmask>
mem and swap
In order for network to work on containers you need to set "Promiscuous Mode" to "Allow All" in VirtualBox settings for the network adapter.
LXC 1.0 Additional information
Some info regarding new features in LXC 1.0