LXC installation on Ubuntu Server 11.04
"LinuX Containers (LXC) provide lightweight virtualization that lets you isolate processes and resources without the need to provide instruction interpretation mechanisms and other complexities of full virtualization."
In this tutorial I provide step by step instructions to install LXC on an Ubuntu Natty server.
Basic *nix knowledge is assumed though.
Install required packages
apt-get install lxc debootstrap bridge-utils screen
Add a new bridge for LXC, including NAT rule
Each container will have its own local ip, which will be bound to a bridge network interface on the main server called "br-lxc".
The IP of the bridge is 192.168.254.1, the first container will get IP 192.168.254.2, the second will get 192.168.254.3, etc.
In /etc/network/interfaces add the following:
auto br-lxc
iface br-lxc inet static
address 192.168.254.1
netmask 255.255.255.0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
pre-down echo 0 > /proc/sys/net/ipv4/ip_forward
pre-down iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
bridge_ports none
bridge_stp off
Bring up the bridge:
ifup br-lxc
Create a mountpoint and mount cgroup
mkdir /cgroup echo "cgroup /cgroup cgroup" >> /etc/fstab mount /cgroup
Create the first container
First create an LXC configuration file for the container named <container name>.conf:
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br-lxc
lxc.network.ipv4 = 192.168.254.2/24
lxc.network.name = eth0
lxc.cgroup.cpu.shares = 512
lxc.cgroup.memory.limit_in_bytes = 1024M
lxc.cgroup.memory.memsw.limit_in_bytes = 3072M
This container is limited on cpu shares (512 vs the default 1024), a maximum amount of 1024M RAM and a maximum total amount of memory (RAM+swap) of 3072M
Next we create the container:
lxc-create -n <container name> -t natty -f <container name>.conf
The container will contain its own minimal version of Ubuntu Natty. The files of the container can be found in /var/lib/lxc/<container name>/rootfs/.
Configure networking
Edit the file /var/lib/lxc/<container name>/rootfs/etc/network/interfaces and make it look like this:
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.254.2
netmask 255.255.255.0
gateway 192.168.254.1
You can then forward ports to your container with basic iptables:
iptables -t nat -I PREROUTING -p tcp -d <external IP> -j DNAT --dport <port> --to-destination 192.168.254.2
Sharing foders between host and container (optional)
If you want a folder to be shared between the host and a container, or between multiple containers, you can do that with a bind mount. For example, to share the folder /var/data, add the following to /etc/fstab:
/var/data/ /var/lib/lxc/<container name>/rootfs/var/data/ none bind 0 0
Make sure the directories exist (mkdir), and mount them:
mount /var/lib/lxc/<container name>/rootfs/var/data/
Start the container
I always start the container in a screen, so it's accessible without using SSH.
screen -dmS init-<container name> lxc-start -n <container name>
A screen session named init-<container name> will be created in the background.
You can log in with root/root. Either ssh to it, or if that doesn't work connect to the screen. I had the problem that the network didn't always come up. When this happens, log in through the screen and type ifdown eth0 && ifup eth0, and everything should work.
Credits:
